2a dolan part 2 test 2 Flashcards
layer 2 switches
- frames are the PDU found at the data link layer.
- Switches are the piece of network
equipment that are primarily responsible for forwarding frames on a computer network.
two primary functions of a switch
- The first function = maintain an internal MAC Address Table aka Content Addressable Memory (CAM) Table
- The second function = make a filtering decision and forward frames out of a single destination interface that matches the destination MAC address of the frame
what is address learning?
MAC address table on a switch will associate MAC addresses to individual switchports on a switch
when will switch forward frames?
always based on destination however, if it knows address it will send to that specific switch port
if it is unable to link destination it will flood the frame (get rid of )
collision domains
are areas on a computer network where the potential for a literal collision in communication can occur
switches break up collision domains
half-duplex
Half-Duplex communication means only one side of a link can transmit at any given time
full-duplex
communication means that both sides can transmit and receive data at the same time (like a phone call)
switchport configurations
-access
when the connection going to the switch is that of a node on a computer network
-trunk
the link in question is going between a switch to another switch or a router.
one switch can talk to another switch
-routed
the port is required to act as a Layer 3 specific interface
aka no switchport mode in Cisco
hierachical internetworking model
- access layer
deployment of switches is primarily focused on directly connecting nodes, hosts, clients, and servers
handle mostly layer 2 functions such as forwarding frames, with little to no emphasis on layer 3 routing functions. aka - Desktop Layer because of this emphasis on node connectivity.
- distribution layer
deployment of switches and routers are primarily focused on accomplishing routing and filtering between the individual access layer switches
Switches capable of routing packets in addition to routers are employed here versus the strictly layer 2 switches encountered at the access layer
referred to as the Workgroup Layer
- core layer
deployment of switches and routers are primarily focused on providing high-speed and redundant connections between the routers and switches located at the distribution layer
more “powerful” switches and high-end routers for a base’s computer network are located.
broadcast storms
possibly bring down an entire base’s network if proper loop avoidance is not diligently applied beforehand
network loop
- more than one link between two pieces of network equipment that causes repetition of frames being literally loop between infinitely
broadcast frames -
- destination address of FFFF.FFFF.FFFF, sent out by individual nodes on a computer network when using a variety of different protocols
- concern on a network without proper Loop Avoidance.
CPU = will eventually reach a breaking point where it is unable to process frames entirely and quickly maxes out its CPU utilization
spanning tree protocol
STP allows for multiple paths to exist without the threat of a potential broadcast storm occurring
Spanning-Tree Topology
the protocol will assign various roles to the active switchports involved in forwarding traffic between the participating STP configured switches on a computer network
assess multiple paths between switches and** prioritize** one switchport involved in that communication path over the other
Forwarding state= allow traffic to flow
Blocking state= disallowing traffic
will designate a switch in the topology as the Root Bridge
Bridge Protocol Data Units (BPDUs)
frames sent by switches that contan information to STP + sent out every two seconds by default.
designated ports
permitted to forward on the root bridge
Root Ports
Ports permitted to forward on non-root bridge switches
spanning tree port states
-disabled
administratively shutdown
-blocking
is a state for a switchport where STP has determined the possibility of a loop exists should the switchport be allowed to forward frames
frames containing data from nodes on the network are neither sent or received by the blocking switchport
-listening
is a state for a switchport where it will process received BPDUs to decide on the STP topology that it is connected to. It will not populate the MAC address table of the switch and will not forward frames that contain data from nodes on the network.
-learning
is a state for a** switchport after the initial listening state has occurred
it will begin to populate the MAC address table with the source MAC address of any frames received on the interface it is assigned to
-forwarding
is a state for a switchport after the initial listening and learning states have occurred.
a switchport is in normal operation and is both receiving and forwarding frames that contain data from nodes on the computer network
IEEE 802
standards that deal with Local Area Networks (LANs) and Metropolitan Area Networks (MANs)
IEEE 802.1
the IEEE standards working group for LAN Protocols
focuses on network management and includes such protocols
IEEE 802.1q – is the IEEE standard for VLAN Tagging, supports VLANsby tagging node generated frame related traffic on a computer network.
IEEE 802.1x – is the IEEE standard for Port Based Network Access Control, focus on providing a method to authenticate nodes that are plugged into a computer network.
IEEE 802.1s – is the most current IEEE standard for STP.
IEEE 802.3
is the IEEE standards working group for Ethernet.
IEEE 802.3ad – Link Aggregation Control Protocol (LACP) robin load balancing
IEEE 802.3bt –Power Over Ethernet (POE). POE provides a capability for a switch to provide power to a connected POE capable node through the same link it is utilizing for data transmission. The most common example of this is when using Voice over Internet Protocol (VOIP)
IEEE 802.11
is the IEEE standards working group for Wireless Ethernet.
IEEE 802.11ax - Wi-Fi 6
- supersedes IEEE 802.11ac which was the standard for Wi Fi 5.
Virtual Local Area Networks (VLAN)
- isolated Broadcast Domains on a computer network
- VLANs are configured locally on a switch and switchports on a switch will be assigned to a VLAN.
- identified by the number they are assigned or can be given a written name
segmentation
Ensuring that subnets do not overlap amongst individual VLANs
important = separate broadcasts generated from nodes on a computer network logically, while also** optimizing bandwidth, speed, and security on the computer network**
VLAN TAGGING
IEEE 802.1q
-also referred to as trunk encapsulation.
- This protocol will take a standard Ethernet frame + add field to the header= follows the source and destination field
appended field is 4-bytes in length and is called the VLAN Tag Field.
native VLANS
are assigned to trunk ports on a switch
take untagged frames and assign them to the native VLAN
further enhances security by providing a means to isolate untagged traffic
untagged traffic
frames that are not tagged as belonging to a member of a VLAN are transmitted across a trunk link
VLAN Hopping
where a malicious actor could bypass the isolation of an individual VLAN’s broadcast domain and enter into another VLAN’s broadcast domain.
Dead VLANS
- shut down unused switchports
(thought of as quarantine areas)
VLAN Pruning
limiting a VLANs ability to be transmitted on a trunk link
