Ca Ex S3 C2 Basic Switch Concepts And Configuration

CCNA – Semester3

Chapter 2: Basic Switch Concepts

and Configuration

CCNA Exploration 4.0

2

Objectives

• Summarize the operation of Ethernet as defined for

100/1000 Mbps LANs in the IEEE 802.3 standard.

• Explain the functions that enable a switch to forward

Ethernet frames in a LAN.

• Configure a switch for operation in a network

designed to support voice, video, and data

transmissions.

• Configure basic security on a switch that will operate

in a network designed to support voice, video, and

data transmissions.

3

Introduction to Ethernet/802.3 LANs

44

Media Access Control in Ethernet

55

CSMA/CD

66

CSMA/CD

77

CSMA/CD

88

CSMA/CD

9

Ethernet Communications

Ethernet Communications:

– Unicast

– Broadcast

– Multicast

10

Ethernet Communications

• Ethernet Frame:

• Ethernet Address

11

Duplex Settings

12

Switch Port Settings

• The Cisco Catalyst switches have three settings:

– The auto option sets autonegotiation of duplex mode.

With autonegotiation enabled, the two ports communicate

to decide the best mode of operation.

– The full option sets full-duplex mode.

– The half option sets half-duplex mode.

• Auto-MDIX

• The auto-MDIX feature is enabled by default on switches running

Cisco IOS Release 12.2(18)SE or later. For releases between

Cisco IOS Release 12.1(14)EA1 and 12.2(18)SE, the auto-MDIX

feature is disabled by default.

13

MAC Addressing and Switch MAC Address

Tables

14


Tables

15


Tables

16


Tables

17


Tables

18


Tables

19

Design Considerations for Ethernet/802.3

Networks

• Bandwidth and Throughput

– A major disadvantage of Ethernet 802.3 networks is

collisions.

• Collision domains:

20


Networks

Broadcast Domains:

• Although switches filter most

frames based on MAC addresses, they do not filter broadcast frames. For other switches on the LAN to get broadcasted frames, broadcast frames must be forwarded by switches. A collection of interconnected switches forms a single broadcast domain. Only a Layer 3 entity, such as a router, or a virtual LAN (VLAN), can stop a Layer 2 broadcast domain. Routers and VLANs are used to segment both collision and broadcast domains. The use of VLANs to segment broadcast domains will be discussed in the next chapter.

21


Networks

Network Latency

• The time source NIC place voltage pulses on the wire and

the time the receiving NIC interpret these pulses.

• The actual propagation delay as the signal takes time to

travel along the cable.

• Latency is added according to which networking devices.

22


Networks

Network Congestion

• The primary reason for segmenting a LAN into smaller parts

is to isolate traffic and to achieve better use of bandwidth per

user. Without segmentation, a LAN quickly becomes clogged

with traffic and collisions.

• The most common causes of network congestion:

– Increasingly powerful computer and network

technologies.

– Increasing volume of network traffic.

– High-bandwidth applications.

23


Networks

LAN Segmentation

• LANs are segmented into a number of smaller collision and

broadcast domains using routers and switches. Previously,

bridges were used, but this type of network equipment is

rarely seen in a modern switched LAN.

24


Networks

LAN Segmentation

25

LAN Design Considerations

Controlling Network Latency

• Consider the latency caused by each device on the network.

– A core level switch supporting 48 ports, running at 1000 Mb/s full duplex requires 96 Gb/s internal throughput if it is to maintain full wire-speed across all ports simultaneously.

• Higher OSI layer devices can also increase latency on a network.

– A router must strip away the Layer 2 fields in a frame in order to interpret layer 3 addressing information. The extra processing time causes latency.

– Balance the use of higher layer devices to reduce network latency with the need to prevent contention from broadcast traffic or the high collision rates.

26

LAN Design Considerations

Removing Bottlenecks

Activity 2.1.3.2

27

Forwarding Frames using a Switch

28

• Store-and-forward – The entire frame is received before

any forwarding takes place

• Cut-through – The frame is forwarded through the switch

before the entire frame is received

Switch Forwarding Methods

29

There are two variants of cut-through switching:

• Fast-forward – switching immediately forwards a packet

after reading the destination address.

• Fragment-free – Fragment-free switching filters out collision

fragments ( < 64 bytes ) before forwarding begins.

Switch Forwarding Methods

30

Symmetric and Asymmetric Switching

31

• In port-based memory buffering frames are stored in

queues that are linked to specific incoming ports

• Shared memory buffering deposits all frames into a

common memory buffer which all the ports on the switch

share

Memory buffering

32

Layer 2 and Layer 3 Switching

33

Layer 3 Switch and Router Comparison

Activity 2.2.4.3

34

Switch Management Configuration

35

Navigating CLI Modes

36

Navigating CLI Modes

37

GUI-based Alternatives to the CLI

Cisco Network Assistant Cisco Device Manager

Cisco View SNMP Network Manager

38

Using the Help Facility

39

Console Error Messages

40

Accessing the Command History

41

The Switch Boot Sequence

The boot sequence of a Cisco switch:

• The switch loads the boot loader software from NVRAM

• The boot loader:

– Performs low-level CPU initialization

– Performs POST for the CPU subsystem

– Initializes the flash file system on the system board

– Loads a default operating system software image into memory and boots the switch

• The operating system runs using the config.text file, stored in the switch flash storage.

The boot loader can help you recover from an operating system crash:

• Provides access into the switch if the operating system has problems serious enough that it cannot be used.

• Provides access to the files stored on flash before the operating system is loaded.

• Use the boot loader command line to perform recovery operations.

42

Prepare to Configure the Switch

Step 1:

• PC or terminal is connected to the console port

• Terminal emulator application, such as HyperTerminal, is running and configured correctly.

Step 2:

• Attach the power cable plug to the switch power supply socket.

Step 3:

• When the switch is on, the POST begins. During POST, the LEDs blink while a series of tests determine that the switch is functioning properly. When the POST has completed, the SYST LED rapidly blinks green. If the switch fails POST, the SYST LED turns amber. When a switch fails the POST test, it is necessary to repair the switch.

43

Basic Switch Configuration

• Management Interface Considerations

44


• Configure Management Interface

45


• Configure Default Gateway

46


• Verity Configuration

47


• Configure Duplex and Speed

48


• Configure a Web Interface

49


Managing the MAC Address Table

• Dynamic addresses are source MAC addresses that the

switch learns and then ages when they are not in use. You

can change the aging time setting for MAC addresses. The

default time is 300 seconds.

• The switch provides dynamic addressing by learning the

source MAC address of each frame that it receives on

each port, and then adding the source MAC address and

its associated port number to the MAC address table.

• To create a static mapping in the MAC address table, use

the mac-address-table static <MAC address> vlan {1-

4096, ALL} interfaceinterface-id command.

50

Verifying Switch Configuration

51

Basic Switch Management

• Back up and Restore Switch Configurations

52


• Back up and Restore Switch Configurations

• Clearing Configuration Information

– Use erase nvram: or erase startup-config command

• Deleting a Stored Configuration File

– Use delete flash:filename command

53


• 2.3.8.4

54

Configuring Switch Security

55

Configure Password Options

• Console password

– Sw(config)#line console 0

– Sw(config-line)#password cisco

– Sw(config-lien)#login

• Line vty password

– Sw(config)#line vty 0 4

– Sw(config-line)#password cisco

– Sw(config-lien)#login

• Enable password:

– Sw(config)#enalbe password cisco

– Sw(config)#enalbe secret class

56


• Configure Encrypted Passwords

57


Enable Password Recovery

• Step 1. Connect a terminal or PC with terminal-emulation software to the

switch console port.

• Step 2. Set the line speed on the emulation software to 9600 baud.

• Step 3. Power off the switch. Reconnect the power cord to the switch and

within 15 seconds, press the Mode button while the System LED is still

flashing green. Continue pressing the Mode button until the System LED

turns briefly amber and then solid green. Then release the Mode button.

• Step 4. Initialize the Flash file system using the flash_init command.

• Step 5. Load any helper files using the load_helper command.

• Step 6. Display the contents of Flash memory using the dir flash

command.

• Step 7. Rename the configuration file to config.text.old, which contains

the password definition, using the rename flash:config.text

flash:config.text.old command.

58



• Step 8. Boot the system with the boot command.

• Step 9. You are prompted to start the setup program. Enter

N at the prompt, and then when the system prompts whether

to continue with the configuration dialog, enter N.

• Step 10. At the switch prompt, enter privileged EXEC mode

using the enable command.

• Step 11. Rename the configuration file to its original name

using the rename flash:config.text.old flash:config.text

command.

• Step 12. Copy the configuration file into memory using the

copy flash:config.text system:running-config command.

59



• Step 13. Enter global configuration mode using the configure

terminal command.

• Step 14. Change the password using the enable

secretpassword command.

• Step 15. Return to privileged EXEC mode using the exit

command.

• Step 16. Write the running configuration to the startup

configuration file using the copy running-config startup-config

command.

• Step 17. Reload the switch using the reload command.

60

Login Banners

• The Cisco IOS command set includes a feature that allows

you to configure messages that anyone logging onto the

switch sees. These messages are called login banners and

message of the day (MOTD) banners.

– Sw(config)#banner motd “string”

61

Configure Telnet and SSH

62

Common Security Attacks

• MAC Address Flooding: If the MAC address does not exist,

the switch acts like a hub and forwards the frame out every

port on the switch.

63


• MAC Address Flooding (cont.)

64



65



66



67


Spoofing Attacks

68


DHCP Spoofing

69


• CDP attacks: CDP contains information about the device,

such as the IP address, software version, platform,

capabilities, and the native VLAN. When this information is

available to an attacker, they can use it to find exploits to

attack your network, typically in the form of a Denial of

Service (DoS) attack.

70


71

Security Tools

• Network Security Tools perform these functions:

• Network Security Audits help you to:

– Reveal what sort of information an attacker can gather

simply by monitoring network traffic.

– Determine the ideal amount of spoofed MAC addresses

to remove.

– Determine the age-out period of the MAC address table

• Network Penetration Testing helps you to

– Identify weaknesses within the configuration of your

networking devices

– Launch numerous attacks to test your network

– Caution: Plan penetration tests to avoid network

performance impacts.

72

Security Tools

73

Configuring Port Security

74


75


76


77


78


79


Activity 2.4.7.2

80

Summary

Technology

Ca Ex S3 C2 Basic Switch Concepts And Configuration