Ethernet Layer 1: Wiring Speed and Duplex

- 10BASE-T and 100BASE-TX use two twisted pair (pairs 2 and 3), with one pair used in transmission in each direction. - Straight-trough: 1-1, 2-2, 3-3, 6-6 - Cross-over: 1-3. 2-6, 3-1, 6-2 - Why we need a straight-through cable for PC-switch and a cross-over for switch-switch? Because PCs send on pair 1-2 and receive on 3-6, while the switches do the opposite, send on 3-6 and receive on 1-2. Therefore a switch needs a cross-over cable to connect to another switch. - Auto-MDIX (automatic media independent interface crossover) detects the wrong cable and causes the switch to swap the pair it uses for tx and rx. - By default the switches use Ethernet auto-negotiation to determine the speed and duplex setting (half or full). - It can be set manually with duplex and speed commands - Switches detect duplex with auto-negotioation only. If both end have auto-negotiation enabled, the duplex is negotiated. If it s is configured statically (that is the autonegotiation is disabled) the devices assume a default that is HDX for 10 and 100 Mb interfaces and FDX for 1Ge.

Virtual LANs and VLAN Trunking

+ A VLAN is an administratively defined subset of switch ports that belong to the same bradcast domain. + Typically there is a one-to-one relationship between VLANs and IP subnets + It is possible to put multiple subnets on a single VLAN and use seconday IP addresses on routers to route between VLANs and subnets. + To forward frames between two VLANs, we need a MLS switch or a router. + To create a VLAN we operate on the VLAN database + In VLAN database configuration mode we create the VLANSs, we can set parameters on each VLAN and we can verify the VTP (VLAN Trunking Protocol) configuration + Only normal-range (VLAN 1-1005) VLANs can be configured in this mode. + Relevant commands: vlan database to move into vlan database configuration mode show current lists the VLAN available apply add the proposed VLAN show proposed show the proposed VLANs not yet applied After VLAN creation, switch ports must be assigned to VLAN Example: Switch3(config)# int fa 0/3 Switch3(config-if)# switch port access vlan 21 Cisco IOS switches support VLAN creation by using configuration mode: Switch3(config)# int fa 0/8 Switch3(config-if)# switch port access vlan 31 Switch3(config-if)# exit

Switch3(config)# vlan 32 Switch3(config-vlan)# name ccie-vlan-32 Switch3(config-vlan)# ^Z Switch3# show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- -------------------------1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5 Fa0/6, Fa0/9, Fa0/10, Fa0/11 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23 21 VLAN0021 active Fa0/7 22 ccie-vlan-22 active Fa0/3 31 VLAN0031 active Fa0/8 32 ccie-vlan-32 active Note that ccie-vlan-32 has not been assigned any port, so it does not list any interface. Private VLANs When it's needed to have one single subnet but to separate the ports in different broadcast domain, a Private VLAN can be used. It basically separates the switch ports so they cannot talk directly. The switch ports can be characterized as: - Ports that need to communicate with all the devices - Ports that need to communicate with each other and with shared devices (routers) - Ports that need to communicate only with shared devices

Hot Standby Router Protocol

One router is the Active and the other is Standby. The decision about which device is the active forwarder is the HSRP Priority (100 is the default): the higher, the better. The priority is non-preemptive, that is if changed, it does not become active immediately. It can be overridden with the hsrp preempt command. The protocol works on Hello exchanged over UDP (224.0.0.2 port 1985). Multiple groups can be configured, that is one device can be active for one group and standby on another group. Interface tracking monitor the status of an interface so if that interface fails, the HRSP group switches.

IEEE 802.1D Spanning Tree Protocol

Spanning Tree Protocol provides network link redundancy to recover from failures without intervention in a timely manner. Switches communicate by exchanging Bridge Protocol Data Units (BPDU), sent to the well-known multicast address 01-80-c2-00-00-00. The BPDU source MAC address is the one of the port the BPDU is sent out from. Two types of BPDU exist:   Configuration BPDU, used for spanning-tree computation Topology Change Notification (TCN) BPDU, used to announce changes in the network topology. The configuration BPDU is composed by: Field Description Protocol ID (always 0) Version (always 0) Message Type (Configuration or TCN) Flags Root Bridge ID Root Path Cost Sender Bridge ID Port ID Message Age (in 256th of a second) Maximum Age (in 256th of a second) Hello time (in 256th of a second) Forward Delay (in 256th of a second) Number of bytes 2 bytes 1 byte 1 byte 1 byte 8 bytes 4 bytes 8 bytes 2 bytes 2 byte 2 byte 2 byte 2 byte

BPDU are sent out of all switch ports every 2 seconds. Switches go through four steps for their initial convergence and determine a loop-free path to every LAN segment: 1. Elect one Root Bridge 2. Elect one Root Port per non-Root Bridge 3. Elect one Designated Port per segment 4. Block all remaining ports

Elect one Root Bridge

For all switches to agree to a loop-free topology, a common reference point in the network must be identified. This reference point is called root bridge. There is only one root bridge for bridged network. To make one switch to become a root bridge, an election process is established among all the switches in the network. The winning factor of this election is the Bridge ID of switches, which is a value that identifies the switches in the network. The bridge ID is a 8-byte value consisting of the following fields:  Bridge Priority (2 bytes): It represents the priority of the switch in relation to the other switches in the network. It can have a value from 0 to 65535 and it defaults to 32768 (0x8000) on every Catalyst switch. MAC Address (6-bytes): The MAC address used by the switch. It is derived usually from the backplane or from a pool of addresses depending of the model of the switch. This address is hardcoded and it can t be changed.

The election process starts by every switch sending BPDU out of every port with a Root Bridge ID that is equal to its own bridge ID and a sender bridge ID equal to its own bridge ID. The sender bridge ID identifies the bridge that is sending the BPDU. Every switch that receives BPDU checks them to see if there is a better root bridge announced. A bridge is considered better if it has a lower bridge ID. That means if the priorities are left untouched, it s just the MAC address taken into consideration and the lower MAC address makes the bridge better. When a bridge hears about a better bridge ID, it start announcing this bridge ID as the Root Bridge ID in the Configuration BPDU, replacing its own bridge ID that was used as the root bridge ID until then. The bridge still identifies itself as the Sender Bridge ID. Eventually the election converges, and all switches agree on the notion that one of them is the root bridge. To summarize: All bridges first assume they are root (BPDU with RootID = BID; Path Cost = 0) All bridges have an 8 byte bridge ID 2 bytes bridge priority, 6 bytes MAC address, i.e: 32768:0080.acff.0003 Lowest bridge ID (BID) becomes root Lower bridge priority has a greater chance of becoming root

Elect one Root Port per non-Root Bridge

Now that a reference point has been identified, each non-Root switch must figure out where it is in relation to the root bridge. Each non-Root bridge must select one and only one root port, which point to the root bridge. The root port is determined by calculating the cost to reach the root bridge, called root path cost. This value is the cumulative cost of all the links leading to the root bridge. Each bridge announces the root path cost for each port ID in the BPDU. As root path cost travels along the network each switch adds its own path cost (locally calculated based on the interface type) to reach the root to the root path cost received in the BPDU calculating its own root path cost that will in turn announce in the BPDU.

The path cost (1-byte value) for each interface type is shown in the following table: Link Bandwidth 4 Mbps 10 Mbps 16 Mbps 45 Mbps 100 Mbps 155 Mbps 622 Mbps 1 Gbps 10 Gbps Old STP Cost 250 100 63 22 10 6 2 1 0 New STP Cost 250 100 62 39 19 14 6 4 2

The root path cost value is determined in the following manner: 1. The root bridge sends out a BPDU with the root past cost value of 0 because its ports sit directly on the bridge. 2. The next close neighbor receives the BPDU and adds the path cost of the port on which it receives the BPDU. 3. The neighbor sends out BPDU with the new cumulative value as the root path cost. 4. This action is repeated at every switch down the line. If a switch receives a BPDU on another port with a lower root path cost, this new lower value becomes the new root path cost. The lower cost also tells the switch that there is a better path to the root using this port than it was on other port. The switch has now determined which port has the best path to the root: the root port.

To summarize:

Root port determined using lowest cost to root bridge BPDU received on a port determines the values for transmitted BPDUs Port cost of transmitted BPDUs = (path cost in received BPDU) + (port cost of port that receives BPDU)

Port with the lowest cost to the root bridge = root port

Elect one Designated Port per segment

Now the network has a reference point, the root bridge; every switch has also determined the best path to the root. A tree structure is beginning to emerge, but links are still all connected and the chance of bridging loop is still present. To remove the possibility of a bridging loop, STP makes a final computation to identify the designated port for each network segment.