Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Advanced Switches
Chapter 4
www.classdemo.com
• Ethernet Technology● Principles of Ethernet
● CSMA/CD
● Ethernet Switch Features● Virtual LANs
● Access Port
● Trunks
● STP
● Broadcast Storms
● Link Aggregation
● PoE
● Port Monitoring
● Port Mirroring
● User Authentication
Outline
www.classdemo.com
Ethernet IEEE 802.3
10Base5 (Thicknet) 10Base2 (thinnet or Cheapernet)
www.classdemo.com
CSMA/CD
Carrier Sense Multiple Access / Collision Detection
• Scalability Limits
• Collision Domain
www.classdemo.com
One Collision Domain
Half-Duplex
Layer 1
www.classdemo.com
Four Collision Domain
Full-Duplex
Layer 2
Every switchport is its own collision domain
www.classdemo.com
Types of Ethernet
Ethernet Standard Media Type Bandwidth Capacity Distance Limitation
10Base5 Coax (thicknet) 10 Mbps 500 m
10Base2 Coax (thinnet) 10 Mbps 185 m
10Base-T Cat 3 (or higher) UTP 10 Mbps 100 m
100Base-TX Cat 5 (or higher) UTP 100 Mbps 100 m
100Base-FX MMF 100 Mbps 2 km
1000Base-T Cat 5e (or higher) UTP 1 Gbps 100 m
1000Base-TX Cat 6 (or higher) UTP 1 Gbps 100 m
1000Base-LX MMF/SMF 1 Gbps 5 km
1000Base-LH SMF 1 Gbps 10 km
1000Base-ZX SMF 1 Gbps 70 km
www.classdemo.com
Types of Ethernet (continued…)
Ethernet Standard Media Type Bandwidth Capacity Distance Limitation
10GBase-SR MMF 10 Gbps 26-82 m
10GBase-LR SMF 10 Gbps 10 km
10GBase-ER SMF 10 Gbps 40 km
10GBase-SW MMF 10 Gbps 300 m
10GBase-LW SMF 10 Gbps 10 km
10GBase-EW SMF 10 Gbps 40 km
10GBase-T Cat 6A (or higher) UTP 10 Gbps 100 m
100GBase-SR10 MMF 100 Gbps 125 m
100GBase-LR4 SMF 100 Gbps 10 km
100GBase-ER4 SMF 100 Gbps 40 km
www.classdemo.com
Virtual LANs
www.classdemo.com
Switch Access Port Configuration
www.classdemo.com
Trunk Access (dot1q)
www.classdemo.com
Switch Trunk Port Configuration
www.classdemo.com
Corruption of a Switch’s MAC Table
www.classdemo.com
Broadcast Storms
www.classdemo.com
STP Operation
www.classdemo.com
Port Types with equal cost
www.classdemo.com
Port Types with different cost
www.classdemo.com
• Blocking: The port remains in the blocking state for 20 seconds by default. During this time, the nondesignated port evaluates BPDUs in an attempt to determine its role in the spanning tree.
• Listening: The port moves from the blocking state to the listening state and remains in this state for 15 seconds by default. During this time, the port sources BPDUs, which inform adjacent switches of the port’s intent to forward data.
STP Port States
BPDU = Bridge Protocol Data Units
www.classdemo.com
• Learning: The port moves from the listening state to the learning state and remains in this state for 15 seconds by default. During this time, the port begins to add entries to its MAC address table.
• Forwarding: The port moves from the learning state to the forwarding state and begins to forward frames.
STP Port States
BPDU = Bridge Protocol Data Units
www.classdemo.com
Link Aggregation
LACP = Link Aggregation Control Protocol
www.classdemo.com
Link Aggregation
LACP = Link Aggregation Control Protocol
www.classdemo.com
Power over Ethernet (802.3af PoE)
www.classdemo.com
Port MonitoringWireshark
Network Monitor
www.classdemo.com
Port Monitoring
Unable to Capture Traffic
www.classdemo.com
Port Mirroring
www.classdemo.com
User Authentication (802.1x)
www.classdemo.com
User Authenication
802.1x
Supplicant: The device that wants to gain access to the network.
Authenticator: The authenticator forwards the supplicant’s authentication request on to an authentication server. After the authentication server authenticates the supplicant, the authenticator receives a key that is used to communicate securely during a session with the supplicant.
Authentication server:
The authentication server (for example, a Remote Authentication Dial In User Service [RADIUS] server) checks a supplicant’s credentials. If the credentials are acceptable, the authentication server notifies the authenticator that the supplicant is allowed to communicate on the network. The authentication server also gives the authenticator a key that can be used to securely transmit data during the authenticator’s session with the supplicant.
NAC Verify characteristics of the device seeking admission to the network.
www.classdemo.com
Switch Management
Unmanaged
• Does not support an IP address
• No console port
Managed
• IP assigned
• Console access is most secure
• Encrypted Password
• OOB
• SSH
www.classdemo.com
Management Access
www.classdemo.com
Management Access
www.classdemo.com
First-Hop Redundancy
HSRP
GLBP
VRRP
CARP
www.classdemo.com
Advanced Switches
Chapter 4
www.classdemo.com