Cisco Switch

system LED:顯示系統是否接收到電源並正常工作
RPS(remote power supply) LED :顯示是不是在使用遠端的電源供應
port LEDs:
 port mode
 port status

cisco switch在auto-negotiation會根據priority table表決定port mode,如下
Priority: Ethernet Mode
7: 100BASE-T2 (full duplex)
6: 100BASE-TX (full duplex)
5: 100BASE-T2
4: 100BASE-T4
3: 100BASE-TX
2: 10BASE-T (full duplex)
1: 10BASE-T
ps:未標注full duplex則為half duplex


Operations Within a Layer 2 Catalyst Switch
RX switch port
Ingress Queues
follows decisions are made simultaneously by independent portions of switching hardware
(TCAM)Security ACLs Inbound and Outbound
(TCAM)QoS ACLs Classification and Policing
(CAM)L2 Forwarding Table
Egress Queues
TX Switch Ports

L2 forwarding table
如同mac table
Security ACLs
ACL can be used to identify frames according to their MAC addresses, protocol types (for non-IP frames), IP addresses, protocols, and Layer 4 port numbers.
The TCAM contains ACLs in a compiled form so that a decision can be made on whether to forward a frame in a single table lookup.
Other ACLs can classify incoming frames according to QoS parameters, to police or control the rate of traffic flows, and to mark QoS parameters in outbound frames.
The TCAM also is used to make these decisions in a single table lookup.


cisco catalyst switch使用的MLS技術如下
route caching(first-generation MLS)
topology-based (second-generation MLS)
only the topology-based is supported in the CiscoIOS Software-based switch families, such as the Catalyst 3750, 4500, and 6500
switching methods由快到慢分別是
dCEF, CEF, fast switching, process switching

Route caching
requiring a RP(route processor) and a SE(switch engine).
 The RP must process a traffic flow’s first packet to determine the destination.
 The SE listens to the first packet and to the resulting destination, and sets up a “shortcut” entry in its MLS cache.
The SE forwards subsequent packets in the same traffic flow based on shortcut entries in its cache.
Even if this isn’t used to forward packets in Cisco IOS-based Catalyst switches, the technique generates traffic flow information and statistics.
This type of MLS also is known by the names
fast switching,Netflow LAN switching, flow-based/demand-based switching, and “route once, switch many.”

Topology-based/CEF (utilizing specialized hardware.)
Layer 3 routing information builds and prepopulates a single database of the entire network topology.
1. This database, an efficient table lookup in hardware, is consulted so that packets can be forwarded at high rates.
2. The longest match found in the database is used as the correct Layer 3 destination.
3. As the routing topology changes over time, the database contained in the hardware can be updated dynamically with no performance penalty


Operations Within a Multilayer Catalyst Switch
RX switch port
Ingress Queues
To forward packets using the simultaneous decision processes
(TCAM)Security ACLs Inbound and Outbound
(TCAM)QoS ACLs Classification and Policing
(FIB)L3 Forwarding Table
(CAM)L2 Forwarding Table
L3 Packet Rewrite
Egress Queues
TX Switch Ports

all these multilayer decisions are performed simultaneously in hardware
L2 forwarding table
如同mac table
If the frame contains a Layer 3 packet to be forwarded, the destination MAC address is that of a Layer 3 port on the switch.
In this case, the CAM table results are used only to decide that the frame should be processed at Layer 3.
(FIB)L3 forwarding table
The FIB table is consulted, using the destination IP address as an index.
The longest match in the table is found (both address and mask), and the resulting next-hop Layer 3 address is obtained.
The FIB also contains each next-hop entry’s Layer 2 MAC address and the egress switch port (and VLAN ID) so that further table lookups are not necessary.
 IP Address
 Next-Hop IP Addr
 Next-Hop MAC Addr
 Egress Port
Security ACLs
Inbound and outbound access lists are compiled into TCAM entries so that decisions of whether to forward a packet can be determined as a single table lookup.
Packet classification, policing, and marking all can be performed as single table lookups in the QoS TCAM.

Because the contents of the Layer 3 packet (the TTL value) have changed, the Layer 3 header checksum must be recalculated.
And because both Layers 2 and 3 contents have changed, the Layer 2 checksum must be recalculated.
In other words, the entire Ethernet frame must be rewritten before it goes into the egress queue.
This also is accomplished efficiently in hardware

Multilayer Switching Exceptions
it is flagged for further processing and sent or “punted” to the switch CPU for process switching
If a packet meets criteria such as the following:
■ ARP requests and replies
■ IP packets requiring a response from a router
(TTL has expired, MTU is exceeded, fragmentation is needed, and so on)
■ IP broadcasts that will be relayed as unicast
(DHCP requests, IP helper-address functions)
■ Routing protocol updates
■ Cisco Discovery Protocol packets
■ IPX routing protocol and service advertisements
■ Packets needing encryption
■ Packets triggering Network Address Translation (NAT)
■ Other non-IP and non-IPX protocol packets (AppleTalk, DECnet, and so on)


CAM(Content-Addressable Memory)
1. 如同mac table
2. All Catalyst switch models use a CAM table for Layer 2 switching.
3. 欄位包括以下
 MAC Address
 Egress Port
1. The port of arrival and the VLAN both are recorded in the table, along with a timestamp.
2.1 If a MAC address learned on one switch port has moved to a different port, the MAC address and timestamp are recorded for the most recent arrival port. Then, the previous entry is deleted.
2.2 If a MAC address is found already present in the table for the correct arrival port, only its timestamp is updated

CAM manage
To manage the CAM table space, stale entries (addresses that have not been heard from for a period of time) are aged out.
By default, idle CAM table entries are kept for 300 seconds before they are deleted

when a host’s MAC address is learned on one switch port, and then the host moves so that it appears on a different switch port
To avoid having duplicate CAM table entries, a switch purges(不需要等待300秒) any existing entries for a MAC address that has just been learned on a different switch port
If a switch notices that a MAC address is being learned on alternating switch ports,
it generates an error message that flags the MAC address as “flapping” between interfaces.


TCAM(Ternary Content-Addressable Memory)
The Catalyst IOS Software has two components that are part of the TCAM operation:
FM(Feature Manager)
After an access list has been created or configured, the FM software compiles, or merges, the ACEs into entries in the TCAM table.
The TCAM then can be consulted at full frame-forwarding speed.
SDM(Switching Database Manager)
You can partition the TCAM on some Catalyst switches into areas for different functions.
The SDM software configures or tunes the TCAM partitions, if needed.
(The TCAM is fixed on Catalyst 4500 and 6500 platforms and cannot be repartitioned.)

1.In traditional routing,
ACLs can match, filter, or control specific traffic.
Access lists are made up of one or more ACE or matching statements that are evaluated in sequential order.
Evaluating an access list can take up additional time, adding to the latency of forwarding packets.
2.In multilayer switches, however,
all the matching process that ACLs provide is implemented in hardware.
TCAM allows a packet to be evaluated against an entire access list in a single table lookup.
Most switches have multiple TCAMs so that both inbound and outbound security and QoS ACLs can be evaluated simultaneously, or entirely in parallel with a Layer 2 or Layer 3 forwarding decision.
access control entities (ACE)

The TCAM is an extension of the CAM table concept
TCAM also uses a table-lookup operation but is greatly enhanced to allow a more abstract operation
binary values (0s and 1s) make up a key into the table, but a mask value also is used to decide which bits of the key are actually relevant.
This effectively makes a key consisting of three input values: 0, 1, and X (don’t care) bit values-a three-fold or ternary combination.

TCAM entries are composed of VMR(Value,Mask,Result) combinations
be always 134-bit quantities, consisting of src and dst addr and other relevant protocol information – all patterns to be matched.
欄位有:IP Protocol,IP ToS,Source IP,Src port,S Port LOU,Dest IP,Dest port,D Port LOU
The information concatenated to form the value depends on the type of access list
Values in the TCAM come directly from any address, port, or other protocol information given in an ACE.
 Access List Type: Value and Mask Components, 134 Bits Wide (Number of Bits)
 Ethernet: Source MAC (48), destination MAC (48), Ethertype (16)
 ICMP: Source IP (32), destination IP (32), protocol (16), ICMP code (8), ICMP type (4), IP type of service (ToS) (8)
 Extended IP using TCP/UDP: Source IP (32), destination IP (32), protocol (16), IP ToS (8), source port (16), source operator (4), destination port (16),destination operator (4)
 Other IP: Source IP (32), destination IP (32), protocol (16), IP ToS (8)
 IGMP: Source IP (32), destination IP (32), protocol (16), IP ToS (8),IGMP message type (8)
 IPX: Source IPX network (32), destination IPX network (32), destination node (48), IPX packet type (16)
are 134-bit quantities, in exactly the same format, or bit order, as the values.
Masks select only the value bits of interest; a mask bit is set to exactly match a value bit or is not set for value bits that do not matter.
The masks used in the TCAM stem from address or bit masks in ACEs
are numeric values that represent what action to take after the TCAM lookup occurs.
Whereas traditional access lists offer only a permit or deny result, TCAM lookups offer a number of possible results or actions.
the result can be a permit or deny decision, an index value to a QoS policer, a pointer to a next-hop routing table, and so on.

The TCAM always is organized by masks, where each unique mask has eight value patterns associated with it.
the Catalyst 6500 TCAM (one for security ACLs and one for QoS ACLs) holds up to 4096 masks and 32,768 value patterns.
The trick is that each of the mask-value pairs is evaluated simultaneously, or in parallel, revealing the best or longest match in a single table lookup.

Port Operations in TCAM
1. If an ACE has a port operator
ex:( such as gt, lt, neq, or range,)
access-list 100 deny udp any gt 1024
access-list 100 deny udp any range 1024 2047
the FM software compiles the TCAM entry to include the use of the operator and the operand in a LOU(logical operation unit) register.
Only a limited number of LOUs are available in the TCAM
LOU register pairs
A.1( gt 1024) , A.2( )
B.1(range start 1024) , B.2(range end 2047)
If there are more ACEs with comparison operators than there are LOUs, the FM must break up the ACEs into multiple ACEs with only regular matching (using the eq operator).
2.The FM checks all ACEs for Layer 4 operation and places these into LOU register pairs.
3.These can be loaded with operations, independent of any other ACE parameters.
4.The LOU contents can be reused if other ACEs need the same comparisons and values.
5.After the LOUs are loaded, they are referenced in the TCAM entries that need them.
A finite number (actually, a rather small number) of LOUs are available in the TCAM, so the FM software must use them carefully.

TCAM resources
TCAMs have a limited number of 1)usable mask, 2)value pattern, and 3)LOU entries.
If access lists grow to be large or many Layer 4 operations are needed, the TCAM tables and registers can overflow.
If that happens while you are configuring an ACL, the switch will generate syslog messages that flag the TCAM overflow situation as it tries to compile the ACL into TCAM entries.



(config)#ip default-gateway < ip>

在multilayer switch上啟動route功能
(config)#ip routing

Switch(config-if)# switchport host
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled

multilayer switch interface mode
Layer 2 mode:layer2介面,一般switch 介面
Layer 3 mode:layer3介面,可設ip,有支援第三層的switch介面
every switch port on
 most Catalyst switch: is a Layer 2 interface,
 Catalyst 6500: is a Layer 3 interface

設定multilayer switch interface為layer2 mode
Switch(config-if)# switchport

設定multilayer switch interface為layer3 mode
Switch(config-if)# no switchport
Switch(config-if)# ip address < ip > mask [secondary]
the EtherChannel can also become a Layer 3 port.

Switch(config)# interface vlan < vlan-id>
Switch(config-if)# ip address < ip > mask [secondary]
Switch(config-if)# no shutdown

Verifying interface mode
# show interface < interface > switchport
 Disabled: 該介面為layer3 mode
 Enabled: 該介面為layer2 mode
the interface is disabled with the shutdown command
the VLAN itself has not been defined on the switch.
show interface switchport為例,畫面大致如下
namee: Gi4/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk //若為down表示介面沒在運作


to configure static CAM table entries
(config)# mac address-table static < mac-address> vlan interface < interface>
ex:設定2950switch fa0/5是由1111.1111.1111的mac位置和vlan1存取
2950(config)#mac-address-table static 1111.1111.1111 vlan 1 int fa0/5
ps:1900(config)#mac-address-table permanent

to clear CAM table entries
Switch# clear mac address-table dynamic [address < mac> | interface < interface> | vlan < vlan-id>]

to change the CAM table entries aging-time
Switch(config)# mac address-table aging-time < seconds>

To view the contents of the CAM table
#show mac address-table dynamic [address < mac> | interface < interface> | vlan < vlan-id>]
[address < mac>]: to specify a single MAC address
[interface < interface>] to see addresses that have been learned on a specific interface
[vlan < vlan-id>] to see addresses that have been learned on a specific vlan
ps:部份設備需改用show mac-address-table
to find the learned location of the host with MAC address 0050.8b11.54da
#show mac address-table dynamic address 0050.8b11.54da
Mac Address Table
Vlan Mac Address Type Ports
—- ———– —- —–
54 0050.8b11.54da DYNAMIC Fa1/0/1
Total Mac Addresses for this criterion: 1
To see all the MAC addresses that are currently found on interface GigabitEthernet1/0/29
Switch# show mac address-table dynamic interface gigabitethernet1/0/29
Mac Address Table
Vlan Mac Address Type Ports
—- ———– —- —–
537 0013.7297.3d4b DYNAMIC Gi1/0/29
Total Mac Addresses for this criterion: 1

1. showing nothing about the interface and VLAN where the MAC address is found.
2. the host has not sent a frame that the switch can use for learning its location,or something odd is going on.
3. the host is using two network interface cards (NIC) to load balance traffic;one NIC is only receiving traffic, whereas the other is only sending. Therefore, the switch never hears and learns the receiving-only NIC address

To see the CAM table’s size
Switch# show mac address-table count
MAC address totals are shown for each active VLAN on the switch.
This can give you a good idea of the size of the CAMtable and how many hosts are using the network.
Switch# show mac address-table count
Mac Entries for Vlan 1:
Dynamic Address Count : 0
Static Address Count : 0
Total Mac Addresses : 0
Mac Entries for Vlan 2:
Dynamic Address Count : 89
Static Address Count : 0
Total Mac Addresses : 89
Mac Entries for Vlan 580:
Dynamic Address Count : 600
Static Address Count : 0
Total Mac Addresses : 600
Total Mac Address Space Available: 4810