Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
cisco:switch [2008/01/18 20:46] a created |
cisco:switch [2011/11/24 13:34] (current) greebo |
||
---|---|---|---|
Line 1: | Line 1: | ||
<note warning> | <note warning> | ||
- | **GOOD TO KNOW!** (// | + | **GOOD TO KNOW!** |
+ | ( // | ||
\\ | \\ | ||
Normally, through a switch port, there are 3 kinds of traffic that are forwarded (i didn't take into account the vlan separation in the switch):\\ | Normally, through a switch port, there are 3 kinds of traffic that are forwarded (i didn't take into account the vlan separation in the switch):\\ | ||
Line 7: | Line 8: | ||
* **traffic with dest. mac addresses unknown to the switch, which is flooded to all ports but the one where the packets entered.** \\ | * **traffic with dest. mac addresses unknown to the switch, which is flooded to all ports but the one where the packets entered.** \\ | ||
- | When one uses "'' | + | When one uses "'' |
\\ | \\ | ||
A problem arises when a host connected somehow to that port does not send any traffic for more than '' | A problem arises when a host connected somehow to that port does not send any traffic for more than '' | ||
Line 13: | Line 14: | ||
packets is enough to make the mac address of the host be addded to the table on the switch, and the probability of a " | packets is enough to make the mac address of the host be addded to the table on the switch, and the probability of a " | ||
</ | </ | ||
+ | |||
+ | ===== PoE (Cisco that's not using 802.3af by default) ===== | ||
+ | | ||
+ | power inline delay shutdown 5 initial 100 | ||
+ | |||
+ | for each interface | ||
+ | |||
+ | ===== Make Catalyst switch silent (The Invisible Catalyst Switch) ===== | ||
+ | |||
+ | <note tip> | ||
+ | If you've ever looked at a packet capture from a Cisco Catalyst switch with a default configuration, | ||
+ | |||
+ | |||
+ | |||
+ | **Original notes: http:// | ||
+ | </ | ||
+ | |||
+ | **Turning off CDP** | ||
+ | | ||
+ | **Turning off DTP** | ||
+ | | ||
+ | | ||
+ | | ||
+ | **Turning off STP** | ||
+ | | ||
+ | **Turning off Ethernet Keepalives** | ||
+ | | ||
+ | | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== Security on L2 based equipment ===== | ||
+ | |||
+ | see [[http:// | ||
+ | |||
+ | ==== VLAN ACL (VACL) ==== | ||
+ | |||
+ | **VACL on a Bridged Port** | ||
+ | {{cisco: | ||
+ | **VACL on a Routed Port** | ||
+ | {{cisco: | ||
+ | |||
+ | === Configuring VACL === | ||
+ | - Define the standard or extended access list to be used in VACL. | ||
+ | - Define a VLAN access map. | ||
+ | - Configure a match clause in a VLAN access map sequence. | ||
+ | - Configure an action clause in a VLAN access map sequence. | ||
+ | - Apply the VLAN access map to the specified VLANs. | ||
+ | - Display VLAN access map information. | ||
+ | |||
+ | < | ||
+ | Switch(config)# | ||
+ | Switch(config)# | ||
+ | Switch(config)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config)# | ||
+ | Switch(config-access-map)# | ||
+ | |||
+ | Switch# show vlan access-map | ||
+ | Vlan access-map " | ||
+ | Match clauses: | ||
+ | ip address: 1 | ||
+ | Action: | ||
+ | drop | ||
+ | Vlan access-map " | ||
+ | Match clauses: | ||
+ | ip address: 2 | ||
+ | Action: | ||
+ | Forward | ||
+ | |||
+ | Switch# show vlan filter | ||
+ | VLAN Map mymap is filtering VLANs: | ||
+ | 5-10 | ||
+ | </ | ||
+ | |||
+ | ==== MAC ACL ==== | ||
+ | |||
+ | MAC ACL, also known as Ethernet ACL, can filter non-IP traffic on a VLAN and on a physical Layer 2 interface by using MAC addresses in a named MAC extended ACL. The steps to configure a MAC ACL are similar to those of extended named ACLs. MAC ACL supports only inbound traffic filtering. | ||
+ | |||
+ | < | ||
+ | Switch(config)# | ||
+ | Switch(config-ext-macl)# | ||
+ | Switch(config-ext-macl)# | ||
+ | Switch(config-ext-macl)# | ||
+ | Switch(config)# | ||
+ | Switch(config-if)# | ||
+ | Switch(config-if)# | ||
+ | Switch# | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ |