ccna.docx
TRANSCRIPT
ADSL (Asymmetric Digital Subscriber Line).
Asymmetric Digital Subscriber Line (ADSL) is a high-speed transmission technology. ADSL is an asynchronous system, which means that the data rate allowed is not equal in both directions. Therefore most ADSL lines have a far higher download speed than upload speed, which means that capacity is higher when coming at the end user, than it is leaving.
How ADSL Works
ADSL works by isolating the bandwidth of copper telephone lines into diverse frequency ranges, known as carriers. This enables the accommodation and transmission of several different signals on the same wire. To accomplish this, ADSL uses a process called Frequency Division Multiplexing (FDM), the carriers carry each of a different parts of the same data transmitted simultaneously, This helps to create more available bandwidth and higher speeds for the end user. In this way, ADSL can accommodate simultaneous high-speed data and voice transmission, such as surfing the web, watching streaming video, fax and voice call, all on the same line.- See more at: http://orbit-computer-solutions.com/ADSL-Broadband.php#sthash.TQe36ULg.dpuf
BroadbandBroadband technology is simply the name given to high-speed Internet access. Broadband replaced analogue modem. Broadband connection can be delivered in a number of different methods, ADSL, Cable & Satellite .
With a broadband router, you can connect two or more computers to share in Internet connection at home or office.
Broadband use a technology called NAT – Network Address Translation -, this is the use of a single IP address by all the computers in your home and office to connect and use the Internet at the same time.
Broadband connection speed to Internet is extremely high, it supports data, voice and video information
It is considered broad in a sense that multiple kinds of information can be transmitted across the wire, or band.
Additionally, with broadband you can surf the web without delay, watch streaming videos with audio, make phone a call all at the same time.One of the interesting things about Broadband connection is, it’s always on, you don't have to waste time dialing in to a service provider, it comes on as soon as your computer is powered on.
Satellite Internet
Cable Modem
Wireless Router
Virtual Private Network (VPN)
Broadband Speed The broadband speed difference is huge. It has revolutionized so much more of the way we use the Internet to the previous dial up Internet.
The broadband like it’s predecessors, information travels in two directions. Downstream and Upstream.
Downstream refers to information going from the Internet to your computer, like when a new web page is loaded.
Upstream refers to information from your computer to the Internet, like the click of the mouse- that tells a web page where you'd like to go next.
Firstly, Internet transfer speeds are measured in kilobits per second and megabits per second, don’t mistake it for kilobytes and megabytes, we use these terms when we talk about hard disks and files.
Recommended Broadband Routers
Below is a summary on broadband calculated speeds.
Speed (kilobits) Load time
(100 kb)
Download time
(5 Mb of data)
Video Quality
56k (dial up) 15 sec 12 min 35 sec Low Quality256k 4 sec 3 min Low Quality512k 1.5 sec 1 min 30 sec “1Mb 8-9 sec 40-41 sec “”2Mb 4-5 sec 19-20 sec Medium Quality4Mb 1-2 sec 5-6 sec “6Mb Immediately Immediately “8Mb Immediately Immediately High Quality
You have to have in mind that the above data could be affected by your PC processing speed, viruses etc.
- See more at: http://orbit-computer-solutions.com/Broadband.php#sthash.frvo3Ouf.dpuf
Wireless Routers.
Before deciding on buying a specific router ask yourself if you want computers to be able to connect wired or wirelessly to your network.
A wireless router is a network device that enables you connect several computers to the Internet without using cables, rather by using wireless access points, or WLAN. Some of the reason we go wireless networking include freedom and affordability. But you need to keep other factors in mind.
Look out for notable brands like Cisco, Net Gear, Linksys and D-link. These are most popular brands built with rugged technologies.
Bandwidths and performance should be another factor to check for. A wireless standard defines the speed for interconnectivity or data transmission by a particular router. E.g. 802.11a, 802.11g, 802.11n etc
Read more on wireless standards.
Advantages of Wireless Routers.a. Wireless routers are equipped with modem, network switch (a device that has multiple connection ports for connecting computers and other network devices), wireless access points.
b. Wireless Router can be connected to / from anywhere in your immediate environment or house. That means you can log on and surf the Internet from anywhere around your surrounding.
c. Some of the wireless routers are equipped with a built in firewall to ward of intruders. The configuration options of the firewall are an important consideration when buying a router. Virtually everyone buys and sell online one way or the other, buying a wireless router with good firewall configuration options can be helpful for security and privacy.
d. The broadband router wireless VoIP technology enables you to can connect to the Internet, using any ordinary phone device. You can then make calls to anybody in the world via your Internet connection. Wireless router provides strong encryption (WPA or AES) and features the filters MAC address and control over SSID authentication.
Disadvantages.
a. The wireless connection will be slightly slower than the wired connection. Simply put, wireless or WI-FI transmits through the air and can be blocked interfered with by other waves from the surrounding.
b. Security is one of the main concern when it comes to networking generally, wired network provides for more regid security to wireless. This means that all of your private data stored in your laptop or PDA could be exposed to anyone in the same vicinity. It's possible that an unscrupulous person could obtain passwords and important personal information easily from wireless networks if not properly configured.
c. There is over congestion of WI-FI, especially in the cities where you have a large population of stores and big organisations that transmits over the same channel, causing much interference.
Other devices can be a problem too. Blue tooth devices, cordless telephones and microwaves ovens do cause interference sometimes.
Theses are some of the known disadvantages, but it doesn’t hinder yours truly from using wireless; basically, because of the freedom and manageability I get. One could work anywhere in their surrounding
- See more at: http://orbit-computer-solutions.com/Wireless-Routers.php#sthash.3a9wdIHx.dpuf
Wireless LAN (WLAN).There are different network infrastructures (wired LAN, Service Provider Networks) that allows mobility, but in a business environment, the most important is the wireless LAN (WLAN). Most modern business networks rely on switch-based LANs for day-to-day operation inside the office.
Productivity is no longer restricted to a fixed work location or a defined time period. People now expect to be connected at any time and place, (you are in when you are out...) from the office to the airport or even the home.
Traveling employees used to be restricted to pay phones for checking messages and returning a few phone calls between flights. Now employees can check e-mail, voice mail, and the status of products on personal digital assistants (PDAs) while at many temporary locations.
Wireless LAN and Wired (Ethernet) LANWireless LANs share a similar origin with Ethernet LANs. The IEEE has adopted the 802 LAN/MAN portfolio of computer network architecture standards. The two dominant 802 working groups are 802.3 Ethernet and 802.11 wireless LAN. However, there are important differences between the two.
WLANs use radio frequencies (RF) instead of cables at the Physical layer and MAC sub-layer of the Data Link layer. In comparison to cable, RF has the following characteristics:
i. RF does not have boundaries, such as the limits of a wire in a sheath. The lack of such a boundary allows data frames traveling over the RF media to be available to anyone that can receive the RF signal.
ii. RF is unprotected from outside signals, whereas cable is in an insulating sheath. Radios operating independently in the same geographic area but using the same or a similar RF can interfere with each other.
iii. RF transmission is subject to the same challenges inherent in any wave-based technology, such as consumer radio. For example, as you get further away from the source, you may hear stations playing over each other or hear static in the transmission. Eventually you may lose the signal all together. Wired LANs have cables that are of an appropriate length to maintain signal strength.
iv. RF bands are regulated differently in various countries. The use of WLANs is subject to additional regulations and sets of standards that are not applied to wired LANs.
WLANs connect clients to the network through a wireless access point (AP) instead of an Ethernet switch.
WLANs connect mobile devices that are often battery powered, as opposed to plugged-in LAN devices. Wireless network interface cards (NICs) tend to reduce the battery life of a mobile device.
WLANs support hosts that contend for access on the RF media (frequency bands). 802.11 prescribes collision-avoidance instead of collision-detection for media access to proactively avoid collisions within the media.
WLANs use a different frame format than wired Ethernet LANs. WLANs require additional information in the Layer 2 header of the frame.
WLANs raise more privacy issues because radio frequencies can reach outside the facility.
802.11 wireless LANs extend the 802.3 Ethernet LAN infrastructures to provide additional connectivity options. However, additional components and protocols are used to complete wireless connections.
In an 802.3 Ethernet LAN, each client has a cable that connects the client NIC to a switch. The switch is the point where the client gains access to the network.
In a wireless LAN, each client uses a wireless adapter to gain access to the network through a wireless device such as a wireless router or access point.
- See more at: http://orbit-computer-solutions.com/Wireless-LAN--WLAN-.php#sthash.rLTJelID.dpuf
How To Set Up A Wireless Network Connection.Wireless broadband has multiple benefits for home users, as well as several benefits that business users will be able to enjoy. In a home setting wireless broadband will allow multiple users to share the same internet connection, so there will be no need to fight over a single computer for internet access.
A wireless network will also make sharing files between your PCs at home extremely simple, whether it is to backup photographs, stream audio and video to your living room or play online games. Finally because there is no need to install wiring you do not need to have dangerous clumps of cables running across the floor and it is a truly unobtrusive option.
Businesses can use a wireless network connection to connect multiple PCs without the need for expensive wiring and can also offer free wireless internet access to clients and customers whilst they are on the premises.
Installing a wireless network connection in your own property is simple if you follow these few quick tips:
* First you will need a fixed line broadband connection, either ADSL via your telephone line or Cable broadband which uses an underground fibre optic network. When you sign up for a new ADSLor Cable Broadband connection most providers will usually include a free wireless router, which is the main piece of kit you will need to set up a wireless network in your own home. Wireless routers vary depending on the price of the package you pick and the manufacturers who produce them, so each will come with its own set of instructions to guide you through the set up process. However, there are a few universal guidelines for installation which we will deal with below.
* Once you have the wireless router, you will need to plug it into the main to provide it with power and you will also need to plug it into your fixed line connection. If this is an ADSL service you will need to first plug the router into a microfilter and then into the phone socket. This filter will allow you to use your phone line at the same time as you are surfing the internet wirelessly. Every phone socket in your home will need a microfilter attached regardless of whether it has a router attached to it to reduce the amount of interference and improve connection speed.
Many routers will require that you plug in via an Ethernet cable before you can set up the wireless network, though routers received directly from providers may already be ready to use straight out of the box. If this is not the case and if you want to alter the options on a router you have bought yourself you will need to plug in your PC or Laptop and open your favourite web browser.
* You will then need to enter the IP address of your router. This should be included in the documentation. You will then need to navigate to the wireless network settings. Here you can turn on the network, add security in the form of WEPor WPA passwords or phrases and see which devices are connected to the router wirelessly.
- See more at: http://orbit-computer-solutions.com/How-To-Set-Up-A-Wireless-Network-Connection.php#sthash.erZhK5r2.dpuf
Filtering Access by MAC Address.Wireless routers like the Linksys by Cisco wireless range can be used not only for routing traffic between networks and computer in your home or office;it can also be used as a Firewall.
As you must know; every network device is identified by a physical address also known as MAC address. You can use your wireless router to filter or control access to the internet or programs by listing and preventing the MAC addresses of devices connected to the wireless router.
To filter MAC addresses, follow this step:
1. Click the Wireless tab
2. Click Wireless MAC Address filter
3. Click Enable
4. Click Permit Only PCs listed to access the wireless network
5. Click wireless Client or Edit MAC Filter List
When MAC address filter list window appears,enter the address of each network adapter in your home or office you want to prevent from accessing the network
Click SaveSetting at the bottom of the window.
- See more at: http://orbit-computer-solutions.com/Filtering-Access-by-MAC-Address.php#sthash.2sjdDv4u.dpuf
Linksys Wireless Router.Linksys is one of the leading manufacturers of Ethernet and wireless routers that are useful for homes and small businesses network.
Linksys wireless routers support most of all the general types of home networking components. Among the various ranges of Linksys wireless routers is the
wireless-N products range which is equipped with 802.11n capability, while the Wireless-G products support 802.11g.
Linksys range of dual-band routers, support more than one of the Wi-Fi standards such as the Linksys Dual-Band Wireless A+G which supports 802.11a and 802.11g. Most Linksys routers are specially designed for mobility, some for VPN networking, and some for high speed connection and easy to set up.
- See more at: http://orbit-computer-solutions.com/Linksys-Wireless-Routers.php#sthash.UOpAPQyD.dpuf
Wireless Network Security.
Use the following recommendations for additional security on your wireless networks.
Use a network security key
If you have a home or office wireless network, you should set up a network security key, which turns on encryption. With this, other people (except authorise users) can't connect to your network without the
Sign Up For Post Updates
* required
First Name:
Email Address:*
partner-pub-1370 UTF-8
Search
security key. Also, any information that is sent across your network is encrypted so that only computers that have the key to decrypt the information can read it. This can help avert attempts to access your network and files without your permission.Known Wireless network encryptions are:
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
WPA-2.
read more on WEP,WPA,WPA-2
Change the administrator name and password
If you have a router or access point, you probably used a default name and password to set up the device. Most manufacturers use the same default name and password for all of their equipment, this enables anyone to gain access your router or access point without you knowing it. To secure your network, change the default administrator user name and password for your router. Check the information that came with your device for instructions about how to change the name and password.
Change the default SSID
Routers and access points use a wireless network name called a service set identifier (SSID). Most manufacturers use the same SSID for all of their routers and access points. Changing the default SSID helps to keep your wireless network from overlapping with other wireless networks that might be using the default SSID. It makes it easier for you to identify which wireless network is yours, if there are wireless network(s) nearby, because the SSID is typically shown in the list of available networks. Check the information that came with your device for instructions about how to change the default SSID.
Position your router or access point
Wireless signals can transmit a few hundred feet, so the signal from your network could be broadcast outside of your home. You can help limit the area that your wireless signal reaches by positioning your router or access point close to the centre of your
Email Marketing by VerticalResponse
Resources
CCNA Networking Books
MCSE Certification
Cisco Packet Tracer
GNS3 Router Simulator
CCNA - Past Questions
& Answers with Explanation
VLSM eBook
Sign Me Up
home rather than near an outside wall or window.
Use Standard or User account
The standard account can help protect your computer by preventing users from making changes that affect everyone who uses the computer. A very good recommendation is for you to create a standard account for each user.
When you are logged on to Windows with a standard account, you can do anything that you would do with an administrator account, but if you want to do something that affects other users of the computer, such as installing software or changing security settings, Windows might ask you to provide a password for an administrator account.
Network Security Software
Wireless Routers
Types of Wireless Technology
How To Secure Your Network with Windows Firewall
How to Filter Access by MAC Address
52 0 0 0 0
Web Links Privacy Policy Contact Us Advertise.
(c) Copyright 2013. Orbit-Computer-Solutions.Com. All rights reserved.
The information provided on this website is for informational purposes only.
Orbit-computer-solutions.com makes no warranties, either expressed or implied, with respect
to any information contained on this website.
Orbit -computer-solutions.com reserves the right to change this policy at any time without prior notice.
Cisco and All related product mentioned in any portion of this website are the registered trademarks of Cisco.com their respective owners. Microsoft Windows and All related products mentioned in any portion of this website are registered trademark of Microsoft Corporation.
This website has stored cookies to help the work better.
- See more at: http://orbit-computer-solutions.com/Wireless-Network-Security.php#sthash.B6CpbsIE.dpuf
Diagram of a Wireless Network.
Wired Network.
- See more at: http://orbit-computer-solutions.com/Diagram-of-a-Wireless-Network.php#sthash.m4dg5KhW.dpuf
How to Install and Configure your Wireless Router or Access Points.On the following pages, you will learn how to configure a wireless router or access point. This includes:
i. How to set the SSID
ii. Enable security
iii. Configure the channel
iv. Adjust the power settings of a wireless access point.
We will also look at how to back up and restore your configuration settings on a wireless access point.
Most access points have been designed to function with the default or factory settings. It is recommended to change the default configurations.
After confirming your wired network connectivity, and the access point installed, you will now configure it.
In the following examples we will be using the Linksys WRT300N multifunction device, it also an access point.
Use these steps for configuring the Linksys WRT300N and most linksys wireless access points:
Make your PC is connected to the access point via a wired connection, and access the web utility with a web browser. To access the web-based utility of the access point, launch Internet Explorer, and enter the WRT300N default IP address, 192.168.1.1, in the address field.
Press the Enter key.
1. A screen display prompting you for your username and password. Leave the Username field blank.
2. Enter admin in the Password field (default settings for a Linksys WRT300N). If the device has already been configured, the username and password may have been changed.
3. Click OK to continue.
For a basic network setup, we will be learning how to use the following screens
Setup, Management, and Wireless buttons:
i. Setup – on this screen you will enter your basic network settings (IP address).
ii. Management –start by clicking the Administration tab and then select the Management screen. The default password is admin. To secure the access point, change the password from its default.
iii. Wireless – This is where you make changes of the default SSID. Select the level of security in the Wireless Security tab and complete the options for the selected security mode.
When you have finished making changes to a screen, click the Save Settings button, or click the Cancel Changes button to undo your changes. For information on a tab, click Help. We will go through these steps one after the other.
- See more at: http://orbit-computer-solutions.com/How-to-Install-and-Configure-your-Wireless-Router-or-Access-Points.php#sthash.RrOm7Skm.dpuf
How to Add and Configure Wireless Router to a LAN.On this page, we will look at how to configure a Linksys wireless router, allowing for remote access from PCs as well as wireless connectivity with WEP security. We will use the topology diagram below as sample.
The router R1 and switch SW2 had been configured with the appropriate configurations with the LAN and VLAN
R1 and SW2 Configurations:
Before you begin, you might like to do a reset on the wireless router. In order to clear any previous configurations, do a hard reset. Look for the reset button on the back of the router. Using a pen or other thin instrument, hold down the reset button for 5 - 7 seconds. The router should now be restored to its factory default settings.
Establish physically connectivity.
1. Connect a straight through cable from the Laptop PC to one of the wireless router’s LAN ports, labelled Ethernet 1 - 4. By default, the wireless router will provide an IP address to the laptop using default DHCP configurations.
Open a web browser.
2. Navigate to the wireless router’s Web Utility. You can use the WEB GUI will be used to configure the settings on the wireless router. The GUI can be accessed by navigating to the router’s LAN/Wireless IP address with a web browser. The factory default address is 192.168.1.1.
3. Leave the username blank and set the password to: admin.
4. Configure Options in the Linksys Setup Tab.
By default the start-up page is the Setup screen. Here, you will need to set the Internet connection type to static IP. In the menus at the top notice you are in the Setup section and under the Basic Setup tab.
5. • In the Setup screen for the Linksys router, locate the Internet Connection Type option in the Internet Setup section of this page. Click the drop-down menu and select Static IP from the list.
6. Configure the VLAN 99 IP address, subnet mask, and default gateway for the Linksys Wireless Router.
• Set the Internet IP address to 172.17.99.25.
• Set the Subnet Mask to 255.255.255.0.
• Set the Default Gateway to 172.17.99.1.
Note: Typically in a home or small business network, this Internet IP address is assigned by the ISP through DHCP or PPPoE.
7. Configure the router R1 IP parameters.
• Still on the Basic Setup page, scroll down to Network Setup. For the Router IP fields do the following:
* Set the IP address to 172.17.30.1 and the subnet mask to 255.255.255.0.
Under the DHCP Server Setting, ensure that the DHCP server is Enabled.
Click the Save Settings button at the bottom of the Setup screen.
At this stage, you will notice that the IP address range for the DHCP pool adjusts to a range of addresses to match the Router IP parameters. These addresses are used for any wireless clients that connect to the router’s internal switch. Clients receive an IP address and mask, and are given the router IP to use as a gateway.
8. Set the network name (SSID).
• Click the Wireless tab.
• Under Network Name (SSID), rename the network from Linksys to any name of your choice, example orbitcisco1.
• Click Save Settings.
9. Set the security mode.
• Click Wireless Security. It is located next to Basic Wireless Settings in the main Wireless tab.
• ChangeSecurity Mode from Disabled to WEP.
• Using the default Encryption of 40/64-Bit, set Key1 to 1234567890 or any combination of hex digit only,
• Click Save Settings.
10. Set the router password.
• Click the Administration tab.
• Under Managementin the Router Access section, change the router password to orbit123 or any password of your choosing. Re-enter the same password to confirm.
11. Enable remote management.
• In theRemote Access section, set Remote Management to Enabled.
• Click Save Settings.
• You may be prompted to log in again. Use the new password of cisco123 and still keep the username blank
12. Enable remote management.
• In theRemote Access section, set Remote Management to Enabled.
• Click Save Settings.
• You may be prompted to log in again. Use the new password and still keep the username blank.
13. Add Wireless Connectivity to a laptop PC
i. Disconnect the Ethernet connection from the laptop to Wireless Router.
ii: Use Windows XP to connect to the wireless router.
Below is on how to use Windows XP's built in Wireless Network Connection Utility. Depending on the model of NIC you use, this might be disabled, and you will need to use the utility provided by the NIC manufacturer.
click Start > Control Panel > Network Connections.
• Select the Wireless Network Connection.
• Navigate to the File menu and select Status.
• Click View Wireless Networks.
• Locate the ‘orbitcisco1 or whatever names you gave to your network SSID in the list of available networks and connect to it.
• When prompted for the WEP key enter it as above, 1234567890 or whatever key you used and clickConnect.
ii. Verify your Connection.
• In theStatus window, select the Support tab. Verify that the Laptop has received an IP address from the Wireless router’s DHCP address pool or has been manually configured.
Test your Connection
iv. Ping Wireless router’s LAN/Wireless interface.
• On Laptop PC, navigate to the command prompt or click Start->Run
• Type cmdand select open. This will open the command prompt
• In the command prompt type ping 172.17.30.1
v. Ping R1’s Fa0/1.99 Interface.
• In the command prompt type ping 172.17.99.1
vi. Ping VLAN 10 and VLAN 20 from Laptop PC.
• In the command prompt type ping 192.168.10.21 to ping VLAN 10.
• Repeat on VLAN 20’s address, 192.168.20.22.
The pings should work. If not check or troubleshoot configuration.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-How-to-add-and-Configure-a-Wireless-Router-to-a-LAN-.php#sthash.ujYmTaIc.dpuf
Peer-to-peer Networking (Workgroup).Peer-to-Peer networking is when all computers are in the same network or using the same Ethernet network. They are considered as peers and will have to be connected through a hub, switch or a router as the case may be.
There is no server, controller or one in charge. Computers in a work group shares resources such as the printer and files. This happen mostly in windows; work group is automatically set up when you set up a network and they all share the same subnet. A work group is not protected by a password, no security is provided whatsoever; unlike a home group (windows 7) which is protected by a password.
Work groups are specially use in a home, schools or office settings where files, printers and other network resources are shared.
A computer joining a work group is assigned with the same work group name this process makes accessing the computers easier.
A typical example of a work group is shown below:
How to create a work groupCreating a work group as a form of networking is no rocket science. Windows automatically assigns your PC to a work group named WORKGROUP or MSHOME by default. You can decide to change the name if you need to. Before you create a work group, ensure that all computers are connected together on the same network name. (through a hub or a switch)
- See more at: http://orbit-computer-solutions.com/Peer-to-Peer-Networking--Workgroup-.php#sthash.wbiyqtz8.dpuf
How to Secure Your Network with Windows Firewall.A firewall is a hardware or software that monitors the traffic moving through a network gateway. Firewall can be configured to block or allow traffic based on defined criteria (ACLs).
Firewalls blocks or allows random pings from a remote site to your computer or programs from your computer that attempts to access remote sites without your knowledge.
Most if not all windows software comes with inbuilt firewall. To view and configure your firewall on windows, follow these steps:
If your using XP
1. Single-click on the wireless connection icon in your system tray 2. Click Network and sharing centre3. Click windows firewall
If you are using VISTA.
1. Click on start button2. Right click on Network3. Select Properties
Click on firewall
1. Click Turn Firewall On or Off
User account control dialogue box will appear, click Continue
1. Click On2. Click Apply
then Click Ok
- See more at: http://orbit-computer-solutions.com/How-To-Secure-Your-Network-with-Windows-Firewall.php#sthash.N5i5TOdr.dpuf
Firewall Explained.In networking, the term firewall means a system that enforces an access control policy between networks. This control policy can include options such as a packet filtering router, a switch with VLANs, and multiple hosts with firewall software.
A firewall system can be a composition of many different devices and components. One crucial component of a firewall is traffic filtering, which is what is mostly referred to as a firewall.
A firewall could be likened to the metal sheet that separates the engine compartment of a vehicle or aircraft from the passenger area. Basically, the term firewall was adapted for use
with computer networks; firewall is applied or configured on a network to prevent uninvited traffic from entering or gaining access to prescribed areas within a network.
The original firewalls were not standalone devices, but routers or servers with software features added to provide firewall functionality. Over time, several companies developed standalone firewalls. Dedicated firewall devices enabled routers and switches to offload the memory- and processor-intensive activity of filtering packets. Modern routers, such as the Cisco Intergrated Service Routers(ISRs), also can be used as sophisticated stateful firewalls for organizations that may not require a dedicated firewall.
Features of Firewalls
Firewalls share some common properties:
i. Resistant to attacks
ii. Only transit point between networks. (all traffic flows through the firewall)
iii. Enforces the access control policy
How Firewall Works
Types of Firewalls.Stateless Firewall.
The early firewalls were created to inspect packets to verify if they matched sets of rules, with the option of forwarding or dropping the packets accordingly. This type of packet filtering is known as stateless filtering, each packet is filtered based solely on the values of certain parameters in the packet header, similar to how ACLs (access control lists) filter packets.
Statefull Firewall.
The first stateful firewall appeared in 1989, it was developed by AT&T Bell Laboratories. This type of firewalls filter packets on information stored in the firewall based on data flowing through the firewall. The stateful firewall is able to determine if a packet belongs to an existing flow of data. They help to mitigate DoS attacks that exploit active connections through a networking device. Stateful filtering provides dynamic packet filtering capabilities to firewalls. It operates at the Network Layer of the OSI, although for some applications it can also analyze traffic at Layer 4 and Layer 5.
Packet-filtering Firewall.
This can be in a form of a router with the capacity to filter some packet content, such as Layer 3 and sometimes Layer 4 information.They permit and deny based on Layer 4 information such as protocol, and source and destination port numbers. Packet filtering firewall uses access control lists (ACLs) to determine whether to permit or deny traffic, based on source and destination IP addresses, protocol,source and destination port numbers, and packet type. Packet-filtering firewalls are usually part of a router firewall.
Application Gateway Firewall or Proxy Firewall.
A type of firewall that filters information at Layers 3, 4, 5, and 7 of the OSI reference model. Most of the firewall control and filtering is done in software.
Address-translation firewall.
A type of firewall that expands the number of IP addresses available and conceals network addressing design.
Host-based firewall.
A PC or server with firewall software running on it.
Transparent firewall.
A firewall that filters IP traffic between apair of bridged interfaces.
Hybrid firewall
A firewall that is a combination of the various firewalls types. For example, an application inspection firewall combines a stateful firewall with an application gateway firewall.
- See more at: http://orbit-computer-solutions.com/Firewall-Explained.php#sthash.0yzKARWi.dpuf
Broadband Wireless.Wireless technology uses the unlicensed radio spectrum to send and receive data. The unlicensed spectrum is accessible to anyone who has a wireless router and wireless technology on the device they are using.
The benefits of Wi-Fi extend beyond not having to use or install wired network connections. Wireless networking provides mobility, flexibility and productivity to the user.
Until recently, one limitation of wireless access has been the need to be within the local transmission range (typically less than 100 feet) of a wireless router or a wireless modem that has a wired connection to the Internet. However, with advances in technology, the reach of wireless connections has been extended.
Newer PCs, Laptops and other network devices are being manufactured with built in wireless network adapters and new developments in broadband wireless technology are increasing wireless availability. These include:
Municipal Wi-Fi WiMAX Satellite Internet
Municipal WiFi
Municipal wireless networks are seen to be springing up in many cities. Some of these networks provide high-speed Internet access for free or for substantially less than the price of other broadband services. Others are for city use only, allowing police and fire departments and other city employees to do certain aspects of their jobs remotely.
To connect to a municipal WiFi, a subscriber typically needs a wireless modem, which provides a stronger radio and directional antenna than conventional
wireless adapters. Most service providers provide the necessary equipment for free or for a fee, much like they do with DSL or cable modems.
WiMAXWorldwide Interoperability for Microwave Access (WiMAX) is a new technology that is just beginning to come into use. It is described in the IEEE standard 802.16.
WiMAX provides high-speed broadband service with wireless access and provides broad coverage like a cell phone network rather than through small WiFi hotspots. WiMAX operates in a similar way to WiFi, but at higher speeds, over greater distances, and for a greater number of users. It uses a network of WiMAX towers that are similar to cell phone towers.
To access a WiMAX network, subscribers must subscribe to an ISP with a WiMAX tower within 10 miles of their location. They also need a WiMAX-enabled computer and a special encryption code to get access to the base station- See more at: http://orbit-computer-solutions.com/Wireless-Broadband.php#sthash.wH1vxUWC.dpuf
Explanation of Terms.
Wired Equivalent Privacy (WEP)
WEP is a commonly and widely used network security method. To enable WEP, you need to set up a network security key. This key encrypts the information that one computer sends to another computer across your network. The receiving computer needs the key to decode the information making it difficult for someone on another computer or to get onto your network and access files without your permission.
Wi-Fi Protected Access (WPA)
WPA helps to authenticate the security of WEP. WPA encrypts information, it also checks to make sure that the network security key has not been modified. WPA also authenticates users to help ensure that only authorized people can access the network. If your networking hardware works with both WEP and WPA security, WPA is highly recommended.
There are two types of WPA authentication: WPA and WPA2.
WPA is designed to work with all wireless network adapters, but it might not work with older routers or access points.
WPA2 is more secure than WPA, but it will not work with some older network adapters. It also uses PSK and advanced Encryption Standard (AES) to encrypt data transmissions.Since AES is a newer and more advanced encryption scheme, it is a recommended choice for small office and home networks.
WPA functions properly with an 802.1X authentication server, which distributes different keys to each user. This is referred to as WPA-Enterprise or WPA2-Enterprise.
802.1X authentication
802.1X authentication can help enhance security for 802.11 wireless networks and wired Ethernet networks. 802.1X uses an authentication server to validate users and provide network access. On wireless networks, 802.1X can work with Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA) keys. This type of authentication is typically used when connecting to a workplace network- See more at: http://orbit-computer-solutions.com/WEP%2C-WPA%2CWPA-2%2C802-1x.php#sthash.ewIxe4jP.dpuf
Network Security Software.If you are connected to the Internet through Wired or Wireless network (USB, broadband Modem or dial-up), most times you deeply rely on your computer and software for protection from viruses and other threats. If you are connected through a router, it might be able to help; because most routers are equipped with firewall. This helps to block any intruder or malicious software that attempts to penetrate your network through the Internet.
Viruses and other malicious software cause devastating effect on your PC without your knowledge.
It is a fact that windows security features has improved over the years especially with the later editions (windows 8) but, some vital elements are not included such as anti-virus protection and the windows firewall is child’s play to experienced hackers out there!. With this said, in order to stay and surf the net safely, you need third-party software security utilities installed.
There are different types of security software products available, for you stay and surf safe, you need at least three key security software tools: an anti-anti-virus, Firewal l and an anti-Spyware tool.
Anti-VirusComputer Virus is no news to even non-computer users. Good anti-virus security software scans your computer for viruses; they are programmed to examine all files in your computer for hidden infections. If detected, it repairs, cleans or removes infected files from you computer. They use a set of virus codes known as snippets, to sniff out malicious software embedded in your compute files. For ant-virus software to do their work properly they need to be updated daily.
FirewallFirewalls are computer software programs that are designed to stop malicious software’s and hackers (unauthorised access) getting into you’re your computer; especially through the Internet.
Firewall monitors your computer’s network or Internet and examines information that goes in and out of your network.
Anti-SpywareAnti-spy-ware works in the same way as anti-virus program does but, anti-spy-ware products are more specific. An anti-spyware security tool scans your computer and removes any malicious software that seeks to gathers information about your computer use and personal information.
Most anti-spyware removes cookies.
Cookies are used by some websites to track your visits and others to post pop-up ads.
- See more at: http://orbit-computer-solutions.com/Network-Security-Software.php#sthash.xgfoM3I1.dpuf
Wireless Technologies / Standards.The IEEE 802.11 standards specify two operating modes: infrastructure mode and ad hoc mode.
Infrastructure mode is used to connect computers with wireless network adapters to an existing wired network with the help from wireless router or access point, while Ad hoc mode is used to connect wireless clients directly together, without the need for a wireless router or access point.
The 802.11 standard establishes and defines the mode of channelling the unlicensed radio frequency bands in WLANs. The 2.4 GHz band is broken down into 11 channels for North America and 13 channels for Europe. These channels have a centre frequency separation of only 5 MHz and an overall channel bandwidth (or frequency occupation) of 22 MHz.
802.11a
The IEEE 802.11a adopted the OFDM modulation technique and uses the 5 GHz band.
The 802.11a devices operating in the 5 GHz band are less likely to experience interference than devices that operate in the 2.4 GHz band because there are fewer consumer devices that use the 5 GHz band. Also, higher frequencies allow for the use of smaller antennas. Advantages: Speed: Uses up to Up to 54 Mbpsa. Has the fastest transmission speed.
b. Allows for more simultaneous users.
c. Uses the 5 GHz frequency, which limits interference from other devices.
Few disadvantages of using the 5 GHz band are;
a. Higher frequency radio waves are more easily absorbed by obstacles such as walls, making 802.11a susceptible to poor performance due to obstructions.
b. Higher frequency band has slightly poorer range than either 802.11b or g. Also, some countries, including Russia, do not permit the use of the 5 GHz band, which may continue to curtail its deployment.c. Is not compatible with 802.11b network adapters, routers, and access points.
802.11b This was the first and, until recently, the most common wireless variant used. With transmission speeds of just 11Mbits/sec it is also the slowest. It also used the 40bit Wireless Equivalency Privacy (WEP) security protocol, which was found to have a number of deficiencies. A newer version of this, 802.11b+ maintains speeds to 22Mbits/sec.Advantages: Speed : 11megabits per secondscosts less
Has the best signal range.
Disadvantages: Transmission speed is slowUses the 2.4 gigahertz (GHz) of frequency the same as some house hold items like cordless, micro waves ovens etc.Provides access to few users simultaneously.
802.11gThis is the most recent and popular in use now, offering more respectable data transfer speeds of up to 54Mbits/sec, but its speed are much lower. It also uses an upgraded form of Wi-Fi Protected Access (WPA) security protocol. Advantages:
Speed: Uses Up to 54 Mbps
Has a transmission speed comparable to 802.11a under optimal conditions
a. Allows for more simultaneous users
b. Has the best signal range and is not easily obstructed
c. Is compatible with 802.11b network adapters, routers, and access points
Disadvantages:
Uses the 2.4 GHz frequency so it has the same interference problems as 802.11b
Costs more than 802.11b
802.11n
The 802.11n draft standard is intended to improve wireless data rates and range without requiring additional power or radio frequency band allocation. The 802.11n uses multiple radios and antennae at endpoints, each broadcasting on the same frequency to establish multiple streams. The multiple input/multiple output technology splits a high data-rate stream into multiple lower rate streams and broadcasts them at the same time over the available radios and antennae. This allows for a speculative maximum data rate of 248 Mb/s using two streams. Note:
If your PC or laptop have more than one wireless network adapter or your adapter uses more than one wireless technology / standard, you are provided with options to specify which adapter or standard to use for each network connection.
E.g., if you use streaming media, such as videos or music, on your PC or Laptop, choosing 802.11a connection from the options provided would be best for you, because you will get a faster data transfer rate when you watch videos or listen to music.
- See more at: http://orbit-computer-solutions.com/Wireless-Standards.php#sthash.IC4jfOjB.dpuf
End Devices and their role on the Network.
The network devices that people are most familiar with are called end devices. These devices form the interface between the human network and the underlying communication network. Some examples of end devices are:
· Computers ,laptops, file servers, web servers.· Network printers· VoIP phones· Security cameras· Mobile handheld devices- See more at: http://orbit-computer-solutions.com/End-Devices-and-their-Role-on-the-Network.php#sthash.a3xTqP06.dpuf
IPv4 Address and Class.IPv4 addresses are divided into classes. Below is the class range of IP addresses and default subnet masks:-
Class Range Default Subnet Mask
A 1.0.0.0 – 127.255.255.255
255.0.0.0
B 128.0.0.0 – 191.255.255.255
255.255.0.0
C 192.0.0.0 – 223.255.255.255
255.255.255.0
Network mask
A network mask enables you to identify the network portion of an IP Address and the potion that represent the node (host). Class A, B, and C networks have default network masks, also known as natural masks, as shown here:
Class A: 255.0.0.0 (decimal)
(11111111.00000000.00000000.00000000) binary
Class B: 255.255.0.0 (Decimal)
(11111111.11111111.00000000.00000000) binary
Class C: 255.255.255.0 (decimal)
(11111111.11111111.11111111.00000000) binary
Class A:
255.0.0.0 (24 bits)
In a Class A address, the first octet is the network portion while the remaining three octets are for the network manager to divide into subnets and node (hosts). Class A addresses are used for networks that have more than 65,536 hosts (actually, up to 16777214 hosts!).
Class B
255.255.0.0 (16 bits)
In a Class B address, the first two octets is the network portion while the remaining two octets are for the network manager to divide into subnets and nodes (hosts). Class B addresses are used for networks that have between 256 and 65534 hosts.
Class C255.255.255.0 (8 bits)In a Class C address, the first three octets is the network portion while the remaining octet is for local subnets and hosts - perfect for networks with less than 254 hosts.
- See more at: http://orbit-computer-solutions.com/IP-Addresses-and-Class.php#sthash.wkLhFsjn.dpuf
Identify Problems with Access Point Misplacement.You may have experienced a WLAN that just did not seem to perform like it should. Perhaps you keep losing connection with an access point, or your data rates are much slower than they should be. You may even have done a quick move around the environment to confirm that you could actually see the access points. Having confirmed that they are there, you wonder why you continue to get poor service.
Reason
There are two major issues on improper placement of access points:
The distance separating access points is too far to allow overlapping coverage. The orientation of access point antennae in hallways and corners diminishes
coverage.
Solution
Verify the power settings and make sure the operational ranges and placement of access points are on a minimum of 10 to 15% cell overlap.
Change the orientation and positioning of access points:
Position access points above obstructions. Position access points vertically near the ceiling in the centre of each coverage area,
if possible. Position access points in locations where users are expected to be. For example,
large rooms are typically a better location for access points than a hallway.
Additional specific details concerning access point and antenna placement are as:
Always mount the access point vertically Do not mount the access point on building perimeter walls, unless outside coverage
is desired. Do not mount the access point outside of buildings Do not mount the access point within 3 feet (91.4 cm) of metal obstructions. Install the access point away from microwave ovens. Microwave ovens operate on
the same frequency as the access point and can cause signal interference. When mounting an access point in the corner of a right-angle hallway intersection,
mount it at a 45-degree angle to the two hallways. The access point internal antennas are not omni-directional and cover a larger area when mounted this way.
Ensure that access points are not mounted closer than 7.9 inches (20 cm) from the body of all persons.
- See more at: http://orbit-computer-solutions.com/Identify-Problems-with-Access-Point-Misplacement.php#sthash.LwLfQOsc.dpuf
Wireless Network Error: Incorrect Channel Settings.Most WLANs today operate in the 2.4 GHz band, which can have as many as 14 channels, each occupying 22 MHz of bandwidth. Energy is not spread evenly over the entire 22 MHz, rather the channel is strongest at its centre frequency, and the energy diminishes toward the edges of the channel.
Interference can occur when there is overlap of channels. It is worse if the channels overlap close to the centre frequencies, but even if there is minor overlap, signals interfere with each other. Set the channels at intervals of five channels, such as channel 1, channel 6, and channel 11.
Solving RF Interference
Incorrect channel settings are part of the larger group of problems with RF interference. WLAN administrators can control interference caused by channel settings with good planning, including proper channel spacing.
Interferences caused by household or office appliances.
Other sources of RF interference can be found all around the workplace or in the home.
From the snowy disruption of a television signal that occurs when a neighbour runs a vacuum cleaner. Such interference boils down to efficient planning on placement of devices. For instance, plan to place microwave ovens away from access points and potential clients. Sadly, all known RF interference issues cannot be planned for because there are just too many them.
The problem with devices such as cordless phones, baby monitors, and microwave ovens, is that they do not contend for the channel-they just use it.
Solution
Try setting your WLAN access point to channel 1 or channel 11. Many consumer items, such as cordless phones, operate on channel 6.
- See more at: http://orbit-computer-solutions.com/Incorrect-Channel-Setting.php#sthash.dpvhhGTP.dpuf
WLAN: Problems with Authentication and Encryption.The WLAN authentication and encryption problems you are most likely to encounter, and that you will be able to solve, are caused by incorrect client settings.
If an access point is expecting one type of encryption, and the client offers a different type, the authentication process fails.
Note, all devices connecting to an access point must use the same security type as the one configured on the access point. In essence, if an access point is configured for WEP, both the type of encryption (WEP) and the shared key must match between the client and the access point. If WPA is being used, the encryption algorithm is TKIP. Similarly, if WPA2 or 802.11i is used, AES is required as the encryption algorithm.
1. Laptop/Client requests connection
2. Router / Access Point requests for authentication
3. Laptop /Client provides authentication
4. Router / Access Point rejects authentication
5. Laptop / Client lose connection
Reason for no connectivity:
1. Wrong encryption type set on client / laptop
2. Wrong credential supplied to access Point.
Solution:
1. Match encryption type on client / laptop
2. Match same credential on client and access point
- See more at: http://orbit-computer-solutions.com/Problems-with-Authentication-and-Encryption.php#sthash.khUTwUcb.dpuf
The Internet - A Network of Networks.
Although there are benefits to using a LAN or WAN, most of us need to communicate with a resource on another network, outside of our local office or organization. Examples of this type of communication include:
* Sending an e-mail to a friend in another country
* Accessing news or products on a website
* Getting a file from a neighbour’s computer
* Sending Instant messaging with a relative in another city
* Looking up sports news on a cell phone
Internetwork - (Internet)Its been called the Goliath of computer networks, linking millions of computers users all over the world.
To meets these human communication needs, internetwork had to be created, It is created by the interconnection of networks belonging to Internet Service Providers (ISPs).
Some of these interconnected networks are owned by large public and private organizations, such as government agencies or industrial enterprises. The most well-known and widely used publicly accessible Internetwork is the Internet.
IntranetThe term intranet is often used to refer to a private connection of LANs and WANs that belongs to an organization, and is designed to be accessible only by the organization's members, employees, or others with authorization.
Note: A connection of two or more data networks forms an Internetwork - a network of networks The following terms can be used interchangeably: Internetwork, data network, and network. It is also common to refer to an internetwork as a data network - or simply as a network - when considering communications at a high level. The usage of terms depends on the context at the time and terms may often be interchanged.
Interconnection of Networks
Peer-to-Peer Network (workgroup)
- See more at: http://orbit-computer-solutions.com/The-Internet---A-Network-of-Networks.php#sthash.oSPQHvra.dpuf
Network Address Translation (NAT).
The best way to describe how NAT work is to liken it to an extension of an office telephone line. An outside caller calls only the main number that connects to the office and the switchboard operator looks through the office telephone list and connects the caller to the particular office the call is meant for. The particular office could leave instruction with the receptionist or whomever works at the switchboard to forward or not to forward the call.
Unlike DHCP server that assigns IP dynamic addresses to devices inside the network, NAT-enabled routers retain one or many valid Internet IP addresses outside of the network. When the client sends packets out of the network, NAT translates the internal IP address of the client to an external address.
To outside users, all traffic coming to and going from the network has the same IP address or is from the same pool of addresses.
NAT has different functions, but its key function is to save IP addresses by allowing networks to use private IP addresses. NAT translates private, internal addresses into public, external addresses. NAT has an added benefit of adding a degree of privacy and security to a network because it hides internal IP addresses from outside networks.
The following terms are used when discussing NAT:
Inside local address - Usually not an IP address assigned by a service provider and is most likely a private address.
Inside global address - Valid Public IP address that the inside host is given when it exits the NAT configured router.
Outside global address - Valid public IP address assigned to a host on the Internet. Outside local address - The local IP address assigned to a host on the outside
network. In most situations, this address will be identical to the outside global address of that outside device.
To make it clearer, the address internal devices use to communicate with other internal devices is the inside local address. The address internal devices use to communicate with external devices is the outside local address.
The address external devices uses to communicate with internal devices is the inside global address.
Finally, external devices communicate with one another using outside global addresses.
- See more at: http://orbit-computer-solutions.com/NAT--Network-Address-Translation-.php#sthash.LjZvbHjn.dpuf
Wireless Technologies / Standards.The IEEE 802.11 standards specify two operating modes: infrastructure mode and ad hoc mode.
Infrastructure mode is used to connect computers with wireless network adapters to an existing wired network with the help from wireless router or access point, while Ad hoc mode is used to connect wireless clients directly together, without the need for a wireless router or access point.
The 802.11 standard establishes and defines the mode of channelling the unlicensed radio frequency bands in WLANs. The 2.4 GHz band is broken down into 11 channels for North America and 13 channels for Europe. These channels have a centre frequency separation of only 5 MHz and an overall channel bandwidth (or frequency occupation) of 22 MHz.
802.11a
The IEEE 802.11a adopted the OFDM modulation technique and uses the 5 GHz band.
The 802.11a devices operating in the 5 GHz band are less likely to experience interference than devices that operate in the 2.4 GHz band because there are fewer consumer devices that use the 5 GHz band. Also, higher frequencies allow for the use of smaller antennas. Advantages: Speed: Uses up to Up to 54 Mbpsa. Has the fastest transmission speed.
b. Allows for more simultaneous users.
c. Uses the 5 GHz frequency, which limits interference from other devices.
Few disadvantages of using the 5 GHz band are;
a. Higher frequency radio waves are more easily absorbed by obstacles such as walls, making 802.11a susceptible to poor performance due to obstructions.
b. Higher frequency band has slightly poorer range than either 802.11b or g. Also, some countries, including Russia, do not permit the use of the 5 GHz band, which may continue to curtail its deployment.c. Is not compatible with 802.11b network adapters, routers, and access points.
802.11b This was the first and, until recently, the most common wireless variant used. With transmission speeds of just 11Mbits/sec it is also the slowest. It also used the 40bit Wireless Equivalency Privacy (WEP) security protocol, which was found to have a number of deficiencies. A newer version of this, 802.11b+ maintains speeds to 22Mbits/sec.Advantages: Speed : 11megabits per secondscosts less
Has the best signal range.
Disadvantages: Transmission speed is slowUses the 2.4 gigahertz (GHz) of frequency the same as some house hold items like cordless, micro waves ovens etc.Provides access to few users simultaneously.
802.11gThis is the most recent and popular in use now, offering more respectable data transfer speeds of up to 54Mbits/sec, but its speed are much lower. It also uses an upgraded form of Wi-Fi Protected Access (WPA) security protocol. Advantages:
Speed: Uses Up to 54 Mbps
Has a transmission speed comparable to 802.11a under optimal conditions
a. Allows for more simultaneous users
b. Has the best signal range and is not easily obstructed
c. Is compatible with 802.11b network adapters, routers, and access points
Disadvantages:
Uses the 2.4 GHz frequency so it has the same interference problems as 802.11b
Costs more than 802.11b
802.11n
The 802.11n draft standard is intended to improve wireless data rates and range without requiring additional power or radio frequency band allocation. The 802.11n uses multiple radios and antennae at endpoints, each broadcasting on the same frequency to establish multiple streams. The multiple input/multiple output technology splits a high data-rate stream into multiple lower rate streams and broadcasts them at the same time over the available radios and antennae. This allows for a speculative maximum data rate of 248 Mb/s using two streams. Note:
If your PC or laptop have more than one wireless network adapter or your adapter uses more than one wireless technology / standard, you are provided with options to specify which adapter or standard to use for each network connection.
E.g., if you use streaming media, such as videos or music, on your PC or Laptop, choosing 802.11a connection from the options provided would be best for you, because you will get a faster data transfer rate when you watch videos or listen to music.
- See more at: http://orbit-computer-solutions.com/Wireless-Standards.php#sthash.QMj7lwkC.dpuf
Join or create a workgroupWindows 7 Windows Vista Windows 7
Windows 7 Windows Vista
Note
Workgroups provide a basis for file and printer sharing, but do not actually set up sharing for you. In contrast, in this version of Windows you can create or join a homegroup, which automatically turns on file and printer sharing on home networks. If you have a home network, we recommend creating or joining a homegroup. For more information, search for "homegroup" in Help and Support.
1. Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.
2. Under Computer name, domain, and workgroup settings, click Change settings. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
3. In the System Properties dialog box, click the Computer Name tab, and then click Change.
4. In the Computer Name/Domain Changes dialog box, under Member of, click Workgroup, and then do one of the following:
To join an existing workgroup, type the name of the workgroup that you want to join, and then click OK.
To create a new workgroup, type the name of the workgroup that you want to create, and then click OK.
The Computer Name/Domain Changes dialog box
If your computer was a member of a domain before you joined the workgroup, it will be removed from the domain and your computer account on that domain will be disabled.
Notes
If your network includes computers running Windows XP, you might need to change the workgroup name on those computers to match the workgroup name on the computers running this version of Windows or Windows Vista so that you can see and connect to all computers on your network.
Joining or creating a workgroupWindows 7 Windows Vista Windows 7
Windows 7 Windows Vista
Note
Workgroups provide a basis for file and printer sharing, but do not actually set up sharing for you. In contrast, in this version of Windows you can create or join a homegroup, which automatically turns on file and printer sharing on home networks. If you have a home network, we recommend creating or joining a homegroup. For more information, search for "homegroup" in Help and Support.
1. Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.
2. Under Computer name, domain, and workgroup settings, click Change settings. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
3. In the System Properties dialog box, click the Computer Name tab, and then click Change.
4. In the Computer Name/Domain Changes dialog box, under Member of, click Workgroup, and then do one of the following:
To join an existing workgroup, type the name of the workgroup that you want to join, and then click OK.
To create a new workgroup, type the name of the workgroup that you want to create, and then click OK.
The Computer Name/Domain Changes dialog box
If your computer was a member of a domain before you joined the workgroup, it will be removed from the domain and your computer account on that domain will be disabled.
Notes
If your network includes computers running Windows XP, you might need to change the workgroup name on those computers to match the workgroup name on the computers running this version of Windows or Windows Vista so that you can see and connect to all computers on your network.
Subnetting IP Address.Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or C network.
There are so many reasons why we subnet:
a. It helps in the preservation of address space in other not to waste addresses.
b. It used for security.
c. It helps to control network traffic due to collisions of packets transmitted by other node (host) on the same segment.
Subnetting a Network Address
In order to subnet a network address, The subnet mask has to be extended, using some of the bits from the host ID portion of the address to create a subnetwork ID.
For example, given a Class C network of 192.17.5.0 which has a natural mask of 255.255.255.0, you can create subnets in this manner:
192.17.5.0 - 11000000.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
|sub|
By extending the mask to be 255.255.255.224, you have borrowed three bits (indicated by "sub") from the original host portion of the address and used them to create subnets. With these three bits, it is possible to create eight subnets. With the remaining five host ID bits, each subnet can have up to 32 host, addresses, 30 of which can actually be assigned to a device on the same segment.
These subnets have been created.
192.17.5.0 255.255.255.224 host address range 1 to 30
192.17.5.32 255.255.255.224 host address range 33 to 62
192.17.5.64 255.255.255.224 host address range 65 to 94
192.17.5.96 255.255.255.224 host address range 97 to 126
192.17.5.128 255.255.255.224 host address range 129 to 158
192.17.5.160 255.255.255.224 host address range 161 to 190
192.17.5.192 255.255.255.224 host address range 193 to 222
192.17.5.224 255.255.255.224 host address range 225 to 254
Another example:-
Given a class C network address of 192.168.1.0, as a network administrator, you need to utilize this network address across multiple small groups within the organization. You can do this by subnetting this network with a subnet address.
All you have to do is , try to create 14 subnets of 14 nodes (hosts) each. This will limit us to 196 nodes (hosts) on the network instead of 254 we would have without subnetting. To accomplished this we begin with the default network mask for class C
255.255.255.0 (11111111.11111111.11111111.00000000) binary
255.255.255.240 (11111111.11111111.11111111.11110000) binary
Remember the cram table:-
1 1 1 1 1 1 1 1
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)
Look at this because you will always come across it during subnetting
128+64 =192
128+64+32 =224
128+64+32+16=240
128+64+32+16+8=248
128+64+32+16+8+4=252 an so on!
So to give us 16 possible network numbers, 2 of which cannot be used:-
192.168.1.0 (Reserved)
Network address hosts address, broadcast address
192.168.1.16 192.168.1.17 – 30 192.168.1.31
192.168.1.32 192.168.1.33 - 46 192.168.1.47
192.168.1.48 192.168.1.49 – 62 192.168.1.63
192.168.1.64 192.168.1.65 – 78 192.168.179
192.168.1.80 (keep adding 16 till you get to 224)
That will give you up to 14 networks shared among 14 hosts (nodes).
- See more at: http://www.orbit-computer-solutions.com/Subnetting-IP-addresses.php#sthash.p4zAFHoq.dpuf
How To Configure Switch Security.Cisco Switch Port Security
Conventional network security often focuses more on routers and blocking traffic from the outside. Switches are internal to the organization, and designed to allow ease of connectivity, therefore only limited or no security measures are applied.
The following basic security features can be used to secure your switches and network:
* Physically secure the device* Use secure passwords* Enable SSH access* Enable port security* Disable http access* Disable unused ports* Disable TelnetLets look at how to implement and configure some of the above mentioned switch security features.
1. How To Configure the privileged EXEC password.
Use the enable secret command to set the password. For this activity, set the password to orbit.
SW1#configure terminal SW1(config)#enable secret orbitSW1(config)#
2. How To Configure virtual terminal (Telnet) and console passwords and require users to login.
A password should be required to access the console line. Even the basic user EXEC mode can provide significant information to a malicious user. In addition, the VTY lines must have a password before users can access the switch remotely.
Use the following commands to secure the console and telnet:
SW1(config)#line console 0 SW1(config-line)#password cisco SW1(config-line)#login SW1(config-line)#line vty 0 15 SW1(config-line)#password cisco SW1(config-line)#login SW1(config-line)#exit SW1(config)#
3. How To Configure password encryption.
At this stage, the privileged EXEC password is already encrypted. To encrypt the line passwords that you just configured, enter the service password-encryption command in global configuration mode.
SW1(config)#service password-encryption SW1(config)#
4. How To Configure and test the MOTD banner.
Configure the message-of-the-day (MOTD) using Authorized Access Only as the text. Follow these guidelines:
i. The banner text is case sensitive. Make sure you do not add any spaces before or after the banner text. ii. Use a delimiting character before and after the banner text to indicate where the text begins and ends. The delimiting character used in the example below is %, but you can use any character that is not used in the banner text. iii. After you have configured the MOTD, log out of the switch to verify that the banner displays when you log back in. SW1(config)#banner motd %Authorized Access Only% SW1(config)#end SW1#exit
5. How To Configure Port Security
Enter interface configuration mode for FastEthernet 0/11 and enable port security.
Before any other port security commands can be configured on the interface, port security must be enabled.
SW1(config-if)#interface fa0/11 SW1(config-if)#switchport port-security
* Notice that you do not have to exit back to global configuration mode before entering interface configuration mode for fa0/11.
6. How To configure the maximum number of MAC addresses.
To configure the port to learn only one MAC address, set the maximum to 1:
SW1(config-if)#switchport port-security maximum 1
7. How To configure the port to add the MAC address to the running configuration.
The MAC address learned on the port can be added to (“stuck” to) the running configuration for that port.
SW1(config-if)#switchport port-security mac-address sticky
8. How To Configure the port to automatically shut down if port security is violated.
If you do not configure the following command, SW1 only logs the violation in the port security statistics but does not shut down the port.
SW1(config-if)#switchport port-security violation shutdown
Use the show-mac-address- table command to confirm that SW1 has learned the MAC address for the intended devices, in this case PC1.
SW1#show mac-address-table
Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 20 0060.5c4b.cd22 STATIC Fa0/11
You can use the show port-security interface fa0/11 command to also verify a security violation with the command. SW1#show port-security interface fa0/11 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Sticky MAC Addresses : 0 Last Source Address:Vlan : 00E0.F7B0.086E:20 Security Violation Count : 1
9. How To Secure Unused Ports
Disabling unused switch ports a simple method many network administrators use to help secure their network from unauthorized access. Disabling an unused port stops traffic from flowing through the port(s)
Step 1: Disable interface Fa0/10 on SW1.
Enter interface configuration mode for FastEthernet 0/17 and shut down the port.
SW1(config)#interface fa0/10 SW1(config-if)#shutdown
Step 2: Disable interfaces Fa0/1 to Fa0/24 on SW1SW1(config)#interface range fa0/1-24 - See more at: http://orbit-computer-solutions.com/How-To-Configure-Switch-Security.php#sthash.U2urocH3.dpuf
VLAN (Virtual Local Area Network).
Definition.
VLAN (Virtual Local Network) is a logically separate IP subnetwork which allow multiple IP networks and subnets to exist on the same-switched network.
VLAN is a logical broadcast domain that can span multiple physical LAN segments. It is a modern way administrators configure switches into virtual local-area networks (VLANs) to
improve network performance by separating large Layer 2 broadcast domains into smaller ones.
By using VLAN a network administrator will be able to group together stations by logical function, or by applications, without regard to physical location of the users.
Each VLAN functions as a separate LAN and spans one or more switches. This allows host devices to behave as if they were on the same network segment.
For traffic to move between VLANs, a layer 3 device (router) is required.
VLAN has three major functions:
i. Limits the size of broadcast domains
ii. Improves network performance
ii. Provides a level of security
How VLAN works.Lets use this real world scenario: Think about a small organisation with different offices or departments, all in one building. Some years later, the organisation has expanded and now spans across three buildings. The original network is still the same, but offices and departments computers are spread out across three buildings. The HR offices remain on the same floor and other departments' are on the other floors and buildings.
However, the network administrator wants to ensure that all the office computers share the same security features and bandwidth controls. Creating a large LAN and wiring each department together will constitute a huge task and definitely won’t be easy when it comes to managing the network.
This where VLAN switching comes in, it will be easier to group offices and departments with the resources they use regardless of their location, and certainly easier to manage their specific security and bandwidth needs.
Opting for a switched VLAN allows the network administrator to create groups of logically networked devices that act as if they are on their own independent network, even if they share a common infrastructure with other VLANs. When you configure a VLAN, you can name it to describe the primary role of the users for that VLAN.
Study the figure below for more detail:
Books on Cisco Networking, Certification and Exam Resources
In summary:
i. VLAN is an independent LAN network.
ii. VLAN allows the student and Faculty Computers to be separated although the share the same infrastructure.iii. For easy identification, VLANs can be named.
a. VLAN = all PCs are assigned with a subnet address defined for VLAN 10
b. Configure the VLAN , assign ports to the VLAN c. Assign an IP subnet address on the PCs.
Advantages of VLAN:
Security – Security of sensitive data are separated from the rest of the network, decreasing the chances of confidential information breaches.
Higher performance – Division of Layer 2 networks into multiple logical workgroups (broadcast domains) reduces unnecessary traffic on the network and boosts performance.
Cost reduction - Cost savings result from less need for expensive network upgrades and more on this network.- See more at: http://orbit-computer-solutions.com/VLAN-and-Trunking.php#sthash.jnFrSN0S.dpuf
Network Access Attacks.Technology is forever evolving, so is hacking! It might come as a surprise to many that, as one wakes up in the morning and prepares for work, gets to the office and spends nine to
twelve hour working; the same way a professional hacker spends all day modifying hacking techniques and looking for networks to exploit!
Firstly, for an attacker to gain access to a system network, the intruder has to find out the vulnerabilities or weaknesses in the network authentication, FTP and web services. Finding and exploiting these vulnerabilities will enable the attacker to gain access to web account and other confidential or sensitive information.
Types of access attacks
1. Password attack
2. Trust Exploitation
3. Port Redirection
4. Man-in-the middle attack
Password Attacks
A Network attacker uses packet sniffer tools to obtain user accounts and passwords information. Normally we log in and out of a system using authentication passwords to shared resources in a router or server, an attacker also repeatedly attempts to log in to a shared resource or to gain unauthorised access to an organisation’s network; this can also be referred to as dictionary or brute force attacks. To carry out this type of attacks, the intruder can use tools like the L0phtCrackor Cain.
These software or programs repeatedly attempt to log in as a user using words derived from a dictionary. Most dictionary attacks often succeed because network users often choose simple and short passwords, single words that are easy to predict.
Another password attack method uses what is called rainbow tables. A rainbow table is precompiled series of passwords, which is constructed by building chains of possible plain text passwords. Each chain is developed by starting with a randomly selected "guess" of the plain text password then sequentially applies variations on it. The attack software will apply the passwords in the rainbow table until it at a possible password. To conduct a rainbow table attack, attackers can use a tool such as L0phtCrack.
A brute-force attack tool is more sophisticated because it searches in detail using combinations of character sets to work out every possible password made up of those characters. The only disadvantage is that it takes much time to complete this type of attack. Brute-force attack tools have been known to solve simple passwords in less than a minute. Longer, more complex passwords may take days or weeks to resolve.
- See more at: http://orbit-computer-solutions.com/Network-Access-Attacks.php#sthash.kefqieP9.dpuf
Computer Software.In the last tutorial, we looked at components that made up computer hardware. In the following pages we will look at the invisible part of the computer called the software, which includes programs and applications.
Software
Software is a program that runs on your system. This includes computer operating systems and other computer programs.
Software is written in a computer language by computer programmers e.g. java, html, php etc. The computer language is in a text format and can be read by a person who had some basic programming knowledge.
After a program is written, it will undergo what is called compiling by the programmers. Compiling is the process of changing the textual written language into a binary language, which can be understood by the computer. Most programmes, operating systems and applications that run on the computer are created this way.
What is an Operating System (OS)
What makes a computer a computer is the Operating System. The OS is the core software component of your computer. It is what brings your computer to life and useful to you. Computers will be useless without one.
The basic functions of the operating system (OS) is, it communicates or provides a method for other programs or software to communicate with the hardware of your computer. It also enables you to add, remove and delete any programme, application or data you installed on your computer.
To crown it all the OS provides a bridge between you and the world.
Types Operating System
There are many types of operating systems. Most of the widely used programs of today are from Microsoft. Microsoft operating systems help to revolutionize the way computers work in today’s world. Below are list of Operating systems, from the oldest to the most recent:
Windows 3.x , Windows 95, Windows NT, Windows 98, Windows M, Windows 2000
Windows XP, Windows Vista, windows 7, Windows 8.
Other Known and not so popular Operating Systems are:
Linux
Linux is an operating system created by Linus Torvalds, a student at the University of Helsinki. Generally, Linux is needs to be explained further, not as easy as Microsoft OS. Linux is not a program like a word processor and is not a set of programs like an office suite.
Unix
Another operating system like Linux It could be called an operating system because it contains a suit of programs, which make the computer work. The workstations and multi-user servers use UNIX.
Mac
Apple Macintosh - Most recent versions are based on Unix but it has a good graphical interface so it is both stable and easy to learn. One drawback to this system is that it can only be run on Apple produced hardware. One of the good thing about Mac is it doesn’t crash often or have as many software problems as other systems may have.
- See more at: http://orbit-computer-solutions.com/Computer-Software.php#sthash.r6QcQv0r.dpuf
Intermediary Devices and their Role on the Network.For communication to run smoothly across the network there are devices that place intermediary roles in networking. These intermediary devices provide connectivity and work behind the scenes to ensure that data flows across the network.
These devices connect the individual hosts (end devices) to the network and can connect multiple individual networks to form an internetwork.
Examples of intermediary network devices are:
Routers.
Switches.
Hubs.
Wireless access points.
Servers and Modems.
Security Devices such as firewalls.
These intermediary devices use what is called IP address, in conjunction with information about the network interconnections, to determine best path that messages take through the network.
- See more at: http://orbit-computer-solutions.com/Intermediary-Devices-and-their-Role-on-the-Network.php#sthash.9UvW1Tsv.dpuf
Subnetting Class B Addresses.Subnetting Class B network is much more similar to subnetting Class C , the only difference is that when subnetting class B, you will be working on the third octect; while Class C, you will work on the fouth octect.
Look at this:
To enable you subnet Class B, use the same subnet numbers for the third octect just as in Class C. All you need to do is just to add zero (0) to the network portion and a 255 to the broadcast section in the fourth octect. Remember we have more possible subnet mask in Class Bthan Class C.
I will bring in the cram table once more, only this time we are applying it on the THIRD octect;
Class B cram table:
Class B network address has 16 bits available for host addressing (14 bits for subnetting, 2 bits for host addressing).
Example 1
Let’s look at some examples, using the table above, remember we are working on the THIRD octect of Class B. Given network address:172.16.0.0 /20
From the above network IP address, the mask will be 255.255.240.0 which means we are using the bit value or block size of 16.
We are going to subnet it to three different networks with equal host IP addresses; remember we are working on the THIRD octect with the block size of 16.
Network A
Network address: 172.16.16.0
First Host address: 172.16.16.1
Last host address: 172.16.31.254
Broadcast address: 172.16.31.255
What we did above is to add the bit value or size (16+16=32) to obtain the next network address which is 172.16.32.0
Network B
Network address: 172.16.32.0
First Host address: 172.16.32.1
Last host address: 172.16.47.254
Broadcast address: 172.16.47.255
We carried out the same addition here to get the next network address (32+16=48)
Network C
Network address : 172.16.48.0
First Host address : 172.16.48.1
Last host address: 172.16.63.254
Broadcast address: 172.16.63.255
Same addition before for the next network.
For the WAN (serial links) We need only 4 bits value or block size here due to the number of network and hosts involved so as not to waste much address space. looking at the cram table, 4 bit value gives us /30 which results to mask 255.255.252.0 (just like Class C) so we continue from the next network which is (48+16=64)
WAN 1
Connection from Router A to Router B
Network address: 172.16.64.0
Network A to B address: 172.16.64.1 255.255.252.0
Network B to A address: 172.16.64.2 255.255.252.0
Next network will also have 4 bits value added to the last network; (64+4=68)
Same four bit value is used. The next network is:
WAN 2
Connections from Router A to Router C
Network address: 172.16.68.0
Network A to C address: 172.16.68.1 255.255.252.0
Network C to A address: 172.16.68.2 255.255.252.0
There are different ways to subnet; you have to device a way to make it simple for yourself! I think by using the cram table saves you a lot of time from all the equation of all sort. Lets apply it to a topology:
Router A:
RA(config)#interface fa0/0
RA(config-if)#ip address 172.16.16.1 255.255.240.0
RA(config-if)#no shutdown
RA(config-if)#exit
RA(config)#interface se0/0/0
RA(config-if)#ip address 172.16.64.1 255.255.252.0
RA(config-if)#no shutdown
RA(config-if)#exit
RA(config)#interface se0/0/1
RA(config-if)#ip address 172.16.68.1 255.255.252.0
RA(config-if)#no shutdown
RA(config-if)#exit
Router B
RB#config t
RB(config)#interface fa0/0
RB(config-if)#ip address 172.16.32.1 255.255.240.0
RB(config-if)#no shutdown
RB(config-if)#exit
RB(config)#interface se0/0/0
RB(config-if)#ip address 172.16.64.2 255.255.252.0
RB(config-if)#no shutdown
RB(config-if)#exit
Router C
RC#config t
RC(config)#interface fa0/0
RC(config-if)#ip address 172.16.48.1 255.255.240.0
RC(config-if)#no shutdown
RC(config-if)#exit
RC(config)#interface se0/0/0
RC(config-if)#ip address 172.16.68.2 255.255.252.0
RC(config-if)#no shutdown
RC(config-if)#exit
Ping from Network RA to RB networks will work.
- See more at: http://orbit-computer-solutions.com/Subnetting-Class-B-Addresses.php#sthash.u8qpMAji.dpuf
How To Calculate Subnets Using Binary Method.Connectivity between hosts on an IP network is determined by the application of network and destination address. This is done by the communicating host comparing and applying its subnet mask to both its IPv4 address and to the destination IPv4 address.
Remember, the subnet mask is a 32 bit value which is used to differentiate between the network bits and the host bits of the IP address. The subnet mask is made up of a string of 1s followed by a string of 0s.
The 1s indicate the network bits and the 0s specify the host bits within the IP address. The network bits are matched between the source and destination. If networks are the same, the packet can then be delivered locally. If they don’t match, the packet is sent to the default gateway.
For example, let’s assume PC 1, with the IP address of 192.168.1.40 and subnet mask of 255.255.255.0, needs to send a message to PC 2, with the IP address of 192.168.1.52 and a subnet mask of 255.255.255.0. In this case, both hosts have a same default subnet mask of 255.255.255.0. Both hosts have the same network bits of 192.168.1, and therefore are on the same network.
PC 1 sends a message to PC 2. The switch checks to see if PC 2 is on the same network as PC 1. The network is determined by comparing the IP address to the Subnet Mask. Let’s look at The IP Address, Subnet Mask, and Network Address for each configuration in binary equivalent below:
PC 1 Configuration
IP Address -192.168.1.40, 11000000.10101000.00000001.00101000
Subnet Mask -255.255.255.0, 11111111.11111111.11111111.00000000
Network- 192.168.1.0, 11000000.10101000.00000001.00000000
PC 2 Configuration
IP Address -192.168.1.52, 11000000.10101000.000000001.00110100
Subnet Mask -255.255.255.0, 11111111.11111111.11111111.00000000
Network 192.168.1.0, 11000000.10101000.00000001.00000000
The highlighted area above shows that both PC 1 and PC 2 are on the same network: 192.168.1.0.
- See more at: http://orbit-computer-solutions.com/How-To-Calculate-Subnets-Using-Binary-Method.php#sthash.w1qm8nH5.dpuf
Subnetting IP Address.Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or C network.
There are so many reasons why we subnet:
a. It helps in the preservation of address space in other not to waste addresses.
b. It used for security.
c. It helps to control network traffic due to collisions of packets transmitted by other node (host) on the same segment.
Subnetting a Network Address
In order to subnet a network address, The subnet mask has to be extended, using some of the bits from the host ID portion of the address to create a subnetwork ID.
For example, given a Class C network of 192.17.5.0 which has a natural mask of 255.255.255.0, you can create subnets in this manner:
192.17.5.0 - 11000000.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
|sub|
By extending the mask to be 255.255.255.224, you have borrowed three bits (indicated by "sub") from the original host portion of the address and used them to create subnets. With these three bits, it is possible to create eight subnets. With the remaining five host ID bits, each subnet can have up to 32 host, addresses, 30 of which can actually be assigned to a device on the same segment.
These subnets have been created.
192.17.5.0 255.255.255.224 host address range 1 to 30
192.17.5.32 255.255.255.224 host address range 33 to 62
192.17.5.64 255.255.255.224 host address range 65 to 94
192.17.5.96 255.255.255.224 host address range 97 to 126
192.17.5.128 255.255.255.224 host address range 129 to 158
192.17.5.160 255.255.255.224 host address range 161 to 190
192.17.5.192 255.255.255.224 host address range 193 to 222
192.17.5.224 255.255.255.224 host address range 225 to 254
Another example:-
Given a class C network address of 192.168.1.0, as a network administrator, you need to utilize this network address across multiple small groups within the organization. You can do this by subnetting this network with a subnet address.
All you have to do is , try to create 14 subnets of 14 nodes (hosts) each. This will limit us to 196 nodes (hosts) on the network instead of 254 we would have without subnetting. To accomplished this we begin with the default network mask for class C
255.255.255.0 (11111111.11111111.11111111.00000000) binary
255.255.255.240 (11111111.11111111.11111111.11110000) binary
Remember the cram table:-
1 1 1 1 1 1 1 1
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)
Look at this because you will always come across it during subnetting
128+64 =192
128+64+32 =224
128+64+32+16=240
128+64+32+16+8=248
128+64+32+16+8+4=252 an so on!
So to give us 16 possible network numbers, 2 of which cannot be used:-
192.168.1.0 (Reserved)
Network address hosts address, broadcast address
192.168.1.16 192.168.1.17 – 30 192.168.1.31
192.168.1.32 192.168.1.33 - 46 192.168.1.47
192.168.1.48 192.168.1.49 – 62 192.168.1.63
192.168.1.64 192.168.1.65 – 78 192.168.179
192.168.1.80 (keep adding 16 till you get to 224)
That will give you up to 14 networks shared among 14 hosts (nodes).
- See more at: http://orbit-computer-solutions.com/Subnetting-IP-addresses.php#sthash.BdEz4TRc.dpuf
Public and Private IP Addresses.There are ranges of IPv4 Addresses that are designated for Public and Private uses.
Private Addresses
Private IP addresses that are designated for networks that have limited or no access to the Internet. Hosts or packets using these addresses as a source and destination are not to appear on the public Internet.
These private address blocks are:
10.0.0.0 – 10.255.255.255 (10.0.0.0 /8)
10.0.1.0 – 172.16.0.0 to 172.16.255.255 (172.16.0.0 /12)
10.0.2.0 – 192.168.0.0 to 192.168.255.255 (192.168.0.0 /16)
Public Addresses
Most of the addresses in the IPv4 host range are public addresses. These addresses are designed for used by hosts that are publicly accessible from the Internet. Even within these address blocks, there are many addresses that are designated for other special purposes.
- See more at: http://orbit-computer-solutions.com/Public-and-Private-Addresses.php#sthash.7lOvk2px.dpuf
Reserved IPv4 Addresses.
Major block of addresses are reserved for special purposes is the IPv4 experimental or research address range 240.0.0.0 to 255.255.255.254. Currently, these addresses are listed as reserved for future use (RFC 3330).
Reserved IPv4 Address Range
Types of Addresses Usage Address Range RFCHost Address Used for IPv4 hosts 0.0.0.0 to
223.255.255.255790
Multicast Addresses Used for multicast groups on a local network
224.0.0.0. to 239.255.255.255
1700
Experimental or Research Addresses
Used for research or experimental purposes. They can not be used for hosts in IPv4 networks
240.0.0.0 to 255.255.255.254
1700
3330
Special IPv4 Addresses
During assignment of IP addresses to host on a network, there are certain addresses that cannot be assigned to hosts; they are the Network Address and Broadcast Address.
Network and Broadcast Addresses
When assigning an address to a host, the first and last addresses are not to be assigned. The first address is the Network Address and last is reserved as the Broadcast Address.
e.g.
Given the Network 192.168.1.0 /24
192.168.1.0 (Network)
192.168.1.1 (default gateway)
192.168.1.255 (Broadcast)
So, 192.168.1.2 – 254 (hosts)
Broadcast:http://www.ietf.org/rfc/rfc0919.txt?number=919
Default Route
The default route is used as all-purpose address in a network when a more specific route is available for packet routing.
e.g. 0.0.0.0 /8
Loopback
The loopback is a special address that all host in a network use to direct traffic to themselves. TCP/IP applications and services that operate in a device use this as a shortcut for communicating with one other. You can also ping the loopback address to test the configuration of TCP/IP on the local host.
Loopback address: 127.0.0.1
Link-Local Addresses
IPv4 addresses in the address block 169.254.0.0 to 169.254.255.255 (169.254.0.0 /16) are designated as link-local addresses. These addresses can be automatically assigned to the local host by the operating system in environments where no IP configuration is available. Only devices in the same network can use these address range.
TEST-NET Addresses.
The addresses 192.0.2.0 to 192.0.2.255 (192.0.2.0 /24) is set aside for teaching and learning purposes. These addresses can be used in documentation and network examples. Unlike the experimental addresses, network devices used in teaching and learning will accept these addresses in their configurations. You may often find these addresses used with the domain names example.com or example.net in RFCs, vendor, and protocol documentation.
- See more at: http://orbit-computer-solutions.com/Reserved-IP-Addresses.php#sthash.H2QQWBP0.dpuf
CIDR (Classless InterDomain Routing).CIDR (Classless Inter-Domain Routing) was introduced in 1993 (RCF 1517) replacing the previous generation of IP address syntax - classful networks. CIDR allowed for more efficient use of IPv4 address space and prefix aggregation, known as route summarization or supernetting.
CIDR introduction allowed for:
More efficient use of IPv4 address space Prefix aggregation, which reduced the size of routing tables
CIDR allows routers to group routes together to reduce the bulk of routing information carried by the core routers. With CIDR, several IP networks appear to networks outside the group as a single, larger entity. With CIDR, IP addresses and their subnet masks are written as four octets, separated by periods, followed by a forward slash and a two-digit number that represents the subnet mask e.g.
10.1.1.0/30
172.16.1.16/28
192.168.1.32/27 etc.
CIDR / VLSM Network addressing topology example
CIDR uses VLSM (Variable Lenght Subnet Masks) to allocate IP addresses to subnetworks according to need rather than class. VLSM allows for subnets to be further divided or subnetted into even smaller subnets. Simply, VLSM is just subnetting a subnet.
With CIDR, address classes (Class A, B, and C) became meaningless. The network address was no longer determined by the value of the first octet, but assigned prefix length (subnet mask) address space. The number of hosts on a network, could now be assigned a specific prefix depending upon the number of hosts needed for that network.
Propagating CIDR supernets or VLSM subnets require a classless Routing Protocols – . A classless routing protocol includes the subnet mask along with the network address in the routing update.
Books on IP Addressing and Exam Resources.
Summary routes determination
Determining the summary route and subnet mask for a group of networks can be done in three easy steps:
1. To list the networks in binary format.
2. To count the number of left-most matching bits. This will give you the prefix length or subnet mask for the summarized route.
3. To copy the matching bits and then add zero bits to the rest of the address to determine the summarized network address.
The summarized network address and subnet mask can now be used as the summary route for this group of networks. Summary routes can be used by both static routes and classless routing protocols. Classful routing protocols can only summarize routes to the default classful mask.
ISPs could now more efficiently allocate address space using any prefix length, ISPs were no longer limited to a- 255.0.0.0 or /8, 255.255.0.0 or /16, or 255.255.255.0 or /24 subnet mask which before the advent of CIDR is known as classful network addresses. Blocks of IP addresses could be assigned to a network based on the requirements of the customer, ranging from a few hosts to hundreds or thousands of hosts.
CIDR Advantages
With the introduction of CIDR and VLSM, ISPs could now assign one part of a classful network to one customer and different part to another customer. With the introduction of VLSM and CIDR, network administrators had to use additional subnetting skills.
The table below shows allowed subnet and Hosts IP address for all The Classes
Class A
No. of bits Subnet Mask CIDR No. of Subnets No. of Hosts Nets * Hosts2 255.192.0.0 /10 2 4194302 83886043 255.224.0.0 /11 6 2097150 125829004 255.240.0.0 /12 14 1048574 146800365 255.248.0.0 /13 30 524286 157285806 255.252.0.0 /14 62 262142 162528047 255.254.0.0 /15 126 131070 165148208 255.255.0.0 /16 254 65534 166456369 255.255.128.0 /17 510 32766 1671066010 255.255.192.0 /18 1022 16382 1674240411 255.255.224.0 /19 2046 8190 1675674012 255.255.240.0 /20 4094 4094 1676083613 255.255.248.0 /21 8190 2046 1675674014 255.255.252.0 /22 16382 1022 1674240415 255.255.254.0 /23 32766 510 1671066016 255.255.255.0 /24 65534 254 16645636
17 255.255.255.128 /25 131070 126 1651482018 255.255.255.192 /26 262142 62 1625280419 255.255.255.224 /27 524286 30 1572858020 255.255.255.240 /28 1048574 14 1468003621 255.255.255.248 /29 2097150 6 1258290022 255.255.255.252 /30 4194302 2 8388604
Class B
No. of bits Subnet Mask CIDR No. of Subnets No. of Hosts Nets * Hosts2 255.255.192.0 /18 2 16382 327643 255.255.224.0 /19 6 8190 491404 255.255.240.0 /20 14 4094 573165 255.255.248.0 /21 30 2046 613806 255.255.252.0 /22 62 1022 633647 255.255.254.0 /23 126 510 642608 255.255.255.0 /24 254 254 645169 255.255.255.128 /25 510 126 6426010 255.255.255.192 /26 1022 62 6336411 255.255.255.224 /27 2046 30 6138012 255.255.255.240 /28 4094 14 5731613 255.255.255.248 /29 8190 6 4914014 255.255.255.252 /30 16382 2 32764
Class C
No. of bits Subnet Mask CIDR #No. of Subnets No.of Hosts Nets * Hosts2 255.255.255.192 /26 2 62 1243 255.255.255.224 /27 6 30 1804 255.255.255.240 /28 14 14 1965 255.255.255.248 /29 30 6 1806 255.255.255.252 /30 62 2 124
- See more at: http://orbit-computer-solutions.com/CIDR.php#sthash.SQTkj1Nr.dpuf
IP Addressing. (IPv4)An IP address is a unique number / address used to identify a device on a network. An IP address is made up of 32 binary bits, which is divided into a Network portion and Host portion with the help of a Subnet Mask.
The 32 binary bits are broken into four octets (1 octet = 8 bits). Each octet is converted to decimal and separated by a period (dot). For this reason, an IP address is expressed in dotted decimal format e.g. 192.168.10.12.
The value in each octet ranges from 0 to 255 decimal, or 00000000 - 11111111 binary.
Below is how binary octets are converted to decimal: The right most bit, or least significant bit, of an octet holds a value of 20. The bit just to the left of that holds a value of 21. This continues until the left-most bit, or most significant bit, which holds a value of 27. So if all binary bits are a one, the decimal equivalent would be 255 as shown here:
1 1 1 1 1 1 1 1
128 64 32 16 8 4 2 1 = (128+64+32+16+8+4+2+1=255)
And this sample below shows an IP address represented in binary and decimal.
192. 168. 4. 10 (decimal)
11000000.10101000.00000100.00001010 (binary).
- See more at: http://orbit-computer-solutions.com/IP-Addressing.php#sthash.uKsDH3Ft.dpuf
DHCP.Dynamic Host Configuration Protocol works in a client/server mode. DHCP enables clients on an IP network to obtain or lease IP address or configuration from a DHCP server. This reduces workload when managing a large network. DHCP protocol is described in the RFC 2131.
Most modern operating system includes DHCP in their primary settings, these includes windows OS, Novell NetWare, Sun Solaris, Linux and Mac OS. The clients’ requests for addressing configuration from a DHCP network server, the network server manages the assignment of IP addresses and must be obliged to answer to any IP configuration requests from clients.
However, network routers, switches and servers need to have a static IP addresses, DHCP is not intended for the configuration of these types of hosts. Cisco routers use a Cisco IOS features known as Cisco Easy IP Lease. This offers an optional but full-featured DHCP server. Easy IP leases address for 24hrs by default, it is most useful in homes and small offices where users can take the advantages of DHCP and NAT without having an NT or UNIX server
The DHCP sever uses User Datagram Protocol (UTP) as it’s transport protocol to send message to the client on port 68, while the client uses port 67 to send messages to the server.
DHCP severs can offer other information, this include, DNS server addresses, WINS server addresses and domain names. In most DHCP servers, administrators are allowed to define clients MAC addresses, which the server automatically assigns same IP, address each time.
Most administrators prefer to work with Network server that offers DHCP services. These types of network are scalable and easy to manage.
- See more at: http://orbit-computer-solutions.com/DHCP.php#sthash.o4LwjwIh.dpuf
Network Security.Why is Network Security Important?Wherever there is a network, wired or wireless; there are threats. Some people are easily put off setting up a home or office network with the fear that any thing stored in their hard drive could be accessed by neighbours or hackers. The types of potential threats to network security are always evolving, and constant computer network system monitoring and security should be an ultimate priority for any network administrator.
If the security of the network is compromised, there could be serious consequences, such as loss of privacy, and theft of information.
When it comes to network security, the main concern is making sure that any wireless connections are protected against unauthorised access.
Most business transactions are done over the Internet, In addition, the rise of mobile commerce and wireless networks demands that security solutions become flawlessly integrated, more transparent, and more flexible.
Network attack tools and methods have evolved. Back in the days when a hacker had to have sophisticated computer, programming, and networking knowledge to make use of rudimentary tools and basic attacks.
Nowadays, network hackers, methods and tools has improved tremendously, hackers no longer required the same level of sophisticated knowledge, people who previously would not have participated in computer crime are now able to do so.
Types of Network Threats and AttacksAs the types of threats, attacks, and exploits grows, various terms have been used to describe the individuals involved. Some of the most common terms are as follows:
i. White hat- These are network attackers who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. A white hat generally focuses on securing IT systems.
ii. Hacker- This is a general term that is used to describe a computer programming expert. These are normally used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.
iii. Black hat or Cracker- The opposite of White Hat, this term is used to describe those individuals who use their knowledge of computer systems and programming skills to break into systems or networks that they are not authorized to use, this of course is done usually for personal or financial gain.
iv. Phreaker- This terms is often used to describe an individual who manipulates the phone network in a bid to perform a function that is not allowed. The phreaker breaks into the phone network, usually through a payphone, to make free or illegal long distance calls.
v. Spammer- This is often used to describe the persons who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages.
vi. Phisher- Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the
- See more at: http://orbit-computer-solutions.com/Network-Security.php#sthash.QPtVCwt1.dpuf
Network Monitoring. Monitoring the network can be a tedious task, especially when it’s a large one. As a network administrator, its you duty to ensure that your computer network systems are running smoothly and that no outages occurs on your watch. Keeping a constant eye on your network helps to increase the network efficiency; especially by knowing bandwidth and resources consumption.
There are different tools out there to help a network administrator in monitoring a network system for slow or failing components. Most of these tools helps to monitor, and notifies the network administrator of slow, failing components, resources consumption and sends notifications to the network administrator through email, SMS or alarms)
Cisco being the world leader in network administration and protection has several types of network admin tools including routers, switches, firewalls, wireless Access Points, VPNConcentrators etc etc.
Resources to monitor.
There are different resources including hardware to monitor on your network. These resources and tools used for network usage, speed and availability should be constantly monitored for effective performances.
Network usage monitoring: This helps the network administrator to accurately access and monitor CPU and servers load and usage.
Network speed Monitoring: this especially deals with monitoring the bandwidth usage and speed. High Bandwidth usage and load speed can prevents your company’s websites and network services can be frustrating to your website visitors or users slow-loading pages, downloading of files or images.
Monitoring Network availability: The companies websites, mail servers, lease lines are network resources that are mostly accessed by both internal and external parties for services, these resources should be constantly monitored for for availability.
Monitoring Network Security systems: The security of your network should be your ultimate concern, network monitoring tools should include a traffic monitor that allows you to view everything on your network. Your network users and IP addresses that access your network are to be monitored to make sure there are no unauthorized access to files and private company information.
- See more at: http://orbit-computer-solutions.com/Network-Monitoring.php#sthash.wiFFpmRc.dpuf
Switches. Network Switch
A Network switch is a device that filters, forwards, or floods frames based on the destination address of each frame .
Switches perform their routing functions at the layers 2 model of the OSI. Some switches process data at the Network Layer (layer 3), This types of switches are referred to as layer 3 switches or multilayer switches. Switches form an integral parts in networking LAN or WANs . Small office, Home office ( SOHO) applications normally, use a single or an all purpose switches .
The network switch is a very adaptable Layer 2 device; it replaces the hub as the central point of connection for multiple hosts.
In a more complex role, a switch may be connected to one or more other switches to create, manage, and maintain redundant links and VLAN connectivity. A switch processes all types of traffic in the same way, regardless of how it is used.
Switches moves traffic base on MAC addresses. Each switch maintains a MAC address table in high-speed memory, called content addressable memory (CAM). The switch recreates this table every time it is activated, using both the source MAC addresses of incoming frames and the port number through which the frame entered the switch.
As mentioned earlier, switches operates at the data-link layer of the OSI model, switch function is to create a different collision domain per switch port. Let take an example of Four computers PC 1, PC 2, PC 3, PC 4 attached to switch ports, then PC 1 and PC 2 can transfer data between them so as PC 3 and PC 4, simultaneously without interfering with each other's conversations.
Unlike the hub, which allows the sharing of bandwidth by all port, run in half-duplex and is prone to collisions of frames and retransmissions.
With some ISPs and other networking environments where there is a need for much analysis of network performance and security, switches may be connected between WAN routers as places for analytic modules. Some switches provide in built firewall, network intrusion detection and performance analysis modules that can plug into switch ports.
Recommended reading:
Cisco CCNA Books
Functions of Switches
CCNA - Past question & Answers with Explanation
- See more at: http://orbit-computer-solutions.com/Switches.php#sthash.BZIt1Ivx.dpuf
Difference between Hubs, Switches, Routers, and Access Points.Hubs, Switches, Routers, and Access Points are all used to connect computers together on a network, but each of them has different capabilities.
Hubs
Hubs are used to connect computers on a network so as to communicate with each other. Each computer plugs into the hub with a cable, and information sent from one computer to another passes through the hub.
A hub can't identify the source or destination of the information it receives, so it sends the information to all of the computers connected to it, including the one that sent it. A hub can send or receive information, but it can't do both at the same time.
Switches
Switches functions the same way as hubs, but they can identify the intended destination of the information that they receive, so they send that information to only the computers that its intended for.
Switches can send and receive information at the same time, and faster than hubs can. Switches are best recommended on a home or office network where you have more computers and want to use the network for activities that require passing a lot of information between computers.
Functions of a Switch
Routers
Routers are better known as intermediary devices that enable computers and other network components to communicate or pass information between two networks e.g. between your home network and the Internet. The most astounding thing about routers is their capability to direct network traffic. Routers can be wired (using cables) or wireless. Routers also typically provide built-in security, such as a firewall.
Access points
Access points provide wireless access to a wired Ethernet network. An access point plugs into a hub, switch, or wired router and sends out wireless signals. This enables computers and devices to connect to a wired network wirelessly. You can move from one location to another and continue to have wireless access to a network. When you connect to the Internet wirelessly using a public wireless network in an airport, hotel or in public, you are usually connecting through an access point. Some routers are equipped with a wireless access point capability, in this case you don’t need a wireless access Point.
- See more at: http://orbit-computer-solutions.com/Difference-between-Hubs%2C-Switches%2C-Routers%2C-and-Access-Points.php#sthash.5b0gqlXc.dpuf
VLSM Example #2.We use the network topology below as example:
The figure above shows 5 different subnets, each with different host requirements. The given IP address from our ISP is192.168.1.0/24.
The host requirements are:
Network A - 14 hosts
Network B - 28 hosts
Network C - 2 hosts
Network D - 7 hosts
Network E - 28 hosts
As recommended, we begin the process by subnetting for the largest host requirement first. As it seems, the largest requirements are for NetworkB and NetworkE, each with 28 hosts.
Don’t forget the cram table!
Let’s apply the formula: usable hosts = 2^n - 2. For networks B and E, 5 bits are borrowed from the host portion and the calculation is 2^5 = 32 - 2. Only 30 usable host addresses are available in this case due to the 2 reserved addresses. Borrowing 5 bits meets the requirement but leaves little room for future growth.
So we revert to borrowing 3 bits for subnets leaving 5 bits for the hosts. This allows 8 subnets with 30 hosts each.
We have created and will allocate addresses for networks B and E first:
Network B will use Subnet 0: 192.168.1.0/27
Host address range 1 to 30 (192.168.1.1 – 192.168.1.30)
192.168.1.31 (broadcast address)
Network E will use Subnet 1: 192.168.1.32/27
Host address range 33 to 62 (192.168.1.33 – 192.168.1.62)
192.168.1.63 (broadcast address)
The next largest host requirement is NetworkA, followed by NetworkD.
We will borrowing another bit and subnetting the network address 192.168.1.64 will give us the following a host range of:
Network A will use Subnet 0: 192.168.1.64/28
Host address range 65 to 78 (192.168.1.65 – 192.168.1.78)
192.168.1.79 (broadcast address)
Network D will use Subnet 1: 192.168.1.80/28
Host address range 81 to 94 (192.168.1.81 – 192.168.1.94)
192.168.1.95 (broadcast address)
This allocation supports 14 hosts on each subnet and satisfies the requirement.
*In Network C, there are only two hosts. In this case we borrow two bits to meet this requirement.
Beginning from 192.168.1.96 and borrowing 2 more bits results in subnet 192.168.1.96/30.
Network C will use Subnet 1: 192.168.1.96/30
Host address range 97 to 98 (192..168.1.97 –192.168.1.98)
192.168.1.99 (broadcast address)
From the above illustration, we have met all requirements without wasting many possible subnets and available addresses.
In this case, bits were borrowed from addresses that had already been subnetted. As you will recall from a previous section, this method is known as Variable Length Subnet Masking, or VLSM.
*use illustration to create networks for the WAN on the network..
- See more at: http://orbit-computer-solutions.com/VLSM-Example.php#sthash.zjUuYvXd.dpuf
Types of Addresses in IPv4. Within the IPv4 address range , there are three types of addresses:
Network Address - The address by which we refer to the network.
Broadcast Address - A special address used to send data to all hosts in the network.
Host Address - The addresses assigned to the end devices in the network.
Network Address
The network address is a standard way to refer to an IPv4 address assigned to a network. For example, we could refer to the network 192.168.1.0 or 172.16.0.0 as a “Network Address.” This is a much more convenient and descriptive way to refer to the network than using a term like "the first network." All hosts in the 172.16.0.0 network will have the same network bits.
when assigning IPv4 address to a host , the lowest address is reserved as the network address. This address has a 0 for each host bit in the host portion of the address, e.g
192.168.1.0 /24,
172.16.0.0 /16
Broadcast Address
The IPv4 broadcast address is a special address for each network that allows communication to all the hosts in that network. To send data to all hosts in a network, a host can send a single packet that is addressed to the broadcast address of the network.
The broadcast address uses the highest address in the network range. This is the address in which the bits in the host portion are all 1s. For the network 192.168.1.0 with 8 network bits, the broadcast address would be 192.168.0.255. This address is also referred to as the directed broadcast.
192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)
Host AddressesAs described previously, every end device requires a unique address to recieve and send packets. In IPv4 addresses, we assign the values between the network address and the broadcast address to the devices in that network e.g. hosts includes the end devices such as PCs, IP phones, printers etc.
e.g 192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)
192.168.1.2 - 254 (Host Addresses)
- See more at: http://orbit-computer-solutions.com/Types-of-IP-addresses.php#sthash.C0sKoHNH.dpuf
Spanning Tree Protocol (STP).STP is used by switches to prevent loops occurring on a network, this process is implemented by using spanning tree algorithm in disabling unwanted links and blocking ports that could cause loop.
Loops and duplicate frames can have severe consequences on a network. Most LANs are designed to provide redundancy so that if a particular link fails another one can take over the forwarding of frame across the LAN.
Basically, each switch port on a network detects the MAC address of a host or PC A, it then sends messages to other switches on the network to inform them of it’s knowledge on how to get to PC A. The problem starts when another switch discovers the same host or PC A’s
MAC address, In time every switch on the network will start flooding messages on the network of their discovery and how to get to the same PC A and a loop has formed.
STP Standards / Types
STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a loop.
When a switch port detects a loop in the network, it blocks (A port is considered blocked when network traffic is prevented from entering or leaving that port) one or more redundant paths to prevent a loop forming.
To stop a loop from forming, STP chooses one switch to be ‘Root Bridge’ on the network. Then other switches selects one of its ports as ‘Root Port’ then, a ‘designated port’ is chosen on each segment and all other ports are closed down.
STP outline of Process
Cisco switches runs STP by default, no configuration needed.
STP continually monitors the network for failures, be it switchports or changes in the network topology. STP acts quickly in making redundant ports available if there is a failure on a link.
Video: How STP Works
Summary:
Spanning Tree Protocol
* Used by switches to turn a redundant topology into a spanning tree.
* Disables unwanted links by blocking ports
* Is defined by IEEE 802.1d
* Switches run STP by default - configuration needed.
* Choose one switch to be Root Bridge
* Choose a Root Port on each other switch
* Choose a Designated Port on each segment
* Intentionally closes down all other ports
- See more at: http://orbit-computer-solutions.com/Spanning-Tree-Protocol--STP-.php#sthash.gqiVpe9k.dpuf
How the Root Bridge and Ports are chosen.The Root Bridge
In STP configured switched LAN or broadcast domain, a switch is designated as the root bridge. The root bridge serves as an administrative point for all spanning-tree calculations to determine which redundant links to block. An election process determines which switch becomes the root bridge.
Each switch has a Bridge ID (BID) that is made up of a priority value, an extended system ID, and the MAC address of the switch.
All switches in the network take part in the election process. After a switch boots up, it sends out BPDU frames containing the switch BID and the root ID every 2 seconds. By default, the root ID matches the local BID for all switches on the network. The root ID identifies the root bridge on the network. Initially, each switch identifies itself as the root bridge after bootup.
Lets look at it this way, when switches A, B, C and D are on the same network or broadcast domain boots up, the switches will forward their Bridge Protocol Data Unit (BPDU) frames to neighbouring switches. All switches in the network or broadcast domain will read the root ID information from the BPDU frame of all their neighbours.
After reviewing the entire root ID’s from the BPDU received from each switch, the switch with the lowest BID ends up being identified as the Root Bridge for the spanning tree process. It may not be an adjacent switch, but any other switch in the broadcast domain.
Study the figure below and see if you can Identify the switch with the lowest priority.
Root Ports - Switch ports closest to the root bridge with the lowest cost path.
Designated Ports - All non-root ports that are still permitted to forward traffic on the network.
Non-designated ports - All ports configured to be in a blocking state to prevent loops.
Summary.
* Each switch has a bridge ID (BID) of priority value followed by MAC address
* Switches exchange Bridge Protocol Data Unit (BDPU) to compare bridge IDs
* The switch with the lowest bridge ID becomes the root bridge.
* Eventually, all switches agree that the switch with the lowest BID is the root bridge.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Understanding-How-the-Root-Bridge-and-Ports-are-chosen.php#sthash.rLv7zrTf.dpuf
Spanning Tree Protocol Standards /Types.Types of STP
Like many networking standards, there are many types or variants of STP. These include:
i. PVST+
ii. RSTP
iii. Rapid-PVST+
iv MSTP
These are public or industrial specification created by the IEEE. Some of these STP types are Cisco proprietary and others are IEEE standards.
You will learn more details on some of these STP variants, but to get started you need to have a general knowledge of what the key STP variants are. Below, is a brief description of the key Cisco and IEEE STP variants.
Cisco ProprietaryPer-VLAN Spanning Tree Protocol (PVST) - Maintains a spanning-tree instance for each VLAN configured in the network. It uses the Cisco proprietary ISL trunking protocol that allows a VLAN trunk to be forwarding for some VLANs while blocking for other VLANs. Because PVST treats each VLAN as a separate network, it can load balance traffic at Layer 2 by forwarding some VLANs on one trunk and other VLANs on another trunk without causing a loop. For PVST, Cisco developed a number of proprietary extensions to the original IEEE 802.1D STP, such as BackboneFast, UplinkFast, and PortFast.
To learn more about these extensions, visit:
Configuring Spanning Tree PortFast, BPDU Guard, BPDU Filter, UplinkFast,
Per-VLAN Spanning Tree Protocol Plus (PVST+) - Cisco developed PVST+ to provide support for IEEE 802.1Q trunking. PVST+ provides the same functionality as PVST, including
the Cisco proprietary STP extensions. PVST+ is not supported on non-Cisco devices. PVST+ includes the PortFast enhancement called BPDU guard, and root guard.
To learn more about BPDU guard, visit:
Spanning Tree PortFast BPDU Guard Enhancement
To learn more about root guard, visit:
Spanning Tree Protocol Root Guard Enhancement
Rapid Per-VLAN Spanning Tree Protocol (rapid PVST+) - Based on the IEEE 802.1w standard and has a faster convergence than STP (standard 802.1D). Rapid PVST+ includes Cisco-proprietary extensions such as BackboneFast, UplinkFast, and PortFast.
IEEE StandardsRapid Spanning Tree Protocol (RSTP) - First introduced in 1982 as an evolution of STP (802.1D standard). It provides faster spanning-tree convergence after a topology change. RSTP implements the Cisco-proprietary STP extensions, BackboneFast, UplinkFast, and PortFast, into the public standard. As of 2004, the IEEE has incorporated RSTP into 802.1D, identifying the specification as IEEE 802.1D-2004. So when you hear STP, think RSTP.
Multiple STP (MSTP) - Enables multiple VLANs to be mapped to the same spanning-tree instance, reducing the number of instances needed to support a large number of VLANs. MSTP was inspired by the Cisco-proprietary Multiple Instances STP (MISTP) and is an evolution of STP and RSTP. It was introduced in IEEE 802.1s as amendment to 802.1Q, 1998 edition. Standard IEEE 802.1Q-2003 now includes MSTP. MSTP provides for multiple forwarding paths for data traffic and enables load balancing.
- See more at: http://orbit-computer-solutions.com/Spanning-Tree-Protocol-Standards---Types.php#sthash.6ZY6r4Ar.dpuf
Virtual Router Redundancy Protocol (VRRP)
Unlike HSRP which is Cisco propietary, VRRP is a Redundancy Protocol which operates in a network with multi-vendor devices.
VRRP offers the same benefits of HSRP, VRRP operates similar to HSRP by electing an active router called the Master among a group of routers that stores a configured virtual IP and MAC address.
Similar with HSRP, when there is a failure on the active router interface, VRRP would trigger the standby router (backup) to then become the Master and subsequently forward the client's traffic.
VRRP uses multicast (224.0.0.18) for its hello mechanism and elections.
How VRRP Works.VRRP Router Priority. An important feature of the VRRP redundancy operation is the VRRP router priority. VRRP Priority defines the role that each VRRP router plays and what happens if the virtual router master fails.
If a VRRP active router is configured with the IP address of the virtual router and the IP address of the physical interface, this router will function as a virtual router master.
You use the vrrp priority command to enable the a VRRP router to functions as a virtual router as well as a backup should the virtual router master fails. You can configure the priority of each virtual router backup with a value of 1 through 254 using the vrrp priority command.
For example, if Router A, the virtual router master in a vrrp group fails, an election process takes place to determine if virtual router backups B or C should take over. If Routers B and C are configured with the priorities of 90 and 100, respectively, Router B is elected to become virtual router master because it has the higher priority.
If Routers B and C are both configured with the priority of 100, the virtual router backup with the higher IP address is elected to become the virtual router master.
VRRP Preemption.Unlike in HSRP, VRRP preemption is enabled by default, which enables a higher priority virtual router backup that becomes accessible to take over from the virtual router backup that was elected to become virtual router master.
However, pre-emption can be disabled using the no vrrp preempt command. If preemption is disabled, the virtual router backup that is elected to become virtual router master remains the master until the original virtual router master recovers and becomes master again.
VRRP Advertisements.The virtual router (master) sends VRRP advertisements to other VRRP routers in the same group. The priority and state of the virtual router master are carried in the advertisements.
The VRRP advertisements are encapsulated in IP packets and sent to the IP Version multicast address assigned to the VRRP group.
Advertisements are sent every second by default; you can also configure what intervals you want the adverts sent.
How to configure VRRP on Cisco Router.We are going to use the topology below for an vrrp configuration example.
we will configure VRRP on R1 and R2 using the virtual IP address 10.1.20.1 and priority command with the value 10 on R1 .
R1(config)# interface Gi0/0
R1(config-if)# ip address 10.1.20.2 255.255.255.0
R1(config-if)# vrrp 10 ip 10.1.20.1
R1(config-if)# vrrp 10 priority 100
R1(config-if)# end
R2
R2(config)# interface Gi0/0
R2(config-if)# ip address 10.1.20.3 255.255.255.0
R2(config-if)# vrrp 10 ip 10.1.20.1
R2(config-if)# end
From the above, we configured VRRP on R1 and R2 using the virtual IP address 10.1.20.1 and priority command with the value 10 on R1 .
You can see that the vrrp group preempt command is not used because preempt is enabled by default for VRRP.
If you need to turn preempting off for any circumstance, use the command no vrrp group preempt.
- See more at: http://orbit-computer-solutions.com/Understanding-Virtual-Router-Redundancy-Protocol--VRRP-.php#sthash.MpJfmiR1.dpuf
The Host Standby Router Protocol (HSRP). The Host Standby Router Protocol (HSRP) is a Cisco proprietary protocol, as detailed in RFC 2281. HSRP provides gateway redundancy by sharing IP and MAC addresses between redundant gateways. The protocol consists of virtual MAC and IP addresses that are shared between two or more routers that belong to the same HSRP group.
How HSRP works.HSRP can be configured on a cisco router as a “virtual” router to be used in the routing of packets when the active router interface fails. Basically, what HSRP does is to stand in as a backup router, standing by for when the active router gateway interface fails.
This "virtual" router is configured with a single IP address (layer 3) and MAC address (layer 2) which is shared among two or more router on a LAN segment.
The IP address of the virtual router is configured as the default gateway for the clients on a specific IP segment. When frames are sent from the clients to the default gateway, the clients will use ARP to resolve the MAC address that is associated with the IP address of the default gateway. The ARP then replies with the MAC address of the virtual router. Frames that are sent to the MAC address of the virtual router can then be physically processed by any active or standby router that is part of that virtual router group.
HSRP can be classified as a redundancy protocol that provide a mechanism for determining which router should take the active role in forwarding traffic and determining when that role must be taken over by a standby router.
HSRP Terms.Active router: The router that is currently forwarding packets for the virtual router
Standby router: The primary backup router
Standby group: The set of routers participating in HSRP that jointly emulate a virtual router
The primary function of the HSRP standby router (virtual) is to monitor the functioning status of the HSRP group and to quickly assume packet-forwarding responsibility if the active router fails.
These are the steps that take place when a router or Layer-3 device (switch) fails:
1. The standby router stops receiving hello messages from the forwarding router.
2. The standby router assumes the role of the forwarding router.
3. Because the new forwarding router (standby router) assumes both the IP and MAC addresses of the virtual router, the connected network devices see no disruption in service.
- See more at: http://orbit-computer-solutions.com/The-Host-Standby-Router-Protocol-%3A-HSRP-Explained.php#sthash.KuxlbMhW.dpuf
Gateway Load Balancing Protocol (GLBP)
Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary solution for redundancy and load balancing in an IP network.
GLBP allow automatic selection and simultaneous recovery from first hop router failures.
GLBP provides load balancing over multiple (router) gateways using a single virtual IP address and multiple virtual MAC addresses.
Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets.
How GLBP Works.GLBP works by making use of a single virtual IP address, which is configured as the default gateway on the hosts.
The different routers that assume the forwarding role use different virtual MAC addresses for the same virtual IP address which is used to forward packets.
Unlike HSRP and VRRP, GLBP does not use a single virtual MAC address for the entire group. Instead, the AVG assigns different virtual MAC addresses to each of the physical routers in the group.
There are two types of routers in a GLBP group use in redundancy and load balancing:
Active Virtual Gateway(AVG):
Within a GLBP group,one virtual router (gateway) is elected as the Active Virtual Gateway(AVG), and its responsible for the operation of the protocol. This AVG router has the highest priority value or IP address in the group, it responds to all ARP requests for MAC addresses which it send to the virtual router IP address.
Active Virtual Forwarder (AVF)
A router within a GLBP group is elected as Active Virtual Forwarder (AVF) This AVF is responsible for forwarding packets sent to the mac address returned by the AVG router. Multiple active virtual forwarders can exist for each GLBP group.
So, when a client needs to send packet to known default gateway (AVG) with configured IP address, it requests for the MAC address by sending an ARP (address resolution protocol) request on the subnet.
The AVG will respond to these ARP requests with the virtual MAC address of each "active" virtual forwarders, based on a configured load sharing algorithm.
Types of GLBP load Balancing Mechanism.
There are two load-balancing mechanism that is used with GLBP. These including :
1. Round-robin: The default one. Each AVF in turn is included in address resolution replies for the virtual IP address.
2. Host-dependent: Based on the MAC address of a host where the same forwarder is always used for a particular host.
- Weighted: Based on weight dependent share of user between routers.
GLBP Load Balancing mechanism States.There are different states for AVG and AVF in a GLBP group.
AVG is having six states. These including:
1- Disabled : means no Virtual IP address configured.
2- Initial : means the virtual IP address configured but virtual gateway configuration is incomplete.
3 - Listen : receiving hello messages and ready to "speak" state if AVG unavailable.
4 - Speak : means the Virtual gateway is attempting to become the AVG.
5 - Standby : ready to become the next AVG.
6 - Active : means the current AVG and responsible for responding to ARP requests for the virtual IP address.
AVF is having four states. These including:
1- Disabled : means no Virtual MAC address assigned.
2 - Initial : The virtual MAC address is OK but virtual forwarder configuration is incomplete.
3 - Listen : Virtual forwarder is receiving hello and ready to “active” state if AVF unavailable.
4 - Active : current AVF and responsible for forwarding packets sent to the virtual forwarder MAC address.
Benefits of GLBP* Allows full use of resources on all devices without the administrative burden of creating multiple groups
* Provides a single virtual IP address and multiple virtual MAC addresses
* Routes traffic to single gateway shared evenly across multiple routers
* Provides automatic rerouting in the event of any failure
Summary
1. Active Virtual Router (AVG)
> Assigns Mac Address to the member of GLBP group.
> Responds to ARP requests
2. Virtual Forwarders (AVF)
> Forwards for given Mac address.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Redundancy-Protocol---Understanding-GLBP.php#sthash.7bpm2xAI.dpuf
IPV6 EIGRPv6.EIGRPv6 is still a distant-vector routing protocol with same link-state features, The hello process used in neighbour discovery and the Diffusing Update Algorithm (DUAL) use for loop free and fast convergence is still much present. Like its fellow IPv6 Protocols ( RIPng and OSPFv3), there are similarities in the processing features of IPv4 routing protocols.
EIGRP for IPv6 still possesses the same overall features and operation as EIGRP for IPv4; only there are a few major differences between them:
• EIGRP for IPv6 is configured directly on the router interfaces.
• With EIGRP for IPv6, a router ID is required on each router or the routing process does not start.
• The EIGRP for IPv6 routing process uses a shutdown feature.
* EIGRPv6 uses a multicast address of FF02::10 for routing updates and hello packets.
How to configure EIGRPv6.Unlike its predecessor eigrp IPv4, IPv6 is enabled directly to the interface without the network command. However, you can still use the router configuration mode to enable it and it must be turned on using the shutdown command.
EIGRPv6 Configuration Example:
The 22 is the autonomous system (AS) number. If you look closely, you will notice the prompt changed to(config-rtr) and from here you must use the no shutdown command.
On the interface fa0/0 configuration, same 22 references the AS number that was enabled in the configuration mode.
- See more at: http://orbit-computer-solutions.com/IPv6-EIGRPv6-Explained-.php#sthash.kdRfqUe1.dpuf
IPv6 Routing Protocols.
Most of the routing protocols we’ve learned in IPv4 had been modified to be used for longer IPv6 addresses and different header structures. IPv6 routing protocols are similar to their IPv4 counterparts, but since an IPv6 prefix is four times larger than an IPv4 prefix, routing updates have to carry more information.
IPv4 routing protocols functions and configurations still possess some similarities. One of the major differences between IPv4 and IPv6 protocols is the elimination of broadcast from the later.
The IPv6 routing protocols includes RIPng, EIGRPv6 and OSPFv3.
Lets look at the functions and how to configure IPv6 protocols this in detail:
1. RIPng: RIP-next generation as its fondly called is still same old RIP used in IPv4 networks; of course minus the broadcast, it’s just been given a new name and some face-lift but still works in same way as RIPv2.
RIPng is still a distant vector routing protocol with a max hop count of 15. It still uses the much familiar features as in split horizon, poison reverse to prevent loops and multicast address( when sending updates). The only slight difference is its usage of UDP port 521.
Unlike RIPv2 with multicast address of 224.0.0.9, IPv6 multicast address still retains the 9 at the end of its IP address – FF02::9. (this is similar to the broadcast function performed by RIP in IPv4).
IPv6 unlike its predecessor keeps track of their next hop address using a link-local address. RIPng Is known to be supported by Cisco IOS Release 12.2(2)T and later.
How to configure RIPng.RIPng is enabled without the traditional network command as was done in IPV4.
Before configuring the router to run IPv6 RIP, use the ipv6 unicast-routing global configuration command, and enable IPv6 on any interfaces on which IPv6 RIP is to be enabled.
To enable RIPng routing on the router, use the ipv6 router rip name global configuration command.
R1(config)#ipv6 router rip name
The “name” parameter identifies the RIP process. This process name is used later when configuring RIPng on participating interfaces.
For RIPng, you use the command ipv6 rip name enable in interface configuration mode to enable RIPng on an interface.
R1(config-if)#ipv6 rip name enable
The name parameter must match the name parameter in the ipv6 router rip command.
RIPng Configuration Example:
- See more at: http://orbit-computer-solutions.com/IPv6-Routing-Protocols-Explained.php#sthash.4QQclSUX.dpuf
IPv6 Routing Protocols: OSPFv3 Explained.OSPFv3 is a link-state routing protocols as its predecessor in IPv4. It still uses the autonomous areas to separate networks into areas.
OSPFv3 uses an IPv6 multicast address range of FF02::5 for ospf routes and FF02::6 for ospf designated routers when sending updates and acknowledgements.
OSPF routers generate routing updates only when a change occurs in the network topology.
When a route link changes state, the network device that detects the change creates an link State Advertisement (LSA) and forwards it to the DR using FF02::6 multicast address who informs all devices within an area using FF02::5 multicast address. Each device then updates its Link State Database.
One of the new features of OSPFv3 is the ability to assign the router ID, area ID and link-state ID with a 32 bit value without IP addresses. This feature enables OSPFv3 to be routable over almost any network layer protocol. Like other IPv6 routing protocols - RIPng and EIGRPv6, you must enable it directly on the router interface for the process to work.
OSPFv3 Configuration Requirements.* OSPFv3 configuration requirements:
* Enable IPv6 unicast routing
* Enable the OSPFv3 routing process
* Enable OSPFv3 on the interface
* Configure passive interfaces to suppress routing updates to and from an interface.
The interface configuration process is just to assign an ospfv3 process ID and area.
How to Configure OSPF Multiarea network.
- See more at: http://orbit-computer-solutions.com/OSPFv3-Explained-.php#sthash.U06nXwm6.dpuf
VLAN Trunking Protocol (VTP).During the early days of networking, it was difficult to implement VLANs across networks. Each VLAN was manually configured on each network switch. Managing a large switched
network used to be a complicated tasks, VLAN trunking methods was developed to help ease this problem.
VTP Concept
VLAN Trunking Protocol (VTP) is a Cisco Proprietary which basic aim is to manage all configured VLANs across a switched network. VTP helps to propagate and maintain VLAN configurations consistency to other switches on the network.
VTP is a messaging protocol that uses layer 2 trunk frames to add, delete and rename VLANs on a single domain. It helps to centralize changes which are sent to other switches on the network.
A switch had to be configured in the role of a VTP server to manage your VLAN configuration on your network. The sever(s) will share VLAN information with other switches on the network which must use the same domain name.
VTP learns only normal-range VLANs (VLAN IDs 1 to 1005).
The primary role of VTP is to maintain VLAN configuration consistency across a network administration domain.
VTP stores VLAN configurations in the VLAN database called vlan.dat.
After a trunk is established between switches, VTP advertisement is exchanged between the switches. Both the server switch and client exchange and monitor advertisement from one another to ensure each has an accurate record of VLAN information. VTP advertisement will not be exchanged if the trunk between the switches is inactive.
In the diagram above, a trunk link is configured between switch S1, (VTP Server), S2 and S3 - VTP client.
After a trunk is established between the switches, VTP summary advertisement is exchanged among the switches.
How to Configure VTP on a Cisco switch
VTP Configuration Guidelines
The following command is used to configure a switch (S1) as VTP server:
Sw1#config t
Sw1(config)#vtp mode server
Sw1(config)#exit
Configure switch (Sw2 and Sw3) as VTP client:
Sw2#config t
Sw2(config)#vtp mode client
Sw2(config)#exit
Configuring VTP Domain Name and Password:
For VTP summary advertisement be exchanged among the switches, all switches in the network have to belong to the same domain and use the same password:
VTP Domain
Sw1#config t
Sw1(config)#vtp domain lab
Sw1(config)#exit
VTP password
Sw1#config t
Sw1(config)#vtp password orbit123
Sw1(config)#exit
Configure the same domain name and password for the clients.
Confirm configuration changes.
Use the show vtp status command on S1 to confirm that the VTP mode and domain are configured
correctly.
Sw1#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : lab
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x8C 0x29 0x40 0xDD 0x7F 0x7A 0x63
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Confirm the same for S1 and S2
To verify the VTP password, use the show vtp password command.
Sw1#show vtp password- See more at: http://orbit-computer-solutions.com/VLAN-Trunking-Protocol--VTP-.php#sthash.hGm7oB13.dpuf
Ways to Migrate to IPv6.Before now, most networks; if not all, runs on IPv4 infrastructure, especially if your network is using old routers and switches. To upgrade your network to be IPv6 compliant, one or two strategies listed below can be used to implement this process on your network.
1. Dual Stacking: This method of migration enables a network to run both IPv4 and IPv6 protocols simultaneously. This is one of the simplest methods you can use to upgrade on your IPv4 network. Dual stacking enables you to upgrade your older network devices one after another in other to continue the existing communication.Cisco IOS Release 12.2(2)T are IPv6-ready. As soon as you configure basic IPv4 and IPv6 on the interface, the interface is dual-stacked and forwards IPv4 and IPv6 traffic on that interface. How to configure IPv6 Dual Stacking.To configure dual stacking on a Cisco router in your network, all you have to do is enable IPv6 forwarding and assign an IPv6 address to the router interfaces already configured with IPv4 address. To enable IPv6 on a Cisco IOS router requires that you use the global configuration command ipv6 unicast-routing. This command enables the forwarding of IPv6 data on your network.
- See more at: http://orbit-computer-solutions.com/Ways-to-Migrate-to-IPv6-.php#sthash.2ziBHIHS.dpuf
IPv6 Address Expression and Examples.Unlike the 32-bit with four 8-bit fields of IPv4 address, separated by dots. IPv6 process a larger, 128-bit and the use of colons to separate it's 16-bit hexadecimal entries.
Below explains how to shorten the IPv6 address:
Lets use the IPv6 address:
2041:0000:130F:0000:0000:07C0:853A:140B.
The Leading zeros in a field are optional. That means: the field 07C0 equals 7C0, and the field 0000 can be written as 0.
So, the above IPv6 address: 2041:0000:130F:0000:0000:07C0:853A:140B can be written as :
2041:0:130F:0000:0000:7C0:853A:140B.
In addition, the fields of zeros can be represented as two colons " :: ". like so:
2041:0:130F:0000:0000:7C0:853A:140B
It can also be written as:
2041:0:130F:: 7C0:853A:140B. (with the field of 0s represented by colons)
Check the steps below:
Other Examples:
Also...
- See more at: http://orbit-computer-solutions.com/IPv6-Address-Expression-and-Examples-.php#sthash.mDWFtzsm.dpuf
IPv6 Stateful Autoconfiguration.DHCPv6 is a network protocol that works pretty much the same as DHCP in IPv4.
DHCPv6 is used to assign ip addresses and prefix to IPv6 hosts on a network. This is also known as a stateful autoconfiguration.
How DHCPv6 Works.If you know about stateless autoconfiguration, where a host sends a router solicitation (RS) message via a router to a DHCPv6 server on the network for IPv6 configuration, the host receives a router advertisement (RA) from the DHCPv6 server via the router with IPv6 IP addresses configuration.
If there are no router on the network, the host will send a DHCP solicit
multicast message with an addressed source of FF02::1:2, this multicast message is sent to all DHCPv6 servers and relays on the network.This works the same way as it does in IPv4 DHCP.
How to Configure DHCPv6 on Cisco router.
R1#config t
R1(config)# ipv6 dhcp pool
R1(config-dhcp)# ipv6 dhcp pool test
R1(config-dhcp)#dns-server
R1(config-dhcp)#domain-name orbit123.com
R1(config-dhcp)#prefix-delegation pool test lifetime 64000 64000
Assign DHCPv6 to an interface:R1#config t
R1(config)#interface fa0/0
R1(config-if)#ipv6 dhcp server test
The above interface configuration is quite different from that of IPv4. Overall, we have configured DHCPv6 server and applied it to an Interface
- See more at: http://orbit-computer-solutions.com/DHCPv6%3A-How-DHCPv6-works.php#sthash.aPPQCcij.dpuf
EIGRPv6 Passive Interface. You can use the EIGRPv6 passive-interface command to control the advertisement of routing information.
The command enables the to stop routing updates over some interfaces while it allows updates to be exchanged normally over other interfaces.
How to Configure EIGRP Passive Interface.We use the topology below as example.
HQ(config)# ipv6 router eigrp 22
HQ(config-rtr)# passive-interface g0/0
HQ(config-rtr)# passive-interface g0/1
The configuration above enable the router to stop the exchange of hello packets between routers which will result in the loss of a neighbor relationship.
Therefore, it is only used on interfaces where no routers are connected.
This stops not only routing updates from being advertised, but it also suppresses incoming routing updates.
Use the show command to verify your configuration.
HQ#show ipv6 protocols
!!!
IPv6 Routing Protocol is "ND"
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "eigrp 22"
EIGRP-IPv6 Protocol for AS(22)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
NSF-aware route hold timer is 240
Router-ID: 1.1.1.1
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 16
Maximum hopcount 22
Maximum metric variance 1
Interfaces:
Serial0/0/0
GigabitEthernet0/0 (passive)
GigabitEthernet0/1 (passive)
Redistribution:
None
HQ#
RIPng.
IPv6 ACLs
OSPFv3
IPv4 EIGRP
Hot Standby Router Protocol (HSRP)Host Standby Router Redundancy Protocol (HSRP)
Virtual Router Redundancy Protocol (VRRP)
Gateway Load Balancing Protocol (GLBP)
Spanning Tree Protocol (STP)
VLAN Trunking Protocol (VTP)
IPv6
EIGRPv6
RIPv6
OSPFv3
DHCPv6
- See more at: http://orbit-computer-solutions.com/Understanding-EIGRPv6-Passive-Interface-.php#sthash.fGxQnaK4.dpuf
Understanding Simple Network Management Protocol-SNMP.SNMP is an application layer protocol that provides a message format for communication between what are termed managers and agents.
Uses of SNMP
Network administrators use SNMP to monitor and map network availability, performance, and error rates.
SNMP Components include:
SNMP manager: This is a distinct unit with the responsibility to communicate with the SNMP agent configured and connected to the network. This can be in form of a computer or server used to run one or more network management systems.
Functions SNMP Manager includes:
Queries agents
Gets responses from agents
Acknowledges asynchronous events from agents
Sets variables in agents
SNMP Agent: This a program installed or configured within the network device/agent enabling it to collect the management information which is stored in its database locally and makes it available to the SNMP manager, when it is queried for.
Functions of a SNMP agent:
Stores and retrieves network management information as defined in the MIB.
Informs and relates an event to the manager.
Collects management information about its local environment
Acts as a proxy for some non–SNMP manageable network node
Management Information Base- MIB
This a virtual database of network management information commonly shared between the Agent and the Manager.
The SNMP manager uses SNMP Agents information contained in their database to request the agent for specific information and further translates the information as needed for the Network Management System (NMS).
copyright Cisco.com
SNMP versions.
SNMPv1:
This is the first version of the protocol, which is defined in RFCs 1155 and 1157
SNMPv2c:
This is the revised and enhancements of SNMPv1 in the areas of protocol packet types, transport mappings, MIB structure elements but using the existing SNMPv1 administration structure ("community based security mechanism" )
SNMPv3:
Security is the main definition and concern of SNMPv3 version.
SNMPv3 also enables remote configuration of the SNMP units.
The main features of SNMPv3 includes:
Message integrity: This helps ensure that a packet has not been tampered with in transit
Authentication: This helps ensure that the packet came from a known and trusted source
Encryption: This helps to ensure that information cannot be read if the data is captured in transit
- See more at: http://orbit-computer-solutions.com/Understanding-Simple-Network-Management-Protocol-SNMP.php#sthash.16lzisfT.dpuf
IPv6 Static and Default Route.Static and default routes IP configurations on network routers is to enable communication to remote networks that are not directly connected.
There are similarities when configuring IPv4 and IPv6 static and default routes on Cisco Integrated Services Routers (ISRs), the only difference is the IP addressing formats and IPv6 routing had to be enabled on the router with the ipv6 unicast-routing command in global configuration mode.
Types of IPv6 Static and Default Routes
There are three types of IPv6 static and default routes:
•Directly Connected IPv6 Static Route – A directly connected static route is enabled when an outgoing interface is specified.
A directly connected static route is normally used with a point-to-point serial interface.
To configure a directly attached IPv6 static route, use the following command format:
e.g.
Router(config)# ipv6 route <ipv6-prefix/prefix-length> <outgoing-interface-type> <outgoing-interface-number>
•Recursive IPv6 Static Route – A recursive static route is created when specifying the next-hop IP address.
This method enable the router to perform a recursive lookup in the routing table in order to identify the outgoing interface.
In a recursive IPv6 static route, the route entry has the next-hop router IPv6 address.
To configure a recursive IPv6 static route, use the following command format:
e.g.
Router(config)# ipv6 route <ipv6-prefix/prefix-length> <next-hop-ipv6-address>
•Default IPv6 Static Route – A default IPv6 static route is created by specifying the destination IPv6 prefix and prefix length all zeros, ::/0.
e.g.
Router(config)# ipv6 route ::/0 <outgoing-interface-type> <outgoing-interface-number> {and/or} <next-hop-ipv6-address>
How to Configure IPv6 Static and Default Routes.We will use the topology below as an example:
Step-by-step IPv6 static and default routes configuration.
All router interfaces must be enabled with IPv6 unicast-routing command before further configurations.
If you look closely at the topology, the routers GigabitEthernet0/1 (G0/1) interface has a globally routable unicast address and EUI-64 is used to create the interface identifier portion of the address.
The S0/0/1 interface has a privately routable, unique-local address, which is recommended for point-to-point serial connections.
R1 Configuration.
1. Enable IPv6 routing, then configure the router G0/1 and serial interface with IPv6 address.
R1(config)# ipv6 unicast-routing
R1(config)# interface g0/1
R1(config-if)# ipv6 address 2001:FC8:A72C:A::/64 eui-64
R1(config-if)# no shutdown
R1(config-if)# interface serial 0/0/1
R1(config-if)# ipv6 address FC00::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R2 Configuration.
2. Enable IPv6 routing, then configure the router G0/1 and serial interface with IPv6 address.
R2(config)# ipv6 unicast-routing
R2(config)# interface g0/1
R2(config-if)# ipv6 address 2001:FC8:A72C:B::/64 eui-64
R2(config-if)# no shutdown
R2(config-if)# interface serial 0/0/0
R2(config-if)# ipv6 address FC00::2/64
R2(config-if)# no shutdown
R2(config-if)# exit
How to Configure a directly connected IPv6 static route.
R1(config)# ipv6 route 2001:FC8:A72C:B::/64 serial 0/0/1
R1(config)#
3. Now create a return route to 2001:FC8:A72C:A::/64 on R2 to successfully ping across the network.
R2(config)# ipv6 route 2001:FC8:A72C:A::/64 serial 0/0/0
R2(config)#
Now that both routers have static routes configured on them, communication across the network will successfully.
How to Configure a recursive IPv6 static route.
Firstly, delete the directly enabled static route On router R1, and configure a recursive static route.
R1(config)# no ipv6 route 2001:FC8:A72C:B::/64 serial 0/0/1
R1(config)# ipv6 route 2001:FC8:A72C:B::/64 FC00::2
R1(config)# exit
also, delete the directly enabled static route On router R2, and configure a recursive static route.
R2(config)# no ipv6 route 2001:FC8:A72C:A::/64 serial 0/0/0
R2(config)# ipv6 route 2001:FC8:A72C:A::/64 FC00::1
R2(config)# exit
How to Configure a default IPv6 static route.
In a default static route, the destination IPv6 prefix and prefix length are all zeros.
Firstly, delete the recursive static route on router R1 and configure a default static route.
R1(config)# no ipv6 route 2001:FC8:A72C:B::/64 FC00::2
R1(config)# ipv6 route ::/0 serial 0/0/1
R1(config)#
Delete the recursive static route and add a default static route on R2.
R2(config)# no ipv6 route 2001:FC8:A72C:A::/64 FC00::2
R2(config)# ipv6 route ::/0 serial 0/0/0
R2(config)#
- See more at: http://orbit-computer-solutions.com/IPv6-Static-and-Default-Route%3A-How-to-Configure-IPv6-Static-and-Default-Routes-.php#sthash.5DX2RUsq.dpuf
Types of IPv6 Address.Just like IPv4’s Unicast, Broadcast and Multicast addresses that defines the basics of communication and connectivity on the internet, IPv6 managed to remove the broadcast (because of the difficulties it causes on a network through looping) from the trio and introduced Anycast.
Lets look at these IPv6 address types in detail below:
Unicast Address: Packets addressed to a unicast address is destined for a single interface. This can also refered to as one –to-one ipv6 address. Other different type of unicast addressing is Global, Link local, Site local.
Global Unicast Address:
An IPv6 unicast address is globally routable on the public internet. It shares the same address format as an IPv6 anycast address. Global unicast addresses are assigned by the Internet Assigned Numbers Authority (IANA).
Link-local Addresses:
These are private address that is not meant to be routed on the internet. They can be used locally by private or temporary LANs for sharing and distribution of file among devices on the LAN.
Unique local address:
This type of ipv6 address also not intended to be routed on the public internet. Unique local is a replacement of site-local address, that allows communication within a site while being routable to a multiple local networks.
Multicast Address:
This can also be refered to as One-to-Many. Packets addressed to multicast address are delivered to all interface identified by the multicast address. Multicast address types are easily notable because they normally begins with FF.
Anycast:
This form of ipv6 address is similar to the multicast address with a slight difference. Anycast address can also be refered to as One to Nearest. It can be used to address packets meant for multiple interfaces; but usually it sends packets to the first interface it finds as defined in the routing distance. This means it send packets to the closest interface as determined by routing protocols.
Anycast address is a very special ipv6 addressing type such that it can also be used to deliver a packet to more than one interface which also helped earn the name as One-to-One or Many address!
Loopback Address:
Just as in IPv4, a provision has been made for a special loopback IPv6 address for testing. However, in IPv6 there is just one address, not a whole block, for this function. The loopback address is 0:0:0:0:0:0:0:1, which is normally expressed using zero compression as "::1".
Special IPv6 addressesJust like in IPv4, IPv6 have some addresses specially reserved for specific use. Below are example of these addresses:
1. 0:0:0:0:0:0:0:0 can be represented as ::
This is equivalent to ipv4 version of 0.0.0.0.which is the host source address use during stateful configuration.
2. 0:0:0:0:0:0:0:1 = 1 - This is 127.0.0.1 equivalent in IPv4.
3. 20000::/3 - The global unicast address range.
4. FEC00::/7 - The unique local address range.
5. FE80::/10 - Link-local unicast address range.
6. FF00::/8 - The multicast range.
7. 3FFF:FFFF::/32 and 2001:0DB8::/32 - Reserved address range for examples and documentation.
8. 2002::/16 - this address range are normally use during the ipv6 transition or migration(6to4) configuration.- See more at: http://orbit-computer-solutions.com/Types-of-IPv6-Address-.php#sthash.SCEbSyQS.dpuf
How IPv6 address works.
IPv6 uses a special feature called autoconfiguration to find and assign IP address configuration to hosts on the network. IPv6 autoconfiguration can be S tateful (DHCPv6) or stateless.
IPV6 Stateless autoconfiguration.IPv6 stateless autoconfiguration is a process that allows devices on a network to address themselves with a link-local unicast address. It’s a well known idea that every device on a Ethernet network has an interface address (Physical MAC address).
The process of autoconfiguration begins with the network router obtaining the network device prefix interface address or physical mac address and goes on to add its own prefix interface address.
Have in mind that IPv6 is address is 64 bits in length, and a mac address is 48 bits, the extra 16 bits is added at the middle of the mac address with FFFE to complete the autoconfiguration of the Ethernet device’ ipv6 address.
Example:
i. A MAC address is 48 bits. 0070:e876:b987
ii. 2 will be added after the first byte: 0270:e876:b987 (adding 2 makes the address globally unique since a bit of 0 is locally unique.)
iii. Insert FFFE in the middle = 0270:e8FF:FE76:b987
Stateless Auto configuration steps in summary:
i. The host sends a multicast message to each router multicast address known as Router Solicitation message (RS) for a prefix information. This message is sent inform of an ICMP type 133.
ii. The router replies with multicast packet to each multicast address with the required prefix information through the router advertisement (RA). This message is also sent inform of an ICMP type 134.
iii. The host receives the RA and added prefix, allowing it’s interface to be autoconfigured.
- See more at: http://orbit-computer-solutions.com/Understanding-How-IPv6-Works.php#sthash.cbesZy9R.dpuf
How to Configure IPv6 Addresses.Enabling IPv6 on Cisco Routers.By default, IPv6 traffic-forwarding is disabled on a Cisco router. It must to be activated between interfaces by using the global configuration command - ipv6 unicast-routing. The global configuration command must be used in both Stateful (DHCPv6) and Stateless autoconfiguration.
There are two basic steps used to activate IPv6 on a Cisco router:
i. First, you must activate IPv6 traffic-forwarding on the router, and
ii. then you must configure each interface that requires IPv6.
Command syntax for enabling IPv6 on Cisco routers:
When a network router interface is configured with an ipv6 address, a link-local address will be configured automatically for the interface.
You must specify the entire 128-bit IPv6 address or specify to use the 64-bit prefix by using the eui-64 option.
IPv6 Address Configuration Example
From the above IPv6 address configuration example, router1 is shown connected to an IPv6 WAN to router2 with the a subnet prefix address of 2001:db8:3c4d:2::/64.
We used the following commands:
R1(config)#ipv6 unicast-routing (is configured on the router to activate IPv6 routing and configure the router fa0/1 interface).
The EUI-64 option is used to create the 64-bit MAC address.
Note.
The MAC address of the Ethernet Fa0/1 interface is 0260.3d47.1720.
Using the show ipv6 interface fa0/1 command, the MAC address is displayed as part of the IPv6 address with the Hex characters FFFE (16 bits) added in the middle, which expands the 48-bit MAC address to create the IPv6 64-bit link-local address.
R1#show ipv6 interface fa0/1
Fa0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::260:3dFF:FE47:1720
Global unicast addresses:
2001:DB8:C18:1:260:3EFF:FE47:1720, subnet is 2001:DB8:C18:1::/64
Joined group addresses:
FF02::1:FF47:1720
FF02::1
FF02::2
MTU is 1500 bytes
How IPv6 address is formed.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Configuring-IPv6-Addresses%3A-Enabling-IPv6-on-Cisco-Routers.php#sthash.T0jz2PAm.dpuf
VLAN Trunking Protocol (VTP).During the early days of networking, it was difficult to implement VLANs across networks. Each VLAN was manually configured on each network switch. Managing a large switched network used to be a complicated tasks, VLAN trunking methods was developed to help ease this problem.
VTP Concept
VLAN Trunking Protocol (VTP) is a Cisco Proprietary which basic aim is to manage all configured VLANs across a switched network. VTP helps to propagate and maintain VLAN configurations consistency to other switches on the network.
VTP is a messaging protocol that uses layer 2 trunk frames to add, delete and rename VLANs on a single domain. It helps to centralize changes which are sent to other switches on the network.
A switch had to be configured in the role of a VTP server to manage your VLAN configuration on your network. The sever(s) will share VLAN information with other switches on the network which must use the same domain name.
VTP learns only normal-range VLANs (VLAN IDs 1 to 1005).
The primary role of VTP is to maintain VLAN configuration consistency across a network administration domain.
VTP stores VLAN configurations in the VLAN database called vlan.dat.
After a trunk is established between switches, VTP advertisement is exchanged between the switches. Both the server switch and client exchange and monitor advertisement from one another to ensure each has an accurate record of VLAN information. VTP advertisement will not be exchanged if the trunk between the switches is inactive.
In the diagram above, a trunk link is configured between switch S1, (VTP Server), S2 and S3 - VTP client.
After a trunk is established between the switches, VTP summary advertisement is exchanged among the switches.
How to Configure VTP on a Cisco switch
VTP Configuration Guidelines
The following command is used to configure a switch (S1) as VTP server:
Sw1#config t
Sw1(config)#vtp mode server
Sw1(config)#exit
Configure switch (Sw2 and Sw3) as VTP client:
Sw2#config t
Sw2(config)#vtp mode client
Sw2(config)#exit
Configuring VTP Domain Name and Password:
For VTP summary advertisement be exchanged among the switches, all switches in the network have to belong to the same domain and use the same password:
VTP Domain
Sw1#config t
Sw1(config)#vtp domain lab
Sw1(config)#exit
VTP password
Sw1#config t
Sw1(config)#vtp password orbit123
Sw1(config)#exit
Configure the same domain name and password for the clients.
Confirm configuration changes.
Use the show vtp status command on S1 to confirm that the VTP mode and domain are configured
correctly.
Sw1#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : lab
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x8C 0x29 0x40 0xDD 0x7F 0x7A 0x63
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Confirm the same for S1 and S2
To verify the VTP password, use the show vtp password command.
Sw1#show vtp password
VTP Password: orbit123
S1#
- See more at: http://orbit-computer-solutions.com/VLAN-Trunking-Protocol--VTP-.php#sthash.hGm7oB13.dpuf
Configuring VLAN on a Cisco Switch.On this page, we learn how to configure:
* Telnet line and Password
* Console line and Password
* VLAN and names
* Switch host names
* Delete a VLAN
* Assigning a switch port
The following is a basic configuration of VLAN on Cisco Switch Interfaces:
Before you begin you must have worked out your IP addresses
We are configuringVLAN ports for three departments:
VLAN 10, Name: orbit
VLAN 20, Name:cisco
VLAN 30, Name: Student
We use the topology below as an example:
Configuring Telnet line and password:
switch1#config t
Switch1(config)#enable secret cisco
Switch1(config)#line vty 0 15
Switch1(config-line)#password cisco
Switch1(config-line)#login
Switch1(config-line)#exit
Configuring console line and password:
Switch1(config)#line con 0
Switch1(config-line)#password cisco
Switch1(config-line)#login
Switch1(config-line)#exit
Create and Configure VLANs and Names on Switch:
Switch1#config t
switch1(config)#vlan 10
switch1(config-vlan)#name orbit
switch1(config-vlan)#exit
switch1(config)#vlan 20
switch1(config-vlan)#name cisco
Switch11(config-vlan)#exit
Switch1(config)#vlan 30
Switch1(config-vlan)#name student
Switch1(config-vlan)#exit
Switch1(config)#exit
To view your configurations, use the show vlan command: -
Switch1#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
10 orbit active
20 cisco active
30 student active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
005 trnet-default active
<input omitted>
Switch#
How to assign a switchport to a VLAN.
After creating your VLAN, you can assign a switch port to the VLAN .
VLAN 20, is statically assigned to port F0/8 on switch S1:
Switch1#config t
Switch1(config)#interface fa0/2
Switch1(config-if)#switchport mode access
Switch1(config-if)#switchport access vlan 20
Switch1(config-if)#no shut
Switch1(config-if)#exit
Switch1(config)#exit
Switch1#
use the above commands to assign the rest of the VLANs a switchport access.
How to delete VLANs
To delete a VLAN, use the global configuration command no vlan vlan-id to remove VLAN 20 from the switch.
e.g.
Switch1(config)#no vlan 10
Switch1(config)#end
Use the show vlan brief command to verify that VLAN 20 is no longer in the vlan.dat file.
Alternatively, the entire vlan.dat file can be deleted using the command delete flash:vlan.dat from privileged EXEC mode. After the switch is reloaded, the previously configured VLANs will no longer be present. This effectively places the switch into is "factory default" concerning VLAN configurations.
- See more at: http://orbit-computer-solutions.com/How-to-Configure-VLAN-on-a-Cisco-Switch.php#sthash.sqNnWGKE.dpuf
VLAN Trunking Protocol (VTP).During the early days of networking, it was difficult to implement VLANs across networks. Each VLAN was manually configured on each network switch. Managing a large switched network used to be a complicated tasks, VLAN trunking methods was developed to help ease this problem.
VTP Concept
VLAN Trunking Protocol (VTP) is a Cisco Proprietary which basic aim is to manage all configured VLANs across a switched network. VTP helps to propagate and maintain VLAN configurations consistency to other switches on the network.
VTP is a messaging protocol that uses layer 2 trunk frames to add, delete and rename VLANs on a single domain. It helps to centralize changes which are sent to other switches on the network.
A switch had to be configured in the role of a VTP server to manage your VLAN configuration on your network. The sever(s) will share VLAN information with other switches on the network which must use the same domain name.
VTP learns only normal-range VLANs (VLAN IDs 1 to 1005).
The primary role of VTP is to maintain VLAN configuration consistency across a network administration domain.
VTP stores VLAN configurations in the VLAN database called vlan.dat.
After a trunk is established between switches, VTP advertisement is exchanged between the switches. Both the server switch and client exchange and monitor advertisement from one another to ensure each has an accurate record of VLAN information. VTP advertisement will not be exchanged if the trunk between the switches is inactive.
In the diagram above, a trunk link is configured between switch S1, (VTP Server), S2 and S3 - VTP client.
After a trunk is established between the switches, VTP summary advertisement is exchanged among the switches.
How to Configure VTP on a Cisco switch
VTP Configuration Guidelines
The following command is used to configure a switch (S1) as VTP server:
Sw1#config t
Sw1(config)#vtp mode server
Sw1(config)#exit
Configure switch (Sw2 and Sw3) as VTP client:
Sw2#config t
Sw2(config)#vtp mode client
Sw2(config)#exit
Configuring VTP Domain Name and Password:
For VTP summary advertisement be exchanged among the switches, all switches in the network have to belong to the same domain and use the same password:
VTP Domain
Sw1#config t
Sw1(config)#vtp domain lab
Sw1(config)#exit
VTP password
Sw1#config t
Sw1(config)#vtp password orbit123
Sw1(config)#exit
Configure the same domain name and password for the clients.
Confirm configuration changes.
Use the show vtp status command on S1 to confirm that the VTP mode and domain are configured
correctly.
Sw1#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : lab
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x8C 0x29 0x40 0xDD 0x7F 0x7A 0x63
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Confirm the same for S1 and S2
To verify the VTP password, use the show vtp password command.
Sw1#show vtp password
VTP Password: orbit123
S1#
- See more at: http://orbit-computer-solutions.com/VLAN-Trunking-Protocol--VTP-.php#sthash.Cme3thzA.dpuf
VLAN ID Ranges.VLANs ID is divided into either a normal range or an extended range.
Normal Range IDs
- 1 – 1005
- 1002 – 1005 are reserved for Token Ring and FDDI VLANs
- 1 and 1002 to 1005 are automatically created and cannot be removed
- Normal rage VLANs IS store in the vlan.dat file in the flash memory.
Extended Range IDs
- 1006 – 4094
- Designed for service providers
- Have fewer options than normal range VLANs
- Stored in the running configuration file
Cisco catalyst 2960 switch supports 255 normal and extended range VLANs.- See more at: http://orbit-computer-solutions.com/VLAN-ID-Ranges.php#sthash.hldtIo2a.dpuf
VLAN Switch Port Modes.When you configure a VLAN, you must assign it a number ID, and you can optionally give it a name. The purpose of VLAN implementations is to associate ports with particular VLANs. You configure the port to forward a frame to a specific VLAN.
As mentioned previously – Types of VLAN - you can configure a VLAN in voice mode to support voice and data traffic coming from a Cisco IP phone. You can configure a port to belong to a VLAN by assigning a membership mode that specifies the kind of traffic the port carries and the VLANs to which it can belong. A port can be configured to support these VLAN types:
Static VLAN
This is when Ports on a switch are manually assigned to a VLAN. Static VLANs are configured using the Cisco CLI. This can also be accomplished with GUI management applications, such as the Cisco Network Assistant. However, a convenient feature of the CLI is that if you assign an interface to a VLAN that does not exist, the new VLAN is created for you.
Static Port mode configuration
Switch#config t
Switch(config)#interface fastEthernet0/15
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#end
Dynamic VLAN
A dynamic port VLAN membership is configured using a special server called a VLAN Membership Policy Server (VMPS). With the VMPS, you assign switch ports to VLANs dynamically, based on the source MAC address of the device connected to the port. The benefit comes when you move a host from a port on one switch in the network to a port on another switch in the network; the switch dynamically assigns the new port to the proper VLAN for that host.
Voice VLAN
A port is configured to be in voice mode so that it can support an IP phone attached to it . Before you configure a voice VLAN on the port, you need to first configure a VLAN for voice and a VLAN for data.
Voice mode Configuration
Switch#config t
Switch(config)#interface fastEthernet 0/15
Switch(config-if)#mls qos trust cos
Switch(config-if)#switchport voice vlan 99
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#end
The configuration command mls qos trust cos ensures that voice traffic is identified and given priority traffic. Remember that the entire network must be set up to prioritize voice traffic. You cannot just configure the port with this command.
The switchport voice vlan 99 commands identifies VLAN 99 as the voice VLAN.
You can verify this by using the following command:Switch1#show interfaces fa0/15 switchport
Name: Fa0/15
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: off
Access mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1(default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 99 (VLAN099)
The switchport access vlan 10 command configures VLAN 10 as the access mode (data) VLAN. You can see this verified in the bottom screen capture: Access Mode VLAN: 10 (VLAN0010).
- See more at: http://orbit-computer-solutions.com/VLAN-Switch-Port-Membership-Modes.php#sthash.FqaKo3en.dpuf
Types of VLAN.There are different types of VLANs. The type of network traffic they carry defines a particular type of VLAN and others derive their
names due to the type or a specific function the VLAN performs. The following describes common VLAN:
Default VLANAt the initial boot up of the switch, All switch ports become a member of the default VLAN, which makes them all part of the same broadcast domain. This allows any network device connected to any of the switch port to communicate with other devices on other switch ports.
On Cisco switches the default VLAN is VLAN 1. VLAN 1 has all the features of any VLAN, except that you cannot rename or delete it.
Data VLAN
A data VLAN that can also be referred to as user VLAN. This is configured to carry only user-generated traffic. The importance of separating user data from other type of VLAN is proper switch management and control.
Native VLANA native VLAN is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic coming from many VLANs as well as traffic that do not come from a VLAN. The 802.1Q trunk port places untagged traffic (traffic that does not come from a VLAN) on the native VLAN. In summary, the native VLAN observes and identifies traffic coming from each end of a trunk link.
Management VLANA management VLAN is any VLAN you configure to access the management capabilities of a switch. Your configured management VLAN is to be assign with an IP address and subnet mask. Any of a switch VLAN could be configured as the management VLAN if you has not configured or define a unique VLAN to serve as the management VLAN. In some cases, a network administrator proactively defines VLAN 1 as the management VLAN; this enables a loophole for an unauthorized connection to a switch.
Voice VLAN
Voice VLAN is configured to carry voice traffic. Voice VLANs are mostly given transmission priority over other types of network traffic. Communication over the network is not complete without phone calls. More calls are made over the network than other forms of s message transmission. Sending emails and text messages are also forms of inter-relations but listening to a real voice provides legitimacy and assurance.
It is considered among network administrators to design a network that support VoIP with an assured bandwidth to ensure voice quality, and capability to be routed around congested areas on the network with minimal delays (150-180 milliseconds).
VLAN Configuration
- See more at: http://orbit-computer-solutions.com/Types-of-VLAN.php#sthash.dMah4QB5.dpuf
Inter-VLAN Routing.We define inter-VLAN routing as a process of forwarding network traffic from one VLAN to another VLAN using a router or layer 3 device.
In the previous pages, we learned about how to configure VLANs on a network switch. To allow devices connected to the various VLANs to communicate with each other, you need to connect a router.
As we’ve learned that each VLAN is a unique broadcast domain, so, computers on separate VLANs are, by default, not able to communicate. There is a way to permit these computers to communicate; it is called inter-VLAN routing.
One of the ways of the ways to carry out inter-VLAN routing is by connecting a router to the switch infrastructure. VLANs are associated with unique IP subnets on the network.
This subnet configuration enables the routing process in a multi-VLAN environment. When using a router to facilitate inter-VLAN routing, the router interfaces can be connected to separate VLANs. Devices on those VLANs communicates with each other via the router.
Traditional Inter-VLAN Routing
The figure above show a traditional inter-VLAN routing:
1 Traffic from PC1 on VLAN10 is routed through router R1 to reach PC3 on VLAN 20.
2. PC1 and PC3 are on different VLANs and have IP addresses on different subnets.
3. Router R1 has a separate interface configured for each of the VLANs.
- See more at: http://orbit-computer-solutions.com/Inter-VLAN-Routing.php#sthash.cOMeyBfU.dpuf
How to configure InterVLAN routing on Cisco router.When configuring InterVLAN routing, it’s advisable you firstly, configure the switch SW1 that will be connected to the router, as shown in the diagram.
Router R1 is connected to switch ports F0/4 and F0/3, which have been configured for VLANs 10 and 20, respectively.
Example of switch SW1 interface configuration command:
SW1#config t
SW1(config)#vlan 10
SW1(config-vlan)#vlan 20
SW1(config-vlan)#exit
SW1(config)#interface fa0/8
SW1(config-if)#switchport access vlan 10
SW1(config-if)#interface fa0/4
SW1(config-if)#switchport access vlan 10
SW1(config-if)#interface fa0/11
SW1(config-if)#switchport access vlan 20
SW1(config-if)#interface fa0/3
SW1(config-if)#switchport access vlan 20
SW1(config-if)#end
#SYS-5-CONFIG_I: configured from console by console
SWI#
In the above example, interfaces F0/4 and F0/8 has been configured on VLAN 10 using the switchport access vlan 10 command. The same process is used to assign VLAN 20 to interface F0/3 and F0/11 on switch SW1.
To be on a safe side use the copy running-config startup-config command in privileged EXEC mode to save your configuration
Example of router R1 interface configuration command:
R1#config t
R1(config)#interface fa0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shut
….
R1(config-if)#interface fa0/1
RI(config-if)#ip address 192.168.2.1 255.255.255.0
RI(config-if)#no shut
RI(config-if)#end
As shown in the figure above, each router interface - fa0/0 and fa0/1 – belong to a different subnet and is configured with an ip address and subnet mask in the interface configuration mode, and no shutdown command is used to enable the router interface.
After the no shutdown is issued in interface configuration mode, you will notice a display indicating that the interface state has changed to up. This indicates that the interface is now enabled.
You can examine the routing table using the show ip route privileged EXEC mode command. This command displays the locally connected interfaces of the router.
You can also use the show interface command in privileged EXEC mode to view more detailed information about the router interfaces, such as diagnostic information, status, MAC address, and transmit or receive errors,
In summary:
If the router receives a packet on interface F0/0 destined for the 192.168.2.0 subnet, the router would identify that it should send the packet out via interface F0/1 to reach hosts on the 192.168.2.0 subnet.
- See more at: http://orbit-computer-solutions.com/How-to-configure-Inter-VLAN-Routing-on-Cisco-router.php#sthash.rwDpSSrY.dpuf
Router-on-a-stick Inter-VLAN Routing.Router-on-a-stick is a type of router configuration in which a single physical interface manages traffic between multiple VLANs on a network. The router interface have to be configured to operate as a trunk link and is connected to a switch port (SW1) which will have to be configured in trunk mode. The router receives VLAN tagged traffic on the trunk interface from the nearby switch SW1, and forwards the routed traffic out to VLAN tagged destination using the same interface
The diagram below shows the router being connected and configured with a single interface.
Explanation
i. PC1 on VLAN10 is communicating with PC3 on VLAN30 through router R1 using a single, physical router interface.
ii. PC1 sends its unicast traffic to switch SW2
.
iii. Switch SW2 then tags the unicast traffic as originating on VLAN10 and forwards the unicast traffic out its trunk link to switch SW1.
iv. Switch SW1 forwards the tagged traffic out the other trunk interface on port F0/5 to the interface on router R1.
v. Router R1 accepts the tagged unicast traffic on VLAN10 and routes it to VLAN30 using its configured subinterfaces.
vi. The unicast traffic is tagged with VLAN30 as it is sent out the router interface to switch SW1.
vii. Switch SW1 forwards the tagged unicast traffic out the other trunk link to switch SW2.
viii. Switch SW2 removes the VLAN tag of the unicast frame and forwards the frame out to PC3 on port Fa0/6.
- See more at: http://orbit-computer-solutions.com/Router-on-a-stick-InterVLAN-Routing.php#sthash.r7jSwCnh.dpuf
Switch Configuration Issues. As I have mentioned earlier on other troubleshooting page(s), one of the commonest mistake administrators make during networking is made during configuration stage, either on the router, switch or logical subnet addressing. On this page(s), we’ll look at the challenges; common issues and troubleshooting methods related with configuring multiple VLANs on a network. If you suspect that there is a problem with a switch configuration, use the show interface (interface-id) switchport command for verification. The show running-config and the show interface (interface-id) switchport commands are useful Cisco IOS troubleshooting tools for identifying VLAN assignment and port configuration issues. When using the traditional routing model for inter-VLAN routing, ensure that the switch ports that connect to the router interfaces are configured on the correct VLANs. If the switch ports are not configured or assigned correctly to VLANs, network devices configured on the VLANs will not receive or connect to the router interface, which in turns hinder traffic to other VLANs on the network. Using the Topology above, PC2 and router R1 interface F0/1 are configured to share the same subnet. However, the switch port F0/3 that connects to router R1 interface F0/1 has not been configured and remains in the default VLAN. Because router R1 is on a different VLAN than PC2, they are unable to communicate.< !--google_ad_client = "ca-pub-1370010561128960"; /* Leaderboard */ google_ad_slot = "3844975135"; google_ad_width = 728; google_ad_height = 90; //-->Solution To solve this problem, use the switchport access vlan 20 interface configuration command on switch port F0/3 on switch SW1. When the switch port is configured or assigned to the correct VLAN, PC2 can communicate with router R1 interface F0/1, which will then enable access to other VLANs connected to router. - See more at: http://orbit-computer-solutions.com/Troubleshooting-Inter-VLAN-Routing.php#sthash.VxrnZGkF.dpuf
How To Verify Network Connectivity.Using The Ping Command
Using the ping command is one an effective way to test network connection. The test is often referred to as testing the protocol stack, because the ping command moves from Layer 3 of the OSI model to Layer 2 and then Layer 1. Ping uses the ICMP protocol to check for connectivity.
Using ping in a Testing Sequence
Firstly, start by using the router IOS ping command in a planned sequence of steps to establish valid connections, starting with the individual device and then all the way to the LAN and, finally, to remote networks.
By using the ping command in this ordered sequence, problems can be put out-of-the-way. The ping command sometimes does not always pinpoint the nature of the problem, but it can help to identify the source of the problem, this is considered to be the first step in troubleshooting a network failure.
The ping command provides a method for checking the protocol stack and IPv4 address configuration on a host. There are additional tools that can provide more information than ping, such as Telnet or Trace, which we will look at in detail later.
IOS Ping Indicators
A ping from the IOS will yield to one of several indications for each ICMP echo that was sent. These indicators are:
! - Exclamation mark
. - Period and
U
! - The "!" (Exclamation mark) indicates that the ping completed successfully and verifies Layer 3 connectivity
. - The "." (Period) can indicate problems in the communication. It may indicate connectivity problem occurred somewhere along the path. It also may indicate a router along the path did not have a route to the destination and did not send an ICMP destination unreachable message. It also may indicate that ping was blocked by device security
- The "U" indicates that a router along the path did not have a route to the destination address and responded with an ICMP unreachable message.
Pinging the Loopback
As a first step in the testing sequence, the ping command is used to verify the internal IP configuration on the local host. This can be accomplished by using the ping command on a reserved address called the loopback -127.0.0.1-. Pinging the loopback helps to verify the
proper operation of the protocol stack from the Network layer to the Physical layer and back without actually putting a signal on the media.
Ping commands are entered into a command line.
C:>ping 127.0.0.1
The reply from this command would look something like this:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
The result shows that four test packets were sent - each 32 bytes in size - and were returned from host 127.0.0.1 in a time of less than 1 ms. TTL stands for Time to Live and defines the number of hops that the ping packet has remaining before it will be dropped.
Verifying Interface Connection
The IOS provides commands to verify the operation of router and switch interfaces. You can use the following command Verify Router Interfaces:
The show ip interface brief command provides a summary of all interface configuration information on the router; it displays the IP addresses that are assigned to the interface and other operational status of the interface.
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/1 172.17.1.1 YES manual up up
Serial0/0/0 unassigned YES manual administratively down down
Serial0/0/1 unassigned YES manual administratively down down
Vlan1 unassigned YES manual administratively down down
Router#
Looking at the line for the FastEthernet 0/0 interface, we see that the IP address is 192.168.1.1. Looking at the last two columns, we can see the Layer 1 and Layer 2 status of the interface. The up in the Status column shows that this interface is operational at Layer 1. The up in the Protocol column indicates that the Layer 2 protocol is operational also the fastEthernet 0/1 with IP address 172.17.1.1, in this case.
In the same example above, notice that the Serial 0/0/0 and Serial0/0/1 interfaces have not been enabled and no IP address assigned. This is indicated by administratively down in the Status column. This interface can be enabled with the no shutdown command.
Testing Router Connectivity
We can use Ping and Traceroute to verify router connectivity, at the layer 3. You can use these commands to ping a host in a local LAN and place a trace to a remote host across the WAN.
e.g.
Router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/15/16 ms
Router#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
1 192.168.1.1 16 msec 16 msec 16 msec
The above result shows a successful connection to the gateway.
Testing NICs
The next step in the testing sequence is to verify that the Network Interface Card- NIC- address is bound to the IPv4 address and that the NIC is ready to transmit signals across the media.
The IPv4 address assigned to a NIC in this case is 10.0.0.6.
To verify the IPv4 address, use the following steps:
Use the following command:
C:>ping 10.0.0.6
A successful reply would resemble:
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Ping statistics for 10.0.0.6: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
This test verifies that the NIC driver and most of the NIC hardware are working properly. It also verifies that the IP address is properly bound to the NIC, without actually putting a signal on the media.
If this test fails, it is likely that there are issues with the NIC hardware and software driver that may require reinstallation of either or both. This procedure is dependent on the type of host and its operating system
- See more at: http://orbit-computer-solutions.com/General-Troubleshooting.php#sthash.N4PiuO8N.dpuf
Testing Local Network.
Testing a host on the local LAN.After Successfully pinging remote hosts, both the local host -the router - and the remote host are configured correctly. Pinging each host one by one on the LAN can carry out this test.
If a host responds with Destination Unreachable, note which address was not successful and continue to ping the other hosts on the LAN.
Another failure message is Request Timed Out. This indicates that no response was made to the ping attempt in the default time period indicating that network latency may be an issue.
Using extended Ping
The IOS offers and extended mode of the ping command. This mode is entered by typing ping in privileged EXEC mode, at the CLI prompt without assigning a destination IP address. A series of prompts are then presented as shown in this example. Pressing Enter accepts the indicated default values.
Router#pingProtocol [ip]: Target IP address:10.0.0.1Repeat count [5]: Datagram size [100]: Timeout in seconds [2]:5Extended commands [n]: n
Entering a longer timeout period than the default allows for possible latency issues to be detected. If the ping test is successful with a longer value, a connection exists between the hosts, but latency may be an issue on the network.
Note that entering "y" to the "Extended commands" prompt provides more options that are useful in troubleshooting.
A Successfully ping shows that the local and other hosts IP address in the network are configured properly.
Testing Gateway and Remote Connectivity
The next step is to test if the local host can connect with a gateway address.
You can Use ping command to verify if the local host can connect the gateway. This is extremely important because the gateway is the host's entry and exit to the wider network. If the ping command returns a successful response, connectivity to the gateway is verified.
To begin, choose a station as the source device. In this case, we chose 192.168.1.1 as shown in the figure above to be the gateway IP address.
c:>ping 192.168.1.1
The gateway IPv4 address should be readily available in the network documentation, but if it is not available, use the ipconfig command to discover the gateway IP address.
If the gateway test fails:
1. Try pinging another host in the local LAN to verify that the problem is not the source host.
2. Then verify the gateway address with the network administrator to ensure that the proper address is being verified
If all devices are configured properly, check the physical cabling to ensure that it is secure and properly connected. Keep an accurate record of what attempts have been made to verify connectivity. This will assist in solving this problem and, perhaps, future problems.
Testing Route Next Hop
In a router, you can use IOS to test the next hop of the individual routes. Each route has the next hop listed in the routing table. You can use the output of the show ip route command
to determine the next hop. Frames carrying packets that are directed to the destination network listed in the routing table are sent to the device that represents the next hop. If the next hop is not accessible, the packet will be dropped.
To test the next hop, determine the appropriate route to the destination and try to ping the appropriate next hop for that route in the routing table. A failed ping indicates that there might be a configuration or hardware problem.
The ping may also be prohibited by security in the device. If the ping is successful you can move on to testing connectivity to remote hosts.
Testing Remote Hosts connectivity
Once verification of the local LAN and gateway is complete, testing can proceed to remote devices, which is the next step in the testing process.
The figure depicts a sample network topology. There are 3 hosts within a LAN, a router (acting as the gateway) that is connected to another router (acting as the gateway for a remote LAN), and 3 remote hosts. The verification tests should begin within the local network and progress outward to the remote devices.
Testing remote connectivity
Ping a remote host from a local host
Begin by testing the outside interface of a router that is directly connected to a remote network. In this case, the ping command is testing the connection to 200.10.10.129, the outside interface of the local network gateway router.
If the ping command is successful, connectivity to the outside interface is verified. Next, ping the outside IP address of the remote router, in this case, 200.10.10.130 If successful, connectivity to the remote router is verified. If there is a failure, try to isolate the problem. Retest until there is a valid connection to a device and double-check all addresses.
The ping command will not always help with identifying the underlying cause to a problem, but it can isolate problems and give direction to the troubleshooting process. Document every test, the devices involved, and the results.
Test Router Remote Connectivity
A router forms a connection between networks by forwarding packets between them. To forward packets between any two networks, the router must be able to communicate with both the source and the destination networks. The router will need routes to both networks in its routing table.
To test the communication to the remote network, you can ping a known host on this remote network. If you cannot successfully ping the host on the remote network from a router, you should first check the routing table for an appropriate route to reach the remote network. It may be that the router uses the default route to reach a destination. If there is no route to reach this network, you will need to identify why the route does not exist. As always, you also must rule out that the ping is not administratively prohibited.
- See more at: http://orbit-computer-solutions.com/Testing-Local-Network.php#sthash.YPqOfvYq.dpuf
Troubleshooting Wireless Network Problems.A Methodical Approach to WLAN Troubleshooting.
Troubleshooting any sort of network problem should follow a methodical approach, it’s highly recommended that you start by working up the TCP/IP stack from the layer 1 (Physical layer) to the layer 7 (Application layer). This helps to eliminate any issue that you may be able to resolve yourself.
There are three steps of the methodical troubleshooting approach when working with Wireless Ethernet LANs.
Step 1 - Eliminate the user PC as the source of the problem.
Try to establish the severity of the problem. If there is no connectivity, verify the following:
Use the ipconfig command to confirm the user PC network configuration. Check if the PC has received an IP address via DHCP or is configured with static IP address.
Verify that the PC has connectivity to the wired network. Connect the device to the wired LAN and ping a known IP address.
try a different wireless NIC. If necessary, reload drivers and firmware as appropriate for the client device.
If the wireless NIC of the client is working, check the security mode and encryption settings on the client. If the security settings do not match, the client cannot get access to the WLAN.
If the user PC is functioning but the performance is poor, check the following:
How far is the PC from an access point? Is the PC out of the planned coverage area . Check the channel settings on the client. The client software should detect the
appropriate channel as long as the SSID is correct. Check for the presence of other devices in the area that operate on the 2.4 GHz
band. Examples of other devices are cordless phones, baby monitors, microwave ovens, wireless security systems, and potentially rogue access points. Data from these devices can cause interference in the WLAN and intermittent connection problems between a client and access point.
Step 2 - Confirm the physical status of other network devices.
Are all the network devices actually in place? Check for a possible physical security issue. Is there power to all devices, and are they powered on?
Step 3 – Inspect physical links.
Inspect links between cabled devices looking for bad connectors or damaged or missing cables.
If the physical plant is in place, use the wired LAN to see if you can ping devices including the access point.
If connectivity still fails at this point, there might be something wrong with the access point or its configuration.
After eliminating the user PC as the problem, and also confirmed the physical status of othe network devices, begin investigating the performance of the access point. Check the power status of the access point.
When the access point settings have been confirmed, if the radio continues to fail, try to connect to a different access point. You may try to install new radio drivers and firmware.
- See more at: http://orbit-computer-solutions.com/Troubleshooting-Wireless-Networks--WLAN-.php#sthash.zrwzNBll.dpuf
Enabling DHCP in Windows PC.Dynamic Host Configuration Protocol (DHCP) as mentioned earlier, is system software utility that automatically assigns network IP addresses to computers that are connected to one another, when internet connection is involved, an IP address will be assigned.
DHCP normally is enabled by default, it can be disabled for some reason especially when a static address – IP address assigned manually - is being used.
To enable DHCP in windows, follow the steps below:
1. Click the Start button to open the start menu2. Right-click Network button3. Choose Properties from the menu
4. Click View status
5.Click Properties
6. Click to highlight Internet Protocol Version 4 (TCP/IP) and
7. Click Properties
8. Tick the Obtain an IP address automatically and Obtain DNS server address automatically by clicking on them.
Click OK to close. Your computer will be assigned with an IP address automatically.
- See more at: http://orbit-computer-solutions.com/How-To-Enable-DHCP-on-Windows.php#sthash.s3eWbiXc.dpuf
Wireless Network Error: Incorrect Channel Settings.Most WLANs today operate in the 2.4 GHz band, which can have as many as 14 channels, each occupying 22 MHz of bandwidth. Energy is not spread evenly over the entire 22 MHz, rather the channel is strongest at its centre frequency, and the energy diminishes toward the edges of the channel.
Interference can occur when there is overlap of channels. It is worse if the channels overlap close to the centre frequencies, but even if there is minor overlap, signals interfere with each other. Set the channels at intervals of five channels, such as channel 1, channel 6, and channel 11.
Solving RF Interference
Incorrect channel settings are part of the larger group of problems with RF interference. WLAN administrators can control interference caused by channel settings with good planning, including proper channel spacing.
Interferences caused by household or office appliances.Other sources of RF interference can be found all around the workplace or in the home.
From the snowy disruption of a television signal that occurs when a neighbour runs a vacuum cleaner. Such interference boils down to efficient planning on placement of devices. For instance, plan to place microwave ovens away from access points and potential clients. Sadly, all known RF interference issues cannot be planned for because there are just too many them.
The problem with devices such as cordless phones, baby monitors, and microwave ovens, is that they do not contend for the channel-they just use it.
Solution
Try setting your WLAN access point to channel 1 or channel 11. Many consumer items, such as cordless phones, operate on channel 6.
- See more at: http://orbit-computer-solutions.com/Incorrect-Channel-Setting.php#sthash.aAivhXuE.dpuf
Testing Local Network.
Testing a host on the local LAN.After Successfully pinging remote hosts, both the local host -the router - and the remote host are configured correctly. Pinging each host one by one on the LAN can carry out this test.
If a host responds with Destination Unreachable, note which address was not successful and continue to ping the other hosts on the LAN.
Another failure message is Request Timed Out. This indicates that no response was made to the ping attempt in the default time period indicating that network latency may be an issue.
Using extended Ping
The IOS offers and extended mode of the ping command. This mode is entered by typing ping in privileged EXEC mode, at the CLI prompt without assigning a destination IP address. A series of prompts are then presented as shown in this example. Pressing Enter accepts the indicated default values.
Router#pingProtocol [ip]: Target IP address:10.0.0.1Repeat count [5]: Datagram size [100]: Timeout in seconds [2]:5Extended commands [n]: n
Entering a longer timeout period than the default allows for possible latency issues to be detected. If the ping test is successful with a longer value, a connection exists between the hosts, but latency may be an issue on the network.
Note that entering "y" to the "Extended commands" prompt provides more options that are useful in troubleshooting.
A Successfully ping shows that the local and other hosts IP address in the network are configured properly.
Testing Gateway and Remote Connectivity
The next step is to test if the local host can connect with a gateway address.
You can Use ping command to verify if the local host can connect the gateway. This is extremely important because the gateway is the host's entry and exit to the wider network. If the ping command returns a successful response, connectivity to the gateway is verified.
To begin, choose a station as the source device. In this case, we chose 192.168.1.1 as shown in the figure above to be the gateway IP address.
c:>ping 192.168.1.1
The gateway IPv4 address should be readily available in the network documentation, but if it is not available, use the ipconfig command to discover the gateway IP address.
If the gateway test fails:
1. Try pinging another host in the local LAN to verify that the problem is not the source host.
2. Then verify the gateway address with the network administrator to ensure that the proper address is being verified
If all devices are configured properly, check the physical cabling to ensure that it is secure and properly connected. Keep an accurate record of what attempts have been made to verify connectivity. This will assist in solving this problem and, perhaps, future problems.
Testing Route Next Hop
In a router, you can use IOS to test the next hop of the individual routes. Each route has the next hop listed in the routing table. You can use the output of the show ip route command to determine the next hop. Frames carrying packets that are directed to the destination network listed in the routing table are sent to the device that represents the next hop. If the next hop is not accessible, the packet will be dropped.
To test the next hop, determine the appropriate route to the destination and try to ping the appropriate next hop for that route in the routing table. A failed ping indicates that there might be a configuration or hardware problem.
The ping may also be prohibited by security in the device. If the ping is successful you can move on to testing connectivity to remote hosts.
Testing Remote Hosts connectivity
Once verification of the local LAN and gateway is complete, testing can proceed to remote devices, which is the next step in the testing process.
The figure depicts a sample network topology. There are 3 hosts within a LAN, a router (acting as the gateway) that is connected to another router (acting as the gateway for a remote LAN), and 3 remote hosts. The verification tests should begin within the local network and progress outward to the remote devices.
Testing remote connectivity
Ping a remote host from a local host
Begin by testing the outside interface of a router that is directly connected to a remote network. In this case, the ping command is testing the connection to 200.10.10.129, the outside interface of the local network gateway router.
If the ping command is successful, connectivity to the outside interface is verified. Next, ping the outside IP address of the remote router, in this case, 200.10.10.130 If successful, connectivity to the remote router is verified. If there is a failure, try to isolate the problem. Retest until there is a valid connection to a device and double-check all addresses.
The ping command will not always help with identifying the underlying cause to a problem, but it can isolate problems and give direction to the troubleshooting process. Document every test, the devices involved, and the results.
Test Router Remote Connectivity
A router forms a connection between networks by forwarding packets between them. To forward packets between any two networks, the router must be able to communicate with both the source and the destination networks. The router will need routes to both networks in its routing table.
To test the communication to the remote network, you can ping a known host on this remote network. If you cannot successfully ping the host on the remote network from a router, you should first check the routing table for an appropriate route to reach the remote network. It may be that the router uses the default route to reach a destination. If there is no route to reach this network, you will need to identify why the route does not exist. As always, you also must rule out that the ping is not administratively prohibited.
- See more at: http://orbit-computer-solutions.com/Testing-Local-Network.php#sthash.DtFN3RbP.dpuf
How DHCP Operates.DHCP server’s most fundamental task is Providing IP addresses to clients. DHCP uses three different address allocation mechanisms when assigning IP addresses:
Manual Allocation: The administrator manually assigns a pre-allocated IP address to the client and DHCP only communicates the IP address to the device.
Automatic Allocation: DHCP automatically assigns a static IP address permanently to a device, selecting it from a pool of available addresses. There is no lease and the address is permanently assigned to a device.
Dynamic Allocation: DHCP dynamically assigns, or leases, an IP address from a pool of addresses for a limited period of time chosen by the server, or the address will be withdrawn when the client tells the DHCP server that it no longer needs the address.
Dynamic IP address allocation.DHCP works in a client/server mode and operates like any other client/server relationship. When a PC connects to a DHCP server, the server assigns or leases an IP address to that PC,
which enables The PC, connects to the network with that leased IP address until the lease expires.
The host must contact the DHCP server intermittently to extend the lease. This lease mechanism ensures that hosts / clients that are mobile or power off do not hold onto addresses that they do not need. These addresses are return back to the pool by the to be reallocated to other clients when needed.
- See more at: http://orbit-computer-solutions.com/Understanding-How-DHCP-Works.php#sthash.SbtEfFPn.dpuf
IPv6 Stateful Autoconfiguration.DHCPv6 is a network protocol that works pretty much the same as DHCP in IPv4.
DHCPv6 is used to assign ip addresses and prefix to IPv6 hosts on a network. This is also known as a stateful autoconfiguration.
How DHCPv6 Works.If you know about stateless autoconfiguration, where a host sends a router solicitation (RS) message via a router to a DHCPv6 server on the network for IPv6 configuration, the host receives a router advertisement (RA) from the DHCPv6 server via the router with IPv6 IP addresses configuration.
If there are no router on the network, the host will send a DHCP solicit
multicast message with an addressed source of FF02::1:2, this multicast message is sent to all DHCPv6 servers and relays on the network.This works the same way as it does in IPv4 DHCP.
How to Configure DHCPv6 on Cisco router.
R1#config t
R1(config)# ipv6 dhcp pool
R1(config-dhcp)# ipv6 dhcp pool test
R1(config-dhcp)#dns-server
R1(config-dhcp)#domain-name orbit123.com
R1(config-dhcp)#prefix-delegation pool test lifetime 64000 64000
Assign DHCPv6 to an interface:R1#config t
R1(config)#interface fa0/0
R1(config-if)#ipv6 dhcp server test
The above interface configuration is quite different from that of IPv4. Overall, we have configured DHCPv6 server and applied it to an Interface
- See more at: http://orbit-computer-solutions.com/DHCPv6%3A-How-DHCPv6-works.php#sthash.kWnKF8qL.dpuf
How To Configure DHCP Lease Periods on Cisco router.
You want to change the default lease period on your router.
To change the default DHCP lease time for a pool of IP addresses, use the lease configuration command:
R1#configure terminal
R1(config)#ip dhcp pool 192.168.5.0 255.255.255.0
R1(dhcp-config)#lease 5 12 30
R1(dhcp-config)#end
R1#
With The lease command, you are left three options: lease days, hours, minutes with hours and minutes being optional. You can specify a maximum period of 365 days, 23 hours and 59 minutes, and a minimum of 1 second. The default is 1 day.
Configure Cisco router to assign addresses with infinite lease period.Use the following command:
R1#configure terminal
R1(config)#ip dhcp pool HQ
R1(dhcp-config)#lease infinite
R1(dhcp-config)#end
R1#
- See more at: http://orbit-computer-solutions.com/Defining-DHCP-Lease-Periods-on-Cisco-router.php#sthash.6bTOLUFk.dpuf
Types of Addresses in IPv4. Within the IPv4 address range , there are three types of addresses:
Network Address - The address by which we refer to the network.
Broadcast Address - A special address used to send data to all hosts in the network.
Host Address - The addresses assigned to the end devices in the network.
Network Address
The network address is a standard way to refer to an IPv4 address assigned to a network. For example, we could refer to the network 192.168.1.0 or 172.16.0.0 as a “Network Address.” This is a much more convenient and descriptive way to refer to the network than using a term like "the first network." All hosts in the 172.16.0.0 network will have the same network bits.
when assigning IPv4 address to a host , the lowest address is reserved as the network address. This address has a 0 for each host bit in the host portion of the address, e.g
192.168.1.0 /24,
172.16.0.0 /16
Broadcast Address
The IPv4 broadcast address is a special address for each network that allows communication to all the hosts in that network. To send data to all hosts in a network, a host can send a single packet that is addressed to the broadcast address of the network.
The broadcast address uses the highest address in the network range. This is the address in which the bits in the host portion are all 1s. For the network 192.168.1.0 with 8 network bits, the broadcast address would be 192.168.0.255. This address is also referred to as the directed broadcast.
192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)
Host AddressesAs described previously, every end device requires a unique address to recieve and send packets. In IPv4 addresses, we assign the values between the network address and the broadcast address to the devices in that network e.g. hosts includes the end devices such as PCs, IP phones, printers etc.
e.g 192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)
192.168.1.2 - 254 (Host Addresses)
- See more at: http://orbit-computer-solutions.com/Types-of-IP-addresses.php#sthash.5hGuIiAJ.dpuf
How to Configure Static Routes.What is Static Route?
Static routing occurs when you, the network administrator manually add or configure routes on each router interface with IP addresses. This is no simple task, especially when you are administering a large network.
In as much as its a complex task, there are benefits of static routes:
i. Bandwidth usage between router is at a minimum, none in some cases.
ii. There is no overhead on the router CPU.
iii. It adds security due to choice of route configuration by the administrator.
iv. It reduces the amount of routes found in the routing table.
Disadvantages of Static Routes:
i. Takes too much man hours for configuration especially in a large network.
ii. Too complex and can sometime be confusing during troubleshooting.
Static Router command syntax: ip
Ip route {destination network address} {mask} {next hop address or exit interface}
We will use the following network topology as an example. All necessary interfaces had been configured with IP address.
Remember the Static Router command syntax:
Ip route {destination network address} {mask} {next hop address or exit interface}
Static Route configuration on HQ router:
HQ(config)#ip route 172.16.10.0 255.255.255.0 10.10.11.2
HQ(config)#interface serial 0/0/0
HQ(config-if)#clock rate 64000
HQ(config-if)#end
HQ#
Command syntax explained from the example configuration above:
ip route: this command creates the static route and tells the router that this is a static route.
172.16.10.0: This is the remote network we want to send the packet to.
255.255.255.0: This is the mask of the remote network.
10.10.11.2: this is the next hop router address we are sending packet to.
Here, the exit interface could be used in the place of next hop address:
HQ(config)#ip route 172.16.10.0 255.255.255.0 se0/0/0
HQ(config)#end
Verify your configuration from the routing table:
HQ#show ip route
[output omitted]
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.11.0 is directly connected, Serial0/0/0
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.10.0 [1/0] via 10.10.11.2
C 192.168.30.0/24 is directly connected, FastEthernet0/0
HQ#
The S represents the static route with the administrative distance of 1. The router gives priority to static routes over dynamic routes, where 0is best and 255 is worst!
To verify the connectivity, Ping from PC 1 to PC 5
PC1
PC1>ping 172.16.10.2
Pinging 172.16.10.2 with 32 bytes of data:
Reply from 172.16.10.2: bytes=32 time=140ms TTL=126
Reply from 172.16.10.2: bytes=32 time=140ms TTL=126
Reply from 172.16.10.2: bytes=32 time=156ms TTL=126
Reply from 172.16.10.2: bytes=32 time=156ms TTL=126
Ping statistics for 172.16.10.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 140ms, Maximum = 156ms, Average = 148ms
Also, Ping from PC 7 to PC 3
PC7>ping 192.168.30.4
Pinging 192.168.30.4 with 32 bytes of data:
Reply from 192.168.30.4: bytes=32 time=156ms TTL=126
Reply from 192.168.30.4: bytes=32 time=156ms TTL=126
Reply from 192.168.30.4: bytes=32 time=109ms TTL=126
Reply from 192.168.30.4: bytes=32 time=135ms TTL=126
Ping statistics for 192.168.30.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 109ms, Maximum = 156ms, Average = 139ms
PC7>
- See more at: http://orbit-computer-solutions.com/How-to-Configure-Static-Routes.php#sthash.IB6JbctE.dpuf
How To Configure Default Routes.What is Default Route?
You can configure or use default routes to direct packets addressed to destinations or networks not found or listed in the routing table. This is more workable in a stub network (networks with one exit path). To configure a default route, you will use wildcards in the network address and mask. Using default route helps to reduce the complex work of configuring all the assigned routes
When you as the network administrator create a static route to network 0.0.0.0 0.0.0.0, this is another way of setting the gateway of last resort on a router. However, ip routing must be enabled on the router, if not; it’s advisable to use the ip default gateway command:
Gateway#ip default-gateway 200.165.199.1
In the following topology and configuration command examples, helps to explains how to configure a default route, or gateway of last resort:
Use the following command to configure a default route on the gateway router:
Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.165.199.1
Gateway(config)#
Verify your configuration
Gateway#show ip route
[Output omitted]
Gateway of last resort is 200.165.199.1 to network 0.0.0.0
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.11.0 is directly connected, Serial0/0/0
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.10.0 [1/0] via 10.10.11.2
C 192.168.30.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 200.165.199.1
HQ#
You can check the routing table using the show ip route command as above, you will find directed connected networks plus the S*, this shows the entry for the default route. you can also notice that the gateway of last resort is now set in the routing table as shown above.
What the default network invariably saying is to forward any packet for an unknown network out 200.165.199.1, which is the next hop router.
- See more at: http://www.orbit-computer-solutions.com/How-To-Configure-Default-Routes.php#sthash.etD80MyM.dpuf
Port Redirection Attack.A port redirection attack is another type of attack based on trust exploitation. The attacker uses a compromised host to gain access through a firewall that would otherwise be blocked.
Look at it this way; the host on the outside can get to the host on the public services segment, but not the host on the inside. If an intruder is able to compromise the host on the public services segment, the attacker could install software to redirect traffic from the outside host directly to the inside host.
Although neither communication violates the rules implemented in the firewall, the outside host has now achieved connectivity to the inside host through the port redirection process on the public services host. An example of a tool that can provide this type of access is Netcat.
SolutionPort redirection can be controlled primarily through the use of proper trust models. Antivirus software or a host-based intrusion detection system (IDS) can help detect an attacker and prevent installation of such utilities on a host.
- See more at: http://orbit-computer-solutions.com/Port-Redirection.php#sthash.HrjxCAjX.dpuf
Network Attack: Trust Exploitations Attack.The goal of a trust exploitation attacker is to compromise a trusted host, using it to stage attacks on other hosts in a network. If a host in a network of a company is protected by a firewall (inside host), but is accessible to a trusted host outside the firewall (outside host), the inside host can be attacked through the trusted outside host.
SolutionsTrust exploitation-based attacks can be controlled through strict protocols on trust levels within a network, for example, private VLANs can be deployed in public-service segments where multiple public servers are available.
Systems on the outside of a firewall should never be totally trusted by systems on the inside of a firewall. Such trust should be limited to specific protocols and should be authenticated by something other than an IP address.
- See more at: http://orbit-computer-solutions.com/Network-Attack%3A-Trust-
Exploitations.php#sthash.CrlK3myt.dpufHow to Install and Configure your Wireless Router or Access Points.On the following pages, you will learn how to configure a wireless router or access point. This includes:
i. How to set the SSID
ii. Enable security
iii. Configure the channel
iv. Adjust the power settings of a wireless access point.
We will also look at how to back up and restore your configuration settings on a wireless access point.
Most access points have been designed to function with the default or factory settings. It is recommended to change the default configurations.
After confirming your wired network connectivity, and the access point installed, you will now configure it.
In the following examples we will be using the Linksys WRT300N multifunction device, it also an access point.
Use these steps for configuring the Linksys WRT300N and most linksys wireless access points:
Make your PC is connected to the access point via a wired connection, and access the web utility with a web browser. To access the web-based utility of the access point, launch Internet Explorer, and enter the WRT300N default IP address, 192.168.1.1, in the address field.
Press the Enter key.
1. A screen display prompting you for your username and password. Leave the Username field blank.
2. Enter admin in the Password field (default settings for a Linksys WRT300N). If the device has already been configured, the username and password may have been changed.
3. Click OK to continue.
For a basic network setup, we will be learning how to use the following screens
Setup, Management, and Wireless buttons:
i. Setup – on this screen you will enter your basic network settings (IP address).
ii. Management –start by clicking the Administration tab and then select the Management screen. The default password is admin. To secure the access point, change the password from its default.
iii. Wireless – This is where you make changes of the default SSID. Select the level of security in the Wireless Security tab and complete the options for the selected security mode.
When you have finished making changes to a screen, click the Save Settings button, or click the Cancel Changes button to undo your changes. For information on a tab, click Help. We will go through these steps one after the other.
- See more at: http://orbit-computer-solutions.com/How-to-Install-and-Configure-your-Wireless-Router-or-Access-Points.php#sthash.jK2A2BQV.dpuf
IP Addressing
Introduction
This section looks at IP addressing, subnet masking, Private and Special addresses. Examples are
provided to illustrate the methodology when setting up an IP network addressing scheme. We also look at
Wildcard masks and Directed Broadcasts.
IP Address Classes
Unique IP (Internet Protocol) addresses are assigned to each physical connection of a device to a
network, therefore if a device (host) has more than one connection to a network or networks, then it will
have more than one IP address.
An IP address is represented as four decimal integers, with each integer corresponding to one byte this
means an IP address is 32 bits long as per the following example:-
162. 146. 93. 14 dotted decimal
10100010. 10010010. 01011101. 00001110 binary
IP addresses are divided into two parts, a Network ID and a Host ID each of which can be of varying bit
lengths but always making 32 bits altogether.
Hint:- Use the Windows calculator to convert binary to decimal and vice versa.
There are five primary classes of IP addresses and it is the high order 3 bits of the address which identify
the class as shown below:-
First Octet Example Network Host
Class A 0xxxxxxx 1-127 25.234.45.0 1
Class B 10xxxxxx 128-191 140.250.43.0 1
Class C 110xxxxx 192-223 192.2.3.0 1
Class D 1110xxxx 224-239 232.56.4.0 1
Class E 11110000 240-254 242.5.7.0 1
Class A addresses contain 7 bits in the network portion giving 27 - 2 = 126 possible networks since all
1's and all 0's are not allowed. Consequently 24 bits remain for the host portion allowing a total of 224 - 2 =
16,777,214 hosts. 127.0.0.0/8 is reserved for loopback address purposes where just 127.0.0.1 is used
normally. The address 255.255.255.255 is used as broadcast addresses and 0.0.0.0 as a default route
address, meaning any network. The address 0.0.0.0 is sometimes used by hosts that have yet to receive
an IP address e.g. a DHCP Client awaiting an address from the DHCP server.
Class B addresses contain 14 bits in the network portion allowing 214 - 2 = 16,384 possible networks,
and 16 bits for the host portion allowing a possible total number of 216 - 2 = 65,534 hosts.
Class C addresses contain 21 bits for the network portion giving a possible total of 221 - 2 = 2,097,152
networks, and 8 bits for the host portion giving a possible 28 - 2 = 254 hosts.
Class D addresses are used for multicasting and Class E addresses are used in research.
Historically, a company may have been allocated just one Class A, B or C IP address by the Network
Information Centre (NIC). Currently, all Class A addresses have been allocated and most if not all of the
Class B addresses have gone. If a company have a number of networks to manage then the network
administrator may wish to subnet his network, that is create subnet addresses within the scope of the IP
address that the administrator has been given.
Subnets
Subnetting Example
A customer has been given an IP address of 128.100.0.0 (a Class B address) for his company. He has
specified that he requires 3 separate networks with the maximum possible number of host connections on
each network.
The first two octets 128.100 are fixed since these are given by NIC as the Class B address, therefore we
have the last two octets to play with. Let us examine the possibilities more closely:
1. The address given
2. Octet 1 Octet 2 Octet 3 Octet 4
3. 10000000 01100100 00000000 00000000
4. 128. 100. 0. 0
2. We need to create a minimum of 3 different subnets but not at the expense of the number of host
addresses available to us. The following process would seem to give us 4 permutations of
subnets:
Looking at octet 3 specifically in binary, let us just use the first 2 bits for a subnet address:
128 64 32 16 8 4 2 1
1 1 0 0 0 0 0 0
The possible combinations for the first two bits are:
11 = 192 -> 128.100.192.0
10 = 128 -> 128.100.128.0
01 = 64 -> 128.100.64.0
00 = 0 -> 128.100.0.0
However all 1's and all 0's used to be not allowed for a subnet. These subnets are called the All
One's Subnetand Subnet Zero. The reason for this was that older software found it difficult to
distinguish between networks 128.100.0.0/16 and the all-zeros subnet 128.100.0.0/18. The same
was true of the all-ones subnet.RFC 950 therefore rules out '11' and '00' as useable subnets, we
are therefore left with only two subnet addresses instead of the 3 we require.
3. Let us try and use an extra bit in octet 3:
4. 128 64 32 16 8 4 2 1
5. 1 1 1 0 0 0 0 0
The possible combinations are now:
111 = 224 -> 128.100.224.0
110 = 192 -> 128.100.192.0
101 = 160 -> 128.100.160.0
011 = 96 -> 128.100.96.0
001 = 32 -> 128.100.32.0
010 = 64 -> 128.100.64.0
100 = 128 -> 128.100.128.0
000 = 0 -> 128.100.0.0
As before all 1's and all 0's are not permitted for subnets, therefore we are left with 6 possible
subnets (23 - 2):-
128.100.32.0
128.100.64.0
128.100.96.0
128.100.128.0
128.100.160.0
128.100.192.0
4. This leaves the rest of the bits (from power 16 downwards) in octet 3 and all the bits in octet 4 to
construct the individual host addresses, the permutations amount to many thousands of hosts
which should be plenty. Below is an example of a host address in subnet 128.100.192.0:-
5.
6. 128.100.194.23
7.
On first inspection it would appear that address 128.100.194.23 has nothing to do with the subnet
128.100.192.0, so let us look a little more closely at the final two octets of the host address:
Octet 3 = 194 Octet 4 = 23
128 64 32 16 8 4 2 1 128 64 32 16 8 4 2
1
1 1 0 0 0 0 1 0 0 0 0 1 0 1 1
1
As we can see we are indeed part of the 128.100.192.0 subnet since it is only the first three bits
of octet 3 which are used for the subnet address. All the bits from power 16 and downwards are
allocated to the host address, so the power 2 bit just turns octet 3 from decimal 192 to decimal
194. Confusion frequently arises in this situation where the dividing line between the network
portion of the IP address and the host portion rests part way through an octet (in this case
between power 32 and power 16 of octet 3). Often it is possible to make the network/host dividing
line between octets so that you can easily tell which host address belongs to which subnet.
Routers are used to minimise unnecessary traffic, and when running IP it is important to tell it
which subnet an address is supposed to go. The way this is done, is at configuration by entering
a 'subnet mask'.
The situation with the All-zeros and All-ones subnets nowadays is to allow them according to RFC 1878.
This is because modern applications understand how to distinguish between these subnets and the main
network.
Subnet masks
The subnet mask specifies the portion of the IP address that is going to be used for subnetworks (as
opposed to hosts). For every bit position in the IP address that is part of the network ID or subnetwork ID,
a '1' is set, and for every bit position in the IP address that is part of the host id portion, a '0' is set. The
router uses the boolean AND operation with an incoming IP address to 'lose' the host portion of the IP
address i.e. the bits that are '0', and match the network portion with its routing table. From this, the router
can determine out of which interface to send the datagram. This means that the 'Don't care bits' are
represented by binary 0's whilst the 'Do care bits' are represented by binary 1's.
For our example above, because we used the first three bits in octet 3 for our subnet addressing the
subnet mask would be:
Octet 1 Octet 2 Octet 3 Octet 4
11111111 11111111 11100000 00000000
255. 255. 224. 0
What is important is that the same mask is applied throughout the physical networks that share the same
subnet part of the IP address. All devices connected to the networks that compose the subnet must have
the same mask.
A Broadcast Address for a subnet is when all 1's are used in the host portion of the IP address. For
example, for the IP address 10.17.20.4 and a mask of 255.255.255.0 the subnet is 10.17.20.0 and the
host id is 4. The broadcast address within the 10.17.20.0 subnet is when the host id portion of the
address is made up of all binary 1's. In this example the host portion is the last octet and if these 8 bits
are set to 1 we have a broadcast address of 10.17.20.255. You can ping this, send messages to this and
so on, a single line to server a multitude of end stations.
Often you will see the network mask represented as a number of bits e.g. for the above example address
of 10.17.20.4 with a mask of 255.255.255.0, this can also be represented as 10.17.20.4/24, where the 24
represents 24 bits (3 octets) set to 1.
Another Subnetting Example
Study the schematic below:
The network drawing above shows the IP address map for a WAN installation carried out for a large
financial institution. The customer had installed 'Windows NT' servers at a number of sites and was
requiring an ISDN link, star-wired out, from each of the sites from the main office server room. The IP
addressing scheme had to take into account the following factors:-
Up to 30 more sites may be added to the WAN in the near future.
Each site could have up to 50 host connections.
The customer had already assigned IP addresses to some of the servers and site PC's on the
local LAN's.
The IP address given to this company was 146.162.0.0 (which is a Class B address), and the decision
was made to use the whole of octet 3 for the subnet addresses leaving octet 4 for the host addresses.
This made assigning IP addresses more easy to carry out and gave a maximum of 254 hosts per subnet
and there could be a maximum of 254 subnets, thus satisfying the customer's requirements. The subnet
mask for each subnet (Whether LAN or WAN) was consequently 255.255.255.0, it is important to design
the addressing scheme such that the subnet mask is common to all LAN's/WAN's throughout the network
unless a routing protocol such as OSPF is to be used. OSPF allows variable subnet masking.
Whilst studying the schematic you will note that the WAN links are 146.162.90.0 to 146.162.94.0 and the
router ISDN interfaces are .20 at the main office end and .10 at the remote office end. Also you will note
that the server IP addresses are all .5 and the ethernet hubs are all .8 while the router ethernet interfaces
are all .6. Organising addressing like this can make life much easier especially when you are hopping
from site to site.
RFC 950 and RFC 1812 describes IP subnetting whereas RFC 1009 defines Variable Length Subnet
Masking.
Quick tricks to find subnets and broadcast addresses
If you have a subnet mask, then it is possible to quickly list out the possible subnets and broadcast
addresses.
The number by which subnets increment for a given mask is calculated by subtracting the last numbered
octet in decimal from 256. For example, given the subnet 10.1.0.0 255.255.248.0, the last numbered octet
is 248, therefore 256 - 248 = 8, so subnets jump up in 8's i.e. 10.1.8.0, 10.1.16.0, 10.1.24.0 etc.
Once you have found out by how much subnets jump, finding a broadcast address for each subnet is
quickly done by subtracting 1 from this and adding this to each subnet. Using the above example, for
subnet 10.1.8.0, the subnets jump in 8's, 8 - 1 = 7 and 8 + 7 = 15 so, taking it as given that the final octet
will be all one's for the broadcast, the broadcast address is 10.1.15.255.
Wildcard Masks
You will often come across Wildcard masks, particularly if you work with OSPF and/or Cisco routers. The
use of wildcard masks is most prevalent when building Access Control Lists (ACLs) on Cisco routers.
ACLs are filters and make use of wildcard masks to define the scope of the address filter. Although ACL
wildcard masks are used with other protocols, we will concentrate on IP here.
Let us first take a simple example. We may want to filter a sub-network 10.1.1.0 which has a Class C
mask (24-bit) 255.255.255.0. The ACL will require the scope of the addresses to be defined by a wildcard
mask which, in this example is 0.0.0.255. This means that the 'Don't care bits' are represented by binary
1's whilst the 'Do care bits' are represented by binary 0's. You will note that this is the exact opposite to
subnet masks!
Taking a more complex example. Say we wish to filter out a subnet which is given by 10.1.1.32 having a
mask of 255.255.255.224 i.e. 10.1.1.32/27. How do we find the wildcard mask for this? Well to help us,
concentrating on the 4th octet, let us first look at the binary for this network and subnet mask. Then we
reverse the binary bits to get the wildcard bits and then convert back to decimal to obtain the wildcard
mask for the 4th octet:
4th octet in decimal 32
4th octet in binary 0 0 1 0 0 0 0 0
4th octet mask in decimal 224
4th octet mask in binary 1 1 1 0 0 0 0 0
Now the 4th octet wildcard in binary 0 0 0 1 1 1 1 1
Now the 4th octet wildcard in decimal 31
The important bits have been highlighted in bold and this shows that the wildcard mask for the network
10.1.1.32/27 is 0.0.0.31.
The following table should help in seeing a pattern between the number of bits used for the mask in a
particular octet, the subnet mask in decimal and the equivalent wildcard mask:
No. of
Networ
k Bits
Set to 1
0 1 2 3 4 5 6 7 8
Subnet
Mask
Binary
0000000
0
1000000
0
1100000
0
1110000
0
1111000
0
1111100
0
1111110
0
1111111
0
1111111
1
Subnet
Mask
Decimal
0 128 192 224 240 248 252 254 255
Wildcar
d Mask
Binary
1111111
1
0111111
1
0011111
1
0001111
1
0000111
1
0000011
1
0000001
1
0000000
1
0000000
0
Wildcar
d Mask255 127 63 31 15 7 3 1 0
The binary for the wildcard mask is the exact reverse, bit for bit, of the subnet mask. You then calculate
the decimal from the reversed binary bits to obtain the dotted decimal wildcard mask.
Private Addresses
One of the ways to combat the fast reduction in available IP address space was to introduce the concept
of private addresses and the use of Network Address Translator (NAT) to allow many organisations to
use the same address space but not have this space visible on the Internet i.e. to use address translation
on the edge of the networks.
The Class A network address range 10.0.0.0 to 10.255.255.255 (10.0.0.0/8) is designated for private use
only. This address range cannot be used on the Internet as every ISP will automatically drop the address.
This address is becoming very popular as its use in conjunction with Network Address Translation
(NAT) has meant that large corporations can make use of the Class A address space available within
10.0.0.0 for their own private use internally and just use NAT for those relatively few addresses that do
need to operate on the Internet. This is one reason why the immediate need for IP version 6 has been
diminished.
There is also the private address range 172.16.0.0 to 172.31.255.255 (172.16.0.0/12) which is the CIDR
block of 16 x Class B addresses 172.16.0.0, 172.17.0.0, .... ,172.31.0.0.
The network address range 192.168.0.0 to 192.168.255.255 (192.168.0.0/16) is also for private use and
is a CIDR block of 256 x Class C addresses 192.168.0.0, 192.168.1.0, .... ,192.168.255.0.
Examine RFC 1918 for more information on address allocation for private networks.
Other Special addresses
The address range 0.0.0.0/8 is currently considered throughout the Internet as for special use. Note that
this is different from the host address 0.0.0.0/32 which means 'default'. You can have legitimate
addresses in the range 0.0.0.0/16, e.g. 0.0.123.95/16.
The address range 192.0.2.0/24 is called the Test Net and is reserved for use in testing examples and
documentation.
The address range 169.254.0.0/16 is used for auto-configuration of IP addresses if a DHCP server should
fail and there is no backup for the DHCP Clients. This is described in RFC 2563Stateless Auto-
configuration.
Directed Broadcasts
The RFC 1812 overviews the requirements of routers to run IPv4. One of the requirements is that routers
MUST, by default accept Directed Broadcasts (although it is allowable to have a switch that turns this off).
A directed broadcast is one where the IP broadcast has been sent to a destination prefix (a net or
subnet). A directed broadcast destined for the network 10.20.20.0/24 would be 10.20.20.255, for
example.
Masking IP Addresses
Network Security.Why is Network Security Important?Wherever there is a network, wired or wireless; there are threats. Some people are easily put off setting up a home or office network with the fear that any thing stored in their hard drive could be accessed by neighbours or hackers. The types of potential threats to network security are always evolving, and constant computer network system monitoring and security should be an ultimate priority for any network administrator.
If the security of the network is compromised, there could be serious consequences, such as loss of privacy, and theft of information.
When it comes to network security, the main concern is making sure that any wireless connections are protected against unauthorised access.
Most business transactions are done over the Internet, In addition, the rise of mobile commerce and wireless networks demands that security solutions become flawlessly integrated, more transparent, and more flexible.
Network attack tools and methods have evolved. Back in the days when a hacker had to have sophisticated computer, programming, and networking knowledge to make use of rudimentary tools and basic attacks.
Nowadays, network hackers, methods and tools has improved tremendously, hackers no longer required the same level of sophisticated knowledge, people who previously would not have participated in computer crime are now able to do so.
Types of Network Threats and AttacksAs the types of threats, attacks, and exploits grows, various terms have been used to describe the individuals involved. Some of the most common terms are as follows:
i. White hat- These are network attackers who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. A white hat generally focuses on securing IT systems.
ii. Hacker- This is a general term that is used to describe a computer programming expert. These are normally used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.
iii. Black hat or Cracker- The opposite of White Hat, this term is used to describe those individuals who use their knowledge of computer systems and programming skills to break into systems or networks that they are not authorized to use, this of course is done usually for personal or financial gain.
iv. Phreaker- This terms is often used to describe an individual who manipulates the phone network in a bid to perform a function that is not allowed. The phreaker breaks into the phone network, usually through a payphone, to make free or illegal long distance calls.
v. Spammer- This is often used to describe the persons who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages.
vi. Phisher- Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.
- See more at: http://orbit-computer-solutions.com/Network-Security.php#sthash.f9CEXJBn.dpuf
Routers.
Routers are generally known as intermediate systems, which operates at the network layer of the OSI reference model, routers are devices used to connects two or more networks (IP networks) or a LAN to the Internet.
The router is responsible for the delivery of packets across different networks. The destination of the IP packet might be a web server in another country or an e-mail server on the local area network. It is the responsibility of the router to deliver those packets in a timely manner. The effectiveness of internetwork communications depends on the ability of routers to forward packets in the most efficient way possible.
Routers are now being added to satellites in space. These routers will have the ability to route IP traffic between satellites in space in much the same way that packets are moved on Earth, thereby reducing delays and offering greater networking flexibility.
Advantages of a Router
In addition to packet forwarding, a router provides other services as well. To meet the demands on today's networks, routers are also used :
i. To ensure steady, reliance availability of network connectivity. Routers use alternative parts in the case the primary part fails to the delivery of packets.
ii. To provide integrated services of data, video, and voice over wired and wireless
networks.
For security, router helps in mitigating the impact of worms, viruses, and other attacks on the network by permitting or denying the forwarding of packets.
Cisco CCNA Networking Books
CCNA - Past Questions & Answers with Explanation
Cisco Routers
Router Connecting Two LANs
Router Connects LAN to Internet
Types of Routers
Wireless Routers
Hot Standby Router Protocol (HSRP)
How to Install and Configure your Wireless Router or Access PointsDifference Between Routers and Access Points
Routing Protocols
Broadband
Linksys Routers
ADSL
- See more at: http://orbit-computer-solutions.com/Routers.php#sthash.9a2c2qC2.dpuf
VLSM Example #2.
We use the network topology below as example:
The figure above shows 5 different subnets, each with different host requirements. The given IP address from our ISP is192.168.1.0/24.
The host requirements are:
Network A - 14 hosts
Network B - 28 hosts
Network C - 2 hosts
Network D - 7 hosts
Network E - 28 hosts
As recommended, we begin the process by subnetting for the largest host requirement first. As it seems, the largest requirements are for NetworkB and NetworkE, each with 28 hosts.
Don’t forget the cram table!
Let’s apply the formula: usable hosts = 2^n - 2. For networks B and E, 5 bits are borrowed from the host portion and the calculation is 2^5 = 32 - 2. Only 30 usable host addresses are available in this case due to the 2 reserved addresses. Borrowing 5 bits meets the requirement but leaves little room for future growth.
So we revert to borrowing 3 bits for subnets leaving 5 bits for the hosts. This allows 8 subnets with 30 hosts each.
We have created and will allocate addresses for networks B and E first:
Network B will use Subnet 0: 192.168.1.0/27
Host address range 1 to 30 (192.168.1.1 – 192.168.1.30)
192.168.1.31 (broadcast address)
Network E will use Subnet 1: 192.168.1.32/27
Host address range 33 to 62 (192.168.1.33 – 192.168.1.62)
192.168.1.63 (broadcast address)
The next largest host requirement is NetworkA, followed by NetworkD.
We will borrowing another bit and subnetting the network address 192.168.1.64 will give us the following a host range of:
Network A will use Subnet 0: 192.168.1.64/28
Host address range 65 to 78 (192.168.1.65 – 192.168.1.78)
192.168.1.79 (broadcast address)
Network D will use Subnet 1: 192.168.1.80/28
Host address range 81 to 94 (192.168.1.81 – 192.168.1.94)
192.168.1.95 (broadcast address)
This allocation supports 14 hosts on each subnet and satisfies the requirement.
*In Network C, there are only two hosts. In this case we borrow two bits to meet this requirement.
Beginning from 192.168.1.96 and borrowing 2 more bits results in subnet 192.168.1.96/30.
Network C will use Subnet 1: 192.168.1.96/30
Host address range 97 to 98 (192..168.1.97 –192.168.1.98)
192.168.1.99 (broadcast address)
From the above illustration, we have met all requirements without wasting many possible subnets and available addresses.
In this case, bits were borrowed from addresses that had already been subnetted. As you will recall from a previous section, this method is known as Variable Length Subnet Masking, or VLSM.
*use illustration to create networks for the WAN on the network
- See more at: http://orbit-computer-solutions.com/VLSM-Example.php#sthash.zjUuYvXd.dpuf
How To Calculate Subnets Using Binary Method.Connectivity between hosts on an IP network is determined by the application of network and destination address. This is done by the communicating host comparing and applying its subnet mask to both its IPv4 address and to the destination IPv4 address.
Remember, the subnet mask is a 32 bit value which is used to differentiate between the network bits and the host bits of the IP address. The subnet mask is made up of a string of 1s followed by a string of 0s.
The 1s indicate the network bits and the 0s specify the host bits within the IP address. The network bits are matched between the source and destination. If networks are the same, the packet can then be delivered locally. If they don’t match, the packet is sent to the default gateway.
For example, let’s assume PC 1, with the IP address of 192.168.1.40 and subnet mask of 255.255.255.0, needs to send a message to PC 2, with the IP address of 192.168.1.52 and a subnet mask of 255.255.255.0. In this case, both hosts have a same default subnet mask of 255.255.255.0. Both hosts have the same network bits of 192.168.1, and therefore are on the same network.
PC 1 sends a message to PC 2. The switch checks to see if PC 2 is on the same network as PC 1. The network is determined by comparing the IP address to the Subnet Mask. Let’s look at The IP Address, Subnet Mask, and Network Address for each configuration in binary equivalent below:
PC 1 Configuration
IP Address -192.168.1.40, 11000000.10101000.00000001.00101000
Subnet Mask -255.255.255.0, 11111111.11111111.11111111.00000000
Network- 192.168.1.0, 11000000.10101000.00000001.00000000
PC 2 Configuration
IP Address -192.168.1.52, 11000000.10101000.000000001.00110100
Subnet Mask -255.255.255.0, 11111111.11111111.11111111.00000000
Network 192.168.1.0, 11000000.10101000.00000001.00000000
The highlighted area above shows that both PC 1 and PC 2 are on the same network: 192.168.1.0.
- See more at: http://orbit-computer-solutions.com/How-To-Calculate-Subnets-Using-Binary-Method.php#sthash.2aOOyVXn.dpuf
How a Root Port is selected on a Switch.Best Paths to the Root Bridge
After the root bridge has been designated for the spanning tree process, the next process is to determine the best paths to the root bridge from all destinations in the network. The best path resolution is carried out by the summing up of the individual port costs along the path from the destination to the root bridge.
By default, port costs are defined by the speed at which the port operates. Every non-root bridge selects a root port; this is the port with the lowest cost path to the root bridge. Default costs depend on the speed of the link as set by IEEE (individual path cost = 19).
Note: costs may change as faster Ethernet is developed.
In the case of ports having the same cost; the use of port priority and port number can be applied. By default, Fa0/1 has 128.1 and Fa0/2 has 128.2
See table for finding the cost of a link:
Link Speed Revised Cost Previous Cost10GBs 2 11Gbs 4 1100Mbs 19 1010Mbs 100 100
Configuring Port Costs.Although switch ports have a default port cost, it can be manipulated by configuration. Cisco switches provide the network administrator the ability to configure individual port costs. This enables an administrator full control of the spanning-tree paths to the root bridge.
To configure the port cost of an interface, enter the spanning-tree cost value command in interface configuration mode. The range value can be between 1 and 200,000,000.
In the configuration example below, switch port F0/1 has been configured with a port cost of 30 using the spanning-tree cost 30 interface configuration command on the F0/1 interface.
SW2#config t
SW2(config)#interface fa0/1
SW2(config-if)#spanning-tree cost 30
SW2(config-if)#end
SW2#
To reset the port cost back to the default value, enter the no spanning-tree cost interface configuration command.
SW2#config t
SW2(config)#interface fa0/1
SW2(config-if)#no spanning-tree cost
SW2(config-if)#end
SW2#
You can use the show spanning tree command to very cost path.
Summary
· Path cost is the sum of all the port costs along the path to the root bridge.
· The paths with the lowest path cost become the preferred path, and all other redundant paths are blocked.
· Every non-root bridge (switch) selects a root port
· The cost path from non-root bridge (switch) to the root bridge by default is 19 (IEEE)
· STP then configures the redundant path to be blocked, preventing a loop from occurring.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Understanding-How-a-Root-Port-is-Selected.php#sthash.gorgpbIZ.dpuf
How the Root Bridge and Ports are chosen.The Root Bridge
In STP configured switched LAN or broadcast domain, a switch is designated as the root bridge. The root bridge serves as an administrative point for all spanning-tree calculations to determine which redundant links to block. An election process determines which switch becomes the root bridge.
Each switch has a Bridge ID (BID) that is made up of a priority value, an extended system ID, and the MAC address of the switch.
All switches in the network take part in the election process. After a switch boots up, it sends out BPDU frames containing the switch BID and the root ID every 2 seconds. By default, the root ID matches the local BID for all switches on the network. The root ID identifies the root bridge on the network. Initially, each switch identifies itself as the root bridge after bootup.
Lets look at it this way, when switches A, B, C and D are on the same network or broadcast domain boots up, the switches will forward their Bridge Protocol Data Unit (BPDU) frames to neighbouring switches. All switches in the network or broadcast domain will read the root ID information from the BPDU frame of all their neighbours.
After reviewing the entire root ID’s from the BPDU received from each switch, the switch with the lowest BID ends up being identified as the Root Bridge for the spanning tree process. It may not be an adjacent switch, but any other switch in the broadcast domain.
Study the figure below and see if you can Identify the switch with the lowest priority.
Root Ports - Switch ports closest to the root bridge with the lowest cost path.
Designated Ports - All non-root ports that are still permitted to forward traffic on the network.
Non-designated ports - All ports configured to be in a blocking state to prevent loops.
Summary.
* Each switch has a bridge ID (BID) of priority value followed by MAC address
* Switches exchange Bridge Protocol Data Unit (BDPU) to compare bridge IDs
* The switch with the lowest bridge ID becomes the root bridge.
* Eventually, all switches agree that the switch with the lowest BID is the root bridge.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Understanding-How-the-Root-Bridge-and-Ports-are-chosen.php#sthash.fAiaLgac.dpuf
How to secure your network with Cisco Routers.
Security passwords configuration Pass phrases configuration Secure administrative access Secure Telnet and SSH Maintain Router activity logs
Before we learn how to secure Cisco routers, lets briefly summarize the role routers play in network security
The Role of Routers in Network Security
As you must have known, routers are used to route traffic between different networks based on Layer 3 IP addresses and provide access to network segment and subnetworks. So said, that makes routers the definite targets for network attackers. When the border router of an organisation’s network is compromised or gained access to, unauthorized, it poses a potential threat to its sensitive information and other network services and resources.
Routers can be compromised in many ways, (Trust exploitation and MITM attacks) and this exposes the internal network configuration or components to scans and attacks.
In summary, two primary roles router plays in a network
Advertise networks and filter (permit/deny) who can use them. Provide access to network segments and subnetworks
Securing Your Network
Security Passwords and Passphrases Configuration and Encryptions
How To Configure Switch Security
Administrative Access Security
Telnet and SSH Security
Maintain Router Activity Logs
- See more at: http://orbit-computer-solutions.com/How-to-secure-your-network-with-Cisco-routers.php#sthash.qjiZvxCg.dpuf
IP Routing.To a better understanding of what IP routing is, let’s get acquainted with the basic terms:
IP
Routing
Router
Routing Protocols
IP IP (Internet Protocol) is the network protocol used to send user data through the Internet and other smaller networks (LAN or WAN).
IP operates at layer 3 of the OSI model and is often used together with the Transport Control Protocol (TCP) and is referred basically as TCP/IP.
Internet Protocols (IP) uses a unique addressing assigned to computers and other devices interface that helps to determine the source and destination of packets on a network. An example of IP is the Internet Protocol version 4 (IPv4) and the newer Internet Protocol version 6 (IPv6).
ROUTINGRouting is the process of taking a packet from one device sending it through the network to another device in a different network.
Communications accross the Internet is one of the best examples of routing.
The internet helps to move data from your computer, across several networks, to reach a destination network. A device that specializes in routing function is called router.
Routers perform routing function if it knows the destination address. Router chooses best routes to remote networks from a list of routes which it stores in its routing table. If routers are not involved in your network, then you are not routing.
Routers uses two ways to know the destination of packets; these are Static and Dynamic routing.
ROUTERRouters are intermediary network devices. Routers operate at the network layer (OSI Model's layer 3). The primary function of a router is to move data from one network to another and to help to control broadcast or unnecessary traffic. For a router to be able to do this, it must know the following:
i. Destination address
ii. Possible routes to all networks
iii.Neighboring routers from which it will learn about remote networks
iv. The best route to reach a network
v. How to maintain and verify routing information.
ROUTING PROTOCOLSRouting protocols are used by routers to dynamically learn remote paths to set of networks and forward data between the networks. These protocols include:
RIP (Routing Information Protocol
EIGRP (Enhanced Internal Gateway Routing Protocol)
OSPF (Open Shortest Path First)
BGP (Border Gateway Protocol)
What Is IP Routing?Networks (LAN or WAN) on the internet are connected to each other via routers. The movement of data from your computer to a known destination (computer) is known as routing.
IP Routing is a summed up process for the set of protocols (IP/TCP) that determine the path that data follows in order to travel across different networks from its source to its destination.
The moving of data from source to destination across multiple networks is controlled by routers. These series of routers makes use of IP Routing protocols to build up a routing table consisting of remote network addresses.
Example below shows how a Network router connects other networks :
R2#show IP route
[Output omitted]
Gateway of last resort is not set
C 192.168.1.32/27 is directly connected, fastEthernet0/1
C 192.168.1.0/27 is directly connected, fastEthernet0/2
C 10.10.1.0/30 is directly connected, serial 0/0/0
The C in the routing table means the networks are directly connected. Remote networks are not found and displayed in the routine table because, we have not added a routing protocol – such as RIP, EIGRP, OSPF etc. etc or configured Static routes.
Looking at the output above, when the network router receive a packet with the destination address of 192.168.1.10, the router will send the packet to interface fastEthernet0/2, and this interface will frame the packet and then send it out
- See more at: http://orbit-computer-solutions.com/IP-Routing---Protocols.php#sthash.CM2mTWOe.dpuf
Variable Length Subnet Mask (VLSM).Variable Length Subnet Masking - VLSM - is a technique that allows network administrators to divide an IP address space into subnets of different sizes, unlike simple same-size Subnetting.
Variable Length Subnet Mask (VLSM) in a way, means subnetting a subnet. To simplify further, VLSM is the breaking down of IP addresses into subnets (multiple levels) and allocating it according to the individual need on a network. It can also be called a classless IP addressing. A classful addressing follows the general rule that has been proven to amount to IP address wastage.
Before you can understand VLSM, you have to be very familiar with IP address structure.
The best way you can learn how to subnet a subnet (VLSM) is with examples. Lets work with the diagram below:
Looking at the diagram, we have three LANs connected to each other with two WAN links.
The first thing to look out for is the number of subnets and number of hosts. In this case, an ISP allocated 192.168.1.0/24. Class C
HQ = 50 host
RO1 = 30 hosts
RO2 = 10 hosts
2 WAN links
We will try and subnet 192.168.1.0 /24 to sooth this network which allows a total number of 254 hosts I recommend you get familiar with this table below. I never leave home without it!
Lets begin with HQ with 50 hosts, using the table above:
We are borrowing 2 bits with value of 64. This is the closest we can get for 50 hosts.
HQ - 192.168.1.0 /26 Network address
HQ = 192.168.1.1 Gateway address
192.168.1.2, First usable address
192.168.1.62- Last usable address. Total address space -192.168.1.2 to 192.168.1.62
192.168.1.63 will be the broadcast address (remember to reserve the first and last address for the Network and Broadcast)
HQ Network Mask 255.255.255.192 - we got the 192 by adding the bit value from the left to the value we borrowed = 128+64=192
HQ address will look like this 192.168.1.0 /26
RO1 = 30 hosts
We are borrowing 3 bits with value of 32; this again is the closest we can get to the number of host needed.
RO1 address will start from 192.168.1.64 - Network address
Now we add the 32 to the 64 we borrowed earlier = 32+64 = 96
RO1 = 192.168.1.65 Gateway address
192.168.1.66 - First usable IP address
192.168.1.94 - Last usable IP address
192.168.1.95 Broadcast address – total address space – 192.168.1.66 –192.168.1. 94
Network Mask 255.255.255.224 I.e. 128+64+32=224 or 192.168.1.64/27
RO2 = 192.168.1.96 Network address
We borrow 4 bits with the value of 16. That’s the closest we can go.
96+16= 112
So, 192.168.1.97- Gateway address
192.168.1.98 - First usable address
192.168.1.110 - Last usable address
192.168.1.111 broadcast
Total host address space – 192.168.1.98 to 192.168.1.110
Network Mask 255.255.255.240 or 192.168.1.96 /28
WAN links = we are borrowing 6 bit with value of 4
=112 + 4 =116
WAN links from HQ to RO1 Network address will be 192.168.1.112 /30 :
HQ se0/0 = 192.168.1.113
RO1 se0/0= 192.168.1.114
Mask for both links= 255.255.255.252 ( we got 252 by adding the bits value we borrowed i.e
124 +64 +32 +16+ 8 +4=252
WAN Link 2= 112+4=116
WAN Link from HQ to RO2 Network address = 192.168.1.116 /30
HQ = 192.168.1.117 subnet mask 255.255.255.252
RO2 = 192.168.1.118 Subnet mask 255.255.255.252
Subnet Prefix / CIDR
Subnet mask Usable IP address/hosts
Usable IP addresses + Network and
Broadcast address/26 255.255.255.192 62 64/27 255.255.255.224 30 32/28 255.255.255.240 14 16/29 255.255.255.248 6 8/30 255.255.255.252 2 4
As I mentioned earlier, having this table will prove very helpful. For example, if you have a subnet with 50 hosts then you can easily see from the table that you will need a block size of 64. For a subnet of 30 hosts you will need a block size of 32. - See more at: http://orbit-computer-solutions.com/VLSM.php#sthash.nSUNE75F.dpuf
Tracing and Interpreting Network Connectivity.Testing network connectivity using trace
A trace returns a list of hops as a packet is routed through a network. The form of the command depends on where the command is issued. When performing the trace from a Windows computer, use tracert. When performing the trace from a router Command Line Interface - CLI, use traceroute.
Ping and Trace
Ping and trace can be used together to detect a problem.
Let's assume that a successful connection has been established between Host 1 and Router A, as shown in the figure.
Next, let's assume that Host 1 pings Host 2 using this command.
C:>ping 172.17.2.3
The ping command returns this result:
Pinging 172.17.2.3 with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for 172.17.2.3:Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)The ping test failed.
This is a test of communication beyond the local network to a remote device. Because the local gateway responded but the host beyond did not, the problem appears to be somewhere beyond the local network. A next step is to isolate the problem to a particular network beyond the local network. The trace commands can show the path of the last successful communication.
Trace to a Remote Host
Like ping commands, trace commands are entered in the command line and take an IP address as the argument.
Assuming that the command will be issued from a Windows computer, we use the tracert form:
C:>tracert 172.17.2.3
The only successful response was from the gateway on Router A. If a Trace requests to the next hop timed out, meaning that the next hop did not respond. The trace results indicate that the failure is therefore in the internetwork beyond the LAN.
If there is a conflicting result, the default gateway-192.168.1.1- responds, indicating that there is communication between Host1 and the gateway. On the other hand, the gateway does not appear to be responding to traceroute.
One explanation is that the local host is not configured properly; check the gateway IP address on the host. To examine the gateway IP address, use the ipconfig command line.
- See more at: http://orbit-computer-solutions.com/Tracing-and-Interpreting-Trace-Results.php#sthash.mwJrrUNp.dpuf
Testing Local Network.
Testing a host on the local LAN.
After Successfully pinging remote hosts, both the local host -the router - and the remote host are configured correctly. Pinging each host one by one on the LAN can carry out this test.
If a host responds with Destination Unreachable, note which address was not successful and continue to ping the other hosts on the LAN.
Another failure message is Request Timed Out. This indicates that no response was made to the ping attempt in the default time period indicating that network latency may be an issue.
Using extended Ping
The IOS offers and extended mode of the ping command. This mode is entered by typing ping in privileged EXEC mode, at the CLI prompt without assigning a destination IP address. A series of prompts are then presented as shown in this example. Pressing Enter accepts the indicated default values.
Router#pingProtocol [ip]: Target IP address:10.0.0.1Repeat count [5]: Datagram size [100]: Timeout in seconds [2]:5Extended commands [n]: n
Entering a longer timeout period than the default allows for possible latency issues to be detected. If the ping test is successful with a longer value, a connection exists between the hosts, but latency may be an issue on the network.
Note that entering "y" to the "Extended commands" prompt provides more options that are useful in troubleshooting.
A Successfully ping shows that the local and other hosts IP address in the network are configured properly.
Testing Gateway and Remote Connectivity
The next step is to test if the local host can connect with a gateway address.
You can Use ping command to verify if the local host can connect the gateway. This is extremely important because the gateway is the host's entry and exit to the wider network. If the ping command returns a successful response, connectivity to the gateway is verified.
To begin, choose a station as the source device. In this case, we chose 192.168.1.1 as shown in the figure above to be the gateway IP address.
c:>ping 192.168.1.1
The gateway IPv4 address should be readily available in the network documentation, but if it is not available, use the ipconfig command to discover the gateway IP address.
If the gateway test fails:
1. Try pinging another host in the local LAN to verify that the problem is not the source host.
2. Then verify the gateway address with the network administrator to ensure that the proper address is being verified
If all devices are configured properly, check the physical cabling to ensure that it is secure and properly connected. Keep an accurate record of what attempts have been made to verify connectivity. This will assist in solving this problem and, perhaps, future problems.
Testing Route Next Hop
In a router, you can use IOS to test the next hop of the individual routes. Each route has the next hop listed in the routing table. You can use the output of the show ip route command
to determine the next hop. Frames carrying packets that are directed to the destination network listed in the routing table are sent to the device that represents the next hop. If the next hop is not accessible, the packet will be dropped.
To test the next hop, determine the appropriate route to the destination and try to ping the appropriate next hop for that route in the routing table. A failed ping indicates that there might be a configuration or hardware problem.
The ping may also be prohibited by security in the device. If the ping is successful you can move on to testing connectivity to remote hosts.
Testing Remote Hosts connectivity
Once verification of the local LAN and gateway is complete, testing can proceed to remote devices, which is the next step in the testing process.
The figure depicts a sample network topology. There are 3 hosts within a LAN, a router (acting as the gateway) that is connected to another router (acting as the gateway for a remote LAN), and 3 remote hosts. The verification tests should begin within the local network and progress outward to the remote devices.
Testing remote connectivity
Ping a remote host from a local host
Begin by testing the outside interface of a router that is directly connected to a remote network. In this case, the ping command is testing the connection to 200.10.10.129, the outside interface of the local network gateway router.
If the ping command is successful, connectivity to the outside interface is verified. Next, ping the outside IP address of the remote router, in this case, 200.10.10.130 If successful, connectivity to the remote router is verified. If there is a failure, try to isolate the problem. Retest until there is a valid connection to a device and double-check all addresses.
The ping command will not always help with identifying the underlying cause to a problem, but it can isolate problems and give direction to the troubleshooting process. Document every test, the devices involved, and the results.
Test Router Remote Connectivity
A router forms a connection between networks by forwarding packets between them. To forward packets between any two networks, the router must be able to communicate with both the source and the destination networks. The router will need routes to both networks in its routing table.
To test the communication to the remote network, you can ping a known host on this remote network. If you cannot successfully ping the host on the remote network from a router, you should first check the routing table for an appropriate route to reach the remote network. It may be that the router uses the default route to reach a destination. If there is no route to reach this network, you will need to identify why the route does not exist. As always, you also must rule out that the ping is not administratively prohibited.
- See more at: http://orbit-computer-solutions.com/Testing-Local-Network.php#sthash.DtFN3RbP.dpuf
How To Verify Network Connectivity.Using The Ping Command
Using the ping command is one an effective way to test network connection. The test is often referred to as testing the protocol stack, because the ping command moves from Layer 3 of the OSI model to Layer 2 and then Layer 1. Ping uses the ICMP protocol to check for connectivity.
Using ping in a Testing Sequence
Firstly, start by using the router IOS ping command in a planned sequence of steps to establish valid connections, starting with the individual device and then all the way to the LAN and, finally, to remote networks.
By using the ping command in this ordered sequence, problems can be put out-of-the-way. The ping command sometimes does not always pinpoint the nature of the problem, but it can help to identify the source of the problem, this is considered to be the first step in troubleshooting a network failure.
The ping command provides a method for checking the protocol stack and IPv4 address configuration on a host. There are additional tools that can provide more information than ping, such as Telnet or Trace, which we will look at in detail later.
IOS Ping Indicators
A ping from the IOS will yield to one of several indications for each ICMP echo that was sent. These indicators are:
! - Exclamation mark
. - Period and
U
! - The "!" (Exclamation mark) indicates that the ping completed successfully and verifies Layer 3 connectivity
. - The "." (Period) can indicate problems in the communication. It may indicate connectivity problem occurred somewhere along the path. It also may indicate a router along the path did not have a route to the destination and did not send an ICMP destination unreachable message. It also may indicate that ping was blocked by device security
- The "U" indicates that a router along the path did not have a route to the destination address and responded with an ICMP unreachable message.
Pinging the Loopback
As a first step in the testing sequence, the ping command is used to verify the internal IP configuration on the local host. This can be accomplished by using the ping command on a reserved address called the loopback -127.0.0.1-. Pinging the loopback helps to verify the proper operation of the protocol stack from the Network layer to the Physical layer and back without actually putting a signal on the media.
Ping commands are entered into a command line.
C:>ping 127.0.0.1
The reply from this command would look something like this:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
The result shows that four test packets were sent - each 32 bytes in size - and were returned from host 127.0.0.1 in a time of less than 1 ms. TTL stands for Time to Live and defines the number of hops that the ping packet has remaining before it will be dropped.
Verifying Interface Connection
The IOS provides commands to verify the operation of router and switch interfaces. You can use the following command Verify Router Interfaces:
The show ip interface brief command provides a summary of all interface configuration information on the router; it displays the IP addresses that are assigned to the interface and other operational status of the interface.
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/1 172.17.1.1 YES manual up up
Serial0/0/0 unassigned YES manual administratively down down
Serial0/0/1 unassigned YES manual administratively down down
Vlan1 unassigned YES manual administratively down down
Router#
Looking at the line for the FastEthernet 0/0 interface, we see that the IP address is 192.168.1.1. Looking at the last two columns, we can see the Layer 1 and Layer 2 status of the interface. The up in the Status column shows that this interface is operational at Layer 1. The up in the Protocol column indicates that the Layer 2 protocol is operational also the fastEthernet 0/1 with IP address 172.17.1.1, in this case.
In the same example above, notice that the Serial 0/0/0 and Serial0/0/1 interfaces have not been enabled and no IP address assigned. This is indicated by administratively down in the Status column. This interface can be enabled with the no shutdown command.
Testing Router Connectivity
We can use Ping and Traceroute to verify router connectivity, at the layer 3. You can use these commands to ping a host in a local LAN and place a trace to a remote host across the WAN.
e.g.
Router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/15/16 ms
Router#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
1 192.168.1.1 16 msec 16 msec 16 msec
The above result shows a successful connection to the gateway.
Testing NICs
The next step in the testing sequence is to verify that the Network Interface Card- NIC- address is bound to the IPv4 address and that the NIC is ready to transmit signals across the media.
The IPv4 address assigned to a NIC in this case is 10.0.0.6.
To verify the IPv4 address, use the following steps:
Use the following command:
C:>ping 10.0.0.6
A successful reply would resemble:
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Ping statistics for 10.0.0.6: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
This test verifies that the NIC driver and most of the NIC hardware are working properly. It also verifies that the IP address is properly bound to the NIC, without actually putting a signal on the media.
If this test fails, it is likely that there are issues with the NIC hardware and software driver that may require reinstallation of either or both. This procedure is dependent on the type of host and its operating system
- See more at: http://orbit-computer-solutions.com/General-Troubleshooting.php#sthash.dBfEDLDg.dpuf
VLSM Example #2.We use the network topology below as example:
The figure above shows 5 different subnets, each with different host requirements. The given IP address from our ISP is192.168.1.0/24.
The host requirements are:
Network A - 14 hosts
Network B - 28 hosts
Network C - 2 hosts
Network D - 7 hosts
Network E - 28 hosts
As recommended, we begin the process by subnetting for the largest host requirement first. As it seems, the largest requirements are for NetworkB and NetworkE, each with 28 hosts.
Don’t forget the cram table!
Let’s apply the formula: usable hosts = 2^n - 2. For networks B and E, 5 bits are borrowed from the host portion and the calculation is 2^5 = 32 - 2. Only 30 usable host addresses are available in this case due to the 2 reserved addresses. Borrowing 5 bits meets the requirement but leaves little room for future growth.
So we revert to borrowing 3 bits for subnets leaving 5 bits for the hosts. This allows 8 subnets with 30 hosts each.
We have created and will allocate addresses for networks B and E first:
Network B will use Subnet 0: 192.168.1.0/27
Host address range 1 to 30 (192.168.1.1 – 192.168.1.30)
192.168.1.31 (broadcast address)
Network E will use Subnet 1: 192.168.1.32/27
Host address range 33 to 62 (192.168.1.33 – 192.168.1.62)
192.168.1.63 (broadcast address)
The next largest host requirement is NetworkA, followed by NetworkD.
We will borrowing another bit and subnetting the network address 192.168.1.64 will give us the following a host range of:
Network A will use Subnet 0: 192.168.1.64/28
Host address range 65 to 78 (192.168.1.65 – 192.168.1.78)
192.168.1.79 (broadcast address)
Network D will use Subnet 1: 192.168.1.80/28
Host address range 81 to 94 (192.168.1.81 – 192.168.1.94)
192.168.1.95 (broadcast address)
This allocation supports 14 hosts on each subnet and satisfies the requirement.
*In Network C, there are only two hosts. In this case we borrow two bits to meet this requirement.
Beginning from 192.168.1.96 and borrowing 2 more bits results in subnet 192.168.1.96/30.
Network C will use Subnet 1: 192.168.1.96/30
Host address range 97 to 98 (192..168.1.97 –192.168.1.98)
192.168.1.99 (broadcast address)
From the above illustration, we have met all requirements without wasting many possible subnets and available addresses.
In this case, bits were borrowed from addresses that had already been subnetted. As you will recall from a previous section, this method is known as Variable Length Subnet Masking, or VLSM.
*use illustration to create networks for the WAN on the network..
- See more at: http://orbit-computer-solutions.com/VLSM-Example.php#sthash.U9TA9jy5.dpuf
IP Address/Route Summary.IP Address/route summarization; which is also known as route aggregation, is the process routers use in advertising volume or set of addresses as a single address with shorter subnet mask (CIDR).
To put this in a real world senario, it’s like using one postal address number for all the staff from different department in an organization, which of course will have to be distributed to every individual by the office administrator or whoever is concerned.
However, classiful routing protocols like RIPv1 advertises route or IP addresses in summary, as update out an interface that belongs to another major network.
For example, RIPv1 will summarize 10.0.0.0/24 subnets (10.0.0.0/24 through 10.255.255.0/24) as 10.0.0.0/8.
Benefit of Route Summarization.
1. IP address or route summarization helps reduce the number of ip address or routing entries updates in the routers routing table.
2. It also helps reduce bandwidth consumption for routing updates which helps to enable faster routing table look up for the best path to a remote network.
How to Calculate IP Address/ Route Summarization
How to Configure IP Summary route
- See more at: http://orbit-computer-solutions.com/IP-Address-or-Route-Summary-.php#sthash.6xY2BR70.dpuf
IP Address / Route Summarization Example #2.From the previous page, you must have know that IP route summarization can also be referred to as
route aggregation. It helps reduce the number of routing entries in a router IP address routing table for faster lookup of destination.
Let’s look at the example below:
Let’s try and summarize Network 10.1.0.0 through 10.5.0.0.
First, list everything into binary:
Firstly, to get the network address, follow and match the binary bits, starting on the left and stop where the bits do not match from the example above.
Notice that the first octet are matched, the second octet has no matching bits on, so is the third and last.
so, the summary IP will be 10.0.0.0 = Network address.
Finally, to work out the summary subnets mask; we match the 8 bits of the first octet (see above) which is the network, and five matching zeros in the second octet which is the subnet.
255.248.0.0
How did we get the 248…?
Remember the bits value = 128 64 32 16 8 4 2 1
0 0 0 0 0 0 0 0
You add the five bits values in the second octet from the left ; 128+64+32+16+8 = 248
How did we get /13…?
Count all the matching bits (see above) from the left up to the last matching bit…kazam!...you get your CIDR .
- See more at: http://orbit-computer-solutions.com/IP-Address---Route-Summarization-Example-_2.php#sthash.X0jgD0EL.dpuf
Subnetting IP Address.Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or C network.
There are so many reasons why we subnet:
a. It helps in the preservation of address space in other not to waste addresses.
b. It used for security.
c. It helps to control network traffic due to collisions of packets transmitted by other node (host) on the same segment.
Subnetting a Network Address
In order to subnet a network address, The subnet mask has to be extended, using some of the bits from the host ID portion of the address to create a subnetwork ID.
For example, given a Class C network of 192.17.5.0 which has a natural mask of 255.255.255.0, you can create subnets in this manner:
192.17.5.0 - 11000000.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
|sub|
By extending the mask to be 255.255.255.224, you have borrowed three bits (indicated by "sub") from the original host portion of the address and used them to create subnets. With these three bits, it is possible to create eight subnets. With the remaining five host ID bits, each subnet can have up to 32 host, addresses, 30 of which can actually be assigned to a device on the same segment.
These subnets have been created.
192.17.5.0 255.255.255.224 host address range 1 to 30
192.17.5.32 255.255.255.224 host address range 33 to 62
192.17.5.64 255.255.255.224 host address range 65 to 94
192.17.5.96 255.255.255.224 host address range 97 to 126
192.17.5.128 255.255.255.224 host address range 129 to 158
192.17.5.160 255.255.255.224 host address range 161 to 190
192.17.5.192 255.255.255.224 host address range 193 to 222
192.17.5.224 255.255.255.224 host address range 225 to 254
Another example:-
Given a class C network address of 192.168.1.0, as a network administrator, you need to utilize this network address across multiple small groups within the organization. You can do this by subnetting this network with a subnet address.
All you have to do is , try to create 14 subnets of 14 nodes (hosts) each. This will limit us to 196 nodes (hosts) on the network instead of 254 we would have without subnetting. To accomplished this we begin with the default network mask for class C
255.255.255.0 (11111111.11111111.11111111.00000000) binary
255.255.255.240 (11111111.11111111.11111111.11110000) binary
Remember the cram table:-
1 1 1 1 1 1 1 1
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)
Look at this because you will always come across it during subnetting
128+64 =192
128+64+32 =224
128+64+32+16=240
128+64+32+16+8=248
128+64+32+16+8+4=252 an so on!
So to give us 16 possible network numbers, 2 of which cannot be used:-
192.168.1.0 (Reserved)
Network address hosts address, broadcast address
192.168.1.16 192.168.1.17 – 30 192.168.1.31
192.168.1.32 192.168.1.33 - 46 192.168.1.47
192.168.1.48 192.168.1.49 – 62 192.168.1.63
192.168.1.64 192.168.1.65 – 78 192.168.179
192.168.1.80 (keep adding 16 till you get to 224)
That will give you up to 14 networks shared among 14 hosts (nodes).
- See more at: http://orbit-computer-solutions.com/Subnetting-IP-addresses.php#sthash.NsUk2Jlv.dpuf
How To Verify Network Connectivity.Using The Ping Command
Using the ping command is one an effective way to test network connection. The test is often referred to as testing the protocol stack, because the ping command moves from Layer 3 of the OSI model to Layer 2 and then Layer 1. Ping uses the ICMP protocol to check for connectivity.
Using ping in a Testing Sequence
Firstly, start by using the router IOS ping command in a planned sequence of steps to establish valid connections, starting with the individual device and then all the way to the LAN and, finally, to remote networks.
By using the ping command in this ordered sequence, problems can be put out-of-the-way. The ping command sometimes does not always pinpoint the nature of the problem, but it can help to identify the source of the problem, this is considered to be the first step in troubleshooting a network failure.
The ping command provides a method for checking the protocol stack and IPv4 address configuration on a host. There are additional tools that can provide more information than ping, such as Telnet or Trace, which we will look at in detail later.
IOS Ping Indicators
A ping from the IOS will yield to one of several indications for each ICMP echo that was sent. These indicators are:
! - Exclamation mark
. - Period and
U
! - The "!" (Exclamation mark) indicates that the ping completed successfully and verifies Layer 3 connectivity
. - The "." (Period) can indicate problems in the communication. It may indicate connectivity problem occurred somewhere along the path. It also may indicate a router along the path did not have a route to the destination and did not send an ICMP destination unreachable message. It also may indicate that ping was blocked by device security
- The "U" indicates that a router along the path did not have a route to the destination address and responded with an ICMP unreachable message.
Pinging the Loopback
As a first step in the testing sequence, the ping command is used to verify the internal IP configuration on the local host. This can be accomplished by using the ping command on a reserved address called the loopback -127.0.0.1-. Pinging the loopback helps to verify the proper operation of the protocol stack from the Network layer to the Physical layer and back without actually putting a signal on the media.
Ping commands are entered into a command line.
C:>ping 127.0.0.1
The reply from this command would look something like this:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
The result shows that four test packets were sent - each 32 bytes in size - and were returned from host 127.0.0.1 in a time of less than 1 ms. TTL stands for Time to Live and defines the number of hops that the ping packet has remaining before it will be dropped.
Verifying Interface Connection
The IOS provides commands to verify the operation of router and switch interfaces. You can use the following command Verify Router Interfaces:
The show ip interface brief command provides a summary of all interface configuration information on the router; it displays the IP addresses that are assigned to the interface and other operational status of the interface.
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/1 172.17.1.1 YES manual up up
Serial0/0/0 unassigned YES manual administratively down down
Serial0/0/1 unassigned YES manual administratively down down
Vlan1 unassigned YES manual administratively down down
Router#
Looking at the line for the FastEthernet 0/0 interface, we see that the IP address is 192.168.1.1. Looking at the last two columns, we can see the Layer 1 and Layer 2 status of the interface. The up in the Status column shows that this interface is operational at Layer 1. The up in the Protocol column indicates that the Layer 2 protocol is operational also the fastEthernet 0/1 with IP address 172.17.1.1, in this case.
In the same example above, notice that the Serial 0/0/0 and Serial0/0/1 interfaces have not been enabled and no IP address assigned. This is indicated by administratively down in the Status column. This interface can be enabled with the no shutdown command.
Testing Router Connectivity
We can use Ping and Traceroute to verify router connectivity, at the layer 3. You can use these commands to ping a host in a local LAN and place a trace to a remote host across the WAN.
e.g.
Router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/15/16 ms
Router#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
1 192.168.1.1 16 msec 16 msec 16 msec
The above result shows a successful connection to the gateway.
Testing NICs
The next step in the testing sequence is to verify that the Network Interface Card- NIC- address is bound to the IPv4 address and that the NIC is ready to transmit signals across the media.
The IPv4 address assigned to a NIC in this case is 10.0.0.6.
To verify the IPv4 address, use the following steps:
Use the following command:
C:>ping 10.0.0.6
A successful reply would resemble:
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Reply from 10.0.0.6: bytes=32 time<1ms TTL=128 Ping statistics for 10.0.0.6: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
This test verifies that the NIC driver and most of the NIC hardware are working properly. It also verifies that the IP address is properly bound to the NIC, without actually putting a signal on the media.
If this test fails, it is likely that there are issues with the NIC hardware and software driver that may require reinstallation of either or both. This procedure is dependent on the type of host and its operating system
- See more at: http://orbit-computer-solutions.com/General-Troubleshooting.php#sthash.FrhqpXGH.dpuf
How a Switch Forward Frames in Ethernet Network.Switch Packet Forwarding Methods
A switch uses different method of forwarding frames in Ethernet network. These methods are: Store-and-Forward or Cut-through Switching.
Store-and-Forward Switching
In store-and-forward switching, when the switch receives the frame, it stores the received data in buffers until the complete frame has been received. While in the storage process, the switch checks and analyses the frame for information about its intended destination. During this process, the switch checks the frame for errors using the Cyclic Redundancy Check (CRC) trailer portion of the Ethernet frame - a mathematical formula, based on the number of bits (1s) in the frame.
If the frame contains no error, the frame will be forwarded to the appropriate port towards its destination but when an error is detected the frame is dropped or discarded.
Cut-through Switching
In cut-through switching, the switch works on the frame soon as it is received, even if the transmission is not complete. The switch records destination MAC address so as to determine to which port to forward the data. The destination MAC address is located in the first 6 bytes of the frame following the foreword. The switch in this case does not perform any error checking on the frame.
Cut-through switching is faster than store-and-forward switching. However, because the switch does not check the frame for errors, it forwards corrupt frames throughout the network. The corrupt frames consume bandwidth while they are being forwarded. The destination NIC- Network Interface Card- will eventually drops or discards the corrupt frames.
Cisco Catalyst switches uses solely the store-and-forward method of forwarding frames
Most switches are configured to perform cut-through switching on a per-port basis until a user-defined error mark is reached and then they automatically change to store-and-forward. When the error rate falls below the threshold, the port automatically changes back to cut-through switching.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Understanding-How-A-Switch-Forward-Frames-in-Ethernet-Network.php#sthash.zBqU633N.dpuf
Difference between Hubs, Switches, Routers, and Access Points.Hubs, Switches, Routers, and Access Points are all used to connect computers together on a network, but each of them has different capabilities.
Hubs
Hubs are used to connect computers on a network so as to communicate with each other. Each computer plugs into the hub with a cable, and information sent from one computer to another passes through the hub.
A hub can't identify the source or destination of the information it receives, so it sends the information to all of the computers connected to it, including the one that sent it. A hub can send or receive information, but it can't do both at the same time.
Switches
Switches functions the same way as hubs, but they can identify the intended destination of the information that they receive, so they send that information to only the computers that its intended for.
Switches can send and receive information at the same time, and faster than hubs can. Switches are best recommended on a home or office network where you have more computers and want to use the network for activities that require passing a lot of information between computers.
Functions of a Switch
Routers
Routers are better known as intermediary devices that enable computers and other network components to communicate or pass information between two networks e.g. between your home network and the Internet. The most astounding thing about routers is their capability to direct network traffic. Routers can be wired (using cables) or wireless. Routers also typically provide built-in security, such as a firewall.
Access points
Access points provide wireless access to a wired Ethernet network. An access point plugs into a hub, switch, or wired router and sends out wireless signals. This enables computers and devices to connect to a wired network wirelessly. You can move from one location to another and continue to have wireless access to a network. When you connect to the Internet wirelessly using a public wireless network in an airport, hotel or in public, you are usually connecting through an access point. Some routers are equipped with a wireless access point capability, in this case you don’t need a wireless access Point.
- See more at: http://orbit-computer-solutions.com/Difference-between-Hubs%2C-Switches%2C-Routers%2C-and-Access-Points.php#sthash.UBvxSKQT.dpuf
Features and Functions of Switches.Things to consider when selecting a Switch for a Network.
To select the appropriate switch for a layer in a particular network, you need to have specifications that detail the target traffic flows, user communities, data servers, and data storage servers. Company needs a network that can meet evolving requirements.
Traffic flow analysis is the process of measuring the bandwidth usage on a network and analysing the data for the purpose of performance tuning, capacity planning, and making hardware improvement decisions.
1. Future Growth
Switches comes in different sizes, features and function, choosing a switch to match a particular network sometimes constitute a daunting task.
Consider what will happen if the HR or HQ department grows by five employees or more’ A solid network plan includes the rate of personnel growth over the past five years to be able to anticipate the future growth. With that in mind, you would want to purchase a switch that can accommodate more than 24 ports, such as stackable or modular switches that can scale.
2. Performance
When selecting a switch for the* access, **distribution, or ***core layer, consider the ability of the switch to support the port density, forwarding rates, and bandwidth aggregation requirements of your network.
*Access layer switches facilitate the connection of end node devices to the network e.g. PC, Modems, IP phone, Printers etc. For this reason, they need to support features such as port security, VLANs, Fast Ethernet/Gigabit Ethernet, PoE(power over Internet, and link aggregation. Port security allows the switch to decide how many or what type of devices are permitted to connect to the switch. This is where most Cisco comes in, they all support port layer security. Most renowned network administrator knows this is the first line of defence.
**Distribution Layer switches plays a very important role on the network. They collect the data from all the access layer switches and forward it to the core layer switches. Traffic that is generated at Layer 2 on a switched network needs to be managed, or segmented into VLANs, Distribution layer switches provides the inter-VLAN routing functions so that one VLAN can communicate with another on the network.
Distribution layer switches provides advanced security policies that can be applied to network traffic using Access Control Lists (ACL). This type of security allows the switch to prevent certain types of traffic and permit others. ACLs also allow you to control, which network devices can communicate on the network.
***Core layer switches : These types of switches at the core layer of a topology, which is the high-speed backbone of the network and requires switches that can handle very high forwarding rates. The switch that operates in this area also needs to support link aggregation (10GbE connections which is currently the fastest available Ethernet connectivity.) to ensure adequate bandwidth coming into the core from the distribution layer switches.
Also, core layer switches support additional hardware redundancy features like redundant power supplies that can be swapped while the switch continues to operate. Because of the high workload carried by core layer switches, they tend to operate hotter than access or distribution layer switches, so they should have more sophisticated cooling options. Many true, core layer-capable switches have the ability to swap cooling fans without having to turn the switch off.
For example, it would be disruptive to shut down a switch at the core layer to change a power supply or a fan in the middle of the day when the network usage is at its Peak. To perform a hardware replacement, you could expect to have at least a 10 to 15 minute network shutdown, and that is if you are very fast at performing the maintenance. In more realistic circumstances, the switch could be down for 30 to 45 minutes or more, which most likely is not acceptable. With hot-swappable hardware, there is no downtime during switch maintenance.
Switch Port SpeedAnother characteristic one needs to put into consideration is port speed, which at times depend on performance requirements. Choosing between fast Ethernet and Gigabit Ethernet Switch Ports.
Fast Ethernet allows up to 100 Mb/s of traffic per switch port while Gigabit Ethernet allows up to 1000 Mb/s of traffic per switch port. Fast Ethernet is adequate for IP telephony and data traffic on most business networks; however, performance is slower than Gigabit Ethernet ports..
Switch Port DensityPort density is the number of ports available on a single switch. Fixed configuration switches support up to 48 ports on a single device, with options for up to four additional ports.
High port densities allow for better use of space and power when both are in limited supply. If you have two switches that each contain 24 ports, you would be able to support up to 46 devices, because you lose at least one port per switch to connect each switch to the rest of the network. In addition, two power outlets are required. On the other hand, if you have a single 48-port switch, 47 devices can be supported, with only one port used to connect the switch to the rest of the network, and only one power outlet needed to accommodate the single switch.
Modular switches can support very high port densities through the addition of multiple switch port line cards, as shown in the figure. For example, the Cisco Catalyst 6500 switch can support in excess of 1,000 switch ports on a single device.
Forwarding RatesSwitches have different processing capabilities at the rate in which they process data per second. Processing and forwarding data rates are very important when selecting a switch, the lower the processing, the slower the forwarding this results to the switch unable to accommodate full wire-speed communication across all it’s ports. A normal fast Ethernet port attains a 100Mb/s , while Gigabit Ethernet does 1000Mb/s.
For example, a 48-port gigabit switch operating at full wire speed generates 48 Gb/s of traffic. If the switch only supports a forwarding rate of 32 Gb/s, it cannot run at full wire speed across all ports simultaneously.
Link AggregationThe more ports you have on a switch to support bandwidth aggregation, the more speed you have on your network traffic,. e.g. , consider a Gigabit Ethernet port, which carries up to 1 Gb/s of traffic in a network.
If you have a 24-port switch, with all its ports capable of running at gigabit speeds, you could generate up to 24 Gb/s of network traffic. If the switch is connected to the rest of the network by a single network cable, it can only forward 1 Gb/s of the data to the rest of that network. Due to the contention for bandwidth, the data would forward more slowly. That results in 1 out of 24 wire speed available to each of the 24 devices connected to the switch.
Power over Ethernet (PoE)Another characteristic you consider when choosing a switch is Power over Ethernet (PoE). This is the ability of the switch to deliver power to a device over the existing Ethernet cabling. IP phones and some wireless access points can use this feature, you can be able to install them anywhere you can run an Ethernet cable.
- See more at: http://orbit-computer-solutions.com/Features-and-Functions-of-Switches.php#sthash.We3aQ6ts.dpuf
Internet Protocol Version 6 - IPv6. What is IPv6?
IPv6 is the next generation of IP addressing or Internet Protocol. The previous version of IP addressing (IPv4) is depleted or near depletion.
IPv6 was created by the Internet Engineering Task Force (IETF), a standards body, as a replacement to IPv4 in 1998.
However, IPv6 is equipped with so much improved features and limitless opportunities more than IPv4. This next generation of IP addressing boasts of increased securities and more IP addressing space.
IPv6 predecessor (IPv4) uses 32 bits for addressing. It provides approximately = 4,294,967,296 unique addresses – only 3.7 billion addresses are assignable or routable on the internet.
IPv6 is equipped with 128 bits for addressing. This provides approximately 3.4 x 1038 addresses. This run into trillions for every individual on the planet! That’s a hell of a huge number of IP addresses. We will look at it in details later on.
The most important feature offered by IPv6 is the address auto configuration. This feature supports fast connectivity for any combination of computers, printers, digital cameras, digital radios, IP phones, Internet-enabled household appliances, to be connected to their home networks.
In a nutshell, these devices on the network automatically address themselves with a link—local unicast address.
The autoconfiguration mechanism was introduced to enable plug-and-play networking of these devices to help reduce administration overhead.
Other Improved Features of IPv6.Many of the improvements that IPv6 offers are, including:
• Superior IP addressing
• Simplified header
• Mobility and security
Superior IP Addressing: A larger address space offers several improvements, which include global connectivity and flexibility. It also offers more plug-and-play options for more devices and auto configuration that can include Data Link layer addresses in the address space..etc.
Simplified header: The IPv6 simplified header offers several advantages over IPv4, this includes:
• IPv6 offers better routing efficiency for performance.
• Elimination of broadcasts and thus no potential threat of broadcast storms (uses multicast traffic instead)
• No requirement for processing checksums.
• Simplified and more efficient extension header mechanisms.
Improved Mobility and Security. Mobility and security help ensure compliance with consumers mobile IP and IP Security (IPsec) standards functionality. Mobility enables people with mobile network devices, many with wireless connectivity, to move around in networks.
However, IPsec is available for both IPv4 and IPv6. Its functionalities are basically identical in both internet protocols, IPsec is mandatory in IPv6, making the IPv6 Internet more secure.
- See more at: http://www.orbit-computer-solutions.com/What-is-IPv6%3A-IPv6-Tutorial.php#sthash.CsJrTOEg.dpuf
DHCP.Dynamic Host Configuration Protocol works in a client/server mode. DHCP enables clients on an IP network to obtain or lease IP address or configuration from a DHCP server. This reduces workload when managing a large network. DHCP protocol is described in the RFC 2131.
Most modern operating system includes DHCP in their primary settings, these includes windows OS, Novell NetWare, Sun Solaris, Linux and Mac OS. The clients’ requests for addressing configuration from a DHCP network server, the network server manages the
assignment of IP addresses and must be obliged to answer to any IP configuration requests from clients.
However, network routers, switches and servers need to have a static IP addresses, DHCP is not intended for the configuration of these types of hosts. Cisco routers use a Cisco IOS features known as Cisco Easy IP Lease. This offers an optional but full-featured DHCP server. Easy IP leases address for 24hrs by default, it is most useful in homes and small offices where users can take the advantages of DHCP and NAT without having an NT or UNIX server
The DHCP sever uses User Datagram Protocol (UTP) as it’s transport protocol to send message to the client on port 68, while the client uses port 67 to send messages to the server.
DHCP severs can offer other information, this include, DNS server addresses, WINS server addresses and domain names. In most DHCP servers, administrators are allowed to define clients MAC addresses, which the server automatically assigns same IP, address each time.
Most administrators prefer to work with Network server that offers DHCP services. These types of network are scalable and easy to manage.
- See more at: http://www.orbit-computer-solutions.com/DHCP.php#sthash.kHq15I8F.dpuf
On This Page<style>.tocTitle, #tocDiv{display: none;}</style>INTRODUCTIONWhen you configure the TCP/IP protocol on a Microsoft Windows computer, an IP address, subnet mask, and usually a default gateway are required in the TCP/IP configuration settings.
To configure TCP/IP correctly, it is necessary to understand how TCP/IP networks are addressed and divided into networks and subnetworks. This article is intended as a general introduction to the concepts of IP networks and subnetting. A glossary is included at the end of article.
Back to the top | Give Feedback
MORE INFORMATIONThe success of TCP/IP as the network protocol of the Internet is largely because of its ability to connect together networks of different sizes and systems of different types. These networks are arbitrarily defined into three main classes (along with a few others) that have predefined sizes, each of which can be divided into smaller subnetworks by system administrators. A subnet mask is used to divide an IP address into two parts. One part identifies the host (computer), the other part identifies the network to which it belongs. To better understand how IP addresses and subnet masks work, look at an IP (Internet Protocol) address and see how it is organized.
IP addresses: Networks and hostsAn IP address is a 32-bit number that uniquely identifies a host (computer or other device, such as a printer or router) on a TCP/IP network.
IP addresses are normally expressed in dotted-decimal format, with four numbers separated by periods, such as 192.168.123.132. To understand how subnet masks are used to distinguish between hosts, networks, and subnetworks, examine an IP address in binary notation.
For example, the dotted-decimal IP address 192.168.123.132 is (in binary notation) the 32 bit number 110000000101000111101110000100. This number may be hard to make sense of, so divide it into four parts of eight binary digits.
These eight bit sections are known as octets. The example IP address, then, becomes 11000000.10101000.01111011.10000100. This number only makes a little more sense, so for most uses, convert the binary address into dotted-decimal format (192.168.123.132). The decimal numbers separated by periods are the octets converted from binary to decimal notation.
For a TCP/IP wide area network (WAN) to work efficiently as a collection of networks, the routers that pass packets of data between networks do not know the exact location of a host for which a packet of information is destined. Routers only know what network the host is a member of and use information stored in their route table to determine how to get the packet to the destination host's network. After the packet is delivered to the destination's network, the packet is delivered to the appropriate host.
For this process to work, an IP address has two parts. The first part of an IP address is used as a network address, the last part as a host address. If you take the example 192.168.123.132 and divide it into these two parts you get the following: 192.168.123. Network .132 Host
-or- 192.168.123.0 - network address. 0.0.0.132 - host address.
Subnet maskThe second item, which is required for TCP/IP to work, is the subnet mask. The subnet mask is used by the TCP/IP protocol to determine whether a host is on the local subnet or on a remote network.
In TCP/IP, the parts of the IP address that are used as the network and host addresses are not fixed, so the network and host addresses above cannot be determined unless you have more information. This information is supplied in another 32-bit number called a subnet mask. In this example, the subnet mask is 255.255.255.0. It is not obvious what this number means unless you know that 255 in binary notation equals 11111111; so, the subnet mask is: 11111111.11111111.11111111.0000000
Lining up the IP address and the subnet mask together, the network and host portions of the address can be separated: 11000000.10101000.01111011.10000100 -- IP address (192.168.123.132) 11111111.11111111.11111111.00000000 -- Subnet mask (255.255.255.0)
The first 24 bits (the number of ones in the subnet mask) are identified as the network address, with the last 8 bits (the number of remaining zeros in the subnet mask) identified as the host address. This gives you the following: 11000000.10101000.01111011.00000000 -- Network address (192.168.123.0) 00000000.00000000.00000000.10000100 -- Host address (000.000.000.132)
So now you know, for this example using a 255.255.255.0 subnet mask, that the network ID is 192.168.123.0, and the host address is 0.0.0.132. When a packet arrives on the 192.168.123.0 subnet (from the local subnet or a remote network), and it has a destination address of 192.168.123.132, your computer will receive it from the network and process it.
Almost all decimal subnet masks convert to binary numbers that are all ones on the left and all zeros on the right. Some other common subnet masks are: Decimal Binary 255.255.255.192 1111111.11111111.1111111.11000000 255.255.255.224 1111111.11111111.1111111.11100000
Internet RFC 1878 (available from http://www.internic.net ) describes the valid subnets and subnet masks that can be used on TCP/IP networks.
Network classesInternet addresses are allocated by the InterNIC (http://www.internic.net ), the organization that administers the Internet. These IP addresses are divided into classes. The most common of these are classes A, B, and C. Classes D and E exist, but are not generally used by end users. Each of the address classes has a different default subnet mask. You can identify the class of an IP address by looking at its first octet. Following are the ranges of Class A, B, and C Internet addresses, each with an example address:
Class A networks use a default subnet mask of 255.0.0.0 and have 0-127 as their first octet. The address 10.52.36.11 is a class A address. Its first octet is 10, which is between 1 and 126, inclusive.
Class B networks use a default subnet mask of 255.255.0.0 and have 128-191 as their first octet. The address 172.16.52.63 is a class B address. Its first octet is 172, which is between 128 and 191, inclusive.
Class C networks use a default subnet mask of 255.255.255.0 and have 192-223 as their first octet. The address 192.168.123.132 is a class C address. Its first octet is 192, which is between 192 and 223, inclusive.
In some scenarios, the default subnet mask values do not fit the needs of the organization, because of the physical topology of the network, or because the numbers of networks (or hosts) do not fit within the default subnet mask restrictions. The next section explains how networks can be divided using subnet masks.
SubnettingA Class A, B, or C TCP/IP network can be further divided, or subnetted, by a system administrator. This becomes necessary as you reconcile the logical address scheme of the Internet (the abstract world of IP addresses and subnets) with the physical networks in use by the real world.
A system administrator who is allocated a block of IP addresses may be administering networks that are not organized in a way that easily fits these addresses. For example, you have a wide area network with 150 hosts on three networks (in different cities) that are connected by a TCP/IP router. Each of these three networks has 50 hosts. You are allocated the class C network 192.168.123.0. (For illustration, this address is actually from a range that is not allocated on the Internet.) This means that you can use the addresses 192.168.123.1 to 192.168.123.254 for your 150 hosts.
Two addresses that cannot be used in your example are 192.168.123.0 and 192.168.123.255 because binary addresses with a host portion of all ones and all zeros are invalid. The zero address is invalid because it is used to specify a network without specifying a host. The 255 address (in binary notation, a host address of all ones) is used to broadcast a message to every host on a network. Just remember that the first and last address in any network or subnet cannot be assigned to any individual host.
You should now be able to give IP addresses to 254 hosts. This works fine if all 150 computers are on a single network. However, your 150 computers are on three separate physical networks. Instead of requesting more address blocks for each network, you divide your network into subnets that enable you to use one block of addresses on multiple physical networks.
In this case, you divide your network into four subnets by using a subnet mask that makes the network address larger and the possible range of host addresses smaller. In other words, you are 'borrowing' some of the bits usually used for the host address, and using them for the network portion of the address. The subnet mask 255.255.255.192 gives you four networks of 62 hosts each. This works because in binary notation, 255.255.255.192 is the same as 1111111.11111111.1111111.11000000. The first two digits of the last octet become network addresses, so you get the additional networks 00000000 (0), 01000000 (64), 10000000 (128) and 11000000 (192). (Some administrators will only use two of the subnetworks using 255.255.255.192 as a subnet mask. For more information on this topic, see RFC 1878.) In these four networks, the last 6 binary digits can be used for host addresses.
Using a subnet mask of 255.255.255.192, your 192.168.123.0 network then becomes the four networks 192.168.123.0, 192.168.123.64, 192.168.123.128 and 192.168.123.192. These four networks would have as valid host addresses: 192.168.123.1-62 192.168.123.65-126 192.168.123.129-190 192.168.123.193-254
Remember, again, that binary host addresses with all ones or all zeros are invalid, so you cannot use addresses with the last octet of 0, 63, 64, 127, 128, 191, 192, or 255.
You can see how this works by looking at two host addresses, 192.168.123.71 and 192.168.123.133. If you used the default Class C subnet mask of 255.255.255.0, both addresses are on the 192.168.123.0 network. However, if you use the subnet mask of 255.255.255.192, they are on different networks; 192.168.123.71 is on the 192.168.123.64 network, 192.168.123.133 is on the 192.168.123.128 network.
Default gatewaysIf a TCP/IP computer needs to communicate with a host on another network, it will usually communicate through a device called a router. In TCP/IP terms, a router that is specified on a host, which links the host's subnet to other networks, is called a default gateway. This section explains how TCP/IP determines whether or not to send packets to its default gateway to reach another computer or device on the network.
When a host attempts to communicate with another device using TCP/IP, it performs a comparison process using the defined subnet mask and the destination IP address versus the subnet mask and its own IP address. The result of this comparison tells the computer whether the destination is a local host or a remote host.
If the result of this process determines the destination to be a local host, then the computer will simply send the packet on the local subnet. If the result of the comparison determines the destination to be a remote host, then the computer will forward the packet to the default gateway defined in its TCP/IP properties. It is then the responsibility of the router to forward the packet to the correct subnet.
TroubleshootingTCP/IP network problems are often caused by incorrect configuration of the three main entries in a computer's TCP/IP properties. By understanding how errors in TCP/IP configuration affect network operations, you can solve many common TCP/IP problems.
Incorrect Subnet Mask: If a network uses a subnet mask other than the default mask for its address class, and a client
is still configured with the default subnet mask for the address class, communication will fail to some nearby networks but not to distant ones. As an example, if you create four subnets (such as in the subnetting example) but use the incorrect subnet mask of 255.255.255.0 in your TCP/IP configuration, hosts will not be able to determine that some computers are on different subnets than their own. When this happens, packets destined for hosts on different physical networks that are part of the same Class C address will not be sent to a default gateway for delivery. A common symptom of this is when a computer can communicate with hosts that are on its local network and can talk to all remote networks except those that are nearby and have the same class A, B, or C address. To fix this problem, just enter the correct subnet mask in the TCP/IP configuration for that host.
Incorrect IP Address: If you put computers with IP addresses that should be on separate subnets on a local network with each other, they will not be able to communicate. They will try to send packets to each other through a router that will not be able to forward them correctly. A symptom of this problem is a computer that can talk to hosts on remote networks, but cannot communicate with some or all computers on their local network. To correct this problem, make sure all computers on the same physical network have IP addresses on the same IP subnet. If you run out of IP addresses on a single network segment, there are solutions that go beyond the scope of this article.
Incorrect Default Gateway: A computer configured with an incorrect default gateway will be able to communicate with hosts on its own network segment, but will fail to communicate with hosts on some or all remote networks. If a single physical network has more than one router, and the wrong router is configured as a default gateway, a host will be able to communicate with some remote networks, but not others. This problem is common if an organization has a router to an internal TCP/IP network and another router connected to the Internet.
Back to the top | Give Feedback
REFERENCESTwo popular references on TCP/IP are:
"TCP/IP Illustrated, Volume 1: The Protocols," Richard Stevens, Addison Wesley, 1994
"Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architecture," Douglas E. Comer, Prentice Hall, 1995
It is strongly recommended that a system administrator responsible for TCP/IP networks have at least one of these references available.
GlossaryBroadcast address -- An IP address with a host portion that is all ones.
Host -- A computer or other device on a TCP/IP network.
Internet -- The global collection of networks that are connected together and share a common range of IP addresses.
InterNIC -- The organization responsible for administration of IP addresses on the Internet.
IP -- The network protocol used for sending network packets over a TCP/IP network or the Internet.
IP Address -- A unique 32-bit address for a host on a TCP/IP network or internetwork.
Network -- There are two uses of the term network in this article. One is a group of computers on a single physical network segment; the other is an IP network address range that is allocated by a system administrator.
Network address -- An IP address with a host portion that is all zeros.
Octet -- An 8-bit number, 4 of which comprise a 32-bit IP address. They have a range of 00000000-11111111 that
correspond to the decimal values 0-255.
Packet -- A unit of data passed over a TCP/IP network or wide area network.
RFC (Request for Comment) -- A document used to define standards on the Internet.
Router -- A device that passes network traffic between different IP networks.
Subnet Mask -- A 32-bit number used to distinguish the network and host portions of an IP address.
Subnet or Subnetwork -- A smaller network created by dividing a larger network into equal parts.
TCP/IP -- Used broadly, the set of protocols, standards and utilities commonly used on the Internet and large networks.
Wide area network (WAN) -- A large network that is a collection of smaller networks separated by routers. The Internet is an example of a very large WAN.
Back to the top | Give Feedback
NAT Overload or PAT.NAT overload sometimes called PAT (Port Address Translation) maps multiple unregistered or private IP addresses to a single registered or public IP address by using different ports. This is what most home broadband routers do. Your ISP assigns an IP address to your router, but you find out that all the computers in the house could connect to the Internet at the same time.
PAT uses unique source port numbers on the inside global IP address to distinguish between translations
When a client logs on the Internet, the NAT router assigns a port number to its source address. NAT overload or PAT ensures that clients use a different TCP port number for each client session with a server on the Internet. When the server response, the client router routes the packet based on the source port number, which had become the destination port number. This process also validates that the incoming packets were requested, thus adding a degree of security to the session.
NAT Overload Table
Inside Local IP Address
Inside Global IP Address
Outside Global IP Address
Outside Local IP Address
10.10.10.2:1555 209.165.200.226:1555 209.165.201.1:80 209.165.201.1:8010.10.10.3:2333 209.165.200.226:2333 209.165.202.129:80 209.165.202.129:80
Looking at the figure above, NAT overload or PAT used unique source port numbers on the inside global IP address to distinguish between translations. As NAT processes each packet, it uses a port number to identify the packet source - 2333 and 1555 in the above figure -.
* The source address (SA) is the inside local IP address with the assigned port number attached.
* The destination address (DA) is the outside local IP address with the service port number attached, in this case port 80: HTTP (Internet).
At the border gateway router (R1), NAT overload changes the SA to the inside global IP address of the client, again with the port number attached. The DA is the same address, but is now referred to as the outside global IP address. When the web server replies, the same path is followed but in reverse.
- See more at: http://orbit-computer-solutions.com/NAT-Overload-or-PAT.php#sthash.83PxcHOa.dpuf
How NAT Works.In the example below, an inside host (192.168.1.10) wants to communicate with an outside web server (199.100.20.1). It sends a packet to the NAT-configured gateway router for the network.
The gateway router reads the source IP address of the packet and checks if the packet matches the criteria specified for translation.
The gateway router has an ACL (Access Control List) that identifies the inside network as valid hosts for translation. Therefore, it translates an inside local IP address into inside global IP address, which in this case is 199.100.10.34. It stores this translated local to global address in the NAT table. The gateway router then sends the packet to its destination.
When the web server responds, the packet comes back to the global address of gateway router (199.100.10.34).
The gateway router refers to its NAT table and sees that this was a previously translated IP address. Then, it translates the inside global address to the inside local address, and the packet is forwarded to host at IP address 192.168.1.10. If it does not find a translation that match, the packet is dropped.
There are two types of NAT translation: Dynamic and Static.
NAT Overload or Port Address Translation
- See more at: http://orbit-computer-solutions.com/Understanding-How-NAT-Works.php#sthash.TLQPZvJE.dpuf
Static and Dynamic NAT.Both static and dynamic NAT require that enough public addresses are available to satisfy the total number of simultaneous user sessions.
Static NATStatic NAT also called inbound mapping, is the process of mapping an unregistered IP address to a registered IP address on a one-to-one basis. The unregistered or mapped IP address is assigned with the same registered IP address each time the request comes through. This process is particularly useful for web servers or hosts that must have a consistent address that is accessible from the Internet.
Simply, Static NAT enables a PC on a stub domain to maintain an assigned IP address when communicating with other devices outside its network or the Internet.
Static NAT configuration commands example:
R1#config t
R1(config)#ip nat inside source static 10.10.10.2 212.165.200.123
R1(config)#interface fa0/0 10.10.10.1 255.255.255.0
R1(config)#ip nat inside
R1(config)#interface se0/0 192.168.1.1 255.255.255.0
R1(config)#ip nat outside
The above configuration creates a permanent entry in the NAT table as long as the configuration is present and enables both inside and outside hosts to initiate a connection.
All you need to do in static NAT configuration is to define the addresses to translate and then configure NAT on the right interfaces. Packets arriving on an inside interface from the identified IP addresses are subject to translation. Packets arriving on an outside interface addressed to the identified IP address are subject to translation.
Dynamic NATUnlike static NAT that provides a permanent mapping between an internal address and a specific public address, dynamic NAT maps private IP addresses to public addresses. Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis.
When a host with a private IP address requests access to the Internet, dynamic NAT chooses an IP address from the pool that is not already in use by another host. Dynamic NAT is useful when fewer addresses are available than the actual number of hosts to be translated.
Dynamic NAT configuration commands example:
R1#config t
R1(config)#ip nat-pool 179.9.8.80 179.9.8.95 netmask 255.255.255.0
R1 (config #ip nat inside source list 1 pool nat-pool1
R1 (config)#interface fa0/0 10.10.10.1 255.255.255.0
R1(config)#ip nat inside
R1(config)#interface se0/0
R1(config)#ip address 192.168.1.1 255.255.255.0
R1(config)#ip nat outside
R1(config)#access-list 1 permit 10.10.10.0 0.0.0.255
While static NAT provides a permanent mapping between an internal address and a specific public address, dynamic NAT maps private IP addresses to public addresses. These public IP addresses come from a NAT pool.
Note:
When configuring dynamic NAT, you need an ACL to permit only those addresses that are to be translated. Remember, you have to add an implicit "deny all" at the end of each ACL.
- See more at: http://orbit-computer-solutions.com/Static-and-Dynamic-NAT.php#sthash.Knk7HJ15.dpuf
Network Security.
Why is Network Security Important?Wherever there is a network, wired or wireless; there are threats. Some people are easily put off setting up a home or office network with the fear that any thing stored in their hard drive could be accessed by neighbours or hackers. The types of potential threats to network security are always evolving, and constant computer network system monitoring and security should be an ultimate priority for any network administrator.
If the security of the network is compromised, there could be serious consequences, such as loss of privacy, and theft of information.
When it comes to network security, the main concern is making sure that any wireless connections are protected against unauthorised access.
Most business transactions are done over the Internet, In addition, the rise of mobile commerce and wireless networks demands that security solutions become flawlessly integrated, more transparent, and more flexible.
Network attack tools and methods have evolved. Back in the days when a hacker had to have sophisticated computer, programming, and networking knowledge to make use of rudimentary tools and basic attacks.
Nowadays, network hackers, methods and tools has improved tremendously, hackers no longer required the same level of sophisticated knowledge, people who previously would not have participated in computer crime are now able to do so.
Types of Network Threats and AttacksAs the types of threats, attacks, and exploits grows, various terms have been used to describe the individuals involved. Some of the most common terms are as follows:
i. White hat- These are network attackers who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. A white hat generally focuses on securing IT systems.
ii. Hacker- This is a general term that is used to describe a computer programming expert. These are normally used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.
iii. Black hat or Cracker- The opposite of White Hat, this term is used to describe those individuals who use their knowledge of computer systems and programming skills to break into systems or networks that they are not authorized to use, this of course is done usually for personal or financial gain.
iv. Phreaker- This terms is often used to describe an individual who manipulates the phone network in a bid to perform a function that is not allowed. The phreaker breaks into the phone network, usually through a payphone, to make free or illegal long distance calls.
v. Spammer- This is often used to describe the persons who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages.
vi. Phisher- Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.
- See more at: http://orbit-computer-solutions.com/Network-Security.php#sthash.QPtVCwt1.dpuf
VLAN (Virtual Local Area Network).
Definition.
VLAN (Virtual Local Network) is a logically separate IP subnetwork which allow multiple IP networks and subnets to exist on the same-switched network.
VLAN is a logical broadcast domain that can span multiple physical LAN segments. It is a modern way administrators configure switches into virtual local-area networks (VLANs) to improve network performance by separating large Layer 2 broadcast domains into smaller ones.
By using VLAN a network administrator will be able to group together stations by logical function, or by applications, without regard to physical location of the users.
Each VLAN functions as a separate LAN and spans one or more switches. This allows host devices to behave as if they were on the same network segment.
For traffic to move between VLANs, a layer 3 device (router) is required.
VLAN has three major functions:
i. Limits the size of broadcast domains
ii. Improves network performance
ii. Provides a level of security
How VLAN works.Lets use this real world scenario: Think about a small organisation with different offices or departments, all in one building. Some years later, the organisation has expanded and now spans across three buildings. The original network is still the same, but offices and departments computers are spread out across three buildings. The HR offices remain on the same floor and other departments' are on the other floors and buildings.
However, the network administrator wants to ensure that all the office computers share the same security features and bandwidth controls. Creating a large LAN and wiring each department together will constitute a huge task and definitely won’t be easy when it comes to managing the network.
This where VLAN switching comes in, it will be easier to group offices and departments with the resources they use regardless of their location, and certainly easier to manage their specific security and bandwidth needs.
Opting for a switched VLAN allows the network administrator to create groups of logically networked devices that act as if they are on their own independent network, even if they share a common infrastructure with other VLANs. When you configure a VLAN, you can name it to describe the primary role of the users for that VLAN.
Study the figure below for more detail:
Books on Cisco Networking, Certification and Exam Resources
In summary:
i. VLAN is an independent LAN network.
ii. VLAN allows the student and Faculty Computers to be separated although the share the same infrastructure.iii. For easy identification, VLANs can be named.
a. VLAN = all PCs are assigned with a subnet address defined for VLAN 10
b. Configure the VLAN , assign ports to the VLAN c. Assign an IP subnet address on the PCs.
Advantages of VLAN:
Security – Security of sensitive data are separated from the rest of the network, decreasing the chances of confidential information breaches.
Higher performance – Division of Layer 2 networks into multiple logical workgroups (broadcast domains) reduces unnecessary traffic on the network and boosts performance.
Cost reduction - Cost savings result from less need for expensive network upgrades and more on this network.- See more at: http://orbit-computer-solutions.com/VLAN-and-Trunking.php#sthash.jnFrSN0S.dpuf
Networking Basics: What You Need To Know
What's a Router Versus a Switch?
Routers and switches are networking basics. But what are the differences and why are they important? (1:47 min)When looking at networking basics, understanding the way a network operates is the first step to understanding routing and switching. The network operates by connecting computers and peripherals using two pieces of equipment; switches and routers. Switches and routers, essential networking basics, enable the devices that are connected to your network to communicate with each other, as well as with other networks.
Though they look quite similar, routers and switches perform very different functions in a network.
Networking Basics: Switches
Switches are used to connect multiple devices on the same network within a building or campus. For example, a
switch can connect your computers, printers and servers, creating a network of shared resources. The switch,
one aspect of your networking basics, would serve as a controller, allowing the various devices to share
information and talk to each other. Through information sharing and resource allocation, switches save you
money and increase productivity.
There are two basic types of switches to choose from as part of your networking basics: managed and
unmanaged.
o An unmanaged switch works out of the box and does not allow you to make changes. Home-networking
equipment typically offers unmanaged switches.
o A managed switch allows you access to program it. This provides greater flexibility to your networking basics
because the switch can be monitored and adjusted locally or remotely to give you control over network traffic,
and who has access to your network.
Networking Basics: Routers
Routers, the second valuable component of your networking basics, are used to tie multiple networks together.
For example, you would use a router to connect your networked computers to the Internet and thereby share an
Internet connection among many users. The router will act as a dispatcher, choosing the best route for your
information to travel so that you receive it quickly.
Routers analyze the data being sent over a network, change how it is packaged, and send it to another network,
or over a different type of network. They connect your business to the outside world, protect your information
from security threats, and can even decide which computers get priority over others.
Depending on your business and your networking plans, you can choose from routers that include different
capabilities. These can include networking basics such as:
o Firewall: Specialized software that examines incoming data and protects your business network against
attacks
o Virtual Private Network (VPN): A way to allow remote employees to safely access your network remotely
o IP Phone network : Combine your company's computer and telephone network, using voice and conferencing
technology, to simplify and unify your communications
Next:
Unsung Heroes - How Routing & Switching Keep the Business Going
Building a Small Office Network: Getting Started
http://orbit-computer-solutions.com/Reserved-IP-Addresses.php
http://orbit-computer-solutions.com/Reserved-IP-Addresses.php