Upload
sujeethat
View
227
Download
0
Embed Size (px)
Citation preview
8/7/2019 Chapter 13 vN.1
1/63
Catalyst Switch Operation
Chapter 13
8/7/2019 Chapter 13 vN.1
2/63
Chapter 13 2
Chapter Objectives
Explain the Spanning Tree Protocol
Explain the catalyst 1900 switch operation
Explain the catalyst 2900 switch operation
8/7/2019 Chapter 13 vN.1
3/63
Chapter 13 3
Recall
Network Address Translation (NAT) is an IETF
(Internet Engineering Task Force) standard that
allows LAN to operate with a single IP address when
connected to the Internet
NAT operates at the Network layer (Layer 3) of the
OSI Reference Model
The Port Address Translation (PAT) is a feature of
any NAT device that translates all the IP addresses
of LAN to a single IP address; however, assigns
different port numbers to each host in the LAN
Set IP PAT is PAT Configuration Commands
8/7/2019 Chapter 13 vN.1
4/63
Chapter 13 4
LAN Switching
LAN switching solves the problem of high network
traffic in Ethernet, Token Ring and Fiber Distributed
Data Interface (FDDI) by increasing the network
bandwidth
LAN switch is a device that provides higher port
density at low cost than traditional bridges with the
help of existing cable infrastructure
A LAN switch forwards frames based on the frame
layer 2 addresses or layer 3 addresses
It is also called frame switch because it forwards
layer 2 frames
8/7/2019 Chapter 13 vN.1
5/63
Chapter 13 5
Layer 2 and Layer 3 Switching
Bridge and switches operating at layer 2 of the OSI
model consider either MAC address or layer 2
addresses without influencing the layer 3 or logical
addressing
A layer 3 switch is a network device that forwards
traffic based on the layer 3 addressing at high speed
Routers are considerably slower than layer 2
switches
8/7/2019 Chapter 13 vN.1
6/63
Chapter 13 6
Switch Operation
A switch is simply a bridge with many ports
There are two types of technologies, Content
Addressable Memory (CAM) and Application-
specific Integrated Circuit (ASIC) used in switches
for better functioning
These two technologies allows the switch to keep
process multiple packets efficiently
8/7/2019 Chapter 13 vN.1
7/63
Chapter 13 7
Transmitting Data from A to B
8/7/2019 Chapter 13 vN.1
8/63
Chapter 13 8
Updating the Address Table
8/7/2019 Chapter 13 vN.1
9/63
Chapter 13 9
Transmitting Data to all the Ports
8/7/2019 Chapter 13 vN.1
10/63
Chapter 13 10
Response Data from B to A
8/7/2019 Chapter 13 vN.1
11/63
Chapter 13 11
Symmetric Switching
8/7/2019 Chapter 13 vN.1
12/63
Chapter 13 12
Asymmetric Switching
8/7/2019 Chapter 13 vN.1
13/63
Chapter 13 13
Collision Domains within Shared
Environments Collision is a situation when two or more data
packets travel at the same time on the same
medium in the same direction This region is referred as collision domain. Collision
domain is a set ofNICs in which a frame sent by
one NIC could result in a collision with a frame sent
by any otherN
IC in the same domain This happens mostly in a shared environment where
devices are shared to transmit data to the
destination network or host
8/7/2019 Chapter 13 vN.1
14/63
Chapter 13 14
Shared Media Environments
8/7/2019 Chapter 13 vN.1
15/63
Chapter 13 15
Collision Domain Segmentation
8/7/2019 Chapter 13 vN.1
16/63
Chapter 13 16
Broadcast Domains
8/7/2019 Chapter 13 vN.1
17/63
Chapter 13 17
Speed and Autonegotiation
Devices that are capable of different transmission
rates, different duplex modes and different
standards at the same speed can use Ethernet
autonegotiations
Two devices choose the best possible mode of
transmission, where higher speed is preferred over
lower speed and full duplex over half duplex
To support autonegotiations, the switch and theNIC
must support multiple speeds
8/7/2019 Chapter 13 vN.1
18/63
Chapter 13 18
Spanning Tree Protocol Terms - I
STP Terms Description
STP STP is bridge protocol that uses STA to search for links and
creates the topology base
Root Bridge Root Bridge is the focal point with the best bridge ID in the
network that decides as to which port is to be blocked andwhich is to be put in forwarding mode
BPDU Switches exchange information used for selection of the root
bridge and configuration network. This information exists in
Bridge Protocol Data Unit (BPDU) that are special data
frames being exchanged at every two seconds. A switchcompares the parameters in BPDUs and sends these
parameters to another switch along with the parameters
received from the former switch
8/7/2019 Chapter 13 vN.1
19/63
Chapter 13 19
Spanning Tree Protocol Terms - II
Bridge ID The bridge with the lowest Bridge ID is selected as the root.
The 8-byte bridge ID is the combination of the bridge priority
(2-byte) and the MAC address (6-byte). STP keeps the track
of all switches using the Bridge ID
Nonroot Bridge The bridge that is not the root bridge in a network is calledthe Nonroot bridge. It exchanges BPDUs with all the
bridges. They update the STP topology on all the switches
that helps in preventing loops and provide measures against
link failures
Root port Root port is the directly connected to the root bridge. If morethan one link is connected to the root bridge, a port cost is
set. The lowest port cost will be the root port
8/7/2019 Chapter 13 vN.1
20/63
Chapter 13 20
Spanning Tree Protocol Terms - III
Designated port A designated port is one that has been determined to have
the lowest cost. The port will be marked as the forwarding
port
Port cost Port cost decides when multiple links are to be used
between two switches where none of them is a root port.This cost directly varies with the bandwidth of a link
Nondesignated
port
A nondesignated port is the one, which has higher cost than
the designated port. They are put in blocking mode only
Forwarding port A forwarding port forwards frames
Blocked port A blocked port will not forward frames in order to prevent
loops. Blocked port will listen to frames
8/7/2019 Chapter 13 vN.1
21/63
Chapter 13 21
Working of the Spanning Tree
Protocol
8/7/2019 Chapter 13 vN.1
22/63
Chapter 13 22
Spanning-Tree Port States
The ports on a bridge or switch running STP can
move through five different states:
Blocking
Listening Learning
Forwarding
Disabled
8/7/2019 Chapter 13 vN.1
23/63
Chapter 13 23
Support of RSTP in Catalyst Switches
Catalyst Platform MST w/RSTP RPVST+(also known as
PVRST)
Catalyst 2900 XL/3500
XL
Not available Not available
Catalyst 2940 Not available Not available
Catalyst 3560 12.1(19)EA 1 12.1(19)EA 1
Catalyst 3750 Metro 12.1(14)AX 12.1(14)AX
Catalyst 6000/6500 7.1 7.5
8/7/2019 Chapter 13 vN.1
24/63
Chapter 13 24
Catalyst 1900 Switches
The 1900 switch available in the standard edition
provide 12 or 24 10BaseT ports in a fixed
configuration
The enterprise edition for the 1900 switches provide
higher rate of flexibility and high performance of
400Mbps between Ethernet switches
The 1900 switch supports an optional external
redundant power supply (RPS) and has the capacity
to support 1024 MAC address
8/7/2019 Chapter 13 vN.1
25/63
Chapter 13 25
Default setting list for 1900 switches
Command Status
IP address 0.0.0.0
CDP Enabled
switching mode Fragment Free
100BaseT port Autonegotiate duplex mode
10BaseT port Half duplex
spanning Tree Enabledconsole password None
8/7/2019 Chapter 13 vN.1
26/63
Chapter 13 26
IP and Port Duplex Configuration
Every switch, unlike the router, acts as a single IP
host with an IP address and a subnet mask
The IP addresses need not be configured for each
interface of the switch
The duplex can be set to any of the four modes.
The following are the types of modes:
Auto
Full Full-flow control
Half
8/7/2019 Chapter 13 vN.1
27/63
Chapter 13 27
MAC Addresses
Media Access Control (MAC) is a hardware address
that identifies every node in a network uniquely
The different entries in the MAC address table
include:
Dynamic addresses
Permanent MAC addresses
Restricted-static entries
8/7/2019 Chapter 13 vN.1
28/63
Chapter 13 28
MAC Address Table
8/7/2019 Chapter 13 vN.1
29/63
Chapter 13 29
Port Security
Port security is one the features that the MAC
address table possess
This feature limits the number of MAC addresses
associated with the port in the MAC address table
The function of this feature is to limit the number of
sources that can forward frames into that particular
switch port
Port security on 2900 switches can be configured
using the port secure max-mac-count command
8/7/2019 Chapter 13 vN.1
30/63
Chapter 13 30
Case Study
At the Hyderabad branch of the Blue Diamond Steel
organization, there are four departments, Finance,
Sales, Software Management and Project
Management. Under the Finance department, there
are three more sections named Salary, Clearanceand Receivables. There is a hub for each department
on the network. The network administrator of the
company Robert wants that only the three
departments salary, clearance and receivables areable to access the finance department hub.
8/7/2019 Chapter 13 vN.1
31/63
Chapter 13 31
Problem
All the departments can access the Finance
department hub that threatens data confidentiality
8/7/2019 Chapter 13 vN.1
32/63
Chapter 13 32
Suggested Solution
The administrator can restrict the other departments
to access the Finance hub using the port secure
max-mac-count command. The number 3 should be
taken as a parameter to the command because the
administrator wants to allow only three ports toconnect the hub. The port security feature makes
sure that the finance dept can be accessed only by
these three ports. No other ports can access this hub.
This increases the security of the hub. Therefore, themain function of the feature is to secure the hub
8/7/2019 Chapter 13 vN.1
33/63
Chapter 13 33
Configuration Files
The configuration can be stored in many locations
These locations may include the RAM, NVRAM, or a
TFTP server
The commands used for managing the switch
configuration files are similar to the commands for
router configuration file management
You can view the configuration of the switch using
the show startup-config command
The switch software version can be viewed using
the show version command
8/7/2019 Chapter 13 vN.1
34/63
Chapter 13 34
MAC Addresses
The 2900 series have the capacity to support 8124
switches
Use mac-address-table static 0666.6333.6333 e0/3
to configure static entries
You can configure static entries on a 2900 switch
using the mac-address-table static command
8/7/2019 Chapter 13 vN.1
35/63
Chapter 13 35
Switch Startup
When the 1900 switch is first switched on, it runs
through a power-on self-test (POST)
Power-On Self Test (POST) is a sequence of steps
to check the functioning of the hardware devices
When a console cable is connected to the switch, a
menu appears on the screen
This menu has different options such as by pressing
K you can use the CLI, pressing M allows you to
configure the switch through menu system and
pressing I allows you to configure the IP
configuration of the switch
8/7/2019 Chapter 13 vN.1
36/63
Chapter 13 36
Switch LED During POST and its
Interpretation The following is the list of the 2950 switch LEDs with
their meanings:
System Redundant power supply (RPS)
Mode button
Stat
Util
Duplex
Speed
8/7/2019 Chapter 13 vN.1
37/63
Chapter 13 37
Accessing Switch CLI
CLI is the acronym for command line interface to
IOS which is the operating system software used by
Cisco products
There are three ways to access the CLI
These methods are to access the router either
through the console, a dial-up or a modem attached
to the auxiliary port or by using Telnet
8/7/2019 Chapter 13 vN.1
38/63
Chapter 13 38
Setting password
Setting passwords for the switch is important so that
unauthorized users are not able to connect to the
switch
You can set passwords for the user and the
privileged modes
User mode password is used to verify the
authorization on a switch including accessing a
console
The privileged mode password is used for allowing
access to the switch to view and edit the switch
configuration
8/7/2019 Chapter 13 vN.1
39/63
Chapter 13 39
User and Enable mode Passwords
The following procedure shows the configuration of
user mode and the enable mode passwords:
(config)#enable password ?
level Set exec level password
(config)# enable password level ?
level number
Use the level number 1 to enter the user mode
password and level number 15 to enter the enablemode password
8/7/2019 Chapter 13 vN.1
40/63
Chapter 13 40
Enable Secret Passwords
The enable secret password provides maximum
security and it replaces the enable password if it is
set
Therefore, if you set the enable secret password,
there is no need of the enable mode password
(config)#enable secret todd2
The enable password and the enable secret
commands can be made same on the 1900 switch,
unlike on a router
8/7/2019 Chapter 13 vN.1
41/63
Chapter 13 41
Setting Hostname
To set the hostname on a 1900 switch as you would
on a router, perform the following steps:
#config t
Enter configuration commands, one per line.
End with CNTL/Z
(config)#hostname Todd1900
Todd1900(config)#
On the 2950 switch, perform the following steps:Switch(config)#hostname Todd2950
Todd2950(config)#
8/7/2019 Chapter 13 vN.1
42/63
Chapter 13 42
Setting IP information
You should set IP address or default gateway on the
Layer 2 switch as they are not set by default
The show ip command is used to see the default IP
configuration of the 1900 switch
To set the ip addresses, you should use the ip
address command and use the ip default-gateway
command to set the default gateway
8/7/2019 Chapter 13 vN.1
43/63
Chapter 13 43
Configuring IP Address and Default
Gateway on the 1900 Switch
8/7/2019 Chapter 13 vN.1
44/63
Chapter 13 44
Configuring IP Address and Default
Gateway on the 2950 Switch
8/7/2019 Chapter 13 vN.1
45/63
Chapter 13 45
Configuring Interface Description on
1900 Switch
8/7/2019 Chapter 13 vN.1
46/63
Chapter 13 46
Configuring Interface Description on
2950 Switch
8/7/2019 Chapter 13 vN.1
47/63
Chapter 13 47
Setting Port Security
For a particular device to be plugged into the switchport, you should configure the MAC address of that
device as a static entry, which is associated with the
switch port
This can be accomplished by configuring portsecurity on the switch port so that it can reject traffic
of MAC address other than that of the particular
device. The command used to set port security is:
Switch (config-if)#switchport port-security mac-address mac-address
8/7/2019 Chapter 13 vN.1
48/63
Chapter 13 48
Erasing Switch Configuration
NVRAM stores the configurations of the 1900 and2950 switches
When a change is made to the switchs running-
config, it is automatically copied to NVRAM
In the 2950 switch, you save the configuration using
the copy run start command and clear the contents
of the NVRAM using the erase startup-config
command
8/7/2019 Chapter 13 vN.1
49/63
Chapter 13 49
Configuring STP
In order to configure STP we need to configure thefollowing:
Root Bridge
Secondary Root Switch
STP Port Priority STP Path Cost
Bridge Priority of VLAN
Hello Time
Forwarding Delay Time for VLAN
Maximum Aging Time for VLAN
8/7/2019 Chapter 13 vN.1
50/63
Chapter 13 50
Configuring the Root Bridge
The bridge ID is used to select a root bridge in theSTP domain
It also selects the root port for each of the devices in
the STP domain
To configure the root bridge, you must change thepriority value of that particular switch, which is 32768
by default
To do this, use the spanning-tree vlan command to set
the switch priority value for the specified VLAN to8192. The syntax of the command is given as:
spanning-tree vlan [vlan-id] root primary diameter
8/7/2019 Chapter 13 vN.1
51/63
Chapter 13 51
Configuring the Secondary Root
Switch You must configure a secondary switch to act as the root
bridge, if the root bridge does not function properly
To configure another switch as the secondary root on
vlan 1002:
Switch2#configure terminal
Switch2(config)#spanning-tree vlan 1002 root secondary
diameter 4
Switch2(config)#exit
To verify the secondary root bridge configuration:
Switch2#show spanning-tree vlan 1002
8/7/2019 Chapter 13 vN.1
52/63
Chapter 13 52
Configuring and verifying the spanning
tree port priority of a Fast Ethernetinterface
To configure and verify the spanning tree port
priority of a Fast Ethernet interface:Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree port-priority 100
Switch1(config-if)#exitSwitch1#show spanning-tree interface fastethernet5/8
8/7/2019 Chapter 13 vN.1
53/63
Chapter 13 53
Configuring and verifying the spanning
tree VLAN port priority of a FastEthernet interface
To configure and verify the spanning tree VLAN port
priority of a Fast Ethernet interface:Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree vlan 1002 port-
priority 64
Switch1(config-if)#exit
Switch1#show spanning-tree vlan 1002
8/7/2019 Chapter 13 vN.1
54/63
Chapter 13 54
Configuring and verifying the spanning
tree path cost of a Fast Ethernetinterface
To configure and verify the spanning tree path cost
of a Fast Ethernet interface:Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree cost 18
Switch1(config-if)#exit
Switch1# show spanning-tree interface fastethernet
5/8
8/7/2019 Chapter 13 vN.1
55/63
Chapter 13 55
Configuring the Bridge Priority of VLAN
You can configure a switch with the lowest priority valueand thereby, increase the probability to act as the root
bridge in the specified VLAN
The range for setting the bridge priority is from 1 to
65535. To configure and verify the bridge priority of VLAN 1002
to 33792:
Switch1#configure terminal
Switch1(config)#spanning-tree vlan 1002 priority 33792Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
8/7/2019 Chapter 13 vN.1
56/63
Chapter 13 56
Configuring Hello Time
You can decide the time interval after which the rootswitch creates messages having configuration
information
This is done by changing the STP hello time in seconds
To configure the hello time for VLAN 1002 to8 seconds:
Switch1#configure terminal
Switch1(config)#spanning-tree vlan 1002 hello-time 8
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
8/7/2019 Chapter 13 vN.1
57/63
Chapter 13 57
Configuring Forwarding Delay Time
for VLAN The forward delay time refers to time in seconds that a
port takes to enter in forwarding state from the learning
and leaning states
To configure and verify the forward delay time for 22
seconds:
Switch1# configure terminal
Switch1(config)#spanning-tree vlan 1002 forward-time 22
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
8/7/2019 Chapter 13 vN.1
58/63
Chapter 13 58
Configuring the Maximum Aging
Time for VLAN To configure and verify the maximum aging time for
VLAN 1002 to 40 seconds:
Switch1#configure terminalSwitch1(config)#spanning-tree vlan 1002 max-age 40
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
8/7/2019 Chapter 13 vN.1
59/63
Chapter 13 59
Summary - I
LAN switching solves the problem of high network traffic
in Ethernet, Token Ring and Fiber Distributed Data
Interface (FDDI) by increasing the network bandwidth
Spanning Tree Protocol (STP) is used to stop the
network loop that occurs for an indefinite period on thelayer 2 network
When all ports on the bridges and switches are in the
forwarding or blocking mode, convergence takes place
The 1900 switch supports an optional external redundantpower supply (RPS) and has the capacity to support
1024 MAC address
8/7/2019 Chapter 13 vN.1
60/63
Chapter 13 60
Summary - II
The Catalyst 1900 and 2900 series switches are
available in the two versions:
Standard
Enterprise
The Standard edition of the 1900 switches provides 12
or 24 10BaseT ports in a fixed configuration
The Enterprise edition of the 1900 switches provide
higher rate of flexibility and high performance of
400Mbps between Ethernet switches
The command to display the default configuration of the
Cisco series switches is show running-config
8/7/2019 Chapter 13 vN.1
61/63
Chapter 1361
Summary - III
The switches can be configured in any of the three
following methods:
Menu driven interfaces
Visual switch manager (VSM)
Command Line Interface (CLI)
The two features commonly configured while installing
the switch are:
TCP/IP
Setting of duplex on keys
The command used to the IP configuration and duplex
setting on a switch is show ip or show interface
8/7/2019 Chapter 13 vN.1
62/63
Chapter 1362
Summary - I V
The duplex on the key can be set on any of the following
modes:
Auto mode
Full mode
Full-flow control mode
Half mode
The Dynamic addresses concept is when MAC addresses are
added to the MAC address table via normal bridge/switch
processing The Permanent MAC addresses concept is when MAC
address is associated with a port just as it would have been
associated as a dynamic address through configuration
8/7/2019 Chapter 13 vN.1
63/63
Chapter 13
Summary - V
The Restricted-static entries concept is when a MAC
address is configured to be associated only with a
particular port, with an additional restriction
Port security limits the number of MAC addresses
associated with the port in the MAC address table.
The Standard version of Catalyst 2900 provides VLAN
capability
The command used to configure static entries on a 2900
switch is mac-address-table static command The command to configure the port security feature is
port security max-mac-count