Upload
mohamed-ali
View
235
Download
2
Embed Size (px)
Citation preview
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-1
6-1Copyright © 2003, Chesapeake Netcraftsmen
6: Layer 2 – Switches
6-2Copyright © 2003, Chesapeake Netcraftsmen
Objectives
• Upon completion of this chapter, the students will be able to:– Explain and demonstrate how switches learn and
use MAC addresses to forwarding Ethernet frames
– Describe why switches need Spanning Tree Protocol (STP) and key concepts relating to STP
– Configure a Cisco switch for management and basic port settings
– Explain VLANs and Trunks– Configure a Cisco switch for simple VLANs and
Trunks– Monitor and troubleshoot switches, STP, VLANs,
and trunks
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-2
6-3Copyright © 2003, Chesapeake Netcraftsmen
Topics
• Switches and MAC Addresses• Spanning Tree Protocol• Working with Cisco switches• VLANs and Trunks
6-4Copyright © 2003, Chesapeake Netcraftsmen
Bridges vs Switches
• Bridges were introduced by DEC in the 80’s as a low-cost, low-complexity way to improve network performance– Replace a hub with a bridge or a switch and now many PCs can
transmit at the same time
• Some people once thought bridges would replace routers– But they’re not “smart enough”: bridged networks don’t scale to large
sizes
• Bridges do reduce router count in campus networks, simplifying network management
• Switches are basically high speed bridges that can be partitioned into logical sub-bridges– VLANs (covered later) are how we partition a switch
• Logically, switches and bridges are the same– They both use the same MAC learning strategy and both use Spanning
Tree Protocol (STP)– We’ll cover these in the next slides
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-3
6-5Copyright © 2003, Chesapeake Netcraftsmen
Switches Learn MAC Addresses
• A switch associates the source MAC addresses in a frame with the port a frame was received on
A B C D E
Source = MAC of A
Dest = MAC of E
Everything just powered on
Host A transmits a frame to Host E
6-6Copyright © 2003, Chesapeake Netcraftsmen
Switches Learn MAC Addresses
• A switch associates the source MAC addresses in a frame with the port a frame was received on
A B C D E
Source = MAC of A
Dest = MAC of E
Switches B, C, D learn the MAC address of A and associate it with the port receiving the frame
MAC of A MAC of A MAC of A
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-4
6-7Copyright © 2003, Chesapeake Netcraftsmen
Switches Learn MAC Addresses
• A switch associates the source MAC addresses in a frame with the port a frame was received on
A B C D E
Source = MAC of E
Dest = MAC of A
When a reply is sent, the switches learn the location of E (MAC of E and port received on)
MAC of A MAC of A MAC of A
MAC of E MAC of E MAC of E
6-8Copyright © 2003, Chesapeake Netcraftsmen
Switches Selectively Forward
• If a switch has learned a MAC address, it forwards frames going to that MAC address out only the associated port
A B C D E
So when A and E communicate, frames are only sent out the appropriate ports
MAC of A MAC of A MAC of A
MAC of E MAC of E MAC of E
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-5
6-9Copyright © 2003, Chesapeake Netcraftsmen
Switches Flood Other Traffic
• Switch flood traffic out all ports if they do not know where the destination MAC is– Unknown unicast MAC addresses– Multicasts– Layer 2 Broadcasts (MAC address ffff.ffff.ffff)
A B C D E
Source = MAC of A
Dest = MAC of H
What the H?
What the H?
What the H?
6-10Copyright © 2003, Chesapeake Netcraftsmen
Switches Flood Other Traffic
• Until the unknown unicast MAC address H replies, frames sent to H are flooded
• Once H replies, the switches can learn which port the frame from H was received on
A B C D E
Source = MAC of A
Dest = MAC of H
What the H?
What the H?
What the H?
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-6
6-11Copyright © 2003, Chesapeake Netcraftsmen
Switches Flood Other Traffic
• Broadcasts and multicasts are also flooded
A B C D E
Source = MAC of A
Dest = FFFF.FFFF.FFFF
Broadcast! Broadcast! Broadcast!
6-12Copyright © 2003, Chesapeake Netcraftsmen
Collision and Broadcast Domains
• An Ethernet segment, or multiple segments with hubs and repeaters, form a collision domain– Two devices on such a segment will have a
collision if they transmit at the same time
• Each port of a bridge or switch is a separatecollision domain– May be a single device or multiple devices
attached to the switch via a hub
• The switch or collection of switches form a broadcast domain– Broadcasts flood all ports in the interconnected
bridges or switches
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-7
6-13Copyright © 2003, Chesapeake Netcraftsmen
Topics
• Switches and MAC Addresses• Spanning Tree Protocol• Working with Cisco switches• VLANs and Trunks
6-14Copyright © 2003, Chesapeake Netcraftsmen
Switches and Redundant Links
• Consider what happens when there is a loop in the switch topology
Broadcast!
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-8
6-15Copyright © 2003, Chesapeake Netcraftsmen
Switches and Redundant Links
• Consider what happens when there is a loop in the switch topology
• Switches must flood the broadcast out every port other than the one it was received on…
Broadcast!
6-16Copyright © 2003, Chesapeake Netcraftsmen
Switches and Redundant Links
• And switches can’t say “I’ve seen this before”, they don’t “remember” frames
• So each flooded copy spawns more copies!
Broadcast!
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-9
6-17Copyright © 2003, Chesapeake Netcraftsmen
Switches and Redundant Links
Broadcast!
6-18Copyright © 2003, Chesapeake Netcraftsmen
Need for Spanning Tree Protocol
• We see that if a loop is accidentally introduced into a bridge topology, any broadcast (multicast or unknown as well) will cause the network to get very busy
• Consequently, switches use Spanning Tree Protocol (STP) to detect and de-activate loops
• Side-effect: switches normally do not load balance when there are multiple, redundant links (routers can)
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-10
6-19Copyright © 2003, Chesapeake Netcraftsmen
Spanning Tree Protocol
• Switch ports transition through a series of states:– Disabled– Blocking (20 seconds)– Listening (15 seconds)– Learning (15 seconds)– Forwarding
• Until link status is detected or a command entered, a switch port is disabled
• Once enabled, it is in blocking state, where no frames are forwarded out the port– This gives a chance for things to stabilize
6-20Copyright © 2003, Chesapeake Netcraftsmen
Spanning Tree Protocol
• When a switch port transitions to the learning state, it starts learning MAC addresses
• It is also sending and receiving Bridge Protocol Data Units (BPDUs or Bridge Hellos)
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-11
6-21Copyright © 2003, Chesapeake Netcraftsmen
Spanning Tree Protocol
• Switches gradually learn the identity of a Root Bridgefrom BPDUs– They start out thinking they’re Root, until they hear otherwise
• The Root Bridge advertises its identity and timers to other bridges in the BPDUs– Other bridges (to some extent) pass this information along
Root Switch
6-22Copyright © 2003, Chesapeake Netcraftsmen
Spanning Tree Protocol
• (Without going into all the details…)• BPDUs advertise their best cost back to the Root Bridge• Each switch selects a port with the lowest cost back to the
Root Bridge– This is the Root Port
• For each LAN segment, one switch and switch port is chosen as the best path back to the Root Bridge– This is the Designated Port Root Switch
LAN Segment
Root Port Root Port
Designated Port
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-12
6-23Copyright © 2003, Chesapeake Netcraftsmen
Spanning Tree Protocol
• Frames are forwarded (sent out) only on the root or designated ports of switches– Forwarding ports
• Other ports do not forward frames– Blocking ports– BPDUs are still received on blocking ports, in case
changes are needed
B B
Root Switch
B B
BB B
6-24Copyright © 2003, Chesapeake Netcraftsmen
Spanning Tree Protocol
• This connects every LAN and switch by exactly one path back to the Root Bridge– Hence each LAN is connected to every other LAN by
exactly one path– However, it might not be the shortest possible path
between the LANs
B B
Root Switch
B B
BB BX
Actual path used
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-13
6-25Copyright © 2003, Chesapeake Netcraftsmen
Change and STP
• When there’s a change, switches in principle repeat the Blocking, Listening, Learning cycle– It takes about 50 seconds to find a new path
• Cisco and other vendors sometimes have clever optimizations to improve this Layer 2 Convergence time– If you’ve got them, use them!– Explaining these is beyond the scope of this course
6-26Copyright © 2003, Chesapeake Netcraftsmen
Topics
• Switches and MAC Addresses• Spanning Tree Protocol• Working with Cisco switches
– CLI– Management address, management vlan
and default gateway– Port settings– Passwords– Key show commands
• VLANs and Trunks
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-14
6-27Copyright © 2003, Chesapeake Netcraftsmen
Switch Operating Systems
• Cisco switches have one of two operating systems– Catalyst OS or CatOS: uses set commands– Cisco IOS: uses commands similar to those on a router
• Catalyst 4000 with Supervisor 2, Catalyst 5000, 5500, 6000, 6500 switches generally use CatOS– Cisco is working on “native IOS” for the newer models
• Inexpensive switches from other vendors may well be unmanageable– No SNMP– Hard to manage multiple switches
• Other vendors’ manageable switches of course have their own command interfaces
6-28Copyright © 2003, Chesapeake Netcraftsmen
Configuring Cisco IOS-Based Switches
• The Catalyst 1900 and 2900 XL series switches use Cisco IOS– 1900 switches also have a menu interface– Press K to get to the command line
• Connect to the switch console port to issue commands or to configure it– Similar to connecting to a router
• Switch status lights– The switch lights normally indicate if a port is
forwarding, blocking (yellow), or has errors (blinking yellow)
– Press the 2900 XL switch mode button to check switch utilization, 10/100 status, or duplex status
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-15
6-29Copyright © 2003, Chesapeake Netcraftsmen
Switch Global Configuration Commands
• Switches are configured like routers for:– Hostname– IP host table– Enable password or enable secret– DNS server address or disabling DNS
no service password-encryption
hostname Switch
enable password cisco
no ip domain-lookup
ip host pc 192.168.1.205
6-30Copyright © 2003, Chesapeake Netcraftsmen
Managing a Switch
• To allow telnet and SNMP management access to a switch, you need to give the switch one IP address, subnet mask, and default gateway– Similar to setting up a new PC
• Specify the VLAN the management interface is to be in– Has to be VLAN 1 on older Cisco IOS versions– We’ll explain VLANs later in this chapter
• Configure the address and default gateway as follows:
interface VLAN1
ip address 192.168.2.100 255.255.255.0
ip default-gateway 192.168.2.202
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-16
6-31Copyright © 2003, Chesapeake Netcraftsmen
Switch Line Configuration Commands
• Switch asynchronous (terminal) lines are also configured like the router, for:– Login and password
– Exec-timeout
• Switches may not have an AUX port
line con 0
password cisco
login
line vty 0 4
exec-timeout 15 30
password cisco
login
6-32Copyright © 2003, Chesapeake Netcraftsmen
Switch Port Configuration Commands
• Cisco IOS based switches refer to interfaces rather than ports
• Interface switching Layer 2 commands start with the words:– Port– Switchport– Spanning-tree
• These aren’t needed for basic switch operation• Unless the switch is Layer 3 capable, you do not put
addresses on switch interfaces– We’ll see that each active router interface needs its own IP address
interface FastEthernet0/1
description This port connects to the Colonel’s PC!
no shutdown
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-17
6-33Copyright © 2003, Chesapeake Netcraftsmen
Switch Port Configuration Commands
• To override auto-negotiation, you can configure speed and duplex-ness on the interface– This is generally done for switch ports connecting to
servers or routers or other important devices– Configure “duplex auto” and “speed auto” to restore
auto-negotiation
interface FastEthernet0/1
speed 100
duplex full
6-34Copyright © 2003, Chesapeake Netcraftsmen
Switch Show Commands
Switch#show version
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 03-Apr-00 16:37 by swati
Image text-base: 0x00003000, data-base: 0x00301398
ROM: Bootstrap program is C2900XL boot loader
Switch uptime is 40 minutes
System returned to ROM by power-on
System image file is "flash:c2900XL-c3h2s-mz-120.5-XU.bin"
(etc.)
Similar to this command on a router
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-18
6-35Copyright © 2003, Chesapeake Netcraftsmen
Switch Show Commands
• “Show ip int brief” shows the management address and VLAN, also shows status of the switch ports (interfaces)
Switch#show ip int brief
Interface IP-Address OK? Method Status Protocol
VLAN1 192.168.2.100 YES NVRAM up up
FastEthernet0/1 unassigned YES unset up up
FastEthernet0/2 unassigned YES unset up up
FastEthernet0/3 unassigned YES unset up up
FastEthernet0/4 unassigned YES unset up up
FastEthernet0/5 unassigned YES unset down down
6-36Copyright © 2003, Chesapeake Netcraftsmen
Switch Show Commands
• “Show ip arp” shows the ARP table– Think of this as being like a PC’s ARP table
• Not to be confused with the learned MAC address table
Switch#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.2.100 - 0003.6ba1.6680 ARPA VLAN1
Internet 192.168.2.202 47 0003.e327.9ea6 ARPA VLAN1
Internet 192.168.2.200 47 0010.7b1b.730c ARPA VLAN1
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-19
6-37Copyright © 2003, Chesapeake Netcraftsmen
Switch Show Commands
Switch#show ip int
VLAN1 is up, line protocol is up
Internet address is 192.168.2.100/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
(etc.)
Similar to this command on a router, shows IP address and subnet mask
6-38Copyright © 2003, Chesapeake Netcraftsmen
Switch Show Commands
Switch#show mac
Dynamic Address Count: 4
Secure Address Count: 0
Static Address (User-defined) Count: 0
System Self Address Count: 47
Total MAC addresses: 51
Maximum MAC addresses: 2048
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- -------------------
0003.e327.9ea6 Dynamic 1 FastEthernet0/4
0010.7b1b.730c Dynamic 1 FastEthernet0/3
0050.0429.37cb Dynamic 1 FastEthernet0/1
00b0.6452.2319 Dynamic 1 FastEthernet0/2
Displays learned MAC addresses and ports
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-20
6-39Copyright © 2003, Chesapeake Netcraftsmen
Switch Show Commands
Switch#show spanning-tree
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0003.6ba1.6680
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set, changes 2
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 1, topology change 0, notification 0
(continued…)
Displays spanning tree information
6-40Copyright © 2003, Chesapeake Netcraftsmen
Switch Show Commands
Interface Fa0/1 (port 13) in Spanning tree 1 is FORWARDING
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0003.6ba1.6680
Designated bridge has priority 32768, address 0003.6ba1.6680
Designated port is 13, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 1101, received 0
Interface Fa0/2 (port 14) in Spanning tree 1 is FORWARDING
Port path cost 100, Port priority 128
Designated root has priority 32768, address 0003.6ba1.6680
Designated bridge has priority 32768, address 0003.6ba1.6680
Designated port is 14, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 1305, received 0
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-21
6-41Copyright © 2003, Chesapeake Netcraftsmen
Switch Show Commands
Switch#show int fa 0/1
FastEthernet0/1 is up, line protocol is up
Hardware is Fast Ethernet, address is 0003.6ba1.6681 (bia0003.6ba1.6681)
Description: This port connects to the Colonel’s PC!
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
(etc.)
Similar to what you see on a router
6-42Copyright © 2003, Chesapeake Netcraftsmen
Topics
• Switches and MAC Addresses• Spanning Tree Protocol• Working with Cisco switches• VLANs and Trunks
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-22
6-43Copyright © 2003, Chesapeake Netcraftsmen
VLANs
• Switches normally flood broadcasts (multicasts and unknown unicasts) out all ports– In big campus networks with many users, the high volume of such
flooded traffic is undesirable
• VLANs allow us to partition a switch into groups of ports for flooding purposes– Smaller broadcast domains!
• As we’ll see in the next chapter, each VLAN is a different subnet– Routers required to go between VLANs– Therefore VLANs divide switch ports into “security zones”
VLAN 2 VLAN 3 VLAN 4
6-44Copyright © 2003, Chesapeake Netcraftsmen
VLANs
• VLANs limit the spread of broadcasts or of layer 2 problems (jabbering NIC card, etc.)
Broadcast! XXXXXXXX
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-23
6-45Copyright © 2003, Chesapeake Netcraftsmen
Trunks
• On a single switch, the switch can tell what VLAN to flood a broadcast (etc.) in by which port the broadcast was received on
• When you have multiple switches, what do you do?
??? ??? ???
What VLAN is it in???
6-46Copyright © 2003, Chesapeake Netcraftsmen
Trunks
• You could use a separate cable to carry each VLAN to the other switch– That rapidly gets expensive in terms of cabling tangle
and number of switch ports used up
• Alternative: put a VLAN number or tag field into the Ethernet frame header on the link between switches
• Make the inter-switch link a member of all VLANs
VLAN 2 VLAN 2
Trunk
VLAN 2
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-24
6-47Copyright © 2003, Chesapeake Netcraftsmen
Trunks
• Cisco-proprietary format: ISL trunks– Inter-Switch Link
• Standard: 802.1Q trunks– 12 bits for VLAN ID– 3 bits for user priority– Etc.
Ethernet Frame Header
802.1Q header
Layer 3 Header and Payload
Ethernet type code indicates presence of
the extra 802.1Q bytes
6-48Copyright © 2003, Chesapeake Netcraftsmen
802.1Q
• Frames received on 802.1Q trunks are in a “native VLAN” if they do not have the 802.1Q header inserted– Determined by the port the frame is received on
• Otherwise, if the 802.1Q header is present, the VLAN ID in it determines the VLAN
VLAN 2 VLAN 2
TrunkVLAN 3
No 802.1Q info hence in VLAN 2
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-25
6-49Copyright © 2003, Chesapeake Netcraftsmen
Trunks and STP
• Cisco runs a separate copy of STP for each ISL VLAN– Per VLAN Spanning Tree (PVST)– Enhanced to work with mixed ISL and 802.1Q:
PVST+
• 802.1Q– Initially allowed only one Spanning Tree
• CST = Common Spanning Tree
– Now you can specify which VLANs use which Spanning Tree
• MST = Multiple Spanning Tree• Some Cisco or other documents may have used MST to
refer to Mono Spanning Tree
6-50Copyright © 2003, Chesapeake Netcraftsmen
Dynamic Trunking Protocol
• Cisco switches use DTP, Dynamic Trunking Protocol, to negotiate:– Whether a link should become trunking– What trunking protocol (ISL or 802.1Q) to use on
the link
• “Auto” negotiation for DTP will not result in trunking– Both ends wait for the other to initiate trunking– Set one end to “desirable” or “on”
• Auto selection of protocol may not work– We recommend setting the trunking protocol
manually
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-26
6-51Copyright © 2003, Chesapeake Netcraftsmen
Cisco VTP
• When you create a VLAN on a Cisco switch, you usually assign it a number and optionally a name and other parameters
• To (allegedly) make this easier and more consistent, Cisco invented VTP to pass this information to other switches in the same “VTP domain”– VTP stands for VLAN Trunking Protocol
– VTP operates across trunks
• Create or delete a VLAN on a switch that’s a VTP server, and it propagates throughout the VTP domain– Switches are VTP servers by default
• Ports belonging to a deleted VLAN are disabled!
6-52Copyright © 2003, Chesapeake Netcraftsmen
Cisco VTP
Create an Ethernet VLAN 52 named “Unsecure”
VTP
Automatically creates an Ethernet VLAN 52 named “Unsecure”
Switches in same VTP domain
Trunk
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-27
6-53Copyright © 2003, Chesapeake Netcraftsmen
Cisco VTP
• To make this more challenging, Cisco IOS-based switches have a “vlan database” mode for configuring VTP and creating VLANs– VLAN defaults are a NULL domain name and server mode
• This information is saved separately from the configuration file– Confusing!
– The usual tools don’t work well with this scheme!
• In recent IOS versions, using a VLAN 12 in configuration mode also creates it with default name VLAN0012
• In the newest versions of the Cisco IOS for the switches, all this will be part of configuration mode
6-54Copyright © 2003, Chesapeake Netcraftsmen
VLAN Database Mode
Switch#vlan database
Switch(vlan)#?
VLAN database editing buffer manipulation commands:
abort Exit mode without applying the changes
apply Apply current changes and bump revision number
exit Apply changes, bump revision number, and exit mode
no Negate a command or set its defaults
reset Abandon current changes and reread current database
show Show database information
vlan Add, delete, or modify values associated with a single VLAN
vtp Perform VTP administrative functions.
Switch(vlan)#
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-28
6-55Copyright © 2003, Chesapeake Netcraftsmen
Configuring VTP
Switch(vlan)#vtp ?
client Set the device to client mode.
domain Set the name of the VTP administrative domain.
password Set the password for the VTP administrative domain.
pruning Set the administrative domain to permit pruning.
server Set the device to server mode.
transparent Set the device to transparent mode.
v2-mode Set the administrative domain to V2 mode.
Switch(vlan)#vtp domain MyDomain
Changing VTP domain name from NULL to MyDomain
Switch(vlan)#
Assign the switch to a VTP domain
named “MyDomain”
Most options are rarely used
6-56Copyright © 2003, Chesapeake Netcraftsmen
Creating a VLAN
Switch(vlan)#vlan ?
<1-1005> ISL VLAN index
Switch(vlan)#vlan 52 ?
…
name Ascii name of the VLAN
parent ID number of the Parent VLAN of FDDI or Token Ring typeVLANs
ring Ring number of FDDI or Token Ring type VLANs
said IEEE 802.10 SAID
state Operational state of the VLAN
ste Maximum number of Spanning Tree Explorer hops for this VLAN
…
<cr>
Switch(vlan)#vlan 52 name unsecure
VLAN 52 modified:
Name: unsecureCreate VLAN 52
and name it “unsecure”
Most of the options are rarely used
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-29
6-57Copyright © 2003, Chesapeake Netcraftsmen
Deleting a VLAN
Switch(vlan)#no vlan 12
Deleting VLAN 12...
Switch(vlan)#
6-58Copyright © 2003, Chesapeake Netcraftsmen
VLAN Database Mode
• When you exit VLAN database mode, the changes are committed
• The VTP version number is incremented
• If the switch is a VTP server, the revised VLAN information is sent to the rest of the VTP domain
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-30
6-59Copyright © 2003, Chesapeake Netcraftsmen
Putting a Port in a VLAN
• To put a port into one specific unchanging VLAN:– Set the interface to access mode– Specify the VLAN for the interface
Switch(config)#int fast 0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 52
6-60Copyright © 2003, Chesapeake Netcraftsmen
Setting a Port to Trunking
• To make a port trunking:– Specify trunking mode– (Optional) Set the port trunking
encapsulation
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk encaps ?
dot1q Interface uses only 801.1q trunking encapsulation when trunking
isl Interface uses only ISL trunking encapsulation when trunking
Switch(config-if)#switchport trunk encaps dot1q
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-31
6-61Copyright © 2003, Chesapeake Netcraftsmen
VTP and VLAN Show Commands
Switch(vlan)#show
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Translational Bridged VLAN: 1002
Translational Bridged VLAN: 1003
VLAN ISL Id: 2
Name: VLAN0002
Media Type: Ethernet
VLAN 802.10 Id: 100002
…
Note we’re in VLAN database
mode here
6-62Copyright © 2003, Chesapeake Netcraftsmen
VTP and VLAN Show Commands
Switch#show vlan
VLAN Name Status Ports
---- ------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/9, Fa0/10, Fa0/11, Fa0/12,
Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa0/24
2 VLAN0002 active
…
6 VLAN0006 active Fa0/6
…
52 unsecure active
…
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
...
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-32
6-63Copyright © 2003, Chesapeake Netcraftsmen
VTP and VLAN Show Commands
Switch#show vtp ?
counters VTP statistics
status VTP domain status
Switch#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 68
Number of existing VLANs : 19
VTP Operating Mode : Transparent
VTP Domain Name : MyDomain
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xF3 0x35 0xC1 0x9E 0xF7 0x0B 0x0F 0x20
Configuration last modified by 192.168.2.100 at 3-1-93 02:55:31
6-64Copyright © 2003, Chesapeake Netcraftsmen
VTP and VLAN Show Commands
Switch#show int fa 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Disabled
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: NONE
Pruning VLANs Enabled: NONE
Priority for untagged frames: 0
…
Access mode means the port is not
trunking but assigned to a single VLAN
Interface is in VLAN 1
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-33
6-65Copyright © 2003, Chesapeake Netcraftsmen
VTP and VLAN Show Commands
Switch#show int fa 0/5 switchport
Name: Fa0/5
Switchport: Enabled
Administrative mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1-8,11,13-16,52,141
Pruning VLANs Enabled: 2-1001
802.1Q trunking on
this port
Native VLAN 1
6-66Copyright © 2003, Chesapeake Netcraftsmen
Review Questions
• What is the main function of a bridge or switch?– Learn MAC addresses and base Layer 2 frame forwarding on the
MAC/port table
• What is the main drawback of bridges and switches– Layer 2 only scales to a certain extent– Routers provide better security and also other Layer 3 services– Routers or Layer 3 switches control broadcast traffic and layer 2
problems
• What cabling problem do switches have to guard against, and how do they do this?– Loops, Spanning Tree Protocol (STP)
• A connection between two switches carrying multiple VLANs between the switches is called what? What encapsulations can be used there?– A trunk. 802.1q or Cisco ISL.
Copyright © 2003 Chesapeake NetCraftsmen, Inc. Page 6-34
6-67Copyright © 2003, Chesapeake Netcraftsmen
Summary
• Having completed this chapter, the students should now be able to:– Explain and demonstrate how switches learn and
use MAC addresses to forwarding Ethernet frames
– Describe why switches need Spanning Tree Protocol (STP) and key concepts relating to STP
– Configure a Cisco switch for management and basic port settings
– Explain VLANs and Trunks– Configure a Cisco switch for simple VLANs and
Trunks– Monitor and troubleshoot switches, STP, VLANs,
and trunks
6-68Copyright © 2003, Chesapeake Netcraftsmen
References
CCIE Professional Development: Cisco LAN Switching– Kennedy Clark, Kevin Hamilton, Cisco Press,
ISBN: 1578700949, 926 pages