|
|
This chapter explains some of the concepts you will need to understand to effectively configure and manage your Catalyst 2100. The following Catalyst 2100 features are described:
With multiple MAC address support on all ports, you can connect individual workstations, repeaters, switches, routers, or other network devices to any Catalyst 2100 port. Catalyst 2100 maintains an address table associating the address of each device with the port the device resides on.
Catalyst 2100 can automatically learn the source address of packets received on each port. It adds these dynamic addresses and associated port numbers to the address table. As stations are added or removed from the network, Catalyst 2100 automatically updates the address table by adding new entries and aging out ones currently not in use. Dynamic addressing simplifies the management of the switch and requires no configuration.
A network administrator can also manually enter addresses into the Catalyst 2100 address table. These static addresses do not age and must be added or removed by the administrator. Static addressing allows for a measure of security in that access to a port can be restricted. See the section "Securing Ports" in this chapter for more information.
Catalyst 2100 forwards, filters, and floods packets in accordance with the IEEE 802.1d specification. It transfers, or forwards, packets between any combination of ports based on the destination address of the received packet. By maintaining an address table that determines which port the address resides on, Catalyst 2100 is able to forward the packet only to that port. If it is determined that the destination address resides on the port the packet was received from, the packet is filtered and not forwarded.
If a destination address is unknown to the Catalyst 2100, it will flood the packet to all ports. Flooding ensures that the packet will arrive at its destination even when the Catalyst 2100 does not know which port the destination address resides on. Catalyst 2100 also floods multicast and broadcast packets. There are times when it may be useful to disable flooding. See the section "Flooding Controls" in this chapter for more information.
Catalyst 2100 also supports source port filtering. This enhanced filtering capability only forwards packets to destinations when received on specified ports. Packets to these destinations received on other ports are filtered. These destinations are referred to as restricted static addresses. See the section "Port Addressing" in the "Out-of-Band Management" chapter for more information. If you are using SNMP, see the section "Standard MIBs and MIB Extensions" in the "In-Band Management" chapter.
The switching mode determines how quickly Catalyst 2100 can forward a packet, and therefore, how much latency the packet will experience. Latency is the delay between the time a packet is received on one port and the time it is transmitted out the appropriate destination port. Selecting a switching mode is often a choice between enhanced error checking and lower latency.
Catalyst 2100 offers three switching modes:
FastForward and FragmentFree are two forms of cut-through switching. See the section "System Configuration" in the "Out-of-Band Management" chapter for more information on setting the switching mode with the management console. If you are using SNMP, "Standard MIBs and MIB Extensions" lists the MIB objects supported by Catalyst 2100.
FastForward offers the lowest level of latency by immediately forwarding a packet after receiving the destination address. Because FastForward starts forwarding before the entire packet is received, there may be times when packets are relayed with errors. Although this occurs infrequently and the destination network adapter discards the faulty packet upon receipt, the superfluous traffic may be deemed unacceptable in certain environments. Packets forwarded with errors can be reduced by using the FragmentFree option. In FastForward mode, latency is measured first bit received to first bit transmitted or FIFO (first in, first out).
FragmentFree switching filters out collision fragments, the majority of packet errors, before forwarding begins. In a properly functioning network, collision fragments must be less than 64 bytes. Anything greater than 64 bytes is a valid packet and is usually received without error. FragmentFree switching waits until the received packet has been determined not to be a collision fragment before forwarding the packet. In FragmentFree mode, latency is measured first bit received to first bit transmitted or FIFO (first in, first out).
The third switching mode supported by Catalyst 2100 is the traditional Store-and-Forward mode. Complete packets are stored and checked for errors prior to transmission. In Store-and-Forward mode, latency is measured last bit received to first bit transmitted or LIFO (last in, first out). This does not include the time it takes to receive the entire packet, which can vary, according to packet size, from 65 microseconds to 1.3 milliseconds. Store-and-Forward is the most error-free form of switching, but the forwarding latency is higher than either of the two cut-through switching modes. This can be seen in Table 3-1.
| Switching Mode | 10 Mbps to 10 Mbps | 10 Mbps to high-speed | 100 Mbps to 100 Mbps | 100 Mbps to 10 Mbps |
|---|---|---|---|---|
| FastForward (FIFO)1 | 31 microsec. | na | 7 microsec. | 7 microsec. |
| FragmentFree (FIFO) | 70 microsec. | na | 9 microsec. | 10 microsec. |
| Store-and- Forward (LIFO)2 | 7 microsec. | 7 microsec. | 3 microsec. | 3 microsec. |
FastForward is the default switching mode and provides the lowest latency packet switching. If, however, your network experiences a significant number of collisions, FragmentFree can be used to eliminate the chance of forwarding collision fragments. If you are experiencing FCS or alignment errors, Store-and-Forward could be used to ensure that packets with errors are filtered and not propagated to the rest of the network.
You select a switching mode for the entire switch; the chosen switching mode is then applied to traffic flowing between all ports with the following exceptions:
To define the switching mode with the Catalyst 2100 management console, turn to the section "System Configuration" in the "Out-of-Band Management" chapter for more information. You can also define the switching mode in-band using any SNMP-compatible management station. Refer to the Catalyst 2000 MIB Reference Manual for a description of the Catalyst 2100 MIB objects. "Standard MIBs and MIB Extensions" in the "In-Band Management" chapter lists the supported MIB objects.
Secured ports restrict the use of a port to a user-defined group of stations. The number of devices on a secured port can range from between 1 and 132. The addresses for the devices on a secure port are statically assigned by an administrator or sticky learned. Sticky learning takes place when the address table for a port that is set as secured does not contain a full complement of static addresses. The port sticky-learns the source address of incoming packets and automatically assigns them as static addresses.
Secured ports generate address-security violations under the following conditions:
When a security violation occurs, the port may be suspended or disabled, as described in the section "Port Status" in this chapter, and SNMP traps may be generated. You can also choose to ignore the violation and keep the port enabled. The action taken by Catalyst 2100 is defined by the administrator through an SNMP-compatible workstation or with the management console menu described in the section "System Configuration" in the "Out-of-Band Management" chapter.
There are several reasons you may want to secure ports. If you define a secure port's address table to contain only one address, the workstation or server attached to that port is guaranteed the full bandwidth of the port. This is the private Ethernet configuration.
Address security can also be used to ensure that only members of a workgroup have access to the switch on a given port. By assigning static addresses to a secure port, Catalyst 2100 will not forward any packets with source addresses outside the group. Secured ports used in conjunction with VLANs allow for a completely secure switch.
See the section "Port Addressing" in the "Out-of-Band Management" chapter for more on defining secured ports with the Catalyst 2100 management console. You can also secure ports with any SNMP-compatible management station; the section "Standard MIBs and MIB Extensions" in the "In-Band Management" chapter lists the MIB objects supported by Catalyst 2100.
Port status is a system-wide indicator of the state of a port. A port's status can change in response to security violations, by management intervention, or by actions of the Spanning-Tree Protocol.
At any given time, each Catalyst 2100 port will be in one of three states:
No packets are forwarded to or from a disabled or suspended port. Suspended ports do monitor incoming packets, however, to look for an activating condition. If a linkbeat returns, for example, a port suspended due to linkbeat failure returns to the enabled state.
Catalyst 2100's CollisionFree feature provides full-duplex operation on the 100Base-TX ports for up to 200 Mbps of bandwidth. Full-duplex is the simultaneous transmission and reception of 100 Mbps streams. As both ends of the link must be configured for full-duplex, a full-duplex port cannot be connected to a repeater. A likely scenario would be to connect the full-duplex port to a server with a 100Base-TX adapter, configured for full-duplex. You could also connect it to another Catalyst 2100 configured for full-duplex operation.
See the section "Port Configuration" in the "Out-of-Band Management" chapter for instructions on configuring ports for full-duplex with the management console. You can also use an SNMP-compatible management station using the MIB objects listed in the section "Standard MIBs and MIB Extensions" in the "In-Band Management" chapter.
The Catalyst 2100 includes an added security feature that precludes eavesdropping or monitoring of traffic destined for other ports. There are times, however, when you will want to use an RMON probe or sniffer to troubleshoot network problems by examining traffic on some or all of the Catalyst 2100 ports. Catalyst 2100 provides a port-monitoring mode for this purpose.
Port-monitoring mode forwards frames received from ports that are assigned to a capture list and forwards them to the port designated as the monitor port. This list can include any number of Catalyst 2100 ports from none to all 27. To enable port-monitoring mode with the management console see the section "Monitoring Configuration" in the "Out-of-Band Management" chapter. You can also enable port monitoring via SNMP with the MIB objects listed in the section "Standard MIBs and MIB Extensions" in the "In-Band Management" chapter.
Flooding is the forwarding of broadcast, multicast, and unicast packets with unknown addresses to all ports. In certain applications, this flooding may be unnecessary and undesirable. Note that when you create a VLAN, all traffic--including broadcast traffic--is kept within the boundaries of the VLAN, regardless of whether flooding controls are used.
When Catalyst 2100 receives a unicast packet with a destination address that it has not learned, the default is to flood it to all ports. However, on ports with only statically assigned addresses or single stations attached, there are no unknown destinations on the ports and the flooding would serve no purpose. You can disable flooding in this case on a per-port basis. See the section "Port Addressing" in the "Out-of-Band Management" chapter for more information on disabling the flooding of packets with the management console. If you are using SNMP, the section "Standard MIBs and MIB Extensions" in the "In-Band Management" chapter lists the MIB objects supported by Catalyst 2100.
When Catalyst 2100 receives a multicast or broadcast packet, the default is to flood it to all ports. You can use the Catalyst 2100 management console or SNMP to register multicast addresses and list the ports these packets are to be forwarded to. You can also disable the normal flooding of unregistered multicast packets on a per-port basis. Besides reducing unnecessary traffic, these features open up the possibility of using multicast packets for dedicated groupcast applications such as broadcast video. See the section "Multicast Registration" in the "Out-of-Band Management" chapter for more information about registering multicast addresses with the management console. If you are using SNMP, the section "Standard MIBs and MIB Extensions" in the "In-Band Management" chapter lists the MIB objects supported by Catalyst 2100.
Catalyst 2100 supports up to four VLANs. This capability allows ports on the switch to be grouped into separate logical networks. Unicast, broadcast, and multicast packets are forwarded (and flooded) only to those stations within a VLAN, creating a virtual firewall between VLANs.
Because a VLAN is considered a separate logical network, it contains its own bridge MIB information and supports its own implementation of some of the features described in this section, including Spanning-Tree Protocol. You can assign unique community strings for VLANs as described in the section "Network Management (SNMP) Configuration" in the "Out-of-Band Management" chapter, or you can use the MIB objects listed in the section the section "Standard MIBs and MIB Extensions" in the "In-Band Management" chapter.
One of the primary benefits of VLANs is simplified adds, moves, and changes. Figure 3-1 illustrates a simple VLAN configuration that groups workstations attached to Catalyst 2100 ports 1 through 12, and a server attached to port F2, into VLAN1. Workstations attached to ports 13 through 24 are grouped with a server attached to port F1 into VLAN2. The traffic on each VLAN is completely isolated from the other.
Users can change their physical location in the network without changing their associated VLAN membership. Consider the example in Figure 3-1 where a user attached to port 3 in VLAN1 moves to be located with users in VLAN2 but needs to retain network access to resources in VLAN1. The physical network topology has changed because this user is now attached to a different port on the Catalyst 2100. However, the administrator maintains the logical network structure by assigning the new port to VLAN1. See the section "Virtual LAN Configuration" in the "Out-of-Band Management" chapter for details on assigning ports to VLANs.
Catalyst 2100 supports overlapping VLANs so resources can be shared between logical workgroups. Figure 3-2 shows two VLANs, VLAN1 and VLAN2, sharing a server connected to port F1. Stations in both VLAN1 and VLAN2 can access the server but are otherwise completely isolated from each other.
 | Caution Spanning-Tree may not prevent network loops in overlapping VLANs if the VLANs are connected in other ways besides the overlapping port. |
VLANs spanning multiple Catalyst 2100s require a dedicated port on each switch for each VLAN interconnection. The configuration in Figure 3-3 shows two VLANs spanning multiple Catalyst 2100s. In this example, ports F1 and F2 on each Catalyst 2100 provide the link to interconnect VLAN1 and VLAN2, respectively. An external 100Base-T hub then connects each link to form the overall VLAN. If one or more of the switched 100Base-T ports on the Catalyst 2100 are used for other connections, or if more than two VLANs span multiple Catalyst 2100s, then a dedicated 10Base-T port on each switch is required to interconnect the VLAN.
Spanning-Tree Protocol is a standardized mechanism for maintaining a network of multiple bridges or switches. As part of the IEEE 802.1d standard, Spanning-Tree Protocol will interoperate with compliant bridges and switches from other vendors. It transparently reconfigures bridges when the topology changes to avoid the creation of loops and to establish redundant paths in event of lost connections. All 27 ports are included in Catalyst 2100 Spanning-Tree Protocol support, and management of Spanning-Tree Protocol is through the standard bridge MIB.
You can create a redundant backbone with Spanning-Tree Protocol by connecting two of the switch's ports to another device, or to two different devices. Spanning-Tree Protocol will automatically disable one port but enable it if and when the other port is lost. If one link is high-speed and the other low-speed, the low-speed link is always disabled. If the speed of the two links is the same, the port priority and port ID are added together and the link with the lowest value is disabled.
Dynamic addresses are aged and dropped from the address table after a configurable period of time. The default for aging dynamic addresses is five minutes. A reconfiguration of the spanning tree, however, can cause many station locations to change. As this would mean that many stations were unreachable for five minutes or more, the address-aging time is accelerated so that station addresses can be dropped from the address table and then relearned. The accelerated aging is the same as the forward-delay parameter value when Spanning-Tree Protocol reconfigures. This parameter is described in the section "Spanning-Tree Configuration" in the "Out-of-Band Management" chapter. You can also configure it using any SNMP-compatible management station. Supported MIB objects are listed in the section "Standard MIBs and MIB Extensions" in the "In-Band Management" chapter.
|
|