Thursday, April 17, 2014

Module 7: Spanning-Tree Protocol : Overview











Spanning-Tree Protocol (Overview)
Redundancy in a network is critical. It allows networks to be fault tolerant. Redundant topologies protect against network downtime, or nonavailability. Downtime can be caused by the failure of a single link, port, or network device. Network engineers are often required to balance the cost of redundancy with the need for network availability.
Redundant topologies based on switches and bridges are susceptible to broadcast storms, multiple frame transmissions, and MAC address database instability. These problems can make a network unusable. Therefore, redundancy should be carefully planned and monitored.
Switched networks provide the benefits of smaller collision domains, microsegmentation, and full duplex operation. Switched networks provide better performance.
Redundancy in a network is required to protect against loss of connectivity due to the failure of an individual component. However, this provision can result in physical topologies with loops. Physical layer loops can cause serious problems in switched networks.
The Spanning-Tree Protocol is used in switched networks to create a loop free logical topology from a physical topology that has loops. Links, ports, and switches that are not part of the active loop free topology do not forward data frames. The Spanning-Tree Protocol is a powerful tool that gives network administrators the security of a redundant topology without the risk of problems caused by switching loops.
This module covers some of the objectives for the CCNA 640-801 and ICND 640-811 exams.  
Students who complete this module should be able to perform the following tasks:
  • Define redundancy and its importance in networking
  • Describe the key elements of a redundant network topology
  • Define broadcast storms and describe their impact on switched networks
  • Define multiple frame transmissions and describe their impact on switched networks
  • Identify causes and results of MAC address database instability
  • Identify the benefits and risks of a redundant topology
  • Describe the role of spanning-tree in a redundant-path switched network
  • Identify the key elements of spanning-tree operation
  • Describe the process for root bridge election
  • List the spanning-tree states in order
  • Compare Spanning-Tree Protocol and Rapid Spanning-Tree Protocol
Posted by at No comments:

Module 6 : Summary

Summary
This page summarizes the topics discussed in this module.
Switches are similar to routers. They have basic computer components including a CPU, RAM, and an operating system. There are several ports that are used to connect hosts and for management. LEDs on the front of the switch show the system status, RPS, port mode, and port status. When powered on, a switch performs POST automatically to verify that the switch functions correctly. HyperTerminal can be used to configure or check the status of a switch.
Another similarity to Cisco routers is the CLI. Enter a question mark (?) to access help. A list of available commands will display. Switches provide word help and command syntax help.
Switches and routers have the same command modes. User EXEC is the default and is indicated by the greater-than character (>). The enable command changes User EXEC to Privileged EXEC as indicated by the pound sign (#). Access to Privileged EXEC mode should be password protected to prevent unauthorized use. The configure command allows other command modes to be accessed.
Default data is provided when the switch is powered up for the first time. For management purposes, a switch is assigned an IP address. Use the show version command to verify the IOS version and the configuration register settings.
Once a switch is configured with an IP address and gateway, it can be accessed through a web-based interface. This allows for the configuration and management of the switch. This service can be accessed through a web browser with the IP address and port 80, the default port for http.
A switch dynamically learns and maintains thousands of MAC addresses. If frames with a previously learned address are not received, the MAC address entry is automatically discarded or aged out after 300 seconds. The command clear mac-address-table entered in the Privileged EXEC mode can be used to manually clear address tables.
A permanent MAC address assigned to an interface ensures that the MAC address will not be aged out automatically by the switch and to enhance security. The command mac-address-table static <mac-address of host > interface FastEthernet <Ethernet number > vlan <vlan name > can be used to configure a static MAC address. Use the no form of the command to remove it. The command show port security can be used to verify port security.
The switch name, IP address, default gateway, and line passwords should be configured on a new switch that is added to a network. When a host is moved from one port or switched to another, configurations that can cause unexpected behavior should be removed. Documentation should be maintained for the current configuration and backups to the server or a disk should be performed periodically. 
Posted by at No comments:

1900/2950 password recovery / 1900/2950 firmware upgrade

1900/2950 password recovery 
6.2.8 For security and management purposes, passwords must be set on the console and vty lines. An enable password and an enable secret password must also be set. These practices help ensure that only authorized users have access to the User and Privileged EXEC modes of the switch.
There will be circumstances where physical access to the switch can be achieved, but access to the User or Privileged EXEC mode cannot be gained because the passwords are not known or have been forgotten. 
In these circumstances, a password recovery procedure must be followed.
The Lab Activities will show students how to recover a password on a Catalyst 2900 series switch.

 1900/2950 Firmware Upgrade
6.2.9 This page will explain the purpose of IOS and firmware upgrades and how they are performed.
IOS and firmware images are periodically released with bugs fixes, new features, and performance improvements. If the network can be made more secure, or can operate more efficiently with a new version of the IOS, then the IOS should be upgraded. 
To upgrade the IOS, download a copy of the new image to a local server from the Cisco Connection Online (CCO) Software Center.
The Lab Activities will show students how to upgrade the firmware of a switch.
This page concludes this lesson. The next page will summarize the main points from this module.
Posted by at No comments:

Executing adds, moves, and changes / Managing switch operating system file

Executing adds, moves, and changes 
6.2.6 The following are parameters that should be configured on a new switch that is added to a network: 
  • Switch name
  • IP address for the switch in the management VLAN
  • A default gateway
  • Line passwords
When a host is moved from one port or switch to another, configurations that can cause unexpected behavior should be removed. The switch can then be reconfigured to reflect the changes. 

The Lab Activities will teach students how to add, move, and change MAC addresses on a switch.






Managing switch operating system file
6.2.7 Network administrators should document and maintain the operational configuration files for network devices. The most current running-configuration file should be backed up on a server or disk. This is not only essential documentation, but is very useful if a configuration needs to be restored. 
The IOS should also be backed up to a local server. The IOS can then be reloaded to flash memory if needed.

The Lab Activities will show students how to create, verify, back up, and then restore a basic switch configuration.
Posted by at No comments:

Friday, October 18, 2013

Configuring port security / Executing adds, moves, and changes

Configuring port security 
6.2.5 This page will explain why port security is important and how it is configured on a Catalyst 2950 switch.
Network security is an important responsibility for network administrators. Access layer switch ports are accessible through the structured cabling at wall outlets. Anyone can plug in a PC or laptop into one of these outlets. This is a potential entry point to the network by unauthorized users. Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded. Secure MAC addresses can be configured statically. However, it is a complex task to configure secure MAC addresses statically, and is usually prone to error.
An alternative approach is to set port security on a switch interface. The number of MAC addresses per port can be limited to 1. The first address dynamically learned by the switch becomes the secure address.
To reverse port security on an interface use the no form of the command.
The command show port security can be used to verify port security status.
The Lab Activities will show students how to configure port security on a switch.
The next page will discuss some other switch configurations.

Executing adds, moves, and changes 
6.2.6 The importance of following a set procedure when adding a new switch is emphasized in the first figure. The set procedure is as follows:
  • Configure the switch name
  • Determine and configure the IP address for management purposes
  • Configure a default gateway
  • Configure administrative access for the console, auxiliary, and virtual terminal (vty) interfaces
  • Configure security for the device
  • Configure the access switch ports as necessary
The practical lab and e-Lab in this TI will enable students to add, move, and change MAC addresses.

This page will discuss some items that should be configured before a switch is added to a network.
The following are parameters that should be configured on a new switch that is added to a network:
  • Switch name
  • IP address for the switch in the management VLAN
  • A default gateway
  • Line passwords
When a host is moved from one port or switch to another, configurations that can cause unexpected behavior should be removed. The switch can then be reconfigured to reflect the changes.
The Lab Activities will teach students how to add, move, and change MAC addresses on a switch.
The next page will discuss the backup of switch configuration files.
Posted by at No comments:

Managing the MAC address table / Configuring static MAC addresses

Managing the MAC address table
6.2.3 This page will explain how switches create and manage MAC address tables.
Switches examine the source address of frames that are received on the ports to learn the MAC address of PCs or workstations that are connected to it. These learned MAC addresses are then recorded in a MAC address table. Frames that have a destination MAC address that has been recorded in the table can be switched out to the correct interface.
The show mac-address-table command can be entered in the Privileged EXEC mode to examine the addresses that a switch has learned.
A switch dynamically learns and maintains thousands of MAC addresses. To preserve memory and for optimal operation of the switch, learned entries may be discarded from the MAC address table. Machines may have been removed from a port, turned off, or moved to another port on the same switch or a different switch. This can cause confusion when frames are forwarded. For all these reasons, if no frames are seen with a previously learned address, the MAC address entry is automatically discarded or aged out after 300 seconds.
Rather than wait for a dynamic entry to age out, network administrators can use the clear mac-address-table command in Privileged EXEC mode. MAC address entries configured by network administrators can also be removed with this command. This method to clear table entries ensures that invalid addresses are removed immediately.
The Lab Activities will teach students how to create a basic switch configuration and manage the MAC address table.
The next page will discuss static MAC addresses.

Configuring static MAC addresses 
6.2.4 This page will explain how static MAC addresses are configured on a Catalyst 2900 switch.
A MAC address can be permanently assigned to an interface. The following are reasons to assign a permanent MAC address to an interface:
  • The MAC address will not be aged out automatically by the switch.
  • A specific server or user workstation must be attached to the port and the MAC address is known.
  • Security is enhanced.
The following command can be used to configure a static MAC address for a switch:
Switch(config)#mac-address-table static <mac-address of host > interface FastEthernet <Ethernet number > vlan <vlan name >
The following command can be used to remove a static MAC address for a switch:
Switch(config)#no mac-address-table static <mac-address of host > interface FastEthernet <Ethernet number > vlan <vlan name >
In the Lab Activities, students will configure static MAC addresses.
The next page will discuss port security
Posted by at No comments:

Configuring the Catalyst switch

Configuring the Catalyst switch 
6.2.2 This page will teach students how to configure a switch.
A switch may be preconfigured and only passwords may need to be entered for the User EXEC or Privileged EXEC modes. Switch configuration mode is entered from Privileged EXEC mode.
In the CLI, the default Privileged EXEC mode prompt is Switch#. In User EXEC mode the prompt is Switch>.
The following steps will ensure that a new configuration will completely overwrite the current configuration:
  • To remove the current VLAN information, delete the VLAN database file called vlan.dat from the flash directory
  • Erase the back up configuration file called startup-config
  • Restart the switch with the reload command 
Security, documentation, and management are important for every network device.
A switch should be given a hostname, and passwords should be set on the console and vty lines. 
A switch should be assigned an IP address so that it can be accessed remotely using Telnet or other TCP/IP applications. A switch should be assigned a default gateway so that when working from the command line interface, other networks can be accessed.
By default, VLAN 1 is the management VLAN. The management VLAN is used to manage all of the network devices on a network. In a switch-based network, all network devices should be in the management VLAN. All ports belong to VLAN 1 by default. A best practice is to remove all of the access ports from VLAN 1 and place them in another VLAN. This allows for management of network devices while keeping traffic from the network hosts off of the management VLAN.
The Fast Ethernet switch ports default to auto-speed and auto-duplex. This allows the interfaces to negotiate these settings. Network administrators can manually configure the interface speed and duplex values if necessary.
Some network devices can provide a web-based interface for configuration and management purposes. Once a switch is configured with an IP address and gateway, it can be accessed in this way. A web browser can access this service using the IP address and port 80, the default port for http. The HTTP service can be turned on or off, and the port address for the service can be chosen. 
Any additional software such as an applet can be downloaded to the browser from the switch. Also, the switch can be managed by a browser based graphical user interface (GUI).   
The Lab Activities will help students become more familiar with the basic configuration of a switch.
The next page will discuss MAC address tables.
Posted by at No comments:
Subscribe to: Comments (Atom)