SlideShare una empresa de Scribd logo

CCNA2 Verson6 Chapter5

Descargar como PPTX, PDF
Chaing Ravuth
Chaing Ravuth

The document discusses configuration of Cisco switches. It covers initial switch setup including the boot process, LED indicators, and configuring management access. It also covers configuring switch ports, including auto-MDIX and duplex settings. Finally, it discusses switch security features like secure shell (SSH) and port security including violation modes.

Educación
1 de 41
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1 Instructor Materials Chapter 5: Switch Configuration CCNA Routing and Switching Routing and Switching Essentials v6.0
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11 Chapter 5: Switch Configuration Routing and Switching Essentials v6.0
Presentation_ID 12© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 5 - Sections & Objectives 5.1 Basic Switch Configuration • Configure initial settings on a Cisco switch. • Configure switch ports to meet network requirements. 5.2 Switch Security: Management and Implementation • Configure the management virtual interface on a switch. • Configure the port security feature to restrict network access.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13 5.1 Basic Switch Configuration
Presentation_ID 14© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Switch Boot Sequence 1. Power-on self test (POST). 2. Run boot loader software. 3. Boot loader performs low-level CPU initialization. 4. Boot loader initializes the flash file system. 5. Boot loader locates and loads a default IOS operating system software image into memory and passes control of the switch over to the IOS.
Presentation_ID 15© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Switch Boot Sequence (cont.) To find a suitable Cisco IOS image, the switch goes through the following steps: Step 1. It attempts to automatically boot by using information in the BOOT environment variable. Step 2. If this variable is not set, the switch performs a top-to-bottom search through the flash file system. It loads and executes the first executable file, if it can. Step 3. The IOS software then initializes the interfaces using the Cisco IOS commands found in the configuration file and startup configuration, which is stored in NVRAM. Note: The boot system command can be used to set the BOOT environment variable. Use the show boot command to see to what the current IOS boot file is set.
Presentation_ID 16© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Recovering From a System Crash  The boot loader can also be used to manage the switch if the IOS cannot be loaded.  The boot loader can be accessed through a console connection by: 1. Connecting a PC by console cable to the switch console port. Unplug the switch power cord. 2. Reconnecting the power cord to the switch and press and hold the Mode button. 3. The System LED turns briefly amber and then solid green. Release the Mode button.  The boot loader switch: prompt appears in the terminal emulation software on the PC.
Presentation_ID 17© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Switch LED Indicators  Each port on Cisco Catalyst switches have status LED indicator lights.  By default, these LED lights reflect port activity, but they can also provide other information about the switch through the Mode button.  The following modes are available on Cisco Catalyst 2960 switches: • System LED • Redundant Power System (RPS) LED • Port Status LED • Port Duplex LED • Port Speed LED • Power over Ethernet (PoE) Mode LED
Presentation_ID 18© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Preparing for Basic Switch Management To remotely manage a Cisco switch, it must be configured to access the network.  A console cable is used to connect a PC to the console port of a switch for configuration.  The IP information (address, subnet mask, gateway) is to be assigned to a switch virtual interface (SVI).  If managing the switch from a remote network, a default gateway must also be configured.  Although these IP settings allow remote management and remote access to the switch, they do not allow the switch to route Layer 3 packets.
Presentation_ID 19© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Configuring Switch Management Access
Presentation_ID 20© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Configuring Switch Management Access (cont.)
Presentation_ID 21© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Configuring Switch Management Access (cont.)
Presentation_ID 22© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Duplex Communication
Presentation_ID 23© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Configure Switch Ports at the Physical Layer
Presentation_ID 24© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Auto-MDIX  Certain cable types (straight-through or crossover) were historically required when connecting devices.  The automatic medium-dependent interface crossover (auto-MDIX) feature eliminates this problem.  When auto-MDIX is enabled, the interface automatically detects and appropriately configures the connection.  When using auto-MDIX on an interface, the interface speed and duplex must be set to auto.
Presentation_ID 25© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Auto-MDIX (cont.)
Presentation_ID 26© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Auto-MDIX (cont.)
Presentation_ID 27© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Verifying Switch Port Configuration
Presentation_ID 28© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Network Access Layer Issue
Presentation_ID 29© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Network Access Layer Issue (cont.)
Presentation_ID 30© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Troubleshooting Network Access Layer Issues
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31 5.2 Switch Security: Management and Implementation
Presentation_ID 32© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Secure Remote Access SSH Operation  Secure Shell (SSH) is a protocol that provides a secure (encrypted), command-line based connection to a remote device.  Because of strong encryption features, SSH should replace Telnet for management connections.  SSH uses TCP port 22, by default.  Telnet uses TCP port 23.  A version of the IOS software, including cryptographic (encrypted) features and capabilities, is required to enable SSH on Catalyst 2960 switches.
Presentation_ID 33© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Secure Remote Access Configuring SSH 1. Verify SHH Support – show ip ssh 2. Configure the IP domain. 3. Generate RSA key pairs. 4. Configure user authentication. 5. Configure the vty lines. 6. Enable SSH version 2.
Presentation_ID 34© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Secure Remote Access Verifying SSH
Presentation_ID 35© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Secure Remote Access Verifying SSH (cont.)
Presentation_ID 36© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Secure Unused Ports
Presentation_ID 37© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Operation  The MAC addresses of legitimate devices are allowed access, while other MAC addresses are denied.  Any additional attempts to connect by unknown MAC addresses generate a security violation.  Secure MAC addresses can be configured in a number of ways:  Static secure MAC addresses – manually configured and added to running configuration - switchport port-security mac- address mac-address  Dynamic secure MAC addresses – removed when switch restarts  Sticky secure MAC addresses – added to running configuration and learned dynamically - switchport port-security mac-address sticky interface configuration mode command
Presentation_ID 38© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Violation Modes  IOS considers a security violation when:  The maximum number of secure MAC addresses for that interface have been added to the CAM, and a station whose MAC address is not in the address table attempts to access the interface.  There are three possible actions to take when a violation is detected:  Protect – no notification received  Restrict – notification received of security violation  Shutdown  switchport port-security violation {protect | restrict |shutdown} interface configuration mode command
Presentation_ID 39© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Violation Modes (cont.)
Presentation_ID 40© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Configuring
Presentation_ID 41© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Verifying
Presentation_ID 42© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Verifying (cont.)
Presentation_ID 43© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Ports in Error Disabled State  A port security violation can put a switch in error disabled state.  A port in error disabled is effectively shutdown.  The switch communicates these events through console messages.
Presentation_ID 44© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Ports in Error Disabled State (cont.) The show interface command also reveals a switch port on error disabled state. A shutdown or no shutdown interface configuration mode command must be issued to re- enable the port.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 45 5.3 Chapter Summary
Presentation_ID 46© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Cisco LAN switch boot sequence.  Cisco LAN switch LED modes.  How to remotely access and manage a Cisco LAN switch through a secure connection.  Cisco LAN switch port duplex modes.  Cisco LAN switch port security, violation modes, and actions.  Best practices for switched networks. Chapter Summary Summary
Presentation_ID 47© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  When a Cisco LAN switch is first powered on it goes through the following boot sequence: 1. First, the switch loads a power-on self-test (POST) program stored in ROM. POST checks the CPU subsystem. It tests the CPU, DRAM, and the portion of the flash device that makes up the flash file system. 2. Next, the switch loads the boot loader software. The boot loader is a small program stored in ROM and is run immediately after POST successfully completes. 3. The boot loader performs low-level CPU initialization. It initializes the CPU registers, which control where physical memory is mapped, the quantity of memory, and its speed. 4. The boot loader initializes the flash file system on the system board. 5. Finally, the boot loader locates and loads a default IOS operating system software image into memory and gives control of the switch over to the IOS.  If the Cisco IOS files are missing or damaged, the boot loader program can be used to reload or recover from the problem.  The operational status of the switch is displayed by a series of LEDs on the front panel. These LEDs display such things as port status, duplex, and speed. Chapter Summary Summary
Presentation_ID 48© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  An IP address is configured on the SVI of the management VLAN to allow for remote configuration of the device. A default gateway belonging to the management VLAN must be configured on the switch using the ip default-gateway command. If the default gateway is not properly configured, remote management is not possible.  It is recommended that Secure Shell (SSH) be used to provide a secure (encrypted) management connection to a remote device to prevent the sniffing of unencrypted user names and passwords, which is possible when using protocols such as Telnet.  One of the advantages of a switch is that it allows full-duplex communication between devices, effectively doubling the communication rate. Although it is possible to specify the speed and duplex settings of a switch interface, it is recommended that the switch be allowed to set these parameters automatically to avoid errors.  Port security is only one defense against network compromise. Chapter Summary Summary
Presentation_ID 51© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Presentation_ID 52© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Recomendados

CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2
Chaing Ravuth
 
CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1
Chaing Ravuth
 
CCNA2 Verson6 Chapter9
CCNA2 Verson6 Chapter9CCNA2 Verson6 Chapter9
CCNA2 Verson6 Chapter9
Chaing Ravuth
 
CCNA4 Verson6 Chapter6
CCNA4 Verson6 Chapter6CCNA4 Verson6 Chapter6
CCNA4 Verson6 Chapter6
Chaing Ravuth
 
CCNA2 Verson6 Chapter10
CCNA2 Verson6 Chapter10CCNA2 Verson6 Chapter10
CCNA2 Verson6 Chapter10
Chaing Ravuth
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 6
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 6CCNA (R & S) Module 01 - Introduction to Networks - Chapter 6
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 6
Waqas Ahmed Nawaz
 
CCNP Switching Chapter 10
CCNP Switching Chapter 10CCNP Switching Chapter 10
CCNP Switching Chapter 10
Chaing Ravuth
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
Waqas Ahmed Nawaz
 

Recomendados

CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2CCNA4 Verson6 Chapter2
CCNA4 Verson6 Chapter2
Chaing Ravuth
 
CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1CCNA4 Verson6 Chapter1
CCNA4 Verson6 Chapter1
Chaing Ravuth
 
CCNA2 Verson6 Chapter9
CCNA2 Verson6 Chapter9CCNA2 Verson6 Chapter9
CCNA2 Verson6 Chapter9
Chaing Ravuth
 
CCNA4 Verson6 Chapter6
CCNA4 Verson6 Chapter6CCNA4 Verson6 Chapter6
CCNA4 Verson6 Chapter6
Chaing Ravuth
 
CCNA2 Verson6 Chapter10
CCNA2 Verson6 Chapter10CCNA2 Verson6 Chapter10
CCNA2 Verson6 Chapter10
Chaing Ravuth
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 6
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 6CCNA (R & S) Module 01 - Introduction to Networks - Chapter 6
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 6
Waqas Ahmed Nawaz
 
CCNP Switching Chapter 10
CCNP Switching Chapter 10CCNP Switching Chapter 10
CCNP Switching Chapter 10
Chaing Ravuth
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
CCNA (R & S) Module 02 - Connecting Networks - Chapter 5
Waqas Ahmed Nawaz
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 6
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 6CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 6
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 6
Waqas Ahmed Nawaz
 
CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1
Chaing Ravuth
 
CCNA4 Verson6 Chapter4
CCNA4 Verson6 Chapter4CCNA4 Verson6 Chapter4
CCNA4 Verson6 Chapter4
Chaing Ravuth
 
CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5
Chaing Ravuth
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 2
CCNA (R & S) Module 02 - Connecting Networks - Chapter 2CCNA (R & S) Module 02 - Connecting Networks - Chapter 2
CCNA (R & S) Module 02 - Connecting Networks - Chapter 2
Waqas Ahmed Nawaz
 
CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8
Chaing Ravuth
 
CCNA (R & S) Module 04 - Scaling Networks - Chapter 3
CCNA (R & S) Module 04 - Scaling Networks - Chapter 3CCNA (R & S) Module 04 - Scaling Networks - Chapter 3
CCNA (R & S) Module 04 - Scaling Networks - Chapter 3
Waqas Ahmed Nawaz
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11
Nil Menon
 
CCNA2 Verson6 Chapter8
CCNA2 Verson6 Chapter8CCNA2 Verson6 Chapter8
CCNA2 Verson6 Chapter8
Chaing Ravuth
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 5
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 5CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 5
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 5
Waqas Ahmed Nawaz
 
CCNA2 Verson6 Chapter1
CCNA2 Verson6 Chapter1CCNA2 Verson6 Chapter1
CCNA2 Verson6 Chapter1
Chaing Ravuth
 
CCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing ConceptsCCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing Concepts
Vuz Dở Hơi
 
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationCCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
Vuz Dở Hơi
 
CCNA Discovery 2 - Chapter 9
CCNA Discovery 2 - Chapter 9CCNA Discovery 2 - Chapter 9
CCNA Discovery 2 - Chapter 9
Irsandi Hasan
 
CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8
Chaing Ravuth
 
CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1
Nil Menon
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 2
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 2CCNA (R & S) Module 01 - Introduction to Networks - Chapter 2
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 2
Waqas Ahmed Nawaz
 
CCNA3 Verson6 Chapter7
CCNA3 Verson6 Chapter7CCNA3 Verson6 Chapter7
CCNA3 Verson6 Chapter7
Chaing Ravuth
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1
Waqas Ahmed Nawaz
 
CCNA 2 Routing and Switching v5.0 Chapter 10
CCNA 2 Routing and Switching v5.0 Chapter 10CCNA 2 Routing and Switching v5.0 Chapter 10
CCNA 2 Routing and Switching v5.0 Chapter 10
Nil Menon
 
Chapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched NetworksChapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched Networks
Yaser Rahmati
 
KPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_finalKPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_final
Fisal Anwari
 

Más contenido relacionado

La actualidad más candente

CCNA Discovery 2 - Chapter 9
CCNA Discovery 2 - Chapter 9CCNA Discovery 2 - Chapter 9
CCNA Discovery 2 - Chapter 9
Irsandi Hasan
 

La actualidad más candente (20)

CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 6
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 6CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 6
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 6
 
CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1
 
CCNA4 Verson6 Chapter4
CCNA4 Verson6 Chapter4CCNA4 Verson6 Chapter4
CCNA4 Verson6 Chapter4
 
CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5CCNA4 Verson6 Chapter5
CCNA4 Verson6 Chapter5
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 2
CCNA (R & S) Module 02 - Connecting Networks - Chapter 2CCNA (R & S) Module 02 - Connecting Networks - Chapter 2
CCNA (R & S) Module 02 - Connecting Networks - Chapter 2
 
CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8CCNP ROUTE V7 CH8
CCNP ROUTE V7 CH8
 
CCNA (R & S) Module 04 - Scaling Networks - Chapter 3
CCNA (R & S) Module 04 - Scaling Networks - Chapter 3CCNA (R & S) Module 04 - Scaling Networks - Chapter 3
CCNA (R & S) Module 04 - Scaling Networks - Chapter 3
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11
 
CCNA2 Verson6 Chapter8
CCNA2 Verson6 Chapter8CCNA2 Verson6 Chapter8
CCNA2 Verson6 Chapter8
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 5
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 5CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 5
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 5
 
CCNA2 Verson6 Chapter1
CCNA2 Verson6 Chapter1CCNA2 Verson6 Chapter1
CCNA2 Verson6 Chapter1
 
CCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing ConceptsCCNAv5 - S2: Chapter4 Routing Concepts
CCNAv5 - S2: Chapter4 Routing Concepts
 
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationCCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
 
CCNA Discovery 2 - Chapter 9
CCNA Discovery 2 - Chapter 9CCNA Discovery 2 - Chapter 9
CCNA Discovery 2 - Chapter 9
 
CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8
 
CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 2
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 2CCNA (R & S) Module 01 - Introduction to Networks - Chapter 2
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 2
 
CCNA3 Verson6 Chapter7
CCNA3 Verson6 Chapter7CCNA3 Verson6 Chapter7
CCNA3 Verson6 Chapter7
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 1
 
CCNA 2 Routing and Switching v5.0 Chapter 10
CCNA 2 Routing and Switching v5.0 Chapter 10CCNA 2 Routing and Switching v5.0 Chapter 10
CCNA 2 Routing and Switching v5.0 Chapter 10
 

Similar a CCNA2 Verson6 Chapter5

KPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_finalKPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_final
Fisal Anwari
 
Basic Switch Configuration.pptx
Basic Switch Configuration.pptxBasic Switch Configuration.pptx
Basic Switch Configuration.pptx
andutokicho
 
Chapter 02 - Configuring a Network Operating System
Chapter 02 - Configuring a Network Operating SystemChapter 02 - Configuring a Network Operating System
Chapter 02 - Configuring a Network Operating System
Yaser Rahmati
 

Similar a CCNA2 Verson6 Chapter5 (20)

Chapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched NetworksChapter 02 - Introduction to Switched Networks
Chapter 02 - Introduction to Switched Networks
 
KPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_finalKPUCC-Rs instructor ppt_chapter2_final
KPUCC-Rs instructor ppt_chapter2_final
 
Chapter 13 : Introduction to switched networks
Chapter 13 : Introduction to switched networksChapter 13 : Introduction to switched networks
Chapter 13 : Introduction to switched networks
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2
 
PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
Basic Switch Configuration.pptx
Basic Switch Configuration.pptxBasic Switch Configuration.pptx
Basic Switch Configuration.pptx
 
Chapter 2 : Configuring a network operating system
Chapter 2 : Configuring a network operating systemChapter 2 : Configuring a network operating system
Chapter 2 : Configuring a network operating system
 
CCNAv5 - S1: Chapter 2 - Configuring a network operating system
CCNAv5 - S1: Chapter 2 - Configuring a network operating systemCCNAv5 - S1: Chapter 2 - Configuring a network operating system
CCNAv5 - S1: Chapter 2 - Configuring a network operating system
 
Chapter 02 - Configuring a Network Operating System
Chapter 02 - Configuring a Network Operating SystemChapter 02 - Configuring a Network Operating System
Chapter 02 - Configuring a Network Operating System
 
Ccna v5-S1-Chapter 2
Ccna v5-S1-Chapter 2Ccna v5-S1-Chapter 2
Ccna v5-S1-Chapter 2
 
ccna1 v5 cap2
ccna1 v5 cap2ccna1 v5 cap2
ccna1 v5 cap2
 
CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2CCNA RS_NB - Chapter 2
CCNA RS_NB - Chapter 2
 
ITN_instructorPPT_Chapter2.pptx
ITN_instructorPPT_Chapter2.pptxITN_instructorPPT_Chapter2.pptx
ITN_instructorPPT_Chapter2.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
CCNA RS_ITN - Chapter 2
CCNA RS_ITN - Chapter 2CCNA RS_ITN - Chapter 2
CCNA RS_ITN - Chapter 2
 
SESI 7 RouterTroubleshooting.pptx
SESI 7 RouterTroubleshooting.pptxSESI 7 RouterTroubleshooting.pptx
SESI 7 RouterTroubleshooting.pptx
 
CCNA 1 Routing and Switching v5.0 Chapter 2
CCNA 1 Routing and Switching v5.0 Chapter 2CCNA 1 Routing and Switching v5.0 Chapter 2
CCNA 1 Routing and Switching v5.0 Chapter 2
 
Day 13.1 startingaswitch
Day 13.1 startingaswitchDay 13.1 startingaswitch
Day 13.1 startingaswitch
 
operating and configuring cisco a cisco IOS device
operating and configuring cisco a cisco IOS deviceoperating and configuring cisco a cisco IOS device
operating and configuring cisco a cisco IOS device
 
Ccna routing and_switching_chapter-1-2-3_mme
Ccna routing and_switching_chapter-1-2-3_mmeCcna routing and_switching_chapter-1-2-3_mme
Ccna routing and_switching_chapter-1-2-3_mme
 

Más de Chaing Ravuth

Más de Chaing Ravuth (20)

CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7
 
CCNP ROUTE V7 CH6
CCNP ROUTE V7 CH6CCNP ROUTE V7 CH6
CCNP ROUTE V7 CH6
 
CCNP ROUTE V7 CH5
CCNP ROUTE V7 CH5CCNP ROUTE V7 CH5
CCNP ROUTE V7 CH5
 
CCNP ROUTE V7 CH4
CCNP ROUTE V7 CH4CCNP ROUTE V7 CH4
CCNP ROUTE V7 CH4
 
CCNP ROUTE V7 CH3
CCNP ROUTE V7 CH3CCNP ROUTE V7 CH3
CCNP ROUTE V7 CH3
 
CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2
 
CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1CCNP ROUTE V7 CH1
CCNP ROUTE V7 CH1
 
CCNP Switching Chapter 3
CCNP Switching Chapter 3CCNP Switching Chapter 3
CCNP Switching Chapter 3
 
CCNP Switching Chapter 2
CCNP Switching Chapter 2CCNP Switching Chapter 2
CCNP Switching Chapter 2
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1
 
CCNP Switching Chapter 9
CCNP Switching Chapter 9CCNP Switching Chapter 9
CCNP Switching Chapter 9
 
CCNP Switching Chapter 8
CCNP Switching Chapter 8CCNP Switching Chapter 8
CCNP Switching Chapter 8
 
CCNP Switching Chapter 7
CCNP Switching Chapter 7CCNP Switching Chapter 7
CCNP Switching Chapter 7
 
CCNP Switching Chapter 6
CCNP Switching Chapter 6CCNP Switching Chapter 6
CCNP Switching Chapter 6
 
CCNP Switching Chapter 5
CCNP Switching Chapter 5CCNP Switching Chapter 5
CCNP Switching Chapter 5
 
CCNP Switching Chapter 4
CCNP Switching Chapter 4CCNP Switching Chapter 4
CCNP Switching Chapter 4
 
CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7
 
CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3
 
CCNA2 Verson6 Chapter3
CCNA2 Verson6 Chapter3CCNA2 Verson6 Chapter3
CCNA2 Verson6 Chapter3
 
CCNA2 Verson6 Chapter2
CCNA2 Verson6 Chapter2CCNA2 Verson6 Chapter2
CCNA2 Verson6 Chapter2
 

Último

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 

Último (20)

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 

CCNA2 Verson6 Chapter5

  • 1. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1 Instructor Materials Chapter 5: Switch Configuration CCNA Routing and Switching Routing and Switching Essentials v6.0
  • 2. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11 Chapter 5: Switch Configuration Routing and Switching Essentials v6.0
  • 3. Presentation_ID 12© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Chapter 5 - Sections & Objectives 5.1 Basic Switch Configuration • Configure initial settings on a Cisco switch. • Configure switch ports to meet network requirements. 5.2 Switch Security: Management and Implementation • Configure the management virtual interface on a switch. • Configure the port security feature to restrict network access.
  • 4. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13 5.1 Basic Switch Configuration
  • 5. Presentation_ID 14© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Switch Boot Sequence 1. Power-on self test (POST). 2. Run boot loader software. 3. Boot loader performs low-level CPU initialization. 4. Boot loader initializes the flash file system. 5. Boot loader locates and loads a default IOS operating system software image into memory and passes control of the switch over to the IOS.
  • 6. Presentation_ID 15© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Switch Boot Sequence (cont.) To find a suitable Cisco IOS image, the switch goes through the following steps: Step 1. It attempts to automatically boot by using information in the BOOT environment variable. Step 2. If this variable is not set, the switch performs a top-to-bottom search through the flash file system. It loads and executes the first executable file, if it can. Step 3. The IOS software then initializes the interfaces using the Cisco IOS commands found in the configuration file and startup configuration, which is stored in NVRAM. Note: The boot system command can be used to set the BOOT environment variable. Use the show boot command to see to what the current IOS boot file is set.
  • 7. Presentation_ID 16© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Recovering From a System Crash  The boot loader can also be used to manage the switch if the IOS cannot be loaded.  The boot loader can be accessed through a console connection by: 1. Connecting a PC by console cable to the switch console port. Unplug the switch power cord. 2. Reconnecting the power cord to the switch and press and hold the Mode button. 3. The System LED turns briefly amber and then solid green. Release the Mode button.  The boot loader switch: prompt appears in the terminal emulation software on the PC.
  • 8. Presentation_ID 17© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Switch LED Indicators  Each port on Cisco Catalyst switches have status LED indicator lights.  By default, these LED lights reflect port activity, but they can also provide other information about the switch through the Mode button.  The following modes are available on Cisco Catalyst 2960 switches: • System LED • Redundant Power System (RPS) LED • Port Status LED • Port Duplex LED • Port Speed LED • Power over Ethernet (PoE) Mode LED
  • 9. Presentation_ID 18© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Preparing for Basic Switch Management To remotely manage a Cisco switch, it must be configured to access the network.  A console cable is used to connect a PC to the console port of a switch for configuration.  The IP information (address, subnet mask, gateway) is to be assigned to a switch virtual interface (SVI).  If managing the switch from a remote network, a default gateway must also be configured.  Although these IP settings allow remote management and remote access to the switch, they do not allow the switch to route Layer 3 packets.
  • 10. Presentation_ID 19© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Configuring Switch Management Access
  • 11. Presentation_ID 20© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Configuring Switch Management Access (cont.)
  • 12. Presentation_ID 21© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Configuring Switch Management Access (cont.)
  • 13. Presentation_ID 22© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Duplex Communication
  • 14. Presentation_ID 23© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Configure Switch Ports at the Physical Layer
  • 15. Presentation_ID 24© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Auto-MDIX  Certain cable types (straight-through or crossover) were historically required when connecting devices.  The automatic medium-dependent interface crossover (auto-MDIX) feature eliminates this problem.  When auto-MDIX is enabled, the interface automatically detects and appropriately configures the connection.  When using auto-MDIX on an interface, the interface speed and duplex must be set to auto.
  • 16. Presentation_ID 25© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Auto-MDIX (cont.)
  • 17. Presentation_ID 26© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Auto-MDIX (cont.)
  • 18. Presentation_ID 27© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Verifying Switch Port Configuration
  • 19. Presentation_ID 28© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Network Access Layer Issue
  • 20. Presentation_ID 29© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Network Access Layer Issue (cont.)
  • 21. Presentation_ID 30© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Configure Switch Ports Troubleshooting Network Access Layer Issues
  • 22. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31 5.2 Switch Security: Management and Implementation
  • 23. Presentation_ID 32© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Secure Remote Access SSH Operation  Secure Shell (SSH) is a protocol that provides a secure (encrypted), command-line based connection to a remote device.  Because of strong encryption features, SSH should replace Telnet for management connections.  SSH uses TCP port 22, by default.  Telnet uses TCP port 23.  A version of the IOS software, including cryptographic (encrypted) features and capabilities, is required to enable SSH on Catalyst 2960 switches.
  • 24. Presentation_ID 33© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Secure Remote Access Configuring SSH 1. Verify SHH Support – show ip ssh 2. Configure the IP domain. 3. Generate RSA key pairs. 4. Configure user authentication. 5. Configure the vty lines. 6. Enable SSH version 2.
  • 25. Presentation_ID 34© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Secure Remote Access Verifying SSH
  • 26. Presentation_ID 35© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Secure Remote Access Verifying SSH (cont.)
  • 27. Presentation_ID 36© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Secure Unused Ports
  • 28. Presentation_ID 37© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Operation  The MAC addresses of legitimate devices are allowed access, while other MAC addresses are denied.  Any additional attempts to connect by unknown MAC addresses generate a security violation.  Secure MAC addresses can be configured in a number of ways:  Static secure MAC addresses – manually configured and added to running configuration - switchport port-security mac- address mac-address  Dynamic secure MAC addresses – removed when switch restarts  Sticky secure MAC addresses – added to running configuration and learned dynamically - switchport port-security mac-address sticky interface configuration mode command
  • 29. Presentation_ID 38© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Violation Modes  IOS considers a security violation when:  The maximum number of secure MAC addresses for that interface have been added to the CAM, and a station whose MAC address is not in the address table attempts to access the interface.  There are three possible actions to take when a violation is detected:  Protect – no notification received  Restrict – notification received of security violation  Shutdown  switchport port-security violation {protect | restrict |shutdown} interface configuration mode command
  • 30. Presentation_ID 39© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Violation Modes (cont.)
  • 31. Presentation_ID 40© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Configuring
  • 32. Presentation_ID 41© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Verifying
  • 33. Presentation_ID 42© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Port Security: Verifying (cont.)
  • 34. Presentation_ID 43© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Ports in Error Disabled State  A port security violation can put a switch in error disabled state.  A port in error disabled is effectively shutdown.  The switch communicates these events through console messages.
  • 35. Presentation_ID 44© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential Switch Port Security Ports in Error Disabled State (cont.) The show interface command also reveals a switch port on error disabled state. A shutdown or no shutdown interface configuration mode command must be issued to re- enable the port.
  • 36. © 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 45 5.3 Chapter Summary
  • 37. Presentation_ID 46© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  Cisco LAN switch boot sequence.  Cisco LAN switch LED modes.  How to remotely access and manage a Cisco LAN switch through a secure connection.  Cisco LAN switch port duplex modes.  Cisco LAN switch port security, violation modes, and actions.  Best practices for switched networks. Chapter Summary Summary
  • 38. Presentation_ID 47© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  When a Cisco LAN switch is first powered on it goes through the following boot sequence: 1. First, the switch loads a power-on self-test (POST) program stored in ROM. POST checks the CPU subsystem. It tests the CPU, DRAM, and the portion of the flash device that makes up the flash file system. 2. Next, the switch loads the boot loader software. The boot loader is a small program stored in ROM and is run immediately after POST successfully completes. 3. The boot loader performs low-level CPU initialization. It initializes the CPU registers, which control where physical memory is mapped, the quantity of memory, and its speed. 4. The boot loader initializes the flash file system on the system board. 5. Finally, the boot loader locates and loads a default IOS operating system software image into memory and gives control of the switch over to the IOS.  If the Cisco IOS files are missing or damaged, the boot loader program can be used to reload or recover from the problem.  The operational status of the switch is displayed by a series of LEDs on the front panel. These LEDs display such things as port status, duplex, and speed. Chapter Summary Summary
  • 39. Presentation_ID 48© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential  An IP address is configured on the SVI of the management VLAN to allow for remote configuration of the device. A default gateway belonging to the management VLAN must be configured on the switch using the ip default-gateway command. If the default gateway is not properly configured, remote management is not possible.  It is recommended that Secure Shell (SSH) be used to provide a secure (encrypted) management connection to a remote device to prevent the sniffing of unencrypted user names and passwords, which is possible when using protocols such as Telnet.  One of the advantages of a switch is that it allows full-duplex communication between devices, effectively doubling the communication rate. Although it is possible to specify the speed and duplex settings of a switch interface, it is recommended that the switch be allowed to set these parameters automatically to avoid errors.  Port security is only one defense against network compromise. Chapter Summary Summary
  • 40. Presentation_ID 51© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
  • 41. Presentation_ID 52© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential