Download Switches - Faculty - Genesee Community College

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
Document related concepts

Wireless security wikipedia , lookup

Dynamic Host Configuration Protocol wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

AppleTalk wikipedia , lookup

Power over Ethernet wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Network tap wikipedia , lookup

Telephone exchange wikipedia , lookup

Parallel port wikipedia , lookup

I²C wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Spanning Tree Protocol wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Virtual LAN wikipedia , lookup

Transcript 
Switches- Chapter 2
CCNA Exploration Semester 3
Modified by Profs. Ward
and Cappellino
1
Topics




Operation of 100/1000 Mbps Ethernet
Switches and how they forward frames
Configure a switch
Basic security on a switch
2
LAN Switching and Wireless
LAN Design
Basic Switch
Concepts- Chp. 2
Wireless
VLANs
STP
VTP
Inter-VLAN
routing
3
CSMA/CD reminder


Shared mediumPhysical shared
cable or hub.
Ethernet was
designed to work
________________

Using _________________________________
____________________________
4
CSMA/CD review…







Device needs to transmit.
It “__________” for signals on the medium.
If it finds signals – ______. If clear – __________.
If the signals of one device are not detected by a
second device, the second device may also start to
transmit causing a ____________________.
Stop sending frame, send ____________
Wait for random time (_____________)
______________ – listen for signals etc.
5
No collisions





______________________ with _________
operation = __________ collisions.
Higher bandwidth Ethernet does not define
collisions – must be fully switched.
Cable length limited if CSMA/CD needed.
________ – always fully switched, full duplex.
(Shared medium must use half duplex in order
to detect collisions.)
6
Switch Port Settings

Auto (default for UTP) - ____________________
with connected device.




Full – sets full-duplex mode
Half - sets half-duplex mode
Auto is fine if _______ types of devices are using it.


Two ports communicate to decide the best mode of operation
Potential problem- if switch uses auto and other device
does not. Switch defaults to half.
Manually setting full-duplex on one end and half on
the other __________________________
7
MDIX auto Interface config command

_________________ whether cable is
straight through or crossover and configures
the interface accordingly


Either cable type can be used in the connection
Depends on IOS version



Enabled by default from 12.2(18)SE or later
Disabled from 12.1(14)EA1 to 12.2(18)SE
_________________ in earlier versions
Switch# configure terminal
EXAMPLE…
Switch(config)# interface
gigabitethernet0/1
Switch(config-if)# speed auto
Switch(config-if)# duplex auto
Switch(config-if)# mdix auto
Switch(config-if)# end
8
Communication types review…

_________ – one sender to one receiver


________________ – one sender, but the
information is sent to all connected receivers.


most user traffic: http, ftp, smtp etc.
Ex: ARP requests
___________ – a frame is sent from one
sender to a specific group of devices


Ex: Group of hosts using videoconferencing.
IP addresses have first octet in range 224 – 239
9
Ethernet frame review…
IEEE 802.3 (Data link layer, MAC sublayer)
7 bytes
1
6
6
2
46 to
1500
4
Preamble Start of Destination Source Length 802.2
Frame
frame
address
address /type
header
check
delimiter
and data sequence
Frame header

data
trailer
802.2 is data link layer LLC sublayer
10
MAC address review…


___________written as _________ hexadecimal
digits. Format varies: 00-05-9A-3C-78-00,
00:05:9A:3C:78:00, or 0005.9A3C.7800.
MAC address __________________ into a ROM
chip on a NIC



Referred to as a burned in address (BIA).
Some manufacturers allow the MAC address to be
_________________.
What is the purpose of MAC address?
11
MAC address review…

Two parts: Organizational Unique Identifier
(___) and number _____________________
MAC address
OUI
1 bit
1 bit
Broadcast Local
Vendor number
22 bits
24 bits
OUI number
Vendor assigns
On the destination MAC address, bit is set if
frame’s address is a ____________________
12
MAC address

Two parts: Organizational Unique Identifier
(OUI) and number assigned by manufacturer.
MAC address
OUI
1 bit
1 bit
Broadcast Local
Vendor number
22 bits
24 bits
OUI number
Vendor assigns
Set if vendor assigned MAC address can be
____________________
13
MAC address

Two parts: Organizational Unique Identifier
(OUI) and number assigned by manufacturer.
MAC address
OUI
1 bit
1 bit
Broadcast Local
Vendor number
22 bits
24 bits
OUI number
Vendor assigns
Assigned to vendor by ________
14
MAC address

Two parts: Organizational Unique Identifier
(OUI) and number assigned by manufacturer.
MAC address
OUI
1 bit
1 bit
Broadcast Local
Vendor number
22 bits
24 bits
OUI number
Vendor assigns
_______________ for the Ethernet device
15
Switch MAC Address Table review…



Table created by mapping the switch port to
MAC address of attached device
Built by inspecting _____________ address
of incoming frames
________________ address checked against
table



Frame sent through correct port
If not in table, frame __________________ on
which it was received
Broadcasts flooded
16
Bandwidth and Throughput review..




What is Bandwidth?
What is Throughput?
Bandwidth is affected by _____________
 Full bandwidth for transmission is available
only after any collisions have been
resolved.
Number of nodes sharing the Ethernet
network will have effect on the ___________
17
Collision domain review…



Collision Domain-- __________________________
___________________________________
Collisions ___________ throughput
Shared medium – same collision domain



The more devices – the more collisions
Hub – an average of 60% of bandwidth available
Switch (+ full duplex)


Microsegmentation- connection created by ________
between sending and receiving hosts
 Full duplex- dedicated link each way
 100% bandwidth in each direction
Link regarded as an individual collision domain if you are
asked to count them.
18
How many collision domains?
19
Broadcast domain review…

Layer 2 switches ________________ broadcasts


Devices linked by switches are ______________
broadcast domain.


We ignore VLANs here – they come later
A _______________________, splits up broadcast
domains


Do not filter broadcast frames
Does not forward broadcasts
Destination MAC address for broadcast is
all 1s, that is FF:FF:FF:FF:FF:FF
20
How many broadcast domains?
No VLANs
21
Network Latency


Latency- ____________________ from the
source to the final destination
Three sources:



___________ – time taken to put signal on
medium and to interpret it on receipt.
____________________ – time spent travelling
on medium
Latency from _______________________


These are either Layer 1, 2, or 3 devices
Depends on number and type of devices.

Routers add more latency than switches.
22
Network congestion

Common causes of congestion:


More powerful PCs that can send and process more
data through the network at higher rates.
Increasing use of remote resources (servers,
Internet) generates more traffic volume.


High-bandwidth applications make more use of
advanced graphics, video etc.


More broadcasts, more congestion.
Need more bandwidth.
________________________________ helps.
23
Control latency

Choose switches that can process data fast
enough for all ports to work simultaneously at
full bandwidth.


Use _______________ rather than ________
where possible.


Switches that lack sufficient processing power can
introduce latency
Routers increase latency on a network
But – balance this against need to split up
broadcast domains

Which is done by routers
24
Remove bottlenecks


Bottlenecks- places on the network where
_____________________________________
Reduce bottlenecks by having several links


Use _______________ so they act as one link with
the combined bandwidth.
Use higher capacity links
25
Switch Forwarding Methods


Current models of Cisco switches now use
only __________________________ of
switching data between ports
Some older switches used Cut Through – it
had two variants: Fast Forward and Fragment
Free
26
Store and forward





_____________________________
Discard any frames that are too short/long
Perform cyclic redundancy check (CRC) and
___________________________
Find correct port and forward frame out that
port
Required for ______________ checks on
converged networks

Allows entry and exit at _________________
27
Cut Through - Fast forward

Read _____________________, through to
the ____________________________ (first 6
bytes after start delimiter)




Look up port and ______________ while
_______________ of frame is still _____________
No error checking or discarding of bad frames
Entry and exit must be same bandwidth
________________________

Corrupt frames could be sent throughout the
network
28
Cut Through – Fragment Free

__________________________________________
______________________________________





Look up port and start forwarding while remainder of
frame (if any) is still coming in.
Most network errors and collisions occur during the first 64
bytes.
Discards collision fragments (too short) but other
bad frames are forwarded
Entry and exit must be ________________
Compromise between Store and forward and Fast
forward methods
29
Symmetric and Asymmetric
Switching


______________ – all ports operate at
___________ bandwidth
__________ – __________ bandwidths may
be used



Ex: greater bandwidth dedicated to a server or
uplink port to prevent bottlenecks
Requires store and forward operation with
memory buffering
Most switches now use _____________
switching to allow ________________
30
Port Based Buffering


Each incoming port has ________________
Frames ________________ until _________
port is free.


Frame destined for busy outgoing port can hold
up all the frames in queue even if their outgoing
ports are free.
Each incoming port has a ______________
amount of memory.
31
Shared Memory Buffering


All incoming frames go in a __________
___________________________________
Switch __________________________ and
forwards it when port is free



Frames do not hold each other up
Flexible use of memory allows larger frames
Important for asymmetric switching where
some ports work at a faster rate than others
32
Layer 2 and Layer 3 Switching
Traditional Ethernet
switches work at ______
They use ___________
___________to make
filtering and forwarding
decisions.
They do not look at layer
3 information.
33
Layer 2 and Layer 3 Switching
______________ can
carry out the same
functions as layer 2
switches.
They can also use
___________________
___________ between
networks.
The can control the
spread of broadcasts.
34
L 3 Switch & Router Comparison


Routers perform __________________________
L3 Switches provide _________ routing functions in
a LAN and reduce the need for dedicated routers
35
Switch CLI is similar to router








Switch>enable
Switch#config t
Switch(config)#int fa 0/1
Switch(config-if)#exit
Switch(config)#line con 0
Switch(config-line)#end
Switch#disable
Switch>
36
Cisco Device manager



____________________
for managing switch.
Access via browser on
PC.
Other GUI options
available but need to be
downloaded/bought.
37
Help, history etc.



Help with_________is similar to router.
Error messages for bad commands – same
as for a router
Command history – same as for router.



Up arrow or Ctrl + P for previous
Down arrow or Ctrl + N for next
Each mode has its own buffer holding 10
commands by default.
38
Storage and start-up


ROM, Flash, NVRAM, RAM generally similar to router.
Boot loader (similar process to router)


Performs low-level _________________
Performs ____________________________






During POST, LEDs blink while a series of tests determine that the
switch is functioning properly- green is good!
If the switch fails POST, the SYST LED turns amber.
________________________________
Loads a ______________ software image into memory and
______________ the switch.
___________________________________ as found in the
config file or alternate location
Boot loader lets you re-install IOS or recover from password
loss.
39
IP address



A switch works “out-of-the-box” without an IP
address (it’s a L2 device) or any other
configuration
IP address lets you access/program the
switch remotely by Telnet, SSH or browser.
Switch needs _______________ IP address.


Programmed on an interface within a VLAN
VLAN ________ is the __________ but is not
very secure for management so best practices
states ______________________________
40
IP address assignment example





First- create a VLAN and assign an IP
address…
S1(config)#int vlan 99 ( or another VLAN)
S1(config-if)#ip address 192.168.1.2
255.255.255.0
S1(config-if)#no shutdown
S1(config-if)#exit
41
IP address assignment
example cont…








Second- assign the appropriate port the switch to
VLAN 99 …
S1(config)#int fa 0/18 (or other interface)
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 99
S1(config-if)#exit
S1(config)#
Management information to and from the switch can
now pass via port fa 0/18.
Other ports could be added to VLAN 99 if necessary.
42
Default gateway

S1(config)#ip default-gateway 192.168.1.1

Just like a PC, the switch needs to _______
______________________________ to
exchange switch management traffic
destinations outside its local network
Note _______________________ mode.

43
Configuring a switch as an HTTP server…



Required by a number of web-based
configuration tools available on switches
SW1(config)#ip http server
SW1(config)#ip http authentication enable



(uses enable secret/password for access)
SW1(config)#ip http authentication local
SW1(config)#username admin password
cisco

(log in using this username and password)
44
MAC address table (CAM)




What is the MAC address table used for?
Static MAC addresses:
Inbuilt or configured, _____________
Dynamic MAC addresses:
Learned, __________________________
Note that VLAN number is included in table.
45
Set a static MAC address
example…

SW1(config)#mac-address-table static
000c.7671.10b4 vlan 2 interface fa0/6
46
Save configuration

Copy running-config startup-config


Copy run start- shortened version of command
This assumes that running-config is coming
from RAM and startup-config is going in
NVRAM (file is actually in flash).

Full (formal) version of command would be:

Copy system:running-config flash:startup-config
47
Back up

____________________ can be _________ in
different _____________ using the following
command..



copy startup-config flash:backupJan08
You could go back to this version later if necessary.
Backing up to a TFTP server (same process as for a
router)…

copy system:running-config
tftp://192.168.1.8/sw1config


or try copy run tftp and wait for prompts
copy nvram:startup-config
tftp://192.168.1.8/sw1config
48
Restoring



Coping a saved configuration over the current
configuration
As with a router, you can swap the copy
commands listed previously with the
destination being the startup-config
 then issue the _____________ command
Could we use the “copy startup-config
running-config” command?
49
Login Passwords- Review…


The process of securing and removing
passwords is the ______________ for
routers and switches.
What are the different password that can be
set (on a router and switch) ?
50
Configure Encrypted Passwords


By default in the Cisco IOS all passwords,
except for the enable secret password, are
stored in _______________________
Best practice dictate that all passwords
should _____________________

In the Cisco IOS this is done using service
_____________________ command is entered
from global configuration
51
Banners- review…

Banners allow configuration of messages that
______________________________




banner motd “Shut down 5pm Friday”
banner login “No unauthorised access”
Motd will show first if both are configured
Delimiter can be “ or # or any character not in
message.
52
Secure Shell SSH




Similar interface to ______________.
___________ data for transmission.
SW1(config)#line vty 0 15
SW1(config-line)#transport input SSH



Use SSH or telnet or all if you want both enabled
Default is telnet.
To implement SSH you must configure host
domain and _____________________.
53
Common security attacks

____________________: huge numbers of frames
are sent with fake source MAC addresses and fill
up switch’s MAC address table.


_____________: intruder’s DHCP server offers a
replying IP address and supporting information that
designates the intruder as the default gateway


Switch then floods all frames- acting more like a hub
All remote traffic sent to attacker.
________________: attacker PC continually
requests IP addresses from a real DHCP server


Causes all of the leases on the real DHCP server to be
allocated so legitimate requests can not be fulfilled
Type of _____________________________54
DHCP Snooping & Port Security feature


Used to _______________________________
Ports are identified as ___________________.



Trusted ports can __________________________
_________________________________ from a DHCP
 If a device on an untrusted port attempts to send a DHCP
response packet into the network, the port is shut down.
Curriculum goes through steps to configure
DHCP snooping on a switch
55
Cisco Discovery Protocol



CDP is _____________ by default.
CDP discovers ________________________
_______________________
CDP traffic is ______________ and could
pose a security risk.


Frames could be captured using Wireshark
showing detailed information which could be used
in an attack
Best practice: _______ unless it is really needed.
56
Common security attacks cont…

_____________ can be used to gain ______
_______________ to a switch


Brute Force Password Attack can be used to
____________________________
DoS Attack can be used to render the Telnet
______________________
57
Ways to Enhance Security

Use ________________________



Even these can be found in time so change them
regularly.
Using ________________ (more to come in
CCNA 4) you can control which devices are
able to access vty lines.
Network security tools for ___________ and
____________________________
A secure network really is a process not a
product
58
Port security


Port security _______________________________
___________________________________
Configure each port to accept




Frames ___________________________________
_________________________________
By default, the port will shut down if the wrong
device connects.


One MAC address only
A small group of MAC addresses
must be brought up again manually
Three ways to configure port security as seen on the
following slides…
59
Static secure MAC address




________________ in interface config mode
Ex: switchport port-security mac-address
000c.7259.0a63 interface fa 0/4
Stored in MAC address table
Shown in running configuration and can be
saved with the rest of the configuration.
60
Dynamic secure MAC address




_____________________
Placed in MAC address table
_____________ in running configuration
Not saved- __________________________



For saving you need Sticky secure MAC
addresses- more to come…
SW1(config-if)#switchport mode access
SW1(config-if)#switchport port-security
61
Sticky secure MAC address





_____________________
Choose how many can be learned, default 1.
Added to the running configuration
_______________________________ and
still there when switch restarts.
Existing dynamic address(es) will convert to
sticky if sticky learning is enabled
62
Sticky secure MAC address




SW1(config-if)#switchport mode access
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security
maximum 4
SW1(config-if)#switchport port-security
mac-address sticky
63
Violation modes

Violation occurs if



A _____________________________________________
attempts to connect.
An address learned or configured on one secure interface
is ______________________________
Violation modes: protect, restrict, or shutdown


__________ mode causes the ____________________
______________ in the case of a port security violation
 The default
___________________________________________
____________________________ until the number of
max. allowable addresses is increased.
 Protect mode
of a security violation
 Restrict mode
of a security violation
64
Check port security




_____________ commands are popular in
the switch just as they are in routers
Use show port-security int fa 0/4
to see settings on a particular port
Use the show port-security address
command to see the table of secure MAC
addresses
If you don’t need to use a port:
______________________
65
Interface range

A useful command if you want to put the
_________________________________ is:

Switch(config)#interface range fa0/1 - 20
Switch(config-if-range)#

Use this command to disable a range of ports

Good security practice
66
Related documents
Chapter 1: Protocols and Layers
Chapter 1: Protocols and Layers
Network Addressing
Network Addressing
Nona*s Homemade * Marketing Project * C Block Marketing Class
Nona*s Homemade * Marketing Project * C Block Marketing Class
What is Computer Software?
What is Computer Software?
Port Address
Port Address
Slide 1
Slide 1
CCNA3 Chap 2 Study Answers
CCNA3 Chap 2 Study Answers
Chapter 1 PowerPoint
Chapter 1 PowerPoint
HW 4- LC4 Introducing the Internet and the Web - ICT-IAT
HW 4- LC4 Introducing the Internet and the Web - ICT-IAT
Ethernet Link SMS-800
Ethernet Link SMS-800
Tutorial 1 Answers File
Tutorial 1 Answers File