FCN Computer Networking PDF
Document Details
Uploaded by Deleted User
Institute for Advanced Software Development
Tags
Summary
This document appears to be notes on computer networking, likely for a postgraduate course. It covers topics such as internetworking, different types of Ethernet cables, the OSI model, and IPv4. The content is in a typical note format and presents definitions, concepts, and examples.
Full Transcript
FCN PG-DITISS IACSD ': SS # 0cts [Iq!,rtE@...
FCN PG-DITISS IACSD ': SS # 0cts [Iq!,rtE@ drres{ Institute for Adva Software D en (IA I , Pune t FCN t Dr. D.Y, Patil Educational Co mplex, Sector 29, Behind Akurdi Railway Station, , Ni i Pradhikaran, Akurdi, Pune - 4LLO44. Page 1 \ FCN PG-DITISS IACSD INDEX 1. lnternetworking 3...4 3. Differenttypes of Ethernet cab|es.......................... 7 4. OSI Model..... 6. Three way Handshake.................... 20 7. lPv4 address... 2'l 8. Subnetting.... 22..........24 1 0. lPv6....................... 1 1. crsco ros........ 27 ; 12. Routing 1 3. RrP....................30 14. IGRP 31 ,| 32 1 33 17. 34 8. 36 19. VLAN 37 20. wP............ 'lo 44 23. 46 24.t. Page 2 FCN PG.DITISS IACSD I nternetrvorking Internetworking term in computer networking explains how computer networks connect with each other through Intemetworking devices. Before we learn internetworking in details, let's understand what computer network is first. Computer networks are basically built flom three components; N ices and Media. End Devices: - End devices are used to access or data tablet are the example ofend devices. Networking Devices: - Networking to data Routers. HUB. Bridges, firewalls and modems are the le of networking devices. Media: - Media is used to transmit the Copper cables, fiber wireless signals are the example a of media. In computer network:- lP address before source can access it. uses DNS resolve the hostname with [P address Every computer has a ue network address. This address represents its location in network. Corrputer address is addresses lP address and MAC address. o IP Address: - IP address is a software address. We need to conf8ure it on each PC. o MAC Address: - MAC address is a hardware address. It is assigned with Ethemet card from its manufacture company.. Computers know their own address but they don't know others. To know others address they use two t)?es of broadcast ARP and RARP. Page 3 I FCN PG.DITISS IACSD Network applications rely on broadcast messages to get the necessary information. Beside ARP and RARP there are lots of broadcast in the nefwork that create serious performance issue. To deal with broadcast issue, a large network is divided in many small networks. Each srnall network has its own broadcast boundaries and known as broadcast domain. Networking devices ln this section we will take five key networking devices those connect mult iple Il single network and explain how they affect broadcast and Hub Ifyou have two devices, you can connect with a. But if more than two devices, you need a center device that can thern- H[]B \ol\es this i\sue. lt single purpose, connect multiple devices in single network. Hub is a multi-port repeater. It I collision and adcast. HUB is the earliest device in computer network. U u will not Bridge devices Iligent ly'. can remove collision from network. It keeps record of connected create route for each devices. Bridge have following limitations. They cannot Bridges manage co by software that slows down overall network performance. Bridges have pon Bridges are outdated now. They are hard to find in current time computer network. They are replaced by switches. Page 4 FCN PG-DITISS IACSD Su,itch Switches have all goodies of bridges. They can control collision at hardware level that improves overall network performance. Switches create separate route for each connected device that eliminates CSMA/CD process completely. Switch keeps route information in memory. We willexplain this process le in our next article. For this article just make sure that you know switch which is track of connected devices. It is known as CAM table and also used to co llis io n. control the collision but they cannot controlthe broadcast. Route r A router is a device that analyzes the a rk or to another network. Routers determine whether and destination are on the network or whether data nrLrst be transl'erred liom one to another. which the data packet with routing protocol header information new network bpe. a Routers have fo They are very ve limited Multilaver Multilayer switches expensive device among these. They can control both collision and broadcast. Ethernet Ethernet is a standard communication protocol embedded in software and hardware devices. It is used for building a local area network. The local area network is a computer network that interconnects a group of computers and shares the information through cables or wires. Page 5 FCN PG.DITISS IACSD Wired Ethernet Netrvork The Ethemet technology mainly works with the fiber optic cables that connect devices within a distance of l0 km. The Ethemet supports l0 Mbps. Ethernet communication: A computer network interface card (NIC) is installed in each computer, and is assigned to a unique address. An Ethernet cab le runs liom each NIC to the. The switch and hub act as a relay though they have significant differences in the in which network trafiic - receiving and directing packets of data across the Ethernet tes a communications system that allows sharing of data and lnc inters, fax nes and scanners Wireless Ethernet Ethernet networks can also be wireless. rng to computers, wrre less NICs use radio waves for two-way co unication with a wireless switch or b. It consists of Ethemet ports, wireless NICs, switches and bs. Wireless network tec more flexible to use. but also require eytra care in configuring Types of Ethernet rks There are several types such as Fast Ethemet, Gigabit Ethernet. and Switch Ethernet. a group of connected together. , 1. et The fast of rk that can transfer data at a rate of 100 Mbps using a twisted- pair cable or a fiber le. older l0 Mbps Ethemet is still used, but such networks do not provide necessary bandwidth for network- based video applications 2, Gigabit Ethernet The Gigabit Ethemet is a t)?e ofEthernet network capable oftransferring data at a rate of 1000 Mbps based on a twisted-pair or fiber optic cable, and it is very popular. The type of twisted-pair cables that support Gigabit Ethernet is Cat 5e cable, where all the four pairs of twisted wires ofthe cable are used to achieve high data transfer rates. The l0 Gigabit Ethemet is a latest generation Ethemet capable oftransferring data Page 6 FCN PG-DITISS IACSD at a rate of l0 Gbps using twisted-pair or fiber optic cable. 3, Switch Ethernet Multiple network devices in a LAN require network equipment's such as a network switch or hub. When using a network switch, a regular network cable is used instead of a crossover cable. The crossover cable consists ofa transrnission pair at one end and a receiving pair at the other end. Different Types of Ethernet Cables Different tlpe and diameter ofthe cables used as given below: o lOBase2: The cable used is a thin coaxial cable: thin lOBase5: The cable used is a thick coaxial cab [ 0Base-T: The cable used is a twisted-pair (T ns twisted and thc is around l0 Mbps. l00Base-FX: Makes it possible leve of 100 Mbps by us multimode fiber optic (F stands for Fiber) lO0Base-TX: Similar to l0 , but with a speed l0 t lmes (r00 Mbps) t000Base-T: Uses a double-tw ir ofcategory 5 ca les allows r speed up to one Gigabit per second. l000Base-SX: multimode wavelength signal (S stands for short) of 850 nano l000Base-LX: uses a long wavelength signal (L stands for long) of ( 1270 to 13 Wireless Ne Wireless networks connect devices such as laptops to the Internet, the business network and applications. are connected to Wi-Fi hot spots in public places, the connection is established to that s wireless network. There are four main types of wireless networks: o Wireless Local Area Network (LAN): Links two or more devices using a wireless distribution method, providing a connection through access points to the wider Intemet.. Wireless Metropolitan Area Networks (MAN): Connects several wireless LANs. o wir.eless wide Area Network (wAN): covers large areas such as neighboring towns and cities. Page 7 1 FCN PG-DITISS IACSD Wireless Personal Area Network (PAI9: Interconnects devices in a short span, generally within a person's reach. OSI MODEL Layer architecture Layer Function Example Services that are used with Application (7) end user applications SMTP, Formats the data so that it can be viewed by the user JPG, GIF, HTTPS, Presentation (6) SSL, TLS Encrypt and decrypt Esta b lishes/ends connections Session (5) between two hosts NetBlOS, PPTP , Responsible for the transport Transport (4) protocol and error handling TCP, UDP I Reads the lP address form Routers, Layer 3 Network (3) the packet. Switches Reads the MAC address from Data Link (2) the data packet Switches Send clata on to the physical Physical (1) wt re. Hubs, NICS, Cable Layer 1: Physical , ,, l,!i.., :,,1,.'.-lir,Ll,r,rr E ItII tIl i,. ll,..i,. " t,, Page 8 FCN PG-DITISS IACSD The physical layer is responsible for the transmission and reception of unstructued raw data between a device and a physical transmission medium. It converts the digital bits into electrical, radio, or optical signals. The components ofa physical layer can be described in terms ofa network topology. Bluetooth, Ethernet, and USB all have specifications for a physical layer. Functions of Physical Layer Following are the various functions performed by the Physical OSI model '1. Representation of Bits: Data in this layer co of bits. s rnust be into signals for transmission. It defines the type o ding i.e. how 0's and to signal 2. Data Rate: This layer defines the rate o per second. 3. Synchronization: [t deals with ver. The sender and receiver are synchronized at b 4. Interface: The physical fines the transrnission devices and transmission medium. t I , 5. Line Configuration: This devices with mediurn: Point to Point configuration and Multipo nfiguration. 6. Topologies: be wing topologies: Mesh. Star, Ring and Bus. 7. Transmission defines the direction oftransrnission between two devices: lex, Half Dup baseband broadband SSION. Laver 2: Data l-ink The data link layer prov node-to-node data transfer-a link between two directly connected nodes. It defines the protocol to establish and terminate a connection between two physically connected devices. It also defures the protocol for flow control between them. IEEE 802 divides the data link layer into two sublayers Medium access control (MAC) layer - responsible for controlling how devices in a network gain Page 9 FCN PG-DITISS IACSD access to a medium and permission to transmit data. Logical link control (LLC) layer - responsible for identi$ing and encapsulating network layer protocols, and controls error checking and frame rymckonization. Functions of Data Link Layer '1. Framing: Frames are the streams of bits received from the le data units. This division of stream of bits is done by Data Link 2. Physical Addressing: The Data Link layer adds a in ordcr to physical address ofthe sender or receiver ofthe frame, ifthe are to buted to d systems on the network. 3. FIow Control: A flow control mechanisnr to id a fast transnritter recetver by buffering the extra bit is provided.l receiver side. 4. Error Control: Error control is add at the of the liarne. Duplication of flames are also prevented using this mechanism. Data Link yers adds mechanism to prevent duplication of fiame 5. Access Control: Protocols o laver determine w of has control over the link at any given time, when two or s are the same link Layer 3: Network The layer prov the means of transferring variable length data seq d packets) ne node to connected in "different networks". lfthe message is too large to Iiorn node to another on the data link layer between those nodes, the network may implement deliverv litting the message into several fragments at one node, sending the fragments indepe ling the fragments at another node. Message de livery at the layer is not necessarily guaranteed to be reliable; a network layer protocol may provide reliable me delivery, but it need not do so. Functions of Network Layer It translates logical network address into physical address. Concerned with circuit, message or Page L0 FCN PG-DITISS IACSD packet switching. 2. Routers and gateways operate in the network layer. Mechanism is provided by Network Layer for routing the packets to final destination. 3. Connection services are provided including network layer flow control, network layer error control and packet sequence control. 4. Breaks larger packets into small packets. Layer 4: Transport Layer The transport layer provides the functional and ing variable data sequences from a source to a destination host, while quality functio The transport layer controls the reliability of a gi through flow control, l. Sorne protocols are state- and connect lon-o Functions of Transport Layer 1. Service Point Addressing: rt Layer header inc pirint address which is port address. This layer gets the to the correct pro on computer unlike Network Layer, which gets each packet to the CO mputer. 2. Segmenta Reassemb isd into segments; each segment contains sequence les this ling the message. Message is reassenrbled correctly upon ion and replaces packets which were lost in transmission nection Con Connection or1 La Each segment is considered as an independent packet and vered to the rt layer at the destination machine. o ion Or ranspo rt Layer: Before delivering packets, connection is made with destination machine. 4. Flow Control: this layer, flow control is performed end to end. 5. Ermr Control: Error Control is performed end to end in this layer to ensure that the complete message arrives at the receiving transport layer without any error. Error Correction is done through retransmission. Page 11 FCN PC.DITISS IACSD TRANSMISSION CONTROL USER DATAGRAM PROTOCOL (UDP) PROTOCOL (TCP) TCP is a connection-oriented protocol. UDP is the Datagram oriented protocol. This is Connection-orientation means that the because there is no overhead for opening a communicating devices should establish a connection, maintaining a connection, and connection before transmitting data and terminating a connect UDP is effic ient for should close the connection after transmitting broadcast and network the data translniss TCP is reliable as it guarantees delivery ofdata the be to the destination router. TCP provides extensive eror ; checking mechanisms. It is because it provifu C mechanisrn flow control and acknowledgment ot,4@ ing checksums. Sequencing of data is a of Transmission Control Protocol This Ihere is no of data in UDP. If means that packets arrive in the Orderirrg is requi , it has to be managed by the rccelver. application layer.. sirnpler. and ef{icient than TCP is comparative UDP. \ Rctransmission of lo s In There is no retransmission of lost packets in User l-CP. but not in UDP. Datagram Protocol (UDP). l( P has a (20-80) hytcs variablc leneth UDP has an 8 byes fixed length header. hcadcr. TCP doesn't suppor-ts Broadcasting UDP supports Broadcasting. Layer 5: Session Layer The session layer controls the dialogues (connections) between computers. It establishes, manages and PaEe 12 FCN PG.DITISS IACSD tenninates the connections between the local and remote application. In the OSI model, this layer is responsible for gracefully closing a session, which is handled in the Transmission Control Protocol at the transport layer in the Intemet Protocol Suite. The session layer is commonly implernented explicitly in application environments that use remote procedure calls. Functions of Session Laver 1. Dialog Control: 'l'his layer allows trvo systems to start communication with each other in halt'- duplex or full-duplex. 2. Token Management: This layer prevents two pafties frorn atternpting the same critical operation at the sarne tirne. 3. 51'nchronization: This layer allorvs a process to add checkpoints which are considered as synchronization points into stream of data. Example: If a systern is sending a file of 800 pages. adding checkpoints after every 50 pages is recommended. This ensures that 50 page unit is successfullv received and acknorvledged. 'fhis is beneficialat the time ofcrash as ifa crash happens at page nurnber I l0: there is no need to retransmit I to 100 pages. Layer 6: Present:rtion Laver The presentation la1'cr establishes context betu,een applicat ion-la1er entities. in rvhich the app licat ion- la1,er entities rnay use ditJ'erent syntax and semantics if the presentation service provides a rnapping betrvecn thenr. Ila mapping is available. presentation protocol data units are encapsulated into session protocol datr units and passed dorvn the protocol stack. This layer provides independence from data representation t)\' translating tretrveen application and netrvork fonnats. The presentation layer transforms data into the lorrn that the application accepts. Functions of Presentation Layer r''ri:rr' 1. Translation: Before being transmitted, information in the form ofcharacters and numbers should be changed to bit streams. The presentation layer is responsible for interoperability between encoding methods as different computers use different encoding methods. lt translates data between the formats the network requires and the format the computer. 2 Encryption: It carries out encr)?tion at the transmitter and decryption at the receiver. 3. Compression: [t carries out data compression to reduce the bandwidth ofthe data to be transrnitted. Page 13 FCN PG-DITISS IACSD The primary role of Data compression is to reduce the number of bits to be 0transmitted. It is important in transmitting multimedia such as audio, video, text etc. L^yer 7i Application Layer The application layer is the OSI layer closest to the end user, which lication layer and the user interact dtectly with the software application. This la rv ith plications that implernent a communicating component. Applicatio n-la ns tlpically inc ntirying communication partners, determining resource availability, svnc CO l't'Il-tu nicat ron. lication protocols that are used are File Transfer Protocol(FTP). T l(rFrP), le Mail Transfer Protocol (SMTP), TELNET, Domain Name etc. Functions of Application Layer I. Mail Services: I his layer the basis for E-mail storage. 2. Nehvork Virtual Terminal: a user to log on a remote host. The application creates software ion of a tenlinal host. U s computer talks to the software tenninal rvhich in turn host and v renrote host believes it is communicating with one of its allows user to log on. rv Services: prov access for global information about various services 4. File Access nagement (FTAM): It is a standard mechanism to access files and manages it. files in a remote computer and manage it. They can also retrieve files from a remote TCP/IP (Transmission Control Protocol/ Internet Protocol) TCPflP means Transmission Control Protocol and Intemet Protocol. It is the network model used in the curr€nt Internet architecture as well. Protocols are set of rules which govern every possible communication Page 14 FCN PC.DITISS IACSD over a network. These protocols describe the movement ofdata between the source and destination or the internet. They also offer simple narning and addressing schemes. Application Layer Transport Layer lnternet Layer Network Access Layer Protocols and networks in the TCP/IP FTP SNITP Application TCP UDP Transport Protccols 'i r;-l Nel,vork Physical + Data Networks ARPANET Packet Radro LAN Llnk Ovcr-vierv of TCP/IP that is Protocol and Internet Protocol was developed by Department of Defense's Project Agency (ARPA, later DARPA) as a part of a research project of network interconnection to connect remote machines. The features that stood out during the researcll which led to making the TCP/IP reference model were: Support for a flexible architecture. Adding more machines to a network was easy. Page 15 FCN PG-DITISS IACSD o The network was robust. and connections remained intact until the source and destination machines were functioning. The overall idea was to allow one application on one computer to talk to (send data packets) another application running on different computer. Different Layerc of TCP/IP Reference Model Below we have discussed the 4 lavers that form the TCP/IP Layer l: Host-to-network Layer l. Lowest layer ofthe all. 2. Protocol is used to connect to the that il 3. Varies fom host to host and to network. Layer 2z Internet layer l. Selection ofa packet which is a connectionless internetwork layer is called an la yer. 2. It is the layer whole 3 lps the packet the destination. 4 received is different fiom the way they are sent. 5. IP Qnternet in this layer. 6. The various performed by the lntemet Layer are: Delivering IP packets Performing routing Avoiding congestion Layer 3: Transport Layer Page 16 FCN PG-DITISS IACSD l. It decides ifdata transnrission should be on parallel path or single path. 2. Functions such as rnultiplexing, segmenting or splitting on the data is done by transport layer. 3. The applications can read and write to the transport layer. 4. Transport layer adds header infonnation to the data. 5. Transport layer breaks the message (data) into srnall SO handled Iy by the network layer. 6. Transport layer also arrange the to be Layer 4: Application Layer The TCP/IP specifications described of applications that the protocol stack. Some ofthem were TELNET, FTP, SMTP, etc. l. TELNET is ws connecting to a remote machine and rllrl 2. FTP (File protocol that allorvs File transfer arnongst computer users over a and efficient. (Simple l) is a protocol, which is used to transpo( electronic mail and directed via a route. 4. DNS an]e an IP address into a texlualaddress for Hosts connected over a network. 5. It allows peer to carrv conversation. 6. It defines two end-to-end protocols: TCP and UDP TCP (Transmission Control Protocol): It is a reliable connection-oriented protocol which handles byte-stream from source to destination without error and flow control. Page 77 FCN PG.DITISS IACSD UDP (User-Datagram Protocol): It is an unreliable connection-less protocol that do not want TCPs, sequencing and flow control. E.g.: One-shot request-reply kind ofservice. Merits of TCP/IP model l. It operated independently 2. [t is scalable 3. Client/server architecture. 4. Supports a number ofrouting protocols. 5. Can be used to establish a co l)e merits of TCP/lP 1. In this. thc transport lal,cr dtres not guarantee delivery ofpackets. ! 2. The rnodel cannot used lon. 3 protocol is easy. 4. It has not c w aratotrrts services, interfaces and protocols. Comparison between OSI and TCP model Page 18 FCN PG.DITISS IACSD OSI(Open System Interconnection) TCP/IP(Transmission Control Protocol / Internet Prctocol) l. OSI is a generic, protocol independent l. TCP/IP model is based on standard standard. acting as a corrununication gateuay protocols around which the Internet has between the network and end user. developed. It is a protocol, which allows n ver a network. 2. ln OSI model the 2. In TCP/IP model the trarsport layer does transpofi layer guarantees the not guarantees delivery ofpackets. Still the delivery of packets. TCP/IP model is more reliable. 3. Follows vertical approach. 3. Follows horizontal I _.,, 4. OSI model has a separate Presentation layer 4. TCP/IP does not have a separate and Session layer. Presentation layer or Session layer. 5. Transport Layer 5. Transport Layer is both Oriented and Connection less. 6. Network Layer is both 6. Network Layer is Connection less. Connection Oriented and Connection less. 7. OSI is a reference around lvhich the TCP/IP model is, in networks are built. lly it is used as a a way implementation of the guidance tool. OSI model. Paee 19 FCN PG.DITISS IACSD 8. Network layer ofOSI model provides both 8. The Network layer in TCP/IP model connection oriented and connectionless provides connectionless service. service. 9. Protocols are hidden in OSI model and are 9. In TCP/IP replacing protocol is not easy. easily replaced as the technology changes. 10. OSI model defines services, interfaces 10. In TCPflP, services, interfaces and and protocols very clearly and makes clear protocols are not clearly separated. It is distinction between them. It is protocol also protocol dependent. independent. I l. It has 7 layers I l. It has 4 larcrs Three Wav Handshake TCP requires connection n to be established or initialized, the two hosts must (lSNs). :- -l {I 1 Send SYN (seq-1gg cd =SYN) SYN, ACK 2 ack= 1 01 SYN received 6 Eshbtished (seq=10t ack=sol cll=ack) 3 way handshaking technique is often referred to as "SYN-SYN-ACK" (or more accurately SYN, SYN- ACK, ACK) because there are three messages transmitted by TCP to negotiate and start a TCP session Page 20 FCN PG-DITISS IACSD between two computers. This is done by sending a SYN (synchronization) packet, as if to initiate a tkee-way handshake, to every port on the server. Ifthe server responds with a SYNiACK (synchronization acknowledged) packet liom a panicular pon. it means the porl is open. IPv4 address The IP hierarchy contains rnany classes ofthe IP addresses. addressing is divided into five classes ofIP address. All the five classes are identified ofthe IP The Classes of IPv,l addresses The different classes ofthe IPv4 address are 1) Class A address 2) Class B address 3) Class C 4) c D address address Class A Address The Frst bit ofthe first always set to zero. So that the first octet ranges from I - 127. The class A address only include IP starting from I.x.x.x to 126.x.x.x. The IP range l27.x.x.x is reserved for loop back IP addresses. The default subnet mask for class A IP address is 255.0.0.0. This means it can have 126 networks (27-2) and 16777214 hosts (224-2). Class A IP address format is thus: N.H.H.H Class B Address Page 2L FCN PG.DITISS IACSD Here the first two bits in the first two bits is set to zero. Class B IP Addresses range from 128.0.x.x to 19t.255.x.x. The default subnet mask for Class B is 255.255.x.x. Class B has 16384 (214) Network addresses and 65534 (216-2) Host addresses. Class B lP address format is: N.N.H.H Class C Addrcss The first octet of this class has its first 3 bits set to ll0. Class C IP 192.0.0.x to 223.255.255.x. The default subnet mask for Class C is 255.255 Class C tsz (22t) Network addresses and 254 (28-2) Host addresses. Class C lP is: N.N.N.H Class D Address The first four bits ofthe first octet in class D I D has rage from 224.0.0.0 to 239.255.255.255. Class D is Mu rnult a is not intended for a particular host, but multiple ones why there is no need to extract ss from the class D IP addresses. The Class D does not have subnet mask. Class E.\tldress The class E [P addres for exper only for R&D or study. IP addresses in the class E ranges fiom 240. 5.254. This class too is not equipped with any subnet mask. Each IP ad ists ofa su mask. All the class types, such as Class A. Class B and Class C include the subnet mask the subnel mask The subnet mask is intended for determining the tlpe and number of IP for a given local network. The firewall or router is called the default gateway. The default su is as follows. Class A: 255.0.0.0. Class B: 255.255.0.0. Class C: 255.255.255.0 The Subnetting process allows the administrator to divide a single Class A, Class B, or Class C network number into smaller portions. The subnets can be subnetted again into sub-subnets. Page 22 FCN PC-DITISS IACSD Dividing the network into a number of subnets provides the following benefits: Reduces the network traffic by reducing the volume ofbroadcasts Helps to surpass the constraints in a local area network (LAN), for example, the maximum number of permitted hosts. Enables users to access a work network liom their homes; there is no need to open the complete network. Example using the Class C rnask of 255.255.255.224 Subnet b th is mask IS 3 2 3-2=6 subnets Host bits are available per subnet is 5 bits or 2"5-2:30 Subnet addresses are 256-224 =32, 64,96. lZ8. 160 192 (Six subnets found add 32 to itsetf.) Broadcast address ofeach subnet is the The address for the 64 subnet is 95. The broadcast for the 96 subnet is 127. The broadcast address for the I is l9l. The 192 subnet is 223 (since 224 is the mask).Valid host range of is valid hosts the in betrveen the subnet and broadcast addresses. Exarrple using class B.255.240.0 '1. 2-2= 14 subnets 2. 2-4094 hosts 240=t6.0,3.0,64.0, 4. for the 16. is 31.255. Broadcast for the 32.0 subnet is 47.255. etc. 5. The are: Subnet 0 0 0 first host 6.1 I I I last host 1.254 7.254 254.254 broadcast 1.255 7.255.255.255 Page 23 FCN PG-DITISS IACSD Example using Class A mask 255.240.0.0 (ll2) this mask provides you with only four subnet bits, or 16 subnets (14 ifyou're not using subnet zero) with 1,048,574 hosts each. The valid subnets are 256-24F16, 32, 48, 64,80, etc., all the way to 224. The first subnet, assuming subnet zero, is:. Subnet:10.0.0.0. Broadcast: 10.15.255.255. Valid host range: 10.0.0.1 through 10.15.255.254 The last subnet, assuming*subnet zero, is:. Subnet: 10.240.0.0 *. Broadcast: 10.255.255.255 &' "'%. Valid host range: 10.240.0.1 through 10.255.255.254.%,- % Variable Lensth Subnet Mask NT,SM ) A Variable Length Subnet Mask (VLSi\4) is a nurnerical masking sequence, or lP address subset, based on overall network requirements. A VLSM allows a netrvoik administrator to use long masks for networks with few hosts and short rnasks for networks rvith multiple hosts. A VLSM is used with a VLSM router and must have routir']g protocol support. A VLSM is also knorvn as a classless Internet Protocol (lP) address. For example. an administrator have 192.168.1.0/24 network. The suffix /24 tells the nLrmber of bits used for rretwork address. In this exarnple, the adnrinistralor has three different depanmcnts with different nurnber olhosts. Sales depanment has 100 cornputers. Purchase depanment has 50 computers, Accounts has 25 computers and Management has 5 computers. In CIDR, the subnets are offixed size. Using the same methodology the adrninistrator cannot fulfill all the requiremcnts ofthe nelwork. The lollorving procedure shorvs horv VLSM can be used in ordcr to allocate departrnent -* ise IP addresses as nrentioned in the exarnple. Step -1 Make a list of Subnets possible. Sub'let Msst geh otatlon Hosts/$bmt 255.?55.2s5-O 124 254 255.2ss.255.72A 125 726 2s5.255.25s.192 /25 62 255.?55.255_224 127 30 255.25s.2s5-240 l2S l4 255.25S.255.248 129 6 255.255.255"252 130 2 PaEe 24 FCN PG-DITISS IACSD Step - 2sort the requirements of lPs in descending order (Highest to Lowest). - Sales 100 r Purchase 50 I Accounts 25 - Management 5 Step -3 Allocate the highest range of IPs to the highest requre so let's assi 68.t.0 /zs (255.255.255.128) to the Sales department. This lP subnet with rnber 192. 168.1. 26 valid Host IP addresses which satis! the requirement ofthe subnet mask for this subnet has 10000000 as the last octet. Step - 4 Allocate the next highest range, so let's s lgn 5.2 5 to lhe Purchase departnlent. This IP subnet with Network 168 val IP s which can be easily assigned to all the PCs of hase department. The subnet has I 1000000 in the last octet. Step -5 Allocate the next highest ran Accounts. The t V irernent of 25 IPs can be fulfilled with 192.168.1.t92 /27 (Z 5.2ss.224\ tP ich conta 0 valid host IPs. The network number of Accounts department 68.1. 192. subnet mask is I I 100000. Step -{ the next The Management department contains only 5 subnet 192..224 129 the Mask 255.255.255.248 has exactly 6 valid host IP addresses. be ass Management. The last octet ofthe subnet mask will contain I I I I 1000. By using VLSM, the can subnet the IP subnet in such a way that least num ber of IP addresses are wasted. Even after IPs to every department, the administrator, in this example, is still left with plenty of IP addresses was not possible if he has used CIDR. IPv6 address An Internet protocot Version 6 address (Pv6 address) is a numerical label that is used to identifl a network ofa computer or a network node participating in an IPv6 computer network' interface network An IPv6 address consists of 128 bits. An IP address serves the purpose of identiffing an individual Page 25 FCN PG.DITISS IACSD interface ofa host, locating it on the network, and thus perrnitting the routing of lP packets between hosts. For routing, IP addresses are present in fields of the packet header where they indicate the source and destination of the packet. A unicast address identifies a single network interface. The Internet Protocol delivers packets sent to a unicast address to that specific interface. An any cast address is assigned to a group of interfaces, usually belonging to different nodes. A packet sent to an any cast address is delivered tojust one ofthe member interfaces. typically the nearest host, according to the routing protocol's definition ofdistance. Anycast addresses cannot be identified easily., they have the same format as unicast addresses, and differ only by their presence in the network at multiple points. Almost any unicast address can be employed as an any cast address. A multicast address is also used by multiple hosts, which acquire the multicast address destination by participating in the multicast distribution protocol among the network routers. A packet that is sent to a multicast address is delivered to all interfaces that have rlJoined the corresponding multicast group. IPv6 does not implement broadcast addressing. Broadcast's traditional role is subsumed by multicast addressing to the all-nodes link-local multicast group fI02::1. However, the use ofthe all- nodes group is not recommended, and most IPv6 protocols use a dedicated link- local multicast group to avoid disturbing every hterface in the netuork. Reprcsentation An lPv6 address is represented as eight groups of fbur hexadecimal digits. each group represcnting l6 bits (two octets, a group sornetimes also called a hextet. The groups are separated by colons (:). An exanrplc of an IPv6 address is: 200 I :0db8:85a3:0000:0000:8a2e:0-170:7334 The hexadecimal digits.are case-insensitive, but IETF recommendations suggest the use of lower case letters. The full representation ofeight 4-digit groups may be simplified by several techniques, eliminating parts of the representation. Leading zeroes in a group may be omitted, but each group must retain at least one hexadecimal digit. Thus, the example address may be written as: 200 I :db8:85a3 :0:0:8a2e:37 0:7334 one or more consecutive groups containing zeros only may be replaced with a singte empty group, using Page 26 FCN PG-DITISS IACSD two consecutive colons (::). The substitution may only be applied once in the address, however, because multiple occurrences would create an ambiguous representation. Thus, the example address can be further simplified: 200 I :db8: 85a3 ::8 a2e:37 0:7 33 4 The localhost (loopback) address, 0:0:0:0:0:0:0: l, and the IPv6 unspecified 0:0:0:0:0:0:0:0. are reduced to ::l and ::, respectively. Cisco IOS Cisco technology is built around the Cisco (r is the that controls the routing and switching functions of deviccs. A solid of the IOS is essential for a network administrator. The Purpose of Cisco IOS: As with a router or switch cannot without an operating system. Cisco calls its operating the Cisco Internetwork or Cisco IOS. It is the enrbedded softrvare architecture in all Cisco routers and operating system of the Catalyst switches. Without an the have The Cisco IOS provides the following network 1. Basic Reliable and resources scala Operation of The Cisco IOS devices distinct operating environments or modes: 1. ROM monitor 2. Boot ROM 3. Cisco IOS The startup process of the router normally loads into RAM and executes one of these operating Page 27 FCN PG.DITISS IACSD environments. The configuration register setting can be used by the system administrator to control the default start up mode for the router. To see the IOS image and version that is running, use the show version command, which also indicates the confi guration register setting. IOS File System Overview RAM Running Configuration NVRAM Startup Configuration Flash IOS lmage t Initial Sta A router initializes bootstrap, the operating systern, and a configuration file. If the router cannot find a it enters setup mode. Upon completion ofthe setup mode a backup copy of the configuration file be saved to nonvolatile RAM (NVRAM).The goal of the startup routines for Cisco IOS software is to start the router operations. To do this, the startup routines must accomplish the following: o Make sure that the router hardware is tested and functional. o Find and load the Cisco IOS software. o Find and apply the startup configuration file or enter the setup mode. Page 28 FCN PG-DITISS IACSD When a Cisco router powers up, it performs a power-on self-test (POST).During this self-test, the router executes diagnostics from ROM on all hardware modules. Router User Interface Modes The Cisco command-line interface (CLI) uses a hierarchical structure. entry into different rnodes to accomplish particular tasks. Each configuration is ind icatcd d ist inctive prompt and allows only commands that are appropriate for that security t!ature isco IOS software separates sessions into two access levels, user mode ileged The privileged EXEC mode is also knorvn as enable mode. ,4.- ,. User EXEC mode Router). Privileged EXEC mode Router#. Global conflguration mode Router (config) S. Specific configuration modes Routing protocols Routing Protocols process for sharing route information allows routers to communicate with oth€r routers to update and maintain the routing tables. Examples ofrouting protocols that support the lP routed protocol are: RIP, IGRP, EIGRP, OSPF, AND BGP. Page 29 FCN PG-DITISS IACSD Protocols used at the network layer that transfer data from one host to another across a router are called routed or routable protocols. The Intemet Protocol (IP) and Novell's Internetwork Packet Exchange (lPX) are examples ofrouted protocols. Routers use routing protocols to exchange routing tables and share routing information. Routing Information Protocol (RIP) Routing Information Protocol (RIP) is a dy.narnic routing protoco hop count as a nletflc to find the best path between the source and the destination It is e vector rout col which has AD value 120 and works on the application of L ort nu 520. Hop Count: Hop count is the number ofrouters source and desti r1. The path vvith the lowest hop count is considered as best route to reach a network and placed in the routing table. zuP prevents routing loops by the number of ho in a path from source and destination. The maximum hop count for RIP is 15 and hop CO t of l6 is considered as network unreachable. Features of RIP: 1. Updates ofthe periodically. 2 s (routing ) are adcast. tables lt't 4. Ro trust o uting inforrnation received frorn neighbor routers. This is also known as routing RIP versions: There are three versions o ing information protocol - RIP Versionl, RIP version2 and RIPng. RIP VI F*u' Imne update as Sends update as broadcast update as multicast Iticast l.*0, Page 30 FCN PC-DITISS IACSD Multicast at FF02::9 Broadcast at (RIPng can only run on 255.255.255.255 Muf ticast at 221.0.0.9 lPv6 networks) Doesn't suppo( authentication of update lruoron, authentication of messages unaut" messages lrueuz --- Classfu I routing protocol lClassless protocol, supports Irassiur RIP vl is known as Classful Routing Protocol because it 't send ion of SLI in its routing update. RIP v2 is known as Classless Routing Protocol iI sends infonnation of its routing update. r 1l Ii.outi n Pro G Cisco created Interior Gateway Ro Protocol (IGRP) in to the limitations irr Routing Information Protocol (RIP), which ha hop of 15. ICRP supports a maximum hop count ofup to 255. two purpo ilrc Commun to all connected routers within its boundary or autonomous system ntinue updati llever is a topological, network or path change that occurs IGRP sends a no of any changes, and information about its status, to its neighbors every 90 seconds. IGRP manag table with the most optimal path to respective nodes and to nenvorks within the parent it is a distance vector protocol, IGRP uses several parameters to calculate the metric for the best path to a specific destination. These parameters include delay, bandwidth. reliability, load and maximum transmission unit (MTU). Some features oflnterior Gateway Routing Protocol (IGRP) are Page 31 FCN PG-DITISS IACSD. IGRP uses a sophisticated metric based on bandwidth and delay.. IGRP uses triggered updates to speed-up convergence.. IGRP supports unequal-cost load balancing to a single destination. Distance vector routing is based on distance. A distance vector table is built by each r,outer that contains two primary entries: a vector (destination) and a distance (cost) EIGRP (Enhanced I nterior Gatewa Routin Protocol EIGRP (Enhanced Interior Gateway Routing Protocol) is an advanced distance vector routing protocol. This protocol is an evolution ofan earlier Cisco prolocol called IGRP. rvhich is norv considered obsolete. EIGRP supports classlcss routing and VLSM. route summarization, incremental updates. load balancing and tnany other useful t'eatures. It is a Cisco proprietary protocol. so all routers in a network that is running EICRP must be Cisco routers. Routers running EIGRP must becorne neighbors lrefore exchanging routing infbrrnation. To dynanrically d iscover neighbors. EIGRP routets use the mu lt icast address of 22.1.0.0. 10. Each EIGRP router stores routing and topology infbrnration in tlrree tables: Neighbor table - stores infornratiorr about EIGRP neighbors Topologv table - stores routing inforrnat ion learned frorn neighbr'rrine rorrters Routing table - stores tlre best routes Administrative distance of EIORP is 90. which is less than both the administrative distance of RtP and the administrative distanceof OSPF, so.EIGRP routes will be prefened over these routes. EIGRP uses Reliable Transport Protocol (RTP) for. send in g rnessages. EIGRP calculates it's metric by using bandwidth, delay, reliability and load. By default, only bandwidth and delay are used when calculating metric, while reliability and load are set to zero. EIGPR uses the concept ofautonomous systems. An autonomous system is a set ofEIGRP enabled routers that should become EIGRP neighbors. Each router inside an autonomous system must have the same autonomous system number configured, otherwise routers will not become neighbors. EIGRP Neighbors Page 32 FCN PG-DITISS IACSD EIGRP must establish neighbor relationships with other EIGRP neighboring routers before exchanging routing information. To establish a neighbor relationships, routers send hello packets every couple of seconds. Hello packets are sent to the multicast address of224.0.0.10. C)nen Shortest Path Firs f IOSPF) nrotocol Open Shoftest Path First (OSPF) is a link-state routing protocol which is used to find the best path belveen the source and the destination router using its own Shortest Path First). lt is a netu'ork layer protocol uhich rvorks on the protocol number 89 and uses AD value I 10. OSPF uses multicast address 224.0.0.5 for nornral communication and 224.0.0.6 fbr update k') designated roLrter (DR)/Backup Designated Router (BDR). OSPF will listen to neighbors and gather all link state data available to build a topology nrap ofall available paths in its netrvork and tlten saYe the infornration in its topology dalabase. also known as it's Link-State Da(abase (LSDB). Using the inlorrnation trorn its topology database- From the information gathered. it will calculate the best shortest path to each reachable subnet/netrvork using an algorithrn called Shortest Path First (SFP). OSPF rvillthen construct three tables to storc the folltlwing infortn:rtion:. Neighbor Table: Contains all discovered OSPF neighbors u'ith slronr routing inlortrtatiorr rvill he interc hanged. Topology Table: Clontains the entire road map ofthe network rvith all available OSPF routers and calculated best and alternative paths.. Routing Table: Contain the crrrent working best paths that will be used Io ftrrrvard data traffic betrveen treighbors. Understanding OSPF Areas OSpF offers a verl distinguishable fbature nanled: Routing Al'eas. It means dividing routers inside a single autotlornous system running OSPF, into areas where each area consists ofa group ofconnected Iouters' The idea of dividing the OSPF network into areas is to simplify administration and optimize available resources. Resource optirnization is especially imponant for large enterprise networks with a plethora of and reduce network and links. Having many routers exchange the link state database could flood the network irs efficiency - this was the need lhat led to the creation ofconcept Areas' oSPF network. Areas are a logical collection ofrouters that carry the same Area ID or number inside ofan the backbone area the OSPF network itself can contain multiple areas, the first and main Area is called "Area 0",all other areas must connect to Area 0 osPF terms - Page 33 FCN PG-DITISS IACSD 1. Router I'd - It is the highest active lP address present on the router. First, highest loopback address is considered. If no loopback is configured then the highest active IP address on the interface ofthe router is considered. 2. Router priority - lt is a 8 bit value assigned to a router operating used to elect DR and BDR in a broadcast network. 3. Designated Router (DR) - It is elected to of DR distributes the LSAs to all the other routers. DR lll network all the other routers shares their DBD. In a for an to DR and DR will respond to that request with 4. Backup Designated Router ts Rin a nelwork. When DR goes down, BDR becomes and performs its functions. DR and BDR election - DR and BDR election takes place in netlvork or multi network. Here is the criteria for the election: 1. Router router as DR. 2. If there is a then highest router I'd r.vill be considered. First, highest loopback back is configured then the highest active IP address interface o router is Switchins Switching is a technology that decreases congestion in Ethernet, TokenRing, and FDDI LANs. Switching accomplishes this by reducing traffic and increasing bandwidth. LAN switches are often used to replace shared hubs and are designed to work with existing cable infrastructures. Switching equipment performs the following two basic operations: Page 34 FCN PG.DITISS IACSD , I I o Switching data frames o Maintainingswitchingoperations I I I a 'l Switching is process to forward packets coming in from one port to a port leading towards the destination. I a a When data comes on a port it is called ingress, and when data leaves a port or goes out it is called egress. A 'a L I communication system may include number of switches and nodes. x I I At broad level, switching can be divided into two major categories: ,'I a x lI 1 , r Connectionless: The data is forrvarded on behalf of lbruarding tables. No previotts handshaking is I't required and acknorvledgements are optional. 1 I 'a o Connection Oriented: Before switching data to be forwarded to destination, there is a need to pre- ,lt a I establish cilcuit along the path betrveen both endpoints. Data is then fonvarded on that circuit. After I a the transter is cornpleted. circuits can be kept lor future use or can be turned dorvn ilnlnediatelY. Srvitching lethods 1. Store-and-Fonvard 'l'he entire liarne is received before any fonvarding takes place. Filters are applied befbre the lialne is fbnvarded. Most reliable and also most latencl'especially rvlren tianles are large. 2. Cut-Through l'he liarne is fbnvarded through the srvitch before the entire ti'ante is received. AI a minirnum the frame destination address must be read before the liame can be tbnvarded. This rnode decreases the latency ofthe transmission. but also reduces error detection. 3. Fragment-Free Fragntent-free sr.vitching filters out collision lragrnents before fonvarding begins. Collision fraglnents are the nlajority of packet errors. ln a properly firnctioning network. collision fragments must be snraller than 64 byes. Anyhing > 64 byes is a valid packet and is usually rece ived without error' r:l'' Switch Command Modes Switches have several command modes. The default mode is User EXEC mode, which ends in greater{han character (>).The commands available in User EXEC mode are limited to those that change terminal settings, perform basic tests, and display system information. The enable command is used to change fiom User EXEC mode to Privileged EXEC mode, which ends in a pound-sign character (#).The configure command allows other command modes to be accessed. Page 35 FCN PG-DITISS IACSD Ia 2 2 I Spanning-Tree Protocol I RedLrndancy in a netrvork is extremely irnportant because redundancy allows networks to be fault tolerant. II I Redundant topologies based on switches and bridges are susceptible to broadcast storms. rnultiple frame a ,a transmissions. and MAC address database instability. Therefore net\\,ork redundancl, requires careflrl I planning and rnonitoring to function properly. The Spanning-Tree Protocol is used in srvitched networks to create a loop free logical topology frorn a physical topology that has loops. The Spanrring-Tree Protocol establishes a root node, called the root bridge/switch. 'l'he The Spanning-Tree Protocol constructs a topology that has one path for reachin-e ever)' network node. resulting tree originates liorn the root bridge/switch. The Spanning- Tree Protocol requires netrvork devices to exchange messages to detect bridging loops. Links that will cause a loop are put into a blocking state. The message tlrat a switch sends. allorving the formation of a loop free logical topology, is called a Bridge Protocol Data Unit (BPDU). Selecting the Root Bridge The tlrst decision that all switches in lhe network rnake, is to identify the root bridge. The position of the root bridge in a net*'ork will aff'ect the traffic tlorv. When a switch is turned on. the spanning-tree algorithrn is uscd to identill thc root bridge. BPDUs are sent out with the Bridge ID (BID).The BID consists of a bridgc priority that defaults to 32168 and rhe srvitch base MAC address. When a srvitch first starts up. it assumes it is the root switch and sends BPDUs.'fhese BPDUs contain the srvitch MAC address in both the root and sender BlD. As a switch receives a BPDU with a lorver root BII) it replaces that in thc BPDUS that are sent out. All bridges see these and decide that the bridge with the smallcst BID vahre rvill be the root bridge. A network administrator may want to influence the decision by setting the swilch priority to a smaller value than the default. Bridge Protocol Data Unil (BPDU) BPDUS contain enough information so that all switches can do the following: Select a single switch that will act as the root ofthe spanning tree Calculate the shortest path from itselfto the root switch Designate one ofthe switches as the closest one to the root, for each LAN segment. This bridge is called the "designated switch". The designated switch handles all communication from that LAN towards the root bridge. Each non-root switch choose one of its ports as its root port, this is the interface that gives the best path to page 36 It FCN PG.DITISS IACSD the root switch. Select ports that are part of the spanning tree, the designated ports. Non-designated ports are blocked. Spanning Tree Operation When the network has stabilized, it has converged and there is one spanning tree per network. As a result, for every switched network the following elements exist: One root bridge per network one root port per non root bridge one Unused, non-designated ports Root ports and designated ports are used for (F) data Non-designated ports discard data tramc. Non-designated ports (B) or ports. VLAN VLAN is a logical grouping of networking we create VLAN. break large broadcast domain in srnaller broadcast as subnets cannot communicate with each other also router to communicate. Advantage of VLAN VLAN provides fo llowing advantages Solve Reduce the size nlalns us to add device implement logical of devices by function instead of location VLAN Con During the configuration on port, we need to know what tlpe ofconnection it has.Switch supports two t)?es of VLAN connection. Access link. Trunk link Access link Page 37 FCN PG.DITISS IACSD Access link connection is the connection where switch port is connected with a device that has a standardized Ethernet NIC. Standard MC only understand IEEE 802.3 or Ethemet II frames. Access link connection can only be assigned with single VLAN. That means all devices connected to this port will be in same broadcast domain. For example twenly users are connected to a hub, and we connect that hub with an access link port on srvitch. then all ofthese users belong to sanre VLAN. lf rve u,ant to keep ten users in another VLAN. then we have to purchase another hub. We need to plug in those ten users in that hub and then connect it rvith another access Iink port on switch. Trunk link l'runk link connection is the connection where switch port is connected rvith a device that is capable 1r: understand multiple VLANs. Usually trunk link connection is used to connect tw() srvitches or switch to router. Renrenrber earlier in this article I said that VLAN can span anyrvhelc in networl(. that is happen due to trunk link connection. Trunking allows us to send or receive VLAN intbrnration across the netrvork.'fo support trunking. original Ethernet liame is modified to carry VLAN inforrnation. Trunk Tagging In tlunking a separate logical connection is created tbr each VLAN instead ofa single phvsical connection. In tagging switch adds the source pon's VLAN identifier to tl're fi'anlc so that other end device can understands what VLAN origirrated this frame. Based on this inforrnation destination switch can make intelligent fbnvarding decisions on not just the destination IVIAC address, but also the source VLAN identifier Since original Ethemet frame is modified to add information, standard NICs will not understand this information and will typically drop the frame. Therefore, we need to ensure that when we set up a trunk connection on a switch's pod, the device at the other end also supports the same trunking protocol and has it configured. Ifthe device at the other end doesn't understand these modified fiames it wilt drop them. The modification of these fiames, commonly called tagging. Tagging is done in hardware by application- specific integrated circuits (ASICs). Page 38 FCN PG-DITISS IACSD Switch supports two t)?es of Ethemet trunking methods:. ISL I Inter Sruitch Link, Cisco's proprietary protocol for Ethernet]. Dotlq I IEEE's 802.1Q, protocol for Ethernetl Router-on-a-stick Router on a stick is a network configuration used to allow the between VLANs. Almost all enterprise networks use VLANs which stands for Netrvork. rsa separate subnet and in order to route IP packets in and o s- subnets that sit on each of those VLANs - some router to have an IP address lt'l and have a connected route for each ofthose subnets. The sts Llse IP addresses as their default gateways, respectively. There are three options available for ing a router to each subnet on a 1. Use a router, with one router interface and cable n to the switch for each and every VLAN (typically not used). 2. Use a router a VLAN trunk toa 3. Use a Layer J Rou ck Configu. Use type ber.subint command in global configuration mode to create a unique sub interface VLAN Use the enca lq vtan-id command to enable 802.1Q trunking and associate each VLAN with the su Use the ip address address mask command to configure the IP settings. VTP Protocol vLAN Trunk Protocol (vTP) reduces administration in a switched network. when you configure a new VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the Page 39 FCN PG-DITISS IACSD need to configure the same VLAN everywhere. VTP is a.Cisco-proprietary protocol that is available on most ofthe Cisco Catalyst series products. VTP Protocol Features o Advertises VLAN configuration information r Maintains VLAN configuration consistency througho ut a common adm tive dornain o Sends advertisements on trunk ports only VTP Modes Creates, modilies, and deletes VLANs Sends and torwards advertisements Synchronizes VLAN contiguralions Saves contlguration ln TWRAM Cannot create, change, or delet€ Creates, modilies, and vLAils deletes VLAils locally Forwards only advertisements Forwards Synchronlzos Cli6rl advertisements VLAII Does not conligurations synchronize VLAN Ooes not save in conllgurations NVRAM Saves conlEuratlon in NVRAM Page 40 FCN PG.DITISS IACSD VTP Opemtion VTP advertisements are sent as multicast frames VTP servers and clients are synchronized to the latest update identified revision number. VTP advertisements are sent every 5 minutes or when there is a VTP Configuration Guidelines Configure the following: - VTP domain narne - VTP mode (server mode is the VTP pruning VTP password Be cautious when adding a new an existing domain. a switch in a Client mode to get the last up-to-date inlormation from the then convert it mode. Add all new configurations to switch in and check then convert it to Server nlode Io prevent the switch from pro VLAN conditions are applied traffic traveling across a router's interface. These lists tell the router of or deny. Acceptance and denial can be based on specified cond itions. ACLs can be created network protocols, such as I nternet Protocol (lP) and Internetwork Packet Exchange (IPX).ACLs configured at the router to controI access to a network or subnet. layer port numbers. Some ACL decision points are source and destination addresses, protocols, and upper- ACLs must be defined on a per-protocol, per dir€ction, or per port basis' The following are some of the primary reasons to create ACLs: Limit network traffic and increase network pgrformance' Page 41 FCN PG.DITISS IACSD Provide traffic flow control. Provide a basic level of security for network access. Decide which types oftraffic are forwarded or blocked at the router interfaces. For example: Permit e-mail traffic to be routed, but block all telnet traffic. Allow an administrator to control what areas a client can access on a network. If ACLs are not configured on the router, all packets passing through onto all parts ofthe network. Basic Rules for ACLs These basic rules should be followed when creating Iists One access list per protocol per d n uld lied closest to the destination. Extended IP access lists be applied closest to the source. the inbound or outbound interface reference as if at the port liom inside statements are processed ially liom the top o st to bottom until a match is found, if no match is found then the den ied. There is icit deny at the This wilt not appearing the configuration listing. list sho the order liom specific to general. Specific hosts should be ied first. and should come last. Never work with an access list that vely applied. N are always to the end ofthe access list. A no access-list x command will remove the w. It is not po ively add and remove lines with numbered ACLs.. Outbound not affect tramc originating from the local router. Standa ACLs Standard ACLs check the source address ofIP packets that are routed. The comparison will result in either permit or deny access for an entire protocol suite, based on the network, subnet, and host addresses. The standard version ofthe access-list global configuration command is used to define a standard ACL with page 42 FCN PG.DITISS IACSD a number in the range of I to 99 (also from 1300 to 1999 in recent IOS). If there is no wildcard mask. The default mask is used, which is 0.0.0.0. (This only works with Standard ACLs and is the same thing as using host.) The full syntax of the standard ACL command is: Router (conlig)#access-list access-list-number {deny I permit} source lsou rce- rvildca rd I Ilogl The no form of this command is used to remove a standard ACL. This (config)#no access-list access-list-number Extended ACLs Extended ACLs are used more often than standard A pro fcontrol. F,xtended ACLs check the source and destination addresses as well as check for protocols and port numbers. The syntax for the extended ACL stat often rvill tn terminal rvindow. The wildcards also have the option of the host or anv in the At the end ofthe extended ACL , additional precision IS rn a field that specifies the optional Transmission Control Proto or User I ([.JDP) port numbcr. Logical operations rnay be specified ual (eq), not neq). greater than (gt), and less than (lt), that the exlended on spec ls. ACLs use an access-list-number in the range 100 to 199 (also ln Nam IP were introd in Cisco I ftware, allowing standard and extended ACLs to be given nanles bers. The antages that a named access list provides are: identi! CL using an alp hanurneric name. Elirl o f 798 simple and 799 extended ACLs Named ACLs provide the ability to modify without d€leting them completely and then reconfiguring them. Named ACLs are not compatible w ith Cisco IOS releases prior to Release I 1.2. The same name may not be used for multiple ACLs. Page 43 FCN PG.DITISS IACSD Point-to-Point Protocol (PPP) PPP is a standard encapsulation protocol for the transport ofdifferent Network Layer protocols (including, but not limited to, IP).II has the following main functional components - Link Control Protocol (LCP) that establishes, authenticates, and tests the data link connection. - Network Control Protocols (NCPs) that establishes and network laver protocols. PPP discards fiames that do not pass the enor check. PPP is a l, and so used with all types ofrouters (not CiscoProprietary). PPP Session Establishment: Establishing a PPP session is a two stage process 1. Link establishment and PPP any network layer datagrams (for exarnple. IP), must first open the connection negotiate configuration options. This phase is comp the receiving router -acknow ledsrnent Iiame back to the router in connection. 2. Network layer protocol the LCP has finished the link quality detenninat ion the appropriate the Network layer protocols, and bring them up. If rhe link. it network layer protocols so that they can take action. PPP 1. 2. J. Multilink 4. Error 5. Looped Link Detection Page 44 FCN PG-DITISS IACSD Authentication PPP can be authenticated by either: - PAP (Passlvord Authentication Protocol) - CHAP (Challenge Handshake Authentication Protocol)PAP (Password Authentication Protocol) PAP provides a simple method for a remote node to establish its identity using a two-way handshake. PAP is not interactive. When the ppp authentication pap cornrnand is used. the usernanle atrd passrvord are sent as one LCP data package, rather than the server CHAI'] (Challenge Handshake Authentication Protocol) | Page l3 Point-to-Point Protocol (PPP) sending a login prornpt and rvaiting for a lesponse. After PPP cornpletes the link establishment phase. the remote node repeatedll' sends a usernaure-passrvord pair across the link until the sending node acknowledges it or terrninates the connection. At the receiving node. the usernanrc- password is checked by an authentication server that either allorvs or denies the connection. An accept or re.ject message is returned to the requester. PAP is not a strong authentication protocol. Using PAP. 1'ou send passs'ords across the link in clear text and there is no protection frorn plalback or repeated trial-and-error attacks. CIIAP (Challenge Handshake Authcntication Protocol) CHAP provides protection against pla)back attack b) using a rariablc challenge valtle that is uttiquc and unpredictable. Because the challenge is unique and randonr, the rcsulting hash valLre is also rrniqttc and rando nr. lf an incoming CHAP request requires no authenticlli)n. then CHAP progresses to tlte nest stagc. If an incoming PPP request requires authentication. tlren it can be authenticated against the local user database. Successful authentication progresses to thc next stagc, rvhile an atlthcntication failure ri'ill discotrnect and drop the incoming PPP request. The PI't' interface of lhe router being authenticated rvill be configLrrcd to provide a secret passrvord to the authenticator. The Authenticator will be configured to corrpare the received secret password against a user data basc. Compression available: Compression enables higher data through put across the link. Different compression schemes are Predictor: checks ifthe data was already compressed about where the Stacker: it looks at the data stream and only sends each type ofdata once with information t)?e occurs and then the receiving side uses this information to reassemble the data stream. Page 45 FCN PG-DITISS IACSD MPPC (Microsoft Point+o-Point Compression): allows Cisco routers to compress data with Microsoft clients. PPP Multilink PPP Multilink provides Ioad balancing over dialer interfaces-including ISDN, synchronous, and asynchronous interfaces. This can improve throu
