7
Bridging and
Switching
CERTIFICATION OBJECTIVES
7.01 Bridges and Switches
7.02 Functions of Bridging and Switching
7.03 The Spanning Tree Protocol
7.04 1900 and 2950 Configuration
✓
Two-Minute Drill
Q&A
Self Test
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
Blind Folio 7:1
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:05 AM
Color profile: Generic CMYK printer profile
Composite Default screen
B
ridges and switches are both layer-2 devices, functioning at the data link layer of the OSI
Reference Model. Even though they are both layer-2 devices and have many similarities
between them, they also have many differences. With advancements in hardware and
technology, switches perform faster and have many more features. However, the basic functions
of these two devices are the same. This chapter covers the functions of bridges and switches, the
Spanning Tree Protocol (STP), and basic switch configuration tasks on Cisco’s Catalyst 1900
and 2950.
CERTIFICATION OBJECTIVE 7.01
Bridges and Switches
The main function of bridges and switches is to solve bandwidth, or collision, problems.
Remember that in Ethernet, multiple devices can share the same segment, so there is
a chance that more than one device might try to transmit at the same time, creating a
switching method affects how a layer-2 device receives, processes, and forwards a
frame. Bridges support only one switching method, store-and-forward, while switches
might support one, two, or three different switching methods. The three switching
methods supported by layer-2 devices include the following:
■
Store-and-forward
■
Cut-through
■
Fragment-free
The following sections cover these three switching methods.
Store-and-Forward
Store-and-forward switching is the most basic form of switching. With store-and-forward
switching, the layer-2 device must pull in the entire frame into the buffer of the port
and check the CRC (checksum) of the frame before the layer-2 device will perform
any additional processing of the frame. When checking the CRC, the layer-2 device
will calculate a CRC value just as the source device did, and compare this value to
Bridges and Switches
3
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
Functions Bridges Switches
Form of switching Software Hardware (in ASICs)
Method of switching Store and forward Store and forward,
cut-through, fragment-free
Ports 2–16 Possibly hundreds
Duplexing Half Half and full
Collision/bandwidth domains 1 per port 1 per port
Broadcast domains 1 1 per VLAN
STP instances 1 1 per VLAN
TABLE 7-1
included this function in its switching model. The 1900 supports this function.
Fragment-Free
The default switching method of the 1900 is fragment-free switching. Fragment-free
switching is a modified form of cut-through switching. Whereas cut-through switching
reads up to the destination MAC address field in the frame before making a switching
decision, fragment-free switching makes sure that the frame is at least 64 bytes before
switching it (64 bytes is the minimum legal size of an Ethernet frame). The goal of
fragment-free switching is to reduce the number of Ethernet runt frames (frames smaller
than 64 bytes) that are being switched. Sometimes fragment-free switching is also called
modified cut-through or runtless switching.
Even with fragment-free switching, a switch could still be switching corrupt frames
(frames with a bad CRC), since the switch is checking only the first 64 bytes, and the
CRC is at the end of the frame. To overcome this problem, many vendors implement
dynamic switching methods, as discussed in the last section. At least with fragment-
free switching, most collisions typically create runts, and this switching method would
prevent the forwarding of these frames, unlike cut-through switching.
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:05 AM
Color profile: Generic CMYK printer profile
Composite Default screen
Bridges and Switches
5
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
Even though the 2950 doesn’t support cut-through and fragment-free switching,
like the 1900, it still switches frames faster. This is because the 2950 has much
faster ASICs than the 1900 switch. Therefore, you shouldn’t judge a switch
by its switching method, but by a combination of factors, such as price,
performance, and features.
Switch Connections
Duplexing affects how a device can send and receive frames. There are two modes
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:05 AM
Color profile: Generic CMYK printer profile
Composite Default screen
6
Chapter 7: Bridging and Switching
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
As Table 7-2 points out, one main advantage that full-duplex connections have
over half-duplex ones is that full-duplex connections do not experience collisions.
Basically, the transmit circuit on one side is wired to the receive circuit on the other
side, and vice versa. In this situation, the NIC (network interface controller), or
Ethernet card, disables the collision detection mechanism, since it isn’t needed. Full-
duplex connections are supported with the following media types: 10BaseT, 100BaseTX,
100BaseTX, 100BaseFX, and Gigabit Ethernet. Connections using 10Base5, 10BaseFL,
and 10Base2 support only half-duplexing. Please note that some older 10BaseT NICs
may not support full-duplex. An example of this is the 10BaseT interfaces on Cisco 2500
series routers.
When dealing with bridges and switches, bridges support only half-duplex
connections, while most switches support both. For instance, the 1900 and 2950
switches support both connection types. Most switches will autosense the duplexing
and appropriately configure it.
CERTIFICATION OBJECTIVE 7.02
Functions of Bridging and Switching
With all of these differences between bridges and switches, they are still, at heart, both
layer-2 devices and perform the same three basic network functions:
■
Learning They learn what device is connected to which port.
■
Forwarding They intelligently switch frames to the port or ports where the
destination is located.
be using the term switch to describe the layer-2
device; however, the terms bridge and switch are
interchangeable when it comes to the three main
functions.
Learning Function
One of the three main functions of a transparent switch is to learn which device is
connected to each of the active ports of the switch. As a frame comes into the port of
a switch, the switch examines the source MAC address of the frame and compares it to
its switch table, commonly referred to as a CAM (content addressable memory) table
or port address table. In the old days of bridging, CAM was a special form of high-speed
Functions of Bridging and Switching
7
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
FIGURE 7-1
Physical and
logical descriptions
of a transparently
bridged network
The three main functions
of a bridge/switch are learn, forward, and
remove loops.
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:06 AM
Color profile: Generic CMYK printer profile
Composite Default screen
memory to facilitate the switching function in a bridge when it had to forward a frame
out the correct destination port. Today, switches use RAM to store the MAC addresses,
but the term CAM is still commonly used.
When the switch receives a frame on a port, and as it examines the source MAC
address in the frame and doesn’t see a corresponding entry in the CAM table, the
functions. Normally, you would use static
configurations for security purposes. The discussion of static configurations is done
in the later section “MAC Address and Port Security.”
8
Chapter 7: Bridging and Switching
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
Bridges place learned
source MAC addresses and their
corresponding ports in a CAM or
port address table. This feature is
used to intelligently forward frames.
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:06 AM
Color profile: Generic CMYK printer profile
Composite Default screen
Forwarding Function
The second major function of a switch is to forward traffic intelligently. Whenever a
frame comes into a port on the switch, the switch not only examines the source MAC
address so that it can perform its learning function, it also examines the destination
MAC address to perform its forwarding function. It examines the destination MAC
address and compares this address to the addresses in its CAM table to determine which
interface it should use when forwarding the frame to the destination.
If the destination address is found in the CAM table, the forwarding process is easy:
the switch forwards the frame out the port for the corresponding CAM entry. If the
switch examines the destination address and finds that the destination is associated
with the same port as the source of the frame, the switch will drop the frame. In this
situation, you might have a hub connected to this port of the switch, and both the
source and destination are connected to this hub. Given this, the switch shouldn’t
forward any frames between these two machines to other switch segments, since this
would be wasting bandwidth in your network. As you can see, the switch is intelligently
destination is, and obviously the source is assuming that the device is on same the
“logical” segment, the switch will have to flood the frame to ensure that the destination,
if it is somewhere in the broadcast domain, will receive the source’s frame. This process,
hopefully, won’t happen every time. When the destination receives the frame, the
destination will probably send a response frame to the source. Through the switch’s
learning process, it now knows where the destination is located, and any further frames
sent from the source to the destination can be intelligently forwarded instead of flooded.
One issue with this process, however, is that if your CAM table is filled to capacity
and your switch can’t add new entries to the table, the switch will always flood traffic
to these destinations that it couldn’t fit into the CAM table. Therefore, it is very
important that when you buy a switch, you buy one that will be able to handle the
number of devices that you’ll have in your switched network. You’ll be creating problems
if you have 2,000 devices in your switched network but your CAM table on each switch
can hold only 1,000 entries. In this situation, the switches will be flooding traffic for
half of the destinations, creating serious bandwidth and performance problems in your
network.
A broadcast is a frame that is sent to all devices in a broadcast domain. As an example,
if a source device needed to send the same information to 50 destinations, the source
would create only one frame, and every destination would process this frame using
the destination MAC address of FFFF.FFFF.FFFF. Remember to think of the switched
network as a logical bus, where it appears that everyone is on the same piece of wire.
Therefore, when a switch receives a broadcast, it needs to ensure that all machines
will receive it, and thus the switch will flood this frame to make sure all devices receive
the broadcast.
A multicast is a frame sent to a group of devices, where the group consists of devices
interested in the receiving the multicast stream. This group can contain no devices,
all devices, or some devices in the broadcast domain. The problem of using unicast
frames to disseminate certain types of information is that it can negatively impact
the performance of your network. For instance, imagine that you have a network
where ten devices wish to receive a specific multicast stream, like a real-time video
To better understand what happens when a switch forwards rather than floods, take a
look at an example shown in Figure 7-2. This example shows a hub and a switch, with
various PCs connected to these two devices.
Let’s assume that the switch was just turned on, which means that its CAM
table is empty. PC-A generates a frame destined for PC-C. When the switch
receives the frame, it looks in its CAM table and does not see the source MAC
address (0000.0A01.AAAA), so it adds it along with port 1. It also examines the
destination MAC address (0000.0A01.CCCC) and does not see this address in its
CAM table, so the switch floods the frame out all of its remaining ports: 2, 3, and 4.
In this example, the switch did not need to do this because PC-C is connected to
the same hub as PC-A; however, the switch doesn’t know this yet. This is an example
of flooding an unknown destination unicast address. Figure 7-3 shows an example of
the switch adding the entry to its CAM table and flooding the frame. You can see from
this figure that the switch now has one entry in its CAM table (PC-A’s) as well as the
flooding process that it was performed. Since the destination, PC-C, is connected to
the same hub as PC-A, it obviously receives the frame.
PC-C now responds back to PC-A with a unicast frame: the source MAC address
is 0000.0A01.CCCC and the destination MAC address is 0000.0A01.AAAA. The
switch performs its learning process, and since PC-C’s MAC address is not in its
CAM table, it adds it, as is shown in Figure 7-4. Now the switch has two entries in
its CAM table: PC-A’s and PC-C’s. To perform the forwarding process, the switch
examines the destination MAC address, 0000.0A01.AAAA. It finds a match in its
Functions of Bridging and Switching
11
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
The three types of frames
that are always flooded by bridges and
switches are multicasts, broadcasts,
and unknown destination unicasts.
D:\omh\CertPrs8\934-9\ch07.vp
the switch receives the broadcast frame, it performs its learning function by
adding 0000.0A01.EEEE to its CAM table. The switch then floods the frame,
since it is a broadcast. This process can be seen in Figure 7-7.
Functions of Bridging and Switching
13
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
FIGURE 7-4
Adding PC-C’s MAC address to the CAM table
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:07 AM
Color profile: Generic CMYK printer profile
Composite Default screen
14
Chapter 7: Bridging and Switching
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
FIGURE 7-5
Adding PC-B’s MAC address to the CAM table
FIGURE 7-6
Forwarding PC-F’s traffic out of Port 1 only
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:07 AM
Color profile: Generic CMYK printer profile
Composite Default screen
From this simple example, you can see the role of the switch is not a complicated
one. First, the switch examines the source MAC address in the frame and updates the
CAM table if necessary. Second, the switch examines the destination MAC address
in the frame and makes a forwarding decision. As you will see in the next section, the
switch’s function becomes more complicated when there is more than one bridge in
the network, and there are layer-2 loops between the bridges.
Loops
between your switches to remove the loops. The following section covers the basics
of STP.
CERTIFICATION OBJECTIVE 7.03
The Spanning Tree Protocol
The main function of the Spanning Tree Protocol (STP) is to remove layer-2 loops from
your topology. DEC, now a part of Compaq/HP, originally developed STP. IEEE enhanced
the initial implementation of STP, giving us the 802.1d standard. The two different
implementations of STP, DEC and 802.1d, are not compatible with each other—you
need to make sure that all of your devices either support one or the other. All of Cisco’s
16
Chapter 7: Bridging and Switching
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
FIGURE 7-8
Looped layer-2
topology
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:08 AM
Color profile: Generic CMYK printer profile
Composite Default screen
switches use IEEE’s 802.1d protocol, which is enabled, by default, on the switches. If
you have a mixed-vendor environment where some devices are running 802.1d and
others are running DEC’s STP, then you may run into layer-2 looping problems.
Bridge Protocol Data Units
For STP to function, the switches need to share information. What they share are bridge
protocol data units (BPDUs), which are sent out as multicast information that only other
layer-2 devices are listening to. Switches will use BPDUs to learn the topology of the
network: what device is connected to other devices, and if there are any layer-2 loops
based on this topology.
If any loops are found, the switches will disable a port or ports in the topology to
ensure that there are no loops. In other words, from one device to any other device
Color profile: Generic CMYK printer profile
Composite Default screen
Root Bridge
The term Spanning Tree Protocol describes the process that is used. The STP algorithm
is similar to how link state routing protocols, such as OSPF, ensure that no layer-3 loops
are created. (Link state routing protocols are discussed in Chapters 9 and 11.) A spanning
tree is first created. Basically, a spanning tree is an inverted tree. At the top of the tree
is the root, or what is referred to in STP as the root bridge or switch. From the root switch,
there are branches (physical Ethernet connections) connecting to other switches, and
branches from these switches to other switches, and so on.
Take a look at a physical topology of a network to demonstrate a spanning tree,
shown in Figure 7-9. When STP is run, a logical tree structure is built, like that shown
in Figure 7-10. As you can see from Figure 7-10, SwitchA is the root switch and is
at the top of the tree. Underneath it are two branches connecting to SwitchB and
SwitchC. These two switches are connected to SwitchE, creating a loop. SwitchB is
also connected to SwitchD. At this point, STP is still running, and a loop still exists.
As STP runs, the switches will determine, out of the four switches, SwitchA, SwitchB,
SwitchC, and SwitchE, which port on these switches will be disabled in software in
order to remove the loop.
Actually, the very first step in STP is to elect the root switch. BPDUs are used for
the election process. As was mentioned earlier, when a device advertises a BPDU, it
puts its switch ID in the BPDU. The switch ID is used to elect the root switch. The
18
Chapter 7: Bridging and Switching
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
FIGURE 7-9
Physical layer-2
looped topology
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:08 AM
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:08 AM
Color profile: Generic CMYK printer profile
Composite Default screen
This election process of the root switch takes
place each time there is a topology change in the
network, such as the root switch failing, or the
addition of a new switch. All the other switches
in the layer-2 topology expect to see BPDUs from
the root switch within the maximum age time,
which defaults to 20 seconds. If the switches don’t
see a BPDU message from the root within this period, they assume that the root switch
has failed and will begin a new election process to choose a new root bridge.
Root Port
After the root switch is elected, every other switch in the network needs to choose a
single port on itself that it will use to reach the root. This port is called the root port. For
some switches, like SwitchD in Figure 7-10, this is very easy—it has only one port it can
use to access the switched topology. However, other switches, like SwitchB, SwitchC,
and SwitchE in Figure 7-10, might have two or more ports that they can use to reach
the root switch. If there are multiple ports to choose from, an intelligent method needs
to be used to choose the best port. With STP, there are a few factors that are taken into
consideration when choosing a root port. It is important to point out that the root switch
itself will never have a root port—it’s the root, so it doesn’t need a port to reach itself.
First, each port is assigned a cost, called a port cost. The lower the cost, the more
preferable the port is. The cost is an inverse reflection of the bandwidth of the port.
There are actually two sets of costs for 802.1d’s implementation of STP—one for the
old method of calculation and one for the new, as is shown in Table 7-3. Cisco’s 1900
switch uses the old 802.1d port cost values, while Cisco’s other switches, including
the 2950, 3500, 3550, 4000, 5500, 6000, and 6500 switches, use the newer cost values.
Switches always prefer lower-cost ports over higher-cost ones. Each port also has a
port was a Fast Ethernet port, then the path cost would be: 0 (the root’s path cost) + 19
(the switch’s port cost) = 19. This switch, when it advertises BPDUs to switches
behind it, will include the updated path cost. As the BPDUs propagate further and
further from the root switch, the path costs become higher and higher.
Remember that path costs are incremented as a BPDU comes into a port, not
when a BPDU is advertised out of a port.
If a switch has two or more choices of paths to reach the root, it needs to choose
one path and thus have one root port. Here are the STP steps a switch will go through
when choosing a root port:
1. Choose the path with the lowest accumulated path cost to the root if there is
a choice between two or more paths to reach the root.
2. If there is a tie between port priorities, choose the neighboring switch (that
your switch would go through to reach the root) with the lowest switch ID value.
3. If you have multiple paths, and they all go through the same neighboring switch,
choose the port with the lowest priority value.
4. If the priority values are the same between the ports, choose the physically
lowest-numbered port on the switch (on a 1900, that would be Ethernet 0/1).
After going through this selection process, the switch will have one, and only one,
port that it will be its root port.
Designated Port
The last section discussed how each switch has a single root port that it uses to reach
the root switch. Besides each switch having a root port, each segment also has a single
The Spanning Tree Protocol
21
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:08 AM
Color profile: Generic CMYK printer profile
Composite Default screen
port that is uses to reach the root. This port is called a designated port. For instance,
Blocked
■
Listening
■
Learning
22
Chapter 7: Bridging and Switching
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:09 AM
Color profile: Generic CMYK printer profile
Composite Default screen
■
Forwarding
■
Disabled
Of the five states, only the first four are used when the algorithm is running.
The following sections cover the different port states for STP.
Blocking
Ports will go into a blocking state under one of three conditions:
■
Election of a root switch (for instance, when you turn on all the switches
in a network)
■
When a switch receives a BPDU on a port that indicates a better path to
the root switch than the port the switch is currently using to reach the root
■
If a port is not a root port or a designated port
A port in a blocked state will remain there for 20 seconds by default (the maximum
age timer). During this state, the port is only listening to and processing BPDUs on
Disabled
The disabled state is a special port state. A port in a disabled state is not participating
in STP. This could be because the port has been manually shut down by an administrator,
manually removed from STP, disabled because of security issues, or rendered nonfunctional
because of a lack of a physical-layer signal (such as the patch cable being unplugged).
Layer-2 Convergence
As you have noticed in the last section, STP goes through a staged process, which slows
down convergence. For switches, convergence occurs once STP has completed: a root
switch is elected, root and designated ports have been chosen, the root and designated
ports have been placed in a forwarding state, and all other ports have been placed in a
blocked state.
If a port has to go through all four states, convergence takes 50 seconds: 20 seconds
in blocking, 15 seconds in listening, and 15 seconds in learning. If a port doesn’t have
to go through the blocking state but starts at a listening state, convergence takes
only 30 seconds. This typically occurs when the root port is still valid, but another
topology change has occurred. Remember that during this time period (until the port
reaches a forwarding state), no user traffic is forwarded through the port. So, if a user
was performing a telnet session, and STP was being recalculated, the telnet session,
from the user’s perspective, would appear stalled, or the connection would appear lost.
Obviously, a user will notice this type of disruption.
Therefore, the faster that convergence takes place, the less disruption that this will
cause for your users. You can reduce the two timers to reduce your convergence time,
24
Chapter 7: Bridging and Switching
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
There are four major
port states in STP: blocking (20 seconds),
listening (15 seconds), learning (15 seconds),
and forwarding. It can take 30–50 seconds
for STP convergence to take place.
The Rapid Spanning Tree Protocol (RSTP) is an IEEE standard, 802.1w, that is
interoperable with 802.1d and an extension to it. With RSTP, there are only three port
states: discarding, learning, and forwarding. A port in a discarding state is basically
the grouping of 802.1d’s blocking, listening, and disabled states. The following sections
cover some of the enhancements included in RSTP.
Additional Port Roles
With RSTP, there are still root and designated ports, performing the same roles as
those in 802.1d. However, RSTP adds two additional port types: alternate ports and
backup ports. These two ports are similar to the ports in a blocking state in 802.1d.
An alternate port is a port that has an alternative path or paths to the root but is currently
in a discarding state. A backup port is a port on a segment that could be used to reach
the root port, but there is already an active designated port for the segment. The best
way to look at this is that an alternate port is a secondary, unused root port, and a
backup port is a secondary, unused designated port.
The Spanning Tree Protocol
25
CertPrs8 / CCNA Cisco Certified Network Associate Study Guide / Deal / 222934-9 / Chapter 7
STP convergence has
occurred when all root and designated
ports are in a forwarding state and all
other ports are in a blocking state.
D:\omh\CertPrs8\934-9\ch07.vp
Monday, August 04, 2003 11:53:09 AM
Color profile: Generic CMYK printer profile
Composite Default screen
Copyright: Tài liệu đại học ©