ccna exp3 - chapter02 - basic switch concepts and configurations_dpf
TRANSCRIPT
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
1/132
Chapter 2: Basic switch concepts
an con gura ons
CCNA Exploration 4.0
1
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
2/132
Overview
Hc vin m ng Bach Khoa - Website: www.bkacad.com 2
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
3/132
Ke elements ofethernet/802.3
network
Hc vin m ng Bach Khoa - Website: www.bkacad.com 3
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
4/132
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
5/132
CSMA/CD
CSMA/CD used withEthernet performs three
???
unc ons:1. Transmitting and receiving
data packetslisten-before-transmit
???.
and checking them for
valid addresses beforeTransmitting&
layers of the OSI model3. Detecting errors within
data ackets or on the
.
network
???
Hc vin m ng Bach Khoa - Website: www.bkacad.com 5
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
6/132
CSMA/CD
Flow chart
Hc vin m ng Bach Khoa - Website: www.bkacad.com 6
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
7/132
Backoff
After a collision occurs andall stations allow the cable to
Randomly Backoff Time
full inter-frame spacing)The stations that collided
potentially progressivelylonger period of time beforeattempting to retransmit thecollided frameThe waiting period isintentionally designed to be
randomIf the MAC layer is unable tosend the frame after sixteen
Hc vin m ng Bach Khoa - Website: www.bkacad.com 7
a emp s , g ves up angenerates an error to thenetwork layer
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
8/132
Ethernet Communications
Hc vin m ng Bach Khoa - Website: www.bkacad.com 8
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
9/132
Remind
Layer 1: 802.3Layer 2: 802.2
Hc vin m ng Bach Khoa - Website: www.bkacad.com 9
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
10/132
Ethernet frame structure
At the data link layer the framestructure is nearly identical for all s eeds of Ethernet from 10
Mbps to 10,000 MbpsAt the physical layer almost allversions of Ethernet aresubstantially different fromone another with each speedhaving a distinct set of architecture design rulesThe Ethernet II Type field isincorporated into the current
. .receiving node must determinewhich higher-layer protocol is
Hc vin m ng Bach Khoa - Website: www.bkacad.com 10
by examining the Length/Typefield
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
11/132
Ethernet frame structureThe Preamble is used for timing synchronization in theasynchronous 10 Mbps and
Synchronization, Address types
s ower mp emen a ons oEthernet. Faster versions of Ethernet are synchronous, and
10101011
redundant but retained for
compatibilitycontains the MAC destinationaddress. It can be unicast ,multicast rou , or broadcast(all nodes)The source address isgenerally the unicast address
Hc vin m ng Bach Khoa - Website: www.bkacad.com 11
of the transmitting Ethernet
node (can be virtual entity group or multicast)
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
12/132
Ethernet frame structure
The type value specifies theupper-layer protocol toreceive the data after
Length if value < 1536 decimal,
Ethernet processing iscompleted.The length indicates the
upper protocol
number of bytes of data thatfollows this field. (so contentsof the Data field are decodedper the protocol indicated)The maximum transmissionunit ( MTU) for Ethernet is
,should not exceed that sizeEthernet requires that the4bytes
Hc vin m ng Bach Khoa - Website: www.bkacad.com 12
octets or more than 1518octets (Pad is required if notenou h data
Type if value => 1536 decimal,
(0x600) it identify upper protocol
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
13/132
Naming on Ethernet
MAC ADDRESS
12 hexadecimal digits
Sometimes referred to as burned-in addresses ( BIA) because they are
Hc vin m ng Bach Khoa - Website: www.bkacad.com 13
burned into read-only memory (ROM) and are copied into random-access
memory (RAM) when the NIC initializes
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
14/132
OUI
Hc vin m ng Bach Khoa - Website: www.bkacad.com 14
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
15/132
Ethernet in full duplex
ul l - d u pl
Collision occurs only in half-duplex
--
F ul l -
x
u pl ex
If the attached station is operating in full duplex then the station may
. -duplex operation also changes the timing considerations andeliminates the concept of slot time
-
Hc vin m ng Bach Khoa - Website: www.bkacad.com 15
, ,(timing synchronization) preamble, DA, SA, certain other header information, actual data payload, FCS
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
16/132
Ethernet in full duplex
Hc vin m ng Bach Khoa - Website: www.bkacad.com 16
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
17/132
Ethernet in full duplex
Hc vin m ng Bach Khoa - Website: www.bkacad.com 17
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
18/132
Note
Fast Ethernet and 10/100/1000 ports: default is auto. 100BASE-FX orts: default is full.
10/100/1000 ports operate in either half- or full-duplexmode when they are set to 10 or 100 Mb/s, but when set to, s, ey opera e on y n u - up ex mo e.
the corresponding switch port to half-duplex mode.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 18
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
19/132
auto-MDIX
auto-MDIX is enabled switch auto detects cable t e
can use either a crossover or a straight-through
The auto-MDIX feature is enabled by default on switchesrunning Cisco IOS Release 12.2(18)SE or later. For releases between Cisco IOS Release 12.1 14 EA1 and12.2(18)SE, the auto-MDIX feature is disabled by default.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 19
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
20/132
MAC Addressing and Switch MAC AddressTables
Hc vin m ng Bach Khoa - Website: www.bkacad.com 20
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
21/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 21
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
22/132
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
23/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 23
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
24/132
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
25/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 25
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
26/132
Bandwidth and Throuhgput
Hc vin m ng Bach Khoa - Website: www.bkacad.com 26
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
27/132
Collision Domains
Hc vin m ng Bach Khoa - Website: www.bkacad.com 27
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
28/132
Collision Domains
Hc vin m ng Bach Khoa - Website: www.bkacad.com 28
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
29/132
Broadcast Domains
Hc vin m ng Bach Khoa - Website: www.bkacad.com 29
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
30/132
Broadcast Domains - Example
When a switch receives a broadcast frame, it forwards the frame to each ofits ports, except the incoming port where the switch received the broadcastframe. Each attached device recognizes the broadcast frame and processes
.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 30
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
31/132
Broadcast Domains - Example
Hc vin m ng Bach Khoa - Website: www.bkacad.com 31
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
32/132
Network Latency
Hc vin m ng Bach Khoa - Website: www.bkacad.com 32
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
33/132
Network Congestion
Causes of network con estion:
Increasingly powerful computer and networktechnologies. Increasing volume of network traffic. High-bandwidth applications.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 33
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
34/132
LAN Segmentation
Hc vin m ng Bach Khoa - Website: www.bkacad.com 34
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
35/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 35
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
36/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 36
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
37/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 37
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
38/132
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
39/132
Removing Network Bottlenecks
Hc vin m ng Bach Khoa - Website: www.bkacad.com 39
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
40/132
Switch Packet
Forwarding Methods
Hc vin m ng Bach Khoa - Website: www.bkacad.com 40
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
41/132
Switch Packet Forwarding Methods
Hc vin m ng Bach Khoa - Website: www.bkacad.com 41
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
42/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 42
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
43/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 43
d h
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
44/132
Symmetric and Asymmetric Switching
Hc vin m ng Bach Khoa - Website: www.bkacad.com 44
P B d d Sh d M B ff i
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
45/132
Port Based and Shared Memory Buffering
Hc vin m ng Bach Khoa - Website: www.bkacad.com 45
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
46/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 46
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
47/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 47
L 3 S it h d R t C i
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
48/132
Layer 3 Switch and Router Comparison
Hc vin m ng Bach Khoa - Website: www.bkacad.com 48
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
49/132
Review you understanding
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
50/132
Review you understanding
Hc vin m ng Bach Khoa - Website: www.bkacad.com 50
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
51/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 51
The Command Line Interface Modes
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
52/132
The Command Line Interface Modes
Hc vin m ng Bach Khoa - Website: www.bkacad.com 52
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
53/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 53
GUI-based Alternatives to the CLI
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
54/132
GUI based Alternatives to the CLI
Hc vin m ng Bach Khoa - Website: www.bkacad.com 54
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
55/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 55
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
56/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 56
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
57/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 57
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
58/132
Console Error Messages
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
59/132
g
Hc vin m ng Bach Khoa - Website: www.bkacad.com 59
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
60/132
Configure the Command History Buffer
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
61/132
g y
Hc vin m ng Bach Khoa - Website: www.bkacad.com 61
Describe the Boot Sequence
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
62/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 62
Prepare to Configure the Switch
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
63/132
Step 1
Hc vin m ng Bach Khoa - Website: www.bkacad.com 63
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
64/132
Step 2
Hc vin m ng Bach Khoa - Website: www.bkacad.com 64
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
65/132
Step 3
Hc vin m ng Bach Khoa - Website: www.bkacad.com 65
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
66/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 66
Management Interface Considerations
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
67/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 67
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
68/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 68
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
69/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 69
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
70/132
Configure Duplex and Speed
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
71/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 71
Configure a Web Interface
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
72/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 72
Managing the MAC Address Table
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
73/132
- -
Hc vin m ng Bach Khoa - Website: www.bkacad.com 73
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
74/132
Show running-config
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
75/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 75
Show interfaces
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
76/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 76
Backing Up the Configuration
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
77/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 77
Restoring the Configuration
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
78/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 78
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
79/132
Clearing Configuration Information
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
80/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 80
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
81/132
Confi Password
o tions
Hc vin m ng Bach Khoa - Website: www.bkacad.com 81
Configure Console Access
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
82/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 82
Secure the vty Ports
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
83/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 83
Configure EXEC Mode Passwords
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
84/132
Clear text password
Encrypted, Priority than enable password
Hc vin m ng Bach Khoa - Website: www.bkacad.com 84
Configure Encrypted Passwords
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
85/132
After
e ore
Hc vin m ng Bach Khoa - Website: www.bkacad.com 85
Enable Password Recovery
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
86/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 86
Password Recovery
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
87/132
Step 1. Connect a terminal or PC with terminal-emulation software tothe switch console port.
Step 2. Set the line speed on the emulation software to 9600 baud.
Step 3. Power off the switch. Reconnect the power cord to the switchand within 15 seconds, press the Mode button while the System LED isstill flashing green. Continue pressing the Mode button until the SystemLED turns briefly amber and then solid green. Then release the Modebutton.
Step 4. Initialize the Flash file system using the flash_init command.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 87
_
Password Recovery
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
88/132
Step 6. Display the contents of Flash memory using the dir flashcommand:
The switch file system appears:
Directory of flash: 13 drwx 192 Mar 01 1993 22:30:48 c2960-lanbase-mz.122-25.FX 11 -rwx 5825 Mar 01 1993 22:31:59 config.text 18 -rwx 720 Mar 01 1993 02:21:30 vlan.dat
y es o a y es ree
Step 7. Rename the configuration file to config.text.old, which containsthe assword definition usin the rename flash:confi .text flash:config.text.old command.
Step 8. Boot the system with the boot command.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 88
Password Recovery
S 9 Y d h E N h d h
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
89/132
Step 9. You are prompted to start the setup program. Enter N at the prompt, and thenwhen the system prompts whether to continue with the configuration dialog, enter N.
. , .
Step 11. Rename the configuration file to its original name using the renameflash:config.text.old flash:config.text command.
Step 12. Copy the configuration file into memory using the copy flash:config.textsystem:running-config command. After this command has been entered, the follow isdisplayed on the console:
Source filename [config.text]?
Destination filename [running-config]?
Press Return in response to the confirmation prompts. The configuration file is nowreloaded, and you can change the password.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 89
Password Recovery
S 13 E l b l fi i d i h fi i l
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
90/132
Step 13. Enter global configuration mode using the configure terminalcommand.
Step 14. Change the password using the enable secretpasswordcommand.
Step 15. Return to privileged EXEC mode using the exit command.
.using the copy running-config startup-config command.
Ste 17. Reload the switch usin the reload command.
Note: The password recovery procedure can be different depending onthe Cisco switch series so ou should refer to the roduct
Hc vin m ng Bach Khoa - Website: www.bkacad.com 90
documentation before you attempt a password recovery.
Configure a Login Banner
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
91/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 91
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
92/132
Telnet and SSH
R l l f i h d
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
93/132
Remote control tool of switch and router SSH encr t data before transmit
Hc vin m ng Bach Khoa - Website: www.bkacad.com 93
Configuring Telnet
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
94/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 94
Configuring SSH
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
95/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 95
Configuring SSH
The switch supports SSHv1 or SSHv2 for the server component The
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
96/132
The switch supports SSHv1 or SSHv2 for the server component. Theswitch supports only SSHv1 for the client component.
To implement SSH, you need to generate RSA keys. Step 1. Enter global configuration mode using the configure terminal
command. Step 2. Configure a hostname for your switch using thehostnamehostname command.
Step 3. Configure a host domain for your switch using the ip domain-namedomain_name command.
Ste 4. Enable the SSH server for local and remote authentication on theswitch and generate an RSA key pair using the crypto key generate rsacommand.
Step 5. Return to privileged EXEC mode using the end command. Ste 6. Show the status of the SSH server on the switch using the show ip
ssh or show ssh command.
To delete the RSA key pair, use the crypto key zeroize rsa globalconfiguration command. After the RSA key pair is deleted, the SSH server is automatically disabled.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 96
Configuring the SSH Server
Step 1. Enter global configuration mode using the configure terminal
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
97/132
Step 1. Enter global configuration mode using the configure terminalcommand.
.the ip ssh version [1 | 2] command.
,SSH server selects the latest SSH version supported by the SSHclient. For example, if the SSH client supports SSHv1 and SSHv2,the SSH server selects SSHv2.
Step 3. Configure the SSH control parameters:
Specify the time-out value in seconds: default of 10 minutes.
Specify the number of times that a client can re-authenticate to theserver. The default is 3; the range is 0 to 5
Hc vin m ng Bach Khoa - Website: www.bkacad.com 97
Command: ip ssh {timeoutseconds | authentication-retriesnumber}.
Configuring the SSH Server
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
98/132
Ste 4. Return to rivile ed EXEC mode usin the endcommand.
Step 5. Display the status of the SSH server connectionson the switch using the show ip ssh or the show sshcommand.
Step 6. (Optional) Save your entries in the configuration fileusing the copy running-config startup-config command.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 98
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
99/132
La er 2 common
securit attacks
Hc vin m ng Bach Khoa - Website: www.bkacad.com 99
Types of Attacks
MAC Address Flooding
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
100/132
MAC Address Flooding DHCP "starvation"
Hc vin m ng Bach Khoa - Website: www.bkacad.com 100
MAC Address Flooding
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
101/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 101
MAC Address Flooding
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
102/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 102
MAC Address Flooding
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
103/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 103
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
104/132
MAC Address Flooding
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
105/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 105
Mitigating MAC the Address Flooding
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
106/132
switch(config-if)#
switchport port-security
.
switch(config-if)#
switchport port-security [mac_addr]
Enable port security and set specific MAC address(H.H.H).
Hc vin m ng Bach Khoa - Website: www.bkacad.com 106
Mitigating MAC the Address Flooding
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
107/132
switch(config-if)#
switchport port-security maximum (1-132)
.
switch(config-if)#switchport port-security violation shutdown [protect |restrict | shutdown]
Set action on violation.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 107
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
108/132
Mitigating MAC Spoofing Attacks - CatOS
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
109/132
switch> (enable)
set port security enable [mac_addr]
.
switch> (enable)
set port security mac_addr
Set MAC addresses.
switch> (enable)
set port security violation [shutdown|restrict]
Hc vin m ng Bach Khoa - Website: www.bkacad.com 109
Specify action to take when violation occurs.
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
110/132
ARP Spoofing
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
111/132
192.168.10.0/24..
.1!
.3.2 Attacker
Hc vin m ng Bach Khoa - Website: www.bkacad.com 111
Mitigating ARP Spoofing with DHCP Snoopingand DAI
f
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
112/132
switch(config)#
ip dhcp snooping
Enable DHCP Snoo in .
ip dhcp snooping vlan vlan_id {,vlan_id}
switch(config)#
Enable DHCP Snooping for specific VLANs.switch(config-if)#
ip dhcp snooping trust
Hc vin m ng Bach Khoa - Website: www.bkacad.com 112
purposes.
Mitigating ARP Spoofing with DHCP Snoopingand DAI (Cont.)
i h( fi if)#
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
113/132
switch(config-if)#
ip dhcp snooping limit rate rate
Set rate limit for DHCP Snoo in .
Hc vin m ng Bach Khoa - Website: www.bkacad.com 113
Spoofing Attacks
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
114/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 114
Solution:
Cisco Catalyst DHCP SnoopingP S i F l i hi d l
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
115/132
Port Securit Features later in this module
Hc vin m ng Bach Khoa - Website: www.bkacad.com 115
Solution: Cisco Catalyst DHCP Snooping
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
116/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 116
Config DHCP Snooping
Step 1. Enable DHCP snooping using the ip dhcp snooping globalconfiguration command.
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
117/132
Step 2. Enable DHCP snooping for specific VLANs using the ip dhcpsnooping vlan number [number] command.
Step 3. Define ports as trusted or untrusted at the interface level bydefining the trusted ports using the ip dhcp snooping trust command.
Step 4. (Optional) Limit the rate at which an attacker can continuallysend bogus DHCP requests through untrusted ports to the DHCPserver using the ip dhcp snooping limit raterate command.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 117
CDP Attacks
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
118/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 118
Solution
Disable the use of CDP on devices that do not need to useit.
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
119/132
it.
Hc vin m ng Bach Khoa - Website: www.bkacad.com 119
Telnet Attacks
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
120/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 120
Security tools
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
121/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 121
Network Security Tools Features
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
122/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 122
Using Port Security to Mitigate Attacks
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
123/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 123
Type of security mac address
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
124/132
switch ort ort-securit mac-address
switchport port-security mac-address sticky
Hc vin m ng Bach Khoa - Website: www.bkacad.com 124
Violation types
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
125/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 125
Port security default
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
126/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 126
Config dynamic port security
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
127/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 127
Config port security sticky
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
128/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 128
Verify
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
129/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 129
Verify
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
130/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 130
Should be Disable Unused Ports
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
131/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 131
Chapter summary
-
8/3/2019 CCNA Exp3 - Chapter02 - Basic Switch Concepts and Configurations_dpf
132/132
Hc vin m ng Bach Khoa - Website: www.bkacad.com 132