Chapter 11: Switching and VLANs

Instructor: • Click to edit Master subtitle

style
 Chapter 11 Objectives
• The Following CompTIA Network+ Exam
Objectives Are Covered in This Chapter:
• 2.6 Given a scenario, configure a switch using proper features
• VLAN
• o Native VLAN/Default VLAN
• o VTP
• Spanning tree (802.1d)/rapid spanning tree (802.1w)
• o Flooding
• o Forwarding/blocking
• o Filtering
• Interface configuration
• o Trunking/802.1q
• o Tag vs untag VLANs
• o Port bonding (LACP)
• o Port mirroring (local vs remote)
• o Speed and duplexing
• o IP address assignment
• o VLAN assignment

2
 Chapter 11 Objectives
• The Following CompTIA Network+ Exam
Objectives Are Covered in This Chapter:
• Default gateway
• PoE and PoE+ (802.3af, 802.3at)
• Switch management
• o User/passwords
• o AAA configuration
• o Console
• o Virtual terminals
• o In-band/Out-of-band management
• Managed vs unmanaged
• 3.3 Given a scenario, implement network hardening
techniques
• o Network-based
• Switch port security
• o MAC address filtering
• o VLAN assignments
• Network segmentation
3
 Switching and Virtual LANs
(VLANs)

• Switching breaks up large collision domains into

smaller ones and that a collision domain is a network
segment with two or more devices sharing the same
bandwidth.

• Switched design is properly implemented, it will result

in a clean, cost-effective, and resilient internetwork.

4
 The first LAN
Hubs

Server Farm

Corporate Remote Branch

Token Ring

The first LAN had each hub placed into a

router port.
5
Chapter 11
The first switched LAN
Figure 11.2 Hubs

Server Farm

Switches

Corporate Remote Branch

Token Ring
 Switched network design

• A typical, contemporary, and complete switched network

design/implementation would look something like this.
• There is a router implemented.
• The router creates and handles logical segmentation.
• What makes Layer 2 switching so efficient is that no
7
modification to the data packet takes place.
 Switching Services
100 Mbps Full-Duplex Links

Server
• Layer 2 switching provides the following benefits:
– Hardware-based bridging (ASIC)
– Wire speed
– Low latency
8
– Low cost
Switch Functions at Layer 2
• There are three distinct functions of Layer 2 switching
– Address learning
– Forward/filter decisions
– Loop avoidance

9
 Address Learning
MAC Forward/Filter Table
E0/0:
E0/1:
E0/2:
E0/3:
E0/0 E0/3

E0/1 E0/2

Host A Host B Host C Host D

• Layer 2 switches and bridges are capable of address learning;

they remember the source hardware address of each frame
received on an interface and enter this information into a MAC
database known as a forward/filter table. 10
• Initially there is no address information in the table.
 Forwarding/Filter Table
MAC Forward/Filter Table
E0/0: 0000.8c01.000A Step 2
E0/1: 0000.8c01.000B Step 4
E0/2:
E0/3:

E0/0 E0/3

E0/1 E0/2
Step 1
3 4 3 3

Host A Host B Host C Host D

When the hosts start communicating, the switch places the source
hardware address of each frame in the table along with the 11
corresponding port
 Forwarding/Filter Table Evaluation
Switch#sh mac address-table
VLAN Mac Address Ports
-------- ------------------- --------
1 0005.dccb.d74b Fa0/4
1 000a.f467.9e80 Fa0/5
1 000a.f467.9e8b Fa0/6

Fa0/3 Fa0/4 Fa0/5 Fa0/6

A B C D

• Host A is sending a data frame to Host D.

• What will the switch do when it receives
12
the frame from Host A?
 Broadcast Storm

Segment 1

Broadcast Switch B
Switch A

Segment 2

• Redundant links between switches can be a wise thing to

implement because they help prevent complete network
failures in the event that one link stops working.

• There is a drawback; frames can be flooded down all 13

redundant links simultaneously creating network loops.
 Multiple Frame Copies

Router C Unicast

Segment 1
Unicast Unicast

Switch B Switch A

Segment 2

 The MAC address filter table could be totally confused about

the device’s location because the switch can receive the
frame from more than one link.
 The switch could get so caught up in constantly updating the
MAC filter table with source hardware-address locations that
it may fail to forward a frame. This is called thrashing the
MAC table. 14
Spanning Tree Protocol (STP)

STP’s main task is to stop network loops from occurring

on your Layer 2 network (bridges or switches).
It achieves this feat by vigilantly monitoring the network to
find all links and making sure that no loops occur by
shutting down any redundant ones.
STP uses the spanning-tree algorithm (STA) to first create
a topology database and then search out and destroy
redundant links.
With STP running, frames will be forwarded only on the
premium, STP-picked links.
Switches transmit Bridge Protocol Data Units (BPDUs) out
all ports so that all links between switches can be found.

15
 Switching Loops

• Switched network with a redundant topology (switching

loops) without some type of Layer 2 mechanism to stop
network loops will fail.
16
 Spanning-Tree Port States
The ports on a bridge or switch running STP can transition through
five different states:

• Blocking
– A blocked port won’t forward frames; it just listens to BPDUs and will
drop all other frames.
• Listening
– The port listens to BPDUs to make sure no loops occur on the network
before passing data frames without populating the MAC address table.
• Learning
– A port in learning state populates the MAC address table but doesn’t
forward data frames.
• Forwarding
– The port sends and receives all data frames on the bridged port. If the
port is still a designated or root port at the end of the learning state, it
enters the forwarding state.
• Disabled
– A port in the disabled state (administratively) does not
participate in the frame forwarding or STP.

17
 Switching Design

STP root
Bridge Priority 4096
6500

Bridge Priority 8192

3560 3560 3560

2960 2960 2960 2960 2960 2960

Create core switch as STP root for fastest STP convergence

• There are ways to design really great ways to implement your

switched network so that STP converges efficiently.
18
 Rapid Spanning Tree
Protocol 802.1w
The 802.1w is defined in these
different port states (compared to
802.1d):
• Disabled = Discarding
• Blocking = Discarding
• Listening = Discarding
• Learning = Learning
• Forwarding = Forwarding
19
 VLAN Basics

• Layer 2 switched networks are typically designed as flat

networks.
• Every broadcast packet transmitted is seen by every device
on the network regardless of whether the device needs to
receive that data or not.
20
• VLANs will let us control our broadcast domains.
Benefits of a Switched Network

Host A Host D

• Host A is sending a frame with Host D as its destination.

• The frame is only forwarded out of the port where Host D is located. This is a huge
improvement over hubbed networks.
21
 Physical LANs
Connected to a Router

Hubs
Engineering Sales

Shipping Marketing

Finance Management

• Each network is attached with a hub port to the router (each

segment also has its own logical network number.
• Each department has its own LAN, so if we needed to add
new users we would just plug them into the appropriate 22LAN.
 Switches Removing
the Physical Boundary
VLAN2 VLAN3 VLAN4 VLAN2 VLAN7 VLAN3 VLAN3 VLAN6 VLAN5 VLAN5 VLAN6 VLAN4

Provides inter-VLAN
Communication and
WAN services
Marketing VLAN2 172.16.20.0/24
Shipping VLAN3 172.16.30.0/24
Engineering VLAN4 172.16.40.0/24
Finance VLAN5 172.16.50.0/24
Management VLAN6 172.16.60.0/24
Sales VLAN7 172.16.70.0/24

23
 Quality of Service

QoS methods focus on one of five

problems that can affect data as it
traverses network cable:

• Delay
• Dropped packets
• Error
• Jitter
• Out-of-order delivery

24
 VLAN Memberships
• Static VLANs
– Creating static VLANs is the most
common way to create a VLAN, and one
of the reasons for that is because static
VLANs are the most secure
• Dynamic VLANs
– On the other hand, a dynamic VLAN
determines a host’s VLAN assignment
automatically. Using intelligent
management software, you can base
VLAN assignments on hardware (MAC)
addresses, protocols, or even applications
that work to create dynamic VLANs.
25
 Access and Trunk Links
10Base-T/100Base-TX Catalyst 2950 SERIES
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 A 100Base-FX B
SYST RPS

STRT UTIL DUPLXSPEED

MODE

Trunk Link

Red VLAN Blue VLAN Green VLAN

10Base-T/100Base-TX Catalyst 2950 SERIES

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 A 100Base-FX B
SYST RPS

STRT UTIL DUPLXSPEED

MODE

VLANs can span across multiple switches

By using trunk links, which carry traffic
For multiple VLANs.

Red VLAN Blue VLAN Green VLAN

26
VLAN Identification Methods

• Inter-Switch Link (ISL)

– Proprietary to Cisco switches, and it’s used for
Fast Ethernet and Gigabit Ethernet links only. ISL
routing is pretty versatile and can be used on a
switch port, on router interfaces, and on server
interface cards to trunk a server
• IEEE 802.1Q
– Created by the IEEE as a standard method of
frame tagging, IEEE 802.1Q actually inserts a field
into the frame to identify the VLAN. If you’re
trunking between a Cisco switched link and a
different brand of switch, you’ve got to use 802.1Q
for the trunk to work.

27
VLAN Trunking Protocol

• Consistent VLAN configuration

across all switches in the network
• Accurate tracking and monitoring
of VLANs
• Dynamic reporting of added
VLANs to all switches in the VTP
domain
• Adding VLANs using Plug and
Play
28
802.1q
Figure 11.17
 VTP Modes of Operation
• Server
• Client
• Transparent
Server Configuration: Saved in NVRAM

Server

Client Transparent

Client Configuration: Not Saved in NVRAM Transparent Configuration: Saved in NVRAM

30
 Configuring VTP
Switch#config t
Switch#(config)#vtp mode server
Device mode already VTP SERVER.

Switch(config)#vtp domain Lammle

(ChangesVTP domain name from null to Lammle)

Switch(config)#vtp password todd

(Sets device VLAN database password to todd)

31
Port Security
Figure 11.19
Port Bonding
Figure 11.20
Chapter 11
Switched Ethernet ports can provide power to devices.
Figure 11.21
 Advanced Features of Switches

• Switches really expand our flexibility when designing

our networks. There are features which enhance the
functionality or the switch networks.
– Power over Ethernet (PoE)
– Port Mirroring/Spanning

35
 Power over Ethernet (PoE)
• Switches can provide power to end devices by injecting
power into the Ethernet cabling.
• If PoE switches are not implemented, power can be injected
into the cabling outside the switch.

36
 Port Mirroring/Spanning

• Port mirroring, also called Switch Port Analyzer (SPAN),

allows you to sniff traffic on a network when using a switch.
• A problem with this arises when you need to sniff traffic on a
switched network. The sniffer cannot see data going from
Host A to Host B.
• To solve this little snag, you could temporarily place a hub
between Host A and Host B.

37
 Port Mirroring
B

A Sniffer
Switch

• The port-mirroring option allows you to place a port in

spanning mode so that every frame from Host A is captured
by both Host B and the sniffer. 38
 Summary

• Summary
• Exam Essentials Section
• Written Labs
• Review Questions

39