Chapter 2: Basic Switch Concepts and Configuration

• The switch provides dynamic addressing by learning the source MAC address of each frame that it receives on each port, and then adding the source MAC address and its associated port[r]

CCNA – Semester3

Chapter 2: Basic Switch Concepts

and Configuration

CCNA Exploration 4.0

• Summarize the operation of Ethernet as defined for

100/1000 Mbps LANs in the IEEE 802.3 standard

• Explain the functions that enable a switch to forward

Ethernet frames in a LAN

• Configure a switch for operation in a network

designed to support voice, video, and data transmissions

• Configure basic security on a switch that will operate

in a network designed to support voice, video, and data transmissions

Introduction to Ethernet/802.3 LANs

CSMA/CD

CSMA/CD

• Ethernet Frame:

• Ethernet Address

Duplex Settings

• The Cisco Catalyst switches have three settings:

– The auto option sets autonegotiation of duplex mode

With autonegotiation enabled, the two ports communicate

to decide the best mode of operation

– The full option sets full-duplex mode.

– The half option sets half-duplex mode.

MAC Addressing and Switch MAC Address

Tables

MAC Addressing and Switch MAC Address

Tables

MAC Addressing and Switch MAC Address

Tables

Design Considerations for Ethernet/802.3

Networks

• Bandwidth and Throughput

– A major disadvantage of Ethernet 802.3 networks is

collisions

• Collision domains:

Broadcast Domains:

• Although switches filter most

frames based on MAC addresses, they do not filter

broadcast frames For other switches on the LAN to get

broadcasted frames, broadcast frames must be forwarded by switches A collection of interconnected switches forms a

single broadcast domain Only a Layer 3 entity, such as a

router, or a virtual LAN (VLAN), can stop a Layer 2

broadcast domain Routers and VLANs are used to segment both collision and broadcast domains The use of VLANs to segment broadcast domains will be discussed in the next

chapter

Design Considerations for Ethernet/802.3

Networks

Network Latency

• The time source NIC place voltage pulses on the wire and

the time the receiving NIC interpret these pulses

• The actual propagation delay as the signal takes time to

travel along the cable

• Latency is added according to which networking devices

Network Congestion

• The primary reason for segmenting a LAN into smaller parts

is to isolate traffic and to achieve better use of bandwidth per user Without segmentation, a LAN quickly becomes clogged with traffic and collisions

• The most common causes of network congestion:

– Increasingly powerful computer and network

technologies

– Increasing volume of network traffic

– High-bandwidth applications

rarely seen in a modern switched LAN.

LAN Segmentation

LAN Design Considerations

Controlling Network Latency

• Consider the latency caused by each device on the network

– A core level switch supporting 48 ports, running at 1000 Mb/s full duplex requires 96 Gb/s internal throughput if it

is to maintain full wire-speed across all ports

simultaneously

• Higher OSI layer devices can also increase latency on a

network

– A router must strip away the Layer 2 fields in a frame in

order to interpret layer 3 addressing information The

extra processing time causes latency

– Balance the use of higher layer devices to reduce network latency with the need to prevent contention from

broadcast traffic or the high collision rates

Removing Bottlenecks

Activity 2.1.3.2

Forwarding Frames using a Switch

• Store-and-forward – The entire frame is received before

any forwarding takes place

• Cut-through – The frame is forwarded through the switch

before the entire frame is received

There are two variants of cut-through switching:

• Fast-forward – switching immediately forwards a packet

after reading the destination address

• Fragment-free – Fragment-free switching filters out collision fragments ( < 64 bytes ) before forwarding begins

Switch Forwarding Methods

• In port-based memory buffering frames are stored in

queues that are linked to specific incoming ports

• Shared memory buffering deposits all frames into a

common memory buffer which all the ports on the switch

share

Memory buffering

Layer 3 Switch and Router Comparison

Activity 2.2.4.3

Navigating CLI Modes

GUI-based Alternatives to the CLI

Cisco Network Assistant Cisco Device Manager

Cisco View SNMP Network Manager

Console Error Messages

The Switch Boot Sequence

The boot sequence of a Cisco switch:

• The switch loads the boot loader software from NVRAM

• The boot loader:

– Performs low-level CPU initialization

– Performs POST for the CPU subsystem

– Initializes the flash file system on the system board

– Loads a default operating system software image into memory and

boots the switch

• The operating system runs using the config.text file, stored in the switch flash storage.

The boot loader can help you recover from an operating system crash:

• Provides access into the switch if the operating system has problems

serious enough that it cannot be used.

• Provides access to the files stored on flash before the operating system

is loaded.

• Use the boot loader command line to perform recovery operations.

• PC or terminal is connected to the console port

• Terminal emulator application, such as HyperTerminal, is

running and configured correctly

SYST LED rapidly blinks green If the switch fails POST, the SYST LED turns amber When a switch fails the POST test,

it is necessary to repair the switch

Basic Switch Configuration

• Management Interface Considerations

• Configure Management Interface

Basic Switch Configuration

• Configure Default Gateway

• Verity Configuration

Basic Switch Configuration

• Configure Duplex and Speed

• Configure a Web Interface

Basic Switch Configuration

Managing the MAC Address Table

• Dynamic addresses are source MAC addresses that the

switch learns and then ages when they are not in use You can change the aging time setting for MAC addresses The default time is 300 seconds

• The switch provides dynamic addressing by learning the

source MAC address of each frame that it receives on

each port, and then adding the source MAC address and

its associated port number to the MAC address table

• To create a static mapping in the MAC address table, use

the mac-address-table static <MAC address> vlan

{1-4096, ALL} interfaceinterface-id command.

Basic Switch Management

• Back up and Restore Switch Configurations

• Clearing Configuration Information

– Use erase nvram: or erase startup-config command

• Deleting a Stored Configuration File

– Use delete flash:filename command

Basic Switch Management

• 2.3.8.4

– Sw(config)#enalbe password cisco

– Sw(config)#enalbe secret class

• Configure Encrypted Passwords

Configure Password Options

Enable Password Recovery

• Step 1 Connect a terminal or PC with terminal-emulation software to the switch console port.

• Step 2 Set the line speed on the emulation software to 9600 baud.

• Step 3 Power off the switch Reconnect the power cord to the switch and within 15 seconds, press the Mode button while the System LED is still flashing green Continue pressing the Mode button until the System LED turns briefly amber and then solid green Then release the Mode button.

• Step 4 Initialize the Flash file system using the flash_init command.

• Step 5 Load any helper files using the load_helper command.

• Step 6 Display the contents of Flash memory using the dir flash

command.

• Step 7 Rename the configuration file to config.text.old, which contains

the password definition, using the rename flash:config.text

flash:config.text.old command.

Enable Password Recovery

• Step 8 Boot the system with the boot command

• Step 9 You are prompted to start the setup program Enter

N at the prompt, and then when the system prompts whether

to continue with the configuration dialog, enter N

• Step 10 At the switch prompt, enter privileged EXEC mode using the enable command

• Step 11 Rename the configuration file to its original name

using the rename flash:config.text.old flash:config.text

command

• Step 12 Copy the configuration file into memory using the

copy flash:config.text system:running-config command

Configure Password Options

Enable Password Recovery

• Step 13 Enter global configuration mode using the configure terminal command

• Step 14 Change the password using the enable

secretpassword command

• Step 15 Return to privileged EXEC mode using the exit

command

• Step 16 Write the running configuration to the startup

configuration file using the copy running-config startup-config command

• Step 17 Reload the switch using the reload command

• The Cisco IOS command set includes a feature that allows you to configure messages that anyone logging onto the

switch sees These messages are called login banners and message of the day (MOTD) banners

– Sw(config)#banner motd “string”

Configure Telnet and SSH

the switch acts like a hub and forwards the frame out every port on the switch.

Common Security Attacks

• MAC Address Flooding (cont.)

Common Security Attacks

• MAC Address Flooding (cont.)

Common Security Attacks

Spoofing Attacks

Common Security Attacks

• CDP attacks: CDP contains information about the device,

such as the IP address, software version, platform,

capabilities, and the native VLAN When this information is available to an attacker, they can use it to find exploits to

attack your network, typically in the form of a Denial of

Service (DoS) attack

Security Tools

• Network Security Tools perform these functions:

• Network Security Audits help you to:

– Reveal what sort of information an attacker can gather

simply by monitoring network traffic

– Determine the ideal amount of spoofed MAC addresses

to remove

– Determine the age-out period of the MAC address table

• Network Penetration Testing helps you to

– Identify weaknesses within the configuration of your

networking devices

– Launch numerous attacks to test your network

– Caution: Plan penetration tests to avoid network

performance impacts

Configuring Port Security

Configuring Port Security

Configuring Port Security

Configuring Port Security

Activity 2.4.7.2