What is the working principle of the switch?

1, the function of the switch

Connect multiple Ethernet physical network segments to isolate collision domains.

Ethernet frames are exchanged and forwarded in a high-speed and transparent way.

Learn and maintain MAC address information by yourself.

Switches work on the second floor and can be used to isolate collision domains. In the OSI reference model, the role of Layer 2 is addressing, where addressing refers to MAC addresses, while switches forward MAC addresses. In each switch, there is a MAC address table, which is automatically learned by the switch. Therefore, in general, the role of switches is addressing and forwarding. It should be noted that the addressing and forwarding here are both MAC addresses, which need to be distinguished from the routers shared last week. Router,

2, the characteristics of the switch

It mainly works in the physical layer and data link layer of OSI model.

Provides transparent bridging and switching between Ethernet networks.

According to the MAC address of the link layer, Ethernet data frames are forwarded between ports.

3, switch MAC address table forwarding process:

MAC address table initialization:

When the switch is first started, there are no entries in the MAC address table. The switch in the above figure is the MAC address table when it was just started. You can see that there are no entries. When accessing a PC, the switch begins to learn the MAC address as follows:

MAC address table learning process (1)

PCA sends out data frames

The switch associates the source address MAC_A in the PCA frame with the port E 1/0/ 1 that receives the frame.

The switch sends out PCA frames from all other ports (except the port E 1/0/ 1 that received the frame).

MAC Address Table Learning Process (2)

PCB, PCC and PCD send data frame exchange opportunities to associate the source address in the received frame with the corresponding port. At this point, the MAC address table of the switch is learned and the data is forwarded.

4. The switch forwards and filters data frames.

Forwarding of unicast frames:

PCA sends out unicast data frames destined for PCD.

The switch sends it out from the corresponding port E 1/0/4 according to the destination address in the frame.

The switch will not forward the unicast data frame on other ports.

Forwarding broadcast, multicast and unknown unicast frames;

Switches send broadcast, multicast, and unknown unicast frames from all other ports except the port that receives the frame.

VLAN basic principles

1, broadcast storm

The so-called broadcast frame means that the broadcast frame sent by the device propagates in the broadcast domain in the second-floor environment, which will cause the broadcast town to occupy the network bandwidth and reduce the performance of the device.

2. Use a three-layer device router to isolate the broadcast domain.

The broadcast frame belongs to the second floor and does not span the third floor. Therefore, in order to solve the broadcast storm, three-layer equipment can be used to isolate the broadcast domain and narrow the scope of the broadcast domain. For example, using a router to isolate the broadcast domain, because the router is a three-layer device, it is easy to form a bottleneck of data forwarding, so generally we use VLAN to isolate the broadcast domain.

3.VLAN Independent Broadcasting Company

Layer 2 switches uses VLAN (Virtual Local Area Network) to isolate broadcasting, thus narrowing the scope of broadcasting domain. In this case, different VLANs cannot communicate with each other. Assuming that PCA sends a broadcast frame, it will only propagate between VLAN 1 and not VLAN2, which not only limits the scope of the broadcast domain, but also ensures the security of VLAN2.

4. Advantages of VLan

Effectively control the scope of broadcast domain.

Enhance the security of LAN

Flexible Construction of Virtual Workgroup

5.VLAN classification (VLAN classification)

Port-based VLAN:

Port-based VLAN division is the most commonly used method, that is, one or several ports belong to a VLAN, and the users below this port also belong to this VLAN. Assuming that E1/01and E 1/2 belong to VLAN 10, E 1/3 and E 1/4 belong to VLAN20, then PCA and PCB belong to VLAN65438+.

The advantage of this division is that it is easy to configure, as long as the corresponding port is added to the corresponding VLAN on the switch. The disadvantage is that if the user changes the port of the switch, the VLAN ID will also change.

VLAN based on MAC address:

VLAN based on MAC address is to divide VLAN according to MAC address when dividing VLAN. For example, if the MAC addresses of PCA and PCB are divided into vlan 10, then PCA and PCB belong to VLAN 10, and PCC and PCD are the same.

The advantage of this division is that users will not be idle because of their geographical location. No matter which interface PCA users connect to, they belong to VLAN 10. The disadvantage is that the configuration is more complicated than the port-based partition method.

Protocol-based VLAN:

This division method refers to running different protocols in the same VLAN. For example, PCA and PCB both run IP protocol and belong to VLAN 10. PCC and PCD are the same.

The advantage of this division method is that it is still not affected by physical location. No matter which interface the PCA is connected to, it belongs to VLAN 10. The disadvantage is that there are not many protocols that PC can really run, and the number of vlan is limited.

Subnet-based VLAN:

This division method is based on subnet division. For example, 10.0.0/24 belongs to VLAN 10 and 20.0.0/24 belongs to vlan20；.

The most common and convenient configuration among the above four partition methods is the port-based VLAN partition method, and the following experimental example is also based on the port partition method.

6, Vlan technology principle

VLAN label:

For switches, Ethernet frames of different VLANs are distinguished according to VLAN tags. For example, PCA sends a data frame with the destination address of PCB to the switch, and the switch is tagged with vlan 10, and then forwarded from the port of PCB to PCB according to vlan table. The operation of VLAN tagging will be described in detail below.

802. 1Q frame format:

We know that the data sent by PC has no VLAN tag, so when did VLAN ID tag appear? In fact, when data enters a switch port, it appears. The Tag placed between the source address SA and the Type type of standard Ethernet frame contains vlan ID, and the range of VLAN ID is 4096. Excluding the default vlan1and vlan4096 as reserved VLANs, the actual number of available VLAN id is 4094.

Single switch VLAN tag operation:

As mentioned above, the data sent by PC is not marked with vlan, so it will be marked with VLAN when entering the switch. Because the data sent by the PC is not marked with VLAN, when leaving the switch, the switch needs to remove the VLAN mark of the data frame first, and then forward it to the corresponding PC.

For example, when a PC sends a standard guaranteed Ethernet frame with PCA's address as the source address and PCC's address as the destination address, when it arrives at the switch port, the switch will be marked as vlan 10, and then it will be forwarded from the port where PCC is located according to the vlan table. At the same time, the label of VLAN 10 needs to be stripped, which means that when the data frame arrives at PCC, it is still a standard Ethernet frame without VLAN label, PCB and PCD.

Access Link Type Port:

There are three types of VLAN links, commonly used are access and trunk link types, which will also be introduced below. The first type is the access link type, which is characterized by allowing the default VLAN to pass, while only sending and receiving data frames of one VLAN.

Therefore, the access link type is generally suitable for connecting user equipment, that is, the switch is directly connected to the PC to use the access link.

Crossover VLAN tag operation:

As mentioned above, vlan tags are tagged when entering the switch and stripped when leaving the switch. Then, in the above topology, PCA sends a data frame with a destination address to PCC, which reaches SWA and is marked as VLAN 10, and then it is stripped from E10/24 and forwarded to SWB and marked as vlan 10. It is normal to forward data frames from e11to PCC, but as mentioned above, the access link type only supports one data frame to pass through, so if a data frame with VLAN20 is sent at the same time when the PCB is put into operation, it cannot be forwarded. Therefore, it is realized by relay link type.

Trunk link type port:

Trunk link type is a bit long, allowing multiple VLANs to pass through, and can send and receive data frames of multiple VLANs. At the same time, the default VLAN (that is, the Ethernet frame of PVID) has no label.

Therefore, the trunk link type is generally a connection between PBXs.

VLAN configuration

1.VLAN configuration Basic configuration:

Create vlan and enter VLAN view.

vlan vlan-id

Adds the specified port to the current vlan.

Switch port interface interface list

The link type of the configuration port is trunk type.

Switched port mode relay

Allows the specified vlan to pass through the current trunk port

Vlan {all|vlan-id allowed for switch port trunk

Set the default vlan of the trunk port.

Switch port trunk local vlan vlan-id

2.VLAN topology diagram: