ch 3 intermediary devices
forwarding rate
combined data rate of all switch ports
switch port
comes with name, MAC address, and wire speed several speeds can dynamically adjust their speeds through auto negotiation
intrusion prevention system
detect possible attacks mainly from outside and prevent them from affecting internal network
collision domain 4
formed by an AP, associated computers, and its connection link to switch port
collision domain 1 (CD 1)
formed by connection between an end node and a switch port
collision domain 2 (CD 2)
formed by link between two switch ports or between switch port and router port
DHCP server
provision of dynamic (temporary) IP addresses to requesting client stations
Hubs (Multi-Port Repeaters)
purely physical layer, intended for simple relay functions
power over ethernet
switch uses ethernet LAN cables to transmit data and supply power with PoE, planning and deployment of network nodes becomes more flexible
store-and-forward vs cut-through switches
switch waits/not wait until entire frame becomes available for forwarding
switch learning
table entries can be dynamically added to the table through switchs own learning capability
layer 2 vs layer 3 switches
traditional is layer 2. layer 3 can be flexibly configured either as a layer 2 switch port or as a router port
APR
mapping between MAC and IP addresses table maintained on hosts and routers
router components
CPU memory (ROM, RAM, non volatile flash) operating system system bus that transports data various ports (interfaces)
media access control (MAC) hubs
CSMA/CD
wire speed
max data rate of switch port
collision domain divider
switch port
router port
MAC and IP address paired
aggregate throughput
actual data rate that can be pushed through switch at any moment
blocking
aggregate throughput is less than forwarding rate (most switches)
non blocking
aggregate throughput of switch matches its forwarding rate
which intermediary devices have an OS?
all except for physical layer devices
symmetric vs assymetric switches
all ports of switch use same or different delivery speeds
non-managed vs managed switch
allow modification of switch configuration
principle of network design
avoid formation of collision domains as they negatively affect network performance create smaller collision domains
filtering with bridges
based on MAC address of every frame uses bridge table for decision cuts down unnecessary traffic flows switches now dominate LAN
how is the OS accessible in intermediary devices? what features does it have
command line interface and or graphical user interface through console port or regular LAN/WAN port features to support networking functions, small size and stored in non volatile flash mem for fast boot up
collision domain 3 (CD 3)
computers connected to switch port through a hub
what do intermediary devices do?
conduct encapsulation/de-encapsulation to forward application layer data
LAN port
configured with pair of MAC and IP addresses
built in ports
considered to be in slot 0
network address translation
conversion between internally used private IP addresses and externally shown public ones
how are switching and routing different
data link vs internet layer intra vs internetworking subnet vs internet boundary connection vs connection-less oriented single deliv path (switching) vs multiple
entries on switch table
destination MAC address (host) exit ports (one or more host MAC addresses) address types VLAN have aging time
speeds of switch ports
ethernet (10Mbps) fast ethernet (100Mbps) Gigabit ethernet(1000 Mbps)
security auditing
examines current router setup, detects potential vulnerabilities and recommends configuration changes
access control list
filter inbound and outbound packets
operational layers
intermediary devices mainly operate below the transport layer internet (routers, layer 3 switches) data link (bluetooth, switches) physical (hubs)
bridges and wireless access points
layer 2 devices to divide network into smaller segments either transparent or nontransparent (translational)
connection oriented
logical delivery path between two nodes is predetermined
port mirroring
managed switches come with mirror port for network management some or all reg frames can be copied to mirror port for monitoring
address resolution protocol
moving application data across subnetworks requires that switching and routing go hand in hand
what causes collisions
multiple outstanding frames from different sources
WAN port
needs only IP address
collision domain
network segment within which only a single node is allowed to transmit data at a time
translational
network segs running on diff standards (wifi access points)
transparent
network segs running on same standards
port density
number of ports available on switch
general features of switch
one input port-to-one output port connectivity - eliminates frame collisions collision detection function built in hosts HIC is not activated simultaneous formation of multiple data links - each transmits in full duplex mode
layer 2 switch port
only MAC address assigned
shared media (hubs)
only single host can release frame at a time
what do access points do
perform frame conversion to bridge LAN segments
routers primary functions
routing table development and its update packet forwarding decision
virtual private network
secure WAN connections between two remote locations over the Internet
safeguarding switchports
use managed switches allow only legit MAC addresses on a port manually shutdown unused ports prevent footprinting/reconnaissance (gathering data on network environment) prevent MAC address flooding - denial of service attack
security (hubs)
vulnerable to NIC's promiscous mode - copies all arriving frames and processes them
