# Deploy Networking Devices [[Comparing OSI Model Network Functions]] - <u>Repeater</u> - meant to overcome large distances - It resends/amplifies the signal - works at Layer 1 - Copper and fiber optic types - <u>Media converter</u> - transition between media types - works at layer 1 - fiber to copper - single mode to multimode - <u>Hubs</u> - layer 1 - legacy - 1 collision domain - dont use - to hook hubs up to each other you use a crossover cable - <u>Bridges</u> - works at layer 2 - Ports are in separate collision domains - Ports are in the same broadcast domain - Bridge must track **MAC addresses** associated with each port - legacy - <u>Layer 2 Switches</u> - Replaces hubs and bridges and eliminates performance drag from contention - Each port is separated into its own collision domain - Microsegmentation - Breaks up traffic according to work and priorities - Allows full-duplex (depending on host NIC) - All ports are in the same broadcast domain - unless VLANS have been configured - uses CSMA /CD # Explain Network Interfaces Network interface card / NIC aka network adapter - the transceiver component works at a physical layer - it can be copper or fiberoptic - Ethernet standard (10/100/1000 or 10G/40G) - Multiport - Card logic and driver work at data link layer - ethernet framing - Has Local/hardware/physical address (MAC) ![[ethernetFrameFormat.png]] ## MAC address format - it is 48 bits ID expressed in hexadecimal notation (base16 0-f) - it is a burned in address on the NIC card - Locally administered addresses - Broadcast address - first 3 bits is the manufacturer (OUI) - **o**rganizational **u**nique **i**dentifier ## Max transmission unit (MTU) - MTU is normally up to 1518 byte payload - EtherType - Indicate network layer protocol rather then size - 0x0800 or 2048 in decimal for IPv4 - 0x86DD for ipv6 - Min length - 64 bytes to ensure CSMA/CD detecs collisions - Frame length (including headers) - 1518 bytes or jumbo frames ## Packet Sniffers and Taps - Protocol analyzer decodes (parses) frame and protocol headers and data - views everything transmitted, by mirroring ports and data - Packet sniffers read frames from the network - host based capture - Switched port analyzer (SPAN) / mirror port - can attach sniffer to here and get all data - Test Access Point (TAP) - passive vs active ## tcpdump - `-i` to specify interface - `-w / -r` to write or read to a file - `-vvv` to increase verbosity - Capture filters - type (host, net, port) - direction (src, dst) - Protocol (arp, icmp, ip, ip6, tcp, udp) - Boolean operators - and (&&), or (||), not (!) - paranthese to group expressions ## wireshark wireshark is great, lucky loves it... # Deploy Common Ethernet Switching Features Ethernet switch types... - number of ports to plug in devices - unmanaged vs managed - my SOHO router has an unmanaged switch. It auto configures - Stackable - modular vs fixed - Desktop vs rack-mounted ## Logical vs Physical network topologies describes the physical or logical structure of the network. In terms of nodes and links - Physical network topology - placement of nodes and how they are connected by the network media. Shows physical devices - Logical topology - describes the flow of data thru the network ## Point to point links this is the simplest type of topology. A single link between 2 nodes. Only 2 devices share the connection and they are guranteed a level of bandwidth ## Bus topology more then 2 nodes is a shared access topology. all devices share the bandwidth of the media. Only 1 node can be active at any 1 time. It is terminated at each end. The signal travels down the bus in both directions and all nodes receive it. ## Star topology Widely used. Central forwarding node such as a switch or router in the middle and spoked out to nodes. AKA hub and spoke. While hub and spoke is talked about with WANs and remote sites. ## Physical star logical star topology No bus but there is logic in between. The switch uses collision avoidance ## Ring topology Each node is wired to its neighbor in a closed loob. Each node can repeats the transmission. No longer used like Bus. ## Mesh topology Commonly used in WAN especially public networks. Each device has a point-to-point link with every other device on the network. ![[Mesh topology.png]] ## Switch interface configuration - Command mode - user EXEC - privileged EXEC - Configuration modes - `show config` - Boot config vs running config - running config has all the info pertaining to vLANs - Interface status - interface IDs - Line status and protocol status - Configuration data and traffic statistics - `show interface` - solid green typically means youre connected - blinking yellow means the machine is transmitting - Autonegotiate speed/duplex versus status config <u>Duplex means...</u> Full duplex - send and recieve at full bandwidth at the same time Half duplex - can ONLY send or receive at a time ## Auto MDI/MDI-x - End system - Media dependent interface (MDI) - Transmit on pins 1 & 2 and receive on pins 3 & 6 - Straight thru cable to connect to MDI-X port on hub/bridge/switch - Intermediate system to intermediate system - uplink ports and crossover cables - Auto MDI/MDI-X senses appropriate configuration regardless of cable - receives on pins 1 & 2 and transmits on pins 3 & 6 need to have the same cable on both ends. When the switch needs to be connected to another switch it needs to use MDI-x. and uses a crossover cable. most devices will be automatically configure to MDI-MDI-x. ## MAC Address Table and Port security - This is a database of MAC addresses associated with each port - Switch floods frames when destination MAC is unknown - `show mac address-table` - Port security - Specify static list of allowed MACs - Accept given number of sticky MACs - Specify enforcement action for policy violation - only computers that are approved will be allowed through the switch ## Port Aggregation combining 2 or more separate cabled links between a host and a switch into a single logical channel. Can double your speeds - Combine multiple links into a single logical channel - NIC teaming - host end of port aggregation - Bonding - widely subsitituted for aggregation (they are same thing, different name) - Aggregates link bandwidth - PRovides redundancy - Link aggregation control protocol (LACP) ## Port Mirroring - configure switch to copy unicast frames for legitimate packet sniffing/network analysis. Sends to a specific port. - Switched port analyzer (SPAN) - sending of unicast frames to a specific port - To sniff the packets, you connect to the SPAN destination port - Can run an intrusion detection system (IDS), intrusion prevention system (IPS), packet sniffer, network analyzer on this SPAN port to help monitor what is going thru the switch. ## Jumbo Frames and Flow Control - Jumbo frames... - specify higher MTU (often ~9000 bytes) -- **M**aximum **t**ransmission **u**nit - this is often used on SANs (storage area network) - may reduce bandwidth usage as less frames are sent. There are diminishing returns - Flow control - allows the server to pause traffic via the switch. Prevents overloading the server's buffer to prevent dropped frames - managed by the switch. CSMA/CD - Configure switch port to enable or disable use of PAUSE frames. ## Power over Ethernet This allows power to flow over data cabling (layer 2 power) - 802.3af - ~13 W (350mA@48V) - 802.3at (PoE+) - ~25 W (600mA) - 802.3bit (ultra PoE) - ~51 W (type 3) or 73 W (type 4)