Chapter 11: Switching and VLANs
Download
Report
Transcript Chapter 11: Switching and VLANs
Chapter 11: Switching and VLANs
• Click to edit Master subtitle
style
Chapter 11 Objectives
• The Following CompTIA Network+ Exam
Objectives Are Covered in This Chapter:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
2.6 Given a scenario, configure a switch using proper
features
VLAN
o Native VLAN/Default VLAN
o VTP
Spanning tree (802.1d)/rapid spanning tree (802.1w)
o Flooding
o Forwarding/blocking
o Filtering
Interface configuration
o Trunking/802.1q
o Tag vs untag VLANs
o Port bonding (LACP)
o Port mirroring (local vs remote)
o Speed and duplexing
o IP address assignment
o VLAN assignment
2
Chapter 11 Objectives
• The Following CompTIA Network+ Exam
Objectives Are Covered in This Chapter:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Default gateway
PoE and PoE+ (802.3af, 802.3at)
Switch management
o User/passwords
o AAA configuration
o Console
o Virtual terminals
o In-band/Out-of-band management
Managed vs unmanaged
3.3 Given a scenario, implement network hardening
techniques
o Network-based
Switch port security
o MAC address filtering
o VLAN assignments
Network segmentation
3
Switching and Virtual LANs
(VLANs)
•
Switching breaks up large collision domains into
smaller ones and that a collision domain is a network
segment with two or more devices sharing the same
bandwidth.
•
Switched design is properly implemented, it will result
in a clean, cost-effective, and resilient internetwork.
4
The first LAN
Hubs
Server Farm
Corporate
Remote Branch
Token Ring
The first LAN had each hub placed into a
router port.
5
Chapter 11
The first switched LAN
Figure 11.2
Hubs
Server Farm
Switches
Corporate
Token Ring
Remote Branch
Switched network design
•
•
•
•
A typical, contemporary, and complete switched network
design/implementation would look something like this.
There is a router implemented.
The router creates and handles logical segmentation.
What makes Layer 2 switching so efficient is that no
7
modification to the data packet takes place.
Switching Services
100 Mbps Full-Duplex Links
Server
• Layer 2 switching provides the following benefits:
–
–
–
–
Hardware-based bridging (ASIC)
Wire speed
Low latency
Low cost
8
Switch Functions at Layer 2
• There are three distinct functions of Layer 2 switching
– Address learning
– Forward/filter decisions
– Loop avoidance
9
Address Learning
MAC Forward/Filter Table
E0/0:
E0/1:
E0/2:
E0/3:
E0/0
E0/1
Host A
•
•
Host B
E0/3
E0/2
Host C
Host D
Layer 2 switches and bridges are capable of address learning;
they remember the source hardware address of each frame
received on an interface and enter this information into a MAC
database known as a forward/filter table.
10
Initially there is no address information in the table.
Forwarding/Filter Table
MAC Forward/Filter Table
E0/0: 0000.8c01.000A Step 2
E0/1: 0000.8c01.000B Step 4
E0/2:
E0/3:
E0/3
E0/0
Step 1
E0/1
3
Host A
Host B
E0/2
4
3
Host C
3
Host D
When the hosts start communicating, the switch places the source
hardware address of each frame in the table along with the 11
corresponding port
Forwarding/Filter Table Evaluation
Switch#sh mac address-table
VLAN
-------1
1
1
Fa0/3
Fa0/4
A
Fa0/6
Fa0/5
B
Mac Address
------------------0005.dccb.d74b
000a.f467.9e80
000a.f467.9e8b
C
D
• Host A is sending a data frame to Host D.
• What will the switch do when it receives
the frame from Host A?
12
Ports
-------Fa0/4
Fa0/5
Fa0/6
Broadcast Storm
Segment 1
Switch A
Broadcast
Switch B
Segment 2
•
Redundant links between switches can be a wise thing to
implement because they help prevent complete network
failures in the event that one link stops working.
•
There is a drawback; frames can be flooded down all 13
redundant links simultaneously creating network loops.
Multiple Frame Copies
Router C
Unicast
Segment 1
Unicast
Switch B
Unicast
Switch A
Segment 2
The MAC address filter table could be totally confused
about the device’s location because the switch can receive
the frame from more than one link.
The switch could get so caught up in constantly updating
the MAC filter table with source hardware-address locations
that it may fail to forward a frame. This is called thrashing
14
the MAC table.
Spanning Tree Protocol (STP)
STP’s main task is to stop network loops from occurring
on your Layer 2 network (bridges or switches).
It achieves this feat by vigilantly monitoring the network to
find all links and making sure that no loops occur by
shutting down any redundant ones.
STP uses the spanning-tree algorithm (STA) to first create
a topology database and then search out and destroy
redundant links.
With STP running, frames will be forwarded only on the
premium, STP-picked links.
Switches transmit Bridge Protocol Data Units (BPDUs) out
all ports so that all links between switches can be found.
15
Switching Loops
•
Switched network with a redundant topology (switching
loops) without some type of Layer 2 mechanism to stop
network loops will fail.
16
Spanning-Tree Port States
The ports on a bridge or switch running STP can transition through
five different states:
•
Blocking
–
•
Listening
–
•
A port in learning state populates the MAC address table but doesn’t
forward data frames.
Forwarding
–
•
The port listens to BPDUs to make sure no loops occur on the network
before passing data frames without populating the MAC address table.
Learning
–
•
A blocked port won’t forward frames; it just listens to BPDUs and will drop
all other frames.
The port sends and receives all data frames on the bridged port. If the
port is still a designated or root port at the end of the learning state, it
enters the forwarding state.
Disabled
– A port in the disabled state (administratively) does not
participate in the frame forwarding or STP.
17
Switching Design
STP root
Bridge Priority 4096
6500
Bridge Priority 8192
3560
2960
2960
3560
2960
3560
2960
2960
2960
Create core switch as STP root for fastest STP convergence
• There are ways to design really great ways to implement
your switched network so that STP converges efficiently.
18
Rapid Spanning Tree
Protocol 802.1w
The 802.1w is defined in these
different port states (compared to
802.1d):
• Disabled = Discarding
• Blocking = Discarding
• Listening = Discarding
• Learning = Learning
• Forwarding = Forwarding
19
VLAN Basics
•
•
•
Layer 2 switched networks are typically designed as flat
networks.
Every broadcast packet transmitted is seen by every device
on the network regardless of whether the device needs to
receive that data or not.
20
VLANs will let us control our broadcast domains.
Benefits of a Switched Network
Host A
Host D
•
Host A is sending a frame with Host D as its destination.
•
The frame is only forwarded out of the port where Host D
21 is
located. This is a huge improvement over hubbed networks.
Physical LANs
Connected to a Router
Hubs
Engineering
Sales
Marketing
Shipping
Finance
•
•
Management
Each network is attached with a hub port to the router (each
segment also has its own logical network number.
Each department has its own LAN, so if we needed to add
new users we would just plug them into the appropriate 22
LAN.
Switches Removing
the Physical Boundary
VLAN2 VLAN3 VLAN4 VLAN2 VLAN7 VLAN3 VLAN3 VLAN6 VLAN5 VLAN5 VLAN6 VLAN4
Marketing
Shipping
Engineering
Finance
Management
Sales
VLAN2
VLAN3
VLAN4
VLAN5
VLAN6
VLAN7
172.16.20.0/24
172.16.30.0/24
172.16.40.0/24
172.16.50.0/24
172.16.60.0/24
172.16.70.0/24
Provides inter-VLAN
Communication and
WAN services
23
Quality of Service
QoS methods focus on one of five
problems that can affect data as it
traverses network cable:
•
•
•
•
•
Delay
Dropped packets
Error
Jitter
Out-of-order delivery
24
VLAN Memberships
• Static VLANs
– Creating static VLANs is the most
common way to create a VLAN, and one
of the reasons for that is because static
VLANs are the most secure
• Dynamic VLANs
– On the other hand, a dynamic VLAN
determines a host’s VLAN assignment
automatically. Using intelligent
management software, you can base
VLAN assignments on hardware (MAC)
addresses, protocols, or even applications
that work to create dynamic VLANs.
25
Access and Trunk Links
Catalyst 2950 SERIES
10Base-T/100Base-TX
1
SYST
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
A
100Base-FX B
RPS
STRT UTIL DUPLXSPEED
MODE
Trunk Link
Red VLAN Blue VLAN
Green VLAN
Catalyst 2950 SERIES
10Base-T/100Base-TX
1
SYST
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
RPS
STRT UTIL DUPLXSPEED
MODE
VLANs can span across multiple switches
By using trunk links, which carry traffic
For multiple VLANs.
Red VLAN Blue VLAN
Green VLAN
26
A
100Base-FX B
VLAN Identification Methods
• Inter-Switch Link (ISL)
– Proprietary to Cisco switches, and it’s used for
Fast Ethernet and Gigabit Ethernet links only. ISL
routing is pretty versatile and can be used on a
switch port, on router interfaces, and on server
interface cards to trunk a server
• IEEE 802.1Q
– Created by the IEEE as a standard method of
frame tagging, IEEE 802.1Q actually inserts a field
into the frame to identify the VLAN. If you’re
trunking between a Cisco switched link and a
different brand of switch, you’ve got to use 802.1Q
for the trunk to work.
27
VLAN Trunking Protocol
• Consistent VLAN configuration
across all switches in the network
• Accurate tracking and monitoring
of VLANs
• Dynamic reporting of added
VLANs to all switches in the VTP
domain
• Adding VLANs using Plug and
Play
28
802.1q
Figure 11.17
VTP Modes of Operation
• Server
• Client
• Transparent
Server Configuration: Saved in NVRAM
Server
Client
Client Configuration: Not Saved in NVRAM
Transparent
Transparent Configuration: Saved in NVRAM
30
Configuring VTP
Switch#config t
Switch#(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#vtp domain Lammle
(ChangesVTP domain name from null to
Lammle)
Switch(config)#vtp password todd
(Sets device VLAN database password to
todd)
31
Port Security
Figure 11.19
Port Bonding
Figure 11.20
Chapter 11
Switched Ethernet ports can provide power to devices.
Figure 11.21
Advanced Features of Switches
• Switches really expand our flexibility when designing
our networks. There are features which enhance the
functionality or the switch networks.
– Power over Ethernet (PoE)
– Port Mirroring/Spanning
35
Power over Ethernet (PoE)
•
•
Switches can provide power to end devices by injecting
power into the Ethernet cabling.
If PoE switches are not implemented, power can be injected
into the cabling outside the switch.
36
Port Mirroring/Spanning
•
•
•
Port mirroring, also called Switch Port Analyzer (SPAN),
allows you to sniff traffic on a network when using a switch.
A problem with this arises when you need to sniff traffic on a
switched network. The sniffer cannot see data going from
Host A to Host B.
To solve this little snag, you could temporarily place a hub
between Host A and Host B.
37
Port Mirroring
B
A
Sniffer
Switch
•
The port-mirroring option allows you to place a port in
spanning mode so that every frame from Host A is captured
by both Host B and the sniffer.
38
Summary
•
•
•
•
Summary
Exam Essentials Section
Written Labs
Review Questions
39