CCNAB

Click Here to Post Review Comments

Switching Fundamentals
Version 2.0

Module 4
Text Part Number: Review Copy
The products and specifications, configurations, and other technical information regarding the products in this
manual are subject to change without notice. All statements, technical information, and recommendations in
this manual are believed to be accurate but are presented without warranty of any kind, express or implied. You
must take full responsibility for their application of any products specified in this manual.
LICENSE
PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE MANUAL,
DOCUMENTATION, AND/OR SOFTWARE (“MATERIALS”). BY USING THE MATERIALS YOU
AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS LICENSE. IF YOU DO NOT
AGREE WITH THE TERMS OF THIS LICENSE, PROMPTLY RETURN THE UNUSED MATERIALS
(WITH PROOF OF PAYMENT) TO THE PLACE OF PURCHASE FOR A FULL REFUND.
Cisco Systems, Inc. (“Cisco”) and its suppliers grant to you (“You”) a nonexclusive and nontransferable
license to use the Cisco Materials solely for Your own personal use. If the Materials include Cisco software
(“Software”), Cisco grants to You a nonexclusive and nontransferable license to use the Software in object
code form solely on a single central processing unit owned or leased by You or otherwise embedded in
equipment provided by Cisco. You may make one (1) archival copy of the Software provided You affix to such
copy all copyright, confidentiality, and proprietary notices that appear on the original. EXCEPT AS
EXPRESSLY AUTHORIZED ABOVE, YOU SHALL NOT: COPY, IN WHOLE OR IN PART,
MATERIALS; MODIFY THE SOFTWARE; REVERSE COMPILE OR REVERSE ASSEMBLE ALL OR
ANY PORTION OF THE SOFTWARE; OR RENT, LEASE, DISTRIBUTE, SELL, OR CREATE
DERIVATIVE WORKS OF THE MATERIALS.
You agree that aspects of the licensed Materials, including the specific design and structure of individual
programs, constitute trade secrets and/or copyrighted material of Cisco. You agree not to disclose, provide, or
otherwise make available such trade secrets or copyrighted material in any form to any third party without the
prior written consent of Cisco. You agree to implement reasonable security measures to protect such trade
secrets and copyrighted Material. Title to the Materials shall remain solely with Cisco.
This License is effective until terminated. You may terminate this License at any time by destroying all copies
of the Materials. This License will terminate immediately without notice from Cisco if You fail to comply with
any provision of this License. Upon termination, You must destroy all copies of the Materials.
Software, including technical data, is subject to U.S. export control laws, including the U.S. Export
Administration Act and its associated regulations, and may be subject to export or import regulations in other
countries. You agree to comply strictly with all such regulations and acknowledge that it has the responsibility
to obtain licenses to export, re-export, or import Software.
This License shall be governed by and construed in accordance with the laws of the State of California, United
States of America, as if performed wholly within the state and without giving effect to the principles of conflict
of law. If any portion hereof is found to be void or unenforceable, the remaining provisions of this License
shall remain in full force and effect. This License constitutes the entire License between the parties with respect
to the use of the Materials
Restricted Rights - Cisco’s software is provided to non-DOD agencies with RESTRICTED RIGHTS and its
supporting documentation is provided with LIMITED RIGHTS. Use, duplication, or disclosure by the U.S.
Government is subject to the restrictions as set forth in subparagraph “C” of the Commercial Computer
Software - Restricted Rights clause at FAR 52.227-19. In the event the sale is to a DOD agency, the U.S.
Government’s rights in software, supporting documentation, and technical data are governed by the restrictions
in the Technical Data Commercial Items clause at DFARS 252.227-7015 and DFARS 227.7202.
DISCLAIMER OF WARRANTY. ALL MATERIALS ARE PROVIDED “AS IS” WITH ALL FAULTS.
CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING,
WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE
PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL,
CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST
PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS
MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES. In no event shall Cisco’s or its suppliers’ liability to You, whether in contract, tort
(including negligence), or otherwise, exceed the price paid by You. The foregoing limitations shall apply even
if the above-stated warranty fails of its essential purpose.
The following information is for FCC compliance of Class A devices: This equipment has been tested and
found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits
are designed to provide reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not
installed and used in accordance with the instruction manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely to cause harmful interference, in
which case users will be required to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: The equipment described in this manual
generates and may radiate radio-frequency energy. If it is not installed in accordance with Cisco’s installation
instructions, it may cause interference with radio and television reception. This equipment has been tested and
found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of
the FCC rules. These specifications are designed to provide reasonable protection against such interference in a
residential installation. However, there is no guarantee that interference will not occur in a particular
installation.
You can determine whether your equipment is causing interference by turning it off. If the interference stops, it
was probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes
interference to radio or television reception, try to correct the interference by using one or more of the
following measures:
• Turn the television or radio antenna until the interference stops.
• Move the equipment to one side or the other of the television or radio.
• Move the equipment farther away from the television or radio.
• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make
certain the equipment and the television or radio are on circuits controlled by different circuit breakers or
fuses.)
Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate
your authority to operate the product.
The following third-party software may be included with your product and will be subject to the software
license agreement:
CiscoWorks software and documentation are based in part on HP OpenView under license from the Hewlett-
Packard Company. HP OpenView is a trademark of the Hewlett-Packard Company. Copyright © 1992, 1993
Hewlett-Packard Company.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the
University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating
system. All rights reserved. Copyright © 1981, Regents of the University of California.
Network Time Protocol (NTP). Copyright © 1992, David L. Mills. The University of Delaware makes no
representations about the suitability of this software for any purpose.
Point-to-Point Protocol. Copyright © 1989, Carnegie-Mellon University. All rights reserved. The name of the
University may not be used to endorse or promote products derived from this software without specific prior
written permission.
The Cisco implementation of TN3270 is an adaptation of the TN3270, curses, and termcap programs
developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the
UNIX operating system. All rights reserved. Copyright © 1981-1988, Regents of the University of California.
Cisco incorporates Fastmac and TrueView software and the RingRunner chip in some Token Ring products.
Fastmac software is licensed to Cisco by Madge Networks Limited, and the RingRunner chip is licensed to
Cisco by Madge NV. Fastmac, RingRunner, and TrueView are trademarks and in some jurisdictions registered
trademarks of Madge Networks Limited. Copyright © 1995, Madge Networks Limited. All rights reserved.
XRemote is a trademark of Network Computing Devices, Inc. Copyright © 1989, Network Computing
Devices, Inc., Mountain View, California. NCD makes no representations about the suitability of this software
for any purpose.
The X Window System is a trademark of the X Consortium, Cambridge, Massachusetts. All rights reserved.
Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers,
and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices.

Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia
Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary India
Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand
Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore
Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom
United States Venezuela Vietnam Zimbabwe

Copyright  2001, Cisco Systems, Inc. All rights reserved. AccessPath, AtmDirector, Browse with Me,
CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, CiscoLink, the Cisco NetWorks logo, the
Cisco Powered Network logo, Cisco Systems Networking Academy, Fast Step, Follow Me Browsing,
FormShare, FrameShare, GigaStack, IGX, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ
FastTrack, the iQ logo, iQ Net Readiness Scorecard, MGX, the Networkers logo, Packet, RateMUX,
ScriptBuilder, ScriptShare, SlideCast, SMARTnet, TransPath, Unity, Voice LAN, Wavelength Router, and
WebViewer are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn,
Discover All That’s Possible, and Empowering the Internet Generation, are service marks of Cisco Systems,
Inc.; and Aironet, ASIST, BPX, Catalyst, Cisco, the Cisco Certified Internetwork Expert Logo, Cisco IOS, the
Cisco IOS logo, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Enterprise/Solver,
EtherChannel, EtherSwitch, FastHub, FastSwitch, IOS, IP/TV, LightStream, MICA, Network Registrar, PIX,
Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are
registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.

All other brands, names, or trademarks mentioned in this document or Web site are the property of their
respective owners. The use of the word partner does not imply a partnership relationship between Cisco and
any other company. (0104R)

This Document is strictly controlled through the Cisco Learning Partner license
agreement. Accordingly, do not copy, print or distribute this preliminary
document.

Cisco Certified Network Associate Basics (CCNAB), Version 2.0:

Copyright  2002, Cisco Systems, Inc.
All rights reserved. Printed in USA.
1 Module 4

Click Here to Post Review Comments

2 Switching
3 Fundamentals

4
4 Table of Contents
5 MODULE 4 ........................................................................................................................1

6 SWITCHING FUNDAMENTALS.......................................................................................1
7 OVERVIEW ......................................................................................................................................................3
8 4.1 SHARED LAN TECHNOLOGY .......................................................................................................................4
9 Overview ....................................................................................................................................................4
10 4.1.1 Early Local-Area Networks..................................................................................................................5
11 4.1.2 Hubs ..................................................................................................................................................7
12 4.1.3 Collisions ...........................................................................................................................................8
13 4.1.4 Transmission Ways..............................................................................................................................9
14 4.1.5 Hub-Based LANs...............................................................................................................................10
15 4.1.6 Bridges.............................................................................................................................................11
16 4.1.7 Switches—Layer 2.............................................................................................................................12
17 4.1.8 Switches vs. Hubs..............................................................................................................................13
18 4.1.9 Typical Causes of Network Congestion ...............................................................................................14
19 4.1.10 Today’s LANs .................................................................................................................................15
20 Summary ..................................................................................................................................................16
21 4.2 LAN SWITCHING BASICS ...........................................................................................................................17
22 Overview ..................................................................................................................................................17
23 4.2.1 Microsegmentation............................................................................................................................18
24 4.2.2 LANs vs. VLANs ................................................................................................................................19
25 4.2.3 Switching Technology: Full Duplex ....................................................................................................22
26 4.2.4 Switching Technology: Two Methods ..................................................................................................23
27 4.2.5 The Need for Spanning Tree...............................................................................................................24
28 Summary ..................................................................................................................................................26
29 4.3 MULTILAYER SWITCHING DEVICES .............................................................................................................27
30 Overview ..................................................................................................................................................27
31 4.3.1 Layer 2 Switching Devices .................................................................................................................28
32 4.3.2 Layer 3 Switching Devices .................................................................................................................30
33 4.3.3 Layer 4 Switching Devices .................................................................................................................32
34 Summary ..................................................................................................................................................34
35 4.4 VIRTUAL LANS ........................................................................................................................................35
36 Overview ..................................................................................................................................................35
37 4.4.1 Constraints of Shared LANs ...............................................................................................................36
38 4.4.2 Virtual LANs.....................................................................................................................................38
39 4.4.3 Remove the Physical Boundaries ........................................................................................................40
40 4.4.4 VLAN Benefits ..................................................................................................................................41
41 4.4.5 VLAN Components ............................................................................................................................42
42 4.4.6 Establishing VLAN Membership .........................................................................................................43
43 4.4.7 Membership by Port ..........................................................................................................................44
44 4.4.8 Membership by MAC Addresses .........................................................................................................45
45 4.4.9 Multiple VLANs per Port ...................................................................................................................46
46 4.4.10 Communicating Between VLANs.......................................................................................................47
47 Summary ..................................................................................................................................................48
48 SUMMARY .....................................................................................................................................................49
49
50
51
52

4-2 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
53 Overview
54 Switching is a technology that decreases congestion in local-area networks (LANs)
55 by reducing traffic and increasing bandwidth.
56
57 This module discusses problems in a LAN and possible solutions that can improve
58 LAN performance. You will learn about LAN congestion and its effect on network
59 performance and the advantages of LAN segmentation in a network. In addition,
60 you will learn about the advantages and disadvantages of using bridges, switches,
61 and routers for LAN segmentation and the effects of switching, bridging, and
62 routing on network throughput. Finally, you will learn about VLANs and the
63 benefits of VLANs.
64
65 Upon completing this module, you will be able to:
66
67 ■ Describe the basics of traditional LAN technology
68 ■ Describe the basics of LAN switching technologies and Spanning-Tree
69 Protocol (STP)
70 ■ Describe switching devices used in the Open System Interconnection (OSI)
71 Layers 2, 3, and 4
72 ■ Describe the benefits of virtual LANs (VLANs) and discuss the VLAN
73 issues of broadcast control and security firewalls

74 Outline
75 This module contains the following lessons:
76
77 ■ Overview
78 ■ Shared LAN Technology
79 ■ LAN Switching Basics
80 ■ Multilayer Switching
81 ■ Virtual LANs
82 ■ Summary
83
84

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-3

85 4.1 Shared LAN Technology

86 Overview
87 This lesson discusses the basic of traditional LAN technology and the role that
88 hubs, bridges, and switches play in a LAN environment.
89

90 Objectives
91 Upon completing this lesson, you will be able to:
92
93 ■ Identify traditional LAN technology
94 ■ Identify the problems when using a hub is a network
95 ■ Define a collision in an Ethernet LAN
96 ■ Identify the features of hub-based network
97 ■ Identify the features of a bridge-based network
98 ■ Identify the features of a switch-based network
99 ■ Compare and contrast the features of switched-based and hub-based
100 networks
101 ■ Identify the typical causes of network congestion
102 ■ Describe the features of today’s LAN

103 Outline
104 This lesson includes these sections:
105
106 ■ Overview
107 ■ Early Local-Area Networks
108 ■ Hubs Addressed Many of These Problems
109 ■ Collisions: Telltale Signs
110 ■ Hub-Based LANs
111 ■ Bridges
112 ■ Switches—Layer 2
113 ■ Switches vs. Hubs
114 ■ Typical Causes of Network Congestion
115 ■ Today’s LANs
116 ■ Summary

117

4-4 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
117 4.1.1 Early Local-Area Networks
118 Figure 1: Early Local-Area Networks

119
120
121 The earliest local-area network (LAN) technologies that were installed widely were
122 either thick Ethernet or thin Ethernet infrastructures. It's important to understand
123 some of the limitations of these infrastructures to see where LAN switching stands
124 today. Thick Ethernet installations had some important limitations, such as distance,
125 for example. Early thick Ethernet networks were limited to only 500 meters before
126 the signal degraded. For distances beyond 500 meters, repeaters were required to
127 boost and amplify that signal.
128
129 There were also limitations on the number of stations and servers on a network, as
130 well as the placement of those workstations on the network. The cable itself was
131 relatively expensive, and it was large in diameter, making it difficult to install
132 throughout the building because it was pulled through the walls and ceilings.
133 Adding new users was relatively simple—a nonintrusive tap plugged in a new
134 station anywhere along the cable. The thick Ethernet network provided a capacity of
135 10 megabits per second (Mbps), but this bandwidth was shared, meaning that 10 Mb
136 was shared among all users on a given segment.
137
138 A slight improvement to thick Ethernet was thin Ethernet technology, commonly
139 referred to as cheaper net. This technology was less expensive, and it required less
140 space in terms of installation than thick Ethernet because it was thinner in diameter,
141 hence the name. It was still relatively challenging to install, though, because it
142 sometimes required a home run, or a direct run from a workstation back to a hub or
143 concentrator. Adding users required a momentary interruption in the network,
144 because a cable segment had to be broken in order to add a new server or
145 workstation.

146 Practice
147 1. What is the maximum distance for thick Ethernet without using a repeater?
148
149 A. 185 meters

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-5

150 B. 250 meters
151 C. 500 meters **
152 D. 800 meters
153
154

4-6 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
154 4.1.2 Hubs
155 Figure 1: Hub Addressed Many of These Problems

All Node Share 10 Mbps

One Device Sending at a Time

156
157
158 Adding hubs or concentrators into the network offered an improvement on thin and
159 thick Ethernet technology. Hubs are sometimes referred to as Ethernet concentrators
160 or Ethernet repeaters; they are basically self-contained Ethernet segments within a
161 box. Unshielded twisted-pair (UTP) cabling was used, but the fundamental
162 limitation of a shared technology remained. As you can see in Figure [1], Ethernet is
163 fundamentally a shared technology—all users of a given LAN segment “fight” for
164 the same amount of bandwidth. This situation is analogous to cars all trying to get
165 onto the freeway at once. In the network, even though each device has its own cable
166 segment that connects into the hub, they all share the same fixed amount of
167 bandwidth. Frames, or packets, in a network all vie for bandwidth.
168
169 Although physically it looks like all users have their own segment to their
170 workstation, they are all interconnected inside the hub, so the hub is still a shared
171 Ethernet technology. Also, these devices are passive, meaning that they're virtually
172 transparent to the end users—the end users don't even know that they exist. In
173 addition, the devices have no role in terms of a forwarding decision in the network,
174 nor do they provide any segmentation within the network because they work at
175 Layer 1 in the OSI framework.

176 Practice
177 1. Which of the following does not describe a hub?
178
179 A. It works at OSI model physical layer
180 B. It is a passive device
181 C. It is also known as Ethernet concentrator.
182 D. It filter the traffics pass through it. **
183

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-7

183 4.1.3 Collisions
184 Figure 1: Collisions: Telltale Signs

185
186
187 Collisions are by-products of an Ethernet network. In an Ethernet network, many
188 stations share the same segment, so any one of these stations can transmit at any
189 given time. If two or more stations try to transmit at the same time, a collision
190 results, indicating that the network is becoming too congested or that too many
191 users are on the same segment.
192
193 When the number of collisions in the network becomes excessive, sluggish network
194 response times result; an increasing number of user complaints reported to the
195 network manager is a good indication that the network is sluggish.

196 Practice
197 1. If two or more station on a network try to transmit simultaneously, what is this
198 called?
199
200 A. Propagation
201 B. Retransmission
202 C. Collision **
203 D. Backoff
204

4-8 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
204 4.1.4 Transmission Ways
205 Figure 1: Other Bandwidth Consumers

206
207
208 It's also important to understand fundamentally how transmissions can occur in the
209 network. Communication in a network occurs in three ways. The most common way
210 is by unicast transmissions. In a unicast transmission, one transmitter tries to reach
211 one receiver. This form of communication is by far the most common form of
212 communication in a network.
213
214 Another way to communicate is by broadcasting, when one transmitter tries to
215 reach all receivers in the network. As you can see in Figure [1], the server station is
216 sending out one message and it is being received by everyone on that segment.
217
218 The last mechanism is known as a multicast, when one transmitter tries to reach not
219 everyone, but a subset or a group of the entire segment. As shown in Figure [1], two
220 stations are reached, but one of them doesn’t need to participate, so it is not in the
221 multicast group.

222 Practice
223 1. Which of the following is not a common way of transmission in a network?
224
225 A. Unicast
226 B. Bicast **
227 C. Broadcast
228 D. Multicast
229
230

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-9

230 4.1.5 Hub-Based LANs
231 Figure 1: Hub-Based LANs

■ All resources are shared.

■ Desktop connections are
wired to centralized closets.
■ Security is poor within
segment.
■ Routers provide scalability.
■ Adds, moves, and changes
are easier than without hubs,
but sill a hassle.
■ Groups of users are
determined by physical
location.

232
233
234 Hubs were introduced into the network as a better way to scale thin and thick
235 Ethernet networks. It's important to remember, though, that these are still shared
236 Ethernet networks, even though hubs are used. Each individual workstation or
237 server in the network has an individual desktop connection, allowing centralization
238 of all cabling back to a wiring closet. This setup makes adds, moves, and changes
239 easier because cables can just be moved around in the wiring closet. (Later we show
240 that adds, moves, and changes are even easier with LAN switching.)
241
242 In a hub- or concentrator- based network, workgroups are determined simply by the
243 physical hub plugged into. (Again LAN switching makes configuration for
244 workgroups even easier.)

245 Practice
246 1. Which of the following is not a characteristic of hub-based LANs?
247
248 A. All resources are shared.
249 B. Security is very high within each segment. **
250 C. Groups of users are determined by physical location.
251 D. Desktop connections are wired to centralized closets.
252
253

4-10 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
253 4.1.6 Bridges
254 Figure 1: Bridges

■ Bridges are more intelligent than hubs.

■ Bridges “eavesdrop” on conversations
to learn and maintain address tables.
■ Bridges collect and pass packets
between two network segments.
■ Bridges control traffic to the network.

255
256
257 Segmentation is used to scale networks. One way to scale hub-based networks is to
258 add routers; another is to add bridges, which provide a certain level of segmentation
259 by adding a certain amount of intelligence into the network.
260
261 Bridges operate at Layer 2, whereas hubs operate at Layer 1. Operating at Layer 2
262 offers more intelligence for making forwarding decisions. Bridges are more
263 intelligent than hubs because they can actually listen in, or “eavesdrop” on the
264 traffic going through—they can look at source and destination addresses, and they
265 can build a table that enables them to make intelligent forwarding decisions. They
266 actually collect and pass frames between two network segments while at the same
267 time making intelligent forwarding decisions. As a result, brides can provide greater
268 control of the traffic within a network.

269 Practice
270 1. Which of the following is not a feature of bridges?
271
272 A. Bridges operate at Layer 2 of OSI model.
273 B. Bridges are more intelligence than hubs.
274 C. Bridges does not make any decisions. **
275 D. Bridges build and maintain address tables.
276

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-11

276 4.1.7 Switches—Layer 2
277 Figure 1: Switches—Layer 2

Each Node Has 10 Mbps

Multiple Devices Sending at the Same Time

278
279
280 Switches provide even better control, at least at Layer 2. As you can see in Figure
281 [1], we've improved the model of traffic going through the network. Returning to the
282 traffic analogy, we have actually subdivided the main highway so that each car has
283 its own lane to drive on through the network. And fundamentally, this functionality
284 can be provided in data networks as well.
285
286 Each station has its own cable into the network—analogous to each workstation
287 having its own “lane” through the “highway.” Then with functionality known as
288 microsegmentation, each workstation gets its own dedicated segment through the
289 network. Microsegmentation enables the travel of multiple, simultaneous
290 conversations through the switch at any given time. Hubs and bridges offer only
291 limited numbers of simultaneous conversations at a time.
292
293 Remember that if two stations try to communicate in a hubbed environment,
294 collisions result. In a switched environment, however, collisions don’t occur
295 because each workstation has its own dedicated path through the network. The
296 network actually has dramatically more bandwidth, and each station now has a
297 dedicated 10-Mbps worth of bandwidth.

298 Practice
299 1. Which is true of microsegmentation?
300
301 A. Each workstation gets its own dedicated segment through the network.
302 **
303 B. All the workstations are grouped as one segment.
304 C. Microsegmentation increases collisions on a network.
305 D. None of the above.
306

4-12 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
306 4.1.8 Switches vs. Hubs
307 Figure 1: Switches vs. Hubs

One Device
Sending at a
Time

All Nodes Share 10 Mbps

Multiple
Devices
Sending at the
Same Time

Each Node Has 10 Mbps

308
309
310 Remember when considering switches versus hubs that with hubs all traffic fights
311 for the same fixed amount of bandwidth. Figure [1] shows improved traffic flow
312 through the network because each workstation has a dedicated lane.

313 Practice
314 1. Which of the following statement is true?
315
316 A. In a hubbed network, multiple devices can send data at the same time.
317 B. In a switched network, only one device can send data at a time.
318 C. Switches can improve the traffic flow of a network. **
319 D. None of the above
320
321

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-13

321 4.1.9 Typical Causes of Network Congestion
322 Figure 1: Typical Causes of Network Congestion

SBus

323
324
325 How do congestion problems manifest themselves in a network? Remember that
326 shared LAN segments have a fixed amount of bandwidth. As users are added,
327 proportionally, the amount of bandwidth per user decreases, and the result is
328 collisions—and, of course, collisions reduce performance.
329
330 Now consider the newer technologies used in workstations. With early LAN
331 technologies, workstations were relatively limited in terms of the amount of traffic
332 they could deliver to the network. But with newer, faster CPUs, faster buses, faster
333 peripherals, and so on, it is much easier for a single workstation to fill up a network
334 segment. So with faster PCs, applications can be used to better advantage—at the
335 expense of reduced available bandwidth.
336
337 In particular, bandwidth-intensive applications that are used today, such as desktop
338 publishing, engineering applications, imaging applications, and even multimedia
339 applications, deplete available bandwidth faster than ever.

340 Practice
341 1. Which of the following is not a cause of network congestion?
342
343 A. Too many users
344 B. Most of the users accessing the same server
345 C. Too many bandwidth-intensive application installed
346 D. Too many segments **
347

348

4-14 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
348 4.1.10 Today’s LANs
349 Figure 1: Today’s LANs

■ Resources are mostly

switched, and few are
shared.
■ Routers provide
scalability.
■ Groups of users are
determined by
physical location.

350
351
352 Switched infrastructures are the most commonly implemented LANs today. Because
353 of the price point of deploying switches, many companies are bypassing the shared-
354 hub technologies and moving directly to switches. Even within switched networks,
355 at some point routers are needed to provide scalability. In addition, grouping of
356 users is largely determined by physical location.
357
358 Thus we have seen the limitations of traditional shared LAN technologies. Now
359 let’s see how we can improve performance in some of these areas. Consider
360 deployment of LAN switches to take advantage of some new, improved
361 technologies.

362 Practice
363 1. Which of the following technology is the most commonly implemented LANs
364 today?
365
366 A. Hubbed Network
367 B. Switched Network **
368 C. Shared Network
369 D. None of the above
370
371
372

373

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-15

373 Summary
374 This section summarizes the key points you learned in this lesson.
375
376 ■ The earliest LAN technologies that were installed widely were either thick
377 Ethernet or thin Ethernet infrastructures.
378 ■ Hubs are also known as Ethernet concentrators or Ethernet repeaters. Hubs
379 are Layer 1 device.
380 ■ When one or two nodes on a Ethernet network try to send data at the same
381 time, a collision happens.
382 ■ There are three common transmission ways: unicast, broadcast, and
383 multicast transmission.
384 ■ In a hub-based LAN, all resources are shared.
385 ■ Bridges operate at Layer 2. Bridges use MAC addresses to filter traffic pass
386 to it.
387 ■ Switches are Layer 2 devices. A switch segments a LAN into
388 microsegments.
389 ■ Some of the typical causes of network congestions are too many users, too
390 many network-intensive applications are used, too many users tried to
391 access the same server, and so on.
392
393
394
395
396
397
398

4-16 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
399 4.2 LAN Switching Basics

400 Overview
401 This lesson discusses LAN switching technology, such as full duplex transmission, and
402 switching methods. This lesson also introduces Spanning-Tree Protocol.
403

404 Objectives
405 Upon completing this lesson, you will be able to:
406
407 ■ Define microsegmentation
408 ■ Describe how LAN switch operates
409 ■ Describe full-duplex transmission
410 ■ Identify two common switching methods: cut-through and store and forward
411 ■ Describe the functions and features of Spanning-Tree Protocol

412 Outline
413 This lesson includes the these sections:
414
415 ■ Overview
416 ■ Microsegmentations
417 ■ LAN Switch Operation
418 ■ Switching Technology: Full Duplex
419 ■ Switching Technology: Two Methods
420 ■ The Need for Spanning Tree
421 ■ Summary
422
423

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-17

423 4.2.1 Microsegmentation
424 Figure 1: LAN Switching Basics

425
426
427 Again, LAN switching provides microsegmentation, which gives dedicated
428 bandwidth to each user on the network. Microsegmentation eliminates collisions in
429 a network, and effectively increases the capacity for each station connected to the
430 network. It also supports multiple, simultaneous conversations at any given time,
431 resulting in dramatic improvement in available bandwidth and scalability.

432 Practice
433 1. Which of the following is not a feature of microsegmentation?
434
435 A. Microsegmentation enables dedicated access.
436 B. Microsegmentation supports multiple conversations at any given time.
437 C. Microsegmentation increases the capacity for each workstation
438 connected to the network.
439 D. Microsegmentation increases collision. **
440
441
442
443
444
445
446

4-18 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
446 4.2.2 LAN Switch Operation
447 Figure 1: LAN Switch Operation (Note: The following Figures will be animated)

448
449
450 Figure 2: LAN Switch Operation

451
452
453 Figure 3: LAN Switch Operation

454
455

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-19

456 Figure 4: LAN Switch Operation

457
458
459 Figure 5: LAN Switch Operation

460
461
462 Now let’s look at the fundamental operation of a LAN switch. As indicated in
463 Figure [1], some data needs to be transmitted from Station A to Station B.
464 Remember that as this traffic goes through the network, the switch operates at Layer
465 2, meaning that the switch can look at the Media Access Control (MAC)-layer
466 address. The switch actually looks at the traffic as it goes through to discover the
467 MAC address and store it in an address table (see Figure [2]).
468
469 So, as the traffic goes through, an entry is made in this table in terms of station and
470 the port that it's connected to on the switch.
471
472 When that frame of data is in the switch, it floods to all ports because the
473 destination station is unknown. After the address entry is made in the table,
474 however, a response comes back from Station B to Station A, and now the switch
475 knows where Station A is connected to the network (see Figure [3]).
476
477 So the data is transmitted into the switch, but notice that the switch doesn't flood the
478 traffic this time—it sends the data out only port 3, because it knows where Station A
479 is on the network (see Figures [4] and [5]). The original transmission indicated

4-20 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
480 where that MAC address came from, allowing the switch to more efficiently deliver
481 traffic in the network. As noted previously, the fundamental concept behind LAN
482 switching is called microsegmentation, and it allows multiple, simultaneous
483 conversations in the network.

484 Practice
485 1. Which of the following is used by LAN switches for making the forwarding
486 decision?
487
488 A. IP Address
489 B. MAC Address
490 C. Network Address
491 D. Host Address
492
493
494

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-21

494 4.2.3 Switching Technology: Full Duplex
495 Figure 1: Switching Technology: Full Duplex

■ Doubles bandwidth between nodes

- e.g. switch and server
■ Offers collision-free transmission
■ Offers two 10- or 100-Mbps data path

496
497
498 Another concept of LAN switching that dramatically improves scalability is full-
499 duplex transmission, which effectively doubles the amount of bandwidth between
500 nodes. This feature can be important, for example, between high-bandwidth
501 consumers such as between a switch and a server connection. It provides essentially
502 collision-free transmissions in the network. In 10-Mbps connections, for example, it
503 effectively provides 10 Mb of transmit capacity and 10 Mb of receive capacity, for
504 effectively 20 Mb of capacity on a single connection. Likewise, a 100-Mbps
505 connection offers effectively 200 Mbps of throughput.

506 Practice
507 1. Which of the following is a feature of full-duplex transmission?
508
509 A. It offers two 10- to 100-Mbps data transmission path.
510 B. It doubles bandwidth between nodes.
511 C. It provides collision-free transmission in the network.
512 D. All of the above **
513

514

4-22 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
514 4.2.4 Switching Technology: Two Methods
515 Figure 1: Switching Technology: Two Methods

■ Cut-through ■ Store and forward

- Switch checks destination - Complete frame is
address and immediately received before forwarding
begins forwarding frame

516
517
518 There are two modes of switching, offering different performance and latency.
519 (Note: Latency, sometimes called propagation delay, is the time a frame, or packet,
520 of data takes to travel from the source station or node to its final destination on the
521 network.)
522
523 First, in cut-through switching, the switch reads the destination MAC address as the
524 traffic flows through the switch and “cuts through” to its destination without
525 continuing to read the rest of the frame. Cut-through switching offers better
526 performance than the second method, known as store and forward.
527
528 In store-and-forward switching, the switch reads the entire frame of data, decides
529 where it needs to go, and sends it on its way. The obvious trade-off here is the
530 longer time it takes the switch to read the entire frame. As it reads the entire frame,
531 however, it performs some error correction on that frame, possibly increasing
532 reliability. In summary, although cut-through switching is faster, it offers no error
533 detection.

534 Practice
535 1. The two types of switching methods are ____________ and _______________.
536
537
538

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-23

538 4.2.5 The Need for Spanning Tree
539 Figure 1: The Need for Spanning Tree

540
541
542 Figure 2: 802.1d Spanning-Tree Protocol (STP)

(bridge protocol data units)

543
544
545 Now let's look at some key technologies within LAN switching. In large networks,
546 one of the problems at Layer 2 in the OSI model is that if forwarding decisions are
547 made only at this layer, the network cannot have any physical layer loops.
548
549 Thus in a simple network, as we see in Figure [1], when a switch has any multicast,
550 broadcast, or any unknown traffic, the result will be storms of traffic being looped
551 endlessly through the network. To prevent this situation, loops need to be
552 eliminated. One way to eliminate the loops would be to physically disconnect those
553 segments, but that is obviously not a good solution because there would be no
554 physical redundancy in the network. Thus what is needed is a way to logically cut
555 out the loops in the network so that they can be reenabled dynamically if necessary.
556
557 802.1d Spanning-Tree
558 The solution is the Spanning-Tree Protocol, or STP. STP is actually an industry
559 standard defined by the IEEE standards committee, known as the 802.1d Spanning-
560 Tree Protocol. STP allows physical redundancy in the network, but it logically
561 disconnects those loops.
562

4-24 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
563 It's important to understand that logically disconnecting the loops allows dynamic
564 reestablishment of a connection if a failure occurs within the network. Switches and
565 bridges can disconnect loops simply by communicating back and forth with hello
566 messages. Hello messages are status messages that the bridges and switches
567 exchange periodically so they know the status of those logical connections and
568 disconnections. If a switch or bridge stops hearing a given communication from a
569 certain device on the network, that network device has failed. And when a network
570 failure occurs, the link must be reestablished in order to maintain redundancy.
571 Technically, these little exchanges are known as bridge protocol data units, or
572 BPDUs.
573
574 Although STP works well, it can take from 30 seconds to a full minute for the
575 network to fully converge—in order for all devices to know the status of the
576 network.

577 Practice
578 1. The Spanning-Tree Protocol allows which of the following?
579
580 A. Bridges to communicate Layer 3 information
581 B. Redundant network path without suffering the effects of loops in the
582 network. **
583 C. Static network paths for the prevention of loops.
584 D. None of the above
585
586
587
588

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-25

588 Summary
589 This section summarizes the key points you learned in this lesson.
590
591 ■ Switches can provide dedicated access to improve the shared LAN
592 technologies.
593 ■ Switches can also eliminate collisions and increase the capacity in a
594 network.
595 ■ Switches can support multiple, simultaneous conversations in a network.
596 ■ The main task of the Spanning-Tree Protocol (STP) is to prevent the
597 occurrence of network loops on a Layer 2 network.

4-26 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
598 4.3 Multilayer Switching Devices

599 Overview
600 This lesson describes OSI Layers 2, 3, and 4 switching devices and technologies.
601

602 Objectives
603 Upon completing this lesson, you will be able to:
604
605 ■ Identify and describe the switching devices used in OSI Layer 2
606 ■ Identify and describe the switching devices used in OSI Layer 3
607 ■ Identify and describe the switching devices used in OSI Layer 4

608 Outline
609 This lesson includes these sections:
610
611 ■ Overview
612 ■ Layer 2 Switching Devices
613 ■ Layer 3 Switching Devices
614 ■ Layer 4 Switching Devices
615 ■ Summary
616
617

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-27

617 4.3.1 Layer 2 Switching Devices
618 Figure 1: Layer 2 Switching

619
620
621 A Layer 2 switch is operationally similar to a multiport bridge, but has a much
622 higher capacity and supports many new features, such as full-duplex operation. A
623 Layer 2 LAN switch performs switching and filtering based on the OSI data link
624 layer (Layer 2) MAC address. Like bridges, Layer 2 switches are completely
625 transparent to network protocols and user applications.
626
627 Bridges and switches analyze incoming frames, make forwarding decisions based on
628 information contained in the frames, and forward the frames toward the destination.
629 Upper-layer protocol transparency is a primary advantage of both bridging and
630 switching. Because both device types operate at the data link layer, they are not
631 required to examine upper-layer information. Bridges are also capable of filtering
632 frames based on any Layer 2 fields.
633
634 Although bridges and switches share most relevant attributes, several distinctions
635 differentiate these technologies. Switches are significantly faster because they
636 switch in hardware. Switches also can support higher port densities than bridges.
637 And, some switches support cut-through switching, reducing latency and delays in
638 the network, whereas bridges support only store-and-forward traffic switching. The
639 primary differences, though, are that bridges perform switching via software (as
640 opposed to hardware) and switches have a higher port density.
641
642 Layer 2 switching is basically hardware-based bridging. In a switch, frame
643 forwarding is handled by specialized hardware called application-specific integrated
644 circuits (ASICs). The ASIC technology engineered for switches allows for
645 scalability up to gigabit speeds, with low latency at costs significantly lower than
646 Ethernet bridges.
647
648 Layer 2 switches provide network managers with the ability to increase bandwidth
649 without adding complexity to the network. Layer 2 data frames consist of both
650 control information, such as MAC addresses, and end-user content. At Layer 2, no
651 modification of the frame control information is required when moving between

4-28 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
652 similar Layer 1 interfaces, such as Ethernet and Fast Ethernet. However, changes to
653 control information may occur when bridging between unlike LAN types such as
654 Fiber Distributed Data Interface (FDDI) or ATM and Ethernet.
655
656 Workgroup connectivity and network segmentation are the two primary uses for
657 Layer 2 switches. The high performance of a Layer 2 switch allows for network
658 designs that significantly decrease the number of hosts per physical segment.
659 Decreasing the number of hosts per segment leads to a flatter design with more
660 segments in the campus network. However, despite the advantages of Layer 2
661 switching, it still has all the same characteristics and limitations of legacy bridging.

662 Practice
663 1. Which of the following is true for LAN switch?
664
665 A. Repairs network fragments known as microsegments.
666 B. They are very high-speed multiport bridges. **
667 C. Higher latency is made up for by lower bandwidth.
668 D. Requires new network interface cards on attached hosts.
669
670 2. What does ASIC stand for?
671
672 A. Application-specific interface card
673 B. Asymmetrical integrated circuit
674 C. Application-specific integrated circuit **
675 D. Automatically scalable interchange circuit
676
677

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-29

677 4.3.2 Layer 3 Switching Devices
678 Figure 1: Layer 3 Switching

679
680
681 Layer 3 switches are, essentially, a cross between a LAN switch and a router. Each
682 port on the switch is a separate LAN port, but the forwarding engine actually
683 calculates and stores routes based on IP addresses, not MAC addresses. You can
684 think of a Layer 3 switch as a switch that also performs hardware-based routing
685 using Layer 3 (network) addresses.
686
687 Layer 3 switches available today tend to support only IP or both IP and Internetwork
688 Packet Exchange (IPX), to the exclusion of other network layer protocols. Similarly,
689 selection of LAN port technologies is frequently limited to 10-, 100-, or 1000- Mbps
690 Ethernet.
691
692 Basically, Layer 3 switching is hardware-based routing. In particular, the packet
693 forwarding is handled by specialized hardware ASICs. The goal is to capture the
694 speed of switching and the scalability of routing. A Layer 3 switch acts on a packet
695 in the same way that a traditional router does; for example:
696
697 ■ Determining the forwarding path based on Layer 3 information
698 ■ Validating the integrity of the Layer 3 header via checksum
699 ■ Verifying packet expiration and updates accordingly
700 ■ Processing and responding to any option information
701 ■ Updating forwarding statistics in the Management Information Base (MIB)
702 ■ Applying security controls if required
703 ■ Implementing quality of service (QoS)
704 The primary difference between the packet-switching operation of a router and a
705 Layer 3 switch lies in the physical implementation. In general-purpose routers,
706 microprocessor-based engines typically perform software-based packet switching. A
707 Layer 3 switch performs packet switching with hardware. Because it is designed to
708 handle high-performance LAN traffic, a Layer 3 switch can be placed anywhere
709 within the network, offering a cost-effective alternative to the traditional router.

4-30 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
710 Practice
711 1. Which of the following best describes Layer 3 switching?
712
713 A. Hardware-based bridging
714 B. Hardware-based routing **
715 C. Software-based packet switching
716 D. Software-based routing
717
718 2. How does the packet-switching function of a router differ from that of a Layer 3
719 switch?
720
721 A. The router uses network layer information to determine the forwarding
722 path, while the Layer 3 switch uses data link layer information.
723 B. The router performs its operation in software, while the Layer 3 switch
724 uses hardware. **
725 C. The router can implement QoS, while the Layer 3 switch cannot.
726 D. The router operates faster than the Layer 3 switch, but the switch is
727 more scalable.
728

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-31

728 4.3.3 Layer 4 Switching Devices
729 Figure 1: Layer 4 Switching

730
731
732 Layer 4 switching refers to Layer 3 hardware-based routing that accounts for Layer
733 4 control information. Information in packet headers typically includes Layer 3
734 addressing, the Layer 3 protocol type, and more fields relevant to Layer 3 devices,
735 such as Time To Live (TTL) and checksum. The packet also contains information
736 relevant to the higher layers within the communicating hosts, such as the protocol
737 type and port number.
738
739 A simple definition of Layer 4 switching is the ability to make forwarding decisions
740 based not just on the MAC address or source/destination IP addresses, but on Layer
741 4 parameters such as port numbers as well. In TCP or User Datagram Protocol
742 (UDP) flows, the application is encoded as a port number in the TCP or UDP
743 header.
744
745 Routers are capable of controlling traffic based on Layer 4 information. One method
746 of controlling Layer 4 traffic is by using extended access lists. Another method of
747 providing Layer 4 accounting of flows is available, NetFlow Switching, which is
748 utilized on the Cisco 7200 and 7500 Router platforms.
749
750 Finally, when performing Layer 4 functions, a switch reads the TCP and UDP fields
751 within the headers to determine what type of information the packet is carrying. The
752 network manager can program the switch to prioritize traffic by application. This
753 function allows network managers to define a quality of service (QoS) for end users.
754 When used for QoS purposes, Layer 4 switching might mean that a
755 videoconferencing application is granted more bandwidth than an e-mail message or
756 File Transfer Protocol (FTP) packet.
757
758 Layer 4 switching is necessary if your policy dictates granular control of traffic by
759 application or if you require accounting of traffic itemized in terms of applications.
760 However, it should be noted that switches performing Layer 4 switching need the
761 ability to identify and store large numbers of forwarding-table entries, especially if
762 the switch is within the core of an enterprise network. Many Layer 2 and Layer 3
763 switches have forwarding tables that are sized in proportion to the number of
764 network devices.

4-32 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
765
766 With Layer 4 switches, the number of network devices must be multiplied by the
767 number of different application protocols and conversations in use in the network.
768 Thus, the size of the forwarding table can grow quickly as the numbers of end
769 devices and types of applications increase. This large table capacity is essential to
770 creating a high-performance switch that supports wire-speed Layer 4 forwarding of
771 traffic.

772 Practice
773 1. Using Layer 4 switching enables traffic to be prioritized based on _________.
774
775 A. the application **
776 B. source and destination
777 C. source only
778 D. the network layer protocol
779

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-33

779 Summary
780 This section summarizes the key points you learned in this lesson.
781
782 ■ Layer 2 switches provide network managers with the ability to increase
783 bandwidth without adding complexity to the network.
784 ■ Basically, Layer 3 switching is hardware-based routing. Because it is
785 designed to handle high-performance LAN traffic, a Layer 3 switch can be
786 placed anywhere within the network, offering a cost-effective alternative to
787 the traditional router.
788 ■ Layer 4 switching refers to Layer 3 hardware-based routing that accounts
789 for Layer 4 control information.

4-34 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
790 4.4 Virtual LANs

791 Overview
792 This lesson provides an introduction to VLANs, compares traditional shared LAN and
793 VLAN, and discusses the benefits of VLANs.
794

795 Objectives
796 Upon completing this lesson, you will be able to:
797
798 ■ Identify the limitations of shared LANs
799 ■ Define VLAN
800 ■ Identify the functions of VLAN
801 ■ Identify the benefits of VLAN
802 ■ Identify the functions of VLAN components
803 ■ Identify different ways of establishing VLAN membership
804 ■ Identify the features of port-based VLAN
805 ■ Identify the features of MAC address-based VLAN
806 ■ Identify the connectivity types used between VLANs

807 Outline
808 This lesson includes the these sections:
809
810 ■ Overview
811 ■ Constraints of Shared LANs
812 ■ Virtual LANs
813 ■ Remove the Physical Boundaries
814 ■ VLAN Benefits
815 ■ VLAN Components
816 ■ Establishing VLAN Membership
817 ■ Membership by Port
818 ■ Membership by MAC Addresses
819 ■ Multiple VLANs per Port
820 ■ Communicating Between VLANs
821 ■ Summary
822
823

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-35

823 4.4.1 Constraints of Shared LANs
824 Figure 1: Constraints of Shared LANs

■ Users are physically

bound.
■ Subnets are tied to hubs.
■ Users are grouped by
location.
■ Segment has no security.
■ Addressing is
constrained.
■ Moves require address
changes.
■ Router ports are
expensive.

825
826
827 Let's begin by reviewing some of the limitations of traditional, shared local-area
828 networks. Users are generally bound by their physical location in a network; that is,
829 the actual port or hub that they plug into determines what resources they can
830 connect to and how they're grouped together in a LAN. Also, users are generally
831 grouped not logically, but physically by where they sit and where they gain their
832 physical connectivity.
833
834 Shared LAN networks also offer very little security, because on a hub or
835 concentrator all traffic in the network is available on all ports. That's the inherent
836 nature of shared LAN devices. Also, there are constraints with addressing because
837 of the physical layout and requirements in the shared technology environment, and
838 moves, adds, and changes can be very difficult as well because they require making
839 changes either on a patch panel or in a wiring closet—wherever the hubs or
840 concentrators reside.
841
842 Lastly, routers are needed to connect different segments together. So if separation
843 occurs, router ports either may not be available, or if they are, they're relatively
844 expensive compared to some of the alternatives. These are some of the reasons that
845 virtual LANs, or VLANs, are implemented.

4-36 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
846 Practice
847 1. Which of the following is a limitation of traditional, shared LANs?
848
849 A. Routers are needed to connect segments together.
850 B. Shared LAN networks offer very little security.
851 C. Users are usually bound by their physical locations.
852 D. All of the above **
853
854
855

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-37

855 4.4.2 Virtual LANs
856 Figure 1: Virtual LANs

857
858
859 Figure 1: Virtual LANs

■ A switch creates a
broadcast domain.
■ VLANs help manage
broadcast domains.
■ VLANs can be defined
on port groups, users,
or protocols.
■ LAN switches and
network management
software provide a
mechanism to create
VLANs.
860
861
862 A Virtual LAN (VLAN) is a logical grouping of devices or users, as shown in
863 Figure [1]. These devices or users can be grouped by function, department, or
864 application, regardless of their physical segment location. VLAN configuration is
865 done at the switch via software. VLANs are not standardized and require the use of
866 proprietary software from the switch vendor.
867
868 As mentioned in previous section, a typical shared LAN is configured according to
869 the physical infrastructure it is connecting. Users are grouped based on their

4-38 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
870 location in relation to the hub they are plugged in to and how the cable is run to the
871 wiring closet. The router interconnecting each shared hub typically provides
872 segmentation and can act as a broadcast firewall. The segments created by switches
873 do not. Traditional LAN segmentation does not group users according to their
874 workgroup association or need for bandwidth. Therefore, they share the same
875 segment and contend for the same bandwidth, although the bandwidth requirements
876 may vary greatly by workgroup or department.
877
878 VLANs take a single broadcast domain and limit it within a given switch so that
879 multiple segments can exist within a switch instead of one device providing a single
880 broadcast domain. VLANs also can help manage broadcast traffic. Because the
881 switch itself without VLANs propagates all broadcast traffic, as soon as multiple
882 VLANs are created, they will block the propagation of that broadcast traffic. Thus
883 VLANs can help contain broadcast traffic. In addition, VLANs can be defined by
884 port groups, by actual user IDs, by MAC address, or even by protocol. VLAN group
885 membership can be defined in several ways. Lastly, LAN switches and network
886 management software provide a mechanism to actually create, and more
887 importantly, to manage VLANs over the long term (see Figure [2]).

888 Practice
889 1. Which of the following is not a criterion on which VLANs can be based?
890
891 A. Port ID
892 B. MAC address
893 C. Protocol
894 D. Location **
895
896
897

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-39

897 4.4.3 Remove the Physical Boundaries
898 Figure 1: Remove the Physical Boundaries

Accounting

899
900
901 Conceptually, VLANs provide greater segmentation and organizational flexibility.
902 VLAN technology allows you to group switch ports and the users connected to them
903 into logically defined communities of interest. These groupings can be coworkers
904 within the same department, a cross-functional product team, or diverse users
905 sharing the same network application or software.
906
907 Grouping these ports and users into communities of interest—referred to as VLAN
908 organizations—can be accomplished within a single switch, or more powerfully,
909 between connected switches within the enterprise. By grouping ports and users
910 together across multiple switches, VLANs can span single building infrastructures
911 or interconnected buildings. As shown in Figure [1], VLANs completely remove the
912 physical constraints of workgroup communications across the enterprise.
913
914 Additionally, the role of the router evolves beyond the more traditional role of
915 firewalls and broadcast suppression to policy-based control, broadcast management,
916 and route processing and distribution. Equally as important, routers remain vital for
917 switched architectures configured as VLANs because they provide the
918 communication between logically defined workgroups (VLANs). Routers also
919 provide VLAN access to shared resources such as servers and hosts, and connect to
920 other parts of the network that are either logically segmented with the more
921 traditional subnet approach or require access to remote sites across wide-area links.
922 Layer 3 communication, either embedded in the switch or provided externally, is an
923 integral part of any high-performance switching architecture.

924 Practice
925 1. Which of the following is a true of using VLAN?
926
927 A. Switches do not need to be configured.
928 B. Broadcasts domain is increased.
929 C. Physical boundaries that prevent user groupings can be removed. **
930 D. None of the above
931
932
4-40 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
932 4.4.4 VLAN Benefits
933 Figure 1: VLAN Benefits

934
935
936 Some of the key benefits of using VLANs are given in Figure [1]. The original
937 motivation for VLANs was to reduce the administrative costs associated with
938 managing a routine shared network. What was needed was a way to simplify the
939 moves, adds, and changes that were commonly associated with most organizations
940 as their networks evolved. VLANs offer other benefits, including better bandwidth
941 control. Segmenting a switch and into multiple VLANs limits the size of broadcast
942 domains. In other words, it limits how far and to how many ports the broadcast
943 traffic is propagated.
944
945 Another benefit of VLANs is improved network security. VLANs can be separated
946 on the switch, so that traffic from one VLAN is not communicated to another
947 VLAN. In addition, servers can be relocated into secured locations and connectivity
948 provided to only those workstations that need it. VLANs can improve scalability
949 and performance, and microsegmentation can dramatically improve some key
950 performance aspects in a LAN. Finally, VLANs can be used to distribute the traffic
951 load more efficiently throughout the LAN.

952 Practice
953 1. Which of the following is a not beneficial effect of adding a VLAN?
954
955 A. Broadcasts can be controlled.
956 B. Confidential data can be protected.
957 C. Relocation of users is not easy. **
958 D. Administration cost can be reduced.
959
960
961
962
963
964

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-41

964 4.4.5 VLAN Components
965 Figure 1: VLAN Components

966
967
968 To truly understand VLANs, we need to understand some of the key components.
969 Switches play a role, but also routers, servers, and management stations play a role
970 in successfully deploying VLANs.
971
972 Switches determine the VLAN membership and provide the basic connectivity of
973 the VLAN members. Trunking functionality is also needed. In other words, a way is
974 needed to exchange VLAN information between switches if the network VLANs
975 span multiple physical switches. Also, VLANs require multiprotocol routing
976 functionality. The routers provide this functionality.
977
978 Remember that VLANs essentially create multiple network segments, so a method
979 is needed to route traffic between the VLANs, and that's what the router does.
980 Traffic flow in the network can be optimized by giving servers the ability to
981 discriminate traffic down to the individual VLAN level. Lastly, network
982 management functionality is needed in order to initially deploy and then manage
983 VLANs. Thus it's not just the switch that enables a successful VLAN deployment.

984 Practice
985 1. Switches provide the intelligence to do which of the following?
986
987 A. They determine the VLAN membership. **
988 B. They provide the multiprotocol routing between VLANs.
989 C. They discriminate traffic down to the individual VLAN level.
990 D. None of the above.
991
992
993

4-42 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
 993 4.4.6 Establishing VLAN Membership
994 Figure 1: Establishing VLAN Membership

Port Based

Layer 3 Based

MAC Based

995
996
997 VLAN membership can be established in several ways, all involving trade-offs. In
998 port-driven VLAN membership, VLANs are determined by the port that a given
999 workstation plugs into.
1000
1001 For example, we may say on a 12-port switch that ports 1 through 6 are VLAN 1,
1002 and ports 7 through 12 are VLAN 2.
1003
1004 VLAN membership can also be defined by MAC address. That is, the switch looks
1005 at a MAC address and then dynamically determines which VLAN a station belongs
1006 to based on its MAC address. This scenario offers a mechanism for dynamic VLAN
1007 membership, similar to network address VLAN membership. We can look at a
1008 workstation IP address, for example, or a user ID as the user logs into the network to
1009 determine which VLAN a station belongs to. Lastly, we can even look at the
1010 application type.

1011 Practice
1012 1. Which of the following is not an approach of establishing VLAN membership?
1013
1014 A. Port driven
1015 B. MAC address driven
1016 C. Application type driven
1017 D. Device type driven **
1018
1019
1020 Membership by Port
1021
1022

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-43

1022 4.4.7 Membership by Port
1023 Figure 1: Membership by Port

1024
1025
1026 Providing the maximum forwarding performance, membership by port is the
1027 simplest mechanism of VLAN port membership. Users are simply assigned by the
1028 port that they plug into. No address lookups are required in the ASICs because the
1029 administrator manually defines the VLAN a particular port belongs to. Port-based
1030 VLAN member is also known as static VLANs.
1031
1032 Administration is relatively easy, done either by command-line interface or by a
1033 graphical user interface (GUI). Port membership can also maximize the security
1034 between VLANs, and port-based VLANs can be created to ensure that the packets
1035 don't leak into other domains. Network administration is easily controlled across the
1036 entire network with port membership.

1037 Practice
1038 1. What is port-based VLAN membership also known as?
1039
1040 A. Local VLANs
1041 B. Dynamic VLANs
1042 C. Geographic VLANs
1043 D. Static VLANs **
1044
1045

4-44 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
1045 4.4.8 Membership by MAC Addresses
1046 Figure 1: Membership by MAC Addresses

■ User assigned based on MAC addresses.

■ Offers flexibility, yet adds overhead.
■ Impacts performance, scalability, and administration.
■ Offers similar process for higher layers.
1047
1048
1049 VLAN membership can also be determined by MAC address. This scenario requires
1050 filtering because we have to look at the traffic as it goes through the switch, a
1051 process that impacts performance. In addition, we have to look up in a table to
1052 determine which VLAN that traffic belongs to.
1053
1054 Although this process offers flexibility, it also adds to the switch processing
1055 overhead. It offers flexibility to support mobile users and dynamically determine
1056 their VLAN membership based on the port that they plug into. The trade-offs lie in
1057 the areas of performance, scalability, administration, and so on.

1058 Practice
1059 1. Which of the following if true of MAC address-based VLAN?
1060
1061 A. Offers flexibility. **
1062 B. Reduces overhead.
1063 C. Improves performance, scalability, and administration.
1064 D. None of the above
1065
1066
1067

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-45

1067 4.4.9 Multiple VLANs per Port
1068 Figure 1: Multiple VLANs per Port [MAC, not Mac]

1069
1070
1071 Multiple VLANs can be defined on a given port. Although this solution might be
1072 required in situations where hubs are plugged into switch ports, it might defeat the
1073 original purpose of creating the VLAN.
1074
1075 Notice that several VLANs are defined with individual VLAN members connected
1076 to the hubs, not to the switches. Now consider the broadcast message that will be
1077 sent by MAC station 1 on the left side of Figure [1].
1078
1079 As that broadcast message is propagated through the network, when it reaches the
1080 hub on the other side of the network, that hub will flood that broadcast traffic to all
1081 stations on that hub. Thus defining multiple VLANs on a single port negates the
1082 purpose of limiting broadcast traffic—and a key advantage of having VLANs is
1083 lost. Although this setup may be required in some instances for connectivity,
1084 remember that its use might actually defeat one of the key purposes of a VLAN.

1085 Practice
1086 1. Which of the following device is used to create multiple VLANs?
1087
1088 A. Router
1089 B. Repeater
1090 C. Switch
1091 D. Hub **
1092
1093

4-46 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
1093 4.4.10 Communicating Between VLANs
1094 Figure 1: Communicating Between VLANs

■ Layer 3 links VLANs together.

■ A VLAN adds additional
security and management.
■ Logical links conserve physical
ports.
■ Mul
■ Controls access by VLAN.
■ Cisco IOS ® can support up to
255 VLANs on a router.
1095
1096
1097 Remember that VLANs essentially break up a switch into multiple, completely
1098 separate network segments. Now a router is needed to provide connectivity between
1099 those network segments.
1100
1101 Connectivity can be achieved in two ways, logical connectivity or physical
1102 connectivity. Logical connectivity involves a single connection to the router, and
1103 that single connection can support multiple VLANs. This configuration is
1104 sometimes referred to as a “router on a stick,” because there is a single connection
1105 to the router but multiple logical connections inside that physical connection. In
1106 addition, the router performs the routing among the multiple VLANs.
1107
1108 Another connectivity option is to have a separate physical connection for each
1109 VLAN. The obvious trade-off is that this configuration requires a separate physical
1110 port for each of the VLANs. Although this setup may provide better separation and
1111 better performance, the trade-off is the requirement for more resources, namely the
1112 individual interfaces on the router. With regard to VLAN support on the router,
1113 Cisco IOS® Software, for example, can support up to 255 VLANs on a given
1114 router. Thus there is flexibility in terms of routing between VLANs.

1115 Practice
1116 1. VLAN connectivity can be archived in two ways – ____________ connectivity
1117 and ______________ connectivity.
1118
1119
1120
1121

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-47

1121 Summary
1122 This section summarizes the key points you learned in this lesson.
1123
1124 ■ In shared LAN networks, users are physically bound and they offer very
1125 little security.
1126 ■ A Virtual LAN (VLAN) is a logical grouping of devices or users.
1127 ■ VLAN membership can be established in several ways, such as port driven,
1128 MAC address driven, network address driven, and application type driven.
1129 ■ VLANs remove the physical constraints of workgroup communications
1130 across the enterprise.
1131 ■ VLANs enable logical (instead of physical) groups of users on a switch.
1132 ■ VLANs address the needs for mobility and flexibility.
1133 ■ VLANs reduce administrative overhead, improve security, and provide
1134 more efficient bandwidth utilization.
1135

4-48 Cisco Certified Network Associate Basics (CCNAB) v2.0 Copyright  2002, Cisco Systems, Inc.
1136 Summary
1137 This module included the following key points:
1138
1139 ■ Thicknet and thinnet are two early LAN technologies widely installed.
1140 ■ When two or more workstation tried to send data at the same, the collision
1141 results. Collisions are by-products of an Ethernet network.
1142 ■ Communication in a network occurs in three ways. They are unicast,
1143 broadcast, and multicast transmission.
1144 ■ Microsegmentation enables dedicated access, eliminates collisions and
1145 increases capacity, and support multiple conversations at the same time.
1146 ■ Full-duplex transmission doubles the bandwidth between nodes.
1147 ■ Two common switching methods are cut-through and store and forward.
1148 ■ Spanning-Tree Protocol (STP) is a loop-prevention protocol.
1149 ■ Layer 2 switches perform switching and filtering based on MAC addresses.
1150 ■ Layer 3 switches use IP addresses for their switching operations.
1151 ■ Layer 4 switching refers to Layer 3 hardware-based routing that accounts
1152 for Layer 4 control information.
1153 ■ VLANs provide broadcast/multicast containment and enhanced security by
1154 segmenting groups of users from each other on the network. In addition,
1155 VLANs also offer mobility of users within the campus environment.

Copyright  2002, Cisco Systems, Inc. Module 4: Switching Fundamentals 4-49