190 likes | 347 Views
Ethernet Errors and Problems. Frame size errors Short frame Long frame Jabber Collision Errors What percent collision rate is acceptable? Late collision? Why late collisions occur? How to prevent them? Solutions to prevent collisions? Broadcasts
E N D
Ethernet Errors and Problems • Frame size errors • Short frame • Long frame • Jabber • Collision Errors • What percent collision rate is acceptable? • Late collision? • Why late collisions occur? How to prevent them? • Solutions to prevent collisions? • Broadcasts • How much broadcast traffic is acceptable? • How to reduce the amount of broadcast traffic?
Ethernet Security Problems • By default, all users can see all network devices located on a physical LAN. • Anyone can observe all network traffic by plugging a network analyzer into a hub.
Solution(s)? • Securing Switch Ports • limiting device connections 1900s2(config)#mac-address-table permanent <MAC Address> e0/7 • limiting communication 1900s2(config)#mac-address-table restricted static <MAC Address> e0/6 e0/12 • limiting the number of devices 1900s2(config)#interface e/10 1900s2(config-if)#port secure max-mac-count 5
Solution(s)? • Switching Methods • Cut-Through • Store-and-Forward Switches • Fragment-Free Switching • Adaptive Cut-Through 1900s2(config)#switching-mode store-and-forward
Solution(s)? Use bridges Use switches Use routers to segment a network (Collapsed Backbone Approach) Advantages Disadvantages
Virtual LANs (VLAN) • A VLAN is a logical grouping of network devices connected to defined ports on switches. • Each VLAN is a broadcast domain within a layer-2 switched network, created by assigning ports on switches to different subnetworks.
Benefits • Simplified Network Management • Broadcast Control • Security • Flexibility and Scalability • 20% to 40% of the workforce is on move every year. • Implementing changes and moves constitutes 23% of the total network administration cost.
VLAN Membership • Static VLANs • the most secure • Dynamic VLANs • use an intelligent software to assign ports.
Creating VLANs on Cisco Catalyst 1900 1900s2>enable 1900s2#configure terminal 1900s2(config)#vlan 2 name engineering 1900s2(config)#vlan 3 name marketing : : 1900s2(config)#exit 1900s2#show vlan
Assigning Ports to VLANs 1900s2(config)#interface e0/2 1900s2(config)#vlan-membership static 2 1900s2(config)#exit 1900s2(config)#interface e0/3 1900s2(config)#vlan-membership static 2 1900s2(config)#exit : : 1900s2#show vlan Use the show vlan [#] command to gather information about a specific vlan.
Link Types and Configuration • Access Links • A device attached to an access link is unaware of a VLAN membership. • Access-link devices cannot communicate with devices outside their VLAN unless... • Trunk links • Switch-to-switch, switch-to-server, or switch-to-router 100- or 1000Mbps links that can carry traffic from multiple VLANs. • Five different states you can set for a trunk link: • Auto • Desirable • Nonegotiate • Off • On
Configuration of Trunk links 1900s2#configure terminal 1900s2(config)#interface f0/26 1900s2(config-if)#trunk on By default, all VLANs are enabled to be routed over this newly configured trunk link. 1900s2(config-if)#no trunk-vlan 2 You cleared VLAN 7 from the trunk. 1900s2#show trunk a allowed-vlans
VLAN Trunk Protocol (VTP) • Layer 2 messaging protocol • Manages all changes to the VLANs across networks. • Any changes made to a VLAN by an administrator are automatically propagated by VTP to all VTP-enabled devices. • No need for VTP if there is only a single switch or if all switches are in the same VLAN.
Using VTP • VTP devices are organized into domains. • Each domain must have at least one VTP server. • Each switch can only be in one domain. 1900s2(config)#VTP domain <domain name> • Three different modes • Server • Client • Transparent 1900s2(config)#VTP client • VTP Pruning: Reduces the number of VTP updates that traverse a link. By default, VTP pruning is disabled on all switches. 1900s2(config)#vtp pruning enable 1900s2(config)#delete vtp
Nonswitching Hubs and VLANs • Considerations to keep in mind when implementing hubs on a network that employs VLANs: • If you insert a hub into a port on a switch and then connect several devices to the hub, all the system attached to that hub will be in the same VLAN • If you must move a single workstation that is attached to a hub with several workstations, you will have to physically attach the device to another hub or switch ports in order to change its VLAN assignment • The more hosts attached at individual switch ports, the greater the microsegmentation and flexibility the VLAN can offer
Routers and VLANs • Routers are used with VLANs • to communicate each other • to increase security
VLAN Identification • Inter-Switch Link (ISL) • IEEE 802.1Q • LAN emulation • 802.10 (FDDI)