10. Building Up the MAC Forward/Filter Table 1/2 1/1 1/3 1/4 Host A 0000.8c01.000A Host B 0000.8c01.000B Host C 0000.8c01.000C Host D 0000.8c01.000D Step 1: Host A sends a frame to Host B. Step 2: The switch receives the frame on 1/1 and places source in MAC table. Step 3: The destination is not in the MAC table so the switch forwards the frame to all ports except the source. Step 4: Host B responds to Host A. The switch adds the source address of Host B to the MAC table. Step 5: Host A and Host B can now send unicast frames bidirectionally. Step 6: Similarly, Host C and Host D will send frames and populate the MAC table. Step 2 Step 4 0000.8c01.000A 0000.8c01.000B 0000.8c01.000C 0000.8c01.000D Step 6 1/1 1/2 1/3 1/4
15. Database Instability Segment 1 Segment 2 Host A Unicast Unicast Port 0 Port 1 Port 0 Port 1 Host B MAC Address DB Host A Port 0 MAC Address DB Host A Port 0 Host A Port 0 Host A Port 1 Switch 1 Switch 2
19. STP Port States and Activities STP port state Part of active topology Learning of MAC addresses Disabled No No Blocking Listening Learning No Yes Forwarding Yes Yes
20.
21. STP in Action: State 2 B A C D Host A Host B Boot Up Boot Up Boot Up Boot Up State 2 — Blocking BPDU BPDU BPDU BPDU BPDU BPDU BPDU BPDU Root Bridge/Switch Root Bridge/Switch Root Bridge/Switch Root Bridge/Switch
22. STP in Action: State 2 — Root Bridge/Switch Election Host A Host B State 2 — Blocking Root Bridge/Switch Root Bridge/Switch Root Bridge/Switch Root Bridge/Switch Priority - 32 MAC - 00-80-21-00-00-10 Priority - 16 MAC - 00-80-21-00-00-30 Priority - 48 MAC - 00-80-21-00-00-20 Priority - 16 MAC - 00-80-21-00-00-40 B A C D
23. STP in Action: State 2 — Root Bridge/Switch Election Host A Host B Root Bridge/Switch Leaf Bridge/Switch Leaf Bridge/Switch Leaf Bridge/Switch Priority - 32 MAC - 00-80-21-00-00-10 Priority - 16 MAC - 00-80-21-00-00-30 Priority - 48 MAC - 00-80-21-00-00-20 Priority - 16 MAC - 00-80-21-00-00-40 BPDU BPDU BPDU BPDU BPDU BPDU BPDU BPDU B A C D
24.
25. STP in Action: State 2 — Path Calculation Host A Host B Root Leaf Leaf Leaf BPDU BPDU BPDU BPDU BPDU BPDU BPDU BPDU B A C D Path Cost 2 Path Cost 10 Path Cost 10 Path Cost 10
26. STP in Action: State 2 — Calculating Forwarding Paths Host A Host B Root Leaf Leaf Leaf Root Port Designated Port Designated Port Designated Ports Root Port Root Port B A C D Path Cost 2 Path Cost 10 Path Cost 10 Path Cost 10
27. STP in Action: State 3 — Listening State Forwarded Traffic BPDUs NM Messages Bridge/Switch
28. STP in Action: State 4 — Learning State Forwarded Traffic BPDUs NM Messages Bridge/Switch
29. STP in Action: State 5 — Final Forwarding Paths Host A Host B Root Leaf Leaf Leaf B A C D Path Cost 2 Path Cost 10 Path Cost 10 Path Cost 10
30. STP in Action — Topology Change (Deleting a Link) Host A Host B Root Leaf Leaf Leaf A B C D Wait 20 seconds (Max age time) BPDU BPDU Designated Ports Root Port Listen (15 seconds) Learn (15 seconds) Path Cost 2 Path Cost 10 Path Cost 10 Path Cost 10
31. STP in Action — Topology Change (Path Cost Change) Host A Host B Root Leaf Leaf Leaf Path Cost 2 Path Cost Path Cost Change 1 — TCN BPDU sent to Root 2 — Reply w/TCA BPDU set 3 — Topology changed 10 BPDU BPDU TBPDU TBPDU BPDU BPDU BPDU TBPDU TBPDU TBPDU TBPDU Listen (15 seconds) Learn (15 seconds) B A D C Path Cost 10 Path Cost 10
32. STP in Action — Topology Change (Adding a Switch) Host A Host B Root Leaf Leaf Leaf Priority - 16 MAC - 00-80-21-00-00-30 Priority - 16 MAC - 00-80-21-00-00-10 BPDU BPDU BPDU B D C E A New Root BPDU BPDU BPDU BPDU Designated Ports Root Port Leaf New switch E added All ports in listening state New BPDUs sent New root switch elected Final topology Path Cost 2 Path Cost 10 Path Cost 10 Path Cost 10 Path Cost 10 Path Cost 10
33.
34. BPDU Packet Details Configurable on each bridge Configurable on root bridge Protocol ID Always set to 0 Version Always set to 0 Message type Determines which of two BPDU types; configuration or TCN Flags Handle changes in the active topology Root ID Contains the bridge ID of root bridge (after convergence, all BPDUs should contain the same value) Root path cost Cumulative path cost of all links to the root bridge Bridge ID Identifies the bridge that is transmitting the current configuration message Port ID Contains a unique value for each port Message age Time stamp since the root bridge created this BPDU Maximum age Maximum amount of time this BPDU is saved Hello time Time between configuration BPDUs Forwarding delay Time spent in the listening and learning states
38. STP vs. RSTP — Port States STP port state RSTP port state Part of active topology Learning of MAC addresses Disabled Discard No No Blocking Listening Learning Learning No Yes Forwarding Forwarding Yes Yes
39.
40. Alternate Port Root Root Port Root Port Designated Port Designated Port Designated Port Alternate Port BPDU
41. Backup Port Root Root Port Root Port Designated Port Designated Port Designated Port Alternate Port Backup Port BPDU
42.
43. STP vs. RSTP — BPDUs STP RSTP BPDU handling Non-root bridge only transmits BPDUs when it receives one on the root port Bridge sends BPDU at hello time intervals Aging BPDU is aged after the max-age timer expires (and no BPDU is received on the port) BPDUs are used like keepalive messages (after 3 BPDUs in a row are missed it ages it out) Accepting inferior BPDUs — Inferior BPDU is accepted and previously stored information is replaced Transition to forwarding state Based on timers (Forward Delay and Max-Age) Uses a feedback mechanism (no timers involved)
44. STP vs. RSTP — Topology STP RSTP Topology change notification Sends TCN BPDUs toward root Sends BPDUs (with TC bit set) on all designated and root ports Topology ACKs Replies with BPDU with TCA bit set No acknowledgement (clears MAC addresses on all ports) Topology change First sent to root bridge/switch, then relayed from root all the way to the leaf bridge/switch 1-step process (topology change flooded quickly across the network)
47. Why VLANs? T here are two main reasons for the development of VLANs: T he amount of broadcast traffic and increased security. Broadcast traffic increased in direct proportion to the number of stations in the LAN. The goal of the VLAN is the isolation of groups of users so that one group is not interrupted by the broadcast traffic of another. VLANs also have the benefit of added security by separating the network into distinct logical networks. Traffic in one VLAN is separated from another VLAN as if they were physically separate networks. If traffic is to pass from one VLAN to another , it must be routed.
48. How Do VLANs Work? VLAN 101 VLAN 102 VLAN 103 Ethernet switch Internal switch VLAN 101 Internal switch VLAN 102 Internal switch VLAN 103 Port 1 Port 2 Port 3 Port 5 Port 6 Port 7
49. VLAN Exercise VLAN 101 Host 1 sends out a broadcast. Which hosts will receive the broadcast? Switch 1 VLAN 102 VLAN 102 VLAN 101 Host 1 Host 2 Host 3 Host 4 BPDU BPDU
51. VLANs over Multiple Switches Switch 1 Switch 2 MAC FDB VLAN 101 MAC FDB VLAN 102 MAC FDB VLAN 103 MAC FDB VLAN 101 MAC FDB VLAN 102 MAC FDB VLAN 103 VLAN 101 VLAN 102 VLAN 103 Separate Physical Interfaces
52. VLAN Trunking Switch 1 Switch 2 VLAN 101 VLAN 102 VLAN 103 MAC FDB VLAN 101 MAC FDB VLAN 102 MAC FDB VLAN 103 MAC FDB VLAN 101 MAC FDB VLAN 102 MAC FDB VLAN 103
53. VLAN Tagging SFD Pre- amble DA SA Length /Type P a y l o a d (46 to 1500 bytes) FCS 802.1q tag type (value 81 00) Tag control information 2 bytes 2 bytes CFI (Canonical format: bit ordering can be different) Length of the MAC frame + 4 bytes VLAN tag 802.1q Ethernet Frame User_priority VLAN_ID 3 bits 1 bit 12 bits
57. Standard STP Switch A Switch C Switch B R D A VLAN 1-500 VLAN 501-1000 Root Leaf Leaf D R D Port States D - Designated R - Root A - Alternate
58. MSTP Port States Switch A Switch C Switch B R D A VLAN 1-500 VLAN 501-1000 D R D D R D D A R D - Designated R - Root A - Alternate
59.
60.
61. Spanning Tree Groups and VLANs STG-1 STG-1 STG-1 STG-1 SW1 SW2 SW3 SW4 Root VLAN-3 VLAN-3 VLAN-3 VLAN-4 VLAN-4 VLAN-4 VLAN-4 Trunk Link Failure Port Blocked
62. Spanning Tree Groups and VLANs STG-1 STG-1 STG-1 STG-1 SW1 SW2 SW3 SW4 Root VLAN-3 VLAN-3 VLAN-3 VLAN-4 VLAN-4 VLAN-4 VLAN-4 Trunk Link Failure Create VLAN-3 Without Access Ports
63. Why have multiple STG STG-1 STG-1 STG-1 STG-1 SW1 SW2 SW3 SW4 Root Gigabit Link Gigabit Link Gigabit Link Gigabit Link With a single STG configured a Gig port is not utilised as it is in a blocking state VLAN-3 VLAN-3 VLAN-3 VLAN-3 VLAN-4 VLAN-4 VLAN-4 VLAN-4
64. VLAN-3 Why have multiple STG STG-1 STG-1 STG-1 STG-1 Gigabit Link Gigabit Link Gigabit Link Gigabit Link With VLAN-3 in STG1 and VLAN-4 in STG-2 all links in the network are now being utilised STG- 2 STG- 2 STG- 2 STG- 2 blocking In STG-2 blocking in STG-1 VLAN-3 VLAN-3 VLAN-3 VLAN-4 VLAN-4 VLAN-4 VLAN-4
Half-duplex transmission is the traditional means of transporting Ethernet frames. Because data is transmitted in one direction at a time over a shared medium, such as a hub, collisions are possible. The CSMA/CD algorithm is used to handle collisions. A hub uses shared media and supports half-duplex only. 10Base-T, which works on half-duplex, is efficient 30 to 40% of the time because of collisions and as such the effective throughput is only 3 to 4 Mb. Full-duplex transmission has data forwarding in both directions simultaneously. Full-duplex implementations also require a point-to-point connection between each send and receiver port. Therefore a switch with 8 ports would have each of the 8 ports connected to the rest of the ports via a dedicated set of wires. This ensures that there is no shared medium and collision is not possible. Because data can be transmitted bidirectionally, the effective rate of a 10-Mb full-duplex transmission is 20 Mb (i.e., 10 Mb each way). Hence full-duplex transmissions are more efficient than half-duplex. Switches and routers usually support full-duplex transmissions. When devices such as switches and hubs are interconnected, care must be taken to ensure that the proper transmission parameters are set on the ports. For switch-to-hub connections, the switch port must be set to half-duplex because the hub only supports half-duplex. For switch-to- switch, switch-to-host, or switch-to-router connections, full-duplex can be used.
The CSMA/CD access rules are summarized by the protocol’s acronym . Carrier Sense means that a host that wants to transmit data will first monitor the link, and if it does not sense the transmission signal of another host , it will transmit its data. If the waiting host senses another host transmission signal, the waiting host will continue to wait until the link goes silent. Multiple Access means many hosts share the same medium. Collision Detection means that hosts monitor the medium while transmitting to detect another host that is transmitting while they are transmitting. This means that only one host can transmit at once, as shown in the figure above. In this scenario: All the hosts are listening to the line. Host A decides to transmit because there is no message transmitted by any other host (idle line). Hosts B, C, and D listen to host A transmitting and will not transmit data until host A has transmitted the data. Host A’s message is transmitted on all hub ports. The procedure above reduces the chance of collisions but does not prevent them. Both hosts A and B could decide to transmit at once because no other hosts are transmitting a message on the line (idle line).
When host A and host B transmit frames at the same time, they will both detect collision or corruption of the data. Both host A and host B will generate a jam signal, which will be received by other hosts so that they discard the data that was just corrupted by a collision. A random back-off timer is then started on the transmitting hosts. Afterward, either host A or host B will initiate a transmission after they detect no other transmission on the line.
Full-duplex operation is an optional MAC layer capability that allows simultaneous two-way transmission over point - to - point links. Full-duplex transmission involves no media contention, no collisions, and no need to schedule retransmissions. There are exactly two hosts connected on a full-duplex point - to - point link. The link bandwidth is effectively doubled because each link can now support full-rate, simultaneous, two - way transmission.
Auto-negotiation is a mechanism that takes control of the cable when a connection to a network device is established. Auto-negotiation detects the various modes that exist in the device on the other end of the wire (the link partner) and advertises its own abilities to automatically configure the highest performance mode of interoperation. Auto-negotiation was first defined in 1995 as an optional feature for 10 and 100 Mb/s twisted-pair Ethernet, clause 28 of 802.3u. 1000Base-T requires auto-negotiation to establish signal timing control to make the link operational. Basically, an auto-negotiation device advertises its abilities and detects the abilities of the remote device that it is connected to, known as the link partner. After auto-negotiation has received the link partner's abilities in a robust manner and it receives acknowledgment that its abilities have also been received by the link partner, auto-negotiation compares the two sets of abilities and decides which technology to connect. This decision is based upon a previously agreed priority of technologies. Auto-negotiation attaches the highest-performance common technology to the medium and becomes transparent until the link goes down or is reset.
A collision domain is a group of Ethernet or fast Ethernet devices in a CSMA/CD LAN that are connected by repeaters and that compete for access in the network. Only one device in the collision domain may transmit at any one time, and the other devices in the domain listen to the network to avoid data collisions. A collision domain is sometimes referred to as an Ethernet segment. A broadcast domain is a restricted area in which information can be transmitted for all devices in the domain to receive. More specifically, Ethernet LANs are broadcast domains. Any devices attached to the LAN can transmit frames to any other device because the medium is a shared transmission system. Frames are normally addressed to a specific destination device in the network. While all devices detect the frame transmission in the network, only the device to which the frame is addressed actually receives it. A special broadcast address consisting of all 1s is used to send frames to all devices in the network.
Ethernet switches use the MAC address of the host. The switch dynamically learns which host MAC addresses are associated with an interface and enters the address information into a MAC FDB. When the switch receives an Ethernet frame, it looks at the destination MAC address of the frame, compares it to the entries in its MAC FDB, and then transmits the frame out of the appropriate interface. If no entry is found, the switch floods the frame out of all its interfaces.
In a network with built-in redundancy and no STP, the likelihood of receiving multiple copies of a frame is high. Most protocols cannot recognize duplicate transmissions. The protocols that do use a numbered sequencing to track transmitted packets will think that the numbers have reset or are recycled.
Redundant networks without STP can also cause database instability. In the figure above, Switch 1 and Switch 2 will map the MAC address of Host A to Port 0. Later, when the copy of the frame arrives at Port 1 of Switch 2, Switch 2 must remove its original entry for Host A and replace it with the new entry for Host A, mapping it to Port 1. This activity causes an unstable database as Switch 2 tries to keep up with the actual location of Host A.
Networks that are designed with redundancy and no STP are vulnerable to the transmission of broadcast frames because the switch receives multiple copies of a frame. Because the switch receives multiple frames, it floods broadcast frames out of all ports with the exception of the port the frame was received on. In a redundant network, this broadcast frame would perpetuate itself until the switch resets because it gets overwhelmed with activity.
Each port on a switch that uses STP exists in one of the following five states . Blocking — A port in the blocking state does not participate in any frame forwarding. A switch always enters the blocking state following switch initialization. Listening — This is the state that a port enters into after the blocking state when the STP has decided that this port should participate in frame forwarding. Learning — A port enters into the learning state after the listening state. This is to prepare the forwarding tables for frame forwarding. Forwarding — A port in the forwarding state forwards frames. Disabled — A port in the disabled state is non-operational.
A port in the blocking state performs as follows: Discards frames received from the attached segment. Discards frames switched from another port for forwarding. Does not incorporate station location into its address database. (There is no learning at this point, so there is no address database update.) Receives BPDUs and directs them to the system module. Does not transmit BPDUs received from the system module.
In this example, the two bridges/switches with the same priority will use their MAC addresses to decide which will be root. In this case, it is the topmost bridge/switch that has the lower MAC address and is therefore the root.
To summarize, three values are used in the STP port calculations : Port priority (has a default value but is configurable) Per interface cost (dependent on bandwidth but is configurable) Port MAC address Root port — Shortest path toward the root on a leaf, facing the root Designated port — Sends and receives frames on that segment Blocked port — Does not forward any frames
In the blocking state, after STP has determined that the port will participate in frame forwarding, it puts the port into the listening state. While in the listening state, the port can perform the following functions: Discard any frames it receives from an attached Ethernet segment Discard any frames another port on the bridge/switch passes to it to forward Does not update the FDB when it receives updated BIDs Receives and processes BPDUs both from the link and from the bridge/switch Receives and processes network management traffic
Learning is the state that a port enters just before getting ready to participate in frame forwarding. The primary function is to incorporate MAC addresses in the FDB. In the learning state, the port does the following: Discards frames received from an attached segment Discards frames received from another port for forwarding Updates its FDB with new address information Receives and processes BPDUs both from the link and from the bridge/switch Receives and processes network management traffic
A port in the forwarding state forwards frames. It enters this state from the learning state. While in the forwarding state, the port can perform the following functions: Forward any frames that it receives from an attached Ethernet segment Forward any frames that another port in the bridge/switch passes to it to forward Updates the FDB when it receives updated BIDs Receives and processes BPDUs both from the link and from the bridge/switch Receives and processes network management traffic
Given the topology above, the following actions occur when the link between switches A and C breaks. BPDUs are sent by the root bridge every 2 seconds. When the link between A and C breaks, the root port on C will wait for the maximum age time (20 seconds) before deciding that the path between C and A is no longer operational. During the maximum age time, the BPDUs received at C’s blocked port from D are discarded because C considers these BPDUs to be inferior. After the maximum age time, C realizes that it does have a path to the root bridge via its port through D. Switch C ages out all its protocol information and decides to declare the port to D as the root port. Switch C then cycles the root port through the listening and learning states (15 seconds each) before forwarding traffic out of that port. At the same time, D transitions its blocked port to C into a designated port. Data is now forwarded. The total time required for convergence is: Max Age Time + Listening + Learning = 20 + 15 + 15 = 50 seconds
In the figure above, the path between switches C and D is now the better path because the port costs between C and D are changed from 10 to 2. The following actions occur: The changes in port costs result in C and D sending BPDUs that advertise the new cost to root switch A. Switch B does not act on the BPDU sent via C. Root switch A relays this information by sending BPDUs (with topology change notification bit set to On) back to B, C, and D. All ports on A, B, C, and D are placed in the listening state, followed by the learning state (15 seconds each). The ports between C and D change to the forwarding state and the ports between B and C are now blocked.
What happens when a new switch is added to the existing topology? In the figure above, a new switch E is added to the top right of the existing topology. This switch has a lower MAC address than the current root. The following actions occur: As soon as switch E starts, it sets its ports to the blocking state. Thinking that it is the root, it then advertises BPDUs to neighboring switches A and D. Switch A also sends BPDUs to E because A is still the root in the original topology. Because E has a lower MAC address than A and its root bridge priority is the same as that of A, E becomes the new root and starts advertising BPDUs to all other switches in the topology. All other switches in the topology set their ports to the listening state, in which no data traffic is forwarded. After all BPDUs have converged and the roots and designated ports have been assigned, the switches transition their ports from the listening state to the learning state. Note: In the figure above, the link between switch A and D no longer exists once switch E is added.
STP performance is directly related to the root bridge/switch timer settings, which are outlined above in the final three fields of the BPDU: Maximum age, hello time, and forwarding delay. Maximum age — Defines the maximum amount of time that any received STP information is kept. When this timer is exhausted, the STP information is discarded. (typically 20 seconds) Hello time — Determines the frequency of transmitted hello messages to other bridges or switches (typically 2 seconds) Forwarding delay — Defines the amount of time the port stays in the learning and listening states (typically 15 seconds) The setting of all these values affects how quickly the network converges to a stable, frame-forwarding topology.
Steps to add Switch D to the existing Topology Ports on switch D are automatically set to blocked BPDUs are sent on each of the two ports and received from switches B and C simultaneously BPDUs send via Switch B and C to the root Root switch (Switch A) will send BPDU with Topology bit set to all ports All switches set their ports to the blocked state upon receiving the BPDU from the root All Switch ports transition through the listening and the learning state while the new Topology is being calculated Port between C and D is now blocked
The major advantage of RSTP over STP is rapid convergence: the network takes less than 5 seconds to converge to a forwarding topology. STP can take up to a minute for a similar-sized network. RSTP was the natural evolution of STP. As the demands on the network became more critical, the existing STP convergence time was no longer adequate. The terminology used with RSTP remains basically unchanged.
In STP, the port states were confusing because STP mixed the state of the port (blocking or forwarding traffic) with the role it played in the topology (root port, designated port, or neither). For example, ports in the blocking state and listening state are operationally similar: they both discard frames and do not learn MAC addresses. In addition, when a port is in the forwarding state, there is no way to infer that it is a root or designated port.
The major difference between STP and RSTP is that the port roles are configurable in RSTP, while in STP they were determined by the algorithm. This adds more time for the network topology to converge in STP when there is a change in the topology due to failure or redesign. In STP, the port roles were either forwarding or blocking. RSTP is granular when approaching the roles of the ports. The switch is now able to define which forwarding port is a root port or a designated port. The switch can also elect backup and alternate ports for faster recovery from a failure.
The alternate and backup ports are blocking ports; however, they have been selected to be the ports that are turned on in the event of a failure. The alternate port resides on a different switch than the designated port.
The alternate and backup ports are blocking ports; however, they have been selected to be the ports that are turned on in the event of a failure. The backup port resides on the same switch as the designated port.
In the slide above, only the shaded fields have been changed to support RTSP. As shown, the major change is with the Flags field. In STP, only bits 0 and 7 were identified. RTSP now makes full use of the entire octet. The message type is now 2, and the version is 2 (this allows 802.1w bridges to detect legacy 802.1d bridges).
BPDU handling — STP only generates a BPDU when it receives one on its root port. This is time-consuming as it renders bridges more as BPDU relayers than generators. This change in RSTP greatly improves BPDU handling efficiency. Aging — In RSTP, due to the way BPDUs are now handled, they can serve as keepalive timers from bridge/switch to bridge/switch. If 3 BPDUs are missed in a row, the bridge/switch considers either the direct neighbor or the designated bridge/switch as unreachable. This results in much faster failure detection. In STP, this would not be possible, and if the max age expires, the neighbor cannot be assumed to be down. It would only indicate that somewhere along the path from the port with the max age expired to the root bridge/switch, there is a failure. Accepting inferior BPDUs — This concept is new to RSTP and does not exist in STP. Inferior BPDUs are control information received on a switch that is older than the control information stored on the switch. Accepting inferior information from the designated or root bridge/switch means that the network can recover far more quickly from topology failures. Transition to forwarding state — This RSTP feature is the key factor in the improvement of topology convergence. This topic is covered in more detail on the next slide.
In the figure above, VLANs subdivide the Ethernet switch into multiple switches. Note that there are no logical interconnections between these internal switches. Therefore, the broadcast traffic that is generated by a host in a VLAN stays within that VLAN, making the VLAN its own broadcast domain. Because broadcast traffic for a particular VLAN remains within that VLAN’s borders, inter-VLAN or broadcast domain communication must occur through a layer 3 device such as a router. Hosts are not VLAN - aware, and therefore no 802.1q configuration is required on the hosts. The VLAN configuration is done within the switch and ports are assigned on a VLAN - by - VLAN basis .
In the figure above, Host 1 sends out a broadcast. Because Host 4 is the only other member of the VLAN , it is the only host to receive the broadcast. The FDB entries behave much the same way in the VLAN model as they do in the switch model: they are updated based on the source address. In the figure above, the source address of the broadcast frame is only learned by VLAN 101. VLAN 102 will not know the source address of Host 1 after Host 1 transmits its broadcast packet. Therefore, in a VLAN environment, a separate FDB is kept for each VLAN. In the example above, this means that VLAN 101 will never learn about Host 3 or Host 2 unless it is manually configured or interconnected at layer 3.
The standard that governs VLAN identification between switches (also known as tagging) is 802.1q. This standard stipulates that a 4-octet header/tag be inserted in the Ethernet frame between the source address and the type/length fields. Tags are the key component that allows 802.1q to function, and they are the method with which Ethernet frames can be associated with a VLAN segment.
The sharing of VLANs between switches is achieved by the insertion of a header with a 12-bit VID, which allows for 4094 possible VLAN destinations for each Ethernet frame. A VID must be assigned for each VLAN. Assigning the same VID to VLANs on different connected switches can extend the VLAN (broadcast domain) across a network. The 802.1q standard works by inserting a 32-bit VLAN header into the Ethernet frame of all network traffic of the VLAN. The VID uses 12 bits of the 32-bit VLAN header. The switch then uses the VID to determine which FDB it will use to find the destination. After a frame reaches the destination switch port, the VLAN header is removed.
VLAN trunking provides efficient inter-switch forwarding of VLAN frames. In the previous example, each VLAN required its own inter-switch connections to forward frames from one switch to another. VLAN trunking allows a single Ethernet port to carry frames from multiple VLANs. This allows the use of a single high-bandwidth port, such as a gigabit Ethernet port, to carry the VLAN traffic between switches instead of multiple fast Ethernet ports. VLANs are separated within the trunk based on their VLAN IDs (Q tags). The FDB at the destination switch designates the destination VLAN for the traffic on the VLAN trunk.
The VLAN header can be broken down into two parts: the VLAN tag type and the tag control information. The tag type is a fixed value that is an indicator of a VLAN tag. It indicates that the Length/Type field can be found a further 4 bytes into the frame. Because the frame is a Q-tag frame and is longer, it needs to indicate that the Length/Type field is offset from the traditional location by 4 bytes. The tag control information has three parts: Priority value — A 3-bit value that specifies a frames priority. CFI — A single bit. A setting of 0 means that the MAC address information is in its simplest form. Currently no other value is supported. VID — A 12-bit value that identifies the VLAN that the frame belongs to. If the VID is 0, the tag header contains only priority information.
In a common spanning tree, all VLANs are mapped to the same spanning tree instance. This leads to under-utilized links and possible communication interruptions.
With MSTP, each VLAN or range of VLANs is mapped to a separate instance of STP. This allows for better utilization of the network. As shown in the figure above, MSTP permits multiple root switches in a network. In one instance of the spanning tree a port may be blocking, but another instance may use that port for forwarding.
I the above example: Configuring SW2 as the Root Bridge the network will blocking either the link between SW1 and SW3 or SW4 and SW3, and full reachability of all switches and VLAN’s is achieved. A problem would occur if the trunk link between switches 2 and 4 fails. Switch three does not have VLAN 3 created and does not switch VLAN 3 frames between the trunk links. As a result VLAN 3 on switch 4 becomes isolated from VLAN 3 nodes on switches 1 and 2. Solution: Create ALL VLAN’s on all switches, then, if for a particular VLAN no Access Ports are required on a switch, associate only the trunk links with that VLAN