Monday, November 12, 2012

Friday, June 17, 2011

Two years

It's been two years since I've been down there, just under this post, writing entries about cisco certification and what-nots. I stopped, not because I was bored, lost interest or couldn't afford my internet bill any more, no no, it was because I got a job! That meant no time for continuing the studying and playing around with cisco stuff. I was back on the road to Dublin!

Now, you may wonder, why bother coming back now, at this stage? Have I been made redundant again? No, thank fuck! Have I loads of time on my hands? Not really. I guess I just kinda saw this blog again for the first time in two years and remembered what I was at when I started it and how I used it to help feel better about myself. Why not continue with it now when times are good too?

So, hopefully I'll be posting more and more over the next while. Not about cisco stuff though I'm afraid... I've started looking at JavaFX and it's kinda caught my eye!

Wednesday, June 17, 2009

Switch port security

Cisco switches come with some undesirable defaults:

  • The ports are open (whereas router interfaces are shut by default), so use shutdown command on unused ports
  • They are actively attempting to trunk, so use the switchport mode access command so it cannot trunk
  • All ports are in VLAN 1, so place the port into an unused dummy VLAN

To lock down a particular port for a particular MAC address:

cont f
int fast 0/1
switchport mode access
switchport port-security mac-address aa-aa-aa-aa-aa-aa
switchport port-security mac-address sticky (the first MAC address connected will be used)
switchport port-security violation ?

shutdown, which is the default, will shut the port down, logs the action taken and interface status will be "err-disabled" - this must be manually reopened.

restrict will drop the frames, logs the message indicating an issue, but does not shutdown the port.

protect simply drops the violating frames.

show port-security int fast 0/1 command shows you all the info.

Forward it; Flood it; Filter it

A cisco switch will do one of three things to an incoming frame (remember, a switch is a layer 2 device -> Data link layer -> Frames):

  • Forward it
  • Flood it
  • Filter it

The decision is based on the MAC address table. The MAC address table is created based on the INCOMING address in the frame. If the incoming frame source MAC address isn't listed in the table, the switch will add it to it's table with the Vlan, the type and the port it's connected to, i.e. 


  • Forwarding happens when the switch has an entry for the destination MAC address in it's MAC address table and forwards the frame out a single port. 
  • Flooding happens when the switch doesn't have an entry for the destination MAC address in the MAC address table. The frame gets sent out every port on the switch except for the one it came in on.
  • Filtering happens when the switch has an entry for both the source and destination MAC address AND the MAC table indicates that both addresses are found to be on the same port.

If a host gets disconnected from one port and connected to another, the switch will notice that the incoming frame source MAC address is now on a different port and updates it's MAC address table accordingly.

Once the switch decides to either forward or flood, it also must figure out which processing method to use:

  • Store-and-forward
  • Cut-through
  • Fragment-free

With the store-and-forward method, the switch stores the entire frame on the switch. After checking the FCS (frame check sequence) for corruption, it continues forwarding on the frame. I.e. more error detection.

With cut-through it will forward on the frame without reading the FCS even before all the frame has been received. This means it's faster, but with less error detection.

With fragment-free, the switch only checks the first 64 bytes for corruption as it assumes that if there is going to be any corruption, it'll happen in the first 64 bytes. This is considered to be the middle ground between the two above.

Switching basics!

The third video is quite an interesting one, however, it does take a little while to get into the more "interesting" stuff. Again, it's mostly all theory and starts off listing the layer 1 devices and the first layer 2 device, a bridge:

  • A repeater simply amplifies the transmission
  • A hub is basically a repeater with multiple ports
  • A bridge connects two hubs together

Anything connected to a hub is considered to be in the same collision and broadcast domain. They also depend on CSMA/CD.

A bridge separates two hubs. This splits the collision domain into two, however, there is still only one broadcast domain.

Anything connected to a switch is considered to be in it's own collision domain but they will all be in the same broadcast domain (assuming all in the same VLAN).

Creating VLANs create new broadcast domains as traffic from one VLAN cannot reach another VLAN without the intervention of a layer 3 device, most likely a router.

Cisco switches use STP (spanning tree protocol) to prevent switching loops and is enabled by default. STP determines a loop-free path for frames and ports that are not on that path will be placed into blocking mode.

Tuesday, June 16, 2009

Yawn! Video #2

Video #2 is about CSMA/CD, ethernet types and cable types.

CSMA/CD stands for Carrier Sense Multiple Access with Collision Detection. When multiple hosts connect via an old fashioned shared copper wire (bus), they need to be able to detect if another host is currently using the wire. If not, the host will send it's data. However, if two hosts decide to send data at exactly the same time, they need to monitor for collisions on the wire. A small change in voltage lets a host know if a collision has occurred. Once this happens the host sends a jam signal to each host on the network. Each host sets a random back-off timer or algorithm before attempting to transmit once again.

With the ethernet standard 10Base-T, the T stands for twisted-pair cable. The 10 refers to 10Mb/s. Twisting the pairs of wires reduces possibility of electromagnetic interference.

  • Ethernet runs at 10Mb/s
  • Fast ethernet runs at 100Mb/s
  • Gigabit ethernet runs at 1000Mb/s or 1Gb/s
  • Straight-through cables are used to connect a PC to a switchport
  • Crossover cables are used to connect two similar devices together, typically two switches
  • Rollover cables are console cables for a serial connection (DB9 -> RJ-45)

MAC/BIA/Physical/NIC/Ethernet/LAN Address is a 48bit address written in hex (aa-bb-cc-11-22-33). The first three sections are the OUI (Organisationally Unique identifier aa-bb-cc). The broadcast MAC address is FF-FF-FF-FF-FF-FF and the multicast MAC address is 01-00-5e[00-00-00 -> 7F-FF-FF].

WAN cabling, you can connect Cisco router serial interfaces directly with a DTE/DCE cable.


Any cable over 100 meters is a cause for alarm!

Monday, June 15, 2009

TCP vs UDP

This is a little more obvious than the models below, but here it is anyway:

TCP

  • Guaranteed delivery
  • Error detection via sequence and ACK numbers
  • Windowing
  • "Connection oriented"

UDP

  • "Best-effort" delivery
  • No error detection
  • No windowing
  • "Connectionless"

TCP also uses the "three-way-handshake" -> SYN; SYN/ACK; ACK

During TCP error detection, the receiving host sends an ACK with the sequence number of the next EXPECTED sequence number; not the sequence number of the last received segment. If the sender receives the ACK with the expected sequence number, the sender will re-send that segment.

If the sender does not receive an ACK before the ACK timer expires, the sender will re-transmit all of the previous segments.

Windowing refers to the amount of data a sender can send without expecting an ACK back from the recipient. It is defined by the recipient and is dynamic. It may be increased until errors start popping up in which case it will decrease the window size until it stablises again.