Chapter 8Layer 2 Switching and Spanning Tree

Protocol (STP)

Before Switching

Network with Switching

Switching Service

Layer 2 switches provides the following:

• Hardware- based bridging (ASIC) Switch uses ASIC in building and maintaining their Forward/Filter table.

• Wire speed Switch create a private dedicated Collision Domain (for each port) and provide independent

bandwidth on each port so increase the bandwidth for each user (unlike Hub).

• Low latency Switches and bridges are faster than Routers because they do not look at network layer header

information.

• Low cost

Bridges vs. Switches• Bridges are software base , while switches are hardware base

because they use (ASIC).• A switch can be viewed as multi port bridge.• Switches have higher number of ports than bridges.• Bridge can have only one spanning tree , while switches can have

many.

Both Bridges and Switches• Forward layer 2 broadcast.

• Learn MAC address by examining the source address of each frame received.

• Make forward decision based on layer 2 address.

• Break up collision domain but still have a single broadcast domain (Switches have 1 broadcast domain BY DEFAULT).

Three switch functions at layer 2

1. Address Learning

2. Forward / Filter decision

3. Loop avoidance

Address Learning.

Notice that a switch or a bridge never learns a BROADCAST or MULTICAST address because broadcast or multicast never appear as the source address of the frame.

Address Learning.

Switch#sh mac address-tableVlan Mac Address Type Ports---- ----------- -------- -----1 0005.dccb.d74b DYNAMIC Fa0/11 000a.f467.9e80 DYNAMIC Fa0/31 000a.f467.9e8b DYNAMIC Fa0/41 000a.f467.9e8c DYNAMIC Fa0/31 0010.7b7f.c2b0 DYNAMIC Fa0/31 0030.80dc.460b DYNAMIC Fa0/31 0030.9492.a5dd DYNAMIC Fa0/11 00d0.58ad.05f4 DYNAMIC Fa0/1Total Mac Addresses for this criterion: 8

Switch(config)#mac-address-table static aaaa.bbbb.cccc vlan 1 int fa0/5

Redundant link between Switches Problems

1.Broadcast Storm

2. Multiple frame copies

3. Instable MAC Table

•Host_1 sends a unicast frame to Router C•The MAC address of Router C has not been learned by either switch.•Switches A and B learn the MAC address of Host_1 on port 0.•The frame to Router C is flooded.•Switches A and B incorrectly learn the MAC address of Host_1on port 1.

Switching Modes• Store and Forward.

• Cut through (Fast forward ,Real time, Wire speed).

• Fragment free (Modified Cut through)

CISCO 1900 Switch Configuration

>enable#config t

)config(#enable password level 1 cisco)config(#enable password level 15 cisco1

)config(#enable secret cisco)config(#hostname 1900A

1900A(config)#ip address 192.168.10.51 255.255.255.01900A(config)#ip default-gateway 192.168.10.1

1900A(config)#banner motd@ This is 1900A Switch@1900A(config)#int fa0/121900A(config)#description Connection_to_HR1900A(config)#^Z1900A#sh ip1900A#delete nvram

Switch>enSwitch#config tEnter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname 2950B2950B(config)#enable secret cisco2950B(config)#line console 02950B(config-line)#password cisco2950B(config-line)#login

2950B(config)#line vty 0 152950B(config-line)#password telnet

2950B(config-line)#banner motd@ Enter the text followed by the '@' to finishThis is 2950B Switch@2950B(config)#int f0/42950B(config-if)#desc connection to 2950C2950B(config-if)#int f0/52950B(config-if)#desc 2nd connection to 2950C2950B(config-if)#int vlan 12950B(config-if)#ip address 192.168.20.51 255.255.255.02950B(config-if)#no shut2950B(config-if)#exit2950B(config)#ip default-gateway 192.168.20.12950B(config)#exit2950B#copy run startDestination filename [startup-config]? (enter)

Building configuration...]OK[

CISCO 2950 Switch Configuration

CISCO 2950 Switch Configuration2950B#erase startup2950B#delete flash:nvram2950B#reload2950B#ping 192.168.30.17Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.30.17, timeout is 2 seconds:.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

Port SecuritySwitch#config tSwitch(config)#int f0/1Switch(config-if)#switchport port-security ?

aging Port-security aging commandsmac-address Secure mac addressmaximum Max secure addressesviolation Security violation mode>cr>

Switch(config-if)#switchport port-security maximum 1

Switch(config-if)# switchport port-security violation ?protect Security violation protect moderestrict Security violation restrict modeshutdown Security violation shutdown mode

Switch(config-if)#switchport port-security violation shutdown

Port SecuritySwitch(config-if)#switchport port-security mac-address stickySwitch(config-if)#switchport port-security maximum 2Switch(config-if)#switchport port-security violation shutdown

Spanning Tree Protocol

BIDCostPort

BID: Priority, MAC Address.

Cost:B.W Cost10Gbps 21Gbps 4100Mbps 1910Mbps 100

Port: Priority, Port no.

1. Cost2. BID3. Port Priority4. Port No.

Bridge Protocol Data Unit (BPDU)

STP Example 1

STP Example 2

STP Example 3

STP Example 4

STP Example 5

STP Example 6

STP Example 7

Switch#sh spanning-tree

VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0012.8061.0cc0 Cost 8 Port 25 (GigabitEthernet0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0012.806b.6880 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300

Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/16 Altn BLK 19 128.16 P2pGi0/1 Root FWD 4 128.25 P2p

Switch#show spanning-tree vlan 2

Configuring Catalyst Switches• Administrative functions (General settings)• Configuring the IP address and subnet mask• Setting the IP default gateway• Setting port security• Setting PortFast• Enabling BPDUGuard and BPDUFilter• Enabling UplinkFast• Enabling BackboneFast• Enabling RSTP (802.1w)• Enabling EtherChannel• Configuring an STP root switch• Using the CNA to configure a switch

Spanning Tree PortFastSwitch(config-if)#spanning-tree portfast ?

disable Disable portfast for this interfacetrunk Enable portfast on the interface even in trunk mode>cr>

Switch(config-if)#exitSwitch(config)#int range fastEthernet 0/1 - 12Switch(config-if-range)#spanning-tree portfast

BPDUGuardSwitch(config-if-range)#spanning-tree bpduguard ?

disable Disable BPDU guard for this interfaceenable Enable BPDU guard for this interface

Switch(config-if-range)#spanning-tree bpduguard enable

BPDUFilter

Switch(config-if-range)#spanning-tree bpdufilter ?disable Disable BPDU filtering for this interfaceenable Enable BPDU filtering for this interface

Switch(config-if-range)#spanning-tree bpdufilter enable

UPLinkFastSwitch(config)#spanning-tree uplinkfastSwitch(config)#do show spanning-tree uplinkfastUplinkFast is enabled

Station update rate set to 150 packets/sec.

UplinkFast statistics-----------------------Number of transitions via uplinkFast (all VLANs) : 1Number of proxy multicast addresses transmitted (all VLANs) : 8

Name Interface List-------------------- ------------------------------------VLAN0001 Fa0/1(fwd), Fa0/2

Use it on switches that have blocked port

BackboneFastSwitch(config)#spanning-tree backbonefastSwitch(config)#do show spanning-tree backbonefastBackboneFast is enabled

BackboneFast statistics-----------------------Number of transition via backboneFast (all VLANs) : 0Number of inferior BPDUs received (all VLANs) : 2Number of RLQ request PDUs received (all VLANs) : 0Number of RLQ response PDUs received (all VLANs) : 1Number of RLQ request PDUs sent (all VLANs) : 1Number of RLQ response PDUs sent (all VLANs) : 0

Use it on all switches

STP (802.1d) x RapidSTP (802.1w)Switch(config)#spanning-tree mode ?

mst Multiple spanning tree modepvst Per-Vlan spanning tree moderapid-pvst Per-Vlan rapid spanning tree mode

Switch(config)#spanning-tree mode rapid-pvst

EtherChannelSwitch(config)#int port-channel 1Switch(config-if)#int range f0/1-2Switch(config-if-range)#switchport mode trunk1d03h: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0001 FastEthernet0/2moved to Forwarding (UplinkFast).Switch(config-if-range)#switchport nonegotiateSwitch(config-if-range)#channel-group 1 mode desirableSwitch(config-if-range)#do sh int fa0/1 etherchannelPort state = Up Sngl-port-Bndl Mstr Not-in-BndlChannel group = 1 Mode = Desirable-Sl Gcchange = 0Port-channel = null GC = 0x00010001 Pseudo port-channel = Po1Port index = 0 Load = 0x00 Protocol = PAgP[output cut]

Selecting Root BridgeSwitch(config)#spanning-tree vlan 1 priority ?

>0-61440> bridge priority in increments of 4096

Switch(config)#spanning-tree vlan 1 root ?primary Configure this switch as primary root for this spanning treesecondary Configure switch as secondary root

Switch(config)#spanning-tree vlan 1 root primary