NETWROKING DEVICE: SWITCH

Introduction to Networking Switches

Basics of Networking Switches
Switch Architecture
Types of Switches

COURSE VLANs and Trunking

Spanning Tree Protocol (STP)
MAP Advanced Switch Features
Switch Configuration and Management
Security Features
Network Monitoring and Troubleshooting
Use Cases and Best Practices
 INTRODUCTION
TO NETWORKING
SWITCHES
A. Definition and Purpose
Definition:
• A networking switch is a device that connects multiple devices within a network and uses MAC
addresses to forward data only to the device that needs it, rather than broadcasting it to all
connected devices.
• It operates primarily at Layer 2 (Data Link Layer) of the OSI model, although some advanced
switches can operate at Layer 3 (Network Layer).

Purpose:
• To receive, process, and forward data packets to the destination device based on MAC (Media
Access Control) addresses.
• To efficiently manage data traffic between devices in a local area network (LAN).
• Unlike hubs, switches are more efficient because they reduce network congestion by directing
traffic only to the devices that need it.
B. Basic Functionality:
Data Reception:
• Receives data packets from connected devices.
MAC Address Learning:
• Builds and updates a MAC address table based on incoming packets.
Data Forwarding:
• Forwards packets only to the specific port connected to the destination device.
Collision Management:
• Reduces collisions compared to hubs by managing data traffic.
C. Evolution of Networking Devices
Early Network Devices:
Hubs:
• Simple devices that broadcast incoming data to all ports, resulting in network congestion and
collisions.
• Typically used in early networking setups.

Development of Switch Technology:

• Introduction of Switches:
• Switches emerged in the 1990s as more efficient solutions to manage network traffic.
• Improved upon hubs and bridges by using MAC address tables to reduce collisions and
enhance network performance.
• Advancements:
• Layer 2 Switching: Basic switching at the Data Link layer.
• Layer 3 Switching: Added routing capabilities for more advanced functions.
C. Importance of Networking Switches
1. Efficient Data Handling:
• Reduces network congestion by forwarding data only to the intended device.

2. Network Segmentation:
• Helps in segmenting a network into smaller collision domains, reducing the chances of data collisions and
improving overall network performance.

3. Scalability:
• Easily expandable by adding more devices or additional switches.

4. Security:
• Provides basic security features such as MAC address filtering and VLAN support, enhancing network security.

5. Improved Network Performance:

Minimizes collisions and maximizes bandwidth utilization compared to hubs.
D. Key Terms and Concepts
MAC Address:
• Definition:
• A unique identifier assigned to each network interface card (NIC) at the hardware level.

• Function:
• Used by switches to direct data packets to the correct destination within the same LAN.

MAC Address Table:

▪ A table that stores the MAC addresses of devices connected to the switch.
▪ Used to determine the correct port to forward data to.

Frame Switching:
• Used by Layer 2 switches.
• Operates with Ethernet frames containing MAC addresses.
▪ Process by which the switch receives data packets, looks up the MAC address table, and forwards the packet to
the appropriate port.
Collision Domains and Broadcast Domains:
• Collision Domain:
• A network segment where data packets can collide with each other if multiple devices
transmit simultaneously.
• Switches reduce the size of collision domains by providing separate collision domains
for each port.

• Broadcast Domain:
• A network segment where broadcast packets are forwarded to all devices.
• Switches can segment broadcast domains when configured with VLANs (Virtual
LANs).
 BASIC OF
NETWORKING
SWITCHES
How Networking Switches Work
1. Data Forwarding:
• Switches receive data packets (frames) from connected devices.
• Each packet includes a source MAC address and a destination MAC address.
• The switch examines the destination MAC address to determine the correct port to forward the
packet to.
2. MAC Address Table:
• Also known as a Forwarding Table or Content Addressable Memory (CAM) Table.
• Maintains a list of MAC addresses and the corresponding switch ports.
• Helps the switch make efficient forwarding decisions by mapping MAC addresses to specific ports.
3. Frame Forwarding Process:
• When a switch receives a frame, it performs a lookup in the MAC address table to find the
corresponding port.
• If the MAC address is found, the frame is forwarded to that port.
• If the MAC address is not in the table, the switch broadcasts the frame to all ports except the one it
was received on (a process known as flooding).
Let's understand this process through our example:
• PC-1 sends a unicast frame to PC-3.
The frame reaches the switch on port 1.
• The switch reads the destination address field of the frame to make a forwarding decision. A switch
reads the frame's destination address field before the source address field.
• It first makes a forwarding decision based on the destination address and then updates the CAM
table based on the source address. This frame has PC3's MAC address in the destination address
field. Since PC3's MAC address is not available in the CAM table, the switch decides to flood the
frame.
• After making a forwarding decision, the switch uses the source address of the frame to update the CAM table.
Since this address is already available in the CAM table, it updates the connected port field and resets the aging
timer. The frame reaches PC3. PC3 replies with its frame. The frame reaches S1 on port 3.
• The switch reads the frame's destination address and finds it in the CAM table to make a forwarding decision.
The frame has PC1's MAC address in the destination address field. This address is available in the CAM table. The
switch decides to forward the frame from port 1.

• After making the forwarding decision, the switch reads the source address field to update the CAM table. The
source address field contains PC3's MAC address. This address is not available in the CAM table. The switch adds
a new entry for it in the table. The switch forwards the frame from port 1. The frame reaches PC1.
How Data is Forwarded:
• Data Reception:
• A switch receives data frames from a device connected to one of its ports.

• MAC Address Lookup:

• MAC Address Table (Forwarding Table): The switch uses a table that maps MAC addresses to specific
ports.
• Learning Process: As frames are received, the switch updates this table with the source MAC address and
the corresponding port.

• Frame Forwarding:
• Lookup: The switch looks up the destination MAC address in the MAC address table.
• Forwarding Decision: Sends the frame out of the port associated with the destination MAC address.

MAC Address Table:

• Function:
• Stores mappings of MAC addresses to specific switch ports.

• Learning and Aging:

• Learning: When a frame is received, the switch learns the source MAC address and records the port.
• Aging: Entries in the MAC address table have a timeout period after which they are removed if no traffic is
seen.
 SWITCH
ARCHITECTURE
HPE Aruba Networking CX 6200M 48G 4SFP+ Switch
Internal Components:
• Ports:
• Definition: Physical interfaces on the switch where devices connect.
• Types: Ethernet ports (e.g., 10/100/1000 Mbps, 1G, 10G), SFP, SFP+.

• Switch Fabric:
• Definition: The internal hardware that connects all ports and facilitates data transfer.
• Types: Shared fabric, crossbar, and multi-stage switching fabrics.

• Memory:
• Frame Buffers: Temporarily store frames during processing.
• MAC Address Table Storage: Memory space used for storing the MAC address table.
Switch Fabric
Definition:
• Switch fabric refers to the internal architecture of a network switch responsible for routing data packets between
input and output ports.
• It determines how efficiently packets are transferred through the switch's hardware.
Function:
• Data Routing: Switch fabric directs incoming packets from input ports to the appropriate output ports based on
routing or switching tables.
• High-Speed Data Transfer: It provides the necessary bandwidth and low latency required for high-speed data
transmission.
• Internal Pathways: It manages the paths or connections within the switch that facilitate data movement.
Types of Switch Fabric:
• Crossbar Switch Fabric: Uses a matrix of interconnected paths where each intersection connects an input to an
output port. It allows simultaneous communication between multiple pairs of ports.
• Bus-based Switch Fabric: Uses a common communication bus for data transfers. This can create bottlenecks as
multiple ports share the same bus.
• Shared Memory Switch Fabric: Employs a common memory pool where data packets are temporarily stored
before being forwarded to output ports. It simplifies buffering but can lead to memory contention issues.
• Cell-based Switch Fabric: Utilizes fixed-size cells for data packets, commonly used in technologies like ATM
(Asynchronous Transfer Mode).
 Aspect Switch Fabric Switch OS
Internal hardware architecture managing data Software managing switch
Definition transfer. configuration and operation.
Routes packets between ports; handles internal Provides interfaces for configuration,
Function data flow. management, and monitoring.

Types Crossbar, bus-based, shared memory. CLI, Web GUI, SNMP, APIs.
Affects configuration flexibility,
Characteristics Affects throughput, latency, and scalability. protocol support, and management
capabilities.
Example Internal data paths in a switch. Aruba OS
Data Path and Control Path:
• Data Path:
• Function: Directs the actual forwarding of data frames from input ports to output
ports.
• Components: Includes switch fabric and buffers.

• Control Path:
• Function: Manages and configures the switch, including the MAC address table and
network management.
• Components: Includes CPU, management interfaces, and software.
HPE Aruba Networking CX 6200M 24G 4SFP+ Switch
 TYPES OF
SWITCHES
Types of Network Switches
1. Unmanaged Switches
2. Managed Switches
3. Layer 2 & Layer 3
4. Smart Switches
1. Unmanaged Switches:
Overview:
• Definition: Unmanaged switches are basic, plug-and-play devices with no configuration options.
• Purpose: Provide simple network connectivity without the need for user intervention.
Features:
• Fixed Configuration: No settings or management capabilities.
• Port Count: Usually available in various sizes, such as 5, 8, 16, or 24 ports.
• Data Rate: Commonly support 10/100/1000 Mbps speeds (Gigabit Ethernet).
Advantages:
• Ease of Use: No setup or configuration required; simply connect devices.
• Cost-Effective: Generally, less expensive than managed or smart switches.
• Reliability: Provides basic functionality with minimal maintenance.
Disadvantages:
• Limited Functionality: No support for advanced features like VLANs or QoS.
• Lack of Control: Cannot monitor or manage network performance or security.
2. Managed Switches
Overview:
• Definition: Managed switches offer advanced features and configuration options that can be tailored to specific network needs.
• Purpose: Provide enhanced control, monitoring, and management of network traffic.
Features:
• VLAN Support: Allows network segmentation for improved security and performance.
• Quality of Service (QoS): Prioritizes network traffic to ensure optimal performance for critical applications.
• Network Monitoring: Provides SNMP (Simple Network Management Protocol) and other tools for monitoring network health.
• Security: Includes features like port security, ACLs (Access Control Lists), and 802.1X authentication.
Advantages:
• Customization: Allows for detailed configuration to optimize network performance and security.
• Troubleshooting: Facilitates network diagnostics and monitoring.
• Scalability: Can be adapted to growing network needs and integrated with other network management tools.
Disadvantages:
• Cost: Typically more expensive than unmanaged switches.
• Complexity: Requires more expertise to configure and manage effectively.
3. Layer 2 vs. Layer 3 Switches:

• Layer 2 Switches:
• Operate at the Data Link layer (Layer 2) of the OSI model.
• Handle switching based on MAC addresses.
• Suitable for basic switching tasks within the same network.

• Layer 3 Switches:
• Operate at the Network layer (Layer 3) of the OSI model.
• Capable of routing traffic between different VLANs or subnets.
• Combine the functionality of a switch and a router.
4. Smart Switches
Overview:
• Definition: Smart switches offer a middle ground between unmanaged and managed switches, providing some advanced
features without the full complexity of managed switches.
• Purpose: Combine ease of use with enhanced capabilities for improved network performance.
Features:
• Basic VLAN Support: Allows for limited network segmentation.
• Basic QoS: Provides some level of traffic prioritization.
• Limited Management: Usually includes a web-based interface for configuration, but with fewer options than fully managed
switches.
Advantages:
• Intermediate Functionality: Provides more features than unmanaged switches while remaining easier to manage than fully
managed switches.
• Cost-Effective: Generally, less expensive than fully managed switches but offers more control and flexibility.
• User-Friendly: Often easier to configure than fully managed switches, with a more straightforward management interface.
Disadvantages:
• Limited Features: Does not support the full range of management and monitoring options available in fully managed switches.
• Less Control: Provides less granular control over network performance and security.
 VLAN &
TRUNKING
 LAN
• A Local Area Network (LAN) was originally
defined as a network of computers located
within the same area Local Area Networks are
defined as a single broadcast domain.
• This means that if a user broadcasts information
on his/her LAN, the broadcast will be received
by every other user on the LAN.
• Broadcasts are prevented from leaving a LAN
by using a router.
• The disadvantage of this method is routers
usually take more time to process incoming
data compared to a bridge or a switch
 VLAN
• A VLAN is a logical group of network devices that appears to
be on the same LAN.
• Configured as if they are attached to the same physical
connection even if they are located on a number of different
LAN segments.
• Logically segment LAN into different broadcast domains.
• VLANs can logically segment users into different subnets
(broadcast domains.
• Broadcast frames are only switched on the same VLAN ID.
• This is a logical segmentation and not a physical one,
workstations do not have to be physically located together.
Users on different floors of the same building, or even in
different buildings can now belong to the same LAN.
LAN VS VLAN

• By using switches, we can assign

computer on different floors to VLAN1,
VLAN2, and VLAN3
• Now, logically, a department is spread
across 3 floors even though they are
physically located on different floors
 Introduction to VLANs (Virtual Local
Area Networks)
Definition:
• VLANs: Virtual Local Area Networks are logical subdivisions of a physical network.

• They allow multiple distinct networks to operate on a single physical switch or network segment, creating separate
broadcast domains.

Purpose:
• Segmentation: Enhances network performance by reducing broadcast traffic.

• Security: Isolates sensitive data and devices by segmenting the network into different VLANs.

• Flexibility: Allows for the grouping of devices based on function, department, or team, regardless of physical location.

Configuring Port:
• Access ports are used when: Only a single device is connected to the port.

• Multiple devices are connected to the port, all belonging to the same VLAN.

• Another switch is connected to this interface, but this link is only carrying a single VLAN (non-trunk link).
 VLAN IDs:

Range:
• VLANs are identified by a unique
VLAN ID, ranging from 1 to 4095.

Standard VLAN IDs:

• VLAN IDs 1-1005 are reserved for
standard use; VLAN IDs 1006-4095
are extended VLANs for additional
flexibility.
 VLAN TYPE
1. Static VLANs:
• Description: VLANs are manually configured on switches and assigned to specific ports.
• Configuration: Devices connected to these ports are automatically assigned to the VLAN.
• Use Case: Commonly used in environments where VLAN membership does not frequently change.

2. Default VLAN:
• Description: The default VLAN (usually VLAN 1) is the initial VLAN assigned to all switch ports until explicitly
configured otherwise.
• Use Case: Typically used for management and configuration purposes.

Default VLAN 1 Default VLAN 1

Configured VLAN 101
3. Dynamic VLANs:
• Description: VLANs are assigned based on criteria such as MAC addresses or user credentials.
• Configuration: Requires a VLAN Management Policy Server (VMPS) or similar system to dynamically assign
VLANs.
• Use Case: Suitable for environments where devices frequently move or change.
• Process: Dynamic membership VLANs are created through network management software.
• Dynamic VLANs allow for membership based on the MAC address of the device connected to the switch port.
• As a device enters the network, it queries a database within the switch for a VLAN membership
 ACCESS PORTS

switch(config-if)# switchport mode access

TRUNK PORT

switch(config-if)# switchport mode trunk

Introduction to Trunking
Definition:
• Trunking: A method of carrying multiple VLANs over a single physical link between switches or
network devices.
• It enables VLAN information to be passed between switches, maintaining VLAN separation across
the network.

Trunk Ports:
• Description: Ports configured to carry traffic from multiple VLANs. They use special tagging
protocols to distinguish between VLANs.
• Configuration: Trunk ports are set up on switches to connect to other switches or devices that need
to carry VLAN traffic.
 VLAN Tagging Protocols:
• IEEE 802.1Q (Dot1Q):
• Description: The most common trunking protocol that
inserts a VLAN tag into Ethernet frames, allowing multiple
VLANs to be transported over a single link.
• Tag Format: Adds a 4-byte tag to the Ethernet frame,
including VLAN ID information.
• The 802.1Q tag is inserted by the switch before sending
across the trunk.
• The switch removes the 802.1Q tag before sending it out a
non trunk link.
Benefits of VLANs and Trunking
• Improved Network Performance:
• VLANs: Reduce broadcast traffic by segmenting the network into smaller, more manageable
segments.
• Trunking: Efficiently transports VLAN traffic over a single link, reducing the need for multiple
physical connections.

• Enhanced Security:
• VLANs: Provide isolation between different network segments, protecting sensitive data and
reducing the risk of unauthorized access.
• Trunking: Ensures VLAN separation is maintained across links, preserving security boundaries.

• Simplified Network Management:

• VLANs: Simplify network management by grouping devices logically rather than physically.
• Trunking: Facilitates the extension of VLANs across the network, making it easier to manage VLAN
configurations and changes.

• Flexibility and Scalability:

• VLANs: Allow for easy reconfiguration and reorganization of the network as needs change.
• Trunking: Supports the scaling of network designs by carrying multiple VLANs over single or
aggregated links.
3
SPANNING TREE
PROTOCOL (STP)
Redundancy and
High Availability:
Overview:
• Redundancy and High Availability are critical concepts in
network design that ensure continuous network operation
and minimize downtime.
• Redundancy: Involves having multiple pathways for
data to travel, so if one path fails, another can take
over.
• High Availability: Ensures that network services are
consistently accessible, often achieved through
redundancy and failover mechanisms.

• Challenge: While redundancy is necessary, it can introduce

network loops, which cause broadcast storms and degrade
network performance.
• Solution: Spanning Tree Protocols are implemented to
prevent loops while maintaining redundancy.
 Introduction to Spanning Tree Protocol
(STP)
Definition:
• Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free
topology in Ethernet networks by dynamically blocking redundant paths.
• It is used to prevent layer 2 network loops that can cause broadcast storms and
network congestion.

Purpose:
• Loop Prevention: Prevents loops in network topologies where redundant
paths are present.
• Network Stability: Automatically reactivates redundant paths in case of
active path failure, ensuring network stability.
Key Concepts of STP
• Root Bridge:
• Definition: The central switch in an STP topology, chosen based on the lowest bridge ID
(combination of bridge priority and MAC address).
• Role: Acts as the reference point for all STP calculations and decisions.

• Root Port:
• Definition: The port on each non-root switch that has the lowest path cost to the root bridge.
• Role: Provides the best path to the root bridge.

• Designated Port:
• Definition: The port on a network segment that has the lowest path cost to the root bridge for
that segment.
• Role: Handles all traffic for the segment and is the only port forwarding traffic on that
segment.

• Blocked Port:
• Definition: Ports that are put into a blocking state to prevent network loops.
• Role: Does not forward traffic and only transitions to forwarding if necessary to maintain
network topology.
STP Port States:
1. Blocking: Port does not participate in frame forwarding; listens to BPDUs.

2. Listening: Prepares to forward data; processes BPDUs.

3. Learning: Learns MAC addresses; does not forward frames yet.

4. Forwarding: Fully operational; forwards data frames.

5. Disabled: Administratively shut down.

 STP Operation
Process:
• Election of the Root Bridge: All switches in the network exchange Bridge Protocol Data Units (BPDUs) to
determine the switch with the lowest bridge ID as the root bridge.
• Calculation of Path Costs: Each switch calculates the cost to the root bridge and determines its root port based
on the lowest path cost.
• Port Roles Assignment: Ports are assigned roles (Root, Designated, or Blocked) based on the STP calculations to
ensure a loop-free topology.
• Convergence: STP recalculates and updates the network topology when changes occur, such as switch addition
or failure, to maintain a loop-free environment.
Timers:
• Hello Time: Time interval between BPDUs sent by the root bridge (default is 2 seconds).
• Forward Delay: Time a port remains in the listening and learning states before transitioning to the forwarding
state (default is 15 seconds).
• Max Age: Time a switch retains a BPDU before considering it outdated (default is 20 seconds).
Advantages of STP:
• Prevents network loops effectively.
• Provides automatic failover in case of link failure.
• Requires minimal configuration.

Limitations of STP:
• Slow Convergence: Takes 30 to 50 seconds to recalculate topology after a change, leading
to temporary network disruption.
• Inefficient Use of Links: Redundant links are left idle until a failure occurs.
 STP Variants
1. IEEE 802.1D (Traditional STP):
• Description: The original STP standard that defines basic loop prevention and topology management.
• Limitations: Can be slow to converge after topology changes.

2. Rapid Spanning Tree Protocol (RSTP) - IEEE 802.1w:

• Description: An enhancement of STP that provides faster convergence and improved network recovery.
• Features: Reduces convergence time significantly compared to traditional STP.

3. Multiple Spanning Tree Protocol (MSTP) - IEEE 802.1s:

• Description: Allows for multiple spanning trees to be defined within a single network, optimizing traffic and
balancing loads across VLANs.
• Features: Supports multiple VLANs and enhances network efficiency by using multiple spanning trees.
2. Rapid Spanning Tree Protocol (RSTP)
Overview:
• RSTP is an evolution of STP, designed to address the slow convergence issues of traditional STP.
• Functionality:
• Provides faster recovery and convergence times after topology changes, typically within a few seconds.

Key Enhancements over STP:

• Faster Convergence:
• Rapidly transitions ports to forwarding state without waiting for timers to expire.
• Port Roles and States Simplification:
• Port Roles:
• Root Port
• Designated Port
• Alternate Port: Backup to root port.
• Backup Port: Backup to designated port.
• Port States:
• Discarding: Combines blocking, listening, and disabled states.
• Learning
• Forwarding
• Edge Ports:
• Ports directly connected to end devices can be configured as Edge Ports, allowing immediate
transition to forwarding state.

Advantages of RSTP:
• Significantly Reduced Downtime: Rapid reconvergence minimizes network disruption.
• Backwards Compatibility: Can interoperate with traditional STP devices.
• Improved Network Efficiency: Makes better use of redundant links by allowing quicker failover.

Limitations of RSTP:
• Complexity: Slightly more complex than STP, may require updated hardware/software.
• Partial Redundancy Utilization: Still blocks some redundant paths to prevent loops.

Use Cases:
• Ideal for enterprise networks where quick recovery from failures is critical.
• Suitable for environments with frequent topology changes.
Benefits of STP
Loop Prevention:
• STP effectively prevents broadcast storms and network loops, ensuring a stable network
environment.
Network Redundancy:
• STP allows for redundant paths in the network, providing fault tolerance and improving network
reliability.
Dynamic Topology Management:
• STP adapts to changes in the network, such as the addition or failure of switches, by recalculating
the network topology.
Optimized Path Selection:
• STP selects the most efficient paths to the root bridge, optimizing network performance.
ADVANCED
SWITCH
FEATURES
Link Aggregation and LACP (Link
Aggregation Control Protocol):
Overview:

• Combines multiple physical links into a single logical link.

• Increases bandwidth and provides redundancy.

Advantages:

• Improves network performance by distributing traffic across

multiple links.

• Ensures high availability; if one link fails, others maintain the

connection.

LACP:

• A standardized protocol (IEEE 802.3ad) that dynamically

manages link aggregation.

• Allows switches to negotiate which links can be aggregated.

Multicast Switching
and IGMP Snooping:
• Multicast Switching:
• Efficiently delivers multicast traffic
(e.g., video streaming) to multiple
recipients without flooding the
network.

• IGMP Snooping:
• Monitors Internet Group Management
Protocol (IGMP) traffic between hosts
and routers.
• Controls which ports receive multicast
traffic, reducing unnecessary data load
on the network.
Switch Stacking
Switch Stacking:
• Combines multiple physical switches into a single
logical unit.
• Simplifies management and provides redundancy and
scalability.

Advantages:
• Allows for centralized management of multiple
switches as one entity.
• Enhances network resilience; if one switch in the stack
fails, others continue to operate.
 SWITCH
CONFIGURATION
& MANAGEMENT
 1.Basic Configuration
2.VLAN Configuration
3.STP Configuration
4.Monitoring &
Course Maintenance
SWITCH 5.Backup & Restore
Map 6.Hardening
1. Basic Configuration
Overview:
• Initial setup involves basic configurations to ensure the switch is ready for operation, including
setting up IP addresses, access methods, and security measures.
Steps for Basic Configuration:
• Connect to the Switch:
• Console Access: Use a console cable and terminal emulator (e.g., PuTTY) to directly access the
switch.
• Remote Access: Configure SSH for secure remote management after the initial setup.

• Assigning an IP Address:
• Management VLAN: Assign an IP address to the switch on a management VLAN for remote
management.
switch# vlan 1
switch(config-vlan)# ip address 192.168.1.2 255.255.255.0
Setting up Hostname:
• Define a unique hostname to identify the switch within the network.
• hostname Switch-01
Securing Access:
• Console and SSH Access:
• password manager
• password operator
• ssh enable
• Configure SSH:
• crypto key generate ssh rsa
• ip ssh
Saving the Configuration:
• Save the configuration to ensure persistence across reboots.
• write memory
 2. VLAN Configuration
Overview:
• VLANs (Virtual LANs) allow network segmentation, improving security and traffic management.
Steps for VLAN Configuration:
• Creating VLANs:
• Define VLANs with specific IDs.

Switch-01#vlan 10
Switch-01(config-vlan)#name Sales
Switch-01# vlan 20
Switch-01(config-vlan)# name Engineering
Assigning Ports to VLANs:
• Allocate ports to specific VLANs.
Switch-01# vlan 10
Switch-01(config-vlan)# untagged 1-10
Switch-01# vlan 20
Switch-01(config-vlan)# untagged 11-20
Trunking:
• Configure trunk ports to carry traffic for multiple VLANs.
Switch-01# interface 24
Switch-01(config-vlan)# vlan trunk 10,20
Verifying VLAN Configuration:
• Use commands to check VLAN assignments and trunk status.
Switch-01# show vlan
Switch-01# show interfaces brief
 3. Spanning Tree Protocol (STP) Configuration
• Overview:
• STP is configured to prevent network loops and ensure there’s only one active path between
two network devices at a time.
• Steps for STP Configuration:
• Enabling STP:
• STP is typically enabled by default on most switches, but it can be customized.

Switch-01# spanning-tree
• Root Bridge Configuration:
• Ensure the most reliable switch is the root bridge by manually setting its priority.

Switch-01# spanning-tree priority 4096

PortFast and BPDU Guard:
• Enable PortFast on ports connected to end devices to speed up network convergence.
• BPDU Guard can be enabled to shut down a port if a BPDU is received, preventing loops.
Switch-01# spanning-tree 1-10 admin-edge-port
Switch-01# spanning-tree 1-10 bpdu-protection
 4. Monitoring and Maintenance
Overview:
• Regular monitoring and maintenance are essential for ensuring network performance and reliability.
Tools and Techniques:
• SNMP Configuration:
• Enable SNMP (Simple Network Management Protocol) for remote monitoring and management.
Switch-01# snmp-server community public
Monitoring Commands:
• Use commands to monitor switch performance and troubleshoot issues.
Switch-01# show interface status
Switch-01# show stp
Switch-01# show system
 5. Backup and Restore Configuration

Overview:
• Regular backups of switch configurations are critical for disaster recovery.
Steps for Backup and Restore:
• Backup Configuration:
• Save the current configuration to a remote server or local storage.
Switch-01# copy running-config tftp 192.168.1.200 config_backup
• Restore Configuration:
• In case of failure or misconfiguration, restore the switch to a previous configuration.
Switch-01# copy tftp 192.168.1.200 config_backup running-config
 6. Hardening

• User Account Names Contained "admin"

• User Account Lockout Policy Setting was Not found Configured
• No Pre-Logon Banner Message
• No SSH service network access restriction
• Weak Password policy setting
• SSH version 1 was found enabled
 • Disable copyright info,USB port and unused services.
usb disable
undo copyright-info enable
• In addition, if you have HTTP or Telnet running, please disabled it.
HTTPS and DHCP can be also disabled, unless you are using them. If
only CLI.
undo ip http enable
undo ip https enable
Example undo telnet server enable
undo dhcp enable
• Version 1 of the SSH protocol has irremediable problems and
multiple vulnerabilities. Strongly recommended to disable ssh v1
compatibility:
undo ssh server compatible-ssh1x
• Verification can be done with display ssh server status command.
• To verify TCP/UDP open ports use
display tcp and display udp
SECURITY
FEATURES
1. Access Control Lists (ACLs)
Overview:
• Access Control Lists (ACLs) are used to filter traffic and control access to network resources based on IP
addresses, protocols, and port numbers. ACLs act as a firewall, providing a layer of security by allowing or
denying traffic to specific network segments.

Benefits:
• Controls and restricts traffic flow within the network, enhancing security.
• Prevents unauthorized access to sensitive resources by filtering traffic based on defined rules.
• Supports both standard and extended rules for granular traffic management.
Creating ACLs:
• Define standard or extended ACLs to permit or deny traffic.
• Example (Standard ACL)
Switch-01# ip access-list standard ACL-10
Switch-01(config-acl)# permit 192.168.1.0 0.0.0.255
Switch-01(config-acl)# deny any
• Example (Extended ACL)
Switch-01# ip access-list extended ACL-20
Switch-01(config-acl)# permit tcp 192.168.1.0 0.0.0.255 any eq 80
Switch-01(config-acl)# deny ip any any
• Applying ACLs to Interfaces:
• Assign ACLs to interfaces to filter inbound or outbound traffic.
Switch-01# interface 1
Switch-01(config-interface)# ip access-group ACL-10 in
• Monitoring ACLs:
• Use commands to verify and monitor ACLs.
Switch-01# show access-list
 NETWORK
MONITORING AND
TROUBLESHOOTING
1. Importance of Network Monitoring
Overview:
• Network Monitoring is the continuous observation and analysis of network performance and behavior. It helps
in detecting issues, ensuring optimal performance, and maintaining the health of the network infrastructure.
Key Aspects:
• Performance Monitoring: Tracks the performance of network devices and links, ensuring that they operate
efficiently.
• Availability Monitoring: Ensures that all network components are operational and accessible.
• Security Monitoring: Detects and alerts on potential security threats and breaches.
• Traffic Analysis: Provides insights into network traffic patterns, helping identify bottlenecks or unusual activity.
Benefits:
• Proactive detection of network issues before they impact users.
• Ensures consistent network performance and reliability.
• Helps in capacity planning by analyzing usage trends.
• Enhances security by identifying suspicious activities early.
2. Common Switch Issues
1. Network Connectivity Problems:
• Symptoms:
• Devices cannot communicate with each other or with external networks.
• Intermittent or slow network performance.
• Possible Causes:
• Faulty cables or ports.
• Incorrect VLAN assignments.
• Misconfigured IP addresses or subnet masks.
2. Performance Issues:
• Symptoms:
• High latency or packet loss.
• Network congestion and slow data transfer rates.
• Possible Causes:
• Network loops or broadcast storms.
• Insufficient switch resources or buffer overruns.
3. Switch Configuration Problems:
• Symptoms:
• Inconsistent network behavior.
• VLANs not functioning as expected.

• Possible Causes:
• Incorrect VLAN configurations or trunk settings.
• Misconfigured port security settings.
• ACL misconfigurations.

4. Hardware Failures:
• Symptoms:
• Power issues, overheating, or hardware malfunction.

• Possible Causes:
• Faulty switch components or power supplies.
• Physical damage or environmental issues.
3. Diagnostic Tools and Techniques
1. Basic Diagnostic Commands:
• Ping:
Usage: Verify network connectivity between devices.
Example: ping <IP address>

• Traceroute:
Usage: Identify the path taken by packets and locate network bottlenecks.
Example: traceroute <IP address>

• Show Commands :
• Show Interfaces:
Usage: Display interface status and statistics.
Example: show interfaces status
• Show VLAN:
Usage: Display VLAN configuration and port assignments.
Example: show vlan brief

• Show MAC Address Table:

Usage: Display the MAC address table to check address mappings.
Example: show mac address-table

• Show STP:
Usage: Display the STP configuration and port state.
Example: show stp brief
2. Advanced Diagnostic Tools:
• Network Analyzers:
• Usage: Capture and analyze network traffic for troubleshooting.
• Examples: Wireshark, tcpdump.
• SNMP (Simple Network Management Protocol):
• Usage: Monitor and manage network devices using SNMP tools.
• Examples: Network Monitor.

3. Logs and Alerts:

• System Logs:
Usage: Review logs for error messages and system events.
Example: show logbuffer
• Alerts:
Usage: Configure alerts for critical issues or threshold breaches.
Example: Set up SNMP traps.
Thank You