Switches chapter 2
Download
1 / 66

Switches- Chapter 2 - PowerPoint PPT Presentation


  • 143 Views
  • Uploaded on

Switches- Chapter 2. CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino. Topics. Operation of 100/1000 Mbps Ethernet Switches and how they forward frames Configure a switch Basic security on a switch. LAN Design. Basic Switch Concepts- Chp. 2. Wireless. VLANs. STP.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Switches- Chapter 2' - cael


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Switches chapter 2

Switches- Chapter 2

CCNA Exploration Semester 3

Modified by Profs. Ward

and Cappellino


Topics
Topics

  • Operation of 100/1000 Mbps Ethernet

  • Switches and how they forward frames

  • Configure a switch

  • Basic security on a switch


Lan switching and wireless

LAN Design

Basic Switch Concepts- Chp. 2

Wireless

VLANs

STP

Inter-VLAN routing

VTP

LAN Switching and Wireless


Csma cd reminder
CSMA/CD reminder

  • Shared medium-Physical sharedcable or hub.

  • Ethernet wasdesigned to work________________

    • Using _________________________________ ____________________________


Csma cd review
CSMA/CD review…

  • Device needs to transmit.

  • It “__________” for signals on the medium.

  • If it finds signals – ______. If clear – __________.

  • If the signals of one device are not detected by a second device, the second device may also start to transmit causing a ____________________.

  • Stop sending frame, send ____________

  • Wait for random time (_____________)

  • ______________ – listen for signals etc.


No collisions
No collisions

  • ______________________ with _________ operation = __________ collisions.

  • Higher bandwidth Ethernet does not define collisions – must be fully switched.

  • Cable length limited if CSMA/CD needed.

  • ________ – always fully switched, full duplex.

  • (Shared medium must use half duplex in order to detect collisions.)


Switch port settings
Switch Port Settings

  • Auto (default for UTP) - ____________________ with connected device.

    • Two ports communicate to decide the best mode of operation

  • Full – sets full-duplex mode

  • Half - sets half-duplex mode

  • Auto is fine if _______ types of devices are using it.

    • Potential problem- if switch uses auto and other device does not. Switch defaults to half.

  • Manually setting full-duplex on one end and half on the other __________________________


Mdix auto interface config command
MDIX autoInterface config command

  • _________________ whether cable is straight through or crossover and configures the interface accordingly

    • Either cable type can be used in the connection

  • Depends on IOS version

    • Enabled by default from 12.2(18)SE or later

    • Disabled from 12.1(14)EA1 to 12.2(18)SE

    • _________________ in earlier versions

      EXAMPLE…

Switch# configure terminal

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# speed auto

Switch(config-if)# duplex auto

Switch(config-if)# mdix auto

Switch(config-if)# end


Communication types review
Communication types review…

  • _________ – one sender to one receiver

    • most user traffic: http, ftp, smtp etc.

  • ________________ – one sender, but the information is sent to all connected receivers.

    • Ex: ARP requests

  • ___________ – a frame is sent from one sender to a specific group of devices

    • Ex: Group of hosts using videoconferencing.

    • IP addresses have first octet in range 224 – 239


Ethernet frame review
Ethernet frame review…

  • 802.2 is data link layer LLC sublayer


Mac address review
MAC address review…

  • ___________written as _________ hexadecimal digits. Format varies: 00-05-9A-3C-78-00, 00:05:9A:3C:78:00, or 0005.9A3C.7800.

  • MAC address __________________ into a ROM chip on a NIC

    • Referred to as a burned in address (BIA).

  • Some manufacturers allow the MAC address to be _________________.

  • What is the purpose of MAC address?


Mac address review1

On the destination MAC address, bit is set if frame’s address is a ____________________

MAC address review…

  • Two parts: Organizational Unique Identifier (___) and number _____________________


Mac address
MAC address address is a ____________________

  • Two parts: Organizational Unique Identifier (OUI) and number assigned by manufacturer.

Set if vendor assigned MAC address can be ____________________


Mac address1
MAC address address is a ____________________

  • Two parts: Organizational Unique Identifier (OUI) and number assigned by manufacturer.

Assigned to vendor by ________


Mac address2
MAC address address is a ____________________

  • Two parts: Organizational Unique Identifier (OUI) and number assigned by manufacturer.

_______________ for the Ethernet device


Switch mac address table review
Switch MAC Address Table review… address is a ____________________

  • Table created by mapping the switch port to MAC address of attached device

  • Built by inspecting _____________ address of incoming frames

  • ________________ address checked against table

    • Frame sent through correct port

    • If not in table, frame __________________ on which it was received

  • Broadcasts flooded


Bandwidth and throughput review
Bandwidth and Throughput review.. address is a ____________________

  • What is Bandwidth?

  • What is Throughput?

  • Bandwidth is affected by _____________

    • Full bandwidth for transmission is available only after any collisions have been resolved.

  • Number of nodes sharing the Ethernet network will have effect on the ___________


Collision domain review
Collision domain review… address is a ____________________

  • Collision Domain-- __________________________ ___________________________________

  • Collisions ___________ throughput

  • Shared medium – same collision domain

    • The more devices – the more collisions

    • Hub – an average of 60% of bandwidth available

  • Switch (+ full duplex)

    • Microsegmentation- connection created by ________ between sending and receiving hosts

      • Full duplex- dedicated link each way

      • 100% bandwidth in each direction

    • Link regarded as an individual collision domain if you are asked to count them.


How many collision domains
How many collision domains? address is a ____________________


Broadcast domain review
Broadcast domain review… address is a ____________________

  • Layer 2 switches ________________ broadcasts

    • Do not filter broadcast frames

  • Devices linked by switches are ______________ broadcast domain.

    • We ignore VLANs here – they come later

  • A _______________________, splits up broadcast domains

    • Does not forward broadcasts

  • Destination MAC address for broadcast is all 1s, that is FF:FF:FF:FF:FF:FF


How many broadcast domains
How many broadcast domains? address is a ____________________

No VLANs


Network latency
Network Latency address is a ____________________

  • Latency- ____________________ from the source to the final destination

  • Three sources:

    • ___________ – time taken to put signal on medium and to interpret it on receipt.

    • ____________________ – time spent travelling on medium

    • Latency from _______________________

      • These are either Layer 1, 2, or 3 devices

      • Depends on number and type of devices.

        • Routers add more latency than switches.


Network congestion
Network congestion address is a ____________________

  • Common causes of congestion:

    • More powerful PCs that can send and process more data through the network at higher rates.

    • Increasing use of remote resources (servers, Internet) generates more traffic volume.

      • More broadcasts, more congestion.

    • High-bandwidth applications make more use of advanced graphics, video etc.

      • Need more bandwidth.

  • ________________________________ helps.


Control latency
Control latency address is a ____________________

  • Choose switches that can process data fast enough for all ports to work simultaneously at full bandwidth.

    • Switches that lack sufficient processing power can introduce latency

  • Use _______________ rather than ________ where possible.

    • Routers increase latency on a network

  • But – balance this against need to split up broadcast domains

    • Which is done by routers


Remove bottlenecks
Remove bottlenecks address is a ____________________

  • Bottlenecks- places on the network where _____________________________________

  • Reduce bottlenecks by having several links

    • Use _______________ so they act as one link with the combined bandwidth.

    • Use higher capacity links


Switch forwarding methods
Switch Forwarding Methods address is a ____________________

  • Current models of Cisco switches now use only __________________________ of switching data between ports

  • Some older switches used Cut Through – it had two variants: Fast Forward and Fragment Free


Store and forward
Store and forward address is a ____________________

  • _____________________________

  • Discard any frames that are too short/long

  • Perform cyclic redundancy check (CRC) and ___________________________

  • Find correct port and forward frame out that port

  • Required for ______________ checks on converged networks

    • Allows entry and exit at _________________


Cut through fast forward
Cut Through - Fast forward address is a ____________________

  • Read _____________________, through to the ____________________________ (first 6 bytes after start delimiter)

    • Look up port and ______________ while _______________ of frame is still _____________

  • No error checking or discarding of bad frames

  • Entry and exit must be same bandwidth

  • ________________________

    • Corrupt frames could be sent throughout the network


Cut through fragment free
Cut Through – Fragment Free address is a ____________________

  • ________________________________________________________________________________

    • Look up port and start forwarding while remainder of frame (if any) is still coming in.

    • Most network errors and collisions occur during the first 64 bytes.

  • Discards collision fragments (too short) but other bad frames are forwarded

  • Entry and exit must be ________________

  • Compromise between Store and forward and Fast forward methods


Symmetric and asymmetric switching
Symmetric and Asymmetric Switching address is a ____________________

  • ______________ – all ports operate at ___________ bandwidth

  • __________ – __________ bandwidths may be used

    • Ex: greater bandwidth dedicated to a server or uplink port to prevent bottlenecks

    • Requires store and forward operation with memory buffering

  • Most switches now use _____________ switching to allow ________________


Port based buffering
Port Based Buffering address is a ____________________

  • Each incoming port has ________________

  • Frames ________________ until _________port is free.

    • Frame destined for busy outgoing port can hold up all the frames in queue even if their outgoing ports are free.

  • Each incoming port has a ______________ amount of memory.


Shared memory buffering
Shared Memory Buffering address is a ____________________

  • All incoming frames go in a __________ ___________________________________

  • Switch __________________________ and forwards it when port is free

    • Frames do not hold each other up

  • Flexible use of memory allows larger frames

  • Important for asymmetric switching where some ports work at a faster rate than others


Layer 2 and layer 3 switching
Layer 2 address is a ____________________ and Layer 3 Switching

Traditional Ethernet switches work at ______

They use ___________ ___________to make filtering and forwarding decisions.

They do not look at layer 3 information.


Layer 2 and layer 3 switching1
Layer 2 and address is a ____________________Layer 3 Switching

______________ can carry out the same functions as layer 2 switches.

They can also use ___________________ ___________ between networks.

The can control the spread of broadcasts.


L 3 switch router comparison
L 3 Switch & Router Comparison address is a ____________________

  • Routers perform __________________________

  • L3 Switches provide _________ routing functions in a LAN and reduce the need for dedicated routers


Switch cli is similar to router
Switch CLI is similar to router address is a ____________________

  • Switch>enable

  • Switch#config t

  • Switch(config)#int fa 0/1

  • Switch(config-if)#exit

  • Switch(config)#line con 0

  • Switch(config-line)#end

  • Switch#disable

  • Switch>


Cisco device manager
Cisco Device manager address is a ____________________

  • ____________________ for managing switch.

  • Access via browser on PC.

  • Other GUI options available but need to be downloaded/bought.


Help history etc
Help, history etc. address is a ____________________

  • Help with_________is similar to router.

  • Error messages for bad commands – same as for a router

  • Command history – same as for router.

    • Up arrow or Ctrl + P for previous

    • Down arrow or Ctrl + N for next

    • Each mode has its own buffer holding 10 commands by default.


Storage and start up
Storage and start-up address is a ____________________

  • ROM, Flash, NVRAM, RAM generally similar to router.

  • Boot loader (similar process to router)

    • Performs low-level _________________

    • Performs ____________________________

      • During POST, LEDs blink while a series of tests determine that the switch is functioning properly- green is good!

      • If the switch fails POST, the SYST LED turns amber.

    • ________________________________

    • Loads a ______________ software image into memory and ______________ the switch.

  • ___________________________________ as found in the config file or alternate location

  • Boot loader lets you re-install IOS or recover from password loss.


Ip address
IP address address is a ____________________

  • A switch works “out-of-the-box” without an IP address (it’s a L2 device) or any other configuration

  • IP address lets you access/program the switch remotely by Telnet, SSH or browser.

  • Switch needs _______________ IP address.

    • Programmed on an interface within a VLAN

    • VLAN ________ is the __________ but is not very secure for management so best practices states ______________________________


Ip address assignment example
IP address assignment example address is a ____________________

  • First- create a VLAN and assign an IP address…

  • S1(config)#int vlan 99 ( or another VLAN)

  • S1(config-if)#ip address 192.168.1.2 255.255.255.0

  • S1(config-if)#no shutdown

  • S1(config-if)#exit


Ip address assignment example cont
IP address assignment example address is a ____________________cont…

  • Second- assign the appropriate port the switch to VLAN 99 …

  • S1(config)#int fa 0/18 (or other interface)

  • S1(config-if)#switchport mode access

  • S1(config-if)#switchport access vlan 99

  • S1(config-if)#exit

  • S1(config)#

  • Management information to and from the switch can now pass via port fa 0/18.

  • Other ports could be added to VLAN 99 if necessary.


Default gateway
Default gateway address is a ____________________

  • S1(config)#ip default-gateway 192.168.1.1

  • Just like a PC, the switch needs to _______ ______________________________ to exchange switch management traffic destinations outside its local network

  • Note _______________________ mode.


Configuring a switch as an http server
Configuring a switch as an HTTP server… address is a ____________________

  • Required by a number of web-based configuration tools available on switches

  • SW1(config)#ip http server

  • SW1(config)#ip http authentication enable

    • (uses enable secret/password for access)

  • SW1(config)#ip http authentication local

  • SW1(config)#username admin password cisco

    • (log in using this username and password)


  • Mac address table cam
    MAC address table (CAM) address is a ____________________

    • What is the MAC address table used for?

    • Static MAC addresses:Inbuilt or configured, _____________

    • Dynamic MAC addresses:Learned, __________________________

    • Note that VLAN number is included in table.


    Set a static mac address example
    Set a static MAC address address is a ____________________example…

    • SW1(config)#mac-address-table static 000c.7671.10b4 vlan 2 interface fa0/6


    Save configuration
    Save configuration address is a ____________________

    • Copy running-config startup-config

      • Copy run start- shortened version of command

    • This assumes that running-config is coming from RAM and startup-config is going in NVRAM (file is actually in flash).

      • Full (formal) version of command would be:

        • Copy system:running-config flash:startup-config


    Back up
    Back up address is a ____________________

    • ____________________ can be _________ in different _____________ using the following command..

      • copy startup-config flash:backupJan08

      • You could go back to this version later if necessary.

    • Backing up to a TFTP server (same process as for a router)…

      • copy system:running-config tftp://192.168.1.8/sw1config

        • or try copy run tftp and wait for prompts

    • copy nvram:startup-config tftp://192.168.1.8/sw1config


    Restoring
    Restoring address is a ____________________

    • Coping a saved configuration over the current configuration

    • As with a router, you can swap the copy commands listed previously with the destination being the startup-config

      • then issue the _____________ command

    • Could we use the “copy startup-config running-config” command?


    Login passwords review
    Login Passwords- Review… address is a ____________________

    • The process of securing and removing passwords is the ______________ for routers and switches.

    • What are the different password that can be set (on a router and switch) ?


    Configure encrypted passwords
    Configure Encrypted Passwords address is a ____________________

    • By default in the Cisco IOS all passwords, except for the enable secret password, are stored in _______________________

    • Best practice dictate that all passwords should _____________________

      • In the Cisco IOS this is done using service _____________________ command is entered from global configuration


    Banners review
    Banners- review… address is a ____________________

    • Banners allow configuration of messages that ______________________________

      • banner motd “Shut down 5pm Friday”

      • banner login “No unauthorised access”

    • Motd will show first if both are configured

    • Delimiter can be “ or # or any character not in message.


    Secure shell ssh
    Secure Shell SSH address is a ____________________

    • Similar interface to ______________.

    • ___________ data for transmission.

    • SW1(config)#line vty 0 15

    • SW1(config-line)#transport input SSH

      • Use SSH or telnet or all if you want both enabled

    • Default is telnet.

    • To implement SSH you must configure host domain and _____________________.


    Common security attacks
    Common security attacks address is a ____________________

    • ____________________: huge numbers of frames are sent with fake source MAC addresses and fill up switch’s MAC address table.

      • Switch then floods all frames- acting more like a hub

    • _____________: intruder’s DHCP server offers a replying IP address and supporting information that designates the intruder as the default gateway

      • All remote traffic sent to attacker.

    • ________________: attacker PC continually requests IP addresses from a real DHCP server

      • Causes all of the leases on the real DHCP server to be allocated so legitimate requests can not be fulfilled

      • Type of _____________________________-


    Dhcp snooping port security feature
    DHCP Snooping & Port Security feature address is a ____________________

    • Used to _______________________________

    • Ports are identified as ___________________.

      • Trusted ports can __________________________

      • _________________________________ from a DHCP

        • If a device on an untrusted port attempts to send a DHCP response packet into the network, the port is shut down.

    • Curriculum goes through steps to configure DHCP snooping on a switch


    Cisco discovery protocol
    Cisco Discovery Protocol address is a ____________________

    • CDP is _____________ by default.

    • CDP discovers ________________________ _______________________

    • CDP traffic is ______________ and could pose a security risk.

      • Frames could be captured using Wireshark showing detailed information which could be used in an attack

      • Best practice: _______ unless it is really needed.


    Common security attacks cont
    Common security attacks cont… address is a ____________________

    • _____________ can be used to gain ______ _______________ to a switch

      • Brute Force Password Attack can be used to ____________________________

      • DoS Attack can be used to render the Telnet ______________________


    Ways to enhance security
    Ways to Enhance Security address is a ____________________

    • Use ________________________

      • Even these can be found in time so change them regularly.

    • Using ________________ (more to come in CCNA 4) you can control which devices are able to access vty lines.

    • Network security tools for ___________ and ____________________________

      A secure network really is a process not a product


    Port security
    Port security address is a ____________________

    • Port security _______________________________ ___________________________________

    • Configure each port to accept

      • One MAC address only

      • A small group of MAC addresses

    • Frames ___________________________________ _________________________________

    • By default, the port will shut down if the wrong device connects.

      • must be brought up again manually

    • Three ways to configure port security as seen on the following slides…


    Static secure mac address
    Static secure MAC address address is a ____________________

    • ________________ in interface config mode

    • Ex: switchport port-security mac-address 000c.7259.0a63 interface fa 0/4

    • Stored in MAC address table

    • Shown in running configuration and can be saved with the rest of the configuration.


    Dynamic secure mac address
    Dynamic secure MAC address address is a ____________________

    • _____________________

    • Placed in MAC address table

    • _____________ in running configuration

    • Not saved- __________________________

      • For saving you need Sticky secure MAC addresses- more to come…

    • SW1(config-if)#switchport mode access

    • SW1(config-if)#switchport port-security


    Sticky secure mac address
    Sticky secure MAC address address is a ____________________

    • _____________________

    • Choose how many can be learned, default 1.

    • Added to the running configuration

    • _______________________________ and still there when switch restarts.

    • Existing dynamic address(es) will convert to sticky if sticky learning is enabled


    Sticky secure mac address1
    Sticky secure MAC address address is a ____________________

    • SW1(config-if)#switchport mode access

    • SW1(config-if)#switchport port-security

    • SW1(config-if)#switchport port-security maximum 4

    • SW1(config-if)#switchport port-security mac-address sticky


    Violation modes
    Violation modes address is a ____________________

    • Violation occurs if

      • A _____________________________________________ attempts to connect.

      • An address learned or configured on one secure interface is ______________________________

    • Violation modes: protect, restrict, or shutdown

      • __________ mode causes the ____________________ ______________ in the case of a port security violation

        • The default

      • ___________________________________________ ____________________________ until the number of max. allowable addresses is increased.

        • Protect mode of a security violation

        • Restrict mode of a security violation


    Check port security
    Check port security address is a ____________________

    • _____________ commands are popular in the switch just as they are in routers

    • Use show port-security int fa 0/4to see settings on a particular port

    • Use the show port-security addresscommand to see the table of secure MAC addresses

    • If you don’t need to use a port:______________________


    Interface range
    Interface range address is a ____________________

    • A useful command if you want to put the _________________________________ is:

    • Switch(config)#interface range fa0/1 - 20Switch(config-if-range)#

    • Use this command to disable a range of ports

      • Good security practice


    ad