Chapter_02_3

Basic Switch Concepts and configuration

Concepts: CSMA/CD , Carrier Sense Multi Access / Collision Detection, Jamming Signal , Back Off Algorithm , "Listening before Transmit",

Broadcast Storms, Broadcast Domains, Collision Domains

unicast (HTTP, SMTP, FTP, and Telnet),

broadcast (ARP),

multicast (video)

Ethernet Frame 802.3

Layer 3 PDU --> min 64 Bytes < Frame < max 1518

{ min 46 Bytes < Data < max 1500 Bytes }

Preamble 7 Bytes -- Ethernet Frame 802.3 -- Trailer 4 Bytes

auto-MDIX the automatic medium-dependent interface crossover (auto-MDIX) feature

Router isolate Broadcast Domains

Switches isolate Collision Domains

Store-and-Forward Switching

Cut-Through Switching

• Fast-forward switching
• Fragment-free switching

Port-based Memory Buffering

Shared Memory Buffering

Symmetric and Asymmetric Switching

Your company purchased a brand new Cisco Catalyst 2960 from ebay for 135$ and you are going to configure it ..

Split into 2 Teams: Admins & Users

1. erase all FLASH:

2. Name Switch Cat2950

3.secure ALL telnet interfaces

4.secure Global Configuration Mode

5.secure Console

6.encrypt passwords (use the service password-encryption )

7. use enable secret notice the difference !!!!

8. Prepare Management Vlan

2.1 Configure Default Gateway

2.2 address interface vlan 100

10.make fast 0/5 member of Vlan 100

11.xtract .tar image from TFTP 10.0.0.10 /8

12.Enable SSH

switch(config)#ip domain-name mydomain.com

switch(config)#crypto key generate rsa

switch(config)#ip ssh version 2

switch(config)#line vty 0 15

switch(config-line)#transport input ssh

switch(config)#aaa new-model

switch(config)#username condor passwword ssh

13. Use PuTTy to SSH the switch

14. Enable Web Server

switch(config)# ip http authentication enable

switch(config) ip http server

15. Check Cisco Device Manager

16. Configure Port Security

• Static secure MAC addresses: MAC addresses are manually configured by using the switchport port-security mac-address mac-address interface configuration command. MAC addresses configured in this way are stored in the address table and are added to the running configuration on the switch.
• Dynamic secure MAC addresses: MAC addresses are dynamically learned and stored only in the address table. MAC addresses configured in this way are removed when the switch restarts.
• Sticky secure MAC addresses: You can configure a port to dynamically learn MAC addresses and then save these MAC addresses to the running configuration.

It is a security violation when either of these situations occurs:

• The maximum number of secure MAC addresses have been added to the address table, and a station whose MAC address is not in the address table attempts to access the interface.
• An address learned or configured on one secure interface is seen on another secure interface in the same VLAN.

Actions when violation occurs:

• protect: When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. You are not notified that a security violation has occurred.
• restrict: When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. In this mode, you are notified that a security violation has occurred. Specifically, an SNMP trap is sent, a syslog message is logged, and the violation counter increments.
• shutdown: In this mode, a port security violation causes the interface to immediately become error-disabled and turns off the port LED. It also sends an SNMP trap, logs a syslog message, and increments the violation counter. When a secure port is in the error-disabled state, you can bring it out of this state by entering the shutdown and no shutdown interface configuration commands. This is the default mode.

17. Apply security: shutdown all unused ports

interface range

18. BackUP Start Up Configuration to FLASH:

19. Back Up Start Up Configuration & IOS to TFTP 10.0.0.10