Network Security Devices Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

8 hours 20 minutes
Video Transcription
we talked about hubs in the last section. We have talked about routers and said Routers are going to isolate our network into broadcast domains. They can help submit my network, so I have different quality of servants, segments and privacy and security segments. A router really does a lot of good things for my network, but a router is expensive.
I'm not really taking the link cyst or neck your router.
I'm talking about grown up routers like you do some production, a real router when we have these, and I have the situation of my folks on the left and the sales team and my HR folks in the middle and the VoIP network over on the right. I still want to create these separate segments or subnets, but I want to do it cheaper.
That's when I bring back my switch and I enable a feature called Villains. Virtual Elian's.
A virtual Elliot is a function of the operating system on a switch. Not every switch has villain capability.
It's not required for a switch to support the lands. But to tell you the truth, just about all of them today do.
Typically, a switch is a layer to device we set switches are layer two. They use Mac addresses to direct traffic. But when you implement a villain on a switch, you start to skirt the waters into meaning a layer three switch, which is the next layer up
with the lands. You assign certain ports on the switch to a particular V land.
That villain, all the hosts on the villain will share the same network ID, so all the hosts connected, say, into ports to three and eight. Whatever ports I want will be part of the Sales V Land, the HR V land, assigned to whatever ports are plugging into and the same with VoIP.
Broadcast isolation is done through these V lands. The sales villain broadcast stay within the ports assigned to the sales of island. Same thing for HR and same thing for VoIP.
However, if you're trying to create the lands on a layer two switch because the Layer two switch does not understand I P addresses. Even though these feelings can be created and kept separate, the violence cannot communicate.
The reason for that is that a switch can't say Oh, an I P. Address 1 72.16 goes out these ports because the switch doesn't understand the I P addresses.
What happens if you set up a villain with a layer two switch is that you have three separate subnets because they can't communicate with each other.
There are some cases where that might actually be desirable.
You might, for security purposes, truly want three totally isolated networks. But you probably want your networks to be able to communicate.
If you want your V lands to be able to communicate, you need a device that functions at layer three and understands I p addresses so we can go back to the router or we can upgrade are layer two switch and instead have a layer three switch and going back to the S. I model that layer three switches where I P address scene is used.
So your layer three switches use I p addresses
wrapping up with our network connectivity devices. We talked about hubs, which sends all data out all ports all the time.
Then we looked at switches that use Mac addressing because they're layer two devices. They isolate traffic into collision domains. That way, we can use all but eliminate collisions on our Ethernet networks.
Then we looked at marauders that isolate traffic into broadcast domains, and they're able to interconnect different networks based on I p addresses. But routers are expensive.
We talked about using violence to create that same broadcast isolation. And if we create our villains on a layer three switch, not only do we get the same isolation, but we also get interval and communication
Up Next
CompTIA Network+ (N10-007)

The Cybrary Network+ Certification course provides students with the knowledge and insight to perform entry-level network-related tasks and to serve as one portion of a balanced study effort required to pass the Network+ exam.

Instructed By