6/8/2011

Switching and VLANs

Basic Switch Functions

6/8/2011

Agenda

Address Learning
Forwarding
Filtering
Spanning Tree Protocol

Switches & Bridges have Three Main

Functions
Address Learning

Forwarding/Filtering

Loop Avoidance

6/8/2011

ADDRESS LEARNING

Switch keeps a Table mapping MAC

Address to Port
MAC Address Table
Port MAC Address

Table is initially
Empty

1
2
aaaa

dddd

bbbb

4
1

cccc

6/8/2011

Switch learns the Address and

Connected Port of Transmitting Device
Port
I want to send to
cccc
aaaa

MAC Address Table

MAC Address
aaaa

2
3

bbbb

4
1

3
cccc

dddd

Switch does not have destination

address in its MAC table
Port

MAC Address

I want to send to
cccc

aaaa

aaaa

MAC Address Table

2
bbbb

dddd

cccc

Switch Floods frame out of every port except the one

it came in on.

6/8/2011

Switch learns the Address and

Connected Port of Transmitting Device
Port

MAC Address

aaaa

MAC Address Table

2
aaaa

bbbb

3
4

cccc
1

3
cccc

dddd

Reply to
aaaa

Switch learns the address of another device.

Switch finds Destination MAC address in its

Table
Port

MAC Address

aaaa

MAC Address Table

2
aaaa

bbbb

3
4

cccc
1

dddd

3
cccc

Reply to
aaaa

Switch forwards the frame out ONLY the correct

Port.

6/8/2011

Process continues until switch learns the

Address and Port of all nodes
MAC Address Table

aaaa

Port

MAC Address

aaaa

dddd

bbbb

cccc
1

dddd

bbbb

3
cccc

LAYER 2 FORWARDING

6/8/2011

Forwarding device wants to send

message to another device
MAC Address Table

aaaa

I want to
send to
bbbb

1.

Port

MAC Address

aaaa

dddd

bbbb

cccc

bbbb

dddd

cccc

Forwarding switch looks for

destination address in MAC Address
TableMAC Address Table
Lookup bbbb in MAC Table

2. Finds it
3. Forward Frame out ONLY the
associated port

Port

MAC Address

aaaa

dddd

bbbb

cccc

aaaa
I want to
send to
bbbb

bbbb

dddd

cccc
2

6/8/2011

LAYER 2 SWITCH FILTERING

Multiple Nodes on the Same Port

MAC Address Table
Port

MAC Address

aaaa, dddd

aaaa

bbbb

cccc

bbbb

Hub
dddd

3
cccc
4

6/8/2011

Frames destined out the same port

they entered are dropped - Filtered
MAC Address Table
Sending to
dddd
aaaa

Port

MAC Address

aaaa, dddd

2
3

bbbb

cccc

bbbb

Hub
dddd

I dont need to
do anything
cccc

LOOP AVOIDANCE

6/8/2011

Networks with a Single Point of Failure

are not as Reliable

Failure at any of these point

will disrupt communication
between clients and servers

An additional Switch adds Redundancy

No more Single Point of

Failure

10

6/8/2011

However, Loops can now occur

Frames can now

loop indefinitely
around the network

Spanning Tree Protocol to the Rescue

11

6/8/2011

STP Blocks Layer-2 Loops even when

Physical loops exists

Spanning Tree Protocol (STP)

blocks some ports, to
maintain a loop-free network

At what point of the frame does the switch

start to forward the frame

Switches:

Bridges:

Cutthrough
Store-andforward
Store-andforward

12

6/8/2011

Cut-through Switching
The fastest way to forward frames
Looks at only the first 6 bytes (destination
MAC address) before forwarding
No error checking
Destination
MAC Address

Rest of Frame
Forwarding Decision

Fragment-free Switching
Waits for the first 64 bytes before forwarding
Catches most collisions
Limited error checking
Destination
MAC Address
64
Bytes

Rest of Frame
Forwarding Decision

13

6/8/2011

Store-and-Forward Switching
Slower but more reliable than the cut-through
Reads entire frame and performs a CRC check
If CRC check fails discard frame

Complete Frame

CRC

Forwarding Decision

Review

Address Learning
Forwarding
Filtering
Spanning Tree Protocol
Frame Switching

14

6/8/2011

Advanced Switch Features

At the end of this lesson we will be

able to
Explain the advanced features of a switch

Network+2009 Objective 3.3

15

6/8/2011

What we will cover

Basic Layer-2 Switching
Power over Ethernet
The Spanning Tree Protocol
VLAN and VLAN Trunking

Port mirroring
Port authentication

BASIC LAYER-2 SWITCHING

16

6/8/2011

Bridging Function
Breakup Collision Domain
Address Learning

Bridges

Switches

Forwarding
Filtering
Loop Avoidance

Switches vs. Bridges

Bridges

Switches

17

6/8/2011

Power over Ethernet or PoE

Safely transfers electrical power, along with
data, to remote devices
Use standard UTP cables.
No modification of existing Ethernet cabling
infrastructure required

Power over Ethernet (PoE) supplies

power to devices over UTP
IEEE 802.3af
Supplies power to Wireless AP, IP
Telephone, IP Cameras, etc.
Power supplied by Switch or MidSpan Power Injector
Maximum power supplied15.4 W

18

6/8/2011

PoE Power Supplies

PoE Switch

Mid-Span Power Injector

Some PoE Devices

IP Camera

IP
Telephone

Wireless AP
(with Power
Injector)

19

6/8/2011

THE SPANNING TREE PROTOCOL

Redundant Topology eliminates single

points of failure

Redundant topology can cause broadcast storms, multiple

frame copies, and MAC address table instability problems.

20

6/8/2011

Broadcast Frames

Station D sends a broadcast frame.

Broadcast frames are flooded to all ports

except the originating port.

Broadcast Storms

Host X sends a broadcast.

Switches continue to propagate
broadcast traffic over and over.

21

6/8/2011

Multiple Frame Copies

Host X sends a unicast frame to router Y.

The MAC address of router Y has not been
learned by either switch.
Router Y will receive two copies of the same frame.

MAC Database Instability

Host X sends a unicast frame to router Y.

The MAC address of router Y has not been learned by either switch.
Switches A and B learn the MAC address of host X on port 1.
The frame to router Y is flooded.
Switches A and B incorrectly learn the MAC address of host X on port 2.

22

6/8/2011

The Spanning Tree Protocol prevents

layer-2 loops

Provides a loop-free redundant network topology

by placing certain ports in the blocking state

Published in the IEEE 802.1D specification

Spanning-Tree Operation
One root bridge per broadcast domain.
One root port per nonroot bridge.
One designated port per segment.

Nondesignated ports are unused.

23

6/8/2011

STP Root Bridge Selection

BPDU (default = sent every 2 seconds)

Root bridge = bridge with the lowest bridge ID

Bridge ID =

Bridge
Priority

MAC
Address

Spanning-Tree Port States

Spanning tree transits each port through several different states:

24

6/8/2011

VIRTUAL LOCAL AREA NETWORKS

(VLAN)

As a Switched Network grows many

issues may arise
Unbounded failure domains
Large broadcast domains
Large amount of unknown
MAC unicast traffic
Unbounded multicast traffic

Management and
support challenges
Possible security
vulnerabilities

25

6/8/2011

VLANs to the Rescue!

VLANs allow you to structure your

network Logically
Segmentation
Flexibility
Security

VLAN = Broadcast Domain = Logical Network (Subnet)

26

6/8/2011

VLAN Operation

Access

Access

Default all interfaces belong to the

same VLAN

10

11

12

VLAN 1

The Default Virtual LAN (VLAN) is

usually VLAN 1

27

6/8/2011

Interfaces can be assigned to different

VLANs

VLAN 1
VLAN 15

VLAN 10

10

11

12

VLAN 33

VLAN 1

Interface not reassigned remain in VLAN 1

Layer3 device (Router) is required for

inter-VLAN communication

VLAN 10

VLAN 15

10

11

12

VLAN 33
VLAN 1

28

6/8/2011

VLAN Membership Modes

VLAN TRUNKING

29

6/8/2011

802.1Q Trunking

802.1Q Frame

16-Bits

3-Bits

12-Bits

30

6/8/2011

Native VLANs are untagged on the

Trunk

Port Mirroring copies frames for

Monitoring
Copies frames from one or more ports or
VLAN to another switch port
Mirrored
Ports

IDS

31

6/8/2011

Port Security controls Access to the

network based on MAC address

Denied
Allowed

Port Authentication allows network

access only after validation
2). I will
check

3). Can Suzy

access the
network

1). May I access

the Network?

Minicomputer

Authentication
Server

32

6/8/2011

802.1x Client Authenticates via Access

Point or Switch
802.1x
Authenticator

802.1x
Authentication
Server

802.1x
Supplicant
Minicomputer

Review
Basic Layer-2 Switching
Advance Switch Features
Power over Ethernet
The Spanning Tree Protocol
VLAN and VLAN Trunking
Port mirroring
Port authentication

33