Switching

Agenda
• Switch Operation
• Switch Port Configuration
• VLANs and Trunks
• Aggregating Switch Links
• Traditional Spanning Tree Protocol
• Spanning Tree Configuration
• Protecting Spanning Tree Protocol Topology
• Advanced Spanning Tree Protocol
• Multilayer Switching
• Enterprise Campus Network Design
• Layers 3 High Availability
• Policy-Based Routing
 Agenda
Wireless
• Conceptos de WLAN
• Introducción a la Tecnología Inalámbrica
• Componentes de la WLAN
• Funcionamiento de la WLAN
• Funcionamiento de CAPWAP
• Gestión de Canales
• Amenazas en la WLAN
• WLAN Seguras
Switching
Switch Operation
 Layer 2 Switch Operation
An Ethernet switch operates at OSI Layer 2, making decisions about forwarding frames
based on the destination MAC addresses found within the frames. This means that the
Ethernet media is no longer shared among connected devices. Instead, at its most basic
level, an Ethernet switch provides isolation between connected hosts.
Multilayer Switch Operation
Catalyst switches, such as the 9300, 9400, and 9500, can also forward frames based
on Layers 3 and 4 information contained in packets. This is known as multilayer
switching (MLS). Naturally, Layer 2 switching is performed at the same time
because even the higher-layer encapsulations still are contained in Ethernet frames
Tables Used in Switching

• Content-Addressable Memory
• All Catalyst switch models use a CAM table for Layer 2 switching. As frames arrive on switch ports, the source MAC
addresses are learned and recorded in the CAM table. The port of arrival and the VLAN both are recorded in the table,
along with a time stamp. If a MAC address learned on one switch port has moved to a different port, the MAC
address and time stamp are recorded for the most recent arrival port. Then, the previous entry is deleted. If a MAC
address is found already present in the table for the correct arrival port, only its time stamp is updated.

Determining Host Location by MAC Address

Switch#show mac address-table dynamic address 0050.8b11.54da

Determining Hosts Active on an Interface or Finding Many Hosts on an Interface

Switch# show mac address-table dynamic interface gigabitethernet1/0/2

Checking the Size of the CAM Table

Switch#show mac address-table count
Tables Used in Switching

• Ternary Content-Addressable Memory

• In multilayer switches, however, all the matching process that ACLs provide is imple-
mented in hardware. TCAM allows a packet to be evaluated against an entire access list
in a single table lookup. Most switches have multiple TCAMs so that both inbound and
out- bound security and QoS ACLs can be evaluated simultaneously, or entirely in
parallel with a Layer 2 or Layer 3 forwarding decision.
• The TCAM in a switch is more or less self-sufficient. Access lists are compiled or merged
automatically into the TCAM, so there is nothing to configure. The only concept you need
to be aware of is how the TCAM resources are being used.
Switch Port Configuration
Ethernet Concepts
• Ethernet is a family of wired computer networking technologies commonly
used in local area networks (LAN), metropolitan area networks (MAN) and
wide area networks (WAN). It was commercially introduced in 1980 and
first standardized in 1983 as IEEE 802.3.
• In IEEE 802.3, a datagram is called a packet or frame. Packet is used to
describe the overall transmission unit and includes the preamble, start frame
delimiter (SFD) and carrier extension (if present).[l] The frame begins after
the start frame delimiter with a frame header featuring source and
destination MAC addresses and the EtherType field giving either the
protocol type for the payload protocol or the length of the payload. The
middle section of the frame consists of payload data including any headers
for other protocols (for example, Internet Protocol) carried in the frame. The
frame ends with a 32-bit cyclic redundancy check, which is used to detect
corruption of data in transit.
Ethernet Concepts
• The Ethernet physical layer evolved over a considerable time span and encompasses
coaxial, twisted pair and fiber-optic physical media interfaces, with speeds from 1
Mbit/s to 400 Gbit/s.The first introduction of twisted pair CSMA/CD was StarLAN,
standardized as 802.3 1BASE5. While 1BASE5 had little market penetration, it
defined the physical apparatus (wire, plug/jack, pin-out, and wiring plan) that would
be carried over to 10BASE-T through 10GBASE-T.
• The most common forms used are 10BASE-T, 100BASE-TX, and 1000BASE-T. All
three use twisted-pair cables and 8P8C modular connectors. They run at 10 Mbit/s,
100 Mbit/s, and 1 Gbit/s, respectively.
• Fiber optic variants of Ethernet (that commonly use SFP modules) are also very
popular in larger networks, offering high performance, better electrical isolation and
longer distance (tens of kilometers with some versions). In general, network protocol
stack software will work similarly on all varieties.
Switch Port Configuration
• To select a single switch port, enter the following command in global
configuration mode:
Switch(config)# interface type switch/module/number
Switch(config)# interface gi 1/0/14
• To select several arbitrary port
Switch(config)# interface range fastethernet 1/0/3 , fastethernet 1/0/7 , fastethernet
1/0/9 , fastethernet 1/0/48
• To select all 48 Fast Ethernet interfaces on module 1
Switch(config)# interface range fastethernet 1/0/1 - 48
Switch Port Configuration
• Configuring the Link Mode on a Switch Port

Switch(config)# interface gig 3/1

Switch(config-if)# speed auto Switch(config-if)# duplex auto
• Determining Port State Information
Switch# show interfaces fastethernet 1/0/1
FastEthernet1/0/1 is up, line protocol is up
Hardware is Fast Ethernet, address is 0009.b7ee.9801 (bia 0009.b7ee.9801) MTU 1500
bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Switch Port Configuration
• Determining Link Speed and Duplex Mode
Switch# show interfaces fastethernet 1/0/13
FastEthernet1/0/13 is up, line protocol is up
Hardware is Fast Ethernet, address is 00d0.589c.3e8d (bia 00d0.589c.3e8d) MTU 1500 bytes,
BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 2/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex (Half), Auto Speed (100), 100BASETX/FX ARP type: ARPA, ARP Timeout
04:00:00
Vlans and Trunks
 Virtual LANs
By definition, a VLAN is a single broadcast domain. All devices connected to the VLAN
receive broadcasts sent by any other VLAN members. However, devices connected to a
different VLAN will not receive those same broadcasts. (Naturally, VLAN members also
receive unicast packets directed toward them from other VLAN members.)
Virtual LANs
Virtual LANs
• To configure static VLANs, begin by defining the VLAN with the following
command in global configuration mode:
Switch(config)# vlan vlan-num
Switch(config-vlan)# name vlan-name

• The VLAN numbered vlan-num is immediately

Switch(config)# interface type module/number

Switch(config-if)# switchport
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan vlan-num

• To verify VLAN configuration, use the show vlan command to output a list of all
VLANs defined in the switch, along with the ports that are assigned to each VLAN.
Virtual LANs
• VLANs can be scaled in the switch block by using two basic methods:
• End-to-end VLANs
• End-to-end VLANs, also called campuswide VLANs, span the entire switch fabric of a
network.
• Because all VLANs must be available at each access-layer switch, VLAN trunking must be
used to carry all VLANs between the access- and distribution-layer switches.
• Local VLANs
• Local or geographic VLANs range in size from a single switch in a wiring closet to an entire
building. Arranging VLANs in this fashion enables the Layer 3 function in the campus
network to intelligently handle the interVLAN traffic loads, where traffic passes into the core.
This scenario provides maximum availability by using multiple paths to destinations,
maximum scalability by keeping the VLAN within a switch block, and maximum
manageability.
Layer 2 Switch Operation
VLAN Trunks

• A trunk link can transport more than one VLAN through a single switch port.
Trunk links are most beneficial when switches are connected to other switches or
switches are connected to routers. A trunk link is not assigned to a specific VLAN.
Instead, one, many, or all active VLANs can be transported between switches
using a single physical trunk link.
VLAN Trunk Configuration
VLANs across switches
Tagged Frames

802.1Q Trunk
Trunk Port

VLAN X VLAN Y VLAN X VLAN Y

Edge Ports

This is called “VLAN Trunking”

VLAN Trunks
• Because a trunk link can transport many VLANs, a switch must identify
frames with their respective VLANs as they are sent and received over a
trunk link. Frame identification, or tagging, assigns a unique userdefined ID
to each frame transported on a trunk link.
• VLAN identification can be performed using two methods, each using a
different frame identifier mechanism:
• InterSwitch Link (ISL) protocol
• IEEE 802.1Q protocol
VLAN Trunks

Switch(config)# interface type mod/port

Switch(configif)# switchport
Switch(configif)# switchport trunk native vlan vlanid
Switch(configif)# switchport trunk allowed vlan {vlanlist | all |
{add | except | remove} vlanlist}
Switch(configif)# switchport mode {trunk | dynamic {desirable | auto}}
VLAN Troubleshooting
• Remember that a VLAN is nothing more than a logical network segment that can be spread across
many switches. If a PC in one location cannot communicate with a PC in another location, where
both are assigned to the same IP subnet, make sure that both of their switch ports are configured
for the same VLAN. If they are, examine the path between the two. Is the VLAN carried
continuously along the path? If there are trunks along the way, is the VLAN being carried across the
trunks?
• To verify a VLAN’s configuration on a switch, use the show vlan id vlanid EXEC
command
• To see a comparison of how a switch port is configured for trunking versus its
active state, use the show interface type mod/num switchport command

• For more concise information about a trunking port, you can use the show
interface [type mod/num] trunk command
VLAN Trunking Protocol
• Cisco has developed a method to manage VLANs across the campus network. The
VLAN Trunking Protocol (VTP) uses Layer 2 trunk frames to communicate VLAN
information among a group of switches. VTP manages the addition, deletion, and
renaming of VLANs across the network from a central point of control. Any
switch participating in a VTP ex change is aware of and can use any VLAN that
VTP manages.
• To participate in a VTP management domain, each switch must be configured
to operate in one of several modes. The VTP mode determines how the
switch processes and advertises VTP information. You can use the following
modes:
• Client mode
• Server mode
• • Transparent mode
VTP Configuration
• By default, every switch operates in VTP server mode for the management
domain NULL (a blank string), with no password or secure mode. If the
switch hears a VTP summary advertisement on a trunk port from any other
switch, it automatically learns the VTP do main name, VLANs, and the
configuration revision number it hears. This makes it easy to bring up a new
switch in an existing VTP domain. However, be aware that the new switch
stays in VTP server mode, something that might not be desirable.
VTP Configuration
• Configuring a VTP Management Domain
Switch(config)# vtp domain domainname

• Configuring the VTP Mode

Switch(config)# vtp mode {server | client | transparent}
Switch(config)# vtp password password

• The VTP version number is configured using the following global

configuration command:
Switch(config)# vtp version {1 | 2}
By default, a switch uses VTP Version 1.
VTP Pruning
• Recall that, by definition, a switch must forward broadcast frames out all
available ports in the broadcast domain because broadcasts are destined
everywhere there is a listener. Unless forwarded by more intelligent means,
multicast frames follow the same pattern.
• Recall that, by definition, a switch must forward broadcast frames out all
available ports in the broadcast domain because broadcasts are destined
everywhere there is a listener. Unless forwarded by more intelligent means,
multicast frames follow the same pattern.
• VTP pruning makes more efficient use of trunk bandwidth by reducing unnecessary
flooded traffic. Broadcast and unknown unicast frames on a VLAN are forwarded
over a trunk link only if the switch on the receiving end of the trunk has ports in that
VLAN.
VTP Pruning
VTP Pruning
• By default, VTP pruning is disabled. To enable pruning, use the following
global configuration command:
Switch(config)# vtp pruning

• If you use this command on a VTP server, it also advertises that pruning
needs to be enabled for the entire management domain. All other switches
listening to that advertisement also will enable pruning.
• When pruning is enabled, all general-purpose VLANs become eligible for
pruning on all trunk links, if needed. However, you can modify the default
list of pruning eligibility with the following interface-configuration
command:
Switch(config)# interface type mod/num
Switch(config-if)# switchport trunk pruning vlan {{{add | except | remove} vlan-list} | none}
Troubleshooting VTP
• If a switch does not seem to be receiving updated information from a VTP
server, consider these possible causes:
• The switch is configured for VTP transparent mode. In this mode, incoming VTP
advertisements are not processed; they are relayed only to other switches in the
domain.
• If the switch is configured as a VTP client, there might not be another switch
functioning as a VTP server. In this case, configure the local switch to become a
VTP server itself.
• The link toward the VTP server is not in trunking mode.
• Make sure the VTP domain name is configured correctly.
• Make sure the VTP version is compatible with other switches in the VTP domain.
• Make sure the VTP password matches others in the VTP domain.