2.0 Network Implementations
[2.1] Compare and contrast various devices, their features, and their appropriate placement on the network
Networking Devices
Layer 2 Switch: Layer 2 device used to connect multiple network segments together
Each port on a switch is a separate collision device
Essentially a multiport bridge
Switches learn MAC addresses and make forwarding decisions based on them
Switches analyze source MAC addresses in frames entering a switch for MAC table
All ports belong to the same broadcast domain
Layer 3 Switch: Layer 3 device used to connect multiple network segments together
Each port is a separate collision domain and a separate broadcast domain
Can make routing decisions and interconnect entire networks like a router
Router: Layer 3 device used to connect multiple networks together
Each port is a separate collision domain and a separate broadcast domain
Make forwarding decisions based on logical network address information (IP address)
More feature rich and support broader range of interface types than multilayer switches
Hub: Layer 1 device used to connect multiple devices or workstations, aka multiport repeater
All devices connected to a hub are part of the same collision domain!
Passive hub: Repeats signal with no amplification
Active hub: Repeats signal with amplicficatio
Smart hub: Active hub with enhanced features like SNMP
Access Point:
Bridge: Analyze source MAC addresses in frames entering the bridge to populate an internal MAC address table, makes forwarding decisions based on destination MAC address
Bridges create two distinct collision domains
Wireless LAN Controller:
Load Balancer: Distributes incoming requests across various servers in a server farm
Also know as content switching on networks
Proxy Server: A specialized device that makes request to an external network on behalf of a client
Content Engine or caching engine performs the caching functions of a proxy server
Cable Modem:
DSL Modem
Repeater
Voice Gateway:
Media Converter:
Intrusion Prevention System: Recognizes and responds to malicious activity or attacks
Host-based: Splits a host from the rest of a network
Network-based: Splits an internal network from another network or the Internet
Intrusion Detection System: Recognizes attacks through signatures and anomalies
Firewall: Network security appliance at the boundary of the network
Can be software or hardware
Stateful: Allows traffic that originates from inside the network to go out to the Internet and blocks traffic originating from the Internet from getting into the network
VPN Headend:
Unified Threat Management (UTM): Enforces a variety of security-related measures, combining the work of a firewall, malware scanner, and intrusion detection/prevention system
Industrial Control System (ICS): Describes the different type of control systems and associated instrumentation
Supervisory Control and Data Acquisition (SCADA): Acquires and transmits data from different systems to a central plane for monitoring and control
Networked Devices
Voice over Internet Protocol (VoIP) Phone: A hardware device that connects to an IP network to make a connection to a call manager within the network
Internet of Things (IoT) Technologies
802.11
Operates as infrastructure or ad hoc
Bluetooth
Low energy use variant of Bluetooth which allows for a mesh network
RFID
Uses electromagnetic fields to read data stored in embedded tags
NFC
Enables 2 devices to communicate within a 4 cm range
Infrared (IR)
Operates with line of sight
Z-Wave
Provides short-range, low latency data transfers at rates and power consumption lower than Wi-Fi
Used primarily for home automation
Ant+
Collection and transfer of sensor data
Used with remote control systems (tire pressure, TVs, lights)
[2.2] Compare and contrast routing technologies and bandwidth management concepts
Routing
Local Route Interface [L]
Directly Connected [C]
Static Route [S]
Routing Internet Protocol (RIP) (Hop Count) [R]
IGP > Older distance vector routing protocols which employs hop count as a metric
Prevents routing loops by implementing a limit on the number of hops
RIPv1 does not support VLSM, but RIPv2 does
Open Shortest Path First (OSPF) (Bandwidth Cost / Link State) [O]
IGP > Supports IPv4 and VLSM (Variable Length Subnet Mask)
Link-state routing protocol developed for IP networks based of Shortest Path First algorithm
Information is flooded throughout the link-state domain
Intermediate System to Intermediate System (IS-IS) (Link State) [I]
IGP > Link state protocol using cost based on link speed
Functions like OSPF, but not as popular or widely utilized
Enhanced Interior Gateway Routing Protocol (EIGRP) (Bandwidth, Delay, Load, Reliability) [D]
IGP > Supports unequal cost load balancing
Interior Gateway Routing Protocol (IGRP) (Distance Vector) > older version
Advanced distance vector protocol using bandwidth and delay
Proprietary Cisco protocol that is popular on Cisco networks
Border Gateway Protocol (BGP) (Path Vector) [B]
EGP > Standardized gateway protocol designed to exchange routing and reachability info among "Autonomous Systems" (AS) on the Internet
Path vector using the number of autonomous system hops instead of router hops
Widespread utilization, runs the backbone of the Internet
Administrative Distances:
Bandwidth Management
Traffic Filtering --> Multilayer switches may permit or deny traffic based on IP addresses or application ports - similar to a built-in firewall
Quality of Service (QoS): Mechanism to control traffic and ensure performance by forwarding traffic based on priority markings - dedicated bandwidth, controlled jitter, and lower latency
[2.3] Given a scenario, configure and deploy common Ethernet switching features
Port Configurations
Link Aggregation (802.3ad): The combining of multiple network connections in parallel by any of several methods
Link Aggregation Control Protocol: Standard to combine multiple network connections or physical links to form a single locgical link and enable load balancing on interfaces
Increases the total throughput beyond what a single connection could sustain
Provides redundancy where all but one of the physical links may fail
Bandwidth is increased and the congestion is minimized
Link Aggregation Group (LAG): Combined collection of physical ports
Port Monitoring / Mirroring: Helpful to analyze packet flow over a network - port mirroring makes a copy of all traffic destined for a port and sends it to another port
Switches require port monitoring for network analyzer to see traffic
VLAN
Virtual Local Area Network (VLAN): Virtualized connection that connects multiple devices and network nodes from different LANs into one logical network
Same switches but switch ports can be different
Switch ports are in a single broadcast domain
Allow you to break out of certain ports to be in different broadcast domains
Allow different logical networks to share the same physical hardware
Provides added security and efficiency
VLAN Trunking (802.1): IEEE Standard for multiple VLANs being transmitted over the same cable
VLANS are each "tagged" with 4-byte identifier
Tag Protocol Identifier (TPI)
Tag Control Identifier (TCI)
One VLAN is left untagged --> called the Native VLAN
Voice VLAN
Ethernet Features
Media Access Control
Power over Ethernet (802.3af): Supplies electrical power over Ethernet - requires CAT 5 or higher copper cable, provides 15.4 watts of power
Power over Ethernet plus (PoE+) (802.3at): Provides up to 25.5W of power
Equipment --> Includes "Power Sourcing Equipment" (PSE) and "Powered Device" (PD)
Pins 1, 2, 3, and 6 from PSE provide power through RJ45
Spanning Tree Protocol (STP) (802.1D)
Layer 2 network protocol used to prevent looping within a network topology
Permits redundant links between switches and prevents traffic loops
Availability is measured in 9's --> Five 9's is 99.999% uptime, allows 5 minutes down per year
Shortest Path Bridging (SPB) is used for larger network environments
Helps to prevent broadcast storms which can occur due to loops
STP Routing Concepts:
Root bridge is the switch elected to act as a reference point for a spanning tree
Lowest bridge ID (BID) is elected as root bridge
BID is made up of a priority value and a MAC address
Non-root bridge are all the other switches in an STP topology
Every non-root bridge has a single root port (closest to root bridge or lowest port # if equal)
Every network segment has a designated port (closest to the root bridge)
Non-designated ports are ports that block traffic to create a loop-free topology
STP Port States: Root and non-designated ports are blocking, designated ports are forwarding
Blocking: Bridge Protocol Data Units (BPDUs) are received but they are not forwarded
Used at beginning and on redundant links
Listening: Populates MAC address table and does not forward frames
Learning: Processes BPDUs, switch determines its role
Forwarding: Forwards frames for operations
Disabled: A port that is shutdown
Links Costs are associated with the speed of a link --> lower link speed = higher cost
Ethernet
10 Mbps
100
2,000,000
Fast Ethernet
100 Mbps
19
200,000
Gigabit Ethernet
1 Gbps
4
20,000
10-Gigabit Ethernet
10 Gbps
2
2,000
100-Gigabit
100 Gbps
N/A
200
1000-Gigabit
1 Tbps
N/A
20
Carrier-Sense Multiple Access w/ Collision Detection (CSMA/CD)
Ethernet devices transmit based on a principle called CSMA/CD
Carrier Sense (CS): Listen to the wire, verify it is not busy
Multiple Access (MA): All devices have access at any time
Collision Detect (CD): If two devices transmit at the same time, a collision occurs
Solution is to back off, wait a random time, and try again
Collision Domains: Comprised of all devices on a shared Ethernet segment (same cable or hub)
Devices operate at half-duplex when connected to a hub (layer 1 device)
Devices must listen before they transmit to avoid collisions when operating on CSMA/CD
Switches increase scalability of the network by creating multiple collision domains
Each port on a switch is a collision domain
Switches can operate in full-duplex mode
Address Resolution Protocol (ARP)
Neighbor Discovery Protocol
[2.4] Given a scenario, install and configure the appropriate wireless standards and technologies
802.11 Standards
802.11
2.4 GHz RF
1-2 Mbps
20 ft
802.11a
5 GHz
54 Mbps
25-75 ft
802.11b
2.4 GHz
11 Mbps
150 ft
802.11g
2.4 GHz
54 Mbps
150 ft
802.11n
2.4 / 5 GHz
600 Mbps
175+ ft
802.11ac
5 GHz
1.3 Gbps
115+ ft
802.11ax
2.4 / 5 GHz
14 Gbps
~230 ft
Frequencies and Range
Channels
Channel Bonding
Service Set Identifier (SSID)
Antenna Types
Encryption Standards
Name
Wired Equivalent Privacy
Wi-Fi Protected Access
Wi-Fi Protected Access 2
Wi-Fi Protected Access 3
Encryption
Initialization Vector (IV)
TKIP & RC4
CCMP & AES
AES-CCMP AES-GCMP
Key Size
64/128 bit
128 bit
128 bit
128/256 bit
Integrity
CRC-32
64 bit MIC
CCMP w/ AES
SHA-2
Security
Very Low
Low
High
Very High
Pre-Shared Key: Both AP and client use same encryption key - (problem) scalability is difficult if key is compromised and all clients must know the same password
Wired Equivalent Privacy (WEP): Original 802.11 wireless security standard
Static 40 bit pre shared encryption key --> upgraded to 64 & 128 bit key
Uses 24 bit Initialization Vector (IV)
Brute force attack within minutes using AirCrack-ng and other tools
Wi-Fi Protected Access (WPA): Replaced WEP and its weaknesses
Temporal Key Integrity Protocol (TKIP): 48 bit IV and Rivest Cipher 4 (RC4) used for encryption
Uses Message Integrity Check (MIC) to confirm data was not modified in transit
Enterprise Mode WPA --> Users can be required to authenticate before exchanging keys
Keys between client and AP are temporary
Wi-Fi Protected Access 2 (WPA2): Created as part of IEEE 802.11i standard
Requires stronger encryption and integrity checks
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Integrity checking using the AES cipher to encrypt sensitive data with 128 bit IVs
Supports two modes
(1) personal mode with pre-shared keys
(2) enterprise mode with centralized authentication
Cellular Technologies
Multiple Input, Multiple Output (MIMO)
Multi-User MIMO (MU-MIMO)
Last updated
