Switching Flashcards

1
Q

DHCP snooping

A

Filters untrusted DHCP messages and builds a binding table of valid IP-MAC address pairs.

Switch intercepts a DHCP request from a host and validates it against the binding table before forwarding it to the DHCP server.

o Pros: protecting the network from unauthorized hosts and IP conflicts, preventing DHCP spoofing attacks and rogue DHCP servers.

Setup:
1. Enable under security section
2. Add VLANs to apply snooping to
3. Set trust mode on port that is connected to the router
4. turn on chaddr verification on ports connected to clients (optional).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DAI

A

o Definition: Dynamic ARP Inspection, a security feature that validates ARP packets on untrusted ports and verifies that they have a valid IP-MAC binding.

o Example: a switch intercepts an ARP reply from a host and checks it against the DHCP snooping binding table or a static ARP entry before updating the ARP cache or forwarding the packet.

o Pros: preventing hosts from impersonating other hosts or routers on the network, preventing ARP spoofing attacks and ARP poisoning.

Setup:
1. Enable DAI under security and enter VLANs it applies to
2. Enable optional DAI parameters below.

Parameters:
Trust port - Allows ARP packets without inspection
Source MAC verification - checks the source MAC in the ARP packet and sees if it matches MAC with sender IP address . Can drop or log it if MAC is suspicious or inconsistent
Destination MAC verification - checks destination MAC of the intended recipient.
IP address verification - verifies IP address in ARP packet matches IP address listed in DHCP snooping binding table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Storm control

A

Monitors the traffic levels of broadcast, multicast, and unknown unicast packets on a port and takes action when a configured threshold is exceeded.

o Example: a switch drops excess broadcast packets on a port if they exceed 50% of the bandwidth.

o Pros: protecting the network from excessive traffic and preserving bandwidth for other applications, preventing traffic storms that can degrade network performance or cause denial-of-service attacks.

Setup:
1. Enable SC on the port
2. Apply control to broadcast, unknown multicast or unknown unicast independently.
3. Declare whether to just drop the packets or disable the port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

LACP

A

Control protocol for link aggregation that allows devices to negotiate settings for link aggregation groups (LAGs) and to exchange information about the status and configuration of the links.
o Example or use case: LACP can be used to combine multiple Ethernet links into a single logical link between two switches, a switch and a server, or a switch and a network attached storage (NAS) device. This can increase bandwidth, reliability, and availability of the connection.

o Pros: LACP can prevent errors and misconfigurations in the link aggregation setup process, and can dynamically adjust to changes in the link status or availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Jumbo Frame

A

o Definition: A jumbo frame is an Ethernet frame that has a payload size larger than the standard maximum of 1500 bytes. The maximum size of a jumbo frame varies depending on the device and the network, but it can range from 9000 to 12000 bytes or more.

o Example or use case: Jumbo frames can be used to improve the efficiency and performance of data transfers that involve large amounts of data, such as file transfers, backups, video streaming, or virtualization. Jumbo frames can reduce the overhead and fragmentation of packets, and increase the throughput and latency of the network.

o Pros: Jumbo frames can reduce the CPU utilization and network congestion caused by processing and transmitting many small packets. Jumbo frames can also improve the error detection and correction capabilities of Ethernet by using larger cyclic redundancy checks (CRCs).
o Cons: Jumbo frames require all devices in the network path to support and be configured for the same frame size. Jumbo frames may not be compatible with some devices or applications that expect standard frame sizes. Jumbo frames may also increase the impact of packet loss or corruption by affecting more data per packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

LAG

A

Allows multiple physical links to be combined into a single logical link between two networked devices. Link aggregation can also be called by other names, such as port channeling, port trunking, or Ethernet bonding.

o Example or use case: Link aggregation can be used to increase the bandwidth, reliability, and availability of a connection between two switches, a switch and a server, or a switch and a NAS device. Link aggregation can also provide load balancing and failover capabilities for the traffic across the links.

o Pros: Link aggregation can improve the network performance and resilience by utilizing multiple links instead of relying on a single link. Link aggregation can also provide cost-effectiveness by increasing bandwidth without requiring new equipment or cables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Spanning Tree

A

o Definition: Spanning tree is a protocol that prevents loops in a network that has redundant paths between switches. Spanning tree creates a logical tree structure that spans all the switches in the network, and blocks some ports that could cause loops. Spanning tree can also detect and recover from changes in the network topology.

o Pros: Spanning tree can enhance the network reliability and availability by preventing loops and allowing alternative paths in case of link failures. Spanning tree can also provide automatic configuration and adaptation to changes in the network topology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Port isolation

A

Does not allow ports within the isolated group to communicate with each other even if they are on the same VLAN.

o Pros: enhancing privacy and security for hosts on the same network segment, preventing hosts from accessing other hosts or devices on the same network segment.
o Cons: limiting network functionality and connectivity for some applications or services, introducing complexity and overhead in the network configuration and management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

802.1x

A

o Definition: Grants network access at the port level through authenticating with RADIUS.

o Example: a switch authenticates a host using its username and password before allowing it to access the network. The switch acts as an authenticator and forwards the host’s credentials to the authentication server. The authentication server validates the credentials and sends back an accept or reject message to the switch. The switch then grants or denies access to the host based on the message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AAA

A

o Definition: Authentication, Authorization, and Accounting, a framework that provides security services for network access. It uses an authentication server (such as RADIUS or TACACS+) to verify the identity of clients (authentication), determine what resources they can access (authorization), and keep track of their activities (accounting). Broader concept of access control

o Example: a router authenticates a user using its username and password before allowing it to access a VPN tunnel. The router acts as an AAA client and forwards the user’s credentials to the AAA server. The AAA server validates the credentials and sends back an accept or reject message to the router. The AAA server also sends back information about what resources the user can access (such as IP address, encryption key, etc.) and how long they can use them. The router then grants or denies access to the user based on the message. The AAA server also records information about when, where, how long, and how much data the user used during their session (accounting).

o Pros: enhancing network security and access control by preventing unauthorized users from accessing the network resources, supporting multiple authentication methods (such as passwords, certificates, tokens, etc.) and encryption protocols (such as IPSec, SSL VPN, etc.), providing centralized management and auditing of user activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Flow control

A

Definition: a mechanism that regulates the rate of data transmission between two network devices to prevent congestion and packet loss.

Example: a switch uses IEEE 802.3x pause frames to signal a sender to stop sending data when its buffer is full, and to resume sending data when its buffer has enough space.

Pros: preventing packet loss and improving network performance by avoiding buffer overflow and underflow, supporting full-duplex and half-duplex communication modes.

Cons: introducing delays and jitter in the data transmission, reducing the effective bandwidth of the link, depending on the compatibility and configuration of both devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Tagged port (trunk)

A

Definition: a port that sends and receives Ethernet frames with VLAN tags that indicate the VLAN membership of the frames. A tagged port can belong to multiple VLANs and can carry traffic for different VLANs on the same physical link.

Example: a switch port that connects to another switch or a router uses VLAN tags to distinguish between frames from different VLANs. The port can be configured as a trunk port (Cisco terminology) or a tagged port (other vendors’ terminology) and can use protocols such as 802.1Q or ISL to encapsulate the frames with VLAN tags.

Pros: allowing multiple VLANs to share the same physical link, increasing the bandwidth utilization and reducing the number of cables and ports needed, supporting inter-VLAN routing and communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Untagged Port (access)

A

Definition: a port that sends and receives Ethernet frames without VLAN tags. An untagged port can belong to only one VLAN and can carry traffic only for that VLAN on the physical link.

Example: a switch port that connects to an end device (such as a PC or a printer) does not use VLAN tags to identify the frames. The port can be configured as an access port (Cisco terminology) or an untagged port (other vendors’ terminology) and can assign the frames to a default or native VLAN based on its configuration.

Pros: simplifying the Ethernet frames and the network configuration, supporting devices that do not understand VLAN tags, providing hard firewalls for traffic in the VLAN.

Cons: limiting the number of VLANs that can use the same physical link, requiring more cables and ports for different VLANs, depending on other security features (such as port security) to prevent unauthorized access to the VLAN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

IGMP Snooping

A

Definition: a feature that allows a switch to monitor Internet Group Management Protocol (IGMP) messages between hosts and multicast routers, and to learn which ports are interested in receiving multicast traffic. IGMP snooping can optimize network performance by reducing unnecessary multicast traffic on switch ports that do not have any multicast listeners.

Example: a switch receives an IGMP join message from a host on port 1 requesting to join a multicast group G. The switch adds port 1 to its IGMP snooping table entry for group G. When the switch receives multicast traffic for group G from another port, it forwards it only to port 1. When the switch receives an IGMP leave message from the host on port 1 leaving group G, it removes port 1 from its IGMP snooping table entry for group G.

Pros: improving network performance and efficiency by reducing multicast traffic on ports that do not have any multicast listeners, saving bandwidth and CPU resources for other applications, supporting multiple multicast groups and protocols (such as IGMPv1, IGMPv2, IGMPv3).

Cons: requiring additional configuration and resources on the switch, depending on other features (such as IGMP querier or multicast router) to maintain accurate IGMP snooping table entries, introducing delays or disruptions in multicast delivery when reacting to IGMP messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Router port (IGMP)

A

Definition: a port that connects to a multicast router or a device that can send IGMP queries. An IGMP snooping router port can belong to multiple VLANs and can receive multicast traffic for different groups on the same physical link.

Example: a switch port that connects to a router that acts as an IGMP querier for multiple VLANs. The port can be configured as an IGMP snooping router port using the ip igmp snooping vlan vlan-id mrouter interface interface-id command. The port can receive multicast traffic for any group that has members in the VLANs.

Pros: allowing the switch to learn about multicast groups and sources from the multicast router, supporting inter-VLAN routing and communication for multicast traffic, enabling the switch to forward IGMP reports and leave messages to the multicast router.

Cons: requiring additional configuration and resources on the switch and the multicast router, depending on the compatibility and configuration of both devices, introducing delays or disruptions in multicast delivery when reacting to IGMP queries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

port fast leave (IGMP)

A

Definition: a feature that allows a port to be removed from a multicast group upon receiving an IGMP leave message. When port fast leave is enabled, IGMP snooping does not wait for an IGMP query to confirm the leave request, but deletes the port directly from the multicast group.

Example: a switch receives an IGMP leave message from a host on port 1 leaving a multicast group G. The switch has port fast leave enabled on port 1. The switch removes port 1 from its IGMP snooping table entry for group G without waiting for an IGMP query from the multicast router.

Pros: saving bandwidth and CPU resources by reducing unnecessary multicast traffic on ports that do not have any multicast listeners, improving network performance and efficiency by avoiding delays in multicast delivery.

Cons: dropping valid multicast traffic if there are other hosts on the same port that are still interested in receiving the multicast group, depending on other features (such as IGMP querier or multicast router) to maintain accurate IGMP snooping table entries.

17
Q

Multicast forward mode (IGMP)

A

Definition: a mode that determines how a switch forwards multicast traffic based on its IGMP snooping table entries. There are two types of multicast forward modes: flood mode and filter mode.

Example: a switch receives multicast traffic for group G from port 2. The switch has two ports (port 1 and port 3) in its IGMP snooping table entry for group G. If the switch is in flood mode, it forwards the multicast traffic to all ports except port 2. If the switch is in filter mode, it forwards the multicast traffic only to port 1 and port 3.

Pros: allowing network administrators to choose between different forwarding behaviors based on their network requirements and preferences, providing flexibility and control over multicast traffic distribution and optimization.

Cons: introducing trade-offs between network performance and security depending on the chosen mode, requiring additional configuration and resources on the switch, depending on other features (such as IGMP querier or multicast router) to maintain accurate IGMP snooping table entries.

18
Q

multicast policy (IGMP)

A

Definition: a policy that defines which multicast groups are allowed or denied on a switch port. A multicast policy can be applied to an interface or a VLAN using access control lists (ACLs).

Example: a switch has a multicast policy that allows only group G1 on port 1 and denies all other groups. The switch receives an IGMP join message from a host on port 1 requesting to join group G2. The switch does not add port 1 to its IGMP snooping table entry for group G2 because it violates the multicast policy. The switch also does not forward any multicast traffic for group G2 to port 1.

19
Q

RADIUS

A

Definition: Remote Authentication Dial-In User Service, a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service

Example: A network access server (NAS) that controls access to a wireless network and uses RADIUS to communicate with a RADIUS server that verifies the credentials of the users

Pros: RADIUS can support a variety of authentication methods, such as passwords, tokens, certificates, etc. RADIUS can also provide detailed accounting information for billing or auditing purposes

Cons: RADIUS is vulnerable to various attacks, such as replay, man-in-the-middle, or dictionary attacks. RADIUS also does not encrypt the entire packet, only the password field, which may expose sensitive information

20
Q

TACACS+

A

Cisco protocol that handles authentication, authorization, and accounting (AAA) services for network access control through a centralized server. Typically used to provide privileges to admins within a network.

TACACS is Cisco variant of RADIUS

Example: A network administrator can use TACACS+ to authenticate users who want to access a router or a network access server and authorize them to execute specific commands2.

21
Q

Anti attack (security)

A

Definition: Anti attack is a set of security measures that can prevent or mitigate various network attacks such as different types of spoofing, DDoS, and others.

22
Q

SNMP

A

Definition: Simple Network Management Protocol, a standard protocol for managing devices on a network such as routers, switches, servers, printers, etc.
Example: SNMP can be used to monitor the performance, availability, and configuration of network devices by sending and receiving messages called SNMP PDUs.

Pros: SNMP is widely supported by many vendors and devices, easy to implement and configure, and can provide useful information for network management.

23
Q

RMON

A

Definition: Remote Network Monitoring, a standard for monitoring network traffic and statistics from a remote device such as a probe or an agent.

Example: RMON can be used to collect and analyze data such as packets, errors, utilization, hosts, conversations, etc. from different network segments or layers.

Pros: RMON can provide comprehensive and detailed information for network troubleshooting, optimization, and planning, and can reduce network overhead by processing data locally.

Cons: RMON may require additional hardware or software to implement, may have compatibility issues with some devices or protocols, and may have limited scalability or functionality.

24
Q

Queue scheduling

A
  • Definition: Queue scheduling is the process of managing the order and priority of data packets or requests in a network queue for transmission or processing.

Configure the queuing algorithms to be used per port.

  • Example: In a network router, queue scheduling ensures that high-priority packets, such as real-time video or voice data, are processed and transmitted before lower-priority packets.
  • Pros: Allows for prioritization of critical traffic, ensuring timely delivery. Helps maintain quality of service (QoS) by managing congestion and minimizing delays.
25
Q

priority mapping

A
  • Definition: Priority mapping involves assigning priorities or classes to different types of network traffic or data packets based on their importance or requirements.
    • Example: In a network switch, priority mapping can assign higher priority to real-time video streaming packets and lower priority to bulk data transfers.
    • Pros: Enables differentiated treatment of traffic based on application or service requirements. Allows for efficient utilization of network resources by giving priority to critical traffic.
    • Cons: Incorrect or inconsistent priority mapping can result in undesired performance or unfairness. Limited number of priority levels may not adequately capture the nuances of different traffic types.
26
Q

Queueing algorithm: Strict Priority

A

Description: Strict Priority is a queueing algorithm where packets are assigned to different priority queues, and packets in higher-priority queues are always served before packets in lower-priority queues. It means that high-priority traffic gets preferential treatment over low-priority traffic.

Pros: Ensures low-latency and low-jitter for high-priority traffic, making it ideal for real-time applications like voice and video.

Cons: Can lead to starvation of lower-priority traffic if high-priority traffic is continuously present, potentially causing fairness issues and degraded performance for low-priority traffic.

27
Q

Queueing algorithm: WFQ

A

Description: WFQ is a queueing algorithm that divides the available link capacity by the configured allocations. This mechanism ensures that each flow gets their fair share based on the configured weights.

Good to use when you need to ensure bandwidth.

28
Q

Queueing algorithm: WRR

A

Description: Assigns weights to each queue and serves packets in round robin fashion. It differs from WFQ by serving # of packets (instead of basing it on bandwidth) with varying rates based on the weights.

Pros: Provides priority differentiation among queues while offering better fairness than strict priority. Efficiently handles both burst and steady traffic patterns.

Cons: May lead to underutilization of network resources if queues with low weights have little or no traffic while queues with high weights are congested.

29
Q

SP-WRR/WFQ

A

Combines WRR/WFQ but also includes SP algorithm so high priority queues still get to go first. Port will adhere to strict priority first, then processed as WRR/WFQ

30
Q

Rate Limit

A

QoS option that tells switch to drop traffic based on the max ingress/egress CIR (committed information rate)

31
Q

CIR (committed information rate)

A

The guaranteed bandwidth rate in a frame relay circuit at any given time.

32
Q

PIM (Protocol Independent Multicast)

A
  • Utilized by L3 switches/routers; the “WAN/public network version of IGMP”
  • Interested parties send requests join the multicast group (rendevouz point)
  • Responsible for building multicast distribution trees, forwarding multicast traffic and manages multicast routing across networks/subnets
  • Commonly used in IPTV applications across VLANs or subnets.
33
Q

IGMP

A

Internet Group Management Protocol helps manage multicast traffic amongst those who choose to receive multicast data.

  • Primarily used by endpoints/hosts and routers within a subnet or LAN segment.
  • Cannot traverse subnets
  • Found in all IP networks and hosts will join or leave multicast groups.
34
Q

Queue Shaping

A

Restricts how much traffic is sent downstream (outbound) based on a max CIR value (bandwidth). The switch will buffer egress traffic based on the CIR

35
Q

Port Priority (QoS)

A

GWN can set trust modes (DSCP, CoS, etc) per port, remark CoS/DSCP or hardcode CoS values.

36
Q

Fiber types

A

Single mode - used for long distances
multi mode - shorter distances

37
Q

fiber cable types

A

SM - OS1 (indoor), OS2 (outdoor applications)
MM - OM1 - OM5; increasingly more expensive the higher up you go.

38
Q

MSTP

A

Multiple spanning tree
-Allows load balancing. When MSTP is used, instance 1 may utilize a different set of links from instance 2. Thus allowing for better link usage per vlan.
-Avoids having to create multiple spanning tree per vlan (PVST)
-Groups switches that want to participate in the spanning tree together using region name and revision level. Switches must be configured with the same region name, revision # and instance.

39
Q

IP Source Guard

A

Security feature that prevents spoofing attacks by referencing the IP and MAC binding table generated by DHCP snooping or static configuration.

If traffic comes from an IP/MAC address that doesn’t match the binding table, it will be dropped. IPSG can be used on access ports.