Switching

From Network Security Wiki
Jump to navigation Jump to search


Basics

Differences between Hub, Bridge, Switch and Router

Hub
  • A Hub is the simplest of these devices.
  • In general, a hub is the central part of a wheel where the spokes come together.
  • Hubs cannot filter data so data packets are sent to all connected devices/computers and do not have intelligence to find out best path for data packets.
  • This leads to inefficiencies and wastage.
  • As a network product, a hub may include a group of modem cards for dial-in users, a gateway card for connections to a local area network (for example, an Ethernet or a token ring), and a connection to a line.
  • Hubs are used on small networks where data transmission is not very high.
Bridge
  • In telecommunication networks, a bridge is a product that connects a local area network (LAN) to another local area network that uses the same protocol.
  • Having a single incoming and outgoing port and filters traffic on the LAN by looking at the MAC address, bridge is more complex than hub.
  • Bridge looks at the destination of the packet before forwarding unlike a hub.
  • It restricts transmission on other LAN segment if destination is not found.
  • A bridge works at the data-link (physical network) level of a network, copying a data frame from one network to the next network along the communications path.bridge vs router


Switch
  • A switch when compared to bridge has multiple ports.
  • Switches can perform error checking before forwarding data, which are very efficient by not forwarding packets that error-end out or forwarding good packets selectively to correct devices only.
  • Switches can support both layer 2 (based on MAC Address) and layer 3 (Based on IP address) depending on the type of switch.
  • Usually large networks use switches instead of hubs to connect computers within the same subnet.
Router
  • A router, like a switch forwards packets based on address. Usually, routers use the IP address to forward packets, which allows the network to go across different protocols.
  • Routers forward packets based on software while a switch (Layer 3 for example) forwards using hardware called ASIC (Application Specific Integrated Circuits).
  • Routers support different WAN technologies but switches do not.
  • Besides, wireless routers have access point built in.
  • The most common home use for routers is to share a broadband Internet connection.
  • As the router has a public IP address which is shared with the network, when data comes through the router, it is forwarded to the correct computer.


VLAN

   Paste.png     This section is under construction.
Access Port
   Paste.png     This section is under construction.
Trunk Port
   Paste.png     This section is under construction.
VTP

Source: firewall.cx

  • When a new VLAN is created and configured on a switch without the VTP protocol enabled, this must be manually replicated to all switches on the network so they are all aware of the newly created VLAN.
  • This means that the administrator must configure each switch separately, a task that requires a lot of time and adds a considerable amount of overhead depending on the size of the network.
  • With the VTP protocol configured, the changes on the VTP server switch will get replicated across the network itself.
  • This will also ensure these changes are magically propagated to all other switches.
  • VTP information can traverse only through a trunk Link.


VTP Modes
  • VTP Server mode
The default mode for all switches supporting VTP. 
You can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version) for the entire VTP domain.
VTP servers advertise their VLAN configurations to other switches in the same VTP domain and synchronize their VLAN configurations with other switches based on advertisements received over trunk links.
VLAN configurations are saved in NVRAM.
  • VTP Client mode
Behaves like a VTP server, but you cannot create, change, or delete VLANs on a VTP client.
VLAN configurations are saved in NVRAM.
  • VTP Transparent mode
Does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. 
However, they will forward VTP advertisements as they are received from other switches.
You can create, modify, and delete VLANs on a switch in VTP transparent mode. 
VLAN configurations are saved in NVRAM, but they are not advertised to other switches.

STP

  • STP Port States:
    • Blocking - A port that would cause a switching loop if it were active. No user data is sent or received over a blocking port, but it may go into forwarding mode if the other links in use fail and the spanning tree algorithm determines the port may transition to the forwarding state. BPDU data is still received in blocking state. Prevents the use of looped paths.
    • Listening - The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state. It does not populate the MAC address table and it does not forward frames.
    • Learning - While the port does not yet forward frames it does learn source addresses from frames received and adds them to the filtering database (switching database). It populates the MAC Address table, but does not forward frames.
    • Forwarding - A port receiving and sending data, normal operation. STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop.
    • Disabled - Not strictly part of STP, a network administrator can manually disable a port


  • RSTP Port Roles:
    • Root - A forwarding port that is the best port from non-root bridge to root bridge
    • Designated - A forwarding port for every LAN segment
    • Alternate - An alternate path to the root bridge. This path is different from using the root port
    • Backup - A backup/redundant path to a segment where another bridge port already connects
    • Disabled - Not strictly part of STP, a network administrator can manually disable a port


  • RSTP Port States:
    • Disabled - Interface is administratively shut down or disabled.
    • Discarding - No user data is sent over the port
    • Learning - The port is not forwarding frames yet, but is populating its MAC-address-table
    • Forwarding - The port is fully operational


  • STP Enhancements:
   Paste.png     This section is under construction.
  • PortFast -
  • UplinkFast -
  • BackboneFast -
  • STP Types:
   Paste.png     This section is under construction.


  • What is Etherchannel? What are the protocols used?
   Paste.png     This section is under construction.
  • What is behaviour of STP in Etherchannel?
   Paste.png     This section is under construction.

Root Bridge Election

Source: firewall.cx

   Paste.png     This section is under construction.

Native VLAN

   Ambox notice.png     This section is incomplete and may be incorrect.
  • The VLAN that untagged traffic received on a trunk port will be forwarded to.
  • Assume that trunk port carrying VLANs 10, 11, and 12.
  • VLAN 10 is set as the native VLAN.
  • Any frame received on that port with an explicit tag will go into the corresponding VLAN.
  • Any frame that has no tag will be put into VLAN 10 since that's defined as the native VLAN.
  • This is used in case you are connecting a PC via IP Phone to a Switch.

ARP vs MAC Table

ARP Table MAC Table (or CAM Table)
IP to MAC resolution MAC to Port binding
Needed to forward L3 packets Used to Switch frames
Kept by L3 devices Kept only by L2 devices
If no entry for dest IP's MAC address, machine will send ARP request If no entry, switch will flood the frame
Default timeout is 4 hours Default timeout is 5 minutes
Filled by each ARP reply Filled by source MAC of each frame passing through switch
  • A switch with Management VLAN assigned with IP address will have a ARP Table.
  • Router with a Switching module will have a MAC Table.

CAM vs TCAM Table

   Paste.png     This section is under construction.

Source: community.cisco.com

CAM
  • CAM tables provide only two results: 0 (true) or 1 (false).
  • CAM is most useful for building tables that search on exact matches such as MAC address tables.
  • The CAM table is the primary table used to make Layer 2 forwarding decisions.
  • In the case of Layer 2 switching tables, the switch must find an exact match to a destination MAC address or the switch floods the packet out all ports in the VLAN.
TCAM
  • TCAM provides three results: 0, 1, and "don't care."
  • TCAM is most useful for building tables for searching on longest matches such as IP routing tables organized by IP prefixes.
  • The TCAM table stores ACL, QoS and other information generally associated with upper-layer processing.
  • As a result of using TCAM, applying ACLs does not affect the performance of the switch.

Unicast Flooding

  • Flooding occurs when the switch do not have destination mac-address in MAC Table
- not learnt that mac address
- entry expired & got flushed away
  • To ensure the frame reaches its intended destination, the switch will replicate that frame out of all ports, less the port where the frame was received.
  • By default, each mac-address table entry has a timeout timer of 5 minutes
  • This timer gets reset as relevant frames keep coming into the relevant port



blog comments powered by Disqus