configuring catalyst switch operation
TRANSCRIPT
-
8/14/2019 Configuring Catalyst Switch Operation
1/50
2002, Cisco Systems, Inc. All rights reserved. 1
Configuring Catalyst Switch
OperationsModule 3
-
8/14/2019 Configuring Catalyst Switch Operation
2/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-2
Address learning
Forward/filter decision
Loop avoidance
Ethernet Switches and Bridges
-
8/14/2019 Configuring Catalyst Switch Operation
3/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-3
MAC Address Table
Initial MAC address table is empty.
-
8/14/2019 Configuring Catalyst Switch Operation
4/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-4
Learning Addresses
Station A sends a frame to station C.
Switch caches the MAC address of station A to port E0 bylearning the source address of data frames.
The frame from station A to station C is flooded out to all
ports except port E0 (unknown unicasts are flooded).
-
8/14/2019 Configuring Catalyst Switch Operation
5/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-5
Learning Addresses (Cont.)
Station D sends a frame to station C.
Switch caches the MAC address of station D to port E3 bylearning the source address of data frames.
The frame from station D to station C is flooded out to all ports
except port E3 (unknown unicasts are flooded).
-
8/14/2019 Configuring Catalyst Switch Operation
6/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-6
Filtering Frames
Station A sends a frame to station C.
Destination is known; frame is not flooded.
-
8/14/2019 Configuring Catalyst Switch Operation
7/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-7
Filtering Frames (Cont.)
Station A sends a frame to station B.
The switch has the address for station B in the MACaddress table.
-
8/14/2019 Configuring Catalyst Switch Operation
8/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-8
Station D sends a broadcast or multicast frame.
Broadcast and multicast frames are flooded to all portsother than the originating port.
Broadcast and Multicast Frames
-
8/14/2019 Configuring Catalyst Switch Operation
9/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-9
Cut-Through Switch checks destination
address and immediately
begins forwarding frame.
Fragment-Free Switch checks the first 64 bytes,
then immediatelybegins forwarding frame.
Store and ForwardComplete frame is received
and checked before
forwarding.
Transmitting Frames
-
8/14/2019 Configuring Catalyst Switch Operation
10/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-10 2002, Cisco Systems, Inc. All rights reserved. 10
Redundant Topology Overview
-
8/14/2019 Configuring Catalyst Switch Operation
11/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-11
Redundant topology eliminates single points of failure.
Redundant topology causes broadcast storms, multipleframe copies, and MAC address table instability problems.
Redundant Topology
-
8/14/2019 Configuring Catalyst Switch Operation
12/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-12
Host X sends a broadcast. Switches continue to propagate broadcast traffic
over and over.
Broadcast Storms
-
8/14/2019 Configuring Catalyst Switch Operation
13/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-13
Host X sends a unicast frame to router Y. MAC address of router Y has not been learned by
either switch yet.
Router Y will receive two copies of the same frame.
Multiple Frame Copies
-
8/14/2019 Configuring Catalyst Switch Operation
14/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-14
Host X sends a unicast frame to router Y. MAC address of router Y has not been learned by either switch. Switches A and B learn the MAC address of host X on port 0. The frame to router Y is flooded.
Switches A and B incorrectly learn the MAC address of host X on port 1.
MAC Database Instability
-
8/14/2019 Configuring Catalyst Switch Operation
15/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-15 2002, Cisco Systems, Inc. All rights reserved. 15
Spanning-Tree Protocol
Overview
-
8/14/2019 Configuring Catalyst Switch Operation
16/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-16
Provides a loop-free redundant network topology by
placing certain ports in the blocking state.
Spanning-Tree Protocol
-
8/14/2019 Configuring Catalyst Switch Operation
17/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-17
One root bridge per network
One root port per nonroot bridge
One designated port per segment
Nondesignated ports are unused
Spanning-Tree Operation
-
8/14/2019 Configuring Catalyst Switch Operation
18/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-18
Bpdu = Bridge Protocol Data Unit
(default = sent every two seconds)
Root bridge = Bridge with the lowest bridge ID
Bridge ID =
In the example, which switch has the lowest bridge ID?
Spanning-Tree ProtocolRoot Bridge Selection
-
8/14/2019 Configuring Catalyst Switch Operation
19/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-19
Spanning-tree transits each port throughseveral different states:
Spanning-Tree Port States
-
8/14/2019 Configuring Catalyst Switch Operation
20/50 2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-20
Spanning-Tree Port States (Cont.)
-
8/14/2019 Configuring Catalyst Switch Operation
21/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-21
Spanning-Tree Path Cost
-
8/14/2019 Configuring Catalyst Switch Operation
22/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-22
Spanning-Tree Example
-
8/14/2019 Configuring Catalyst Switch Operation
23/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-23
Spanning-Tree Recalculation
-
8/14/2019 Configuring Catalyst Switch Operation
24/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-24
Spanning-Tree Convergence
Convergence occurs when all the switch andbridge ports have transitioned to either theforwarding or the blocking state.
When the network topology changes,switches and bridges must recompute theSpanning-Tree Protocol, which disrupts usertraffic.
-
8/14/2019 Configuring Catalyst Switch Operation
25/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-25
Rapid Spanning-Tree Protocol
-
8/14/2019 Configuring Catalyst Switch Operation
26/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-26
Rapid Transition to Forwarding
-
8/14/2019 Configuring Catalyst Switch Operation
27/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-27 2002, Cisco Systems, Inc. All rights reserved. 27
Configuring a Catalyst Switch
-
8/14/2019 Configuring Catalyst Switch Operation
28/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-28
IP address: 0.0.0.0
CDP: enabled
100baseT port: autonegotiate duplex mode
Spanning tree: enabled
Console password: none
Catalyst 1900 and 2950 DefaultConfiguration
-
8/14/2019 Configuring Catalyst Switch Operation
29/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-29
wg_sw_1900#show run
Building configuration...Current configuration:!
!interface Ethernet 0/1!interface Ethernet 0/2
wg_sw_1900#show spantree
Port Ethernet 0/1 of VLAN1 is ForwardingPort path cost 100, Port priority 128Designated root has priority 32768, address 0090.8673.3340
Designated bridge has priority 32768, address 0090.8673.3340Designated port is Ethernet 0/1, path cost 0Timers: message age 20, forward delay 15, hold 1
wg_sw_1900#show vlan-membership
Port VLAN Membership Type Port VLAN Membership Type------------------------------------------------------------------1 5 Static 13 1 Static2 1 Static 14 1 Static
3 1 Static 15 1 Static
Port Names onCatalyst 1900 Switches
-
8/14/2019 Configuring Catalyst Switch Operation
30/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-30
wg_sw_2950#show run
Building configuration...Current configuration:!!interface FastEthernet0/1
!interface FastEthernet0/2
wg_sw_2950#show spantree
Interface Fa0/1 (port 7) in Spanning tree 1 is FORWARDINGPort path cost 19, Port priority 128Designated root has priority 32768, address 0008.a445.c980Designated bridge has priority 32768, address 0008.a445.c980Designated port is 7, path cost 0
Timers: message age 0, forward delay 0, hold 0BPDU: sent 8316, received 4
wg_sw_2950#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,Fa0/5, Fa0/6, Fa0/7, Fa0/8,Fa0/9, Fa0/10, Fa0/11, Fa0/12,Fa0/13, Fa0/14, Fa0/15, Fa0/16,Fa0/17, Fa0/18, Fa0/19, Fa0/20,Fa0/21, Fa0/22, Fa0/23, Fa0/24
Port Names onCatalyst 2950 Switches
C fi i h
-
8/14/2019 Configuring Catalyst Switch Operation
31/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-31
wg_sw_1900(config)#ip address 10.5.5.11 255.255.255.0
wg_sw_1900(config)#ip address {ip_address} {mask}
Configuring theSwitch IP Address
Configures an IP address and subnet mask on the switch
Catalyst 1900
wg_sw_2950(config)#interface vlan 1wg_sw_2950(config-if)#ip address 10.5.5.11 255.255.255.0
wg_sw_2950(config-if)#ip address {ip_address} {mask}
Configures an IP address and subnet mask for the switch VLAN1 interface
Catalyst 2950
C fi i th S it h D f lt
-
8/14/2019 Configuring Catalyst Switch Operation
32/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-32
wg_sw_a(config)#ip default-gateway {ip address} Configures the switch default gateway for the Catalyst 1900
and 2950 switches
Configuring the Switch DefaultGateway
wg_sw_a(config)#ip default-gateway 10.5.5.3
-
8/14/2019 Configuring Catalyst Switch Operation
33/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-33
Showing the Switch IP Address
Catalyst 1900
Catalyst 2950
wg_sw_1900#show ipIP address: 10.5.5.11Subnet mask: 255.255.255.0Default gateway: 10.5.5.3 Management VLAN: 1wg_sw_a#
wg_sw_2950#show interface vlan 1Vlan1 is up, line protocol is up
Hardware is Cat5k Virtual Ethernet, address is 0010.f6a9.9800 (bia 0010.f6a9.9800)Internet address is 172.16.80.79/24Broadcast address is 255.255.255.255. . .
wg_sw_2950#
-
8/14/2019 Configuring Catalyst Switch Operation
34/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-34
Duplex Overview
Half Duplex (CSMA/CD)
Unidirectional data flow
Higher potential for collision
Hubs connectivity
Full Duplex
Point-to-point only
Attached to dedicated switched port Requires full-duplex support on both ends
Collision-free
Collision detect circuit disabled
-
8/14/2019 Configuring Catalyst Switch Operation
35/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-35
wg_sw_1900(config)#interface e0/1
wg_sw_1900(config-if)#duplex {auto | full |full-flow-control | half}
Setting Duplex Options
Catalyst 1900
Catalyst 2950
wg_sw_2950(config)#interface fe0/1wg_sw_2950(config-if)#duplex {auto | full | half}
-
8/14/2019 Configuring Catalyst Switch Operation
36/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-36
Showing Duplex Options
Switch#show interfaces fastethernet0/3
FastEthernet0/3 is up, line protocol is downHardware is Fast Ethernet, address is 0000.0000.0003 (bia 0000.0000.0003)MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Half-duplex, 10Mb/sinput flow-control is off, output flow-control is offARP type: ARPA, ARP Timeout 04:00:00Last input never, output never, output hang neverLast clearing of "show interface" counters neverQueueing strategy: fifoOutput queue 0/40, 0 drops; input queue 0/75, 0 drops5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored0 input packets with dribble condition detected0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 2 interface resets0 babbles, 0 late collision, 0 deferred0 lost carrier, 0 no carrier0 output buffer failures, 0 output buffers swapped out
-
8/14/2019 Configuring Catalyst Switch Operation
37/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-37
wg_sw_1900#show mac-address-tableNumber of permanent addresses : 0Number of restricted static addresses : 0Number of dynamic addresses : 6
Address Dest Interface Type Source Interface List------------------------------------------------------------------00E0.1E5D.AE2F Ethernet 0/2 Dynamic All00D0.588F.B604 FastEthernet 0/26 Dynamic All
00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All0090.273B.87A4 FastEthernet 0/26 Dynamic All00D0.588F.B600 FastEthernet 0/26 Dynamic All00D0.5892.38C4 FastEthernet 0/27 Dynamic All
Managing the MAC Address Table
Catalyst 1900
Catalyst 2950
wg_sw_2950#show mac-address-tableDynamic Address Count: 1
Secure Address Count: 0Static Address (User-defined) Count: 0System Self Address Count: 25Total MAC addresses: 26 Maximum MAC addresses: 8192Non-static Address Table:Destination Address Address Type VLAN Destination Port------------------- ------------ ---- --------------------0050.0f02.3372 Dynamic 1 FastEthernet0/2
-
8/14/2019 Configuring Catalyst Switch Operation
38/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-38
wg_sw_1900(config)#mac-address-table permanent 2222.2222.2222 ethernet 0/3wg_sw_1900#show mac-address-tableNumber of permanent addresses : 1Number of restricted static addresses : 0Number of dynamic addresses : 4
Address Dest Interface Type Source Interface List------------------------------------------------------------------00E0.1E5D.AE2F Ethernet 0/2 Dynamic All2222.2222.2222 Ethernet 0/3 Permanent All00D0.588F.B604 FastEthernet 0/26 Dynamic All
00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All00D0.5892.38C4 FastEthernet 0/27 Dynamic All
wg_sw_1900(config)#mac-address-table permanent {mac-address typemodule/port}
Setting a Permanent MAC Address
wg_sw_2950(config)#mac-address-table staticmac_addr {vlan vlan_id} [interface int1 [int2 ... int15]]
Catalyst 1900 and 2950
Catalyst 2950 only
S tti R t i t d St ti MAC
-
8/14/2019 Configuring Catalyst Switch Operation
39/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-39
wg_sw_1900(config)#mac-address-table restricted static 1111.1111.1111 e0/4 e0/1wg_sw_1900#show mac-address-tableNumber of permanent addresses : 1Number of restricted static addresses : 1Number of dynamic addresses : 4
Address Dest Interface Type Source Interface List------------------------------------------------------------------1111.1111.1111 Ethernet 0/4 Static Et0/1
00E0.1E5D.AE2F Ethernet 0/2 Dynamic All2222.2222.2222 Ethernet 0/3 Permanent All00D0.588F.B604 FastEthernet 0/26 Dynamic All00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All00D0.5892.38C4 FastEthernet 0/27 Dynamic All
wg_sw_1900(config)#mac-address-table restricted static{mac-address type module/port src-if-list}
Setting a Restricted Static MACAddress on the Catalyst 1900
Setting a Restricted Static MAC
-
8/14/2019 Configuring Catalyst Switch Operation
40/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-40
wg_sw_2950#mac-address-table secure 0003.3333.3333 fa 0/1 vlan 1wg_sw_2950#show mac-address-table
Dynamic Address Count: 1Secure Address Count: 1Static Address (User-defined) Count: 1System Self Address Count: 25Total MAC addresses: 28 Maximum MAC addresses: 8192Non-static Address Table:Destination Address Address Type VLAN Destination Port------------------- ------------ ---- --------------------
0050.0f02.3372 Dynamic 1 FastEthernet0/20003.3333.3333 Secure 1 FastEthernet0/1Static Address Table:Destination Address VLAN Input Port Output Ports------------------- ---- ---------- -----------------------2222.2222.2222 1 ALL Fa0/1
Setting a Restricted Static MACAddress on the Catalyst 2950
wg_sw_2950(config)#mac-address-table securehw-addr interface [vlan vlan-id]
-
8/14/2019 Configuring Catalyst Switch Operation
41/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-41
wg_sw_1900(config)#interface e0/4wg_sw_1900(config-if)#port secure
wg_sw_1900(config-if)#port secure max-mac-count 1
wg_sw_1900(config-if)#port secure [max-mac-count count]
Configuring Port Security
Catalyst 1900
Catalyst 2950
wg_sw_2950(config-if)#port security max-mac-count count
wg_sw_2950(config)#interface fa0/1wg_sw_2950(config-if)#port securitywg_sw_2950(config-if)#port security max-mac-count 10
Verifying Port Security
-
8/14/2019 Configuring Catalyst Switch Operation
42/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-42
wg_sw_1900#show mac-address-table security
wg_sw_1900(config)#address-violation {suspend | disable | ignore}
wg_sw_1900#show mac-address-table securityAction upon address violation : Suspend
Interface Addressing Security Address Table Size--------------------------------------------------------------
-Ethernet 0/1 Disabled N/AEthernet 0/2 Disabled N/AEthernet 0/3 Disabled N/AEthernet 0/4 Enabled 1Ethernet 0/5 Disabled N/AEthernet 0/6 Disabled N/AEthernet 0/7 Disabled N/A
Ethernet 0/8 Disabled N/AEthernet 0/9 Disabled N/AEthernet 0/10 Disabled N/AEthernet 0/11 Disabled N/AEthernet 0/12 Disabled N/A
Verifying Port Securityon the Catalyst 1900
Verifying Port Security
-
8/14/2019 Configuring Catalyst Switch Operation
43/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-43
wg_sw_2950#show mac-address-table secure
wg_sw_2950#show port-security
wg_sw_2950#show mac-address-table secureNon-static Address Table:Destination Address Address Type VLAN Destination Port------------------- ------------ ---- --------------------0003.3333.3333 Secure 1 FastEthernet0/1
Verifying Port Securityon the Catalyst 2950
wg_sw_2950(config-if)#port security action {shutdown | trap}
Executing Adds Moves and Changes
-
8/14/2019 Configuring Catalyst Switch Operation
44/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-44
Executing Adds, Moves, and Changesfor MAC Addresses
Adding a MAC Address
2. Configure port security.
3. Configure the MAC address.
Changing a MAC Address2. Remove MAC address restrictions.
Moving a MAC Address
Add the address to a new port.
Configure port security on thenew switch.
Configure the MAC address to theport allocated for the new user
Remove the old port configuration.
Adding a New Switch
-
8/14/2019 Configuring Catalyst Switch Operation
45/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-45
Adding a New Switchto the Network
Determine the IP address formanagement purposes.
Configure administrative access forthe console, auxiliary, and virtualterminal (VTY) interfaces.
Configure security for the device.
Configure the access switch portsas necessary.
-
8/14/2019 Configuring Catalyst Switch Operation
46/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-46
wg_sw_1950#copy nvram tftp://10.1.1.1/wgswd.cfgConfiguration upload is successfully completed
wg_sw_1950#copy tftp://10.1.1.1/wgswd.cfg nvramTFTP successfully downloaded configuration file
wg_sw_1900#copy tftp://host/src_file nvram
wg_sw_1900#copy nvram tftp://host/dst_file
Managing the Configuration File
Catalyst 1900
wg_sw_2950#copy startup-config tftp://host/dst_file
Catalyst 2950
-
8/14/2019 Configuring Catalyst Switch Operation
47/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-47
Resets the system configuration to factory defaults
Clearing NVRAM
wg_sw_1900#delete nvram
Resets the system configuration to factory defaults
wg_sw_2950#erase startup-config
Catalyst 1900
Catalyst 2950
-
8/14/2019 Configuring Catalyst Switch Operation
48/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-48
Summary
A Catalyst switch comes with factory default settings thatcan be displayed with the show command.
To configure an IP address and subnet mask on a switch,use the ip address command. To configure a default
gateway, use the ip default-gateway command. Half-duplex transmission uses collision detection. The
faster full-duplex mode is used for directly connecteddevices where collision detection isnt needed.
Use the duplex command to configure switch duplexoptions.
MAC address tables include dynamic, permanent, andstatic addresses. Use the mac-address-table command toset permanent and static addresses.
-
8/14/2019 Configuring Catalyst Switch Operation
49/50
2002, Cisco Systems, Inc. All rights reserved. ICND v2.03-49
Summary (Cont.)
Use the mac-address-table restricted static commandto associate a restricted static address with a particular port.
Secured ports restrict the use of a port to a user-defined
group of stations, set with the port secure command. As your network endpoint topology changes by adding new
devices or interfaces, or moving or changing existing ones,you may need to modify the switch configuration.
The copy command can be used to copy a configurationfrom or to a file server, while the delete nvram commandresets the switch configuration to the factory defaultsettings.
-
8/14/2019 Configuring Catalyst Switch Operation
50/50