Well its a new year and that means New Year resolutions and that its time I get off my butt and finish my CCNA. I will be writing my ICND 2 exam at the end of January so expect quite a few
posts on the topics covered in the ICND 2.
The first of these topics is a review of how a switch forwards a frame through the network. This is one of the fundamental topics covered in the ICND 1 exam, however if you do not have a clear understanding of the logic then you will find the topics covered in the ICND 2 exam, and in everyday trouble shooting, very difficult to grasp.
For this I will be using the following GNS3 topology:
The topology is very basic and consists of the following:
- 2 X VPCS hosts configured with the following IP’s:
1. PC1: 10.1.1.20/24
2. PC2: 10.1.1.30/24
- 4 Switches running the i86bi-linux-l2-ipbasek9-15.1e.bin IOU image connected as follows:
SW1 Eth 0/0 -> SW2 Eth 0/0
SW1 Eth 0/1 -> SW3 Eth 0/0
SW1 Eth 0/2 -> SW4 Eth 0/2
SW1 Eth 1/0 -> PC1 Eth 0
SW2 Eth 0/0 -> SW1 Eth 0/0
SW2 Eth 0/1 -> SW4 Eth 0/1
SW2 Eth 0/2 -> SW3 Eth 0/2
SW3 Eth 0/0 -> SW1 Eth 0/1
SW3 Eth 0/1 -> SW4 Eth 0/0
SW3 Eth 0/2 -> SW2 Eth 0/2
SW4 Eth 0/0 -> SW3 Eth 0/0
SW4 Eth 0/1 -> SW2 Eth 0/1
SW4 Eth 0/2 -> SW1 Eth 0/2
SW4 Eth 1/0 -> PC2 Eth 0
- 3 Vlan’s are configured:
1. VLAN 1 Default
2. VLAN 10 BLUE
3. VLAN 20 RED
- Each of the interfaces between the switches are configured as 802.1Q trunk ports allowing all VLAN’s over the trunk.
- Each of the interfaces connecting to the VPCS PC’s are configured as access interfaces in VLAN 10.
To show the logic of how a switch forwards a frame I will ping PC 2 from PC 1 and use the output of the “show mac address-table” command to demonstrate the forwarding process.
At this point the switches have just booted and the MAC address table will be empty as no frames have been sent yet:
|
1 2 3 4 5 6 7 |
SW1# sh mac address-table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- SW1# |
Now we will ping from PC 1 to PC 2 to generate some frames. The first ping will time out as PC 1 does not yet have an ARP entry for PC 2:
|
1 2 3 4 5 |
PC1> show arp arp table is empty PC1> |
|
1 2 3 4 5 6 7 8 |
PC1> ping 10.1.1.30 10.1.1.30 icmp_seq=1 timeout 10.1.1.30 icmp_seq=2 ttl=64 time=1.088 ms 10.1.1.30 icmp_seq=3 ttl=64 time=1.926 ms 10.1.1.30 icmp_seq=4 ttl=64 time=10.366 ms 10.1.1.30 icmp_seq=5 ttl=64 time=0.680 ms PC1> |
On Switch 1 (PC 1 sending ARP request):
So PC 1 has now sent the first frame which will be an ARP request to find the MAC address of 10.1.1.30. The following steps describe how the frame is forwarded through the network.
Step 1:
The ARP request is received on interface eth 1/0 of SW1, the first thing SW1 will do is determine what VLAN the frame should be forwarded on. It does this by checking the following:
- If the frame arrives on an access interface, the switch will use the VLAN configured on the access interface.
- If the frame arrives on a trunk interface, the switch will use the VLAN defined in the 802.1Q header.
In the case of our example the frame arrives on interface eth 1/0 on SW1 which is configured as an access interface using VLAN 10.
Step 2:
Now that the switch knows what VLAN the frame belongs to, the next step is to add the source MAC address to the MAC address table with the incoming interface and VLAN id details.
Remember in this case no previous frames have been received, so the source MAC will not be in the MAC address table on SW1.
In our example the MAC address of PC1 is 00:50:79:66:68:01, therefore the switch will add this MAC to the MAC address table with an incoming interface of eth 1/0 and a VLAN id of 10:
|
1 2 3 4 5 6 7 8 9 10 |
vSW1#sh mac address-table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 10 0050.7966.6801 DYNAMIC Et1/0 1 0050.7966.6801 DYNAMIC Et0/1 Total Mac Addresses for this criterion: 2 SW1# |
Step 3:
Next SW1 will look for the destination MAC in its MAC address table, but only for entries in the VLAN identified in step 1. The switch will then follow one of the next 2 steps depending on whether the frame was found in the MAC address table:
- If the destination MAC address is found in the MAC address table for the VLAN identified in step 1, the switch will forward the frame out the interface listed in the MAC address table.
- If the destination MAC address is not in the MAC address table, the switch will flood (broadcast) the frame out all other access interfaces configured in the VLAN identified in step 1 as well as out all trunk interfaces that list this VLAN as fully operational (active in the allowed VLAN list, not pruned and not STP blocked)
In our example because the frame received on interface Eth 1/0 on SW1 is a broadcast ARP request ( destination MAC ff:ff:ff:ff:ff:ff), the frame will be flooded out all interfaces belonging to VLAN 10.
So to determine which interfaces the frame will be broadcast out on SW1 we need to confirm the spanning tree state of the interfaces as well as which interfaces are trunk interfaces:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
SW1#sh spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address aabb.cc00.0500 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address aabb.cc00.0500 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Et0/0 Desg FWD 100 128.1 Shr Et0/1 Desg FWD 100 128.2 Shr Et0/2 Desg FWD 100 128.3 Shr Et0/3 Desg FWD 100 128.4 Shr SW1# |
And the trunk interfaces are:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
SW1#sh interface trunk Port Mode Encapsulation Status Native vlan Et0/0 on 802.1q trunking 1 Et0/1 on 802.1q trunking 1 Et0/2 on 802.1q trunking 1 Port Vlans allowed on trunk Et0/0 1-4094 Et0/1 1-4094 Et0/2 1-4094 Port Vlans allowed and active in management domain Et0/0 1,10,20 Et0/1 1,10,20 Et0/2 1,10,20 Port Vlans in spanning tree forwarding state and not pruned Et0/0 1,10,20 Et0/1 1,10,20 Et0/2 1,10,20 SW1# |
So from the above information we can determine that SW1 will flood the frame out the following interfaces:
- Eth 0/0 The frame will be flooded because the interface is in a Spanning tree forwarding state and the VLAN is active on the trunk and not pruned.
- Eth 0/1 The frame will be flooded because the interface is in a Spanning tree forwarding state and the VLAN is active on the trunk and not pruned.
- Eth 0/2 The frame will be flooded because the interface is in a Spanning tree forwarding state and the VLAN is active on the trunk and not pruned.
Note that the frame is not forwarded out the access interface Eth 1/0, this is because a switch will broadcast frames out all interfaces in the VLAN except the interface upon which the frame was received.
On Switch 4 (PC 1 sending ARP request):
Because of the way STP works, I will cover STP in a later post, the frame sent by PC 1 will enter SW4 on interface Eth 0/2. because this is the first frame received from PC 1 there will be no MAC address table listing for PC 1’s MAC address:
|
1 2 3 4 5 6 7 |
SW4#sh mac address-table vlan 10 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- SW4# |
So SW4 will go through the steps described above as follows:
Step 1:
Because interface Eth 0/2 is a trunk interface, SW4 will look at the 802.1Qq header to determine what VLAN the switch belongs to. In the case the VLAN id will be 10 as that is what SW1 would have set the 802.1Q VLAN id to before broadcasting the frame out over its Eth 0/2 interface.
Step 2:
SW4 will now look at the source MAC address of the frame it was received and check the MAC address table to see if it is present. As this is the first frame that has been received from PC1 SW4 will put the source MAC address into its MAC address table listing the incoming interface and VLAN id:
|
1 2 3 4 5 6 7 8 9 10 |
SW4#sh mac address-table vlan 10 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 10 0050.7966.6801 DYNAMIC Et0/2 Total Mac Addresses for this criterion: 1 SW4# |
Step 3:
Now SW4 will look at the destination MAC address, in this case it is a broadcast MAC address so the Switch will flood the frame out all interfaces in VLAN 10 except the interface it was received upon.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
SW4#sh spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address aabb.cc00.0500 Cost 100 Port 3 (Ethernet0/2) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address aabb.cc00.0800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Et0/0 Altn BLK 100 128.1 Shr Et0/1 Altn BLK 100 128.2 Shr Et0/2 Root FWD 100 128.3 Shr Et1/0 Desg FWD 100 128.5 Shr SW4# |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
SW4#sh interfaces trunk Port Mode Encapsulation Status Native vlan Et0/0 on 802.1q trunking 1 Et0/1 on 802.1q trunking 1 Et0/2 on 802.1q trunking 1 Et0/3 on 802.1q trunking 1 Port Vlans allowed on trunk Et0/0 1-4094 Et0/1 1-4094 Et0/2 1-4094 Et0/3 1-4094 Port Vlans allowed and active in management domain Et0/0 1,10,20 Et0/1 1,10,20 Et0/2 1,10,20 Et0/3 1,10,20 Port Vlans in spanning tree forwarding state and not pruned Et0/0 none Et0/1 none Et0/2 1,10,20 SW4# |
From the output of the STP and trunk information gathered above, we can see that SW 4 will flood the frame out the following interfaces:
Eth 1/0 This is an access interface and is in a STP forwarding state.
The frame will not be flooded out Eth 0/2 as this is the incoming interface. It will also not be flooded out of interface Eth 0/1 and Eth 0/2 because these interfaces are in STP blocking state and the Vlan is not active on these trunks.
On Switch 4 (PC 2 responding to ARP request)
So now PC 2 will receive the flooded ARP request and determine that the request is destined for the IP configured on Eth 0 on PC 2. PC 2 will then generate an ARP response frame to send back to PC 1.
The following steps describe the logic of how the switches deal with this frame:
Step 1:
SW 4 receives the ARP response frame from PC 2, this is an access interface in VLAN 10 so the switch knows that the frame belongs to VLAN 10.
Step 2:
SW 4 checks to see if the source MAC address is in the MAC address table, because this is the first frame received from PC 2 there will be no entry for PC 2’s MAC address. The switch then adds PC 2’s MAC address (00:50:79:66:68:02) to the MAC address table listing the VLAN id 10 and an interface of Eth 1/0 (the incoming interface:
|
1 2 3 4 5 6 7 8 9 10 |
SW4#sh mac address-table vlan 10 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 10 0050.7966.6801 DYNAMIC Et0/2 10 0050.7966.6802 DYNAMIC Et1/0 Total Mac Addresses for this criterion: 2 SW4# |
Step 3:
Next the switch will check its MAC address table for the destination MAC address listed in the frame (00:50:79:66:68:01) which is the MAC address of PC 1. Because the switch put the MAC address of PC 1 into the MAC address table when the first frame was received from PC 1 there is now an entry for PC 1’s MAC address in SW 4’s MAC address table and it is in the same VLAN to which the frame sent by PC 2 is in:
|
1 2 3 |
SW4#sh mac address-table vlan 10 | in 0050.7966.6801 10 0050.7966.6801 DYNAMIC Et0/2 SW4# |
Because the MAC address for PC 1 is listed in SW 4’s MAC address table SW 4 know that it can forward the frame out of interface Eth 0/2 as a unicast frame.
On Switch 1 (PC 2 responding to ARP request):
switch one now receives the frame from PC 2 on interface Eth 0/2 as this is the interface directly connected to SW 4′ Eth 0/2 interface and processes the frame as follow’s:
Step 1:
SW 1 receives the ARP response frame from PC 2, Eth 0/2 is a trunk interface so the switch looks at the 802.1Q header to determine the VLAN id. So now the switch knows that the frame belongs to VLAN 10.
Step 2:
SW 1 checks to see if the source MAC address is in the MAC address table, because this is the first frame received from PC 2 there will be no entry for PC 2’s MAC address. The switch then adds PC 2’s MAC address (00:50:79:66:68:02) to the MAC address table listing the VLAN id 10 and an interface of Eth 0/2 (the incoming interface):
|
1 2 3 4 5 6 7 8 9 10 |
SW1#sh mac address-table vlan 10 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 10 0050.7966.6801 DYNAMIC Et1/0 10 0050.7966.6802 DYNAMIC Et0/2 Total Mac Addresses for this criterion: 2 SW1# |
Step 3:
Next the switch will check its MAC address table for the destination MAC address listed in the frame (00:50:79:66:68:01) which is the MAC address of PC 1. Because the switch put the MAC address of PC 1 into the MAC address table when the first frame was received from PC 1 there is now an entry for PC 1’s MAC address in SW 1’s MAC address table and it is in the same VLAN to which the frame sent by PC 2 is in:
|
1 2 3 |
SW1#sh mac address-table vlan 10 | in 0050.7966.6801 10 0050.7966.6801 DYNAMIC Et1/0 SW1# |
Because the MAC address for PC 1 is listed in SW 1’s MAC address table SW 1 know’s that it can forward the frame out of interface Eth 1/0 as a unicast frame.
Pc 1 then receives this frame and the process is repeated agin for each frame that is sent from PC 1 to PC 2.
