Join Martin Guidry for an in-depth discussion in this video Working with switches, part of Building Your Technology Skills.
- [Voiceover] Hello and welcome to Building Your Technology Skills. My name is Martin Guidry. This week, we're going to be talking about switches. Switches are network devices that help facilitate communications by forwarding information from one computer to another. Switches typically operate at the data link layer, which is layer two of the OSI model. Some switches have additional functionality at other layers, but for now, we're going to focus on the layer two functionality.
The unit of information switches work with is called a frame. Switches send and receive frames. Inside of these frames are packets, and inside of the packets are data. Switches typically don't concern themselves with the data nor the packet. Switches are just interested in the frame as a whole. Switches send and receive information based on the Media Access Control address.
This is more commonly called the MAC address or the physical address. All switches maintain a table of MAC addresses. Sometimes, this is simply called the MAC address table, or some switches use the term CAM table. The word CAM comes from content addressable memory, and that's a special type of memory in some switches, and those switches will use the CAM memory to store a table of MAC addresses, and give better performance when searching that table.
In the table of MAC addresses or the CAM table, the two most important columns are address and port, and together, these two columns tell us that a certain MAC address is accessible via this switch via a particular switch port. So for example, looking at the top line here, we see that if this switch wants to contact the computer with the MAC address 0000.1721.1E93.
If we wanted to contact that MAC address, we would put a signal on GigabitEthernet port 0/1. And by placing a signal on that port, the cable connected to that port would carry the signal to the computer that contains the MAC address listed to the left. So this is very important for the switch to know which ports it needs to send information out of in order to reach particular computers.
The basic process of switching: The first step, the switch will receive the frame from a sending computer. Next step, the switch will read the destination address. The destination address is part of the frame. In particular, it's part of the header of the frame. The switch will then take that destination address and look up the destination address in the CAM table. If it does in fact find the address in the CAM table, the CAM table will tell us which port to use.
So in the final step, the switch will forward the frame out of whatever port the CAM table said to use, and that frame should be received by the receiving computer. So in this scenario, a computer was able to send the frame to another computer without really knowing much about that computer other than the MAC address. It didn't have to figure out which cable or which port the computer was connected to.
All of that functionality was left up to the switch. In addition to the basic receiving and forwarding frames, switches need to perform additional functionality. One of the most important things they need to do is update their CAM table, and this can happen in a few different ways. Most CAM table updates come from reading the incoming frames. So when a frame is received by the switch, the switch will read the source address on the incoming frame, make a note of what port that frame was received on, and then make an addition to the CAM table, saying this MAC address can be contacted via this port.
This is called a dynamic update. We also have the option to manually create entries in the CAM table, and this would be called a static update. It is somewhat rare that you need to do this, but most switches do support static updates. Some CAM tables automatically delete entries that are older than a certain time frame. So the idea being if the switch hasn't heard from a certain MAC address in a number of hours or a number of days or whatever time frame you would like to define, then we assume that device may have been taken off the network, and it can be automatically removed from the CAM table.
This prevents the CAM table from growing and growing and growing. If the device is ever turned back on or ever added to the network again, it's really not a problem because the dynamic updates should automatically recreate the entry in the CAM table, the first time that device contacts the switch. So when looking at a CAM table, you will often see a column for type and it'll be either static or dynamic, and you'll often see something for age.
This is typically how long the entry has been in the CAM table in the number of seconds. Each switch should have a user configurable option on the age at which an entry should be removed from the CAM table. Typically, static entries are not removed however old they get, so the age will always be zero. Switches often have features that can help protect the security of our network, and one is called port security.
To use port security, we must define a list of secure addresses for each port. So in other words, we say these are the valid addresses that will connect the switch on this port. Any other address should be looked at as a possible security threat. A device that was added to our network without authorization. The list of secure addresses can be either dynamic or static. So we can go in and create these each one statically, but that's a lot of work.
More commonly, we allow it to build dynamically, and just basically take the first address that tries to connect to the switch is considered to be a good address, and any address after that that tries to connect on the same port where we've already have a good address is considered to be a questionable device. When an address that is not listed as secure for a particular port contacts the switch, that is called a violation, and switches have different ways they can react to violations.
When a violation occurs, the individual port can go into a protected or restricted mode. It's different terminology amongst different switches, but this mode will ignore connections with bad addresses. So in other words, connections with valid addresses are still allowed to communicate through the switch. All of the addresses we define to be valid for a certain port will still function normally, but addresses that are not defined to be valid will simply not function.
The switch will ignore that content. The other option is to shutdown, to completely turn off the interface, and that's a very aggressive thing to do because although it will hopefully block all of the bogus traffic from this unauthorized device on our network, it could also block all legitimate traffic on a certain port. So although this method might be more secure, it might also block some legitimate traffic.
Whenever a port goes into protected mode, restricted more, or shutdown, there should be the option to send the notification to an administrator, often an SNMP notification, but on some more advanced switches, it might send you an email. This concludes Building Your Technology Skills. Thank you for joining me, and remember, this course is about you and your ideas, so if you have any ideas for topics, feel free to tweet them to me by using the hashtag BYTS.