When an incoming data frame is received by a switch and the destination MAC address is not in the table, the

switch forwards the frame out all ports, except for the port on which it was received. When the destination node responds, the switch records the node's MAC address in the address table from the frame's source address field. A major disadvantage of Ethernet 802.3 networks is collisions the number of nodes sharing the Ethernet network will have effect on the throughput or productivity of the network. The network area where frames originate and collide is called the collision domain When a host is connected to a switch port, the switch creates a dedicated connection, a traffic is kept separate from all other traffic, For example, if a 12-port switch has a device connected to each port, 12 collision domains are created. Switches reduce collisions and improve bandwidth use on network segments because they provide dedicated bandwidth to each network segment. Switches=do not filter broadcast frames Routers and VLANs are used to segment both collision and broadcast domains Latency is the time a frame or a packet takes to travel from the source station to the final destination. if three properly configured switches separate two computers, the computers may experience less latency than if two properly configured routers separated them. This is because routers conduct more complex and time-intensive functions Switch features such as port-based memory buffering, port level QoS, and congestion management, also help to reduce network latency. the most common causes of network congestion: y y y Increasingly powerful computer and network technologies sincethey send more data at higher rates through the network Increasing volume of network traffic High-bandwidth applications

Bridges are generally used to segment a LAN into a couple of smaller segments. Switches are generally used to segment a large LAN into many smaller segments. The use of higher layer devices can also increase latency on a network.

A core level switch supporting 48 ports, running at 1000 Mb/s full duplex requires 96 Gb/s internal throughput if it is to maintain full wirespeed across all ports simultaneously. To reduce the bottleneck, additional network cards can be installed, which increases the total bandwidth the server is capable of receiving. switches used one of the following forwarding method: store-and-forward or cut-through switching. In store-and-forward switching, when the switch receives the frame, it stores the data in buffers until the complete frame has been received. During the storage process, the switch analyzes the frame for information about its destination. In this process, the switch also performs an error check using the Cyclic Redundancy Check (CRC) trailer portion of the Ethernet frame. When an error is detected in a frame, the switch discards the frame. Store-and-forward switching is required for Quality of Service (QoS) analysis on converged networks store-and-forward is the sole forwarding method used on current models of Cisco voice over IP data streams need to have priority over web-browsing traffic. In cut-through switching =forward a frame before it is entirely recived. At minimum the destination address of the frame must be read before frame can be forwarded, faster than store-and-forward switching, because the switch does not perform any error checking, it forwards corrupt frames throughout the network. The corrupt frames consume bandwidth . The destination NIC eventually discards the corrupt frames. two variants of cut-through switching: Fast-forward switching: In fragment-free switching:the switch stores the first 64 bytes of the frame before forwarding, a compromise between store-and-forward switching and cut-through switching Symmetric switch =all ports are of the same bandwidth, such as all 100 Mb/s ports, reasonably distributed traffic load such as in a peer-to-peer desktop environment. Asymmetric switch=enables more bandwidth to be dedicated to a server switch port to prevent a bottleneck, most current switch are Asymmetric switch Port-based memory=frames are stored in queues Shared memory=deposits all frames into a common memory buffer, which all the ports on the switch share. A Layer 2 switch is completely transparent to network protocols and user applications

Instead of only learning which MAC addresses are associated with each of its ports, a Layer 3 switch can also learn which IP addresses are associated with its interfaces.

A Routers unlike Layer 3 switch can establishing remote access connections to remote networks and devices and has WAN interface card , support advanced routing protocol Layer 3 Switch unlike router has the capability of wired speed routing Modern switch =low latency, preferred if they are store and forward Network Assistant= PC-based GUI network management application The CiscoView device-management application displays a physical view of the switch that you can use to set configuration parameters and to view switch status and performance information Word help: no space between command and question mark (?). Command syntax help: there is space between command and question mark (?). By default, command history is enabled, and the system records the last 10 command lines in its history buffer. show history command to view recently entered EXEC commands. terminal no history= the device no longer retains any previously entered command lines for the current terminal session terminal no history size= To revert the terminal history size back to its default value of 10 lines terminal history= can be run from either user or privileged EXEC mode. The boot loader is a small program stored in NVRAM and is run when the switch is first turned on. Only the management VLAN has an interface VLAN associated with it. When the auto-MDIX feature is enabled, you can use either a crossover or a straight-through cable for connections to a copper 10/100/1000 port on the switch The MAC address table was previously referred to as content addressable memory (CAM) or as the CAM table. MAC tables include dynamic and static addresses. Dynamic addresses are source MAC addresses that the switch learns and then ages when they are not in use. The default time is 300 seconds. mac-address-table static= To create a static mapping in the MAC address vs interface

the running configuration is saved in DRAM copy startup-config flash:filename= to maintain multiple different startup-config files, Storing multiple startup-config versions allows you to roll back to a point in time if your configuration has problems. You cannot reload from a virtual terminal if the switch is not set up for automatic booting copy startup run= this command does not entirely overwrite the running configuration; it only adds existing commands from the startup configuration to the running configuration The reload command halts the system. copy flash:config.bak1 startup-config->reload = to restore a file(config.bak1) from flash to NVRAM erase nvram: or the erase startup-config= To clear the contents of startup configuration no enable password and the no enable secret= Remove EXEC Mode Password no service password-encryption= remove the requirement to store all system passwords in an encrypted format The encryption standard used by the service password-encryption command is referred to as type 7 banner login = prompts before the username and password login no banner motd = To remove the MOTD banner to re-enable Telnet =transport input telnet or transport input all By permitting all transport protocols, you still permit SSH access to the switch as well as Telnet access. SSH supports the Data Encryption Standard (DES) algorithm, the Triple DES (3DES) algorithm, and password-based user authentication MAC Address Flooding = If the MAC address does not exist, the switch acts like a hub and forwards the frame out every port on the switch sometimes referred to as MAC address table overflow DHCP Spoof attacking 1) An attacker activates a DHCP server on a network segment. 2) The client broadcasts a request for DHCP configuration information. 3) The rogue DHCP server responds before the legitimate DHCP server can respond, assigning attackerdefined IP configuration information. 4) Host packets are redirected to the attacker s address as it emulates a default gateway for the erroneous DHCP address provided to the client.

DHCP snooping allows the configuration of ports as trusted or untrusted. Trusted ports can send DHCP requests and acknowledgements. Untrusted ports can forward only DHCP requests.

ip dhcp snooping vlan int f0/0 ip dhcp snooping trust CDP messages are not encrypted. By default, most Cisco routers and switches have CDP enabled. is a Layer 2 protocol, it is recommended that you disable the use of CDP on devices that do not need to use it. Type of telnet attack y y Brute Force Password Attack= the attacker using a list of common passwords and a program designed to try to establish a Telnet session using each word on the dictionary list. DoS Attack= solun is update to newest cisco IOS version

Given enough time, a brute force password attack can crack almost all passwords used, soln is to change your passwords frequently and use strong passwords, limit who can communicate with the vty lines Common features of a modern network security tool y y y y Service identification Support of SSL services Non-destructive and destructive testing: Database of vulnerabilities:

Secure MAC Address Types Static secure MAC addresses: Dynamic secure MAC addresses: MAC addresses are dynamically learned and stored only in the address table. MAC addresses configured in this way are removed when the switch restarts Sticky secure MAC addresses: Restrict , protect and shutdown = all don t forward and don t display error messages