Presentation is loading. Please wait.

Presentation is loading. Please wait.

Break Switches - Configuring and Best Practices

Published byFlorence Lewis Modified over 8 years ago

Similar presentations

Presentation on theme: "Break Switches - Configuring and Best Practices"— Presentation transcript:

1 Break-1521 - Switches - Configuring and Best Practices
James Oryszczyn President, TBJ Consulting LLC

2 Who Am I I am President of TBJ Consulting LLC
I have been working on Network Infrastructure for over 15 years Have help numerous school’s and Enterprise’s with Design and Implementation of switching/routing ETC….

3 Agenda Discuss Spanning Tree Discuss VLANS Discuss Layer 3
Discuss Interoperability

4 At the End of the Presentation
I will discuss a survey you can take to determine if you are following best practices

5 Spanning Tree Who can tell me what this does and why it is needed?
Do all switch manufactures enable it by default? How does it determine who is the master?

6 Spanning Tree Most misconfigured items on the network
Need to make sure you set the root bridge to your core Some switches (HP) come with spanning tree disabled Can lead to network loops and also High Switch CPU If mulit-vendor, make sure spanning-tree types match. Should run Per VLAN spanning tree Enable Port-fast on all edge ports

7 Spanning Tree Examples HP
Same MSTP Config name. Name is case sensitive. Core-1(config)# spanning-tree config-name "B10" ! Same MSTP Revision number. Core-1(config)# spanning-tree config-revision 1 ! Same MSTP Instances definition Core-1(config)# spanning-tree instance 1 vlan Core-1(config)# spanning-tree instance 2 vlan 30 40 ! Enables Spanning Tree Core-1(config)# spanning-tree !Core-switch specific configuration: !Core-1 is Root in Instance 1 Core-1(config)# spanning-tree instance 1 priority 0 HP Spanning Tree White Paper

8 Spanning Tree Examples
Cisco spanning-tree mode rapid-pvst spanning-tree portfast bpdufilter default panning-tree vlan priority 10,14,18,40,190,212,216, spanning-tree vlan priority 4,12,16,20,64,210,214,218, On Edge Port enable spanning-tree port fast What is port fast? It allows the Port to become active faster than the traditonal 60 second’s interface GigabitEthernet 1/0/11 spanning-tree portfast Cisco White Paper

9 Spanning Tree Examples
Juniper set protocols vstp vlan 10 bridge-priority 16k set protocols vstp vlan 1000 bridge-priority 16k Juniper Port fast set protocols stp interface ge-0/0/0.0 edge White paper found here

10 VLAN’s Why are VLAN’s needed? Who here has more than 1 VLAN? Is using VLAN 1 recommend?

11 VLAN’s Why are VLAN’s needed? Who here has more than 1 VLAN? Is using VLAN 1 recommended?

12 VLAN’s Should use VLAN’s to separate traffic Should not use VLAN 1, it is a security risk If network is large enough, create a VLAN for network devices Be careful not to create to many VLAN’s Network with 250 nodes over, should have more than 1 VLAN

13 Juniper VLAN Configuration Cisco VLAN Configuration
Cisco VLAN Configuration HP VLAN Configuration

14 VLAN Security Issues (Why not to use VLAN1) MAC Flooding Attack
802.1Q and ISL Tagging Attack Double-Encapsulated 802.1Q/Nested VLAN Attack ARP Attacks Private VLAN Attack Multicast Brute Force Attack Spanning-Tree Attack Random Frame Stress Attack

15 Switch Trunking Configuration
How to Get VLAN to cross switches Puts a tag in the packet with the VLAN-ID Make sure you use Industry Standards for VLAN Trunks Make sure you set the Native VLAN-ID to something other than VLAN 1

16 Switch Trunking Configuration Continued..
Make sure you prune switch trunks for only needed VLANs Do not need all VLANS on all Switches

17 Switch Trunking Configuration Continued..
Make sure you prune switch trunks for only needed VLANs Do not need all VLANS on all Switches

18 Switch Trunking Configuration Continued..
Make sure you prune switch trunks for only needed VLANs Do not need all VLANS on all Switches If you are going to have Multiple Vendors, Use LACP uplinks

19 Switch Trunking Configuration Continued.. Cisco
interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan 11 switchport trunk allowed vlan 2 Juniper set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members NAC-Guest-Vlan set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members TPA-Switch-MGMT set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members TPA-WiFi-Private set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members TPA-34-Voice set interfaces ge-0/0/1 unit 0 family ethernet-switching native-vlan-id TPA-Switch-MGMT

20 Switch Trunking Configuration Continued.. Juniper
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members NAC-Guest-Vlan set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members TPA-Switch-MGMT set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members TPA-WiFi-Private set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members TPA-34-Voice set interfaces ge-0/0/1 unit 0 family ethernet-switching native-vlan-id TPA-Switch-MGMT HP vlan 2 HP2910al(Vlan-2)#tagged 48

21 Switch Layer 3 best practices
Should have redundant switches Should use a standard such as VRRP for redundancy in the core If possible, do layer 3 uplinks instead of layer 2 What are Layer3 uplinks?

22 Layer 3 Uplinks Connections between switches are routed Helps eliminate spanning tree and loops Millisecond failover instead of up to 60 sec’s Helps keep broadcast traffic down Cost can be a concern

23 Backups How often do you backup your switches?
Do you use a tool to automate your backups? Do you have an notifying you of changes? A simple tool like a product call CATTOOLS can backup your environment and is low cost. Price is $750 plus maintenance.

24 Code Upgrades How often do you upgrade your switches?
Do you use the recommended release when installing? Do you have plan on when/how you upgrade your switches Should attempt to upgrade yearly Should use the recommended release at that time Cisco, Juniper have links to the recommended releases They are no different than PC’s, they need to be patched

25 Port Security Port Security can help
Do you disable unused and unneeded ports? Do you restrict how many devices can connect to a port? Do you prevent against a rouge DHCP server on the network? Port Security can help Allows to disable ports after a certain number of devices DHCP snooping can prevent rouge DHCP servers

26 Port Security Example Port Security can help
Do you disable unused and unneeded ports? Do you restrict how many devices can connect to a port? Do you prevent against a rouge DHCP server on the network? Port Security can help Allows to disable ports after a certain number of devices DHCP snooping can prevent rouge DHCP servers Port Security Example

27 Additional Best Practices
Should configure time zones on switches Should configure NTP on switches Should use SSH instead of telnet Should change default username and password Should use radius if possible

28 Survey If you give me your Business Card I will provide you an assessment about your current Switched Network

29 Questions????? Thank You………… You can contact me at James@tbjconsulting.com

Download ppt "Break Switches - Configuring and Best Practices"

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
Mitigating Layer 2 Attacks

Mitigating Layer 2 Attacks
LAN Segmentation Virtual LAN (VLAN).

LAN Segmentation Virtual LAN (VLAN).
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement VTP LAN Switching and Wireless – Chapter 4.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement VTP LAN Switching and Wireless – Chapter 4.
Computer Networking Macedonia VLAN’s, VTP, InterVLAN Routing, (And if there is enough time - STP)

Computer Networking Macedonia VLAN’s, VTP, InterVLAN Routing, (And if there is enough time - STP)
Part III Working with Redundant Links

Part III Working with Redundant Links
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Course 301 – Secured Network Deployment and IPSec VPN

Course 301 – Secured Network Deployment and IPSec VPN
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Describing STP Stability Mechanisms.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Describing STP Stability Mechanisms.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Spanning Tree Protocol Enhancements.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—3-1 Implementing Spanning Tree Spanning Tree Protocol Enhancements.
Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.

Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.
Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.

Layer 2 Switch  Layer 2 Switching is hardware based.  Uses the host's Media Access Control (MAC) address.  Uses Application Specific Integrated Circuits.
James Oryszczyn President, TBJ Consulting LLC Break 1320 Wireless Infrastructure & Networking Best Practices.

James Oryszczyn President, TBJ Consulting LLC Break 1320 Wireless Infrastructure & Networking Best Practices.
STP Part II PVST (Per Vlan Spanning Tree): A Vlan field is added to the BPDU header along with Priority & Mac. Priority is 32768, Mac Address is MAC or.

STP Part II PVST (Per Vlan Spanning Tree): A Vlan field is added to the BPDU header along with Priority & Mac. Priority is 32768, Mac Address is MAC or.
IEEE 802.1q - VLANs Nick Poorman.

IEEE 802.1q - VLANs Nick Poorman.
Switching in an Enterprise Network

Switching in an Enterprise Network

Similar presentations

Ads by Google