ca ex s3 c2 basic switch concepts and configuration
TRANSCRIPT
CCNA – Semester3
Chapter 2: Basic Switch Concepts
and Configuration
CCNA Exploration 4.0
2
Objectives
• Summarize the operation of Ethernet as defined for
100/1000 Mbps LANs in the IEEE 802.3 standard.
• Explain the functions that enable a switch to forward
Ethernet frames in a LAN.
• Configure a switch for operation in a network
designed to support voice, video, and data
transmissions.
• Configure basic security on a switch that will operate
in a network designed to support voice, video, and
data transmissions.
3
Introduction to Ethernet/802.3 LANs
44
Media Access Control in Ethernet
55
CSMA/CD
66
CSMA/CD
77
CSMA/CD
88
CSMA/CD
9
Ethernet Communications
Ethernet Communications:
– Unicast
– Broadcast
– Multicast
10
Ethernet Communications
• Ethernet Frame:
• Ethernet Address
11
Duplex Settings
12
Switch Port Settings
• The Cisco Catalyst switches have three settings:
– The auto option sets autonegotiation of duplex mode.
With autonegotiation enabled, the two ports communicate
to decide the best mode of operation.
– The full option sets full-duplex mode.
– The half option sets half-duplex mode.
• Auto-MDIX
• The auto-MDIX feature is enabled by default on switches running
Cisco IOS Release 12.2(18)SE or later. For releases between
Cisco IOS Release 12.1(14)EA1 and 12.2(18)SE, the auto-MDIX
feature is disabled by default.
13
MAC Addressing and Switch MAC Address
Tables
14
MAC Addressing and Switch MAC Address
Tables
15
MAC Addressing and Switch MAC Address
Tables
16
MAC Addressing and Switch MAC Address
Tables
17
MAC Addressing and Switch MAC Address
Tables
18
MAC Addressing and Switch MAC Address
Tables
19
Design Considerations for Ethernet/802.3
Networks
• Bandwidth and Throughput
– A major disadvantage of Ethernet 802.3 networks is
collisions.
• Collision domains:
20
Design Considerations for Ethernet/802.3
Networks
Broadcast Domains:
• Although switches filter most
frames based on MAC addresses, they do not filter broadcast frames. For other switches on the LAN to get broadcasted frames, broadcast frames must be forwarded by switches. A collection of interconnected switches forms a single broadcast domain. Only a Layer 3 entity, such as a router, or a virtual LAN (VLAN), can stop a Layer 2 broadcast domain. Routers and VLANs are used to segment both collision and broadcast domains. The use of VLANs to segment broadcast domains will be discussed in the next chapter.
21
Design Considerations for Ethernet/802.3
Networks
Network Latency
• The time source NIC place voltage pulses on the wire and
the time the receiving NIC interpret these pulses.
• The actual propagation delay as the signal takes time to
travel along the cable.
• Latency is added according to which networking devices.
22
Design Considerations for Ethernet/802.3
Networks
Network Congestion
• The primary reason for segmenting a LAN into smaller parts
is to isolate traffic and to achieve better use of bandwidth per
user. Without segmentation, a LAN quickly becomes clogged
with traffic and collisions.
• The most common causes of network congestion:
– Increasingly powerful computer and network
technologies.
– Increasing volume of network traffic.
– High-bandwidth applications.
23
Design Considerations for Ethernet/802.3
Networks
LAN Segmentation
• LANs are segmented into a number of smaller collision and
broadcast domains using routers and switches. Previously,
bridges were used, but this type of network equipment is
rarely seen in a modern switched LAN.
24
Design Considerations for Ethernet/802.3
Networks
LAN Segmentation
25
LAN Design Considerations
Controlling Network Latency
• Consider the latency caused by each device on the network.
– A core level switch supporting 48 ports, running at 1000 Mb/s full duplex requires 96 Gb/s internal throughput if it is to maintain full wire-speed across all ports simultaneously.
• Higher OSI layer devices can also increase latency on a network.
– A router must strip away the Layer 2 fields in a frame in order to interpret layer 3 addressing information. The extra processing time causes latency.
– Balance the use of higher layer devices to reduce network latency with the need to prevent contention from broadcast traffic or the high collision rates.
26
LAN Design Considerations
Removing Bottlenecks
Activity 2.1.3.2
27
Forwarding Frames using a Switch
28
• Store-and-forward – The entire frame is received before
any forwarding takes place
• Cut-through – The frame is forwarded through the switch
before the entire frame is received
Switch Forwarding Methods
29
There are two variants of cut-through switching:
• Fast-forward – switching immediately forwards a packet
after reading the destination address.
• Fragment-free – Fragment-free switching filters out collision
fragments ( < 64 bytes ) before forwarding begins.
Switch Forwarding Methods
30
Symmetric and Asymmetric Switching
31
• In port-based memory buffering frames are stored in
queues that are linked to specific incoming ports
• Shared memory buffering deposits all frames into a
common memory buffer which all the ports on the switch
share
Memory buffering
32
Layer 2 and Layer 3 Switching
33
Layer 3 Switch and Router Comparison
Activity 2.2.4.3
34
Switch Management Configuration
35
Navigating CLI Modes
36
Navigating CLI Modes
37
GUI-based Alternatives to the CLI
Cisco Network Assistant Cisco Device Manager
Cisco View SNMP Network Manager
38
Using the Help Facility
39
Console Error Messages
40
Accessing the Command History
41
The Switch Boot Sequence
The boot sequence of a Cisco switch:
• The switch loads the boot loader software from NVRAM
• The boot loader:
– Performs low-level CPU initialization
– Performs POST for the CPU subsystem
– Initializes the flash file system on the system board
– Loads a default operating system software image into memory and boots the switch
• The operating system runs using the config.text file, stored in the switch flash storage.
The boot loader can help you recover from an operating system crash:
• Provides access into the switch if the operating system has problems serious enough that it cannot be used.
• Provides access to the files stored on flash before the operating system is loaded.
• Use the boot loader command line to perform recovery operations.
42
Prepare to Configure the Switch
Step 1:
• PC or terminal is connected to the console port
• Terminal emulator application, such as HyperTerminal, is running and configured correctly.
Step 2:
• Attach the power cable plug to the switch power supply socket.
Step 3:
• When the switch is on, the POST begins. During POST, the LEDs blink while a series of tests determine that the switch is functioning properly. When the POST has completed, the SYST LED rapidly blinks green. If the switch fails POST, the SYST LED turns amber. When a switch fails the POST test, it is necessary to repair the switch.
43
Basic Switch Configuration
• Management Interface Considerations
44
Basic Switch Configuration
• Configure Management Interface
45
Basic Switch Configuration
• Configure Default Gateway
46
Basic Switch Configuration
• Verity Configuration
47
Basic Switch Configuration
• Configure Duplex and Speed
48
Basic Switch Configuration
• Configure a Web Interface
49
Basic Switch Configuration
Managing the MAC Address Table
• Dynamic addresses are source MAC addresses that the
switch learns and then ages when they are not in use. You
can change the aging time setting for MAC addresses. The
default time is 300 seconds.
• The switch provides dynamic addressing by learning the
source MAC address of each frame that it receives on
each port, and then adding the source MAC address and
its associated port number to the MAC address table.
• To create a static mapping in the MAC address table, use
the mac-address-table static <MAC address> vlan {1-
4096, ALL} interfaceinterface-id command.
50
Verifying Switch Configuration
51
Basic Switch Management
• Back up and Restore Switch Configurations
52
Basic Switch Management
• Back up and Restore Switch Configurations
• Clearing Configuration Information
– Use erase nvram: or erase startup-config command
• Deleting a Stored Configuration File
– Use delete flash:filename command
53
Basic Switch Management
• 2.3.8.4
54
Configuring Switch Security
55
Configure Password Options
• Console password
– Sw(config)#line console 0
– Sw(config-line)#password cisco
– Sw(config-lien)#login
• Line vty password
– Sw(config)#line vty 0 4
– Sw(config-line)#password cisco
– Sw(config-lien)#login
• Enable password:
– Sw(config)#enalbe password cisco
– Sw(config)#enalbe secret class
56
Configure Password Options
• Configure Encrypted Passwords
57
Configure Password Options
Enable Password Recovery
• Step 1. Connect a terminal or PC with terminal-emulation software to the
switch console port.
• Step 2. Set the line speed on the emulation software to 9600 baud.
• Step 3. Power off the switch. Reconnect the power cord to the switch and
within 15 seconds, press the Mode button while the System LED is still
flashing green. Continue pressing the Mode button until the System LED
turns briefly amber and then solid green. Then release the Mode button.
• Step 4. Initialize the Flash file system using the flash_init command.
• Step 5. Load any helper files using the load_helper command.
• Step 6. Display the contents of Flash memory using the dir flash
command.
• Step 7. Rename the configuration file to config.text.old, which contains
the password definition, using the rename flash:config.text
flash:config.text.old command.
58
Configure Password Options
Enable Password Recovery
• Step 8. Boot the system with the boot command.
• Step 9. You are prompted to start the setup program. Enter
N at the prompt, and then when the system prompts whether
to continue with the configuration dialog, enter N.
• Step 10. At the switch prompt, enter privileged EXEC mode
using the enable command.
• Step 11. Rename the configuration file to its original name
using the rename flash:config.text.old flash:config.text
command.
• Step 12. Copy the configuration file into memory using the
copy flash:config.text system:running-config command.
59
Configure Password Options
Enable Password Recovery
• Step 13. Enter global configuration mode using the configure
terminal command.
• Step 14. Change the password using the enable
secretpassword command.
• Step 15. Return to privileged EXEC mode using the exit
command.
• Step 16. Write the running configuration to the startup
configuration file using the copy running-config startup-config
command.
• Step 17. Reload the switch using the reload command.
60
Login Banners
• The Cisco IOS command set includes a feature that allows
you to configure messages that anyone logging onto the
switch sees. These messages are called login banners and
message of the day (MOTD) banners.
– Sw(config)#banner motd “string”
61
Configure Telnet and SSH
62
Common Security Attacks
• MAC Address Flooding: If the MAC address does not exist,
the switch acts like a hub and forwards the frame out every
port on the switch.
63
Common Security Attacks
• MAC Address Flooding (cont.)
64
Common Security Attacks
• MAC Address Flooding (cont.)
65
Common Security Attacks
• MAC Address Flooding (cont.)
66
Common Security Attacks
• MAC Address Flooding (cont.)
67
Common Security Attacks
Spoofing Attacks
68
Common Security Attacks
DHCP Spoofing
69
Common Security Attacks
• CDP attacks: CDP contains information about the device,
such as the IP address, software version, platform,
capabilities, and the native VLAN. When this information is
available to an attacker, they can use it to find exploits to
attack your network, typically in the form of a Denial of
Service (DoS) attack.
70
Common Security Attacks
71
Security Tools
• Network Security Tools perform these functions:
• Network Security Audits help you to:
– Reveal what sort of information an attacker can gather
simply by monitoring network traffic.
– Determine the ideal amount of spoofed MAC addresses
to remove.
– Determine the age-out period of the MAC address table
• Network Penetration Testing helps you to
– Identify weaknesses within the configuration of your
networking devices
– Launch numerous attacks to test your network
– Caution: Plan penetration tests to avoid network
performance impacts.
72
Security Tools
73
Configuring Port Security
74
Configuring Port Security
75
Configuring Port Security
76
Configuring Port Security
77
Configuring Port Security
78
Configuring Port Security
79
Configuring Port Security
Activity 2.4.7.2
80
Summary