Đang tải... (xem toàn văn)
• The switch provides dynamic addressing by learning the source MAC address of each frame that it receives on each port, and then adding the source MAC address and its associated port[r]
(1)CCNA – Semester3
Chapter 2: Basic Switch Concepts and Configuration
(2)Objectives
• Summarize the operation of Ethernet as defined for 100/1000 Mbps LANs in the IEEE 802.3 standard
• Explain the functions that enable a switch to forward Ethernet frames in a LAN
• Configure a switch for operation in a network designed to support voice, video, and data transmissions
(3)3
(4)(5)5
(6)(7)7
(8)(9)9
Ethernet Communications
Ethernet Communications:
– Unicast
– Broadcast
(10)Ethernet Communications
• Ethernet Frame:
(11)11
(12)Switch Port Settings
• The Cisco Catalyst switches have three settings:
– The auto option sets autonegotiation of duplex mode
With autonegotiation enabled, the two ports communicate to decide the best mode of operation
– The full option sets full-duplex mode.
– The half option sets half-duplex mode.
• Auto-MDIX
(13)13
(14)(15)15
(16)(17)17
(18)(19)19
Design Considerations for Ethernet/802.3 Networks
• Bandwidth and Throughput
– A major disadvantage of Ethernet 802.3 networks is collisions
(20)Design Considerations for Ethernet/802.3 Networks
Broadcast Domains:
• Although switches filter most
frames based on MAC addresses, they not filter
broadcast frames For other switches on the LAN to get
broadcasted frames, broadcast frames must be forwarded by switches A collection of interconnected switches forms a
single broadcast domain Only a Layer entity, such as a router, or a virtual LAN (VLAN), can stop a Layer
(21)21
Design Considerations for Ethernet/802.3 Networks
Network Latency
• The time source NIC place voltage pulses on the wire and the time the receiving NIC interpret these pulses
• The actual propagation delay as the signal takes time to travel along the cable
(22)Design Considerations for Ethernet/802.3 Networks
Network Congestion
• The primary reason for segmenting a LAN into smaller parts is to isolate traffic and to achieve better use of bandwidth per user Without segmentation, a LAN quickly becomes clogged with traffic and collisions
• The most common causes of network congestion:
– Increasingly powerful computer and network technologies
– Increasing volume of network traffic
(23)23
Design Considerations for Ethernet/802.3 Networks
LAN Segmentation
(24)Design Considerations for Ethernet/802.3 Networks
(25)25
LAN Design Considerations
Controlling Network Latency
• Consider the latency caused by each device on the network
– A core level switch supporting 48 ports, running at 1000 Mb/s full duplex requires 96 Gb/s internal throughput if it is to maintain full wire-speed across all ports
simultaneously
• Higher OSI layer devices can also increase latency on a network
– A router must strip away the Layer fields in a frame in order to interpret layer addressing information The extra processing time causes latency
– Balance the use of higher layer devices to reduce network latency with the need to prevent contention from
(26)LAN Design Considerations
Removing Bottlenecks
(27)27
(28)• Store-and-forward – The entire frame is received before
any forwarding takes place
• Cut-through – The frame is forwarded through the switch
before the entire frame is received
(29)29
There are two variants of cut-through switching:
• Fast-forward – switching immediately forwards a packet
after reading the destination address
• Fragment-free – Fragment-free switching filters out collision
fragments ( < 64 bytes ) before forwarding begins
(30)(31)31
• In port-based memory buffering frames are stored in queues that are linked to specific incoming ports
• Shared memory buffering deposits all frames into a
common memory buffer which all the ports on the switch share
(32)(33)33
Layer Switch and Router Comparison
(34)(35)35
(36)(37)37
GUI-based Alternatives to the CLI
(38)(39)39
(40)(41)41
The Switch Boot Sequence
The boot sequence of a Cisco switch:
• The switch loads the boot loader software from NVRAM
• The boot loader:
– Performs low-level CPU initialization
– Performs POST for the CPU subsystem
– Initializes the flash file system on the system board
– Loads a default operating system software image into memory and boots the switch
• The operating system runs using the config.text file, stored in the switch flash storage
The boot loader can help you recover from an operating system crash:
• Provides access into the switch if the operating system has problems serious enough that it cannot be used
• Provides access to the files stored on flash before the operating system is loaded
(42)Prepare to Configure the Switch
Step 1:
• PC or terminal is connected to the console port
• Terminal emulator application, such as HyperTerminal, is running and configured correctly
Step 2:
• Attach the power cable plug to the switch power supply socket
Step 3:
• When the switch is on, the POST begins During POST, the LEDs blink while a series of tests determine that the switch is functioning properly When the POST has completed, the
(43)43
Basic Switch Configuration
(44)Basic Switch Configuration
(45)45
Basic Switch Configuration
(46)Basic Switch Configuration
(47)47
Basic Switch Configuration
(48)Basic Switch Configuration
(49)49
Basic Switch Configuration
Managing the MAC Address Table
• Dynamic addresses are source MAC addresses that the switch learns and then ages when they are not in use You can change the aging time setting for MAC addresses The default time is 300 seconds
• The switch provides dynamic addressing by learning the source MAC address of each frame that it receives on each port, and then adding the source MAC address and its associated port number to the MAC address table
• To create a static mapping in the MAC address table, use the mac-address-table static <MAC address> vlan
(50)(51)51
Basic Switch Management
(52)Basic Switch Management
• Back up and Restore Switch Configurations
• Clearing Configuration Information
– Use erase nvram: or erase startup-config command
• Deleting a Stored Configuration File
(53)53
Basic Switch Management
(54)(55)55
Configure Password Options
• Console password
– Sw(config)#line console
– Sw(config-line)#password cisco
– Sw(config-lien)#login
• Line vty password
– Sw(config)#line vty
– Sw(config-line)#password cisco
– Sw(config-lien)#login
• Enable password:
– Sw(config)#enalbe password cisco
(56)Configure Password Options
(57)57
Configure Password Options
Enable Password Recovery
• Step Connect a terminal or PC with terminal-emulation software to the switch console port
• Step Set the line speed on the emulation software to 9600 baud
• Step Power off the switch Reconnect the power cord to the switch and within 15 seconds, press the Mode button while the System LED is still flashing green Continue pressing the Mode button until the System LED turns briefly amber and then solid green Then release the Mode button
• Step Initialize the Flash file system using the flash_init command.
• Step Load any helper files using the load_helper command.
• Step Display the contents of Flash memory using the dir flash command
• Step Rename the configuration file to config.text.old, which contains the password definition, using the rename flash:config.text
(58)Configure Password Options
Enable Password Recovery
• Step Boot the system with the boot command
• Step You are prompted to start the setup program Enter N at the prompt, and then when the system prompts whether to continue with the configuration dialog, enter N
• Step 10 At the switch prompt, enter privileged EXEC mode using the enable command
• Step 11 Rename the configuration file to its original name using the rename flash:config.text.old flash:config.text
command
(59)59
Configure Password Options
Enable Password Recovery
• Step 13 Enter global configuration mode using the configure terminal command
• Step 14 Change the password using the enable secretpassword command
• Step 15 Return to privileged EXEC mode using the exit command
• Step 16 Write the running configuration to the startup
configuration file using the copy running-config startup-config command
(60)Login Banners
• The Cisco IOS command set includes a feature that allows you to configure messages that anyone logging onto the switch sees These messages are called login banners and message of the day (MOTD) banners
(61)61
(62)Common Security Attacks
(63)63
Common Security Attacks
(64)Common Security Attacks
(65)65
Common Security Attacks
(66)Common Security Attacks
(67)67
Common Security Attacks
(68)Common Security Attacks
(69)69
Common Security Attacks
• CDP attacks: CDP contains information about the device, such as the IP address, software version, platform,
(70)(71)71
Security Tools
• Network Security Tools perform these functions:
• Network Security Audits help you to:
– Reveal what sort of information an attacker can gather simply by monitoring network traffic
– Determine the ideal amount of spoofed MAC addresses to remove
– Determine the age-out period of the MAC address table
• Network Penetration Testing helps you to
– Identify weaknesses within the configuration of your networking devices
– Launch numerous attacks to test your network
(72)(73)73
(74)(75)75
(76)(77)77
(78)(79)79
Configuring Port Security
(80)