Switches are network devices that connect devices on a local network and direct traffic based on MAC addresses.

What is a Switch?

A switch is a network device that connects multiple devices on a local network and directs traffic based on MAC addresses.

Types of Switches

By Function

  • **Core": Core switches
  • **Distribution": Distribution switches
  • **Access": Access switches
  • **Edge": Edge switches

By Capacity

  • **Unmanaged": Unmanaged switches
  • **Managed": Managed switches
  • **Smart": Smart switches
  • **Enterprise": Enterprise switches

Functionality

Switching

  • **MAC Learning": MAC address learning
  • **Forwarding": Frame forwarding
  • **Filtering": Traffic filtering
  • **Loop Prevention": Loop prevention

VLANs

  • **VLAN Support": VLAN support
  • **Trunking": Trunk links
  • **InterVLAN": InterVLAN routing
  • **VLAN Pruning": VLAN pruning

QoS

  • **Priority": Traffic prioritization
  • **Bandwidth": Bandwidth control
  • **Queueing": Traffic queues
  • **Scheduling": Traffic scheduling

Configuration

Basic Configuration

# Basic switch configuration
enable
configure terminal
hostname Switch1
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 no shutdown
exit

VLANs

# Create VLANs
vlan 10
 name Sales
vlan 20
 name IT
vlan 30
 name Guest

# Assign ports to VLANs
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10

interface GigabitEthernet0/2
 switchport mode access
 switchport access vlan 20

Trunking

# Configure trunk
interface GigabitEthernet0/24
 switchport mode trunk
 switchport trunk allowed vlan 10,20,30
 switchport trunk native vlan 99

Network Architecture

Core Switches

  • **High capacity": High switching capacity
  • **Redundancy": Redundancy and high availability
  • **Performance": High performance
  • **Scalability": Scalability

Distribution Switches

  • **Aggregation": Traffic aggregation
  • **Routing": Routing functions
  • **Policy": Policy application
  • **Security": Security functions

Access Switches

  • **End devices": End device connection
  • **VLANs": VLAN support
  • **PoE": Power over Ethernet
  • **Management": Device management

Security

Port Security

# Configure port security
interface GigabitEthernet0/1
 switchport port-security
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security mac-address sticky

ACLs

# Configure ACL on switch
access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 80
access-list 100 deny ip any any
interface vlan 10
 ip access-group 100 in

802.1X

# Configure 802.1X
dot1x system-auth-control
interface GigabitEthernet0/1
 switchport mode access
 dot1x port-control auto

Monitoring

Basic Commands

# View MAC table
show mac address-table

# View VLANs
show vlan brief

# View interfaces
show interface status

# View trunk
show interface trunk

SNMP

# Configure SNMP
snmp-server community public RO
snmp-server community private RW
snmp-server location "Data Center"
snmp-server contact "admin@company.com"

Best Practices

Design

  • **Hierarchy": Hierarchical design
  • **Redundancy": Implement redundancy
  • **Scalability": Plan scalability
  • **Documentation": Document design

Configuration

  • **Standards": Use standards
  • **Naming": Naming conventions
  • **Security": Implement security
  • **Monitoring": Configure monitoring

Maintenance

  • **Updates": Keep updated
  • **Backup": Backup configurations
  • **Testing": Test changes
  • **Documentation": Maintain documentation
  • Routers - Complementary devices to switches
  • Firewall - Device that complements switches
  • VPN - Connection that traverses switches
  • VLAN - Segmentation that switches implement
  • InterVLAN - Routing that switches perform
  • Topology - Design that includes switches
  • NPM - Monitoring that includes switches
  • Dashboards - Switch visualization
  • Logs - Switch logs
  • Network Metrics - Switch measurement
  • CISO - Role that supervises switches
  • Asset Inventory - Inventory that includes switches

References