There are many different options available when configuring an interface on a switch. In this video, you’ll learn about basic interface settings, VLAN configurations, power over Ethernet, and much more.
<< Previous Video: Spanning Tree Protocol Next: Static and Dynamic Routing >>
One of the most basic interface configurations you need to make on any ethernet connection is the speed and the duplex of the connection. You would generally configure the speed to be 10, 100, 1,000 or even faster ethernet communication, and you would set the duplex to be either half or full. There are also automatic modes that can automatically make sure that both sides are using identical settings, but some people prefer to set these manually. Either way, you need to make sure that all of these settings match on both sides of the configuration.
You may also be required to configure an IP address for a particular interface. This may be a layer 3 interface that’s on a router, or it might be an interface that’s defined as a VLAN interface to give you access to a particular VLAN on a switch. It’s very common also to add IP addresses for management interfaces, and your workstation, of course, needs a minimum of an IP address, subnet mask. It’ll probably need a default gateway and a DNS.
If you’re configuring an interface on a switch, you’ll also need to determine what the VLAN this particular interface needs to be a member of. You would assign that villain number on the switch interface that’s connected to that device. Some interfaces on a switch may be the designated trunk interfaces, so you would configure those particular interfaces to not only be a trunked interface, but to specify what VLANs are allowed to communicate through that trunk.
As we saw in a previous video, it’s common across a trunk to have the switch tag the particular VLAN number, and on the other end, the VLAN tag is removed from that frame and the frame is placed onto the proper VLAN. But you can also send untagged information over this particular link. It’s common, for example, to send management frames across this connection over what we call the default VLAN or the native VLAN, because any traffic on that particular VLAN will not have an additional tag added to it as it goes across the trunk.
If you have a wireless router at your home or your home office, you may see that there is an interface on the back that is labeled DMZ. This stands for demilitarized zone, and it’s a special interface that allows people access from the outside to be able to access certain resources on your network in this DMZ. But it still prevents anyone from accessing any devices that might be on your protected internal network.
On larger enterprise firewalls, you may not have an interface that’s specifically labeled DMZ, but instead the firewall administrator would configure one of those interfaces to allow traffic from the outside and simply call it the DMZ interface. Some switches not only provide a data connection, but they might also provide power for the end device. This means that a single wire can be used for data and power for things like a voice over IP phone, a wireless access point, a remote camera used for security, or any other device where it may be difficult to power that device where it happens to be located.
Some switches provide power from the switch itself. We call that an endspan power over ethernet connection, but sometimes you have a switch that doesn’t have power over internet capabilities. In those cases, you can put a power injector in the middle of that communication. We call this a midspan power over Ethernet injection.
You also see two modes of power provided on power over Ethernet. Mode A provides the power on exactly the same wires that you’re using for data. Mode B might be for cables that aren’t running at gigabit speeds and have spare wires available to use for the power.
One of the original power over Ethernet specifications was IEEE 802.3af. This is a standard that’s just now part of the normal 802.3 Ethernet standard. It provided 15.4 watts of DC power over this power over Ethernet connection, and the maximum current was 350 milliamps.
POE was updated in 2009 with the IEEE 802.2at specification, and this specification has also now been folded into the 802.3 Ethernet standard. This increased the amount of power to 25 and a half watts of DC power and a maximum current of 600 milliamps. One type of interface configuration that doesn’t come up very often, but when you need it, it’s very useful is something called port mirror.
This is where you can connect an analyzer or some type of monitoring device to the network, and you can take data that’s going between other stations, make a copy of that data, and send it to your monitoring device. A good example of this is if you wanted to put an IPS on the network. Normally traffic would traverse between stations inside of the switch, and none of that data would ever make it to the IPS.
But if you configure the IPS switch to be a port mirror or SPAN port– and SPAN stands for switch port analyzer– it then creates a tapped connection or a copy of that data. So as it’s going through the switch, a copy is created and that copy is sent both to the destination station and a copy is sent to the IPS.