Data Switch - Class 2-7 April

Data Switch Class II
Data Switch Shyam Krishna Khadka

Course Contents
VLANs
VLAN Trunking Protocol
Layer loo!ing
S!anning Tree Protocol
Virtual Local Area Network
VLANs VLANs
VLANs
A VLAN is a logical grouping of network users and
resources connected to administratively defined ports on
a switch.
Ability to create smaller broadcast domains within a layer
2 switched internetwork by assigning different ports on 2 switched internetwork by assigning different ports on
the switch to different subnetworks.
Frames broadcast onto the network are only switched
between the ports logically grouped within the same
VLAN
By default, no hosts in a specific VLAN can communicate
with any other hosts that are members of another VLAN,
For nter VLAN communication you need routers
VLANs
VLAN implementation combines Layer 2 switching and Layer ! routing
technologies to limit both collision domains and broadcast domains.
VLANs can also be used to provide security by creating the VLAN
groups according to function and by using routers to communicate
between VLANs.
N"#$% #his is the only way a switch can break up a broadcast domain&
VLAN "#er#iew
$ Segmentation
A VLAN = A Broadcast Domain = Logical Network (Subnet)
$ Flexibility
$ Security
Local VLANs
VLAN % VLAN &
Switch
'dge !orts
VLAN % nodes VLAN & nodes
VLANs across switches
()*+, Trunk
Tagged -rames
VLAN % VLAN & VLAN % VLAN &
'dge Ports
Trunk Port
'dge Ports
This is called .VLAN Trunking/
0istory
'' (osts are connected to the switch '' (osts are connected to the switch
All From same Broadcast domain
Need to divide them in separate logical segment
(igh broadcast traffic reasons
A)*
+(,*
-A*
./indows
NetB"-
Security
A Flat internetwork0s security used to be tackled by connecting hubs
and switches together with routers
#his arrangement is ineffective because
Anyone connecting physical network could access network resources
located on that physical LAN
,an observe the network traffic by plugging network analy1er into the ,an observe the network traffic by plugging network analy1er into the
(2B
2sers could 3oin a workgroup by 3ust plugging their workstations into
the e4isting hub
By creating VLAN0s administrators have control over each port and
user
0ow VLANs Sim!li1y Network 2anagement
f we need to break the broadcast domain we need to connect a
router
By using VLAN0s we can divide Broadcast domain at Layer52
A group of users needing high security can be put into a VLAN so
that no users outside of the VLAN can communicate with them.
As a logical grouping of users by function, VLANs can be considered
independent from their physical locations.
VLAN
o!eration
Two VLANs
Switch 1
172.30.1.21
255.255.255.0
VLAN 1
172.30.2.10
255.255.255.0
VLAN 2
172.30.1.23
255.255.255.0
VLAN 1
172.30.2.12
255.255.255.0
VLAN 2
1 2 3 4 5 6 .
1 2 1 2 2 1 .
Port
VLAN
Two VLANs
Two Subnets
Im!ortant notes on VLANs3
+* VLANs are assigned on the switch !ort* There is no .VLAN/ assignment done on the host
4usually5*
* In order 1or a host to 6e a !art o1 that VLAN7 it must 6e assigned an IP address that
6elongs to the !ro!er su6net*
8emem6er3 VLAN 9 Su6net
:* Assigning a host to the correct VLAN is a ;ste! !rocess3
+* Connect the host to the correct !ort on the switch*
* Assign to the host the correct IP address de!ending on the VLAN meme6ershi!
Switch 1
172.30.1.21
255.255.255.0
172.30.2.12
255.255.255.0
ARP Request
Without VLANs No Broadcast Control
No VLANs
Same as a single VLAN
Two Subnets
172.30.2.10
255.255.255.0
172.30.1.23
255.255.255.0
Without VLANs, the ARP Request would be seen by all hosts.
Again, consuming unnecessary network bandwidth and host processing
cycles.
Switch 1
172.30.1.21
255.255.255.0
VLAN 1
172.30.2.12
255.255.255.0
VLAN 2
Switch Port: VLAN ID
ARP Request
With VLANs Broadcast Control
Two VLANs
Two Subnets
172.30.2.10
255.255.255.0
VLAN 2
172.30.1.23
255.255.255.0
VLAN 1
1 2 3 4 5 6 .
1 2 1 2 2 1 .
Port
VLAN
<roadcast domains with VLANs and
routers
1) Without
VLANs
10.1.0.0/16
10.2.0.0/16
10.3.0.0/16
=ithout VLANs7 each grou! is on a
di11erent IP network and on a di11erent
switch*
>sing VLANs* Switch is con1igured with
the !orts on the a!!ro!riate VLAN* Still7
each grou! on a di11erent IP network?
howe#er7 They are all on the same switch*
=hat are the 6roadcast domains in each@
One link per VLAN or a single VLAN
Trunk (later)
2) With
VLANs
10.1.0.0/16
10.2.0.0/16
10.3.0.0/16
VLAN o!eration
'ach switch !ort can 6e assigned to a di11erent VLAN*
Ports assigned to the same VLAN share 6roadcasts*
Ports that do not 6elong to that VLAN do not share these 6roadcasts*
Dynamic VLAN is created through Cisco =orks ))) or V2PS
<ene1its o1 VLANs
The key 6ene1it o1 VLANs is that they !ermit the network administrator to
organiAe the LAN logically instead o1 !hysically*
This means that an administrator is a6le to do all o1 the 1ollowing3
'asily mo#e workstations on the LAN*
'asily add workstations to the LAN*
'asily change the LAN con1iguration*
'asily control network tra11ic*
Im!ro#e security*
Breatly reduces 6roadcast tra11ic
VLAN Ty!es
Protocol 6ased VLAN means that a host 6elongs to a !articular VLAN 6ased on which
!rotocol it uses 1or communication* -or eCam!le7 the host P in the !icture is a Netware
client which normally uses IP% !rotocol7 which means that it 6elongs to IP% VLAN* client which normally uses IP% !rotocol7 which means that it 6elongs to IP% VLAN*
VLAN Tagging
VLAN agging is used w!en a link needs to carry tra""ic "or more t!an one VLAN#
runk link$ As !ackets are recei#ed 6y the switch 1rom any attached end;
station de#ice7 a uniDue !acket identi1ier is added within each header* station de#ice7 a uniDue !acket identi1ier is added within each header*
!is !eader in"ormation designates t!e VLAN members!i% o" eac! %acket*
The !acket is then 1orwarded to the a!!ro!riate switches or routers 6ased on the
VLAN identi1ier and 2AC address*
>!on reaching the destination node 4Switch5 the VLAN ID is remo#ed 1rom the
!acket 6y the adEacent switch and 1orwarded to the attached de#ice*
Packet tagging !ro#ides a mechanism 1or controlling the 1low o1 6roadcasts and
a!!lications while not inter1ering with the network and a!!lications*
This is known as a trunk link or VLAN trunking*
VLAN Tagging
No VLAN Tagging
VLAN Tagging
VLAN Tagging is used when a single link needs
to carry tra11ic 1or more than one VLAN*
VLAN Tagging
802.10
There are two maEor methods o1 1rame tagging7 Cisco !ro!rietary &nter'
Switc! Link (&SL) and &((( )*+#,-*
ISL used to 6e the most common7 6ut is now 6eing re!laced 6y ()*+, 1rame
tagging*
Cisco recommends using ()*+,*
VLAN Tagging and Trunking will 6e discussed in the neCt cha!ter*
802.10
Access links
A link that is !art o1 only one VLAN
Trunk links
Identi1ying VLANs
Trunk links
Carries multi!le VLANs
Identi1ying VLANs contd**
Access Link Access Link
Con1iguring static VLANs
The 1ollowing guidelines must 6e 1ollowed when con1iguring VLANs on Cisco
FCC switches3
The maCimum num6er o1 VLANs is switch de!endent* The maCimum num6er o1 VLANs is switch de!endent*
FCC switches commonly allow G7)FH VLANs
VLAN + is one o1 the 1actory;de1ault VLANs*
VLAN + is the de1ault 'thernet VLAN*
Cisco Disco#ery Protocol 4CDP5 and VLAN Trunking Protocol 4VTP5
ad#ertisements are sent on VLAN +*
The Catalyst FCC IP address is in the VLAN + 6roadcast domain 6y
de1ault*
.The switch must 6e in VTP ser#er mode to create7 add7 or delete VLANs*/
(!is is not true# Switc! could be in V. rans%arent mode# V. will be
discussed in a moment#)
Creating VLANs
Assigning access %orts (non'trunk %orts) to a s%eci"ic VLAN Assigning access %orts (non'trunk %orts) to a s%eci"ic VLAN
Switch(config)#interface fastethernet 0/9
Switch(config-if)#switchport access vlan vlan_number
/reate t!e VLAN$ Switch#vlan database
Switch(vlan)#vlan vlan_number
Switch(vlan)#exit
Creating VLANs
Assign ports to the VLAN
vlan
10
Default
vlan 1
Default
vlan 1
Assign ports to the VLAN
Switch(config)#interface fastethernet 0/9
Switch(config-if)#switchport access vlan 10
access Denotes this !ort as an access !ort and not a trunk link 4later5
Creating VLANs
vlan
300
Default
vlan 1
Default
vlan 1
Con1iguring 8anges o1 VLANs
vlan 2
SydneySwitch(config)#interface fastethernet 0/5
SydneySwitch(config-if)#switchport access vlan 2
SydneySwitch(config-if)#exit
Con1iguring 8anges o1 VLANs
vlan 3
SydneySwitch(config)#interface range fastethernet 0/8,
fastethernet 0/12
!is command does not work on all +0** switc!es1 suc! as t!e +0** Series 2L#
&t does work on t!e +03*#
Creating VLANs
vlan
300
Default
vlan 1
Default
vlan 1
SydneySwitch(config-if)#switchport mode access SydneySwitch(config-if)#switchport mode access
Note3 The switchport mode access command should 6e con1igured on
all !orts that the network administrator does not want to 6ecome a trunk
!ort*
This will 6e discussed in more in the neCt cha!ter7 section on DTP*
Creating VLANs
Default: dynamic desirable
This link will become a trunking link unless one of the
ports is configured with as an access link, I.e.
switchport mode access
<y de1ault7 all !orts are con1igured as switchport mode dynamic
desirable7 which means that i1 the !ort is connected to another switch with an
!ort con1igured with the same de1ault mode 4or desira6le or auto57 this link will
6ecome a trunking link* 4See my article on DTP on my we6 site 1or more in1ormation*5
=hen the switchport access vlan command is used7 the switchport
mode access command is not necessary since the switchport access
vlan command con1igures the inter1ace as an .access/ !ort 4non;trunk !ort5*
This will 6e discussed in more in the neCt cha!ter7 section on DTP*
Veri1ying VLANs show #lan
vlan 3 vlan 2
vlan 1
default
Veri1ying VLANs show #lan 6rie1
vlan 3 vlan 2
vlan 1
default
#lan data6ase commands
"!tional Command to add7 delete7 or modi1y VLANs*
VLAN names7 num6ers7 and V. 4VLAN Trunking Protocol5 in1ormation can 6e
entered which .may/ a11ect other switches 6esides this one* 4Discussed
later5*
This does not assign any VLANs to an inter1ace*
Switch#vlan database Switch#vlan database
Switch(vlan)#?
VLAN database editing buffer manipulation commands:
abort Exit mode without applying the changes
apply Apply current changes and bump revision number
exit Apply changes, bump revision number, and exit mode
no Negate a command or set its defaults
reset Abandon current changes and reread current database
show Show database information
vlan Add, delete, or modify values associated with a single VLAN
vtp Perform VTP administrative functions.
Deleting a Port VLAN 2em6ershi!
Switch(config-if)#no switchport access vlan vlan_number
Deleting a VLAN
Switch#vlan database
Switch(vlan)#No vlan vlan_number
Switch(vlan)#exit
Switch 1
172.30.1.21
255.255.255.0
VLAN 1
172.30.2.12
255.255.255.0
VLAN 2
ARP Request
Layer 2 Broadcast Segmentation
Two VLANs
Two Subnets
172.30.2.10
255.255.255.0
VLAN 2
172.30.1.23
255.255.255.0
VLAN 1
An ARP Request from 172.30.1.21 for 172.30.1.23 will only be seen by
hosts on that VLAN.
The switch will flood broadcast traffic out only those ports belonging to
that particular VLAN, in this case VLAN 1.
1 2 3 4 5 6 .
1 2 1 2 2 1 .
Port
VLAN
Switch 1
172.30.1.21
255.255.255.0
172.30.2.12
255.255.255.0
ARP Request
Without VLANs No Broadcast Control
No VLANs
Same as a single VLAN
Two Subnets
172.30.2.10
255.255.255.0
172.30.1.23
255.255.255.0
Without VLANs, the ARP Request would be seen by all hosts.
Again, consuming unnecessary network bandwidth and host processing
cycles.
Switch 1
172.30.1.21
255.255.255.0
VLAN 1
172.30.2.12
255.255.255.0
VLAN 2
ARP Request
With VLANs Broadcast Control
Two VLANs
Two Subnets
172.30.2.10
255.255.255.0
VLAN 2
172.30.1.23
255.255.255.0
VLAN 1
1 2 3 4 5 6 .
1 2 1 2 2 1 .
Port
VLAN
Switch 1
172.30.1.21
255.255.255.0
VLAN 1
172.30.2.12
255.255.255.0
VLAN 2
Inter-VLAN Traffic
Two VLANs
Two Subnets
172.30.2.10
255.255.255.0
VLAN 2
172.30.1.23
255.255.255.0
VLAN 1
1 2 3 4 5 6 .
1 2 1 2 2 1 .
Port
VLAN
1. Remember that VLAN IDs (numbers) are assigned to the switch port
and not to the host. (Port-centric VLAN switches)
2. Be sure to have all of the hosts on the same subnet belong to the same
VLAN, or you will have problems.
Hosts on subnet 172.30.1.0/24 - VLAN 1
Hosts on subnet 172.30.2.0/24 - VLAN 2
etc.
Switch 1
172.30.1.21
255.255.255.0
VLAN 1
172.30.2.12
255.255.255.0
VLAN 2
To 172.30.2.12
Inter-VLAN Traffic
A switch cannot route data between different VLANs.
Note: The host will not even send the Packet unless it has a default gateway to
forward it to.
We use router for this
Two VLANs
Two Subnets
172.30.2.10
255.255.255.0
VLAN 2
172.30.1.23
255.255.255.0
VLAN 1
1 2 3 4 5 6 .
1 2 1 2 2 1 .
Port
VLAN
Inter;VLAN 8outing ; Trunk Links
172.30.1.21/24
172.30.2.12/24
172.30.1.21/24
172.30.2.12/24
VLAN
Rtr(config)#interface fastethernet 0/1.1
Rtr(config-if)#description VLAN 1
Rtr(config-if)#encapsulation dot1q 1
Rtr(config-if)#ip address 172.30.1.1 255.255.255.0
It is recommended that VLAN + is not used 1or either 2anagement tra11ic or
user tra11ic*
172.30.2.12/24
Inter;VLAN 8outing ; Trunk Links
172.30.1.21/24
172.30.2.12/24
172.30.1.21/24
172.30.2.12/24
VLAN
Rtr(config)#interface fastethernet 0/1.2
Rtr(config-if)#description VLAN 2
Rtr(config-if)#encapsulation dot1q 2
Rtr(config-if)#ip address 172.30.2.1 255.255.255.0
It is recommended that VLAN + is not used 1or either 2anagement tra11ic or
user tra11ic*
172.30.2.12/24
VLAN +7De1ault VLAN7>ser VLAN7
Nati#e VLAN7 2anagement VLAN
<y de1ault7 VLAN + is the nati#e VLAN and
should only 6e used to carry control tra11ic7
CDP7 VTP7 Port Aggregation Protocol 4PAgP57
and DTP* This in1ormation is transmitted
across trunk links untagged* across trunk links untagged*
A user VLAN is a VLAN that is created to
segment a grou! o1 users7 either
geogra!hically or logically7 1rom the rest o1 the
network*
VLAN +7De1ault VLAN7>ser VLAN7
Nati#e VLAN7 2anagement VLAN
contd**
A management VLAN is any VLAN you
con1igure to access
the management ca!a6ilities40TTP7 Telnet7
SS07 or SN2P5 o1 a switch* SS07 or SN2P5 o1 a switch*
S!anning Tree Protocol
Switching Loo!
Switch A Switch <
=hen there is more than
one !ath 6etween two
switches
=hat are the !otential
Swtich C
=hat are the !otential
!ro6lems@
Switching Loo!
I1 there is more than one !ath 6etween two
switches3
-orwarding ta6les 6ecome unsta6le
Source 2AC addresses are re!eatedly seen coming Source 2AC addresses are re!eatedly seen coming
1rom di11erent !orts
Switches will 6roadcast each otherIs 6roadcasts
All a#aila6le 6andwidth is utiliAed
Switch !rocessors cannot handle the load
Switching Loo!
Switch A Switch <
Swtich C
Node+ sends a 6roadcast
1rame 4e*g* an A8P reDuest5
Node +
Switching Loo!
Switch A Switch <
Switches A7 < and C
6roadcast node +Is 1rame
out e#ery !ort
Switch D
Switch C
Node +
Switching Loo!
Switch A Switch <
<ut they recei#e
each otherIs
6roadcasts7 which
they need to 1orward
again out e#ery !ortJ
Swtich C
again out e#ery !ortJ
The 6roadcasts are
am!li1ied7 creating a
broadcast storm
Node Can recei#e
multi!le co!ies o1 the
same 'thernet 1rame
arri#ing #ia di11erent
!aths7 which leads to
additional o#erhead*
Node +
Bood Switching Loo!s
<ut you can take ad#antage o1 loo!sJ
8edundant !aths im!ro#e resilience when3
A switch 1ails
=iring 6reaks =iring 6reaks
0ow to achie#e redundancy without creating
dangerous tra11ic loo!s@
S!anning Tree Protocol <asics
AA <<
+* =ithout the s!anning;tree !rotocol in a redundant to!ology7 a 1rame sourced 1rom
A would loo! endlessly in the network*
S!anning Tree Protocol <asics
AA <<
% %
<locked <locked
* The s!anning;tree !rotocol 6locks redundant links to !re#ent 1rames 1rom loo!ing* * The s!anning;tree !rotocol 6locks redundant links to !re#ent 1rames 1rom loo!ing*
<locked
!ort
<locked
!ort
$ S%anning'tree transits eac! %ort t!roug! se4eral di""erent states$
S!anning;Tree Port States
Disabled Data Switch Shyam Krishna Khadka
Selecting the 8oot <ridge
The 1irst decision that all switches in the network make7 is to identi1y the root
6ridge*
=hen a switch is turned on7 the s!anning;tree algorithm is used to identi1y the
root 6ridge* <PD>s are sent out with the <ridge ID 4<ID5*
The <ID consists o1 a 6ridge !riority that de1aults to :KL( and the switch 6ase
2AC address* 2AC address*
=hen a switch 1irst starts u!7 it assumes it is the root switch and sends <PD>s*
These <PD>s contain <ID*
All 6ridges see these and decide that the 6ridge with the smallest <ID #alue will 6e
the root 6ridge*
A network administrator may want to in1luence the decision 6y setting the switch
!riority to a smaller #alue than the de1ault*
S!anning Tree Protocol Terms
B.D5 Bridge .rotocol Data 5nit (B.D5) ; All the switches eCchange in1ormation to use in the
selection o1 the root switch
Bridge &D ; The 6ridge ID is how STP kee!s track o1 all the switches in the network* It is determined
6y a com6ination o1 the 6ridge !riority 4:7KL( 6y de1ault on all Cisco switches5 and the 6ase 2AC
address*
6oot Bridge ;The 6ridge with the lowest 6ridge ID 6ecomes the root 6ridge in the network*
Nonroot bridge ; These are all 6ridges that are not the root 6ridge*
6oot %ort ; The root !ort is always the link directly connected to the root 6ridge or the shortest !ath
to the root 6ridge* I1 more than one link connects to the root 6ridge7 then a !ort cost is determined 6y
checking the 6andwidth o1 each link*
Designated %ort ; A designated !ort is one that has 6een determined as ha#ing the 6est 4lowest5
cost* A designated !ort will 6e marked as a 1orwarding !ort
Nondesignated .ort ; A nondesignated !ort is one with a higher cost than the designated !ort*
Nondesignated !orts are !ut in 6locking mode
Forwarding .ort ' A 1orwarding !ort 1orwards 1rames
Blocked .ort ' A 6locked !ort is the !ort that will not 1orward 1rames7 in order to !re#ent loo!s
S%anning'ree .rotocol
6oot Bridge Selection
$ B%du = Bridge .rotocol Data 5nit
(de"ault = sent e4ery two seconds)
$ 6oot bridge = Bridge wit! t!e lowest bridge &D
$ Bridge &D =
$ &n t!e exam%le1 w!ic! switc! !as t!e lowest bridge &D7
$ 8ne root bridge %er network
$ 8ne root %ort %er nonroot bridge
$ 8ne designated %ort %er segment
$ Nondesignated %orts are unused
S%anning'ree 8%eration
Selecting the 8oot Port
The STP cost is an accumulated total !ath cost 6ased on the rated 6andwidth
o1 each o1 the links
This in1ormation is then used internally to select the root !ort 1or that de#ice
$ 8ne root bridge %er network
$ 8ne root %ort %er nonroot bridge
$ 8ne designated %ort %er segment
$ Nondesignated %orts are unused
S%anning'ree 8%eration
Load sharing using STP
,uestions @@
Thank you Thank you

Data Switch - Class 2-7 April

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Data Switch - Class 2-7 April

Încărcat de

Drepturi de autor:

Formate disponibile

Data Switch Class II

Data Switch Shyam Krishna Khadka

S-ar putea să vă placă și