SWITCHING

SWITCHING - Key Points & Concepts

SWITCHING : The mechanism for moving data between different computer networks
and network segments is called switching. A dedicated device perform
these tasks called switch
SWITCH : It is a network device which is used to connect multiple host, it is also called
Multi-Port Network bridge
Switch works on Layer -2 , but some switches works on Layer-3, these are called L3
or multi-layer Switches. ( Support Routing )
 SWITCH WORKING
1- It works on Forwarding Table / MAC table / CAM table

● Receive data at their input ports.

● Determine where the data needs to go.
● Move the data to the correct output port.
● Read MAC Address
● Send the data out.
SWITCH BENEFITS

1-Switching provides high speed data exchange

2-Full Duplex Communications
3-Low Latency
4-Dedicated communication between devices ( unicast )
5-Extend Networks
 TYPES OF SWITCH
Unmanageable Switches
These are the switches that are mostly
used in home networks and small
businesses as they plug in and instantly
start doing their job and such switches
do not need to be watched or configured
Manageable Switches
These types of switches have many
features like the highest levels of
security, precision control, and full
management of the network. such
switches need to be watched or
configured
L2/L3 SWITCHES
Layer 2 switch works on layer 2 of the OSI model (data link layer) and sends a “Frame” to
destination port using MAC address table which stores the mac address of a device associated
with that port. Layer 3 switch work on layer 3 of OSI model (network layer) where it route
packet by using IP address, it is used widely on VLANs.
Layer 2 Switch Layer 3 Switch
Operate on layer 2 (Data link) of OSI model. Operate on layer 3 (Network Layer) of OSI model.

Send “frames” to destination on the basis of MAC address. Route Packet with help of IP address

Work with MAC address only Can perform functioning of both 2 layer and 3 layer switch

Mostly Used to implement VLAN (Virtual Local area

Used to reduce traffic on local network.
network)

Quite fast as they do not look at the Layer 3 portion of the Takes time to examine data packets before sending them
data packets. to their destination

It has single broadcast domain It has multiple broadcast domain.

Can communicate within a network only. Can communicate within or outside network.
CONFIGURATION OF SWITCH
Requirements

1- Rollover wire ( console cable )

2- Switch
3- PC ( Laptop / Desktop )
4- Putty Terminal

Switch>en
Switch#conf t
Switch(conf)#hostname upBrain
upBrain(conf)#^z
upBrain#copy run start

Note : all the basic configuration of switch will be done as router’s

configuration Like :

Hostname , Banner , Passwords , etc.

But it will take IP address on its VLAN interface
HOW TO CONFIGURE INTERFACE SPEED
Switch>en
Switch#conf t
Switch(conf)#int fa0/0
Switch(conf)#speed ?
Switch(conf)#speed auto
Switch(conf)#duplex ?
Switch(conf)#duplex full

HOW SWITCH FORWARD THE MAC TABLE

HOW TO TELNET A SWITCH
Connect all devices through cables and type commands
CONSOLE WIRE
switch>en
switch#conf t
switch(conf)#line vty 0 15
switch(conf-line)#password ccna
switch(conf-line)#login
switch(conf-line)#exit
switch(conf)#enable secret ccnp
switch(conf)#int vlan 1
switch(conf-if)#ip add 192.168.1.1 255.255.255.0
switch(conf-if)#no shut
switch(conf-if)#exit
switch(conf)#exit
switch#copy run start

now assigh ip addresses from 192.168.1.0 network on each pc with default gateway 192.168.1.1
check connectivity with ping command now go on any PCs command prompt and type telnet
192.168.1.1
HOW TO SET USERNAME PASSWORD ON A SWITCH

CONSOLE WIRE

Connect all devices through cables and type commands

switch>en
switch#conf t
switch(conf)#username upbrain secret ccna
switch(conf-line)#line console 0
switch(conf-line)#login local
switch(conf-line)#exit
switch#copy run start
switch#exit

Username : upbrain
Password : ccna
Switch>
HOW TO CONFIGURE SSH ON A SWITCH

SSH : Secure Shell

• Secure Shell is a cryptographic protocol which is used to encrypt data.

• It follow the server client architecture, it has got 2 versions.
• SSH Version-1 and SSH Version-2
• It use TCP port 22

Requirements

1-IP configuration on switch

2-SSH client software must be installed in your pc through which you will perform SSH
and it must be connected with cisco switch or router
3-Username and password must be set
4-Device name and DOMAIN name must be configured
5-Generate Keys
6-VTY password and enable secret password must set
HOW TO CONFIGURE SSH PROTOCOL ON A SWITCH

switch>en CONSOLE WIRE

switch#conf t
switch(conf)#enable secret ccnp
switch(conf)#int vlan 1
switch(conf-if)#ip add 192.168.1.1 255.255.255.0
switch(conf-if)#no shut
switch(conf-if)#username upbrain secret ccna
switch(conf)#hostname SW1
SW1(conf)#ip domain-name upbrain.in
SW1(conf)#crypto key generate rsa 1024
SW1(conf)#ip ssh version 2 Testing:
SW1(conf)#line vty 0 15 Go to any PC and try to ping switch with the IP
SW1(conf-line)#password ccna 192.168.1.1
SW1(conf-line)#login local Now click on telnet/ssh client on pc
SW1(conf-line)#exit select
SW1(conf)#^z SSH , type ip address / name = 192.168.1.1
SW1#sh run username – upbrain then click on connect
SW1#copy run start
WHAT IS VLAN AND HOW TO CONFIGURE VLAN

VIRTUAL LAN (VLAN) : is a concept in which we can divide the devices logically on layer 2 (data
link layer). Generally, layer 3 devices divide broadcast domain but broadcast domain can be
divided by switches using the concept of VLAN
VLAN TYPES :

VLAN 0, 4095: These are reserved VLAN which cannot be seen or used.

VLAN 1: It is the default VLAN of switches. By default, all switch ports are in
VLAN. This VLAN can’t be deleted or edit but can be used.

VLAN 2-1001: This is a normal VLAN range. We can create, edit and delete
these VLAN.

VLAN 1002-1005: These are CISCO defaults for fddi and token rings. These
VLAN can’t be deleted.

VLAN 1006-4094: This is the extended range of Vlan.

DIFFERENCE BETWEEN LAN & VLAN

VLAN stand for Virtual Loacl Area Network

LAN stands for Local Area Network.

The cost of Local Area Network is high. The cost of Virtual Local Area Network is less.

The latency of Local Area Network is high. The latency of Virtual Local Area Network is low.

The devices which are used in LAN are:

The devices which are used in VLAN are: Bridges and switch.
Hubs, Routers and switch.

In local area network, the Packet is In virtual local area network, packet is send to specific
advertised to each device. broadcast domain.

Local area network is less efficient than Virtual local area network is greater efficient than local area
virtual local area network. network.
CONNECTION TYPES FOR VLAN

TYPES OF CONNECTIONS IN VLAN : The type of connections are based on the connected devices
i.e. whether they are VLAN-aware(A device that understands VLAN formats and VLAN
membership) or VLAN-unaware(A device that doesn’t understand VLAN format and VLAN
membership).

1.Trunk – All connected devices to a trunk link must be VLAN-aware. All frames on this
should have a special header attached to it called tagged frames. Switch to PC
2.Access – It connects VLAN-unaware devices to a VLAN-aware bridge. All frames on the
access link must be untagged. Switch to Switch

BENEFITS OF VLAN :

1- Performance : Broadcast or multicast packet will go to the intended users only.

2- Formation of virtual groups : VLANs can be very useful in order to group the devices logically
according to their departments.
3- Security : VLANs greatly enhance network security.
4- Flexibility : VLAN provide flexibility to add or remove the number of host we want.
5- Cost reduction : VLANs can be used to create broadcast domains which eliminate the need for
expensive routers.
HOW TO CONFIGURE VLAN

How to create VLAN

Switch>en
Switch#conf t
Switch(conf)#VLAN 2
Switch(conf)#Name sales
Switch(conf)#VLAN 3
Switch(conf)#Name account

How to assign ports

Switch(config)#int fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access Vlan 2
Switch(config)#int fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access Vlan 2
PORT ASSIGNING FOR A VLAN

How to assign ports in a range

Switch(config)#int fa0/1 - 2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access Vlan 2
Switch(config)#int fa0/3 - 4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access Vlan 3

How to assign IP on a VLAN

Switch>en
Switch#conf t
Switch(config)#int vlan 1
Switch(config-if)#ip add 192.168.1.1 255.255.255.0
Switch(config-if)#no shut
VLAN TAGGING ( INTER SWITCH LINK TAGGING )

We use VLAN tagging to transfer multiple vlans traffic within different switches, to perform this
task we use vlan tagging to provide communication between different vlans and different
switches. Single link is used to transfer multiple vlans traffic.

The two most common tagging schemes for Ethernet segments are ISL and 802.1Q:

ISL – A Cisco proprietary protocol

802.1Q – An IEEE standard that is the focus of this section

HOW TO CONFIGURE VLAN TAGGING

Configure both the switch for vlan and port assigning

after configuring the VLAN and Ports just configure GIG port for trunking

#int gig0/1
#switchport mode trunk

Now all the pcs from different VLAN can communicate together.
INTERVLAN ROUTING

Inter VLAN Routing :

Inter VLAN routing is a process in which we make
different virtual LANs communicate with each other
irrespective of where the VLANs are present (on
Fa0/0.1 -10.0.0.1
same switch or different switch). Inter VLAN Fa0/0.2 -11.0.0.1
Fa0/0.3 -12.0.0.1
Routing can be achieved through a layer-3 device
Router or layer-3 Switch. When the Inter VLAN
Routing is done through Router it is known
as Router on a stick.

Router On a Stick :
The Router’s interface is divided into sub-interfaces,
which acts as a default gateway to their respective
VLANs.
10.0.0.2 11.0.0.2 12.0.0.2
Note : Router’s IP address will be used as default 10.0.0.1 11.0.0.1 12.0.0.1
gateway for connected PCs in different VLANs
INTERVLAN CONFIGURATION

SWITCH CONFIGURATION
ROUTER CONFIGURATION S>en
R>en S#conf t
R#conf t S# vlan 2
R# int fa0/0.1 S# name sales
R# encapsulation dot1q 2 S# vlan 3
R# ip address 10.0.0.1 255.0.0.0 S# name account
R# int fa0/0.2 S# vlan 4
R# encapsulation dot1q 3 S# name purchase
R# ip address 11.0.0.1 255.0.0.0 S# int range fa0/1 - 2
R# int fa0/0.3 S# switchport access vlan 2
R# encapsulation dot1q 4 S# int range fa0/3 - 4
R# ip address 12.0.0.1 255.0.0.0 S# switchport access vlan 3
int range fa0/5 - 6
S# switchport access vlan 4
PCs Configuration
S#int fa0/7
Assign ip addresses to all pc's according to
S# switchport mode trunk
default gateways and networks , then check
with the ping command- all pcs will
communicate together
ROOT BRIDGE ELECTION AND CONFIGURATION

ROOT BRIDGE : The root bridge is the bridge with the lowest Bridge ID.It is a switch in a single
VLAN or whole topology (according to the type of STP standard used) which is responsible for
distributing BPDUs and block the least redundant port.
ELECTION PROCEDURE –
All the switches in the network declare themselves root bridges and start exchanging their
own BPDU. The BPDU with the lowest bridge ID is considered as superior. Now the switch
receiving the superior BPDU makes changes in its own BPDU and carries forward to its
neighbors. It changes the value of root Bridge ID with its superior BPDU bridge ID. This
process goes on until all the switches are satisfied with which bridge has the lowest bridge
ID and hence that switch will be declared as the root bridge.
ROOT BRIDGE ELECTION AND CONFIGURATION

Here is a small topology with three switches switch A (mac address-0000.0ACA7.A603),

switch B(0030.F222.2794), and switch C(000A.41D5.7937) with all having default priority
(32768).
Root Bridge election –
As all the switches have default priority therefore there is a tie on the basis of priority.
Now, the switch with the lowest Mac address will become a root bridge. Here, switch A
will become the root bridge as it has the lowest Mac address.
STP / RSTP / PVST

SPANNING TREE PROTOCOL : STP is also known as spanning tree protocol is a layer 2 (Data link
layer) protocol, it runs on switches and bridges. The IEEE standard of STP is 802.1D. STP is a
feature used to prevent loops when using redundant switches.

•Root—A forwarding port elected for the spanning-tree topology

•Designated—A forwarding port elected for every switched LAN segment
•Alternate—A blocked port providing an alternate path to the root bridge in the spanning tree
•Backup—A blocked port in a loopback configuration

RAPPID SPANNING TREE PROTOCOL : Rapid spanning tree protocol(RDTP) is an enhanced

version of the Spanning Tree Protocol. The IEEE standard of RSTP is 802.1w.
PVSTP: It is a spanning tree standard developed by Cisco for its devices which finds the root
bridge per VLAN. It is a Cisco default version of STP. It finds separate 802.1d spanning tree
instance for each VLAN. It also provides backward comparability with 802.1d or CST. This is
more optimized to the IEEE because it provides optimal path selection as separate instance of
STP per VLAN is find.
ROOT BRIDGE CONFIGURATION ( PORT / PRIORITY )

ROOT BRIDGE : is a switch in a single VLAN or whole topology (according to the type of STP
standard used) which is responsible for distributing BPDUs and block the least redundant port.

ROOT BASE :

S1>en
S1#conf t
S1(config)#spanning-tree ?
S1(config)#spanning-tree vlan 1 root primary
S1(config)#ctrl z
S1#copy run start
PRIORITY BASE :

S2>en
S2#conf t
S2(config)#spanning-tree ?
S2(config)#spanning-tree vlan 1 priority 20480
S2(config)#ctrl z
S2#copy run start
#sh spanning-tree (to check port status and root bridge)

HOW TO CONFIGURE RSTP

NOTE:- In the same topology we have to
S>en configure RSTP coz default is PVST so no need to
S#conf t configure PVST.
S#spanning-tree mode rstp-pvst RSTP convergense is
6 sec set, due to high bandwidth
PORT SECURITY

Attackers’ task is comparatively very easy when they can enter the network they want to
attack. Ethernet LANs are very much vulnerable to attack as the switch ports are open to use
by default

To take total control over the switch ports, the user can use a feature called port-security.
how to secure a switch port:-

Switch> enable
Switch# conf t
Switch# int fa0/11
Switch# switchport port-security
Switch# switchport mode access
Switch# switchport port-security maximum 1
Switch# switchport port-security mac-address sticky
Switch# switchport port-security violation shutdown
S1(config-if)# switchport port-security mac-address aa.bb.cc.dd.ee
Switch# control z
Switch# copy run start
VTP ( VLAN TRUNKING PROTOCOL )

VTP : VTP is a CISCO proprietary protocol used to maintain consistency throughout the
network or user can say that synchronizing the VLAN information in same VTP domain. VTP
allows you to add, delete and rename VLANs which is then propagated to other switches in
the VTP domain. VTP advertisements can be sent over 802.1Q, and ISL trunks.
VTP modes – There are 3 modes:

•Server – The switches are set to this mode by default. This mode allows you to create, add
and delete VLANs. The changes you want to make should be done in this mode. Any changes
that is done on this mode(on a particular switch) will be advertised to all the switches that
are in same VTP domain. In this mode, the configuration are saved in NVRAM.

•Client – In this mode, the switches receives the updates and can also forward the updates to
other switches(which are in same VTP domain). The updates received here is not saved in
NVRAM so all the configuration will be deleted if the switch is reset or reloaded.

•Transparent – This mode only forwards the VTP summary advertisements through trunk link.
The transparent mode switches can make their own local database which keep secret from
other switches.
How to configure VTP modes
VTP SERVER
Switch>en
Switch#conf t
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#vtp domain upBrain
Switch(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#^Z
Switch#copy run start
VTP TRANSPARENT
Switch>en
Switch#conf t
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#int fa0/2
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#vtp domain upBrain
Switch(config)#vtp mode transparent
Switch(config)#^Z
Switch#copy run start VTP client
Switch>en
Switch#conf t
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#vtp domain upBrain
Switch(config)#vtp mode client
Switch(config)#^Z
Switch#copy run start
ETHER CHANNEL

EtherChannel is a port link aggregation technology in which multiple physical port links are
grouped into one logical link. An EtherChannel combines multiple physical links into a single
logical link It is used to provide high-speed links and redundancy. A maximum of 8 links can be
aggregated to form a single logical link. It can be used by layer 2 and layer 3

It was invented by Kalpana in the Early's 1990s.late acquired by CISCO in 1994

In 2000 IEEE passed it as 802.3ad

Provide aggregate bandwidth

800 Mbps ( Fats EtherChannel / full duplex )

8 Gbps ( Giga EtherChannel )

80 Gbps ( 10 Gigabit EtherChannel )

EtherChannel has got two protocols : 1 - Port aggregation protocol ( PAgP )

2 - Link Aggregation Control Protocol (LACP)
1- Port aggregation protocol ( PAgP ) and Link Aggregation Control Protocol (LACP)

Port Aggregation Protocol (PAgP) :

The Cisco proprietary protocol Port Aggregation Protocol (PAgP) is an EtherChannel

technology. It’s a type of data/traffic load balancing that involves the logical aggregation of
Cisco Ethernet switch ports. A PAgP EtherChannel can merge up to eight physical links into
one virtual link.

Link Aggregation Control Protocol (LACP) :

Link Aggregation Control Protocol is an IEEE protocol, originally defined in 802.3ad, used to
form an EtherChannel. This protocol is almost similar to Cisco PAgP
HOW TO CONFIGURE PORT AGGREGATION PROTOCOL (PAGP)

Assign IP addresses to both the PCs

Switch1> en
Switch1# conf t
Switch1(config)# int range fa0/1 – 3
Switch1(config)# channel-protocol pagp
Switch1(config)# channel-group 1 mode desirable
Switch1(config)# ^z
Switch1(config)# copy run start

Switch2> en
Switch2# conf t
Switch2(config)# int range fa0/1 – 3
Switch2(config)# channel-protocol pagp
Switch2(config)# channel-group 1 mode desirable
Switch2(config)# ^z
Switch2(config)# copy run start

Out put check

Switch# sh EtherChannel summary

Can also ping computers

HOW TO CONFIGURE LINK AGGREGATION CONTROL PROTOCOL (LACP)

Assign IP addresses to both the PCs

Switch1> en
Switch1# conf t
Switch1(config)# int range fa0/1 – 3
Switch1(config)# channel-protocol lacp
Switch1(config)# channel-group 1 mode active
Switch1(config)# ^z
Switch1(config)# copy run start

Switch2> en
Switch2# conf t
Switch2(config)# int range fa0/1 – 3
Switch2(config)# channel-protocol lacp
Switch2(config)# channel-group 1 mode active
Switch2(config)# ^z
Switch2(config)# copy run start

Out put check

Switch# sh EtherChannel summary

Can also ping computers