News & Tools
- Can We Stop Pretending SMS Is Secure Now?
- It’s time to stop using SMS for anything
- Why You Should Never Use Google Authenticator Again
- Two Factor Auth (2FA) – A list of websites and whether or not they support 2FA
- Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail
- At this point in the semester, you should be confident in your understanding of Cisco IOS, routing protocols, etc., to complete this Lab-04 (OSPF, Serial, DHCP), using only the network diagram as your guide, with 100% accuracy, in less than 30 minutes.
- If that’s not the case, then you must practice, practice, practice, to gain the necessary skills and confidence.
- Practice makes improvement.
Layer 2 Switching
The three functions of a switch.
- Address learning
- forward/filter decisions
- loop avoidance.
CAM (Content Addressable Memory)
- The CAM table, or content addressable memory table, is present in all Cisco Catalysts for layer 2 switching. It is used to record a stations mac address and its corresponding switch port location. In addition, a timestamp for the entry is recorded and it’s VLAN assignment.
- The CAM table is used in multi-layer switching for the purpose of quickly switching frames to their destination. The switch looks at the incoming frame’s source MAC address and enters it into the CAM table and keeps it there for 300 seconds before aging out. This is the default value.
Configuring an IP address on a switch
- The Management VLAN Interface, is a routed interface on every Cisco switch and is called interface VLAN 1.
Port Security on a Switch
- Protect: When the number of secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses.
You are not notified that a security violation has occurred.
- Restrict: When the number of secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses.
In this mode, you are notified that a security violation has occurred. An SNMP trap is sent, a syslog message is logged, and the violation counter increments.
- Shutdown: A port security violation causes the interface to become error-disabled and to shut down immediately, and the port LED turns off. When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands. This is the default mode.
Restrict and shutdown violation modes alert you via SNMP that a violation has occurred on a port.
Spanning Tree Protocol (STP)
- The function of Spanning Tree Protocol (STP) is to prevent Layer 2 switching loops and broadcast storms in a Local Area Network (LAN).
- The Spanning Tree Protocol (STP) allows redundant links in a network to prevent complete network failure if an active link fails, without the danger of Layer 2 Switching loops.
Bridge Protocol Data Unit (BPDU)
- Bridge Protocol Data Units (BPDUs) are messages exchanged between the switches inside an interconnected redundant Local Area Network (LAN).
- Bridge Protocol Data Units (BPDUs) frames contain information regarding the Switch ID, originating switch port, MAC address, switch port priority, switch port cost etc.
- Bridge Protocol Data Units (BPDUs) frames are sent out as multicast messages regularly at multicast destination MAC address 01:80:c2:00:00:00. When Bridge Protocol Data Units (BPDUs) are received, the Switch uses a mathematical formula called the Spanning Tree Algorithm (STA) to know when there is a Layer 2 Switch loop in network and determines which of the redundant ports needs to be shut down.
- The basic purpose of the Bridge Protocol Data Units (BPDUs) and the Spanning Tree Algorithm (STA) is to avoid Layer 2 Switching loops and Broadcast storms.
Spanning Tree Protocol (STP): Port States
The ports on a switch with enabled Spanning Tree Protocol (STP) are in one of the following four port states.
- A port in the blocking state does not participate in frame forwarding and also discards frames received from the attached network segment.
- During blocking state, the port is only listening to and processing BPDUs on its interfaces.
- During the listening state the port discards frames received from the attached network segment and it also discards frames switched from another port for forwarding.
- At this state, the port receives BPDUs from the network segment and directs them to the switch system module for processing.
- During the learning state, the port is listening for and processing BPDUs.
- In the listening state, the port begins to process user frames and starts to update the MAC address table.
- But the user frames are not forwarded to the destination.
- A port in the forwarding state forwards frames across the attached network segment.
- In a forwarding state, the port will process BPDUs, update its MAC Address table with frames that it receives, and forward user traffic through the port.
- Forwarding State is the normal state.
Note: “Disabled” is not one of the four STP port states. Disabled (technically, is not a transition state). A port in the administratively disabled state doesn’t participate in frame forwarding or STP. A port in the disabled state is virtually nonoperational.
Summary of the four port states
|State||Forward Frames||Learn MAC Addresses||Duration|
- Due before 6pm Wed. 2021-03-24
- You must be in class this day in order to get full credit for completing this lab.
- When saving, always increment the version number at the end of the filename every time you save. And, save often.
- Starting Filename: CST3607 Lab-05 YourLastName, YourFirstName v01
- Download the Lab-05 Assets
- The lab must be done in the current version of Cisco Packet Tracer
S3# show port-security fa0/3
S3# show port-security interface fa0/3
- After you’ve verified all of your configurations are complete and 100% accurate, only then e-mail your completed simulation file to me for grading.
- E-mail Subject: CST3607 Lab-05 YourLastName, YourFirstName
Read / Watch / Do
- Read Chapter 9
- Do the Written Labs
- Answer the Review Questions
- Do not submit your answers for this chapter. The answers are in Appendix.