88
CISCOCCNANETWORKINGFORBEGINNERS
ByAdamVardy
Introduction
Iwanttothankyouandcongratulateyoufordownloadingthebook,“CiscoCCNA
NetworkingforBeginners”.
Readingthisbookisonlythestartofanamazingjourneytotheworldofcomputer
networkingasyougearupyourselftopasstheCiscoCCNARouting&Switching
200-120 Exam. This exam is a composite exam and it is a requirement in
becomingaCertifiedCiscoNetworkAssociate.
ThisbookcontainsthemostimportanttopicsthatfrequentlyappearintheCCNA
Exam.Theworldofcomputernetworkingismorecomplicatedthantheconcepts
andprinciplescontainedwithin thisbook.Manyof themarenotcoveredby the
CCNAExam,butstillyouneedtolearnandmasterthemifyouwanttobecomea
reliablenetworkadministrator.Considerthisbookasyourstudyguidethatcould
help you understand the major concepts, primarily when it comes to Cisco
Routing&Switching.Fordetailedexamplesandmorestrategies,youmustalways
refertoCiscoofficialreferences.
Thanksagainfordownloadingthisbook.Ihopeyouenjoyit!
TableOfContents
Introduction
TableOfContents
Chapter1–NetworksandtheirBuildingBlocks
Chapter2–IPAddressingandSubnets
Chapter3–CiscoSwitches,Routers,andIOS
Chapter4–UnderstandingIPRouting
Chapter5–NetworkSecurity
Chapter6–WideAreaNetworks
Conclusion
Copyright2015byAdamVardy-Allrightsreserved.
This document is geared towards providing exact and reliable information in
regardstothetopicandissuecovered.Thepublicationissoldwiththeideathat
the publisher is not required to render accounting, officially permitted, or
otherwise, qualified services. If advice is necessary, legal or professional, a
practicedindividualintheprofessionshouldbeordered.
-FromaDeclarationofPrincipleswhichwasacceptedandapprovedequallybya
Committeeof theAmericanBarAssociationandaCommitteeofPublishersand
Associations.
Innowayisitlegaltoreproduce,duplicate,ortransmitanypartofthisdocument
in either electronicmeansor inprinted format.Recordingof thispublication is
strictly prohibited and any storage of this document is not allowed unless with
writtenpermissionfromthepublisher.Allrightsreserved.
The information provided herein is stated to be truthful and consistent, in that
any liability, in termsof inattentionor otherwise, by anyusageor abuse of any
policies, processes, or directions contained within is the solitary and utter
responsibility of the recipient reader. Under no circumstances will any legal
responsibilityorblamebeheldagainstthepublisherforanyreparation,damages,
ormonetarylossduetotheinformationherein,eitherdirectlyorindirectly.
Respectiveauthorsownallcopyrightsnotheldbythepublisher.
The information herein is offered for informational purposes solely, and is
universal as so. The presentation of the information is without contract or any
typeofguaranteeassurance.
Thetrademarksthatareusedarewithoutanyconsent,andthepublicationofthe
trademark is without permission or backing by the trademark owner. All
trademarksandbrandswithinthisbookareforclarifyingpurposesonlyandare
theownedbytheownersthemselves,notaffiliatedwiththisdocument.
Chapter1–NetworksandtheirBuildingBlocks
Thischapterwillhelpyouunderstandthefundamentalconceptsofnetwork:the
differenttypesofnetworksandthedevicesusedinnetworks.Then,youwilllearn
more about the TCP/IPmodel and the OSI referencemodel. Thesemodels are
crucial to understand not only to pass the CCNA exam, but also to establish
underlying concepts that could help your career as a network specialist. In
addition,youwillalsolearnaboutEthernetTechnologies,NetworkApplications,
andCiscoThreeLayerModel,whichwasdesignedbyCiscotohelpprofessionals
indesigning,implementing,andtroubleshootingnetworks.
IntroductiontoNetworks
A network is a group of interconnected devices such as printers, computers,
servers,etc.Tounderstandwhynetworksarecrucial,youneedtolookbacktothe
time when networks were non-existent. Consider a large company that
manufacturesandsellsReady-to-Wearclothes.
Let’scall thecompanyRTWInc.Just imaginethevolumeofdataneededbythe
corporate executives to make crucial decisions such as sales, orders, and
inventory. Localbranchofficeshadtosendcollecteddatathroughsnailmail.It
would take three to fivedays for themainoffice to receive thedata. Itwill also
require people to collect, consolidate, and summarize the data,which increases
thechancesofhumanerroroccurring.Thisisjustone-waydatatransfer.Thelocal
branchofficesalsoneedinformationthatiscrucialfortheiroperations.
IfRWTInc.existsinthepresenttime,alltheirofficeswillbeinterconnected.They
will only use one software program,whichwill store all the data in one central
location.Withonlyafewclicksandwithinseconds,theexecutivescanhaveaccess
to real-time data. Because the data is stored in a central hub, any authorized
personnel can see the data from any location. It is significantly cheaper to
maintain a network because organizations can save time,money, and effort. It
directlyincreasesproductivity.
Networksalsohelpinmaximizingresourcesthroughsharing.Abasicexampleof
thisisprintersharinginanoffice.Withoutestablishednetworks,everycomputer
will require their own printer. With a network, the printer could be shared
betweendifferentcomputers.
Now,let’stakealookathownetworkswork.Themostbasicformofanetworkis
shown in Figure 1.1. It shows two hosts (devices such as computers) that are
directlyconnectedtoeachotherthroughanetworkcable.Mostend-userdevices
todayareaddedwithNetworkInterfaceCard(NIC)fornetworkconnection.
HostAisconnectedtotheNICofHostB,whichisconnectedtothenetwork.In
thisform,thecableisdirectlyconnectedtoanotherhost.Becausebothhostsare
networked,theycanshareinformation.Thisformiseffective,butnotscalable.If
you add another host in this network, it requires another NIC card for every
connection,so it isnotapracticalsolution.For threeormorehosts,youneeda
devicecalledhub.Figure1.2showsahubthatconnectsthreehosts.
Ahubcanrepeatdatareceivedfromahosttootherconnections.InFigure1.2,the
hub can repeat any data received from the three hosts, so they are able to
communicatewitheachother.Thereare three typesof communicationbetween
hosts: unicast (onehost toanotherhost),broadcast (onehost toallhosts),and
multicast(onehosttoselectedhosts).
Ifyouuseahubtonetworkhosts,itcouldresulttotwotypesofproblems:
1.Ahubestablishesasharednetworkwhereonlyonehostcansenddataone
atatime.Ifanotherhosttriestosenddatapacketsatthesametime,itcould
lead to collision. Each host will then resend the data, hoping that the
collision will not happen again. Data collision often results to inefficient
network.
2.Ahubrelaysdatareceived fromonehost tootherhosts.Forexample in
Figure 1.2, Host A will send a unicast message to Host B. Once the hub
receives this information, itwill share themessage toHostB andHost C.
AlthoughthemessagewasaunicastisintendedonlyforHostB,HostCwill
alsoreceivethedata.
Theproblemsarisingfromhubsmaycausecriticaldegradationtothenetwork.In
ordertoresolvetheseproblems,switchesareoftenusedasanalternativetohubs.
Similar to hubs, switches are used to network hosts but they prevent collision
throughaseparatecollisiondomainforeachport.Asthenamesuggests,switches
switchthedatafromoneporttoanother.Butunlikehubs,theydon’t floodeach
packet from every port. They switch a unicast packet to the port where the
intendedhostislocated.Switchesonlyfloodoutbroadcastpacket.Figure1.3isan
exampleofaswitchednetwork.
Takenote that a switch floodsout abroadcastpacket andnot aunicastpacket.
Every host that is connected to a switched network is virtually located in one
broadcastdomain.Hence, all thehostsnetworked to itwill receive themessage
from this domain. Even though broadcasts are crucial for efficient network
operations,highvolumeofbroadcasts ina large switchednetworkcould slow it
down.Toresolvethisissue,youcanbreakdownthenetworksinsmallersizes,and
connecttheseparatenetworksthroughrouters.Theydon’tallowbroadcaststobe
relayedacrossseparatenetworksbutitstillconnectsthemallowingmoreefficient
domain.Figure1.4showsarouterthatinterconnectsthreeswitchednetworks.
In the figure
shown above,
Switch 2 and
Switch3willnot
receive any
broadcastfromSwitch1becausetherouterwillinterferewiththebroadcast.
Asidefromprovidingpartitionsbetweenbroadcastdomains,routersalsohavethe
followingimportantfunctions:
1.NetworkCommunication–AsdemonstratedinFigure1.4,routerscan
allowsharingofinformationbetweenconnectednetworks.
2.PacketSwitching –Basically, a routerworks like a switch, because it
canswitchpacketsbetweennetworks.
3. Packet Filtering – A router can forward or drop packets based on
particularfactorssuchastheoriginanddestinationofthepacket.
4.PathSelection–Aroutercancommunicatewithotherrouterstolearn
essentialinformationaboutthenetworksconnectedtodifferentroutersand
thenchoosethebestpathtorelaymessagetoanetwork.
Always remember that routers break down broadcast domains, while switches
breakcollisiondomains.Besuretorememberthemainfunctionsoftherouteras
itoftenappearsintheCCNAexam.
TypesofNetworks
Networksarecategorizedintodifferenttypesaccordingtotheirexpanse,purpose,
securityandotherfactors.Itwillhelpyourcareerifyoucouldlearnthemall,but
asregardswiththescopeoftheCCNAexam,youonlyneedtolearntwoimportant
typesofnetwork.Asamatteroffact,asignificantpartoftheCCNAexamtackles
aboutthesenetworktypes:
1.LocalAreaNetworkorLAN
This network covers the restricted geographical perimeters such as a
building,afloor,oranoffice.Thistypeofnetworkoftenhasahighratefor
data transfer, and the most commonly used technology is the Ethernet
standard.Recently,wireless technology is becoming a common technology
forlocalLAN.
2.WideAreaNetworkorWAN
This network covers awide geographical location such as a cities, awhole
country, a whole continent, or even the whole world. WANs connect the
LANs around the area they cover. Different technology standards will be
discussedlaterinthisbook.
ModelsofInternetworking
Ascomputersbecomemoreessentialinourdailylives,companiesrecognizedthe
needtoconnectthemefficientlyandeffectively.Theydesigneddifferentprotocols
with hidden specifications. Therefore, every company had various methods of
connectingcomputerandthesemethodswerenotcompatiblewithoneanother.In
the past, the computers of one company cannot be networked with computers
producedbyanothercompany.
Gradually, the network specifications were publicized and some inter-company
compatibility was established. However, there were still some flaws. The
InternationalOrganization for Standardization (ISO) started towork in 1977 to
comeupwithapublicstandardnetworkingmodelsthatallcomputerscoulduse.
In 1984, the Open Systems Interconnection (OSI) was made public.
Simultaneously, the Defense Advanced Research Projects Agency (DAPRA) was
alsoworkingona standardnetworkmodel,which isnowknownas theTCP/IP
Model.ThismodelbecamemorepopularcomparedtotheOSImodel.
OSIReferenceModel
Aside from promoting communication between devices from different vendors,
theOSIReferencemodelalsoallowscommunicationbetweenseparatehostssuch
asdevicesusingdifferentoperatingsystems(OSX,Windows,orLinux).Takenote
thatasystemwhichstillusesOSIprotocols isprettyraresoyouprobablyaren’t
goingtoworkonone.However,itisstillcrucialtolearnthismodelandtheterm
usedbecausethisisoftencomparedtoothermodelsespeciallytheTCP/IPmodel.
Therefore,wewillonlydiscussthismodelfromageneralperspective.
Similartoothernetworkmodels,theOSIreferencemodelpartitionstheprotocols,
functions,anddevicesofanetworkintodifferent layers.Thisapproachprovides
severalbenefits,suchas:
Communicationisbrokendownintosimplercompositions,whichmakesplanning,creating,andtroubleshootingaloteasier
Alterationsinonelayerwillnotaffectotherlayers,sothedevelopmentinonelayerwillnotbesubjecttotherestrictionsofotherlayers
Itpermitsdifferenttypesofsoftwareandhardwaretoeasilycommunicatewitheachother
Simplemechanismtostandardizefunctionsbecausetheyaredividedintosmallerparts
Becauseofitslayeredstructure,thevendorscanwritetoacommonoutputandinputspecificationforeachlayer
TheSevenLayersofOSIReferenceModels
Figure1.5showsthesevenlayers
oftheOSIReferenceModelanda
summarized version of their
primaryfunctions.
ItiscrucialtotakenoteofthenamesoftheOSIlayersincludingtheirfunctions.
Onegoodway toremember themis touse thismnemonic:AllPeopleSeemTo
NeedDataProcessing.ThismightappearinyourCCNAexam.
TCP/IPModel
Similar to the OSI reference model, the TCP/IP model also follows a layered
structure, but already a shortened version with its four layers: application,
transport, internet,andnetworkaccess.Thefunctionsoftheselayersaresimilar
tothefunctionsofthesevenlayerscomposingtheOSImodel.Belowisadetailed
discussionofthefourlayersoftheTCP/IPmodel,includingtheirprotocols.
Application Layer is composed of different protocols, which perform all the
functionsof three layers in theOSIReferenceModel:Application,Presentation,
andSession. It also includes the interactionwith the application,data encoding
and translation, coordination of communication and control of dialogue
throughoutthesystems.
ExamplesofApplicationlayerprotocolsusedtodayareTelnet,HTTP,FTP,SMTP,
TFTP,DNS,andDHCP.
TransportLayer
Allapplicationlayerprotocolstakeuserdataandintegrateaheaderandrelayitto
theTransport layer thatwillbesentacross thenetwork.TheTransportLayerof
theTCP/IPmodelissimilartotheTransportLayeroftheOSIModel.Itcoversthe
end-to-endtransportationofdataandestablishesanefficientconnectionbetween
thehosts.
There are two available protocols in the Transport Layer: the User Datagram
Protocol (UDP) and the Transmission Control Protocol (TCO). Basically, UDP
relaysthedatawithoutthefrills,whiletheTCPisaconnection-orientedprotocol
that utilizes the windowing approach to regulate the flow and provide more
organized delivery of segmented data. Even though these two protocols have
numerousdifferences,theyperformsimilarfunctionofrelayingdatathroughthe
useofportnumbers.
Mostapplicationlayerprotocolsareassignedwithportnumbersfrom1to1024.
Applications that are using these protocols “listen” to these numbers.UDP and
TCOonthedestinationhostknowwhichapplicationtosendthedatainreference
withtheportnumbersassigned.Table1.1showsthemostcommonportnumbers.
Application
Protocol
Transport
Protocol
PortNumber
DNS TCP,UDP 53
FTP(Control) TCP 21
FTP(Data) TCP 20
HTTP TCP 80
HTTPS TCP 443
SMTP TCP 25
SSH TCP 22
Telnet TCP 23
TFTP UDP 69
It is crucial to remember the application layer protocols listed above and their
assigned port numbers as they often appear in the CCNA exam, usually in an
access-listitemorinamultiplechoicequestion.
TheInternetLayer
The InternetLayerof theTCP/IPmodel is parallel to theNetworkLayerof the
OSI reference model in terms of function. It covers path determination, path
forwarding,andlogicaladdressing.
Thewell-knownprotocol thatprovides these services is the InternetProtocolor
IP. Also included in this layer are routing protocols that support the routers in
learning about the various networks that they communicate and the Internet
Control Message Protocol (ICMP) for communicating error messages. CCNA
syllabusmostlycoverstheIPandRoutingprotocolssoyoucanlearnmoreabout
theminthesucceedingchapters.
NetworkAccessLayer
TheTCP/IPModel’sNetworkAccessLayer is parallelwith theDataLinkLayer
and Physical Layer of the OSI model. This layer outlines the hardware and
protocolsneededtoestablishconnectionbetweenahostandaphysicalnetworkin
ordertoeffectivelyandefficientlydeliverdata.ThedatapacketsfromtheInternet
Layer are relayed to the Network Access Layer to be delivered to the physical
network. The end point could be a host within a network or a router that will
forwardthedata.
TheNetworkAccessLayeriscomposedofwiderangeofprotocols.Ifthephysical
networkistheLAN,thecommonlyusedprotocolistheEthernet.However,ifthe
physicalnetworkisaWAN,thecommonlyusedprotocolscouldbeFrameRelay
andPoint-to-PointProtocol(PPP).
Bear inmind thatNetworkAccessLayerusesaphysicaladdress todefinehosts
and deliver data. Its PDU called a frame, which contains the IP packet and a
protocolheaderandtrailerfromthelayer.
EthernetTechnologiesandCabling
Ethernet refers to the familyof standardsdefining theNetworkAccessLayerof
mosttypesofLANtoday.Thedifferentstandardsmayvaryintermsofcabletypes,
speedssupported,andcablelengths.Theorganizationthatisinchargeofdefining
the different standards is the Institute of Electrical and Electronics Engineers
(IEEE).
TheIEEEdividesthefunctionsoftheDataLinkintotwosublayers:LogicalLink
Control(LLC)802.2andtheMediaAccessControl(MAC)802.3sublayer.
Ethernetusesthecontentionmediaaccessapproachtopermitallhostswithina
networkforsharingthebandwidth.Severalhostsaretryingtoutilizethemediain
transferringdata.Oncemultiplehostssimultaneouslysendtraffic,acollisionmay
occurthatcouldleadtodataloss.TakenotethattheEthernetcannotpreventthat
completely;however,itcandetectsuchacollisionandperformcorrectiveactions
through theCarrier SenseMultipleAccesswithCollisionDetection (CSMA/CD)
protocol.
PhysicalLayeroftheEthernet
The group of companies composed of Digital, Xerox, and Intel originally
developed and used the Ethernet. In 1982, IEEE took over and developed the
802.3 standard or the 10Mbps, which used co-axial cables. Eventually, IEEE
extended the 802.3 sublayer into two: FastEthernet (802.3u) and the Gigabit
Ethernet (802.3ab). Then it developed the 10Gbps over fiber and co-axial
(802.3ae).
Meanwhile, the Electronics Industries Association and the newer
Telecommunication Industries Alliance (EIA/TIA) is the organization that
develops the physical layer specs for theEthernet. It established theRegistered
Jack(RJ)connectorwiththe45wiringsequenceonanunshieldedtwisted-pair
(UTP)cablingasastandard.
There are three types of cables used in connecting different types of devices:
normalpatchcable(straightcable),crossovercable,androlledcable.
NormalPatchCables
AUTP cable contains eight wires. A normal patch cable uses four out of these
eight wires. Figure 1.6 demonstrates the wire configurations for normal patch
cable.Takenote that only thewires 1,2,3, and6 are connected to thematching
numberontheotherend.
CrossoverCables
Crossovercablealsoutilizesthesamefourwiresusedinanormalpatchcable,but
theyareconnectedtodifferentpinsasshowninFigure1.7.
Crossover cablesareused to connecthost tohost,hub tohub, switch to switch,
switchtohub,androutertoahost.Thebestwaytorememberthis is thatsame
devicesarelinkedtoeachotherthroughcrossovercables.
RolledCables
You can’t use rolled cables for Ethernet connection, because these are used for
connecting to the console ports of routers or switches from the serial
communication port of the host. Take note that Cisco routers and switches are
addedwithconsoleportsusedforconfigurations.Alleightwiresareconnectedin
thecableandeverywireisconnectedtotheoppositenumberasshowninFigure
1.8.
Thetypesofcablesandtheirusesarecrucialtopicsthatyoumustmasternotonly
topasstheCCNAExambutalsotobecomeasuccessfulnetworkspecialist.
TheThree-LayerModelofCisco
In largeorganizations, it’scommontoseecomplexnetworkscomposedofmany
devices, locations, protocols, and services. This can be difficult to manage and
troubleshoot these complicated networks. Networks must ride on with the
technological developments, so making changes to a complicated network is
usuallyproblematic.
With its vast experience in network equipment andmanaging its own network,
Ciscohasdevelopedathree-layermodel.Thisstructureoffersamodularapproach
ofestablishingnetworks,whichmakes iteasy for implementation,management,
scaling,andtroubleshootingofnetworks.
The three-layermodel of Cisco is composed of the Core layer, the Distribution
layer, and the Access layer. These are logical layers, and each has its own
particularfunctions.
TheCoreLayeristhefoundationoftheinternetwork.Itisthemostbasicbutthe
most important layerwith its primary function of transporting huge amount of
datawithin a specific time frame. It sources out the data from theDistribution
layerandsendsitbackaftertransportation.
TheDistributionLayerservesastheinterfacebetweentheCoreandtheAccess
layers. Themain functionof this layer is theprovision of filtering, routing, and
accesstoWANandtodeterminehowpacketscouldaccessthecore,ifnecessary.
Determining thepath is themostcrucial functionof this layer. It shouldchoose
the quickest way that an access request could be fulfilled. It also serves as the
convergencepointforallswitchesoftheaccesslayer.
TheAccessLayer is the point in the networkwhere different devices such as
Desktop computers, laptops, printers, and other gadgets are connected to the
network.Theregularresourcedrequiredbyusersareavailableatthislayerwhile
requestaccesstoremoteresourcesarerelayedtothedistributionlayer.
Chapter2–IPAddressingandSubnets
In the first chapter, you have learned the different layers of theTCP/IPmodel.
Bear inmind that theCCNAExams is virtuallyabout the InternetandNetwork
AccessLayer.Inthischapter,youwill learnaboutIPAddresses,whichisoneof
themostsignificantareasinnetworking.
Remember,everyhostinthenetworkisassignedwithalogicaladdress,whichis
known as the IP address. Indicating address to a network assists in routing
packetsfromorigintoendpointallthroughoutinthenetworks.
ThelengthofanIPaddressis32bits.Inorderfortheaddresstobeeasiertoread,
it is partitioned into four sectionswith eight bits separatedby a period.Hence,
everysectionisonebyte.Tomakeiteveneasiertoread,thebinarynumbersare
transformed to decimals. For instance, an IP address like
01111100011010101010111100110101 is separated into eight bits leading to:
01111100.01101010.10101111.00110101.When you transform this intodecimal, it
willbecome124.106.175.53,whichiscalledthedotteddecimalformat.Thereare
available online applications, which convert the address to hexadecimal format
ratherthanthedecimal format.Butthis israretoappear intheCCNAexam,so
youneedtofocusinmasteringthedotteddecimalformat.
Asidefromthehostaddress,theIPaddressalsosignifiesthenetworkwherethe
hostislocatedaswellasthehostitself.Assuch,theIPaddressiscomposedoftwo
parts:theNetworkcomponent,whichdefinesthenetworkwithinaninternetwork
and the Host component, which defines the host itself in the network. Every
mixtureof thehost componentand thenetworkcomponentmustbeunique for
thewholeInternetwork.Foreasieridentificationofthesetwoparts,addressesare
categorizedintofiveclasses.
ClassAisforaninternetworkwithlimitednumberofnetworksandwiderangeof
hostsforeverynetwork.Thefirsteightbitsareknownasthenetworkcomponent,
whiletherestofthe24bitsarethehostcomponent.
Class B serves as the bridge between Class A and Class C, because it provides
averagenumberofnetworkswithaveragenumberofhosts.Thefirst16bitsrefer
tothenetworkcomponentwhilethethreebytesarethehostcomponents.
ClassCprovidesforalargenumberofnetworkswithlimitednumberofhostsfor
every network. The first 24 bits refer to the network component while the last
eightbitsrefertothehostcomponents.
ClassDisusedformulti-casting,whileClassEcomprisesreservedaddresses.
Takenotethatifeveryhostbitsinaparticularaddressaresettozero(0),thenitis
signified as a network address.Meanwhile, if every host bits are set to one (1),
then it signified broadcast address. Remember, these addresses must not be
assignedtoahost.
Subnetting
ClassAandClassBaddressescanprovideforalargenumberofhosts.ClassAhas
atotalof16,777,216hosts,whileClassBhasatotalof65,534hosts.Asyouhave
alreadylearnedinthefirstchapter,therearesomedisadvantageswhenitcomes
to large networks, so itwill help a lot if they are divided into smaller networks
connected via routers. Setting up a network with the total number of hosts
permittedforbothclasseswillonlyleadtoproblems.Ontheotherhand,setting
upsmallnetworkswiththeseclasseswillwastetherestoftheaddresses.
In order to resolve this problem, you can establish connections through
subnetting. This method allows you to derive some host bits and use them in
creatingmorenetworks.Theseareknownassubnetsandaresmallerinsize.But
becauseeverynetworkhasabroadcastaddressandanetworkaddress,thereare
addressesthatwillgotowaste.
Tounderstandmorethebenefitofsubnetting,consideraClassCaddress.Every
classCaddress allows254hosts. If youneed twonetworkswith 100addresses,
andyouusetwoclassCnetworks,theremaining308addresseswillgotowaste.
Rather thanusing twoClassCnetworks, you can try subnettingoneobtain two
networks thatwillallow126addresses.With this,youcan lessen thenumberof
idleaddresses.
There are also problems that arise with subnetting. In the case of class-based
subnetting, the first octet of the address in the dotteddecimal address signifies
whichcomponentoftheaddressisthenetworkcomponentandwhichisthehost
component.Butifthebitsarederivedforsubnetting,theclassbasedrestrictions
arenotapplicable,anditcouldbedifficulttoidentifythenetworkbits.Inorderto
resolvethis,subnetmasksshouldbeadded.
SimilartoIPaddresses,thelengthofthesubnetmaskis32bits.Thesubnetmask
value signifieswhich bits of the address are host component andwhich are for
networks.Inasubnetmask,ifthevalueis1,itsignifiesthatthecorrespondingbit
in the IP address is a network component. The value of 0, on the other hand,
signifiesthatthebitisahostcomponent.Subnetmasksareeitherrepresentedin
twoforms:DottedDecimalandClasslessInter-DomainRouting(CIDR)notation.
ItisverycrucialtounderstandsubnetmasksintheDottedDecimalformorinthe
CIDR form. Also remember that there is one restriction in subnet masks. All
networkbitsandhostbitsmustbecontiguous.Hence,somethingthatappearsas
11100100.11110100.11110000.11110000isnotasubnetmaskbecausethenetwork
andhostbitsarenotcontiguousoradjoining.
VariableLengthSubnetMasks(VLSM)
The classless networking approachwas introduced through theVariable Length
SubnetMasks(VLSM)primarilytoavoidtheuseofvarioussubnetmasksacross
thenetworkforthesameclassofaddresses.Forinstance,a/30subnetmaskthat
provides two host addresses for every subnet could be used for point-to-point
linksinbetweentherouters.
There are two main restrictions that you need to consider if you want to use
VLSM: 1.) You need to use fixed block sizes, and 2) You need to use routing
protocols, which support classless routing such as Open Shortest Path First
(OSPF) Interior Gateway Routing Protocol (EIGRP), Routing Information
Protocol (RIP) V2, or Border Gateway Protocol (BGP). Take note that classful
protocols,liketheRIPVersion1,arenotcompatiblewithVLSM.
IfyouwanttouseVLSMindesigninganetwork,youmust followthesesteps in
ordertocomeupwiththerightaddressingscheme:
1.Findthelargestsubnetinthenetwork.Takenotethatthenumberofhost
addressesrequireddecidesthesizeofthesubnet.
2.Assignapropermarktothelargestsubnetthroughthefixedblocksizes
3.Takenoteofthesubnetnumbersremaininginthemaskyouhaveusedin
thesecondstep.
4.Get the remaining subnet and subnet it to providemore space for your
smallersubnets
5.Takenoteofthenewsubnetnumbersagain
6.Repeatthefourthandthefifthstepforsmallersegments
RouteSummarization
Inthepreviouschapter,youalreadyknowthatroutersworkbysettingupatable
of all the networks they communicate with. This table is known as the routing
table,andtheroutersuseroutingprotocols tocommunicatewitheachother.As
thenetworkexpands,theroutingtablealsoexpandsitsnumberofentries.Bigger
routingtablesmayleadtoincreasedprocessingaswellasdelayedresponsetime.
In order to lessen the table sizes, you can group the networks together or
summarizethemthroughamaskthatcanintegratethemall.
RoutesummarizationfollowsthesameconceptbehindVLSM,butintheopposing
direction.InusingVLSM,youprogresstotheright,whileinsummarization,you
areprogressingtotheleft.Takenotethatyoucanonlysummarizeinblocksizesof
128, 64, 32, 16, 8, and 4. Meanwhile, the network address used for the
summarizedaddresssignifiesthefirstnetworkaddresscontainedintheblock.
CommonUtilitiestoTroubleshootIPAddresses
Bynow, you already know that IP addresses are crucial part of networking and
considering the complex nature of addressing and subnetting, it is natural that
therewillbeerrorsinthenetwork.Hence,itisimportantforyoutotroubleshoot
commonproblems that are related to IPAddressing. Before you troubleshoot a
network, you must first understand the common protocols and tools used in
troubleshootingIPaddresses.
PacketInternetGrouper(PING)
ThisisaverycommonutilityintroubleshootingIPaddressingandproblems
with internet connection. This utility comes free with most operating
systems and could be accessed through the command prompt interface
throughthepingcommand.Itcheckswhetherthehostisliveornotthrough
theuseofICMPprotocol.
ARPTable
Insomecases,itisagoodideatolookattheARPTableofanetwork,which
containstheMACaddresstoIPaddressbindingsobtainedbythenetwork.
TheARPTable could be accesses by using thearp-a command. But on a
Ciscodevice,itcanbeaccessesthroughtheshowiparpcommand.
Traceroute
Thisisanothercommonutilitythatcomeswithmostoperatingsystems.In
someOS,theutilitycouldbeviewedbyusingthetraceroutecommandor
tracerton theCLI.This isusedto findeveryhopbetweenthesourceand
destinationhostsandusefultocheckthepathtakenbythepacket.
IPConfig
ThereareinstancesthatyouneedtoverifytheIPaddress,defaultgateway,
DNS addresses and subnet mask that the host is using. If you are using
Windows, you can access this byusing the ipconfig/all command, and if
youareusingaUnixbasedsystem,thisutilitycanbeaccessedbyusingthe
ifconfigcommand.
Chapter3–CiscoSwitches,Routers,andIOS
In the first two chapters, you have learned the fundamentals of networking. By
nowyouhavethebasicknowledgeonthedifferentlayersoftheOSIandTCP/IP
modelsaswellasthedevicesthatworkonthem,specificallyswitchesandrouters.
Before learning the different functions in detail, it is important to know what
makesthemrun.ThischaptercoverstheCiscoInternetworkOperatingSystemor
IOS, which is a proprietary operating system enabling the Cisco routers and
switches on. In this chapter, you will learn about connectivity options, boot
process, andmethods to configure the devices and access basic verification and
configcommands.
CiscoIntegratedServicesRouter(ISR)
Ciscosuppliesdifferentmodelsandseriesofroutersthataredesignedforvarious
types of users and their requirements. Some of the devices are just for routing
whileothersalsoprovideWirelessconnectivity,Voice-over-IP(VoiP)services,and
Security features.Agreatexampleof routers thatofferdifferentservicesare the
routersundertheCiscoISRseries.
ThefocusofthepreviousCCNAexamswereonthe2600and2500routers,which
are already retired and now replaced by the 2800/2900 and ISR 1800 routers.
Today,the2600and2500routersarenotforsaleanymore.Figure3.1showsthe
frontpaneloftheCisco1841router,whileFigure3.2showstherearpanelofthe
routerwithimportantpartslabeled.
The FastEthernet interfaces are used to connect the network to the
router. Various routers have different number of interfaces, and many of
themare addedwith slots that you canuse to connect amodule formore
interfaces.InadditiontoFastEthernetinterfaces,aroutercouldalsohavean
ADSLinterface,serialinterfacesforWAN,andotherinterfaces.
TheConsolePortisusedtoestablishaconnectiontotherouterinorderto
monitor,configure,ortroubleshootthenetwork.
Someroutersareaddedwithadditionalslotsformodules,whichoften
addinterfacestotherouter.
Of course, the power switch turns on or off the router, while the AC
PowerInputprovidesthepowersupply.
TakenotethattheCCNAExamisnotfixatedonspecificdevicesonly.Youcanstill
practiceusinga2600or2500router,butitisidealifyoucouldpracticeusingthe
latestrouters.Eachcommanddescribedinthisstudyguidearestillapplicablein
these routers. The only difference that you must be aware of is the output
differenceininterfacetype,numberofinterfaces,andmemory.
CiscoIOS
TheCiscoInternetworkOperatingSystem(IOS)isaproprietarykerneldeveloped
bythecompanytocontrolallfunctionsoftheirroutersandswitches.Thisisbased
on the OS system developed by William Yeager in 1980s. This OS allocates
resourcesandoverseesactionssuchassecurityandhardwareinterfaces.
ThefollowingessentialitemsarecoveredbytheCiscoIOS:
Connectionofhighspeedtrafficbetweendifferentdevices
Implementationofnetworkfunctionsandprotocols
Controllingaccessandstoppingunauthorizednetworkusebyaddingsecurity
Ensuringscalabilityforeffectivenetworkgrowth
Ensuringreliabilityofthenetworktoestablishtheconnectiontonetworkresources
TheCiscoIOSalsoenablestheCommandLineInterfaceorCLIformanagement,
configuration, troubleshooting, andmonitoring.TheCLI canbe viewed through
the console port, Telnet, SSH or auxiliary port if available. Take note that the
Telnet and SSHboth requires IP connectivity, so you need to access the device
throughtheconsoleport.
HowtoConnecttotheCLIthroughtheConsolePort
Inorder toaccess theCLIof theCiscoswitchor router, youneed toestablisha
connectionbetweenthePCandtheconsoleportofthedevice.InaCiscoswitchor
router,theconsoleportisofteninformoftheRJ45port.Hence,youneedtousea
UTProllovercablewiththisportandconnectitintotheconsoleport.Therewill
beanine-pinserialconnectionononeend.Plugthisintothenine-pinserialport
of your device. A blue console cable is always included when you buy a Cisco
device.Butmostcomputers todaydon’t comewithanine-pinserialport soyou
mayneedtobuytheserialcableaswellasaUSBconverter.
Connect the serial port of your computer to the serial connection and theRJ45
connector to the router’s console port. Once you connect everything to their
properports,youneedtousetheTerminalEmulatorsoftwaretoeasilyaccessthe
CLI. Computers running on Windows are included with the HyperTerminal,
whichisanexampleofaTerminalEmulator.IfyourcomputerrunsonUnix,you
canusetheMinicom,whichisafreetodownloademulator.
ConfiguringRouterInterfaces
Configuringrouter interfaces isamongthebasic thingsthatyoumust learnfirst
beforemovingon.Takenotethattheroutershouldbeproperlyconnectedtothe
networkbeforeitcandoitsrole.Theconfigurationprocessisnormallyeasyand
would only take two steps. But before that, you should first learn about their
numbering.
Youcanseethetypeandnumberofinterfaceswhenyoubootupyourcomputer.
Although therearemanyvaried typesof interfaces,whichcouldbepresent ina
router, thereare threeprimary types that frequentlyappear in theCCNAexam.
These are FastEthernet, Ethernet, and Serial. Several of these interfaces are
alreadyaddedintothedevice,whilesomeareaddedasmodulesinavailableslots.
Themodulesareaddedintotheslotnumbersbeginningfrom1,whilethebuilt-in
devicesgointotheslotzero.
Learningtherightnumberingfor interfaces iscrucialbecauseyouneedtoknow
whichinterfacetoconfigure.Takea lookataset-upwheretheEthernetcable is
connectedintothesecondinterfaceofthesecondmodule,whileyouaresettingup
thefirstinterfaceinthefirstmodule.ThequestionmarkontheCLIcouldhelpin
determiningtheformatofthenumberinginusingtheinterfacecommandinthe
global config mode. In the output below, you can see the different types of
interfacesthatcanbeconfigured.
In the output below, the only
availablesingleslotnumberiszero.
In the output below, you will
notice that there are two
FastEthernet Interfaces, which
canbeconfiguredto1or0.
In the finaloutputbelow, takenote that themainbuilt-in interfacewaschosen.
Once the prompt changes to config-if, it will be easy to configure different
parameterssuchasspeed,protocols,IPaddress,andduplexforSerialInterfaces.
ConfiguringDNS
InworkingwithadvancedconfigurationssuchasaccesslistsandroutingonIOS
devices, youalsoneed to refer tootherdevices.You cando thisby eitherusing
hostnamesorIPaddress.TakingnoteandusingIPaddressofdifferentdevicesis
near impossible and difficult to troubleshoot. Thus, IOS offers twomethods to
identifynamesofIPaddress.
ThemostcommonmethodistoaccessaDNSserver,whichyoumayalreadyhave
inyournetwork.JustaddtheIPaddressoftheDNSservicebyusingtheip-name-
servercommand.YoucanincludeasmanyDNSserversasyouwant.TheIOSwill
communicatetotheseserversinaseriesuntilitreceivesareply.Whenyouhave
included aDNS server, each time the device discovers a name, itwill resolve it
throughserverquery.
Anothermethod is creating a namemap to IP addresseswithin the IOS. These
mappings are also known as host tables. Take note that this method doesn’t
convert the IOSasaDNSserver. It simply setupsa local list for the router. In
ordertodothis,youcanusetheiphostnameip_addresscommand.
BackingUpConfiguration
Remember, changes in the configuration are made through the running-config
that isdistinct fromthestart-upconficviewedduring thebootup. Ifyou fail to
save the running-config to the NVRAM as start-up config, the changes will be
erasedduringthereboot.
Inordertosavetherunning-config,youneedtoentertheexecmodeandusethe
copy command. You need to supply two important parameters: the source
(running-config)and thedestination (startup-config).Hence, thecommand that
youmustuseiscopyrunning-configstartup-configasyouwillseebelow.
Let’sassumethatyouhavemadechangesintherunning-config,butyouwantto
erase them. Take note that changes made in this parameter are implemented
instantly.Hence,youcandiscardallthechangesyouhavemadeonebyoneorjust
copythestartupconfigtotherunningconfigthroughthecopycommand.Youcan
justreversethesourceanddestination.
Asidefromcopyingtheconfigbetweenstartupandrunning,youcanalsobackup
bycopyingtheconfigbetweenstartupandrunning.Itisimportanttobackupthe
configsothatyouwillhaveacopythatyoucanuseiftheroutercrashesandyou
needareplacement.
Ifyouneedtoclearuptheconfigurationtostartagain,youcanerasethestart-up
configandreload the router.Youcanuse thecommand:startup-configwhile in
theexecmodeasyouwillseebelow:
HowtoRecoverPasswordonaCiscoRouter
ItiscommonforuserstoforgetpasswordswhenworkingwithIOSbaseddevices.
Whiletheprocessofrecoveringpassworddiffer fromdevices,mostroutershave
similarprocessforpasswordrecovery.
Password recovery for Cisco switches is quite different and not included in the
CCNAexam,sowe’lljustlookatthepasswordrecoveryforCiscorouters.
First,youneedtounderstandtwoimportantthingslinkedwiththebootprocess:
ConfigurationRegister
Thisisa16-bitvalue,writtentotheNVRAMandcontrolparametersofthe
bootprocess.Youcanchangethisoncethebootstrapprogramexploresthe
IOSfile,ifthestartupconfigisloadedandevenifthebootprocessmuststop
atROMmonandtheIOSfileshouldnotbeloaded.
There are two values that you should take note during the configuration
register:2142and2102.Thevalue2142signifiesthattherouterwillnotload
the startup config but will load the IOS file from the flash. The config
register’s value could be viewed in the output using the show version
command.
ROMMonitor
This is also known as the bootstrap program,which locates and boots the
IOS file, and initializes the hardware. Thismode could be used for testing
andtroubleshooting.IftheIOSfilecannotbeloadedduringthebootup,you
will be transformed into the ROMmonitor mode. The prompt for this is
rommon#>,where# signifies anumber.There are few commans that you
canuseinthismodetofindandtroubleshootproblemsconnectedwiththe
bootup.ThiscanalsobeusedtocopyIOSfilestotheflashfromTFTP.
TheROMMonitorandtheConfigurationRegisterarecrucialtorecoverpassword.
Theprimarystepsarethefollowing:
1. StartthedevicethroughtheROMMonitormode
2. AdjusttheConfigurationRegistersothatthestartupconfigwillnotbeloaded
3. StartintotheIOS
4. Accesstheexecmodeandcopythestartupconfigintotherunningconfig
5. Enternewpasswords
6. Savetherunningconfigintothestartupconfig
7. Modifytheconfigregisterto2102
8. Restartthedevice
Sobasically, youneed tomake sure that the router loads the IOSdevoidof the
startupconfig.With this, youcanworkonexecmodeevenwithoutapassword.
Then,youcanloadthestartupconfigandenternewpasswordandsavebackthe
configuration.
InordertobootintotheROMMonitormode,youneedtorebootthedeviceand
breakthesequenceoftheboot.YoucandothisbypressingCtrl+Breakkeywhile
thesystem isbooting.However, thebreaksequencemayvarydependingon the
clientandtheoperatingsystem.For instance, ifyouareusingOSX,youneedto
usetheCmd+b.ButfortheCCNAExam,theCtrl+Breakistheonlychoice.You
canpracticemoreonthisbyusingtheWindows/Hyperterminalapplication.
Chapter4–UnderstandingIPRouting
IPRoutingreferstotheprocessofmovingpacketsfromasourcetoadestination
throughout thenetworks. Inorder tosuccessfully routepackets,a routershould
knowthefollowingdata:addressofthedestination,potentialroutestoallremote
networks,nearbyroutersfromwhichitcoulddiscoverremotenetworks,andthe
bestroute foreveryremotenetwork. Theroutershouldbeable topreserveand
verifytheseroutingdata.
RoutingdataisstoredintheRoutingInformationBase(RIB),whichisalsoknown
as the routing table. Every route is an integration of the destination network
address,thenextmovetowardsthedestination,andthesubnetmask.Thereare
threemainwaysforaroutertounderstandroutes:
1.DefaultRouting
InDefaultRouting,allroutersareconfiguredtosendallthepacketstowards
one router. This is a useful approach for simple networks or for networks
withonlyoneexitandentrypoint.
2.StaticRouting
InStaticRouting,youcanmanuallyaddroutestotheRIB.Thisisoftenused
forsmallnetworksandnotrecommendedforlargenetworks.
3.DynamicRouting
InDynamicRouting,thealgorithmsandprotocolsareusedtoimmediately
broadcastroutingdata.Thisisacomplexyetcommonroutingmethod.
ThreeClassesofRoutingProtocols
Routingprotocolsarecategorizedintothreeclasses,basedontheirfunctions.
1.LinkStateProtocols
Link State Protocols form a remote connectionwith other routers prior to
sharing routing data. They don’t broadcast routing data to the whole
network.Routingdata are all stores in a table. These protocols only share
connectivity data or link states, which are stored in a topology table to
establish a general prospect of the network. In reference to the links
received,everyroutercomputesthebestpathforeachnetworkdestination.
Everyprotocolhasitsownalgorithmtofigureoutthebestpath.
DistanceVectorProtocols
Distance Vector Protocols use distance to measure the route cost. The
number of hops between the router and a destination network establishes
the distance. They regularly send their whole routing table to the remote
routers. The receiving router then integrates its routing table with the
received data based on the metrics. This process is also known as rumor
routing,becausetheendrouterwillbelievetheinformationreceivedfromits
neighbor.
In comparison with Link State Protocols, Distance Vector Protocols take
moretimetoconverge.Anetworkcanonlybeconsideredfullyconvergedif
all the network routers learn all destination networks. However, they are
easier to manage, configure, and troubleshoot. On the other hand, they
requiremorebandwidthandmemorybecausetheyregularlysendthewhole
routing table, even if there are no changes. A good example of aDistance
VectorProtocolisRIP.
3.HybridProtocols
Hybrid Protocols use features of both Link State Protocols and Distance
VectorProtocols.AgoodexampleofahybridprotocolistheEIGRP.
Takenotethatthedistinctionsbetweenthedifferentprotocolclassesaswellasthe
examplesforeveryclassarearecurringtopicintheCCNAExam.
RoutingLoops
Arouting loopisaconditionwhereinapacket isroutedbetweenseveralrouters
becauseof some issues in therouting table.This isoften thecasewithDistance
VectorProtocolswhentheyarerumorroutingandhaveslowconvergencecould
result torouting loops.To learnmoreabouthowrouting loopscanhappenwith
DistanceVectorProtocols,takeacloserlookatFigure4.1below:
Once converged, the router networks above will discover the 191.168.5.0.0/26
network.WhenRouterD loses connection to 191.168.5.0.0/26, it will erase the
routetothatnetworkfromitstable.IfRouterCgetsthenextregularupdatefrom
RouterD,itwilldiscoverthattherouteto191.168.5.0.0/26hasbeenlost,andthus
willbeerasedfromtheroutingtable.Atthispoint,RouterAandRouterBwillstill
believethatthe191.168.5.0.0/26networkisreachablethroughtheRouterC.
AtthetimeRouterCstandsidletowaitfortheupdate,whenRouterBdeploysits
own update, it will contain the 191.168.5.0.0/26 network as its destination.
BecauseRouterCdoesn’thavethatnetworkinitsroutingtable,itwillbelievethat
it’safreshdestinationandRouterBbelievesaboutandwillstillinstalltherouteto
that network, directed towards Router B. From this, the regular update from
RouterCwillstillcontainthe191.168.5.0.0/26networkandRouterBwillbelieve
thatitisawareofallthenetworkscontainedintheupdate.
OnceRouterB receivesapacket intended for 191.168.5.0.0/26, itwill send it to
the Router C. Once Router C receives this packet it will make sure that the
191.168.5.0.0/26 is directed towards Router B and will send it back. This loop
shallcontinueuntiltheIPTTLvalueinthepacketreacheszeroandarouterdrops
it.
Inordertoavoidroutingloops,DistanceVectorProtocolshaveestablishedsome
restraints,asdiscussedbelow.
SplitHorizon
The split horizon control ensures that the routing data learned from an
interface cannot be sent back to that interface.With this controlmeasure
added in the above network, Router B will never send 191.168.5.0.0/26
networkbacktoRouterC,becausethat’stheoriginoftheroute.So,arouting
loopwillnevertakeinthefirstplace.Asadefaultfeature,theSplitHorizon
isaddedforEIGRPandRIP.
HoldDownTimers
Routingprotocolsaddtimerstorecoverlostroutersortochangetothenext
best route to the samedestination.These areknownashold-down timers,
whichisidealtouseiflinksaregoingupanddownrapidly.Thiscouldcause
loops and stop the network from convergence. Hold downs also avoid
changesthataffectaroutethatwasjustlost.
In the example above, hold down timers could block theRouter B update
from affecting the Router C after the route to 191.168.5.0.0/26 was lost.
Meanwhile,RouterCwouldsendupdatetoRouterBaboutthelostroute.
MaximumHopCount
Without controls in place, the incorrect routing data could spread all
throughoutthenetwork.Inordertopreventthis,theprotocolssuchasRIP
havemaximumhopcount.Themaximumhopcount forRIP is15.Aroute
withhighermaximumhopcountwillbeunreachableandcannotbeused.
Intheabovenetwork,theprimaryhopcountof191.168.5.0.0/26onRouter
Bwasonly2.WhenRouterAlostitsconnection,andRouterCreceivedthe
wrongdata,itwouldsee191.168.5.0.0/26with3hopcounts.OnceRouterB
getsthisupdatefromRouterC,itwilladdanotherhopcountandwillmake
it4.Thiscyclewill continue.Withoutanestablishedmaximumhopcount,
thiswillproceed.Thisisknownisknownascountingtoinfinity.Withoutthe
establishedmaximumhopcount,theaccumulationofaddedhopcountswill
causetheroutestobeunreachable,andwillbeeliminatedfromtherouting
tablethatwillcausethelooptoberesolved.
RoutePoisoning
Route poisoning prevent network loops through the use ofmaximumhop
counts.Oncearouterloosesaroute,itsendsmessagethatroutewithahop
countreachingbeyondthemaximumhopcount.Thedestinationrouterwill
find thedestinationnetworkunreachableandwillbroadcast it ahead.This
will also send update towards the source router to make certain that the
router is now poisoned in the whole network. This process is known as
poisonreverse.
In the example above, if Router D lost 191.168.5.0.0/26, it will relay the
routetoRouterCwithahopcountbeyondthemaximumhopcount.Inturn,
RouterCwillupdateRouterB.Thisistheprocessofroutepoisoning.Router
CwillalsosendthepoisonedroutebacktoRouterDtomakecertainthatthe
entirenetworkissynchronized.Thisiscalledthepoisonreverseprocess.
All themethodsused inpreventingrouting loopsareessential topicsandwould
probablybecoveredintheCCNAExam.
Chapter5–NetworkSecurity
Cisco routers runningonCisco IOSare addedwith security tools,which canbe
usedaspartofasoundsecuritystrategy.AccessControlLists(ACL)isregarded
as themost important security tool inCisco IOS software. They can be used to
outlinecontrolstoavoidsomepacketsfromflowingthroughthenetwork.
Cisco also manufactures a range of specialized security devices such as the
Adaptive SecurityAppliance (ASA),which companies can use for securing their
networks.
Confidentiality,Integrity,andAvailability(CIA)Model
Asecuritystructureisastructure,whichprovidesguidingprinciplestosecurethe
systems to meet industry regulations and best practices. A broadly applicable
modelofnetworksecurityistheConfidentiality,Integrity,andAvailability(CIA),
which serve as the guiding principles that can be used to secure the systems.
Violationoftheseprinciplescouldleadtolargesecurityconsequences.
Confidentiality
Confidentialityreferstothepreventionofsensitivedatafrombeingviewed
byunauthorizedpeople.Itisthecapacitytomakecertainthattheminimum
level of security is implemented and data is concealed from unauthorized
people.Informationisahighlyvaluableasset,andsecuringsensitivedatais
important for organizations. This is the reason why Confidentiality is the
security aspect that comes under attack by those who want to discover
crucial information for their own interests.Data encryption is theprimary
method to protect data confidentiality of information transferred from
devicetoanother.
Integrity
Integrity refers to the prevention of any unauthorized changes of data to
ensure accuracy.With integrity, the user can be certain that it is the real
unmodified informationand so it canbea reliablepieceof information.A
common type of attack that affects data integrity is known as themiddle-
manattack,inwhichtheattackerinterruptstheinformationwhileintransit
andmakemodifications to it that areunknown to the two communicating
parties.
Availability
Availability refers to thepreventionofdataandresources lossandmaking
certainthattheyarereadyforuseiftheyareneeded.Itiscrucialtoensure
that informationisalwaysavailableatall timessothatauthorizedrequests
could be provided. Denial of Service (DoS) is a common type of security
attack that tries to interrupt the immediate access to data and resource,
whichcompromisestheavailabilityofsystems.
CiscoFirewalls
Firewalls are essential component of a network security framework, and Cisco
providesfirewallsolutionsinvaryingtypes.ThecommonCiscofirewallsareCisco
IOSFirewalls,CiscoPIX500SeriesofFirewalls,CiscoASA5500seriesAdaptive
SecurityAppliances,andCiscoFirewallServicesModule.
Layer2Security
Alwaysbearinmindthatanetworksecurityisonlyasformidableastheweakest
link.Aseeminglysmallweakspotifpenetratedsuccessfullywouldbesufficientfor
anattacker to access thewholenetwork.Theweak spot couldbe theDataLink
Layer or the Second Layer of the OSI reference model. You can secure the
posterior of the network to safeguard it against threats, but it is also crucial to
securethenetworkinteriorassomethreatscouldevencomefromtheinterior.
Similartorouters,Ciscoswitchesalsohavetheir integralsetofnetworksecurity
requirements.Infact,switchescouldturnouttobethatweakspotifnotsecured
appropriately. Gaining access to switches could be an easy entry point for
intruderswhowanttopenetratethenetwork.
Whenanintrudergainsaccesstoaswitch,itiseasytolaunchanyformofattack
from inside thenetwork.Thesecuritymeasures thataredesigned toprotect the
networkwillnotbesufficienttoaverttheseattacksbecausetheyarecomingfrom
insidethenetwork.
CiscoPortSecurity
One way to enhance the security of the switches and the whole network is by
addingportsecurityonCiscoswitchestocontrolwhocanaccessthenetworkby
connectingtoaswitchport.Theswitchportcanbeconfiguredandcanalsofigure
outtheaddressesthatareallowedtoaccesstheport.Thesecureswitchportdoes
notforwardframeswithsourceaddressesoutsidethegroupofspecifiedaddresses
foraparticularport.
AAASecurityServices
Authentication,Authorization,andAccounting(AAA)SecurityServicesreferstoa
framework,whichyoucanusetocreateaccesscontrolonCiscoswitches,routers,
firewalls and other network devices. This security framework provides you the
abilitytospecifywhoispermittedtoaccessnetworkdevices,andwhatservicesthe
usermustbeallowedforaccess.Thisframeworkisoftenusedtocontrolconsole
accesstonetworkdevicesortelnet.
AAA uses TACACS+, Kerberos, and RADIUS as authentication protocols to
superviseitssecurityfunctions.ACiscorouterrequiringAAAserviceswillsetupa
connection to the security server by using any of these protocols. The security
server is a Linux orWindows host that is external to the network device, and
includesadatabasethatcontainstheusernamesandpasswords.WithinaCisco
networkdevice,AAAcanalsobeconfiguredtousealocalregistryofusernames
and passwords. You need to use the global configuration command: aaa new-
modeltoenabletheAAA.
Chapter6–WideAreaNetworks
ByusingaWideAreaNetwork (WAN), you canextend theLocalAreaNetwork
(LAN)tonearbyLANsatremoteareas.ThereareseveralwaystoestablishWANs
usingdifferenttypesoftechnologies,devices,andconnections.
ThePhysicalLayerandtheDataLinkLayerofOSIReferenceModelworktogether
toprovidedataacrossseveral typesofnetwork.ProtocolsandstandardsofLAN
definehownetworkdevicesarefairlyclosetogether,hencethename.Ontheother
hand,theprotocolsandstandardsofWANdefinehowtonetworkdevicesthatare
quite apart. Both types of networks implement the same functions of Physical
LayerandDataLinkLater,buttheyfollowseparatemechanisms.
TheprimarydistinctionbetweenLANsandWANsincludesthedistancebetween
the devices, but still able to share information. LANs are often used within a
buildingorevennearbybuildingsbyusingopticalcablesthatareappropriatefor
Ethernet. WAN connections usually run much longer distances compared to
EthernetLANs–acrosscitiesandevenbetweenstatesandcontinents.
AsidefromLANsandWANs,thetermMetropolitanAreaNetwork(MAN)isalso
used for networks that extend between buildings. This is often used for
connections that does not extend as far as a WAN, but generally covers a
metropolitanarea.
PhysicalLayerPointtoPointWAN
The Physical Layer defines the particulars of data from one device to another
throughamedium.Regardlessofthetypeofdatatransmitted,thesenderwillbe
required to actually transmit the bits to the device in form of waveforms or
physicalsignals.
Point-to-PointWANsconnectstwosites,byallowingaserviceprovidertosetupa
circuit.Theserviceproviderwillprovidethecircuitandwillalsoinstalldevicesat
bothendsof thecircuit.This typeofWANconnection isalsoknownasa leased
linebecauseitisalwaysavailableandyoucanuseitanytimeyouwantsolongas
youpayforit.
HighLevelDataLinkProtocol
High Level Data Link Protocol or HDLC is a basic data link protocol, which
performs several basic functionsonPoint toPoint serial links.ThebasicHDLC
framedoesnothave aprotocol field todetermine the typeof packetwithin the
HDLC frame.TheHDLC trailer containsaFrameCheckSequence (FCS),which
allows thedestination router to check if the framehas errorswhilemovingand
eliminatetheframeifnecessary.
HDLCConfiguration
Bydefault,HDLC isbeingused inCisco IOSSoftwareasDataLinkProtocolon
serial interfaces. To create an efficient point-to-point leased line connection
betweentworouters,youmustorderaleasedlinefirst.Whentheleasedlinehas
alreadybeenprovisioned,youcancompletetheneededcablesbetweentherouters
atthetwoends.Then,youcanconfiguretheIPaddressesanduseanoshutdown
commandiftheinterfaceisonadministrativeshutdown.
Point-to-PointProtocol(PPP)
Similar toHDLC,Point-to-PointProtocol isalsoused in serial links.ButPPP is
added with more advanced features compared with HDLC. This protocol is
flexible and can provide support for both asynchronous and synchronous links.
ThetypeofprotocolcontainedintheheaderallowsseveralLayer3protocolstobe
transportedoverthesamePPPlink.Italsosupportsauthenticationandtwomain
mechanisms: Challenge Handshake Authentication Protocol (CHAP) and
Password Authentication Protocol (PAP). PPP has control measures for every
higher-layer protocol supported by PPP, which allows easier integration and
support.
The configuration of the PPP is rather direct without the authentication
configuration.TakenotethattheauthenticationforPPPisnotmandatory,anda
linkcanstillbeestablishedevenwithoutauthentication.Asamatterof fact, the
onlychangehereincomparisonwithHDLCconfigurationisthatyouneedtouse
thecommand:encapsulationpppwhileyouareintheconfigurationmode.
HowtoTroubleshootSerialLinks
Ideally,youneedtoconfigureapoint-to-pointlinkforPPPorHDLCandallwill
runsmoothly.Butinyourcareerasanetworkassociateoradministrator,youwill
oftenfindyourselfinasettingwhenthelinkfailstoworkproperly.
AbasicpingcommandcanhelpyoufindoutiftheconfiguredseriallinkwithPPP
orHDLCiscapableofforwardingIPpackets.IfyoucaneasilypingtheIPaddress
on the router’s serial interfaceon theotherendof the link, it is sufficientproof
that the link isworking. Otherwise,youneed to resolve the issue.Theproblem
couldberelatedtothefunctionsoftheOSILayers1,2,and3.Thebestapproach
toisolatetheproblemistousethecommand:showipinterfaceandanalyzethe
protocolandlinestatus.
Conclusion
Thankyouagainfordownloadingthisbook!
I hope this book was able to help you to understand the basic concepts of
computernetworkingandtheintricaciesofCiscoRouting&Switching.
ThenextstepistotrysettingupyourhomelabwithyourownCiscoroutersand
switches,soyoucanpracticewhatyouarelearning.
Finally,ifyouenjoyedthisbook,thenI’dliketoaskyouforafavor,wouldyoube
kind enough to leave a review for this book on Amazon? It’d be greatly
appreciated!
Thankyouandgoodluck!
Previewof‘PythonProgrammingForBeginners’
IfyouenjoyedJavaScriptForBeginnersyou’resuretolovethisbook!
Chapter1:IntroductiontoPython
Ifyoutypicallyworkwithcomputers,youwilleventuallyfindthatthereare
certaintasksthatyouwanttoautomate.Forinstance,youwanttoperforma
searchandreplaceoverahugeamountoftextfiles.Youmayalsowantto
rearrangeandrenameagroupofpicturefilesinacomplexmanner.Perhaps,you
wouldwanttocreateaspecializedgraphicaluserinterface(GUI)application,a
computergame,oracustomdatabase.
Ifyouareaprofessionalsoftwaredeveloper,youmayneedtoworkwith
Java,C,orC++libraries.However,youmayfindthattheusualcycleforwriting,
compiling,testing,andre-compilingistooslow.Maybeyouarecreatingatest
suiteforalibraryandthinkthatwritingthetestcodeistedious.Perhaps,youhave
createdaprogramthatcanuseanextensionlanguageandyoudonotwantto
implementanddesignanentirenewlanguagefortheapplication.
Ifanyofthesecasesapplytoyou,thenPythonistheperfectprogramming
languageforyou.YoucanwriteWindowsbatchfilesoraUNIXshellscriptfor
yourtasks.Justtakenotethatshellscriptsaremostidealforchangingtextdata
andmovingaroundfiles.TheyarenotidealforgamesorGUIapplications.
PythoniseasytouseandavailableonUNIX,Windows,andMacOSX
operatingsystems.Itwillallowyoutoquicklyfinishyourtasks.Itisareal
programminglanguagethatoffersmuchmoresupportandstructureforlarge
programsthanbatchfilesandshellscripts.Inaddition,itoffersmuchmoreerror
checkingthanClanguage.
Pythonisahighlevellanguage;therefore,ithasbuiltinhighleveldata
types,suchasdictionariesandflexiblearrays.Itisalsoapplicabletoabigger
problemdomainthanPerlorAwkduetoitsgeneraldatatypes.
ThroughPython,youcansplitprogramsintomodulesforthepurposeof
reusinginotherprograms.Itincludesavastcollectionofstandardmodulesthat
youcanuseasreference.Someofthesemodulesoffersystemcalls,fileI/O,
sockets,andinterfacesforGUItoolkitssuchasTk.
Moreover,Pythonisaninterpretedlanguagethatcansaveyousomuchtime
whenyoudevelopprogramsbecauselinkingandcompilationarenolonger
necessary.Youcanusetheinterpreterinteractively,makingiteasierto
experimentwiththefeaturesoftheprogramminglanguage.Youwillalsofindit
easiertotestfunctionsandwritethrow-awayprograms.Pythonisalsoanefficient
deskcalculator.
Furthermore,Pythonallowsprogramstobewrittenreadablyandcompactly.
MostoftheprogramscreatedinPythonaremuchshorterthanJava,C,orC++.
Thisisduetothefollowingreasons:
Statementgroupingisperformedbyindentationratherthanusingbracketsinthebeginningandtheend.
Thehighleveldatatypesletyouexpresscomplexoperationsinonestatement.
Therearenoargumentorvariabledeclarationsrequired.
Pythonisactuallyextensible.SoifyouareknowledgeableinClanguage,it
wouldbeeasyforyoutoaddnewmodulesorbuilt-infunctionstotheinterpreter.
Youwouldalsobeabletolinkprogramstolibraries,performcriticaloperationsat
highspeeds,andlinktheinterpretertoanapplicationcreatedinCandutilizeitas
acommandlanguageorextensionforthatparticularapplication.
PythonwasdevelopedbyGuidovanRossuminthe1980’s.JustlikePerl,its
sourcecodeisavailableundertheGNUGeneralPublicLicense(GPL).Itiscase
sensitive,whichmeansthatuppercaseandlowercasecharactersrequirecautionto
beused.Forinstance,thewords‘Harlequin’,‘HARLEQUIN’,and‘Harlequin’are
allconsidereddifferentterms.
Andno,Pythonwasnotnamedafterareptile.Itwas,infact,namedaftera
televisionshowcalledMontyPython’sFlyingCircus.ReferencestotheMonty
Pythonskitsindocumentationsareallowedandactuallyencouraged.Howfunis
that?
Chapter2:LearnTheBasics
ThesyntaxofPythonissimpleandstraightforward.Thelanguageactually
encouragesprogrammerstocreateprogramswithouttheuseofpreparedor
boilerplatecode.Theprintdirectiveisthesimplestdirective.Itprintsoutaline
andincludesanewline.
Pythonhastwomajorversions:Python2andPython3.Thesetwoversions
aredifferentfromeachother.Python2ismorecommonandmoresupportedthan
Python3,butthelattersupportsnewerfeaturesandismoresemanticallycorrect.
Theprintstatementisonenotabledifferencebetweenthetwoversions.In
Python2,itisnotconsideredasafunction,allowingittobeinvokedwithout
parentheses.InPython3,however,itisconsideredasafunction.Hence,itshould
beinvolvedwithparentheses.
InteractiveModeProgramming
ProgramsinPythoncanbeexecutedindifferentmodesofprogramming.
Whenyouinvoketheinterpreterwithoutpassingthescriptfileasaparameter,
youwillobtainthefollowingprompt:
$python
Python2.4.3(#1,Nov112010,13:34:43)
[GCC4.1.220080704(RedHat4.1.2–48)]onlinux2
Type“help”,“copyright”,“credits”or“license”formoreinformation.
>>>
Onceyouseethisprompt,youcantypeinthefollowingtextandpressEnter:
>>>print“HelloPythonWorld!”;
Ifyouareusinganewerversion,youhavetousetheprintstatementwith
parentheses:
>>>print(“HelloPythonWorld!”)
Youwillgetthefollowingoutput:
HelloPythonWorld!
ScriptModeProgramming
Usingascriptparametertoinvoketheinterpreterstartstheexecutionand
goesonuntilthescriptisdone.Oncethescriptisdone,theinterpreternolonger
becomesactive.
Takealookatthefollowingsampleprogram.Itiswritteninascriptandhas
theextension.py.
print“HelloPythonWorld!”;
Ifyoutypeintheabovesourcecodeinatest.pyfileandrunitas
$pythontest.py
youwillgetthefollowingoutput:
HelloPythonWorld!
Anotherwaytoexecutescriptsistomodifythe.pyfile,suchas:
#!/usr/bin/python
print“HelloPythonWorld!”;
Ifyourunitas
$chmod+xtest.py
$./test.py
yougetthefollowingoutput:
HelloPythonWorld!
Identifiers
Identifiersarenamesusedtoidentifyvariables,functions,classes,modules,
andotherobjects.Theystartwithanuppercaseorlowercaseletter.Theymayalso
startwithanunderscore(_),followedbymorelettersorzero,aswellasdigitsor
underscores.
InPython,youcannotusepunctuationcharacters,suchas%,@,and$
withinidentifiers.Sinceitiscasesensitive,youalsohavetobecarefulwithyour
useofidentifiers.RememberthatExampleandexampleareconsideredastwo
differentidentifiersbecausetheyarenotexactlyalike.
Thefollowingarethenamingconventionsforidentifiers:
Theclassnamesbeginwithuppercaseletters.Allotheridentifiersbeginwithlowercaseletters.
Ifanidentifierendswithtwotrailingunderscores,itisalanguage-definedspecialname.
Identifiersthathaveonlyoneleadingunderscoreindicatethattheyareprivate.
Identifiersthathavetwoleadingunderscoresindicatethattheyarestronglyprivate.
ReservedWords
ThereservedwordsinPythonarewordsthatcannotbeusedasvariables,
constants,oranyotheridentifiernames.Thesekeywordscanonlyhavelowercase
letters.ThefollowingarethereservedwordsinPython:
Indentation
Indentationisawaytogroupstatements.Itisusedforblocksinplaceof
curlybraces.Thespacesandtabsaresupported.However,standardindentation
requiresstandardPythoncodetohavefourspaces.Considertheexampleas
follows:
x=1
ifx==1:
#indentedfourspaces
print“xis1.”
VariablesandTypes
Asyouhavelearned,Pythonisobjectoriented.Itisnotstaticallytyped.
Hence,thereisnoneedforyoutodeclarevariablesbeforeyoudeclaretheirtype
orusethem.Eachvariableisanobject.
Numbers
TwotypesofnumbersaresupportedinPython,andthesearefloatingpoint
numbersandintegers.Complexnumbersarealsosupported,though.Anyway,in
orderforyoutodefineaninteger,youhavetousethissyntax:
myint=5
Ifyouwanttodefineafloatingpointnumber,caneitherusethisnotation:
myfloat=5.0
orthisone:
myfloat=float(5)
Pickupyourcopyof‘PythonProgramingForBeginners’andcontinueyour
journeywiththepowerfulandeasytolearnPythonprogramminghere.
