Scribd Logo
Upload

Welcome to Scribd!

  • 2 ACNunit2 - Partial

    Uploaded by

    Vikas Srivastav
    12 views34 pages
    Layer 2 switches segment networks into collision domains and interconnect devices within a workgroup. They learn MAC addresses and store them in address tables to forward traffic efficiently. Layer 3 switches perform the same functions as routers but can improve performance by implementing some routing functions in hardware. Multilayer switches can perform Layer 2, 3, and 4 switching based on protocol and port numbers to prioritize traffic.

    Original Description:

    Original Title

    2 ACNunit2_partial

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Layer 2 switches segment networks into collision domains and interconnect devices within a workgroup. They learn MAC addresses and store them in address tables to forward traffic efficiently. Layer 3 switches perform the same functions as routers but can improve performance by implementing some routing functions in hardware. Multilayer switches can perform Layer 2, 3, and 4 switching based on protocol and port numbers to prioritize traffic.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    12 views34 pages

    2 ACNunit2 - Partial

    Uploaded by

    Vikas Srivastav
    Layer 2 switches segment networks into collision domains and interconnect devices within a workgroup. They learn MAC addresses and store them in address tables to forward traffic efficiently. Layer 3 switches perform the same functions as routers but can improve performance by implementing some routing functions in hardware. Multilayer switches can perform Layer 2, 3, and 4 switching based on protocol and port numbers to prioritize traffic.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 34

    Layer 2 Switching

    Layer 2 switches segment a network into multiple collision domains


    and interconnect devices within a workgroup, such as a group of PCs.
    The heart of a Layer 2 switch is its Media Access Control (MAC)
    address table.
    When a switch is first powered up, its MAC address table is empty.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 38 / 71


    Layer 2 Switching

    Figure: MAC.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 39 / 71


    Layer 3 Switching

    A Layer 3 switch is really a router with some of the functions


    implemented in hardware to improve performance.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 40 / 71


    Functions of a Layer 3 Switch

    Learning routes and keeping the best path to each destination in a


    routing table.
    Sending the packet out of the appropriate interface, along the best
    path. This is also called switching the packet.
    Communicating with other routers to exchange routing information.
    Allowing devices on different LANs to communicate with each other
    and with distant devices.
    Blocking broadcasts.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 41 / 71


    Layer 4 Switching

    Switching based on the protocol and port numbers.


    It ensure, for example, that certain types of traffic get higher priority
    on the network or take a specific path.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 42 / 71


    Multilayer Switching

    Multilayer switching, as its name implies, allows switching to take


    place at different protocol layers.
    Switching can be performed only on Layers 2 and 3, or it can also
    include Layer 4.
    MLS is based on network flows.
    A network flow is a unidirectional sequence of packets between a
    source and a destination.
    A network flow can be identified by source and destination IP
    addresses, protocol numbers, and port numbers as well as the
    interface on which the packet enters the switch.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 43 / 71


    Components of Multilayer Switching

    MLS Route Processor (MLS-RP): Performs traditional features of


    routing.
    MLS Switching Engine (MLS-SE):The MLS-enabled switch that can
    offload some of the packet-switching functionality from the MLS-RP.
    Multilayer Switching Protocol (MLSP): Used by the MLS-RP and the
    MLS-SE to communicate with each other.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 44 / 71


    Components of Multilayer Switching

    Figure: Multilayer Switch.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 45 / 71


    Functionality of multilayer switch

    In the case of the first packet in the flow, SE forwards the frame to
    the RP.
    The MLS-RP receives the frame, decapsulates (unwraps) the frame,
    and determines the destination of a packet.
    RP creates a new frame for the packet - decrementing the TTL field,
    recalculating the IP header checksum, update source MAC address of
    this frame as the MAC address of the RP, update destination MAC
    address of this frame as the MAC address of the destination device
    (or next-hop router).
    The RP then sends the frame to the SE.
    The SE therefore makes the MLS cache entry using information from
    the frame.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 46 / 71


    Cisco Express Forwarding

    Cisco Express Forwarding (CEF), like MLS , aims to speed the data
    routing and forwarding process in a network.
    CEF uses two components to optimize the lookup of the information
    required to route packets: the Forwarding Information Base (FIB) for
    the Layer 3 information and the adjacency table for the Layer 2
    information.
    CEF creates an FIB by maintaining a copy of the forwarding
    information contained in the IP routing table.
    The adjacency table contains Layer 2 frame header information,
    including next-hop addresses, for all FIB entries.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 47 / 71


    Functioning of Cisco Express Forwarding

    When a packet arrives, the route is determined using FIB table.


    Then, the next-hop information is retrieved using the adjacency table.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 48 / 71


    Switching Security

    Switches play an active role in network security by providing various


    security features.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 49 / 71


    Security Attacks
    MAC Address Flooding: An attacker can send frames with fake,
    randomly-generated source and destination MAC addresses to the switch.

    Figure: Attack.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 50 / 71


    Security Attacks

    DHCP starvation attack: An attacker floods the DHCP server with


    DHCP requests to use all the available IP addresses that the DHCP
    server can issue. After these IP addresses are issued, the server
    cannot issue any more addresses, and this situation produces a
    denial-of-service (DoS) attack.
    DHCP spoofing attack: An attacker configures a fake DHCP server
    on the network to issue DHCP addresses to clients.
    DHCP starvation is often used before a DHCP spoofing attack to
    deny service to the legitimate DHCP server, making it easier to
    introduce a fake DHCP server into the network.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 51 / 71


    Security Attacks

    Figure: DHCP Attack.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 52 / 71


    Security Attacks

    Telnet Attack: The Telnet protocol is insecure and can be used by an


    attacker to gain remote access to a Cisco network device.
    There are tools available that allow an attacker to launch a brute
    force password-cracking attack against the ports on the switch.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 53 / 71


    Switch Security

    Various security features are used in the switch for preventing the attacks.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 54 / 71


    Switch Port Security

    Secure Unused Ports: The first step in port security is to be aware of


    ports that are not currently being used on the switch.
    The second step is to disable all unused ports on a switch.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 55 / 71


    DHCP Snooping

    DHCP snooping: It determines which devices attached to switch


    ports can respond to DHCP requests.
    Switch ports can be identified as trusted and untrusted.
    Trusted ports can source any type of DHCP message.
    Untrusted ports can source DHCP requests only.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 56 / 71


    DHCP Snooping

    Figure: DHCP Snooping.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 57 / 71


    Port Security

    Port security : Cisco port security limits the number of valid MAC
    addresses allowed on a port.
    If the number of MAC addresses allowed on the port is limited to one,
    then only the device with that specific MAC address can successfully
    connect to the port.
    If a port is configured as a secure port and the maximum number of
    MAC addresses is reached, any additional attempts to connect by
    unknown MAC addresses will generate a security violation.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 58 / 71


    SSH

    Secure Shell (SSH) is a protocol that provides a secure (encrypted)


    management connection to a remote device.
    SSH should replace Telnet for management connections.
    SSH provides security for remote connections by providing strong
    encryption when a device is authenticated (username and password)
    and also for the transmitted data between the communicating devices.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 59 / 71


    IPv4 Network Design - Two-Level Addressing

    Figure: Two-Level Addressing.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 60 / 71


    IPv4 Network Design - Two-Level Addressing

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 61 / 71


    IPv4 Network Design - Three-Level Addressing

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 62 / 71


    IPv4 Network Design - Subnetting

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 63 / 71


    IPv4 Network Design - Subnetting

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 64 / 71


    IPv4 Network Design - Subnetting

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 65 / 71


    Hierarchical IP Address Design and Summarization

    A hierarchical IP address design means that addresses are assigned in


    a hierarchical manner, rather than randomly.
    Routers maintain summarized routes only, instead of unnecessary
    details in their routing tables.
    Routing updates become smaller and therefore use less bandwidth on
    the network.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 66 / 71


    Hierarchical IP Address Design and Summarization

    When Router A sends its routing table to the other routers, it has no
    choice but to send all its routes.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 67 / 71


    Hierarchical IP Address Design and Summarization

    Notice, for example, that all the subnets under Router A start with 10.1,
    while all under Router B start with 10.2. Therefore, the routers can
    summarize the subnets.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 68 / 71


    Hierarchical IP Address Design and Summarization

    Consider a network in which Router A has the following subnet routes in


    its routing table: 192.168.3.64/28, 192.168.3.80/28, 192.168.3.96/28, and
    192.168.3.112/28. Router B in the same network has the following subnet
    routes in its routing table: 192.168.3.0/28, 192.168.3.16/28,
    192.168.3.32/28, and 192.168.3.48/28. What is the summary route for
    Router A’s subnets?

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 69 / 71


    Hierarchical IP Address Design and Summarization

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 70 / 71


    RIP Routing Protocol

    Routing Information Protocol (RIP) is a dynamic routing protocol


    that uses hop count as a routing metric to find the best path between
    the source and the destination network.
    In RIP, infinity is defined as 16, which means that the RIP is useful
    for smaller networks or small autonomous systems. The maximum
    number of hops that RIP can contain is 15 hops, i.e., it should not
    have more than 15 hops as 16 is infinity.
    In a routing table, the first column is the destination, or we can say
    that it is a network address.
    The next column contains the address of the router to which the
    packet is to be sent to reach the destination.

    Vivek Sethi (DIT) Advanced Computer Networks 10th Jan. 2023 71 / 71

    You might also like