6.1 - 6.7 Switch Management

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

6.5.3 Trunking Facts

Trunking occurs when you configure VLANs that span multiple switches, as shown in the following diagram: In this example, each switch has two VLANs configured with one port on each VLAN. Workstations in VLAN 1 can only communicate with other workstations in VLAN 1. This means that workstations connected to the same switch in this example cannot communicate directly with each other. Communications between workstations within each VLAN must pass through the trunk link to the other switch.

Example

Two distribution layer switches, SW1 and SW2, are connected through their respective Gi0/1 interfaces. The following commands configure a trunk link between the switches: SW1>ena SW1#conf t SW1(config)#int gi 0/1 SW1(config-if)#switchport mode trunk SW2>ena SW2#conf t SW2(config)#int gi 0/1 SW2(config-if)#switchport mode trunk

Line Configuration

Use Line Configuration mode to configure parameters for the terminal line, such as the console, Telnet, and SSH lines. CLI Mode Prompt - Switch(config-line)#

Crossover Ethernet Cable

Use a crossover Ethernet cable to connect an Ethernet port on a router directly to the NIC in a PC. Establish a VTY session from the PC to connect to the device. *If the router has an AUI port, connect one end to an AUI transceiver before you connect to the router. Pin-outs: 1 ' 3 2 ' 6 3 ' 1 6 ' 2

Rollover Ethernet Cable

Use a rollover Ethernet cable to connect the device's console port to the serial port on a PC. Connect the RJ45 end to the console port, and connect the serial end to the PC. A rollover cable is also called a console cable. *Many recently developed Cisco devices use a USB for the console connector, so you can access it with any standard USB cable. Pin-outs: 1 ' 8 2 ' 7 3 ' 6 4 ' 5 5 ' 4 6 ' 3 7 ' 2 8 ' 1

Straight-Through Ethernet Cable

Use a straight-through Ethernet cable to connect an Ethernet port on a router to an Ethernet port on a hub or switch. You can then access the router from another PC connected to the same network using a VTY connection. *If the router has an AUI port, connect one end to an AUI transceiver before you connect to the router. Pin-outs: 1 ' 1 2 ' 2 3 ' 3 6 ' 6

VLAN

A VLAN (Virtual Local Network) is a group of devices on one or more local area networks (LAN) that are configured to communicate as if they were attached to the same wire when, in fact, they could be located on a number of different LAN segments.

VLAN

A VLAN (Virtual Local Network) is a group of devices on one or more local area networks (LANs) that are configured to communicate as if they were attached to the same wire when, in fact, they could be located on a number of different LAN segments.

Virtual Terminal (VTY)

A VTY connection connects through a LAN or WAN interface configured on the device. Use a program (such as PuTTY) to open the command line interface. This is an example of in-band management. The Cisco device must be configured with an IP address before a VTY connection can be made.

Console

A console connection allows for a direct connection through a PC to the console port on the device. The PC needs a terminal emulation program (such as PuTTY) to connect to the device's command line interface. This is an example of out-of-band management. In the terminal emulation program, use the following settings: > 9600 baud (or a rate supported by your router) > Data bits = 8 (default) > Parity = None (default) > Stop bits = 1 (default) > Flow control = none

Forwarding Database

A forwarding database is a list of Layer 2 MAC addresses and the ports used to reach each device.

Managed Switch

A switch that must be configured before you use it.

6.1 Switch Access

As you study this section, answer the following questions: > What are the requirements for connecting a VTY (virtual terminal) to a Cisco device? > What types of cable can you use to connect a PC to a router console port? > What is the difference between a managed switch and an unmanaged switch? > What is the difference between in-band and out-of-band management? In this section, you will learn to: > Use the command line interface (CLI). The key terms for this section include:

6.4.2 VLAN Facts

A virtual LAN (VLAN) uses switch ports to define a broadcast domain. When you define a VLAN, you assign devices on different switch ports to a separate logical (or virtual) LAN. Although a switch can support multiple VLANs, each switch port can only be assigned to one VLAN at a time. The following graphic shows a single-switch VLAN configuration: In the single-switch VLAN configuration above, the following is true: > FastEthernet ports 0/1 and 0/2 are members of VLAN 1. > FastEthernet ports 0/3 and 0/4 are members of VLAN 2. > Workstations in VLAN 1 cannot communicate with workstations in VLAN 2 even though they are connected to the same physical switch. Communications between VLANs requires a router, just as with physical LANs. > Two broadcast domains are defined, each of which corresponds to one of the VLANs. > On Cisco switches, all ports are members of VLAN 1 by default.

In-Band Management

Allows you to perform router and switch management tasks using a standard network connection. You do this with management utilities your workstation operating system provides through a network connection. For example, tools such as Telnet and SSH provide in-band management. Using the same network connection for both data and management has several drawbacks: > You must compete with normal network traffic for bandwidth. > The network traffic created by the management utilities must have protection from sniffing to ensure that hackers cannot capture sensitive configuration information. > If the network connection is unavailable or the device si unresponsive to network communications, you cannot perform managment tasks.

Out-of-Band Management

Allows you to use a dedicated communication channel that separates management traffic from normal network traffic. Network switches aand routers allow you to use console redirection to access the device's console through a built-in serial or USB port.

Out-of-Band Management

Allows you to use a dedicated communication channel that separates management traffic from normal network traffic. Network switches and routers allow you to use console redirection to acces the device's console through a built-in serial or USB port. For example, Cisco routers andf switches do not use monitors, and you cannot connect a keyboard or a mouse directly to the device. Instead, you connect a standard PC to the device's console port to manage the device.

Unmanaged Switch

An unmanaged switch allows Ethernet devices to communicate with one another automatically using auto-negotiation to determine parameters such as the data rate and whether to half-duplex or full-duplex mode.

6.3 Switch Interface Configuration

As you study this section, answer the following questions: > How does the VLAN interface configuration mode differ from Ethernet, FastEthernet, and GigabitEthernet interface configuration modes? > What must you consider if you manually configure speed or duplex settings? > What happens when autonegotiation fails for the Ethernet interface on a Cisco device? > What is the default setting for all ports on a switch? In this section, you will learn to: > Configure switch interfaces. > Configure switch ports. The key terms for this section include:

6.4 Virtual LANs

As you study this section, answer the following questions: > What are two advantages of creating VLANs on your network? > You have two VLANs configured on a single switch. How many broadcast domains are there? How many collision domains are there? > What happens if two devices on the same switch are assigned to different VLANs? In this section, you will learn to: > Create VLANs. > Explore VLANs. The key terms for this section include:

6.5 Trunking

As you study this section, answer the following questions: > What is trunking? > Why is trunking important to VLAN configuration? > What protocol does a Cisco switch use to automatically detect trunk ports? > By default, traffic from which VLANs are allowed on trunk ports? > What is the default configuration of most Cisco switches? In this section, you will learn to: > Configure trunking > Configure the native VLAN > Configure allowed VLANs The key terms for this section include:

6.2 Switch IP Configuration

As you study this section, answer the following questions: > Why would you configure an IP address on a switch? > What does the ip address dhcp command allow you to do? In this section, you will learn to: > Configure management VLAN settings. > Configure switch IP settings. The key terms for this section include:

6.3.2 Switch Forwarding Facts

Bridges and switches build forwarding databases. A forwarding database is a list of Layer 2 MAC addresses and the ports used to reach each device. Bridges and switches automatically learn about devices to build the forwarding database, but a network administrator can also program the device database manually. When a frame arrives on a switch port (also called an interface), the switch examines the source and destination address in the frame header and uses the information to complete the following tasks:

6.3.8 Practice Questions

CIST 1401 -

6.5.9 Practice Questions

CIST 1401 -

6.1.4 Practice Questions

CIST 1401 - Switch Access

6.2.5 Practice Questions

CIST 1401 - Switch IP Configuration

6.4.7 Practice Questions

CIST 1401 - Virtual Lands

Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all.

Commonly sold at retail stores. Unmanaged switch Provides port security features. Managed switch Supports VLANs. Managed switch Provides very few configuration options. Unmanaged switch Can be configured over a network connection. Managed switch Can be configured over a dedicated communication channel. Managed switch The low-end switches available from many retail stores cannot be configured. These are called unmanaged switches. To implement an unmanaged switch, you simply plug it in to a power outlet and connect your network devices with UTP cables. While unmanaged switches are convenient and easy to implement, they lack many of the advanced management and security features available on managed switches. For example, managed switches provide port security and support VLANs.

Match each switch management method on left with its corresponding characteristics on the right. Each method may be used once, more than once, or not at all.

Competes with normal network traffic for bandwidth. In-band management Uses a dedicated communication channel. Out-of-band management Must be encrypted to protect communications from sniffing. In-band management Does not compete with normal network traffic for bandwidth. Out-of-band management Affected by network outages. In-band management Switch management tasks can be performed using the management utilities through a network connection. Such management is called in-band management because it uses a normal network connection with the switch for performing these tasks. For example, tools such as Telnet or SSH provide in-band management. Using the same network connection for both data and management has several drawbacks: > You must compete with normal network traffic for bandwidth. > The network traffic created by the management utilities must be protected from sniffing to ensure that hackers cannot capture sensitive configuration information. > If the network connection is unavailable or if the switch is unresponsive to network communications, management tasks cannot be performed. Out-of-band management, on the other hand, overcomes these problems using dedicated communication channels that separate server management traffic from normal network traffic. With network switches (and routers), you can use console redirection to redirect console output to a built-in serial or USB console port.

Config-VLAN

Config-VLAN mode: > Can perform all VLAN configuration tasks. > Applies changes immediately. *Do not confuse the Config-VLAN mode with the VLAN interface configuration mode. CLI Mode Prompt - Switch(config-vlan)#

What does the ip address dhcp command allow you to do?

Configure the switch to obtain an IP address from a DHCP server. You can use the ip address dhcp command to configure a switch or router to get its IP address from a DHCP server. The DHCP server can be configured to deliver the default gateway and DNS server addresses to the Cisco device as well. A manually configured default gateway address overrides any address received from the DHCP server.

Match the Cisco device password type on the left with its function on the right.

Controls the ability to log on through a LAN or WAN interface configured on the device. VTY Controls the ability to connect to the device using a web browser using HTTPS. SDM Controls the ability to connect to the device using a direct connection. Console The following table lists three of the most common password types that you can configure on Cisco devices, including switches and routers: Password Type - Description Console - Controls the ability to log on to the device through a console connection. VTY - Controls the abilitiy to log on to the device using a virtual terminal (VTY) connection. Exec mode - Controls the ability to switch configuration modes.

Which of the following statements describe how VLANs affect broadcast traffic within an internetwork? (Select two.)

Devices on the same VLAN have the same subnet address. Broadcast traffic is transmitted only within a VLAN. VLANs allow computers to be grouped into a common broadcast domain regardless of their physical location on the network. Broadcast traffic is seen only by computers belonging to the same VLAN. Devices sharing a VLAN ID must also share the same subnet address so that traffic can be routed between VLANs. Broadcast traffic is only transmitted to devices belonging to the same VLAN as the device that sent the broadcast. Broadcast traffic is not forwarded to the other VLANs.

Which of the following best describes the concept of a VLAN?

Devices on the same network logically grouped as if they were on separate networks. A VLAN is created by identifying a subset of devices on the same network and logically identifying them as if they were on separate networks. Think of a VLAN as a subdivision of a LAN.

You need to disable the FastEthernet 0/0 interface on a switch. Drag the command on the left to the appropriate configuration step on the right. It is possible that not all of the commands are required.

Enter global configuration mode. conf t Enter interface configuration mode. int fa0/0 Disable the interface. shutdown Verify that the interface is disabled. show ip interface brief To complete the requirements of this scenario, you need to use the following commands: > Enter global configuration mode: conf t > Enter interface configuration mode: int fa0/0 > Disable the interface: shutdown > Verify the interface status: show ip interface brief

The FastEthernet 0/0 interface on a switch is currently disabled. You need to enable it so a workstation can be connected to it. Drag the command on the left to the appropriate configuration step on the right. It is possible that not all commands are required.

Enter global configuration mode. conf t Enter interface configuration mode. int fa0/0 Enable the interface. no shut Verify that the interface is enabled. show interface status To complete the requirements of this scenario, you need to use the following commands: > Enter global configuration mode: conf t > Enter interface configuration mode: int fa0/0 > Enable the interface: no shut > Verify the interface status: show interface status

You need to configure the FastEthernet 0/1 interface on a switch to automatically detect the appropriate link speed and duplex setting by negotiating with the device connected to the other end of the link. Drag the command on the left to the appropriate configuration step on the right. It is possible that not all of the commands are required.

Enter global configuration mode. conf t Enter interface configuration mode. int fa0/1 Set the speed of the interface. speed auto Set the duplex setting for the interface. duplex auto To complete the requirements of this scenario, you need to use the following commands: > Enter global configuration mode: conf t > Enter interface configuration mode: int fa0/1 > Configure the interface to automatically detect the line speed: speed auto > Configure the interface to automatically detect duplex settings: duplex auto

2. The switch examines the destination MAC address of the frame.

If the destination MAC address of the frame is: > A broadcast address, then the switch sends a copy of the frame to all connected devices on all ports. This is called flooding the frame. > A unicast address but no mapping exists in the CAM table for the destination address, the switch floods the frame to all ports. The connected device that the frame is addressed to will accept and process the frame. All other devices will drop the frame. > A unicast address and mapping exists in the CAM table for the destination address, the switch sends the frame to the switch port specified in the CAM table. This is called forwarding the frame. > A unicast address and mapping exists in the CAM table for the destination address, but the destination device is connected to the same port from which the frame was received, the switch ignores the frame and does not forward it. This is called filtering the frame.

1. The switch examines the source MAC address of the frame and notes which switch port the frame arrived on.

If the source MAC address is: > Not in the switch's Content Addressable Memory (CAM) table, a new entry is added to the table that maps the source device's MAC address to the port on which the frame was received. Over time, the switch builds a map of the devices that are connected to specific switch ports. > Already mapped to the port on which the frame was received, no changes are made to the switch's CAM table. > Already in the switch's CAM table but the frame was received on a different switch port, the switch updates the record in the CAM table with the new port.

Switch Configuration Facts

Important facts about switch configuration include the following: > All switch ports are enabled (no shutdown) by default. > Port numbering on some switches begins at 1, not 0. For example, FastEthernet 0/1 is the first FastEthernet port on a switch. > Through auto-negotiation, the 10/100/1000 ports configure themselves to operate at the speed of attached devices. If the attached ports do not support auto-negotiation, you can explicitly set the speed and duplex parameters. > Some switches always use the store-and-forward switching method. On other models, you may be able to configure the switching method. > If the speed and duplex settings are set to auto, the switch uses auto-MDIX to sense the cable type (crossover or straight-through) connected to the port and automatically adapts itself to the cable type used. When you manually configure the speed or duplex setting, it disables auto-MDIX, so you need to be sure you use the correct cable. > By default, the link speed and duplex configurations for Ethernet interfaces in Cisco devices are set using IEEE 802.3u auto-negotiation. The interface negotiates with remote devices to determine the correct settings. However, you can disable auto-negotiation con the Cisco device and other Ethernet network hosts and manually assign static values. Devices with auto-negotiation enabled try to negotiate link speed and duplexing, but get no response. When auto-negotiation fails, Cisco devices that have auto-negotiation enabled default to the following: - The interface attempts to sense the link speed. If it cannot, it uses the slowest link speed supported on the interface (usually 10 Mbps). - If the link speed selected is 10 Mbps or 100 Mbps, half-duplex is used. If it is 1000 Mbps, full-duplex is used.

Trunking Facts

Important facts regarding trunking and VLANs include the following: > Access ports are connected to endpoint devices (such as workstations), while trunk ports are connected to other switches. > An access port can be a member of only a single VLAN. > Trunk ports are members of all VLANs on the switch by default. > Any port on a switch can be configured as a trunk port. > By default, trunk ports carry traffic for all VLANs between switches. However, you can reconfigure a trunk port so that it carries only specific VLANs on the trunk link. When trunking is used, frames that are sent over a trunk port are tagged with the VLAN ID number so the receiving switch knows which VLAN the frame belongs to. In VLAN tagging: > Tags are appended by the first switch in the path and removed by the last. > Only VLAN-capable devices understand the frame tag. > Tags must be removed before a frame is forwarded to a non-VLAN capable device. A trunking protocol defines the process that switches use to tag frames with a VLAN ID. One widely implemented trunking protocol is the IEEE 802.1Q standard, which supports a wide range of switches from many device manufacturers. 802.1Q supports VLAN numbers 1 through 4094. 802.1Q trunking does not tag frames from the default VLAN, but does tag frames from all other VLANs. For example, suppose VLAN 1 is the default VLAN on a switch (the default setting on most Cisco switches). In this configuration, any frame on VLAN 1 that is placed on a trunk link is not assigned a VLAN tag. If a switch receives a frame on a trunk port that doesn't have a VLAN tag, the frame is automatically put on VLAN 1. When using switches from multiple vendors in the same network, be sure that each device supports the 802.1Q standard. The VLAN Trunking Protocol (VTP) simplifies VLAN configuration on a multi-switch network by propagating configuration changes between switches. For VTP to work, the switches must be connected by trunk links. With VTP, switches are configured in one of the following configuration modes: > A switch in server mode is used to modify the VLAN configuration. The switch then advertises VTP information to other switches in the network. > A switch in client mode receives changes from a VTP server switch and passes that information on to other switches. Changes cannot be made to the local VLAN configuration on a client switch. > A switch in transparent mode allows local configuration of VLAN information, but it does not update its configuration with information from other switches. Likewise, local VLAN information is not advertised to other switches. However, VTP information received on the network is passed on to other switches. By default, most managed switches are preconfigured to operate in server mode. If you do not intend to use VTP, configure your switches to use transparent mode.

6.4.6 Explore VLANs

In this lab, you will explore how VLAN membership affects device communications. The LAN is configured as shown in the diagram, with all switch ports up and assigned to the default VLAN (VLAN1). *Print these instructions and record your answers as you complete each step. When you are finished, read the feedback in the score report box to compare your answers. 1. Click Wrk1 to open the command prompt for the workstation. 2. On Wrk1, use the following ping commands to verify that Wrk1 can communicate with all other workstations through the switch: - ping 12.0.0.2 - ping 12.0.0.3 - ping 12.0.0.4 3. Click Switch to open the switch console. 4. Press Enter. 5. Use the following commands to enter configuration mode for the switch: - enable - configure terminal 6. Enter the vlan 12 command to create a new VLAN. 7. Enter the following commands to assign the FastEthernet 0/1 interface to VLAN 12: - interface fastethernet0/1 - switchport access vlan 12 8. Press Ctrl + Z to exit configuration mode on the switch. 9. Return to the Wrk1 window and ping each of the three other workstations. What happens? Why? 10 . On the switch, use the following commands to modify the VLAN membership of the FastEthernet 0/3 port: - configure terminal - interface fastethernet0/3 - switchport access vlan 12 11. Press Ctrl + Z to exit configuration mode on the switch. 12. From Wrk1, ping Wrk3. What happens? Why? In this lab, you should have completed the following tasks: 1. In step 2, you ping each of the other workstations connected to the switch. This test should succeed because all workstations are members of the same VLAN. 2. In step 9, a ping from Wrk1 to all other workstations fails because the port connecting Wrk1 to the switch is now in a different VLAN. Hosts can only communicate with other hosts that are connected to switch ports that are assigned to the same VLAN. 3. In step 12, a ping to Wrk3 succeeds because the switch port connecting that device is now associated with VLAN 12. Members of the same VLAN can communicate with each other.

Which of the following are reasons to configure VLANs on a switch as opposed to using switches without VLANs? (Select two.)

Increased number of broadcast domains Increased security Create VLANs to increase the number of broadcast domains and implement security. Each VLAN is in its own broadcast domain. Broadcast traffic within the VLAN goes only to the members of the VLAN. Members of one VLAN can only communicate with members in the same VLAN through the switch. A router or a Layer 3 switch is required to enable inter-VLAN communication. Using switches increases the number of collision domains because each switch port is its own collision domain. Using VLANs does not offer this additional advantage. Spanning tree lets you have loop-free redundant paths through a switched network. Broadcast traffic does not travel between routers.

6.2.2 Switch IP Configuration Facts

Keep in mind the following facts about IP addresses configured on switches: > Basic switches operate at Layer 2, so they are able to perform switching functions with no IP address configured. > A switch does not need to have an IP address configured unless you want to manage it with an in-band management utility such as SSH or a web-based interface. > Switch ports do not have IP addresses unless the switch performs Layer 3 switching, which is not supported on all switches. > The switch itself only has one active IP address. The IP address identifies the switch as a host on the network.

You are configuring a switch so that you can manage it using PuTTY from the same network segment as the switch. On the switch, you enter the following commands: switch#config terminal switch(config)#interface vlan 1 switch(config-if)#ip address 192.168.1.10 255.255.255.0 Will this configuration work?

No, the no shutdowncommand needs to be entered. By default, the Vlan1 interface is set to administratively down, preventing remote access. Use the following commands to configure the switch IP address and allow management: switch#config terminal switch(config)#interface vlan 1 switch(config-if)#ip address 192.168.1.10 255.255.255.0switch(config-if)#no shutdown Because the switch is being accessed from the same network segment, the ip default-gateway command doesn't need to be used. The ip address dhcp command only allows the switch to obtain an IP address using DHCP.

You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the same switch which is in VLAN 2. What should you configure so that the two devices can communicate?

Routing In a typical configuration with multiple VLANs and a single or multiple switches, workstations in one VLAN will not be able to communicate with workstations in other VLANs. To enable inter-VLAN communication, you will need to use a router (or a Layer 3 switch). Trunking is used to configure switch ports to carry VLAN traffic between switches or between a router and a switch. If you configured a single router to connect to the switch with a single physical interface, you would have to configure trunking on that interface in addition to routing. Trunking by itself would not enable the two devices to communicate. Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol runs on each switch and is used to select a single path between any two switches. Mirroring sends traffic from all switch ports to a switch port you designate as the mirrored port. Power over Ethernet (PoE) supplies power to end devices through the RJ45 Ethernet switch port.

A switch receives a frame addressed to the MAC address FF:FF:FF:FF:FF:FF. What will the switch do with the frame?

Send it out all ports except for the port it was received on. The MAC address FF:FF:FF:FF:FF:FF identifies the broadcast address, meaning all hosts on the subnet. Switches forward broadcast frames out all ports except for the port on which the frame was received.

Which of the following connectivity hardware is used to create a VLAN?

Switch Specialized switches are used to create virtual LANs. The switch must be capable of appending and reading VLAN IDs.

You want to reduce collisions by creating separate collision domains and virtual LANs. Which of the following devices should you choose?

Switch Use a switch to create additional collision domains on a LAN. A switch filters an entire network and creates virtual LANs inside it rather than dividing it into separate internetworks as a router does.

You can create a virtual LAN using which of the following?

Switch Use a switch to create virtual LANs (VLANs). The various ports on a switch can be assigned to a specific VLAN to create logically distinct networks on the same physical network topology. Routers, gateways, and hubs are common network devices, but they do not support the creation of VLANs.

When you configure VLANs on a switch, which of the following is used to identify a device's VLAN membership?

Switch port VLAN membership is configured by assigning a switch port to a VLAN. A switch can have multiple VLANs configured on it, but each switch port can only be a member of a single VLAN. All devices connected to a switch port are members of the same VLAN.

Shows interface trunking information with the following: Mode Encapsulation Trunking status VLAN assignments

Switch#show interface trunk Switch#show interface fa0/1 trunk

Assigns an interface to a VLAN.

Switch(config-if)#switchport access vlan [number]

Configures an interface as an access port, which disables trunking on the interface (if it was previously configured).

Switch(config-if)#switchport mode access

Enables trunking on the interface.

Switch(config-if)#switchport mode trunk

Defines which VLANs are allowed to communicate over the trunk.

Switch(config-if)#switchport trunk allowed vlan all Switch(config-if)#switchport trunk allowed vlan add [vlan_id]

Removes a VLAN from a trunk link.

Switch(config-if)#switchport trunk allowed vlan remove [vlan_id]

Sets the trunking protocol to 802.1Q.

Switch(config-if)#switchport trunk encapsulation dot1q

Allows the trunking protocol to be negotiated between switches.

Switch(config-if)#switchport trunk encapsulation negotiate

Configures the VLAN that sends and receives untagged traffic on the trunk port when the interface is in 802.1Q trunking mode.

Switch(config-if)#switchport trunk native vlan [vlan_id]

VLAN IDs

Switches use VLAN IDs to route VLAN traffic. VLAN IDs: > Are appended to the header of each frame. > Allow switches to identify which VLAN the frame belongs to. > Are used for inter-switch traffic. *VLAN IDs are only understood by switches. VLAN IDs are added and removed by switches, not the clients.

VLAN ID

Switches use VLAN identifications (IDs) to route VLAN traffic. VLAN IDs are appended to the header of each frame. In addition, VLAN IDs allow switches to identify which VLAN the frame belongs to and are used for inter-switch traffic.

Security Device Manager (SDM)

The Cisco SDM allows a web browser connection to the device using HTTPS. When connected, the SDM allows you to manage the security features and network connections through a web-based graphical user interface. This is an example of in-band management. Be aware of the following SDM settings: > 10.10.10.1 is the default IP address of the SDM. > The default value for both the username and password is cisco. *A new router may not be completely configured for an SDM connection, so you may need to make a console connection first.

Content Addressable Memory(CAM)

The Content Addressable Memory (CAM) table stores the relationship between the MAC addresses on the network and the switch port each one is connected to.

Example

The following commands create VLAN 12, name it IS_VLAN, identify port 0/12 as having only workstations attached to it, and assign the port to VLAN 12. switch#config tswitch(config)#vlan 12 switch(config-vlan)#name IS_VLAN switch(config-vlan)#interface fast 0/12 switch(config-if)#switchport access vlan 12

6.3.5 Switch Configuration Mode Facts

The following image illustrates some of the configuration modes available on a Cisco switch:

Cisco Switch Configuration Modes

The following table describes some of these configuration modes:

6.3.6 Switch Configuration Command List

The following table lists common switch configuration commands:

6.5.4 Trunking Command List

The following table lists important commands for configuring and monitoring trunking on a Cisco switch:

Which of the following are true regarding using multiple VLANs on a single switch? (Select two.)

The number of collision domains remains the same. The number of broadcast domains increases. When you configure multiple VLANs on a single switch, the number of broadcast domains increases. Each VLAN will be placed in its own broadcast domain. The number of collision domains remains the same. Each switch port is its own collision domain regardless of the number of VLANs configured on the switch.

Interface Configuration

The switch has multiple interface modes depending on the physical (or logical) interface type. For this course, you should be familiar with the following switch interface modes: > Ethernet (10 Mbps Ethernet) > FastEthernet (100 Mbps Ethernet) > GigabitEthernet (1 GB Ethernet) VLAN *The VLAN interface configuration mode is used to configure the switch IP address and for other management functions. It is a logical management interface configuration mode rather than the physical interface configuration modes used for the FastEthernet and GigabitEthernet ports. CLI Mode Prompt - Switch(config-if)#

6.4.4 VLAN Command List

To configure a simple VLAN, first create the VLAN, then assign ports to that VLAN. The following table shows common VLAN configuration commands: Command | Action - switch(config)#vlan [1-4094] switch(config-vlan)#name [unique_name] Defines a VLAN. GIve a VLAN a name *Naming the VLAN is optional. VLAN names must be unique. - switch(config)#no vlan [1-4094] Deletes a VLAN. *When you delete a VLAN, all ports assigned to the deleted VLAN remain associated with it and are, therefore, inactive. After a VLAN is deleted, you must reassign its ports to an appropriate VLAN. - switch(config-if)#switchport access vlan [1-4094] Assigns ports to the VLAN. If you assign a port to a VLAN that does not exist, the VLAN is created automatically. - switch#show vlan switch#show vlan brief Shows a list of VLANs on the system. - switch#show vlan id [1-4064] Shows information for a specific VLAN.

Configure the Switch IP Address

To configure the switch IP address, set the address on the VLAN interface (a logical interface defined on the switch to allow management functions). By default, the VLAN is VLAN 1. Use the following commands to configure the switch IP address: switch#config terminal switch(config)#interface vlan 1 switch(config-if)#ip address IP_address subnet_mask switch(config-if)#no shutdown

Enable Management From a Remote Network

To enable management from a remote network, configure the default gateway. Use the following command in global configuration mode: switch(config)#ip default-gateway IP_address *You can use the ip address dhcp command to configure a switch (or a router) to get its IP address from a DHCP server. The DHCP server can be configured to deliver the default gateway and DNS server addresses to the Cisco device as well. A manually configured default gateway address overrides any address received from the DHCP server. *You can use the show cdp neighbors detail command to displays detailed information about neighboring devices including network address, enabled protocols, hold time, and software version.

Router and Switch Connection

Use the following cable types to make the initial connection to the switch or router for device management:

System Management

Use the following options to manage a Cisco device:

You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. Which of the following should you use in this situation?

VLAN You should define virtual LANs (VLANs) on the switch. With a VLAN, a port on the switch is associated with a VLAN. Only devices connected to ports that are members of the same VLAN can communicate with each other. Routers are used to allow communication between VLANs if necessary. Use a virtual private network (VPN) to connect two hosts securely through an unsecured network (such as the internet). VPN tunneling protocols protect data as it travels through the unsecured network. Spanning tree is a switch feature that allows for redundant paths between switches. Port security is a method of requiring authentication before a network connection is allowed.

Your company is a small start-up that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?

VLAN You should define virtual LANs (VLANs) on the switch. With a VLAN, a port on the switch is associated with a VLAN. Only devices connected to ports that are members of the same VLAN can communicate with each other. Routers are used to allow communication between VLANs if necessary. Use virtual private network (VPN) to connect two hosts securely through an unsecured network (such as the internet). VPN tunneling protocols protect data as it travels through the unsecured network. Spanning tree is a switch feature that allows for redundant paths between switches. Port security is a method of requiring authentication before a network connection is allowed.

VTP

VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network. Trunking occurs when you configure VLANs that span multiple switches.

VLAN Configuration

VLAN configuration mode: > Allows you to configure a subset of VLAN features. > Does not apply changes until you save them, either before or while exiting the configuration mode. > Does not store changes in the regular switch configuration file. *For most modern Cisco switches, it is recommended that you configure VLAN parameters from config-vlan mode, as VLAN configuration mode is being deprecated (phased out). CLI Mode Prompt - Switch(vlan)#

You need to keep users in all other departments from accessing the servers used by the finance department. Which of the following technologies should you use to logically isolate the network?

VLANs A virtual LAN (VLAN) uses switch ports to define a broadcast domain. When you define a VLAN, you assign devices on different switch ports to a separate logical, or virtual, LAN. NIC teaming is used to combine two or more physical connections into one logical connection and does not isolate networks. While MAC filtering could be used to control access, it is easily bypassed by MAC spoofing. Subnetting is used to divide large networks into smaller networks. Subnetting can be used to isolate sensitive systems, but a subent is not as secure as a VLAN.

You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ45 ports connected to the switch. You want to allow visitors to plug into these ports to gain internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and internet access. Which feature should you implement?

VLANs Use VLANs to segregate hosts based on switch ports. You can define two VLANs, one for employees connected throughout the building, and another for the ports in the lobby. The ports in the lobby would have only internet access, while devices connected to ports in the rest of the building could communicate with other devices within the same VLAN. Use port authentication to control access to the network based on things such as username and password. Port authentication would allow or deny access, but would not restrict access once authenticated or provide any type of access if not authenticated. A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the internet). Network address translation (NAT) modifies the IP addresses in packets as they travel from one network (such as a private network) to another (such as the internet). NAT allows you to connect a private network to the internet without obtaining registered addresses for every host. Hosts on the private network share the registered IP addresses.

VLAN Switch Benefits

VLANs with switches offer many administrative benefits. You can: > Create virtual LANs based on criteria other than physical location (such as workgroup, protocol, or service). > Simplify device moves (devices are moved to new VLANs by modifying the port assignment). > Control broadcast traffic and create collision domains based on logical criteria. > Control security (isolate traffic within a VLAN). > Load-balance network traffic (divide traffic logically rather than physically). *VLANs are commonly used with Voice over IP (VoIP) to separate voice traffic from data traffic. Traffic on the voice VLAN can be given a higher priority to ensure timely delivery.

6.2.4 Configure Switch IP Settings

You are in the process of configuring the Branch1 switch. *Before you begin, use the show cdp neighbors detail command to find the IP address assigned to the FastEthernet0/0 interface on router SFO. This will be the default gateway address that you configure on the switch. Configure the default gateway in global configuration mode. Enter VLAN 1 interface mode to set the IP address. In this lab, your task is to complete the following: > Configure the switch with the following IP address: 192.168.11.250 with a mask of 255.255.255.0. > Configure the switch to use the SFO router as the default gateway. > Save your changes to the startup-config file. Complete this lab as follows: 1. Press Enter. 2. At the command prompt, enter: a. Branch1>enable b. Branch1#show cdp neighbors detail *Note the IP address for the SFO router. 3. At the command prompt, enter: a. Branch1#configure terminal b. Branch1(config)#interface vlan1 c. Branch1(config-if)#ip address 192.168.11.250 255.255.255.0 d. Branch1(config-if)#exit e. Branch1(config)#ip default-gateway 192.168.11.254 f. Branch1(config)#exit g. Branch1#copy run start 4. Press Enter. 5. Press Enter to save your changes.

6.3.7 Configure Switch Ports

You are in the process of configuring the switch ports on the Branch1 switch. Devices are currently attached to the switch as shown in the diagram. In this lab, your task is to complete the following: > You will be adding an older server to switch port Fa0/6 that uses 10BaseT Ethernet. Manually configure the switch port to use 10 Mbps. Use the speed command to manually set the port speed. > You will be adding a hub to switch port Fa0/7 that will be used for a lab for developers. Manually configure the switch port to use half-duplex communications. Use the duplex command to set the duplex. > Make sure that ports Fa0/6 and Fa0/7 are enabled and can be used. Be aware that you have not yet connected devices to those ports. > Disable all unused interfaces using the shutdown command. - Fa0/4 and Fa0/5 - Fa0/8 through Fa0/23 - Gi0/1 and Gi0/2 *Use the interface range command to enter configuration mode for multiple ports at a time. > Verify that all remaining ports being used are enabled and configured to automatically detect speed and duplex settings. Use the show interface status command to check the configuration of all ports from a single list. Use this output to verify that all other ports have the correct speed, duplex, and shutdown settings. Modify the configuration to correct any problems you find. When you are finished, all ports should have the following settings: Interfaces | Status | Duplex | Speed | FastEthernet0/1-3 FastEthernet0/24 | Not Shut Down | Auto | Auto FastEthernet0/6 | Not Shut Down | Auto | 10 Mbps FastEthernet0/7 | Not Shut Down | Half | Auto FastEthernet0/4-5 FastEthernet0/8-23 GigabitEthernet0/1-2 | Administratively Down | Half | Auto *Use the necessary show commands to review the existing configuration and correct any problems that you find. *Save your changes to the startup-config file. In this lab, you should have completed the following: 1. You will be adding an older server to switch port Fa0/6 that uses 10BaseT Ethernet. Manually configure the switch port to use 10 Mbps. 2. You will be adding a hub to switch port Fa0/7 that will be used for a lab for developers. Manually configure the switch port to use half-duplex communications. 3. Make sure that ports Fa0/6 and Fa0/7 are enabled and can be used. Be aware that you have not yet connected devices to those ports. 4. Disable all unused interfaces: a. Fa0/4 and Fa0/5 b. Fa0/8 through Fa0/23 c. Gi0/1 and Gi0/2 5. Verify that all remaining ports that are in use are configured to automatically detect speed and duplex settings and are enabled. 6. Save your changes to the startup-config file. 7. Do the following: a. Press Enter. b. At the prompt, enter: Branch1>enable Branch1#configure terminal Branch1(config)#interface FastEthernet0/6 Branch1(config-if)#speed 10 Branch1(config-if)#interface FastEthernet0/7 Branch1(config-if)#duplex half Branch1(config-if)#interface range FastEthernet0/4-5, FastEthernet0/8-23, GigabitEthernet0/1-2 Branch1(config-if-range)#shutdown 8. Press Ctrl + Z. 9. At the prompt, enter: Branch1#show interface status 10. Verify the port configuration of all ports, and then use the necessary commands to correct any problems you find. For example, notice that Fa0/24 is administratively down. Also notice that Fa0/2 is not configured to use auto speed and Fa/03 is not configured to use auto duplex. 11. At the prompt, enter: Branch1#configure terminal Branch1(config)#interface FastEthernet0/24 Branch1(config-if)#no shutdown Branch1(config-if)#interface FastEthernet0/2 Branch1(config-if)#speed auto Branch1(config-if)#interface FastEthernet0/3 Branch1(config-if)#duplex auto 12. Press Ctrl + Z. 13. Run show interface status again to verify your configuration changes. 14. At the prompt, enter: Branch1#copy run start 15. Press Enter. 16. Press Enter to save your changes.

6.4.5 Create VLANs

You have installed a new switch with connected workstations, as shown in the diagram. You would like to use VLANs to create workgroups based on job function. In this lab, your task is to complete the following: > Create the following VLANs and assign port membership as follows: N/A > Save your changes to the startup-config file when you are finished. *By default, VLAN 1 exists, and all ports are members of that VLAN. You do not need to assign membership for these switch ports. Complete the following to create a VLAN and assign members to the VLAN: 1. Select the switch. 2. Press Enter. 3. Enter at the prompt: Bldg2>enable Bldg2#configure terminal Bldg2(config)#vlan 7 Bldg2(config-vlan)#name Accounting Bldg2(config-vlan)#interface range fa0/4 - 5 Bldg2(config-if-range)#switchport access vlan 7 4. Press Ctrl + Z. 5. Repeat step 2 to create additional VLANs and assign members. 6. When you are finished, use the copy run start command in EXEC mode to save the changes. 7. Press Enter. 8. Press Enter to save your changes. *By default, VLAN 1 exists, and all ports are members of that VLAN. You do not need to assign membership for these switch ports.

6.1.3 Device Connection Facts

You must configure an enterprise network switch before you implement it. An unmanaged switch is a low-end switches available from many retail stores. To implement an unmanaged switch, plug it into a power outlet and connect your network devices with UTP cables. While unmanaged switches are convenient and easy to implement, they lack many of the advanced management and security features available. It is preferable to use a managed switch instead. A managed switch is a switch that must be configured before you can use it.

6.2.3 Configure Management VLAN Settings

You recently installed a new switch. In the future, you would like to manage the switch from a remote location. To remotely manage the switch, complete the following configuration tasks: > Configure the VLAN 1 interface with the IP address 192.168.11.250 and a mask of 255.255.255.0. > Configure the switch to use 192.168.11.254 as the default gateway. > Save your changes to the startup-config file. *Use the show run command to verify the configurations. Complete the following to set the switch IP address: 1. Select Switch. 2. Press Enter. 3. At the prompt, enter: a. Switch>enable b. Switch#configure terminal c. Switch(config)#interface Vlan1 d. Switch(config-if)#ip address 192.168.11.250 255.255.255.0 e. Switch(config-if)#exit f. Switch(config)#ip default-gateway 192.168.11.254 g. Switch(config)#exit h. Switch#copy run start 4. Press Enter. 5. Press Enter to save your changes.

6.5.5 Configure Trunking

Your network currently has a single switch, as shown in the diagram. You are getting ready to add additional switches, and you need to manually configure trunking on the interfaces where switches will be attached. In this lab, your task is to complete the following: > Manually designate the following ports as trunk ports: Fa0/8, Fa0/23, Fa0/24, Gi0/1, and Gi0/2. > For each trunk port, remove the current VLAN assignment, making each port a member of VLAN 1. > Manually configure all remaining ports as access ports. > Save your changes to the startup-config file. *Use the switchport mode trunk command to configure a port as a trunk port and the switchport mode access command to identify the port as an access port. Complete this lab as follows: 1. Press Enter 2. At the prompt Enter: Bldg2>ena Bldg2#conf t Bldg2(config)#int range fa0/8 , fa0/23 - 24 , gi0/1 - 2 Bldg2(config-if-range)#switchport mode trunk Bldg2(config-if-range)#no switchport access vlan Bldg2(config-if-range)#int range fa0/1 - 7 , fa0/9 - 22 Bldg2(config-if-range)#switchport mode access 3. Press Ctrl + Z. 4. At the prompt, enter: Bldg2#copy run start 5. Press Enter. 6. Press Enter to save your changes.

6.5.8 Configure Allowed VLANs

Your network has two Distribution layer switches, SwitchA and SwitchB, connected through trunk ports on each of their respective Gi 0/1 interfaces. In addition, you recently connected an Access layer switch to the network, SwitchC. SwitchC has several workstations and a server belonging to VLAN 20. Because the resources on VLAN 20 are exclusive to the local workstations, you need to restrict VLAN 20's traffic from passing though the network on the trunk ports of SwitchC. In this lab, your task is to complete the following: > Remove only VLAN 20 from the allowed VLANs on SwitchC's GigabitEthernet 0/1 and GigabitEthernet 0/2 interfaces. > Save your changes to the startup-config file. *After you configure SwitchC, use the show run command or the show interfaces trunk command to confirm that the VLAN is not permitted to communicate over the trunk ports. Complete this lab as follows: 1. Press Enter. 2. At the prompt, enter: SwitchC>ena SwitchC#conf t SwitchC(config)#int range gi0/1 - 2 SwitchC(config-if-range)#switchport trunk allowed vlan remove 20 3. Press Ctrl + Z. 4. At the prompt, enter: SwitchC#copy run start 5. Press Enter. 6. Press Enter to save your changes.

6.5.7 Configure the Native VLAN

Your network has two distribution-layer switches, SwitchA and SwitchB, connected through trunk ports on each of their respective Gi0/1 interfaces. In addition, you recently connected an Access layer switch to the network, SwitchC. Each switch is forwarding the network's traffic for VLANs 10 and 110 using 802.1Q encapsulation. You need to change the native VLAN from the default to VLAN 10 for each trunk link. With 802.1Q trunking, frames from the native VLAN are not tagged. Frames from all other VLANs are tagged. > If the native VLAN on one end of the trunk is different from the native VLAN on the other end, the traffic of the native VLANs on both sides cannot be transmitted on the trunk correctly. > The native VLAN is VLAN 1 by default, but may be configured. In this lab, your task is to complete the following: > On each switch, change the native VLAN from its default to VLAN 10 for each trunk port. > Save changes to the startup-config file for each switch. *Use the show interfaces trunk command on each switch to verify the configuration. Complete the following on each switch: 1. Select the switch. 2. Press Enter. 3. At the prompt, enter: SwitchA>ena SwitchA#conf t SwitchA(config)#int range gi 0/1 - 2 SwitchA(config-if-range)#switchport trunk native vlan 10 4. Press Ctrl + Z. 5.At the prompt, enter: SwitchC#copy run start 6. Press Enter. 7. Press Enter to save your changes. 8. Repeat steps 1-7 for each switch.

Which command would you use on a switch to enable management from a remote network?

ip default-gateway 192.168.10.185 To enable management from a remote network, configure the default gateway. Use the following command in global configuration mode: switch(config)#ip default-gateway IP_address

Shows the interface status of all ports.

switch#show interface status

Shows the line and protocol status of all ports.

switch#show ip interface brief

Moves to interface configuration mode.

switch(config)#interface FastEthernet 0/14 switch(config)#interface GigabitEthernet 0/1

Moves to configuration mode for a range of interfaces.

switch(config)#interface range fastethernet 0/14 - 24 switch(config)#interface range gigabitethernet 0/1 - 4 switch(config)#interface range fa 0/1 - 4 , 7 - 10 switch(config)#interface range fa 0/8 - 9 , gi 0/1 - 2

Sets the duplex mode on the interface.

switch(config-if)#duplex half switch(config-if)#duplex full switch(config-if)#duplex auto

Enables or disables the interface.

switch(config-if)#no shutdown switch(config-if)#shutdown

Sets the port speed on the interface.

switch(config-if)#speed 10 switch(config-if)#speed 100 switch(config-if)#speed 1000 switch(config-if)#speed auto


Ensembles d'études connexes

Bcom 3950 Logical Fallacies/Logical Inconsistencies and Positive Writing

View Set

Corporate Finance MGMT 332 Chapter 6

View Set

Taxes retirement and other insurance concepts

View Set

Ch 15 Infectious or Communicable Disorder

View Set

Financial Accounting - Chapter 13: Statement of Cash Flows

View Set

Art History Survey 2 - Final Exam

View Set

Introduction to Physical Security PY011.16 (26 Aug 2021)

View Set

emt exam 3, chapter 29-35, emt basic

View Set