Module 17: Build a Small Network PDF
Document Details
Uploaded by DiplomaticToucan
PXL Hogeschool
Tags
Summary
This document provides an introduction to building small networks, including devices, applications, and protocols needed. It details common network devices and their functions, explaining how small networks are scaled up, and how essential tools (such as those in the ping and tracert commands) can verify connectivity and establish network performance.
Full Transcript
Module 17: Build a Small Network Introduction to Networks v7.0 (ITN) Module Objectives Module Title: Build a Small Network Module Objective: Implement a network design for a small network to include a router, a switch, and end devices. Topic Title Topic Objective D...
Module 17: Build a Small Network Introduction to Networks v7.0 (ITN) Module Objectives Module Title: Build a Small Network Module Objective: Implement a network design for a small network to include a router, a switch, and end devices. Topic Title Topic Objective Devices in a Small Network Identify the devices used in a small network. Small Network Applications and Protocols Identify the protocols and applications used in a small network. Scale to Larger Networks Explain how a small network serves as the basis of larger networks. Use the output of the ping and tracert commands to verify connectivity Verify Connectivity and establish relative network performance. Use host and IOS commands to acquire information about the devices Host and IOS Commands in a network. Troubleshooting Methodologies Describe common network troubleshooting methodologies. Troubleshooting Scenarios Troubleshoot issues with devices in the network. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 17.1 Devices in a Small Network © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Devices in a Small Network Small Network Topologies The majority of businesses are small, most of the business networks are also small. A small network design is usually simple. Small networks typically have a single WAN connection provided by DSL, cable, or an Ethernet connection. Large networks require an IT department to maintain, secure, and troubleshoot network devices and to protect organizational data. Small networks are managed by a local IT technician or by a contracted professional. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Devices in a Small Network Device Selection for a Small Network Like large networks, small networks require planning and design to meet user requirements. Planning ensures that all requirements, cost factors, and deployment options are given due consideration. One of the first design considerations is the type of intermediary devices to use to support the network. Factors that must be considered when selecting network devices include: cost speed and types of ports/interfaces expandability operating system features and services © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Devices in a Small Network IP Addressing for a Small Network When implementing a network, create an IP addressing scheme and use it. All hosts and devices within an internetwork must have a unique address. Devices that will factor into the IP addressing scheme include the following: End user devices - The number and type of connections (i.e., wired, wireless, remote access) Servers and peripherals devices (e.g., printers and security cameras) Intermediary devices including switches and access points It is recommended that you plan, document, and maintain an IP addressing scheme based on device type. The use of a planned IP addressing scheme makes it easier to identify a type of device and to troubleshoot problems. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Devices in a Small Network Redundancy in a Small Network In order to maintain a high degree of reliability, redundancy is required in the network design. Redundancy helps to eliminate single points of failure. Redundancy can be accomplished by installing duplicate equipment. It can also be accomplished by supplying duplicate network links for critical areas. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Devices in a Small Network Traffic Management The goal for a good network design is to enhance the productivity of the employees and minimize network downtime. The routers and switches in a small network should be configured to support real-time traffic, such as voice and video, in an appropriate manner relative to other data traffic. A good network design will implement quality of service (QoS). Priority queuing has four queues. The high- priority queue is always emptied first. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 17.2 Small Network Applications and Protocols © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Small Network Applications and Protocols Common Applications After you have set it up, your network still needs certain types of applications and protocols in order to work. The network is only as useful as the applications that are on it. There are two forms of software programs or processes that provide access to the network: Network Applications: Applications that implement application layer protocols and are able to communicate directly with the lower layers of the protocol stack. Email clients and web browsers are examples Application Layer Services: For applications that are not network-aware (need the assistance of application layer services to use network resources), the programs that interface with the network and prepare the data for transfer. ftp , tftp , dns and telnet commands are examples. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Small Network Applications and Protocols Common Protocols Network protocols support the applications and services used by employees in a small network. Network administrators commonly require access to network devices and servers. The two most common remote access solutions are Telnet and Secure Shell (SSH). Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) are used between web clients and web servers. Simple Mail Transfer Protocol (SMTP) is used to send email, Post Office Protocol (POP3) or Internet Mail Access Protocol (IMAP) are used by clients to retrieve email. File Transfer Protocol (FTP) and Security File Transfer Protocol (SFTP) are used to download and upload files between a client and an FTP server. Dynamic Host Configuration Protocol (DHCP) is used by clients to acquire an IP configuration from a DHCP Server. The Domain Name Service (DNS) resolves domain names to IP addresses. Note: A server could provide multiple network services. For instance, a server could be an email, FTP and SSH server. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Small Network Applications and Protocols Common Protocols (Cont.) These network protocols comprise the fundamental toolset of a network professional, defining: Processes on either end of a communication session. Types of messages. Syntax of the messages. Meaning of informational fields. How messages are sent and the expected response. Interaction with the next lower layer. Many companies have established a policy of using secure versions (e.g., SSH, SFTP, and HTTPS) of these protocols whenever possible. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Small Network Applications and Protocols Voice and Video Applications Businesses today are increasingly using IP telephony and streaming media to communicate with customers and business partners, as well as enabling their employees to work remotely. The network administrator must ensure the proper equipment is installed in the network and that the network devices are configured to ensure priority delivery. The factors that a small network administrator must consider when supporting real-time applications: Infrastructure - Does it have the capacity and capability to support real-time applications? VoIP - VoIP is typically less expensive than IP Telephony, but at the cost of quality and features (Skype or Webex) IP Telephony - This employs dedicated servers form call control and signaling. Real-Time Applications - The network must support Quality of Service (QoS) mechanisms to minimize latency issues. Real-Time Transport Protocol (RTP) and Real- Time Transport Control Protocol (RTCP) and two protocols that support real-time applications. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 17.3 Scale to Larger Networks © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Scale to Larger Networks Small Network Growth Growth is a natural process for many small businesses, and their networks must grow accordingly. Ideally, the network administrator has enough lead-time to make intelligent decisions about growing the network in alignment with the growth of the company. To scale a network, several elements are required: Network documentation - Physical and logical topology Device inventory - List of devices that use or comprise the network Budget - Itemized IT budget, including fiscal year equipment purchasing budget Traffic analysis - Protocols, applications, and services and their respective traffic requirements should be documented These elements are used to inform the decision-making that accompanies the scaling of a small network. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Scale to Larger Networks Protocol Analysis It is important to understand the type of traffic that is crossing the network as well as the current traffic flow. There are several network management tools that can be used for this purpose. To determine traffic flow patterns, it is important to do the following: Capture traffic during peak utilization times to get a good representation of the different traffic types. Perform the capture on different network segments and devices as some traffic will be local to a particular segment. Information gathered by the protocol analyzer is evaluated based on the source and destination of the traffic, as well as the type of traffic being sent. This analysis can be used to make decisions on how to manage the traffic more efficiently. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Scale to Larger Networks Employee Network Utilization Many operating systems OS provide built-in tools to display such network utilization information. These tools can be used to capture a “snapshot” of information such as the following: OS and OS Version CPU utilization RAM utilization Drive utilization Non-Network applications Network applications Documenting snapshots for employees in a small network over a period of time is very useful to identify evolving protocol requirements and associated traffic flows. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 17.4 Verify Connectivity © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Verify Connectivity Verify Connectivity with Ping Whether your network is small and new, or you are scaling an existing network, you will always want to be able to verify that your components are properly connected to each other and to the internet. The ping command, available on most operating systems, is the most effective way to quickly test Layer 3 connectivity between a source and destination IP address. The ping command uses the Internet Control Message Protocol (ICMP) echo (ICMP Type 8) and echo reply (ICMP Type 0) messages. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Verify Connectivity Verify Connectivity with Ping (Cont.) On a Windows 10 host, the ping command sends four consecutive ICMP echo messages and expects four consecutive ICMP echo replies from the destination. The IOS ping sends five ICMP echo messages and displays an indicator for each ICMP echo reply received. IOS Ping Indicators are as follows: Element Description Exclamation mark indicates successful receipt of an echo reply message. ! It validates a Layer 3 connection between source and destination. A period means that time expired waiting for an echo reply message.. This indicates a connectivity problem occurred somewhere along the path. Uppercase U indicates a router along the path responded with an ICMP Type 3 “destination unreachable” error message. U Possible reasons include the router does not know the direction to the destination network or it could not find the host on the destination network. Note: Other possible ping replies include Q, M, ?, or &. However, the meaning of these are out of scope for this module. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Verify Connectivity Extended Ping The Cisco IOS offers an "extended" mode of the ping command. Extended ping is entered in privileged EXEC mode by typing ping without a destination IP address. You will then be given several prompts to customize the extended ping. Note: Pressing Enter accepts the indicated default values. The ping ipv6 command is used for IPv6 extended pings. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Verify Connectivity Verify Connectivity with Traceroute The ping command is useful to quickly determine if there is a Layer 3 connectivity problem. However, it does not identify where the problem is located along the path. Traceroute can help locate Layer 3 problem areas in a network. A trace returns a list of hops as a packet is routed through a network. The syntax of the trace command varies between operating systems. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Verify Connectivity Verify Connectivity with Traceroute (Cont.) The following is a sample output of tracert command on a Windows 10 host. Note: Use Ctrl-C to interrupt a tracert in Windows. The only successful response was from the gateway on R1. Trace requests to the next hop timed out as indicated by the asterisk (*), meaning that the next hop router did not respond or there is a failure in the network path. In this example there appears to be a problem between R1 and R2. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Verify Connectivity Verify Connectivity with Traceroute (Cont.) The following are sample outputs of traceroute command from R1: On the left, the trace validated that it could successfully reach PC B. On the right, the 10.1.1.10 host was not available, and the output shows asterisks where replies timed out. Timeouts indicate a potential network problem. Use Ctrl-Shift-6 to interrupt a traceroute in Cisco IOS. Note: Windows implementation of traceroute (tracert) sends ICMP Echo Requests. Cisco IOS and Linux use UDP with an invalid port number. The final destination will return an ICMP port unreachable message. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Verify Connectivity Extended Traceroute Like the extended ping command, there is also an extended traceroute command. It allows the administrator to adjust parameters related to the command operation. The Windows tracert command allows the input of several parameters through options in the command line. However, it is not guided like the extended traceroute IOS command. The following output displays the available options for the Windows tracert command: © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Verify Connectivity Extended Traceroute (Cont.) The Cisco IOS extended traceroute option enables the user to create a special type of trace by adjusting parameters related to the command operation. Extended traceroute is entered in privileged EXEC mode by typing traceroute without a destination IP address. IOS will guide you through the command options by presenting a number of prompts related to the setting of all the different parameters. Note: Pressing Enter accepts the indicated default values. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Verify Connectivity Network Baseline One of the most effective tools for monitoring and troubleshooting network performance is to establish a network baseline. One method for starting a baseline is to copy and paste the results from an executed ping, trace, or other relevant commands into a text file. These text files can be time stamped with the date and saved into an archive for later retrieval and comparison. Among items to consider are error messages and the response times from host to host. Corporate networks should have extensive baselines; more extensive than we can describe in this course. Professional-grade software tools are available for storing and maintaining baseline information. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 17.5 Host and IOS Commands © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Host and IOS Commands IP Configuration on a Windows Host In Windows 10, you can access the IP address details from the Network and Sharing Center to quickly view the four important settings: address, mask, router, and DNS. Or you can issue the ipconfig command at the command line of a Windows computer. Use the ipconfig /all command to view the MAC address, as well as a number of details regarding the Layer 3 addressing of the device. If a host is configured as a DHCP client, the IP address configuration can be renewed using the ipconfig /release and ipconfig /renew commands. The DNS Client service on Windows PCs also optimizes the performance of DNS name resolution by storing previously resolved names in memory. The ipconfig /displaydns command displays all of the cached DNS entries on a Windows computer system. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Host and IOS Commands IP Configuration on a Linux Host Verifying IP settings using the GUI on a Linux machine will differ depending on the Linux distribution and desktop interface. On the command line, use the ifconfig command to display the status of the currently active interfaces and their IP configuration. The Linux ip address command is used to display addresses and their properties. It can also be used to add or delete IP addresses. Note: The output displayed may vary depending on the Linux distribution. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 Host and IOS Commands IP Configuration on a macOS Host In the GUI of a Mac host, open Network Preferences > Advanced to get the IP addressing information. The ifconfig command can also be used to verify the interface IP configuration at the command line. Other useful macOS commands to verify the host IP settings include networksetup -listallnetworkservices and the networksetup -getinfo. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 Host and IOS Commands The arp Command The arp command is executed from the Windows, Linux, or Mac command prompt. The command lists all devices currently in the ARP cache of the host. The arp -a command displays the known IP address and MAC address binding. The ARP cache only displays information from devices that have been recently accessed. To ensure that the ARP cache is populated, ping a device so that it will have an entry in the ARP table. The cache can be cleared by using the netsh interface ip delete arpcache command in the event the network administrator wants to repopulate the cache with updated information. Note: You may need administrator access on the host to be able to use the netsh interface ip delete arpcache command. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Host and IOS Commands Common show Commands Revisited Command Description show running-config Verifies the current configuration and settings show interfaces Verifies the interface status and displays any error messages show ip interface Verifies the Layer 3 information of an interface show arp Verifies the list of known hosts on the local Ethernet LANs show ip route Verifies the Layer 3 routing information show protocols Verifies which protocols are operational show version Verifies the memory, interfaces, and licenses of the device © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 Host and IOS Commands The show cdp neighbors Command CDP provides the following information about each CDP neighbor device: Device identifiers - The configured host name of a switch, router, or other device Address list - Up to one network layer address for each protocol supported Port identifier - The name of the local and remote port in the form of an ASCII character string, such as FastEthernet 0/0 Capabilities list - Whether a specific device is a Layer 2 switch or a Layer 3 switch Platform - The hardware platform of the device. The show cdp neighbors detail command reveals the IP address of a neighboring device. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 Host and IOS Commands The show ip interface brief Command One of the most frequently used commands is the show ip interface brief command. This command provides a more abbreviated output than the show ip interface command. It provides a summary of the key information for all the network interfaces on a router. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Host and IOS Commands Video – The show version Command This video will demonstrate using the show version command to view information about the router. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 Host and IOS Commands Packet Tracer – Interpret show Command Output This activity is designed to reinforce the use of router show commands. You are not required to configure, but rather analyze the output of several show commands. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 17.6 Troubleshooting Methodologies © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 Troubleshooting Methodologies Basic Troubleshooting Approaches Step Description This is the first step in the troubleshooting process. Step 1. Identify the Problem Although tools can be used in this step, a conversation with the user is often very helpful. Step 2. Establish a Theory of Probable After the problem is identified, try to establish a theory of probable causes. Causes This step often yields more than a few probable causes to the problem. Based on the probable causes, test your theories to determine which one is the cause of the problem. Step 3. Test the Theory to Determine A technician may apply a quick fix to test and see if it solves the problem. Cause If a quick fix does not correct the problem, you might need to research the problem further to establish the exact cause. Step 4. Establish a Plan of Action and After you have determined the exact cause of the problem, establish a plan of Implement the Solution action to resolve the problem and implement the solution. Step 5. Verify Solution and Implement After you have corrected the problem, verify full functionality. Preventive Measures If applicable, implement preventive measures. In the final step of the troubleshooting process, document your findings, Step 6. Document Findings, Actions, actions, and outcomes. and Outcomes This is very important for future reference. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 Troubleshooting Methodologies Resolve or Escalate? In some situations, it may not be possible to resolve the problem immediately. A problem should be escalated when it requires a manager decision, some specific expertise, or network access level unavailable to the troubleshooting technician. A company policy should clearly state when and how a technician should escalate a problem. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 Troubleshooting Methodologies The debug Command The IOS debug command allows the administrator to display OS process, protocol, mechanism and event messages in real-time for analysis. All debug commands are entered in privileged EXEC mode. The Cisco IOS allows for narrowing the output of debug to include only the relevant feature or subfeature. Use debug commands only to troubleshoot specific problems. To list a brief description of all the debugging command options, use the debug ? command in privileged EXEC mode at the command line. To turn off a specific debugging feature, add the no keyword in front of the debug command Alternatively, you can enter the undebug form of the command in privileged EXEC mode. To turn off all active debug commands at once, use the undebug all command. Be cautious using some debug commands, as they may generate a substantial amount of output and use a large portion of system resources. The router could get so busy displaying debug messages that it would not have enough processing power to perform its network functions, or even listen to commands to turn off debugging. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 Troubleshooting Methodologies The terminal monitor Command debug and certain other IOS message output is not automatically displayed on remote connections. This is because log messages are prevented from being displayed on vty lines. To display log messages on a terminal (virtual console), use the terminal monitor privileged EXEC command. To stop logging messages on a terminal, use the terminal no monitor privileged EXEC command. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 17.7 Troubleshooting Scenarios © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43 Troubleshooting Scenarios Duplex Operation and Mismatch Issues Interconnecting Ethernet interfaces must operate in the same duplex mode for best communication performance and to avoid inefficiency and latency on the link. The Ethernet autonegotiation feature facilitates configuration, minimizes problems and maximizes link performance between two interconnecting Ethernet links. The connected devices first announce their supported capabilities and then choose the highest performance mode supported by both ends. If one of the two connected devices is operating in full-duplex and the other is operating in half-duplex, a duplex mismatch occurs. While data communication will occur through a link with a duplex mismatch, link performance will be very poor. Duplex mismatches are typically caused by a misconfigured interface or in rare instances by a failed autonegotiation. Duplex mismatches may be difficult to troubleshoot as the communication between devices still occurs. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44 Troubleshooting Scenarios IP Addressing Issues on IOS Devices Two common causes of incorrect IPv4 assignment are manual assignment mistakes or DHCP- related issues. Network administrators often have to manually assign IP addresses to devices such as servers and routers. If a mistake is made during the assignment, then communications issues with the device are very likely to occur. On an IOS device, use the show ip interface or show ip interface brief commands to verify what IPv4 addresses are assigned to the network interfaces. For example, issuing the show ip interface brief command as shown would validate the interface status on R1. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45 Troubleshooting Scenarios IP Addressing Issues on End Devices On Windows-based machines, when the device cannot contact a DHCP server, Windows will automatically assign an address belonging to the 169.254.0.0/16 range. This feature is called Automatic Private IP Addressing (APIPA). A computer with an APIPA address will not be able to communicate with other devices in the network because those devices will most likely not belong to the 169.254.0.0/16 network. Note: Other operating systems, such Linux and OS X, do not use APIPA. If the device is unable to communicate with the DHCP server, then the server cannot assign an IPv4 address for the specific network and the device will not be able to communicate. To verify the IP addresses assigned to a Windows-based computer, use the ipconfig command. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46 Troubleshooting Scenarios Default Gateway Issues The default gateway for an end device is the closest networking device, belonging to the same network as the end device, that can forward traffic to other networks. If a device has an incorrect or nonexistent default gateway address, it will not be able to communicate with devices in remote networks. Similar to IPv4 addressing issues, default gateway problems can be related to misconfiguration (in the case of manual assignment) or DHCP problems (if automatic assignment is in use). To verify the default gateway on Windows-based computers, use the ipconfig command. On a router, use the show ip route command to list the routing table and verify that the default gateway, known as a default route, has been set. This route is used when the destination address of the packet does not match any other routes in its routing table. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47 Troubleshooting Scenarios Troubleshooting DNS Issues It is common for users to mistakenly relate the operation of an internet link to the availability of the DNS. DNS server addresses can be manually or automatically assigned via DHCP. Although it is common for companies and organizations to manage their own DNS servers, any reachable DNS server can be used to resolve names. Cisco offers OpenDNS which provides secure DNS service by filtering phishing and some malware sites. OpenDNS addresses are 208.67.222.222 and 208.67.220.220. Advanced features such as web content filtering and security are available to families and businesses. Use the ipconfig /all as shown to verify which DNS server is in use by the Windows computer. The nslookup command is another useful DNS troubleshooting tool for PCs. With nslookup a user can manually place DNS queries and analyze the DNS response. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48 Troubleshooting Scenarios Lab – Troubleshoot Connectivity Issues In this lab, you will complete the following objectives: Identify the Problem Implement Network Changes Verify Full Functionality Document Findings and Configuration Changes © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49 Troubleshooting Scenarios Packet Tracer – Troubleshoot Connectivity Issues The objective of this Packet Tracer activity is to troubleshoot and resolve connectivity issues, if possible. Otherwise, the issues should be clearly documented and so they can be escalated. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50 17.8 Module Practice and Quiz © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 Troubleshooting Scenarios Lab – Design and Build a Small Business Network In this lab, you will design and build a network. You will explain how a small network of directly connected segments is created, configured, and verified. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52 Troubleshooting Scenarios Packet Tracer – Skills Integration Challenge In this Packet Tracer activity, you will use all the skills you have acquired over throughout this course. Scenario: The router Central, ISP cluster, and the Web server are completely configured. You must create a new IPv4 addressing scheme that will accommodate 4 subnets using the 192.168.0.0/24 network. The IT department requires 25 hosts. The Sales department needs 50 hosts. The subnet for the rest of the staff requires 100 hosts. A Guest subnet will be added in the future to accommodate 25 hosts. You must also finish the basic security settings and interface configurations on R1. Then, you will configure the SVI interface and basic security settings on switches S1, S2, and S3. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53 Troubleshooting Scenarios Packet Tracer – Troubleshooting Challenge In this Packet Tracer activity, you will troubleshoot and resolve a number of issues in an existing LAN. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54 Module Practice and Quiz What Did I Learn In This Module? Factors to consider when selecting network devices for a small network are cost, speed and types of ports/interfaces, expandability, and OS features and services. When implementing a network, create an IP addressing scheme and use it on end devices, servers and peripherals, and intermediary devices. Redundancy can be accomplished by installing duplicate equipment, but it can also be accomplished by supplying duplicate network links for critical areas. The routers and switches in a small network should be configured to support real-time traffic, such as voice and video, in an appropriate manner relative to other data traffic. There are two forms of software programs or processes that provide access to the network: network applications and application layer services. To scale a network, several elements are required: network documentation, device inventory, budget, and traffic analysis. The ping command is the most effective way to quickly test Layer 3 connectivity between a source and destination IP address. The Cisco IOS offers an "extended" mode of the ping command which lets the user create special types of pings by adjusting parameters related to the command operation. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55 Module Practice and Quiz What Did I Learn In This Module (Cont.)? A trace returns a list of hops as a packet is routed through a network. There is also an extended traceroute command. It allows the administrator to adjust parameters related to the command operation. Network administrators view the IP addressing information (address, mask, router, and DNS) on a Windows host by issuing the ipconfig command. Other necessary commands are ipconfig /all, ipconfig /release and ipconfig /renew, and ipconfig /displaydns. Verifying IP settings by using the GUI on a Linux machine will differ depending on the Linux distribution (distro) and desktop interface. Necessary commands are ifconfig, and ip address. In the GUI of a Mac host, open Network Preferences > Advanced to get the IP addressing information. Other IP addressing commands for Mac are ifconfig, and networksetup - listallnetworkservices and networksetup -getinfo. The arp command is executed from the Windows, Linux, or Mac command prompt. The command lists all devices currently in the ARP cache of the host, which includes the IPv4 address, physical address, and the type of addressing (static/dynamic), for each device. The arp -a command displays the known IP address and MAC address binding. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56 Module Practice and Quiz What Did I Learn In This Module (Cont.)? Common show commands are show running-config, show interfaces, show ip address, show arp, show ip route, show protocols, and show version. The show cdp neighbor command provides the following information about each CDP neighbor device: identifiers, address list, port identifier, capabilities list, and platform. The show cdp neighbors detail command will help determine if one of the CDP neighbors has an IP configuration error. The show ip interface brief command output displays all interfaces on the router, the IP address assigned to each interface, if any, and the operational status of the interface. The six basic steps to troubleshooting Step 1. Identify the problem Step 2. Establish a theory of probably causes. Step 3. Test the theory to determine the cause. Step 4. Establish a plan of action and implement the solution. Step 5. Verify the solution and implement preventive measures. Step 6. Document findings, actions, and outcomes. A problem should be escalated when it requires a decision of a manager, some specific expertise, or network access level unavailable to the troubleshooting technician. OS processes, protocols, mechanisms and events generate messages to communicate their status. The IOS debug command allows the administrator to display these messages in real-time for analysis. To display log messages on a terminal (virtual console), use the terminal monitor privileged EXEC command. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57 Module 17: Build a Small Network New Terms and Commands network applications application layer services extended ping extended traceroute network Baseline ifconfig netsh interface ip delete arpcache scientific method debug terminal monitor © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58 Module 16: Network Security Fundamentals Introduction to Networks v7.0 (ITN) Module Objectives Module Title: Network Security Fundamentals Module Objective: Configure switches and routers with device hardening features to enhance security. Topic Title Topic Objective Explain why basic security measure are necessary on Security Threats and Vulnerabilities network devices. Network Attacks Identify security vulnerabilities. Network Attack Mitigation Identify general mitigation techniques. Configure network devices with device hardening Device Security features to mitigate security threats. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 16.1 Security Threats and Vulnerabilities © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Security Threats and Vulnerabilities Types of Threats Attacks on a network can be devastating and can result in a loss of time and money due to damage, or theft of important information or assets. Intruders can gain access to a network through software vulnerabilities, hardware attacks, or through guessing someone's username and password. Intruders who gain access by modifying software or exploiting software vulnerabilities are called threat actors. After the threat actor gains access to the network, four types of threats may arise: Information Theft Data Loss and manipulation Identity Theft Disruption of Service © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Security Threats and Vulnerabilities Types of Vulnerabilities Vulnerability is the degree of weakness in a network or a device. Some degree of vulnerability is inherent in routers, switches, desktops, servers, and even security devices. Typically, the network devices under attack are the endpoints, such as servers and desktop computers. There are three primary vulnerabilities or weaknesses: Technological Vulnerabilities might include TCP/IP Protocol weaknesses, Operating System Weaknesses, and Network Equipment weaknesses. Configuration Vulnerabilities might include unsecured user accounts, system accounts with easily guessed passwords, misconfigured internet services, unsecure default settings, and misconfigured network equipment. Security Policy Vulnerabilities might include lack of a written security policy, politics, lack of authentication continuity, logical access controls not applied, software and hardware installation and changes not following policy, and a nonexistent disaster recovery plan. All three of these sources of vulnerabilities can leave a network or device open to various attacks, including malicious code attacks and network attacks. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Security Threats and Vulnerabilities Physical Security If network resources can be physically compromised, a threat actor can deny the use of network resources. The four classes of physical threats are as follows: Hardware threats - This includes physical damage to servers, routers, switches, cabling plant, and workstations. Environmental threats - This includes temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry). Electrical threats - This includes voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss. Maintenance threats - This includes poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling. A good plan for physical security must be created and implemented to address these issues. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 16.2 Network Attacks © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Network Attacks Types of Malware Malware is short for malicious software. It is code or software specifically designed to damage, disrupt, steal, or inflict “bad” or illegitimate action on data, hosts, or networks. The following are types of malware: Viruses - A computer virus is a type of malware that propagates by inserting a copy of itself into, and becoming part of, another program. It spreads from one computer to another, leaving infections as it travels. Worms - Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. Trojan Horses - It is a harmful piece of software that looks legitimate. Unlike viruses and worms, Trojan horses do not reproduce by infecting other files. They self-replicate. Trojan horses must spread through user interaction such as opening an email attachment or downloading and running a file from the internet. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Network Attacks Reconnaissance Attacks In addition to malicious code attacks, it is also possible for networks to fall prey to various network attacks. Network attacks can be classified into three major categories: Reconnaissance attacks - The discovery and mapping of systems, services, or vulnerabilities. Access attacks - The unauthorized manipulation of data, system access, or user privileges. Denial of service - The disabling or corruption of networks, systems, or services. For reconnaissance attacks, external threat actors can use internet tools, such as the nslookup and whois utilities, to easily determine the IP address space assigned to a given corporation or entity. After the IP address space is determined, a threat actor can then ping the publicly available IP addresses to identify the addresses that are active. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Network Attacks Access Attacks Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information. Access attacks can be classified into four types: Password attacks - Implemented using brute force, trojan horse, and packet sniffers Trust exploitation - A threat actor uses unauthorized privileges to gain access to a system, possibly compromising the target. Port redirection: - A threat actor uses a compromised system as a base for attacks against other targets. For example, a threat actor using SSH (port 22) to connect to a compromised host A. Host A is trusted by host B and, therefore, the threat actor can use Telnet (port 23) to access it. Man-in-the middle - The threat actor is positioned in between two legitimate entities in order to read or modify the data that passes between the two parties. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Network Attacks Denial of Service Attacks Denial of service (DoS) attacks are the most publicized form of attack and among the most difficult to eliminate. However, because of their ease of implementation and potentially significant damage, DoS attacks deserve special attention from security administrators. DoS attacks take many forms. Ultimately, they prevent authorized people from using a service by consuming system resources. To help prevent DoS attacks it is important to stay up to date with the latest security updates for operating systems and applications. DoS attacks are a major risk because they interrupt communication and cause significant loss of time and money. These attacks are relatively simple to conduct, even by an unskilled threat actor. A DDoS is similar to a DoS attack, but it originates from multiple, coordinated sources. For example, a threat actor builds a network of infected hosts, known as zombies. A network of zombies is called a botnet. The threat actor uses a command and control (CnC) program to instruct the botnet of zombies to carry out a DDoS attack. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 16.3 Network Attack Mitigations © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Network Attack Mitigations The Defense-in-Depth Approach To mitigate network attacks, you must first secure devices including routers, switches, servers, and hosts. Most organizations employ a defense-in-depth approach (also known as a layered approach) to security. This requires a combination of networking devices and services working in tandem. Several security devices and services are implemented to protect an organization’s users and assets against TCP/IP threats: VPN ASA Firewall IPS ESA/WSA AAA Server © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Network Attack Mitigations Keep Backups Backing up device configurations and data is one of the most effective ways of protecting against data loss. Backups should be performed on a regular basis as identified in the security policy. Data backups are usually stored offsite to protect the backup media if anything happens to the main facility. The table shows backup considerations and their descriptions. Consideration Description Perform backups on a regular basis as identified in the security policy. Frequency Full backups can be time-consuming, therefore perform monthly or weekly backups with frequent partial backups of changed files. Always validate backups to ensure the integrity of the data and validate the file restoration Storage procedures. Backups should be transported to an approved offsite storage location on a daily, weekly, or Security monthly rotation, as required by the security policy. Backups should be protected using strong passwords. The password is required to restore Validation the data. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Network Attack Mitigations Upgrade, Update, and Patch As new malware is released, enterprises need to keep current with the latest versions of antivirus software. The most effective way to mitigate a worm attack is to download security updates from the operating system vendor and patch all vulnerable systems. One solution to the management of critical security patches is to make sure all end systems automatically download updates. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Network Attack Mitigations Authentication, Authorization, and Accounting Authentication, authorization, and accounting (AAA, or “triple A”) network security services provide the primary framework to set up access control on network devices. AAA is a way to control who is permitted to access a network (authenticate), what actions they perform while accessing the network (authorize) and making a record of what was done while they are there (accounting). The concept of AAA is similar to the use of a credit card. The credit card identifies who can use it, how much that user can spend, and keeps account of what items the user spent money on. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Network Attack Mitigations Firewalls Network firewalls reside between two or more networks, control the traffic between them, and help prevent unauthorized access. A firewall could allow outside users controlled access to specific services. For example, servers accessible to outside users are usually located on a special network referred to as the demilitarized zone (DMZ). The DMZ enables a network administrator to apply specific policies for hosts connected to that network. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Network Attack Mitigations Types of Firewalls Firewall products come packaged in various forms. These products use different techniques for determining what will be permitted or denied access to a network. They include the following: Packet filtering - Prevents or allows access based on IP or MAC addresses Application filtering - Prevents or allows access by specific application types based on port numbers URL filtering - Prevents or allows access to websites based on specific URLs or keywords Stateful packet inspection (SPI) - Incoming packets must be legitimate responses to requests from internal hosts. Unsolicited packets are blocked unless permitted specifically. SPI can also include the capability to recognize and filter out specific types of attacks, such as denial of service (DoS). © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Network Attack Mitigations Endpoint Security An endpoint, or host, is an individual computer system or device that acts as a network client. Common endpoints are laptops, desktops, servers, smartphones, and tablets. Securing endpoint devices is one of the most challenging jobs of a network administrator because it involves human nature. A company must have well-documented policies in place and employees must be aware of these rules. Employees need to be trained on proper use of the network. Policies often include the use of antivirus software and host intrusion prevention. More comprehensive endpoint security solutions rely on network access control. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 16.4 Device Security © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Device Security Cisco AutoSecure The security settings are set to the default values when a new operating system is installed on a device. In most cases, this level of security is inadequate. For Cisco routers, the Cisco AutoSecure feature can be used to assist securing the system. In addition, there are some simple steps that should be taken that apply to most operating systems: Default usernames and passwords should be changed immediately. Access to system resources should be restricted to only the individuals that are authorized to use those resources. Any unnecessary services and applications should be turned off and uninstalled when possible. Often, devices shipped from the manufacturer have been sitting in a warehouse for a period of time and do not have the most up-to-date patches installed. It is important to update any software and install any security patches prior to implementation. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Device Security Passwords To protect network devices, it is important to use strong passwords. Here are standard guidelines to follow: Use a password length of at least eight characters, preferably 10 or more characters. Make passwords complex. Include a mix of uppercase and lowercase letters, numbers, symbols, and spaces, if allowed. Avoid passwords based on repetition, common dictionary words, letter or number sequences, usernames, relative or pet names, biographical information, such as birthdates, ID numbers, ancestor names, or other easily identifiable pieces of information. Deliberately misspell a password. For example, Smith = Smyth = 5mYth or Security = 5ecur1ty. Change passwords often. If a password is unknowingly compromised, the window of opportunity for the threat actor to use the password is limited. Do not write passwords down and leave them in obvious places such as on the desk or monitor. On Cisco routers, leading spaces are ignored for passwords, but spaces after the first character are not. Therefore, one method to create a strong password is to use the space bar and create a phrase made of many words. This is called a passphrase. A passphrase is often easier to remember than a simple password. It is also longer and harder to guess. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Device Security Additional Password Security There are several steps that can be taken to help ensure that passwords remain secret on a Cisco router and switch including these: Encrypt all plaintext passwords with the service password-encryption command. Set a minimum acceptable password length with the security passwords min-length command. Deter brute-force password guessing attacks with the login block- for # attempts # within # command. Disable an inactive privileged EXEC mode access after a specified amount of time with the exec-timeout command. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Device Security Enable SSH It is possible to configure a Cisco device to support SSH using the following steps: 1. Configure a unique device hostname. A device must have a unique hostname other than the default. 2. Configure the IP domain name. Configure the IP domain name of the network by using the global configuration mode command ip-domain name. 3. Generate a key to encrypt SSH traffic. SSH encrypts traffic between source and destination. However, to do so, a unique authentication key must be generated by using the global configuration command crypto key generate rsa general-keys modulus bits. The modulus bits determines the size of the key and can be configured from 360 bits to 2048 bits. The larger the bit value, the more secure the key. However, larger bit values also take longer to encrypt and decrypt information. The minimum recommended modulus length is 1024 bits. 4. Verify or create a local database entry. Create a local database username entry using the username global configuration command. 5. Authenticate against the local database. Use the login local line configuration command to authenticate the vty line against the local database. 6. Enable vty inbound SSH sessions. By default, no input session is allowed on vty lines. You can specify multiple input protocols including Telnet and SSH using the transport input [ssh | telnet] command. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Device Security Disable Unused Services Cisco routers and switches start with a list of active services that may or may not be required in your network. Disable any unused services to preserve system resources, such as CPU cycles and RAM, and prevent threat actors from exploiting these services. The type of services that are on by default will vary depending on the IOS version. For example, IOS-XE typically will have only HTTPS and DHCP ports open. You can verify this with the show ip ports all command. IOS versions prior to IOS-XE use the show control-plane host open- ports command. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Device Security Packet Tracer – Configure Secure Passwords and SSH In this Packet Tracer, you will configure passwords and SSH: The network administrator has asked you to prepare RTA and SW1 for deployment. Before they can be connected to the network, security measures must be enabled. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Device Security Lab – Configure Network Devices with SSH In this lab, you will complete the following objectives: Part 1: Configure Basic Device Settings Part 2: Configure the Router for SSH Access Part 3: Configure the Switch for SSH Access Part 4: SSH from the CLI on the Switch © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 16.5 Module Practice and Quiz © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Module Practice and Quiz Packet Tracer – Secure Network Devices In this activity you will configure a router and a switch based on a list of requirements. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Module Practice and Quiz Lab – Secure Network Devices In this lab, you will complete the following objectives: Configure Basic Device Settings Configure Basic Security Measures on the Router Configure Basic Security Measures on the Switch © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 Module Practice and Quiz What Did I Learn In This Module? After the threat actor gains access to the network, four types of threats may arise: information theft, data loss and manipulation, identity theft, and disruption of service. There are three primary vulnerabilities or weaknesses: technological, configuration, and security policy. The four classes of physical threats are: hardware, environmental, electrical, and maintenance. Malware is short for malicious software. It is code or software specifically designed to damage, disrupt, steal, or inflict “bad” or illegitimate action on data, hosts, or networks. Viruses, worms, and Trojan horses are types of malware. Network attacks can be classified into three major categories: reconnaissance, access, and denial of service. To mitigate network attacks, you must first secure devices including routers, switches, servers, and hosts. Most organizations employ a defense-in-depth approach to security. This requires a combination of networking devices and services working together. Several security devices and services are implemented to protect an organization’s users and assets against TCP/IP threats: VPN, ASA firewall, IPS, ESA/WSA, and AAA server. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 Module Practice and Quiz What Did I Learn In This Module? (Cont.) Infrastructure devices should have backups of configuration files and IOS images on an FTP or similar file server. If the computer or a router hardware fails, the data or configuration can be restored using the backup copy. The most effective way to mitigate a worm attack is to download security updates from the operating system vendor and patch all vulnerable systems. To manage critical security patches, to make sure all end systems automatically download updates. AAA is a way to control who is permitted to access a network (authenticate), what they can do while they are there (authorize), and what actions they perform while accessing the network (accounting). Network firewalls reside between two or more networks, control the traffic between them, and help prevent unauthorized access. Securing endpoint devices is critical to network security. A company must have well- documented policies in place, which may include the use of antivirus software and host intrusion prevention. More comprehensive endpoint security solutions rely on network access control. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Module Practice and Quiz What Did I Learn In This Module? (Cont.) For Cisco routers, the Cisco AutoSecure feature can be used to assist securing the system. For most OSs default usernames and passwords should be changed immediately, access to system resources should be restricted to only the individuals that are authorized to use those resources, and any unnecessary services and applications should be turned off and uninstalled when possible. To protect network devices, it is important to use strong passwords. A passphrase is often easier to remember than a simple password. It is also longer and harder to guess. For routers and switches, encrypt all plaintext passwords, setting a minimum acceptable password length, deter brute-force password guessing attacks, and disable an inactive privileged EXEC mode access after a specified amount of time. Configure appropriate devices to support SSH and disable unused services. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 Module 16: Network Security Fundamentals New Terms and Commands threat actor service password-encryption malware security passwords min-length reconnaissance attacks login block-for access attacks exec-timeout defense-in-depth crypto key generate rsa general-keys modulus authentication, authorization, and accounting (AAA) username password | secret demilitarized zone (DMZ) login local Cisco AutoSecure transport input ssh passphrase show ip ports all show control-plan host open-ports © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 Module 15: Application Layer Introduction to Networks v7.0 (ITN) Module Objectives Module Title: Application Layer Module Objective: Explain the operation of application layer protocols in providing support to end-user applications. Topic Title Topic Objective Explain how the functions of the application layer, presentation layer, and Application, Presentation, and Session session layer work together to provide network services to end user applications. Peer-to-Peer Explain how end user applications operate in a peer-to-peer network. Web and Email Protocols Explain how web and email protocols operate. IP Addressing Services Explain how DNS and DHCP operate. File Sharing Services Explain how file transfer protocols operate. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 15.1 Application, Presentation, and Session © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Application, Presentation, and Session Application Layer The upper three layers of the OSI model (application, presentation, and session) define functions of the TCP/IP application layer. The application layer provides the interface between the applications used to communicate, and the underlying network over which messages are transmitted. Some of the most widely known application layer protocols include HTTP, FTP, TFTP, IMAP and DNS. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Application, Presentation, and Session Presentation and Session Layer The presentation layer has three primary functions: Formatting, or presenting, data at the source device into a compatible format for receipt by the destination device Compressing data in a way that can be decompressed by the destination device Encrypting data for transmission and decrypting data upon receipt The session layer functions: It creates and maintains dialogs between source and destination applications. It handles the exchange of information to initiate dialogs, keep them active, and to restart sessions that are disrupted or idle for a long period of time. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Application, Presentation, and Session TCP/IP Application Layer Protocols The TCP/IP application protocols specify the format and control information necessary for many common internet communication functions. Application layer protocols are used by both the source and destination devices during a communication session. For the communications to be successful, the application layer protocols that are implemented on the source and destination host must be compatible. Name System Host Config Web DNS - Domain Name System DHCP - Dynamic Host HTTP - Hypertext Transfer (or Service) Configuration Protocol Protocol TCP, UDP client 53 UDP client 68, server 67 TCP 80, 8080 Translates domain names, Dynamically assigns IP A set of rules for exchanging such as cisco.com, into IP addresses to be re-used text, graphic images, sound, addresses. when no longer needed video, and other multimedia files on the World Wide Web © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 15.2 Peer-to-Peer © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Peer-to-Peer Client-Server Model Client and server processes are considered to be in the application layer. In the client/server model, the device requesting the information is called a client and the device responding to the request is called a server. Application layer protocols describe the format of the requests and responses between clients and servers. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Peer-to-Peer Peer-to-Peer Networks In a peer-to-peer (P2P) network, two or more computers are connected via a network and can share resources (such as printers and files) without having a dedicated server. Every connected end device (known as a peer) can function as both a server and a client. One computer might assume the role of server for one transaction while simultaneously serving as a client for another. The roles of client and server are set on a per request basis. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Peer-to-Peer Peer-to-Peer Applications A P2P application allows a device to act as both a client and a server within the same communication. Some P2P applications use a hybrid system where each peer accesses an index server to get the location of a resource stored on another peer. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Peer-to-Peer Common P2P Applications With P2P applications, each computer in the network that is running the application can act as a client or a server for the other computers in the network that are also running the application. Common P2P networks include the following: BitTorrent Direct Connect eDonkey Freenet © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 15.3 Web and Email Protocols © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Web and Email Protocols Hypertext Transfer Protocol and Hypertext Markup Language When a web address or Uniform Resource Locator (URL) is typed into a web browser, the web browser establishes a connection to the web service. The web service is running on the server that is using the HTTP protocol. To better understand how the web browser and web server interact, examine how a web page is opened in a browser. Step 1 The browser interprets the three parts of the URL: http (the protocol or scheme) www.cisco.com (the server name) index.html (the specific filename requested) © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Web and Email Protocols Hypertext Transfer Protocol and Hypertext Markup Language (Cont.) Step 2 Step 3 The browser then checks with a name In response to the request, the server sends server DNS to convert the HTML code for this web page to the www.cisco.com into a numeric IP browser. address, which it uses to connect to the server. The client initiates an HTTP request to a server by sending a GET request to the server and asks for the index.html file. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Web and Email Protocols Hypertext Transfer Protocol and Hypertext Markup Language (Cont.) Step 4 The browser deciphers the HTML code and formats the page for the browser window. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Web and Email Protocols HTTP and HTTPS HTTP is a request/response protocol that specifies the message types used for that communication. The three common message types are GET, POST, and PUT: GET - This is a client request for data. A client (web browser) sends the GET message to the web server to request HTML pages. POST - This uploads data files to the web server, such as form data. PUT - This uploads resources or Note: HTTP is not a secure protocol. content to the web server, such as For secure communications sent across the internet, HTTPS should be used. an image. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Web and Email Protocols Email Protocols Email is a store-and-forward method of sending, storing, and retrieving electronic messages across a network. Email messages are stored in databases on mail servers. Email clients communicate with mail servers to send and receive email. The email protocols used for operation are: Simple Mail Transfer Protocol (SMTP) – used to send mail. Post Office Protocol (POP) & IMAP – used for clients to receive mail. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Web and Email Protocols SMTP, POP and IMAP When a client sends email, the client SMTP process connects with a server SMTP process on well-known port 25. After the connection is made, the client attempts to send the email to the server across the connection. When the server receives the message, it either places the message in a local account, if the recipient is local, or forwards the message to another mail server for delivery. The destination email server may not be Note: SMTP message formats require a message header (recipient email address & sender email online or may be busy. If so, SMTP spools address) and a message body. messages to be sent at a later time. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Web and Email Protocols SMTP, POP and IMAP (Cont.) POP is used by an application to retrieve mail from a mail server. When mail is downloaded from the server to the client using POP the messages are then deleted on the server. The server starts the POP service by passively listening on TCP port 110 for client connection requests. When a client wants to make use of the service, it sends a request to establish a TCP connection with the server. When the connection is established, the POP server sends a greeting. The client and POP server then exchange commands and responses Note: Since POP does not store messages, it is not until the connection is closed or recommended for small businesses that need a centralized aborted. backup solution. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Web and Email Protocols SMTP, POP and IMAP (Cont.) IMAP is another protocol that describes a method to retrieve email messages. Unlike POP, when a user connects to an IMAP server, copies of the messages are downloaded to the client application. The original messages are kept on the server until manually deleted. When a user decides to delete a message, the server synchronizes that action and deletes the message from the server. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 15.4 IP Addressing Services © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 IP Addressing Services Domain Name Service Domain names were created to convert the numeric IP addresses into a simple, recognizable name. Fully-qualified domain names (FQDNs), such as http://www.cisco.com, are much easier for people to remember than 198.133.219.25. The DNS protocol defines an automated service that matches resource names with the required numeric network address. It includes the format for queries, responses, and data. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 IP Addressing Services DNS Message Format The DNS server stores different types of resource records that are used to resolve names. These records contain the name, address, and type of record. Some of these record types are as follows: A - An end device IPv4 address NS - An authoritative name server AAAA - An end device IPv6 address (pronounced quad-A) MX - A mail exchange record When a client makes a query, the server DNS process first looks at its own records to resolve the name. If it is unable to resolve the name by using its stored records, it contacts other servers to resolve the name. After a match is found and returned to the original requesting server, the server temporarily stores the numbered address in the event that the same name is requested again. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 IP Addressing Services DNS Message Format (Cont.) DNS uses the same message format between servers, consisting of a question, answer, authority, and additional information for all types of client queries and server responses, error messages, and transfer of resource record information. DNS message section Description Question The question for the name server Answer Resource Records answering the question Authority Resource Records pointing toward an authority Additional Resource Records holding additional information © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 IP Addressing Services DNS Hierarchy DNS uses a hierarchical system to create a database to provide name resolution. Each DNS server maintains a specific database file and is only responsible for managing name- to-IP mappings for that small portion of the entire DNS structure. When a DNS server receives a request for a name translation that is not within its DNS zone, the DNS server forwards the request to another DNS server within the proper zone for translation. Examples of top-level domains:.com - a business or industry.org - a non-profit organization.au - Australia © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 IP Addressing Services The nslookup Command Nslookup is a computer operating system utility that allows a user to manually query the DNS servers configured on the device to resolve a given host name. This utility can also be used to troubleshoot name resolution issues and to verify the current status of the name servers. When the nslookup command is issued, the default DNS server configured for your host is displayed. The name of a host or domain can be entered at the nslookup prompt. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 IP Addressing Services Dynamic Host Configuration Protocol The Dynamic Host Configuration Protocol (DHCP) for IPv4 service automates the assignment of IPv4 addresses, subnet masks, gateways, and other IPv4 networking parameters. DHCP is considered dynamic addressing compared to static addressing. Static addressing is manually entering IP address information. When a host connects to the network, the DHCP server is contacted, and an address is requested. The DHCP server chooses an address from a configured range of addresses called a pool and assigns (leases) it to the host. Many networks use both DHCP and static addressing. DHCP is used for general purpose Note: DHCP for IPv6 (DHCPv6) provides similar hosts, such as end user devices. Static services for IPv6 clients. However, DHCPv6 does addressing is used for network devices, such as not provide a default gateway address. This can gateway routers, switches, servers, and printers. only be obtained dynamically from the Router Advertisement© message of the router. 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 IP Addressing Services DHCP Operation The DHCP Process: When an IPv4, DHCP-configured device boots up or connects to the network, the client broadcasts a DHCP discover (DHCPDISCOVER) message to identify any available DHCP servers on the network. A DHCP server replies with a DHCP offer (DHCPOFFER) message, which offers a lease to the client. (If a client receives more than one offer due to multiple DHCP servers on the network, it must choose one.) The client sends a DHCP request (DHCPREQUEST) message that identifies the explicit server and lease offer that the client is accepting. The server then returns a DHCP acknowledgment (DHCPACK) message that acknowledges to the client that the lease has been finalized. If the offer is no longer valid, then the selected server responds with a DHCP negative acknowledgment Note: DHCPv6 has a set of messages that is similar to those for (DHCPNAK) message and the process must begin DHCPv4. The DHCPv6 messages are SOLICIT, ADVERTISE, with a new DHCPDISCOVER message. INFORMATION REQUEST, and REPLY. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 IP Addressing Services Lab – Observe DNS Resolution In this lab, you complete the following objectives: Observe the DNS Conversion of a URL to an IP Address Observe DNS Lookup Using the nslookup Command on a Web Site Observe DNS Lookup Using the nslookup Command on Mail Servers © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 15.5 File Sharing Services © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 File Sharing Services File Transfer Protocol FTP was developed to allow for data transfers between a client and a server. An FTP client is an application which runs on a computer that is being used to push and pull data from an FTP server. Step 1 - The client establishes the first connection to the server for control traffic using TCP port 21. The traffic consists of client commands and server replies. Step 2 - The client establishes the second connection to the server for the actual data transfer using TCP port 20. This connection is created every time there is data to be transferred. Step 3 - The data transfer can happen in either direction. The client can download (pull) data from the server, or the client can upload (push) data to the server. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 File Sharing Services Server Message Block The Server Message Block (SMB) is a client/server, request-response file sharing protocol. Servers can make their own resources available to clients on the network. Three functions of SMB messages: Start, authenticate, and terminate sessions Control file and printer access Allow an application to send or receive messages to or from another device Unlike the file sharing supported by FTP, clients establish a long-term connection to servers. After the connection is established, the user of the client can access the resources on the server as though the resource is local to the client host. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 15.6 Module Practice and Quiz © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 Module Practice and Quiz What did I learn in this module? Application layer protocols are used to exchange data between programs running on the source and destination hosts. The presentation layer has three primary functions: formatting, or presenting data, compressing data, and encrypting data for transmission and decrypting data upon receipt. The session layer creates and maintains dialogs between source and destination applications. In the client/server model, the device requesting the information is called a client and the device responding to the request is called a server. In a P2P network, two or more computers are connected via a network and can share resources without having a dedicated server. The three common HTTP message types are GET, POST, and PUT. Email supports three separate protocols for operation: SMTP, POP, and IMAP. DNS protocol matches resource names with the required numeric network address. DHCP for IPv4 service automates the assignment of IPv4 addresses, subnet masks, gateways, and other IPv4 networking parameters. The DHCPv6 messages are SOLICIT, ADVERTISE, INFORMATION REQUEST, and REPLY. An FTP client is an application which runs on a computer that is being used to push and pull data from an FTP server. Three functions of SMB messages: start, authenticate, and terminate sessions, control file and printer access, and allow an application to send or receive messages to or from another device. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 Module 15 : Application Layer New Terms and Commands Application Layer IMAP Presentation Layer Domain Name Service (DNS) Session Layer Fully-Qualified Domain Names (FQDNs) Client-server model nslookup Peer-to-peer Dynamic Host Configuration Protocol Uniform Resource Locator (URL) (DHCP) Uniform Resource Identifiers (URI) DHCPDISCOVER HTTP/HTTPS DHCPOFFER GET DHCPREQUEST POST DHCPACK PUT File Transfer Protocol (FTP) SMTP Server Message Block (SMB) POP © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Module 14: Transport Layer Introduction to Networks v7.0 (ITN) Module Objectives Module Title: Transport Layer Module Objective: Compare the operations of transport layer protocols in supporting end-to- end communication. Topic Title Topic Objective Transportation of Data Explain the purpose of the transport layer in managing the transportation of data in end-to-end communication. TCP Overview Explain characteristics of TCP. UDP Overview Explain characteristics of UDP. Port Numbers Explain how TCP and UDP use port numbers. TCP Communication Process Explain how TCP session establishment and termination processes facilitate reliable communication. Reliability and Flow Control Explain how TCP protocol data units are transmitted and acknowledged to guarantee delivery. UDP Communication Compare the operations of transport layer protocols in supporting end-to-end communication. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 14.1 Transportation of Data © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Transportation of Data Role of the Transport Layer The transport layer is: responsible for logical communications between applications running on different hosts. The link between the application layer and the lower layers that are responsible for network transmission. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Transportation of Data Transport Layer Responsibilities The transport layer has the following responsibilities: Tracking individual conversations Segmenting data and reassembling segments Adds header information Identify, separate, and manage multiple conversations Uses segmentation and multiplexing to enable different communication conversations to be interleaved on the same network © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Transportation of Data Transport Layer Protocols IP does not specify how the delivery or transpor