Switching in an Enterprise Network

© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1Version 4.0

Switching in an Enterprise Network

Introducing Routing and Switching in the Enterprise – Chapter 3

© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2

Objectives Compare the types of switches used in an enterprise

network.

Explain how Spanning Tree Protocol prevents switching loops.

Describe and configure VLANs on a Cisco switch.

Describe and configure trunking and Inter-VLAN routing.

Maintain VLANs in an enterprise network.


Introducing switching and network segmentation•Topics:

The reliance on switches in network design

The switch as an adaptable Layer 2 device that moves traffic based on MAC addresses

Content addressable memory (CAM) as the technology for maintaining the MAC address table

The role of switches in micro-segmenting domains to a single port

Multilayer switching that combines hardware-based switching and routing in the same device

The two major methods for switching: store and forward, and cut-through

The need for securing switches


Compare the Types of Switches Used in an Enterprise Network

Switching and network segmentation

Content addressable memory (CAM)

Virtual circuits


Discussion 01 You have probably seen the advertisements for Internet

service, “with up to a blazing-fast 12 Mbps” and then the fine print “Many factors affect speeds. Actual speeds may vary and are not guaranteed.”2 Advertised network speeds reflect a “best case scenario”.

Under some circumstances, wire speed represents the best-case scenario for a switched network. Wire speed represents the hypothetical maximum data transmission rate of a cable or other transmission medium. Wire speed is rarely achieved outside of a network device. CPU limitations, disk read/write overhead, or contention for resources can reduce the speed of transmission over a network.3

2) Comcast. (2007). Comcast High Speed Internet. Retrieved on September 10, 2007 from http://www.comcast.com/highspeedoffer-s/?CMP=KNC 1TO1Q3GOOGLE30&s_kwcid=comcast%20internet|751518367.3) http://en.wikipedia.org/wiki/Wire_speed


How do you find a MAC address?

What other devices in this room also have MAC addresses?

How do we discover the MAC addresses of other devices on the network?


What about CAM?

DEF: A switch moves traffic based on MAC addresses. Each switch maintains a MAC address table in high-speed memory, called content addressable memory

What makes CAM different from RAM? In RAM, the user (application) supplies a memory address and the RAM returns the data word stored at that address.

CAM functions as the reverse of RAM. In CAM, the user supplies the data word and the CAM searches its memory to see if it has the data word.

Thinking about network hardware, what kind of device might have CAM and what data might it contain?”


Investigations into CAM

Why does it make sense to remove (delete) entries from the MAC address table if they are not used within a certain period of time?

How does a switch handle a broadcast frame?

Reflection #1, Investigations into CAM


Forward or Flood

The larger the collision and broadcast domains the more likely that network traffic will be affected.

Simply put – the more devices participating in a collision domain the more collisions occur.

This is similar to what happens to drivers at a rotary or roundabout


Microsegmentation

How does a switch process traffic differently than a hub?


ASICs

Application-Specific Integrated Circuit

Taking A Look At The Basics Of ASICs

Smith, Michael. (June 1997) Application-Specific Integrated Circuits. Retrieved on September 16, 2007 from.

ASICs can consolidate the work of many chips into a single, smaller, faster package, reducing manufacturing and support costs while boosting the speed of the device built with them. ASIC technology is now so advanced that many functions traditionally implemented in software can be migrated to ASICs.


Routing with a Level 3 Switch

A Layer 3 switch is a high-performance device for network routing.

Layer 3 switches actually differ very little from routers.

A Layer 3 switch can support the same routing protocols as network routers do. Both inspect incoming packets and make dynamic routing decisions based on the source and destination addresses inside. Both types of boxes share a similar appearance


Complete Activity 3.1.1.5



Hardware-based Layer 2 switching

Software-based Layer-3 (multilayer) switching


Which is faster?

Routing has become much faster and often finds a route to an unknown host faster than the techniques used by standard Layer 2 switches.

Layer 2 switches have wire speed performance, and Layer 3 routers have higher latency. It would seem that switches should always be faster… hint - unknown host



Store and forward switching

Cut-through switchingFast-forward

Fragment-free


Frame Forwarding Method


Today, most Cisco LAN switches rely on the store-and-forward method for switching.



Switch physical security

Switch access security

Complete the lab in packet tracer


Redundancy in a Switched Network Redundancy is crucial in many areas of business and health

care.

Few people would want to undergo open-heart surgery if there was only one heart/lung machine keeping them alive while their heart was stopped, nor would a multi-national publicly traded company have only one set of financial records.

Skydivers have reserve chutes in case the main chute does not open; amusement park rides have manual and automatic seatbelts on the same rides to protect against human error.

Think of your favorite sports team. Does every player on the team get to participate on every play? Why is it important for a team to have ‘depth’ at certain positions?


Redundancy in a Switched Network

Networks require redundancy as well.

In the first quarter of 2007, Amazon.com generated a daily profit of $1.22 million per day, which equals $50,833 an hour or nearly a $1,000 a minute.¹

If the network goes down for an hour, once a week every week for a year, the total loss of profit is $2,643,316.

Do you think that Amazon.com has redundant networks in place?


E-Bay example One company that did not, but now does, is eBay.

“Prior to June 10, 1999, eBay experienced significant network failures and has since suffered additional outages, which together totaled more than 70 hours of outages in the first seven months of the year.¹

During the two day June crisis, eBay's stock crashed to $47 from $135, wiping out $5.7 billion of market capitalization, and dipped below $80 in early August before rising again to the $130 range.¹

Experts assessing the cause of the disaster cite eBay's failure to build redundant, scalable web architecture.”²


E-Bay example - references 1) CNN Money.com. (September 14, 2007).

Amazon.com Inc. Retrieved on September 8, 2007 from http://money.cnn.com/quote/financials/financials.html?symb=AMZN.

2) Cuomo, Andrew. (n.d.). Online Brokerage Industry Report. Retrieved on September 8, 2007 from http://www.oag.state.ny.us/investors/1999_online_brokers/points_reference.html.

Reflection #2, Redundancy Failures


Explain How Spanning Tree Protocol Prevents Switching Loops

Redundancy in network equipment

Redundant network links

Dangers of switching loops

Broadcast storms


Lets get paid double-checks The module mentions the problems within the network caused by

multiple frame transmissions.

Imagine the real world problems caused by multiple frame transmissions – duplicate paychecks, duplicate invoices for the same purchase, online banking with duplicate deposits or withdrawals, stock market transactions, etc. It is not only wasted bandwidth or CPU time we have to be concerned with – it is the very real chance that important transactions may be duplicated if multiple frames are sent.”

MAC database instability can also result from a switched loop network. Ask students, "What are the results of the MAC database being incorrect?"


Multiple transmissions


MAC Database Instability

If two switches on the same network can cause so many problems is there any way to

support redundancy?


Create a loop-free logical topology

Potential loop detection and port blocking

Redundancy without switching loops




Determining a root bridge

Bridge ID (BID)

Root ports, designated ports, and blocked ports


BPDUs BPDUs are frames that multicast every 2 seconds to all

other switches. BPDUs contain information such as:Identity of the source switch

Identity of the source port

Cumulative cost of path to root bridge

Value of aging timers

Value of the hello timer


STP port states – 1- Blocking


STP port states – 2 - Listening


STP port states – 3 – Learning


STP port states – 4 - Forwarding

A fifth state, disabled, indicates that the administrator has shut down the switch port.


Activity


Activity


Root Bridges

Determining a root bridge

Bridge ID (BID)

Root ports, designated ports, and blocked ports


Selection of root bridge

The root bridge does not need to be the most “powerful”; rather, it needs to be centrally located

The root bridge is based on the lowest BID value.

Since switches typically use the same default priority value <32768>, the switch with the lowest MAC address becomes the root bridge. We can force selection by changing the priority value.


Changing the priority to FIX the election

To set priority: S3(config)#spanning-tree vlan 1 priority 4096

To restore priority to default:S3(config)#no spanning-tree vlan 1 priority


STP Recalculations take time If a link failure occurs,

STP recalculates by: Changing some blocked

ports to forwarding ports

Changing some forwarding ports to blocked ports

Forming a new STP tree to maintain the loop-free integrity of the network STP is not instantaneous

This calculation and transition period takes about 30 to 50 seconds on each switch. During this recalculation, no user data passes through

the recalculating ports.


How Spanning Tree Protocol Prevents Switching Loops

STP recalculations

Minimizing downtimePortFast

UplinkFast

BackboneFast


STP Enhancements

STP PortFast causes an access port to enter the forwarding state immediately, bypassing the listening and learning states.

Using PortFast on access ports that are connected to a single workstation or server allows those devices to connect to the network immediately, instead of waiting for STP to converge.

STP UplinkFast accelerates the choice of a new root port when a link or switch fails or when STP reconfigures itself.

The root port transitions to the forwarding state immediately without going through the listening and learning states, as it would do with normal STP procedures.


STP Enhancements

BackboneFast provides fast convergence after a spanning tree topology change occurs.

It quickly restores backbone connectivity. BackboneFast is used at the Distribution and Core Layers, where multiple switches connect.

Limitation of all threeAll the enhancements are Cisco proprietary.

All the switches in the network must be running Cisco IOS


Discussion

What type of host or server would you connect with PortFast?

Could every host on a network be connected using PortFast?

Could you connect another switch to a network using PortFast?

Understanding and Configuring the Cisco Uplink Fast Feature, http://www.cisco.com/warp/public/473/51.html


How Spanning Tree Protocol Prevents Switching Loops

Spanning-tree verification commands


Show spanning-tree commands show spanning-tree - Displays root ID, bridge ID, and port

states

show spanning-tree summary - Displays a summary of port states

show spanning-tree root - Displays the status and configuration of the root bridge

show spanning-tree detail - Displays detailed port information

show spanning-tree interface - Displays STP interface status and configuration

show spanning-tree blockedports - Displays blocked ports


Spanning tree poetry Algorhyme

By Radia Perlman(Adapted from "Trees", by Joyce Kilmer)

I think that I shall never seeA graph more lovely than a tree.A tree whose crucial propertyIs loop-free connectivity.A tree which must be sure to spanSo packets can reach every LAN.First the Root must be selectedBy ID it is elected.Least cost paths from Root are tracedIn the tree these paths are placed.A mesh is made by folks like meThen bridges find a spanning tree.


RSTP

Rapid Spanning Tree Protocol (RSTP), defined in IEEE 802.1w, significantly speeds the recalculation of the spanning tree. Unlike PortFast, UplinkFast, and BackboneFast, RSTP is not proprietary.

RSTP requires a full-duplex, point-to-point connection between switches to achieve the highest reconfiguration speed. Reconfiguration of the spanning tree by RSTP occurs in less than 1 second, as compared to 50 seconds in STP.


RSTP

RSTP eliminates the requirements for features such as PortFast and UplinkFast. RSTP can revert to STP to provide services for legacy equipment.

To speed up the recalculation process, RSTP reduces the number of port states to three: discarding, learning and forwarding. The discarding state is similar to three of the original STP states: blocking, listening, and disabled.

RSTP also introduces the concept of active topology. All ports that are not discarding are part of the active topology and will immediately transition to the forwarding state.



Rapid Spanning Tree Protocol

Discarding

Active topology


Introducing VLANs

Many of us belong to clubs in our schools, civic and/or religious organizations in our communities each of which has a need to be able to communicate with only 'their' members.

Imagine that you are the Editor-in-Chief of the yearbook. You need to be able to communicate with the other members of the yearbook committee about an upcoming meeting. Would you rather send an email to every student in the school about this meeting, or be able to target just those members of the yearbook committee? The obvious answer, of course, is just those members of the yearbook committee.”


Introducing VLANs

In schools where email is not used for communication with students, the usual default for notifying students about club meetings is “morning announcements.” Students tend to sit there, half listening, until an organization in which they are involved makes an announcement.

This type of broadcast message can consume unnecessary time in the morning, while overloading students with too many broadcast messages, so many in fact that students may miss their own.


Introducing VLANs

Networks function in much the same way. As networks grow and more devices are connected to a switch, more broadcast traffic is generated and more bandwidth is wasted on messages that are not relevant to all members of the organization.

The solution is to create virtual local area networks (VLANs) that contain broadcasts and group hosts together in communities of interest.

The result is that traffic is logically grouped, minimizing broadcast traffic and saving bandwidth.


Relection 3

Take a look at the way our school is organized. What departments, subjects, groups, or users should be together in a VLAN?

Remember, one way to answer this question is to think about 'communities of interest’.

Reflection #3, Communities of Interest


Describe and Configure VLANs on a Cisco Switch

Virtual LANs

Logical networks

Broadcast control

Transparent to end-users

It allows an administrator to group together stations by logical function, by

project teams, or by applications, without regard to physical location of

the users.


Describe and Configure VLANs on a Cisco Switch VLAN functions

VLAN membershipStatic (also called port based - widely deployed)

Dynamic ( MAC based )


VMPS (VLAN Management Policy Server)

Return to the VLAN network diagram for the four communities of interest, and prepare a table in Word that maps the MAC addresses to the appropriate VLAN. This table would be used if we were to use dynamic VLANs


Configure VLANs on a Cisco Switch

VLAN 1: management VLAN

VLAN numbers and names

Port assignment


Configure VLANs on a Cisco Switch

VLAN verification commands

Deleting a VLAN

Removing a port from a VLAN


This is a good place to take a break

That was a Ton of new information!


Basic Switch Configuration


Config the Management Interface


Config the default gateway


Verify the configuration


Configure Duplex and Speed

You used to be required to use certain cable types (cross-over, straight-through) when connecting between specific devices, switch-to-

switch or switch-to-router. Instead, you can now use the mdix auto interface configuration command in the CLI to enable the automatic

medium-dependent interface crossover (auto-MDIX) feature.


Configure SDM and Web Access

Modern Cisco switches have a number of web-based configuration tools that

require that the switch is configured as an HTTP server


Review


Review


The benefits of Vlans


The management VLAN

What is the default value for the management LAN?

What does the administrator use the management VLAN for?”

The IP address of the switch

VLAN configuration and maintenance

Cisco Discovery Protocol (CDP) and VLAN Trunking Protocol (VTP) traffic

When creating a VLAN give it a number and a name – other than the reserved number of VLAN 1.


Configuring Vlans

The next three sections of this chapter include the commands to configure, verify, maintain, and troubleshoot VLANs.

In this first section, the commands to create and assign ports to a VLAN are introduced.

We will stop after each section to review the syntax of the command and the output.

You will put all these pieces together in the Hands-On Lab in the final section.”


Use the following commands to create the VLAN

Create the Vlan IDName the VLANAssign at least one switch port to the VLAN to make it active…


Verify interface assignments

This command shows all VLAN assignments


Verify interface assignments

This command limits information for one specific VLAN


Deleting a VLAN

When a port is disassociated from a specific VLAN, it returns to VLAN1


Identifying VLANs on a Cisco Switch

VLAN ID

Frame tagging: IEEE 802.1Q


Describe and Configure Trunking and Inter-VLAN Routing

Trunk port characteristicsPoint-to-point link

Carry multiple-VLAN traffic over single link

Support for frame tagging

Trunk modes

802.1q is now default tagging protocol on Cisco

switches


Access Ports versus Trunk Ports


Configuring Trunks


Untagged traffic

Some traffic however, needs to cross the 802.1Q configured link without VLAN ID.

Traffic with no VLAN ID is called untagged. Examples of untagged traffic are Cisco Discovery Protocol (CDP), VTP, and certain types of voice traffic.

Untagged traffic minimizes the delays associated with inspection of the VLAN ID tag.


Remember, tagging is used by switches… the tag gets removed.

Extending VLANs across switches

Configuring a native VLAN

Trunks and the native VLAN


Connectivity between different VLANs

Subinterfaces

Router-on-a-stick

Inter-VLAN Routing


To configure inter-VLAN routing

To configure inter-VLAN routing, use the following steps:

1. Configure a trunk port on the switch.Switch(config)#interface fa0/2

Switch(config-if)#switchport mode trunk

2. On the router, configure a FastEthernet interface with no IP address or subnet mask.

Router(config)#interface fa0/1

Router(config-if)#no ip address

Router(config-if)#no shutdown


To configure inter-VLAN routing

3. On the router, configure one subinterface with an IP address and subnet mask for each VLAN.

Each subinterface has an 802.1Q encapsulation. Router(config)#interface fa0/0.10

Router(config-subif)#encapsulation dot1q 10

Router(config-subif)#ip address 192.168.10.1 255.255.255.0


VLAN Trunking Protocol (VTP) purpose and goals

Management domain

VTP modes: server, client, transparent

VLAN database

Configuration revision number

Maintain VLAN Structure on an Enterprise Network


VTP modes - Server


VTP modes - Transparent


VTP modes - Transparent


VTP database

A problem situation can occur related to the revision number if someone inserts a switch with a higher revision number into the network.

Since a switch is a server by default, this results in new, but

incorrect, information overwriting the legitimate VLAN information on all of the other

switches



VTP messagesSummary advertisements

Subset advertisements

Advertisement requests


Configuring VTP

Verifying VTP configuration



Show VTP Status

When adding a new switch to an existing VTP domain, use the following steps:

Step 1: Configure VTP off-line (version 1)Step 2: Verify the VTP configuration.Step 3: Reboot the switch


VLANs and IP phones

VLANs and wireless security



VLAN best practices

VLAN security



Summary Switches forward traffic using store and forward or cut-through

techniques

Basic security features should be applied to switches

A VLAN is a way to group hosts on the same logical network even though they may be physically separated

Frame tagging allows a switch to identify the source VLAN of an Ethernet frame.

A Layer 3 device is needed to move traffic between different VLANs.

Subinterfaces allow router interfaces to support multiple VLANs.

VLAN Trunking Protocol provides centralized control, distribution and maintenance of VLANs.


Switching in an Enterprise Network

Documents