2.0 Network Implementations

[2.1] Compare and contrast various devices, their features, and their appropriate placement on the network

Networking Devices

Layer 2 Switch: Layer 2 device used to connect multiple network segments together

Each port on a switch is a separate collision device

  • Essentially a multiport bridge

  • Switches learn MAC addresses and make forwarding decisions based on them

  • Switches analyze source MAC addresses in frames entering a switch for MAC table

  • All ports belong to the same broadcast domain

Layer 3 Switch: Layer 3 device used to connect multiple network segments together

Each port is a separate collision domain and a separate broadcast domain

  • Can make routing decisions and interconnect entire networks like a router

Router: Layer 3 device used to connect multiple networks together

Each port is a separate collision domain and a separate broadcast domain

  • Make forwarding decisions based on logical network address information (IP address)

  • More feature rich and support broader range of interface types than multilayer switches

Hub: Layer 1 device used to connect multiple devices or workstations, aka multiport repeater

All devices connected to a hub are part of the same collision domain!

  • Passive hub: Repeats signal with no amplification

  • Active hub: Repeats signal with amplicficatio

  • Smart hub: Active hub with enhanced features like SNMP

Access Point:

Bridge: Analyze source MAC addresses in frames entering the bridge to populate an internal MAC address table, makes forwarding decisions based on destination MAC address

Bridges create two distinct collision domains

Wireless LAN Controller:

Load Balancer: Distributes incoming requests across various servers in a server farm

  • Also know as content switching on networks

Proxy Server: A specialized device that makes request to an external network on behalf of a client

  • Content Engine or caching engine performs the caching functions of a proxy server

Cable Modem:

DSL Modem

Repeater

Voice Gateway:

Media Converter:

Intrusion Prevention System: Recognizes and responds to malicious activity or attacks

  • Host-based: Splits a host from the rest of a network

  • Network-based: Splits an internal network from another network or the Internet

Intrusion Detection System: Recognizes attacks through signatures and anomalies

Firewall: Network security appliance at the boundary of the network

  • Can be software or hardware

  • Stateful: Allows traffic that originates from inside the network to go out to the Internet and blocks traffic originating from the Internet from getting into the network

VPN Headend:

Unified Threat Management (UTM): Enforces a variety of security-related measures, combining the work of a firewall, malware scanner, and intrusion detection/prevention system

Industrial Control System (ICS): Describes the different type of control systems and associated instrumentation

Supervisory Control and Data Acquisition (SCADA): Acquires and transmits data from different systems to a central plane for monitoring and control

Networked Devices

Voice over Internet Protocol (VoIP) Phone: A hardware device that connects to an IP network to make a connection to a call manager within the network

Internet of Things (IoT) Technologies

  • 802.11

    • Operates as infrastructure or ad hoc

  • Bluetooth

    • Low energy use variant of Bluetooth which allows for a mesh network

  • RFID

    • Uses electromagnetic fields to read data stored in embedded tags

  • NFC

    • Enables 2 devices to communicate within a 4 cm range

  • Infrared (IR)

    • Operates with line of sight

  • Z-Wave

    • Provides short-range, low latency data transfers at rates and power consumption lower than Wi-Fi

    • Used primarily for home automation

  • Ant+

    • Collection and transfer of sensor data

    • Used with remote control systems (tire pressure, TVs, lights)

[2.2] Compare and contrast routing technologies and bandwidth management concepts

Routing

Routing Protocols

  • Local Route Interface [L]

  • Directly Connected [C]

  • Static Route [S]

Routing Internet Protocol (RIP) (Hop Count) [R]

  • IGP > Older distance vector routing protocols which employs hop count as a metric

  • Prevents routing loops by implementing a limit on the number of hops

  • RIPv1 does not support VLSM, but RIPv2 does

Open Shortest Path First (OSPF) (Bandwidth Cost / Link State) [O]

  • IGP > Supports IPv4 and VLSM (Variable Length Subnet Mask)

  • Link-state routing protocol developed for IP networks based of Shortest Path First algorithm

  • Information is flooded throughout the link-state domain

Intermediate System to Intermediate System (IS-IS) (Link State) [I]

  • IGP > Link state protocol using cost based on link speed

  • Functions like OSPF, but not as popular or widely utilized

Enhanced Interior Gateway Routing Protocol (EIGRP) (Bandwidth, Delay, Load, Reliability) [D]

  • IGP > Supports unequal cost load balancing

  • Interior Gateway Routing Protocol (IGRP) (Distance Vector) > older version

  • Advanced distance vector protocol using bandwidth and delay

  • Proprietary Cisco protocol that is popular on Cisco networks

Border Gateway Protocol (BGP) (Path Vector) [B]

  • EGP > Standardized gateway protocol designed to exchange routing and reachability info among "Autonomous Systems" (AS) on the Internet

  • Path vector using the number of autonomous system hops instead of router hops

  • Widespread utilization, runs the backbone of the Internet

Administrative Distances:

Administrative Distances

Bandwidth Management

Traffic Filtering --> Multilayer switches may permit or deny traffic based on IP addresses or application ports - similar to a built-in firewall

Quality of Service (QoS): Mechanism to control traffic and ensure performance by forwarding traffic based on priority markings - dedicated bandwidth, controlled jitter, and lower latency

[2.3] Given a scenario, configure and deploy common Ethernet switching features

Port Configurations

Link Aggregation (802.3ad): The combining of multiple network connections in parallel by any of several methods

Link Aggregation Control Protocol: Standard to combine multiple network connections or physical links to form a single locgical link and enable load balancing on interfaces

  • Increases the total throughput beyond what a single connection could sustain

  • Provides redundancy where all but one of the physical links may fail

  • Bandwidth is increased and the congestion is minimized

  • Link Aggregation Group (LAG): Combined collection of physical ports

Port Monitoring / Mirroring: Helpful to analyze packet flow over a network - port mirroring makes a copy of all traffic destined for a port and sends it to another port

  • Switches require port monitoring for network analyzer to see traffic

VLAN

Virtual Local Area Network (VLAN): Virtualized connection that connects multiple devices and network nodes from different LANs into one logical network

  • Same switches but switch ports can be different

  • Switch ports are in a single broadcast domain

  • Allow you to break out of certain ports to be in different broadcast domains

  • Allow different logical networks to share the same physical hardware

  • Provides added security and efficiency

VLAN Trunking (802.1): IEEE Standard for multiple VLANs being transmitted over the same cable

  • VLANS are each "tagged" with 4-byte identifier

    • Tag Protocol Identifier (TPI)

    • Tag Control Identifier (TCI)

  • One VLAN is left untagged --> called the Native VLAN

Voice VLAN

Ethernet Features

Media Access Control

Power over Ethernet (802.3af): Supplies electrical power over Ethernet - requires CAT 5 or higher copper cable, provides 15.4 watts of power

Power over Ethernet plus (PoE+) (802.3at): Provides up to 25.5W of power

  • Equipment --> Includes "Power Sourcing Equipment" (PSE) and "Powered Device" (PD)

  • Pins 1, 2, 3, and 6 from PSE provide power through RJ45

Spanning Tree Protocol (STP) (802.1D)

Layer 2 network protocol used to prevent looping within a network topology

  • Permits redundant links between switches and prevents traffic loops

  • Availability is measured in 9's --> Five 9's is 99.999% uptime, allows 5 minutes down per year

  • Shortest Path Bridging (SPB) is used for larger network environments

  • Helps to prevent broadcast storms which can occur due to loops

STP Routing Concepts:

  • Root bridge is the switch elected to act as a reference point for a spanning tree

    • Lowest bridge ID (BID) is elected as root bridge

    • BID is made up of a priority value and a MAC address

    • Non-root bridge are all the other switches in an STP topology

  • Every non-root bridge has a single root port (closest to root bridge or lowest port # if equal)

  • Every network segment has a designated port (closest to the root bridge)

  • Non-designated ports are ports that block traffic to create a loop-free topology

STP Port States: Root and non-designated ports are blocking, designated ports are forwarding

  • Blocking: Bridge Protocol Data Units (BPDUs) are received but they are not forwarded

    • Used at beginning and on redundant links

  • Listening: Populates MAC address table and does not forward frames

  • Learning: Processes BPDUs, switch determines its role

  • Forwarding: Forwards frames for operations

  • Disabled: A port that is shutdown

Links Costs are associated with the speed of a link --> lower link speed = higher cost

Ethernet Type
Speed
STP Cost (Original)
STP Cost (New)

Ethernet

10 Mbps

100

2,000,000

Fast Ethernet

100 Mbps

19

200,000

Gigabit Ethernet

1 Gbps

4

20,000

10-Gigabit Ethernet

10 Gbps

2

2,000

100-Gigabit

100 Gbps

N/A

200

1000-Gigabit

1 Tbps

N/A

20

Carrier-Sense Multiple Access w/ Collision Detection (CSMA/CD)

Ethernet devices transmit based on a principle called CSMA/CD

  • Carrier Sense (CS): Listen to the wire, verify it is not busy

  • Multiple Access (MA): All devices have access at any time

  • Collision Detect (CD): If two devices transmit at the same time, a collision occurs

    • Solution is to back off, wait a random time, and try again

Collision Domains: Comprised of all devices on a shared Ethernet segment (same cable or hub)

  • Devices operate at half-duplex when connected to a hub (layer 1 device)

  • Devices must listen before they transmit to avoid collisions when operating on CSMA/CD

  • Switches increase scalability of the network by creating multiple collision domains

    • Each port on a switch is a collision domain

    • Switches can operate in full-duplex mode

Address Resolution Protocol (ARP)

Neighbor Discovery Protocol

[2.4] Given a scenario, install and configure the appropriate wireless standards and technologies

802.11 Standards

IEEE Standards
Frequency
Speed
Range

802.11

2.4 GHz RF

1-2 Mbps

20 ft

802.11a

5 GHz

54 Mbps

25-75 ft

802.11b

2.4 GHz

11 Mbps

150 ft

802.11g

2.4 GHz

54 Mbps

150 ft

802.11n

2.4 / 5 GHz

600 Mbps

175+ ft

802.11ac

5 GHz

1.3 Gbps

115+ ft

802.11ax

2.4 / 5 GHz

14 Gbps

~230 ft

Frequencies and Range

Channels

Channel Bandwidths

Channel Bonding

Service Set Identifier (SSID)

Antenna Types

Encryption Standards

*
WEP
WPA
WPA2
WPA3 *

Name

Wired Equivalent Privacy

Wi-Fi Protected Access

Wi-Fi Protected Access 2

Wi-Fi Protected Access 3

Encryption

Initialization Vector (IV)

TKIP & RC4

CCMP & AES

AES-CCMP AES-GCMP

Key Size

64/128 bit

128 bit

128 bit

128/256 bit

Integrity

CRC-32

64 bit MIC

CCMP w/ AES

SHA-2

Security

Very Low

Low

High

Very High

Pre-Shared Key: Both AP and client use same encryption key - (problem) scalability is difficult if key is compromised and all clients must know the same password

Wired Equivalent Privacy (WEP): Original 802.11 wireless security standard

  • Static 40 bit pre shared encryption key --> upgraded to 64 & 128 bit key

  • Uses 24 bit Initialization Vector (IV)

  • Brute force attack within minutes using AirCrack-ng and other tools

Wi-Fi Protected Access (WPA): Replaced WEP and its weaknesses

  • Temporal Key Integrity Protocol (TKIP): 48 bit IV and Rivest Cipher 4 (RC4) used for encryption

  • Uses Message Integrity Check (MIC) to confirm data was not modified in transit

  • Enterprise Mode WPA --> Users can be required to authenticate before exchanging keys

    • Keys between client and AP are temporary

Wi-Fi Protected Access 2 (WPA2): Created as part of IEEE 802.11i standard

  • Requires stronger encryption and integrity checks

  • Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

    • Integrity checking using the AES cipher to encrypt sensitive data with 128 bit IVs

  • Supports two modes

    • (1) personal mode with pre-shared keys

    • (2) enterprise mode with centralized authentication

Cellular Technologies

Cellular Technologies

Multiple Input, Multiple Output (MIMO)

Multi-User MIMO (MU-MIMO)

Previous1.0 Networking FundamentalsNext3.0 Network Operations

Last updated