Page 26 / 160 Scroll up to view Page 21 - 25
DGS-3224TGR Gigabit Ethernet Switch User’s Guide
14
Authentication
The authentication protocol ensures that both the router SNMP agent and the remote user SNMP application program
discard packets from unauthorized users. Authentication is accomplished using ‘community strings’, which function like
passwords. The remote user SNMP application and the router SNMP must use the same community string.
Packet Forwarding
The switch enters the relationship between destination MAC or IP addresses and the Ethernet port or gateway router the
destination resides on into its forwarding table. This information is then used to forward packets. This reduces the traffic
congestion on the network, because packets, instead of being transmitted to all ports, are transmitted to the destination port
only. Example: if Port 1 receives a packet destined for a station on Port 2, the switch transmits that packet through Port 2
only, and transmits nothing through the other ports. This process is referred to as ‘learning’ the network topology.
MAC Address Aging Time
The Aging Time affects the learning process of the Switch. Dynamic forwarding table entries, which are made up of the
source and destination MAC addresses and their associated port numbers, are deleted from the table if they are not accessed
within the aging time.
The aging time can be from 10 to 1,000,000 seconds with a default value of 300 seconds. A very long aging time can result
in dynamic forwarding table entries that are out-of-date or no longer exist. This may cause incorrect packet forwarding
decisions by the Switch.
If the Aging Time is too short however, many entries may be aged out too soon. This will result in a high percentage of
received packets whose source addresses cannot be found in the forwarding table, in which case the switch will broadcast
the packet to all ports, negating many of the benefits of having a switch.
Static forwarding entries are not affected by the aging time.
Filtering
The switch uses a filtering database to segment the network and control communication between segments. It can also filter
packets off the network for intrusion control. Static filtering entries can be made by MAC Address filtering.
Each port on the switch is a unique collision domain and the switch filters (discards) packets whose destination lies on the
same port as where it originated. This keeps local packets from disrupting communications on other parts of the network.
For intrusion control, whenever a switch encounters a packet originating from or destined to a MAC address entered into
the filter table, the switch will discard the packet.
Some filtering is done automatically by the switch:
Dynamic filtering – automatic learning and aging of MAC addresses and their location on the network. Filtering
occurs to keep local traffic confined to its segment.
Filtering done by the Spanning Tree Protocol that can filter packets based on topology, making sure that signal
loops don’t occur.
Filtering done for VLAN integrity. Packets from a member of a VLAN (VLAN 2, for example) destined for a
device on another VLAN (VLAN 3) will be filtered.
Page 27 / 160
DGS-3224TGR Gigabit Ethernet Switch User’s Guide
15
Spanning Tree
802.1w Rapid Spanning Tree
The DGS-3224TGR implements two versions of the Spanning Tree Protocol, the Rapid Spanning Tree Protocol (RSTP) as
defined by the IEE 802.1w specification and a version compatible with the IEEE 802.1d STP. RSTP can operate with
legacy equipment implementing IEEE 802.1d, however the advantages of using RSTP will be lost.
The IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) evolved from the 802.1d STP standard. RSTP was developed in
order to overcome some limitations of STP that impede the function of some recent switching innovations, in particular,
certain Layer 3 function that are increasingly handled by Ethernet switches. The basic function and much of the
terminology is the same as STP. Most of the settings configured for STP are also used for RSTP. This section introduces
some new Spanning Tree concepts and illustrates the main differences between the two protocols.
Port Transition States
An essential difference between the two protocols is in the way ports transition to a forwarding state and the in the way this
transition relates to the role of the port (forwarding or not forwarding) in the topology. RSTP combines the transition states
disabled, blocking and listening used in 802.1d and creates a single state
Discarding
. In either case, ports do not forward
packets; in the STP port transition states disabled, blocking or listening or in the RSTP port state discarding there is no
functional difference, the port is not active in the network topology. The table below compares how the two protocols differ
regarding the port state transition.
Both protocols calculate a stable topology in the same way. Every segment will have a single path to the root bridge. All
bridges listen for BPDU packets. However, BPDU packets are sent more frequently – with every Hello packet. BPDU
packets are sent even if a BPDU packet was not received. Therefore, each link between bridges is sensitive to the status of
the link. Ultimately this difference results faster detection of failed links, and thus faster topology adjustment. A drawback
of 802.1d is this absence of immediate feedback from adjacent bridges.
STP/RSTP Comparison
802.1d STP
802.1w RSTP
Forwarding?
Learning?
Disabled
Discarding
No
No
Blocking
Discarding
No
No
Listening
Discarding
No
No
Learning
Learning
No
Yes
Forwarding
Forwarding
Yes
Yes
Comparing Port States
RSTP is capable of more rapid transition to a forwarding state – it no longer relies on timer configurations – RSTP
compliant bridges are sensitive to feedback from other RSTP compliant bridge links. Ports do not need to wait for the
topology to stabilize before transitioning to a forwarding state.
In order to allow this rapid transition, the protocol
introduces two new variables: the edge port and the point-to-point (P2P) port.
Edge Port
The edge port is a configurable designation used for a port that is directly connected to a segment where a loop cannot be
created. An example would be a port connected directly to a single workstation. Ports that are designated as edge ports
transition to a forwarding state immediately without going through the listening and learning states. An edge port loses its
status if it receives a BPDU packet, immediately becoming a normal spanning tree port.
P2P Port
A P2P port is also capable of rapid transition. P2P ports may be used to connect to other bridges. Under RSTP, all ports
operating in full-duplex mode are considered to be P2P ports, unless manually overridden through configuration.
Page 28 / 160
DGS-3224TGR Gigabit Ethernet Switch User’s Guide
16
802.1d/802.1w Compatibility
RSTP can interoperate with legacy equipment and is capable of automatically adjusting BPDU packets to 802.1d format
when necessary. However, any segment using 802.1 STP will not benefit from the rapid transition and rapid topology
change detection of RSTP. The protocol also provides for a variable used for migration in the event that legacy equipment
on a segment is updated to use RSTP.
The Spanning Tree Protocol (STP) operates on two levels: on the switch level, the settings are globally implemented. On
the port level, the settings are implemented on a user-defined Group of ports basis.
VLANs
A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the
physical layout. VLANs can be used to combine any collection of LAN segments into an autonomous user group that
appears as a single LAN. VLANs also logically segment the network into different broadcast domains so that packets are
forwarded only between ports within the VLAN. Typically, a VLAN corresponds to a particular subnet, although not
necessarily.
VLANs can enhance performance by conserving bandwidth, and improve security by limiting traffic to specific domains.
A VLAN is a collection of end nodes grouped by logic instead of physical location. End nodes that frequently communicate
with each other are assigned to the same VLAN, regardless of where they are physically on the network. Logically, a
VLAN can be equated to a broadcast domain, because broadcast packets are forwarded to only members of the VLAN on
which the broadcast was initiated.
Note: VLANs on the DGS-3224TGR
No matter what basis is used to uniquely identify end nodes and assign
these nodes VLAN membership, packets
cannot
cross VLANs without a
network device performing a routing function between the VLANs.
The DGS-3224TGR supports only IEEE 802.1Q VLANs. The port
untagging function can be used to remove the 802.1Q tag from packet
headers to maintain compatibility with devices that are tag-unaware.
The switch’s default is to assign all ports to a single 802.1Q VLAN named
“default.”
The default VLAN has a VID = 1
IEEE 802.1Q VLANs
Some relevant terms:
Tagging
– The act of putting 802.1Q VLAN information into the header of a packet.
Untagging
– The act of stripping 802.1Q VLAN information out of the packet header.
Ingress port
– A port on a switch where packets are flowing into the switch and VLAN decisions must be
made.
Egress port
– A port on a switch where packets are flowing out of the switch, either to another switch or to an
end station, and tagging decisions must be made.
IEEE 802.1Q (tagged) VLANs are implemented on the DGS-3224TGR 802.1Q VLANs require tagging, which enables
them to span the entire network (assuming all switches on the network are IEEE 802.1Q-compliant).
VLANs allow a network to be segmented in order to reduce the size of broadcast domains. All packets entering a VLAN
will only be forwarded to the stations (over IEEE 802.1Q enabled switches) that are members of that VLAN, and this
includes broadcast, multicast and unicast packets from unknown sources.
VLANs can also provide a level of security to your network. IEEE 802.1Q VLANs will only deliver packets between
stations that are members of the VLAN.
Page 29 / 160
DGS-3224TGR Gigabit Ethernet Switch User’s Guide
17
Any port can be configured as either
tagging
or
untagging
. The
untagging
feature of IEEE 802.1Q VLANs allows VLANs
to work with legacy switches that don’t recognize VLAN tags in packet headers. The
tagging
feature allows VLANs to
span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on
all ports and work normally.
The IEEE 802.1Q standard restricts the forwarding of untagged packets to the VLAN the receiving port is a member of.
The main characteristics of IEEE 802.1Q are as follows:
Assigns packets to VLANs by filtering.
Assumes the presence of a single global spanning tree.
Uses an explicit tagging scheme with one-level tagging
802.1Q VLAN Packet Forwarding
Packet forwarding decisions are made based upon the following three types of rules:
Ingress rules – rules relevant to the classification of received frames belonging to a VLAN.
Forwarding rules between ports – decides filter or forward the packet
Egress rules – determines if the packet must be sent tagged or untagged.
Figure 5- 1.
IEEE 802.1Q Packet Forwarding
Page 30 / 160
DGS-3224TGR Gigabit Ethernet Switch User’s Guide
18
802.1Q VLAN Tags
The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address.
Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet’s EtherType field is equal to
0x8100, the packet carries the IEEE 802.1Q/802.1p tag. The tag is contained in the following two octets and consists of
three bits of user priority, one bit of Canonical Format Identifier (CFI – used for encapsulating Token Ring packets so they
can be carried across Ethernet backbones) and twelve bits of VLAN ID (VID). The three bits of user priority are used by
802.1p. The VID is the VLAN identifier and is used by the 802.1Q standard. Because the VID is twelve bits long, 4094
unique VLANs can be identified.
The tag is inserted into the packet header making the entire packet longer by four octets. All of the information contained in
the packet originally is retained.
Figure 5- 2.
IEEE 802.1Q Tag
The EtherType and VLAN ID are inserted after the MAC source address, but before the original EtherType/Length or
Logical Link Control. Because the packet is now a bit longer than it was originally, the Cyclic Redundancy Check (CRC)
must be recalculated.
Figure 5- 3.
Adding an IEEE 802.1Q Tag

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top