Introduction to Switches:
Switches are those networking devices that help connecting multiple computers on a physical LAN.These are the key connectors on any physical network. They function in both Layer 2 and Layer 3 of OSI layer. As you can see on the diagram below, a switch has multiple ethernet ports which can be connected to other devices like laptops, servers, printers etc.. through ethernet cables.
There can be one or more switches on a LAN depending on the number of devices that need connectivity. This picture shows how a simple LAN can be formed with a switch.Let’s see what are the various use cases of switches in details.
Types of Switches:
Switches are of two kinds based on their management features.
Unmanaged Switch: Also known as hubs, these does not have a manageable interface and cannot be configured. These are least expensive switches and are usually found in smaller offices or home network.
Managed Switch: Nowadays most of the organizations used managed switches. These switches have a management interface which can be used to configure them either through a command line interface or a GUI. They use specific switch management protocols to perform various functions in the switches. Some of these protocols and their configuration will be discussed in following sections.
Switch Management Features and Protocols:
In a LAN switches have to be configured properly in order to provide uninterrupted connectivity. This becomes more necessary when you have multiple switches on the same physical network. There are some switching protocols that help us achieve a uninterrupted network service. Here are some of these protocols and their roles on a switching network.
First and most important protocol in the switching world is STP aka Spanning Tree Protocol. By definition, STP is a network protocol that ensures a loop-free topology for any bridged ethernet Local Area Network.
Curious case of loopback !!! Now you must be wondering what is a loop-free topology.
Well topology means design or layout of any network. And loop by definition is a structure, end of which is connected to the beginning.
A network loop occurs when the start and end of a network gets connected. As we can see loops can happen either on the same switch if an ethernet cable is connected to two ports of the same switch or if the network path between between multiple switches form a closed ring. When loop back occurs a packet that leaves a switch port comes back to its start point and is never able to leave the network and reach its correct destination.This creates lot of noise, intermittent packet drops and connectivity loss in the network. Loops are most common in LANs and MANs and can happen either due to human error or design error. This can be as disruptive as to bring an entire organization’s network down if not identified and solved quickly.
This is where STP comes as a savior.In an STP enabled switch network when a loopback occurs STP blocks one of the ports participating in that loop, there by creating a pathway for packets to flow properly from source to their desired destination. Thus preventing the rest of the network from connectivity loss. In this process of course the machine connected to that one blocked port will loose connectivity, but it will allow network us to identify the loop and fix it. As you can see in the diagram on the left, in the physical topology there was a loopback formed in the ring. Now once STP was enabled on the switches it blocked one of the ports in switch S4 thereby breaking the loop and making the pathway as in the logical topology.
Note: STP feature is only available in manageable switches not in hubs.So it if you are building a network for your organization always enable STP on your managed switches. Trust me when I say this, the amount of money that you will save by using hubs or unmanaged switch is much much lower than the productivity loss that you will have if there is a loopback.
LACP stands for Link Aggregation Control Protocol another feature present in managed switches. In computer networking, the term link aggregation or LAG applies to various methods of combining (aggregating) multiple network connections in parallel in order to :
- Increase throughput beyond what a single connection could sustain, and
- Provide Redundancy in case one of the links should fail.
LACP helps configuring and managing link aggregation in switches. Noticed the highlighted words above.These are the primary advantages of configuring LAG between two links. In general LAG can be configured between two ports on the same switch, but there are some modern day switches where LAG can be configured between two ports on two different switch.This kind of LAG between multiple switches MLAG.
It is like extended version of LAG. In one of my past projects we used MLAG to aggregate the links from two different service providers.We had two ISP (Internet Service Provider) links:
ISP1 (50 mbps) connected to Switch1 port-X
ISP2(100 mbps) connected to Switch-2 port-y
After configuring MLAG between port-X and port-y we achieved:
- Throughput - from 50 or 100 mbps to 150 mbps.
- Redundancy - if ISP1 was down the link was still up through ISP2. Thus LAG is between two ports or links on the same device or switch and MLAG is between two links on different switches.
Note: LAG is possible only in a LAN or MAN , where the switch ports can be physically connected.
Virtual LAN is a logical LAN that can be configured in the switches on top of the physical LAN.This is a very useful feature in managed switches where we can configure multiple LAN that will logically behave as any other network but will be on top of the same physical layer.
A standard network switch can configure upto 4096 vlans.Though vlans are configured on the same physical switch they are completely isolated form each other.Machines connected to one vlan by default will be unable to talk to machines on other vlans or LANs. In current days organizations run a lot of critical projects or departments. Some time it is necessary to restrict access to machines which are part of such critical project or domain.
Imagine a scenario: An Organization’s Production Data is very critical which they have to protect from any unauthorized person.Now there can be visitors or others connecting to the LAN who may get access to that data.How do we handle such situations. In such situations we create VLANs for each kind of network access, say a VLAN1 for Finance Network, VLAN2 as default network for employees, VLAN3 as guest network for visitors.By default these vlans will be isolated from each other there by restricted devices to talk to each other across vlans.
Thus VLANs have two major advantages:
- Cost Effective: Ability to create 100s of LANs virtually at the cost of one physical LAN.
- Network Isolation: Protecting critical computers on the network from unauthorized entry.
Though VLANs can provide network isolation, it is possible to make a switch port part of two different vlans.As in the above scenario an organization’s employees would need access to default network as well as the production network while visitors would need access to only guest network.In such cases some ports within the office will be marked in trunk mode in both VLAN1and VLAN2 for the employees.
In modern days Layer 3 switches have technologies like 802.1x to identify who you are in order to put you on the appropriate network. Have a look at my Indentity Management Presentation which will give you a brief ideas on this topic.
I will talk more about this topic in my next edition of tutorials.
Hope you enjoyed the switching world and these will help you in your daily life.
Disclaimer: This exercise is just a POC that was done by me to demonstrate VLANs and MLAG between two Extreme Networks x460 switches.The commands might vary in other switches. The practical implementation might be different depending on the topology.
Please do not try this on your default Office network.
1. Create the Inter-Switch Connection (ISC):
enable sharing 3 group 3,4 create vlan isc config vlan isc tag 3000 config vlan isc add port 3 tag config vlan isc ipaddress 192.168.150.1/24
enable sharing 3 group 3,4 create vlan isc config vlan isc tag 3000 config vlan isc add port 3 tag config vlan isc ipaddress 192.168.150.2/24
2. Create the MLAG peer and associate the peer switch’s IP address:
create mlag peer “peersw2” config mlag peer “peersw2” ipaddress 192.168.150.2
create mlag peer “peersw1” config mlag peer “peersw2” ipaddress 192.168.150.1
3. Create the MLAG port groups
enable mlag port 1 peer "peersw2" id 1
enable mlag port 2 peer "peersw1" id 1
4. Verify MLAG peers and ports are operational
show mlag peer show mlag ports on both sw1 and sw2
5. Add ISC port to VLAN
create vlan POC
configure vlan “POC” add port 1, 3 tagged
configure vlan “POC” add port 2, 3 tagged
configure vlan "POC" add ports 1, 2 tagged enable sharing 1 group 1, 2