CCNA Advanced Switching

CCNA Guide to Cisco Networking Fundamentals

Chapter 13Advanced Switching Concepts

CCNA Guide to Cisco Networking Fundamentals 2

Objectives

• Explain how the Spanning Tree Protocol works and describe its benefits

• Describe the benefits of virtual LANs

• Configure a VLAN

• Understand the Purpose of the VLAN trunking protocol (VTP)

• Configure VTP


Spanning Tree Protocol

• Physical path loops– A physical connection created when network devices

are connected to one another by two or more physical media links

– Help improve a network’s fault tolerance

• Drawback– Can result in endless packet looping

• Spanning Tree Protocol (SP)– A layer 2 link management protocol designed to

prevent looping on bridges and switches– The specification for STP is IEEE 802.1d


Spanning Tree Protocol (continued)



• STP uses the Spanning Tree Algorithm (STA)– To interrupt the logical loop created by a physical loop

in a bridged/switched environment– STP does this by ensuring that certain ports on some

of the bridges and switches do not forward frames

• Building a logical path– Switches and bridges on a network use an election

process to configure a single logical path– First, a root bridge (root device) is selected– Then, the other switches and bridges configure their

ports, using the root bridge as a point of reference



• Bridges use STP to transfer the information about each bridge’s MAC address and priority number

• Bridge protocol data units (BPDU) or configuration bridge protocol data units (CBPDU)– The messages the devices send to one another

• Each bridge or switch determines which of its own ports offers the best path to the root bridge

• Root ports– The BPDU messages are sent between the root

bridge and the best ports on the other devices



• If BPDUs are not received for a certain period of time– The non-root-bridge devices will assume that the root

bridge has failed, and a new root bridge will be elected

• Once the root bridge is determined and the switches and bridges have calculated their paths to the root bridge– The logical loop is removed by one of the switches or

bridges



• Port states– STP will cause the ports on a switch or bridge to

settle into a stable state

• Stable states– The normal operating states of ports when the root

bridge is available and all paths are functioning as expected

• Transitory states– Prevent logical loops during a period of transition from

one root bridge to another



• The stable states are as follows:– Blocking– Forwarding– Disabled

• The transitory states are as follows:– Listening– Learning

• STP devices use the transitory states on ports while a new root bridge is being elected



• Ports on STP-enabled devices move through the different states as indicated in the following list:– From bridge/switch bootup to blocking– From blocking to listening (or to disabled)– From listening to learning (or to disabled)– From learning to forwarding (or to disabled)– From forwarding to disabled



• Topology changes– When the topology is changed, STP-enabled devices

react automatically– If a device in an STP-enabled network stops receiving

CBPDUs, then that device will claim to be the root bridge

• Will begin sending CBPDUs describing itself as such

• Per-VLAN STP (PVSTP)– Operates on VLANs and treats all VLANs connected

as separate physical networks



• Spanning Tree PortFast– Allows you to configure a switch to bypass some of

the latency (delay)• Associated with the switch ports transitioning through

all of the STP transitory states before they reach the forwarding state

• Configuring STP– See Table 13-1





• Rapid STP (RSTP) 802.1w– Takes the basis of 802.1d (STP) and incorporates

some additional features (such as portfast) that overcome some of the flaws of STP


Virtual LANs

• Virtual LAN (VLAN)– A grouping of network devices that is not restricted to

a physical segment or switch– Can be configured on most switches to restructure

broadcast domains

• Broadcast domain– Group of network devices that will receive LAN

broadcast traffic from each other

• Management VLAN (also known as the default VLAN)– By default, every port on a switch is in VLAN 1


Virtual LANs (continued)

• You can create multiple VLANs on a single switch – Or even create one VLAN across multiple switches

• A VLAN is a layer 2 implementation, and does not affect layer 3 logical addressing






Benefits of VLANs

• Benefits:– Ease of adding and moving stations on the LAN– Ease of reconfiguring the LAN– Better traffic control– Increased security

• VLANs help to reduce the cost of moving employees from one location to another– Many changes can be made at the switch– Physical moves do not necessitate the changing of IP

addresses and subnets


Benefits of VLANs (continued)

• Because the administrator can set the size of the broadcast domain– The VLAN gives the administrator added control over

network traffic

• Dividing the broadcast domains into logical groups increases security– Requires a hacker to perform the difficult feat of

tapping a network port and then figuring out the configuration of the LAN

• VLANs can be configured by network administrators to allow membership only for certain devices



Dynamic vs. Static VLANs

• Static VLANs– Configured port-by-port, with each port being

associated with a particular VLAN– The network administrator manually types in the

mapping for each port and VLAN

• Dynamic VLAN– Ports can automatically determine their VLAN

configuration– Uses a software database of MAC address-to-VLAN

mappings that is created manually


Dynamic vs. Static VLANs (continued)

• Dynamic VLAN could prove to be more time-consuming than the static VLAN

• Dynamic VLAN allows the network administration team to keep the entire administrative database in one location

• On a dynamic VLAN, moving a cable from one switch port to another is not a problem– Because the VLAN will automatically reconfigure its

ports on the basis of the attached workstation’s MAC address


VLAN Standardization

• Before VLAN was an IEEE standard– Early implementations depended on the switch vendor

and on a method known as frame filtering

• Frame filtering– Complex process that involved one table for each

VLAN– Had a master table that was shared by all VLANs

• The IEEE 802.1q specification that defines VLANs recommends frame tagging– Also known as frame identification


VLAN Standardization (continued)

• Frame tagging– Involves adding a four-byte field to the actual Ethernet

frame to identify the VLAN and other pertinent information

– Makes it easier and more efficient to ship VLAN frames across network backbones

• Switches on the other side of the backbone can simply read the frame instead of being required to refer back to a frame-filtering table

• The two most common types of frame tagging (encapsulation) are 802.1q and Inter-Switch Link (ISL) protocol


Creating VLANs

• You can create VLANs by entering the (config-vlan)# mode and using the VLAN command– Or you can enter the VLAN database and use the

VLAN configuration mode

• To use the config-vlan mode, you type the following:– Rm410HL(config)#VLAN 2– Rm410HL(config-vlan)name production

• To use the VLAN configuration mode, you start by entering the VLAN database


Creating VLANs (continued)

• The next step is to assign switch ports to the new VLANs– Ports can be assigned as static or dynamic

• To remove a VLAN, use the no parameter:– Rm410HL(config)#no vlan 2


Link Types and Configuration

• Two types of links are on Cisco switches: trunk links and access links

• Trunk links– Switch-to- switch or switch-to-router links that can

carry traffic from multiple VLANs

• Access links– Links to non-VLAN-aware devices such as hubs and

individual workstations


Link Types and Configuration (continued)

• You choose from five different states for a trunk link:– Auto– Desirable– Nonegotiate– Off– On

• To configure a trunk link on a Catalyst 2950, you must be in the appropriate interface configuration mode


Link Types and Configuration (continued)

• Switch interface descriptions– You can configure a name for each port on a switch– This is useful when you begin to define roles for a

switch port on a more global basis


VLAN Trunking Protocol

• VLAN trunking protocol (VTP)– Created by Cisco to manage all of the configured

VLANs that traverse trunks between switches– A layer 2 messaging protocol that manages all the

changes to the VLANs across networks

• VTP domains– VTP devices are organized into domains– Each switch can only be in one VTP domain at a time

• All devices that need to share information must be in the same VTP domain


VLAN Trunking Protocol (continued)

• VTP device modes– Server

• Device can add, rename, and delete VLANs and propagate those changes to the rest of the VTP devices

– Client• Device is not allowed to make changes to the VLAN

structure, but it can receive, interpret, and propagate changes made by a server

– Transparent• A device is not participating in VTP communications,

other than to forward that information through its configured trunk links


VLAN Trunking Protocol (continued)

• VTP pruning option– Reduces the number of VTP updates that traverse a

link– Off by default on all switches

• If you turn VTP pruning on– VTP message broadcasts are only sent through trunk

links that must have the information

• VLAN 1 is not eligible to be pruned because it is an administrative (and default) VLAN


Nonswitching Hubs and VLANs

• Important considerations:– If you insert a hub into a port on the switch and then

connect several devices to the hub, all the systems attached to that hub will be in the same VLAN

– If you must move a single workstation that is attached to a hub with several workstations, you will have to physically attach the device to another hub or switch port to change its VLAN assignment

– The more hosts that are attached to individual switch ports, the greater the microsegmentation and flexibility the VLAN can offer


Routers and VLANs

• Routers can be used with VLANs to increase security– Must be used to manage traffic between different

VLANs

• Routers can implement access lists– Which increase inter-VLAN security

• A router allows restrictions to be placed on station addresses, application types, and protocol types



Routers and VLANs (continued)

• Router can either be an onboard Route Switch Module (RSM) or an external router

• The router will accept the frame tagged by the sending VLAN and determine the best path to the destination address– The router will then switch the packet to the

appropriate interface and forward it to the destination address


Routers and VLANs (continued)

• Router-on-a-stick– If a single link is used to connect an external router

with the switch containing multiple VLANs• Trunking is required for inter-VLAN routing

• Trunking is the process of using either ISL or 802.1q to allow multiple VLAN traffic on the same link– For instance, an ISL trunk link would encapsulate

each packet with the associated VLAN information and allow the router to route the packet accordingly


Summary

• The Spanning Tree Protocol (STP) allows administrators to create physical loops between bridges and switches– Without creating logical loops that would pose a

problem for packet delivery

• The Rapid Spanning Tree Protocol (RSTP) has enhanced STP to reduce the latency associated with convergence

• Implementing VLANs via switches provides another way to increase the performance, flexibility, and security of a network


Summary (continued)

• VLANs are separate broadcast domains that are not limited by physical configurations

• Performance benefits associated with VLANs are derived from limiting the amount of broadcast traffic that would naturally pass through a switch without filtration

• Because traffic on a VLAN broadcast can be limited to a specific group of computers, security is also enhanced by making it more difficult for eavesdropping systems to learn the configuration of a network


Summary (continued)

• VLAN information is communicated to switches using the VLAN trunking protocol (VTP)

Technology

CCNA Advanced Switching