ADSL

(Asymmetric Digital Subscriber Line).

Asymmetric Digital Subscriber Line (ADSL) is a high-speed transmission technology. ADSL is

an asynchronous system, which means that the data rate allowed is not equal in both
directions. Therefore most ADSL lines have a far higher download speed than upload speed,
which means that capacity is higher when coming at the end user, than it is leaving.
How ADSL Works
ADSL works by isolating the bandwidth of copper telephone lines into diverse frequency
ranges, known as carriers. This enables the accommodation and transmission of several
different signals on the same wire. To accomplish this, ADSL uses a process called
Frequency Division Multiplexing (FDM), the carriers carry each of a different parts of the
same data transmitted simultaneously, This helps to create more available bandwidth and
higher speeds for the end user. In this way, ADSL can accommodate simultaneous highspeed data and voice transmission, such as surfing the web, watching streaming video, fax
and voice call, all on the same line.
- See more at: http://orbit-computer-solutions.com/ADSL-Broadband.php#sthash.TQe36ULg.dpuf

Broadband
Broadband technology is simply the name given to high-speed Internet access. Broadband
replaced analogue modem. Broadband connection can be delivered in a number of different
methods, ADSL, Cable & Satellite.
With a broadband router, you can connect two or more computers to share in Internet
connection at home or office.
Broadband use a technology called NAT Network Address Translation -, this is the use of a
single IP address by all the computers in your home and office to connect and use the
Internet at the same time.
Broadband connection speed to Internet is extremely high, it supports data, voice and video
information
It is considered broad in a sense that multiple kinds of information can be transmitted
across the wire, or band.
Additionally, with broadband you can surf the web without delay, watch streaming videos
with audio, make phone a call all at the same time.One of the interesting things about
Broadband connection is, its always on, you don't have to waste time dialing in to a service
provider, it comes on as soon as your computer is powered on.

Satellite Internet

Cable Modem
Wireless Router
Virtual Private Network (VPN)

Broadband Speed
The broadband speed difference is huge. It has revolutionized so much more of the way we
use the Internet to the previous dial up Internet.

The broadband like its predecessors, information travels in two directions.

Downstream and Upstream.

Downstream refers to information going from the Internet to your computer, like
when a new web page is loaded.
Upstream refers to information from your computer to the Internet, like the click of the
mouse- that tells a web page where you'd like to go next.
Firstly, Internet transfer speeds are measured in kilobits per second and megabits per
second, dont mistake it for kilobytes and megabytes, we use these terms when we talk
about hard disks and files.
Recommended Broadband Routers

Below is a summary on broadband calculated speeds.

Speed (kilobits)

Load time

Download time

Video Quality

56k (dial up)

256k
512k
1Mb
2Mb
4Mb
6Mb
8Mb

(100 kb)
15 sec
4 sec
1.5 sec
8-9 sec
4-5 sec
1-2 sec
Immediately
Immediately

(5 Mb of data)
12 min 35 sec
3 min
1 min 30 sec
40-41 sec
19-20 sec
5-6 sec
Immediately
Immediately

Low Quality
Low Quality

Medium Quality

High Quality

You have to have in mind that the above data could be affected by your PC processing
speed, viruses etc.
- See more at: http://orbit-computer-solutions.com/Broadband.php#sthash.frvo3Ouf.dpuf

Field Code Changed

Wireless Routers.
Before deciding on buying a specific router ask yourself if you want computers to be able to
connect wired or wirelessly to your network.
A wireless router is a network device that enables you connect several computers to the
Internet without using cables, rather by using wireless access points, or WLAN. Some of the
reason we go wireless networking include freedom and affordability. But you need to keep
other factors in mind.

Look out for notable brands like Cisco, Net Gear, Linksys and D-link. These are most
popular brands built with rugged technologies.
Bandwidths and performance should be another factor to check for. A wireless standard
defines the speed for interconnectivity or data transmission by a particular router. E.g.
802.11a, 802.11g, 802.11n etc
Read more on wireless standards.

Advantages of
Wireless Routers.
a. Wireless routers are equipped with modem, network switch (a device that has multiple
connection ports for connecting computers and other network devices), wireless access
points.
b. Wireless Router can be connected to / from anywhere in your immediate environment or
house. That means you can log on and surf the Internet from anywhere around your
surrounding.
c. Some of the wireless routers are equipped with a built in firewall to ward of intruders. The
configuration options of the firewall are an important consideration when buying a router.
Virtually everyone buys and sell online one way or the other, buying a wireless router with
good firewall configuration options can be helpful for security and privacy.
d. The broadband router wireless VoIP technology enables you to can connect to the
Internet, using any ordinary phone device. You can then make calls to anybody in the world
via your Internet connection. Wireless router provides strong encryption (WPA or AES) and
features the filters MAC address and control over SSID authentication.

Disadvantages.
a. The wireless connection will be slightly slower than the wired connection. Simply put,
wireless or WI-FI transmits through the air and can be blocked interfered with by other
waves from the surrounding.
b. Security is one of the main concern when it comes to networking generally, wired
network provides for more regid security to wireless. This means that all of your private
data stored in your laptop or PDA could be exposed to anyone in the same vicinity. It's
possible that an unscrupulous person could obtain passwords and important personal
information easily from wireless networks if not properly configured.
c. There is over congestion of WI-FI, especially in the cities where you have a large
population of stores and big organisations that transmits over the same channel, causing
much interference.
Other devices can be a problem too. Blue tooth devices, cordless telephones and
microwaves ovens do cause interference sometimes.
Theses are some of the known disadvantages, but it doesnt hinder yours truly from using
wireless; basically, because of the freedom and manageability I get. One could work
anywhere in their surrounding
- See more at: http://orbit-computer-solutions.com/Wireless-Routers.php#sthash.3a9wdIHx.dpuf

Wireless LAN (WLAN).

There are different network infrastructures (wired LAN, Service Provider Networks) that
allows mobility, but in a business environment, the most important is the wireless LAN
(WLAN). Most modern business networks rely on switch-based LANs for day-to-day
operation inside the office.
Productivity is no longer restricted to a fixed work location or a defined time period. People
now expect to be connected at any time and place, (you are in when you are out...) from
the office to the airport or even the home.

Traveling employees used to be restricted to pay phones for checking messages and
returning a few phone calls between flights. Now employees can check e-mail, voice mail,
and the status of products on personal digital assistants (PDAs) while at many temporary
locations.

Field Code Changed

Wireless LAN and Wired (Ethernet)

LAN
Wireless LANs share a similar origin with Ethernet LANs. The IEEE has adopted the 802
LAN/MAN portfolio of computer network architecture standards. The two dominant 802
working groups are 802.3 Ethernet and 802.11 wireless LAN. However, there are important
differences between the two.
WLANs use radio frequencies (RF) instead of cables at the Physical layer and MAC sub-layer
of the Data Link layer. In comparison to cable, RF has the following characteristics:
i. RF does not have boundaries, such as the limits of a wire in a sheath. The lack of such a
boundary allows data frames traveling over the RF media to be available to anyone that can
receive the RF signal.
ii. RF is unprotected from outside signals, whereas cable is in an insulating sheath. Radios
operating independently in the same geographic area but using the same or a similar RF can
interfere with each other.
iii. RF transmission is subject to the same challenges inherent in any wave-based
technology, such as consumer radio. For example, as you get further away from the source,
you may hear stations playing over each other or hear static in the transmission. Eventually
you may lose the signal all together. Wired LANs have cables that are of an appropriate
length to maintain signal strength.
iv. RF bands are regulated differently in various countries. The use of WLANs is subject to
additional regulations and sets of standards that are not applied to wired LANs.
WLANs connect clients to the network through a wireless access point (AP) instead of an
Ethernet switch.
WLANs connect mobile devices that are often battery powered, as opposed to plugged-in
LAN devices. Wireless network interface cards (NICs) tend to reduce the battery life of a
mobile device.
WLANs support hosts that contend for access on the RF media (frequency bands). 802.11
prescribes collision-avoidance instead of collision-detection for media access to proactively
avoid collisions within the media.
WLANs use a different frame format than wired Ethernet LANs. WLANs require additional
information in the Layer 2 header of the frame.
WLANs raise more privacy issues because radio frequencies can reach outside the facility.
802.11 wireless LANs extend the 802.3 Ethernet LAN infrastructures to provide additional
connectivity options. However, additional components and protocols are used to complete
wireless connections.

In an 802.3 Ethernet LAN, each client has a cable that connects the client NIC to a switch.
The switch is the point where the client gains access to the network.
In a wireless LAN, each client uses a wireless adapter to gain access to the network through
a wireless device such as a wireless router or access point.

- See more at: http://orbit-computer-solutions.com/Wireless-LAN--WLAN-.php#sthash.rLTJelID.dpuf

How To Set Up A
Wireless Network
Connection.
Wireless broadband has multiple benefits for home users, as well as several benefits that
business users will be able to enjoy. In a home setting wireless broadband will allow
multiple users to share the same internet connection, so there will be no need to fight over
a single computer for internet access.

A wireless network will also make sharing files between your PCs at home extremely simple,
whether it is to backup photographs, stream audio and video to your living room or play
online games. Finally because there is no need to install wiring you do not need to have
dangerous clumps of cables running across the floor and it is a truly unobtrusive option.
Businesses can use a wireless network connection to connect multiple PCs without the need
for expensive wiring and can also offer free wireless internet access to clients and
customers whilst they are on the premises.

Installing a wireless network connection in your own property is simple if you follow these
few quick tips:
* First you will need a fixed line broadband connection, either ADSL via your telephone line
or Cable broadband which uses an underground fibre optic network. When you sign up for a
new ADSLor Cable Broadband connection most providers will usually include a free wireless
router, which is the main piece of kit you will need to set up a wireless network in your own
home. Wireless routers vary depending on the price of the package you pick and the
manufacturers who produce them, so each will come with its own set of instructions to
guide you through the set up process. However, there are a few universal guidelines for
installation which we will deal with below.
* Once you have the wireless router, you will need to plug it into the main to provide it with
power and you will also need to plug it into your fixed line connection. If this is an ADSL
service you will need to first plug the router into a microfilter and then into the phone
socket. This filter will allow you to use your phone line at the same time as you are surfing
the internet wirelessly. Every phone socket in your home will need a microfilter attached
regardless of whether it has a router attached to it to reduce the amount of interference and
improve connection speed.
Many routers will require that you plug in via an Ethernet cable before you can set up the
wireless network, though routers received directly from providers may already be ready to
use straight out of the box. If this is not the case and if you want to alter the options on a
router you have bought yourself you will need to plug in your PC or Laptop and open your
favourite web browser.
* You will then need to enter the IP address of your router. This should be included in the
documentation. You will then need to navigate to the wireless network settings. Here you
can turn on the network, add security in the form of WEPor WPA passwords or phrases and
see which devices are connected to the router wirelessly.

- See more at: http://orbit-computer-solutions.com/How-To-Set-Up-A-Wireless-NetworkConnection.php#sthash.erZhK5r2.dpuf

Filtering Access by
MAC Address.
Wireless routers like the Linksys by Cisco wireless range can be used not only for routing
traffic between networks and computer in your home or office;it can also be used as a
Firewall.

Field Code Changed

As you must know; every network device is identified by a physical address also known as
MAC address. You can use your wireless router to filter or control access to the internet or
programs by listing and preventing the MAC addresses of devices connected to the wireless
router.
To filter MAC addresses, follow this step:

1.

Click the Wireless tab

2. Click Wireless MAC Address filter

3. Click Enable
4. Click Permit Only PCs listed to access the wireless network
5. Click wireless Client or Edit MAC Filter List

When MAC address filter list window appears,enter the address of each network adapter in
your home or office you want to prevent from accessing the network
Click SaveSetting at the bottom of the window.
- See more at: http://orbit-computer-solutions.com/Filtering-Access-by-MACAddress.php#sthash.2sjdDv4u.dpuf

Linksys Wireless
Router.
Linksys is one of the leading manufacturers of Ethernet and wireless routers that are useful
for homes and small businesses network.
Linksys wireless routers support most of all the general types of home networking
components. Among the various ranges of Linksys wireless routers is the
wireless-N products range which is equipped with 802.11n capability, while the WirelessG products support 802.11g.
Linksys range of dual-band routers, support more than one of the Wi-Fi standards such as
the Linksys Dual-Band Wireless A+G which supports 802.11a and 802.11g. Most Linksys
routers are specially designed for mobility, some for VPN networking, and some for high
speed connection and easy to set up.
- See more at: http://orbit-computer-solutions.com/Linksys-WirelessRouters.php#sthash.UOpAPQyD.dpuf

Wireless Network
Security.
Use the following recommendations for additional
security on your wireless networks.
Use a network security key
If you have a home or office wireless network, you
should set up a network security key, which turns on

partner-pub-1370

UTF-8

Search

Sign Up For Post Updates

* required
First Name:
Email Address:*

encryption. With this, other people (except authorise

users) can't connect to your network without the
security key. Also, any information that is sent across
your network is encrypted so that only computers
that have the key to decrypt the information can read
it. This can help avert attempts to access your
network and files without your permission.Known
Wireless network encryptions are:

Sign Me Up

Email Marketing by
VerticalResponse

Wired Equivalent Privacy (WEP)

Wi-Fi Protected Access (WPA)
WPA-2.
read more on WEP,WPA,WPA-2
Change the administrator name and password
If you have a router or access point, you probably
used a default name and password to set up the
device. Most manufacturers use the same default
name and password for all of their equipment, this
enables anyone to gain access your router or access
point without you knowing it. To secure your network,
change the default administrator user name and
password for your router. Check the information that
came with your device for instructions about how to
change the name and password.
Change the default SSID
Routers and access points use a wireless network
name called a service set identifier (SSID). Most
manufacturers use the same SSID for all of their
routers and access points. Changing the default SSID
helps to keep your wireless network from overlapping
with other wireless networks that might be using the
default SSID. It makes it easier for you to identify
which wireless network is yours, if there are wireless
network(s) nearby, because the SSID is typically
shown in the list of available networks. Check the
information that came with your device for
instructions about how to change the default SSID.
Position your router or access point
Wireless signals can transmit a few hundred feet, so
the signal from your network could be broadcast

Resources
CCNA Networking Books
MCSE Certification
Cisco Packet Tracer
GNS3 Router Simulator
CCNA - Past Questions
& Answers with Explanation
VLSM eBook

outside of your home. You can help limit the area that
your wireless signal reaches by positioning your
router or access point close to the centre of your
home rather than near an outside wall or window.
Use Standard or User account
The standard account can help protect your computer
by preventing users from making changes that affect
everyone who uses the computer. A very good
recommendation is for you to create a standard
account for each user.
When you are logged on to Windows with a standard
account, you can do anything that you would do with
an administrator account, but if you want to do
something that affects other users of the computer,
such as installing software or changing security
settings, Windows might ask you to provide a
password for an administrator account.

Network Security Software

Wireless Routers

Types of Wireless Technology

How To Secure Your Network with Windows Firewall

How to Filter Access by MAC Address

52 0 0 0 0

Web Links Privacy Policy Contact Us Advertise.

(c) Copyright 2013. Orbit-Computer-Solutions.Com. All rights reserved.

The information provided on this website is for informational purposes only.

Orbit-computer-solutions.com makes no warranties, either expressed or implied, with respect
to any information contained on this website.
Orbit -computer-solutions.com reserves the right to change this policy at any time without
prior notice.
Cisco and All related product mentioned in any portion of this website are the registered
trademarks of Cisco.com their respective owners. Microsoft Windows and All related products
mentioned in any portion of this website are registered trademark of Microsoft Corporation.

This website has stored cookies to help the work better.

- See more at: http://orbit-computer-solutions.com/Wireless-NetworkSecurity.php#sthash.B6CpbsIE.dpuf

Diagram of a Wireless Network.

Wired Network.

- See more at: http://orbit-computer-solutions.com/Diagram-of-a-WirelessNetwork.php#sthash.m4dg5KhW.dpuf

How to Install and Configure your

Wireless Router or Access Points.
On the following pages, you will learn how to configure a wireless router or access point.
This includes:
i. How to set the SSID
ii. Enable security
iii. Configure the channel
iv. Adjust the power settings of a wireless access point.
We will also look at how to back up and restore your configuration settings on a wireless
access point.
Most access points have been designed to function with the default or factory settings. It is
recommended to change the default configurations.

Field Code Changed

After confirming your wired network connectivity, and the access point installed, you will
now configure it.
In the following examples we will be using the Linksys WRT300N multifunction device, it
also an access point.
Use these steps for configuring the Linksys WRT300N and most linksys wireless access
points:
Make your PC is connected to the access point via a wired connection, and access the web
utility with a web browser. To access the web-based utility of the access point, launch
Internet Explorer, and enter the WRT300N default IP address, 192.168.1.1, in the address
field.
Press the Enter key.
1. A screen display prompting you for your username and password. Leave the Username
field blank.
2. Enter admin in the Password field (default settings for a Linksys WRT300N). If the device
has already been configured, the username and password may have been changed.
3. Click OK to continue.
For a basic network setup, we will be learning how to use the following screens
Setup, Management, and Wireless buttons:

Setup on this screen you will enter your basic network settings (IP
address).
i.

ii. Management start by clicking the Administration tab and then select the
Management screen. The default password is admin. To secure the access point, change
the password from its default.
iii. Wireless This is where you make changes of the default SSID. Select the level of
security in the Wireless Security tab and complete the options for the selected security
mode.

When you have finished making changes to a screen, click the Save Settings button, or
click the Cancel Changes button to undo your changes. For information on a tab, click
Help. We will go through these steps one after the other.
- See more at: http://orbit-computer-solutions.com/How-to-Install-and-Configure-your-WirelessRouter-or-Access-Points.php#sthash.RrOm7Skm.dpuf

How to Add and Configure

Wireless Router to a LAN.
On this page, we will look at how to configure a Linksys wireless router, allowing for remote
access from PCs as well as wireless connectivity with WEP security. We will use the topology
diagram below as sample.

The router R1 and switch SW2 had been configured with the appropriate configurations with
the LAN and VLAN

R1 and SW2 Configurations:

Before you begin, you might like to do a reset on the wireless router. In order to clear any
previous configurations, do a hard reset. Look for the reset button on the back of the router.
Using a pen or other thin instrument, hold down the reset button for 5 - 7 seconds. The
router should now be restored to its factory default settings.

Establish physically connectivity.

1. Connect a straight through cable from the Laptop PC to one of the wireless routers LAN
ports, labelled Ethernet 1 - 4. By default, the wireless router will provide an IP address to
the laptop using default DHCP configurations.

Open a web browser.

2. Navigate to the wireless routers Web Utility. You can use the WEB GUI will be used to
configure the settings on the wireless router. The GUI can be accessed by navigating to the
routers LAN/Wireless IP address with a web browser. The factory default address is
192.168.1.1.

3. Leave the username blank and set the password to: admin.

4. Configure Options in the Linksys Setup Tab.

By default the start-up page is the Setup screen. Here, you will need to set the Internet
connection type to static IP. In the menus at the top notice you are in the Setup section and
under the Basic Setup tab.

5. In the Setup screen for the Linksys router, locate the Internet Connection Type option
in the Internet Setup section of this page. Click the drop-down menu and select Static IP
from the list.

6. Configure the VLAN 99 IP address, subnet mask, and default gateway for the Linksys
Wireless Router.

Set the Internet IP address to 172.17.99.25.

Set the Subnet Mask to 255.255.255.0.

Set the Default Gateway to 172.17.99.1.

Note: Typically in a home or small business network, this Internet IP address is assigned by
the ISP through DHCP or PPPoE.
7. Configure the router R1 IP parameters.

Still on the Basic Setup page, scroll down to Network Setup. For the Router IP fields do
the following:

* Set the IP address to 172.17.30.1 and the subnet mask to 255.255.255.0.

Under the DHCP Server Setting, ensure that the DHCP server is Enabled.

Click the Save Settings button at the bottom of the Setup screen.

At this stage, you will notice that the IP address range for the DHCP pool adjusts to a range
of addresses to match the Router IP parameters. These addresses are used for any wireless
clients that connect to the routers internal switch. Clients receive an IP address and mask,
and are given the router IP to use as a gateway.

8. Set the network name (SSID).

Click the Wireless tab.

Under Network Name (SSID), rename the network from Linksys to any name of your
choice, example orbitcisco1.

Click Save Settings.

9. Set the security mode.

Click Wireless Security. It is located next to Basic Wireless Settings in the main Wireless
tab.

ChangeSecurity Mode from Disabled to WEP.

Using the default Encryption of 40/64-Bit, set Key1 to 1234567890 or any combination of
hex digit only,

 Click Save Settings.

10. Set the router password.

Click the Administration tab.

Under Managementin the Router Access section, change the router password to orbit123
or any password of your choosing. Re-enter the same password to confirm.

11. Enable remote management.

In theRemote Access section, set Remote Management to Enabled.

Click Save Settings.

You may be prompted to log in again. Use the new password of cisco123 and still keep the
username blank

12. Enable remote management.

In theRemote Access section, set Remote Management to Enabled.

Click Save Settings.

You may be prompted to log in again. Use the new password and still keep the username
blank.

13. Add Wireless Connectivity to a laptop PC

i. Disconnect the Ethernet connection from the laptop to Wireless Router.

ii: Use Windows XP to connect to the wireless router.

Below is on how to use Windows XP's built in Wireless Network Connection Utility.
Depending on the model of NIC you use, this might be disabled, and you will need to use
the utility provided by the NIC manufacturer.
click Start > Control Panel > Network Connections.

Select the Wireless Network Connection.

Navigate to the File menu and select Status.

Click View Wireless Networks.

Locate the orbitcisco1 or whatever names you gave to your network SSID in the list of
available networks and connect to it.

When prompted for the WEP key enter it as above, 1234567890 or whatever key you used
and clickConnect.

ii. Verify your Connection.

In theStatus window, select the Support tab. Verify that the Laptop has received an IP
address from the Wireless routers DHCP address pool or has been manually configured.

Test your Connection

iv. Ping Wireless routers LAN/Wireless interface.

On Laptop PC, navigate to the command prompt or click Start->Run

Type cmdand select open. This will open the command prompt

In the command prompt type ping 172.17.30.1

v. Ping R1s Fa0/1.99 Interface.

In the command prompt type ping 172.17.99.1

vi. Ping VLAN 10 and VLAN 20 from Laptop PC.

In the command prompt type ping 192.168.10.21 to ping VLAN 10.

Repeat on VLAN 20s address, 192.168.20.22.

The pings should work. If not check or troubleshoot configuration.

- See more at: http://orbit-computer-solutions.com/CCNA%3A-How-to-add-and-Configure-a-WirelessRouter-to-a-LAN-.php#sthash.ujYmTaIc.dpuf

Peer-to-peer Networking
(Workgroup).
Peer-to-Peer networking is when all computers are in the same network or using the same
Ethernet network. They are considered as peers and will have to be connected through a
hub, switch or a router as the case may be.
There is no server, controller or one in charge. Computers in a work group shares resources
such as the printer and files. This happen mostly in windows; work group is automatically
set up when you set up a network and they all share the same subnet. A work group is not
protected by a password, no security is provided whatsoever; unlike a home group
(windows 7) which is protected by a password.
Work groups are specially use in a home, schools or office settings where files, printers and
other network resources are shared.
A computer joining a work group is assigned with the same work group name this process
makes accessing the computers easier.

A typical example of a work group is shown below:

How to create a work group

Creating a work group as a form of networking is no rocket science. Windows automatically
assigns your PC to a work group named WORKGROUP or MSHOME by default. You can
decide to change the name if you need to. Before you create a work group, ensure that all
computers are connected together on the same network name. (through a hub or a switch)

- See more at: http://orbit-computer-solutions.com/Peer-to-Peer-Networking--Workgroup.php#sthash.wbiyqtz8.dpuf

How to Secure Your

Network with
Windows Firewall.

A firewall is a hardware or software that monitors the traffic moving through a network
gateway. Firewall can be configured to block or allow traffic based on defined criteria
(ACLs). Firewalls blocks or allows random pings from a remote site to your computer or
programs from your computer that attempts to access remote sites without your
knowledge.
Most if not all windows software comes with inbuilt firewall. To view and configure your
firewall on windows, follow these steps:
If your using XP
1. Single-click on the wireless connection icon in your system tray
2. Click Network and sharing centre
3. Click windows firewall

If you are using VISTA.

1. Click on start button
2. Right click on Network
3. Select Properties

Click on firewall
1. Click Turn Firewall On or Off

User account control dialogue box will appear, click Continue

1. Click On
2. Click Apply

then Click Ok

- See more at: http://orbit-computer-solutions.com/How-To-Secure-Your-Network-with-WindowsFirewall.php#sthash.N5i5TOdr.dpuf

Firewall Explained.
In networking, the term firewall means a system that enforces an access control
policy between networks. This control policy can include options such as a packet
filtering router, a switch with VLANs, and multiple hosts with firewall software.

A firewall system can be a composition of many different devices and components.

One crucial component of a firewall is traffic filtering, which is what is mostly
referred to as a firewall.

A firewall could be likened to the metal sheet that separates the engine compartment of a
vehicle or aircraft from the passenger area. Basically, the term firewall was adapted for use
with computer networks; firewall is applied or configured on a network to prevent uninvited
traffic from entering or gaining access to prescribed areas within a network.
The original firewalls were not standalone devices, but routers or servers with software
features added to provide firewall functionality. Over time, several companies developed
standalone firewalls. Dedicated firewall devices enabled routers and switches to offload the
memory- and processor-intensive activity of filtering packets. Modern routers, such as the
Cisco Intergrated Service Routers(ISRs), also can be used as sophisticated stateful firewalls
for organizations that may not require a dedicated firewall.

Features of Firewalls
Firewalls share some common properties:
i. Resistant to attacks
ii. Only transit point between networks. (all traffic flows through the firewall)
iii. Enforces the access control policy
How Firewall Works

Types of Firewalls.
Stateless Firewall.
The early firewalls were created to inspect packets to verify if they matched sets of rules,
with the option of forwarding or dropping the packets accordingly. This type of packet
filtering is known as stateless filtering, each packet is filtered based solely on the values of
certain parameters in the packet header, similar to how ACLs (access control lists) filter
packets.
Statefull Firewall.
The first stateful firewall appeared in 1989, it was developed by AT&T Bell Laboratories. This
type of firewalls filter packets on information stored in the firewall based on data flowing
through the firewall. The stateful firewall is able to determine if a packet belongs to an
existing flow of data. They help to mitigate DoS attacks that exploit active connections
through a networking device. Stateful filtering provides dynamic packet filtering capabilities
to firewalls. It operates at the Network Layer of the OSI, although for some applications it
can also analyze traffic at Layer 4 and Layer 5.

Packet-filtering Firewall.
This can be in a form of a router with the capacity to filter some packet content, such as
Layer 3 and sometimes Layer 4 information.They permit and deny based on Layer 4
information such as protocol, and source and destination port numbers. Packet filtering
firewall uses access control lists (ACLs) to determine whether to permit or deny traffic,
based on source and destination IP addresses, protocol,source and destination port
numbers, and packet type. Packet-filtering firewalls are usually part of a router firewall.

Application Gateway Firewall or Proxy Firewall.

A type of firewall that filters information at Layers 3, 4, 5, and 7 of the OSI
reference model. Most of the firewall control and filtering is done in software.
Address-translation firewall.
A type of firewall that expands the number of IP addresses available and
conceals network addressing design.

Host-based firewall.
A PC or server with firewall software running on it.
Transparent firewall.
A firewall that filters IP traffic between apair of bridged interfaces.
Hybrid firewall
A firewall that is a combination of the various firewalls types. For example, an application
inspection firewall combines a stateful firewall with an application gateway firewall.
- See more at: http://orbit-computer-solutions.com/Firewall-Explained.php#sthash.0yzKARWi.dpuf

Broadband Wireless.
Wireless technology uses the unlicensed radio spectrum to send and receive data. The
unlicensed spectrum is accessible to anyone who has a wireless router and wireless
technology on the device they are using.
The benefits of Wi-Fi extend beyond not having to use or install wired network connections.
Wireless networking provides mobility, flexibility and productivity to the user.
Until recently, one limitation of wireless access has been the need to be within the local
transmission range (typically less than 100 feet) of a wireless router or a wireless modem
that has a wired connection to the Internet. However, with advances in technology, the
reach of wireless connections has been extended.
Newer PCs, Laptops and other network devices are being manufactured with built in wireless
network adapters and new developments in broadband wireless technology are increasing
wireless availability. These include:

Municipal Wi-Fi
WiMAX
Satellite Internet

Municipal WiFi

Municipal wireless networks are seen to be springing up in many cities. Some of

these networks provide high-speed Internet access for free or for substantially
less than the price of other broadband services. Others are for city use only,
allowing police and fire departments and other city employees to do certain
aspects of their jobs remotely.

Field Code Changed

To connect to a municipal WiFi, a subscriber typically needs a wireless modem,

which provides a stronger radio and directional antenna than conventional
wireless adapters. Most service providers provide the necessary equipment for
free or for a fee, much like they do with DSL or cable modems.

WiMAX
Worldwide Interoperability for Microwave Access (WiMAX) is a new technology that
is just beginning to come into use. It is described in the IEEE standard 802.16.

WiMAX provides high-speed broadband service with wireless access and provides
broad coverage like a cell phone network rather than through small WiFi hotspots.
WiMAX operates in a similar way to WiFi, but at higher speeds, over greater
distances, and for a greater number of users. It uses a network of WiMAX towers
that are similar to cell phone towers.

To access a WiMAX network, subscribers must subscribe to an ISP with a WiMAX

tower within 10 miles of their location. They also need a WiMAX-enabled computer
and a special encryption code to get access to the base station
- See more at: http://orbit-computer-solutions.com/Wireless-Broadband.php#sthash.wH1vxUWC.dpuf

Explanation of Terms.
Wired Equivalent Privacy (WEP)
WEP is a commonly and widely used network security method. To enable WEP, you need to
set up a network security key. This key encrypts the information that one computer sends
to another computer across your network. The receiving computer needs the key to decode
the information making it difficult for someone on another computer or to get onto your
network and access files without your permission.
Wi-Fi Protected Access (WPA)
WPA helps to authenticate the security of WEP. WPA encrypts information, it also checks to
make sure that the network security key has not been modified. WPA also authenticates
users to help ensure that only authorized people can access the network. If your networking
hardware works with both WEP and WPA security, WPA is highly recommended.
There are two types of WPA authentication: WPA and WPA2.
WPA is designed to work with all wireless network adapters, but it might not work with
older routers or access points.

WPA2 is more secure than WPA, but it will not work with some older network adapters. It
also uses PSK and advanced Encryption Standard (AES) to encrypt data transmissions.
Since AES is a newer and more advanced encryption scheme, it is a recommended choice
for small office and home networks.
WPA functions properly with an 802.1X authentication server, which distributes different
keys to each user. This is referred to as WPA-Enterprise or WPA2-Enterprise.
802.1X authentication
802.1X authentication can help enhance security for 802.11 wireless networks and wired
Ethernet networks. 802.1X uses an authentication server to validate users and provide
network access. On wireless networks, 802.1X can work with Wired Equivalent Privacy
(WEP) or Wi-Fi Protected Access (WPA) keys. This type of authentication is typically used
when connecting to a workplace network
- See more at: http://orbit-computer-solutions.com/WEP%2C-WPA%2CWPA-2%2C8021x.php#sthash.ewIxe4jP.dpuf

Network Security
Software.
If you are connected to the Internet through Wired or Wireless network (USB, broadband
Modem or dial-up), most times you deeply rely on your computer and software for
protection from viruses and other threats. If you are connected through a router, it might
be able to help; because most routers are equipped with firewall. This helps to block any
intruder or malicious software that attempts to penetrate your network through the
Internet.
Viruses and other malicious software cause devastating effect on your PC without your
knowledge.
It is a fact that windows security features has improved over the years especially with the
later editions (windows 8) but, some vital elements are not included such as anti-virus
protection and the windows firewall is childs play to experienced hackers out there!. With
this said, in order to stay and surf the net safely, you need third-party software security
utilities installed.
There are different types of security software products available, for you stay and surf safe,
you need at least three key security software tools: an anti-anti-virus, Firewall and an
anti-Spyware tool.

Anti-Virus

Computer Virus is no news to even non-computer users. Good anti-virus security software
scans your computer for viruses; they are programmed to examine all files in your
computer for hidden infections. If detected, it repairs, cleans or removes infected files from
you computer. They use a set of virus codes known as snippets, to sniff out malicious
software embedded in your compute files. For ant-virus software to do their work properly
they need to be updated daily.

Firewall
Firewalls are computer software programs that are designed to stop malicious softwares
and hackers (unauthorised access) getting into youre your computer; especially through
the Internet.
Firewall monitors your computers network or Internet and examines information that goes
in and out of your network.

Anti-Spyware
Anti-spy-ware works in the same way as anti-virus program does but, anti-spy-ware
products are more specific. An anti-spyware security tool scans your computer and removes
any malicious software that seeks to gathers information about your computer use and
personal information.
Most anti-spyware removes cookies.
Cookies are used by some websites to track your visits and others to post pop-up ads.
- See more at: http://orbit-computer-solutions.com/Network-SecuritySoftware.php#sthash.xgfoM3I1.dpuf

Wireless Technologies
/ Standards.
The IEEE 802.11 standards specify two operating modes: infrastructure mode and ad
hoc mode.

Field Code Changed

Infrastructure mode is used to connect computers with wireless network adapters to an

existing wired network with the help from wireless router or access point, while Ad hoc
mode is used to connect wireless clients directly together, without the need for a wireless
router or access point.
The 802.11 standard establishes and defines the mode of channelling the unlicensed radio
frequency bands in WLANs. The 2.4 GHz band is broken down into 11 channels for North
America and 13 channels for Europe. These channels have a centre frequency separation of
only 5 MHz and an overall channel bandwidth (or frequency occupation) of 22 MHz.
802.11a
The IEEE 802.11a adopted the OFDM modulation technique and uses the 5 GHz band.
The 802.11a devices operating in the 5 GHz band are less likely to experience interference
than devices that operate in the 2.4 GHz band because there are fewer consumer devices
that use the 5 GHz band. Also, higher frequencies allow for the use of smaller antennas.
Advantages:
Speed: Uses up to Up to 54 Mbps
a. Has the fastest transmission speed.
b. Allows for more simultaneous users.
c. Uses the 5 GHz frequency, which limits interference from other devices.
Few disadvantages of using the 5 GHz band are;
a. Higher frequency radio waves are more easily absorbed by obstacles such as walls,
making 802.11a susceptible to poor performance due to obstructions.
b. Higher frequency band has slightly poorer range than either 802.11b or g. Also, some
countries, including Russia, do not permit the use of the 5 GHz band, which may continue to
curtail its deployment.
c. Is not compatible with 802.11b network adapters, routers, and access points.
802.11b
This was the first and, until recently, the most common wireless variant used. With
transmission speeds of just 11Mbits/sec it is also the slowest. It also used the 40bit Wireless
Equivalency Privacy (WEP) security protocol, which
was found to have a number of deficiencies. A newer version of this, 802.11b+ maintains
speeds to 22Mbits/sec.
Advantages:
Speed : 11megabits per seconds
costs less
Has the best signal range.
Disadvantages:
Transmission speed is slow

Uses the 2.4 gigahertz (GHz) of frequency the same as some house hold items like cordless,
micro waves ovens etc.
Provides access to few users simultaneously.
802.11g
This is the most recent and popular in use now, offering more respectable data transfer
speeds of up to 54Mbits/sec, but its speed are much lower. It also uses an upgraded form of
Wi-Fi Protected Access (WPA) security protocol.
Advantages:
Speed: Uses Up to 54 Mbps
Has a transmission speed comparable to 802.11a under optimal conditions
a. Allows for more simultaneous users
b. Has the best signal range and is not easily obstructed
c. Is compatible with 802.11b network adapters, routers, and access points
Disadvantages:
Uses the 2.4 GHz frequency so it has the same interference problems as 802.11b
Costs more than 802.11b
802.11n
The 802.11n draft standard is intended to improve wireless data rates and range without
requiring additional power or radio frequency band allocation. The 802.11n uses multiple
radios and antennae at endpoints, each broadcasting on the same frequency to establish
multiple streams. The multiple input/multiple output technology splits a high data-rate
stream into multiple lower rate streams and broadcasts them at the same time over the
available radios and antennae. This allows for a speculative maximum data rate of 248 Mb/s
using two streams.
Note:
If your PC or laptop have more than one wireless network adapter or your adapter uses
more than one wireless technology / standard, you are provided with options to specify
which adapter or standard to use for each network connection.
E.g., if you use streaming media, such as videos or music, on your PC or Laptop, choosing
802.11a connection from the options provided would be best for you, because you will get a
faster data transfer rate when you watch videos or listen to music.
- See more at: http://orbit-computer-solutions.com/Wireless-Standards.php#sthash.IC4jfOjB.dpuf

End Devices and their role on the Network.

Field Code Changed

The network devices that people are most familiar with are called end devices. These
devices form the interface between the human network and the underlying communication
network. Some examples of end devices are:

Computers ,laptops, file servers, web servers.

Network printers
VoIP phones
Security cameras
Mobile handheld devices

- See more at: http://orbit-computer-solutions.com/End-Devices-and-their-Role-on-theNetwork.php#sthash.a3xTqP06.dpuf

IPv4 Address and Class.

IPv4 addresses are divided into classes. Below is the class range of IP addresses and default
subnet masks:Class

Range

1.0.0.0
127.255.255.255
128.0.0.0
191.255.255.255
192.0.0.0
223.255.255.255

B
C

Default Subnet
Mask
255.0.0.0
255.255.0.0
255.255.255.0

Network mask
A network mask enables you to identify the network portion of an IP Address and the potion
that represent the node (host). Class A, B, and C networks have default network masks,
also known as natural masks, as shown here:
Class A: 255.0.0.0 (decimal)
(11111111.00000000.00000000.00000000) binary
Class B: 255.255.0.0 (Decimal)
(11111111.11111111.00000000.00000000) binary
Class C: 255.255.255.0 (decimal)
(11111111.11111111.11111111.00000000) binary
Class A:
255.0.0.0 (24 bits)

In a Class A address, the first octet is the network portion while the remaining three octets
are for the network manager to divide into subnets and node (hosts). Class A addresses are
used for networks that have more than 65,536 hosts (actually, up to 16777214 hosts!).
Class B
255.255.0.0 (16 bits)
In a Class B address, the first two octets is the network portion while the remaining two
octets are for the network manager to divide into subnets and nodes (hosts). Class B
addresses are used for networks that have between 256 and 65534 hosts.

Class C
255.255.255.0 (8 bits)
In a Class C address, the first three octets is the network
portion while the remaining octet is for local subnets and hosts
- perfect for networks with less than 254 hosts.
- See more at: http://orbit-computer-solutions.com/IP-Addresses-andClass.php#sthash.wkLhFsjn.dpuf

Identify Problems with

Access Point
Misplacement.
You may have experienced a WLAN that just did not seem to perform like it should. Perhaps
you keep losing connection with an access point, or your data rates are much slower than
they should be. You may even have done a quick move around the environment to confirm
that you could actually see the access points. Having confirmed that they are there, you
wonder why you continue to get poor service.
Reason
There are two major issues on improper placement of access points:

The distance separating access points is too far to allow overlapping coverage.
The orientation of access point antennae in hallways and corners diminishes
coverage.

Solution

Verify the power settings and make sure the operational ranges and placement of access
points are on a minimum of 10 to 15% cell overlap.
Change the orientation and positioning of access points:

Position access points above obstructions.

Position access points vertically near the ceiling in the centre of each coverage area,
if possible.
Position access points in locations where users are expected to be. For example,
large rooms are typically a better location for access points than a hallway.

Additional specific details concerning access point and antenna placement are as:

Always mount the access point vertically

Do not mount the access point on building perimeter walls, unless outside coverage
is desired.
Do not mount the access point outside of buildings
Do not mount the access point within 3 feet (91.4 cm) of metal obstructions.
Install the access point away from microwave ovens. Microwave ovens operate on
the same frequency as the access point and can cause signal interference.
When mounting an access point in the corner of a right-angle hallway intersection,
mount it at a 45-degree angle to the two hallways. The access point internal
antennas are not omni-directional and cover a larger area when mounted this way.
Ensure that access points are not mounted closer than 7.9 inches (20 cm) from the
body of all persons.

- See more at: http://orbit-computer-solutions.com/Identify-Problems-with-Access-PointMisplacement.php#sthash.LwLfQOsc.dpuf

Wireless Network Error: Incorrect

Channel Settings.
Most WLANs today operate in the 2.4 GHz band, which can have as many as 14 channels,
each occupying 22 MHz of bandwidth. Energy is not spread evenly over the entire 22 MHz,
rather the channel is strongest at its centre frequency, and the energy diminishes toward
the edges of the channel.
Interference can occur when there is overlap of channels. It is worse if the channels overlap
close to the centre frequencies, but even if there is minor overlap, signals interfere with
each other. Set the channels at intervals of five channels, such as channel 1, channel 6, and
channel 11.
Solving RF Interference

Incorrect channel settings are part of the larger group of problems with RF interference.
WLAN administrators can control interference caused by channel settings with good
planning, including proper channel spacing.

Interferences caused
by household or office
appliances.
Other sources of RF interference can be found all around the workplace or in the home.
From the snowy disruption of a television signal that occurs when a neighbour runs a
vacuum cleaner. Such interference boils down to efficient planning on placement of devices.
For instance, plan to place microwave ovens away from access points and potential clients.
Sadly, all known RF interference issues cannot be planned for because there are just too
many them.
The problem with devices such as cordless phones, baby monitors, and microwave ovens, is
that they do not contend for the channel-they just use it.
Solution
Try setting your WLAN access point to channel 1 or channel 11. Many consumer items, such
as cordless phones, operate on channel 6.
- See more at: http://orbit-computer-solutions.com/Incorrect-ChannelSetting.php#sthash.dpvhhGTP.dpuf

WLAN: Problems with

Authentication and
Encryption.
The WLAN authentication and encryption problems you are most likely to encounter, and
that you will be able to solve, are caused by incorrect client settings.

If an access point is expecting one type of encryption, and the client offers a different type,
the authentication process fails.
Note, all devices connecting to an access point must use the same security type as the one
configured on the access point. In essence, if an access point is configured for WEP, both
the type of encryption (WEP) and the shared key must match between the client and the
access point. If WPA is being used, the encryption algorithm is TKIP. Similarly, if WPA2 or
802.11i is used, AES is required as the encryption algorithm.

1. Laptop/Client requests connection

2. Router / Access Point requests for authentication
3. Laptop /Client provides authentication
4. Router / Access Point rejects authentication
5. Laptop / Client lose connection
Reason for no connectivity:
1. Wrong encryption type set on client / laptop
2. Wrong credential supplied to access Point.
Solution:
1. Match encryption type on client / laptop
2. Match same credential on client and access point

- See more at: http://orbit-computer-solutions.com/Problems-with-Authentication-andEncryption.php#sthash.khUTwUcb.dpuf

The Internet - A Network of

Networks.
Although there are benefits to using a LAN or WAN, most of us need to communicate with a
resource on another network, outside of our local office or organization. Examples of this
type of communication include:
* Sending an e-mail to a friend in another country
* Accessing news or products on a website
* Getting a file from a neighbours computer
* Sending Instant messaging with a relative in another city
* Looking up sports news on a cell phone

Internetwork - (Internet)
Its been called the Goliath of computer networks, linking millions of computers users all
over the world.
To meets these human communication needs, internetwork had to be created, It is created
by the interconnection of networks belonging to Internet Service Providers (ISPs).
Some of these interconnected networks are owned by large public and private
organizations, such as government agencies or industrial enterprises. The most well-known
and widely used publicly accessible Internetwork is the Internet.

Intranet
The term intranet is often used to refer to a private connection of LANs and WANs that
belongs to an organization, and is designed to be accessible only by the organization's
members, employees, or others with authorization.
Note: A connection of two or more data networks forms an Internetwork - a network of
networks The following terms can be used interchangeably: Internetwork, data network,
and network. It is also common to refer to an internetwork as a data network - or simply as

a network - when considering communications at a high level. The usage of terms depends
on the context at the time and terms may often be interchanged.
Interconnection of Networks

Peer-to-Peer Network (workgroup)

- See more at: http://orbit-computer-solutions.com/The-Internet---A-Network-ofNetworks.php#sthash.oSPQHvra.dpuf

Network Address Translation

Field Code Changed

(NAT).

The best way to describe how NAT work is to liken it to an extension of an office telephone
line. An outside caller calls only the main number that connects to the office and the
switchboard operator looks through the office telephone list and connects the caller to the
particular office the call is meant for. The particular office could leave instruction with the
receptionist or whomever works at the switchboard to forward or not to forward the call.

Unlike DHCP server that assigns IP dynamic addresses to devices inside the network, NATenabled routers retain one or many valid Internet IP addresses outside of the network.
When the client sends packets out of the network, NAT translates the internal IP address of
the client to an external address.
To outside users, all traffic coming to and going from the network has the same IP address
or is from the same pool of addresses.
NAT has different functions, but its key function is to save IP addresses by allowing
networks to use private IP addresses. NAT translates private, internal addresses into public,
external addresses. NAT has an added benefit of adding a degree of privacy and security to
a network because it hides internal IP addresses from outside networks.
The following terms are used when discussing NAT:

Inside local address - Usually not an IP address assigned by a service provider and
is most likely a private address.
Inside global address - Valid Public IP address that the inside host is given when it
exits the NAT configured router.
Outside global address - Valid public IP address assigned to a host on the
Internet.
Outside local address - The local IP address assigned to a host on the outside
network. In most situations, this address will be identical to the outside global
address of that outside device.

To make it clearer, the address internal devices use to communicate with other internal
devices is the inside local address.
The address internal devices use to communicate with external devices is the outside local
address.
The address external devices uses to communicate with internal devices is the inside
global address.
Finally, external devices communicate with one another using outside global addresses.
- See more at: http://orbit-computer-solutions.com/NAT--Network-Address-Translation.php#sthash.LjZvbHjn.dpuf

Wireless Technologies
/ Standards.
The IEEE 802.11 standards specify two operating modes: infrastructure mode and ad
hoc mode.

Infrastructure mode is used to connect computers with wireless network adapters to an

existing wired network with the help from wireless router or access point, while Ad hoc
mode is used to connect wireless clients directly together, without the need for a wireless
router or access point.
The 802.11 standard establishes and defines the mode of channelling the unlicensed radio
frequency bands in WLANs. The 2.4 GHz band is broken down into 11 channels for North
America and 13 channels for Europe. These channels have a centre frequency separation of
only 5 MHz and an overall channel bandwidth (or frequency occupation) of 22 MHz.
802.11a
The IEEE 802.11a adopted the OFDM modulation technique and uses the 5 GHz band.
The 802.11a devices operating in the 5 GHz band are less likely to experience interference
than devices that operate in the 2.4 GHz band because there are fewer consumer devices
that use the 5 GHz band. Also, higher frequencies allow for the use of smaller antennas.
Advantages:
Speed: Uses up to Up to 54 Mbps
a. Has the fastest transmission speed.
b. Allows for more simultaneous users.
c. Uses the 5 GHz frequency, which limits interference from other devices.
Few disadvantages of using the 5 GHz band are;
a. Higher frequency radio waves are more easily absorbed by obstacles such as walls,
making 802.11a susceptible to poor performance due to obstructions.
b. Higher frequency band has slightly poorer range than either 802.11b or g. Also, some
countries, including Russia, do not permit the use of the 5 GHz band, which may continue to
curtail its deployment.
c. Is not compatible with 802.11b network adapters, routers, and access points.
802.11b
This was the first and, until recently, the most common wireless variant used. With
transmission speeds of just 11Mbits/sec it is also the slowest. It also used the 40bit Wireless
Equivalency Privacy (WEP) security protocol, which
was found to have a number of deficiencies. A newer version of this, 802.11b+ maintains
speeds to 22Mbits/sec.
Advantages:
Speed : 11megabits per seconds
costs less
Has the best signal range.
Disadvantages:
Transmission speed is slow

Uses the 2.4 gigahertz (GHz) of frequency the same as some house hold items like cordless,
micro waves ovens etc.
Provides access to few users simultaneously.
802.11g
This is the most recent and popular in use now, offering more respectable data transfer
speeds of up to 54Mbits/sec, but its speed are much lower. It also uses an upgraded form of
Wi-Fi Protected Access (WPA) security protocol.
Advantages:
Speed: Uses Up to 54 Mbps
Has a transmission speed comparable to 802.11a under optimal conditions
a. Allows for more simultaneous users
b. Has the best signal range and is not easily obstructed
c. Is compatible with 802.11b network adapters, routers, and access points
Disadvantages:
Uses the 2.4 GHz frequency so it has the same interference problems as 802.11b
Costs more than 802.11b
802.11n
The 802.11n draft standard is intended to improve wireless data rates and range without
requiring additional power or radio frequency band allocation. The 802.11n uses multiple
radios and antennae at endpoints, each broadcasting on the same frequency to establish
multiple streams. The multiple input/multiple output technology splits a high data-rate
stream into multiple lower rate streams and broadcasts them at the same time over the
available radios and antennae. This allows for a speculative maximum data rate of 248 Mb/s
using two streams.
Note:
If your PC or laptop have more than one wireless network adapter or your adapter uses
more than one wireless technology / standard, you are provided with options to specify
which adapter or standard to use for each network connection.
E.g., if you use streaming media, such as videos or music, on your PC or Laptop, choosing
802.11a connection from the options provided would be best for you, because you will get a
faster data transfer rate when you watch videos or listen to music.
- See more at: http://orbit-computer-solutions.com/Wireless-Standards.php#sthash.QMj7lwkC.dpuf

Field Code Changed

Join or create a workgroup

Windows 7Windows VistaWindows 7

Windows 7
Windows Vista
Note

Workgroups provide a basis for file and printer sharing, but do not actually set up sharing for you. In contrast, in this
version of Windows you can create or join a homegroup, which automatically turns on file and printer sharing on
home networks. If you have a home network, we recommend creating or joining a homegroup. For more
information, search for "homegroup" in Help and Support.
1.

Open System by clicking the Start button

, right-clicking Computer, and then clicking Properties.

2.

Under Computer name, domain, and workgroup settings, click Change settings. If you're prompted
for an administrator password or confirmation, type the password or provide confirmation.

3.

In the System Properties dialog box, click the Computer Name tab, and then click Change.

4.

In the Computer Name/Domain Changes dialog box, under Member of, click Workgroup, and then do
one of the following:

To join an existing workgroup, type the name of the workgroup that you want to join, and then click
OK.

To create a new workgroup, type the name of the workgroup that you want to create, and then click
OK.

The Computer Name/Domain Changes

dialog box
If your computer was a member of a domain before you joined the workgroup, it will be removed from the
domain and your computer account on that domain will be disabled.

Notes

If your network includes computers running Windows XP, you might need to change the workgroup name on
those computers to match the workgroup name on the computers running this version of Windows or
Windows Vista so that you can see and connect to all computers on your network.

Joining or creating a workgroup

Windows 7Windows VistaWindows 7

Windows 7
Windows Vista
Note

Workgroups provide a basis for file and printer sharing, but do not actually set up sharing for you. In contrast, in this
version of Windows you can create or join a homegroup, which automatically turns on file and printer sharing on

home networks. If you have a home network, we recommend creating or joining a homegroup. For more
information, search for "homegroup" in Help and Support.
1.

Open System by clicking the Start button

, right-clicking Computer, and then clicking Properties.

2.

Under Computer name, domain, and workgroup settings, click Change settings. If you're prompted
for an administrator password or confirmation, type the password or provide confirmation.

3.

In the System Properties dialog box, click the Computer Name tab, and then click Change.

4.

In the Computer Name/Domain Changes dialog box, under Member of, click Workgroup, and then do
one of the following:

To join an existing workgroup, type the name of the workgroup that you want to join, and then click
OK.

To create a new workgroup, type the name of the workgroup that you want to create, and then click
OK.

The Computer Name/Domain Changes

dialog box
If your computer was a member of a domain before you joined the workgroup, it will be removed from the
domain and your computer account on that domain will be disabled.

Notes

If your network includes computers running Windows XP, you might need to change the workgroup name on
those computers to match the workgroup name on the computers running this version of Windows or
Windows Vista so that you can see and connect to all computers on your network.

Subnetting IP
Address.
Subnetting allows you to create multiple logical networks that exist within a single Class A,
B, or C network.
There are so many reasons why we subnet:
a. It helps in the preservation of address space in other not to waste addresses.
b. It used for security.
c. It helps to control network traffic due to collisions of packets transmitted by other node
(host) on the same segment.
Subnetting a Network Address
In order to subnet a network address, The subnet mask has to be extended, using some of
the bits from the host ID portion of the address to create a subnetwork ID.
For example, given a Class C network of 192.17.5.0 which has a natural mask of
255.255.255.0, you can create subnets in this manner:
192.17.5.0 - 11000000.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000

|sub|
By extending the mask to be 255.255.255.224, you have borrowed three bits (indicated by
"sub") from the original host portion of the address and used them to create subnets. With
these three bits, it is possible to create eight subnets. With the remaining five host ID bits,
each subnet can have up to 32 host, addresses, 30 of which can actually be assigned to a
device on the same segment.
These subnets have been created.

192.17.5.0 255.255.255.224 host address

range 1 to 30
192.17.5.32 255.255.255.224 host address
range 33 to 62
192.17.5.64 255.255.255.224 host address
range 65 to 94
192.17.5.96 255.255.255.224 host address
range 97 to 126
192.17.5.128 255.255.255.224 host address
range 129 to 158
192.17.5.160 255.255.255.224 host address
range 161 to 190
192.17.5.192 255.255.255.224 host address
range 193 to 222
192.17.5.224 255.255.255.224 host address
range 225 to 254
Another example:Given a class C network address of 192.168.1.0, as a network administrator, you need to
utilize this network address across multiple small groups within the organization. You can do
this by subnetting this network with a subnet address.
All you have to do is , try to create 14 subnets of 14 nodes (hosts) each. This will limit us to
196 nodes (hosts) on the network instead of 254 we would have without subnetting. To
accomplished this we begin with the default network mask for class C
255.255.255.0 (11111111.11111111.11111111.00000000) binary
255.255.255.240 (11111111.11111111.11111111.11110000) binary
Remember the cram table:-

11111111
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)
Look at this because you will always come across it during subnetting
128+64 =192
128+64+32 =224
128+64+32+16=240
128+64+32+16+8=248
128+64+32+16+8+4=252 an so on!
So to give us 16 possible network numbers, 2 of which cannot be used:192.168.1.0 (Reserved)
Network address hosts address, broadcast address
192.168.1.16 192.168.1.17 30 192.168.1.31
192.168.1.32 192.168.1.33 - 46 192.168.1.47
192.168.1.48 192.168.1.49 62 192.168.1.63
192.168.1.64 192.168.1.65 78 192.168.179
192.168.1.80 (keep adding 16 till you get to 224)
That will give you up to 14 networks shared among 14 hosts (nodes).
- See more at: http://www.orbit-computer-solutions.com/Subnetting-IPaddresses.php#sthash.p4zAFHoq.dpuf

How To Configure
Switch Security.
Cisco Switch Port Security
Conventional network security often focuses more on routers and blocking traffic from the
outside. Switches are internal to the organization, and designed to allow ease of
connectivity, therefore only limited or no security measures are applied.
The following basic security features can be used to secure your switches and network:
* Physically secure the device
* Use secure passwords
* Enable SSH access
* Enable port security
* Disable http access
* Disable unused ports
* Disable Telnet
Lets look at how to implement and configure some of the above mentioned switch security
features.

1.

How To Configure the privileged EXEC password.

Use the enable secret command to set the password. For this activity, set the password to
orbit.
SW1#configure terminal
SW1(config)#enable secret orbit
SW1(config)#
2. How To Configure virtual terminal (Telnet) and console passwords and require
users to login.

A password should be required to access the console line. Even the basic user EXEC mode
can provide significant information to a malicious user. In addition, the VTY lines must have
a password before users can access the switch remotely.
Use the following commands to secure the console and telnet:
SW1(config)#line console 0
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#line vty 0 15
SW1(config-line)#password cisco
SW1(config-line)#login
SW1(config-line)#exit
SW1(config)#
3.

How To Configure password encryption.

At this stage, the privileged EXEC password is already encrypted. To encrypt the line
passwords that you just configured, enter the service password-encryption command in
global configuration mode.
SW1(config)#service password-encryption
SW1(config)#
4. How To Configure and test the MOTD banner.
Configure the message-of-the-day (MOTD) using Authorized Access Only as the text.
Follow these guidelines:
i. The banner text is case sensitive. Make sure you do not add any spaces before or after
the banner text.
ii. Use a delimiting character before and after the banner text to indicate where the text
begins and ends. The delimiting character used in the example below is %, but you can use
any character that is not used in the banner text.
iii. After you have configured the MOTD, log out of the switch to verify that the banner
displays when you log back in.
SW1(config)#banner motd %Authorized Access Only%
SW1(config)#end
SW1#exit
5.

How To Configure Port Security

Enter interface configuration mode for FastEthernet 0/11 and enable port security.
Before any other port security commands can be configured on the interface, port security
must be enabled.
SW1(config-if)#interface fa0/11
SW1(config-if)#switchport port-security

* Notice that you do not have to exit back to global configuration mode before entering
interface configuration mode for fa0/11.
6. How To configure the maximum number of MAC addresses.
To configure the port to learn only one MAC address, set the maximum to 1:
SW1(config-if)#switchport port-security maximum 1
7. How To configure the port to add the MAC address to the running configuration.
The MAC address learned on the port can be added to (stuck to) the running configuration
for that port.
SW1(config-if)#switchport port-security mac-address sticky
8.

How To Configure the port to automatically shut down if port

security is violated.
If you do not configure the following command, SW1 only logs the violation in the port
security statistics but does not shut down the port.
SW1(config-if)#switchport port-security violation shutdown

Use the show-mac-address- table command to confirm that SW1 has

learned the MAC address for the intended devices, in this case PC1.
SW1#show mac-address-table
Mac Address Table
------------------------------------------Vlan Mac Address Type Ports
---- ----------- -------- ----20 0060.5c4b.cd22 STATIC Fa0/11
You can use the show port-security interface fa0/11 command to also verify a security
violation with the command.
SW1#show port-security interface fa0/11
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address:Vlan : 00E0.F7B0.086E:20
Security Violation Count : 1
9.

How To Secure Unused Ports

Disabling unused switch ports a simple method many network administrators use to help
secure their network from unauthorized access. Disabling an unused port stops traffic from
flowing through the port(s)
Step 1: Disable interface Fa0/10 on SW1.
Enter interface configuration mode for FastEthernet 0/17 and shut down the port.
SW1(config)#interface fa0/10
SW1(config-if)#shutdown
Step 2: Disable interfaces Fa0/1 to Fa0/24 on SW1
SW1(config)#interface range fa0/1-24
- See more at: http://orbit-computer-solutions.com/How-To-Configure-SwitchSecurity.php#sthash.U2urocH3.dpuf

VLAN

(Virtual Local Area Network).

Definition.
VLAN (Virtual Local Network) is a logically separate IP subnetwork which allow multiple IP
networks and subnets to exist on the same-switched network.

VLAN is a logical broadcast domain that can span multiple physical LAN segments. It is a
modern way administrators configure switches into virtual local-area networks (VLANs) to
improve network performance by separating large Layer 2 broadcast domains into smaller
ones.
By using VLAN a network administrator will be able to group together stations by logical
function, or by applications, without regard to physical location of the users.
Each VLAN functions as a separate LAN and spans one or more switches. This allows host
devices to behave as if they were on the same network segment.
For traffic to move between VLANs, a layer 3 device (router) is required.
VLAN has three major functions:
i. Limits the size of broadcast domains
ii. Improves network performance
ii. Provides a level of security

Field Code Changed

How VLAN works.

Lets use this real world scenario: Think about a small organisation with different offices or
departments, all in one building. Some years later, the organisation has expanded and now
spans across three buildings. The original network is still the same, but offices and
departments computers are spread out across three buildings. The HR offices remain on the
same floor and other departments' are on the other floors and buildings.
However, the network administrator wants to ensure that all the office computers share the
same security features and bandwidth controls. Creating a large LAN and wiring each
department together will constitute a huge task and definitely wont be easy when it comes
to managing the network.
This where VLAN switching comes in, it will be easier to group offices and departments with
the resources they use regardless of their location, and certainly easier to manage their
specific security and bandwidth needs.
Opting for a switched VLAN allows the network administrator to create groups of logically
networked devices that act as if they are on their own independent network, even if they
share a common infrastructure with other VLANs. When you configure a VLAN, you can
name it to describe the primary role of the users for that VLAN.
Study the figure below for more detail:

Books on Cisco Networking, Certification and Exam Resources

In summary:

i. VLAN is an independent LAN network.

ii. VLAN allows the student and Faculty Computers to be separated

although the share the same infrastructure.
iii. For easy identification, VLANs can be named.

a.
b.
c.

VLAN = all PCs are assigned with a subnet address defined for
VLAN 10
Configure the VLAN , assign ports to the VLAN
Assign an IP subnet address on the PCs.
Advantages of VLAN:

Security Security of sensitive data are separated from the rest of

the network, decreasing the chances of confidential information

breaches.

Division of Layer 2 networks into multiple logical

workgroups (broadcast domains) reduces unnecessary traffic on the
network and boosts performance.
Higher performance

Cost savings result from less need for expensive

network upgrades and more on this network.
Cost reduction -

- See more at: http://orbit-computer-solutions.com/VLAN-and-Trunking.php#sthash.jnFrSN0S.dpuf

Network Access Attacks.

Technology is forever evolving, so is hacking! It might come as a surprise to many that, as
one wakes up in the morning and prepares for work, gets to the office and spends nine to

Field Code Changed

twelve hour working; the same way a professional hacker spends all day modifying hacking
techniques and looking for networks to exploit!
Firstly, for an attacker to gain access to a system network, the intruder has to find out the
vulnerabilities or weaknesses in the network authentication, FTP and web services. Finding
and exploiting these vulnerabilities will enable the attacker to gain access to web account
and other confidential or sensitive information.
Types of access attacks
1. Password attack
2. Trust Exploitation
3. Port Redirection
4. Man-in-the middle attack

Password Attacks

A Network attacker uses packet sniffer tools to obtain user accounts and passwords
information. Normally we log in and out of a system using authentication passwords to
shared resources in a router or server, an attacker also repeatedly attempts to log in to a
shared resource or to gain unauthorised access to an organisations network; this can also
be referred to as dictionary or brute force attacks. To carry out this type of attacks, the
intruder can use tools like the L0phtCrackor Cain.
These software or programs repeatedly attempt to log in as a user using words derived from
a dictionary. Most dictionary attacks often succeed because network users often choose
simple and short passwords, single words that are easy to predict.
Another password attack method uses what is called rainbow tables. A rainbow table is
precompiled series of passwords, which is constructed by building chains of possible plain
text passwords. Each chain is developed by starting with a randomly selected "guess" of the
plain text password then sequentially applies variations on it. The attack software will apply
the passwords in the rainbow table until it at a possible password. To conduct a rainbow
table attack, attackers can use a tool such as L0phtCrack.
A brute-force attack tool is more sophisticated because it searches in detail using
combinations of character sets to work out every possible password made up of those
characters. The only disadvantage is that it takes much time to complete this type of attack.
Brute-force attack tools have been known to solve simple passwords in less than a minute.
Longer, more complex passwords may take days or weeks to resolve.
- See more at: http://orbit-computer-solutions.com/Network-AccessAttacks.php#sthash.kefqieP9.dpuf

Computer Software.
In

the last tutorial, we looked at components that made up computer

hardware. In the following pages we will look at the invisible part of the
computer called the software, which includes programs and applications.
Software
Software is a program that runs on your system. This includes computer operating systems
and other computer programs.
Software is written in a computer language by computer programmers e.g. java, html, php
etc. The computer language is in a text format and can be read by a person who had some
basic programming knowledge.
After a program is written, it will undergo what is called compiling by the programmers.
Compiling is the process of changing the textual written language into a binary language,
which can be understood by the computer. Most programmes, operating systems and
applications that run on the computer are created this way.

What is an Operating System (OS)

What makes a computer a computer is the Operating System. The OS is the core software
component of your computer. It is what brings your computer to life and useful to you.
Computers will be useless without one.
The basic functions of the operating system (OS) is, it communicates or provides a method
for other programs or software to communicate with the hardware of your computer. It also
enables you to add, remove and delete any programme, application or data you installed on
your computer.
To crown it all the OS provides a bridge between you and the world.

Types Operating System

There are many types of operating systems. Most of the widely used programs of today are
from Microsoft. Microsoft operating systems help to revolutionize the way computers work in
todays world. Below are list of Operating systems, from the oldest to the most recent:
Windows 3.x , Windows 95, Windows NT, Windows 98, Windows M, Windows 2000

Windows XP, Windows Vista, windows 7, Windows 8.

Other Known and not so popular Operating Systems are:
Linux
Linux is an operating system created by Linus Torvalds, a student at the University of
Helsinki. Generally, Linux is needs to be explained further, not as easy as Microsoft OS.
Linux is not a program like a word processor and is not a set of programs like an office
suite.
Unix
Another operating system like Linux It could be called an operating system because it
contains a suit of programs, which make the computer work. The workstations and multiuser servers use UNIX.
Mac
Apple Macintosh - Most recent versions are based on Unix but it has a good graphical
interface so it is both stable and easy to learn. One drawback to this system is that it can
only be run on Apple produced hardware. One of the good thing about Mac is it doesnt
crash often or have as many software problems as other systems may have.
- See more at: http://orbit-computer-solutions.com/Computer-Software.php#sthash.r6QcQv0r.dpuf

Intermediary Devices
and their Role on the
Network.
For communication to run smoothly across the network there are devices that place
intermediary roles in networking. These intermediary devices provide connectivity and work
behind the scenes to ensure that data flows across the network.
These devices connect the individual hosts (end devices) to the network and can connect
multiple individual networks to form an internetwork.
Examples of intermediary network devices are:

Field Code Changed

Routers.
Switches.
Hubs.
Wireless access points.
Servers and Modems.
Security Devices such as firewalls.
These intermediary devices use what is called IP address, in conjunction with information
about the network interconnections, to determine best path that messages take through the
network.

- See more at: http://orbit-computer-solutions.com/Intermediary-Devices-and-their-Role-on-theNetwork.php#sthash.9UvW1Tsv.dpuf

Subnetting Class B Addresses.

Subnetting Class B network is much more similar to subnetting Class C, the only difference
is that when subnetting class B, you will be working on the third octect; while Class C, you
will work on the fouth octect.
Look at this:

To enable you subnet Class B, use the same subnet numbers for the third octect just as in
Class C. All you need to do is just to add zero (0) to the network portion and a 255 to the
broadcast section in the fourth octect. Remember we have more possible subnet mask in
Class Bthan Class C.
I will bring in the cram table once more, only this time we are applying it on the THIRD
octect;
Class B cram table:
Class B network address has 16 bits available for host addressing (14 bits for subnetting, 2
bits for host addressing).

Example 1
Lets look at some examples, using the table above, remember we are working on the
THIRD octect of Class B. Given network address:172.16.0.0 /20
From the above network IP address, the mask will be 255.255.240.0 which means we are
using the bit value or block size of 16.
We are going to subnet it to three different networks with equal host IP addresses;
remember we are working on the THIRD octect with the block size of 16.
Network A
Network address: 172.16.16.0
First Host address: 172.16.16.1
Last host address: 172.16.31.254
Broadcast address: 172.16.31.255
What we did above is to add the bit value or size (16+16=32) to obtain the next network
address which is 172.16.32.0
Network B
Network address: 172.16.32.0
First Host address: 172.16.32.1
Last host address: 172.16.47.254
Broadcast address: 172.16.47.255
We carried out the same addition here to get the next network address (32+16=48)
Network C
Network address : 172.16.48.0
First Host address : 172.16.48.1
Last host address: 172.16.63.254
Broadcast address: 172.16.63.255
Same addition before for the next network.

For the WAN (serial links) We need only 4 bits value or block size here due to the number of
network and hosts involved so as not to waste much address space. looking at the cram
table, 4 bit value gives us /30 which results to mask 255.255.252.0 (just like Class C) so
we continue from the next network which is (48+16=64)
WAN 1
Connection from Router A to Router B
Network address: 172.16.64.0
Network A to B address: 172.16.64.1 255.255.252.0
Network B to A address: 172.16.64.2 255.255.252.0
Next network will also have 4 bits value added to the last network; (64+4=68)
Same four bit value is used. The next network is:
WAN 2
Connections from Router A to Router C
Network address: 172.16.68.0
Network A to C address: 172.16.68.1 255.255.252.0
Network C to A address: 172.16.68.2 255.255.252.0
There are different ways to subnet; you have to device a way to make it simple for yourself!
I think by using the cram table saves you a lot of time from all the equation of all sort. Lets
apply it to a topology:

Router A:
RA(config)#interface fa0/0
RA(config-if)#ip address 172.16.16.1 255.255.240.0
RA(config-if)#no shutdown
RA(config-if)#exit
RA(config)#interface se0/0/0
RA(config-if)#ip address 172.16.64.1 255.255.252.0
RA(config-if)#no shutdown
RA(config-if)#exit
RA(config)#interface se0/0/1
RA(config-if)#ip address 172.16.68.1 255.255.252.0
RA(config-if)#no shutdown
RA(config-if)#exit

Router B
RB#config t

RB(config)#interface fa0/0
RB(config-if)#ip address 172.16.32.1 255.255.240.0
RB(config-if)#no shutdown
RB(config-if)#exit
RB(config)#interface se0/0/0
RB(config-if)#ip address 172.16.64.2 255.255.252.0
RB(config-if)#no shutdown
RB(config-if)#exit
Router C
RC#config t
RC(config)#interface fa0/0
RC(config-if)#ip address 172.16.48.1 255.255.240.0
RC(config-if)#no shutdown
RC(config-if)#exit
RC(config)#interface se0/0/0
RC(config-if)#ip address 172.16.68.2 255.255.252.0
RC(config-if)#no shutdown
RC(config-if)#exit
Ping from Network RA to RB networks will work.
- See more at: http://orbit-computer-solutions.com/Subnetting-Class-BAddresses.php#sthash.u8qpMAji.dpuf

How To Calculate
Subnets Using Binary
Method.
Connectivity between hosts on an IP network is determined by the application of network
and destination address. This is done by the communicating host comparing and applying its
subnet mask to both its IPv4 address and to the destination IPv4 address.
Remember, the subnet mask is a 32 bit value which is used to differentiate between the
network bits and the host bits of the IP address. The subnet mask is made up of a string of
1s followed by a string of 0s.
The 1s indicate the network bits and the 0s specify the host bits within the IP address. The
network bits are matched between the source and destination. If networks are the same,
the packet can then be delivered locally. If they dont match, the packet is sent to the
default gateway.
For example, lets assume PC 1, with the IP address of 192.168.1.40 and subnet mask of
255.255.255.0, needs to send a message to PC 2, with the IP address of 192.168.1.52 and
a subnet mask of 255.255.255.0. In this case, both hosts have a same default subnet mask
of 255.255.255.0. Both hosts have the same network bits of 192.168.1, and therefore are
on the same network.

PC 1 sends a message to PC 2. The switch checks to see if PC 2 is on the same network as

PC 1. The network is determined by comparing the IP address to the Subnet Mask. Lets
look at The IP Address, Subnet Mask, and Network Address for each configuration in binary
equivalent below:

PC 1 Configuration
IP Address -192.168.1.40, 11000000.10101000.00000001.00101000
Subnet Mask -255.255.255.0, 11111111.11111111.11111111.00000000
Network- 192.168.1.0, 11000000.10101000.00000001.00000000
PC 2 Configuration
IP Address -192.168.1.52, 11000000.10101000.000000001.00110100
Subnet Mask -255.255.255.0, 11111111.11111111.11111111.00000000
Network 192.168.1.0, 11000000.10101000.00000001.00000000
The highlighted area above shows that both PC 1 and PC 2 are on the same network:
192.168.1.0.
- See more at: http://orbit-computer-solutions.com/How-To-Calculate-Subnets-Using-BinaryMethod.php#sthash.w1qm8nH5.dpuf

Subnetting IP
Address.
Subnetting allows you to create multiple logical networks that exist within a single Class A,
B, or C network.
There are so many reasons why we subnet:
a. It helps in the preservation of address space in other not to waste addresses.
b. It used for security.
c. It helps to control network traffic due to collisions of packets transmitted by other node
(host) on the same segment.
Subnetting a Network Address
In order to subnet a network address, The subnet mask has to be extended, using some of
the bits from the host ID portion of the address to create a subnetwork ID.

Field Code Changed

For example, given a Class C network of 192.17.5.0 which has a natural mask of
255.255.255.0, you can create subnets in this manner:
192.17.5.0 - 11000000.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000

|sub|
By extending the mask to be 255.255.255.224, you have borrowed three bits (indicated by
"sub") from the original host portion of the address and used them to create subnets. With
these three bits, it is possible to create eight subnets. With the remaining five host ID bits,
each subnet can have up to 32 host, addresses, 30 of which can actually be assigned to a
device on the same segment.
These subnets have been created.

192.17.5.0 255.255.255.224 host address

range 1 to 30
192.17.5.32 255.255.255.224 host address
range 33 to 62
192.17.5.64 255.255.255.224 host address
range 65 to 94
192.17.5.96 255.255.255.224 host address
range 97 to 126
192.17.5.128 255.255.255.224 host address
range 129 to 158
192.17.5.160 255.255.255.224 host address
range 161 to 190
192.17.5.192 255.255.255.224 host address
range 193 to 222
192.17.5.224 255.255.255.224 host address
range 225 to 254

Another example:Given a class C network address of 192.168.1.0, as a network administrator, you need to
utilize this network address across multiple small groups within the organization. You can do
this by subnetting this network with a subnet address.
All you have to do is , try to create 14 subnets of 14 nodes (hosts) each. This will limit us to
196 nodes (hosts) on the network instead of 254 we would have without subnetting. To
accomplished this we begin with the default network mask for class C
255.255.255.0 (11111111.11111111.11111111.00000000) binary
255.255.255.240 (11111111.11111111.11111111.11110000) binary
Remember the cram table:-

11111111
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)
Look at this because you will always come across it during subnetting
128+64 =192
128+64+32 =224
128+64+32+16=240
128+64+32+16+8=248
128+64+32+16+8+4=252 an so on!
So to give us 16 possible network numbers, 2 of which cannot be used:192.168.1.0 (Reserved)
Network address hosts address, broadcast address
192.168.1.16 192.168.1.17 30 192.168.1.31
192.168.1.32 192.168.1.33 - 46 192.168.1.47

192.168.1.48 192.168.1.49 62 192.168.1.63

192.168.1.64 192.168.1.65 78 192.168.179
192.168.1.80 (keep adding 16 till you get to 224)
That will give you up to 14 networks shared among 14 hosts (nodes).
- See more at: http://orbit-computer-solutions.com/Subnetting-IPaddresses.php#sthash.BdEz4TRc.dpuf

Public and Private IP

Addresses.
There are ranges of IPv4 Addresses that are designated for Public and Private uses.

Private Addresses
Private IP addresses that are designated for networks that have limited or no access to the
Internet. Hosts or packets using these addresses as a source and destination are not to
appear on the public Internet.
These private address blocks are:
10.0.0.0 10.255.255.255 (10.0.0.0 /8)
10.0.1.0 172.16.0.0 to 172.16.255.255 (172.16.0.0 /12)
10.0.2.0 192.168.0.0 to 192.168.255.255 (192.168.0.0 /16)

Public Addresses
Most of the addresses in the IPv4 host range are public addresses. These addresses are
designed for used by hosts that are publicly accessible from the Internet. Even within these
address blocks, there are many addresses that are designated for other special purposes.
- See more at: http://orbit-computer-solutions.com/Public-and-PrivateAddresses.php#sthash.7lOvk2px.dpuf

Reserved IPv4 Addresses.

Major block of addresses are reserved for special purposes is the IPv4 experimental or
research address range 240.0.0.0 to 255.255.255.254. Currently, these addresses are listed
as reserved for future use (RFC 3330).
Reserved IPv4 Address Range
Types of Addresses Usage
Address Range
Host Address
Used for IPv4 hosts 0.0.0.0 to
223.255.255.255
Multicast Addresses Used for multicast
224.0.0.0. to
groups on a local
239.255.255.255
network
Experimental or
Used for research or 240.0.0.0 to
Research Addresses experimental
255.255.255.254
purposes. They can
not be used for
hosts in IPv4
networks

RFC
790
1700

1700
3330

Special IPv4 Addresses

During assignment of IP addresses to host on a network, there are certain addresses that
cannot be assigned to hosts; they are the Network Address and Broadcast Address.
Network and Broadcast Addresses
When assigning an address to a host, the first and last addresses are not to be assigned.
The first address is the Network Address and last is reserved as the Broadcast Address.
e.g.
Given the Network 192.168.1.0 /24
192.168.1.0 (Network)
192.168.1.1 (default gateway)
192.168.1.255 (Broadcast)
So, 192.168.1.2 254 (hosts)
Broadcast:
http://www.ietf.org/rfc/rfc0919.txt?number=919

Default Route

The default route is used as all-purpose address in a network when a more specific route is
available for packet routing.
e.g. 0.0.0.0 /8

Loopback
The loopback is a special address that all host in a network use to direct traffic to
themselves. TCP/IP applications and services that operate in a device use this as a shortcut
for communicating with one other. You can also ping the loopback address to test the
configuration of TCP/IP on the local host.
Loopback address: 127.0.0.1

Link-Local Addresses
IPv4 addresses in the address block 169.254.0.0 to 169.254.255.255 (169.254.0.0 /16) are
designated as link-local addresses. These addresses can be automatically assigned to the
local host by the operating system in environments where no IP configuration is available.
Only devices in the same network can use these address range.

TEST-NET Addresses.
The addresses 192.0.2.0 to 192.0.2.255 (192.0.2.0 /24) is set aside for teaching and
learning purposes. These addresses can be used in documentation and network examples.
Unlike the experimental addresses, network devices used in teaching and learning will
accept these addresses in their configurations. You may often find these addresses used
with the domain names example.com or example.net in RFCs, vendor, and protocol
documentation.
- See more at: http://orbit-computer-solutions.com/Reserved-IPAddresses.php#sthash.H2QQWBP0.dpuf

CIDR (Classless
InterDomain Routing).
CIDR (Classless Inter-Domain Routing) was introduced in 1993 (RCF 1517) replacing the
previous generation of IP address syntax - classful networks. CIDR allowed for more
efficient use of IPv4 address space and prefix aggregation, known as route summarization
or supernetting.
CIDR introduction allowed for:

More efficient use of IPv4 address space

Prefix aggregation, which reduced the size of routing tables

CIDR allows routers to group routes together to reduce the bulk of routing information
carried by the core routers. With CIDR, several IP networks appear to networks outside the
group as a single, larger entity. With CIDR, IP addresses and their subnet masks are written
as four octets, separated by periods, followed by a forward slash and a two-digit number
that represents the subnet mask e.g.
10.1.1.0/30
172.16.1.16/28
192.168.1.32/27 etc.
CIDR / VLSM Network addressing topology example

CIDR uses VLSM (Variable Lenght Subnet Masks) to allocate IP addresses to subnetworks
according to need rather than class. VLSM allows for subnets to be further divided or
subnetted into even smaller subnets. Simply, VLSM is just subnetting a subnet.
With CIDR, address classes (Class A, B, and C) became meaningless. The network address
was no longer determined by the value of the first octet, but assigned prefix length (subnet
mask) address space. The number of hosts on a network, could now be assigned a specific
prefix depending upon the number of hosts needed for that network.

Propagating CIDR supernets or VLSM subnets require a classless Routing Protocols . A

classless routing protocol includes the subnet mask along with the network address in the
routing update.
Books on IP Addressing and Exam Resources.

Summary routes determination

Determining the summary route and subnet mask for a group of networks can be done in
three easy steps:
1. To list the networks in binary format.
2. To count the number of left-most matching bits. This will give you the prefix length or
subnet mask for the summarized route.
3. To copy the matching bits and then add zero bits to the rest of the address to determine
the summarized network address.
The summarized network address and subnet mask can now be used as the summary route
for this group of networks. Summary routes can be used by both static routes and classless
routing protocols. Classful routing protocols can only summarize routes to the default
classful mask.

ISPs could now more efficiently allocate address space using any prefix length, ISPs were no
longer limited to a- 255.0.0.0 or /8, 255.255.0.0 or /16, or 255.255.255.0 or /24 subnet
mask which before the advent of CIDR is known as classful network addresses. Blocks of IP
addresses could be assigned to a network based on the requirements of the customer,
ranging from a few hosts to hundreds or thousands of hosts.

CIDR Advantages
With the introduction of CIDR and VLSM, ISPs could now assign one part of a classful
network to one customer and different part to another customer. With the introduction of
VLSM and CIDR, network administrators had to use additional subnetting skills.
The table below shows allowed subnet and Hosts IP address for all The Classes
Class A

No. of bits

Subnet Mask

255.192.0.0

CIDR No. of Subnets

/10

No. of Hosts

Nets * Hosts

4194302

8388604

255.224.0.0

255.240.0.0

/11

2097150

12582900

/12

14

1048574

14680036

255.248.0.0

/13

30

524286

15728580

255.252.0.0

/14

62

262142

16252804

255.254.0.0

/15

126

131070

16514820

255.255.0.0

/16

254

65534

16645636

255.255.128.0

/17

510

32766

16710660

10

255.255.192.0

/18

1022

16382

16742404

11

255.255.224.0

/19

2046

8190

16756740

12

255.255.240.0

/20

4094

4094

16760836

13

255.255.248.0

/21

8190

2046

16756740

14

255.255.252.0

/22

16382

1022

16742404

15

255.255.254.0

/23

32766

510

16710660

16

255.255.255.0

/24

65534

254

16645636

17

255.255.255.128

/25

131070

126

16514820

18

255.255.255.192

/26

262142

62

16252804

19

255.255.255.224

/27

524286

30

15728580

20

255.255.255.240

/28

1048574

14

14680036

21

255.255.255.248

/29

2097150

12582900

22

255.255.255.252

/30

4194302

8388604

Class B
No. of bits

Subnet Mask

CIDR No. of Subnets No. of Hosts Nets * Hosts

255.255.192.0

/18

16382

32764

255.255.224.0

/19

8190

49140

255.255.240.0

/20

14

4094

57316

255.255.248.0

/21

30

2046

61380

255.255.252.0

/22

62

1022

63364

255.255.254.0

/23

126

510

64260

255.255.255.0

/24

254

254

64516

255.255.255.128

/25

510

126

64260

10

255.255.255.192

/26

1022

62

63364

11

255.255.255.224

/27

2046

30

61380

12

255.255.255.240

/28

4094

14

57316

13

255.255.255.248

/29

8190

49140

14

255.255.255.252

/30

16382

32764

Class C
No. of bits

Subnet Mask

255.255.255.192

CIDR #No. of Subnets No.of Hosts Nets * Hosts

/26

255.255.255.224

255.255.255.240

5
6

62

124

/27

30

180

/28

14

14

196

255.255.255.248

/29

30

180

255.255.255.252

/30

62

124

- See more at: http://orbit-computer-solutions.com/CIDR.php#sthash.SQTkj1Nr.dpuf

IP Addressing. (IPv4)
An IP address is a unique number / address used to identify a device on a network. An IP
address is made up of 32 binary bits, which is divided into a Network portion and Host
portion with the help of a Subnet Mask.
The 32 binary bits are broken into four octets (1 octet = 8 bits). Each octet is converted to
decimal and separated by a period (dot). For this reason, an IP address is expressed in
dotted decimal format e.g. 192.168.10.12.
The value in each octet ranges from 0 to 255 decimal, or 00000000 - 11111111 binary.
Below is how binary octets are converted to decimal: The right most bit, or least significant
bit, of an octet holds a value of 20. The bit just to the left of that holds a value of 21. This
continues until the left-most bit, or most significant bit, which holds a value of 27. So if all
binary bits are a one, the decimal equivalent would be 255 as shown here:
11111111
128 64 32 16 8 4 2 1 = (128+64+32+16+8+4+2+1=255)
And this sample below shows an IP address represented in binary and decimal.
192. 168. 4. 10 (decimal)
11000000.10101000.00000100.00001010 (binary).
- See more at: http://orbit-computer-solutions.com/IP-Addressing.php#sthash.uKsDH3Ft.dpuf

Field Code Changed

DHCP.
Dynamic Host Configuration Protocol works in a client/server mode. DHCP enables clients on
an IP network to obtain or lease IP address or configuration from a DHCP server. This
reduces workload when managing a large network. DHCP protocol is described in the RFC
2131.
Most modern operating system includes DHCP in their primary settings, these includes
windows OS, Novell NetWare, Sun Solaris, Linux and Mac OS. The clients requests for
addressing configuration from a DHCP network server, the network server manages the
assignment of IP addresses and must be obliged to answer to any IP configuration requests
from clients.
However, network routers, switches and servers need to have a static IP addresses, DHCP is
not intended for the configuration of these types of hosts. Cisco routers use a Cisco IOS
features known as Cisco Easy IP Lease. This offers an optional but full-featured DHCP
server. Easy IP leases address for 24hrs by default, it is most useful in homes and small
offices where users can take the advantages of DHCP and NAT without having an NT or
UNIX server
The DHCP sever uses User Datagram Protocol (UTP) as its transport protocol to send
message to the client on port 68, while the client uses port 67 to send messages to the
server.

DHCP severs can offer other information, this include, DNS server addresses, WINS server
addresses and domain names. In most DHCP servers, administrators are allowed to define
clients MAC addresses, which the server automatically assigns same IP, address each time.
Most administrators prefer to work with Network server that offers DHCP services. These
types of network are scalable and easy to manage.
- See more at: http://orbit-computer-solutions.com/DHCP.php#sthash.o4LwjwIh.dpuf

Network Security.
Why is Network Security
Important?
Wherever there is a network, wired or wireless; there are threats. Some people are easily
put off setting up a home or office network with the fear that any thing stored in their hard
drive could be accessed by neighbours or hackers. The types of potential threats to network

security are always evolving, and constant computer network system monitoring and
security should be an ultimate priority for any network administrator.
If the security of the network is compromised, there could be serious consequences, such as
loss of privacy, and theft of information.

When it comes to network security, the main concern is making sure that any wireless
connections are protected against unauthorised access.

Most business transactions are done over the Internet, In addition, the rise of mobile
commerce and wireless networks demands that security solutions become flawlessly
integrated, more transparent, and more flexible.
Network attack tools and methods have evolved. Back in the days when a hacker had to
have sophisticated computer, programming, and networking knowledge to make use of
rudimentary tools and basic attacks.
Nowadays, network hackers, methods and tools has improved tremendously, hackers no
longer required the same level of sophisticated knowledge, people who previously would not
have participated in computer crime are now able to do so.

Types of Network Threats and

Attacks
As the types of threats, attacks, and exploits grows, various terms have been used to
describe the individuals involved. Some of the most common terms are as follows:
i. White hat- These are network attackers who looks for vulnerabilities in systems or
networks and then reports these vulnerabilities to the owners of the system so that they
can be fixed. They are ethically opposed to the abuse of computer systems. A white hat
generally focuses on securing IT systems.
ii. Hacker- This is a general term that is used to describe a computer programming expert.
These are normally used in a negative way to describe an individual that attempts to gain
unauthorized access to network resources with malicious intent.

iii. Black hat or Cracker- The opposite of White Hat, this term is used to describe those
individuals who use their knowledge of computer systems and programming skills to break
into systems or networks that they are not authorized to use, this of course is done usually
for personal or financial gain.
iv. Phreaker- This terms is often used to describe an individual who manipulates the phone
network in a bid to perform a function that is not allowed. The phreaker breaks into the
phone network, usually through a payphone, to make free or illegal long distance calls.
v. Spammer- This is often used to describe the persons who sends large quantities of
unsolicited e-mail messages. Spammers often use viruses to take control of home
computers and use them to send out their bulk messages.
vi. Phisher- Uses e-mail or other means to trick others into providing sensitive information,
such as credit card numbers or passwords. A phisher masquerades as a trusted party that
would have a legitimate need for the
- See more at: http://orbit-computer-solutions.com/Network-Security.php#sthash.QPtVCwt1.dpuf

Network Monitoring.
Monitoring the network can be a tedious task, especially when its a large one. As a network
administrator, its you duty to ensure that your computer network systems are running
smoothly and that no outages occurs on your watch. Keeping a constant eye on your
network helps to increase the network efficiency; especially by knowing bandwidth and
resources consumption.
There are different tools out there to help a network administrator in monitoring a network
system for slow or failing components. Most of these tools helps to monitor, and notifies the
network administrator of slow, failing components, resources consumption and sends
notifications to the network administrator through email, SMS or alarms)
Cisco being the world leader in network administration and protection has several types of
network admin tools including routers, switches, firewalls, wireless Access Points,
VPNConcentrators etc etc.

Resources to monitor.
There are different resources including hardware to monitor on your network. These
resources and tools used for network usage, speed and availability should be constantly
monitored for effective performances.
Network usage monitoring: This helps the network administrator to accurately access and
monitor CPU and servers load and usage.
Network speed Monitoring: this especially deals with monitoring the bandwidth usage
and speed. High Bandwidth usage and load speed can prevents your companys websites

Field Code Changed

and network services can be frustrating to your website visitors or users slow-loading
pages, downloading of files or images.
Monitoring Network availability: The companies websites, mail servers, lease lines are
network resources that are mostly accessed by both internal and external parties for
services, these resources should be constantly monitored for for availability.
Monitoring Network Security systems: The security of your network should be your
ultimate concern, network monitoring tools should include a traffic monitor that allows you
to view everything on your network. Your network users and IP addresses that access your
network are to be monitored to make sure there are no unauthorized access to files and
private company information.
- See more at: http://orbit-computer-solutions.com/Network-Monitoring.php#sthash.wiFFpmRc.dpuf

Switches.
Network Switch
A Network switch is a device that filters, forwards, or floods frames based on the destination
address of each frame .
Switches perform their routing functions at the layers 2 model of the OSI. Some switches
process data at the Network Layer (layer 3), This types of switches are referred to as layer
3 switches or multilayer switches. Switches form an integral parts in networking LAN or
WANs . Small office, Home office ( SOHO) applications normally, use a single or an all
purpose switches .

The network switch is a very adaptable Layer 2 device; it replaces the hub as the central
point of connection for multiple hosts.
In a more complex role, a switch may be connected to one or more other switches to
create, manage, and maintain redundant links and VLAN connectivity. A switch processes all
types of traffic in the same way, regardless of how it is used.
Switches moves traffic base on MAC addresses. Each switch maintains a MAC address table
in high-speed memory, called content addressable memory (CAM). The switch recreates this
table every time it is activated, using both the source MAC addresses of incoming frames
and the port number through which the frame entered the switch.
As mentioned earlier, switches operates at the data-link layer of the OSI model, switch
function is to create a different collision domain per switch port. Let take an example of Four
computers PC 1, PC 2, PC 3, PC 4 attached to switch ports, then PC 1 and PC 2 can

Field Code Changed

transfer data between them so as PC 3 and PC 4, simultaneously without interfering with

each other's conversations.
Unlike the hub, which allows the sharing of bandwidth by all port, run in half-duplex and is
prone to collisions of frames and retransmissions.
With some ISPs and other networking environments where there is a need for much
analysis of network performance and security, switches may be connected between WAN
routers as places for analytic modules. Some switches provide in built firewall, network
intrusion detection and performance analysis modules that can plug into switch ports.

Recommended reading:
Cisco CCNA Books
Functions of Switches
CCNA - Past question & Answers with Explanation

- See more at: http://orbit-computer-solutions.com/Switches.php#sthash.BZIt1Ivx.dpuf

Difference between
Hubs, Switches,
Routers, and Access
Points.
Hubs, Switches, Routers, and Access Points are all used to connect computers together on a
network, but each of them has different capabilities.
Hubs
Hubs are used to connect computers on a network so as to communicate with each other.
Each computer plugs into the hub with a cable, and information sent from one computer to
another passes through the hub.

Field Code Changed

A hub can't identify the source or destination of the information it receives, so it

sends the information to all of the computers connected to it, including the one that
sent it. A hub can send or receive information, but it can't do both at the same
time.

Switches
Switches functions the same way as hubs, but they can identify the intended destination of
the information that they receive, so they send that information to only the computers that
its intended for.
Switches can send and receive information at the same time, and faster than hubs can.
Switches are best recommended on a home or office network where you have more
computers and want to use the network for activities that require passing a lot of
information between computers.
Functions of a Switch

Routers
Routers are better known as intermediary devices that enable computers and other network
components to communicate or pass information between two networks e.g. between your
home network and the Internet. The most astounding thing about routers is their capability
to direct network traffic. Routers can be wired (using cables) or wireless. Routers also
typically provide built-in security, such as a firewall.

Access points
Access points provide wireless access to a wired Ethernet network. An access point plugs
into a hub, switch, or wired router and sends out wireless signals. This enables computers
and devices to connect to a wired network wirelessly. You can move from one location to
another and continue to have wireless access to a network. When you connect to the
Internet wirelessly using a public wireless network in an airport, hotel or in public, you are
usually connecting through an access point. Some routers are equipped with a wireless
access point capability, in this case you dont need a wireless access Point.
- See more at: http://orbit-computer-solutions.com/Difference-between-Hubs%2C-Switches%2CRouters%2C-and-Access-Points.php#sthash.5b0gqlXc.dpuf

VLSM Example #2.

Field Code Changed

We use the network topology below as example:

The figure above shows 5 different subnets, each with different host requirements. The
given IP address from our ISP is192.168.1.0/24.
The host requirements are:
Network A - 14 hosts
Network B - 28 hosts
Network C - 2 hosts
Network D - 7 hosts
Network E - 28 hosts
As recommended, we begin the process by subnetting for the largest host requirement first.
As it seems, the largest requirements are for NetworkB and NetworkE, each with 28
hosts.
Dont forget the cram table!

Lets apply the formula: usable hosts = 2^n - 2. For networks B and E, 5 bits are borrowed
from the host portion and the calculation is 2^5 = 32 - 2. Only 30 usable host addresses
are available in this case due to the 2 reserved addresses. Borrowing 5 bits meets the
requirement but leaves little room for future growth.
So we revert to borrowing 3 bits for subnets leaving 5 bits for the hosts. This allows 8
subnets with 30 hosts each.
We have created and will allocate addresses for networks B and E first:
Network B will use Subnet 0: 192.168.1.0/27
Host address range 1 to 30 (192.168.1.1 192.168.1.30)
192.168.1.31 (broadcast address)
Network E will use Subnet 1: 192.168.1.32/27
Host address range 33 to 62 (192.168.1.33 192.168.1.62)
192.168.1.63 (broadcast address)
The next largest host requirement is NetworkA, followed by NetworkD.
We will borrowing another bit and subnetting the network address 192.168.1.64 will give us
the following a host range of:
Network A will use Subnet 0: 192.168.1.64/28
Host address range 65 to 78 (192.168.1.65 192.168.1.78)
192.168.1.79 (broadcast address)
Network D will use Subnet 1: 192.168.1.80/28
Host address range 81 to 94 (192.168.1.81 192.168.1.94)
192.168.1.95 (broadcast address)
This allocation supports 14 hosts on each subnet and satisfies the requirement.

*In Network C, there are only two hosts. In this case we borrow two bits to meet this
requirement.
Beginning from 192.168.1.96 and borrowing 2 more bits results in subnet 192.168.1.96/30.
Network C will use Subnet 1: 192.168.1.96/30
Host address range 97 to 98 (192..168.1.97 192.168.1.98)
192.168.1.99 (broadcast address)
From the above illustration, we have met all requirements without wasting many possible
subnets and available addresses.
In this case, bits were borrowed from addresses that had already been subnetted. As you
will recall from a previous section, this method is known as Variable Length Subnet Masking,
or VLSM.
*use illustration to create networks for the WAN on the network..
- See more at: http://orbit-computer-solutions.com/VLSM-Example.php#sthash.zjUuYvXd.dpuf

Types of Addresses in
IPv4.
Within the IPv4 address range , there are three types of addresses:
Network Address - The address by which we refer to the network.
Broadcast Address - A special address used to send data to all hosts in the network.
Host Address - The addresses assigned to the end devices in the network.
Network Address
The network address is a standard way to refer to an IPv4 address assigned to a network.
For example, we could refer to the network 192.168.1.0 or 172.16.0.0 as a Network
Address. This is a much more convenient and descriptive way to refer to the network than
using a term like "the first network." All hosts in the 172.16.0.0 network will have the same
network bits.
when assigning IPv4 address to a host , the lowest address is reserved as the network
address. This address has a 0 for each host bit in the host portion of the address, e.g

192.168.1.0 /24,
172.16.0.0 /16

Broadcast Address
The IPv4 broadcast address is a special address for each network that allows communication
to all the hosts in that network. To send data to all hosts in a network, a host can send a
single packet that is addressed to the broadcast address of the network.
The broadcast address uses the highest address in the network range. This is the address in
which the bits in the host portion are all 1s. For the network 192.168.1.0 with 8 network
bits, the broadcast address would be 192.168.0.255. This address is also referred to as the
directed broadcast.
192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)

Host Addresses
As described previously, every end device requires a unique address to recieve and send
packets. In IPv4 addresses, we assign the values between the network address and the
broadcast address to the devices in that network e.g. hosts includes the end devices such as
PCs, IP phones, printers etc.
e.g 192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)
192.168.1.2 - 254 (Host Addresses)

- See more at: http://orbit-computer-solutions.com/Types-of-IPaddresses.php#sthash.C0sKoHNH.dpuf

Spanning Tree
Protocol (STP).
STP is used by switches to prevent loops occurring on a network, this process is
implemented by using spanning tree algorithm in disabling unwanted links and blocking
ports that could cause loop.

Loops and duplicate frames can have severe consequences on a network. Most LANs are
designed to provide redundancy so that if a particular link fails another one can take over
the forwarding of frame across the LAN.
Basically, each switch port on a network detects the MAC address of a host or PC A, it then
sends messages to other switches on the network to inform them of its knowledge on how
to get to PC A. The problem starts when another switch discovers the same host or PC As
MAC address, In time every switch on the network will start flooding messages on the
network of their discovery and how to get to the same PC A and a loop has formed.
STP Standards / Types
STP ensures that there is only one logical path between all destinations on the network by
intentionally blocking redundant paths that could cause a loop.
When a switch port detects a loop in the network, it blocks (A port is considered blocked
when network traffic is prevented from entering or leaving that port) one or more redundant
paths to prevent a loop forming.
To stop a loop from forming, STP chooses one switch to be Root Bridge on the network.
Then other switches selects one of its ports as Root Port then, a designated port is
chosen on each segment and all other ports are closed down.
STP outline of Process

Cisco switches runs STP by default, no configuration needed.

STP continually monitors the network for failures, be it switchports or changes in the
network topology. STP acts quickly in making redundant ports available if there is a failure
on a link.

Video: How STP Works

Summary:
Spanning Tree Protocol
* Used by switches to turn a redundant topology into a spanning tree.
* Disables unwanted links by blocking ports
* Is defined by IEEE 802.1d
* Switches run STP by default - configuration needed.
* Choose one switch to be Root Bridge
* Choose a Root Port on each other switch
* Choose a Designated Port on each segment
* Intentionally closes down all other ports
- See more at: http://orbit-computer-solutions.com/Spanning-Tree-Protocol--STP.php#sthash.gqiVpe9k.dpuf

How the Root Bridge and Ports

are chosen.
The Root Bridge
In STP configured switched LAN or broadcast domain, a switch is designated as the root
bridge. The root bridge serves as an administrative point for all spanning-tree calculations
to determine which redundant links to block. An election process determines which switch
becomes the root bridge.
Each switch has a Bridge ID (BID) that is made up of a priority value, an extended system
ID, and the MAC address of the switch.
All switches in the network take part in the election process. After a switch boots up, it
sends out BPDU frames containing the switch BID and the root ID every 2 seconds. By
default, the root ID matches the local BID for all switches on the network. The root ID
identifies the root bridge on the network. Initially, each switch identifies itself as the root
bridge after bootup.

Lets look at it this way, when switches A, B, C and D are on the same network or broadcast
domain boots up, the switches will forward their Bridge Protocol Data Unit (BPDU) frames to
neighbouring switches. All switches in the network or broadcast domain will read the root ID
information from the BPDU frame of all their neighbours.
After reviewing the entire root IDs from the BPDU received from each switch, the switch
with the lowest BID ends up being identified as the Root Bridge for the spanning tree
process. It may not be an adjacent switch, but any other switch in the broadcast domain.

Study the figure below and see if you can Identify the switch with the lowest priority.

Root Ports - Switch ports closest to the root bridge with the lowest cost path.
Designated Ports - All non-root ports that are still permitted to forward traffic on the
network.
Non-designated ports - All ports configured to be in a blocking state to prevent loops.

Summary.
* Each switch has a bridge ID (BID) of priority value followed by MAC address
* Switches exchange Bridge Protocol Data Unit (BDPU) to compare bridge IDs
* The switch with the lowest bridge ID becomes the root bridge.
* Eventually, all switches agree that the switch with the lowest BID is the root bridge.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Understanding-How-the-Root-Bridgeand-Ports-are-chosen.php#sthash.rLv7zrTf.dpuf

Spanning Tree
Protocol Standards
/Types.
Types of STP
Like many networking standards, there are many types or variants of STP. These include:
i. PVST+
ii. RSTP
iii. Rapid-PVST+
iv MSTP
These are public or industrial specification created by the IEEE. Some of these STP types are
Cisco proprietary and others are IEEE standards.
You will learn more details on some of these STP variants, but to get started you need to
have a general knowledge of what the key STP variants are. Below, is a brief description of
the key Cisco and IEEE STP variants.

Cisco Proprietary
Per-VLAN Spanning Tree Protocol (PVST) - Maintains a spanning-tree instance for each
VLAN configured in the network. It uses the Cisco proprietary ISL trunking protocol that
allows a VLAN trunk to be forwarding for some VLANs while blocking for other VLANs.

Field Code Changed

Because PVST treats each VLAN as a separate network, it can load balance traffic at Layer 2
by forwarding some VLANs on one trunk and other VLANs on another trunk without causing
a loop. For PVST, Cisco developed a number of proprietary extensions to the original IEEE
802.1D STP, such as BackboneFast, UplinkFast, and PortFast.
To learn more about these extensions, visit:
Configuring Spanning Tree PortFast, BPDU Guard, BPDU Filter, UplinkFast,
Per-VLAN Spanning Tree Protocol Plus (PVST+) - Cisco developed PVST+ to provide
support for IEEE 802.1Q trunking. PVST+ provides the same functionality as PVST, including
the Cisco proprietary STP extensions. PVST+ is not supported on non-Cisco devices. PVST+
includes the PortFast enhancement called BPDU guard, and root guard.
To learn more about BPDU guard, visit:
Spanning Tree PortFast BPDU Guard Enhancement
To learn more about root guard, visit:
Spanning Tree Protocol Root Guard Enhancement
Rapid Per-VLAN Spanning Tree Protocol (rapid PVST+) - Based on the IEEE 802.1w
standard and has a faster convergence than STP (standard 802.1D). Rapid PVST+ includes
Cisco-proprietary extensions such as BackboneFast, UplinkFast, and PortFast.

IEEE Standards
Rapid Spanning Tree Protocol (RSTP) - First introduced in 1982 as an evolution of STP
(802.1D standard). It provides faster spanning-tree convergence after a topology change.
RSTP implements the Cisco-proprietary STP extensions, BackboneFast, UplinkFast, and
PortFast, into the public standard. As of 2004, the IEEE has incorporated RSTP into 802.1D,
identifying the specification as IEEE 802.1D-2004. So when you hear STP, think RSTP.
Multiple STP (MSTP) - Enables multiple VLANs to be mapped to the same spanning-tree
instance, reducing the number of instances needed to support a large number of VLANs.
MSTP was inspired by the Cisco-proprietary Multiple Instances STP (MISTP) and is an
evolution of STP and RSTP. It was introduced in IEEE 802.1s as amendment to 802.1Q,
1998 edition. Standard IEEE 802.1Q-2003 now includes MSTP. MSTP provides for multiple
forwarding paths for data traffic and enables load balancing.
- See more at: http://orbit-computer-solutions.com/Spanning-Tree-Protocol-Standards--Types.php#sthash.6ZY6r4Ar.dpuf

Field Code Changed

Virtual Router
Redundancy Protocol
(VRRP)
Unlike HSRP which is Cisco propietary, VRRP is a Redundancy Protocol which operates in a
network with multi-vendor devices.
VRRP offers the same benefits of HSRP, VRRP operates similar to HSRP by electing an active
router called the Master among a group of routers that stores a configured virtual IP and
MAC address.

Similar with HSRP, when there is a failure on the active router interface, VRRP would trigger
the standby router (backup) to then become the Master and subsequently forward the
client's traffic.

VRRP uses multicast (224.0.0.18) for its hello mechanism and elections.

How VRRP Works.

VRRP Router Priority.
An important feature of the VRRP redundancy operation is the VRRP router priority. VRRP
Priority defines the role that each VRRP router plays and what happens if the virtual router
master fails.

If a VRRP active router is configured with the IP address of the virtual router and the IP
address of the physical interface, this router will function as a virtual router master.

You use the vrrp priority command to enable the a VRRP router to functions as a virtual
router as well as a backup should the virtual router master fails. You can configure the

priority of each virtual router backup with a value of 1 through 254 using the vrrp priority
command.

For example, if Router A, the virtual router master in a vrrp group fails, an election process
takes place to determine if virtual router backups B or C should take over. If Routers B and
C are configured with the priorities of 90 and 100, respectively, Router B is elected to
become virtual router master because it has the higher priority.

If Routers B and C are both configured with the priority of 100, the virtual router backup
with the higher IP address is elected to become the virtual router master.

VRRP Preemption.
Unlike in HSRP, VRRP preemption is enabled by default, which enables a higher priority
virtual router backup that becomes accessible to take over from the virtual router backup
that was elected to become virtual router master.

However, pre-emption can be disabled using the no vrrp preempt command. If

preemption is disabled, the virtual router backup that is elected to become virtual router
master remains the master until the original virtual router master recovers and becomes
master again.

VRRP Advertisements.
The virtual router (master) sends VRRP advertisements to other VRRP routers in the same
group. The priority and state of the virtual router master are carried in the advertisements.
The VRRP advertisements are encapsulated in IP packets and sent to the IP Version
multicast address assigned to the VRRP group.
Advertisements are sent every second by default; you can also configure what intervals you
want the adverts sent.

How to configure VRRP on Cisco Router.

We are going to use the topology below for an vrrp configuration example.

we will configure VRRP on R1 and R2 using the virtual IP address 10.1.20.1

and priority command with the value 10 on R1 .

R1(config)# interface Gi0/0

R1(config-if)# ip address 10.1.20.2 255.255.255.0
R1(config-if)# vrrp 10 ip 10.1.20.1
R1(config-if)# vrrp 10 priority 100
R1(config-if)# end

R2

R2(config)# interface Gi0/0

R2(config-if)# ip address 10.1.20.3 255.255.255.0
R2(config-if)# vrrp 10 ip 10.1.20.1
R2(config-if)# end

From the above, we configured VRRP on R1 and R2 using the virtual IP address 10.1.20.1
and priority command with the value 10 on R1 .
You can see that the vrrp group preempt command is not used because preempt is
enabled by default for VRRP.
If you need to turn preempting off for any circumstance, use the command no vrrp group
preempt.
- See more at: http://orbit-computer-solutions.com/Understanding-Virtual-Router-RedundancyProtocol--VRRP-.php#sthash.MpJfmiR1.dpuf

The Host Standby Router Protocol

(HSRP).
The Host Standby Router Protocol (HSRP) is a Cisco proprietary protocol, as detailed in RFC
2281. HSRP provides gateway redundancy by sharing IP and MAC addresses between
redundant gateways. The protocol consists of virtual MAC and IP addresses that are shared
between two or more routers that belong to the same HSRP group.

How HSRP works.

HSRP can be configured on a cisco router as a virtual router to be used in the routing of
packets when the active router interface fails. Basically, what HSRP does is to stand in as a
backup router, standing by for when the active router gateway interface fails.

This "virtual" router is configured with a single IP address (layer 3) and MAC address (layer
2) which is shared among two or more router on a LAN segment.

Field Code Changed

The IP address of the virtual router is configured as the default gateway for the clients on a
specific IP segment. When frames are sent from the clients to the default gateway, the
clients will use ARP to resolve the MAC address that is associated with the IP address of the
default gateway. The ARP then replies with the MAC address of the virtual router. Frames
that are sent to the MAC address of the virtual router can then be physically processed by
any active or standby router that is part of that virtual router group.

HSRP can be classified as a redundancy protocol that provide a mechanism for determining
which router should take the active role in forwarding traffic and determining when that role
must be taken over by a standby router.

HSRP Terms.
Active router: The router that is currently forwarding packets for the virtual router
Standby router: The primary backup router
Standby group: The set of routers participating in HSRP that jointly emulate a virtual
router
The primary function of the HSRP standby router (virtual) is to monitor the functioning
status of the HSRP group and to quickly assume packet-forwarding responsibility if the
active router fails.

These are the steps that take place when a router or Layer-3 device (switch) fails:

1.

The standby router stops receiving hello messages from the forwarding router.

2.

The standby router assumes the role of the forwarding router.

3.
Because the new forwarding router (standby router) assumes both the IP and MAC
addresses of the virtual router, the connected network devices see no disruption in service.
- See more at: http://orbit-computer-solutions.com/The-Host-Standby-Router-Protocol-%3A-HSRPExplained.php#sthash.KuxlbMhW.dpuf

Gateway Load Balancing Protocol

(GLBP)
Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary solution for redundancy and
load balancing in an IP network.
GLBP allow automatic selection and simultaneous recovery from first hop router failures.

GLBP provides load balancing over multiple (router) gateways using a single virtual IP
address and multiple virtual MAC addresses.
Each host is configured with the same virtual IP address, and all routers in the virtual router
group participate in forwarding packets.

How GLBP Works.

GLBP works by making use of a single virtual IP address, which is configured as the default
gateway on the hosts.
The different routers that assume the forwarding role use different virtual MAC addresses
for the same virtual IP address which is used to forward packets.

Unlike HSRP and VRRP, GLBP does not use a single virtual MAC address for the entire group.
Instead, the AVG assigns different virtual MAC addresses to each of the physical routers in
the group.
There are two types of routers in a GLBP group use in redundancy and load balancing:
Active Virtual Gateway(AVG):
Within a GLBP group,one virtual router (gateway) is elected as the Active Virtual
Gateway(AVG), and its responsible for the operation of the protocol. This AVG router has
the highest priority value or IP address in the group, it responds to all ARP requests for MAC
addresses which it send to the virtual router IP address.

Active Virtual Forwarder (AVF)

A router within a GLBP group is elected as Active Virtual Forwarder (AVF) This AVF is
responsible for forwarding packets sent to the mac address returned by the AVG router.
Multiple active virtual forwarders can exist for each GLBP group.

So, when a client needs to send packet to known default gateway (AVG) with configured IP
address, it requests for the MAC address by sending an ARP (address resolution protocol)
request on the subnet.

The AVG will respond to these ARP requests with the virtual MAC address of each "active"
virtual forwarders, based on a configured load sharing algorithm.

Types of GLBP load Balancing Mechanism.

There are two load-balancing mechanism that is used with GLBP. These including :

1. Round-robin: The default one. Each AVF in turn is included in address resolution replies
for the virtual IP address.

2. Host-dependent: Based on the MAC address of a host where the same forwarder is
always used for a particular host.
- Weighted: Based on weight dependent share of user between routers.

GLBP Load Balancing mechanism States.

There are different states for AVG and AVF in a GLBP group.

AVG is having six states. These including:

1- Disabled : means no Virtual IP address configured.

2- Initial : means the virtual IP address configured but virtual gateway configuration is
incomplete.

3 - Listen : receiving hello messages and ready to "speak" state if AVG unavailable.

4 - Speak : means the Virtual gateway is attempting to become the AVG.

5 - Standby : ready to become the next AVG.

6 - Active : means the current AVG and responsible for responding to ARP requests for the
virtual IP address.

AVF is having four states. These including:

1- Disabled : means no Virtual MAC address assigned.

2 - Initial : The virtual MAC address is OK but virtual forwarder configuration is incomplete.

3 - Listen : Virtual forwarder is receiving hello and ready to active state if AVF
unavailable.

4 - Active : current AVF and responsible for forwarding packets sent to the virtual
forwarder MAC address.

Benefits of GLBP
* Allows full use of resources on all devices without the administrative burden of creating
multiple groups

* Provides a single virtual IP address and multiple virtual MAC addresses

* Routes traffic to single gateway shared evenly across multiple routers

* Provides automatic rerouting in the event of any failure

Summary
1. Active Virtual Router (AVG)
> Assigns Mac Address to the member of GLBP group.
> Responds to ARP requests

2. Virtual Forwarders (AVF)

> Forwards for given Mac address.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Redundancy-Protocol--Understanding-GLBP.php#sthash.7bpm2xAI.dpuf

IPV6 EIGRPv6.
EIGRPv6 is still a distant-vector routing protocol with same link-state features, The hello
process used in neighbour discovery and the Diffusing Update Algorithm (DUAL) use for loop
free and fast convergence is still much present. Like its fellow IPv6 Protocols ( RIPng and
OSPFv3), there are similarities in the processing features of IPv4 routing protocols.

EIGRP for IPv6 still possesses the same overall features and operation as EIGRP
for IPv4; only there are a few major differences between them:

EIGRP for IPv6 is configured directly on the router interfaces.

With EIGRP for IPv6, a router ID is required on each router or the routing
process does not start.

The EIGRP for IPv6 routing process uses a shutdown feature.

* EIGRPv6 uses a multicast address of FF02::10 for routing updates and hello
packets.

How to configure EIGRPv6.

Unlike its predecessor eigrp IPv4, IPv6 is enabled directly to the interface without the
network command. However, you can still use the router configuration mode to enable it
and it must be turned on using the shutdown command.

EIGRPv6 Configuration Example:

The 22 is the autonomous system (AS) number. If you look closely, you will notice the
prompt changed to(config-rtr) and from here you must use the no shutdown command.

On the interface fa0/0 configuration, same 22 references the AS number that was enabled
in the configuration mode.
- See more at: http://orbit-computer-solutions.com/IPv6-EIGRPv6-Explained.php#sthash.kdRfqUe1.dpuf

IPv6 Routing Protocols.

Most of the routing protocols weve learned in IPv4 had been modified to be used for longer
IPv6 addresses and different header structures. IPv6 routing protocols are similar to their
IPv4 counterparts, but since an IPv6 prefix is four times larger than an IPv4 prefix, routing
updates have to carry more information.
IPv4 routing protocols functions and configurations still possess some similarities. One of
the major differences between IPv4 and IPv6 protocols is the elimination of broadcast from
the later.

The IPv6 routing protocols includes RIPng, EIGRPv6 and OSPFv3.

Lets look at the functions and how to configure IPv6 protocols this in detail:

1. RIPng: RIP-next generation as its fondly called is still same old RIP used in IPv4
networks; of course minus the broadcast, its just been given a new name and some facelift but still works in same way as RIPv2.
RIPng is still a distant vector routing protocol with a max hop count of 15. It still uses the
much familiar features as in split horizon, poison reverse to prevent loops and multicast
address( when sending updates). The only slight difference is its usage of UDP port 521.

Unlike RIPv2 with multicast address of 224.0.0.9, IPv6 multicast address still retains the 9
at the end of its IP address FF02::9. (this is similar to the broadcast function performed
by RIP in IPv4).

IPv6 unlike its predecessor keeps track of their next hop address using a link-local address.
RIPng Is known to be supported by Cisco IOS Release 12.2(2)T and later.

How to configure RIPng.

RIPng is enabled without the traditional network command as was done in IPV4.
Before configuring the router to run IPv6 RIP, use the ipv6 unicast-routing global
configuration command, and enable IPv6 on any interfaces on which IPv6 RIP is to be
enabled.

To enable RIPng routing on the router, use the ipv6 router rip name global configuration
command.

R1(config)#ipv6 router rip name

The name parameter identifies the RIP process. This process name is used later when
configuring RIPng on participating interfaces.
For RIPng, you use the command ipv6 rip name enable in interface configuration mode to
enable RIPng on an interface.

R1(config-if)#ipv6 rip name enable

The name parameter must match the name parameter in the ipv6 router rip command.

RIPng Configuration Example:

- See more at: http://orbit-computer-solutions.com/IPv6-Routing-ProtocolsExplained.php#sthash.4QQclSUX.dpuf

IPv6 Routing Protocols: OSPFv3

Explained.
OSPFv3 is a link-state routing protocols as its predecessor in IPv4. It still uses the
autonomous areas to separate networks into areas.
OSPFv3 uses an IPv6 multicast address range of FF02::5 for ospf routes and FF02::6 for
ospf designated routers when sending updates and acknowledgements.
OSPF routers generate routing updates only when a change occurs in the network topology.

Field Code Changed

When a route link changes state, the network device that detects the change creates an link
State Advertisement (LSA) and forwards it to the DR using FF02::6 multicast address who
informs all devices within an area using FF02::5 multicast address. Each device then
updates its Link State Database.

One of the new features of OSPFv3 is the ability to assign the router ID, area ID and linkstate ID with a 32 bit value without IP addresses. This feature enables OSPFv3 to be
routable over almost any network layer protocol. Like other IPv6 routing protocols - RIPng
and EIGRPv6, you must enable it directly on the router interface for the process to work.

OSPFv3 Configuration Requirements.

* OSPFv3 configuration requirements:
* Enable IPv6 unicast routing
* Enable the OSPFv3 routing process
* Enable OSPFv3 on the interface
* Configure passive interfaces to suppress routing updates to and from an interface.

The interface configuration process is just to assign an ospfv3 process ID and area.

How to Configure OSPF Multiarea network.

- See more at: http://orbit-computer-solutions.com/OSPFv3-Explained-.php#sthash.U06nXwm6.dpuf

VLAN Trunking Protocol (VTP).

During the early days of networking, it was difficult to implement VLANs across networks.
Each VLAN was manually configured on each network switch. Managing a large switched

network used to be a complicated tasks, VLAN trunking methods was developed to help
ease this problem.

VTP Concept
VLAN Trunking Protocol (VTP) is a Cisco Proprietary which basic aim is to manage all
configured VLANs across a switched network. VTP helps to propagate and maintain VLAN
configurations consistency to other switches on the network.
VTP is a messaging protocol that uses layer 2 trunk frames to add, delete and rename
VLANs on a single domain. It helps to centralize changes which are sent to other switches
on the network.
A switch had to be configured in the role of a VTP server to manage your VLAN
configuration on your network. The sever(s) will share VLAN information with other switches
on the network which must use the same domain name.
VTP learns only normal-range VLANs (VLAN IDs 1 to 1005).
The primary role of VTP is to maintain VLAN configuration consistency across a network
administration domain.
VTP stores VLAN configurations in the VLAN database called vlan.dat.
After a trunk is established between switches, VTP advertisement is exchanged between the
switches. Both the server switch and client exchange and monitor advertisement from one
another to ensure each has an accurate record of VLAN information. VTP advertisement will
not be exchanged if the trunk between the switches is inactive.

In the diagram above, a trunk link is configured between switch S1, (VTP Server), S2 and
S3 - VTP client.
After a trunk is established between the switches, VTP summary advertisement is
exchanged among the switches.

How to Configure VTP on a Cisco switch

VTP Configuration Guidelines
The following command is used to configure a switch (S1) as VTP server:
Sw1#config t
Sw1(config)#vtp mode server
Sw1(config)#exit
Configure switch (Sw2 and Sw3) as VTP client:
Sw2#config t

Sw2(config)#vtp mode client

Sw2(config)#exit
Configuring VTP Domain Name and Password:
For VTP summary advertisement be exchanged among the switches, all switches in the
network have to belong to the same domain and use the same password:
VTP Domain
Sw1#config t
Sw1(config)#vtp domain lab
Sw1(config)#exit
VTP password
Sw1#config t
Sw1(config)#vtp password orbit123
Sw1(config)#exit
Configure the same domain name and password for the clients.
Confirm configuration changes.
Use the show vtp status command on S1 to confirm that the VTP mode and domain are
configured
correctly.
Sw1#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : lab
VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled
MD5 digest : 0x8C 0x29 0x40 0xDD 0x7F 0x7A 0x63
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Confirm the same for S1 and S2
To verify the VTP password, use the show vtp password command.
Sw1#show vtp password

- See more at: http://orbit-computer-solutions.com/VLAN-Trunking-Protocol--VTP.php#sthash.hGm7oB13.dpuf

Ways to Migrate to IPv6.

Before now, most networks; if not all, runs on IPv4 infrastructure,
especially if your network is using old routers and switches. To
upgrade your network to be IPv6 compliant, one or two strategies
listed below can be used to implement this process on your
network.
1. Dual Stacking: This method of migration enables a network to
run both IPv4 and IPv6 protocols simultaneously. This is one of the
simplest methods you can use to upgrade on your IPv4 network.
Dual stacking enables you to upgrade your older network devices
one after another in other to continue the existing communication.
Cisco IOS Release 12.2(2)T are IPv6-ready. As soon as you
configure basic IPv4 and IPv6 on the interface, the interface is dualstacked and forwards IPv4 and IPv6 traffic on that interface.
How to configure IPv6 Dual Stacking.
To configure dual stacking on a Cisco router in your network, all you
have to do is enable IPv6 forwarding and assign an IPv6 address to
the router interfaces already configured with IPv4 address.
To enable IPv6 on a Cisco IOS router requires that you use the
global configuration command ipv6 unicast-routing. This command
enables the forwarding of IPv6 data on your network.

- See more at: http://orbit-computer-solutions.com/Ways-to-Migrate-to-IPv6.php#sthash.2ziBHIHS.dpuf

IPv6 Address Expression and

Examples.
Unlike the 32-bit with four 8-bit fields of IPv4 address, separated by dots. IPv6 process a
larger, 128-bit and the use of colons to separate it's 16-bit hexadecimal entries.

Field Code Changed

Below explains how to shorten the IPv6 address:

Lets use the IPv6 address:

2041:0000:130F:0000:0000:07C0:853A:140B.

The Leading zeros in a field are optional. That means: the field 07C0 equals 7C0, and the
field 0000 can be written as 0.

So, the above IPv6 address: 2041:0000:130F:0000:0000:07C0:853A:140B can be

written as :

2041:0:130F:0000:0000:7C0:853A:140B.

In addition, the fields of zeros can be represented as two colons " :: ". like so:

2041:0:130F:0000:0000:7C0:853A:140B

It can also be written as:

2041:0:130F:: 7C0:853A:140B. (with the field of 0s represented

by colons)

Check the steps below:

Other Examples:

Also...

- See more at: http://orbit-computer-solutions.com/IPv6-Address-Expression-and-Examples.php#sthash.mDWFtzsm.dpuf

IPv6 Stateful Autoconfiguration.

DHCPv6 is a network protocol that works pretty much the same as DHCP in IPv4.
DHCPv6 is used to assign ip addresses and prefix to IPv6 hosts on a network. This is also
known as a stateful autoconfiguration.

How DHCPv6 Works.

If you know about stateless autoconfiguration, where a host sends a router solicitation (RS)
message via a router to a DHCPv6 server on the network for IPv6 configuration, the host
receives a router advertisement (RA) from the DHCPv6 server via the router with IPv6 IP
addresses configuration.

If there are no router on the network, the host will send a DHCP solicit

multicast message with an addressed source of FF02::1:2, this multicast message is sent
to all DHCPv6 servers and relays on the network.This works the same way as it does in IPv4
DHCP.

How to Configure DHCPv6 on Cisco router.

R1#config t
R1(config)# ipv6 dhcp pool
R1(config-dhcp)# ipv6 dhcp pool test
R1(config-dhcp)#dns-server
R1(config-dhcp)#domain-name orbit123.com
R1(config-dhcp)#prefix-delegation pool test lifetime 64000 64000

Assign DHCPv6 to an interface:

R1#config t
R1(config)#interface fa0/0
R1(config-if)#ipv6 dhcp server test

The above interface configuration is quite different from that of IPv4. Overall, we have
configured DHCPv6 server and applied it to an Interface
- See more at: http://orbit-computer-solutions.com/DHCPv6%3A-How-DHCPv6works.php#sthash.aPPQCcij.dpuf

EIGRPv6 Passive Interface.

You can use the EIGRPv6 passive-interface command to control the advertisement of
routing information.
The command enables the to stop routing updates over some interfaces while it allows
updates to be exchanged normally over other interfaces.

How to Configure EIGRP Passive Interface.

We use the topology below as example.

HQ(config)# ipv6 router eigrp 22

HQ(config-rtr)# passive-interface g0/0
HQ(config-rtr)# passive-interface g0/1

The configuration above enable the router to stop the exchange of hello packets between
routers which will result in the loss of a neighbor relationship.
Therefore, it is only used on interfaces where no routers are connected.
This stops not only routing updates from being advertised, but it also suppresses incoming
routing updates.

Use the show command to verify your configuration.

HQ#show ipv6 protocols
!!!
IPv6 Routing Protocol is "ND"
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "eigrp 22"
EIGRP-IPv6 Protocol for AS(22)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0

NSF-aware route hold timer is 240

Router-ID: 1.1.1.1
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 16
Maximum hopcount 22
Maximum metric variance 1
Interfaces:
Serial0/0/0
GigabitEthernet0/0 (passive)
GigabitEthernet0/1 (passive)
Redistribution:
None
HQ#

RIPng.
IPv6 ACLs
OSPFv3
IPv4 EIGRP
Hot Standby Router Protocol (HSRP)
Host Standby Router Redundancy Protocol (HSRP)

Virtual Router Redundancy Protocol (VRRP)

Gateway Load Balancing Protocol (GLBP)

Spanning Tree Protocol (STP)

VLAN Trunking Protocol (VTP)

IPv6

EIGRPv6

RIPv6

OSPFv3

DHCPv6
- See more at: http://orbit-computer-solutions.com/Understanding-EIGRPv6-Passive-Interface.php#sthash.fGxQnaK4.dpuf

Understanding Simple Network

Management Protocol-SNMP.
SNMP is an application layer protocol that provides a message format for communication
between what are termed managers and agents.
Uses of SNMP
Network administrators use SNMP to monitor and map network availability, performance,
and error rates.
SNMP Components include:
SNMP manager: This is a distinct unit with the responsibility to communicate with the
SNMP agent configured and connected to the network. This can be in form of a computer or
server used to run one or more network management systems.

Functions SNMP Manager includes:

Field Code Changed

Queries agents
Gets responses from agents
Acknowledges asynchronous events from agents
Sets variables in agents

SNMP Agent: This a program installed or configured within the network device/agent
enabling it to collect the management information which is stored in its database locally and
makes it available to the SNMP manager, when it is queried for.
Functions of a SNMP agent:
Stores and retrieves network management information as defined in the MIB.
Informs and relates an event to the manager.
Collects management information about its local environment
Acts as a proxy for some nonSNMP manageable network node
Management Information Base- MIB
This a virtual database of network management information commonly shared between the
Agent and the Manager.
The SNMP manager uses SNMP Agents information contained in their database to request
the agent for specific information and further translates the information as needed for the
Network Management System (NMS).

copyright Cisco.com

SNMP versions.
SNMPv1:
This is the first version of the protocol, which is defined in RFCs 1155 and 1157
SNMPv2c:
This is the revised and enhancements of SNMPv1 in the areas of protocol packet types,
transport mappings, MIB structure elements but using the existing SNMPv1 administration
structure ("community based security mechanism" )
SNMPv3:
Security is the main definition and concern of SNMPv3 version.
SNMPv3 also enables remote configuration of the SNMP units.
The main features of SNMPv3 includes:
Message integrity: This helps ensure that a packet has not been tampered with in transit
Authentication: This helps ensure that the packet came from a known and trusted source
Encryption: This helps to ensure that information cannot be read if the data is captured in
transit
- See more at: http://orbit-computer-solutions.com/Understanding-Simple-Network-ManagementProtocol-SNMP.php#sthash.16lzisfT.dpuf

IPv6 Static and Default Route.

Static and default routes IP configurations on network routers is to enable communication to
remote networks that are not directly connected.

There are similarities when configuring IPv4 and IPv6 static and default routes on Cisco
Integrated Services Routers (ISRs), the only difference is the IP addressing formats and
IPv6 routing had to be enabled on the router with the ipv6 unicast-routing command in
global configuration mode.

Types of IPv6 Static and Default Routes

Field Code Changed

There are three types of IPv6 static and default routes:

Directly Connected IPv6 Static Route A directly connected static route is enabled
when an outgoing interface is specified.
A directly connected static route is normally used with a point-to-point serial interface.

To configure a directly attached IPv6 static route, use the following command format:

e.g.

Router(config)# ipv6 route <ipv6-prefix/prefix-length> <outgoing-interface-type>

<outgoing-interface-number>

Recursive IPv6 Static Route A recursive static route is created when specifying the
next-hop IP address.
This method enable the router to perform a recursive lookup in the routing table in order to
identify the outgoing interface.

In a recursive IPv6 static route, the route entry has the next-hop router IPv6 address.
To configure a recursive IPv6 static route, use the following command format:

e.g.

Router(config)# ipv6 route <ipv6-prefix/prefix-length> <next-hop-ipv6-address>

Default IPv6 Static Route A default IPv6 static route is created by specifying the
destination IPv6 prefix and prefix length all zeros, ::/0.

e.g.

Router(config)# ipv6 route ::/0 <outgoing-interface-type> <outgoing-interface-number>

{and/or} <next-hop-ipv6-address>

How to Configure IPv6 Static and Default Routes.

We will use the topology below as an example:

Step-by-step IPv6 static and default routes configuration.

All router interfaces must be enabled with IPv6 unicast-routing command before further
configurations.
If you look closely at the topology, the routers GigabitEthernet0/1 (G0/1) interface has a
globally routable unicast address and EUI-64 is used to create the interface identifier portion
of the address.
The S0/0/1 interface has a privately routable, unique-local address, which is recommended
for point-to-point serial connections.

R1 Configuration.

1. Enable IPv6 routing, then configure the router G0/1 and serial interface with IPv6
address.

R1(config)# ipv6 unicast-routing

R1(config)# interface g0/1
R1(config-if)# ipv6 address 2001:FC8:A72C:A::/64 eui-64
R1(config-if)# no shutdown
R1(config-if)# interface serial 0/0/1
R1(config-if)# ipv6 address FC00::1/64
R1(config-if)# no shutdown
R1(config-if)# exit

R2 Configuration.

2. Enable IPv6 routing, then configure the router G0/1 and serial interface with IPv6
address.

R2(config)# ipv6 unicast-routing

R2(config)# interface g0/1
R2(config-if)# ipv6 address 2001:FC8:A72C:B::/64 eui-64
R2(config-if)# no shutdown
R2(config-if)# interface serial 0/0/0
R2(config-if)# ipv6 address FC00::2/64
R2(config-if)# no shutdown

R2(config-if)# exit

How to Configure a directly connected IPv6 static route.

R1(config)# ipv6 route 2001:FC8:A72C:B::/64 serial 0/0/1

R1(config)#

3. Now create a return route to 2001:FC8:A72C:A::/64 on R2 to successfully ping across

the network.

R2(config)# ipv6 route 2001:FC8:A72C:A::/64 serial 0/0/0

R2(config)#

Now that both routers have static routes configured on them, communication across the
network will successfully.

How to Configure a recursive IPv6 static route.

Firstly, delete the directly enabled static route On router R1, and configure a recursive static
route.

R1(config)# no ipv6 route 2001:FC8:A72C:B::/64 serial 0/0/1

R1(config)# ipv6 route 2001:FC8:A72C:B::/64 FC00::2
R1(config)# exit

also, delete the directly enabled static route On router R2, and configure a recursive static
route.

R2(config)# no ipv6 route 2001:FC8:A72C:A::/64 serial 0/0/0

R2(config)# ipv6 route 2001:FC8:A72C:A::/64 FC00::1
R2(config)# exit

How to Configure a default IPv6 static route.

In a default static route, the destination IPv6 prefix and prefix length are all zeros.

Firstly, delete the recursive static route on router R1 and configure a default static route.

R1(config)# no ipv6 route 2001:FC8:A72C:B::/64 FC00::2

R1(config)# ipv6 route ::/0 serial 0/0/1
R1(config)#

Delete the recursive static route and add a default static route on R2.

R2(config)# no ipv6 route 2001:FC8:A72C:A::/64 FC00::2

R2(config)# ipv6 route ::/0 serial 0/0/0
R2(config)#
- See more at: http://orbit-computer-solutions.com/IPv6-Static-and-Default-Route%3A-How-toConfigure-IPv6-Static-and-Default-Routes-.php#sthash.5DX2RUsq.dpuf

Types of IPv6 Address.

Just like IPv4s Unicast, Broadcast and Multicast addresses that defines the basics of
communication and connectivity on the internet, IPv6 managed to remove the broadcast

Field Code Changed

(because of the difficulties it causes on a network through looping) from the trio and
introduced Anycast.
Lets look at these IPv6 address types in detail below:

Unicast Address: Packets addressed to a unicast address is destined for a single interface.
This can also refered to as one to-one ipv6 address. Other different type of unicast
addressing is Global, Link local, Site local.

Global Unicast Address:

An IPv6 unicast address is globally routable on the public internet. It shares the same
address format as an IPv6 anycast address. Global unicast addresses are assigned by the
Internet Assigned Numbers Authority (IANA).

Link-local Addresses:
These are private address that is not meant to be routed on the internet. They can be used
locally by private or temporary LANs for sharing and distribution of file among devices on
the LAN.

Unique local address:

This type of ipv6 address also not intended to be routed on the public internet. Unique local
is a replacement of site-local address, that allows communication within a site while being
routable to a multiple local networks.

Multicast Address:
This can also be refered to as One-to-Many. Packets addressed to multicast address are
delivered to all interface identified by the multicast address. Multicast address types are
easily notable because they normally begins with FF.

Anycast:
This form of ipv6 address is similar to the multicast address with a slight difference. Anycast
address can also be refered to as One to Nearest. It can be used to address packets meant
for multiple interfaces; but usually it sends packets to the first interface it finds as defined in
the routing distance. This means it send packets to the closest interface as determined by
routing protocols.

Anycast address is a very special ipv6 addressing type such that it can also be used to
deliver a packet to more than one interface which also helped earn the name as One-to-One
or Many address!

Loopback Address:
Just as in IPv4, a provision has been made for a special loopback IPv6 address for testing.
However, in IPv6 there is just one address, not a whole block, for this function. The
loopback address is 0:0:0:0:0:0:0:1, which is normally expressed using zero compression
as "::1".

Special IPv6 addresses

Just like in IPv4, IPv6 have some addresses specially reserved for specific use.
Below are example of these addresses:

1. 0:0:0:0:0:0:0:0 can be represented as ::

This is equivalent to ipv4 version of 0.0.0.0.which is the host source address
use during stateful configuration.

2. 0:0:0:0:0:0:0:1 = 1 - This is 127.0.0.1 equivalent in IPv4.

3. 20000::/3 - The global unicast address range.

4. FEC00::/7 - The unique local address range.

5. FE80::/10 - Link-local unicast address range.

6. FF00::/8 - The multicast range.

7. 3FFF:FFFF::/32 and 2001:0DB8::/32 - Reserved address range for

examples and documentation.

8. 2002::/16 - this address range are normally use during the ipv6 transition
or migration(6to4) configuration.
- See more at: http://orbit-computer-solutions.com/Types-of-IPv6-Address.php#sthash.SCEbSyQS.dpuf

How IPv6 address works.

IPv6 uses a special feature called autoconfiguration to find and assign IP address
configuration to hosts on the network. IPv6 autoconfiguration can be Stateful (DHCPv6) or
stateless.

IPV6 Stateless autoconfiguration.

IPv6 stateless autoconfiguration is a process that allows devices on a network to address
themselves with a link-local unicast address. Its a well known idea that every device on a
Ethernet network has an interface address (Physical MAC address).

The process of autoconfiguration begins with the network router obtaining the network
device prefix interface address or physical mac address and goes on to add its own prefix
interface address.

Have in mind that IPv6 is address is 64 bits in length, and a mac address is 48 bits, the
extra 16 bits is added at the middle of the mac address with FFFE to complete the
autoconfiguration of the Ethernet device ipv6 address.

Example:

i. A MAC address is 48 bits. 0070:e876:b987

ii. 2 will be added after the first byte: 0270:e876:b987 (adding 2 makes the address
globally unique since a bit of 0 is locally unique.)
iii. Insert FFFE in the middle = 0270:e8FF:FE76:b987

Field Code Changed

Stateless Auto configuration steps in summary:

i.
The host sends a multicast message to each router multicast address known as
Router Solicitation message (RS) for a prefix information. This message is sent inform of an
ICMP type 133.

ii.
The router replies with multicast packet to each multicast address with the required
prefix information through the router advertisement (RA). This message is also sent inform
of an ICMP type 134.

iii.
The host receives the RA and added prefix, allowing its interface to be
autoconfigured.

- See more at: http://orbit-computer-solutions.com/Understanding-How-IPv6Works.php#sthash.cbesZy9R.dpuf

How to Configure IPv6 Addresses.

Enabling IPv6 on Cisco Routers.
By default, IPv6 traffic-forwarding is disabled on a Cisco router. It must to be activated
between interfaces by using the global configuration command - ipv6 unicast-routing.
The global configuration command must be used in both Stateful (DHCPv6) and Stateless
autoconfiguration.

There are two basic steps used to activate IPv6 on a Cisco router:
i.

First, you must activate IPv6 traffic-forwarding on the router, and

ii.

then you must configure each interface that requires IPv6.

Command syntax for enabling IPv6 on Cisco routers:

When a network router interface is configured with an ipv6 address, a link-local address will

be configured automatically for the interface.

You must specify the entire 128-bit IPv6 address or specify to use the 64-bit prefix by using
the eui-64 option.

IPv6 Address Configuration Example

Field Code Changed

From the above IPv6 address configuration example, router1 is shown connected to an IPv6
WAN to router2 with the a subnet prefix address of 2001:db8:3c4d:2::/64.

We used the following commands:

R1(config)#ipv6 unicast-routing (is configured on the router to activate IPv6 routing and
configure the router fa0/1 interface).
The EUI-64 option is used to create the 64-bit MAC address.

Note.

The MAC address of the Ethernet Fa0/1 interface is 0260.3d47.1720.

Using the show ipv6 interface fa0/1 command, the MAC address is displayed as part of
the IPv6 address with the Hex characters FFFE (16 bits) added in the middle, which
expands the 48-bit MAC address to create the IPv6 64-bit link-local address.

R1#show ipv6 interface fa0/1

Fa0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::260:3dFF:FE47:1720
Global unicast addresses:
2001:DB8:C18:1:260:3EFF:FE47:1720, subnet is 2001:DB8:C18:1::/64
Joined group addresses:
FF02::1:FF47:1720
FF02::1
FF02::2
MTU is 1500 bytes

How IPv6 address is formed.

- See more at: http://orbit-computer-solutions.com/CCNA%3A-Configuring-IPv6-Addresses%3AEnabling-IPv6-on-Cisco-Routers.php#sthash.T0jz2PAm.dpuf

VLAN Trunking Protocol (VTP).

During the early days of networking, it was difficult to implement VLANs across networks.
Each VLAN was manually configured on each network switch. Managing a large switched
network used to be a complicated tasks, VLAN trunking methods was developed to help
ease this problem.

VTP Concept
VLAN Trunking Protocol (VTP) is a Cisco Proprietary which basic aim is to manage all
configured VLANs across a switched network. VTP helps to propagate and maintain VLAN
configurations consistency to other switches on the network.
VTP is a messaging protocol that uses layer 2 trunk frames to add, delete and rename
VLANs on a single domain. It helps to centralize changes which are sent to other switches
on the network.

A switch had to be configured in the role of a VTP server to manage your VLAN
configuration on your network. The sever(s) will share VLAN information with other switches
on the network which must use the same domain name.
VTP learns only normal-range VLANs (VLAN IDs 1 to 1005).
The primary role of VTP is to maintain VLAN configuration consistency across a network
administration domain.
VTP stores VLAN configurations in the VLAN database called vlan.dat.
After a trunk is established between switches, VTP advertisement is exchanged between the
switches. Both the server switch and client exchange and monitor advertisement from one
another to ensure each has an accurate record of VLAN information. VTP advertisement will
not be exchanged if the trunk between the switches is inactive.

In the diagram above, a trunk link is configured between switch S1, (VTP Server), S2 and
S3 - VTP client.
After a trunk is established between the switches, VTP summary advertisement is
exchanged among the switches.

How to Configure VTP on a Cisco switch

VTP Configuration Guidelines
The following command is used to configure a switch (S1) as VTP server:
Sw1#config t
Sw1(config)#vtp mode server
Sw1(config)#exit
Configure switch (Sw2 and Sw3) as VTP client:
Sw2#config t
Sw2(config)#vtp mode client
Sw2(config)#exit
Configuring VTP Domain Name and Password:
For VTP summary advertisement be exchanged among the switches, all switches in the
network have to belong to the same domain and use the same password:
VTP Domain
Sw1#config t
Sw1(config)#vtp domain lab
Sw1(config)#exit
VTP password
Sw1#config t
Sw1(config)#vtp password orbit123
Sw1(config)#exit
Configure the same domain name and password for the clients.
Confirm configuration changes.
Use the show vtp status command on S1 to confirm that the VTP mode and domain are
configured

correctly.
Sw1#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : lab
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x8C 0x29 0x40 0xDD 0x7F 0x7A 0x63
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Confirm the same for S1 and S2
To verify the VTP password, use the show vtp password command.
Sw1#show vtp password
VTP Password: orbit123
S1#
- See more at: http://orbit-computer-solutions.com/VLAN-Trunking-Protocol--VTP.php#sthash.hGm7oB13.dpuf

Configuring VLAN on a Cisco

Switch.
On this page, we learn how to configure:
* Telnet line and Password
* Console line and Password

* VLAN and names

* Switch host names
* Delete a VLAN
* Assigning a switch port
The following is a basic configuration of VLAN on Cisco Switch Interfaces:
Before you begin you must have worked out your IP addresses
We are configuringVLAN ports for three departments:
VLAN 10, Name: orbit
VLAN 20, Name:cisco
VLAN 30, Name: Student
We use the topology below as an example:

Configuring Telnet line and password:

switch1#config t
Switch1(config)#enable secret cisco
Switch1(config)#line vty 0 15
Switch1(config-line)#password cisco
Switch1(config-line)#login
Switch1(config-line)#exit

Configuring console line and password:

Switch1(config)#line con 0
Switch1(config-line)#password cisco
Switch1(config-line)#login
Switch1(config-line)#exit

Create and Configure VLANs and Names on Switch:

Switch1#config t
switch1(config)#vlan 10
switch1(config-vlan)#name orbit
switch1(config-vlan)#exit
switch1(config)#vlan 20
switch1(config-vlan)#name cisco
Switch11(config-vlan)#exit
Switch1(config)#vlan 30
Switch1(config-vlan)#name student
Switch1(config-vlan)#exit
Switch1(config)#exit
To view your configurations, use the show vlan command: -

Switch1#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
10 orbit active
20 cisco active
30 student active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
005 trnet-default active
<input omitted>
Switch#

How to assign a switchport to a VLAN.

After creating your VLAN, you can assign a switch port to the VLAN .
VLAN 20, is statically assigned to port F0/8 on switch S1:
Switch1#config t
Switch1(config)#interface fa0/2
Switch1(config-if)#switchport mode access
Switch1(config-if)#switchport access vlan 20

Switch1(config-if)#no shut
Switch1(config-if)#exit
Switch1(config)#exit
Switch1#
use the above commands to assign the rest of the VLANs a switchport access.

How to delete VLANs

To delete a VLAN, use the global configuration command no vlan vlan-id to remove VLAN
20 from the switch.
e.g.
Switch1(config)#no vlan 10
Switch1(config)#end
Use the show vlan brief command to verify that VLAN 20 is no longer in the vlan.dat file.
Alternatively, the entire vlan.dat file can be deleted using the command delete
flash:vlan.dat from privileged EXEC mode. After the switch is reloaded, the previously
configured VLANs will no longer be present. This effectively places the switch into is "factory
default" concerning VLAN configurations.
- See more at: http://orbit-computer-solutions.com/How-to-Configure-VLAN-on-a-CiscoSwitch.php#sthash.sqNnWGKE.dpuf

VLAN Trunking Protocol (VTP).

During the early days of networking, it was difficult to implement VLANs across networks.
Each VLAN was manually configured on each network switch. Managing a large switched
network used to be a complicated tasks, VLAN trunking methods was developed to help
ease this problem.

VTP Concept
VLAN Trunking Protocol (VTP) is a Cisco Proprietary which basic aim is to manage all
configured VLANs across a switched network. VTP helps to propagate and maintain VLAN
configurations consistency to other switches on the network.
VTP is a messaging protocol that uses layer 2 trunk frames to add, delete and rename
VLANs on a single domain. It helps to centralize changes which are sent to other switches
on the network.

Field Code Changed

A switch had to be configured in the role of a VTP server to manage your VLAN
configuration on your network. The sever(s) will share VLAN information with other switches
on the network which must use the same domain name.
VTP learns only normal-range VLANs (VLAN IDs 1 to 1005).
The primary role of VTP is to maintain VLAN configuration consistency across a network
administration domain.
VTP stores VLAN configurations in the VLAN database called vlan.dat.
After a trunk is established between switches, VTP advertisement is exchanged between the
switches. Both the server switch and client exchange and monitor advertisement from one
another to ensure each has an accurate record of VLAN information. VTP advertisement will
not be exchanged if the trunk between the switches is inactive.

In the diagram above, a trunk link is configured between switch S1, (VTP Server), S2 and
S3 - VTP client.
After a trunk is established between the switches, VTP summary advertisement is
exchanged among the switches.

How to Configure VTP on a Cisco switch

VTP Configuration Guidelines
The following command is used to configure a switch (S1) as VTP server:
Sw1#config t
Sw1(config)#vtp mode server
Sw1(config)#exit
Configure switch (Sw2 and Sw3) as VTP client:
Sw2#config t
Sw2(config)#vtp mode client
Sw2(config)#exit
Configuring VTP Domain Name and Password:
For VTP summary advertisement be exchanged among the switches, all switches in the
network have to belong to the same domain and use the same password:
VTP Domain
Sw1#config t
Sw1(config)#vtp domain lab
Sw1(config)#exit
VTP password
Sw1#config t
Sw1(config)#vtp password orbit123
Sw1(config)#exit
Configure the same domain name and password for the clients.
Confirm configuration changes.
Use the show vtp status command on S1 to confirm that the VTP mode and domain are
configured

correctly.
Sw1#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : lab
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x8C 0x29 0x40 0xDD 0x7F 0x7A 0x63
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Confirm the same for S1 and S2
To verify the VTP password, use the show vtp password command.
Sw1#show vtp password
VTP Password: orbit123
S1#
- See more at: http://orbit-computer-solutions.com/VLAN-Trunking-Protocol--VTP.php#sthash.Cme3thzA.dpuf

VLAN ID Ranges.
VLANs ID is divided into either a normal range or an extended range.

Normal Range IDs

- 1 1005
- 1002 1005 are reserved for Token Ring and FDDI VLANs

- 1 and 1002 to 1005 are automatically created and cannot be removed

- Normal rage VLANs IS store in the vlan.dat file in the flash memory.
Extended Range IDs
- 1006 4094
- Designed for service providers
- Have fewer options than normal range VLANs
- Stored in the running configuration file
Cisco catalyst 2960 switch supports 255 normal and extended range VLANs.

- See more at: http://orbit-computer-solutions.com/VLAN-ID-Ranges.php#sthash.hldtIo2a.dpuf

VLAN Switch Port

Modes.
When you configure a VLAN, you must assign it a number ID, and you can optionally give it
a name. The purpose of VLAN implementations is to associate ports with particular VLANs.
You configure the port to forward a frame to a specific VLAN.
As mentioned previously Types of VLAN - you can configure a VLAN in voice mode to
support voice and data traffic coming from a Cisco IP phone. You can configure a port to
belong to a VLAN by assigning a membership mode that specifies the kind of traffic the port
carries and the VLANs to which it can belong. A port can be configured to support these
VLAN types:
Static VLAN
This is when Ports on a switch are manually assigned to a VLAN. Static VLANs are
configured using the Cisco CLI. This can also be accomplished with GUI management
applications, such as the Cisco Network Assistant. However, a convenient feature of the CLI
is that if you assign an interface to a VLAN that does not exist, the new VLAN is created for
you.

Static Port mode configuration

Switch#config t
Switch(config)#interface fastEthernet0/15
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#end

Dynamic VLAN
A dynamic port VLAN membership is configured using a special server called a VLAN
Membership Policy Server (VMPS). With the VMPS, you assign switch ports to VLANs
dynamically, based on the source MAC address of the device connected to the port. The
benefit comes when you move a host from a port on one switch in the network to a port on
another switch in the network; the switch dynamically assigns the new port to the proper
VLAN for that host.

Voice VLAN
A port is configured to be in voice mode so that it can support an IP phone attached
to it . Before you configure a voice VLAN on the port, you need to first configure a
VLAN for voice and a VLAN for data.

Voice mode Configuration

Switch#config t
Switch(config)#interface fastEthernet 0/15
Switch(config-if)#mls qos trust cos
Switch(config-if)#switchport voice vlan 99
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#end

The configuration command mls qos trust cos ensures that voice traffic is identified and
given priority traffic. Remember that the entire network must be set up to prioritize voice
traffic. You cannot just configure the port with this command.
The switchport voice vlan 99 commands identifies VLAN 99 as the voice VLAN.

You can verify this by using the following command:

Switch1#show interfaces fa0/15 switchport

Name: Fa0/15
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: off
Access mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1(default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 99 (VLAN099)

The switchport access vlan 10 command configures VLAN 10 as the access mode (data)
VLAN. You can see this verified in the bottom screen capture: Access Mode VLAN: 10
(VLAN0010).
- See more at: http://orbit-computer-solutions.com/VLAN-Switch-Port-MembershipModes.php#sthash.FqaKo3en.dpuf

Types of VLAN.
There are different types of VLANs. The type of network traffic they carry defines a
particular type of VLAN and others derive their
names due to the type or a specific function the VLAN performs. The following describes
common VLAN:

Default VLAN
At the initial boot up of the switch, All switch ports become a member of the default VLAN,
which makes them all part of the same broadcast domain. This allows any network device
connected to any of the switch port to communicate with other devices on other switch
ports.
On Cisco switches the default VLAN is VLAN 1. VLAN 1 has all the features of any VLAN,
except that you cannot rename or delete it.

Data VLAN

Field Code Changed

A data VLAN that can also be referred to as user VLAN. This is configured to carry only usergenerated traffic. The importance of separating user data from other type of VLAN is proper
switch management and control.

Native VLAN
A native VLAN is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic
coming from many VLANs as well as traffic that do not come from a VLAN. The 802.1Q
trunk port places untagged traffic (traffic that does not come from a VLAN) on the native
VLAN. In summary, the native VLAN observes and identifies traffic coming from each end of
a trunk link.

Management VLAN
A management VLAN is any VLAN you configure to access the management capabilities of a
switch. Your configured management VLAN is to be assign with an IP address and subnet
mask. Any of a switch VLAN could be configured as the management VLAN if you has not
configured or define a unique VLAN to serve as the management VLAN. In some cases, a
network administrator proactively defines VLAN 1 as the management VLAN; this enables a
loophole for an unauthorized connection to a switch.
Voice VLAN
Voice VLAN is configured to carry voice traffic. Voice VLANs are mostly given transmission
priority over other types of network traffic. Communication over the network is not
complete without phone calls. More calls are made over the network than other forms of s
message transmission. Sending emails and text messages are also forms of inter-relations
but listening to a real voice provides legitimacy and assurance.
It is considered among network administrators to design a network that support VoIP with
an assured bandwidth to ensure voice quality, and capability to be routed around congested
areas on the network with minimal delays (150-180 milliseconds).
VLAN Configuration
- See more at: http://orbit-computer-solutions.com/Types-of-VLAN.php#sthash.dMah4QB5.dpuf

Inter-VLAN Routing.
We define inter-VLAN routing as a process of forwarding network traffic from one VLAN to
another VLAN using a router or layer 3 device.

Field Code Changed

In the previous pages, we learned about how to configure VLANs on a network switch. To
allow devices connected to the various VLANs to communicate with each other, you need to
connect a router.
As weve learned that each VLAN is a unique broadcast domain, so, computers on separate
VLANs are, by default, not able to communicate. There is a way to permit these computers
to communicate; it is called inter-VLAN routing.
One of the ways of the ways to carry out inter-VLAN routing is by connecting a router to the
switch infrastructure. VLANs are associated with unique IP subnets on the network.

This subnet configuration enables the routing process in a multi-VLAN environment. When
using a router to facilitate inter-VLAN routing, the router interfaces can be connected to
separate VLANs. Devices on those VLANs communicates with each other via the router.
Traditional Inter-VLAN Routing

The figure above show a traditional inter-VLAN routing:

1 Traffic from PC1 on VLAN10 is routed through router R1 to reach PC3 on VLAN 20.
2. PC1 and PC3 are on different VLANs and have IP addresses on different subnets.
3. Router R1 has a separate interface configured for each of the VLANs.

- See more at: http://orbit-computer-solutions.com/Inter-VLAN-Routing.php#sthash.cOMeyBfU.dpuf

How to configure
InterVLAN routing on
Cisco router.
When configuring InterVLAN routing, its advisable you firstly, configure the switch SW1 that
will be connected to the router, as shown in the diagram.
Router R1 is connected to switch ports F0/4 and F0/3, which have been configured for
VLANs 10 and 20, respectively.

Example of switch SW1 interface configuration command:

SW1#config t
SW1(config)#vlan 10
SW1(config-vlan)#vlan 20

SW1(config-vlan)#exit
SW1(config)#interface fa0/8
SW1(config-if)#switchport access vlan 10
SW1(config-if)#interface fa0/4
SW1(config-if)#switchport access vlan 10
SW1(config-if)#interface fa0/11
SW1(config-if)#switchport access vlan 20
SW1(config-if)#interface fa0/3
SW1(config-if)#switchport access vlan 20
SW1(config-if)#end
#SYS-5-CONFIG_I: configured from console by console
SWI#
In the above example, interfaces F0/4 and F0/8 has been configured on VLAN 10 using the
switchport access vlan 10 command. The same process is used to assign VLAN 20 to
interface F0/3 and F0/11 on switch SW1.
To be on a safe side use the copy running-config startup-config command in privileged
EXEC mode to save your configuration
Example of router R1 interface configuration command:
R1#config t
R1(config)#interface fa0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shut
.
R1(config-if)#interface fa0/1
RI(config-if)#ip address 192.168.2.1 255.255.255.0
RI(config-if)#no shut
RI(config-if)#end

As shown in the figure above, each router interface - fa0/0 and fa0/1 belong to a different
subnet and is configured with an ip address and subnet mask in the interface
configuration mode, and no shutdown command is used to enable the router interface.

After the no shutdown is issued in interface configuration mode, you will notice a display
indicating that the interface state has changed to up. This indicates that the interface is now
enabled.
You can examine the routing table using the show ip route privileged EXEC mode
command. This command displays the locally connected interfaces of the router.

You can also use the show interface command in privileged EXEC mode to view
more detailed information about the router interfaces, such as diagnostic
information, status, MAC address, and transmit or receive errors,
In summary:
If the router receives a packet on interface F0/0 destined for the 192.168.2.0 subnet, the
router would identify that it should send the packet out via interface F0/1 to reach hosts on
the 192.168.2.0 subnet.

- See more at: http://orbit-computer-solutions.com/How-to-configure-Inter-VLAN-Routing-on-Ciscorouter.php#sthash.rwDpSSrY.dpuf

Router-on-a-stick
Inter-VLAN Routing.
Router-on-a-stick is a type of router configuration in which a single physical interface
manages traffic between multiple VLANs on a network. The router interface have to be
configured to operate as a trunk link and is connected to a switch port (SW1) which will
have to be configured in trunk mode. The router receives VLAN tagged traffic on the trunk
interface from the nearby switch SW1, and forwards the routed traffic out to VLAN tagged
destination using the same interface
The diagram below shows the router being connected and configured with a single interface.

Field Code Changed

Explanation
i. PC1 on VLAN10 is communicating with PC3 on VLAN30 through router R1 using a single,
physical router interface.
ii. PC1 sends its unicast traffic to switch SW2
.

iii. Switch SW2 then tags the unicast traffic as originating on VLAN10 and forwards the
unicast traffic out its trunk link to switch SW1.
iv. Switch SW1 forwards the tagged traffic out the other trunk interface on port F0/5 to the
interface on router R1.
v. Router R1 accepts the tagged unicast traffic on VLAN10 and routes it to VLAN30 using its
configured subinterfaces.
vi. The unicast traffic is tagged with VLAN30 as it is sent out the router interface to switch
SW1.
vii. Switch SW1 forwards the tagged unicast traffic out the other trunk link to switch SW2.
viii. Switch SW2 removes the VLAN tag of the unicast frame and forwards the frame out to
PC3 on port Fa0/6.
- See more at: http://orbit-computer-solutions.com/Router-on-a-stick-InterVLANRouting.php#sthash.r7jSwCnh.dpuf

Switch Configuration Issues. As I have mentioned earlier on other troubleshooting page(s), one of the
commonest mistake administrators make during networking is made during configuration stage, either
on the router, switch or logical subnet addressing. On this page(s), well look at the challenges;
common issues and troubleshooting methods related with configuring multiple VLANs on a network. If
you suspect that there is a problem with a switch configuration, use the show interface (interface-id)
switchport command for verification. The show running-config and the show interface (interface-id)
switchport commands are useful Cisco IOS troubleshooting tools for identifying VLAN assignment and
port configuration issues. When using the traditional routing model for inter-VLAN routing, ensure that
the switch ports that connect to the router interfaces are configured on the correct VLANs. If the
switch ports are not configured or assigned correctly to VLANs, network devices configured on the
VLANs will not receive or connect to the router interface, which in turns hinder traffic to other VLANs
on the network. Using the Topology above, PC2 and router R1 interface F0/1 are configured to share
the same subnet. However, the switch port F0/3 that connects to router R1 interface F0/1 has not
been configured and remains in the default VLAN. Because router R1 is on a different VLAN than PC2,
they are unable to communicate.< !--google_ad_client = "ca-pub-1370010561128960"; /*
Leaderboard */ google_ad_slot = "3844975135"; google_ad_width = 728; google_ad_height = 90;
//-->Solution To solve this problem, use the switchport access vlan 20 interface configuration
command on switch port F0/3 on switch SW1. When the switch port is configured or assigned to the
correct VLAN, PC2 can communicate with router R1 interface F0/1, which will then enable access to
other VLANs connected to router. - See more at: http://orbit-computersolutions.com/Troubleshooting-Inter-VLAN-Routing.php#sthash.VxrnZGkF.dpuf

How To Verify Network

Connectivity.

Using The Ping Command

Using the ping command is one an effective way to test network connection. The test is
often referred to as testing the protocol stack, because the ping command moves from
Layer 3 of the OSI model to Layer 2 and then Layer 1. Ping uses the ICMP protocol to check
for connectivity.
Using ping in a Testing Sequence
Firstly, start by using the router IOS ping command in a planned sequence of steps to
establish valid connections, starting with the individual device and then all the way to the
LAN and, finally, to remote networks.
By using the ping command in this ordered sequence, problems can be put out-of-the-way.
The ping command sometimes does not always pinpoint the nature of the problem, but it
can help to identify the source of the problem, this is considered to be the first step in
troubleshooting a network failure.
The ping command provides a method for checking the protocol stack and IPv4 address
configuration on a host. There are additional tools that can provide more information than
ping, such as Telnet or Trace, which we will look at in detail later.
IOS Ping Indicators
A ping from the IOS will yield to one of several indications for each ICMP echo that was
sent. These indicators are:
! - Exclamation mark
. - Period and

! - The "!" (Exclamation mark) indicates that the ping completed successfully and
verifies Layer 3 connectivity
. - The "." (Period) can indicate problems in the communication. It may indicate
connectivity problem occurred somewhere along the path. It also may indicate a
router along the path did not have a route to the destination and did not send an
ICMP destination unreachable message. It also may indicate that ping was blocked
by device security

- The "U" indicates that a router along the path did not have a route to the destination
address and responded with an ICMP unreachable message.

Pinging the Loopback

As a first step in the testing sequence, the ping command is used to verify the internal IP
configuration on the local host. This can be accomplished by using the ping command on a
reserved address called the loopback -127.0.0.1-. Pinging the loopback helps to verify the
proper operation of the protocol stack from the Network layer to the Physical layer and back
without actually putting a signal on the media.
Ping commands are entered into a command line.
C:>ping 127.0.0.1
The reply from this command would look something like this:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The result shows that four test packets were sent - each 32 bytes in size - and were
returned from host 127.0.0.1 in a time of less than 1 ms. TTL stands for Time to Live and
defines the number of hops that the ping packet has remaining before it will be dropped.

Verifying Interface Connection

The IOS provides commands to verify the operation of router and switch interfaces. You can
use the following command Verify Router Interfaces:
The show ip interface brief command provides a summary of all interface configuration
information on the router; it displays the IP addresses that are assigned to the interface and
other operational status of the interface.
R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/1 172.17.1.1 YES manual up up
Serial0/0/0 unassigned YES manual administratively down down
Serial0/0/1 unassigned YES manual administratively down down
Vlan1 unassigned YES manual administratively down down
Router#
Looking at the line for the FastEthernet 0/0 interface, we see that the IP address is
192.168.1.1. Looking at the last two columns, we can see the Layer 1 and Layer 2 status of
the interface. The up in the Status column shows that this interface is operational at Layer
1. The up in the Protocol column indicates that the Layer 2 protocol is operational also the
fastEthernet 0/1 with IP address 172.17.1.1, in this case.
In the same example above, notice that the Serial 0/0/0 and Serial0/0/1 interfaces have not
been enabled and no IP address assigned. This is indicated by administratively down in
the Status column. This interface can be enabled with the no shutdown command.
Testing Router Connectivity
We can use Ping and Traceroute to verify router connectivity, at the layer 3. You can use
these commands to ping a host in a local LAN and place a trace to a remote host across the
WAN.
e.g.
Router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/15/16 ms
Router#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
1 192.168.1.1 16 msec 16 msec 16 msec
The above result shows a successful connection to the gateway.

Testing NICs
The next step in the testing sequence is to verify that the Network Interface Card- NICaddress is bound to the IPv4 address and that the NIC is ready to transmit signals across
the media.
The IPv4 address assigned to a NIC in this case is 10.0.0.6.
To verify the IPv4 address, use the following steps:
Use the following command:
C:>ping 10.0.0.6

A successful reply would resemble:

Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Ping statistics for 10.0.0.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
This test verifies that the NIC driver and most of the NIC hardware are working properly. It
also verifies that the IP address is properly bound to the NIC, without actually putting a
signal on the media.

If this test fails, it is likely that there are issues with the NIC hardware and software driver
that may require reinstallation of either or both. This procedure is dependent on the type of
host and its operating system

- See more at: http://orbit-computer-solutions.com/GeneralTroubleshooting.php#sthash.N4PiuO8N.dpuf

Testing Local Network.

Testing a host on the

local LAN.
After Successfully pinging remote hosts, both the local host -the router - and the remote
host are configured correctly. Pinging each host one by one on the LAN can carry out this
test.
If a host responds with Destination Unreachable, note which address was not successful
and continue to ping the other hosts on the LAN.
Another failure message is Request Timed Out. This indicates that no response was made
to the ping attempt in the default time period indicating that network latency may be an
issue.

Using extended Ping

The IOS offers and extended mode of the ping command. This mode is entered by typing
ping in privileged EXEC mode, at the CLI prompt without assigning a destination IP
address. A series of prompts are then presented as shown in this example. Pressing Enter
accepts the indicated default values.
Router#ping
Protocol [ip]:
Target IP address:10.0.0.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:5
Extended commands [n]: n

Entering a longer timeout period than the default allows for possible latency issues to be
detected. If the ping test is successful with a longer value, a connection exists between the
hosts, but latency may be an issue on the network.
Note that entering "y" to the "Extended commands" prompt provides more options that are
useful in troubleshooting.
A Successfully ping shows that the local and other hosts IP address in the network are
configured properly.

Field Code Changed

Testing Gateway and Remote Connectivity

The next step is to test if the local host can connect with a gateway address.
You can Use ping command to verify if the local host can connect the gateway. This is
extremely important because the gateway is the host's entry and exit to the wider network.
If the ping command returns a successful response, connectivity to the gateway is verified.
To begin, choose a station as the source device. In this case, we chose 192.168.1.1 as
shown in the figure above to be the gateway IP address.
c:>ping 192.168.1.1
The gateway IPv4 address should be readily available in the network documentation, but if
it is not available, use the ipconfig command to discover the gateway IP address.
If the gateway test fails:
1. Try pinging another host in the local LAN to verify that the problem is not the source
host.
2. Then verify the gateway address with the network administrator to ensure that the
proper address is being verified
If all devices are configured properly, check the physical cabling to ensure that it is secure
and properly connected. Keep an accurate record of what attempts have been made to
verify connectivity. This will assist in solving this problem and, perhaps, future problems.
Testing Route Next Hop

In a router, you can use IOS to test the next hop of the individual routes. Each route has
the next hop listed in the routing table. You can use the output of the show ip route
command to determine the next hop. Frames carrying packets that are directed to the
destination network listed in the routing table are sent to the device that represents the
next hop. If the next hop is not accessible, the packet will be dropped.
To test the next hop, determine the appropriate route to the destination and try to ping the
appropriate next hop for that route in the routing table. A failed ping indicates that there
might be a configuration or hardware problem.
The ping may also be prohibited by security in the device. If the ping is successful you can
move on to testing connectivity to remote hosts.
Testing Remote Hosts connectivity
Once verification of the local LAN and gateway is complete, testing can proceed to remote
devices, which is the next step in the testing process.
The figure depicts a sample network topology. There are 3 hosts within a LAN, a router
(acting as the gateway) that is connected to another router (acting as the gateway for a
remote LAN), and 3 remote hosts. The verification tests should begin within the local
network and progress outward to the remote devices.
Testing remote connectivity

Ping a remote host from a local host

Begin by testing the outside interface of a router that is directly connected to a remote
network. In this case, the ping command is testing the connection to 200.10.10.129, the
outside interface of the local network gateway router.
If the ping command is successful, connectivity to the outside interface is verified. Next,
ping the outside IP address of the remote router, in this case, 200.10.10.130 If successful,
connectivity to the remote router is verified. If there is a failure, try to isolate the problem.
Retest until there is a valid connection to a device and double-check all addresses.
The ping command will not always help with identifying the underlying cause to a problem,
but it can isolate problems and give direction to the troubleshooting process. Document
every test, the devices involved, and the results.
Test Router Remote Connectivity
A router forms a connection between networks by forwarding packets between them. To
forward packets between any two networks, the router must be able to communicate with
both the source and the destination networks. The router will need routes to both networks
in its routing table.
To test the communication to the remote network, you can ping a known host on this
remote network. If you cannot successfully ping the host on the remote network from a
router, you should first check the routing table for an appropriate route to reach the remote
network. It may be that the router uses the default route to reach a destination. If there is
no route to reach this network, you will need to identify why the route does not exist. As
always, you also must rule out that the ping is not administratively prohibited.
- See more at: http://orbit-computer-solutions.com/Testing-LocalNetwork.php#sthash.YPqOfvYq.dpuf

Troubleshooting
Wireless Network
Problems.
A Methodical Approach to WLAN Troubleshooting.
Troubleshooting any sort of network problem should follow a methodical approach, its
highly recommended that you start by working up the TCP/IP stack from the layer 1
(Physical layer) to the layer 7 (Application layer). This helps to eliminate any issue that you
may be able to resolve yourself.

Field Code Changed

There are three steps of the methodical troubleshooting approach when working with
Wireless Ethernet LANs.

Step 1 - Eliminate the user PC as the source of the problem.

Try to establish the severity of the problem. If there is no connectivity, verify the following:

Use the ipconfig command to confirm the user PC network configuration. Check if
the PC has received an IP address via DHCP or is configured with static IP address.
Verify that the PC has connectivity to the wired network. Connect the device to the
wired LAN and ping a known IP address.
try a different wireless NIC. If necessary, reload drivers and firmware as appropriate
for the client device.
If the wireless NIC of the client is working, check the security mode and encryption
settings on the client. If the security settings do not match, the client cannot get
access to the WLAN.

If the user PC is functioning but the performance is poor, check the following:

How far is the PC from an access point? Is the PC out of the planned coverage area .
Check the channel settings on the client. The client software should detect the
appropriate channel as long as the SSID is correct.
Check for the presence of other devices in the area that operate on the 2.4 GHz
band. Examples of other devices are cordless phones, baby monitors, microwave
ovens, wireless security systems, and potentially rogue access points. Data from
these devices can cause interference in the WLAN and intermittent connection
problems between a client and access point.

Step 2 - Confirm the physical status of other network devices.

Are all the network devices actually in place?

Check for a possible physical security issue.
Is there power to all devices, and are they powered on?

Step 3 Inspect physical links.

Inspect links between cabled devices looking for bad connectors or damaged or
missing cables.
If the physical plant is in place, use the wired LAN to see if you can ping devices
including the access point.

If connectivity still fails at this point, there might be something wrong with the access
point or its configuration.
After eliminating the user PC as the problem, and also confirmed the physical status of othe
network devices, begin investigating the performance of the access point. Check the power
status of the access point.

When the access point settings have been confirmed, if the radio continues to fail, try to
connect to a different access point. You may try to install new radio drivers and firmware.

- See more at: http://orbit-computer-solutions.com/Troubleshooting-Wireless-Networks--WLAN.php#sthash.zrwzNBll.dpuf

Enabling DHCP in
Windows PC.
Dynamic Host Configuration Protocol (DHCP) as mentioned earlier, is system software utility
that automatically assigns network IP addresses to computers that are connected to one
another, when internet connection is involved, an IP address will be assigned.
DHCP normally is enabled by default, it can be disabled for some reason especially when a
static address IP address assigned manually - is being used.
To enable DHCP in windows, follow the steps below:
1. Click the Start button to open the start menu

Field Code Changed

2. Right-click Network button

3. Choose Properties from the menu

4. Click View status

5.Click Properties

6. Click to highlight Internet Protocol Version 4 (TCP/IP) and

7. Click Properties

8.

Tick the Obtain an IP address automatically and Obtain DNS server

address automatically by clicking on them.
Click OK to close. Your computer will be assigned with an IP address automatically.

- See more at: http://orbit-computer-solutions.com/How-To-Enable-DHCP-onWindows.php#sthash.s3eWbiXc.dpuf

Wireless Network Error: Incorrect

Channel Settings.
Most WLANs today operate in the 2.4 GHz band, which can have as many as 14 channels,
each occupying 22 MHz of bandwidth. Energy is not spread evenly over the entire 22 MHz,
rather the channel is strongest at its centre frequency, and the energy diminishes toward
the edges of the channel.
Interference can occur when there is overlap of channels. It is worse if the channels overlap
close to the centre frequencies, but even if there is minor overlap, signals interfere with
each other. Set the channels at intervals of five channels, such as channel 1, channel 6, and
channel 11.
Solving RF Interference
Incorrect channel settings are part of the larger group of problems with RF interference.
WLAN administrators can control interference caused by channel settings with good
planning, including proper channel spacing.

Interferences caused
by household or office
appliances.
Other sources of RF interference can be found all around the workplace or in the home.
From the snowy disruption of a television signal that occurs when a neighbour runs a
vacuum cleaner. Such interference boils down to efficient planning on placement of devices.
For instance, plan to place microwave ovens away from access points and potential clients.
Sadly, all known RF interference issues cannot be planned for because there are just too
many them.
The problem with devices such as cordless phones, baby monitors, and microwave ovens, is
that they do not contend for the channel-they just use it.
Solution

Try setting your WLAN access point to channel 1 or channel 11. Many consumer items, such
as cordless phones, operate on channel 6.
- See more at: http://orbit-computer-solutions.com/Incorrect-ChannelSetting.php#sthash.aAivhXuE.dpuf

Testing Local Network.

Testing a host on the

local LAN.
After Successfully pinging remote hosts, both the local host -the router - and the remote
host are configured correctly. Pinging each host one by one on the LAN can carry out this
test.
If a host responds with Destination Unreachable, note which address was not successful
and continue to ping the other hosts on the LAN.
Another failure message is Request Timed Out. This indicates that no response was made
to the ping attempt in the default time period indicating that network latency may be an
issue.

Using extended Ping

The IOS offers and extended mode of the ping command. This mode is entered by typing
ping in privileged EXEC mode, at the CLI prompt without assigning a destination IP
address. A series of prompts are then presented as shown in this example. Pressing Enter
accepts the indicated default values.
Router#ping
Protocol [ip]:
Target IP address:10.0.0.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:5
Extended commands [n]: n

Entering a longer timeout period than the default allows for possible latency issues to be
detected. If the ping test is successful with a longer value, a connection exists between the
hosts, but latency may be an issue on the network.
Note that entering "y" to the "Extended commands" prompt provides more options that are
useful in troubleshooting.

A Successfully ping shows that the local and other hosts IP address in the network are
configured properly.

Testing Gateway and Remote Connectivity

The next step is to test if the local host can connect with a gateway address.
You can Use ping command to verify if the local host can connect the gateway. This is
extremely important because the gateway is the host's entry and exit to the wider network.
If the ping command returns a successful response, connectivity to the gateway is verified.
To begin, choose a station as the source device. In this case, we chose 192.168.1.1 as
shown in the figure above to be the gateway IP address.
c:>ping 192.168.1.1
The gateway IPv4 address should be readily available in the network documentation, but if
it is not available, use the ipconfig command to discover the gateway IP address.
If the gateway test fails:
1. Try pinging another host in the local LAN to verify that the problem is not the source
host.
2. Then verify the gateway address with the network administrator to ensure that the
proper address is being verified

If all devices are configured properly, check the physical cabling to ensure that it is secure
and properly connected. Keep an accurate record of what attempts have been made to
verify connectivity. This will assist in solving this problem and, perhaps, future problems.
Testing Route Next Hop
In a router, you can use IOS to test the next hop of the individual routes. Each route has
the next hop listed in the routing table. You can use the output of the show ip route
command to determine the next hop. Frames carrying packets that are directed to the
destination network listed in the routing table are sent to the device that represents the
next hop. If the next hop is not accessible, the packet will be dropped.
To test the next hop, determine the appropriate route to the destination and try to ping the
appropriate next hop for that route in the routing table. A failed ping indicates that there
might be a configuration or hardware problem.
The ping may also be prohibited by security in the device. If the ping is successful you can
move on to testing connectivity to remote hosts.
Testing Remote Hosts connectivity
Once verification of the local LAN and gateway is complete, testing can proceed to remote
devices, which is the next step in the testing process.
The figure depicts a sample network topology. There are 3 hosts within a LAN, a router
(acting as the gateway) that is connected to another router (acting as the gateway for a
remote LAN), and 3 remote hosts. The verification tests should begin within the local
network and progress outward to the remote devices.
Testing remote connectivity

Ping a remote host from a local host

Begin by testing the outside interface of a router that is directly connected to a remote
network. In this case, the ping command is testing the connection to 200.10.10.129, the
outside interface of the local network gateway router.
If the ping command is successful, connectivity to the outside interface is verified. Next,
ping the outside IP address of the remote router, in this case, 200.10.10.130 If successful,
connectivity to the remote router is verified. If there is a failure, try to isolate the problem.
Retest until there is a valid connection to a device and double-check all addresses.
The ping command will not always help with identifying the underlying cause to a problem,
but it can isolate problems and give direction to the troubleshooting process. Document
every test, the devices involved, and the results.
Test Router Remote Connectivity
A router forms a connection between networks by forwarding packets between them. To
forward packets between any two networks, the router must be able to communicate with
both the source and the destination networks. The router will need routes to both networks
in its routing table.
To test the communication to the remote network, you can ping a known host on this
remote network. If you cannot successfully ping the host on the remote network from a
router, you should first check the routing table for an appropriate route to reach the remote
network. It may be that the router uses the default route to reach a destination. If there is

no route to reach this network, you will need to identify why the route does not exist. As
always, you also must rule out that the ping is not administratively prohibited.
- See more at: http://orbit-computer-solutions.com/Testing-LocalNetwork.php#sthash.DtFN3RbP.dpuf

How DHCP Operates.

DHCP servers most fundamental task is Providing IP addresses to clients. DHCP uses three
different address allocation mechanisms when assigning IP addresses:

Manual Allocation: The administrator manually assigns a pre-allocated IP address

to the client and DHCP only communicates the IP address to the device.
Automatic Allocation: DHCP automatically assigns a static IP address permanently
to a device, selecting it from a pool of available addresses. There is no lease and the
address is permanently assigned to a device.
Dynamic Allocation: DHCP dynamically assigns, or leases, an IP address from a
pool of addresses for a limited period of time chosen by the server, or the address
will be withdrawn when the client tells the DHCP server that it no longer needs the
address.

Dynamic IP address allocation.

DHCP works in a client/server mode and operates like any other client/server relationship.
When a PC connects to a DHCP server, the server assigns or leases an IP address to that
PC, which enables The PC, connects to the network with that leased IP address until the
lease expires.

The host must contact the DHCP server intermittently to extend the lease. This lease
mechanism ensures that hosts / clients that are mobile or power off do not hold onto
addresses that they do not need. These addresses are return back to the pool by the to be
reallocated to other clients when needed.

Field Code Changed

- See more at: http://orbit-computer-solutions.com/Understanding-How-DHCPWorks.php#sthash.SbtEfFPn.dpuf

IPv6 Stateful Autoconfiguration.

DHCPv6 is a network protocol that works pretty much the same as DHCP in IPv4.
DHCPv6 is used to assign ip addresses and prefix to IPv6 hosts on a network. This is also
known as a stateful autoconfiguration.

How DHCPv6 Works.

If you know about stateless autoconfiguration, where a host sends a router solicitation (RS)
message via a router to a DHCPv6 server on the network for IPv6 configuration, the host
receives a router advertisement (RA) from the DHCPv6 server via the router with IPv6 IP
addresses configuration.

Field Code Changed

If there are no router on the network, the host will send a DHCP solicit

multicast message with an addressed source of FF02::1:2, this multicast message is sent
to all DHCPv6 servers and relays on the network.This works the same way as it does in IPv4
DHCP.

How to Configure DHCPv6 on Cisco router.

R1#config t
R1(config)# ipv6 dhcp pool
R1(config-dhcp)# ipv6 dhcp pool test
R1(config-dhcp)#dns-server
R1(config-dhcp)#domain-name orbit123.com
R1(config-dhcp)#prefix-delegation pool test lifetime 64000 64000

Assign DHCPv6 to an interface:

R1#config t
R1(config)#interface fa0/0
R1(config-if)#ipv6 dhcp server test

The above interface configuration is quite different from that of IPv4. Overall, we have
configured DHCPv6 server and applied it to an Interface
- See more at: http://orbit-computer-solutions.com/DHCPv6%3A-How-DHCPv6works.php#sthash.kWnKF8qL.dpuf

How To Configure DHCP Lease

Periods on Cisco router.
You want to change the default lease period on your router.

To change the default DHCP lease time for a pool of IP addresses, use the lease
configuration command:

R1#configure terminal

R1(config)#ip dhcp pool 192.168.5.0 255.255.255.0

R1(dhcp-config)#lease 5 12 30
R1(dhcp-config)#end
R1#

With The lease command, you are left three options: lease days, hours, minutes with hours
and minutes being optional. You can specify a maximum period of 365 days, 23 hours and
59 minutes, and a minimum of 1 second. The default is 1 day.

Configure Cisco router to assign

addresses with infinite lease
period.
Use the following command:

R1#configure terminal
R1(config)#ip dhcp pool HQ
R1(dhcp-config)#lease infinite
R1(dhcp-config)#end
R1#
- See more at: http://orbit-computer-solutions.com/Defining-DHCP-Lease-Periods-on-Ciscorouter.php#sthash.6bTOLUFk.dpuf

Types of Addresses in
IPv4.
Within the IPv4 address range , there are three types of addresses:
Network Address - The address by which we refer to the network.
Broadcast Address - A special address used to send data to all hosts in the network.
Host Address - The addresses assigned to the end devices in the network.
Network Address
The network address is a standard way to refer to an IPv4 address assigned to a network.
For example, we could refer to the network 192.168.1.0 or 172.16.0.0 as a Network
Address. This is a much more convenient and descriptive way to refer to the network than
using a term like "the first network." All hosts in the 172.16.0.0 network will have the same
network bits.
when assigning IPv4 address to a host , the lowest address is reserved as the network
address. This address has a 0 for each host bit in the host portion of the address, e.g
192.168.1.0 /24,
172.16.0.0 /16

Broadcast Address
The IPv4 broadcast address is a special address for each network that allows communication
to all the hosts in that network. To send data to all hosts in a network, a host can send a
single packet that is addressed to the broadcast address of the network.
The broadcast address uses the highest address in the network range. This is the address in
which the bits in the host portion are all 1s. For the network 192.168.1.0 with 8 network
bits, the broadcast address would be 192.168.0.255. This address is also referred to as the
directed broadcast.
192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)

Host Addresses
As described previously, every end device requires a unique address to recieve and send
packets. In IPv4 addresses, we assign the values between the network address and the

broadcast address to the devices in that network e.g. hosts includes the end devices such as
PCs, IP phones, printers etc.
e.g 192.168.1.0 (Network Address)
192.168.1.255 (Broadcast Address)
192.168.1.2 - 254 (Host Addresses)
- See more at: http://orbit-computer-solutions.com/Types-of-IP-addresses.php#sthash.5hGuIiAJ.dpuf

How to Configure Static Routes.

What is Static Route?
Static routing occurs when you, the network administrator manually add or configure routes
on each router interface with IP addresses. This is no simple task, especially when you are
administering a large network.
In as much as its a complex task, there are benefits of static routes:
i. Bandwidth usage between router is at a minimum, none in some cases.
ii. There is no overhead on the router CPU.
iii. It adds security due to choice of route configuration by the administrator.
iv. It reduces the amount of routes found in the routing table.
Disadvantages of Static Routes:
i. Takes too much man hours for configuration especially in a large network.
ii. Too complex and can sometime be confusing during troubleshooting.
Static Router command syntax: ip
Ip route {destination network address} {mask} {next hop address or exit
interface}
We will use the following network topology as an example. All necessary interfaces had
been configured with IP address.

Remember the Static Router command syntax:

Ip route {destination network address} {mask} {next hop address or exit
interface}
Static Route configuration on HQ router:
HQ(config)#ip route 172.16.10.0 255.255.255.0 10.10.11.2
HQ(config)#interface serial 0/0/0
HQ(config-if)#clock rate 64000
HQ(config-if)#end
HQ#
Command syntax explained from the example configuration above:
ip route: this command creates the static route and tells the router that this is a static
route.
172.16.10.0: This is the remote network we want to send the packet to.
255.255.255.0: This is the mask of the remote network.
10.10.11.2: this is the next hop router address we are sending packet to.
Here, the exit interface could be used in the place of next hop address:
HQ(config)#ip route 172.16.10.0 255.255.255.0 se0/0/0

HQ(config)#end
Verify your configuration from the routing table:
HQ#show ip route
[output omitted]
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.11.0 is directly connected, Serial0/0/0
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.10.0 [1/0] via 10.10.11.2
C 192.168.30.0/24 is directly connected, FastEthernet0/0
HQ#
The S represents the static route with the administrative distance of 1. The router gives
priority to static routes over dynamic routes, where 0is best and 255 is worst!
To verify the connectivity, Ping from PC 1 to PC 5
PC1
PC1>ping 172.16.10.2
Pinging 172.16.10.2 with 32 bytes of data:
Reply from 172.16.10.2: bytes=32 time=140ms TTL=126
Reply from 172.16.10.2: bytes=32 time=140ms TTL=126
Reply from 172.16.10.2: bytes=32 time=156ms TTL=126
Reply from 172.16.10.2: bytes=32 time=156ms TTL=126
Ping statistics for 172.16.10.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 140ms, Maximum = 156ms, Average = 148ms
Also, Ping from PC 7 to PC 3
PC7>ping 192.168.30.4

Pinging 192.168.30.4 with 32 bytes of data:

Reply from 192.168.30.4: bytes=32 time=156ms TTL=126
Reply from 192.168.30.4: bytes=32 time=156ms TTL=126
Reply from 192.168.30.4: bytes=32 time=109ms TTL=126
Reply from 192.168.30.4: bytes=32 time=135ms TTL=126
Ping statistics for 192.168.30.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 109ms, Maximum = 156ms, Average = 139ms
PC7>
- See more at: http://orbit-computer-solutions.com/How-to-Configure-StaticRoutes.php#sthash.IB6JbctE.dpuf

How To Configure Default Routes.

What is Default Route?
You can configure or use default routes to direct packets addressed to destinations or
networks not found or listed in the routing table. This is more workable in a stub network
(networks with one exit path). To configure a default route, you will use wildcards in the
network address and mask. Using default route helps to reduce the complex work of
configuring all the assigned routes
When you as the network administrator create a static route to network 0.0.0.0 0.0.0.0,
this is another way of setting the gateway of last resort on a router. However, ip routing
must be enabled on the router, if not; its advisable to use the ip default gateway
command:
Gateway#ip default-gateway 200.165.199.1
In the following topology and configuration command examples, helps to explains how to
configure a default route, or gateway of last resort:

Field Code Changed

Use the following command to configure a default route on the gateway router:
Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.165.199.1
Gateway(config)#
Verify your configuration
Gateway#show ip route
[Output omitted]
Gateway of last resort is 200.165.199.1 to network 0.0.0.0
10.0.0.0/30 is subnetted, 1 subnets
C 10.10.11.0 is directly connected, Serial0/0/0
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.10.0 [1/0] via 10.10.11.2
C 192.168.30.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 200.165.199.1
HQ#
You can check the routing table using the show ip route command as above, you will find
directed connected networks plus the S*, this shows the entry for the default route. you can
also notice that the gateway of last resort is now set in the routing table as shown above.

What the default network invariably saying is to forward any packet for an unknown
network out 200.165.199.1, which is the next hop router.
- See more at: http://www.orbit-computer-solutions.com/How-To-Configure-DefaultRoutes.php#sthash.etD80MyM.dpuf

Port Redirection Attack.

A port redirection attack is another type of attack based on trust exploitation. The attacker
uses a compromised host to gain access through a firewall that would otherwise be blocked.
Look at it this way; the host on the outside can get to the host on the public services
segment, but not the host on the inside. If an intruder is able to compromise the host on
the public services segment, the attacker could install software to redirect traffic from the
outside host directly to the inside host.
Although neither communication violates the rules implemented in the firewall, the outside
host has now achieved connectivity to the inside host through the port redirection process
on the public services host. An example of a tool that can provide this type of access is
Netcat.

Solution
Port redirection can be controlled primarily through the use of proper trust models. Antivirus
software or a host-based intrusion detection system (IDS) can help detect an attacker and
prevent installation of such utilities on a host.
- See more at: http://orbit-computer-solutions.com/Port-Redirection.php#sthash.HrjxCAjX.dpuf

Network Attack: Trust Exploitations Attack.

The goal of a trust exploitation attacker is to compromise a trusted host, using it to stage
attacks on other hosts in a network. If a host in a network of a company is protected by a

firewall (inside host), but is accessible to a trusted host outside the firewall (outside host),
the inside host can be attacked through the trusted outside host.

Solutions
Trust exploitation-based attacks can be controlled through strict protocols on trust levels
within a network, for example, private VLANs can be deployed in public-service segments
where multiple public servers are available.

Systems on the outside of a firewall should never be totally trusted by systems on the inside
of a firewall. Such trust should be limited to specific protocols and should be authenticated
by something other than an IP address.
- See more at: http://orbit-computer-solutions.com/Network-Attack%3A-Trust-

How to Install and

Configure your Wireless Router or
Access Points.
Exploitations.php#sthash.CrlK3myt.dpuf

On the following pages, you will learn how to configure a wireless router or access point.
This includes:

i. How to set the SSID

ii. Enable security
iii. Configure the channel
iv. Adjust the power settings of a wireless access point.
We will also look at how to back up and restore your configuration settings on a wireless
access point.
Most access points have been designed to function with the default or factory settings. It is
recommended to change the default configurations.
After confirming your wired network connectivity, and the access point installed, you will
now configure it.
In the following examples we will be using the Linksys WRT300N multifunction device, it
also an access point.
Use these steps for configuring the Linksys WRT300N and most linksys wireless access
points:
Make your PC is connected to the access point via a wired connection, and access the web
utility with a web browser. To access the web-based utility of the access point, launch
Internet Explorer, and enter the WRT300N default IP address, 192.168.1.1, in the address
field.
Press the Enter key.
1. A screen display prompting you for your username and password. Leave the Username
field blank.
2. Enter admin in the Password field (default settings for a Linksys WRT300N). If the device
has already been configured, the username and password may have been changed.
3. Click OK to continue.
For a basic network setup, we will be learning how to use the following screens
Setup, Management, and Wireless buttons:

Setup on this screen you will enter your basic network settings (IP
address).
i.

ii. Management start by clicking the Administration tab and then select the
Management screen. The default password is admin. To secure the access point, change
the password from its default.

iii. Wireless This is where you make changes of the default SSID. Select the level of
security in the Wireless Security tab and complete the options for the selected security
mode.

When you have finished making changes to a screen, click the Save Settings button, or
click the Cancel Changes button to undo your changes. For information on a tab, click
Help. We will go through these steps one after the other.

- See more at: http://orbit-computer-solutions.com/How-to-Install-and-Configure-your-WirelessRouter-or-Access-Points.php#sthash.jK2A2BQV.dpuf

IP Addressing

Introduction
This section looks at IP addressing, subnet masking, Private and Special addresses. Examples are
provided to illustrate the methodology when setting up an IP network addressing scheme. We also look at
Wildcard masks and Directed Broadcasts.

IP Address Classes
Unique IP (Internet Protocol) addresses are assigned to each physical connection of a device to a
network, therefore if a device (host) has more than one connection to a network or networks, then it will
have more than one IP address.

An IP address is represented as four decimal integers, with each integer corresponding to one byte this
means an IP address is 32 bits long as per the following example:162.

146.

93.

14

dotted

10010010.

01011101.

00001110

binary

decimal
10100010.

IP addresses are divided into two parts, a Network ID and a Host ID each of which can be of varying bit
lengths but always making 32 bits altogether.

Hint:- Use the Windows calculator to convert binary to decimal and vice versa.

There are five primary classes of IP addresses and it is the high order 3 bits of the address which identify
the class as shown below:First Octet

Example Network

Host

Class A 0xxxxxxx

1-127

25.234.45.0

Class B 10xxxxxx

128-191

140.250.43.0

Class C 110xxxxx

192-223

192.2.3.0

Class D 1110xxxx

224-239

232.56.4.0

Class E 11110000

240-254

242.5.7.0

Class A addresses contain 7 bits in the network portion giving 2 - 2 = 126 possible networks since all
1's and all 0's are not allowed. Consequently 24 bits remain for the host portion allowing a total of 2

24

-2=

16,777,214 hosts. 127.0.0.0/8 is reserved for loopback address purposes where just 127.0.0.1 is used
normally. The address 255.255.255.255 is used as broadcast addresses and 0.0.0.0 as a default route
address, meaning any network. The address 0.0.0.0 is sometimes used by hosts that have yet to receive
an IP address e.g. a DHCP Client awaiting an address from the DHCP server.

Class B addresses contain 14 bits in the network portion allowing 2

and 16 bits for the host portion allowing a possible total number of 2

14

16

- 2 = 16,384 possible networks,

- 2 = 65,534 hosts.

Class C addresses contain 21 bits for the network portion giving a possible total of 2

21

- 2 = 2,097,152

networks, and 8 bits for the host portion giving a possible 2 - 2 = 254 hosts.

Class D addresses are used for multicasting and Class E addresses are used in research.

Historically, a company may have been allocated just one Class A, B or C IP address by the Network
Information Centre (NIC). Currently, all Class A addresses have been allocated and most if not all of the

Class B addresses have gone. If a company have a number of networks to manage then the network
administrator may wish to subnet his network, that is create subnet addresses within the scope of the IP
address that the administrator has been given.

Subnets
Subnetting Example

A customer has been given an IP address of 128.100.0.0 (a Class B address) for his company. He has
specified that he requires 3 separate networks with the maximum possible number of host connections on
each network.

The first two octets 128.100 are fixed since these are given by NIC as the Class B address, therefore we
have the last two octets to play with. Let us examine the possibilities more closely:

1. The address given

2. Octet 1

Octet 2

Octet 3

Octet 4

3. 10000000

01100100

00000000

00000000

4. 128.

100.

0.

2. We need to create a minimum of 3 different subnets but not at the expense of the number of host
addresses available to us. The following process would seem to give us 4 permutations of
subnets:

Looking at octet 3 specifically in binary, let us just use the first 2 bits for a subnet address:
128

64

32

16

11

The possible combinations for the first two bits are:

11

192

->

128.100.192.0

10

128

->

128.100.128.0

01

64

->

128.100.64.0

00

->

128.100.0.0

However all 1's and all 0's used to be not allowed for a subnet. These subnets are called the All
One's Subnetand Subnet Zero. The reason for this was that older software found it difficult to
distinguish between networks 128.100.0.0/16 and the all-zeros subnet 128.100.0.0/18. The same
was true of the all-ones subnet.RFC 950 therefore rules out '11' and '00' as useable subnets, we
are therefore left with only two subnet addresses instead of the 3 we require.

3. Let us try and use an extra bit in octet 3:

4. 128

64

32

16

5. 1 1

The possible combinations are now:

111

224

->

128.100.224.0

110

192

->

128.100.192.0

101

160

->

128.100.160.0

011

96

->

128.100.96.0

001

32

->

128.100.32.0

010

64

->

128.100.64.0

100

128

->

128.100.128.0

000

->

128.100.0.0

As before all 1's and all 0's are not permitted for subnets, therefore we are left with 6 possible
3

subnets (2 - 2):128.100.32.0
128.100.64.0
128.100.96.0
128.100.128.0
128.100.160.0
128.100.192.0

4. This leaves the rest of the bits (from power 16 downwards) in octet 3 and all the bits in octet 4 to
construct the individual host addresses, the permutations amount to many thousands of hosts
which should be plenty. Below is an example of a host address in subnet 128.100.192.0:5.
6. 128.100.194.23
7.

On first inspection it would appear that address 128.100.194.23 has nothing to do with the subnet
128.100.192.0, so let us look a little more closely at the final two octets of the host address:
Octet 3 = 194
128

Octet 4 = 23

64

32

16

128

64

32

16

1
1
1

As we can see we are indeed part of the 128.100.192.0 subnet since it is only the first three bits
of octet 3 which are used for the subnet address. All the bits from power 16 and downwards are
allocated to the host address, so the power 2 bit just turns octet 3 from decimal 192 to decimal
194. Confusion frequently arises in this situation where the dividing line between the network

portion of the IP address and the host portion rests part way through an octet (in this case
between power 32 and power 16 of octet 3). Often it is possible to make the network/host dividing
line between octets so that you can easily tell which host address belongs to which subnet.

Routers are used to minimise unnecessary traffic, and when running IP it is important to tell it
which subnet an address is supposed to go. The way this is done, is at configuration by entering
a 'subnet mask'.
The situation with the All-zeros and All-ones subnets nowadays is to allow them according to RFC 1878.
This is because modern applications understand how to distinguish between these subnets and the main
network.

Subnet masks
The subnet mask specifies the portion of the IP address that is going to be used for subnetworks (as
opposed to hosts). For every bit position in the IP address that is part of the network ID or subnetwork ID,
a '1' is set, and for every bit position in the IP address that is part of the host id portion, a '0' is set. The
router uses the boolean AND operation with an incoming IP address to 'lose' the host portion of the IP
address i.e. the bits that are '0', and match the network portion with its routing table. From this, the rout er
can determine out of which interface to send the datagram. This means that the 'Don't care bits' are
represented by binary 0's whilst the 'Do care bits' are represented by binary 1's.

For our example above, because we used the first three bits in octet 3 for our subnet addressing the
subnet mask would be:
Octet 1

Octet 2

Octet 3

Octet 4

11111111

11111111

11100000

00000000

255.

255.

224.

What is important is that the same mask is applied throughout the physical networks that share the same
subnet part of the IP address. All devices connected to the networks that compose the subnet must have
the same mask.

A Broadcast Address for a subnet is when all 1's are used in the host portion of the IP address. For
example, for the IP address 10.17.20.4 and a mask of 255.255.255.0 the subnet is 10.17.20.0 and the
host id is 4. The broadcast address within the 10.17.20.0 subnet is when the host id portion of the
address is made up of all binary 1's. In this example the host portion is the last octet and if th ese 8 bits
are set to 1 we have a broadcast address of 10.17.20.255. You can ping this, send messages to this and
so on, a single line to server a multitude of end stations.

Often you will see the network mask represented as a number of bits e.g. for the above example address
of 10.17.20.4 with a mask of 255.255.255.0, this can also be represented as 10.17.20.4/24, where the 24
represents 24 bits (3 octets) set to 1.

Another Subnetting Example

Study the schematic below:

The network drawing above shows the IP address map for a WAN installation carried out for a large
financial institution. The customer had installed 'Windows NT' servers at a number of sites and was
requiring an ISDN link, star-wired out, from each of the sites from the main office server room. The IP
addressing scheme had to take into account the following factors:

Up to 30 more sites may be added to the WAN in the near future.

Each site could have up to 50 host connections.

The customer had already assigned IP addresses to some of the servers and site PC's on the
local LAN's.

The IP address given to this company was 146.162.0.0 (which is a Class B address), and the decision
was made to use the whole of octet 3 for the subnet addresses leaving octet 4 for the host addresses.
This made assigning IP addresses more easy to carry out and gave a maximum of 254 hosts per subnet
and there could be a maximum of 254 subnets, thus satisfying the customer's requirements. The subnet
mask for each subnet (Whether LAN or WAN) was consequently 255.255.255.0, it is important to design
the addressing scheme such that the subnet mask is common to all LAN's/WAN's throughout the network
unless a routing protocol such as OSPF is to be used. OSPF allows variable subnet masking.

Whilst studying the schematic you will note that the WAN links are 146.162.90.0 to 146.162.94.0 and the
router ISDN interfaces are .20 at the main office end and .10 at the remote office end. Also you will note
that the server IP addresses are all .5 and the ethernet hubs are all .8 while the router ethernet interfaces
are all .6. Organising addressing like this can make life much easier especially when you are hopping
from site to site.

RFC 950 and RFC 1812 describes IP subnetting whereas RFC 1009 defines Variable Length Subnet
Masking.

Quick tricks to find subnets and broadcast addresses

If you have a subnet mask, then it is possible to quickly list out the possible subnets and broadcast
addresses.

The number by which subnets increment for a given mask is calculated by subtracting the last numbered
octet in decimal from 256. For example, given the subnet 10.1.0.0 255.255.248.0, the last numbered octet
is 248, therefore 256 - 248 = 8, so subnets jump up in 8's i.e. 10.1.8.0, 10.1.16.0, 10.1.24.0 etc.

Once you have found out by how much subnets jump, finding a broadcast address for each subnet is
quickly done by subtracting 1 from this and adding this to each subnet. Using the above example, for
subnet 10.1.8.0, the subnets jump in 8's, 8 - 1 = 7 and 8 + 7 = 15 so, taking it as given that the final octet
will be all one's for the broadcast, the broadcast address is 10.1.15.255.

Wildcard Masks
You will often come across Wildcard masks, particularly if you work with OSPF and/or Cisco routers. The
use of wildcard masks is most prevalent when building Access Control Lists (ACLs) on Cisco rou ters.
ACLs are filters and make use of wildcard masks to define the scope of the address filter. Although ACL
wildcard masks are used with other protocols, we will concentrate on IP here.

Let us first take a simple example. We may want to filter a sub-network 10.1.1.0 which has a Class C
mask (24-bit) 255.255.255.0. The ACL will require the scope of the addresses to be defined by a wildcard
mask which, in this example is 0.0.0.255. This means that the 'Don't care bits' are represented by binary
1's whilst the 'Do care bits' are represented by binary 0's. You will note that this is the exact opposite to
subnet masks!

Taking a more complex example. Say we wish to filter out a subnet which is given by 10.1.1.32 having a
mask of 255.255.255.224 i.e. 10.1.1.32/27. How do we find the wildcard mask for this? Well to help us,
concentrating on the 4th octet, let us first look at the binary for this network and subnet mask. Then we
reverse the binary bits to get the wildcard bits and then convert back to decimal to obtain the wildcard
mask for the 4th octet:

4th octet in decimal

4th octet in binary

4th octet mask in decimal

4th octet mask in binary

32

00100000

224

11100000

Now the 4th octet wildcard in binary

00011111

Now the 4th octet wildcard in decimal 31

The important bits have been highlighted in bold and this shows that the wildcard mask for the network
10.1.1.32/27 is 0.0.0.31.

The following table should help in seeing a pattern between the number of bits used for the mask in a
particular octet, the subnet mask in decimal and the equivalent wildcard mask:

No. of
Networ
0

000000

100000

110000

111000

111100

111110

111111

111111

111111

00

00

00

00

00

00

00

10

11

128

192

224

240

248

252

254

255

011111

001111

000111

000011

000001

000000

000000

000000

11

11

11

11

11

11

01

00

k Bits
Set to 1

Subnet
Mask
Binary

Subnet
Mask
Decima
l

Wildcar 111111
d Mask

11

Binary

Wildcar
255

127

63

31

15

d Mask

The binary for the wildcard mask is the exact reverse, bit for bit, of the subnet mask. You then calculate
the decimal from the reversed binary bits to obtain the dotted decimal wildcard mask.

Private Addresses
One of the ways to combat the fast reduction in available IP address space was to introduce the concept
of private addresses and the use of Network Address Translator (NAT) to allow many organisations to
use the same address space but not have this space visible on the Internet i.e. to use address translation
on the edge of the networks.

The Class A network address range 10.0.0.0 to 10.255.255.255 (10.0.0.0/8) is designated for private use
only. This address range cannot be used on the Internet as every ISP will automatically drop the address.
This address is becoming very popular as its use in conjunction with Network Address Translation
(NAT) has meant that large corporations can make use of the Class A address space available within
10.0.0.0 for their own private use internally and just use NAT for those relatively few addresses that do
need to operate on the Internet. This is one reason why the immediate need for IP version 6 has been
diminished.

There is also the private address range 172.16.0.0 to 172.31.255.255 (172.16.0.0/12) which is the CIDR
block of 16 x Class B addresses 172.16.0.0, 172.17.0.0, .... ,172.31.0.0.

The network address range 192.168.0.0 to 192.168.255.255 (192.168.0.0/16) is also for private use and
is a CIDR block of 256 x Class C addresses 192.168.0.0, 192.168.1.0, .... ,192.168.255.0.

Examine RFC 1918 for more information on address allocation for private networks.

Other Special addresses

The address range 0.0.0.0/8 is currently considered throughout the Internet as for special use. Note that
this is different from the host address 0.0.0.0/32 which means 'default'. You can have legitimate
addresses in the range 0.0.0.0/16, e.g. 0.0.123.95/16.

The address range 192.0.2.0/24 is called the Test Net and is reserved for use in testing examples and
documentation.

The address range 169.254.0.0/16 is used for auto-configuration of IP addresses if a DHCP server should
fail and there is no backup for the DHCP Clients. This is described in RFC 2563Stateless Autoconfiguration.

Directed Broadcasts

The RFC 1812 overviews the requirements of routers to run IPv4. One of the requirements is that routers
MUST, by default accept Directed Broadcasts (although it is allowable to have a switch that turns this off).

A directed broadcast is one where the IP broadcast has been sent to a destination prefix (a net or
subnet). A directed broadcast destined for the network 10.20.20.0/24 would be 10.20.20.255, for
example.

Masking IP Addresses

Network Security.
Why is Network Security
Important?
Wherever there is a network, wired or wireless; there are threats. Some people are easily
put off setting up a home or office network with the fear that any thing stored in their hard
drive could be accessed by neighbours or hackers. The types of potential threats to network
security are always evolving, and constant computer network system monitoring and
security should be an ultimate priority for any network administrator.
If the security of the network is compromised, there could be serious consequences, such as
loss of privacy, and theft of information.

When it comes to network security, the main concern is making sure that any wireless
connections are protected against unauthorised access.

Most business transactions are done over the Internet, In addition, the rise of mobile
commerce and wireless networks demands that security solutions become flawlessly
integrated, more transparent, and more flexible.
Network attack tools and methods have evolved. Back in the days when a hacker had to
have sophisticated computer, programming, and networking knowledge to make use of
rudimentary tools and basic attacks.
Nowadays, network hackers, methods and tools has improved tremendously, hackers no
longer required the same level of sophisticated knowledge, people who previously would not
have participated in computer crime are now able to do so.

Types of Network Threats and

Attacks
As the types of threats, attacks, and exploits grows, various terms have been used to
describe the individuals involved. Some of the most common terms are as follows:
i. White hat- These are network attackers who looks for vulnerabilities in systems or
networks and then reports these vulnerabilities to the owners of the system so that they
can be fixed. They are ethically opposed to the abuse of computer systems. A white hat
generally focuses on securing IT systems.
ii. Hacker- This is a general term that is used to describe a computer programming expert.
These are normally used in a negative way to describe an individual that attempts to gain
unauthorized access to network resources with malicious intent.

iii. Black hat or Cracker- The opposite of White Hat, this term is used to describe those
individuals who use their knowledge of computer systems and programming skills to break
into systems or networks that they are not authorized to use, this of course is done usually
for personal or financial gain.
iv. Phreaker- This terms is often used to describe an individual who manipulates the phone
network in a bid to perform a function that is not allowed. The phreaker breaks into the
phone network, usually through a payphone, to make free or illegal long distance calls.
v. Spammer- This is often used to describe the persons who sends large quantities of
unsolicited e-mail messages. Spammers often use viruses to take control of home
computers and use them to send out their bulk messages.
vi. Phisher- Uses e-mail or other means to trick others into providing sensitive information,
such as credit card numbers or passwords. A phisher masquerades as a trusted party that
would have a legitimate need for the sensitive information.
- See more at: http://orbit-computer-solutions.com/Network-Security.php#sthash.f9CEXJBn.dpuf

Routers.
Routers are generally known as intermediate systems, which operates at the network layer of the OSI
reference model, routers are devices used to connects two or more networks (IP networks) or a LAN to
the Internet.
The router is responsible for the delivery of packets across different networks. The destination of the IP
packet might be a web server in another country or an e-mail server on the local area network. It is the
responsibility of the router to deliver those packets in a timely manner. The effectiveness of
internetwork communications depends on the ability of routers to forward packets in the most efficient
way possible.

Routers are now being added to satellites in space. These routers will have the
ability to route IP traffic between satellites in space in much the same way that
packets are moved on Earth, thereby reducing delays and offering greater
networking flexibility.
Advantages of a Router

In addition to packet forwarding, a router provides other services as well. To meet

the demands on today's networks, routers are also used :
i. To ensure steady, reliance availability of network connectivity. Routers use
alternative parts in the case the primary part fails to the delivery of packets.

Field Code Changed

ii. To provide integrated services of data, video, and voice over wired and wireless

networks.
For security, router helps in mitigating the impact of worms, viruses, and other
attacks on the network by permitting or denying the forwarding of packets.

Cisco CCNA Networking Books

CCNA - Past Questions & Answers with Explanation

Cisco Routers
Router Connecting Two LANs

Router Connects LAN to Internet

Types of Routers
Wireless Routers

Hot Standby Router Protocol (HSRP)

How to Install and Configure your Wireless Router or Access Points

Difference Between Routers and Access Points
Routing Protocols

Broadband
Linksys Routers
ADSL
- See more at: http://orbit-computer-solutions.com/Routers.php#sthash.9a2c2qC2.dpuf

VLSM Example #2.

We use the network topology below as example:

The figure above shows 5 different subnets, each with different host requirements. The
given IP address from our ISP is192.168.1.0/24.
The host requirements are:
Network A - 14 hosts
Network B - 28 hosts
Network C - 2 hosts
Network D - 7 hosts
Network E - 28 hosts
As recommended, we begin the process by subnetting for the largest host requirement first.
As it seems, the largest requirements are for NetworkB and NetworkE, each with 28
hosts.
Dont forget the cram table!

Lets apply the formula: usable hosts = 2^n - 2. For networks B and E, 5 bits are borrowed
from the host portion and the calculation is 2^5 = 32 - 2. Only 30 usable host addresses
are available in this case due to the 2 reserved addresses. Borrowing 5 bits meets the
requirement but leaves little room for future growth.
So we revert to borrowing 3 bits for subnets leaving 5 bits for the hosts. This allows 8
subnets with 30 hosts each.
We have created and will allocate addresses for networks B and E first:
Network B will use Subnet 0: 192.168.1.0/27
Host address range 1 to 30 (192.168.1.1 192.168.1.30)
192.168.1.31 (broadcast address)
Network E will use Subnet 1: 192.168.1.32/27
Host address range 33 to 62 (192.168.1.33 192.168.1.62)
192.168.1.63 (broadcast address)
The next largest host requirement is NetworkA, followed by NetworkD.
We will borrowing another bit and subnetting the network address 192.168.1.64 will give us
the following a host range of:
Network A will use Subnet 0: 192.168.1.64/28
Host address range 65 to 78 (192.168.1.65 192.168.1.78)
192.168.1.79 (broadcast address)
Network D will use Subnet 1: 192.168.1.80/28
Host address range 81 to 94 (192.168.1.81 192.168.1.94)
192.168.1.95 (broadcast address)
This allocation supports 14 hosts on each subnet and satisfies the requirement.

*In Network C, there are only two hosts. In this case we borrow two bits to meet this
requirement.
Beginning from 192.168.1.96 and borrowing 2 more bits results in subnet 192.168.1.96/30.
Network C will use Subnet 1: 192.168.1.96/30
Host address range 97 to 98 (192..168.1.97 192.168.1.98)
192.168.1.99 (broadcast address)
From the above illustration, we have met all requirements without wasting many possible
subnets and available addresses.
In this case, bits were borrowed from addresses that had already been subnetted. As you
will recall from a previous section, this method is known as Variable Length Subnet Masking,
or VLSM.
*use illustration to create networks for the WAN on the network
- See more at: http://orbit-computer-solutions.com/VLSM-Example.php#sthash.zjUuYvXd.dpuf

How To Calculate
Subnets Using Binary
Method.
Connectivity between hosts on an IP network is determined by the application of network
and destination address. This is done by the communicating host comparing and applying its
subnet mask to both its IPv4 address and to the destination IPv4 address.
Remember, the subnet mask is a 32 bit value which is used to differentiate between the
network bits and the host bits of the IP address. The subnet mask is made up of a string of
1s followed by a string of 0s.
The 1s indicate the network bits and the 0s specify the host bits within the IP address. The
network bits are matched between the source and destination. If networks are the same,
the packet can then be delivered locally. If they dont match, the packet is sent to the
default gateway.
For example, lets assume PC 1, with the IP address of 192.168.1.40 and subnet mask of
255.255.255.0, needs to send a message to PC 2, with the IP address of 192.168.1.52 and

a subnet mask of 255.255.255.0. In this case, both hosts have a same default subnet mask
of 255.255.255.0. Both hosts have the same network bits of 192.168.1, and therefore are
on the same network.

PC 1 sends a message to PC 2. The switch checks to see if PC 2 is on the same network as

PC 1. The network is determined by comparing the IP address to the Subnet Mask. Lets
look at The IP Address, Subnet Mask, and Network Address for each configuration in binary
equivalent below:
PC 1 Configuration
IP Address -192.168.1.40, 11000000.10101000.00000001.00101000
Subnet Mask -255.255.255.0, 11111111.11111111.11111111.00000000
Network- 192.168.1.0, 11000000.10101000.00000001.00000000
PC 2 Configuration
IP Address -192.168.1.52, 11000000.10101000.000000001.00110100
Subnet Mask -255.255.255.0, 11111111.11111111.11111111.00000000
Network 192.168.1.0, 11000000.10101000.00000001.00000000
The highlighted area above shows that both PC 1 and PC 2 are on the same network:
192.168.1.0.
- See more at: http://orbit-computer-solutions.com/How-To-Calculate-Subnets-Using-BinaryMethod.php#sthash.2aOOyVXn.dpuf

Field Code Changed

How a Root Port is selected on a Switch.

Best Paths to the Root Bridge
After the root bridge has been designated for the spanning tree process, the next process is
to determine the best paths to the root bridge from all destinations in the network. The best
path resolution is carried out by the summing up of the individual port costs along the path
from the destination to the root bridge.
By default, port costs are defined by the speed at which the port operates. Every non-root
bridge selects a root port; this is the port with the lowest cost path to the root bridge.
Default costs depend on the speed of the link as set by IEEE (individual path cost = 19).
Note: costs may change as faster Ethernet is developed.
In the case of ports having the same cost; the use of port priority and port number can be
applied. By default, Fa0/1 has 128.1 and Fa0/2 has 128.2
See table for finding the cost of a link:
Link Speed
10GBs
1Gbs
100Mbs
10Mbs

Revised Cost
2
4
19
100

Previous Cost
1
1
10
100

Configuring Port Costs.

Although switch ports have a default port cost, it can be manipulated by configuration. Cisco
switches provide the network administrator the ability to configure individual port costs.
This enables an administrator full control of the spanning-tree paths to the root bridge.
To configure the port cost of an interface, enter the spanning-tree cost value command in
interface configuration mode. The range value can be between 1 and 200,000,000.
In the configuration example below, switch port F0/1 has been configured with a port cost
of 30 using the spanning-tree cost 30 interface configuration command on the F0/1
interface.
SW2#config t

SW2(config)#interface fa0/1
SW2(config-if)#spanning-tree cost 30
SW2(config-if)#end
SW2#
To reset the port cost back to the default value, enter the no spanning-tree cost interface
configuration command.
SW2#config t
SW2(config)#interface fa0/1
SW2(config-if)#no spanning-tree cost
SW2(config-if)#end
SW2#

You can use the show spanning tree command to very cost path.

Summary
Path cost is the sum of all the port costs along the path to the root bridge.
The paths with the lowest path cost become the preferred path, and all other redundant
paths are blocked.
Every non-root bridge (switch) selects a root port
The cost path from non-root bridge (switch) to the root bridge by default is 19 (IEEE)
STP then configures the redundant path to be blocked, preventing a loop from occurring.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Understanding-How-a-Root-Port-isSelected.php#sthash.gorgpbIZ.dpuf

How the Root Bridge and Ports

are chosen.
The Root Bridge
In STP configured switched LAN or broadcast domain, a switch is designated as the root
bridge. The root bridge serves as an administrative point for all spanning-tree calculations

Field Code Changed

to determine which redundant links to block. An election process determines which switch
becomes the root bridge.
Each switch has a Bridge ID (BID) that is made up of a priority value, an extended system
ID, and the MAC address of the switch.
All switches in the network take part in the election process. After a switch boots up, it
sends out BPDU frames containing the switch BID and the root ID every 2 seconds. By
default, the root ID matches the local BID for all switches on the network. The root ID
identifies the root bridge on the network. Initially, each switch identifies itself as the root
bridge after bootup.
Lets look at it this way, when switches A, B, C and D are on the same network or broadcast
domain boots up, the switches will forward their Bridge Protocol Data Unit (BPDU) frames to
neighbouring switches. All switches in the network or broadcast domain will read the root ID
information from the BPDU frame of all their neighbours.
After reviewing the entire root IDs from the BPDU received from each switch, the switch
with the lowest BID ends up being identified as the Root Bridge for the spanning tree
process. It may not be an adjacent switch, but any other switch in the broadcast domain.

Study the figure below and see if you can Identify the switch with the lowest priority.

Root Ports - Switch ports closest to the root bridge with the lowest cost path.
Designated Ports - All non-root ports that are still permitted to forward traffic on the
network.
Non-designated ports - All ports configured to be in a blocking state to prevent loops.
Summary.
* Each switch has a bridge ID (BID) of priority value followed by MAC address
* Switches exchange Bridge Protocol Data Unit (BDPU) to compare bridge IDs
* The switch with the lowest bridge ID becomes the root bridge.
* Eventually, all switches agree that the switch with the lowest BID is the root bridge.
- See more at: http://orbit-computer-solutions.com/CCNA%3A-Understanding-How-the-Root-Bridgeand-Ports-are-chosen.php#sthash.fAiaLgac.dpuf

Field Code Changed

How to secure your

network with Cisco
Routers.

Security passwords configuration

Pass phrases configuration
Secure administrative access
Secure Telnet and SSH
Maintain Router activity logs

Before we learn how to secure Cisco routers, lets briefly summarize the role routers play in
network security
The Role of Routers in Network Security
As you must have known, routers are used to route traffic between different networks based
on Layer 3 IP addresses and provide access to network segment and subnetworks. So said,
that makes routers the definite targets for network attackers. When the border router of an
organisations network is compromised or gained access to, unauthorized, it poses a
potential threat to its sensitive information and other network services and resources.
Routers can be compromised in many ways, (Trust exploitation and MITM attacks) and this
exposes the internal network configuration or components to scans and attacks.
In summary, two primary roles router plays in a network

Advertise networks and filter (permit/deny) who can use them.

Provide access to network segments and subnetworks

Securing Your Network

 Security Passwords and Passphrases Configuration and Encryptions

How To Configure Switch Security
Administrative Access Security
Telnet and SSH Security
Maintain Router Activity Logs
- See more at: http://orbit-computer-solutions.com/How-to-secure-your-network-with-Ciscorouters.php#sthash.qjiZvxCg.dpuf

IP Routing.
To a better understanding of what IP routing is, lets get acquainted with the basic terms:
IP
Routing
Router
Routing Protocols

Field Code Changed

IP
IP (Internet Protocol) is the network protocol used to send user data through the Internet
and other smaller networks (LAN or WAN).
IP operates at layer 3 of the OSI model and is often used together with the Transport
Control Protocol (TCP) and is referred basically as TCP/IP.
Internet Protocols (IP) uses a unique addressing assigned to computers and other devices
interface that helps to determine the source and destination of packets on a network. An
example of IP is the Internet Protocol version 4 (IPv4) and the newer Internet Protocol
version 6 (IPv6).

ROUTING
Routing is the process of taking a packet from one device sending it through the network to
another device in a different network.
Communications accross the Internet is one of the best examples of routing.
The internet helps to move data from your computer, across several networks, to reach a
destination network. A device that specializes in routing function is called router.
Routers perform routing function if it knows the destination address. Router chooses best
routes to remote networks from a list of routes which it stores in its routing table. If routers
are not involved in your network, then you are not routing.
Routers uses two ways to know the destination of packets; these are Static and Dynamic
routing.

ROUTER
Routers are intermediary network devices. Routers operate at the network layer (OSI
Model's layer 3). The primary function of a router is to move data from one network to
another and to help to control broadcast or unnecessary traffic. For a router to be able to do
this, it must know the following:
i. Destination address
ii. Possible routes to all networks
iii.Neighboring routers from which it will learn about remote networks
iv. The best route to reach a network

v. How to maintain and verify routing information.

ROUTING PROTOCOLS
Routing protocols are used by routers to dynamically learn remote paths to set of networks
and forward data between the networks. These protocols include:
RIP (Routing Information Protocol
EIGRP (Enhanced Internal Gateway Routing Protocol)
OSPF (Open Shortest Path First)
BGP (Border Gateway Protocol)

What Is IP Routing?
Networks (LAN or WAN) on the internet are connected to each other via routers. The
movement of data from your computer to a known destination (computer) is known as
routing.
IP Routing is a summed up process for the set of protocols (IP/TCP) that determine the path
that data follows in order to travel across different networks from its source to its
destination.
The moving of data from source to destination across multiple networks is controlled by
routers. These series of routers makes use of IP Routing protocols to build up a routing
table consisting of remote network addresses.

Example below shows how a Network router connects other networks :

R2#show IP route
[Output omitted]
Gateway of last resort is not set
C 192.168.1.32/27 is directly connected, fastEthernet0/1
C 192.168.1.0/27 is directly connected, fastEthernet0/2
C 10.10.1.0/30 is directly connected, serial 0/0/0

The C in the routing table means the networks are directly connected. Remote networks are
not found and displayed in the routine table because, we have not added a routing protocol
such as RIP, EIGRP, OSPF etc. etc or configured Static routes.
Looking at the output above, when the network router receive a packet with the destination
address of 192.168.1.10, the router will send the packet to interface fastEthernet0/2, and
this interface will frame the packet and then send it out
- See more at: http://orbit-computer-solutions.com/IP-Routing--Protocols.php#sthash.CM2mTWOe.dpuf

Field Code Changed

Variable Length Subnet Mask

(VLSM).
Variable Length Subnet Masking - VLSM - is a technique that allows network administrators
to divide an IP address space into subnets of different sizes, unlike simple same-size
Subnetting.

Variable Length Subnet Mask (VLSM) in a way, means subnetting a subnet. To simplify
further, VLSM is the breaking down of IP addresses into subnets (multiple levels) and
allocating it according to the individual need on a network. It can also be called a classless
IP addressing. A classful addressing follows the general rule that has been proven to
amount to IP address wastage.

Before you can understand VLSM, you have to be very familiar with IP address structure.
The best way you can learn how to subnet a subnet (VLSM) is with examples. Lets work
with the diagram below:

Looking at the diagram, we have three LANs connected to each other with two WAN links.

The first thing to look out for is the number of subnets and number of hosts. In this case, an
ISP allocated 192.168.1.0/24. Class C
HQ = 50 host
RO1 = 30 hosts
RO2 = 10 hosts
2 WAN links
We will try and subnet 192.168.1.0 /24 to sooth this network which allows a total number of
254 hosts I recommend you get familiar with this table below. I never leave home without
it!

Lets begin with HQ with 50 hosts, using the table above:

We are borrowing 2 bits with value of 64. This is the closest we can get for 50 hosts.
HQ - 192.168.1.0 /26 Network address
HQ = 192.168.1.1 Gateway address
192.168.1.2, First usable address
192.168.1.62- Last usable address. Total address space -192.168.1.2 to 192.168.1.62
192.168.1.63 will be the broadcast address (remember to reserve the first and last
address for the Network and Broadcast)
HQ Network Mask 255.255.255.192 - we got the 192 by adding the bit value from the
left to the value we borrowed = 128+64=192
HQ address will look like this 192.168.1.0 /26
RO1 = 30 hosts
We are borrowing 3 bits with value of 32; this again is the closest we can get to the number
of host needed.
RO1 address will start from 192.168.1.64 - Network address

Now we add the 32 to the 64 we borrowed earlier = 32+64 = 96

RO1 = 192.168.1.65 Gateway address
192.168.1.66 - First usable IP address
192.168.1.94 - Last usable IP address
192.168.1.95 Broadcast address total address space 192.168.1.66 192.168.1. 94
Network Mask 255.255.255.224 I.e. 128+64+32=224 or 192.168.1.64/27
RO2 = 192.168.1.96 Network address
We borrow 4 bits with the value of 16. Thats the closest we can go.
96+16= 112
So, 192.168.1.97- Gateway address
192.168.1.98 - First usable address
192.168.1.110 - Last usable address
192.168.1.111 broadcast
Total host address space 192.168.1.98 to 192.168.1.110
Network Mask 255.255.255.240 or 192.168.1.96 /28
WAN links = we are borrowing 6 bit with value of 4
=112 + 4 =116
WAN links from HQ to RO1 Network address will be 192.168.1.112 /30 :
HQ se0/0 = 192.168.1.113
RO1 se0/0= 192.168.1.114
Mask for both links= 255.255.255.252 ( we got 252 by adding the bits value we borrowed
i.e
124 +64 +32 +16+ 8 +4=252
WAN Link 2= 112+4=116
WAN Link from HQ to RO2 Network address = 192.168.1.116 /30

HQ = 192.168.1.117 subnet mask 255.255.255.252

RO2 = 192.168.1.118 Subnet mask 255.255.255.252
Subnet Prefix
/ CIDR

Subnet mask

/26
/27
/28
/29
/30

255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.248
255.255.255.252

Usable IP
Usable IP addresses +
address/hosts Network and Broadcast
address
62
64
30
32
14
16
6
8
2
4

As I mentioned earlier, having this table will prove very helpful. For example, if you

have a subnet with 50 hosts then you can easily see from the table that you will
need a block size of 64. For a subnet of 30 hosts you will need a block size of 32.
- See more at: http://orbit-computer-solutions.com/VLSM.php#sthash.nSUNE75F.dpuf

Tracing and
Interpreting Network
Connectivity.
Testing network connectivity using trace
A trace returns a list of hops as a packet is routed through a network. The form of the
command depends on where the command is issued. When performing the trace from a
Windows computer, use tracert. When performing the trace from a router Command Line
Interface - CLI, use traceroute.
Ping and Trace
Ping and trace can be used together to detect a problem.
Let's assume that a successful connection has been established between Host 1 and Router
A, as shown in the figure.

Next, let's assume that Host 1 pings Host 2 using this command.
C:>ping 172.17.2.3
The ping command returns this result:
Pinging 172.17.2.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 172.17.2.3:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
The ping test failed.
This is a test of communication beyond the local network to a remote device. Because the
local gateway responded but the host beyond did not, the problem appears to be
somewhere beyond the local network. A next step is to isolate the problem to a particular
network beyond the local network. The trace commands can show the path of the last
successful communication.
Trace to a Remote Host
Like ping commands, trace commands are entered in the command line and take an IP
address as the argument.
Assuming that the command will be issued from a Windows computer, we use the tracert
form:
C:>tracert 172.17.2.3
The only successful response was from the gateway on Router A. If a Trace requests to the
next hop timed out, meaning that the next hop did not respond. The trace results indicate
that the failure is therefore in the internetwork beyond the LAN.

If there is a conflicting result, the default gateway-192.168.1.1- responds, indicating that

there is communication between Host1 and the gateway. On the other hand, the gateway
does not appear to be responding to traceroute.
One explanation is that the local host is not configured properly; check the gateway IP
address on the host. To examine the gateway IP address, use the ipconfig command line.
- See more at: http://orbit-computer-solutions.com/Tracing-and-Interpreting-TraceResults.php#sthash.mwJrrUNp.dpuf

Testing Local Network.

Testing a host on the

local LAN.
After Successfully pinging remote hosts, both the local host -the router - and the remote
host are configured correctly. Pinging each host one by one on the LAN can carry out this
test.
If a host responds with Destination Unreachable, note which address was not successful
and continue to ping the other hosts on the LAN.
Another failure message is Request Timed Out. This indicates that no response was made
to the ping attempt in the default time period indicating that network latency may be an
issue.

Using extended Ping

The IOS offers and extended mode of the ping command. This mode is entered by typing
ping in privileged EXEC mode, at the CLI prompt without assigning a destination IP
address. A series of prompts are then presented as shown in this example. Pressing Enter
accepts the indicated default values.
Router#ping
Protocol [ip]:
Target IP address:10.0.0.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:5
Extended commands [n]: n

Entering a longer timeout period than the default allows for possible latency issues to be
detected. If the ping test is successful with a longer value, a connection exists between the
hosts, but latency may be an issue on the network.
Note that entering "y" to the "Extended commands" prompt provides more options that are
useful in troubleshooting.
A Successfully ping shows that the local and other hosts IP address in the network are
configured properly.

Testing Gateway and Remote Connectivity

The next step is to test if the local host can connect with a gateway address.
You can Use ping command to verify if the local host can connect the gateway. This is
extremely important because the gateway is the host's entry and exit to the wider network.
If the ping command returns a successful response, connectivity to the gateway is verified.
To begin, choose a station as the source device. In this case, we chose 192.168.1.1 as
shown in the figure above to be the gateway IP address.
c:>ping 192.168.1.1
The gateway IPv4 address should be readily available in the network documentation, but if
it is not available, use the ipconfig command to discover the gateway IP address.
If the gateway test fails:
1. Try pinging another host in the local LAN to verify that the problem is not the source
host.
2. Then verify the gateway address with the network administrator to ensure that the
proper address is being verified
If all devices are configured properly, check the physical cabling to ensure that it is secure
and properly connected. Keep an accurate record of what attempts have been made to
verify connectivity. This will assist in solving this problem and, perhaps, future problems.
Testing Route Next Hop

In a router, you can use IOS to test the next hop of the individual routes. Each route has
the next hop listed in the routing table. You can use the output of the show ip route
command to determine the next hop. Frames carrying packets that are directed to the
destination network listed in the routing table are sent to the device that represents the
next hop. If the next hop is not accessible, the packet will be dropped.
To test the next hop, determine the appropriate route to the destination and try to ping the
appropriate next hop for that route in the routing table. A failed ping indicates that there
might be a configuration or hardware problem.
The ping may also be prohibited by security in the device. If the ping is successful you can
move on to testing connectivity to remote hosts.
Testing Remote Hosts connectivity
Once verification of the local LAN and gateway is complete, testing can proceed to remote
devices, which is the next step in the testing process.
The figure depicts a sample network topology. There are 3 hosts within a LAN, a router
(acting as the gateway) that is connected to another router (acting as the gateway for a
remote LAN), and 3 remote hosts. The verification tests should begin within the local
network and progress outward to the remote devices.
Testing remote connectivity

Ping a remote host from a local host

Begin by testing the outside interface of a router that is directly connected to a remote
network. In this case, the ping command is testing the connection to 200.10.10.129, the
outside interface of the local network gateway router.
If the ping command is successful, connectivity to the outside interface is verified. Next,
ping the outside IP address of the remote router, in this case, 200.10.10.130 If successful,
connectivity to the remote router is verified. If there is a failure, try to isolate the problem.
Retest until there is a valid connection to a device and double-check all addresses.
The ping command will not always help with identifying the underlying cause to a problem,
but it can isolate problems and give direction to the troubleshooting process. Document
every test, the devices involved, and the results.
Test Router Remote Connectivity
A router forms a connection between networks by forwarding packets between them. To
forward packets between any two networks, the router must be able to communicate with
both the source and the destination networks. The router will need routes to both networks
in its routing table.
To test the communication to the remote network, you can ping a known host on this
remote network. If you cannot successfully ping the host on the remote network from a
router, you should first check the routing table for an appropriate route to reach the remote
network. It may be that the router uses the default route to reach a destination. If there is
no route to reach this network, you will need to identify why the route does not exist. As
always, you also must rule out that the ping is not administratively prohibited.
- See more at: http://orbit-computer-solutions.com/Testing-LocalNetwork.php#sthash.DtFN3RbP.dpuf

How To Verify Network

Connectivity.
Using The Ping Command
Using the ping command is one an effective way to test network connection. The test is
often referred to as testing the protocol stack, because the ping command moves from
Layer 3 of the OSI model to Layer 2 and then Layer 1. Ping uses the ICMP protocol to check
for connectivity.
Using ping in a Testing Sequence
Firstly, start by using the router IOS ping command in a planned sequence of steps to
establish valid connections, starting with the individual device and then all the way to the
LAN and, finally, to remote networks.

Field Code Changed

By using the ping command in this ordered sequence, problems can be put out-of-the-way.
The ping command sometimes does not always pinpoint the nature of the problem, but it
can help to identify the source of the problem, this is considered to be the first step in
troubleshooting a network failure.
The ping command provides a method for checking the protocol stack and IPv4 address
configuration on a host. There are additional tools that can provide more information than
ping, such as Telnet or Trace, which we will look at in detail later.
IOS Ping Indicators
A ping from the IOS will yield to one of several indications for each ICMP echo that was
sent. These indicators are:
! - Exclamation mark
. - Period and

! - The "!" (Exclamation mark) indicates that the ping completed successfully and
verifies Layer 3 connectivity
. - The "." (Period) can indicate problems in the communication. It may indicate
connectivity problem occurred somewhere along the path. It also may indicate a
router along the path did not have a route to the destination and did not send an
ICMP destination unreachable message. It also may indicate that ping was blocked
by device security

- The "U" indicates that a router along the path did not have a route to the destination
address and responded with an ICMP unreachable message.

Pinging the Loopback

As a first step in the testing sequence, the ping command is used to verify the internal IP
configuration on the local host. This can be accomplished by using the ping command on a
reserved address called the loopback -127.0.0.1-. Pinging the loopback helps to verify the
proper operation of the protocol stack from the Network layer to the Physical layer and back
without actually putting a signal on the media.
Ping commands are entered into a command line.
C:>ping 127.0.0.1
The reply from this command would look something like this:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The result shows that four test packets were sent - each 32 bytes in size - and were
returned from host 127.0.0.1 in a time of less than 1 ms. TTL stands for Time to Live and
defines the number of hops that the ping packet has remaining before it will be dropped.

Verifying Interface Connection

The IOS provides commands to verify the operation of router and switch interfaces. You can
use the following command Verify Router Interfaces:
The show ip interface brief command provides a summary of all interface configuration
information on the router; it displays the IP addresses that are assigned to the interface and
other operational status of the interface.
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/1 172.17.1.1 YES manual up up
Serial0/0/0 unassigned YES manual administratively down down
Serial0/0/1 unassigned YES manual administratively down down
Vlan1 unassigned YES manual administratively down down
Router#
Looking at the line for the FastEthernet 0/0 interface, we see that the IP address is
192.168.1.1. Looking at the last two columns, we can see the Layer 1 and Layer 2 status of
the interface. The up in the Status column shows that this interface is operational at Layer
1. The up in the Protocol column indicates that the Layer 2 protocol is operational also the
fastEthernet 0/1 with IP address 172.17.1.1, in this case.
In the same example above, notice that the Serial 0/0/0 and Serial0/0/1 interfaces have not
been enabled and no IP address assigned. This is indicated by administratively down in
the Status column. This interface can be enabled with the no shutdown command.
Testing Router Connectivity
We can use Ping and Traceroute to verify router connectivity, at the layer 3. You can use
these commands to ping a host in a local LAN and place a trace to a remote host across the
WAN.
e.g.
Router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/15/16 ms

Router#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
1 192.168.1.1 16 msec 16 msec 16 msec
The above result shows a successful connection to the gateway.

Testing NICs
The next step in the testing sequence is to verify that the Network Interface Card- NICaddress is bound to the IPv4 address and that the NIC is ready to transmit signals across
the media.
The IPv4 address assigned to a NIC in this case is 10.0.0.6.
To verify the IPv4 address, use the following steps:
Use the following command:
C:>ping 10.0.0.6

A successful reply would resemble:

Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Ping statistics for 10.0.0.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
This test verifies that the NIC driver and most of the NIC hardware are working properly. It
also verifies that the IP address is properly bound to the NIC, without actually putting a
signal on the media.

If this test fails, it is likely that there are issues with the NIC hardware and software driver
that may require reinstallation of either or both. This procedure is dependent on the type of
host and its operating system
- See more at: http://orbit-computer-solutions.com/GeneralTroubleshooting.php#sthash.dBfEDLDg.dpuf

VLSM Example #2.

We use the network topology below as example:

Field Code Changed

The figure above shows 5 different subnets, each with different host requirements. The
given IP address from our ISP is192.168.1.0/24.
The host requirements are:
Network A - 14 hosts
Network B - 28 hosts
Network C - 2 hosts
Network D - 7 hosts
Network E - 28 hosts
As recommended, we begin the process by subnetting for the largest host requirement first.
As it seems, the largest requirements are for NetworkB and NetworkE, each with 28
hosts.
Dont forget the cram table!

Lets apply the formula: usable hosts = 2^n - 2. For networks B and E, 5 bits are borrowed
from the host portion and the calculation is 2^5 = 32 - 2. Only 30 usable host addresses
are available in this case due to the 2 reserved addresses. Borrowing 5 bits meets the
requirement but leaves little room for future growth.
So we revert to borrowing 3 bits for subnets leaving 5 bits for the hosts. This allows 8
subnets with 30 hosts each.
We have created and will allocate addresses for networks B and E first:
Network B will use Subnet 0: 192.168.1.0/27
Host address range 1 to 30 (192.168.1.1 192.168.1.30)
192.168.1.31 (broadcast address)
Network E will use Subnet 1: 192.168.1.32/27
Host address range 33 to 62 (192.168.1.33 192.168.1.62)
192.168.1.63 (broadcast address)
The next largest host requirement is NetworkA, followed by NetworkD.
We will borrowing another bit and subnetting the network address 192.168.1.64 will give us
the following a host range of:
Network A will use Subnet 0: 192.168.1.64/28
Host address range 65 to 78 (192.168.1.65 192.168.1.78)
192.168.1.79 (broadcast address)
Network D will use Subnet 1: 192.168.1.80/28
Host address range 81 to 94 (192.168.1.81 192.168.1.94)
192.168.1.95 (broadcast address)
This allocation supports 14 hosts on each subnet and satisfies the requirement.

*In Network C, there are only two hosts. In this case we borrow two bits to meet this
requirement.
Beginning from 192.168.1.96 and borrowing 2 more bits results in subnet 192.168.1.96/30.
Network C will use Subnet 1: 192.168.1.96/30
Host address range 97 to 98 (192..168.1.97 192.168.1.98)
192.168.1.99 (broadcast address)
From the above illustration, we have met all requirements without wasting many possible
subnets and available addresses.
In this case, bits were borrowed from addresses that had already been subnetted. As you
will recall from a previous section, this method is known as Variable Length Subnet Masking,
or VLSM.
*use illustration to create networks for the WAN on the network..
- See more at: http://orbit-computer-solutions.com/VLSM-Example.php#sthash.U9TA9jy5.dpuf

IP Address/Route Summary.
IP Address/route summarization; which is also known as route aggregation, is the process
routers use in advertising volume or set of addresses as a single address with shorter
subnet mask (CIDR).

To put this in a real world senario, its like using one postal address number for all the staff
from different department in an organization, which of course will have to be distributed to
every individual by the office administrator or whoever is concerned.

However, classiful routing protocols like RIPv1 advertises route or IP addresses in summary,
as update out an interface that belongs to another major network.
For example, RIPv1 will summarize 10.0.0.0/24 subnets (10.0.0.0/24 through
10.255.255.0/24) as 10.0.0.0/8.

Benefit of Route Summarization.

1.
IP address or route summarization helps reduce the number of ip address or routing
entries updates in the routers routing table.
2.
It also helps reduce bandwidth consumption for routing updates which helps to
enable faster routing table look up for the best path to a remote network.

How to Calculate IP Address/ Route Summarization

How to Configure IP Summary route

- See more at: http://orbit-computer-solutions.com/IP-Address-or-Route-Summary.php#sthash.6xY2BR70.dpuf

IP Address / Route
Summarization
Example #2.
From the previous page, you must have know that IP route summarization can also be
referred to as
route aggregation. It helps reduce the number of routing entries in a router IP address
routing table for faster lookup of destination.

Lets look at the example below:

Lets try and summarize Network 10.1.0.0 through 10.5.0.0.

First, list everything into binary:

Firstly, to get the network address, follow and match the binary bits, starting on the left
and stop where the bits do not match from the example above.
Notice that the first octet are matched, the second octet has no matching bits on, so is the
third and last.
so, the summary IP will be 10.0.0.0 = Network address.

Finally, to work out the summary subnets mask; we match the 8 bits of the first octet (see
above) which is the network, and five matching zeros in the second octet which is the
subnet.

255.248.0.0

How did we get the 248?

Remember the bits value = 128 64 32 16 8 4 2 1

00000000

You add the five bits values in the second octet from the left ; 128+64+32+16+8 = 248

How did we get /13?

Count all the matching bits (see above) from the left up to the last matching
bitkazam!...you get your CIDR .

- See more at: http://orbit-computer-solutions.com/IP-Address---Route-Summarization-Example_2.php#sthash.X0jgD0EL.dpuf

Subnetting IP
Address.
Subnetting allows you to create multiple logical networks that exist within a single Class A,
B, or C network.
There are so many reasons why we subnet:
a. It helps in the preservation of address space in other not to waste addresses.
b. It used for security.
c. It helps to control network traffic due to collisions of packets transmitted by other node
(host) on the same segment.
Subnetting a Network Address

In order to subnet a network address, The subnet mask has to be extended, using some of
the bits from the host ID portion of the address to create a subnetwork ID.
For example, given a Class C network of 192.17.5.0 which has a natural mask of
255.255.255.0, you can create subnets in this manner:
192.17.5.0 - 11000000.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000

|sub|
By extending the mask to be 255.255.255.224, you have borrowed three bits (indicated by
"sub") from the original host portion of the address and used them to create subnets. With
these three bits, it is possible to create eight subnets. With the remaining five host ID bits,
each subnet can have up to 32 host, addresses, 30 of which can actually be assigned to a
device on the same segment.
These subnets have been created.

192.17.5.0 255.255.255.224 host address

range 1 to 30
192.17.5.32 255.255.255.224 host address
range 33 to 62
192.17.5.64 255.255.255.224 host address
range 65 to 94
192.17.5.96 255.255.255.224 host address
range 97 to 126
192.17.5.128 255.255.255.224 host address
range 129 to 158
192.17.5.160 255.255.255.224 host address
range 161 to 190
192.17.5.192 255.255.255.224 host address
range 193 to 222

192.17.5.224 255.255.255.224 host address

range 225 to 254
Another example:Given a class C network address of 192.168.1.0, as a network administrator, you need to
utilize this network address across multiple small groups within the organization. You can do
this by subnetting this network with a subnet address.
All you have to do is , try to create 14 subnets of 14 nodes (hosts) each. This will limit us to
196 nodes (hosts) on the network instead of 254 we would have without subnetting. To
accomplished this we begin with the default network mask for class C
255.255.255.0 (11111111.11111111.11111111.00000000) binary
255.255.255.240 (11111111.11111111.11111111.11110000) binary
Remember the cram table:-

11111111
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)
Look at this because you will always come across it during subnetting
128+64 =192
128+64+32 =224
128+64+32+16=240
128+64+32+16+8=248
128+64+32+16+8+4=252 an so on!
So to give us 16 possible network numbers, 2 of which cannot be used:192.168.1.0 (Reserved)
Network address hosts address, broadcast address

192.168.1.16 192.168.1.17 30 192.168.1.31

192.168.1.32 192.168.1.33 - 46 192.168.1.47
192.168.1.48 192.168.1.49 62 192.168.1.63
192.168.1.64 192.168.1.65 78 192.168.179
192.168.1.80 (keep adding 16 till you get to 224)
That will give you up to 14 networks shared among 14 hosts (nodes).
- See more at: http://orbit-computer-solutions.com/Subnetting-IPaddresses.php#sthash.NsUk2Jlv.dpuf

How To Verify Network

Connectivity.
Using The Ping Command
Using the ping command is one an effective way to test network connection. The test is
often referred to as testing the protocol stack, because the ping command moves from
Layer 3 of the OSI model to Layer 2 and then Layer 1. Ping uses the ICMP protocol to check
for connectivity.
Using ping in a Testing Sequence
Firstly, start by using the router IOS ping command in a planned sequence of steps to
establish valid connections, starting with the individual device and then all the way to the
LAN and, finally, to remote networks.
By using the ping command in this ordered sequence, problems can be put out-of-the-way.
The ping command sometimes does not always pinpoint the nature of the problem, but it
can help to identify the source of the problem, this is considered to be the first step in
troubleshooting a network failure.
The ping command provides a method for checking the protocol stack and IPv4 address
configuration on a host. There are additional tools that can provide more information than
ping, such as Telnet or Trace, which we will look at in detail later.
IOS Ping Indicators
A ping from the IOS will yield to one of several indications for each ICMP echo that was
sent. These indicators are:

! - Exclamation mark
. - Period and

! - The "!" (Exclamation mark) indicates that the ping completed successfully and
verifies Layer 3 connectivity
. - The "." (Period) can indicate problems in the communication. It may indicate
connectivity problem occurred somewhere along the path. It also may indicate a
router along the path did not have a route to the destination and did not send an
ICMP destination unreachable message. It also may indicate that ping was blocked
by device security

- The "U" indicates that a router along the path did not have a route to the destination
address and responded with an ICMP unreachable message.

Pinging the Loopback

As a first step in the testing sequence, the ping command is used to verify the internal IP
configuration on the local host. This can be accomplished by using the ping command on a
reserved address called the loopback -127.0.0.1-. Pinging the loopback helps to verify the
proper operation of the protocol stack from the Network layer to the Physical layer and back
without actually putting a signal on the media.
Ping commands are entered into a command line.
C:>ping 127.0.0.1
The reply from this command would look something like this:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The result shows that four test packets were sent - each 32 bytes in size - and were
returned from host 127.0.0.1 in a time of less than 1 ms. TTL stands for Time to Live and
defines the number of hops that the ping packet has remaining before it will be dropped.

Verifying Interface Connection

The IOS provides commands to verify the operation of router and switch interfaces. You can
use the following command Verify Router Interfaces:
The show ip interface brief command provides a summary of all interface configuration
information on the router; it displays the IP addresses that are assigned to the interface and
other operational status of the interface.
R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.1 YES manual up up
FastEthernet0/1 172.17.1.1 YES manual up up
Serial0/0/0 unassigned YES manual administratively down down
Serial0/0/1 unassigned YES manual administratively down down
Vlan1 unassigned YES manual administratively down down
Router#
Looking at the line for the FastEthernet 0/0 interface, we see that the IP address is
192.168.1.1. Looking at the last two columns, we can see the Layer 1 and Layer 2 status of
the interface. The up in the Status column shows that this interface is operational at Layer
1. The up in the Protocol column indicates that the Layer 2 protocol is operational also the
fastEthernet 0/1 with IP address 172.17.1.1, in this case.
In the same example above, notice that the Serial 0/0/0 and Serial0/0/1 interfaces have not
been enabled and no IP address assigned. This is indicated by administratively down in
the Status column. This interface can be enabled with the no shutdown command.
Testing Router Connectivity
We can use Ping and Traceroute to verify router connectivity, at the layer 3. You can use
these commands to ping a host in a local LAN and place a trace to a remote host across the
WAN.
e.g.
Router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/15/16 ms
Router#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
1 192.168.1.1 16 msec 16 msec 16 msec
The above result shows a successful connection to the gateway.

Testing NICs
The next step in the testing sequence is to verify that the Network Interface Card- NICaddress is bound to the IPv4 address and that the NIC is ready to transmit signals across
the media.
The IPv4 address assigned to a NIC in this case is 10.0.0.6.
To verify the IPv4 address, use the following steps:
Use the following command:
C:>ping 10.0.0.6

A successful reply would resemble:

Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Reply from 10.0.0.6: bytes=32 time<1ms TTL=128
Ping statistics for 10.0.0.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
This test verifies that the NIC driver and most of the NIC hardware are working properly. It
also verifies that the IP address is properly bound to the NIC, without actually putting a
signal on the media.

If this test fails, it is likely that there are issues with the NIC hardware and software driver
that may require reinstallation of either or both. This procedure is dependent on the type of
host and its operating system

- See more at: http://orbit-computer-solutions.com/GeneralTroubleshooting.php#sthash.FrhqpXGH.dpuf

How a Switch Forward Frames in

Ethernet Network.
Switch Packet Forwarding Methods
A switch uses different method of forwarding frames in Ethernet network. These methods
are: Store-and-Forward or Cut-through Switching.

Store-and-Forward Switching
In store-and-forward switching, when the switch receives the frame, it stores the received
data in buffers until the complete frame has been received. While in the storage process,
the switch checks and analyses the frame for information about its intended destination.
During this process, the switch checks the frame for errors using the Cyclic Redundancy
Check (CRC) trailer portion of the Ethernet frame - a mathematical formula, based on the
number of bits (1s) in the frame.
If the frame contains no error, the frame will be forwarded to the appropriate port towards
its destination but when an error is detected the frame is dropped or discarded.
Cut-through Switching
In cut-through switching, the switch works on the frame soon as it is received, even if the
transmission is not complete. The switch records destination MAC address so as to
determine to which port to forward the data. The destination MAC address is located in the
first 6 bytes of the frame following the foreword. The switch in this case does not perform
any error checking on the frame.
Cut-through switching is faster than store-and-forward switching. However, because the
switch does not check the frame for errors, it forwards corrupt frames throughout the
network. The corrupt frames consume bandwidth while they are being forwarded. The
destination NIC- Network Interface Card- will eventually drops or discards the corrupt
frames.
Cisco Catalyst switches uses solely the store-and-forward method of forwarding frames
Most switches are configured to perform cut-through switching on a per-port basis until a
user-defined error mark is reached and then they automatically change to store-andforward. When the error rate falls below the threshold, the port automatically changes back
to cut-through switching.

Field Code Changed

- See more at: http://orbit-computer-solutions.com/CCNA%3A-Understanding-How-A-SwitchForward-Frames-in-Ethernet-Network.php#sthash.zBqU633N.dpuf

Difference between
Hubs, Switches,
Routers, and Access
Points.
Hubs, Switches, Routers, and Access Points are all used to connect computers together on a
network, but each of them has different capabilities.

Field Code Changed

Hubs
Hubs are used to connect computers on a network so as to communicate with each other.
Each computer plugs into the hub with a cable, and information sent from one computer to
another passes through the hub.

A hub can't identify the source or destination of the information it receives, so it

sends the information to all of the computers connected to it, including the one that
sent it. A hub can send or receive information, but it can't do both at the same
time.

Switches
Switches functions the same way as hubs, but they can identify the intended destination of
the information that they receive, so they send that information to only the computers that
its intended for.
Switches can send and receive information at the same time, and faster than hubs can.
Switches are best recommended on a home or office network where you have more
computers and want to use the network for activities that require passing a lot of
information between computers.
Functions of a Switch

Routers
Routers are better known as intermediary devices that enable computers and other network
components to communicate or pass information between two networks e.g. between your
home network and the Internet. The most astounding thing about routers is their capability
to direct network traffic. Routers can be wired (using cables) or wireless. Routers also
typically provide built-in security, such as a firewall.

Access points
Access points provide wireless access to a wired Ethernet network. An access point plugs
into a hub, switch, or wired router and sends out wireless signals. This enables computers
and devices to connect to a wired network wirelessly. You can move from one location to
another and continue to have wireless access to a network. When you connect to the
Internet wirelessly using a public wireless network in an airport, hotel or in public, you are
usually connecting through an access point. Some routers are equipped with a wireless
access point capability, in this case you dont need a wireless access Point.
- See more at: http://orbit-computer-solutions.com/Difference-between-Hubs%2C-Switches%2CRouters%2C-and-Access-Points.php#sthash.UBvxSKQT.dpuf

Field Code Changed

Features and
Functions of Switches.
Things to consider when selecting a Switch for a Network.
To select the appropriate switch for a layer in a particular network, you need to have
specifications that detail the target traffic flows, user communities, data servers, and data
storage servers. Company needs a network that can meet evolving requirements.
Traffic flow analysis is the process of measuring the bandwidth usage on a network and
analysing the data for the purpose of performance tuning, capacity planning, and making
hardware improvement decisions.
1. Future Growth
Switches comes in different sizes, features and function, choosing a switch to match a
particular network sometimes constitute a daunting task.
Consider what will happen if the HR or HQ department grows by five employees or more A
solid network plan includes the rate of personnel growth over the past five years to be able
to anticipate the future growth. With that in mind, you would want to purchase a switch that
can accommodate more than 24 ports, such as stackable or modular switches that can
scale.
2. Performance
When selecting a switch for the* access, **distribution, or ***core layer, consider the
ability of the switch to support the port density, forwarding rates, and bandwidth
aggregation requirements of your network.
*Access layer switches facilitate the connection of end node devices to the network e.g. PC,
Modems, IP phone, Printers etc. For this reason, they need to support features such as port
security, VLANs, Fast Ethernet/Gigabit Ethernet, PoE(power over Internet, and link
aggregation. Port security allows the switch to decide how many or what type of devices are
permitted to connect to the switch. This is where most Cisco comes in, they all support port
layer security. Most renowned network administrator knows this is the first line of defence.
**Distribution Layer switches plays a very important role on the network. They collect the
data from all the access layer switches and forward it to the core layer switches. Traffic that
is generated at Layer 2 on a switched network needs to be managed, or segmented into
VLANs, Distribution layer switches provides the inter-VLAN routing functions so that one
VLAN can communicate with another on the network.
Distribution layer switches provides advanced security policies that can be applied to
network traffic using Access Control Lists (ACL). This type of security allows the switch to

prevent certain types of traffic and permit others. ACLs also allow you to control, which
network devices can communicate on the network.
***Core layer switches: These types of switches at the core layer of a topology, which is
the high-speed backbone of the network and requires switches that can handle very high
forwarding rates. The switch that operates in this area also needs to support link
aggregation (10GbE connections which is currently the fastest available Ethernet
connectivity.) to ensure adequate bandwidth coming into the core from the distribution
layer switches.
Also, core layer switches support additional hardware redundancy features like redundant
power supplies that can be swapped while the switch continues to operate. Because of the
high workload carried by core layer switches, they tend to operate hotter than access or
distribution layer switches, so they should have more sophisticated cooling options. Many
true, core layer-capable switches have the ability to swap cooling fans without having to
turn the switch off.
For example, it would be disruptive to shut down a switch at the core layer to change a
power supply or a fan in the middle of the day when the network usage is at its Peak. To
perform a hardware replacement, you could expect to have at least a 10 to 15 minute
network shutdown, and that is if you are very fast at performing the maintenance. In more
realistic circumstances, the switch could be down for 30 to 45 minutes or more, which most
likely is not acceptable. With hot-swappable hardware, there is no downtime during switch
maintenance.

Switch Port Speed

Another characteristic one needs to put into consideration is port speed, which at times
depend on performance requirements. Choosing between fast Ethernet and Gigabit Ethernet
Switch Ports.
Fast Ethernet allows up to 100 Mb/s of traffic per switch port while Gigabit Ethernet allows
up to 1000 Mb/s of traffic per switch port. Fast Ethernet is adequate for IP telephony and
data traffic on most business networks; however, performance is slower than Gigabit
Ethernet ports..

Switch Port Density

Port density is the number of ports available on a single switch. Fixed configuration switches
support up to 48 ports on a single device, with options for up to four additional ports.
High port densities allow for better use of space and power when both are in limited supply.
If you have two switches that each contain 24 ports, you would be able to support up to 46
devices, because you lose at least one port per switch to connect each switch to the rest of
the network. In addition, two power outlets are required. On the other hand, if you have a
single 48-port switch, 47 devices can be supported, with only one port used to connect the
switch to the rest of the network, and only one power outlet needed to accommodate the
single switch.

Modular switches can support very high port densities through the addition of multiple
switch port line cards, as shown in the figure. For example, the Cisco Catalyst 6500 switch
can support in excess of 1,000 switch ports on a single device.

Forwarding Rates
Switches have different processing capabilities at the rate in which they process data per
second. Processing and forwarding data rates are very important when selecting a switch,
the lower the processing, the slower the forwarding this results to the switch unable to
accommodate full wire-speed communication across all its ports. A normal fast Ethernet
port attains a 100Mb/s , while Gigabit Ethernet does 1000Mb/s.
For example, a 48-port gigabit switch operating at full wire speed generates 48 Gb/s of
traffic. If the switch only supports a forwarding rate of 32 Gb/s, it cannot run at full wire
speed across all ports simultaneously.

Link Aggregation
The more ports you have on a switch to support bandwidth aggregation, the more speed
you have on your network traffic,. e.g. , consider a Gigabit Ethernet port, which carries up
to 1 Gb/s of traffic in a network.
If you have a 24-port switch, with all its ports capable of running at gigabit speeds, you
could generate up to 24 Gb/s of network traffic. If the switch is connected to the rest of the
network by a single network cable, it can only forward 1 Gb/s of the data to the rest of that
network. Due to the contention for bandwidth, the data would forward more slowly. That
results in 1 out of 24 wire speed available to each of the 24 devices connected to the
switch.

Power over Ethernet (PoE)

Another characteristic you consider when choosing a switch is Power over Ethernet (PoE).
This is the ability of the switch to deliver power to a device over the existing Ethernet
cabling. IP phones and some wireless access points can use this feature, you can be able to
install them anywhere you can run an Ethernet cable.
- See more at: http://orbit-computer-solutions.com/Features-and-Functions-ofSwitches.php#sthash.We3aQ6ts.dpuf

Internet Protocol Version 6 IPv6.

Field Code Changed

What is IPv6?

IPv6 is the next generation of IP addressing or Internet Protocol. The previous version of IP
addressing (IPv4) is depleted or near depletion.
IPv6 was created by the Internet Engineering Task Force (IETF), a standards body, as a
replacement to IPv4 in 1998.

However, IPv6 is equipped with so much improved features and limitless opportunities more
than IPv4. This next generation of IP addressing boasts of increased securities and more IP
addressing space.

IPv6 predecessor (IPv4) uses 32 bits for addressing. It provides approximately =

4,294,967,296 unique addresses only 3.7 billion addresses are assignable or routable on
the internet.

IPv6 is equipped with 128 bits for addressing. This provides approximately 3.4 x 1038
addresses. This run into trillions for every individual on the planet! Thats a hell of a huge
number of IP addresses. We will look at it in details later on.

The most important feature offered by IPv6 is the address auto configuration. This feature
supports fast connectivity for any combination of computers, printers, digital cameras,
digital radios, IP phones, Internet-enabled household appliances, to be connected to their
home networks.

In a nutshell, these devices on the network automatically address themselves with a link
local unicast address.
The autoconfiguration mechanism was introduced to enable plug-and-play networking of
these devices to help reduce administration overhead.

Other Improved Features of IPv6.

Many of the improvements that IPv6 offers are, including:

Superior IP addressing

Simplified header

Mobility and security

Superior IP Addressing: A larger address space offers several improvements, which

include global connectivity and flexibility. It also offers more plug-and-play options for more
devices and auto configuration that can include Data Link layer addresses in the address
space..etc.
Simplified header: The IPv6 simplified header offers several advantages over IPv4, this
includes:

IPv6 offers better routing efficiency for performance.

Elimination of broadcasts and thus no potential threat of broadcast storms (uses

multicast traffic instead)

No requirement for processing checksums.

Simplified and more efficient extension header mechanisms.

Improved Mobility and Security. Mobility and security help ensure compliance with
consumers mobile IP and IP Security (IPsec) standards functionality. Mobility enables people
with mobile network devices, many with wireless connectivity, to move around in networks.
However, IPsec is available for both IPv4 and IPv6. Its functionalities are basically identical
in both internet protocols, IPsec is mandatory in IPv6, making the IPv6 Internet more
secure.
- See more at: http://www.orbit-computer-solutions.com/What-is-IPv6%3A-IPv6Tutorial.php#sthash.CsJrTOEg.dpuf

DHCP.

Field Code Changed

Dynamic Host Configuration Protocol works in a client/server mode. DHCP enables clients on
an IP network to obtain or lease IP address or configuration from a DHCP server. This
reduces workload when managing a large network. DHCP protocol is described in the RFC
2131.
Most modern operating system includes DHCP in their primary settings, these includes
windows OS, Novell NetWare, Sun Solaris, Linux and Mac OS. The clients requests for
addressing configuration from a DHCP network server, the network server manages the
assignment of IP addresses and must be obliged to answer to any IP configuration requests
from clients.
However, network routers, switches and servers need to have a static IP addresses, DHCP is
not intended for the configuration of these types of hosts. Cisco routers use a Cisco IOS
features known as Cisco Easy IP Lease. This offers an optional but full-featured DHCP
server. Easy IP leases address for 24hrs by default, it is most useful in homes and small
offices where users can take the advantages of DHCP and NAT without having an NT or
UNIX server
The DHCP sever uses User Datagram Protocol (UTP) as its transport protocol to send
message to the client on port 68, while the client uses port 67 to send messages to the
server.

DHCP severs can offer other information, this include, DNS server addresses, WINS server
addresses and domain names. In most DHCP servers, administrators are allowed to define
clients MAC addresses, which the server automatically assigns same IP, address each time.
Most administrators prefer to work with Network server that offers DHCP services. These
types of network are scalable and easy to manage.

- See more at: http://www.orbit-computer-solutions.com/DHCP.php#sthash.kHq15I8F.dpuf

On This Page
<style>.tocTitle, #tocDiv{display: none;}</style>

INTRODUCTION
When you configure the TCP/IP protocol on a Microsoft Windows computer, an IP address, subnet mask, and
usually a default gateway are required in the TCP/IP configuration settings.
To configure TCP/IP correctly, it is necessary to understand how TCP/IP networks are addressed and divided into
networks and subnetworks. This article is intended as a general introduction to the concepts of IP networks and
subnetting. A glossary is included at the end of article.
Back to the top | Give Feedback

MORE INFORMATION

The success of TCP/IP as the network protocol of the Internet is largely because of its ability to connect together
networks of different sizes and systems of different types. These networks are arbitrarily defined into three main
classes (along with a few others) that have predefined sizes, each of which can be divided into smaller subnetworks
by system administrators. A subnet mask is used to divide an IP address into two parts. One part identifies the host
(computer), the other part identifies the network to which it belongs. To better understand how IP addresses and
subnet masks work, look at an IP (Internet Protocol) address and see how it is organized.

IP addresses: Networks and hosts

An IP address is a 32-bit number that uniquely identifies a host (computer or other device, such as a printer or
router) on a TCP/IP network.
IP addresses are normally expressed in dotted-decimal format, with four numbers separated by periods, such as
192.168.123.132. To understand how subnet masks are used to distinguish between hosts, networks, and
subnetworks, examine an IP address in binary notation.
For example, the dotted-decimal IP address 192.168.123.132 is (in binary notation) the 32 bit number
110000000101000111101110000100. This number may be hard to make sense of, so divide it into four parts of
eight binary digits.
These eight bit sections are known as octets. The example IP address, then, becomes
11000000.10101000.01111011.10000100. This number only makes a little more sense, so for most uses, convert the
binary address into dotted-decimal format (192.168.123.132). The decimal numbers separated by periods are the
octets converted from binary to decimal notation.
For a TCP/IP wide area network (WAN) to work efficiently as a collection of networks, the routers that pass packets
of data between networks do not know the exact location of a host for which a packet of information is destined.
Routers only know what network the host is a member of and use information stored in their route table to determine
how to get the packet to the destination host's network. After the packet is delivered to the destination's network, the
packet is delivered to the appropriate host.
For this process to work, an IP address has two parts. The first part of an IP address is used as a network address, the
last part as a host address. If you take the example 192.168.123.132 and divide it into these two parts you get the
following:
192.168.123.
Network
.132 Host
-or192.168.123.0 - network address.
0.0.0.132
- host address.

Subnet mask
The second item, which is required for TCP/IP to work, is the subnet mask. The subnet mask is used by the TCP/IP
protocol to determine whether a host is on the local subnet or on a remote network.
In TCP/IP, the parts of the IP address that are used as the network and host addresses are not fixed, so the network
and host addresses above cannot be determined unless you have more information. This information is supplied in
another 32-bit number called a subnet mask. In this example, the subnet mask is 255.255.255.0. It is not obvious
what this number means unless you know that 255 in binary notation equals 11111111; so, the subnet mask is:
11111111.11111111.11111111.0000000

Lining up the IP address and the subnet mask together, the network and host portions of the address can be
separated:
11000000.10101000.01111011.10000100 -- IP address (192.168.123.132)
11111111.11111111.11111111.00000000 -- Subnet mask (255.255.255.0)
The first 24 bits (the number of ones in the subnet mask) are identified as the network address, with the last 8 bits
(the number of remaining zeros in the subnet mask) identified as the host address. This gives you the following:
11000000.10101000.01111011.00000000 -- Network address (192.168.123.0)
00000000.00000000.00000000.10000100 -- Host address (000.000.000.132)
So now you know, for this example using a 255.255.255.0 subnet mask, that the network ID is 192.168.123.0, and
the host address is 0.0.0.132. When a packet arrives on the 192.168.123.0 subnet (from the local subnet or a remote
network), and it has a destination address of 192.168.123.132, your computer will receive it from the network and
process it.
Almost all decimal subnet masks convert to binary numbers that are all ones on the left and all zeros on the right.
Some other common subnet masks are:
Decimal
Binary
255.255.255.192
1111111.11111111.1111111.11000000
255.255.255.224
1111111.11111111.1111111.11100000
Internet RFC 1878 (available from http://www.internic.net
) describes the valid subnets and subnet masks that can be used on TCP/IP networks.

Network classes
Internet addresses are allocated by the InterNIC (http://www.internic.net
), the organization that administers the Internet. These IP addresses are divided into classes. The most common of
these are classes A, B, and C. Classes D and E exist, but are not generally used by end users. Each of the address
classes has a different default subnet mask. You can identify the class of an IP address by looking at its first octet.
Following are the ranges of Class A, B, and C Internet addresses, each with an example address:

Class A networks use a default subnet mask of 255.0.0.0 and have 0-127 as their first octet. The
address 10.52.36.11 is a class A address. Its first octet is 10, which is between 1 and 126, inclusive.
Class B networks use a default subnet mask of 255.255.0.0 and have 128-191 as their first octet. The
address 172.16.52.63 is a class B address. Its first octet is 172, which is between 128 and 191,
inclusive.
Class C networks use a default subnet mask of 255.255.255.0 and have 192-223 as their first octet.
The address 192.168.123.132 is a class C address. Its first octet is 192, which is between 192 and
223, inclusive.

In some scenarios, the default subnet mask values do not fit the needs of the organization, because of the physical
topology of the network, or because the numbers of networks (or hosts) do not fit within the default subnet mask
restrictions. The next section explains how networks can be divided using subnet masks.

Subnetting
A Class A, B, or C TCP/IP network can be further divided, or subnetted, by a system administrator. This becomes
necessary as you reconcile the logical address scheme of the Internet (the abstract world of IP addresses and
subnets) with the physical networks in use by the real world.
A system administrator who is allocated a block of IP addresses may be administering networks that are not

organized in a way that easily fits these addresses. For example, you have a wide area network with 150 hosts on
three networks (in different cities) that are connected by a TCP/IP router. Each of these three networks has 50 hosts.
You are allocated the class C network 192.168.123.0. (For illustration, this address is actually from a range that is
not allocated on the Internet.) This means that you can use the addresses 192.168.123.1 to 192.168.123.254 for your
150 hosts.
Two addresses that cannot be used in your example are 192.168.123.0 and 192.168.123.255 because binary
addresses with a host portion of all ones and all zeros are invalid. The zero address is invalid because it is used to
specify a network without specifying a host. The 255 address (in binary notation, a host address of all ones) is used
to broadcast a message to every host on a network. Just remember that the first and last address in any network or
subnet cannot be assigned to any individual host.
You should now be able to give IP addresses to 254 hosts. This works fine if all 150 computers are on a single
network. However, your 150 computers are on three separate physical networks. Instead of requesting more address
blocks for each network, you divide your network into subnets that enable you to use one block of addresses on
multiple physical networks.
In this case, you divide your network into four subnets by using a subnet mask that makes the network address larger
and the possible range of host addresses smaller. In other words, you are 'borrowing' some of the bits usually used
for the host address, and using them for the network portion of the address. The subnet mask 255.255.255.192 gives
you four networks of 62 hosts each. This works because in binary notation, 255.255.255.192 is the same as
1111111.11111111.1111111.11000000. The first two digits of the last octet become network addresses, so you get
the additional networks 00000000 (0), 01000000 (64), 10000000 (128) and 11000000 (192). (Some administrators
will only use two of the subnetworks using 255.255.255.192 as a subnet mask. For more information on this topic,
see RFC 1878.) In these four networks, the last 6 binary digits can be used for host addresses.
Using a subnet mask of 255.255.255.192, your 192.168.123.0 network then becomes the four networks
192.168.123.0, 192.168.123.64, 192.168.123.128 and 192.168.123.192. These four networks would have as valid
host addresses:
192.168.123.1-62
192.168.123.65-126
192.168.123.129-190
192.168.123.193-254
Remember, again, that binary host addresses with all ones or all zeros are invalid, so you cannot use addresses with
the last octet of 0, 63, 64, 127, 128, 191, 192, or 255.
You can see how this works by looking at two host addresses, 192.168.123.71 and 192.168.123.133. If you used the
default Class C subnet mask of 255.255.255.0, both addresses are on the 192.168.123.0 network. However, if you
use the subnet mask of 255.255.255.192, they are on different networks; 192.168.123.71 is on the 192.168.123.64
network, 192.168.123.133 is on the 192.168.123.128 network.

Default gateways
If a TCP/IP computer needs to communicate with a host on another network, it will usually communicate through a
device called a router. In TCP/IP terms, a router that is specified on a host, which links the host's subnet to other
networks, is called a default gateway. This section explains how TCP/IP determines whether or not to send packets
to its default gateway to reach another computer or device on the network.
When a host attempts to communicate with another device using TCP/IP, it performs a comparison process using the
defined subnet mask and the destination IP address versus the subnet mask and its own IP address. The result of this
comparison tells the computer whether the destination is a local host or a remote host.
If the result of this process determines the destination to be a local host, then the computer will simply send the
packet on the local subnet. If the result of the comparison determines the destination to be a remote host, then the

computer will forward the packet to the default gateway defined in its TCP/IP properties. It is then the responsibility
of the router to forward the packet to the correct subnet.

Troubleshooting
TCP/IP network problems are often caused by incorrect configuration of the three main entries in a computer's
TCP/IP properties. By understanding how errors in TCP/IP configuration affect network operations, you can solve
many common TCP/IP problems.
Incorrect Subnet Mask: If a network uses a subnet mask other than the default mask for its address class, and a client
is still configured with the default subnet mask for the address class, communication will fail to some nearby
networks but not to distant ones. As an example, if you create four subnets (such as in the subnetting example) but
use the incorrect subnet mask of 255.255.255.0 in your TCP/IP configuration, hosts will not be able to determine
that some computers are on different subnets than their own. When this happens, packets destined for hosts on
different physical networks that are part of the same Class C address will not be sent to a default gateway for
delivery. A common symptom of this is when a computer can communicate with hosts that are on its local network
and can talk to all remote networks except those that are nearby and have the same class A, B, or C address. To fix
this problem, just enter the correct subnet mask in the TCP/IP configuration for that host.
Incorrect IP Address: If you put computers with IP addresses that should be on separate subnets on a local network
with each other, they will not be able to communicate. They will try to send packets to each other through a router
that will not be able to forward them correctly. A symptom of this problem is a computer that can talk to hosts on
remote networks, but cannot communicate with some or all computers on their local network. To correct this
problem, make sure all computers on the same physical network have IP addresses on the same IP subnet. If you run
out of IP addresses on a single network segment, there are solutions that go beyond the scope of this article.
Incorrect Default Gateway: A computer configured with an incorrect default gateway will be able to communicate
with hosts on its own network segment, but will fail to communicate with hosts on some or all remote networks. If a
single physical network has more than one router, and the wrong router is configured as a default gateway, a host
will be able to communicate with some remote networks, but not others. This problem is common if an organization
has a router to an internal TCP/IP network and another router connected to the Internet.
Back to the top | Give Feedback

REFERENCES
Two popular references on TCP/IP are:
"TCP/IP Illustrated, Volume 1: The Protocols," Richard Stevens, Addison Wesley, 1994
"Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architecture," Douglas E. Comer, Prentice
Hall, 1995
It is strongly recommended that a system administrator responsible for TCP/IP networks have at least one of these
references available.

Glossary
Broadcast address -- An IP address with a host portion that is all ones.
Host -- A computer or other device on a TCP/IP network.
Internet -- The global collection of networks that are connected together and share a common range of IP addresses.
InterNIC -- The organization responsible for administration of IP addresses on the Internet.

IP -- The network protocol used for sending network packets over a TCP/IP network or the Internet.
IP Address -- A unique 32-bit address for a host on a TCP/IP network or internetwork.
Network -- There are two uses of the term network in this article. One is a group of computers on a single physical
network segment; the other is an IP network address range that is allocated by a system administrator.
Network address -- An IP address with a host portion that is all zeros.
Octet -- An 8-bit number, 4 of which comprise a 32-bit IP address. They have a range of 00000000-11111111 that
correspond to the decimal values 0-255.
Packet -- A unit of data passed over a TCP/IP network or wide area network.
RFC (Request for Comment) -- A document used to define standards on the Internet.
Router -- A device that passes network traffic between different IP networks.
Subnet Mask -- A 32-bit number used to distinguish the network and host portions of an IP address.
Subnet or Subnetwork -- A smaller network created by dividing a larger network into equal parts.
TCP/IP -- Used broadly, the set of protocols, standards and utilities commonly used on the Internet and large
networks.
Wide area network (WAN) -- A large network that is a collection of smaller networks separated by routers. The
Internet is an example of a very large WAN.
Back to the top | Give Feedback

NAT Overload or PAT.

NAT overload sometimes called PAT (Port Address Translation) maps multiple unregistered
or private IP addresses to a single registered or public IP address by using different ports.
This is what most home broadband routers do. Your ISP assigns an IP address to your
router, but you find out that all the computers in the house could connect to the Internet at
the same time.
PAT uses unique source port numbers on the inside global IP address to distinguish between
translations
When a client logs on the Internet, the NAT router assigns a port number to its source
address. NAT overload or PAT ensures that clients use a different TCP port number for each
client session with a server on the Internet. When the server response, the client router
routes the packet based on the source port number, which had become the destination port
number. This process also validates that the incoming packets were requested, thus adding
a degree of security to the session.

NAT Overload Table

Inside Local IP
Address
10.10.10.2:1555
10.10.10.3:2333

Inside Global IP
Address
209.165.200.226:1555
209.165.200.226:2333

Outside Global IP
Address
209.165.201.1:80
209.165.202.129:80

Outside Local IP
Address
209.165.201.1:80
209.165.202.129:80

Looking at the figure above, NAT overload or PAT used unique source port numbers on the
inside global IP address to distinguish between translations. As NAT processes each packet,
it uses a port number to identify the packet source - 2333 and 1555 in the above figure -.

* The source address (SA) is the inside local IP address with the assigned port number
attached.
* The destination address (DA) is the outside local IP address with the service port number
attached, in this case port 80: HTTP (Internet).
At the border gateway router (R1), NAT overload changes the SA to the inside global IP
address of the client, again with the port number attached. The DA is the same address, but
is now referred to as the outside global IP address. When the web server replies, the same
path is followed but in reverse.
- See more at: http://orbit-computer-solutions.com/NAT-Overload-or-PAT.php#sthash.83PxcHOa.dpuf

How NAT Works.

In the example below, an inside host (192.168.1.10) wants to communicate with an outside
web server (199.100.20.1). It sends a packet to the NAT-configured gateway router for the
network.
The gateway router reads the source IP address of the packet and checks if the packet
matches the criteria specified for translation.
The gateway router has an ACL (Access Control List) that identifies the inside network as
valid hosts for translation. Therefore, it translates an inside local IP address into inside
global IP address, which in this case is 199.100.10.34. It stores this translated local to
global address in the NAT table. The gateway router then sends the packet to its
destination.
When the web server responds, the packet comes back to the global address of gateway
router (199.100.10.34).
The gateway router refers to its NAT table and sees that this was a previously translated IP
address. Then, it translates the inside global address to the inside local address, and the
packet is forwarded to host at IP address 192.168.1.10. If it does not find a translation that
match, the packet is dropped.

There are two types of NAT translation: Dynamic and Static.

NAT Overload or Port Address Translation
- See more at: http://orbit-computer-solutions.com/Understanding-How-NATWorks.php#sthash.TLQPZvJE.dpuf

Static and Dynamic

NAT.
Both static and dynamic NAT require that enough public addresses are available to satisfy
the total number of simultaneous user sessions.

Field Code Changed

Static NAT
Static NAT also called inbound mapping, is the process of mapping an unregistered IP
address to a registered IP address on a one-to-one basis. The unregistered or mapped IP
address is assigned with the same registered IP address each time the request comes
through. This process is particularly useful for web servers or hosts that must have a
consistent address that is accessible from the Internet.

Simply, Static NAT enables a PC on a stub domain to maintain an assigned IP address when
communicating with other devices outside its network or the Internet.

Static NAT configuration commands example:

R1#config t
R1(config)#ip nat inside source static 10.10.10.2 212.165.200.123
R1(config)#interface fa0/0 10.10.10.1 255.255.255.0
R1(config)#ip nat inside
R1(config)#interface se0/0 192.168.1.1 255.255.255.0
R1(config)#ip nat outside

The above configuration creates a permanent entry in the NAT table as long as the
configuration is present and enables both inside and outside hosts to initiate a connection.

All you need to do in static NAT configuration is to define the addresses to translate and
then configure NAT on the right interfaces. Packets arriving on an inside interface from the
identified IP addresses are subject to translation. Packets arriving on an outside interface
addressed to the identified IP address are subject to translation.

Dynamic NAT
Unlike static NAT that provides a permanent mapping between an internal address and a
specific public address, dynamic NAT maps private IP addresses to public addresses.
Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served
basis.

When a host with a private IP address requests access to the Internet, dynamic NAT
chooses an IP address from the pool that is not already in use by another host. Dynamic
NAT is useful when fewer addresses are available than the actual number of hosts to be
translated.

Dynamic NAT configuration commands example:

R1#config t
R1(config)#ip nat-pool 179.9.8.80 179.9.8.95 netmask 255.255.255.0
R1 (config #ip nat inside source list 1 pool nat-pool1
R1 (config)#interface fa0/0 10.10.10.1 255.255.255.0
R1(config)#ip nat inside
R1(config)#interface se0/0
R1(config)#ip address 192.168.1.1 255.255.255.0
R1(config)#ip nat outside
R1(config)#access-list 1 permit 10.10.10.0 0.0.0.255

While static NAT provides a permanent mapping between an internal address and a specific
public address, dynamic NAT maps private IP addresses to public addresses. These public IP
addresses come from a NAT pool.

Note:

When configuring dynamic NAT, you need an ACL to permit only those addresses that are to
be translated. Remember, you have to add an implicit "deny all" at the end of each ACL.
- See more at: http://orbit-computer-solutions.com/Static-and-DynamicNAT.php#sthash.Knk7HJ15.dpuf

Network Security.

Field Code Changed

Why is Network Security

Important?
Wherever there is a network, wired or wireless; there are threats. Some people are easily
put off setting up a home or office network with the fear that any thing stored in their hard
drive could be accessed by neighbours or hackers. The types of potential threats to network
security are always evolving, and constant computer network system monitoring and
security should be an ultimate priority for any network administrator.
If the security of the network is compromised, there could be serious consequences, such as
loss of privacy, and theft of information.

When it comes to network security, the main concern is making sure that any wireless
connections are protected against unauthorised access.

Most business transactions are done over the Internet, In addition, the rise of mobile
commerce and wireless networks demands that security solutions become flawlessly
integrated, more transparent, and more flexible.
Network attack tools and methods have evolved. Back in the days when a hacker had to
have sophisticated computer, programming, and networking knowledge to make use of
rudimentary tools and basic attacks.
Nowadays, network hackers, methods and tools has improved tremendously, hackers no
longer required the same level of sophisticated knowledge, people who previously would not
have participated in computer crime are now able to do so.

Types of Network Threats and

Attacks
As the types of threats, attacks, and exploits grows, various terms have been used to
describe the individuals involved. Some of the most common terms are as follows:
i. White hat- These are network attackers who looks for vulnerabilities in systems or
networks and then reports these vulnerabilities to the owners of the system so that they
can be fixed. They are ethically opposed to the abuse of computer systems. A white hat
generally focuses on securing IT systems.
ii. Hacker- This is a general term that is used to describe a computer programming expert.
These are normally used in a negative way to describe an individual that attempts to gain
unauthorized access to network resources with malicious intent.

iii. Black hat or Cracker- The opposite of White Hat, this term is used to describe those
individuals who use their knowledge of computer systems and programming skills to break
into systems or networks that they are not authorized to use, this of course is done usually
for personal or financial gain.
iv. Phreaker- This terms is often used to describe an individual who manipulates the phone
network in a bid to perform a function that is not allowed. The phreaker breaks into the
phone network, usually through a payphone, to make free or illegal long distance calls.
v. Spammer- This is often used to describe the persons who sends large quantities of
unsolicited e-mail messages. Spammers often use viruses to take control of home
computers and use them to send out their bulk messages.
vi. Phisher- Uses e-mail or other means to trick others into providing sensitive information,
such as credit card numbers or passwords. A phisher masquerades as a trusted party that
would have a legitimate need for the sensitive information.
- See more at: http://orbit-computer-solutions.com/Network-Security.php#sthash.QPtVCwt1.dpuf

VLAN

(Virtual Local Area Network).

Definition.
VLAN (Virtual Local Network) is a logically separate IP subnetwork which allow multiple IP
networks and subnets to exist on the same-switched network.

VLAN is a logical broadcast domain that can span multiple physical LAN segments. It is a
modern way administrators configure switches into virtual local-area networks (VLANs) to
improve network performance by separating large Layer 2 broadcast domains into smaller
ones.
By using VLAN a network administrator will be able to group together stations by logical
function, or by applications, without regard to physical location of the users.
Each VLAN functions as a separate LAN and spans one or more switches. This allows host
devices to behave as if they were on the same network segment.
For traffic to move between VLANs, a layer 3 device (router) is required.
VLAN has three major functions:
i. Limits the size of broadcast domains
ii. Improves network performance
ii. Provides a level of security

Field Code Changed

How VLAN works.

Lets use this real world scenario: Think about a small organisation with different offices or
departments, all in one building. Some years later, the organisation has expanded and now
spans across three buildings. The original network is still the same, but offices and
departments computers are spread out across three buildings. The HR offices remain on the
same floor and other departments' are on the other floors and buildings.
However, the network administrator wants to ensure that all the office computers share the
same security features and bandwidth controls. Creating a large LAN and wiring each
department together will constitute a huge task and definitely wont be easy when it comes
to managing the network.
This where VLAN switching comes in, it will be easier to group offices and departments with
the resources they use regardless of their location, and certainly easier to manage their
specific security and bandwidth needs.
Opting for a switched VLAN allows the network administrator to create groups of logically
networked devices that act as if they are on their own independent network, even if they
share a common infrastructure with other VLANs. When you configure a VLAN, you can
name it to describe the primary role of the users for that VLAN.
Study the figure below for more detail:

Books on Cisco Networking, Certification and Exam Resources

In summary:

i. VLAN is an independent LAN network.

ii. VLAN allows the student and Faculty Computers to be separated

although the share the same infrastructure.
iii. For easy identification, VLANs can be named.

a.
b.
c.

VLAN = all PCs are assigned with a subnet address defined for
VLAN 10
Configure the VLAN , assign ports to the VLAN
Assign an IP subnet address on the PCs.
Advantages of VLAN:

Security Security of sensitive data are separated from the rest of

the network, decreasing the chances of confidential information

breaches.

Division of Layer 2 networks into multiple logical

workgroups (broadcast domains) reduces unnecessary traffic on the
network and boosts performance.
Higher performance

Cost savings result from less need for expensive

network upgrades and more on this network.
Cost reduction -

- See more at: http://orbit-computer-solutions.com/VLAN-and-Trunking.php#sthash.jnFrSN0S.dpuf

Networking Basics: What You Need To Know

Field Code Changed

What's a Router Versus a Switch?

Routers and switches are networking basics.
But what are the differences and why are they
important? (1:47 min)

When looking at networking basics, understanding the way a network operates is the first step to understanding
routing and switching. The network operates by connecting computers and peripherals using two pieces of
equipment; switches and routers. Switches and routers, essential networking basics, enable the devices that are
connected to your network to communicate with each other, as well as with other networks.
Though they look quite similar, routers and switches perform very different functions in a network.

Networking Basics: Switches

Switches are used to connect multiple devices on the same network within a building or campus. For example, a

switch can connect your computers, printers and servers, creating a network of shared resources. The switch,

one aspect of your networking basics, would serve as a controller, allowing the various devices to share

information and talk to each other. Through information sharing and resource allocation, switches save you

money and increase productivity.

There are two basic types of switches to choose from as part of your networking basics: managed and

unmanaged.

An unmanaged switch works out of the box and does not allow you to make changes. Home-networking

equipment typically offers unmanaged switches.

A managed switch allows you access to program it. This provides greater flexibility to your networking basics

because the switch can be monitored and adjusted locally or remotely to give you control over network traffic,

and who has access to your network.

Networking Basics: Routers

Routers, the second valuable component of your networking basics, are used to tie multiple networks together.

For example, you would use a router to connect your networked computers to the Internet and thereby share an

Internet connection among many users. The router will act as a dispatcher, choosing the best route for your

information to travel so that you receive it quickly.

Routers analyze the data being sent over a network, change how it is packaged, and send it to another network,

or over a different type of network. They connect your business to the outside world, protect your information

from security threats, and can even decide which computers get priority over others.

Depending on your business and your networking plans, you can choose from routers that include different

capabilities. These can include networking basics such as:

Firewall: Specialized software that examines incoming data and protects your business network against

attacks

Virtual Private Network (VPN): A way to allow remote employees to safely access your network remotely

IP Phone network : Combine your company's computer and telephone network, using voice and conferencing

technology, to simplify and unify your communications

Next:
Unsung Heroes - How Routing & Switching Keep the Business Going
Building a Small Office Network: Getting Started
http://orbit-computer-solutions.com/Reserved-IP-Addresses.php
http://orbit-computer-solutions.com/Reserved-IP-Addresses.php