Академический Документы
Профессиональный Документы
Культура Документы
11/21/03
11:36 AM
Page 103
6
Cisco Layer 2 Switching
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
07 0197 ch06
11/21/03
11:36 AM
Page 104
104 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 3, Hardware and the OSI Model, presented the evolution of the
switch, as we know it today. Here, we will present switching technology, as
Cisco views it. Many of the features and protocols we will be talking about
are proprietary to Cisco or pioneered by Cisco. Therefore, even if you feel
you know the technology, read this chapter carefully. Switching is a major
product technology for Cisco and you will see more than a few questions on
the test that relate directly to this chapter.
The technology upon which Layer 2 switches operate is the same as that
provided by Ethernet bridges. The basic operation of a switch involves the
following:
Discovering Media Access Control (MAC) addresses
Filtering or forwarding frames
Preventing loops
07 0197 ch06
11/21/03
11:36 AM
Page 105
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cisco
. . . Layer
. . . .2 .Switching
. . . . .
Preventing Loops
Both bridges and switches introduce the possibility of creating a bridged network with multiple paths to a single destination. Typically, this type of
redundancy is considered favorable, but for switches and bridges it can cause
problems in the form of bridging loops, which occur when circular connections exist in a bridged network. Figure 6.1 illustrates a bridged network with
bridging loops.
Bridges and switches provide a bridging function. Although we will use the term
bridge in this discussion, the concept of bridging loops applies equally to switches.
105
07 0197 ch06
11/21/03
11:36 AM
Page 106
106 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Logical LAN
Physical Segment 3
Bridge A
Physical Segment 1
Bridge B
Bridge C
Bridge D
Physical Segment 2
Figure 6.1 Switches and bridges can create loops if improperly positioned.
07 0197 ch06
11/21/03
11:36 AM
Page 107
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cisco
. . . Layer
. . . .2 .Switching
. . . . .
Next, every other bridge selects one of its ports with the least path cost to
the root bridge. The least path cost is the sum of the cost to traverse every network between the indicated bridge and the root bridge. The root path cost
can be determined in multiple ways; in this case, we have arbitrarily assigned
costs to each path. Next, designated bridges are determined. A designated
bridge is the bridge on each LAN with the lowest aggregate root path cost.
Its the only bridge on a LAN allowed to forward frames. Figure 6.2 illustrates our network with the root path cost assigned to each bridge interface.
Figure 6.2 The root path cost for each bridge interface.
107
07 0197 ch06
11/21/03
11:36 AM
Page 108
108 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Store-and-Forward Switching
In store-and-forward switching mode, the switch reads the entire incoming
frame and copies the frame into its buffers. After the frame has been completely read, the switch performs the Layer 2 cyclical redundancy check
(CRC) to determine whether an error occurred during transmission. If the
frame has an error, the switch drops the frame. If no error is identified, the
switch checks its forwarding table to determine the proper port (in the case
of a unicast) or ports (in the case of a multicast) to which the frame must be
forwarded.
07 0197 ch06
11/21/03
11:36 AM
Page 109
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cisco
. . . Layer
. . . .2 .Switching
. . . . .
Cut-Through Switching
Cut-through switches introduce a lower level of latency during the switching process than store-and-forward switches do, mainly because the frame is
forwarded as soon as the destination address and outgoing interface are
determined. They achieve increased performance by eliminating the error
checking and making forwarding decisions based only on the first six bytes
of the incoming frame. (These first six bytes contain the destination MAC
address of the frame.) Cut-through switches read the destination address of
the incoming frame and immediately check the forwarding table to determine the proper destination ports. This increased performance does, however, allow erred frames to be forwarded more often than store-and-forward
switches do.
Fragment-Free Switching
Fragment-free switching is a modification to the cut-through switching
method. Like cut-through switches, fragment-free switches read only a portion of the frame before beginning the forwarding process. The difference is
that fragment-free switches read the first 64 bytes, which is enough to check
the frame for collisions. This allows for better error checking than with cutthrough switches, with a minimal loss in latency.
Cisco has incorporated switching technology into devices operating at layers other
than Layer 2. Be very careful when answering exam questions to determine how the
term switch is used. The features and functions we are presenting in this chapter
apply to Cisco layer two switches exclusively.
109
07 0197 ch06
11/21/03
11:36 AM
Page 110
110 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
VLAN-1
1
VLAN-2
5
10
11
12
Figure 6.4 This figure shows a 12-port switch that has been divided into two VLANs. Ports 1
through 6 are VLAN 1, and ports 7 through 12 are VLAN 2.
It is important to understand the need for routers in a switched network. If devices
on different VLANs need to communicate, routing is required to facilitate this
exchange of data. Many of todays network systems are collections of routers and
switches.
07 0197 ch06
11/21/03
11:36 AM
Page 111
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cisco
. . . Layer
. . . .2 .Switching
. . . . .
Trunk
Connection
Utilizing ISL
VLAN 1 VLAN 2
Switch 2
111
07 0197 ch06
11/21/03
11:36 AM
Page 112
112 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
In addition, VLANs provide the flexibility necessary to group users by security level. This can greatly simplify applying a security policy to a network.
In summary, here are the benefits of VLANs:
They simplify security administration.
They allow users to be grouped by functional area versus physical location.
They simplify moving and adding users.
Frame Tagging
Frame tagging is the method used by Cisco switches to identify to which
VLAN a frame belongs. As a frame enters the switch, the switch encapsulates
the frame with a header that tags the frame with a VLAN ID. Any time a
frame needs to leave one switch for another, the tagged frame is sent
throughout the switching fabric. When the frame arrives at the destination
switch, the tag tells the switch to which VLAN the frame belongs. This
process is illustrated in Figure 6.6 using the VLAN IDs 10, 20, and 30.
VLAN 10
VLAN 10
Switch 1
Switch 2
Fast Ethernet
with ISL
VLAN 20
VLAN 30
VLAN 20
VLAN 20
VLAN 10
VLAN 30
VLAN 30
The tag is stripped off of the frame before the frame is sent out to the destination device. This process gives the illusion that all ports are physically
connected to the same switch.
07 0197 ch06
11/21/03
11:36 AM
Page 113
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cisco
. . . Layer
. . . .2 .Switching
. . . . .
Be sure to understand the function of frame tagging, which tags a frame with a
user-defined VLAN ID.
Trunk Connections
Under normal circumstances, a switch port can carry traffic for a single
VLAN only. For VLANs to span multiple switches, a trunk connection must
be created. This trunk connection transports data from multiple VLANs.
Trunk connections allow VLANs to be used throughout the switching fabric
of large networks.
Any Fast Ethernet or Asynchronous Transfer Mode (ATM) port on a switch
can be designated as a trunk port. This port typically connects to another
switch via a crossover 100BASE-T cable in the case of a Fast Ethernet trunk.
For the trunked port to transport multiple VLANs, it must understand frame
tags.
113
07 0197 ch06
11/21/03
11:36 AM
Page 114
114 Chapter 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
VTP Modes
When it has a management domain, a switch operates in one of three VTP
modes: server, client, or transparent. The default mode is server.
In VTP server mode, a switch can create, modify, or delete VLAN and other
configuration parameters for the entire VTP domain. VTP messages are
sent over all trunk links, and configuration changes are propagated to all
switches in the management domain.
In VTP client mode, the switch receives VTP messages and applies configuration changes made from any VTP server. However, a client cannot create, change, or delete VLAN information.
In VTP transparent mode, the switch forwards all VTP messages to other
switches in the domain but does not use the configuration from VTP advertisements. A VTP transparent switch can create, modify, or delete VLANs,
but the changes apply only locally and are not transmitted to other switches.
VTP Pruning
VTP can detect whether a trunk connection is carrying unnecessary traffic.
By default, all trunk connections carry traffic from all VLANs in the management domain. In many cases, however, a switch does not need a local port
configured for each VLAN. In this event, it is not necessary to flood traffic
from VLANs other than the ones supported by that switch (see Figure 6.7).
VTP pruning enables the switching fabric to prevent flooding traffic on
trunk ports that do not need it.
07 0197 ch06
11/21/03
11:36 AM
Page 115
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cisco
. . . Layer
. . . .2 .Switching
. . . . .
Switch
VLAN 20
Switch
Switch
Configuring VLANs
Three methods can be used to assign a switch port to a particular VLAN:
port-centric, static, and dynamic. In a port-centric configuration, all nodes that
are connected to ports within the same VLAN are given the same VLAN ID.
In this type of configuration, the network administrators job is much easier
because of the ease of administering the VLAN. In a static VLAN
configuration, the ports on a switch are hard-coded and remain in effect until
the administrator changes them. This type of configuration is typical of a
network that is very well monitored and where changes are unlikely. The
third type of port configuration is dynamic. This type of configuration
involves more overhead on setup for the administrator because of the database configuration. The ports on these switches automatically determine
their assigned VLAN. The VLAN assignment is determined by the type of
protocol (within a frame), MAC address, and logical addressing. A major
benefit of this type of configuration is that the administrator will notice when
any unauthorized or new user is on the network. If a workstation happens to
be connected to a port that is unassigned, the switch will record the MAC
address of the workstation and check its database to determine which VLAN
to assign the workstation to.
115