Switch Interface Configuration Overview

Aug 9, 2024

Switch Interface Configuration

Fundamental Configurations

Speed and Duplex

  • Speed: Refers to the speed of the Ethernet link
    • Options: 10 Mbps, 100 Mbps, 1 Gbps, 10 Gbps
  • Duplex: Can be set to half or full
    • Often set to automatic (negotiation between devices)
    • Manual configuration requires matching settings on both sides

Layer 3 Settings (IP Configurations)

  • **Layer 3 Interfaces: ** On firewalls, routers, or VLAN interfaces on switches
  • Management Interfaces: IP addresses for device communication
  • **Configuration Includes: **
    • IP addresses
    • Subnet masks (dotted decimal or CIDR notation)
    • Default gateway or route
    • DNS configurations

VLAN Configuration

  • Assign VLAN: Every port must be assigned to a VLAN
  • Trunk Configurations: Define VLANs that can traverse the trunk
  • Untagged Frames: Default VLAN or native VLAN
  • Tagged Frames: VLAN tag added and removed on the other side of the trunk

Port Bonding or Link Aggregation

  • Purpose: Provides additional bandwidth between switches
  • Link Aggregation Control Protocol (LACP): Manages aggregated links

Port Mirroring

  • Purpose: Capture traffic for analysis
  • Configuration: Copy traffic from one/more interfaces to another for packet capture
  • SPAN: Switch Port Analyzer, mirrors traffic to another switch
  • Physical Tap: Insert directly into connections for traffic monitoring

Jumbo Frames

  • Standard Ethernet Frame: Supports 1,500 bytes
  • Jumbo Frame: Increases payload size up to 9,216 bytes (commonly set to 9,000 bytes)
  • Requirement: All devices in the path must support jumbo frames

Flow Control

  • Issue: Ethernet is non-deterministic, leading to potential traffic overload
  • Solution: 802.3x Pause Frame
    • Sends a message to pause traffic
    • Includes a timer (quanta) for pause duration
  • Additional Enhancements: Quality of Service (QoS) or Class of Service (CoS)

Port Security

  • Purpose: Prevent unauthorized network access
  • Configuration: Based on MAC addresses
    • Set a maximum number of source MAC addresses per interface
    • Specific MAC addresses can be configured
    • Interface disabled if MAC limit exceeded
    • Alerts sent to network administrator