Thursday, January 6, 2011

Understanding Virtual LANs

Understanding Virtual LANs
  • Logical Segmentation/Partitioning of a switch
  • Traffic can only pass to end devices of the same vlan
  • Totally no traffic can pass to other vlans
  • Best practice is to use a unique subnet (network) for each vlan


 How does VLAN work?
  •  When a frame enters a switch, it will be tagged with a vlan information.
Creating VLANs

1. Creating a VLAN From Privilege Mode
    Switch#vlan database
    Switch(vlan)#vlan 2
    Switch(vlan)#exit


2. Creating VLAN from Global Configuration
    Switch(config)#vlan 2

Assigning Ports to a VLAN

    Switch(config)#interface fastethernet 0/1
    Switch(config-if)#switchport mode access
    Switch(config-if)#switchport access vlan 2

Note: You can also create a vlan by assigning a port to a vlan that is not yet created.

Note: The vlan information is saved in vlan.dat located in flash memory.


VLAN Creation Guidelines

  • The maximum number of VLANs is switch-dependent.
  • Most Cisco Catalyst desktop switches support 128 separate spanning-tree instances, one per VLAN.
  • VLAN 1 is the factory default Ethernet VLAN. 
  • Cisco Discovery Protocol and VTP advertisements are sent on VLAN 1.
  • The Cisco Catalyst switch IP address is in the management VLAN (VLAN 1 by default).

VLAN Membership Modes

Verifying the VLANs Created

witch#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
2    VLAN0002                         active   
1002 fddi-default                     active   
1003 token-ring-default               active   
1004 fddinet-default                  active   
1005 trnet-default                    active   

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0
1002 enet  101002     1500  -      -      -        -    -        0      0
1003 enet  101003     1500  -      -      -        -    -        0      0
1004 enet  101004     1500  -      -      -        -    -        0      0
1005 enet  101005     1500  -      -      -        -    -        0      0

 Switch#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
2    VLAN0002                         active  
1002 fddi-default                     active  
1003 token-ring-default               active  
1004 fddinet-default                  active  
1005 trnet-default                    active
Posted by at No comments:

Understanding CISCO Switches

Switches Operates at Layer 2


Operating Modes of a Cisco Switch’s Port
  1. Access – ports configured with this mode is meant to connect to end devices
    ex. Switch(config-if)#switchport mode access
  2. Trunk – ports configured with this mode is meant to connect to other switches to propagate                vlan-tagged information
     ex. Switch(config-if)#switchport mode trunk
  3. Dynamic Desirable – ports configured with this mode will actively try to  from trunk link with other switches
     ex. Switch(config-if)#switchport mode dynamic desirable
  4. Dynamic Auto – ports configured with this mode will passively form trunk link with other switches. (The port on the other end should operate either in Dynamic Desirable or Trunk in              order to form trunk link)
     ex. Switch(config-if)#switchport mode dynamic auto
Switch Operation: Learning
  • When a frame enters a switch, the switch learns its source mac address and the port it entered to.

Switch Operation: Filter Or Forward Decision
  • When the switches doesn’t know about the destination mac address, if floods the frame.
 Summary of a Switch’s Logic
  1.  Whenever a frame enters a switch, its source mac address and entered port is learned.
  2.  The switch decides whether to forward or filter the frame by looking for the destination mac address  from the mac address table. 
  •   When it is found, the port where it entered and the port where that mac address was learned from are compared.
               a.  If they are the same, the frame will be dropped.
               b. If they are not the same, the frame will be forwarded to the destination port.
  • When it is not found, the frame is flooded. (This is why switches would always flood layer 2 broadcast messages, because ff:ff:ff:ff:ff:ff would never end up in MAC table.)
 Virtual LANs: Ultimate Solution to Broadcast Messages
  • Segmentation
  • Flexibility
  • Security
 VLAN = Broadcast Domain = Logical Network (Subnet)


Posted by at No comments:

Solving Network Challenges with Switched LAN Technology

LAN Segment Limitations

  • Signals degrade with transmission distance.
  • Each Ethernet type has a maximum segment length.

 Extending LAN Segments

  • Shares bandwidth
  • Extends cable distances
  • Repeats or amplifies signal 

    Problems Using Hubs

     Network Congestion

    • High-performance PCs
    • More networked data
    • Bandwidth-intensive applications

       Collisions and Collision Domain





       Collision Domain pertains to a group of end devices that have the tendencies for their data to collide.



      Shared Bandwidth

      No Intelligence

      • Eats up bandwidth
      • Unnecessary processing of frames
      • Security threat



      Bridges
      •  Operate at Layer 2 of the OSI model
      •  Forward, filter, or flood frames
      •  Have few ports
      •  Are slow

      LAN Switch
      •  High port density
      •  Large frame buffers
      •  Mixture of port speeds
      •  Fast internal switching (ASIC)
      Collision Domains = No. of Ports

      Switches Supersede Bridges
      • Operate at Layer 2 of the OSI model
      • Forward, filter, or flood frames
      • Have many ports
      • Are fast
      Posted by at No comments:

      Starting a CISCO Switch

      Basic Switch Configuration

      User-exec mode:
          Limited examination of a switch / router
                   Prompt is <hostname> + “>”
          Switch>

      Privilege-exec mode:
          Detailed examination of a switch / router
          Debugging / Administration / Prerequisite for other config modes                
          Prompts is <hostname> + “#”
          Switch#   

      Global configuration mode:
          Configuration that affects the whole device
          Prerequisite for other config modes
          Prompt is <hostname> + “(config)#”
          Switch(config)#

      Interface mode:
          Per interface configuration
          Prompt is <hostname> + ”(config-if)#”
          Switch(config-if)#




      Ways to Manage a Cisco Switch:


      Console - Needs a physical connection from an end device to the
                        switch using a console cable then running a terminal
                        application in the end device.

      Telnet    - The switch and the end devices needs to be connected in
                        the network.
                   - A switch must be configured first before it could be managed this way.

      Modem  - The switch’s aux port must be connected to a modem and the
                       modem needs to be connected to a phone line.
                     - A switch must be configured first before it could be
                       managed this way.




      Setting Device Name:
      Switch(config)#hostname Switch1 -> sets an identifier for a device
      Switch1(config)#

      Setting Console Password:
      Switch1(config)#line con 0 -> switches to console management mode
      Switch1(config-line)#password cisco -> sets the console password
      Switch1(config-line)#login -> console password will be used

      Setting Telnet Password:
      Switch1(config)#line vty 0 4 -> switches to telnet management mode
      Switch1(config-line)#password cisco -> sets the telnet password
      Switch1(config-line)#login -> telnet password will be used

      Setting Enable Password:
      Switch1(config)#enable password cisco -> sets the enable password
      Switch1(config)#enable secret ccna -> sets the secured enable password

      Encrypting Passwords:
      Switch1(config)#service password-encryption -> encrypts all passwords

      Saving the Configuration:
      Switch#copy <source> <destination>
      Switch#copy running start -> saves the configuration
                                OR
      Switch#write -> saves the configuration

      Setting the IP address of a Switch:
      Switch(config)#interface vlan 1
      Switch(config-if)#ip address 10.10.10.1 255.255.255.0
      Switch(config-if)#no shutdown
      NOTE: the ip address assigned in “interface vlan 1” is the address that other devices must use to managed the switch.

      Setting the Default Gateway of a Switch:
      Switch(config)#ip default-gateway 10.10.10.254
      NOTE: the default-gateway address is where the traffic, originated by the switch, will go when communicating to other network.



      Configuring a More Secure Authentication:
      Switch(config)#username teacher password cisco -> creates a local account

      Switch(config)#line con 0
      Switch(config-line)#no login 0 -> means do not use the console password
      Switch(config-line)#login local -> means use the local account as console password

      Switch(config)#line vty 0 4
      Switch(config-line)#no login -> means do not use the telnet password
      Switch(config-line)#login local -> means use the local account as telnet  password

      Configuring Banners:
      Switch(config)#banner motd $ <Message> $ -> configures a message that will be viewed by anyone who connects to this device.

      Switch(config)#banner login $ <Message> $ -> configures a message that will be viewed by anyone who connects to this device through telnet.

      Example:

      *************************************************
                                                                      
           CISCO SYSTEMS INCORPORATED  

      *************************************************
      You are connected to 2948G-L3

      Unauthorized Entry Is Strictly PROHIBITED!!!
      Disconnect Immediately!!!
      Contact the Cisco Network Administrator.

      Verifying the Configuration:
      Switch#show running -> shows the running config (most recent config)

      Switch#show startup -> shows the startup config (saved config)

      NOTE: the show running / show startup commands would let you view the ff:

          Global configurations
          Interface configurations
          Routing / Services configurations
          Console and Telnet management configurations

      Commonly Used Show Commands:
      Switch#show version -> shows the hardware and software information
      Switch#show ip interface brief -> shows the summary of the interfaces
      Switch#show interface <interface type> <module / port> -> shows the detailed information of an interface.
      Switch#show mac-address-table -> shows the content of the MAC table.

      Identifying directly connected CISCO Devices:
      Switch#show cdp neighbor {detail} -> shows the directly connected Cisco devices
      NOTE:  *to disable this feature for the whole switch, type in “no cdp run” from global config
                   *to disable this feature per interface, type in “no cdp enable” at interface mode
      Posted by at No comments:

      Monday, January 3, 2011

      Connecting to an Ethernet LAN

      Network Interface Card



      CISCO Fiber Optic GBICs



      Unshielded Twisted-Pair Cable


      RJ-45 Connectors


      Straigh Through vs. Crossover



      Cable Types:

      1. Straight-through cable
      •  same pin orientation on both ends
      •  used to connect pc to switch and switch to router.
      2.  Cross-over cable
      • 1 & 3, 2 & 6 exchange pins on both ends.
      • used to connect switch-switch (trunk connections)
      3.  Rollover cable (console cable)
      • all pins exchange positions
      • used to connect to console port of router/switch to pc

      UTP Implementation (Straight-through)


       UTP Implementation (Crossover) 

      Posted by at No comments:

      TCP and UDP


      Reliable vs. Best-Effort Comparison
       


      UDP Characteristic
      • Operates at Transport Layer of OSI and TCP/IP model
      • Provides applications with access to the network layer without the overhead of reliability mechanisms
      • Is a connectionless protocol
      • Provides limited error checking
      • Provides best-effort delivery
      • Has no data-recovery features

      TCP Characteristic
      • Transport layer of the TCP/IP stack
      •  Access to the network layer for applications
      • Connection-oriented protocol
      • Error Correction
      • Sequencing of data packets
      • Acknowledgement of receipt
      • Data-recovery features
      Posted by at No comments:

      TCP/IP Stack

      • Defines four layer
      • Uses different names for layer 1 through 3
      • Combines layer 5 through 7 into single application layer.
       
      Posted by at No comments:
      Subscribe to: Posts (Atom)