Switch and VLAN Configuration Part 1
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Now that we've looked in
00:00
network connectivity devices
00:00
and we know the difference between a hub,
00:00
a switch, a router, and a VLAN,
00:00
what we'll do in the next couple of sections
00:00
is look at them more in-depth.
00:00
In this section, are going to take
00:00
>> a look at switches and VLANs
00:00
>> and configuring them in a secure environment.
00:00
>> One of the first things we'll
00:00
talk about is port mirroring.
00:00
We've talked about how a switch learns
00:00
the network over time and
00:00
switch learns what MAC address is
00:00
attached to each port and then follows ports.
00:00
The first thing we want to look at is port mirroring.
00:00
With port mirroring, this comes into
00:00
play when we have a device like a sniffer
00:00
or an intrusion detection system
00:00
that we want to bring on the network.
00:00
We've already said that switches
00:00
really learn the network and
00:00
forward traffic out only the appropriate port.
00:00
But when I have an intrusion detection system or if
00:00
I have a sniffer and I want to
00:00
evaluate the traffic on my network,
00:00
when I plug into a single port on a switch,
00:00
there really shouldn't be traffic coming
00:00
out the port because nobody who is
00:00
directing traffic specifically to
00:00
my sniffer or to my IDS.
00:00
What we want to do is enable a mode called port SPAN.
00:00
As you know, everything stands for something.
00:00
The SPAN stands for Switched Port Analyzer.
00:00
Essentially, that's an administrative mode,
00:00
which is just going to allow
00:00
the network packets to come out of a particular port.
00:00
That particular port on which I've enabled SPAN.
00:00
This is one of the ways we're going to be able to
00:00
monitor traffic on a switch network.
00:00
Like we said, switches are Layer 2 devices.
00:00
They use MAC addresses to learn the network.
00:00
They store that MAC address in
00:00
a table called the CAM table
00:00
and that's where the MAC addresses
00:00
are mapped to specific ports.
00:00
We want to consider things like
00:00
MAC flooding as a threat and what happens with
00:00
MAC flooding is the legitimate entries in
00:00
the CAM table are overwritten with
00:00
bogus entries and ultimately,
00:00
what it winds up doing is causing the switch to
00:00
forget all the ports that is learned over time.
00:00
When a switch doesn't know what
00:00
port forwarded traffic out,
00:00
it acts just like a hub
00:00
>> and since all data out all ports
00:00
>> until it learns the network again,
00:00
>> so MAC flooding is a concern.
00:00
With considering MAC addresses,
00:00
we want to perhaps add the security of requiring
00:00
a specific MAC address to connect to a specific port.
00:00
Sometimes there are flood guards you can enable
00:00
on a switch to look for things like MAC flooding.
00:00
We just want to make sure that the
00:00
>> CAM table is protected
00:00
>> because like I said when the CAM tables is overwritten,
00:00
the device turns back into being a hub,
00:00
which from the standpoint of securities is very weak.
00:00
Spanning Tree Protocol is a technique that's used to
00:00
eliminate the problem or at least
00:00
mitigate the problem of switching loops.
00:00
Many times we have switches
00:00
connected together with redundant links,
00:00
because if one link goes down,
00:00
we still want connectivity.
00:00
The problem with that is that we can
00:00
have a problem where the switches learn
00:00
the same destination IP address on multiple ports,
00:00
and that causes confusion because
00:00
the broadcast will send out
00:00
that information to the other switches,
00:00
you wind up having something called switching loop,
00:00
which can cause lots of problems and can cause
00:00
MAC table to be overwritten
00:00
and cause some conflicts there.
00:00
What Spanning Tree Protocols does is very basic.
00:00
When you have redundant links,
00:00
you can figure those links so
00:00
that one is in a state of listening,
00:00
the other is in forwarding mode.
00:00
The port that's in forwarding is sending traffic,
00:00
while the other is sitting there waiting
00:00
till the main port or forwarding port fails.
00:00
In that state, the listening ports
00:00
become active forwarding ports.
00:00
It's a way of prioritizing
00:00
one link while telling the other links to
00:00
stand down until there's
00:00
a failure and need for redundancy arises.
00:00
With VLANs, we have VLAN tagging or VLAN trunking.
00:00
This is what allows VLANs or inter-VLAN traffic
00:00
to happen on a switch.
00:00
Ultimately, if we're connecting a switch to
00:00
a router and we've got multiple VLANs on a switch,
00:00
there has to be a way for that router to
00:00
differentiate the switch to
00:00
which VLAN to send traffic to.
00:00
If you can see in this illustration,
00:00
there are a couple of different VLANs.
00:00
Remember, we're assuming
00:00
this is a Layer 2 switch based on
00:00
this diagram and a Layer 2 switch
00:00
can't allow inter-VLAN communication.
00:00
What they've done in this illustration rather,
00:00
than using a three-layer switch,
00:00
is they've connected that Layer 2 switch
00:00
to a router, and that works.
00:00
The traffic goes out to the router,
00:00
the router adds a tag,
00:00
>> and sends our packet back to the switch.
00:00
>> If it has traffic, in this illustration
00:00
for the 172.16.20 network,
00:00
it gives a tag that says VLAN 10.
00:00
If it's for the 172.16.10 network,
00:00
it gives a tag called VLAN 20,
00:00
so that a Layer 2 switch can
00:00
understand where to send traffic.
00:00
Remember, Layer 2 switches only use MAC addresses.
00:00
We have VLANs that need to communicate with each other.
00:00
They are separate IP addresses
00:00
and we have to have a Layer 3 device.
00:00
If we didn't have a Layer 3 device or a router,
00:00
then we could have used a Layer 3 switch.
Up Next
Similar Content
