now that we've looked at. Now we're connectivity devices, and we know the difference between a hub, a switch or router and a villain. What we'll do in the next couple sections is look at them more in depth in this section. We're going to take a look at switches and villains and configuring them in a secure environment.
One of the first things we'll talk about is port mirroring. We've talked about how a switch learns the network over time and switch learns what Mac addresses attached to each port and then follows forwards.
The first thing we want to look at his port mirroring with Port Marine. This comes into play when we have a device like a sniffer or an intrusion detection system that we want to bring on the network.
We've already said that switches really learned the network and forward traffic out only the appropriate port. But when I have an intrusion detection system or if I have a sniffer and I want to evaluate the traffic on my network, when I plug into a single port on the switch, there really shouldn't be traffic coming out the port because nobody is directing traffic specifically to my sniffer or to my i. D. S.
What we want to do is enable a mode called Port Span.
As you know, everything stands for something port span stands for, or the SPAN stands for switch port analyzer. Essentially, that's an administrative mode, which is just going to allow the network packets to come out a particular port,
that particular port on which I've enabled span. This is one of the ways we're going to be able to monitor traffic on a switch network.
Like we said, switches are layer two devices. They use Mac addresses to learn the network.
They saw that Mac address in a table called the Cam table, and that's where the Mac addresses are mapped to specific ports.
We want to consider things like Mac flooding as a threat, And what happens with that flooding is the legitimate entries in the can table are overwritten with bogus entries, and ultimately, what it winds up doing is causing the switch to forget all the ports that has learned over time.
When a switch doesn't know what port forward traffic out, it acts just like a hub
and sends all data out. All ports until it learns the network again. So Mac flooding is a concern
with considering Mac addresses. We want to perhaps add the security of requiring a specific Mac address to connect to a specific port.
Sometimes there are flood guards that you can enable on a switch to look for things like Mac flooding.
We just want to make sure that the camp tables protected because, like I said, when the camp tables overwritten, the device kind of turns back into being the hub. But from the standpoint of securities is very weak.
Spanning tree protocol is a technique that's used to eliminate the problem where at least mitigate the problem of switching loops.
Many times we have switches connected together with redundant links, because if one link goes down, we still want connectivity.
The problem with that is that we can have a problem where the switches learn the same destination I p address on multiple ports, and that causes confusion because the broadcasters send out that information to other switches. You wind up having something cause switching loop, which can cause lots of problems and can cause Mac table to be overwritten and cause some conflicts there.
What spanning tree protocols does is very basic. When you have redundant links, you can figure those links so that one is in a state of listening. The other is in 40 mode. The port that's in forging is sending traffic where the other is sitting there, waiting until the main port or 14 port fails.
In that state, the listening ports become active forwarding ports. It's a way of prioritizing one link while telling the other links to stand down until there's a failure in need for redundancy arises
with violence. We have villain tagging or villain chunking. This is what allows villains or interval and traffic to happen on a switch. Ultimately, if we're connecting to switch to a broader and we've got multiple villains on a switch,
there has to be away for that router. Two different tree switch to which the island send traffic to.
If you can see in this illustration, there are a couple of different violence. Remember, we're assuming this is a layer two switch based on this diagram, and a Layer two switch can't allow interview and communication. What they've done in this illustration, rather than using a three layer switch, is they've connected the Layer two. Switch to a router, and that works.
The traffic goes out to the router. The router adds a tag and sends that packet back to the switch.
If it has traffic in this illustration for the 172.16 point 20 network, it gets a tag that says Villain 10. If it's for the 172.16 point 10 network, it gets a tag called Villain 20 so that a Layer two switch can understand where to send traffic. Remember, Layer two switches only use Mac addresses,
so we have violence that need to communicate with each other. They are separate I p addresses, and we have to have a Layer three device.
If we didn't have a Layer three device or router, then we could have used a Layer three switch