CST3607 Class Notes 2022-04-12

News & Tools

Self-Evaluation

  • At this point in the semester, you should be confident in your understanding of Cisco IOS, routing protocols, troubleshooting, etc., to complete Lab-04 (OSPF, Serial, DHCP), using primarily the network diagram as your guide, with 100% accuracy, in less than 30 minutes.
  • If that’s not the case, then you must practice, practice, practice, to gain the necessary skills and confidence.
  • Practice makes improvement.

Layer 2 Switching

The three functions of a switch.

  • Address learning
  • forward/filter decisions
  • loop avoidance.

CAM (Content Addressable Memory)

  • The CAM table, or content addressable memory table, is present in all Cisco Catalysts for layer 2 switching. It is used to record a stations mac address and its corresponding switch port location. In addition, a timestamp for the entry is recorded and it’s VLAN assignment.
  • The CAM table is used in multi-layer switching for the purpose of quickly switching frames to their destination. The switch looks at the incoming frame’s source MAC address and enters it into the CAM table and keeps it there for 300 seconds before aging out. This is the default value.

Configuring an IP address on a switch

  • The Management VLAN Interface, is a routed interface on every Cisco switch and is called interface VLAN 1.

Port Security on a Switch

  • Protect: When the number of secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses. 
    You are not notified that a security violation has occurred.
  • Restrict: When the number of secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses. 
    In this mode, you are notified that a security violation has occurred. An SNMP trap is sent, a syslog message is logged, and the violation counter increments.
  • Shutdown: A port security violation causes the interface to become error-disabled and to shut down immediately, and the port LED turns off. When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands. This is the default mode.

Restrict and shutdown violation modes alert you via SNMP that a violation has occurred on a port. 

Spanning Tree Protocol (STP)

  • The function of Spanning Tree Protocol (STP) is to prevent Layer 2 switching loops and broadcast storms in a Local Area Network (LAN).
  • The Spanning Tree Protocol (STP) allows redundant links in a network to prevent complete network failure if an active link fails, without the danger of Layer 2 Switching loops.

Bridge Protocol Data Unit (BPDU)

  • Bridge Protocol Data Units (BPDUs) are messages exchanged between the switches inside an interconnected redundant Local Area Network (LAN).
  • Bridge Protocol Data Units (BPDUs) frames contain information regarding the Switch ID, originating switch port, MAC address, switch port priority, switch port cost etc.
  • Bridge Protocol Data Units (BPDUs) frames are sent out as multicast messages regularly at multicast destination MAC address 01:80:c2:00:00:00. When Bridge Protocol Data Units (BPDUs) are received, the Switch uses a mathematical formula called the Spanning Tree Algorithm (STA) to know when there is a Layer 2 Switch loop in network and determines which of the redundant ports needs to be shut down.
  • The basic purpose of the Bridge Protocol Data Units (BPDUs) and the Spanning Tree Algorithm (STA) is to avoid Layer 2 Switching loops and Broadcast storms.

Spanning Tree Protocol (STP): Port States

The ports on a switch with enabled Spanning Tree Protocol (STP) are in one of the following four port states.

Blocking

  • A port in the blocking state does not participate in frame forwarding and also discards frames received from the attached network segment.
  • During blocking state, the port is only listening to and processing BPDUs on its interfaces.

Listening

  • During the listening state the port discards frames received from the attached network segment and it also discards frames switched from another port for forwarding.
  • At this state, the port receives BPDUs from the network segment and directs them to the switch system module for processing.

Learning

  • During the learning state, the port is listening for and processing BPDUs.
  • In the listening state, the port begins to process user frames and starts to update the MAC address table.
  • But the user frames are not forwarded to the destination.

Forwarding

  • A port in the forwarding state forwards frames across the attached network segment.
  • In a forwarding state, the port will process BPDUs, update its MAC Address table with frames that it receives, and forward user traffic through the port.
  • Forwarding State is the normal state.

Note: “Disabled” is not one of the four STP port states. Disabled (technically, is not a transition state). A port in the administratively disabled state doesn’t participate in frame forwarding or STP. A port in the disabled state is virtually nonoperational.

Summary of the four port states

StateForward FramesLearn MAC AddressesDuration
BlockingNoNo20 seconds
ListeningNoNo15 seconds
LearningNoYes15 seconds
ForwardingYesYes

Reference

VLAN (Virtual Local Area Network)

  • VLAN 1 is the default Ethernet VLAN
  • VLANs 1002 through 1005 are automatically created and cannot be deleted
  • What are the maximum number of VLANs, including the reserved VLANs?
  • Trunking
    • What is the purpose of a Trunk port?
  • IEEE 802.1Q Encapsulation

InterVLAN Routing

  • A Stub router, One-armed router or Router on a Stick (RonS) is a router configured to route traffic between virtual local area networks (VLANs).
  • It has only a single Ethernet NIC that is part of two or more Virtual LANs, enabling them to be joined.
  • The physical interface is divided into logical interfaces (known as sub-interfaces), one for each VLAN, configured as trunk interfaces.
  • Search: Router on a Stick

SVI (Switched Virtual Interface)

  • A Switch Virtual Interfaces (SVI) represents a logical Layer 3 interface on a switch.
  • VLANs divide broadcast domains in a LAN environment. Whenever hosts in one VLAN need to communicate with hosts in another VLAN, the traffic must be routed between them. This is known as inter-VLAN routing. On Layer 3 switches it is accomplished by the creation of Layer 3 interfaces (SVIs).

VLAN Diagnostic Commands

  • S1# show vlan
  • S1# show vlan brief
  • S1# show interface trunk
  • S1# show interfaces switchport
  • S1# show interface fa0/15 switchport
  • S1# show running-config
  • S1# show arp
  • S1# clear arp

VLAN Resources

Hands-on Lab-06

  • Layer 2 Switching
  • Get the Lab Assets from the Downloads page.

Study for Exam 2