Switch Study Note 642-803

 

 

 

HUB----------------------- Layer 2 Switch------------------------ Layer 3 Switch

 

 

Hub: †††††††††††††††††††††††††† Brodacast Domain††††† 1

††††††††††††††††††††††††††††††††††† Collision Domain††††††† 1

 

Layer 2 Switch:†††††††††† Broadcast Domain††††† 1

††††††††††††††††††††††††††††††††††† Collision Domain †††††† Multi

 

 

Layer 3 Switch††††††††††† Broadcast Domain††††† Multi

††††††††††††††††††††††††††††††††††† Collision Domain††††††† Multi

 

 

 

†††††††††††

 

This is a typical small business model.

 

 

 

 

 

 

 

 

This is a typical Cisco small business model.

 

 

 

 

 

 

Issue with Plug and Play Switches

 

1. Chances for Failure.

2. Broadcast Traffic

3. Multicasting issue.

4. Security issue

5. Mac Flooding. Switches lose MAC address if the PC is not sending any data (Sleep Mode). And the switch will delete the MAC address from the table.

 

 

 

 

 

 

 

 

 

 

 

 

Cisco Network Model.

 

 

 

 

 

In the enterprise Model Cisco would like the setup in Blocks.

 

VLAN

 

Vlans divide the flat network into multi broadcast domains. No broadcast can come from another VLAN. They help

 

 

Designing the Network.

 

When doing designing your network, keep these in mind.

 

 

 

 

Cisco Operating System flavors.

 

 

CatOS.

 

 

 

 

 

 

Cisco IOS (Native OS)

 

Same OSthat is used on Routers.

 

 

 

 

VLANs(Virtual LANs)

 

 

VLANs Foundations.

 

 

-Switch to switch ports connection is called Trunk ports.

 

 

Local Vlan

 

Are confined to one block. (Server Blocks, Users Blocks).

It is Cisco recommended Model.

Ideally they donít extend beyond the Distribution Layer.

They are routed to other Vlans.

And should be created around physical boundaries.

 

 

 

 

 

 

 

 

 

Configuring basic VLAN. (LAB)

 

Show vlans.

 

Give you all the vlans that are configured.

 

 

 

There are 2 ways to configure VLANs

 

--The original way.Being fazed out.

 

Switch# vlan database

Switch(vlan)# vlan 10 name users

Switch(vlan)# vlan 20 name management

Switch(vlan)# vlan 30 name sales

Switch(vlan)# exit

 

(Note: when done make sure you type exit not Control-Z or you will lose everything.)

 

 

 

--The new and recommended way is.

 

Switch#config t

Switch(config)# vlan 10

Switch(config-vlan)# name management.

Switch(config-vlan)# exit

Switch(config)# vlan 20

Switch(config-vlan)# name sales

Switch(config)# vlan 20

 

 

Now we assign ports to the vlans.

 

Switch(config)# Interface range f0/1 Ė 10

Switch(config-if-range)# Switchport††††††††††††††† this put the port in switch mode (layer 2)

Switch(config-if-range)# Switchport mode access†††††† This hardcode the port in access mode not in trunk (if left in autoNegotiate).

Switch(config-if-range)# Switchport mode access vlan 10

 

Switch(config)# Interface range f0/11 Ė 24

Switch(config-if-range)# Switchport†††

Switch(config-if-range)# Switchport mode access

Switch(config-if-range)# Switchport mode access vlan 20

 

VLAN info/data is stored in VLAN.DAT file NOT in the running-config.

 

They are stored on the flash memory.

 

Note: Delete this file if you need or want to erase the switch configuration along with the startup-config.

 

 

 

VLAN TRUNK

 

 

 

 

 

 

Trunking port are used to carry and tag vlans between switches and vlans.

 

Tags are removed by switches and the data is sent to the end device (PC,Server, etc)

 

Trunking works in layer 2.

 

 

ISL

 

 

 

 

26 byte header†††††††† |Ethernet Frame††††††††††††††††††††††††††††††††††††††††††††††† | 4 byte CRC

††††††††††† |

††††††††††† |

Junk | VLAN | Junk |

 

 

 

802.1Q

 

 

 

Dest MAC | Source MAC | 4byte Tag |Ethernet Frame ††††† | FCS

††††††††††††††††††††††††††††††††††††††††††††††† |

††††††††††††††††††††††††††††††††††††††††††††††† |

††††††††††††††††††††††††††††††††††† 3 Bit Pri | VLAN

†††††††††††††††††††††††

 

 

 

 

Native VLANs

 

 

 

 

It used in 802.1Q, may get error native vlan mismatch.

 

When a untagged package from a device connect through trunk port (hub).It tags them with the a native vlan tag.

 

If a trunk port receive untagged packet on its port, it assign it to the native VLAN.

 

Example when connecting VOIP phone and PC together.

 

VOIP is assigned a VLAN number and since the PC canít assign a VLAN, the switch assign it to the native vlan. the phone is acting as a hub.

 

 

 

DTP is a dynamic trunking protocol. Switches use to auto negotiate trunking between them. Not recommended because of possible security issue.

 

Switch ports can have 5 different modes.

 

  1. Access : used when connecting PC/servers to the switch. When connecting a switch to it, it will not act as a trunk. Will only allow 1 VLAN.

 

  1. Trunk : this will send DTP packet and will always stay as trunk. If the other side is trunk D. Auto, D. Desirable it will make them trunk ports.

 

  1. Dynamic Auto if both switch port are set to this they will not become trunk ports rather they would be access ports. If one side is set to Dynamic Desirable then the Auto port become a trunk port.

 

  1. Dynamic Desirable : default port. When ever you plug anything to it it will negotiate with the other device. If it is a switch it become a trunk, if you plug PC it will become access port.

 

 

  1. Non-Negotiate used with trunk mode and the port will not send any DTP packets.Good for security, sniffer canít see the packet going through the port.

 

Switch# show Interface f0/2 switchport

 

Will give the administrative mode (set by the admin) the port is in.

and operational Mode (what mode it is negotiating with the other side)

 

administrative mode: dynamic desirable

operational Mode: trunk

 

 

Switch# Switchport trunk encapsulation dot1q

Switch# Switchport mode trunk

 

Switch# Switchport nonnegotiate (used with trunk command) ( no DTP will be sent)

 

Note: On new IOS switches there is no ISL encapsulation command.

 

Switch# Switchport trunk native 10

 

Will assign this port native vlan 10, anything that comes in on this port without a tag it will assign to the native vlan (10).

 

 

 

Pruning manually

 

 

Switch# Switchport trunk allowed vlan ?

Switch# Switchport trunk allowed vlan 10,20,30

 

? (will have multi choices to pick, add,all, except, none, remove word)

 

 

Show Command to use.

 

Switch# show run int f 0/2

Switch# show int f 0/2 switchport

Switch# show int f 0/2 trunk

 

 

Note: do nongeotiate command before trunk command this way you wonít lose the non-negotiate option if you ever reboot the switch.