Professional Documents
Culture Documents
Broadband: (Asymmetric Digital Subscriber Line)
Broadband: (Asymmetric Digital Subscriber Line)
Broadband
Broadband technology is simply the name given to high-speed Internet access. Broadband
replaced analogue modem. Broadband connection can be delivered in a number of different
methods, ADSL, Cable & Satellite.
With a broadband router, you can connect two or more computers to share in Internet
connection at home or office.
Broadband use a technology called NAT Network Address Translation -, this is the use of a
single IP address by all the computers in your home and office to connect and use the
Internet at the same time.
Broadband connection speed to Internet is extremely high, it supports data, voice and video
information
It is considered broad in a sense that multiple kinds of information can be transmitted
across the wire, or band.
Additionally, with broadband you can surf the web without delay, watch streaming videos
with audio, make phone a call all at the same time.One of the interesting things about
Broadband connection is, its always on, you don't have to waste time dialing in to a service
provider, it comes on as soon as your computer is powered on.
Satellite Internet
Cable Modem
Wireless Router
Virtual Private Network (VPN)
Broadband Speed
The broadband speed difference is huge. It has revolutionized so much more of the way we
use the Internet to the previous dial up Internet.
Downstream refers to information going from the Internet to your computer, like
when a new web page is loaded.
Upstream refers to information from your computer to the Internet, like the click of the
mouse- that tells a web page where you'd like to go next.
Firstly, Internet transfer speeds are measured in kilobits per second and megabits per
second, dont mistake it for kilobytes and megabytes, we use these terms when we talk
about hard disks and files.
Recommended Broadband Routers
Load time
Download time
Video Quality
(100 kb)
15 sec
4 sec
1.5 sec
8-9 sec
4-5 sec
1-2 sec
Immediately
Immediately
(5 Mb of data)
12 min 35 sec
3 min
1 min 30 sec
40-41 sec
19-20 sec
5-6 sec
Immediately
Immediately
Low Quality
Low Quality
Medium Quality
High Quality
You have to have in mind that the above data could be affected by your PC processing
speed, viruses etc.
- See more at: http://orbit-computer-solutions.com/Broadband.php#sthash.frvo3Ouf.dpuf
Wireless Routers.
Before deciding on buying a specific router ask yourself if you want computers to be able to
connect wired or wirelessly to your network.
A wireless router is a network device that enables you connect several computers to the
Internet without using cables, rather by using wireless access points, or WLAN. Some of the
reason we go wireless networking include freedom and affordability. But you need to keep
other factors in mind.
Look out for notable brands like Cisco, Net Gear, Linksys and D-link. These are most
popular brands built with rugged technologies.
Bandwidths and performance should be another factor to check for. A wireless standard
defines the speed for interconnectivity or data transmission by a particular router. E.g.
802.11a, 802.11g, 802.11n etc
Read more on wireless standards.
Advantages of
Wireless Routers.
a. Wireless routers are equipped with modem, network switch (a device that has multiple
connection ports for connecting computers and other network devices), wireless access
points.
b. Wireless Router can be connected to / from anywhere in your immediate environment or
house. That means you can log on and surf the Internet from anywhere around your
surrounding.
c. Some of the wireless routers are equipped with a built in firewall to ward of intruders. The
configuration options of the firewall are an important consideration when buying a router.
Virtually everyone buys and sell online one way or the other, buying a wireless router with
good firewall configuration options can be helpful for security and privacy.
d. The broadband router wireless VoIP technology enables you to can connect to the
Internet, using any ordinary phone device. You can then make calls to anybody in the world
via your Internet connection. Wireless router provides strong encryption (WPA or AES) and
features the filters MAC address and control over SSID authentication.
Disadvantages.
a. The wireless connection will be slightly slower than the wired connection. Simply put,
wireless or WI-FI transmits through the air and can be blocked interfered with by other
waves from the surrounding.
b. Security is one of the main concern when it comes to networking generally, wired
network provides for more regid security to wireless. This means that all of your private
data stored in your laptop or PDA could be exposed to anyone in the same vicinity. It's
possible that an unscrupulous person could obtain passwords and important personal
information easily from wireless networks if not properly configured.
c. There is over congestion of WI-FI, especially in the cities where you have a large
population of stores and big organisations that transmits over the same channel, causing
much interference.
Other devices can be a problem too. Blue tooth devices, cordless telephones and
microwaves ovens do cause interference sometimes.
Theses are some of the known disadvantages, but it doesnt hinder yours truly from using
wireless; basically, because of the freedom and manageability I get. One could work
anywhere in their surrounding
- See more at: http://orbit-computer-solutions.com/Wireless-Routers.php#sthash.3a9wdIHx.dpuf
Traveling employees used to be restricted to pay phones for checking messages and
returning a few phone calls between flights. Now employees can check e-mail, voice mail,
and the status of products on personal digital assistants (PDAs) while at many temporary
locations.
In an 802.3 Ethernet LAN, each client has a cable that connects the client NIC to a switch.
The switch is the point where the client gains access to the network.
In a wireless LAN, each client uses a wireless adapter to gain access to the network through
a wireless device such as a wireless router or access point.
How To Set Up A
Wireless Network
Connection.
Wireless broadband has multiple benefits for home users, as well as several benefits that
business users will be able to enjoy. In a home setting wireless broadband will allow
multiple users to share the same internet connection, so there will be no need to fight over
a single computer for internet access.
A wireless network will also make sharing files between your PCs at home extremely simple,
whether it is to backup photographs, stream audio and video to your living room or play
online games. Finally because there is no need to install wiring you do not need to have
dangerous clumps of cables running across the floor and it is a truly unobtrusive option.
Businesses can use a wireless network connection to connect multiple PCs without the need
for expensive wiring and can also offer free wireless internet access to clients and
customers whilst they are on the premises.
Installing a wireless network connection in your own property is simple if you follow these
few quick tips:
* First you will need a fixed line broadband connection, either ADSL via your telephone line
or Cable broadband which uses an underground fibre optic network. When you sign up for a
new ADSLor Cable Broadband connection most providers will usually include a free wireless
router, which is the main piece of kit you will need to set up a wireless network in your own
home. Wireless routers vary depending on the price of the package you pick and the
manufacturers who produce them, so each will come with its own set of instructions to
guide you through the set up process. However, there are a few universal guidelines for
installation which we will deal with below.
* Once you have the wireless router, you will need to plug it into the main to provide it with
power and you will also need to plug it into your fixed line connection. If this is an ADSL
service you will need to first plug the router into a microfilter and then into the phone
socket. This filter will allow you to use your phone line at the same time as you are surfing
the internet wirelessly. Every phone socket in your home will need a microfilter attached
regardless of whether it has a router attached to it to reduce the amount of interference and
improve connection speed.
Many routers will require that you plug in via an Ethernet cable before you can set up the
wireless network, though routers received directly from providers may already be ready to
use straight out of the box. If this is not the case and if you want to alter the options on a
router you have bought yourself you will need to plug in your PC or Laptop and open your
favourite web browser.
* You will then need to enter the IP address of your router. This should be included in the
documentation. You will then need to navigate to the wireless network settings. Here you
can turn on the network, add security in the form of WEPor WPA passwords or phrases and
see which devices are connected to the router wirelessly.
Filtering Access by
MAC Address.
Wireless routers like the Linksys by Cisco wireless range can be used not only for routing
traffic between networks and computer in your home or office;it can also be used as a
Firewall.
As you must know; every network device is identified by a physical address also known as
MAC address. You can use your wireless router to filter or control access to the internet or
programs by listing and preventing the MAC addresses of devices connected to the wireless
router.
To filter MAC addresses, follow this step:
1.
When MAC address filter list window appears,enter the address of each network adapter in
your home or office you want to prevent from accessing the network
Click SaveSetting at the bottom of the window.
- See more at: http://orbit-computer-solutions.com/Filtering-Access-by-MACAddress.php#sthash.2sjdDv4u.dpuf
Linksys Wireless
Router.
Linksys is one of the leading manufacturers of Ethernet and wireless routers that are useful
for homes and small businesses network.
Linksys wireless routers support most of all the general types of home networking
components. Among the various ranges of Linksys wireless routers is the
wireless-N products range which is equipped with 802.11n capability, while the WirelessG products support 802.11g.
Linksys range of dual-band routers, support more than one of the Wi-Fi standards such as
the Linksys Dual-Band Wireless A+G which supports 802.11a and 802.11g. Most Linksys
routers are specially designed for mobility, some for VPN networking, and some for high
speed connection and easy to set up.
- See more at: http://orbit-computer-solutions.com/Linksys-WirelessRouters.php#sthash.UOpAPQyD.dpuf
Wireless Network
Security.
Use the following recommendations for additional
security on your wireless networks.
Use a network security key
If you have a home or office wireless network, you
should set up a network security key, which turns on
partner-pub-1370
UTF-8
Search
Sign Me Up
Email Marketing by
VerticalResponse
Resources
CCNA Networking Books
MCSE Certification
Cisco Packet Tracer
GNS3 Router Simulator
CCNA - Past Questions
& Answers with Explanation
VLSM eBook
outside of your home. You can help limit the area that
your wireless signal reaches by positioning your
router or access point close to the centre of your
home rather than near an outside wall or window.
Use Standard or User account
The standard account can help protect your computer
by preventing users from making changes that affect
everyone who uses the computer. A very good
recommendation is for you to create a standard
account for each user.
When you are logged on to Windows with a standard
account, you can do anything that you would do with
an administrator account, but if you want to do
something that affects other users of the computer,
such as installing software or changing security
settings, Windows might ask you to provide a
password for an administrator account.
Wireless Routers
52 0 0 0 0
Wired Network.
After confirming your wired network connectivity, and the access point installed, you will
now configure it.
In the following examples we will be using the Linksys WRT300N multifunction device, it
also an access point.
Use these steps for configuring the Linksys WRT300N and most linksys wireless access
points:
Make your PC is connected to the access point via a wired connection, and access the web
utility with a web browser. To access the web-based utility of the access point, launch
Internet Explorer, and enter the WRT300N default IP address, 192.168.1.1, in the address
field.
Press the Enter key.
1. A screen display prompting you for your username and password. Leave the Username
field blank.
2. Enter admin in the Password field (default settings for a Linksys WRT300N). If the device
has already been configured, the username and password may have been changed.
3. Click OK to continue.
For a basic network setup, we will be learning how to use the following screens
Setup, Management, and Wireless buttons:
Setup on this screen you will enter your basic network settings (IP
address).
i.
ii. Management start by clicking the Administration tab and then select the
Management screen. The default password is admin. To secure the access point, change
the password from its default.
iii. Wireless This is where you make changes of the default SSID. Select the level of
security in the Wireless Security tab and complete the options for the selected security
mode.
When you have finished making changes to a screen, click the Save Settings button, or
click the Cancel Changes button to undo your changes. For information on a tab, click
Help. We will go through these steps one after the other.
- See more at: http://orbit-computer-solutions.com/How-to-Install-and-Configure-your-WirelessRouter-or-Access-Points.php#sthash.RrOm7Skm.dpuf
The router R1 and switch SW2 had been configured with the appropriate configurations with
the LAN and VLAN
Before you begin, you might like to do a reset on the wireless router. In order to clear any
previous configurations, do a hard reset. Look for the reset button on the back of the router.
Using a pen or other thin instrument, hold down the reset button for 5 - 7 seconds. The
router should now be restored to its factory default settings.
1. Connect a straight through cable from the Laptop PC to one of the wireless routers LAN
ports, labelled Ethernet 1 - 4. By default, the wireless router will provide an IP address to
the laptop using default DHCP configurations.
2. Navigate to the wireless routers Web Utility. You can use the WEB GUI will be used to
configure the settings on the wireless router. The GUI can be accessed by navigating to the
routers LAN/Wireless IP address with a web browser. The factory default address is
192.168.1.1.
3. Leave the username blank and set the password to: admin.
By default the start-up page is the Setup screen. Here, you will need to set the Internet
connection type to static IP. In the menus at the top notice you are in the Setup section and
under the Basic Setup tab.
5. In the Setup screen for the Linksys router, locate the Internet Connection Type option
in the Internet Setup section of this page. Click the drop-down menu and select Static IP
from the list.
6. Configure the VLAN 99 IP address, subnet mask, and default gateway for the Linksys
Wireless Router.
Note: Typically in a home or small business network, this Internet IP address is assigned by
the ISP through DHCP or PPPoE.
7. Configure the router R1 IP parameters.
Still on the Basic Setup page, scroll down to Network Setup. For the Router IP fields do
the following:
Under the DHCP Server Setting, ensure that the DHCP server is Enabled.
Click the Save Settings button at the bottom of the Setup screen.
At this stage, you will notice that the IP address range for the DHCP pool adjusts to a range
of addresses to match the Router IP parameters. These addresses are used for any wireless
clients that connect to the routers internal switch. Clients receive an IP address and mask,
and are given the router IP to use as a gateway.
Under Network Name (SSID), rename the network from Linksys to any name of your
choice, example orbitcisco1.
Click Wireless Security. It is located next to Basic Wireless Settings in the main Wireless
tab.
Using the default Encryption of 40/64-Bit, set Key1 to 1234567890 or any combination of
hex digit only,
Under Managementin the Router Access section, change the router password to orbit123
or any password of your choosing. Re-enter the same password to confirm.
You may be prompted to log in again. Use the new password of cisco123 and still keep the
username blank
You may be prompted to log in again. Use the new password and still keep the username
blank.
Below is on how to use Windows XP's built in Wireless Network Connection Utility.
Depending on the model of NIC you use, this might be disabled, and you will need to use
the utility provided by the NIC manufacturer.
click Start > Control Panel > Network Connections.
Locate the orbitcisco1 or whatever names you gave to your network SSID in the list of
available networks and connect to it.
When prompted for the WEP key enter it as above, 1234567890 or whatever key you used
and clickConnect.
In theStatus window, select the Support tab. Verify that the Laptop has received an IP
address from the Wireless routers DHCP address pool or has been manually configured.
Type cmdand select open. This will open the command prompt
Peer-to-peer Networking
(Workgroup).
Peer-to-Peer networking is when all computers are in the same network or using the same
Ethernet network. They are considered as peers and will have to be connected through a
hub, switch or a router as the case may be.
There is no server, controller or one in charge. Computers in a work group shares resources
such as the printer and files. This happen mostly in windows; work group is automatically
set up when you set up a network and they all share the same subnet. A work group is not
protected by a password, no security is provided whatsoever; unlike a home group
(windows 7) which is protected by a password.
Work groups are specially use in a home, schools or office settings where files, printers and
other network resources are shared.
A computer joining a work group is assigned with the same work group name this process
makes accessing the computers easier.
A firewall is a hardware or software that monitors the traffic moving through a network
gateway. Firewall can be configured to block or allow traffic based on defined criteria
(ACLs). Firewalls blocks or allows random pings from a remote site to your computer or
programs from your computer that attempts to access remote sites without your
knowledge.
Most if not all windows software comes with inbuilt firewall. To view and configure your
firewall on windows, follow these steps:
If your using XP
1. Single-click on the wireless connection icon in your system tray
2. Click Network and sharing centre
3. Click windows firewall
Click on firewall
1. Click Turn Firewall On or Off
1. Click On
2. Click Apply
then Click Ok
Firewall Explained.
In networking, the term firewall means a system that enforces an access control
policy between networks. This control policy can include options such as a packet
filtering router, a switch with VLANs, and multiple hosts with firewall software.
A firewall could be likened to the metal sheet that separates the engine compartment of a
vehicle or aircraft from the passenger area. Basically, the term firewall was adapted for use
with computer networks; firewall is applied or configured on a network to prevent uninvited
traffic from entering or gaining access to prescribed areas within a network.
The original firewalls were not standalone devices, but routers or servers with software
features added to provide firewall functionality. Over time, several companies developed
standalone firewalls. Dedicated firewall devices enabled routers and switches to offload the
memory- and processor-intensive activity of filtering packets. Modern routers, such as the
Cisco Intergrated Service Routers(ISRs), also can be used as sophisticated stateful firewalls
for organizations that may not require a dedicated firewall.
Features of Firewalls
Firewalls share some common properties:
i. Resistant to attacks
ii. Only transit point between networks. (all traffic flows through the firewall)
iii. Enforces the access control policy
How Firewall Works
Types of Firewalls.
Stateless Firewall.
The early firewalls were created to inspect packets to verify if they matched sets of rules,
with the option of forwarding or dropping the packets accordingly. This type of packet
filtering is known as stateless filtering, each packet is filtered based solely on the values of
certain parameters in the packet header, similar to how ACLs (access control lists) filter
packets.
Statefull Firewall.
The first stateful firewall appeared in 1989, it was developed by AT&T Bell Laboratories. This
type of firewalls filter packets on information stored in the firewall based on data flowing
through the firewall. The stateful firewall is able to determine if a packet belongs to an
existing flow of data. They help to mitigate DoS attacks that exploit active connections
through a networking device. Stateful filtering provides dynamic packet filtering capabilities
to firewalls. It operates at the Network Layer of the OSI, although for some applications it
can also analyze traffic at Layer 4 and Layer 5.
Packet-filtering Firewall.
This can be in a form of a router with the capacity to filter some packet content, such as
Layer 3 and sometimes Layer 4 information.They permit and deny based on Layer 4
information such as protocol, and source and destination port numbers. Packet filtering
firewall uses access control lists (ACLs) to determine whether to permit or deny traffic,
based on source and destination IP addresses, protocol,source and destination port
numbers, and packet type. Packet-filtering firewalls are usually part of a router firewall.
Host-based firewall.
A PC or server with firewall software running on it.
Transparent firewall.
A firewall that filters IP traffic between apair of bridged interfaces.
Hybrid firewall
A firewall that is a combination of the various firewalls types. For example, an application
inspection firewall combines a stateful firewall with an application gateway firewall.
- See more at: http://orbit-computer-solutions.com/Firewall-Explained.php#sthash.0yzKARWi.dpuf
Broadband Wireless.
Wireless technology uses the unlicensed radio spectrum to send and receive data. The
unlicensed spectrum is accessible to anyone who has a wireless router and wireless
technology on the device they are using.
The benefits of Wi-Fi extend beyond not having to use or install wired network connections.
Wireless networking provides mobility, flexibility and productivity to the user.
Until recently, one limitation of wireless access has been the need to be within the local
transmission range (typically less than 100 feet) of a wireless router or a wireless modem
that has a wired connection to the Internet. However, with advances in technology, the
reach of wireless connections has been extended.
Newer PCs, Laptops and other network devices are being manufactured with built in wireless
network adapters and new developments in broadband wireless technology are increasing
wireless availability. These include:
Municipal Wi-Fi
WiMAX
Satellite Internet
Municipal WiFi
WiMAX
Worldwide Interoperability for Microwave Access (WiMAX) is a new technology that
is just beginning to come into use. It is described in the IEEE standard 802.16.
WiMAX provides high-speed broadband service with wireless access and provides
broad coverage like a cell phone network rather than through small WiFi hotspots.
WiMAX operates in a similar way to WiFi, but at higher speeds, over greater
distances, and for a greater number of users. It uses a network of WiMAX towers
that are similar to cell phone towers.
Explanation of Terms.
Wired Equivalent Privacy (WEP)
WEP is a commonly and widely used network security method. To enable WEP, you need to
set up a network security key. This key encrypts the information that one computer sends
to another computer across your network. The receiving computer needs the key to decode
the information making it difficult for someone on another computer or to get onto your
network and access files without your permission.
Wi-Fi Protected Access (WPA)
WPA helps to authenticate the security of WEP. WPA encrypts information, it also checks to
make sure that the network security key has not been modified. WPA also authenticates
users to help ensure that only authorized people can access the network. If your networking
hardware works with both WEP and WPA security, WPA is highly recommended.
There are two types of WPA authentication: WPA and WPA2.
WPA is designed to work with all wireless network adapters, but it might not work with
older routers or access points.
WPA2 is more secure than WPA, but it will not work with some older network adapters. It
also uses PSK and advanced Encryption Standard (AES) to encrypt data transmissions.
Since AES is a newer and more advanced encryption scheme, it is a recommended choice
for small office and home networks.
WPA functions properly with an 802.1X authentication server, which distributes different
keys to each user. This is referred to as WPA-Enterprise or WPA2-Enterprise.
802.1X authentication
802.1X authentication can help enhance security for 802.11 wireless networks and wired
Ethernet networks. 802.1X uses an authentication server to validate users and provide
network access. On wireless networks, 802.1X can work with Wired Equivalent Privacy
(WEP) or Wi-Fi Protected Access (WPA) keys. This type of authentication is typically used
when connecting to a workplace network
- See more at: http://orbit-computer-solutions.com/WEP%2C-WPA%2CWPA-2%2C8021x.php#sthash.ewIxe4jP.dpuf
Network Security
Software.
If you are connected to the Internet through Wired or Wireless network (USB, broadband
Modem or dial-up), most times you deeply rely on your computer and software for
protection from viruses and other threats. If you are connected through a router, it might
be able to help; because most routers are equipped with firewall. This helps to block any
intruder or malicious software that attempts to penetrate your network through the
Internet.
Viruses and other malicious software cause devastating effect on your PC without your
knowledge.
It is a fact that windows security features has improved over the years especially with the
later editions (windows 8) but, some vital elements are not included such as anti-virus
protection and the windows firewall is childs play to experienced hackers out there!. With
this said, in order to stay and surf the net safely, you need third-party software security
utilities installed.
There are different types of security software products available, for you stay and surf safe,
you need at least three key security software tools: an anti-anti-virus, Firewall and an
anti-Spyware tool.
Anti-Virus
Computer Virus is no news to even non-computer users. Good anti-virus security software
scans your computer for viruses; they are programmed to examine all files in your
computer for hidden infections. If detected, it repairs, cleans or removes infected files from
you computer. They use a set of virus codes known as snippets, to sniff out malicious
software embedded in your compute files. For ant-virus software to do their work properly
they need to be updated daily.
Firewall
Firewalls are computer software programs that are designed to stop malicious softwares
and hackers (unauthorised access) getting into youre your computer; especially through
the Internet.
Firewall monitors your computers network or Internet and examines information that goes
in and out of your network.
Anti-Spyware
Anti-spy-ware works in the same way as anti-virus program does but, anti-spy-ware
products are more specific. An anti-spyware security tool scans your computer and removes
any malicious software that seeks to gathers information about your computer use and
personal information.
Most anti-spyware removes cookies.
Cookies are used by some websites to track your visits and others to post pop-up ads.
- See more at: http://orbit-computer-solutions.com/Network-SecuritySoftware.php#sthash.xgfoM3I1.dpuf
Wireless Technologies
/ Standards.
The IEEE 802.11 standards specify two operating modes: infrastructure mode and ad
hoc mode.
Uses the 2.4 gigahertz (GHz) of frequency the same as some house hold items like cordless,
micro waves ovens etc.
Provides access to few users simultaneously.
802.11g
This is the most recent and popular in use now, offering more respectable data transfer
speeds of up to 54Mbits/sec, but its speed are much lower. It also uses an upgraded form of
Wi-Fi Protected Access (WPA) security protocol.
Advantages:
Speed: Uses Up to 54 Mbps
Has a transmission speed comparable to 802.11a under optimal conditions
a. Allows for more simultaneous users
b. Has the best signal range and is not easily obstructed
c. Is compatible with 802.11b network adapters, routers, and access points
Disadvantages:
Uses the 2.4 GHz frequency so it has the same interference problems as 802.11b
Costs more than 802.11b
802.11n
The 802.11n draft standard is intended to improve wireless data rates and range without
requiring additional power or radio frequency band allocation. The 802.11n uses multiple
radios and antennae at endpoints, each broadcasting on the same frequency to establish
multiple streams. The multiple input/multiple output technology splits a high data-rate
stream into multiple lower rate streams and broadcasts them at the same time over the
available radios and antennae. This allows for a speculative maximum data rate of 248 Mb/s
using two streams.
Note:
If your PC or laptop have more than one wireless network adapter or your adapter uses
more than one wireless technology / standard, you are provided with options to specify
which adapter or standard to use for each network connection.
E.g., if you use streaming media, such as videos or music, on your PC or Laptop, choosing
802.11a connection from the options provided would be best for you, because you will get a
faster data transfer rate when you watch videos or listen to music.
- See more at: http://orbit-computer-solutions.com/Wireless-Standards.php#sthash.IC4jfOjB.dpuf
The network devices that people are most familiar with are called end devices. These
devices form the interface between the human network and the underlying communication
network. Some examples of end devices are:
Range
1.0.0.0
127.255.255.255
128.0.0.0
191.255.255.255
192.0.0.0
223.255.255.255
B
C
Default Subnet
Mask
255.0.0.0
255.255.0.0
255.255.255.0
Network mask
A network mask enables you to identify the network portion of an IP Address and the potion
that represent the node (host). Class A, B, and C networks have default network masks,
also known as natural masks, as shown here:
Class A: 255.0.0.0 (decimal)
(11111111.00000000.00000000.00000000) binary
Class B: 255.255.0.0 (Decimal)
(11111111.11111111.00000000.00000000) binary
Class C: 255.255.255.0 (decimal)
(11111111.11111111.11111111.00000000) binary
Class A:
255.0.0.0 (24 bits)
In a Class A address, the first octet is the network portion while the remaining three octets
are for the network manager to divide into subnets and node (hosts). Class A addresses are
used for networks that have more than 65,536 hosts (actually, up to 16777214 hosts!).
Class B
255.255.0.0 (16 bits)
In a Class B address, the first two octets is the network portion while the remaining two
octets are for the network manager to divide into subnets and nodes (hosts). Class B
addresses are used for networks that have between 256 and 65534 hosts.
Class C
255.255.255.0 (8 bits)
In a Class C address, the first three octets is the network
portion while the remaining octet is for local subnets and hosts
- perfect for networks with less than 254 hosts.
- See more at: http://orbit-computer-solutions.com/IP-Addresses-andClass.php#sthash.wkLhFsjn.dpuf
The distance separating access points is too far to allow overlapping coverage.
The orientation of access point antennae in hallways and corners diminishes
coverage.
Solution
Verify the power settings and make sure the operational ranges and placement of access
points are on a minimum of 10 to 15% cell overlap.
Change the orientation and positioning of access points:
Additional specific details concerning access point and antenna placement are as:
Incorrect channel settings are part of the larger group of problems with RF interference.
WLAN administrators can control interference caused by channel settings with good
planning, including proper channel spacing.
Interferences caused
by household or office
appliances.
Other sources of RF interference can be found all around the workplace or in the home.
From the snowy disruption of a television signal that occurs when a neighbour runs a
vacuum cleaner. Such interference boils down to efficient planning on placement of devices.
For instance, plan to place microwave ovens away from access points and potential clients.
Sadly, all known RF interference issues cannot be planned for because there are just too
many them.
The problem with devices such as cordless phones, baby monitors, and microwave ovens, is
that they do not contend for the channel-they just use it.
Solution
Try setting your WLAN access point to channel 1 or channel 11. Many consumer items, such
as cordless phones, operate on channel 6.
- See more at: http://orbit-computer-solutions.com/Incorrect-ChannelSetting.php#sthash.dpvhhGTP.dpuf
If an access point is expecting one type of encryption, and the client offers a different type,
the authentication process fails.
Note, all devices connecting to an access point must use the same security type as the one
configured on the access point. In essence, if an access point is configured for WEP, both
the type of encryption (WEP) and the shared key must match between the client and the
access point. If WPA is being used, the encryption algorithm is TKIP. Similarly, if WPA2 or
802.11i is used, AES is required as the encryption algorithm.
Internetwork - (Internet)
Its been called the Goliath of computer networks, linking millions of computers users all
over the world.
To meets these human communication needs, internetwork had to be created, It is created
by the interconnection of networks belonging to Internet Service Providers (ISPs).
Some of these interconnected networks are owned by large public and private
organizations, such as government agencies or industrial enterprises. The most well-known
and widely used publicly accessible Internetwork is the Internet.
Intranet
The term intranet is often used to refer to a private connection of LANs and WANs that
belongs to an organization, and is designed to be accessible only by the organization's
members, employees, or others with authorization.
Note: A connection of two or more data networks forms an Internetwork - a network of
networks The following terms can be used interchangeably: Internetwork, data network,
and network. It is also common to refer to an internetwork as a data network - or simply as
a network - when considering communications at a high level. The usage of terms depends
on the context at the time and terms may often be interchanged.
Interconnection of Networks
(NAT).
The best way to describe how NAT work is to liken it to an extension of an office telephone
line. An outside caller calls only the main number that connects to the office and the
switchboard operator looks through the office telephone list and connects the caller to the
particular office the call is meant for. The particular office could leave instruction with the
receptionist or whomever works at the switchboard to forward or not to forward the call.
Unlike DHCP server that assigns IP dynamic addresses to devices inside the network, NATenabled routers retain one or many valid Internet IP addresses outside of the network.
When the client sends packets out of the network, NAT translates the internal IP address of
the client to an external address.
To outside users, all traffic coming to and going from the network has the same IP address
or is from the same pool of addresses.
NAT has different functions, but its key function is to save IP addresses by allowing
networks to use private IP addresses. NAT translates private, internal addresses into public,
external addresses. NAT has an added benefit of adding a degree of privacy and security to
a network because it hides internal IP addresses from outside networks.
The following terms are used when discussing NAT:
Inside local address - Usually not an IP address assigned by a service provider and
is most likely a private address.
Inside global address - Valid Public IP address that the inside host is given when it
exits the NAT configured router.
Outside global address - Valid public IP address assigned to a host on the
Internet.
Outside local address - The local IP address assigned to a host on the outside
network. In most situations, this address will be identical to the outside global
address of that outside device.
To make it clearer, the address internal devices use to communicate with other internal
devices is the inside local address.
The address internal devices use to communicate with external devices is the outside local
address.
The address external devices uses to communicate with internal devices is the inside
global address.
Finally, external devices communicate with one another using outside global addresses.
- See more at: http://orbit-computer-solutions.com/NAT--Network-Address-Translation.php#sthash.LjZvbHjn.dpuf
Wireless Technologies
/ Standards.
The IEEE 802.11 standards specify two operating modes: infrastructure mode and ad
hoc mode.
Uses the 2.4 gigahertz (GHz) of frequency the same as some house hold items like cordless,
micro waves ovens etc.
Provides access to few users simultaneously.
802.11g
This is the most recent and popular in use now, offering more respectable data transfer
speeds of up to 54Mbits/sec, but its speed are much lower. It also uses an upgraded form of
Wi-Fi Protected Access (WPA) security protocol.
Advantages:
Speed: Uses Up to 54 Mbps
Has a transmission speed comparable to 802.11a under optimal conditions
a. Allows for more simultaneous users
b. Has the best signal range and is not easily obstructed
c. Is compatible with 802.11b network adapters, routers, and access points
Disadvantages:
Uses the 2.4 GHz frequency so it has the same interference problems as 802.11b
Costs more than 802.11b
802.11n
The 802.11n draft standard is intended to improve wireless data rates and range without
requiring additional power or radio frequency band allocation. The 802.11n uses multiple
radios and antennae at endpoints, each broadcasting on the same frequency to establish
multiple streams. The multiple input/multiple output technology splits a high data-rate
stream into multiple lower rate streams and broadcasts them at the same time over the
available radios and antennae. This allows for a speculative maximum data rate of 248 Mb/s
using two streams.
Note:
If your PC or laptop have more than one wireless network adapter or your adapter uses
more than one wireless technology / standard, you are provided with options to specify
which adapter or standard to use for each network connection.
E.g., if you use streaming media, such as videos or music, on your PC or Laptop, choosing
802.11a connection from the options provided would be best for you, because you will get a
faster data transfer rate when you watch videos or listen to music.
- See more at: http://orbit-computer-solutions.com/Wireless-Standards.php#sthash.QMj7lwkC.dpuf
Windows 7
Windows Vista
Note
Workgroups provide a basis for file and printer sharing, but do not actually set up sharing for you. In contrast, in this
version of Windows you can create or join a homegroup, which automatically turns on file and printer sharing on
home networks. If you have a home network, we recommend creating or joining a homegroup. For more
information, search for "homegroup" in Help and Support.
1.
2.
Under Computer name, domain, and workgroup settings, click Change settings. If you're prompted
for an administrator password or confirmation, type the password or provide confirmation.
3.
In the System Properties dialog box, click the Computer Name tab, and then click Change.
4.
In the Computer Name/Domain Changes dialog box, under Member of, click Workgroup, and then do
one of the following:
To join an existing workgroup, type the name of the workgroup that you want to join, and then click
OK.
To create a new workgroup, type the name of the workgroup that you want to create, and then click
OK.
Notes
If your network includes computers running Windows XP, you might need to change the workgroup name on
those computers to match the workgroup name on the computers running this version of Windows or
Windows Vista so that you can see and connect to all computers on your network.
Windows 7
Windows Vista
Note
Workgroups provide a basis for file and printer sharing, but do not actually set up sharing for you. In contrast, in this
version of Windows you can create or join a homegroup, which automatically turns on file and printer sharing on
home networks. If you have a home network, we recommend creating or joining a homegroup. For more
information, search for "homegroup" in Help and Support.
1.
2.
Under Computer name, domain, and workgroup settings, click Change settings. If you're prompted
for an administrator password or confirmation, type the password or provide confirmation.
3.
In the System Properties dialog box, click the Computer Name tab, and then click Change.
4.
In the Computer Name/Domain Changes dialog box, under Member of, click Workgroup, and then do
one of the following:
To join an existing workgroup, type the name of the workgroup that you want to join, and then click
OK.
To create a new workgroup, type the name of the workgroup that you want to create, and then click
OK.
Notes
If your network includes computers running Windows XP, you might need to change the workgroup name on
those computers to match the workgroup name on the computers running this version of Windows or
Windows Vista so that you can see and connect to all computers on your network.
Subnetting IP
Address.
Subnetting allows you to create multiple logical networks that exist within a single Class A,
B, or C network.
There are so many reasons why we subnet:
a. It helps in the preservation of address space in other not to waste addresses.
b. It used for security.
c. It helps to control network traffic due to collisions of packets transmitted by other node
(host) on the same segment.
Subnetting a Network Address
In order to subnet a network address, The subnet mask has to be extended, using some of
the bits from the host ID portion of the address to create a subnetwork ID.
For example, given a Class C network of 192.17.5.0 which has a natural mask of
255.255.255.0, you can create subnets in this manner:
192.17.5.0 - 11000000.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
|sub|
By extending the mask to be 255.255.255.224, you have borrowed three bits (indicated by
"sub") from the original host portion of the address and used them to create subnets. With
these three bits, it is possible to create eight subnets. With the remaining five host ID bits,
each subnet can have up to 32 host, addresses, 30 of which can actually be assigned to a
device on the same segment.
These subnets have been created.
11111111
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)
Look at this because you will always come across it during subnetting
128+64 =192
128+64+32 =224
128+64+32+16=240
128+64+32+16+8=248
128+64+32+16+8+4=252 an so on!
So to give us 16 possible network numbers, 2 of which cannot be used:192.168.1.0 (Reserved)
Network address hosts address, broadcast address
192.168.1.16 192.168.1.17 30 192.168.1.31
192.168.1.32 192.168.1.33 - 46 192.168.1.47
192.168.1.48 192.168.1.49 62 192.168.1.63
192.168.1.64 192.168.1.65 78 192.168.179
192.168.1.80 (keep adding 16 till you get to 224)
That will give you up to 14 networks shared among 14 hosts (nodes).
- See more at: http://www.orbit-computer-solutions.com/Subnetting-IPaddresses.php#sthash.p4zAFHoq.dpuf
How To Configure
Switch Security.
Cisco Switch Port Security
Conventional network security often focuses more on routers and blocking traffic from the
outside. Switches are internal to the organization, and designed to allow ease of
connectivity, therefore only limited or no security measures are applied.
The following basic security features can be used to secure your switches and network:
* Physically secure the device
* Use secure passwords
* Enable SSH access
* Enable port security
* Disable http access
* Disable unused ports
* Disable Telnet
Lets look at how to implement and configure some of the above mentioned switch security
features.
1.
Use the enable secret command to set the password. For this activity, set the password to
orbit.
SW1#configure terminal
SW1(config)#enable secret orbit
SW1(config)#
2. How To Configure virtual terminal (Telnet) and console passwords and require
users to login.
A password should be required to access the console line. Even the basic user EXEC mode
can provide significant information to a malicious user. In addition, the VTY lines must have
a password before users can access the switch remotely.
Use the following commands to secure the console and telnet:
SW1(config)#line console 0
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#line vty 0 15
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#exit
SW1(config)#
3.
At this stage, the privileged EXEC password is already encrypted. To encrypt the line
passwords that you just configured, enter the service password-encryption command in
global configuration mode.
SW1(config)#service password-encryption
SW1(config)#
4. How To Configure and test the MOTD banner.
Configure the message-of-the-day (MOTD) using Authorized Access Only as the text.
Follow these guidelines:
i. The banner text is case sensitive. Make sure you do not add any spaces before or after
the banner text.
ii. Use a delimiting character before and after the banner text to indicate where the text
begins and ends. The delimiting character used in the example below is %, but you can use
any character that is not used in the banner text.
iii. After you have configured the MOTD, log out of the switch to verify that the banner
displays when you log back in.
SW1(config)#banner motd %Authorized Access Only%
SW1(config)#end
SW1#exit
5.
Enter interface configuration mode for FastEthernet 0/11 and enable port security.
Before any other port security commands can be configured on the interface, port security
must be enabled.
SW1(config-if)#interface fa0/11
SW1(config-if)#switchport port-security
* Notice that you do not have to exit back to global configuration mode before entering
interface configuration mode for fa0/11.
6. How To configure the maximum number of MAC addresses.
To configure the port to learn only one MAC address, set the maximum to 1:
SW1(config-if)#switchport port-security maximum 1
7. How To configure the port to add the MAC address to the running configuration.
The MAC address learned on the port can be added to (stuck to) the running configuration
for that port.
SW1(config-if)#switchport port-security mac-address sticky
8.
Disabling unused switch ports a simple method many network administrators use to help
secure their network from unauthorized access. Disabling an unused port stops traffic from
flowing through the port(s)
Step 1: Disable interface Fa0/10 on SW1.
Enter interface configuration mode for FastEthernet 0/17 and shut down the port.
SW1(config)#interface fa0/10
SW1(config-if)#shutdown
Step 2: Disable interfaces Fa0/1 to Fa0/24 on SW1
SW1(config)#interface range fa0/1-24
- See more at: http://orbit-computer-solutions.com/How-To-Configure-SwitchSecurity.php#sthash.U2urocH3.dpuf
VLAN
Definition.
VLAN (Virtual Local Network) is a logically separate IP subnetwork which allow multiple IP
networks and subnets to exist on the same-switched network.
VLAN is a logical broadcast domain that can span multiple physical LAN segments. It is a
modern way administrators configure switches into virtual local-area networks (VLANs) to
improve network performance by separating large Layer 2 broadcast domains into smaller
ones.
By using VLAN a network administrator will be able to group together stations by logical
function, or by applications, without regard to physical location of the users.
Each VLAN functions as a separate LAN and spans one or more switches. This allows host
devices to behave as if they were on the same network segment.
For traffic to move between VLANs, a layer 3 device (router) is required.
VLAN has three major functions:
i. Limits the size of broadcast domains
ii. Improves network performance
ii. Provides a level of security
In summary:
a.
b.
c.
VLAN = all PCs are assigned with a subnet address defined for
VLAN 10
Configure the VLAN , assign ports to the VLAN
Assign an IP subnet address on the PCs.
Advantages of VLAN:
twelve hour working; the same way a professional hacker spends all day modifying hacking
techniques and looking for networks to exploit!
Firstly, for an attacker to gain access to a system network, the intruder has to find out the
vulnerabilities or weaknesses in the network authentication, FTP and web services. Finding
and exploiting these vulnerabilities will enable the attacker to gain access to web account
and other confidential or sensitive information.
Types of access attacks
1. Password attack
2. Trust Exploitation
3. Port Redirection
4. Man-in-the middle attack
Password Attacks
A Network attacker uses packet sniffer tools to obtain user accounts and passwords
information. Normally we log in and out of a system using authentication passwords to
shared resources in a router or server, an attacker also repeatedly attempts to log in to a
shared resource or to gain unauthorised access to an organisations network; this can also
be referred to as dictionary or brute force attacks. To carry out this type of attacks, the
intruder can use tools like the L0phtCrackor Cain.
These software or programs repeatedly attempt to log in as a user using words derived from
a dictionary. Most dictionary attacks often succeed because network users often choose
simple and short passwords, single words that are easy to predict.
Another password attack method uses what is called rainbow tables. A rainbow table is
precompiled series of passwords, which is constructed by building chains of possible plain
text passwords. Each chain is developed by starting with a randomly selected "guess" of the
plain text password then sequentially applies variations on it. The attack software will apply
the passwords in the rainbow table until it at a possible password. To conduct a rainbow
table attack, attackers can use a tool such as L0phtCrack.
A brute-force attack tool is more sophisticated because it searches in detail using
combinations of character sets to work out every possible password made up of those
characters. The only disadvantage is that it takes much time to complete this type of attack.
Brute-force attack tools have been known to solve simple passwords in less than a minute.
Longer, more complex passwords may take days or weeks to resolve.
- See more at: http://orbit-computer-solutions.com/Network-AccessAttacks.php#sthash.kefqieP9.dpuf
Computer Software.
In
Intermediary Devices
and their Role on the
Network.
For communication to run smoothly across the network there are devices that place
intermediary roles in networking. These intermediary devices provide connectivity and work
behind the scenes to ensure that data flows across the network.
These devices connect the individual hosts (end devices) to the network and can connect
multiple individual networks to form an internetwork.
Examples of intermediary network devices are:
Routers.
Switches.
Hubs.
Wireless access points.
Servers and Modems.
Security Devices such as firewalls.
These intermediary devices use what is called IP address, in conjunction with information
about the network interconnections, to determine best path that messages take through the
network.
To enable you subnet Class B, use the same subnet numbers for the third octect just as in
Class C. All you need to do is just to add zero (0) to the network portion and a 255 to the
broadcast section in the fourth octect. Remember we have more possible subnet mask in
Class Bthan Class C.
I will bring in the cram table once more, only this time we are applying it on the THIRD
octect;
Class B cram table:
Class B network address has 16 bits available for host addressing (14 bits for subnetting, 2
bits for host addressing).
Example 1
Lets look at some examples, using the table above, remember we are working on the
THIRD octect of Class B. Given network address:172.16.0.0 /20
From the above network IP address, the mask will be 255.255.240.0 which means we are
using the bit value or block size of 16.
We are going to subnet it to three different networks with equal host IP addresses;
remember we are working on the THIRD octect with the block size of 16.
Network A
Network address: 172.16.16.0
First Host address: 172.16.16.1
Last host address: 172.16.31.254
Broadcast address: 172.16.31.255
What we did above is to add the bit value or size (16+16=32) to obtain the next network
address which is 172.16.32.0
Network B
Network address: 172.16.32.0
First Host address: 172.16.32.1
Last host address: 172.16.47.254
Broadcast address: 172.16.47.255
We carried out the same addition here to get the next network address (32+16=48)
Network C
Network address : 172.16.48.0
First Host address : 172.16.48.1
Last host address: 172.16.63.254
Broadcast address: 172.16.63.255
Same addition before for the next network.
For the WAN (serial links) We need only 4 bits value or block size here due to the number of
network and hosts involved so as not to waste much address space. looking at the cram
table, 4 bit value gives us /30 which results to mask 255.255.252.0 (just like Class C) so
we continue from the next network which is (48+16=64)
WAN 1
Connection from Router A to Router B
Network address: 172.16.64.0
Network A to B address: 172.16.64.1 255.255.252.0
Network B to A address: 172.16.64.2 255.255.252.0
Next network will also have 4 bits value added to the last network; (64+4=68)
Same four bit value is used. The next network is:
WAN 2
Connections from Router A to Router C
Network address: 172.16.68.0
Network A to C address: 172.16.68.1 255.255.252.0
Network C to A address: 172.16.68.2 255.255.252.0
There are different ways to subnet; you have to device a way to make it simple for yourself!
I think by using the cram table saves you a lot of time from all the equation of all sort. Lets
apply it to a topology:
Router A:
RA(config)#interface fa0/0
RA(config-if)#ip address 172.16.16.1 255.255.240.0
RA(config-if)#no shutdown
RA(config-if)#exit
RA(config)#interface se0/0/0
RA(config-if)#ip address 172.16.64.1 255.255.252.0
RA(config-if)#no shutdown
RA(config-if)#exit
RA(config)#interface se0/0/1
RA(config-if)#ip address 172.16.68.1 255.255.252.0
RA(config-if)#no shutdown
RA(config-if)#exit
Router B
RB#config t
RB(config)#interface fa0/0
RB(config-if)#ip address 172.16.32.1 255.255.240.0
RB(config-if)#no shutdown
RB(config-if)#exit
RB(config)#interface se0/0/0
RB(config-if)#ip address 172.16.64.2 255.255.252.0
RB(config-if)#no shutdown
RB(config-if)#exit
Router C
RC#config t
RC(config)#interface fa0/0
RC(config-if)#ip address 172.16.48.1 255.255.240.0
RC(config-if)#no shutdown
RC(config-if)#exit
RC(config)#interface se0/0/0
RC(config-if)#ip address 172.16.68.2 255.255.252.0
RC(config-if)#no shutdown
RC(config-if)#exit
Ping from Network RA to RB networks will work.
- See more at: http://orbit-computer-solutions.com/Subnetting-Class-BAddresses.php#sthash.u8qpMAji.dpuf
How To Calculate
Subnets Using Binary
Method.
Connectivity between hosts on an IP network is determined by the application of network
and destination address. This is done by the communicating host comparing and applying its
subnet mask to both its IPv4 address and to the destination IPv4 address.
Remember, the subnet mask is a 32 bit value which is used to differentiate between the
network bits and the host bits of the IP address. The subnet mask is made up of a string of
1s followed by a string of 0s.
The 1s indicate the network bits and the 0s specify the host bits within the IP address. The
network bits are matched between the source and destination. If networks are the same,
the packet can then be delivered locally. If they dont match, the packet is sent to the
default gateway.
For example, lets assume PC 1, with the IP address of 192.168.1.40 and subnet mask of
255.255.255.0, needs to send a message to PC 2, with the IP address of 192.168.1.52 and
a subnet mask of 255.255.255.0. In this case, both hosts have a same default subnet mask
of 255.255.255.0. Both hosts have the same network bits of 192.168.1, and therefore are
on the same network.
PC 1 Configuration
IP Address -192.168.1.40, 11000000.10101000.00000001.00101000
Subnet Mask -255.255.255.0, 11111111.11111111.11111111.00000000
Network- 192.168.1.0, 11000000.10101000.00000001.00000000
PC 2 Configuration
IP Address -192.168.1.52, 11000000.10101000.000000001.00110100
Subnet Mask -255.255.255.0, 11111111.11111111.11111111.00000000
Network 192.168.1.0, 11000000.10101000.00000001.00000000
The highlighted area above shows that both PC 1 and PC 2 are on the same network:
192.168.1.0.
- See more at: http://orbit-computer-solutions.com/How-To-Calculate-Subnets-Using-BinaryMethod.php#sthash.w1qm8nH5.dpuf
Subnetting IP
Address.
Subnetting allows you to create multiple logical networks that exist within a single Class A,
B, or C network.
There are so many reasons why we subnet:
a. It helps in the preservation of address space in other not to waste addresses.
b. It used for security.
c. It helps to control network traffic due to collisions of packets transmitted by other node
(host) on the same segment.
Subnetting a Network Address
In order to subnet a network address, The subnet mask has to be extended, using some of
the bits from the host ID portion of the address to create a subnetwork ID.
For example, given a Class C network of 192.17.5.0 which has a natural mask of
255.255.255.0, you can create subnets in this manner:
192.17.5.0 - 11000000.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
|sub|
By extending the mask to be 255.255.255.224, you have borrowed three bits (indicated by
"sub") from the original host portion of the address and used them to create subnets. With
these three bits, it is possible to create eight subnets. With the remaining five host ID bits,
each subnet can have up to 32 host, addresses, 30 of which can actually be assigned to a
device on the same segment.
These subnets have been created.
Another example:Given a class C network address of 192.168.1.0, as a network administrator, you need to
utilize this network address across multiple small groups within the organization. You can do
this by subnetting this network with a subnet address.
All you have to do is , try to create 14 subnets of 14 nodes (hosts) each. This will limit us to
196 nodes (hosts) on the network instead of 254 we would have without subnetting. To
accomplished this we begin with the default network mask for class C
255.255.255.0 (11111111.11111111.11111111.00000000) binary
255.255.255.240 (11111111.11111111.11111111.11110000) binary
Remember the cram table:-
11111111
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)
Look at this because you will always come across it during subnetting
128+64 =192
128+64+32 =224
128+64+32+16=240
128+64+32+16+8=248
128+64+32+16+8+4=252 an so on!
So to give us 16 possible network numbers, 2 of which cannot be used:192.168.1.0 (Reserved)
Network address hosts address, broadcast address
192.168.1.16 192.168.1.17 30 192.168.1.31
192.168.1.32 192.168.1.33 - 46 192.168.1.47
Private Addresses
Private IP addresses that are designated for networks that have limited or no access to the
Internet. Hosts or packets using these addresses as a source and destination are not to
appear on the public Internet.
These private address blocks are:
10.0.0.0 10.255.255.255 (10.0.0.0 /8)
10.0.1.0 172.16.0.0 to 172.16.255.255 (172.16.0.0 /12)
10.0.2.0 192.168.0.0 to 192.168.255.255 (192.168.0.0 /16)
Public Addresses
Most of the addresses in the IPv4 host range are public addresses. These addresses are
designed for used by hosts that are publicly accessible from the Internet. Even within these
address blocks, there are many addresses that are designated for other special purposes.
- See more at: http://orbit-computer-solutions.com/Public-and-PrivateAddresses.php#sthash.7lOvk2px.dpuf
RFC
790
1700
1700
3330
Default Route
The default route is used as all-purpose address in a network when a more specific route is
available for packet routing.
e.g. 0.0.0.0 /8
Loopback
The loopback is a special address that all host in a network use to direct traffic to
themselves. TCP/IP applications and services that operate in a device use this as a shortcut
for communicating with one other. You can also ping the loopback address to test the
configuration of TCP/IP on the local host.
Loopback address: 127.0.0.1
Link-Local Addresses
IPv4 addresses in the address block 169.254.0.0 to 169.254.255.255 (169.254.0.0 /16) are
designated as link-local addresses. These addresses can be automatically assigned to the
local host by the operating system in environments where no IP configuration is available.
Only devices in the same network can use these address range.
TEST-NET Addresses.
The addresses 192.0.2.0 to 192.0.2.255 (192.0.2.0 /24) is set aside for teaching and
learning purposes. These addresses can be used in documentation and network examples.
Unlike the experimental addresses, network devices used in teaching and learning will
accept these addresses in their configurations. You may often find these addresses used
with the domain names example.com or example.net in RFCs, vendor, and protocol
documentation.
- See more at: http://orbit-computer-solutions.com/Reserved-IPAddresses.php#sthash.H2QQWBP0.dpuf
CIDR (Classless
InterDomain Routing).
CIDR (Classless Inter-Domain Routing) was introduced in 1993 (RCF 1517) replacing the
previous generation of IP address syntax - classful networks. CIDR allowed for more
efficient use of IPv4 address space and prefix aggregation, known as route summarization
or supernetting.
CIDR introduction allowed for:
CIDR allows routers to group routes together to reduce the bulk of routing information
carried by the core routers. With CIDR, several IP networks appear to networks outside the
group as a single, larger entity. With CIDR, IP addresses and their subnet masks are written
as four octets, separated by periods, followed by a forward slash and a two-digit number
that represents the subnet mask e.g.
10.1.1.0/30
172.16.1.16/28
192.168.1.32/27 etc.
CIDR / VLSM Network addressing topology example
CIDR uses VLSM (Variable Lenght Subnet Masks) to allocate IP addresses to subnetworks
according to need rather than class. VLSM allows for subnets to be further divided or
subnetted into even smaller subnets. Simply, VLSM is just subnetting a subnet.
With CIDR, address classes (Class A, B, and C) became meaningless. The network address
was no longer determined by the value of the first octet, but assigned prefix length (subnet
mask) address space. The number of hosts on a network, could now be assigned a specific
prefix depending upon the number of hosts needed for that network.
ISPs could now more efficiently allocate address space using any prefix length, ISPs were no
longer limited to a- 255.0.0.0 or /8, 255.255.0.0 or /16, or 255.255.255.0 or /24 subnet
mask which before the advent of CIDR is known as classful network addresses. Blocks of IP
addresses could be assigned to a network based on the requirements of the customer,
ranging from a few hosts to hundreds or thousands of hosts.
CIDR Advantages
With the introduction of CIDR and VLSM, ISPs could now assign one part of a classful
network to one customer and different part to another customer. With the introduction of
VLSM and CIDR, network administrators had to use additional subnetting skills.
The table below shows allowed subnet and Hosts IP address for all The Classes
Class A
No. of bits
Subnet Mask
255.192.0.0
No. of Hosts
Nets * Hosts
4194302
8388604
255.224.0.0
255.240.0.0
/11
2097150
12582900
/12
14
1048574
14680036
255.248.0.0
/13
30
524286
15728580
255.252.0.0
/14
62
262142
16252804
255.254.0.0
/15
126
131070
16514820
255.255.0.0
/16
254
65534
16645636
255.255.128.0
/17
510
32766
16710660
10
255.255.192.0
/18
1022
16382
16742404
11
255.255.224.0
/19
2046
8190
16756740
12
255.255.240.0
/20
4094
4094
16760836
13
255.255.248.0
/21
8190
2046
16756740
14
255.255.252.0
/22
16382
1022
16742404
15
255.255.254.0
/23
32766
510
16710660
16
255.255.255.0
/24
65534
254
16645636
17
255.255.255.128
/25
131070
126
16514820
18
255.255.255.192
/26
262142
62
16252804
19
255.255.255.224
/27
524286
30
15728580
20
255.255.255.240
/28
1048574
14
14680036
21
255.255.255.248
/29
2097150
12582900
22
255.255.255.252
/30
4194302
8388604
Class B
No. of bits
Subnet Mask
255.255.192.0
/18
16382
32764
255.255.224.0
/19
8190
49140
255.255.240.0
/20
14
4094
57316
255.255.248.0
/21
30
2046
61380
255.255.252.0
/22
62
1022
63364
255.255.254.0
/23
126
510
64260
255.255.255.0
/24
254
254
64516
255.255.255.128
/25
510
126
64260
10
255.255.255.192
/26
1022
62
63364
11
255.255.255.224
/27
2046
30
61380
12
255.255.255.240
/28
4094
14
57316
13
255.255.255.248
/29
8190
49140
14
255.255.255.252
/30
16382
32764
Class C
No. of bits
Subnet Mask
255.255.255.192
255.255.255.224
255.255.255.240
5
6
62
124
/27
30
180
/28
14
14
196
255.255.255.248
/29
30
180
255.255.255.252
/30
62
124
IP Addressing. (IPv4)
An IP address is a unique number / address used to identify a device on a network. An IP
address is made up of 32 binary bits, which is divided into a Network portion and Host
portion with the help of a Subnet Mask.
The 32 binary bits are broken into four octets (1 octet = 8 bits). Each octet is converted to
decimal and separated by a period (dot). For this reason, an IP address is expressed in
dotted decimal format e.g. 192.168.10.12.
The value in each octet ranges from 0 to 255 decimal, or 00000000 - 11111111 binary.
Below is how binary octets are converted to decimal: The right most bit, or least significant
bit, of an octet holds a value of 20. The bit just to the left of that holds a value of 21. This
continues until the left-most bit, or most significant bit, which holds a value of 27. So if all
binary bits are a one, the decimal equivalent would be 255 as shown here:
11111111
128 64 32 16 8 4 2 1 = (128+64+32+16+8+4+2+1=255)
And this sample below shows an IP address represented in binary and decimal.
192. 168. 4. 10 (decimal)
11000000.10101000.00000100.00001010 (binary).
- See more at: http://orbit-computer-solutions.com/IP-Addressing.php#sthash.uKsDH3Ft.dpuf
DHCP.
Dynamic Host Configuration Protocol works in a client/server mode. DHCP enables clients on
an IP network to obtain or lease IP address or configuration from a DHCP server. This
reduces workload when managing a large network. DHCP protocol is described in the RFC
2131.
Most modern operating system includes DHCP in their primary settings, these includes
windows OS, Novell NetWare, Sun Solaris, Linux and Mac OS. The clients requests for
addressing configuration from a DHCP network server, the network server manages the
assignment of IP addresses and must be obliged to answer to any IP configuration requests
from clients.
However, network routers, switches and servers need to have a static IP addresses, DHCP is
not intended for the configuration of these types of hosts. Cisco routers use a Cisco IOS
features known as Cisco Easy IP Lease. This offers an optional but full-featured DHCP
server. Easy IP leases address for 24hrs by default, it is most useful in homes and small
offices where users can take the advantages of DHCP and NAT without having an NT or
UNIX server
The DHCP sever uses User Datagram Protocol (UTP) as its transport protocol to send
message to the client on port 68, while the client uses port 67 to send messages to the
server.
DHCP severs can offer other information, this include, DNS server addresses, WINS server
addresses and domain names. In most DHCP servers, administrators are allowed to define
clients MAC addresses, which the server automatically assigns same IP, address each time.
Most administrators prefer to work with Network server that offers DHCP services. These
types of network are scalable and easy to manage.
- See more at: http://orbit-computer-solutions.com/DHCP.php#sthash.o4LwjwIh.dpuf
Network Security.
Why is Network Security
Important?
Wherever there is a network, wired or wireless; there are threats. Some people are easily
put off setting up a home or office network with the fear that any thing stored in their hard
drive could be accessed by neighbours or hackers. The types of potential threats to network
security are always evolving, and constant computer network system monitoring and
security should be an ultimate priority for any network administrator.
If the security of the network is compromised, there could be serious consequences, such as
loss of privacy, and theft of information.
When it comes to network security, the main concern is making sure that any wireless
connections are protected against unauthorised access.
Most business transactions are done over the Internet, In addition, the rise of mobile
commerce and wireless networks demands that security solutions become flawlessly
integrated, more transparent, and more flexible.
Network attack tools and methods have evolved. Back in the days when a hacker had to
have sophisticated computer, programming, and networking knowledge to make use of
rudimentary tools and basic attacks.
Nowadays, network hackers, methods and tools has improved tremendously, hackers no
longer required the same level of sophisticated knowledge, people who previously would not
have participated in computer crime are now able to do so.
iii. Black hat or Cracker- The opposite of White Hat, this term is used to describe those
individuals who use their knowledge of computer systems and programming skills to break
into systems or networks that they are not authorized to use, this of course is done usually
for personal or financial gain.
iv. Phreaker- This terms is often used to describe an individual who manipulates the phone
network in a bid to perform a function that is not allowed. The phreaker breaks into the
phone network, usually through a payphone, to make free or illegal long distance calls.
v. Spammer- This is often used to describe the persons who sends large quantities of
unsolicited e-mail messages. Spammers often use viruses to take control of home
computers and use them to send out their bulk messages.
vi. Phisher- Uses e-mail or other means to trick others into providing sensitive information,
such as credit card numbers or passwords. A phisher masquerades as a trusted party that
would have a legitimate need for the
- See more at: http://orbit-computer-solutions.com/Network-Security.php#sthash.QPtVCwt1.dpuf
Network Monitoring.
Monitoring the network can be a tedious task, especially when its a large one. As a network
administrator, its you duty to ensure that your computer network systems are running
smoothly and that no outages occurs on your watch. Keeping a constant eye on your
network helps to increase the network efficiency; especially by knowing bandwidth and
resources consumption.
There are different tools out there to help a network administrator in monitoring a network
system for slow or failing components. Most of these tools helps to monitor, and notifies the
network administrator of slow, failing components, resources consumption and sends
notifications to the network administrator through email, SMS or alarms)
Cisco being the world leader in network administration and protection has several types of
network admin tools including routers, switches, firewalls, wireless Access Points,
VPNConcentrators etc etc.
Resources to monitor.
There are different resources including hardware to monitor on your network. These
resources and tools used for network usage, speed and availability should be constantly
monitored for effective performances.
Network usage monitoring: This helps the network administrator to accurately access and
monitor CPU and servers load and usage.
Network speed Monitoring: this especially deals with monitoring the bandwidth usage
and speed. High Bandwidth usage and load speed can prevents your companys websites
and network services can be frustrating to your website visitors or users slow-loading
pages, downloading of files or images.
Monitoring Network availability: The companies websites, mail servers, lease lines are
network resources that are mostly accessed by both internal and external parties for
services, these resources should be constantly monitored for for availability.
Monitoring Network Security systems: The security of your network should be your
ultimate concern, network monitoring tools should include a traffic monitor that allows you
to view everything on your network. Your network users and IP addresses that access your
network are to be monitored to make sure there are no unauthorized access to files and
private company information.
- See more at: http://orbit-computer-solutions.com/Network-Monitoring.php#sthash.wiFFpmRc.dpuf
Switches.
Network Switch
A Network switch is a device that filters, forwards, or floods frames based on the destination
address of each frame .
Switches perform their routing functions at the layers 2 model of the OSI. Some switches
process data at the Network Layer (layer 3), This types of switches are referred to as layer
3 switches or multilayer switches. Switches form an integral parts in networking LAN or
WANs . Small office, Home office ( SOHO) applications normally, use a single or an all
purpose switches .
The network switch is a very adaptable Layer 2 device; it replaces the hub as the central
point of connection for multiple hosts.
In a more complex role, a switch may be connected to one or more other switches to
create, manage, and maintain redundant links and VLAN connectivity. A switch processes all
types of traffic in the same way, regardless of how it is used.
Switches moves traffic base on MAC addresses. Each switch maintains a MAC address table
in high-speed memory, called content addressable memory (CAM). The switch recreates this
table every time it is activated, using both the source MAC addresses of incoming frames
and the port number through which the frame entered the switch.
As mentioned earlier, switches operates at the data-link layer of the OSI model, switch
function is to create a different collision domain per switch port. Let take an example of Four
computers PC 1, PC 2, PC 3, PC 4 attached to switch ports, then PC 1 and PC 2 can
Recommended reading:
Cisco CCNA Books
Functions of Switches
CCNA - Past question & Answers with Explanation
Difference between
Hubs, Switches,
Routers, and Access
Points.
Hubs, Switches, Routers, and Access Points are all used to connect computers together on a
network, but each of them has different capabilities.
Hubs
Hubs are used to connect computers on a network so as to communicate with each other.
Each computer plugs into the hub with a cable, and information sent from one computer to
another passes through the hub.
Switches
Switches functions the same way as hubs, but they can identify the intended destination of
the information that they receive, so they send that information to only the computers that
its intended for.
Switches can send and receive information at the same time, and faster than hubs can.
Switches are best recommended on a home or office network where you have more
computers and want to use the network for activities that require passing a lot of
information between computers.
Functions of a Switch
Routers
Routers are better known as intermediary devices that enable computers and other network
components to communicate or pass information between two networks e.g. between your
home network and the Internet. The most astounding thing about routers is their capability
to direct network traffic. Routers can be wired (using cables) or wireless. Routers also
typically provide built-in security, such as a firewall.
Access points
Access points provide wireless access to a wired Ethernet network. An access point plugs
into a hub, switch, or wired router and sends out wireless signals. This enables computers
and devices to connect to a wired network wirelessly. You can move from one location to
another and continue to have wireless access to a network. When you connect to the
Internet wirelessly using a public wireless network in an airport, hotel or in public, you are
usually connecting through an access point. Some routers are equipped with a wireless
access point capability, in this case you dont need a wireless access Point.
- See more at: http://orbit-computer-solutions.com/Difference-between-Hubs%2C-Switches%2CRouters%2C-and-Access-Points.php#sthash.5b0gqlXc.dpuf
The figure above shows 5 different subnets, each with different host requirements. The
given IP address from our ISP is192.168.1.0/24.
The host requirements are:
Network A - 14 hosts
Network B - 28 hosts
Network C - 2 hosts
Network D - 7 hosts
Network E - 28 hosts
As recommended, we begin the process by subnetting for the largest host requirement first.
As it seems, the largest requirements are for NetworkB and NetworkE, each with 28
hosts.
Dont forget the cram table!
Lets apply the formula: usable hosts = 2^n - 2. For networks B and E, 5 bits are borrowed
from the host portion and the calculation is 2^5 = 32 - 2. Only 30 usable host addresses
are available in this case due to the 2 reserved addresses. Borrowing 5 bits meets the
requirement but leaves little room for future growth.
So we revert to borrowing 3 bits for subnets leaving 5 bits for the hosts. This allows 8
subnets with 30 hosts each.
We have created and will allocate addresses for networks B and E first:
Network B will use Subnet 0: 192.168.1.0/27
Host address range 1 to 30 (192.168.1.1 192.168.1.30)
192.168.1.31 (broadcast address)
Network E will use Subnet 1: 192.168.1.32/27
Host address range 33 to 62 (192.168.1.33 192.168.1.62)
192.168.1.63 (broadcast address)
The next largest host requirement is NetworkA, followed by NetworkD.
We will borrowing another bit and subnetting the network address 192.168.1.64 will give us
the following a host range of:
Network A will use Subnet 0: 192.168.1.64/28
Host address range 65 to 78 (192.168.1.65 192.168.1.78)
192.168.1.79 (broadcast address)
Network D will use Subnet 1: 192.168.1.80/28
Host address range 81 to 94 (192.168.1.81 192.168.1.94)
192.168.1.95 (broadcast address)
This allocation supports 14 hosts on each subnet and satisfies the requirement.
*In Network C, there are only two hosts. In this case we borrow two bits to meet this
requirement.
Beginning from 192.168.1.96 and borrowing 2 more bits results in subnet 192.168.1.96/30.
Network C will use Subnet 1: 192.168.1.96/30
Host address range 97 to 98 (192..168.1.97 192.168.1.98)
192.168.1.99 (broadcast address)
From the above illustration, we have met all requirements without wasting many possible
subnets and available addresses.
In this case, bits were borrowed from addresses that had already been subnetted. As you
will recall from a previous section, this method is known as Variable Length Subnet Masking,
or VLSM.
*use illustration to create networks for the WAN on the network..
- See more at: http://orbit-computer-solutions.com/VLSM-Example.php#sthash.zjUuYvXd.dpuf
Types of Addresses in
IPv4.
Within the IPv4 address range , there are three types of addresses:
Network Address - The address by which we refer to the network.
Broadcast Address - A special address used to send data to all hosts in the network.
Host Address - The addresses assigned to the end devices in the network.
Network Address
The network address is a standard way to refer to an IPv4 address assigned to a network.
For example, we could refer to the network 192.168.1.0 or 172.16.0.0 as a Network
Address. This is a much more convenient and descriptive way to refer to the network than
using a term like "the first network." All hosts in the 172.16.0.0 network will have the same
network bits.
when assigning IPv4 address to a host , the lowest address is reserved as the network
address. This address has a 0 for each host bit in the host portion of the address, e.g
192.168.1.0 /24,
172.16.0.0 /16
Broadcast Address
The IPv4 broadcast address is a special address for each network that allows communication
to all the hosts in that network. To send data to all hosts in a network, a host can send a
single packet that is addressed to the broadcast address of the network.
The broadcast address uses the highest address in the network range. This is the address in
which the bits in the host portion are all 1s. For the network 192.168.1.0 with 8 network
bits, the broadcast address would be 192.168.0.255. This address is also referred to as the
directed broadcast.
192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)
Host Addresses
As described previously, every end device requires a unique address to recieve and send
packets. In IPv4 addresses, we assign the values between the network address and the
broadcast address to the devices in that network e.g. hosts includes the end devices such as
PCs, IP phones, printers etc.
e.g 192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)
192.168.1.2 - 254 (Host Addresses)
Spanning Tree
Protocol (STP).
STP is used by switches to prevent loops occurring on a network, this process is
implemented by using spanning tree algorithm in disabling unwanted links and blocking
ports that could cause loop.
Loops and duplicate frames can have severe consequences on a network. Most LANs are
designed to provide redundancy so that if a particular link fails another one can take over
the forwarding of frame across the LAN.
Basically, each switch port on a network detects the MAC address of a host or PC A, it then
sends messages to other switches on the network to inform them of its knowledge on how
to get to PC A. The problem starts when another switch discovers the same host or PC As
MAC address, In time every switch on the network will start flooding messages on the
network of their discovery and how to get to the same PC A and a loop has formed.
STP Standards / Types
STP ensures that there is only one logical path between all destinations on the network by
intentionally blocking redundant paths that could cause a loop.
When a switch port detects a loop in the network, it blocks (A port is considered blocked
when network traffic is prevented from entering or leaving that port) one or more redundant
paths to prevent a loop forming.
To stop a loop from forming, STP chooses one switch to be Root Bridge on the network.
Then other switches selects one of its ports as Root Port then, a designated port is
chosen on each segment and all other ports are closed down.
STP outline of Process
Lets look at it this way, when switches A, B, C and D are on the same network or broadcast
domain boots up, the switches will forward their Bridge Protocol Data Unit (BPDU) frames to
neighbouring switches. All switches in the network or broadcast domain will read the root ID
information from the BPDU frame of all their neighbours.
After reviewing the entire root IDs from the BPDU received from each switch, the switch
with the lowest BID ends up being identified as the Root Bridge for the spanning tree
process. It may not be an adjacent switch, but any other switch in the broadcast domain.
Study the figure below and see if you can Identify the switch with the lowest priority.
Root Ports - Switch ports closest to the root bridge with the lowest cost path.
Designated Ports - All non-root ports that are still permitted to forward traffic on the
network.
Non-designated ports - All ports configured to be in a blocking state to prevent loops.
Summary.
* Each switch has a bridge ID (BID) of priority value followed by MAC address
* Switches exchange Bridge Protocol Data Unit (BDPU) to compare bridge IDs
* The switch with the lowest bridge ID becomes the root bridge.
* Eventually, all switches agree that the switch with the lowest BID is the root bridge.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Understanding-How-the-Root-Bridgeand-Ports-are-chosen.php#sthash.rLv7zrTf.dpuf
Spanning Tree
Protocol Standards
/Types.
Types of STP
Like many networking standards, there are many types or variants of STP. These include:
i. PVST+
ii. RSTP
iii. Rapid-PVST+
iv MSTP
These are public or industrial specification created by the IEEE. Some of these STP types are
Cisco proprietary and others are IEEE standards.
You will learn more details on some of these STP variants, but to get started you need to
have a general knowledge of what the key STP variants are. Below, is a brief description of
the key Cisco and IEEE STP variants.
Cisco Proprietary
Per-VLAN Spanning Tree Protocol (PVST) - Maintains a spanning-tree instance for each
VLAN configured in the network. It uses the Cisco proprietary ISL trunking protocol that
allows a VLAN trunk to be forwarding for some VLANs while blocking for other VLANs.
Because PVST treats each VLAN as a separate network, it can load balance traffic at Layer 2
by forwarding some VLANs on one trunk and other VLANs on another trunk without causing
a loop. For PVST, Cisco developed a number of proprietary extensions to the original IEEE
802.1D STP, such as BackboneFast, UplinkFast, and PortFast.
To learn more about these extensions, visit:
Configuring Spanning Tree PortFast, BPDU Guard, BPDU Filter, UplinkFast,
Per-VLAN Spanning Tree Protocol Plus (PVST+) - Cisco developed PVST+ to provide
support for IEEE 802.1Q trunking. PVST+ provides the same functionality as PVST, including
the Cisco proprietary STP extensions. PVST+ is not supported on non-Cisco devices. PVST+
includes the PortFast enhancement called BPDU guard, and root guard.
To learn more about BPDU guard, visit:
Spanning Tree PortFast BPDU Guard Enhancement
To learn more about root guard, visit:
Spanning Tree Protocol Root Guard Enhancement
Rapid Per-VLAN Spanning Tree Protocol (rapid PVST+) - Based on the IEEE 802.1w
standard and has a faster convergence than STP (standard 802.1D). Rapid PVST+ includes
Cisco-proprietary extensions such as BackboneFast, UplinkFast, and PortFast.
IEEE Standards
Rapid Spanning Tree Protocol (RSTP) - First introduced in 1982 as an evolution of STP
(802.1D standard). It provides faster spanning-tree convergence after a topology change.
RSTP implements the Cisco-proprietary STP extensions, BackboneFast, UplinkFast, and
PortFast, into the public standard. As of 2004, the IEEE has incorporated RSTP into 802.1D,
identifying the specification as IEEE 802.1D-2004. So when you hear STP, think RSTP.
Multiple STP (MSTP) - Enables multiple VLANs to be mapped to the same spanning-tree
instance, reducing the number of instances needed to support a large number of VLANs.
MSTP was inspired by the Cisco-proprietary Multiple Instances STP (MISTP) and is an
evolution of STP and RSTP. It was introduced in IEEE 802.1s as amendment to 802.1Q,
1998 edition. Standard IEEE 802.1Q-2003 now includes MSTP. MSTP provides for multiple
forwarding paths for data traffic and enables load balancing.
- See more at: http://orbit-computer-solutions.com/Spanning-Tree-Protocol-Standards--Types.php#sthash.6ZY6r4Ar.dpuf
Virtual Router
Redundancy Protocol
(VRRP)
Unlike HSRP which is Cisco propietary, VRRP is a Redundancy Protocol which operates in a
network with multi-vendor devices.
VRRP offers the same benefits of HSRP, VRRP operates similar to HSRP by electing an active
router called the Master among a group of routers that stores a configured virtual IP and
MAC address.
Similar with HSRP, when there is a failure on the active router interface, VRRP would trigger
the standby router (backup) to then become the Master and subsequently forward the
client's traffic.
VRRP uses multicast (224.0.0.18) for its hello mechanism and elections.
If a VRRP active router is configured with the IP address of the virtual router and the IP
address of the physical interface, this router will function as a virtual router master.
You use the vrrp priority command to enable the a VRRP router to functions as a virtual
router as well as a backup should the virtual router master fails. You can configure the
priority of each virtual router backup with a value of 1 through 254 using the vrrp priority
command.
For example, if Router A, the virtual router master in a vrrp group fails, an election process
takes place to determine if virtual router backups B or C should take over. If Routers B and
C are configured with the priorities of 90 and 100, respectively, Router B is elected to
become virtual router master because it has the higher priority.
If Routers B and C are both configured with the priority of 100, the virtual router backup
with the higher IP address is elected to become the virtual router master.
VRRP Preemption.
Unlike in HSRP, VRRP preemption is enabled by default, which enables a higher priority
virtual router backup that becomes accessible to take over from the virtual router backup
that was elected to become virtual router master.
VRRP Advertisements.
The virtual router (master) sends VRRP advertisements to other VRRP routers in the same
group. The priority and state of the virtual router master are carried in the advertisements.
The VRRP advertisements are encapsulated in IP packets and sent to the IP Version
multicast address assigned to the VRRP group.
Advertisements are sent every second by default; you can also configure what intervals you
want the adverts sent.
R2
From the above, we configured VRRP on R1 and R2 using the virtual IP address 10.1.20.1
and priority command with the value 10 on R1 .
You can see that the vrrp group preempt command is not used because preempt is
enabled by default for VRRP.
If you need to turn preempting off for any circumstance, use the command no vrrp group
preempt.
- See more at: http://orbit-computer-solutions.com/Understanding-Virtual-Router-RedundancyProtocol--VRRP-.php#sthash.MpJfmiR1.dpuf
This "virtual" router is configured with a single IP address (layer 3) and MAC address (layer
2) which is shared among two or more router on a LAN segment.
The IP address of the virtual router is configured as the default gateway for the clients on a
specific IP segment. When frames are sent from the clients to the default gateway, the
clients will use ARP to resolve the MAC address that is associated with the IP address of the
default gateway. The ARP then replies with the MAC address of the virtual router. Frames
that are sent to the MAC address of the virtual router can then be physically processed by
any active or standby router that is part of that virtual router group.
HSRP can be classified as a redundancy protocol that provide a mechanism for determining
which router should take the active role in forwarding traffic and determining when that role
must be taken over by a standby router.
HSRP Terms.
Active router: The router that is currently forwarding packets for the virtual router
Standby router: The primary backup router
Standby group: The set of routers participating in HSRP that jointly emulate a virtual
router
The primary function of the HSRP standby router (virtual) is to monitor the functioning
status of the HSRP group and to quickly assume packet-forwarding responsibility if the
active router fails.
These are the steps that take place when a router or Layer-3 device (switch) fails:
1.
The standby router stops receiving hello messages from the forwarding router.
2.
3.
Because the new forwarding router (standby router) assumes both the IP and MAC
addresses of the virtual router, the connected network devices see no disruption in service.
- See more at: http://orbit-computer-solutions.com/The-Host-Standby-Router-Protocol-%3A-HSRPExplained.php#sthash.KuxlbMhW.dpuf
GLBP provides load balancing over multiple (router) gateways using a single virtual IP
address and multiple virtual MAC addresses.
Each host is configured with the same virtual IP address, and all routers in the virtual router
group participate in forwarding packets.
Unlike HSRP and VRRP, GLBP does not use a single virtual MAC address for the entire group.
Instead, the AVG assigns different virtual MAC addresses to each of the physical routers in
the group.
There are two types of routers in a GLBP group use in redundancy and load balancing:
Active Virtual Gateway(AVG):
Within a GLBP group,one virtual router (gateway) is elected as the Active Virtual
Gateway(AVG), and its responsible for the operation of the protocol. This AVG router has
the highest priority value or IP address in the group, it responds to all ARP requests for MAC
addresses which it send to the virtual router IP address.
So, when a client needs to send packet to known default gateway (AVG) with configured IP
address, it requests for the MAC address by sending an ARP (address resolution protocol)
request on the subnet.
The AVG will respond to these ARP requests with the virtual MAC address of each "active"
virtual forwarders, based on a configured load sharing algorithm.
1. Round-robin: The default one. Each AVF in turn is included in address resolution replies
for the virtual IP address.
2. Host-dependent: Based on the MAC address of a host where the same forwarder is
always used for a particular host.
- Weighted: Based on weight dependent share of user between routers.
2- Initial : means the virtual IP address configured but virtual gateway configuration is
incomplete.
3 - Listen : receiving hello messages and ready to "speak" state if AVG unavailable.
6 - Active : means the current AVG and responsible for responding to ARP requests for the
virtual IP address.
2 - Initial : The virtual MAC address is OK but virtual forwarder configuration is incomplete.
3 - Listen : Virtual forwarder is receiving hello and ready to active state if AVF
unavailable.
4 - Active : current AVF and responsible for forwarding packets sent to the virtual
forwarder MAC address.
Benefits of GLBP
* Allows full use of resources on all devices without the administrative burden of creating
multiple groups
Summary
1. Active Virtual Router (AVG)
> Assigns Mac Address to the member of GLBP group.
> Responds to ARP requests
IPV6 EIGRPv6.
EIGRPv6 is still a distant-vector routing protocol with same link-state features, The hello
process used in neighbour discovery and the Diffusing Update Algorithm (DUAL) use for loop
free and fast convergence is still much present. Like its fellow IPv6 Protocols ( RIPng and
OSPFv3), there are similarities in the processing features of IPv4 routing protocols.
EIGRP for IPv6 still possesses the same overall features and operation as EIGRP
for IPv4; only there are a few major differences between them:
With EIGRP for IPv6, a router ID is required on each router or the routing
process does not start.
* EIGRPv6 uses a multicast address of FF02::10 for routing updates and hello
packets.
The 22 is the autonomous system (AS) number. If you look closely, you will notice the
prompt changed to(config-rtr) and from here you must use the no shutdown command.
On the interface fa0/0 configuration, same 22 references the AS number that was enabled
in the configuration mode.
- See more at: http://orbit-computer-solutions.com/IPv6-EIGRPv6-Explained.php#sthash.kdRfqUe1.dpuf
Lets look at the functions and how to configure IPv6 protocols this in detail:
1. RIPng: RIP-next generation as its fondly called is still same old RIP used in IPv4
networks; of course minus the broadcast, its just been given a new name and some facelift but still works in same way as RIPv2.
RIPng is still a distant vector routing protocol with a max hop count of 15. It still uses the
much familiar features as in split horizon, poison reverse to prevent loops and multicast
address( when sending updates). The only slight difference is its usage of UDP port 521.
Unlike RIPv2 with multicast address of 224.0.0.9, IPv6 multicast address still retains the 9
at the end of its IP address FF02::9. (this is similar to the broadcast function performed
by RIP in IPv4).
IPv6 unlike its predecessor keeps track of their next hop address using a link-local address.
RIPng Is known to be supported by Cisco IOS Release 12.2(2)T and later.
To enable RIPng routing on the router, use the ipv6 router rip name global configuration
command.
The name parameter identifies the RIP process. This process name is used later when
configuring RIPng on participating interfaces.
For RIPng, you use the command ipv6 rip name enable in interface configuration mode to
enable RIPng on an interface.
The name parameter must match the name parameter in the ipv6 router rip command.
When a route link changes state, the network device that detects the change creates an link
State Advertisement (LSA) and forwards it to the DR using FF02::6 multicast address who
informs all devices within an area using FF02::5 multicast address. Each device then
updates its Link State Database.
One of the new features of OSPFv3 is the ability to assign the router ID, area ID and linkstate ID with a 32 bit value without IP addresses. This feature enables OSPFv3 to be
routable over almost any network layer protocol. Like other IPv6 routing protocols - RIPng
and EIGRPv6, you must enable it directly on the router interface for the process to work.
The interface configuration process is just to assign an ospfv3 process ID and area.
network used to be a complicated tasks, VLAN trunking methods was developed to help
ease this problem.
VTP Concept
VLAN Trunking Protocol (VTP) is a Cisco Proprietary which basic aim is to manage all
configured VLANs across a switched network. VTP helps to propagate and maintain VLAN
configurations consistency to other switches on the network.
VTP is a messaging protocol that uses layer 2 trunk frames to add, delete and rename
VLANs on a single domain. It helps to centralize changes which are sent to other switches
on the network.
A switch had to be configured in the role of a VTP server to manage your VLAN
configuration on your network. The sever(s) will share VLAN information with other switches
on the network which must use the same domain name.
VTP learns only normal-range VLANs (VLAN IDs 1 to 1005).
The primary role of VTP is to maintain VLAN configuration consistency across a network
administration domain.
VTP stores VLAN configurations in the VLAN database called vlan.dat.
After a trunk is established between switches, VTP advertisement is exchanged between the
switches. Both the server switch and client exchange and monitor advertisement from one
another to ensure each has an accurate record of VLAN information. VTP advertisement will
not be exchanged if the trunk between the switches is inactive.
In the diagram above, a trunk link is configured between switch S1, (VTP Server), S2 and
S3 - VTP client.
After a trunk is established between the switches, VTP summary advertisement is
exchanged among the switches.
2041:0000:130F:0000:0000:07C0:853A:140B.
The Leading zeros in a field are optional. That means: the field 07C0 equals 7C0, and the
field 0000 can be written as 0.
2041:0:130F:0000:0000:7C0:853A:140B.
In addition, the fields of zeros can be represented as two colons " :: ". like so:
2041:0:130F:0000:0000:7C0:853A:140B
Other Examples:
Also...
If there are no router on the network, the host will send a DHCP solicit
multicast message with an addressed source of FF02::1:2, this multicast message is sent
to all DHCPv6 servers and relays on the network.This works the same way as it does in IPv4
DHCP.
The above interface configuration is quite different from that of IPv4. Overall, we have
configured DHCPv6 server and applied it to an Interface
- See more at: http://orbit-computer-solutions.com/DHCPv6%3A-How-DHCPv6works.php#sthash.aPPQCcij.dpuf
The configuration above enable the router to stop the exchange of hello packets between
routers which will result in the loss of a neighbor relationship.
Therefore, it is only used on interfaces where no routers are connected.
This stops not only routing updates from being advertised, but it also suppresses incoming
routing updates.
RIPng.
IPv6 ACLs
OSPFv3
IPv4 EIGRP
Hot Standby Router Protocol (HSRP)
Host Standby Router Redundancy Protocol (HSRP)
IPv6
EIGRPv6
RIPv6
OSPFv3
DHCPv6
- See more at: http://orbit-computer-solutions.com/Understanding-EIGRPv6-Passive-Interface.php#sthash.fGxQnaK4.dpuf
Queries agents
Gets responses from agents
Acknowledges asynchronous events from agents
Sets variables in agents
SNMP Agent: This a program installed or configured within the network device/agent
enabling it to collect the management information which is stored in its database locally and
makes it available to the SNMP manager, when it is queried for.
Functions of a SNMP agent:
Stores and retrieves network management information as defined in the MIB.
Informs and relates an event to the manager.
Collects management information about its local environment
Acts as a proxy for some nonSNMP manageable network node
Management Information Base- MIB
This a virtual database of network management information commonly shared between the
Agent and the Manager.
The SNMP manager uses SNMP Agents information contained in their database to request
the agent for specific information and further translates the information as needed for the
Network Management System (NMS).
copyright Cisco.com
SNMP versions.
SNMPv1:
This is the first version of the protocol, which is defined in RFCs 1155 and 1157
SNMPv2c:
This is the revised and enhancements of SNMPv1 in the areas of protocol packet types,
transport mappings, MIB structure elements but using the existing SNMPv1 administration
structure ("community based security mechanism" )
SNMPv3:
Security is the main definition and concern of SNMPv3 version.
SNMPv3 also enables remote configuration of the SNMP units.
The main features of SNMPv3 includes:
Message integrity: This helps ensure that a packet has not been tampered with in transit
Authentication: This helps ensure that the packet came from a known and trusted source
Encryption: This helps to ensure that information cannot be read if the data is captured in
transit
- See more at: http://orbit-computer-solutions.com/Understanding-Simple-Network-ManagementProtocol-SNMP.php#sthash.16lzisfT.dpuf
There are similarities when configuring IPv4 and IPv6 static and default routes on Cisco
Integrated Services Routers (ISRs), the only difference is the IP addressing formats and
IPv6 routing had to be enabled on the router with the ipv6 unicast-routing command in
global configuration mode.
Directly Connected IPv6 Static Route A directly connected static route is enabled
when an outgoing interface is specified.
A directly connected static route is normally used with a point-to-point serial interface.
To configure a directly attached IPv6 static route, use the following command format:
e.g.
Recursive IPv6 Static Route A recursive static route is created when specifying the
next-hop IP address.
This method enable the router to perform a recursive lookup in the routing table in order to
identify the outgoing interface.
In a recursive IPv6 static route, the route entry has the next-hop router IPv6 address.
To configure a recursive IPv6 static route, use the following command format:
e.g.
Default IPv6 Static Route A default IPv6 static route is created by specifying the
destination IPv6 prefix and prefix length all zeros, ::/0.
e.g.
All router interfaces must be enabled with IPv6 unicast-routing command before further
configurations.
If you look closely at the topology, the routers GigabitEthernet0/1 (G0/1) interface has a
globally routable unicast address and EUI-64 is used to create the interface identifier portion
of the address.
The S0/0/1 interface has a privately routable, unique-local address, which is recommended
for point-to-point serial connections.
R1 Configuration.
1. Enable IPv6 routing, then configure the router G0/1 and serial interface with IPv6
address.
R2 Configuration.
2. Enable IPv6 routing, then configure the router G0/1 and serial interface with IPv6
address.
R2(config-if)# exit
Now that both routers have static routes configured on them, communication across the
network will successfully.
Firstly, delete the directly enabled static route On router R1, and configure a recursive static
route.
also, delete the directly enabled static route On router R2, and configure a recursive static
route.
In a default static route, the destination IPv6 prefix and prefix length are all zeros.
Firstly, delete the recursive static route on router R1 and configure a default static route.
Delete the recursive static route and add a default static route on R2.
(because of the difficulties it causes on a network through looping) from the trio and
introduced Anycast.
Lets look at these IPv6 address types in detail below:
Unicast Address: Packets addressed to a unicast address is destined for a single interface.
This can also refered to as one to-one ipv6 address. Other different type of unicast
addressing is Global, Link local, Site local.
Link-local Addresses:
These are private address that is not meant to be routed on the internet. They can be used
locally by private or temporary LANs for sharing and distribution of file among devices on
the LAN.
Multicast Address:
This can also be refered to as One-to-Many. Packets addressed to multicast address are
delivered to all interface identified by the multicast address. Multicast address types are
easily notable because they normally begins with FF.
Anycast:
This form of ipv6 address is similar to the multicast address with a slight difference. Anycast
address can also be refered to as One to Nearest. It can be used to address packets meant
for multiple interfaces; but usually it sends packets to the first interface it finds as defined in
the routing distance. This means it send packets to the closest interface as determined by
routing protocols.
Anycast address is a very special ipv6 addressing type such that it can also be used to
deliver a packet to more than one interface which also helped earn the name as One-to-One
or Many address!
Loopback Address:
Just as in IPv4, a provision has been made for a special loopback IPv6 address for testing.
However, in IPv6 there is just one address, not a whole block, for this function. The
loopback address is 0:0:0:0:0:0:0:1, which is normally expressed using zero compression
as "::1".
8. 2002::/16 - this address range are normally use during the ipv6 transition
or migration(6to4) configuration.
- See more at: http://orbit-computer-solutions.com/Types-of-IPv6-Address.php#sthash.SCEbSyQS.dpuf
The process of autoconfiguration begins with the network router obtaining the network
device prefix interface address or physical mac address and goes on to add its own prefix
interface address.
Have in mind that IPv6 is address is 64 bits in length, and a mac address is 48 bits, the
extra 16 bits is added at the middle of the mac address with FFFE to complete the
autoconfiguration of the Ethernet device ipv6 address.
Example:
i.
The host sends a multicast message to each router multicast address known as
Router Solicitation message (RS) for a prefix information. This message is sent inform of an
ICMP type 133.
ii.
The router replies with multicast packet to each multicast address with the required
prefix information through the router advertisement (RA). This message is also sent inform
of an ICMP type 134.
iii.
The host receives the RA and added prefix, allowing its interface to be
autoconfigured.
There are two basic steps used to activate IPv6 on a Cisco router:
i.
ii.
When a network router interface is configured with an ipv6 address, a link-local address will
From the above IPv6 address configuration example, router1 is shown connected to an IPv6
WAN to router2 with the a subnet prefix address of 2001:db8:3c4d:2::/64.
R1(config)#ipv6 unicast-routing (is configured on the router to activate IPv6 routing and
configure the router fa0/1 interface).
The EUI-64 option is used to create the 64-bit MAC address.
Note.
Using the show ipv6 interface fa0/1 command, the MAC address is displayed as part of
the IPv6 address with the Hex characters FFFE (16 bits) added in the middle, which
expands the 48-bit MAC address to create the IPv6 64-bit link-local address.
VTP Concept
VLAN Trunking Protocol (VTP) is a Cisco Proprietary which basic aim is to manage all
configured VLANs across a switched network. VTP helps to propagate and maintain VLAN
configurations consistency to other switches on the network.
VTP is a messaging protocol that uses layer 2 trunk frames to add, delete and rename
VLANs on a single domain. It helps to centralize changes which are sent to other switches
on the network.
A switch had to be configured in the role of a VTP server to manage your VLAN
configuration on your network. The sever(s) will share VLAN information with other switches
on the network which must use the same domain name.
VTP learns only normal-range VLANs (VLAN IDs 1 to 1005).
The primary role of VTP is to maintain VLAN configuration consistency across a network
administration domain.
VTP stores VLAN configurations in the VLAN database called vlan.dat.
After a trunk is established between switches, VTP advertisement is exchanged between the
switches. Both the server switch and client exchange and monitor advertisement from one
another to ensure each has an accurate record of VLAN information. VTP advertisement will
not be exchanged if the trunk between the switches is inactive.
In the diagram above, a trunk link is configured between switch S1, (VTP Server), S2 and
S3 - VTP client.
After a trunk is established between the switches, VTP summary advertisement is
exchanged among the switches.
correctly.
Sw1#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : lab
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x8C 0x29 0x40 0xDD 0x7F 0x7A 0x63
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Confirm the same for S1 and S2
To verify the VTP password, use the show vtp password command.
Sw1#show vtp password
VTP Password: orbit123
S1#
- See more at: http://orbit-computer-solutions.com/VLAN-Trunking-Protocol--VTP.php#sthash.hGm7oB13.dpuf
Switch1#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
10 orbit active
20 cisco active
30 student active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
005 trnet-default active
<input omitted>
Switch#
Switch1(config-if)#no shut
Switch1(config-if)#exit
Switch1(config)#exit
Switch1#
use the above commands to assign the rest of the VLANs a switchport access.
VTP Concept
VLAN Trunking Protocol (VTP) is a Cisco Proprietary which basic aim is to manage all
configured VLANs across a switched network. VTP helps to propagate and maintain VLAN
configurations consistency to other switches on the network.
VTP is a messaging protocol that uses layer 2 trunk frames to add, delete and rename
VLANs on a single domain. It helps to centralize changes which are sent to other switches
on the network.
A switch had to be configured in the role of a VTP server to manage your VLAN
configuration on your network. The sever(s) will share VLAN information with other switches
on the network which must use the same domain name.
VTP learns only normal-range VLANs (VLAN IDs 1 to 1005).
The primary role of VTP is to maintain VLAN configuration consistency across a network
administration domain.
VTP stores VLAN configurations in the VLAN database called vlan.dat.
After a trunk is established between switches, VTP advertisement is exchanged between the
switches. Both the server switch and client exchange and monitor advertisement from one
another to ensure each has an accurate record of VLAN information. VTP advertisement will
not be exchanged if the trunk between the switches is inactive.
In the diagram above, a trunk link is configured between switch S1, (VTP Server), S2 and
S3 - VTP client.
After a trunk is established between the switches, VTP summary advertisement is
exchanged among the switches.
correctly.
Sw1#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : lab
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x8C 0x29 0x40 0xDD 0x7F 0x7A 0x63
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Confirm the same for S1 and S2
To verify the VTP password, use the show vtp password command.
Sw1#show vtp password
VTP Password: orbit123
S1#
- See more at: http://orbit-computer-solutions.com/VLAN-Trunking-Protocol--VTP.php#sthash.Cme3thzA.dpuf
VLAN ID Ranges.
VLANs ID is divided into either a normal range or an extended range.
Dynamic VLAN
A dynamic port VLAN membership is configured using a special server called a VLAN
Membership Policy Server (VMPS). With the VMPS, you assign switch ports to VLANs
dynamically, based on the source MAC address of the device connected to the port. The
benefit comes when you move a host from a port on one switch in the network to a port on
another switch in the network; the switch dynamically assigns the new port to the proper
VLAN for that host.
Voice VLAN
A port is configured to be in voice mode so that it can support an IP phone attached
to it . Before you configure a voice VLAN on the port, you need to first configure a
VLAN for voice and a VLAN for data.
The configuration command mls qos trust cos ensures that voice traffic is identified and
given priority traffic. Remember that the entire network must be set up to prioritize voice
traffic. You cannot just configure the port with this command.
The switchport voice vlan 99 commands identifies VLAN 99 as the voice VLAN.
Name: Fa0/15
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: off
Access mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1(default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 99 (VLAN099)
The switchport access vlan 10 command configures VLAN 10 as the access mode (data)
VLAN. You can see this verified in the bottom screen capture: Access Mode VLAN: 10
(VLAN0010).
- See more at: http://orbit-computer-solutions.com/VLAN-Switch-Port-MembershipModes.php#sthash.FqaKo3en.dpuf
Types of VLAN.
There are different types of VLANs. The type of network traffic they carry defines a
particular type of VLAN and others derive their
names due to the type or a specific function the VLAN performs. The following describes
common VLAN:
Default VLAN
At the initial boot up of the switch, All switch ports become a member of the default VLAN,
which makes them all part of the same broadcast domain. This allows any network device
connected to any of the switch port to communicate with other devices on other switch
ports.
On Cisco switches the default VLAN is VLAN 1. VLAN 1 has all the features of any VLAN,
except that you cannot rename or delete it.
Data VLAN
A data VLAN that can also be referred to as user VLAN. This is configured to carry only usergenerated traffic. The importance of separating user data from other type of VLAN is proper
switch management and control.
Native VLAN
A native VLAN is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic
coming from many VLANs as well as traffic that do not come from a VLAN. The 802.1Q
trunk port places untagged traffic (traffic that does not come from a VLAN) on the native
VLAN. In summary, the native VLAN observes and identifies traffic coming from each end of
a trunk link.
Management VLAN
A management VLAN is any VLAN you configure to access the management capabilities of a
switch. Your configured management VLAN is to be assign with an IP address and subnet
mask. Any of a switch VLAN could be configured as the management VLAN if you has not
configured or define a unique VLAN to serve as the management VLAN. In some cases, a
network administrator proactively defines VLAN 1 as the management VLAN; this enables a
loophole for an unauthorized connection to a switch.
Voice VLAN
Voice VLAN is configured to carry voice traffic. Voice VLANs are mostly given transmission
priority over other types of network traffic. Communication over the network is not
complete without phone calls. More calls are made over the network than other forms of s
message transmission. Sending emails and text messages are also forms of inter-relations
but listening to a real voice provides legitimacy and assurance.
It is considered among network administrators to design a network that support VoIP with
an assured bandwidth to ensure voice quality, and capability to be routed around congested
areas on the network with minimal delays (150-180 milliseconds).
VLAN Configuration
- See more at: http://orbit-computer-solutions.com/Types-of-VLAN.php#sthash.dMah4QB5.dpuf
Inter-VLAN Routing.
We define inter-VLAN routing as a process of forwarding network traffic from one VLAN to
another VLAN using a router or layer 3 device.
In the previous pages, we learned about how to configure VLANs on a network switch. To
allow devices connected to the various VLANs to communicate with each other, you need to
connect a router.
As weve learned that each VLAN is a unique broadcast domain, so, computers on separate
VLANs are, by default, not able to communicate. There is a way to permit these computers
to communicate; it is called inter-VLAN routing.
One of the ways of the ways to carry out inter-VLAN routing is by connecting a router to the
switch infrastructure. VLANs are associated with unique IP subnets on the network.
This subnet configuration enables the routing process in a multi-VLAN environment. When
using a router to facilitate inter-VLAN routing, the router interfaces can be connected to
separate VLANs. Devices on those VLANs communicates with each other via the router.
Traditional Inter-VLAN Routing
How to configure
InterVLAN routing on
Cisco router.
When configuring InterVLAN routing, its advisable you firstly, configure the switch SW1 that
will be connected to the router, as shown in the diagram.
Router R1 is connected to switch ports F0/4 and F0/3, which have been configured for
VLANs 10 and 20, respectively.
SW1(config-vlan)#exit
SW1(config)#interface fa0/8
SW1(config-if)#switchport access vlan 10
SW1(config-if)#interface fa0/4
SW1(config-if)#switchport access vlan 10
SW1(config-if)#interface fa0/11
SW1(config-if)#switchport access vlan 20
SW1(config-if)#interface fa0/3
SW1(config-if)#switchport access vlan 20
SW1(config-if)#end
#SYS-5-CONFIG_I: configured from console by console
SWI#
In the above example, interfaces F0/4 and F0/8 has been configured on VLAN 10 using the
switchport access vlan 10 command. The same process is used to assign VLAN 20 to
interface F0/3 and F0/11 on switch SW1.
To be on a safe side use the copy running-config startup-config command in privileged
EXEC mode to save your configuration
Example of router R1 interface configuration command:
R1#config t
R1(config)#interface fa0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shut
.
R1(config-if)#interface fa0/1
RI(config-if)#ip address 192.168.2.1 255.255.255.0
RI(config-if)#no shut
RI(config-if)#end
As shown in the figure above, each router interface - fa0/0 and fa0/1 belong to a different
subnet and is configured with an ip address and subnet mask in the interface
configuration mode, and no shutdown command is used to enable the router interface.
After the no shutdown is issued in interface configuration mode, you will notice a display
indicating that the interface state has changed to up. This indicates that the interface is now
enabled.
You can examine the routing table using the show ip route privileged EXEC mode
command. This command displays the locally connected interfaces of the router.
You can also use the show interface command in privileged EXEC mode to view
more detailed information about the router interfaces, such as diagnostic
information, status, MAC address, and transmit or receive errors,
In summary:
If the router receives a packet on interface F0/0 destined for the 192.168.2.0 subnet, the
router would identify that it should send the packet out via interface F0/1 to reach hosts on
the 192.168.2.0 subnet.
Router-on-a-stick
Inter-VLAN Routing.
Router-on-a-stick is a type of router configuration in which a single physical interface
manages traffic between multiple VLANs on a network. The router interface have to be
configured to operate as a trunk link and is connected to a switch port (SW1) which will
have to be configured in trunk mode. The router receives VLAN tagged traffic on the trunk
interface from the nearby switch SW1, and forwards the routed traffic out to VLAN tagged
destination using the same interface
The diagram below shows the router being connected and configured with a single interface.
Explanation
i. PC1 on VLAN10 is communicating with PC3 on VLAN30 through router R1 using a single,
physical router interface.
ii. PC1 sends its unicast traffic to switch SW2
.
iii. Switch SW2 then tags the unicast traffic as originating on VLAN10 and forwards the
unicast traffic out its trunk link to switch SW1.
iv. Switch SW1 forwards the tagged traffic out the other trunk interface on port F0/5 to the
interface on router R1.
v. Router R1 accepts the tagged unicast traffic on VLAN10 and routes it to VLAN30 using its
configured subinterfaces.
vi. The unicast traffic is tagged with VLAN30 as it is sent out the router interface to switch
SW1.
vii. Switch SW1 forwards the tagged unicast traffic out the other trunk link to switch SW2.
viii. Switch SW2 removes the VLAN tag of the unicast frame and forwards the frame out to
PC3 on port Fa0/6.
- See more at: http://orbit-computer-solutions.com/Router-on-a-stick-InterVLANRouting.php#sthash.r7jSwCnh.dpuf
Switch Configuration Issues. As I have mentioned earlier on other troubleshooting page(s), one of the
commonest mistake administrators make during networking is made during configuration stage, either
on the router, switch or logical subnet addressing. On this page(s), well look at the challenges;
common issues and troubleshooting methods related with configuring multiple VLANs on a network. If
you suspect that there is a problem with a switch configuration, use the show interface (interface-id)
switchport command for verification. The show running-config and the show interface (interface-id)
switchport commands are useful Cisco IOS troubleshooting tools for identifying VLAN assignment and
port configuration issues. When using the traditional routing model for inter-VLAN routing, ensure that
the switch ports that connect to the router interfaces are configured on the correct VLANs. If the
switch ports are not configured or assigned correctly to VLANs, network devices configured on the
VLANs will not receive or connect to the router interface, which in turns hinder traffic to other VLANs
on the network. Using the Topology above, PC2 and router R1 interface F0/1 are configured to share
the same subnet. However, the switch port F0/3 that connects to router R1 interface F0/1 has not
been configured and remains in the default VLAN. Because router R1 is on a different VLAN than PC2,
they are unable to communicate.< !--google_ad_client = "ca-pub-1370010561128960"; /*
Leaderboard */ google_ad_slot = "3844975135"; google_ad_width = 728; google_ad_height = 90;
//-->Solution To solve this problem, use the switchport access vlan 20 interface configuration
command on switch port F0/3 on switch SW1. When the switch port is configured or assigned to the
correct VLAN, PC2 can communicate with router R1 interface F0/1, which will then enable access to
other VLANs connected to router. - See more at: http://orbit-computersolutions.com/Troubleshooting-Inter-VLAN-Routing.php#sthash.VxrnZGkF.dpuf
! - The "!" (Exclamation mark) indicates that the ping completed successfully and
verifies Layer 3 connectivity
. - The "." (Period) can indicate problems in the communication. It may indicate
connectivity problem occurred somewhere along the path. It also may indicate a
router along the path did not have a route to the destination and did not send an
ICMP destination unreachable message. It also may indicate that ping was blocked
by device security
- The "U" indicates that a router along the path did not have a route to the destination
address and responded with an ICMP unreachable message.
As a first step in the testing sequence, the ping command is used to verify the internal IP
configuration on the local host. This can be accomplished by using the ping command on a
reserved address called the loopback -127.0.0.1-. Pinging the loopback helps to verify the
proper operation of the protocol stack from the Network layer to the Physical layer and back
without actually putting a signal on the media.
Ping commands are entered into a command line.
C:>ping 127.0.0.1
The reply from this command would look something like this:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The result shows that four test packets were sent - each 32 bytes in size - and were
returned from host 127.0.0.1 in a time of less than 1 ms. TTL stands for Time to Live and
defines the number of hops that the ping packet has remaining before it will be dropped.
Testing NICs
The next step in the testing sequence is to verify that the Network Interface Card- NICaddress is bound to the IPv4 address and that the NIC is ready to transmit signals across
the media.
The IPv4 address assigned to a NIC in this case is 10.0.0.6.
To verify the IPv4 address, use the following steps:
Use the following command:
C:>ping 10.0.0.6
If this test fails, it is likely that there are issues with the NIC hardware and software driver
that may require reinstallation of either or both. This procedure is dependent on the type of
host and its operating system
Entering a longer timeout period than the default allows for possible latency issues to be
detected. If the ping test is successful with a longer value, a connection exists between the
hosts, but latency may be an issue on the network.
Note that entering "y" to the "Extended commands" prompt provides more options that are
useful in troubleshooting.
A Successfully ping shows that the local and other hosts IP address in the network are
configured properly.
In a router, you can use IOS to test the next hop of the individual routes. Each route has
the next hop listed in the routing table. You can use the output of the show ip route
command to determine the next hop. Frames carrying packets that are directed to the
destination network listed in the routing table are sent to the device that represents the
next hop. If the next hop is not accessible, the packet will be dropped.
To test the next hop, determine the appropriate route to the destination and try to ping the
appropriate next hop for that route in the routing table. A failed ping indicates that there
might be a configuration or hardware problem.
The ping may also be prohibited by security in the device. If the ping is successful you can
move on to testing connectivity to remote hosts.
Testing Remote Hosts connectivity
Once verification of the local LAN and gateway is complete, testing can proceed to remote
devices, which is the next step in the testing process.
The figure depicts a sample network topology. There are 3 hosts within a LAN, a router
(acting as the gateway) that is connected to another router (acting as the gateway for a
remote LAN), and 3 remote hosts. The verification tests should begin within the local
network and progress outward to the remote devices.
Testing remote connectivity
Begin by testing the outside interface of a router that is directly connected to a remote
network. In this case, the ping command is testing the connection to 200.10.10.129, the
outside interface of the local network gateway router.
If the ping command is successful, connectivity to the outside interface is verified. Next,
ping the outside IP address of the remote router, in this case, 200.10.10.130 If successful,
connectivity to the remote router is verified. If there is a failure, try to isolate the problem.
Retest until there is a valid connection to a device and double-check all addresses.
The ping command will not always help with identifying the underlying cause to a problem,
but it can isolate problems and give direction to the troubleshooting process. Document
every test, the devices involved, and the results.
Test Router Remote Connectivity
A router forms a connection between networks by forwarding packets between them. To
forward packets between any two networks, the router must be able to communicate with
both the source and the destination networks. The router will need routes to both networks
in its routing table.
To test the communication to the remote network, you can ping a known host on this
remote network. If you cannot successfully ping the host on the remote network from a
router, you should first check the routing table for an appropriate route to reach the remote
network. It may be that the router uses the default route to reach a destination. If there is
no route to reach this network, you will need to identify why the route does not exist. As
always, you also must rule out that the ping is not administratively prohibited.
- See more at: http://orbit-computer-solutions.com/Testing-LocalNetwork.php#sthash.YPqOfvYq.dpuf
Troubleshooting
Wireless Network
Problems.
A Methodical Approach to WLAN Troubleshooting.
Troubleshooting any sort of network problem should follow a methodical approach, its
highly recommended that you start by working up the TCP/IP stack from the layer 1
(Physical layer) to the layer 7 (Application layer). This helps to eliminate any issue that you
may be able to resolve yourself.
There are three steps of the methodical troubleshooting approach when working with
Wireless Ethernet LANs.
Use the ipconfig command to confirm the user PC network configuration. Check if
the PC has received an IP address via DHCP or is configured with static IP address.
Verify that the PC has connectivity to the wired network. Connect the device to the
wired LAN and ping a known IP address.
try a different wireless NIC. If necessary, reload drivers and firmware as appropriate
for the client device.
If the wireless NIC of the client is working, check the security mode and encryption
settings on the client. If the security settings do not match, the client cannot get
access to the WLAN.
If the user PC is functioning but the performance is poor, check the following:
How far is the PC from an access point? Is the PC out of the planned coverage area .
Check the channel settings on the client. The client software should detect the
appropriate channel as long as the SSID is correct.
Check for the presence of other devices in the area that operate on the 2.4 GHz
band. Examples of other devices are cordless phones, baby monitors, microwave
ovens, wireless security systems, and potentially rogue access points. Data from
these devices can cause interference in the WLAN and intermittent connection
problems between a client and access point.
Inspect links between cabled devices looking for bad connectors or damaged or
missing cables.
If the physical plant is in place, use the wired LAN to see if you can ping devices
including the access point.
If connectivity still fails at this point, there might be something wrong with the access
point or its configuration.
After eliminating the user PC as the problem, and also confirmed the physical status of othe
network devices, begin investigating the performance of the access point. Check the power
status of the access point.
When the access point settings have been confirmed, if the radio continues to fail, try to
connect to a different access point. You may try to install new radio drivers and firmware.
Enabling DHCP in
Windows PC.
Dynamic Host Configuration Protocol (DHCP) as mentioned earlier, is system software utility
that automatically assigns network IP addresses to computers that are connected to one
another, when internet connection is involved, an IP address will be assigned.
DHCP normally is enabled by default, it can be disabled for some reason especially when a
static address IP address assigned manually - is being used.
To enable DHCP in windows, follow the steps below:
1. Click the Start button to open the start menu
5.Click Properties
7. Click Properties
8.
Interferences caused
by household or office
appliances.
Other sources of RF interference can be found all around the workplace or in the home.
From the snowy disruption of a television signal that occurs when a neighbour runs a
vacuum cleaner. Such interference boils down to efficient planning on placement of devices.
For instance, plan to place microwave ovens away from access points and potential clients.
Sadly, all known RF interference issues cannot be planned for because there are just too
many them.
The problem with devices such as cordless phones, baby monitors, and microwave ovens, is
that they do not contend for the channel-they just use it.
Solution
Try setting your WLAN access point to channel 1 or channel 11. Many consumer items, such
as cordless phones, operate on channel 6.
- See more at: http://orbit-computer-solutions.com/Incorrect-ChannelSetting.php#sthash.aAivhXuE.dpuf
Entering a longer timeout period than the default allows for possible latency issues to be
detected. If the ping test is successful with a longer value, a connection exists between the
hosts, but latency may be an issue on the network.
Note that entering "y" to the "Extended commands" prompt provides more options that are
useful in troubleshooting.
A Successfully ping shows that the local and other hosts IP address in the network are
configured properly.
If all devices are configured properly, check the physical cabling to ensure that it is secure
and properly connected. Keep an accurate record of what attempts have been made to
verify connectivity. This will assist in solving this problem and, perhaps, future problems.
Testing Route Next Hop
In a router, you can use IOS to test the next hop of the individual routes. Each route has
the next hop listed in the routing table. You can use the output of the show ip route
command to determine the next hop. Frames carrying packets that are directed to the
destination network listed in the routing table are sent to the device that represents the
next hop. If the next hop is not accessible, the packet will be dropped.
To test the next hop, determine the appropriate route to the destination and try to ping the
appropriate next hop for that route in the routing table. A failed ping indicates that there
might be a configuration or hardware problem.
The ping may also be prohibited by security in the device. If the ping is successful you can
move on to testing connectivity to remote hosts.
Testing Remote Hosts connectivity
Once verification of the local LAN and gateway is complete, testing can proceed to remote
devices, which is the next step in the testing process.
The figure depicts a sample network topology. There are 3 hosts within a LAN, a router
(acting as the gateway) that is connected to another router (acting as the gateway for a
remote LAN), and 3 remote hosts. The verification tests should begin within the local
network and progress outward to the remote devices.
Testing remote connectivity
no route to reach this network, you will need to identify why the route does not exist. As
always, you also must rule out that the ping is not administratively prohibited.
- See more at: http://orbit-computer-solutions.com/Testing-LocalNetwork.php#sthash.DtFN3RbP.dpuf
The host must contact the DHCP server intermittently to extend the lease. This lease
mechanism ensures that hosts / clients that are mobile or power off do not hold onto
addresses that they do not need. These addresses are return back to the pool by the to be
reallocated to other clients when needed.
If there are no router on the network, the host will send a DHCP solicit
multicast message with an addressed source of FF02::1:2, this multicast message is sent
to all DHCPv6 servers and relays on the network.This works the same way as it does in IPv4
DHCP.
The above interface configuration is quite different from that of IPv4. Overall, we have
configured DHCPv6 server and applied it to an Interface
- See more at: http://orbit-computer-solutions.com/DHCPv6%3A-How-DHCPv6works.php#sthash.kWnKF8qL.dpuf
To change the default DHCP lease time for a pool of IP addresses, use the lease
configuration command:
R1#configure terminal
With The lease command, you are left three options: lease days, hours, minutes with hours
and minutes being optional. You can specify a maximum period of 365 days, 23 hours and
59 minutes, and a minimum of 1 second. The default is 1 day.
R1#configure terminal
R1(config)#ip dhcp pool HQ
R1(dhcp-config)#lease infinite
R1(dhcp-config)#end
R1#
- See more at: http://orbit-computer-solutions.com/Defining-DHCP-Lease-Periods-on-Ciscorouter.php#sthash.6bTOLUFk.dpuf
Types of Addresses in
IPv4.
Within the IPv4 address range , there are three types of addresses:
Network Address - The address by which we refer to the network.
Broadcast Address - A special address used to send data to all hosts in the network.
Host Address - The addresses assigned to the end devices in the network.
Network Address
The network address is a standard way to refer to an IPv4 address assigned to a network.
For example, we could refer to the network 192.168.1.0 or 172.16.0.0 as a Network
Address. This is a much more convenient and descriptive way to refer to the network than
using a term like "the first network." All hosts in the 172.16.0.0 network will have the same
network bits.
when assigning IPv4 address to a host , the lowest address is reserved as the network
address. This address has a 0 for each host bit in the host portion of the address, e.g
192.168.1.0 /24,
172.16.0.0 /16
Broadcast Address
The IPv4 broadcast address is a special address for each network that allows communication
to all the hosts in that network. To send data to all hosts in a network, a host can send a
single packet that is addressed to the broadcast address of the network.
The broadcast address uses the highest address in the network range. This is the address in
which the bits in the host portion are all 1s. For the network 192.168.1.0 with 8 network
bits, the broadcast address would be 192.168.0.255. This address is also referred to as the
directed broadcast.
192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)
Host Addresses
As described previously, every end device requires a unique address to recieve and send
packets. In IPv4 addresses, we assign the values between the network address and the
broadcast address to the devices in that network e.g. hosts includes the end devices such as
PCs, IP phones, printers etc.
e.g 192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)
192.168.1.2 - 254 (Host Addresses)
- See more at: http://orbit-computer-solutions.com/Types-of-IP-addresses.php#sthash.5hGuIiAJ.dpuf
HQ(config)#end
Verify your configuration from the routing table:
HQ#show ip route
[output omitted]
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.11.0 is directly connected, Serial0/0/0
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.10.0 [1/0] via 10.10.11.2
C 192.168.30.0/24 is directly connected, FastEthernet0/0
HQ#
The S represents the static route with the administrative distance of 1. The router gives
priority to static routes over dynamic routes, where 0is best and 255 is worst!
To verify the connectivity, Ping from PC 1 to PC 5
PC1
PC1>ping 172.16.10.2
Pinging 172.16.10.2 with 32 bytes of data:
Reply from 172.16.10.2: bytes=32 time=140ms TTL=126
Reply from 172.16.10.2: bytes=32 time=140ms TTL=126
Reply from 172.16.10.2: bytes=32 time=156ms TTL=126
Reply from 172.16.10.2: bytes=32 time=156ms TTL=126
Ping statistics for 172.16.10.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 140ms, Maximum = 156ms, Average = 148ms
Also, Ping from PC 7 to PC 3
PC7>ping 192.168.30.4
Use the following command to configure a default route on the gateway router:
Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.165.199.1
Gateway(config)#
Verify your configuration
Gateway#show ip route
[Output omitted]
Gateway of last resort is 200.165.199.1 to network 0.0.0.0
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.11.0 is directly connected, Serial0/0/0
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.10.0 [1/0] via 10.10.11.2
C 192.168.30.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 200.165.199.1
HQ#
You can check the routing table using the show ip route command as above, you will find
directed connected networks plus the S*, this shows the entry for the default route. you can
also notice that the gateway of last resort is now set in the routing table as shown above.
What the default network invariably saying is to forward any packet for an unknown
network out 200.165.199.1, which is the next hop router.
- See more at: http://www.orbit-computer-solutions.com/How-To-Configure-DefaultRoutes.php#sthash.etD80MyM.dpuf
Solution
Port redirection can be controlled primarily through the use of proper trust models. Antivirus
software or a host-based intrusion detection system (IDS) can help detect an attacker and
prevent installation of such utilities on a host.
- See more at: http://orbit-computer-solutions.com/Port-Redirection.php#sthash.HrjxCAjX.dpuf
firewall (inside host), but is accessible to a trusted host outside the firewall (outside host),
the inside host can be attacked through the trusted outside host.
Solutions
Trust exploitation-based attacks can be controlled through strict protocols on trust levels
within a network, for example, private VLANs can be deployed in public-service segments
where multiple public servers are available.
Systems on the outside of a firewall should never be totally trusted by systems on the inside
of a firewall. Such trust should be limited to specific protocols and should be authenticated
by something other than an IP address.
- See more at: http://orbit-computer-solutions.com/Network-Attack%3A-Trust-
On the following pages, you will learn how to configure a wireless router or access point.
This includes:
Setup on this screen you will enter your basic network settings (IP
address).
i.
ii. Management start by clicking the Administration tab and then select the
Management screen. The default password is admin. To secure the access point, change
the password from its default.
iii. Wireless This is where you make changes of the default SSID. Select the level of
security in the Wireless Security tab and complete the options for the selected security
mode.
When you have finished making changes to a screen, click the Save Settings button, or
click the Cancel Changes button to undo your changes. For information on a tab, click
Help. We will go through these steps one after the other.
IP Addressing
Introduction
This section looks at IP addressing, subnet masking, Private and Special addresses. Examples are
provided to illustrate the methodology when setting up an IP network addressing scheme. We also look at
Wildcard masks and Directed Broadcasts.
IP Address Classes
Unique IP (Internet Protocol) addresses are assigned to each physical connection of a device to a
network, therefore if a device (host) has more than one connection to a network or networks, then it will
have more than one IP address.
An IP address is represented as four decimal integers, with each integer corresponding to one byte this
means an IP address is 32 bits long as per the following example:162.
146.
93.
14
dotted
10010010.
01011101.
00001110
binary
decimal
10100010.
IP addresses are divided into two parts, a Network ID and a Host ID each of which can be of varying bit
lengths but always making 32 bits altogether.
Hint:- Use the Windows calculator to convert binary to decimal and vice versa.
There are five primary classes of IP addresses and it is the high order 3 bits of the address which identify
the class as shown below:First Octet
Example Network
Host
Class A 0xxxxxxx
1-127
25.234.45.0
Class B 10xxxxxx
128-191
140.250.43.0
Class C 110xxxxx
192-223
192.2.3.0
Class D 1110xxxx
224-239
232.56.4.0
Class E 11110000
240-254
242.5.7.0
Class A addresses contain 7 bits in the network portion giving 2 - 2 = 126 possible networks since all
1's and all 0's are not allowed. Consequently 24 bits remain for the host portion allowing a total of 2
24
-2=
16,777,214 hosts. 127.0.0.0/8 is reserved for loopback address purposes where just 127.0.0.1 is used
normally. The address 255.255.255.255 is used as broadcast addresses and 0.0.0.0 as a default route
address, meaning any network. The address 0.0.0.0 is sometimes used by hosts that have yet to receive
an IP address e.g. a DHCP Client awaiting an address from the DHCP server.
14
16
Class C addresses contain 21 bits for the network portion giving a possible total of 2
21
- 2 = 2,097,152
networks, and 8 bits for the host portion giving a possible 2 - 2 = 254 hosts.
Class D addresses are used for multicasting and Class E addresses are used in research.
Historically, a company may have been allocated just one Class A, B or C IP address by the Network
Information Centre (NIC). Currently, all Class A addresses have been allocated and most if not all of the
Class B addresses have gone. If a company have a number of networks to manage then the network
administrator may wish to subnet his network, that is create subnet addresses within the scope of the IP
address that the administrator has been given.
Subnets
Subnetting Example
A customer has been given an IP address of 128.100.0.0 (a Class B address) for his company. He has
specified that he requires 3 separate networks with the maximum possible number of host connections on
each network.
The first two octets 128.100 are fixed since these are given by NIC as the Class B address, therefore we
have the last two octets to play with. Let us examine the possibilities more closely:
Octet 2
Octet 3
Octet 4
3. 10000000
01100100
00000000
00000000
4. 128.
100.
0.
2. We need to create a minimum of 3 different subnets but not at the expense of the number of host
addresses available to us. The following process would seem to give us 4 permutations of
subnets:
Looking at octet 3 specifically in binary, let us just use the first 2 bits for a subnet address:
128
64
32
16
11
192
->
128.100.192.0
10
128
->
128.100.128.0
01
64
->
128.100.64.0
00
->
128.100.0.0
However all 1's and all 0's used to be not allowed for a subnet. These subnets are called the All
One's Subnetand Subnet Zero. The reason for this was that older software found it difficult to
distinguish between networks 128.100.0.0/16 and the all-zeros subnet 128.100.0.0/18. The same
was true of the all-ones subnet.RFC 950 therefore rules out '11' and '00' as useable subnets, we
are therefore left with only two subnet addresses instead of the 3 we require.
64
32
16
5. 1 1
224
->
128.100.224.0
110
192
->
128.100.192.0
101
160
->
128.100.160.0
011
96
->
128.100.96.0
001
32
->
128.100.32.0
010
64
->
128.100.64.0
100
128
->
128.100.128.0
000
->
128.100.0.0
As before all 1's and all 0's are not permitted for subnets, therefore we are left with 6 possible
3
subnets (2 - 2):128.100.32.0
128.100.64.0
128.100.96.0
128.100.128.0
128.100.160.0
128.100.192.0
4. This leaves the rest of the bits (from power 16 downwards) in octet 3 and all the bits in octet 4 to
construct the individual host addresses, the permutations amount to many thousands of hosts
which should be plenty. Below is an example of a host address in subnet 128.100.192.0:5.
6. 128.100.194.23
7.
On first inspection it would appear that address 128.100.194.23 has nothing to do with the subnet
128.100.192.0, so let us look a little more closely at the final two octets of the host address:
Octet 3 = 194
128
Octet 4 = 23
64
32
16
128
64
32
16
1
1
1
As we can see we are indeed part of the 128.100.192.0 subnet since it is only the first three bits
of octet 3 which are used for the subnet address. All the bits from power 16 and downwards are
allocated to the host address, so the power 2 bit just turns octet 3 from decimal 192 to decimal
194. Confusion frequently arises in this situation where the dividing line between the network
portion of the IP address and the host portion rests part way through an octet (in this case
between power 32 and power 16 of octet 3). Often it is possible to make the network/host dividing
line between octets so that you can easily tell which host address belongs to which subnet.
Routers are used to minimise unnecessary traffic, and when running IP it is important to tell it
which subnet an address is supposed to go. The way this is done, is at configuration by entering
a 'subnet mask'.
The situation with the All-zeros and All-ones subnets nowadays is to allow them according to RFC 1878.
This is because modern applications understand how to distinguish between these subnets and the main
network.
Subnet masks
The subnet mask specifies the portion of the IP address that is going to be used for subnetworks (as
opposed to hosts). For every bit position in the IP address that is part of the network ID or subnetwork ID,
a '1' is set, and for every bit position in the IP address that is part of the host id portion, a '0' is set. The
router uses the boolean AND operation with an incoming IP address to 'lose' the host portion of the IP
address i.e. the bits that are '0', and match the network portion with its routing table. From this, the rout er
can determine out of which interface to send the datagram. This means that the 'Don't care bits' are
represented by binary 0's whilst the 'Do care bits' are represented by binary 1's.
For our example above, because we used the first three bits in octet 3 for our subnet addressing the
subnet mask would be:
Octet 1
Octet 2
Octet 3
Octet 4
11111111
11111111
11100000
00000000
255.
255.
224.
What is important is that the same mask is applied throughout the physical networks that share the same
subnet part of the IP address. All devices connected to the networks that compose the subnet must have
the same mask.
A Broadcast Address for a subnet is when all 1's are used in the host portion of the IP address. For
example, for the IP address 10.17.20.4 and a mask of 255.255.255.0 the subnet is 10.17.20.0 and the
host id is 4. The broadcast address within the 10.17.20.0 subnet is when the host id portion of the
address is made up of all binary 1's. In this example the host portion is the last octet and if th ese 8 bits
are set to 1 we have a broadcast address of 10.17.20.255. You can ping this, send messages to this and
so on, a single line to server a multitude of end stations.
Often you will see the network mask represented as a number of bits e.g. for the above example address
of 10.17.20.4 with a mask of 255.255.255.0, this can also be represented as 10.17.20.4/24, where the 24
represents 24 bits (3 octets) set to 1.
The network drawing above shows the IP address map for a WAN installation carried out for a large
financial institution. The customer had installed 'Windows NT' servers at a number of sites and was
requiring an ISDN link, star-wired out, from each of the sites from the main office server room. The IP
addressing scheme had to take into account the following factors:
The customer had already assigned IP addresses to some of the servers and site PC's on the
local LAN's.
The IP address given to this company was 146.162.0.0 (which is a Class B address), and the decision
was made to use the whole of octet 3 for the subnet addresses leaving octet 4 for the host addresses.
This made assigning IP addresses more easy to carry out and gave a maximum of 254 hosts per subnet
and there could be a maximum of 254 subnets, thus satisfying the customer's requirements. The subnet
mask for each subnet (Whether LAN or WAN) was consequently 255.255.255.0, it is important to design
the addressing scheme such that the subnet mask is common to all LAN's/WAN's throughout the network
unless a routing protocol such as OSPF is to be used. OSPF allows variable subnet masking.
Whilst studying the schematic you will note that the WAN links are 146.162.90.0 to 146.162.94.0 and the
router ISDN interfaces are .20 at the main office end and .10 at the remote office end. Also you will note
that the server IP addresses are all .5 and the ethernet hubs are all .8 while the router ethernet interfaces
are all .6. Organising addressing like this can make life much easier especially when you are hopping
from site to site.
RFC 950 and RFC 1812 describes IP subnetting whereas RFC 1009 defines Variable Length Subnet
Masking.
If you have a subnet mask, then it is possible to quickly list out the possible subnets and broadcast
addresses.
The number by which subnets increment for a given mask is calculated by subtracting the last numbered
octet in decimal from 256. For example, given the subnet 10.1.0.0 255.255.248.0, the last numbered octet
is 248, therefore 256 - 248 = 8, so subnets jump up in 8's i.e. 10.1.8.0, 10.1.16.0, 10.1.24.0 etc.
Once you have found out by how much subnets jump, finding a broadcast address for each subnet is
quickly done by subtracting 1 from this and adding this to each subnet. Using the above example, for
subnet 10.1.8.0, the subnets jump in 8's, 8 - 1 = 7 and 8 + 7 = 15 so, taking it as given that the final octet
will be all one's for the broadcast, the broadcast address is 10.1.15.255.
Wildcard Masks
You will often come across Wildcard masks, particularly if you work with OSPF and/or Cisco routers. The
use of wildcard masks is most prevalent when building Access Control Lists (ACLs) on Cisco rou ters.
ACLs are filters and make use of wildcard masks to define the scope of the address filter. Although ACL
wildcard masks are used with other protocols, we will concentrate on IP here.
Let us first take a simple example. We may want to filter a sub-network 10.1.1.0 which has a Class C
mask (24-bit) 255.255.255.0. The ACL will require the scope of the addresses to be defined by a wildcard
mask which, in this example is 0.0.0.255. This means that the 'Don't care bits' are represented by binary
1's whilst the 'Do care bits' are represented by binary 0's. You will note that this is the exact opposite to
subnet masks!
Taking a more complex example. Say we wish to filter out a subnet which is given by 10.1.1.32 having a
mask of 255.255.255.224 i.e. 10.1.1.32/27. How do we find the wildcard mask for this? Well to help us,
concentrating on the 4th octet, let us first look at the binary for this network and subnet mask. Then we
reverse the binary bits to get the wildcard bits and then convert back to decimal to obtain the wildcard
mask for the 4th octet:
32
00100000
224
11100000
00011111
The important bits have been highlighted in bold and this shows that the wildcard mask for the network
10.1.1.32/27 is 0.0.0.31.
The following table should help in seeing a pattern between the number of bits used for the mask in a
particular octet, the subnet mask in decimal and the equivalent wildcard mask:
No. of
Networ
0
000000
100000
110000
111000
111100
111110
111111
111111
111111
00
00
00
00
00
00
00
10
11
128
192
224
240
248
252
254
255
011111
001111
000111
000011
000001
000000
000000
000000
11
11
11
11
11
11
01
00
k Bits
Set to 1
Subnet
Mask
Binary
Subnet
Mask
Decima
l
Wildcar 111111
d Mask
11
Binary
Wildcar
255
127
63
31
15
d Mask
The binary for the wildcard mask is the exact reverse, bit for bit, of the subnet mask. You then calculate
the decimal from the reversed binary bits to obtain the dotted decimal wildcard mask.
Private Addresses
One of the ways to combat the fast reduction in available IP address space was to introduce the concept
of private addresses and the use of Network Address Translator (NAT) to allow many organisations to
use the same address space but not have this space visible on the Internet i.e. to use address translation
on the edge of the networks.
The Class A network address range 10.0.0.0 to 10.255.255.255 (10.0.0.0/8) is designated for private use
only. This address range cannot be used on the Internet as every ISP will automatically drop the address.
This address is becoming very popular as its use in conjunction with Network Address Translation
(NAT) has meant that large corporations can make use of the Class A address space available within
10.0.0.0 for their own private use internally and just use NAT for those relatively few addresses that do
need to operate on the Internet. This is one reason why the immediate need for IP version 6 has been
diminished.
There is also the private address range 172.16.0.0 to 172.31.255.255 (172.16.0.0/12) which is the CIDR
block of 16 x Class B addresses 172.16.0.0, 172.17.0.0, .... ,172.31.0.0.
The network address range 192.168.0.0 to 192.168.255.255 (192.168.0.0/16) is also for private use and
is a CIDR block of 256 x Class C addresses 192.168.0.0, 192.168.1.0, .... ,192.168.255.0.
Examine RFC 1918 for more information on address allocation for private networks.
The address range 192.0.2.0/24 is called the Test Net and is reserved for use in testing examples and
documentation.
The address range 169.254.0.0/16 is used for auto-configuration of IP addresses if a DHCP server should
fail and there is no backup for the DHCP Clients. This is described in RFC 2563Stateless Autoconfiguration.
Directed Broadcasts
The RFC 1812 overviews the requirements of routers to run IPv4. One of the requirements is that routers
MUST, by default accept Directed Broadcasts (although it is allowable to have a switch that turns this off).
A directed broadcast is one where the IP broadcast has been sent to a destination prefix (a net or
subnet). A directed broadcast destined for the network 10.20.20.0/24 would be 10.20.20.255, for
example.
Masking IP Addresses
Network Security.
Why is Network Security
Important?
Wherever there is a network, wired or wireless; there are threats. Some people are easily
put off setting up a home or office network with the fear that any thing stored in their hard
drive could be accessed by neighbours or hackers. The types of potential threats to network
security are always evolving, and constant computer network system monitoring and
security should be an ultimate priority for any network administrator.
If the security of the network is compromised, there could be serious consequences, such as
loss of privacy, and theft of information.
When it comes to network security, the main concern is making sure that any wireless
connections are protected against unauthorised access.
Most business transactions are done over the Internet, In addition, the rise of mobile
commerce and wireless networks demands that security solutions become flawlessly
integrated, more transparent, and more flexible.
Network attack tools and methods have evolved. Back in the days when a hacker had to
have sophisticated computer, programming, and networking knowledge to make use of
rudimentary tools and basic attacks.
Nowadays, network hackers, methods and tools has improved tremendously, hackers no
longer required the same level of sophisticated knowledge, people who previously would not
have participated in computer crime are now able to do so.
iii. Black hat or Cracker- The opposite of White Hat, this term is used to describe those
individuals who use their knowledge of computer systems and programming skills to break
into systems or networks that they are not authorized to use, this of course is done usually
for personal or financial gain.
iv. Phreaker- This terms is often used to describe an individual who manipulates the phone
network in a bid to perform a function that is not allowed. The phreaker breaks into the
phone network, usually through a payphone, to make free or illegal long distance calls.
v. Spammer- This is often used to describe the persons who sends large quantities of
unsolicited e-mail messages. Spammers often use viruses to take control of home
computers and use them to send out their bulk messages.
vi. Phisher- Uses e-mail or other means to trick others into providing sensitive information,
such as credit card numbers or passwords. A phisher masquerades as a trusted party that
would have a legitimate need for the sensitive information.
- See more at: http://orbit-computer-solutions.com/Network-Security.php#sthash.f9CEXJBn.dpuf
Routers.
Routers are generally known as intermediate systems, which operates at the network layer of the OSI
reference model, routers are devices used to connects two or more networks (IP networks) or a LAN to
the Internet.
The router is responsible for the delivery of packets across different networks. The destination of the IP
packet might be a web server in another country or an e-mail server on the local area network. It is the
responsibility of the router to deliver those packets in a timely manner. The effectiveness of
internetwork communications depends on the ability of routers to forward packets in the most efficient
way possible.
Routers are now being added to satellites in space. These routers will have the
ability to route IP traffic between satellites in space in much the same way that
packets are moved on Earth, thereby reducing delays and offering greater
networking flexibility.
Advantages of a Router
ii. To provide integrated services of data, video, and voice over wired and wireless
networks.
For security, router helps in mitigating the impact of worms, viruses, and other
attacks on the network by permitting or denying the forwarding of packets.
Cisco Routers
Router Connecting Two LANs
Types of Routers
Wireless Routers
Broadband
Linksys Routers
ADSL
- See more at: http://orbit-computer-solutions.com/Routers.php#sthash.9a2c2qC2.dpuf
The figure above shows 5 different subnets, each with different host requirements. The
given IP address from our ISP is192.168.1.0/24.
The host requirements are:
Network A - 14 hosts
Network B - 28 hosts
Network C - 2 hosts
Network D - 7 hosts
Network E - 28 hosts
As recommended, we begin the process by subnetting for the largest host requirement first.
As it seems, the largest requirements are for NetworkB and NetworkE, each with 28
hosts.
Dont forget the cram table!
Lets apply the formula: usable hosts = 2^n - 2. For networks B and E, 5 bits are borrowed
from the host portion and the calculation is 2^5 = 32 - 2. Only 30 usable host addresses
are available in this case due to the 2 reserved addresses. Borrowing 5 bits meets the
requirement but leaves little room for future growth.
So we revert to borrowing 3 bits for subnets leaving 5 bits for the hosts. This allows 8
subnets with 30 hosts each.
We have created and will allocate addresses for networks B and E first:
Network B will use Subnet 0: 192.168.1.0/27
Host address range 1 to 30 (192.168.1.1 192.168.1.30)
192.168.1.31 (broadcast address)
Network E will use Subnet 1: 192.168.1.32/27
Host address range 33 to 62 (192.168.1.33 192.168.1.62)
192.168.1.63 (broadcast address)
The next largest host requirement is NetworkA, followed by NetworkD.
We will borrowing another bit and subnetting the network address 192.168.1.64 will give us
the following a host range of:
Network A will use Subnet 0: 192.168.1.64/28
Host address range 65 to 78 (192.168.1.65 192.168.1.78)
192.168.1.79 (broadcast address)
Network D will use Subnet 1: 192.168.1.80/28
Host address range 81 to 94 (192.168.1.81 192.168.1.94)
192.168.1.95 (broadcast address)
This allocation supports 14 hosts on each subnet and satisfies the requirement.
*In Network C, there are only two hosts. In this case we borrow two bits to meet this
requirement.
Beginning from 192.168.1.96 and borrowing 2 more bits results in subnet 192.168.1.96/30.
Network C will use Subnet 1: 192.168.1.96/30
Host address range 97 to 98 (192..168.1.97 192.168.1.98)
192.168.1.99 (broadcast address)
From the above illustration, we have met all requirements without wasting many possible
subnets and available addresses.
In this case, bits were borrowed from addresses that had already been subnetted. As you
will recall from a previous section, this method is known as Variable Length Subnet Masking,
or VLSM.
*use illustration to create networks for the WAN on the network
- See more at: http://orbit-computer-solutions.com/VLSM-Example.php#sthash.zjUuYvXd.dpuf
How To Calculate
Subnets Using Binary
Method.
Connectivity between hosts on an IP network is determined by the application of network
and destination address. This is done by the communicating host comparing and applying its
subnet mask to both its IPv4 address and to the destination IPv4 address.
Remember, the subnet mask is a 32 bit value which is used to differentiate between the
network bits and the host bits of the IP address. The subnet mask is made up of a string of
1s followed by a string of 0s.
The 1s indicate the network bits and the 0s specify the host bits within the IP address. The
network bits are matched between the source and destination. If networks are the same,
the packet can then be delivered locally. If they dont match, the packet is sent to the
default gateway.
For example, lets assume PC 1, with the IP address of 192.168.1.40 and subnet mask of
255.255.255.0, needs to send a message to PC 2, with the IP address of 192.168.1.52 and
a subnet mask of 255.255.255.0. In this case, both hosts have a same default subnet mask
of 255.255.255.0. Both hosts have the same network bits of 192.168.1, and therefore are
on the same network.
Revised Cost
2
4
19
100
Previous Cost
1
1
10
100
SW2(config)#interface fa0/1
SW2(config-if)#spanning-tree cost 30
SW2(config-if)#end
SW2#
To reset the port cost back to the default value, enter the no spanning-tree cost interface
configuration command.
SW2#config t
SW2(config)#interface fa0/1
SW2(config-if)#no spanning-tree cost
SW2(config-if)#end
SW2#
You can use the show spanning tree command to very cost path.
Summary
Path cost is the sum of all the port costs along the path to the root bridge.
The paths with the lowest path cost become the preferred path, and all other redundant
paths are blocked.
Every non-root bridge (switch) selects a root port
The cost path from non-root bridge (switch) to the root bridge by default is 19 (IEEE)
STP then configures the redundant path to be blocked, preventing a loop from occurring.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Understanding-How-a-Root-Port-isSelected.php#sthash.gorgpbIZ.dpuf
to determine which redundant links to block. An election process determines which switch
becomes the root bridge.
Each switch has a Bridge ID (BID) that is made up of a priority value, an extended system
ID, and the MAC address of the switch.
All switches in the network take part in the election process. After a switch boots up, it
sends out BPDU frames containing the switch BID and the root ID every 2 seconds. By
default, the root ID matches the local BID for all switches on the network. The root ID
identifies the root bridge on the network. Initially, each switch identifies itself as the root
bridge after bootup.
Lets look at it this way, when switches A, B, C and D are on the same network or broadcast
domain boots up, the switches will forward their Bridge Protocol Data Unit (BPDU) frames to
neighbouring switches. All switches in the network or broadcast domain will read the root ID
information from the BPDU frame of all their neighbours.
After reviewing the entire root IDs from the BPDU received from each switch, the switch
with the lowest BID ends up being identified as the Root Bridge for the spanning tree
process. It may not be an adjacent switch, but any other switch in the broadcast domain.
Study the figure below and see if you can Identify the switch with the lowest priority.
Root Ports - Switch ports closest to the root bridge with the lowest cost path.
Designated Ports - All non-root ports that are still permitted to forward traffic on the
network.
Non-designated ports - All ports configured to be in a blocking state to prevent loops.
Summary.
* Each switch has a bridge ID (BID) of priority value followed by MAC address
* Switches exchange Bridge Protocol Data Unit (BDPU) to compare bridge IDs
* The switch with the lowest bridge ID becomes the root bridge.
* Eventually, all switches agree that the switch with the lowest BID is the root bridge.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Understanding-How-the-Root-Bridgeand-Ports-are-chosen.php#sthash.fAiaLgac.dpuf
Before we learn how to secure Cisco routers, lets briefly summarize the role routers play in
network security
The Role of Routers in Network Security
As you must have known, routers are used to route traffic between different networks based
on Layer 3 IP addresses and provide access to network segment and subnetworks. So said,
that makes routers the definite targets for network attackers. When the border router of an
organisations network is compromised or gained access to, unauthorized, it poses a
potential threat to its sensitive information and other network services and resources.
Routers can be compromised in many ways, (Trust exploitation and MITM attacks) and this
exposes the internal network configuration or components to scans and attacks.
In summary, two primary roles router plays in a network
IP Routing.
To a better understanding of what IP routing is, lets get acquainted with the basic terms:
IP
Routing
Router
Routing Protocols
IP
IP (Internet Protocol) is the network protocol used to send user data through the Internet
and other smaller networks (LAN or WAN).
IP operates at layer 3 of the OSI model and is often used together with the Transport
Control Protocol (TCP) and is referred basically as TCP/IP.
Internet Protocols (IP) uses a unique addressing assigned to computers and other devices
interface that helps to determine the source and destination of packets on a network. An
example of IP is the Internet Protocol version 4 (IPv4) and the newer Internet Protocol
version 6 (IPv6).
ROUTING
Routing is the process of taking a packet from one device sending it through the network to
another device in a different network.
Communications accross the Internet is one of the best examples of routing.
The internet helps to move data from your computer, across several networks, to reach a
destination network. A device that specializes in routing function is called router.
Routers perform routing function if it knows the destination address. Router chooses best
routes to remote networks from a list of routes which it stores in its routing table. If routers
are not involved in your network, then you are not routing.
Routers uses two ways to know the destination of packets; these are Static and Dynamic
routing.
ROUTER
Routers are intermediary network devices. Routers operate at the network layer (OSI
Model's layer 3). The primary function of a router is to move data from one network to
another and to help to control broadcast or unnecessary traffic. For a router to be able to do
this, it must know the following:
i. Destination address
ii. Possible routes to all networks
iii.Neighboring routers from which it will learn about remote networks
iv. The best route to reach a network
ROUTING PROTOCOLS
Routing protocols are used by routers to dynamically learn remote paths to set of networks
and forward data between the networks. These protocols include:
RIP (Routing Information Protocol
EIGRP (Enhanced Internal Gateway Routing Protocol)
OSPF (Open Shortest Path First)
BGP (Border Gateway Protocol)
What Is IP Routing?
Networks (LAN or WAN) on the internet are connected to each other via routers. The
movement of data from your computer to a known destination (computer) is known as
routing.
IP Routing is a summed up process for the set of protocols (IP/TCP) that determine the path
that data follows in order to travel across different networks from its source to its
destination.
The moving of data from source to destination across multiple networks is controlled by
routers. These series of routers makes use of IP Routing protocols to build up a routing
table consisting of remote network addresses.
R2#show IP route
[Output omitted]
Gateway of last resort is not set
C 192.168.1.32/27 is directly connected, fastEthernet0/1
C 192.168.1.0/27 is directly connected, fastEthernet0/2
C 10.10.1.0/30 is directly connected, serial 0/0/0
The C in the routing table means the networks are directly connected. Remote networks are
not found and displayed in the routine table because, we have not added a routing protocol
such as RIP, EIGRP, OSPF etc. etc or configured Static routes.
Looking at the output above, when the network router receive a packet with the destination
address of 192.168.1.10, the router will send the packet to interface fastEthernet0/2, and
this interface will frame the packet and then send it out
- See more at: http://orbit-computer-solutions.com/IP-Routing--Protocols.php#sthash.CM2mTWOe.dpuf
Variable Length Subnet Mask (VLSM) in a way, means subnetting a subnet. To simplify
further, VLSM is the breaking down of IP addresses into subnets (multiple levels) and
allocating it according to the individual need on a network. It can also be called a classless
IP addressing. A classful addressing follows the general rule that has been proven to
amount to IP address wastage.
Before you can understand VLSM, you have to be very familiar with IP address structure.
The best way you can learn how to subnet a subnet (VLSM) is with examples. Lets work
with the diagram below:
Looking at the diagram, we have three LANs connected to each other with two WAN links.
The first thing to look out for is the number of subnets and number of hosts. In this case, an
ISP allocated 192.168.1.0/24. Class C
HQ = 50 host
RO1 = 30 hosts
RO2 = 10 hosts
2 WAN links
We will try and subnet 192.168.1.0 /24 to sooth this network which allows a total number of
254 hosts I recommend you get familiar with this table below. I never leave home without
it!
Subnet mask
/26
/27
/28
/29
/30
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.248
255.255.255.252
Usable IP
Usable IP addresses +
address/hosts Network and Broadcast
address
62
64
30
32
14
16
6
8
2
4
As I mentioned earlier, having this table will prove very helpful. For example, if you
have a subnet with 50 hosts then you can easily see from the table that you will
need a block size of 64. For a subnet of 30 hosts you will need a block size of 32.
- See more at: http://orbit-computer-solutions.com/VLSM.php#sthash.nSUNE75F.dpuf
Tracing and
Interpreting Network
Connectivity.
Testing network connectivity using trace
A trace returns a list of hops as a packet is routed through a network. The form of the
command depends on where the command is issued. When performing the trace from a
Windows computer, use tracert. When performing the trace from a router Command Line
Interface - CLI, use traceroute.
Ping and Trace
Ping and trace can be used together to detect a problem.
Let's assume that a successful connection has been established between Host 1 and Router
A, as shown in the figure.
Next, let's assume that Host 1 pings Host 2 using this command.
C:>ping 172.17.2.3
The ping command returns this result:
Pinging 172.17.2.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 172.17.2.3:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
The ping test failed.
This is a test of communication beyond the local network to a remote device. Because the
local gateway responded but the host beyond did not, the problem appears to be
somewhere beyond the local network. A next step is to isolate the problem to a particular
network beyond the local network. The trace commands can show the path of the last
successful communication.
Trace to a Remote Host
Like ping commands, trace commands are entered in the command line and take an IP
address as the argument.
Assuming that the command will be issued from a Windows computer, we use the tracert
form:
C:>tracert 172.17.2.3
The only successful response was from the gateway on Router A. If a Trace requests to the
next hop timed out, meaning that the next hop did not respond. The trace results indicate
that the failure is therefore in the internetwork beyond the LAN.
Entering a longer timeout period than the default allows for possible latency issues to be
detected. If the ping test is successful with a longer value, a connection exists between the
hosts, but latency may be an issue on the network.
Note that entering "y" to the "Extended commands" prompt provides more options that are
useful in troubleshooting.
A Successfully ping shows that the local and other hosts IP address in the network are
configured properly.
In a router, you can use IOS to test the next hop of the individual routes. Each route has
the next hop listed in the routing table. You can use the output of the show ip route
command to determine the next hop. Frames carrying packets that are directed to the
destination network listed in the routing table are sent to the device that represents the
next hop. If the next hop is not accessible, the packet will be dropped.
To test the next hop, determine the appropriate route to the destination and try to ping the
appropriate next hop for that route in the routing table. A failed ping indicates that there
might be a configuration or hardware problem.
The ping may also be prohibited by security in the device. If the ping is successful you can
move on to testing connectivity to remote hosts.
Testing Remote Hosts connectivity
Once verification of the local LAN and gateway is complete, testing can proceed to remote
devices, which is the next step in the testing process.
The figure depicts a sample network topology. There are 3 hosts within a LAN, a router
(acting as the gateway) that is connected to another router (acting as the gateway for a
remote LAN), and 3 remote hosts. The verification tests should begin within the local
network and progress outward to the remote devices.
Testing remote connectivity
Begin by testing the outside interface of a router that is directly connected to a remote
network. In this case, the ping command is testing the connection to 200.10.10.129, the
outside interface of the local network gateway router.
If the ping command is successful, connectivity to the outside interface is verified. Next,
ping the outside IP address of the remote router, in this case, 200.10.10.130 If successful,
connectivity to the remote router is verified. If there is a failure, try to isolate the problem.
Retest until there is a valid connection to a device and double-check all addresses.
The ping command will not always help with identifying the underlying cause to a problem,
but it can isolate problems and give direction to the troubleshooting process. Document
every test, the devices involved, and the results.
Test Router Remote Connectivity
A router forms a connection between networks by forwarding packets between them. To
forward packets between any two networks, the router must be able to communicate with
both the source and the destination networks. The router will need routes to both networks
in its routing table.
To test the communication to the remote network, you can ping a known host on this
remote network. If you cannot successfully ping the host on the remote network from a
router, you should first check the routing table for an appropriate route to reach the remote
network. It may be that the router uses the default route to reach a destination. If there is
no route to reach this network, you will need to identify why the route does not exist. As
always, you also must rule out that the ping is not administratively prohibited.
- See more at: http://orbit-computer-solutions.com/Testing-LocalNetwork.php#sthash.DtFN3RbP.dpuf
By using the ping command in this ordered sequence, problems can be put out-of-the-way.
The ping command sometimes does not always pinpoint the nature of the problem, but it
can help to identify the source of the problem, this is considered to be the first step in
troubleshooting a network failure.
The ping command provides a method for checking the protocol stack and IPv4 address
configuration on a host. There are additional tools that can provide more information than
ping, such as Telnet or Trace, which we will look at in detail later.
IOS Ping Indicators
A ping from the IOS will yield to one of several indications for each ICMP echo that was
sent. These indicators are:
! - Exclamation mark
. - Period and
! - The "!" (Exclamation mark) indicates that the ping completed successfully and
verifies Layer 3 connectivity
. - The "." (Period) can indicate problems in the communication. It may indicate
connectivity problem occurred somewhere along the path. It also may indicate a
router along the path did not have a route to the destination and did not send an
ICMP destination unreachable message. It also may indicate that ping was blocked
by device security
- The "U" indicates that a router along the path did not have a route to the destination
address and responded with an ICMP unreachable message.
The IOS provides commands to verify the operation of router and switch interfaces. You can
use the following command Verify Router Interfaces:
The show ip interface brief command provides a summary of all interface configuration
information on the router; it displays the IP addresses that are assigned to the interface and
other operational status of the interface.
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/1 172.17.1.1 YES manual up up
Serial0/0/0 unassigned YES manual administratively down down
Serial0/0/1 unassigned YES manual administratively down down
Vlan1 unassigned YES manual administratively down down
Router#
Looking at the line for the FastEthernet 0/0 interface, we see that the IP address is
192.168.1.1. Looking at the last two columns, we can see the Layer 1 and Layer 2 status of
the interface. The up in the Status column shows that this interface is operational at Layer
1. The up in the Protocol column indicates that the Layer 2 protocol is operational also the
fastEthernet 0/1 with IP address 172.17.1.1, in this case.
In the same example above, notice that the Serial 0/0/0 and Serial0/0/1 interfaces have not
been enabled and no IP address assigned. This is indicated by administratively down in
the Status column. This interface can be enabled with the no shutdown command.
Testing Router Connectivity
We can use Ping and Traceroute to verify router connectivity, at the layer 3. You can use
these commands to ping a host in a local LAN and place a trace to a remote host across the
WAN.
e.g.
Router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/15/16 ms
Router#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
1 192.168.1.1 16 msec 16 msec 16 msec
The above result shows a successful connection to the gateway.
Testing NICs
The next step in the testing sequence is to verify that the Network Interface Card- NICaddress is bound to the IPv4 address and that the NIC is ready to transmit signals across
the media.
The IPv4 address assigned to a NIC in this case is 10.0.0.6.
To verify the IPv4 address, use the following steps:
Use the following command:
C:>ping 10.0.0.6
If this test fails, it is likely that there are issues with the NIC hardware and software driver
that may require reinstallation of either or both. This procedure is dependent on the type of
host and its operating system
- See more at: http://orbit-computer-solutions.com/GeneralTroubleshooting.php#sthash.dBfEDLDg.dpuf
The figure above shows 5 different subnets, each with different host requirements. The
given IP address from our ISP is192.168.1.0/24.
The host requirements are:
Network A - 14 hosts
Network B - 28 hosts
Network C - 2 hosts
Network D - 7 hosts
Network E - 28 hosts
As recommended, we begin the process by subnetting for the largest host requirement first.
As it seems, the largest requirements are for NetworkB and NetworkE, each with 28
hosts.
Dont forget the cram table!
Lets apply the formula: usable hosts = 2^n - 2. For networks B and E, 5 bits are borrowed
from the host portion and the calculation is 2^5 = 32 - 2. Only 30 usable host addresses
are available in this case due to the 2 reserved addresses. Borrowing 5 bits meets the
requirement but leaves little room for future growth.
So we revert to borrowing 3 bits for subnets leaving 5 bits for the hosts. This allows 8
subnets with 30 hosts each.
We have created and will allocate addresses for networks B and E first:
Network B will use Subnet 0: 192.168.1.0/27
Host address range 1 to 30 (192.168.1.1 192.168.1.30)
192.168.1.31 (broadcast address)
Network E will use Subnet 1: 192.168.1.32/27
Host address range 33 to 62 (192.168.1.33 192.168.1.62)
192.168.1.63 (broadcast address)
The next largest host requirement is NetworkA, followed by NetworkD.
We will borrowing another bit and subnetting the network address 192.168.1.64 will give us
the following a host range of:
Network A will use Subnet 0: 192.168.1.64/28
Host address range 65 to 78 (192.168.1.65 192.168.1.78)
192.168.1.79 (broadcast address)
Network D will use Subnet 1: 192.168.1.80/28
Host address range 81 to 94 (192.168.1.81 192.168.1.94)
192.168.1.95 (broadcast address)
This allocation supports 14 hosts on each subnet and satisfies the requirement.
*In Network C, there are only two hosts. In this case we borrow two bits to meet this
requirement.
Beginning from 192.168.1.96 and borrowing 2 more bits results in subnet 192.168.1.96/30.
Network C will use Subnet 1: 192.168.1.96/30
Host address range 97 to 98 (192..168.1.97 192.168.1.98)
192.168.1.99 (broadcast address)
From the above illustration, we have met all requirements without wasting many possible
subnets and available addresses.
In this case, bits were borrowed from addresses that had already been subnetted. As you
will recall from a previous section, this method is known as Variable Length Subnet Masking,
or VLSM.
*use illustration to create networks for the WAN on the network..
- See more at: http://orbit-computer-solutions.com/VLSM-Example.php#sthash.U9TA9jy5.dpuf
IP Address/Route Summary.
IP Address/route summarization; which is also known as route aggregation, is the process
routers use in advertising volume or set of addresses as a single address with shorter
subnet mask (CIDR).
To put this in a real world senario, its like using one postal address number for all the staff
from different department in an organization, which of course will have to be distributed to
every individual by the office administrator or whoever is concerned.
However, classiful routing protocols like RIPv1 advertises route or IP addresses in summary,
as update out an interface that belongs to another major network.
For example, RIPv1 will summarize 10.0.0.0/24 subnets (10.0.0.0/24 through
10.255.255.0/24) as 10.0.0.0/8.
IP Address / Route
Summarization
Example #2.
From the previous page, you must have know that IP route summarization can also be
referred to as
route aggregation. It helps reduce the number of routing entries in a router IP address
routing table for faster lookup of destination.
Firstly, to get the network address, follow and match the binary bits, starting on the left
and stop where the bits do not match from the example above.
Notice that the first octet are matched, the second octet has no matching bits on, so is the
third and last.
so, the summary IP will be 10.0.0.0 = Network address.
Finally, to work out the summary subnets mask; we match the 8 bits of the first octet (see
above) which is the network, and five matching zeros in the second octet which is the
subnet.
255.248.0.0
You add the five bits values in the second octet from the left ; 128+64+32+16+8 = 248
Count all the matching bits (see above) from the left up to the last matching
bitkazam!...you get your CIDR .
Subnetting IP
Address.
Subnetting allows you to create multiple logical networks that exist within a single Class A,
B, or C network.
There are so many reasons why we subnet:
a. It helps in the preservation of address space in other not to waste addresses.
b. It used for security.
c. It helps to control network traffic due to collisions of packets transmitted by other node
(host) on the same segment.
Subnetting a Network Address
In order to subnet a network address, The subnet mask has to be extended, using some of
the bits from the host ID portion of the address to create a subnetwork ID.
For example, given a Class C network of 192.17.5.0 which has a natural mask of
255.255.255.0, you can create subnets in this manner:
192.17.5.0 - 11000000.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
|sub|
By extending the mask to be 255.255.255.224, you have borrowed three bits (indicated by
"sub") from the original host portion of the address and used them to create subnets. With
these three bits, it is possible to create eight subnets. With the remaining five host ID bits,
each subnet can have up to 32 host, addresses, 30 of which can actually be assigned to a
device on the same segment.
These subnets have been created.
11111111
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)
Look at this because you will always come across it during subnetting
128+64 =192
128+64+32 =224
128+64+32+16=240
128+64+32+16+8=248
128+64+32+16+8+4=252 an so on!
So to give us 16 possible network numbers, 2 of which cannot be used:192.168.1.0 (Reserved)
Network address hosts address, broadcast address
! - Exclamation mark
. - Period and
! - The "!" (Exclamation mark) indicates that the ping completed successfully and
verifies Layer 3 connectivity
. - The "." (Period) can indicate problems in the communication. It may indicate
connectivity problem occurred somewhere along the path. It also may indicate a
router along the path did not have a route to the destination and did not send an
ICMP destination unreachable message. It also may indicate that ping was blocked
by device security
- The "U" indicates that a router along the path did not have a route to the destination
address and responded with an ICMP unreachable message.
Testing NICs
The next step in the testing sequence is to verify that the Network Interface Card- NICaddress is bound to the IPv4 address and that the NIC is ready to transmit signals across
the media.
The IPv4 address assigned to a NIC in this case is 10.0.0.6.
To verify the IPv4 address, use the following steps:
Use the following command:
C:>ping 10.0.0.6
If this test fails, it is likely that there are issues with the NIC hardware and software driver
that may require reinstallation of either or both. This procedure is dependent on the type of
host and its operating system
Store-and-Forward Switching
In store-and-forward switching, when the switch receives the frame, it stores the received
data in buffers until the complete frame has been received. While in the storage process,
the switch checks and analyses the frame for information about its intended destination.
During this process, the switch checks the frame for errors using the Cyclic Redundancy
Check (CRC) trailer portion of the Ethernet frame - a mathematical formula, based on the
number of bits (1s) in the frame.
If the frame contains no error, the frame will be forwarded to the appropriate port towards
its destination but when an error is detected the frame is dropped or discarded.
Cut-through Switching
In cut-through switching, the switch works on the frame soon as it is received, even if the
transmission is not complete. The switch records destination MAC address so as to
determine to which port to forward the data. The destination MAC address is located in the
first 6 bytes of the frame following the foreword. The switch in this case does not perform
any error checking on the frame.
Cut-through switching is faster than store-and-forward switching. However, because the
switch does not check the frame for errors, it forwards corrupt frames throughout the
network. The corrupt frames consume bandwidth while they are being forwarded. The
destination NIC- Network Interface Card- will eventually drops or discards the corrupt
frames.
Cisco Catalyst switches uses solely the store-and-forward method of forwarding frames
Most switches are configured to perform cut-through switching on a per-port basis until a
user-defined error mark is reached and then they automatically change to store-andforward. When the error rate falls below the threshold, the port automatically changes back
to cut-through switching.
Difference between
Hubs, Switches,
Routers, and Access
Points.
Hubs, Switches, Routers, and Access Points are all used to connect computers together on a
network, but each of them has different capabilities.
Hubs
Hubs are used to connect computers on a network so as to communicate with each other.
Each computer plugs into the hub with a cable, and information sent from one computer to
another passes through the hub.
Switches
Switches functions the same way as hubs, but they can identify the intended destination of
the information that they receive, so they send that information to only the computers that
its intended for.
Switches can send and receive information at the same time, and faster than hubs can.
Switches are best recommended on a home or office network where you have more
computers and want to use the network for activities that require passing a lot of
information between computers.
Functions of a Switch
Routers
Routers are better known as intermediary devices that enable computers and other network
components to communicate or pass information between two networks e.g. between your
home network and the Internet. The most astounding thing about routers is their capability
to direct network traffic. Routers can be wired (using cables) or wireless. Routers also
typically provide built-in security, such as a firewall.
Access points
Access points provide wireless access to a wired Ethernet network. An access point plugs
into a hub, switch, or wired router and sends out wireless signals. This enables computers
and devices to connect to a wired network wirelessly. You can move from one location to
another and continue to have wireless access to a network. When you connect to the
Internet wirelessly using a public wireless network in an airport, hotel or in public, you are
usually connecting through an access point. Some routers are equipped with a wireless
access point capability, in this case you dont need a wireless access Point.
- See more at: http://orbit-computer-solutions.com/Difference-between-Hubs%2C-Switches%2CRouters%2C-and-Access-Points.php#sthash.UBvxSKQT.dpuf
Features and
Functions of Switches.
Things to consider when selecting a Switch for a Network.
To select the appropriate switch for a layer in a particular network, you need to have
specifications that detail the target traffic flows, user communities, data servers, and data
storage servers. Company needs a network that can meet evolving requirements.
Traffic flow analysis is the process of measuring the bandwidth usage on a network and
analysing the data for the purpose of performance tuning, capacity planning, and making
hardware improvement decisions.
1. Future Growth
Switches comes in different sizes, features and function, choosing a switch to match a
particular network sometimes constitute a daunting task.
Consider what will happen if the HR or HQ department grows by five employees or more A
solid network plan includes the rate of personnel growth over the past five years to be able
to anticipate the future growth. With that in mind, you would want to purchase a switch that
can accommodate more than 24 ports, such as stackable or modular switches that can
scale.
2. Performance
When selecting a switch for the* access, **distribution, or ***core layer, consider the
ability of the switch to support the port density, forwarding rates, and bandwidth
aggregation requirements of your network.
*Access layer switches facilitate the connection of end node devices to the network e.g. PC,
Modems, IP phone, Printers etc. For this reason, they need to support features such as port
security, VLANs, Fast Ethernet/Gigabit Ethernet, PoE(power over Internet, and link
aggregation. Port security allows the switch to decide how many or what type of devices are
permitted to connect to the switch. This is where most Cisco comes in, they all support port
layer security. Most renowned network administrator knows this is the first line of defence.
**Distribution Layer switches plays a very important role on the network. They collect the
data from all the access layer switches and forward it to the core layer switches. Traffic that
is generated at Layer 2 on a switched network needs to be managed, or segmented into
VLANs, Distribution layer switches provides the inter-VLAN routing functions so that one
VLAN can communicate with another on the network.
Distribution layer switches provides advanced security policies that can be applied to
network traffic using Access Control Lists (ACL). This type of security allows the switch to
prevent certain types of traffic and permit others. ACLs also allow you to control, which
network devices can communicate on the network.
***Core layer switches: These types of switches at the core layer of a topology, which is
the high-speed backbone of the network and requires switches that can handle very high
forwarding rates. The switch that operates in this area also needs to support link
aggregation (10GbE connections which is currently the fastest available Ethernet
connectivity.) to ensure adequate bandwidth coming into the core from the distribution
layer switches.
Also, core layer switches support additional hardware redundancy features like redundant
power supplies that can be swapped while the switch continues to operate. Because of the
high workload carried by core layer switches, they tend to operate hotter than access or
distribution layer switches, so they should have more sophisticated cooling options. Many
true, core layer-capable switches have the ability to swap cooling fans without having to
turn the switch off.
For example, it would be disruptive to shut down a switch at the core layer to change a
power supply or a fan in the middle of the day when the network usage is at its Peak. To
perform a hardware replacement, you could expect to have at least a 10 to 15 minute
network shutdown, and that is if you are very fast at performing the maintenance. In more
realistic circumstances, the switch could be down for 30 to 45 minutes or more, which most
likely is not acceptable. With hot-swappable hardware, there is no downtime during switch
maintenance.
Modular switches can support very high port densities through the addition of multiple
switch port line cards, as shown in the figure. For example, the Cisco Catalyst 6500 switch
can support in excess of 1,000 switch ports on a single device.
Forwarding Rates
Switches have different processing capabilities at the rate in which they process data per
second. Processing and forwarding data rates are very important when selecting a switch,
the lower the processing, the slower the forwarding this results to the switch unable to
accommodate full wire-speed communication across all its ports. A normal fast Ethernet
port attains a 100Mb/s , while Gigabit Ethernet does 1000Mb/s.
For example, a 48-port gigabit switch operating at full wire speed generates 48 Gb/s of
traffic. If the switch only supports a forwarding rate of 32 Gb/s, it cannot run at full wire
speed across all ports simultaneously.
Link Aggregation
The more ports you have on a switch to support bandwidth aggregation, the more speed
you have on your network traffic,. e.g. , consider a Gigabit Ethernet port, which carries up
to 1 Gb/s of traffic in a network.
If you have a 24-port switch, with all its ports capable of running at gigabit speeds, you
could generate up to 24 Gb/s of network traffic. If the switch is connected to the rest of the
network by a single network cable, it can only forward 1 Gb/s of the data to the rest of that
network. Due to the contention for bandwidth, the data would forward more slowly. That
results in 1 out of 24 wire speed available to each of the 24 devices connected to the
switch.
What is IPv6?
IPv6 is the next generation of IP addressing or Internet Protocol. The previous version of IP
addressing (IPv4) is depleted or near depletion.
IPv6 was created by the Internet Engineering Task Force (IETF), a standards body, as a
replacement to IPv4 in 1998.
However, IPv6 is equipped with so much improved features and limitless opportunities more
than IPv4. This next generation of IP addressing boasts of increased securities and more IP
addressing space.
IPv6 is equipped with 128 bits for addressing. This provides approximately 3.4 x 1038
addresses. This run into trillions for every individual on the planet! Thats a hell of a huge
number of IP addresses. We will look at it in details later on.
The most important feature offered by IPv6 is the address auto configuration. This feature
supports fast connectivity for any combination of computers, printers, digital cameras,
digital radios, IP phones, Internet-enabled household appliances, to be connected to their
home networks.
In a nutshell, these devices on the network automatically address themselves with a link
local unicast address.
The autoconfiguration mechanism was introduced to enable plug-and-play networking of
these devices to help reduce administration overhead.
Superior IP addressing
Simplified header
Improved Mobility and Security. Mobility and security help ensure compliance with
consumers mobile IP and IP Security (IPsec) standards functionality. Mobility enables people
with mobile network devices, many with wireless connectivity, to move around in networks.
However, IPsec is available for both IPv4 and IPv6. Its functionalities are basically identical
in both internet protocols, IPsec is mandatory in IPv6, making the IPv6 Internet more
secure.
- See more at: http://www.orbit-computer-solutions.com/What-is-IPv6%3A-IPv6Tutorial.php#sthash.CsJrTOEg.dpuf
DHCP.
Dynamic Host Configuration Protocol works in a client/server mode. DHCP enables clients on
an IP network to obtain or lease IP address or configuration from a DHCP server. This
reduces workload when managing a large network. DHCP protocol is described in the RFC
2131.
Most modern operating system includes DHCP in their primary settings, these includes
windows OS, Novell NetWare, Sun Solaris, Linux and Mac OS. The clients requests for
addressing configuration from a DHCP network server, the network server manages the
assignment of IP addresses and must be obliged to answer to any IP configuration requests
from clients.
However, network routers, switches and servers need to have a static IP addresses, DHCP is
not intended for the configuration of these types of hosts. Cisco routers use a Cisco IOS
features known as Cisco Easy IP Lease. This offers an optional but full-featured DHCP
server. Easy IP leases address for 24hrs by default, it is most useful in homes and small
offices where users can take the advantages of DHCP and NAT without having an NT or
UNIX server
The DHCP sever uses User Datagram Protocol (UTP) as its transport protocol to send
message to the client on port 68, while the client uses port 67 to send messages to the
server.
DHCP severs can offer other information, this include, DNS server addresses, WINS server
addresses and domain names. In most DHCP servers, administrators are allowed to define
clients MAC addresses, which the server automatically assigns same IP, address each time.
Most administrators prefer to work with Network server that offers DHCP services. These
types of network are scalable and easy to manage.
On This Page
<style>.tocTitle, #tocDiv{display: none;}</style>
INTRODUCTION
When you configure the TCP/IP protocol on a Microsoft Windows computer, an IP address, subnet mask, and
usually a default gateway are required in the TCP/IP configuration settings.
To configure TCP/IP correctly, it is necessary to understand how TCP/IP networks are addressed and divided into
networks and subnetworks. This article is intended as a general introduction to the concepts of IP networks and
subnetting. A glossary is included at the end of article.
Back to the top | Give Feedback
MORE INFORMATION
The success of TCP/IP as the network protocol of the Internet is largely because of its ability to connect together
networks of different sizes and systems of different types. These networks are arbitrarily defined into three main
classes (along with a few others) that have predefined sizes, each of which can be divided into smaller subnetworks
by system administrators. A subnet mask is used to divide an IP address into two parts. One part identifies the host
(computer), the other part identifies the network to which it belongs. To better understand how IP addresses and
subnet masks work, look at an IP (Internet Protocol) address and see how it is organized.
Subnet mask
The second item, which is required for TCP/IP to work, is the subnet mask. The subnet mask is used by the TCP/IP
protocol to determine whether a host is on the local subnet or on a remote network.
In TCP/IP, the parts of the IP address that are used as the network and host addresses are not fixed, so the network
and host addresses above cannot be determined unless you have more information. This information is supplied in
another 32-bit number called a subnet mask. In this example, the subnet mask is 255.255.255.0. It is not obvious
what this number means unless you know that 255 in binary notation equals 11111111; so, the subnet mask is:
11111111.11111111.11111111.0000000
Lining up the IP address and the subnet mask together, the network and host portions of the address can be
separated:
11000000.10101000.01111011.10000100 -- IP address (192.168.123.132)
11111111.11111111.11111111.00000000 -- Subnet mask (255.255.255.0)
The first 24 bits (the number of ones in the subnet mask) are identified as the network address, with the last 8 bits
(the number of remaining zeros in the subnet mask) identified as the host address. This gives you the following:
11000000.10101000.01111011.00000000 -- Network address (192.168.123.0)
00000000.00000000.00000000.10000100 -- Host address (000.000.000.132)
So now you know, for this example using a 255.255.255.0 subnet mask, that the network ID is 192.168.123.0, and
the host address is 0.0.0.132. When a packet arrives on the 192.168.123.0 subnet (from the local subnet or a remote
network), and it has a destination address of 192.168.123.132, your computer will receive it from the network and
process it.
Almost all decimal subnet masks convert to binary numbers that are all ones on the left and all zeros on the right.
Some other common subnet masks are:
Decimal
Binary
255.255.255.192
1111111.11111111.1111111.11000000
255.255.255.224
1111111.11111111.1111111.11100000
Internet RFC 1878 (available from http://www.internic.net
) describes the valid subnets and subnet masks that can be used on TCP/IP networks.
Network classes
Internet addresses are allocated by the InterNIC (http://www.internic.net
), the organization that administers the Internet. These IP addresses are divided into classes. The most common of
these are classes A, B, and C. Classes D and E exist, but are not generally used by end users. Each of the address
classes has a different default subnet mask. You can identify the class of an IP address by looking at its first octet.
Following are the ranges of Class A, B, and C Internet addresses, each with an example address:
Class A networks use a default subnet mask of 255.0.0.0 and have 0-127 as their first octet. The
address 10.52.36.11 is a class A address. Its first octet is 10, which is between 1 and 126, inclusive.
Class B networks use a default subnet mask of 255.255.0.0 and have 128-191 as their first octet. The
address 172.16.52.63 is a class B address. Its first octet is 172, which is between 128 and 191,
inclusive.
Class C networks use a default subnet mask of 255.255.255.0 and have 192-223 as their first octet.
The address 192.168.123.132 is a class C address. Its first octet is 192, which is between 192 and
223, inclusive.
In some scenarios, the default subnet mask values do not fit the needs of the organization, because of the physical
topology of the network, or because the numbers of networks (or hosts) do not fit within the default subnet mask
restrictions. The next section explains how networks can be divided using subnet masks.
Subnetting
A Class A, B, or C TCP/IP network can be further divided, or subnetted, by a system administrator. This becomes
necessary as you reconcile the logical address scheme of the Internet (the abstract world of IP addresses and
subnets) with the physical networks in use by the real world.
A system administrator who is allocated a block of IP addresses may be administering networks that are not
organized in a way that easily fits these addresses. For example, you have a wide area network with 150 hosts on
three networks (in different cities) that are connected by a TCP/IP router. Each of these three networks has 50 hosts.
You are allocated the class C network 192.168.123.0. (For illustration, this address is actually from a range that is
not allocated on the Internet.) This means that you can use the addresses 192.168.123.1 to 192.168.123.254 for your
150 hosts.
Two addresses that cannot be used in your example are 192.168.123.0 and 192.168.123.255 because binary
addresses with a host portion of all ones and all zeros are invalid. The zero address is invalid because it is used to
specify a network without specifying a host. The 255 address (in binary notation, a host address of all ones) is used
to broadcast a message to every host on a network. Just remember that the first and last address in any network or
subnet cannot be assigned to any individual host.
You should now be able to give IP addresses to 254 hosts. This works fine if all 150 computers are on a single
network. However, your 150 computers are on three separate physical networks. Instead of requesting more address
blocks for each network, you divide your network into subnets that enable you to use one block of addresses on
multiple physical networks.
In this case, you divide your network into four subnets by using a subnet mask that makes the network address larger
and the possible range of host addresses smaller. In other words, you are 'borrowing' some of the bits usually used
for the host address, and using them for the network portion of the address. The subnet mask 255.255.255.192 gives
you four networks of 62 hosts each. This works because in binary notation, 255.255.255.192 is the same as
1111111.11111111.1111111.11000000. The first two digits of the last octet become network addresses, so you get
the additional networks 00000000 (0), 01000000 (64), 10000000 (128) and 11000000 (192). (Some administrators
will only use two of the subnetworks using 255.255.255.192 as a subnet mask. For more information on this topic,
see RFC 1878.) In these four networks, the last 6 binary digits can be used for host addresses.
Using a subnet mask of 255.255.255.192, your 192.168.123.0 network then becomes the four networks
192.168.123.0, 192.168.123.64, 192.168.123.128 and 192.168.123.192. These four networks would have as valid
host addresses:
192.168.123.1-62
192.168.123.65-126
192.168.123.129-190
192.168.123.193-254
Remember, again, that binary host addresses with all ones or all zeros are invalid, so you cannot use addresses with
the last octet of 0, 63, 64, 127, 128, 191, 192, or 255.
You can see how this works by looking at two host addresses, 192.168.123.71 and 192.168.123.133. If you used the
default Class C subnet mask of 255.255.255.0, both addresses are on the 192.168.123.0 network. However, if you
use the subnet mask of 255.255.255.192, they are on different networks; 192.168.123.71 is on the 192.168.123.64
network, 192.168.123.133 is on the 192.168.123.128 network.
Default gateways
If a TCP/IP computer needs to communicate with a host on another network, it will usually communicate through a
device called a router. In TCP/IP terms, a router that is specified on a host, which links the host's subnet to other
networks, is called a default gateway. This section explains how TCP/IP determines whether or not to send packets
to its default gateway to reach another computer or device on the network.
When a host attempts to communicate with another device using TCP/IP, it performs a comparison process using the
defined subnet mask and the destination IP address versus the subnet mask and its own IP address. The result of this
comparison tells the computer whether the destination is a local host or a remote host.
If the result of this process determines the destination to be a local host, then the computer will simply send the
packet on the local subnet. If the result of the comparison determines the destination to be a remote host, then the
computer will forward the packet to the default gateway defined in its TCP/IP properties. It is then the responsibility
of the router to forward the packet to the correct subnet.
Troubleshooting
TCP/IP network problems are often caused by incorrect configuration of the three main entries in a computer's
TCP/IP properties. By understanding how errors in TCP/IP configuration affect network operations, you can solve
many common TCP/IP problems.
Incorrect Subnet Mask: If a network uses a subnet mask other than the default mask for its address class, and a client
is still configured with the default subnet mask for the address class, communication will fail to some nearby
networks but not to distant ones. As an example, if you create four subnets (such as in the subnetting example) but
use the incorrect subnet mask of 255.255.255.0 in your TCP/IP configuration, hosts will not be able to determine
that some computers are on different subnets than their own. When this happens, packets destined for hosts on
different physical networks that are part of the same Class C address will not be sent to a default gateway for
delivery. A common symptom of this is when a computer can communicate with hosts that are on its local network
and can talk to all remote networks except those that are nearby and have the same class A, B, or C address. To fix
this problem, just enter the correct subnet mask in the TCP/IP configuration for that host.
Incorrect IP Address: If you put computers with IP addresses that should be on separate subnets on a local network
with each other, they will not be able to communicate. They will try to send packets to each other through a router
that will not be able to forward them correctly. A symptom of this problem is a computer that can talk to hosts on
remote networks, but cannot communicate with some or all computers on their local network. To correct this
problem, make sure all computers on the same physical network have IP addresses on the same IP subnet. If you run
out of IP addresses on a single network segment, there are solutions that go beyond the scope of this article.
Incorrect Default Gateway: A computer configured with an incorrect default gateway will be able to communicate
with hosts on its own network segment, but will fail to communicate with hosts on some or all remote networks. If a
single physical network has more than one router, and the wrong router is configured as a default gateway, a host
will be able to communicate with some remote networks, but not others. This problem is common if an organization
has a router to an internal TCP/IP network and another router connected to the Internet.
Back to the top | Give Feedback
REFERENCES
Two popular references on TCP/IP are:
"TCP/IP Illustrated, Volume 1: The Protocols," Richard Stevens, Addison Wesley, 1994
"Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architecture," Douglas E. Comer, Prentice
Hall, 1995
It is strongly recommended that a system administrator responsible for TCP/IP networks have at least one of these
references available.
Glossary
Broadcast address -- An IP address with a host portion that is all ones.
Host -- A computer or other device on a TCP/IP network.
Internet -- The global collection of networks that are connected together and share a common range of IP addresses.
InterNIC -- The organization responsible for administration of IP addresses on the Internet.
IP -- The network protocol used for sending network packets over a TCP/IP network or the Internet.
IP Address -- A unique 32-bit address for a host on a TCP/IP network or internetwork.
Network -- There are two uses of the term network in this article. One is a group of computers on a single physical
network segment; the other is an IP network address range that is allocated by a system administrator.
Network address -- An IP address with a host portion that is all zeros.
Octet -- An 8-bit number, 4 of which comprise a 32-bit IP address. They have a range of 00000000-11111111 that
correspond to the decimal values 0-255.
Packet -- A unit of data passed over a TCP/IP network or wide area network.
RFC (Request for Comment) -- A document used to define standards on the Internet.
Router -- A device that passes network traffic between different IP networks.
Subnet Mask -- A 32-bit number used to distinguish the network and host portions of an IP address.
Subnet or Subnetwork -- A smaller network created by dividing a larger network into equal parts.
TCP/IP -- Used broadly, the set of protocols, standards and utilities commonly used on the Internet and large
networks.
Wide area network (WAN) -- A large network that is a collection of smaller networks separated by routers. The
Internet is an example of a very large WAN.
Back to the top | Give Feedback
Inside Global IP
Address
209.165.200.226:1555
209.165.200.226:2333
Outside Global IP
Address
209.165.201.1:80
209.165.202.129:80
Outside Local IP
Address
209.165.201.1:80
209.165.202.129:80
Looking at the figure above, NAT overload or PAT used unique source port numbers on the
inside global IP address to distinguish between translations. As NAT processes each packet,
it uses a port number to identify the packet source - 2333 and 1555 in the above figure -.
* The source address (SA) is the inside local IP address with the assigned port number
attached.
* The destination address (DA) is the outside local IP address with the service port number
attached, in this case port 80: HTTP (Internet).
At the border gateway router (R1), NAT overload changes the SA to the inside global IP
address of the client, again with the port number attached. The DA is the same address, but
is now referred to as the outside global IP address. When the web server replies, the same
path is followed but in reverse.
- See more at: http://orbit-computer-solutions.com/NAT-Overload-or-PAT.php#sthash.83PxcHOa.dpuf
Static NAT
Static NAT also called inbound mapping, is the process of mapping an unregistered IP
address to a registered IP address on a one-to-one basis. The unregistered or mapped IP
address is assigned with the same registered IP address each time the request comes
through. This process is particularly useful for web servers or hosts that must have a
consistent address that is accessible from the Internet.
Simply, Static NAT enables a PC on a stub domain to maintain an assigned IP address when
communicating with other devices outside its network or the Internet.
R1#config t
R1(config)#ip nat inside source static 10.10.10.2 212.165.200.123
R1(config)#interface fa0/0 10.10.10.1 255.255.255.0
R1(config)#ip nat inside
R1(config)#interface se0/0 192.168.1.1 255.255.255.0
R1(config)#ip nat outside
The above configuration creates a permanent entry in the NAT table as long as the
configuration is present and enables both inside and outside hosts to initiate a connection.
All you need to do in static NAT configuration is to define the addresses to translate and
then configure NAT on the right interfaces. Packets arriving on an inside interface from the
identified IP addresses are subject to translation. Packets arriving on an outside interface
addressed to the identified IP address are subject to translation.
Dynamic NAT
Unlike static NAT that provides a permanent mapping between an internal address and a
specific public address, dynamic NAT maps private IP addresses to public addresses.
Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served
basis.
When a host with a private IP address requests access to the Internet, dynamic NAT
chooses an IP address from the pool that is not already in use by another host. Dynamic
NAT is useful when fewer addresses are available than the actual number of hosts to be
translated.
R1#config t
R1(config)#ip nat-pool 179.9.8.80 179.9.8.95 netmask 255.255.255.0
R1 (config #ip nat inside source list 1 pool nat-pool1
R1 (config)#interface fa0/0 10.10.10.1 255.255.255.0
R1(config)#ip nat inside
R1(config)#interface se0/0
R1(config)#ip address 192.168.1.1 255.255.255.0
R1(config)#ip nat outside
R1(config)#access-list 1 permit 10.10.10.0 0.0.0.255
While static NAT provides a permanent mapping between an internal address and a specific
public address, dynamic NAT maps private IP addresses to public addresses. These public IP
addresses come from a NAT pool.
Note:
When configuring dynamic NAT, you need an ACL to permit only those addresses that are to
be translated. Remember, you have to add an implicit "deny all" at the end of each ACL.
- See more at: http://orbit-computer-solutions.com/Static-and-DynamicNAT.php#sthash.Knk7HJ15.dpuf
Network Security.
When it comes to network security, the main concern is making sure that any wireless
connections are protected against unauthorised access.
Most business transactions are done over the Internet, In addition, the rise of mobile
commerce and wireless networks demands that security solutions become flawlessly
integrated, more transparent, and more flexible.
Network attack tools and methods have evolved. Back in the days when a hacker had to
have sophisticated computer, programming, and networking knowledge to make use of
rudimentary tools and basic attacks.
Nowadays, network hackers, methods and tools has improved tremendously, hackers no
longer required the same level of sophisticated knowledge, people who previously would not
have participated in computer crime are now able to do so.
iii. Black hat or Cracker- The opposite of White Hat, this term is used to describe those
individuals who use their knowledge of computer systems and programming skills to break
into systems or networks that they are not authorized to use, this of course is done usually
for personal or financial gain.
iv. Phreaker- This terms is often used to describe an individual who manipulates the phone
network in a bid to perform a function that is not allowed. The phreaker breaks into the
phone network, usually through a payphone, to make free or illegal long distance calls.
v. Spammer- This is often used to describe the persons who sends large quantities of
unsolicited e-mail messages. Spammers often use viruses to take control of home
computers and use them to send out their bulk messages.
vi. Phisher- Uses e-mail or other means to trick others into providing sensitive information,
such as credit card numbers or passwords. A phisher masquerades as a trusted party that
would have a legitimate need for the sensitive information.
- See more at: http://orbit-computer-solutions.com/Network-Security.php#sthash.QPtVCwt1.dpuf
VLAN
Definition.
VLAN (Virtual Local Network) is a logically separate IP subnetwork which allow multiple IP
networks and subnets to exist on the same-switched network.
VLAN is a logical broadcast domain that can span multiple physical LAN segments. It is a
modern way administrators configure switches into virtual local-area networks (VLANs) to
improve network performance by separating large Layer 2 broadcast domains into smaller
ones.
By using VLAN a network administrator will be able to group together stations by logical
function, or by applications, without regard to physical location of the users.
Each VLAN functions as a separate LAN and spans one or more switches. This allows host
devices to behave as if they were on the same network segment.
For traffic to move between VLANs, a layer 3 device (router) is required.
VLAN has three major functions:
i. Limits the size of broadcast domains
ii. Improves network performance
ii. Provides a level of security
In summary:
a.
b.
c.
VLAN = all PCs are assigned with a subnet address defined for
VLAN 10
Configure the VLAN , assign ports to the VLAN
Assign an IP subnet address on the PCs.
Advantages of VLAN:
When looking at networking basics, understanding the way a network operates is the first step to understanding
routing and switching. The network operates by connecting computers and peripherals using two pieces of
equipment; switches and routers. Switches and routers, essential networking basics, enable the devices that are
connected to your network to communicate with each other, as well as with other networks.
Though they look quite similar, routers and switches perform very different functions in a network.
Switches are used to connect multiple devices on the same network within a building or campus. For example, a
switch can connect your computers, printers and servers, creating a network of shared resources. The switch,
one aspect of your networking basics, would serve as a controller, allowing the various devices to share
information and talk to each other. Through information sharing and resource allocation, switches save you
There are two basic types of switches to choose from as part of your networking basics: managed and
unmanaged.
An unmanaged switch works out of the box and does not allow you to make changes. Home-networking
A managed switch allows you access to program it. This provides greater flexibility to your networking basics
because the switch can be monitored and adjusted locally or remotely to give you control over network traffic,
Routers, the second valuable component of your networking basics, are used to tie multiple networks together.
For example, you would use a router to connect your networked computers to the Internet and thereby share an
Internet connection among many users. The router will act as a dispatcher, choosing the best route for your
Routers analyze the data being sent over a network, change how it is packaged, and send it to another network,
or over a different type of network. They connect your business to the outside world, protect your information
from security threats, and can even decide which computers get priority over others.
Depending on your business and your networking plans, you can choose from routers that include different
Firewall: Specialized software that examines incoming data and protects your business network against
attacks
Virtual Private Network (VPN): A way to allow remote employees to safely access your network remotely
IP Phone network : Combine your company's computer and telephone network, using voice and conferencing
Next:
Unsung Heroes - How Routing & Switching Keep the Business Going
Building a Small Office Network: Getting Started
http://orbit-computer-solutions.com/Reserved-IP-Addresses.php
http://orbit-computer-solutions.com/Reserved-IP-Addresses.php