Ch.

4 Switching Concepts
CCNA 3 version 3.0

Overview

Routers Switches, Bridges Hub, Repeaters

Ethernet networks used to be built using repeaters. When the performance of these networks began to suffer because too
many devices shared the same segment, network engineers added bridges to create multiple collision domains. As networks grew in size and complexity, the bridge evolved into the modern switch, allowing microsegmentation of the network. Todays networks typically are built using switches and routers, often with the routing and switching function in the same device.

Ethernet/802.3 LAN development

Distance limitations Ethernet is fundamentally a shared technology where all users on a given LAN segment compete for the same available bandwidth. This situation is analogous to a number of cars all trying to access a one-lane road at the same time. Because the road has only one lane, only one car can access it at a time. The introduction of hubs into a network resulted in more users competing for the same bandwidth. Collisions are a by-product of Ethernet networks.

Bridges

A bridge is a Layer 2 device used to divide, or segment, a network. A bridge is capable of collecting and selectively passing data frames

between two network segments. Bridges do this by learning the MAC address of all devices on each connected segment. Using this information, the bridge builds a bridging table and forwards or blocks traffic based on that table. This results in smaller collision domains and greater network efficiency. Bridges do NOT restrict broadcast traffic.

Switches

Switches create a virtual circuit between two connected devices,

establishing a dedicated communication path between two devices. Switches on the network provide microsegmentation. This allows maximum utilization of the available bandwidth. A switch is also able to facilitate multiple, simultaneous virtual circuit connections. Broadcast frames to all connected devices on the network.

Router

A router is a Layer 3 device. Used to route traffic between two or more Layer 3 networks. Routers make decisions based on groups of network addresses, or
classes, as opposed to individual Layer 2 MAC addresses. Routers use routing tables to record the Layer 3 addresses of the networks that are directly connected to the local interfaces and network paths learned from neighboring routers. Routers are not compelled to forward broadcasts.

Factors that impact network performance

Elements of Ethernet/802.3 networks

Broadcast data frame delivery of Ethernet/802.3 The carrier sense multiple access/collision detect (CSMA/CD) method
allows only one station to transmit at a time. Multimedia applications with higher bandwidth demand such as video and the Internet, coupled with the broadcast nature of Ethernet, can create network congestion. Normal latency as the frames travel across the layers Extending the distances and increasing latency of the Ethernet/802.3 LANs by using Layer 1 repeaters.

Half-Duplex

Originally Ethernet was a half-duplex technology. Using half-duplex, a host could either transmit or receive at one time,

but not both. If the network is already in use, the transmission is delayed. When a collision occurs, the host that first detects the collision will send out a jam signal to the other hosts. Upon receiving the jam signal, each host will stop sending data, then wait for a random period of time before attempting to retransmit. The back-off algorithm generates this random delay. As more hosts are added to the network and begin transmitting, collisions are more likely to occur.

Duplex Transmissions

Simplex Transmission: One way and one way only.

One way street

Half-duplex Transmission: Either way, but only one way at a time.

Two way street, but only one way at a time (land slide).
Full-duplex Transmission: Both ways at the same time.

Two way street

Network Congestion

Today's networks are experiencing an increase in the transmission of

many forms of media: Large graphics files Images Full-motion video Multimedia applications

Network Latency

Latency, or delay, is the time a frame or a packet takes to travel from

the source station to the final destination. It is important to quantify the total latency of the path between the source and the destination for LANs and WANs. Latency has at least three sources: First, there is the time it takes the source NIC to place voltage pulses on the wire and the time it takes the receiving NIC to interpret these pulses. This is sometimes called NIC delay. Second, there is the actual propagation delay as the signal takes time to travel along the cable. Third, latency is added according to which networking devices, whether they are Layer 1, Layer 2, or Layer 3, are added to the path between the two communicating computers.

Ethernet 10 BASE-T transmission time

Transmission time equals the number of bits being sent times the bit

time for a given technology. Another way to think about transmission time is the time it takes a frame to be transmitted. Small frames take a shorter amount of time. Large frames take a longer amount of time. Each 10 Mbps Ethernet bit has a 100 ns transmission window. Therefore, 1 byte takes a minimum of 800 ns to transmit. A 64-byte frame, the smallest 10BASE-T frame allowing CSMA/CD to function properly, takes 51,200 ns ( 51.2 microseconds). Transmission of an entire 1000-byte frame from the source station requires 800 microseconds.

The benefits of using repeaters

The distance that a LAN can cover is limited due to attenuation. Attenuation means that the signal weakens as it travels through the
network. The resistance in the cable or medium through which the signal travels causes the loss of signal strength. An Ethernet repeater is a physical layer device on the network that boosts or regenerates the signal on an Ethernet LAN.

Full-duplex transmitting

Full-duplex Ethernet allows the transmission of a packet and the

reception of a different packet at the same time. To transmit and receive simultaneously, a dedicated switch port is required for each node. The full-duplex Ethernet switch takes advantage of the two pairs of wires in the cable by creating a direct connection between the transmit (TX) at one end of the circuit and the receive (RX) at the other end. Ethernet usually can only use 50%-60% of the available 10 Mbps of bandwidth because of collisions and latency. Full-duplex Ethernet offers 100% of the bandwidth in both directions. This produces a potential 20 Mbps throughput, which results from 10 Mbps TX and 10 Mbps RX.

Duplex Transmissions

Simplex Transmission: One way and one way only.

One way street

Half-duplex Transmission: Either way, but only one way at a time.

Two way street, but only one way at a time (land slide).
Full-duplex Transmission: Both ways at the same time.

Two way street

LAN segmentation

Not the best diagram, lets look at some examples

Sending and receiving Ethernet frames on a bus

1111 2222 3333 nnnn

Abbreviated MAC Addresses

3333 1111

When an Ethernet frame is sent out on the bus all devices on the bus receive it. What do they do with it?

Sending and receiving Ethernet frames on a bus

Nope 1111 2222 Hey, thats me! 3333 Nope nnnn

Abbreviated MAC Addresses

3333 1111

Each NIC card compares its own MAC address with the Destination

MAC Address. If it matches, it copies in the rest of the frame. If it does NOT match, it ignores the rest of the frame.

Unless you are running a Sniffer program

Sending and receiving Ethernet frames on a bus

1111 2222 3333 nnnn

Abbreviated MAC Addresses

So, what happens when multiple computers try to transmit at the same time?

Sending and receiving Ethernet frames on a bus

1111 2222 3333 nnnn

Abbreviated MAC Addresses

Collision!

Access Methods
Two common types of access methods for LANs include Non-Deterministic: Contention methods (Ethernet, IEEE 802.3)

Only one signal can be on a network segment at one time. Collisions are a normal occurrence on an Ethernet/802.3 LAN

Deterministic: Token Passing (Token Ring)

CSMA/CD
CSMA/CD (Carrier Sense Multiple Access with Collision Detection) Common contention method used with Ethernet and IEEE 802.3 Let everyone have access whenever they want and we will work it out somehow.

CSMA/CD and Collisions

CSMA/CD (Carrier Sense Multiple Access with Collision Detection) Listens to the networks shared media to see if any other users on on the line by trying to sense a neutral electrical signal or carrier. If no transmission is sensed, then multiple access allows anyone onto the media without any further permission required. If two PCs detect a neutral signal and access the shared media at the exact same time, a collision occurs and is detected. The PCs sense the collision by being unable to deliver the entire frame (coming soon) onto the network. (This is why there are minimum frame lengths along with cable distance and speed limitations. This includes the 5-4-3 rule.) When a collision occurs, a jamming signal is sent out by the first PC to detect the collision. Using either a priority or random backoff scheme, the PCs wait certain amount of time before retransmitting. If collisions continue to occur, the PCs random interval is doubled, lessening the chances of a collision.

CSMA/CD and Collisions

Nope 1111 2222 Hey, thats me! 3333 Nope nnnn

Abbreviated MAC Addresses

Notice the location of the DA!

3333 1111

And as we said, When information (frame) is transmitted, every PC/NIC on the shared media copies part of the transmitted frame to see if the destination address matches the address of the NIC. If there is a match, the rest of the frame is copied If there is NOT a match the rest of the frame is ignored.

Sending and receiving Ethernet frames via a hub

3333 1111

1111

2222

5555

So, what does a hub do when it receives information? Remember, a hub is nothing more than a multiport repeater.

3333

4444

Sending and receiving Ethernet frames via a hub

Hub or

Sending and receiving Ethernet frames via a hub

3333 1111

The hub will flood it out all

1111 2222 Nope

5555 Nope

3333 For me!

4444 Nope

ports except for the incoming port. Hub is a layer 1 device. A hub does NOT look at layer 2 addresses, so it is fast in transmitting data. Disadvantage with hubs: A hub or series of hubs is a single collision domain. A collision will occur if any two or more devices transmit at the same time within the collision domain. More on this later.

Sending and receiving Ethernet frames via a hub

2222 1111

Another disadvantage with

1111 2222 For me!

hubs is that is take up unnecessary bandwidth on other links.

5555 Nope

Wasted bandwidth

3333 Nope

4444 Nope

Sending and receiving Ethernet frames via a switch

Sending and receiving Ethernet frames via a switch

Source Address Table Port Source MAC Add. Port Source MAC Add. 3333 1111

Switches are also known as

switch

1111
Abbreviated MAC addresses

3333

4444

2222

learning bridges or learning switches. A switch has a source address table in cache (RAM) where it stores source MAC address after it learns about them. A switch receives an Ethernet frame it searches the source address table for the Destination MAC address. If it finds a match, it filters the frame by only sending it out that port. If there is not a match if floods it out all ports.

No Destination Address in table, Flood

Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111

3333 1111

switch

How does it learn source MAC

addresses? First, the switch will see if the SA (1111) is in its table. If it is, it resets the timer (more in a moment). If it is NOT in the table it adds it, with the port number.

1111
Abbreviated MAC addresses

3333

Next, in our scenario, the

switch will flood the frame out all other ports, because the DA is not in the source address table.

2222

4444

Destination Address in table, Filter

Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333

1111 3333

Most communications involve

switch some sort of client-server relationship or exchange of information. (You will understand this more as you learn about TCP/IP.) Now 3333 sends data back to 1111. The switch sees if it has the SA stored. It does NOT so it adds it. (This will help next time 1111 sends to 3333.) Next, it checks the DA and in our case it can filter the frame, by sending it only out port 1.

1111
Abbreviated MAC addresses

3333

2222

4444

Destination Address in table, Filter

Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333

3333 1111

switch
1111 3333

Now, because both MAC addresses are in the switchs table, any information exchanged between 1111 and 3333 can be sent (filtered) out the appropriate port. What happens when two devices send to same destination? What if this was a hub? Where is (are) the collision domain(s) in this example?

1111
Abbreviated MAC addresses

3333

2222

4444

No Collisions in Switch, Buffering

Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 9 4444

3333 1111

switch
3333 4444

Unlike a hub, a collision does

NOT occur, which would cause the two PCs to have to retransmit the frames. Instead the switch buffers the frames and sends them out port #6 one at a time. The sending PCs have no idea that their was another PC wanting to send to the same destination.

1111
Abbreviated MAC addresses

3333

2222 4444

Collision Domains
Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 9 4444

3333 1111

Collision Domains

switch
3333 4444

When there is only one device

on a switch port, the collision domain is only between the PC and the switch. (Cisco curriculum is inaccurate on this point.) With a full-duplex PC and switch port, there will be no collision, since the devices and the medium can send and receive at the same time.

1111
Abbreviated MAC addresses

3333

2222

4444

Other Information
Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 9 4444

switch

1111
Abbreviated MAC addresses

3333

2222 4444

How long are addresses kept in the Source Address Table? 5 minutes is common on most vendor switches. How do computers know the Destination MAC address? ARP Caches and ARP Requests How many addresses can be kept in the table? Depends on the size of the cache, but 1,024 addresses is common. What about Layer 2 broadcasts? Layer 2 broadcasts (DA = all 1s) is flooded out all ports.

Side Note - Transparent Bridging

Transparent bridging (normal switching process) is defined in IEEE
802.1d describing the five bridging processes of: learning flooding filtering forwarding aging

These will be discussed further in STP (Spanning Tree Protocol)

Transparent Bridge Process - Jeff Doyle

Receive Packet

Learn source address or refresh aging timer

Is the destination a broadcast, multicast or unknown unicast? No

Yes

Flood Packet

Are the source and destination on the same interface? No Yes Filter Packet

Forward unicast to correct port

What happens here?

Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 1 2222 1 3333

1111 3333

Notice the Source

Address Table has multiple entries for port #1.

3333 1111 2222 5555

What happens here?

Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 1 2222 1 5555

1111 3333

The switch filters the

frame out port #1. But the hub is only a layer 1 device, so it floods it out all ports.

Where is the
collision domain?
3333 1111 2222 5555

What happens here?

Source Address Table Port Source MAC Add. Port Source MAC Add. 1 1111 6 3333 1 2222 1 5555

1111 3333

Collision Domain

3333 1111 2222 5555

LAN segmentation with routers

Routers provide segmentation of networks, adding a latency factor of

20% to 30% over a switched network. This increased latency is because a router operates at the network layer and uses the IP address to determine the best path to the destination node. Bridges and switches provide segmentation within a single network or subnetwork. Routers provide connectivity between networks and subnetworks. Routers also do not forward broadcasts while switches and bridges must forward broadcast frames.

Layer 2 and layer 3 switching

(routing)

A layer 3 switch is typically a layer 2 switch that includes a routing

process, I.e. does routing. (Oh yea, also known as routing. Got to love those people in Marketing.) Layer 3 switching has many meanings and in many cases is just a marketing term. Layer 3 switching is a function of the network layer. The Layer 3 header information is examined and the packet is forwarded based on the IP address.

Symmetric and asymmetric switching

Note: Most switches are now 10/100, which allow you to use them symmetrically or asymmetrically.

Ethernet switch latency

Latency is the period of time from when the beginning of a frame enters

to when the end of the frame exits the switch. Latency is directly related to the configured switching process and volume of traffic.

Memory buffering
switch

1111
Abbreviated MAC addresses

3333

2222 4444

An Ethernet switch may use a buffering technique to store and forward frames. Buffering may also be used when the destination port is busy. The area of memory where the switch stores the data is called the memory buffer. This memory buffer can use two methods for forwarding frame: port-based memory buffering shared memory buffering In port-based memory buffering frames are stored in queues that are linked to specific incoming ports. Shared memory buffering deposits all frames into a common memory buffer which all the ports on the switch share.

Two switching methods

Store-and-forward The entire frame is received before any

forwarding takes place. The destination and source addresses are read and filters are applied before the frame is forwarded. CRC Check done Cut-through The frame is forwarded through the switch before the entire frame is received. This mode decreases the latency of the transmission, but also reduces error detection. 1900 and 2800 series switches this is configurable, otherwise depends on the model of the switch.

Cut-through

Cut-through Fast-forward Offers the lowest level of latency. Fast-forward switching immediately forwards a packet after reading the destination address. There may be times when packets are relayed with errors. Although this occurs infrequently and the destination network adapter will discard the faulty packet upon receipt.

Cut-through

Cut-through Fragment-free Fragment-free switching filters out collision fragments before forwarding begins. Collision fragments are the majority of packet errors. In a properly functioning network, collision fragments must be smaller than 64 bytes. Anything greater than 64 bytes is a valid packet and is usually received without error. Fragment-free switching waits until the packet is determined not to be a collision fragment before forwarding.

Two switching methods

Adaptive cut-through In this mode, the switch uses cut-through until it detects a given number of errors. Once the error threshold is reached, the switch changes to store-and-forward mode.

Functions of a switch

The main features of Ethernet switches are:

Isolate traffic among segments Achieve greater amount of bandwidth per user by creating smaller collision domains

How switches learn addresses

Learning bridges or Learning switches

Bridges and switches learn in the following ways:

Reading the source MAC address of each received frame or datagram Recording the port on which the MAC address was received. The bridge or switch learns which addresses belong to the devices connected to each port. The learned addresses and associated port or interface are stored in the addressing table. The bridge examines the destination address of all received frames. The bridge then scans the address table searching for the destination address.

Filter or Flood (Switch)

If a switch has the frames destination address in its CAM table (or
Source Address Table) it will only send the frame out the appropriate port. If a switch does not have the frames destination MAC address in its CAM table, it floods (sends) it out all ports except for the incoming port (the port that the frame came in on) known as an Unknown Unicast, or if the destination MAC address is a broadcast. Note: A CAM table may contain multiple entries per port, if a hub or a switch is attached to that port. Most Ethernet bridges can filter broadcast and multicast frames.

Filter or Flood (Switch)

Switches flood frames that are: Unknown unicasts Layer 2 broadcasts Multicasts (unless running multicast snooping or IGMP) Multicast are special layer 2 and layer 3 addresses that are sent to devices that belong to that group.

Why segment LANs? (Layer 2 segments)

Hub

Switch

First is to isolate traffic between segments. The second reason is to achieve more bandwidth per user
by creating smaller collision domains.

Why segment LANs? (Layer 2 segments)

switch

Collision Domains

1111
Abbreviated MAC addresses

3333

2222

4444

A switch employs microsegmentation to reduce the collision domain on a LAN. The switch does this by creating dedicated network segments, or point-to-point connections.

Broadcast domains

172.30.1.21 255.255.255.0

Switch 1

172.30.2.10 255.255.255.0

172.30.1.23 255.255.255.0

172.30.2.12 255.255.255.0

Switch 2

172.30.2.16 255.255.255.0

Switched Network AllARP Request - Two Networks Two Subnets Several Collision Domains One per switch port One Broadcast Domain

172.30.1.25 255.255.255.0 172.30.2.14 255.255.255.0 172.30.1.27 255.255.255.0

Even though the LAN switch reduces the size of collision domains, all
hosts connected to the switch are still in the same broadcast domain. Therefore, a broadcast from one node will still be seen by all the other nodes connected through the LAN switch.

Switches and broadcast domains

These are logical not physical representations of what happens to these frames.

Switches flood frames that are:

Unknown unicasts Layer 2 broadcasts Multicasts (unless running multicast snooping or IGMP) Multicast are special layer 2 and layer 3 addresses that are sent to devices that belong to that group.

Switches and broadcast domains

When a device wants to send out a Layer 2 broadcast, the destination

MAC address in the frame is set to all ones. A MAC address of all ones is FF:FF:FF:FF:FF:FF in hexadecimal. By setting the destination to this value, all the devices will accept and process the broadcasted frame.

Switches and broadcast domains

Communication between switches and workstation

Hubs to VLANs Part 1

(Part 2 will be discussed when we cover VLANs.)

Using Hubs
Layer 1 devices Inexpensive In one port, out the others One collision domain One broadcast domain

Single Hub
Hub 1

172.30.1.21 255.255.255.0

172.30.1.24 255.255.255.0

172.30.1.22 255.255.255.0

172.30.1.23 255.255.255.0

Single Hub One Network (IP Network Address - usually) One Collision Domain One Broadcast Domain

This is fine for small workgroups, but does not scale well for larger workgroups or heavy traffic.

Single Hub
Hub 1

172.30.1.21 255.255.255.0

172.30.2.22 255.255.255.0

172.30.1.22 255.255.255.0

172.30.2.21 255.255.255.0

Note: Different color hosts refer to different subnets.

Single Hub - Two subnets Two subnets One Collision Domain One Broadcast Domain

What if the computers were on two different subnets? Could they communicate within their own subnet? Yes Between subnets? No, need a router. The sending host will check the destination IP address with its own IP address and subnet mask. The AND operation will determine that it is on a different subnet and cannot be reached without sending the packet to a default gateway (router). This is even though they are on the same physical network.

Multiple Hubs
Hub 1

172.30.1.21 255.255.255.0 172.30.1.23 255.255.255.0

Hub 2

172.30.1.27 255.255.255.0

172.30.1.22 255.255.255.0

All Hubs One Network Address One Collision Domain One Broadcast Domain

172.30.1.24 255.255.255.0 172.30.1.25 255.255.255.0 172.30.1.26 255.255.255.0

Same issues as before, with more of an impact on the network.

Using Switches

Layer 2 devices Layer 2 filtering based on Destination MAC addresses and Source Address Table One collision domain per port One broadcast domain across all switches

Switches create multiple parallel paths

Hub

172.30.1.21 255.255.255.0 172.30.1.23 255.255.255.0

Switch

172.30.1.27 255.255.255.0

172.30.1.22 255.255.255.0

Switch and Hub Network One Network Several Collision Domains One per switch port One for the entire Hub One Broadcast Domain

172.30.1.24 255.255.255.0 172.30.1.25 255.255.255.0 172.30.1.26 255.255.255.0

Two parallel paths: (complete SAT tables) Data traffic from 172.30.1.24 to 172.30.1.25 Data traffic from 172.30.1.26 to 172.30.1.2

Hubs do not create multiple parallel paths

Collision!

Hub

172.30.1.21 255.255.255.0 172.30.1.23 255.255.255.0

Switch

172.30.1.27 255.255.255.0

172.30.1.22 255.255.255.0

Switch and Hub Network One Network Several Collision Domains One per switch port One for the entire Hub One Broadcast Domain

172.30.1.24 255.255.255.0 172.30.1.25 255.255.255.0 172.30.1.26 255.255.255.0

As opposed to the Hub: Data traffic from 172.30.1.21 to 172.30.1.22 Data traffic from 172.30.1.23 to 172.30.1.24

Switches create multiple parallel paths

Hub

172.30.1.21 255.255.255.0 172.30.1.23 255.255.255.0

Switch

172.30.1.27 255.255.255.0

172.30.1.22 255.255.255.0

Switch and Hub Network One Network Several Collision Domains One per switch port One for the entire Hub One Broadcast Domain

172.30.1.24 255.255.255.0 172.30.1.25 255.255.255.0 172.30.1.26 255.255.255.0

Collisions and Switches: What happens when two devices on a switch, send data to another device on the switch? 172.30.1.24 to 172.30.1.25 and 172.30.1.26 to 172.30.1.25

Switches create multiple parallel paths

Hub
Frames buffered
172.30.1.23 255.255.255.0

172.30.1.21 255.255.255.0

Switch

172.30.1.27 255.255.255.0

172.30.1.22 255.255.255.0

Switch and Hub Network One Network Several Collision Domains One per switch port One for the entire Hub One Broadcast Domain

172.30.1.24 255.255.255.0 172.30.1.25 255.255.255.0 172.30.1.26 255.255.255.0

The switch keeps the frames in buffer memory, and queues the traffic for the host 172.30.1.25. This means that the sending hosts do not know about the collisions and do not have to re-send the frames.

Other Switching Features

Review Asymmetric ports: 10 Mbps and 100 Mbps Full-duplex ports Cut-through versus Store-and-Forward switching

Other Switching Features

172.30.1.21 255.255.255.0

Switch 1

172.30.1.22 255.255.255.0

172.30.1.23 255.255.255.0

172.30.1.24 255.255.255.0

Switch 2

172.30.1.28 255.255.255.0

All Switched Network One Network Several Collision Domains One per switch port One Broadcast Domain

172.30.1.25 255.255.255.0 172.30.1.26 255.255.255.0 172.30.1.27 255.255.255.0

Ports between switches and server ports are good candidates for higher
bandwidth ports (100 Mbps) and full-duplex ports. Most switch ports today are full-duplex.

Introducing Multiple Subnets/Networks without Routers

Switches are Layer 2 devices Router are Layer 3 devices Data between subnets/networks must pass through a
router.

Switched Network with Multiple Subnets

ARP Request

172.30.1.21 255.255.255.0

Switch 1

172.30.2.10 255.255.255.0

172.30.1.23 255.255.255.0

172.30.2.12 255.255.255.0

Switch 2

172.30.2.16 255.255.255.0

All Switche d Ne twork - Two Ne tworks Two Subnets 172.30.1.25 Several Collision Domains 255.255.255.0 One per switch port One Broadcast Domain

172.30.2.14 255.255.255.0

172.30.1.27 255.255.255.0

What are the issues? Can data travel within the subnet? Yes Can data travel between subnets? No, need a router! What is the impact of a layer 2 broadcast, like an ARP Request?

Switched Network with Multiple Subnets

ARP Request

172.30.1.21 255.255.255.0

Switch 1

172.30.2.10 255.255.255.0

172.30.1.23 255.255.255.0

172.30.2.12 255.255.255.0

Switch 2

172.30.2.16 255.255.255.0

All Switched Network - Two Networks Two Subnets Several Collision Domains One per switch port One Broadcast Domain

172.30.1.25 255.255.255.0 172.30.2.14 255.255.255.0 172.30.1.27 255.255.255.0

All devices see the ARP Request, even those on the other subnets that do not need to see it. One broadcast domain means the switches flood all broadcast out all ports, except the incoming port. Switches have no idea of the layer 3 information contained in the ARP Request.This consumes bandwidth on the network and processing cycles on the hosts.

One Solution: Physically separate the subnets

172.30.1.21 255.255.255.0

Switch 1

172.30.1.23 255.255.255.0

172.30.1.25 255.255.255.0

172.30.1.26 255.255.255.0

Switch 2

172.30.2.16 255.255.255.0

Two Switched Networks Two Subnets Several Collision Domains One per switch port Two Broadcast Domain

172.30.2.10 255.255.255.0 172.30.2.12 255.255.255.0 172.30.2.14 255.255.255.0

But still no data can travel between the subnets. How can we get the data to travel between the two subnets?

Another Solution: Use a Router

172.30.1.1 255.255.255.0 172.30.2.1 255.255.255.0

172.30.1.21 255.255.255.0

Switch 1

Router

172.30.1.23 255.255.255.0

172.30.1.25 255.255.255.0

172.30.1.26 255.255.255.0

Switch 2

172.30.2.16 255.255.255.0

Routed Networks Two Subnets Several Collision Domains One per switch port Communication between subnets

172.30.2.10 255.255.255.0 172.30.2.12 255.255.255.0 172.30.2.14 255.255.255.0

Two separate broadcast domains, because the router will not forward the layer 2 broadcasts such as ARP Requests.

Switches with multiple subnets

So far this should have been a review. Lets see what happens when we have two subnets on a single switch and we want to route between the two subnets.

Router-on-a-stick or One-Arm-Router (OAR)

interface e 0 ip address 172.30.1.1 255.255.255.0 ip address 172.30.2.1 255.255.255.0 secondary

Router

172.30.1.1 172.30.2.1 sec 255.255.255.0

ARP Request
Secondary addresses can be used when the router does not support sub-interfaces which will be discussed later.

172.30.1.21 255.255.255.0

Switch 1
172.30.2.12 255.255.255.0

Routed Networks Two Subnets Communication between subnets When a single interface is used to route between subnets or networks, this is know as a router-on-a-stick. To assign multiple ip addresses to the same interface, secondary addresses or subinterfaces are used.

172.30.2.10 255.255.255.0

172.30.1.23 255.255.255.0

Router-on-a-stick or One-Arm-Router (OAR)

interface e 0 ip address 172.30.1.1 255.255.255.0 ip address 172.30.2.1 255.255.255.0 secondary

Router

172.30.1.1 172.30.2.1 sec 255.255.255.0

172.30.1.21 255.255.255.0

Switch 1
172.30.2.12 255.255.255.0

Routed Networks Advantages Two Subnets Communication between subnets Useful when there are limited Ethernet interfaces on the router.
Disadvantage Because a single link is used to connect multiple subnets, one link is having to carry the traffic for multiple subnets. Be sure this is link can handle the traffic.

172.30.2.10 255.255.255.0

172.30.1.23 255.255.255.0

Router-on-a-stick or One-Arm-Router (OAR)

interface e 0 ip address 172.30.1.1 255.255.255.0 ip address 172.30.2.1 255.255.255.0 secondary

Router

172.30.1.1 172.30.2.1 sec 255.255.255.0

ARP Request

172.30.1.21 255.255.255.0

Switch 1
172.30.2.12 255.255.255.0

Routed Networks Two Subnets Communication between subnets

172.30.2.10 255.255.255.0

172.30.1.23 255.255.255.0

Still the same problem of the switch forwarding broadcast traffic to all devices on all subnets.

Router-on-a-stick or One-Arm-Router (OAR)

interface e 0 ip address 172.30.1.1 255.255.255.0 ip address 172.30.2.1 255.255.255.0 secondary

Router

172.30.1.1 172.30.2.1 sec 255.255.255.0

172.30.1.21 255.255.255.0

Switch 1
172.30.2.12 255.255.255.0

Routed Networks Two Subnets Communication between subnets

172.30.2.10 255.255.255.0

172.30.1.23 255.255.255.0

Remember to have the proper default gateway set for each host. 172.30.1.0 hosts - default gateway is 172.30.1.1 172.30.2.0 hosts - default gateway is 172.30.2.1

Interface for each subnet

172.30.1.1 E0 255.255.255.0

E1 172.30.2.1

Router

255.255.255.0

172.30.1.21 255.255.255.0

Switch 1
172.30.2.12 255.255.255.0

Routed Networks Two Subnets Communication between subnets

172.30.2.10 255.255.255.0

172.30.1.23 255.255.255.0

An Ethernet router interface per subnet may be used instead of one. However this may be difficult if you do not have enough Ethernet ports
on your router.

Still one broadcast domain

172.30.1.1 255.255.255.0

Router

172.30.2.1 255.255.255.0

ARP Request

172.30.1.21 255.255.255.0

Switch 1
172.30.2.12 255.255.255.0

Routed Networks Two Subnets Communication between subnets

172.30.2.10 255.255.255.0

172.30.1.23 255.255.255.0

Still the same problem of the switch forwarding broadcast traffic to all devices on all subnets.

Introducing VLANs

VLAN = Subnet VLANs create separate broadcast domains within the switch. Routers are needed to pass information between different VLANs This is only an introduction, as we will discuss VLANs and Inter-VLAN Routing in later chapters.

Layer 2 Broadcast Segmentation

Switch Port: VLAN ID
ARP Request

172.30.1.21 255.255.255.0 VLAN 1

Switch 1
172.30.2.12 255.255.255.0 VLAN 2

172.30.2.10 255.255.255.0 VLAN 2

172.30.1.23 255.255.255.0 VLAN 1

1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN

Two VLANs Two Subnets

An ARP Request from 172.30.1.21 for 172.30.1.23 will only be seen by

hosts on that VLAN. The switch will flood broadcast traffic out only those ports belonging to that particular VLAN, in this case VLAN 1.

Layer 2 Broadcast Segmentation

1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN
Port-centric VLAN Switches As the Network Administrator, it is your job to assign switch ports to the proper VLAN. This assignment is only done at the switch and not at the host. Note: The following diagrams show the VLAN below the host, but it is actually assigned on the switch.

Without VLANs No Broadcast Control

ARP Request

172.30.1.21 255.255.255.0

Switch 1
172.30.2.12 255.255.255.0

172.30.2.10 255.255.255.0

172.30.1.23 255.255.255.0

No VLANs Same as a single VLAN Two Subnets

Without VLANs, the ARP Request would be seen by all hosts. Again, consuming unnecessary network bandwidth and host processing
cycles.

With VLANs Broadcast Control

Switch Port: VLAN ID
ARP Request

172.30.1.21 255.255.255.0 VLAN 1

Switch 1
172.30.2.12 255.255.255.0 VLAN 2

172.30.2.10 255.255.255.0 VLAN 2

172.30.1.23 255.255.255.0 VLAN 1

1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN

Two VLANs Two Subnets

Inter-VLAN Traffic
Switch Port: VLAN ID

172.30.1.21 255.255.255.0 VLAN 1

Switch 1
172.30.2.12 255.255.255.0 VLAN 2

172.30.2.10 255.255.255.0 VLAN 2

172.30.1.23 255.255.255.0 VLAN 1

1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN

Two VLANs 1. Remember that VLAN IDs (numbers) are assigned to the switch port and not to the host. (Port-centric VLAN switches) Two Subnets 2. Be sure to have all of the hosts on the same subnet belong to the same VLAN, or you will have problems. Hosts on subnet 172.30.1.0/24 - VLAN 1 Hosts on subnet 172.30.2.0/24 - VLAN 2 etc.

Inter-VLAN Traffic
Switch Port: VLAN ID
To 172.30.2.12

172.30.1.21 255.255.255.0 VLAN 1

Switch 1
172.30.2.12 255.255.255.0 VLAN 2

172.30.2.10 255.255.255.0 VLAN 2

172.30.1.23 255.255.255.0 VLAN 1

1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN

Two VLANs Two Subnets

A switch cannot route data between different VLANs. Note: The host will not even send the Packet unless it has a default gateway to forward it to.

Inter-VLAN Routing needs a Router

172.30.1.1 255.255.255.0 (VLAN 1) 172.30.2.1 255.255.255.0 (VLAN 2)

Router

1 2 3 4 5 6 . Port 1 2 1 2 2 1 . VLAN

A router is need to route traffic between VLANs (VLAN = Subnet). There are various methods of doing this including Router-on-a-stick with
trunking (more than one VLAN on the link). This will be discussed later when we get to the chapter on VLANs and Inter-VLAN Routing.

Ch. 4 Switching Concepts

CCNA 3 version 3.0