The University of Bolton

School of Games Computing & Creative Technologies

LCT2516 Network ArchitectureCCNA Exploration

LAN Switching and WirelessChapter 2 – Basic Switch Concepts & Configuration

Martin Stanhope

m.stanhope@bolton.ac.uk

1

Overview

Ethernet (802.3) Networks

Operation of switches

Configuration of switches

Security and switches

Chapter 2 Chapter 2 Basic Switch concepts and Basic Switch concepts and

configurationconfiguration

2

Chapter sections

• 2.0 Introduction• 2.1 Introduction to Ethernet/802.3 Networks• 2.2 Forwarding Frames Using a Switch• 2.3 Switch Management Configuration• 2.4 Configuring Switch Security• 2.5 Labs• 2.6 Summary• 2.7 Quiz

3

Chapter outline continued...

• 2.1 Introduction to Ethernet/802.3 LANS– 2.1.1 Key Elements of Ethernet Networks– 2.1.2 Design Consideration of Ethernet Networks– 2.1.3 LAN Design Considerations

• 2.2 Forwarding Frames using a Switch– 2.2.1 Switch Forwarding Modes– 2.2.2 Symmetric and Asymmetric Switching– 2.2.3 Memory Buffering– 2.2.4 Layer 2 and Layer 3 Switching

4

Chapter outline continued...

• 2.3 Switch Management Configuration– 2.3.1 Navigating Command-Line Interface Modes– 2.3.2 Using the Help Facility– 2.3.3 Accessing the Command History– 2.3.4 The Switch Boot Sequence– 2.3.5 Prepare to Configure the Switch– 2.3.6 Basic Switch Configuration– 2.3.7 Verifying Switch Configuration– 2.3.8 Basic Switch Management

5

Chapter outline continued...

• 2.4 Configuring Switch Security– 2.4.1 Configure Password Options– 2.4.2 Login Banners– 2.4.3 Configure Telnet and SSH– 2.4.4 Common Security Attacks– 2.4.5 Security Tools– 2.4.6 Configuring Port Security– 2.4.7 Securing Unused Ports

6

2.1 Introduction to Ethernet/802.3 LANS

• 2.1.1 Key Elements of Ethernet Networks• 2.1.2 Design Consideration of Ethernet Networks• 2.1.3 LAN Design Considerations

7

2.1.1 Key Elements of Ethernet Networks

• CSMA/CD– Carrier Sense– Multiple Access– Collision Detection– Jam signal and random backoff

• Ethernet Communications– Unicast – Multicast– Broadcast

8

2.1.1 Key Elements of Ethernet Networks continued...

• Ethernet Frame Structure ( 2.1.1.2 )

– http://www.techfest.com/networking/lan/ethernet2.htm

– http://www.javvin.com/protocolEthernet.html –

9

2.1.1 Key Elements of Ethernet Networks continued...

• Duplex Settings– Half– Full

• Switch port settings– The auto option sets autonegotiation of duplex mode. With

autonegotiation enabled, the two ports communicate to decide the best mode of operation.

– The full option sets full-duplex mode.– The half option sets half-duplex mode.

For Fast Ethernet and 10/100/1000 ports, the default is auto.

For 100BASE-FX ports, the default is full. The 10/100/1000 ports operate in either half- or full-duplex mode when they are set to 10 or 100 Mb/s, but when set to 1,000 Mb/s, they operate only in full-duplex mode.

10

2.1.1 Key Elements of Ethernet Networks continued...

Switch operation– Learning of MAC addresses ( 2.5.1.5 )

– Bandwidth and throughput– Collision domains

• The network area where frames originate and collide is called the collision domain.

• All shared media environments, such as those created by using hubs, are collision domains.

• The switch creates the connection that is referred to as a microsegment. • The microsegment behaves as if the network has only two hosts, one

host sending and one receiving, providing maximum utilization of the available bandwidth.

• Switches reduce collisions and improve bandwidth use on network segments because they provide dedicated bandwidth to each network segment.

11

2.1.2 Design Consideration of Ethernet Networks

Broadcast domains ( 2.1.2.2 and 2.1.2.5 )

– Although switches filter most frames based on MAC addresses, they do not filter broadcast frames.

– For other switches on the LAN to get broadcasted frames, broadcast frames must be forwarded by switches.

– A collection of interconnected switches forms a single broadcast domain.

– Only a Layer 3 entity, such as a router, or a virtual LAN (VLAN), can stop a Layer 3 broadcast domain.

– Routers and VLANs are used to segment both collision and broadcast domains.

12

2.1.2 Design Consideration of Ethernet Networks continued...

Network Latency• The time a frame or a packet takes to travel from the

source station to the final destination.• Latency has the following components...

– The time it takes the source NIC to place voltage pulses on the wire, and the time it takes the destination NIC to interpret these pulses. This is sometimes called NIC delay

– The actual propagation delay as the signal takes time to travel through the cable.

– The time network devices that are in the path between two devices require to forward the signal.

13

2.1.2 Design Consideration of Ethernet Networks continued...

Network Congestion... is caused by

– Modern powerful computers send and process more data at higher rates through the network.

– Increased volume of network traffic created by modern ways of working and by broadcast traffic (e.g. ARP address resolution

– Modern software applications, e.g. Desktop publishing, video, e-learning etc.

14

2.1.3 LAN Design Considerations

• Controlling Network Latency ( 2.1.3.1)

• Removing Bottlenecks• DO ACTIVITY 2.1.3.2 RELATING TO

COLLISION AND BROADCAST DOMAINS

15

2.2 Forwarding Frames using a Switch

• 2.2.1 Switch Forwarding Modes (See animation 2.2.1.1)

– Store and Forward– Cut-through (Fast forward, Fragment free)

• 2.2.2 Symmetric and Asymmetric Switching (Graphic 2.2.2.1)

– Symmetric– Asymmetric

• 2.2.3 Memory Buffering– Port-based memory buffering– Shared memory buffering

• 2.2.4 Layer 2 and Layer 3 Switching– Layer 2 and 3 switching / Layer 3 Switch and Router

Comparison

• DO ACTIVITY 2.2.4.3 16

2.3 Switch Management Configuration

• 2.3.1 Navigating Command-Line Interface Modes• 2.3.2 Using the Help Facility• 2.3.3 Accessing the Command History• 2.3.4 The Switch Boot Sequence• 2.3.5 Prepare to Configure the Switch• 2.3.6 Basic Switch Configuration• 2.3.7 Verifying Switch Configuration• 2.3.8 Basic Switch Management

17

2.3 Switch Management Configuration continued...

• 2.3.1 Navigating Command-Line Interface Modes– The command line interface modes (See 2.3.1.1)– GUI based alternatives to the CLI modes

• Cisco Network Assistant• CiscoView application• Cisco Device Manager (Web based software)• Switch management via SNMP-compatible management station

• 2.3.2 Using the Help Facility (See 2.3.2.1 and 2.3.2.2)

– Context sensitive help (Word help and command syntax help)

– Console error messages

• 2.3.3 Accessing the Command History– Command history buffer and its configuration

18

2.3.4 The Switch Boot Sequence

• When a Cisco switch is turned on, it loads the ‘boot loader’ software and goes through the ‘boot sequence’...– Low level CPU initialisation– Power-on self-test (POST) for the CPU subsystem (i.e.

CPU DRAM and the flash memory system.– Initialises flash file system on the system board– Loads default op system image into memory and boots

the switch

The OS then initialises the interfaces using the Cisco IOS commands found in the OS configuration file, config.text, stored in flash memory.

19

2.3.4 The Switch Boot Sequence continued...

• The Boot loader also provides...

– Access to switch if OS cannot be used– A command-line facility to allow a means of...

• accessing files in flash memory before OS is loaded

• formatting the flash file system• reinstalling the operating system• recovering from a lost password

20

2.3.5 Prepare to configure the switch

• 1. Before starting the switch– Check network cables are secure– PC serial port is connected to the switch console port– Terminal emulator application (e.g. Hyperterminal) is

running & configured

• 2. Attach the power cable to the switch– Switches do not have power button, just attach power

cable to turn it on

• 3. Observe the boot process– After POST the SYST led should blink green not amber– Observe the IOS software output on the PC console

21

2.3.6 Basic Switch Configuration

• Configure the Management Interface ( 2.3.6.1 – try the graphic )

• Configure the default gateway ( 2.3.6.1 )

• Configure auto-MDIX ( 2.3.6.1 )

• Configure duplex and speed ( 2.3.6.2 )

• Configure the Web interface• Manage the MAC address table ( 2.3.6.4 )

– Dynamic– Static– MAC address aging

22

2.3.7 Verifying Switch Configuration

• Use the ‘show’ commands• See examples of the show commands on 2.3.7.1

23

2.3.8 Basic Switch Management

• Back up the switch configuration to TFTP server ( 2.3.8.1 )

– Copy configuration from volatile DRAM to non-volatile NVRAM

– Copy configuration from DRAM or NVRAM to remote TFTP server

– See 2.3.8.2 for full description of the process

• Restore the switch configuration held on TFTP server– Copy configuration file from TFTP server to NVRAM– Issue the reload command– Answer ‘No’ when prompted ‘Do you want to save the

configuration’. (See section 2.3.8.1 for full explanation)– See 2.3.8.2 for full description of the process

• Clearing and deleting configuration information (2.3.8.3)24

2.4 Configuring Switch Security

• 2.4.1 Configure Password Options• 2.4.2 Login Banners• 2.4.3 Configure Telnet and SSH• 2.4.4 Common Security Attacks• 2.4.5 Security Tools • 2.4.6 Configuring Port Security• 2.4.7 Securing Unused Ports

25

2.4.1 Configure Password Options

• Passwords can be set for...– Console access (2.4.1.1)

– Virtual terminal access, the vty ports (2.4.1.2)

– Exec mode (2.4.1.3)

• Password encryption– More secure– See section 2.4.1.4 for full description

• Password recovery– Used if passwords are forgotten– Requires physical access to the switch– See section 2.4.1.5 for full procedure

26

2.4 Configuring Switch Security continued...

• 2.4.2 Login Banners– Login banner– Message of the day banner

• 2.4.3 Configure Telnet and SSH• 2.4.4 Common Security Attacks ( See online material )

– MAC address flooding (2.4.4.1)

– Spoofing DHCP server responses (2.4.4.2)

– Cisco Discovery Protocol (CDP) attacks (2.4.4.3)

– Telnet Attacks (2.4.4.4)

• Brute Force Password attack• Denial of Server (DoS) attack

27

2.4 Configuring Switch Security continued...

• 2.4.5 Security Tools– Network Security Audit, Penetration Testing, Security Tools Features

• 2.4.6 Configuring Port Security ( 2.4.6.1)

– Port security – limits the number of valid MAC addresses allowed on a port. Setting it to a value of 1 only a single PC can be attached to the port.

– Secure MAC address types: Statc, Dynamic, Sticky– Sticky MAC addresses– Security Violation modes: Protect, Restrict, Shutdown

– Configure port security (2.4.6.2)

– Verify port security (2.4.6.3)

• 2.4.7 Securing Unused Ports– Disable Unused Ports

28

Commands summary... To be completed

29