Switching

&
VLANs

Switching Basics

Switch act as a multiport bridge and its

basic duty is to break collision domain.
Layer 2 switches and bridges are faster
than routers because they dont take
up time looking at the Network layer
header information.
Switches look at frames
hardware
addresses before deciding to either
forward the frame or drop it.

Switching Basics

Switches create private dedicated

collision domain.
They provide independent bandwidth
on each port.
Layer
2
switching
provide
the
following:

Hardware based bridging (Application

Specific Integrated Circuit ASIC)
Wire Speed
Low latency
Low cost.

Switching Basics

Switches
do
not
do
any
modification to the data packet.
They
only
read
the
frame
encapsulating the packet.
This makes the switching process
considerably faster and less errorpron than routing process.

Switches create private domain

Bridging Vs. LAN Switching

Bridges are software based, while switches

are hardware based because switches use
ASIC chips to help make filtering decisions.
A switch is basically a multiport bridge.
Bridges can only have one spanning tree
instance per bridge, while switches can
have many.
Switches have more number of ports.

Bridges and Switches

Both
poses
multiple
COLLISION
DOMAIN
but
one
BROADCAST
DOMAIN.
Both learn MAC addresses by
examining the source address of each
frame received.
Both make forwarding decisions
based on layer 2 addresses.

Functions of Switch

Address Learning:

Layer 2 switches remember the source hardware

address of each frame received on an interface .
Switches enter this information into a MAC
database called a forward/filter table.

Forward/Filter Decision:

When a frame is received on an interface, the

switch looks at the destination hardware address
and fields the exit interface in the MAC
database.
The frame is only forwarded out the specified
destination port.

Functions of Switch

Loop Avoidance:

If
multiple
connections
between
switches are created for redundancy
purpose, network loops can occur.
Spanning Tree Protocol (STP) is used to
stop
network
loops
while
still
permitting redundancy.

Address Learning

When switch is first powered on, the MAC

forward/filter table is empty.
When an interface receives a frame, the switch
places the frames source address in MAC
forward/filter table, allowing it to remember
which interface the sending device is located
on.
Switch then floods the network with this frame
out of every port except the source port
because it has no idea where the destination
device actually located.

Address Learning

If a device answers this flooded frame

and sends a frame back, then:

Switch takes the source address from that

frame and place the mac address in the
database as well.
Switch associates this address with the
interface that received the frame.

Since the switch now has both the

relevant MAC address in its filtering
table, the two devices can now make a
point-t0-pont connection

Forward/Filter Decisions

When a frame arrives at a switch

interface, the destination hardware
address in compared to the MAC
forward/filter table.
If the destination hardware is known
and listed in the database, the frame
is only sent out the correct exit
interface.
This preserves bandwidth and is called
as frame filtering.

Forward/Filter Decisions

If destination hardware address is not

listed in the MAC database, then the
frame is flooded out all active
interfaces except the interface the
frame was received on.
If a device answers the flooded
frame, the MAC database is updated
with the device interface.

Loop Avoidance

Redundant links between switches

are a good idea because they help
prevent complete network failure in
the event one link stops working.

But in a redundant link frames can be

flooded down all redundant links
simultaneously, resulting in network
loops.

Redundant links may invite

following set of problems:

If no loop avoidance schemes are put in

place, the switches will flood broadcast
endlessly. Following figure illustrates it:
Broadcast Storm

A device can receive multiple copies of the

same frame, since that frame can arrive from
multiple segments simultaneously. Following
figure demonstrates it best.
The server in this figure
sends a unicast frame
to router C.
Since
its a unicast
frame,
switch
A
forwards the frame and
switch B provides the
same service it
forwards the broadcast.

This is not good because now route C will

receive unicast frame twice, causing additional
overhead on the network.

The MAC address filter table will be

totally confused about the devices
location because the switch can
receive the frame from more than one
links.

Multiple loops could be generated.

This mean a loop can occur within
other loop.

Spanning Tree Protocol

Its main task is to stop routing loops

from occurring on layer 2. (Bridges or
Switches)
It monitors the network to find all links
making sure that no loops occur by
shutting down the redundant link.
It uses Spanning Tree Algorithm (STA), to
first create a topology database, then
search out and destroy redundant links.
With STP running, frames are only
forwarded on the STP, picked links.

LAN Switch Types

LAN Switch Types decide how a frame is

handled when its received on a switch
port.
Latency: The time switch takes for a
frame to be sent out an exit port once
the switch receives the frame.
There are three switching modes:

Cut through (Fast Forward)

Fragment Free (Modified cut-through)
Store-and-forward

Cut-through (Fast Forward):

Fragment Free (Modified cut-through):

In this mode, the switch only waits for the

destination hardware address to be received
before it looks up the destination address in the
MAC filter table.
In this mode, the switch checks the first 64
bytes of a frame before forwarding it for
fragmentation.
This is the default mode for catalyst 1900
series switch.

Store-and-forward:

In this mode, the complete frame is received

on the switchs buffer, a CRC is run and then
the switch looks up the destination address in

Different switching modes within a frame

Cut - Through

With cut-through switching method, the LAN

switch reads only the destination.
That is it looks at the first six bytes following the
preamble.
It then:

Looks up the hardware destination address in the MAC

switching table.
Determines the outgoing interface.
Proceeds to forward the frame towards its destination.

A cut-through switch helps in reducing latency,

because its begins to forward the frame as soon
as it reads the destination address and
determines the outgoing interface.

Fragment Free
(Modified Cut Through)

It is a modified form of cut-through switching in

which the switch waits for the collision window
(64 bytes) to pass before forwarding.
This is because if a packet has a collision error, it
almost always occurs within the first 64 bytes.
This means each frame will be checked into the
data field to make sure no fragmentation has
occurred.
Fragment Free mode provides better error
checking than the cut-through mode with
practically no increase in latency.
It is the default switching mode for 1900
switches.

Store and Forward

It is CISCOs primary LAN switching method.

In this method, the LAN switch copies the entire
frame onto its onboard buffers and then
computes the CRC (Cyclic Redundancy Check).
Since it copies the entire frame, latency through
the switch varies with frame length.
The frame is discarded if it contains a CRC error:

If it is too short (Less then 64 bytes including the CRC)

If it is too long (More than 1518 bytes, including the
CRC)

If the frame doesnt contain any error, the LAN

switch looks up the destination hardware address
in its MAC forward/filter table to find the correct
outgoing interface.

Spanning Tree Terms

STP:

It is a bridge protocol that uses the STA to

find redundant links dynamically.
It creates a spanning tree topology
database.
Bridges exchange BPDU messages with
other bridges

Configuring 1900 & 2950

catalyst switches

We will cover following list of tasks:

Setting the password

Setting the hostname
Configuring the ip address and subnet masks
Setting a description on the interface
Erasing the switch configuration
Configuring VLANs
Adding VLAN membership to switch port.
Creating VTP domain.
Configuring trunking.

Setting the password

1900 Series:

It uses same command to set both user

level password as well as privileged
password, but with different level numbers.
Level is 1 for user level and 15 for privilege
level.
Password length should be from 4 to 8
characters.
Setting user password:

switch(config)# enable password level 1 cisco

Setting privileged level password

switch(config)# enable password level 15 cisco

Setting the password

2950 Series:

To set user mode password for the 2950

switch, we configure the line just as we
would do on a router.
Console:

Telnet:

switch(config)# line console 0

switch(config-line)# password cisco
switch(config-line)# login
switch(config)# line vty 0 15
switch(config-line)# password cisco
switch(config-line)# login

Enable secret password is set in the same

way as we would do for a router.

switch(config)# enable secret cisco

Setting hostname

The hostname on a switch is only

locally significant.
This means it doesnt have any
function on the network or with the
name resolution. (Though it has an
exception with PPP authentication)
1900 Series:

switch(config)# hostname LAN1

2950 Series:

switch(config)# hostname LAN1

Setting IP information

Generally a switch doesnt need any ip

address at all to manager a LAN.
There are exceptions though.
We have got two reasons where we
probably do want to set IP address
information on the switch.

To manage the switch via TELNET or other

management software.
To configure the switch with different
VLANs and other network functions.

Setting IP information

1900 Switch:

By default no ip address or default gateway

information is set.
We can verify this by using the command sh
ip at privileged mode.

Switch#sh ip

IP address and default gateway are set

through GCM.

Switch(config)#
ip
address
172.16.10.16
255.255.255.0
Switch(config)# ip default-gateway 172.16.10.1

Setting IP information

2950 Switch :

In 2950 switch , we consider a default VLAN

with the switch.
This VLAN is called as VLAN1.
Every port on switch is a member of VLAN1 by
default.
We always set ip address for VLAN1.

Switch(config)# interface vlan1

Switch(config-if)#
ip
address
172.16.10.17
255.255.255.0
Switch(config-if)#exit
Switch(config)# ip default-gateway 172.16.10.1

Configuring Interface Description

We can administratively set a name for each

interface on the switches.
These descriptions are only locally significant.
1900 Switch:

Description command is used from interface

configuration mode.
Spaces can't be used within description.
Switch(config)# int e0/1
Switch(config-if)# description Finance_VLAN
Switch(config)# int f0/26
Switch(config-if)# description trunk_to_building_4

Configuring Interface Description

2950 Switch:

Description command is used from interface

configuration mode.
Spaces can be used within description.
Switch(config)# int fastEthernet 0/1
Switch(config-if)# description Sales Printer
Switch(config)# int f0/12
Switch(config-if)#
description
trunk_to_building_4

Erasing the Switch Configuration

1900 Switch:

We cant see the content of NVRAM.

We can only view RAMs content.
When we make changes to switchs running
configuration, it automatically copies it to the
NV RAM.
Following syntax helps us in deleting
NVRAMs contents.

Switch# delete nvram

Erasing the Switch Configuration

2950 Switch:

Concepts of startup config and running

config holds exactly same as they do with
routers over here.
Following syntax helps us in deleting
NVRAMs contents.

Switch# erase startup-config

Virtual LANs (VLANs)

A VLAN is a logical grouping of network

users and resources connected to
administratively defined ports on a
switch.
VLANs allow us to break broadcast
domain in a pure switched internetwork.
VLANs allow us to create smaller
broadcast domains within a layer 2
switched based internetwork.

How VLANs simplify

network management?

Network adds, moves and changes are

achieved by configuring a port into the
appropriate VLAN.
A group of users needing high security can
be put into a VLAN so that no users outside
of the VLAN can communicate with them.
VLANs are independent from their physical or
logical locations.
VLANs can enhance network security.
VLANs increase no. of broadcast domains and
decrease the size of each broadcast domain.

Broadcast Control

All devices in a VLAN are member of

same broadcast domain and receive all
broadcasts.
The broadcasts, by default, are filtered
from all ports on a switch that are not
member of the same VLAN.
This is one of the prime benefit that we
get with a VLAN based switched
network, otherwise we would have faced
serious problem if all our users were in
same broadcast domain.

Security

In a flat network anyone connecting to the physical

network could access the network resources located
that physical LAN.
In order to observe any/all traffic happening in that
network one has to simply plug a network analyzer
into the hub.
Users can join any workgroup by just plugging their
workstations into the existing hub.
By building VLANs and creating multiple broadcast
groups, administrators can now have control over
each port and user.
Since VLANs can be created in accordance with the
network resources a user requires, a switch can be
configured to inform a network management station
of any unauthorized access to network resources.
During inter VLAN communication, we can
implement restrictions on a router to achieve it.

Flexibility and Scalability

By assigning switch ports or users to

VLAN groups on a switch or group of
switches, we gain flexibility to add only
the users we want into that broadcast
domain regardless of their physical
location.

When a VLAN becomes to big, we can

create more VLANs to keep broadcasts
from consuming too much bandwidth.

Physical LAN connected to a Router

Switches removing physical boundary

Static VLAN

These VLANs are created by administrators.

An administrator creates static VLANs and
then assigns switch port to each VLAN.
Static VLANs are:

Most secure
Comparatively easy to set up and monitor.
Works well in a network where the movement of
users within the network is controlled.

Switch port that is assigned a VLAN

association
to
always
maintains
the
association until an administrator changes
that port assignment.

Dynamic VLAN

When network administrator assigns, all the

host device's hardware addresses into a
database, the switches can be configured to
assign VLANs dynamically whenever a host
is plugged into a switch.
These are called as dynamic VLANs.
A dynamic VLAN determines nodes VLAN
assignment automatically.
Using intelligent management software, we
can base VLAN assignment on hardware
address (MAC address), protocols, or even
applications to create dynamic VLANs.

Dynamic VLAN

Suppose MAC addresses have been entered into

centralized VLAN management application.
If a node is then attached to an unassigned
switch port, the VLAN management database can
look up the hardware address and assign and
configure the switch port to the correct VLAN.
Its make management and configuration easier
because if a user moves, the switch will assign
them to the correct VLAN automatically.
CISCO allows us to use the VLAN Management
Policy Server (VMPS) service to set up a database
of MAC addresses that can be used for dynamic
addressing of VLANs.
A VMPS database maps MAC addresses to VLANs.

VLAN links

Frames are handled differently

according to the type of link they are
traversing in a switch.
Following two links are available in a
switched network:

Access Link
Trunk Link

Access Link

This type of link is only part of one VLAN, and

its referred to as the native VLAN of the port.
Any device attached to an access link is
unaware of a VLAN membership. The device
just assumes its part of a broadcast domain,
but it has no understanding of the physical
network.
Switches remove any VLAN information from
the frame before its sent to an access-link
device.
Access-link devices cannot communicate with
devices outside their VLAN unless the packet
is routed.

Trunk Link

A trunk line is a 100 or 1000 Mbps point-to-point link

between:

Two switches
A switch and a router
A switch and a server

Trunk lines carry traffic of VLANs from 1 to 1005 at a

time.
Trunking allows us to make a single port part of
multiple VLANs at the same time.
We can actually set things up to have a server in two
broadcast domains simultaneously, so that users dont
have to cross the router to log in and access it.
Another advantage of trunking is when we are
connecting switches.
Trunk links can carry some or all VLAN information
across the link, but if the links between switches
arent trunked, only VLAN 1 information will be

Access and Trunk Links

in a switched network

Creating & Verifying VLANs

1900 switch

Creating VLANs:

Mode: GCM
Syntax:
Switch(config)# VLAN VLAN number name
VLAN name
E.g. switch(config)# VLAN 2 name sales

Verifying VLANs:

Mode: Privileged
Syntax:
Switch# show VLAN

Creating & Verifying VLANs

2950 switch

Creating VLANs:

Mode: Privileged and switch config

Syntax:
Switch# VLAN database
Switch(VLAN)# VLAN VLAN number name VLAN name
Switch(VLAN)# apply
E.g. Switch(VLAN)# VLAN 2 name sales
Switch(VLAN)# VLAN 3 name mkt
Switch(VLAN)# apply

Verifying VLANs:

Mode privileged
Syntax:
Switch# show VLAN brief

Assigning switch ports to VLANs

1900 switch

Mode: Interface Specific

Syntax:
Switch(config)# int interface no.
Switch(config if)# VLAN-membership static
VLAN no.
Example 1: Switch(config)# int e0/2
Switch(config if)# VLAN-membership static 2
Example 2: Switch(config)# int e0/3
Switch(config if)# VLAN-membership static 3
Example 3: Switch(config)# int e0/4
Switch(config if)# VLAN-membership static 2

Assigning switch ports to VLANs

2950 switch

Mode: Interface Specific

Syntax:
Switch(config)# int interface no.
Switch(config if)#switchport access VLAN VLAN
no.
Example 1: Switch(config)# int f0/2
Switch(config if)# switchport access VLAN 2
Example 2: Switch(config)# int f0/3
Switch(config if)# switchport access VLAN 3
Example 3: Switch(config)# int f0/4
Switch(config if)# switchport access VLAN 2

Frame Tagging

Switch fabric: It is a group of switches sharing the

same VLAN information.
Frame tagging is a frame identification method,
which uniquely assigns a user-defined ID to each
frame.
It is also called as VLAN id or color.
How does it work?

Each switch that the frame reaches must first identify

the VLAN ID from the frame tag.
Then it finds out what to do with the frame by looking
at the information in the filter table.
If the frame reaches a switch that has another trunked
link, the frame will be forwarded out the trunk-link port.
Once the frame reaches an exit to an access link
matching the frames VLAN ID, the switch removes the
VLAN identifier so that the destination device receive
the frames without having to understand their VLAN
identification.