Learn layer 2 switching functions
Do you remember from Module 1 that switches operate at layer 2 of the OSI? Switches can only look at the MAC address of traffic and forward or block it based upon this address. Historically, because switches dont have to waste time examining layer 3 (IP) addresses they were considerably faster than routers. Now, due to advances in switching and routing technology, forwarding planes are of comparable speed.
LAN switching is usually referred to as layer 2 switching because more advanced switching methods have now been invented that can actually operate at layer 3 and above. These types of switches are not included in the CCNA syllabus yet, but do check the latest syllabus before you book the exam.
Figure 3–1: Cisco Catalyst 2950 switch range
Switches operate in exactly the same way as another layer 2 device known as a bridge. The difference between the two is that bridges store addresses in software (RAM) whereas switches use something called content addressable memory (CAM) to build a table (so long as they are using a silicon chip). Throughout this module you can swap the word switch for bridge and vice versa.
The most notable difference between a switch and a bridge is the commercial implementation. Switches are used for separating the LAN into smaller segments (micro-segmentation). In practice, they are more intelligent and can be used for services such as VLAN trunking protocol (VTP), virtual LANs (VLANs), and quality of service (QOS). Another notable difference is that a bridge uses software to store the CAM table whereas switch uses Application Specific Integrated Circuits (ASICs) to do this.
Figure 3–2: A simple switched network
Switches perform three main functions:
- Learning MAC addresses
- Filtering and forwarding frames
- Preventing loops on the network
Learning MAC addresses
When a switch is first powered up it is not aware of the location of any of the hosts on the network. In a very short time, as hosts transmit data to other hosts, it learns the MAC address and remembers which hosts are connected to which port. If an address is not currently in the switches database it will send a broadcast message out of each port except the port that the request was received on, then when the switch receives a reply it will add the address and source port to its database. It can take only a matter of minutes to build this database, Cisco refers to this as the CAM (Content-addressable memory) table.
The switch will store a table of MAC addresses for a limited amount of time. If no traffic is heard from that port for a predefined period of time then the entry is purged from memory. This is to free up memory space on the switch and also prevent entries from becoming out of date and inaccurate. This time is known as the MAC address aging time. On the Cisco 2950 this time is 300 seconds by default and can be configured to be between 10 and 1,000,000 seconds. The switch can also be configured so as to not purge the addresses ever.
A hub will never remember which hosts are connected to which ports, and will always flood traffic out of each and every port. A hub is actually a layer 1 (OSI) device. This is where switches differ from hubs.
The command to see the CAM table of a switch is “show mac-address-table”. Here is an example of the CAM table of a switch:
Table 3–1: Switch1#show mac-address-table
Note that the switch stores the MAC address and the port where the host is connected. Do not worry about the VLAN column at the moment, as we will cover this later in the module. If you want to view only the dynamic MAC addresses that the switch has discovered, use the "show mac-address-table dynamic" command.
Filtering and forwarding frames
Whenever a frame arrives at a switch port the switch examines its database of MAC addresses. If the destination address is in the database, the frame will only be sent out of the interface the destination host is attached to. This process is known as frame filtering. If the address is not known, then the switch has no option but to flood the frame out all ports other than the one on which it arrived.
|IN THE REAL WORLD: Broadcasts can also be caused by faulty network cards that can send out considerable amounts of traffic until the source can be found. Tracing the source of broadcast storms usually requires the use of a network sniffer.|
Preventing loops on the network
Having multiple paths to destinations can be very useful in a network. If one path breaks, the traffic can take an alternative route. However, for switches this feature can often cause a lot of problems on the network. If a broadcast is sent out of one link, it will be flooded out of all links and could bring the network to a grinding halt due to congestion. This situation is known as a broadcast storm.
The least desired effect of a broadcast storm is when a switch sends out an incorrect broadcast frame. As a consequence, it also receives multiple replies from different hosts with incorrect answers and the broadcast process grows as further broadcasts are sent out. This will quickly cause the network to slow and produce lots of errors and time-outs. The switch prevents this using the Spanning Tree Protocol. We will look at this in depth shortly.