6.switching vla ns
TRANSCRIPT
SwitchingSwitching&&
VLANsVLANs
Switching BasicsSwitching Basics
Switch act as a multiport bridge and its Switch act as a multiport bridge and its basic duty is to break collision domain.basic duty is to break collision domain.
Layer 2 switches and bridges are Layer 2 switches and bridges are faster than routers because they don’t faster than routers because they don’t take up time looking at the Network take up time looking at the Network layer header information.layer header information.
Switches look at frame’s hardware Switches look at frame’s hardware addresses before deciding to either addresses before deciding to either forward the frame or drop it.forward the frame or drop it.
Switching BasicsSwitching Basics Switches create private dedicated Switches create private dedicated
collision domain.collision domain. They provide independent bandwidth They provide independent bandwidth
on each port.on each port. Layer 2 switching provide the Layer 2 switching provide the
following:following: Hardware based bridging (Application Hardware based bridging (Application
Specific Integrated Circuit – ASIC)Specific Integrated Circuit – ASIC) Wire SpeedWire Speed Low latencyLow latency Low cost.Low cost.
Switching BasicsSwitching Basics
Switches do not do any Switches do not do any modification to the data packet.modification to the data packet.
They only read the frame They only read the frame encapsulating the packet.encapsulating the packet.
This makes the switching process This makes the switching process considerably faster and less error-considerably faster and less error-pron than routing process.pron than routing process.
Switches create private domainSwitches create private domain
Bridging Vs. LAN SwitchingBridging Vs. LAN Switching
Bridges are software based, while Bridges are software based, while switches are hardware based because switches are hardware based because switches use ASIC chips to help make switches use ASIC chips to help make filtering decisions.filtering decisions.
A switch is basically a multiport bridge.A switch is basically a multiport bridge. Bridges can only have one spanning tree Bridges can only have one spanning tree
instance per bridge, while switches can instance per bridge, while switches can have many.have many.
Switches have more number of ports.Switches have more number of ports.
Bridges and SwitchesBridges and Switches
Both poses multiple COLLISION Both poses multiple COLLISION DOMAIN but one BROADCAST DOMAIN but one BROADCAST DOMAIN.DOMAIN.
Both learn MAC addresses by Both learn MAC addresses by examining the source address of each examining the source address of each frame received.frame received.
Both make forwarding decisions Both make forwarding decisions based on layer 2 addresses.based on layer 2 addresses.
Functions of SwitchFunctions of Switch Address LearningAddress Learning: :
Layer 2 switches remember the source Layer 2 switches remember the source hardware address of each frame received on an hardware address of each frame received on an interface .interface .
Switches enter this information into a MAC Switches enter this information into a MAC database called a forward/filter table.database called a forward/filter table.
Forward/Filter DecisionForward/Filter Decision:: When a frame is received on an interface, the When a frame is received on an interface, the
switch looks at the destination hardware switch looks at the destination hardware address and fields the exit interface in the MAC address and fields the exit interface in the MAC database.database.
The frame is only forwarded out the specified The frame is only forwarded out the specified destination port.destination port.
Functions of SwitchFunctions of Switch
Loop AvoidanceLoop Avoidance: : If multiple connections between If multiple connections between
switches are created for redundancy switches are created for redundancy purpose, network loops can occur.purpose, network loops can occur.
Spanning Tree Protocol (STP) is used Spanning Tree Protocol (STP) is used to stop network loops while still to stop network loops while still permitting redundancy.permitting redundancy.
Address LearningAddress Learning
When switch is first powered on, the MAC When switch is first powered on, the MAC forward/filter table is empty.forward/filter table is empty.
When an interface receives a frame, the When an interface receives a frame, the switch places the frame’s source address in switch places the frame’s source address in MAC forward/filter table, allowing it to MAC forward/filter table, allowing it to remember which interface the sending device remember which interface the sending device is located on.is located on.
Switch then floods the network with this Switch then floods the network with this frame out of every port except the source frame out of every port except the source port because it has no idea where the port because it has no idea where the destination device actually located.destination device actually located.
Address LearningAddress Learning If a device answers this flooded frame If a device answers this flooded frame
and sends a frame back, then:and sends a frame back, then: Switch takes the source address from that Switch takes the source address from that
frame and place the mac address in the frame and place the mac address in the database as well.database as well.
Switch associates this address with the Switch associates this address with the interface that received the frame.interface that received the frame.
Since the switch now has both the Since the switch now has both the relevant MAC address in its filtering relevant MAC address in its filtering table, the two devices can now make a table, the two devices can now make a point-t0-pont connectionpoint-t0-pont connection
Forward/Filter DecisionsForward/Filter Decisions When a frame arrives at a switch When a frame arrives at a switch
interface, the destination hardware interface, the destination hardware address in compared to the MAC address in compared to the MAC forward/filter table.forward/filter table.
If the destination hardware is known If the destination hardware is known and listed in the database, the frame and listed in the database, the frame is only sent out the correct exit is only sent out the correct exit interface.interface.
This preserves bandwidth and is This preserves bandwidth and is called as called as frame filtering.frame filtering.
Forward/Filter DecisionsForward/Filter Decisions If destination hardware address is If destination hardware address is
not listed in the MAC database, then not listed in the MAC database, then the frame is flooded out all active the frame is flooded out all active interfaces except the interface the interfaces except the interface the frame was received on.frame was received on.
If a device answers the flooded If a device answers the flooded frame, the MAC database is updated frame, the MAC database is updated with the device interface.with the device interface.
Loop AvoidanceLoop Avoidance Redundant links between switches Redundant links between switches
are a good idea because they help are a good idea because they help prevent complete network failure in prevent complete network failure in the event one link stops working.the event one link stops working.
But in a redundant link frames can But in a redundant link frames can be flooded down all redundant links be flooded down all redundant links simultaneously, resulting in network simultaneously, resulting in network loops.loops.
Redundant links may invite Redundant links may invite following set of problems: following set of problems:
If no loop avoidance schemes are put in If no loop avoidance schemes are put in place, the switches will flood broadcast place, the switches will flood broadcast endlessly. Following figure illustrates it:endlessly. Following figure illustrates it:
Broadcast Storm
A device can receive multiple copies of the A device can receive multiple copies of the same frame, since that frame can arrive from same frame, since that frame can arrive from multiple segments simultaneously. Following multiple segments simultaneously. Following figure demonstrates it best.figure demonstrates it best.
The server in this The server in this figure sends a unicast figure sends a unicast frame to router C. frame to router C.
Since it’s a unicast Since it’s a unicast frame, switch A frame, switch A forwards the frame and forwards the frame and switch B provides the switch B provides the same service – it same service – it forwards the broadcast.forwards the broadcast.
This is not good because now route C will This is not good because now route C will receive unicast frame twice, causing additional receive unicast frame twice, causing additional overhead on the network.overhead on the network.
The MAC address filter table will be The MAC address filter table will be totally confused about the devices totally confused about the devices location because the switch can location because the switch can receive the frame from more than one receive the frame from more than one links.links.
Multiple loops could be generated. Multiple loops could be generated. This mean a loop can occur within This mean a loop can occur within other loop.other loop.
Spanning Tree ProtocolSpanning Tree Protocol
Its main task is to stop routing loops Its main task is to stop routing loops from occurring on layer 2. (Bridges or from occurring on layer 2. (Bridges or Switches)Switches)
It monitors the network to find all links It monitors the network to find all links making sure that no loops occur by making sure that no loops occur by shutting down the redundant link.shutting down the redundant link.
It uses Spanning Tree Algorithm (STA), It uses Spanning Tree Algorithm (STA), to first create a topology database, then to first create a topology database, then search out and destroy redundant links.search out and destroy redundant links.
With STP running, frames are only With STP running, frames are only forwarded on the STP, picked links.forwarded on the STP, picked links.
LAN Switch TypesLAN Switch Types
LAN Switch Types decide how a frame is LAN Switch Types decide how a frame is handled when it’s received on a switch handled when it’s received on a switch port.port.
Latency: The time switch takes for a Latency: The time switch takes for a frame to be sent out an exit port once frame to be sent out an exit port once the switch receives the frame.the switch receives the frame.
There are three switching modes:There are three switching modes: Cut – through (Fast Forward)Cut – through (Fast Forward) Fragment Free (Modified cut-through)Fragment Free (Modified cut-through) Store-and-forwardStore-and-forward
Cut-through (Fast Forward)Cut-through (Fast Forward):: In this mode, the switch only waits for the In this mode, the switch only waits for the
destination hardware address to be received destination hardware address to be received before it looks up the destination address in before it looks up the destination address in the MAC filter table.the MAC filter table.
Fragment Free (Modified cut-through)Fragment Free (Modified cut-through):: In this mode, the switch checks the first 64 In this mode, the switch checks the first 64
bytes of a frame before forwarding it for bytes of a frame before forwarding it for fragmentation.fragmentation.
This is the default mode for catalyst 1900 This is the default mode for catalyst 1900 series switch.series switch.
Store-and-forwardStore-and-forward:: In this mode, the complete frame is received In this mode, the complete frame is received
on the switch’s buffer, a CRC is run and then on the switch’s buffer, a CRC is run and then the switch looks up the destination address in the switch looks up the destination address in the MAC forward/filter table.the MAC forward/filter table.
Different switching modes within a frameDifferent switching modes within a frame
Cut - ThroughCut - Through With cut-through switching method, the LAN With cut-through switching method, the LAN
switch reads only the destination.switch reads only the destination. That is it looks at the first six bytes following That is it looks at the first six bytes following
the preamble.the preamble. It then:It then:
Looks up the hardware destination address in the Looks up the hardware destination address in the MAC switching table.MAC switching table.
Determines the outgoing interface.Determines the outgoing interface. Proceeds to forward the frame towards its Proceeds to forward the frame towards its
destination.destination. A cut-through switch helps in reducing latency, A cut-through switch helps in reducing latency,
because its begins to forward the frame as soon because its begins to forward the frame as soon as it reads the destination address and as it reads the destination address and determines the outgoing interface.determines the outgoing interface.
Fragment Free Fragment Free (Modified Cut – Through)(Modified Cut – Through)
It is a modified form of cut-through switching in It is a modified form of cut-through switching in which the switch waits for the collision window which the switch waits for the collision window (64 bytes) to pass before forwarding.(64 bytes) to pass before forwarding.
This is because if a packet has a collision error, it This is because if a packet has a collision error, it almost always occurs within the first 64 bytes.almost always occurs within the first 64 bytes.
This means each frame will be checked into the This means each frame will be checked into the data field to make sure no fragmentation has data field to make sure no fragmentation has occurred. occurred.
Fragment Free mode provides better error Fragment Free mode provides better error checking than the cut-through mode with checking than the cut-through mode with practically no increase in latency.practically no increase in latency.
It is the default switching mode for 1900 It is the default switching mode for 1900 switches.switches.
Store – and – ForwardStore – and – Forward It is CISCO’s primary LAN switching method.It is CISCO’s primary LAN switching method. In this method, the LAN switch copies the entire In this method, the LAN switch copies the entire
frame onto its onboard buffers and then frame onto its onboard buffers and then computes the CRC (Cyclic Redundancy Check).computes the CRC (Cyclic Redundancy Check).
Since it copies the entire frame, latency through Since it copies the entire frame, latency through the switch varies with frame length.the switch varies with frame length.
The frame is discarded if it contains a CRC error:The frame is discarded if it contains a CRC error: If it is too short (Less then 64 bytes including the CRC)If it is too short (Less then 64 bytes including the CRC) If it is too long (More than 1518 bytes, including the If it is too long (More than 1518 bytes, including the
CRC)CRC) If the frame doesn’t contain any error, the LAN If the frame doesn’t contain any error, the LAN
switch looks up the destination hardware switch looks up the destination hardware address in its MAC forward/filter table to find the address in its MAC forward/filter table to find the correct outgoing interface.correct outgoing interface.
Spanning Tree TermsSpanning Tree Terms
STP:STP: It is a bridge protocol that uses the STA to It is a bridge protocol that uses the STA to
find redundant links dynamically.find redundant links dynamically. It creates a spanning tree topology It creates a spanning tree topology
database.database. Bridges exchange BPDU messages with Bridges exchange BPDU messages with
other bridgesother bridges
Configuring 1900 & 2950 Configuring 1900 & 2950 catalyst switchescatalyst switches
We will cover following list of tasks:We will cover following list of tasks: Setting the passwordSetting the password Setting the hostnameSetting the hostname Configuring the ip address and subnet Configuring the ip address and subnet
masksmasks Setting a description on the interfaceSetting a description on the interface Erasing the switch configurationErasing the switch configuration Configuring VLANsConfiguring VLANs Adding VLAN membership to switch port.Adding VLAN membership to switch port. Creating VTP domain.Creating VTP domain. Configuring trunking.Configuring trunking.
Setting the passwordSetting the password
1900 Series:1900 Series: It uses same command to set both user It uses same command to set both user
level password as well as privileged level password as well as privileged password, but with different level numbers.password, but with different level numbers.
Level is 1 for user level and 15 for privilege Level is 1 for user level and 15 for privilege level.level.
Password length should be from 4 to 8 Password length should be from 4 to 8 characters.characters.
Setting user password:Setting user password: switch(config)#switch(config)# enable password level 1 cisco enable password level 1 cisco
Setting privileged level passwordSetting privileged level password switch(config)#switch(config)# enable password level 15 cisco enable password level 15 cisco
Setting the passwordSetting the password 2950 Series:2950 Series:
To set user mode password for the 2950 To set user mode password for the 2950 switch, we configure the line just as we switch, we configure the line just as we would do on a router.would do on a router.
Console:Console: switch(configswitch(config))## line console 0 line console 0
switch(config-lineswitch(config-line))## password password ciscociscoswitch(config-lineswitch(config-line))## login login
Telnet:Telnet: switch(configswitch(config))## line vty 0 15 line vty 0 15
switch(config-lineswitch(config-line))## password password ciscociscoswitch(config-line)#switch(config-line)# login login
Enable secret password is set in the same Enable secret password is set in the same way as we would do for a router.way as we would do for a router.
switch(config)#switch(config)# enable secret enable secret ciscocisco
Setting hostnameSetting hostname
The hostname on a switch is only The hostname on a switch is only locally significant.locally significant.
This means it doesn’t have any This means it doesn’t have any function on the network or with the function on the network or with the name resolution. (Though it has an name resolution. (Though it has an exception with PPP authentication)exception with PPP authentication)
1900 Series:1900 Series: switch(configswitch(config))## hostname hostname LAN1LAN1
2950 Series:2950 Series: switch(config)#switch(config)# hostname hostname LAN1LAN1
Setting IP informationSetting IP information
Generally a switch doesn’t need any ip Generally a switch doesn’t need any ip address at all to manager a LAN.address at all to manager a LAN.
There are exceptions though.There are exceptions though. We have got two reasons where we We have got two reasons where we
probably do want to set IP address probably do want to set IP address information on the switch.information on the switch. To manage the switch via TELNET or other To manage the switch via TELNET or other
management software.management software. To configure the switch with different To configure the switch with different
VLANs and other network functions.VLANs and other network functions.
Setting IP informationSetting IP information
1900 Switch:1900 Switch: By default no ip address or default gateway By default no ip address or default gateway
information is set.information is set. We can verify this by using the command We can verify this by using the command sh sh
ipip at privileged mode. at privileged mode. Switch#sh ipSwitch#sh ip
IP address and default gateway are set IP address and default gateway are set through GCM.through GCM.
Switch(config)#Switch(config)# ip address 172.16.10.16 ip address 172.16.10.16 255.255.255.0255.255.255.0Switch(config)#Switch(config)# ip default-gateway 172.16.10.1 ip default-gateway 172.16.10.1
Setting IP informationSetting IP information
2950 Switch :2950 Switch : In 2950 switch , we consider a default VLAN In 2950 switch , we consider a default VLAN
with the switch.with the switch. This VLAN is called as VLAN1.This VLAN is called as VLAN1. Every port on switch is a member of VLAN1 by Every port on switch is a member of VLAN1 by
default.default. We always set ip address for VLAN1.We always set ip address for VLAN1.
Switch(config)#Switch(config)# interface vlan1 interface vlan1Switch(config-if)#Switch(config-if)# ip address 172.16.10.17 ip address 172.16.10.17 255.255.255.0255.255.255.0Switch(config-if)#Switch(config-if)#exitexitSwitch(config)#Switch(config)# ip default-gateway 172.16.10.1 ip default-gateway 172.16.10.1
Configuring Interface DescriptionConfiguring Interface Description
We can administratively set a name for each We can administratively set a name for each interface on the switches.interface on the switches.
These descriptions are only locally These descriptions are only locally significant.significant.
1900 Switch:1900 Switch: Description command is used from interface Description command is used from interface
configuration mode.configuration mode. Spaces can't be used within description.Spaces can't be used within description. Switch(config)#Switch(config)# int e0/1 int e0/1
Switch(config-if)#Switch(config-if)# description Finance_VLAN description Finance_VLANSwitch(config)#Switch(config)# int f0/26 int f0/26Switch(config-if)#Switch(config-if)# description trunk_to_building_4 description trunk_to_building_4
Configuring Interface DescriptionConfiguring Interface Description
2950 Switch:2950 Switch: Description command is used from interface Description command is used from interface
configuration mode.configuration mode. Spaces can be used within description.Spaces can be used within description. Switch(config)#Switch(config)# int fastEthernet 0/1 int fastEthernet 0/1
Switch(config-if)#Switch(config-if)# description Sales Printer description Sales Printer
Switch(config)#Switch(config)# int f0/12 int f0/12
Switch(config-if)#Switch(config-if)# description description trunk_to_building_4trunk_to_building_4
Erasing the Switch ConfigurationErasing the Switch Configuration
1900 Switch:1900 Switch: We can’t see the content of NVRAM.We can’t see the content of NVRAM. We can only view RAM’s content.We can only view RAM’s content. When we make changes to switch’s running When we make changes to switch’s running
configuration, it automatically copies it to the configuration, it automatically copies it to the NV RAM. NV RAM.
Following syntax helps us in deleting Following syntax helps us in deleting NVRAM’s contents.NVRAM’s contents.
Switch#Switch# delete nvram delete nvram
Erasing the Switch ConfigurationErasing the Switch Configuration
2950 Switch:2950 Switch: Concepts of startup config and running Concepts of startup config and running
config holds exactly same as they do with config holds exactly same as they do with routers over here.routers over here.
Following syntax helps us in deleting Following syntax helps us in deleting NVRAM’s contents.NVRAM’s contents.
Switch#Switch# erase startup-config erase startup-config
Virtual LANs (VLANs) Virtual LANs (VLANs)
A VLAN is a logical grouping of network A VLAN is a logical grouping of network users and resources connected to users and resources connected to administratively defined ports on a administratively defined ports on a switch.switch.
VLANs allow us to break broadcast VLANs allow us to break broadcast domain in a pure switched internetwork. domain in a pure switched internetwork.
VLANs allow us to create smaller VLANs allow us to create smaller broadcast domains within a layer 2 broadcast domains within a layer 2 switched based internetwork.switched based internetwork.
How VLANs simplify How VLANs simplify network management?network management?
Network adds, moves and changes are Network adds, moves and changes are achieved by configuring a port into the achieved by configuring a port into the appropriate VLAN.appropriate VLAN.
A group of users needing high security can be A group of users needing high security can be put into a VLAN so that no users outside of put into a VLAN so that no users outside of the VLAN can communicate with them.the VLAN can communicate with them.
VLANs are independent from their physical or VLANs are independent from their physical or logical locations.logical locations.
VLANs can enhance network security.VLANs can enhance network security. VLANs increase no. of broadcast domains and VLANs increase no. of broadcast domains and
decrease the size of each broadcast domain.decrease the size of each broadcast domain.
Broadcast ControlBroadcast Control All devices in a VLAN are member of All devices in a VLAN are member of
same broadcast domain and receive all same broadcast domain and receive all broadcasts.broadcasts.
The broadcasts, by default, are filtered The broadcasts, by default, are filtered from all ports on a switch that are not from all ports on a switch that are not member of the same VLAN.member of the same VLAN.
This is one of the prime benefit that we This is one of the prime benefit that we get with a VLAN based switched get with a VLAN based switched network, otherwise we would have faced network, otherwise we would have faced serious problem if all our users were in serious problem if all our users were in same broadcast domain. same broadcast domain.
SecuritySecurity In a flat network anyone connecting to the physical In a flat network anyone connecting to the physical
network could access the network resources located network could access the network resources located that physical LAN.that physical LAN.
In order to observe any/all traffic happening in that In order to observe any/all traffic happening in that network one has to simply plug a network analyzer network one has to simply plug a network analyzer into the hub.into the hub.
Users can join any workgroup by just plugging their Users can join any workgroup by just plugging their workstations into the existing hub.workstations into the existing hub.
By building VLANs and creating multiple broadcast By building VLANs and creating multiple broadcast groups, administrators can now have control over groups, administrators can now have control over each port and user.each port and user.
Since VLANs can be created in accordance with the Since VLANs can be created in accordance with the network resources a user requires, a switch can be network resources a user requires, a switch can be configured to inform a network management station configured to inform a network management station of any unauthorized access to network resources.of any unauthorized access to network resources.
During inter VLAN communication, we can During inter VLAN communication, we can implement restrictions on a router to achieve it.implement restrictions on a router to achieve it.
Flexibility and ScalabilityFlexibility and Scalability
By assigning switch ports or users to By assigning switch ports or users to VLAN groups on a switch or group of VLAN groups on a switch or group of switches, we gain flexibility to add only switches, we gain flexibility to add only the users we want into that broadcast the users we want into that broadcast domain regardless of their physical domain regardless of their physical location.location.
When a VLAN becomes to big, we can When a VLAN becomes to big, we can create more VLANs to keep broadcasts create more VLANs to keep broadcasts from consuming too much bandwidth.from consuming too much bandwidth.
Physical LAN connected to a RouterPhysical LAN connected to a Router
Switches removing physical boundarySwitches removing physical boundary
Static VLANStatic VLAN These VLANs are created by administrators.These VLANs are created by administrators. An administrator creates static VLANs and An administrator creates static VLANs and
then assigns switch port to each VLAN.then assigns switch port to each VLAN. Static VLANs are:Static VLANs are:
Most secureMost secure Comparatively easy to set up and monitor.Comparatively easy to set up and monitor. Works well in a network where the movement of Works well in a network where the movement of
users within the network is controlled.users within the network is controlled. Switch port that is assigned a VLAN Switch port that is assigned a VLAN
association to always maintains the association to always maintains the association until an administrator changes association until an administrator changes that port assignment.that port assignment.
Dynamic VLANDynamic VLAN
When network administrator assigns, all the When network administrator assigns, all the host device's hardware addresses into a host device's hardware addresses into a database, the switches can be configured to database, the switches can be configured to assign VLANs dynamically whenever a host assign VLANs dynamically whenever a host is plugged into a switch.is plugged into a switch.
These are called as dynamic VLANs. These are called as dynamic VLANs. A dynamic VLAN determines node’s VLAN A dynamic VLAN determines node’s VLAN
assignment automatically.assignment automatically. Using intelligent management software, we Using intelligent management software, we
can base VLAN assignment on hardware can base VLAN assignment on hardware address (MAC address), protocols, or even address (MAC address), protocols, or even applications to create dynamic VLANs.applications to create dynamic VLANs.
Dynamic VLANDynamic VLAN Suppose MAC addresses have been entered into Suppose MAC addresses have been entered into
centralized VLAN management application.centralized VLAN management application. If a node is then attached to an unassigned switch If a node is then attached to an unassigned switch
port, the VLAN management database can look up port, the VLAN management database can look up the hardware address and assign and configure the hardware address and assign and configure the switch port to the correct VLAN. the switch port to the correct VLAN.
Its make management and configuration easier Its make management and configuration easier because if a user moves, the switch will assign because if a user moves, the switch will assign them to the correct VLAN automatically. them to the correct VLAN automatically.
CISCO allows us to use the VLAN Management CISCO allows us to use the VLAN Management Policy Server (VMPS) service to set up a database Policy Server (VMPS) service to set up a database of MAC addresses that can be used for dynamic of MAC addresses that can be used for dynamic addressing of VLANs. addressing of VLANs.
A VMPS database maps MAC addresses to VLANs.A VMPS database maps MAC addresses to VLANs.
VLAN linksVLAN links
Frames are handled differently Frames are handled differently according to the type of link they are according to the type of link they are traversing in a switch.traversing in a switch.
Following two links are available in a Following two links are available in a switched network:switched network: Access LinkAccess Link Trunk LinkTrunk Link
Access LinkAccess Link This type of link is only part of one VLAN, and This type of link is only part of one VLAN, and
it’s referred to as the native VLAN of the port.it’s referred to as the native VLAN of the port. Any device attached to an access link is Any device attached to an access link is
unaware of a VLAN membership. The device unaware of a VLAN membership. The device just assumes it’s part of a broadcast domain, just assumes it’s part of a broadcast domain, but it has no understanding of the physical but it has no understanding of the physical network.network.
Switches remove any VLAN information from Switches remove any VLAN information from the frame before it’s sent to an access-link the frame before it’s sent to an access-link device.device.
Access-link devices cannot communicate with Access-link devices cannot communicate with devices outside their VLAN unless the packet devices outside their VLAN unless the packet is routed.is routed.
Trunk LinkTrunk Link A trunk line is a 100 or 1000 Mbps point-to-point link A trunk line is a 100 or 1000 Mbps point-to-point link
between:between: Two switchesTwo switches A switch and a routerA switch and a router A switch and a serverA switch and a server
Trunk lines carry traffic of VLANs from 1 to 1005 at a Trunk lines carry traffic of VLANs from 1 to 1005 at a time.time.
Trunking allows us to make a single port part of Trunking allows us to make a single port part of multiple VLANs at the same time.multiple VLANs at the same time.
We can actually set things up to have a server in two We can actually set things up to have a server in two broadcast domains simultaneously, so that users broadcast domains simultaneously, so that users don’t have to cross the router to log in and access it.don’t have to cross the router to log in and access it.
Another advantage of trunking is when we are Another advantage of trunking is when we are connecting switches.connecting switches.
Trunk links can carry some or all VLAN information Trunk links can carry some or all VLAN information across the link, but if the links between switches across the link, but if the links between switches aren’t trunked, only VLAN 1 information will be aren’t trunked, only VLAN 1 information will be switched across the link by default.switched across the link by default.
Access and Trunk Links Access and Trunk Links in a switched network in a switched network
Creating & Verifying VLANs Creating & Verifying VLANs 1900 switch 1900 switch
Creating VLANs:Creating VLANs: Mode: GCMMode: GCM Syntax:Syntax:
Switch(config)# VLAN Switch(config)# VLAN VLAN numberVLAN number name name VLAN nameVLAN nameE.g. switch(config)# VLAN E.g. switch(config)# VLAN 22 name name salessales
Verifying VLANs:Verifying VLANs: Mode: Privileged Mode: Privileged Syntax:Syntax:
Switch# show VLAN Switch# show VLAN
Creating & Verifying VLANs Creating & Verifying VLANs 2950 switch2950 switch
Creating VLANs:Creating VLANs: Mode: Privileged and switch configMode: Privileged and switch config Syntax:Syntax:
Switch# VLAN databaseSwitch# VLAN database Switch(VLAN)# VLAN Switch(VLAN)# VLAN VLAN numberVLAN number name name VLAN VLAN
namenameSwitch(VLAN)# applySwitch(VLAN)# applyE.g. Switch(VLAN)# VLAN E.g. Switch(VLAN)# VLAN 22 name name salessales
Switch(VLAN)# VLAN Switch(VLAN)# VLAN 33 name name mktmkt Switch(VLAN)# applySwitch(VLAN)# apply
Verifying VLANs:Verifying VLANs: Mode privileged Mode privileged Syntax:Syntax:
Switch# show VLAN briefSwitch# show VLAN brief
Assigning switch ports to VLANs Assigning switch ports to VLANs 1900 switch 1900 switch
Mode: Interface SpecificMode: Interface Specific Syntax: Syntax:
Switch(config)# int Switch(config)# int interface no.interface no. Switch(config – if)# VLAN-membership static Switch(config – if)# VLAN-membership static
VLAN no.VLAN no. Example 1: Switch(config)# int e0/2Example 1: Switch(config)# int e0/2Switch(config – if)# VLAN-membership static 2Switch(config – if)# VLAN-membership static 2Example 2: Switch(config)# int e0/3Example 2: Switch(config)# int e0/3Switch(config – if)# VLAN-membership static 3Switch(config – if)# VLAN-membership static 3Example 3: Switch(config)# int e0/4Example 3: Switch(config)# int e0/4Switch(config – if)# VLAN-membership static 2Switch(config – if)# VLAN-membership static 2
Assigning switch ports to VLANs Assigning switch ports to VLANs 2950 switch 2950 switch
Mode: Interface SpecificMode: Interface Specific Syntax: Syntax:
Switch(config)# int Switch(config)# int interface no.interface no. Switch(config – if)#switchport access VLAN Switch(config – if)#switchport access VLAN VLAN VLAN no.no. Example 1: Switch(config)# int f0/2Example 1: Switch(config)# int f0/2Switch(config – if)# switchport access VLAN 2Switch(config – if)# switchport access VLAN 2Example 2: Switch(config)# int f0/3Example 2: Switch(config)# int f0/3Switch(config – if)# switchport access VLAN 3Switch(config – if)# switchport access VLAN 3Example 3: Switch(config)# int f0/4Example 3: Switch(config)# int f0/4Switch(config – if)# switchport access VLAN 2Switch(config – if)# switchport access VLAN 2
Frame TaggingFrame Tagging Switch fabric: It is a group of switches sharing the Switch fabric: It is a group of switches sharing the
same VLAN information.same VLAN information. Frame tagging is a frame identification method, Frame tagging is a frame identification method,
which uniquely assigns a user-defined ID to each which uniquely assigns a user-defined ID to each frame.frame.
It is also called as It is also called as VLAN id VLAN id oror color color.. How does it work?How does it work?
Each switch that the frame reaches must first identify Each switch that the frame reaches must first identify the VLAN ID from the frame tag. the VLAN ID from the frame tag.
Then it finds out what to do with the frame by looking Then it finds out what to do with the frame by looking at the information in the filter table.at the information in the filter table.
If the frame reaches a switch that has another trunked If the frame reaches a switch that has another trunked link, the frame will be forwarded out the trunk-link link, the frame will be forwarded out the trunk-link port.port.
Once the frame reaches an exit to an access link Once the frame reaches an exit to an access link matching the frames VLAN ID, the switch removes the matching the frames VLAN ID, the switch removes the VLAN identifier so that the destination device receive VLAN identifier so that the destination device receive the frames without having to understand their VLAN the frames without having to understand their VLAN identification.identification.