Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

File

advertisement 
RA Chapter 2
Donnelly
Basic Switch Configuration
Lan switches are responsible for directing and controlling the data flow at the access
layer to networked resources and switches are used to connect multiple devices together. The
cisco switches are self-configuring and cisco switches run cisco IOS and can be manually
configured to your expectations. Cisco switches can be managed bother remotely and locally.
Switches operate at the access payer where client network devices connect directly to the
network and IT departments want uncomplicated network access for the users. The cisco
switch goes through post once it is turned on, this process test the CPU, DRAM and the portion
of the flash device that makes up the flash file system. The second thing that the switch goes
through is the boot loader software, this is a small program stored in the ROM and is running
immediately after the post is successful. The third thing is the boot loader performs low-level
CPU initialization and It initializes the CPU registers, which control where physical memory is
mapped, the quantity of memory, and its speed. The second last thing is the boot loader
initializes the flash file. The last thing it goes through is loads the default IOS operating system
software image into memory and hands control to the IOS. The IOS operating system then
initializes the interfaces using the cisco ios commands found in the configuration. Boot loader
command line supports commands ot format the flash file system and reinstall the operating
system software. The cisco switches have many different led lights on them and just some of
them are the system led that shows whether the system is receiving power and it is functioning
correctly. Another kind of light that is on the switch is the Redundant Power system led, this
shows the RPS status if the light is off it is not connected correctly, if it is green that means it is
ready to provide back-up power. If it is blinking it is connected but is unable because it is
providing power to another device. Another type of light is the port speed light this indicates
the port speed mode is selected. When the port displays different colors they all mean different
things like green is the port is operating at 100 mb/s. Preparing a switch for remote
management access is a big thing. You must configure the switch with an IP address and a
subnet mask. The switch also must need a default gateway to keep manage of the switch. A
switch is configured to have management of the switch controlled though vlan 1 by default.
Configure Switch Ports
Switch ports can be configured with specific duplex and speed settings. Use the duplex
interface configuration mode command to manually specify the duplex mode for switch port.
Full duplex is communication that improves performance of a switched LAN, it also increases
effective bandwidth by allowing both ends of a connection to transmit and receive data
simultaneously. Half duplex is when the communication creates performance issues because
data can flow in only one direction at a time, often resulting in collisions and this is typically
seen in older hardware such as hubs. Full duplex offers 100 percent in both directions and
while half-duplex offers 100percent one-way only. When connecting to switches without the
auto MDIX feature, the straight through cables must be used to connect to devices such as
servers, workstations, or routers and crossover cables, they must be used to connect to other
switched or repeaters. With auto-MDIX enabled, either type of cable can be used to connect to
other devices, and the interface automatically corrects for any incorrect cabling. However, on
newer Cisco routers and switches, the mdix auto interface configuration mode command
enables the feature. The show interfaces command is to show the interfaces and this is
commonly used when configuring and monitoring network devices such as computers and
other devices connected to the switch. You can shut off the ports that you do not use and only
have the ones open that you want open and that you use. You can set it up if someone plugs in
a computer to a port that is not supposed to be active it will shut the switch off if you plug it in.
If the interface is, up and up that means it is working without any problems but if it says up and
down that means you have a problem and it is not working the right way.
Switching Security: Management and Implementation
SSH is called Secure Shell this is a protocol that provides a secure management
connection to a remote device. SSH provides security for remote connections by providing
strong encryption when a device is authenticated with a username and some sort of password.
The main thing to know is how to enable SSH on a switch and especially on a cisco switch, in
order to do so you need to make sure that it is using the right version of IOS. To find out what
the version is you need to issue the command show version and it will display the version that
the switch is. In order to configure SSH your switch needs a hostname and have the correct
network connection. First you need to verify SSH support, than Configure the Ip domain, then
you need to Generate RSA key pairs. The fourth step is to configure user authentication than
you go on to step five and that is to configure the vty lines. The very last step is to enable SSH
version 2. If you issue the command show ip SSH shows the data configured and the version on
that device you configured. But if you issue the command show SSH this checks the connections
to the device. SSH should replace Telnet for management connections, but telnet uses insecure
plaintext communications. SSH provides security for remote connections by providing strong
encryption of all transmitted data between devices. The MAC address table in a switch contains
the MAC addresses associated with each physical port and the associated VLAN for each port.
When a Layer 2 switch receives a frame, the switch looks in the MAC address table for the
destination MAC address. In DHCP spoofing attacks, an attacker configures a fake DHCP server
on the network to issue IP addresses to clients. DHCP starvation is often used before a DHCP
spoofing attack to deny service to the legitimate DHCP server, making it easier to introduce a
fake DHCP server into the network. The Telnet protocol is insecure and can be used by an
attacker to gain remote access to a Cisco network device. There are tools available that allow
an attacker to launch a brute force password-cracking attack against the vty lines on the switch.
Some of the best security practices are, control physical access to devices, perform backups and
test the backed up files on a regular basis and one last one is to shut down unused services and
ports. Network security tools help a network administrator test a network for weaknesses.
Using one of these tools, an administrator can launch an attack against the network and audit
the results to determine how to adjust security policies to mitigate those types of attacks.
Different switches support varying numbers of MAC addresses in their MAC table. It can be
difficult to determine the ideal amount of spoofed MAC addresses to send to the switch. A
network administrator also has to contend with the age-out period of the MAC address table. If
the spoofed MAC addresses start to age out while performing a network audit, valid MAC
addresses start to populate the MAC address table, and limiting the data that could be
monitored with a network-auditing tool. Port security can be configured to allow one or more
MAC addresses. If the number of MAC addresses allowed on the port is limited to one, then
only the device with that specific MAC address can successfully connect to the port. Static
secure MAC addresses and Dynamic secure MAC addresses are just some types of secure MAC
address types. Sticky MAC addresses are added to the MAC address table and to the running
configuration. When a port is configured with port security, a violation can cause the port to
become error disabled. Network Time Protocol is a protocol that is used to synchronize the
clocks of computer systems over packet-switched, variable-latency data networks. A secure
method of providing clocking for the network is for network administrators to implement their
own private network master clocks, synchronized to UTC.
Related documents
2.3.1.2 Packet Tracer - Skills Integration Challenge Instructions
2.3.1.2 Packet Tracer - Skills Integration Challenge Instructions
Ch1 Study Guide NET 2 Name
Ch1 Study Guide NET 2 Name
Packet Tracer - Skills Integration Challenge
Packet Tracer - Skills Integration Challenge
Part IV
Part IV
Sample Midterm
Sample Midterm
Packet Tracer - Skills Integration Challenge Instructions
Packet Tracer - Skills Integration Challenge Instructions
Buying a Computer - Mr. Minger's Website
Buying a Computer - Mr. Minger's Website
11.6.1.2 Packet Tracer - Skills Integration Challenge Instructions
11.6.1.2 Packet Tracer - Skills Integration Challenge Instructions
Download
advertisement