Project Main Details
Part 1: Introduction to SWITCH
Welcome to the LearnSmart audio lecture series for Cisco “SWITCH” exam, number 642-813, Implementing Cisco IP Switched Networks. This training will review the essential knowledge and skills necessary to plan, configure and verify the implementation of complex enterprise switching solutions using Cisco’s Campus Enterprise Architecture. And building a technical knowledge foundation by understanding concepts is an important step toward certification. Pass the first time with LearnSmart audio.
This CD contains concept lecture tracks on the following topics:
Implement VLAN-based solution, given a network design and a set of requirements.
Implement a Security Extension of a Layer 2 solution, given a network design and a set of requirements.
Implement a security extension of a Layer 2 solution, given a network design and a set of requirements.
Implement switch-based Layer 3 services, given a network design and a set of requirements.
Prepare infrastructure to support advanced services.
Implement high-availability, given a network design and a set of requirements.
Chapter 2: Implement VLAN-based Solution
Part 1: Switch Operation
This is Domain 1. Implement VLAN-based solution, given a network design and a set of requirements.
A basic switch is a network device that operates in layer 2 of the OSI model. However, switches have evolved dramatically in the past few years, and many new models now come with Multilayer Switch capabilities. A switch breaks up collision domains, which are physical network segments where data frames can “collide” when they are transmitted at the same time. The Carrier Sense Multiple Access Collision Detect is used to prevent collisions on an Ethernet network. Before an Ethernet host begins to transmit, it listens for the presence of other transmissions. If no other transmissions are detected, then this host will begin transmitting its own data. If another host happens to transmit at the same time, a collision occurs and a backoff timer is automatically set for a random period of time for every host that's involved in the collision. When the timer expires the host listens, and if the medium is available it transmits again.
Every port on a switch is a separate collision domain. This means that two hosts connected to different switch ports don’t have to share the bandwidth of the medium as they have to when connected to hubs.
The main functions of a switch are address learning, making forward and filter decisions, and loop avoidance.
Hosts can operate in full duplex mode, meaning they can talk and listen at the same time. If the host is not able to operate in full duplex mode, the switch can communicate in half duplex mode where the switch and host can only send or receive data at any given time.
Each access port offers dedicated bandwidth to the host or group of hosts connected to it.
Uplink ports to other switches can be trunked to send data from multiple hosts and multiple VLANs.
Errors in frames are not propagated because every frame received in a port is inspected for errors. If the switch finds errors the frame is discarded.
Other types of layer 2 filtering based advanced features are possible. This includes things such as Quality of Service and Class of Service.
Part 2: Address Learning and Forward/Filter Decisions
Unlike hubs, switches maintain a table of MAC address to IP address mappings in a Content Addressable Memory, or CAM table. Forwarding decisions of a layer 2 switch are exclusively based in the destination MAC Address of the incoming frame. The switch looks for the MAC address in the CAM table and forwards the frame out the port associated with it. If it doesn’t find an entry for the destination MAC address, the switch floods the frame out all ports associated with the VLAN of the frame that was received, excluding the port where the frame was received. This is called "unknown unicast flooding". Similarly, broadcast and multicast frames are also flooded.
Loop Avoidance is the mechanism by which switches prevent a frame from taking more than one path to a destination. If a loop forms, the flooded frame would end up being replicated and retransmitted over and over in the looped path, creating a real mess in our networks. The Spanning Tree Protocol was developed to prevent switching loops from happening. STP is an extremely important and incredibly powerful protocol.
Part 3: Switching Tables
Besides the CAM table, more advanced switches utilize several other tables for the switching process. The tables are designed for either Layer 2 or multi-layer switching. They are maintained in very fast memory in order to be able to check several fields in the tables at the same time.
Content-Addressable Memory is also known as either the MAC Address Table or the Forward Table. It is used to register and associate a MAC address with a specific port on which the device or devices are last known to reside. When a frame is received in a port, the source MAC address, the VLAN ID and the time stamp is associated with the port that received the frame. When a host moves to another port, the CAM table will be updated with the new entry, with the corresponding time stamp. After an established period of time, the older entry will be deleted. If a frame is received and the source address is already in the CAM table, only the time stamp will be updated. To deal with the size of the CAM tables and also to optimize resources, if a switch doesn’t hear from a host after a period of time, its CAM entry will be deleted. By default, this period is 300 seconds. But, this can be changed with the "MAC address-table aging-time" command, followed by the number of desired seconds.
You can also configure static CAM table entries with the "MAC address-table static MAC-address" command, followed by the VLAN ID number, the interface designator, and the desired protocol.
When a switch detects a MAC address that is already registered as belonging to another port, the switch purges the old record. This is a correct procedure, because MAC addresses are unique and shouldn’t be available on more than one port. If the switch detects that a MAC address has been learned in alternating ports, an error message is generated and the address is flagged as flapping between interfaces. There are several causes for this and we will see the mechanism to prevent it in the Spanning Tree Protocol section.
Ternary Content-Addressable Memory, or TCAM, is a table that is implemented in hardware. It allows a multilayer switch, or MLS, to match all ACLs for security and QoS features. Most switches have several TCAMs in order to be able to match all inbound and outbound security and QoS ACLs in a single lookup, with the resulting Layer 2 or Layer 3 forwarding decision. The Cisco Catalyst Switch has two components of TCAM operation:
The Feature Manager, or FM, compiles the Access Control Entities into the TCAM table. Access Control Entities consist of the Access Control List statements. At this point the TCAM can be consulted at wire speed, and can forward packets at wire speed.
The Switching Database Manager, or SDM, is used to partition and tune the TCAM partitions. Some switches don’t allow this function.
Besides the table-lookup operation, the TCAM is also designed to allow a more granular, abstract operation. This feature is provided by a ternary combination that is defined by two binary values and a mask value.
Entries in the TCAM consist of Value, Mask and, Result, or VMR, combinations. Certain fields within the frame or packet header, such as MAC address, IP address, TCP port, or UDP port, are matched to the TCAM value and mask. This yields a result that is used for the forwarding decision.
In essence the TCAM is organized by masks. After a mask is matched, there are eight values used for security and QoS considerations. These values and mask pairs can be evaluated simultaneously with the use of specialized hardware to produce a result and the final forwarding decision. The quantity of masks that can be compiled into the TCAM varies in different equipment, but the values are always eight per mask.
The TCAM is a hardware chip that has a limited amount of memory for table entries. Therefore, there are instances where it overflows. This generates a log error message to alert the network administrator. This can result in some packets being forwarded via the CPU, which means the “wire speed” provided by the specialized ASIC hardware will not be achieved for those packets or frames. In other words, it will slow down the forwarding of packets.
The TCAM is organized by masks, and each unique mask has eight value patterns associated with it. The value patterns are 134 bits long and consist of source addresses, destination addresses, and other information that is relevant to the layer 2 or 3 protocol in use. The value patterns also contain the ACL type that is being compiled to the TCAM.
There are several commands that allow us to inspect the contents of the different switching tables.
One reason to check the CAM table would be to find out about the location of an end device, using its MAC address. To do this, enter EXEC mode and issue the "show MAC address-table dynamic" command. This command is useful when you need to detect if a host has Layer 2 connectivity to an uplink switch.
If you need to know what MAC addresses have been learned on certain ports, enter EXEC mode and issue the "show MAC address-table dynamic" command. As with the previous command, this can be used to see the host or list of hosts that have been learned for a port. A common use is to track host associations of wireless clients using APs that are connected to certain switch ports.
As your network grows it might become necessary to know how many hosts are connected to a certain switch. You can find this information with the "show MAC address-table count" command.
CAM table entries can be deleted manually with the "clear MAC address-table dynamic" command. You would clear out the CAM entry to allow new MAC addresses to be learned immediately. Waiting for the entry to age out could sometimes be unacceptable because of the need to connect a new host and provide connectivity immediately. This is especially true when changing switch ports of a heavily used server.
There is no need to configure TCAM tables, because they are automatically populated with Access Control Entries as you create Access Control Lists. The only important consideration is that as your network grows and you implement QoS and security features, the TCAM tables might eventually overflow. When this happens, a log message is generated and the overflow is flagged. If the TCAM does overflow, the ACL will get processed by the CPU. This means that the packet won’t be forwarded at wire speed via the use of Application Specific Integrated Circuits, or ASICs.
When a switch receives a frame in one of its ports, it places the frame in one of the port’s ingress queues. At this point, the switch needs to decide where to forward the frame, whether or not to forward the frame, and how to forward the frame. All decisions are made simultaneously using different portions of the switch hardware. The switch needs to find the egress port, and examine the forwarding policies concerning Quality of Service and security. Here is a description of the three separate mechanisms in charge of each decision:
The Layer 2 forwarding table. The frame’s destination MAC address is looked up in the CAM table. If it is found, the frame will be sent to the appropriate egress port with its VLAN ID. If it is not found, the frame will be flooded out all ports of the VLAN on which it was received, except for the port on which it was received.
Security ACLs. These are compiled into the TCAM and are used by the switch hardware to identify and make decisions based on the IP address, the MAC address, the protocol types, and layer 4 port numbers.
QoS ACLs. These ACLs contain markings, or QoS parameters, that define and police the traffic flow. The idea is to give specific traffic, such as voice and video, priority over other data flows that are more resistant to network delays. These ACLs also contain information used to mark outbound frames. Multilayer switches have dedicated hardware for this operation. This provides the ability to process frames simultaneously, in parallel, and at wire speed.
The egress queues are serviced based on the priority that was assigned by the network administrator. These priorities are based on the time criticality of the communication type.
Voice123 Team Comments
Voice123 consultations with this voice seeker regarding this project and/or other projects by this voice seeker, via phone, chat, and/or email.
This project - phone.
Previous projects - phone.
This project - email or chat.
Previous projects - email or chat.
Corporate web site for this voice-seeker confirmed by Voice123
Note: Voice123 strives to establish the legitimacy of all projects posted. However, Voice123 subscribers and users are responsible for confirming information stated by prospective voice seekers, agents and/or clients. Voice123 subscribers and users assume all liability for use of any information found through Voice123, or any of its publications.
This page contains the most important details of this project. If you find the information on this project inaccurate or inappropriate, please let us know by contacting us.