8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 1/144
Chapter 2: Basic switch concepts
and configurations
CCNA Ex loration 4.0
Please purchase apersonal license.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 2/144
Overview
Hc vin mng Bach Khoa - Website: www.bkacad.com 2
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 3/144
Key elements of Ethernet/802.3
networks
Hc vin mng Bach Khoa - Website: www.bkacad.com 3
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 4/144
Media Access Control (MAC)
•MAC refers to protocols thatdetermine which computeron a shared-medium
environment, or collisiondomain, is allowed totransmit the data.•MAC, with LLC, comprises
logical bustopology and
physical star orextended star
Deterministic, Non-Deterministic
Hc vin mng Bach Khoa - Website: www.bkacad.com 4
the IEEE version of the OSILayer 2•There are two broadcategories of Media AccessControl, deterministic (taking
turns) and non-deterministic(first come, first served)
topology and a
physical startopology
logical ringtopology andphysical dual-ring
topology
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 5/144
CSMA/CD
• CSMA/CD used withEthernet performs threefunctions:
1. Transmitting and receivingdata packets
2. Decoding data packetsand checking them for
listen-before-transmit
Hc vin mng Bach Khoa - Website: www.bkacad.com 5
valid addresses beforepassing them to the upperlayers of the OSI model
3. Detecting errors withindata packets or on the
network
Transmitting&listening.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 6/144
CSMA/CD
Flow chart
Hc vin mng Bach Khoa - Website: www.bkacad.com 6
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 7/144
•After a collision occurs andall stations allow the cable tobecome idle (each waits the
full inter-frame spacing)•The stations that collidedmust wait an additional andpotentially progressively
Backoff
Randomly Backoff Time
Hc vin mng Bach Khoa - Website: www.bkacad.com 7
onger per o o me e oreattempting to retransmit thecollided frame•The waiting period isintentionally designed to be
random•If the MAC layer is unable tosend the frame after 16attempts, it gives up andgenerates an error to thenetwork layer
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 8/144
Extra: Backoff
Hc vin mng Bach Khoa - Website: www.bkacad.com 8
then reschedule their frames for retransmission. The transmitting stations dothis by generating a period of time to wait before retransmission, which isbased on a random number chosen by each station and used in that station'sbackoff calculations.
• k= min(n,10) ; n= the number of transmission attempts
• 0<= r <2^k
• The backoff delay= r* slot time
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 9/144
Ethernet Slot Time
Hc vin mng Bach Khoa - Website: www.bkacad.com 9
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 10/144
Ethernet Slot Time
Hc vin mng Bach Khoa - Website: www.bkacad.com 10
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 11/144
Ethernet Communications
Hc vin mng Bach Khoa - Website: www.bkacad.com 11
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 12/144
Remind
Hc vin mng Bach Khoa - Website: www.bkacad.com 12
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 13/144
Ethernet frame structure
•At the data link layer the framestructure is nearly identical forall speeds of Ethernet from 10
Mbps to 10,000 Mbps•At the physical layer almost allversions of Ethernet aresubstantially different from
Hc vin mng Bach Khoa - Website: www.bkacad.com 13
having a distinct set ofarchitecture design rules•The Ethernet II Type field isincorporated into the current
802.3 frame definition. Thereceiving node must determinewhich higher-layer protocol ispresent in an incoming frameby examining the Length/Type
field
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 14/144
Ethernet frame structure
•The Preamble is used fortiming synchronization in theasynchronous 10 Mbps andslower implementations of
Ethernet. Faster versions ofEthernet are synchronous, andthis timing information isredundant but retained for
10101011
Synchronization, Address types
Hc vin mng Bach Khoa - Website: www.bkacad.com 14
compatibility•The Destination Address fieldcontains the MAC destinationaddress. It can be unicast,multicast (group), or broadcast
(all nodes)•The source address isgenerally the unicast addressof the transmitting Ethernet
node (can be virtual entity – group or multicast)
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 15/144
Ethernet frame structure
•The type value specifies theupper-layer protocol toreceive the data after
Ethernet processing iscompleted.•The length indicates thenumber of bytes of data that
Length if value < 1536 decimal,(0x600) need LLC to identify
upper protocol
Hc vin mng Bach Khoa - Website: www.bkacad.com 15
.
of the Data field are decodedper the protocol indicated)•The maximum transmissionunit (MTU) for Ethernet is
1500 octets, so the datashould not exceed that size•Ethernet requires that theframe be not less than 46octets or more than 1518
octets (Pad is required if notenou h data
Type if value => 1536 decimal,
(0x600) it identify upperprotocol
4bytesCRC
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 16/144
Naming on Ethernet
MAC ADDRESS
Hc vin mng Bach Khoa - Website: www.bkacad.com 16
•Ethernet uses MAC addresses that are 48 bits in length and expressed as12 hexadecimal digits
•Sometimes referred to as burned-in addresses (BIA) because they areburned into read-only memory (ROM) and are copied into random-access
memory (RAM) when the NIC initializes
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 17/144
OUI
Hc vin mng Bach Khoa - Website: www.bkacad.com 17
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 18/144
Ethernet in full duplex
Full-duplexFull-duplexF ul l - d u pl e
F ul l - d u pl ex
Collision occurs only in half-duplex
Hc vin mng Bach Khoa - Website: www.bkacad.com 18
• If the attached station is operating in full duplex then the station may
send and receive simultaneously and collisions should not occur.• Full-duplex operation also changes the timing considerations andeliminates the concept of slot time
• In half-duplex, if no collision, the sending station will transmit 64 bits(timing synchronization) preamble, DA, SA, certain other header
information, actual data payload, FCS
x
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 19/144
Ethernet in full duplex
Hc vin mng Bach Khoa - Website: www.bkacad.com 19
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 20/144
Ethernet in full duplex
Hc vin mng Bach Khoa - Website: www.bkacad.com 20
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 21/144
Extra: Half-duplex networks
Hc vin mng Bach Khoa - Website: www.bkacad.com 21
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 22/144
Note
• Fast Ethernet and 10/100/1000 ports: default is auto.
• 100BASE-FX ports: default is full.
• 10/100/1000 ports operate in either half- or full-duplexmode when they are set to 10 or 100 Mb/s, but when set to1,000 Mb/s, they operate only in full-duplex mode.
Hc vin mng Bach Khoa - Website: www.bkacad.com 22
• Default: when autonegotiation failsCatalyst switch setsthe corresponding switch port to half-duplex mode. Thistype of failure happens when an attached device does not
support autonegotiation.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 23/144
auto-MDIX
Hc vin mng Bach Khoa - Website: www.bkacad.com 23
• auto-MDIX is enabledswitch auto detects cable type can useeither a crossover or a straight-through
• The auto-MDIX feature is enabled by default on switches running CiscoIOS Release 12.2(18)SE or later. For releases between Cisco IOSRelease 12.1(14)EA1 and 12.2(18)SE, the auto-MDIX feature isdisabled by default.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 24/144
MAC Addressing and Switch MAC Address Tables
Hc vin mng Bach Khoa - Website: www.bkacad.com 24
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 25/144
MAC Addressing and Switch MAC Address Tables
Hc vin mng Bach Khoa - Website: www.bkacad.com 25
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 26/144
MAC Addressing and Switch MAC Address Tables
Hc vin mng Bach Khoa - Website: www.bkacad.com 26
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 27/144
MAC Addressing and Switch MAC Address Tables
Hc vin mng Bach Khoa - Website: www.bkacad.com 27
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 28/144
MAC Addressing and Switch MAC Address Tables
Hc vin mng Bach Khoa - Website: www.bkacad.com 28
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 29/144
MAC Addressing and Switch MAC Address Tables
Hc vin mng Bach Khoa - Website: www.bkacad.com 29
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 30/144
Design Considerations for Ethernet/802.3Networks
Hc vin mng Bach Khoa - Website: www.bkacad.com 30
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 31/144
Bandwidth and Throuhgput
Hc vin mng Bach Khoa - Website: www.bkacad.com 31
• Bandwidth is defined as the amount of information that can flow through anetwork connection in a given period of time.
• Throughput refers to actual measured bandwidth, at a specific time of day,using specific Internet routes, and while a specific set of data is transmitted onthe network.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 32/144
Collision Domains
Hc vin mng Bach Khoa - Website: www.bkacad.com 32
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 33/144
Collision Domains
Hc vin mng Bach Khoa - Website: www.bkacad.com 33
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 34/144
Broadcast Domains
Hc vin mng Bach Khoa - Website: www.bkacad.com 34
• The broadcast domain at Layer 2 is referred to as the MAC
broadcast domain.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 35/144
Broadcast Domains - Example
Hc vin mng Bach Khoa - Website: www.bkacad.com 35
When a switch receives a broadcast frame, it forwards the frame to each ofits ports, except the incoming port where the switch received the broadcastframe. Each attached device recognizes the broadcast frame and processesit.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 36/144
Broadcast Domains - Example
Hc vin mng Bach Khoa - Website: www.bkacad.com 36
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 37/144
Network Latency
Hc vin mng Bach Khoa - Website: www.bkacad.com 37
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 38/144
Network Congestion
• The primary reason for segmenting a LAN into smaller parts is toisolate traffic and to achieve better use of bandwidth per user.
–
Hc vin mng Bach Khoa - Website: www.bkacad.com 38
,
and collisions.• Causes of network congestion:
– Increasingly powerful computer and network technologies.
– Increasing volume of network traffic.
– High-bandwidth applications.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 39/144
LAN Segmentation
Hc vin mng Bach Khoa - Website: www.bkacad.com 39
• LANs are segmented into a number of smaller collision and broadcastdomains using routers and switches.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 40/144
LAN Segmentation
Hc vin mng Bach Khoa - Website: www.bkacad.com 40
S
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 41/144
LAN Segmentation
Hc vin mng Bach Khoa - Website: www.bkacad.com 41
LAN S i
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 42/144
LAN Segmentation
Hc vin mng Bach Khoa - Website: www.bkacad.com 42
C t lli N t k L t
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 43/144
Controlling Network Latency
Hc vin mng Bach Khoa - Website: www.bkacad.com 43
R i N t k B ttl k
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 44/144
Removing Network Bottlenecks
Hc vin mng Bach Khoa - Website: www.bkacad.com 44
Activity 2 1 3 2
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 45/144
Activity 2.1.3.2
Hc vin mng Bach Khoa - Website: www.bkacad.com 45
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 46/144
Forwarding Frames Using a Switch
Hc vin mng Bach Khoa - Website: www.bkacad.com 46
Switch Forwarding Methods
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 47/144
Switch Forwarding Methods
Hc vin mng Bach Khoa - Website: www.bkacad.com 47
Store and Forward Switching
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 48/144
Store- and- Forward Switching
Hc vin mng Bach Khoa - Website: www.bkacad.com 48
• Store-and-forward switching is required for Quality of Service (QoS)analysis on converged networks where frame classification for trafficprioritization is necessary.
Cut- Through Switching
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 49/144
Cut- Through Switching
Hc vin mng Bach Khoa - Website: www.bkacad.com 49
• There are 2 variants of cut-through switching:
– Fast-forward switching - immediately forwards a packet afterreading the destination address.
– Fragment-free switching - reads the first 64 bytes of an Ethernetframe and then begins forwarding it to the appropriate port or ports
Extra: Adaptive Cut- Through
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 50/144
Extra: Adaptive Cut- Through
Hc vin mng Bach Khoa - Website: www.bkacad.com 50
• Some switches are configured to perform cut-through switching on a
per-port basis until a user-defined error threshold is reached and thenthey automatically change to store-and-forward.
• When the error rate falls below the threshold, the port automaticallychanges back to cut-through switching.
Symmetric and Asymmetric Switching
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 51/144
Symmetric and Asymmetric Switching
Hc vin mng Bach Khoa - Website: www.bkacad.com 51
Most current switches are asymmetric switches
because this type of switch offers the greatest flexibility.
Memory Buffering
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 52/144
Memory Buffering
Hc vin mng Bach Khoa - Website: www.bkacad.com 52
• Port-based Memory Buffering
– A frame is transmitted to the outgoing port only when all the frames aheadof it in the queue have been successfully transmitted.
• Shared Memory Buffering – The frames in the buffer are linked dynamically to the destination port. This
allows the packet to be received on one port and then transmitted onanother port, without moving it to a different queue.
Layer 2 and Layer 3 Switching
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 53/144
Layer 2 and Layer 3 Switching
Hc vin mng Bach Khoa - Website: www.bkacad.com 53
Layer 3 Switch and Router Comparison
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 54/144
Layer 3 Switch and Router Comparison
Hc vin mng Bach Khoa - Website: www.bkacad.com 54
Review your understanding
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 55/144
Review your understanding
Hc vin mng Bach Khoa - Website: www.bkacad.com 55
Review your understanding
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 56/144
Review your understanding
Hc vin mng Bach Khoa - Website: www.bkacad.com 56
Review your understanding
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 57/144
y g
Hc vin mng Bach Khoa - Website: www.bkacad.com 57
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 58/144
Switch Management Configuration
Hc vin mng Bach Khoa - Website: www.bkacad.com 58
The Command Line Interface Modes
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 59/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 59
The Command Line Interface Modes
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 60/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 60
GUI-based Alternatives to the CLI
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 61/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 61
GUI-based Alternatives to the CLI
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 62/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 62
GUI-based Alternatives to the CLI
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 63/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 63
GUI-based Alternatives to the CLI
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 64/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 64
GUI-based Alternatives to the CLI
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 65/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 65
GUI-based Alternatives to the CLI
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 66/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 66
Context Sensitive Help
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 67/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 67
Console Error Messages
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 68/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 68
The Command History Buffer
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 69/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 69
Configure the Command History Buffer
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 70/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 70
Describe the Boot Sequence
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 71/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 71
Extra: Boot Loader Command Line
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 72/144
• During normal boot loader operation, you are not presented with theboot loader command-line prompt. You gain access to the boot loadercommand line if: – the switch is set to manually boot
– an error occurs during power-on self test (POST) DRAM testing – an error occurs while loading the operating system (a corruptedIOS image).
• You can also access the boot loader if you have lost or forgotten the
Hc vin mng Bach Khoa - Website: www.bkacad.com 72
sw c passwor .
• You can access the boot loader through a switch console connection at9600 bps: – unplug the switch power cord – press the switch Mode button while reconnecting the power cord. – You can release the Mode button a second or two after the LED
above port 1 goes off. – You should then see the boot loader Switch: prompt.
• The boot loader performs low-level CPU initialization, performs POST,and loads a default operating system image into memory.
Prepare to Configure the Switch
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 73/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 73
Step 1
Prepare to Configure the Switch
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 74/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 74
Step 2
Prepare to Configure the Switch
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 75/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 75
Step 3
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 76/144
Basic Switch Configuration
Hc vin mng Bach Khoa - Website: www.bkacad.com 76
Management Interface Considerations
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 77/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 77
Management Interface Considerations
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 78/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 78
Management Interface Considerations
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 79/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 79
Management Interface Considerations
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 80/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 80
Configure Duplex and Speed
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 81/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 81
Configure a Web Interface
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 82/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 82
Managing the MAC Address Table
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 83/144
show mac-address-table
Hc vin mng Bach Khoa - Website: www.bkacad.com 83
The MAC address entry is automatically discarded or aged out after 300 seconds.
Managing the MAC Address Table
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 84/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 84
Managing the MAC Address Table
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 85/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 85
The 0x0100.0cdd.dddd is multicast
MAC address that used by CiscoGroup Management Protocol(CGMP)
Extra: Managing the MAC Address Table
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 86/144
•sw(config)#mac-address-table ?
aging-time Set MAC address table entry maximum age
notification Enable/Disable MAC Notification on the switch
Hc vin mng Bach Khoa - Website: www.bkacad.com 86
s a c stat c eywor
• sw(config)#mac-address-table aging-time ?<0-0> Enter 0 to disable aging
<10-1000000> Aging time in seconds
• Rather than wait for a dynamic entry to age out, the administrator has
the option to use the privileged EXEC command: – sw# clear mac-address-table dynamic
Extra: Configuring static MAC addresses
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 87/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 87
• The reasons for assigning a permanent MAC address to an interfaceinclude: – The MAC address will not be aged out automatically by the switch. – A specific server or user workstation must be attached to the port
and the MAC address is known. – Security is enhanced.
• To set a static MAC address entry for a switch:sw(config)#mac-address-table static <mac-address of host >interface FastEthernet <Ethernet numer > vlan <vlan-id >
Show Commands
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 88/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 88
Show running-config
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 89/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 89
Show interfaces
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 90/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 90
Backing Up the Configuration
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 91/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 91
Restoring the Configuration
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 92/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 92
Back up Configuration Files to a TFTP Server
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 93/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 93
Clearing Configuration Information
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 94/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 94
Extra: Reset Default Switch Configurations
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 95/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 95
• The following steps will ensure that a new configuration willcompletely overwrite any existing configuration:
1. Remove any existing VLAN information by deleting the VLANdatabase file vlan.dat from the flash directory
2. Erase the back up configuration file startup-config
3. Reload the switch
Configure Password Options
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 96/144
Configure Password Options
Hc vin mng Bach Khoa - Website: www.bkacad.com 96
Configure Console Access
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 97/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 97
Secure the vty Ports
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 98/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 98
Configure EXEC Mode Passwords
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 99/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 99
Encrypted, Priority than enable password
Clear text password
Configure Encrypted Passwords
After
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 100/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 100
Before
Enable Password Recovery
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 101/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 101
Extra: Switch LED indicators
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 102/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 102
utilization
Password Recovery
• Step 1. Connect a terminal or PC with terminal-emulation software toth it h l t
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 103/144
the switch console port.
• Step 2. Set the line speed on the emulation software to 9600 baud.
• Step 3. Power off the switch. Reconnect the power cord to the switchand within 15 seconds, press the Mode button while the System LED is
Hc vin mng Bach Khoa - Website: www.bkacad.com 103
s as ng green. on nue press ng e o e u on un e ys emLED turns briefly amber and then solid green. Then release the Mode
button. – OR: enter reload command and then to press the Mode button until
the System LED turns briefly amber and then solid green.
• Step 4. Initialize the Flash file system using the flash_init command.
• Step 5. Load any helper files using the load_helper command.
Password Recovery
• Step 6. Display the contents of Flash memory using the dir flashcommand:
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 104/144
command:
• The switch file system appears:
Directory of flash:13 drwx 192 Mar 01 1993 22:30:48 c2960-lanbase-mz.122-25.FX
-
Hc vin mng Bach Khoa - Website: www.bkacad.com 104
18 -rwx 720 Mar 01 1993 02:21:30 vlan.dat
16128000 bytes total (10003456 bytes free)
• Step 7. Rename the configuration file to config.text.old, whichcontains the password definition, using the rename flash:config.textflash:config.text.old command.
• Step 8. Boot the system with the boot command.
Password Recovery
• Step 9. You are prompted to start the setup program. Enter N at the prompt,and then when the system prompts whether to continue with the configuration
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 105/144
and then when the system prompts whether to continue with the configurationdialog, enter N.
• Step 10. At the switch prompt, enter privileged EXEC mode using the enablecommand.
• Step 11. Rename the configuration file to its original name using the renameflash:config.text.old flash:config.text command.
Hc vin mng Bach Khoa - Website: www.bkacad.com 105
• Step 12. Copy the configuration file into memory using the copy
flash:config.text system:running-config command. After this command hasbeen entered, the follow is displayed on the console:
Source filename [config.text]?Destination filename [running-config]?
– Press Return in response to the confirmation prompts. The configurationfile is now reloaded, and you can change the password.
Password Recovery
• Step 13. Enter global configuration mode using the configure terminalcommand
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 106/144
command.
• Step 14. Change the password using the enable secret password
command.
• Step 15. Return to privileged EXEC mode using the exit command.
Hc vin mng Bach Khoa - Website: www.bkacad.com 106
• Step 16. Write the running configuration to the startup configuration fileusing the copy running-config startup-config command.
• Step 17. Reload the switch using the reload command.
• Note: The password recovery procedure can be different depending onthe Cisco switch series, so you should refer to the productdocumentation before you attempt a password recovery.
Configure a Login Banner
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 107/144
• Create the local database: – sw(config)# username student password student
• Enable authentication for the console line:
– sw(config)# line console 0 – sw(config-line)# login local
• sw(config)# banner login "Authorized Personnel Only !“
Hc vin mng Bach Khoa - Website: www.bkacad.com 107
Configure a MOTD Banner
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 108/144
• sw(config)# banner motd “This is a security system !”• sw#exit
Hc vin mng Bach Khoa - Website: www.bkacad.com 108
Telnet and SSH
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 109/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 109
• Remote control tool of
switch and router• SSH encrypt data
before transmit
Configuring Telnet
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 110/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 110
Configuring SSH
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 111/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 111
Configuring SSH
• The switch supports SSHv1 or SSHv2 for the server component. Theswitch supports only SSHv1 for the client component.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 112/144
• To implement SSH, you need to generate RSA keys. – Step 1. Enter global configuration mode using the configure terminal
command. – Step 2. Configure a hostname for your switch using the hostnamehostname command.
– Step 3. Configure a host domain for your switch using the ip domain-
Hc vin mng Bach Khoa - Website: www.bkacad.com 112
name domain_name command.
– Step 4. Enable the SSH server for local and remote authentication on the
switch and generate an RSA key pair using the crypto key generate rsacommand.
– Step 5. Return to privileged EXEC mode using the end command. – Step 6. Show the status of the SSH server on the switch using the show ip
ssh or show ssh command.
– To delete the RSA key pair, use the crypto key zeroize rsa globalconfiguration command. After the RSA key pair is deleted, the SSH serveris automatically disabled.
Configuring the SSH Server
• Step 1. Enter global configuration mode using the configure terminalcommand.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 113/144
• Step 2. (Optional) Configure the switch to run SSHv1 or SSHv2 usingthe ip ssh version [1 | 2] command.
– If you do not enter this command or do not specify a keyword, theSSH server selects the latest SSH version supported by the SSHclient. For example, if the SSH client supports SSHv1 and SSHv2,
Hc vin mng Bach Khoa - Website: www.bkacad.com 113
.
• Step 3. Configure the SSH control parameters:
– Specify the time-out value in seconds: default of 10 minutes. – Specify the number of times that a client can re-authenticate to the
server. The default is 3; the range is 0 to 5 – Command: ip ssh {timeoutseconds | authentication-
retriesnumber}
Configuring the SSH Server
• St 4 R t t i il d EXEC d i th d
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 114/144
• Step 4. Return to privileged EXEC mode using the endcommand.
• Step 5. Display the status of the SSH server connections
Hc vin mng Bach Khoa - Website: www.bkacad.com 114
command.
• Step 6. (Optional) Save your entries in the configurationfile using the copy running-config startup-config
command.
Layer 2 common security attacks
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 115/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 115
MAC Address Flooding
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 116/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 116
MAC Address Flooding
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 117/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 117
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 118/144
MAC Address Flooding
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 119/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 119
MAC Address Flooding
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 120/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 120
Spoofing Attacks
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 121/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 121
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 122/144
Solution: Cisco Catalyst DHCP Snooping
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 123/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 123
Config DHCP Snooping
• Step 1. Enable DHCP snooping using the ip dhcp snooping globalconfiguration command.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 124/144
• Step 2. Enable DHCP snooping for specific VLANs using the ip dhcp
snooping vlan number [number ] command.
•
Hc vin mng Bach Khoa - Website: www.bkacad.com 124
.defining the trusted ports using the ip dhcp snooping trust command.
• Step 4. (Optional) Limit the rate at which an attacker can continuallysend bogus DHCP requests through untrusted ports to the DHCPserver using the ip dhcp snooping limit rate rate command.
CDP Attacks
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 125/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 125
• Solution: Disable the use of CDP on devices that do not need to useit.
• (config)# no cdp run• (config-if)# no cdp enable
Telnet Attacks
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 126/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 126
Other: Working with Passwords
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 127/144
• Passwords should be as long and as complicated as possible. Most securityexperts believe a password of 10 characters is the minimum that should beused if security is a real concern. – use onl the lowercase letters of the al habet: have 26 characters.
Hc vin mng Bach Khoa - Website: www.bkacad.com 127
– add the numeric values (0 – 9): get another 10 characters. – add the uppercase letters: have an additional 26 characters
giving you a total of 62 characters with which to construct a password.• If you used a 4 character password, this would be 62×62×62× 62, or
approximately 14 million password possibilities.• If you used 5 characters in your password, this would give you 62 to the fifth
power, or approximately 92 million password possibilities.
• If you used a 10-character password, this would give you 64 to the tenth power(a very big number) possibilities.
• The 4 digit password could probably be broken in a day, while the 10 digitpassword would take a millennium to break given current processing power.
Extra: Other Attacks
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 128/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 128
• This attack can also be mitigated using port security.
Extra: Other Attacks
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 129/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 129
Extra: Other Attacks
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 130/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 130
Extra: Cisco CatOS Telnet, HTTP and SSH Vulnerability
• Cisco CatOS is susceptible to a TCP-ACK Denial of Service (DoS) attack on the Telnet, HTTP andSSH service. If exploited, the vulnerability causes the Cisco CatOS running device to stop functioningand reload.
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 131/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 131
Security tools
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 132/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 132
Network Security Tools Features
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 133/144
Hc vi
n m
ng Bach Khoa - Website: www.bkacad.com 133
Using Port Security to Mitigate Attacks
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 134/144
Hc vi
n m
ng Bach Khoa - Website: www.bkacad.com 134
Type of security mac address
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 135/144
switchport port-security mac-address
switchport port-security mac-address sticky
Hc vin mng Bach Khoa - Website: www.bkacad.com 135
Violation types
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 136/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 136
Extra: Violation types
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 137/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 137
Port security default
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 138/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 138
Config dynamic port security
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 139/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 139
Config port security sticky
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 140/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 140
Verify
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 141/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 141
Verify
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 142/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 142
Should be Disable Unused Ports
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 143/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 143
Chapter summary
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations
http://slidepdf.com/reader/full/ccna-exp3-chapter02-basic-switch-concepts-and-configurations 144/144
Hc vin mng Bach Khoa - Website: www.bkacad.com 144
Recommended