switches chapter 2
Download
Skip this Video
Download Presentation
Switches- Chapter 2

Loading in 2 Seconds...

play fullscreen
1 / 66

Switches- Chapter 2 - PowerPoint PPT Presentation


  • 143 Views
  • Uploaded on

Switches- Chapter 2. CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino. Topics. Operation of 100/1000 Mbps Ethernet Switches and how they forward frames Configure a switch Basic security on a switch. LAN Design. Basic Switch Concepts- Chp. 2. Wireless. VLANs. STP.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Switches- Chapter 2' - cael


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
switches chapter 2

Switches- Chapter 2

CCNA Exploration Semester 3

Modified by Profs. Ward

and Cappellino

topics
Topics
  • Operation of 100/1000 Mbps Ethernet
  • Switches and how they forward frames
  • Configure a switch
  • Basic security on a switch
lan switching and wireless
LAN Design

Basic Switch Concepts- Chp. 2

Wireless

VLANs

STP

Inter-VLAN routing

VTP

LAN Switching and Wireless
csma cd reminder
CSMA/CD reminder
  • Shared medium-Physical sharedcable or hub.
  • Ethernet wasdesigned to work________________
    • Using _________________________________ ____________________________
csma cd review
CSMA/CD review…
  • Device needs to transmit.
  • It “__________” for signals on the medium.
  • If it finds signals – ______. If clear – __________.
  • If the signals of one device are not detected by a second device, the second device may also start to transmit causing a ____________________.
  • Stop sending frame, send ____________
  • Wait for random time (_____________)
  • ______________ – listen for signals etc.
no collisions
No collisions
  • ______________________ with _________ operation = __________ collisions.
  • Higher bandwidth Ethernet does not define collisions – must be fully switched.
  • Cable length limited if CSMA/CD needed.
  • ________ – always fully switched, full duplex.
  • (Shared medium must use half duplex in order to detect collisions.)
switch port settings
Switch Port Settings
  • Auto (default for UTP) - ____________________ with connected device.
    • Two ports communicate to decide the best mode of operation
  • Full – sets full-duplex mode
  • Half - sets half-duplex mode
  • Auto is fine if _______ types of devices are using it.
    • Potential problem- if switch uses auto and other device does not. Switch defaults to half.
  • Manually setting full-duplex on one end and half on the other __________________________
mdix auto interface config command
MDIX autoInterface config command
  • _________________ whether cable is straight through or crossover and configures the interface accordingly
    • Either cable type can be used in the connection
  • Depends on IOS version
    • Enabled by default from 12.2(18)SE or later
    • Disabled from 12.1(14)EA1 to 12.2(18)SE
    • _________________ in earlier versions

EXAMPLE…

Switch# configure terminal

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# speed auto

Switch(config-if)# duplex auto

Switch(config-if)# mdix auto

Switch(config-if)# end

communication types review
Communication types review…
  • _________ – one sender to one receiver
    • most user traffic: http, ftp, smtp etc.
  • ________________ – one sender, but the information is sent to all connected receivers.
    • Ex: ARP requests
  • ___________ – a frame is sent from one sender to a specific group of devices
    • Ex: Group of hosts using videoconferencing.
    • IP addresses have first octet in range 224 – 239
ethernet frame review
Ethernet frame review…
  • 802.2 is data link layer LLC sublayer
mac address review
MAC address review…
  • ___________written as _________ hexadecimal digits. Format varies: 00-05-9A-3C-78-00, 00:05:9A:3C:78:00, or 0005.9A3C.7800.
  • MAC address __________________ into a ROM chip on a NIC
    • Referred to as a burned in address (BIA).
  • Some manufacturers allow the MAC address to be _________________.
  • What is the purpose of MAC address?
mac address review1
On the destination MAC address, bit is set if frame’s address is a ____________________MAC address review…
  • Two parts: Organizational Unique Identifier (___) and number _____________________
mac address
MAC address
  • Two parts: Organizational Unique Identifier (OUI) and number assigned by manufacturer.

Set if vendor assigned MAC address can be ____________________

mac address1
MAC address
  • Two parts: Organizational Unique Identifier (OUI) and number assigned by manufacturer.

Assigned to vendor by ________

mac address2
MAC address
  • Two parts: Organizational Unique Identifier (OUI) and number assigned by manufacturer.

_______________ for the Ethernet device

switch mac address table review
Switch MAC Address Table review…
  • Table created by mapping the switch port to MAC address of attached device
  • Built by inspecting _____________ address of incoming frames
  • ________________ address checked against table
    • Frame sent through correct port
    • If not in table, frame __________________ on which it was received
  • Broadcasts flooded
bandwidth and throughput review
Bandwidth and Throughput review..
  • What is Bandwidth?
  • What is Throughput?
  • Bandwidth is affected by _____________
    • Full bandwidth for transmission is available only after any collisions have been resolved.
  • Number of nodes sharing the Ethernet network will have effect on the ___________
collision domain review
Collision domain review…
  • Collision Domain-- __________________________ ___________________________________
  • Collisions ___________ throughput
  • Shared medium – same collision domain
    • The more devices – the more collisions
    • Hub – an average of 60% of bandwidth available
  • Switch (+ full duplex)
    • Microsegmentation- connection created by ________ between sending and receiving hosts
      • Full duplex- dedicated link each way
      • 100% bandwidth in each direction
    • Link regarded as an individual collision domain if you are asked to count them.
broadcast domain review
Broadcast domain review…
  • Layer 2 switches ________________ broadcasts
    • Do not filter broadcast frames
  • Devices linked by switches are ______________ broadcast domain.
    • We ignore VLANs here – they come later
  • A _______________________, splits up broadcast domains
    • Does not forward broadcasts
  • Destination MAC address for broadcast is all 1s, that is FF:FF:FF:FF:FF:FF
network latency
Network Latency
  • Latency- ____________________ from the source to the final destination
  • Three sources:
    • ___________ – time taken to put signal on medium and to interpret it on receipt.
    • ____________________ – time spent travelling on medium
    • Latency from _______________________
      • These are either Layer 1, 2, or 3 devices
      • Depends on number and type of devices.
        • Routers add more latency than switches.
network congestion
Network congestion
  • Common causes of congestion:
    • More powerful PCs that can send and process more data through the network at higher rates.
    • Increasing use of remote resources (servers, Internet) generates more traffic volume.
      • More broadcasts, more congestion.
    • High-bandwidth applications make more use of advanced graphics, video etc.
      • Need more bandwidth.
  • ________________________________ helps.
control latency
Control latency
  • Choose switches that can process data fast enough for all ports to work simultaneously at full bandwidth.
    • Switches that lack sufficient processing power can introduce latency
  • Use _______________ rather than ________ where possible.
    • Routers increase latency on a network
  • But – balance this against need to split up broadcast domains
    • Which is done by routers
remove bottlenecks
Remove bottlenecks
  • Bottlenecks- places on the network where _____________________________________
  • Reduce bottlenecks by having several links
    • Use _______________ so they act as one link with the combined bandwidth.
    • Use higher capacity links
switch forwarding methods
Switch Forwarding Methods
  • Current models of Cisco switches now use only __________________________ of switching data between ports
  • Some older switches used Cut Through – it had two variants: Fast Forward and Fragment Free
store and forward
Store and forward
  • _____________________________
  • Discard any frames that are too short/long
  • Perform cyclic redundancy check (CRC) and ___________________________
  • Find correct port and forward frame out that port
  • Required for ______________ checks on converged networks
    • Allows entry and exit at _________________
cut through fast forward
Cut Through - Fast forward
  • Read _____________________, through to the ____________________________ (first 6 bytes after start delimiter)
    • Look up port and ______________ while _______________ of frame is still _____________
  • No error checking or discarding of bad frames
  • Entry and exit must be same bandwidth
  • ________________________
    • Corrupt frames could be sent throughout the network
cut through fragment free
Cut Through – Fragment Free
  • ________________________________________________________________________________
    • Look up port and start forwarding while remainder of frame (if any) is still coming in.
    • Most network errors and collisions occur during the first 64 bytes.
  • Discards collision fragments (too short) but other bad frames are forwarded
  • Entry and exit must be ________________
  • Compromise between Store and forward and Fast forward methods
symmetric and asymmetric switching
Symmetric and Asymmetric Switching
  • ______________ – all ports operate at ___________ bandwidth
  • __________ – __________ bandwidths may be used
    • Ex: greater bandwidth dedicated to a server or uplink port to prevent bottlenecks
    • Requires store and forward operation with memory buffering
  • Most switches now use _____________ switching to allow ________________
port based buffering
Port Based Buffering
  • Each incoming port has ________________
  • Frames ________________ until _________port is free.
    • Frame destined for busy outgoing port can hold up all the frames in queue even if their outgoing ports are free.
  • Each incoming port has a ______________ amount of memory.
shared memory buffering
Shared Memory Buffering
  • All incoming frames go in a __________ ___________________________________
  • Switch __________________________ and forwards it when port is free
    • Frames do not hold each other up
  • Flexible use of memory allows larger frames
  • Important for asymmetric switching where some ports work at a faster rate than others
layer 2 and layer 3 switching
Layer 2 and Layer 3 Switching

Traditional Ethernet switches work at ______

They use ___________ ___________to make filtering and forwarding decisions.

They do not look at layer 3 information.

layer 2 and layer 3 switching1
Layer 2 and Layer 3 Switching

______________ can carry out the same functions as layer 2 switches.

They can also use ___________________ ___________ between networks.

The can control the spread of broadcasts.

l 3 switch router comparison
L 3 Switch & Router Comparison
  • Routers perform __________________________
  • L3 Switches provide _________ routing functions in a LAN and reduce the need for dedicated routers
switch cli is similar to router
Switch CLI is similar to router
  • Switch>enable
  • Switch#config t
  • Switch(config)#int fa 0/1
  • Switch(config-if)#exit
  • Switch(config)#line con 0
  • Switch(config-line)#end
  • Switch#disable
  • Switch>
cisco device manager
Cisco Device manager
  • ____________________ for managing switch.
  • Access via browser on PC.
  • Other GUI options available but need to be downloaded/bought.
help history etc
Help, history etc.
  • Help with_________is similar to router.
  • Error messages for bad commands – same as for a router
  • Command history – same as for router.
    • Up arrow or Ctrl + P for previous
    • Down arrow or Ctrl + N for next
    • Each mode has its own buffer holding 10 commands by default.
storage and start up
Storage and start-up
  • ROM, Flash, NVRAM, RAM generally similar to router.
  • Boot loader (similar process to router)
    • Performs low-level _________________
    • Performs ____________________________
      • During POST, LEDs blink while a series of tests determine that the switch is functioning properly- green is good!
      • If the switch fails POST, the SYST LED turns amber.
    • ________________________________
    • Loads a ______________ software image into memory and ______________ the switch.
  • ___________________________________ as found in the config file or alternate location
  • Boot loader lets you re-install IOS or recover from password loss.
ip address
IP address
  • A switch works “out-of-the-box” without an IP address (it’s a L2 device) or any other configuration
  • IP address lets you access/program the switch remotely by Telnet, SSH or browser.
  • Switch needs _______________ IP address.
    • Programmed on an interface within a VLAN
    • VLAN ________ is the __________ but is not very secure for management so best practices states ______________________________
ip address assignment example
IP address assignment example
  • First- create a VLAN and assign an IP address…
  • S1(config)#int vlan 99 ( or another VLAN)
  • S1(config-if)#ip address 192.168.1.2 255.255.255.0
  • S1(config-if)#no shutdown
  • S1(config-if)#exit
ip address assignment example cont
IP address assignment example cont…
  • Second- assign the appropriate port the switch to VLAN 99 …
  • S1(config)#int fa 0/18 (or other interface)
  • S1(config-if)#switchport mode access
  • S1(config-if)#switchport access vlan 99
  • S1(config-if)#exit
  • S1(config)#
  • Management information to and from the switch can now pass via port fa 0/18.
  • Other ports could be added to VLAN 99 if necessary.
default gateway
Default gateway
  • S1(config)#ip default-gateway 192.168.1.1
  • Just like a PC, the switch needs to _______ ______________________________ to exchange switch management traffic destinations outside its local network
  • Note _______________________ mode.
configuring a switch as an http server
Configuring a switch as an HTTP server…
  • Required by a number of web-based configuration tools available on switches
  • SW1(config)#ip http server
  • SW1(config)#ip http authentication enable
      • (uses enable secret/password for access)
  • SW1(config)#ip http authentication local
  • SW1(config)#username admin password cisco
      • (log in using this username and password)
mac address table cam
MAC address table (CAM)
  • What is the MAC address table used for?
  • Static MAC addresses:Inbuilt or configured, _____________
  • Dynamic MAC addresses:Learned, __________________________
  • Note that VLAN number is included in table.
set a static mac address example
Set a static MAC addressexample…
  • SW1(config)#mac-address-table static 000c.7671.10b4 vlan 2 interface fa0/6
save configuration
Save configuration
  • Copy running-config startup-config
    • Copy run start- shortened version of command
  • This assumes that running-config is coming from RAM and startup-config is going in NVRAM (file is actually in flash).
    • Full (formal) version of command would be:
      • Copy system:running-config flash:startup-config
back up
Back up
  • ____________________ can be _________ in different _____________ using the following command..
    • copy startup-config flash:backupJan08
    • You could go back to this version later if necessary.
  • Backing up to a TFTP server (same process as for a router)…
    • copy system:running-config tftp://192.168.1.8/sw1config
        • or try copy run tftp and wait for prompts
    • copy nvram:startup-config tftp://192.168.1.8/sw1config
restoring
Restoring
  • Coping a saved configuration over the current configuration
  • As with a router, you can swap the copy commands listed previously with the destination being the startup-config
    • then issue the _____________ command
  • Could we use the “copy startup-config running-config” command?
login passwords review
Login Passwords- Review…
  • The process of securing and removing passwords is the ______________ for routers and switches.
  • What are the different password that can be set (on a router and switch) ?
configure encrypted passwords
Configure Encrypted Passwords
  • By default in the Cisco IOS all passwords, except for the enable secret password, are stored in _______________________
  • Best practice dictate that all passwords should _____________________
    • In the Cisco IOS this is done using service _____________________ command is entered from global configuration
banners review
Banners- review…
  • Banners allow configuration of messages that ______________________________
    • banner motd “Shut down 5pm Friday”
    • banner login “No unauthorised access”
  • Motd will show first if both are configured
  • Delimiter can be “ or # or any character not in message.
secure shell ssh
Secure Shell SSH
  • Similar interface to ______________.
  • ___________ data for transmission.
  • SW1(config)#line vty 0 15
  • SW1(config-line)#transport input SSH
    • Use SSH or telnet or all if you want both enabled
  • Default is telnet.
  • To implement SSH you must configure host domain and _____________________.
common security attacks
Common security attacks
  • ____________________: huge numbers of frames are sent with fake source MAC addresses and fill up switch’s MAC address table.
    • Switch then floods all frames- acting more like a hub
  • _____________: intruder’s DHCP server offers a replying IP address and supporting information that designates the intruder as the default gateway
    • All remote traffic sent to attacker.
  • ________________: attacker PC continually requests IP addresses from a real DHCP server
    • Causes all of the leases on the real DHCP server to be allocated so legitimate requests can not be fulfilled
    • Type of _____________________________-
dhcp snooping port security feature
DHCP Snooping & Port Security feature
  • Used to _______________________________
  • Ports are identified as ___________________.
    • Trusted ports can __________________________
    • _________________________________ from a DHCP
      • If a device on an untrusted port attempts to send a DHCP response packet into the network, the port is shut down.
  • Curriculum goes through steps to configure DHCP snooping on a switch
cisco discovery protocol
Cisco Discovery Protocol
  • CDP is _____________ by default.
  • CDP discovers ________________________ _______________________
  • CDP traffic is ______________ and could pose a security risk.
    • Frames could be captured using Wireshark showing detailed information which could be used in an attack
    • Best practice: _______ unless it is really needed.
common security attacks cont
Common security attacks cont…
  • _____________ can be used to gain ______ _______________ to a switch
    • Brute Force Password Attack can be used to ____________________________
    • DoS Attack can be used to render the Telnet ______________________
ways to enhance security
Ways to Enhance Security
  • Use ________________________
    • Even these can be found in time so change them regularly.
  • Using ________________ (more to come in CCNA 4) you can control which devices are able to access vty lines.
  • Network security tools for ___________ and ____________________________

A secure network really is a process not a product

port security
Port security
  • Port security _______________________________ ___________________________________
  • Configure each port to accept
    • One MAC address only
    • A small group of MAC addresses
  • Frames ___________________________________ _________________________________
  • By default, the port will shut down if the wrong device connects.
    • must be brought up again manually
  • Three ways to configure port security as seen on the following slides…
static secure mac address
Static secure MAC address
  • ________________ in interface config mode
  • Ex: switchport port-security mac-address 000c.7259.0a63 interface fa 0/4
  • Stored in MAC address table
  • Shown in running configuration and can be saved with the rest of the configuration.
dynamic secure mac address
Dynamic secure MAC address
  • _____________________
  • Placed in MAC address table
  • _____________ in running configuration
  • Not saved- __________________________
    • For saving you need Sticky secure MAC addresses- more to come…
  • SW1(config-if)#switchport mode access
  • SW1(config-if)#switchport port-security
sticky secure mac address
Sticky secure MAC address
  • _____________________
  • Choose how many can be learned, default 1.
  • Added to the running configuration
  • _______________________________ and still there when switch restarts.
  • Existing dynamic address(es) will convert to sticky if sticky learning is enabled
sticky secure mac address1
Sticky secure MAC address
  • SW1(config-if)#switchport mode access
  • SW1(config-if)#switchport port-security
  • SW1(config-if)#switchport port-security maximum 4
  • SW1(config-if)#switchport port-security mac-address sticky
violation modes
Violation modes
  • Violation occurs if
    • A _____________________________________________ attempts to connect.
    • An address learned or configured on one secure interface is ______________________________
  • Violation modes: protect, restrict, or shutdown
    • __________ mode causes the ____________________ ______________ in the case of a port security violation
      • The default
    • ___________________________________________ ____________________________ until the number of max. allowable addresses is increased.
      • Protect mode of a security violation
      • Restrict mode of a security violation
check port security
Check port security
  • _____________ commands are popular in the switch just as they are in routers
  • Use show port-security int fa 0/4to see settings on a particular port
  • Use the show port-security addresscommand to see the table of secure MAC addresses
  • If you don’t need to use a port:______________________
interface range
Interface range
  • A useful command if you want to put the _________________________________ is:
  • Switch(config)#interface range fa0/1 - 20Switch(config-if-range)#
  • Use this command to disable a range of ports
    • Good security practice
ad