1.1.b Managing MAC address table:
The MAC address table contains address information that the switch uses to forward traffic between ports. All MAC addresses in the address table are associated with one or more ports. The address table includes these types of addresses:
Commands for Displaying the MAC Address Table
show mac address-table address - Displays MAC address table information for the specified MAC address.
show mac address-table aging-time - Displays the aging time in all VLANs or the specified VLAN.
show mac address-table count - Displays the number of addresses present in all VLANs or the specified VLAN.
show mac address-table dynamic - Displays only dynamic MAC address table entries.
show mac address-table interface - Displays the MAC address table information for the specified interface.
show mac address-table learning - Displays MAC address learning status of all VLANs or the specified VLAN.
show mac address-table static - Displays only static MAC address table entries.
show mac address-table vlan - Displays the MAC address table information for the specified VLAN.
Dynamic address: a source MAC address that the switch learns and then ages when it is not in use.
Static address: a manually entered unicast address that does not age and that is not lost when the switch resets.
The address table lists the destination MAC address, the associated VLAN ID, and port number associated with the address and the type (static or dynamic).
Layer 2 switching is based on hardware based bridging, whereas Layer 3 switching is based on hardware based routing. Layer 2 switching is done based on physical (MAC) addresses, whereas Layer 3 switching is based on logical address.
The devices functioning at Access Layer are usually characterized with higher port density and lower cost. These devices also provide LAN segmentation.
Typically, the following are performed at the Access Layer (AL):
1. Enable MAC address filtering: Here, the switch is configured to allow/deny access to network resources depending on the host machine's MAC address (also called the physical address).
2. Create separate collision domains: A switch can be configured to use separate collision domain for each connected node to improve performance.
3. Support for various devices: The campus access layer supports multiple device types including phones, APs, video cameras, and laptops, with each requiring specific services and policies.
4. Handle switch bandwidth: You can move data from one network to another to perform load balancing.
5. Control of traffic: Ability to detect undesirable application traffic flows at the network access layer and allow for selected control (drop or police) of undesirable traffic.
Function of the core layer and distribution Layer
The primary function of a Core Layer is to switch traffic as fast as possible and providing connectivity between switch blocks, WAN blocks and/ or any other blocks that may be present. Provide back-bone High speed switching in a campus network enviornment
The Distribution Layer is responsible for routing traffic between VLANs, Broadcast domain definition, Inter-VLAN routing, and security.
The Access Layer is responsible for Layer 2 services, such as VLAN membership, traffic filtering based on broadcast or MAC addresses.
Core layer is the high-speed switching backbone of any network. It is crucial for any corporate communication and any failure will be very costly. The core layer has the following characteristics:
1. High reliability
2. Adapt to changes quickly
3. Lower latency
4. Fast Switching
Distribution layer lies in between the Core layer and Access layer. It usually deals with the following:
1. Security
2. Access Control Lists
3. Route Summarization
4. Media translation
The distribution layer is already using 6500 series switches. Therefore, it is preferred to have same or better performance at Core level. Hence, the choice of Catalyst 6800 series switch is most appropriate among the given choices.
There are 3 primary ways to control access to distribution layer:
1. Access lists: Standard and extended access lists can be applied to filter unnecessary traffic from reaching Core Layer.
2. Route filters: The routes that are propagated to Core Layer can be controlled by using route filters by using the command distribution-list.
3. Network services control: Not all services need to be advertised to the Core Layer. Services such as DNS, DHCP, SAP updates can be filtered using commands such as ipx output-sap-filter.
Distribution layer is responsible for routing traffic between VLANs. This layer also provides LAN segmentation and terminates collision and broadcast domains.
When both the core and distribution layer functions are performed in the same device, it is said to be collapsed core design. A collapsed core design is suitable in small campus networks.
MAC addresses flooding: Here the attacking device floods frames with unique, invalid source MAC addresses to the switch and exhaust CAM table space of the attacked switch. The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is subsequently flooded out all ports.
MAC address flooding may be prevented by using switch port security. By using "vlan access-map" switch ports may be configured to identify and block offending devices.
The "access-class in/out" command applies an access list to the virtual terminal line. Access list needs to be created before defining access-class command. Access lists applied with access-group command does not control traffic originating from that device (the device to which access-group is applied) itself. For this reason, you need to define access-class to control access to traffic, such as telnet that is originating in that device itself.
The following are true about a switch with TCAM:
1. Access list rules are compiles as TCAM entries
2. TCAM entries are evaluated in parallel
3. Access lists are processed with one TCAM table lookup.
4. Complex access lists take the same time as the simple access lists, using TCAM.
The command used to set the CAM table aging time is:
mac address-table aging-time <seconds>
Other important commands used with CAM table are:
1. mac address-table static <mac-address> vlan <vlan-id> interface <type> <mode>/<num>
The above command is used to configure a static CAM entry.
2. clear mac address-table dynamic [address <mac-address> |interface <type> <mod>/<num> | vlan <vlan id>]
The above command is used to clear a CAM table entry.
3. show mac address-table dynamic [address <mac-address> | interface <type> <mod>/<num> | vlan <vlan-id>]
The above command is used to view the contents of a CAM table.
4. show tcam counts
The above command is used to view TCAM information.
