Managed Switches & What They Can Do

A QUICK GUIDE TO MA MANAGED SWITCHES Huh? What does that mean? Definitions SNMP Simple Network Management Protocol (SNMP) is a popular protocol for network management. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network. http://technet.microsoft.com/en-us/library/cc776379%28v=ws.10%29.aspx CLI A command line interface (CLI) is a type of human-computer interface (i.e., a way for humans to interact with computers) that relies solely on textual input and output. www. http://www.linfo.org/command_line_interface.html Telnet is a user command and Telenet an underlying TCP/IP protocol for accessing remote computers. http://searchnetworking.techtarget.com/definition/Telnet VLAN Each virtual bridge you create in the switch defines a new broadcast domain (VLAN). Traffic cannot pass directly to another VLAN (between broadcast domains) within the switch or between two switches. To interconnect two different VLANS, you must use routers or Layer 3 switches. http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/vlans.html Port mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. Port Mirroring http://en.wikipedia.org/wiki/Port_mirroring Q-In-Q Advanced Managed Switch Features IEEE 802.1Q is the networking standard that supports virtual LANS (VLANS) on an Ethernet network. The standard defines a system of tagging Q-In-Q VLAN encapsulates the private network VLAN tag of the user in the public (service provider) network VLAN Tag to make the packet with double layers of VLAN Tags cross the backbone network for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling Such frames. The standard also contains (public network) of the operator. provisions for a quality of service prioritization scheme commonly known as IEEE 802.1p and defines When a device has dual stack the Generic Attribute Qual Stack IPV4 / IPre Registration Protocol capabilities then it has access to both IPv4 and IPV6 technology available. It can use both of these technologies to connect to remote servers and Multiple Spanning Tree Protocol (MSTP) as defined in IEEE 802.1s allows 802.1Q VLAN you to configure multiple STP instances. This will allow several VLANS to be mapped to a reduced number of destinations in parallel. spanning-tree instances. This ensures loop-free topology for 1 or more VLANS that have the same Layer 2 topology. BPDU stands IGMP snooping is the process of listening to Internet Group Manage- ment Protocol (IGMP) network traffic. The feature allows a net- for Bridge Protocol Data Unit, which is a packet of data, sent out on local area net- The Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. works or LANS, that works to detect loops in a net- MSTP work switch to listen in on the IGMP conversation between hosts and routers. By listening to these conversations the switch main- tains a map of which links need which IP multicast work. BPDU Oyer Discoven streams. "GMP Snooping http://www.startnetworks.info/2011/06/what-is-ging.html http://www.cisco.com/c/dam/en/us/products/collateral/ ios-nx-os-software/enterprise-ipv6-solution/aag_c45-625513.pdf ´Protocol http://en.wikipedia.org/wiki/IEEE_802.1Q nd MLD Snooping http://www.brocade.com/downloads/documents/ht ml_product_manuals/NI_05400a_CFG/ wwhelp/wwhimpl/common/html/wwhelp.htm#conte xt=NI_ConfigGuide_Netfiles&file=STP.22.6.html http://www.ehow.com/info_12216960_opdu-guard.html http://en.wikipedia.org/wiki/IGMP_snooping http://en.wikipedia.org/wiki/Link_Layer_Discovery_Protocol DHCP snooping is a series of layer 2 techniques that ensures IP Network Security integrity on a Layer 2 switched domain. It works with information from aDHCP server to: Track the physical location of hosts. Ensure that hosts only use the IP addresses assigned to them. Ensure that Features only authorized DHCP servers are accessible. DHCP Snooping DAI http://en.wikipedia.org/wiki /DHCP_snooping Dynamic ARP Inspection (DAI) is a security feature that verifies address resolution protocol (ARP) requests and responses in a network.ARP allows hosts within a Layer 2 broadcast domain to communicate. It does this by mapping an IP address to the individual host's media access control (MAC) address. http://www.dscopress.com/ articles/article.asp?p=11816 828segNum=7 http://searchnetworking.tec htarget.com/definition/Dyn amic-ARP-Inspection-DAI IP Source Guard is a security feature that restricts IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database or manually configured IP source bindings. This feature helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host. IP Source Guard Energy Efficiency Managed Switches with PoE functionality can come equipped with the following options: PD Alive Check POER dule Allows Powered devices Enables Monitors administrators to Powers PDs connected PDs Such as PoE IP off when not in monitor the power (Powered Devices) via Ping requests and wakes dormant devices cameras or PoE use at pre-assigned time intervals during status and usage of the connected PDs wireless access points to reboot at a specified time non-business hours in real time. for example POE Usage Monitoring Scheduled Power Rebooting Console Telnet Quality switches will offer User-Friendly Interface Web SNMP 4 dlifferent types of interfaces Secure Management Types of Advanced Packet Encryption Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line SSH login, remote command execution, and other secure network services between two networked computers. http://en.wikipedia.org/wiki/Secure_Shell SSL SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client–typically browser; or a mail server and a mail client (e.g., Outlook). web server (website) and a http://info.ssl.com/article.aspx?id=10241 SNMPV3 provides important and upgraded security features that accounts for security weaknesses in SNMPV1 and SNMPV2: SNMPV3 Confidentiality - Encryption of packets to prevent snooping by an unauthorized source. • Integrity - Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism. • Authentication - to verify that the message is from a valid source. http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol VLAN PV6IPV4 Dual Stac