LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration

LAN Switching and Wireless
Abdelkhalik Mosa

If you found any mistake’s’ on these slides or if
you have any other questions or comments,
please feel free to contact me at:
abdu.elsaid@gmail.com or abdu.elsaid@yahoo.com
Linkedin : https://www.linkedin.com/in/AbdelkhalikMosa
Twitter : https://twitter.com/AbdelkhalikMosa
Facebook : https://www.facebook.com/Abdelkhalik.Mosa
Thanks,
Abdelkhalik Elsaid Mosa
Suez Canal University
Faculty of Computers and Informatics - Ismailia - Egypt
Remember !

Key Elements of Ethernet/802.3 Networks: CSMA/CD
Carrier Sense
Multiple Access
Collision Detection
JAM Signal
Random Backoff

Key Elements of Ethernet/802.3 Networks: Communication

Key Elements of Ethernet/802.3 Networks: Ethernet Frame
MAC Address
Ethernet Frame

Key Elements of Ethernet/802.3 Networks: Duplex Settings
Half Duplex
Full Duplex

• Switch Port Settings: Ports on a Cisco Catalyst 2960 Series can
be configured as follows:
– auto : allows the two ports to communicate in order to decide the mode.
– full : sets full-duplex mode.
– half : sets half-duplex mode.
• auto-MDIX
 When the auto-MDIX feature is enabled, the switch detects the required
cable type for copper Ethernet connections and configures the interfaces
accordingly.
Switch# conf t
Switch(config)# interface f0/1
Switch(config-if)# speed auto
Switch(config-if)# duplex auto
Switch(config-if)# mdix auto
Switch(config-if)# end
Key Elements of Ethernet/802.3 Networks: Switch Port Settings

1
2
3 4
5 6
Key Elements of Ethernet/802.3 Networks: Switch MAC Table
The initial MAC address table is empty

Design Considerations for Ethernet networks: Transfer Capacity
• Differences between bandwidth, throughput and goodput:
1. Bandwidth (Theoretical): The capacity of a medium to carry
data in a given amount of time.
 Usually measured in kbps or Mbps.
2. Throughput (Practical): is the measure of the transfer of bits
across the media over a given period of time.
Throughput <= Bandwidth.
 Number of devices affect the throughput.
3. Goodput (Qualitative): is the measure of usable data
transferred over a given period of time.
Application level throughput.
Goodput = Throughput - traffic overhead for establishing sessions,
acknowledgements, and encapsulation.

• Broadcast and Collision domains
– Each switch reduces the size of the collision domain on the LAN to a
single link.
– Each router reduces the size of the broadcast domain on the LAN.
• LAN Segmentation
Design Considerations for Ethernet networks

• Network Latency: is the time a frame or a packet takes to travel
from the source station to the final destination.
Design Considerations for Ethernet networks: Network Latency

1. Store and Forward
2. Cut-Through (Fast-forward switching or Fragment-free switching)
Switch Forwarding Methods

Symmetric and Asymmetric Switching
• Switching may be classified as symmetric or asymmetric based
on the way in which bandwidth is allocated to the switch ports.

Symmetric and Asymmetric Switching

Memory Buffering
• The switch uses a buffering technique to store and forward
frames and when the destination port is busy.
• The switch stores the data in the memory buffer.
• The memory buffer can port-based memory or shared memory.

Layer 3 Switching
• Layer 3 switches are superfast routers that do Layer 3 forwarding
in hardware.

The Command Line Interface Modes

GUI-based Alternatives to the CLI
• Cisco Network Assistant CiscoView
• Security Device Manager SNMP Network Management
http://www.cisco.com/go/networkassistant
.
http://www.cisco.com/en/US/products/sw/cscowork
/ps4565/prod_bulletin0900aecd802948b0.html
http://h20229.www2.hp.com/news/about/index.html

Prepare to configure the switch

Switch Management Configuration
• To be able to telnet to or from the switch you should set an IP address and
the default gateway on the switch.
aLayer2switch,suchas2960,onlyPermits
asingleVLANinterfacetobeactiveatatime.

• Configure Duplex and Speed

• Configure a Web Interface

• Managing the MAC Address Table
 show mac-address-table
 The MAC address table was previously referred to as Content
Addressable Memory (CAM) or as the CAM table.
• Dynamic Mac addresses: are source MAC addresses that the switch
learns and then ages when they are not in use.
 The default time is 300 seconds.
• Static Mac addresses: MAC addresses assigned to certain ports by
the network admin.
 Static addresses are not aged out.
 mac-address-table static <MAC address> vlan {1-4096, ALL}
interface interface-id.
 The maximum size of the MAC table varies, but 8192 in Catalyst 2960

Back up and Restore Switch Configurations
Note:copystartrun

Back up Configuration Files to a TFTP Server
• Backing Up Configuration
1.switch#copy system:running-config
tftp:[[[//location]/directory]/filename]
2.or switch#copy nvram:startup-config
tftp:[[[//location]/directory]/filename].
• Restoring Configuration
1.Switch#copy tftp:[[[//location]/directory]/filename]
system:running-config
2.or switch#copy tftp:[[[//location]/directory]/filename]
nvram:startup-config.
Ex: S1# copy running-config tftp://192.168.1.1/abdo-config

Configuring Passwords
• Enable
 FCI(config)# enable password cisco
 FCI(config-line)# enable secret cisco
• Console
 FCI(config)# line console 0
 FCI(config-line)# password cisco
 FCI(config-line)# login
• Telnet
 FCI(config)# line vty 0 14
 FCI(config-line)# password cisco
 FCI(config-line)# login
The
No
command

Password Recovery
• Password Recovery Steps:
1. Press the Mode button for awhile //load the boot loader
2. Flash-init //Initialize the Flash file system
3. Rename flash:config.text flash:config.text.old // rename
4. Boot // Boot the system
5. Rename flash:config.text.old flash:config.text
6. Copy flash:config.text system:running-config
7. Change the passwords
8. Save Changes
9. Reload
dir flash: Display the contents of Flash memory

Banner and Clearing Configuration
• Banner Commands
1.FCI(config)# banner MOTD “Device maintenance on Friday!”
2.FCI(config)# banner LOGIN “Authorized Personnel Only!”
• Clearing Configuration Information
Switch#erase nvram: or the erase startup-config
• Deleting a Stored Configuration File
Switch#delete flash:filename

Configuring Telnet and SSH
FCI(config)#crypto key zeroize rsa // To delete the RSA key pair
After the RSA key pair is deleted, the SSH server is automatically disabled.
• Time-out: the amount of time the switch allows for a connection to
be established.
• FCI(config)#ip ssh {timeout seconds | authentication-retries number}

Common Security Attacks (MAC Address Flooding)

Common Security Attacks (Spoofing Attacks)
DHCP Starvation attack
DHCP Spoofing attack

Solving Spoofing Attacks using Snooping and Port Security
•DHCP snooping: is a Cisco Catalyst feature that determines which
switch ports can respond to DHCP requests.
1. S(config)# ip dhcp snooping.
2. ip dhcp snooping vlan number {number}.
3. ip dhcp snooping trust.
4. (Optional) Limit the rate at which an
attacker can continually send bogus
DHCP requests through untrusted ports
to the DHCP server using the ip dhcp
snooping limit rate command.

Common Security Attacks (CDP Attacks)
• It is recommended that you disable the use of CDP on devices
that do not need to use it.

Common Security Attacks (Telnet Attacks)
• Types of Telnet attacks
1. Brute Force Password Attack: guesses password and uses a
program to establish a Telnet session using each guessed
password.
• Solution: Change your password frequently, use strong
passwords, and limit who can communicate with the vty
lines.
2. DoS attack: the attacker exploits a flaw in the Telnet server
software running on the switch that renders the Telnet
service unavailable.
• Solution: Update to the newest version of the cisco IOS.

Configuring Port Security
• Port security enables you to:
 Specify a group of valid MAC addresses allowed on a port.
 Allow only the specified MAC add. to access the port.
 Specify that the port will automatically shutdown if
unauthorized MAC addresses are detected.
• Secure MAC Address Types
1. Static secure MAC addresses: MAC addresses are manually configured by
using the switchport port-security mac-address mac-address.
2. Dynamic secure MAC addresses: MAC addresses are dynamically learned
and stored only in the address table.
3. Sticky secure MAC addresses: You can configure a port to dynamically
learn MAC addresses and then save these MAC addresses to the running
configuration using switchport port-security mac-address sticky.

Security violation Modes
• Security violation when either of these situations occurs:
 The maximum number of secure MAC addresses have been added to the
address table, and a station whose MAC address is not in the address table
attempts to access the interface.
 An address learned or configured on one secure interface is seen on
another secure interface in the same VLAN.
• Security Violation Modes

Configure Sticky Port Security

LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration

LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration

Similar to LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration (20)

More from Abdelkhalik Mosa

More from Abdelkhalik Mosa (10)

Recently uploaded

Recently uploaded (20)

LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration