1. Basic Switch Operation & Configuration

7/27/2019 1. Basic Switch Operation & Configuration

1/9

The Bryant Advantage BCMSN Study Guide

Chris Bryant, CCIE #12933 www.thebryantadvantage.com Back To Index

Basic Switch Operation & ConfigurationOverview

Before we get to the switch in this chapter, we're going to spend a fewminutes going over some Ethernet types and limitations. You know from

your CCNA studies how CSMA/CD works, but we don't just have Ethernetanymore... we've got Ethernet, Long Range Ethernet, Fast Ethernet, GigEthernet, and more! So even if you're comfortable with your Ethernetknowledge, spend a few minutes here going over these basics and thenwe'll get back to the switch -- I promise!

Ethernet

Good old "basic" Ethernet is based on IEEE 802.3, and offers abandwidth of 10 MB to end users. The more users there are on anEthernet segment, the higher the chance of collisions, which rendersignals sent by the hosts to an unusable state. When the hosts areconnected to their own individual switch ports, they will each get adedicated 10 MB and the chance of collisions is eliminated. Each port ona switch is its own collision domain.

Ethernet uses UTP cabling (Unshielded Twisted Pair), and this cable typehas a length limit of 100 meters. Referring to the Cisco three-layernetworking model, Ethernet is generally going to be found at the accesslayer, connecting end users to the network.

Fast Ethernet

Fast Ethernet is defined in IEEE 802.3u, and operates at 100 MB. FE canuse UTP or fiber-optic wiring. When full-duplex FE is in operation, theeffective bandwidth is 200 MBPS, since FE ports can send and receive atthe same time.

Ethernet Types

Basic Switch Operation

How The Switch Builds Its MAC Table

Basic Switch Configuration

Breaking Down Cisco IOS Filenames

The Interface Range And Description Commands

The Errdisable RecoveryCommand


2/9

You'll see "10/100" ports on many switches. This means that the port willwork with an Ethernet or Fast Ethernet connection, and the port speedcan be negotiated between the switch and the connected device. Toallow this negotiation, both end devices should be set for "auto", short forautonegotiation. And as you know, if you're connecting a server, router,or workstation to a switch, you'll need a straight-through cable.

Fast Ethernet ports can also be used to create a Fast EtherChannel. AnEtherchannel, or EC, is a logical bundling of physical connectionsbetween switches. A Fast EC can bundle up to eight physicalconnections, resulting in throughput of up to 1600 MBPS!

As with Ethernet, Fast Ethernet connections can connect end users to theaccess-layer switches. FE ports can also be used to form a trunkbetween the access and distribution-layer switches, but hopefully we'vegot some Gigabit Ethernet ports to handle that.

Gigabit Ethernet

The next logical step is Gigabit Ethernet, often referred to as "GigEthernet". Gig Ethernet will support speeds up to 1000 MBPS, or 1Gigabit Per Second (GBPS).

The cabling you use with your Gig Ethernet ports is going to vary widely.The necessary cable is determined by the Gigabit Ethernet standard inuse on your particular switch. Some of the more common cable types touse with Gigabit Ethernet are Shielded Twisted-Pair (STP), MultimodeFiber (MMF) cable with either a 50- or 62.5 micron core, and Single-ModeFiber (SMF) with an 8-, 9-, or 50-micron core.

I told you there were quite a few cables that support Gig Ethernet! Makesure to check your switch's documentation before you start buying cables!

10 Gigabit Ethernet

Often referred to in documentation as 10GbE. 10Gig Ethernet will onlywork on fiber-optic and in full-duplex mode. (That's the only way all thatspeed can be used!)

Long Range Ethernet

No, LRE isn't faster than 10 Gig Ethernet! LRE can use preexisting wiringto provide Ethernet service to a building that might not otherwise have it.The preexisting wiring is usually going to be the phone wires. Theavailable speed is dependent on the cable length - the longer the wire, theless bandwidth that's available.

A Quick Cable Review

To connect your PC to the console port of a switch, you must have arollover cable. Check your PC in advance to make sure you don't need anadapter for the rollover cable. Many laptops no longer have a DB9 port.

To connect a router, PC, or server to a switch, you'll need a straight-through cable. If the router has an AUI port, you'll also need a transceiverfor the router. The transceiver connects to the router and the cableconnects to the transceiver.


3/9

To connect two switches, you'll need a crossover cable.

What's A "Geebic"?

A GBIC, pronounced "geebic", is a module that fits into a Gig Ethernetport. These modules are hot-swappable for easier migration to a new

media type.

Basic Switch Operation

As a CCNA and CCNP candidate, you should be more than familiar withthe basic operation of a switch, how the MAC address table is built, andbasic switch configuration. Just in case you're a little rusty, we're going toreview that information here, and add a few commands you might not beas familiar with.

A switch uses Layer 2 addresses, more commonly referred to as MACaddresses, to forward or filter frames as needed. When a switch is first

powered on, its MAC address table is empty. While a MAC table can bepopulated with static MAC entries, it's more efficient to have the switchlearn the addresses dynamically. The switch does this by examining thesource MAC address before deciding how to get the frame to thedestination MAC address.

When a switch examines the source MAC of a frame, the switch checksits MAC table to see if there's an entry for that address. If not, the switchadds that address to its MAC table along with the port used to reach thataddress.

The switch will then check its MAC table for the destination MAC. There

are four possibilities for that destination MAC:

The destination MAC is a unicast and there is no entry for theaddress in the MAC table. This frame will be flooded- it will be sentout every switch port except the one it came in on.

The destination MAC is a unicast and there is an entry for theaddress in the MAC table. In this case, the frame will be sent outonly the port leading to the host with the proper destination MAC.

The destination MAC is a unicast, and there is an entry for theaddress in the MAC table, AND the source and destination addressare found off the same port. This frame will be filtered- it will not beforwarded at all by the switch.

The destination MAC is a broadcast or multicast, in which case theframe will be sent out every port except the one it was receivedupon.

Let's look at these possibilities using the following network.


4/9

If the switch's MAC table is empty and Host A sends a frame to Host B,the switch will end up forwarding a copy of the frame out every portexcept 0/1. The switch will also make an entry in its MAC table for Host Aas a result of examining the frame's source MAC address.

When Host B replies, the switch will first examine the source MACaddress and will then make an entry it its table for Host B. The switch willsee that it already has an entry for Host A, so the switch will unicast theframe out port 0/1.


5/9

Once the switch has entries for all three hosts, the switch will realize thatHost A and Host C are found off the same port. If either of those hostssends a frame to the other, the switch will filterthe frame.

The official terminology for the MAC table is the CAM table, or ContentAddressable Memory table. Depending on who you talk to, you'll hearthis table called...

the MAC address table the CAM table the bridging table

... but they're all the same thing.

This command has quite a few options, all shown below thanks to IOSHelp.

SW2#show mac-address-table ?address address keywordaging-time aging-time keyword


6/9

count count keyworddynamic dynamic entry typeinterface interface keywordmulticast multicast info for selected wildcardnotification MAC notification parameters and history tablestatic static entry typevlan VLAN keyword

| Output modifiers

SW2#show mac-address-table dynamicMac Address Table

-------------------------------------------

Vlan Mac Address Type Ports---- ----------- -------- -----

1 000e.d7f5.a04b DYNAMIC Fa0/11Total Mac Addresses for this criterion: 1

Basic Switch Configuration Commands

As a CCNA, you already know that the command to name a switch ishostname. This command is run in global configuration mode, and like allglobal commands, this command takes effect immediately.

SW2(config)#hostname SWITCH_2SWITCH_2(config)#

Sooner or later, you're going to need remote access to your network'sswitches. You can assign an IP address to the switch's management

interface (by default, the vlan 1 interface) with the interface vlancommand.

SWITCH_2(config)#interface vlan 1

SWITCH_2(config-if)#ip address 20.1.1.1 255.255.255.0

To allow Telnet access to any Cisco device, a vty password has to be set.You must also either set an enable password or enable secret, or use thecommand privilege level 15to put a telnetting user straight into privilegedexec mode. A console password can also be set just as you would on arouter, and the service password-encryption command can be used toencrypt these commands as well.

SWITCH_2(config)#line vty 0 15

SWITCH_2(config-line)#password CCNPSWITCH_2(config-line)#login

SWITCH_2(config-line)#line console 0

SWITCH_2(config-line)#password CCIE

SWITCH_2(config-line)#login

SWITCH_2(config)#enable password CCNA

All these passwords appear in clear text, until the service password-encryptioncommand is run.

line con 0

exec-timeout 0 0password CCIE

login

line vty 0 4


7/9

password CCNP

login

line vty 5 15

password CCNP

login

SWITCH_2(config)#service password-encryption

line con 0exec-timeout 0 0

password 7 096F6D203C

login

line vty 0 4

password 7 08026F6039

login

line vty 5 15

password 7 08026F6039

login

There's one more Telnet option you may not have considered or knownabout, but with the need for security today, it's one you should stronglyconsider. Telnet connections take place over channels that are basically

non-secure, but using Secure Shellinstead will allow a user to connect tothe switch over a secure channel and using strong authentication.

To configure a switch to allow only Secure Shell connections:

line vty 0 15

transport input ssh

This is *not* all there is to SSH; quite the opposite. Configuring a networkfor SSH is out of the scope of the BCMSN exam, but you can visitwww.cisco.com/univercd to learn more about configuring SSH with your

particular IOS versions.

Copying Switch Configuration Files

Believe me - you're going to move files on a Cisco switch sooner or later,probably sooner! You may want to back up the starting configuration,update an IOS, or copy the running configuration over the startupconfiguration - and the key word is "copy". The copy command can beused to move files to and from any valid location, but the command doestake a little getting used to. Let's use IOS Help to take a more detailedlook at this simple command.

SWITCH_2#copy ?/erase Erase destination file system.

/noverify Disable automatic image verification after copy

bs: Copy from bs: file system

flash: Copy from flash: file system

ftp: Copy from ftp: file system

null: Copy from null: file system

nvram: Copy from nvram: file system

rcp: Copy from rcp: file system

running-config Copy from current system configuration

startup-config Copy from startup configuration

system: Copy from system: file system

tftp: Copy from tftp: file system

xmodem: Copy from xmodem: file system

ymodem: Copy from ymodem: file system

Note that all the descriptions contain the word "from". The first locationyou specify in the copycommand is the current location of the file, whilethe second location is where you want to file copied to.


8/9

SWITCH_2#copy startup-config ?

flash: Copy to flash: file system

ftp: Copy to ftp: file system

null: Copy to null: file system

nvram: Copy to nvram: file system

rcp: Copy to rcp: file system

running-config Update (merge with) current system configuration

startup-config Copy to startup configuration

system: Copy to system: file systemtftp: Copy to tftp: file system

The copycommand can be a pain if you're updating IOS images or savingthem to a TFTP server, due to the sheer length of an IOS imagefilename. Just be careful, remember the syntax of the copy command,and you'll be fine.

Speaking of which, ever wonder what a Cisco filename means? Look atthe IOS image filename on the switch we've been using in this chapter:

c2950-i6q4l2-mz.121-19.EA1.bin

Believe it or not, that mix of numbers and letters actually meanssomething. There is a standard for IOS filenames, so as we decipher thisfilename, remember that you can use this method to do so with any IOSfilename.

c2950 - This one's easy, since we're working on a Catalyst 2950 switch.

i6q4l2 - This part describes the switch's feature set. The iat thebeginning of this feature set description indicates a switch running an IPfeature set.

mz - The mindicates that the image is running in RAM; the zindicates azip-compressed image.

121-19.EA1 - The 121 indicates the major IOS release version, 12.1.The 19 is the maintenance release. The E indicates an Early Deploymentof features. A indicates the interim build level, in this case the first one("A"). The 1 indicates the first build of that level, and finally the .binindicates that the image file is a binary executable.

Choosing A Range Of Ports

If you'd like to configure a group of ports with a given command ratherthan one at a time, use the interface rangecommand. The speedandduplexcommands are also shown in the following example. Make sure toget some practice with this command - it'll make your life a lot easier onCisco exams and when working on production networks.

SW2(config)#interface range fast 0/1 - 11

SW2(config-if-range)#speed 10

SW2(config-if-range)#duplex half

This may not seem like the world's most important command, but believeme - whether you're asked to configure a feature on 12 ports during theexam or 24 ports in a production network, you're going to be reallyglad

you know this command!

Describing A Port's Purpose


9/9

It's a great idea to take a few seconds to describe what a port is beingused for, and you can do this with the descriptioncommand. In thefollowing example, we're using the interface rangecommand incombination with the descriptioncommand to make a notation in theconfiguration that these ports are trunking with SW1. Note that thedescription appears under each port named in the range.

SW2(config)#interface range fast 0/11 - 12

SW2(config-if-range)#description ports trunking with SW1

interface FastEthernet0/11

description ports trunking with SW1

no ip address

!

interface FastEthernet0/12

description ports trunking with SW1

no ip address

Autorecovery From An Err-Disabled State

A switch port will be placed into error-disabled state, referred to on theswitch as err-disabled, under certain circumstances such as a violation ofport security. By default, a port in err-disabled state has to be manuallyreopened. (The port LED will go out as well; as you'd suspect, a greenLED indicates an active port.)

You may have a situation where you want the port to re-enable itself aftera certain period of time, and this can be configured with the errdisablerecovery intervalcommand. Before doing so, though, you must define thecauses from which the port can recover automatically. We'll use the "all"option here to allow the port to autorecover from any err-disabled state.

SW2(config)#errdisable recovery cause all

SW2(config)#errdisable recovery interval ?

timer-interval(sec)

SW2(config)#errdisable recovery interval 300

As with any command involving time, you should first check the unit oftime this particular command uses. Some Cisco commands use seconds,some use minutes, some use hours. If you want a five-minute intervalbefore the port re-enables, you need to enter 300, not 5.

Copyright 2007 The Bryant Advantage. All Rights Reserved.

Documents

1. Basic Switch Operation & Configuration