Difference between revisions of "Networking"

From Sinfronteras
Jump to: navigation, search
(Configuration más frecuentes using PacketTracer)
(Subnet mask)
 
(140 intermediate revisions by the same user not shown)
Line 1: Line 1:
Instalar versión 6.2 de Packettracer
+
* [[Media:Network_Management_and_High_Availability-Resume_for_the_exam.pdf]]
 +
 
 +
 
 +
<br />
 +
==Resumen para el examen de Network Service Management and Virtualisation==
 +
[//perso.sinfronteras.ws/images/3/32/Resumen_para_el_examen_networking.pdf Media:Resumen para el examen networking.pdf]
 +
 
 +
*DHCP
 +
*DNS
 +
*ARP
 +
*TCP
 +
*HTTP
 +
 
 +
Some important questions that you should know:
 +
 
 +
*A network manager asks you to write down the steps for a DNS query when you open your browser and type www.google.com
 +
*The network manager then asks you to describe the difference between a recursive and iterative query
 +
*What typical transport layer protocol and port does DNS use for DNS lookups
 +
 
 +
<br />
 +
==Wireless and WAN connectivity CA==
 +
<div style="text-align: center;">
 +
<pdf width="2000" height="600">File:Wireless_and_WAN_connectivity-Networking_CA.pdf</pdf>
 +
[[File:Wireless_and_WAN_connectivity-Networking_CA.pdf]]
 +
</div>
 +
 
 +
 
 +
<br />
  
 
==Sistema binario==
 
==Sistema binario==
 
Conversión de un número en el sistema decimal al binario:
 
Conversión de un número en el sistema decimal al binario:
[[File:Decimal2binario.jpg |600px | thumb | center |]]
+
[[File:Decimal2binario.jpg |600px | thumb | center ]]
  
 
Conversión de Binario a decimal:
 
Conversión de Binario a decimal:
[[File:Binario2decimal.jpg |600px | thumb | center |]]
+
[[File:Binario2decimal.jpg |600px | thumb | center ]]
  
 
==Terminología==
 
==Terminología==
'''Protocols:''' Think of protocols as a standard way of communication between a client and a server.
+
 
 +
===Protocols===
 +
Think of protocols as a standard way of communication between a client and a server.
 +
 
 +
===LAN===
 +
A Local Area Network is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. https://en.wikipedia.org/wiki/Local_area_network
 +
 
 +
===WAN===
 +
A Wide Area Network is a telecommunications network or computer network that extends over a large geographical distance. https://en.wikipedia.org/wiki/Wide_area_network
 +
 
 +
===Puertos===
 +
 
 +
*The wireless router’s '''WAN (Internet) port''' (el puerto WAN (Internet) del wireless router).
 +
*The wireless router’s '''LAN (Ethernet) ports'''.
 +
*'''RS-232:'''  is a standard for serial communication transmission of data. https://en.wikipedia.org/wiki/RS-232
 +
 
 +
====Elegir el puerto correcto====
 +
 
 +
*Cuando se conecta un cable a una PC en Packet Tracer, el programa propone (por defecto) conectarlo al puerto '''FastEthernet''', '''USB''' o '''RS-232'''. Hasta ahora hemos estado usando el puerto FastEthernet.
 +
*Cuando se conecta un cable a un Router, PacketTracer propone el puerto '''Internet''' o '''Ethernet'''. Creo que el puerto Internet se usa cuando estamos conectando el Router con una WAN y el Ethernet es para una LAN.
 +
 
 +
===Cables===
 +
 
 +
*As a rule, between different divices we use a straight cable an between same divices a cross-over cable (Creo que el Prof. confirmó esto, no estoy seguro)
 +
*'''Crossover cable:'''
 +
**From a PC to the wireless router’s WAN (Internet) port.
 +
*'''Straight through cable:'''
 +
**From PC to one of the wireless router’s LAN (Ethernet) ports.
  
 
==TCP/IP==
 
==TCP/IP==
Line 18: Line 72:
 
The Internet protocol suite provides end-to-end data communication specifying how data should be packetized, addressed, transmitted, routed, and received. This functionality is organized into four abstraction layers which classify all related protocols according to the scope of networking involved. From highest to lowest, the layers are:
 
The Internet protocol suite provides end-to-end data communication specifying how data should be packetized, addressed, transmitted, routed, and received. This functionality is organized into four abstraction layers which classify all related protocols according to the scope of networking involved. From highest to lowest, the layers are:
  
* '''The application layer:''' it provides process-to-process data exchange for applications. HTTP, FTP, DNS etc.
+
*'''The application layer:''' it provides process-to-process data exchange for applications. HTTP, FTP, DNS etc.
* '''The transport layer:''' handling host-to-host communication. TCP, UDP, etc.
+
*'''The transport layer:''' handling host-to-host communication. TCP, UDP, etc.
* '''The internet (Internetwork) layer:''' providing internetworking between independent networks. IP (IPv4, IPv6), etc.
+
*'''The internet (Internetwork) layer:''' providing internetworking between independent networks. IP (IPv4, IPv6), etc.
* '''Network interface and Hardware [Datalink, Physical] layer:''' containing communication methods for data that remains within a single network segment (link). Ethernet, Wireless, etc.
+
*'''Network interface and Hardware [Datalink, Physical] layer:''' containing communication methods for data that remains within a single network segment (link). Ethernet, Wireless, etc.
  
  
[[File:Ttcp_ip_layers.png |600px | thumb | center |]]
+
[[File:Ttcp_ip_layers.png |600px | thumb | center ]]
  
  
Line 56: Line 110:
 
{| class="wikitable" style="margin: 1em auto 1em auto;"
 
{| class="wikitable" style="margin: 1em auto 1em auto;"
 
|-
 
|-
! colspan="5" | OSI Model
+
! colspan="5" |OSI Model
 
|-
 
|-
! colspan="2" | Layer
+
! colspan="2" |Layer
! [[Protocol data unit]] (PDU)
+
![[Protocol data unit]] (PDU)
! style="width:30em;" | Function
+
! style="width:30em;" |Function
 
|-
 
|-
! rowspan="4" | Host<br />layers
+
! rowspan="4" |Host<br />layers
| style="background:#d8ec9b;" | 7.&nbsp;[https://en.wikipedia.org/wiki/Application_layer Application]
+
| style="background:#d8ec9b;" |7.&nbsp;[https://en.wikipedia.org/wiki/Application_layer Application]
| style="background:#d8ec9c;" rowspan="3" | [[Data (computing)|Data]]
+
| rowspan="3" style="background:#d8ec9c;" |[[Data (computing)|Data]]
| style="background:#d8ec9c;" | <small>High-level [[API]]s, including resource sharing, remote file access
+
| style="background:#d8ec9c;" |<small>High-level [[API]]s, including resource sharing, remote file access
  
 
|-
 
|-
| style="background:#d8ec9b;" | 6.&nbsp;[[Presentation layer|Presentation]]
+
| style="background:#d8ec9b;" |6.&nbsp;[[Presentation layer|Presentation]]
| style="background:#d8ec9b;" | <small>Translation of data between a networking service and an application; including [[character encoding]], [[data compression]] and [[Encryption|encryption/decryption]]</small>
+
| style="background:#d8ec9b;" |<small>Translation of data between a networking service and an application; including [[character encoding]], [[data compression]] and [[Encryption|encryption/decryption]]</small>
  
 
|-
 
|-
| style="background:#d8ec9b;" | 5. [[Session layer|Session]]
+
| style="background:#d8ec9b;" |5. [[Session layer|Session]]
| style="background:#d8ec9b;" | <small>Managing communication [[Session (computer science)|sessions]], i.e. continuous exchange of information in the form of multiple back-and-forth transmissions between two nodes</small>
+
| style="background:#d8ec9b;" |<small>Managing communication [[Session (computer science)|sessions]], i.e. continuous exchange of information in the form of multiple back-and-forth transmissions between two nodes</small>
  
 
|-
 
|-
| style="background:#e7ed9c;" | 4. [[Transport layer|Transport]]
+
| style="background:#e7ed9c;" |4. [[Transport layer|Transport]]
| style="background:#e7ed9c;" | [[Packet segmentation|Segment]] (TCP) / [[Datagram]] (UDP)
+
| style="background:#e7ed9c;" |[[Packet segmentation|Segment]] (TCP) / [[Datagram]] (UDP)
| style="background:#e7ed9c;" | <small>Reliable transmission of data segments between points on a network, including [[Packet segmentation|segmentation]], [[Acknowledgement (data networks)|acknowledgement]] and [[multiplexing]]</small>
+
| style="background:#e7ed9c;" |<small>Reliable transmission of data segments between points on a network, including [[Packet segmentation|segmentation]], [[Acknowledgement (data networks)|acknowledgement]] and [[multiplexing]]</small>
  
 
|-
 
|-
! rowspan="3" | Media<br />layers
+
! rowspan="3" |Media<br />layers
| style="background:#eddc9c;" | 3. [[Network layer|Network]]
+
| style="background:#eddc9c;" |3. [[Network layer|Network]]
| style="background:#eddc9c;" | [[Network packet|Packet]]
+
| style="background:#eddc9c;" |[[Network packet|Packet]]
| style="background:#eddc9c;" | <small>Structuring and managing a multi-node network, including [[Address space|addressing]], [[routing]] and [[Network traffic control|traffic control]]</small>
+
| style="background:#eddc9c;" |<small>Structuring and managing a multi-node network, including [[Address space|addressing]], [[routing]] and [[Network traffic control|traffic control]]</small>
  
 
|-
 
|-
| style="background:#e9c189;" | 2. [[Data link layer|Data link]]
+
| style="background:#e9c189;" |2. [[Data link layer|Data link]]
| style="background:#e9c189;" | [[Frame (networking)|Frame]]
+
| style="background:#e9c189;" |[[Frame (networking)|Frame]]
| style="background:#e9c189;" | <small>Reliable transmission of data frames between two nodes connected by a physical layer</small>
+
| style="background:#e9c189;" |<small>Reliable transmission of data frames between two nodes connected by a physical layer</small>
  
 
|-
 
|-
| style="background:#e9988a;" | 1. [[Physical layer|Physical]]
+
| style="background:#e9988a;" |1. [[Physical layer|Physical]]
| style="background:#e9988a;" | [[Bit]]
+
| style="background:#e9988a;" |[[Bit]]
| style="background:#e9988a;" | <small>Transmission and reception of raw bit streams over a physical medium</small>
+
| style="background:#e9988a;" |<small>Transmission and reception of raw bit streams over a physical medium</small>
  
 
|}
 
|}
Line 100: Line 154:
 
==Introduction to Internetworking and Network equipments==
 
==Introduction to Internetworking and Network equipments==
  
[[File:Internet1.png |500px | thumb | center |]]
+
[[File:Internet1.png |500px | thumb | center ]]
  
  
[[File:Internet2.png |500px | thumb | center |]]
+
[[File:Internet2.png |500px | thumb | center ]]
  
  
Line 125: Line 179:
 
http://www.diffen.com/difference/Router_vs_Switch
 
http://www.diffen.com/difference/Router_vs_Switch
  
[[Mobile Networking course at CCT#Routers|Router]] and [[Mobile Networking course at CCT#Switch|switches]] are both computer networking devices that allow one or more computers to be connected to other computers, networked devices, or to other networks.
+
[[Networking#Routers|Router]] and [[Networking#Switch|switches]] are both computer networking devices that allow one or more computers to be connected to other computers, networked devices, or to other networks.
  
The functions of a [[Mobile Networking course at CCT#Router|routers]], [[Mobile Networking course at CCT#Switch|switch]] and hub are all different, even if at times they are integrated into a '''single device'''.
+
The functions of a [[Networking#Router|routers]], [[Networking#Switch|switch]] and hub are all different, even if at times they are integrated into a '''single device'''.
  
 
Routers can connect wired or wireless (WiFi) networks. A switch is used for wired networking connections.
 
Routers can connect wired or wireless (WiFi) networks. A switch is used for wired networking connections.
Line 143: Line 197:
 
The largest routers (such as the Cisco CRS-1 or Juniper PTX) interconnect the various ISPs, or may be used in large enterprise networks. Smaller routers usually provide connectivity for typical home and office networks. https://en.wikipedia.org/wiki/Router_(computing)
 
The largest routers (such as the Cisco CRS-1 or Juniper PTX) interconnect the various ISPs, or may be used in large enterprise networks. Smaller routers usually provide connectivity for typical home and office networks. https://en.wikipedia.org/wiki/Router_(computing)
  
Al parecer se habla también Wireless Routers. Creo sin embargo que este dispositivo sería un Router equipado con un [[Mobile Networking course at CCT#Access point|AP]] y una tarjeta de red wireless.
+
Al parecer se habla también Wireless Routers. Creo sin embargo que este dispositivo sería un Router equipado con un [[Networking#Access point|AP]] y una tarjeta de red wireless.
  
En el [[Mobile Networking course at CCT#Lab 1: Configuring Wireless Access and Security|Lab 1]] se realiza un modelado de networks en el cual se emplea un Wireless Router. Este Wireless Router podría, por ejemplo, representar el Router que se encuentra integrado en la Box de nuestra home network. En el Lab 1, note que en este Router las configuraciones se ralizan a través de un GUI.
+
En el [[Networking#Lab 1: Configuring Wireless Access and Security|Lab 1]] se realiza un modelado de networks en el cual se emplea un Wireless Router. Este Wireless Router podría, por ejemplo, representar el Router que se encuentra integrado en la Box de nuestra home network. En el Lab 1, note que en este Router las configuraciones se ralizan a través de un GUI.
  
En el [[Mobile Networking course at CCT#Lab 4: Configuring basic router settings with the Cisco IOS CLI|Lab 4: Configuring basic router settings with the Cisco IOS CLI]], se presenta un modelado de network en el cual se emplea un Router Cisco. Note que este tipo de Routers son configuring with the Cisco IOS CLI (línea de comandos).
+
En el [[Networking#Lab 4: Configuring basic router settings with the Cisco IOS CLI|Lab 4: Configuring basic router settings with the Cisco IOS CLI]], se presenta un modelado de network en el cual se emplea un Router Cisco. Note que este tipo de Routers son configuring with the Cisco IOS CLI (línea de comandos).
  
 
===Switch===
 
===Switch===
Line 165: Line 219:
 
For a home environment, most often you have a '''router''', a '''switch''', and an '''AP''' '''''«embedded in one box (into a single device)»''''', making it really usable for this purpose.
 
For a home environment, most often you have a '''router''', a '''switch''', and an '''AP''' '''''«embedded in one box (into a single device)»''''', making it really usable for this purpose.
  
==Wireless networks==
 
  
===Wireless LANs (WLANs)===
+
==IP addressing==
 +
https://www.cloudaccess.net/cloud-control-panel-ccp/157-dns-management/322-subnet-masks-reference-table.html
  
A WLAN is a Wireless Local Area Network, which is the linking of two or more computers without using wires. Instead, radio waves and IEEE 802.11 are used to communicate.
 
  
WLANs use infrared light (IR) or radio frequencies (RFs). The use of RF is far more popular for its longer range, higher bandwidth, and wider coverage.
+
<br />
 +
===IP address===
 +
Dirección IP
  
====Wireless technologies====
 
* PAN/WPAN (Personal Area Network (PAN)/ Wireless Personal Area Network (WPAN)
 
** Bluetooth, IEEE 802.15.4
 
* LAN (Local Area Network)
 
** IEEE 802.11
 
  
 
+
<br />
====WLAN Components====
+
====Classful network====
* '''Wireless Client Receiver:''' it is needed to connect a computing device (e.g. desktop, laptop, PDA…) to the wired networked via an access point. It includes Onboard Cards (most laptops) PCMCIA, PCI card or USB adaptor
+
Clases de public IP addresses: https://www.cloudaccess.net/cloud-control-panel-ccp/157-dns-management/322-subnet-masks-reference-table.html
* '''Access points (APs):''' they are needed only in the Infrastructure Mode of WLANs. They provide the wireless client with a point of access into a network. They are like Ethernet switches in a wired network and operate in '''half-duplex mode''' (e.g. They either receive or transmit at any given time).
 
 
 
 
 
====The WLAN supports four Network Topologies====
 
* Peer-to-peer (Ad hoc) Topology
 
* Hybrid Topology
 
* Infrastructure Topology
 
* Point-to-point Topology
 
 
 
 
 
====802.11 standards====
 
* 802.11 is the generic name of a family of standards for wireless networking.
 
* Popular 802.11 standards include 802.11a, 802.11b, 802.1g, 802.11n, 802.11ac (Newest)
 
 
 
Some EEE 802.11 standards are:
 
  
 
{| class="wikitable"
 
{| class="wikitable"
! Standard      ||Frequency band        ||Max speed
+
!Classe
 +
!Bits de départ
 +
!Début
 +
!Fin
 +
!Notation CIDR
 +
!Masque de sous-réseau par défaut
 
|-
 
|-
|802.11        ||2.4 GHz              ||2 Mbps
+
|'''Classe A'''
 +
|0
 +
| align="right" |0.0.0.0
 +
|127.255.255.255
 +
|/8
 +
|255.0.0.0
 
|-
 
|-
|802.11a        ||5 GHz                ||54 Mbps
+
|''' Classe B'''
 +
|10
 +
|128.0.0.0
 +
|191.255.255.255
 +
|/16
 +
|255.255.0.0
 
|-
 
|-
|802.11b        ||2.4 GHz              ||11 Mbps
+
|'''Classe C'''
 +
|110
 +
|192.0.0.0
 +
|223.255.255.255
 +
|/24
 +
|255.255.255.0
 
|-
 
|-
|802.11g        ||2.4 GHz              ||54 Mbps
+
|'''Classe D''' (multicast)
 +
|1110
 +
|224.0.0.0
 +
|239.255.255.255
 +
|
 +
|non défini
 
|-
 
|-
|802.11n        ||2.4 or 5 GHz          ||600 Mbps
+
|'''Classe E''' (réservée)
|-
+
|1111
|802.11ac      ||5 GHz                ||1 Gbps
+
|240.0.0.0
 +
|255.255.255.255
 +
|
 +
|non défini
 
|}
 
|}
  
====Wireless Security====
 
  
==Para ver las características de las tarjetas de red (network card)==
+
<br />
http://www.linuxnix.com/find-network-cardwiredwireless-details-in-linuxunix/
+
====Private IP Addresses====
 +
IP addresses reservadas para ser usadas como privadas:
 +
10.0.0.0    – 10.255.255.255
 +
172.16.0.0  – 172.31.255.255
 +
192.168.0.0 – 192.168.255.255
  
Tales como: Name of network cards, Network card link status, Network card speeds, Network card MAC address, Network card IP address, Network card driver details, Network card manufacture details, Network card duplex/half duplex details, Network card auto-negotiation details, Complete network card capabilities details, Complete network card hardware details
 
  
sudo lshw -c network
+
<br />
 +
====IP Privado====
  
==Desplegar las características de la conexión a internet==
 
  
===IP address===
+
<br />
Dirección IP
+
=====ifconfig=====
 +
ifconfig
  
====Classful network====
+
Para obtener una nueva dirección IP en Windows se hace:
Clases de direcciones IP
+
ipconfig /release
 +
ipconfig /renew
  
{| class="wikitable"
+
En Linux los comandos análogos son: https://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/
! Classe
 
! Bits de départ
 
! Début
 
! Fin
 
! Notation CIDR
 
! Masque de sous-réseau par défaut
 
|-
 
| '''Classe A'''
 
| 0
 
| align="right" | 0.0.0.0
 
| 127.255.255.255
 
| /8
 
| 255.0.0.0
 
|-
 
|''' Classe B'''
 
| 10
 
| 128.0.0.0
 
| 191.255.255.255
 
| /16
 
| 255.255.0.0
 
|-
 
| '''Classe C'''
 
| 110
 
| 192.0.0.0
 
| 223.255.255.255
 
| /24
 
| 255.255.255.0
 
|-
 
| '''Classe D''' (multicast)
 
| 1110
 
| 224.0.0.0
 
| 239.255.255.255
 
|
 
|non défini
 
|-
 
| '''Classe E''' (réservée)
 
| 1111
 
| 240.0.0.0
 
| 255.255.255.255
 
|
 
| non défini
 
|}
 
  
====IP Privado====
+
To renew or release an IP address for the eth0 interface, enter:
 +
sudo dhclient -r
 +
sudo dhclient
  
=====ifconfig=====
 
ifconfig
 
  
 +
<br />
 
====IP Público====
 
====IP Público====
 
  curl ipinfo.io/ip
 
  curl ipinfo.io/ip
  
 +
 +
<br />
 +
====Command-line to list DNS servers used by my system====
 +
https://askubuntu.com/questions/152593/command-line-to-list-dns-servers-used-by-my-system
 +
 +
nmcli device show <interfacename> | grep IP4.DNS
 +
 +
 +
<br />
 +
====Para desplegar el IP de la geteway====
 +
route -n
 +
 +
 +
<br />
 
===Subnet mask===
 
===Subnet mask===
 +
https://www.cloudaccess.net/cloud-control-panel-ccp/157-dns-management/322-subnet-masks-reference-table.html
 +
 +
 
<span style="background:#00FF00">IP/Subnet Calculator:</span>  
 
<span style="background:#00FF00">IP/Subnet Calculator:</span>  
* http://jodies.de/ipcalc  (Éste me pareció excelente)
+
 
* http://www.subnet-calculator.com/  (Éste no me gustó pero tiene una pestaña que permite seleccionar la Subnet Mask. En ella se presentan las Subnets comúnmente usadas.
+
*http://jodies.de/ipcalc  (Éste me pareció excelente)
 +
*http://www.subnet-calculator.com/  (Éste no me gustó pero tiene una pestaña que permite seleccionar la Subnet Mask. En ella se presentan las Subnets comúnmente usadas.
  
 
La subnet mask que generalmente he estado usando para los ejemplos es la 255.255.255.0 (/24). Esta subnet mask indica que los primeros 24 bits de una IP deben ser iguales para pertenecer a la misma subnet. Esta en particular es muy fácil, y se puede ver fácilmente el rango de IP's que define. Por ejemplo:
 
La subnet mask que generalmente he estado usando para los ejemplos es la 255.255.255.0 (/24). Esta subnet mask indica que los primeros 24 bits de una IP deben ser iguales para pertenecer a la misma subnet. Esta en particular es muy fácil, y se puede ver fácilmente el rango de IP's que define. Por ejemplo:
  
* Si tenemos: 172.17.0.1/24, podemos fácilmente saber que: ( Ver http://jodies.de/ipcalc )
+
*Si tenemos: 172.17.0.1/24, podemos fácilmente saber que: ( Ver http://jodies.de/ipcalc )
<syntaxhighlight lang="">
+
<syntaxhighlight lang="shell">
 
Address:  172.17.0.1            10101100.00010001.00000000 .00000001
 
Address:  172.17.0.1            10101100.00010001.00000000 .00000001
 
Netmask:  255.255.255.0 = 24    11111111.11111111.11111111 .00000000
 
Netmask:  255.255.255.0 = 24    11111111.11111111.11111111 .00000000
Line 304: Line 348:
  
  
* Ahora, en el caso de 172.17.0.1/27, las cosas no son tan evidentes:  
+
*Ahora, en el caso de 172.17.0.1/27, las cosas no son tan evidentes:
<syntaxhighlight lang="">
+
<syntaxhighlight lang="shell">
 
Address:  172.17.0.1            10101100.00010001.00000000.000 00001
 
Address:  172.17.0.1            10101100.00010001.00000000.000 00001
 
Netmask:  255.255.255.224 = 27  11111111.11111111.11111111.111 00000
 
Netmask:  255.255.255.224 = 27  11111111.11111111.11111111.111 00000
Line 318: Line 362:
  
  
* 172.17.0.1/30
+
*172.17.0.1/30
<syntaxhighlight lang="">
+
<syntaxhighlight lang="shell">
 
Address:  172.17.0.1            10101100.00010001.00000000.000000 01
 
Address:  172.17.0.1            10101100.00010001.00000000.000000 01
 
Netmask:  255.255.255.252 = 30  11111111.11111111.11111111.111111 00
 
Netmask:  255.255.255.252 = 30  11111111.11111111.11111111.111111 00
Line 331: Line 375:
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 +
 +
<br />
 
====Definición de una subred====
 
====Definición de una subred====
 
A través de la Máscara de subred se define que IPs forman parte del la misma Red (directa)  
 
A través de la Máscara de subred se define que IPs forman parte del la misma Red (directa)  
  
[[File:Same_network1.jpg |600px | thumb | center |]]
+
[[File:Same_network1.jpg |600px | thumb | center ]]
  
[[File:seme_network2.jpg |600px | thumb | center |]]
+
[[File:seme_network2.jpg |600px | thumb | center ]]
  
 
La notación 192.160.136.4/24 define una máscara de subred en donde los primeros 24 bits son 1 --> 255.255.255.0
 
La notación 192.160.136.4/24 define una máscara de subred en donde los primeros 24 bits son 1 --> 255.255.255.0
 +
 +
 +
<br />
 +
====Calculating the number of hosts based on the subnet mask====
 +
For example, for a subnet mask of 20:
 +
2**(32-20) - 2 = 4094
 +
-2 is becuse the first one is the network address and the last one the broadcast address.
 +
 +
 +
<br />
  
 
===Network address===
 
===Network address===
  
 +
 +
<br />
 
===Broadcast address===
 
===Broadcast address===
 
https://www.techopedia.com/definition/2384/broadcast-address
 
https://www.techopedia.com/definition/2384/broadcast-address
  
 +
 +
<br />
 
===Gateway===
 
===Gateway===
 
El comando route: http://www.thegeekstuff.com/2012/04/route-examples
 
El comando route: http://www.thegeekstuff.com/2012/04/route-examples
 
  route
 
  route
  
 +
 +
<br />
 
===Internet speed===
 
===Internet speed===
 
https://askubuntu.com/questions/104755/how-to-check-internet-speed-via-terminal
 
https://askubuntu.com/questions/104755/how-to-check-internet-speed-via-terminal
Line 359: Line 421:
 
o instalar el programa usado en la linea de comando anterior (speedtest-cli) como se explica aquí:
 
o instalar el programa usado en la linea de comando anterior (speedtest-cli) como se explica aquí:
 
https://fossbytes.com/test-internet-speed-linux-command-line/
 
https://fossbytes.com/test-internet-speed-linux-command-line/
 +
 +
sudo apt-get install speedtest-cli
 +
 +
OR
  
 
  sudo apt-get install python-pip
 
  sudo apt-get install python-pip
Line 375: Line 441:
 
  wget -O /dev/null http://speedtest.wdc01.softlayer.com/downloads/test10.zip
 
  wget -O /dev/null http://speedtest.wdc01.softlayer.com/downloads/test10.zip
  
 +
 +
<br />
 
===Desplegar la ruta de un paquete enviado en Internet===
 
===Desplegar la ruta de un paquete enviado en Internet===
 
El comando traceroute permite optener la ruta de un paquete enviado.
 
El comando traceroute permite optener la ruta de un paquete enviado.
Line 381: Line 449:
 
En el ejemplo anterio podemos ver que el paquete pasa por el IP 109.255.255.254 (que debería ser el Gateway de mi ISP). En la página que muestro a continuación se pude ver que dicho IP pertenece a mi ISP y está ubicado en Cork.
 
En el ejemplo anterio podemos ver que el paquete pasa por el IP 109.255.255.254 (que debería ser el Gateway de mi ISP). En la página que muestro a continuación se pude ver que dicho IP pertenece a mi ISP y está ubicado en Cork.
  
 +
 +
<br />
 
===Who is my ISP===
 
===Who is my ISP===
 
Este sitio muestra ISP: https://www.whoismyisp.org/
 
Este sitio muestra ISP: https://www.whoismyisp.org/
  
==Network simulation using Cisco-PacketTracer==
 
  
===Cisco - PacketTracer===
+
<br />
El paquete (Linux or Windows) se descarga de la página oficial de Cisco (netacad): https://www.netacad.com/group/offerings/packet-tracer
+
 
 +
==WAN (Wide Area Network)==
 +
A '''Wide Area Network''' is a telecommunications network or computer network that extends over a large geographical distance.
 +
 
 +
'''Purpose of WANs:'''
 +
 
 +
*WANs connect LANs.
 +
*WANs connect home users to the Internet.
 +
*WANs are used to connect remote sites to the enterprise network.
 +
**Enterprise networks are using security and privacy solutions over the Internet to connect remote sites and users.
 +
 
 +
 
 +
'''Common WAN topologies are:'''
 +
 
 +
*'''Point-to-Point:''' Typically a '''dedicated leasedline connection''' (such as '''T1/E1''')
 +
**'''T1 (1.544 MB/s)''' and '''E1 (2.048 MB/s)''' are examples of synchronous TDM serial connections. (Note: T1 is the standard for the U.S and E1 is the standard for Europe). An E1 contains 32 DS0’s
 +
 
 +
*'''Hub-and-Spoke:''' A single-homed, point-tomultipoint topology where a single interface on the hub router can be shared with multiple spoke routers through the use of virtual interfaces
 +
 
 +
*'''Full Mesh:''' Each router has a connection to every other router; requires a large number of virtual interfaces
 +
 
 +
*'''Dual-homed:''' Provides redundancy for a single-homed, hub-and-spoke topology by providing a second hub to connect to spoke routers
 +
 
 +
 
 +
'''Two way that a business can get WAN access:'''
 +
 
 +
*Private WAN Infrastructure: The business negotiates for dedicated or switched WAN access with a service provider.
 +
*Public WAN Infrastructure: WAN access is achieved through the Internet using broadband connections.
 +
**In this case, VPNs (virtual private networks) are used to secure the connections.
 +
 
 +
'''Private WAN Infrastructure:'''
 +
 
 +
*'''Ethernet WAN''' (Known as '''Metropolitan Ethernet (MetroE)''', '''Ethernet over MPLS (EoMPLS)''')
 +
*'''Multiprotocol Label Switching (MPLS)''' is a multiprotocol high-performance WAN technology that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table.
 +
 
 +
::MPLS allows most packets to be forwarded at Layer 2 (the switching level) rather than having to be passed up to Layer 3 (the routing level).
 +
::With MPLS, the Layer 3 header analysis is done just once (when the packet enters the MPLS domain). Label inspection drives subsequent packet forwarding.
 +
::MPLS provides these beneficial applications:
 +
:::Virtual Private Networking (VPN)
 +
:::Traffic Engineering (TE)
 +
:::Quality of Service (QoS)
 +
 
 +
'''Public WAN Infrastructures:'''
 +
 
 +
*'''DSL (Digital Subscriber Line)'''
 +
**A DSL modem converts an Ethernet signal from the user device to a DSL signal, which is transmitted to the central office.
 +
*'''Cable:''' Network access is available from some cable television networks.
 +
*'''3G/4G Wireless''' Abbreviation for 3rd generation and 4th generation cellular access.
 +
 
 +
*Public WANs rely on '''VPNs''' for securing data between private networks as it crosses a public network, such as the Internet.
 +
**Two types of VPN:
 +
***Site-to-site VPNs
 +
***Remote-access VPNs
 +
 
 +
==Routing==
 +
 
 +
*When a packet enters a router, how does it know where to send it?
 +
 
 +
:*The router first read the packet information:
 +
::*TTL: if this field remains greater than 0, the router forwards the packet, otherwise it discards it.
 +
::*Destination IP
 +
:*Then, the router look for its routing tables. The destination network of the IP packet have to be stored in its routing tables so the router can determine where to send it, otherwise it discards it.
 +
:*Based in the information read, the routing protocol
 +
 
 +
*What information does the router need to already have to send it?
 +
 
 +
:
 +
 
 +
*How do routers get this information?
 +
 
 +
:
 +
 
 +
*How long do they store it?
 +
 
 +
:
 +
 
 +
*What information does the router modify in the packet?
 +
 
 +
:
 +
 
 +
 
 +
The main purpose of a router if to '''route IP packets'''. The router decides what to do with the packet (discards it or forward it (and in this case where to forward it)) based on:
 +
 
 +
*The information stored in the '''IP packet header''', and
 +
*The Routing table (routing information base) stored in a router.
 +
 
 +
'''IP packet'''
 +
 
 +
An IP packet consists of a '''header section''' and a '''data section'''.
 +
 
 +
The '''IPv4 packet header''' consists of 14 fields, of which 13 are required. The 14th field is optional and aptly named: options.
  
La versión 6.2 puede ser descargada aquí: https://arief-jr.blogspot.ie/2016/01/download-cisco-packet-tracer-62-for.html
+
Una buena explicación del '''IPv4 packet header''' se encuentra en https://en.wikipedia.org/wiki/IPv4#Header
  
Creé una cuenta en Cisco para poder tener acceso a PacketTracer. Contraseña: Aa1640774200
+
The fields in an IPv4 packet header are:
  
Packet Tracer is a powerful network simulation program which allows students to experiment with network behavior. It supplements physical equipment in the classroom by allowing students to create a network with an almost unlimited number of devices, encouraging practice, discovery and troubleshooting.
+
*'''Version''' identifies the IP version to which the packet belongs. E.g. IPv4.
 +
*'''Header Length''' describes the length of the IP header in 32-bit words. The minimum length of the IP header is 20 octets.
 +
*'''Type of Service''' is used to specify special handling of the packet. This field can be divided into two subfields:
 +
**Precedence: Sets a priority for the packet.
 +
**TOS: Allows the selection of a delivery service in terms of throughput, delay, reliability.
 +
*'''Total Length''' describes the total length of the packet in octets.
 +
*'''Identifier''' is used in conjunction with the Flags and Fragment Offset fields for fragmentation of a packet.
 +
*'''Flags''' field has the first bit as unused. The second bit is the Don't Fragment (DF) bit.The third bit is the More Fragments (MF) bit indicating if the fragment is the last one or not.
 +
*'''Fragment Offset''' specifies the offset, in units of eight octets, from the beginning of the header to the beginning of the fragment.
  
====Intalación en Ubuntu====
+
*'''time-to-live (TTL):'''
https://gabstutorials.wordpress.com/2017/06/15/install-and-configure-packet-tracer-7-on-ubuntu-16-04/
 
  
sudo ~/Downloads/PacketTracer70/./install
+
:http://searchnetworking.techtarget.com/definition/time-to-live
  
Luego de instalarlo encontré el error descrito y solucionado aquí: https://forum.ubuntu-fr.org/viewtopic.php?id=2014677
+
:Time-to-live (TTL) is a value in an Internet Protocol (IP) packet that tells a network router whether or not the packet has been in the network too long and should be discarded. In IPv6 the TTL field in each packet has been renamed the hop limit.
  
J'ai complété l'installation du logiciel puis j'ai essayé de me rendre dans le tableau de bord( dash) pour y trouver le logiciel où il ne se trouvait pas.
+
:An IP TTL is set initially by the system sending the packet. It can be set to any value between 1 and 255; different operating ystems set different defaults. Each router that receives the packet subtracts at least 1 from the count; if the count remains greater than 0, the router forwards the packet, otherwise it discards it and sends an Internet Control Message Protocol.
Par ligne de commande, j'ai essayé de taper :
 
packettracer
 
et cela me dit simplement: "Starting Packet Tracer 7.1" et ne fait plus rien ensuite.  
 
  
Donc tu ouvres un beau terminal, et tu lances :
+
*'''Protocol''' describes Transport Layer protocol for which the information in the IP packet is destined.
 +
*'''Header Checksum''' is the error detection field for the IP header. The checksum is not calculated for the Data inside IP packet.
 +
*'''Source Address''' is the address of the originator of the packet.
 +
*'''Destination Address''' is the address of the destination of the packet.
 +
*'''Options''' field is an optional field used primarily for testing .
 +
*'''Padding''' is used to ensure that the IP header ends on a 32-bit boundary by adding zeros after the Options field.
  
/opt/pt/bin/PacketTracer7
 
  
Quand j'accède au fichier pour
+
From the IP packet header, the router is particularly interested in:
./PacketTracer7: error while loading shared libraries: libQt5Script.so.5: cannot open shared object file: No such file or directory
 
  
Instalar:
+
*'''TTL:'''
libqt5script5
+
**if TTL > 0 :
 +
***TTL = TTL - 1;
 +
***The router will try to forward the packet.
 +
**Else : the packet will be descarted.
  
Je viens de le faire mais à l'instant mais ça ne résous pas mon cas,
+
*'''Destination Address:''' To determine (using the Routing table) where to forward the packet.
  
je suis retourné voir le fichier /opt/pt/bin/PacketTracer7 et quand je l'ouvre, il m'indique qu'il me manque la librairie : " libQt5ScriptTools.so.5"
+
It is also important to note that as a packet travels from one networking device to another:
j'ai donc essayé de refaire la même chose que précédemment en l'adaptant à la librairie , donc je tape :
 
  
sudo apt-get install  libqt5scripttools5
+
*The Source and Destination IP addresses NEVER change.
 +
*The Source & Destination MAC addresses CHANGE as packet is forwarded from one router to the next.
  
Et maintenant, ça fonctionne quand je vais chercher le fichier /usr/pt/bin/PacketTracer7
 
  
Luego para porder launch a través de packettracer in a terminal:
+
'''The Routing table (routing information base)'''
sudo ln -s /opt/pt/bin/PacketTracer7 /usr/local/bin/packettracer
 
  
===Terminología===
+
It's a data table stored in a router that lists the routes (las rutas) to particular network destinations, and in some cases, metrics (distances) associated with those routes.
  
====WAN====  
+
A routing table is basically a list of IP Addresses of the NETWORKS that this particular router knows. For each Network IP address there are other information that the Router uses to know where to forward a packet that have to reach a particular Network.
A Wide Area Network is a telecommunications network or computer network that extends over a large geographical distance. https://en.wikipedia.org/wiki/Wide_area_network
+
 
 +
A routing table looks like this: https://en.wikipedia.org/wiki/Routing_table#Contents_of_routing_tables
 +
 
 +
If we take, for example, one of the Networks listed in the routing table shown for the «show ip route» of the IOS CLI:
 +
 
 +
*'''R  192.19.3.0/27  [120/2]  via 172.17.0.2, 00:00:26, Serial0/0/0'''
 +
**'''R:''' RIP - Protocol used to generate this route.
 +
**'''C:''' Directly connected network
 +
**'''S:''' Static - Ruta ingresada manualmente (Static routing)
 +
*'''192.19.3.0/27:''' Netword Destination address and Netmask
 +
*'''via 172.17.0.2:''' This is the IP Adress of the interface of the Router attached through which the network can be reached.
 +
 
 +
:'''Gateway''' or '''Next hop''': it points to the gateway through which the network can be reached.
 +
 
 +
*'''Serial0/0/0''' is the interface of the current Router that is attached to the gateway. That is, Serial0/0/0 is connected to 172.17.0.2
 +
*'''120: ''' is the [[Networking#the Administrative Distance (AD)|Administrative Distance]]
 +
 
 +
[[File:Networks1.png|600px|thumb|center|Network diagram]]
 +
 
 +
[[File:Networks2.png|600px|thumb|center|Network diagram (zoom)]]
 +
 
 +
[[File:Routing_table.png|600px|thumb|center|Routing table (show ip route)]]
 +
 
 +
[[File:Interface_brief.png|600px|thumb|center|Show ip interface brief]]
 +
 
 +
===Static routing===
 +
 
 +
===Dynamic routing===
 +
Many IP routing protocols exist. However, they all have some core features in common:
 +
 
 +
*Learn routing information about IP subnets from other neighboring routers (discovery of remote networks).
 +
*If a router learns of more than one router to reach one subnet, choose the best route based on that routing protocol’s concept of a '''metric (choose the best path)'''
 +
*React to changes when the network topology changes e.g. when a link fails, and converge to use a new choice of best route for each destination subnet.
 +
*'''Advertise routing information''' about IP subnets to other neighboring routers.
 +
 
 +
'''Routing Table Structure:'''
 +
 
 +
*A '''directly connected network''' is a network that is directly attached to one of the router interfaces.
 +
**When a router interface is configured with an IP address and subnet mask, the interface becomes a host on that attached network.
 +
**The network address and subnet mask of the interface, along with the interface type and number, are entered into the routing table as a directly connected network.
 +
**When a router forwards a packet to a host, such as a web server, that host is on the same network as a router's directly connected network.
 +
 
 +
*A '''remote network''' is a network that is not directly connected to the router.
 +
**Remote networks are added to the routing table using either a dynamic routing protocol or by configuring static routes.
 +
 
 +
*The '''network/exit-interface'''  is the address of the local interface or the interface name that is in that network.
 +
 
 +
 
 +
====Example of routing protocols====
 +
 
 +
*'''RIP'''  (Routing Information Protocol)
 +
*'''EIGRP''' (Enhanced Interior Gateway Routing Protocol)
 +
*'''OSPF'''  (Open Shortest Path First)
 +
 
 +
EIGRP is a Cisco proprietary routing protocol, whereas all other routing protocols listed are standard, non-proprietary protocols.
 +
 
 +
====Administrative Distance (AD)====
 +
In some cases, internetworks use Multiple Routing Protocols. In such cases, a router learns of multiple routes to a particular subnet using different routing protocols. Which will be used? '''AD''' is used to rank routing protocols. '''AD''' is an integer from 0 to 255 that rates the trustworthiness of the source of the IP routing information.
 +
 
 +
{| class="wikitable"
 +
!Route Source||Administrative Distance
 +
|-
 +
|Connected routes||0
 +
|-
 +
|Static routes||1
 +
|-
 +
|OSPF||110
 +
|-
 +
|IS-IS||115
 +
|-
 +
|RIP (V1 and V2)||120
 +
|-
 +
|Unknown/Unbelievable||255
 +
|}
 +
 
 +
 
 +
<br />
 +
====Open Shortest Path First (OSPF)====
 +
 
 +
*OSPF is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs)
 +
 
 +
*OSPF is a widely used IGP in large enterprise networks.
 +
 
 +
 
 +
*'''Determining the shortest path:'''
 +
 
 +
:*The shortest path to a destination is found by accumulating (adding) the calculated '''costs''' to the destination network.
 +
:*Once SPF has identified a route, OSPF calculates the '''metric''' for a route as follows: The sum of the '''OSPF interface costs''' for all outgoing interfaces in the route.
 +
 
 +
[[File:OSPF-Determining_the_shortest_path.png|700px|thumb|center|]]
 +
 
 +
 
 +
<br />
 +
 
 +
==Ethernet==
 +
It's the the dominant Local Area Network (LAN) technology.
 +
 
 +
In the mid 1980s, the Institute of Electrical and Electronic Engineers (IEEE) published a formal standard for Ethernet, defined as the: '''IEEE 802.3''' Standard.
 +
 
 +
Ethernet is not one networking technology, but a family of networking technologies that includes:
 +
 
 +
*Legacy, Fast Ethernet and
 +
*Gigabit Ethernet
 +
 
 +
Over the years Ethernet has evolved and many different variations exist, many of these carried over different physical cables.
 +
This means that there are a number of different IEEE802.3 standards.
 +
 
 +
Ethernet standard spans the Physical and Data Link Layers: '''Referred to as a Layer Two Protocol'''
 +
 
 +
*The Media Access Control Layer is responsible for deciding when a host should transmit.
 +
*The Logical Link Control Layer is responsible for setting up and controlling the link.
 +
 
 +
[[File:Ethernet_layers.png|600px|thumb|center|]]
 +
 
 +
 
 +
'''Ethernet Standards:''' Some startards are:
 +
 
 +
*802.3u (Fast Ethernet)
 +
*802.3z (1000BASE-X Gbit/s Ethernet over Fiber-Optic at 1 Gbit/s)
 +
 
 +
Major categories of Ethernet have also been organized by their speed:
 +
 
 +
*Ethernet (10Mbps)
 +
*Fast Ethernet (100Mbps)
 +
*Gigabit Ethernet
 +
*10 Gigabit Ethernet
 +
 
 +
'''Ethernet II Frame (also known as DIX):'''
 +
 
 +
*Maximum frame size possible = 1518 bytes
 +
*Minimum valid frame size = 64 bytes
 +
 
 +
[[File:Ethernet_II_frame.png|800px|thumb|center|]]
 +
 
 +
 
 +
'''Ethernet Types:'''
 +
{| class="wikitable"
 +
!Type||Value
 +
|-
 +
|IPv4||0800
 +
|-
 +
|IPv6||86DD
 +
|-
 +
|VLAN||8100
 +
|-
 +
|ARP||0806
 +
|}
 +
 
 +
 
 +
<br />
 +
==Wireless networks==
 +
'''Wireless Technologies:'''
 +
 
 +
*PAN/WPAN (Personal Area Network (PAN)/wireless personal area network (WPAN)
 +
**Bluetooth, IEEE 802.15.4
 +
 
 +
*LAN (Local Area Network)
 +
**IEEE 802.11
 +
 
 +
*MAN (Metropolitan Area Network)
 +
**IEEE 802.11, IEEE 802.16, IEEE 802.20
 +
 
 +
*WAN (Wide Area Network)
 +
**GSM, CDMA, Satelite, 3G, LTE
 +
 
 +
Note que algunos de estos términos (notablemente LAN y WAN) son empleados no sólo en Wireless technologies. Podemos, por supuesto, hablar de Wired LAN or Wired WAN.
 +
 
 +
===What wireless channel and frequency is a Network on===
 +
Using the software LinSSID, we performed a scan of the wireless networks in my house. In Figures are shown the results for 2.5GHz Channels. We can see our home network (iptime) is on channel 6 and its frequency is 2.437GHz:
 +
 
 +
XXXXXXXXXXXXXXXXXXX
 +
 
 +
===What version of IP address do clients on the network receive fromt he ISP===
 +
 
 +
*Where did you receive this IP address from?
 +
 
 +
In order to know what version of IP address receive clients on the network, we need to know the public IP address, which is the IP address provided for the ISP. The public IP address can be displays with a simple Google search.That is, entering “My IP address on our web search engine. There are many Web sites that are able to provide the public IP. In Fig. 3.4 is shown the result obtained in my case.The Linux command«curl»provide another way of knowing the public IP address:
 +
 
 +
curl  ipinfo.io/ip
 +
 
 +
The results show that clients on the network receive IPv4 from the ISP.
 +
 
 +
 
 +
===Wireless LANs (WLANs)===
 +
A WLAN is a Wireless Local Area Network, which is the linking of two or more computers without using wires. Instead, radio waves and IEEE 802.11 are used to communicate.
 +
 
 +
WLANs use infrared light (IR) or radio frequencies (RFs). The use of RF is far more popular for its longer range, higher bandwidth, and wider coverage.
 +
 
 +
Wireless LAN have to operate in the ISM (Industrial Scientific Medical) band.
 +
 
 +
Wireless LANs Primarily operate in the '''2.4Ghz (2.401 - 2.483)''' & '''5Ghz (5.470 - 5.725)''' frequency ranges. Basically a Higher frequency result in a greater speed but in a shorter range. That means 5Ghz waves cannot travel such great distances as 2.4Ghz waves but can carry more data. Also, the 5Ghz frequency is shared with less other unlicenced equipment.
 +
 
 +
Because the wireless transmission medium is shared, it is not possible to transmit in the exact same frequency without collisions (interference). The solution is to devide the ISM band into channels and map each WLAN/SSID on a single channel.
 +
 
 +
The 2.4 GHz range is devided into 11 channels. Each channel of 22MHz bandwidth (because we need 22MHz to transmit 54 Mbps in 802.11g) y una separación de 5MHz entre cada channel.
 +
 
 +
The most common arrangement is to use only channels 1, 6, and 11, which do not overlap with each other at all.
 +
 
 +
The 5-GHz (U-NII) band is much more flexible in this regard because it has many more non-overlapping channels available. In fact, all channels are spaced such that they will not overlap each other. Each U-NII channel is 20 MHz wide. With all four U-NII bands set aside for wireless LANs, a total of 23 non-overlapping channels are available.
 +
 
 +
====Wireless technologies====
 +
 
 +
*PAN/WPAN (Personal Area Network (PAN)/ Wireless Personal Area Network (WPAN)
 +
**Bluetooth, IEEE 802.15.4
 +
 
 +
*LAN (Local Area Network)
 +
**IEEE 802.11
 +
 
 +
====WLAN Components====
 +
 
 +
*'''Wireless Client Receiver:'''
 +
 
 +
:It is needed to connect a computing device (e.g. desktop, laptop, PDA…) to the wired networked via an access point. It includes Onboard Cards (most laptops) PCMCIA, PCI card or USB adaptor
 +
 
 +
*'''Access points (APs):'''
 +
 
 +
:They are needed only in the Infrastructure Mode of WLANs. They provide the wireless client with a point of access into a network. They are like Ethernet switches in a wired network and operate in '''half-duplex mode''' (e.g. They either receive or transmit at any given time).
 +
 
 +
*'''Wireless repeater:'''
 +
 
 +
:A wireless repeater (also called wireless range extender) takes an existing signal from a wireless router or wireless access point and rebroadcasts it to create a second network. When two or more hosts have to be connected with one another over the IEEE 802.11 protocol and the distance is too long for a direct connection to be established, a wireless repeater is used to bridge the gap. The throughput for client devices will be low because each repeater must receive and re-transmit each packet.
 +
 
 +
*'''Wireless bridge:'''
 +
 
 +
:A wireless bridge is a device used for connecting two or more network separated physically, operating on the 802.11 standard.
 +
 
 +
====The WLAN supports four Network Topologies====
 +
 
 +
*Peer-to-peer (Ad hoc) Topology: <div id="adhoc"></div>An ad hoc network is a type of temporary computer-to-computer connection. In ad hoc mode, you can set up a wireless connection directly to another computer without having to connect to a Wi-Fi access point or router.
 +
*Hybrid Topology:
 +
*Infrastructure Topology: All devices are connected to an access point.
 +
*Point-to-point Topology: When we have two different networks connected by a Wirelless bridge.
 +
 
 +
====802.11 standards====
 +
802.11 is the generic name of a family of standards for wireless networking. The numbering system for 802.11 comes from the IEEE (a nonprofit professional organization), who uses “802” for many networking standards like Ethernet (802.3).
 +
 
 +
The 802 committee supports in this model the LLC (logical link control), the MAC (media access control) and PHY (physical layers).
 +
 
 +
Popular 802.11 standards include 802.11a, 802.11b, 802.1g, 802.11n, 802.11ac (Newest)
 +
 
 +
Some EEE 802.11 standards are:
 +
 
 +
{| class="wikitable"
 +
!Standard||Release Date||Frequency band||Max speed (Data Rate)||Max range||Comments
 +
|-
 +
|802.11||1997||2.4 GHz||2 Mbps||Undefined||Legacy
 +
|-
 +
|802.11a||1999||5 GHz||54 Mbps||50m||Not compatible with b, g / Expensive / Modulation: OFDM
 +
|-
 +
|802.11b||1999||2.4 GHz||11 Mbps||100m||First 2.4 GHz Technology / Modulation: DSSS
 +
|-
 +
|802.11g||2003||2.4 GHz||54 Mbps||100m||Backward compatible with b / Shares range with b / Modulation: OFDM, DSSS
 +
|-
 +
|802.11n||2011||2.4 or 5 GHz||600 Mbps||300m||Modulation: OFDM
 +
|-
 +
|802.11ac||2014||5 GHz||1.3 Gbps||300m||Newest Standard
 +
|}
 +
 
 +
====Wireless Security====
 +
'''Why secure the WLAN?'''
  
====LAN====
+
*Firstly, if someone manages to hack into your WLAN, they are stealing your bandwidth.
A Local Area Network is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. https://en.wikipedia.org/wiki/Local_area_network
+
*Worse, anyone on your WLAN will be using the same Internet protocol (IP) address as you. To others on the Internet they appear to be you.
  
====Puertos====
+
'''What security can you get now?'''
* The wireless router’s '''WAN (Internet) port''' (el puerto WAN (Internet) del wireless router).
 
* The wireless router’s '''LAN (Ethernet) ports'''.
 
* '''RS-232:'''  is a standard for serial communication transmission of data. https://en.wikipedia.org/wiki/RS-232
 
  
=====Elegir el puerto correcto=====
+
*The first being to change the default settings of your Access point:
* Cuando se conecta un cable a una PC en Packet Tracer, el programa propone (por defecto) conectarlo al puerto '''FastEthernet''', '''USB''' o '''RS-232'''. Hasta ahora hemos estado usando el puerto FastEthernet.
 
* Cuando se conecta un cable a un Router, PacketTracer propone el puerto '''Internet''' o '''Ethernet'''. Creo que el puerto Internet se usa cuando estamos conectando el Router con una WAN y el Ethernet es para una LAN.
 
  
====Cables====
+
:*The most important is the '''[[Networking#Service set|Extended Service Set Identification (ESSID)]] (Network Name)'''
* As a rule, between different divices we use a straight cable an between same divices a cross-over cable (Creo que el Prof. confirmó esto, no estoy seguro)
 
* '''Crossover cable:'''
 
** From a PC to the wireless router’s WAN (Internet) port.
 
* '''Straight through cable:'''
 
** From PC to one of the wireless router’s LAN (Ethernet) ports.
 
  
===Configuration más frecuentes using PacketTracer===
+
::*You can configure the AP so that it doesn't broadcast (para que no muestre) the '''ESSID'''.
* '''IP configuration on a PC:''' Click on the desktop tab, then selecting the IP configuration icon.
 
* '''Verify connectivity settings:''' On a PC, verify the connectivity settings by going to Desktop and clicking on command prompt. At the command prompt, type the command:
 
:: '''ipconfig''' : To view your network device information.
 
:: '''ipconfig /release''' :
 
:: '''ipconfig /renew''' : To force the PC to request an IP address from the Router.
 
  
===Lab 1: Configuring Wireless Access and Security===
+
:::The Extended Service Set Identification '''(ESSID)''' is one of two types of '''Service Set Identification (SSID).'''
In this lab, you will configure a '''Linksys WRT300N''' (https://en.wikipedia.org/wiki/Linksys_routers#WRT300N) in Packet Tracer.
 
  
<figure id="fig:devices">
+
:::An '''SSID''' is a 32-character (maximum) alphanumeric key identifying the name of the wireless local area network. Some vendors refer to the SSID as the network name. For the wireless devices in a network to communicate with each other, all devices must be configured with the same SSID.
[[File:network_diagram1.png |500px | thumb | center |<caption>Topology Network diagram.</caption>]]
 
</figure>
 
  
<figtable id="addressing">
+
:::In an infrastructure wireless network that includes an access point, the '''ESSID''' is used, but may still be referred to as '''SSID'''.
[[File:Addressing_table1.png |700px | thumb | center |<caption>Addressing table.</caption>]]
 
</figtable>
 
  
====Cofigurar la conección entre el Router y la WAN / LAN====
+
:::In an [[Networking#adhoc|Ad hoc]] wireless network with no access points, the '''Basic Service Set Identification (BSSID)''' is used.
  
=====Setup the device topology diagram=====
+
:*'''MAC address filters:'''
* Setup the devices as shown in Figure <xr id="fig:devices"/>:
+
:::There's a second layer of security you can adopt, the MAC (Media Access Control) address filter. A MAC address is a unique identity burned into every network adapter during manufacture, with no way of changing it. Using this filter, the AP maintains a list of MAC addresses and only permits those on the list to connect.
** PC1 will be acting as the Internet connection
 
** PC0 and Laptop0 will be in our LAN.
 
  
* Connect a '''crossover cable''' from PC1 to the wireless router’s WAN (Internet) port and connect a '''straight through cable''' from PC0 to one of the wireless router’s LAN (Ethernet) ports.
+
:*'''Encryption:'''
 +
:::Even if hackers can't get past your AP, they may still be able to access data that's traversing your WLAN.
 +
:::The way to protect data in transit is encryption, the original WLAN encryption standard was '''WEP (Wired Equivalence Privacy)'''.
 +
:::'''WEP''' works by encrypting traffic -scrambling it- as it leaves the AP or client PC and decrypting it on arrival.
 +
:::'''WEP''' has been replaced by '''WPA (Wifi Protected Access)'''.
  
* Podemos pensar en esta configuración de la siguiente forma: el Wireless Router podría, por ejemplo, representar el Router que se encuentra integrado en la Box de nuestra home network; al cual hemos conectado una PC0 a través de un cable y nuestra Laptop a la Wireless Network. PC1 representa cualquier PC fuera de nuestra LAN.
+
:*'''Disable remote access to the router administration GUI:'''
 +
:::Make sure you only configure the AP over a wired connection.
 +
:::To remotely log into your router's administrative console you just have to open a browser window and typing the router IP address.
 +
:::Your router is likely to have what is known as a non-routable internal IP address such as 192.168.1.1 or 10.0.0.1 as it's address
 +
:::Below are some of the standard admin interface addresses used by some of the more common wireless router manufacturers:
 +
::::Linksys - 192.168.1.1 or 192.168.0.1
 +
::::DLink - 192.168.0.1 or 10.0.0.1
 +
::::Apple - 10.0.1.1
 +
::::ASUS - 192.168.1.1
 +
::::Buffalo - 192.168.11.1
 +
::::Netgear - 192.168.0.1 or 192.168.0.227
  
=====Configurar la conexión en PC1 y PC0=====
+
:*'''Choose a strong password for the router administration GUI:'''
NOTA: Normalmente deberíamos configurar el Router antes de los dispositivos en la LAN. Esto porque el DHCP Server del Router asignará los IP's a nuestros dispositivos en la LAN; y las confuguraciones en el Router afectarán, por supuesto, las IP's otorgadas a los dispositivos. Sin embargo, a manera de ejercicio, y con el fin de destacar ciertos detalles, vamos primero a realizar las configuraciones en los dispositivos dentro de la LAN.
+
:::Routers usually come with an obvious default password (admin in many cases). Therefore, it is important to change it and choses a secure password to try to prevent someone from entering to the router administration GUI and change your network configurations.
* PC1 will be acting as the Internet connection, so we need to set the IP address, subnet mask, and default gateway statically as listed in <xr id="addressing"/>.
 
* Set the IP configuration on PC0 to DHCP by clicking on the desktop tab, then selecting the IP configuration icon.
 
** The wireless router will provide an IP address to the PC0 using the default DHCP configuration.
 
* '''Verify connectivity settings for PC0:''' Go to Desktop and click on command prompt. At the command prompt, type the command '''ipconfig''' to view your network device information.
 
** If the PC does not receive an IP address in the command prompt type '''ipconfig /renew''', this will force the PC to request an IP address from the Router.
 
** Notice which IP address is the default gateway. This is the default IP address of a Linksys WRT300N. Por tanto, el Router a asignado un IP a PC0 a través de la configuración por defecto (ver Nota al inicio de esta sección).
 
  
=====Configurar el Router=====
+
:*'''Choose a strong password for the wireless network'''
Click on the Wirelessrouter0 and select the Setup tab for the wireless router’s GUI.
 
  
======Log in======
+
:*'''Authentication'''
In the real world the default login credentials are a username admin and a password of: admin. Note that this is very insecure since it is the factory default and provided publicly. You will set our own password in a later task.
+
::The final layer of protection is individual authentication.
 +
::The standard method of '''WLAN authentication uses the 802.1X protocol'''.
 +
::If the protocol is enabled, unauthenticated users cannot get past the AP to access the rest of the network.
  
======Configure the WAN interface======
+
:*'''Install a good firewall device to your router'''
Normally an Internet Service Provider would use DHCP to give out addresses to the WAN port. For this lab, you will assign the address statically.
 
* '''Configure the WAN port to have a static IP address:'''
 
** From the Internet Connection Type pull-down menu, select Static IP and set the IP address settings for Internet Setup:
 
*** Internet IP Address - set to: 172.17.88.35
 
*** Subnet Mask: 255.255.255.0
 
*** Default Gateway - set to the ISP address: 172.17.88.1
 
  
======Configure the LAN IP addressing======
+
====Service set====
* '''Set the Network Setup Address:'''
+
https://en.wikipedia.org/wiki/Service_set_(802.11_network)
** Under Network Setup, enter the Router IP of 172.17.30.1 / Subnet Mask: 255.255.255.0
 
*** NOTE: At this point you would be disconnected from the web page if you were configuring from a PC, as you just changed the IP address you are connected to. It would take a minute or two, and you would need to refresh your browser, but you should be redirected to the new URL of the web utility. If not, you would need to release your IP address and request a new one, before your navigate your browser there. You would be asked to login again.
 
  
<blockquote>
+
In IEEE 802.11 wireless local area networking standards, a '''service set''' is a group of wireless network devices that are operating with the same networking parameters.
'''Verify IP address changes:'''
 
  
La configuración de la LAN IP addressing en el Router, afectará, por supuesto, la IP Address que el DHCP Server del Router asígnará a las PC's de la LAN. Para observar dichos cambios vamos al Command prompt de PC0 y ejecutamos:
+
'''Service sets''' are arranged hierarchically,: '''Basic Service Sets (BSS)''' are units of devices operating with the same medium access characteristics (i.e. radio frequency, modulation scheme etc), while '''Extended Service Sets (ESS)''' are logical units of one or more basic service sets on the same logical network segment (i.e. IP subnet, VLAN etc). There are two classes of basic service sets: those that are formed by infrastructure mode redistribution points (access points or mesh nodes), and those that are formed by independent stations in a peer-to-peer ad hoc topology. Basic service sets are identified by '''BSSIDs''', which are 48-bit labels that conform to MAC-48 conventions. Logical networks (including extended service sets) are identified by '''SSIDs''', which serve as "network names" and are typically natural language labels.
ipconfig /release
 
ipconfig /renew
 
  
Luego de esto, note la nueva IP asignada por el DHCP Server del Router.
+
===Wireless mobile networks===
</blockquote>
 
  
=====Verify connectivity=====
+
==Para ver las características de las tarjetas de red (network card)==
Ping the WAN IP Address of the Wireless Router (172.17.88.35) to verify you can get to the outside of your network. The pings should succeed. <span style="color:#000000; background:#FF69B4">If you try to Ping PC1 172.17.88.1, it may fail if your firewall won’t allow replies back in.</span>
+
http://www.linuxnix.com/find-network-cardwiredwireless-details-in-linuxunix/
  
====Wireless settings====
+
Tales como: Name of network cards, Network card link status, Network card speeds, Network card MAC address, Network card IP address, Network card driver details, Network card manufacture details, Network card duplex/half duplex details, Network card auto-negotiation details, Complete network card capabilities details, Complete network card hardware details
  
=====Basic wireless wettings on the Routher=====
+
sudo lshw -c network
The Linksys WRT300N allows you to choose which network mode to operate in. Currently, the most common network mode for clients is Wireless-G and for routers is BG-Mixed. When a router is operating in BG-Mixed, it can accept both B and G clients. However, if a B client connects, the router must scale down to the slower level of B. For this lab, pick the fastest speed your clients can support.
 
  
On WRS1, navigate to the Wireless page:
+
==DHCP==
* Set the Network Name (SSID) to WRS_1
+
[//perso.sinfronteras.ws/images/1/1c/DHCP-Lecture_Greg2018.pdf Media:DHCP-Lecture_Greg2018.pdf]
* Wireless-N Only – Radio Band – Change to Standard – 20MHz Channel.
 
* Standard Channel – Leave at default
 
* SSID Broadcast – Leave Enabled for now.
 
  
=====Incorporar una Wireless Network Card a la Laptop=====
+
==DNS==
Por defecto, Packet Tracer no incorpora una Wireless Network Card (en este caso compatible con Linksys WRT300N) a la Laptop. Debemos entonces incorporar una antes de intentar hacer la Wireless conection.  
+
[//perso.sinfronteras.ws/images/b/ba/Introduction_to_DNS-Lecture_Greg2018_.pdf Media:Introduction_to_DNS-Lecture_Greg2018 .pdf]
  
Si intentamos verificar la conexión en la Laptop antes de incorporar la Wireless Network Card:
+
[//perso.sinfronteras.ws/images/1/15/DNS-Lecture_Greg2018.pdf Media:DNS-Lecture_Greg2018.pdf]
* Go to the Desktop tab then select the PC Wireless Icon.
 
... el programa desplegará el siguiente mensaje: «A WMP300N or WPC300N wireless interface is required to connect»
 
  
Para incorporar la Wireless Network Card:
+
Observing DNS Resolution: [//perso.sinfronteras.ws/images/f/fc/Lab-Observing_DNS_Resolution.pdf Media:Lab-Observing_DNS_Resolution.pdf]
* Click on the Laptop > Physical
 
** Observar el diseño de la Laptop (observar los diseños de los dispositivos que presenta la Laptop) (<xr id="fig:ncard"/>)
 
** Note que la Network Card corresponde a un puerto FastEthernet.
 
** Antes de realizar el cambio, debemos apagar la Laptop. Para esto haga clic en el botón que se encuentra al lado de la conexión electrica. Arriba de la luz verde que simboliza que el dispositivo se encuentra encendido. Note que luego de prescionarlo desaparece la luz verde, lo cual indica que el dispositivo se encuentra apagado. (<xr id="fig:ncard"/> and <xr id="fig:ncard1"/>)
 
* Utilizando el cursor del mouse, arraste la actual tarjeta de red (FastEthernet) hacia la esquina inferior derecha, hacia el espacio en donde se muestra el diseño de los dispositivos físicos. Note que si se ha arrastrado correctamente, el espacio en donde se encontraba la tajeta de red en la Laptop quedará libre. (<xr id="fig:ncard1"/> and <xr id="fig:ncard2"/>)
 
* Ahora arrastre la tarjeta que desea instalar desde las distintas opciones que se encuentran en el panel a la derecha hacia el espacio libre en la Laptop. (<xr id="fig:ncard2"/>)
 
* En este caso debemos escoger una WPC300N. (<xr id="fig:ncard2"/>)
 
  
<figure id="fig:ncard">
+
*Part 1: Observe the DNS Conversion of a URL to an IP Address
[[File:laptop_physical_configuration.png |500px | thumb | center |<caption>Physical configuration of the Laptop - Changing the Network Card.</caption>]]
+
*Part 2: Observe DNS Lookup Using the nslookup Command on a Web Site
</figure>
+
*Part 3: Observe DNS Lookup Using the nslookup Command on Mail Servers
  
<figure id="fig:ncard1">
+
[[File:DNS-names-ru.svg|550px|thumb|center|DNS]]
[[File:laptop_physical_configuration1.png |500px | thumb | center |<caption>Physical configuration of the Laptop - Changing the Network Card.</caption>]]
 
</figure>
 
  
<figure id="fig:ncard2">
+
==Using Wireshark to observe traffic==
[[File:laptop_physical_configuration2.png |500px | thumb | center |<caption>Physical configuration of the Laptop - Changing the Network Card.</caption>]]
 
</figure>
 
  
=====Verify wireless connection=====
+
[//perso.sinfronteras.ws/images/2/27/4-2-Using_Wireshark_to_observe_the_DHCP_process.pdf Media:4-2-Using Wireshark to observe the DHCP process.pdf]
Ahora que hemos incorporado una Wireless network card a nuestra Laptop, podemos entonces verificar la Wireless connection:
 
* Go to the Desktop tab then select the PC Wireless Icon. Click on the Connect Tab.
 
* If necessary, you may have to click on Refresh to update your wireless networks. You should see the new network (WRS_1).
 
* Click on the name to highlight it and then click Connect. Click on the Link Information Tab. When it is done, it will congratulate you on creating a profile (Message: You have successfully connected to the access point).
 
  
====Configure DHCP Settings====
+
[//perso.sinfronteras.ws/images/8/8d/7-3-Using_Wireshark_to_Examine_a_UDP_DNS_Capture.pdf Media:7-3-Using_Wireshark_to_Examine_a_UDP_DNS_Capture.pdf]
=====Give a static DHCP binding to PC0 and Laptop0=====
 
* On Laptop0, verify connectivity settings going into cmd. At the command prompt, type the command '''Ipconfig /all''' to view your network device information. Note the Physical Address (MAC) of the Wireless Connection.
 
* On the Router, navigate back to the Setup page (the Basic Setup is the default tab). In the middle of the Basic Setup Page, under DHCP Server Settings, click the DHCP Reservations button. Una nueva ventana se abrirá...
 
  
* '''There are two ways to assign DHCP addresses:'''
 
** '''The first method''' will always assign the client the same address the client has right now.
 
*** Find PC0 by its MAC address in the list of current DHCP clients (Hint: it should be listed as a LAN connection)
 
*** Check the Select box next to your PC. Click Add Clients. Now PC0 will show up under Clients Already Reserved.
 
*** This gives PC0 (in this example, the computer with a MAC address of 00:60:5C:D9:2D:1D) the same IP address it has right now (172.17.30.100) whenever it requests an address through DHCP.
 
  
:* '''The second method''' to assign DHCP addresses is to select the address you want the machine to get. You will assign Laptop0 the static IP address listed in the Addressing Table, not the one it received initially.
+
<br />
:** Under Manually Adding Client, enter your client’s actual name <span style="color:#FFFFFF; background:#483D8B"> (puse Laptop0 aquí pero no estoy seguro) </span>, .24 for the IP address, the actual MAC address of your PC’s Wireless Connection, and click Add. Now whenever Laptop0 connects to the wireless router, it receives the IP address 172.17.30.24 via DHCP.
+
==Campus LAN and Wireless LAN Design Guide - Cisco==
 +
[[:File:Campus-LAN-WLAN-Design-Cisco.pdf]]
  
=====Configure other DHCP server settings=====
 
Right underneath the DHCP Reservation are the other settings for the DHCP server.
 
  
What is the default maximum number of users the WRS300N will hand out DHCP addresses to?
+
<br />
* 50 users.
+
===Campus Wired LAN Design Fundamentals===
 +
The LAN is the networking infrastructure that provides access to network communication services and resources for end users and devices spread over a single floor or building. You create a campus network by interconnecting a group of LANs that are spread over a small geographic area. Campus network design concepts are inclusive small networks that use a single LAN switch, up to very large networks with thousands of connections.
  
* Start IP Address - Change to: 172.17.30.50.
 
* Maximum Number of Users - Change to: 75
 
  
These settings give any PC that connects (wired or wirelessly) to this router requesting an IP address through DHCP, an address between 172.17.30.50–124. Only 75 clients at a time are able to get an IP address and they can only have the address for 24 hours, after which time they must request a new one.
+
The campus wired LAN enables communications between devices in a building or group of buildings, as well as interconnection to the WAN and Internet edge at the network core.
  
=====Verify the static IP address change and conection=====
 
On both PC0 and Laptop0, at the command prompt, type:
 
Ipconfig /release
 
Ipconfig /renew
 
... to verify the IP addresses you assigned are used. On Laptop0, ping the IP address of the WAN port to verify you can reach the Internet.
 
  
===Lab 4: Configuring basic router settings with the Cisco IOS CLI===
+
<br />
'''Cisco IOS''' (Internetwork Operating System) '''CLI''' (IOS Command Line Interface)
+
====Hierarchical design model====
 +
The campus wired LAN uses a hierarchical design model to break the design up into modular groups or layers. Breaking the design up into layers allows each layer to implement specific functions, which simplifies the network design and therefore the deployment and management of the network
  
In this lab, you will build a multi-router network and configure the routers to communicate using the most common Cisco IOS configuration commands.
 
  
<syntaxhighlight lang="sh">
+
Modularity in network design allows you to create design elements that can be replicated throughout the network. Replication provides an easy way to scale the network as well as a consistent deployment method.
""" Resumen de comandos """
 
  
Al tratar de configurar un puerto serial en el cual conecté un cable serial DTE:
 
clock rate 250000
 
This command applies only to DCE interfaces
 
  
enable
+
In flat or meshed network architectures, changes tend to affect a large number of systems. Hierarchical de-sign helps constrain operational changes to a subset of the network, which makes it easy to manage as well as improve resiliency. Modular structuring of the network into small, easy-to-understand elements also facilitates resiliency via improved fault isolation.
#configure terminal
 
""""""""""""""""""""""""""""""""
 
(config)#hostname R1
 
""""""""""""""""""""""""""""""""
 
(config)#line console 0
 
(config-line)#password cisco
 
(config-line)#login
 
(config-line)#exit
 
""""""""""""""""""""""""""""""""
 
(config)#line vty 0 4
 
(config-line)#password cisco
 
(config-line)#login
 
(config-line)#exit
 
""""""""""""""""""""""""""""""""
 
(config)#enable password cisco
 
(config)#enable secret class
 
""""""""""""""""""""""""""""""""
 
(config)#banner motd #Unauthorized Use Prohibited#
 
""""""""""""""""""""""""""""""""
 
(config)#no ip domain-lookup
 
""""""""""""""""""""""""""""""""
 
(config)#line console 0
 
(config-line)#logging synchronous
 
""""""""""""""""""""""""""""""""
 
show ip interface brief
 
""""""""""""""""""""""""""""""""
 
(config)#interface serial 0/0/0
 
(config-if)#description WAN link to R2
 
(config-if)#ip address 172.17.0.1 255.255.0.0
 
(config-if)#clock rate 64000
 
(config-if)#no shutdown
 
(config-if)#exit
 
  
#show interfaces serial 0/0/0
 
""""""""""""""""""""""""""""""""
 
(config)#interface FastEthernet 0/0
 
(config-if)#description R1 LAN Default Gateway
 
(config-if)#ip address 172.16.0.1 255.255.0.0
 
(config-if)#no shutdown
 
(config-if)#exit
 
  
#show interfaces FastEthernet 0/0
+
A hierarchical LAN design includes the following three layers:
""""""""""""""""""""""""""""""""
 
#copy running-config startup-config
 
""""""""""""""""""""""""""""""""
 
#show running-config
 
</syntaxhighlight>
 
  
====Configuring basic router settings====
+
*'''Access layer:''' Provides endpoints and users direct access to the network
Utilizaremos un Router-PT (Generic)
+
*'''Distribution layer:''' Aggregates access layers and provides connectivity to services
 +
*'''Core layer:''' Provides connectivity between distribution layers for large LAN environments
  
In real life tenemos que conectar un '''console cable''' from a computer to the router para poder hacer las configuraciones en el Router. Sin embargo en ''Packettracer'' podemos simplemente hacer clic en el routar y  acceder al CLI.
+
[[File:LAN hierarchical design.png|center|thumb|450x450px|LAN hierarchical design]]
  
* Click on the Router > CLI:
 
  
Would you like to enter the initial configuration dialog?
+
Depending on the characteristics of the deployment site, you might need one, two, or all three of the layers. For example:
 
No (para así entrar a la línea de comandos desde el inicio, sin que el sistema nos proponga las opciones de configuración automáticamente).
 
  
'''Enter privileged EXEC mode'''
+
*A site that occupies a single building might only require the access and distribution layers,
Router>
+
*While a campus of multiple buildings will most likely require all three layers.
Router>enable
 
Router#
 
  
El comando '''«enables»''' is used to enter privileged EXEC mode. Como el Router aún no ha sido configurado, éste no solicita un password luego del comando «enable». Ya veremos como configurar un password. Note que luego de ingresar el comando «enable» aparece un # que indica que estamos en privileged EXEC mode.
 
  
'''Access global configuration mode'''
+
Regardless of how many layers are implemented at a location, the modularity of this design ensures that each layer will provide the same services, and in this architecture, will use the same design methods:
Router#configure terminal
 
Router(config)#
 
El comando '''«configure terminal»''' is used to access global configuration mode. This command can only be used in privileged EXEC mode.
 
  
Ya estando en el «global configuration mode» podemos empezar las configuraciones:
+
[[File:LAN hierarchical design-Scalability by using a modular design.png|center|thumb|450x450px|LAN hierarchical design-Scalability by using a modular design]]
  
=====Configure a host name=====
 
Router>enable
 
Router#configure terminal
 
Router(config)#hostname R1
 
R1(config)#  // Después de configurar el host name, nuestra línea de comandos se verá así
 
  
=====Configure a console password and enable login=====
+
<br />
Este es el password que será requerido al ingresar al CLI.
+
=====Access layer=====
 +
The access layer is where user-controlled devices, user-accessible devices, and other end-point devices are connected to the network. The access layer provides both wired and wireless connectivity and contains features and services that ensure security and resiliency for the entire network.
  
R1(config)#line console 0
+
[[File:LAN hierarchical design-Access layer.png|center|thumb|450x450px|LAN hierarchical design-Access layer]]
R1(config-line)#password cisco  // "cisco" will be our console password
 
R1(config-line)#login
 
R1(config-line)#exit
 
R1(config)#
 
  
=====Configure the password on the vty lines=====
 
R1(config)#line vty 0 4
 
R1(config-line)#password cisco
 
R1(config-line)#login
 
R1(config-line)#exit
 
  
=====Configure the enable and enable secret passwords=====
+
*'''Device connectivity:''' ...
R1(config)#enable password cisco  // "cisco" will be our enable password
 
R1(config)#enable secret class    // "class" will be our enable secret password
 
  
The '''«enable secret password»''' es el que será requerido al ingresar el comando '''«enable»''' (to enter privileged EXEC mode).
+
*'''Resiliency and security services:''' ...
  
Note: Remember that the enable secret password is encrypted when viewing the configuration. Also do not type enable secret password class. If you do, the secret password will be password, not class. The enable secret password takes precedence over the enable password. When an enable secret password is configured, the enable password is no longer accepted. It will be necessary to enter the enable secret password to enter privileged EXEC mode. Some network administrators may choose to configure only the enable secret password.
+
*'''Advanced technology capabilities:''' ...
  
=====Configure a message-of-the-day (MOTD) banner=====
 
When a user connects to the router, the MOTD banner appears before the login prompt. In this example, the number sign (#) is used to start and end the message. The # is converted to ^C when the running-config is displayed.
 
  
R1(config)#banner motd #Unauthorized Use Prohibited#
+
<br />
 +
=====Distribution layer=====
 +
The distribution layer supports many important services. In a network where connectivity needs to traverse the LAN end-to-end, whether between different access layer devices or from an access layer device to the WAN, the distribution layer facilitates this connectivity.
  
=====Configure the router to not attempt to resolve host names using a DNS server=====
 
If this is not configured, the router assumes that any mistyped command is a host name and attempts to resolve it by looking for a DNS server. On some routers, it can take considerable time before the prompt returns.
 
  
R1(config)#no ip domain-lookup
+
*'''Scalability:''' At any site with more than two or three access-layer devices, it is impractical to interconnect all access switches. The distribution layer serves as an aggregation point for multiple access-layer switches.
  
=====Console messages do not interfere with command input=====
+
:The distribution layer can lower operating costs by making the network more efficient, by requiring less memory, by creating fault domains that compartmentalize failures or network changes, and by processing resources for devices elsewhere in the network. <span style="color:#FF0000">The distribution layer also increases network availability by containing failures to smaller domains.</span>
Configure the router so that console messages do not interfere with command input. This is helpful when exiting configuration mode, because it returns you to the command prompt and prevents having messages from breaking into the command line.
 
  
R1(config)#line console 0
 
R1(config-line)#logging synchronous
 
  
=====Configure the serial interface=====
+
*'''Reduce complexity and increase resiliency:''' The campus wired LAN has the option to use a simplified distribution layer, in which a distribution-layer node consists of a single logical entity that can be implemented using a pair of physically separate switches operating as one device or using a physical stack of switches operating as one device. <span style="color:#FF0000">Resiliency is provided by physically redundant components like power supplies, supervisors, and modules, as well as stateful switchover to redundant logical control planes.</span>
In global configuration mode, configure serial interface 0/0/0 on R1:
 
R1(config)#interface serial 0/0/0
 
R1(config-if)#description WAN link to R2
 
R1(config-if)#ip address 172.17.0.1 255.255.0.0
 
R1(config-if)#clock rate 64000
 
R1(config-if)#no shutdown
 
R1(config-if)#exit
 
  
<span style="color:#FFFFFF; background:#483D8B"> '''Note:''' Enter the clock rate only on the router serial interface to which the DCE interface end of the cable is attached. The cable type (DTE or DCE) is printed on the outside of each end of the null serial cable. When in doubt, enter the clock rate command on both router serial interfaces. The command is ignored on the router to which the DTE end is attached. The no shutdown command turns on the interface. The shutdown command turns the interface off. </span>
 
  
=====Display information about the serial interface=====
+
:<span style="color:#FF0000">This approach reduces complexity of configuring and operating the distribution layer because fewer proto-cols are required. Little or no tuning is needed to provide near-second or sub-second convergence around failures or disruptions.</span>
Enter the show interfaces command on R1:
 
R1#show interfaces serial 0/0/0
 
  
<syntaxhighlight lang="tex">
 
Serial0/0/0 is down, line protocol is down
 
  Hardware is PowerQUICC Serial
 
  Description: WAN link to R2
 
  Internet address is 172.17.0.1/16
 
  MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
 
    reliability 255/255, txload 1/255, rxload 1/255
 
Encapsulation HDLC, loopback not set
 
Keepalive set (10 sec)
 
Last input never, output never, output hang never
 
Last clearing of "show interface" counters 00:01:55
 
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
 
Queueing strategy: fifo
 
Output queue :0/40 (size/max)
 
5 minute input rate 0 bits/sec, 0 packets/sec
 
5 minute output rate 0 bits/sec, 0 packets/sec
 
  0 packets input, 0 bytes, 0 no buffer
 
  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 
  6 packets output, 906 bytes, 0 underruns
 
  0 output errors, 0 collisions, 3 interface resets
 
  0 output buffer failures, 0 output buffers swapped out
 
  0 carrier transitions
 
  DCD=down DSR=down DTR=up RTS=up CTS=down
 
</syntaxhighlight>
 
  
======What did you discover by issuing the show interfaces command======
+
<br />
* Serial 0/0/0 status is:
+
======Two-Tier Design======
* Line protocol is:
+
In an Two-Tier Design, the distribution layer provides connectivity to network-based services, to the WAN, and to the Internet edge. Network-based services can include and are not limited to Wide Area Application Services (WAAS) and WLAN controllers. Depending on the size of the LAN, these services and the interconnection to the WAN and Internet edge may reside on a distribution layer switch that also aggregates the LAN access-layer connectivity. '''This is also referred to as a collapsed core design''' because the distribution serves as the Layer 3 aggregation layer for all devices.
* Internet address:
 
* Encapsulation:
 
  
* If the serial interface was configured, why did the show interfaces serial 0/0/0 indicate that the interface is down?
+
[[File:Two-tier_design_Distribution_layer_functioning_as_a_collapsed_core.png|950px|thumb|center|Two-tier design Distribution layer functioning as a collapsed core]]
  
=====Configure the Fast Ethernet interface=====
 
In global configuration mode, configure the Fast Ethernet 0/0 interface on router R1:
 
R1(config)#interface FastEthernet 0/0
 
R1(config-if)#description R1 LAN Default Gateway
 
R1(config-if)#ip address 172.16.0.1 255.255.0.0
 
R1(config-if)#no shutdown
 
R1(config-if)#exit
 
  
<span style="color:#FFFFFF; background:#483D8B">'''Note:''' Ethernet interfaces do not have a DTE or DCE distinction; therefore, it is not necessary to enter the clock rate command.</span>
+
<br />
 +
======Three-Tier Design======
 +
Larger LAN designs require a dedicated distribution layer for network-based services versus sharing connectivity with access layer devices. As the density of WAN routers, WAAS controllers, Internet edge devices, and WLAN controllers grows, the ability to connect to a single distribution layer switch becomes hard to manage. There are a number of factors that drive LAN design with multiple distribution layer modules:
  
=====Display information about the Fast Ethernet interface=====
+
*The number of ports and port bandwidth that the distribution layer platform can provide affects network performance and throughput.
Enter the show interfaces command on R1:
 
R1#show interfaces FastEthernet 0/0
 
  
<syntaxhighlight lang="tex">
+
Network resilience is a factor when all LAN and network-based services rely on a single platform, regardless of that platform's design, it can present a single point of failure or an unacceptably large failure domain.
FastEthernet0/0 is up, line protocol is up
 
  Hardware is AmdFE, address is 000c.3076.8460 (bia 000c.3076.8460)
 
  Description: R1 LAN Default Gateway
 
  Internet address is 172.16.0.1/16
 
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
 
    reliability 255/255, txload 1/255, rxload 1/255
 
  Encapsulation ARPA, loopback not set
 
  Keepalive set (10 sec)
 
  Auto-duplex, Auto Speed, 100BaseTX/FX
 
  ARP type: ARPA, ARP Timeout 04:00:00
 
  Last input never, output 00:00:18, output hang never
 
  Last clearing of "show interface" counters never
 
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
 
  Queueing strategy: fifo
 
  Output queue :0/40 (size/max)
 
  5 minute input rate 0 bits/sec, 0 packets/sec
 
  5 minute output rate 0 bits/sec, 0 packets/sec
 
    0 packets input, 0 bytes
 
    Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 
    0 watchdog
 
    0 input packets with dribble condition detected
 
    52 packets output, 5737 bytes, 0 underruns
 
    0 output errors, 0 collisions, 1 interface resets
 
    0 babbles, 0 late collision, 0 deferred
 
    52 lost carrier, 0 no carrier
 
    0 output buffer failures, 0 output buffers swapped out
 
</syntaxhighlight>
 
  
======What did you discover by issuing the show interfaces command======
+
*Change control and frequency affects resilience. When all LAN, WAN, and other network services are consolidated on a single distribution layer, operational or configuration errors can affect all network operation.
* Fast Ethernet 0/0 status is:
 
* Line protocol is:
 
* Internet address:
 
* Encapsulation:
 
  
* To which OSI layer is the encapsulation referring?
+
*Geographic dispersion of the LAN access switches across many buildings in a larger campus facility would require more fiber optic interconnects back to a single collapsed core.
  
* Why did the show interfaces FastEthernet 0/0 command show that the interface is up?:
+
Like the access layer, the distribution layer also provides quality of service (QoS) for application flows to guarantee critical applications and multimedia applications perform as designed.
  
=====Save the configuration=====
+
[[File:Three-tier_design_with_a_network-services_distribution_layer.png|700px|thumb|center|Three-tier design with a network-services distribution layer]]
Save the running configuration to the startup configuration from the privileged EXEC prompt.
 
R1#copy running-config startup-config
 
  
'''Note:''' Save the running configuration for the next time that the router is restarted. The router can be restarted either by a software reload command or a power cycle. The running configuration is lost if it is not saved. The router uses the startup configuration when the router is started.
 
  
====View the router running configuration====
+
<br />
From the privileged EXEC prompt:
+
=====Core layer=====
R1#show running-config  //This command can be abbreviated as sh run
+
In a large LAN environment, there often arises a need to have multiple distribution layer switches.
  
Este comando muestra todas las configuraciones llevadas a cabo:
 
  
<syntaxhighlight lang="">
+
*<span style="color:#FF0000">One reason for this is that when access layer switches are located in multiple geographically dispersed buildings, you can save potentially costly fiber-optic runs between buildings by locating a distribution layer switch in each of those buildings.</span>
*** Some output omitted ***
 
  
Building configuration...
 
Current configuration : 605 bytes
 
!
 
hostname R1
 
!
 
enable secret 5 $1$eJB4$SH2vZ.aiT7/tczUJP2zwT1
 
enable password cisco
 
!
 
no ip domain lookup
 
!
 
interface FastEthernet0/0
 
no ip address
 
shutdown
 
duplex auto
 
speed auto
 
!
 
interface Serial0/0
 
no ip address
 
shutdown
 
!
 
banner motd ^CUnauthorized Use Prohibited^C
 
!
 
line con 0
 
password cisco
 
logging synchronous
 
login
 
line aux 0
 
line vty 0 4
 
password cisco
 
login
 
!
 
end
 
</syntaxhighlight>
 
  
Note que el '''«enable cisco password»''' es el único password encrypted.
+
*<span style="color:#FF0000">As networks grow beyond three distribution layers in a single location, organizations should use a core layer to optimize the design.</span>
  
===Lab 5: Configuring Challenge Handshake Authentication Protocol Bi-directional===
 
* '''PPP:''' point to point.
 
* '''CHAP:''' Challenge Handshake Authentication Protocol. Is'a PPP authentication protocol.
 
  
 +
*<span style="color:#FF0000">'''Another reason to use multiple distribution layer switches is when the number of access layer switches connecting to a single distribution layer exceeds the performance goals of the network designer. In a modular and scalable design, you can collocate distribution layers for data center, WAN connectivity, or Internet edge services.'''</span>
  
'''In this lab we will learn:'''
 
* How to configure CHAP on routers.
 
* How to set PPP encapsulation on routers
 
  
 +
*<span style="color:#FF0000">'''In environments where multiple distribution layer switches exist in close proximity and where fiber optics provide the ability for high-bandwidth interconnect, a core layer reduces the network complexity, from N * (N-1) to N links for N distributions, as shown in the following two figures.'''</span>
  
'''CHAP''' is the authentication options requiring that the calling side of the link, the peer, enter authentication information to help ensure that the user has the network administrator's permission to make the call. In this lab, however, two-way authentication will be used. Therefore, each router requires the peer router to authenticate.
 
  
CHAP does not itself prevent unauthorized access; it merely identifies the remote end. The router or access server then determines whether that user is allowed access.
+
*<span style="color:#FF0000">'''The core layer of the LAN is a critical part of the scalable network, and yet it is one of the simplest by design. The distribution layer provides the fault and control domains, and the core represents the 24x7x365 nonstop connectivity between them, which organizations must have in the modern business environment where connectivity to resources to conduct business is critical. Connectivity to and from the core is Layer 3-only, which drives increased resiliency and stability.'''</span>
  
  
When configuring PPP authentication, you can select:
+
{| style="border-spacing: 2px; width: 20px; height: 20px; margin: 0 auto;"
* Challenge Handshake Authentication Protocol (CHAP) or,
+
|+
* Password Authentication Protocol '''(PAP)'''.
+
|[[File:LAN_topology_without_a_core_layer.png|thumb|center|LAN topology without a core layer|350x350px]]
 +
|[[File:LAN_topology_with_a_core_layer.png|thumb|center|LAN topology with a core layer|399x399px]]
 +
|}
  
In general, CHAP is the preferred protocol:
 
* Because CHAP offers features such as periodic verification to improve security; this makes CHAP more effective than PAP because CHAP requires a challenge before authentication can take place.
 
** CHAP is used to periodically verify the identity of the remote node, using a threeway handshake. This is done upon initial link establishment and can be repeated any time after the link has been established.
 
* Also, CHAP passwords are a shared secret and are not sent over the line in clear text like PAP.
 
  
====Initial configuration of the Network====
+
<br />
Antes de realizar la configuración CHAP, vamos a conectar dos routers (Generic Router PT) y realizar las configuraciones básicas aprendidas en el Lab 4.
+
=====Campus wired network design options=====
 +
<span style="color:#FF0000">When you scale from a single switch in a campus LAN up to a full three-tier campus network, the reliability of the network is increasingly important, because network downtime likely affects a greater user population with a larger workplace and economic significance. To mitigate the concerns about unavailability of network resources, campus designs include additional resiliency options, such as redundant links, switches, and switch components. In traditional multilayer campus designs, the added resiliency comes at a cost of configuration complexity, with most of the complexity introduced from the interaction of the access and aggregation layers of the campus LAN.</span>
  
* Conecte dos Routers a través de un cable serial DCE.
 
* Sería apropiado (aunque no indispensable para este lab) realizar todas las configuraciones básicas aprendidas en el lab 4. Las que sí son indispensables para este lab son:
 
:- Renombre los router como: '''Lab_A''' y '''Lab_b'''
 
:- Configure las interfaces correspondientes (en donde se conectó el cable serial) en cada Router:
 
<blockquote>
 
<blockquote>
 
<syntaxhighlight lang="bash">
 
Lab_A(config)#interface serial 0/0/0
 
Lab_A(config-if)#ip address 192.168.1.1 255.255.255.0
 
Lab_A(config-if)#no shutdown
 
Lab_A(config-if)#clock rate 250000
 
  
Lab_B(config)#interface serial 0/0/0
+
<span style="color:#FF0000">The primary function of the distribution layer is to aggregate access layer switches in a given building or cam-pus. The distribution layer provides a boundary between the Layer 2 domain of the access layer and the Layer 3 domain that provides a path to the rest of the network. This boundary provides two key functions for the LAN. On the Layer 2 side, the distribution layer creates a boundary for spanning tree protocol (STP), limiting propaga-tion of Layer 2 faults. On the Layer 3 side, the distribution layer provides a logical point to summarize IP routing information when it enters the network. The summarization reduces IP route tables for easier troubleshooting and reduces protocol overhead for faster recovery from failures.</span>
Lab_B(config-if)#ip address 192.168.1.2 255.255.255.0
 
Lab_B(config-if)#no shutdown
 
</syntaxhighlight>
 
<span style="color:#FFFFFF; background:#483D8B"> '''Note que el clock rate ha sido establecido sólo en Lab_A...''' </span>
 
</blockquote>
 
</blockquote>
 
* '''Ensure connectivity by pinging between routers...'''
 
  
====Define username and password to expect from the remote router====
 
<syntaxhighlight lang="bash">
 
Lab_A(config)#username Lab_B password clavechap
 
</syntaxhighlight>
 
  
<syntaxhighlight lang="bash">
+
<br />
Lab_B(config)#username Lab_A password clavechap
+
======Traditional Multilayer Campus Distribution Layer Design======
</syntaxhighlight>
+
Traditional LAN designs use a multi-tier approach with Layer 2 from the access layer to the distribution layer, where the Layer 3 boundary exists. The connectivity from the access layer to the distribution layer can result in either a loop-free or looped design.
  
username is the peer router’s name and the password is a shared password between Lab_A and Lab_B.
+
In the traditional network design, the distribution layer has two standalone switches for resiliency. It is recommended that you restrict a Layer 2 virtual LAN (VLAN) to a single wiring closet or access uplink pair in order to reduce or eliminate topology loops that STP must block and that are a common point of failure in LANs. <span style="color:#FF0000">Restricting a VLAN to a single switch provides a loop-free design, but it does limit network flexibility.</span>
  
====Configure the interface on for PPP encapsulation====
 
<syntaxhighlight lang="bash">
 
Lab_A(config)#interface serial 0/0/0
 
Lab_A(config-if)#encapsulation ppp
 
</syntaxhighlight>
 
Repetir en Lab_B
 
  
====See which ppp authentication options are available====
+
<span style="color:#FF0000">To create a resilient IP gateway for VLANs in the traditional design, you must use first-hop redundancy protocols, which provide hosts with a consistent MAC address and gateway IP for a VLAN. Hot standby routing protocol (HSRP) and virtual router redundancy protocol (VRRP) are the most common gateway redundancy protocols, but they only allow hosts to send data out one of the access uplinks to the distribution layer and require additional configuration for each aggregation switch in order to allow you to distribute VLANs across uplinks. Gateway load-balancing protocol (GLBP) does provide greater uplink utilization for traffic exiting the access layer by balancing load from hosts across multiple uplinks, but you can only use it in a non-looped topology.</span>
<syntaxhighlight lang="bash">
 
Lab_A(config-if)#ppp authentication ?
 
</syntaxhighlight>
 
  
La orden alterior '''(?)''' retorna las '''ppp authentications''' available.
 
  
====Now configure for CHAP authentication====
+
All of these redundancy protocols require that you fine-tune the default timer settings in order to allow for sub-second network convergence, which can impact switch CPU resources.
<syntaxhighlight lang="bash">
 
Lab_A (config-if)#ppp authentication chap
 
</syntaxhighlight>
 
Repetir en Lab_B
 
  
<span style="color:#FFFFFF; background:#483D8B"> '''Ensure connectivity by pinging between routers...''' </span>
 
  
====Troubleshooting / debugging====
+
<span style="color:#FF0000">Some organizations require the same Layer 2 VLAN be extended to multiple access layer closets to accom-modate an application or service. The looped design causes spanning tree to block links, which reduces the bandwidth from the rest of the network and can cause slower network convergence. The inefficiencies and the increased potential for misconfiguration drive network engineers to look for more appealing alternatives.</span>
En esta sección aprenderemos como detectar problemas de conectividad. Para ello vamos a utilizar '''debug command'''
 
  
* Enable debugging on both routers with the command:
+
{| style="border-spacing: 2px; width: 20px; height: 20px; margin: 0 auto;"
<blockquote>
+
|+
<syntaxhighlight lang="bash">
+
|[[File:Traditional_loop-free_design_with_a_VLAN_per_access_switch.png|thumb|center|Traditional loop-free design with a VLAN per access switch|370x370px]]
Lab_A#debug ppp authentication
+
|[[File:Traditional_looped_design_with_VLANs_spanning_access_switches.png|thumb|center|Traditional looped design with VLANs spanning access switches|390x390px]]
Lab_B#debug ppp authentication
+
|}
</syntaxhighlight>
 
</blockquote>
 
  
:* Cuando activamos '''debug command''', el sistema automáticamente imprimirá información en el CLI ('''debug output''') cuando detecte irregularidades.
 
  
:* The router continues to generate such output until you enter the corresponding no debug command (in this case, the '''no debug ppp authentication''' command). En caso de que hayamos activado distintos debug commands, to stop all debug messages usamos el comando '''no debug all'''
+
<br />
 +
======Routed Access Layer to Distribution Design======
 +
<span style="color:#FF0000">In another approach to access and distribution layer design, you can use Layer 3 all the way to the access layer. The benefits of this design are that you eliminate spanning tree loops and reduce protocols because the IP gateway is now the access switch. Because there are no spanning-tree blocking links, you can use both uplinks to the access layer and increase effective bandwidth available to the users.
  
* Delete the serial link between the two routers by deleting the cable from S0/0/0 on either router. Wait for the interface to go into a down state before proceeding to next step.
 
  
* Plug a serial cable back in from Lab_A to Lab_B to reestablish the connection and view the '''debug output''' of CHAP authentication.
+
The challenge with the routed access layer design is that the Layer 2 domains are confined to a single access closet, which limits flexibility for applications that require Layer 2 connectivity that extends across multiple access closets.
** Ensure to place the clocking side in Lab_A. El clocking side es indicado con un la imagen de un reloj en el cable.
 
  
* Al conectar el cable se debe generar automáticamente el '''debug output''' en el CLI. Does the output indicate success or failure?
 
  
* Now delete the username or password on both routers:
+
<br />
<blockquote>
+
======Campus Fabric Design======
<syntaxhighlight lang="bash">
+
You can overcome the Layer 2 limitations of the routed access layer design by adding campus fabric capability to the Layer 3 access network. The campus fabric design enables the use of virtual networks (overlay networks) running on a physical network (underlay network) in order to create alternative topologies to connect devices. In addition to network virtualization, campus fabric allows for software-defined segmentation and policy enforce-ment based on user identity and group membership, integrated with Cisco TrustSec technology. For additional information, visit [https://search.cisco.com/search?query=Campus%20Fabric&locale=enUS&tab=Cisco cisco.com and search for Campus Fabric]
Lab_A(config)#no username name password password
 
</syntaxhighlight>
 
</blockquote>
 
  
* Configure an incorrect username or password on both routers:
 
<blockquote>
 
<syntaxhighlight lang="bash">
 
Lab_A(config)#username wrong_name password wrong_password
 
</syntaxhighlight>
 
</blockquote>
 
  
* Shutdown the interface:
+
<br />
<blockquote>
+
======Simplified Distribution Layer Design======
<syntaxhighlight lang="bash">
+
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Oct2015/CVD-Campus_LAN_L2_Access_Simplified_Dist_Deployment-Oct2015.pdf
Lab_A(config)#interface serial 0/0/0
 
Lab_A(config-if)#shutdown
 
</syntaxhighlight>
 
</blockquote>
 
  
* Then start the interface back up and view the authentication process displayed in the debug output:
 
<blockquote>
 
<syntaxhighlight lang="bash">
 
Lab_A(config-if)#no shutdown
 
</syntaxhighlight>
 
</blockquote>
 
  
* Does the debug output indicate success or failure? How would this output help to solve authentication problems?
+
An alternative that can handle Layer 2 access requirements and avoid the complexity of the traditional multi-layer campus is called a '''simplified distribution layer design'''. The design uses multiple physical switches that act as a single logical switch, such as switch stack or a VSS, or the less preferred single, highly-redundant physi-cal switch. One advantage of this design is that spanning tree dependence is minimized, and all uplinks from the access layer to the distribution are active and passing traffic. Even in the distributed VLAN design, you eliminate spanning tree blocked links because of looped topologies. You reduce dependence on spanning tree by using EtherChannel to the access layer with dual-homed uplinks. This is a key characteristic of this design, and you can load-balance up to eight links if needed for additional bandwidth. At the same time, multiple links in an Ether-Channel have better performance characteristics versus single independent links.
  
===Lab 6: Configuring and verifying static routes===
 
objectives: Implement Static routing and verify that network routes working properly.
 
  
Static routing is one method of telling routers where to send traffic. Knowledge of static routes and how to configure them using the Cisco IOS CLI is essential to success as a network technician. In this lab, you build a multi-router network and use static routing to manually create routes, so hosts on remote networks can communicate.
+
EtherChannel is a logical interface that can use a control plane protocol to manage the physical members of the bundle. It is better to run a channel protocol instead of using forced-on mode because a channel protocol per-forms consistency checks for interfaces programmed to be in the channel and provides protection to the system from inconsistent configurations. Cisco Catalyst switches provide both port aggregation protocol (PAgP), which is a widely deployed Cisco designed protocol, and link aggregation protocol (LACP), which is based on IEEE 802.3ad.
  
[[File:Topology_diagram_of_the_network_lab6.png | 900px | thumb | center | Topology diagram of the network]]
 
  
 +
There are several other advantages to the simplified distribution layer design. You no longer need IP gateway redundancy protocols such as HSRP, VRRP, and GLBP, because the default IP gateway is now on a single logical interface and resiliency is provided by the distribution layer switch or switches. Also, the network will converge faster now that it is not depending on spanning tree to unblock links when a failure occurs, because EtherChannel provides fast sub-second failover between links in an uplink bundle.
  
[[File:Topology_diagram_of_the_network_packettracer_lab6.png | 900px | thumb | center | Topology diagram of the network. Realizado en PacketTracer]]
 
  
When configuring static routes on the routers we need to specify either:
+
The topology of the network from the distribution layer to the access layer is logically a hub-and-spoke topology, which reduces complexity of design and troubleshooting. The hub-and-spoke topology design provides a more efficient operation for IP Multicast in the distribution layer because there is now a single logical designated router to forward IP Multicast packets to a given VLAN in the access layer.
* '''The next-hop IP address''' OR
 
* '''The exit interface of the Router'''
 
  
In this lab, we will specify the next hop IP address.
 
  
 +
Finally, by using the single logical distribution layer design, there are fewer boxes to manage, which reduces the amount of time spent on ongoing provisioning and maintenance.
  
<syntaxhighlight lang="sh">
 
""" Resumen de comandos """
 
  
>show ip route
+
{| style="border-spacing: 2px; width: 20px; height: 20px; margin: 0 auto;"
>show ip route static
+
|+
>show ip route connected
+
|[[File:Simplified_distribution_design.png|thumb|center|Simplified distribution design with a VLAN per access switch|350x350px]]
 +
|[[File:Simplified_distribution_design.png|thumb|center|Simplified distribution design with VLANs spanning access switches|350x350px]]
 +
|}
  
(config)#ip route 192.168.0.0 255.255.255.0 172.16.10.5
 
  
If you make a mistake with the route:
+
<br />
(config)#no ip route 192.168.0.0 255.255.255.0 172.16.10.5
+
==[[Network Simulation using PacketTracer]]==
Undos the configuration of a static route to the 192.168.0.0/24 network sending traffic to a router interface with an address of 172.16.0.5
 
</syntaxhighlight>
 
  
'''Extension Task:'''
 
  
# How many valid ip addresses can be used on the WAN between router 1 and router 2 as the subnet mask is 255.255.255.224. Are all of these ddresses necessary? Suggest another mask that wastes fewer addresses.
+
<br />

Latest revision as of 11:44, 7 September 2024



Contents

Resumen para el examen de Network Service Management and Virtualisation

Media:Resumen para el examen networking.pdf

  • DHCP
  • DNS
  • ARP
  • TCP
  • HTTP

Some important questions that you should know:

  • A network manager asks you to write down the steps for a DNS query when you open your browser and type www.google.com
  • The network manager then asks you to describe the difference between a recursive and iterative query
  • What typical transport layer protocol and port does DNS use for DNS lookups


Wireless and WAN connectivity CA

File:Wireless and WAN connectivity-Networking CA.pdf



Sistema binario

Conversión de un número en el sistema decimal al binario:

Decimal2binario.jpg

Conversión de Binario a decimal:

Binario2decimal.jpg

Terminología

Protocols

Think of protocols as a standard way of communication between a client and a server.

LAN

A Local Area Network is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. https://en.wikipedia.org/wiki/Local_area_network

WAN

A Wide Area Network is a telecommunications network or computer network that extends over a large geographical distance. https://en.wikipedia.org/wiki/Wide_area_network

Puertos

  • The wireless router’s WAN (Internet) port (el puerto WAN (Internet) del wireless router).
  • The wireless router’s LAN (Ethernet) ports.
  • RS-232: is a standard for serial communication transmission of data. https://en.wikipedia.org/wiki/RS-232

Elegir el puerto correcto

  • Cuando se conecta un cable a una PC en Packet Tracer, el programa propone (por defecto) conectarlo al puerto FastEthernet, USB o RS-232. Hasta ahora hemos estado usando el puerto FastEthernet.
  • Cuando se conecta un cable a un Router, PacketTracer propone el puerto Internet o Ethernet. Creo que el puerto Internet se usa cuando estamos conectando el Router con una WAN y el Ethernet es para una LAN.

Cables

  • As a rule, between different divices we use a straight cable an between same divices a cross-over cable (Creo que el Prof. confirmó esto, no estoy seguro)
  • Crossover cable:
    • From a PC to the wireless router’s WAN (Internet) port.
  • Straight through cable:
    • From PC to one of the wireless router’s LAN (Ethernet) ports.

TCP/IP

https://en.wikipedia.org/wiki/Internet_protocol_suite

The Internet protocol suite is the conceptual model and set of communications protocols used on the Internet and similar computer networks.

The Internet protocol suite provides end-to-end data communication specifying how data should be packetized, addressed, transmitted, routed, and received. This functionality is organized into four abstraction layers which classify all related protocols according to the scope of networking involved. From highest to lowest, the layers are:

  • The application layer: it provides process-to-process data exchange for applications. HTTP, FTP, DNS etc.
  • The transport layer: handling host-to-host communication. TCP, UDP, etc.
  • The internet (Internetwork) layer: providing internetworking between independent networks. IP (IPv4, IPv6), etc.
  • Network interface and Hardware [Datalink, Physical] layer: containing communication methods for data that remains within a single network segment (link). Ethernet, Wireless, etc.


Ttcp ip layers.png


Applications

HTTP

The HTTP request. HTTP is the pull protocole. A client pulls a page from the server.

FTP

DNS

Transport

TCP

TCP (Transmision Control Protocol)

Internetwork

IP

Network interface and Hardware [Datalink, Physical]

Ethernet

Wireless

OSI model

https://en.wikipedia.org/wiki/OSI_model#Comparison_with_TCP.2FIP_model

OSI Model
Layer Protocol data unit (PDU) Function
Host
layers
7. Application Data High-level APIs, including resource sharing, remote file access
6. Presentation Translation of data between a networking service and an application; including character encoding, data compression and encryption/decryption
5. Session Managing communication sessions, i.e. continuous exchange of information in the form of multiple back-and-forth transmissions between two nodes
4. Transport Segment (TCP) / Datagram (UDP) Reliable transmission of data segments between points on a network, including segmentation, acknowledgement and multiplexing
Media
layers
3. Network Packet Structuring and managing a multi-node network, including addressing, routing and traffic control
2. Data link Frame Reliable transmission of data frames between two nodes connected by a physical layer
1. Physical Bit Transmission and reception of raw bit streams over a physical medium

Introduction to Internetworking and Network equipments

Internet1.png


Internet2.png


Use of modem for sending digital data over analog lines.


Modem

https://www.webopedia.com/TERM/M/modem.html

http://homepages.uc.edu/~thomam/Net1/Modems%20&%20D-A%20Conversion/modem_main.html

A modem (Short for modulator-demodulator) is a device or program that convert digital information to analog signals (modulation), and to convert analog signals back into useful digital information (demodulation). It enables a computer to transmit data over, for example, telephone or cable lines. http://homepages.uc.edu/~thomam/Net1/Modems%20&%20D-A%20Conversion/modem_main.html

Computer information is stored digitally, whereas information transmitted over telephone lines is transmitted in the form of analog signal. A modem converts between these two forms.

Use of modem for sending digital data over analog lines. https://www.webopedia.com/TERM/M/modem.html

Router

http://www.diffen.com/difference/Router_vs_Switch

Router and switches are both computer networking devices that allow one or more computers to be connected to other computers, networked devices, or to other networks.

The functions of a routers, switch and hub are all different, even if at times they are integrated into a single device.

Routers can connect wired or wireless (WiFi) networks. A switch is used for wired networking connections.

A router is a networking device that connects computer networks (connect two or more logical subnets). For example, connecting a home network with the Internet.

Routers operate at Layer 3 (network layer) of the OSI model. They direct traffic and perform other functions to efficient network operation. For example, they receive TCP/IP packets, look inside each packet to identify the source and target IP addresses, then forward these packets as needed to ensure the data reaches its final destination.

In addition, routers often perform network address translation (NAT), which allows all devices on a subnetwork (e.g., all devices in a home) to share the same public IP address.

Como se mencionó arriba, routers can connect wired or wireless (WiFi) networks.

Existen diferentes tipos de Routers. El uso y la manera de configurarlos varía notablemente:

The largest routers (such as the Cisco CRS-1 or Juniper PTX) interconnect the various ISPs, or may be used in large enterprise networks. Smaller routers usually provide connectivity for typical home and office networks. https://en.wikipedia.org/wiki/Router_(computing)

Al parecer se habla también Wireless Routers. Creo sin embargo que este dispositivo sería un Router equipado con un AP y una tarjeta de red wireless.

En el Lab 1 se realiza un modelado de networks en el cual se emplea un Wireless Router. Este Wireless Router podría, por ejemplo, representar el Router que se encuentra integrado en la Box de nuestra home network. En el Lab 1, note que en este Router las configuraciones se ralizan a través de un GUI.

En el Lab 4: Configuring basic router settings with the Cisco IOS CLI, se presenta un modelado de network en el cual se emplea un Router Cisco. Note que este tipo de Routers son configuring with the Cisco IOS CLI (línea de comandos).

Switch

A network switch is a computer networking device that is used to connect many devices together on a single computer network (within one local area network (LAN)).

Switches are incapable of joining multiple networks or sharing an Internet connection.

A switch is also called switching hub, bridging hub, or MAC bridge. Switches use MAC addresses to forward data to the correct destination. A switch is considered a Layer 2 device, operating at the data link layer; switches use packet switching to receive, process and forward data.

A switch is considered more advanced than a hub because a switch will on send msg to device that needs or request it

Access point

The Access Point (AP) is the central node in 802.11 wireless implementations. It is the interface between wired and wireless network

An access point is a hardware device that receives data by wired Ethernet and, using 2.4GHz or 5GHz radio waves bands, converts to a wireless signal. It sends and receives wireless traffic to and from nearby wireless clients.

For a home environment, most often you have a router, a switch, and an AP «embedded in one box (into a single device)», making it really usable for this purpose.


IP addressing

https://www.cloudaccess.net/cloud-control-panel-ccp/157-dns-management/322-subnet-masks-reference-table.html



IP address

Dirección IP



Classful network

Clases de public IP addresses: https://www.cloudaccess.net/cloud-control-panel-ccp/157-dns-management/322-subnet-masks-reference-table.html

Classe Bits de départ Début Fin Notation CIDR Masque de sous-réseau par défaut
Classe A 0 0.0.0.0 127.255.255.255 /8 255.0.0.0
Classe B 10 128.0.0.0 191.255.255.255 /16 255.255.0.0
Classe C 110 192.0.0.0 223.255.255.255 /24 255.255.255.0
Classe D (multicast) 1110 224.0.0.0 239.255.255.255 non défini
Classe E (réservée) 1111 240.0.0.0 255.255.255.255 non défini



Private IP Addresses

IP addresses reservadas para ser usadas como privadas:

10.0.0.0    – 10.255.255.255
172.16.0.0  – 172.31.255.255
192.168.0.0 – 192.168.255.255



IP Privado


ifconfig
ifconfig

Para obtener una nueva dirección IP en Windows se hace:

ipconfig /release
ipconfig /renew

En Linux los comandos análogos son: https://www.cyberciti.biz/faq/howto-linux-renew-dhcp-client-ip-address/

To renew or release an IP address for the eth0 interface, enter:

sudo dhclient -r
sudo dhclient



IP Público

curl ipinfo.io/ip



Command-line to list DNS servers used by my system

https://askubuntu.com/questions/152593/command-line-to-list-dns-servers-used-by-my-system

nmcli device show <interfacename> | grep IP4.DNS



Para desplegar el IP de la geteway

route -n



Subnet mask

https://www.cloudaccess.net/cloud-control-panel-ccp/157-dns-management/322-subnet-masks-reference-table.html


IP/Subnet Calculator:

La subnet mask que generalmente he estado usando para los ejemplos es la 255.255.255.0 (/24). Esta subnet mask indica que los primeros 24 bits de una IP deben ser iguales para pertenecer a la misma subnet. Esta en particular es muy fácil, y se puede ver fácilmente el rango de IP's que define. Por ejemplo:

Address:   172.17.0.1            10101100.00010001.00000000 .00000001
Netmask:   255.255.255.0 = 24    11111111.11111111.11111111 .00000000
Wildcard:  0.0.0.255             00000000.00000000.00000000 .11111111
=>
Network:   172.17.0.0/24         10101100.00010001.00000000 .00000000 (Class B)
Broadcast: 172.17.0.255          10101100.00010001.00000000 .11111111
HostMin:   172.17.0.1            10101100.00010001.00000000 .00000001
HostMax:   172.17.0.254          10101100.00010001.00000000 .11111110
Hosts/Net: 254                   (Private Internet)


  • Ahora, en el caso de 172.17.0.1/27, las cosas no son tan evidentes:
Address:   172.17.0.1            10101100.00010001.00000000.000 00001
Netmask:   255.255.255.224 = 27  11111111.11111111.11111111.111 00000
Wildcard:  0.0.0.31              00000000.00000000.00000000.000 11111
=>
Network:   172.17.0.0/27         10101100.00010001.00000000.000 00000 (Class B)
Broadcast: 172.17.0.31           10101100.00010001.00000000.000 11111
HostMin:   172.17.0.1            10101100.00010001.00000000.000 00001
HostMax:   172.17.0.30           10101100.00010001.00000000.000 11110
Hosts/Net: 30                    (Private Internet)


  • 172.17.0.1/30
Address:   172.17.0.1            10101100.00010001.00000000.000000 01
Netmask:   255.255.255.252 = 30  11111111.11111111.11111111.111111 00
Wildcard:  0.0.0.3               00000000.00000000.00000000.000000 11
=>
Network:   172.17.0.0/30         10101100.00010001.00000000.000000 00 (Class B)
Broadcast: 172.17.0.3            10101100.00010001.00000000.000000 11
HostMin:   172.17.0.1            10101100.00010001.00000000.000000 01
HostMax:   172.17.0.2            10101100.00010001.00000000.000000 10
Hosts/Net: 2                     (Private Internet)



Definición de una subred

A través de la Máscara de subred se define que IPs forman parte del la misma Red (directa)

Same network1.jpg
Seme network2.jpg

La notación 192.160.136.4/24 define una máscara de subred en donde los primeros 24 bits son 1 --> 255.255.255.0



Calculating the number of hosts based on the subnet mask

For example, for a subnet mask of 20:

2**(32-20) - 2 = 4094

-2 is becuse the first one is the network address and the last one the broadcast address.



Network address


Broadcast address

https://www.techopedia.com/definition/2384/broadcast-address



Gateway

El comando route: http://www.thegeekstuff.com/2012/04/route-examples

route



Internet speed

https://askubuntu.com/questions/104755/how-to-check-internet-speed-via-terminal

La velocidad de la conexión Internet se puede medir en kbit/s (Download/Upload)

Podemos usar el siguiente script en línea:

curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -

o instalar el programa usado en la linea de comando anterior (speedtest-cli) como se explica aquí: https://fossbytes.com/test-internet-speed-linux-command-line/

sudo apt-get install speedtest-cli

OR
sudo apt-get install python-pip
pip install speedtest-cli

To test internet speed, just type the following command and press enter:

speedtest-cli

You can find various options in the help section of the utility:

speedtest-cli -h

Display the internet speed in megabytes/sec:

speedtest-cli --bytes

También podemos obtener una medida a través de wget:

wget -O /dev/null http://speedtest.wdc01.softlayer.com/downloads/test10.zip



Desplegar la ruta de un paquete enviado en Internet

El comando traceroute permite optener la ruta de un paquete enviado.

traceroute google.com

En el ejemplo anterio podemos ver que el paquete pasa por el IP 109.255.255.254 (que debería ser el Gateway de mi ISP). En la página que muestro a continuación se pude ver que dicho IP pertenece a mi ISP y está ubicado en Cork.



Who is my ISP

Este sitio muestra ISP: https://www.whoismyisp.org/



WAN (Wide Area Network)

A Wide Area Network is a telecommunications network or computer network that extends over a large geographical distance.

Purpose of WANs:

  • WANs connect LANs.
  • WANs connect home users to the Internet.
  • WANs are used to connect remote sites to the enterprise network.
    • Enterprise networks are using security and privacy solutions over the Internet to connect remote sites and users.


Common WAN topologies are:

  • Point-to-Point: Typically a dedicated leasedline connection (such as T1/E1)
    • T1 (1.544 MB/s) and E1 (2.048 MB/s) are examples of synchronous TDM serial connections. (Note: T1 is the standard for the U.S and E1 is the standard for Europe). An E1 contains 32 DS0’s
  • Hub-and-Spoke: A single-homed, point-tomultipoint topology where a single interface on the hub router can be shared with multiple spoke routers through the use of virtual interfaces
  • Full Mesh: Each router has a connection to every other router; requires a large number of virtual interfaces
  • Dual-homed: Provides redundancy for a single-homed, hub-and-spoke topology by providing a second hub to connect to spoke routers


Two way that a business can get WAN access:

  • Private WAN Infrastructure: The business negotiates for dedicated or switched WAN access with a service provider.
  • Public WAN Infrastructure: WAN access is achieved through the Internet using broadband connections.
    • In this case, VPNs (virtual private networks) are used to secure the connections.

Private WAN Infrastructure:

  • Ethernet WAN (Known as Metropolitan Ethernet (MetroE), Ethernet over MPLS (EoMPLS))
  • Multiprotocol Label Switching (MPLS) is a multiprotocol high-performance WAN technology that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table.
MPLS allows most packets to be forwarded at Layer 2 (the switching level) rather than having to be passed up to Layer 3 (the routing level).
With MPLS, the Layer 3 header analysis is done just once (when the packet enters the MPLS domain). Label inspection drives subsequent packet forwarding.
MPLS provides these beneficial applications:
Virtual Private Networking (VPN)
Traffic Engineering (TE)
Quality of Service (QoS)

Public WAN Infrastructures:

  • DSL (Digital Subscriber Line)
    • A DSL modem converts an Ethernet signal from the user device to a DSL signal, which is transmitted to the central office.
  • Cable: Network access is available from some cable television networks.
  • 3G/4G Wireless Abbreviation for 3rd generation and 4th generation cellular access.
  • Public WANs rely on VPNs for securing data between private networks as it crosses a public network, such as the Internet.
    • Two types of VPN:
      • Site-to-site VPNs
      • Remote-access VPNs

Routing

  • When a packet enters a router, how does it know where to send it?
  • The router first read the packet information:
  • TTL: if this field remains greater than 0, the router forwards the packet, otherwise it discards it.
  • Destination IP
  • Then, the router look for its routing tables. The destination network of the IP packet have to be stored in its routing tables so the router can determine where to send it, otherwise it discards it.
  • Based in the information read, the routing protocol
  • What information does the router need to already have to send it?
  • How do routers get this information?
  • How long do they store it?
  • What information does the router modify in the packet?


The main purpose of a router if to route IP packets. The router decides what to do with the packet (discards it or forward it (and in this case where to forward it)) based on:

  • The information stored in the IP packet header, and
  • The Routing table (routing information base) stored in a router.

IP packet

An IP packet consists of a header section and a data section.

The IPv4 packet header consists of 14 fields, of which 13 are required. The 14th field is optional and aptly named: options.

Una buena explicación del IPv4 packet header se encuentra en https://en.wikipedia.org/wiki/IPv4#Header

The fields in an IPv4 packet header are:

  • Version identifies the IP version to which the packet belongs. E.g. IPv4.
  • Header Length describes the length of the IP header in 32-bit words. The minimum length of the IP header is 20 octets.
  • Type of Service is used to specify special handling of the packet. This field can be divided into two subfields:
    • Precedence: Sets a priority for the packet.
    • TOS: Allows the selection of a delivery service in terms of throughput, delay, reliability.
  • Total Length describes the total length of the packet in octets.
  • Identifier is used in conjunction with the Flags and Fragment Offset fields for fragmentation of a packet.
  • Flags field has the first bit as unused. The second bit is the Don't Fragment (DF) bit.The third bit is the More Fragments (MF) bit indicating if the fragment is the last one or not.
  • Fragment Offset specifies the offset, in units of eight octets, from the beginning of the header to the beginning of the fragment.
  • time-to-live (TTL):
http://searchnetworking.techtarget.com/definition/time-to-live
Time-to-live (TTL) is a value in an Internet Protocol (IP) packet that tells a network router whether or not the packet has been in the network too long and should be discarded. In IPv6 the TTL field in each packet has been renamed the hop limit.
An IP TTL is set initially by the system sending the packet. It can be set to any value between 1 and 255; different operating ystems set different defaults. Each router that receives the packet subtracts at least 1 from the count; if the count remains greater than 0, the router forwards the packet, otherwise it discards it and sends an Internet Control Message Protocol.
  • Protocol describes Transport Layer protocol for which the information in the IP packet is destined.
  • Header Checksum is the error detection field for the IP header. The checksum is not calculated for the Data inside IP packet.
  • Source Address is the address of the originator of the packet.
  • Destination Address is the address of the destination of the packet.
  • Options field is an optional field used primarily for testing .
  • Padding is used to ensure that the IP header ends on a 32-bit boundary by adding zeros after the Options field.


From the IP packet header, the router is particularly interested in:

  • TTL:
    • if TTL > 0 :
      • TTL = TTL - 1;
      • The router will try to forward the packet.
    • Else : the packet will be descarted.
  • Destination Address: To determine (using the Routing table) where to forward the packet.

It is also important to note that as a packet travels from one networking device to another:

  • The Source and Destination IP addresses NEVER change.
  • The Source & Destination MAC addresses CHANGE as packet is forwarded from one router to the next.


The Routing table (routing information base)

It's a data table stored in a router that lists the routes (las rutas) to particular network destinations, and in some cases, metrics (distances) associated with those routes.

A routing table is basically a list of IP Addresses of the NETWORKS that this particular router knows. For each Network IP address there are other information that the Router uses to know where to forward a packet that have to reach a particular Network.

A routing table looks like this: https://en.wikipedia.org/wiki/Routing_table#Contents_of_routing_tables

If we take, for example, one of the Networks listed in the routing table shown for the «show ip route» of the IOS CLI:

  • R 192.19.3.0/27 [120/2] via 172.17.0.2, 00:00:26, Serial0/0/0
    • R: RIP - Protocol used to generate this route.
    • C: Directly connected network
    • S: Static - Ruta ingresada manualmente (Static routing)
  • 192.19.3.0/27: Netword Destination address and Netmask
  • via 172.17.0.2: This is the IP Adress of the interface of the Router attached through which the network can be reached.
Gateway or Next hop: it points to the gateway through which the network can be reached.
  • Serial0/0/0 is the interface of the current Router that is attached to the gateway. That is, Serial0/0/0 is connected to 172.17.0.2
  • 120: is the Administrative Distance
Network diagram
Network diagram (zoom)
Routing table (show ip route)
Show ip interface brief

Static routing

Dynamic routing

Many IP routing protocols exist. However, they all have some core features in common:

  • Learn routing information about IP subnets from other neighboring routers (discovery of remote networks).
  • If a router learns of more than one router to reach one subnet, choose the best route based on that routing protocol’s concept of a metric (choose the best path)
  • React to changes when the network topology changes e.g. when a link fails, and converge to use a new choice of best route for each destination subnet.
  • Advertise routing information about IP subnets to other neighboring routers.

Routing Table Structure:

  • A directly connected network is a network that is directly attached to one of the router interfaces.
    • When a router interface is configured with an IP address and subnet mask, the interface becomes a host on that attached network.
    • The network address and subnet mask of the interface, along with the interface type and number, are entered into the routing table as a directly connected network.
    • When a router forwards a packet to a host, such as a web server, that host is on the same network as a router's directly connected network.
  • A remote network is a network that is not directly connected to the router.
    • Remote networks are added to the routing table using either a dynamic routing protocol or by configuring static routes.
  • The network/exit-interface is the address of the local interface or the interface name that is in that network.


Example of routing protocols

  • RIP (Routing Information Protocol)
  • EIGRP (Enhanced Interior Gateway Routing Protocol)
  • OSPF (Open Shortest Path First)

EIGRP is a Cisco proprietary routing protocol, whereas all other routing protocols listed are standard, non-proprietary protocols.

Administrative Distance (AD)

In some cases, internetworks use Multiple Routing Protocols. In such cases, a router learns of multiple routes to a particular subnet using different routing protocols. Which will be used? AD is used to rank routing protocols. AD is an integer from 0 to 255 that rates the trustworthiness of the source of the IP routing information.

Route Source Administrative Distance
Connected routes 0
Static routes 1
OSPF 110
IS-IS 115
RIP (V1 and V2) 120
Unknown/Unbelievable 255



Open Shortest Path First (OSPF)

  • OSPF is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs)
  • OSPF is a widely used IGP in large enterprise networks.


  • Determining the shortest path:
  • The shortest path to a destination is found by accumulating (adding) the calculated costs to the destination network.
  • Once SPF has identified a route, OSPF calculates the metric for a route as follows: The sum of the OSPF interface costs for all outgoing interfaces in the route.
OSPF-Determining the shortest path.png



Ethernet

It's the the dominant Local Area Network (LAN) technology.

In the mid 1980s, the Institute of Electrical and Electronic Engineers (IEEE) published a formal standard for Ethernet, defined as the: IEEE 802.3 Standard.

Ethernet is not one networking technology, but a family of networking technologies that includes:

  • Legacy, Fast Ethernet and
  • Gigabit Ethernet

Over the years Ethernet has evolved and many different variations exist, many of these carried over different physical cables. This means that there are a number of different IEEE802.3 standards.

Ethernet standard spans the Physical and Data Link Layers: Referred to as a Layer Two Protocol

  • The Media Access Control Layer is responsible for deciding when a host should transmit.
  • The Logical Link Control Layer is responsible for setting up and controlling the link.
Ethernet layers.png


Ethernet Standards: Some startards are:

  • 802.3u (Fast Ethernet)
  • 802.3z (1000BASE-X Gbit/s Ethernet over Fiber-Optic at 1 Gbit/s)

Major categories of Ethernet have also been organized by their speed:

  • Ethernet (10Mbps)
  • Fast Ethernet (100Mbps)
  • Gigabit Ethernet
  • 10 Gigabit Ethernet

Ethernet II Frame (also known as DIX):

  • Maximum frame size possible = 1518 bytes
  • Minimum valid frame size = 64 bytes
Ethernet II frame.png


Ethernet Types:

Type Value
IPv4 0800
IPv6 86DD
VLAN 8100
ARP 0806



Wireless networks

Wireless Technologies:

  • PAN/WPAN (Personal Area Network (PAN)/wireless personal area network (WPAN)
    • Bluetooth, IEEE 802.15.4
  • LAN (Local Area Network)
    • IEEE 802.11
  • MAN (Metropolitan Area Network)
    • IEEE 802.11, IEEE 802.16, IEEE 802.20
  • WAN (Wide Area Network)
    • GSM, CDMA, Satelite, 3G, LTE

Note que algunos de estos términos (notablemente LAN y WAN) son empleados no sólo en Wireless technologies. Podemos, por supuesto, hablar de Wired LAN or Wired WAN.

What wireless channel and frequency is a Network on

Using the software LinSSID, we performed a scan of the wireless networks in my house. In Figures are shown the results for 2.5GHz Channels. We can see our home network (iptime) is on channel 6 and its frequency is 2.437GHz:

XXXXXXXXXXXXXXXXXXX

What version of IP address do clients on the network receive fromt he ISP

  • Where did you receive this IP address from?

In order to know what version of IP address receive clients on the network, we need to know the public IP address, which is the IP address provided for the ISP. The public IP address can be displays with a simple Google search.That is, entering “My IP address on our web search engine. There are many Web sites that are able to provide the public IP. In Fig. 3.4 is shown the result obtained in my case.The Linux command«curl»provide another way of knowing the public IP address:

curl  ipinfo.io/ip

The results show that clients on the network receive IPv4 from the ISP.


Wireless LANs (WLANs)

A WLAN is a Wireless Local Area Network, which is the linking of two or more computers without using wires. Instead, radio waves and IEEE 802.11 are used to communicate.

WLANs use infrared light (IR) or radio frequencies (RFs). The use of RF is far more popular for its longer range, higher bandwidth, and wider coverage.

Wireless LAN have to operate in the ISM (Industrial Scientific Medical) band.

Wireless LANs Primarily operate in the 2.4Ghz (2.401 - 2.483) & 5Ghz (5.470 - 5.725) frequency ranges. Basically a Higher frequency result in a greater speed but in a shorter range. That means 5Ghz waves cannot travel such great distances as 2.4Ghz waves but can carry more data. Also, the 5Ghz frequency is shared with less other unlicenced equipment.

Because the wireless transmission medium is shared, it is not possible to transmit in the exact same frequency without collisions (interference). The solution is to devide the ISM band into channels and map each WLAN/SSID on a single channel.

The 2.4 GHz range is devided into 11 channels. Each channel of 22MHz bandwidth (because we need 22MHz to transmit 54 Mbps in 802.11g) y una separación de 5MHz entre cada channel.

The most common arrangement is to use only channels 1, 6, and 11, which do not overlap with each other at all.

The 5-GHz (U-NII) band is much more flexible in this regard because it has many more non-overlapping channels available. In fact, all channels are spaced such that they will not overlap each other. Each U-NII channel is 20 MHz wide. With all four U-NII bands set aside for wireless LANs, a total of 23 non-overlapping channels are available.

Wireless technologies

  • PAN/WPAN (Personal Area Network (PAN)/ Wireless Personal Area Network (WPAN)
    • Bluetooth, IEEE 802.15.4
  • LAN (Local Area Network)
    • IEEE 802.11

WLAN Components

  • Wireless Client Receiver:
It is needed to connect a computing device (e.g. desktop, laptop, PDA…) to the wired networked via an access point. It includes Onboard Cards (most laptops) PCMCIA, PCI card or USB adaptor
  • Access points (APs):
They are needed only in the Infrastructure Mode of WLANs. They provide the wireless client with a point of access into a network. They are like Ethernet switches in a wired network and operate in half-duplex mode (e.g. They either receive or transmit at any given time).
  • Wireless repeater:
A wireless repeater (also called wireless range extender) takes an existing signal from a wireless router or wireless access point and rebroadcasts it to create a second network. When two or more hosts have to be connected with one another over the IEEE 802.11 protocol and the distance is too long for a direct connection to be established, a wireless repeater is used to bridge the gap. The throughput for client devices will be low because each repeater must receive and re-transmit each packet.
  • Wireless bridge:
A wireless bridge is a device used for connecting two or more network separated physically, operating on the 802.11 standard.

The WLAN supports four Network Topologies

  • Peer-to-peer (Ad hoc) Topology:
    An ad hoc network is a type of temporary computer-to-computer connection. In ad hoc mode, you can set up a wireless connection directly to another computer without having to connect to a Wi-Fi access point or router.
  • Hybrid Topology:
  • Infrastructure Topology: All devices are connected to an access point.
  • Point-to-point Topology: When we have two different networks connected by a Wirelless bridge.

802.11 standards

802.11 is the generic name of a family of standards for wireless networking. The numbering system for 802.11 comes from the IEEE (a nonprofit professional organization), who uses “802” for many networking standards like Ethernet (802.3).

The 802 committee supports in this model the LLC (logical link control), the MAC (media access control) and PHY (physical layers).

Popular 802.11 standards include 802.11a, 802.11b, 802.1g, 802.11n, 802.11ac (Newest)

Some EEE 802.11 standards are:

Standard Release Date Frequency band Max speed (Data Rate) Max range Comments
802.11 1997 2.4 GHz 2 Mbps Undefined Legacy
802.11a 1999 5 GHz 54 Mbps 50m Not compatible with b, g / Expensive / Modulation: OFDM
802.11b 1999 2.4 GHz 11 Mbps 100m First 2.4 GHz Technology / Modulation: DSSS
802.11g 2003 2.4 GHz 54 Mbps 100m Backward compatible with b / Shares range with b / Modulation: OFDM, DSSS
802.11n 2011 2.4 or 5 GHz 600 Mbps 300m Modulation: OFDM
802.11ac 2014 5 GHz 1.3 Gbps 300m Newest Standard

Wireless Security

Why secure the WLAN?

  • Firstly, if someone manages to hack into your WLAN, they are stealing your bandwidth.
  • Worse, anyone on your WLAN will be using the same Internet protocol (IP) address as you. To others on the Internet they appear to be you.

What security can you get now?

  • The first being to change the default settings of your Access point:
  • You can configure the AP so that it doesn't broadcast (para que no muestre) the ESSID.
The Extended Service Set Identification (ESSID) is one of two types of Service Set Identification (SSID).
An SSID is a 32-character (maximum) alphanumeric key identifying the name of the wireless local area network. Some vendors refer to the SSID as the network name. For the wireless devices in a network to communicate with each other, all devices must be configured with the same SSID.
In an infrastructure wireless network that includes an access point, the ESSID is used, but may still be referred to as SSID.
In an Ad hoc wireless network with no access points, the Basic Service Set Identification (BSSID) is used.
  • MAC address filters:
There's a second layer of security you can adopt, the MAC (Media Access Control) address filter. A MAC address is a unique identity burned into every network adapter during manufacture, with no way of changing it. Using this filter, the AP maintains a list of MAC addresses and only permits those on the list to connect.
  • Encryption:
Even if hackers can't get past your AP, they may still be able to access data that's traversing your WLAN.
The way to protect data in transit is encryption, the original WLAN encryption standard was WEP (Wired Equivalence Privacy).
WEP works by encrypting traffic -scrambling it- as it leaves the AP or client PC and decrypting it on arrival.
WEP has been replaced by WPA (Wifi Protected Access).
  • Disable remote access to the router administration GUI:
Make sure you only configure the AP over a wired connection.
To remotely log into your router's administrative console you just have to open a browser window and typing the router IP address.
Your router is likely to have what is known as a non-routable internal IP address such as 192.168.1.1 or 10.0.0.1 as it's address
Below are some of the standard admin interface addresses used by some of the more common wireless router manufacturers:
Linksys - 192.168.1.1 or 192.168.0.1
DLink - 192.168.0.1 or 10.0.0.1
Apple - 10.0.1.1
ASUS - 192.168.1.1
Buffalo - 192.168.11.1
Netgear - 192.168.0.1 or 192.168.0.227
  • Choose a strong password for the router administration GUI:
Routers usually come with an obvious default password (admin in many cases). Therefore, it is important to change it and choses a secure password to try to prevent someone from entering to the router administration GUI and change your network configurations.
  • Choose a strong password for the wireless network
  • Authentication
The final layer of protection is individual authentication.
The standard method of WLAN authentication uses the 802.1X protocol.
If the protocol is enabled, unauthenticated users cannot get past the AP to access the rest of the network.
  • Install a good firewall device to your router

Service set

https://en.wikipedia.org/wiki/Service_set_(802.11_network)

In IEEE 802.11 wireless local area networking standards, a service set is a group of wireless network devices that are operating with the same networking parameters.

Service sets are arranged hierarchically,: Basic Service Sets (BSS) are units of devices operating with the same medium access characteristics (i.e. radio frequency, modulation scheme etc), while Extended Service Sets (ESS) are logical units of one or more basic service sets on the same logical network segment (i.e. IP subnet, VLAN etc). There are two classes of basic service sets: those that are formed by infrastructure mode redistribution points (access points or mesh nodes), and those that are formed by independent stations in a peer-to-peer ad hoc topology. Basic service sets are identified by BSSIDs, which are 48-bit labels that conform to MAC-48 conventions. Logical networks (including extended service sets) are identified by SSIDs, which serve as "network names" and are typically natural language labels.

Wireless mobile networks

Para ver las características de las tarjetas de red (network card)

http://www.linuxnix.com/find-network-cardwiredwireless-details-in-linuxunix/

Tales como: Name of network cards, Network card link status, Network card speeds, Network card MAC address, Network card IP address, Network card driver details, Network card manufacture details, Network card duplex/half duplex details, Network card auto-negotiation details, Complete network card capabilities details, Complete network card hardware details

sudo lshw -c network

DHCP

Media:DHCP-Lecture_Greg2018.pdf

DNS

Media:Introduction_to_DNS-Lecture_Greg2018 .pdf

Media:DNS-Lecture_Greg2018.pdf

Observing DNS Resolution: Media:Lab-Observing_DNS_Resolution.pdf

  • Part 1: Observe the DNS Conversion of a URL to an IP Address
  • Part 2: Observe DNS Lookup Using the nslookup Command on a Web Site
  • Part 3: Observe DNS Lookup Using the nslookup Command on Mail Servers
DNS

Using Wireshark to observe traffic

Media:4-2-Using Wireshark to observe the DHCP process.pdf

Media:7-3-Using_Wireshark_to_Examine_a_UDP_DNS_Capture.pdf



Campus LAN and Wireless LAN Design Guide - Cisco

File:Campus-LAN-WLAN-Design-Cisco.pdf



Campus Wired LAN Design Fundamentals

The LAN is the networking infrastructure that provides access to network communication services and resources for end users and devices spread over a single floor or building. You create a campus network by interconnecting a group of LANs that are spread over a small geographic area. Campus network design concepts are inclusive small networks that use a single LAN switch, up to very large networks with thousands of connections.


The campus wired LAN enables communications between devices in a building or group of buildings, as well as interconnection to the WAN and Internet edge at the network core.



Hierarchical design model

The campus wired LAN uses a hierarchical design model to break the design up into modular groups or layers. Breaking the design up into layers allows each layer to implement specific functions, which simplifies the network design and therefore the deployment and management of the network


Modularity in network design allows you to create design elements that can be replicated throughout the network. Replication provides an easy way to scale the network as well as a consistent deployment method.


In flat or meshed network architectures, changes tend to affect a large number of systems. Hierarchical de-sign helps constrain operational changes to a subset of the network, which makes it easy to manage as well as improve resiliency. Modular structuring of the network into small, easy-to-understand elements also facilitates resiliency via improved fault isolation.


A hierarchical LAN design includes the following three layers:

  • Access layer: Provides endpoints and users direct access to the network
  • Distribution layer: Aggregates access layers and provides connectivity to services
  • Core layer: Provides connectivity between distribution layers for large LAN environments
LAN hierarchical design


Depending on the characteristics of the deployment site, you might need one, two, or all three of the layers. For example:

  • A site that occupies a single building might only require the access and distribution layers,
  • While a campus of multiple buildings will most likely require all three layers.


Regardless of how many layers are implemented at a location, the modularity of this design ensures that each layer will provide the same services, and in this architecture, will use the same design methods:

LAN hierarchical design-Scalability by using a modular design



Access layer

The access layer is where user-controlled devices, user-accessible devices, and other end-point devices are connected to the network. The access layer provides both wired and wireless connectivity and contains features and services that ensure security and resiliency for the entire network.

LAN hierarchical design-Access layer


  • Device connectivity: ...
  • Resiliency and security services: ...
  • Advanced technology capabilities: ...



Distribution layer

The distribution layer supports many important services. In a network where connectivity needs to traverse the LAN end-to-end, whether between different access layer devices or from an access layer device to the WAN, the distribution layer facilitates this connectivity.


  • Scalability: At any site with more than two or three access-layer devices, it is impractical to interconnect all access switches. The distribution layer serves as an aggregation point for multiple access-layer switches.
The distribution layer can lower operating costs by making the network more efficient, by requiring less memory, by creating fault domains that compartmentalize failures or network changes, and by processing resources for devices elsewhere in the network. The distribution layer also increases network availability by containing failures to smaller domains.


  • Reduce complexity and increase resiliency: The campus wired LAN has the option to use a simplified distribution layer, in which a distribution-layer node consists of a single logical entity that can be implemented using a pair of physically separate switches operating as one device or using a physical stack of switches operating as one device. Resiliency is provided by physically redundant components like power supplies, supervisors, and modules, as well as stateful switchover to redundant logical control planes.


This approach reduces complexity of configuring and operating the distribution layer because fewer proto-cols are required. Little or no tuning is needed to provide near-second or sub-second convergence around failures or disruptions.



Two-Tier Design

In an Two-Tier Design, the distribution layer provides connectivity to network-based services, to the WAN, and to the Internet edge. Network-based services can include and are not limited to Wide Area Application Services (WAAS) and WLAN controllers. Depending on the size of the LAN, these services and the interconnection to the WAN and Internet edge may reside on a distribution layer switch that also aggregates the LAN access-layer connectivity. This is also referred to as a collapsed core design because the distribution serves as the Layer 3 aggregation layer for all devices.

Two-tier design Distribution layer functioning as a collapsed core



Three-Tier Design

Larger LAN designs require a dedicated distribution layer for network-based services versus sharing connectivity with access layer devices. As the density of WAN routers, WAAS controllers, Internet edge devices, and WLAN controllers grows, the ability to connect to a single distribution layer switch becomes hard to manage. There are a number of factors that drive LAN design with multiple distribution layer modules:

  • The number of ports and port bandwidth that the distribution layer platform can provide affects network performance and throughput.

Network resilience is a factor when all LAN and network-based services rely on a single platform, regardless of that platform's design, it can present a single point of failure or an unacceptably large failure domain.

  • Change control and frequency affects resilience. When all LAN, WAN, and other network services are consolidated on a single distribution layer, operational or configuration errors can affect all network operation.
  • Geographic dispersion of the LAN access switches across many buildings in a larger campus facility would require more fiber optic interconnects back to a single collapsed core.

Like the access layer, the distribution layer also provides quality of service (QoS) for application flows to guarantee critical applications and multimedia applications perform as designed.

Three-tier design with a network-services distribution layer



Core layer

In a large LAN environment, there often arises a need to have multiple distribution layer switches.


  • One reason for this is that when access layer switches are located in multiple geographically dispersed buildings, you can save potentially costly fiber-optic runs between buildings by locating a distribution layer switch in each of those buildings.


  • As networks grow beyond three distribution layers in a single location, organizations should use a core layer to optimize the design.


  • Another reason to use multiple distribution layer switches is when the number of access layer switches connecting to a single distribution layer exceeds the performance goals of the network designer. In a modular and scalable design, you can collocate distribution layers for data center, WAN connectivity, or Internet edge services.


  • In environments where multiple distribution layer switches exist in close proximity and where fiber optics provide the ability for high-bandwidth interconnect, a core layer reduces the network complexity, from N * (N-1) to N links for N distributions, as shown in the following two figures.


  • The core layer of the LAN is a critical part of the scalable network, and yet it is one of the simplest by design. The distribution layer provides the fault and control domains, and the core represents the 24x7x365 nonstop connectivity between them, which organizations must have in the modern business environment where connectivity to resources to conduct business is critical. Connectivity to and from the core is Layer 3-only, which drives increased resiliency and stability.


LAN topology without a core layer
LAN topology with a core layer



Campus wired network design options

When you scale from a single switch in a campus LAN up to a full three-tier campus network, the reliability of the network is increasingly important, because network downtime likely affects a greater user population with a larger workplace and economic significance. To mitigate the concerns about unavailability of network resources, campus designs include additional resiliency options, such as redundant links, switches, and switch components. In traditional multilayer campus designs, the added resiliency comes at a cost of configuration complexity, with most of the complexity introduced from the interaction of the access and aggregation layers of the campus LAN.


The primary function of the distribution layer is to aggregate access layer switches in a given building or cam-pus. The distribution layer provides a boundary between the Layer 2 domain of the access layer and the Layer 3 domain that provides a path to the rest of the network. This boundary provides two key functions for the LAN. On the Layer 2 side, the distribution layer creates a boundary for spanning tree protocol (STP), limiting propaga-tion of Layer 2 faults. On the Layer 3 side, the distribution layer provides a logical point to summarize IP routing information when it enters the network. The summarization reduces IP route tables for easier troubleshooting and reduces protocol overhead for faster recovery from failures.



Traditional Multilayer Campus Distribution Layer Design

Traditional LAN designs use a multi-tier approach with Layer 2 from the access layer to the distribution layer, where the Layer 3 boundary exists. The connectivity from the access layer to the distribution layer can result in either a loop-free or looped design.

In the traditional network design, the distribution layer has two standalone switches for resiliency. It is recommended that you restrict a Layer 2 virtual LAN (VLAN) to a single wiring closet or access uplink pair in order to reduce or eliminate topology loops that STP must block and that are a common point of failure in LANs. Restricting a VLAN to a single switch provides a loop-free design, but it does limit network flexibility.


To create a resilient IP gateway for VLANs in the traditional design, you must use first-hop redundancy protocols, which provide hosts with a consistent MAC address and gateway IP for a VLAN. Hot standby routing protocol (HSRP) and virtual router redundancy protocol (VRRP) are the most common gateway redundancy protocols, but they only allow hosts to send data out one of the access uplinks to the distribution layer and require additional configuration for each aggregation switch in order to allow you to distribute VLANs across uplinks. Gateway load-balancing protocol (GLBP) does provide greater uplink utilization for traffic exiting the access layer by balancing load from hosts across multiple uplinks, but you can only use it in a non-looped topology.


All of these redundancy protocols require that you fine-tune the default timer settings in order to allow for sub-second network convergence, which can impact switch CPU resources.


Some organizations require the same Layer 2 VLAN be extended to multiple access layer closets to accom-modate an application or service. The looped design causes spanning tree to block links, which reduces the bandwidth from the rest of the network and can cause slower network convergence. The inefficiencies and the increased potential for misconfiguration drive network engineers to look for more appealing alternatives.

Traditional loop-free design with a VLAN per access switch
Traditional looped design with VLANs spanning access switches



Routed Access Layer to Distribution Design

In another approach to access and distribution layer design, you can use Layer 3 all the way to the access layer. The benefits of this design are that you eliminate spanning tree loops and reduce protocols because the IP gateway is now the access switch. Because there are no spanning-tree blocking links, you can use both uplinks to the access layer and increase effective bandwidth available to the users.


The challenge with the routed access layer design is that the Layer 2 domains are confined to a single access closet, which limits flexibility for applications that require Layer 2 connectivity that extends across multiple access closets.



Campus Fabric Design

You can overcome the Layer 2 limitations of the routed access layer design by adding campus fabric capability to the Layer 3 access network. The campus fabric design enables the use of virtual networks (overlay networks) running on a physical network (underlay network) in order to create alternative topologies to connect devices. In addition to network virtualization, campus fabric allows for software-defined segmentation and policy enforce-ment based on user identity and group membership, integrated with Cisco TrustSec technology. For additional information, visit cisco.com and search for Campus Fabric



Simplified Distribution Layer Design

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Oct2015/CVD-Campus_LAN_L2_Access_Simplified_Dist_Deployment-Oct2015.pdf


An alternative that can handle Layer 2 access requirements and avoid the complexity of the traditional multi-layer campus is called a simplified distribution layer design. The design uses multiple physical switches that act as a single logical switch, such as switch stack or a VSS, or the less preferred single, highly-redundant physi-cal switch. One advantage of this design is that spanning tree dependence is minimized, and all uplinks from the access layer to the distribution are active and passing traffic. Even in the distributed VLAN design, you eliminate spanning tree blocked links because of looped topologies. You reduce dependence on spanning tree by using EtherChannel to the access layer with dual-homed uplinks. This is a key characteristic of this design, and you can load-balance up to eight links if needed for additional bandwidth. At the same time, multiple links in an Ether-Channel have better performance characteristics versus single independent links.


EtherChannel is a logical interface that can use a control plane protocol to manage the physical members of the bundle. It is better to run a channel protocol instead of using forced-on mode because a channel protocol per-forms consistency checks for interfaces programmed to be in the channel and provides protection to the system from inconsistent configurations. Cisco Catalyst switches provide both port aggregation protocol (PAgP), which is a widely deployed Cisco designed protocol, and link aggregation protocol (LACP), which is based on IEEE 802.3ad.


There are several other advantages to the simplified distribution layer design. You no longer need IP gateway redundancy protocols such as HSRP, VRRP, and GLBP, because the default IP gateway is now on a single logical interface and resiliency is provided by the distribution layer switch or switches. Also, the network will converge faster now that it is not depending on spanning tree to unblock links when a failure occurs, because EtherChannel provides fast sub-second failover between links in an uplink bundle.


The topology of the network from the distribution layer to the access layer is logically a hub-and-spoke topology, which reduces complexity of design and troubleshooting. The hub-and-spoke topology design provides a more efficient operation for IP Multicast in the distribution layer because there is now a single logical designated router to forward IP Multicast packets to a given VLAN in the access layer.


Finally, by using the single logical distribution layer design, there are fewer boxes to manage, which reduces the amount of time spent on ongoing provisioning and maintenance.


Simplified distribution design with a VLAN per access switch
Simplified distribution design with VLANs spanning access switches



Network Simulation using PacketTracer