(N10-008) notes Flashcards
▪ Device that allows wireless devices to connect into a wired network
▪ Commonly used in home, small business, and even some large enterprise
networks
▪ Acts as a wireless hub
Wireless Access Point (WAP)
▪ Smallest type of wired or
wireless network
▪ Covers the least amount
of area (few meters)
▪ Examples:
● Bluetooth cellphone to car
● USB hard drive to laptop
● Firewire video camera to
computer
Personal Area Network (PAN)
▪ Connects components in a limited distance
▪ Each segment is limited to short distances, such as 100 meters with CAT 5
cabling
▪ Consists of Ethernet (IEEE 802.3) or WiFi networks (IEEE 802.11)
● Internal wired or wireless networks
Local Area Network (LAN)
▪ Connects building-centric LANs across a university, industrial park, or
business park
▪ Covers many square miles and buildings
▪ Examples:
● College campus
● Business Parks
● Military bases
Campus Area Network (CAN)
▪ Connects scattered locations across a city
▪ Larger than a CAN, but smaller than a WAN
▪ Covers up to a 25-mile radius in larger cities
▪ Examples:
● City departments like the police department
● Community college with campuses spread across a county
Metropolitan Area Network (MAN)
▪ Connects geographically disparate internal networks
▪ Consists of leased lines or Virtual Private Networks tunneled over the
Internet
▪ Covers distances around the country or around the world
▪ Examples:
● The Internet
● Connecting two private corporate networks from New York to
Seattle
Wide Area Network (WAN)
▪ Uses a cable running through area that required network connectivity
▪ Each device “taps” into the cable using either a T connector or vampire
tap
▪ Old technology, not commonly used anymore
▪ Devices on cable form single collision domain
Bus Topology
▪ Uses a cable running in a circular loop
Ring Topology
▪ Each device connects to the ring, but data travels in a singular direction
▪ FDDI (Fiber networks) used two counter-rotating rings for redundancy
▪ On token ring networks, devices wait for a turn to communicate on ring
by passing a token
▪ Most popular physical LAN topology
▪ Devices connect to a single point
▪ Commonly used with Ethernet cabling, but wireless or fiber is also used
▪ If the central device fails, the entire network fails
Star Topology
▪ Used for connecting multiple sites
▪ Similar to Star but with WAN links instead of LAN connections
▪ Not redundant, if central office (hub) fails, the whole network can fail
Hub-and-Spoke Topology
▪ Most redundant topology
▪ Every node connects to every other node
▪ Optimal routing is always available
▪ Very expensive to maintain and operate
▪ Number of Connections
▪ x= n(n - 1) / 2
Full-Mesh Topology
▪ Hybrid of the full-mesh and the hub-and-spoke topologies
▪ Provides optimal routes between some sites, while avoiding the expense
of connecting every site
▪ Must consider network traffic patterns to design it effectively
Partial-Mesh Topology
(Mode Type)
▪ Most common type of wireless network
▪ Requires centralized management
▪ Uses a wireless access point as a centralized point like a star topology
▪ Supports wireless security controls
Infrastructure Modernization
(Mode Type)
▪ Decentralized wireless network
▪ No routers or access points are required
▪ Forwarding decisions for data on the network are made dynamically
▪ Allows creation/joining of networks “on-the-fly”
▪ Creates P2P connections
Ad Hoc Mode
(OSI model)
Don’t Some People Fear Birthdays?
7
6 DATA
5
4 SEGMENTS
3 PACKETS
2 FRAMES
1 BITS
(OSI LAYER)
▪ Transmission of bits across the network
▪ Characteristics:
● How bits are represented on the medium
● Wiring standards for connectors and jacks
● Synchronizing bits
● Bandwidth usage
● Multiplexing strategy
▪ Cables
● Ethernet
● Fiber optic
▪ Radio frequencies
● Wi-Fi
● Bluetooth
▪ Infrastructure devices
● Hubs
● Wireless Access Points
● Media Converters
Physical Layer (Layer 1)
How is communication synchronized?
● Uses start bits and stop bits to indicate when transmissions occur
from sender to receiver
Asynchronous
How is communication synchronized?
● Uses a reference clock to coordinate the transmissions by both
sender and receiver
Synchronous
How is bandwidth utilized?
● Divides bandwidth into
separate channels
● Example:
o Cable TV
Broadband
How is bandwidth utilized?
● Uses all available frequency on a medium (cable) to transmit data
and uses a reference clock to coordinate the transmissions by
both sender and receiver
● Example:
o Ethernet
Baseband
How can we get more out of a limited network? (Layer 1)
● Each session takes turns, using time slots, to share the medium
between all users
Time-Division Multiplexing (TDM)
How can we get more out of a limited network? (Layer 1)
● More efficient version of TDM, it dynamically allocates time slots
on an as-needed basis instead of statically assigning
Statistical Time-Division Multiplexing (StatTDM)
How can we get more out of a limited network? (Layer 1)
● Medium is divided into various channels based on frequencies
and each session is transmitted over a different channel
o Broadband
Frequency-Division Multiplexing (FDM)
(OSI LAYER)
▪ Packages data into frames and transmitting those frames on the network,
performing error detection/correction, and uniquely identifying network
devices with an address (MAC), and flow control
● MAC
● Physical addressing
● Logical topology
● Method of Transmission
● Link Layer Control (LLC)
o Connection services
o Synchronizing transmissions
Data Link Layer (Layer 2)
Physical addressing
● Uses 48-bit address assigned to a network interface card (NIC) by
manufacturer
● First 24-bits is the vendor code
● Second 24-bits is a unique value
Media Access Control (MAC)
▪ Provides connection services
▪ Acknowledgement of receipt of a message
▪ Flow control
● Limits amount of data sender can send at one time to keep
receiver from becoming overwhelmed
▪ Error control
● Allows receiver to let sender know when an expected data frame
wasn’t received or was corrupted by using a checksum
Logical Link Control (LLC)
How is communication synchronized? (LAYER 2)
● Network devices use a common reference clock source and create
time slots for transmission
Isochronous
How is communication synchronized? (LAYER 2)
● Network devices agree on clocking method to indicate beginning
and end of frames
● Uses control characters or separate timing channel
Synchronous
How is communication synchronized? (LAYER 2)
● Network devices reference their own
internal clocks and use start/stop bits
Asynchronous
(OSI LAYER)
▪ Forwards traffic (routing) with logical address
● Example: IP Address (IPv4 or IPv6)
▪ Logical addressing
▪ Switching
▪ Route discovery and selection
▪ Connection services
▪ Bandwidth usage
▪ Multiplexing strategy
▪ Routers
▪ Multilayer switches
▪ IPv4 protocol
▪ IPv6 protocol
▪ Internet Control Message Protocol (ICMP)
Network Layer (Layer 3)
How should data be forwarded or routed?
● Data is divided into packets and forwarded
Packet switching (known as routing)
How should data be forwarded or routed?
● Dedicated communication link is established between two devices
Circuit switching
How should data be forwarded or routed?
● Data is divided into messages, similar to packet switching, except
these messages may be stored then forwarded
Message switching
▪ Routers maintain a routing table to understand how to forward a packet
based on destination IP address
▪ Manually configured as a static route or dynamically through a routing
protocol
● RIP
● OSPF
● EIGRP
Route Discovery and Selection
▪ Used to send error messages and operational information about an IP
destination
▪ Not regularly used by end-user applications
▪ Used in troubleshooting (ping and traceroute)
Internet Control Message Protocol (ICMP)
(OSI LAYER)
▪ Dividing line between upper and lower layers of the OSI model
▪ Data is sent as segments
▪ TCP/UDP
▪ Windowing
▪ Buffering
▪ TCP
▪ UDP
▪ WAN Accelerators
▪ Load Balancers
▪ Firewalls
Transport Layer (Layer 4)
▪ Connection-oriented protocol
▪ Reliable transport of segments
● If segment is dropped, protocol detects it and resends segment
▪ Acknowledgements received for successful communications
▪ Used for all network data that needs to be assured to get to its
destination
TCP (Transmission Control Protocol)
▪ Connectionless protocol
▪ Unreliable transport of segments
● If dropped, sender is unaware
▪ No retransmission
▪ Good for audio/video streaming
▪ Lower overhead for increased performance
UDP (User Datagram Protocol)
▪ Allows the clients to adjust the amount of data sent in each segment
▪ Continually adjusts to send more or less data per segment transmitted
● Adjusts lower as number of retransmissions occur
● Adjusts upwards as retransmissions are eliminated
Windowing
▪ Devices, such as routers, allocate memory to store segments if bandwidth
isn’t readily available
▪ When available, it transmits the contents
Buffering
(OSI LAYER)
▪ Think of a session as a conversation that must be kept separate from
others to prevent intermingling of the data
▪ Setting up sessions
▪ Maintaining sessions
▪ Tearing down sessions
▪ H.323
● Used to setup, maintain, and tear down a voice/video connection
▪ NetBIOS
● Used by computers to share files over a network
Session Layer (Layer 5)
Setting up, maintaining or tearing down a session?
▪ Check user credentials
▪ Assign numbers to session to identify them
▪ Negotiate services needed for session
▪ Negotiate who begins sending data
Setting up a Session
Setting up, maintaining or Tearing down a session?
▪ Transfer the data
▪ Reestablish a disconnected session
▪ Acknowledging receipt of data
Maintaining a Session
Setting up, maintaining or tearing down a session?
▪ Due to mutual agreement
● After the transfer is done
▪ Due to other party disconnecting
Tearing Down a Session
(OSI LAYER)
▪ Responsible for formatting the data exchanged and securing that data
with proper encryption
▪ Functions
▪ Data formatting
▪ Encryption
▪ HTML, XML, PHP, JavaScript, …
▪ ASCII, EBCDIC, UNICODE, …
▪ GIF, JPG, TIF, SVG, PNG, …
▪ MPG, MOV, …
▪ TLS, SSL, …
Presentation Layer (Layer 6)
Function of Presentation Layer
▪ Formats data for proper compatibility between devices
● ASCII
● GIF
● JPG
▪ Ensures data is readable by receiving system
▪ Provides proper data structures
▪ Negotiates data transfer syntax for the Application Layer (Layer 7)
Data Formatting
Function of Presentation Layer
▪ Used to scramble the data in transit to keep it secure from prying eyes
▪ Provides confidentiality of data
▪ Example:
● TLS to secure data between your PC and website
Encryption
(OSI LAYER)
▪ Provides application-level services
● Not Microsoft Word or Notepad
▪ Layer where the users communicate with the computer
▪ Functions:
● Application services
● Service advertisement
▪ E-mail (POP3, IMAP, SMTP)
▪ Web Browsing (HTTP, HTTPS)
▪ Domain Name Service (DNS)
▪ File Transfer Protocol (FTP, FTPS)
▪ Remote Access (TELNET, SSH)
▪ Simple Network Management Protocol (SNMP)
Application Layer (Layer 7)
Function of Layer 7
▪ Application services unite communicating components from more than
one network application
▪ Examples:
● File transfers and file sharing
● E-mail
● Remote access
● Network management activities
● Client/server processes
Application Services
Function of Layer 7
▪ Some applications send out announcements
▪ States the services they offer on the network
▪ Some centrally register with the Active Directory server instead
▪ Example:
● Printers
● File servers
Service Advertisement
The process of putting headers (and sometimes trailers) around some data
o If we move down the OSI layers from 7 to 1
Encapsulation
Action of removing the encapsulation that was applied
If we move upward from layers 1 to 7
Decapsulation
a single unit of information transmitted within a
computer network
▪ Layer 1 - bits
▪ Layer 2 - frames
▪ Layer 3 - packets
▪ Layer 4 - segments if TCP or datagrams if UDP
A protocol data unit
▪ The most well-known flag in TCP communications because it is used to
synchronize the connection during the three-way handshake
SYN (or synchronization) flag
▪ Used during the three-way handshake, but it is also used to acknowledge
the successful receipt of packets
ACK (or acknowledgement) flag
▪ Used to tear down the virtual connections created using the three-way
handshake and the SYN flag
always appears when the last packets are exchanged
between a client and server and the host is ready to shutdown the
connection
FIN (or finished) packet
▪ Used when a client or server receives a packet that it was not expecting
during the current connection
RST (or reset) flag
▪ Used to ensure that the data is given priority and is processed at the
sending or receiving ends
PSH (or PUSH) flag
▪ It is like the Push flag and identifies incoming data as “urgent”
used by a sender to indicate data with a
higher priority level where URG is sent to tell the recipient to process it
immediately and ignore anything else in queue
URG (or urgent) flag
these ports are just like the ones used in UDP, they dictate where the
data is coming from and where it is going to
Source and Destination ports
Used to indicate how many bytes the UDP packet is,
including its header and its data
Length
Not a mandatory field, but it can be used to provide some
validation that the UDP data being sent was received with
some level of integrity
Checksum
▪ A physical address that is used to identify a network card on the local
area network
▪ Allows the source to find the destination by using this type of addressing
MAC address
Used to indicate which protocol is encapsulated in the payload of the
frame
EtherType field
▪ As data moves from layer 7 to layer 1, that data is encapsulated
● At layer 4, we add our
source and destination ports
▪ As data moves from layer 7 to layer 1, that data is encapsulated
● At layer 3, we add our
source and destination IP addresses
▪ As data moves from layer 7 to layer 1, that data is encapsulated
● At layer 2, we add our
source and destination MAC addresses
▪ As data moves from layer 7 to layer 1, that data is encapsulated
▪ Once we get to layer 1,
we are simply transmitting our layer 2 frames as a
series of 1’s and 0’s over the medium
OSI Model to TCP/IP Model
Application
Presentation Layers
Session
TCP/IP
Application
OSI Model to TCP/IP Model
Transport Layer
TCP/IP
Transport
OSI Model to TCP/IP Model
Network Layer
TCP/IP
Internet
OSI Model to TCP/IP Model
Data Link
Physical Layers
TCP/IP
Network Interface
Port
▪ Transfers computer files between a client and server on a computer
network
▪ Unsecure method
▪ Data transferred in the clear
File Transfer Protocol FTP (Port 20, 21)
port
▪ Cryptographic network protocol for operating network services securely
over an unsecured network
▪ Best known for remote login to computer systems by users
Secure Shell SSH (Port 22)
port
▪ Provides file access, file transfer, and file management over any
reliable data stream
SSH File Transfer Protocol SFTP (Port 22)
port
▪ Provides bidirectional interactive text-oriented communication facility
using a virtual terminal connection
▪ Like SSH, but insecure
Telnet (Port 23)
port
▪ Internet standard for sending electronic mail
▪ RFC 821 was defined originally in 1982
▪ RFC 5321 developed in 2008 (current version)
Simple Mail Transfer Protocol SMTP (Port 25)
port
▪ Hierarchical decentralized naming system for computers, services, or
other resources connected to the Internet or a private network
▪ Converts domain names to IP addresses
Domain Name Service DNS (Port 53)
port
▪ DHCP server dynamically assigns an IP address and other network
configuration parameters to a client
▪ Enables computers to request IP addresses and networking parameters
automatically?
▪ Reduces burden on network administrators
Dynamic Host Control DHCP (Port 67, 68)
port
▪ Transmits files in both directions of a client-server application
▪ Used for booting an operating system from a local area network file
server
▪ Doesn’t provide user authentication or directory visibility
▪ Essentially a stripped-down version of FTP
Trivial File Transfer TFTP (Port 69)
port
▪ Foundation of data communication for WWW
▪ Designed for distributed, collaborative, and hypermedia presentation
across many devices
Hyper Text Transfer HTTP (Port 80)
port
▪ Used by local e-mail clients to retrieve e-mail from a remote server over
TCP/IP connection
Post Office Protocol v3 POP3 (Port 110)
port
▪ Provides clock synchronization between computer systems over packetswitched, variable-latency data networks
▪ Created in 1985, one of the oldest Internet protocols in current use
Network Time Protocol NTP (Port 123)
port
▪ Network Basic Input/Output System
▪ Provides services allowing applications on separate computers to
communicate over a local area network for file and printer sharing
NetBIOS (Port 139)
port
▪ Provides e-mail clients to retrieve e-mail messages from a mail server
over a TCP/IP connection
▪ Allows the end user to view and manipulate the messages as if they’re
stored locally
Internet Mail Application IMAP (Port 143)
port
▪ Provides collection and organization of information about managed
devices on IP networks
▪ Can modify that information to change device behavior, commonly used
in network devices
Simple Network Management SNMP (Port 161)
port
▪ Open, vendor-neutral, industry standard for accessing and maintaining
distributed directory information services
▪ LDAP and Active Directory use this port
Lightweight Directory Access LDAP (Port 389)
port
▪ Foundation of ecommerce on WWW
▪ Designed for adding security to the insecure HTTP protocol
HTTP Secure HTTPS (Port 443)
port
▪ Foundation of ecommerce on WWW
▪ Designed for adding security to the insecure HTTP protocol
HTTP Secure HTTPS (Port 443)
port
▪ Provides shared access to files, printers, and miscellaneous
communications between devices on a network
Server Message Block SMB (Port 445)
port
▪ Used to send logging data back to a centralized server
System Logging Protocol Syslog (Port 514)
port
▪ Secure and encrypted way to send emails
Simple Mail Transfer Protocol Transport Layer Security SMTP TLS (Port 587)
port
▪ Open, vendor-neutral, industry standard for accessing and maintaining
distributed directory information services
Provides secure directory services
LDAP Secure LDAPS (Port 636)
port
▪ Secure and encrypted way to receive emails
Internet Message Access Protocol over SSL IMAP over SSL (Port 993)
port
▪ Secure and encrypted way to receive emails
Post Office Protocol Version 3 over SSL POP3 over SSL (Port 995)
port
▪ Used for communication from a client to the database engine
Structured Query Language Server Protocol SQL (Port 1433)
port
▪ Used for communication from a client to an Oracle database
SQLnet Protocol (Port 1521)
port
▪ Used for communication from a client to the MySQL database engine
MySQL (Port 3306)
port
▪ Proprietary protocol developed by Microsoft
▪ Provides a user with a graphical interface to connect to another
computer over a network connection
▪ User employs RDP client software for this purpose and the other
computer must run RDP server software
Remote Desktop Protocol RDP (Port 3389)
port
▪ Provides signaling and controlling multimedia communication sessions in
applications
▪ Used for Internet telephony for voice and video calls, VOIP, and instant
messaging
Session Initiation Protocol SIP (Port 5060, 5061)
IP Protocol Types
▪ A transport protocol that operates at layer 4 of the OSI model
▪ Used on top of the Internet Protocol for the reliable packet transmission
▪ Operates by conducting a three-way handshake between a client and a
server, and then establishing the connection
▪ TCP is considered a connection-oriented method of communication
Transmission Control Protocol (TCP)
IP Protocol Types
▪ A lightweight data transport protocol that also works on top of IP
▪ Can detect if its packets are corrupted when they are received by a client
using a checksum, but there is no connection and no sequencing to the
UDP segments
▪ Great for some applications, like streaming audio and video, but it
definitely does NOT provide reliable delivery of the data
User Datagram Protocol (UDP)
IP Protocol Types
▪ A network level protocol that is used to communicate information about
network connectivity issues back to the sender
▪ ICMP is used a lot by network technicians during troubleshooting, but it is
also used by attackers to conduct ping scans and network mapping
Internet Control Message Protocol (ICMP)
IP Protocol Types
▪ A tunneling protocol that was developed by Cisco to encapsulate a wide
variety of network layer protocols inside a virtual point-to-point or pointto-multipoint link over an Internet Protocol network
▪ Important to set a smaller maximum transmission unit or MTU size on
the tunnel
▪ It does not provide any encryption
Generic Routing Encapsulation protocol (GRE)
IP Protocol Types
▪ Set of secure communication protocols at the network or packet
processing layer that is used to protect data flows between peers
Internet Protocol Security protocol (IPsec)
A protocol within IPSec that provides integrity and
authentication
Authentication Header (AH)
Provides encryption and integrity for the data packets sent
over IPsec
Backwards-compatible with most IP routers including
those that were not designed to work with IPsec initially
Encapsulating security payload (ESP)
Theoretical measure of how much data could be transferred from a
source to its destination
Bandwidth
Actual measure of how much data transferred from a source to its
destination
Throughput
An automated way to electronically simulate a crossover cable connector
even if using a straight-through patch cable
Medium Dependent Interface Crossover (MDIX)
Standard, hot-pluggable gigabit Ethernet
transceiver (copper or fiber)
GBIC
▪ Compact, hot-pluggable optical module transceiver
▪ Support up to 4.25 Gbps
▪ Known as Mini-GBIC
Small Form-factor Pluggable (SFP)
▪ Enhanced SFP
▪ Support up to 16 Gbps
SFP+
▪ Compact, hot-pluggable optical module transceiver
▪ Supports up to 100 Gbps
Quad Small Form-factor Pluggable (QSFP)
The entrance facilities where you WAN connection will
enter your building
Demarcation point
punch down blocks
● Used for phones and older LAN wiring
● Causes crosstalk due to proximity of cables
● Bad choice for higher-speed LAN wiring
Do not use for CAT 5 or above
66 block
Punch Down Blocks
Used for higher-speed network wiring
Required for CAT 5 or above cabling
110 block
Punch Down Blocks
A proprietary European alternative to a 110 block
Krone block
Punch Down Blocks
● Another proprietary punch down block that comes in various sizes
● If you are going to work on a BIX block, you will need a BIX specific punch down tool
BIX block
Hub type
Repeats signal with no amplification
Passive hub
Hub type
Repeats signal with amplification
Active hub
Hub type
Active hub with enhanced features like SNMP
Smart hub
▪ Congestion can occur when ports all operate at the same speed
▪ Allows for combination of multiple physical connections into a single
logical connection
▪ Bandwidth available is increased and the congestion is minimized or
prevented
Link Aggregation (802.3ad)
Supplies electrical power over Ethernet
● Requires CAT 5 or higher copper cable
● Provides up to 15.4 watts of power to device
● PoE+ provides up to 25.5 W of power to device
▪ Two device types
● Power Sourcing Equipment (PSE)
● Powered Device (PD)
Power Over Ethernet (PoE 802.3af, PoE+ 802.3at)
▪ For security purposes, switches can require users to authenticate
themselves before gaining access to the network
▪ Once authenticated, a key is generated and shared between the
supplicant (device wanting access) and the switch (authenticator)
▪ Authentication server checks the supplicant’s credentials and creates the
key
▪ Key is used to encrypt the traffic coming from and being sent to the client
User Authentication (802.1x)
Allows for local administration of the switch using a
separate laptop and a rollover cable (DB-9 to RJ-45)
Console port
▪ Management involves keeping all network configuration devices on a
separate network
Out-of-band (OOB)
uses virtual IP and MAC addresses to
provide a “active router” and a “standby router”
is a Cisco-proprietary protocol
● If Active is offline, then standby answers
Hot Standby Router Protocol (HSRP)
▪ Permits or denies traffic based on a device’s MAC address to improve
security
MAC Filtering
▪ Multilayer switches may permit or deny traffic based on IP addresses or
application ports
Traffic Filtering
▪ Forwards traffic based on priority markings
Quality of Service (QoS)
Permits redundant links between switches and prevents traffic loops
Availability is measured in 9’s
▪ Five 9’s is 99.999% uptime and allows only 5 minutes down per year
Shortest Path Bridging (SPB) is used for larger network environments instead
Without, MAC Address table corruption can occur
Spanning Tree Protocol (STP) (802.1D)
▪ If broadcast frame received by both switches, they can forward frames to
each other
▪ Multiple copies of frame are forwarded, replicated, and forwarded again
until the network is consumed with forwarding many copies of the same
initial frame
Broadcast Storms
● Switch elected to act as a reference point for a spanning tree
● Switch with the lowest bridge ID (BID)
● BID is made up of a priority value and a MAC address
Root bridge
● All other switches in an STP topology
Nonroot bridge
● Every non-root bridge has a single root port
● Port closest to the root bridge in terms of cost
● If costs are equal, lowest port number is chosen
Root Port
● Every network segment has a designated port
● Port closest to the root bridge in terms of cost
● All ports on root bridge are designated ports
Designated Port
● Ports that block traffic to create loop-free topology
do not forward traffic during normal operation, but
do receive bridge protocol data units (BPDUs)
Non-Designated Port
Port States
● BPDUs are received but they are not forwarded
● Used at beginning and on redundant links
Blocking
Port States
● Populates MAC address table
● Does not forward frames
Listening
Port States
● Processes BPDUs
● Switch determines its role in the spanning tree
Learning
Port States
● Forwards frames for operations
Forwarding
Link Costs
▪ Associated with the speed of a link
▪ Lower the link’s speed, the higher the cost
▪ Multiple VLANs transmitted over the same physical cable
▪ VLANs are each tagged with 4-byte identifier
● Tag Protocol Identifier (TPI)
● Tag Control Identifier (TCI)
▪ One VLAN is left untagged
● Called the Native VLAN
VLAN Trunking (802.1q)
▪ Creates a secure virtual tunnel over an untrusted network like the
Internet
Virtual Private Network (VPN)
▪ A specific type of VPN concentrator used to terminate IPSec VPN tunnels
within a router or other device
VPN Headend
▪ Conducts deep packet inspection at Layer 7
▪ Detects and prevents attacks
▪ Much more powerful than basic stateless or stateful firewalls
▪ Continually connects to cloud resources for latest information on threats
Next-Generation Firewall (NGFW)
▪ A specialized device that makes requests to an external network on
behalf of a client
Proxy Server
▪ Dedicated appliance that performs the caching functions of a proxy
server
Content Engine/Caching Engine
▪ Distributes incoming requests across various servers in a server farm
Content Switch/Load Balancer
▪ A hardware device that connects to your IP network to make a
connection to a call manager within your network
VoIP Phone
▪ Used to perform the call processing for hardware and software-based IP
phones
Unified Communications (or Call) Manager
▪ Data travels from a single source device to a single destination device
Unicast
▪ Data travels from a single source device to multiple (but specific)
destination devices
Multicast
▪ Data travels from a single source device to all devices on a destination
network
Broadcast
▪ Discovers the current network that an interface is located on and then
select its own host ID based on its MAC address using the EUI64 process
● Extended Unique Identifier (EUI)
Stateless Address Autoconfiguration (SLAAC)
▪ Used to learn Layer 2 addresses on network
▪ Router Solicitation
● Hosts send message to locate routers on link
▪ Router Advertisement
● Router advertise their presence periodically and in response to
solicitation
▪ Neighbor Solicitation
● Used by nodes to determine link layer addresses
▪ Neighbor Advertisement
● Used by nodes to respond to solicitation messages
▪ Redirect
● Routers informing host of better first-hop routers
Neighbor Discovery Protocol (NDP)
● Learned by physical connection between routers
Directly Connected Routes
● Manually configured route by an administrator
Static Routes
● Learned by exchanging information between routers
Dynamic Routing
● Prevents a route learned on one interface from being advertised
back out of that same interface
Split horizon
● Causes a route received on one interface to be advertised back
out of that same interface with a metric considered to be infinite
Poison reverse
● Protocol that Operates within an autonomous system
Interior Gateway Protocols (IGP)
● Protocol Operated between autonomous systems
Exterior Gateway Protocols (EGP)
▪ Characteristic of a routing protocol
▪ How does it receive, advertise, and store routing information?
● Distance vector
● Link state
▪ Not every routing protocol fits neatly into one of these two categories
(hybrids exist)
Router Advertisement Method
Router Advertisement Method
▪ Sends full copy of routing table
to its directly connected
neighbors at regular intervals
▪ Slow convergence time
● Time it takes for all
routers to update their
routing tables in
response to a topology
change
▪ Holding-down timers speeds up convergence
● Prevents updates for a specific period of time
▪ Uses hop count as a metric
Distance Vector
Router Advertisement Method
▪ Requires all routers to know about the paths that all other routers can
reach in the network
▪ Information is flooded throughout the link-state domain (OSPF or IS-IS) to
ensure routers have synchronized information
▪ Faster convergence time and uses cost or other factors as a metric
▪ Each router constructs its own relative shortest-path tree with itself as
the root for all known routes in the network
Link State
Routing Protocol
▪ Interior Gateway Protocol
▪ Distance-vector protocol using hop count
▪ Maximum hops of 15, 16 is infinite
▪ Oldest dynamic routing protocol, provides updates every 30 seconds
▪ Easy to configure and runs over UDP
Routing Information Protocol (RIP)
Routing Protocol
▪ Interior Gateway Protocol
▪ Link-state protocol using cost
▪ Cost is based on link speed between routers
Open Shortest Path First (OSPF)
Routing Protocol
▪ Interior Gateway Protocol
▪ Link-state protocol using cost
▪ Cost is based on link speed between two routers
▪ Functions like OSPF protocol, but not as popular or widely utilized
Intermediate System to Intermediate System (IS-IS)
Routing Protocol
▪ Interior Gateway Protocol
▪ Advanced distance-vector protocol using bandwidth and delay making it
a hybrid of distance-vector and link-state
▪ Proprietary Cisco protocol that is popular in Cisco-only networks
Enhanced Interior Gateway Routing Protocol (EIGRP)
Routing Protocol
▪ External Gateway Protocol
▪ Path vector using the number of autonomous system hops instead of
router hops
▪ Widespread utilization, this protocol runs the backbone of the Internet
▪ Does not converge quickly, though, when the topology changes
Border Gateway Protocol (BGP)
Route Believability
▪ If a network is using more than one routing protocol, how does it choose
which routing protocol to make decisions from?
▪ Some routing protocols are considered more believable than others, so
routers use an index of believability called administrative distance (AD)
▪ If a route has a lower the administrative distance (AD), the route is more
believable
Address Translation
▪ Network Address Translation (NAT) is used to conserve the limited supply
of IPv4 addresses
▪ NAT translates private IP addresses to public IP addresses for routing over
public networks
▪ Port Address Translation (PAT) is a variation of address translation that
utilizes port numbers instead of IP addresses for translation
Address Translation (NAT & PAT)
Types of Address Translation
▪ Dynamic NAT (DNAT)
● IP addresses automatically assigned from a pool
● One-to-one translations
▪ Static NAT (SNAT)
● IP addresses manually assigned
● One-to-one translations
▪ Port Address Translation (PAT)
● Multiple private IP addresses share one public IP
● Many-to-one translation
● Common in small networks
Names of NAT IP Addresses
● Private IP address referencing an inside device
Inside local
Names of NAT IP Addresses
● Public IP address referencing an inside device
Inside global
Names of NAT IP Addresses
● Private IP address referencing an outside device
Outside local
Names of NAT IP Addresses
● Public IP address referencing an outside device
Outside global
What is multicast touring?
Multicast sender sends traffic to a Class D IP Address, known as a
multicast group
▪ Goal
● Send the traffic only to the devices that want it
▪ Two primary protocols
● Internet Group Management Protocol (IGMP)
● Protocol Independent Multicast (PIM)
▪ Used by clients and routers to let routers known which interfaces have
multicast receivers
▪ Used by clients to join a multicast group
Internet Group Management Protocol (IGMP)
● IGMPv1
o Client requests to join the group and is asked every 60
seconds if it wants to remain in the group
● IGMPv2
o Client can send a leave message to exit multicast group
● IGMPv3
o Client can request multicast from only specific server
o Called source-specific multicast (SSM)
o Allows multiple video streams to single multicast
▪ Routes multicast traffic between multicast-enabled routers
▪ Multicast routing protocol forms a multicast distribution tree
Protocol Independent Multicast (PIM)
Uses periodic flood and prune behavior to form optimal
distribution tree
Causes a negative performance impact on the network
Rarely used in modern networks
PIM Dense Mode (PIM-DM)
Initially uses a shared distribution tree, which may be
suboptimal, but…
Eventually creates an optimal distribution tree through
shortest
path tree (SPT) switchover
PIM Sparse Mode (PIM-SM)
Uses source distribution tree (SDT) to
form an optimal path between source
router and last-hop router
Before the optimal path is formed, entire
network is initially flooded and consumes
unnecessary bandwidth
PIM Dense Mode: Flooding
If a router receives multicast traffic in the
initial flood and the traffic is not needed,
then the router sends a prune message
asking to be removed from the source
distribution tree
PIM Dense Mode: Pruning
After sending prune messages, the
resulting source distribution tree has an
optimal path between source router and
last-hop router
Flood and prune repeat every 3 minutes
which can cause excessive performance
impacts on the network
PIM Dense Mode: After Pruning
An optimal path between the source and
last-hop routers is not initially created
Instead, a multicast source sends traffic
directly to a rendezvous point (RP)
All last-hop routers send join messages to
the RP
Originally provides a suboptimal distribution tree,
but when first multicast packet is received by last-hop router, then optimal
distribution tree is created based on unicast routing table
Unneeded branches are pruned during
Shortest Path Tree (SPT) switchover
PIM Sparse Mode: Shared Distribution Tree
Assigns devices with IP addresses and also provides them a subnet mask, default
gateway, and DNS server
Operates over ports 67 and 68 using UDP
Dynamic Host Configuration Protocol (DHCP)
o Converts domain names to IP addresses using a hierarchical and decentralized
system of naming
o Operates over UDP and TCP using port 53
Domain Name System (DNS)
o Sharing of information between DNS servers about which domain names they
have and their associated IP addresses
Zone Transfer
o Synchronizes clocks between systems communicating over
o a packet-switched, variable-latency data network
o Sent over UDP using port 123
Network Time Protocol (NTP)
A list of valid IP addresses that are available for
assignment or lease to a client computer or endpoint
device on a given subnet
Scope
D-O-R-A process
Discover, Offer, Request and Acknowledge
▪ Any host that forwards DHCP packets between clients and servers
DHCP Relay
o Used to help your network clients find a website using human-readable
hostnames instead of numeric IP addresses
o Converts names to numbers and numbers to names
Domain Name System (DNS)
● This is when a domain name is under a top-level provider
● The most common top-level provider:
o .com
o .mil
o .edu
o .org
o .net
Fully Qualified Domain Name (FQDN)
▪ The highest level in the DNS hierarchy tree and the root name server
answers requests in the root zone
▪ These servers contain the global list of all the top-level domains, such as
.com, .net, .org, .mil, and others
Root Level
▪ Organizational hierarchy
● .com
● .net
● .org
Top-level Domains
● .uk for the United Kingdom
● .fr for France
● .it for Italy
Geographic hierarchy
▪ These domains site directly below the top-level domain
● For example: diontraining.com and it
sits underneath the top-level domain of .com
Second-level Domains
▪ Used instead of a A record or AAAA record if you want to point a domain
to another domain name or subdomain
CNAME Record
▪ Mail Exchange Record
▪ Used to direct emails to a mail serve
▪ Used to indicate how email messages should be routed using the Simple
Mail Transfer Protocol, or SMTP, over port 25
▪ Can only be used to point to another domain, not an IP address
MX Record
▪ Start of Authority Record
▪ Used to store important information about a domain or zone
SOA Record
▪ The process of sending DNS records data from the primary nameserver to
a secondary name server
▪ Uses the TCP protocol to transfer the data to ensure data is successfully
sent by the primary server and received by the second server
DNS zone transfer
▪ Pointer Records
▪ Used to correlate an IP address with a domain name
▪ The opposite of an A record
▪ Always stored under the .arpa (top-level domain)
PTR Records
▪ Used by domain administrators to add text into the domain name system
or DNS
▪ A place to store machine-readable data
TXT Record
▪ Used to specify a host and port for a specific service
▪ Can specify a port along with our IP address
SRV Records
▪ Used to indicate which DNS name server is the authoritative one for a
domain
NS Record
▪ Name Server Record
▪ Records created around the domain names we purchase from a central
authority and use on the public internet
External DNS
▪ Also known as a DNS cache located on an individual host
▪ This temporary database remembers the answers it received from the
DNS server
● Recursive Lookup
o DNS server will hunt it down and report back to your
resolver
● Interactive lookup
o DNS resolve will continually query DNS servers until it finds
the one with the IP for the domain
DNS Resolver
o Synchronizes clocks between systems communicating over a packet-switched,
variable-latency data network
o Sent over UDP using port 123
▪ Stratum
▪ Clients
▪ Servers
can handle a maximum of 15 stratum levels
Network Time Protocol (NTP)
WAN Connection Types
▪ Logical connection that connects two sites through a service provider’s
facility or telephone company’s central office
▪ More expensive than other WAN technologies because a customer
doesn’t share bandwidth with other customers
Dedicated Leased Line
WAN Connection Types
▪ Connection is brought up only when needed, like making a phone call
▪ On-demand bandwidth can provide cost savings for customers who only
need periodic connectivity to a remote site
Circuit-Switched Connection
WAN Connection Types
▪ Always on like a dedicated leased line, but multiple customers share the
bandwidth
▪ SLAs used to guarantee a certain quality
(5mbps at least 80% of the time)
▪ Virtual circuits are represented as dashed lines
Packet-Switched Connection
WAN Wireless Media
Communicated using a frequency of 30 KHz and had a
bandwidth of about 2 kbps
1G
WAN Wireless Media
Communicated over a GSM network using the 1800 Mhz
frequency band
Used multiplexing
First to have SMS and text messages and international
roaming
2G
WAN Wireless Media
Support 144 Kbps
o Use a wider frequency band with frequencies from 1.6 Ghz
to 2 Ghz
3G
WAN Wireless Media
● Could reach data speeds of up to 2 Mbps
● The slowest of the 3G technologies
WCDMA
● Wideband Code Division Multiple Access
WAN Wireless Media
● Could reach speeds of up to 14.4 mbps
● Referred to as 3.5G
HSPA
● High Speed Packet Access standard
WAN Wireless Media
● Brought speed up to around 50 mbps
● Referred to as 3.75G
HSPA+
● High Speed Packet Access Evolution
WAN Wireless Media
o Introduction of multiple input multiple output, or MIMO
o Uses an even wider frequency band, covering frequencies
from 2 to 8 Ghz
4G
Often called 4G LTE, or 4G Long Term Evolution
WAN Wireless Media
Reach speeds up to 10 Gbps using high-band frequencies
split into 3 frequency bands
▪ Low-band Frequencies
● Operates between 600-850 MHz and
provide us with speeds of 30-250 Mbps
▪ Mid-band Frequencies
● Operate between 2.5 to 3.7 Ghz and
supports higher data rates of 100-900 Mbps
▪ High-band Frequencies
● Operate between 25-39 Ghz
5G
WAN Wireless Media
o A cellular technology that takes your voice during a call
and converts it to digital data
o A SIM card is used to identify yourself to the network
Global System for Mobile Communications (GSM)
WAN Wireless Media
o A cellular technology that uses, code division, to split up
the channel
o For every call that is made, the data is encoded with a
unique key and then all the data streams can be
transmitted at once in a single channel
Code-Division Multiple Access (CDMA)
WAN Wireless Media
o Worldwide Interoperability for Microwave Access
o Requires an antenna be installed on the roof of your home
or office
o WiMAX is faster than GSM (2G), UMTS (3G), HSPA (3.5G)
WiMax
▪ Point-to-point connection between two sites
● All bandwidth on line is available all the time
▪ Digital circuits are measured in 64-kbps channels called Digital Signal 0
(DS0)
● Channel Service Unit / Data Service Unit (CSU/DSU) is used to
terminate the digital signals at customer’s demarcation point
▪ Common digital circuits include T1, E1, T3, and E3 circuits
Dedicated Leased Line
T1 Line speed
1.544 Mbps
T1c Line speed
3.152 Mbps
T2 Line speed
6.312 Mbps
T3 Line speed
44.736 Mbps
