8/7/2019 Chapter 13 vN.1

1/63

Catalyst Switch Operation

Chapter 13

8/7/2019 Chapter 13 vN.1

2/63

Chapter 13 2

Chapter Objectives

Explain the Spanning Tree Protocol

Explain the catalyst 1900 switch operation

Explain the catalyst 2900 switch operation

8/7/2019 Chapter 13 vN.1

3/63

Chapter 13 3

Recall

Network Address Translation (NAT) is an IETF

(Internet Engineering Task Force) standard that

allows LAN to operate with a single IP address when

connected to the Internet

NAT operates at the Network layer (Layer 3) of the

OSI Reference Model

The Port Address Translation (PAT) is a feature of

any NAT device that translates all the IP addresses

of LAN to a single IP address; however, assigns

different port numbers to each host in the LAN

Set IP PAT is PAT Configuration Commands

8/7/2019 Chapter 13 vN.1

4/63

Chapter 13 4

LAN Switching

LAN switching solves the problem of high network

traffic in Ethernet, Token Ring and Fiber Distributed

Data Interface (FDDI) by increasing the network

bandwidth

LAN switch is a device that provides higher port

density at low cost than traditional bridges with the

help of existing cable infrastructure

A LAN switch forwards frames based on the frame

layer 2 addresses or layer 3 addresses

It is also called frame switch because it forwards

layer 2 frames

8/7/2019 Chapter 13 vN.1

5/63

Chapter 13 5

Layer 2 and Layer 3 Switching

Bridge and switches operating at layer 2 of the OSI

model consider either MAC address or layer 2

addresses without influencing the layer 3 or logical

addressing

A layer 3 switch is a network device that forwards

traffic based on the layer 3 addressing at high speed

Routers are considerably slower than layer 2

switches

8/7/2019 Chapter 13 vN.1

6/63

Chapter 13 6

Switch Operation

A switch is simply a bridge with many ports

There are two types of technologies, Content

Addressable Memory (CAM) and Application-

specific Integrated Circuit (ASIC) used in switches

for better functioning

These two technologies allows the switch to keep

process multiple packets efficiently

8/7/2019 Chapter 13 vN.1

7/63

Chapter 13 7

Transmitting Data from A to B

8/7/2019 Chapter 13 vN.1

8/63

Chapter 13 8

Updating the Address Table

8/7/2019 Chapter 13 vN.1

9/63

Chapter 13 9

Transmitting Data to all the Ports

8/7/2019 Chapter 13 vN.1

10/63

Chapter 13 10

Response Data from B to A

8/7/2019 Chapter 13 vN.1

11/63

Chapter 13 11

Symmetric Switching

8/7/2019 Chapter 13 vN.1

12/63

Chapter 13 12

Asymmetric Switching

8/7/2019 Chapter 13 vN.1

13/63

Chapter 13 13

Collision Domains within Shared

Environments Collision is a situation when two or more data

packets travel at the same time on the same

medium in the same direction This region is referred as collision domain. Collision

domain is a set ofNICs in which a frame sent by

one NIC could result in a collision with a frame sent

by any otherN

IC in the same domain This happens mostly in a shared environment where

devices are shared to transmit data to the

destination network or host

8/7/2019 Chapter 13 vN.1

14/63

Chapter 13 14

Shared Media Environments

8/7/2019 Chapter 13 vN.1

15/63

Chapter 13 15

Collision Domain Segmentation

8/7/2019 Chapter 13 vN.1

16/63

Chapter 13 16

Broadcast Domains

8/7/2019 Chapter 13 vN.1

17/63

Chapter 13 17

Speed and Autonegotiation

Devices that are capable of different transmission

rates, different duplex modes and different

standards at the same speed can use Ethernet

autonegotiations

Two devices choose the best possible mode of

transmission, where higher speed is preferred over

lower speed and full duplex over half duplex

To support autonegotiations, the switch and theNIC

must support multiple speeds

8/7/2019 Chapter 13 vN.1

18/63

Chapter 13 18

Spanning Tree Protocol Terms - I

STP Terms Description

STP STP is bridge protocol that uses STA to search for links and

creates the topology base

Root Bridge Root Bridge is the focal point with the best bridge ID in the

network that decides as to which port is to be blocked andwhich is to be put in forwarding mode

BPDU Switches exchange information used for selection of the root

bridge and configuration network. This information exists in

Bridge Protocol Data Unit (BPDU) that are special data

frames being exchanged at every two seconds. A switchcompares the parameters in BPDUs and sends these

parameters to another switch along with the parameters

received from the former switch

8/7/2019 Chapter 13 vN.1

19/63

Chapter 13 19

Spanning Tree Protocol Terms - II

Bridge ID The bridge with the lowest Bridge ID is selected as the root.

The 8-byte bridge ID is the combination of the bridge priority

(2-byte) and the MAC address (6-byte). STP keeps the track

of all switches using the Bridge ID

Nonroot Bridge The bridge that is not the root bridge in a network is calledthe Nonroot bridge. It exchanges BPDUs with all the

bridges. They update the STP topology on all the switches

that helps in preventing loops and provide measures against

link failures

Root port Root port is the directly connected to the root bridge. If morethan one link is connected to the root bridge, a port cost is

set. The lowest port cost will be the root port

8/7/2019 Chapter 13 vN.1

20/63

Chapter 13 20

Spanning Tree Protocol Terms - III

Designated port A designated port is one that has been determined to have

the lowest cost. The port will be marked as the forwarding

port

Port cost Port cost decides when multiple links are to be used

between two switches where none of them is a root port.This cost directly varies with the bandwidth of a link

Nondesignated

port

A nondesignated port is the one, which has higher cost than

the designated port. They are put in blocking mode only

Forwarding port A forwarding port forwards frames

Blocked port A blocked port will not forward frames in order to prevent

loops. Blocked port will listen to frames

8/7/2019 Chapter 13 vN.1

21/63

Chapter 13 21

Working of the Spanning Tree

Protocol

8/7/2019 Chapter 13 vN.1

22/63

Chapter 13 22

Spanning-Tree Port States

The ports on a bridge or switch running STP can

move through five different states:

Blocking

Listening Learning

Forwarding

Disabled

8/7/2019 Chapter 13 vN.1

23/63

Chapter 13 23

Support of RSTP in Catalyst Switches

Catalyst Platform MST w/RSTP RPVST+(also known as

PVRST)

Catalyst 2900 XL/3500

XL

Not available Not available

Catalyst 2940 Not available Not available

Catalyst 3560 12.1(19)EA 1 12.1(19)EA 1

Catalyst 3750 Metro 12.1(14)AX 12.1(14)AX

Catalyst 6000/6500 7.1 7.5

8/7/2019 Chapter 13 vN.1

24/63

Chapter 13 24

Catalyst 1900 Switches

The 1900 switch available in the standard edition

provide 12 or 24 10BaseT ports in a fixed

configuration

The enterprise edition for the 1900 switches provide

higher rate of flexibility and high performance of

400Mbps between Ethernet switches

The 1900 switch supports an optional external

redundant power supply (RPS) and has the capacity

to support 1024 MAC address

8/7/2019 Chapter 13 vN.1

25/63

Chapter 13 25

Default setting list for 1900 switches

Command Status

IP address 0.0.0.0

CDP Enabled

switching mode Fragment Free

100BaseT port Autonegotiate duplex mode

10BaseT port Half duplex

spanning Tree Enabledconsole password None

8/7/2019 Chapter 13 vN.1

26/63

Chapter 13 26

IP and Port Duplex Configuration

Every switch, unlike the router, acts as a single IP

host with an IP address and a subnet mask

The IP addresses need not be configured for each

interface of the switch

The duplex can be set to any of the four modes.

The following are the types of modes:

Auto

Full Full-flow control

Half

8/7/2019 Chapter 13 vN.1

27/63

Chapter 13 27

MAC Addresses

Media Access Control (MAC) is a hardware address

that identifies every node in a network uniquely

The different entries in the MAC address table

include:

Dynamic addresses

Permanent MAC addresses

Restricted-static entries

8/7/2019 Chapter 13 vN.1

28/63

Chapter 13 28

MAC Address Table

8/7/2019 Chapter 13 vN.1

29/63

Chapter 13 29

Port Security

Port security is one the features that the MAC

address table possess

This feature limits the number of MAC addresses

associated with the port in the MAC address table

The function of this feature is to limit the number of

sources that can forward frames into that particular

switch port

Port security on 2900 switches can be configured

using the port secure max-mac-count command

8/7/2019 Chapter 13 vN.1

30/63

Chapter 13 30

Case Study

At the Hyderabad branch of the Blue Diamond Steel

organization, there are four departments, Finance,

Sales, Software Management and Project

Management. Under the Finance department, there

are three more sections named Salary, Clearanceand Receivables. There is a hub for each department

on the network. The network administrator of the

company Robert wants that only the three

departments salary, clearance and receivables areable to access the finance department hub.

8/7/2019 Chapter 13 vN.1

31/63

Chapter 13 31

Problem

All the departments can access the Finance

department hub that threatens data confidentiality

8/7/2019 Chapter 13 vN.1

32/63

Chapter 13 32

Suggested Solution

The administrator can restrict the other departments

to access the Finance hub using the port secure

max-mac-count command. The number 3 should be

taken as a parameter to the command because the

administrator wants to allow only three ports toconnect the hub. The port security feature makes

sure that the finance dept can be accessed only by

these three ports. No other ports can access this hub.

This increases the security of the hub. Therefore, themain function of the feature is to secure the hub

8/7/2019 Chapter 13 vN.1

33/63

Chapter 13 33

Configuration Files

The configuration can be stored in many locations

These locations may include the RAM, NVRAM, or a

TFTP server

The commands used for managing the switch

configuration files are similar to the commands for

router configuration file management

You can view the configuration of the switch using

the show startup-config command

The switch software version can be viewed using

the show version command

8/7/2019 Chapter 13 vN.1

34/63

Chapter 13 34

MAC Addresses

The 2900 series have the capacity to support 8124

switches

Use mac-address-table static 0666.6333.6333 e0/3

to configure static entries

You can configure static entries on a 2900 switch

using the mac-address-table static command

8/7/2019 Chapter 13 vN.1

35/63

Chapter 13 35

Switch Startup

When the 1900 switch is first switched on, it runs

through a power-on self-test (POST)

Power-On Self Test (POST) is a sequence of steps

to check the functioning of the hardware devices

When a console cable is connected to the switch, a

menu appears on the screen

This menu has different options such as by pressing

K you can use the CLI, pressing M allows you to

configure the switch through menu system and

pressing I allows you to configure the IP

configuration of the switch

8/7/2019 Chapter 13 vN.1

36/63

Chapter 13 36

Switch LED During POST and its

Interpretation The following is the list of the 2950 switch LEDs with

their meanings:

System Redundant power supply (RPS)

Mode button

Stat

Util

Duplex

Speed

8/7/2019 Chapter 13 vN.1

37/63

Chapter 13 37

Accessing Switch CLI

CLI is the acronym for command line interface to

IOS which is the operating system software used by

Cisco products

There are three ways to access the CLI

These methods are to access the router either

through the console, a dial-up or a modem attached

to the auxiliary port or by using Telnet

8/7/2019 Chapter 13 vN.1

38/63

Chapter 13 38

Setting password

Setting passwords for the switch is important so that

unauthorized users are not able to connect to the

switch

You can set passwords for the user and the

privileged modes

User mode password is used to verify the

authorization on a switch including accessing a

console

The privileged mode password is used for allowing

access to the switch to view and edit the switch

configuration

8/7/2019 Chapter 13 vN.1

39/63

Chapter 13 39

User and Enable mode Passwords

The following procedure shows the configuration of

user mode and the enable mode passwords:

(config)#enable password ?

level Set exec level password

(config)# enable password level ?

level number

Use the level number 1 to enter the user mode

password and level number 15 to enter the enablemode password

8/7/2019 Chapter 13 vN.1

40/63

Chapter 13 40

Enable Secret Passwords

The enable secret password provides maximum

security and it replaces the enable password if it is

set

Therefore, if you set the enable secret password,

there is no need of the enable mode password

(config)#enable secret todd2

The enable password and the enable secret

commands can be made same on the 1900 switch,

unlike on a router

8/7/2019 Chapter 13 vN.1

41/63

Chapter 13 41

Setting Hostname

To set the hostname on a 1900 switch as you would

on a router, perform the following steps:

#config t

Enter configuration commands, one per line.

End with CNTL/Z

(config)#hostname Todd1900

Todd1900(config)#

On the 2950 switch, perform the following steps:Switch(config)#hostname Todd2950

Todd2950(config)#

8/7/2019 Chapter 13 vN.1

42/63

Chapter 13 42

Setting IP information

You should set IP address or default gateway on the

Layer 2 switch as they are not set by default

The show ip command is used to see the default IP

configuration of the 1900 switch

To set the ip addresses, you should use the ip

address command and use the ip default-gateway

command to set the default gateway

8/7/2019 Chapter 13 vN.1

43/63

Chapter 13 43

Configuring IP Address and Default

Gateway on the 1900 Switch

8/7/2019 Chapter 13 vN.1

44/63

Chapter 13 44

Configuring IP Address and Default

Gateway on the 2950 Switch

8/7/2019 Chapter 13 vN.1

45/63

Chapter 13 45

Configuring Interface Description on

1900 Switch

8/7/2019 Chapter 13 vN.1

46/63

Chapter 13 46

Configuring Interface Description on

2950 Switch

8/7/2019 Chapter 13 vN.1

47/63

Chapter 13 47

Setting Port Security

For a particular device to be plugged into the switchport, you should configure the MAC address of that

device as a static entry, which is associated with the

switch port

This can be accomplished by configuring portsecurity on the switch port so that it can reject traffic

of MAC address other than that of the particular

device. The command used to set port security is:

Switch (config-if)#switchport port-security mac-address mac-address

8/7/2019 Chapter 13 vN.1

48/63

Chapter 13 48

Erasing Switch Configuration

NVRAM stores the configurations of the 1900 and2950 switches

When a change is made to the switchs running-

config, it is automatically copied to NVRAM

In the 2950 switch, you save the configuration using

the copy run start command and clear the contents

of the NVRAM using the erase startup-config

command

8/7/2019 Chapter 13 vN.1

49/63

Chapter 13 49

Configuring STP

In order to configure STP we need to configure thefollowing:

Root Bridge

Secondary Root Switch

STP Port Priority STP Path Cost

Bridge Priority of VLAN

Hello Time

Forwarding Delay Time for VLAN

Maximum Aging Time for VLAN

8/7/2019 Chapter 13 vN.1

50/63

Chapter 13 50

Configuring the Root Bridge

The bridge ID is used to select a root bridge in theSTP domain

It also selects the root port for each of the devices in

the STP domain

To configure the root bridge, you must change thepriority value of that particular switch, which is 32768

by default

To do this, use the spanning-tree vlan command to set

the switch priority value for the specified VLAN to8192. The syntax of the command is given as:

spanning-tree vlan [vlan-id] root primary diameter

8/7/2019 Chapter 13 vN.1

51/63

Chapter 13 51

Configuring the Secondary Root

Switch You must configure a secondary switch to act as the root

bridge, if the root bridge does not function properly

To configure another switch as the secondary root on

vlan 1002:

Switch2#configure terminal

Switch2(config)#spanning-tree vlan 1002 root secondary

diameter 4

Switch2(config)#exit

To verify the secondary root bridge configuration:

Switch2#show spanning-tree vlan 1002

8/7/2019 Chapter 13 vN.1

52/63

Chapter 13 52

Configuring and verifying the spanning

tree port priority of a Fast Ethernetinterface

To configure and verify the spanning tree port

priority of a Fast Ethernet interface:Switch1#configure terminal

Switch1(config)#interface fastethernet 5/8

Switch1(config-if)#spanning-tree port-priority 100

Switch1(config-if)#exitSwitch1#show spanning-tree interface fastethernet5/8

8/7/2019 Chapter 13 vN.1

53/63

Chapter 13 53

Configuring and verifying the spanning

tree VLAN port priority of a FastEthernet interface

To configure and verify the spanning tree VLAN port

priority of a Fast Ethernet interface:Switch1#configure terminal

Switch1(config)#interface fastethernet 5/8

Switch1(config-if)#spanning-tree vlan 1002 port-

priority 64

Switch1(config-if)#exit

Switch1#show spanning-tree vlan 1002

8/7/2019 Chapter 13 vN.1

54/63

Chapter 13 54

Configuring and verifying the spanning

tree path cost of a Fast Ethernetinterface

To configure and verify the spanning tree path cost

of a Fast Ethernet interface:Switch1#configure terminal

Switch1(config)#interface fastethernet 5/8

Switch1(config-if)#spanning-tree cost 18

Switch1(config-if)#exit

Switch1# show spanning-tree interface fastethernet

5/8

8/7/2019 Chapter 13 vN.1

55/63

Chapter 13 55

Configuring the Bridge Priority of VLAN

You can configure a switch with the lowest priority valueand thereby, increase the probability to act as the root

bridge in the specified VLAN

The range for setting the bridge priority is from 1 to

65535. To configure and verify the bridge priority of VLAN 1002

to 33792:

Switch1#configure terminal

Switch1(config)#spanning-tree vlan 1002 priority 33792Switch1(config)#exit

Switch1#show spanning-tree vlan 1002 bridge brief

8/7/2019 Chapter 13 vN.1

56/63

Chapter 13 56

Configuring Hello Time

You can decide the time interval after which the rootswitch creates messages having configuration

information

This is done by changing the STP hello time in seconds

To configure the hello time for VLAN 1002 to8 seconds:

Switch1#configure terminal

Switch1(config)#spanning-tree vlan 1002 hello-time 8

Switch1(config)#exit

Switch1#show spanning-tree vlan 1002 bridge brief

8/7/2019 Chapter 13 vN.1

57/63

Chapter 13 57

Configuring Forwarding Delay Time

for VLAN The forward delay time refers to time in seconds that a

port takes to enter in forwarding state from the learning

and leaning states

To configure and verify the forward delay time for 22

seconds:

Switch1# configure terminal

Switch1(config)#spanning-tree vlan 1002 forward-time 22

Switch1(config)#exit

Switch1#show spanning-tree vlan 1002 bridge brief

8/7/2019 Chapter 13 vN.1

58/63

Chapter 13 58

Configuring the Maximum Aging

Time for VLAN To configure and verify the maximum aging time for

VLAN 1002 to 40 seconds:

Switch1#configure terminalSwitch1(config)#spanning-tree vlan 1002 max-age 40

Switch1(config)#exit

Switch1#show spanning-tree vlan 1002 bridge brief

8/7/2019 Chapter 13 vN.1

59/63

Chapter 13 59

Summary - I

LAN switching solves the problem of high network traffic

in Ethernet, Token Ring and Fiber Distributed Data

Interface (FDDI) by increasing the network bandwidth

Spanning Tree Protocol (STP) is used to stop the

network loop that occurs for an indefinite period on thelayer 2 network

When all ports on the bridges and switches are in the

forwarding or blocking mode, convergence takes place

The 1900 switch supports an optional external redundantpower supply (RPS) and has the capacity to support

1024 MAC address

8/7/2019 Chapter 13 vN.1

60/63

Chapter 13 60

Summary - II

The Catalyst 1900 and 2900 series switches are

available in the two versions:

Standard

Enterprise

The Standard edition of the 1900 switches provides 12

or 24 10BaseT ports in a fixed configuration

The Enterprise edition of the 1900 switches provide

higher rate of flexibility and high performance of

400Mbps between Ethernet switches

The command to display the default configuration of the

Cisco series switches is show running-config

8/7/2019 Chapter 13 vN.1

61/63

Chapter 1361

Summary - III

The switches can be configured in any of the three

following methods:

Menu driven interfaces

Visual switch manager (VSM)

Command Line Interface (CLI)

The two features commonly configured while installing

the switch are:

TCP/IP

Setting of duplex on keys

The command used to the IP configuration and duplex

setting on a switch is show ip or show interface

8/7/2019 Chapter 13 vN.1

62/63

Chapter 1362

Summary - I V

The duplex on the key can be set on any of the following

modes:

Auto mode

Full mode

Full-flow control mode

Half mode

The Dynamic addresses concept is when MAC addresses are

added to the MAC address table via normal bridge/switch

processing The Permanent MAC addresses concept is when MAC

address is associated with a port just as it would have been

associated as a dynamic address through configuration

8/7/2019 Chapter 13 vN.1

63/63

Chapter 13

Summary - V

The Restricted-static entries concept is when a MAC

address is configured to be associated only with a

particular port, with an additional restriction

Port security limits the number of MAC addresses

associated with the port in the MAC address table.

The Standard version of Catalyst 2900 provides VLAN

capability

The command used to configure static entries on a 2900

switch is mac-address-table static command The command to configure the port security feature is

port security max-mac-count