So what? We're talking about our switches. There's two main distinctions that we need to be aware of called Managed versus Unmanaged. Now a manage switches a switch that we can log into make configuration changes in modified data flow, set up V lands, set up different port configurations.
Essentially a manage switches a switch that gives us additional functionality and extensive bility.
We can make Cheney changes. We can manage that switch, and we can use that switch to monitor traffic or to shape how traffic flows throughout our network.
Now our manage switches will typically typically the access through default Web interface with a user name and password. Or we may attach a special cable to our switch in order to access the switch interface, such as a serial cable or a special or an additional access cable that we may use
in order to actually connect into that switch and manage it.
Now, whether it's through the our Web interface or our special cable with well, with our special cable, we won't be opening a Web like interface will be opening what looks like a command prompt for that particular switch, so we'll need to know the correct syntax and or to run commands and make changes.
But whether it's our Web interface or special cable, whether it's our terminal log in,
we'll need to be able to know the credentials for that switch. And if we're first setting up, the switch will want to change those credentials on our manage switch. We don't want to just leave the credentials, the out of the box standard credentials because then anybody on our network who maybe walks past and knows what type of switch we have.
Or maybe just wants to try a couple of the fault configurations and see if they can hit our managed portal.
You could just try and do that, and especially if it's a Web interface with a default I p address the and a default admin and password password set up, then all it would take us for someone to try that default Web portal address,
log into the manage switch and wreak havoc on our network by changing. That's changed, changing the settings in that switch.
So we want to make sure that when we're setting up our manage switches, we check and make sure that we change the default log in information.
Next we have our unmanaged switches. Now, unmanaged switches are going to be our plug in place, which is now, while our manage switches, we can also we may just be able to take them out of the box, set them up and let them start making connections are unmanaged. Switch
isn't gonna have the additional control that are manage. Switch does. We don't have a web interface, so we don't have the ability to log in with a special cable or with the terminal connection.
We have to just let the connections run. It's almost what we would call ah dum switch. It isn't as dumb as a hub it's not. It's still going to map port numbers to Mac addresses, but that's about all it's going to do. It's not really gonna allow us to set up the lands or to shape traffic or to manage port. Artem
me reports and look at, huh?
Look at Span ports. It's really just going to be a small plug and play device, really typically useful for a small home in office. If we just need additional ports, we'll have those unmanaged switches.
keep in mind that we may have some manage switches that act as unmanaged switches until we manage manually, press a button or flip a switch that allows us to start logging in and making changes on those switches. We may even be able to log into our manage switch and make changes, but it doesn't seem like it's doing anything
or it's allowing us to make
really any major changes until we switch it over to manage switch mode. So we'll keep that in mind when we're managing our switches on. We're part making up switch purchasing decisions that if we need a switch that we're able to log into, maybe set up some SPAN ports, said it's, um be lands will want to be looking at a manage switch
and if we have a switch that we really don't need. Thio have
all that V land. Extensive bility. We really don't need to have that set up a CZ as intensively. Then we'll just be looking at an unmanaged switch
Now. Next we have our interface configurations. Now, our interface configurations are everything from the actual port configurations to just other standard configurations on our device that we may need to change when we're sending it up
now are different. Interface configurations for actual port connections are going to be full duplex, half duplex and our port speeds. Now full duplex and half duplex refer to how our port sends and receives data, and then our port speed refers to at what speeds is going to send that data.
Now full duplex is going to see, send and receive data in both directions simultaneously. So our port on our device airport on our switch or a router is going to send and receive electrical signals, send and receive packets at the same time.
So that's full duplex. Half duplex is when we can go both directions. But we can on Lee go both. We can only go one direction at a time so we can send and receive from this port. But we can only send or receive at one time. We can't do both at the same time,
so different ports, different switches, different devices have different capabilities. Typically, our devices will be set to auto auto negotiate full duplex or half duplex because if they because the connection has to be the same on both ends, we can't have one end that is sending and receiving at the same time,
and another end that can on Lee receive or sin,
because will result in not being able to connect between these two devices having collisions, having issues with our connection between those two different devices. So typically, our devices are set to auto negotiate full duplex versus half duplex, and they're set to honor negotiate speed. Port speed is whether we're going to send at 10
100 or 1000 megabytes per second.
The penny are deport. Speed
really indicates our data transfer rates. And again, our port speeds will also typically be set to auto negotiate because if they're set at the incorrect rate for one side versus the other side, we may have some packet loss. Or we may have some corrupted data because we're having one side that's trying to send faster than our other side can receive.
we need to understand how our what full duplex versus half duplexes and that most of our devices typically auto Negotiate these, and also our port speeds refer to the speed at which our port consent and receive on port speed is also typically auto negotiated.
Next, we have I p addressing and Mac filtering. Now I p addressing configurations are allow us to modify. If we have a device that such as a router, which is performing d h cp, that router will be automatically giving out i p addresses.
So we may need to go into our router, and we may need to modify things such as our d HDP scope.
That is what addresses are router is giving out. We may want to change which, which address, what address scheme we're using.
And we may want to change like the leaks duration for how long? We're giving out those addresses to particular Dubai devices. So this I p addressing, we can modify through our interface configurations. Now we may decide to go without the HCP. We may just want to set all of our devices statically
so we can go in and we can modify our device information here,
and we can actually set the devices I p information and set if it's performing the HCP or not.
If we have another device in our network that's managing the HDP and we don't want to have our device sending out conflicting information, we may just disabled. The DHD pee on a particular device. So I p addressing allows us to go into our device and manage If it's if it's performing the HCP. What? It's local static I p addresses.
Oh, and what the scope of I P addresses is giving out if it's using the HCP. Maybe
next. We have Mac filtering now. We talked about Mac filtering a little bit a little bit earlier. What Mac filtering does is it tells our device on Lee to allow certain devices to connect to it that have a particular i p address. Now,
this is an additional layer of security that we may put on on top of our network,
where we essentially say Okay, I know the Mac address of all the devices in my network that may be connecting to this particular router, this particular device, this particular switch. So I'm going to set up Mac filtering and say that Onley devices with these Mac addresses. I allow to connect to me aloud to allow to talk to.
So this prevents someone from just coming in with a rogue device and plugging in, plugging it into our switch, plugging it into a port and then just sending and receiving traffic. Now, this isn't a failed. This isn't a
fail safe setting that we set on our devices. Mac addresses could easily be spoofed. They can easily be forged on malicious devices, but it's just an additional layer of security. It's an additional protection measure to our security, standing with our network
that allows us to help mitigate certain attacks from, say,
the the person in our office that may not know a whole lot about networking. But they want to see if they can snoop around with a laptop that they bought because it'll make it harder to trace it back to them. Or so they think.
So they bring in their laptop, plug it in, they can't get an I P address, and they aren't going to come to us and say, Hey, my laptop, I can't get an I P address on and especially if we told them they aren't allowed to bring Matt their own personal equipment toe work. So they're gonna plug it in, not be able to connect, and then we'll just say, Forget it because they don't know. They may not know enough
in order to understand that were doing Mac address filtering. Or they may not know enough
the spoof a Mac address and try to get on our network. So Mac address filtering is just another layer of security. It's just another interface configuration that weaken set on our routers or switches.