ch 3 intermediary devices

forwarding rate

combined data rate of all switch ports

switch port

comes with name, MAC address, and wire speed several speeds can dynamically adjust their speeds through auto negotiation

intrusion prevention system

detect possible attacks mainly from outside and prevent them from affecting internal network

collision domain 4

formed by an AP, associated computers, and its connection link to switch port

collision domain 1 (CD 1)

formed by connection between an end node and a switch port

collision domain 2 (CD 2)

formed by link between two switch ports or between switch port and router port

DHCP server

provision of dynamic (temporary) IP addresses to requesting client stations

Hubs (Multi-Port Repeaters)

purely physical layer, intended for simple relay functions

power over ethernet

switch uses ethernet LAN cables to transmit data and supply power with PoE, planning and deployment of network nodes becomes more flexible

store-and-forward vs cut-through switches

switch waits/not wait until entire frame becomes available for forwarding

switch learning

table entries can be dynamically added to the table through switchs own learning capability

layer 2 vs layer 3 switches

traditional is layer 2. layer 3 can be flexibly configured either as a layer 2 switch port or as a router port

APR

mapping between MAC and IP addresses table maintained on hosts and routers

router components

CPU memory (ROM, RAM, non volatile flash) operating system system bus that transports data various ports (interfaces)

media access control (MAC) hubs

CSMA/CD

wire speed

max data rate of switch port

collision domain divider

switch port

router port

MAC and IP address paired

aggregate throughput

actual data rate that can be pushed through switch at any moment

blocking

aggregate throughput is less than forwarding rate (most switches)

non blocking

aggregate throughput of switch matches its forwarding rate

which intermediary devices have an OS?

all except for physical layer devices

symmetric vs assymetric switches

all ports of switch use same or different delivery speeds

non-managed vs managed switch

allow modification of switch configuration

principle of network design

avoid formation of collision domains as they negatively affect network performance create smaller collision domains

filtering with bridges

based on MAC address of every frame uses bridge table for decision cuts down unnecessary traffic flows switches now dominate LAN

how is the OS accessible in intermediary devices? what features does it have

command line interface and or graphical user interface through console port or regular LAN/WAN port features to support networking functions, small size and stored in non volatile flash mem for fast boot up

collision domain 3 (CD 3)

computers connected to switch port through a hub

what do intermediary devices do?

conduct encapsulation/de-encapsulation to forward application layer data

LAN port

configured with pair of MAC and IP addresses

built in ports

considered to be in slot 0

network address translation

conversion between internally used private IP addresses and externally shown public ones

how are switching and routing different

data link vs internet layer intra vs internetworking subnet vs internet boundary connection vs connection-less oriented single deliv path (switching) vs multiple

entries on switch table

destination MAC address (host) exit ports (one or more host MAC addresses) address types VLAN have aging time

speeds of switch ports

ethernet (10Mbps) fast ethernet (100Mbps) Gigabit ethernet(1000 Mbps)

security auditing

examines current router setup, detects potential vulnerabilities and recommends configuration changes

access control list

filter inbound and outbound packets

operational layers

intermediary devices mainly operate below the transport layer internet (routers, layer 3 switches) data link (bluetooth, switches) physical (hubs)

bridges and wireless access points

layer 2 devices to divide network into smaller segments either transparent or nontransparent (translational)

connection oriented

logical delivery path between two nodes is predetermined

port mirroring

managed switches come with mirror port for network management some or all reg frames can be copied to mirror port for monitoring

address resolution protocol

moving application data across subnetworks requires that switching and routing go hand in hand

what causes collisions

multiple outstanding frames from different sources

WAN port

needs only IP address

collision domain

network segment within which only a single node is allowed to transmit data at a time

translational

network segs running on diff standards (wifi access points)

transparent

network segs running on same standards

port density

number of ports available on switch

general features of switch

one input port-to-one output port connectivity - eliminates frame collisions collision detection function built in hosts HIC is not activated simultaneous formation of multiple data links - each transmits in full duplex mode

layer 2 switch port

only MAC address assigned

shared media (hubs)

only single host can release frame at a time

what do access points do

perform frame conversion to bridge LAN segments

routers primary functions

routing table development and its update packet forwarding decision

virtual private network

secure WAN connections between two remote locations over the Internet

safeguarding switchports

use managed switches allow only legit MAC addresses on a port manually shutdown unused ports prevent footprinting/reconnaissance (gathering data on network environment) prevent MAC address flooding - denial of service attack

security (hubs)

vulnerable to NIC's promiscous mode - copies all arriving frames and processes them