KnowtheNetwork.com By Tsudohnimh Managed Switch Benefits

Managed Switches Traffic Management (VLANs) ‏ Traffic Inspection Network Management Working smarter not harder.

Working smarter not harder.

What is a VLAN? A Virtual LAN (VLAN) is a method of creating independent logical networks within a single physical network. Better Living Through VLANs

A Virtual LAN (VLAN) is a method of creating independent logical networks within a single physical network.

What can VLANs do for me? Security Performance &

What can VLANs do for me? Security through isolation. VLANs improve security by isolating groups of high-security users and sensitive-data systems from low security systems even if they are located on the same physical segment. This separation decreases the chances that people will gain access to information they are not authorized to see.

Why do I want a VLAN? Performance through segmentation (a.k.a. speed via splitting)‏ Grouping by Network Usage Grouping by Broadcast domains Grouping by Protocol

Performance with VLANs VLANs provide a method of logically grouping users who place a higher demand on network resources. This can allow a media lab or Plato server to be used intensively without affecting other network users. Grouping by Network Usage

Grouping by Network Usage

Performance with VLANs A primary feature of VLANs is that they do not pass broadcast, unicast, or multicast traffic to nodes outside of the VLAN; therefore you can segment your broadcast domains to reduce the overall traffic congestion on a network. Grouping by Broadcast Domain

Grouping by Broadcast Domain

Performance with VLANs Protocol based VLANs can be used to separate traffic by protocol. This allows you to isolate a protocol like AppleTalk or IPX that may cause exceessive traffic or you could also create a H.323 protocol VLAN in order to prioritize or isolate your VOIP traffic. Grouping by Protocol

Grouping by Protocol

Traffic Inspection How can you inspect traffic as it moves through your switch infrastructure? Knowing is half the battle (G.I.Joe) ‏ Port Monitoring / Mirroring

Port Monitoring / Mirroring

Traffic Inspection Why should you be sniffing your network? Identify rogue traffic (P2P, virus activity)‏ Identify bottlenecks Identify chattering NIC's Knowing is half the battle (G.I.Joe)‏ Download a Packet Sniffer Plug it in and start capturing

Why should you be sniffing your network?

Identify rogue traffic (P2P, virus activity)‏

Identify bottlenecks

Identify chattering NIC's

Download a Packet Sniffer

Plug it in and start capturing

Traffic Inspection Knowing is half the battle (G.I.Joe) ‏ What else can you do with monitoring? {HINT: 6 letters} IDS/IPS Intrusion Detection/Prevention System Setup an IDS/IPS Plug it into your monitor port Create some rules and watch for anomalies 24/7

IDS/IPS

Intrusion Detection/Prevention System

Setup an IDS/IPS

Plug it into your monitor port

Create some rules and watch for anomalies 24/7

Network Management Logical Management - The logical grouping of users through VLANs provides easier network management. It is not necessary to rewire a switch or run new cables to move a user from one network to another. Additions and relocations can all be achieved by software configuration. Spanning Tree (STP) - With STP you can create redundant failover links between switches and if your primary link goes down then STP will then bring up the other link automatically. Prioritization - Using 802.1Q tags you can prioritize certain types of traffic to take priority when moving through your switched infrastructure. Link Aggregation - Allows you to assign physical links to one logical link (trunk) that functions as a single, higher-speed link providing dramatically increased bandwidth. Virus Throttling - If a port exceeds a preset bandwidth threshold the switch can then throttle that connection to a slower speed to help mitigate a network flood by a virus. Port Controls - A port can be disabled when not in use, it can be restricted to a specific MAC address, it can be put in an isolated guest VLAN until authenticated (802.1x Network Access Control NAC)

Demonstration Creating a VLAN Configuring Port Mirroring Establish Link Aggregation

*************************************************** Creating a VLAN: config t (Enter Configuration context) vlan 6 (Create VLAN #) untag 5-10 (Assign ports 5-10 as untagged vlan members) tag 48 (Assign port 48 as a tagged uplink member) wr mem (Save Configuration) *************************************************** Configure Port Monitor/Mirroring mirror 2 port 47 (Establish the Mirroring Group ID, Assign port 47 as Mirroring port) interface 23 (Enter the interface context for port 23 or port list) monitor all both mirror 2 (monitor all traffic, bidirectional, assign to mirror group 2) *************************************************** Static Trunking trunk 3-4 trk2 trunk (Trunk ports 3 & 4 into a single interface called trk2)