|
|
This chapter explains some of the switching concepts that you need to understand to configure Catalyst 2900 series switches. You can enable or customize the following features through the web-based Switch Manager or with the Cisco IOS command-line interface:
With multiple Media Access Control (MAC) address support on all ports, you can connect any port on the switch to individual workstations, repeaters, switches, routers, or other network devices. The switch provides dynamic addressing by learning the source address of each packet it receives on each port and adding the address and its associated port number to the address table. As stations are added or removed from the network, the switch updates the address table, adding new entries and aging out those that are currently not in use.
You can also manually enter addresses into the address table. These addresses, called static and secure addresses, do not age and must be removed manually. You can define the forwarding behavior of a static address so that the device with that address can only transmit packets to certain ports.
You can work with the dynamic and static addresses maintained by the switch on the Address Management page described in the "Web-Based Management" chapter.
Catalyst 2900 switches transfer, or forward, packets between any combination of ports, based on the destination address of the received packet. Using the MAC address table, the switch forwards the packet only to that port. If the destination address is on the port that sent the packet, the packet is filtered and not forwarded.
Use the Static Address-Forwarding Map to define how the switch forwards packets for a given static address. You can enter a list of ports that the static address can send packets to. You can also use the Static Address Forwarding Map for source-port filtering: packets received on specified ports are forwarded to just the ports you define. Packets to these destinations received on other ports are not forwarded.
A Catalyst 2900 switch always forwards packets by using the store-and-forward mode: complete packets are stored and checked for errors before transmission.
If the switch does not know a destination address, it floods the packet to all ports. The packet then always arrives at its destination. Catalyst 2900 switches also flood multicast and broadcast packets. The rest of this section discusses some of the ways that you can set your switch to inhibit unnecessary flooding.
When a Catalyst 2900 switch receives a unicast packet with an unknown destination address, it floods it to all ports. However, when ports have only manually assigned addresses or single stations attached, there are no unknown destinations, and flooding serves no purpose. In this case, you can disable flooding on a per-port basis. See the "Port Management" section in the "Web-Based Management" chapter for more information on disabling flooding.
A Catalyst 2900 switch normally floods multicast or broadcast packets it receives to all ports. You can use the web interface or SNMP to register multicast addresses and list the ports that can receive those specific packets. You can also disable the normal flooding of unregistered multicast packets on a per-port basis. Besides reducing unnecessary traffic, these features open up the possibility of using multicast packets for dedicated groupcast applications, such as broadcast video.
Cisco Group Management Protocol (CGMP) reduces the unnecessary flooding of IP multicast packets. CGMP data from a Cisco router identifies clients running CGMP applications that should receive certain IP multicast packets. The switch then limits the transmission of the IP multicast packets to those clients in the group.
A broadcast storm occurs when a large number of broadcast packets are received from a given port. Forwarding these packets can cause the network to slow down or time out. To avoid this, you can use broadcast storm control to set a threshold for the number of broadcast packets that can be received from a port before forwarding is blocked. You can set a second threshold to define when to re-enable the normal forwarding of broadcast packets.
Broadcast storm control operates on a per-port basis. By default, broadcast storm control does not monitor broadcast traffic and thus does not block traffic or send alerts based on broadcast storms.
Secured ports restrict the use of a port to a user-defined group of stations. When you assign secure addresses to a secure port, the switch does not forward any packets with source addresses outside the group. If you define the address table of a secure port to contain only one address, the workstation or server attached to that port is guaranteed the full bandwidth of the port.
The number of devices on a secured port can range from 1 to 132. The addresses for the devices on a secure port are manually assigned by an administrator or sticky-learned. Sticky-learning takes place when the address table for a port that is set as secured does not contain a full complement of secure addresses. The port sticky-learns the source address of incoming packets and automatically assigns them as secure addresses. This continues until the table contains the maximum number of secure addresses defined for the port. If a secure address is deleted from the address table, the port begins sticky learning again.
Secured ports generate address-security violations under the following conditions:
The Switched Port Analyzer (SPAN) mirrors the traffic at one port to a predefined SPAN port. Any port can be designated as the SPAN port, and the traffic can be mirrored from any number of ports. You can use a sniffer on the SPAN port to troubleshoot network problems by examining traffic on other ports or segments.
The Remote Monitoring (RMON) MIB is a tool used by network managers to monitor remote devices. An RMON implementation consists of a software probe that continually collects statistics about a LAN and a management station that communicates with the probe. The probe transfers information to the management station on request or when a predefined threshold is crossed.
The Catalyst 2900 supports four RMON groups as defined in RFC 1757. Default statistic rows are created for each port when you start the switch. You can obtain information about the four supported groups by using any SNMP management application. Table 2-1 describes the supported RMON groups.
CDP provides network managers with an accurate picture of the network at any time. By gathering information about the types of devices, the links between those devices, and the number of interfaces within each device, CDP enables network management applications to display a graphical topology map of the network. Detailed information about the connections between devices is also available. This protocol is enabled by default.
For more information about enabling CDP, see the "CDP Management" section of the "Web-Based Management" chapter.
Spanning-Tree Protocol is a standardized technique for maintaining a network of multiple bridges or switches. As part of the IEEE 802.1d standard, Spanning-Tree Protocol interoperates with compliant bridges and switches from other vendors. When the topology changes, it transparently reconfigures bridges to avoid the creation of loops and to establish redundant paths in the event of lost connections. All ports are included in Catalyst 2900 Spanning-Tree Protocol support, and management of Spanning-Tree Protocol is through the standard bridge MIB. Spanning-Tree Protocol is enabled by default.
You can create a redundant backbone with Spanning-Tree Protocol by connecting two of the switch ports to another device or to two different devices. Spanning-Tree Protocol automatically disables one port, but enables it if the other port is lost. If one link is high-speed and the other low-speed, the low-speed link is always disabled. If the speed of the two links is the same, the port priority and port ID are added together and Spanning-Tree Protocol disables the link with the lowest value.
You can also create redundant links between switches by using Fast EtherChannel port groups. Fast EtherChannel groups treat up to four ports as if they were one port. If one of the ports in the group goes down, the other ports forward and receive the traffic of the disabled port. This approach maximizes the forwarding capacity of the ports because a disabled port need not be kept in reserve.
Dynamic addresses are aged and dropped from the address table after a configurable period of time. The default for aging dynamic addresses is 5 minutes. However, a reconfiguration of the spanning tree can cause many station locations to change. Because this could mean that these stations were unreachable for 5 minutes or more, the address-aging time is accelerated so that station addresses can be dropped from the address table and then relearned. The accelerated aging is the same as the forward-delay parameter value when Spanning-Tree Protocol reconfigures.
|
|