Switching

Ethernet 802.
x
Capas IEEE dentro del modelo OSI
Los estándares para Ethernet (IEEE 802.3) especifican -mediante subcapas-

elementos que se encuentran en ubicados en las capas 1 y 2 del modelo OSI
IEEE
Nivel OSI Subcapa de Control de 802.2
ENLACE
Enlace Lógico (LLC)
7 Aplicación
6 Presentación Subcapa de Control de
Ethernet
Sesión Acceso al Medio (MAC)
5
4 Transporte
Subcapas de
FÍSICA
3 Red Señalización física

80
2 Enlace 2
Especificaciones
.
1 Física del medio 3
2
Capas del protocolo IEEE
802
El Comité IEEE 802 ha desarrollado una
arquitectura de protocolos, adoptada por otros.
Modelo de Referencia
Aplicación
IEEE 802
Presentación
Sesión Protocolos Puntos de
Acceso al
Transporte de la capas Servicio LLC
Red superiores (LSAP)
Control de Enlace
Enlace de Lógico-LLC
datos Control deAcceso Normas
al medio-MAC
IEEE802
Físico Físico
Medio de transmisión Medio de transmisión
3
Encapsulamiento del protocolo
LAN
Datos deAplicación
Cabecera Datos deAplicación

TCP
Cabecera Cabecera Datos de Aplicación

IP TCP
Cabecera Cabecera Cabecera Datos de Aplicación

LLC IP TCP
Cabecera Cabecera Cabecera Cabecera Datos de Aplicación Partefinal

MAC LLC IP TCP de MAC
Cola de
Cabecera de trama Datos deAplicación
trama
4
Estándares IEEE 802
Comités de la serie IEEE 802

802.1 Interlace de Alto Nivel
802.2 Control de Enlace Lógico
802.3 CSMA/ CD
802.4 Token-PassingBus
802.5 Token-PassingRing
802.6 Redes de Área Metropolitana
802.7 Grupo de Consejo Técnico de Broadband
802.8 Grupo de Consejo Técnico de Fibra Óptica
802.9 Redes de Voz y Datos Integrados
802.10 Seguridad en Redes
802.11 LAN’s sin cables 5
Estándares de IEEE vs.
ISO / OSI Referencia
Modelo OSI
802.1 Interfax de Alto Nivel
(Internet working) Red
802.2 Control de Enlace Lógico
802.3 802.4 802.5 802.6 Enlace de

Control de Control de Control de Control de Datos
Acceso al Acceso al Acceso al Acceso al
Medio Medio Medio Medio
DQDB
802.3 802.4 802.5 802.6 Física

Física Física Física Física
6
Frame
PREAMBL DEST SRC TYPE DATA FCS
Ethernet
E (8) (6) (6) (2) (>46 <1500) (4)
• PREAMBLE: 8 octetos compuestos por 0 y 1 intercalados utilizados para

sincronizar una trama.
• DESTINATION ADDRESS: Dirección Ethernet hacia donde está dirigida la
trama.
• SOURCE ADDRESS: Dirección Ethernet desde donde se origina la trama.
• TYPE: Indica el protocolo del nivel superior. Los códigos están definidos en
estándares.
• DATA: Datos a transmitir. Debe superar los 46 bytes para que la trama no sea
considerada basura.
• FRAME CHECK SEQUENCE (FCS): CRC de 32 bits que controla la
integridad de todos los campos excepto PREAMBLE.
7
El preámbulo es una cadena de 1s y 0s, que finaliza con 11 para indicar el comienzo del campo de dirección de
destino. Los campos que conformanla trama son:
DA (Destination Address - Dirección de destino): contiene 48 bits que representan la dirección MAC del host
destino.
SA (Source Address - Dirección de origen): contiene 48 bits que representan la dirección MAC del host que envía
la trama.
Type (tipo): contiene el número "Ethertype" que indica el protocolo de capa superior que es encapsulado en la
porción de datos de la trama. Ejemplos de números Ethertype son:
Data (datos): contiene la información del protocolo de la capa superior. Si la información es menor a 46 bytes, se
rellena para alcanzar el tamaño mínimo de trama de 64 bytes (encabezado más datos).
FCS (Frame Check Sequence - control de secuencia de trama): contiene los datos del CRC (Cyclic Redundancy
Check) para verificar errores en la recepción de la trama.
El tamaño mínimo de una trama es 64 bytes y el máximo 1518. Cuando se calcula el tamaño de una trama no se
incluye el preámbulo. El formato de la trama Versión 2, sigue las siguientes especificaciones:
El tamaño mínimo de una trama es 6+6+2+46+4= 64 bytes
El tamaño máximo de una trama es: 6+6+2+1500+4 = 1518 bytes
8
La IEEE desarolló su estandard Ethernet en junio de 1983. Cambiaron el campo type (tipo) por el
campo lenght (tamaño) y agregaron la capa LLC (Logical Link Control - Control de enlace lógico).
La figura muestra el formato de la trama IEEE 802.3.
Los campos de la trama son los siguientes:
Preámbulo: La IEEE lo definió como una cadena de 7 bytes de longitud compuesta por 1s y 0s.
Delimitador de inicio de la trama (SFD - Start Frame Delimiter): 10101011
DA: Dirección MAC destino.
SA: Dirección MAC origen.
Length (tamaño): contiene el tamaño del LLC más el campo de datos. Estos valores están
comprendidos en un rango desde 3 a 1500 bytes.
Data (datos): contiene la información del protocolo de capa superior, como en los otros formatos
de trama.
FCS: contiene el CRC.
9
Operación
Ethernet
Broadcast Ethernet
A B C D
Aplicacion Aplicacion Aplicacion Aplicacion
Presentacion Presentacion Presentacion
Presentacion
Sesion Sesion Sesion
Sesion
Transporte Transporte Transporte Transporte
Red Red Red Red
Enlace de Dato s Enlace de Datos Enlace de Dato s
Enlace de D atos
Fisica Fisica Fisica Fisica
10
Operación
Ethernet
A B C D
D
Aplicacion
Presentacion
Sesion
Transporte
Red
Enlace de Datos
Fisica
D ByC
Aplicacion Aplicacion
Presentaci on Presentacion
Sesion Sesion
Transporte Transporte
Red Red
Enlace de Datos Enlace de Datos
Fisica Fisica 11
Sending and receiving Ethernet frames on a bus
1111 2222 3333 nnnn Abbreviated

MAC
Addresses
3333 1111
• When an Ethernet frame is sent out on the

“bus” all devices on the bus receive it.
• What do they do with it?
Hey, that’s
Nope me! Nope
MAC
Addresses
3333 1111
• Each NIC card compares its own MAC address with

the Destination MAC Address.
• If it matches, it copies in the rest of the frame.
• If it does NOT match, it ignores the rest of the frame.

MAC
Addresses
• So, what happens when multiple computers try

to transmit at the same time?
14

MAC
Addresses
Collision!
15
Access Methods
Two common types of access methods for LANs include

• Non-Deterministic: Contention methods (Ethernet, IEEE 802.3)
– Only one signal can be on a network segment at one time.
– Collisions are a normal occurrence on an Ethernet/802.3 LAN
• Deterministic: Token Passing (Token Ring)

•
CSMA/CD and
Collisions
Hey, that’s
Nope
me! Nope Abbreviated
1111 2222 3333 nnnn MAC
Addresses
Notice the
location of
the DA!
3333 1111
17
• Sending and receiving Ethernet frames via a hub
3333 1111
1111
? 2222
• So, what does a
hub do when it
receives
information?
5555
• Remember, a hub
is nothing more
than a multiport
3333 4444
repeater. 22
Hub or
23
3333 1111
• The hub will flood it out all ports
1111 2222 except for the incoming port.
Nope • Hub is a layer 1 device.
• A hub does NOT look at layer 2
addresses, so it is fast in
transmitting data.
• Disadvantage with hubs: A hub
5555 or series of hubs is a single
Nope collision domain.
• A collision will occur if any two
or more devices transmit at the
same time within the collision
domain.
3333 For me! 4444 Nope 4

2
2222 1111
1111 2222
For me!
• Another disadvantage
with hubs is that is
take up unnecessary
bandwidth on other
links.
5555 Wasted
Nope
bandwidth
3333 Nope 4444 Nope 25

• Sending and receiving Ethernet frames via a switch
26
• Sending and receiving Ethernet frames via a switch
Source Address Table

Port Source MAC Add. Port Source MAC Add.
3333 1111
• Switches are also known as
switch learning bridges or learning
switches.
• A switch has a source address
table in cache (RAM) where it
stores source MAC address after it
learns about them.
• A switch receives an Ethernet
frame it searches the source
address table for the Destination
1111 3333 MAC address.
• If it finds a match, it filters the
Abbreviated
MAC frame by only sending it out that
addresses port.
2222 4444 • If there is not a match if floods it
out all ports.
• No Destination Address in table, Flood

1 1111 3333 1111
• How does it learn source

switch
MAC addresses?
• First, the switch will see
if the SA (1111) is in it’s
table.
• If it is, it resets the timer
1111 3333 (more in a moment).
Abbreviated • If it is NOT in the table
MAC
addresses it adds it, with the port
2222 4444 number.
28
• Destination Address in table, Filter

1 1111 6 3333 1111 3333
• Now 3333 sends data back to

switch 1111.
• The switch sees if it has the
SA stored.
• It does NOT so it adds it.
(This will help next time
1111 sends to 3333.)
1111 3333 • Next, it checks the DA and
in our case it can filter the
Abbreviated
MAC frame, by sending it only out
addresses
port 1.
2222 4444
• Destination Address in table, Filter

1 1111 6 3333 3333 1111
switch
1111 3333
• Now, because both MAC addresses

are in the switch’s table, any
information exchanged between 1111
and 3333 can be sent (filtered) out the
appropriate port.
1111 3333
• What happens when two devices
send to same destination?
Abbreviated
MAC • What if this was a hub?
addresses • Where is (are) the collision
2222 4444 domain(s) in this example?
• No Collisions in Switch, Buffering

1 1111 6 3333 3333 1111
9 4444
switch
3333 4444
• Unlike a hub, a collision does

NOT occur, which would cause
the two PCs to have to retransmit
the frames.
• Instead the switch buffers the
1111 3333 frames and sends them out port #6
one at a time.
Abbreviated • The sending PCs have no idea that
MAC
addresses their was another PC wanting to
2222 4444
send to the same destination.
• Collision Domains

1 1111 6 3333 3333 1111
9 4444
Collision Domains
switch
3333 4444
• When there is only one device on a

switch port, the collision domain is
only between the PC and the
switch.
• With a full-duplex PC and switch
1111 3333 port, there will be no collision,
since the devices and the medium
Abbreviated can send and receive at the same
MAC
addresses
time.
2222 4444
• Other Information

1 1111 6 3333
9 4444 • How long are addresses kept in the
Source Address Table?
switch – 5 minutes is common on most
vendor switches.
• How do computers know the
Destination MAC address?
• ARP Caches and ARP Requests
• How many addresses can be kept
in the table?
– Depends on the size of the cache,
1111 3333 but 1,024 addresses is common.
Abbreviated • What about Layer 2 broadcasts?
MAC – Layer 2 broadcasts (DA = all 1’s)
addresses
is flooded out all ports.
2222 4444
33
•
What happens
here?
1 1111 6 3333 1111 3333

1 2222 6 3333
• Notice the
Source
Address Table
has multiple
entries for port
#1.
3333
1111 2222 5555

•
What happens
here?
1 1111 6 3333 1111 3333

1 2222 1 5555
• The switch filters the

frame out port #1.
• But the hub is only a
layer 1 device, so it
floods it out all ports.
• Where is the collision

domain?
3333
1111 2222 5555

31
•
What happens
here?
1 1111 6 3333 1111 3333

1 2222 1 5555
Collision Domain
3333
1111 2222 5555

32
Confiabilidad
Ethernet
A B C D
Figura 1
A B C D
Figura 2
33
Confiabilidad
Ethernet
A B C D
Colisión
A B C D
JAM JAM JAM JAM JAM JAM
34
Confiabilidad
Ethernet
A B C D
Colisión
A B C D
JAM JAM JAM JAM JAM JAM
•Carrier sense multiple access with collision detection

(CSMA/CD) 35
VLAN
Descripción general vlan
Las VLAN’s o “Virtual Local Area Network” son agrupaciones de
lógicas de los puertos de un switch que dividen la red en diferentes
dominios de broadcast.
De esta manera cada puerto de cada VLAN constituye un dominio
de broadcast diferente,
.
VLAN introduction
Las VLAN ofrecen segmentación basada en dominios de broadcast.
Las VLAN lógicamente son un segmento de redes conmutadas
basado en las funciones, equipos o aplicaciones,
independientemente de la ubicación física o conexiones a la red.
Todas las estaciones de trabajo y servidores utilizados por un grupo
de trabajo comparten la misma VLAN, independientemente de la
conexión física o ubicación.
Beneficios de las vlan’s
En primer instancia los beneficios de la implementación de
VLAN’s son muchos, pero los mas importantes son los
siguientes:
Reducen los costos de administración

Controlan el dominio de broadcast
Mejoran la seguridad de la red
Permiten agrupar de manera lógica a usuarios de la red
Tipos de vlan’s
Existen varios tipos de VLAN’s entro los cuales se destacan los
siguientes
VLAN de Datos
VLAN Predeterminada
VLAN Nativa
VLAN de Administración
VLAN de Voz
Vlan de datos
Una VLAN de datos es una VLAN configurada para enviar sólo tráfico de datos
generado por el usuario. Si bien una VLAN podría enviar tráfico basado en voz o
tráfico utilizado para administrar el switch, pero este tráfico no sería parte de una
VLAN de datos.
▪ En el arranque inicial del switch todos los puertos del switch

pertenecen a la VLAN predeterminada ya que todos son parte del
mismo dominio de broadcast. Esto permite a cualquier dispositivo
conectarse a cualquier puerto del switch para comunicarse con otros
dispositivos. VLAN 1.
Vlan NATIVA
Una VLAN nativa está asignada a un puerto troncal. Un puerto de enlace troncal
802.1 Q admite el tráfico que llega de muchas VLAN (tráfico etiquetado) como
también el tráfico que no llega de una VLAN (tráfico no etiquetado). El puerto de
enlace troncal 802.1Q coloca el tráfico no etiquetado en la VLAN nativa.
▪ Una VLAN de administración es cualquier VLAN que usted configura

para acceder a las capacidades de administración de un switch. VLAN 1.
Vlan de voz ip
Una VLAN de VoIP debe estar separada para admitir la Voz sobre IP (VoIP). Ya que
esta requiere:
Ancho de banda garantizado para asegurar la calidad de la voz
Prioridad de la transmisión sobre los tipos de tráfico de la red
Capacidad para ser enrutado en áreas congestionadas de la red
Demora o retardo menor a los 150 milisegundos (ms) a través de la red.
Tipos de membresía Vlan
Se conoce como membresía VLAN a la forma por la cual se define la pertenencia o
no de un puerto del switch a una VLAN en particular
La formas o tipos de membrecía VLAN son:
Estática
Dinámica
Voice VLAN
Estática
La asignación del puerto a una VLAN especifica es realizada por el administrador
manualmente y puerto a puerto.
Los cambios y modificaciones solo son realizados por el administrador.
La asignación de VLAN es independiente del usuario o sistema que se conecta a
cada puerto.
Son también denominadas VLAN centrada en puertos o basadas en el puerto.
VLAN basada en puerto también conocida como “port
switching”. Se especifica qué puertos del switch pertenecen a
la VLAN, los miembros de dicha VLAN son los que se conecten
a esos puertos. No permite la movilidad de los usuarios.
VLAN basada en direccione MAC. Aquí se asignan hosts a una

VLAN en función de su dirección MAC. Tiene la ventaja de que
no hay que reconfigurar el dispositivo de conmutación si el
usuario cambia su localización, es decir, se conecta a otro
puerto de ese u otro dispositivo.
VLAN por tipo de protocolo. La VLAN queda determinada por

el contenido del campo tipo de protocolo de la trama MAC.
Por ejemplo, se asociaría VLAN 1 al protocolo IPv4, VLAN 2 al
protocolo IPv6, VLAN 3 a AppleTalk, VLAN 4 a IPX...
Dinamica
Requiere de un VLAN Membership Policy Server VMPS, el cual es un servidor de
políticas de gestión de VLAN’s.
En esta modalidad cada puerto es asignado a una VLAN en función de un
parámetro variable como puede ser la dirección MAC de la terminal o el usuario
conectado utilizando la terminal conectada a ese puerto.
El VMPS puede ser otro siwtch usado como servidor. Por ejemplo el Switch Catalyst
5000 tiene incorporado este feature.
Voice vlan
En Voice VLAN el puerto está configurado para que esté en modo de voz a fin de
que pueda admitir un teléfono IP conectado al mismo. Antes de que configure una
VLAN de voz en el puerto, primero debe configurar una VLAN para voz y una VLAN
para datos.
Es un feature de los Switches Cisco Catalyst que permite incorporar una VLAN
auxiliar a una VLAN de datos.
Enlaces troncales
Un enlace troncal o (trunk link) es un enlace punto a punto, entre dos o mas
dispositivos de red, que transporta el trafico de más de una VLAN. Un enlace
troncal VLAN permite extender las VLAN’s a través de toda una red
interconectando principalmente switches, brindando una solución escalable.
Disminuye el requerimiento de puertos físicos para mantener comunicadas

terminales que pertenecen a la misma VLAN en diferentes swtiches.
Permite un manejo mas eficiente de la carga de trafico.
Protocolo de enlaces troncales
ISL Inter Switch Link
Es un protocolo propietario de Cisco el cual solo funciona
sobre enlaces FastEthernet o GigabitEthernet, implementa el
encapsulado de tramas ya que opera agregando un nuevo
encabezado y CRC de capa 2 a la trama.
IEEE 802.1Q
Protocolo estándar de la IEEE, implementa el etiquetado de
tramas para identificar la VLAN, inserta un nuevo campo de
información en el encabezado de la trama.
Interconexión de vlan’s
También denominada ROAS Router On A Stick. Esto surge ya
que al implementar VLAN en una red conmutada de capa 2 se
generan múltiples dominios de broadcast generando multiples
redes virtuales que conviven sobre una misma infraestructura
física.
Simultáneamente como resultado de esta segmentación no
hay posibilidad de establecer conexión entre nodos que se
encuentran en diferentes VLAN’s de la red.
En consecuencia luego de segmentar la red utilizando VLAN,
para mejorar la performance y la seguridad, suele ser
necesario establecer comunicación entre nodos de diferentes
VLAN’s implementando dispositivos de capa 3.
Interconexión de vlan’s
Configuración básica de vlan
.
Creating VLANs
Default vlan Default

vlan 1 300 vlan 1
SydneySwitch(config)#interface fastethernet 0/1
SydneySwitch(config-if)#switchport mode access
SydneySwitch(config-if)#exit
Note: The switchport mode access command should be configured on

all ports that the network administrator does not want to become a trunk
port.
• This will be discussed in more in the next chapter, section on DTP.
Creating VLANs
Default: dynamic desirable This link will become a trunking link unless one of the ports is
configured with as an access link, I.e. switchport mode access
• By default, all ports are configured as switchport mode dynamic

desirable, which means that if the port is connected to another switch
with an port configured with the same default mode (or desirable or auto),
this link will become a trunking link.
• Both the switchport access vlan command and the
switchport mode access command are recommended. (later)
• This will be discussed in more in the next chapter, section on DTP.
Creando vlan’s
Creando vlan’s
Creando vlan’s
configurando vlan’s por rango
Verificando vlan’s show vlan
Verificando vlan’s show vlan brief
Acceso y administración de switch
Acceso y administración de switch
Deleting VLANs
Switch(config-if)#no switchport access vlan vlan_number
• This command will reset the interface to VLAN 1.

• VLAN 1 cannot be removed from the switch.
Erasing VLAN information
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]
Switch#erase startup-config
Switch#reload
• VLAN information is kept in the vlan.dat file.

• The file is not erased when erasing the startup-config.
• To remove all VLAN information, use the command above and reload the
switch.
.
VLAN operation
• Each switch port can be assigned to a different VLAN.

• Ports assigned to the same VLAN share broadcasts.
• Ports that do not belong to that VLAN do not share these broadcasts.
7
VLAN Types
10
.
MAC address Based VLANs
• Rarely implemented.
VTP “Vlan Trunking Protocol”
VTP
VTP
Benefits of VTP (VLAN Trunking Protocol)
Benefits
• VTP is a Cisco proprietary protocol that allows VLAN
configuration to be consistently maintained across a
common administrative domain.
• VTP minimizes the possible configuration inconsistencies
that arise when changes are made.
• Additionally, VTP reduces the complexity of
managing and monitoring VLAN networks.
VTP
• VTP (VLAN Trunking Protocol) is used to distribute and synchronize
information about VLANs that are configured throughout a switched
network.
• Switches transmit VTP messages only on 802.1Q and ISL trunks.
• Note: VTP is not required to configure trunking between switches, but is
used to simplify VLAN management.
• VTP Server
– This is the default VTP mode.
– VLANs can be created, modified, and deleted.
• VTP Client
– This behaves like a VTP server without the ability to create, change, or
delete VLANs.
• VTP Transparent
– Switches in the VTP Transparent mode do not participate in VTP.
VTP Operation
• VTP advertisements are sent as multicast frames.
• VTP servers and clients are synchronized to the latest revision number.
• VTP advertisements are sent every 5 minutes or when there is a change.
7
VTP Operation
• VTP clients cannot create, modify, or delete VLAN information.

• The only role of VTP clients is to process VLAN changes and send VTP
messages out all trunk ports.
• The VTP client maintains a full list of all VLANs within the VTP domain, but it
does not store the information in NVRAM.
• VTP clients behave the same way as VTP servers, but it is not possible to
create, change, or delete VLANs on a VTP client.
• Any changes made must be received from a VTP server advertisement.
VTP Operation
• Switches in VTP transparent mode forward VTP advertisements but ignore

information contained in the message.
• A transparent switch will not modify its database when updates are received,
nor will the switch send out an update indicating a change in its own VLAN
status.
• Except for forwarding VTP advertisements, VTP is disabled on a transparent
switch.
• There is also an “off” VTP mode in which switches behave the same as in the
VTP transparent mode, except VTP advertisements are not forwarded.
VTP configuration – Domain and
Password
• The domain name can be between 1 and 32 characters.

• The optional password must be between 8 and 64 characters long.
• If the switch being installed is the first switch in the network, the
management domain will need to be created.
• However, if the network has other switches running VTP, then the new switch
will join an existing management domain.
• Caution: The domain name and password are case sensitive.
VTP configuration – VTP mode
Switch#config terminal
Switch(config)#vtp mode [client|server|transparent]
Switch#vlan database
Switch(vlan)#vtp [client|server|transparent]
14 RickGraziani
graziani@cab
VTP Configuration - Overview
• VTP Configuration in global configuration

mode:
Switch#config terminal
Switch(config)#vtp version 2
Switch(config)#vtp mode server
Switch(config)#vtp domain cisco
Switch(config)#vtp password
mypassword
• VTP Configuration in VLAN configuration

15mode: RickGraziani
graziani@cab
VTP Operation
• VTP switches operate in one of three modes:

– Server
– Client
– Transparent
• VTP servers can create, modify, delete VLAN and VLAN configuration
parameters for the entire domain.
• VTP servers save VLAN configuration information in the switch NVRAM. VTP
servers send VTP messages out to all trunk ports.
16 RickGraziani
graziani@cab
Verifying VTP
status
• This command is used to verify VTP

configuration settings on a Cisco IOS command-
based switch.
Verifying VTP
• This command is used to display statistics about

advertisements sent and received on the switch.
Trunking and DTP
VLAN Tagging
VLAN Tagging
• VLAN Tagging is used when a link needs to carry traffic for more than one VLAN.
• Trunk link: As packets are received by the switch from any attached end-station
device, a unique packet identifier is added within each header.
• This header information designates the VLAN membership of each packet.
Rick Graziani
graziani@cabrillo.edu 3
.
VLAN Tagging
• VLAN Tagging is used when a link needs to carry traffic for more than one VLAN.
– Trunk link: As packets are received by the switch from any attached end-
station device, a unique packet identifier is added within each header.
• This header information designates the VLAN membership of each packet.
• The packet is then forwarded to the appropriate switches or routers based on the
VLAN identifier and MAC address.
• Upon reaching the destination node (Switch) the VLAN ID is removed from the
packet by the adjacent switch and forwarded to the attached device.
• Packet tagging provides a mechanism for controlling the flow of broadcasts and
applications while not interfering with the network and applications..
.
VLAN Tagging
No VLAN Tagging
VLAN Tagging
• VLAN Tagging is used when a link needs to carry traffic for more than one
VLAN.
• Tagging is used so the receiving switch knows which ports in should flood
broadcast and unknown unicast traffic (only those ports belonging to the
same VLAN).
6
.
VLAN Tagging
802.10
• There are two major methods of frame tagging, Cisco proprietary Inter-
Switch Link (ISL) and IEEE 802.1Q.
• ISL used to be the most common, but is now being replaced by 802.1Q frame
tagging.
• Cisco recommends using 802.1Q.
• VLAN Tagging and Trunking will be discussed in the next chapter.
7
.
A Closer look at VLAN Tagging
ISL 802.1Q
Proprietary Nonproprietary
Encapsulated Tagged
Protocol independent Protocol dependent

Encapsulates the old Adds a field to
frame in a new frame the frame header
• There are two types of VLAN Tagging:

– ISL (Inter-Switch Link) – Cisco Proprietary
– IEEE 802.1Q
• 802.1Q is recommended by Cisco and is used with multi-vendor switches.
• Caution: Some older Cisco switches will only do ISL while some new Cisco
switches will only do 802.1Q.
8
VLAN Tagging
.
A Closer look at VLAN Tagging
ISL
Ethernet Frame
1500 bytes plus 18 byte header
(1518 bytes)
IEEE 802.1Q
SA and DASA and
802.1q
DA Type/Length Data (max 1500 New
CRC
MACs MACsTag Field bytes) CRC
• There are two types of VLAN Tagging:

– ISL (Inter-Switch Link) – Cisco Proprietary
– IEEE 802.1Q
• 802.1Q is recommended by Cisco and is used with multi-vendor switches.
• Caution: Some older Cisco switches will only do ISL while some new Cisco
switches will only do 802.1Q.
10
ISL (Frame Encapsulation)
Ethernet Frame
1500 bytes plus 18 byte header
(1518 bytes)
Standard NIC cards and networking devices don’t understand

this giant frame. A Cisco switch must remove this
encapsulation before sending the frame out on an access link.
• An Ethernet frame is encapsulated with a header that transports VLAN IDs
• It adds overhead to the packet as a 26-byte header containing a 10-bit VLAN ID.
• In addition, a 4-byte cyclic redundancy check (CRC) is appended to the end of
each frame.
– This CRC is in addition to any frame checking that the Ethernet frame
requires.
11
VLAN Tagging
IEEE 802.1Q
NIC cards and networking devices can understand this “baby
giant” frame (1522 bytes). However, a Cisco switch must
remove this encapsulation before sending the frame out on an
access link.
SA and DASA and

802.1q
DA Type/Length Data (max 1500 New
CRC
MACs MACsTag Field bytes) CRC
2-byte TPID Tag Protocol Identifier

2-byte TCI Tag Control Info (includes VLAN ID)
• Significantly less overhead than the ISL

• As opposed to the 30 bytes added by ISL, 802.1Q inserts only an
additional 4 bytes into the Ethernet frame
13
.
Trunking operation
or 802.1Q
• Trunking protocols were developed to effectively manage the transfer of

frames from different VLANs on a single physical line.
• The trunking protocols establish agreement for the distribution of frames to
the associated ports at both ends of the trunk.
• Trunk links may carry traffic for all VLANs or only specific VLANs.
14
VLAN Tagging
VLAN Tagging
VLAN Tagging
Configuring Trunking
Note: On switches
that support both
802.1Q and ISL, the
switchport trunk
encapsulation
command must be
done BEFORE the
switchport mode
trunk command.
• These commands will be explained in the

following slides.
18
Switch(config-if)switchport trunk encapsulation [dot1q|isl]
• This command configures VLAN tagging on an interface if the switch supports

multiple trunking protocols.
• The two options are:
– dot1q – IEEE 802.1Q
– isl – ISL must be the same on bo1t9h ends.
802.1Q only ISL only
No Trunk
SwitchA(config-if)switchport mode trunk
SwitchB(config-if)switchport mode trunk
• If SwitchA can only be a 802.1.Q trunk and SwitchB can only be an ISL trunk,
these two switches will not be able to form a trunk.
802.1Q only Both ISL and 802.1Q
Trunk
SwitchA(config-if)switchport mode trunk
SwitchB(config-if)switchport mode trunk encapsulation dot1q

SwitchB(config-if)switchport mode trunk
• If SwitchA can only be a 802.1.Q trunk and SwitchB can be either ISL or
8021.Q trunk, configure SwitchB to be 802.1Q.
• On switches that support both 802.1Q and ISL, the switchport trunk
encapsulation command must be done BEFORE the switchport
mode trunk command.
No VLAN Tagging
Switch(config-if)switchport mode access

Switch(config-if)switchport mode trunk
VLAN Tagging
DTP
Dynamic Trunking Protocol
DTP Dynamic Trunking Protocol
DTP – Dynamic Trunking
Protocol
• Ethernet trunk interfaces support several different trunking modes.
– Access
– Dynamic desirable (default mode on Catalyst 2950 and 3550)
– Dynamic auto
– Trunk
– Non-negotiate
– dotq-tunnel (Not an option on the Catalyst 2950.)
• Using these different trunking modes, an interface can be set to trunking or
nontrunking or even able to negotiate trunking with the neighboring
interface.
• To automatically negotiate trunking, the interfaces must be in the same VTP
domain. (VTP is discussed in the next section.)
• Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which
is a Cisco proprietary Point-to-Point Protocol.
• These various modes are configured using the switchport mode interface
command
DTP – Dynamic Trunking
Protocol
• These various modes are configured using the switchport mode interface
command.
• We have already discussed the two “non-dynamic” options:
• These options set the interface to non-trunking (access) or trunking (trunk)
DTP Dynamic Trunking Protocol
DTP
Dynamic Auto Dynamic Trunk Access
Desirable
Dynamic Access Trunk Trunk Access
Auto
Dynamic Trunk Trunk Trunk Access
Desirable
Trunk Trunk Trunk Trunk Not
recommended
Access Access Access Not Access
recommended
Note: Table assumes DTP is enabled at both ends.

• show dtp interface – to determine current setting
DTP
• For now, to keep it simple use either of these

commands:
OR
DTP
Assigning Access Ports to VLANs
Switch(config)#interface range fa 0/11 - 15
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10

• Both of these commands “should” be used for access ports:

– switchport mode access
– switchport access vlan n
Why the switchport mode access command?
Switch(config-if-range)#end
Switch#show interface fa 0/11 switchport

Name: Fa0/11
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 10 (Accounting)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
• Without the switchport mode access command, this interface will still
try to negotiate trunking.
Why the switchport mode access command?
Switch#show interface fa 0/11 switchport

Name: Fa0/11
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 10 (Accounting)
• Now configure the range of interfaces for permanent nontrunking, access

mode
• Notice that negotiation of trunking has been turned off and that this port will
only be a non-trunking access port.
Inter Vlan Routing
Inter-VLAN Routing
Inter-VLAN Routing
Internetwork Communications
C:>ping 172.16.30.100
 Can two hosts on different subnets communicate without a router?

 No
 What would happen if a host tried to ping another host?
 They could not communicate.
 Would it send an ARP Request? Why or why not?
 The host would not send an ARP Request because there is no
default-gateway.
Internetwork Communications
 Then Destination MAC Address is that of the same device as the Destination IP Address.
 Check ARP cache for entry of Destination IP Address and its MAC Address.
 If no entry, ARP Request Destination IP Address asking for MAC Address.
 Then Destination MAC Address will be that of the Default Gateway.

 Check ARP cache for entry of Default Gateway’s IP Address and its MAC Address.
 If no entry, ARP Request Default Gateway’s IP Address asking for MAC Address.
InterVLAN Routing
VLAN 1
External Router VLAN 2
VLAN 3
VLANs 1, 2, 3
Router on a stick
Trunk
VLAN 1
VLAN 2
Multilayer Switch Or Trunk
VLAN 3
 External Router
Router(config)# inter fa 0/1
Router(config-if) ip address 172.16.1.1 255.255.255.0
Inter-VLAN Routing
Inter-VLAN Routing
Inter-VLAN Routing
Configure Router On A Stick: 802.1Q Trunk Link
interface GigabitEthernet5/0
no shutdown ! Does not show in config
!
interface GigabitEthernet5/0.2
description VLAN 2
encapsulation dot1Q 2 native
ip address 172.16.1.2 255.255.255.0
!
172.16.10.100/ 172.16.20.100/
24 24
description VLAN 10
encapsulation dot1Q 10
ip address 172.16.10.1 255.255.255.0
!
interface GigabitEthernet1/1 interface GigabitEthernet5/0.20
switchport mode trunk description VLAN 20
ip address 172.16.20.1 255.255.255.0
!
 Router on a stick is very interface GigabitEthernet5/0.30
simple to implement. description VLAN 30
ip address 172.16.30.1 255.255.255.0
!
description VLAN 40
ip address 172.16.40.1 255.255.255.0
Inter-VLAN Routing
Example…
Spanning Tree Protocol
Redundancia
• Lograr tal objetivo requiere redes extremadamente confiables.

• La fiabilidad en redes se logra mediante equipos fiables y diseñando redes
que sean tolerantes a fallas y fallos.
• La red está diseñada para reconvertirse rápidamente para que la anomalía
sea anulada.
• La tolerancia a fallos se logra por redundancia.
• Redundancia significa ser en exceso o exceder lo que es habitual y natural.
3
Redundant topologies
One Bridge Redundant Bridges
• A network of roads is a global example of a

redundant topology.
• If one road is closed for repair there is likely an
4
alternate route to the destination
Four-Step STP Decision
Sequence
• Four-Step decision Sequence
Step 1 - Lowest BID
Step 2 - Lowest Path Cost to Root Bridge
Step 3 - Lowest Sender BID
Step 4 - Lowest Port ID
14
Three Steps of Initial STP
Convergence
STP Convergence
Step 1 Elect one Root Bridge
Step 2 Elect Root Ports
Step 3 Elect Designated Ports
15
Two Key Concepts: BID and
Path Cost
• STP executes an algorithm called Spanning Tree

Algorithm (STA).
• STP calculations make extensive use of two key
concepts in creating a loop-free topology:
– Bridge ID
– Path Cost
17
Bridge ID (BID)
• Bridge ID (BID) is used to identify each bridge/switch.

• Consists of two components:
– A 2-byte Bridge Priority: Cisco switch defaults to
32,768
– A 6-byte MAC address
Bridge ID (BID)
• Lowest Bridge ID is the root.

• If all devices have the same priority, the bridge
with the lowest MAC address becomes the root
bridge. (Yikes!)
19
ALSwitch#show spanning-tree
Bridge ID (BID)
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address 0003.e334.6640
Cost 19
Port 23 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 000b.fc28.d400
Aging Time 300
Interface Port ID Designated Port ID

Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr
---------------- -------- --------- --- --------- -------------------- --------
Fa0/23 128.23 19 FWD 0 32768 0003.e334.6640 128.25
ALSwitch#
20
Root
Bridge
Cost=19 1/1 1/2 Cost=19
Cat-A
1/1 1/1
Cat-B Cat-C
1/2 1/2
Cost=19
21
Cat-A has the lowest Bridge MAC Address, so it wins the Root War!
All 3 switches have the same default Bridge Priority value of 32,768
22
• In a real network, you do not want the placement of the root bridge to
rely on the random placement of the switch with the lowest MAC address.
• A misplaced root bridge can have significant effects on your network
including less than optimum paths within the network.
• It is better to configure a switch to be the root bridge:
Switch(config)# spanning-tree [vlan vlan-list] priority priority

*
• Priority
– Default = 32,768
– Range 0=65,535
– Lowest wins
23
2950#show spanning-tree
VLAN0001
Address 0003.e334.6640
Cost 19

Aging Time 300

---------------- -------- --------- --- --------- -------------------- --------
Fa0/23 128.23 19 FWD 0 32768 0003.e334.6640 128.25
ALSwitch#
24
Convergence
STP Convergence
27
Cost=19 1/1 1/2 Cost=19
Cat-A
1/1 1/1
Cat-B Cat-C
1/2 1/2
Cost=19
• A bridge’s Root Port is the port closest to the

Root Bridge.
• Bridges use the cost to determine closeness.
• Every non-Root Bridge will select one Root
30
Port!
Root
Bridge
Cost=19 1/1 1/2 Cost=19
Cat-A
Our Sample Topology
1/1 1/1
Cat-B Cat-C
1/2 1/2
Cost=19
31
Root
Step 2 Cost=19 1/1

Bridge
1/2 Cost=19
Elect Root BPDU

Cat-A
BPDU
Ports Cost=0 Cost=0
BPDU BPDU
Cost=0+19=19 Cost=0+19=19
1/1 1/1
Cat-B Cat-C
1/2 1/2
Step 1 Cost=19
• Cat-A sends out BPDUs, containing a Root Path Cost of 0.

• Cat-B receives these BPDUs and adds the Path Cost of Port 1/1 to the Root
Path Cost contained in the BPDU.
Step 2
• Cat-B adds Root Path Cost 0 PLUS its Port 1/1 cost of 19 = 19
32
Root
Step 2 Cost=19 1/1

Bridge
1/2 Cost=19
Elect Root BPDU

Cat-A
BPDU
Ports Cost=0 Cost=0
BPDU BPDU
Cost=19 Cost=19
1/1 1/1
Cat-B Cat-C
1/2 BPDU BPDU 1/2
BPDU Cost=19 Cost=19 BPDU
Cost=38 (19=19) Cost=38 (19=19)
Cost=19
Step 3
• Cat-B uses this value of 19 internally and sends BPDUs with a Root Path Cost
of 19 out Port 1/2.
Step 4
• Cat-C receives the BPDU from Cat-B, and increased the Root Path Cost to 38
33
(19+19). (Same with Cat-C sending to Cat-B.)
Root
Step 2 Bridge
Elect Cost=19 1/1
Cat-A
1/2 Cost=19
Root BPDU
Cost=0
BPDU
Cost=0
Ports
BPDU BPDU
Cost=19 Cost=19
1/1 1/1 Root
Root Port
Port
Cat-B Cat-C
1/2 1/2
BPDU BPDU
Cost=38 (19=19) Cost=38 (19=19)
Cost=19
Step 5
• Cat-B calculates that it can reach the Root Bridge at a cost of 19 via Port 1/1 as
opposed to a cost of 38 via Port 1/2.
• Port 1/1 becomes the Root Port for Cat-B, the port closest to the Root Bridge.
• Cat-C goes through a similar calculation. Note: Both Cat-B:1/2 and Cat-C:1/2
save the best BPDU of 19 (its own).
34
2950#show spanning-tree
VLAN0001
Address 0003.e334.6640
Cost 19

Aging Time 300

---------------- -------- --------- --- --------- -------------------- --------
Fa0/23 128.23 19 FWD 0 32768 0003.e334.6640 128.25
ALSwitch#
35
Convergence
STP Convergence
38
Step 3 Elect
Designated
Ports
• A Designated Port functions as the single bridge

port that both sends and receives traffic to and
from that segment and the Root Bridge.
• Each segment in a bridged network has one
Designated Port, chosen based on cumulative Root
Path Cost to the Root Bridge.
• To locate Designated Ports, lets take a look at each
40
Root
Root Path Cost = 0 Bridge Root Path Cost = 0
Cost=19 1/1 1/2 Cost=19
Segment 1 Segment 2
Cat-A
Step 3 Elect
Designated Ports
Root Path Cost = 19 Root Path Cost = 19

1/1 1/1
Root Port Root Port
Cat-B Cat-C
1/2 1/2
Segment 3
Cost=19
• Segment 1: Cat-A:1/1 has a Root Path Cost = 0 (after all it has the Root Bridge) and
Cat-B:1/1 has a Root Path Cost = 19.
• Segment 2: Cat-A:1/2 has a Root Path Cost = 0 (after all it has the Root Bridge) and
Cat-C:1/1 has a Root Path Cost = 19.
• Segment 3: Cat-B:1/2 has a Root Path Cost = 19 and Cat-C:1/2 has a Root Path Cost =
19. It’s a tie!
41
Root
Cost=19 1/1 1/2 Cost=19
Segment 1 Segment 2
Cat-A
Step 3 Elect Designated Port Designated Port
Designated Ports

1/1 1/1
Root Port Root Port
Cat-B Cat-C
1/2 1/2
Segment 3
Cost=19
Segment 1
• Because Cat-A:1/1 has the lower Root Path Cost it becomes the Designate
Port for Segment 1.
Segment 2
• Because Cat-A:1/2 has the lower Root Path Cost it becomes the Designate
Port for Segment 2.
42
Root
Cost=19 1/1 1/2 Cost=19
Segment 1 Segment 2
Cat-A
Designated Port Designated Port

1/1 1/1
Root Port Root Port
Cat-B Cat-C
1/2 1/2
Segment 3
Cost=19
Segment 3
• Both Cat-B and Cat-C have a Root Path Cost of 19, a tie!
• When faced with a tie (or any other determination) STP always uses the four-step
decision process:
43
Root
Cost=19 1/1 1/2 Cost=19
Segment 1 Segment 2
Cat-A
Designated Port Designated Port

1/1 1/1
Root Port Root Port
Cat-B 32,768.CC-CC-CC-CC-CC-CC Cat-C

1/2 32,768.BB-BB-BB-BB-BB-BB 1/2
Designated Port Segment 3 Non-Designated Port
Cost=19
Segment 3 (continued)
• 1) All three switches agree that Cat-A is the Root Bridge, so this is a tie.
• 2) Root Path Cost for both is 19, also a tie.
• 3) The sender’s BID is lower on Cat-B, than Cat-C, so Cat-B:1/2 becomes the Designated
Port for Segment 3.
• Cat-C:1/2 therefore becomes the non-Designated Port for Segment 3.
44
Stages of spanning-tree port
states
51
PortFast
Powercycle a host and watch
link
lights…
How long
until switch
link light
turns green?
17 RickGraziani
graziani@cab
PortFast
I’m adding any
Powered addresses on this
On port to my MAC
Address Table.
• Host powered on.

• Port moves from blocking state immediately to listening state (15 seconds).
– Determines where switch fits into spanning tree topology.
• After 15 seconds port moves to learning state (15 seconds).
– Switch learns MAC addresses on this port.
• After 15 seconds port moves to forwarding state (30 seconds total).
PortFast – Problem DHCP
Powered
On
DHCP Discovery
Timeout
IP Address = 169.x.x.x
• Host sends DHCP Discovery

• Host never gets IP addressing information
• Also: Insignificant Topology Change

– A users PC causes the link to go up or down (normal booting or shutdown process).
– No significant impact but given enough hosts switches could be in a constant state of
flushing MAC address tables.
– Causes unknown unicast floods.
PortFast
Powered
On
DHCP Discovery
DHCP Offer
• The purpose of PortFast is to minimize the time that access ports wait for STP
to converge.
• When a port comes up, the port immediately moves into Forwarding state.
• The advantage of enabling PortFast is to prevent DHCP timeouts.
• Host sends DHCP Discovery
• Host can now can IP addressing information.
20
Configuring Portfast
Access2(config)#interface range fa 0/10 - 24
Access2(config-if-range)#switchport mode access
<Previously configured>
Access2(config-if-range)#spanning-tree portfast
OR
Access2(config)#spanning-tree portfast default
• Warning: PortFast should only be enabled on ports that are connected to a

single host.
• If hubs or switches are connected to the interface when PortFast is enabled,
temporary bridging loops can occur.
• If a loop is detected on the port, it will move into Blocking state.
Configuring Portfast
<Previously configured>
Switch(config-if-range)#spanning-tree portfast
Configure Portfast on all Distribution and Access switches

Verifying Portfast
Switch(config)# show spanning-tree inteface type mod/num portfast
RSTP – IEEE 802.1w
(Rapid Spanning Tree Protocol)
Rapid Spanning Tree Protocol
47 RickGraziani
graziani@cab
Rapid Spanning Tree Protocol
• The immediate hindrance of STP is convergence.

• Depending on the type of failure, it takes anywhere from 30 to 50 seconds, to
converge the network.
• RSTP helps with convergence issues that plague legacy STP.
48 RickGraziani
graziani@cab
STP vs RSTP
802.1D 802.1w
vs
• RSTP is based on IEEE 802.1w standard.

• IEEE 802.1w took 802.1D’s principle concepts and made convergence faster.
• STP topology change takes 30 seconds (two intervals of Forward Delay timer).
• RSTP is proactive and therefore negates the need for the 802.1D delay timers.
• RSTP (802.1w) supersedes 802.1D, while still remaining backward compatible.
• RSTP BPDU format is the same as the IEEE 802.1D BPDU format, except that the Version
field is set to 2 to indicate RSTP.
• The RSTP spanning tree algorithm (STA) elects a root bridge in exactly the same way as
802.1D elects a root.
49 RickGraziani
graziani@cab
RSTP
• RSTP can be applied on Cisco switches as:
– A single instance per VLAN
• Rapid PVST+ (RPVST+)
– Multiple instances
• IEEE 802.1s Multiple Spanning Tree (MST)
STP Port Behavior and States
• 802.1D
– Ports
• Root Port
• Designated Port
• Blocking Port
– Not Designated Port and Not Root Port
– Cisco’s proprietary UplinkFast has a hidden Alternative Port
offering parallel paths, but in Blocking state.
– States
• Disabled (Not 802.1D state)
• Blocking
• Listening
• Learning
• Forwarding
– Only state that sends/receives data.
RSTP
Root Bridge: Same election process as 802.1D (lowest BID)
Ports
• Root Port (802.1D Root Port)
– The one switch port on each switch that has the best root
path cost to the root.
• Designated Port (802.1D Designated Port)
– The switch port on a network segment that has the best
root path cost to the root.
• Alternate Port (802.1D Blocking Port)
– A port with an alternate path the root.
– An alternate port receives more useful BPDUs from
another switch and is a port blocked.
– Similar to how Cisco UplinkFast works.
• Backup Port (802.1D Blocking Port)
– A port that provides a redundant (but less desirable)
connection to a segment where another switch port
already connects.
– A backup port receives more useful BPDUs from the same
switch it is on and is a port blocked.
RSTP Port State s
Operational STP Port State RSTP Port State
Port State
Disabled Disabled Discarding
Enabled Blocking Discarding
Enabled Listening Discarding
Enabled Learning Learning
Enabled Forwarding Forwarding

• RSTP defines port states based on what it does with incoming data frames.
• Discarding
– Incoming frames are dropped
– No MAC Addresses learned
– Combination of 802.1D (Disabled), Blocking and Listening
• Learning
– Incoming frames are dropped
– MAC Addresses learned
• Forwarding
– Incoming frames are forward.
Evolution of STP
Rapid PVST Implementation
Switch(config)# spanning-tree mode rapid-pvst
• To revert back to the default PVST+ using traditional 802.1D:
Switch(config)# spanning-tree mode pvst

Rapid PVST Implementation
Commands
Access1# show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Address 0001.C945.A573
Cost 4
Port 26(GigabitEthernet1/2)

Address 0003.E461.46EC
Aging Time 20
Port Aggregation (EtherChannel)
EtherChannel
EtherChannel
EtherChannel
Spanning Tree and EtherChannel
• Spanning Tree only allows a single link
between switches to prevent bridging loops.
• Cisco’s EtherChannel technology allows for
the scaling of link bandwidth by aggregating
or bundling parallel links.
– Treated as a single, logical link.
– Access or Trunk link
– Allows you to expand the link’s capacity w ithout
having to purchase new hardware (modul es,
devices).
EtherChannel
• EtherChannel allows for two to eight links.

– Fast Ethernet (FE)  Fast EtherChannel  Up to 1600
Mbps
– Gigabit Ethernet (GE)  Gigabit EtherChannel  Up to
16 Gbps
– 10-Gigabit Ethernet (10GE)  10 Gigabit EtherChannel
 Up to 160 Gbps
EtherChannel
• The Cisco Catalyst family of switches supports two types of link aggregation:
– Port Aggregation Protocol (PAgP) - Cisco proprietary
• Default when port channel is created (coming)
– Link Aggregation Control Protocol (LACP) - Industry standard 802.3ad-based
protocol
• EtherChannel provides redundancy.
– If one link fails traffic is automatically moved to an active link.
– Transparent to end user.
– LACP (coming) also allows for standby links (coming).
Fast Ethernet EtherChannel Fast Ethernet
Full duplex Full duplex
Dot1q auto Dot1q auto
Native = VLAN 2 Native = VLAN 2
VLANs 1 thru 100 VLANs 1 thru 100
• The key is consistency for all links in the bundle:

– Media
• Same media type and speed
• Same duplex
– VLANs – All ports within the bundle must be configure with:
• Same VLAN (if access)
• Same trunking encapsulation and mode (if trunk)
– Mode on opposite switches do not have to be the same as long as it still
forms a trunk.
• Same Native VLAN
• Pass the same set of VLANs
Distribution of Traffic and Load Balancing
• Load is not balanced equally across links.

• EtherChannel uses a hashing algorithm.
– Single input is used (such as Source IP address), the hash will only look
at the bits associated with this input. (coming)
– Two inputs are used (such as Source IP address and Destination IP
address), the hash will perform an exclusive OR (XOR) operation on
both inputs. (coming!)
• Both of these will compute a binary number that selects a link number in
the bundle to carry the frame.
Load Balancing
• Let’s take a brief look at how this works.

• We will focus on the 2, 4 and 8 link possibilities as this is easier to understand and
the only options that provide more ideal load balancing.
• A 2 link EtherChannel bundle requires a 1-bit index using an XOR.
– If the index is 0, link 0 is selected
– If the index is 1, link 1 is selected
• A 4 link EtherChannel bundle requires a 2-bit index using an XOR.
– 4 possible links: 00, 01, 10, 11
• An 8 link EtherChannel bundle requires a 3-bit index using an XOR.
– 8 possible links: 000, 001, 010, 011, 100, 101, 110, 111
Configuring EtherChannel
Configuring EtherChannel Load
Balancing
Switch(config)# port-channel load-balance method
 The load balancing method is configured in global configuration

mode.
Load Balancing
Switch(config)# port-channel load-balance ?
dst-ip Dst IP Addr bits Hash
dst-mac Dst Mac Addr bits Operation
src-dst-ip Src XOR Dst IP Addr XOR
src-dst-mac Src XOR Dst Mac Addr XOR default
src-ip Src IP Addr bits
src-mac Src Mac Addr bits
 6500 and 4500 switches also allow hash input to be based on:
 dst-port (destination port)
 src-dst-port (source and destination ports)
 Dafaults for 29xx and 35xx (this may vary so check documentation)
 Layer 2 switching (switched port) is src-mac (coming)
 Layer 3 switching (routed port) is src-dst-ip (coming)
 For non-IP traffic the switch will distribute frames based on MAC
addresses.
 Multicasts and broadcasts sent over one link in the EtherChannel are not
sent back over other links in the EtherChannel.
Switch(config)# port-channel load-balance ?
Load dst-ip
dst-mac
src-dst-ip
Dst IP Addr
Dst Mac Addr
Src XOR Dst IP Addr
bits
bits
XOR
Balancing src-dst-mac Src XOR Dst Mac Addr

src-ip
src-mac
Src IP Addr
Src Mac Addr
XOR
bits
bits
Switch(config)# port-channel load-balance src-dst-ip
 Normally, the default Source IP and Destination IP addresses will result in a

fair statistical distribution of frames.
 This is because of the random nature of multiple Source and Destination IP
addresses.
 However, if a single server’s destination IP address is receiving most of
the traffic this may cause one link to be overused in a two link
EtherChannel.
 Two links in a four link EtherChannel
 Four links in an eight link EtherChannel.
 Use only Source IP address or include MAC addresses to create a more
balanced load across the bundle.
EtherChannel Protocols
PAgP
LACP PAgP
LACP
• The Cisco Catalyst family of switches supports

both:
– Port Aggregation Protocol (PAgP) - Cisco
proprietary
• Default when port channel is created (coming)
– Link Aggregation Control Protocol (LACP) -
Industry standard 802.3ad-based protocol
• Not many differences.
EtherChannel
Fa0/1
Protocols
Fa0/4
DLS1(config)# interface range fa 0/1 - 4

DLS1(config-if-range)# channel-protocol ?
lacp Prepare interface for LACP protocol
pagp Prepare interface for PAgP protocol
DLS1(config-if-range)# channel-protocol pagp
 PAgP requres identical static VLANs or trunking encapsulation with

same allowed VLANs.
 If the VLAN, speed or duplex on a port in the bundle is changed
PAgP automatically reconfigures the rest of the ports in that bundle.
EtherChannel
Fa0/1
Protocols
Channel Group
Fa0/4

DLS1(config-if-range)# channel-protocol ?
lacp Prepare interface for LACP protocol
pagp Prepare interface for PAgP protocol
DLS1(config-if-range)# channel-group number mode {active | on |
{auto [non-silent]} | {desirable [non-silent]} | passive}
 Channel-group number: 1 – 64
 Does not need to be the same on both switches but its
recommended that it usually is.
No PAgP or LACP negotiation
EtherChannel
on on

DLS1(config-if-range)# channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
 on – Forces port to channel without PAgP negotiation.

 Both ends must be on.
 All ports channeling
 You can use channel-group # mode on when the connecting device does
not support PAgP and you need to set up the channel unconditionally.
PAgP modes
EtherChannel
desirable
desirable
auto

 An interface in desirable mode can form an EtherChannel with another

interface that is in desirable or auto mode.
 Desirable (Active) - Actively asks to form a channel
PAgP modes
EtherChannel
auto desirable

 An interface in auto mode can form an EtherChannel with another interface

in desirable mode.
 Auto (default, passive) - Waits to be asked to form a channel.
 An interface in auto mode cannot form an EtherChannel with another
interface that is also in auto mode because neither interface starts PAgP
negotiation.
PAgP Silent FYI EtherChannel

DLS1(config-if-range)# channel-group 1 mode auto ?
non-silent Start negotiation only after data packets received
 By default PAgP uses the silent submode for desirable and auto.
 If you expect a switch to be on the other end you should use non-silent.
 “Use the non-silent keyword when you connect to a device that transmits bridge protocol data units
(BPDUs) or other traffic.”
 “Use the silent keyword when you connect to a silent partner (which is a device that does not generate
BPDUs or other traffic).”
 Either will work between switches.
 For more information on when to use silent or non-silent:
 http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094953.s
html
LACP modes
EtherChannel
active
active
passive

DLS1(config-if-range)# channel-protocol lacp
 An interface in the active mode can form an EtherChannel with another

interface that is in the active or passive mode.
LACP modes
EtherChannel
passive active

 An interface in the passive mode can form an EtherChannel with another

interface that is in the active mode.
 An interface in the passive mode cannot form an EtherChannel with
another interface that is also in the passive mode because neither interface
starts LACP negotiation.
Forming EtherChannels
EtherChannel
on on
PAgP Negotiated EtherChannel

desirable desirable
auto
LACP Negotiated EtherChannel

active active
passive
Configuring PAgP
DLS1(config)# port-channel load-balance dst-ip
DLS1(config-if-range)# switchport trunk encapsulation dot1q
DLS1(config-if-range)# switchport mode trunk
DLS1(config-if-range)# channel-group 1 mode desirable
DLS2(config)# port-channel load-balance src-dst-ip

DLS2(config-if-range)# channel-group 1 mode auto
 Notice:
 Load balancing does not have to match but usually it does.
 DTP on DLS2 is dyanmic auto (result is trunk with DLS1)
 PAgP configured on both ends
VERIFING
DLS1#show run DLS2#show run
! !
port-channel load-balance dst-ip port-channel load-balance src-dst-ip
! !
interface Port-channel1 interface Port-channel1
switchport trunk encapsulation dot1q switchport trunk encapsulation dot1q
switchport mode trunk !
! !
interface FastEthernet0/1 interface FastEthernet0/1
! ... ! ...
switchport mode trunk channel-group 1 mode auto
channel-group 1 mode desirable !
! !
switchport mode trunk channel-group 1 mode auto
channel-group 1 mode desirable
Verifying
DLS1# show etherchannel protocol
Group: 1
----------
Protocol: PAgP
DLS1# show etherchannel load-balance

EtherChannel Load-Balancing Operational State (dst-ip):
Non-IP: Destination MAC address
IPv4: Destination IP address
DLS1# DLS1(config)# port-channel load-balance dst-ip

DLS1# show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1

Number of aggregators: 1
Group Port-channel Protocol Ports

------+-------------+-----------+-------------------------------
1 Po1(SU) PAgP Fa0/11(P) Fa0/12(P)

DLS1# show etherchannel port DLS1(config)# port-channel load-balance dst-ip
Group: 1 DLS1(config)# interface range fa 0/11 - 12
---------- DLS1(config-if-range)# channel-protocol pagp
Port: Fa0/11
------------
Port state = Up Mstr In-Bndl

Channel group = 1 Mode = Desirable-Sl Gcchange = 0
Port-channel = Po1 GC = 0x00010001 Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = PAgP
Flags: S - Device is sending Slow hello. C - Device is in Consistent state.

<output omitted>
Timers: H - Hello timer is running. Q - Quit timer is running.
<output omitted>
Can help determine if the load balancing is being
Local information: distributed equally across the links
Hello Partner PAgP Learning Group
Port Flags State Timers Interval Count Priority Method Ifindex
Fa0/11 SC
Partner's information:
Partner Partner Partner Partner Group

Port Name Device ID Port Age Flags Cap.
Fa0/11 DLS2 001b.8fc8.0080
Age of the port in the current state: 00d:00h:35m:29s
Port: Fa0/12
------------
...
Configuring LACP
DLS1(config)# lacp system-priority 11111
Fa0/13-14 has a
higher port priority
DLS1(config-if-range)# switchport mode trunk so these will
DLS1(config-if-range)# channel-protocol lacp become the
DLS1(config-if-range)# channel-group 1 mode active standby links
DLS1(config-if-range)# lacp port-priority 99 should something
happen to any of
the active links.
Default port-priority = 32,768
DLS1(config-if-range)# channel-group 1 mode active
 Port Priority - (Optional for LACP)

 LACP uses the port priority to decide which ports should be put in standby mode.
 Not typically used (more with hardware limitation).
 Ports with lower priority are active, rest are standby. (Default is 32,768)
 System Priority - (Optional for LACP)
 Valid values are 1 through 65535.
 Higher numbers have lower priority. (Default is 32768, switch MAC is tiebreaker)
 Recommended only when some ports are in standby.
Configuring LACP: DLS1 and DLS2
DLS1(config)# lacp system-priority 11111

DLS1(config-if-range)# lacp port-priority 99

DLS2(config)# port-channel load-balance src-dst-ip

DLS2(config-if-range)# channel-group 1 mode passive

Verifying (only showing DLS1)
DLS1#show run interface FastEthernet0/13
! switchport trunk encapsulation dot1q
port-channel load-balance dst-ip switchport mode trunk
! channel-group 1 mode active
interface Port-channel1 !
switchport trunk encapsulation dot1q interface FastEthernet0/14
switchport mode trunk switchport trunk encapsulation dot1q
! switchport mode trunk
interface FastEthernet0/11 channel-group 1 mode active
switchport trunk encapsulation dot1q
switchport mode trunk
lacp port-priority 99
channel-group 1 mode active
!
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport mode trunk
lacp port-priority 99
channel-group 1 mode active
!
Verifying
DLS1# show etherchannel protocol
Group: 1
----------
Protocol: LACP
DLS1# show etherchannel load-balance

EtherChannel Load-Balancing Operational State (dst-ip):
Non-IP: Destination MAC address

DLS1(config-if-range)# lacp port-priority 99
<output imitted>
Verifying
DLS1# show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1

Number of aggregators: 1
Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------
1 Po1(SU) LACP Fa0/11(P) Fa0/12(P) Fa0/13(H)
Fa0/14(H)
DLS1#

Switching

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Switching

Transféré par

Droits d'auteur :

Formats disponibles

Ethernet 802.

Los estándares para Ethernet (IEEE 802.3) especifican -mediante subcapas-

6 Presentación Subcapa de Control de

3 Red Señalización física

Cabecera Datos deAplicación

Cabecera Cabecera Datos de Aplicación

Cabecera Cabecera Cabecera Datos de Aplicación

Cabecera Cabecera Cabecera Cabecera Datos de Aplicación Partefinal

Comités de la serie IEEE 802

802.2 Control de Enlace Lógico

802.3 802.4 802.5 802.6 Enlace de

802.3 802.4 802.5 802.6 Física

• PREAMBLE: 8 octetos compuestos por 0 y 1 intercalados utilizados para

1111 2222 3333 nnnn Abbreviated

• When an Ethernet frame is sent out on the

• Each NIC card compares its own MAC address with

1111 2222 3333 nnnn Abbreviated

• So, what happens when multiple computers try

1111 2222 3333 nnnn Abbreviated

Two common types of access methods for LANs include

• Deterministic: Token Passing (Token Ring)

3333 For me! 4444 Nope 4

3333 Nope 4444 Nope 25

Source Address Table

Source Address Table

• How does it learn source

Source Address Table

• Now 3333 sends data back to

Source Address Table

• Now, because both MAC addresses

Source Address Table

• Unlike a hub, a collision does

Source Address Table

• When there is only one device on a

Source Address Table

1 1111 6 3333 1111 3333

1111 2222 5555

1 1111 6 3333 1111 3333

• The switch filters the

• Where is the collision

1111 2222 5555

1 1111 6 3333 1111 3333

1111 2222 5555

JAM JAM JAM JAM JAM JAM

JAM JAM JAM JAM JAM JAM

•Carrier sense multiple access with collision detection

Reducen los costos de administración

▪ En el arranque inicial del switch todos los puertos del switch

▪ Una VLAN de administración es cualquier VLAN que usted configura

VLAN basada en direccione MAC. Aquí se asignan hosts a una

VLAN por tipo de protocolo. La VLAN queda determinada por

Disminuye el requerimiento de puertos físicos para mantener comunicadas

Default vlan Default

Note: The switchport mode access command should be configured on

• By default, all ports are configured as switchport mode dynamic

Switch(config-if)#no switchport access vlan vlan_number

• This command will reset the interface to VLAN 1.

• VLAN information is kept in the vlan.dat file.

• Each switch port can be assigned to a different VLAN.

• VTP clients cannot create, modify, or delete VLAN information.

• Switches in VTP transparent mode forward VTP advertisements but ignore

• The domain name can be between 1 and 32 characters.

• VTP Configuration in global configuration

• VTP Configuration in VLAN configuration