Exploration LAN Switching Chapter2

Configure a Switch
LAN Switching and Wireless Chapter 2
Version 4.0
2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
Objectives
Summarize the operation of Ethernet as defined for 100/1000 Mbps LANs in the IEEE 802.3 standard. Explain the functions that enable a switch to forward Ethernet frames in a LAN. Configure a switch for operation in a network designed to support voice, video, and data transmissions. Configure basic security on a switch that will operate in a network designed to support voice, video, and data transmissions.
Cisco Public
Summarize the operation of Ethernet as defined for 100/1000 Mbps LANs in the IEEE 802.3 standard
Describe the key elements of Ethernet/802.3 networks Remember CSMA/CD?
Ex. HTTP, FTP, SMTP, Telnet
Ex. ARP
Ex. Audio/Video conferencing
Cisco Public
Key Elements of Ethernet/802.3 Networks
All belong to same collision domain
No need for CSMA/CD
Each port own collision domain

2006 Cisco Systems, Inc. All rights reserved. Cisco Public
Switch Port Settings - auto - full - half

4
MAC Addressing and Switch MAC Tables
How do Switches learn of MAC addresses? What if the MAC table is empty? What if the switch receives an unknown source MAC? What if multiple devices are connected to a switch one device sends a unicast packet to another device? Does it matter if the CAM/MAC table is empty or not?
Broadcast Domains with Switches

By the way, how many collision domains exist?
How do broadcast domains work with switches? What happens to broadcasts when connecting multiple switches and what segments broadcasts?
Summarize the operation of Ethernet as defined for 100/1000 Mbps LANs in the IEEE 802.3 standard Describe the design considerations for Ethernet/802.3 networks
Latency = time a frame/packet takes to reach destination Latency has 3 sources of delay = NIC, propagation, network devices in path
Network Congestion
Reason for segmentation = isolate traffic, better use of BW per user Common causes for network congestion = more powerful and better technologies, i.e., faster/better hardware, increase of network traffic, high bandwidth applications
Summarize the operation of Ethernet as defined for 100/1000 Mbps LANs in the IEEE 802.3 standard
Controlling Latency and understanding collision domains/broadcast domains
Cisco Public
Switch Packet Forwarding Methods
Store and forward required for QoS Current method on current switch models
Cisco Public
10
Switch Packet forwarding Methods
Faster than store and forward Does not buffer frame and no CRC checking, so corrupt frames can pass through Two variants exist: -fast-forward switching = lowest latency by forwarding frame as soon as destination addr is read - fragment free = stores first 64 bytes before forwarding
11
Explain the Functions that Enable a Switch to Forward Ethernet Frames in a LAN
So basically.
Cisco Public
12
Explain the Functions that Enable a Switch to Forward Ethernet Frames in a LAN Explain symmetric and asymmetric Switching
More flexible Uses memory buffering Helps prevent bottlenecks
Better suited for peer to peer environments

13
Describe how memory buffering works
Cisco Public
14
Remember.
Cisco Public
15
Remember.
Cisco Public
16
Compare Layer 2 with Layer 3 switching
What about layer 2 switches? -forward traffic based on destination MAC - have multiple collision domains - Extend broadcasts, not segment or prevent them
Cisco Public
17
Configure a Switch for Operation in a Network

Describe the Cisco IOS commands used to navigate the command-line
Which mode can we make changes in? Examples

18

Describe the Cisco IOS help facilities
Cisco Public
19
Switch Operation
Dont forget the context sensitive Help

20

Describe the Cisco IOS commands used to access the command history
Cisco Public
21

Describe the boot sequence of a Cisco switch
Where are the running and startup configs stored?
Cisco Public
22

Describe how to prepare the switch to be configured
Cisco Public
23

Describe how to perform a basic switch configuration
What if the switch connects to a router? Same VLAN or different VLANs?

24
Configure Switch for Basic Operation
Cisco Public
25
Configure a Switch for Basic Operation
Cisco Public
26

Describe how to verify the Cisco IOS configuration using the Show command
Cisco Public
27

Describe how to manage the Cisco IOS configuration files
Cisco Public
28
Configure Basic Security on a Switch

Describe the Cisco IOS commands used to configure password options
Which password option provides better security? Why is it important to configure an exec password? Whats the difference if we use service password-encryption?
29
Configure Encrypted Passwords
What can you tell from the passwords above?
Cisco Public
30

Describe the Cisco IOS commands used to configure a login banner
Displays before username/password login prompt
Displays on all connected terminals at login and can be used to send messages to users; displayed before banner login if configured
31
Cisco Public

Describe the how to configure Telnet and SSH on a switch - Dont forget to secure the VTY lines
What is significance of transport input cmd?
Cisco Public
32

Describe the key switch security attacks. The description should include, MAC address flooding, spoofing attacks, CDP attacks, and Telnet attacks
How does MAC table on switch look before intruder attacks?
If intruder can flood switch with bogus MACs, thus switch MAC table is full, forces switch to broadcast all frames
Ex. of MAC address flooding

33
Common Security Attacks

Spoofing attacks
Another type of attack is DHCP starvation attack, where attack continually changes MAC and consumes all IPs from DHCP server. So whats one way to address this?
34

IP DHCP snooping
Basically, trusted ports can source all DHCP messages. Untrusted ports can source DHCP requests only, so if a response is seen, then the port is shutdown.
35
Attacker can use this information to exploit network and perform DoS attack.
36
Cisco Public
37

Describe how network security tools are used to improve network security
What are some ways to protect against common attacks? change passwords, turn off unnecessary services
Cisco Public
38

Describe why you need to secure ports on a switch
Cisco Public
39
Configuring Port Security
Cisco Public
40
Configuring Port Security
Cisco Public
41

Describe the Cisco IOS commands used to disable unused ports
What if we configure max number of MACs to a higher value, say 4, and 2 are statically learned? What happens to other two empty entries?
Cisco Public
42
Verify Port Security

Also disable unused ports by shutting them down.
Cisco Public
43
Summary
LAN Design Process that explains how a LAN is to be implemented Factors to consider in LAN design include Collision domains Broadcast domains Network latency LAN segmentation
Cisco Public
44
Summary
Switch forwarding methods Store & forward used by Cisco Catalyst switches Cut through 2 types Cut through Fast forwarding
Cisco Public
45
Summary
Symmetric switching Switching is conducted between ports that have the same bandwidth Asymmetric switching Switching is conducted between ports that have unlike bandwidth
Cisco Public
46
Summary
CISCO IOS CLI includes the following features Built in help Command history/options Switch security Password protection Use of SSH for remote access Port security
Cisco Public
47
Labs
Packet Tracer Configure Switch Security Basic Switch Configuration
Cisco Public
48
Cisco Public
49

Exploration LAN Switching Chapter2

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Exploration LAN Switching Chapter2

Загружено:

Авторское право:

Доступные форматы

Configure a Switch

LAN Switching and Wireless Chapter 2

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

Ex. Audio/Video conferencing

2006 Cisco Systems, Inc. All rights reserved.

Key Elements of Ethernet/802.3 Networks

All belong to same collision domain

No need for CSMA/CD

Each port own collision domain

Switch Port Settings - auto - full - half

MAC Addressing and Switch MAC Tables

Broadcast Domains with Switches

2006 Cisco Systems, Inc. All rights reserved.

Switch Packet Forwarding Methods

2006 Cisco Systems, Inc. All rights reserved.

Switch Packet forwarding Methods

2006 Cisco Systems, Inc. All rights reserved.

More flexible Uses memory buffering Helps prevent bottlenecks

Better suited for peer to peer environments

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

Configure a Switch for Operation in a Network

Which mode can we make changes in? Examples

Configure a Switch for Operation in a Network

2006 Cisco Systems, Inc. All rights reserved.

Dont forget the context sensitive Help

Configure a Switch for Operation in a Network

2006 Cisco Systems, Inc. All rights reserved.

Configure a Switch for Operation in a Network

Where are the running and startup configs stored?

2006 Cisco Systems, Inc. All rights reserved.

Configure a Switch for Operation in a Network

2006 Cisco Systems, Inc. All rights reserved.

Configure a Switch for Operation in a Network

What if the switch connects to a router? Same VLAN or different VLANs?

Configure Switch for Basic Operation

2006 Cisco Systems, Inc. All rights reserved.

Configure a Switch for Basic Operation

2006 Cisco Systems, Inc. All rights reserved.

Configure a Switch for Operation in a Network

2006 Cisco Systems, Inc. All rights reserved.

Configure a Switch for Operation in a Network

2006 Cisco Systems, Inc. All rights reserved.

Configure Basic Security on a Switch

Configure Encrypted Passwords

What can you tell from the passwords above?

2006 Cisco Systems, Inc. All rights reserved.

Configure Basic Security on a Switch

Displays before username/password login prompt

2006 Cisco Systems, Inc. All rights reserved.

Configure Basic Security on a Switch

What is significance of transport input cmd?

2006 Cisco Systems, Inc. All rights reserved.

Configure Basic Security on a Switch

Ex. of MAC address flooding

Common Security Attacks

Common Security Attacks

Common Security Attacks

Common Security Attacks

2006 Cisco Systems, Inc. All rights reserved.