Data Communication

and
Network Management

Lecture
Switching

Outline

Switch vs. Bridge

Functions of a Switch
Finding the MAC address of a web server
Finding the MAC address of a web server when
there is a switch in the network
Internal Switching Paths
Port Security
Secure MAC Addresses

Switch vs. Bridge

Switches and Bridges are both Layer 2 devices (Data Link Layer )

Packet forwarding in Bridges are performed using software while

in Switches it is performed using ASICs (Application Specific
Integrated Circuits).

Switches operate comparatively higher speeds that Bridges.

Method of switching of a Bridge is store and forward while in a

switch it can be store and forward, cut-through or fragment-free.

A switch has more ports than a Bridge.

Bridges can operate only in half duplex mode, but a Switch can
operate both in half duplex or full duplex mode.

Functions of a Switch

Address Learning

Forward / Filter Decisions

Loop Avoidance

Address Learning

Address Learning
Cont.

Address Learning
cont.

Forward / Filter Decisions

Cont.

Loop Avoidance

If

multiple

connections

between

switches

are

created for redundancy purposes, network loops

can occur

Spanning Tree Protocol (STP) is used to stop

network loops while still permitting redundancy

Internal Switching
Paths

Port Security

Port security feature can be used to restrict input to an interface by

limiting and identifying MAC addresses of the workstations that are
allowed to access the port.

When you assign secure MAC addresses to a secure port, the port does
not forward packets with source addresses outside the group of
defined addresses.

Port Security

Cont.

Limits the number of MAC addresses associated with a port

- Limits number of sources that can forward frames into that switch port

Port Security

Cont.

Restrict port Ethernet 0/1 so that only three MAC

addresses can be learned on the port

Port Security

Cont.

Secure MAC Address

Types

Static secure MAC addresses

Dynamic secure MAC addresses

Static Secure MAC

Addresses

Statically configured on a switch port and stored in an

address table and in the running configuration.

Dynamic Secure MAC Addresses

Learned dynamically from traffic that is sent through switch

port and kept only in an address table, not in running
configuration.

Address Violation

A switchport violation occurs in one of two situations:

When the maximum number of secure MAC addresses

has been reached

An address learned or configured on one secure interface

is seen on another secure interface in the same VLAN

When a port security address violation occurs, the options for

action to be taken on a port include
shutdown | restrict | protect

(The default is shutdown)

Address Violation
Cont.

ProtectWhen a violation occurs, this mode permits traffic from

known MAC addresses to continue to be forwarded while dropping
traffic from unknown MAC addresses and no notification action is
taken.

RestrictWhen a violation occurs, this mode permits traffic from

known MAC addresses to continue to be forwarded while dropping
traffic from unknown MAC addresses, syslog message is logged, SNMP
trap is sent

ShutdownThis mode is the default violation mode and when a

violation occurs, switch will automatically force the switchport into a
disabled state and forwards no traffic.

Address Violation Configurations

Address Violation Configurations

Cont.