Week 2: Layer 2 Fundamentals Flashcards
Identify the following devices and at what layer of the OSI model they reside. Hub Bridge Switch Router
Hub: Layer 1 Repeater: Layer 1 Bridge: Layer 2 Switch: Layer 2 and/or Layer 3 Router: Layer 3
What is CDP (Cisco Discovery Protocol)?
- Is Cisco proprietary and runs by default on all Cisco routers and switches.
- It identifies neighboring Cisco devices as well as their capabilities for speed and duplex;
- CDP operates at Layer 2 so it doesn’t need IP connectivity to work;
- It can be used to discover network topology and uncover Layer 1 issues.
How can you use CDP to rule out Layer 1 issues?
If there is not a neighbor relationship being displayed after running the “show cdp nei” command, you can be sure they are not communicating properly and you need to check the cabling and interfaces. That would verify that there is both a L1 and L2 issue.
How could you create a network diagram using CDP?
- Show CDP neighbors
2. Walk through the entire network starting at the core
What is SPAN ( Switched Port Analyzer)?
Copies traffic from one or more CPUs, one or more ports, one or more EtherChannels, or one or more VLANs, and sends the copied traffic to one or more destinations for analysis by a network analyzer such as a SwitchProbe device or other Remote Monitoring (RMON) probe.
Why use SPAN?
- Security may use SPAN for intrusion protection
(an IPS would monitor packets and send info to an ASA).
What is a Bridge?
A network device that connects a local area network (LAN) to another local area network that uses the same protocol. Having a single incoming and outgoing port and filters traffic on the LAN by looking at the MAC address, bridge is more complex than hub. Bridge looks at the destination of the packet before forwarding unlike a hub. It restricts transmission on other LAN segment if destination is not found. It operates on the L2 level
What command can you use to verify what you’re seeing on a network map or what a client is telling you?
“show cdp neighbors”
• Device ID - is the remote device’s hostname.
• Local Interface - is the local switch’s interface connected to the remote host.
• Holdtime - is the number of seconds the local device will retain the contents of the last CDP Advertisement received from the remote host.
• Capability - shows you what type of device the remote host is. The first two connections are to a switch, and the third is to a router.
• Platform - is the remote device’s hardware platform. The top two connections are to a 2950 switch, and the third is to a 2520 router.
• Port ID - is the remote device’s interface on the direct connection.
Enable CDP globally
A) GC "cdp run" B) GC "int fa0/1" "cdp enable"
Common CDP show commands
- “show cdp” - see if CDP is indeed running on a router or switch
- “show cdp neighbor”
- “show cdp neighbors detail”
- “show cdp interface” - verify that CDP is running on the interfaces that it should be running on - and not running on the others
SPAN
•Cisco developed the Switched Port Analyzer (SPAN) feature to facilitate the capturing of packets. SPAN is supported on most Cisco switch platforms.
•SPAN works by copying the traffic from one or more source ports. The copy is then sent out a SPAN destination port. The destination port will
often be connected to a host running packet analyzing software, such as Wireshark.
•Because SPAN only makes a copy of traffic, the source traffic is never affected. SPAN is an out-of-band process.
•In addition to troubleshooting network issues and performance, SPAN is useful for intrusion detection systems (IDS) and application monitoring
platforms.
•SPAN is often referred to as port mirroring.
Switch
- is a multi-port network bridge that processes and forwards data at the data link layer (layer 2) of the OSI model.
- A network switch is considered more advanced than a (repeater) hub because a switch will only forward a message to one or multiple devices that need to receive it, rather than broadcasting the same message out of each of its ports
- it operates at full duplex
