Tải bản đầy đủ (.pdf) (80 trang)

Chapter 2: Basic Switch Concepts and Configuration

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.12 MB, 80 trang )

<span class='text_page_counter'>(1)</span><div class='page_container' data-page=1>

<b>CCNA – Semester3</b>


<b>Chapter 2: Basic Switch Concepts</b>


<b>and Configuration</b>



</div>
<span class='text_page_counter'>(2)</span><div class='page_container' data-page=2>

<b>Objectives</b>



Summarize the operation of Ethernet as defined for
100/1000 Mbps LANs in the IEEE 802.3 standard.


Explain the functions that enable a switch to forward
Ethernet frames in a LAN.


Configure a switch for operation in a network
designed to support voice, video, and data
transmissions.


</div>
<span class='text_page_counter'>(3)</span><div class='page_container' data-page=3>

3


</div>
<span class='text_page_counter'>(4)</span><div class='page_container' data-page=4></div>
<span class='text_page_counter'>(5)</span><div class='page_container' data-page=5>

5
5


</div>
<span class='text_page_counter'>(6)</span><div class='page_container' data-page=6></div>
<span class='text_page_counter'>(7)</span><div class='page_container' data-page=7>

7
7


</div>
<span class='text_page_counter'>(8)</span><div class='page_container' data-page=8></div>
<span class='text_page_counter'>(9)</span><div class='page_container' data-page=9>

9


<b>Ethernet Communications</b>



Ethernet Communications:



– Unicast


– Broadcast


</div>
<span class='text_page_counter'>(10)</span><div class='page_container' data-page=10>

<b>Ethernet Communications</b>



Ethernet Frame:


</div>
<span class='text_page_counter'>(11)</span><div class='page_container' data-page=11>

11


</div>
<span class='text_page_counter'>(12)</span><div class='page_container' data-page=12>

<b>Switch Port Settings</b>



The Cisco Catalyst switches have three settings:


– <i><b>The auto option sets autonegotiation of duplex mode. </b></i>


With autonegotiation enabled, the two ports communicate
to decide the best mode of operation.


– <i><b>The full option sets full-duplex mode.</b></i>


– <i><b>The half option sets half-duplex mode.</b></i>


Auto-MDIX


</div>
<span class='text_page_counter'>(13)</span><div class='page_container' data-page=13>

13


</div>
<span class='text_page_counter'>(14)</span><div class='page_container' data-page=14></div>
<span class='text_page_counter'>(15)</span><div class='page_container' data-page=15>

15


</div>
<span class='text_page_counter'>(16)</span><div class='page_container' data-page=16></div>
<span class='text_page_counter'>(17)</span><div class='page_container' data-page=17>

17



</div>
<span class='text_page_counter'>(18)</span><div class='page_container' data-page=18></div>
<span class='text_page_counter'>(19)</span><div class='page_container' data-page=19>

19


<b>Design Considerations for Ethernet/802.3 </b>


<b>Networks</b>



Bandwidth and Throughput


– A major disadvantage of Ethernet 802.3 networks is
collisions.


</div>
<span class='text_page_counter'>(20)</span><div class='page_container' data-page=20>

<b>Design Considerations for Ethernet/802.3 </b>


<b>Networks</b>



<b>Broadcast Domains:</b>


Although switches filter most


frames based on MAC addresses, they do not filter


broadcast frames. For other switches on the LAN to get


broadcasted frames, broadcast frames must be forwarded by
switches. A collection of interconnected switches forms a


single broadcast domain. Only a Layer 3 entity, such as a
router, or a virtual LAN (VLAN), can stop a Layer 2


</div>
<span class='text_page_counter'>(21)</span><div class='page_container' data-page=21>

21



<b>Design Considerations for Ethernet/802.3 </b>


<b>Networks</b>



<b>Network Latency</b>


The time source NIC place voltage pulses on the wire and
the time the receiving NIC interpret these pulses.


The actual propagation delay as the signal takes time to
travel along the cable.


</div>
<span class='text_page_counter'>(22)</span><div class='page_container' data-page=22>

<b>Design Considerations for Ethernet/802.3 </b>


<b>Networks</b>



<b>Network Congestion</b>


The primary reason for segmenting a LAN into smaller parts
is to isolate traffic and to achieve better use of bandwidth per
user. Without segmentation, a LAN quickly becomes clogged
with traffic and collisions.


The most common causes of network congestion:


– Increasingly powerful computer and network
technologies.


– Increasing volume of network traffic.


</div>
<span class='text_page_counter'>(23)</span><div class='page_container' data-page=23>

23



<b>Design Considerations for Ethernet/802.3 </b>


<b>Networks</b>



<b>LAN Segmentation</b>


</div>
<span class='text_page_counter'>(24)</span><div class='page_container' data-page=24>

<b>Design Considerations for Ethernet/802.3 </b>


<b>Networks</b>



</div>
<span class='text_page_counter'>(25)</span><div class='page_container' data-page=25>

25


<b>LAN Design Considerations</b>



<b>Controlling Network Latency</b>


Consider the latency caused by each device on the network.


– A core level switch supporting 48 ports, running at 1000
Mb/s full duplex requires 96 Gb/s internal throughput if it
is to maintain full wire-speed across all ports


simultaneously.


Higher OSI layer devices can also increase latency on a
network.


– A router must strip away the Layer 2 fields in a frame in
order to interpret layer 3 addressing information. The
extra processing time causes latency.


– Balance the use of higher layer devices to reduce network


latency with the need to prevent contention from


</div>
<span class='text_page_counter'>(26)</span><div class='page_container' data-page=26>

<b>LAN Design Considerations</b>



<b>Removing Bottlenecks</b>


</div>
<span class='text_page_counter'>(27)</span><div class='page_container' data-page=27>

27


</div>
<span class='text_page_counter'>(28)</span><div class='page_container' data-page=28>

<b>Store-and-forward</b> – The entire frame is received before


any forwarding takes place


<b>Cut-through</b> – The frame is forwarded through the switch


before the entire frame is received


</div>
<span class='text_page_counter'>(29)</span><div class='page_container' data-page=29>

29


There are two variants of cut-through switching:


<b>Fast-forward</b> – switching immediately forwards a packet


after reading the destination address.


<b>Fragment-free</b> – Fragment-free switching filters out collision


fragments ( < 64 bytes ) before forwarding begins.


</div>
<span class='text_page_counter'>(30)</span><div class='page_container' data-page=30></div>
<span class='text_page_counter'>(31)</span><div class='page_container' data-page=31>

31



In port-based memory buffering frames are stored in
queues that are linked to specific incoming ports


Shared memory buffering deposits all frames into a


common memory buffer which all the ports on the switch
share


</div>
<span class='text_page_counter'>(32)</span><div class='page_container' data-page=32></div>
<span class='text_page_counter'>(33)</span><div class='page_container' data-page=33>

33


<b>Layer 3 Switch and Router Comparison</b>



</div>
<span class='text_page_counter'>(34)</span><div class='page_container' data-page=34></div>
<span class='text_page_counter'>(35)</span><div class='page_container' data-page=35>

35


</div>
<span class='text_page_counter'>(36)</span><div class='page_container' data-page=36></div>
<span class='text_page_counter'>(37)</span><div class='page_container' data-page=37>

37


<b>GUI-based Alternatives to the CLI</b>



</div>
<span class='text_page_counter'>(38)</span><div class='page_container' data-page=38></div>
<span class='text_page_counter'>(39)</span><div class='page_container' data-page=39>

39


</div>
<span class='text_page_counter'>(40)</span><div class='page_container' data-page=40></div>
<span class='text_page_counter'>(41)</span><div class='page_container' data-page=41>

41


<b>The Switch Boot Sequence</b>



The boot sequence of a Cisco switch:


• The switch loads the boot loader software from NVRAM


• The boot loader:



– Performs low-level CPU initialization


– Performs POST for the CPU subsystem


– Initializes the flash file system on the system board


– Loads a default operating system software image into memory and
boots the switch


• The operating system runs using the config.text file, stored in the switch
flash storage.


The boot loader can help you recover from an operating system crash:


• Provides access into the switch if the operating system has problems
serious enough that it cannot be used.


• Provides access to the files stored on flash before the operating system
is loaded.


</div>
<span class='text_page_counter'>(42)</span><div class='page_container' data-page=42>

<b>Prepare to Configure the Switch</b>



Step 1:


PC or terminal is connected to the console port


Terminal emulator application, such as HyperTerminal, is
running and configured correctly.


Step 2:



Attach the power cable plug to the switch power supply
socket.


Step 3:


When the switch is on, the POST begins. During POST, the
LEDs blink while a series of tests determine that the switch is
functioning properly. When the POST has completed, the


</div>
<span class='text_page_counter'>(43)</span><div class='page_container' data-page=43>

43


<b>Basic Switch Configuration</b>



</div>
<span class='text_page_counter'>(44)</span><div class='page_container' data-page=44>

<b>Basic Switch Configuration</b>



</div>
<span class='text_page_counter'>(45)</span><div class='page_container' data-page=45>

45


<b>Basic Switch Configuration</b>



</div>
<span class='text_page_counter'>(46)</span><div class='page_container' data-page=46>

<b>Basic Switch Configuration</b>



</div>
<span class='text_page_counter'>(47)</span><div class='page_container' data-page=47>

47


<b>Basic Switch Configuration</b>



</div>
<span class='text_page_counter'>(48)</span><div class='page_container' data-page=48>

<b>Basic Switch Configuration</b>



</div>
<span class='text_page_counter'>(49)</span><div class='page_container' data-page=49>

49



<b>Basic Switch Configuration</b>



Managing the MAC Address Table


Dynamic addresses are source MAC addresses that the
switch learns and then ages when they are not in use. You
can change the aging time setting for MAC addresses. The
default time is 300 seconds.


The switch provides dynamic addressing by learning the
source MAC address of each frame that it receives on
each port, and then adding the source MAC address and
its associated port number to the MAC address table.


To create a static mapping in the MAC address table, use
<i><b>the mac-address-table static <MAC address> vlan </b></i>


</div>
<span class='text_page_counter'>(50)</span><div class='page_container' data-page=50></div>
<span class='text_page_counter'>(51)</span><div class='page_container' data-page=51>

51


<b>Basic Switch Management</b>



</div>
<span class='text_page_counter'>(52)</span><div class='page_container' data-page=52>

<b>Basic Switch Management</b>



Back up and Restore Switch Configurations


Clearing Configuration Information


– <i><b>Use erase nvram: or erase startup-config command</b></i>


Deleting a Stored Configuration File


</div>
<span class='text_page_counter'>(53)</span><div class='page_container' data-page=53>

53


<b>Basic Switch Management</b>



</div>
<span class='text_page_counter'>(54)</span><div class='page_container' data-page=54></div>
<span class='text_page_counter'>(55)</span><div class='page_container' data-page=55>

55


<b>Configure Password Options</b>



Console password


– Sw(config)#line console 0


– <i>Sw(config-line)#password cisco</i>


– Sw(config-lien)#login


Line vty password


– Sw(config)#line vty 0 4


– <i>Sw(config-line)#password cisco</i>


– Sw(config-lien)#login


Enable password:


– <i>Sw(config)#enalbe password cisco</i>


</div>
<span class='text_page_counter'>(56)</span><div class='page_container' data-page=56>

<b>Configure Password Options</b>




</div>
<span class='text_page_counter'>(57)</span><div class='page_container' data-page=57>

57


<b>Configure Password Options</b>



<b>Enable Password Recovery</b>


• Step 1. Connect a terminal or PC with terminal-emulation software to the
switch console port.


• Step 2. Set the line speed on the emulation software to 9600 baud.


• Step 3. Power off the switch. Reconnect the power cord to the switch and
within 15 seconds, press the Mode button while the System LED is still
flashing green. Continue pressing the Mode button until the System LED
turns briefly amber and then solid green. Then release the Mode button.


• <i><b>Step 4. Initialize the Flash file system using the flash_init command.</b></i>


• <i><b>Step 5. Load any helper files using the load_helper command.</b></i>


• Step 6. Display the contents of Flash memory using the dir flash
command.


• Step 7. Rename the configuration file to config.text.old, which contains
the password definition, using the rename flash:config.text


</div>
<span class='text_page_counter'>(58)</span><div class='page_container' data-page=58>

<b>Configure Password Options</b>



<b>Enable Password Recovery</b>



Step 8. Boot the system with the boot command.


Step 9. You are prompted to start the setup program. Enter
N at the prompt, and then when the system prompts whether
to continue with the configuration dialog, enter N.


Step 10. At the switch prompt, enter privileged EXEC mode
using the enable command.


Step 11. Rename the configuration file to its original name
using the rename flash:config.text.old flash:config.text


command.


</div>
<span class='text_page_counter'>(59)</span><div class='page_container' data-page=59>

59


<b>Configure Password Options</b>



<b>Enable Password Recovery</b>


Step 13. Enter global configuration mode using the configure
terminal command.


Step 14. Change the password using the enable
secretpassword command.


Step 15. Return to privileged EXEC mode using the exit
command.



Step 16. Write the running configuration to the startup


configuration file using the copy running-config startup-config
command.


</div>
<span class='text_page_counter'>(60)</span><div class='page_container' data-page=60>

<b>Login Banners</b>



The Cisco IOS command set includes a feature that allows
you to configure messages that anyone logging onto the
switch sees. These messages are called login banners and
message of the day (MOTD) banners.


</div>
<span class='text_page_counter'>(61)</span><div class='page_container' data-page=61>

61


</div>
<span class='text_page_counter'>(62)</span><div class='page_container' data-page=62>

<b>Common Security Attacks</b>



</div>
<span class='text_page_counter'>(63)</span><div class='page_container' data-page=63>

63


<b>Common Security Attacks</b>



</div>
<span class='text_page_counter'>(64)</span><div class='page_container' data-page=64>

<b>Common Security Attacks</b>



</div>
<span class='text_page_counter'>(65)</span><div class='page_container' data-page=65>

65


<b>Common Security Attacks</b>



</div>
<span class='text_page_counter'>(66)</span><div class='page_container' data-page=66>

<b>Common Security Attacks</b>



</div>
<span class='text_page_counter'>(67)</span><div class='page_container' data-page=67>

67



<b>Common Security Attacks</b>



</div>
<span class='text_page_counter'>(68)</span><div class='page_container' data-page=68>

<b>Common Security Attacks</b>



</div>
<span class='text_page_counter'>(69)</span><div class='page_container' data-page=69>

69


<b>Common Security Attacks</b>



CDP attacks: CDP contains information about the device,
such as the IP address, software version, platform,


</div>
<span class='text_page_counter'>(70)</span><div class='page_container' data-page=70></div>
<span class='text_page_counter'>(71)</span><div class='page_container' data-page=71>

71


<b>Security Tools</b>



Network Security Tools perform these functions:


Network Security Audits help you to:


– Reveal what sort of information an attacker can gather
simply by monitoring network traffic.


– Determine the ideal amount of spoofed MAC addresses
to remove.


– Determine the age-out period of the MAC address table


Network Penetration Testing helps you to


– Identify weaknesses within the configuration of your


networking devices


– Launch numerous attacks to test your network


</div>
<span class='text_page_counter'>(72)</span><div class='page_container' data-page=72></div>
<span class='text_page_counter'>(73)</span><div class='page_container' data-page=73>

73


</div>
<span class='text_page_counter'>(74)</span><div class='page_container' data-page=74></div>
<span class='text_page_counter'>(75)</span><div class='page_container' data-page=75>

75


</div>
<span class='text_page_counter'>(76)</span><div class='page_container' data-page=76></div>
<span class='text_page_counter'>(77)</span><div class='page_container' data-page=77>

77


</div>
<span class='text_page_counter'>(78)</span><div class='page_container' data-page=78></div>
<span class='text_page_counter'>(79)</span><div class='page_container' data-page=79>

79


<b>Configuring Port Security</b>



</div>
<span class='text_page_counter'>(80)</span><div class='page_container' data-page=80></div>

<!--links-->

Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×