CCNA 3 – LAN Switching and Wireless – Basic Switch Concepts and Configuration

After understanding how to design a LAN, we’ll now be studying the basic concepts and configuration of a network switch.

As a review, a switch basically connects multiple network segments. Switch forwards packets to destination hosts.

There are 2 forwarding methods of a switch:

  • Store and Forward (current models use this) – the switch receives the entire frame. It stores the data in buffers until it gets the complete frame. The switch then performs CRC check (checking trailer info – CRC for errors). If the packet has changed during transmission, CRC info on the trailer won’t be the same as it was when the frame left the source interface. This is efficient but latency and bandwidth is increased because of the error checking feature.
  • Cut Through – the switch receives the frame, before receiving the entire frame, when header info is already available, the switch reads the destination mac address, looks it up at the mac address table and sends it out to the destination port. No error checking is performed. This is fast, latency decreases but reliability isn’t that much. And when destination NICs receive invalid frame, they discard them…Cut Through has 2 sub methods:
    • Fast Forward – this produces the lowest latency. When a switch receives a frame, it immediately reads the destination address and forwards the data, no nothing else is checked.
    • Fragment Free – this is a compromise between store and forward and cut through. The switch receives the data and stores the first 64 bytes before forwarding. Most errors and collisions occur during the first 64 bytes, so switch performs a small error check to ensure that no collision had occurred before forwarding frame.

Symmetric and Asymmetric Switching

Asymmetric switching enables a switch to provide different bandwidth speeds per switch port. Requires memory buffer. The switch keeps the data in buffer and forwards to the ports after the other.

Symmetric switching provides same bandwidth to all ports.

Most of the current switches are assymetric because they’re more flexible.

Memory Buffering

An ethernet switch may buffer data before forwarding them. This ‘buffering’ may also be used when the destination port is busy due to congestion. The switch stores the data in memory before transmitting them – thus, is called, memory buffering.

Memory buffering is built into the switch’s hardware and is not configurable other than upgrading or increasing the amount of memory available.

There are 2 methods of memory buffering:

Port Based Memory Buffering – Frames are lined up in queues linked to their destination ports. A frame only gets transmitted when the queue ahead of it, clears up. The easiest example I can think of, say frames are lined up on the incoming port, frames that are destined to different ports. If the first frame on queue is waiting for its destination port to be available before it gets transmitted, the rest of the frames on the queue, will also have to wait, before they get transmitted to their own destination ports, regardless if their destination ports are available.

Shared Memory Buffering – The switch uses one common memory buffer where data from all incoming and outgoing ports are stored. All ports share the same memory buffer. This is important for Asymmetric switches where frames are exchanged between different rate ports.

Layer 2 and Layer 3 Switching

Layer 2 switches perform switching based on (Layer 2) Mac addresses.

Layer 3 switches perform switching based on Layer 2 MAC addresses and Layer 3 IP Address. These switches have the functions of a layer 2 and special layer 3 functions, including routing. Compared to Layer 2, Layer 3 switches can associate IP addresses with their own interfaces. These switches can separate broadcast domains, like a router, however, they do not completely replace the need for routers on a network.

Command Line Interface Modes

This is a review of changing modes on a CLI. This was already discussed on the Network Fundamentals.. but here goes…

switch>
(this indicates you are on the User EXEC mode, you can access limited commands)
by typing “enable”, you are entering priviledged EXEC mode
switch>enable
switch#
(indicated by a # pound sign, priv EXEC mode gives you access to all commands and can be password protected to allow access only to authorized users)

Aside from CLI, there is another way to manage and configure a switch, that’s the GUI way. See below for examples of GUI

Cisco Network Assistant
CiscoView Application
Cisco Device Manager
SNMP Network Management

Using the Help Facility

Word-Help – if you forgot a command but can remember the first few characters, enter the character sequence that you remember and type “?” without a space in between – this will show you the list of commands that start with the character sequence provided. Example below:

switch#cl?
clear clock

Both “clear” and “clock” start with CL

Command Syntax Help – if you know the command but don’t know the syntax to apply it, type “?” preceded by a space to view the available commands or parameters to complete the line and execute

span style=”text-decoration: underline;”>Console Error Messages

See below common error messages that you get while on CLI, what they indicate and how to get help:

switch#cl
% Ambiguous command:  ”cl”

This means, you have not entered enough characters for your device to determine or recognize the command. In this example, “cl” can mean “clear” or “clock” so your device is confused. :p Type “?” after the last character to know which commands are available.

switch#clock
% Incomplete command.

This means, you have not entered all the commands, values or parameters required to complete the command. Type “?” preceded by a space to know what parameters are required.

switch#clock set aa:12:23
                  ^
% Invalid input detected at ‘^’ marker.

This means you have entered an invalid value where the caret “^” points to. Type “?” preceded by a space before the parameter to know the details as to what type of value is required, and it what format.

Accessing Command History

Cisco switches, by default, has a “Command History” enabled of up to 10 lines. It’s a history or record of commands used on a specific mode. Type “show history” to see what commands have been entered/saved on the command history buffer.

To disable the command history:
switch#terminal no history
To enable the command history:
switch#terminal history
To edit the size of the history buffer (enter maximum lines that can be saved on history – 0 to 256 only):
switch#terminal history size 50
To reset the size of history
switch#terminal no history size

Switch Boot Sequence

  1. switch loads the boot loader software from the NVRAM
    1. Boot Loader performs low-level CPU initialization
    2. performs POST (Power on Self Test) for the CPU subsystem
    3. Initializes the flash file system on the system board
    4. loads default OS software image into memory and boots the switch
  2. OS runs using the config.text file which is stored in the switch flash storage

The boot loader can help you recover from an OS crash:

  • provides access to the switch if the OS has problems serious enough that it can’t be used
  • provides access to the files on flash before the OS is loaded
  • boot loader commands help you perform recovery operations

If the POST fails, the SYS LED light on the switch turns AMBER and means the switch needs to be repaired. During initial configuration or troubleshooting possible switch issues, attach a terminal to the switch or a terminal emulator (like Hyper terminal on a PC) to see the boot up process on the screen.

Basic Switch Configuration

Management Interface. Layer 2 switches can still be managed via IP address (for access methods like telnet or SSH). This is important if you are accessing the switch remotely. To do this:

  • enable a vlan to handle the layer 3 IP
  • default vlan used for cisco switches, is vlan 1. Although this doesn’t mean that you have to use vlan 1. For security reasons, and more, it’s strongly advised to use a different vlan for management use.
  • from the config mode, enter interface vlan config mode (treat as interface) and add the ip address and subnet mask.
  • then, by typing “no shut”, activate the interface
  • go back to global config mode to add a default gateway

Note: Layer 2 switches only allow one vlan to be active at a time. This means, if you use another vlan for management and not the default vlan1, vlan1 would then be inactive.

MDIX

Connection between like and unlike devices require different types of cables, like crossover and straight through. MDIX makes it possible for a switch to auto adjust the interface and make it work with what type of cable is plugged in, regardless if it’s a certain type or not.

Say, you plug a switch to another switch using a straight through cable. This shouldn’t work. But with MDIX enabled on the port interfacing with the other switch, this will work – but then speed and duplex will have to be auto. Also found this helpful link (a scenario where knowledge of MDIX applies):

http://cciepursuit.wordpress.com/2007/07/08/switch-cabling-and-auto-mdix/

Configure Speed/Duplex on a switch interface

Easy…

switch(config-if)#duplex auto
switch(config-if)#speed auto

Enabling Web interface access to the switch

This is interesting…

S1(config)#ip http server
you have to enable authentication
S1(config)#ip http authentication enable
“enable” here means to let the switch use the enable password as authentication on the web gui. There can be other options too:

  • TACACS server – which is what we use at work (normally large enterprise networks)
  • Local - Local user database, as defined on the Cisco router or access server, is used. 

Managing Mac address table

As we have previously known, switches dynamically learn mac addresses that make up the mac address table. addresses on the table age up to 300 seconds (default) and get removed. This is adjustible though.

It is also possible to add a static mac address (security reasons and other stuff) see below how:

To create a static mapping in the MAC address table, use the command below:
mac-address-table static <MAC address> vlan {1-4096, ALL} interface interface-id 

To remove a static mapping in the MAC address table, use the command below:
no mac-address-table static <MAC address> vlan {1-4096, ALL} interface interface-id 

Mac address table max size varies. Cisco Catalyst 2960 can store up to 8192 macs.

Basic Switch Management

This is basically saving config, backing up and restore. There are 2 ways to save and restore config.

  1. Local – saving config and restoring from the switch’s nvram
  2. TFTP server – Cisco switches come with a tftp client. If you wish to save your config to a remote network, it is possible via a tftp server. See below how:

switch#copy system:running-config tftp:[[[//location]/directory]/filename] 

another example:

switch#copy system:running-config tftp://172.16.2.11/directory/filename

Configuring Switch Security

Network security is a broad subject. But don’t get your hopes up. I’m only going to talk about basic switch security here.

A switch lets you secure its ports. This is done via configuring the port to allow only one mac address, or a group of mac addresses and setting port behavior when violation is noticed. This behavior can be error logging, sending notification to admin or shutting down the port.

The switch itself can also be secured by enabling login authentication. This includes adding a “enable password” which we have already talked about. Of course, there’s the “enable secret” – saves the enable password in an encrypted format on the config file.

On the next topic, we’ll talk about VLANs. Interesting…

0saves
If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

Leave a comment

Your email address will not be published. Required fields are marked *

CommentLuv badge

Notify me of followup comments via e-mail. You can also subscribe without commenting.