Netplus9e_PPT_Mod 08 (2).pptx

Full Transcript

CompTIA Network+ Guide to Networks, Ninth Edition Module 8: Segmentation Jill West, CompTIA Network+ Guide to Netwo...

CompTIA Network+ Guide to Networks, Ninth Edition Module 8: Segmentation Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Module Objectives By the end of this module, you should be able to: 1. Explain the purposes of network segmentation 2. Describe how subnetting works 3. Calculate subnets 4. Configure VLANs Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Network Segmentation (1 of 2) When a network is segmented into multiple smaller networks, the following occurs: Traffic on one network is separated from another network’s traffic Each network is its own broadcast domain Segmentation accomplishes the following goals: Enhance security Improve performance Simplify troubleshooting Networks are commonly segmented according to one of the following groupings: Geographic locations Departmental boundaries Device types Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Network Segmentation (2 of 2) Figure 8-1 Network segmentation divides a large broadcast domain into smaller broadcast domains Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Subnet Masks (1 of 2) Example: A business has grown from 20-30 computers to having a few hundred computers and devices There is only a single LAN or broadcast domain One router serves as the default gateway for the entire network To better manage network traffic, segment the network so that each floor contains one LAN, or broadcast domain You will need to configure clients on each subnet so they know which devices are on their own subnet Divide the pool of IP addresses into three groups or subnets (a technique called subnetting) Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Subnet Masks (2 of 2) Figure 8-4 A separate subnet for each floor Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. How Subnet Masks Work An IPv4 address is divided into two parts: a network ID and a host ID A subnet mask is used so devices can determine which part of an IP address is the network ID and which part is the host ID The number of 1s in the subnet mask determines the number of bits in the IP address belong to the network ID IP address 192.168.123.132 in binary: 11000000.10101000.01111011.10000100 Subnet mask 255.255.255.0 in binary: 11111111.111111111.111111111.00000000 Network ID: 192.168.123.0 Host portion: 0.0.0.132 Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Calculating Subnets Subnetting alters the rules of classful IPv4 addressing and is called classless addressing To subnet a network, you borrow bits that would represent host information in classful addressing Use those bits instead to represent network information By doing so, you increase the number of bits available for the network ID (increase the number of networks) You also reduce the number of bits available for identifying hosts (decrease number of hosts per network) Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. IPv4 Subnet Calculation in Binary Example: Create two subnet of network ID: 192.168.89.0 with an original subnet mask of 255.255.255.0 Steps to subnet: 1. Borrow from host bits 2. Determine the subnet mask 3. Determine the network IDs 4. Determine the ranges of IP addresses for hosts in the subnet Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. IPv4 Subnet Calculations Using Formulas Steps to subnet a network ID of 192.168.89.0 into six subnets using formulas: 1. Decide how many bits to borrow 2. Determine the subnet mask 3. Calculate the network ID for each subnet 4. Determine the IP address range for hosts in each subnet When calculating subnets, you’ll work with the following information: Number of subnets Number of host addresses per subnet Network ID for each subnet Broadcast address for each subnet Range of possible host addresses within each subnet Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Subnet Mask Tables Class A, class B, and class C networks can all be subnetted Each class has a different number of host information bits that can be used for subnet information The number of hosts and subnets on your network will vary depending on your network class and the way you use subnetting Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Subnetting Questions on Exams You are likely to see two types of subnet calculation problems: Given certain network requirements (such as required number of hosts or subnets), calculate possible subnets and host IP address ranges Given an IP address, determine its subnet’s network ID, broadcast address, and first/last host addresses Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Implementing Subnets on a Network (1 of 3) Figure 8-8 Subnets 1, 2, and 3 and their respective default gateways Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Implementing Subnets on a Network (2 of 3) Figure 8-9 One router connecting several LANs, each assigned a subnet Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Implementing Subnets on a Network (3 of 3) A centrally managed DHCP server can provide DHCP assignments to multiple subnets with the help of DHCP relay agent A DHCP relay agent programmed to support UDP forwarding on port 67 receives the DHCP request from a client in one of its local broadcast domains The relay agent repackages the message with the IP helper information and routes this transmission to its new destination in a different broadcast domain The DHCP server notes the relay agent’s source interface IP address and assigns the DHCP client an IP address on the same subnet Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Variable Length Subnet Mask (VLSM) (1 of 3) VLSM (Variable Length Subnet Mask) allows subnets to be further subdivided into smaller and smaller groupings until each subnet is about the same size as the necessary IP address space This is often referred to as “subnetting a subnet” To create VLSM subnets, you create the largest subnet first Then, you create the next largest subnet, and the next one, and so on Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Variable Length Subnet Mask (VLSM) (2 of 3) Figure 8-12 VLSM creates subnets of various sizes Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Variable Length Subnet Mask (VLSM) (3 of 3) Figure 8-13 Actual subnet allocations Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Subnets in IPv6 (1 of 3) Subnetting in IPv6 is simpler than IPv4 in the following ways: IPv6 addressing uses no classes IPv6 does not use subnet masks A single IPv6 subnet can supply 18,446,744,073,709,551,616 IPv6 addresses Subnetting helps administrators manage the enormous volume of IPv6 addresses An IPv6 address is commonly written as eight blocks of four hexadecimal characters and divided in the following ways: The last four blocks identify the interface The first four blocks identify the network and serve as the network prefix (also called the site prefix or global routing prefix) The fourth hexadecimal block in the site prefix can be altered to create subnets Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Subnets in IPv6 (2 of 3) Figure 8-14 Network prefix and interface ID in an IPv6 address Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Subnets in IPv6 (3 of 3) Figure 8-16 The Subnet ID block can be used to identify subsites within an organization Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Knowledge Check Activity 8-1 If a server has a subnet mask of 255.255.255.224, how many bits in its IP address identify the host? a. 27 bits b. 8 bits c. 30 bits d. 5 bits Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Knowledge Check Activity 8-1: Answer If a server has a subnet mask of 255.255.255.224, how many bits in its IP address identify the host? Answer: d. 5 The interesting octet, 224, converts to 11100000. This shows that three bits were borrowed for the network ID, leaving five bits for the host ID. Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Virtual LANs (VLANS) (1 of 2) A VLAN (virtual local area network) groups ports on a switch so that some of the local traffic on the switch is forced to go through a router Doing this limits traffic to a smaller broadcast domain Reasons for using VLANs include the following: Identify groups of devices whose data should be given priority handling Isolate connections with heavy or unpredictable traffic patterns Isolate groups of devices that rely on legacy protocols incompatible with the majority of the network’s traffic Separate groups of users who need special security or network functions Configure temporary networks Reduce the cost of networking equipment Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Virtual LANs (VLANS) (2 of 2) Figure 8-17 A simple VLAN design Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Switch Port Configuration (1 of 5) A managed switch can be configured via a CLI (command-line interface) or a web-based management GUI VLANS can only be implemented through managed switches whose ports can be partitioned into groups By sorting traffic based on layer 2 information, VLANs create two or more broadcast domains from a single broadcast domain Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Switch Port Configuration (2 of 5) Figure 8-19 Each port on a managed switch might be configured for a different VLAN Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Switch Port Configuration (3 of 5) Figure 8-21 A managed switch with its ports partitioned into two groups, each belonging to a different VLAN Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Switch Port Configuration (4 of 5) To identify the transmissions that belong to each VLAN, the switch adds a tag to Ethernet header that identifies the port through which messages arrive at the switch The tag travels with the transmission until it reaches one of the following: The switch port connected to the destination device, if the destination device is connected to the same switch as the sending device A router for routing to the correct VLAN, if the destination device is connected to a different switch If the frame is being routed to a new VLAN, the router adds a new tag The tag is removed once the frame reaches its final switch port Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Switch Port Configuration (5 of 5) Figure 8-24 Three switches on a LAN with multiple VLANs Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. VLAN Trunks (1 of 2) Each port on a switch that supports VLANs is configured as one of two types of VLAN ports: Access port – connects the switch to a host Trunk port – connects the switch to a networking device such as a router or another switch and manages traffic from multiple VLANs A trunk is a single physical connection between switches through which many logical VLANs can transmit and receive data Trunking protocols assign and interpret VLAN tags in Ethernet frames Cisco’s VTP (VLAN trunking protocol) is the most popular protocol for exchanging VLAN information over trunks VTP allows changes to a VLAN database on one switch, called the stack master, to be communicated to all other switches in the network Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. VLAN Trunks (2 of 2) Figure 8-26 Each trunk line carries traffic for multiple LANs Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. VLANs and Subnets (1 of 3) In most situations, each VLAN is assigned its own subnet of IP addresses The sample network in Figure 8-27, on the following slide, is divided into subnets The router sees three logical LANs connected to a single router port Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. VLANs and Subnets (2 of 3) Figure 8-27 Three subnets are connected to a single router interface Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. VLANs and Subnets (3 of 3) Figure 8-28 One router interface is configured to support three different subnets Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Types of VLAN (1 of 2) Common VLAN types include the following: Default VLAN – typically preconfigured on a switch and initially includes all switch ports Native VLAN – receives all untagged frames from untagged ports Data VLAN – carries user-generated traffic, such as email, web browsing, or database updates Management VLAN – can be used to provide administrative access to a switch Voice VLAN – supports VoIP traffic Private VLAN – partitions a VLAN broadcast domain into subdomains Two types of secondary VLANs are: ▶ Isolated VLAN ▶ Community VLAN Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Types of VLAN (2 of 2) Figure 8-29 A private VLAN restricts communication between members of the VLAN Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. View Configured VLANs (1 of 2) Once you create a VLAN, you maintain it via switch software Figure 8-30 illustrates the output of a show vlan command on a Cisco switch This command is used to list the current VLAN recognized by a switch Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. View Configured VLANs (2 of 2) Figure 8-30 Output of the show vlan command on a Cisco switch Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Dynamic VLAN Assignment A device might receive a dynamic VLAN assignment according to the following: Client device information, such as MAC address or location Authentication processes in cooperation with a RADIUS server can be used to distinguish which traffic should be assigned to which VLANs Devices that have not yet authenticated to the network or who authentication failed can be placed in a quarantine VLAN All WLAN traffic might be grouped within the same VLAN Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Troubleshoot and Secure VLANs (1 of 2) Common configuration errors include the following: Incorrect VLAN assignment – can happen due to a variety of situations Incorrect port mode – switch ports connected to endpoints should nearly always use access mode VLAN isolation – you can potentially cut off an entire group from the rest of the network VLAN hopping occurs when an attacker generates transmissions that appear to belong to a protected VLAN The attacker then crosses VLANs to access sensitive data or inject harmful software There are two approaches to VLAN hopping: Double tagging Switch spoofing Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Troubleshoot and Secure VLANs (2 of 2) Mitigation efforts to reduce the risk of VLAN hopping include the following: Don’t use the default VLAN Change the native VLAN to an unused VLAN ID Disable auto-trunking on switches that don’t need to support traffic from multiple VLANs On switches that carry traffic from multiple VLANs, configure all ports as access ports unless they are used as trunk ports Specify which VLANs are supported on each trunk instead of accepting a range of all VLANs Use physical security methods such as door locks to restrict access to network equipment Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Knowledge Check Activity 8-2 At what OSI layer do VLANs function? a. Network layer b. Transport layer c. Physical layer d. Data link layer Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Knowledge Check Activity 8-2: Answer At what OSI layer do VLANs function? Answer: d. Data link layer By sorting traffic based on data link layer information, VLANs create two or more broadcast domains from a single broadcast domain, which is also a layer 2 construct. Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Summary Now that the lesson has ended, you should be able to: Explain the purposes of network segmentation Describe how subnetting works Calculate subnets Configure VLANs Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Use Quizgecko on...
Browser
Browser