Documente Academic
Documente Profesional
Documente Cultură
Chapter 13
Jetking
Release Infotrain Ltd.
16/07/2009
Recall
Network Address Translation (NAT) is an IETF
(Internet Engineering Task Force) standard that
allows LAN to operate with a single IP address when
connected to the Internet
NAT operates at the Network layer (Layer 3) of the
OSI Reference Model
The Port Address Translation (PAT) is a feature of
any NAT device that translates all the IP addresses
of LAN to a single IP address; however, assigns
different port numbers to each host in the LAN
Set IP PAT is PAT Configuration Commands
Jetking
Release Infotrain Ltd.
16/07/2009
LAN Switching
LAN switching solves the problem of high network
traffic in Ethernet, Token Ring and Fiber Distributed
Data Interface (FDDI) by increasing the network
bandwidth
LAN switch is a device that provides higher port
density at low cost than traditional bridges with the
help of existing cable infrastructure
A LAN switch forwards frames based on the frame
layer 2 addresses or layer 3 addresses
It is also called frame switch because it forwards
layer 2 frames
Jetking
Release Infotrain Ltd.
16/07/2009
Layer 2 and Layer 3 Switching
Bridge and switches operating at layer 2 of the OSI
model consider either MAC address or layer 2
addresses without influencing the layer 3 or logical
addressing
A layer 3 switch is a network device that forwards
traffic based on the layer 3 addressing at high speed
Routers are considerably slower than layer 2
switches
Jetking
Release Infotrain Ltd.
16/07/2009
Switch Operation
A switch is simply a bridge with many ports
There are two types of technologies, Content
Addressable Memory (CAM) and Application-
specific Integrated Circuit (ASIC) used in switches
for better functioning
These two technologies allows the switch to keep
process multiple packets efficiently
Jetking
Release Infotrain Ltd.
16/07/2009
Transmitting Data from A to B
Jetking
Release Infotrain Ltd.
16/07/2009
Updating the Address Table
Jetking
Release Infotrain Ltd.
16/07/2009
Transmitting Data to all the Ports
Jetking
Release Infotrain Ltd.
16/07/2009
Response Data from B to A
Jetking
Release Infotrain Ltd.
16/07/2009
Symmetric Switching
Jetking
Release Infotrain Ltd.
16/07/2009
Asymmetric Switching
Jetking
Release Infotrain Ltd.
16/07/2009
Collision Domains within Shared
Environments
Collision is a situation when two or more data
packets travel at the same time on the same
medium in the same direction
This region is referred as collision domain. Collision
domain is a set of NIC’s in which a frame sent by
one NIC could result in a collision with a frame sent
by any other NIC in the same domain
This happens mostly in a shared environment where
devices are shared to transmit data to the
destination network or host
Jetking
Release Infotrain Ltd.
16/07/2009
Shared Media Environments
Jetking
Release Infotrain Ltd.
16/07/2009
Collision Domain Segmentation
Jetking
Release Infotrain Ltd.
16/07/2009
Broadcast Domains
Jetking
Release Infotrain Ltd.
16/07/2009
Speed and Autonegotiation
Devices that are capable of different transmission
rates, different duplex modes and different
standards at the same speed can use Ethernet
autonegotiations
Two devices choose the best possible mode of
transmission, where higher speed is preferred over
lower speed and full duplex over half duplex
To support autonegotiations, the switch and the NIC
must support multiple speeds
Jetking
Release Infotrain Ltd.
16/07/2009
Spanning Tree Protocol Terms - I
Jetking
Release Infotrain Ltd.
16/07/2009
Spanning Tree Protocol Terms - II
Bridge ID The bridge with the lowest Bridge ID is selected as the root.
The 8-byte bridge ID is the combination of the bridge priority
(2-byte) and the MAC address (6-byte). STP keeps the track
of all switches using the Bridge ID
Nonroot Bridge The bridge that is not the root bridge in a network is called
the Nonroot bridge. It exchanges BPDUs with all the
bridges. They update the STP topology on all the switches
that helps in preventing loops and provide measures against
link failures
Root port Root port is the directly connected to the root bridge. If more
than one link is connected to the root bridge, a port cost is
set. The lowest port cost will be the root port
Jetking
Release Infotrain Ltd.
16/07/2009
Spanning Tree Protocol Terms - III
Designated port A designated port is one that has been determined to have
the lowest cost. The port will be marked as the forwarding
port
Port cost Port cost decides when multiple links are to be used
between two switches where none of them is a root port.
This cost directly varies with the bandwidth of a link
Nondesignated A nondesignated port is the one, which has higher cost than
port the designated port. They are put in blocking mode only
Blocked port A blocked port will not forward frames in order to prevent
loops. Blocked port will listen to frames
Jetking
Release Infotrain Ltd.
16/07/2009
Working of the Spanning Tree
Protocol
Jetking
Release Infotrain Ltd.
16/07/2009
Spanning-Tree Port States
The ports on a bridge or switch running STP can
move through five different states:
Blocking
Listening
Learning
Forwarding
Disabled
Jetking
Release Infotrain Ltd.
16/07/2009
Support of RSTP in Catalyst Switches
Jetking
Release Infotrain Ltd.
16/07/2009
Catalyst 1900 Switches
The 1900 switch available in the standard edition
provide 12 or 24 10BaseT ports in a fixed
configuration
The enterprise edition for the 1900 switches provide
higher rate of flexibility and high performance of
400Mbps between Ethernet switches
The 1900 switch supports an optional external
redundant power supply (RPS) and has the capacity
to support 1024 MAC address
Jetking
Release Infotrain Ltd.
16/07/2009
Default setting list for 1900 switches
Command Status
IP address 0.0.0.0
CDP Enabled
switching mode Fragment Free
100BaseT port Autonegotiate duplex mode
10BaseT port Half duplex
spanning Tree Enabled
console password None
Jetking
Release Infotrain Ltd.
16/07/2009
IP and Port Duplex Configuration
Every switch, unlike the router, acts as a single IP
host with an IP address and a subnet mask
The IP addresses need not be configured for each
interface of the switch
The duplex can be set to any of the four modes.
The following are the types of modes:
Auto
Full
Full-flow control
Half
Jetking
Release Infotrain Ltd.
16/07/2009
MAC Addresses
Media Access Control (MAC) is a hardware address
that identifies every node in a network uniquely
The different entries in the MAC address table
include:
Dynamic addresses
Restricted-static entries
Jetking
Release Infotrain Ltd.
16/07/2009
MAC Address Table
Jetking
Release Infotrain Ltd.
16/07/2009
Port Security
Port security is one the features that the MAC
address table possess
This feature limits the number of MAC addresses
associated with the port in the MAC address table
The function of this feature is to limit the number of
sources that can forward frames into that particular
switch port
Port security on 2900 switches can be configured
using the port secure max-mac-count command
Jetking
Release Infotrain Ltd.
16/07/2009
Case Study
At the Hyderabad branch of the Blue Diamond Steel
organization, there are four departments, Finance,
Sales, Software Management and Project
Management. Under the Finance department, there
are three more sections named Salary, Clearance
and Receivables. There is a hub for each department
on the network. The network administrator of the
company Robert wants that only the three
department’s salary, clearance and receivables are
able to access the finance department hub.
Jetking
Release Infotrain Ltd.
16/07/2009
Problem
Jetking
Release Infotrain Ltd.
16/07/2009
Suggested Solution
The administrator can restrict the other departments
to access the Finance hub using the port secure
max-mac-count command. The number 3 should be
taken as a parameter to the command because the
administrator wants to allow only three ports to
connect the hub. The port security feature makes
sure that the finance dept can be accessed only by
these three ports. No other ports can access this hub.
This increases the security of the hub. Therefore, the
main function of the feature is to secure the hub
Jetking
Release Infotrain Ltd.
16/07/2009
Configuration Files
The configuration can be stored in many locations
These locations may include the RAM, NVRAM, or a
TFTP server
The commands used for managing the switch
configuration files are similar to the commands for
router configuration file management
You can view the configuration of the switch using
the show startup-config command
The switch software version can be viewed using
the show version command
Jetking
Release Infotrain Ltd.
16/07/2009
MAC Addresses
The 2900 series have the capacity to support 8124
switches
Use mac-address-table static 0666.6333.6333 e0/3
to configure static entries
You can configure static entries on a 2900 switch
using the mac-address-table static command
Jetking
Release Infotrain Ltd.
16/07/2009
Switch Startup
When the 1900 switch is first switched on, it runs
through a power-on self-test (POST)
Power-On Self Test (POST) is a sequence of steps
to check the functioning of the hardware devices
When a console cable is connected to the switch, a
menu appears on the screen
This menu has different options such as by pressing
K you can use the CLI, pressing M allows you to
configure the switch through menu system and
pressing I allows you to configure the IP
configuration of the switch
Jetking
Release Infotrain Ltd.
16/07/2009
Switch LED During POST and its
Interpretation
The following is the list of the 2950 switch LEDs with
their meanings:
System
Mode button
Stat
Util
Duplex
Speed
Jetking
Release Infotrain Ltd.
16/07/2009
Accessing Switch CLI
CLI is the acronym for command line interface to
IOS which is the operating system software used by
Cisco products
There are three ways to access the CLI
These methods are to access the router either
through the console, a dial-up or a modem attached
to the auxiliary port or by using Telnet
Jetking
Release Infotrain Ltd.
16/07/2009
Setting password
Setting passwords for the switch is important so that
unauthorized users are not able to connect to the
switch
You can set passwords for the user and the
privileged modes
User mode password is used to verify the
authorization on a switch including accessing a
console
The privileged mode password is used for allowing
access to the switch to view and edit the switch
configuration
Jetking
Release Infotrain Ltd.
16/07/2009
User and Enable mode Passwords
The following procedure shows the configuration of
user mode and the enable mode passwords:
(config)#enable password ?
level Set exec level password
(config)# enable password level ?
<1-15> level number
Use the level number 1 to enter the user mode
password and level number 15 to enter the enable
mode password
Jetking
Release Infotrain Ltd.
16/07/2009
Enable Secret Passwords
The enable secret password provides maximum
security and it replaces the enable password if it is
set
Therefore, if you set the enable secret password,
there is no need of the enable mode password
(config)#enable secret todd2
The enable password and the enable secret
commands can be made same on the 1900 switch,
unlike on a router
Jetking
Release Infotrain Ltd.
16/07/2009
Setting Hostname
To set the hostname on a 1900 switch as you would
on a router, perform the following steps:
#config t
Enter configuration commands, one per line.
End with CNTL/Z
(config)#hostname Todd1900
Todd1900(config)#
On the 2950 switch, perform the following steps:
Switch(config)#hostname Todd2950
Todd2950(config)#
Jetking
Release Infotrain Ltd.
16/07/2009
Setting IP information
You should set IP address or default gateway on the
Layer 2 switch as they are not set by default
The show ip command is used to see the default IP
configuration of the 1900 switch
To set the ip addresses, you should use the ip
address command and use the ip default-gateway
command to set the default gateway
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring IP Address and Default
Gateway on the 1900 Switch
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring IP Address and Default
Gateway on the 2950 Switch
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring Interface Description on
1900 Switch
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring Interface Description on
2950 Switch
Jetking
Release Infotrain Ltd.
16/07/2009
Setting Port Security
For a particular device to be plugged into the switch
port, you should configure the MAC address of that
device as a static entry, which is associated with the
switch port
This can be accomplished by configuring port
security on the switch port so that it can reject traffic
of MAC address other than that of the particular
device. The command used to set port security is:
Switch (config-if)#switchport port-security mac-
address mac-address
Jetking
Release Infotrain Ltd.
16/07/2009
Erasing Switch Configuration
NVRAM stores the configurations of the 1900 and
2950 switches
When a change is made to the switch’s running-
config, it is automatically copied to NVRAM
In the 2950 switch, you save the configuration using
the copy run start command and clear the contents
of the NVRAM using the erase startup-config
command
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring STP
In order to configure STP we need to configure the
following:
Root Bridge
Hello Time
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring the Root Bridge
The bridge ID is used to select a root bridge in the
STP domain
It also selects the root port for each of the devices in
the STP domain
To configure the root bridge, you must change the
priority value of that particular switch, which is 32768
by default
To do this, use the spanning-tree vlan command to set
the switch priority value for the specified VLAN to
8192. The syntax of the command is given as:
spanning-tree vlan [vlan-id] root primary diameter
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring the Secondary Root
Switch
You must configure a secondary switch to act as the root
bridge, if the root bridge does not function properly
To configure another switch as the secondary root on
vlan 1002:
Switch2#configure terminal
Switch2(config)#spanning-tree vlan 1002 root secondary
diameter 4
Switch2(config)#exit
To verify the secondary root bridge configuration:
Switch2#show spanning-tree vlan 1002
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring and verifying the spanning
tree port priority of a Fast Ethernet
interface
To configure and verify the spanning tree port
priority of a Fast Ethernet interface:
Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree port-priority 100
Switch1(config-if)#exit
Switch1#show spanning-tree interface fastethernet
5/8
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring and verifying the spanning
tree VLAN port priority of a Fast
Ethernet interface
To configure and verify the spanning tree VLAN port
priority of a Fast Ethernet interface:
Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree vlan 1002 port-
priority 64
Switch1(config-if)#exit
Switch1#show spanning-tree vlan 1002
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring and verifying the spanning
tree path cost of a Fast Ethernet
interface
To configure and verify the spanning tree path cost
of a Fast Ethernet interface:
Switch1#configure terminal
Switch1(config)#interface fastethernet 5/8
Switch1(config-if)#spanning-tree cost 18
Switch1(config-if)#exit
Switch1# show spanning-tree interface fastethernet
5/8
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring the Bridge Priority of VLAN
You can configure a switch with the lowest priority value
and thereby, increase the probability to act as the root
bridge in the specified VLAN
The range for setting the bridge priority is from 1 to
65535.
To configure and verify the bridge priority of VLAN 1002
to 33792:
Switch1#configure terminal
Switch1(config)#spanning-tree vlan 1002 priority 33792
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring Hello Time
You can decide the time interval after which the root
switch creates messages having configuration
information
This is done by changing the STP hello time in seconds
To configure the hello time for VLAN 1002 to
8 seconds:
Switch1#configure terminal
Switch1(config)#spanning-tree vlan 1002 hello-time 8
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring Forwarding Delay Time
for VLAN
The forward delay time refers to time in seconds that a
port takes to enter in forwarding state from the learning
and leaning states
To configure and verify the forward delay time for 22
seconds:
Switch1# configure terminal
Switch1(config)#spanning-tree vlan 1002 forward-time 22
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
Jetking
Release Infotrain Ltd.
16/07/2009
Configuring the Maximum Aging
Time for VLAN
To configure and verify the maximum aging time for
VLAN 1002 to 40 seconds:
Switch1#configure terminal
Switch1(config)#spanning-tree vlan 1002 max-age 40
Switch1(config)#exit
Switch1#show spanning-tree vlan 1002 bridge brief
Jetking
Release Infotrain Ltd.
16/07/2009
Summary - I
Jetking
Release Infotrain Ltd.
16/07/2009
Summary - II
The Catalyst 1900 and 2900 series switches are
available in the two versions:
Standard
Enterprise
Jetking
Release Infotrain Ltd.
16/07/2009
Summary - III
The switches can be configured in any of the three
following methods:
Menu driven interfaces
Full mode
Half mode
Jetking
Release Infotrain Ltd.
16/07/2009
Summary - V
The Restricted-static entries concept is when a MAC
address is configured to be associated only with a
particular port, with an additional restriction
Port security limits the number of MAC addresses
associated with the port in the MAC address table.
The Standard version of Catalyst 2900 provides VLAN
capability
The command used to configure static entries on a 2900
switch is mac-address-table static command
The command to configure the port security feature is
port security max-mac-count
Jetking
Release Infotrain Ltd.
16/07/2009