OSI Layer 2
Physically connects end systems / nodes in a network. allows them to
connect to each other.
Based on MAC address; unconcerned with and oblivious of IP address.
Separates collision domains. micro-segmentation per port.
Full-duplex links: switch port (interface) can be TX or RX at same time as node's NIC can be RX or TX (TX-RX or RX-TX).
enables virtual point-to-point connections in LAN: each node/host/end system can be communicating with another
simultaneously.
Forwards incoming frame to node if switch knows which of its ports is the one connected to that node.
learns what MAC(s) at other end of link by reading incoming frame's SRC MAC.
Stores this port--MAC address pair in its MAC address table (Cisco: CAM table)
LAN/Ethernet Switch works based on MAC addresses.
Builds up a MAC address and port table.
Floods if node's port not learned yet or is a broadcast frame (DEST MAC is FF-FF-FF-FF-FF-FF).
Port mirroring: copy frames out a particular (SPAN) port to a monitoring system, eg. IDS, IPS
ASIC chips make up the switch fabric / switching capacity: Gbps to Tbps.
VLAN: virtual LAN defined by set of ports on [one or more trunked] switch[es].
Vlan == broadcast domain == subnet == IP network
Trunk link between switches tags frames with 802.1Q 4B Vlan# header, 12 bits of which is VLAN ID.
End systems are oblivious of Vlan; they only know what IP network (subnet) they are in.
(Fast) Uplink ports on switch for connecting to other switches (or servers).
STP 802.1D: spanning tree protocol avoids switch loops in network with redundant links.
A LAN with multiple switches (for efficiency and redundancy) can have multiple paths
in the LAN to destination node; a loop might keep a frame cycling forever, so STP eliminates all loops.
802.1w Rapid STP: quicker convergence
Port security. allow only specified MAC to use port.
#in interface config mode: switchport mode access switchport port-security switchport port-security mac-address ABCD.1234.9876 show port-security interface INTERFACE
Wiring closet rack
