How to Deploy Ethernet Switching
Quick Definition: Deploying Ethernet switching involves configuring network components such as switches, routers, access points, and bridges to enable efficient data transmission and network segmentation. It ensures data flows smoothly, devices communicate effectively, and security measures like VLANs and Quality of Service (QoS) are implemented to optimize network performance and protect against vulnerabilities.
Anyone in the IT networking sphere will inevitably have to deploy Ethernet switching. Ethernet switching facilitates the transmission of data across a wide range of devices. It also provides security by segmenting the network into distinct broadcast domains, isolating network traffic, and providing VLAN support for granular control. Lastly, Ethernet switching offers flexibility, scalability, and high-speed data transfer capabilities, making them critical in any organization’s network environment.
With all that said, a professional with the know-how to deploy Ethernet switching will be indispensable to an organization. A strong foundation in network knowledge is paramount, which is why we’ll go over how to deploy specific devices, which devices to use, and the key differences between a physical network interface and a virtual one.
Deploying Ethernet switching is a nuanced and involved process, so we have provided an in-depth checklist at the end of this article.
Why are Network Interfaces in Ethernet Switching Important?
Network interfaces are the very infrastructure in which Ethernet switching will occur. Network interfaces come in two different types: virtual network interface and physical network interface. They can work in conjunction or separately, each serving as critical components to the network’s infrastructure.
What is a Physical Network Interface?
A physical interface is what you traditionally think of as a network. It is comprised of switches, routers, and nodes, all connected via Ethernet cables. Examples include the Ethernet port on your computer, the router on a server rack, or the NIC in any hardware component.
What is a Virtual Network Interface?
Virtual network interfaces (VNI) are virtualized or software-defined. Often, VNIs will come in the form of VLANs or containerized applications, such as Docker or Kubernetes. A Virtual LAN works by partitioning off a network into logical units that greatly enhance network segmentation. This segmentation assists in troubleshooting, traffic routing, and security.
What is Containerization?
On the other hand, containerization encapsulates applications into pods, which have their own routing mechanisms. These routing mechanisms are YAML files that leverage Ingress and Service controllers to direct traffic to and from pods. Generally, these are written as YAML manifests and uploaded to the Kubernetes server.
What is a Hybrid Network Infrastructure?
Often, these interfaces work in tandem to offer a flexible and robust networking solution. For example, physical gateways or routers can direct traffic to different VLANs. Additionally, a switch can point towards a virtual load balancer that directs traffic to different virtual machines on a server. A hybrid approach is the most common solution across organizations, as it allows for the usage of existing hardware and offers the scalability of virtual networks.
How to Deploy Networking Devices in Ethernet Switching
The core components of a network are Ethernet switches, routers, access points, and network bridges. Each works together to create a robust, flexible, and durable network. Let’s go over each of them in-depth, starting with Ethernet switches.
Ethernet Switches
Ethernet Switches connect multiple devices together and forward packets to their intended destinations. Switches use the destination MAC address to determine where to route the packet. That is why it is considered a layer 2 device.
Routers
Like switches, routers direct traffic across the network. However, they use IP addresses, making them layer 3 devices. Also, routers direct traffic intelligently by finding the quickest way to the intended destination. This is accomplished using dynamic routing protocols such as OSPF (Open Shortest Path First), RIP (Router Information Protocol), and BGP (Border Gateway Protocol).
Routers can also use static routing tables to provide more granular network segregation to increase fault tolerance and ease troubleshooting. These must be manually configured by network administrators. Keep reading to see how this is done step-by-step on a Cisco router.
Access Points
Access Points are layer 2 Gateways extending a WiFi network's range. They serve as wireless hubs that direct traffic for wireless devices. Access Points broadcast a Service Set Identifier (SSI) that allows users to access the WiFi network (i.e., the name of the network).
Network Bridges
A network bridge is a device or software component used to divide or segment a network. They use layer 2 networking forwarding by analyzing the MAC address of the packet–just like a switch. By segmenting the network using VLAN or subnetting, network engineers have more control of ACLs, troubleshooting, and quarantining security breaches. The actual quarantining would be accomplished using an Intrusion Detection System and Firewalls, but the network bridge would greatly enhance discovery efforts.
One example of a network bridge would be segmenting different departments at a university. The engineering department would be one VLAN, while the English department would be a second VLAN, each connected via a network bridge.
How to Select the Right Networking Devices for Ethernet Switching
Selecting the right networking devices for Ethernet switching involves various factors related to your network and configuration requirements. In the preliminary stages, it is often helpful to create a diagram of how exactly you want the network to look. Here's a step-by-step guide that includes setting up IP addresses, default Gateways, protocols, and security measures.
Assess Your Network Requirements
Several factors are taken into consideration when assessing network requirements. For example, determine the purpose of your LAN. A network for a small office will be different from that of a data center, which will be different from an industrial environment, and so forth. Also, think about whether your network will expand in the future. Finally, ensure your server room has sufficient space and can be adequately cooled.
Next, understand how many devices will need to be connected and a good estimate of the expected network traffic. After you have a clear understanding of the number of nodes that will be present on the network, establish a plan for dividing them into sub-LANs. For example, if you have a marketing department and a sales department, a network bridge will be required to separate these two network subcomponents.
Configure Router IP Addresses
Configuring IP addresses is a critical part of defining network requirements. Decide whether static or dynamic IP addresses are most suitable for your network. Large or scalable networks will use dynamic IP addresses, while smaller networks would be fine using static IP allocation.
All IP addresses must be configured on the router since it is a layer three device. Here is a brief overview of how to assign a static IP address on a Cisco Router:
Access the router via SSH.
Log into the router using the designated username and password.
Enter privileged exec mode by typing enable into the shell.
Enter global configuration mode by typing configure terminal
Navigate to the device that you want to assign an IP address to.
Assign the IP address. For example: ip address 192.128.12.2 255.255.255.0
Enable the interface by typing no shutdown, then exit.
Configuring your router to use DHCP will require different steps. Here is how that would be done on a Cisco Router. The first four steps will be the same as static IP configuration.
Define a DHCP pool. ip dhcp pool <poolname>
Specify the network and subnet mask. network <network address> <network name>
Set the default Gateway for DHCP clients. default router <Gateway-address>
Configure DNS Server information. dns-server <dns-server-address>
Set lease duration and other optional parameters.
Activate the DHCP service on the interface: interface interface-type interface-number, then ip helper-address dhcp-server-address
Save your configuration: write memory
This is how each of these processes would be done on Cisco. Meraki or Aruba would have different but similar steps.
Configure Default Gateway
After configuring a router, you will need to configure a Gateway to access the internet. This will be a singular device that will act as a firewall for data transmission to and from the internet. It will also perform Network Address Translation (NAT) so that the ISP can use a singular IP address to identify the LAN.
Configure Network Protocols
There are dozens of protocols used on a network, and it would be difficult to list them all. However, think about the features you would like on the LAN. If you want email, your router must be configured with POP3 and SMTP for sending and receiving emails.
The router will use a dynamic IP allocation protocol such as DHCP (Dynamic Host Control Protocol) to provide addresses on the fly to nodes.
TCP (Transmission Control Protocol) will naturally be used for sending and receiving all data packets on the network. However, utilizing the secure version of TCP, TLS, is a good idea.
To monitor and troubleshoot traffic, network admins will utilize SNMP (Simple Network Management Protocol). SNMP can monitor aspects of the network, such as bandwidth utilization, device monitoring, and fault detection.
Lastly, any network leveraging the wireless community will use WiFi. WiFi is configured in the network’s Access Point device.
Implement Security Measures
There are a plethora of options available to harden a network. Implement access control lists (ACLs) to ensure only authorized users can access certain network resources. An ACL is a set of rules or criteria that determines which roles, machines, or users are allowed access to certain resources or protocols on the LAN.
In addition to ACLs, enable port security via firewalls. Default all ports to closed on the Gateway device and only open the ports required for communication; this adheres to the Least Privileged Access Principal.
Also, secure SNMP roles to ensure only authorized users can assess and analyze the network.
Lastly, verify the server is patched and updated regularly. This will reduce the hackers' attack vector by mitigating, or even eliminating, known security vulnerabilities. We have only scratched the surface of security implementation, but hopefully, those steps will serve as a starting point.
Common Configuration Steps for Ethernet Switching
There is more to configuring a LAN than throwing a couple of routers together and hooking them together. A network engineer must also consider aspects such as QoS (Quality of Service), VLAN setup and management, link aggregation, and Network Function Virtualization (NFV). QoS is a good place to start.
What is QoS?
QoS is a set of mechanisms that prioritize network traffic. It ensures mission-critical devices receive the correct resources to fulfill their SLA (Service Level Agreement). QoS is accomplished through various methods:
Packet Marking: This adds special markers called Differentiated Service Code Points (DSCP) to packet headers to indicate priority.
Traffic Shaping: By regulating the flow of traffic, QoS ensures that packets reach their destination in a consistent and predictable manner.
Bandwidth Reservation: Specific amounts of network bandwidth are reserved at all times for high-priority traffic.
Traffic Classification: Identifying and categorizing different types of traffic based on criteria like source, destination, port numbers, or application protocols.
QoS is configured on various points within the network. For instance, data prioritization can be configured on both the router and the switch. Also, wireless Access Points will often have QoS for VoIP communication by reserving bandwidth specifically for these interactions.
What is Link Aggregation?
Link Aggregation, also known as NIC Teaming, is a technique used to increase bandwidth between two or more devices. As a simple illustration, let’s say you have two computers connected by Ethernet cables, and you would like the transmission speed between them to increase. The solution would be adding an Ethernet port, connecting another wire, and linking them together.
As an analogy, think of Link Aggregation like a highway. The roads are Ethernet cables, and the cars are data packets. Instead of having a one-lane highway, the city builds a four-lane highway between each city (node on the network), thus allowing for increased traffic flow and traffic jam reduction.
In summary, Link Aggregation is mainly used to increase bandwidth across the network but also has the following advantages.
Increases Fault Tolerance: If one link fails, traffic can still continue on other lanes.
Dynamic Adjustment: Allow different links to be added and removed via software configurations.
Load Balancing: Equitable distribution of traffic decreases load on host machines.
Link Aggregation is configured on switches, servers, and Gateways. Since it can be utilized in so many areas, it is critical all Link Aggregation changes are well documented.
What is Network Function Virtualization?
At a high level, NFV is the abstraction of hardware components such as firewalls, routers, and switches, replacing them with software equivalences. This allows these network functionalities to run on standard, non-proprietary virtual machines instead of actual hardware.
NFV is an important part of cloud infrastructure due to its infrastructure-as-a-service (IaaS) philosophy, scalability, and flexibility. NFV is a modern and ever-evolving discipline that packages traditional hardware into a virtual environment.
NFV can yield several cost-saving benefits, including reduced physical hardware, cooling, and cabling expenses. However, successful implementation requires careful configuration and management of VNFs to avoid potential issues and realize cost savings.
What is a VLAN?
A VLAN is a logical segmentation of a physical network that is partitioned away from the rest of the network. VLANs are fundamental concepts in computer networks and yield the following benefits:
Broadcast isolation: A broadcast is when a data packet is sent to every machine on the network. VLANs allow nodes to restrict their broadcast communications to only those nodes that belong to the same VLAN.
Logical Separation: A VLAN is entirely separate from other portions of the LAN. A VLAN will only communicate with other VLANs through a physical or logical Gateway.
Efficient Resource Utilization: By dividing a physical network into multiple logical segments, VLANs allow for more efficient resource utilization. For example, multiple VLANs can share the same physical switches and routers without the need for dedicated hardware.
These are just three of the many benefits a VLAN provides. Setting up a VLAN is a fairly involved process, but it’s no big secret. This training will give you everything required to accomplish this fundamental task.
Final Thoughts
Phew! We covered a lot of fundamentals to consider when deploying Ethernet switching. The requirements for setting up a LAN can be time-consuming, but are highly awarding, and highly desired in every organization.
In this article, we reviewed the difference between a PNI and a VNI, the fundamental hardware in a network, how to select the right hardware, and common configuration steps. After the checklist, there are also a couple of other articles that will assist with any Ethernet deployment configuration needs.
Hopefully, this will give you the confidence and know-how to tackle any big networking project heading your way!
Deploying Ethernet Switching Checklist
As a final thought, it is critical to have a defined checklist when deploying Ethernet switching from the ground up. Please feel free to use this checklist as a starter template and modify it as needed. Everything in the checklist will be something we have gone over in this article.
Pre-Deployment Planning:
Hardware and Equipment:
Configuration and Installation:
Testing and Verification:
Documentation and Backup (Do NOT forget to document!):
Monitoring and Maintenance:
Post-Deployment Checklist (Very Important!):
Not a CBT Nuggets subscriber? Create your account now and get your first seven days free.
Additional Reading
delivered to your inbox.
By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.