Вы находитесь на странице: 1из 2

CISCO3 CHAPTER 2 LAN switching classified based on the way in which bandwidth is Ethernet signals are transmitted to every

host connected to the LAN using a allocated to the switch ports: special set Symmetric switching provides switched connections between ports with rules to determine which station can access the network. Same bandwidth, such as all 100 Mb/s ports or all 1000 Mb/s ports. The set of rules that Ethernet use is based on the IEEE carrier sense multiple Asymmetric switch provides connections between ports of unlike bandw Access/collision detect (CSMA/CS) technology. as comb such as combination of 10 Mb/s, 100 Mb/s, and 1000 Mb/s ports CSMA/CD (Carrier Sense Multiple Access Collision Detection Switch stores the packet for the brief time in a memory buffer: -all network devices that have messages to send must listen before transmitting. Port-based memory buffering frames are stored in queues that are linked to specific incoming and outgoing ports. The messages propagate across the media until they encounter each other. At that point, buffering deposits all frames into a common memory bu Shared-memory The signals mix and the messages are destroyed, a collision has occurred. which all the ports on the switch share. Backoff Algorithm causes all devices to stop transmitting or a ramdom amount of allows a person to a access only a limited number of basic User EXEC: monitoring commands. Time, which allows the collision signals to subside. Privileged EXEC: allows a person to access all device commands, such as those used for After the delay has expired on a device, the device goes back into the listening before configuration and management, and can be password-protected to allow only authorized users to access the device. before transmit mode. Global Configuration Mode: to configure global switch parameters LAN Communication occur in three ways: Interface Configuration Mode: to access interface configuration mode from UNICAST one sender and one receiver (http, smtp, ftp, and telnet) global configuration mode, enter the interface<interface name> command. BROADCAST one sender to all other addresses (ARP) Cisco Network Assistant is PC-based GUI network management applicatio MULTICAST one sender to a group of addresses (video & voice transmissions) Optimized for small and medium-sized LANs. Configure and manage Preamble and Start Frame Delimiter fields Groups of switches or standalone switches. First 8 bytes of the frame are used to get the attention of the receiving nodes. Cisco View Application device-management application displays a physic It tells the receiver to get ready to receive a new frame. view of the switch that you can use to set configurations parameters a Destination MAC Address Field to switch status and performance. The address in the frame is compared to the MAC address in the device. If there Cisco Device Manager is web-based software that is stored in the switch is a match, the device accepts the frame. memory. Use Device Manager to configure and manage switches. Source MAC Address Field Console Error Messages help identify problems when an incorrect comm (6 bytes) identifies the frames originating NIC or interface. has MAC Address is a two-part 48-binary value expressed as 12 hexadecimal digits. been entered. Describe the Boots Sequence -is permanently encoded into a ROM chip on a NIC. This type of MAC address The boot sequence of a Cisco switch: Referred to as burned in address (BIA). -made up of the organizational unique identifier (OUI) and the vendor The switch loads the boot loader software from NVRAM. Assignment number. The boot loader: OUI the first part of a MAC address, it is a 24 bits long & identifies * Performs low-level CPU initialization. Identifies the manufacturer of the NIC card. * Performs POST for the CPU subsystem. Vendor-assigned part of the MAC address is 24 bits long & uniquely identifies the * Initializes the flash files system on the board. Ethernet hardware. * Loads a default operating system software image into memory an Ethernet Network two types of DUPLEX settings Boosts the switch. Half-Duplex (CSMA/CD) * The operating system runs using the config text file, stored in the *Unidirectional data flow *higher potential for collision *Hub connectivity Switch flash storage. Half-duplex communications have performance issues due to the constant The boot loader can help you recover from an operating system crash: waiting, Because data can only follow in one direction at a time. * Provides access into the switch if the operating system has problems -connections are typically seen in older hardware, such as Hubs. enough that it cannot be used. Full-Duplex * Provides access to the files stored on flash before the operating system *Point-to-point only * Attached to dedicated switched port loaded. * requires full-duplex support on both ends * Use the boot loader command line to perform recovery operations. * Collision-free * Collision detect circuit disabled To manage a switch remotely using TCP/IP, you need to assign the switch data flow is bidirectional, so data can be send & received at the same time.an IP address. Bidirectional support enhances performance by reducing the wait time betweenIP address is assigned to a virtual interface called a virtual LAN (VLA This Transmissions. and then it is necessary to ensure the VLAN is assigned to a specific po Ports on a Cisco Catalyst 2960 Series switch can be configured withor ports on the switch. These settings: The default configuration on the switch is to have the management of th *auto option allows the two ports to communicate in order to decide the mode switch controlled through VLAN1. * full option sets full-duplex mode Switches use MAC address tables to determine how to forward * half option sets half-duplex between ports. MAC tables include dynamic and static addresse Note: Autonegotiation can produce unpredictable results. By default, when The MAC address table was previously referred to as content addressab Autonegotiation fails, the Catalyst switch sets the corresponding switch memory (CAM) or as the CAM table. port t half-duplex mode. Dynamic addresses are source MAC addresses that the switch learns an Collisions occur when two hosts transmit frames simultaneously. A hub offers no ages when they are not in use. You can change the aging time then Mechanisms to either eliminate or reduce these collisions and the available setting for MAC addresses. The default time is 300 seconds. Bandwidth that any one node has to transmit is correspondingly reduced. A network administrator can specifically assign static MAC addresses to The network area where frames originate and collide is called the collision domain. ports. Static addresses are not aged out, and the switch always certain knows which port to send out traffic destined for that specific MAC addr Switches reduce collisions and improve bandwidth use on network segments Security Attacks Because they provide dedicated bandwidth to each network segments. 1. An attacker activates a DHCP server on a network segment. Although switches most frames based on MAC addresses, they do not filter 2. The client broadcast a request for DHCP configuration information. Broadcast frames. A collection of interconnected switches forms a single broadcast rogue DHCP server responds before the legitimate DHCP server 3. The domain. The broadcast domain at layer 2 is referred to as the MAC broadcast can respond, assigning attacker-defined IP configuration informatio domain. Only a layer 3, such a router, or a virtual LAN (VLAN), can stop a Layer Host packets are redirected to the attackers address as it emulates 4. 3 broadcast domain. default gateway for the erroneous DHCP address provided to the clien NETWORK LATENCY is the time a frame or a packet takes to travel fromCDP Attacks the Source station to the final destination. CDP discovers other Cisco devices that are directly connected, which allo LATENCY THREE SOURCES the devices to auto-configure their connection in some cases. The NIC places voltage pulses on the wire Types of Telnet Attacks * Brute force password attacks * DoS attacks The destination NIC interprets the pulses The signal propagates through the law/ transverse a network device Protecting against a brute force password attack: * use strong passwords Primary reason for segmenting a LAN into smaller parts is to isolate traffic * change your passwords frequently and to * limit who can communicate with vty lines archieve better use of bandwidth per user. Protecting against a DoS attack: MOST COMMON CAUSES OF NETWORK CONGESTION: * Update to newest version of Cisco IOS software Increasingly powerful computer and network technologies Using Port Security to Mitigate attacks: Increasing volume of network traffic Port Security: High-bandwidth applications -Specify a group of valid MAC addresses allowed on a port LANs are segmented into number of smaller collision and broadcast domains - Allow only one MAC address to access the port Using router and switches. - Specify that the port automatically shuts down if unauthorized MAC addr Switches used of the following methods for switching data between are detected. Network ports: Store-and-forward switching, it performs an error check using the Cyclic Secure MAC addresses are the following types: Redundancy Check (CRC) trailer portion of the Ethernet frame. When an*static secure MAC addresses * Dynamic secure addresses *Sticky secure MAC addresses error is detected in a frame, the switch discards the frame. Dynamic secure MAC addresses: Cut-through switching, it does not perform any error checking n the frame. MAC addresses are dynamically learned and stored only in the address t It is faster than store-and-forward switching. However, because the switch does not perform any error checking. It forwards frames throughout the network. MAC addresses configured in this way are removed when the switch rest Sticky secure MAC addresses: configure a port to dynamically learn MAC Two variants of cut-trough switching: Fast-forward switching: immediately forwards a packet after reading the and then save these MAC addresses to the running configuration. destination address. Fragment-free switching: the switch stores the first 64 bytes of the frame before forwarding.