CCNA Guide to Cisco Networking Fundamentals Fourth Edition

1
CCNA Guide to Cisco Networking Fundamentals
Fourth Edition

• Chapter 13
• Advanced Switching Concepts

2
Objectives

• Explain how the Spanning Tree Protocol works and
  describe its benefits
• Describe the benefits of virtual LANs
• Configure a VLAN
• Understand the Purpose of the VLAN trunking
  protocol (VTP)
• Configure VTP

3
Spanning Tree Protocol

• Physical path loops
• A physical connection created when network
  devices are connected to one another by two or
  more physical media links
• Help improve a networks fault tolerance
• Drawback
• Can result in endless packet looping
• Spanning Tree Protocol (SP)
• A layer 2 link management protocol designed to
  prevent looping on bridges and switches
• The specification for STP is IEEE 802.1d

4
Spanning Tree Protocol (continued)
5
Spanning Tree Protocol (continued)

• STP uses the Spanning Tree Algorithm (STA)
• To interrupt the logical loop created by a
  physical loop in a bridged/switched environment
• STP does this by ensuring that certain ports on
  some of the bridges and switches do not forward
  frames
• Building a logical path
• Switches and bridges on a network use an election
  process to configure a single logical path
• First, a root bridge (root device) is selected
• Then, the other switches and bridges configure
  their ports, using the root bridge as a point of
  reference

6
Spanning Tree Protocol (continued)

• Bridges use STP to transfer the information about
  each bridges MAC address and priority number
• Bridge protocol data units (BPDU) or
  configuration bridge protocol data units (CBPDU)
• The messages the devices send to one another
• Each bridge or switch determines which of its own
  ports offers the best path to the root bridge
• Root ports
• The BPDU messages are sent between the root
  bridge and the best ports on the other devices

7
Spanning Tree Protocol (continued)

• If BPDUs are not received for a certain period of
  time
• The non-root-bridge devices will assume that the
  root bridge has failed, and a new root bridge
  will be elected
• Once the root bridge is determined and the
  switches and bridges have calculated their paths
  to the root bridge
• The logical loop is removed by one of the
  switches or bridges

8
Spanning Tree Protocol (continued)

• Port states
• STP will cause the ports on a switch or bridge to
  settle into a stable state
• Stable states
• The normal operating states of ports when the
  root bridge is available and all paths are
  functioning as expected
• Transitory states
• Prevent logical loops during a period of
  transition from one root bridge to another

9
Spanning Tree Protocol (continued)

• The stable states are as follows
• Blocking
• Forwarding
• Disabled
• The transitory states are as follows
• Listening
• Learning
• STP devices use the transitory states on ports
  while a new root bridge is being elected

10
Spanning Tree Protocol (continued)

• Ports on STP-enabled devices move through the
  different states as indicated in the following
  list
• From bridge/switch bootup to blocking
• From blocking to listening (or to disabled)
• From listening to learning (or to disabled)
• From learning to forwarding (or to disabled)
• From forwarding to disabled

11
Spanning Tree Protocol (continued)

• Topology changes
• When the topology is changed, STP-enabled devices
  react automatically
• If a device in an STP-enabled network stops
  receiving CBPDUs, then that device will claim to
  be the root bridge
• Will begin sending CBPDUs describing itself as
  such
• Per-VLAN STP (PVSTP)
• Operates on VLANs and treats all VLANs connected
  as separate physical networks

12
Spanning Tree Protocol (continued)

• Spanning Tree PortFast
• Allows you to configure a switch to bypass some
  of the latency (delay)
• Associated with the switch ports transitioning
  through all of the STP transitory states before
  they reach the forwarding state
• Configuring STP
• See Table 13-1

13
Spanning Tree Protocol (continued)
14
Spanning Tree Protocol (continued)

• Rapid STP (RSTP) 802.1w
• Takes the basis of 802.1d (STP) and incorporates
  some additional features (such as portfast) that
  overcome some of the flaws of STP

15
Virtual LANs

• Virtual LAN (VLAN)
• A grouping of network devices that is not
  restricted to a physical segment or switch
• Can be configured on most switches to restructure
  broadcast domains
• Broadcast domain
• Group of network devices that will receive LAN
  broadcast traffic from each other
• Management VLAN (also known as the default VLAN)
• By default, every port on a switch is in VLAN 1

16
Virtual LANs (continued)

• You can create multiple VLANs on a single switch
• Or even create one VLAN across multiple switches
• A VLAN is a layer 2 implementation, and does not
  affect layer 3 logical addressing

17
Virtual LANs (continued)
18
Virtual LANs (continued)
19
Benefits of VLANs

• Benefits
• Ease of adding and moving stations on the LAN
• Ease of reconfiguring the LAN
• Better traffic control
• Increased security
• VLANs help to reduce the cost of moving employees
  from one location to another
• Many changes can be made at the switch
• Physical moves do not necessitate the changing of
  IP addresses and subnets

20
Benefits of VLANs (continued)

• Because the administrator can set the size of the
  broadcast domain
• The VLAN gives the administrator added control
  over network traffic
• Dividing the broadcast domains into logical
  groups increases security
• Requires a hacker to perform the difficult feat
  of tapping a network port and then figuring out
  the configuration of the LAN
• VLANs can be configured by network administrators
  to allow membership only for certain devices

21
(No Transcript)
22
Dynamic vs. Static VLANs

• Static VLANs
• Configured port-by-port, with each port being
  associated with a particular VLAN
• The network administrator manually types in the
  mapping for each port and VLAN
• Dynamic VLAN
• Ports can automatically determine their VLAN
  configuration
• Uses a software database of MAC address-to-VLAN
  mappings that is created manually

23
Dynamic vs. Static VLANs (continued)

• Dynamic VLAN could prove to be more
  time-consuming than the static VLAN
• Dynamic VLAN allows the network administration
  team to keep the entire administrative database
  in one location
• On a dynamic VLAN, moving a cable from one switch
  port to another is not a problem
• Because the VLAN will automatically reconfigure
  its ports on the basis of the attached
  workstations MAC address

24
VLAN Standardization

• Before VLAN was an IEEE standard
• Early implementations depended on the switch
  vendor and on a method known as frame filtering
• Frame filtering
• Complex process that involved one table for each
  VLAN
• Had a master table that was shared by all VLANs
• The IEEE 802.1q specification that defines VLANs
  recommends frame tagging
• Also known as frame identification

25
VLAN Standardization (continued)

• Frame tagging
• Involves adding a four-byte field to the actual
  Ethernet frame to identify the VLAN and other
  pertinent information
• Makes it easier and more efficient to ship VLAN
  frames across network backbones
• Switches on the other side of the backbone can
  simply read the frame instead of being required
  to refer back to a frame-filtering table
• The two most common types of frame tagging
  (encapsulation) are 802.1q and Inter-Switch Link
  (ISL) protocol

26
Creating VLANs

• You can create VLANs by entering the
  (config-vlan) mode and using the VLAN command
• Or you can enter the VLAN database and use the
  VLAN configuration mode
• To use the config-vlan mode, you type the
  following
• Rm410HL(config)VLAN 2
• Rm410HL(config-vlan)name production
• To use the VLAN configuration mode, you start by
  entering the VLAN database

27
Creating VLANs (continued)

• The next step is to assign switch ports to the
  new VLANs
• Ports can be assigned as static or dynamic
• To remove a VLAN, use the no parameter
• Rm410HL(config)no vlan 2

28
Link Types and Configuration

• Two types of links are on Cisco switches trunk
  links and access links
• Trunk links
• Switch-to- switch or switch-to-router links that
  can carry traffic from multiple VLANs
• Access links
• Links to non-VLAN-aware devices such as hubs and
  individual workstations

29
Link Types and Configuration (continued)

• You choose from five different states for a trunk
  link
• Auto
• Desirable
• Nonegotiate
• Off
• On
• To configure a trunk link on a Catalyst 2950, you
  must be in the appropriate interface
  configuration mode

30
Link Types and Configuration (continued)

• Switch interface descriptions
• You can configure a name for each port on a
  switch
• This is useful when you begin to define roles for
  a switch port on a more global basis

31
VLAN Trunking Protocol

• VLAN trunking protocol (VTP)
• Created by Cisco to manage all of the configured
  VLANs that traverse trunks between switches
• A layer 2 messaging protocol that manages all the
  changes to the VLANs across networks
• VTP domains
• VTP devices are organized into domains
• Each switch can only be in one VTP domain at a
  time
• All devices that need to share information must
  be in the same VTP domain

32
VLAN Trunking Protocol (continued)

• VTP device modes
• Server
• Device can add, rename, and delete VLANs and
  propagate those changes to the rest of the VTP
  devices
• Client
• Device is not allowed to make changes to the VLAN
  structure, but it can receive, interpret, and
  propagate changes made by a server
• Transparent
• A device is not participating in VTP
  communications, other than to forward that
  information through its configured trunk links

33
VLAN Trunking Protocol (continued)

• VTP pruning option
• Reduces the number of VTP updates that traverse a
  link
• Off by default on all switches
• If you turn VTP pruning on
• VTP message broadcasts are only sent through
  trunk links that must have the information
• VLAN 1 is not eligible to be pruned because it is
  an administrative (and default) VLAN

34
Nonswitching Hubs and VLANs

• Important considerations
• If you insert a hub into a port on the switch and
  then connect several devices to the hub, all the
  systems attached to that hub will be in the same
  VLAN
• If you must move a single workstation that is
  attached to a hub with several workstations, you
  will have to physically attach the device to
  another hub or switch port to change its VLAN
  assignment
• The more hosts that are attached to individual
  switch ports, the greater the microsegmentation
  and flexibility the VLAN can offer

35
Routers and VLANs

• Routers can be used with VLANs to increase
  security
• Must be used to manage traffic between different
  VLANs
• Routers can implement access lists
• Which increase inter-VLAN security
• A router allows restrictions to be placed on
  station addresses, application types, and
  protocol types

36
(No Transcript)
37
Routers and VLANs (continued)

• Router can either be an onboard Route Switch
  Module (RSM) or an external router
• The router will accept the frame tagged by the
  sending VLAN and determine the best path to the
  destination address
• The router will then switch the packet to the
  appropriate interface and forward it to the
  destination address

38
Routers and VLANs (continued)

• Router-on-a-stick
• If a single link is used to connect an external
  router with the switch containing multiple VLANs
• Trunking is required for inter-VLAN routing
• Trunking is the process of using either ISL or
  802.1q to allow multiple VLAN traffic on the same
  link
• For instance, an ISL trunk link would encapsulate
  each packet with the associated VLAN information
  and allow the router to route the packet
  accordingly

39
Summary

• The Spanning Tree Protocol (STP) allows
  administrators to create physical loops between
  bridges and switches
• Without creating logical loops that would pose a
  problem for packet delivery
• The Rapid Spanning Tree Protocol (RSTP) has
  enhanced STP to reduce the latency associated
  with convergence
• Implementing VLANs via switches provides another
  way to increase the performance, flexibility, and
  security of a network

40
Summary (continued)

• VLANs are separate broadcast domains that are not
  limited by physical configurations
• Performance benefits associated with VLANs are
  derived from limiting the amount of broadcast
  traffic that would naturally pass through a
  switch without filtration
• Because traffic on a VLAN broadcast can be
  limited to a specific group of computers,
  security is also enhanced by making it more
  difficult for eavesdropping systems to learn the
  configuration of a network

41
Summary (continued)

• VLAN information is communicated to switches
  using the VLAN trunking protocol (VTP)