advanced switches... · 2017-06-22 · •blocking: the port remains in the blocking state for 20...

Advanced Switches

Chapter 4

www.classdemo.com

• Ethernet Technology● Principles of Ethernet

● CSMA/CD

● Ethernet Switch Features● Virtual LANs

● Access Port

● Trunks

● STP

● Broadcast Storms

● Link Aggregation

● PoE

● Port Monitoring

● Port Mirroring

● User Authentication

Outline

www.classdemo.com

Ethernet IEEE 802.3

10Base5 (Thicknet) 10Base2 (thinnet or Cheapernet)

www.classdemo.com

CSMA/CD

Carrier Sense Multiple Access / Collision Detection

• Scalability Limits

• Collision Domain

www.classdemo.com

One Collision Domain

Half-Duplex

Layer 1

www.classdemo.com

Four Collision Domain

Full-Duplex

Layer 2

Every switchport is its own collision domain

www.classdemo.com

Types of Ethernet

Ethernet Standard Media Type Bandwidth Capacity Distance Limitation

10Base5 Coax (thicknet) 10 Mbps 500 m

10Base2 Coax (thinnet) 10 Mbps 185 m

10Base-T Cat 3 (or higher) UTP 10 Mbps 100 m

100Base-TX Cat 5 (or higher) UTP 100 Mbps 100 m

100Base-FX MMF 100 Mbps 2 km

1000Base-T Cat 5e (or higher) UTP 1 Gbps 100 m

1000Base-TX Cat 6 (or higher) UTP 1 Gbps 100 m

1000Base-LX MMF/SMF 1 Gbps 5 km

1000Base-LH SMF 1 Gbps 10 km

1000Base-ZX SMF 1 Gbps 70 km

www.classdemo.com

Types of Ethernet (continued…)

Ethernet Standard Media Type Bandwidth Capacity Distance Limitation

10GBase-SR MMF 10 Gbps 26-82 m

10GBase-LR SMF 10 Gbps 10 km

10GBase-ER SMF 10 Gbps 40 km

10GBase-SW MMF 10 Gbps 300 m

10GBase-LW SMF 10 Gbps 10 km

10GBase-EW SMF 10 Gbps 40 km

10GBase-T Cat 6A (or higher) UTP 10 Gbps 100 m

100GBase-SR10 MMF 100 Gbps 125 m

100GBase-LR4 SMF 100 Gbps 10 km

100GBase-ER4 SMF 100 Gbps 40 km

www.classdemo.com

Virtual LANs

www.classdemo.com

Switch Access Port Configuration

www.classdemo.com

Trunk Access (dot1q)

www.classdemo.com

Switch Trunk Port Configuration

www.classdemo.com

Corruption of a Switch’s MAC Table

www.classdemo.com

Broadcast Storms

www.classdemo.com

STP Operation

www.classdemo.com

Port Types with equal cost

www.classdemo.com

Port Types with different cost

www.classdemo.com

• Blocking: The port remains in the blocking state for 20 seconds by default. During this time, the nondesignated port evaluates BPDUs in an attempt to determine its role in the spanning tree.

• Listening: The port moves from the blocking state to the listening state and remains in this state for 15 seconds by default. During this time, the port sources BPDUs, which inform adjacent switches of the port’s intent to forward data.

STP Port States

BPDU = Bridge Protocol Data Units

www.classdemo.com

• Learning: The port moves from the listening state to the learning state and remains in this state for 15 seconds by default. During this time, the port begins to add entries to its MAC address table.

• Forwarding: The port moves from the learning state to the forwarding state and begins to forward frames.

STP Port States

BPDU = Bridge Protocol Data Units

www.classdemo.com

Link Aggregation

LACP = Link Aggregation Control Protocol

www.classdemo.com

Link Aggregation

LACP = Link Aggregation Control Protocol

www.classdemo.com

Power over Ethernet (802.3af PoE)

www.classdemo.com

Port MonitoringWireshark

Network Monitor

www.classdemo.com

Port Monitoring

Unable to Capture Traffic

www.classdemo.com

Port Mirroring

www.classdemo.com

User Authentication (802.1x)

www.classdemo.com

User Authenication

802.1x

Supplicant: The device that wants to gain access to the network.

Authenticator: The authenticator forwards the supplicant’s authentication request on to an authentication server. After the authentication server authenticates the supplicant, the authenticator receives a key that is used to communicate securely during a session with the supplicant.

Authentication server:

The authentication server (for example, a Remote Authentication Dial In User Service [RADIUS] server) checks a supplicant’s credentials. If the credentials are acceptable, the authentication server notifies the authenticator that the supplicant is allowed to communicate on the network. The authentication server also gives the authenticator a key that can be used to securely transmit data during the authenticator’s session with the supplicant.

NAC Verify characteristics of the device seeking admission to the network.

www.classdemo.com

Switch Management

Unmanaged

• Does not support an IP address

• No console port

Managed

• IP assigned

• Console access is most secure

• Encrypted Password

• OOB

• SSH

www.classdemo.com

Management Access

www.classdemo.com

Management Access

www.classdemo.com

First-Hop Redundancy

HSRP

GLBP

VRRP

CARP

www.classdemo.com

Advanced Switches

Chapter 4

www.classdemo.com