Transcript IPNetworkingUNIT9 - Rhema Impact Ministries

Unit 9
LANs
Chapters 24-26
NT2640.U9.PS1
IP Networking: Unit 9: Slide 1
Class Agenda 11/14/15
•
•
•
•
•
•
Learning Objectives
Unit 8: Discussions and Video
Lab Activities will be done in class.
Assignments will be given in class.
Break Times. 10 Minutes break in every 1 Hour.
Note: Submit all Assignment and labs due
today.
Objectives
In this unit, students will demonstrate an:
• Understanding of Bridge and Switching Forwarding
Process including Filtering and Flooding
• Understanding Spanning Tree Protocol including
Processes Phases
• Understanding of Switch Frame Processing Methods
• Understanding of Cisco Switch Configuration including
Interfaces, VLANs, and Security Features
• Understanding of VLANs including Trunking
IP Networking: Unit 9: Slide 3
Ethernet LAN Switching and
Concepts
Chapter 24
NT2640.U9.PS1
IP Networking: Unit 9: Slide 4
4
Historical Progression: Hubs, Bridges, and
Switches
• Ethernet started out with standards that used a physical electrical bus
created with coaxial cabling.
• 10BASE-T Ethernet came next.
• It offered improved LAN availability, because a problem on a single
cable did not affect the rest of the LAN—a common problem with
10BASE2 and 10BASE5 networks.
• 10BASE-T allowed the use of unshielded twisted-pair (UTP) cabling,
which is much cheaper than coaxial cable.
• Also, many buildings already had UTP cabling installed for phone
service, so 10BASE-T quickly became a popular alternative to
10BASE2 and 10BASE5 Ethernet networks.
IP Networking: Unit 9: Slide 5
Ethernet Bus Compared to Ethernet Hub
IP Networking: Unit 9: Slide 6
10BASE-T with a hub
• Although using 10BASE-T with a hub improved Ethernet as
compared to the older standards, several drawbacks continued
to exist, even with 10BASE-T using hubs:
 Any device sending a frame could have the frame collide
with a frame sent by any other device attached to that LAN
segment.
 Only one device could send a frame at a time, so the
devices shared the (10-Mbps) bandwidth.
 Broadcasts sent by one device were heard by, and
processed by, all other devices on the LAN.
IP Networking: Unit 9: Slide 7
Bridge Creates Two Collision Domains and
Two Shared Ethernets
• Adding a bridge between two hubs really creates two separate 10BASE-T
networks—one on the left and one on the right. The 10BASE-T network on
the left has its own 10 Mbps to share, as does the network on the right.
IP Networking: Unit 9: Slide 8
Switch Creates Four Collision Domains and
Four Ethernet Segments
• Now connected to a switch, each interface also uses full duplex.
• This is possible because only one device is connected to each port,
essentially eliminating collisions for the network shown.
IP Networking: Unit 9: Slide 9
Switching Logic
• Ultimately, the role of a LAN switch is to forward Ethernet frames.
• To achieve that goal, switches use logic—logic based on the source and
destination MAC address in each frame’s Ethernet header.
• To help you appreciate how switches work, first a review of Ethernet
addresses is in order.
• The IEEE defines three general categories of Ethernet MAC addresses:
 Unicast addresses: MAC addresses that identify a single LAN interface
card.
 Broadcast addresses: A frame sent with a destination address of the
broadcast address (FFFF.FFFF.FFFF) implies that all devices on the
LAN should receive and process the frame.
 Multicast addresses: Multicast MAC addresses are used to allow a
dynamic subset of devices on a LAN to communicate.
IP Networking: Unit 9: Slide 10
Switch Decision Making
• The primary job of a LAN switch is to receive Ethernet frames
and then make a decision: either forward the frame out some
other port(s), or ignore the frame.
• To accomplish this primary mission, transparent bridges
perform three actions:



1. Deciding when to forward a frame or when to filter (not forward) a
frame, based on the destination MAC address
2. Learning MAC addresses by examining the source MAC address of
each frame received by the bridge
3. Creating a (Layer 2) loop-free environment with other bridges by using
Spanning Tree Protocol (STP)
IP Networking: Unit 9: Slide 11
Sample Switch Forwarding and Filtering Decision
IP Networking: Unit 9: Slide 12
LAN Switching Summary
• Switches provide many additional features not offered by older LAN devices
such as hubs and bridges.
• In particular, LAN switches provide the following benefits:
 Switch ports connected to a single device microsegment the LAN,
providing dedicated bandwidth to that single device.
 Switches allow multiple simultaneous conversations between devices on
different ports.
 Switch ports connected to a single device support full duplex, in effect
doubling the amount of bandwidth available to the device.
 Switches support rate adaptation, which means that devices that use
different Ethernet speeds can communicate through the switch (hubs
cannot).
IP Networking: Unit 9: Slide 13
Collision Domains
• A collision domain is a set of network interface cards (NIC) for which a
frame sent by one NIC could result in a collision with a frame sent by any
other NIC in the same collision domain.
IP Networking: Unit 9: Slide 14
Broadcast Domains
• A broadcast domain is a set of NICs for which a broadcast frame sent by
one NIC is received by all other NICs in the same broadcast domain.
IP Networking: Unit 9: Slide 15
Benefits of Segmenting Ethernet Devices
Using Hubs, Switches, and Routers
Feature
Hub
Switch
Router
Greater cabling distances are allowed
Yes
Yes
Yes
Creates multiple collision domains
No
Yes
Yes
Increases bandwidth
No
Yes
Yes
Creates multiple broadcast domains
No
No
Yes
IP Networking: Unit 9: Slide 16
Virtual LANs (VLAN)
• Most every Enterprise network today uses the concept of virtual LANs
(VLAN).
• Before understanding VLANs, you must have a very specific understanding
of the definition of a LAN.
• Although you can think about and define the term “LAN” from many
perspectives, one perspective in particular will help you understand VLANs:
• A LAN consists of all devices in the same broadcast domain.
• Without VLANs, a switch considers all interfaces on the switch to be in the
same broadcast domain.
• In other words, all connected devices are in the same LAN. (Cisco switches
accomplish this by putting all interfaces in VLAN 1 by default.)
• So, instead of all ports on a switch forming a single broadcast domain, the
switch separates them into many, based on configuration.
IP Networking: Unit 9: Slide 17
Sample Network with Two VLANs Using One
Switch
• Or you can create multiple VLANs on a single switch.
IP Networking: Unit 9: Slide 18
Motivations for using VLANs
• There are many motivations for using VLANs, including the
following:





To create more flexible designs that group users by department,
or by groups that work together, instead of by physical location
To segment devices into smaller LANs (broadcast domains) to
reduce overhead caused to each host in the VLAN
To reduce the workload for STP by limiting a VLAN to a single
access switch
To enforce better security by keeping hosts that work with
sensitive data on a separate VLAN
To separate traffic sent by an IP phone from traffic sent by PCs
connected to the phones
IP Networking: Unit 9: Slide 19
Ethernet Types, Media, and Segment Lengths
(Per IEEE)
Ethernet Type
10BASE-T
100BASE-TX
100BASE-FX
1000BASE-CX
Media
TIA/EIA CAT3 or better, two pair
TIA/EIA CAT5 UTP or better, two pair
62.5/125-micron multimode fiber
STP
Maximum Segment Length
100 m (328 feet)
100 m (328 feet)
400 m (1312.3 feet)
25 m (82 feet)
1000BASE-T
TIA/EIA CAT5e UTP or better, four pair
100 m (328 feet)
1000BASE-SX
Multimode fiber
275 m (853 feet) for 62.5-micron
fiber
1000BASE-LX
Multimode fiber
1000BASE-LX
9-micron single-mode fiber
IP Networking: Unit 9: Slide 20
550 m (1804.5 feet) for 50-micron
fiber
550 m (1804.5 feet) for 50- and 62.5micron fiber
5 km (3.1 miles)
Ethernet Switch Configuration
Chapter 25
Chapter 1
© 2011 ITT Educational Services Inc.
NT-2640 Advanced Networking: Unit 9: Slide 21
21
Comparing Cisco Router and Switch Configuration
• Cisco switches use the same switch IOS CLI for routers.
• However, because routers and switches perform different
functions, the actual commands differ in some cases.
IP Networking: Unit 9: Slide 22
Commands Used on both Routers and Switches
•
•
•
•
•
•
•
•
•
•
•
User and Enable (privileged) mode
Entering and exiting configuration mode, using the configure terminal, end, and exit
commands, and the Ctrl-Z key sequence
Configuration of console, Telnet, and enable secret passwords
Configuration of SSH encryption keys and username/password login credentials
Configuration of the host name and interface description
Configuration of Ethernet interfaces that can negotiate speed, using the speed and duplex
commands
Configuring an interface to be administratively disabled (shutdown) and administratively
enabled (no shutdown)
Navigation through different configuration mode contexts using commands like line console 0
and interface
CLI help, command editing, and command recall features
The meaning and use of the startup-config (in NVRAM), running-config (in RAM), and external
servers (like TFTP), along with how to use the copy command to copy the configuration files
and IOS images
The process of reaching setup mode either by reloading the router with an empty startup-config
or by using the setup command
IP Networking: Unit 9: Slide 23
LAN Switch Configuration and Operation
• Switches work without any configuration.
• Cisco switches ship from the factory with all interfaces enabled
(a default configuration of no shutdown) and with
autonegotiation enabled for ports that run at multiple speeds
and duplex settings (a default configuration of duplex auto and
speed auto).
• All you have to do is connect the Ethernet cables and plug in
the power cord to a power outlet, and the switch is ready to
work—learning MAC addresses, making forwarding/filtering
decisions, and even using STP by default.
IP Networking: Unit 9: Slide 24
Port Security
• If the network engineer knows what devices should be cabled
and connected to particular interfaces on a switch, the engineer
can use port security to restrict that interface so that only the
expected devices can use it.
• This reduces exposure to some types of attacks in which the
attacker connects a laptop to the wall socket that connects to a
switch port that has been configured to use port security.
• When that inappropriate device attempts to send frames to the
switch interface, the switch can issue informational messages,
discard frames from that device, or even discard frames from all
devices by effectively shutting down the interface.
IP Networking: Unit 9: Slide 25
Securing Unused Switch Interfaces
• Cisco originally chose the default interface configuration
settings on Cisco switches so that the interfaces would work
without any overt configuration.
• The interfaces automatically negotiate the speed and duplex,
and each interface begins in an enabled (no shutdown) state,
with all interfaces assigned to VLAN 1.
• Additionally, every interface defaults to negotiate to use VLAN
features called VLAN trunking and VLAN Trunking Protocol
(VTP).
IP Networking: Unit 9: Slide 26
Unused Interfaces
• The recommendations for unused interfaces are as follows:
 Administratively disable the interface using the shutdown
interface subcommand.
 Prevent VLAN trunking and VTP by making the port a nontrunking
interface using the switchport mode access interface
subcommand.
 Assign the port to an unused VLAN using the switchport access
vlan number interface subcommand.
 Frankly, if you just shut down the interface, the security exposure
goes away, but the other two tasks prevent any immediate
problems if someone else comes around and enables the
interface by configuring a no shutdown command.
IP Networking: Unit 9: Slide 27
Break
10 Min.
© 2011 ITT Educational Services Inc.
NT-2640 Advanced Networking: : Unit 1: Slide 28
Virtual LANs
Chapter 26
Chapter 1
NT2640-U9-PS2
© 2011 ITT Educational Services Inc.
NT-2640 Advanced Networking: Unit 9: Slide 29
29
Virtual LAN Concepts
• A LAN includes all devices in the same broadcast domain.
• A broadcast domain includes the set of all LAN-connected devices that when
any of the devices sends a broadcast frame, all the other devices get a copy
of the frame.
• You can think of a LAN and a broadcast domain as being basically the same
thing.
• Without VLANs, a switch considers all its interfaces to be in the same
broadcast domain; in others words, all connected devices are in the same
LAN.
• With VLANs, a switch can put some interfaces into one broadcast domain
and some into another, creating multiple broadcast domains.
• These individual broadcast domains created by the switch are called virtual
LANs.
IP Networking: Unit 9: Slide 30
Sample Network with Two VLANs Using One
Switch
IP Networking: Unit 9: Slide 31
Reasons for Different VLANs
• To create more flexible designs that group users by department, or by
groups that work together, instead of by physical location
• To segment devices into smaller LANs (broadcast domains) to reduce
overhead caused to each host in the VLAN
• To reduce the workload for the Spanning Tree Protocol (STP) by limiting a
VLAN to a single access switch
• To enforce better security by keeping hosts that work with sensitive data on
a separate VLAN
• To separate traffic sent by an IP phone from traffic sent by PCs connected to
the phones
IP Networking: Unit 9: Slide 32
Trunking to Cisco IP Phones
• Cisco IP phones use Ethernet to connect to the IP network for the purpose of
sending Voice over IP (VoIP) packets.
• Cisco IP phones can send VoIP packets to other IP phones to support voice
calls, as well as send VoIP packets to voice gateways, which in turn connect
to the existing traditional telephone network, supporting the ability to call
most any phone in the world.
• Cisco anticipated that each desk in an enterprise might have both a Cisco IP
phone and a PC on it.
• To reduce cabling clutter, Cisco includes a small LAN switch in the bottom of
each Cisco IP phone.
• The small switch allows one cable to run from the wiring closet to the desk
and connect to the IP phone, and then the PC can connect to the switch by
connecting a short Ethernet (straight-through) cable from the PC to the
bottom of the IP phone.
IP Networking: Unit 9: Slide 33
Typical Connection of a Cisco IP Phone and
PC to a Cisco Switch
IP Networking: Unit 9: Slide 34
Protecting Unused Switch Ports
• Cisco makes some recommendations for how to protect unused switch
ports.
• Instead of using default settings, Cisco recommends configuring these
interfaces as follows:
 Administratively disable the unused interface, using the shutdown
interface subcommand.
 Prevent trunking from being negotiated when the port is enabled by
using the switchport nonegotiate interface subcommand to disable
negotiation, or the switchport mode access interface subcommand to
statically configure the interface as an access interface.
 Assign the port to an unused VLAN, sometimes called a parking lot
VLAN, using the switchport access vlan number interface
subcommand.
IP Networking: Unit 9: Slide 35
VTP Planning Steps
• Step 1: Configure the VTP mode using the vtp mode {server | client} global
configuration command.
• Step 2: Configure the VTP (case-sensitive) domain name using the vtp
domain domain-name global configuration command.
• Step 3: (Optional) On both clients and servers, configure the same casesensitive password using the vtp password password-value global
configuration command.
• Step 4: (Optional) Configure VTP pruning on the VTP servers using the vtp
pruning global configuration command.
• Step 5: (Optional) Enable VTP version 2 with the vtp version 2 global
configuration command.
• Step 6: Bring up trunks between the switches.
IP Networking: Unit 9: Slide 36
Summary
In this unit, students In this unit, we discussed:
•Bridge and Switching Forwarding Process including Filtering and
Flooding
•Spanning Tree Protocol including Processes Phases
•Switch Frame Processing Methods
•Cisco Switch Configuration including Interfaces, VLANs, and
Security Features
•VLANs including Trunking
IP Networking: Unit 9: Slide 37
Break
10 Min.
IP Networking: Unit 1: Slide 38
Lab Activities.
• Complete 9 Lab in class.
• All answers to overdue labs should be
submitted in the next class.
© 2011 ITT Educational Services Inc.
NT-2640 Wan Technologies: Unit 4: Slide 39
Assignment
• Unit 9 assignment will be given in class.
© 2011 ITT Educational Services Inc.
NT-2640 Wan Technologies: Unit 4: Slide 40