Skip to main content

Network Switching

Switch Components

Memory TypePurpose
NVRAMStartup Configuration
RAMRunning Configuration
ROMBootstrap Code
POST Code
ROM Monitor
Flash MemoryCisco IOS Software
Backup Configuration

Implementing VLANs and Trunks

VLAN Introduction

A Virtual Local Area Network (VLAN) is a network technology that allows for the logical separation of network devices into different broadcast domains, regardless of their physical location. By segmenting networks into VLANs, network administrators can group devices together based on factors such as function, department, or project team, rather than their physical proximity within the network’s architecture.

The primary purpose of VLANs is to improve the efficiency and security of a network by reducing broadcast traffic, enhancing the management of network traffic, and isolating sensitive data. This segmentation helps in limiting broadcast traffic to devices within the same VLAN, thus reducing unnecessary load on other devices and improving overall network performance. It also enables policies and security measures to be applied to specific groups of users or devices, enhancing the network's security posture.

In essence, VLANs provide flexibility, scalability, and control over network traffic flow and access, making them a crucial component in the design and operation of modern networks. They are widely used in various environments, from small business networks to large enterprise and data center networks, allowing for more efficient use of resources and improved network management.

Creating a VLAN

Switch# conf t
Switch(config)# vlan 10
Switch(config-vlan)# name Engineering
note

The VLAN name is an ASCII string from 1 to 32 characters and must be unique within the administrative domain.

Valid VLAN ranges on Cisco Catalyst switches:

VLANsRange TypeUsage
0, 4095ReservedFor system use only.
1NormalThe Cisco default VLAN on a switch. Usable, but it cannot be deleted or renamed. All interfaces are in this VLAN by default.
2-1001NormalUsed for Ethernet VLANs.
1002-1005NormalUsed for legacy Token Ring and FDDI VLANs. These cannot be deleted.
1006 - 4094ExtendedUsed for Ethernet VLANs.

Cisco's VLAN Trunking Protocol (VTP) is a proprietary protocol used for managing the addition, deletion, and renaming of VLANs on a network-wide basis from a centralized switch, thus simplifying VLAN management across Cisco switches. VTP allows network administrators to make changes to the VLAN configuration on one designated VTP server, and those changes are then automatically propagated to all other switches in the VTP domain. This ensures consistent VLAN configuration across all switches, reducing the potential for configuration errors and simplifying the administration of VLANs, especially in large networks.

VTP operates in three modes:

  1. Server mode, where switches can create, modify, and delete VLANs.
  2. Client mode, where switches receive updates but cannot make changes.
  3. Transparent mode, where switches do not participate in VTP but can forward VTP messages to other switches in the VTP domain.

Assigning a Port to a VLAN

Switch# conf t
Switch(config)# int e0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 2

Configuring a range of interfaces

interface range e0/1-3

Resetting interfaces to default config

default interface e0/1

Configuring a voice VLAN

Switch# conf t
Switch(config)# vlan 10
Switch(config-vlan)# name telephony

Assigning an interface to the voice VLAN

Switch# conf t
Switch(config)# int e0/2
Switch(config-if)# switchport mode access
Switch(config-if)# switchport voice vlan 10
note

If a VLAN is deleted to which a port belongs, then the port will become inactive and unable to communicate with the rest of the network. The show interface e0/1 switchport command can be used to check whether a port is inactive.

Trunking with 802.1Q

IEEE 802.1Q is a networking standard that defines a method for inserting VLAN (Virtual Local Area Network) tags into Ethernet frames. This standard is crucial for VLAN tagging and trunking, allowing multiple VLANs to share a single physical network infrastructure without interference between them. The 802.1Q tag, inserted into the Ethernet frame header, includes a VLAN identifier (VID) that specifies which VLAN the frame belongs to, enabling switches to direct frames to the appropriate VLANs. This tagging mechanism supports up to 4096 VLANs, providing the flexibility to segment network traffic efficiently for improved security, performance, and network management. By facilitating the coexistence of multiple VLANs over the same network link, 802.1Q plays a vital role in modern network environments, allowing for the scalable and flexible deployment of networks.

Anatomy of a VLAN Tag

Ethernet frame that includes a VLAN tag (as specified by IEEE 802.1Q) incorporates several components within the VLAN tag structure. The VLAN tag itself is inserted into the Ethernet frame between the Source Address and the Ethertype/Length fields. This tag, which is 4 bytes (32 bits) long, is composed of the following components:

  1. Tag Protocol Identifier (TPID): The TPID is a 2-byte (16-bit) field set to a value of 0x8100 to indicate that the frame carries an 802.1Q VLAN tag.
  2. Tag Control Information (TCI): Following the TPID, the TCI is a 2-byte (16-bit) field that contains three subfields:
    • Priority Code Point (PCP): A 3-bit field used to specify the frame's priority level, with values ranging from 0 (lowest priority) to 7 (highest priority). This is used for Quality of Service (QoS) and traffic class management.
    • Drop Eligible Indicator (DEI): A 1-bit field (previously known as the Canonical Format Indicator or CFI) that can be used to mark frames eligible to be dropped in the presence of congestion.
    • VLAN Identifier (VID): A 12-bit field specifying the VLAN to which the frame belongs. This field can define up to 4096 VLANs (0-4095), where VLAN IDs 0 and 4095 are reserved, leaving 1-4094 available for use.

Configuring an interface as a VLAN trunk

SW1# conf t
SW1(config)# int e0/0
SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport trunk native vlan 999
SW1(config-if)# switchport mode trunk

Building Redundant Switched Topologies

Issues in Redundant Topologies

Layer 2 networks with redundant physical links are vulnerable to the following conditions:

  • Continuous frame duplication: Switches by design flood frames to all ports except the port which the frame was received. When redundant physical links are introduced between switches without a loop-avoidance process, switches will end up receiving multiple copies of the same frame and continuously forward frames endlessly around the topology.
  • Multiple frame transmission: Occurs when multiple copies of the same frame are delivered to destination devices. Since many protocols only expect to receive one copy of a frame, program instability can occur when multiple copies are received.
  • MAC database instability: Occurs when two different ports on a switch receive the same copy of an Ethernet frame and the switch continuously updates its MAC address table.

Spanning Tree Operation

  • STP uses bridge protocol data units or BPDUs for communication between switches.
  • STP forces specific ports into a blocking state so that those ports do not listen to, forward, or flood data frames. This results in only one physical path to each network segment being active at any time.
  • If any connection problems occur on the active network path then STP will activate any previously inactive paths by changing a blocked port state to the forwarding state.

Spanning Tree Algorithm

  1. All switch interfaces on all switches start in a blocking state.
  2. The switches elect a root bridge based on the switch with the lowest bridge identifier (BID). If switches have all the same BID, then the switch with the lowest MAC address is elected as root. There can be only one root bridge per network and if it fails, then the switch with the next lowest BID becomes root. Primary and secondary root bridges can also been enabled on Cisco switches.
  3. Each nonroot switch will determine a root port which is the best path to the root bridge. The path cost is calculated based upon the cumulative STP cost of all links to the root bridge.
  4. On each segment of the network, a designated port is selected based on the lowest root path cost. On root bridges, every switch port is a designated port. Each network segment will have one designated port.
  5. Root and designated ports are placed into the forwarding state while all other ports remain in the blocking state.

STP Path Costs

Data RateSTP Cost (802.1D-1998)STP Cost (802.1D-2004)
4 Mbps2505,000,000
10 Mbps1002,000,000
16 Mbps621,250,000
100 Mbps19200,000
1 Gbps420,000
2 Gbps310,000
10 Gbps22,000

STP Port Roles

Port RoleDescription
Root portAll nonroot switches will have a root port which is the port with the lowest STP path cost. This port is responsible for forwarding traffic towards the root bridge.
Designated portAll switches will have a desingated port. On root bridges, each port is a designated port. On nonroot bridges, the designated port is the port which receives and forwards frames to the root bridge. There can only be one designated port per network segment. The desingated port is responsible for populating MAC address table entries for the network segment attached to the port.
Nondesignated portThe nondesignated port blocks data frames and does not populate the MAC address table with source addresses of frames seen on that network segment.
Disabled portA shut down port on a switch.

Types of Spanning Tree Protocols

Varieties of STP

  • STP (IEEE 802.1D): Legacy standard protocol which provides a loop-free topology in a network with redundant links.
  • PVST+: Cisco's enhancement of 802.1D which provides a separate STP instance for each VLAN.
  • MSTP (IEEE 802.1s): IEEE standard which maps multiple VLANs into the same STP instance.
  • RSTP (IEEE 802.1w): Evolution of 802.1D which provides faster convergence of STP.
  • Rapid PVST+: Cisco's enhancement of RSTP which uses PVST+ and provides a separate 802.1w instance per VLAN.

Comparison of STP

ProtocolStandardResourced NeededConvergenceNumber of Trees
STP802.1DLowSlowOne
PVST+CiscoHighSlowOne for every VLAN
RSTP802.1wMediumFastOne
Rapid PVST+CiscoVery highFastOne for every VLAN
MSTP802.1sMedium or highFastOne for multiple VLANs

PortFast and BPDU Guard

PortFast is used to expedite the process of connecting end devices to the network by skipping STP delay, improving the user experience by providing immediate network access. BPDU Guard serves as a safeguard, ensuring that these fast-tracked ports do not inadvertently cause network issues by receiving STP information they're not supposed to process. Together, these features enhance network performance and security, especially in environments with a lot of end devices connecting and disconnecting from the network.