Documente Academic
Documente Profesional
Documente Cultură
SWITCHING
Study Guide
CCNA Basic Switching
❏ A network switch is a computer networking device that
connects devices together on a computer network by using
packet switching to receive, process, and forward data to the
destination device.
ROUTERS
SWITCHES,BRIDGES
HUBS, REPEATERS
● As networks grew in size and complexity, the bridge
evolved into the modern switch, allowing further
segmentation of the network.
● Hubs cannot filter data so data packets are sent to all connected
devices/computers. The end-device has to make decision if it needs the
packet. This can slow down the network overall.
● Hubs do not have intelligence to find out best path for data packets. This
leads to inefficiencies and wastage.
● Having a single incoming and outgoing port and filters traffic on the LAN by
looking at the MAC address, bridge is more complex than hub.
● Bridge looks at the destination of the packet before forwarding unlike a hub. It
restricts transmission on other LAN segment if destination is not found.
SWITCHES
● A switch when compared to bridge has multiple ports. Switches can
perform error checking before forwarding data.
● Switches can support both layer 2 (based on MAC Address) and layer
3 (Based on IP address) depending on the type of switch.
● A collision occurs when two devices send a packet at the same time on the
shared network segment. The packets collide and both devices must send the
packets again. This reduces network efficiency.
● Collisions are often in a hub network, because each port on a hub is in the
same collision domain. That is each port on a bridge, a switch or a router is in
a separate collision domain.
● As you can see, we have 6 collision domains.
● All ports on a router are in the different broadcast domains
and routers don’t forward broadcasts from one broadcast
domain to another.
● The switch creates a loop free environment with other switches by using
STP(Spanning Tree Protocol).
● Having physically redundant links help LAN availability and STP prevents the
switch logic from forming loops by indefinitely congesting the n/w of the LAN.
● Broadcast frames occur all the time in switched networks. These frames in
bridging loops keep circulating forever. They are exponentially procreating,
leading both network bandwidth and resources into starvation.
Port Security
● The port security feature is used to restrict input to an interface by limiting and
identifying MAC addresses of the workstations that are allowed to access the
port.
● When you assign secure MAC addresses to a secure port, the port does not
forward packets with source addresses outside the group of defined
addresses.
● If you limit the number of secure MAC addresses to one and assign a single
secure MAC address, the workstation attached to that port is assured the full
bandwidth of the port.
To enable Port Security on an interface:
Switch(config)# interface fa 1/10
Switch(config-if)# switchport port-security
● By using VLANs, you can take four ports on one switch and associate
them with a VLAN, which means you treat those four ports as their own
separate switch.
The above diagram shows how VLAN helps in separating individual network
segments for the issue of security.
● Dynamic VLAN : The Administrator assigns all the host device’s MAC
address into a database, then the switches can be configured to assign
VLAN’s dynamically whenever a host is plugged into the switch.
Configuring a VLAN
Consider the following figure of a simple configuration:
Creating a VLAN
Vlan 20
Vlan 30
VLAN Port Trunking
● A port configured for Trunk mode is also called a trunk port and, by default, it
will pass traffic for all VLANs.
● The port fa 0/1 in the above example is set as a trunk port, to allow same-
VLAN communication between the switches.
Vlan 20
Trunk port
Vlan 30
VLAN 10, 20 & 30 on SW1 will communicate with VLAN 10, 20 & 30 on SW2 via
the trunk port connection.
Inter-VLAN Routing
● Devices within a VLAN can communicate with each other without the need of
Layer 3 routing. But devices in separate VLANs require a Layer 3 routing
device to communicate with one another.
● The routing traffic from one VLAN to another VLAN is called InterVLAN
routing.
Switch(config)#interface f0/0
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode trunk
(Note: The main interface f0/0 doesn’t need an IP address but it must
be turned on)
Configure VLAN :
Switch(config)#vlan 10
Switch(config-vlan)#name SALES
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name TECH
Router(config)#interface fa 0/0
Router(config-if)#no shutdown
Router(config)#interface f0/0.0
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.1.1 255.255.255.0
Router(config-subif)#interface f0/0.1
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address 192.168.2.1 255.255.255.0
Inter-VLAN Routing with Layer 3 Switch
● In practical, we often use a Layer 3 switch instead of a switch and a “router on
the stick”, this helps reduce the complexity of the topology and cost.
● With the following topology, we don’t need to use a trunking protocol and the
“switchport mode trunk” command.
● On a Layer 3-capable switch, the port interfaces work as Layer 2 access ports
by default, but you can also configure them as “Routed Ports” which act as
normal router interfaces. That is, you can assign an IP address directly on the
routed port.
Router(config-if)# ip routing
Router(config-if)#interface FastEthernet0/1 Router(config-if)#interface Vlan10
Router(config-if)#switchport access vlan 10 Router(config-if)#ip address
Router(config-if)#switchport mode access 192.168.10.1 255.255.255.0
Router(config-if)#interface FastEthernet0/2 Router(config-if)#interface Vlan20
Router(config-if)#switchport access vlan 20 Router(config-if)#ip address
Router(config-if)#switchport mode access 192.168.20.1 255.255.255.0
Native VLANs
Normally when a Switch port configured as a trunk port send and receive IEEE
801.q VLAN tagged Ethernet frames.
If a switch receives untagged Ethernet frames on its Trunk port, they are
forwarded to the VLAN that is configured on the Switch as Native VLAN.
Both sides of the trunk link must be configured to be in same Native VLAN. Thus
Native VLAN is the default VLAN accessible in a switch.
● Choose server mode for the switch that you will use to create, change, or
delete VLANs. The server will propagate this information to other switches
that are configured as servers or clients.
● Set client mode on any switch where you do not want to create, change, or
delete VLANS.
● Use transparent mode on a switch that needs to pass VTP advertisements to
other switches but also needs the capability to have its VLANs independently
administered
VTP Configuration
● Once the VTP is configured on Switch 2 & 3, run the 'show vlan' command
from privileged mode on Switch 2 or 3 to make sure that the VLAN
configuration information is propagated from Switch 1 to Switch 2 & 3.
SERVER Switch 1
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#vtp mode server
Device mode already VTP SERVER.
S1(config)#vtp domain CCNA
Changing VTP domain name from NULL to CCNA
S1(config)#vtp password cisco
Setting device VLAN database password to cisco
CLIENT Switch 2
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S2
S2(config)#vtp mode client
Setting device to VTP CLIENT mode.
S2(config)#vtp domain Swit2
Changing VTP domain name from NULL to Swit2
S2(config)#vtp password ccna
Setting device VLAN database password to ccna
CLIENT Switch 3
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S3
S3(config)#vtp mode client
Setting device to VTP CLIENT mode.
S3(config)#vtp domain Swit3
Changing VTP domain name from NULL toSwit3
S3(config)#vtp password ccna
Setting device VLAN database password to ccna
Spanning Tree Protocol (STP)
● Loop Prevention is one of the basic functions of a Switch. The ports
automatically close down to prevent the loop from forming.
● To prevent bridging loops, the IEEE 802.1d committee defined a standard
called the spanning tree protocol (STP).
● Spanning-Tree Protocol is a link management protocol that provides path
redundancy while preventing undesirable loops in the network.
● For an Ethernet network to function properly, only one active path can exist
between two stations.
Advantages of STP
The spanning tree algorithm provides the following benefits:
● Suppose you have two switches connected with redundant links. One switch
connected to A and the other switch connected to B.
● Suppose SwB receives the broadcast frame from fa0/0 first then it will forward
that frame to the two other links ( fa0/1 and fa0/5 of SwB).
● The other broadcast frame from SwA comes to fa0/1 of SwB so SwB forwards
it to fa0/0 and fa0/5.
● SwA has sent 2 broadcast frames out of its fa0/0 and fa0/1, SwB receives each
of them, creates 2 copies and sends one of them back to SwA (the other is sent
to B).
● Broadcast storm is a serious network problem and can shut down entire
network in seconds.
How Spanning Tree Protocol (STP) works
● The BPDU, which every switch sends, contains information about the switch
and its Bridge ID that uniquely identifies the switch on the network.
● To compare two bridge ID’s, the priority is compared first. If two bridges
have equal priority, then the MAC addresses are compared.
● Both SwA and SwB have the same bridge ID (32768) so they will
compare their MAC addresses. Because SwB has lower MAC address
it will become root bridge.
● On the root bridge, all ports are designated ports. DP’s are in the forwarding
state and can send and receive traffic.
● An administrator can decide which bridge will become the root bridge by
lowering the priority value (thus lowering Bridge ID).
● STP decides which switch will become root bridge by comparing the Bridge
ID in the BPDUs.
Identifying Root Ports
● The ports on the switches that have the lowest path cost to get to the root
switch.
● Each Switch has only one Root port, Path cost is the cumulative cost based
on the bandwidth of the links.
● The higher the bandwidth, the lower the Path Cost
BANDWIDTH COST
4Mbps 250
10Mbps 100
16Mbps 62
100Mbps 19
1 Gbps 4
Spanning tree types
1. Common Spanning Tree(CST): A single STP process is used for all VLANs
● By lowering this value we can ensure a specific interface becomes the root
port.
Configuring the Root Bridge & Priority
● Using this command will automatically lower the priority of the switch to a very
significant value in order to make sure that the switch is elected as a root
switch.
● Configuring the spanning tree port priority of a Fast Ethernet interface:
● Portfast minimizes the time it takes for the server or workstation to come
online, thus preventing problems with applications such as DHCP, DNS etc
● Port Fast should not be enabled on the switchport connecting to another
hub/switch, as it may result in a loop.
● Port Fast does not disable STP on a port, but it speeds up the
convergence.