Early LANs and Broadcasts
The first Local Area Networks (LANs) were fairly small and
required few network devices to provide basic connectivity. They were built
around broadcast domains, with all devices sharing the same network access in a
flat network, and all packets visible to every device on the network. Early on
it was seen that broadcast congestion was a major impediment to growth because
this would limit the number of devices that could share the network.
Just think “broadcasts bad”. Broadcasts take up
bandwidth, and worse yet, every device that can hear it must interrupt its other
work to process it. Adding more devices to a flat network results in more
broadcasts, less bandwidth available to other purposes, and more interruptions
for end-devices to process.
When the network became saturated, a bridge, or what we would
today call a two-port store-and-forward switch, would be installed. Bridges
flood broadcasts, multicasts, and unknown unicasts to all segments; all the
bridged segments together form a single broadcast domain. The primary
advantage to bridges is that they do keep user traffic isolated and allow more
hosts to be added to the network by reducing the size of the collision
Layer-2 switches are micro-segmentation devices (a review of the
OSI model is available at the end of this document). In other words, you can
think of them as bridges with dozens of ports. I’ve heard it said
jokingly that the only reason they named them switches was because if they
called them a bridge, they’d never sell any. Because switches facilitated
the move away from shared media for end-devices, they have the affect of
increasing available bandwidth without adding additional complexity. The packets
do not need to be modified when data is passed between devices on the same VLAN
(Virtual Local Area Network). This allows data to travel at wire-speed through
the switched network fabric.
One of the problems in a bridged or switched environment is
containing broadcasts, which, since these devices work at layer-2, are forwarded
to all ports. VLANs are a technology created to address this issue. Each port
on a switch can be configured to be part of a specific VLAN, which can be
thought of as a subnet. These represent a broadcast domain defined by a set of
ports; and some form of layer-3 device, such as a router, is required to move
traffic between them.
The now out-of-date 80/20 rule refers to the goal of keeping 80%
of the traffic on a network segment bound for a local destination (peer-to-peer
and workgroup servers), and that no more than 20% of the network traffic should
be directed across the backbone. Under this older design principle, workgroup
servers would be deployed as the primary target of local workstations, allowing
most of the traffic to be contained within the local subnet. This was done to
conserve valuable bandwidth when media was shared and bandwidth was extremely
The philosophy of network design has been reversed in the last
few years, and this is reflected in the new 20/80 rule, which has the bulk of
traffic directed at shared resources on the core layer of the Cisco Hierarchical
Model. These design principles have 80% of the traffic routed off the local
domain, usually to the core, and 20% (I would say, probably significantly less
than that) is kept within the same broadcast domain. This has driven the
improvement in layer-3 device performance.
Because bridges limit collision domains, but not broadcast
domains, routing was introduced on the LAN to provide control, and to actually
segment the network into separate entities limiting the effect of broadcast
traffic. This was an important step in the evolution of the LAN, but it must be
remembered that router ports are expensive, both in pure dollars and in
Routing, which occurs at layer-3, is much more complex than
bridges and switches because packets must be ripped apart and reassembled as
they pass through the router. This activity is CPU intensive. Routers do allow
a great deal of control over data through the use of access lists, static routes
and dynamic routing protocols.
The diameter of a network is the number of router hops
from any one device to another. Cisco recommends having a consistent
diameter. Their way of achieving this is through the use of the Hierarchical
Design Model (if you are unfamiliar with the HDM, it is defined at the end of
Those who have worked on Cisco routers in the past will be
comfortable with the Cat1900/2820 and 2900XL series access switches. The
command nomenclature is familiar and, other then a few new commands, the same
The Cat5000/6000/6500 series of switches use a different style
of CLI, which is based on the Unix csh or c-shell prompt. This is commonly
called the Set-based CLI, since this is one of the three commands used on these
devices. They are:
- Set – Implements configuration changes
- Show – Verifies and
provides information on the configuration
- Clear – Removes
A VLAN is an extended logical network that is configured
independent of the physical network layout. Each port on a switch can be defined
to join whatever VLAN suits the Network Architect’s plans. Since each
VLAN is a separate broadcast domain, routing must be enabled between them if
data is to be passed.
- Switches are used in VLANs to act as entry points for end-station devices
into the switched fabric, and to provide flexibility in configuring group users,
ports, or logical addresses and to make filtering and forwarding decisions.
- Most VLANs use frame filtering (frame tagging) to examine particular
information about each frame based on user-defined offsets, and uniquely assign
a user-defined ID to each frame header.
- Each hub segment connected to a
switch port can be assigned to only one VLAN.
- VLAN ports on a switch can be
assigned statically using a VLAN management application or by working directly
within the switch. A more convenient approach, Dynamic VLANs, are ports on a
switch that can automatically determine their VLAN
Assign Ports to a VLAN on a Set-Based Switch
Switch (enable) set vlan vlan-number module/port
Example: Port 6, on module 4 needs to be assigned to VLAN 3.
Keep in mind that you can assign several ports at once by using wildcards, such
as “4/1-12” for the first twelve ports on module 4.
Switch (enable) set vlan 3 4/6
Assign Ports to a VLAN on an IOS-Based Switch:
Switch(config-if)# switchport mode access
Defines the VLAN
membership mode for the port
Switch(config-if)# switchport access vlan 6
Assign the port
to VLAN 6
Verify Port VLAN Status on an IOS-Based Switch
show interface interface-id switchport
Verify Port VLAN Status on a Set-Based Switch
Switch (enable) show vlan
Switch (enable) show port
A point-to-point link configured on a single Fast-Ethernet,
Gigabit Ethernet, or Fast- or Gigabit EtherChannel bundle and another network
device, such as a router or second switch. Trunks transport the packets of
multiple VLANs over a single network link.
The available trunking encapsulation types for Ethernet are:
- Inter-Switch Link (ISL) - a Cisco-proprietary trunking encapsulation that
adds a 26-byte header and 4-byte trailer to the frame.
- IEEE 802.1Q
(dot1q)- an industry-standard trunking encapsulation that does not change the
size of the frame. Because multiple vendors support dot1q, it is becoming more
common in newer switched networks.
- Negotiate - The port negotiates with its
neighbor port to mirror its encapsulation configuration, either ISL (preferred)
or 802.1Q trunk. This configuration option is only available in switch software
release 4.2 and later.
There are five trunking modes:
- On - Forces the port to become a trunk port, even if the neighboring port
does not agree to the change.
- Off – Forces the port to become
non-trunking, even if the neighboring port does not agree to the
- Desirable - Causes the port to actively seek to convert the link to
a trunk. The port becomes trunked if the neighboring port is set to either
“on”, “desirable”, or “auto” modes.
- Makes the port available to serve as a trunk link. The port becomes a trunk
port if the neighboring port is set to either “on” or
“desirable” modes. This is the default mode for both Fast- and
Gigabit Ethernet ports.
- Nonegotiate - Puts the port into permanent trunking
mode but the neighboring port must be manually configured as a trunk port in
order to establish a trunk.
- For trunking to be auto-negotiated on Fast Ethernet and Gigabit Ethernet
ports, the ports must be in the same VTP domain.
- Not all switches support
all encapsulation methods; for instance the Cat2948G and Cat4000 series switches
support only 802.1Q encapsulation. In order to determine whether a switch
supports trunking, and what trunking encapsulations are supported, look to the
hardware documentation or use the "show port capabilities" command.
trunking to be enabled on EtherChannel bundles the speed and duplex settings
must be configured the same on all links. If part of an EtherChannel bundle
fails, traffic will still be passed, but at a slower
The command to enable trunking on a SET based switch is:
Switch (enable) set trunk module/port
on|desirable|auto|off|nonegotiate [vlan-numbers] [isl|dot1q]
The command to disable trunking on a SET based switch is:
Switch (enable) clear trunk module/port vlan-numbers
The command to verify trunking status on a SET based switch
Switch (enable) show trunk [module/port]
The command to enable trunking on a 2900XL is:
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation isl|dot1q
The command to verify trunking on a 2900XL is:
Switch# show interface
The command to enable trunking on a Cat1900/2820 is:
Switch(config-if)# trunk [on|off|desirable|auto|nonegotiate]
The command to verify trunking on a Cat1900/2820 is:
Switch# show trunk
Spanning Tree Protocol (STP)
When multiple bridges or switches are installed, the possibility
of loops forming and causing broadcast storms is a significant concern. A
layer-2 loop occurs when a frame is transmitted from an end-device and detected
by two different bridges or switches. These switches populate their address
tables with the MAC address from the source address of the frame. Once their
table is updated they forward the frame to the second segment, and then pick up
the same MAC address from the other switch, feeding each other back the same
information repeatedly. In other words, multi-active paths between stations
create loops in the network, causing hosts to receive redundant messages and
forcing switches to learn duplicate host MAC addresses from multiple ports.
The Spanning Tree Protocol (STP) was developed
to prevent loops in the network and to route around failed elements. It is
a link management protocol that provides path redundancy and prevents
undesirable loops in the network. The Spanning Tree Algorithm (STA) calculates
the best loop-free path throughout a switched network - switches send and
receive spanning-tree frames at regular intervals, using them to construct a
loop-free path, and forcing redundant data paths into a standby (blocked) state.
All this is done in a way that is transparent operationally to the network
hosts. The election of root bridges is performed through an exchange of data
messages called Bridge Protocol Data Units (BPDUs). STP can be manually disabled
on a per-VLAN or a global basis.
The following are characteristics of the STP
- Where redundant links exist, any but the one with the least distance from
the root switch are blocked.
- STP convergence can take upwards of 50
- Broadcast traffic within the layer-2 domain (VLAN) interrupts
- Broadcast storms within the layer-2 domain affect the whole
- Isolating problems can be time consuming.
- Network security
options within the layer-2 domain (VLAN) is limited.
STP can be configured two ways:
- Per-VLAN Spanning Tree (PVST) – A Cisco proprietary method of
connecting through 802.1Q VLAN trunks, the switches maintain one instance of the
spanning tree for each VLAN allowed on the trunk, versus non-Cisco 802.1Q
switches which maintain one instance for ALL VLANs. This is the default STP
used on ISL trunks. Since each VLAN has its own instance of STP, there is more
granular control of the path selection process, and fewer sub-optimal paths may
be invoked. Because the size of the STP topology is reduced, this can have the
effect of reducing convergence time and increasing scalability and stability.
- Common Spanning Tree (CST) - When connecting a Cisco switch to a non-Cisco
device through an 802.1Q trunk, the Cisco switch combines the spanning-tree
instance of the 802.1Q native VLAN of the trunk with the spanning-tree instance
of the non-Cisco 802.1Q switch. The primary advantages of CST are that only one
set of BPDU’s are used; it is only necessary to track changes for a single
instance of STP, and non-Cisco switches can be added to the mesh. However, with
only one STP algorithm running, sub-optimal paths are more likely to be selected
than under other methods. With CST, less bandwidth will be used to negotiate a
root bridge, although with only one root bridge for the entire network, it may
take longer for STP to recalculate when a change
Bridge Protocol Data Units (BPDUs) are multicast frames sent out
periodically to announce the presences, resources and recent changes of a
switch’s configuration. They:
- Propagate bridge IDs in order for the selection of the root switch to take
- Are used to determine loop locations within a network.
notification of network topology changes.
- Remove loops by placing redundant
switch ports in a backup state.
The Bridge ID defines which device will be the root bridge. It
is made up of two parts; the 2-byte priority, a default value that can be
changed by the Network Architect; and the 6-byte MAC address of the switch or
There are two factors involved in the root port selection:
- Path Cost, which is the sum of all links crossed to get to the root
- Port ID
As BPDU leaves a port, it applies the root port cost. Path Cost
is the total sum of all of the port costs, and is what STP uses to determine
which ports should forward and which ports should block. If the path cost is the
same for several ports, STP will use the lowest port ID.
- Hello timer - How often the switch broadcasts Hello messages to other
- Forward delay timer - Amount of time a port will remain in the
listening and learning states before going into the forwarding
- Maximum age timer – How long protocol information received on a
port is stored by the switch.
STP Port States
Ports on an STP domain will progress through the following
- Blocking – Listens for BPDUs from other bridges, but does not forward
them or any traffic.
- Listening – An interim state while moving from
blocking to learning. Listens for frames and detects available paths to the root
bridge, but will not collect host MAC addresses for its address
- Learning – Examines the data frames for source MAC addresses to
populate its address table, but no user data is passed.
- Forwarding –
Once the learning state is complete, the port will begin its normal function of
gathering MAC addresses and passing user data.
- Disabled – Either there
has been an equipment failure, a security issue, or the port has been disabled
by the Network Administrator.
Notes about STP Port States:
- A port in blocking state does not participate in frame forwarding - switch
always goes into blocking state immediately following switch
- When a port changes from the listening state to the learning
state it is preparing to participate in frame forwarding.
- Port in the
Forwarding state actually forwards frames (User data, BPDUs,
Root Switch Selection
Rather than allowing STP to define the root bridge, a good
Network Architect will select the switch to be the root that minimizes
unnecessarily convoluted data migrations. They will change the Spanning-tree
bridge priority from the default value (32768) to a significantly lower value,
ensuring that the switch becomes the root for the specified VLANs.
Spanning Tree Commands:
Enable spanning tree on per-VLAN or global basis:
Switch (enable) set spantree enable [vlans]
Switch (enable) set spantree enable all
Verify that spanning tree is enabled:
Switch (enable) show spantree [vlan]
Configure a switch as the root switch:
Switch (enable) set spantree root vlans [dia network_diameter]
Change the global port priority for a port:
Switch (enable) set spantree portpri mod_num/port_num
Change the port-VLAN priority for a VLAN on a switch port
Switch (enable) set spantree portvlanpri mod_num/port_num
Change the global port cost for a switch port
Switch (enable) set spantree portcost mod_num/port_num
Change the port-VLAN cost for a VLAN on a switch port
Switch (enable) set spantree portvlancost
mod_num/port_num cost cost [vlans]
Set the bridge priority for a VLAN
Switch (enable) set spantree priority bridge_priority
Set the Hello time for a VLAN
Switch (enable) set spantree hello interval [vlan]
Set the forward delay time for a VLAN
Switch (enable) set spantree fwddelay delay [vlan]
Set the maximum aging time for a VLAN
Switch (enable) set spantree maxage agingtime [vlan]
By default, all ports on a switch are assumed to have the
potential to have bridges or switches attached to them. Since each of these
ports must be included in the STP calculations, they must go through the four
different states whenever the STP algorithm runs (when a change occurs to the
Enabling PortFast on the user access ports is basically a
commitment between the Network Architect and the switch agreeing that the
specific port does not have a switch or bridge connected, and therefore this
port can be placed directly into the Forwarding state; this allows the port to
avoid being unavailable for 50 seconds while it cycles through the different
bridge states, simplifies the STP recalculation and reduces the time to
The command to enable PortFast on a SET based switch is:
Switch (enable) set spantree portfast
Switch (enable) set spantree portfast
The command to disable PortFast on a SET based switch is:
Switch (enable) set spantree portfast
Switch (enable) set spantree
portfast 4/1-12 disable
The command to verify PortFast status on a SET based switch
Switch (enable) show spantree
The command to enable PortFast on a 2900XL is:
Switch(config-if)# spanning-tree portfast
The command to disable PortFast on a 2900XL is:
Switch(config-if)# no spanning-tree portfast
The command to verify PortFast on a 2900XL is:
Switch# show spanning-tree
The command to enable PortFast on a Cat1900/2820 is:
Switch(config-if)# spantree start-forwarding
The command to disable PortFast on a Cat1900/2820 is:
Switch(config-if)# no spantree start-forwarding
The command to verify PortFast on a Cat1900/2820 is:
Switch# show spantree
Convergence time on STP is 50 seconds. Part of this is the need
to determine alternative paths when a link between switches is broken. This is
unacceptable on networks where realtime or bandwidth-intensive applications are
deployed (basically any network).
If the UplinkFast feature is enabled (it is not the default) AND
there is a least one alternative path whose port is in a blocking state AND the
failure occurs on the root port of the actual switch, not an indirect link; then
UplinkFast will allow switchover to the alternative link without recalculating
STP, usually within 2 to 4 seconds. This allows STP to skip the listening and
learning states before unblocking the alternative port.
The command to enable UplinkFast on a SET based switch is:
Switch (enable) set spantree uplinkfast enable
The command to disable UplinkFast on a SET based switch is:
Switch (enable) set spantree uplinkfast disable
The command to verify UplinkFast status on a SET based switch
Switch (enable) show spantree
The command to enable UplinkFast on a 2900XL is:
Switch(config)# spanning-tree uplinkfast
The command to disable UplinkFast on a 2900XL is:
Switch(config)# no spanning-tree uplinkfast
The command to verify UplinkFast on a 2900XL is:
Switch# show spanning-tree
The command to enable UplinkFast on a Cat1900/2820 is:
The command to disable UplinkFast on a Cat1900/2820 is:
Switch(config)# no uplink-fast
The command to verify UplinkFast on a Cat1900/2820 is:
Switch# show uplink-fast
BackboneFast is used at the Distribution and Core layers, where
multiple switches connect together, and is only useful where multiple paths to
the root bridge are available.
This is a Cisco proprietary feature that speeds recovery when
there is a failure with an active link in the STP. Usually when an indirect link
fails, the switch must wait until the maximum aging time (max-age) has expired
before looking for an alternative link. This delays convergence in the event of
a failure by 20 seconds (the max-age value). When BackboneFast is enabled on
all switches, and an inferior BPDU arrives at the root port - indicating an
indirect link failure - the switch rolls over to a blocked port that has been
- The Primary difference between UplinkFast and BackboneFast is that
BackboneFast can detect indirect link failures and is used at the Distribution
and Core layers; while UplinkFast is aware of only directly connected links, and
is used primarily on Access layer switches. If UplinkFast is turned on for the
root switch, it will automatically disable it.
- There is no BackboneFast
command for IOS based switches. Since this is an enhancement for Core and
Distribution layer devices only, and these are all Set-based
The command to enable BackboneFast on a SET based switch is:
Switch (enable) set spantree backbonefast enable
The command to disable BackboneFast on a SET based switch
Switch (enable) set spantree backbonefast disable
The command to verify BackboneFast status on a SET based switch
Switch (enable) show spantree backbonefast
Switch (enable) show spantree summary
VLAN Trunk Protocol (VTP)
In a switched environment a subnet corresponds to a VLAN, and a
VLAN may map to a single Layer 2 switch, or it may span several switches,
especially at the access layer. Also, it is likely that one or more VLANs may be
present on any particular switch.
VLAN Trunk Protocol (VTP) is a layer-2 messaging protocol that
centralizes the management of VLAN additions, deletions and changes on a
network-wide basis. This simplifies the management of large switched networks
with many VLANs.
A VTP domain is specified by the Network Engineer and consists
of one or more interconnected switches that share the same VLAN configuration. A
switch can only be configured as a member of a single VTP domain. Changes to the
global VLAN configuration for the domain can be implemented using either the CLI
or an SNMP session.
Switches defined as part of VTP domains can be configured to
operate in any of three VTP modes:
- Server – Advertise VLAN configuration to other switches in the
same VTP domain and synchronize with other switches in the domain. Can create,
modify, and delete VLANs as well as modify VLAN configuration parameters such as
VTP version and VTP pruning for the entire domain. This is the default mode for
- Client - Advertise VLAN configuration to other switches in
the same VTP domain and synchronize their VLAN configuration with other switches
based on advertisements received over trunk links; however, they are unable to
create, change, or delete VLAN configurations.
- Transparent - Does not
advertise its VLAN configuration and does not synchronize its VLAN configuration
with other switches. In VTP version 2, transparent switches do forward VTP
Advertisement types include: requests from
clients, summary advertisements and subset advertisements. An advertisement
contains the VLAN IDs, the Emulated LAN names for ATM LANE, the 802.10 SAID
values for FDDI, the VTP domain name, the VTP configuration revision number, the
MTU size and the Frame format.
Early design specifications touted the ability of VTP to create
global VLAN groups that the Network Engineer could use to have VLANs that would
span vast networks; however, in recent years it has become obvious that this has
generated unnecessary and expensive wide area traffic for not much gain. Most
design specifications now suggest creating VTP domains for each facility, and
limiting the VTP advertisements sent over limited and expensive wide area
VTP advertisements carry configuration revision numbers that are
incremented every time a VLAN is modified. This is used to identify the most
recent changes to the network topology. When a switch finds an advertisement
with a higher configuration revision number, it will save the new VTP database
over the old one. A VLAN that does not exist in the new database is
automatically deleted from the switch, and any ports that were in the VLAN will
It is a common problem for a newly ordained Network Engineer
(also called a “newby” or “loser-boy”) to add a switch
that has been used on a separate or test network to a production network, not
being aware of the revision number. Since test networks change much more often
than production networks, the new switch likely has a higher configuration
revision number than the production VTP domain. The result is that the entire
domain’s VTP database gets overwritten and any ports assigned to the lost
VLANs lose their VLAN membership and become unavailable to users. If you
receive a call that all the switched ports on a network have suddenly locked up
and no traffic is being passed, one of the first places to look is the red-faced
newest member of the network team who thought he was helping when he put a new
switch in the network. Good documentation and control over physical access to
network devices are probably your best defense against this problem. Also, to
prevent this problem, the command “clear config all” should be used
on any switch before it is added to a production network.
VTP pruning is a technique to limit VTP broadcast from branches
of the network that do not contain member ports of a specific VLAN. By default,
VTP pruning is disabled. VTP pruning must be enabled on a VTP server and
promulgates pruning eligibility through the entire management domain. By
default, VLAN 1 is always pruning-ineligible, and VLANs 2 through 1000 are
Configure a VTP Domain
Enter the VTP configuration mode
Switch (enable) vlan database
Set the VTP domain name to “Primary”
Switch (vlan) vtp domain Primary
Set the VTP domain password to “scubbie”
Switch(vlan) vtp password scubbie
VTP version 2 is enabled (to return to ver.1 - “no vtp
Switch(vlan) vtp v2-mode
Set the switch to VTP server mode. The client or transparent
arguments could be used instead.
Switch(vlan) vtp server
Verify VTP Operation
Display the VTP switch configuration and statistics
Switch show vtp status
Display the VTP counters for messages sent and received
Switch show vtp counters
Adding VLANs to a VTP domain
Enter the VTP configuration mode
vlan vlan-id name vlan-name
Example: Add VLAN 6 to the domain and name it
“accounting”. If a name is not specified, it defaults to the VLAN
number designation, as in this case would be “VLAN0006”:
vlan 6 name accounting
Display the VLAN configuration
show vlan name vlan-name
show vlan name accounting
Displays a list of configured VLANs
show vlan brief
Deleting VLANs from a VTP domain
Enter the VTP configuration mode
no vlan vlan-id
Example: Remove vlan 6 from the VTP domain and orphan any ports
assigned to that VLAN:
no vlan 6
VLAN commands - Brief
- Vlan database - enter into VLAN configuration mode
- Vtp domain
domain-name - configure a VTP administrative-domain’s name
password password-value - set the password for the VTP domain
- Vtp server -
configure the switch as a server
- Vtp client - put the switch in VTP client
- Vtp transparent - put the switch in VTP transparent mode
- Show vtp
status - show VTP configuration
- No vtp v2-mode - disable VTP version
- Global Information in a VTP Advertisement includes VTP Domain Name, VTP
Configuration Revision Number, Update Identity, Update Timestamp, MD5
- VLAN Information in a VTP Advertisement includes VLAN ID, VLAN Name,
VLAN Type, VLAN State.
- VTP Version 2 has features not supported in VTP
version 1, including Token Ring LAN Switching and VLANs, unrecognized Type
Length Value, Version Dependent Transparent Mode and Consistency Checks. Please
note that all the switches in the VTP domain must run the same VTP
- In general, don’t enable VTP version 2 in the VTP domain
unless all the switches are running version 2 as well. However, if the network
is Token Ring, you must enable VTP version 2.
- VTP Pruning increases
bandwidth by controlling traffic flow to the vital trunk links and to block
flooded traffic to VLANs in the pruning eligible list. Enabling VTP pruning on a
VTP server will enable it on the entire management
- Max 250 active VLANs supported by a switch. Watch out though, as some
switch models only support 6 VLANs.
- When creating a VLAN, the switch must be
in VTP server or transparent mode.
- Default VLAN Configurations - Ethernet
Parameters have an ID Range 1-1005. No limit on VLAN Name, and the MTU Size is
Am emulated LAN is a group of ATM-attached devices treated as an
independent broadcast domain. Think of it as a single Ethernet segment or
independent Token Ring. ELANs are made up of two components: the LAN Emulation
Client (LEC) and LAN Emulation (LANE) services. The LEC can be located in the
same device(s) as the LANE Services. LANE services are made up of a LAN
Emulation Configuration Server (LECS), the LAN Emulation Server (LES), and the
Broadcast and Unknown Server (BUS), and all of them can be located in the same
device or distributed among one, two, or three devices.
To join an emulated LAN, LEC needs to contact the LECS in order
to obtain its ATM address via reconfigured address for the LECS, ILMI or the
well-known address of the configuration service. When two hosts are in the same
emulated LAN, switches are enough for data transmissions. When two systems
reside in different emulated LANs, a layer-3 router or switch must be used to
interconnect them, regardless of the physical connection.
All nodes on an Ethernet network can transmit at the same time,
so the more nodes you have, the greater the possibility of collisions happening,
which can slow the network down.
LAN segmentation means to break up collision domains by
decreasing the number of workstations per segment using bridges or switches.
Switches are sometimes called micro-segmentation devices, because there may be
as little as one host per collision domain.
Switching is a layer-2 data manipulation that forwards through
the network by destination MAC addresses.
These are the common Cisco switching techniques:
- Store-and-forward – receives the complete frame before forwarding.
Copies the entire frame into the buffer and then checks for CRC errors. Higher
latency then other techniques. This technique is used on Cat5000s.
- Cut-through – checks the destination address as soon as the header is
received, and immediately forwards it out, lowering the latency level.
switching - The default switching type. It can be configured manually through
use of the “ip route-cache” command. The first packet is copied into
packet memory, while the destination network or host information is stored in
the fast-switching cache.
- Process Switching - This technique doesn’t
use route caching, so it runs slow; however, slow usually means SAFE. To enable,
use the command “no protocol route-cache”.
- Optimum Switching
– From its name you can understand what it is – high performance!
This is the default on 7500’s.
Multi-layer Switching is the ability to use a combination of
layer-2 switching technology, with layer-3 routing and layer-4 application
Layer-2 switching is hardware-based, using Application-Specific
Integrated Circuits (ASICs) to bridge a network. The performance difference
between a Layer-2 switch and a shared hub is significant. A layer-2 switch can
be thought of as a bridge on steroids. It has all the same characteristics and
limitations as bridging.
Problems with layer-2 switched networks:
- They provide scaling and performance issues on large bridged
- The broadcast radiation increases with the number of hosts;
broadcasts are seen by all end stations.
- STP can have slow convergence on
Traditional routers use CPUs that are general purpose devices,
while a layer-3 switch uses an ASIC, a piece of high-speed hardware designed to
perform a more limited set of tasks, in this case to achieve efficient routing
(in some cases and under certain circumstances, wire-speed). For most purposes
you can consider a layer-3 switch a device that integrates layer-2 and layer-3
(and sometimes layer-4) functionality in a single piece of equipment.
Depending on the network design, including what protocols,
interfaces, and features are required, layer-3 switches can be used in place of
routers and allow almost wire-speed routing. Standard routing protocol can be
used for route determination, including OSPF, EIGRP, RIP, and IS-IS.
A router is used to determine conversations between end-devices,
and then switching techniques continue the conversations. It has the following
advantages: Hardware-based packet forwarding, high-performance packet switching,
scalability, low latency, lower per-port cost, flow accounting, security and
control over Quality of Service (QoS).
Layer-4 switching refers to hardware-based routing, using ASICs,
which takes application specificity into consideration.
TCP or UDP flows include port number in the packet heading,
which serves to identify the application under consideration.
Cisco routers have the ability to control traffic based on
Layer-4 information using extended access lists and NetFlow switching.
To support multi-layer switching, you will need to have the
- Multilayer Switching-Switching Engine (MLS-SE) - Catalyst 2926G series
switch, or Catalyst 5000 series switch with the NFFC (NetFlow Feature Card) or
NFFC II. The NFFC is a daughter-card upgrade to the Supervisor Engine that
is an ASIC-based layer-3 switching engine.
- Multilayer Switching-Route
Processor (MLS-RP) - A Route Switch Module (RSM) or an externally connected
Cisco router with software that supports MLS. The RSM is an IOS-based router on
a blade that uses the same Reduced Instruction Set Computing (RISC) processor
as the RSP2 engine in 7500 series routers. When MLS is enabled, the
RSM or externally attached router continues to handle all non-IP protocols while
offloading the switching of IP packets to the MLS-SE.
- Multilayer Switching
Protocol (MLSP) – A protocol running between the MLS-SE and
You’ll hear the configuration with an external
router referred to as a “router-on-a-stick” or a
- When using an external router, the ideal set up is one directly attached
external router per switch to ensure proper caching.
- You can use Cisco
high-end routers for MLS when they are externally attached to the switch, make
the attachment with multiple Ethernet connections on an one per subnet basis or
by using Fast or Gigabit Ethernet with Inter-Switch Link
- Router interfaces with input access lists or reflexive access
lists cannot participate in MLS. However, you can translate input access lists
to output access lists to provide the same effect.
- When an output access
list is applied, the MLS cache entries for that interface are purged. However,
entries associated with other interfaces are not affected at all.
- Flow mask
mode is destination-ip when there is no access list on any MLS-RP interface.
When there is a standard access list, the mode is source-destination-ip. When
there is an extended access list, the mode is ip-flow.
Setting up Multi-layer Switching
These are the commands necessary to configure an internal or
external Multi-layer Switch Route Processor:
Switch(enable) mls rp ip
Entering into the router interface
Assign VLAN ID to the route processor interface
Switch(enable-if)# mls rp vlan-id
Place the external route processor in the interface of the VTP
Switch(enable-if)# mls rp vtp-domain
Enable the RSM interface
Switch(enable-if)# mls rp management-interface
- Based only on layer-3 addresses.
- NFFC (or NFFC II) maintains layer-3
switching table (MLS cache) for the layer-3-switched flows.
- Whenever the
Layer-3 switching entry for a flow ages out, the flow statistics will be
exported to a flow collector application.
- Maximum MLS cache size is
- Cache larger than 32K increases the likelihood that a flow will get
forwarded to the router.
- When a layer-3 packet is switched from source to
destination, the switch performs a packet rewrite based on information learned
from the router and stored in the MLS cache.
- If Host A and B are on
different virtual LANs, when Host A sends a packet to the MLS-RP to be routed to
Host B, the MLS-SE recognizes that the packet was sent to the MAC address of the
MLS-RP, and will check the MLS cache to find the matching entry.
- MLS-SE uses
flow mask modes to determine how MLS entries are created; the flow mask mode is
based on the access lists configured on the MLS router
- Unicast – A frame that will only be processed by the destination host
(one machine to one machine)
- Broadcast – A frame that every host on
the broadcast domain must process (one machine to all machines)
– A frame that will only be processed by multicast members on the
broadcast domain (one machine to a select list of
Using Multicasts, an application can send a single stream of
packets to a defined group of computers, instead of sending it one by one to
each recipient, or flooding the network with broadcasts. Class-D addresses are
reserved for multicast traffic and are allocated dynamically.
To manage multicast by allowing directed switching of multicast
traffic, and also to dynamically configure switch ports so that IP multicast
traffic is forwarded only to the appropriate ports, Cisco switches use:
- Internet Group Management Protocol (IGMP) - Standard protocol to manage the
multicast transmissions passed to routed ports. One of the problems with this
protocol is if a VLAN on a switch is set to receive, all the workstations on
that VLAN will get the multicast stream.
- Cisco Group Management Protocol
(CGMP) - Cisco proprietary protocols to control the flow of multicast streams to
individual VLAN port members. Solves the problem sited above. Requires IGMP to
be running on the router.
CGMP and IGMP software components
run on both the Cisco routers and switches. Remember that CGMP is Cisco
proprietary. When the CGMP/IGMP-capable router receives an IGMP control packet,
it creates a CGMP or IGMP packet that contains the request type, the multicast
group address, and the MAC address of the host. These request types can either
be “join” or “leave” messages. The router sends the
packet to a well-known address to which all switches listen, so that the
supervisor engine module interprets the packet and modifies the forwarding table
automatically. If a spanning-tree VLAN topology changes, the CGMP/IGMP-learned
multicast groups on the VLAN are purged and the CGMP/IGMP-capable router
generates new multicast group information. If a CGMP/IGMP-learned port link is
disabled, the corresponding port is removed from any multicast group.
CGMP/IGMP-capable routers send periodic multicast group queries,
so if a host wants to remain in a multicast group, it must respond to the query.
If, after a number of queries, the router receives no reports from any host in a
multicast group, the router sends a CGMP/IGMP command to the switch to remove
the group from the forwarding tables. CGMP fast-leave-processing allows the
switch to detect IGMP version-2 leave messages sent to the all-routers multicast
address by hosts on any of the supervisor engine module ports.
Display information on dynamically learned and manually
configured multicast router ports
show multicast router mod_num/port_num vlan_id
Display total number of multicast address groups in each VLAN
show multicast group count vlan_id
Enable CGMP on the switch
Switch (enable) set cgmp enable
Verify that CGMP is enabled
Switch (enable) show cgmp statistics vlan_num
Enable CGMP fast-leave processing on the switch
Switch (enable) set cgmp leave enable
Verify that CGMP fast-leave processing is enabled
Switch (enable) show cgmp leave
Display information on those multicast router ports learned
dynamically using CGMP
Switch (enable) show multicast router cgmp mod_num/port_num
Display information about multicast groups learned dynamically
Switch (enable) show multicast group cgmp mac_addr
Display total number of multicast address groups in each VLAN
that were learned dynamically through CGMP
Switch (enable) show multicast group count cgmp
Display CGMP statistics
Switch (enable) show cgmp statistics vlan_id
Disable CGMP fast-leave processing on the switch
Switch (enable) set cgmp leave disable
Disable CGMP on switch
Switch (enable) set cgmp disable
Enable IGMP snooping on the switch
set igmp enable
Verify that IGMP snooping is enabled
show igmp statistics vlan_num
Enable IGMP fast-leave processing on the switch
set igmp fastleave enable
Verify that IGMP fast-leave processing is enabled
show igmp leave
Display information only on those multicast router ports learned
dynamically using IGMP snooping
show multicast router igmp mod_num/port_num vlan_id
Disable IGMP snooping on the switch
set igmp disable
Protocol Independent Multicast (PIM)
PIM is used to forward multicast packets through a network. It
must be enabled for a Cisco interface to perform IP multicast routing. Enabling
PIM on an Interface also enables IGMP operation on that interface.
Interface can be configured to be in dense mode, sparse mode, or
sparse-dense mode - the modes determine how the router populates its multicast
routing table and how the router forwards multicast packets it receives from its
directly connected LANs. For PIM to work, it must be in one mode, although there
is no default mode setting as multicast routing is disabled on an interface by
- Dense-mode interfaces are always added to the table. Dense mode is used
when multicast group members are densely distributed throughout the network and
there is plenty of bandwidth available. Dense mode PIM floods the multimedia
packet to all routers and prunes routers that do not support members of that
particular multicast group.
- Sparse-mode interfaces are added to the table
only when periodic “join” messages are received from downstream
routers, or when there is a directly connected member on the interface. Sparse
mode is used when members are more spread out and there is limited bandwidth
available. Sparse mode PIM relies on rendezvous points. For this purpose the PIM
neighbor with the highest IP address is elected to be the Designated Router
(DR). If no PIM queries are received from this DR after a certain period of
time, the election mechanism will run again.
- Sparse-dense mode interfaces
are treated as dense mode if the group is in dense mode, or in sparse mode if
the group is in sparse mode.
A significant difference between Dense and Sparse modes is that
a dense mode router assumes all other routers are willing to forward multicast
packets for a group, while a sparse mode router requires an explicit request for
Enable dense-mode PIM on the interface
ip pim dense-mode
Enable sparse-mode PIM on the interface
ip pim sparse-mode
Quality of Service (QoS)
Quality of Service refers to the capability to provide higher
levels of access network resources based on the type of traffic. It is defined
as being over various network technologies, including Frame Relay, Asynchronous
Transfer Mode (ATM), Ethernet and 802.1 networks, SONET, and IP-routed networks.
QoS was created to provide:
- Dedicated bandwidth
- Control of jitter and latency
- Enhanced control
of potential data loss
Cisco IOS QoS software allows control over complex networks to
provide the ability to predictably service a variety of applications and traffic
types. It provides:
- Enhanced control over, and more efficient use of, network
- Better network analysis management and accounting tools
ability to consistently service the most important traffic, while still
providing access for less time-sensitive applications
- Enables ISPs to offer
tailored grades of service to their customers
There are three fundamental pieces for QoS implementation:
- Within a single network element - queuing, scheduling, and traffic shaping
- Signaling techniques for coordinating QoS from end to end between
- QoS policy, management, and accounting functions to
control and administer end-to-end traffic across a network
There are three basic levels of end-to-end:
- Best-effort service - basic connectivity with no guarantees
- Differentiated service - soft QoS - some traffic is treated better
than the rest via statistical preference
- Guaranteed service - hard QoS -
absolute reservation of network resources for specific
There are two traffic-shaping tools:
- Generic traffic shaping (GTS) - GTS reduces outbound traffic flow by
constraining specified traffic to a particular bit rate while queuing bursts of
the specified traffic
- Frame Relay traffic shaping (FRTS) - FRTS provides
parameters useful for managing network traffic congestion: committed information
rate (CIR), FECN and BECN, and DE bit
CDP (Cisco Discovery Protocol)
A proprietary Data Link layer protocol used between Cisco
devices to pass information about local conditions. CDP uses a data-link,
multicast address with no protocol ID or network layer field, and cannot be
The only way to prevent their being passed is to configure
“no cdp enable” on those interfaces on which you do not want to run
CDP. You can configure a MAC-layer filter to deny a multicast address as an
alternative method to block these packets.
Asynchronous Transfer Mode (ATM)
Developed as a compromise between voice and data needs, ATM is
commonly found either on large telecom networks or built into networks that have
a strong need for QoS (Quality of Service) needs.
ATM uses Cells that are uniform in size - 53 bytes; 5
bytes for a header, and 48 bytes for payload. This allows a great deal of
control over traffic and allows for QoS, but is wasteful in that the header is a
greater percentage of the traffic than in other methods.
ATM is connection-oriented with traffic traveling from
end-to-end over either:
- SVC (Switched Virtual Circuits) – Dynamically created
- PVC (Permanent Virtual Circuits) –
Permanently allocated circuits that are always established and
There are two types of interfaces:
- NNI (Network-to-Network) – connections within the network cloud
between two ATM devices.
- UNI (User-to-Network) – connects a
workstation to an ATM switch.
There are four major layers in the ATM reference model
(equivalent to the OSI Model):
- Higher layers – ATM signaling, addressing and routing.
- AAL (ATM
Adoption Layer) – Converts from higher level to ATM cells.
- ATM –
Defines ATM cell relaying and multiplexing.
- Physical – Defines the
physical network media and framing.
DDR Dial-on-Demand Routing
DDR has two important applications:
- When there is a WAN link that needs to be available, but rarely sees
traffic, the Network Architect might provision a pay-per-use wide area
connection - such as BRI - and use DDR on the routers to only activate the link
when there is “interesting traffic”, and rip it down when the
conversation is over.
- When there is a critical WAN link and there must be a
redundant connection. If there were a T1 between two sites, and it was
imperative that the link see very little downtime, DDR might be enabled on a BRI
ISDN port. If the T1 were to fail, the BRI would establish connectivity over at
least one of its data channels (B-channel), and could be configured to enable
the second channel if traffic needs were to reach a defined
DDR spoofs routing tables to provide the image of
full-time connectivity using Dialer interfaces and filters out interesting
packets for establishing, maintaining, and releasing switched connections.
Interesting traffic is defined by an access list.
Encapsulation Methods for DDR:
- PPP – recommended, as it supports multiple protocols and is
used for synchronous, asynchronous, or ISDN connections. It is also
- HDLC - supported on synchronous serial lines and
ISDN connections only, and supports multiple protocols, with NO
- SLIP - works on asynchronous interfaces and is IP
only, with NO authentication.
- X.25 - works on synchronous serial
lines and a single ISDN B channel.
IEEE - The Institute of Electrical and Electronics
Engineers, a professional organization that, among other things, developments
communications and network standards.
IEEE 802.1 - IEEE specification that describes an
algorithm that prevents bridging loops by creating a spanning tree. The
algorithm was invented by Digital Equipment Corporation. The Digital algorithm
and the IEEE 802.1 algorithm are not exactly the same, nor are they
IEEE 802.2 - IEEE LAN protocol that specifies an
implementation of the LLC sublayer of the data link layer. IEEE 802.2 handles
errors, framing, flow control, and the network layer (Layer 3) service
interface. Used in IEEE 802.3 and IEEE 802.5 LANs.
IEEE 802.3 - IEEE LAN protocol that specifies an
implementation of the physical layer and the MAC sublayer of the data link
layer. IEEE 802.3 uses CSMA/CD access at a variety of speeds over a variety of
physical media. Extensions to the IEEE 802.3 standard specify
implementations for Fast Ethernet. This is the specification that describes
IEEE 802.4 - IEEE LAN protocol that specifies an
implementation of the physical layer and the MAC sublayer of the data link
layer. IEEE 802.4 uses token-passing access over a bus topology and is based on
the token bus LAN architecture. This is the specification that describes Token
IEEE 802.5- IEEE LAN protocol that specifies an
implementation of the physical layer and MAC sublayer of the data link layer.
IEEE 802.5 uses token passing access at 4 or 16 Mbps over STP cabling
and is similar to IBM Token Ring.
IEEE 802.6 - IEEE MAN specification based on DQDB
technology. IEEE 802.6 supports data rates of 1.5 to 155 Mbps. This is
the specification that describes Municipal Area Networks (MAN).
More 802.x standards
802.8 Fiber-optic LANs
802.9 Integrated Voice & Data
802.10 LAN/MAN Security
802.12 VGAnyLAN (HP’s answer to FastEthernet)
Tag switches support multicast by utilizing data link layer
multicast capabilities: all tag switches that are part of a given multicast tree
on a common sub-network must agree on a common tag so that forwarding of
multicast packets to all downstream switches on that sub-network is
Tag switching can mark packets as belonging to a particular
class after they have been classified the first time, which is an important
aspect of QOS.
The tag-switching forwarding paradigm is based on label
swapping, which is the same as in ATM forwarding, tag-switching technology can
be applied to ATM switches.
Tag information can be carried in a packet in many ways, such as
a small "shim" tag header inserted between the Layer 2 and the network-layer
headers, as part of the Layer 2 header (e.g. ATM), as part of the network-layer
header (e.g. Ipv6). This is why tag switching can be implemented over any media
When a packet with a tag is received, the switch uses the tag as
an index in its Tag Information Base (TIB). If the switch finds a matching
entry, then for each component in the entry the switch replaces the tag in the
packet with the outgoing tag. The switch also replaces the link-level
information in the packet with the outgoing link-level. This is called Label
There are two principal components:
- Forwarding component - uses tag information carried by packets and
the tag-forwarding information maintained by a tag switch to perform packet
- Control component - maintaining correct tag-forwarding
information among a group of interconnected tag
Remote Monitoring (RMON)
RMON has 4 groups:
- Statistics Group for port utilization and error statistics
Group for periodic statistics
- Alarm Group for sampling interval and
- Event Group for logging events to network management
Cisco Device Management
There are two ways of managing routers and switches:
- In-band management – Telnet or SNMP network connection through modem
or line module.
- Out-of-band management – The console port direct
connection to the Supervisor module.
General Troubleshooting Tips
- SPAN is the Enhanced Switched Port Analyzer that monitors traffic for
analysis by other tools.
- CWSI CiscoWorks Switched Internet Solutions is a
management suite that consists of CiscoView, VlanDirector, and
- A cable tester device is used to look for cable
- Time Domain Reflectometer measures cable length and impedance; loose
or incorrect device connection can also be detected.
- Always isolate network
segment problems by checking the devices on the same segment to see if they can
communicate. In an IP environment, use the “ping” and
- Switch LEDs indicate problem based on
color: red = failure, orange = less severe problem. If the Output Fail LED =
Red, check the power supply.
- To troubleshoot other problems, try using the
show commands to find out what is going on: Sh config, Sh int, Sh module, Sh
spantree, Sh trunk, Sh vlan, Sh port, Sh mac, Show test and Show log, etc.
Protocol Analyzer can capture and display protocol information, while Network
monitors can continuously monitor network traffic.
- A STP failure generally
results in a bridging loop.
- For point-to-point links, a duplex mismatch
occurs when one side of the link is hardcoded full duplex, while the other side
is auto-negotiation, and eventually the link ends up in half-duplex.
- When a
link is experiencing many physical errors, a number of consecutive BPDUs could
be lost, leading a blocking port to transition to forwarding.
- STP is
software based: if the CPU is over-utilized, it is possible that it can lack the
resources necessary to send out BPDUs. Also, software bugs are
- When the age field of a BPDU goes beyond max age, it is discarded
- this occurs if the diameter of the STP network is too large, making the root
switch too far from some distant switches.
- To limit the risk implied by the
use of the STP, it is recommended that you reduce (as much as possible) the
number of blocked ports - prune VLAN not needed off your trunks and use the
PortFast command on those user ports that will never have switches or bridges
- Keep traffic off the administrative VLAN and avoid having a
single VLAN spanning the entire network.
- Avoid hand-tuning STP parameters -
Catalyst software provides macros that perform fine-tuning of most significant
IOS commands for troubleshooting:
- “debug spantree events” displays STP events to help determine
problems. Be careful that this doesn’t overwhelm the CPU of the
- “logging buffered” captures debug information in
the device's buffers.
- “show interface” verifies interface
utilization, packet corruption, speed and duplex status of the specified
- “show processes cpu” checks CPU
Catalyst OS Commands for troubleshooting:
- “set logging level spantree 7 default”
increases the default level of STP related event to
- “set logging buffer 500” sets a
maximum number of messages in the switch's
- “show port <module#/port#>” give you
details of the port configuration.
- “show system” give
indication on the backplane
- “show spantree statistics <module#/port#> <vlan#>
gives accurate information on suspected ports.
Hot Standby Routing Protocol (HSRP)
Provides a means of having two default gateways to protect
against an equipment failure locking out a group of users from the wider
The default priority for each router is 100, but can be change
to give one priority as the most likely default gateway (if say, one unit were
faster than another).
TAC and CCO
Cisco’s Technical Assistance Center (TAC) provides
7x24x365 technical support on all their products. The Center follows the sun,
with offices around the globe. It is staffed by Customer Support Engineers
Cases can be opened by phone, e-mail or through Cisco Connection
Online (Cisco’s exceptionally well designed website at
www.cisco.com). When a case is logged, a call
number is generated and assigned to a CSE who will work with client to answer
questions, provide advice on system use, help with system configuration, or
correct a system malfunction.
There are four priority levels:
- Priority 1 - existing network is "down", which is critical
- Priority 2
- network is severely degraded, which has a significant impact
- Priority 3 -
operational performance of the network is impaired, although business operations
- Priority 4 - little or no impact to the business operation
at this moment
The OSI Model
The OSI is a common tool for conceptualizing how network traffic
is handled. In this document we will be interested primarily in the lower four
levels. Just a reminder, that you can use the old mnemonic “All
People Seem To Need Data
Processing” as a way to help remember the sequence.
7. Application – User interface tools (such as Telnet,
SMTP, FTP, etc.)
6. Presentation – Encoding/Decoding (such as ASCII, MPEG,
GIF, JPEG, etc.)
5. Session – Creating, managing and terminating
4. Transport – Error checking and recovery, flow
control and multiplexing (TCP, SPX, etc.)
3. Network – Routing (IP,
2. Data Link
LLC – Manages
MAC – Manages addressing and access to the physical
1. Physical – Establish and maintain physical
Cisco Hierarchical Internetworking Model
- Access – The point at which users join the network. VLANs,
WAN connections, RAS services are all at this layer. Cat1900 or 3500 series
switches with 10BaseTx and 100BaseTx ports might be appropriate for the Access
layer, where high port density and low per-port costs are major
- Distribution – Control layer; Aggregation of traffic,
access lists, compression, encryption and other services that provide the glue
between Access and Core layers. Cat6000 series with 16-port Gigabit Ethernet
modules, or Cat5500 series switches with internal RSMs might be appropriate at
the Distribution layer. Performance becomes more of an issue at this
- Core – Concentrates all traffic traversing the network.
The focus is on speed. Fast switching, Gigabit Ethernet, and ATM are commonly
deployed at this layer. Cat8500 or 6500 series switches - high speed and
expensive - are probably most appropriate at the core, where passing traffic is
the primary concern.