VTP MODES OF A SWITCH, ROUTING AND ROUTED PROTOCOLS, PORT SECURITY IN SWITCH, STP, Dynamic Routing Protocol

VTP MODES OF A SWITCH, ROUTING AND ROUTED PROTOCOLS, PORT SECURITY IN SWITCH, STP, Dynamic Routing Protocol

18:21


VTP MODES OF A SWITCH, ROUTING AND ROUTED PROTOCOLS, PORT SECURITY IN SWITCH, STP, Dynamic Routing Protocol



     VTP modes of switch

VLAN Trunking Protocol (VTP) of a switch operates in three different modes:
        i.            Server Mode: All switches are set to be server by default. Switches in this mode can send and receive advertisements or messages throughout the domain. They have the ability to create, modify, delete and save VLAN configurations in the Non  Volatile RAM (NVRAM) of the switch.

      ii.            Client Mode:  Switches configured to be in this mode can receive VLAN information from the VTP server and apply then apply the information to themselves. It cannot create, modify, delete or save VLAN configurations.

    iii.            Transparent Mode: This mode of a switch does not make use of VTP to exchange VLAN information. All configuration made on it are local to the switch because it does not use the information from the VTP server. This switch is always in forwarding state, forwarding the advertisements to other VTP switches. It can create, modify and even delete VLAN’s that are local to the switch.



         What is the difference between routed and routing protocol?
ANSWER

A routed protocol is a protocol by which data can be routed. It is type of protocol that requires addressing and subnetting. Addressing in routed protocol is used to identify which network a computer belongs to and to identify hosts belonging to a network. All hosts on the network including computers, routers and switches are using the services provided by a routed protocol.Routed protocols define the format and use of the fields within a packet.An example of a routed protocol is the Internet Protocol (IP).
WHILE
Routing protocols are used to help routers to build and maintain routing tables. They are used between routers.They support a routed protocol by providing mechanisms for sharing routing information. An example of routing protocol is Routing Information Protocol (RIP).



3       Port security in switch

Port security in a switch is used to restrict unauthorized users to open unprotected switch interfaces. It restricts traffic on a switch port by identifying and limiting traffic allowed on a port, based on MAC addresses. Those MAC addresses that the Port Security feature learns are called "secure addresses”.
Types of secure addresses:
        Ø  Static: This involves manual configuration of MAC addresses.
       Ø  Dynamic: The MAC addresses here are not configured manually but are learned during the switch operation. The MAC addresses learned are not added in the switch configuration persistently.
        Ø  Sticky: The MAC address are learned automatically and added into the switch configuration persistently even after reboot. There is a maximum to the MAC addresses that could be added. If addresses are fewer than the maximum required, the switch learns the remaining dynamically.
A switch security violation occurs when two ports have the same MAC. If violation occurs, the switch will either:
Shutdown: Drops all traffic and puts the port in err-disabled state.
Protect: Silently drops traffic that is in violation until the number of secure addresses drop below the maximum value. OR
Restrict: Behaves like protect but increments the security violation counter for each violation.


       What is STP?
ANSWER

Spanning Tree Protocol (STP) is a loop preventive or removal protocol in a layer 2 switch. It takes care that there is always exact only one active path between any 2 stations implemented by a special communication protocol between the bridges using BPDU (Bridge Protocol Data Unit) frames with MAC-multicast address. If one active path fails, a redundant path is activated. It also recognizes any failures of bridges and to automatically build a new STP topology allowing any-to-any communication again.
To provide a network topology, STP:
Elects a root bridge: One switch is taken as a root bridge. All ports on it are set as designated and are in forwarding state. A port can send and receive traffic. The election of the root bridge is dependent on the priority number (2 bytes) and the MAC address (6 bytes).  Any switch with the lowest MAC or priority value becomes the root bridge. STP switches uses Bridge Protocol Data Unit (BPDU) for communication.
STP could be in Disabled, Listening, Blocked, Learning and Forwarding State. It uses Hello timer, Forward delay, and maximum age to help converge a network.






     Subneting 192.168.0.0/26 and 10.0.0.0/30 Explained

a.       Subnetting 192.168.0.0/26:
This is a class C network with the default subnet mask of 255.255.255.0 and slash notation of 24. Given the slash notation of 26 i.e 24+2 (2 networks per subnets), the subnet mask becomes 255.255.255.192 with the binary of 11111111.11111111.11111111.”11000000”. That is:
Network address= 192.168.0.0
Subnet mask =255.255.255.192
1st Step: Find the block size of the magic number. That is, Block size= 256- (Decimal Number at host portion of the subnet mask).
256- 192= 64.
2nd Step: Calculate the number of subnets. That is, Number of Subnets= 2^x. (x= No. of “1” bits at host portion of the Subnet Mask).
x=2 because the number of 1 bits is 2, i.e 192= “11”000000.
Number of subnets= 4 ie 2^2.
Step 3: Calculate the number of hosts per subnet. The formula is 2^y-2. (y= number “0” bits at the host portion of the Mask).
y=6 because the number of “0” bits is 6, i.e 192= 11 “00000”.
No. of hosts per subnet= 2^6 -2= 64- 2= 62.
The first subnet address is the first IP of the block. That is, 192.168.0.0/26.
Subnet addresses is calculated by adding adding the block size in proper octets beginning with the first subnet address.
That is, Block size= 64 positioned at the 4th octet.
Second subnet= 192.168.0.0+ 64= 192.168.0.64
Third subnet= 192.168.0.64+ 64= 192.168.0.128 etc.
b.      Subnetting 10.0.0.0/30:
This is a class C network with default subnet mask of 255.0.0.0 and slash notation of 8. Given the slash notation of 30 i.e 8+22 (22networks per subnets), the subnet mask becomes 255.255.255.252 with the binary of 11111111.11111111.11111111.”11111100”.That is:
Network address= 10.0.0.0
Subnet mask =255.255.255.252
1st Step: Find the block size of the magic number. That is 256-252= 4.
2nd Step: Calculate the number of subnets. That is, Number of Subnets= 2^x. (x= No. of “1” bits at host portion of the Subnet Mask).
x=6 because the number of 1 bits is 6, i.e 252= “111111”00.
Number of subnets= 64 ie 2^6.
Step 3: Calculate the number of hosts per subnet. The formula is 2^y-2. (y= number “0” bits at the host portion of the Mask).
y=2 because the number of “0” bits is 6, i.e 252= 111111“00”.
No. of hosts per subnet= 2^2 -2= 4- 2= 2.
First subnet address 10.0.0.0/30
Second subnet= 10.0.0.0+ 4= 10.0.0.4 etc.


2    What are the different types of acl list

ANSWER
There are two main types of Access Control List (ACL). They are Standard ACL and Extended ACL.
Standard ACL is used to check the source address of packets that can be routed. The output of the protocol suite is IP address and source network. Standard ACL cannot prevent all kinds of attacks, but can filter out a lot of the garbage and then let another component in your firewall system deal with application layer attacks.  Users can define IP Standard ACLs with deny, permit action rules. It uses the source IP address to grant or deny access. Standard ACL can be represented in number and name depending on the choice of the network administrator. The numbered ACL ranges from 0 to 99. This number is used to group statements in the same list. With standard ACLs, you can specify only a source address and wildcard mask, where the wildcard mask is optional. The Standard ACL is configured outbound on the interface closest the destination host.
If you omit the wildcard mask in a standard ACL, it defaults to 0.0.0.0 a. To match on all addresses, replace the source address and mask with the keyword any.
The first thing done in standard ACL is specify the type of named ACL (standard) and the name of the ACL in the IP access-list command using number or name. Then you are taken to a configuration mode where you enter the permit and deny command under the ACL number/name.

Extended ACL:This is used to check both the source and destination packet addresses. They check port numbers, protocols etc that helps for more efficient management of the network.It is much more flexible than standard ACL because its conditions can match on many more criteria in a packet or segment header. This ACL also uses number and name, and has the ability to filter applications.

The number ranges from 100 to 199. In an extended IP ACL, if the wildcard mask for an address is 0.0.0.0, the router converts it to syntax i.e. host IP address.  It also requires source and destination addresses for its operation. Moreover, it is always configured inbound on the interface closest to the source host.


            Different types of nating and IPV6 

There are three types of nating. They are:
·         Static nating or NAT: This type of NAT is designed to allow a one to one mapping between a private IP address and a public IP address. It maps a public IP address and port to a private IP and its port number. That is, for each private IP address there is a public IP address. The public IP address here has a fixed private IP address. With the port number and IP address mapped, an external host can send data to internal host, vice versa. For example the Internet Service Provider gives 81.45.87.98 public ip to host 192.168.20.2. This mapping is fixed and the NAT router does the translation.

·         Dynamic nating: This type of nating, like static nating performs a one-to-one mapping of IP addresses but from a pool of public IP addresses. That is, it maps a private address to a public IP address selected from a group. This type of nating is not static but dynamic. For instance, we have public IP pool of 80.45.87.1 to 80.45.87.7, when private IP of 192.168.20.2 tries to access the web, NAT router maps the inside global address to an IP chosen dynamically 80.45.87.1 to 80.45.87.7.

·         NAT overload/PAT: This type of nating maps a group of private IP’s to a public IP. All computers on the private network are translated to the same public IP except for different port number assignment. For example, all computers on the network are mapped to a web server (port 80). The web server as well uses port numbers of individual hosts to communicate with them.
IP Version 6 (IPV6) formally known as IPng is the latest version of IP that has a support for voice, data and video traffic exchange between digital networks. It was created because of limited IP addresses that IPV4 offers to provide more IP addresses for host assignment. It uses 128 bit of address and provides 1038 routable IP’s making NAT unnecessary. It supports security and high quality of service, flexibility and ability to reach globally. Its naming convention uses 321 hexadecimal numbers, which are organized into 8 quarters of 4 hexadecimal digits separated by colons. Eg 2645:BA24:264C:32CA:56AF:2132:54BA:24CB.
It has three address types: 

Multicast: This address begins with FF02.

Unicast: Begins with FE08.

Anycast: Begins with 2001.




       Dynamic routing protocol

Dynamic routing protocol (dynamic routing) is a networking protocol that requires the routers to automatically figure out the best path in order to get to a remote network. It does not require a static definition of remote network in the routing table. That is, you need not manually enter the path to be taken by a router in order to connect to remote networks.
There are different classifications and types of dynamic routing. They are classified as:
a)      Distance Vector Routing Protocol: Also known as routing by rumor. Any distance vector routing protocol depends on the neighboring router to learn the remote networks. It does not have the entire network topology/map in its routing table. All distance vector routing protocol automatically summarize all subnets back to their classful bandwidth.
b)      Link State Routing Protocol: This does not depend on its neighboring router to learn remote network. They have the entire network topology/map in their routing table.
        c)      Hybrid/Advanced Distanced Vector Routing Protocol: This is a combination of Distance Vector and Link State routing protocols. It has the entire network map.
The types include:
a.       Exterior Gateway Protocol (EGP): This is a type of protocol used between two or more autonomous systems.
b.      Interior Gateway Protocol (IGP): This is used in one autonomous system. Examples of IGP protocols include:

Routing Information Protocol (RIP): RIP is a distance vector routing protocol that uses hop count as its matric value and has the Administrative Distance (AD) of 120. It uses 255.255.255.0 as its broadcast address and 224.0.0.9 as its multicast address. It has two versions, RIPV1 and RIPV2. The difference is that RIPV1 is a classful protocol and has no authentication while RIPV2 is classless and supports authentication.

Interior/Gateway Routing Protocol (IGRP/EIGRP): EIGRP is a replacement of IGRP. It uses bandwidth as its matric value and has the AD of 100. It stores all possible paths to a remote network and so is the fastest of all routing protocols. It has manual route summarization flexibility and supports unequal cost load balancing. It also supports multiple routed protocols using PDM. It uses combination of parameters eg Bandwidth, Delay, Reliability, Load and MTU for its matric value. It is Cisco proprietary.

OSPF: This is a link state protocol that uses cost as its matric value. It has 224.0.0.5 and 224.0.0.6 multicast addresses. It is classless and designed for larger networks. It is vendor independent.

About

This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.

Next
« Prev Post
Previous
Next Post »
Subscribe to: Post Comments (Atom)