Download presentation
Presentation is loading. Please wait.
Published byMeryl George Modified over 8 years ago
1
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Switch LAN Switching and Wireless – Chapter 2
2
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 2 Objectives Summarize the operation of Ethernet as defined for 100/1000 Mbps LANs in the IEEE 802.3 standard. Explain the functions that enable a switch to forward Ethernet frames in a LAN. Configure a switch for operation in a network designed to support voice, video, and data transmissions. Configure basic security on a switch that will operate in a network designed to support voice, video, and data transmissions.
3
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 3 Key Elements of 802.3 CSMA/CD Ethernet signals are transmitted to every host connected to the LAN using a special set of rules to determine which station can access the network. The set of rules that Ethernet uses is based on the IEEE carrier sense multiple access/collision detect (CSMA/CD) technology. Carrier Sense Multi-access Collision Detection Jam Signal and Random Backoff
4
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 4 Conti… Ethernet Communication
5
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 5 Conti… Duplex settings Here are two types of duplex settings used for communications on an Ethernet network: Half Duplex Unidirectional data flow Higher potential for collision Hub connectivity Higher
6
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 6 Conti… Full Duplex Point to point only Attached to dedicated switched port Requires full-duplex support on both ends Collision free Collision detect circuit disabled
7
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 7 Switch Port Settings The Cisco Catalyst switches have three settings: The auto option sets autonegotiation of duplex mode. With autonegotiation enabled, the two ports communicate to decide the best mode of operation. The full option sets full-duplex mode. The half option sets half-duplex mode.
8
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 8 Switch MAC Address Tables Step 1. The switch receives a broadcast frame from PC 1 on Port 1. Step 2. The switch enters the source MAC address and the switch port that received the frame into the address table. Step 3. Because the destination address is a broadcast, the switch floods the frame to all ports, except the port on which it received the frame. Step 4. The destination device replies to the broadcast with a unicast frame addressed to PC 1.
9
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 9 Conti… Step 5. The switch enters the source MAC address of PC 2 and the port number of the switch port that received the frame into the address table. The destination address of the frame and its associated port is found in the MAC address table Step 6. The switch can now forward frames between source and destination devices without flooding, because it has entries in the address table that identify the associated ports.
10
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 10 Different Factors / Terminologies Bandwidth and Throughput Collision Domains Broadcast Domains Network Latency:-- 1)Source and Destination NIC (1micro in 10base-t), 2)actual propagation delay as the signal takes time to travel through the cable. Typically, this is about 0.556 microseconds per 100 m for Cat 5 UTP. 3) Latency is added based on network devices that are in the path between two devices.
11
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 11 Summarize the operation of Ethernet as defined for 100/1000 Mbps LANs in the IEEE 802.3 standard Describe the design considerations for Ethernet/802.3 networks
12
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 12 Network Congestion The primary reason for segmenting a LAN into smaller parts is to isolate traffic and to achieve better use of bandwidth per user. These are the most common causes of network congestion: Increasingly powerful computer and network technologies. Increasing volume of network traffic. Network traffic is now more common because remote resources are necessary to carry out basic work. High-bandwidth applications. Software applications are becoming richer in their functionality and are requiring more and more bandwidth.
13
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 13 Frame Forwarding Methods Store-and-Forward Switching In store-and-forward switching, when the switch receives the frame, it stores the data in buffers until the complete frame has been received. Cut-through Switching There are two variants of cut-through switching: Fast-forward switching: Fast-forward switching immediately forwards a packet after reading the destination address. Fragment-free switching: In fragment-free switching, the switch stores the first 64 bytes of the frame before forwarding.
14
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 14 Switch forwarding methods Conti…
15
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 15 Symmetric and Asymmetric Switching Symmetric Switching Symmetric switching provides switched connections between ports with the same bandwidth, such as all 100 Mb/s ports or all 1000 Mb/s ports. Asymmetric Switching An asymmetric LAN switch provides switched connections between ports of unlike bandwidth, such as a combination of 10 Mb/s, 100 Mb/s, and 1000 Mb/s ports.
16
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 16 Conti…
17
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 17 Port Based and Shared Memory
18
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 18 Navigating Command Line Interface User Mode Privileged Mode Global Configuration Mode GUI-based Alternatives to the CLI Cisco Network Assistant CiscoView Application Cisco Device Manager SNMP Network Management
19
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 19 Configure a Switch for Operation in a Network
20
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 20 Configure a Switch for Operation in a Network Cisco IOS help facilities
21
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 21 Configure a Switch for Operation in a Network Command history
22
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 22 Configure a Switch for Operation in a Network Boot sequence of a Cisco switch
23
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 23 Configure a Switch for Operation in a Network
24
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 24 Configure a Switch for Operation in a Network Show command
25
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 25 Configure a Switch for Operation in a Network How to manage the Cisco IOS configuration files
26
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 26 Configure Basic Security on a Switch Cisco IOS commands used to configure password options
27
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 27 Cisco IOS commands used to configure a login banner Configure Basic Security on a Switch
28
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 28 Configuring Telnet and SSH on a switch Configure Basic Security on a Switch
29
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 29 Password Recovery Step 1. Connect a terminal or PC with terminal-emulation software to the switch console port. Step 2. Set the line speed on the emulation software to 9600 baud. Step 3. Power off the switch. and turn on and within 15 seconds, press the Mode button while the System LED is still flashing green. Continue pressing the Mode button until the System LED turns briefly amber and then solid green. Then release the Mode button. Step 4. Initialize the Flash file system using the flash_init command. Step 5. Load any helper files using the load_helper command.
30
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 30 Conti… Step 6. Display the contents of Flash memory using the dir flash command: Step 7. Rename the configuration file to config.text.old, which contains the password definition, using the rename flash:config.text flash:config.text.old command. Step 8. Boot the system with the boot command. Step 9. You are prompted to start the setup program. Enter N at the prompt, and then when the system prompts whether to continue with the configuration dialog, enter N.
31
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 31 Conti… Step 10. At the switch prompt, enter privileged EXEC mode using the enable command. Step 11. Rename the configuration file to its original name using the rename flash:config.text.old flash:config.text command. Step 12. Copy the configuration file into memory using the copy flash:config.text system:running-config command. After this command has been entered, the follow is displayed on the console: Source filename [config.text]? Destination filename [running-config]? Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can change the password.
32
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 32 Conti… Step 13. Enter global configuration mode using the configure terminal command. Step 14. Change the password using the enable secret password command. Step 15. Return to privileged EXEC mode using the exit command. Step 16. Write the running configuration to the startup configuration file using the copy running-config startup-config command. Step 17. Reload the switch using the reload command.
33
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 33 , MAC address flooding, spoofing attacks, CDP attacks, and Telnet attacks (Brute force, DoS) (DHCP snooping) Common switch attacks
34
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 34 DHCP snooping Step 1. Enable DHCP snooping using the ip dhcp snooping global configuration command. Step 2. Enable DHCP snooping for specific VLANs using the ip dhcp snooping vlan number [number] command. Step 3. Define ports as trusted or untrusted at the interface level by defining the trusted ports using the ip dhcp snooping trust command. Step 4. (Optional) Limit the rate at which an attacker can continually send bogus DHCP requests through untrusted ports to the DHCP server using the ip dhcp snooping limit raterate command.
35
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 35 Security Tools
36
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 36 Conti…
37
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 37 Cisco IOS commands used to disable unused ports Protect, restrict, shutdown: switchport port-security mac-address switchport port-security mac-address sticky Configure Basic Security on a Switch
38
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 38 Summary LAN Design Process that explains how a LAN is to be implemented Factors to consider in LAN design include Collision domains Broadcast domains Network latency LAN segmentation
39
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 39 Summary Switch forwarding methods Store & forward – used by Cisco Catalyst switches Cut through – 2 types Cut through Fast forwarding
40
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 40 Summary Symmetric switching Switching is conducted between ports that have the same bandwidth Asymmetric switching Switching is conducted between ports that have unlike bandwidth
41
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 41 Summary CISCO IOS CLI includes the following features Built in help Command history/options Switch security Password protection Use of SSH for remote access Port security
42
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE 1 Chapter 6 42
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.