Exchange-Day 1

Switching Principle, product, parameter --

Switch working layer: Layer 2 of osi, data link layer

Vswitch category:
At the work level:
Layer 2
Multi-layer switch

According to the position in the network:
Core Switch
Distributed Switch
Access Switch
Several important parameters of a vswitch:
Wire speed
Board bandwidth
Interface speed
Forwarding Rate
SW principle:
1. source MAC address-Based Learning
2. Target MAC address-based forwarding and filtering.
3. Multiple MAC addresses can be learned through the same interface.
4. The same MAC address is learned by multiple interfaces.
5. For frames with no entries in the target MAC address table, forward the frames to all other interfaces on the local machine.
6. All the interfaces on the local machine will be forwarded to the received wide/multicast frames and unknown unicast frames.
7. A host mac will be learned by all switches in the local L2 Network

Command for viewing the MAC address table:
Sw1 # showmac-address-table

By default, the aging time of dynamic MAC address entries is 300 S. You can modify the aging time of a single VLAN.
Sw # showmac-address-tableaging-time View aging time
Sw1 (config) # Some versions of the mac-address-tableaging-time150vlan1 do not
Sw1 # shmac-address-tabledynamic production view dynamic learning address

Differences between broadcast and pan-flood:
The target Mac address of the broadcast is full F, and Pan flood is not broadcast. The target Mac address is a specific Mac address. In essence, Pan flood is the multi-frame replication of unicast, which is easy to confuse, because the phenomenon is the same, both broadcast and flood send data frames to all ports and Trunk links in the same Vlan. The Trunk link does not belong to any Vlan and is assigned a VlanID during forwarding.

For example, an ARP request is a broadcast. A flood occurs when a unicast data frame is received and no matching entries are found in the target Mac table.

Binding mac addresses to IP addresses:
Router (config) # arp202.196.191.1900010.40bc. b54earpa
Sw1 (config) # arp1.1.1.10011.0001.0001arpaf0/1

Port and interface binding:
SW3 (config) # mac-address-tablestatic0001.0001.0001vlan1interfacef0/1
Host:
ARP-s10.88.56.7200-10-5C-AD-72-E3

The following functions can be implemented on Cisco 2950, 3550, 4500, and 6500 series switches, but note that 2950 and 3550 require the switch to run the enhanced software image EnhancedImage ).
MAC address-based user traffic Filtering:
Switch (config) Macaccess-listextendedMAC10
# Define a MAC address access control list and name it MAC10
Switch (config) permithost0009.6bc4. d4bfany
# A host with the MAC address 0009.6bc4.d4bf can access any host
Switch (config) permitanyhost0009.6bc4. d4bf
# Define that all hosts can access hosts whose MAC address is 0009.6bc4.d4bf
Switch (config-if) interfaceFa0/20
# Enter the specific port configuration mode
Switch (config-if) macaccess-groupMAC10in
# Apply the access list named MAC10 on this port, that is, the access policy we defined earlier)
Switch (config) nomacaccess-listextendedMAC10
# Clear the access list named MAC10

Certificate ----------------------------------------------------------------------------------------------------------------------------------------------

Certificate ----------------------------------------------------------------------------------------------------------------------------------------------

VLAN (VLAN Allan) Virtual LAN technology

Through VLAN technology, a physical LAN can be divided into multiple virtual logical lan. Each Virtual LAN is isolated and each virtual LAN is a separate broadcast domain.

· VLAN can isolate layer-2 broadcast domains.

· AVLAN = one) broadcast domain = one) logical subnet

· Benefits of using VLAN:
1. Effective Bandwidth utilization
2. Improved security
3. Isolate fault Domains

Two VLAN types are available:
1. End-to-End VLAN: VLAN that can be extended to the entire network
2. Local VLAN:
A VLAN is limited to a specific domain and takes effect only between the current access layer switch or a small range of distribution layers.
Configure the minority VLAN on a single access switch within a single distribution frame, instead of configuring VLAN for multiple departments on a single switch.

Two VLAN member modes are available:

· Static VLAN is also called Port-based VLAN ):
-- Manually configure the switch port and assign it to a specific VLAN. The device that receives this port belongs to this VLAN.
Sw1 # showcdpneighborsdetail

· Dynamic VLAN:
You must first deploy a VMPS server in the network, and save the MAC ing between each MAC address and VLAN on the server.
The switch does not assign a fixed interface to a VLAN in advance. Instead, when the interface has a computer access, It queries the VMPS Server Based on the received MAC address and then enters the VMPSVLANManagementPolicyServer) source MAC address in to allocate VLAN. To determine which VLAN the interface should be allocated.
Sw1 (config) # vmpsserver192.168.1.1

·VLAN range:
The Cisco switch supports a maximum of 4096 VLANs, depending on the platform and software version.
A total of 4096 VLAN numbers, 0-4095

: These two numbers are retained for system use only. The user cannot view it.
1: CISCO default VLAN, which cannot be deleted.
2-1001: the VLAN used for Ethernet. You can create a VLAN based on the number.
1002-1005: the default VLAN used for FDDI and card ring. It cannot be deleted.
1006-4094: used only for Ethernet VLAN. Extended VLAN. Only 3550 or more switches can be configured, and The VTP mode must be set to transparent mode.
Certificate ----------------------------------------------------------------------------------------------------------------------------------------------

VLAN Trunk

· Trunk: traffic carrying multiple VLANs on a single physical link. It is generally used between a vswitch and a vswitch.

· Two protocols used by Trunk:
802.1Q: Standard IEEE protocol, industry standard.
ISLInter-SwitchLink): Cisco proprietary Trunk encapsulation method.
Note:During encapsulation, the trunck port is encapsulated. You do not need to tag the forwarding process from one interface to another.

· ISLInter-SwitchLink ):
26 header) + 4CRC) = 30 BytesCRC: CyclicRedundancyCheck)
VlanID has a total of 15 bits, but only 10 bits, 2 ^ 10 = 1024 bytes
Therefore, ISL supports a maximum of 1024 VLANs.

Sw2940/2950 interfaces do not support ISL encapsulation and only support 802.1Q
In SW3550, the interface forces the Trunk mode, and a encapsulation mode must be specified first.

MTU: 1548 bytes
If the device receives an unencapsulated frame, ISL discards the frames and encapsulates all frames.

650) this. width = 650; "title =" 360software helper 20131004205353.jpg "src =" http://www.bkjia.com/uploads/allimg/131227/0414505Y1-0.jpg "alt =" 215736332.jpg"/> · 802. 1Q:

DestSrcLen/EtypeDataFCS

DestSrcTag

Insert a four-byte Tag field between the SM and Type fields and overwrite the original FCS.

MTU: 1522 bytes

Represents the VLAN-ID with 12 bits, so up to 4096 VLANs are supported

·Comparing ISL and 802.1Q has the following benefits:
1. It has lower overhead, so the forwarding efficiency is slightly higher, 4/30 bytes)
2. industry standards with wider support.
3. 802.1p fields supporting Qos. Is the 3bit PRI bit in the Tag)
　
If a device that does not support 802.1Q receives this frame, the device ignores the Tag in the frame and forwards it as a standard Ethernet frame.

·NativeVLANs
You can set an NativeVLANs in 802.1Q. The traffic in this VLAN does not need to be tagged. This technology is only available in dot1q.

802.1Q defines the Untag frame as NativeVLAN. VLAN1 by default) a small optimization method. The specified VLAN data is not identified by tags during transmission. The system knows this by default. Each vswitch must be the same. Only one VLAN can be used as the NativeVlan.
Sw1 (config-if) # switchporttrunknativevlan2

Sw1 # showintf0/6 switchport
　
· 802. 1Q-in-Q: (802.1 QTunneling)
802.1Q supports tunneling, allowing service providers to transmit user VLANs within their VLANs, keeping their VLAN allocation unique.

Service provider Configuration:
Sw1 (confit-if) # switchportaccessvlan30 route to the SP VLAN
Sw1 (confit-if) # switchportmodedotlq-tunnelQ-in-Q

Client Configuration:
Sw3 (config-if) # switchportmodetrunk
Sw3 (config-if) # switchporttrunkencapsulation [dot1q | isl]
Sw3 (config-if) # switchporttrunkallowedvlan1-100, 111
On this Trunk port only allow VLAN1-100, 111 of the traffic through)

DTPDynamicTrunkingProtocol)Cisco proprietary
· Send such packets on the exchange link to determine whether the two parties can form a Trunk.
· Five interface modes: Access, trunk, desirable, auto, (nonegotiate)

Send Receive DTP: DynamicTrunkProtol)
Access--This interface connects devices)
Trunk (on) √ unconditional Trunk on the local end. No matter whether the peer end starts trunk or not)
Desirable √ send and receive DTP, willing to be a Trunk.) This is the default type.
Auto × √ only receives DTP at ordinary times and is willing to become a Trunk)

Nonegotiate ×prohibit DTP information) usually used with trunk, that is, trunk, and no need to send DTP Frames

Sw1 (config-if) # switchportmodeaccess
Sw1 (config-if) # switchportmodedynamicdesirable default mode)
Sw1 (config-if) # switchportmodedynamicauto
Sw1 (config-if) # switchportmodetrunk
Sw1 (config-if) # switchportnonegotiate
Nonegotiate can only be used with trunk)

Sw1 (config-if) # switchporttrunkencapsulationdotlq specifies the Encapsulation Format

Sw1 # showinterfacetrunk

Sw1 # Showinterfacef0/24switchport view port configuration

Note: The default values 2950 and 3550 are dynamicdesirable and 3560 are dynamicauto.

---------------------------------------------------

VTPVLANTrunkProtocol)CISCO private Protocol
· Role: Used to synchronize VLAN information in the SWAp Area

· VTP is a layer-2 Message Protocol that manages VLAN addition, deletion, and modification in the VTP domain to maintain consistent VLAN configurations.
Vswitches can only transmit VTP information in 802.1Q/ISLTrunk.

· To implement VTP, you must first configure a VTP domain. Each vswitch can be configured with a VTP domain name. a vtp domain is composed of a group of vswitches with the same VTP domain names, one vswitch can only join one VTP domain.

· Three VTP modes:
Server Client Transparent mode)
Add/delete/modify VLANs √ × √ only valid locally)
Forward VTP (vlan) Information √
Synchronize vlan information √ ×
Save to NVRAM √ × √

· An important element of VTP:ConfigurationRevision configuration revision Version)
Each time a VLAN information is modified, the version number is added with 1. VLAN information is learned for SW with a lower version and SW with a higher version.
A higher version indicates a newer version.
If the revision number is higher than the current revision number

· The VTP information is advertised once every 5 minutes, or an update is triggered (when the VLAN configuration is changed ).

· VTP frame sending to multicast MAC address, 010020.ccc.cccc

· VTP has four types of messages:1. Summary announcement 2. subnet announcement 3. Announcement request 4. VTP addition message

· VTP synchronization is performed by a vswitch with a lower version number following a vswitch with a higher version number. The server and client who learns from the vswitch does not look at the mode, but the configuration version number.

· CISCO switches are in Server mode by default and have no domain names. Once a SW is configured with a domain name, other SW switches will learn.

· Factors affecting VTP: 1. trunk must be transmitted on trunk
2. domain name (same name required)
3. The password must be the same

Note:When the switch and the switch start Trunk in the negotiation mode, if The VTP information at both ends does not match, the Trunk cannot be started. Remember this.
Therefore, TRUNK has three associations:
1. encapsulation type
2. Interface Mode
3. Whether the VTP information at both ends matches. If the VTP information does not match, dynamic neighbor creation will be affected]

VTP Pruning

· VTP pruning can determine when Trunk is spreading unnecessary traffic. And trim the VLAN.

Sw1 (config) # vtppruning
On the Server side, other SW will learn.

· VTP version: V1/V2/V3)
The default value is V1. Cisco recommends that the versions in a domain be consistent.

Sw1 (config) # vtpversion2

Sw3 # vlandatabase
Sw3 (vlan) # vtpv2-mode

· VTP authentication:

Sw2 (config) # vtppasswordaaa

Sw3 # vlandatabase
Sw3 (vlan) # vtppasswordaaa

How to check whether the password is the same or different:
Sw2 # showvtppassword

Bytes ---------------------------------------------------------------------------------------------------------------

Common SWITCH configuration commands
Sw1 # showcdpneighborsdetail
Showmac-address-table view MAC address
Showmac-address-tableaging-time View MAC address aging time
Sw1 (config) # mac-address-tableaging-time150vlan10 modify aging time

Create VLAN
Sw1 (config) # vlan10
Sw1 (config) # namesales
On old models such as 2900, you must use the database mode to create one:
Sw1 # vlandatabase
Sw1 # vlan10namesales
Sw1 # exit: exit must be used here; otherwise, it cannot be exited.
Showvlan view VLAN
Showvlanbrief
Showinterfacesummary this command shows all the ports on the vswitch and the interfaces on which devices are connected.
Showinterfacestatus this command shows the active interface duplex mode, trunk, and which VLAN the interface belongs.

Route a port to a VLAN
Intf0/12
Switchportmodeaccess is specified as the access port) Mode
Switchportaccessvaln10 divides VLAN
Intferfacerangef0/5, f0/7, f0/12 divide multiple ports at the same time
Intferfacerangefastethernet0/5-8, fastethernet0/12-18
Start Trunk of the current vswitch
Intf0/24
Switchportmodetrunk forcibly starts Trunk
Access must be an Access port
Dynamicdesirable negotiation default)
Passive acceptance of Dynamicauto
Switchporttrunkencapsulationisl (dot1q | negotiate) Encapsulation mode. If the negotiate parameter is used, it indicates negotiation.
Sw1 (config-if) # switchportnonegotiate this interface does not send negotiation information, usually in combination with the trunk Mode
Switchporttrunknativevlan10 sets a VLAN that does not need to be tagged. As we all know, it must be consistent on each switch. The default value is vlan1.
VLAN used by Switchporttrunkallowedvlan10 to allow the trunk Port
Switchporttrunkallowedall allows all VLANs to pass through
Showinterfacetrunk
Showintf0/24 switchport

Configure VTP Domains
Sw1 (config) # vtpdomainchina
Sw1 (config) # vtpmodeserver | client | transparent
Configuration method on the old model:
Sw1 # vlandatabase
Sw1 # vtpdomainchina
Sw1 # vtpserver | client | transparent
Showvtpstatus
You can also set a password in VTP.

Complete inter-VLAN communication in a layer-3 Switch
Sw1 (config) # route entry for iprouting
Sw1 (config) # Use routerrip to enable the routing process and also use static routing.
Sw1 (config-router) # network100.1.1.0 declare the vlan cidr Block
Sw1 (config) # interfacevlan100
Sw1 (config-if) # ipaddress100.1.1.1 the IP address of the specified VLAN, which is also the gateway of the vlan cidr Block
Sw1 (config-if) # noshutdown

After creating a VLAN in a vswitch, a VLAN file is generated in FLASH. You can use the following commands to view and delete the VLAN.
Showflash
Deletevlan. dat
Deleteconfig. text Delete the configuration file