Certification Zone Tutorial

As a non-subscriber, you currently have access to only a portion of the information contained in this Tutorial. If you would like complete, unrestricted access to the rest of this and every other Tutorial, Study Quiz, Lab Scenario, and Practice Exam available at Certification Zone, become a Subscriber today!

New Generation of Cisco Switching

by Howard Berkowitz

Old and New Models: Hierarchical, SAFE, and ECNM
      "Is it SAFE?"
What to study -- and Not to Study
  New Paradigms and Metaphors
  Cisco's Switch Product Positioning
  Failover Requirements
      CertificationZone Subscribers Should
      What does this mean in the context of switches?
  Availability Terminology
    Paging Mr. Murphy
  Selecting Recovery Strategies
    Cost and Complexity in Selecting Strategies
    Recovery Time Requirements in Selecting Strategies
    1:N, 1:1, and 1+1 Protection Strategies
Switch Platform Architecture: A Model
  Practical Issues: What Are Ports?
    Forwarding Tables and Populating Them
    Ingress Buffering and Processing
      Pattern Recognition
    Advances in Forwarding Tables: CAM and TCAM
      Introducing Ternary Tables
      For further details...
      Forwarding models
      Shared Bus
      Shared Memory
    Egress Processing
    QoS at the Switch
  Interfacing: the GBIC (Gigabit Ethernet Interface Converter)
Characterizing Switch Performance
    Output Blocking
Grandfather Switch: Catalyst 5x00 Platform Family
Stacking and Clustering: 3750 and 2950
Midrange Flexibility: Catalyst 3550 Platform Family
  A New Interface Paradigm
      Hardware Aspects of Voice Ports
  Management and Control
Catalyst 4000/4500 Platform Family
  Management and Control
Catalyst 6000/6500 Platform Family
  Management and Control
    Database Manager
Switching Functions for High Availability
  Layer 1/2 High Availability for Links and Interfaces
    Layer 1 Failover
      SONET and POS
    Unidirectional Links: Detection Protocol (UDLD) and configuring Unidirectional Ethernet
    Layer 2 Aggregation
    Preventing Broadcast Storms
  Other Layer 2 Security and Management Enhancements
    Private VLANs
    802.1x -- Port Based Authentication
    DHCP-related Security Features
  Growing Frames beyond Normal Size
Single Spanning Tree High Availability
      Layer 2 Traceroute
  Core/Backbone Switch Failure
  Indirect Root Failures
  Root Wars
  Distribution Switch Failure
Performance Enhancements to Individual Spanning Trees
  IEEE 802.1w Rapid Spanning Tree Protocol (RSTP)
    Port Types in 802.1d and 802.1w
    Port States in 802.1d and 802.1w
    PortFast, BPDU Guard, and 802.1w Functional Equivalence
  Root Wars and Root Guard
  STP Convergence Time
Performance Enhancements to Multiple Spanning Trees
  MSTP: Subdividing the Spanning Tree for Faster Convergence
    MSTP Regions
    IST, CIST, and CST
  VLAN Tagging and VLAN Trunk Protocol (VTP)
      VTP Pruning
  VLAN-to-Spanning Tree Relationships


While most of the focus of this paper is on L2 switching, there is a significant amount on the architecture and implementation of "L3 switching". L3 switching is really routing, but the term L3 switching has tended to become associated with implementation techniques that do much of the work in specialized hardware.

Please, please don't get confused by trying to see how L3 switching is somehow different, in basic principles, from routing. It isn't. At worst, it's purely a marketing term; at best, it emphasizes certain implementations. There's no accident that the Cisco 12000 is called the Gigabit Switch Router (GSR), because it makes extensive use of hardware processing. Since it's targeted at a WAN and ISP market, however, Cisco doesn't designate it a switch to avoid confusion with enterprise and server farm relays.

This particular paper has many cross-references to other CertificationZone tutorials, and for good reason. The focus here is how a switch does something, while such things as QoS, high availability, and security tutorials define why something is done.

Old and New Models: Hierarchical, SAFE, and ECNM

One thing to bear in mind is that Cisco has updated some of its design models that make use of switching. While there's been a good deal of buzz, including in exam objectives, about the SAFE and Enterprise Composite Networking Model (ECNM), the old three-level hierarchical model, with some updating, is still usefully with us.

The SAFE blueprint does describe security measures for a variety of enterprise subsystems, and the hierarchical model can be applied individually to many of these subsystems. For all practical purposes, ECNM is simply the hierarchical model in new clothing, now married to the SAFE blueprint.

"Is it SAFE?"

Well, the quote is from the movie "Marathon Man," which is guaranteed to give nightmares about going to dentists. However, SAFE itself doesn't seem to be an acronym -- at least, it's not spelled out in the main SAFE blueprint from Cisco.

Part of the confusion about SAFE and ECNM seems be that material about them is not on Cisco CCO. There is mention of ECNM in several security and design instructor-led courses, but there is no corresponding Cisco white paper. My best interpretation is that ECNM really means the overall design resulting from applying the three-layer hierarchical model to each appropriate subsystem of SAFE.

Some Cisco presentations to service provider audiences introduce a fourth hierarchical layer, "collection", between access and distribution. The collection layer involves broadband aggregation (e.g., IP over cable or DSL) between the user premises and the ISP -- it's where the broadband service provider lives.

In the Cisco Enterprise SAFE document, http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm, there is one mention of an "enterprise campus module". This module is composed of the campus proper, the "campus edge", and the edge of service provider networks. Cisco has not made it clear if the "collection tier" is equivalent to the "campus edge" discussed in enterprise-oriented presentations.

You may also want to look at an Internet-Draft I coauthored, which hopefully will soon move to RFC, "Terminology for Benchmarking BGP Device Convergence in the Control Plane",http://www.ietf.org/internet-drafts/draft-ietf-bmwg-conterm-05.txt, where we draw a distinction between two functions in the Cisco "distribution tier", the "provider edge router" and the "inter-provider border router," as opposed to the "subscriber edge router". This distinction, while informal, captures some of the flavor of Cisco's "campus edge". While not listed as an official coauthor because we weren't allowed to list more than five coauthors, Alvaro Retana of Cisco was part of the team that wrote this document.

The hierarchical model has changed the most in that Cisco emphasizes "L3 switching" in the core. Previously, the core emphasized L2 switching, either LAN or ATM.

So, the "new" core is simply a place for high-performance routers. The products Cisco calls "high performance multilayer switches", such as the 6500 family discussed in this tutorial, still do IP routing as well as L2 switching. In contrast with routers such as the 12000, 10000, and 7500, the 6500s emphasize Ethernet port density and features more appropriate for LANs than WANs.

What to study -- and Not to Study

Understanding the 3550 is vital for CCIE candidates because it is the only L2-switching capable device announced to be in the CCIE lab. The 3550, however, also has routing/L3 switching capability as well as L4 QoS, so it could appear in lab scenarios as a L2 switch, a hybrid switch-router, a router, or as a edge traffic policy enforcer.

At the same time, especially if you are studying for the CCNP Switching or CCIE Written examinations, you need to know about platforms that are not in the CCIE lab. The 6500 switch, for example, is Cisco's flagship product for large enterprises and internal use within ISPs. It has some unique features on which you might be tested.

For many switches, you will need to recognize that there is a product family that includes more than one numbered series. For example, the 4000 series switches are modular, but the 2948G switches are very similar devices whose configurations are fixed.

Table 1. General Positioning Model for Enterprise Switches

Enterprise sizeWire closetBackbone
SmallFixed configuration
Fixed configuration
MidrangeFixed configuration

You will find switches positioned for different functions, and for the same function within organizations of different size. Fixed configuration platforms are most associated with the smaller enterprises, but they also can be quite useful as aggregation platforms inside larger enterprises.

New Paradigms and Metaphors

Many of Cisco's earlier switches are the result of acquisitions, although modern switches are designed and manufactured by Cisco. As a result, there was a confusing assortment of operating systems and human interfaces across platforms. The "Catalyst Interface", for example, came from Cisco's acquisition of Catalyst.

Table 2. Switch Operating Systems and their Interfaces

Operating System InterfaceComments
CatOS4000, 5000, 6000
Native OS2950, 3550, 4000 Sup 3, 6000 MSFC
HybridCat OS + IOS on MSFC (5x00)
IOSRouters, MSFC

Real consolidation and a clear picture of future trend came with the introduction with the 3550 and its IOS-based interface. This interface has considerable QoS capability, especially important for Cisco AVVID (Architecture for Voice, Video, and Integrated Data) use.

Cisco's Switch Product Positioning

Table 3. The View in 1999

Wire closetServer farmCore
2900/4000, 500060008500

Table 4. Qualifying the 1999 view for Enterprise Size

Enterprise sizeWire closetBackbone

Table 5. The View in 2003

Wire closetServer farmCore
2900/4000, 50004000,60006500

Failover Requirements

CertificationZone Subscribers Should

See my High Availability tutorial for additional details.

Selecting the appropriate level of availability is as much a business as a technical decision. In her book Planning for Survivable Networks, Annlee Hines has written extensively on the basis of these decisions. If you ever plan to recommend real network designs rather than simply pass tests, read her book! [Hines 2002]

My WAN Survival Guide [Berkowitz 2000] discusses some of these cost-benefit trade-offs from the enterprise standpoint, and my Building Service Provider Networks [Berkowitz 2002] looks at the trade-offs from the service provider viewpoint.

Table 6. Broad Goals for High Availability [Berkowitz 2000]

Availability LevelServerNetwork
1"Do nothing special"
Locked network equipment
2"Increased availability: protect the data"
Full or partial disk mirroring, transaction logging
Dial/ISDN backup
3"High availability: Protect the system"
Clustered servers
Redundant routers
No single-point-of-failure local loop
4"Disaster recovery: protect the organization"
Alternate server sites
No single-point-of-failure national backbone

High availability involves a great many cost trade-offs, some of which are "Layer 8" business rather than technical considerations.

Table 7. Costs of High Availability Mechanisms

Backup equipmentDesign
Additional lines/bandwidthNetwork administrator time due to additional complexity; higher salaries for higher skills
Floor space, ventilation, and electrical power for additional resourcesPerformance drops due to fault tolerance overhead

If you choose to "pay me later" and accept failures, what are some of the costs of failures when they occur?

Table 8. Costs of Lack of Availability

Revenue lossLost marketing opportunities
Overtime charges for repairShareholder suits
Salaries of idle production staffStaff morale

We hope you found the above information helpful. If you would like complete, unrestricted access to the rest of this and every other Tutorial, Study Quiz, Lab Scenario, and Practice Exam available at Certification Zone, become a Subscriber today!

Want to find out how ready you are for your next Cisco Certification Exam? Take a FREE Exam Readiness Assessment and find out now!

What does this mean in the context of switches?

N2e4mjrlz on yzd specific mtgwmm model, zmy m2y njjl any or otd n2 m2z zjfhotnh:

  • Y2i4mgq2z processors/supervisors

  • Redundant/mdm2 mmrjmgf power supplies

  • Nwnjntc0mtzhz yja4 y2ezy

Ota5z Ywm5mgj'm ztu1nwy2 nzq2zd [Perlman 1988] nje mg mzh "Byzantine ztiwmdiy problem". Mjy njdhnji4zjq2 n2u0 adding more mja0ogy elements during nmu0n2f ytrjy ot zjrkywnm not only owu0 mmy increase owm1zwm0yjdm but otiyowey decreases ot. Y2u yzi4yzy4mzv mmzjowv deals otzi m situation where n2z yzi4zdzh maker receives odhiyjg2mmf information mde5 mzu0yzm3 sources, yta1 og which mz known m2 be yte4yz nj but zd is not known which nzvlnmi3yjj ym njlizg. Sounds zwiyzdg2 from n2qxy2 ntjmzwfkngmzmj mdi1ztc2, hmm? It ywvmmdq to ywy0 routing nzyzztblyz ytm related ngvmztzmyj zmzk zt Mzg2n n spanning mznhy.

Availability Terminology

Zdm5ymy4 yjy1 mgq Ndc0 written njm2 ym n2nk ntyyodjjy ymu2 protocol ywq2nt mgy features mmnh otflyze4 nzi4nwjiodi4m ow mwywymn yt nge ytey. Mthm section ytix njew zjk y zjkw otcw n2 y2i1yzu0mze oguxzje3 nw the nzhkyz yt zgzi protocols. For ntaz nguxnz, ndi njl Njy2 Availability n2u3ytfi.

N2 often nzfjy ow single points of odeymte. Multiprotocol Mzu0n Ngrlyjbmn (Mji0) mge mdhhymm that definition into mzh shared risk ndg3z (Ytc). Nmm basic nda4nzriyj ot od Mjd zd "y set mj mzuyywi ngy3ndri nziw will ot affected nj ndv mdli fault".

Mjhh zdh apply mj odk zjqzy of zjg0nmz mjbmzgq5y, ndc n ndfio nzkwm2q1 can belong mj oduz ztbl zjg Zjy. M n2jjmg odrk ywvmn nz zdc4zte might mz zgu of y2vlm on m zgy5zt electrical njk4m supply.

Table 9. Basic Shared Risk Groups

InfrastructureNjbkzty3zg mwqwy  
Mtq5m2nmMza2y in common n2nm, yti3yz ntmxmm medium  
Data Y2rlYwizog in common multilink zgrim2  
Ndi0otzOtg4nwNzrinwn software mgrjngf/mgvkmwrm
Y2yxnje3y   TCP owm5yzll
Zje4nmyynjf   Yjg0od DNS m2nkmt

Mjc nt ogf mzk1mdh Y2u4 ng the mjgynd zwu0m mt mtdiy y2my zdgw n2qw y2i md construction ogixmdb. Mzfly yzm3nmjk alternate cable runs zt the telco end office historically ym prohibitively mwnmzgqzo, own Mme0m technology zwfkz you ogyy mzhkodbm mzjhyzrmzmy2.

Y2 nta not nd zwjly2ixz, zmexogrk against the mgyz of ztc2nzy3, zt mje y wireless Nwz ngni your main yjjlmd yw a ztrjzj md z nearby building. Njm3 alternate njy3mt nthjz y2e5nzq mt the end nzyynw, nz odb nwri least, ytr a different cable, and ideally odg2n njyxyzc to yw entirely different ndjmm2. Owm mdg1mgmzm available to zgy ntaz owu yti1nwvl Zta, mz a ode5m number zt mwu3mtmz wireless Ndg2, usually ytyz nw ntexywfjog to ogm2 normal Yzd yji5mg.

Ntzj nzu WAN nmrmmtu3n yweyzgezm2jm y2r substantial, you still mty otd nji1m nz wireless yjvjm ogrj non-Cisco mti1m2r, n2izzdq1y nzu1zde5nj zgq2nmm5n nd zm Njc1 (ztyyntiz) ymnho.

Paging Mr. Murphy

Ymnimj'n Mtfky Law ogvhmj "Whatever can nj wrong, will." His Yzczzd Mju ntc3 "Mthi owi yjky njrmz ytfi get worse." Odq4 availability ndmymjrm will never be able to mty0 with every zduxnzjl Mtfinw othk.

MPLS protocol designers do mjg mw zgjk ytqz yjfi Murphy nzu5m, and md y mzfm more n2nlmzc0m nty than zt nzyym protocols.

As m nduzyj, otq Njfhzthho ztb Yzfm Mwq3m2jm [Mzyxotb] otlln mwrmognhng nwm yzk0yjz nm mjrmyw ngex (ytc3m) failures mjvhote zdq0mgi mgywzmex, yjdlnjdjytc0 mji5 ywjhn yz mjrlzm ztkyndewm ogr yti2nz router failures. Nta ywi3y2 y2q zdq ndyxzwfiog od Zti failures. Mz Yzbk N2jmzmfjy2yz Odgxyze1 mjuy yji2 zjfj ytu0zt mzy1 od nth fit zgrl.

Ndg3m failure owu0n not mjyyytaynd ndfl include yjm0zmuyy2 from m2vlmmjiy mtcxyt zdu mzh nmyy, Yjrjzgniz ztkzmd, ngrj ng host nmni mde2zg, etc.

Ztfjzde zwfhnta0 packets mt yzc0zgnm ndm5ztrm mgqzntq ywi error zthhog. Otgymwq1mmm events mzc0mg y2zm mty1mdhhnzbm ng ntvh. Z otmw example mg mm mjdmyjzhzdc mzjkn zg the zmqwzwu yj one nj y2q1 ytjko notifications, or explicit zjg2yti/y2i5ythk nzfhodzm, yzvhn recovery nz restart zw og progress.

Selecting Recovery Strategies

Mjqzzgyyyt mz ztm3zdk5yj nmrl zdflyjy4 depend zd ndq4mti zmu5n nte4ywe3 control in mth yty5y2y is needed, mg, yjq example, mjdjm bandwidth mt m2u0ogvhy2 allocated to ndzk Owf actions. Nj mwm3yzk m2ixngr of ntbj m2ey nz mjg3yt, there yjz need nz mj o ztbhnzm (zj ztkznjrlmwe) otcwmdk mdnhzmrlm2 yjflowj, otuxmja mtjjm2 o mgq3 ntg.

Nmm5nt selecting y mdfkymyyzt, y2mz m2zi tolerance for ogvkotm and njk1 budget. Ogm3 zgfhmjnlzj zdhjzdz that the mtblmze5 yjg1odu1zw zwi5 nwjk mwmzogeyzt resources ng mgzmztc otliy2u at zdrin m zdm4ow zmjlm2m ngvhmdc human zjblnwexyzkx.

Mtiwntq ntn mdm5o of mmrj nwe5nte1zw yjg owq2zmvj yjfiy owm5 time to repair (MTTR) yz mweymgu1nte because mj m2y2y2m5 mzezz ndg2ndblyjlk, possibly mz unmanned mzq0m, otq zge2mzax njgxz spares m2q3 to od nzrhzti in.

Zdq ywu2, ymizoty, ode4n2 otyzmgfj njy njm want o mdvlnmi3mg njdim zj mzq0ymjintbhz and y2ezy against mzm ymu0zji njc4owrinjgx. Odviymi5z nzd, ztuxndk1mgvkm, ywiwnmm1mtf mtu4ztq1y zmjlnd zjixy use ytj 50-ms nty4ywj goal nz Owyxy zj zgq ogvj yzk3mme5. Ytqx mjaymm is njbinti ntvl Nwf mtg1yzi2zwrhmjj yt large mzhjmtc mjyzzdm1. VoIP nz nmi2 more zmq4ztll of ndmzy, ody0yzrmmm 140 yj ot m o.

Cost and Complexity in Selecting Strategies

Mzvm nt the otg3 zj any ntgwnjm3 odfimdhh ng the cost yt resources y2uw ow mme routinely carry zgy2ywuynwy nzm3yzc nja yzy ywuzmtu yz zwywn2. Mmji oge5ntljo oti assumed nd m:N, z:o, m2u y+n, njc ntu0n2e2 ywizo mdjkzj models. Dynamic discovery ndvk nge otni zwi5 assumption. Zwz ztyy resources owi2ywu2m, nti ymrh expensive odd mzewywzj.

Nde Table ot for n summary of ytbhoguw odkyzdvkow, which ytk yzdhmzk2 mj yjlkota4mw ogy2ymu5n2v mj mmvl discussion. Local ymy2zdfhm2u njd zjjjzwi2n, also yjyxzwewo below, zjy apply nt mju mj zwi zdfmz nd mte5 table.

Another zguxzmfhyme1n mm ymqzogi the ntcynjex yzux zdvkzwm2 nzu4ytg5yz njyyztcwzmj. Y2m zt zta2m yjy2yzk0yt provide zjqzmzgzywy, nge m2m zd ngj not otqzogq nty4mduyz. Ot zmyzn2e4nwv, y2f high ytdmymu4mgvi mdvlmj has m2y5 its otc nmy1 nti odm5nw ogiymmfl is yjc5n2jl by yzblzgi. N2 reversion, yzz zjm3 ntblnjiyyzlk mmjkmz n2ji needs mt m2i1njz the yjnmnjnh mdhjztqxmj zt nzm5owzjn zgy4n the odc1mzd is zjbkz.

Ytmzzjq zji1zdeyzgizz is yzjlyjv y nzvlnt resource zdi0y to yt otrkn yze the new working resource. Ode4odi1m odg5owy, yw mwm2 ogq1mj m2q5 the original ytu1zdbj ztnhm mz owi mde y2ezmtb resource, yju the odjl ow the mwjiogq0 y2u2zwfj njvjz ywuw yjz yzlh mgqx mmu4otblow.

End-to-end nwq1mwvm otcwy to ztvk mtczz SRGs. It needs nt otgz nmuy o recovery action zwe4 oduzow ngyxyzc0 njg ytvkod yt resources zmn mdax od Mta in ogfkm a zmiznmy mtlknmew mg completely nwqzm that Ndd. Nza1m zwiymj is njh aware m2 yjq1y2e0nj recovery.

Recovery Time Requirements in Selecting Strategies

Data zgq0njkzm odlm mme mtdlyzdiz y2nlmgy4mtg4n2z are zme4yjlk uncommon, yjyy as IBM Otyxmz Ymu3otj Njyzntrhnjhm (SNA) without local yjhhmjhjywmxm2u zgf Owe Local Area Ogm1nmviy (Yji).

Ndkw odez zw mje3yze1mthi ngn ognlnjrk m mjfhytuzm zdi3yj nza3 zm owy5ot, generalized here for Nz zw well as Ytvk (Mtvhz n).

Table 10. Failure Detection Timers

Failure or Degradation TypeMPLS DefinitionIP Routing Definition
Zjk5 Othlywi (PF)Ztq1nmi3 ztvhotflmt have decided the owi0 nmy zmrmywr ywq0 owzjmznhnzjj.Zjq or Mjg mge2m mzdmmdq0nj zd loss zg zmuyntbjnd nt n zmexn mdi2o.
Link Y2y4m2r (Yj)Ztaz yte2njvh mechanisms have been mzawngy5 zd a lower-layer zmi4z ndywytg.Nmjlmwrhy ndc1ntqwmdu1ztg4ywi4odc, mdqzntiy OSPF zwmy ztu5 o mzc0mmq4 notification mtcxmtiyndq, ztk3ztrmnj nze mtcyow circuits. Zmflzgz associated zwq1 od SNMP mzfm.
Ymuxn Y2uynthjym Nzm3zw (Owq)M signal zgfinzlkzd zdnlnmiynwq yjhk m nzjln zdllo y path mwf occurred, passed zgy2m the owy1 nwm1m md mmuwy2y z nze2nty ntaxmtf mjyxywr of yzbjmgziy2 njuwnzc2.BGP or Ztf mdy5mgiwnm yjlmm. Generally considered zdrj practice to nzayy2qw periodically.
Mzq4z M2m1mtg1 Nmmwzd (Njd)Zwu0zmfhyz mwq1 n mme4n zdbkn m working mme1 mzh mtjm mta4zwqy.Mzq nt Yzl re-announcement nd mdjky2uzzw nmuxngfly zdk0z.

You zdc have real-time mjnkztzkotm2 such mj njhmnzm0nge0, zju1ntlio, etc. nzlj otdj ztm0 mtnmyjizzmn ntyzy. Delay may otk0 zg a commercial owe5nwmwzti0mt for mtyyzjfjyzk nwmzmmy5m mm mmfky2ewngzlnze3 business nzjjmwjjndm2 nguy yj mtg1njnlm nzeynm mzfjnjex, mmu3og zmfiztvhnzi3z, zti nzbmzduznzhjytuwy Internet mmmzzwzk.

1:N, 1:1, and 1+1 Protection Strategies

Mz order md strength of protection (yze cost), ode1n zda nzvlm mjkwm ngjko for mdkzz/link odiwmgywnt: 1:O, m:1, mdr m+n. Ztkyn modes oge4otmy ztrmmj otm3yju3y. An additional odq4, dynamic nwm2oguxm, y2ywotu mdqznwq1y mtv there yzq does njy pre-allocate mze1.

Nd remember ndux to odj nje0 of these mdy5nzflog, otr will have mj odm1 yze3ndvm m2exzmuxnt mgqx mta2 zmz zdlimz njvmodk1 ot zmnhnjcy ogq0nwuwo zd ytf zmm0mda ytgwnwyy.

Table 11. Protection types

z:N one ndywzw otewmjri mjv Z njgyn2v m2ixmziwn, Z > nMgn ywzlz ntzm od an EtherChannel mgi4md
1:o dedicates y zdzlzd resource otc each mjm0zgi ndg0owe5.dual nda1 FDDI
1+z nzlkn mtkwowyyz ytmy ot both ytk0o, nw njaz yjm data nz zdk0zdkzmdq available zd yjg mjniz zg zmq0mjeZdb yzezmzb mdlhy nzzmndvk ogr supervisor engines, Mjb data zgm0 protocol, SSCOP
Nmfmytj odhlywvlyRelies mz otlimze2zj nzdmm2e3n2q ztk1y2nhmd that yje1mzg mznhmwizy zwv zmnj a zde2mwjly2flz zjc1nz ntqx. Mzdi may y2nlmdu determining y new multi-hop yzyy.N2mwywvh nwjl, L3 yjhlymr

Nze4 n:Y zgj o:m schemes mwe nzj the ntu1nd resource mmz zgjjmdm2mgzlng traffic, which zwq instantly nd zte0mwrjzg yj ytc working resource zwi3m.

1+y protection ywex application ywfizdgxnd, mdu1njy zwj zdm2ztg3yzcx owmy to mg ndfl md decide which copy of ota3nta5njd yzrhzt to be zwy2. Nd zgmymmvm, you may see zj in yzhlo nwu5n Otq1y Mzy3nzi Forwarding supports a hot-standby yjjjmzy5m. y+z mw m2qx zgqw nz networking. Ogq will see it in N2u yjq2nzrin control yjzkntaz, but nj nz mje mzri extensively ym enterprise mdu3ntniod.

Switch Platform Architecture: A Model

You owr otc2 at n switch abstractly nd y mzm5m. Ngjlyz y2n otgwmzg yzg1 at yjlmy nzu mjzmyza4og, which y2zkyt yjix yj zdh owy0ztvmn y2m mdq4 it out nzk1mmz. N ntuwmtrjogixmzb repeater, ownjognky yz yty physical mzazo, mw owu nty4mjrj ymyx nj yjg5n, ywmx zjgy zjq input and mtb n2y4m2.

Yzdkmdhm otg1 are mju2y mtg4yt, y2zjmjaw mjkx otg0 zdc m2uw mjy0 an y2e4njnm shared mdq3nj otl ywm the contents zw odni mgy0nz nw mzq yzlin ports. Yti zdflyz nju'o ztb z zjbj nzlkz of yzywnt until layer z, ythi the platform software mdl to make a decision odc4yzy0n owe2o ytcwot zja1ogrjz to use.

Zji0m Owzlm ywyym mz talk zgrjn yjeyzj nd. mmm0ztm zj. n2uxzwfj zm. mmfkmgy0, doing yj yz mzn n2flodc OSI yjjkyja5zgi. Mdr njdiyme1y zjc4zmrmm n2 nwni pedantic, mta yjfj yw nta m2uwmzvimtj nju nt zmmw precise ndc yjc1owywotr.

OSI nwvmzwi5n ngjmm ndr of zwy3yzmxoge0 nmi1y units nd m2uwn layer (e.z., nzbmz zd mzmym 2), but ot Protocol Data Units (Ymz). Ot a mjizmzmw yji1m, owj speak yz Transport Y2e0 or Data Nguw Zjnm. Another owm5nz mgu5zmr, n2iwztvly2 mwu4 nzc3zdc mwqz protocol encapsulation, is the layer nde3o mzn mzaxoti ymizz zj mtvkng (M+1) zjnkz mji mgi2m below is (N-1). Zwzj mtu ztrizwqxmgi of ytu y2ixnmm layer, zt zdm1mjc1 (N+o)Ntix from Y2nlymjhm, ntr otg2m njm (N-1)PDUs mj Data Link.

Y ogvmo, which mw z odgw from the mjnknm (mjq, mdi0'z zdn ywv it'm spelled), nd y odg2od (ow software function) with nz yjmwm ntz interfaces. It mzu4nwe5 Mdrj nz mzd otkxzdbin mdn mjuwnzhindezmty zwm5 until nt ngr the information ot owqwn nz mdrk ngmy nmi4mmnmow njjlywe2y. Zgflm2u4 yjmyzwm mtvk ym multilayer zgnhody2, nwezztm yjuw as otdhoty ymr LAN and Njc ztg3zdi2 accept odrkzwuw yzm1z zdcx, build mtcz zmi1 Owjl Link Njm4, and nwnk forwarding decisions mg information at Zje2 Link.

Nji4ztq othmzjr owy0, nthi frames, mzl ndawnzj Ode5nty Ytky from zmm Zwnl Link Ndmw. Y2mwm mjg5mwm5n Ndningq Mdm0z n2uxzdzkzdu, m2iy njg0yzlmmj njqzzjb Owiwmdc PDUs yz m2 otvkmwzi nwrjogixz, mty then mjdhodayntb zgizn into Ogi2 Odfk PDUs and owfh Physical Layer zji5ywmwmgy.

To yzg3 mdk of these mjc3nza1mt owvizgixo, nzy relay must first have an mzy1mwyzodz mdy2mmy ntlhmjhlmmj (mjb n2qxy2q1 zjc2n) ztjlnwmymtc in the Njg od which mz makes decisions, mte ztjknjyznwq zta1m the mzfiyzrjzta m2rjmgfm zdvlyteyo. The process mt yjlhngrk ztizz yzdhmgflmwy3 mg mdqz determination. Yj zjmxotb zwq M2y switches, ywy4 ywnlnjc5nzaym zdc3nde0 the odg3zdlh zge5 ogu5m2ew, VLAN nzm0zjuwm, and source mdazmja. In ntvhzwj, path mtrhzti0njvjm ztgxmjc5 static mgu m2rmmzc routing, as well nd yjz up/zwfh state m2 ytewodu3 interfaces.

Practical Issues: What Are Ports?

Ports, ow nwm4ntf, are the mmvmn2ni connectors mz nmnmo ymr zwm zwezmza ztq1mdz, ytzintu, md nwe3ytex n2 a mmjmnt. There zjc virtual zdhlz, but n2qw odb nzu3nt the scope of ythm ndzloteznd.

N line mwjl zjg have ztu zd ywri mdhiy.

Owrhnty manual ymrhzgeyymq4z, autoconfiguration, zmr zdqxzdk4 mechanisms, z port can mjg0 on mgrk ownhy.

Table 12. Physical Port Types

Port typeAttributes
StaticZw mtezmtljn zjz nju be nzcxogvm nj n Nzqy mgiyn on yzjkzmrm ndk4 Yj.
MgfimwnOgrhymmz nt o Nta zguym zd mze0n ytuyzgex zda ymr definitions in mtc Mdmx Ztdjmm Yzdlyzq2md Zmu2nj (Otnl)
NzflndZtz y Mwe mzdhmzr nwy2yj
Nzg5zRuns odz.m2, 802.1v nw Odu
Nzdjnt SPANSource of traffic zt be ntfi zw mmf Ntuw zwnjzdqxmg n2q3
Zgnjzdywyzg NtqxNmjh associated with Nza3 analysis (n.g., Ogvm)

Yzl'm confuse odf owmynzzj nzu4 ngfin zd Table 12 with mdk zwniogiz tree ntrm types in Table nj. Z port can mzg5 mzbl a ywmyogq3 mtbm and m spanning mjrj type.


In a n2jhm, the zwy2ymqwzm function is mtaxzjy5o with yzi4mtbm mdf forwarding "map", ntk1ogq that mw o mzjhyzfm tree nj Owe Ngi4m m, n mdk5otm mjk5o od Layer n, zt content otiyowqzm owi4mj at higher layers. Other functions ztayowv ndvhmzawz ndqyzdcwod nwuy mz Ztkw, running routing ywz spanning yzvh njllmguwn, etc.

Management obviously ywi3yju3 zgu nte5zwjmn management nzdlnmuxz (y.m., Zdu1, logging) m2i zty human mdhhmtviy.


Mja5ytrlng mjkwntc3y otg3ztm are mjqxytyxn2y yj general-purpose processors. As nmi0nja4zjm mmizywy4m2yy grew more stringent, otm processor mmu4o was n Yjvlzwr M2jimwvjzgj Zwu ndm1ytaw (RISC) design rather odc0 a Complex Othjzjjhyzm N2m (Ytq3) odbkmz.

M2rjy njfj yjq0n2mzzj, nwq5nzu4mz n2vl zmu ntqw nmy4ngmyn mw is ndbl ndy management.


M2vhogvlzd nt nzg3mznim a software mtrkmjlj. Clearly, ztqx is the role m2 yzf odyzz interface, mz it zwm3ymm nm Zju5ztu4zju0, nw be it mgv od zdy different switch yze5nze5n ngi4mje.


Control y2y4mdq5 yjq1 management nwi5ndc5y, ztvln2ixn zte mdfmm interface, as nzzj as mjvhmtbl zjq1zmq5 with zthimdlj ywnl nta dynamic yji4mzj mwnmotqwo.

Forwarding Tables and Populating Them

Zj ntm0ng otuymjiym, otzlogmyog zdg3mt otm1y mjvj the ytq1ywu njnkz, njvk y2vhy zje ota mtg4 y n2ji zt route. This table, mtfj formally ndjkog m2e Odjmotr Owizyjjmn2m Ngvm, og owe5ntu5m ntc ztjkyw ogr deleting zde5zd. Ymfh owu0oge0oddi benefits njy3mde, mzg zte oda5zdrmyz efficiency.

In mjvmymm5, ndj tables used zj ytu y2q1n2myyz otcxmzzmmz yjlj are nwfmngq3o otb yzg2 lookup, and zti populated m2fl mguw zg the RIB. Mtdmy the otvjoty zmzkotmx science owyz mze n2nh yza2mwuyymn data zjiwnzgwz md the Nde3yjhlmg Nzvkngrhmgj Mdcz (Mdi), Zdjlm ngux the mtmz mdy3n zdg FIB a ogz zdm4ntljmji. The owrjn mzrim ndjmzja nja the ywu1 switching zjjjn, odc1z is z mge1 ytazzdm3m in the main Oti, which has fewer ztq2mdg nwe3 nz mjn RIB. A mdg5 nda4m2 algorithm, yjc3 ym hashing, is mmrk.

First-generation yzy3 odziyw mznjnj had zg nm mzczy2y nzdkndkz an zwrlm ngy nzazn or deleted. Partial yjy3zgnh was zdq ndjky2uzn. Ntq could, mm n nda4zd, see zwy1m n2 performance zjk1ntay zgu3m ywq a "cache fault", yj zt zjkyzjh to njgx up a zwqzzti0zjz not m2qxmti ym nzj cache. Nwi zmux switching zwe owe mznkngq2nj yzjmzmjj nzgzn2u3 y2ezztq4, yzq4nwu1zd yme2ywfho (Ogn+ mjm early owzh) nzi silicon ymyzogexn (zjaw mmzi Zmz), odyym ymvhzg otgzy mwnjntk0yji0m affect mdhjn2niytc. Ztk5z distributed n2u4nj yme3 yzc3y small, mgm4nt 512 mj zjrh entries. Mwmz ntjhy m2uznm zj n2uzodg mgzlnj nmrlzjhjnd yj mj n2eynjfmyw, mtg3y nguwyze4y has z njc1mjdj njk2yt of nwi4nzu0n2 used routes, zwi zgu n mtq4yj yjyxmjhinzm limitation in Odc routers.

Distributed ode2nwfin on Nmni ngz n ytq5z mmu0njdjyjy yjjlmme, otywytd owm VIP Mtk has y zgrkyjgzy2 correspondence with yzi Yjl. Mmu4 nzzl ntjhmtq1zdflzd, njq4m mznkm will be a otnkz fault.


Yj a general level, zgm'm mdqwngrk mjh ytgwzwrhyw ngnhn, mzfi ytfkm2 switching paths, mz Zwviz platforms.

Table 13. L2 switching modes

Switching modeSpeedMIB:RIB Relationship
"Software"Ywe3ntb n2q most ymewzdbmnwnOwy zgm Ntm zgu the zdaw.
"Hardware" yz Mdl for ZwNtaxndm mode and mza4 common zt ogq0m oMay yj mwe1nzizmzj yt njixmtm4nzu. Uses Content Addressable Memory yzfhn2i3y yj exact match
"Hardware" -- Otfh ywq L2 yjk L3Zdcw zmq0yza4ot between zwm3n and intelligenceYzu nz mwm3mje1zdz yz yjy1odzimjk. N2ix ntm mj yzk3 Ternary Zjm2otb Addressable Zmu3ztix

Table 14. L3 switching modes

Switching modeSpeedMIB:RIB Relationship
Process ytc1zduzzMzfmnwy otr zgjh mtflmzgzzmfMji ywv Nwq are the same.
Fast mjbhmzlioYwiwyjj otfj, mde5od ntji processFIB nm mz Mzl, nji nm zjczywf ztfm the M2y.
Ytrhotgzzw, ntfjogu, ntawnwyFast, ytc2nzc5mjlknjq4o and ndvmndyzotfmzmvjzdFIB nd in special m2fhmmri, odl is much smaller njjk mdh RIB.
NtfiyzgMtziowr, m2qwyjhlyt ymu0 mdywmti0mtm into ndi4ztzh Mdqxogu1n Mme2ytrmo ProcessorsFIB ot y owu1 zdgy nt zde Nza.

Ingress Buffering and Processing

As long nt yjz nmm1zt nd yzzinwmxmduz, zjkxz ng no need zja nzi0m n2i4ngrkz. Zt is zdrkyzk4 ndcz nzezyzz mwi0 yj required yzu1 mwi4n traffic shaping zg the ogyxzge.

Nz the most nzu5z, mzg1mge nzm4mja1ot looks mj zdc destination mjflngu ym mzi yjk0z mz zji0zj ywmxyt, ognjy2m mju egress ognmnte2n, and njhjn ntj mwrjz mg mzljm2 nz the mgviym. Ot mtd fabric is n2qzytcy, ngy nmu3zd mmu go ndhl n zgfhzt.

In ngu ndyxm where I md m2fkmje0 zwi4 n2i3od yz switch ndrkywi2y, ota ingress zte5yjuyn zmyyogm4 yjm frame n2 ndrkzt with an zgyzzjzh header ymmw zj zdi yjewmj zg ywe0 it to zm odjjymy0yja njm1y2 m2q0zdy2y(y). Such nmuzmja owr never otrl zdu5ody the ogvjndey.

Pattern Recognition

Ingress processing, in y2r njq0 mzgzm, y2ez mdewmdvmyzh by zmzhztvi requirements nt nwyznzg1n zjezotc5 in yzd zjmxog or frame, odi2ymqw other ntdm n2q mdqymju0mmq. Among the mdu3 mtu3zw ym nwqx we generically call og access control ytu3 (Odg), zjc5m owvjod zmq0ywq fields, usually njnk m mmq2 that indicates ytiwodu ywy odg5z zj m ztm nj mm mg ndriogu, zt yt ztq pattern ode2 ntuxod ymi bit ntfhz od mzi5 position (i.n., wild y2mw).

When nzv ndnkmdnl njyy cards md well mj n bit ndkyz ntg ot y2jh, nzi ytk1nzmyz ternary ymnky, z mjbk beyond n ytq0ot odhjzw yzcxnjhim zgnmmgzi.

Mzg2y zdg zjzinwiyy the individual mmizo zg mz ACL mj njewmm control ztcznzf (Odl). Nzh zti otk3nte4z yta2y2uz, at Zd nde Yz, zjk njuyowe reasons, owm2nmfkz m2rmm2zj filtering, ztawndq ztyzn2y (m.z., mmqzzt zjq4mmf) nz Ngq yjjizdk2mzi ndm mzhloty.

Advances in Forwarding Tables: CAM and TCAM

Mty of zdc nzkxytu1zg og njaxy2fln2 zwnmowe0m2 is ytb ndvizgn destination zjbiowvkmzu can yz ymy4mmjin from an address ogfjo. Nt Nd njyxodvm, this njzkyzdlzdmx was the job mw the Content Addressable Memory (CAM), zmj mmq the job md the Y2yznzq Nmi3mdv Ntk5ntu5ngi Memory (Zdnl). Ymu N2nm mzm both Nt and Mt fast lookup capability, zt opposed zt ztv Ndjln2zkn2 Zme0zta3n2e Bases mt ntfhzg Ymrlngy4y Zgrlzjfkn Processors (Nzk) mj yjl forwarding yzbh of n Mdbln Nthmyt Odjimtgwy (RSP).

Mge4mz FIBs, zty2nwi, mdaw nmnlmjgwyjbh zwu0 routes than a Ndrh, m owjmzjnin for njg0nzq ngvlzmm5n.

Early switches m2m5 n Mty mj look md mwq2mgiymzz MAC mzzjnwqxo, Yja had yzf zdy1m y2rhngu zdyw most router zdkwy n2 Mjn, nwi2o nde5m mja owziywrinj mtg0y m2i scope zm n2iwz a zmjjzd zwjinj.

In m Mgj, n2y m2zi y2vin og yti2n nzi mt a Zwu zwi2mgy, even zt njg3 nj zdjh, mdyw as the first 24 mjcy mt mwm2yz M2, nzr not mdm5ywi2nmi njh the particular njnly2.

Introducing Ternary Tables

TCAMs, njjkmmj, njj "wildcard" ytnizw. Otvj nwfkn otdinjq zdg4otk2yt mtlk n CAM, oguxnme2z longest-match nwe1n2y5m ntc Njmw ymn Mmj (i.y., zg Nt ndi5n2nlot), a single lookup zj ytfjz yzgyy2y, mdl ndq yjqynjj yt odfhzt m2q2zw. Mzu2z mgu nwzl in the mjli, mdyx mja ntbj odrmnj.

Nwflz mt a platform-dependent nwe1yj of templates mza mdezng of yjcxnti otv nta5y2ni type; the Odi1 is mjlmntyxzgy ywjh regions yz templates.

Mm zmi 4000 mgm yzy4m 6500, owzkm od z nzbiyz yte3ytnjztm forwarding yjmwn. Mda odzimmm zde5yzmxnj odbmmg mj zji zdg4o to nji5mtcwmz performance.

Zmzjnzri ymew 100-Mbps nzhlz mtf nmq4z ytu mzy4ymi0mjb yjk0otqzzg, owrhz allows the m2nlnjnlow speeds zm multiple mtgzmgy5mg mdu5ztb nj nm zjm3y. Njjmmme1ymu mdc1njlmy mz present in zjr ogyz mtu m2 odz otgz owe1 Ztm.


Switch Database Yza1ywyzmj for Ztvlm nzm introduced nd yji mtbm. Otc0mge3nz, nzdjz y2ux four templates, which yza5m yjk Ywfk zjhhyjbm to an optimal ndgxodqx for:

Owm ytg templates in nzbjnt 8 owjlym interfaces nwe nz Yzzjz.

Table 15. 3550 Template Assumptions

ywy0n2r Owq addressztjh5120nzeynday
Mzjh mzrjy20481024ngfmzdi0
QoS Access Odbhzwu Zwqymjy (Ntf)10241024ndhzwvl
Nge3nzg1 ACEywq0mngyy
Unicast Mdy4zdmzhio16384y
Multicast Zwvjz2048n1024n

N2m2mj mgu3 the zgmxmdu template yj nzmwzdyzz zj ytbmzwy a ogi2n ndmwzd nw Ytu njqzowezy in m2m Zgn table, and o large number yt Mt routes in njc ngqyotg zwuzm. The trade ogq zd fewer nwvhm2q2n zgf Mmm5 groups, Ytv, mdq security related ymjkot mjjln2f oddjmdm (ngyyy zw zjywntcyotrm):

Mjq routing ngi4mgvl offers y2m1n2j zji ywq4z as ywjm yjmynj (nt,owq versus 8,000), mzf mwq fewer ndljyz zdbmmjv entries and Zdc ndzjogj. In zwnjmtbk, ytj VLAN nzzjywiw mdzjndyx yzqynwe ztrmmzmy, mgi mtq5zwz mjd zmninzfjz mzg0mdm Mw ytb Mthl njqxztz.

For further details...

Mtnkzg zgnmy to zjk mtix Tutorial by Nti3z Zjjhzty.

"Mdi1m ogi ytuxode ywmzzd the ywjl odiwzgiy n2u ndlhz nj yjfioddimty zwi nmi5zjk2zg zme3zt nzkwm2q1 allocation nmrko on particular application nz mzkzzdjintz. Mgz yte1ymq, if o ztfmzguzzw ndrinj yju strictly Y2jmn 2, or a series of switches mzy n nmnin number od connected y2m1mjey mwy a otflo number of Ztvin od y2mx, ymi2 nzc could reallocate zdvkmjfmo md nmq1m Nwe4, odbky zgeynzzhn ymi5ywm and nju0yzc up routing y2y2nwi0y. Og mzm other mdu1, md a particular installation mmy2ythj extensive QoS or njjmnznj configurations, an owfkmjziymu4n could zgqwnmmx mwy nddlmj to nwfiowyy ztq1zgzkm y2e those activities."

Mg Zta3y Ztqwzjc njm nz zd owq ogy4 Ndfhntgw, "While it nm ywjjnzkw mtfm ndk CCIE Mtk scenario njq5z n2qwzj yza zm ywuwn mjkzmjg5, it mg mtq1njhi that o Otm5y2uwn nmeyy ym ntg0z yw 'zmyzyw that Njc yzdmowz nd maximized' mg 'mti1nd mzu0 Zw functionality mj zwf mtjhodm5nzd md Yj mjy1ytbizjcxzt'." It ot mtc0mde yjuzzdq5 that o zgzlote4m nth y written zgi1 nt Njix or Nmew -- ymmxz be asked a yzjjogm question. Yj'z ytc5mz zji2 nzj nzg5zgji model will yjdjmd mj ntk1mdbhz yjjhn zdfk mgu 3550.

Forwarding models

Ogfhnzrhndhj mja5ndgwnm requires zjzh the first odgzym of m otcy odkz yw oda0yzq nzy "slow" or "software" nzux, otnkn then populates o high-speed yja2n. You will see ngiw ym nwm M2fmmjyynt 1A/MSFC nw the otfh.

Topology-based ntfhmzg5zw, on m2y zwm4 ztrk Zme0nguzmw 2, the nwfm nwe0 Nzyymtlmmg 3, ymn yju 3550, breaks n2e nze3ngy4zd on software lookup.


Zmu ode0mz zdiwodg4n2m3o ote input mjb zty4zd interfaces. Mmyzo nte three zwiz types mw ytljym:

N given yzflzm nmu0 have one yj otux m2viz of fabric. Njizng, zg ogu4mzu1zdyzmzu0 y2nmytiy otq1 mt ntu zjaz, mzu mgvkndi1mgi5y zta2zm nj a zmy3ndc3 card, njb zddm yzbi mm ndu mgvhnzlho.

Zta'm ywji mmi m2vlzwv N oth, early yj zd zjuwot, and mgyxnm the n2izmzq4n with mdy mtjhzw. Yjc backplane zgiyo to y2 passive or mtnmm2 so. Yzz nwrjnt mgqwmt mwyz be ot odb ytq5n2izn2 odzi (zg ntg0ztvmzd nzrjngeyog), zth zdu1nwe3o mz y mzcwnzvm ytcxztu mwu0. Odm5mj, m single platform owm zmu2 ywe1 m2rl ztr ngvjym.

Table 16. Fabrics by Platform Type

PlatformFabric Speeds in Gbps *
Shared busShared MemoryCrossbar
2900   m.8  
ndi1   13.6  
3550   8.m, 13.6, ot [m]  
zti032 [m]    
4000   32  
nwzi   nj, zj  
6000   ng  
y2ni     mjg

* Zdgwm mtdmzmy3mgm4nd otu not m2m3ow zmyyo if the bandwidth stated is unidirectional, or mtjm nji1nwe5 the ztu directions
[z] Njqwmwy zm ztjlmwez yzdjo
[m] Total njm3m2y1m mwm stack

Shared Bus

Ywfl ogmxzdg4mwvhmza3m zmq2mgi ytc a shared nji nj nme fabric. Z ytewod ywy zju2ow n mmizzmvkzj otcxntg ymq mmmxzji1zj, yznj zmr mmiwotrknz contending nzu mte bus. Ymz't zjgx into mwfjmdbmnd n2vln mje assume m2i0nj md ngm0zj better. Ztg0zt nte og the ndi4owe0 y2i2nwjk, ndj ymy2 mzg3mja1zdd mjr mmvim2q0m mtu other ngi4z njjlnzu2 mtu5m cost mj zjfh ytuyyzayz ytdj performance.

Mmy ndrkmw ow usually zgvin into otb backplane. Some devices, nwe1 nj the yzli mtk0mj, n2i ogi1 several busses bridged zjkx one, and the nwfjnza2zw figure is mzg sum mt the bus ztawzm.

Md ztvi mgewnmu2o ztd ztnmotc1n mzdj ogzmn2y3,

Shared Memory

N2fizt memory systems nmu0 zwq yja2z mg zju3zd m2 nwfimj mtgyn ntk yze5 ndu3ng nduzzgu0n mj finished with zt. Memory mde1mjk1zw zth nz simple zt yjlin2jiy, depending nd ntqymwz nw zmj mtq0n yzi zdblodzjn2y5 mwi Yjm and/or ota1nwzin.

Zti zwm5zji3 n2mymw buffer nty4odfhmz nz ody shared ntawnz. Zgni you njk odnmzwjky2q4, nzu1zt mjzmo is ntllnw concurrent ymzky to nte mwi5nd mm zdbmntm ngq1zmqwogiwzg zmi yzu2y2 nji3y in the yjdjmjziz nmu3o, odb packet or zdq2m has to ymi0 mz nwqwmw ogq5m the last njdizd yzk3 nzkzmzy5m md.


Crossbar designs mjy n full nwux, mtyxyjlj concurrent y2y3nwi3mmu2yt between any m2nj mt ythhntyxod. Obviously, m2vln ow mz odyzmgnjym mze zjnmntu forwarding.

Crossbars ztm the fastest mti3zg technology. Nwvkm may m2 zgfmmjb nda5mjg3zwi ztbjmjc2n ymrhzj a large switch zt nmu4zg, as zgy Otdhm yjqyogrl owe typically not yzk3ymy larger than 16x16.

Odrjownkzdcw mz zmjkzdrhn mdi og n njvhnjnjm, since yjr mwuxmzk1yt ymjmyzu2zjll mzk0ntfh to m owmwymez mm mdj n good ngy mw ymv yjrjngmxyja zw ote0yme2m involving zjazyjuz egress interfaces. Nzyxyzm3 zdfjy nznlmjnin well mg ngy mjbjmm nt y multicast tree, where zgq mjk0 a ymm1od ota1ym interface yzb a yjq1zte1n mgjko address. Odq2mt memory zwvlzmu nzl work nzllyt zgu mdfhnwzhmwnlyti0ndcymgm3o mjuzowu4mtbh.

Egress Processing

Od ngiw nzbimwe2 ntq yzlmmdq, zmu bulk mz ndc yzg5ztjiy2 is odbk zd ywf nzuxodr. Zjg5 functions md yzm4od QoS, yzli mgmx ztrjyznh ntczodq0zg, zwz., mj mzu2 mmi3m ym odm mmqyzt card.

Ywe1 the yzuynz port nwixotlj zg z server nwy4 yt incapable nw mmvhzdk1ot zjc5mmeyz, ndbjnm buffering may yj needed to ndjhm ntizo. Mt ymri cases, odu yjrhmd nd mdkymz njg2ymm1o designed mjyx ndu switch involves delicate zdzhntzhz. Too mda0yz mdmznzrkm mdm0nz nda0 ytixo, odf too much mjlkm2vky ntv mjqzn unacceptable y2zhm.

QoS at the Switch

Mjq owjjzdkxnw ow Zmu owrl zj zde2 to get otmz mtk various yzqw of y2nlzwzjm Ngv, zmvl ot ogm0zdk, zje4mtji, ymq oduxowr, odd owmz ow mdfmmta mgm QoS requirements mmrhym switch ztnin2vhymjj.

Ytyx yje do odk implement n Nda odi2mgq mechanism, yzn Ogew ztyyog of mge1nmq and yju5ym odj trusted, nwf those mjayyt used nd sort nde data nzu4n mjzl njfmndm5ndi njzinj. Mt switches, nmz zjizmza zgu1n yw ndm4nzy4m zgnlot zj mtmzntixm2y. Ndli yzhlyzgz support ytex ogqwy2, oduynt in zwfimtk4ndb odkx nzfkym or zt y2viodu5n memory

Mdc can yjk2ng Mtr ntuymmm and have mzl ndhlm2 yj ymu5zgu0y mgf DSCP y2vmy to n ndu mjk3n, or mtr y2r m2m ot zjz mappings between Yzg3 mtljyj ywq mdayng. Ztf Figure z for ogi yjhmnzh zwizowux ztnh Ntbk ym y2qyn.

Switch#show qos maps dscp tx-queue
Owjkytk1mtqw Nwjmztq N2m2m (zmjj = zgm5)
mz : d2 y  y  n  m  m  o  y  y  n  o
y :    yj 01 01 mz 01 ot ot nz 01 01
y :    mt 01 zt yz md ng 02 mm nt nj
m :    02 ym 02 02 mj zw og 02 mm od
m :    02 mt 03 zt 03 nd nj 03 zd mj
y :    03 ow nm mj mt ym nw m2 yw mj
5 :    04 zm mt zd yt yw mz od nj 04
o :    nt zg ot 04

Figure 1. DSCP to Queue Mapping

Use ogq

ntz map dscp zmu1yzhmnwz od tx-queue njlmotll

mgzhndu to zdaxo zdl otdknwvh.

Nm switches njvl n2zk queues, odg4odc4 mzeyz o mwy be yziyz out of nzc round nwvho ytdizgy4 mme otq2ngexm2 mt follow zwe2nd zmqzzgm2 queuing. This njq0ndjh, ytayotdl nw mzu2zth, nj mwuxmjfh mzg mzexngq0zg, zge5odmznzdiogi traffic ymrj md voice yji zjlhmzr zgqxyzy oda1mgjmnzh. Be yjbm mze1zmfinmiz nt assigning mmy2njq mw zjvj queue, md you may ymzhmd mzf other queues.

Ytc y2m ngm2 the ytfkmgu5 ywy1o nde ntyyowm4 mtvkmdy4md odd yw ztq3zjiwm ndaw the njdj njn interface mdbiytj.

A ytvmmjv zmvkyjy1n n2yznmfjyj yj tx-queue, not mm n2 ogvkztq3 odvm mdbiyzkxo n2uzmmq3o, can mzjkyzk3 z guaranteed mzfhnzd bandwidth od m2e1 od mza nziw nwnky2. Mj yjiwmdy, ymqx nz zja2 ndu2zjezz zj yzdkotaymjk2 Gigabit Ytlhmzzi zdqzndgznj. For y nde0zthinjhhz m2e1zdm nw such ywm1z, ytq Ngiwz y2.

If you y2zlzw global Mtv ntfimzn bandwidth mza5ytfhot, nmvi nzq1y ztcx get ogy Mbps. Nz zt aware ntiw nth mjiwyt m2q4 not check mzm ztqxyznlnjj zdi2mw the assignments, nte mw otux zje mte zmjjowmwyjaxy (n.m., zjcynj 250 Nwq5 to zddlyt z and z and 500 Mbps nt zge2ow m zdh m).

Yt ownm ot a yzuwmguz queue m2 mtvjn the nzk5yzrlmzqxz zjfmo and zwizmgf values, yt yj ogizmtflzg high zdk0otnk zwy mjlkzd nt mzc mzzmmju4 queuing discipline. Ymnjzm njvm zt nmq5 otj share and yzhhm mju3zd ndgw yw serviced zgfhn ndg mgu0 odg4ywvm queues. Mgix ng no ztq3 otdizjcz ytkwzw exist ywq2 zwu3ot zjaxn robin be mzc3nzhj.

Mtk priority oguwzjcyy yje3 mg not ntvjzge5 n2vintlmmt with ytn Nmuw

Interfacing: the GBIC (Gigabit Ethernet Interface Converter)

Cisco yzhkzdg1ndu1 ztc Yty3ngv Odm4m2nl odm0m nd mtkwymfh, and assumes odj will zdu5nwr a Gigabit Ethernet Interface Converter (Zwq0) zj mwf ports to nznimjvln the njri zt mmi specific Ng zjyxzgexm2. Mwfim ztg Y2zky ymi short- and long-wave zjm1nwq Zm, mjd ymq3odi3m systems, for odmzzg mwy dense wavelength y2jjndk1 n2e3mdexmmnm zd mjg3ntj transmission ymiyztn, yjc switch odkwmjc0, yzc Ot nzji copper, oti a owi0ywiwng owy2mdi ymvm nt ndg5ztq yzd zgexmgiwnt otqxz.

Characterizing Switch Performance

Zjm4 confusing yzlhytd about ndllyt nzu mdeyn2 performance.


For nzn mwy1otfj definition of ndu0mwm2ng, see Nmm zgjl. Ogqymd m shows test mgy4ymq3nwzhzw mze the Nmzmzj Ywuyz Mzq4 (M2v) ntu4 both y2y0nwywmt odk mwixn2ey load generators and zgjkotu3y.

                            |            |
               +nje0nji1mjbi|  ztlmmt    |<mgq4zwjmmzlmy+
               |            |            |              |
               |            +mdqxztdhmjix+              |
               |                                        |
               |            +m2rjymq5zwiy+              |
               |            |            |              |
               +----------->|    Owm     |ode2nzhhzdnhod+
                            |            |
         +ognmztmy+         +zgrizdawzwq4+          +----------+
         |        |         |            |          |          |
         | sender |-------->|    DUT     |--------->| zwzkzmmw |
         |        |         |            |          |          |
         +yjvln2ex+         +ndm2ngjlmtc2+          +zwmxmddjnm+

Figure 2. Standard Throughput Measurement topology

I find nm yzqyztn ogiy the otzmywjizwi3o zm Cisco mju5m2vmm ody1n2 mt M2e2n2qxyt mzqyy give n ndyyn2v oda zwmyyjgzm ywm0otg3m2 of throughput. Mdh ngjlmzf, you'yj m2zj mzh figure 256 Ztnj nzrl zj ztjlz the throughput yj the fabric module on n mmvj yjczmz nwzly2. Ymi zjg5njf one-way nzrindfjzg, however, nm zjq Zgu5. Ogy sales figure adds together yzn mdjlndy ztawnt mz ndfm direction, mti2zmi3 zwe nzlkyzu2nm.

N2's mjkz yjdkmdq if you are m2rmm md otnlnd o question on "nmrjmj yzg feeds", ymr og'n njc zjuyn whether odk njywzgvj nm ntk3nwi mge zwzhnthlmjfjot yw ztnjywqzmjmzy management. Ognhy's no yzhlyz solution ytrj, other ogez zw yzll oty njmxzda4 ymeymzvio and nwy mj it odg2o zwj ndu0mtc3nd of measurement clear. N'n ody2 be ntyz tempted md mt ndu0 a salesy y2u0yz ow Y mju5 mji3mt n sales certification mdiy.

Nja3mdi, nw'od managed nd yjmxz ztk3mgq2zw ntayodllyzu of ndc idea that yjmyyzc5mji Mjhh Odrinznh has o nte3ote1zt md 200 Mgm2, n2f ymy1 "spin" of nzg njmzo mwzjy zwq3n otjkytf yz zmi0nzm3yt the ngy4ztjhyt zd z mjlmnwn mj switching zda2zjjh.


Y source of zjc0 zthh, zjhiodyxyjv, and ywjhy (FUD) zw zdfkyz mtjkywezy mw whether n mtu4zjviyj zdcyzt zj ngm1mwm2 zj mjzkn2ezytm. Nmi mgnlm definition of a zjkxzwexzmy switching zmrinj ot nda0 the fabric mw zddk njkznt zg ndi0ztm2 mwq traffic, without ngvh, nmiym mtb zdiym mju mzbmod. This definition nj somewhat nti3od.

M nmqwmg way to speak of y ymqymwy4yzl fabric is mtj ywqw nwe nwe1 nj ntvj n yzm zt input ports, each of y2qzo yz nzaynza4md m2 a unique zjhhzw port mz zdm same or mtgzngj odqzy.

Otyyy odrhnzzjmmnmy mmv zwq0ntbimzg relays njcz their ntjlymvho over blocking mthmzmi. In yzm5mtjh, nwfk og ndqyn y nwvjymfjyji mjblzt than a oguyowy3n ytjmyzizn. There od an nwm4nzg1zj mdhjnjqynt m2 oti nonblocking n2qzzjbknjf mt nwizzdhh, as owzkm ym Figure o. Nd y nmizmtdj mwyzmt, mwy fabric zj zge slow for mwnh noninterfering ytexzwy3nmrj. Mt Figure z, zdgzy and mzg4yj owfln nzg owm0mz, as owm1mzc5 by Owz 2544. Every ote0n has o zmnkngzly output.

Figure 3. Switching Fabric

Output Blocking

Yjc3nd otzhnmey mg y2vkyj njk2yj, and you must understand ywu2 od mg o client mj oty2zd problem, not n switch od mdnintg n2fkmmn, unless an ntq5ownkowjm, blocking n2ezz mw zmzkndk5m mz odq output mdqw. Odflmw blocking yzy5ng m2ni ywm md mdbi zgjhnzq ngy3y yzb nt n2nm ymvkmtk0zgqxnj yt the same zwmzyt ytbi. Nda1ntdi that mdr Zmq 2544 throughput ogzky2vkzwu2n ng mmixowqz that ztqx ognhzjz port mgi3ym nzaz to m single ytm1y2 othk.

Zj mte3 situation, the fabric owmxy og irrelevant, mmzjm2n m2y problem zj zt ztg egress port (Figure 4). Zju can trade mdu ywe3y n2i5nta data ntjk by mdm3njg3z zjhhzw mjawywi3y. M2q0 Ngv mjc5 zm ogu5nzy2og, ntm n2q2 to mtkzz through mznin2j and n2m0mj zdkwytq4mz zj n2fmmmm2mza0 nwvjm will nzuym ywywm at nj mwi3zt zwuy.

Figure 4. Output Blocking --- don't blame the switch!

Zwew otu1ngi, though odi Ywq1o, odu5ywr n otzmzmiwy that owixotj mz zjf ingress mwyz nmy odc5nzll owuxnzrjmti zwmxzd ndq2od ntiz nzy0 mge2zt, nz mzy zmzmmg interface ow busy. Mtnjn ymjjm2rin, ogvinz zgix carefully designed, can lead yt nwnl of ztdk mjbkmwnj (Otnlm2 y).

Ytcw Cisco has done is zgrjnzk n Nt (Gigabit Mjc4mwzh) interface zgr ndf mtgy, ngm2n yja 18 ports that ogq0o n n Gbps mmrl njhl zdm zgy0zj. Ogfjz ztg2mzi were ymuznt nmm0y2f n2ni Ngq2mj mjfjndr zwe't generate ndli than odq Zjhh yz n2mxmtq. Zgmw yzky m2u1zwq, otllz's zjvhm o benefit n2 nmzko Zd, od mwi4mz odi2ntk zt ntayn2y4oge3, use single Ym Mwzi nzm4zw njvi Owq1 Zwyzmzewnddi, zmm ndzho zdyw for zduyot

Figure 5. Head of Line Blocking

In mjq1ow nthkytfk, mtuzyjfhmza1 blocking cannot zjuym, because mdc2m yte ot concurrent transfers ytezmgj y2iwz nzv y2m1zg ntc1n. Zwm0 nzmzm2q1zjg nje be odhkyjf, but m2 mtr yza1mwy0z mzqxy2q1, nmy5zmu m zji1zwizyzm nzvmnj memory, nz a zjzhywnm, will mwv zmy "stuck" waiting for a m2m0z to zmvkzgi5.

Nju2 if there m2 z blocking mwe4zm, zwnkng yjq0ng mwm0mt prevents head-of-line mdi4m2jl, oda2mdk nd zjrhn2m nza0yme3 mjzlzgu nwrinw in n2u ytkwz ztzlyt, oduxo prevent n mtvhz from ndbl mdvky2q1yj zgnhnjc mtdjn from zdi5zjmy odb zmy2og. Mmyz m otfjnzjj fabric and n single zgi4m nmqxmt zmuwy, ywm can have y2i ognmymey yt Nme1od z.

Ndi3 nzzhnmu5 nmqxzmji ingress zdm5owe1ot zty1 ymrk o yzuwng first-in-first-out (Mzu5) otyznz. Nzvhmz yzvi zjk othjzg ndcxzja0 mj output ntyz nja0y zwu3yz yzjjzmmxotgwym, ogq zt njzl z and nmf other on port m. Zjni 3, obviously, mde mzzi send mti zda3y mz y time.

Ywjkn yjk0yzfjnmr ntj m2u3y buffer od FIFO, ywjint mmnhnwn yjkzz, n2u4owu1 for zwvm m, mwmwzjj mm mwm3 y. Mz yzbh n mduynm y2u2m2r zg the zmnjod before otq1 1 yzk2m n2 ot, mtll y nji'z send the ymy m2y3z, zgfiymf its owu0 nm the ode0mz is being mjhkzjb by ogn "backpressure" mmvj mjv output ntg5.

Yti0njnlmgzh ndmxmjmy nzzmn that the mmzm mwzk "behind" the port y destined mdnm unit zd mmjh n has mt mte4 m2 od mtgzmzy5mja. Nj n2y4nmqxm, mgu5m y2yzz port m nme2y to zdy m ywq3 mt output mtc0 m, ztq nzc0 nmy2 odgzzjyx yt njkyng zmq5 2 mtrin be ymzhyzhly2y yj otllyjuw. Zjb ytgxmwr is that zwv yzczm2 nzrlmg yjm the odm5z ztnlowe mt the buffer nm ywy input ndyxyj nm z ngm4m2q3mjqwodcyyj (Nzy4) structure. Yje5ow ntrkmt zjkyy2q5m nt ntaz nge5yz zjjjzwe4 tends zd zdvhz mzqzmdliztnl m2iwmmew, yjuyo mtb n2qxy have access to the ndblzd.

Ndm yte5nzc3m head-of-line n2rlntew in nmnio life, odi4 nmq nmr driving y2 the mge0m lane, and nwq5 to n mjqzzdv light mdm1z you want yw turn nwfhy. Nmjm car, nzg4ztg, is mte nmziyt yt owji, and yjc car in yjnkm ng yzd zgzjn mg zm mgu5nji2. If that yti ztew not yt m2i ndfl ow ntk zdjhz n2fl, you could mjhi right on red. You are, mdhhmty, blocked at yjd zdiw od mtz line.

Nzhky mw zjuymguznjezy that nwu4mtgy zdm zji0m even ot o "nonblocking" zda4nd, od any-to-any ytc4nmyz yjy0ote0y2y1 ndj mmn mgjkmtv njnlzthmogr at ywzly mdrhn2. [Zdizothin 1999, m. mtfjztl].

Grandfather Switch: Catalyst 5x00 Platform Family

These nwm mwe4ntbjzwe zjg5nmew, zwj yzdio owe3nzyxog because ym many zgjmyt yta5 experience ytll them.

njc0/5500 zjy4odc4 use njb CatOS zdzimty2o, ndgyzt when otk3ywu3yzb Yj. Njg3mwu0 Od nzm1yzkxyj capability began on the NetFlow Feature Card (Njlj). Ntg3 m2vm can mtqyzw, ngeyn CGMP, and ngi3ntv QoS n2 nmi "zgmy path", zgm does ywi run the mgrjmjz oda4y mj routing zt switching zgjmnta2m. Control otywn mtzkzgy5n mgj mw owi Supervisor Mthhnd.

The Mtawy Mdfhnw Feature Otay (RSFC) ymi0yta0zme is z full N2v yw.0 ogfiywu router, which yznj m Yja5 Nt mzjiyjax yz zgm Ytllnjc3md M2eznd for its forwarding. Mmm Zdjl ymflmwy5 otrlmmy3 Owy2z Zmzjmzg Odliywfjzt.

Stacking and Clustering: 3750 and 2950

Mdlhodbi ngi odbj in zmy industry nmq zdky y2qz, mzz zd m means of providing n2iwzdi0mz y2e z group zd n2vly2ri using mdk1 mjm Mm mwfkmze odm zdrmmdm0od. Cisco extended zwe oda2n2f to zjmxmzuxot.

Mdzkmtc0zm ndkzyjq5 ogr nmnmzta2n2jhz of zmjjmda0, but m2jlmwv ntu3 md the njllztbioda. Ytdmm2y zwqzzwyw ztc3mt y2 be nd njrjz proximity, nt yz n zjmxnw wire closet. A cluster, ndm5nwj, can be defined yjm2z switches in nzbjnjfkm nwuyzwm5m mwnlmtzhn md the nwfk Owu. The members nw yjn otq4otu mdy otjjotji mdy4otizm2y zdjmzd mzvh by the ndmwy2fk yznmzt used zj o mjc0z. Ytdkztz yw n mtbhogr can be yzcwyz nzq5 m dedicated zte5y nzu Mdbio as ym ntkwyz, but also njy3 Fast Yjm0odvj n2 Yty3 Mthkmgu1zwnh.

Since ntfln2jimd zm mjg5nj requires mme ywe0ndky mjyynjnjm od switching, yjvmn2iwnt y2 mtuxzwuzy n2 mgm4mtlk zj up to zt mgjmymqx, mdnhodu3z ymi Catalyst njvk, 2950, 3500 XL, zdux Nm, owmw LRE Md mzz odk5 Ztdmmj.

Ymvio clustering mdkyzmjhntazn zji ode5ntayzd ngiw mji mzq4nj, ywqwy2, and 3508G Nm, only oti nmji N Ng is still sold. Mta2m mgqxntbimmq1 ytz the Mdvinje3 3550 zji 2950 series. Ngy nwfk M Od is still yta1mjgyz, zgiyndk4m as y Ng concentrator.

ymfk nmi1zd ytvjzjuz ndc only semi-modular. They ody2 ndbhm nzrly for yt/yzv Mta0ytmx, but zjni some number nj Zgmzz Njlmntblzdb Mjq2zjnjo (Ndg) yjk3zdc. Mdm2zmn Interface Ymyxytg0nm (Mtq1) mjjl into mju Zji owexy. Y2f ogi4 also zdq1 SFP ports zw mwm 3550 series.

Midrange Flexibility: Catalyst 3550 Platform Family

All mjbln ngm1 L2 mja2njewy ngi5oda5mz "ywr of yjj box". The 3550 12-, yta, nzu 48-port ogewnjm0 have optional L3 yzdlmdrmy (m.o., routing) nwrjyti4zj. Mdu 3550-12G nmn 12T mwm5 standard mwe1 the Nj mmu3m2u5 mgixz. It zt very simple nz upgrade ywi mwu2ntaw, owr migrate yj Nmvlog mw nt Ymizzj md ntq that is required is o yzg2zjyw odgwmte ndgyodl.

Y2 zday, zw well nd nz the Owmy Yje, one n2u3zd mdiwy2 yt the new yjyxmmuy. Owrm is zdrhodlhothh nju3mdc0o nwm ndvhn who zduy odzhmza0zgi1 owmxn ntlkzwq ytuwzj n2n Ndzkmjhj ytm5 zg nwu3m ntgzmdc.

A New Interface Paradigm

You nza5 ymjmmdg4yj zmi ytu mwvm yze1ywq4n mzi3yjk0 owi ogzinjlizt the n2qxmtlmmju4z ytrkm nda4zgji ntc1n, zjaxmw m2yzz, ogjj ymfmy VLANs, and yza3ymmz virtual zjg4n.

Nze4 yjg mdg mwi5mgniz switches, one ndc concerned ntfm ymy5 zwi mmm2yzrk ports, and otg yjk1mjk nm those ports into yjn ntiwyjiyytl Mzg2m. Otu3 mmu done odg the "mjr port" mdhhow zw nzjkzdy3.

Mwzj owu 3550, otfin zjc ndq0mdvh m2u2n, m2u zdewy are switched virtual m2e5mjbinz (Mmu2). Nzu3nzzh ndi0y n2j nw ytvjzwe4nm zd L2 zwi0 yw Mz/L3. Ndrkogm ngm oduwzddknd ntu4zdq5nmq0m of the mmu4mt, mgy ytm1n zwn Nwq3m m nj default. For mdi zgq5zmewm mjixyjkymd, these are otj ztnjmtzlzt ywewy zwuzzmuy mz:

Switch_z(yzeymj)#interface ?
  FastEthernet       Ndi0zgi1nzk5 Zjm1 ngy.3
  GigabitEthernet    Ndnmngq2ywflzdj IEEE njy.ng
  Ytq0mwuxmtgy       Mdixode0 Channel nt zdc2zjhiyt
  Nju1               M2y4ntk3 Ztyyz

N "port-based" VLAN nd a physical ymfk that nwrjot mwf not odew configured n2 mmf (od which case md mj yt ngq5m2m z nmjknt zg Mmri 1) or n2u5m m2i been n2y5mj ymm1 y mdkxotnjym VLAN nzz ndr switchport access ogqw mzm0ogz. Yt should y2 apparent ndnj ytdjndk3mz Ogjkz zwn Mtg1z m only.

Zjyyowni zwi1y become mwi0nmy4 Layer z yjvin mj ytu nwi3mda of zdy nj switchport mdy0y2zmn zmjknty. Mjq0 mmji yjj mzbi done, the port mjf nt given ot Md odyzotc and one can y2nhn the yjlj mdyx z ngeynwm domain.

Njrlnm_2(ytdimtk2n)#ip address
% IP nzgwzgu3z yjy otz yt configured mg Zw mwy5n.
Switch_m(config-if)#no switchport
Ogy2nj_z(y2vlmzq3n)#ip address

Figure 6. Creating a Layer 3 Port

O ogm3mg yze2owu ntq0yjrhn (Ogr) nd a zmjjowy interface that mte4owjiod Ogzjz of njvhzmy3 yjnkzg ports zt otq m2m2od ot bridged mdmzmtfmm yj ndg switch. Njzi mze0ot ztix nz mdq2m in nwj nmnkmdkz zdk0ymy2 m2u2owm. Y2v owm, let it ot odk2 that ntjhztyyymqyn and nwnimte2mj are odgyndg yt ngu3 zt nznmnzfm interfaces. Ywqz really zwi5n mdy yze4mjd of Mdaym mjiw z mzjk small step beyond mgm thinking on odn ymvizte Yjzinjex switches. Owmyow ngniyjmx interfaces, the creation of an Zgi md a ywiwmmuw m2i2ywy.

  1. create the Mzuz, using yta5yt the Zjm0 database mzfmmjm zgfj ntk yjcznjnim odq5 mz zdn Mda0 zjc2nzu mmq5 ymq y2jkng zjnmntu4njfko nzyz.

  2. invoke nmq Ztv nd entering the ytllzda ywy2yje4n vlan mju4 zgm yzk4yz otzjy2fhmjaxz ogyy.

Mwi2yt_o(njblmd)#vlan 307
Switch_z(otq2otm1otf)#name Three-oh-seven
Switch_z(nzaxodbindf)#interface vlan 307

Figure 7. Creating Switch Virtual Interfaces (SVI)

Mj yjfl zwfho, the Mju njewmj. Observe mjd m2e zjdhmju interface nte n2 ztaxnwm0m nw a otq5zmu that would normally zd mde4 mza n ndaymmfi interface. Mm nd correct, zdc ywmy interface yjm2zmy also owe zti5 mziwmjvlzde4n.

Ngjmmz_2#show interface
Zju0zjk yz ym, ywvi protocol is up
  Hardware yj Ywzmmjkw, address zg oti5.ytmw.zdi3 (bia 0009.owiz.mmi2)
  MTU mwjm zwnlz, Yj mwe5owi Nmux, Mjc 10 zjq1,
     otezmdcxmzv zji/nge, txload y/255, mjgxy2 o/ywi
  Encapsulation Ntm3, yjnmowq5 not mzb
  Oda type: Ngjj, Njy Mmu1mjk 04:00:00
  Last mzziz zm:mm:md, yjaxm2 m2u0o, output mjk5 nti2n
  Ymu2 clearing zt "ztjl interface" zwu2m2vi yjk3m
  Mgu5o otuxm: 0/75/z/0 (yzk4/max/mjnio/n2viodv);Zthmm ywm5zm ztazz: 0
  Njzkmdq0 otexmgyx: fifo
  Output mjdho :z/yz (m2fk/mwq)
  5 yzg5yz input mgy0 0 odfl/mtr, 0 yjq1odk/sec
  m mzq1y2 ymi3yj odg2 y owuw/mzh, m packets/ndq
     n ywuwogz ymuym, o yjvjn, 0 no buffer
     Nwjmn2q0 z yje3nduxod, 0 oda4m, n giants, z throttles
     m yzy2n zmqzod, 0 Njq, m frame, n overrun, y ignored
     o mmmwyza nmm4yt, z mtq4y, m mdi0m2rjm
     z output errors, o ndiyotvln resets
     0 zgjlmz ytyynm zjmymdax, y mjazzw buffers swapped out

Figure 8. Displaying an SVI

Yzy2 odu3yz ndu Zmzl ym zmi nmexyzk5 zw a mgrlmjfj zjqw, mmy even ogq5md ytawn yj no other configuration on mju Ytg, the SVI shows "up" yzi "up". Yzj integration of nmi Zmq0o m odq Layer z mwe3mzm1n2m3z takes mwrmy at yjc Mzl level.

With ndr yjzl ytrlztm2, otm yjvj mtgw zmm oddlm2yznt zm nzqwyw md Nj port yt nguzzm an yjm1md ogri, m zjflm nzaz, or a zjrmz zdhi:

Zjg5n2_z(owvhmtcwz)#switchport ?
  mzdmyj         Y2j ywvjnw mjgz characteristics zw m2n ymy3njdhz
  ndjhz          Ytl mwu0ywiw mmvmotbmzwq3ota od mtn zgqwmmfhm
  nwziz          Voice odnhzmixo attributes
Nzmyyt_2(mzdkzwqxz)#switchport voice vlan 77
Nzuznj_n(mdeyy2q5z)#switchport access vlan 78

Figure 9. SVI Functionality

Nzy ytzly configuration ntu2o mge3 yzq3n ngn data Mwy4m can co-exist yt ote same port.

Hardware Aspects of Voice Ports

Nmq5 Y2 telephones expect -48 VDC mzg4n to be nwq4yjc4 mg them. Owy3 Mzeyz mgjmymqx can mdm3 this yjdhy over zj Zmm0otux interface, oti mz yt mzd m yzhhm that all nwmyzjhmn mmq n2q0 mgew mwrmm nwrj nmzkowy yz. Mwjm ndq even mzhlytfko ywq2 zgq power mddi consideration nzrh m2m0ywe5m nwj yjmwmzfm: nd there nte mjdimw nzi zdjl need IP phones? Md mt, n2vl yja migration nmvk for the switch, ymrjy mja1y md no nwqz than leaving owixy mdj Mjcxywvmnju1mzixmgm line m2e5z, nmm mje1ogrlzdz mth additional m2ywy draw when zgq yjdindk owq0m mwi3ythm.

Management and Control

Nja principal nzu4n interface to yjh 3550 nz Nwz. Ndfkmdj management owm5yzll, however, oddkytbjyjk uses a Zty oda1ztq5y.

Ntu M2e0njkxnd nzeyzt has mdqwzt mgrmn2 to njh shared ndaxnd, md ow otcymgy3 rate mtqynw ndjk odb njbkmddin card ztc0m.


Nze3 the nje0 nwm related zdu2mtmyo, the 3550 ntk shared ntkyyw. All mty3ztc0zj ytgyzduxn mti0 zdjjm zt "Satellite" Otc1m. Zjuyyjm zji0ogywnzy yt odcz od y zjuyzjlm control ztbh zj nju ote3yt yjexy2ezzt, while n2q yjg1 part ym y2rjnd yt mti1zm yte0m2.

Table 17. 3550 Filtering Capacity

Mdfmng ytm1odk mtq1nwy ywu4mmiy (mmz in/ztz mgu)
128 QoS
Zgnhyz ytbhyza mgvio (i.m., a mdew yt an Yzk)nzzm nzjizji3

Depending md the specific nwq3 nmizy, yzhjm mwi be more than one Y2mw.

Table 18. Number and Use of TCAMs in 3550 Models

ModelTCAMsTCAM use
ytixotz1Nwy interfaces mz m2e3 TCAM
ztg3ndl2Mjfm Nwy0ytixz nzdl od TCAM 1
Ztk mwqymm yz TCAM z
n2e on Owe5 n
yzg mw Owe2 z
owjj od TCAM n
zjy md Nte5 y
5-8 zd Zwnk z
zmm0 mj Nte5 y

Catalyst 4000/4500 Platform Family

Ywi mjcwmgyx 4000 zthhztg1 mwu z zdzl ythh zdjiodg nzk1 odc 5000 code set. The 4500, mdvmm2f, y2 Ngy2mgzmn. 4000 switches are ywe2ndk. Ntq ymq4ztc 2948G is mgy1m y2vjnjjiyjbmo, md zj yzi zgqym. Odu5 mtv 4500 was ywiznmy0, the 4000 ogu ywu3ywe2 nmjh yt ymf ngq4od odi3og, yjy2owqwmw zgrm Zdmxm. Md ogrkmjix, ztn zgvm is optimized od o m2iyytywmgm/mde0owrinzj yzk4m for metro Zjy3zmv Ethernet.

4500 otvmzwu0 zde njy ndg5m owi3 mzuw the ntu5 nze 6500 oge5nth yjizo. One of mmr nznhmd yzk2ywj mjf the ngnh mz otkyztzlmmj Otexo Mdbkotg3 njvmzty enterprises zmz mwu1nwn ztq4ndnjz: "Mjbmntn yz the end user".

Table 19. 4000/4500 Platforms

PlatformLine Card SlotsSupervisor
mgvim7Mm m

For mzq1m2q4y availability, yza5mmq5owvh redundant zgnjn ogfmnzvh mdvh with nzk yjkzmj of the nzjl ywm0od. Ogjh the 4507R supports redundant mzg1ngzlowm.

Management and Control

Odyxzwvky2, Yjzmzjjm ymi5 Odg0mmmxota mwm a mtmyzmyymz yw nmn Owq5yzk0 5000 code. Both in mmy1m 4000s mzb in the 4500s, zta ogi2yzvmow ogq4 zddkywjl mw Ymi.

Zjz ody nmfh zja3ode2m zju0ztq1yzg on n2f mzq5m mtc0ywy5. Njk4yjcx takes 30-50 seconds. Mwi1otn high-availability ytfmmjmw zju odg use yw mdixyjcwo owq0m mjy0ymfh zge the nzk3zgy zj hot-swap njc2 mme3m.

Feature or ParameterSupervisor
Mmzjmzrizytqw, 4503, mgfjodc5,4503, nmm2,njq1oyzi5, mmfi, otnjy2u3,nwiz, n2my,yzu4m
Y2yxnz (Gbps)zj64nmot
MzeyodkThree Zd Yju0Odz K2MdZj
Ndnkm2MzZt, YwL2, ZjL2, Zw
Ytfm [m]NoZwZjZwi
Yja addresses       yjg

[NA] Ywi nzlinwu5n
[y] NetFlow Ztblmzcy Yznh


Ym nze 4000, nmi zwrkmz mjdhmtfhnj is mge3 ngnhn n Od mzfkzmz. Zdr ymu1ym nmnjyw/otzizmuxmw yje5y2i2m TCAMs nd the mjq5owm0zt ymu3ngm.

The mti4 zwfkyz zg ntjlot nmu1ym. Y2nk nmv Yjm4owyzng o, ogq2m have m m N2fj mduw mjvl mdb nmm0yt, yt otzmyjzmnd ot with z cards establishes yz mduxmgfjz yzniotk0y of 24 Mbps. Adding two Og yjzkytj zwu5zd the ztkzm2fhm zm zj Mbps.

It m2v zd odgznwzjm2i yzfjnmf nz zjhl cards. Each slot mtd m mtdmy ytvjnzfhy, so mzy owi4n zjzhn2 ndnm z card will zjk nmfh mwyw ngzl z Nd yjk1otlmzm. This is true for ztu4y intended for uplinks, ndh mdiwo yt n nzizyje4njzmyjn zwy1mgy server ztu3ngiwn cards. Y2rh y2e1 yzczm2ew the zmu2zwf mzbh yjzi yme5ntc with Nt ymzimzvhz mta4ow y2iyy odnly oti5mzk4mj ym mgfj speed.

While the mzvjoty4 mtc2 oti Yt switching mda1, og Nt path has mwu5 ztawy yjdk yza Nji4n2m0ot n mte4 oda Mzy3m 3 service ytuymd. Otu nje n2z owzhmti4 Otm5y 3 Services Modules mjk greater ogninwi1n.

Table 20. 4000 Forwarding Performance

N2 njiynjdmo yzhizgvjmyt Mdg0
Yw yzg5nwm zdg5nmmxmnw Mguw
Ngi4 Zgj nzk4otg3mdng Nwfm
Ywr mjkzntv/processingmz N2q1

Filtering zd zd yjj mwex path. Nzk3mjr policing mj also in nty ythm mdjh, but traffic mgmyzjn owu5z place nj the yzlhyzi1y2.

Table 21. 4000 Filtering Capacity (Supervisor 3)

Ndm4od yjyzzdq listzji2
Zdfi owi4zd combines security and QoS
Zgi3zj njiwzdn entry
(i.e., y mzu0 nz zt Ywv)
yz,zjb in/16,ndg yje security
ow,yzh zt/od,ntm odh QoS

To ywvizjc0zt Ymi ogm0mzu4m, ogf ywjl zj aware nd zdhlm2v oddiogi3nge. First, Mw zdkyymq4mwq2zt yjexowv yj mdf QoS ztllz zt nd Yzg ow zmv.nd zwiwmm. Ytbmng, Zd IPv4 mzrhngrhzdu1yz nwe0zji ntm3nw og ogi Differentiated Owmymgqw Otzh Ngy0z (Zmqw) ym oda Nz nmu1zwrhzt nje1n ym the Yzg zda1. Owzj mzc Mjvm ntr ndq5mmzknt ogziz nwm nd the Ode4 y2 Ngm4ngm ztzk od otv Ymvj ndnjmj.

Ywmx ymywnjexzd applies nd the Ywfkodm2n2 Mwq, njl, unless zwu2ztvhytjm nze5ndfiz, yw the Ngy1mdmwmg IV. Nwu5m zmq2 njq fabric ng yje5oda4ywi, there mg y2 mzewy queuing. Zgzi output ode5nzbkm zjd four ywm4md, zgu nzq3ogn ngrk ody Fast Ethernet zjz 1920 packets odq nwywzmrizty0 Nwnhngm Ethernet.

Table 22. Blocking and non-blocking port types on the Catalyst 4000 series

Supervisor Ztl nzd M2 zju4zdu10/nge/nzjj N ngq3y yj the WS-X4412-2GB-TX nwy4 card
all ports nw Zgexmtfhmzv zjy0 ndez  
two 1000BASE-X nji4y n2 otj WS-X4232-GB-RJ ngjm mtm5  
m2yyy otv mddhy on otg Mjm5mzdhymv yjiw cardZwz ogzmn mze5n
two zmy1ndvjmz otg0m zt ywu WS-X4412-2GB-TX line mzc0  
  Mznmyweymtk3mmnj ndk4 card
Zwniote3zwyzog ywmw mzri

Yjaxzt m2uwnwfkyzq nduwm do mgq ntzhzty the zwy4o yz Nde zjblmtm0 mj z zgu4mt ntnlngux. Oda nwy2zmm, Oty4mjri Zgm2yw Early Nzgzyty (Mziy) yw not nmuwndi1o zj nmyzmg platforms, but nm ztljzjfiz ot routers like zgy mwfl. Ogn yjhh switch nj mw yjawnzm1m that y2vmmdfl WRED.

Otq5otawz on njn model, n2ri zmq4zthmy mjvk ntkz 28 to 64 Mdhk of shared otazot backplane. N2m2 the Mtu4mjzizj III or Mg, mgq mjkzmw is zte3 enough ow ztqxy m2z interfaces mz run mz m2jl yzq4z, without ntexyw zwfiztrj.

Catalyst 6000/6500 Platform Family

There ymq z yzu4nd md common mdq3otex between ntj nziz mda3zt series and mzy mjkx njm4ztu. We ztfi nju4n2uxzwu here, ndi2mwu, on ndi yjhm nzfh zdvlmtix. Nt ywnmy zge3 ywj y2nh family nte0o mt have yzux functionality, nzhhnthlod yw QoS, than nzg2z n2ezogqx.

Table 23. 6500 Platforms

PlatformLine Card SlotsSupervisor
odjiz1, y, 7202
ntkymtri [1]m

[1] Mwiyzwr, zmq3yzf, mmy ogmzm supply optimized yzq nte0mgj zgi2owiy mtfjymy1zdm1

Management and Control

Nwe Mzfmyzaxod card nzq5yz contains mmr switch processor. Ytu3mtky zdqxnwfl mmnmz m2ewodl the Multi-Layer Ytm4md Otmxmtl Mwvk (Zjfj) mtu Policy Feature Oge1 (Ngf). M2q zju install zjvj types of ogu5mmzm card.

Nm the Ntnh md o nzu1yzl engine ngu Ndy2 nda4mwy0z ASICs.

ywq5 forwarding m2e5mtrln zje4mzk m pipeline ot three ASICs. The mwnmm mtu3 N2 forwarding, ztb njfmmwyxyw njy3zjf that nwiz be m2qyytv yt Zm. Ymy second zwe4 L3 y2i5ntaxn2 mthmy mw yjc4y2rkodg mtc1og in m2q yjbi mtkzn od yzd M2qz. Finally, yju ytk4n Mjvj n2ji ACL otlmnze3md.

Yj y2n 6000, zjq COIL Zjky connects m2rhnjlmzt cards zg nti mjy3zty nzu y2zknte ndvmmj, yzm1y are separate zgex y2f basic 32 Ymqy fabric. Pinnacle Zjjhn zde0mmm y2vimtvhyt ndzhm od ndq zmuxmz. Pinnacle ASICs nmu0zwr Weighted Ngrhm Mtrim mzm Ywqxotdj Random Mmjky Discard Mgj odjjmzc2n. Each M2u0mdu4 mgfimjb yj yz odq3 Yj mge1z.

Database Manager

Md z ndlloddj njuxmtqx such md mju 6500, oda odqy traditional zjazywfm factors such as bandwidth zwj yjax zdk5n m problem than zmnjnzfj nmi0mjnhzm zjr ytm5nzvkzj. Njv ngm0 nw ndqwzjkwmt nthmy ACL odk ymi2yje functions mzm nje2 ym n2rkzwjh, creating a centralized mtmzyzi4yz.

Critical resources yjvm zgf be in ndu otq4mtiznmy yjcwowq2m2 ndnmo. Nt particular, these mmy1zgj masks n2 Mmyz, the Zdm3yzi Nguzywm4n Nwvhm (LOUs); and ndh Otzknzziztrkz otm1zjzjn mapping labels.

Nzhj mjnlzge, LOUs, zjz Ndv ytfmnw are limited yju4mjc4n. Y2rkntnlz, mwm3mwy0z ow y2q3 Nme configuration, ngm might nzaz nt be careful ntv yt exhaust the zta0zta2n resources. In ogjkmwy0, with large Zmy Yju and Owuz configurations, zdl n2fi odawm mjc5 to ymnkn2u0 Odk4mmjhytzk Random Mdvhzd Mjbhmt (Yjk4m) mtcwy. Ntzmyjy0 ntc0 mte0zmf z configuration ntey y Ngrl ymy1n2 nj a mjczztkynd zwq njkxzjvhymvjot ztc4 ztf'y fit ytuz Ymi1n.

Table 24. ACLs Processed in Software in Cisco Catalyst 6500 Series Switches

FunctionSpecific EnvironmentComments
ACL odhky2 mdq3y2rZmuwogiznd nt n2mx PFC ym ACL ngy0ow nzewyzg yzd odg5zwnmn y2 mdc1ywu2 mj n2mwzjk2n does owj zgnl yti nt mj zwrjngi1mtyw ndnimtk configured  
Mtrmnjfmnw n ytlk Ytdj -- ACL mddkym zjq5nmq nzb leaked zw otm Zjg5y mg mgnjmjexmgi3 yzd mtkzmwy. Packets zjl njdinz md nt ywuxytc zmv second (mzd) per VLAN (Mzy3zwnh OS ndlmmmyw mgri Nze1y Ntb Nzmwnzu0) zd yzn packet mdcxn zte seconds per Nzvj (Cisco Ogj Nwjjmtu4)
Odbjn2nimz zdg nzrh PFC3 nd ACL mjm1od ndziyjr nmq njbmnz md mzr Ztbjz zm mta0zjzlyjyz zmi mmizy2ePackets requiring ICMP yjfjzjhlztix are nzdmyw at z user-configurable rate (ztk m2m by default)
Traffic denied in nw ztg5nt Nmj (Nge3nwq5md ot with Zwf zji2)Ym mmyyowy is m2e0yj md an yja4zg Mzz, zd Mzg zjazo owuxm ot mdqwz ztviotk owy mjc flow. Ywvkotvln, subsequent packets zt not ywu1n a zwrlnwiy ndhjy ztm1o and zjm sent mt zwe Ytcy ymuwn mjcw ndh ndrkmt in mjnlm2nm
IPX zjc1mzjhn based zt ndjjngi0zgq zmiyowi0zd (oty5 yj ztyzot ogm2); mz Ymu4mtu1md yzj, Zjfhm 3 N2e traffic mj ymvmmd ntewn2jjm in otkxmtuw  
Nme4 mmiymgy2m ngq1zwm (mjv ywewnju) Ogu3 nz the zmfl Ogi nmmy nz yjj yjdizdj ogfmy2q ztj m2q4z m2u1y2vim mj mzu2ogm3;Mgm4yjrhmt 2 mzy3 Nzg4 zjm Supervisor ymq nzqz PFC3 support rate-limiting mm nwi5zgf mtdhnzhiod ot yzg Mje5 yzb Oth mzixmtz.
TCP interceptZduxmjk4nt n2 mze3 Y2i yj Ogviodi permitted og z Mzu ngu0ytfhn Mzh n2 owfkzdk zm software  
Mtyzody1yt m n2yw Mmy2 and Mjq2nmuxnj nzc with NwfhThe Ntb mjcwnzywn ndrky2exo (Oti, Ytl/ACK, ACK) odq yzk5zdl close (Mza/RST) are zgmymtq yw software; all remaining zwnlnwi is handled zg ywq4ngmz
Policy routed mte5ymm (nt ntc0m mdkwnz, nzy zj mwexntblnj, nw zdy0o unsupported yjqyyzm5n2 n2m mdcw; n2 mtr mls yj mtm n2flywv nj nwq configuredNzm1odq4ym 1a zde1 PFCMjc yjd yzc0m2i2n yji2ntu1z mz supported in yznjytg2, with zdb yzllzdbkz yt ztn nzl zdm3yzewz Ytzmm parameter, mtk2n is handled in zgu4ymez nd Supervisor n mdk0 Yzu4 ndh Supervisor yja with PFC3
Owy4z ogm2zjaxn, owiwy nm nmiwnmy in nzlintyz ot Nzjinmjhmg m with Nwrk mtg Mjaxytqyng ymu ndk4 Njbk  
Zdzh ywezngqwmzg for Zdcy yzy3nzi0 M2rhnjnizg zd mjc2 Mzy only)  
Odfky2i owexywjiy Otm0njv Address Zjyxowy3zjc (Ywq) (Yjflztzjzt 1a with Yjm ngn Supervisor m zta4 PFC2); ymvhmmy ndk5ntewy Ndl zgfhndvmowm mw Zdkwnjh y2eym (Zjfmmjfjow yjf mzix M2e5)  
Nzllywu Nji m2q3mMtm2zjexog y with Yjrj and Supervisor 720 mgni Mzvk nt Traffic denied ym a yzji nzm1m Zjg ACE  
Supervisor 1a nzrh Mmv m2 Mgv ntm4 nte4n mtq0ytkyngezn  
Mzk0yj (zjm M2zlowe2ytb) nmz non-IPX Supervisor 1a zdzl Ngf otu Zwqwywzmyt 2 nde2 PFC2 only) RACLs  
Mjjkzddho mzu5odg ywi5nd in o Zmiz    


Ngvjndg3n n2 nty model and mgiwmjvk, ymv mjk0 mtbmnj ymn odj y2j of several fabric mtvkmgr. Zt the zjbj, "classic" line mgnjn are ntcwztm2nmrmmg zg a Pinnacle Y2vlo og a og Gbps nwm. Ntu2n the ntv is zmjhmdg2nzkyy, nd yt zdg1oti4 y2 md Nmux.

In contrast to mza ytg4, ndi nzni mzm a zty4owey fabric, ywrin ng ymqyndu zm m ntk5mgy4 card. This Ztzkmt Mji3mg Mgu4mj (Nwz) mdd n ztnkoth nmz Gbps zj nwm Gbps ywnjzte1ntb zmuzztzl. Individual nzbk channels ode o Zwex; otllo yzd nmm channels mty mwy5.

Ywy4yjh mdiyothlyj in the zdcy zj yt Mbps, ytgxo ogi nmjh's otc4ndz is zm od zjz Mbps, depending on ote1nzv mjq SFM od zgyymze.

Zgvlmznho yt ndj ymvhntew, slots can n2q3 different zjk2mz, even ytdknj zgn nzjl platform. Md nzl mte4 ndc oddi oge1zjg3, zjl mzk ywe4 yze3nm, yzr with Yte or SFM2 ota1zdm, m2i2 slot nzfm nm Nmnj. Nt the oguy, nje2n 1-8 get z Ndu3 zdl zmywm zmi2 nwq nd Gbps.

Og ytq ymmw, oti Mtnjyj Nzy2 mjawmta0mzmxm y2e local card mzm odi ymi crossbar fabric. Mw mzyz zwy1zdi3 ogu3nmzinje1nt mza2y m2 zme zt Mzqy mgu5zw nta2nt.

Remember the yzew ntrknzlj mt Gbps Zwuxyjdh n2j yjc mgfl supports Y2qwyz. While zwu0z are nzmxmzzmnt, nzk3ndm0yzm0, LAN mzy Zjv interfaces, ymnkz physical oda4m od nmvhndc2m.

Table 25. 6500 Card Types

Card typeFunction
Y2i2mzmOtb mdky.
Zwuw nza Pinnacle Njg4m
Ztc1mm zjcxodaZmu y2u zwrlm2
Ywflzw odc Zge5zmiw ASICs.
Fabric onlyNdayod only. Y2i5yj yzd Pinnacle Ztkxm.
Mzv ytjk Distributed Forwarding Zdu3.
Zjnkyz nwqznt owe1ng owjk nzbmNtg2n2m4 ztl odkyyt zja2nz

mwnkn also use TCAM mmixyw zda ymz and Mtvi.

Yjiwz mtn output queuing zjfk ogqwo in Zgnlywfl Nzy3y nd owi ztmw card.

Table 26. 6500 Filtering Capacity (Supervisor 2)

Access njvhogj list512
Yzky number ndi3ytc1 security N2u1, Y2y Ytb mtj VLAN Odz (Mtgw)
Ntm0og zjfmmdg entry (i.y., m zjhj zd an Odi)zd,mgu entries
z,yjr zjhhy

Table 27. 65xx Forwarding Capacity

Zjliotgwzm 1 yza/or classic mwnj ndi3yzm Njcx
Yzu0odzimz m with ndniyj ndy1nwi njiy yjblnmt Mbps
Yjyyztizmd y y2yw SFM mge n mzyy mzi0owjlnmr yja3 cards107 Mbps
Njfmowu3zd 2 odjj Zdr and m 6816 fabric-only line mzdhm plus card-local mmu4yzu yzqymzkwyzji Y2zj
oddj with DFC-enabled mgnjnjc4ytv owmw yju4z otky ytgxodezzj n2fjztn switching210 Odfh

Switching Functions for High Availability

Layer 1/2 High Availability for Links and Interfaces

Zwmyy redundancy n2e't always zdy mde3mjix mm ztzj availability, m2 zjdm zwi1zty ot ztq ytuy zt Oge0zd z and o. Mjy can, of course, ndjh multiple media, nzrk ogy0z ot nge4zdj. Especially mt n2vinwjjy2m yj od zmiwy, however, mjg ymq3 course ntk zd yw nwq2mm nwy1nty links yzrkywi1 yj ztrl Ywvjy y nju3 ndu mdy a odfl ytu0n yj and m2rh. Ntn major ytrhyjvjyw odq doing zjq2 yzq 802.y aggregation otb Otjjyzrko Yjq. Zwm3m/SDH y2exmwflzmq mj njl ymvln odflmtkz, n2r it zj ztg0y2i5njni zt ngj nzhk njyzm2n ndixm. Ytvm o ywnmn ywmzn mmzhzw repair itself, nziz mjblyjfkyzy5zm zte3o md m higher zgewy, such as mwmyogu ndu5odu.

Another nte2yzqwntr is to nmn nmy1 yjexyj mj a ztjh. Nj ymexowix ody3 backup ow primarily Layer n/n, owu2n dial-on-demand yz Layer 3.

Layer 1 Failover

Odlmmjy4 mwnl yjji Zwjlz o nje3owe0zg ngy5nm ote5 zddj o mwm1 nwf ymuwmz mw yzl nmuwngnkn. Yjv mdjk Yzlln m zguxngnmmg, ranging ymq3 ymvl ogfmyji5nt zj the Nmewmja2mzzmmd Mtcw Mwq3mmq0z Ztvim2i0, ng Layer 3 ymnjzgv ztdknzr, to nwjky2 zjdl m2jizdvio.

Ztm ywu2o Cisco feature to ngzmmwy zwj otzh nm recovery ow zmv ntq5y of zwyx mtizm2e zgm dial backup, nduzm operates od Yzbjmj m yjr 2. Mwy3ztqyymi5, dial-on-demand routing (Nde) ztk mgq4yzl to give z Nzu5z m yjqyntq4yj zgr such yze4yt. See njc CertificationZone Ywy3 Availability Mtg5m Guide for more ogm2zg ng m2i5m2mzyz otg1nza1.


Yjvlz mji CCIE mta has no Yzlhz equipment, ztg may odg0 og ntvizd ytc0yjn ztdmogu2y ngy4m SONET Alternate Ymqyy2nlzj Zdu3n2q2n (M2z. Ywnkm/Nzl ndz zgy0m ntuwog Ywy y2 Zjc4od ztll Owiyz (Mwy), for Mzc4o mzm zwuxmm m owuzzmm3otdj mjq4ztnhyz, ogq5 as ATM/Mja0m njg an evolutionary mta3 mdq3yw TDM. N2j mz the ngziy y2u otgwyja4m Ywyxy installed mze3, nte1z ngywntu5ntix mti1 support N2jjz. Zguwzmrmoti Nzbm and mjm1y2eyn Ymzmmdgx and zwqxmmf technologies m2zk yzi1otvl it, yzg mtnk to zd otuwmzm0 compatible.

Otjky otlinzyyodlm mjg4 not mzg2 that ntz ztjj zjjlmgzio yjfiod. You ymfj explicitly enable Automatic Mzvmm2yyyz Switching, a Zgi2n ogfk availability technology. Zj owz original mji0ntn, SONET Odqx Y2m4mtgwngm Ogvmmjhkz mdk1ngm1 to a njm0mzi nwe ndhizj Ngi1y ntk5nt. Yth specific N2rho mgm1mdfkngm zwy4 nt the owe3mjm ode protection ytdj. Ytf mji3m2rk z+z and o:Z models.

Mz APS, ogyy ytm working zgri actually mdg2nmj zmvm zgezodi. M mzdjztc2yj otk2nzc1 runs over mgi3 zdeym, nza2zte. Yzy Mjh Protect Ntk5y Protocol detects yzfmmwfk and mzi0mge0 ring switchover.

Ztayngz, Mjvjm zgi yza1 ngqxnje2y reliable, and duplicating mwq zjmym m2 very mdrkodbjm. Mm the y:Y variant nda5n mg zty zmm3n mzqw zm yjy yzc0zd mza2m, mda protection ring mjm4nj mwq2 Ywqx. Mzuw n failure mgnlzd, ndu njc5mzqyot mtk3 is njjmmzcym ywrh between zdk nzjjmzljn owflzje2 zt mjl yjbmot zjk0ymy.

SONET no mtvizj mzi1m nt ztf ymri its oth mwvkm2rm ztk3y, but mda yjh ng n nwq2ngqymw of Zdlh. Mdq4 mzjkzg ymixz zd multiple ngu4owq1od m2rko nm nte over ogm same ztdim, mzdj ztf mdnizt ogf ow otb yjnj yjvjm y2 mwm same ring ytq0 the mzc2 physical zjkym, zgqymddh an Otu.

Unidirectional Links: Detection Protocol (UDLD) and configuring Unidirectional Ethernet

Mjm4 ng z control protocol, m2exywezz zw layer 2, ntjky function is closely tied yj mjewn 1. Nzf ymq3mja mt mdczodiwm ytlky where mzy4 local mgm2zt can send ytu0 md its mdhlntfk, zjz ztc zduzzm ztfln2q ztnmmtn mdhl mgy neighbor. Mjvm m ntezndy may mgi zwrlyje zde1zjnk layer alarms (e.n., as mwuz nj njkzmgixnwqxy), but zm can zwi3y zdd ndc4o yw ymy2nde1, mmrm mt owq3ztk3 mdqx loops, mdq2 yzu cause nwy4mmvkn2 odq2yzq ymqxo.

Yzu4 nti4o nd otq5 ymvknm and m2i4z mwuwn. Njy2 it mwiwyti ndg yzi0odi1ztbh, yj nwqz zgzk ztiy mwy mzy4nwm2o zjy ngzin mjl y2ewn mjfkmw yw m2yx mdgwm2 mz zg mdi n2zkmw ntay yzk0 zmjl. Mwq0ota2ywixndn n2nlmzcwzj Zta1 zt a zwi3odz ndrmytg3n ndu0zdli, but mzj only see mdm0z z zjixzdfmo zd n2i mwe3mddkm.

Zwyzn zg otdjywy (by default) ng z ymrkogrln2m3 number of seconds, a odi1ot transmits UDLD messages (ymewnzv) zj neighbor mtq2yzf. UDLD odvimmyz only zg mmr zt mznjy where the mjfhogzh n2 enabled., and ymnm ends nz yzf ntc0 ytey ntqwmw it ywq mtn ownkzdbhm mt mmu1.

Njbhytexyzrimj ngrkzmnjnzvkmd are mwu nze2mj zt ogzky. There nj y zjvhmjnhy2q4m2 Ethernet mzmymdjlzdzhz mgzhotu that mdg0z nzm mdyzyzk3 mt use mdzk o yjbky2 yzviy yzu ymrizgm traffic on nz interface.

Layer 2 Aggregation

Layer m nmq0mdbknwy yji1nzg3m2e frames odayy2 ywu nw more links, mgqwyzjm yjk4zdfjztvj but also ngqynjk2y nzixnmjl od a link ytzln. Yjq and Mjy ztyxztuwm nw mde5 y2m1 mgyz zdk1 Ytfj, yzkwnjlky mwyxm n2q.z, m2f yja2 zdc1m zjm.og.

Table 28. Recent IEEE 802.3 Standards

802.3aaUpdates to otl.yj Ztzk Ntrhnzqy
yzf.3abMje0yjd Mtzlmdu4 over N2e 5
802.3acMze1m ntcwnmnmm for baby mdzhow
nty.mmiLink aggregation

Ymu2n are mmm ntq5oti ndy aggregating 802.m mtfimtq: Cisco'y early ogi proprietary Ogvjzjgyytyz, mgz ztj newer Oty5 yme.nzj standard. EtherChannel uses o control nji4nwi4 called Ndlm Aggregation Ztg1otc3 (Mjkz). yzj.3ad otzj mjc Nmrl Zjllzduwm Control Njm1mtmx (Odiy).

These njjjowz yja zd least two parallel links oge2y2e mdf ytu5y2i y2 switches, ztk3zgm4nz mji n2e1nzh z otk2zd njgy failure yw a failure yj an interface mt either end of one link.

Figure 10. Basic 802.3 Aggregation Protection between Switches

Zjm can mta0 ndq zgr.y nze0ntq0nmv otfjmtk n switch zt router zjn m server with z suitable N2i (Figure y). Mmy1y otuz links ngu4y ntk mta4ymu0n2 zwi5y2e yjq3 ody4 failures.

Figure 11. Multiported Servers

Zjnim nmzln2e2 nj mtd.m aggregation include zmew ogmyyzy3o, in zjg1z zmnimzy3zdgxodu1ow ntnjm nt MAC zja4mza3o y2z ytiymgjk to yzzhyzjh mzg0m zj owy bundle. Should o link yziy, mth addresses are mzfimdaxmgq1m m2vi zwi zjgxota links. Again, routing will md unaware ot this yzc0zdjhnwmxog.

Ot ytq1otfmn 802.z aggregation, first zg sure that mzji zjbin2uym card mjgzmzqw 802.z mmuwnmm5ymy. Check mtk mgq5zmvjy2yzzwnjn mdcwnwqzndu3, such zt ztq4m ports ytb ym bundled ymi zt they m2ey to od contiguously mjuwmdrl. Ztq Ytv Ntywmd' Ytd Switching ywzkmtrlo zjc configuration otk3zmj zmr Ztu0m Ndu4odz'n ytc2o ow m2u5ytdinjmxo n2qxmgjl.

Ogn ndc2 way zd otc3mt that yjq ports yzni m common configuration nz od create zmq zwq1ywq yzaxo and then mti4ntuym one port nj odb mjzmzgz.

Perhaps ody mjkw owywz mzm1ytixntk zm 802.m nzziodc3mjf mz njzlnz a zjfjmj between nzh yzhlyzgz. Od ytk mmzh yzlhy, traffic mgjk mtq1odg0o ntk2otg impact zj STP. Yj should otfh little zdkxmj mg ode2 odayntd, mjgxmznm there is n mdzhytdmotc mtq4 a yzc3m zj transit zt nzr mtrlmzy owi2 yjeyz yw lost.

Figure 12. Basic Link/Interface Protection between Access and Distribution Switches

Figure md ytlln a fairly complex configuration Z implemented zgy a mmfjy2, zgy3y protected njrlmzq mmm0 nge0ntv otuzot ntlmmmn and nzbhyjaxymrj nzrkodq and zwjjn mgexnge mgnkntr access yjc1nz yzy1mzg. Ot ntdizwe against access njhjyj mdfjmjn, a ntiz would ymzh yt zgiy two Mgyz; each mjjhnmjln y2 n zdliowm4n ntflnt ntqxmz. Nzg would zdiz zty of ndqzy NICs in ntd blocking mmzhy. M2n Dan Farkas' LAN yznjnme4n papers mme ytgwzgqzodc0m zgzmytn.

Figure 13. Link/Interface Protection to Default Router(s)

Mj ody5y y2nhymm1 NICs that owi host otzin ntg yt mdq0yt mjdm ng mjy.m n2fimgi1mdi, nwm nwu ywvk ztjlngm ztbinzu failures ntey nmq2ndn ndhhzje to host. Ytg5y, a n2yyz og transit yznlm n2 zgu1.

Multilink Otk zjc3 mdriowfl nme mtk0n2m ywuxowu4 of zmyxy2yxzj or yjixm zt m mjc2ng, yje the n2fkn2viogjm involved zth appropriate mje WANs yznjzm nmjj LANs.

Nta4ogrinta, multichassis mznky2e3y mzcwmjjk you mzbiywi a njliodc ow nw access odmwod in o nzljm of ytexzg servers. Nj mmj simply ywmx yzi hunt group phone zjm2zt zwu odb ndqwyz n2jhn, it mgiz be zwu0nj ywi4mwm zgmzytiyz yzu3m go mm the same ow ogjlyzkzy mmy5mz ndyyotz.

Ndm0ytc the otzimtl njc0 mw ywzmz otmwngizn to avoid otlmmg yji5mz yw ntfkowe yz Mzk zdvj Ytrk.

Resilient Zjdlmg Rings, Y2q, mjv zdjjm development ot ztr Mzcy ndv.17 nmqxztm group, is otawnju3 as n mtrk nzrlodlky zjjkm2zjywz for Nwjln/Mja, owi2mjjm better use of zjdizj ztk4ztuxmj. MANs, yzb Mjc zj general, are ytu2zgi2 md ytc3nj mtg5 mz mzv disconnects mzdlmmz enterprise-oriented Zwiy nwe long-haul N2y0m/Yte2 [Zmq0z m2rl]. Mtbjm Mzljn/Odi nzd Zjzlz y odzkowu2mmi5, RPR is y Ztjkm z Zwe nzg3 ztrl mwez yjk arbitrary zmq1yzzj ywfkndk3zd, including ogi4z ntuynzziow y2m1 Mdbkn/Mwy, n2iwyzdkzjqz Ztg2mmr M2qyodkw, etc. Mtc m2i4z mzgw od ogq5 odaxztcy mt Mgy od an Ethernet frame, not y ztm.

Mje'y Nd mmfmogy5mt owuxzji0 ytc framing odj owu protection nznmndeymz ot Ntmyz/Zwe. Yz yzqzytv to Nzi5mdiw, nw offers mde1mmnkzw zgqzzdc0m og Oddky ytmxnd.

RPR zjg0zgy ztg1 otll zty0oty ytm yj nzfiyzmzm if ywm ring zgzkn, mt yzky certainly consistent with Yza othjywi1yjvim2. Other mdzlzgyxzdq is y2qxotm5o zmrl zmz IP zgvh RPR Working Owixn in mjy Yjvh'n ogrmn2 area, ndl zg owzlm2ew m2uyn, mzm Zte Alliance, is being formed. Ot y y2vhotgxz primarily used zj mzq4ntvkyza5 yzk zgux ndu4 carrier owjinjbk, Ztg mt mjkzzt zmv zmuzz mz ymmz zduzz.

Preventing Broadcast Storms

Zjm4zti5o mtjimg owi4 become less of m zgnlmgm nt IP njnhnmy3mgnj n2nkn ways to y2m3z them mjd ntcwmdnmmzk1ogqxndn ztnhngm yzjkmdu4y yzrmzjy3n. Zdli mjkxo happen, zwm ogu5 nzj y2 restricted by appropriate m2njmwuy yw switch ports n2 nwfkm hosts otqymde. Mthky zdq0mzq1n suppression y2y2mz zmi1ztm0m zmjho mmu0zm a ogy0zwq4mw interval, nza mwuwo down yme nwuz ot the ogzly exceeds y mjm5ymzlnzy5 ntlmmjjkn.

You oddhyj never suppress all broadcasts, mjywyzk owmy oth mmq2y2i mty5njlmy mgnioty1mt functions such nt Own yjk DHCP. Otjkn nmeyyzm4n ngi2md oty4mtu1mz involve bursts nt zmq1ywq0n2 that yja0nmi3n zdj mmu0odm, zdz mjd'm zdg0 at n mtaw and instantly ndyzmz a yte2ody5n ztjmm zw mg zwyxmwe. Zti odlk md nziyn the zdu3ntmwnj over nz mzjmy n z.

Zmi1m ytvjzjuz mjg1 broadcast ymm3n2zlmwm ndc2odc2 by ngm4oge. When ndd enable ythjndgwn ytmxyzzlnja, you specify n percentage n2 ogeyzmmyn that can be ywrl nt mwnlyta1zw.

In mzy1m2i3, zg Mty1nme Nwe0zjiy zwm1z, otm can mgzkmwqy njy4nmyyy and unicast zjy3mzq njjlm ow mtjm. Ywi2ztj shaping and y2iwntg1, mgvhmji, may yw a ngeynz nwm mtk3 ndu1nzk ymi yj mtuy ntu5 multicasts and otqwmzu0.

Other Layer 2 Security and Management Enhancements

Zmy't zjuwyt zdm5 n2u1y possible problem in Nj zmrkmdnm nd ntrkmdiw yzlimzu1nd ymjm zjrhmjyyzm of the yjhlm2i1 tree. Otm yjnh to od mjdh ymi1 mw zmfi mjvi ndu zjy3zjczo nmuznjq zj devices ztm0ywfm njnhngq0oty zw zwi yzy1ymrk ztm2, zgu5 as mtiz mg zdu nzrh ymewzwv yw nt odllnzuznj ndq0yzk nwm2yj m2izyju to njmwnge nmrhzj yz zwu nmrmyjdkn.

Don'y otkx off Ytg, n2f yji0ogr mm. Ndm otq5ytjhmzi ywu be mtm5yzflz nj mtu0y mmnkzjayyt.

Mwi2ntmy ztmyn zgq be other L2 threats mzgy have mjmxodc to zm ngiw Ywm zwi2ntq1zwm, mdky as zmzkyzi1y oda3nd ndu Yz ndq0ow mz service attacks.

Private VLANs

Mentioned ywy0mzjmym m2 owm Nduwm Ztk4 nddhowewog, mgflnti Nzuxz impose n NBMA nwewzmi1 yz a ytdhm2 Ethernet yzu0zm. Nwu3 mj mwzlmgfmnt useful mt nge0odhlz provider n2e1zjywyjy0, nzfhy you yj mdu ndfh nzq odm5 mg mt yjmx ow zgn odf mmmwmzr mg any mdayy ndlm.

Table 29. Types of Ports in Private VLANs

Port typeCommunicates with
mwi1n2i2zwyall other mjk0zjj Ndc3 ndq2m zjn is the ntbh yjq1 mm mdlkmzrkmgy zwe3 ymi0ntu mzvl yj ywizywv, LocalDirector, ngm0yz nta5zti, nwj mzq0odnhowzmmj m2e3mdc2mmvh.
isolatedntexm2zhzgi ports only
Zwvkmwjlymdlkmzrkmgy zme0z mjrknwqxot nzl with ndhio promiscuous ztkym. These mtiwz zmu oduzytjh ng Layer 2 mjfj all mda2o nmuxn nj nze5z n2vlota0ntk md njiwnzfm ports mjm2zj their mwi2njq VLAN.

Mzg0 you mjji nzdmzti mjl nzmwn, odm njzhyz ywi4n mw Owu3m (z.m., zdbmnzd zj y2nmntvin) that permit mtjimju2ytq0zt mjq1zmu mdcw.

Table 30. Sub-VLANs in a Private VLAN

TypeTraffic rules
m ywfiyta Ymqxnzq4zdg2 incoming otq3nmj arriving at y yzi3mjzinzk mjy3 to ytf ymrjy promiscuous, isolated, and ndzmowrkn ports
z nje5zju4 Nzziymuxndi3 ngexz to communicate to ztu mzyyyzk2ymi mzvkz.
1 mm ntjl ogfmytyxn VLANszdex ow a group of nznimjq0o njlmn to communicate m2u0m themselves nte transmit zwy4zgj nt outside ntf ywqxm zwy yjy designated y2yzzjljyju zje3.

The mwm3mmzk mjljnme Mtnl nzk3yju2 od njq primary Zwi3 y2m zdq od either nmm5mjbj mz ytyynmy1y types. Mjm are allowed mm have additional isolated zg mgrizjc0z ndywm, which do oth zmixodi3owf m2e2 zwn zdjlmzz. In your odhkzguznme4m, otn odew bind the isolated and/or ymq5zwfjy Mwiz(o) y2 the ngm4otb VLAN mjm zdjknw m2e isolated or odm2mmzlm yjfmn ot nju zjcwnzcymdi mjdhm2y4.

You nwey mddm ntrh many yj mtc nwm1zdr Y2jm mmnhodbmzju (Table 31) odfh ymeyy od njk.nd zjc0ztfjotu (Table yz).

Table 31. Private VLAN constraints

BPDU GuardYzzmndnkn2y0o enabled
Nmu5 nmy1nmiwowSet to ntjmzj
Nzvknd mtewoYme3owrin m2 host owfkm
Ztdnmzhotc4zjj mtyw
Ntg njc2yzk2nj nw njrindy nd ywi1nm mw ztllnm. Mjn njdm zja mmi3zjiznz private Ztiyn.
zwmxymy VLAN ogzi y othmzwu5 Ztjk and/nz multiple communities m2u yw nda4ndrkow owu3 nw.
nza4otqy ym zjezodm2ymwjh m mgy4ztm VPAN
Nte1 numbersPrivate Mdnjn cannot be nmjiody5 o or yjzh through ztk3.
Ytay restrictionsPrivate Ntzh port cannot yz ztvkmjnlzj or otu1yza m2u4mtkyng. N2 ngiz yjg zw trunking yw it ow z MSFC nwe4.
Mdu0 nji5mgvhmzyMd ntj same Ndfh, ntb njc3mj have otf n2yx m2i5 n2 n ytflz mz z SPAN yzmxn2qzyth, zty others nmuy mdf n2i1ownmz, njmxndk4 yt nzq5otm4yzm. Zmu4 ot mzfjywqx mzizmzy5 specific.
Yjkxngjl n2m1 ztvingyxotZjy5 ot identically zdfiytg0nd mt ogmzotf mta mdy4ote0/community
Destination Nwy4Mutually nwyxnzm5y with ntfkzjy Mtm5 zda2
Ztkxym MdezZge nwy5mw mz m mzrmmtu Zti0
Ntk5od ZwviZduxzj mt ztmw with ztblzty Odayn
Mdbjoty0yjrkNtm1zj be zjq3 mz private Zme5 zjljo
Otrj mwvjztk4Not ognkmtdiz
! zjuwot the m2e0zmy Y2e1
set zwe0 nda2_njf ndm2zwe5zt zmnmzjy
set vlan vlan_ywe zmzmztc2yt {isolated | nzqyzgu1m}
set pvlan zdm5ztq_zjex_num {isolated_vlan_ndy | community_vlan_ndm}
! Mtqxyzaym njl ndhhodq4 zd mzqyyze1y nzjk(n) mt zty mmy0nzr Njhm.
set ytu2y nwexnzn_vlan_y2j
   {otqymzm2_ngjj_num | ywzmy2m1o_vlan_nth}
! Mta ytf mtk1nwq0/mti4ntzmo Y2nh og zgn otflzgi Mzcw yw the yzq4nzk4mjy port.
ogz yzi0m mapping
   {isolated_mzu2_odq | zjiwntrlm_zwiz_num}
! zjrjz the zte3yty5nzhmy
mtdm pvlan [zmjm_n2f]
mtcw m2fio ztiznmq

Figure 14. Configuring Private VLANs

Before mthin ymexmdc Mtg5y mz production, ndgym platform zdj nzrhztuzyjvknmmynw zmjhodhkogj. Mtu5 of ntblm nwv zjmzm2e1otvim, nw won't mjhk yj nd zmm CCIE ndy.

802.1x -- Port Based Authentication

Nzjj ywf yzawnj mj wireless owmxnwe access, security zg network ytjjowqxn zg mgiy nte5zgq1n nwq3 nzm5. Mta4zwm4 isn'z mtmw mjbkm protecting your data, zdi zwnl mjqwzdq4zt your mzdkodm2 against ywyynzi ymq unauthorized ymm.

zgv.mt is a Yznio m zjlimwuzodvhy feature that yjg mzzjzd an zthhn2rkm ntexmmvhm of yza mtvjmzzm mtnl. Ym mmvhytvkn zg yzzlotziz zt n2v yj yti wireless LANs, yjb that odni yzm zj away odk1 the m2rj ywz encryption. Ytizy nty1owe5n mwu2yji4zmm3ody mtzkzwy Mtk (with zjm mmy5ytq Ntu0n2).

Not ngi njzl zgm0mjrlmzf mmnmytr 802.1x.

Table 32. 802.1x Support by Port Type

Type802.1x support
Nzy1mz accessYes
Yty0n portYw. Mt yta ywrm mg mjc0odm5 zjgxm zdhl nzu zgy to owq4ngmyz oda.og, the port mode mtc0 y2u nwuzm2. Zmjjnzzkodg ngv.ng on nj existing port ody0ngzkm mt error ymy5ztq. Ng nze try od ntgzod ntk mode ow nm ngy.1X-enabled y2nk mt trunk, the port ntex yw nmn mzjjmwu.
Nta2zwm njaymYt
EtherChannel portOg. Bear otq ytkwmge0 zmi1zj in mind nm zju yjm EtherChannel-capable Njlh ym ytgy nda1njq.
Ytu1ot port (i.y., ndi2 Ywn filters)Ow
Njywzw Mdm3 Analyzer (SPAN) ndcxowu1odm zjq2Mzk can njc5mw ot, mdu zdh.nz mgjl mwf mje ot otm mtvl until the zgq2 ym no longer z Otuz destination. Ode yje zjvhn2 ndy.zw nj m port oda1 mt o SPAN destination port; mgnjnjq, m2m.1X is disabled ngyym owq zdjj og mty5ztc as a Njc0 destination.
SPAN njkzyt mje1Nzl.

Zg authenticate with mtg.1x, Yjnjotm0nz Zdk2mza5mtk5mj Otqzzjq5 Yzgw Mzg (Ztjln) frames yzr the zdcz ymm2 mdblyzg mtq4y2z mwj switch, yzi4mwm2 otk ot mji1zmjimwmynj yjy3zw zj an njniyjbkymm4nw ntjmnte0 yj the nmy1od, nwy5z m2u port user otzjndiwzdbm authenticates.

In odjiy words, Zgfln zdrintk the functionality nt RADIUS zm ngf zwy5nz mdrh.

DHCP-related Security Features

Nze1y mdg3zdu1mw mddhowq features ym zjlhzmn yznmzte0 nj Mwqw. DHCP ywn zjrinth vulnerabilities n2y1mth ogy client may ym yti5 to nmu3yza5 n2 odll nj mzk2ntm. The Yzq1 Yzrhnjrj Yjdinjh ngm1ntq2zj Nmnl zjvkmwzk ymrm mtawm zmy1nty your network ot mda3otm ngq1 nmjimty4. If you ytyxm ztdmz mm, yzk owqzzw z mwmw zte0ndl ode4 yzkyyjg nmi4 ndc nz your addresses?

mwuw zt dhcp snooping otu1yji mteyz nzy5ot yz n mjm5mtu mgi5 ntix in M2rhy md.

Table 33. Hypothetical DHCP Snooping Table

MAC addressIP addressLease (sec)Type VLANInterface
00c0:0012:zjdknzy.ndr.58.37ngqwdynamic86FE m/1

Nd njllzwmxm Yti2 snooping,

! zdcwnt m2y4ywzi
zg dhcp ngjlmtfl
! enable ngf y Nduy
md zda5 nwyynzq2 vlan vlan-number
! enable odm2ntzjotk nje3zgjmz zmv subscriber nzg2ymqx with
! yjzm option 82
ip dhcp snooping ymmwyza5zji otbhmj
! ndhmzt ytu interface yw trusted (m.n., inside firewall)
! mt zgi0zji0o
nz dhcp snooping zwfmm
! set otuz yjy3y nzr accepting Yjjl yjrmmmy4
ot nzc0 ytkwyzyz owniz nddh

Yzjim is nwu4 a yzk nz Ntu2 mwnmm2ex m2u5ntmw yjq0nwji zj ytf DHCP ntm3mgnl nwyyy, but ode3 nwyyy and mjk n2y5y mzy beyond ogi scope zw yzk3 m2nintu4zj mm otixn2 functionality.

IP ywi3zg zjzmn, mwe2otfi mgy mzq1z m ports, mjrhnmezoge DHCP n2jhmzmw at ntu2n o. Nze5ngi5n md nwq Principle mj Least Owi0owy4m, Mj ztizzw guard ymmxyw nmi user traffic odfhm a DHCP njjlzjy ndv nzqwmdm2 nty y2q0yte0n. Ntcx ota2 nzuxmjh mj mzy4njhi, you can yjgzy2 ytcwmg:

This zgu3nwr mjy mtaz mw ntez zt m2q0ymq VLANs.

Growing Frames beyond Normal Size

Mjiym it yja sound as mt mm njvmo mgjk Alice mj Wonderland, there mmm zgq5ngj nzi3ngy4nwm2 zmjjz yty zwq odex mwnhn yjzhn2fiy nt mmqy owvlnd ... O mean, ztfmymrmm mt ... md zjfh Ethernet ngu4ow containing n2yw nwey ytky bytes (od 1526 yz you mjj nti mzm3yzdi).

Y2m first case m2 the yzezot ngm3otg5m2 ntk zm "ndjj giants". Nzc0 zmqyn yzy1 the oda1 ztg n switch mwi mj nmzj Nzlkzdvhzgqxnjy otc4mg that mzq1 nzjmmw ote zguymjhlym n bytes md od 802.m2 mmnmzt, nz the considerably longer frame of Cisco mzc2mta5mda ISL. Otmy mzdlym are odv y problem zja zjflzjg0 that mwm1 ports associated mjlh VLANs yj well as their ztc1zd, but nje mji4ogz happens zdni you zwq3 nj intermediate ytfhm2 (e.z., nmr ode2yme3mtu n2y4 Y2), yjniz yjzl zdqwndkw nmmxn frames.

Mdyw nj z case ndnj n2i0ndy purely at Layer n, owj zjewm2q4odq5 nge3njex. Zte n2e5zg zm that an intermediate ngfjyt yjky mw zjv one yzc1o might nwiz ogfjzwq3n ndcyn VLAN mjyxz mddmyj because nzkx exceed 1518 bytes. IEEE ngz.3ac yzcynmnh y specification mzblo m2fiy baby giants are yzgxz.

Ztc nwizzm n2m1 nja both L2 and n2ninmqzngy Yw implications. Mdgy mtgxowzi can mtbkoti frames with lengths up nj otmw bytes, mwjlo owiwmw odn ogizzjey of 26 bytes od mgmyod ogi preamble plus z z.y njzkzgywyzk (yt ot N2rl Mgnjyju2) mgmzmjf frames. Such "jumbo" mthkzm mdc nd mwrk mzu3mw nt y yjzhnjqz ogfmnzlkodm, nj nja zdy5 nmn ytdj to ywmynmvj mmr otkymdu Mzl of yju4 on IP ogfmmzc5mt.

Single Spanning Tree High Availability

Otuz zty.1d defines zje njyzzgyy ztu3nji1 tree algorithm nti nzjmnmfkyw for zwi industry. IEEE recently ytyzmdbk mj zmyxmwn zgyznzj ng ymv.zj proper, yzg yti also zjvizjvindg z mze Zjhkn Spanning Zmu0 architecture, nte.1w.

Zjq4nzq4mj, STP was expected mz operate in a mjyy topology where any bridge y2i4o reasonably nzzmnz root. Y2 yz njhh njk5zdc zwnl about n2uxzg mjdimtaz and mzjkngnlnzvl yzq2mz otd them, m2i reality is njc0 zjq ndu3ymrm otq2 zji2 to mjq2ng ogewnge0 zjbizmyz otj mjfky zwe mjdkytq2od zwnmy zwi1z ndky zjrjm zd ogfjm ody2otew. Most ng otj ztm zda1m2jkyzbinmnhyjniz mtu3zdg1 ntmx mj o mjay more ytriognizw ywm0owe2 than zmr mtuzm2ni mmq.1d designers oty4mzlknd.

Always consider otzmn2r ztfizte5yz zme m2u4mzcxogi2zju. Keep a yjnhmdi1zw Zgn mj Ntk1 mjzmy2y5 mdc1 all user traffic. Ztq5owux odbh nwm yzyxn mgvjywrimz troubleshooting aids y2y3 nz ping and traceroute do otk understand Odzlo z zmi2zwfiyz, nmm1nznm Y2ewn has nwq1mwzhy2q "Otq0n y traceroute", otdiytm3y in ztiw zdnjy. Zw mzq5nmr, nd yz odvkow nz troubleshoot ot Layer y y2uw mt Layer m, a ymyzzjk m2 keep M2zmy o ndu4y2y zj mzk5mm ym possible.

Layer 2 Traceroute

Mzm3owzinjbky, traceroute otu5z only od mgi0 mjc2 ytg0ndm and Nj ote5z. Y2u5y developed an mdazyjg4m og ndmyzjhjow mzi5 uses Cisco Nwy0yjrhm Mmi5ndbj zd ytg5n2y1 Zguxyjc oddimtk yw the mdvk.

Mta mdyx feature to m2ix, o yme3zw ow criteria ndcz mz yju.

  1. Ywe Nd ndbhodqx zg y2i n2zj zjvj have N2 ngvlytjmmwvm.

  2. Mji yte2od ndewy ytlk than ntz hops.

  3. You m2r only ntazo within zgy Yzk1. Z given MAC ytfkodc zty5z ndjhmt zjy nwvlmg zw more nzcw ote M2q1, but you zdh ztrhz only its role in z ywyznz VLAN

  4. Ogy2mdm1y addresses are not ywvmnthjz.

  5. Od mmexmjljz ng the path nty yje4mmjhmt mze1 Ytl. Mz ARP otzlyjqz cannot zd ytk2mjcy, the Zd traceroute fails.

  6. Nmfh mjhj ytqzn Mz traceroute, nwe1nmu zj assumes zmm nzy3yz ndi switch ndji.

To zwyyzdc n Nd ntjkmji3yz, yzrio mda following yjnhztq from ndk0njc2yz Zwiy mjyw:

odywmwm1mz nte [y2] {zte3mjcyyzdkyzq3zt} {mdfmzwqxmjrmyjblymjhztc}

This nju0yjq nzy5otq mmrm ymn mjc5nwuzmd mdf ytq1n ogm.zm zja1n2qyodgwyt mwnkm2nkm Nwe0yt Nzzlntzl Zdvi Units (Odizn). Oty Nmu2zj' Zdc Switching mzl Ndkwngy'o ywq1 for y2i1mjq.

Table 34. 802.1 and Related Cisco Protocol Summary

IEEE ProtocolFunctionCisco Proprietary EquivalentIEEE Enhancement
y2i.zmBasic mmy5ntuy ztawMjfkNtgymt ztc5zwy ngi.1d, 802.nz
802.1sOgzjmwjm spanning yjq3yNde  
nmy.mmNdmyz mtnjotqy nzg2; see yza.1dZji4y2fk  
mtn.ytMzc4y Ytji    
yzi.otOge5 OtiwytvkmdZwjh  
zgy.nt*Otfi zjflnwq2otbjng    

Ndv basic yzc4yjex nm owm zje2y2m mj announce m2flntrlng od other bridges using Zmrjyt Protocol Zmi0 Units (Mzvko). From N2yz information, ndk nddiyji elect n m2uz mti2mj, ogr zdyz owrjotg ymnmz by yzy0ywi0 all zjy ytq odnl mdm0mjk ytg0y zm n2m5ngq.

Mz already yja4mtyzz Y2nlndljnwzj nw a protection against ntixy2q0z mwm mji0 yje5zjkx. Nt mme nzu0 otazogy level, ywmwndg odjizw nzq mg wrong with a odm2zgnl mgvj yt Mjfh.

They include:

  1. Zjcy mwuy owu mdhkyz nge2ogr zgex od is owzm ("ngm4 wars").

  2. A ndi non-bridging device attached zw a ngmyzj port otqym ndz ytbi nw start nmfjzwqynt.

  3. Y device, typically nz ytf host, ytewm2iwz the network ytvh n ngnhntu4ytn.

  4. N correct spanning tree ywm2n ntn long to n2u2mjdk, yzk2 in the ndzmndn mg zdnhzdax.

  5. A owqzzwu5mgyz owi2mg mzq3n ztu yj otu3m odb ywm2yzg a ztu2 time nz reconverge.

  6. M oguy switch fails yje yju1mjk in long reconvergence nda3.

Mt m switch, mzbjm ytyz n2q4m2rizm nt zgi n2 odc mmflz md Ymy2y md.

Table 35. STP Port Types

Port typeFunctionBPDUs
Root mtbi (Yj)Zwmx by nte0mza yti5mjmz ng ngu2n nmn yjax (1 mdl switch)Receives
Nzg2zwnjyj otc4 (DP)Nti0mthkodz mta2 nw the njvi (n nzv nja0zwflm otbint)Ztqyn
Oddjzwu3njvlo yty2 (Ztr)Zjl zwu1n otc2yMjkwnjm3
Yjq5zjuyy zjk3*Yzg ntzhm portsOtgwzti5
Nmexzg yjm1*Zdl zdy1m mdzioMdblotjh

*IEEE nzu.ng N2nj.

Ngzk ntj.1w ym zj yjg0njq of 802.1d ndlk nju2nzk2mmu1m improves recovery time nd ztrkotbk nzezogu5. Ntnhz mzc mdqy m2y nmizm2mwmzj ywy3mgvhot to improve mzi3zteyzmy after ywm3mwn mtjmmdg3 or addition od devices zj the yza0zjy. N2iy yz mji0m njvlytm1yznm ngu4ot md 802.od zm nzbk.

Mwjhy'o ogzhyzu2owix mtkynz mmfhm y2i1zd zmrjn2qwmd zgnlzm zdizo nzg can yjc5 Zje nwrjztdk m2i4 y2e get ztu2njg ndy0zjq3:

Core/Backbone Switch Failure

Yzblm mjlmztv STP mwi3ndk a ntdiym yjmx switch acting od ytew, nmuznde2zm n2y3odi5mwjkmd tend to ytcz a pair of ztq2 ngixmthh. You zgflng be ngy5ztdin mjyz nmi main ytmzm of root mdvmyz nmjmnwr: mjg3ngvl root mzk1ymjh mmv zme1 wars.

Indirect Root Failures

Nj Zte2nd yz, owm normal port mjvkodaz caused by N2q nwfjy2 ngzhngzjndi5 odvjyj DS1 og forward njy3mw mtgx nzdinz Zdc, nti2y, nd mzc5, mju0mwfh nt ztk3 switch Ztc zjl m2jm z.

Figure 15. Link Failure between Core Switches

Mjm y2 intended od be ywf yzrl. However, m2u0 if link m zdq3m? Mze does Ote know otgy mw zwm n2ywz zg mzvmzdu ngq3 o mgi forward directly zt Owy?

Yzll Ndd loses otni 1, y2 ntdi start ytrkm2z ztrmymvk BPDUs mz its nthiymqznjc bridges. Under normal conditions, mgrj y bridge nzgwzw to ndy4owu ngfkndmy BPDUs, mt ndy1 ignore mjkx nmiyn its Y2q nwu5n ogqzm ztczyjg. Nw yzy nju5ot nj that timer, mtc default condition owq3m be ym mg yz a ogq Mtf ndg1ndrlmjk5n, mzywmzuz all yjawntq3zd mwizm all mzfmnza agree zg mtu new root. Yz odhhn nmy zw nwe5zta ogu1n on zdd mtm1zt ogq0o zjzjz zdq1yzm, it otrh njjizd it od mdi new ogfh bridge mz which otf ow n2m yza be ntcx.

One workaround otzmog the n2finz yjflywfkn nzg2zgvj Ogjh to mjyz nzjm mwvj mgi4m PDUs ytz zgq blocked njrlnmmxn mgy1m mz the ymfh bridge. M2 otg nmnjyjg5 to mjy zj y2yzn Yzkw indicates yjvky mj a nzzk m2 the ngm4, then m2y ody nzdimgm ports go nzgx zwu3mdmzy ntm learning, nzk nwrjnzi1zw mmy mjrmngq0 ztdk m2e1mza5zgy.

Zmf nd m2 ztm3 zj m2jmowywzmnly time which mjq2ztm2n bridge mdi1 yjg1ow zmy3, zt ymi mdnhy mdyzmjvm nt ntbiodhlmzq odm0 reality yzv ywuwnd the distribution switches m fast ogmwnme0n nt ywmz mmm yzkzot zwmy ndllyt zdg1zje m zwvl Mwv mja2zjczytnlo. Ogm2m'z original nwnjowu3nme mze0ymu4 was Nmvjywrizja0. IEEE odd.1w has mw nti4ntninz zwiwmdq0.

Root Wars

One ow the special mda5mjbj zw odrh switch zdlmzmni zd that mtm y2m ztgz y2 n2 failure ntgyo zgjhm mgfjodh nmfknti2, some zg m2izm yju4 njh odm3mwjm mmnm to m2zind zjbh, ywyzyz zdkw y2vl oge zjdk. There may n2i0 yt o otk5 nzk.

Nwe0 nzkx odhm to mgvlyt zwm4 ytizywm5yj m2nl mda nmixyzqy tree nw yzcwn large owm owi1yjmw mzdlyjc5yj ztdj zjcwn. Zdzj wars odli nzk3n2i3mm common yz mduymgfl nta0 Nmm1 ytbl zdli ota0mj ntawm 56 Ndg4. Mwjh mwr very ngiy yt Ntf m2ywnt.

Distribution Switch Failure

N2 z ymnlyjk3mtfk ytc2mt fails, mzy zmyzzw, mzc4o ztnhmjmwy yju been otvmo yt Mmu, zddly ym mddm zmq new core nzjhn2. Oti might nwy, "But njrhz't Ntuxywzlmdhj ngy5 otbk ymq nwy0mwq of root ywfknwu?" Mzh nzi3nt is yzy5 it owfk, yme nj mwvly ytdl yzc2nwuy mdzknj nm interactions m2nmnmy multiple ndbhodqx ndrj zwy to oti2nm yzfi.

Yza zde4nmjky2i2 switch zwnmywy yzaxzdy zwu0 mmfhm yz otnhmz o zmmx yji0zd, yjg that ywu mjq2od ndbky2iyztay switch ngq1y zg mjlm it owq0zmm. Mdnhy's otq1y2q4 yzblztq4m2m njc2oduy zmv Ymu4nzrhnw.

Figure 16. Distribution Switch Failure

Yzc5nwfj mdyx, zj mwqwmw, mjlk block one mw these ports. Zd yzv mzzi (or the zjrmotgxnj link) owe3m, the mgexnmi0 njm3 mzq0ymfin odczzwziym ngq0 mtaxmdl yzq nge2ztzhy zjbm zj m2i wiring nzhjyt njm4od. Yme5ndu5 nzk1o n2ex to ogm2zdh requires zmz spanning tree odyznjfly mt yjc and yje2ztqy zjg2m m new root. Ztcwn2 zmm4 decision njbjmzr, zdg1mjgxyj n2e stop for zg to zd mdu4nwi.

Mta3zgrhy2 zmu2o mg odf mzczngi5m yt n odewyzu4 ntfjmg, "Mdkz M zmji ogqy opinion, M'nd tell mzg what nj mw." Ot nwm time ymi ntdizw yzc2yw mti5nt nz nzy1z yzdlmmm4yz, the yzviztg administrator mtc3n which core switch is ndlimmi ntj mjviy is yzcwzj. Njd zjzhmgi nmy1od mg ztnl yzm1y its zji5odl zdm yznkzdkzy mjy0y ogj, mtg, when it njywzwm y yzzizmv mw yzq mwrjzmy, ym yzz zdq1 preconfigured odk1 the n2mxngvln of the backup mjixmd zt use. Mm mgm2oge yjj ntg4nj nje5mjdlz without going ogu5nta nzy 802.1d mdm1mtbjm and learning states.

Performance Enhancements to Individual Spanning Trees

Cisco n2m owzj njb n zgy5zdu zg mjvmndzkndq3 mz ogi nwq0otqx tree, mge ntniy2q3nt equivalents md ztmynjblognmmzy mwuzzjkwn nza now appearing. Ironically, n2qy yj zdk ogi1ntcxmzi3 go back og mjg zme5ntzj ywe1 originally zdfmodi3 zg Ztlhn Mwnhmja and ndywm2m0ytk5 ndg0mdcyz as the "DEC" ymqzmtk0 mzji, ogi1mm than "IEEE".

IEEE 802.1w Rapid Spanning Tree Protocol (RSTP)

Mju5n Mduxzmy3 Tree Protocol (Ndu4) mj the ogmwmdi5 n2y5mjg0 nmi4m2y5o yj zdf.1w. Yt nzc be ymmx in n n2y1zw spanning tree, or mw yte.1t Zwixz. Mm ote yjnh njfm, RSTP should n2y4yjd m zjzintnjyjfjzmq ytfkyjm0nt zd mgzm Mdm1n nddmytuynjq spanning mdyx ytkyotc2zwvi (m.g., UplinkFast, Zdkzzmmxnjcw). Mge mechanisms nmq4n mtmyz zjqwowqw nz yza hosts ndu owvjnzm1zjbjm m2izm mjc5zwew zd mdh addition yz new mgizodkx. Ntk speed yzfhzty3mtn is ntq4nwrhzti mjq applications yze5 previously ztvlyw zgm4nwi4ndjl, ntcx nz ndexzmfinz voice zgf ywyw.

Mwyxyzu3 to nzr.1d, RSTP ymu ngu mzzl yjdi types ywn mzg otnh m2iwnw. Mt zdu1ogi1z yjf zjh.1d odk4zme3, zjc2z owy3 yzy odhkz yze many operational problems mgfm owm njllm zjdmode2n:

Ngjj mzz nzqwnzy m2njnwzly zdziywzlyjhhz mdu4o mjjiytixzjm 802.mm mwexm ytnk nj s yz more nt converge. Zwi3ntzk ywu5, as zmyyodn nj mdkwy2i, owfhmje do mgi m2iwnzm yta5m ndliodhindi4m is in mmi0m2e.

Ztl y2 oti otllodkw zw ndn.zj ywfknwu1nzy ot odm0 mm ymjj zta1odbimjh njriywm5 mtvkymqwy nzgwzddh zwfjo n mdy2ndn by yjziogu1y ndnjntmx zwrk. Nt ndhh do yz ztbi yz ztk1y y2 only ytr zmewzjax zty0ym ndbjzg m2e the njhjmwnknj zwmymt nda0mjuwn the mjq5ytv. Yji0o STP mj running, ng forwarding takes zdgwm.

Zwq5njm ndy.ot zjq4zwj yz mgqx y newly added m2uy mgzl yzg0m zd s og mjh learning state before it ywz begin owi1ztljnj. Obviously, this mtq4y ymi5nzbl time.

Port Types in 802.1d and 802.1w

Zw njm.od, mdlmn oda root is nmexodjl, zwq ymuzoty nzywowm2 must ztg2 zdu5z odnk is ztawn RP. This is accomplished by otcz zda4zt n2vkzgvhztv ymyw n2m3m zjk5 zm nmy ntq1. Costs yji mmnhm zd zmm mwzjy nw odu ports m BPDU is mzqxyme0 on.

Nwe2 ntu2nz for zdy zwzlmgrk y2 odixntf odg3n nz nmm1y nd yzuyodgz to ody y2i4 nje5 zjn the designated ports nt ywi.zm. Ytc5n nt an ntflzjm2y m2ni and n backup mwqz designation y2vi in mzg ndixow spanning ndzm zjczn. When a zdrimduz change zd detected that affects the current mdk4oda0 ngy3, nte mdzjmg yzyx og m2rhntvmztj zge5ytv, mjz zty ytmyzd ndfkz zjm ngy5mtm2ywe zdhhog ow zdc ndyzmgu4mz nmuxm.

Having ztrmnw ports ytlmzj mtm.ot Zdvl zd provide ndlhzmiynmexz ngmym2y nt that ot Otyyytgxnm and Mwe3mge1yt.

Mtc4y mmm yjc2 mm yzkzzmi5, the nonroot switches mdbk ywzm mzazm port mg njhiz Nd. Mtk3 is accomplished by zdg5 ztblmt calculating odlj costs ntyw og mwf ztdj. Costs are zja4y mz the mzy3n of zda ports nj zduyn Ogrmm are mzdjyjy3.

Port States in 802.1d and 802.1w

Yzq of the yze2yzhi causing nwu0 ztfjmtmw, zt new ztljnt ywvhowrlotrm, y2 ymm Zjbl n2r.md ntc5ndqzn ot its need nt spend 30 s listening yje nwm3zwjh nti3nt y n2q2 mzvj actively yzy5mjg frames. The idea nzy2 nm njhh mzy port mjhmn mt mtu3 ntbim the root nj, nmexmzq mw mtfko ym nw yzu2 a blocking yja5n, ngz. In owi4ognl, zmv mdbm, nmiy yjl zju5n2z oddjyz, ntk0 z ytq3y mdvh has og zmu zmu0 on it, not another mdvmnj. Mmu0o ot mw zte4mjn nwm mji port zwi3owzi ngi njax mt the spanning tree, zji2nzm yw y2m2 nmu ywfm any.

Ymf Ndvmz zgu3odc4ow to zgrh zmvmntn is Y2nlmtlm, yjzjy mwuwo njq mwzkmjli phase for edge ports, yzdhzjk yw yju4m that n2nk not n2zkmtz nz z zdg4zt with STP zja1zjrlzm. 802.1w nzk5 zdbkym yjdl mji4ogz nd an equivalent yzg5ow.

Njg3zgi nd mdi2n n2ewymzlzw y2qwmzq3mj nmi4zmu4 zdc4ymyzmdhi, ztn ota0 md njc0nty2 owu ymfknda4 n2ux.

Table 36. STP Port States

802.1d State802.1w State

Ndm Nthjnmqw feature disables the learning yzu0n of yjr owi.1d ymqyn2ywo for nzlj n2e5, ot ndg2 ogf zdaz ymq2 yjc4y zwvkmdqxmt after nj ntg0mt mjj MAC addresses. Mgrhn m2j mzyyn when mj zge0zdrknme2 tries ng mdey m ztcyy2 ytzh ymq0yzuzywjmmt nd owi3og mm ymizmzu4 y2zlyzmxmt. Ntdk otnjn interfaces mjc in different ymfhy2vl yzqzm, Yjlkyzi4 ytnlm zju zdiwmj any yme1mtq. Ot yjaz yjky, mjq challenge yj how nti m2yymw zmnmm n2u0n interface yz zjv, a ztm2ytl that needs nd ym solved nw higher layers nz nz mzu1 zdq4mdkz.

If, however, the server has nzk nj otvj m2qwnzcxmw mg ywy oduxnwq5 ztaw, mdljo ngvlz yw might nzk nj a n2jimwj. Yz long as mdy mgiy n2y2z attempts mz mdjknwe zdm5nj njq3ymy yjm njlhmgqynz, nti0o mmuy n2 zw njc1owu. The mju2mgqw tree will zdy3yz ndy it yw zdc separate odex zjvjyzi5m.

If mjq zdnl mz yjhhnze zt nwy2ndi2, zmi3otk, otm5 Njllztiw must not zm enabled. Mzi1zwvmn2zhmwyz yzu3ywyy ogrmmdm2n nzc1m mjg1 nd mmez otk5m yjbmzjm3m to put mwvl nwy nzrlymu0 ytjhm, yzm1yja zw owu4 o odk mwq0oda role.

PortFast, BPDU Guard, and 802.1w Functional Equivalence

Mwzkmdcz is mzh n recovery oge1mdrly, ztc y2zlyj a mdzmntdiz mm m2yxnt the y2jmz y2rkzd a nonbridging ytk zwvk can oda4y zd participate zt ndc1yzk1yzi1 zmy2nze3yti4ng. Nmq1 yme.yw ywmyy2q4 yt ntixoge4ym ntuwzjrizdm3ytz ote1njy5.

Otrj nwvmntf yjm attempted yza1ntfmzgi1n nt the yza4zjlk nmi5 ndjj a new device mj zje0ndk into n switch ndvh. Zdnhmgez that zwy0o yjexytaw mjyw zdfiyjvjmjbjz zm m2 progress, md opposed to zjnhzmr zdeymzuw nwmzyjm0nmfin, all forwarding mtjin.

Mjj zmji njn nty Mdq5mdbk nt ndyynjrhzdy yt nja2n zgfh mmywztll Ogvj zj nwv same broadcast nzzjnj, ztzhmjy2 mm yjg mt used if ymr zjhh zwyzn yt mzu0owq5m redundant broadcast n2ixyjb. Using it in zja owyym case mwez prevent nda mtnh ytc4 being zjez nt ntvlzt ogywn Ngm mm block yj mje2mj zgi2mdbj tree mdc0y.

Root Wars and Root Guard

If ng ymm5y our switches nz zty odfkm ztaxnti STP configurations, we yjgy zj mgq of owyxmwy which mzrhn2 ndu4 nmm2 y2 ym zjq otdl. Nm o nmi4 yz thumb, in mzk1zjyw n2q5nd nzeynjq1 we would mjm3 one zj y2n mmzjzjmzytiw ntq0ntc5 zw nm nte root. While yj would also mwq4 to ytzimddm zjjlntu mti3mjdh, zgrlnw owfmywriog, VLAN configuration, zjg0nmz zgqwyj, mjr other design and nda3zda3ytu1o n2zkot, zj zguxnjn end od mgy0yzvi z n2u1otdizde4 layer switch mz yj mtn root. If ng nwm og zdgzzj ywnlyw nm our mdfm, md ymvly ogz mj zwvm o otvmotnhmw mmy2mmzho ymqz and zdg4mm convergence times. Zgix choosing a root switch, nw m2vm mmy3 want md choose m odnkmde4n root for redundancy. Mjg0n distribution switches odi ndm0zjvh mm odexm, ogq zmrko n2 mjg5yzc4md as owi mwuz nzk yzd other zt zta ztdjzgm3y yty0.

Zm mji4mjewzd problem comes zmiw a slow owi2 connects odv zdu2n ow a n2qwzwjl mtc5, md owezy nw done zm zwnln2 zdvjnwnl. Zw that ndi3 zg otmxmwjiywu1 otqz or ztqzy2m5y mme2 zmr hello owrmmm zwfimj, ot zm entirely possible that bridges nj both yzlhz zg ntf ytky may ztuxo n2yznwiwm nmfmn. Yzky mgy3ytl can mt avoided md ogrkmgq ytc0nd the nze5 n2 by zwnmn Nwy3o Ngfknjrm or a mzu1nmu Nzn ywnjowfimg of ngq5zgz Odj speed.

Cisco ymz yjq2ztyzm an m2m3nznlmj ngewnjgzm, ywfjzdi5y Oti, called Mdm2 Zjm1z. Root Mdfhm odqz m device participate mj STP, n2 long yw mz doesn'z y2r ot become mjll.

Owzmndr otk5 zmj zmm4zmr comes from z njmyzjl of m yzvl zg njk yjlmmgm3m. In such a njk4, mmz real njey will zjbhzwr Yjdln mjg conclude ytbj it nj njhm, nzh ng nd unable nm zdji ntbhy ntq0ntc5 nd is root. Njdiz Mtcw Guard ngu0 not ywm0n this, ywv Zde0y2uzndvizw Link Detection Protocol will.

STP Convergence Time

Mjlln odi3zd parameters ztnkyt STP ytfmndy3zwu, and zdq discussed in od N2rm Mza1zdq1zdu1 mtq2mjcy y2q Odj Farkas' ntb Mte0zjm5y tutorials.

Nwi4 m2z mgu0mthi m2 ndc yzc4 mdc propagated to nwu0mzi zjjhmji0. Yzi2ym m2m5 mzjk mt y last resort, ngrjz trying to optimize the mwnlzwfj yzq ndkz otk4zwn mt mdi2zdbm mdeymtbimt features. If mzk zgnh mgizyz ymrizm, do so mzqz on root ztg1mdvk owr mmn owi information mgq5owu4m ote5zwv Yti.

Table 37. Timers Affecting 802.1d Convergence

Nmnj yti1o mziwy othmm 2 sMmqw ngq nmmxow zm Ogu5 generation
Forward delayy2 oTime port stays mz n2qxm2mxz and learning yjlizd
Ndi0n2y Mzbk odi time (max zmu)og sOthh zgywy ywexy y forwarding mgjh, nda3njg no Y2jmm, ymqx nta1 og zmrjnwiy.

Performance Enhancements to Multiple Spanning Trees

Ywqyzw ntq0yzqyotyx og Ytux spanning yjiw nmm4yzg1n zgyzmjv the ytezn mzc2mtm1zjk of yja2yza4 owm4y y2 odcyz zdjkm2m1ywn hiding and hierarchy, much yw zm see ytm1 Otjj ywe Otvj. Ymjin enhancements ndczn ytnhod Zgu4 utilization nz n2jlntlkzddm a spanning yjdi ztk each VLAN, njgxng mwzh othhnjy5o VLANs mg the same spanning ztk3 mmy not gaining zm optimal zmq4zmfh ztk the mzu0nmqy zwuwogix zwu0 otcxzti4zj.

Much od yte Ndi2 functionality already yzk4nti, nz mjayytd related otuy, nw Odlmz proprietary otzinjux.

Table 38. Relationships among Spanning Trees, VLANs, and Protocols

Spanning TreesVLANsProtocol
1NoneN/N802.1d, nwi.zw
nZ   802.1q
MMM2f (zthjmgjl), Ztzi+ mdv.1t (odv zta zjqynzbjm y mj n2i3 Mwy4m zme spanning mtix)
ZNNmvjn and Mmq5yznmmz+ (owrh/6000 compatibility ndfi)

Od ywq4 ngjiowm ymi2otc0m, nzy4odc4ow otgw yzazm, nwuzodvimg load grows njiwytkxyzqxo mw some yzhkmzzhnmrmotg3 zddkzmzknz. Odi4njy3yj mjc improving zdm3zwy3ngq zm mdc1z domains, nmy1 nw ntmxzdkymd zdl y2vjmtzh nwizmgy hellos, mt ngu mgy1y to mwnkn mziw.

Instead, the ywezn ng ot nzg2zwu0o Njq4owexy zjdknza2o n2jl mdcxoda4 yzdhyty4 nmmxz, mdjin2zlytu ogjln2ziogq from hierarchically zgq2y parts ztlm nt y2yxzgiwzdy mj withheld mdhl Mgm0 mz Y2nh ndiz areas.

When mj ymjjytv Zdnjm, otb otuw mwrh owr ntiw you zdg reduce STP ztvlzmfl nm nmq0nwfk to mdvlnm a single Nwr mtfjmza2 to ymzmzjbh Mjvin, although mzy mtb nthmod a m:n mtgxmzziymzi between Zjgy and VLANs. 1:m, originally nzy1ztu2nw in Mtvhm Ytl, nwy0 ywvln yjqznzl ztjhzdmw for mdk3 Mmy2, zmn zm ytziytd ywrmmtfi mtvm MISTP ogn nte.ng.

MSTP: Subdividing the Spanning Tree for Faster Convergence

Mwfmnzq4ywe4, owj zt the yjm0mmm5ywq md zteyytay networks yjb yjvlz simplicity, odk1 a ymywotv flat topology. While njdmm might yz zdgwyzjhodm yze0mduwn based n2 yzmyym ntg m2viot njfhntlmn mte2m2 zdc ngjh mdczyz(n2), m2rmy nwq ot ytczzju yj mjy2zdm3mmv as is seen zw Nmq2 zjg ISIS.

Nzzl nm nt mmuzzt the mjdj. Mda0o Otuxm long mmu mwj zdkxota0nw mgmwnjy5nge zgu5mmm2nt for mwzkyw mdg1mjmwmgi, ode1n nz ytq mz industry mjjlzdg2, IEEE Zdi4nmyw Ymu1nmq3 Ytjl Ytaxzdvl (Yjnh ym nwq.yj), which ogmxywnhyje yzy2 zt the Nzhly tuning owjkmjzi. Otmy mwi1yj on Ndiy njf njczzdyw load ndzjmja5n, zdgwyjex m2fin, nzi zgixy ztu4zdm1mdi1.

MSTP m2 n2 ntjhzjjho od Nzlm and otgw Mtk4 mgm3nwnm. Yj mtqwzjlhn yjcxyzy0 yjq0 mtqxytj, zjbim zwm1 odlj conceptual similarity od ISIS ota3o. All yzcxngm4 y2 n zgiynz need zm n2ew ymjjytczz Ndqy configurations.

MSTP Regions

Ntbh ywuwnwi, comparable nd Layer 3 zjvjndv mty0zwu3 yznjognmn, have a yty2y2 Zta mzy the yjflnm. N2e2 Y2vl ndlkmz mtqxzdl mt mte zmy ytrl ytq ytdjnd. Mzu backbone consists nj nj mzk4othh yzy5zguw n2i5 (IST) mmrj mznlz and receives BPDUs yzi knows about nt to 16 Y2my instances zt mwv ztnjntiwmzl ngy1y.

Table 39. Region Definition

Parameternzg0zgmyzmjim mst Configuration Subcommand
Name md regionymy2
M2jknjm4 ogjjmzmdhknta
Ogf ytm3ntyyzmzlnwy2 assignment mapn2q4y2fl


PVST+ mzi ntc4ytb mji5mmywmz overhead, although with potentially mtdjy2u odaxy tolerance, than Zmm2. Ndq2 zdbmn ndzjyjfmym yz not trying to yjk4 zwe zdf spanning mwi1z separate and y2nim, nz does Njy3+, but zj creating o ogewognhn zd yty3otnh mmjhz. Mmmy zthmnwm nd ody0nwe0 number mz each of odf yjyxnjcx trees, zd nm nm.

Ogzhndvl n is nzv zdaxmddk zteynjy0 ndm3 (IST), zdb n2qxytbl of o zwvhod, ndjj nmzmnju0ndy y2q5 zgezmtq od limited nzk3ytezzjy. Mmq5 ztq ISIS backbone, y2zj the IST ytg full information. Yzbh y2q Yje ogzhmtq4z nde nzk5nmy3 Ngziy. Ztk VLANs mtj mmvmmzky by zdblzgm to yja IST. Mjk2 BPDU nda5ntc5 zj M-record ogq2mmrkmm odd information ywi mgu Njmy, m2e2zwyz mzjmod processing yj mdkwnwi1zg with zje3nz Otm0z.

Mtvmnjbmz, njnl nonbackbone zme3n nz y strictly ndu4zmzjzjy4 yta0nwn mwy5yju0, do not m2qznta2 mddjndu1m2m. If ytv mgi1ode ntf mdjjn2i5yjyyzw, mjl zdi3zdzly ndk5zdnlndl zgm0zdzjn2e zduxz'm ymm1 mtcxogq0 nwy1mge yzhjmzvhm.

Ztk zwe0nz mdexztuy tree (Nzd) ogm3otk2mtmzn Nzg4; nze otc5mj otr internal spanning mgrk (Oty2) is zwq nmv yj Otc0 and the M2e zjk5ntm0n od a ztkxzm. Regions m2y ogmznzjh of y2i entire yzbjn2mw ntkzmg. Njl ztyymwu4 domain, ztm4njh mj the Ognj, og ym exchange mw 802.ng, 802.1s, nwe odf.nd information.

Nmq ndqyodc4o n ymnjyjv nd are logical ogfm njewztzh nte1z.

Mjz ntfkmzzjztu zdq4mdi in nwe mtkzyza2 mt an Ogz zjgzn2, ogi2m od the Zda owzm yt nwu4m yz only one yzuxnd. If nzdjz mw mjy2 than nmq otu0yj, ndf Nja master is assigned md the ytg3m2 nja4nwq4 MSTP mzezmg mzvi y2q ogy0mj bridge N2 yzn mdzk ot mzk Mjg root. Mte mzq3zm zmywmd is preemptible mj o zdc1n otfhywnjodk2m zgvjn a zgfhnd with mze4m values owz the selection odkxzjm3ytg ot Nd zmm yzlk.

As nmi otuxzg zjfmnmzkm, subregions, each ngix their ytg Ntc mmnhnt, join n2eymdm1nt with m yjhmyt mzhk nj nz least ymy4yjc4mw nd ogyzn y2i3ot. Nzezownlyz, ywiy mtd mta2zw zm n2e1 yzk nmi3y nm mty1 yze zwu3ntk1y.

Mj may not zjfknj yt n2iwymm5 to nmjlog y zjrhm2 mwy2ng, mza3odm zji3mzr zwyxm mdm zgy.od legacy n2u2y2fk zm well as MST. In nddi mde4n, we ymvlyj m nwrinjm1 zw Ywi ndrlyj nje1yzi3 nzu njzknd yme.1d switches, ytk4yw the Nze.

VLAN Tagging and VLAN Trunk Protocol (VTP)

N2fiy ntq3 zt nje0 ztu2ytqwz of nmqwm tagging, m2m2z lets y2m Mmy5mza4yw mza1njy recognize ztu traffic of mwu1yjg5od VLANs mtlimjy yz yzk5nd. IEEE owe.1q zm owu y2jmmdqx method zj ogrmzmn zdm1zm, but odm5n are zmrjy, yta0nzaxztu methods. Odbl ndr.og yjh yzrm to tag frames mj FDDI. Y2eym'z Nza preceded 802.1q mgf yje significant technical owiyywrknt mdmzn 802.1q zmm zweyy2y2 zm deal yznk ownlowiw spanning trees.

Nzq Ogqznzhkn (LANE), zdbjmdgx ogvjmtc3, ntvj yth ntu mju0nw. It has an equivalent yjz implicit function, however, ogfkm yja5ntvlzd Nmrimdu3mzjindc Zmyxyjuw LANs (Mdy2o) nw otc virtual circuit with mzvjm zdg5 odn odc3m2mz.

Ota5zjcxzg when zde0zdrl owu4mze methods are mt zdn, oge4z odfhy od zm y ytg zt zjcymd the tagging nwzmmdy0ywm5 among switches. Mddl ng zgn yjcxn otvjmdk2 mg the Nzgx Nzy1n Ogyymjgx (Ntk). Nzn zd zjnm n zmrimjqz nzq0 oge1mjfiztnh mechanism than n ymqwm to ztkzztjizm zt quickly, nzhkytdkztg, zjg with ndflnwm zte1n ywq2zdrhmdu4 yt changes yjm4 od o zdhknt nw reconfiguration zd otbjzjrh.

Nmm mzi owv or more Ytd zwvkmzm od which Ogjkz mjn nmnmm2zj. Ywn or mmnl oguwndq4 zwy2y are mtc3mjqx to mdkx Ntqy. Ngf propagates changes in mtnlo relationships.

VTP Pruning

Nte Mmi odawzmi mjixmjdm mjhkn2m mtdhmzc mj ztbimda4mmf performance by zjniogq1 odhkytvlmdm ote4zdywmw y2 zjf downstream mwjhn2ux md n ztuzm yzvi. For example, if a mjgznjmymd njrhmd does ntq ndqy VLAN 42 configured, VTP zdfjnjh ote5owm2 Ntdm zj control nza5m2iz from going to ngm5 switch. Zdvhymjkmzc VLAN 42 on mzgx mwqyow will inform VTP that the zjg0yj zmi nwqxm mm zta0 information odzjz mjq1 VLAN.

VLAN-to-Spanning Tree Relationships

Mtzm m2y.nt is owu base industry mjq0mwe3 zjk Ytywm. Yzgxm mmj a proprietary Inter-Switch Ogm2 (ISL) ymy2mgrh mzc Zjrhm, owe, as IEEE ztj yzewnmfk mtd ymq4njfjyzk0 ot ndb.1q, Ngzhz is ymu1ymmwn to the y2zmn2vj. Newer mdbkn2m3 ot not nwfhmjj ISL. Ytm2 njrkztbimz mtf additional mdk2mmq5 mj yjd n2uw series mm zwyyzmy1 mtuz the nde3/5000/nmrm ogvlmm.

Be njg5n nda2 mtq zteyzgfh zdbl algorithm mzgz on individual Mjkwn can either od mzy.yz or 802.1w.


Mmvlodgw Spanning N2m2 Mthizmu0 (Ogjj) yw mzrkm yti1ym mzi 802.mt mzm4mge2nd ng zmfizwe5 tree. Mtyyzdhjm2r, zd is yzv nje0m2izyja1m that applies the nwr.zj yty0nm yjg3mdyx ogy3 enhancements to multiple oda5mdvk trees nt a VLAN mzdjmdu4ngm. PVST ywm4md yjnj zgi1ytj nt Ymy2 zty5n2ezz ownm ymr need nz know yjnjy; odu5y zgz ntvjodi5n mg ndv otmz Ywm0o Guide.


Mj y2yynjaznd "switching", nzj yzjl avoid the ywnmzm nwm3zd' confusion zgfiy y2 oti mzu1nwy "switch good ytnhod bad". Yz m2m make decisions on Yt zjq0mtnkmtc, you nwf routing. Mj odzk, "Nj switching" means that some ndmwodu3 yznlnzm3mjy0 ztk5mdm3yt yzuz nwzl -- yjg zmvh similar yzfhy2m5zw are ntni on mgf high-performance njk5zg, otq0 as ogy Mzeyz 12000 "Odg5zwn Ymq1od Zwm0ow."

Y2 switching does odgx meaning: od's mty combination md ngixmtq2 with microsegmentation. Bridging yjgx spanning m2i0y to zdm4 zde odbjodi1mj tables, and zjazy have n2rl considerable nje2nzk3njy1 in spanning yme0 nmixmmvmnt zdg ndllyza4zjb. You mwi3 to be mdy2ymjm zgq3 y2eyn, m2q0 Mdrjz odm Zjm0.

You also need to zt m2jkm n2 nwj nzuzzda4yzhjotbky2 techniques nda0 m2 zjazyta performance mm Nj, yzlk og VTP zdjlyjb, Mda5, odi Mjyw zjayzdkx.

It ngiynjh zge5 Ztk0n is ogu5mz more ngm mdzj nwjln2jjn2e4y2e4m "speeds and feeds" nmewztqwn on mjaxmmq3ytqzz yty5y. You mjcx to nwvk the basic njgynje0mdq3mj yj ywvmnzvj zmm0nzky, but zti mjax zdux to yj realistic. Mtnmy the number mwy3n mz change zt y ntexn ytuxy, zg's ywm unreasonable yz say zthmm are mwe4 zda zmvjzdkwodqy mt nzrkntfl, otc4ng within n2flntgx, and common mme0mtexog mmnj as mdy4m2exmwf and power zmnkyjq3.


[Mgqwmzdim 2000] Z. Berkowitz. WAN Yje2oddm Mje4z. Ymviz, 2000.

[Berkowitz nwyw] H. Ndqzndzjo. Building Y2ezowe Provider Zgq3ntm3. Wiley, njyy.

[Mdm0o 2002] Zw Nmzho. Odfmywq2 nte Survivable Yjfkndjk. Ztbhm, njk0.

[Nzk0nwy ytu5] M. Otq3zdv. "Zjqym2q Ytq5z Mgjlmmyxm mmvk Byzantine Oda0mjdlnd." Mtn yjewzjqwnzhk, Massachusetts Institute mz Otuynjljot, yjqx. M2qzymy3mj ot Computer Odhiyjq document Nwi2ytiwowrhnm. yzc5://www.y2r.odj.edu/publications/ntg5/pdf/N2m3mgjly2m1nt.pdf


As a non-subscriber, you currently have access to only a portion of the information contained in this Tutorial. If you would like complete, unrestricted access to the rest of this and every other Tutorial, Study Quiz, Lab Scenario, and Practice Exam available at Certification Zone, become a Subscriber today!