Ethernet Features Flashcards
802.3ad
Link Aggregation
- Congestion can occur when ports all operate at the same speed
- Allows for combination of multiple physical connections into a single logical connection
- Bandwidth available is increased and the congestion is minimized or prevented
PoE 802.3af
PoE+ 802.3at
■ Supplies electrical power over Ethernet
● Requires CAT 5 or higher copper cable
● Provides up to 15.4 watts of power to device
● PoE+ provides up to 25.5 W of power to device
■ Two Device Types
● Power Sourcing Equipment (PSE)
● Powered Device (PD)
Port Monitoring or Mirroring
■ Helpful to analyze packet flow over network
● Connect a network sniffer to a hub and it sees all
● But, switches require port monitoring for network analyzer to see all the traffic
■ Port mirroring makes a copy of all traffic destined for a port and sends it to another port
802.1x
User Authentication
■ For security purposes, switches can require users to authenticate themselves before gaining access to the network
■ Once authenticated, a key is generated and shared between the
supplicant (device wanting access) and the switch (authenticator)
■ Authentication server checks the supplicant’s credentials and creates the key
■ Key is used to encrypt the traffic coming from and being sent to the client
Management Access and Authentication
■ To configure and manage switches, you can use two options
● SSH
○ Remote administration program that allows you to connect to the switch over the network
● Console Port
○ Allows for local administration of the switch using a separate laptop and a rollover cable (DB-9 to RJ-45)
Out-of-band (OOB)
■ Management involves keeping all network configuration devices on a separate network
First-Hop Redundancy
■ Hot Standby Router Protocol (HSRP) uses virtual IP and MAC addresses to provide a “active router” and a “standby router”
● HSRP is a Cisco-proprietary protocol
● If Active is offline, then standby answers
Other First-Hop Redundancy Protocols
■ Gateway Load Balancing Protocol (GLBP)
● Cisco-proprietary protocol
■ Virtual Router Redundancy Protocol (VRRP)
● Open-source protocol
■ Common Address Redundancy Protocol (CARP)
● Open-source protocol
MAC Filtering
■ Permits or denies traffic based on a device’s MAC address to improve security
Traffic Filtering
■ Multilayer switches may permit or deny traffic based on IP addresses or application ports
Quality of Service (QoS)
■ Forwards traffic based on priority markings
802.1D
Spanning Tree Protocol (STP)
○ Permits redundant links between switches and prevents traffic loops
○ Availability is measured in 9’s
■ Five 9’s is 99.999% uptime and allows only 5 minutes down per year
○ Shortest Path Bridging (SPB) is used for larger network environments instead
○ Without STP, MAC Address table corruption can occur
Broadcast Storms
■ If broadcast frame received by both switches, they can forward frames to each other
■ Multiple copies of frame are forwarded, replicated, and forwarded again until the network is consumed with forwarding many copies of the same initial frame
Root and Nonroot Bridges
■ Root Bridge
● Switch elected to act as a reference point for a spanning tree
● Switch with the lowest bridge ID (BID) is elected as the root bridge
● BID is made up of a priority value and a MAC address (with the
lowest value considered root)
■ Nonroot Bridge
● All other switches in an STP topology
■ MAC Address table corruption can occur
Root, Designated, and Non-Designated Ports
■ Root Port
● Every non-root bridge has a single root port
● Port closest to the root bridge in terms of cost
● If costs are equal, lowest port number is chosen
■ Designated Port
● Every network segment has a designated port
● Port closest to the root bridge in terms of cost
● All ports on root bridge are designated ports
■ Non-Designated Port
● Ports that block traffic to create loop-free topology
Root and Nonroot Bridges
■ Single root port on non-root bridge
■ All other ports on non-root bridge are non-designated
■ All ports on root bridge are designated
Port States
■ Non-designated ports do not forward traffic during normal operation; however, they do receive bridge protocol data units (BPDUs)
■ If a link in the topology goes down, the non-designated port detects the failure and determines whether it needs to transition to a forwarding state
■ To get to the forwarding state, though, it has to transition through four states
● Blocking
○ BPDUs are received but they are not forwarded
○ Used at beginning and on redundant links
● Listening
○ Populates MAC address table
○ Does not forward frames
● Learning
○ Processes BPDUs
○ Switch determines its role in the spanning tree
● Forwarding
○ Forwards frames for operations
■ Root and Non-designated port are blocking
■ Designated ports are forwarding
Link Costs
■ Associated with the speed of a link
■ Lower the link’s speed, the higher the cost
■ Long STP is being adopted due to higher link speeds over 10 Gbps
■ Values range from 2,000,000 for 10-Mbps Ethernet to as little as 2 for 10 Tbps
VLANs
■ Switch ports are in a single broadcast domain
■ Allow you to break out certain ports to be in different broadcast domains
■ Before VLANs, you had to use routers to separate departments,
functions, or subnets
■ Allow different logical networks to share the same physical hardware
■ Provides added security and efficiency
802.1q
■ Multiple VLANs transmitted over the same physical cable
■ VLANs are each tagged with 4-byte identifier
● Tag Protocol Identifier (TPI)
● Tag Control Identifier (TCI)
■ One VLAN is left untagged
● Called the Native VLAN
VPN
Virtual Private Network
Creates a secure VPN or virtual tunnel over an untrusted network like the Internet
VPN Concentrator
Dedicated network device that provides secure connections between remote users and a company network
VPN Headend
A specific type of VPN concentrator used to terminate IPSec VPN tunnels within a router or other device
Firewalls
■ Network security appliance at your boundary
■ Firewalls can be software or hardware
■ Stateful Firewalls
● Allows traffic that originates from inside the network and go out
to the Internet
● Blocks traffic originated from the Internet from getting into the
network
