View
233
Download
0
Category
Tags:
Preview:
DESCRIPTION
networking
Citation preview
Data Communication and
Network Management
Lecture
Switching
Switch vs. Bridge
Functions of a Switch
Finding the MAC address of a web server
Finding the MAC address of a web server when
there is a switch in the network
Internal Switching Paths
Port Security
Secure MAC Addresses
Outline
Switches and Bridges are both Layer 2 devices (Data Link Layer )
Packet forwarding in Bridges are performed using software while
in Switches it is performed using ASICs (Application Specific
Integrated Circuits).
Switches operate comparatively higher speeds that Bridges.
Method of switching of a Bridge is store and forward while in a
switch it can be store and forward, cut-through or fragment-free.
A switch has more ports than a Bridge.
Bridges can operate only in half duplex mode, but a Switch can
operate both in half duplex or full duplex mode.
Switch vs. Bridge
Address Learning
Forward / Filter Decisions
Loop Avoidance
Functions of a Switch
Address Learning
Address Learning Cont.
Address Learning cont.
Forward / Filter Decisions Cont.
If multiple connections between switches are
created for redundancy purposes, network loops
can occur
Spanning Tree Protocol (STP) is used to stop
network loops while still permitting redundancy
Loop Avoidance
Internal Switching Paths
Port security feature can be used to restrict input to an interface by
limiting and identifying MAC addresses of the workstations that are
allowed to access the port.
When you assign secure MAC addresses to a secure port, the port does
not forward packets with source addresses outside the group of
defined addresses.
Port Security
Limits the number of MAC addresses associated with a port
- Limits number of sources that can forward frames into that switch port
Port Security Cont.
Restrict port Ethernet 0/1 so that only three MAC addresses can be learned on the port
Port Security Cont.
Port Security Cont.
Static secure MAC addresses
Dynamic secure MAC addresses
Secure MAC Address Types
Statically configured on a switch port and stored in an address
table and in the running configuration.
Static Secure MAC Addresses
Learned dynamically from traffic that is sent through switch
port and kept only in an address table, not in running
configuration.
Dynamic Secure MAC Addresses
A switchport violation occurs in one of two situations:
When the maximum number of secure MAC addresses
has been reached
An address learned or configured on one secure interface
is seen on another secure interface in the same VLAN
When a port security address violation occurs, the options for
action to be taken on a port include
shutdown | restrict | protect (The default is shutdown)
Address Violation
Protect—When a violation occurs, this mode permits traffic from
known MAC addresses to continue to be forwarded while dropping
traffic from unknown MAC addresses and no notification action is
taken.
Restrict—When a violation occurs, this mode permits traffic from
known MAC addresses to continue to be forwarded while dropping
traffic from unknown MAC addresses, syslog message is logged, SNMP
trap is sent
Shutdown—This mode is the default violation mode and when a
violation occurs, switch will automatically force the switchport into a
disabled state and forwards no traffic.
Address Violation Cont.
Address Violation Configurations
Address Violation Configurations Cont.
Recommended