2013_Switching (1131236), страница 2
Текст из файла (страница 2)
By default root IDmatches local BID. If root ID in received BPDU is lower, root ID and cost are updated.• Electing root ports: port with best cost becomes root port. If there is several paths, the port ID isused to break a tie: the one becomes root, other are non-designated.• Electing designated and non-designated port: the switch with smaller BID wins the competitionand sets port to designated while other becomes non-designated.When topology changes (port is going down or transitions to forwarding), topology change notification(TCN) is sent to the root port. The answer is topology change acknowledgement (TCA).
Root bridgeanswers with topology change (TC) messages.Advanced layer 3 switches can:• build a forwarding table• receive packets and route to the correct interfacePer-VLAN STP (PVST) - spanning tree for each VLAN. Load balancing on 2 layer. Uses ISL. Includesextensions like BackconeFast, UplinkFast, PortFast.PVST+ supports 802.1Q. BPDU guard and Root guard extensions. In BID priority field is reduced to 4bits, 12 bits for VLAN.Multiple STP enables ms to be mapped in the same spanning-tree.8RSTPRSTP uses flag byte in BPDU:• bits 0 and 7 for topology change and ack• 1 and 6 for proposal agreement process• 2-5 encode the role and state of the portEdge port is port that is never intended to be connected to switch.
Immediately transitions to forwarding. When it receives BPDU it becomes normal spanning-tree port.Non-edge ports can be point-to-point or shared.Port states:• Discarding: in both stable and synchronization steps. Prevents data forwarding.• Learning: also in both steps. Accepting data frames to populate MAC table.• Forwarding: only when stable.Port roles:• Root: on every non-root bridge that is the chosen path to the root.• Alternate: offers an alternate path toward root bridge, assumes discarding state.• Backup: additional port with redundant link. Higher priority, assumes discarding state.• Designated: assumes the forwarding state.
Only one per segment.RSTP is faster because it converges on link-by-link basis and does not rely on timers. Also there arealternate ports.Inter-VLAN routingRouter-on-a-stick is a router in which a single interface routes traffic between multiple VLANs.Subinterfaces - multiple virtual interfaces associated with one physical interface.Switch configuration issues:• Ports are in VLAN 1 by default.• The switch interface connected to router-on-a-stick must be in trunk mode (if using subinterfaces)Router configuration issues:• connecting to ports with appropriate VLAN• correct encapsulation numberIP addressing issues:• correct IP and subnet maskEtherChannel is used to reduce the risk of failed inter-switch link.9Wireless conceptsClients connect to the network through wireless access points (AP).
It operates at data link layer.802.11 standards differences:• Band (5.7 or 2.4 GHz): smaller frequency signals have better range and less absorbed by obstacles,but larger antennas.• Modulation techniques: direct sequence spread spectrum (DSSS) is worse than orthogonal frequency division multiplexing (OFDM).Carrier Sense Multiple Access with Collision Avoidance (CSMA/CD): devices must sense the mediumfor energy and wait until the medium is free before sending.In small business and homes wireless router act as AP, switch and router.Shared service set identifier (SSID) - unique identifier used by clients to distinguish between WLANs inthe same vicinity.The band is broken into several channels with a separator between center frequences of successive channels. No overlapped channels are preferred.Service sets:• ad hoc networks (without access point)• basic service sets (single AP)• extended service setsThe common distribution system allows multiple APs to be in single BSS.Primary components of 802.11:• beacon (frame to advertise the presence)• probe (used by clients to find their networks)• authentication• association (establishing a data link)Process before sending data:1.
Client sends SSID and supported rates, AP responses the same fields and security implementation.2. Authentication is based on wired equivalency protection (WEP).(a) authentication request by client(b) response a text(c) client encrypts the text using shared key and sends to AP(d) decrypting and answering3. Associate stage: client learns BSSID which is AP MAC, AP maps a logical port (AID) to the client.AAA - authentication (client identification), authorization (checking special credentials) and accounting(holding logs).Threads to wireless security:10• war driving (simply exploiting open networks)• hackers (exploit weak privacy measures)• using client's data in open networks• man-in-the-middle• denial of serviceSteps to secure WLAN:1.
SSID (open, not secure)2. WEP (static, breakable keys, not scalable)3. WPA (strong user-based authentication)4. WPA2 (AES, dynamix key management)Extensible authentication protocol (EAP) is a framework for authenticating network access.1. identify request (from AP)2. identify response3. EAP request (from authentication server)4. EAP response5. successfulTKIP is the encryption method certified as WPA.AES has the same functions as TKIP, but uses additional data from MAC header to recognize tamperingand also adds sequence number to header.Methods of access controlling:• disabling SSID broadcasts• MAC filtering• WPA2Standard troubleshooting practice:1. Eliminate a client device as problem source.2.
Confirm the physical status of devices.3. Inspect wired links.Channel overlapping may cause problems.Other devices can "hog" some channels.Orientation of antenna can reduce coverage in some places.11.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
