pace-it: configuring switches (part 2)

Configuring switches II.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications

PC Hardware

Network Administration

IT Project Management

Network Design

User Training

IT Troubleshooting

Qualifications Summary

Education

M.B.A., IT Management, Western Governor’s University

B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions.

Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Configuring switches II.PACE-IT.

– Installation considerations.

– Configuring the switch port.

Installation considerations.Configuring switches II.

The business or enterprise network is more complex than the SOHO (small office home office) network.

A SOHO network may be able to get by with using one or more unmanaged switches and still operate adequately. Once beyond the level of a SOHO though, more thought and planning is required, as unmanaged switches are no longer up to the job.

There are multiple issues to consider when installing a managed switch and it is wise to plan for those in advance to save time and frustration.



– VLAN (Virtual Local Area Network).» Switches break up collision domains, but not broadcast

domains.• VLANs take a single network environment and create

smaller network segments by subnetting the network address range.

» VLANs are used in a switched network environment for a variety of reasons:

• Break up broadcast domains into smaller pieces.• Increase security by limiting access to network

resources.» The administrator configures the VLANs and assigns

users, nodes, or ports to a specific VLAN.• All managed switches do come with a Native VLAN—

which is determined by the manufacturer—it is used to help manage the switch.

• VLAN traffic is allowed to cross switch ports—as long as the VLAN information matches—through the use of trunk ports.

» VTP (Virtual Trunk Protocol) is a Cisco proprietary method of creating a virtual trunk port, which allows VLAN traffic to pass between switches and to automatically manage the VLAN environment.

» In order for different VLANs to communicate with each other, a router—or some other Layer 3 device—must be installed on the network.

Installation considerations.

– Switch management.» Switches may be managed out-of-band—no network

connection required.• Through the use of the console port on the switch.

» The console port is a specific port on managed switches used to connect to and configure or manage a switch.

• A rollover cable may be required to make the connection to the console port.

• Security should be set on console ports.» Switches may be configured to be managed in-band—

a network connection is used to manage the switch.• One of the most common methods of allowed in-band

management is through the use of virtual terminals (VTY) connections.

» The most common VTY connections are telnet or ssh sessions.

• Security should be set if Telnet is an allowed VTY type.• By default, SSH is a secured connection.



– Switched management continued.» A default gateway address must be placed on an

interface that belongs to the native VLAN (default VLAN) in order to allow for in-band switch management.

• The default gateway on a switch is different than the default gateway on a router. On a switch, it is only used to manage the switch, not to pass other network traffic.

» An administrator should configure which users and passwords are allowed to connect to the switch and what their level of access to the configuration is going to be.

• In-band and out-of-band management security settings may be different (e.g., some users are allowed in-band management access while others are not).

» If AAA (Authentication, Authorization, and Accounting) protocols are used in the network, the switch must be configured to use them.


Configuring the switch port.Configuring switches II.


– Speed and duplexing.» Most modern switch ports can auto-negotiate both the

speed of the link and the duplexing mode used.• In some cases, an administrator may be required to

manually set both the speed and the duplex in order for a connection to occur.

– VLAN assignment.» All switch ports will belong to a VLAN, either an

administrator configured one or the native VLAN.• The native VLAN can be administratively changed,

which should be done to increase the security level of the switch.

– Trunking.» Switch ports that are designed to carry VLAN traffic

between switches.• The standard protocol used is 802.1q, which strips off

the VLAN tag (actually changes the tag to the native VLAN) and allows the traffic to cross. Then, the 802.1q port on the other side reinserts the original VLAN tag.


– Port bonding.» LACP (Link Aggregation Control Protocol) is the

protocol used to create a single logical channel from redundant connections between switches (e.g., port bonding). This will increase the bandwidth between the switches.

– PoE (Power over Ethernet).» Some switches come equipped with PoE ports.

• These ports can use one of two methods to provide current over the network cable as well as carry data, allowing the ports to power small network devices, while at the same time communicating with them.

• The port itself may provide the current.• The port may allow the use of a power injector to

provide the power instead of the port.» There are multiple PoE standards in place, the most

common are:• PoE (802.3af): can provide 15.40 W of current.• PoE+ (802.3at): can provide 30.0 W of current.

Port mirroring may be enabled on a switch port. This allows the configured port to receive all network traffic going to and from a specific port.

By using port mirroring, an administrator can examine and analyze the traffic going into and coming from a specific host or port. Port mirroring is most often used in conjunction with a packet analyzer (e.g., a network sniffer or packet sniffer).

Port mirroring can create a significant amount of network overhead, so it should be used sparingly on an active network.


What was covered.Configuring switches II.

Planning for a managed switch environment can save on time and frustration. Some installation considerations include: the creation of VLANs; in-band and out-of-band switch management, including establishing a default gateway address; user settings; and AAA settings, if required.

Topic


Summary

An administrator also needs to consider the settings for each individual port on a switch. Some of these considerations are: the speed and duplex used on the port, the VLAN assignment for the port, which ports will handle 802.1q trunking, if bandwidth could be increased by using LACP, and how many PoE or PoE+ ports are available to be used to power devices.

Configuring the switch port.

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.

PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.

pace-it: configuring switches (part 2)

Education

soho network

enterprise network

network resources

unmanaged switches

switched network environment

bandno network connection

banda network connection

single network environment