15: Switch Operation

15.1 Switch operation and characteristics

Switches are ‘layer 2’ devices that forward the frames between the devices connected to its ports using the MAC address table that exists on the switch.

Image2291.JPG Figure 15.1: switch operation

In figure (15.1), suppose that ‘computer A’ needs to send a frame to ‘computer C’.

‘Computer A’ will send a frame with the destination MAC address equals to ‘CC’ to the switch.

The switch will look for MAC address ‘CC’ in its routing table.

The switch will find the MAC address connected to its ‘fa 0/2’ port.

Therefore, the switch will forward the frame through its ‘fa 0/2’ port to reach the destination computer ‘computer C’.

15.1.1 Switch characteristics

Image2300.JPG Figure 15.2: a switch

Switches use hardware ASICs (Application Specific Integrated Circuits) to switch the frames between its ports. Therefore, switches are faster than routers (taking into consideration that, switches are ‘layer 2’ devices, while routers are ‘layer 3’ devices).

Switches divide the collision domain, while it does not divide the broadcast domain.

Image2307.JPG Figure 15.3: switches divide the collision domain

15.2 Switch ‘layer 2’ functions

Image2315.JPG Figure 15.4: switch operation

15.2.1 Address learning

The switches build its MAC address table by recording the source MAC address for every frame it received, combined with the port number that the frame is received on.

To view the MAC address table on the switch, we can use the following command,

Switch# show mac address-table

We can put a static entry in the MAC address table using the following command,

Switch(config)#mac address-table static mac-address vlan vlan-idinterface port no.

Note that, the ‘VLAN’ term will be illustrated in the next hour.

15.2.2 Frame forwarding (filtering)

The switches take the forwarding decision depending on the information that exists in its MAC address table.

When the switch receives a frame, the switch will look at the destination MAC address in the frame, and decide through which port it should forward this frame by looking for this MAC address in its MAC address table.

If the switch did not find the destination MAC address in its MAC address table, the frame will be flooded out through all of the switch interfaces, except the interface the frame came from.

15.3 Port security

The port security is used to prevent the users from attaching any unauthorized device to the network.

The port security does this role by limiting the number of MAC addresses that are allowed for every switch port.

Image2323.JPGFigure 15.5: port security

In figure (15.5), suppose that the port security is configured on the interface ‘fa 0/3’ in order to limit the number of MAC addresses allowed to connect to this port to only two MAC addresses.

Currently, there are two MAC addresses connected to ‘fa 0/3’, which are ‘DD’ and ‘EE’.

So currently, there are no more devices allowed to connect to the port ‘fa 0/3’.

15.3.1 Port security configuration

To configure the port security on a switch port we can use the following commands,

Switch(config)# interface port type/number

Switch(config-if)#switchport port-security maximum number of allowed MACs addresses

Switch(config-if)#switchport port-security violation {shutdown | restrict }

In the last command you can use the ‘shutdown’ keyword or the ‘restrict’ keyword.

Shutdown: the port will shutdown and the administrator should manually bring it up

Restrict: the port will not shutdown but it will refuse to receive any data from or send any data to the restricted device.