WT2054 LAN Switching and Wireless

Eero Väisänen 18.1.2010

Exercise 2

Material: CCNA Exploration 4.0 (3 LAN Switching and Wireless)

https://wartsila.pkamk.fi/cisco/exploration

Chapter 2: Basic Switching Concepts and Configuration

Here are the questions and tasks from chapter 1, LAN Design. Submit the
answers in one document to return folder in moodle.

1) Basic Ethernet uses CDMA/CD principle in accessing the media. Describe

how this method works.

This CDMA/CD means “carrier sense multiple access/collision detect”

technology. The method is very simple. All network devices have to
listen/wait before transmitting. If a device detects a signal from another
device, it waits for a specified amount of time before attempting to
transmit. When the device senses there is no other traffic detected on the
network, a device transmits its message. While this transmission is
occurring, the device continues to listen for traffic or collisions on the LAN.
After the message is sent, the device returns to its default listening mode,
and wait for other instructions. If the thing don’t work like this we will have
data corruptions and collision on our network.

2) Give examples, where broadcast and multicast frames are needed.

Broadcast transmission like when sender send the same message to all
devices on the LAN. An example of a broadcast transmission is the address
resolution query that the address resolution protocol (ARP) sends to all
computers on a LAN. This ARP mainly used in TCP/IP based networks.

A multicast transmission is like a video and voice transmissions

associated with a network-based, like e-learning or business meeting. This
group has to be member of a logical multicast group.

3) Describe the difference between half and full duplex. What does auto setting
do in this context?

The main difference between these two settings, in the half-duplex mode
the devices are can’t send and receiving data at the same time, because it
is a unidirectional communication type. This is similar like walkie-talkie
when just one people can communicate the other. Half-duplex
communications have performance issues too, due to the constant
 waiting, because data can only flow in one direction at a time. In full-
duplex communication, data flow is bidirectional, so data can be sent and
received at the same time. Most Ethernet, Fast Ethernet, and Gigabit
Ethernet NICs sold today offer full-duplex capability, and if we want to
communicate in full duplex mode both devices can be able to support this
mode. In this mode these network devices collision circuits must be
disabled. So these devices are collision free, but they can communicate
just point-to-point only.

The auto option sets auto negotiation of duplex mode. With auto
negotiation enabled, the two ports communicate to decide the best mode
of operation, but it may have got unpredictable results, so we must
consider this option very well.

4) How does a switch use MAC address table in switching? How does the MAC
table build up?

Switches use MAC addresses to direct network communications through

their switch fabric to the appropriate port toward the destination node.
The switch must have to learn witch MAC address is on witch ports, to it
can tower the data to the receiver. When the switch can’t find in the MAC
address table the receiver, it broadcast the information to all ports while it
can’t identify the receiver. After than the switch updating the MAC address
table and the next time it will be know on witch port is the appropriate for
that device.

5) Define the term collision domain. How does a switch reduce collision
domains?

When expanding a network we had more users with more bandwidth

requirements, the potential for collisions increases. To reduce the number
of nodes on a given network segment, you can create separate physical
network segments, called collision domains. The network area where
frames originate and collide is called the collision domain. If we connect
the host to a switch that creates a dedicated connection, this connection is
an individual collision domain, because the traffic is separated from all
other traffic.

Switches reduce collisions and improve bandwidth use on network

segments because they provide dedicated bandwidth to each network
segment.

6) What does broadcast domain mean?

A broadcast domain is a logical division of a computer network, in which

all nodes can reach each other by broadcast at the data link layer. A
 collection of interconnected switches also is a single broadcast domain.
Only a Layer 3 entity, such as a router, or a virtual LAN (VLAN), can stop a
Layer 2 broadcast domain. When a switch receives a broadcast frame, it
forwards the frame to each of its ports, except the incoming port where
the switch received the broadcast frame. Each attached device recognizes
the broadcast frame and processes it. This leads to reduced network
efficiency, because bandwidth is used to propagate the broadcast traffic.

7) Describe the factors that affect network latency in local area networks. Give
also instructions how to control network latency.

We can measure the latency of a communication between two network

devices. This time is latency of the time a frame or a packet takes to travel
from the source station to the final destination. If latency is big our
communication is working badly, because latency mainly (but not just)
depends on the distance and the devices. We have to aspire that latency
is stay on a low level.

The first good way to improve our network latency if we use switches not
routers, because the routers must analyze Layer 3 data, switches just
analyze the Layer 2 data. Since Layer 2 data is present earlier in the frame
structure than the Layer 3 data, switches can process the frame more
quickly. And also important witch switch we use because en entry level
switch can’t produce more data flow like a better one.

8) Discuss the three switch forwarding methods (compact answer).

(I just find two methods)

There are 2 switch forwarding method exists:

- Store-and-Forward Switching

- Cut-through Switching

Store-and-Forward Switching: In this method the switches waits for the

whole frame and store it in the buffer memory. Tan analyze the data,
checking CRC (that is a mathematical formula to checking our data has
got any errors), and when it is ok, then transfer that frame to the
destination node. This procedure is very important when we use QoS
traffic, for example voice over IP data streams, this data stream has got
bigger priority than web-browsing traffic.
 Cut-through Switching: In this method the switches don’t analyze the
frame just send that immediately to the destination machine, even if the
transmission is not complete. The switches just checking the MAC address
and choose the right port for it, and sent the frame toward. In this case the
device doesn’t checking the errors or consistency, because it hasn’t got
time for it. These switches have got types the fast-forwarding switches and
fragment free switches. Fast-forward switching immediately forwards a
packet after reading the destination address. These switches have got the
lowest latency. The other type is some kind of mix type because this
device stores the first 64 bit and then forwarded the data. Why is the first
64 bit? In these data corruptions and errors are mostly in the first 64 bit of
the data. This is a good compromise between low and high latency
methods.

9) Describe the data buffering methods used in LAN switches.

There are 2 types of these buffering methods of the Port-based Memory

Buffering, and the Shared Memory Buffering.

Port-based Memory Buffering: In this case the frames are stored in

queues what is linked to the specific incoming ports. This frame is
transmitted to the outgoing port only when the frames what arrived before
are already transmitted to their destinations.

Shared Memory Buffering: In this case the shared memory reserve

memory space for all frames. These deposits are required dynamical
allocating in the memory. This allows the packet to be received on one
port and then transmitted on another port, without moving it to a different
queue.

The switch keeps a map of frame to port links showing where a packet
needs to be transmitted. The map link is cleared after the frame has been
successfully transmitted.

10) What phases are in the booting process of a switch?

1) The switch loads the boot loader software from NVRAM

2) The boot loader:

- Performs low-level CPU initialization

- Perform POST for the CPU subsystem

- Initializes the flash file system on the system board

- Loads a default operating system software into memory and

boots the switch
 3) The operating system runs using the config.txt file, stored in the switch
flash storage

11) What kind of tools can be used to manage a switch?

Cisco Network Assistant: It is a PC-based GUI network management

application optimized for small and medium-sized LANs. We can manage
the standalone or the groups switches.

The CiscoView device-management: This application displays a

physical view of the switch that you can use to set configuration
parameters and to view switch status and performance information.

Cisco Device Manager: This is web-based software that is stored in the

switch memory. We can use Device Manager to configure and manage
switches. We can access Device Manager from anywhere in your network
through a web browser.

SNMP Network Management: We can manage switches from a SNMP-

compatible management station. SNMP network management is more
common in large enterprise networks.

12) Discuss briefly the common security threats of a switch.

MAC Address Flooding: The attacker use the MAC table for the hacking,
because this table has got a limited size, and the attacker try to fill this
table with fake addresses. If it is full (the switch act like a hub) and when
the switch got a new address that transmission will be broadcasted and
the attacker will see everything.

Spoofing Attacks: Somehow an attacker can gain access to network

traffic is to spoof responses that would be sent by a valid DHCP server.
The meaning the fake device will be a DHCP and the attacker can send the
user to the desired destination.

DHCP starvation attack: The attacker PC continually requests IP

addresses from a real DHCP server by changing their source MAC
addresses. If successful, this kind of DHCP attack causes all of the leases
on the real DHCP server to be allocated, thus preventing the real users
(DHCP clients) from obtaining an IP address.

CDP Attacks: Cisco devices use this for network discovering and
communicate with other devices. This data flow is not encrypted and
contains valuable information like IP addresses, software version, platform
and the native VLAN. When the attacker gain this information he can start
 the typically attack the Denial of Service (DoS) attack. This attack form is
very “popular” nowadays.

Telnet Attacks: The attacker use the Telnet protocol to gain a remote
access on a Cisco switch.

Brute Force Password Attack: The attacker tries to find a good

password like guessing. It has got more stage, because the first and a
simple way is a common and exist word what he can find in a dictionary.
After this he tries to guess and generate sequential character
combinations.

13) Discuss the port security feature in a switch (main points).

- All switch ports or interfaces should be secured before the switch is

deployed

- Limit the number of secure MAC addresses

- Allow only one MAC address to access that port

- When the port detect an unauthorized MAC address, automatically shut

down that port

- MAC addresses security types:

- Static Secure MAC address

- Dynamic Secure MAC address

- Sticky Secure MAC address

- Security Violation Modes:

- protect

- restrict

- shutdown

- Port Security modes:

- default

- dynamic

- sticky

One of the good ways to prevent the attacks is if we disable the unused
ports. We can do it simple with the interface range command if we want to
shutdown more ports in one time.