Ethernet Switching: Concepts and Configuration in Computer Science

Ethernet Switching Topics

Ethernet Basics Switching Overview VLANS VLAN Trunking VLAN Routing Contention Management Switchport Configuration

Ethernet Basics

What is Ethernet?

$ 12/9 Most common Layer 2 wired LAN protocol Uses source and destination MAC addresses Can be carried on twisted pair, coax, or fiber optic cable Uses CSMA/CD for contention management Minimum length of 64 bytes Default maximum transmission unit size (MTU) of 1500 bytes Can be modified up to 9000 bytes (jumbo frames) for special purpose

• Better performance for an iSCSI SAN
• Requires switches and NICs that support jumbo frames

Ethernet Header

Ethernet layer 2 header Preamble Destination MAC & SoF 8-bytes address 6-bytes Source MAC address 6-bytes VLAN tag 4-bytes Ether- type 2-bytes Payload CRC 4-bytes L3 header Payload

Ethernet Example

10 Gbps Fiber 1000 Mbps UTP H3 SW1 SW2 10 Mbps UTP 100 Mbps UTP H1 H2

Switching Overview

What is a Switch?

Layer 2 device that makes forwarding decisions based on Layer 2 (MAC) addresses Learns the MAC address of devices plugged into it Builds a temporary table (in memory) associating MAC addresses with switchports Has high port density (many ports) Some models provide Power-over-Ethernet (PoE) on ports for phones, WAPs, cameras, etc.

MAC Address Table

Built dynamically on a switch

• Whenever devices transmit, the switch notes the source MAC and adds it to the table
• Table is stored in the switch's RAM
• If a hub, uplink, or trunk link is attached to a port, that port will have multiple MAC addresses associated with it Displays the current mapping of MAC addresses to switchports Switch uses it to make forwarding decisions at Layer 2 If the destination MAC address is not in the table:

◦ The switch floods the frame out all ports (except the port it came in on) ◦ Can be cleared manually or by rebooting the switch Do not mistake a MAC address table for an arp cache! ◦ A MAC table maps source MAC addresses to switchports ◦ An ARP cache maps MAC addresses to destination IP addresses

Switching Modes

Store and Forward

◦ Buffer the entire frame . Run a CRC check on frame to make sure it's not damaged · Discard frame if damaged · Forward to destination if ok Fragment Free · Validate the first 64 bytes of the frame as it comes in . The first 64 bytes is the most likely time a collision will occur . If a collision occurs, the colliding nodes will stop transmitting . But you still have a runt frame on the segment · If first 64 bytes are ok, forward as the rest of the frame comes into the switch Cut-through . Do not check the frame at all · Immediately start to forward as it comes in · Trade accuracy for performance

MAC Address Table Examples

Laptop-PT Laptopo Server-PT Server0 IP 7960 IP Phone1 PC-PT PC1 Printer-PT Printer0 PC-PT PCO 2960-24TT Switch0 2960-24TT Switch1 Hull-PT Hubo PC-PT PC2 PC-PT PC4 PC-PT PC3 Switch#show mac address-table Mac Address Table Vlan Mac Address Type Ports 1 0001.6481.1320 DYNAMIC Fa0/1 DYNAMIC Fa0/6 1 0003.e48b.5296 DYNAMIC Fa0/4 1 0005.5e43.6c19 DYNAMIC Gig0/1 0010.114b.8bal DYNAMIC Fa0/7 1 0030.a392.9dd0 DYNAMIC Fa0/7 1 0060.3e0b.e6d7 DYNAMIC Fa0/3 1 0060.479d.d02e DYNAMIC Fa0/2 1 0090.21e7.c128 DYNAMIC Fa0/7 Switch#show mac address-table Mac Address Table Vlan Mac Address Type Ports 1 0001.6481.1320 DYNAMIC Gig0/1 1 0003.e48b.5296 DYNAMIC Gig0/1 1 0010.114b. 8bal DYNAMIC Gig0/1 1 0030.a392.9dd0 DYNAMIC Gig0/1 0060.2fc2.d419 DYNAMIC Gig0/1 1 0060.3e0b. e6d7 DYNAMIC Gig0/1 1 0060.479d.d02e DYNAMIC Gig0/1 1 0090.21e7.c128 DYNAMIC Gig0/1 - 1 0001.9727.4996 1 1

Switching Loop

Occurs on a network when there is a redundant link between switches Switches by their nature flood broadcasts, multicasts, and unknown unicasts out all ports (except the port it was received on) Loops cause broadcast storms:

1. A host sends a Layer 2 broadcast (such as an ARP or DHCP discover)
2. The switch repeats the broadcast out all other ports, including the redundant link to the other switch
3. The other switch in turn repeats the broadcast out all its ports, including the first link to the first switch
4. The process repeats endlessly

Spanning Tree Protocol (STP)

IEEE 802.1d Used to eliminate switching loops Switches self-organize to identify redundant links

• Switches elect a "Root Bridge" among them as a focal point

◦ Switch with the lowest Bridge Priority and/or MAC address wins "election" The Root sends out Root Bridge Protocol Data Units (Root BPDUs) . Root BPDUs are forwarded by all other switches out all other ports If a switch receives the same Root BPDU from two or more different ports, it knows there is a redundancy ◦ Redundant links are put in a blocking state · Link speed, port number, and priority can all be used to determine which port will be blocked o If the active link goes down, the blocked port takes over and begins forwarding traffic Replaced with newer/better performing versions (Rapid STP, Per-VLAN Spanning Tree (PVST), PVST+)

STP Example

2960-24TT Switch0 2060-24TT Switch 1 2960-24TT Switch2 Switch0 Switch#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address O0OC.CF08.5A64 This bridge is the root Hello Time sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address O0OC.CF08.5A64 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio.Nbr Type Fa0/1 Desg FWD 19 128.1 P2p Gi0/1 Desg FWD 4 128.25 P2p Gi0/2 Desg FWD 4 128.26 P2p

STP Example (cont'd)

Switch1 Switch#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000C.CF08.5A64 Cost 4 Port 25 (GigabitEthernet0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address OOE0.8F8E.C082 Hello Time sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio. Nbr Type Gi0/2 Altn BLK 4 128.26 P2p Fa0/1 Desg FWD 19 128.1 P2p Gi0/1 Root FWD 4 128.25 P2p Switch2 Switch#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000C.CF08.5A64 Cost 19 Port 1 (FastEthernet0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address OODO. BCC1 . E26A Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 20 Interface Role Sts Cost Prio. Nbr Type Fa0/1 Root FWD 19 128.1 P2p Fa0/2 Altn BLK 19 128.2 P2p

VLANS

Virtual Local Area Network (VLAN)

Grouping of switch ports to create a separate network segment

◦ Logically divides a switch into multiple switches Typically used to separate departments, rooms, device types, or security levels ◦ Traffic stays limited to within the VLAN ◦ ◦ Each VLAN is a broadcast domain Each VLAN should be assigned its own subnet ID Nodes in the VLAN should be configured for that subnet ◦ VLANs cannot talk to each other unless traffic is routed between VLANs by a router ◦

Common VLAN Usage Example - Mind

VLAN 42 Mainframes Internet VLAN 98 DMZ VLAN 9 Guest Wi-Fi VLAN 2 Switch Management VLAN 99 FW-Edge Link VLAN 38, 39, 40 Servers VLAN 5 Phones VLAN 4 Cameras VLAN 97 FW-Core Link € ... VLAN 35, 36 iSCSI SAN VLAN 7 Admin Wi-Fi VLAN 100 Sales Dept VLAN 200 Research Dept 000 VLAN 8 Staff Wi-Fi VLAN 6 WLAN Controller LWAPP Tunnels 00000

Configuring VLANS

You create the VLAN on the switch, then add physical ports to the VLAN

• The switchports in one VLAN do NOT need to be physically near each other
• You could have switchports in other rooms or buildings on the LAN belong to the same VLAN
• You can easily change a port's VLAN membership Switch ports generally only belong to one VLAN at a time
• Exception: when an IP phone connects to the network through a PC

◦ Switch port has one VLAN for the phone, one VLAN for the PC (data) Initially, all switch ports are in the same default VLAN (usually VLAN 1) If you configure a port to join a particular VLAN and then unjoin the port, it reverts back to the default VLAN If you delete the VLAN without unjoining the ports from it, those ports become "orphaned" and (usually) go into a blocking state · They stop forwarding traffic

VLAN Example

Card VLAN 2 PC-PT PC6 PC-PT PC7 1 default Fa0/1, Fa0/4, Fa0/5, Fa0/6 Fa0/8, Fa0/9, Fa0/10, Fa0/12 Fa0/13, Fa0/14, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/23, Fa0/24, Gig0/1, Gig0/2 active Fa0/7, Fa0/15 Fa0/2, Fa0/11 Fa0/3, Fa0/22 active VLAN 3 2960-24TT Switch3 PC-PT PC1 PC-PT PC4 PC-PT PC5 VLAN 4 Status Ports 2 VLAN0002 PC-PT PCO PC-PT PC2 3 VLAN0003 active 4 VLAN0004 active VLAN0005 VLAN 5 5 PC-PT PC3 VLAN Name active

VLAN Trunking

VLAN Trunking

X /6/9 Used to extend VLANs to other switches . Trunk links carry traffic from all VLANs from one switch to another A broadcast in a VLAN will extend across the trunk link to all switches and their ports that use that VLAN IEEE 802.1Q ("dot 1 q") is the most common VLAN trunking protocol 802.1Q VLAN frames are distinguished from ordinary Ethernet frames · 4-byte VLAN tag is inserted into the Ethernet header 1 Separate Card 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 VLAN tag Destination address Source address Ether Type Payload 0x8100 TCI

Trunk Link vs Uplink

Do not confuse the two! An uplink is just a cable connecting two switches

◦ Used to add more devices to a single switch port All devices belong to the same VLAN ◦ ◦ Requires no special configuration A trunk link is an uplink that has been configured to carry traffic from all VLANs from one switch to the next A trunk port tags outgoing frames with their respective VLAN ID ◦ Trunk links extend VLANs across multiple switches ◦ Requires ports on both sides of the link to be configured as trunk ports ◦

VLAN Tagging

A tag inserted into the Ethernet header identifies which VLAN a particular frame belongs to · The sending switch applies the VLAN tag to the frame before transmitting it · The receiving switch then knows which VLAN that frame belongs to · Tags are only meaningful on a trunk link Ports that computers, phones, and end devices are plugged into do not tag their frames · The end devices have no knowledge of the VLAN · Ports meant for end devices are configured as "access" ports A Access ports do not use VLAN tags UKAN 2 on wards is tagged Default VLAN 1 traffic is untagged (per 802.1q) . This makes it possible to connect the two switches using a multi-access device such as a hub ◦ The hub (and any other devices plugged into it) treat the switch traffic as normal Ethernet · They ignore any VLAN tagging