click below
click below
Normal Size Small Size show me how
Enterprise1
CST8271 - Midterm 1
Question | Answer |
---|---|
Access Layer | Bottom layer. Interfaces with end devices. Port Security, PoE, VLANs, 100Mb |
Distribution Layer | Middle layer. Access control lists, might perform routing between VLANs. Redundancy. 1Gb-10Gb |
Core Layer | Top Layer. Backbone of network, connected to internet, forwards large amounts of data. Redundancy. 10Gb |
Benefits of a Hierarchical Network | Scalability, Redundancy, Performance, Security, Manageability, Maintainability |
Converged Network | Combining voice and video communications on a data network. |
Fixed Configuration Switches | Cannot add features or options to the switch beyond those that originally came with the switch |
Modular Switches | Flexibility in their configuration (line cards) |
Stackable Switches | Interconnected using a special backplane |
CSMA/CD | carrier sense multiple access/collision detect. Listen, if no signals can transmit, if collision detected send jam signal and random backoff time. LEGACY HUB JUNK! |
Multicast | Communication in which a frame is sent to a specific group of devices or clients. Multicast transmission clients must be members of a logical multicast group to receive the information. |
Ethernet Frame | Preamble, SFD, Dest, Source, Length/Type, Package(data), FCS |
Length/Type Field | 0x0600 or higher = protocol; less than 0x0600 = length of data in frame |
Network Latency | source NIC to place voltage pulses on the wire + propagation delay + network devices that are in the path between source and destination |
Switch Packet Forwarding Methods | Store-and-Forward Switching + Cut-through Switching |
Store-and-Forward Switching | receives the entire frame, computes CRC checks length. If frame is good look up destination and forward. |
Cut-through Switching | Forwards framer before it is entirely received, must be symmetrical network. Fast-forward and Fragment-free. |
Fast-forward switching | immediately forwards a packet after reading the destination address |
Fragment-free switching | stores the first 64 bytes of the frame before forwarding, performs small error check |
Asymmetric Switching | differing port bandwidths |
Symmetric Switching | all ports are of the same bandwidth |
Port-based Memory Buffering | Frames are stored in queues that are linked to specific incoming and outgoing ports. |
Shared Memory Buffering | common memory buffer that all the ports on the switch share |
Configure SSH | ip domain-name (name); crypto key generate rsa(at least 768); ip ssh version 2; line vty 0 15; transport input SSH |
MAC Address Flooding | Turn switch into a hub by filling up its mac address table. When it is a hub it sends frames out all ports so you can snoop. |
Spoofing | Rogue computer pretends to be a DHCP, DNS, etc. server to view all info transfered. DHCP snooping used to counter this. |
Activate dhcp snooping? | ip dhcp snooping; ip dhcp snooping trust (used on ports connected towards DHCP server) |
CDP Attacks | CDP contains information about the device that can be used to find exploits to attack your network. Disable CDP to counter. |
Port Security | set max number of MACs to associate to port, determine what happens on violation, methods of securing MAC. |
Secure MAC address types | Static + Dynamic (stored in MAC address table), Sticky (stored in running-config); switchport port-security mac-address [sticky] |
Security Violation Modes | Protect-silently drop; Restrict-Drop, Log, Count; Shutdown-Drop, Log, Count, Shutdown |
Default Port Security | Disabled; Max=1, Violation=Shutdown |
Verify Port Security | show port-security [interface] |
Tedious Security enhancement? | Disable Unused Ports |
Benefits of a VLAN | Security, Performance, Cost, Simpler project or application management |
Normal Range VLANs | 1 to 1005; 1 and 1002 to 1005 are automatically created and cannot be removed; saved in vlan.dat in flash |
Extended Range VLANs | 1006 - 4094; saved in running config |
Default VLAN | VLAN 1; immortal (cannot be deleted or renamed) |
Native VLAN | 802.1Q trunk port places untagged traffic on the native VLAN |
Management VLAN | you configure to access the management capabilities of a switch, or don't, it's your call...SECURITY! |
Voice VLANs | Used for VoIP QOS |
VLAN Switch Port Modes | Static, Dynamic, Voice |
SVI | switch virtual interface, used for layer 3 switch to route between vlans or connect to the switch. |
Trunk | Using one port to send multiple VLAN traffic over. Conserves ports but does create bottlenecks. |
802.1Q Frame Tagging | Tag added to frame when sent over a trunk (unless native vlan). |
DTP | Dynamic Trunking Protocol, used to dynamically negotiate trunk ports. Cisco only. Bad. Default is dynamic auto, why? |
ISL | Cisco LEGACY trunking protocol called inter-switch link. All frames contain ISL header or are dropped. |
Dynamic auto | listen don't send |
Dynamic desirable | listen + send |
Turn off DTP! | switchport nonegotiate |
Config port to vlan | sw mode access; sw access vlan #; no shut |
Config port to trunk | sw mode trunk; sw trunk native vlan # |
Verify Trunk | show interface trunk |
Verify VLAN | show vlan [brief] |
Delete VLANs | delete flash:vlan.dat, ports in deleted VLAN become unable to communicate |
Trunk Config Problems | Native mismatch, DTP/mode mismatch, VLAN/IP subnets, VLANs not allowed on trunk |
Proxy ARP | Router responds to an arp request for an IP in a remote network, switch will do these by default unless set with default-gateway. |
Disable CDP | global=no cdp run; interface=no cdp enable |
Username authentication | username (name) secret (password); line vty 0 15; login local |
Protect switch against rogue gateway | ip default-gateway (gateway ip) |
DHCP config | ip dhcp excluded-address (ip#); ip dhcp pool (name); network (network ip) (mask); default-router (gateway ip for pool); dns-server (dns ip); |
Remote DHCP config | int f#/# !connected to clients; ip helper-address (remote DHCP address); |
Preserve Logging | logging (syslog server IP#); logging trap (# or name of level) |
Hierarchical Network Design Principles: Network Diameter | # of devices that packet has to cross before it reaches its destination. Keeping low ensures low and predictable latency between devices. |
Hierarchical Network Design Principles: Bandwidth Aggregation | Considering the specific bandwidth requirements of each part of the hierarchy then you can aggregate links for higher throughput. |
Link Aggregation | Helps to reduce these bottlenecks of traffic by allowing up to eight switch ports to be bound together. |
Forwarding Rates | How much data switch can process. Ex: switch with 4xgigabit ports but can only process at 2 gigabit speed cannot reach full wire speed. |
Which layer of hierarchical network must support QoS? | For QoS to work all layer switches must support it. |
Configure switch management interface: | interface vlan (#); ip address (ip#) (mask); no shutdown |
Configure Encrypted Passwords: | service password-encryption; type 7 encryption, very weak |
Configure name on a vlan: | vlan (#); name (vlan name) |