Skip to main content

Posts

Showing posts with the label Switch

Installing Sonic Network Switch in EVE-NG

Installing Sonic Network Switch on EVE-NG Latest eve-ng has template for sonic switch., at path /opt/unetlab/html/templates/intel/sonicsw.yml If you do not have template in this folder you can download one and paste in the folder path as above https://github.com/ercintorun/MsSonicEveNG/blob/main/mssonic.yml I assume you already have template in folder as mentioned above, with name sonicsw.yml Create a folder at below path with version number that you will download in the next step /opt/unetlab/addons/qemu/sonicsw-210216 Download the sonic switch image from below link https://sonic.software/ Upload eve-ng at this path /opt/unetlab/addons/qemu/sonicsw-210216/ Navigate to the above path and gunzip the image gunzip /opt/unetlab/addons/qemu/sonicsw-210216/sonic-vs.img.gz after this you get the file with name sonic-vs.img now change the the file name to virtioa.qcow2, with below command mv /opt/unetlab/addons/qemu/sonicsw-210216/sonic-vs.img /opt/unetlab/addons/qemu/sonicsw-210216/virt...

Why STP Bridge Priority is Configured in increment of 4096

Spanning-tree operation requires that each switch have a unique BID (Bridge ID). In the original 802.1D standard, the BID was composed of the bridge priority and the MAC address of the switch, and all VLANs were represented by a CST, Common Spanning Tree. Because Cisco started to use unique instance in PVST+ PVRST+ for each VLAN STP Process, there came need to provide Unique BID for each separate instance of STP per VLAN. So what Cisco Did! divided the Bridge priority field of 16 bits into two parts, 4 bits for priority and 12 bits for VLAN ID and named it as Extended VLAN ID. Now because only left most four bits are reserved for Bridge priority, you can only make the combinations of discrete values in increments of 4096 with those bits.

What is Cisco Chassis, Backplane, Line Card

What does Chassis means? A Chassis is a frame/housing for mounting the circuit components for Cisco Switches and Routers or any type of devices that provides power and a high-speed backplane. The frame also protects all of the vital internal equipment from dust, moisture, and tampering.  Making the Chassis to define even easier is;  A chassis is an enclosure; a container that holds things together... i.e. an egg carton holds eggs together inside. A chassis does the same thing; it holds the important things inside like wiring, power supplies etc.  What does Backplane means? Backplane is a circuit board with sockets that allows  Supervisor engines  Cards or modules to be inserted into these sockets and connect them to each other. Backplane is mounted on the Chassis.  Modules or line cards provide different types of interfaces, but the processing of packets is usually done in the Supervisor engine. Backplane is the medium for data flow between modules and Sup...

What is Cisco Supervisor Engine?

Supervisor Engine is a module that is installed in the Cisco Chassis-based Catalyst Switches or Routers. Supervisor engine contains nearly all the same components of a fixed Cisco Switches or Routers. These Supervisor engines come in a variety of different types with different functionalities and are installed in the Switches/Router Chassis as per requirements of the network types. Benefits of Supervisor Engines By installing Latest Supervisor Engines in your existing investments (Switches and Routers) you can scale system performance and integrate next-generation services into your Networks. Within a single multilayer switch chassis, two supervisor modules with integrated route processors can be used to provide hardware redundancy. If an entire supervisor module fails, the other module can pick up the pieces and continue operating the switch. The supervisor engine contains the following integrated daughter cards that perform forwarding and routing and provide the protocols suppo...

How to Connect Cisco Switches/Routers with Cisco Network Assistant

This post is about how to configure a Cisco standalone Device so that it may be connected with Cisco Network Assistant (CNA) Successfully. In production Networks, Cisco devices are often configured with basic required configuration for successful connection of CNA with the Cisco Devices and most of the time you do not need to configure them specially for CNA Connection. So for successful connectivity between a Cisco Device and a PC with CNA Installed is two part process.First of all we focus on how to configure a Cisco Switch then we will install CNA on a PC and Connect it with the switch. Configure a Switch with ip http server command in Global Configuration mode Switch(config)#ip http server Define a Vlan and SVI, assign an IP Address from a Private IP Address Range so that it can be connected with CNA. Here I am configuring VLAN 100, with SVI 100 and IP Address Subnet as 172.16.100.0/24 Switch>en Switch#config t Enter configuration commands, one per line. ...

Multi-layer Switching Exceptions – Packets that Need further Processing

There are some packets that are not forwarded directly by Multi layer switches, but are required further processing. To forward packets using the simultaneous decision processes, the packet must be “Multi Layer Switch-ready” and must require no additional decisions. For example, CEF can directly forward most IP packets between hosts. This occurs when the source and destination addresses (both MAC and IP) are known already and no other IP parameters must be manipulated. Other packets cannot be directly forwarded by CEF and must be handled in more detail. This is done by a quick inspection during the forwarding decisions.  If a packet meets criteria such as the following, it is flagged for further processing and sent to the switch CPU for process switching: ARP requests and replies IP packets requiring a response from a router (TTL has expired, MTU is exceeded, fragmentation is needed, and so on) IP broadcasts that will be relayed as unicast (DHCP requests, IP helper-address f...

Why MAC address is used and not only IP Address for Networking

Though A very basic Question but asked by CCNA Beginners!MAC address(Identifier) or Hardware Address that is burnt on the Network Interface Cards by its manufacturing companies is used for communication because devices on a LAN must also be uniquely and individually identified or they, like humans sharing the same name, will receive data not intended for them. When data is to be delivered on a LAN, it is encapsulated within an entity called a  Frame , a kind of binary envelope. Think of data encapsulation as being the digital equivalent of placing a letter inside an envelope. A destination address and a return (source) address are written on the outside of the envelope. Without a destination address, the postal service would have no idea where to deliver the letter. Likewise, when a frame is placed on a data link, all devices attached to the link “see” the frame; therefore, some mechanism must indicate which device should pick up the frame and read t...

What is Difference Between Hardware and Software Switching

If I summarize the answer of this question in one line then I would say Hardware Switching is performed by ASICs and Software Switching is performed by CPUs. But let’s have some explanation of both to clearly understand the difference. The term  hardware-switching  refers to the act of processing packets at any Layers 2 through 7, via specialized hardware components referred to as Application-Specific Integrated Circuits (ASIC). ASICs can generally reach throughput at wire speed without performance degradation for advanced features such as QoS marking, ACL processing, or IP rewriting. Other terms used to describe hardware-switching are in-hardware, using ASICs, and hardware-based. Multilayer switching (MLS) is another term commonly used to describe hardware-switching.  MLS describes the capability to route and switch frames at line-rate (the speed of all ports sending traffic at the same time, full-duplex, at the maximum speed o...

How Spanning-Tree Works 802.1D / Made-Easy STP Process in Steps

There are three major Steps of Spanning tree process, these are shown in the table below with brief descriptions. Look at these first then we explain the STP process Steps in a brief and very comprehensive way. Electing a Root Switch Only one switch can be the root of the spanning tree; to select the root, the switches hold an election. Each switch begins its STP logic by creating and sending an STP Hello bridge protocol data unit (BPDU) message, claiming to be the root switch. If a switch hears a superior Hello—a Hello with a lower bridge ID—it stops claiming to be root by ceasing to originate and send Hellos. Instead, the switch starts forwarding the superior Hellos received from the superior candidate. Eventually, all switches except the switch with the best bridge ID cease to originate Hellos; that one switch wins the election and becomes the root switch. The original IEEE 802.1d bridge ID held two fields: The 2-byte Priority field, which was designe...

Best Practices for VLAN Design

Following these General Best practices when implementing VLANs can help to design and implement VLANs in a simple, secure and less troubleshooting-requiring Campus Network. For the Local VLANs model, it is usually recommended to have only one to three VLANs per access module and limit those VLANs to a couple of access switches and the distribution switches. Avoid using VLAN 1 as the “blackhole” for all unused ports. Use any other VLAN except 1 to assign all the unused ports to it. Try to always have separate voice VLANs, data VLANs, management VLANs, native VLANs, blackhole VLANs, and default VLANs (VLAN 1). In the local VLANs model, avoid VTP; it is feasible to use manually allowed VLANs in a network on trunks. For trunk ports, turn off DTP and configure it manually. Use IEEE 802.1Q rather than ISL because it has better support for QoS and is a standard protocol. Manually configure access ports that are not specifically intended for a trunk link. Prevent all data traffic from ...

Different Types of Spanning Tree Protocols, Defined Briefly

802.1D and its successor protocols provide loop resolution by managing the physical paths to given network segments. STP enables physical path redundancy while preventing the undesirable effects of active loops in the network. The first STP, called the DEC STP, was invented in 1985 by Radia Perlman at the Digital Equipment Corporation. In 1990, the IEEE published the first standard for the protocol as 802.1D based on the algorithm designed by Perlman. Subsequent versions were published in 1998 and 2004 incorporating various extensions.There are several varieties of STP: Common Spanning Tree (CST)  assumes one 802.1D spanning-tree instance for the entire bridged network, regardless of the number of VLANs. Because there is only one instance, the CPU and memory requirements for this version are lower than the others. However, because there is only one instance, there is only one root bridge and one tree. This means that traffic for a...

Why Extended-Range VLANs are not supported or transported by VTP Ver 1 and 2?

Normal-Range and Extended-Range VLANs  Normal-range VLANs  are VLANs 1–1005, and can be advertised via VTP versions 1 and 2. These VLANs can be configured in VLAN database mode, with the details being stored in the vlan.dat file in Flash. Extended-range VLANs  range from 1006–4094, inclusive. However, these additional VLANs cannot be configured in VLAN database mode, nor stored in the vlan.dat file, nor advertised via VTP. They can only be configured when the switch is in VTP transparent mode. Now answering the question that why Extended range VLANs are not transported by VTP 1 & 2, is because originally, ISL began life only supporting normal-range VLANs, using only 10 of the 15 bits reserved in the ISL header to identify the VLAN ID. These 10 bits makes the combinations of only 1024 Vlans, thus supporting only 1024 Normal Range-VLANs. The later-defined 802.1Q used a 12-bit VLAN ID field, thereby allowing support of the extended range. Following that, Cisco ch...

What are Inferior and Superior BPDUs of STP

Today i want to have a very brief talk about what the Spanning-Tree Inferior and Superior BPDUs are and what is the difference between them. Inferior BPDU of STP The BPDU is considered inferior, if it carries information about the root bridge that is worse than the one currently stored for the port, or the BPDU has longer distance to reach the current root bridge. Inferior  BPDUs may appear when a neighboring switch suddenly loses its uplink and claims itself the new root of the topology. By default, every switch should ignore inferior BPDUs, until the currently stored BPDU expires (time=Max_Age – Message_Age). This feature intends to stabilize STP topology in situations where an uplink on some switch flaps (goes down and up frequently for any malfunction), causing the switch to start sending inferior information Superior BPDU of STP A superior BPDU is one that has a lower Bridge ID. An inferior BPDU would have a higher Bridge ID. This can’t be judged on a single BPDU b...

Types of Layer 2/Switch Security Attacks, and Mitigation steps in Brief

Security Attacks against Switches or at Layer 2 can be grouped in four major Categories as follows: 1. MAC layer attacks 2. VLAN attacks 3. Spoofing attacks 4. Attacks on switch devices 1. MAC Layer Attacks Types MAC address flooding  Description  :- Frames with unique, invalid source MAC addresses flood the switch, exhausting content addressable memory (CAM) table space, disallowing new entries from valid hosts. Traffic to valid hosts is subsequently flooded out all ports. Mitigation  Port security. MAC address VLAN access maps.   2. VLAN Attacks i – VLAN hopping By altering the VLAN ID on packets encapsulated for trunking, an attacking device can send or receive packets on various VLANs, bypassing Layer 3 security measures. Mitigation   Tighten up trunk configurations and the negotiation state of unused ports. Place unused ports in a common VLAN. ...

VLAN Ranges Supported by Different Models of Cisco Switches

Depending on the Platform and Software Version, Cisco Catalyst switches support up to 4096 VLANs.Following data Lists the Cisco Models and VLAN ranges supported by them, also some of the VLAN numbers are reserved and can not be used or modified. VLAN Range          Range                          Usage                                                                                         VTP 0, 4095                       Reserved                     For system use only.                             ...

Differences between Layer 2, 3, 4 Switching / Multilayer Switching / Layer 3 Routing

Differences between layer 2, 3, 4 Switching, Multilayer switching and Routing has been given below according to the function/operation of devices Layer 2 Switching  Devices that forward frames at Layer 2 involve the following functions: MAC addresses are learned from the incoming frames’ source addresses. A table of MAC addresses and their associated bridge and switch ports is built and maintained. Broadcast and multicast frames are flooded out to all ports (except the one that received the frame). Frames destined for unknown locations are flooded out to all ports (except the one that received the frame). Bridges and switches communicate with each other using the Spanning Tree Protocol to eliminate bridging loops.  A Layer 2 switch performs essentially the same function as a transparent bridge; however, a switch can have many ports and can perform hardware-based bridging. Frames are forwarded using specialized hardware, called application-specific integrated circui...

Difference b/w a Router and Multilayer Switch, Their correct Usage and Installation

I placed few questions on Cisco forum to discuss the differences between the usage of a Router and Multilayer switch. There were my questions;Today’s Multilayer switches are versatile; they can do all the things a router can do; Will Router be eliminated by Multilayer Switches? Are there any limitations to a Multi-layer switch that it can not completely replace a router? If both functions can be done by a multilayer switches then why a router is still produced? Will in future be only one device in the market that will do Routing+switching, and will there be no separate Switch or Separate router? These types of question are usually in the mind of Networking (Cisco) guys who are only studying and have no experience of networking hardware in any firm. Here are the answers in the reply of above questions that will certainly answer to most of your questions. Reply 1  Generally router would have better processing power to perform routing more efficiently than ...

what is transparent bridging

The term bridging refers to a technology in which a device known as a bridge connects two or more LAN segments. Bridges are OSI Data Link layer, or Layer 2, devices that were originally designed to connect two network segments. Multiport bridges were introduced later to connect more than two network segments, these devices analyze the frames as they come in and make forwarding decisions based on information in the frames themselves. Bridges learn the location of the network stations without any intervention from a network administrator or any manual configuration of the bridge software. This process is commonly referred to as self−learning. When a bridge is turned on and begins to operate, it examines the MAC addresses located in the headers of frames passed through the network. As the traffic passes through the bridge, the bridge builds a table of known source addresses, assuming the port from which the bridge received the frame is the port to which the device is a sending device...