Nothing Special   »   [go: up one dir, main page]
Scribd Logo
Upload

Welcome to Scribd!

  • 16 views

    Chapter 2: Basic Switching Concepts and Configuration

    Uploaded by

    deepank singh
    networking

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Chapter 2: Basic Switching Concepts and Configuration

    Uploaded by

    deepank singh
    16 views33 pages
    networking

    Original Title

    13819450

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    networking

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    16 views33 pages

    Chapter 2: Basic Switching Concepts and Configuration

    Uploaded by

    deepank singh
    networking

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 33

    Chapter 2: Basic

    Switching Concepts and


    Configuration

    Routing and Switching

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
    Configuring Switch Ports
    Duplex Communication

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
    Configuring Switch Ports
    Configuring Switch Ports at the Physical
    Layer

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
    Configuring Switch Ports
    Auto-MDIX Feature
     Certain cable types (straight-through or crossover) were
    historically required when connecting devices.
     The automatic medium-dependent interface crossover (auto-
    MDIX) feature eliminates this problem.
     When auto-MDIX is enabled, the interface automatically detects
    and appropriately configures the connection.
     When using auto-MDIX on an interface, the interface speed and
    duplex must be set to auto.

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
    Configuring Switch Ports
    Verifying Switch Port Configuration

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
    Configuring Switch Ports
    Network Access Layer Issues

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
    Configuring Switch Ports
    Network Access Layer Issues (cont.)

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
    Basic Switch Configuration
    Preparing for Basic Switch Management
     To remotely manage a Cisco switch, it must be configured to
    access the network.

     An IP address and a subnet mask must be configured. switch


    virtual interface (SVI).

     If managing the switch from a remote network, a default gateway


    must also be configured.

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
    Basic Switch Configuration
    Preparing for Basic Switch Management
    (cont.)

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
    Basic Switch Configuration
    Preparing for Basic Switch Management
    (cont.)

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
    Secure Remote Access
    SSH Operation
     Because its strong encryption features, SSH should replace Telnet
    for management connections.
     SSH uses TCP port 22, by default. Telnet uses TCP port 23.

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
    Secure Remote Access
    SSH Operation (cont.)

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
    Secure Remote Access
    Configuring SSH

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
    Security Concerns in LANs
    MAC Address Flooding
     Switches automatically populate their CAM tables by watching
    traffic entering their ports.

     Switches forward traffic trough all ports if it cannot find the


    destination MAC in its CAM table.

     Such tool is a program created to generate and send out frames


    with bogus source MAC addresses to the switch port.

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
    Security Concerns in LANs
    MAC Address Flooding (cont.)

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
    Security Concerns in LANs
    DHCP Spoofing
     DHCP is a network protocol used to automatically assign IP
    information.

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
    Security Best Practices
    10 Best Practices
     Develop a written security policy for the organization.
     Shut down unused services and ports.
     Use strong passwords and change them often.
     Control physical access to devices.
     Use HTTPS instead of HTTP.
     Perform backup operations on a regular basis.
     Educate employees about social engineering attacks.
     Encrypt and password-protect sensitive data.
     Implement firewalls.
     Keep software up-to-date.

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
    Switch Port Security
    Secure Unused Ports
    Disabling unused ports is a simple, yet efficient security guideline.

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
    Switch Port Security
    DHCP Snooping
    DHCP Snooping specifies which switch ports can respond to
    DHCP requests

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
    Switch Port Security
    Port Security: Operation
     Port security limits the number of valid MAC addresses allowed on
    a port.

     Secure MAC addresses can be configured in a number of ways:


    • Static secure MAC addresses
    • Dynamic secure MAC addresses
    • Sticky secure MAC addresses

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
    Switch Port Security
    Port Security: Violation Modes
     There are three possible actions to take when a violation is
    detected:
    • Protect
    • Restrict
    • Shutdown

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
    Switch Port Security
    Dynamic Port Security Defaults

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
    Switch Port Security
    Configuring Dynamic Port Security

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
    Switch Port Security
    Configuring Port Security Sticky

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
    Switch Port Security
    Verifying Port Security Sticky

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
    Switch Port Security
    Verifying Port Security Stick – Running
    Configuration

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
    Switch Port Security
    Ports in Error Disabled State
     A port security violation can put a switch in error disabled state.
     A port in error disabled is effectively shutdown.
     The switch communicates these events through console
    messages.

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
    Switch Port Security
    Ports in Error Disabled State (cont.)
    The show interface command also reveals a switch port on
    error disabled state.

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
    Switch Port Security
    Ports in Error Disabled State (cont.)
    A shutdown or no shutdown interface configuration mode
    command must be issued to re-enable the port.

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
    Switch Port Security
    Network Time Protocol
     The Network Time Protocol (NTP) is used to synchronize the
    clocks of computer systems data networks.
     Time sources can be:
    • Local master clock
    • Master clock on the Internet
    • GPS or atomic clock

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
    Switch Port Security
    Configuring NTP

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
    Switch Port Security
    Verifying NTP

    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
    Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33

    You might also like