LAN Switching & Wireless Networks

v Key Elements of Ethernet/802.3 Networks

v Design Considerations for Ethernet networks
Key Elements of Ethernet/802.3 Networks:
CSMA/CD

 Carrier Sense

 Multiple Access

 Collision Detection

 JAM Signal

 Random Backoff
 Key Elements of Ethernet/802.3 Networks:
CSMA/CD
•  Ethernet signals are transmitted to every host
connected to the LAN using a special set of rules to
determine which station can access the network. The
set of rules that Ethernet uses is based on the IEEE
carrier sense multiple access/collision detect (CSMA/
CD) technology.

•  Carrier Sense
•  Multiple Access
•  Collision Detection
•  Jamming Signal and Random Backoff
Key Elements of Ethernet/802.3 Networks:
Communication
 Key Elements of Ethernet/802.3 Networks:
Communication
•  Examples of unicast transmissions include HTTP, SMTP,
FTP, and Telnet.
•  An example of a broadcast transmission is the address
resolution query that the address resolution protocol (ARP)
sends to all computers on a LAN.
•  An example of multicast transmission is the video and
voice transmissions associated with a network-based,
collaborative business meeting.
Key Elements of Ethernet/802.3 Networks:
Ethernet Frame
Ethernet Frame

MAC Address MAC in ROM

OUI - Organizational Unique Identifier by IEEE

 Key Elements of Ethernet/802.3 Networks:
Ethernet Frame
•  The Ethernet frame structure adds header and trailer
around the layer 3 packet to encapsulate the message
being sent.

•  MAC address is a two-part 48-bit binary value

expressed as 12 hexadecimal digits

•  Homework: Explain the fields of the Ethernet frame.

 Key Elements of Ethernet/802.3 Networks:
Duplex Settings

Half Duplex

Full Duplex
Key Elements of Ethernet/802.3 Networks:
Switch Port Settings

•  Switch Port Settings: Ports on a Cisco Catalyst 2960 Series

can be configured as follows:
–  auto: allows the two ports to communicate in order to
decide the mode. Switch# conf t
–  Full: sets full-duplex mode. Switch(config)# interface f0/1
Switch(config-if)# speed auto
–  half : sets half-duplex mode. Switch(config-if)# duplex auto
Switch(config-if)# mdix auto
•  auto-MDIX Switch(config-if)# end

ü When the auto-MDIX feature is enabled, the switch

detects the required cable type for copper Ethernet
connections and configures the interfaces accordingly.
Key Elements of Ethernet/802.3 Networks:
Switch MAC Table
The initial MAC address table is empty

1
2

3 4

5 6
 Key Elements of Ethernet/802.3 Networks:
Switch MAC Table
The following six steps describe the process used to populate the MAC address
table on a switch:
•  The switch receives a broadcast frame from PC1 on Port 1, as seen in
Figure.
•  The switch enters the source MAC address and the switch port that received
the frame into the address table.
•  Because the destination address is a broadcast, the switch floods the frame
to all ports, except the port on which it received the frame.
•  The destination device replies to the broadcast with a unicast frame
addressed to PC1.
•  The switch enters the source MAC address of PC2 and the port number of
the switch port that received the frame into the address table. The
destination address of the frame and its associated port are found in the
MAC address table.
•  The switch can now forward frames between source and destination devices
without flooding, because it has entries in the address table that identify the
associated ports.
Design Considerations for Ethernet networks:
Transfer Capacity
•  Differences between bandwidth, throughput and goodput:
1.  Bandwidth (Theoretical): The capacity of a medium to carry data
in a given amount of time.
ü  Usually measured in kbps or Mbps.
2.  Throughput (Practical): is the measure of the transfer of bits
across the media over a given period of time.
ü Throughput <= Bandwidth.
ü  Number of devices affect the throughput.
3.  Goodput (Qualitative): is the measure of usable data transferred
over a given period of time.
ü Application level throughput.
ü Goodput = Throughput - traffic overhead for establishing
sessions, acknowledgements, and encapsulation.
 Design Considerations for Ethernet networks

•  Broadcast and Collision domains

–  Each switch reduces the size of the collision domain on the LAN
to a single link.
–  Each router reduces the size of the broadcast domain on the LAN.
•  LAN Segmentation
Design Considerations for Ethernet networks:
Network Latency
•  Network Latency: is the time a frame or a packet takes to travel
from the source station to the final destination.

1.  NIC delay

2.  Propagation delay
3.  Number of devices
 Switch Forwarding Methods
1.  Store and Forward
In store-and-forward switching, when the switch receives the
frame, it stores the data in buffers until the complete frame has
been received. During the storage process, the switch
analyzes the frame for information about its destination. In this
process, the switch also performs an error check using the
cyclic redundancy check trailer portion of the Ethernet frame.

 Switch Forwarding Methods
2. Cut-Through (Fast-forward switching or Fragment-free switching)
Fast-forward switching offers low latency, and the destination
network adapter discards the faulty packet upon receipt.
- In fregment free the switch stores the first 64 bytes of the frame
before forwarding.



Switch Forwarding Methods
 Symmetric and Asymmetric
Switching
Switching may be classified as symmetric or asymmetric based on the
way in which bandwidth is allocated to the switch ports.
Server switch port??
Symmetric and Asymmetric
Switching
Symmetric and Asymmetric
Switching
 Memory Buffering
•  The switch uses a buffering technique to store and forward
frames and when the destination port is busy.
•  The switch stores the data in the memory buffer.
•  The memory buffer can be a port-based memory or shared
memory.
 Layer 3 Switching
•  Layer 3 switches are superfast routers that do Layer 3
forwarding in hardware.
What is difference between layer 3
Switch and Router?
 Just Refresh

Store-and-forward or Cut-Through?

Asymmetric or Symmetric?

Port-based or Shared?

Shared or port-based?

[Data link layer, MAC] or [Network Layer, IP]?

[Network Layer, IP] or [Data link layer, MAC] ?

Just Refresh
The Command Line Interface Modes
 GUI-based Alternatives to the CLI

•  Cisco Network Assistant CiscoView

http://www.cisco.com/go/ http://www.cisco.com/en/US/products/sw/cscowork/
ps4565/prod_bulletin0900aecd802948b0.html
networkassistant .
•  Security Device Manager SNMP Network Management

http://h20229.www2.hp.com/news/about/index.html
 GUI-based Alternatives to the CLI

•  Cisco Network Assistant is a PC-based GUI network

management application optimized for small and
medium-sized LANs. You can configure and manage
groups of switches or standalone switches. Cisco
Network Assistant is available at no cost

•  The CiscoView device-management application

displays a physical view of the switch that you can use
to set configuration parameters and to view switch
status and performance information.
 GUI-based Alternatives to the CLI

•  Cisco Device Manager is web-based software that is

stored in the switch memory. You can use Device
Manager to configure and manage switches. You can
access Device Manager from anywhere in your
network through a web browser

•  You can manage switches from an SNMP-compatible

management station, such as HP OpenView. The
switch is able to provide comprehensive management
information and provide four remote monitoring
(RMON) groups. SNMP network management is
more common in large enterprise networks.
 Accessing the Command History
•  When you are configuring many interfaces on a
switch, you can save time retyping commands by
using the Cisco IOS command history buffer.
•  The Cisco CLI provides a history or record of
commands that have been entered. This feature,
called command history, is particularly useful in
helping recall long or complex commands or entries.
•  With the command history feature, you can complete
the following tasks:
•  Display the contents of the command buffer.
•  Set the command history buffer size.
•  Recall previously entered command
Accessing the Command History
Describe the Boot Sequence
Prepare to configure the switch
 Switch Management Configuration
•  To be able to telnet to or from the switch you should set an IP
address and the default gateway on the switch.
a Layer 2 switch, such as 2960, only Permits
a single VLAN interface to be active at a time.
Switch Management Configuration
•  Configure Duplex and Speed
 Switch Management Configuration
•  Configure a Web Interface

Modern Cisco switches have a number of web-based

configuration tools that require that the cisco switch is
configured as an HTTP server. These applications
include the Cisco web browser user interface, Cisco
Router and Security Device Manager (SDM), and IP
phone and Cisco IOS Telephony Service applications.
To control who can access HTTP services on the switch,
you can optionally configure authentication.
Switch Management Configuration
•  Configure a Web Interface
 Switch Management Configuration

•  Managing the MAC Address Table

ü show mac-address-table
ü The MAC address table was previously referred to as Content
Addressable Memory (CAM) or as the CAM table.
•  Dynamic Mac addresses: are source MAC addresses that the switch
learns and then ages when they are not in use.
ü The default time is 300 seconds.
•  Static Mac addresses: MAC addresses assigned to certain ports by
the network admin.
ü Static addresses are not aged out.
ü mac-address-table static <MAC address> vlan {1-4096, ALL}
interface interface-id.
ü The maximum size of the MAC table varies, but 8192 in Catalyst
2960
Using the “Show” Commands
Back up and Restore Switch Configurations
Back up Configuration Files to a TFTP Server

•  Backing Up Configuration
1. switch#copy system:running-config tftp:[[[//location]/directory]/
filename]
2. or switch#copy nvram:startup-config tftp:[[[//location]/directory]/
filename].

Ex: S1# copy running-config tftp://192.168.1.1/abdo-config

•  Restoring Configuration
1. Switch#copy tftp:[[[//location]/directory]/filename]
system:running-config
2. or switch#copy tftp:[[[//location]/directory]/filename]
nvram:startup-config.
 Configuring Passwords

•  Enable
§ FCI(config)# enable password cisco
§ FCI(config-line)# enable secret cisco
•  Console The
No
§ FCI(config)# line console 0 command
§ FCI(config-line)# password cisco
§ FCI(config-line)# login
•  Telnet
§ FCI(config)# line vty 0 14
§ FCI(config-line)# password cisco
§ FCI(config-line)# login
 Configuring Passwords

•  Homework
What is difference between enable password and enable
secret command?

What is service password-encryption command?

What is no service password-encryption command?

 Password Recovery

•  Password Recovery Steps:

1.  Press the Mode button for awhile //load the boot loader
2.  Flash-init //Initialize the Flash file system
3.  Rename flash:config.text flash:config.text.old // rename
4.  Boot // Boot the system
5.  Rename flash:config.text.old flash:config.text
6.  Copy flash:config.text system:running-config
7.  Change the passwords
8.  Save Changes
9.  Reload
dir flash: Display the contents of Flash memory
 Banner and Clearing Configuration
•  Banner Commands
1.  FCI(config)# banner MOTD “Device maintenance on
Friday!”
2.  FCI(config)# banner LOGIN “Authorized Personnel Only!”
•  Clearing Configuration Information
ü  Switch#erase nvram: or the erase startup-config
•  Deleting a Stored Configuration File
ü  Switch#delete flash:filename
What is the benefit of configuring telnet
and SSH?
How to configure telnet and SSH?
 Configuring Telnet and SSH

FCI(config)#crypto key zeroize rsa // To delete the RSA key pair

After the RSA key pair is deleted, the SSH server is automatically disabled.

•  Time-out: the amount of time the switch allows for a connection to

be established.
•  FCI(config)#ip ssh {timeout seconds | authentication-retries number}
Common Security Attacks
(MAC Address Flooding)
Common Security Attacks
(MAC Address Flooding)
Common Security Attacks
(MAC Address Flooding)
Common Security Attacks
(MAC Address Flooding)
Common Security Attacks
(MAC Address Flooding)
 Common Security Attacks
(Spoofing Attacks)
DHCP Spoofing attack

DHCP Starvation attack

 Common Security Attacks
(Spoofing Attacks)
DHCP starvation attack

The attacker PC continually requests IP addresses

from a real DHCP server by changing their source
MAC address.

What is man in the middle attack?

 Solving Spoofing Attacks using
Snooping and Port Security
• DHCP Snooping: is a Cisco Catalyst feature that determines
which switch ports can respond to DHCP requests.
1.  S(config)# ip dhcp snooping.
2.  ip dhcp snooping vlan number
{number}.
3.  ip dhcp snooping trust.
4.  (Optional) Limit the rate at
which an attacker can
continually send bogus DHCP
requests through untrusted
ports to the DHCP server using
the ip dhcp snooping limit rate
command.
 Common Security Attacks
(CDP Attacks)

•  It is recommended that you disable the use of CDP on devices that

do not need to use it.
 Common Security Attacks
(CDP Attacks)
The Cisco Discovery Protocol (CDP) is a proprietary protocol
that all Cisco devices can be configured to use. CDP discovers
other Cisco devices that are directly connected, which allows the
devices to auto-configure their connection. In some cases, this
simplifies configuration and connectivity.

By default, most Cisco routers and switches have CDP enabled

on all ports. CDP information is sent in periodic, unencrypted
broadcasts.

CDP contains information about the device, such as the IP

address, software version, platform, capabilities, and the native
VLAN. This information can be used by an attacker to find ways
to attack the network, typically in the form of a DoS attack.
 Common Security Attacks
(Telnet Attacks)
•  Types of Telnet attacks
1.  Brute Force Password Attack: guesses password and uses a
program to establish a Telnet session using each guessed
password.
•  Solution: Change your password frequently, use strong
passwords, and limit who can communicate with the vty
lines.
2.  DoS attack: the attacker exploits a flaw in the Telnet server
software running on the switch that renders the Telnet
service unavailable.
•  Solution: Update to the newest version of the cisco IOS.
 Configuring Port Security

•  Port security enables you to:

ü Specify a group of valid MAC addresses allowed on a
port.
ü Allow only the specified MAC address to access the port.
ü Specify that the port will automatically shutdown if
unauthorized MAC addresses are detected.
 Configuring Port Security
•  Secure MAC Address Types
1.  Static secure MAC addresses: MAC addresses are
manually configured by using the switchport port-
security mac-address mac-address.
2.  Dynamic secure MAC addresses: MAC addresses are
dynamically learned and stored only in the address
table.
3.  Sticky secure MAC addresses: You can configure a port
to dynamically learn MAC addresses and then save these
MAC addresses to the running configuration using
switchport port-security mac-address sticky.
 Security Violation Modes

•  Security violation when either of these situations occurs:

ü The maximum number of secure MAC addresses have
been added to the address table, and a station whose
MAC address is not in the address table attempts to
access the interface.
ü An address learned or configured on one secure interface
is seen on another secure interface in the same VLAN.
•  Security Violation Modes
Security Violation Modes
Configure Sticky Port Security
Verify Port Security