SlideShare ist ein Scribd-Unternehmen logo

Vlan

PAF-KIET
PAF-KIET

how to create VLAN's on CISCO routers

BildungTechnologieBusiness
1 von 24
Downloaden Sie, um offline zu lesen
VLANs and Port Security Gary Lee Nelson Lee Kelly Lum CS 996 10/23/2003
Switched Networked Classical logical network topology Switches and hubs connect to end-nodes Routers connect switched, providing backbone Separates multicast and collision domain into two segments But routers add latency! Noticeable as networks become larger
Adding Latency Switches are Layer 2 network devices Forward information based on layer 2, MAC addresses Routers are Layer 3 network devices Forward information based on layer 3, IP addresses Switches can better allocate bandwidth Unlike hubs, they do not broadcast traffic to all ports, but keeps track of which computer is connected to which port
Classical Corporate Network
Classical Corporate Network Limitations End-nodes are connected to switches Large number of switches connected to routers Routers need to route large amount of packets End-nodes need to be physically connected to switches End-nodes need to be 100m or closer to switch Cannot further segment switches to limit broadcast or collision domains If you have research lab and public relations on same switch You cannot spread a department’s computers over a wide area, such as a scientific research computer laboratory across campus!!
Ideal Switched Network • Switches are interconnected by a circuit-switched ATM backbone •But now there is one huge collision domain!!
What is a Virtual LAN? A physically switched network that is logically segmented A new set of broadcast domain are created within the switches Allows machines on physically different LAN segments to behave as if they were part of the same segment
Sample LAN There is a three-story building that is furnished with three computers per floor The three departments are oddly partitioned such that one computer from each floor constitutes 1/3 of the department We now have to move computers from each floor to its proper location so we can use hubs A very tedious and ridiculous job for network admin! (Let an intern do it…)
Sample LAN into a VLAN By using switches, we can assign computer on different floors to VLAN1, VLAN2, and VLAN3 Now, logically, a department is spread across 3 floors even though they are physically located on different floors
Ideal Network Revisited
Why use VLANs? Provides limited amount of assurance that only computers part of the VLAN can communicate on it (Higher assurance can be obtained by following Cisco’s Best Practices implementation) Improves general network performance by not slowing down other users sharing the network Limits recipients of broadcast traffic Less congestion Allows easier network management
VLAN Tagging To establish a packet’s association with a particular VLAN, a tag is added 802.1q – Specifies appending 32-bit VLAN tag (field) into Ethernet Frame after Ethernet header 12 bits are assigned to VLAN ID Usual Scenario Packet enters switch from source host Tag appended while in switch fabric (even if there is no trunking) Gets routed to specific port Tag is stripped off Original packet passed to destination host
How do packets move in a VLAN? Three basic models for controlling how a packet get routed inside a VLAN switch Port based Network administrator assigns a port on a switch to a VLAN ID Need to manually enter it into the switch, so if a computer moves, then you have to manually update the changes If a repeater is attached to a port, all of the users on the repeater must be on the same VLAN MAC Address based Switch maintains a table of addresses and their corresponding VLAN memberships Easy to keep track of computers that moved Can be, but not easily, part of multiple VLANs
How do packets move in a VLAN? Layer 3 based Membership is based on protocols and Layer 3 addresses Ex.: an IP subnet can be a VLAN or an IPX network Can use non-routable protocols like NetBIOS instead of IP or IPX
How is VLAN membership indicated? Tagging packets internally and between trunks Tag is appended when packet arrives at switch Tag is stripped when packet reaches destination on same switch On a trunk: implicit and explicit Implicit - membership indicated by MAC address All switches supporting a VLAN must share a table of addresses Explicit – tag added to the packet to indicate VLAN membership Used by Cisco ISL and 802.1Q
VTP – VLAN Trunking Protocol ISL – Pre-802.1q : Cisco proprietary Inter-switch Link protocol VTP – Management protocol that spans the trunks lines (ISL, 802.1q port, LANE, etc) Creates a new domain of switches for VLAN management Make one change, let VTP worry about propagating settings across inter-connected switches
Port Security Enables blocking of unauthorized MAC addresses access to ports Switches can then monitor the security of those ports Alerts may be sent to a network manager where appropriate action should be taken
Port Security for Cisco Catalyst Blocks input into a port if the MAC address is different from the set of MAC addresses assigned to the port Allows a maximum of 1024 MAC addresses plus one default MAC address for each port Manual or Automatic configuration Configuration stored in non-volatile RAM
Port Security for Cisco Catalyst (continued) Able to set an age time during which the port is secure. After the time has expired, the port becomes insecure. (WHY?) Default setting: Ports are secured permanently An attempting MAC address that is different from the secure MAC addresses on the port constitutes as a security violation After a security violation, ports are defaulted to shutdown permanently Port security not supported for trunk ports
Port Security for Cisco Catalyst (continued) MAC address Actions taken by the port: • Shut down permanently • Shut down for a period matches the MAC address with list of secure MAC Match allows the packet of time through addresses for the port (If shut down, an link- down trap is sent to NO match SNMP) • Enabled, but drops The port takes action. packets from insecure hosts
Port Security for HP Procurve 4000M For any port, one or both of the following can be configured Authorized Addresses – specify up to 8 MAC addresses allowed for inbound traffic Closes the port to any unauthorized device Prevent Eavesdropping – blocks outbound traffic to unknown destination addresses When a security violation is detected An alert flag is set for that port Sends an SNMP trap to network management system
Port Security for HP Procurve 4000M Port Security is defaulted to off. Configuration parameters Port – port to enable port security Learn mode Continuous (default) – port learns about MAC addresses from inbound traffic, and addresses are Aged out. Static – Manually enter up to 8 MAC addresses Address Limit – the number of addresses to allow 1 is default, 8 is the maximum
Port Security for HP Procurve 4000M Eavesdrop Prevention Disabled (default) – allows all outbound traffic Enabled – allows outbound traffic with known destination MAC addresses Action None (default) – no trap is sent Send Alarm – SNMP trap sent to network management system. Authorized Addresses List of MAC addresses allowed
Resources Cisco Catalyst 2980G-A Product Overview - http://cisco.com/univercd/cc/td/doc/pcat/ca2980g.htm Cisco Catalyst 2900 Series Configuration Guide - http://www.cisco.com/en/US/products/hw/switches/ps606/prod ucts_configuration_guide_book09186a008007f199.html Hewlett-Packard's support site - HP Procurve 4000M - http://www.hp.com/rnd/support/index.htm Types of VLAN - http://www.vlan- analyser.co.uk/content/semitechnical.htm

Empfohlen

Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationNetProtocol Xpert
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service NodeDavid Lapsley
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingRafat Khandaker
 
Securing Switch Access
Securing Switch Access Securing Switch Access
Securing Switch Access Netwax Lab
 

Empfohlen

Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationNetProtocol Xpert
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service NodeDavid Lapsley
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingRafat Khandaker
 
Securing Switch Access
Securing Switch Access Securing Switch Access
Securing Switch Access Netwax Lab
 
Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwardingMohammed Umair
 
CCNA Access Lists
CCNA Access ListsCCNA Access Lists
CCNA Access ListsDsunte Wilson
 
3 2
3 23 2
3 2garybartecleo
 
Introduction to vxlan
Introduction to vxlanIntroduction to vxlan
Introduction to vxlanMohammed Umair
 
Basic switching concepts and configuration
Basic switching concepts and configurationBasic switching concepts and configuration
Basic switching concepts and configurationMohammedseleim
 
Vlans and inter vlan routing
Vlans and inter vlan routingVlans and inter vlan routing
Vlans and inter vlan routingMohammedseleim
 
Lab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchLab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchADDY50
 
CCNA Routing Protocols
CCNA Routing ProtocolsCCNA Routing Protocols
CCNA Routing ProtocolsDsunte Wilson
 
VXLAN
VXLANVXLAN
VXLANSAliyev1
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PROIDEA
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtpMilton Bengui
 
Exam viewer2
Exam viewer2Exam viewer2
Exam viewer2Jorgito Leal
 
Vlans
VlansVlans
VlansRaghu Udiyar
 
Cisco OTV 
Cisco OTV Cisco OTV 
Cisco OTV NetProtocol Xpert
 
Otv notes
Otv notesOtv notes
Otv notesKrunal Shah
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switchingMuhd Mu'izuddin
 
Application & Data Center
Application & Data CenterApplication & Data Center
Application & Data CenterNetProtocol Xpert
 
Tn 310 vlan-trunking
Tn 310 vlan-trunkingTn 310 vlan-trunking
Tn 310 vlan-trunkingsali Ibrahimu
 
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)Abdelkhalik Mosa
 
Vlan
Vlan Vlan
Vlan sanss40
 
Mise en place de vlan au sein d'un réseau
Mise en place de vlan au sein d'un réseauMise en place de vlan au sein d'un réseau
Mise en place de vlan au sein d'un réseauGeorges Amichia
 
Qos formation-mettre-en-oeuvre-la-qos-cisco
Qos formation-mettre-en-oeuvre-la-qos-ciscoQos formation-mettre-en-oeuvre-la-qos-cisco
Qos formation-mettre-en-oeuvre-la-qos-ciscoCERTyou Formation
 

Weitere ähnliche Inhalte

Was ist angesagt?

Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwardingMohammed Umair
 
Basic switching concepts and configuration
Basic switching concepts and configurationBasic switching concepts and configuration
Basic switching concepts and configurationMohammedseleim
 
Vlans and inter vlan routing
Vlans and inter vlan routingVlans and inter vlan routing
Vlans and inter vlan routingMohammedseleim
 
Lab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchLab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchADDY50
 
CCNA Routing Protocols
CCNA Routing ProtocolsCCNA Routing Protocols
CCNA Routing ProtocolsDsunte Wilson
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PROIDEA
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switchingMuhd Mu'izuddin
 
Tn 310 vlan-trunking
Tn 310 vlan-trunkingTn 310 vlan-trunking
Tn 310 vlan-trunkingsali Ibrahimu
 
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)Abdelkhalik Mosa
 

Was ist angesagt? (20)

Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwarding
 
CCNA Access Lists
CCNA Access ListsCCNA Access Lists
CCNA Access Lists
 
3 2
3 23 2
3 2
 
Introduction to vxlan
Introduction to vxlanIntroduction to vxlan
Introduction to vxlan
 
Basic switching concepts and configuration
Basic switching concepts and configurationBasic switching concepts and configuration
Basic switching concepts and configuration
 
Vlans and inter vlan routing
Vlans and inter vlan routingVlans and inter vlan routing
Vlans and inter vlan routing
 
Lab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchLab view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switch
 
CCNA Routing Protocols
CCNA Routing ProtocolsCCNA Routing Protocols
CCNA Routing Protocols
 
VXLAN
VXLANVXLAN
VXLAN
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...
 
Ccna3 mod9-vtp
Ccna3 mod9-vtpCcna3 mod9-vtp
Ccna3 mod9-vtp
 
Exam viewer2
Exam viewer2Exam viewer2
Exam viewer2
 
Vlans
VlansVlans
Vlans
 
Cisco OTV 
Cisco OTV Cisco OTV 
Cisco OTV 
 
Otv notes
Otv notesOtv notes
Otv notes
 
Layer 2 & layer 3 switching
Layer 2 & layer 3 switchingLayer 2 & layer 3 switching
Layer 2 & layer 3 switching
 
Application & Data Center
Application & Data CenterApplication & Data Center
Application & Data Center
 
Tn 310 vlan-trunking
Tn 310 vlan-trunkingTn 310 vlan-trunking
Tn 310 vlan-trunking
 
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)
LAN Switching and Wireless: Ch4 - VLAN Trunking Protocol (VTP)
 
Vlan
Vlan Vlan
Vlan
 

Andere mochten auch

Mise en place de vlan au sein d'un réseau
Mise en place de vlan au sein d'un réseauMise en place de vlan au sein d'un réseau
Mise en place de vlan au sein d'un réseauGeorges Amichia
 
Qos formation-mettre-en-oeuvre-la-qos-cisco
Qos formation-mettre-en-oeuvre-la-qos-ciscoQos formation-mettre-en-oeuvre-la-qos-cisco
Qos formation-mettre-en-oeuvre-la-qos-ciscoCERTyou Formation
 
Formation gestion de projet - 06 - la production
Formation gestion de projet - 06 - la production Formation gestion de projet - 06 - la production
Formation gestion de projet - 06 - la productioniafactory
 
Formation gestion de projet - 05 - la conception
Formation gestion de projet - 05 - la conceptionFormation gestion de projet - 05 - la conception
Formation gestion de projet - 05 - la conceptioniafactory
 
Sca n instructorppt_chapter1_finalfr
Sca n instructorppt_chapter1_finalfrSca n instructorppt_chapter1_finalfr
Sca n instructorppt_chapter1_finalfrYamadou BATHILY
 
Conception d'un site web
Conception d'un site webConception d'un site web
Conception d'un site webMoufida Othmani
 
Optimisation centralisée et distribuée de la durée de vie des réseaux de capt...
Optimisation centralisée et distribuée de la durée de vie des réseaux de capt...Optimisation centralisée et distribuée de la durée de vie des réseaux de capt...
Optimisation centralisée et distribuée de la durée de vie des réseaux de capt...Papa Cheikh Cisse
 

Andere mochten auch (7)

Mise en place de vlan au sein d'un réseau
Mise en place de vlan au sein d'un réseauMise en place de vlan au sein d'un réseau
Mise en place de vlan au sein d'un réseau
 
Qos formation-mettre-en-oeuvre-la-qos-cisco
Qos formation-mettre-en-oeuvre-la-qos-ciscoQos formation-mettre-en-oeuvre-la-qos-cisco
Qos formation-mettre-en-oeuvre-la-qos-cisco
 
Formation gestion de projet - 06 - la production
Formation gestion de projet - 06 - la production Formation gestion de projet - 06 - la production
Formation gestion de projet - 06 - la production
 
Formation gestion de projet - 05 - la conception
Formation gestion de projet - 05 - la conceptionFormation gestion de projet - 05 - la conception
Formation gestion de projet - 05 - la conception
 
Sca n instructorppt_chapter1_finalfr
Sca n instructorppt_chapter1_finalfrSca n instructorppt_chapter1_finalfr
Sca n instructorppt_chapter1_finalfr
 
Conception d'un site web
Conception d'un site webConception d'un site web
Conception d'un site web
 
Optimisation centralisée et distribuée de la durée de vie des réseaux de capt...
Optimisation centralisée et distribuée de la durée de vie des réseaux de capt...Optimisation centralisée et distribuée de la durée de vie des réseaux de capt...
Optimisation centralisée et distribuée de la durée de vie des réseaux de capt...
 

Ähnlich wie Vlan

CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1Chaing Ravuth
 
Westermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo Network Technologies
 
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.pptLecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.pptabdnazar2003
 
Network Topologies, L1-L2 Basics, Networking Devices
Network Topologies, L1-L2 Basics, Networking DevicesNetwork Topologies, L1-L2 Basics, Networking Devices
Network Topologies, L1-L2 Basics, Networking DevicesAalok Shah
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationAbdelkhalik Mosa
 
Lan security ipv6 presentation
Lan security ipv6 presentationLan security ipv6 presentation
Lan security ipv6 presentationyateendrasahu
 
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutionsSwitching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutionsMike McLain
 
NIM module 1 31122017.pdf
NIM module 1 31122017.pdfNIM module 1 31122017.pdf
NIM module 1 31122017.pdfADARSHN40
 

Ähnlich wie Vlan (20)

Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 Switches
 
VLAN
VLANVLAN
VLAN
 
ENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptxENCOR_Capitulo 1.pptx
ENCOR_Capitulo 1.pptx
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1
 
Westermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet Networking
 
Switching
SwitchingSwitching
Switching
 
Switching
SwitchingSwitching
Switching
 
PPT Backbone And Networks
PPT Backbone And NetworksPPT Backbone And Networks
PPT Backbone And Networks
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
The Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet CommunicationsThe Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet Communications
 
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.pptLecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
 
Ccna 9
Ccna 9Ccna 9
Ccna 9
 
Switching
SwitchingSwitching
Switching
 
Networkdevices by Jetarvind kumar madhukar
Networkdevices by Jetarvind kumar madhukarNetworkdevices by Jetarvind kumar madhukar
Networkdevices by Jetarvind kumar madhukar
 
Network Topologies, L1-L2 Basics, Networking Devices
Network Topologies, L1-L2 Basics, Networking DevicesNetwork Topologies, L1-L2 Basics, Networking Devices
Network Topologies, L1-L2 Basics, Networking Devices
 
Network Virtualization
Network VirtualizationNetwork Virtualization
Network Virtualization
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
 
Lan security ipv6 presentation
Lan security ipv6 presentationLan security ipv6 presentation
Lan security ipv6 presentation
 
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutionsSwitching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
 
NIM module 1 31122017.pdf
NIM module 1 31122017.pdfNIM module 1 31122017.pdf
NIM module 1 31122017.pdf
 

Mehr von PAF-KIET

To do list
To do listTo do list
To do listPAF-KIET
 
Proposal form mba mis (casestudy)
Proposal form mba mis (casestudy)Proposal form mba mis (casestudy)
Proposal form mba mis (casestudy)PAF-KIET
 
3 rd hourly marketing management
3 rd hourly marketing management3 rd hourly marketing management
3 rd hourly marketing managementPAF-KIET
 
Ilets 2nd hourly
Ilets 2nd hourlyIlets 2nd hourly
Ilets 2nd hourlyPAF-KIET
 
Adjectives 1
Adjectives 1Adjectives 1
Adjectives 1PAF-KIET
 
F.m final presentation
F.m final presentationF.m final presentation
F.m final presentationPAF-KIET
 
Working capital policies ( proposed )
Working capital policies ( proposed )Working capital policies ( proposed )
Working capital policies ( proposed )PAF-KIET
 

Mehr von PAF-KIET (10)

To do list
To do listTo do list
To do list
 
Proposal form mba mis (casestudy)
Proposal form mba mis (casestudy)Proposal form mba mis (casestudy)
Proposal form mba mis (casestudy)
 
Ceo
CeoCeo
Ceo
 
3 rd hourly marketing management
3 rd hourly marketing management3 rd hourly marketing management
3 rd hourly marketing management
 
Ilets 2nd hourly
Ilets 2nd hourlyIlets 2nd hourly
Ilets 2nd hourly
 
Adjectives 1
Adjectives 1Adjectives 1
Adjectives 1
 
F.m final presentation
F.m final presentationF.m final presentation
F.m final presentation
 
D 11
D 11D 11
D 11
 
Working capital policies ( proposed )
Working capital policies ( proposed )Working capital policies ( proposed )
Working capital policies ( proposed )
 
1 egp
1 egp1 egp
1 egp
 

Kürzlich hochgeladen

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
latest AZ-104 Exam Questions and Answers
latest AZ-104 Exam Questions and Answerslatest AZ-104 Exam Questions and Answers
latest AZ-104 Exam Questions and Answersdalebeck957
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsSandeep D Chaudhary
 
Basic Intentional Injuries Health Education
Basic Intentional Injuries Health EducationBasic Intentional Injuries Health Education
Basic Intentional Injuries Health EducationNeilDeclaro1
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxUmeshTimilsina1
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsNbelano25
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 

Kürzlich hochgeladen (20)

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
latest AZ-104 Exam Questions and Answers
latest AZ-104 Exam Questions and Answerslatest AZ-104 Exam Questions and Answers
latest AZ-104 Exam Questions and Answers
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
Basic Intentional Injuries Health Education
Basic Intentional Injuries Health EducationBasic Intentional Injuries Health Education
Basic Intentional Injuries Health Education
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 

Vlan

  • 1. VLANs and Port Security Gary Lee Nelson Lee Kelly Lum CS 996 10/23/2003
  • 2. Switched Networked Classical logical network topology Switches and hubs connect to end-nodes Routers connect switched, providing backbone Separates multicast and collision domain into two segments But routers add latency! Noticeable as networks become larger
  • 3. Adding Latency Switches are Layer 2 network devices Forward information based on layer 2, MAC addresses Routers are Layer 3 network devices Forward information based on layer 3, IP addresses Switches can better allocate bandwidth Unlike hubs, they do not broadcast traffic to all ports, but keeps track of which computer is connected to which port
  • 5. Classical Corporate Network Limitations End-nodes are connected to switches Large number of switches connected to routers Routers need to route large amount of packets End-nodes need to be physically connected to switches End-nodes need to be 100m or closer to switch Cannot further segment switches to limit broadcast or collision domains If you have research lab and public relations on same switch You cannot spread a department’s computers over a wide area, such as a scientific research computer laboratory across campus!!
  • 6. Ideal Switched Network • Switches are interconnected by a circuit-switched ATM backbone •But now there is one huge collision domain!!
  • 7. What is a Virtual LAN? A physically switched network that is logically segmented A new set of broadcast domain are created within the switches Allows machines on physically different LAN segments to behave as if they were part of the same segment
  • 8. Sample LAN There is a three-story building that is furnished with three computers per floor The three departments are oddly partitioned such that one computer from each floor constitutes 1/3 of the department We now have to move computers from each floor to its proper location so we can use hubs A very tedious and ridiculous job for network admin! (Let an intern do it…)
  • 9. Sample LAN into a VLAN By using switches, we can assign computer on different floors to VLAN1, VLAN2, and VLAN3 Now, logically, a department is spread across 3 floors even though they are physically located on different floors
  • 11. Why use VLANs? Provides limited amount of assurance that only computers part of the VLAN can communicate on it (Higher assurance can be obtained by following Cisco’s Best Practices implementation) Improves general network performance by not slowing down other users sharing the network Limits recipients of broadcast traffic Less congestion Allows easier network management
  • 12. VLAN Tagging To establish a packet’s association with a particular VLAN, a tag is added 802.1q – Specifies appending 32-bit VLAN tag (field) into Ethernet Frame after Ethernet header 12 bits are assigned to VLAN ID Usual Scenario Packet enters switch from source host Tag appended while in switch fabric (even if there is no trunking) Gets routed to specific port Tag is stripped off Original packet passed to destination host
  • 13. How do packets move in a VLAN? Three basic models for controlling how a packet get routed inside a VLAN switch Port based Network administrator assigns a port on a switch to a VLAN ID Need to manually enter it into the switch, so if a computer moves, then you have to manually update the changes If a repeater is attached to a port, all of the users on the repeater must be on the same VLAN MAC Address based Switch maintains a table of addresses and their corresponding VLAN memberships Easy to keep track of computers that moved Can be, but not easily, part of multiple VLANs
  • 14. How do packets move in a VLAN? Layer 3 based Membership is based on protocols and Layer 3 addresses Ex.: an IP subnet can be a VLAN or an IPX network Can use non-routable protocols like NetBIOS instead of IP or IPX
  • 15. How is VLAN membership indicated? Tagging packets internally and between trunks Tag is appended when packet arrives at switch Tag is stripped when packet reaches destination on same switch On a trunk: implicit and explicit Implicit - membership indicated by MAC address All switches supporting a VLAN must share a table of addresses Explicit – tag added to the packet to indicate VLAN membership Used by Cisco ISL and 802.1Q
  • 16. VTP – VLAN Trunking Protocol ISL – Pre-802.1q : Cisco proprietary Inter-switch Link protocol VTP – Management protocol that spans the trunks lines (ISL, 802.1q port, LANE, etc) Creates a new domain of switches for VLAN management Make one change, let VTP worry about propagating settings across inter-connected switches
  • 17. Port Security Enables blocking of unauthorized MAC addresses access to ports Switches can then monitor the security of those ports Alerts may be sent to a network manager where appropriate action should be taken
  • 18. Port Security for Cisco Catalyst Blocks input into a port if the MAC address is different from the set of MAC addresses assigned to the port Allows a maximum of 1024 MAC addresses plus one default MAC address for each port Manual or Automatic configuration Configuration stored in non-volatile RAM
  • 19. Port Security for Cisco Catalyst (continued) Able to set an age time during which the port is secure. After the time has expired, the port becomes insecure. (WHY?) Default setting: Ports are secured permanently An attempting MAC address that is different from the secure MAC addresses on the port constitutes as a security violation After a security violation, ports are defaulted to shutdown permanently Port security not supported for trunk ports
  • 20. Port Security for Cisco Catalyst (continued) MAC address Actions taken by the port: • Shut down permanently • Shut down for a period matches the MAC address with list of secure MAC Match allows the packet of time through addresses for the port (If shut down, an link- down trap is sent to NO match SNMP) • Enabled, but drops The port takes action. packets from insecure hosts
  • 21. Port Security for HP Procurve 4000M For any port, one or both of the following can be configured Authorized Addresses – specify up to 8 MAC addresses allowed for inbound traffic Closes the port to any unauthorized device Prevent Eavesdropping – blocks outbound traffic to unknown destination addresses When a security violation is detected An alert flag is set for that port Sends an SNMP trap to network management system
  • 22. Port Security for HP Procurve 4000M Port Security is defaulted to off. Configuration parameters Port – port to enable port security Learn mode Continuous (default) – port learns about MAC addresses from inbound traffic, and addresses are Aged out. Static – Manually enter up to 8 MAC addresses Address Limit – the number of addresses to allow 1 is default, 8 is the maximum
  • 23. Port Security for HP Procurve 4000M Eavesdrop Prevention Disabled (default) – allows all outbound traffic Enabled – allows outbound traffic with known destination MAC addresses Action None (default) – no trap is sent Send Alarm – SNMP trap sent to network management system. Authorized Addresses List of MAC addresses allowed
  • 24. Resources Cisco Catalyst 2980G-A Product Overview - http://cisco.com/univercd/cc/td/doc/pcat/ca2980g.htm Cisco Catalyst 2900 Series Configuration Guide - http://www.cisco.com/en/US/products/hw/switches/ps606/prod ucts_configuration_guide_book09186a008007f199.html Hewlett-Packard's support site - HP Procurve 4000M - http://www.hp.com/rnd/support/index.htm Types of VLAN - http://www.vlan- analyser.co.uk/content/semitechnical.htm