Networking Flashcards

Network Troubleshooting

  • Initial Problem: Unable to ping the second switch despite correct connections.

    • IP address misconfigurations are identified as the root cause.

  • Importance of Labeling: Labeling is crucial for network management and troubleshooting.

  • IP Address Correction: The IP addresses of PCs 15, 16, 17, and 18 were incorrectly configured as 198 instead of 192.

    • Default gateway addresses were also incorrect.
    • Using commas instead of dots in IP addresses (e.g., 192,168,0,2 instead of 192.168.0.2) was another error.

  • Intra-VLAN Communication: Ensure devices within the same VLAN can ping each other before attempting inter-VLAN communication.

    • Example: PC 15 (192.168.0.2) should ping PC 16 (192.168.0.3) before attempting to ping devices in other VLANs.

  • Verification Steps:

    • Ping within the VLAN to confirm basic connectivity.
    • Ping the router to check connectivity to the gateway.

  • Troubleshooting VLAN on a Stick: The trunk link to the router was working, but interfaces on the routers were down.

  • Router Interface Configuration: The interfaces on Router 4 and Router 5 were not configured with IP addresses, causing them to show as red (down).

  • Configuration Steps:

    • Identify the interface (e.g., FastEthernet 0/0).
    • Assign an IP address and subnet mask (e.g., ip address 10.0.0.2 255.255.255.0).
    • Use the no shutdown command to bring the interface up.

  • Example Commands:

    • interface fa0/0
    • ip address 10.0.0.2 255.255.255.0
    • no shutdown

  • MLS Configuration: The Multi-Layer Switch (MLS) also needed IP address configuration on its interfaces.

  • No Switchport Command: To assign an IP address to an interface on an MLS, the no switchport command must be used to make the port behave like a routed port.

    • Example: interface fa0/5, no switchport, ip address 20.0.0.2 255.255.255.0.

Routing Protocol Configuration (EIGRP)

  • EIGRP Configuration: After configuring IP addresses, the Enhanced Interior Gateway Routing Protocol (EIGRP) needs to be configured on the routers and MLS to enable inter-VLAN routing.

  • Configuration Steps:

    • Enter global configuration mode: config t
    • Enable EIGRP: router eigrp <AS_number>
      • The Autonomous System (AS) number can be any number from 1 to 65535.
    • Specify the directly connected networks using the network command.
      • Use network addresses (e.g., 192.168.0.0) instead of host IP addresses.
    • Disable auto-summary: no auto-summary

  • Example EIGRP Configuration:

    • router eigrp 1
    • network 192.168.0.0
    • network 10.0.0.0
    • no auto-summary

  • Verification: Use the show ip route command to verify that the routing table contains all necessary routes.

  • Pinging: After configuring EIGRP, ping devices in different VLANs to confirm inter-VLAN communication is working.

Port Security

  • Concept: Port security is a security feature used to prevent unauthorized access to a network by limiting the MAC addresses that are allowed to connect to a specific switch port.

  • Scenario: A malicious user (Computer D) attempts to steal information by physically replacing an authorized computer (Computer A) on the network.

  • Implementation: By binding the MAC address of Computer A to the switch port, only Computer A is allowed to connect to that port. If Computer D connects, the port is disabled.

  • Configuration Steps:

    • Enter global configuration mode: config t
    • Select the interface: interface fa0/1
    • Set the port mode to access: switchport mode access
    • Enable port security: switchport port-security
    • Set the maximum number of MAC addresses allowed: switchport port-security maximum 1
    • Specify the MAC address of the authorized device: switchport port-security mac-address <MAC_address>
    • Configure the violation mode: switchport port-security violation shutdown

  • Example Configuration:

    • interface fa0/1
    • switchport mode access
    • switchport port-security
    • switchport port-security maximum 1
    • switchport port-security mac-address 00E0.FF99.2E26
    • switchport port-security violation shutdown

  • Verification: Use the show port-security command to verify the configuration.

  • Violation Modes:

    • Shutdown: Disables the port immediately upon violation.

Sticky MAC Addresses

  • Concept: Instead of manually configuring MAC addresses, the switch can automatically learn and add MAC addresses to the port security configuration using the sticky option.

  • Configuration Steps:

    • Enable sticky learning: switchport port-security mac-address sticky

  • How it Works: The switch learns the MAC address of the first device that connects to the port and automatically adds it to the port security configuration. This eliminates the need to manually configure MAC addresses.

  • Configuration Example:

    • interface fa0/1
    • switchport mode access
    • switchport port-security
    • switchport port-security maximum 1
    • switchport port-security mac-address sticky
    • switchport port-security violation shutdown

Security Implications

  • Balancing Security and Flexibility: Allowing multiple MAC addresses on a port reduces security but provides flexibility.

  • Importance of Port Security: Essential for protecting the network from unauthorized access, especially in environments where physical access to network devices is not strictly controlled.