Switchports

Switchport Presentation Transcript

Today we will be doing a general overview of the Cisco Catalyst Switchport configuration options and some of the technical details associated with the configuration of the device ports.

We will be discussing the operational modes and what configuration options can be used to end up in a particular operational mode

we will be discussing the trunk encapsulation types and the mechanics of that

we will also briefly go over DTP and its operational impact on the switchport

we will be going over etherchanel and qinq tunneling at a later date

If you are not very familiar with the Cisco catalyst switchport you may be led to believe that the operational states of the switchport leave you with three configuration options for the interface

There are, however, many ways to end up in these operational end states

For example;

An access interface is one that services one and only one VLAN.  As far as the switchport is concerned, it is connected to a station end and considers the distant to be DTE.  There is an instance where an access interface can be configured to handle multiple VLANS.  this is referred to as multi-vlan access interface and is used with voice vlan configurations.  We will not be discussing the Voice VLAN in this presentation.

To statically configure a switchport as an access interface, you would issue the sw m access command in interface configuration mode

Interestingly, there are three other ways a switchport can become an access interface.

The dynamic assignment of VLAN information to an access interface can be done two different ways.  One way is with VMPS or VLAN management policy server.  VMPS uses UDP VQP (VLAN Query Protocol) to communicate VLAN information to the Cisco Catalyst Device.  This VLAN assignment is based on the MAC address of the station end.  An add-on to ACS also exists to allow VMPS to assign VLAN based on authentication with ACS.

802.1X/EAP performs also determines VLAN based on user login credentialing.  This requires the use of a RADIUS server, and aaa configuration.  802.1x is commonly used with NAC and WiFi implementations.

The last way an interface can become an access switchport is via DTP.  Even though DTP is dynamic in nature, it is DTP’s inability to form a trunk that defaults the interface into an access configuration.

Trunks can be configured using static methods and by using active or passive dtp configurations.

The interesting thing about static configurations for trunks is that you can choose to statically configure all elements of the trunk or just the encapsulation.

If you choose to statically configure only the method of encapsulation, you choose your encapsulation type by issuing the command sw t e dot/isl.  The remainder of the trunk configuration can then be completed by DTP.

Should you want to statically configure that encapsulation and the operational mode you would first identify the encapsulation type with the above listed command and then statically configure the sw mode to trunk with the interface configuration command sw m t.

It is recommended that you then disable dynamic trunk negotiation by issuing the command sw non.  To reenable DTP issue the command no sw non.

Before exploring the configuration options for switchports further, let’s discuss our two options for trunk encapsulation.  802.1q and ISL.
ISL encapsulation is a Cisco solution used to communicate VLAN information on inter-switch links.  With ISL the entire Frame is encapsulated with 30 bytes of additional overhead in order to communicate the VLAN information.

A closer look at the ISL header identifies this as an 802.2 SNAP header.

ISL uses the link local multicast address 01.00.0c.00.00.00.  When the receiving switch receives this frame it knows by looking at the DA and SNAP value that this is ISL header has data identifying which VLAN the payload belongs to.

Because of the additional overhead of the ISL encapsulation, we can see that the minimum/maximum frame size requirements of ethernet increase over ISL links.

Our other option of trunk encapsulation is with 802.1q.

802.1q is an open standard developed by the 802 working group.

Rather than completely encapsulating the frame with another header, dot1q injects a tag into the frame.

This method greatly reduces the overhead associated with executing configuration at the LLC of the Data-Link.

So what information is kept in the tag?

The 802.1q tag can be broken down into four fields.
- The TPID: Identifies the ethertype of 802.1q/p header or x8100
- The priority field identifies the CoS value or priority assigned (marked) on the customer traffic
- The CFI is a one that identifies whether or not the MAC address is the frame is listed lsb or msb
and finally
the VID field identifies the VLAN of which the payload belongs.

Moving back to configuration of switchport modes.

DTP is a mechanism that allows for the dynamic negotiation of trunks on switchports.

DTP too, uses a SNAP header.

The DA in this case is the general use link-local multicast address used by a number of Cisco protocols, 01.00.0c.cc.cc.cc.  This is used to identify to the receiving device that it is not to forward the frame to any other interface.  For the receiving device to identify which Cisco protocol is in the payload, it looks at the SNAP field of the header.  If the value is 2004, than the payload is DTP.

The configuration of the interswitch links are what determines whether or not DTP negotiates a trunk or defaults to an access interface.  If both endpoints are configured as Dynamic Desirable, a trunk will form.  Should one side be configured as Dynamic Desirable and the other as Dynamic Auto, a trunk will form.  However, if both sides are configured as Dynamic Auto, the interface will default to an access switchport.

It is relevant to note that the default configuration for a 3560 Cisco Catalyst Switchport is Dynamic Auto, out of the box.

We will be discussing the Tunnel configuration in later presentations.