Saturday, April 8, 2017

Introduction to Cisco switch

Cisoc Switch
Switch is a central device for all computers, switch work on datalink layer of OSI model.
Switch functions: address learning, forward/filtering decision, loop avoidance.
  1. Address learning: in address learning switch will find the mac address of every machine
  2. Forwarding/filtering decision: in filtering the data send to specific machine
  3. Loop avoidance: Loop (the process which repeats again and again is called loop. Avoidance (means removing or stopping through STP and RSTP protocol. Ex: switch#show spanning-tree
Switching: Switching is a process to move the data on the basis of hardware or MAC address.
Data link layer is responsible for switching; data link layer devices are switch and bridge.
ARP (address resolution protocol): ARP is use to find the address from known IP. Ex: cmd: arp –a
Switch# show mac-address-table
Cisco discovery protocol (CDP): CISCO proprietary protocol, works on layer2 (data link layer). Use to find detail information of neighbor device, sends updates every 60 seconds.
Switch# show cdp neighbors
Switch# show cdp entry
Switch# show cdp neighbor’s detail
STP (spanning tree protocol): STP is use to avoid ARP loop. In STP there is secondary path which is always down. Secondary is up where primary is down.
BPDU (bridge protocol data unit): Packet use to share information between switch and STP.
STP secondary link steps:
Step1: select a route bridge, (it is a focal point and decision making switch, which acts as a master for all other switches.
Every switch has priority number, switch have lower priority it will be our bridge. To view switch priority: switch# show spanning-tree
 If priority number is equal, every switch has a mac address a switch with a lower mac address will be our route bridge.
To change the priority number: switch(config)# spanning-tree vlan 1 priority 300 every port of root bridge will be designated port, and it will never block in any condition.

Step2: select root port, is a port of Non-root Bridge. Root port will be selected by cost.
Bandwidth:                             Cost:
10 mbps                                   100
100 mbps                                 19
1Gbps                                        4
10Gbps                                      2
To change cost: switch(config)# interface f0/1
Switch(config-if)# speed 10
Step2: block the redundant link every port (interface) has mac address. The port with higher mac address will be blocked a port in a blocking mode can’t perform any action, except sending and receiving BPDU.
If primary link down a new step, will be started to continue the communication. How the redundant link will know that primary is down? When primary is down either by unplugging or in cause of any damages, secondary or redundant link will follow a few steps to be up.
Step4 startup mode: blocking mode 20 seconds (waiting for primary may be up).
Listening mode 15 seconds (communicating with BPDU).
Learning mode 15 seconds (forwarding mode, startup mode).
How to create switch2 as a root bidge ?
We must decrease the priority of switch2 to make as a root bridge.
Switch2(config)# spaning-tree VLAN1 priority 4096 Or
Switch2(config)# spaning-tree VLAN1 root primary
Switch2# show spaning-tree
Rapid STP (RSTP):
Switch1(config)# interface f0/1
Switch1(config)# spanning-tree port fast
Switch2(config)# interface f0/1
Switch2(config)# spanning-tree port fast
Now run this command on all switches:
Switch1(config)# spanning-tree mode rapid-pvst
Switch2(config)# spanning-tree mode rapid-pvst
Switch3(config)# spanning-tree mode rapid-pvst

Note: after RSTP commands, when the primary path down, the secondary will be up without taking 30 seconds time.
VLAN (virtual LAN): VLAN is a group of ports in which computer can only communicate with their own group members.
Advantage of VLAN: Security will be increased, broadcast will be break.
Two types of VLAN:
Static VLAN: in which ports are manually added.
Dynamic VLAN: in which ports are created by using Mac addresses.
Two ports of VLAN:
Access port: access port carries its own VLAN data.
Trunk port: use to connect two different VLAN.
Switch(config)# vlan 10
Switch(config-vlan)# name sales
Switch(config)# vlan 20
Switch(config-vlan)# name IT
Switch(config)# vlan 30
Switch(config-vlan)# name HR
Switch(config)# interface f0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
To add more interfaces in a vlan:
Switch(config)# interface range fastethernet 0/1 – 5
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10
To add different interfaces in a vlan:
Switch(config)# interface range fastethernet 0/1 , fastethernet 0/4 , fastethernet 0/13
Switch(config-if-range)# switch mode access
Switch(config-if-range)# switchport access vlan 10
Switch# show vlan
VTP (VLAN Trunking protocol): Use to share VLAN information between different switches.
VTP modes: Server mode, Client mode, transparent mode.
Server mode: it is a default mode of every CISCO catalyst switch.
In this mode you can create, delete, and modify VLAN. All VTP information advertised from server to client, in this information are stores in NVRAM.
Client mode: in this mode you can’t create, delete, and modify information are stores in RAM. VTP information sends by VTP server.
Transparent mode: in this mode we create, and delete VLAN. In this mode it has its own database, can’t store VTP information, and send by VTP server.
VTP Configuration:
Switch1(config)# VTP mode server
Switch1(config)# VTP domain corvit
Switch1(config)# VTP password icne@123
Switch1(config)# interface f0/6
Switch1(config-if)# no shutdown
Switch1(config-if)# switchport mode trunk
Switch1# show VTP status
Switch2(config)# VTP mode transparent
 Switch2(config)# VTP domain corvit
Switch2(config)# VTP password icne@123
Switch2(config)# interface range fastethernet 0/6 , fastethernet 0/5
Switch2(config-if-range)# switchport mode trunk
Switch3(config)# VTP mode client
Switch3(config)# VTP domain corvit
Switch3(config)# VTP password icne@123
Switch3(config)# interface fastethernet 0/6
Switch3(config-if)# switchport mode trunk
How to break Router password ?
Step1: reboot the router, when reboot click (ctrl+break) to restrict the router booting from NVRAM, to boot from RAM.
Step2: change that confreg value, i.e. 0x2102
Rommon1> confreg 0x2142
Rommon2> reset
Router(config)# no enable secret or no enable password
Router(config)# config-register 0x2102
Router# copy run start
Router# reload
Inter VLAN routing or router on stick:
Router(config)# interface f0/0
Router(config-if)# no shutdown
Router(config)# interface f0/0.1
Router(config-sub-if)# encapsulation dot1q 10 (vlan 10)
Router(config-sub-if)# ip address 10.0.0.100 255.0.0.0
Router(config)# interface f0/0.2
Router(config-sub-if)# encapsulation dot1q 20
Router(config-sub-if)# ip address 200.0.0.100 255.255.255.0
Router# show ip route
Port security:
Switch(config)# interface f0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security maximum 1
Switch(config-if)# switchport port-security violation shutdown
Switch# show port-security
Switch# show port-security address
Switch# show port-security interface f0/1
Switch# show mac-address-table
at
Labels: , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)