Sie sind auf Seite 1von 243

CompTIA Network+

Courseware for the N10-007 exam

CompTia Network+ Objectives

The CompTIA Network+ certification is an internationallyCompTia Network+ Objectives recognized validation of the technical knowledge required of foundation-level IT network

recognized validation of the technical knowledge required

of foundation-level IT network practitioners.

It is recommended for CompTIA Network+ candidates to have the following:required of foundation-level IT network practitioners. CompTIA A+ certification or equivalent knowledge, though

CompTIA A+ certification or equivalent knowledge, though though

CompTIA A+ certification is not required.

Have at least 9 to 12 months of work experience in IT networkingCompTIA A+ certification or equivalent knowledge, though CompTIA A+ certification is not required. 8/10/2018 2 2

8/10/2018

2

2

CompTia Network+ Objectives

The table below lists the domains measured by the exam and the extent to which they are represented.

CompTIA Network+ exams are based on these objectives.

 

DOMAIN

% OF EXAM

1.0

Networking Concepts

23%

2.0

Infrastructure

18%

3.0

Network Operations

17%

4.0

Network Security

20%

5.0

Network trouble shooting

22%

& tools

8/10/2018

3

3

CompTia Network+ Objectives

CompTia Network+ Objectives A full list of the CompTia Network+ Objectives and official Network+ Acronym List

A full list of the CompTia Network+ Objectives

and official Network+ Acronym List is provided at:

http://certification.comptia.org/Training/testingc

enters/examobjectives.aspx

Acronym List is provided at: http://certification.comptia.org/Training/testingc enters/examobjectives.aspx 8/10/2018 4 4

8/10/2018

4

4

Network+ Modules DAY 1

Module 1: Introduction to NetworksNetwork+ Modules DAY 1 Module 2: The OSI Reference Model Module 3: Networking Topology, Connectors and

Module 2: The OSI Reference ModelNetwork+ Modules DAY 1 Module 1: Introduction to Networks Module 3: Networking Topology, Connectors and Wiring

Module 3: Networking Topology, Connectors andIntroduction to Networks Module 2: The OSI Reference Model Wiring Standards Module 4: Ethernet Specifications Module

Wiring Standards

Module 4: Ethernet Specifications3: Networking Topology, Connectors and Wiring Standards Module 5: Network Devices Module 6: TCP/IP Module 7:

Module 5: Network Devicesand Wiring Standards Module 4: Ethernet Specifications Module 6: TCP/IP Module 7: IP Addressing – IPv4

Module 6: TCP/IPModule 4: Ethernet Specifications Module 5: Network Devices Module 7: IP Addressing – IPv4 & Ipv6

Module 7: IP Addressing – IPv4 & Ipv6 IPv4 & Ipv6

8/10/2018

5

5

Network+ Modules DAY 2

Module 8: RoutingNetwork+ Modules – DAY 2 Module 9: Switching and VLANs Module 10: Wireless Networking Module 11:

Module 9: Switching and VLANsNetwork+ Modules – DAY 2 Module 8: Routing Module 10: Wireless Networking Module 11: Authentication and

Module 10: Wireless Networking– DAY 2 Module 8: Routing Module 9: Switching and VLANs Module 11: Authentication and Access

Module 11: Authentication and Access ControlModule 9: Switching and VLANs Module 10: Wireless Networking Module 12: Network Threats Module 13: Wide

Module 12: Network ThreatsNetworking Module 11: Authentication and Access Control Module 13: Wide Area Networking Module 14: Troubleshooting

Module 13: Wide Area NetworkingModule 11: Authentication and Access Control Module 12: Network Threats Module 14: Troubleshooting 8/10/2018 6 6

Module 14: TroubleshootingModule 11: Authentication and Access Control Module 12: Network Threats Module 13: Wide Area Networking 8/10/2018

8/10/2018

6

6

Network+ Modules DAY 3

Module15: Management, Monitoring andNetwork+ Modules – DAY 3 Optimisation Exam N10-007 8/10/2018 7 7

Optimisation

Exam N10-007Network+ Modules – DAY 3 Module15: Management, Monitoring and Optimisation 8/10/2018 7 7

8/10/2018

7

7

What does Network+ Lead to?

What does Network+ Lead to? 8/10/2018 8 8

8/10/2018

8

8

MODULE 1

INTRODUCTION TO NETWORKS

8/1/2018

8/1/2018

1

1

©2007 Body Temple

What is a Network

“Two or more connected computers that can

share resources such as data and applications”

Determined by:

Type of Computerresources such as data and applications” Determined by: Topology Interconnection device 8/1/2018 8/1/2018 2 2 ©2007

Topologyas data and applications” Determined by: Type of Computer Interconnection device 8/1/2018 8/1/2018 2 2 ©2007

Interconnection devicesuch as data and applications” Determined by: Type of Computer Topology 8/1/2018 8/1/2018 2 2 ©2007

8/1/2018

8/1/2018

2

2

©2007 Body Temple

Clients and Servers

Types of Computer

Workstation / Client Server Types of Network Peer-Peer

Client-ServerTypes of Computer Workstation / Client Server Types of Network Peer-Peer 8/1/2018 8/1/2018 3 3 ©2007

Workstation / Client Server Types of Network Peer-Peer Client-Server 8/1/2018 8/1/2018 3 3 ©2007 – Body
Workstation / Client Server Types of Network Peer-Peer Client-Server 8/1/2018 8/1/2018 3 3 ©2007 – Body
Workstation / Client Server Types of Network Peer-Peer Client-Server 8/1/2018 8/1/2018 3 3 ©2007 – Body

8/1/2018

8/1/2018

3

3

©2007 Body Temple

Networking Topology

Networking Topology 8/1/2018 8/1/2018 BUS 4 4 ©2007 – Body Temple

8/1/2018

8/1/2018

BUS

Networking Topology 8/1/2018 8/1/2018 BUS 4 4 ©2007 – Body Temple
Networking Topology 8/1/2018 8/1/2018 BUS 4 4 ©2007 – Body Temple
Networking Topology 8/1/2018 8/1/2018 BUS 4 4 ©2007 – Body Temple
Networking Topology 8/1/2018 8/1/2018 BUS 4 4 ©2007 – Body Temple
Networking Topology 8/1/2018 8/1/2018 BUS 4 4 ©2007 – Body Temple
Networking Topology 8/1/2018 8/1/2018 BUS 4 4 ©2007 – Body Temple

4

4

©2007 Body Temple

Networking Topology

Networking Topology Star (Hub and Spoke) 8/1/2018 8/1/2018 5 5 ©2007 – Body Temple

Star (Hub and Spoke)

Networking Topology Star (Hub and Spoke) 8/1/2018 8/1/2018 5 5 ©2007 – Body Temple

8/1/2018

8/1/2018

5

5

©2007 Body Temple

Networking Topology

Networking Topology 8/1/2018 8/1/2018 RING 6 6 ©2007 – Body Temple

8/1/2018

8/1/2018

RING

6

Networking Topology 8/1/2018 8/1/2018 RING 6 6 ©2007 – Body Temple

6

©2007 Body Temple

Networking Topolgy

Networking Topolgy MESH 8/1/2018 8/1/2018 7 7 ©2007 – Body Temple

MESH

Networking Topolgy MESH 8/1/2018 8/1/2018 7 7 ©2007 – Body Temple

8/1/2018

8/1/2018

7

7

©2007 Body Temple

Networking Topology

Networking Topology 8/1/2018 8/1/2018 Backbone and Segments 8 VLAN 1 SALES SEVERS COMMS ROOM BACKBONE VLAN

8/1/2018

8/1/2018

Backbone and Segments

8

Networking Topology 8/1/2018 8/1/2018 Backbone and Segments 8 VLAN 1 SALES SEVERS COMMS ROOM BACKBONE VLAN
Networking Topology 8/1/2018 8/1/2018 Backbone and Segments 8 VLAN 1 SALES SEVERS COMMS ROOM BACKBONE VLAN

VLAN 1

Topology 8/1/2018 8/1/2018 Backbone and Segments 8 VLAN 1 SALES SEVERS COMMS ROOM BACKBONE VLAN 2

SALES

SEVERS

COMMS ROOM

8/1/2018 Backbone and Segments 8 VLAN 1 SALES SEVERS COMMS ROOM BACKBONE VLAN 2 MARKETING 8

BACKBONE

8/1/2018 Backbone and Segments 8 VLAN 1 SALES SEVERS COMMS ROOM BACKBONE VLAN 2 MARKETING 8

VLAN 2

MARKETING

8

©2007 Body Temple

MODULE 2

THE OSI REFERENCE MODEL

8/1/2018

8/1/2018

1

1

©2007 Body Temple

The Open Systems Interconnection Model

The OSI model is the primary architectural modelThe Open Systems Interconnection Model for networks. It describes how data and network information are communicated

for networks.

It describes how data and network information are communicated from an application on oneOSI model is the primary architectural model for networks. computer through the network media to an

computer through the network media to an

application on another computer.

The OSI reference model breaks this approach intothrough the network media to an application on another computer. 7 layers. 8/1/2018 8/1/2018 2 2

7 layers.

8/1/2018

8/1/2018

2

2

©2007 Body Temple

OSI Reference Model

7 APPLICATION 6 PRESENTATION 5 SESSION 4 TRANSPORT 3 NETWORK 2 DATALINK 1 PHYSICAL
7 APPLICATION
6 PRESENTATION
5 SESSION
4 TRANSPORT
3 NETWORK
2 DATALINK
1 PHYSICAL

8/1/2018

8/1/2018

3

3

©2007 Body Temple

OSI

7 APPLICATION
7 APPLICATION
OSI 7 APPLICATION The application layer provides connectivity between users and application processes to access network

The application layer provides connectivity between users

and application processes to access network services. This layer contains a variety of commonly needed functions:

Resource sharing NFS FTP HTTP

Network management SNMP TELNET

Directory services LDAP

Electronic messaging (such as mail) SMTP, POP3

8/1/2018

8/1/2018

4

4

©2007 Body Temple

OSI

6 PRESENTATION
6 PRESENTATION

The presentation layer formats the data to be presented toOSI 6 PRESENTATION the application layer. It acts as the ‘translator’ for the network. The presentation

the application layer. It acts as the ‘translator’ for the network.

The presentation layer provides:layer. It acts as the ‘translator’ for the network. • Character code translation. • Data conversion.

Character code translation.

Data conversion.

Data compression: reduces the number of bits that need to be transmitted on the network.

Data encryption: encrypt data for security purposes. For example, password encryption.

8/1/2018

8/1/2018

5

5

©2007 Body Temple

OSI

5 SESSION
5 SESSION
OSI 5 SESSION The session layer allows session establishment between processes running on different stations. It

The session layer allows session establishment between

processes running on different stations. It provides:

Session Management establishment and termination between two application processes on different machines

Session support allowing processes to communicate over the network,

performing security, name recognition, logging, and so on.

8/1/2018

8/1/2018

6

6

©2007 Body Temple

OSI

4 TRANSPORT
4 TRANSPORT

The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications.OSI 4 TRANSPORT The transport layer provides : • Message segmentation • Message acknowledgment • Message

The transport layer provides: :

Message segmentation

Message acknowledgment

Message traffic control

Session multiplexing

Transmission Control Protocol (TCP) / User Datagram Protocol (UDP) both work at Layer 4

7

8/1/2018

8/1/2018

7

©2007 Body Temple

OSI

3 NETWORK
3 NETWORK
OSI 3 NETWORK The network layer controls the operation of the subnet, deciding which physical path

The network layer controls the operation of the subnet,

deciding which physical path the data should take based on network conditions, priority of service, and other factors. It provides:

Routing

Subnet traffic control through the use of a router (Layer 3 Intermediate system)

Frame fragmentation

Logical-physical address mapping

Internet Protocol (IPv4 / IPv6)

8

8/1/2018

8/1/2018

8

©2007 Body Temple

OSI

2 DATALINK
2 DATALINK
OSI 2 DATALINK The data link layer provides error-free transfer of data frames from one node

The data link layer provides error-free transfer of data frames from one node to another over the physical layer. The data link layer provides:

Link establishment and termination

Frame traffic control

Frame sequencing

Frame acknowledgment

Frame error checking

Media access management

8/1/2018

8/1/2018

9

9

©2007 Body Temple

OSI DATALINK LAYER

The IEEE Ethernet Data Link layer has two sublayersOSI – DATALINK LAYER Media Access Control (MAC) Logical Link Control (LLC) Devices which work at

Media Access Control (MAC)LAYER The IEEE Ethernet Data Link layer has two sublayers Logical Link Control (LLC) Devices which

Logical Link Control (LLC)Data Link layer has two sublayers Media Access Control (MAC) Devices which work at Layer 2

Devices which work at Layer 2 include:Media Access Control (MAC) Logical Link Control (LLC) • Switch • Network Adaptor • Bridge 8/1/2018

Switch

Network Adaptor

Bridge

8/1/2018

8/1/2018

10

10

©2007 Body Temple

OSI DATALINK LAYER IEEE 802 Standards

IEEE 802. STANDARD

Topic

802.1

LAN/MAN Management

802.2

Logical Link Control

802.3

CSMA/CD ETHERNET

802.8

Fiber-Optic LAN/MAN

802.10

LAN/MAN Security

802.11

Wireless LAN

8/1/2018

8/1/2018

11

11

©2007 Body Temple

OSI

1 PHYSICAL
1 PHYSICAL
OSI 1 PHYSICAL The physical layer is concerned with the transmission and reception of the unstructured

The physical layer is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It

provides:

Data encoding

Physical medium attachment

Physical medium transmission

Devices that work at Layer 1 include:

Hub

Repeater

Media Convertor

8/1/2018

8/1/2018

12

12

©2007 Body Temple

PLEASE DO NOT THROW SAUSAGE PIZZA AWAY!

7 AWAY 6 PIZZA 5 SAUSAGE 4 THROW 3 NOT 2 DO 1 PLEASE
7 AWAY
6 PIZZA
5 SAUSAGE
4 THROW
3 NOT
2 DO
1 PLEASE

8/1/2018

8/1/2018

13

13

©2007 Body Temple

MODULE 3

NETWORKING TOPOLGY, CONNECTORS AND WIRING STANDARDS

8/1/2018

8/1/2018

1

1

©2007 Body Temple

CABLE CHARACTERISTICS

CostCABLE CHARACTERISTICS Installation issues PLENUM Rating Bandwidth/Speed/Capacity Duplex/Half Duplex Serial/Parallel

Installation issuesCABLE CHARACTERISTICS Cost PLENUM Rating Bandwidth/Speed/Capacity Duplex/Half Duplex Serial/Parallel Distance/Attenuation

PLENUM RatingCABLE CHARACTERISTICS Cost Installation issues Bandwidth/Speed/Capacity Duplex/Half Duplex Serial/Parallel

Bandwidth/Speed/Capacity

Duplex/Half DuplexInstallation issues PLENUM Rating Bandwidth/Speed/Capacity Serial/Parallel Distance/Attenuation Noise immunity Security

Serial/ParallelPLENUM Rating Bandwidth/Speed/Capacity Duplex/Half Duplex Distance/Attenuation Noise immunity Security 8/1/2018

Distance/Attenuation

Noise immunityDuplex/Half Duplex Serial/Parallel Distance/Attenuation Security 8/1/2018 8/1/2018 2 2 ©2007 – Body Temple

SecurityDuplex/Half Duplex Serial/Parallel Distance/Attenuation Noise immunity 8/1/2018 8/1/2018 2 2 ©2007 – Body Temple

8/1/2018

8/1/2018

2

2

©2007 Body Temple

Types of Cable

COAXIAL

Types of Cable COAXIAL 8/1/2018 8/1/2018 3 3 ©2007 – Body Temple
Types of Cable COAXIAL 8/1/2018 8/1/2018 3 3 ©2007 – Body Temple

8/1/2018

8/1/2018

3

3

©2007 Body Temple

Types of Cable

Coax connectors BNC F 4
Coax connectors
BNC
F
4

8/1/2018

8/1/2018

4

©2007 Body Temple

Types of Cable

Twisted PairTypes of Cable UTP STP CAT standards Connectors 8/1/2018 8/1/2018 5 5 ©2007 – Body Temple

UTPTypes of Cable Twisted Pair STP CAT standards Connectors 8/1/2018 8/1/2018 5 5 ©2007 – Body

STPTypes of Cable Twisted Pair UTP CAT standards Connectors 8/1/2018 8/1/2018 5 5 ©2007 – Body

CAT standardsTypes of Cable Twisted Pair UTP STP Connectors 8/1/2018 8/1/2018 5 5 ©2007 – Body Temple

ConnectorsTypes of Cable Twisted Pair UTP STP CAT standards 8/1/2018 8/1/2018 5 5 ©2007 – Body

8/1/2018

8/1/2018

5

Types of Cable Twisted Pair UTP STP CAT standards Connectors 8/1/2018 8/1/2018 5 5 ©2007 –
Types of Cable Twisted Pair UTP STP CAT standards Connectors 8/1/2018 8/1/2018 5 5 ©2007 –

5

©2007 Body Temple

Cat 5e Four twisted pairs rated for 100 MHz,but can handle all four pairs transmitting at the same time (required for GB Ethernet).

but can handle all four pairs transmitting at

the same time (required for GB Ethernet). Cat 5 is essentially redundant (can you still

buy it??).

Cat 6 Four twisted pairs rated for 250 Mhz. A standard from 2002. Used as a riser cable toCat 5 is essentially redundant (can you still buy it??). connect floors, but for future proof

connect floors, but for future proof best

practice to install as standard for a new network.

8/1/2018

8/1/2018

6

6

©2007 Body Temple

RJ45

RJ45 plugs and sockets are most commonly used asRJ45 connectors for Ethernet cable (UTP) Also known as 8P8C (8 position 8 Contact) Eight equally

connectors for Ethernet cable (UTP)

Also known as 8P8C (8 position 8 Contact)most commonly used as connectors for Ethernet cable (UTP) Eight equally spaced conductors Terminated using a

Eight equally spaced conductorscable (UTP) Also known as 8P8C (8 position 8 Contact) Terminated using a crimp tool 8/1/2018

Terminated using a crimp toolAlso known as 8P8C (8 position 8 Contact) Eight equally spaced conductors 8/1/2018 8/1/2018 7 7

8/1/2018

8/1/2018

7

8 Contact) Eight equally spaced conductors Terminated using a crimp tool 8/1/2018 8/1/2018 7 7 ©2007

7

©2007 Body Temple

RJ45 Wiring Standards

T568ARJ45 Wiring Standards T568B STRAIGHT THROUGH CROSSOVER ROLLOVER LOOPBACK 8/1/2018 8/1/2018 8 8 ©2007 – Body

T568BRJ45 Wiring Standards T568A STRAIGHT THROUGH CROSSOVER ROLLOVER LOOPBACK 8/1/2018 8/1/2018 8 8 ©2007 – Body

STRAIGHT THROUGHRJ45 Wiring Standards T568A T568B CROSSOVER ROLLOVER LOOPBACK 8/1/2018 8/1/2018 8 8 ©2007 – Body Temple

CROSSOVERRJ45 Wiring Standards T568A T568B STRAIGHT THROUGH ROLLOVER LOOPBACK 8/1/2018 8/1/2018 8 8 ©2007 – Body

ROLLOVERRJ45 Wiring Standards T568A T568B STRAIGHT THROUGH CROSSOVER LOOPBACK 8/1/2018 8/1/2018 8 8 ©2007 – Body

LOOPBACKRJ45 Wiring Standards T568A T568B STRAIGHT THROUGH CROSSOVER ROLLOVER 8/1/2018 8/1/2018 8 8 ©2007 – Body

8/1/2018

8/1/2018

8

8

©2007 Body Temple

T568A / T568B

T568A / T568B 8/1/2018 8/1/2018 9 T568B is more common 9 ©2007 – Body Temple

8/1/2018

8/1/2018

9

T568B is more common

9

©2007 Body Temple

CROSSOVER

CROSSOVER 8/1/2018 8/1/2018 10 10 ©2007 – Body Temple

8/1/2018

8/1/2018

10

10

©2007 Body Temple

LAB

LAB Create your own crossover cable 8/1/2018 8/1/2018 11 11 ©2007 – Body Temple

Create your own crossover cable

LAB Create your own crossover cable 8/1/2018 8/1/2018 11 11 ©2007 – Body Temple

8/1/2018

8/1/2018

11

11

©2007 Body Temple

Rollover and Loopback CABLE

Console Cable used to connect AdministratorRollover and Loopback CABLE to console port of a Router or Switch Loopback Cable used for

to console port of a Router or Switch

connect Administrator to console port of a Router or Switch Loopback Cable used for diagnostics and

Loopback Cable used for diagnostics andto connect Administrator to console port of a Router or Switch testing. 8/1/2018 8/1/2018 12 12

testing.

8/1/2018

8/1/2018

12

12

©2007 Body Temple

FIBER OPTIC

ST Connector (Straight Tip)FIBER OPTIC SC Connector (Subscriber Connector) LC Connector (Local Connector) MTRJ (Mechanical Transfer Registered Jack)

SC Connector (Subscriber Connector)FIBER OPTIC ST Connector (Straight Tip) LC Connector (Local Connector) MTRJ (Mechanical Transfer Registered Jack) Single

LC Connector (Local Connector)Connector (Straight Tip) SC Connector (Subscriber Connector) MTRJ (Mechanical Transfer Registered Jack) Single Mode Fiber

MTRJ (Mechanical Transfer Registered Jack)(Subscriber Connector) LC Connector (Local Connector) Single Mode Fiber (SMF) Multimode Fiber (MMF) 8/1/2018

Single Mode Fiber (SMF)(Local Connector) MTRJ (Mechanical Transfer Registered Jack) Multimode Fiber (MMF) 8/1/2018 8/1/2018 13 13 ©2007 –

Multimode Fiber (MMF)MTRJ (Mechanical Transfer Registered Jack) Single Mode Fiber (SMF) 8/1/2018 8/1/2018 13 13 ©2007 – Body

8/1/2018

8/1/2018

13

13

©2007 Body Temple

Media Converter

Allow the conversions between differentMedia Converter types of Fiber Optic or between Fiber and Ethernet. These include: • Single Mode

types of Fiber Optic or between Fiber and

Ethernet.

These include:types of Fiber Optic or between Fiber and Ethernet. • Single Mode Fiber to Ethernet •

Single Mode Fiber to Ethernet

Multi Mode Fiber to Ethernet

Fiber to Coaxial

8/1/2018

8/1/2018

14

14

©2007 Body Temple

Types of Cable

Other types of communications cablesTypes of Cable include: RS232 USB FIREWIRE THUNDERBOLT 8/1/2018 8/1/2018 15 15 ©2007 – Body Temple

include:

RS232Types of Cable Other types of communications cables include: USB FIREWIRE THUNDERBOLT 8/1/2018 8/1/2018 15 15

USBof Cable Other types of communications cables include: RS232 FIREWIRE THUNDERBOLT 8/1/2018 8/1/2018 15 15 ©2007

FIREWIRECable Other types of communications cables include: RS232 USB THUNDERBOLT 8/1/2018 8/1/2018 15 15 ©2007 –

THUNDERBOLTof Cable Other types of communications cables include: RS232 USB FIREWIRE 8/1/2018 8/1/2018 15 15 ©2007

8/1/2018

8/1/2018

15

15

©2007 Body Temple

Patching and Cabling

MDF – Main Distribution Frame is a terminating point where cables are connected and can be Main Distribution Frame is a terminating point where cables are connected and can be jumpered to different locations

IDF – Intermediate Distribution Frame, a smaller version of the MDF maybe on each floor of Intermediate Distribution Frame, a smaller version of the MDF maybe on each floor of a building

Patch Panel – where circuits can be rerouted through the where circuits can be rerouted through the

use of CAT 5 patch leads

8/1/2018

8/1/2018

16

– where circuits can be rerouted through the use of CAT 5 patch leads 8/1/2018 8/1/2018

16

©2007 Body Temple

66 / 110 Block

66 Block used for Telephone systems66 / 110 Block 110 Block used for Cat 5/6 UTP systems Fibre distribution panel 8/1/2018

110 Block used for Cat 5/6 UTP systems66 / 110 Block 66 Block used for Telephone systems Fibre distribution panel 8/1/2018 8/1/2018 17

Fibre distribution panelBlock used for Telephone systems 110 Block used for Cat 5/6 UTP systems 8/1/2018 8/1/2018 17

systems 110 Block used for Cat 5/6 UTP systems Fibre distribution panel 8/1/2018 8/1/2018 17 17

8/1/2018

8/1/2018

17

systems 110 Block used for Cat 5/6 UTP systems Fibre distribution panel 8/1/2018 8/1/2018 17 17

17

©2007 Body Temple

Network Transceiver

Network Transceiver 8/1/2018 8/1/2018 18 18 ©2007 – Body Temple

8/1/2018

8/1/2018

18

18

©2007 Body Temple

Demarcation Point

The DEMARC or demarcation point is the point at which the telephone company or circuit provider DEMARC or demarcation point is the point at which the telephone company or circuit provider network ends and connects to the wiring at the customer’s premises.

A box such as an NIU (Network Interface Unit) or a CSUand connects to the wiring at the customer’s premises. (Channel Service Unit) which carries out code

(Channel Service Unit) which carries out code or protocol

conversion is commonly referred to as a SMART JACK. This

is the terminating point between the TELCO and the customer network

8/1/2018

8/1/2018

19

This is the terminating point between the TELCO and the customer network 8/1/2018 8/1/2018 19 19

19

©2007 Body Temple

MODULE 4

ETHERNET SPECIFICATIONS

8/1/2018

8/1/2018

1

1

©2007 Body Temple

Introduction to Ethernet

The MAC addressIntroduction to Ethernet • Ethernet Media Access Control address – the “physical” address of a network

Ethernet Media Access Control address – the “physical” address of a network adapter

Unique to a device 48 bits / 6 bytes long and displayed in hexadecimal

Duplexa device 48 bits / 6 bytes long and displayed in hexadecimal • Half-duplex - a

Half-duplex - a device cannot send and receive simultaneously

All LAN hubs are half-duplex devices •

Switch interfaces can be configured as half-duplex, but usually only when connecting to another half-duplex device •

Full-duplex - data can be sent and received at the same time •

A properly configured switch interface will be set to full-duple

8/1/2018

8/1/2018

2

2

©2007 Body Temple

Carrier Sense Multiple Access / Collision Detection CSMA/CD

CSMA/CD is known as a contention method because computers on the network contend, or compete, for is known as a contention method because computers on the network contend, or compete, for an opportunity to send data.

The more computers there are on the network, the more network traffic there will be.contend, or compete, for an opportunity to send data. With more traffic, collision avoidance and collisions

With more traffic, collision avoidance and collisions tend toare on the network, the more network traffic there will be. increase, which slows the network

increase, which slows the network down, so CSMA/CD can be

a slow-access method.

8/1/2018

8/1/2018

3

3

©2007 Body Temple

CSMA/CD

CSMA/CD is used by all implementations of Ethernet regardless of the media or the dataCSMA/CD throughput. CSMA/CD working without a collision: 1.Listens to check media to see if it is

throughput.

CSMA/CD working without a collision:of Ethernet regardless of the media or the data throughput. 1.Listens to check media to see

1.Listens to check media to see if it is clear

2.If clear then a host will place data on the media

3.Then listens to see if data sent has a collision

8/1/2018

8/1/2018

4

4

©2007 Body Temple

CSMA/CD

CSMA/CD CSMA/CD working with a collision : 1.Listens to check media to see if it is

CSMA/CD working with a collision:

1.Listens to check media to see if it is clear

2.If clear then a host will place data on the media

3.Then listens to see if data sent has a collision

4.Collision occurs

5.Both devices send a jam signal

6.Both devices start a timer (back off algorithm)

7.First host whose timer expires repeats steps 1-3

8.Then the second node will perform steps 1 - 3

9.Then operation returns to normal and all devices have equal access to the media

8/1/2018

8/1/2018

5

5

©2007 Body Temple

CSMA/CA (Collision Avoidance)

CSMA/CA (Collision Avoidance) Used on Wireless Networks Nodes must ‘listen’ out to detect if network is

Used on Wireless Networks

Nodes must ‘listen’ out to detect if network is busy before sending is busy before sending

out to detect if network is busy before sending Optionally may be implemented with Request To

Optionally may be implemented with

Request To Send/Clear To Send (RTS/CTS)

8/1/2018

8/1/2018

6

6

©2007 Body Temple

Ethernet Standards 802.3

Ethernet descriptive labelsEthernet Standards 802.3 Eg: 10 Base 5 Equates to: 10 Mbps Base band signalling (one channel

Eg: 10 Base 5 10Base5

Equates to:

10 Mbps Mbps

Baseband signalling (one channel of communication at band signalling (one channel of communication at

any time)

500 Metres maximum length 00 Metres maximum length

10Base2 (runs for 185 Metres)

8/1/2018

8/1/2018

7

7

©2007 Body Temple

Common Ethernet Cable Types

Ethernet Name

Cable Type

Max Distance

Notes

10Base5

COAX

500m

Thicknet

10Base2

COAX

185m

Thinnet

10BaseT

UTP

100m

 

100BaseTX

UTP/STP

100m

Cat5 upwards

10BaseFL

FIBER

500-2000m

Ethernet over Fiber

100BaseFX

MMF

2000m

 

1000BaseT

UTP

100m

Cat5e upwards

1000BaseSX

MMF

550m

SC Connector

1000BaseCX

Balanced Shielded Copper

25m

Special Connector

1000BaseLX

MMF/SMF

550m (Multi)

SC and LC

/2000m(Single)

Connector

8/1/2018

8/1/2018

8

8

©2007 Body Temple

Common Ethernet Cable Types

Ethernet Name

Cable Type

Max Distance

Notes

10GBaseT

UTP

100m

 

10GBaseSR

MMF

300m

 

10GBaseLR

SMF

10km

 

10GBaseER

SMF

40km

 

10GBaseSW

MMF

300m

 

10GBaseLW

SMF

10km

Used with SONET

10GBaseEW

SMF

40km

 

8/1/2018

8/1/2018

9

9

©2007 Body Temple

Ethernet over other standards

Ethernet over Power Line (Broadband overEthernet over other standards Power Line (BPL)) Ethernet over HDMI 8/1/2018 8/1/2018 10 10 ©2007 –

Power Line (BPL))

Ethernet over HDMIstandards Ethernet over Power Line (Broadband over Power Line (BPL)) 8/1/2018 8/1/2018 10 10 ©2007 –

8/1/2018

8/1/2018

10

10

©2007 Body Temple

8/1/2018

8/1/2018

11

11

©2007 Body Temple

MODULE 5

NETWORK DEVICES

8/1/2018

8/1/2018

1

1

©2007 Body Temple

Common Network Devices

Network Interface Card (NIC)Common Network Devices Hub Bridge Switch Router Firewall Intrusion Detection System (IDS) Intrusion Prevention System

HubCommon Network Devices Network Interface Card (NIC) Bridge Switch Router Firewall Intrusion Detection System (IDS)

BridgeCommon Network Devices Network Interface Card (NIC) Hub Switch Router Firewall Intrusion Detection System (IDS) Intrusion

SwitchNetwork Devices Network Interface Card (NIC) Hub Bridge Router Firewall Intrusion Detection System (IDS) Intrusion

RouterDevices Network Interface Card (NIC) Hub Bridge Switch Firewall Intrusion Detection System (IDS) Intrusion

FirewallNetwork Interface Card (NIC) Hub Bridge Switch Router Intrusion Detection System (IDS) Intrusion Prevention System

Intrusion Detection System (IDS)Interface Card (NIC) Hub Bridge Switch Router Firewall Intrusion Prevention System (IPS) Access Point 8/1/2018

Intrusion Prevention System (IPS)Bridge Switch Router Firewall Intrusion Detection System (IDS) Access Point 8/1/2018 8/1/2018 2 2 ©2007 –

Access PointFirewall Intrusion Detection System (IDS) Intrusion Prevention System (IPS) 8/1/2018 8/1/2018 2 2 ©2007 – Body

Detection System (IDS) Intrusion Prevention System (IPS) Access Point 8/1/2018 8/1/2018 2 2 ©2007 – Body

8/1/2018

8/1/2018

2

Detection System (IDS) Intrusion Prevention System (IPS) Access Point 8/1/2018 8/1/2018 2 2 ©2007 – Body
Detection System (IDS) Intrusion Prevention System (IPS) Access Point 8/1/2018 8/1/2018 2 2 ©2007 – Body

2

©2007 Body Temple

NETWORK INTERFACE CARD (NIC)

NETWORK INTERFACE CARD (NIC) Unique identifier – Media Access Control address (MAC) 8/1/2018 8/1/2018 3 3

Unique identifier Media Access Control address

(MAC)

8/1/2018

8/1/2018

3

CARD (NIC) Unique identifier – Media Access Control address (MAC) 8/1/2018 8/1/2018 3 3 ©2007 –

3

©2007 Body Temple

HUBS AND REPEATER LAYER 1 DEVICES

HUB enables a number of nodes to connect to a network (one per port) enables a number of nodes to connect to a network (one per port)

REPEATER retransmit signals (may retransmit signals (may

clean and strengthen the signal) to

increase distances between nodes

8/1/2018

8/1/2018

4

(may clean and strengthen the signal) to increase distances between nodes 8/1/2018 8/1/2018 4 4 ©2007
(may clean and strengthen the signal) to increase distances between nodes 8/1/2018 8/1/2018 4 4 ©2007

4

©2007 Body Temple

BRIDGE LAYER 2 DEVICE

BRIDGE – LAYER 2 DEVICE A BRIDGE (or ‘Transparent Bridge’) connects two similar network segments together.

A BRIDGE (or ‘Transparent Bridge’) connects two

similar network segments together. Its primary

function is to keep traffic separated on either side of the bridge, breaking up Collision Domains within a single Broadcast Domain

8/1/2018

8/1/2018

5

BROADCAST DOMAIN Collision Domain Collision Domain BRIDGE
BROADCAST DOMAIN
Collision Domain
Collision Domain
BRIDGE

5

©2007 Body Temple

SWITCH LAYER 2 DEVICE

Multiport bridgesSWITCH – LAYER 2 DEVICE Operate at DATALINK layer Control collision domains Now used extensively instead

Operate at DATALINK layerSWITCH – LAYER 2 DEVICE Multiport bridges Control collision domains Now used extensively instead of Hubs

Control collision domainsLAYER 2 DEVICE Multiport bridges Operate at DATALINK layer Now used extensively instead of Hubs and

Now used extensively instead of Hubs and Bridgesbridges Operate at DATALINK layer Control collision domains May also incorporate LAYER 3 technology (VLAN) 8/1/2018

May also incorporate LAYER 3 technology (VLAN)Control collision domains Now used extensively instead of Hubs and Bridges 8/1/2018 8/1/2018 6 6 ©2007

instead of Hubs and Bridges May also incorporate LAYER 3 technology (VLAN) 8/1/2018 8/1/2018 6 6

8/1/2018

8/1/2018

6

6

©2007 Body Temple

ROUTER LAYER 3 DEVICE

Traditional LAYER 3 device (NETWORK Layer)ROUTER – LAYER 3 DEVICE Forwarding based upon network layer IP address Control Broadcast and Collision

Forwarding based upon network layer IP addressLAYER 3 DEVICE Traditional LAYER 3 device (NETWORK Layer) Control Broadcast and Collision Domains Can use

Control Broadcast and Collision DomainsLayer) Forwarding based upon network layer IP address Can use multiple routing protocols 7 8/1/2018 8/1/2018

Can use multiple routing protocolsbased upon network layer IP address Control Broadcast and Collision Domains 7 8/1/2018 8/1/2018 7 ©2007

7
7

8/1/2018

8/1/2018

7

©2007 Body Temple

FIREWALL

Provide the first layer of defence in networkFIREWALL security May be hardware or software (or both) Based on configuration rules Used to established

security

May be hardware or software (or both)Provide the first layer of defence in network security Based on configuration rules Used to established

Based on configuration rulesin network security May be hardware or software (or both) Used to established Demilitarised Zones (DMZ)

Used to established Demilitarised Zones (DMZ)security May be hardware or software (or both) Based on configuration rules 8/1/2018 8/1/2018 8 8

8/1/2018

8/1/2018

8

8

©2007 Body Temple

FIREWALLS - DMZ

FIREWALLS - DMZ Used to protect the LAN from External attacks/intrusion DMZ LAN 8/1/2018 8/1/2018 9

Used to protect the LAN from External

attacks/intrusion DMZ LAN
attacks/intrusion
DMZ
LAN

8/1/2018

8/1/2018

9

INTERNET

9

©2007 Body Temple

FIREWALL - Rules

10 8/1/2018
10
8/1/2018

8/1/2018

10

©2007 Body Temple

IDS/IPS

Intrusion Detection System (IDS)IDS/IPS • Host Based (HIDS) or Network Based (NIDS) • Passive Monitoring • Anomaly Detection •

Host Based (HIDS) or Network Based (NIDS)

Passive Monitoring

Anomaly Detection

Signature Detection

Heuristics

Intrusion Protection SystemAnomaly Detection • Signature Detection • Heuristics Host Based (HIPS) or Network Based (NIPS) Active Monitoring

Host Based (HIPS) or Network Based (NIPS)Detection • Heuristics Intrusion Protection System Active Monitoring 8/1/2018 8/1/2018 11 11 ©2007 – Body

Active MonitoringIntrusion Protection System Host Based (HIPS) or Network Based (NIPS) 8/1/2018 8/1/2018 11 11 ©2007 –

8/1/2018

8/1/2018

11

11

©2007 Body Temple

IDS/IPS

Honeypot / HoneynetIDS/IPS Used to monitor intrusion / attacks and conduct intelligence gathering Used to deflect potential attacks

Used to monitor intrusion / attacks and conduct intelligence gatheringIDS/IPS Honeypot / Honeynet Used to deflect potential attacks HONEYPOT DMZ IDS INTERNET 8/1/2018 8/1/2018 12

Used to deflect potential attacksintrusion / attacks and conduct intelligence gathering HONEYPOT DMZ IDS INTERNET 8/1/2018 8/1/2018 12 12 ©2007

HONEYPOT DMZ IDS INTERNET
HONEYPOT
DMZ
IDS
INTERNET

8/1/2018

8/1/2018

12

12

©2007 Body Temple

Wireless Access Points (WAP)

Connects computers with wireless adapters to aWireless Access Points (WAP) network Access Point is a translational bridge 802.11b/g Access Points use CSMA/CD

network

Access Point is a translational bridge(WAP) Connects computers with wireless adapters to a network 802.11b/g Access Points use CSMA/CD to connect

802.11b/g Access Points use CSMA/CD to connect to CSMA/CD to connect to

network (LAN) and CSMA/CA to communicate with other wireless devices

8/1/2018

8/1/2018

13

to network (LAN) and CSMA/CA to communicate with other wireless devices 8/1/2018 8/1/2018 13 13 ©2007

13

©2007 Body Temple

Dynamic Host Configuration Protocol (DHCP)

Dedicated Server Role orDynamic Host Configuration Protocol (DHCP) Integrated with Network Device 8/1/2018 8/1/2018 14 14 ©2007 – Body

Integrated with Network DeviceDynamic Host Configuration Protocol (DHCP) Dedicated Server Role or 8/1/2018 8/1/2018 14 14 ©2007 – Body

Protocol (DHCP) Dedicated Server Role or Integrated with Network Device 8/1/2018 8/1/2018 14 14 ©2007 –

8/1/2018

8/1/2018

14

14

©2007 Body Temple

DHCP

DHCP DHCP Client sends Broadcast packets to DHCP Server in order to acquire an IP address

DHCP Client sends Broadcast packets to DHCP Server in order to acquire an IP address from the DHCP Scope

DHCP Discover

DHCP Offer

DHCP Request

DHCP Ack

DHCP D iscover • DHCP O ffer • DHCP R equest • DHCP A ck 15

15

8/1/2018

8/1/2018

15

©2007 Body Temple

DHCP Settings

Reservations (set on MAC address of client)DHCP Settings Exclusions (used for statically assigned clients) Authorised on the network Scope must be activated

Exclusions (used for statically assigned clients)DHCP Settings Reservations (set on MAC address of client) Authorised on the network Scope must be

Authorised on the networkof client) Exclusions (used for statically assigned clients) Scope must be activated Clients will default to

Scope must be activatedfor statically assigned clients) Authorised on the network Clients will default to APIPA address if no

Clients will default to APIPA address if no DHCP availableclients) Authorised on the network Scope must be activated Internet Connection Sharing (ICS) includes DHCP service

Internet Connection Sharing (ICS) includes DHCPClients will default to APIPA address if no DHCP available service 8/1/2018 8/1/2018 16 16 ©2007

service

8/1/2018

8/1/2018

16

16

©2007 Body Temple

Specialised Network Devices

Multilayer Switch (MLS)Specialised Network Devices Works at Layer 2 and Layer 3 (Routing) Very popular devices 8/1/2018 8/1/2018

Works at Layer 2 and Layer 3 (Routing)Specialised Network Devices Multilayer Switch (MLS) Very popular devices 8/1/2018 8/1/2018 17 17 ©2007 – Body

Very popular devicesDevices Multilayer Switch (MLS) Works at Layer 2 and Layer 3 (Routing) 8/1/2018 8/1/2018 17 17

8/1/2018

8/1/2018

17

Switch (MLS) Works at Layer 2 and Layer 3 (Routing) Very popular devices 8/1/2018 8/1/2018 17

17

©2007 Body Temple

Specialised Network Devices

Load BalancerSpecialised Network Devices Fault Tolerance / Redundancy Used to support servers such as: • Web Servers

Fault Tolerance / RedundancySpecialised Network Devices Load Balancer Used to support servers such as: • Web Servers • FTP

Used to support servers such as:Network Devices Load Balancer Fault Tolerance / Redundancy • Web Servers • FTP Servers • Remote

Web Servers

FTP Servers

Remote Desktop Servers

VPN Servers

8/1/2018

8/1/2018

18

Web Servers • FTP Servers • Remote Desktop Servers • VPN Servers 8/1/2018 8/1/2018 18 18

18

©2007 Body Temple

Domain Naming System (DNS)

Resolves FQDN to IP addresses (Forward Lookup)Domain Naming System (DNS) Resolves IP addresses to FQDN (Reverse Lookup) DNS entries held in a

Resolves IP addresses to FQDN (Reverse Lookup)System (DNS) Resolves FQDN to IP addresses (Forward Lookup) DNS entries held in a database on

DNS entries held in a database on a server called a ZoneLookup) Resolves IP addresses to FQDN (Reverse Lookup) Zone is an area of contiguous namespace for

Zone is an area of contiguous namespace for which a DNS server is authoritativeDNS entries held in a database on a server called a Zone DNS Server is able

DNS Server is able to Forward requests and Cachecontiguous namespace for which a DNS server is authoritative responses in support of clients 8/1/2018 8/1/2018

responses in support of clients

8/1/2018

8/1/2018

19

19

©2007 Body Temple

DNS Resolution

Host FileDNS Resolution Local Resolver Cache DNS NetBios Cache WINS Broadcast LMHosts 8/1/2018 8/1/2018 20 Local Host

Local Resolver CacheDNS Resolution Host File DNS NetBios Cache WINS Broadcast LMHosts 8/1/2018 8/1/2018 20 Local Host File

DNSDNS Resolution Host File Local Resolver Cache NetBios Cache WINS Broadcast LMHosts 8/1/2018 8/1/2018 20 Local

NetBios CacheDNS Resolution Host File Local Resolver Cache DNS WINS Broadcast LMHosts 8/1/2018 8/1/2018 20 Local Host

WINSResolution Host File Local Resolver Cache DNS NetBios Cache Broadcast LMHosts 8/1/2018 8/1/2018 20 Local Host

BroadcastHost File Local Resolver Cache DNS NetBios Cache WINS LMHosts 8/1/2018 8/1/2018 20 Local Host File

LMHostsFile Local Resolver Cache DNS NetBios Cache WINS Broadcast 8/1/2018 8/1/2018 20 Local Host File Local

8/1/2018

8/1/2018

20

Local Host

File

Broadcast LMHosts 8/1/2018 8/1/2018 20 Local Host File Local Resolver Cache DNS Server 20 ©2007 –

Local

Resolver

Cache

Broadcast LMHosts 8/1/2018 8/1/2018 20 Local Host File Local Resolver Cache DNS Server 20 ©2007 –
Broadcast LMHosts 8/1/2018 8/1/2018 20 Local Host File Local Resolver Cache DNS Server 20 ©2007 –

DNS Server

20

©2007 Body Temple

DNS on the INTERNET

ROOT (.) .COM Google.com FirebrandTraining.com
ROOT (.)
.COM
Google.com
FirebrandTraining.com
INTERNET ROOT (.) .COM Google.com FirebrandTraining.com UK.FirebrandTraining.com WWW.UK.FirebrandTraining.com
UK.FirebrandTraining.com
UK.FirebrandTraining.com

WWW.UK.FirebrandTraining.com

UK.FirebrandTraining.com WWW.UK.FirebrandTraining.com 8/1/2018 8/1/2018 21 21 ©2007 – Body Temple

8/1/2018

8/1/2018

21

21

©2007 Body Temple

DNS Records

RECORD

INFO

A

Host Record (IPv4)

AAAA

Host Record (IPv6)

PTR

Reverse Lookup Record

NS

Named Server Record (DNS Server)

MX

Mail Exchange (Email Server)

Alias (Cname)

Used to point friendly name records to

other hosts

SOA

Start of Authority (controls DNS Zone transfers and records)

SRV

Service Locator records (eg. location of

Domain Controllers and associated

services)

8/1/2018

8/1/2018

22

22

©2007 Body Temple

Specialised Network Devices

Proxy ServerSpecialised Network Devices Two main types: • Caching Proxy • Web Proxy LAN ROUTER INTERNET PROXY

Two main types:Specialised Network Devices Proxy Server • Caching Proxy • Web Proxy LAN ROUTER INTERNET PROXY SERVER

Caching Proxy

Web Proxy

LAN ROUTER
LAN
ROUTER
main types: • Caching Proxy • Web Proxy LAN ROUTER INTERNET PROXY SERVER Reverse proxy (incoming

INTERNET

• Caching Proxy • Web Proxy LAN ROUTER INTERNET PROXY SERVER Reverse proxy (incoming from the

PROXY SERVER

Reverse proxy (incoming from the Internet)• Caching Proxy • Web Proxy LAN ROUTER INTERNET PROXY SERVER 8/1/2018 8/1/2018 23 23 ©2007

8/1/2018

8/1/2018

23

23

©2007 Body Temple

Specialised Network Devices

PACKET SHAPER (TRAFFIC SHAPER)Specialised Network Devices Allow for traffic management (bandwidth) Set against network profile May work with Quality

Allow for traffic management (bandwidth)Specialised Network Devices PACKET SHAPER (TRAFFIC SHAPER) Set against network profile May work with Quality of

Set against network profile(TRAFFIC SHAPER) Allow for traffic management (bandwidth) May work with Quality of Service (QOS) configurations

May work with Quality of Service (QOS)traffic management (bandwidth) Set against network profile configurations 8/1/2018 8/1/2018 24 24 ©2007 – Body

configurations

8/1/2018

8/1/2018

24

24

©2007 Body Temple

Specialised Network Devices

VPN CONCENTRATORSpecialised Network Devices Dedicated device to handle multiple VPN (Virtual Private Network) connections and associated

Dedicated device to handle multiple VPN (Virtual Private Network) connections and associated configurationsSpecialised Network Devices VPN CONCENTRATOR 8/1/2018 8/1/2018 25 25 ©2007 – Body Temple

VPN (Virtual Private Network) connections and associated configurations 8/1/2018 8/1/2018 25 25 ©2007 – Body Temple

8/1/2018

8/1/2018

25

25

©2007 Body Temple

Basic Network Device layout

8/1/2018

8/1/2018

26

VLANS SWITCH SERVERS ROUTER
VLANS
SWITCH
SERVERS
ROUTER
DMZ
DMZ

FIREWALL

Basic Network Device layout 8/1/2018 8/1/2018 26 VLANS SWITCH SERVERS ROUTER DMZ FIREWALL 26 ©2007 –
Basic Network Device layout 8/1/2018 8/1/2018 26 VLANS SWITCH SERVERS ROUTER DMZ FIREWALL 26 ©2007 –
Basic Network Device layout 8/1/2018 8/1/2018 26 VLANS SWITCH SERVERS ROUTER DMZ FIREWALL 26 ©2007 –

26

©2007 Body Temple

Network documentation

Label and Tag everythingNetwork documentation • System, port, circuit, patch panel Physical and logical maps • What does you

System, port, circuit, patch panel

Physical and logical mapsand Tag everything • System, port, circuit, patch panel • What does you network look like

What does you network look like network plan

Baselinemaps • What does you network look like – network plan • How does the network

How does the network and traffic flow look normally

Cable management• How does the network and traffic flow look normally • ANSI/TIA/EIA 606 Change management •

ANSI/TIA/EIA 606

Change managementflow look normally Cable management • ANSI/TIA/EIA 606 • How do you manage any changes to

How do you manage any changes to the network i.e. equipment upgrades

8/1/2018

8/1/2018

27

27

©2007 Body Temple

8/1/2018

8/1/2018

1

MODULE 6

TCP/IP

1

©2007 Body Temple

Department of Defense (DoD) TCP/IP Model

8/1/2018

8/1/2018

Application

Presentation

APPLICATION

Session

8/1/2018 Application Presentation APPLICATION Session Transport TRANSPORT Network Datalink INTERNET Physical

Transport

TRANSPORT

Presentation APPLICATION Session Transport TRANSPORT Network Datalink INTERNET Physical NETWORK INTERFACE 2 2

Network

Datalink

INTERNET
INTERNET
APPLICATION Session Transport TRANSPORT Network Datalink INTERNET Physical NETWORK INTERFACE 2 2 ©2007 – Body Temple

Physical

NETWORK INTERFACE
NETWORK INTERFACE

2

2

©2007 Body Temple

PORTS

Allow applications or protocols to use specificPORTS values for connections Range from 0-65535 0-1023 are reserved for specified TCP/IP applications and are

values for connections

Range from 0-65535or protocols to use specific values for connections 0-1023 are reserved for specified TCP/IP applications and

0-1023 are reserved for specified TCP/IPto use specific values for connections Range from 0-65535 applications and are known as “Well Known

applications and are known as “Well Known Ports”

Destination and Source port numbersTCP/IP applications and are known as “Well Known Ports” Sockets include IP address and Port Number

Sockets include IP address and Port Numberand are known as “Well Known Ports” Destination and Source port numbers 8/1/2018 8/1/2018 3 3

8/1/2018

8/1/2018

3

3

©2007 Body Temple

Lots of Ports

Non-ephemeral ports – permanent port numbers. Ports 0 through 1,023, usually on a server or service • permanent port numbers. Ports 0 through 1,023, usually on a server or service •

Ephemeral ports – temporary port numbers • Ports 1,024 through 65,536 • Determined in – temporary port numbers • Ports 1,024 through 65,536 • Determined in

real-time by the clients

8/1/2018

8/1/2018

4

4

©2007 Body Temple

Port rules

TCP and UDP ports can be any number between 0Port rules and 65,535 Most servers (services) use non-ephemeral (not- temporary) port numbers. This isn’t always

and 65,535

Most servers (services) use non-ephemeral (not- temporary) port numbers. This isn’t always the case temporary) port numbers. This isn’t always the case

- it’s just a number.

Port numbers are for communication, not securityThis isn’t always the case - it’s just a number. Service port numbers need to be

Service port numbers need to be “well known” •a number. Port numbers are for communication, not security TCP port numbers aren’t the same as

TCP port numbers aren’t the same as UDP port numbers numbers

8/1/2018

8/1/2018

5

5

©2007 Body Temple

PORT NUMBERS

8/1/2018

8/1/2018

6

6

©2007 Body Temple

Internet Layer Protocols

Internet Protocol (IP)Internet Layer Protocols Internet Control Message Protocol (ICMP) Address Resolution Protocol (ARP) 8/1/2018 8/1/2018 7 7

Internet Control Message Protocol (ICMP)Internet Layer Protocols Internet Protocol (IP) Address Resolution Protocol (ARP) 8/1/2018 8/1/2018 7 7 ©2007 –

Address Resolution Protocol (ARP)Protocols Internet Protocol (IP) Internet Control Message Protocol (ICMP) 8/1/2018 8/1/2018 7 7 ©2007 – Body

8/1/2018

8/1/2018

7

7

©2007 Body Temple

Introduction to IP

Introduction to IP A series of moving trucks • Efficiently move large amounts of data •

A series of moving trucks

Efficiently move large amounts of data

Use a shipping truck where the truck is the IP and the container stores the data

The network topology is the road

Ethernet, DSL, coax cable

The truck is the Internet Protocol (IP)

The boxes inside the truck container hold your data which can be made up of TCP and UDP

• Inside these boxes is the data you need to send via ‘DHL’

8/1/2018

8/1/2018

8

8

©2007 Body Temple

Transport Protocols

Transmission Control Protocol (TCP)Transport Protocols • Connection Orientated • TCP Three Way Handshake – Syn, Syn-Ack, Ack • Recovery

Connection Orientated

TCP Three Way Handshake Syn, Syn-Ack, Ack

Recovery from errors

Can manage out-of-order messages or retransmissions

Flow control - the receiver can manage how much data is sent

User Datagram Protocol (UDP)Flow control - the receiver can manage how much data is sent • Connection-less – send

Connection-less send the data out and hope for the best

Used for streaming media, DNS and VOIP

No formal open or close to the connection

• “Unreliable” delivery - No error recovery

No reordering of data or retransmissions

No flow control - sender determines the amount of data transmitted

8/1/2018

8/1/2018

9

9

©2007 Body Temple

IP

IPv4IP IPv6 Windows Clients use dual stack Command Line Utilities: • IPCONFIG • IFCONFIG (Linux/Unix) 8/1/2018

IPv6IP IPv4 Windows Clients use dual stack Command Line Utilities: • IPCONFIG • IFCONFIG (Linux/Unix) 8/1/2018

Windows Clients use dual stackIP IPv4 IPv6 Command Line Utilities: • IPCONFIG • IFCONFIG (Linux/Unix) 8/1/2018 8/1/2018 10 10 ©2007

Command Line Utilities:IP IPv4 IPv6 Windows Clients use dual stack • IPCONFIG • IFCONFIG (Linux/Unix) 8/1/2018 8/1/2018 10

IPCONFIG

IFCONFIG (Linux/Unix)

8/1/2018

8/1/2018

10

stack Command Line Utilities: • IPCONFIG • IFCONFIG (Linux/Unix) 8/1/2018 8/1/2018 10 10 ©2007 – Body

10

©2007 Body Temple

ICMP

Management and messaging for IPICMP Command line utilities: • PING • PATHPING • TRACERT 8/1/2018 8/1/2018 11 11 ©2007 –

Command line utilities:ICMP Management and messaging for IP • PING • PATHPING • TRACERT 8/1/2018 8/1/2018 11 11

PING

PATHPING

TRACERT

8/1/2018

8/1/2018

11

for IP Command line utilities: • PING • PATHPING • TRACERT 8/1/2018 8/1/2018 11 11 ©2007

11

©2007 Body Temple

ARP

Address Resolution ProtocolARP IP to MAC Address Reverse ARP (RARP) resolves IP from MAC 8/1/2018 8/1/2018 address 12

IP to MAC AddressARP Address Resolution Protocol Reverse ARP (RARP) resolves IP from MAC 8/1/2018 8/1/2018 address 12 12

Reverse ARP (RARP) resolves IP from MACARP Address Resolution Protocol IP to MAC Address 8/1/2018 8/1/2018 address 12 12 ©2007 – Body

8/1/2018

8/1/2018

address

IP to MAC Address Reverse ARP (RARP) resolves IP from MAC 8/1/2018 8/1/2018 address 12 12

12

12

©2007 Body Temple

8/1/2018

8/1/2018

1

MODULE 7

IP ADDRESSING

1

©2007 Body Temple

Internet Protocol (IP)

IPv4Internet Protocol (IP) 32 Bit Address Scheme Divided into Network Address and Host Subnet Mask Broken

32 Bit Address SchemeInternet Protocol (IP) IPv4 Divided into Network Address and Host Subnet Mask Broken in 4 Octets

Divided into Network Address and HostInternet Protocol (IP) IPv4 32 Bit Address Scheme Subnet Mask Broken in 4 Octets (8 bits)

Subnet Mask32 Bit Address Scheme Divided into Network Address and Host Broken in 4 Octets (8 bits)

Broken in 4 Octets (8 bits)Scheme Divided into Network Address and Host Subnet Mask Represented by dotted-decimal notation Eg. 192.168.2.200 /

Represented by dotted-decimal notation Eg. 192.168.2.200 / 24Address and Host Subnet Mask Broken in 4 Octets (8 bits) Or 192.168.2.200 255.255.255.0 8/1/2018 8/1/2018

Or 192.168.2.200

255.255.255.0

8/1/2018

8/1/2018

2

2

©2007 Body Temple

Binary to Decimal

To convert binary to decimal the easiestBinary to Decimal method is use a number line and matching 1 and 0 to the

method is use a number line and matching 1

and 0 to the line:

128 64 32 16

8

4

2

1

1

1

0

0

1

1

0

1

The binary number 11001101 converted is:8 4 2 1 1 1 0 0 1 1 0 1 128 + 64 +

128 + 64 + 8 + 4 + 1 = 205

Try converting 10100110 and 00001111 10100110 and 00001111

8/1/2018

8/1/2018

3

3

©2007 Body Temple

Subnetting

PUBLIC and PRIVATE address ranges allocated by IANA (Class-Subnetting full Addressing) PUBLIC Ranges: (Routable on the Internet) Class Range Hosts A 1-126 / 8

full Addressing)

PUBLIC Ranges: (Routable on the Internet)address ranges allocated by IANA (Class- full Addressing) Class Range Hosts A 1-126 / 8 16,777,

Class

Range

Hosts

A

1-126 / 8

16,777, 214

B

128-191 /16

65,534

C

192-223

254

D

224-239

Multicast

E

240-254

Development

8/1/2018

8/1/2018

4

4

©2007 Body Temple

IP

Private Ranges: (Not routable on the Internet)IP Class Range A 10.0.0.0-10.255.255.255 B 172.16.0.0-172.31.255.255 C 192.168.0.0-192.168.255.255

Class

Range

A

10.0.0.0-10.255.255.255

B

172.16.0.0-172.31.255.255

C

192.168.0.0-192.168.255.255

APIPA – Automatic Private IP Address Automatic Private IP Address

169.254.X.X

255.255.0.0

8/1/2018

8/1/2018

5

5

©2007 Body Temple

SUBNETTING

Subnetting allows you to break up large networks intoSUBNETTING smaller broadcast segments Allows for conservation of host addresses Security 8/1/2018 8/1/2018 6 6 ©2007

smaller broadcast segments

Allows for conservation of host addressesyou to break up large networks into smaller broadcast segments Security 8/1/2018 8/1/2018 6 6 ©2007

Securityinto smaller broadcast segments Allows for conservation of host addresses 8/1/2018 8/1/2018 6 6 ©2007 –

broadcast segments Allows for conservation of host addresses Security 8/1/2018 8/1/2018 6 6 ©2007 – Body

8/1/2018

8/1/2018

6

6

©2007 Body Temple

IPv6

128 bit Address RangeIPv6 Displayed in hexadecimal format of eight 16bit groups, separated by a colon (:) Eg:

Displayed in hexadecimal format of eight 16bitIPv6 128 bit Address Range groups, separated by a colon (:) Eg: 2001:0db8:85a3:0042:0000:8a2e:0370:7334 May also be

groups, separated by a colon (:)

Eg: 2001:0db8:85a3:0042:0000:8a2e:0370:7334

May also be written as:

2001:db8:85a3:42::8a28:370:7334

(lead zeros removed)

8/1/2018

8/1/2018

7

7

©2007 Body Temple

Hexadecimal

8/1/2018

8/1/2018

8

Hexadecimal 8/1/2018 8/1/2018 8 8 ©2007 – Body Temple

8

©2007 Body Temple

Binary to Hex Conversion

Let the fun commence…

Let the fun commence…

11001100

11001100

Break number into a nibble (4 bits)

Break number into a nibble (4 bits)

1100 = 12 = C, 1100 = 12 therefore Hex is 0xCC (Ox

1100 = 12 = C, 1100 = 12 therefore Hex is 0xCC (Ox

to denote it is a hex value)

Try converting 10110101 to HEX and then decimal 10110101 to HEX and then decimal

8/1/2018

8/1/2018

9

9

©2007 Body Temple

IPv6

IPv6 Statistics…

340,282,366,920,938,463,463,374,607,431,768

,211,456 (340 undecillion) addresses

6.8 billion people could have

5,000,000,000,000,000,000,000,000,000

addresses each!

8/1/2018

8/1/2018

10

10

©2007 Body Temple

IPv6 Configuration

Dual stack routingIPv6 Configuration • Dual-stack IPv4 and IPv6, run both at the same time. • Interfaces will

Dual-stack IPv4 and IPv6, run both at the same time.

Interfaces will be assigned multiple address types

Tunnelling IPv6• Interfaces will be assigned multiple address types • 6 to 4 addressing to send IPv6

6 to 4 addressing to send IPv6 over an existing IPv4 network

Creates an IPv6 based on the IPv4 address

Teredo/MiredoIPv4 network • Creates an IPv6 based on the IPv4 address • Tunnel IPv6 through NATed

Tunnel IPv6 through NATed IPv4, end-to-end IPv6 through an IPv4 network

No special IPv6 router needed for temporary use

Miredo - Open-source Teredo for Linux,

8/1/2018

8/1/2018

11

11

©2007 Body Temple

IPv6 configuration

IPv6 configuration NDP (Neighbour Discovery Protocol) • No broadcasts! Operates using multicast over ICMPv6 •

NDP (Neighbour Discovery Protocol)

No broadcasts! Operates using multicast over ICMPv6

Neighbour MAC Discovery

Replaces the IPv4 ARP

SLAAC (Stateless Address Autoconfiguration)

Automatically configure an IP address without a DHCP server

DAD (Duplicate Address Detection) No duplicate IPs

Discover routers

Router Solicitation (RS) and Router Advertisement (RA)

8/1/2018

8/1/2018

12

12

©2007 Body Temple

IPv6 Configoration

Finding RouterIPv6 Configoration • ICMPv6 adds the Neighbour Discovery Protocol routers, also send unsolicited RA messages •

ICMPv6 adds the Neighbour Discovery Protocol routers, also send unsolicited RA

messages

From the multicast destination of ff02::1 transfers IPv6 address information, prefix value, and prefix length, etc.

Sent as a multicast neighbour Advertisement (NA)

No ARPetc. • Sent as a multicast neighbour Advertisement (NA) • So how do you find out

So how do you find out the MAC address of a device?

Neighbor Solicitation (NS)

Sent as a multicast Neighbor Advertisement (NA)

8/1/2018

8/1/2018

13

13

©2007 Body Temple

Assigning IPv6 addresses

• Internet Assigned Numbers Authority (IANA) provides address blocks to RIRs

(Regional Internet Registries)

• RIRs assigns smaller subnet blocks to ISPs (Internet Service Providers)

• ISP assigns a /48 subnet to the customer

(Internet Service Providers) • ISP assigns a /48 subnet to the customer 8/1/2018 8/1/2018 14 14

8/1/2018

8/1/2018

14

14

©2007 Body Temple

Assigning IPv6 addresses

Configuring IPv6 with a modified EUI-64Assigning IPv6 addresses • Static addressing can be useful but the IP address never change. The

Static addressing can be useful but the IP address never change. The MAC address changes and

Extended Unique Identifier (64-bit)

Combined a 64-bit IPv6 prefix and the MAC address. However the MAC address is only 48-bits long. So will require some extra bits and a minor change to the MAC address

Converting EUI-48 to EUI-64some extra bits and a minor change to the MAC address • Split the MAC into

Split the MAC into two 3-byte (24 bit) halves and put FFFE in the middle (the missing 16 bits)

Invert the seventh bit which changes the address from globally unique/universal and turns the burned-in address (BIA) into a locally administered address.

turns the burned-in address (BIA) into a locally administered address . 8/1/2018 8/1/2018 15 15 ©2007

8/1/2018

8/1/2018

15

15

©2007 Body Temple

IPv6 Addresses

Unicast – one to one (Same as IPv4) one to one (Same as IPv4)

Multicast – one to many (Similar to IPv4) one to many (Similar to IPv4)

Anycast – one to one of many (Unique to IPv6) one to one of many (Unique to IPv6)

8/1/2018

8/1/2018

16

16

©2007 Body Temple

IPv6

IPv6 Unicast Addresses: ▪ Global Unicast (similar to Public IPv4 addresses) ▪ Link Local Unicast (similar

Unicast Addresses:

Global Unicast (similar to Public IPv4 addresses)

Link Local Unicast (similar to APIPA IPv4 addresses)

Unique Local Unicast (similar to Private IPv4 addresses)

8/1/2018

8/1/2018

17

17

©2007 Body Temple

Special IPv6 Addresses

Loopback AddressSpecial IPv6 Addresses ::1 (127.0.0.1) Link Local Addresses FE80:: (Similar to APIPA addresses) 8/1/2018 8/1/2018 18

::1 (127.0.0.1)Special IPv6 Addresses Loopback Address Link Local Addresses FE80:: (Similar to APIPA addresses) 8/1/2018 8/1/2018 18

Link Local AddressesSpecial IPv6 Addresses Loopback Address ::1 (127.0.0.1) FE80:: (Similar to APIPA addresses) 8/1/2018 8/1/2018 18 18

FE80:: (Similar to APIPA addresses)IPv6 Addresses Loopback Address ::1 (127.0.0.1) Link Local Addresses 8/1/2018 8/1/2018 18 18 ©2007 – Body

8/1/2018

8/1/2018

18

18

©2007 Body Temple

ICMPv6

Replaces IGMP with Multicast Listener Discovery Multicast Listener Discovery

(MLD)

Replaces ARP with Neighbour Discovery (ND) Neighbour Discovery (ND)

8/1/2018

8/1/2018

19

19

©2007 Body Temple

Troubleshooting IP

Physical Network Components (NIC, Cables, (NIC, Cables,

Switches, Routers)

Network Interface Card ConfigurationNetwork Components (NIC, Cables, Switches, Routers) IPCONFIG PING TRACERT ARP 8/1/2018 8/1/2018 20 20 ©2007

IPCONFIGSwitches, Routers) Network Interface Card Configuration PING TRACERT ARP 8/1/2018 8/1/2018 20 20 ©2007 – Body

PINGRouters) Network Interface Card Configuration IPCONFIG TRACERT ARP 8/1/2018 8/1/2018 20 20 ©2007 – Body Temple

TRACERTSwitches, Routers) Network Interface Card Configuration IPCONFIG PING ARP 8/1/2018 8/1/2018 20 20 ©2007 – Body

ARPRouters) Network Interface Card Configuration IPCONFIG PING TRACERT 8/1/2018 8/1/2018 20 20 ©2007 – Body Temple

Routers) Network Interface Card Configuration IPCONFIG PING TRACERT ARP 8/1/2018 8/1/2018 20 20 ©2007 – Body

8/1/2018

8/1/2018

20

20

©2007 Body Temple

Network Address Translation (NAT)

NAT allows for the continuation of private IPv4Network Address Translation (NAT) addressing Translates between Private and Public IP networks (different to Routing)

addressing

Translates between Private and Public IP networks (different to Routing)NAT allows for the continuation of private IPv4 addressing Simply replaces the source IP address (private)

Simply replaces the source IP address (private) withPrivate and Public IP networks (different to Routing) that of the external (public) IP address to

that of the external (public) IP address to enable routing on the Internet

Addition security features (Firewall)of the external (public) IP address to enable routing on the Internet 8/1/2018 8/1/2018 21 21

8/1/2018

8/1/2018

21

21

©2007 Body Temple

NAT

Basic NATNAT Internal – Private LAN 192.168.2.0/24 NAT-T (IPSEC) NAT-PT (IPv6) External – Public Interface 101.102.103.104

Internal – Private LAN 192.168.2.0/24
Internal – Private LAN
192.168.2.0/24

NAT-T (IPSEC)NAT Basic NAT Internal – Private LAN 192.168.2.0/24 NAT-PT (IPv6) External – Public Interface 101.102.103.104

NAT-PT (IPv6)NAT Internal – Private LAN 192.168.2.0/24 NAT-T (IPSEC) External – Public Interface 101.102.103.104 8/1/2018

External Public Interface

101.102.103.104

(IPSEC) NAT-PT (IPv6) External – Public Interface 101.102.103.104 8/1/2018 8/1/2018 22 22 ©2007 – Body Temple

8/1/2018

8/1/2018

22

22

©2007 Body Temple

8/1/2018

8/1/2018

1

MODULE 8

ROUTING

1

©2007 Body Temple

Routing Tables

Routing table provides the router with a ‘map’ ofRouting Tables the network configuration and where it can receive and send packets to/from Typically routing

the network configuration and where it can receive

and send packets to/from

Typically routing table includes:and where it can receive and send packets to/from ▪ Destination addresses ▪ Gateway locations ▪

Destination addresses

Gateway locations

Interfaces

Cost (Metric)

8/1/2018

8/1/2018

2

2

©2007 Body Temple

Windows Routing Table

Route PrintWindows Routing Table Netstat -r 8/1/2018 8/1/2018 3 3 ©2007 – Body Temple

Netstat -rWindows Routing Table Route Print 8/1/2018 8/1/2018 3 3 ©2007 – Body Temple

Windows Routing Table Route Print Netstat -r 8/1/2018 8/1/2018 3 3 ©2007 – Body Temple

8/1/2018

8/1/2018

3

3

©2007 Body Temple

Routing information

Routing Tables are updated by:Routing information STATIC Routing (Routing information is manually configured) DYNAMIC Routing (Routing protocols

STATIC Routing (Routing information is manually configured)Routing information Routing Tables are updated by: DYNAMIC Routing (Routing protocols automatically update routing

DYNAMIC Routing (Routing protocolsSTATIC Routing (Routing information is manually configured) automatically update routing information) 8/1/2018 8/1/2018

automatically update routing information)

8/1/2018

8/1/2018

4

4

©2007 Body Temple

Static Routing

ROUTE ADDStatic Routing Router Config 8/1/2018 8/1/2018 5 5 ©2007 – Body Temple

Router ConfigStatic Routing ROUTE ADD 8/1/2018 8/1/2018 5 5 ©2007 – Body Temple

8/1/2018

8/1/2018

5

5
5

©2007 Body Temple

DYNAMIC ROUTING

Routing ProtocolsDYNAMIC ROUTING Distance Vector ▪ Use algorithms to calculate best routes based on distance (cost) and

Distance VectorDYNAMIC ROUTING Routing Protocols ▪ Use algorithms to calculate best routes based on distance (cost) and

Use algorithms to calculate best routes based on distance (cost) and direction (vector)

Transfer the whole routing table to other routers (up to a

maximum number of hops)

Routing tables are broadcast at regular intervals

Used for small/medium size networks

8/1/2018

8/1/2018

6

6

©2007 Body Temple

Distant Vector Routing Protocols

Routing Internet Protocol (RIP )v1 RIP)v1

RIPv2 – increased security (authentication) increased security (authentication)

Border Gateway Protocol (BGP ) – used to connect Autonomous Systems (AS) across the Internet BGP) used to connect Autonomous Systems (AS) across the Internet

(Autonomous Systems use classes of routing protocols Interior and Exterior Gateway Protocol (IGP and EGP))

8/1/2018

8/1/2018

7

7

©2007 Body Temple

Dynamic Routing Protocols

Link State – If the router is on it can connect! If the router is on it can connect!

Open Shortest Path First (OSPF)Link State – If the router is on it can connect! More common IGP (OSPFv2 for

More common IGP (OSPFv2 for IPv4, OSPFv3 for IPv6)router is on it can connect! Open Shortest Path First (OSPF) IS-IS (Intermediate System – Intermediate

IS-IS (Intermediate System – Intermediate System) Intermediate System)

8/1/2018

8/1/2018

8

8

©2007 Body Temple

Routing Protocols

AUTONOMOUS SYSTEM (AS)

AUTONOMOUS SYSTEM (AS)

Exterior Gateway Protocol : BGP
Exterior Gateway
Protocol :
BGP

Interior Gateway Protocols:

8/1/2018

8/1/2018

9

RIP, IGRP, EIGRP, OSPF

9

©2007 Body Temple

High Availability Routing

Use of ‘Virtual Routers’High Availability Routing Hot Standby Router Protocol (HSRP) – Cisco proprietary Virtual Router Redundancy Protocol

Hot Standby Router Protocol (HSRP) – Cisco proprietary Cisco proprietary

Virtual Router Redundancy Protocol (VRRP)Routers’ Hot Standby Router Protocol (HSRP) – Cisco proprietary 8/1/2018 8/1/2018 10 10 ©2007 – Body

8/1/2018

8/1/2018

10

10

©2007 Body Temple

IPv6 Dynamic Routing

RIPngIPv6 Dynamic Routing EIGRPv6 OSPFv3 8/1/2018 8/1/2018 11 11 ©2007 – Body Temple

EIGRPv6IPv6 Dynamic Routing RIPng OSPFv3 8/1/2018 8/1/2018 11 11 ©2007 – Body Temple

OSPFv3IPv6 Dynamic Routing RIPng EIGRPv6 8/1/2018 8/1/2018 11 11 ©2007 – Body Temple

8/1/2018

8/1/2018

11

11

©2007 Body Temple

MODULE 9

SWITCHING AND VLANs

8/1/2018

8/1/2018

1

1

©2007 Body Temple

Switches

LAYER 2 DeviceSwitches Used to create separate collision domains Managed or Unmanaged devices Learn the MAC address of

Used to create separate collision domainsSwitches LAYER 2 Device Managed or Unmanaged devices Learn the MAC address of host locations using

Managed or Unmanaged devicesLAYER 2 Device Used to create separate collision domains Learn the MAC address of host locations

Learn the MAC address of host locations using MAC address forward/filter tableUsed to create separate collision domains Managed or Unmanaged devices 8/1/2018 8/1/2018 2 2 ©2007 –

8/1/2018

8/1/2018

2

the MAC address of host locations using MAC address forward/filter table 8/1/2018 8/1/2018 2 2 ©2007

2

©2007 Body Temple

Spanning Tree Protocol (STP)

Eliminates bridging loops (aka switching loops)Spanning Tree Protocol (STP) Enables switches to detect loops, communicate with other switches and block potential

Enables switches to detect loops, communicate(STP) Eliminates bridging loops (aka switching loops) with other switches and block potential loops taking place

with other switches and block potential loops taking place

8/1/2018

8/1/2018

3

ROOT BRIDGE

other switches and block potential loops taking place 8/1/2018 8/1/2018 3 ROOT BRIDGE ROOT PORT 3
other switches and block potential loops taking place 8/1/2018 8/1/2018 3 ROOT BRIDGE ROOT PORT 3

ROOT PORT

ROOT PORT
other switches and block potential loops taking place 8/1/2018 8/1/2018 3 ROOT BRIDGE ROOT PORT 3
other switches and block potential loops taking place 8/1/2018 8/1/2018 3 ROOT BRIDGE ROOT PORT 3

3

©2007 Body Temple

Virtual LAN (VLAN)

Switches provide a method of broadcast domainVirtual LAN (VLAN) segmentation called Virtual LANs (VLANs) Layer 2 method of creating more broadcast domains

segmentation called Virtual LANs (VLANs)

Layer 2 method of creating more broadcast domainsof broadcast domain segmentation called Virtual LANs (VLANs) VLANs logically divide a switch into multiple, independent

VLANs logically divide a switch into multiple, independent switches at Layer 2, each in their own(VLANs) Layer 2 method of creating more broadcast domains broadcast domain 8/1/2018 8/1/2018 4 4 ©2007

broadcast domain

8/1/2018

8/1/2018

4

4

©2007 Body Temple

VIRTUAL LAN (VLAN)

8/1/2018

8/1/2018

5

VLAN 2

VLAN 3 VLAN 4
VLAN 3 VLAN 4

VLAN 3

VLAN 3 VLAN 4
VLAN 3 VLAN 4

VLAN 4

VLAN 3 VLAN 4
VLAN 3 VLAN 4
VIRTUAL LAN (VLAN) 8/1/2018 8/1/2018 5 VLAN 2 VLAN 3 VLAN 4 ROUTER 5 ©2007 –
VIRTUAL LAN (VLAN) 8/1/2018 8/1/2018 5 VLAN 2 VLAN 3 VLAN 4 ROUTER 5 ©2007 –
VIRTUAL LAN (VLAN) 8/1/2018 8/1/2018 5 VLAN 2 VLAN 3 VLAN 4 ROUTER 5 ©2007 –
VIRTUAL LAN (VLAN) 8/1/2018 8/1/2018 5 VLAN 2 VLAN 3 VLAN 4 ROUTER 5 ©2007 –
VIRTUAL LAN (VLAN) 8/1/2018 8/1/2018 5 VLAN 2 VLAN 3 VLAN 4 ROUTER 5 ©2007 –
VIRTUAL LAN (VLAN) 8/1/2018 8/1/2018 5 VLAN 2 VLAN 3 VLAN 4 ROUTER 5 ©2007 –

ROUTER

5

©2007 Body Temple

VLANs

Each VLAN behaves as if it were a separate switchVLANs Packets are forwarded only to ports on that VLAN VLANS require a TRUNK to span

Packets are forwarded only to ports on that VLANVLANs Each VLAN behaves as if it were a separate switch VLANS require a TRUNK to

VLANS require a TRUNK to span multiple switches TRUNK to span multiple switches

VLAN Trunking Protocol (VTP)that VLAN VLANS require a TRUNK to span multiple switches • manages VLANs across a switched

manages VLANs across a switched internetwork and maintains consistency throughout that network

A port can be assigned to a given VLANa switched internetwork and maintains consistency throughout that network 8/1/2018 8/1/2018 6 6 ©2007 – Body

8/1/2018

8/1/2018

6

6

©2007 Body Temple

VLAN

8/1/2018

8/1/2018

7

VLAN 2

VLAN 2

VLAN 3 VLAN 4
VLAN 3
VLAN 4

Trunk Link

VLAN 8/1/2018 8/1/2018 7 VLAN 2 VLAN 2 VLAN 3 VLAN 4 Trunk Link ROUTER 7
VLAN 8/1/2018 8/1/2018 7 VLAN 2 VLAN 2 VLAN 3 VLAN 4 Trunk Link ROUTER 7
VLAN 8/1/2018 8/1/2018 7 VLAN 2 VLAN 2 VLAN 3 VLAN 4 Trunk Link ROUTER 7
VLAN 8/1/2018 8/1/2018 7 VLAN 2 VLAN 2 VLAN 3 VLAN 4 Trunk Link ROUTER 7

ROUTER

7

©2007 Body Temple

VLAN

VLAN 8/1/2018 8/1/2018 8 8 ©2007 – Body Temple

8/1/2018

8/1/2018

8

8

©2007 Body Temple

Additional Switch settings/properties

Dependant upon the type/manufacture of the deviceAdditional Switch settings/properties Quality of Service (QOS) Port Security Port Mirroring Port Bonding Flood Guards

Quality of Service (QOS)Dependant upon the type/manufacture of the device Port Security Port Mirroring Port Bonding Flood Guards

Port Securitythe type/manufacture of the device Quality of Service (QOS) Port Mirroring Port Bonding Flood Guards Multicasting

Port Mirroringof the device Quality of Service (QOS) Port Security Port Bonding Flood Guards Multicasting Power over

Port Bondingdevice Quality of Service (QOS) Port Security Port Mirroring Flood Guards Multicasting Power over Ethernet (PoE)

Flood Guardsof Service (QOS) Port Security Port Mirroring Port Bonding Multicasting Power over Ethernet (PoE) 802.3af/802.3at

Multicasting(QOS) Port Security Port Mirroring Port Bonding Flood Guards Power over Ethernet (PoE) 802.3af/802.3at 8/1/2018 8/1/2018

Power over Ethernet (PoE) 802.3af/802.3at(QOS) Port Security Port Mirroring Port Bonding Flood Guards Multicasting 8/1/2018 8/1/2018 9 9 ©2007 –

Bonding Flood Guards Multicasting Power over Ethernet (PoE) 802.3af/802.3at 8/1/2018 8/1/2018 9 9 ©2007 – Body

8/1/2018

8/1/2018

9

9

©2007 Body Temple

Network Time Protocol

NTP (Network Time Protocol)Network Time Protocol • Switches, routers, firewalls, servers, workstations every device has its own clock.

Switches, routers, firewalls, servers, workstations every device has its own clock.

Synchronizing the clocks becomes critical for log files, authentication information, outage details and automatically.

Accuracy is better than 1 millisecond on a local network

NTP clients and serversAccuracy is better than 1 millisecond on a local network • NTP server responds to time

NTP server responds to time requests from NTP clients but does not modify their own time

NTP client requests time updates from NTP server

NTP client/server requests time updates from an NTP server and responds to time

requests from other NTP clients

Important to plan your NTP strategy, which devices are clients, servers, and client/servers?

8/1/2018

8/1/2018

10

10

©2007 Body Temple

Network Time Protocol

NTP stratum layersNetwork Time Protocol • Some clocks are better than others your distance from the original reference

Some clocks are better than others your distance from the original reference clock is called a stratum

Stratum 0 - Atomic clock, GPS clock

Stratum 1 - Synchronized to stratum 0 servers primary time servers

Stratum 2 - Sync’d to stratum 1 servers

Configuring NTPtime servers • Stratum 2 - Sync’d to stratum 1 servers • NTP client, specify the

NTP client, specify the NTP server address (IP or hostname) use multiple NTP servers

(if available) for redundancy

NTP server, you need at least one clock source, specify the stratum level of the clock. If there’s a choice, the lower stratum level wins

8/1/2018

8/1/2018