Layer 2 and Layer 3 Switching PDF

**Layer 2 and Layer 3 Switching** **Layer 2 Switching:** - Operates at the Data Link layer of the OSI model, focusing on MAC addresses. - Builds MAC address tables for forwarding frames. - Features: - VLAN support to segment networks. - Use of Spanning Tree Protocol (STP) to avoid loops. - Applications: - Suitable for local, flat networks. - Efficient in small-scale environments with minimal routing needs. - Advantages: - Faster performance since it doesn't analyze packets at the network layer. - Low latency and improved security for internal communications. - Disadvantages: - Cannot route between subnets or VLANs. - Scalability is limited for larger, complex networks. **Layer 3 Switching:** - Operates at the Network layer, using IP addresses for routing. - Capable of routing between VLANs and subnets. - Features: - Static and dynamic routing for optimized packet delivery. - High-speed scalability for dense networks. - Applications: - Used in large organizations, data centers, and high-density environments. - Essential for networks requiring inter-VLAN communication. - Advantages: - Provides fault isolation and enhanced traffic management. - Can handle multiple broadcast domains. - Differences: Layer 2 works within a single network using MAC addresses, while Layer 3 routes between networks using IP addresses. **Summary Mapping of Devices to OSI Layers:** 1. **Layer 1 (Physical):** Cables, hubs, antennas. 2. **Layer 2 (Data Link):** Switches, bridges, MAC addresses, WAPs. 3. **Layer 3 (Network):** Routers, Layer 3 switches, IP addresses. 4. **Layer 4 (Transport):** Firewalls (stateful), load balancers, TCP/UDP. 5. **Layer 5 (Session):** Authentication/session management tools. 6. **Layer 6 (Presentation):** Encryption/decryption systems, compression tools. 7. **Layer 7 (Application):** Browsers, apps, protocols like HTTP/FTP. **Layer 2: Data Link Layer** **Purpose:** Provides reliable frame transmission, error detection, and flow control. Uses MAC addresses. - **Components:** - Switches (Layer 2): Use MAC addresses for forwarding frames within a network. - Bridges: Connect different segments of a LAN. - Wireless Access Points (WAPs): Facilitate wireless connections at this layer. - MAC Address: Uniquely identifies devices at this layer. - Protocols: Ethernet, Wi-Fi (802.11), PPP, Frame Relay. **Layer 3: Network Layer** **Purpose:** Handles routing of data packets across networks using IP addresses. - **Components:** - Routers: Use IP addresses to route data between different networks. - Layer 3 switches: Combine switching and routing functionalities. - Protocols: IP (IPv4, IPv6), ICMP, ARP, RIP, OSPF. - Firewall (basic routing/firewalling operates here). **Wireless Networks and Antennas** - **Wireless Topologies:** - **IBSS (Ad Hoc):** Peer-to-peer communication without an access point. - **ESS (Infrastructure):** Involves multiple APs connected to a Distribution System for broader coverage. - **Mesh:** APs connect dynamically to provide flexibility and redundancy. - **Wireless Standards:** - IEEE 802.11 defines WLAN operations, supporting technologies like MIMO for better performance. - **Antenna Types:** - Omnidirectional: Broadcasts signals in all directions. - Directional: Focuses the signal in a specific direction for increased range and strength. - **Access Points:** - Configurations include root, repeater, and bridge modes. - Central for connecting wireless devices to wired networks. **VLANs and Security** - **Default VLAN:** VLAN 1 is preconfigured on switches and cannot be renamed or deleted. Use blackhole VLANs to isolate unwanted traffic. - **Native VLAN:** Supports older devices by transmitting untagged frames. Misconfigurations can lead to VLAN hopping attacks. - **Management VLAN:** Ensures bandwidth is dedicated to management tasks. Avoid using VLAN 1 as the management VLAN. - **Voice VLAN:** Isolates VoIP traffic to preserve voice quality and bandwidth. **Switch Security** - **Switchport Security:** - Restricts access to specific MAC addresses. - Types: - Static: Predefined and unchanging. - Dynamic: Learned temporarily from traffic. - Sticky: Dynamically learned but saved for persistence. - Violation Modes: - Protect: Drops unknown traffic without notification. - Restrict: Drops traffic and logs violations. - Shutdown: Disables the port entirely. - **VLAN Hopping Attacks:** - **Switch Spoofing:** Attacker emulates a trunk port to access VLANs. Mitigation: Disable unused ports and set trunk ports manually. - **Double Tagging:** Exploits native VLAN configurations. Mitigation: Avoid using native VLAN on trunk links. - **ARP Attacks:** - Alters MAC-IP mappings to intercept traffic. Mitigation: Use port security and intrusion detection systems. - **VTP Attacks:** - Exploits VLAN Trunking Protocol to alter configurations. Mitigation: Use VTP version 3 and limit server roles. **Wireless Security** - **Threats:** - **Piggybacking:** Unauthorized access to Wi-Fi networks. - **Wardriving:** Searching for insecure networks using specialized tools. - **Evil Twin Attacks:** Fake APs trick users into connecting, allowing data interception. - **Wireless Sniffing:** Intercepts unencrypted data using packet sniffers. - **Prevention:** - Use WPA2 or WPA3 for encryption. - Disable auto-connect features on devices. - Configure MAC address filtering. - Regularly update firmware and passwords. - Use firewalls and VPNs for added protection. **Management Tips** 1. Use a hierarchical network design for scalability and reliability. 2. Segment networks with VLANs for improved security and traffic control. 3. Regularly audit and update switch configurations to close security gaps. 4. Train employees on best practices for wireless and wired network security. 1. **Management VLAN:** - **Purpose:** A management VLAN isolates the administrative functions of the network, ensuring that tasks like system logging, monitoring, and configuration changes do not interfere with user traffic. - **Default VLAN Issue:** VLAN 1 is often the default management VLAN, but it is a bad practice to leave it as such because it's a common target for attacks. Assigning a unique VLAN for management improves security. 2. **Functions of Management:** - **Centralized Administration:** Tools like SNMP (Simple Network Management Protocol) and remote login protocols (e.g., SSH) are used to manage switches, routers, and access points. - **System Monitoring:** Administrators monitor network health, bandwidth usage, and device statuses. - **Access Control:** Control which devices and users can connect to the network, typically enforced via management VLANs and port security. - **Firmware and Configuration Updates:** Devices are managed to ensure they're running the latest software and are properly configured. 3. **Access Layer Role in Management Building:** - Provides **end-device connectivity** (e.g., connecting computers, IP phones, printers). - Ensures **QoS (Quality of Service)** for critical applications like VoIP or management tools. - Implements **security features** like ACLs (Access Control Lists), VLAN assignments, and MAC filtering.

Layer 2 and Layer 3 Switching PDF

Document Details

Tags

Related

Summary

Full Transcript