School of Technology HND SWE: Switching Engineering Report

Verified

Added on 2023/01/09

AI Summary

This report provides a detailed analysis of switching engineering concepts. It begins with an introduction to switching and internetworking, including the devices used, and then delves into the evaluation of switching, covering its working principles and advantages, such as cut-through and store-and-forward methods, along with switch configuration basics. The report then explores network security concepts, including firewall protection, VPNs, and the importance of security threads, authentication methods, and intrusion detection systems. It also investigates different types of VLAN attacks, such as VLAN hopping and ARP attacks, and random frame-stress attacks. Furthermore, the report examines Ethernet switching, its origins, and standardization, followed by a contrast of multilayer switching and an evaluation of industrial applications. Finally, the report concludes with an overview of wireless LAN switching, including how it works, its architecture, and the evaluation of wireless traffic, management, and monitoring.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Switching Engineering

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Introduction
Switching is defined as a process that is liable for forwarding packets that are received
from one port and then transmitted to other which leads to destination. In case, when information
comes on port then it refers to ingress and when vice verse takes place i.e. data leaves port it is
defined as egress. Basically, it denotes medium via which information is routed to their final
destination (Baun, 2019). To understand this concept college in London is taken into
consideration who are looking forward to implement VLAN like pilot testing and they possess
different departments with definite number of employees. This report will furnish certain aspects
associated with LAN switching, design of switching security and concepts related with Ethernet
switching along with network design. Furthermore, wireless LAN switching will also be
investigated.
Task 1
1. Analysis of internetworking along with devices used.
The computer network comprises of distinct computers which are connected together by
utilisation of networking devices (like hubs, switch, etc.) for carrying out interaction where each
node is configured with identical protocol (TCP). When network interacts with each other that
have compatible or same communication procedures is referred to as internetworking. This can
be only attained in case same protocols are being utilised by devices connected within the
network. This is executed by usage of devices like hubs switches or routers. They possess ability
for connecting distinct networks as well as make sure that bug free communication takes place.
They acts as a backbone. The devices are specified below: Hub: It is liable for providing dedicated physical connection for each device that aids
within minimising possibilities of failure of one system that will lead to lose connectivity
in all computers. This works in physical layer which means that information is in form of
electrical signals or bits (Dickerson, 2019). Bridge: It is liable for connecting two different physical network segments. It is liable
for keeping track of MAC addresses present on network attached with their interfaces.
Bridge filters Ethernet frame through which it remains on only local side.
1

 Switch: This implies multiport bridge that have buffer as well as designed in such a
manner that efficiency and performance can be enhanced. It is layer 2 device and can
conduct error checking before any data is sent.
2. Evaluation of concept of switching.
Switching denotes process associated with forwarding packets that comes from one port
to the destination.
Working of switch: When host delivers any frame to host then source host will be stored
in address table of MAC address switch. It (switch) is responsible for storing addresses of source
within the table. When switch is initialised then it do not contain any kind of information related
with host or its address (Hui, Vasseur and Hong, 2018). In case host frame is sent then MAC
address will be stored on table but if destination information is not present then switch will send
frame to all hosts present within the network (Introduction and Working of Switches in
Networking, 2020). As soon as response is attained, its address will be stored in table. Each time
this process takes place, switch will create a table. When all port numbers and addresses are
attained then switch will deliver frame to only hosts rather than to all all present within the
network. The advantages of switch are specified below:
Cut-through: When frames are received then initial 6 bytes will be checked. After this
LAN switch will be checking their destination MAC address within switching table and will
identify outgoing interface port as well as will be sent to destination. The error checking will not
be carried out here and frames will be sent as it is to receiving switches.
Store & forward: The switch will wait for entire frame before sending it and once it is
attained then switch will store entire frame in memory buffer. Furthermore, bugs will be checked
before making any decisions related with forwarding it. Cyclic redundancy check utilise
mathematical formula depending on bits within the frame. This is liable for ensuring high levels
of bug-free network traffic.
Fragment free switching: This is being applied to improvise restrictions related with cut-
through switching and will discard frames that are smaller than 64 bytes for minimising late
collisions within data transmission (Jacob and et. al, 2019).
3. Illustrate basics of switch configuration.
The steps that will be utilised for configuration of switch are specified below:
Step 1: Connect to device using console
2

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Through usage of software like Putty, connect with console of switch. Command prompt
will illustrate: Switch> write enable and enter. This will provide privilege EXEC mode i.e.
Switch#. Now go in global configuration mode:
Switch# configure terminal
Switch(config)#
Step 2: Set hostname
Switch(config)#hostname access-switch1
access-switch1(config)#
Step 3: Configure password
access-switch1(config)# enable secret password
Step 4: Configure password for Console access & Telnet
It will enable to lockdown all the access line by making use of password. This can be
done by following commands.
#line vty 0 15
#password strongtelpass
#login
#exit
#line console 0
#password strongconslepass
#login
#exit
Step 5: Define IP addresses which are allowed for access to switch via Telnet
#ip access-list standard TELNET.ACCESS
#permit 10.1.1.100
#permit 10.1.1.101
#exit
#line vty 0 15
3

#access-class TELNET-ACCESS in
#exit
Step 6: Assigning IP address to switch for management
By default Vlan 1 is assigned to management IP
#interface vlan 1
#ip address 10.1.1.200 255.255.255.0
#exit
Step 7: Assigning default gateway to switch
access-switch1(config)#ip default-gateway 10.1.1.254
Step 8: Disable not required ports on switch
This is done for enhancing security. Suppose that switch have 48-ports and from 22 to 48
ports are not needed.
#interface range fe 0/22-48
#shutdown
#exit
Step 9: Configure layer 2 VLAN & assigning ports
#vlan 2
#name DOCTOR
#exit
#vlan 3
#name NURSES
#exit
Now assign physical ports for each virtual LAN. In this case, Ports 1-2 are assigned with
VLAN2 along with VLAN3 with ports 3-4.
#interface range fe 0/1-2
#switchport mode access
4

#switchport mode access vlan 2
#exit
#interface range fe 0/3-4
#switchport mode access
#switchport mode access vlan 3
#exit
Step 10: Configure speed of port and half duplex settings
#configure console
#speed 100
#half duplex
#exit
To verify the duplex along with speed on fast Ethernet:
#show interface fastethernet 0/18
Step 11: Save configuration
#exit
#wr
Task 2
1. Analyse network security concepts
The process associated with taking up preventive measures for protecting underlying
networking infrastructure from any unauthorised access, malfunction, modification, misuse,
destruction or inadequate disclosure is referred to as network security (Leite, Hoji and Junior,
2018). For securing a network, certain aspects have been specified beneath:
Firewall protection: This acts like a barrier among untrusted external and trusted internal
network. Admins are liable for configuring set of defined rules which permits or blocks traffic on
the networking. For an instance, NGFW (Forcepoint's Next Generation Firewall) renders central
and seamless managed control for network traffic.
5

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Virtual private network: It is liable for creating connections with network from other
site. For an instance, employees who are working from home will connect with network of firm
via VPN. Data among two points will be encrypted and users have to authenticate through which
communication between network and device can be created.
Antivirus & antimalware software: This will aid firms from certain malicious software
that comprises of trojans, viruses, worms and ransomware. Each file is scanned when they enter
within the network.
The aspects associated with network are specified beneath:
Security threads:This illustrates probable dangers which lead to creation of impact on
smooth working of PC. They can be harmful trojan malware or any adware. This leads to
corruption of data, loss or any kind of physical damage to infrastructure (Ma and et. al, 2019). In
context of security, authentication methods must be utilised from preventing individuals along
with this intrusion detection systems can be utilised for handling issues related with denial of
service attack.
QoS: Quality of services implies set of technologies which work on network that is liable
to guarantee their ability to execute high-priority applications along with traffic under restricted
network capacity. QoS technologies are liable for accomplishment by rendering differentiated
handling along with capacity allocation for peculiar flow within network traffic.
Monitoring: It is a critical process in which all the networking components such as
firewalls, Vms, servers, routers, etc. are monitored for performance and fault that are
continuously evaluated for maintaining as well as optimisation of their availability.
Remote monitoring: The standard specification that is liable for facilitating monitoring
of operational activities of network via usage of remote devices like probes. It enables carrying
out detailed monitoring related with network statistics related with Ethernet networks (Mikac and
Horvatić, 2019). This aids to monitor network traffic via remote Ethernet segment from central
location on network for detecting problem like excessive collisions, dropped packets and traffic
congestion.
2. Study distinct kind of VLAN attacks
There are different attacks that are made on VLAN, they are illustrated beneath:
6

VLAN Hopping Attacks: This kind of exploit enable attackers for bypassing any layer 2
restrictions that are built for dividing hosts. In this case, attacker is connected with access port
for gaining access to network traffic via other VLAN's.
ARP Attacks: It was designed for friendly environment and there was no security built on
function. In this case, attacker can pretend that there MAC address is related with IP address
within the network (Minei and Marques, 2019). There is no way for verification if identities and
anyone can intent to be someone else for having access to information.
Trunking protocol attack: It is vulnerable for probable denial of service attacks on the
network. In this case attacker can trigger issue through sending special crafted VTP packet for a
switch configured like a trunk port.
MAC/CAM attack: The information like MAC address is stored on physical port and
related parameters. The CAM tables comprises of fixed size which makes them prone to distinct
attacks such as buffer overflow attack. They are vulnerable to a potential denial of service an
attack. An attacker can potentially trigger this issue by sending a specially crafted VTP packet-
stress attacks
3. Assess random frame-stress attacks.
This takes place at layer 2 and here, ample of packets are generated randomly that
comprises of different fields in each packet that leaves only source as well as destination address
untouched. Such kind of attack must fail but bugs do not take place this leads to unexpected
access for other VLAN or might also lead to denial of service attacks. This may also include
brute force attack which are carried out on distinct fields. Within such kind of brute force attack
source along with destination address are constant (Mirza and Cosan, 2018). They are being
conducted for testing switch ability when abnormalities are encountered within input &
calculations. But random frame-stress attack can be avoided in case of Private PVLAN or VLAN
is utilised for separating host from having unwanted inputs. They are used for isolating hosts at
Layer 2 then protecting hosts from malicious or unwanted traffic from any kind of untrustworthy
devices.
7

Task 3
1. Assess Ethernet switching
The common form of switch which is a networking device that is utilised in Ethernet for
connecting distinct Ethernet devices is referred to as Ethernet switch.
Origin of Ethernet: It was developed in 1970s but network system were utilised
internally by Xerox. In 1980's Ethernet was developed within standardized products. It was not
used for decades but various manufacturing firms started to develop Ethernet related products.
IEEE 802.3 is utilised at present times.
1st Ethernet: The Ethernet network systems was invented to interconnect enhanced
computer workstations which makes it probable for sending data from one to another high-speed
laser printers (Mishra, Dehuri and Panigrahi, 2019). This is was invented at XEROX PARC that
also had GUI and is named Xerox Alto. The first high-speed LAN technology was brought in for
linking everything together.
Ethernet Standardisation: The Ethernet standards are being written as well as
maintained via IEEE (Institute of Electrical & Electronic Engineers). They are liable for
developing and maintaining huge number of standards that are related with electrical &
electronics industries. The most popular is Wi-Fi that is standardised like IEEE 802.11. There are
around 1100 active standards.
3com Ethernet: They are liable for rendering cost efficacious layer 2 10/100 &
10/100/1000 switching for LAN which do not require any management capabilities. It is line of
Ethernet IEEE 802.3 network cards for MCA, ISA, PCMCIA and EISA computer buses.
Star LAN: It was first Ethernet IEEE 802.3 standards over twisted pair cable. This was
standardised by standards of association in 1986 like a 1BASE5 version.
10 BASE-T: It implies Ethernet standards that are liable for transmitting 10 Mbps over
telephone wire (i.e. twisted wire pairs). This implies a shared media LAN that is utilised with
hub where each node shares 10 Mbps when utilised with switch.
Ethernet Switching: This is liable to connect devices together via a packet switching for
receiving, processing and forwarding information from one source to destination (Newman,
2018).
Fast & Gigabit Ethernet: Fast Ethernet is used for carrying traffic with speed of 10Mbps
and this was introduced within the market as IEEE 802.3u standard in 1995. Gigabit Ethernet is
8

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

responsible for offering 1000Mbps computing networking. This makes use of frame format
803.2 and can also execute on full & half duplex modes.
2. Contrast layer 2 & layer 3 switching.
It is specified below:
Basis for difference Layer 2 Switch Layer 3 Switch
Switching vs. Routing Switching is carried out by
identification & maintenance of
MAC addresses table.
It is specialized device which is
designed to route data packets via
IP addresses. Here, routing is done.
Functionalities This has restricted tendency to
switch packets from one to other
port. Routing cannot be done (Shi,
Islam and Miao, 2020).
It can be used for routing along
with switching. Layer 3 switching
enables devices to carry out
communication outside network.
MAC vs. IP address It renders hardware-based methods
for communication. ARP is used
for discovering and identification
MAC address of other connected
devices.
IP address is used for carrying out
routing in VLANs (Virtual local
area network).
Speed &
performance
Packets are rerouted to destination
from source port.
Switches takes time in checking
data packets before identification
of probable route for directing data
packets to destination port.
3. Evaluate industrial applications associated with Ethernet switching.
These aspects are illustrated below:
Spanning Tree Protocol (STP): This implies network protocol which is designed for
prevention of layer 2 loops and this denotes standardised like a IEEE 802.D protocol. It is used
by industries as this blocks some ports present on switches that have redundant links for
preventing broadcast storms for ensuring loop-free topology (Singh and Pamula, 2018).
9

VLAN Trunking Protocol (VTP): This implies Cisco proprietary protocol that is utilised
by Cisco switches for exchanging VLAN information. VTP enables firms to synchronise VLAN
information with switches in VTP domain.
Virtual local area network (VLAN): It denotes set of end stations along with switch ports
which connects them. The physical need is that end station and port with which this is connected
must belong to similar VLAN.
Simplified network management protocol (SNMP): It is used for managing, monitoring
and configuring switches over a network via a administrators. This is responsible for executing a
method to manage network devices from centralised system thereby, in case of any issue NA will
be notified.
4. Illustrate Ethernet switch network design by using VLAN.
The network diagram with respect to college is specified below:
10

With respect to four departments the IP addresses have been specified. They are
mentioned below:
Admin Dept:
VLAN 10
VLAN ID: 192.168.1.1
Default Gateway: 192.168.1.254
Account Dept:
VLAN 20
VLAN ID: 192.168.2.1
Default Gateway: 192.168.2.254
Finance Dept:
VLAN 30
VLAN ID: 192.168.3.1
Default Gateway: 192.168.3.254
Marketing Dept:
VLAN 40
VLAN ID: 192.168.4.1
Default Gateway: 192.168.4.254
Task 4
1. Illustrate working of wireless switching.
Wireless switching is responsible for creation of virtual overlay network on existent
wired infrastructure. In this case, wireless clients will communicate with access points (AP) and
they will tunnel traffic to control appliances that is wireless switches. This aids within simplified
integrated security, enhanced scalability, network deployment along with eased management.
Working
The wireless LAN beacon frame comprises of configuration information related with AP
like SSID (service set identifier), security configuration and supported bit rates for wireless
LAN. The primal purpose of beacon is to enable clients to acknowledge networks which are
available within area. This aids wireless LAN clients for choosing a network that they are trying
to associate with (Wang and et. al, 2018). As per the wireless LAN documents for security, it is
11

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

suggested that sending beacons without any SSID is best security practice which aids within
prevention of probable hackers. All firms wireless LAN solutions provides this capability like
option as SSID can be discovered easily during association attempt. Furthermore, few wireless
LAN clients are dependent on SSID information within beacon and they do not associate with
LAN's which do not give SSID data. It is necessary to enable SSID information that can be
broadcast within the beacons.
2. Analysis of WLAN switching architecture.
The different architectures in this context are illustrated beneath: IBSS (Independent Basic Service Set): In this case two or more then two wireless
devices are connected directly without AP (access point). This is also referred to as ad
hoc network. This will provide adequate results while transferring files among different
devices without associating them with wireless network (Baun, 2019).
 BSS (Basic Service Set): This enables wireless clients to connect with wireless network
via AP. In this case, access point is liable for wireless network. Each client advertise their
capabilities to AP and then either permissions are given or denied for joining a network.
Within this, single channel is utilised for carrying out communication.
12
Illustration 1: Independent Basic Service Set

 ESS (Extended Service Set): BSS makes use of identical access point and this may not
be relevant as single AP will not cover entire building or floor and it makes use of half-
duplex which will lead to more airtime that will minimise bandwidth for each (Dickerson,
2019).
13
Illustration 2: Basic Service Set

 Centralised WLAN architecture: In this case, all the systems will be connected with
internal switch or router or any other connecting devices so that in case any packet is
received then it can be transmitted to the destination easily.
In this case, light weight APSs are used which are dependent on wired network
connection to WLAN switches.
3. Assess wireless traffics.
There are certain specifications within 802.11, they are:
 802.11a: It provides 54 Mbps in 5GHz band.
 802.11b: Furnish 11Mbps transmission within 2.4GHz band.
 802.11g: This is utilised for transmission around 54Mbps within 2.5GHz band.
 802.11n: The additional receiver & transmitter antennas aid to have enhanced
throughput. In this speed will be 100Mbit/s (Hui, Vasseur and Hong, 2018).
 802.11r: It is fast BSS which supports VoWi-Fi for enabling VoIP roaming on Wi-Fi
network that has 802.1X authentication.
 802.1X: This is port-based NAC (network access control) which enable network admins
to have restricted usage of IEEE 802 LAN.
 802.11ac: It delivers 1.3Gbps within three stream designs or 433Mbps per spatial stream.
14
Illustration 4: Centralised WLAN Architecture

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

 802.11ad: This operates at 60Ghz frequency band and transfer rate is near around 7Gbps.
 802.11ah: The operating speed is below one gigahertz and range is twice with reference
to other Wi-Fi technologies.
4. Evaluation of wireless management & monitoring.
There has been a lot of changes within formation of wireless networks which are
advantageous in a way that there is no requirement for having physical connection among
distinct devices in the network. The wireless network management system possess monitoring
capabilities such as support enhanced range of protocols and furnish comprehensive wireless
router along with switch management and many more functionalities (Jacob and et. al, 2019).
For this firm can make use of different tools which will make it easy for system administrators to
monitor entire network and ensure security of their network. This will lead to minimisation of
certain attacks which otherwise might hamper overall working of the firm. In this context, some
tools are specified below: Wireshark: It is a foremost network protocol analyser which enable firms to see what is
happening in their network. Through this, deep inspection can be conducted, offline
analysis, live capture, provide standardised three-pane pocket browser and can be
executed on different platforms. This allows to carry out rich VoIP analysis and capture
files that are compressed with gzip that can be decompressed by using fly. Nmap: It denotes open source security tool that is utilised for port scanning and network
mapping. This will enable network administrator within: host discovery, different
scanning techniques. Scan order, port specification, script scan, OS detection, evasion &
spoofing, timing & performance and many more.
 ZipTie: This is a network governance software which involves enhanced involvement of
vendors to provide enhanced scalability, security and standardisation. In this, there is a
centralised user authentication mechanism which make sure that adequate access is given
to network assets for attaining single point of control (Leite, Hoji and Junior, 2018).
Conclusion
From above it can be concluded that internetworking refers to process of connecting
multiple systems by using various networking devices. The concept of switching has been
illustrated and it is identified that they are used for connecting multiple devices. Security is the
15

critical aspect which have to be maintained and ensure that any kind of attack or any malicious
activity take place firm needs to take different measures through which this can be done.
Ethernet switching is used within industries to ensure that smooth networking or exchange of
information can be carried out in smooth manner. Furthermore, different tools are there which
are used for management and monitoring of network. As per the need of firm they can use one
for making sure that there network is protected from any kind of attacks.
16

References
Books & Journals
Baun, C., 2019. Computer Networks/Computernetze: Bilingual Edition:
English–German/Zweisprachige Ausgabe: Englisch–Deutsch. Springer-Verlag.
Dickerson, B., 2019. Notes on computer networks.
Hui, J., Vasseur, J.P. and Hong, W., Cisco Technology Inc, 2018. Traffic class capacity
allocation in computer networks. U.S. Patent 10,039,046.
Jacob, B.K. and et. al, Data World Inc, 2019. Consolidator platform to implement collaborative
datasets via distributed computer networks. U.S. Patent 10,515,085.
Leite, F.N., Hoji, E.S. and Junior, H.A., 2018. A blended learning method applied in data
communication and computer networks subject. IEEE Latin America
Transactions, 16(1), pp.163-171.
Ma, L. and et. al, 2019. Distributed filtering for nonlinear time‐delay systems over sensor
networks subject to multiplicative link noises and switching topology. International
Journal of Robust and Nonlinear Control, 29(10), pp.2941-2959.
Mikac, M. and Horvatić, M., 2019. An approach for teaching and understanding computer
networks using realistic emulation tool. ICERI 2019 Proceedings, pp.1209-1219.
Minei, I. and Marques, P.R., Juniper Networks Inc, 2019. Automatic traffic mapping for multi-
protocol label switching networks. U.S. Patent 10,193,801.
Mirza, A.H. and Cosan, S., 2018, May. Computer network intrusion detection using sequential
LSTM neural networks autoencoders. In 2018 26th signal processing and
communications applications conference (SIU) (pp. 1-4). IEEE.
Mishra, B.B., Dehuri, S. and Panigrahi, B.K. eds., 2019. Computational intelligence in sensor
networks. Springer.
Newman, M., 2018. Networks. Oxford university press.
Shi, Y., Islam, R. and Miao, G., 2020. Improve the synaptic performance of resistive switching
devices through interface engineering. Bulletin of the American Physical Society, 65.
Singh, A.K. and Pamula, R., 2018, February. IRS: Incentive based routing strategy for socially
aware delay tolerant networks. In 2018 5th international conference on signal
processing and integrated networks (SPIN) (pp. 343-347). IEEE.
Wang, W. and et. al, 2018. Abstracting massive data for lightweight intrusion detection in
computer networks. Information Sciences, 433, pp.417-430.
Online
Introduction and Working of Switches in Networking. 2020. Available through:
<https://www.includehelp.com/computer-networks/introduction-and-working-of-
switches.aspx>.
17