OSI Model – Open Systems Interconnection Modelnetwork – a group or system of

1. OSI Model – Open Systems Interconnection Model
2.  
3. network – a group or system of interconnected people or things.
4.  
5. computer network – two or more connected computers that can share resources such as data and applications, office machines, an Internet connection, or some combination of these.
6.  
7. A router can be used to connect two or more separate LANs together so resources can be shared between the separate LANs (such as printers, servers, etc…).
8.  
9. Keeping smaller workgroups (LANs divided by department: sales, marketing, etc…) with a router to connect them is a better solution than a single large LAN because each host experiences faster response times when working within a smaller workgroup. It also makes administration easier with the ability to apply security protocols to each group rather than specify for every individual computer.
10.  
11. A LAN is used to connect a group of hosts together. It is a logical grouping of network users and resources. A WAN is used to connect various LANs together. WANs require a router, while LANs do not.
12.  
13. Common Network Components:
14. • Workstation – powerful computers that run more than one CPU whose resources are available on the network for other users to access and use and are often employed as systems that end users use on a daily basis.
15. • Server – powerful computers that are “at the service” of the network and run specialized software known as the network operating system to maintain and control the network.
16. • Host – used to describe pretty much anything that takes an IP address.
17. • Client – a device on the network that can ask for access to resources like a printer or other hosts from a server or powerful workstation.
18.  
19. These days, the terms: workstation, host, and client are used almost interchangeably because computers have become so powerful that they can fill just about any/all of these roles.
20.  
21. For optimal server performance, it’s recommended to have a dedicated role for each server. Some common roles:
22.  
23. • File Server
24. • Mail Server
25. • Web Server
26. • Print Server
27. • Fax Server
28. • Application Server
29. • Telephony Server
30. • Proxy Server
31.  
32. Internetwork – a type of LAN and/or WAN that connects a bunch of networks, or intranet. In an internetwork, hosts still use hardware addresses to communicate with other hosts on the LAN. However, they use logical addresses (IP addresses) to communicate with hosts on a different LAN (other side of the router).
33.  
34.  
35. MPLS (Multiprotocol Label Switching) – a switching mechanism that imposes labels (numbers) to data and then uses those labels to forward data when it arrives at the MPLS network.
36.  
37. Network Architecture
38. • Peer-to-Peer – computers connected together without any central authority, they’re all equal. The authority lies with the computer that has the desired resource being requested from it to perform a security check for proper access rights. Because security is not centrally governed, each and every user has to remember and maintain a list of users and passwords on each and every machine. Backups and data integrity must be maintained on each and every machine individually. This architecture poses a huge security concern.
39. • Client-Server – a single server uses a network operating system for managing the whole network. The single server handles security and directs clients to their desired resources. All users and password are stored in one place: the server itself.
40.  
41. Physical Network Topologies
42. • Bus – two distinct and terminated ends with each of its computers connecting to one unbroken cable running its entire length. Any fault in the cable brings the entire network down, can be difficult to troubleshoot, but less pricey than a multi-cable setup.
43. • Star – several computers connected to a single communication point such as a hub or switch individually with their own cable/physical hardware. New machines can be added easily and any cables that fail only bring a single computer down rather than the entire network. It’s a bit more pricey because there is more hardware involved and there’s still a weak point: there is a single point of failure in the hub or switch that acts as the central communication point.
44. • Ring – each computer is directly connected to other computers in the network, forming a ring of communication. Adding more computers forces you to break the ring, bringing the entire network down. It’s difficult to reconfigure and not fault-tolerant
45. • Mesh – there is a path from every machine to every other machine in the network. This is the most expensive option because it requires the most hardware. It’s overly complicated due to the sheer number of connections that are made, but you get a nice level of fault-tolerance.
46. • Point-to-point – interlinked computers or hubs/switches/routers. This can also be represented by having two wireless bridges connected to one another that each server computers in their local areas.
47. • Point-to-multipoint – a connection between an interface on one router and multiple destination routers. A classic example is the connection between a corporate office and multiple branch offices. Or you may have multiple hotel buildings all sharing a connection with each other using wireless bridges.
48. • Hybrid – a combination of two or more types of physical or logical network topologies working together within the same network.
49.  
50.  
51.  
52.  
53. The OSI Model’s 7 Layers
54.  
55. • Application - (Layer 7) - Upper layer group
56. • Presentation - (Layer 6) - Upper layer group
57. • Session - (Layer 5) - Upper layer group
58. • Transport - (Layer 4) - Lower layer group
59. • Network - (Layer 3) - Lower layer group
60. • Data Link - (Layer 2) - Lower layer group
61. • Physical - (Layer 1) - Lower layer group
62.  
63. TIP: Please Do Not Throw Sausage Pizza Away (Easy mnemonic to remember the 7 layers)
64.  
65. The upper layers are responsible for applications communicating with hosts. It’s also where end-users typically interface with the application or computer. None of the upper layers “know” anything about the lower layers or how the networking will be handled – that’s not their job.
66.  
67. The lower layers determine how to rebuild a data stream over a network from a transmitting host to a destination host’s application.
68.  
69. 7) The Application Layer
70.  
71. Where users interface (or communicate) with a computer. The application layer itself is not the application, but the next level: it comes into play the moment an application attempts to access a network to send or receive data. The application layer is also responsible for identifying and establishing the availability of the intended communication partner and determining whether sufficient resources for the requested communication exist.
72.  
73. 6) The Presentation Layer
74.  
75. Once the application layer has chosen an available requested communication method, the presentation layer takes that data and translates it to a format that is sure to be legible by the receiving application. For example, translating EBCDIC to ASCII so that an application can receive this information and translate it back to something it can read.
76.  
77. 5) The Session Layer
78.  
79. The session layer is responsible for setting up, managing, and then tearing down networking sessions between presentation layer entities. It coordinates communication between systems. It also provides dialogue control between devices, or nodes. The session layer basically keeps applications’ data separate from other applications’ data.
80.  
81. 4) The Transport Layer
82.  
83. The transport layer segments and reassembles data into a data stream. It’s at this layer that the upper layer group can hand off prepared data and the transport layer can unite it into the same stream to be sent to the lower layer group. The transport layer uses two distinct communication types known as: connection-oriented communication (TCP) and connectionless communication (UDP).
84. • Connection-oriented communication: The sender’s TCP process sends a connection request to the destination’s TCP process, they create a virtual circuit, they notify each other that a transfer is approved and both sides are prepared for it, after which a connection is fully established and the transfer begins. The virtual circuit setup is called overhead. The two sides periodically check in with each other during the transfer to make sure everything is going well and the data is being received properly.
85. Data integrity is ensured at the transport layer by maintaining flow control.
86. • Flow control: Segments that are delivered are acknowledged back to the sender upon arrival. Segments that are not acknowledged are retransmitted. Segments are sequenced back into their proper order upon arrival at their destination. A manageable data flow is maintained to avoid congestion, overloading, and data loss.
87. When a machine receives a flow of datagrams too quickly for it to process, it stores them in a memory section called a buffer. The buffer will eventually flood memory, so to avoid this the transport layer’s flood-control systems can issue a “not ready” indicator to the sender to pause sending data and then issue a “ready” indicator when the buffer has freed and the receiving machine is ready to process more datagrams.
88. To summarize, a service is considered connection-oriented if it has the following characteristics:
89. • A virtual circuit is set up (such as a three-way handshake).
90. • It uses sequencing.
91. • It uses acknowledgments.
92. • It uses flow control.
93.  
94. 3 ) The Network Layer
95.  
96. The network layer manages logical device addressing, tracks the location of devices on the network, and determines the best way to move the data. The network layer is also responsible for transmitting data to devices that aren’t locally attached. Routers are layer 3 devices that are specified at the network layer and provide the routing services within an internetwork. Routers send two types of packets. Data Packets are used to transport user data through the internetwork. Route-Update Packets are used to update neighboring routers about the networks connected to all routers within the internetwork.
97.  
98. !!! IMPORTANT: Study pg 42 on routers
99.  
100. 2) The Data Link Layer
101.  
102. The data link layer provides the physical transmission of the data and handles error notification, network topology, and flow control. It utilizes MAC addresses to ensure that messages are delivered to the proper devices. While a router only cares about sending messages to a designated network, the data link layer ensures the designated device is reached. It does so by encapsulating packets with a customized header containing the destination and source hardware address – we call this a “data frame”.
103.  
104.  
105. 1) The Physical Layer
106.  
107. The physical layer sends and receives bits in values of 0 or 1. It communicates directly with various types of actual communication media. Different types of media communicate in different ways. Some use audio tones, some use state transitions (changes in voltage from high to low). The physical layer specifies the electrical, mechanical, procedural, and functional requirements for activating, maintaining, and deactivating a physical link between end systems. The physical layer is the connections to media. It specifies the layout of the transmission media, otherwise known as its topology.
108.  
109. Modulation Techniques
110.  
111. A modulator is a device that performs modulation of a signal and a demodulator is a device that performs demodulation – the inverse of modulation. We typically just call these modems (from modulator – demodulator) which can perform both operations. The purpose of digital modulation is to transfer a digital bit stream over an analog bandpass channel.
112.  
113. Exam Essentials
114.  
115. Remember the OSI layers. You absolutely must remember and understand the seven
116. layers of the OSI model as well as what function each layer provides. The Application,
117. Presentation, and Session layers are upper layers and are responsible for communicating
118. from a user interface to an application. The Transport layer provides segmentation, sequencing,
119. and virtual circuits. The Network layer provides logical network addressing and routing
120. through an internetwork. The Data Link layer provides framing and placing of data on the
121. network medium. The Physical layer is responsible for taking 1s and 0s and encoding them
122. into a digital signal for transmission on the network segment.
123. Know the sublayers of the Data Link layer. In addition to the OSI layers, knowing the
124. only layer that has sublayers and the functions of those sublayers is extremely important.
125. The Data Link layer has two sublayers: LLC and MAC. The LLC sublayer is responsible
126. primarily for the multiplexing of Network layer protocols. The MAC sublayer is
127. responsible for physical addressing and determining the appropriate time to place data on
128. the network.
129. Know the devices that operate at each layer of the OSI model. Hubs and repeaters see
130. only bits, making them Layer 1 devices. Because all networking devices have physical
131. connectivity to the network, they all operate at Layer 1, but hubs and repeaters operate
132. only at this layer, whereas other devices work in higher layers. Nevertheless, we generally
133. consider that a device operates at the highest layer it supports; that layer’s functionality
134. is the main reason we implement the device on the network. For example, switches and
135. bridges are considered Layer 2 devices because they understand and make decisions based
136. on Layer 2 addresses. Routers are Layer 3 devices for a similar reason; they deal with
137. Layer 3 addresses. Networking devices, such as workstations that run applications, are
138. said to operate at the Application layer (or you may hear that they operate at all layers)
139. because they must include Application layer protocols that offer services to networked applications.
140.  
141. - Bridges and switches break up collision domains which allows for more bandwidth for users.
142.  
143. - The 802.3 standard, commonly associated with Ethernet, specifies the media-access method used by Ethernet, which is known as Carrier Sense Multiple Access with Collision Detection (CSMA/CD).
144.  
145. Coaxial Cable
146.  
147. • Plenum rated copper cable coated by teflon (plenum-rated coating)
148. • Also comes as “thin ethernet/thinnet” which is also coaxial, but smaller (5mm diameter: RG-58)
149. • Cable TV coaxial cable is called an F-connector
150. • Uses BNC connector (screw-on tip)
151.  
152. Twisted-Pair Cable
153.  
154. • Ethernet
155. ◦ Category 1: Two twisted pairs (four wires), only voice grade no data, POTS – plain old telephone system, hardly ever used now except Public Switched Telephone Network (PSTN)
156. ◦ Category 2: Four twisted pairs (eight wires), up to 4Mbps, frequency limitation of 10MHz, obsolete
157. ◦ Category 3: Four twisted pairs (eight wires), three twists per foot, up to 16MHz, obsolete
158. ◦ Category 4: Four twisted pairs (eight wires), up to 20MHz, obsolete
159. ◦ Category 5: Four twisted pairs (eight wires), up to 100MHz, Cat5e is better
160. ◦ Category 5e (enhanced): Four twisted pairs (eight wires), up to 100MHz but capable of handling disturbance on each pair that’s caused by transmitting on all four pairs at the same time, should be minimum cable used today
161. ◦ Category 6: Four twisted pairs (eight wires), up to 250MHz, standard as ff June 2002, should be used for all new network installs
162. ◦ Category 6a (augmented): Four twisted pairs (eight wires), up to 500MHz, can allow 10GBaseT to run further up to 100 meters
163.  
164. Registered jack connectors are used with ethernet cable, RJ-11 (four wires) = phones, RJ-45 (eight wires) = data
165.  
166. • Fiber Optic
167. ◦ Transmits digital signals using light rather than electricity along a glass or plastic core
168. ◦ Immune to EMI and RFI
169. ◦ Can transmit up to 40km (25 miles)
170. ◦ Difficult to install
171. ◦ More expensive than twisted-pair
172. ◦ Troubleshooting equipment is more expensive
173. ◦ Harder to troubleshoot
174.  
175. ▪ Single-mode fiber: high speed, low distance media consisting of a single strand or sometimes two strands of glass fiber that carry signals from light-emitting diodes (LEDs) or laser
176. ▪ Multimode fiber: lined with “cladding”to focus light back onto core when it travels through numerous paths, provides high bandwidth at high speeds over medium distances
177.  
178. APC fiber connector (angled) > UPC fiber connector (straight)
179.  
180. Fiber-Optic Connectors
181.  
182. • ST (straight tip): one of the world’s most widely used fiber-optic connectors, uses a BNC (screw-on tip) attachment mechanism similar to thinnet’s that makes connections and disconnections fairly frustration free. Uses a latch to hold cable securely and prevent cable from falling out.
183. • SC (subscriber square): Lasts around 1000 matings, not quite as popular.
184. • FC (field assembly): looks identical to ST, isn’t very popular, still used in telecommunications and measurement equipment with single-mode lasers.
185. • SFF (small form factor): allows more fiber-optic terminations in the same amount of space than its standard-sized counterparts. Two most popular versions are “mechanical transfer registered jack” (MT-RJ or MTR) designed by AMP and the “Local Connector” (LC) designed by Lucent.
186.  
187. Copper is used for short runs where standards limit UTP to 328 feet
188. Fiber is used for runs measured in miles.
189.  
190. Media Converters
191.  
192. Used when going from single-mode fiber to multimode or when going from fiber-optic to ethernet.
193.  
194. • Single-mode fiber to ethernet: devices accept a fiber connector and an ethernet connector and convert the signal from ethernet and single-mode fiber.
195. • Multimode fiber to ethernet: devices accept a fiber connector and an ethernet connector and convert the signal form ethernet and multi-mode fiber.
196. • Fiber to coaxial: devices accept a fiber connector and a coaxial connector and convert digital signals from optical to coax.
197. • Single-mode to multimode fiber: devices accept a single-mode fiber connector and a multimode fiber connector and convert the signals between the two.
198.  
199. Except for multimode fiber, all these cables are considered serial cable types.
200.  
201. Duplex
202.  
203. All communications are either half duplex or full duplex ,the difference is whether the communicating devices can “talk” and “listen” at the same time. Full duplex is typical in most of today’s switched networks.
204.  
205. Any time electrons are pushed through two copper wires next to each other a magnetic current is created. This current is used to create power that surges through computers. It also creates communication issues. Wires can be tapped to read a message without cutting the wire or removing the insulation. The best way to prevent this is to use fiber-optic cabling so you avoid magnetic-flux and instead communicate with light, which would require cutting a cable to read the message, then repairing the cable. With copper, you also have to be careful where you run the wires: avoid electric motors, speakers, amplifiers, fluorescent light ballasts, etc…
206.  
207. Ethernet Wiring Standards
208.  
209. • Straight-through cable: 568A: green-white, green, orange-white, blue, blue-white, orange, brown-white, brown-white: used to connect a host to a switch or hub or a router to a switch or hub.
210. • Crossover cable: 568B: orange-white, orange, green-white, blue, blue-white, green, brown-white, brown: used to connect a switch to a switch, hub to a hub, host to a host, hub to a switch, router directly to a host.
211. ◦ 568A + 568A = straight-through
212. ◦ 568B + 568B = straight-through
213. ◦ 568A + 568B = crossover
214.  
215. Rolled/Rollover Cable
216. Not used for ethernet connections, used to connect a host EIA-TIA 232 interface to a router console serial communication (COM) port. Example: Cisco router or switch connection to PC, Mac or iPad.
217.  
218. T1 Crossover Cable
219. In rare instances, you may need to run a cable between two CSU/DSUs, in which case you’d use a T1 crossover cable.
220.  
221. MDF/IDF
222. Main distribution frame is a wiring point that’s generally used as a reference point for telephone lines. It’s also considered the WAN termination point. It’s installed in the building as part of the prewiring. Telephone company lines just need to be connected to complete the circuit. Often, another wire frame called the intermediate distribution frame is located in an equipment or telecommunications rooms. It’s connected to the MDF and is used to provide greater flexibility for the distribution of all the communications lines to the building. It’s typically a sturdy metal rack designed to hold the bulk of cables coming from all over the building.
223.  
224. 25 Pair
225. Consists of 25 individual pairs of wires all inside on common insulating jacket. Not generally used for data cabling, just for telephone cabling and especially for backbone and cross-connect cables because it reduces the cable clutter significantly. This type of cable is referred to as a “feeder cable” because it supplies signal to many connected pairs.
226.  
227. 66 Block
228. Really old, came out in 1962. Only used in old buildings for analog telephones connections. Used a 25-pair cable and is a standard termination block containing 50 rows.
229.  
230. 110 Block
231. A newer type of wiring distribution point, replaced most telephone wire installations and is also used for computer networking. Wires are punched down on one side, the other side has RJ-11 (phone) or RJ-45 (network) connections. 110 blocks come in sizes from 25 to more than 500 wire pairs and some are capable of carrying 1Gbps connections when used with Cat6 cables. Only problem with Cat6 cable is that it’s difficult due to the size of the Cat6 wiring.
232.  
233. Demarc/Demarc Extension
234. The demarcation is the last point of responsibility fot the service provider. It’s often at the MDF in your building connection, especially if your building is large, but it’s usually just an RJ-45 jack that your channel service unit/data service unit (CSU/DSU) connects from your router to wide area network (WAN) connections. Network admins often test both sides of a demarc to determine if the problem is internal or external.
235.  
236. Smart Jack
237. Also referred to as a network interface device (NID) or network interface unit (NIU) is owned by the PTSN and is a special network interface that’s often used between the service provider’s network and the internal network. You can’t physically test to an actual demarc because it’s just an RJ-45 jack, but the service provider may install an NID that has power and can be looped for testing purposes.
238.  
239. Windows can broadcast hostname to IP address resolution without a DNS as long as it’s on the same local LAN from machine to machine.
240.  
241. A nibble is 4 bits of binary data.
242.  
243. Collision Domain – an ethernet term that refers to a particular network scenario wherein one device sends a packet out on a network segment and thereby forces every other device on that same physical network segment to pay attention to it. If two devices on one physical segment transmit at the same time, a collision event – a situation where each device’s digital signals interfere with another on the wire – occurs and forces the devices to retransmit later. We want to avoid this, they cause a dramatically negative effect on network performance.
244.  
245. Broadcast Domain – the set of all devices on a network segment that hear all the broadcasts sent on that segment. It may be a boundary delimited by physical media like switches or repeaters or it may be a logical division of a network segment where all hosts can reach each other via a Data Link layer (hardware address) broadcast.
246.  
247. CSMA/CD – Carrier Sense Multiple Access with Collision Detection – a media access control method that helps devices share the bandwidth evenly without having two devices transmit at the same time on the network medium, created to overcome the problem of those collisions that occur when packets are transmitted simultaneously from different hosts. Only bridges, switches, and routers, but not hubs, can effectively prevent a transmission from propagating throughout the entire network.
248.  
249. Broadband/Baseband – there are two ways to send analog and digital signals down a wire: broadband and baseband. Broadband is commonly used at home, it allows us to have both our analog voice and digital data carried on the same network cable or physical medium. Baseband is what all LANs use. This is where all the bandwidth of the physical media is used by only one signal. For example, ethernet uses only one digital signal at a time, and requires all the available bandwidth.
250.  
251. Bit Rates vs Baud Rate – Bit rate is a measure of the number of data bits (0s and 1s) transmitted in one second in either a digital or analog signal. Baud rate is the measure of one electronic state change per second – for example, from 0.2 volts to 3 volts or from binary 0 to 1. However, since a single state change can involve more than a single bit of data, the bps unit of measurement has replaced it as a more accurate definition of how much data you’re transmitting or receiving.
252.  
253. !!! Half-duplex mode uses one two wires of an ethernet cable and can have collisions with data. Full-deplex utilizes four wires and is collision-free. A dedicated switch port is required for each full-duplex host. The host network card and the switch port must be capable of operating in full-duplex mode.
254.  
255. Ethernet at the Data Link Layer
256. Ethernet is responsible for ethernet addressing, commonly referred to as hardware addressing or MAC addressing. Ethernet is also responsible for framing packets received by the network layer and preparing them from transmission on the local network through the ethernet contention media-access method knows as CSMA/CD.
257.  
258. IEEE 802.3 Standards for Ethernet Cables
259.  
260. • 10Base2 – also known as thinnet, can support up to 30 workstations on a single segment, uses 10Mbps of baseband technology, coax up to 185 meters in length, physical and logical bus with Attachment Unit Interface (AUI) connectors. The 10 means 10Mbpsa, Base means baseband technology, and 2 means almost 200 meters. They use BNC (British Naval Connector, Bayonet Neill-Concelman, or Bayonet Nut Connector) and T-connectors to connect to a network.
261. • 10Base5 – also known as thicknet, can support up to 1,024 users for all segments, uses 10Mbps of baseband technology, coax up to 500 meters in length or up to 2,500 meters with repeaters.
262. • 10BaseT – can support only 1 host per segment and each device must connect into a hub or switch, uses Category 3 UTP wiring, uses RJ-45 connector with a physical star topology and logical bus.
263. • 100BaseTX – also known as fast ethernet, allows for one user per segment up to 100 meters in length, uses Category 5, 5e, or 6 UTP two-pair wiring, supports up to 100Mbps of baseband technology, uses an RJ-45 connector with a physical star topology and a logical bus.
264. • 1000BaseFX (IEEE 802.3u) – runs up to 412 meters in length, uses ST and SC connectors (media-interface connectors), uses point-to-point topology, uses 62.5/125-micron multimode fiber cabling.
265. • 1000BaseCX (IEEE 802.3z) – runs up to 25 meters in length, uses a special 9-pin connector known as the high-speed serial data connector (HSSDC), copper twisted-pair called twinax.
266. • 1000BaseT (IEEE 802.3ab) – runs up to 100 meters in length (328 feet), Cat5 two-pair UTP cabling, not used – been replaced by Cat6 cabling.
267. • 1000BaseTX – runs up to 100 meters in length (328 feet), Cat5 two-pair UTP cabling, not used – been replaced by Cat6 cabling.
268. • 1000BaseSX (IEEE 802.3z) – runs up to 220 meters, considered gigabit ethernet, multimode fiber-optic cable, short wavelength laser, uses 62.5- and 50-micron core, 850 nm laser.
269. • 1000BaseLX (IEEE 802.3z) – runs up to 3km up to 10km, uses single-mode fiber cable with 9-micron core, 1,300 nm laser.
270. • 10GBaseT – runs up to 100 meters in length, uses UTP cabling and RJ-45 connectors, considered most economical for a 10Gbps link.
271. • 10GBaseSR – runs between 2 meters and 300 meters in length depending on size and quality of fiber, uses short-wavelength lasers at 850 nm over multimode fiber.
272. • 10GBaseLR – runs between 2 meters and 10 km depending on size and quality of fiber, uses long-wavelength lasers at 1,310 nm over single-mode fiber.
273. • 10GBaseER – runs anywhere from 2 meters up to 40 km depending on size and quality of fiber, has longest transmission distances of all 10 Gigabit technologies, uses extra-long-wavelength lasers at 1,550 nm.
274. • 10GBaseSW – runs up to 300 meters in length, uses multi-mode fiber with an 850 nm laser and bandwidth of 10Gbps, designed to connect to SONET equipment.
275. • 10GBase-LW – runs up to 10 km on standard single-mode fiber, also connects to SONET equipment.
276. • 10GBaseEW – runs up to 40 km on single mode fiber using 1,550 nm laser.
277.  
278. !!! Study and know all types of various Ethernet and fiber types used in today’s networks.
279.  
280. Ethernet over other Standards
281.  
282. • Ethernet over Power Line (IEEE 1901) – also referred to as “broadband over power line” (BPL), or “power line communication” (PLC), has been available for decades but only recently adopted by IEEE as a standard, becoming more popular with power companies heavily supporting it, requires a BPL gateway to be connected to a coupler that is connected to a meter bank for the building and will then allow any electrical outlet to be used with a BPL modem to receive ISP connection to the internet. Cons:
283. ◦ Power lines are typically noise
284. ◦ The frequency at which information is transmitted is used by shortwave and the unshielded power lines can act as antennas, interfering with shortwave communications
285. • Ethernet over HDMI – consolidates audio, video and data streams into a single HDMI cable, enables high-speed bi-directional networking at up to 100Mbps.
286.  
287. IDS/IPS (Intrusion detection systems/Intrusion prevention systems) - used by firewalls to monitor networks and packets for malicious activity. And IDS simply monitors, whereas an IPS can work in real time to stop threats as they occur.
288.  
289. HIDS (Host-based IDS) – software that runs on one computer to detect abnormalities on that system alone by monitoring applications, system logs, and event logs – not by directly monitoring network traffic.
290.  
291.  
292.  
293.  
294.  
295.  
296.  
297. Other Specialized Devices
298.  
299. Load Balancer – follows various rules to determine specifically how they will route network traffic, can set rules based on the least load, fault tolerance, the fastest response times, or just dividing up (balancing) outbound requests for smooth network operations.
300.  
301. Domain Name Service Server
302. • A Record – gives the IP address of a domain or host
303. • AAAA (Quad) A Record – gives the IPv6 address of a domain or host
304. • PTR (Pointer) Record – gives the hostname of an IP address
305. • MX (Mail Exchanger) Record – used to translate mail records, points to the mail exchanger for a particular host, can specify several mail exchangers for a single host
306. • CNAME (Canonical Name) Record – also known as the alias record and allows hosts to have more than one name.
307.  
308. Proxy Servers
309. • Caching Proxy Server – speeds up the network’s service requests by recovering information from a client’s or clients’ earlier request, keeps local copies of the resources requested often, minimizing upstream use of bandwidth
310. • Web Proxy Server – usually used to create a web cache, can remember machines that have used it before and sites that have been visited before, can recall personal information by automatically filling in username, etc…
311.  
312. Common causes of LAN congestion:
313. • Too many hosts in a broadcast domain
314. • Broadcast storms
315. • Multicasting
316. • Low bandwidth
317. • Adding hubs for connectivity to the network
318.  
319. Functions a router can serve in a network:
320. • Packet switching
321. • Packet filtering
322. • Internetwork communication
323. • Path selection
324.  
325. More points about routers:
326. • Routers, by default, will not forward any broadcast or multicast packets
327. • Routers use the logical address in a Network layer header to determine the next hop router to forward the packet to
328. • Routers can use access lists, created by an administrator, to control security on the types of packets that are allowed to enter or exit an interface
329. • Routers can provide Layer 2 bridging functions (if needed and can simultaneously route through the same device)
330. • Layer 3 devices (routers, in this case) provide connections between virtual LANs (VLANs)
331. • Routers can provide quality of service (QoS) for specific types of network traffic
332.  
333. Application-Specific Integrated Circuit (ASIC) – special hardware found in Layer 2 switching (switches/bridges), can run up to gigabit speeds with very low latency rates.
334.  
335. Transparent Bridging – Process utilized by a switch where a packet can be sent to another segment if the destination device is on another segment or can be confined to the same segment the packet was sent from if the destination device is on the same segment.
336.  
337. !!! Understand how DHCP client requests information from a server, how a server receives this information, and also how the server responds to the client and with what type of information. Understand how DNS resolves human names to IP addresses, how a DNS query is sent, and how a DNS server responds. Understand the difference between a hub, a switch (bridge), and a router (hub connects network segments together, a switch/bridge segments the network using MAX addresses, and a router segments the network using logical addressing – IP and IPv6). Switches break up collision domains and router break up broadcast domains by default. Remember the different names for a router: layer 3 hardware device, layer 3 switch, multilayer switch. Know the differences between and when to use routers, switches, hubs, DNS servers, and DHCP servers. Identify the purpose, benefits, and characteristics of using a proxy service: keeps a LAN somewhat separated from the internet, increases security and filtering control, has a tendency to speed up internet access through caching of recently used webpages. Know how to plan and implement basic SOHO network using network segmentation. Be able to describe the benefits of using dedicated appliances for certain services: encryption, content filtering, and VPN concentration (to decrease workload of other systems and add functionality that may be present in these dedicated devices). Identify the environmental requirements of infrastructure devices: a cool temperature, ample ventilation, and proper humidity level are all key.
338.  
339. Telnet (23) – terminal emulation, allows a Telnet client to access the resources of another machine (the Telnet server) by making the client machine appear as though it were a terminal directly attached to the local network, offers no security or encryption, replaced by Secure Shell (SSH) when security across the remote-configuration session is necessary.
340.  
341. File Transfer Protocol (20, 21) – allows the transfer of files across an IP network, is a protocol and a program both, as a protocol it is used by applications, as a program it is used by users to performs file tasks by hand, is limited to listing and manipulating directories, typing file contents, and copying files between hosts. All data sent through FTP is clear text like Telnet. To make secure FTP transfers, you’ll use SFTP.
342.  
343. Secure File Transfer Protocol (22) – uses FTP over an encrypted connection employing an SSH session.
344.  
345. Trivial File Transfer Protocol (69) – a stripped-down, stock version of FTP that’s easy to use and fast but gives no option to browse directories and can only send and receive files. Works well when you know exactly what you need to access without having to search for it. Sends less blocks of data than FTP, is not secure, is not supported by many sites because of the inherent security risks.
346.  
347. Simple Mail Transfer Protocol (25) – uses a spooled (queued) method of mail delivery, detects messages spooled to a device and then delivers them to their destination. SMTP is used for sending mail while POP3 is used to receive mail.
348.  
349. Post Office Protocol (110) – a storage facility for incoming mail, allows a client to connect to a POP3 server and retrieve all messages (not selectively) addressed to that client. Once downloaded, the client-server interaction ends and the messages can be deleted/tweaked at-will completely locally.
350.  
351. Internet Message Access Protocol (143) – offers more security than POP3 because you have control over how you download your mail, allows you to peek at a message header or only download a part of a message selectively. You can choose to store messages on the email server hierarchically and link to documents and user groups. Allows search commands to look up message subjects, headers, or content. Supports Kerberos authentication developed by MIT team. IMAP4 is the current version.
352.  
353. Remote Desktop Protocol (3389) – proprietary protocol developed by Microsoft to allow the connection from one computer to another and to run programs. Similar to Telnet, but with a full GUI rather than simple command-line. Used to be called Terminal Services, is now called Remote Desktop Services.
354.  
355. Transport Layer Security/Secure Sockets Layer (995/465) – TLS/SSL, cryptographic protocols that enable secure online data-transfer activities like browsing the web, instant messaging, internet faxing, etc. Both are extremely similar and use X.509 certificates and asymmetric cryptography to authenticate the host they are communicating with and to exchange a key. The key is then used to encrypt data flowing between the hosts. TLS/SSL has default ports, but isn’t tied down to them and can use various different ones.
356.  
357. SIP (VoIP) (5060/5061) – Session Initiation Protocol – a hugely popular signaling protocol used to construct and deconstruct multimedia communication sessions for voice and video calls, videoconferencing, streaming multimedia distribution, instant messaging, presence information, and online games over the internet.
358.  
359. RTP (VoIP) (5004/5005) – Real-time Transport Protocol – a packet-formatting standard for delivering audio and video over the internet. Originally designed as a multicast protocol, is now used for unicast applications as well. Used most often for streaming media, videoconferencing, and push-to-talk systems.
360.  
361. MGCP (Multimedia) (2427/2727) – Media Gateway Control Protocol – a standard protocol for handling the signaling and session management needed during a multimedia conference, converts data from the format required for a circuit-switched network to that required for a packet-switched network and the media gateway controller.
362.  
363. H.323 (Video) (1720) – a standard protocol for video on an IP network that defines how real-time audio, video, and data information is transmitted, provides signaling, multimedia, and bandwidth control mechanisms, uses RTP standard for communication.
364.  
365. Simple Network Management Protocol (161) – SNMP collects and manipulates valuable network information, polls devices on the network from a management station at fixed or random intervals, requiring them to disclose certain information. Generates a baseline – a report delimiting the operational traits of a healthy network. Operates as a network “watchdog”, quickly reports change of events to managers, watchdogs are called “agents”, alerts are called a “trap”. Can help simplify the process of setting up a network as well as the administration of your entire internetwork. SNMPv1 and SNMPv2 are old, only use UDP, susceptible to a packet sniffer reading data. SNMPv3 uses GET-BULK which allows a host to retrieve a large amount of data at once, has authentication and encryption, is more secure and considered the standard.
366.  
367. Secure Shell (22) – sets up a secure Telnet session over standard TCP/IP connection, used for logging into other systems, running remote programs, and moving files from one system to another. Stays encrypted.
368.  
369. Hypertext Transfer Protocol (80) – HTTP is used to manage communications between web browsers and web servers, opens the right resource when you click a link, wherever that resource may actually reside.
370.  
371. Hypertext Transfer Protocol Secure (443) – HTTPS is a secure version of HTTP that includes security tools for keeping transactions between a web browser and a secure server. Required by web browser to fill out forms, sign in, authenticate, and encrypt an HTTP message when you make a reservation or buy something online.
372.  
373. Network Time Protocol (123) – NTP is used to synchronize the clocks on our computers to one standard time source (typically an atomic clock).
374.  
375. Lightweight Directory Access Protocol (389) – LDAP is a directory that is in place to keep track of all your network resources, standardizes how you access directories and its first and second inceptions are described in RFCs 1487 and 1777 respectively. Due to a few glitches, the 3rd and most current version, RFC 3377, was created and employed.
376.  
377. Internet Group Management Protocol – IGMP is the TCP/IP protocol used for managing IP multicast sessions, sends out unique IGMP messages over the network to reveal the multicast-group landscape and to find out which hosts belong to which multicast group. Works at the Network layer and doesn’t use port numbers.
378.  
379. Serial Line IP – SLIP was designed to work over serial ports and modem connections, completely outdated. Used in the 1970s through the early 1990s for modem configurations. Not compatible with DHCP, everything was static. Has been completely replaced by the Point-to-Point Protocol (PPP) which does not require static IPs and is better engineered.
380.  
381. NetBIOS (137-139) – Network Basic Input/Output System works only in the upper layers of the OSI model and allows for an interface on separate computers to communicate over a network. Many versions, but Microsoft’s version ended up becoming the standard.
382.  
383. Server Message Block (445) – used for sharing access to files and printers and other communications between hosts on a Microsoft Windows network. SMB can run on UDP port 137 and 138, and TCP port 137 and 139 using NetBIOS.
384.  
385. Domain Name Service (53) – DNS resolves hostnames to their corresponding IP addresses.
386.  
387. Dynamic Host Configuration Protocol/Bootstrap Protocol (67/68) – DHCP assigns IP addresses to hosts with information provided by a server. DHCP differs from Bootstrap Protocol (BootP) in that BootP assigns an IP address to a host but the host’s hardware address must be entered manually in a BootP table. DHCP is basically a dynamic BootP. But remember that BootP is also used to send an operating system that a host can boot from. DHCP can’t do that.
388.  
389. Most common items a DHCP server can provide to a host when a host is requesting an IP address from the DHCP server:
390. • IP address
391. • Subnet mask
392. • Domain name
393. • Default gateway (routers)
394. • DNS
395. • Windows Internet Naming Service (WINS) information
396.  
397. A client that sends out a DHCP Discover message in order to receive an IP address sends out a broadcast at both Layer 2 and Layer 3.
398.  
399. !!! Memorize this table:
400.  
401. TCP UDP
402. Sequenced Unsequenced
403. Reliable Unreliable
404. Connection-oriented Connectionless
405. Virtual circuit No virtual circuit
406. High overhead Low overhead
407. Acknowledgments No acknowledgment
408. Windowing flow control No windowing or flow controller
409.  
410. Port numbers below 1024 are considered “well-known port numbers” and are defined in RFC 3232. Numbers 1024 and above are used by the upper layers to set up sessions with other hosts and by TCP as source and destination identifiers in the TCP segment.
411.  
412. DNS uses both TCP and UDP. It chooses based on what it’s trying to do.
413.  
414. Quick Process Detail:
415. The Transport layer takes a data stream, makes segments out of it, and establishes a reliable session by creating a virtual circuit. It then sequences (or numbers) each segment and uses acknowledgments and flow control. If you’re using TCP, the virtual circuit is defined by the source port number. Remember, the host just makes this up starting at port number 1024 (0 through 1023 are reserved for well-known port numbers). The destination port number defines the upper-layer process (application) that the data stream is handed to when the data stream is reliably rebuilt on the receiving host.
416. Once the Transport layer header information is added to the piece of data, it becomes a segment and is handed down to the Network layer along with the destination IP address (which was handed down from the upper layers to the Transport layer with the data stream, and it was discovered through a name resolution method at the upper layers – probably DNS).
417. The Network layer adds a header, and adds the logical addressing (IP addresses) to the front of each segment. Once the header is added to the segment, the PDU is called a packet. The packet has a protocol field that describes where the segment came from (either UDP or TCP) so it can hand the segment to the correct protocol at the Transport layer when it reaches the receiving host.
418. The Network layer is responsible for finding the destination hardware address that dictates where the packet should be sent on the local network. It does this by using ARP. IP at the Network layer looks at the destination IP address and compares that address to its own source IP address and subnet mask. If it turns out to be a local network request, the hardware address of the local host is requested via an ARP request. If the packer it destined for a remote host, I will get the IP address of the default gateway from its configuration information, then ARP for the hardware address of the default gateway (router) instead.
419. The packet, along with the destination hardware address of either the local host or default gateway, is then handed down to the Data Link layer. The Data Link layer will add a header to the front of the packet, and the piece of data then becomes a frame (we call it a frame because both a header and a trailer are added to the packet, which makes the data resemble bookends or a frame, if you will). The frame uses an Ether-Type field to describe which protocol the packet came from at the Network layer. Now a CRC is run on the frame, and the answer to the CRC is placed in the FCS field found in the trailer of the frame.
420. The frame is now ready to be handed down, one bit at a time, to the Physical layer, which will use bit-timing rules to encode the data into a digital signal. Every device on the network segment will synchronize with the clock, extract the 1s and 0s from the digital signal, and build a frame. After the frame is rebuilt, a CRC is run to make sure the frame is okay. If everything turns out to be good, the hosts will check the destination address to see if the frame is for them.
421.  
422. !!! Remember the Process/Application layer protocols – Telnet is a terminal-emulation program that allows you to log into a remote host and run programs. File Transfer Protocol (FTP) is a connection-oriented service that allows you to transfer files. Trivial FTP (TFTP) is a connectionless file transfer program. Simple Mail Transfer Protocol (SMTP) is a sendmail program. Remember the Host-to-Host layer protocols – Transmissions Control Protocol (TCP) is a connection-oriented protocol that provides reliable network service by using acknowledgments and flow control. User Datagram Protocol (UDP) is a connectionless protocol that provides low overhead and is considered unreliable. Remember the Internet layer protocols – Internet Protocol (IP) is a connectionless protocol that provides logical network addressing and routing through an internetwork. Address Resolution Protocol (ARP) finds a hardware address from a known IP address. Internet Control Message Protocol (ICMP) provides diagnostics and Destination Unreachable messages. Remember the difference between connection-oriented and connectionless network services – Connection-oriented services use acknowledgments and flow control to create a reliable session. More overhead is used than in a connectionless network service. Connectionless services are used to send data with no acknowledgments or flow control. This is considered unreliable.
423.  
424. IP Addressing
425.  
426. In the example of 172.16.30.56
427. Network address: 172.16
428. Host address: 30.56
429.  
430. Range
431. Class A: network.host.host.host 10.0.0.1 - 10.255.255.254
432. 16,777,216 unique host addresses
433. Private only: 10.0.0.0 - 10.255.255.255
434.  
435. Range
436. Class B: network.network.host.host 172.16.0.1 - 172.16.255.254
437. 65,534 unique host addresses
438. Private only: 172.16.0.0 - 172.31.255.255
439.  
440. Range
441. Class C: network.network.network.host 192.168.100.1 - 192.168.100.254
442. 254 unique host addresses
443. Private only: 192.168.0.0 - 192.168.255.255
444.  
445. Range
446. Multicast (D & E): 224.0.0.0 - 239.255.255.255
447.  
448.  
449. Network Address Translation (NAT) - When using a private IP address, it’s still possible to connect your network to the Internet. To accomplish this, we need to use Network Address Translation (NAT), which basically takes a privaste IP address and converts it for use on the Internet. NAT provides security in that these IP addresses cannot be seen by external users. External users will only be able to see the public IP address to which the private IP address has been mapped. Moreover, multiple devices in the same private network can use the same, real IP address to transmit out onto the Internet.
450.  
451.  
452.  
453.  
454.  
455.  
456. • Broadcasts (Layer 2) – These are sent to all nodes on a LAN.
457. • Broadcasts (Layer 3) – These are sent to all nodes on the network.
458. • Unicast – This is an address for a single interface, and these are used to send packets to a single destination host.
459. • Multicast – These are packets sent from a single source and transmitted to many devices on a different networks. Referred to as one-to-many.
460.  
461. Layer 2 Broadcasts
462. Also known as hardware broadcasts, only go out on a LAN, do not go past the LAN boundary (router). Typical hardware address is 6 bytes (48 bits). The broadcast would be all 1s in binary, which would be all Fs in hexadecimal, as in FF.FF.FF.FF.FF.FF.
463.  
464. Layer 3 Broadcasts
465. Meant to reach all hosts on a broadcast domain. These are the network broadcasts that have all host bits on. Can also be referred to as “any network and all hosts”, as indicated y 255.255.255.255. Address Resolution Protocol (ARP) is a good example of a broadcast message at Layer 3. when it searches through all networks, including its own, for the host that owns the IP address it is looking for and requests the MAC address of that host.
466.  
467. Unicast Address
468. Assigned to a single interface, is used in both IPv4 and IPv6 to describe your host interface IP address.
469.  
470. Multicast Address (Class D)
471. A different beast entirely, works by sending messages or data to IP multicast group addresses. When sent and forwarded from the router, the multicast packet is received by only the subscribed hosts. If the host reads the packet and is not in the multicast group, it discards the frame. Saves PC processing, but not LAN bandwidth and can cause severe LAN congestion if not configured properly.
472.  
473. Internet Protocol Version 6 Overview and Benefits (IPv6)
474. Allows for more maximum IP addresses to be assigned (four times as much), has many of the addendum features and benefits of IPv4, though included as a standard rather than an addendum or afterthought. The header in an IPv6 packet has half the fields and they are aligned with 64 bits, which gives much faster processing speed. Lookups happen at lightspeed compared to IPv4. You can optionally choose to include or exclude fields of the header with IPv6 to speed up this time even further. There is no such thing as a broadcast in IPv6 because it uses multicast traffic instead. There are two other types of communication as well: unicast which is the same as it is in IPv4 and anycast which allows the same address to be placed on more than one device so that when traffic is sent to one device addressed in this way, it is routed to the nearest host that shares the same address. Each IPv6 address is structures at 128 bits which is much larger than an IPv4 address.
475.  
476. When typing an IPv6 address into your browser, the address portion must be encased in brackets to avoid having the browser interpret the address as a port number.
477. • Ex - http://[2001:0db8:3c4d:0012:0000:0000:1234:56ab]/default.html
478.  
479.  
480.  
481. Ipv6 addresses can be shorted with a few tricks:
482.  
483. Regular Looking IPv6 Address
484. 2001:0db8:3c4d:0012:0000:0000:1234:56ab
485.  
486. • Drop Leading Zeros
487. 2001:db8:3c4d:12:0:0:1234:56ab
488.  
489. • Turn Entire Blocks of Zeros Into Double Colons (Note: can only be used for one contiguous block of zeros in an address)
490. 2001:db8:3c4d:12::1234:56ab
491.  
492. Special Addresses
493. 0:0:0:0:0:0:0:0 Equals ::/ This is the equivalent of IPv4’s 0.0.0.0 and is typically the source address of a host before the host receives an IP address when you’re using DHCP-driven stateful configuration.
494. 0:0:0:0:0:0:0:1 Equals ::1. The equivalent of 127.0.0.1 in IPv4.
495. 0:0:0:0:0:0:132.168.100.1 This is how an IPv4 address would be written in a mixed IPv6/IPv4 network environment.
496. 2000::/3 The global unicast address range allocated for Internet access.
497. FC00::/7 The unique local unicast range.
498. FE80::/10 The link-local unicast range.
499. FF00::/8 The multicast range.
500. 3FFF:FFFF::/32 Reserved for examples and documentation.
501. 2001:0DB8::/32 Also reserved for examples and documentation.
502. 2002::/16 Used with 6to4 tunneling, which is an IPv4-t-IPv6 transition system. The structure allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels.
503.  
504. !!! Stateless Autoconfiguration (EUI-64)
505. Autoconfiguration allows devices on a network to address themselves with a link-local unicast address as well as with a global unicast address. The process happens when the prefix information is gathered from the router and then the device’s own interface ID (MAC address) and the two are combined with some padding involved, specifically FFFE is added to the middle of the address.
506.  
507. • Normal – 0060:d673:1987
508. • Padded – 0260:d6FF:FE73:1987
509.  
510. Where did the 2 come from? Part of the process called modified EUI-64 format changes the Universal/Local (U/I) bit to specify if the address is locally unique or globally unique. The U/I bit is the 7th bit of the first byte in the IPv6 address.
511.  
512. Example (using documentation prefix address):
513. • MAC address – 0090:2716:fd0f
514. • IPv6 EUI-64 address – 2001:0db8:0:1:0290:27ff:fe16:fd0f
515.  
516. • MAC address – 0c0c:dede:1234
517. • IPv6 EUI-64 address – 2001:0db8:0:1:0e0c:deff:fede:1234
518.  
519. • MAC address – 0b34:ba12:1234
520. • IPv6 EUI-64 address – 2001:0db8:0:1:0934:baff:fe12:1234
521.  
522. Migrating to IPv6 from IPv4
523. • Dual Stacking – most common strategy because it is the easiest, allows devices to communicate with either IPv4 or IPv6, allows you to upgrade devices one at a time and still maintain communications
524. • 6to4 Tunneling – takes an IPv6 packet traveling across a network and sticks an IPv4 header onto the front of it, allows it to be delivered to IPv4 network. Requires two dual-stacked routers, tell them where the tunnel begins and where it ends. However, if the Pv4 network in this situation has a NAT translation point, it will break the tunnel encapsulation unless all tunnel traffic is placed in UDP packets (also known as Teredo). NAT won’t touch UDP packets, so it can’t break the encapsulation.
525. •
526. !!! Exam Essentials
527. Remember the Class A range (1 through 126), 8 bits of network addressing and 24 bits of host addressing by default. Remember the Class B range (128 through 191), 16 bits of network addressing and 16 bits of host addressing by default. Remember the Class C range (192 through 223), 24 bits of network addressing and 8 bits of host addressing by default. Remember the private IP ranges (Class A: 10.0.0.0 – 10.255.255.225, Class B: 172.16.0.0 – 172.31.255.255, Class C: 192.168.0.0 – 192.168.255.255). Remember the APIPA range (169.254.0.1 – 169.254.255.254), the client also configures itself with a default Class B subnet mask of 255.255.0.0. Understand why we need IPv6 – need more IP addressing space. Understand link-local – similar to IPv4 APIPA IP, but it can’t be routed at all, not even in your organization. Understand unique local – also a private IP address in IPv4 and cannot be routed to the Internet, but can be routed within your organization. Remember IPv6 addressing – not like IPv4 addressing, is 128 bits long, represented in hexadecimal. Understand and be able to read a EUI-64 address with the 7th bit inverted.
528.  
529. Subnetting
530.  
531. Subnetting Basics
532.  
533. 1. 1. Determine the number of required network IDs:
534. ◦ One for each subnet
535. ◦ One for each wide area network (WAN) connection
536. 2. Determine the number of required host IDs per subnet:
537. ◦ One for each TCP/IP host
538. ◦ One for each router interface
539. 3. Based on the previous requirements, create the following:
540. ◦ One subnet mask for your entire network
541. ◦ A unique subnet ID for each physical segment
542. ◦ A range of host IDs for each subnet
543.  
544. Subnet Masks - Assign a mask that allows every machine on the network to know which part of the IP address belongs to the network ID versus the host ID.
545.  
546. Classless Inter-Domain Routing (CIDR) – the method that Internet service providers (ISPs) use to allocate a number of addresses to a company or a home connection, determined by block size. Provided in the form of a slash (/24) to give reference to the subnet mask assigned to you. /8 through /15 can be used only with Class A network addresses, /16 through /23 can be used by Class A and B network addresses, /24 through /30 can be used by Class A, B, and C network addresses. Subnet bits start at the left and go to the right without skipping bits. /31 and /32 are invalid because you have to have at least 2 host bits reserved for assigning IP addresses to hosts.
547.  
548. Subnetting a Class Address: The Fast Way
549.  
550. 1. How many subnets does the chosen subnet mask produce?
551. 2. How many valid hosts per subnet are available?
552. 3. What are the valid subnets?
553. 4. What’s the broadcast address of each subnet?
554. 5. What are the valid hosts in each subnet?
555.  
556. • How many subnets? 2x = number of subnets. x is the number of masked bits, or the 1s.
557. For example, in 11000000, the number of 1s gives us 22 subnets. In this example, there
558. are 4 subnets.
559. • How many hosts per subnet? 2y – 2 = number of hosts per subnet. y is the number of
560. unmasked bits, or the 0s. For example, in 11000000, the number of 0s gives us 26 – 2
561. hosts. In this example, there are 62 hosts per subnet. You need to subtract 2 for the
562. subnet address and the broadcast address, which are not valid hosts.
563. • What are the valid subnets? 256 – subnet mask = block size, or increment number. An
564. example would be 256 – 192 = 64. The block size of a 192 mask is always 64. Start
565. counting at zero in blocks of 64 until you reach the subnet mask value, and these are
566. your subnets. 0, 64, 128, 192. Easy, huh?
567. • What’s the broadcast address for each subnet? Now here’s the really easy part.
568. Because we counted our subnets in the last section as 0, 64, 128, and 192, the broadcast
569. address is always the number right before the next subnet. For example, the 0
570. subnet has a broadcast address of 63 because the next subnet is 64. The 64 subnet has
571. a broadcast address of 127 because the next subnet is 128. And so on. And remember,
572. the broadcast of the last subnet is always 255.
573. • What are the valid hosts? Valid hosts are the numbers between the subnets, omitting
574. all the 0s and all the 1s. For example, if 64 is the subnet number and 127 is the broadcast
575. address, then 65–126 is the valid host range—it’s always the numbers between the
576. subnet address and the broadcast address.
577.  
578.  
579.  
580. Troubleshooting an IP address
581.  
582. • Start with CLI: “ping 127.0.0.1”. Make sure you get a response. If you don’t, it’s time to reinstall TCP/IP on the host.
583. • Next, ping the IP address of the local host. If that fails, there’s a problem with the NIC.
584. • Third, ping the default gateway (router). If that fails, you have a local physical network problem that could be anywhere from the NIC to the router.
585. • If those were all successful, try to ping the remote server. If that works, you know that you have IP communications between the local host and the remote server. If after all that, you cannot communicate with the server, you probably have some type of name resolution problem and need to check your Domain Name System (DNS) settings. But if the ping to the remote server fails, then you know you have some type of remote physical network problem and need to go to the server and work through steps 1 through 3 until you find the snag.
586.  
587. Network Address Translation (NAT)
588.  
589. Used in situations when:
590. 1. You need to connect to the Internet and your hosts don’t have globally unique IP addresses
591. 2. You cange to a new ISP that requires you to renumber your network and you don’t want to
592. 3. You need to merge two intranets with duplicate addresses
593.  
594. • Static NAT (SNAT) – designed to allow one-to-one mapping between local and global addresses, requires a real Internet IP address for every host on the network
595. • Dynamic NAT (DNAT) – gives the ability to map an unregistered IP address to a registered IP address from a pool of registered IP addresses, doesn’t require a router to be statically configured, but does require enough real IP addresses for everyone who is going to be sending packets to and receiving them from the Internet.
596. • Overloading – most popular type of NAT configuration, is basically a form of Dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address (many-to-one) by using different ports, also known as Port Address Translation (PAT), thousands of users can connect to the Internet using only one real global IP address – the real reason we haven’t run out of valid IP addresses on the Internet.
597.  
598. !!! Remember the steps to subnet in your head. Understand the various block sizes (4, 8, 16, 32, 64, etc…). Remember the four diagnostic steps: ping the loopback address, ping the NIC, ping the default gateway, ping the remote device. You must be able to find and fix an IP addressing problem by drawing out the network and finding the valid and invalid hosts addresses in your network. Understand basic NAT terminology: difference between inside local and inside global, etc. Understand PAT and how it works by using different port numbers to map multiple private IP addresses to a single registered IP address.
599.  
600.  
601.  
602.  
603. Routing Basics
604.  
605. Routing protocol – a tool used by routers to dynamically find all the networks in the internetwork as well as to ensure that all routers have the same routing table, basically the path of a packet through an internetwork.
606.  
607. Routed protocol – once all routers know about all networks, a routed protocol can be used to send user data (packets) through the established internetwork. Routed protocols are assigned to an interface and determine the method of packet delivery. Examples of routed protocols are Internet Protocol (IP) and Internet Protocol version 6 (IPv6).
608.  
609. To be capable of routing packets, a router must know at least the following information:
610. • Destination network address
611. • Neighbor routers from which it can learn about remote networks
612. • Possible routes to all remote networks
613. • The best route to each remote network
614. • How to maintain and verify routing information
615.  
616. Static Routing – when a network administrator hand-types all network locations into the routing table, when a network updates it must be manually updated again as well.
617.  
618. Dynamic Routing – when a protocol on one router communicates with the same protocol running on neighbor routers to update each other about all the networks they know about and place this information into the routing table, when the network updates the protocol informs all routers on the network of the update.
619.  
620. Destinations on a remote network will ALWAYS pass through the router when sent from a host, so the destination MAC address will always be the default gateway – not a remote host and not any switches in between.
621.  
622. If a router receives a packet for a network that isn’t listed in the routing table, it does not send a broadcast looking for the remote network – the router just discards the packet.
623.  
624. Autonomous System (AS) – a collection of networks or subnets that are in the same administrative domain. This is another way of saying an administrative domain is within your company’s network, and you control or administer all the subnets that are within it.
625.  
626. Interior Gateway Protocol (IGP) – the interior routing of an AS.
627.  
628. Exterior Gateway Protocol (EGP) – the exterior routing of an AS.
629.  
630. Border Gateway Protocol (BGP) – a type of EGP used by ISPs or very large corporations. Considered to be a Hybrid protocol by Network+ objectives.
631.  
632.  
633.  
634. !!! Understand the basic IP routing process – you need to remember that the frame changes at each hop but that the packet is never changed or manipulated in any way until it reaches the destination device. Understand that MAC addresses are always local – A MAC (hardware) address will only be used on a local LAN. It will never pass a router’s interface. Understand that a frame carries a packet to only two places – A frame uses MAC (hardware) addresses to send a packet on a LAN. The frame will take the packet to either a host on the LAN or a router’s interface if the packet is destined for a remote network. Remember the difference between static and dynamic routing – static routing is where you, as the administrator, by hand, add every route into every routing table on every router on the network. This is as much work as it sounds like, which is why we use dynamic routing protocols that do the work for us.
635.  
636. Administrative distance (AD) – used to rate the trustworthiness of routing information received on one router from its neighboring router, an AD is an integer from 0 to 255 where 0 equals the most trusted route and 255 the least, a value of 255 essentially means that no traffic is allowed to be passed via that route.
637.  
638. Classes of Routing Protocols
639.  
640. Distance Vector – distance vector protocols find the best path to a remote network by judging distance, each time a packet goes through a router it is considered a “hop”, fewest hops is shortest distance. The vector indicates the direction to the remote network. RIP, RIPv2, and Interior Gateway Routing Protocol (IGRP) are distance vector routing protocols, they will send the entire routing table to all directly connected neighbors.
641.  
642. Link State – this protocol (also known as shortest path first protocols) will have the routers each create three separate tables. One of the tables keeps track of directly attached neighbors, one determines the topology of the entire internetwork, and one is used as an actual routing table. Link state routers know more about the internetwork than any distance vector routing protocol. OSPF and IS-IS are IP routing protocols that are completely link state. Link state protocols send updates containing the state of their own links to all other routers on the network when the topology changes or on startup.
643.  
644. Hybrid – the hybrid protocol uses aspects of both distance vector and link state, contains both EIGRP and BGP (also known as iBGP when deployed in supersized internetworks internally).
645.  
646. Distance Vector Routing Protocols
647.  
648. Classless
649.  
650. Routing by Rumor – when a router receives the contents of a routing table from another router and adds it to its own routing table, but does not verify if the information is accurate – it is simply “believed to be true”.
651.  
652. Convergence – the actual act of routers combine routing tables. Routing convergence time is the time required by protocols to update their forwarding tables after changes have occurred. Information kept during convergence:
653. • The remote network number
654. • The interface that the router will use to send packets to reach that particular network
655. • The hop count, or metric, to the network
656.  
657. Routing Information Protocol (RIP) – a true distance vector routing protocol, sends the complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count to determine best route. Maximum allowable hop count in RIP is 15 hops, anything over is considered unreachable. Considered to be extremely slow, can cause routing loops, horrible for WAN or large networks. RIP version 1 uses classful routing where all devices on the network must use the same subnet mask for each specific address class, due to the fact that RIP version 1 doesn’t send updates with subnet mask information in tow, uses broadcast, no authentication, no support for discontiguous networks.
658.  
659. RIP Version 2 (RIPv2) – mostly the same as RIPv1, distance vector routing protocol, sends complete routing tables, max hop count of 15, uses multicast, allows for MD5 authentication, support for discontiguous networks, is considered classless because it can send subnet mask information.
660.  
661. Variable Length Subnet Masks (VLSMs) – allows classless routing, meaning we can have different subnet masks for different router interfaces.
662.  
663. Discontiguous Network – a network that has two or more subnetworks of a classful network connected together by different classful networks.
664.  
665. !!! In order to implement a VLSM design on your network, you must use a routing protocol that sends subnet mask information with the route updates: RIPv2, EIGRP, or OSPF. In order to use a discontiguous network, you must use OSPF or (not by default, but possible with) RIPv2 or EIGRP.
666.  
667. EIGRP – a classless, enhanced distance vector protocol that possesses a real edge over another older Cisco proprietary protocol, IGRP. It’s Enhanced IGRP. But unlike IGRP, EIGRP includes the subnet mask in its route updates, referred to as a hybrid routing protocol because it has characteristics of both distance vector and link state protocols. (pg. 310) Keeps track of three different routing tables:
668. • Neighbor table – keeps state information about adjacent neighbors
669. • Topology table – populated by the neighbor table and the best path to each remote network is found by running Diffusing Update Algorithm (DUAL), contains all destinations advertised by neighboring routers, holding each destination address and a list of neighbors that have advertised the destination.
670. • Successor (Routes in a routing table) – a successor route is the best route to a remote network, used by EIGRP to forward traffic to a destination and is stored in the routing table.
671.  
672. Border Gateway Protocol (BGP) – the heavyweight of routing protocols, used for external routing (between autonomous systems, unlike RIP or OSPF), uses a sophisticated algorithm to determine the best route. It is the core routing protocol of the Internet. Known as a hybrid because it is an EGP by default but can also be used within an AS (internally), also because it’s often known as a path vector protocol instead of a distance vector like RIP. Very large private IP networks can make use of BGP (to join a number of large OSPF networks together, for example). BGP configured routers exchange path vectors that give detailed information on the BGP AS numbers, hop by hop (called an AS path), required to reach a specific destination network. Also good to know is that BGP doesn’t broadcast its entire routing table like RIP does; it updates a lot more like OSPF (as changed in the network occur) which is a huge advantage. The routing table with BGP is called a Routing Information Base (RIB). It also tells you about any/all networks reachable at the end of the path. Basically unlike IGPs that simply tell you how to get to a specific network, BGP gives you the big picture on exactly what’s involved in getting to an AS, including the networks located in that AS itself.
673.  
674. Link State Routing Protocols
675.  
676. Classless, works within packet-switched networks, learn and maintain much more information about the internetwork than distance vector routing protocols do.
677.  
678. Distance vector routing protocols only maintain routing tables with the destination routes and vector costs (like hop counts) in them. Link state routing protocols maintain two additional tables with more detailed information, with the first of these being the neighbor table. The neighbor table is maintained through the use of hello packets that are exchanged by all routers to determine which other routers re available to exchange routing data with. All routers that can share routing data are stored in the neighbor table. The second table maintained is the topology table, which is built and sustained through the use of link state advertisements or packets (LSAs or LSPs). In the topology table, you’ll find a listing for every destination network plus every neighbor (route) through which it can be reached. Essentially, it’s a map of the entire internetwork.
679.  
680. Open Shortest Path First (OSPF) – an open-standard routing protocol that’s been implemented by a wide variety of network vendors, including Cisco. Uses the Dijkstra algorithm. Support both IP and IPv6 (though must maintain a separate database and routing table for each, meaning you’re basically running two routing protocols if you are using both with OSPF). Uses bandwidth for measuring path length rather than hops like RIP.
681. • Consists of areas and autonomous systems
682. • Minimizes routing update traffic
683. • Allows scalability
684. • Supports VLSM/CIDR
685. • Has unlimited hop count
686. • Allows multivendor deployment (open standard)
687. • Uses a loopback (logical) interface to keep the network stable
688.  
689. Has the fastest convergence speed after a network change.
690.  
691. Intermediate System-to-Intermediate System (IS-IS) – is an IGP meaning it’s intended for use within an administrative domain or network rather than for routing between ASs, is a link state routing protocol meaning it works by reliably flooding topology information throughout a network of routers, packet or datagrams are forwarded based on the best topological path through the network to the destination.
692. • L1 – Level 1 intermediate systems route within an area. When the destination is outside an area, they route toward a Level 2 system.
693. • L2 – Level 2 intermediate systems route between areas and toward other ASs.
694.  
695. Both IS-IS and OSPF use Dijkstra’s Algorithm, however only IS-IS uses Connectionless Network Service (CLNS) to provide connectionless delivery of data packets between routers, and it also doesn’t require an area 0 like OSPF does because it uses IP to communicate between routers instead.
696.  
697. IS-IS is preferred by ISPs because of its ability to run IP and IPv6 without creating a separate database for each protocol as OSPF does so it’s more efficient in very large networks.
698.  
699. High Availability
700.  
701. First hop redundancy protocols (FHRPs) work by giving you a way to configure more than one physical router to appear as if they were only a single logical one. First hop is a reference to the default router being the first router, or first router hop, through which a packet must pass. This is accomplished by the protocols presenting a virtual router with its own IP and MAC addresses (the virtual IP address is the address of each of the host machines as the default gateway) that all packets are sent to, which then decides which physical router will actually forward the traffic. These redundancy protocols are:
702.  
703. Hot Standy Router Protocol (HSRP) – Cisco’s favorite protocol, allows backup routers to be in standby in case a main router ever fails and traffic must move on through a device, is a Cisco proprietary protocol that provides a gateway for hosts on a local subnet but is not a load-balanced solution. Routers are grouped together with a shared IP address and MAC address and provide a default gateway. Since they are independent of the devices and are virtual addresses, they can swap control of an address if the current forwarding and active router fails. Can be run on most but not all of Cisco’s router and multilayer switch models. Not very cost effective because standby routers are not being used unless active router fails. Defines a standby group and each standby group that you define includes the following routers:
704. • Active router
705. • Standby router
706. • Virtual router
707. • Any other routers that may be attached to the subnet
708. The virtual MAC address is creating by assigning a vendor ID, then HSRP code (07.ac), then the HSRP group number that you assign converted to hexadecimal. HSRP uses timers (hello, hold, active, and standby). The hello timer is the defined interval during which each of the routers send out hello messages (3 seconds by default) and they identify the state that each router is in. The hold timer is the interval the standby router uses to determine whether the active router is offline or out of communication (10 seconds default). The active timer monitors the state of the active router, resets each time a router in the standby group receives a hello packet from the active router, expires based on the hold time value set from the HSRP hello message. The standby timer is used to monitor the state of the standby router, resets anytime a router in the standby group receives a hello packet from the standby router, expires based on the hold time value in the respective hello packet.
709.  
710. Virtual Router Redundancy Protocol (VRRP) – also redundant, but not load-balanced solution, is open standard and functions almost identically to HSRP, allows a group of routers to form a single virtual router. In HSRP you have an active router at least one standby router, and many listening routers. A VRRP group has one master router and one or more backup routers, and is the open standard implementation of HSRP. Comparing VRRP and HSRP:
711. • VRRP is an IEEE standard (RFC 2338) for router redundancy, HSRP is a Cisco proprietary protocol.
712. • The virtual router that represents a group of routers is known as a VRRP group.
713. • The active router is referred to as the master virtual router.
714. • The master virtual router may have the same IP address as the virtual group router.
715. • Multiple routers can function as backup routers.
716. • VRRP is supported on Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces as well as on Multiprotocol Label Switching (MPLS), virtual private networks (VPNs), and VLANs.
717. VRRP has some unique features:
718. • Provides redundancy for the real IP address of the router or for a virtual IP address shared among the VRRP group members.
719. • If a real IP address is used, the router with that address becomes the master.
720. • If a virtual IP address is used, the master is the router with the highest priority.
721. • A VRRP group has one master router and one or more backup routers.
722. • The master router uses VRRP messages to inform group members of its status.
723. • VRRP allows load sharing across more that one virtual router.
724.  
725. IPv6 Routing Protocols
726.  
727. No more broadcast messages, so any protocols that use entirely broadcast traffic will be eliminated in IPv6 (better for performance). The other routing protocols will remain for use in IPv6, only with a new name and a facelift. First is RIPng (new generation): works very well for small networks. Still have EIGRPv6 because it already has protocol-dependent modules and all you have to do is add a new one to it for the IPv6 protocol. Still have is OSPFv3 (version 3): the one for IPv4 was actually version 2.
728.  
729. RIPng – primary features are identical to RIPv2. Still a distance vector protocol, has a max hop count of 15, same loop avoidance mechanisms ass well as using UDP port 521. Still uses multicast to send updates but in IPv6 it uses FF02::9 for the transport address. Previously it was 224.0.0.9. Difference is that with RIPng, the router keeps track of the next-hop address using the link-local address, not a global address.
730.  
731. EIGRPv6 – Almost identical to EIGRP, still distance vector protocol, still has some link state features, still provides reliable communication with a reliable transport protocol that gives loop-free fast convergence using DUAL. Hello packets and updates are sent using multicast transmission was 224.0.0.10 and is now FF02:1 (A = 10 in hex).
732.  
733. OSPFv3 – Also almost identical to OSPF. Still a link state routing protocol, still divides an entire internetwork or autonomous system into areas making a hierarchy. Adjacencies (neighbor routers running OSPF) and next-hop attributes now use link-local addresses and still uses multicast traffic to send its updates and acknowledgments but now uses FF02::5 (for OSP routers) and FF02::6 (for OSPF-designated routers with topological updates) instead of 224.0.0.5 and 224.0.0.6.
734.  
735. Bridges vs LAN switching
736.  
737. • Bridges are software based, whereas switches are hardware based because they use ASIC chips to help make filtering decisions
738. • A switch can be viewed as a multiport bridge
739. • There can only be one spanning-tree instance per bridge, but switches can have many
740. • Switches have a higher number of ports than most bridges
741. • Both brides and switches forward Layer 2 broadcasts
742. • Bridges and switches learn MAC addresses by examining the source address of each frame received
743. • Both bridges and switches make forwarding decisions based on Layer 2 addresses
744.  
745. !!! Layer 2 switching has three distinct functions: address learning, forward/filter decisions, and loop avoidance. Switches populate the MAC address table in learning and forwarding modes only.
746.  
747. Address Learning – can remember the source hardware address of each frame received on and interface and enter this information into a MAC database known as a forward/filter table. When a switch is initially powered on, the table is empty. Once a device transmits and an interface receives a frame, the switch places the frame’s source address in the MAC forward/filter table, which allows it to remember the interface on which the sending device is located. The switch then floods the network with this frame out of every port except the source port. If a device answers the flooded frame and sends a frame back, the switch will take the source address and place that MAC address in its database as well, thereby associating the newly discovered address with the interface that received the frame. Because the switch now has both of the relevant MAC addresses in its filtering table, the two devices can make a point-to-point connection. Hubs are not able to collect, store, and draw upon data in a table like a switch can. If two hosts do not communicate with each other through the switch again within a certain amount of time, the switch will flush their entries from the database to keep it as current as possible.
748.  
749. Forward/filter decisions – when a frame is received on a switch’s interface, the destination hardware address is compared to the forward/filter MAC database and the switch makes a forward/filter decision. Basically, if the destination hardware address is known (listed in the database), the frame is only sent out the specified exit interface. This saves bandwidth and is called frame filtering. If the destination hardware address is not known, the frame is flooded out through all interfaces.
750.  
751. Loop avoidance – redundant links between switches can help because they can prevent complete network failures in the event that one link stops working, but they can cause frames to be flooded down all redundant links simultaneously, creating network loops as well as other evils such as:
752. • endless flooding of the internetwork (called a broadcast storm)
753. • one device can receive the same broadcast twice from other devices if it is connected to multiple other devices.
754. • the MAC address filter table might be confused about the device’s location because the switch can receive the frame from more than one link, may cause constant table updating to the point that the switch may fail to forward a frame (called thrashing the MAC table).
755. • You may end up with multiple loops propagating throughout a network, causing loops occurring within other loops and if a broadcast storm happened at the same time, the network would not be able to perform frame switching at all.
756.  
757. Spanning Tree Protocol (STP)
758.  
759. Main task is to stop network loops from occurring on your Layer 2 network (bridges or switches). Shuts down any redundant links found in an internetwork. Uses the spanning tree algorithm (STA) to create a topology database and then search out and destroy redundant links. Only premium picked links are kept intact.
760.  
761. Virtual LANs
762.  
763. A logical grouping of network users and resources connected to administratively defined ports on a switch. Creates smaller broadcast domains within a Layer 2 switched Internetwork by assigning the various ports on the switch to different subnetworks. A VLAN is treated like its own subnet or broadcast domain, meaning that frames broadcasted onto the network are only switched between the ports logically grouped within the same VLAN. However, if you need hosts in a specific VLAN to communicate with hosts from a different VLAN, you will still need a router.
764.  
765. Quality of Service (QoS) – the way resources are controlled so that the quality of services is maintained, the ability to provide a different priority for one or more types of traffic over other levels; priority is applied to different applications, data flows, or users so that they can be guaranteed a certain performance level. QoS methods focus on one of five problems:
766. • Delay
767. • Dropped packets
768. • Error
769. • Jitter
770. • Out-of-order delivery
771.  
772. Static VLANs – most common method, most secure because any switch port assigned to a VLAN associated will maintain it unless you change that port assignment manually.
773.  
774. Dynamic VLANs – using intelligent management software, you can base VLAN assignments on hardware (MAC) addresses, protocols, or even applications that work to create dynamic VLANs. Entering MAC addresses into a centralized VLAN management application will allow a host that is newly hooked up to a switch to have its MAC address looked up in the VLAN management database and the switch port will be automatically assigned to the matching VLAN. You can use the VLAN Management Policy Server (VMPS) service to set up a database of MAC addresses to be used for the dynamic addressing of your VLANs. The VMPS database automatically maps MAC addresses to VLANs.
775.  
776. Identifying VLANs
777.  
778. A switch port is a Layer 2-only interface that is associated with a physical port. A switch port can belong to only one VLAN if it is an access port or all VLANs if it is a trunk port. A port can be manually configured to be an access or a trunk port or you can let Dynamic Trunking Protocol (DTP) operate on a per-port basis to set the switch port mode.
779.  
780. Access Ports – an access port belongs to and carries traffic for only one VLAN. Anything arriving on an access port is simply assumed to belong to the VLAN assigned to the port. Switches remove any VLAN information from the frame before it’s forwarded out to an access-link device. Access-link devices can’t communicate with devices outside their VLAN unless the packet is routed.
781.  
782. Voice Access Ports – the exception to the access port rule, the voice VLAN can be used as a secondary VLAN on a single access point that is already running a data VLAN, can configure QoS services to ensure that call quality is not compromised.
783.  
784. Trunk Ports – a trunk l ink is a 100Mbps or 1000Mbps point-to-point link between two switches, between a switch and router, or even between a switch and server, and it carries the traffic of multiple VLANs – from 1 to 4,094 VLANs at a time.
785.  
786. VLAN Identification Methods
787.  
788. Inter-Switch Link (ISL) – explicitly tags VLAN information onto an Ethernet frame, functions at Layer 2 by encapsulating a data frame with a new header and CRC. Proprietary to Cisco switches, used for Fast Ethernet and Gigabit Ethernet links only, versatile, can be used on switch port or router interfaces, and on server interface cards to trunk a server.
789.  
790. IEEE 802.1q – created by IEEE as a standard method of frame tagging, works by inserting a field into the frame to identify the VLAN, must be used in a mixed environment (Cisco switched link to another brand of switch).
791.  
792. !!! You first designate each port that’s going to be a trunk with 802.1q encapsulation. The other ports must be assigned a specific VLAN ID in order for them to communicate. VLAN 1 is the default native VLAN, and when using 802.1q, all traffic for a native VLAN is untagged. The ports that populate the same trunk create a group with this native VLAN and each port gets tagged with an identification number reflecting that membership. The basic reason is to provide inter-switch VLAN communication. Remember that any ISL or 802.1q frame tagging is removed if a frame is forwarded out an access link – tagging is used internally and across trunk links only!
793.  
794. VLAN Trunking Protocols (VTP)
795.  
796. Basic goal is to manage all configured VLANs across a switched internetwork and to maintain consistency throughout that network. VTP can offer:
797. • Consistent VLAN configuration across all switches in the network
798. • Accurate tracking and monitoring of VLANs
799. • Dynamic reporting of added VLANs to all switched in the VTP domain
800. • Adding VLANs using plug-and-play
801. Must create a VTP server before using. All servers that need to share VLAN information must use the same domain name, and a switch can be in only one domain at a time. So basically, this means that a switch can share VTP domain information with other switched only if they’re configured into the same VTP domain. You can use a VTP domain if you have more than one switch connecting in a network, but if you’ve got all your switches in only one VLAN, you just don’t need to use VTP. Do keep in mind that VTP information is sent between switched only via a trunk port.
802.  
803. !!! Requirements for VTP to communicate VLAN information between switches:
804. • The VTP management domain name of both switches must be set the same
805. • One of the switches has to be configured as a VTP server
806. • Set a VTP password if used
807. • No router is necessary and a router is not a requirement
808.  
809. Port Security – to make switches more secure, ports can be assigned a whitelist of MAC addresses.
810.  
811. DHCP Snooping – a rogue DHCP (not under your control) can give out incompatible IP addresses on the network, DHCP snooping can whitelist only trusted DHCP servers, will develop a bindings table consisting only of IP address to MAC addresses that are okay on the network. All other packets will eventually be dropped after the table is created.
812.  
813. ARP Inspection – Dynamic ARP Inspection (DAI) is a feature that, when configured, uses the DHCP snooping database of IP address to MAC address mappings to verify the MAC address mappings of each frame going through the switch, thus breaking any attacks depending on these bogus mappings caused by man-in-the-middle attacks that spoof MAC addresses.
814.  
815. Port Bonding – almost all Ethernet networks today will typically have multiple links between switches for redundancy and resiliency, port bonding treats all these physical links as a single logical link to avoid routing overhead. Also STOP can put a port or multiple ports into a blocking mode. Port channeling/bonding works by combining two to eight Fast Ethernet or Gigabit Ethernet ports together between two switches into one aggregated logical link to achieve more bandwidth and resiliency.
816.  
817. EtherChannel – Cisco’s proprietary term for port channeling
818.  
819. PAgP – Cisco’s proprietary port channel negotiation protocol that aids in the automatic creation of EtherChannel links. All links in the bundle must match the same speed, duplex, VLAN info. After the link is created, it is added to STOP as a single bridge port. At this point, PAgP sends a packet every 30 seconds to manage the link for consistency, check for additions and modification, check for failures.
820.  
821. LACP (802.3ad) – same purpose as LagP, but non-proprietary and can work between multi-vendor networks.
822.  
823.  
824. !!! Know and understand power over ethernet and port mirroring/spanning (local vs remote). Remember the three switch functions – address learning, forward/filter decisions, and loop avoidance are the functions of a switch. Understand the main purpose of the Spanning Tree Protocol in a switched LAN – The main purpose of STP is to prevent switching loops in a network with redundant switched paths. Remember the states of STP – the purpose of the blocking state is to prevent the use of looped paths. A port in the listening state prepares to forward data frames without populating the MAC address table. A port in the learning state populates the MAC address table but doesn’t forward data frames. A port in the forwarding state sends and receives all data frames on the bridged port. Last, a port in the disabled state is virtually nonoperational. Remember to check a switch port’s VLAN assignment when plugging in a new host – if you plug a new host into a switch, then you must verify the VLAN membership of that port. If the membership is different than what is needed for that host, the host will not be able to reach the needed network services, such as a workgroup server. Understand what PoE provides – power over ethernet was created to provide power to devices that are connected to a switch port but that are not in a place that has a power outlet – for example, an access point in a ceiling.
825.  
826. 802.11a – locked into the 5.0GHz channel, 20MHz channels, 54Mbps, requires acknowledgment of each and every frame
827.  
828. 802.11g – locked into the 2.4GHz channel, 20MHz channels, 54Mbps, requires acknowledgment of each and every frame
829.  
830. 802.11n – can do either 2.4GHz or 5.0GHz channel, 40MHz channels, 119Mbps, can pass many packets before an acknowledgment is requires (block acknowledgment), 4 MIMO spatial streams
831.  
832. Multiple Input / Multiple Output (MIMO) – several frames are sent by several antennae over several paths and are then recombined by another set of antennae to optimize throughput and multipath resistance. This is called spatial multiplexing.
833.  
834. 802.11ac – 5.0GHz channel, can do 20MHz, 40MHz, or 160MHz channels, 1Gbps, 8 MIMO spatial streams
835.  
836. Wireless Antennas – Omni: omni-directional antennas with shorter range, Yagi: directional point-to-point antennas with larger range
837.  
838. Basic Service Set (BSS) – infrastructure mode, the area of service provided by an access point (AP).
839.  
840. Site Surveys
841.  
842. Information gathering:
843. • scope of the network, all apps that will be used, data types that will be present, how sensitive data types are to delay
844. • areas that must be covered and the expected capacity at each location
845. • types of wireless devices that will need to be supported, such as laptops/iPads/iPhones/IP phones/barcode readers
846.  
847. Predeployment Site Survey – use live APs to verify optimal distances between prospective locations, take care to spot obstructions or sources of interference.
848.  
849. Postdeployment Site Survey – check to make sure all workstations are humming along on the network, most likely aren’t, make changes to support a fully loaded network.
850.  
851. Remote Authentication Dial-In User Service (802.1x) [RADIUS] – a networking protocol that offers several security benefits: authorization, centralized access, and accounting supervision regarding the users and/or the computers that connect to and access the networks’ services. Once RADIUS has authenticated the user, it allows us to specify the type of rights a user or workstation has, plus control what it, or they, can do within the network. It also creates a record of all access attempts and actions.
852.  
853. AAA – the provision of authentication, authorization, and accounting, part of the IEEE 802.1x security standard.
854.  
855. !!! Understand the IEEE 802.11a specification. 802.11a runs in the 5GHz spectrum, and if
856. you use the 802.11h extensions, you have 23 non-overlapping channels. 802.11a can run up
857. to 54Mbps, but only if you are less than 50 feet from an access point.
858. Understand the IEEE 802.11b specification. IEEE 802.11b runs in the 2.4GHz range and
859. has three non-overlapping channels. It can handle long distances but with a maximum data
860. rate of up to 11Mpbs. Understand the IEEE 802.11g specification. IEEE 802.11g is 802.11b’s big brother and runs in the same 2.4GHz range, but it has a higher data rate of 54Mbps if you are less than
861. 100 feet from an access point. Remember the wireless LAN modulation techniques. Direct Sequence Spread Spectrum (DSSS) is the most widely used modulation technique, but it has speeds only to 11Mbps. Frequency Hopping Spread Spectrum (FHSS), although it is used in wireless devices like
862. Bluetooth, isn’t the technique of choice for either vendors or the 802.11 working group. To
863. get the higher speeds needed in today’s WLANs, we use Orthogonal Frequency Division
864. Multiplexing (OFDM) in 802.11g/a/n and ac networks. Understand how WPA works in a WLAN. Wi-Fi Protected Access (WPA) is the security of choice in today’s home and corporate networks. It provides both authentication and encryption (either TKIP or AES); the latest version is WPA2.
865.  
866. Security Filtering
867.  
868. Access Control List (ACL) – the primary weapon of a firewall, typically resides on routers, controls who can access what resources in your network and what rules are in place. Typical good rules to have:
869. • Deny any addresses from your internal networks
870. • Deny any local host addresses (127.0.0.0/8)
871. • Deny any reserved private addresses
872. • Deny any addresses in the IP multicast address range (224.0.0.0/4)
873.  
874. Port Filtering – filter based on IP addresses as well as port numbers.
875.  
876. Data Encryption Standard (DES) – uses 56-bit keys, no longer used.
877.  
878. Triple Data Encryption Standard (3DES/TDES) – encrypts three times, can use one two or multiple 168-bit keys, runs slow, will probably be phased out around 2030.
879.  
880. Advanced Encryption Standard – the “official” encryption standard in the United States since 2002, uses 128 (Secret), 192 (Top Secret), or 256-bit (Top Secret) keys.
881.  
882. Public Key Infrastructure (PKI) – a system that links users to public keys and verifies a user’s identity by using a certificate authority (CA). A CA is an online notary republic of sorts – an organization that’s responsible for validating user IDs and issuing unique identifiers to confirmed individuals to certify that their identity can really be trusted.
883.  
884. !!! Know two ways you can filter traffic using an access control list. Access control lists can filter traffic by IP address or MAC address. Know which protocols can be used for tunneling and encryption of data. Tunneling and encryption protocols include SSL, VPN, L2TP, PPTP, GRE, and IPSec. Know which services allow you to remotely access computers across a network. RAS, RDP, PPP, PPPoE, and ICA are remote-access services and protocols. Know different user-authentication protocols used on networks. User-authentication protocols and systems include PKI, Kerberos, RADIUS, TACACS+, 802.1x, CHAP, MS-CHAP, and EAP. Understand the operation of Network Access Control systems such as Cisco Network Admission Control. When devices attempt to access the network, the devices are examined closely, which is called a posture assessment. When the assessment is complete and is positive, admission is granted.
885.  
886. !!! Understand and utilize network segmentation. This includes segmentation at Layer 2 and
887. 3, and includes the proper location of devices such as IPS, IDS, honeypots, and honey nets.
888. Understand the difference between a network-based firewall and a host-based firewall. A
889. network-based fi rewall is a hardware device on the network or on a router that protects a
890. group of computers. A host-based fi rewall is software installed on one individual machine,
891. and it protects only that machine.
892. Compare and contrast risk-related concepts. Understand how to identify and prioritize
893. key systems and business functions. Create standards and policies to ensure the continued
894. operation of these functions to support business continuity and disaster recovery.
895. Understand how a firewall determines which traffic can pass through it. Firewalls use
896. access control lists (ACLs), which are sets of rules, to determine which traffi c is allowed to
897. pass through.
898. Describe and apply proper physical security controls. This includes door access controls,
899. biometric systems, and the use of cameras and security guards.
900. Remember where a DMZ can be placed. A demilitarized zone (DMZ) can be located outside
901. a fi rewall, connected directly to the Internet. However, it can also be placed after the
902. fi rewall inside your network. You need to remember that it can be placed in either location.
903. Understand what a proxy server is and what types of proxying are common. A proxy
904. server is a computer that makes and fulfi lls requests on behalf of another computer. Many
905. fi rewalls can act as proxies. Common proxy services include IP proxy, web proxy, FTP
906. proxy, and mail (SMTP) proxy.
907. Know on which levels of the OSI model various security devices operate. Firewalls work
908. at the Application layer or the Network layer. Port security on switches operates at the
909. Data Link layer.
910. Understand the difference between stateful and stateless firewalls. A stateful fi rewall
911. keeps track of the established connections passing through it. When another packet is
912. received that’s part of an existing connection (part of a current state), the packet is passed
913. without checking the ACLs. A stateless fi rewall examines each packet individually and
914. does not track existing states. This makes it a bit slower and more susceptible to network
915. attacks.
916. Know what types of services firewalls can provide. Most fi rewalls provide scanning
917. services, content fi ltering, signature identifi cation, and the ability to segregate network
918. segments into separate security zones.
919. Know the difference between an IDS and an IPS. An intrusion detection system (IDS)
920. monitors network traffi c, looking for signs of an intrusion. Intrusions are detected by
921. matching activity versus known signatures within the IDS’s database. If an intrusion is
922. detected, a passive response such as logging or notifying a network administrator is executed.
923. An intrusion prevention system (IPS) is like an IDS, but with two key differences.
924. First, it learns what is “normal” on the network and can react to abnormalities even if
925. they’re not part of the signature database. Second, it can issue an active response such as
926. shutting down a port, resetting connections, or attempting to lull the attacker into a trap.
927.  
928. Integrated Services Digital Network (ISDN) – dial-up connection, slower than cable and DSL, digital signal delivered over conditioned telephone copper pairs, the device hooked up to computer to receive service is known as an ISDN terminal adapter (NOT a modem)
929.  
930. Frame Relay – delivers information via packet switching to multiple clients of a WAN, allows network to be provided to many different customers at the same time, not very resilient, access rate is the max speed at which the frame relay interface can transmit, committed information rate (CIR) is the max bandwidth of data guaranteed, uses virtual circuits as opposed to actual leased circuits to connect all users to the provider’s “cloud”
931.  
932. Be able to differentiate the kinds of WAN technologies. You must be able to identify the
933. speeds and capacities of the different remote-access and WAN technologies as well as the
934. media over which they are implemented.
935. Identify the basic characteristics of various Internet access technologies. These include
936. DSL, broadband cable, POTS, and fi ber to the premises (PON). It is important to know the
937. differentiating features of these access technologies. Know their advantages and disadvantages
938. so you can identify the best use of each.
939. Be knowledgeable about the differences between circuit-switched and packet-switched
940. technologies, and know which protocols use either. Frame Relay is a packet-switched
941. technology, and ISDN is a circuit-switched digital solution. ATM is considered to be a cellswitched
942. technology because it incorporates a 53-byte cell. Both MPLS and ATM are considered
943. connection-oriented technologies because the connection is set up fi rst.
944. Be clear about the differences involving speed and distance between different media and
945. between different WAN protocols. The use of both wireless and fi ber is growing, and
946. their standards are facilitating faster speeds and coverage of greater distances.
947. Be able to differentiate cellular WAN technologies like HSPA+, WiMAX, and LTE. HSPA+
948. is considered 3.5G, while LTE and WiMAX are considered true 4G.
949. Be able to differentiate between the different WAN protocols and technologies, their
950. relative costs and speeds, and the types of implementations for which each would serve as
951. a best solution. ISDN is rarely used nowadays in its BRI configuration except for small
952. home or office solutions. Frame Relay is relatively inexpensive, but service providers have
953. overbooked their Frame Relay clouds, resulting in poor performance. ATM is fast but
954. inefficient, and MPLS is fast and more efficient but complicated to administer.
955.  
956. Describe some of the GUI tools available to assist in testing and troubleshooting. These
957. include protocol analyzers, throughput testers, and connectivity software. Understand each
958. product’s purpose and how to use it.
959. Know how to describe and use the troubleshooting information and statistics that arp,
960. nbtstat, and netstat provide for you. The arp utility shows whether an IP address is
961. being resolved to your MAC address (or someone else’s, in case of confl icts). The netstat
962. utility produces TCP/IP statistics, and nbtstat produces NetBIOS over TCP/IP statistics.
963. Know how to diagnose a network by using TCP/IP’s troubleshooting commands. The
964. ping command echoes back if a machine is alive and active on a network. The tracert
965. command shows the path that the ping packets take from source to target. And telnet
966. enables a user to participate in a remote text-based session.
967. Know what the tracert utility does. The tracert utility fi nds the route from your computer
968. to any computer on a network.
969. Know what the ping utility does. ping determines whether a particular IP host is
970. responding.
971. Know what the ftp utility does. The ftp utility allows you to reliably download and
972. upload files from and to an FTP server across the Internet.
973. Know what the ipconfig and ifconfig utilities do. The ipconfig utility displays TCP/
974. IP configuration information for Windows NT and later operating systems. The ifconfig
975. utility performs a similar function in Unix environments, in addition to performing certain
976. interface-configuration tasks.
977. Know what the nslookup and dig utilities do. The nslookup and dig utilities allow you to
978. look up DNS resolution information.
979.  
980. Understand what network scanners are and how to use each one. Network scanners are
981. described as packet sniffers, IDS/IPS software, and port scanners. These devices can help
982. you both troubleshoot and fi x your network as well as fi nd and stop hackers in their tracks.
983. Written Lab 705
984. Remember the basic purpose of a packet sniffer. The basic purpose of packet sniffers or
985. network analyzers is to collect and analyze each individual packet that is captured on a
986. specifi c network segment to determine if problems are happening.
987. Remember the main purpose of IDS/IPS software. The IDS detects unwanted attempts to
988. manipulate network systems and/or environment, and the IPS is a computer security device
989. that monitors network and/or system activities for malicious behavior and can react in real
990. time to stop attacks.
991. Understand what an OTDR is used for. An optical time-domain refl ectometer (OTDR)
992. is an optoelectronic instrument used to test fi ber-optic cabling. You can learn the cable’s
993. estimated length and attenuation (loss in db) and the location of faults.
994. Understand the difference between cable testers and certifiers. Cable testers simply
995. tell you if the cable will function. Cable certifi ers run much more sophisticated tests that
996. determine if the cable performs according to specifi cations called for in the standard.
997. Understand the value of temperature and humidity monitors. These devices can monitor
998. environmental conditions and alert you if either the temperature or the humidity in a server
999. room or area falls below or rises above the prescribed range of safe values.
1000.  
1001. Know the seven troubleshooting steps, in order. The steps, in order, are as follows:
1002. 1. Identify the problem.
1003. 2. Establish a theory of probable cause.
1004. 3. Test the theory to determine cause.
1005. 4. Establish a plan of action to resolve the problem and identify potential effects.
1006. 5. Implement the solution or escalate as necessary.
1007. 6. Verify full system functionality, and if applicable, implement preventative
1008. measures.
1009. 7. Document findings, actions, and outcomes.
1010. Be able to identify a link light. A link light is the small, usually green LED on the back of
1011. a network card. This LED is typically found next to the media connector on a NIC and is
1012. usually labeled Link.
1013. Understand how proper network use procedures can affect the operation of a network. If
1014. a user is not following a network use procedure properly (for example, not logging in correctly),
1015. that user may report a problem where none exists. A good network troubleshooter should know how to differentiate between a network hardware/software problem and a
1016. “lack of user training” problem.
1017. Know how to narrow down a problem to one specific area or cause. Most problems
1018. can be traced to one specific area or cause. You must be able to determine if a problem is
1019. specific to one user or a bunch of users, specific to one computer or a bunch of computers,
1020. and related to hardware or software. The answers to these questions will give you a very
1021. specific problem focus.
1022. Know how to detect cabling-related problems. Generally speaking, most cabling-related
1023. problems can be traced by plugging the suspect workstation into a known, working
1024. network port. If the problem disappears (or at the very least changes significantly), it is
1025. related to the cabling for that workstation.
1026.  
1027.  
1028.  
1029.  
1030.  
1031.  
1032.  
1033. (Continue on pg 783)
1034.  
1035. EXAMS: 198, 229, 269, 292, 326, 425, 567, 593, 611, 663, 705, 750
1036. IMPORTANT: 247 – 257, 686 (memorize table)