Welcome To Cisco CCNP Switch

CISCO CCNP SWITCH 640-813,300-115
WELCOME TO CISCO CCNP

SWITCH
(640-813, 300-115)
About the Instructor

STEPHEN DEGRAFT ANAAFI
BSC and MSC Information Technology
CCIE(WRITTEN), CCNP, CCNA, CCNAS,
CPT,CHFI,CEH,CISA,CISSP
MCSE: Server Infrastructure 2012
MCSE:Exchange 2013,
MCSE:Server 2008
14 years experience
CCNP SWITCH
Objectives to covers
Campus LAN Switching Basics
Internetwork Switching Methods
Local Area Network Switching Fundamentals Switch Table
Architectures
Segmenting the LAN Using Bridges and Switches

The Hierarchical LAN Design Model
The Enterprise Composite Model Switched LAN Design
Considerations
Campus Switched LAN Topologies

Local Area Network Switching Fundamentals
LAN switching is a form of packet switching used in Local Area
Networks.
LAN switching is performed using hardware at the Data Link Layer.

it uses MAC addresses, which are used by LAN switches to forward
frames.
SWITCHING METHODS
Switches can use three main forwarding techniques, as follows:
Store-and-Forward Switching
Cut-Through Switching
Fragment-Free Switching

Store-and-Forward Switching
copies the entire frame into the switch buffer and performs a Cyclic
Redundancy Check (CRC) for errors within the frame.
Because of the CRC, this method of forwarding is the slowest and
most processor-intensive.
it is also the most efficient because it avoids forwarding frames with
errors.
For example, if a received frame is less than 64 bytes in length
(which is considered a runt) or more than 1518 bytes in length

(which is considered a giant), then the switch will discard the frame.

Cut-Through Switching
the frame header is inspected and the Destination Address (DA) of
the frame is copied into the internal memory of the switch before the
frame is forwarded.
is very fast and reduces latency, which is the amount of time it takes
a packet to travel from source to destination.
This is the fastest switching method and is sometimes referred to as
Fast Forward or Real Time switching.
forwards frames with errors.

It is up to the destination switch to discard received frames with
errors.

Fragment-Free Switching
It waits for the collision window, which is the rst 64 bytes of a
frame, to be accepted before forwarding the frame to its destination.
holds the packet in memory until the data portion reaches the switch.
to address and solve the problem encountered with late collisions,
LAN SEGMENTATION

LAN SEGMENTATION
Segmenting the LAN Using Bridges and Switches
Segmentation is the process by which the LAN is broken down into
smaller, more manageable pieces.
Routers and Vlans are used for segmentation

Multilayer switching is a generic term, referring to any switch that
forwards traffic at layers higher than Layer-2.
A Layer-4 switch provides the same functionality as a Layer-3 switch,
but will additionally examine and cache Transport-layer application

flow information, such as the TCP or UDP port

LAN SEGMENTATION
Routers separate broadcast and collision domains.
Switches separate collision domains.
Hubs belong to only one collision domain
Switches and hubs both only belong to one broadcast domain.

LAN SEGMENTATION
Switching Architectures

Switching Architectures
Traffic flow is an important consideration when designing scalable,
efficient networks.
this involves understanding two things:

Where do resources reside?
Where do the users reside that access those resources?
Legacy networks adhered to the 80/20 design, which dictated that:
80 percent of traffic should remain on the local network.
20 percent of traffic should be routed to a remote network.
To accommodate this design practice, resources were placed as close
as possible to the users that required them.
This allowed the majority of traffic to be switched, instead of routed,
which reduced latency in legacy networks.

Switching Architectures (80/20)
The 80/20 design allowed VLANs to be trunked across the entire
campus network, a concept known as end-to-end

End-to-end VLANs allow a host to exist anywhere on the campus
network, while maintaining Layer-2 connectivity to its resources.
this flat design poses numerous challenges for scalability and
performance:
STP domains are very large, which may result in instability or
convergence issues.
Broadcasts proliferate throughout the entire campus network.

Maintaining end-to-end VLANs adds administrative overhead.
Troubleshooting issues can be difficult

As network technology improved, centralization of resources became
the dominant trend.
Modern networks adhere to the 20/80 design:

20 percent of traffic should remain on the local network.
80 percent of traffic should be routed to a remote network.
Instead of placing workgroup resources in every local network, most
organizations centralize resources into a datacenter environment.
Layer-3 switching allows users to access these resources with
minimal latency
The 20/80 design encourages a local VLAN approach. VLANs should
stay localized to a single switch or switch block:

This design provides several benefits:

STP domains are limited, reducing the risk of convergence issues.
Broadcast traffic is isolated within smaller broadcast domains.
Simpler, hierarchical design improves scalability and performance.
Troubleshooting issues is typically easier.

same basic concept of the OSI Reference Model, which is layering.
simplies the tasks required for hosts to communicate,
basic networking tasks such as troubleshooting connectivity issues
between the hosts.
network design, network changes are easier to make and implement.

design allows network engineers to create design elements that can
be replicated as the network grows.
As each element in the network design requires change, the cost and
complexity of making the upgrade is constrained to a small subset of

the overall network, whereas in a large, at or meshed network, such
changes tend to impact a large number of systems.

The LAN hierarchical model comprised of the following three layers:
1. The Core Layer
2. The Distribution Layer

3. The Access Layer

The Core Layer
The core, or backbone, layer provides optimal transport between
sites.
It is a high-speed switching backbone and should be designed to
switch packets as fast as possible.
Switches at the core layer typically have the following characteristics:

High-throughput Layer-3 or multilayer forwarding
Absence of traffic filtering, to limit latency
Scalable, redundant links to the distribution layer and other core
switches
Advanced QoS function

Proper core layer design is focused on speed and efficiency

The Core Layer
In a 20/80 design, most traffic will traverse the core layer. Thus, core
switches are often the highest-capacity switches in the campus

environment
Smaller campus environments may not require a clearly defined core
layer separated from the distribution layer.
Often, the functions of the core and distribution layers are combined
into a single layer. This is referred to as a collapsed core design.

The distribution layer
responsible for aggregating access layer switches, and connecting the
access layer to the core layer.
Switches at the distribution layer typically have the following
characteristics:
Layer-3 or multilayer forwarding

Traffic filtering and QoS
Scalable, redundant links to the core and access layers
In a campus network environment, the distribution layer can include
several functions, as follows:
Address or area aggregation, Media transitions Security

Departmental or workgroup access
VLAN routing ,Broadcast or Multicast domain denition

Historically the distribution layer was the Layer-3 boundary in a
hierarchical network design:
The connection between access and distribution layers was Layer-2.

The distribution switches are configured with VLAN SVIs.
Hosts in the access layer use the SVIs as their default gateway
However, pushing Layer-3 to the access-layer has become
increasingly prevalent.
VLAN SVIs are configured on the access layer switch, which hosts will
use as their default gateway.
A routed connection is then used between access and distribution
layers, further minimizing STP convergence issues and limiting

broadcast traffic

In a non-campus environment,
the distribution layer can be a redistribution point between routing

domains or the demarcation between static and dynamic routing protocols.
The distribution layer can also be the point at which remote sites access
the corporate network.

The access layer
provides workgroup or user access to the LAN. In other words, the
access layer is the point at which local users physically connect to the
network.
may also use access lists or lters, such as MAC address lters, to
optimize the needs of a particular set of users or to provide security.
In a campus network environment, access layer functions can include
the following:
Shared bandwidth (i.e. via hub connectivity) Switched bandwidth
(i.e. using LAN switches)
MAC layer and MAC address ltering

Micro segmentation

The access layer
provides workgroup or user access to the LAN. In other words, the
access layer is the point at which local users physically connect to the
network.
the following characteristics:

High port density
Low cost per port
Scalable, redundant uplinks to higher layers
Host-level functions such as VLANs, traffic filtering, and Qos
In the non-campus environment, the access layer can give remote
sites access to the corporate network via WAN technologies, such as

Frame Relay.

The access layer
In an 80/20design, resources are placed as close as possible to the
users that require them. Thus, most traffic will never need to leave
the access layer.
In a 20/80 design, traffic must be forwarded through higher layers to
reach centralized resources.
In the non-campus environment, the access layer can give remote
sites access to the corporate network via WAN technologies, such as

Frame Relay.

Each block connects to each other through the core layer, which is
often referred to as the core block. Connections from one layer to

another should always be redundant.
User block containing end users

Server block containing the resources accessed by users
Edge block containing the routers and firewalls that connect
users to the WAN or Internet

The Enterprise Composite Model
The Cisco Enterprise Composite Model (ECM) or Enterprise Composite
Network Model (ECNM)
provides a detailed design for the campus for a converged, intelligent
infrastructure to access IT resources across enterprise locations.
The model expands on the traditional hierarchical concepts of core,
distribution, and access layers
based on the principles described in Ciscos description of converged
networks.
this is not an industry standard but, rather, a Cisco recommendation.

The model provides a framework for the recommended design and
implementation of an enterprise campus network.

The enterprise network comprises two functional areas, which are the
enterprise campus and the enterprise edge.
These two areas are further divided into modules or blocks that
dene the various functions of each area in detail.
The enterprise campus is comprised of the following modules:
The Building or Switch Module
The Core Module
The Management Module
The Server Module
The Enterprise Edge Distribution Module

The building or switch module is dened as the portion of the
network that contains:
end-user workstations,
phones, and their associated Layer 2 access points.
Its primary goal is to provide services to end users.

comprised of access layer switches as well as their related
distribution layer switches.

The core module is the portion of the network that routes and
switches traffic as fast as possible from one network to another.
This is simply the core layer in the hierarchical network model.

The management module allows for the secure management of all
devices and hosts within the enterprise.
Within this module, logging and reporting information ows from the
devices to the management hosts, while content, congurations, and

new software ows to the devices from the management hosts.
The server, or server farm, module provides application services to
end users and devices. Trafc ows on the server module are
inspected by on-board intrusion detection within the Layer 3
switches. This module is tied into the switch block.

The enterprise edge distribution module aggregates connectivity from
the various elements at the network edge, which may include

external-facing routers or rewalls.
At the enterprise edge distribution module, network traffic is ltered
and routed from the edge modules to the core modules. Figure 1-10
below illustrates the modules within an enterprise campus:

Fig. 1-10. The Enterprise Edge Distribution Module

The Enterprise Edge Distribution Module
The enterprise edge distribution module is comprised of the following
modules:
The Corporate Internet Module
The VPN and Remote Access Module
The WAN Module
The E-Commerce Module
The corporate Internet module provides internal users with
connectivity to Internet services.
It also provides Internet users access to information on the corporate
public servers, such as public-facing E-Mail servers, for example. To

protect these servers, security devices such as Intrusion Detection
Systems (IDS) or Intrusion Prevention Systems (IPS), as well as
rewalls, are typically integrated into the design of this module.

Fig. 1-11. The Corporate Internet Module
Inbound traffic ows from this module to the VPN and remote access
module, where VPN termination takes place.

The VPN and remote access block is responsible for terminating VPN
traffic from remote users,
providing a hub for terminating VPN traffic from remote sites, and
terminating traffic from dial-in users.
All traffic forwarded to the enterprise edge distribution module is
from remote corporate users that are authenticated in some fashion

before being allowed through the rewall.
Figure 1-12 below is an example of how the VPN and remote access
block might be designed:


The WAN module
The WAN module is the simplest. It provides and allows for WAN
termination via ATM and Frame Relay, for example.
The WAN module is used for network connectivity between the
central (hub) site and remote (spoke) sites. Figure 1-13 below
illustrates the WAN module:

The E-Commerce module
The E-Commerce module, used for E-Commerce, interfaces with the
enterprise edge distribution module and the service provider edge

module. Figure 1-14 below illustrates how the E-Commerce module
might be implemented:

The Enterprise Composite Model (ECM) divides functional areas of the
LAN into modules.
This allows for easier implementation of other network functions, such
as security, on a module-by module basis, rather than attempting to
do so all at once on the entire network.
The ECM provides several advantages. The rst is that it addresses
performance by dividing functional areas into modules and connecting
them together over a high-speed backbone.
This allows for efficient summarization of networks and more efficient
use of high-speed uplink ports.
Secondly, with its modular approach, the ECM allows for network
scalability by allowing administrators to add on more function modules
easily, as required.
And nally, the ECM allows for high availability within the network, as
different modules can be connected in a redundant fashion to the core
and distribution layers with relative ease.
campus switched LAN Topologies

There are three types of topologies that can be used in campus
switched LAN design,
1. Scaled Switching
2. Large Switching with Minimal Routing
3. Distributed Routing and Switching

Scaled Switching:
comprised of only switches at all layers. No routers are used or
integrated into the LAN.
This design requires no knowledge of the addressing structure (since
it is essentially a at network), is low cost (from a monetary or

nancial point of view), and is very easy to manage.
However, the downside is that the entire campus LAN is still a single
Broadcast domain. Even if VLANs were used, users in one VLAN

would not be able to communicate with users in another VLAN
without the use of routers.

Large Switching with Minimal Routing
The large switching with minimal routing design deploys switching at
the access, distribution, and core layers.
At the distribution layer, routers are used to allow for inter-VLAN
communication.
In this topology, routing is used only in the distribution layer, and the
access layer depends on bandwidth through the distribution layer in

order to gain access to high-speed switching functionality in the core
layer.
This design scales well when VLANs are designed so that the majority
of resources are available in the VLAN.
this design is suited for networks adhering to the legacy 80/20 rule.
In modern-day client-server networks, this design would not be very

scalable and therefore would not be recommended.

Distributed Routing and Switching
design follows the LAN hierarchical network model both physically
and logically, which allows this design to scale very well.
This design is optimized for networks that adhere to the 20/80 rule,
which is the majority of modern-day client-server networks.
This is the most common campus LAN design model in modern day
networks.
tables used in switching
Switching Tables

Layer-2 forwarding
Layer-2 devices build hardware address tables, which at a minimum
contain the following:
Hardware addresses for hosts (such as Ethernet MAC addresses)

The port each hardware address is associated with
Using this information, Layer-2 devices will make intelligent
forwarding decisions based on the frame (or data-link) header
A frame can then be forwarded out only the appropriate destination
port, instead of all ports.
Layer-2 switches utilize queuesto store incoming and outgoing frames

Layer-2 forwarding was originally referred to as bridging

Layer-2 forwarding

Content-Addressable Memory
All Catalyst switch models use a CAM table for Layer 2 switching. As
frames arrive on switch ports, the source MAC addresses are learned
and recorded in the CAM table.
On Cisco switches, the MAC address table is stored in Content
Addressable Memory (CAM
The port of arrival and the VLAN both are recorded in the table, along
with a time stamp.
If a MAC address learned on one switch port has moved to a different
port, the MAC address and time stamp are recorded for the most
recent arrival port.
Then, the previous entry is deleted. If a MAC address is found
already present in the table for the correct arrival port, Only its time
stamp is updated.
To manage the CAM table space, stale entries(addresses that have
not been heard from for a period of time) are aged out. By default,

Idle entries in the CAM are purged after 300 seconds, by default. This
timer is reset every time a frame is received with the associated MAC
address on the correct port.
The default setting using the following configuration command

Switch(config)# mac address-table aging-time seconds
By default, MAC addresses are learned dynamically from incoming
frames. You also can configure static CAM table entries that contain
MAC addresses that might not be learned otherwise.
To do this, use the following configuration command:

Switch(config)# mac address-table static mac-address vlan vlan-id
interface type mod/num
To view the contents of the CAM table, :

Switch# show mac address-table dynamic [address mac-address |
interface type mod/num | vlan vlan-id]

Each entry in the CAM table contains the following information:
The MAC address
The switch port the MAC address was learned on
The VLAN of the switch port
A time stamp, for the aging timer

Example Determining Host Location by MAC Address
From this, you can see that the host somehow is connected to
interface Fast Ethernet 1/0/1, on VLAN 54

Suppose the command produced no output, showing nothing about
the interface and VLAN where the MAC address is found. What might
that mean?
Answer
Either the host has not sent a frame that the switch can use for
learning its location,
or something odd is going on. Perhaps the host is using two network
interface cards (NIC) to load balance traffic; one NIC is only receiving
traffic, whereas the other is only sending. Therefore, the switch never
hears and learns the receiving-only NIC address
To see all the MAC addresses that are currently found on interface
GigabitEthernet1/0/29,
Switch# show mac address-table dynamic interface
gigabitethernet1/0/29

The output shown in Example 2-3 lists many MAC addressesall found
on a single inter-face. How can so many addresses be learned on one
switch interface?
This interface must lead to another switch or another part of the

network where other devices are located

Switch# clear mac address-table dynamic [address mac-address |
interface type mod/num | vlan vlan-id]

The CAM aging timer can be changed from its default of 300, though
this is needed only in rare circumstances:
To add a static entry into the CAM table:
To clear all dynamic entries in the CAM table:

Ternary Content-Addressable Memory
The TCAM is an extension of the CAM table concept
provide high-speed lookups for two additional functions:
Filtering traffic using access-lists
Prioritizing traffic using QoS
TCAM allows a packet to be evaluated against an entire access list in
a single table lookup.
Some Layer-3 devices store the routing table in TCAM as well

Most switches have multiple TCAMs so that both inbound and out-
bound security and QoS ACLs can be evaluated simultaneously, or

entirely in parallel with a Layer 2 or Layer 3 forwarding decision.

The TCAM consists of two components:
Feature Manager (FM) automatically integrates access-lists into
the TCAM.
Switching Database Manager (SDM) supports partitioning the
TCAM for separate functions (supported on only some Cisco models)
Each entry in the TCAM table contains three components, defined by
access-list entries:
Values defines the addresses or ports that must be matched

Masks defines how much of each address to match
Result defines the action to take when a match occurs


The Feature Manager (FM) will automatically integrate the access-list
named WEB into the TCAM.
Configuring the TCAM consists solely of creating the necessary
access-lists.
However, the access-list will not take effect until its applied to an
interface or VLAN.

Welcome To Cisco CCNP Switch

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Welcome To Cisco CCNP Switch

Uploaded by

Copyright:

Available Formats

CISCO CCNP SWITCH 640-813,300-115

WELCOME TO CISCO CCNP

About the Instructor

Segmenting the LAN Using Bridges and Switches

Campus Switched LAN Topologies

Campus LAN Switching Basics

LAN switching is performed using hardware at the Data Link Layer.

Campus LAN Switching Basics

Redundancy Check (CRC) for errors within the frame.

Because of the CRC, this method of forwarding is the slowest and

it is also the most efficient because it avoids forwarding frames with

For example, if a received frame is less than 64 bytes in length

(which is considered a runt) or more than 1518 bytes in length

Campus LAN Switching Basics

a packet to travel from source to destination.

This is the fastest switching method and is sometimes referred to as

Fast Forward or Real Time switching.

forwards frames with errors.

Campus LAN Switching Basics

frame, to be accepted before forwarding the frame to its destination.

Campus LAN Switching Basics

Campus LAN Switching Basics

smaller, more manageable pieces.

Routers and Vlans are used for segmentation

forwards traffic at layers higher than Layer-2.

A Layer-4 switch provides the same functionality as a Layer-3 switch,

but will additionally examine and cache Transport-layer application

Campus LAN Switching Basics

Campus LAN Switching Basics

Campus LAN Switching Basics

Campus LAN Switching Basics

this involves understanding two things:

as possible to the users that required them.

This allowed the majority of traffic to be switched, instead of routed,

which reduced latency in legacy networks.

Campus LAN Switching Basics

campus network, a concept known as end-to-end

Campus LAN Switching Basics

Campus LAN Switching Basics

network, while maintaining Layer-2 connectivity to its resources.

this flat design poses numerous challenges for scalability and

STP domains are very large, which may result in instability or

Broadcasts proliferate throughout the entire campus network.

Campus LAN Switching Basics

the dominant trend.

Modern networks adhere to the 20/80 design:

organizations centralize resources into a datacenter environment.

Layer-3 switching allows users to access these resources with

The 20/80 design encourages a local VLAN approach. VLANs should

stay localized to a single switch or switch block:

Campus LAN Switching Basics

This design provides several benefits:

Campus LAN Switching Basics

The Hierarchical LAN Design Model

Campus LAN Switching Basics

between the hosts.

network design, network changes are easier to make and implement.

be replicated as the network grows.

complexity of making the upgrade is constrained to a small subset of

Campus LAN Switching Basics

1. The Core Layer

2. The Distribution Layer

Campus LAN Switching Basics