Disabling or blocking certain cookies may limit the functionality of this site. Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure. Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider.
Marketing preferences may be changed at any time. If a user's personally identifiable information changes such as your postal address or email address , we provide a way to correct or update that user's personal data provided to us.
This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service informit. Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list s simply visit the following page and uncheck any communication you no longer want to receive: www.
While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest pearson. California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.
This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site. Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.
We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements.
If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions. All rights reserved.
Cisco Press. Join Sign In. Sample Chapter is provided courtesy of Cisco Press. Date: Oct 25, Trunk links provide VLAN identification for frames traveling between switches. Certain types of switches can negotiate trunk links. Trunk links must be configured to allow trunking on each end of the link.
To enable trunking between the switches, use the following steps: Enable trunking on a port. TIP It is important to remember that not all switches support DTP and might not establish a trunk without intervention. NOTE When enabling trunking, it is not possible to specify a range of ports. NOTE Not all switches allow you to negotiate a trunk encapsulation setting.
Overview Pearson Education, Inc. Collection and Use of Information To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including: Questions and Inquiries For inquiries and questions, we collect the inquiry or question, together with name, contact details email address, phone number and mailing address and any other additional information voluntarily submitted to us through a Contact Us form or an email.
Surveys Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Contests and Drawings Occasionally, we may sponsor a contest or drawing. Newsletters If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information ciscopress.
Service Announcements On rare occasions it is necessary to send out a strictly service related announcement. Customer Service We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.
Other Collection and Use of Information Application and System Logs Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Web Analytics Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. Cookies and Related Technologies This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising.
Security Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.
It is often the case that a switch may be full or that nodes within the same administrative unit are geographically separated from each other. In these cases, a VLAN can be extended to neighboring switches through the use of a trunk line. Trunks will be discussed in greater detail later in this chapter, but for now it is sufficient to say that trunks connecting separate switches can, among other things, convey VLAN information between network devices.
Figure suggests several changes to repair the items noted in Figure Trunk ports do not have membership in any particular VLAN. Switches in the same closet can also be interconnected via trunk lines. Generally, there are two ways to look at a trunk line. In telephony, the term trunk refers to connections between offices or distribution facilities.
These connections represent an increased number of lines or time division multiplexed connections as shown in Figure Examples include 25 pair bundles or T carriers. For data networking, trunks have little to do with increasing the number of connections between switches.
The primary use of a trunk line in a data network is to convey VLAN information. The trunk line shown in Figure carries VLAN and quality of service information for the participating switch. When a trunk line is installed, a trunking protocol is used to modify the Ethernet frames as they travel across the trunk line.
In Figure the ports interconnecting the switches are trunk ports. This also means that there is more than one operational mode for switch ports. When a port is used to interconnect switches and convey VLAN information, the operation of the port is changed to a trunk. For example, on a Cisco switch the mode command would be used to make this change. The An example of a tagged frame can be seen in Figure So, on the trunk ports, a trunking protocol is run that allows the VLAN information to be included in each frame as it travels over the trunk line.
For configuration, there are generally two steps: converting the port to trunk mode and determining the encapsulation trunking protocol to be used. There are several steps to the process in addition to host routing so Figure is labeled based on the steps listed. PC1 sends traffic to PC2 after processing its host routing table. These nodes are in the same VLAN but they are connected to different switches.
The basic process:. The original frame is forwarded to the destination port 4 based on the SAT of Switch 2. The packet shown in Figure provides detail on this modification. In this particular case, the trunking protocol that has been used is IEEE In this case, the two computers communicating are on VLAN 2. The binary value of is shown.
However, because this is a change to the actual frame, the Cyclical Redundancy Check CRC at the end of the Ethernet frame must be recalculated. Without a trunk, the nodes will probably all be on the same VLAN which can lead to the problems noted earlier.
Trunks and VLANs are a vital part of standard topologies. Of the two, IEEE The IEEE As a reminder, IEEE Switch vendors adhere to both of these standards and then add enhancements such as management. When using IEEE Per the Therefore, frame is actually changed. So, the Ethernet type, which indicates the kind of encapsulated data, must also change. As an example, IP packets have an Ethertype value of but when running over a trunk it is changed to as shown in Figure There are three ways that this information can be structured but those used in token ring and FDDI networks will not be covered here.
The 2-byte hexadecimal TCI from Figure is 20 Used in quality of service implementations, also called class of service. This is a three bit field with values ranging from 0 to 7. The default value is 0 though vendors recommend higher values for certain types of traffic. For example, VoIP traffic is typically set to binary base 5. Figure depicts a slightly elevated priority of 2.
Figure depicts prioritized traffic from another network. In this case, the priority is set to 7. This single bit field was used to indicate bit orders or flags for routing information associated with legacy protocols such as token ring and FDDI.
Today, almost all switching is Ethernet. So, the field is almost never used and the value is typically 0. This corresponds to VLAN in base 10 numbers. As this is an older Cisco proprietary protocol, not much time will be spent on its description. Figure shows an ISL tagged frame and illustrates a different approach to tagging. IEEE This also forces a recalculation of the frame CRC. ISL prepends the tag.
The ISL header is also considerably larger than the While a particular VLAN may extend well beyond a single switch and may exist throughout much of a topology, it is not necessary to have it persist on every switch.
The benefits include a reduction in trunk line traffic and potential security improvement through this pruning capability, especially with static topologies. Switch 1 prunes VLAN 3 traffic prevents passage out its trunk port. Regardless of vendor, it is always a good idea to examine the trunking configuration and determine the best approach for tagged frames and untagged frames and pruning. Is SNMP or some other management protocol running? How will you get to all of the nodes?
Are these nodes servers? End nodes? Do the nodes represent vital company resources? Are these public facing machines? In addition to these general questions, there are other good practices to follow that will help reduce exposure to security risk and protect vital network resources.
Wireless should be in its own VLAN. Since wireless is a shared media, all broadcast and much of the multicast traffic coming from the switch will be shared as well.
In addition, any flooded unicast traffic will be seen by all wireless nodes. Creating a VLAN for wireless nodes narrows the traffic that they can see. In addition, a potential attack via wireless will have a boundary to cross before reaching other portions of the network.
This is as much for quality of service as it is for protection. Anytime real time voice traffic has to compete for bandwidth, there is the potential for performance degradation. Security concerns are to some extent relieved by the VLANs as well. Tools such as Wireshark can not only capture but decode and play voice traffic so it is important to keep voice traffic separated wherever possible.
Other important network devices such as servers or even users of sensitive data should be placed in their own VLANs. In addition to the reasons already stated, many vendors have features that allow the creation of VLAN specific security and QoS policies.
This chapter has discussed the need to isolate traffic. Organizations need not forward data to every single port because this is inefficient and represents a security risk due to potential eavesdroppers. There are several configuration items that should be part of any VLAN deployment checklist. One of the biggest challenges associated with deploying a network device is understanding default behavior. Switches and routers are no different, particularly as the number of features increases.
One of these items is the default configuration mode of the ports on the switch. Most switch ports will wind up connected to computers and so will act as access ports. What is not obvious is that on many devices, the default configuration is not access , but dynamic. This means that the port is willing to negotiate the mode of operation. If two switches are connected together, and one switch is configured with a trunk port, it is often the case that it will generate dynamic trunking protocol messages.
Once received, this message may cause the second switch to convert its port to a trunk automatically. This is shown in Figure Initially this auto-configuration sounds convenient but what is to stop an attacker from generating the same message and converting a port in the same way?
In addition to allowing the attacker to learn more about the network, it also means that the attacker may be able to generate tagged frames that will be delivered over the entire network. Whenever possible, dynamic configuration should be turned off. In addition to pruning for proper VLAN boundaries and the default configurations of the ports, it may be prudent to add a couple of additional configuration changes. Anyone connecting to a port in this VLAN will be isolated.
In addition, many vendors offer security enhancements to ports such as authorized MAC addresses and restricting the number of MAC addresses allowed. Computer Hardware. By: Jeff Tyson. Thank You. What is an IP address? Cite This! Print Citation. Try Our Sudoku Puzzles!
0コメント