Theory part:
Switching:
1. A switch is a layer 2 (MAC address) device.
2. Within a LAN connected by a switch, there is only one broadcast domain.
3. Switches mode:
Cut-through (directly foward)
fragment-free (read only the header - first 64 bytes)
Store and foward (read all contents)
4. MAC address table.
- Address learning capability for broadcast or multicast frames. There is no problem with unicast frame because the destination address will be provided in the frame.
Problems in Redundant Switched Topologies:
1. Frames don't arrive at the same time("broadcast storm"). This will gives "MAC database instability". This occurs in a situation where there are two uplinks (cross-cable) between two switches.
--> Cisco provides "loop avoidance" technology - "spanning tree protocol" (STP).
2. "Multiple Frame copies" - Nodes receive multiple copies of similar frame over and over again.
STP (Spanning Tree Protocol):
RSTP will be covered in CCNP.
2a. Root bridge (main bridge of the network) - All ports has to be opened up (rule of thumb)
Rules for STP:
2b. One root bridge per network.
2c. One root port per nonroot bridge. (means if given choice, the link connected to the root-bridge must be chosen or opened over others)
2d. One designated port per segment.
2e. Nondesignated ports are unused.
Root bridge selection (make sure there is no loop):
without knowing your root bridge, you wouldn't know which link to be closed.
Maximum bridge priority = 2^16
BPDU(sends every two seconds) contains:
- MAC address
- Priority
- Root bridge (the one with the lowest bridge ID)
Bridge ID consists of Priority + MAC Address. Thus, when the priority's number are the same, the one with lowest MAC address (numerically) will emerge as root bridge.
The backup link will come up after 30 + 15 +15 = 50 seconds. (Exam question)
Spanning Three Path Cost:
- Based on specialized calculation provided by IEEE.
In RSTP, instead of having NDP (B), we have the "disable" function. which is much faster.
Basic Switches configuration:
STP = auto enabled.
CDP = auto enabled.
RSTP = auto enabled.
- "Show mac-address-table" - Switch MAC address table.
- Similar to router configuration, you can view all interfaces via "show ip int brief"
- "show cdp neighbors"
- "show spanning-tree"
- "show spanning-tree bridge"
- "show spanning-tree root"
How to make the switch be part of the full network ?
Set DNS:
ip name-server [ip address]
set default gateway:
ip default-gateway [ip address]
How to change to half to full duplex (by default it is auto):
- Pick a particular port which is not currently using.
Apply Port Security:
Access port = a port which is connected to a host (Nodes or PC) / or carrying one vlan information.
Trunk port = carrying more than one vlan information.
1. set the port as "access port".
2. enable port security to the port.
3. Mac filtering.
let's say someone who is not given the MAC access connected to the switch. you can provide there options for these people.
protect = send an SNMP message to administrator.
shutdown = shutdown that particular port.
"terminal monitor" - monitor your terminal activities.
Switch can't ping to localhost - because of the "firewall" problems. (switch off firewall at the local PC). However, router can access local PC even with firewall on.
VLAN:
1. Segmentation (subnet or broadcast domain)
Access protection.
2. Flexibility
Present at other segment vicinity, but still able to access the designated segment.
3. Security
Implementing VLAN (for layer 2 switch) requires router. Because VLAN is to separate out ports of the same subnet into segments. Since for same network, ARF will be performed. In other words, you need to create subnets and use router.
You can't get 6 ports which N.N.10.1, N.N.10.2,N.N.10.3,N.N.10.4,N.N.10.5,N.N.10.6
and separate into half using router, means separate N.N.10.1,N.N.10.2,N.N.10.3 away from the other 3. Because the router still confused that you are in the same subnet. Thus, the only way out is to create a different subnet. For instance,
N.N.10.1 /24
N.N.10.2 /24
N.N.10.3 /24
N.N.20.1 /24
N.N.20.2 /24
N.N.20.3 /24
Access link = port connected to nodes (PCs)
Trunk link = At least a fast ethernet (100 MBits)
Carries multiple VLAN.
Encapsulation:
1. Frame tagging = 802.1Q (modifies your frame)
2. ISL (Cisco proprietary) = per VLAN Spanning Tree.
Being phase out, because it is only Cisco proprietary.
VLAN Modes:
1. Static mode = manually set a MAC address to a port.
2. Dynamic VLAN.
VMPS (VLAN management property server)
Important of Native VLANs
Native VLAN = untagged traffic.
Per VLAN Spanning Tree:
- by default is not on.
- Each VLAN would have own path, even though they share the switches. (good for fine-tuning)
- can only be done on ISL (DLINK, 3COM will not have this.) This is bcoz during ISL encapsulation, besides adding "VLAN ID" to the frame, "BPDU" information is also added in.
Summary:
1. In a switch,by default, there is only one broadcast domain.
2. However, you can create more broadcast domain (VLAN)
VTP (VLAN Trunking Protocol) :
1. Server-client architecture.
2. All switches must have the same VTP domain.
3. Information are saved in server's (switch) NVRAM. You may also want to have multi-server replication.
4. "Transparent" - VTP mode. Something like Jackal in card games.
5. "Revision number" - Updated version number.
6. VTP Prunning - Uses advertisement.
Practical part:
VLAN configuration (practical):
1. create VLAN. - "vlan 2 name [name]"
2. "apply" - confirmation.
3. Have to assign ports to these VLANs.
4. Move particular port to a VLAN.
Cat3550(config)#int fa0/1
Cat3550(config-if)#switchport access vlan 2
5. Select all ports - use "range"
Cat3550(config)#int range fa 0/1 - 22
Cat3550(config-if-range)#switchport access vlan 3
6. Create trunk.
6a. Trunking protocol -
Cisco Catalyst 3550 - has ISL and 802.1Q
6b. How do you know which link are trunk ?
"show interfaces trunk"
~The purpose making a port to be a trunk is to enable VLAN information to pass through. Thus, either you are using encapsulation "dot1q" or ISL. usually will use dot1q because ISL is only available for Cisco.
A trunked port is thus considered VLAN-less because it is not supposed to be connected to any nodes.
7. Change a particular port to "no switchport", it will thus be considered as available port.
8. Maximum VLAN allowed = 4094 - 1 (VLAN 0)
VTP:
1. Check "VTP" information.
"sh vtp status"
the most important is "operating mode" and "domain name"
2. Change domain name.
Cat3550(config)#vtp domain CCNA
3. create "vtp password"
Cat3550(config)#vtp password cisco
Password already set to cisco
4. VTP helps to synchronize between two switches.
Except for the port. For instance when creating a vlan, both switch can see the information, expect for the ports.
5. change to client mode.
Can't create VLAN.
Simulation questions:
1. IP addresses (first and last).
have to check out using "sh run" or "sh ip vlan 1"
2. vtp domain
3. vtp password.
Cat3550#sh vtp password
VTP Password: cisco
4. server mode.
5. default gateway.
--> This type of question will check on you about the usage of "VTP" related command. It doesn't call about subnet or VLAN as well.
In order for VTP to work, two main criterias.
1. VTP domain name must be the same.
2. VTP password.
Switching:
1. A switch is a layer 2 (MAC address) device.
2. Within a LAN connected by a switch, there is only one broadcast domain.
3. Switches mode:
Cut-through (directly foward)
fragment-free (read only the header - first 64 bytes)
Store and foward (read all contents)
4. MAC address table.
- Address learning capability for broadcast or multicast frames. There is no problem with unicast frame because the destination address will be provided in the frame.
Problems in Redundant Switched Topologies:
1. Frames don't arrive at the same time("broadcast storm"). This will gives "MAC database instability". This occurs in a situation where there are two uplinks (cross-cable) between two switches.
--> Cisco provides "loop avoidance" technology - "spanning tree protocol" (STP).
2. "Multiple Frame copies" - Nodes receive multiple copies of similar frame over and over again.
STP (Spanning Tree Protocol):
RSTP will be covered in CCNP.
2a. Root bridge (main bridge of the network) - All ports has to be opened up (rule of thumb)
Rules for STP:
2b. One root bridge per network.
2c. One root port per nonroot bridge. (means if given choice, the link connected to the root-bridge must be chosen or opened over others)
2d. One designated port per segment.
2e. Nondesignated ports are unused.
Root bridge selection (make sure there is no loop):
without knowing your root bridge, you wouldn't know which link to be closed.
Maximum bridge priority = 2^16
BPDU(sends every two seconds) contains:
- MAC address
- Priority
- Root bridge (the one with the lowest bridge ID)
Bridge ID consists of Priority + MAC Address. Thus, when the priority's number are the same, the one with lowest MAC address (numerically) will emerge as root bridge.
The backup link will come up after 30 + 15 +15 = 50 seconds. (Exam question)
Spanning Three Path Cost:
- Based on specialized calculation provided by IEEE.
In RSTP, instead of having NDP (B), we have the "disable" function. which is much faster.
Basic Switches configuration:
STP = auto enabled.
CDP = auto enabled.
RSTP = auto enabled.
- "Show mac-address-table" - Switch MAC address table.
- Similar to router configuration, you can view all interfaces via "show ip int brief"
- "show cdp neighbors"
- "show spanning-tree"
- "show spanning-tree bridge"
- "show spanning-tree root"
How to make the switch be part of the full network ?
Set DNS:
ip name-server [ip address]
set default gateway:
ip default-gateway [ip address]
How to change to half to full duplex (by default it is auto):
- Pick a particular port which is not currently using.
Apply Port Security:
Access port = a port which is connected to a host (Nodes or PC) / or carrying one vlan information.
Trunk port = carrying more than one vlan information.
1. set the port as "access port".
2. enable port security to the port.
3. Mac filtering.
let's say someone who is not given the MAC access connected to the switch. you can provide there options for these people.
protect = send an SNMP message to administrator.
shutdown = shutdown that particular port.
"terminal monitor" - monitor your terminal activities.
Switch can't ping to localhost - because of the "firewall" problems. (switch off firewall at the local PC). However, router can access local PC even with firewall on.
VLAN:
1. Segmentation (subnet or broadcast domain)
Access protection.
2. Flexibility
Present at other segment vicinity, but still able to access the designated segment.
3. Security
Implementing VLAN (for layer 2 switch) requires router. Because VLAN is to separate out ports of the same subnet into segments. Since for same network, ARF will be performed. In other words, you need to create subnets and use router.
You can't get 6 ports which N.N.10.1, N.N.10.2,N.N.10.3,N.N.10.4,N.N.10.5,N.N.10.6
and separate into half using router, means separate N.N.10.1,N.N.10.2,N.N.10.3 away from the other 3. Because the router still confused that you are in the same subnet. Thus, the only way out is to create a different subnet. For instance,
N.N.10.1 /24
N.N.10.2 /24
N.N.10.3 /24
N.N.20.1 /24
N.N.20.2 /24
N.N.20.3 /24
Access link = port connected to nodes (PCs)
Trunk link = At least a fast ethernet (100 MBits)
Carries multiple VLAN.
Encapsulation:
1. Frame tagging = 802.1Q (modifies your frame)
2. ISL (Cisco proprietary) = per VLAN Spanning Tree.
Being phase out, because it is only Cisco proprietary.
VLAN Modes:
1. Static mode = manually set a MAC address to a port.
2. Dynamic VLAN.
VMPS (VLAN management property server)
Important of Native VLANs
Native VLAN = untagged traffic.
Per VLAN Spanning Tree:
- by default is not on.
- Each VLAN would have own path, even though they share the switches. (good for fine-tuning)
- can only be done on ISL (DLINK, 3COM will not have this.) This is bcoz during ISL encapsulation, besides adding "VLAN ID" to the frame, "BPDU" information is also added in.
Summary:
1. In a switch,by default, there is only one broadcast domain.
2. However, you can create more broadcast domain (VLAN)
VTP (VLAN Trunking Protocol) :
1. Server-client architecture.
2. All switches must have the same VTP domain.
3. Information are saved in server's (switch) NVRAM. You may also want to have multi-server replication.
4. "Transparent" - VTP mode. Something like Jackal in card games.
5. "Revision number" - Updated version number.
6. VTP Prunning - Uses advertisement.
Practical part:
VLAN configuration (practical):
1. create VLAN. - "vlan 2 name [name]"
2. "apply" - confirmation.
3. Have to assign ports to these VLANs.
4. Move particular port to a VLAN.
Cat3550(config)#int fa0/1
Cat3550(config-if)#switchport access vlan 2
5. Select all ports - use "range"
Cat3550(config)#int range fa 0/1 - 22
Cat3550(config-if-range)#switchport access vlan 3
6. Create trunk.
6a. Trunking protocol -
Cisco Catalyst 3550 - has ISL and 802.1Q
6b. How do you know which link are trunk ?
"show interfaces trunk"
~The purpose making a port to be a trunk is to enable VLAN information to pass through. Thus, either you are using encapsulation "dot1q" or ISL. usually will use dot1q because ISL is only available for Cisco.
A trunked port is thus considered VLAN-less because it is not supposed to be connected to any nodes.
7. Change a particular port to "no switchport", it will thus be considered as available port.
8. Maximum VLAN allowed = 4094 - 1 (VLAN 0)
VTP:
1. Check "VTP" information.
"sh vtp status"
the most important is "operating mode" and "domain name"
2. Change domain name.
Cat3550(config)#vtp domain CCNA
3. create "vtp password"
Cat3550(config)#vtp password cisco
Password already set to cisco
4. VTP helps to synchronize between two switches.
Except for the port. For instance when creating a vlan, both switch can see the information, expect for the ports.
5. change to client mode.
Can't create VLAN.
Simulation questions:
1. IP addresses (first and last).
have to check out using "sh run" or "sh ip vlan 1"
2. vtp domain
3. vtp password.
Cat3550#sh vtp password
VTP Password: cisco
4. server mode.
5. default gateway.
--> This type of question will check on you about the usage of "VTP" related command. It doesn't call about subnet or VLAN as well.
In order for VTP to work, two main criterias.
1. VTP domain name must be the same.
2. VTP password.
Comments