Content switches that use Layer 4 work at the transport layer of the OSI model and have the ability to look at information in the packets it receives to not only identify the MAC addres
Trang 1is the process of sending data from segment to segment based on the MAC address, what happens when data has to be sent to a remote network? The data is sent to the default gateway (commonly a router), which sends the data
to its destination The time spent sending the data from the switch to the router and then the time spent by the router taking the packet off the wire to read it is now eliminated or shortened drastically by implementing a multi-layer switch This is because a Layer 3 switch is built into a Layer 2 switch
so data does not have to be sent to a router; that is, the router is built into the circuitry of the switch so the data is routed as quickly as the switch can send it to itself – much quicker than one device trying to send data to another device Now consider the speed at which a high-speed switch works Con-sider the amount of packets that could be sent across that cable Now you can start to see the benefits of a multilayer switch; having the two devices sandwiched together increases the efficiency of the transmission, thus speed-ing it up drastically as the volume of data increases
CoNTENT SwITChES
Because of the success of Layer 3 switching and the performance gains it can provide, it was no surprise that switching would climb higher along the OSI’s layered model Content switches use Layers 4 to 7 of the OSI model, and rather than looking at the individual packets being transmitted, they can use sessions to transmit data between machines Content switches will also take advantage of caching and load balancing so that the amount of data trans-mitted across networks and requests processed by a server are reduced
Content switches that use Layer 4 work at the transport layer of the OSI
model and have the ability to look at information in the packets it receives
to not only identify the MAC address and IP address of the destination com-puter, but also the application protocols being used to send it The switch can determine if Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), or other protocols in the Transmission Control Protocol/Internet Pro-tocol (TCP/IP) suite are being used to send the packet and can also identify the application that uses the data Because the packet contains information about the application, priorities can be set on packets, as well as rules about how they are to be forwarded
Layer 5 switching works at the session layer of the OSI model, and uses
information in the packet provided by this layer for routing The session layer provides information such as uniform resource locators (URLs) that allow the switch to route the packet more effectively to a destination computer
A URL is a method of addressing that is commonly used on the Internet
Trang 2Layer 6 switching works at the presentation layer of the OSI model, while
Layer 7 switching works at the application layer of the OSI model Switches
that use these upper layers have the ability to look at the content of the data
being transmitted An example of this would be an XML file that was being
sent across the network The Layer 7 switch could look at the tags within
the file to determine where the file should be sent Because it works at the
highest level, it has the ability to use information from all levels of the OSI
model for use in forwarding the data to its proper destination
AdvANCEd FEATurES oF A SwITCh
Although we’ve discussed a number of different types of switches and seen
how they work differently and provide diverse features, there are also switches
available in the marketplace that offers enhanced features These elements
bring improved security, services, and capabilities that were unseen in basic
switches that were available in previous years Some of the advanced features
we’ll discuss in the sections that follow include:
Power over Ethernet (PoE)
■
■
Spanning Tree Protocol
■
■
Virtual LANs
■
■
Trunking
■
■
Port Mirroring
■
■
Port Authentication
■
■
power over Ethernet
Power over Ethernet (PoE) is a technology in which electrical power can
be transferred over standard twisted-pair cables Although data have always
been transferred along the wires used on an Ethernet network, PoE allows
electricity to also be transferred along the same cabling This means that
no modification needs to be made to the existing cabling of a network to
implement PoE
Exam warning
Switches operate at many layers of the OSI model They work at the data link layer
(Layer 2), and sometimes at the network layer (Layer 3) of the OSI model Layer 3
switches have an integrated router function that allows them to make decisions as to
where the data should be sent.
Trang 3PoE is used to provide power to devices that are connected to a network and allows them to acquire power without the need of having to use existing outlets or pay for new power sources to be installed Some devices that com-monly use PoE are network cameras, IP telephones, wireless access points, remote switches, or other network devices
A benefit to PoE is that so long as the switch is connected to a power source, any of the devices using PoE through that switch will continue to receive power In other words, if the switch is connected to a uninterruptible power supply (UPS), any of the devices using PoE on that switch will con-tinue running even if there is a power failure
Spanning Tree
The Spanning Tree Protocol (STP) was developed by Digital Equipment Corporation (DEC) to prevent broadcast storms that result from looping
A broadcast is a message that is sent across a LAN at the data link layer (that is Layer 2 of the OSI model), and it can be forwarded by switches to other segments of the network When a switch has more than one way to communicate with a node, it can cause broadcasts to go out across more than one path This can create a loop in the way this data travels across the network When data loops endlessly around the network in this way, it eats
up the available bandwidth and can affect network performance Not only can computers on the network experience slow response times, but they also can have problems just logging into the network
To illustrate the problems with looping and how STP fixes this, let’s look at Figure 4.1 As shown in this figure, the network on the left has two switches connected together Although this prevents data from being passed
to multiple switches, it also creates a single point of failure on the network
If one switch fails to work, then data cannot be transferred across the net-work The network on the right provides multiple paths that data can be
dAMAGE ANd dEFENSE
Switching on Networks
In terms of devices that provide network connectivity,
switches have become the future of networking Today’s
computer networks have to support the combination
of voice, video, and data, so many network
adminis-trators are beginning to favor intelligent switches over
common shared hubs Network switches enable you to
have bandwidth on demand and ensure that you can use your network to the fullest capacity If you have a switch that is capable of 100 Mbps, you are guaran-teed that amount of bandwidth due to the way a switch can intelligently look at the packets A shared hub, on the other hand, can sometimes supply only 40 percent
of the potential bandwidth on the network.
Trang 4transmitted across, but it creates the problem of looping If you imagine data
going across two switches, you can follow in this figure how the data could
be passed from one switch to another endlessly
The STP uses an algorithm that identifies that a switch has multiple
ways of communicating with a single node In identifying this, it then
deter-mines the best way of communicating with that node and blocks out the
other paths If the primary path to a node becomes unavailable, it will then
use redundant links to that node This means that in the event of failure, the
network can still continue to function without worry that loops will result
and flood the network
vlAN
A VLAN is a virtual LAN that allows messages to be broadcast to all of
the network devices that are in the same broadcast domain A broadcast
domain is a logical division of computers that can communicate with one
another using broadcast messages VLANs are used to allow computers and
other network devices to appear as if they are on the same network segment,
regardless of where they are physically located
Ports on switches supporting this technology can be configured to be part
of the same VLAN For example, some of the ports in one switch could be set
to be part of VLAN A and ports on another switch could also be set to part of
VLAN A From the perspective of the devices on this VLAN, they are all part
of the same broadcast domain and can communicate with one another using
broadcast messages, which would not be received by any computers or devices
that are not part of this VLAN
Trunking
In using VLANs, there may be situations where you have different computers
that are on the same VLANs but in different locations that are connected by
a single network link This might be computers on different floors or
build-ings where a single cable is used to connect the different network segments
FIGurE 4.1
Spanning Tree Allows for Redundant Paths to Nodes.
Trang 5To prevent the data from different VLANs from being sent across the single
cable and being received by the wrong VLANs, a process called trunking
is used
Trunking is a term that refers to a single network link that allows
mul-tiple VLANs to communicate with one another Two switches can send and receive the network traffic from two or more VLANs using a Trunking Pro-tocol When a packet of data is sent between the two switches, a tag is added
to the frame header, indicating that it belongs to a particular VLAN
To illustrate this, let’s say that a computer on one floor of a building is part of VLAN A The user wants to send data to another computer that’s on another floor and is part of the same VLAN The data is sent to the switch, but because there are multiple VLANs on these floors, the switch adds infor-mation to the header of the packet saying that this data is for a computer on VLAN A When it reaches the switch on another floor, this second switch looks at the header and realizes that it should be sent to VLAN A Even though multiple VLANs may use the network link between these floors of the building, the data are sent to the proper VLAN using this method
port Mirroring
Port mirroring is a process in which all of the data sent or received on
one port or VLAN is copied to another port, and it is also known as a switched port analyzer (SPAN) or roving analysis port (RAP) In looking at these terms, you can see that port mirroring is used for analyzing network traffic The data copied to a port on a switch can be copied to a different port on the switch, which is then sent to a computer or network appliance that monitors the traffic An example of one such device that would use port mirroring would be an intrusion detection system (IDS), which monitors network traffic for activity that’s indicative of unauthorized access Network administrators using the data that’s been forwarded by port mirroring can then identify issues with switch performance and can be notified of prob-lems on the network
port Authentication
Port authentication is a process in which access to a port is given to a device
by having that device authenticate itself with a server Port authentication
is part of the IEEE 802.1x standard, which outlines how access to a network can be restricted on a port-by-port basis Access control is based upon devices authenticating themselves before being allowed to transmit packets across the network Once the device has authenticated itself, communication over the port is allowed, so that it can then transfer data across the switch and over the network
Trang 6Port authentication requires several components for access to be given or
denied These are as follows:
■
■ Supplicant This is the client that requests access to the network
This may be a computer, software, or network device that requires
access to the network
■
■ Authenticator This is the port that is configured to restrict access
and requires authentication before allowing access
■
■ Authentication server This is a server that verifies the credentials of
the supplicant and determines if access should be granted or denied
The way port authentication works is the supplicant (such as a network
workstation) attempts to access a port on a switch The port acts as the
authenticator and won’t allow access until the supplicant has been
authen-ticated The supplicant gives a username/password, digital certificate, or
other credentials to the authenticator, which passes this information to an
authentication server The authentication server may be a RADIUS
data-base or another authentication datadata-base that compares the credentials to
its own records to determine whether access should be granted The result
of this comparison is sent back to the authenticator If the credentials have
been verified and found to be valid, then the supplicant is allowed to access
resources and transmit data across the switch
SuMMAry oF ExAM oBJECTIvES
Switches can provide an array of features that can enhance the security and
functionality of a network At its most basic level, a switch is a network
device that allows multiple devices to communicate with one another on a
network These devices can be workstations, servers, laptops, printers, or
any number of other devices that require the ability to send and receive data
with one another
Switches can work at different levels of the OSI model Depending on the
layer used by the switch, it replaces many of the devices previously used on
older networks, inclusive to repeaters and bridges that we discussed in the
last chapter Switches can provide the function of connecting together the
multiple networks, segmenting networks, or provide routing features that
will get data to its proper destination using the fastest possible route
Test day Tip
Remember for the Network+ exam that each component’s functionality is listed on the
testable objectives at the beginning of this chapter.
Trang 7Switches can also include a number of advanced features PoE can provide power to devices connected to the network, whereas VLANs can be used to connect different computers into VLANs and join them together in the same broadcast domain If the VLANs are connected using a single network link, Trunking Protocols may be used to provide connectivity Security features like port authentication can be used to require a client to authenticate to a server before gaining access to a port Some switches will also provide the fea-ture of port mirroring, so that data sent to one port can be sent to hardware or software that monitor network traffic As you can see by this, switches have evolved over the years Although they still have the primary purpose of direct-ing network traffic, they are a critical component of any larger network
ExAM oBJECTIvES FAST TrACK
understanding Switches
Switches provide services that are similar to those found in
Ether-■
■
net hubs A switch takes data from a cable connected to its port, but unlike a hub that forwards the data through all of its other ports, a switch will forward the packet only to the computer that the data is intended for
Broadcast messages are the messages that are sent out to all of the
■
■
nodes in a broadcast domain A broadcast domain is a logical divi-sion of computers that can communicate with one another using broadcast messages
The OSI model is a reference model that is used to map different
■
■
functions of network communication Types of switches are often identified by how they relate to specific layers of this model
Basic Switches
Basic switches look at the MAC address of a packet to determine
■
■
where it is destined The MAC address is unique to the NIC and makes it identifiable on the network
Layer 2 switches work at the data link layer (Layer 2) and look at
■
■
the MAC address of the packet to determine where it is to be sent Switches are also sometimes referred to as multiport bridges, because
■
■
they can perform the same functions as a bridge They can connect two LANs together or segment a large LAN into two smaller ones
Trang 8Multilayer Switches
A
■
■ multilayer switch (also called a Layer 3 switch) works by
utiliz-ing switchutiliz-ing tables and switchutiliz-ing algorithms to determine how
to send data via MAC addressing from host to host or device to
device
Layer 3 switches work at the network layer of the OSI model and
■
■
have an integrated router function that allows it to make decisions
as to where the data should be sent
A Layer 3 switch is built into a Layer 2 switch so data does not have
■
■
to be sent to a router; that is, the router is built into the circuitry of
the switch so the data is routed as quickly as the switch can send
it to itself – much quicker than one device trying to send data to
another device
Content Switches
Content switches use Layers 4 to 7 of the OSI Model, and rather
■
■
than looking at the individual packets being transmitted, they can
use sessions to transmit data between machines
Switches that use the upper layers of the OSI model have the ability
■
■
to look at the content of the data being transmitted
Content switches take advantage of caching and load balancing so
■
■
that the amount of data transmitted across networks and requests
processed by a server are reduced
Advanced Features of a Switch
A VLAN allows messages to be broadcast to all of the network
■
■
devices that are in the same broadcast domain
Trunking is used to allow multiple VLANs to communicate with
■
■
one another across a single network link
PoE is a technology in which electrical power can be transferred
■
■
over standard twisted-pair cables
Port mirroring is used to allow all of the data sent or received on one
■
■
port or VLAN is copied to another port, and is also known as a SPAN
or RAP The copied data can then be used by hardware or software to
monitor the data, as in situations where IDS are used
Trang 9The STP is used to prevent broadcast storms that result from
■
■
looping
Port authentication is a process in which access to a port is given to
■
■
a client by having it first authenticate to a server
FrEquENTly ASKEd quESTIoNS
I am creating a small home-based network that will connect several Q:
different computers together Because switches are commonly used
on our network at the office, should I use one for this network as well?
A hub would be a better solution, as they are less expensive and A:
the features of a switch aren’t really necessary for this situation Although switches are the optimum choice for networks, they aren’t always the best choice for small networks consisting of sev-eral computers In most cases where there are just a few computers connected together, a switch would be overkill and a more costly solution
I am creating a new Ethernet network that will consist of a few Q:
dozen employees and will expand greatly over the next few years Which device should I use to connect users together on the net-work and still have the ability to expand as the netnet-work grows?
A switch is similar to a hub in that it will take data from one cable, A:
regenerate the signal, and then resend it What makes a switch different is that it will take the data sent to one port on the switch, and then determine which of the other ports will allow the data
to get to its intended destination Switches have also incorporated many of the functions previously provided by other network devices, and can be connected together when there is a need to expand the network
SElF TEST
You have purchased a basic switch for your network that can look
1
at information within a packet of data and send it to its destination address It has no additional features What kind of switch is this?
A Layer 2
B Layer 3
Trang 10Layer 4
D Layer 5
A broadcast message is sent by a computer onto the network
2
Which of the following will occur when the switch receives the
broadcast message?
A The message will be sent to all computers on the network
B The message will be sent to all computers in the same broadcast
domain
C The message will not be sent because switches will only send
messages between two nodes
D The message will not be sent because switches are designed to
always ignore broadcast messages
You are looking into purchasing a new switch for your network You
3
want the switch to be able to route packets of data based on the
uniform resource locator included with the packet Which switch
type should you buy?
A Layer 2
B Layer 3
C Layer 4
D Layer 5
A switch on your network is designed to look at the MAC address
4
of incoming data, and then use switching tables and algorithms to
properly route data to its intended destination What type of switch
is being used?
A Layer 2
B Layer 3
C Layer 4
D Layer 5
Your company has just purchased a smaller rival business, and
5
now wants you to connect the two networks together Your
com-pany’s existing network is twice the size of the new network To
get these two networks connected together, which of the following
will you do?
A Install a VLAN to connect the two networks together
B Install a switch to connect to the two networks together