- Definition
- Performs the same basic core functions as a but at much faster speeds and with enhanced features. If the network has no hub, each single link is considered its own collision domain
Types
By Layer
- Layer 2 Switches
- typically send/receive frames
- will not forward data between two s
- does not forward frames outside a VLAN
- Layer 3 Switches
- Using 2 devices (switch + router)
- also called router on a stick
- because of performance and costs both devices have been integrated into a single one (with the same functions)
Collision domains
- A collision domain is a set of network interface cards (NIC) for which a frame sent by one NIC could result in a collision with a frame sent by any other NIC in the same collision domain.
- A broadcast domain is a set of NICs for which a broadcast frame sent by one NIC is received by all other NICs in the same broadcast domain.
Loop prevention
Using .
Example
Internal frame processing
- store-and-forward
- the switch must receive the entire frame before forwarding the first bit of the frame
- checks FCS for errors before forwarding
- cut-through (Cisco)
- forward the frame before the entire frame has been received
- the switch starts sending the frame as soon as possible
- reduces latency
- the FCS is not being checked -> the frame might be corrupt
- fragment-free (Cisco)
- forward the frame before the entire frame has been received
- works like cut-through but tries to reduce the number of errored frames
- receives first 64 bytes of the frame before forwarding
Segmenting Ethernet devices
Port security
Port security has several flexible options, but all operate with the same core concepts. First, switches enable port security per port, with different settings available per port. Each port has a maximum number of allowed MAC addresses, meaning that for all frames entering that port, only that number of different source MAC addresses can be used in different incoming frames before port security thinks a violation has occurred. When a frame with a new source MAC address arrives, pushing the number of MAC addresses past the allowed maximum, a port security violation occurs. At that point, the switch takes action—by default, discarding all future incoming traffic on that port.
Steps:
- Define a maximum number of source MAC addresses allowed for all frames coming in the interface.
- Watch all incoming frames, and keep a list of all source MAC addresses, plus a counter of the number of different source MAC addresses.
- When adding a new source MAC address to the list, if the number of MAC addresses pushes past the configured maximum, a port security violation has occurred. The switch takes action (the default action is to shutdown the interface).
Example
Actions
There are links between switches. There are 2 types of links:
Access links/ports
Belong to only one VLAN at a time
Commands
– Create VLAN
|
|
– Apply VLAN to a port
- Option 1
<!– –>
|
|
- Option 2
<!– –>
|
|
– Show interfaces
|
|
Trunk links/ports
These will carry more then one VLAN at a time.
- Frame tagging
- Each Frame between SW1 and SW2 will have an ID to identify the VLAN Using 2 protocols: ISL () and (dot1q).
- ISL
- Only between Cisco Devices Encapsulates the original frame into a new one Has an ID field
- dot1q
- Insert information into original frame 4 Bytes of additional information
- Native VLAN
- Transverses the link w/o tagging
Dynamic trunking protocol (DTP)
- Dynamic desirable
- The port will send DTP frabetmes and respond to DTP frames
- All Cisco switches modesl with xx50 have ports in dynamic desirable mode
- Dynamic auto
- The port will respond to DTP frames from other side
- But will NOT initiate trunking
- Switches models end with xx60 will have all ports in dynamic mode
- On
- Sets the local port to trunking unconditionally
- Will send AND respond to DTP frames
Commands
- Desirable mode
<!– –>
|
|
- On mode
<!– –>
|
|