1100-Ch06.docx

Full Transcript

Virtually all computers and mobile devices today are connected to some
type of network and to the Internet. This means that configuring and
troubleshooting computer networks is now a critical skill for IT
professionals. This chapter focuses on applied networking with in-depth
discussion on the format and architecture of media access control (MAC)
addresses and Internet protocol (IP) addresses, both IPv4 and IPv6, that
are used to connect computers to a network. Examples of how to configure
static and dynamic addressing on computers are included. Also covered in
this chapter is the configuration of both wired and wireless networks,
firewalls, and IoT devices.

You will learn how to configure network interface cards (NICs), connect
devices to a wireless router, and configure a wireless router for
network connectivity. You will learn how to configure wireless network
basic wireless settings, Network Address Translation (NAT), firewall
settings, and Quality of Service (QoS). You will also learn about
firewalls, Internet of Things (IoT) devices, and network
troubleshooting. At the end of the chapter you will learn the six step
troubleshooting process and common problems and solutions for computer
networks.

Your networking skills should include the ability to configure wireless
networks so that hosts can communicate, configure firewalls to filter
traffic, verify network connectivity, and solve network connectivity
problems. There are three labs included in this chapter where you will
build these skills. In these labs you will configure basic settings on a
wireless router and connect a PC to the wireless network, configure
firewall settings to implement MAC address filtering, a DMZ, and single
port forwarding, and finally, diagnose and solve network problems.

Your fingerprint and mailing address are two ways to identify you and
locate you. Your fingerprint usually does not change. Your fingerprint
can be used to uniquely identify you, wherever your location. Your
mailing address is different. It is your location. Unlike your
fingerprint, your mailing address can change.

Devices that are attached to a network have two addresses that are
similar to your fingerprint and mailing address, as shown in the figure.
These two types of addresses are the Media Access Control (MAC) address
and the Internet Protocol (IP) address.

The MAC address is hard-coded onto the Ethernet or wireless network
interface card (NIC) by the manufacturer. The address stays with the
device regardless of what network the device is connected to. A MAC
address is 48 bits and can be represented in one of the three
hexadecimal formats shown in the table below.

P addressing is assigned by network administrators based on the location
within the network. When a device moves from one network to another, its
IP address will most likely change. An IP version 4 (IPv4) address is 32
bits and represented in dotted decimal notation. An IP version 6 (IPv6)
address is 128 bits and is represented in hexadecimal format,

Today, your computer probably has an IPv4 and an IPv6 address, as shown
for the laptop in the figure. In the early 1990s, there was a concern
about running out of IPv4 network addresses. The Internet Engineering
Task Force (IETF) began to look for a replacement. This led to the
development of IPv6. Currently, IPv6 is operating alongside IPv4 and is
beginning to replace it.

The Figure shows output for the command **ipconfig /all** on the laptop.
The output is highlighted to show the MAC address and two IP addresses.

**Note**: Windows OS calls the NIC an Ethernet adapter and the MAC
address a physical address.

When you manually configure a device with an IPv4 address, you enter it
in dotted decimal format, as shown for a Windows computer in the figure.
Each number separated by a period is called an octet because it
represents 8 bits. Therefore, the 32-bit address 192.168.200.8 has four
octets.

An IPv4 address is composed of two parts. The first part identifies the
network. The second part identifies this device on the network. The
subnet mask is used by the device to determine the network. For example,
the computer in the figure uses the subnet mask 255.255.255.0 to
determine that the IPv4 address 192.168.200.8 belongs to the
192.168.200.0 network. The.8 portion is this device's unique host
portion on the 192.168.200 network. Any other device with that same
192.168.200 prefix will be on the same network but have a different
value for the host portion. Devices with a different prefix will be on a
different network.

To see this at the binary level, you can convert the 32-bit IPv4 address
and subnet mask to their binary equivalents, as shown in figure below. A
one bit in the subnet mask means that bit is part of the network
portion. So, the first 24 bits of the 192.168.200.8 address are network
bits. The last 8 bits are host bits.

When your device prepares data to send out on the network, it must first
determine whether to send data directly to the intended receiver or to a
router. It will send it directly to the receiver if the receiver is on
the same network. Otherwise, it will send the data to a router. A router
then uses the network portion of the IP address to route traffic between
different networks.

For example, if the Windows computer in figure above has data to send to
a host at 192.168.200.25, it sends the data directly to that host
because it has the same prefix of 192.168.200. If the destination's IPv4
address is 192.168.201.25, then the Window's computer will send the data
to a router.

IPv6 overcomes the address space limitations of IPv4. The 32-bit IPv4
address space provides approximately 4,294,967,296 unique addresses. The
128-bit IPv6 address space
provides 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses,
or 340 undecillion addresses.

The 128 bits of an IPv6 addresses are written as a string of hexadecimal
values, with letters expressed in lowercase. Every 4 bits is represented
by a single hexadecimal digit for a total of 32 hexadecimal values. The
examples shown below are fully expanded IPv6 addresses. Two rules help
reduce the number of digits needed to represent an IPv6 address.

The first rule to help reduce the notation of IPv6 addresses is to omit
any leading 0s (zeros) in any 16-bit section. For example, in the
example above:

- **0db8** can be represented as **db8**, in the first IPv6 address

- **0123** can be represented as **123**, in the second IPv6 address

- **0001** can be represented as **1**, in the third IPv6 address

**Note**: IPv6 addresses must be represented in lowercase letters, but
you may often see them as uppercase.

**Rule 2 -- Omit All 0 Segments**

The second rule to help reduce the notation of IPv6 addresses is that a
double colon (::) can replace any group of consecutive zeros. The double
colon (::) can only be used once within an address, otherwise there
would be more than one possible resulting address.

In a small network, you can manually configure each device with proper
IP addressing. You would assign a unique IP address to each host within
the same network. This is known as static IP addressing.

On a Windows computer, as shown in the figure on the left, you can
assign the following IPv4 address configuration information to a host:

- **IP address** - identifies this device on the network

- **Subnet mask** - is used to identify the network on which this
device is connected

- **Default gateway** - identifies the router that this device uses to
access the internet or another network

- **Optional values** - such as the preferred Domain Name System (DNS)
server address and the alternate DNS server address

Rather than manually configure every device, you can take advantage of
implementing a Dynamic Host Configuration Protocol (DHCP) server. A DHCP
server automatically assigns IP addresses, which simplifies the
addressing process. Automatically configuring some of the IP addressing
parameters also reduces the possibility of assigning duplicate or
invalid IP addresses.

By default, most host devices are configured to request IP addressing
from a DHCP server. The default setting for a Windows computer is shown
in the figure. When a computer is set to obtain an IP address
automatically, all other IP addressing configuration boxes are not
available. This process is the same for a wired or wireless NIC.

A DHCP server can automatically assign the following IPv4 address
configuration information to a host:

- IPv4 address

- Subnet mask

- Default gateway

- Optional values, such as a DNS server address

DHCP is also available for automatically assigning IPv6 addressing
information.

**Note**: The steps to configure a Windows computer is beyond the scope
of this topic.

Dynamic Host Configuration Protocol (DHCP) works in a client/server
mode, where DHCP clients request available IP configurations from a DHCP
server. A DHCP server is configured with a scope (i.e., a pool or a
range) of addresses that it can lease to requesting DHCP clients.

**Note**: The DHCP server can be a dedicated server or a router
configured to provide DHCP services.The DHCP scope should not include
manually assigned or reserved IP addresses such as the default gateway
address, switch management address, printer address, and more.

As shown in the figure, when the DHCP client boots (or otherwise wants
to join a network), it initiates the following four-step process to
obtain a lease.

1. The DHCP client broadcasts a DHCPDISCOVER message to request an IP
configuration from a DHCP server.

2. The DHCP server chooses an available IP configuration from its
configured scope, and sends a DHCPOFFER unicast message to the
client MAC address. The IP configuration can contain the IP address,
subnet mask, default gateway, DNS servers, and the period of time
(i.e., the lease) that the host can use the IP configuration.

3. The client then officially requests the IP configuration by sending
a broadcast DHCPREQUEST message to the DHCP Server.

4. The server removes the IP configuration from its pool of available
IP configurations and sends a unicast acknowledgement (DHCPACK) to
the DHCP client to confirm that it can use the address until the
lease expires.

**Note**: DHCP messages are sent using UDP ports 67 (server) and UDP
port 68 (clients). DHCP servers listen for client messages on UDP port
67 and DHCP clients listen for messages from servers on UDP port 68.

Once a client receives the DHCPACK from the server, it send out an ARP
message to the provided IP address to make sure it is not already
assigned on the network. ARP (address resolution protocol) is a network
protocol to discover the MAC address of a device using an IP address. If
there is no response to the ARP request, then the host can use the IP
configuration. If the host receives an ARP reply, then it restarts the
DHCP process to obtain a different IP configuration.

**DHCP Lease**\
The client must contact the DHCP server periodically to extend the
lease. This lease mechanism ensures that moved or power-off clients do
not keep addresses that they no longer need. When a lease expires, the
DHCP server returns the address to the pool where it can be reallocated
as necessary.

**DHCP Reservations**\
It is also possible to ensure that some hosts, such as servers and
printers, are always assigned the same IP address when they connect. To
do so, a DHCP server is configured with a reserved list of IP addresses
based on the requesting DHCP client's MAC address.

Therefore, when a host sends a DHCPDISCOVER message, the DHCP server
looks in its DHCP reserved address list for a matching MAC address. If
it finds a match, then it sends a DHCPOFFER with the reserved IP
address.

Virtual LANs (VLANs) provide segmentation and organizational flexibility
in a switched network. A group of devices within a VLAN communicate as
if each device was attached to the same switch. VLANs are based on
logical connections, instead of physical connections. An administrator
can segment VLANs based on factors such as function, team, or
application, without regard for the physical location of the users or
devices.

In the figure for example, a faculty member computer (PC1) is connected
to S2 on VLAN 10. PC1 could communicate with another faculty member
using PC4 connected to S3. Notice how both hosts are configured on
network address 192.168.10.0/24.

By default, all switch ports are assigned to VLAN 1. However, you can
assign the PCs to different VLANs by configuring their interconnecting
port.

For example, figure below displays a sample configuration of switch S2.
Notice that we first create the VLANs and assign them names. This makes
it easier to work with the VLANs. Next, we configure the ports
connecting to the PCs to the corresponding VLANs.

Once the VLAN information is configured on the other switches, the
faculty member using PC1 would be able to communicate with PC4 because
they are on the same VLANs. If the faculty member wanted to send
something to PC5 which is assigned to VLAN 30, then the services of a
router would be required.

VLANs help reduce excessive broadcast traffic and implement access and
security policies between groups of users.

Link-local addresses for IPv4 and IPv6 are used by a device to
communicate with other computers connected to the same network within
the same IP address range. The major difference between IPv4 and IPv6 is
the following:

- An IPv4 device uses the link-local address if the device cannot
obtain an IPv4 address.

- An IPv6 device must always be dynamically or manually configured
with a link-local IPv6 address.

**IPv4 Link-Local Address**

If your Windows computer cannot communicate with a DHCP server to obtain
an IPv4 address, then Windows automatically assigns an Automatic Private
IP Addressing (APIPA) address. This link-local address is in the range
of 169.254.0.0 to 169.254.255.255.

**IPv6 Link-Local Address**

Like IPv4, the IPv6 link-local address enables your device to
communicate with other IPv6-enabled devices on the same network and only
on that network. Unlike IPv4, every IPv6 enabled device is required to
have a link-local address. IPv6 link-local addresses are in the range of
fe80:: to febf::. For example, in the figure, the links to other
networks are down (not connected) as notate by the red Xs. However, all
the devices on the LAN can still use link-local IPv6 addresses to
communicate with each other.

**Note**: Unlike IPv4 link-local addresses, IPv6 link-local addresses
are used in a variety of processes including network discovery protocols
and routing protocols. This is beyond the scope of this course.

As a computer technician, you must be able to support the networking
needs of your customers. Therefore, you must be familiar with:

- **Network components** -- Includes wired and wireless network
interface cards (NIC) and network devices such as switches, wireless
access points (APs), routers, multipurpose devices, and more.

- **Network design** -- Involves knowing how networks are
interconnected to support the needs of a business. For instance, the
needs of a small business will differ greatly from the needs of a
large business.

Consider a small business with 10 employees. The business has contracted
you to connect their users. As shown in the figure, a home or small
office wireless router could be used for such a small number of users.
These routers are multiple purpose and typically provide router, switch,
firewall, and access point capabilities. In addition, these wireless
routers often provide a variety of other services including DHCP.

If the business was much larger, then you would not use a wireless
router. Instead, you would consult with a network architect to design a
network of dedicated switches, access points (AP), firewall appliances,
and routers.

Regardless of network design, you must know how to install network
cards, connect wired and wireless devices, and configure basic network
equipment.

**Note**: This chapter will focus on connecting and configuring a small
office or home wireless router. The configurations will be demonstrated
using Packet Tracer. However, the same functionality and similar
graphical user interface (GUI) elements exist in all wireless routers.
You can purchase a variety of low-cost wireless routers online and from
consumer electronic stores. Search the internet for "wireless router
reviews" to research current recommendations.

A NIC is required to connect to the network. As shown in the figures,
there are different types of NICs. Ethernet NICs are used to connect to
Ethernet networks and wireless NICs are used to connect to 802.11
wireless networks. Most NICs in desktop computers are integrated into
the motherboard or connected to an expansion slot. NICs are also
available in a USB form factor.

Many computers purchased today come with a wired and wireless network
interface integrated on the motherboard.

Follow the steps to install adapter cards if you are installing a NIC
inside the computer. A wireless NIC for a desktop device has an external
antenna connected to the back of the card or attached with a cable so
that it can be positioned for the best signal reception. You must
connect and position the antenna.

Sometimes a manufacturer publishes new driver software for a NIC. A new
driver might enhance the functionality of the NIC, or it might be needed
for operating system compatibility. The latest drivers for all supported
operating systems are available for download from the manufacturer's
website.

When installing a new driver, disable virus protection software to
ensure that the driver installs correctly. Some virus scanners detect a
driver update as a possible virus attack. Install only one driver at a
time; otherwise, some updating processes might conflict. A best practice
is to close all applications that are running so that they are not using
any files associated with the driver update.

**Note**: An example of Windows Device Manager and the place to update a
NIC's driver is shown in the figure. However, details of how to update
drivers for specific devices and operating systems is beyond the scope
of this topic.

fter the NIC driver is installed, the IP address settings must be
configured. For Windows computers, IP addressing is dynamic by default.
After you physically connect a Windows computer to the network, it will
automatically send out a request for IPv4 addressing the DHCP server. If
a DHCP server is available, the computer will receive a message will all
its IPv4 addressing information.

**Note**: Dynamic addressing for IPv6 can also use DHCP but is beyond
the scope of this course.

This dynamic, default behavior is also typically for smartphones,
tablets, gaming consoles, and other end-user devices. Static
configuration is normally the job of a network administrator. However,
you should be familiar with how to access the IP addressing
configuration for any device you are asked to manage.

To find IP addressing configuration information, search the internet for
"IP address configuration for device" where "device" is replaced with
your device, such as "iPhone". For example, the figure shows the dialog
box for viewing and changing a Windows computer's IPv6 configuration.

Internet Control Message Protocol (ICMP) is used by devices on a network
to send control and error messages. There are several different uses for
ICMP, such as announcing network errors, announcing network congestion,
and troubleshooting.

Ping is commonly used to test connections between computers. To see a
list of options that you can use with the ping command, type **ping
/? **in the Command Prompt window, 

Ping works by sending an ICMP echo request to the IP address you
entered. If the IP address is accessible, the receiving device then
sends back an ICMP echo reply message to confirm connectivity.

You can also use the **ping** command to test connectivity to a website
by entering the website's domain name. For example, if you enter **ping
cisco.com** your computer will first use DNS to find the IP address and
then send the ICMP echo request to that IP address,

he steps to connect a wired device to the internet in a home or small
office are as follows:

**Step 1: Connect a network cable to the device.**

**Step 2: Connect the device to a switch port.**

Connect the other end of the cable to an Ethernet port on the wireless
router, such as one of the four yellow switch ports shown in the figure
below. In a SOHO network, the laptop would most likely connect to a wall
jack which in turn connects to a network switch.

**Step 3: Connect a network cable to the wireless router internet
port.**

On the wireless router, connect an Ethernet cable to the port labeled
Internet (blue port in the figure below). This port might also be
labeled WAN.

**Step 4: Connect the wireless router to the modem.**

The blue port in the figure is an Ethernet port that is used to connect
the router to a service provider device, such as a DSL or cable modem.

**Step 5: Connect to the service provider's network.**

The modem is then connected to the service provider's network, as shown
in the figure below.

**Note**: A separate modem isn't necessary if the wireless router is a
router/modem combination.

**Step 6: Power all devices and verify physical connections.**

Turn on the broadband modem and plug in the power cord to the router.
After the modem establishes a connection to the ISP, it will begin
communicating with the router. The laptop, router, and modem LEDs will
light up, indicating communication. The modem enables the router to
receive the network information necessary to gain access to the internet
from the ISP. This information includes public IPv4 addresses, subnet
mask, and DNS server addresses. With the depletion of public IPv4
addresses, many ISPs are also providing IPv6 addressing information as
well.

**Note**: Cable or DSL modem configuration is usually done by the
service provider's representative either on-site or remotely through a
walkthrough with you on the phone. If you buy the modem, it will come
with documentation for how to connect it to your service provider which
will most likely include contacting your service provider for more
information.

Most home and small office wireless routers are ready for service out of
the box. They preconfigured to be connected to the network and provide
services. For example, the wireless router uses DHCP to automatically
provide addressing information to connected devices. However, wireless
router default IP addresses, usernames, and passwords can easily be
found on the internet. Just enter the search phrase "default wireless
router IP address" or "default wireless router passwords" to see a
listing of many websites that provide this information. Therefore, your
first priority should be to change these defaults for security reasons.

To gain access to the wireless router's configuration GUI, open a web
browser. In the address field, enter the default IP address for your
wireless router. The default IP address can be found in the
documentation that came with the wireless router or you can search the
internet. The figure shows the IPv4 address 192.168.0.1, which is a
common default for many manufacturers. A security window prompts for
authorization to access the router GUI. The word admin is commonly used
as the default username and password. Again, check your wireless
router's documentation or search the internet.

In a small office or home network, one wireless router may suffice to
provide wireless access to all the clients. However, if you want to
extend the range beyond approximately 45 meters indoors and 90 meters
outdoors, you can add wireless access points. As shown in the wireless
mesh network in the figure, two access points are configured with the
same WLAN settings from our previous example. Notice that the channels
selected are 1 and 11 so that the access points do not interfere with
channel 6 configured previously on the wireless router.

Extending a WLAN in a small office or home has become increasingly
easier. Manufacturers have made creating a wireless mesh network (WMN)
simple through smartphone apps. You buy the system, disperse the access
points, plug them in, download the app, and configure your WMN in a few
steps. Search the internet for "best wi-fi mesh network system" to find
reviews of current offerings.

On a wireless router, if you look for a page like the Status page shown
in the figure, you will find the IPv4 addressing information that the
router uses to send data to the internet. Notice that the IPv4 address
is 209.165.201.11 is a different network than the 10.10.10.1 address
assigned to the router's LAN interface. All the devices on the router's
LAN will get assigned addresses with the 10.10.10 prefix.

The 209.165.201.11 IPv4 address is publicly routable on the internet.
Any address with the 10 in the first octet is a private IPv4 address and
cannot be routed on the internet. Therefore, the router will use a
process called Network Address Translation (NAT) to convert private IPv4
addresses to Internet-routable IPv4 addresses. With NAT, a private
(local) source IPv4 address is translated to a public (global) address.
The process is reversed for incoming packets. The router is able to
translate many internal IPv4 addresses into public addresses, by using
NAT.

Some ISPs use private addressing to connect to customer devices.
However, eventually, your traffic will leave the provider's network and
be routed on the internet. To see the IP addresses for your devices,
search the internet for "what is my IP address." Do this for other
devices on the same network and you will see that they all share the
same public IPv4 address. NAT makes this possible by tracking the source
port numbers for every session established by a device. If your ISP has
IPv6 enabled, you will see a unique IPv6 address for each device.

Many home and small office routers have an option for configuring
Quality of Service (QoS). By configuring QoS, you can guarantee that
certain traffic types, such as voice and video, are prioritized over
traffic that is not as time-sensitive, such as email and web browsing.
On some wireless routers, traffic can also be prioritized on specific
ports.

The figure is a simplified mockup of a QoS interface based on a Netgear
GUI. You will usually find the QoS settings in the advanced menus. If
you have a wireless router available, investigate the QoS settings.
Sometimes, these might be listed under "bandwidth control" or something
similar. Consult the wireless router's documentation or search the
internet for "qos settings" for your router's make and model.

Universal Plug and Play (UPnP) is a protocol that enables devices to
dynamically add themselves to a network without the need for user
intervention or configuration. Although convenient, UPnP is not secure.
The UPnP protocol has no method for authenticating devices. Therefore,
it considers every device trustworthy. In addition, the UPnP protocol
has numerous security vulnerabilities. For example, malware can use the
UPnP protocol to redirect traffic to different IP addresses outside your
network, potentially sending sensitive information to a hacker.

Many home and small office wireless routers have UPnP enabled by
default. Therefore, check this configuration and disable it, as shown in
the figure.

Search the internet for "vulnerability profiling tools" to determine if
your wireless router is exposed to UPnP vulnerabilities.

A demilitarized zone (DMZ) is a network that provides services to an
untrusted network. An email, web, or FTP server is often placed into the
DMZ so that the traffic using the server does not come inside the local
network. This protects the internal network from attacks by this traffic
but does not protect the servers in the DMZ in any way. It is common for
a firewall to manage traffic to and from the DMZ. For example, the Web
Server in the figure below is in the DMZ and is statically assigned the
IPv4 address 10.10.10.50.

On a wireless router, you can create a DMZ for one device by forwarding
all traffic ports from the internet to a specific IP address or MAC
address. A server, game machine, or web camera can be in the DMZ so that
the device can be accessed by anyone. The figure below shows a typical
configuration where any traffic sources from the internet will be
redirected to the Web Server's IPv4 address 10.10.10.50. However, the
Web Server is exposed to attacks from hackers on the internet and should
have firewall software installed.

Hardware firewalls can be used to block TCP and UDP ports to prevent
unauthorized access in and out of a LAN. However, there are situations
when specific ports must be opened so that certain programs and
applications can communicate with devices on different networks. Port
forwarding is a rule-based method of directing traffic between devices
on separate networks.

When traffic reaches the router, the router determines if the traffic
should be forwarded to a certain device based on the port number found
with the traffic. Port numbers are associated with specific services,
such as FTP, HTTP, HTTPS, and POP3. The rules determine which traffic is
sent on to the LAN. For example, a router might be configured to forward
port 80, which is associated with HTTP. When the router receives a
packet with the destination port of 80, the router forwards the traffic
to the server inside the network that serves web pages. In the figure,
port forwarding is enabled for port 80 and is associated with the web
server at IPv4 address 10.10.10.50.

Port triggering allows the router to temporarily forward data through
inbound ports to a specific device. You can use port triggering to
forward data to a computer only when a designated port range is used to
make an outbound request. For example, a video game might use ports
27000 to 27100 for connecting with other players. These are the trigger
ports. A chat client might use port 56 for connecting the same players
so that they can interact with each other. In this instance, if there is
gaming traffic on an outbound port within the triggered port range,
inbound chat traffic on port 56 is forwarded to the computer that is
being used to play the video game and chat with friends. When the game
is over and the triggered ports are no longer in use, port 56 is no
longer allowed to send traffic of any type to this computer.

MAC address filtering specifies exactly which device MAC addresses are
allowed to or blocked from sending data on your network. Many wireless
routers only give you the option of allowing or blocking MAC addresses,
but not both. Technicians will typically configure allowed MAC
addresses. The MAC address for your Windows computer can be found with
the **ipconfig /all** command, as shown in the figure.

You may need to search the internet for where to find the MAC address on
a specific device. Finding the MAC address is not always straight
forward because not all devices call it a MAC address. Windows calls it
a "Physical Address",

On an iPhone it is called the "Wi-Fi Address" and on an Android it is
called "Wi-Fi MAC address", as shown below.

additionally, your device may have two or more MAC addresses. For
example, the PlayStation 4 in the figure has two MAC addresses: one for
wired networks and one for wireless networks.

Finally, consider the fact that new devices might be added to the
network at any time. You can see how the technician responsible for
manually configuring all these MAC addresses might be overwhelmed.
Imagine having to manually enter and maintain dozens of MAC addresses in
an interface such as the one shown below.

However, MAC address filtering may be your only option. Better
solutions, such as port security, require purchasing a more expensive
router or a separate firewall device, and are beyond the scope of this
course.

Whitelisting and blacklisting specify which IP addresses are allowed or
denied on your network. Similar to MAC address filtering, you can
manually configure specific IP addresses to allow or deny into your
network. On a wireless router, this is typically done using an access
list or access policy, as shown in the figure. Refer to your wireless
router's documentation for specific steps or search the internet for a
tutorial.

Whitelisting is a good tool for allowing your users, such as children or
employees, access to those IP addresses you approve. You can also
blacklist or explicitly block known sites. However, similar to MAC
address filtering, this can become burdensome. Better solutions exist.
Search the internet for "parental control software" and "content
filters".

The internet of today is significantly different than the internet of
past decades. The internet of today is more than email, web pages, and
file transfers between computers. The evolving internet is becoming an
Internet of Things (IoT). No longer will the only devices accessing the
internet be computers, tablets, and smartphones. The sensor-equipped,
internet-ready devices of tomorrow will include everything from
automobiles and biomedical devices, to household appliances and natural
ecosystems.

You may already have some IoT devices in your home. You can buy all
kinds of connected devices including thermostats, light switches,
security cameras, door locks, and voice-enabled digital assistants (such
as Amazon Alexis and Google Home). These devices can all be connected to
your network. In addition, many of them can be directly managed from a
smartphone app,

At this point in its infancy, the IoT market has not yet agreed upon a
set of standards for IoT device installation and configuration.
Configuring IoT devices is very much device specific. Consult the
manufacturer's documentation or website for configuration guides.

In this course, you will use Packet Tracer to explore a basic IoT device
configuration. The figure shows all the IoT devices in Packet Tracer.
Packet Tracer also includes a number of sensors and actuators. In the
figure, the sensors are shown in the bottom panel of the Packet Tracer
interface.

1. Identify the Problem: Gather information about the issue, including
symptoms and any recent changes to the system.

2. Establish a Theory of Probable Cause: Based on the information
gathered, hypothesize what might be causing the problem.

3. Test the Theory to Determine Cause: Verify the hypothesis by testing
it. If the theory is not confirmed, establish a new theory and test
again.

4. Establish a Plan of Action to Resolve the Problem and Implement the
Solution: Once the cause is identified, develop and execute a plan
to fix the issue.

5. Verify Full System Functionality and, if Applicable, Implement
Preventive Measures: Ensure the solution has resolved the problem
and that the system is fully operational. Implement measures to
prevent recurrence.

6. Document Findings, Actions, and Outcomes: Record the problem, the
steps taken to resolve it, and the final outcome for future
reference.

Open-ended questions are designed to encourage a full, meaningful answer
using the respondent's own knowledge and feelings. Unlike closed-ended
questions, which can be answered with a simple "yes" or "no," open-ended
questions require more detailed responses. They are often used to gain
deeper insights and foster discussion.

Closed-ended questions are designed to elicit specific, concise
responses, often limited to a single word or a choice from predefined
options. These questions typically aim to gather quantitative data or
confirm specific information. [Examples include questions that can be
answered with "yes" or "no," or those that offer multiple-choice
answers^1^](https://en.wikipedia.org/wiki/Closed-ended_question)[^2^](https://www.appinio.com/en/blog/market-research/close-ended-questions).

For instance, instead of asking "How do you feel about the new policy?"
(an open-ended question), a closed-ended version might be \"Do you agree
with the new
policy? [(Yes/No)\"](https://www.formpl.us/blog/close-ended-questions)

In this chapter, you learned how to configure NICs, connect devices to a
wireless router, and configure a wireless router for network
connectivity. You also learned about firewalls, IoT devices, and network
troubleshooting. You learned about the 48-bit MAC addresses that
identified devices connected to an Ethernet LAN, and the two types of IP
addresses, IPv4 and IPv6. IPv4 addresses are 32-bits in length and are
written in dotted decimal format while IPv6 addresses are 128-bits in
length and written in hexadecimal format.

Configuring an IP address on a device can be done manually or
dynamically by using DHCP. You learned that manual, or static
addressing, is appropriate for small networks while DHCP is best suited
for larger networks. In addition to an IP address, DHCP can also
automatically assign the subnet mask, default-gateway, and address of
DNS servers. You configured a NIC to use DHCP on a Windows computer
through a lab exercise. You were able to verify network configuration
using the ipconfig /all command in Windows and test connectivity by
using ping.

You then learned how to configure a wireless network including the
configuration of a wireless router with basic wireless settings, NAT,
firewall settings, and QoS. You then completed two labs one about
configuring a wireless network and then a lab on configuring firewall
settings. The wireless network lab had you configure basic wireless
settings on a wireless host and an access point and then test
connectivity. In the firewall lab you configured MAC filtering, a DMZ,
and port forwarding.

The internet today is becoming more than just computers, tablets, and
smartphones. It is becoming an IoT. These things are sensor-equipped,
internet-ready devices that include automobiles, biomedical devices,
household appliances, and natural ecosystems. You used Packet Tracer to
explore IoT devices and their basic configuration.

At the end of the chapter, you learned the six steps in the
troubleshooting process as they pertain to networks.