SWITCHING - Semaphore Computers Pvt. Ltd.

Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
SWITCHING
Define Switching?
A technology that offers a fast and easy way to physically isolate segment network
traffic for performance and security reasons.
A network switch is a computer networking device that connects network
segments.
Linksys 8-port consumer-grade switch.
Linksys 48 port switch.
Low-end network switches appear nearly identical to network hubs, but a switch
contains more "intelligence" (and a slightly higher price tag) than a network hub.
Network switches are capable of inspecting data packets as they are received,
determining the source and destination device of that packet, and forwarding it
appropriately. By delivering each message only to the connected device it was
intended for, a network switch conserves network bandwidth and offers generally
better performance than a hub.
In the past, it was faster to use Layer 2 techniques to switch, when only MAC
addresses could be looked up in content addressable memory (CAM). With the
advent of ternary CAM (TCAM), it was equally fast to look up an IP address or a MAC
address. TCAM is expensive, but very appropriate for enterprise switches that use
default routes plus a moderate number of other routes. For routers that need a full
Internet routing table, TCAM may not be cost-effective.
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Function
As with hubs, Ethernet implementations of network switches are the most common.
Mainstream Ethernet network switches support either 10/100 Mbit/s or 10/100/1000
Mbit/s ports Ethernet standards. Large switches may have 10 Gbit/s ports.
The network switch, packet switch (or just switch) plays an integral part in most
Ethernet local area networks or LANs. Mid-to-large sized LANs contain a number of
linked managed switches. Small Office, Home Office (SOHO) applications typically
use a single switch, or an all-purpose converged device such as gateway access to
small office/home office broadband services such as DSL router or cable, WiFi
Router. In most of these cases, the end user device contains a router and
components that interface to the particular physical broadband technology, as in the
Linksys 8-port and 48-port devices. User devices may also include a telephone
interface to VoIP.
Role of switches in networks
Network switch is a marketing term rather than a technical one. Switches may
operate at one or more OSI layers, including physical, data link, network, or
transport (i.e., end-to-end). A device that operates simultaneously at more than one
of these layers is called a multilayer switch, although use of the term is diminishing.
In switches intended for commercial use, built-in or modular interfaces make it
possible to connect different types of networks, for example Ethernet, Fiber Channel,
ATM, and 802.11. This connectivity can be at any of the layers mentioned. While
Layer 2 functionality is adequate for speed-shifting within one technology,
interconnecting technologies such as Ethernet and token ring are easier at Layer 3.
Again, "switch" is principally a marketing term; interconnection of different Layer 3
networks is done by routers. If there are any features that characterize "Layer-3
switches" as opposed to general-purpose routers, it tends to be that they are
optimized, in larger switches, for high-density Ethernet connectivity.
In some service provider and other environments where there is a need for much
analysis of network performance and security, switches may be connected between
WAN routers as places for analytic modules. Some vendors provide firewall, network
intrusion detection, and performance analysis modules that can plug into switch
ports. Some of these functions may be on combined modules
In other cases, the switch is used to create a "mirror" image of data that can go to
an external device. Since most switch port mirroring provides only one mirrored
stream, Ethernet hubs can be useful for fanning out data to several read-only
analyzers. This is especially popular when using open-source network analysis tools
running over Linux, such as the Snort intrusion detection system and the Wire shark
(formerly ethereal) protocol analyzer.
Layer-specific functionality
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
A modular network switch with 3 network modules (a total of 24 Ethernet and 14
Fast Ethernet ports) and one power supply.
While switches may learn about topologies at many layers, and forward at one or
more layers, they do tend to have common features. Other than for computer-room
very high performance applications, modern commercial switches use primarily
Ethernet interfaces, which can have different input and output speeds of 10, 100,
1000 or 10000 megabits per second. Switch ports almost always default to fullduplex operation, unless there is a requirement for interoperability with devices that
are strictly half duplex. Half-duplex means that the device can only send or receive
at any given time, whereas full-duplex can send and receive at the same time.
At any layer, a modern switch may implement power over Ethernet (PoE), which
avoids the need for attached devices, such as an IP telephone or wireless access
point, to have a separate power supply. Since switches can have redundant power
circuits connected to uninterruptible power supplies, the connected device can
continue operating even when regular office power fails.
Layer-1 hubs versus higher-layer switches
An Ethernet hub, or repeater, is a fairly unsophisticated broadcast device, and
rapidly becoming obsolete. Hubs do not manage any of the traffic that comes
through them. Any packet entering a port is broadcast out or "repeated" on every
other port, save the port of entry. Since every packet is repeated on every other
port, packet collisions result, which slows down the network.
Hubs have actually become hard to find, due to the widespread use of switches.
There are specialized applications where a hub can be useful, such as copying traffic
to multiple network sensors. There is no longer any significant price difference
between a hub and a low-end switch.
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Layer 2
A single LAN switch, operating at the MAC sub layer of the data link layer, may
interconnect a small number of devices in a home or office. This is a trivial case of
bridging, in which the switch learns the MAC address of each connected device.
Compared to shared-medium LANs, a switch using micro segmentation prevents
collisions on an Ethernet, and can provide effectively simultaneous paths among
multiple devices. Single switches also can provide extremely high performance in
specialized applications such as storage area networks
Switches may also interconnect using a spanning-tree protocol that allows the best
path to be found within the constraint that it is a tree. In contrast to routers, bridges
must have topologies with only one active path between two points. The older IEEE
802.1d spanning tree protocol could be quite slow, with forwarding stopping for 3090 seconds while the spanning tree recon verged. A Rapid Spanning Tree Protocol
was introduced as IEEE 802.1w, but the newest edition of IEEE 802.1d-2004, adopts
the 802.1w extensions as the base standard.
Once a Layer 2 switch learns the topology through a spanning tree protocol, it
forwards data link layer frames using some variant of bridging. There are four
forwarding methods a Layer 2 switch can use:
Store and forward
The switch buffers and, typically, performs a checksum on each frame before
forwarding it on.
Cut through
The switch reads only up to the frame's hardware address before starting to
forward it. There is no error checking with this method.
Fragment free
A method that attempts to retain the benefits of both "store and forward" and
"cut through". Fragment free checks the first 64 bytes of the frame, where
addressing information is stored. This way the frame will always reach its
intended destination. Error checking of the actual data in the packet is left for
the end device in Layer 3 or Layer 4 (OSI), typically a router.
Adaptive switching
A method of automatically switching between the other three modes.
Note that cut-through switches have to fall back to store and forward if the outgoing
port is busy at the time the packet arrives.
Note that these forwarding methods are not controlled by the user and are
configured only by the switch itself.
Layer 3
Router is a marketing term for a Layer 3 switch, typically a router optimized for
Ethernet interfaces. Like other switches, it connects devices to single ports for micro
segmentation. The ports normally operate in full duplex.
Switches, even primarily Layer 2 switches, can be aware of Layer 3 multicast and
increase efficiency by delivering the traffic of a multicast group only to ports where
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
the attached device has signaled that it wants to listen to that group. In a switch not
aware of multicasting and broadcasting, frames are also forwarded on all ports of
each broadcast domain, but in the case of IP multicast this causes inefficient use of
bandwidth. To work around this problem some switches implement IGMP snooping.
Layer 4
While the exact meaning of the term Layer-4 switch is vendor dependent, it almost
always starts with a capability for network address translation, but then adds some
type of load distribution based on TCP sessions.
The device may include a stateful firewall, a VPN concentrator, or be an IPSec
security gateway.
Layer 7
As with the other types of switches, Layer 7 is a marketing term. They may
distribute loads based on URL or by some installation-specific technique to recognize
application-level transactions. A Layer-7 switch may include a web cache and
participate in a content delivery network.
Types of switches
Form factor
A rack-mounted switch with network cables
•
•
•
Rack mounted
Non-rack mounted
Chassis — with swappable "switch module" cards. e.g. Cisco's Catalyst switch
Configuration options
•
•
Unmanaged switches — these switches have no configuration interface or
options. They are typically found in SOHO or home environments.
Managed switches — these are ones which allow access to one or more
interfaces for the purpose of configuration or management of features such as
Spanning Tree Protocol, Port Speed, VLANs, etc. High-end or "enterprise"
switches provide a serial console and command-line access via telnet and
Ssh, as well as management via SNMP. More recent devices also provide a
web interface. Limited functions, such as a complete reset by pushing buttons
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
on the switch are usually also provided. Managed switches are found in
medium or large "enterprise" networks and though more expensive are of
higher quality (e.g. with a backplane with higher transfer speeds). The task of
managing usually requires understanding of Layer 2 networks (e.g. Ethernet).
o Smart (or intelligent) switches — these are managed switches with a
limited set of features. Likewise "web-managed" switches are switches
which fall in a market niche between unmanaged and managed. For a
price much lower than a fully managed switch they provide a web
interface (and usually no CLI access) and allow configuration of basic
settings, such as VLANs, port-speed and duplex.
o Web-managed switches — Similar in functionality to a smart switch. A
Web-managed switch is configured through a browser instead of via a
desktop utility.
Traffic monitoring on a switched network
Unless port mirroring or other methods such as RMON or SMON are implemented in
a switch, is difficult to monitor traffic that is bridged using a switch, because all ports
are isolated until one transmits data, and even then only the sending and receiving
ports can see the traffic. These monitoring features rarely are present on consumergrade switches.
Two popular methods that are specifically designed to allow a network analyst to
monitor traffic are:
•
•
Port mirroring — the switch sends a copy of network packets to a monitoring
network connection.
SMON — "Switch Monitoring" is described by RFC 2613 and is a protocol for
controlling facilities such as port mirroring.
Another method to monitor may be to connect a Layer-1 hub between the monitored
device and its switch port. This will induce minor delay, but will provide multiple
interfaces that can be used to monitor the individual switch port.
Typical switch management features
(In order of basic to advanced):
•
•
•
•
•
•
•
•
•
•
Turn some particular port range on or off
Link speed and duplex settings
Priority settings for ports
MAC filtering — and other types of "port security" features which prevent MAC
flooding
Use of Spanning Tree Protocol
SNMP monitoring of device and link health
Port mirroring (also named: port monitoring, spanning port, SPAN port,
roving analysis port, link mode port)
Link aggregation (also called: bonding/trunking)
VLAN settings
802.1X network access control
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Link aggregation allows you to use multiple ports for the same connection achieving
higher data transfer speeds. Creating VLANs can serve security and performance
goals by reducing the size of the broadcast domain.
Virtual LAN
A virtual LAN, commonly known as a VLAN, is a group of hosts with a common set
of requirements that communicate as if they were attached to the same wire,
regardless of their physical location. A VLAN has the same attributes as a physical
LAN, but it allows for end stations to be grouped together even if they are not
located on the same LAN segment. Network reconfiguration can be done through
software instead of physically relocating devices.
A VLAN can be thought of as a broadcast domain that exists within a defined set of
switches. Ports on a switch can be grouped into VLANs in order to limit traffic
flooding since it is limited to ports belonging to that VLAN and its trunk ports. Any
switch port can belong to a VLAN. Packets are forwarded and flooded only to stations
in the same VLAN. Each VLAN is a logical network, and packets destined for stations
that do not belong to the same VLAN must be forwarded through a routing device.
Each VLAN can also run a separate instance of the spanning-tree protocol (STP).
Cisco switches support an independent implementation of STP for each VLAN by
using per-VLAN spanning tree (PVST).
VLANs are created to provide the segmentation services traditionally provided by
routers in LAN configurations. VLANs address issues such as scalability, security, and
network management. Routers in VLAN topologies provide broadcast filtering,
security, address summarization, and traffic flow management. By definition,
switches may not bridge IP traffic between VLANs as it would violate the integrity of
the VLAN broadcast domain.
Virtual LANs are essentially Layer 2 constructs, whereas IP subnets are Layer 3
constructs. In a campus LAN employing VLANs, a one-to-one relationship often exists
between VLANs and IP subnets. Although it is possible to have multiple subnets on
one VLAN or have one subnet spread across multiple VLANs. Virtual LANs and IP
subnets provide an independent Layer 2 and Layer 3 constructs that map to one
another and this correspondence is useful during the network design process.
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Motivation for VLAN
In a legacy network, users were assigned to networks based on geography and was
limited by physical topologies and distances. By using VLAN, one can logically group
networks and is no longer restricted by physical distance. This includes high-speed
technologies such as:
•
•
•
•
•
Asynchronous Transfer Mode (ATM)
Fiber Distributed Data Interface (FDDI)
Fast Ethernet
Gigabit Ethernet
10-Gigabit Ethernet
By using VLAN, one can control traffic patterns and react quickly to relocations.
VLANs provided the flexibility to adapt to changes in network requirements and
allowed for simplified administration. Additionally, it provided an increased security
measure and the ability to limit broadcasts.
Protocols and design
The protocol used in configuring virtual LANs is IEEE 802.1Q. The IEEE committee
defined this method of multiplexing VLANs in an effort to provide multi vendor VLAN
support. Prior to the introduction of the 802.1Q standard, several proprietary
protocols existed, such as Cisco's ISL (Inter-Switch Link, a variant of IEEE 802.10)
and 3Com's VLT (Virtual LAN Trunk). ISL is no longer supported by Cisco.
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Both ISL and IEEE 802.1Q tagging perform explicit tagging as the frame is tagged
with VLAN information explicitly. ISL uses an external tagging process that does not
modify the existing Ethernet frame whereas 802.1Q uses an internal tagging process
that does modify the Ethernet frame. This internal tagging process is what allows
IEEE 802.1Q tagging to work on both access and trunk links, because the frame
appears to be a standard Ethernet frame.
The IEEE 802.1Q header contains the following:
* A 4-byte tag header containing a tag protocol identifier (TPID) and tag control
information (TCI)
* A 2-byte TPID with a fixed value of 0x8100 that indicates that the frame carries
the 802.1Q/802.1p tag information.
A TCI containing the following elements:
* Three-bit user priority
* One-bit canonical format indicator (CFI)
* Twelve-bit VLAN identifier (VID)-Uniquely identifies the VLAN to which the frame
belongs
The 802.1Q standard can create an interesting scenario on the network. Recalling
that the maximum size for an Ethernet frame as specified by IEEE 802.3 is 1518
bytes, this means that if a maximum-sized Ethernet frame gets tagged, the frame
size will be 1522 bytes, a number that violates the IEEE 802.3 standard. To resolve
this issue, the 802.3 committee created a subgroup called 802.3ac to extend the
maximum Ethernet size to 1522 bytes. Network devices that do not support a larger
frame size will process the frame successfully but may report these anomalies as a
"baby giant."
Inter-Switch Link (ISL) is a Cisco proprietary protocol used to interconnect multiple
switches and maintain VLAN information as traffic travels between switches on trunk
links. This technology provides one method for multiplexing bridge groups (VLANs)
over a high-speed backbone. It is defined for Fast Ethernet and Gigabit Ethernet, as
is IEEE 802.1Q. ISL has been available on Cisco routers since Cisco IOS Software
Release 11.1.
With ISL, an Ethernet frame is encapsulated with a header that transports VLAN IDs
between switches and routers. ISL does add overhead to the packet as a 26-byte
header containing a 10-bit VLAN ID. In addition, a 4-byte CRC is appended to the
end of each frame. This CRC is in addition to any frame checking that the Ethernet
frame requires. The fields in an ISL header identify the frame as belonging to a
particular VLAN.
A VLAN ID is added only if the frame is forwarded out a port configured as a trunk
link. If the frame is to be forwarded out a port configured as an access link, the ISL
encapsulation is removed.
Early network designers often configured VLANs with the aim of reducing the size of
the collision domain in a large single Ethernet segment and thus improving
performance. When Ethernet switches made this a non-issue (because each switch
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
port is a collision domain), attention turned to reducing the size of the broadcast
domain at the MAC layer. Virtual networks can also serve to restrict access to
network resources without regard to physical topology of the network, although the
strength of this method remains debatable as VLAN Hopping is a common means of
bypassing such security measures.
Virtual LANs operate at Layer 2 (the data link layer) of the OSI model.
Administrators often configure a VLAN to map directly to an IP network, or subnet,
which gives the appearance of involving Layer 3 (the network layer). In the context
of VLANs, the term "trunk" denotes a network link carrying multiple VLANs, which
are identified by labels (or "tags") inserted into their packets. Such trunks must run
between "tagged ports" of VLAN-aware devices, so they are often switch-to-switch or
switch-to-router links rather than links to hosts. (Note that the term 'trunk' is also
used for what Cisco calls "channels" : Link Aggregation or Port Trunking). A router
(Layer 3 device) serves as the backbone for network traffic going across different
VLANs.
On Cisco devices, VTP (VLAN Trunking Protocol) maintain VLAN configuration
consistency across the entire network. VTP uses Layer 2 trunk frames to manage the
addition, deletion, and renaming of VLANs on a network-wide basis from a
centralized switch in the VTP server mode. VTP is responsible for synchronizing VLAN
information within a VTP domain and reduces the need to configure the same VLAN
information on each switch.
VTP minimizes the possible configuration inconsistencies that arise when changes are
made. These inconsistencies can result in security violations, because VLANs can
cross connect when duplicate names are used. They also could become internally
disconnected when they are mapped from one LAN type to another, for example,
Ethernet to ATM LANE ELANs or FDDI 802.10 VLANs. VTP provides a mapping
scheme that enables seamless trunking within a network employing mixed-media
technologies.
VTP provides the following benefits:
*
*
*
*
*
VLAN configuration consistency across the network
Mapping scheme that allows a VLAN to be trunked over mixed media
Accurate tracking and monitoring of VLANs
Dynamic reporting of added VLANs across the network
Plug-and-play configuration when adding new VLANs
As beneficial as VTP can be, it does have disadvantages that are normally related to
the Spanning-Tree Protocol (STP) as a bridging loop propagating throughout the
network can occur. Cisco switches run an instance of STP for each VLAN, and since
VTP propagates VLANs across the campus LAN, VTP effectively creates more
opportunities for a bridging loop to occur.
Before creating VLANs on the switch that will be propagated via VTP, a VTP domain
must first be set up. A VTP domain for a network is a set of all contiguously trunked
switches with the same VTP domain name. All switches in the same management
domain share their VLAN information with each other, and a switch can participate in
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
only one VTP management domain. Switches in different domains do not share VTP
information.
Using VTP, each Catalyst Family Switch advertises the following on its trunk ports:
* Management domain
* Configuration revision number
* Known VLANs and their specific parameters
Establishing VLAN memberships
The two common approaches to assigning VLAN membership are as follows:
* Static VLANs
* Dynamic VLANs
Static VLANs are also referred to as port-based VLANs. Static VLAN assignments are
created by assigning ports to a VLAN. As a device enters the network, the device
automatically assumes the VLAN of the port. If the user changes ports and needs
access to the same VLAN, the network administrator must manually make a port-toVLAN assignment for the new connection.
Dynamic VLANs are created through the use of software packages such as Cisco
Works 2000. With a VLAN Management Policy Server VMPS, an administrator can
assign switch ports to VLANs dynamically based on information such as the source
MAC address of the device connected to the port or the username used to log onto
that device. As a device enters the network, the device queries a database for VLAN
membership. See also FreeNAC which implements a VMPS server.
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Port-based VLANs
With port-based VLAN membership, the port is assigned to a specific VLAN
independent of the user or system attached to the port. This means all users
attached to the port should be members in the same VLAN. The network
administrator typically performs the VLAN assignment. The port configuration is
static and cannot be automatically changed to another VLAN without manual
reconfiguration.
As with other VLAN approaches, the packets forwarded using this method do not leak
into other VLAN domains on the network. After a port has been assigned to a VLAN,
the port cannot send to or receive from devices in another VLAN without the
intervention of a Layer 3 device.
The device that is attached to the port likely has no understanding that a VLAN
exists. The device simply knows that it is a member of a subnet and that the device
should be able to talk to all other members of the subnet by simply sending
information to the cable segment. The switch is responsible for identifying that the
information came from a specific VLAN and for ensuring that the information gets to
all other members of the VLAN. The switch is further responsible for ensuring that
ports in a different VLAN do not receive the information.
This approach is quite simple, fast, and easy to manage in that there are no complex
lookup tables required for VLAN segmentation. If port-to-VLAN association is done
with an application-specific integrated circuit (ASIC), the performance is very good.
An ASIC allows the port-to-VLAN mapping to be done at the hardware level.
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Local area network
A local area network (LAN) is a computer network covering a small geographic
area, like a home, office, or group of buildings. The defining characteristics of LANs,
in contrast to Wide Area Networks (WANs), include their much higher data transfer
rates, smaller geographic range, and lack of a need for leased telecommunication
lines.
Ethernet over unshielded twisted pair cabling, and Wi-Fi are the two most common
technologies currently, but ARCNET, Token Ring and many others have been used in
the past.
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Local area network scheme
Multilayer switch
A multilayer switch (MLS) is a computer networking device that switches on OSI
layer 2 like an ordinary network switch and provides extra functions on higher OSI
layers.
Cisco Systems Gigabit Switch Router
Layer 3 Switching
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
The major difference between the packet switching operation of a router and that of
a Layer 3 switch is the physical implementation. In general-purpose routers, packet
switching takes place using a microprocessor, whereas a Layer 3 switch performs
this using application-specific integrated circuit (ASIC) hardware.
Multilayer Switch (MLS) - OSI layer 3 and/or 4
A Multilayer Switch (MLS) can prioritize packets by the 6 bits in IP DSCP
(differentiated services Code Point). These 6 bits were used in the "old days" for
Type of Service (ToS).
The following 4 mappings are normally available in an MLS:
•
•
•
•
From
From
From
From
OSI layer 2, 3 or 4 to IP DSCP (if IP packet) and/or VLAN IEEE 802.1p.
VLAN IEEE 802.1p to IP DSCP.
IP DSCP to VLAN IEEE 802.1p.
VLAN IEEE 802.1p to port queue.
Many MLSs implement QoS differentiated services and/or integrated services in
hardware.
Some MLS's are also able to route between VLAN and ports like a common router.
The routing is normally as quick as switching (at wire speed). According to Cisco,
Level 3 switches are basically routers that switch based on Layer 3 information, the
basic difference being processing speed and/or the way they do the switching; Level
3 switches use ASICs/hardware instead of the CPU/software that a router would.
Pre-owned CISCO 6509 Multilayer Switch
Layer 4-7 switch, web-switch, content-switch
Some switches can use up to OSI layer 7 packet information; they are called layer 47 switches, content-switches, content services switches, web-switches or applicationswitches.
Content switches are typically used for load balancing among groups of servers. Load
balancing can be for HTTP, HTTPS and/or VPN, or for any application TCP/IP traffic
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
using a specific port. Load balancing often involves NAT so that the client of the loadbalanced service is not fully aware of precisely which server is handling its requests.
Some of the layer 4-7 switches can NAT at wire speed. Content switches can often
also be used to perform standard operations such as SSL encryption/decryption to
reduce the load on the servers receiving the traffic, and to centralise the
management of digital certificates.
Some types of application require that repeated requests from a client are directed
at the same application server. Since the client isn't generally aware of which server
it spoke to earlier, content switches define a notion of stickiness. For example,
requests from the same source IP address are directed to the same application
server each time. Stickiness can also be based on SSL Ids, and some content
switches can even use cookies to provide this functionality.
The ServerIron® family of Layer 4-7 switches & Load Balancer
Layer 4 Load Balancer
A typical network router simply sends incoming packets onto the appropriate IP
address on its network. A layer 4 router, more correctly a NAT with port and
transaction awareness, uses a little trickery and sends incoming packets to one or
more machines which are hidden behind a single IP address.
The Layer 4 refers to the 7 layer OSI model. The router is on the Transport Layer
and makes decisions on where to send the packets. Modern load balancing routers
can use different rules to make decisions on where to route traffic. This can be based
on least load, or fastest response times, or simply balancing requests out. This is
also a redundancy method, so if one machine is not up, the router will not send
traffic to it.
Load Balancing Router
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
CISCO SWITCH PRODUCTS: (http://www.cisco.com)
Product Portfolio
ATM Switches:
1. Cisco Catalyst 8500 Series
Multiservice Switch Routers
2. Cisco Lightstream ATM Switches
Blade Switches:
1. Cisco Catalyst Blade Switch 3000
Series for Dell
2. Cisco Catalyst Blade Switch 3000
Series for FSC
3. Cisco Catalyst Blade Switch 3000
Series for HP
4. Cisco Gigabit Ethernet Switch Module
(CGESM) for HP
5. Cisco IGESM & Cisco Fiber IGESM
Switch Module for IBM
LAN Network Management:
1. Cisco Configuration Assistant
2. Cisco Network Assistant
LAN Switches:
1. Cisco Catalyst Express 520 Series
2. Cisco Catalyst Express 500 Series
Switches
Metro Ethernet Switches:
1. Cisco Catalyst 3750 Metro Series
Switches
2. Cisco ME 6500 Series Ethernet
Switches
3. Cisco ME 4900 Series Ethernet Switch
4. Cisco ME 3400 Series Ethernet Access
Switches
5. Cisco ME 2400 Series Ethernet Access
Switches
WAN Switches
BPX Switches:
1. Cisco BPX 8600 Series Switches
2. Cisco SES PNNI WAN Software
MGX Switches:
1. Cisco MGX 8900 Series Switches
2. Cisco MGX 8880 Media Gateways
3. Cisco MGX 8850 Software
4. Cisco MGX 8800 Series Switches
5. Cisco MGX 8250 Software
6. Cisco MGX 8230 Software
7. Cisco MGX 8200 Series Edge
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
3. Cisco Catalyst 6500 Series Switches
4. Cisco Catalyst 6500 Virtual Switching
System 1440
5. Cisco Catalyst 4900 Series Switches
6. Cisco Catalyst 4500 Series Switches
7. Cisco Catalyst 3750 Metro Series
Switches
8. Cisco Catalyst 3750 Series Switches
9. Cisco Catalyst 3750-E Series
Switches
10. Cisco Catalyst 3560 Series Switches
11. Cisco Catalyst 3560-E Series
Switches
12. Cisco Catalyst 3550 Series Switches
13. Cisco Catalyst 2960 Series Switches
14. Cisco Catalyst 2955 Series Switches
15. Cisco Catalyst 2950 Series Switches
16. Cisco Catalyst 2940 Series Switches
17. Cisco Redundant Power Systems
Concentrators
Other WAN Switching Products:
1. Cisco BPX/IGX/IPX WAN Software
2. Cisco MGX 8880 Media Gateways
3. Cisco IGX 8400 Series Switches
D-Link Switches (http://www.dlink.com)
Switches
Unmanaged Fast-Ethernet
Small /Medium office. Ideal for light to medium data applications where no switch
management is required.
5-Port 10/100 Desktop
8-Port 10/100 Desktop
Switch
Switch
DES-1105
DES-1108
8-Port 10/100 Desktop
Switch with 4 PoE Ports
DES-1008PA
16-Port 10/100 Desktop
Switch
DSS-16+
24-Port 10/100 Switch
+ 2 Optional Port
100BASE-FX Uplinks
DSS-24+
Express Ether Network
24-Port 10/100 Rack
mountable Switch
DES-1024D
24-Port 10/100 + 2
Gigabit 1000BASE-TX
Switch
DES-1026G
Unmanaged Gigabit
Small / Medium office. Ideal for medium to heavy data applications where no switch
management is required. Can be used as an aggregation switch for multiple fast Ethernet
edge switches.
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
5-Port 10/100/1000
Desktop Switch
DGS-2205
8-Port 10/100/1000
Desktop Switch
DGS-2208
16-Port 10/100/1000
Rack mountable Switch
24-Port 10/100/1000
Rack mountable Switch
DGS-1016D
DGS-1024D
Smart Fast-Ethernet
Small / Medium office. Ideal for light to medium data applications. Features web based
management and features such as Quality of Service and VLANs. Provides added network
security. Can be used as a central switching device for small office connectivity or at the
network edge.
Web Smart 16-Port
Web Smart 24-Port
10/100 with 8 PoE
10/100 + (4)
802.3af ports Switch
1000BASE-T Ports + 2
Combo Ports Switch
DES-1316
DES-1228
Web Smart 24-Port PoE
10/100 + (4)
1000BASE-T Ports + 2
Combo Ports Switch
Web Smart 48-Port
10/100 + 2 Combo GbE
+ (2) 1000BASE-T Ports
Switch
DES-1228P
DES-1252
Smart Gigabit
Small / Medium office. Ideal for medium to heavy voice, video, and data applications.
Features web based management and features such as Quality of Service and VLANs.
Provides added network security. Can be used as a central switching device in a small office
or as an aggregation switch for multiple fast Ethernet or Gigabit unmanaged edge switches.
Web Smart 16-Port
Web Smart 24-Port
10/100/1000+2 combo
10/100/1000 + 2 combo
SFP Switch
SFP Switch
DGS-1216T
DGS-1224T
Web Smart 48-Port
10/100/1000 + 4 combo
SFP Switch
DGS-1248T
Layer 2 Fast-Ethernet
Small / Medium / Large office. Ideal for light to medium voice, video, and data applications.
Features management through web GUI and Command Line Interface. Supports multiple
features designed to provide advanced quality of service, network management, and
security.
xStack Managed 24-Port
Managed 24-Port 10/100
10/100 Stackable L2
Stackable Switch + 4
PoE Switch, 4 Gigabit
Gigabit Ports + 2 Combo
Copper Ports, 2 Combo
SFP Slots
SFP
DES-3228PA
DES-3028
Managed 24-Port
10/100 Stackable PoE
Switch + 4 Gigabit Ports
+ 2 Combo SFP Slots
Managed 48-Port 10/100
Stackable Switch + 4
Gigabit Ports + 2 Combo
SFP Slots
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
DES-3028P
DES-3052
Managed 48-Port
10/100 Stackable PoE
Switch + 4 Gigabit Ports
+ 2 Combo SFP Slots
DES-3052P
Managed 8-Port 10/100
Switch + 1 Gigabit Port
+ (1) 100BASE-FX MMF
Port
DES-3010FA
Managed 8-Port 10/100
Switch + 1 Gigabit Port
+ 1 SFP Slot
DES-3010GA
Managed 8-Port 10/100
PoE Switch + 1 Gigabit
Port + 1 SFP Slot
DES-3010PA
Managed 24-Port
10/100 Switch + 2
combo Gig copper/SFP
uplinks
DES-3226L
Managed 24-Port 10/100
Stackable L2 Switch, 2
Gigabit Copper Ports, 2
Combo SFP
DES-3526
Managed 48-Port
10/100 Stackable L2
Switch, 2 Gigabit Copper
Ports, 2 Combo SFP
DES-3550
Layer 2 Gigabit
Medium / Large office. Ideal for medium to heavy voice, video, and data applications.
Features management through web GUI and Command Line Interface. Supports multiple
features designed to provide advanced quality of service, network management, and
security. Can be used as a central switching device in a small office or as an aggregation
switch for multiple edge switches. May support 10Gigabit interfaces for uplinking to Storage
Area Network devices or Servers. May support redundant stacking ability.
Managed 24-Port Gigabit
Managed 24-Port Gigabit
Stackable Layer 2
Stackable PoE Layer 2
Switch + 4 combo SFP +
Switch + 4 combo SFP +
20 Gig Stacking
20 Gig Stacking
DGS-310024
DGS-310024P
Managed 48-Port Gigabit
Stackable Layer 2
Switch + 4 combo SFP +
20 Gig Stacking
DGS-310048
DXS-3227
DXS-3250
Managed 48-Port Gigabit
Stackable PoE Layer 2
Switch + 4 combo SFP +
20 Gig Stacking
DGS-310048P
xStack 24-Port Gigabit
Wireless-Ready Switch
+ (4) Combo SFP Ports
+ (1) Fixed XFP Port +
(2) Optional 10-Gig
Copper/Fiber Uplinks
xStack 48-Port Gigabit
Wireless-Ready Switch
+ (4) Combo SFP Ports
+ (2) Optional 10-Gig
Copper/Fiber Uplinks
DXS-3227P
xStack 24-Port PoE
Gigabit Wireless-Ready
Switch + (4) Combo SFP
Ports + (1) Fixed XFP
Port + (2) Optional 10Gig Copper/Fiber Uplinks
24-Port 10/100/1000
Switch + 4 combo SFP
ports
DGS-3024
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
24-Port 10/100/1000
Switch + 4 combo SFP
ports
48-Port 10/100/1000
Switch + 4 Combo SFP
Uplinks
DGSDGS-3048
3224TGR
Layer 3 Fast-Ethernet
Large / Enterprise environments. Ideal solution when multiple dynamic routing devices are
present on the network. Management through GUI or CLI. Advanced QoS, Security, and
support for dynamic routing protocols such as RIP and OSPF. Can be used as a core network
routing device for multiple Layer 3 departmental level switches. May support redundant
stacking ability.
xStack Managed 24-Port
xStack Managed 24-Port
10/100 Stackable L3
10/100 Stackable L3 PoE
Switch, 4 Gigabit Copper
Switch, 4 Gigabit Ports,
Ports, 2 Combo SFP
2 Combo SFP
DES-3828
DES-3828P
Layer 3 Gigabit
Large / Enterprise Environments. Ideal for large IP routed networks. Often a stackable
solution with support for 10 Gigabit uplinking. Supports advanced QoS, Security, and
Dynamic Routing functions. Can be used at the network core as central network router and
aggregation device.
xStack Multilayer IPv6
xStack Multilayer IPv6
12-Port 1000BASE-X
24-Port Gigabit Switch +
SFP Switch + 4 Combo
4 Combo SFP + 3
1000BASE-T Ports
Optional 10Gig Uplinks +
40Gig Stacking
DGS-3612G
DGS-3627
DGS-3650
xStack Multilayer IPv6
48-Port Gigabit Switch +
4 Combo SFP + 2
Optional 10Gig Uplinks
+ 40Gig Stacking
xStack 24-Port
10/100/1000 Switch + 4
combo SFP, 10Gig
Stacking
DGS-3324SR
xStack 24-Port
10/100/1000 Switch + 8
combo SFP, 10Gig
Stacking
DGS3324SRi
xStack 24-Port SFP
Switch + 4 combo
10/100/1000T+ 2
10GbE ports
DXS3326GSR
xStack 48-Port
10/100/1000 Switch+ 4
combo SFP + 2 10GbE
ports
DXS-3350SR
Wireless
Ideal for seamless converged wired and wireless networks. Allows for seamless roaming and
centralized AP management. Supports management through GUI and CLI. Can be stackable.
May support 10 Gigabit uplinking and / or stacking.
xStack 24-Port Gigabit
xStack 24-Port Gigabit
Unified Wireless Switch
Unified Wireless Switch
+ 10 Gigabit Uplinks
with PoE + 10 Gigabit
Uplinks
DWS-3227
DWS-3227P
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
xStack 48-Port Gigabit
Unified Wireless Switch
+ 10 Gigabit Uplinks
DWS-3250
Modular Chassis Switches
9-slot 160Gbps Chassis
Switch
DES-6500
AirPremier 8-Port
Wireless Switch with PoE
DWS-1008
12-Port 100BASE-FX
MMF LC Module For DES6500 Chassis
DES-6504
24-Port RJ21 to RJ45
Patch Panel For DES6500 Chassis
DES-6506
12-Port 10/100/1000
Module + 2 SFP For
DES-6500 Chassis
DES-6507
12-Port 1000BASE-X
SFP Module For DES6500 Chassis
DES-6509
24-Port 10/100 RJ21
Module For DES-6500
Chassis
DES-6510
2 Port 10Gigabit XFP
Module for DES-6500
Chassis
DES-6512
Switch Accessories
1-Port 10GBase-CX4
Module for DGS-3600
Series
DEM-410CX
1-Port 10-Gigabit XFP
Module for DGS-3600
Series
DEM-410X
100BASE-FX Multimode
LC SFP Transceiver
DEM-211
1000BASE-SX+ Gigabit
Interface Converter
DEM310GM2
1000BASE-LX Mini
Gigabit Interface
Converter
DEM-310GT
1000BASE-SX Mini
Gigabit Interface
Converter
DEM-311GT
4-port
10/100/1000BASE-T
Module
DEM-340T
10/100/1000BASE-T
Copper SFP Transceiver
DGS-712
48Gbps Stacking Kit for
XStack 3200 Series
Switch
DEM-411S
1-Port 10GBASE-CX4
Copper Module
DEM-411T
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
1-Port 10GBASE-X XFP
Module
DEM-411X
2-Port 10 Gigabit CX-4
Module for xStack 3300
Series
DEM-420CX
2-Slot XFP 10Gigabit
Uplink Module
DEM-420X
10Gigabit XFP
(10GBASE-SR)
DEM-421XT
10Gigabit XFP
(10GBASE-LR)
DEM-422XT
2-Port 100BASE-FX Fiber
Module for DSS-24+
DES-102F
Fast Ethernet Media
Converter
DFE-855
Redundant Power Supply Units (RPSU)
60Watt Redundant
Power Supply Unit
DPS-200
Media Converter
DMC-700SC
140Watt Redundant
Power Supply Unit
DPS-500
Redundant Power
Supply
DPS-510
2-Slot Redundant Power
Supply Unit Open
Chassis
DPS-800
8-Slot Open Chassis for
Redundant Power
Supply Units
Redundant Power Supply
For DES-6500 Chassis
DPS-900
DES-6511
SNMP Management Software for all Managed Switches
D-View 5.1 SNMP
Network Management
System Professional
Version
DS-510P
D-View 5.1 SNMP
Network Management
System Standard
Version
DS-510S
HP Products and Solutions - (http://www.hp.com)
Edge switches
Multilayer, high port density switches providing scalable,
reliable network infrastructures:
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Intelligent
Edge switches
Switch 5400zl
series
Description
Accessories
Consists of Layer 2/3/4 switches that
offer the most advanced intelligent
edge capability in a chassis (6-slot and
12-slot) form factor.
Switch 3500yl
series
Consists of Layer 2/3/4 switches that
offer the most advanced intelligent
edge capability in a stackable (24-port
and 48-port) form factor.
Switch 5300xl
series
Offers Layer 2/3/4 switching in a
modular 4 or 8-slot chassis.
Switch 3400cl
series
Exceptionally affordable 24 and 48port 10/100/1000 intelligent EDGE
stackable switches with optional 10-Gb
uplink capability.
Description
Modules, Power
Supplies, MiniGBIC, Transceiver,
License and
Software
Modules, Power
Supplies, MiniGBIC, Transceiver,
License and
Software
Modules, Power
Supplies, Mini-GBIC
and License
Modules, Power
Supplies, Mini-GBIC
and Transceiver
Edge switches
— Managed
Switch 4200vl
series
Switch 4100gl
series
Switch 2900
series
Switch 2800
series
Switch 2600
series
Switch 2600
PWR
Switch 2810
series
A series of modular chassis that
provides a flexible cost-effective LAN
solution as an alternative to
stackables.
Convergence-ready and easy to use
switches available in compact 8-slot
and 4-slot modular form factors.
Reliable 24 and 48-port 10/100/1000
basic Layer 3 stackable switches, each
with 4 dual-functionality ports and 4
integrated 10GbE ports (two X2 + two
CX4) for high-speed stacking and
uplinks.
Consists of two switches; a 24 or 48port stackable with 10/100/1000 ports
and 4 dual-functionality ports for up to
four Gigabit fiber uplinks.
A collection of cost-effective,
stackable, multi-layer, managed
switches with 48, 24, or 8 autosensing 10/100 ports and dualpersonality ports for 10/100/1000 or
mini-GBIC connectivity.
A series of IEEE 802.3af-compliant
switches ideal for Power over
Ethernet; providing up to 15.4 Watts
per port.
Flexible 24 and 48-port 10/100/1000
Layer 2 stackable switches, each with
4 dual-functionality ports for up to 4
Accessories
Modules, Power
Supplies, MiniGBIC, Software and
Transceiver
Modules, Power
Supplies, Mini-GBIC
and Transceiver
Mini-GBIC,
Transceiver and
Software
Power Supplies,
Mini-GBIC and
Transceivers
Power Supplies and
Mini-GBIC
Power Supplies and
Mini-GBIC
Power Supplies,
Mini-GBIC, Software
and Transceivers
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Switch 2510
series
Switch 2500
series
Edge switches
— Web
Managed
Switch 1800
series
Switch 1700
series
Edge switches
— Unmanaged
Switch 2700
series
Switch 2300
series
Switch 2124
Switch 1400
series
Switch 408
Gigabit fiber uplinks.
A managed, Layer 2, 24-port 10/100
switch with 2 dual-personality Gigabit
ports providing 10/100/1000-T or
mini-GBIC connectivity.
Consists of cost-effective, stackable,
managed 24 and 12-port switches
with 10/100 auto-sensing per port and
2 open transceiver slots for Gigabit or
100Base-FX.
Description
Consists of 8 and 24-port Gigabit
switches with Web management
capability offering a small form factor
10/100/1000 switch or a 24-port
10/100/1000 switch with 2 dualpersonality ports for optional fiber
uplinks.
A series ideal for businesses making
the transition from unmanaged to
managed networks, designed with no
fan, enables quiet operation for
deployment in open spaces with an
Industry-leading warranty.
Description
Consists of cost-effective, unmanaged
24 and 8-port switches with
10/100/1000 auto-sensing per port.
Consists of cost-effective, unmanaged
24 and 12-port switches with 10/100
auto-sensing per port and 2 open
transceiver slots for Gigabit or
100Base-FX uplinks.
A cost-effective, unmanaged 24-port
switch with 10/100 auto-sensing per
port and 1 open transceiver slot for a
100Base-FX uplink.
Plug-and-play switch for highbandwidth connectivity, silent
operation via a fanless design with an
industry-leading warranty.
A compact, unmanaged 8-port 10/100
switch
Mini-GBIC, Software
and Transceivers
Stacking Kit and
Transceiver
Accessories
Mini-GBIC and
Software
Mini-GBIC and
Software
Accessories
Transceiver
Transceiver
Mini-GBIC
Mounting Kit
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)
Multilayer, high port density switches providing scalable,
reliable network infrastructures:
Core switches
Switch 9300m series
Interconnect fabric
Switch 8212zl
Switch 8100fl series
Distribution/aggregator
Switch 6400cl series
Switch 6200yl series
Switch 6108
Switch 5400zl series
Description
Delivers high-performance
capabilities and investment
protection for medium and
large enterprise networks.
Description
A high performance, fullfeatured chassis switch
solution that offers reduced
complexity in a complete
Core-to-Edge network solution
and delivers to market the
industry's 1st core switch with
a lifetime warranty.
Delivers high-availability,
high-bandwidth, and costeffective fabric
interconnectivity for the
Adaptive EDGE Architecture.
Description
Flexible 6-port 10-Gigabit
stackable switches with
optional 10-Gigabit 2-port
add-on modules.
Offers Layer 2/3/4 capability
in a 1U stackable format to
aggregate network traffic from
the edge of the network to the
core.
A cost-effective, stackable,
multi-layer managed 8-port
switch with 6 auto-sensing
10/100/1000 ports and 2
dual-personality ports for
10/100/1000 or mini-GBIC
connectivity.
Consists of Layer 2/3/4
switches that offer the most
advanced intelligent edge
capability in a chassis (6-slot
and 12-slot) form factor.
Accessories
Modules, Power
Supplies, MiniGBIC and
Transceiver
Accessories
Modules, Power
Supplies, MiniGBIC and
Transceiver
Modules, Power
Supplies, MiniGBIC and
Transceiver
Accessories
Modules, Power
Supplies and
Transceiver
Modules, MiniGBIC,
Transceiver and
Software
Mini-GBIC
Modules, Power
Supplies, MiniGBIC,
Transceiver,
License and
Software
Semaphore Technologies Pvt. Ltd. – (technologies.semaphore@gmail.com)