Your SlideShare is downloading. ×
CCENT™ Cisco® Certified Entry Networking Technician Study Guide (Exam 640-822)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CCENT™ Cisco® Certified Entry Networking Technician Study Guide (Exam 640-822)

3,166
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,166
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
94
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. CCENT™ ® Cisco Certified Entry Networking Technician Study Guide (Exam 640-822)
  • 2. This page intentionally left blank
  • 3. ® CCENT™ Cisco Certified Entry Networking Technician Study Guide (Exam 640-822) Matthew Walker Angie Walker This study/training guide and/or material is not sponsored by, endorsed by, or affiliated with Cisco Systems, Inc. in any manner. Cisco®, Cisco Systems®, CCDA®, CCNA®, CCDP®, CCNP®, CCIE®, CCIP®, CCSP®, CCVP®, CCDETM, CCENTTM, the Cisco Systems logo, and the Cisco Certified Internetwork Expert logo are trademarks or registered trademarks of Cisco Systems, Inc., in the United States and certain other countries. All other trademarks are trademarks of their respective owners. This publication and CD may be used in assisting students to prepare for an exam. Neither The McGraw-Hill Companies nor Boson Software warrant that use of this publication and CD will ensure passing any exam. New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto
  • 4. Copyright © 2008 by The McGraw-Hill Companies. All rights reserved. Manufactured in the United States of America. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. 0-07-164378-8 The material in this eBook also appears in the print version of this title: 0-07-159114-1. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please contact George Hoare, Special Sales, at george_hoare@mcgraw-hill.com or (212) 904-4069. TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. DOI: 10.1036/0071591141
  • 5. This book is dedicated to my father, Ronald Walker (1947–2008). We miss you, Dad.
  • 6. This page intentionally left blank
  • 7. ABOUT THE AUTHORS Matthew Walker is the IA Training Instructor Supervisor and a Sr. IA Analyst at Dynetics, Inc., in Huntsville, Alabama. An IT education professional for over 15 years, Matt served as the Director of the Network Training Center and the Curriculum Lead and Senior Instructor for the local Cisco Networking Academy on Ramstein AB, Germany. After leaving the US Air Force, Matt served as a Network Engineer for NASA’s Secure Network Systems, designing and maintaining secured data, voice, and video networking for the agency. He has written and contributed to numerous technical training books for Air Education and Training Command, United States Air Force, and continues to train, and write, certification and college-level IT and IA Security courses. Matt holds numerous commercial certifications, including Cisco Certified Network Professional (CCNP), Microsoft Certified System Engineer (MCSE), CEH (Certified Ethical Hacker), CNDA (Certified Network Defense Architect), and Certified Pen Test Specialist (CPTS). Angie Walker is currently the Chief Information Security Officer for the University of North Alabama, located in beautiful Florence, Alabama. Among the many positions she has filled over the course of her 20-plus years in Information Technology and Information Assurance are Manager of the Information Systems Security (ISS) Office for the Missile Defense Agency (MDA) South, as well as the lead for the MDA Alternate Computer Emergency Response Team (ACERT). She served as Superintendent of the United States Air Forces in Europe (USAFE) Communications and Information Training Center, Superintendent of the 386 Communications Squadron on Ali Al Saleem AB, Kuwait, and Senior Information Security Analyst for Army Aviation Unmanned Aircraft Systems. Angie holds several industry certifications, including CISSP, Network+ and Security+, and a master’s degree in Information Systems Management. With over nine years of IT and IA educational experience, she has developed and taught courseware worldwide for the US Air Force, as well as several computer science courses as an instructor for the University of Alabama in Huntsville, and Kaplan University in Fort Lauderdale, Florida. Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.
  • 8. About the Tech Editor Bobby E. Rogers is a Senior Information Assurance Analyst for Dynetics, Inc., in Huntsville, Alabama. In addition to working in the Certification and Accreditation process for the U.S. government, Bobby also leads penetration testing teams for Dynetics. Bobby recently retired from the United States Air Force after almost 21 years, serving as a computer networking and security specialist, and has designed and managed networks all over the world. He has held several positions of responsibility overseeing network security in both the Department of Defense and private company networks. His duties have included perimeter security, client-side security, security policy development, security training, penetration testing, and computer crime investigation. As a trainer, he has taught a wide variety of IT-related subjects in both makeshift classrooms in tents in the desert and formal training centers. He also has taught a wide variety of courses as a part-time contractor for several nationally known training centers and a major university. Bobby is an accomplished author, having written numerous IT articles in various publications and training materials for the U.S. Air Force, and has authored several training videos on a wide variety of IT security topics. He is also a regular security article contributor for several online IT sites. He has a Bachelor of Science degree in Computer Information Systems from Excelsior College, and two Associates in Applied Science degrees from the Community College of the Air Force. Bobby’s professional IT certifications include: A+, Security+, ACP, CCNA, CCAI, CIW, CIWSA, MCP+I, MCSA (Windows 2000 & 2003), MCSE (Windows NT4, 2000, & 2003), MCSE: Security (Windows 2000 & 2003), CISSP, CHFI, CIFI, CPTS, and CEH. Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.
  • 9. CONTENTS AT A GLANCE 1 Networking 101 .............................................................. 1 2 TCP/IP ....................................................................... 31 3 Network Media and Devices 4 Ethernet Fundamentals 5 Switching: Moving Data Inside Your Network 6 Routing Essentials and IP Addressing ................................................ 69 ..................................................... 101 ........................... 129 ...................................... 155 7 IP Address Subnetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 8 Interfacing with Cisco Devices ............................................. 229 9 Cisco Switch Configuration ................................................ 271 10 Cisco Router Configuration ................................................ 315 11 WANs and WLANs ......................................................... 363 12 Applications, Security, and Troubleshooting A About the CD Glossary Index .............................. 403 ................................................................ 455 ....................................................................... 461 . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 ix
  • 10. This page intentionally left blank
  • 11. For more information about this title, click here CONTENTS Foreword . . . . . .................................................... xvii Preface . . . . . . ..................................................... xix Acknowledgments ................................................. xxv Introduction . ..................................................... xxvii 1 1 Network Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The OSI Reference Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Functions and Advantages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Protocol Data Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Networking 101 ................................................ 2 2 5 8 11 11 12 17 19 23 25 28 TCP/IP ........................................................... 31 TCP/IP and OSI Reference Model Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . TCP/IP History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Comparing the Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Application Layer Functions and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 2-1: Viewing TCP/IP Protocols in Action . . . . . . . . Transport Layer Functions and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Numbers and Multiplexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 32 33 34 34 37 39 42 46 47 50 51 xi
  • 12. xii CCENT Cisco Certified Entry Networking Technician Study Guide Internet and Network Access Layer Functions and Protocols . . . . . . . . . . . IP and ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Access Layer Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Network Media and Devices ................................. 69 Network Media . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Media Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Copper Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fiber Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Devices . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NICs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Transceivers, Repeaters, and Hubs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Bridges and Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Putting It All Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 54 56 59 62 66 70 70 71 77 79 79 80 81 85 87 88 92 94 98 Ethernet Fundamentals ...................................... 101 Ethernet History . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Frame Types and Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Media Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 102 103 103 107 112 116 121 122 126 Switching: Moving Data Inside Your Network ............. 129 Switch Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Physical Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch Initialization Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 130 133
  • 13. Contents Duplex and Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch Design Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch Installation and Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . Looping and STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 136 137 139 139 140 142 146 148 152 Routing Essentials and IP Addressing ...................... 155 Routing Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routing Logic and Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routed and Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . An Introduction to IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Address Construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Address Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Address Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 xiii 156 157 162 168 168 171 174 183 185 189 IP Address Subnetting ........................................ 191 Foundation Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Binary Math . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Boolean AND Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 7-1: Binary Math Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Subnet Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Subnet Definition and Construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Subnet Mask Creation Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Subnet Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Decoding Subnet Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Applying Subnet Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Subnetting Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 7-2: Decoding and Applying Subnet Information . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 192 197 198 199 200 202 206 206 208 210 214 220 223 226
  • 14. xiv CCENT Cisco Certified Entry Networking Technician Study Guide 8 Interfacing with Cisco Devices .............................. 229 The IOS and Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Cisco IOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Access Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 8-1: Router Connection Methods—HyperTerminal and Telnet . . . . . . . . . . . . . . . . . . . . . . . . The CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CLI Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CLI Help Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 8-2: Basic CLI Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Comparing the Router and Switch CLI . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 230 230 234 238 241 244 249 249 252 257 258 263 265 269 Cisco Switch Configuration .................................. 271 About Cisco Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Physical Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using the System Configuration Dialog . . . . . . . . . . . . . . . . . . . . . . . . . Basic Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Securing the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 9-1: Basic Switch Configuration . . . . . . . . . . . . . . . . . . . . Configuring SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 9-2: SSH Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VLAN1 and the Switch IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Speed, Duplex, and Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 9-3: Interface and VLAN Configuration . . . . . . . . . . Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 272 274 275 276 278 281 282 285 285 287 289 290 291 292 294 297 299
  • 15. Contents xv ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 309 313 10 Cisco Router Configuration .................................. 315 First Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About Cisco Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Physical Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Initial Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 10-1: Basic Router Configuration . . . . . . . . . . . . . . . . . . Configure Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 10-2: Static Route Configuration . . . . . . . . . . . . . . . . . . Dynamic Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring RIPv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 10-3: Configuring RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring an Internet Access Router . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 316 321 324 325 327 329 333 334 336 337 341 342 354 357 361 11 WANs and WLANs ............................................ 363 Wide Area Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . WAN Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Point-to-Point Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet Switched Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Access Technologies .................................... WAN Configuration Extras . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 365 368 371 374 378 380 380 384 386 394 397 401
  • 16. xvi CCENT Cisco Certified Entry Networking Technician Study Guide 12 Applications, Security, and Troubleshooting ............... 403 Application Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Application Needs and Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . telnet (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 12-1: telnet Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Threats and Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mitigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshooting Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Host Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switch and Router Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 12-2: Using CDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A 404 404 407 409 410 410 414 417 418 423 426 430 445 448 452 About the CD .................................................. 455 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installing and Running the Boson NetSim LE and BEE . . . . . . . . . . . . . . . . . Boson NetSim LE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . BEE and Practice Exams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Electronic Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CertCams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Help . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Removal Installation(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Book Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Boson Software Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 456 456 457 458 458 458 459 459 459 Glossary ............................................................... 461 Index ................................................................... 495
  • 17. FOREWORD From Boson Software The Cisco CCENT certification requires that you learn and master a number of skills. As you read this book, incorporating Boson NetSim into your learning process will help you successfully complete the CCENT certification. The Boson NetSim Limited Edition (LE) included with this book will get you started on your way, and additional capability from the full edition is available after purchasing an upgrade. Boson NetSim will help you with the practical hands-on portion of your education, and it ensures that you not only understand the concepts of routing and switching but that you can actually configure and implement routing and switching on Cisco devices. Once you feel you have mastered both the theory and the practical labs, you can test your knowledge using the exams included with this book and the CD. You may also purchase ExSim-Max practice exams from Boson, available at http://www.boson.com. ExSim-Max is the most realistic practice exam on the market with questions that are well-written, technically accurate, and completely representative of those on the actual exam. With ExSim-Max, you can be sure you are ready to pass the real exam. Boson NetSim is the most advanced network simulator on the market for learning how to configure a Cisco router and Catalyst switch. Boson NetSim will not only help you become CCENT certified, it will actually help you learn and understand how to configure routers, switches, and networks. The Boson NetSim LE can be upgraded to the full edition for CCENT at any time at http://www.boson.com/mcgrawhill (with a valid activation code from your qualifying McGraw-Hill book). Upgrading enables all other Boson NetSim labs, commands, telnet, and advanced features. Don’t forget to complete your study with ExSim-Max practice exams. Thank you very much, and best wishes in your future studies! Boson Software http://www.boson.com xvii Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.
  • 18. This page intentionally left blank
  • 19. PREFACE O f course, the primary focus of our book is to help you achieve the Cisco Certified Entry-level Network Technician certification—but there’s more to it than that. We’ve provided all the background and technical knowledge in this book that you’ll need to be successful on the exam, as well as a few exercises and hands-on projects to increase your odds. Hopefully, though, we’ll also succeed in two other, secondary but just as important, goals. First, after reading through this we’d be happy to see you emboldened with confidence. Yes, we whole-heartedly believe, and would like to make sure you know, YOU CAN DO IT! Sure, certifications are hard—they’re supposed to be; if they were easy, everyone would do it—but this isn’t something you’re not capable of. This book was written in the same manner we learned the information—in a simple, easy and, yes, fun fashion. Look at it this way: If a couple of yahoos from Alabama, with four kids and two full-time jobs, can figure this stuff out, you should do just fine. Secondly, after all is said and done, we sure hope you don’t stop. CCENT is a great certification, but it’s not the end-all be-all. Instead, it should be a great beginning for you. After you pass—and you know you will—follow it up with personal practice, hands-on experience, and study. Put into play what you’ve been studying for all this time and prove you know it. Then, of course, start on your next certification—the CCNA. After you’ve completed the CCENT certification by passing the Interconnecting Cisco Network Devices (ICND) v1 640-822 exam, you’ll be (literally) halfway to a CCNA certification. The ICNDv2 640-816 exam covers the second half of the CCNA body of knowledge and is more Cisco IOS configuration-, and device-, centric. An excellent resource for studying for “part 2” is the Cisco Certified Network Associate (CCNA) Study Guide (McGraw-Hill) by Richard Deal. In This Book This book covers all the exam objectives posted on Cisco’s web site concerning the CCNA 640-822 exam. Each chapter explores one or more of the main objectives in this list. You’ll also find much repetition from chapter to chapter since some objectives are covered across multiple chapters. The Introduction offers a breakdown of Cisco’s objectives and which chapter of this book covers each objective. xix Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.
  • 20. xx CCENT Cisco Certified Entry Networking Technician Study Guide In Every Chapter Each chapter has several components designed to effectively communicate the information you’ll need for the exam: ■ Every chapter begins with the Certification Objectives. These identify the major topics within each section on the exam, dealing with the chapter topic. Using these objective headings will help you keep track of where you are with your studies. ■ Practice Exercises, step-by-step exercises providing hands-on experience, are found in chapters with configuration objectives. While some chapters require only knowledge and comprehension levels, other objectives require you to know how a specific configuration option is entered into the switch or router. These practice exercises are designed to reinforce the chapter verbiage and provide insight into the skills that are likely to be an area of focus on the exam. The information covered in these exercises is not simply for reading purposes—you’ll be required to perform configuration on a variety of scenario and simulation questions on the exam. Don’t fail to prepare for them by simply reading over the practice exercises—practice them and be very, very comfortable with their focus. These exercises will always work with the simulator product, produced by Boson and provided with this book, but they can be used anywhere. Practice as much as you can with the simulator and with real equipment, should you have the opportunity. ■ On the Job entries are found throughout all the chapters and are designed to point out information and tips that will be helpful both in your day-to-day responsibilities and in studying for the exam. Please note that while these notes provide insights, tips, and otherwise interesting tidbits of information, they are also sometimes used to reinforce testable material. Don’t dismiss them as simply “neat”—some of the mistakes and real-world issues described in these notes may prove the difference in correctly answering a question or two on the exam! ■ Exam Watch notes highlight specific information within the section on which to focus your studies. Do not rely on them totally, but be sure to read over them before the exam. ■ Remember the benefits and disadvantages of static routing, and commit Table 6-2 to memory. An Inside the Exam entry is provided at the end of each chapter and basically summarizes the important aspects of the chapter in regards to the exam. Tips and tricks mentioned in this section will definitely help you understand what to expect on the test.
  • 21. Preface ✓■ Q&A ■ xxi The Two-Minute Drill is a full summary of the chapter, condensed and organized for quick last-minute review. The Self Test section at the end of each chapter offers questions similar to those found on the certification exams. Answers and explanations of both correct and incorrect choices are provided to assist in understanding the material. Some Pointers This may seem strange to say, since we wrote this book and hope everyone in the networking arena gets a copy, but we’ll say it anyway: First and foremost, do not rely on this book alone to pass your CCENT exam. There’s not a book on the planet that, by itself, will fully prepare you for the test. Read this book, using the pointers we provide here to guide your study, but never forget to practice, practice, practice. The benefit of hands-on real-world experience in preparing you for the exam is immeasurable. This book is, we humbly feel, a great guide to follow in preparing for the exam, but you’ll definitely need plenty of practice outside its pages to succeed. Once you finish reading this book, be sure to do a thorough review of everything: 1. Reread all the Two-Minute Drills. These will serve as an excellent “cram” session just before the exam. 2. Reread all the Exam Watch notes. Knowing the information to satisfy each knowledge objective is one thing, but it’s only part of the battle. To be truly successful, you’ll need to know what to expect on the exam itself. Reading the Exam Watch notes will give you insights into how the information will be presented on the exam, and what to expect. If you know this upfront, you won’t be surprised on the exam, and your confidence will contribute to your success. 3. Retake the Self Test sections at the back of each chapter. Immediately after reading the chapter, give the accompanying Self Test a shot. Then, after you’re done with the entire book, go back and take each Self Test again. Facing all the questions at one time is very similar to the exam itself, and will help with your study. Please note that simply memorizing these questions and answers will NOT help you on the exam. The Self Test questions are similar to what you’ll see, but they’re not exact replicas. 4. Use the Exam Test Engine on the CD. The test engine, provided by Boson Software on the CD accompanying this book, provides plenty of questions to prepare you for the exam. You can choose to quiz yourself on all questions, much like the exam itself, or target your study by focusing on a single category.
  • 22. xxii CCENT Cisco Certified Entry Networking Technician Study Guide Categories roughly match the chapter outline of the book, to help mark your progression. Additionally, you can also purchase extra tests from Boson Software at their web site (www.boson.com). 5. Do all the Practice Exercises in each of the chapters. You will be required to perform configuration and troubleshooting on simulators during the exam. While CCENT doesn’t go overboard with these, you’ll definitely need to be familiar with all the configuration commands and steps included in this text. Use the exercises in the book to reinforce concepts and prepare for the exam. Additionally, feel free to experiment on your own—especially if you have access to equipment. Interject problems to working environments and note various troubleshooting techniques you can use to fix the problem. The configuration of devices is a big part of the exam, but troubleshooting and examining configuration files for errors will play a large role in your success or failure. 6. There may be some simulation questions on the CCENT exam. In simulation questions, you’ll be required to perform basic configuration and troubleshooting tasks on a Cisco router and/or switch. Therefore, it is important that you have good configuration skills. Use the Practice Exercises to hone your configuration skills! You may come across a simulation scenario presenting a flawed configuration on the exam. The more you practice with the exercises and Boson’s NetSim, the easier it will be to spot these configuration errors right off the bat. Practice Exams and the Simulator Hands-on practice and real-world experience are essential in your preparation for the exam. The practice exercises and simulator built for this book are designed with exactly that in mind—giving you hands-on experience and an opportunity to practice to your heart’s delight. The network provided in the simulator should allow you ample opportunity to see all the command and configuration options in action. The network is displayed in Figure 1, with addressing for all exercises spelled out in Figure 2. This network provides every configuration option covered in the book. As you go through the practice exercises, refer to Figures 1 and 2 to “see” how your configuration should be applied. Additionally, don’t just rely on the exercises, as written, for your study. Feel free to create your own configurations on each device. Use all the show and debug commands you want to see the IOS in action. Finally, after configuring the network to function, purposely change configuration options to see the results. Using the practice exercises and your own creativity on this network will greatly increase your odds of passing the exam.
  • 23. Preface FIGURE 1 A simulator network for practice exercises PC-1 xxiii PC-3 Fast Ethernet 2960-2 Switch Serial Point-to-Point (T-line or DirectConnected in a Lab) 2960-1 Fast Switch Fast Ethernet Ethernet 2800-1 Router Fast Ethernet Fast Ethernet 2960-4 Switch 2800-2 Router Fast Ethernet 2960-3 Switch Fast Ethernet PC-4 PC-2 IP: 192.168.1.11 Mask: 255.255.255.0 Gateway: 192.168.1.1 FIGURE 2 Addressing for the network topology used for the practice exercises PC-3 PC-1 MAC: 00-00-11-AA-BB-CC IP: 192.168.2.10 Mask: 255.255.255.0 Gateway: 192.168.3.1 MAC: 00-00-33-AA-BB-CC Fast Ethernet 2960-1 192.168.1.2/24 FA0/2 FA0/1 FA0/2 FA0/1 FA0/1 FA0/2 2960-2 192.168.1.4/24 FA0/3 FA0/3 FA0/2 FA0/1 FA0/3 2800-1 FA0/0: 192.168.1.1/24 S1/0: 172.16.0.1/24 (DCE) 2960-4 192.168.2.2/24 FA0/3 2800-2 FA0/0: 192.168.2.1/24 S1/0: 172.16.0.254/24 (DTE) 2960-3 192.168.1.3/24 PC-2 IP: 192.168.1.10 Mask: 255.255.255.0 Gateway: 192.168.1.1 MAC: 00-00-22-AA-BB-CC PC-4 IP: 192.168.2.11 Mask: 255.255.255.0 Gateway: 192.168.3.1 MAC: 00-00-44-AA-BB-CC
  • 24. This page intentionally left blank
  • 25. ACKNOWLEDGMENTS W e would like to thank the following people: ■ This book would not have been possible without the support of Dynetics, Inc., and Matt’s supervisor, Paul Clark. Paul’s willingness to help—no matter what was asked nor when—was critical throughout this entire process. Balancing work, family, and writing is a tough business, and without the willingness displayed by Dynetics to support the effort, we never would have finished. ■ A special thanks to Bobby Rogers for providing excellent technical insight on editing this book. Bobby’s acerbic wit and his attention to details we simply didn’t think about proved vital to the success of this project. ■ The team at McGraw-Hill (Jennifer Housh, Tim Green, Vasundhara Sawhney, and Jody McKenzie) is due several toasts at the local establishment of their choice. The unbelievable patience and support they displayed throughout every stage of this process was nothing short of amazing. It’s been an honor and a privilege to work with such an outstanding, professional, and fun group of people. ■ Finally, there is no way this book could have ever even been started, much less completed, without a lot of understanding and patience from our children. Faith, Hope, Charity, and Christian—thanks for putting up with us. All those nights of, “Not right now, Daddy’s writing,” are finally over! At least for now… xxv Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.
  • 26. This page intentionally left blank
  • 27. INTRODUCTION How to Take a Cisco Certification Examination This introduction offers a host of information on your CCENT certification and prepares you for taking the actual examination. In this section, you’ll find a brief overview of Cisco’s certification program, and some guidelines on methods of preparing and studying for the exam, including what to expect on the exam itself and some simple things you can do on test day to increase your chances of passing. Cisco’s Certification Program Cisco now has a number of certifications, ranging from entry level (CCENT) and advanced routing and switching (CCIE) to network security, wireless, and VoIP. Cisco recommends a variety of classes as training for these individual certifications, but they are not mandatory—all one need do to hold the certification is pass the appropriate test(s). With the right experience, study materials, and a good work ethic, you’ll pass any Cisco exam without necessarily attending the recommended course. Cisco is constantly changing and updating their certification requirements. For more information about Cisco certifications and exams, visit Cisco on the Web at www.cisco.com/web/learning/index.html. Cisco’s web site is a veritable gold mine of information regarding your certification. Not only will you be referring to it for certification tracking purposes after your exam, but you can also find plenty of information to help you achieve the certification in the first place. In addition to the objectives being tested for each exam, you will find exam-specific information, sample test questions, information on becoming certified, demonstration tutorial videos, and the latest news on Cisco certification. xxvii Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use.
  • 28. xxviii CCENT Cisco Certified Entry Networking Technician Study Guide Computer-Based Testing I know you’d probably prefer to be told that a certification exam actually tests your skills in a real-world hands-on environment, but unfortunately this just isn’t true. Imagine trying to ensure that a stable, secured, unchanging network is available at every test center, worldwide, for candidates attempting a certification. It simply couldn’t be—such logistics would preclude anyone from ever offering a certification—especially those as far reaching as Cisco’s certifications. To get around this, Cisco (and most vendors, for that matter) relies on a computer-based testing service, operated by Pearson Vue. Pearson Vue provides a secured testing environment in a number of facilities around the world (there’s probably a Pearson Vue test center in your own town). Tests on a Vue system are relatively straightforward and are similar from vendor to vendor. Cisco is unique in that they do not make use of the “adaptive” testing format (thank goodness). Cisco instead relies on a more traditional format, simply providing test questions in a random order and scoring participants according to their success or failure on each question. However, there is another characteristic of a Cisco test you will not find on any other vendor: Cisco does not allow you to mark a question for further review. In other words, whether you answer the question or not, once you press the “Next” button to move on, you are no longer allowed to view that question. I cannot stress this point enough: You are not allowed to skip questions and return to them later on a Cisco exam! Most test-takers will tell you a good strategy on any exam is to skip the questions you don’t know and return to them later since many times a question later in the exam will provide insight into those you don’t know. On a Cisco test, though, if you skip it, you miss it. Sometimes you may need to pass one over for time purposes. Just keep in mind that once it’s gone, you’ll never see it again! Each test consists of a random set of questions pulled from an enormous pool of them. During the “beta testing” of the exam, Cisco will compile and refine a huge amount of questions for this pool. Thus, when you receive your test, it simply retrieves a unique combination of these questions to test your ability. Some are
  • 29. Introduction xxix straightforward multiple-choice questions, while others are based on a simulator (forcing you to use your hands-on experience as well as your “book” knowledge). Cisco exams are also timed—lasting usually 75 to 90 minutes, depending on the number of questions and the particular test. The time you have remaining for your specific exam will be displayed in a small box on the corner of the computer screen. If your time elapses, the exam will be scored based on what you have answered up to that point (of course, all unanswered questions will be counted as incorrect answers). Lastly, the scoring of the test, and the feedback you’ll receive after an attempt, warrant some discussion. As soon as the exam is over, your score will be calculated and displayed onscreen for your review. It will also be passed on electronically to Cisco, for tracking purposes. Whether you pass or fail, you’ll receive a printed report from the test administrator, showing your overall score and a score for each objective the exam covered. Unfortunately, you will not receive a list of the questions you marked incorrectly. Question Types Cisco uses many different question formats in their exams, most of which should be covered here in this section. While you’ll find a brief overview of what to expect here, your best resource on any particular exam is to talk things over with other testtakers. No, it won’t do you much good to ask exactly what’s on the exam, since each is different, but you can get an idea of what types of questions to expect. Check with Cisco’s web site for something called the Cisco Network Professionals Connection. Between this and other forums on the site, you can get a good idea of what the CCENT exam makeup will be like. True/False Oh, I know what you’re thinking. I can sense it a mile away, and although I don’t like the idea of shattering your hopes on anything, anywhere, I am going to shut the door on this one. The simple 50-percent-chance classic true-or-false question will not be found anywhere on a Cisco exam. This is not to say that Cisco doesn’t employ true or false logic on their tests—in fact, you’ll find quite a few questions like this—just that Cisco will test your ability to determine a true or false statement or scenario using a multiple-choice question format. An example would be, “Choose the true (or false) statements from the following.”
  • 30. xxx CCENT Cisco Certified Entry Networking Technician Study Guide Multiple Choice Multiple choice is the primary format for questions in Cisco exams. These questions may be posed in a variety of ways; however, no matter which way the question is presented, one tip will always apply on these questions: ALWAYS read the question very, very carefully. Sometimes you may understand the intent of the question perfectly, and know well what the answer is, only to wind up missing it because of a “technicality.” For example, if the question asks you to choose two answers, choose two ONLY. Choose the Correct Answer Celebrate every time you receive one of these multiple-choice questions on the exam. This is the classic format, requiring you to choose one correct option from the four or five presented. In addition to the wording “Choose the Correct Answer,” indicating a single response, these single-answer questions will display Windows radio buttons—allowing only a single response to be entered. One final tip: If the question states, “Select the best answer,” it’s also a single-answer multiple-choice question. Choose X Correct Answers This type of multiple-choice question appears differently than the single-choice version listed earlier. On these, the question will ask you to choose X number of options, where X will be a number from 2 to (sometimes) 4. Instead of the radio buttons used before, you’ll find checkboxes used for marking answers. It’s very important to keep in mind that these questions are all-or-nothing: All the correct answers must be selected, otherwise the entire question is marked as incorrect. Additionally, the testing software prevents too many answers from being selected; if the question asks for two responses, you cannot choose three. Choose All that Apply Easily the most difficult, and unfortunately relatively common, multiple-choice question you’ll see on the exam, the choosing-all-thatapply type lets the candidate choose as many, or as few, answers as they wish. Since you don’t know how many answers the exam expects, you are at a distinct disadvantage. It’s important to note on these questions that they, too, are all or nothing enterprises: If too few, or too many, answers are given, you will miss the question. Freeform Response You should not see any freeform response type questions on the CCENT exam. However, Cisco has surprised us from time to time on other issues, so you should at least know what to expect should they slip one in on you. A freeform response
  • 31. Introduction xxxi question provides no choices (or help) at all. You are simply given a scenario with an empty text box and asked which command to enter. You must then type the command, precisely as it should be, into the freeform textbox provided. Obviously this is challenging and is the reason this type of question usually isn’t found on entry-level certifications. If you see one, however, be sure to type the entire command in—do not use a truncated version that would work just fine on a “real” router. Exhibits While not actually a test question type in and of themselves, exhibits are a big part of the exam, and you should know about them upfront. You’ll find exhibits used constantly throughout your exam, with several questions sometimes referring to a single exhibit. These diagrams and pictures will normally appear in a separate window, which you can enlarge or minimize as you see fit, using a button on the screen. Scenarios Scenario questions generally consist of one to two short paragraphs that describe a specific circumstance, network, or event, requiring you to pick the correct choice from a variety of answers. Additionally, you may sometimes find several questions referring to a single scenario (sometimes referred to as a “testlet” question). On any scenario question, pay close attention to the wording of the problem (if troubleshooting) and apply simple logic. Oftentimes, reading the question first, and then returning to the scenario, proves a useful practice in navigating the exam. Simulations Simulation questions require you to enter a basic configuration on a Cisco switch or router, given a specific set of instructions and settings required. You’ll need to know how to access the device, navigate through the various IOS modes, enter commands, and save configurations. Additionally, sometimes these simulators have existing configurations with built-in errors that require you to troubleshoot and fix the problem. The context-sensitive help functions within the IOS are supposed to be available for you within the simulator, but don’t be surprised if it does not work exactly as you’d see it on a “live” router. For example, the simulator may force you to type certain commands completely, while allowing TAB and auto-complete on others.
  • 32. xxxii CCENT Cisco Certified Entry Networking Technician Study Guide An important note here with this style of question is your ability to manipulate the simulator itself. In other words, knowing what configuration to enter does you no good if you cannot figure out how to enter the commands into the simulator in the first place. Before the exam begins, you will be presented with a screen asking if you’d like to become familiar with the simulator before the exam starts. Do not skip this. It does not affect your time for the exam and ensures you won’t be wasting valuable time during it figuring out how the simulator works. Additionally, for a demonstration of what the simulator is like, you can also visit www.cisco.com and browse to the certification section to find the demo. This example is very similar, but not exactly the same, as the simulator you would see on the real exam. Studying Techniques When I’m asked, “How do I study for a Cisco exam?”, my first response seems almost out of place: To effectively study for the exam, first schedule the exam. You’re probably thinking that’s lunacy, but trust me, it’s the only way. Once your exam is scheduled, you’ll have a deadline and will be forced into studying for it. I can’t count the number of times I’ve heard students say they were planning on scheduling the exam, “after I’ve had time to study for it,” only to greet me months later with the same excuse. Let me assure you, soon-to-be fellow Cisco networking professional, you’ll never think you’re ready for it without some kind of deadline to push you. Sure, take some time to read this book (and encourage everyone you know to pick up a copy and do the same) and practice on your own, but schedule the exam as soon as you can. After reading through this book, schedule your exam no more than a month out. Spend that time studying, using the tips provided here, then just go knock it out! There are a million study tips out there, and just as many people willing to give them to you. Our suggestions are pretty simple, straightforward, and easy: Make the best use of your time available and practice, practice, practice. Time scheduling, for focused study, is the easy part—30 minutes of focused study time a day should do it. Any more than 30 minutes a day will, most likely, burn you out—any less and you’re just not willing to work for this. Additionally, you’ll be amazed at how easy it is to study during times when you’d least expect it. The principle is known as “stealing time,” and works very simply: While you’re accomplishing one task, make use of the slack time to work on another. For example, create an audio tape (or CD) of yourself asking questions and providing answers. Pop this into your vehicle on the drive to work and voilà, you’ve just added some free study time. Want another example? How about creating a cheat
  • 33. Introduction xxxiii sheet, or a few flash cards, to keep handy in your jacket or wallet? While waiting for your lunch, sitting in the airport, or taking a break from work, bring it out and take a quick peek. There are a thousand ways to do this, but the point is simple: You can find ways to study during your day-to-day activities if you really look for them. Secondly, practice, practice, and practice some more. Experiment with both live equipment (if available) and the simulator provided with this book. Just memorizing facts and commands might, might, be enough to make it through a single exam, but it’s certainly not going to be enough in the real world. Your best bet, on both the exam and your job, is to not only know the “what” but the “how and why.” The best way to do this is to apply what you’ve read in this book on a system. Try commands out. Set up configurations that work, and then break them. Throw in weird configurations a college guy might try on Saturday night after the big game (and a celebratory adult beverage or two). Of course there’s a little humor here, but you get the point: The more you see the configuration, commands, and traffic in use, the better you’ll know how they work and why you need them. One last note on studying deals with the “dark side” of the network certification world. A wide variety of study guides and “braindumps” are available on the Internet. Many of these are legitimate vendors wishing to provide helpful insight on making you a better network professional. Others are charlatans, hoping to take your money at any cost (pardon the pun). Do not rely on a single study guide or braindump downloaded from the Internet. I can promise you, it’s NOT a copy of the Cisco exam and will do more harm than good to your studying. If you do find a practice test or study guide on the Internet, verify the answers through your own research. Simply memorizing test questions, from any resource, will NOT result in a passing score. Scheduling Your Exam You can schedule any Cisco exam by calling Pearson Vue, or visiting their online registration web site at www.vue.com (if calling outside the United States, go to Vue’s web site to find your local number). Exams can be scheduled up to a year in advance, and can be rescheduled with 24 hours’ notice. If you miss your test date/ time, or fail to provide appropriate notice, you will lose your test fee. Payment for the exam is due upon registration with Vue and is accepted through a variety of means, credit cards being the most convenient. Vue e-mails a receipt and confirmation of your testing date, which typically arrives the same day you schedule the exam. If you need to cancel or reschedule an exam, remember to call at least one day before your exam, otherwise you’ll lose your test fee.
  • 34. xxxiv CCENT Cisco Certified Entry Networking Technician Study Guide If this is the first time you’ve ever attempted a Cisco exam, Vue will provide a unique number for testing with Cisco. Be sure to keep this number handy and use it for every Cisco test for which you register. Additionally, address information provided when you first register is also used by Cisco to ship certificates and other related material, so make sure you get it right! You will also be required to give a valid e-mail address when registering. If you do not have an e-mail address that works, you will not be able to schedule the exam. Once you are registered, you will receive an e-mail notice containing your registration information for your scheduled exam. Examine it closely to make sure it’s correct. Arriving at the Exam You should always arrive early for your exam, giving yourself time to relax and review last-minute key facts. While waiting for your exam, take the time to review notes, read over the Exam Watch sections of this book, and look over any cheat sheets and practice cards you have handy. Generally speaking, so long as a computer system is available, you can start your test any time before your scheduled test time. So, after your last-minute cram session, when you’re ready, you can begin. Be sure to bring two sets of identification with you to the testing center. Acceptable forms include government-issued IDs (for example, a passport or driver’s license) and credit cards. One form of ID must include a photograph. After the identification, though, you won’t need anything else. In fact, testing centers do not allow you to take anything else with you into the exam area: no books, papers, notepads, PDAs, cell phones, nothing. The test administrator will, however, provide you with a paper and pencil, or a small erasable marker board. These are to let you write notes and perform calculations during the exam. A helpful tip, though, is to hurriedly jot down any last-minute tidbits you looked at just before the exam, as soon as the administrator allows you to write. In other words, you can download everything in your brain directly to the paper or marker board before your exam ever starts. Just remember that’s the only material you’ll have to write on during the test, so leave a little room! You’ll have to return the paper (marker board) to the administrator immediately upon completion of the test. In the exam room, the exam administrator logs you in to your exam, and you have to verify that your name and exam number are correct. If this is the first time you’ve taken a Cisco test, you can select a brief tutorial for the exam software (which we mentioned before, and you should not skip). Additionally, you’ll be asked to take a survey before the exam. This does NOT count against your time, so take advantage of it and write down your notes during this survey.
  • 35. Introduction xxxv Before the test begins, you will be provided with facts about the exam, including the duration, the number of questions, and the score required for passing. Once you click Begin Test, the clock starts ticking. The test will appear full screen, with a single question per screen. Navigation buttons allow you to move forward to the next question but, as discussed earlier, not back. The time countdown will appear in the corner and a variety of buttons may be available depending on the question asked (a “Display Exhibit” button, for example). Periodically check to ensure you’re budgeting your time wisely. Remember, once you pass over a question, it is scored immediately (you cannot return to it). Nevertheless, you don’t want to waste too much time on any one test question. Generally speaking, you’ll receive between 55 and 65 questions and will need to get at least 82–85% of them correct. Cisco does not provide specifics on either the number of questions, or the passing percentile, so you’ll never really know until the exam is finished. The Grand Finale As soon as your exam is completed, it will be graded automatically. The actual real time that elapses between when you press Score Exam and when the results appear on the screen is just under ten seconds. In your mind, it will most likely seem like an eternity. The result of your exam is displayed showing the minimum passing score, your score, and a PASS/FAIL indicator. With some Cisco tests, the actual score isn’t displayed on the screen, only on the printed version of your test results. If you’re curious, you can review the statistics of your score at this time. Normally, though, candidates are either so elated they can’t sit still or too dejected to bother looking at the screen. Keep in mind, whether you pass or fail, Cisco does not show you the individual questions answered right or wrong. Instead, you’ll get a generic list, showing categories and your results within each one. This is also provided on the report that’s automatically printed at the exam administrator’s desk. Keep your results in a safe place and check back with Cisco’s web site over the next 48 hours to make sure your results are posted. After some time (a week or so), you’ll receive a folder in the mail from Cisco containing your official certificate and other goodies. Retesting If you don’t pass the exam, don’t worry about it. Certification tests are, by design, very difficult and the vast majority of people who take them fail the first time.
  • 36. xxxvi CCENT Cisco Certified Entry Networking Technician Study Guide Simply jot down those things you remember and go into the next attempt a little more educated on format and content. Additionally, the score report will help guide your study efforts, showing those areas you were weakest in. Cisco makes you wait five business days before you can sign up for another exam. During this time, continue with the study tips from before, but focus on those areas that need the most attention. When you’re ready, contact Vue and schedule another exam. You can track your current certification status by going to www.cisco.com/go/ certifications/login. You’ll need to use your Cisco testing ID number to log in.
  • 37. Introduction xxxvii Study Guide Coverage Ch# Describe the purpose and functions of various network devices Network Essentials Network Devices Switch Fundamentals Routing Fundamentals Wireless Networking 1 2 5 6 11 Select the components required to meet a given network specification Network Essentials About Cisco Switches Routing Fundamentals 1 9 6 Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network OSI Reference Model TCP/IP and OSI Reference Model Comparison Network Devices 1 Describe common networking applications, including web applications Application Layer Functions and Protocols Application Fundamentals Describe the purpose and basic operation of the protocols in the OSI and TCP models Application Layer Functions and Protocols Transport Layer Functions and Protocols Internet and Network Access Layer Functions and Protocols Describe the operation of data networks 2 2 2 12 2 2 2 Describe the impact of applications (Voice over IP and Video over IP) on a network Application Fundamentals 12 Interpret network diagrams Network Devices 3 Advanced Official Objective Beginner Exam Readiness Checklist Intermediate CCENT 640-822
  • 38. Official Objective Study Guide Coverage Determine the path between two hosts across a network TCP/IP and OSI Reference Model Comparison Application Layer Functions and Protocols Transport Layer Functions and Protocols Internet and Network Access Layer Functions and Protocols Network Devices Describe the components required for network and Internet communications Ch# 2 2 2 2 3 Network Essentials TCP/IP and OSI Reference Model Comparison Network Devices WAN Fundamentals Wireless Networking 1 Identify and correct common network problems at layers 1, 2, 3, and 7 using a layered model approach OSI Reference Model TCP/IP and OSI Reference Model Comparison Troubleshooting 1 Differentiate between LAN/WAN operation and features Network Essentials WAN Fundamentals 1 11 2 3 11 11 2 12 Implement a small switched network Physical Media Select the appropriate media, cables, ports, and connectors to connect switches Network Devices to other network devices and hosts Switch Fundamentals 3 3 5 Explain the technology and media access control method for Ethernet technologies Ethernet Characteristics Ethernet Standards 4 4 Explain network segmentation and basic traffic management concepts Switch Fundamentals Switch Design Considerations Routing Fundamentals 5 5 6 Explain the operation of Cisco switches and basic switching concepts Switch Fundamentals Initial Configuration About Cisco Switches 5 9 9 Beginner Exam Readiness Checklist Advanced CCENT Cisco Certified Entry Networking Technician Study Guide Intermediate xxxviii
  • 39. Study Guide Coverage Ch# Perform, save, and verify initial switch configuration tasks, including remote access management The IOS and Configuration Files The CLI Initial Configuration Securing the Configuration 8 8 9 9 Verify network status and switch operation using basic utilities (including ping, traceroute, telnet, SSH, arp, ipconfig), SHOW, and DEBUG commands The IOS and Configuration Files The CLI Securing the Configuration First Steps Troubleshooting 8 8 9 10 12 Implement and verify basic security for a switch (port security, deactivate ports) Initial Configuration Securing the Configuration Interface Configuration 9 9 9 Identify, prescribe, and resolve common switched network media issues, configuration issues, autonegotiation, and switch hardware failures Initial Configuration Securing the Configuration Interface Configuration Troubleshooting 9 9 9 12 Implement an IP addressing scheme and IP services to meet network requirements for a small branch office Describe the need and role of addressing in a network Routing Fundamentals Introduction to IP Addressing Subnet Tasks Subnet Essentials 6 6 7 7 Create and apply an addressing scheme to a network Routing Fundamentals Introduction to IP Addressing Subnet Tasks Subnet Essentials 6 6 7 7 Assign and verify valid IP addresses to hosts, servers, and networking devices in a LAN environment Subnet Essentials Subnet Tasks 7 7 Explain the basic uses and operation of NAT in a small network connecting to one ISP WAN Fundamentals Routing Configuration 11 10 Advanced Official Objective Beginner Exam Readiness Checklist xxxix Intermediate Introduction
  • 40. Official Objective Study Guide Coverage Ch# Describe and verify DNS operation Application Layer Functions and Protocols 2 Describe the operation and benefits of using private and public IP addressing Introduction to IP Addressing Subnet Essentials 6 7 Enable NAT for a small network with a single ISP connection using SDM and verify operation using CLI and ping WAN Fundamentals Routing Configuration 11 10 Configure, verify, and troubleshoot DHCP and DNS operation on a router (including CLI/SDM) WAN Fundamentals Routing Configuration 11 10 Implement static and dynamic addressing services for hosts in a LAN environment Application Layer Functions and Protocols Introduction to IP Addressing WAN Fundamentals 2 6 11 Identify and correct IP addressing issues Introduction to IP Addressing Troubleshooting 6 12 Describe basic routing concepts (including packet forwarding and the router lookup process) Introduction to IP Addressing Routing Fundamentals Routing Configuration Subnet Tasks 6 10 7 7 Describe the operation of Cisco routers (including router bootup process, POST, and router components) Routing Fundamentals First Steps Configuration Fundamentals Routing Configuration WAN Fundamentals 6 10 10 10 11 Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts Network Essentials Physical Media Network Devices Configuration Fundamentals Routing Configuration Wireless Networking 1 3 3 10 10 11 Implement a small routed network Beginner Exam Readiness Checklist Advanced CCENT Cisco Certified Entry Networking Technician Study Guide Intermediate xl
  • 41. Study Guide Coverage Ch# Configure, verify, and troubleshoot RIPv2 Routing Configuration 10 Access and utilize the router CLI to set basic parameters The IOS and Configuration Files First Steps Configuration Fundamentals 8 10 10 Connect, configure, and verify the operation status of a device interface Routing Configuration Troubleshooting 10 12 Verify device configuration and network connectivity using ping, traceroute, telnet, SSH, or other utilities The IOS and Configuration Files The CLI Securing the Configuration First Steps Troubleshooting 8 8 9 10 12 Perform and verify routing configuration tasks for a static or default route given specific routing requirements Routing Fundamentals Configuration Fundamentals Routing Configuration WAN Fundamentals 6 10 10 11 Manage IOS configuration files (including save, edit, upgrade, and restore) The IOS and Configuration Files The CLI 8 8 Manage Cisco IOS The IOS and Configuration Files The CLI 8 8 Implement password and physical security The IOS and Configuration Files The CLI Securing the Configuration 8 8 9 Verify network status and router operation The IOS and Configuration Files using basic utilities (including ping, The CLI traceroute, telnet, SSH, arp, ipconfig), Securing the Configuration and the SHOW and DEBUG commands First Steps Troubleshooting 8 8 9 10 12 Explain and select the appropriate administrative tasks required for a WLAN Describe standards associated with wireless media (including IEEE WI-FI Alliance and ITU/FCC) Ethernet Standards Wireless Networking 4 11 xli Advanced Official Objective Beginner Exam Readiness Checklist Intermediate Introduction
  • 42. Official Objective Study Guide Coverage Ch# Identify and describe the purpose of the components in a small wireless network (including SSID, BSS, and ESS) Wireless Networking 11 Identify the basic parameters to configure on a wireless network to ensure that devices connect to the correct access point Wireless Networking 11 Compare and contrast the wireless security features and capabilities of WPA security (including open, WEP, and WPA-1/2) Wireless Networking 11 Identify common issues with implementing wireless networks Wireless Networking Beginner Exam Readiness Checklist 11 Identify security threats to a network and describe general methods to mitigate those threats Explain today’s increasing network security threats and the need to implement a comprehensive security policy to mitigate those threats Network Devices Network Security 3 12 Explain general methods to mitigate common security threats to network devices, hosts, and applications Network Devices Network Security 3 12 Describe the functions of common security appliances and applications Network Devices Network Security 3 12 Describe security recommended practices, including initial steps to secure network devices Network Devices Switch Design Considerations Initial Configuration Securing the Configuration First Steps Configuration Fundamentals Network Security 3 5 9 9 10 10 12 Advanced CCENT Cisco Certified Entry Networking Technician Study Guide Intermediate xlii
  • 43. Study Guide Coverage Ch# Implement and verify WAN links Describe different methods for connecting WAN Fundamentals to a WAN 11 Configure and verify a basic WAN serial connection 10 10 11 Configuration Fundamentals Routing Configuration WAN Fundamentals xliii Advanced Official Objective Beginner Exam Readiness Checklist Intermediate Introduction
  • 44. This page intentionally left blank
  • 45. 1 Networking 101 CERTIFICATION OBJECTIVES 1.01 Network Essentials 1.02 The OSI Reference Model ✓ Q&A Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use. Two-Minute Drill Self Test
  • 46. 2 Chapter 1: Networking 101 Y ou cannot begin learning any aspect of technology or industry without first mastering the basics. This chapter covers the building blocks you’ll need to be successful in the rest of your study. The first half explores some basic terminology and definitions, what networks look and act like, and the components that make up the network, while the second half—through an examination of the OSI Reference Model—looks at how data is treated as it moves through your network. A thorough understanding of this chapter should provide a great bedrock upon which to build the rest of your study! CERTIFICATION OBJECTIVE 1.01 Network Essentials Any text on networking should begin by defining what, exactly, a network is. In its simplest terms, a network is a collection of systems and devices exchanging data over some form of media. The systems provide an interface for users to easily share, store, and access a variety of data, the network devices provide a means to control and regulate the traffic between the systems, while the media provides a pathway for the data to travel across. It sounds simple (and it really is), but it can get complicated in a hurry. Let’s keep it simple and start with the definitions and terminology you’ll need to know. Network Definitions The world of networking has more than its share of terminology and jargon. In this section, we’ll introduce some terms and concepts you’ll need to be familiar with as you move forward. We’ll cover things in a logical order, hitting terms that range from what makes up a network and how data is transmitted on the wire, to how far the network reaches. When thinking about what components make up a network, most observers pick the obvious—the devices they can see or touch. As you’ll see, there’s more to it than that. A network is first made up of hosts. A host is defined as any device that holds a logical address on your network. Most commonly, this address is an Internet Protocol (IP) address, which we’ll cover later in the book. Hosts can be workstations, servers, printers, connection devices, or routers. Apprentice network technicians generally do a good job keeping track of the computers and printers on the network, but
  • 47. Network Essentials 3 sometimes forget to include the connection devices and routers in their overall address plan. It’s important to remember that, even though you do not necessarily interact with them daily (as you would a workstation or server), switches and routers need attention, too. The next major term commonly left out in a discussion of networking is the information itself. After all, what would a network be without data to transmit? Information transmitted across a network can include voice, video, or data (text, presentations, pictures, and so on). Each of these requires special attention and functionality to traverse the network correctly. While we cover actual data types and terms later in this chapter, keep in mind that networking isn’t just data anymore. Modern networks are charged with delivering our phone calls and, soon, our television and entertainment options. Data—no matter what its form—is transmitted in the form of bits. A single bit is a 1 or a 0 (based on the binary number system of two digits versus the typically used decimal numbering system based on the digits 0–9). An arrangement of eight bits in a specific order is known as a byte. Bits can also be arranged to signify a hex digit. Hex digits are always four bits in length and are expressed to the human eye as the numerals and alpha characters 0–9 or A–F. Depending on the specific combination of bits, bytes, and hex digits received, a host will respond accordingly. Some bit streams, for example, tell the host, “A message is coming and it is intended for you. Please process the information contained inside.” After the hosts and connection devices are in place, you need something for the data to travel on between them. Transmission media is the physical pathway over which the data travels. A wide variety of media choices are available in networking and can be broken down into two major categories: bound or unbound (cabling or wireless). Akin to the roads on which you drive your car, cabling is the most common media choice, and includes two types: copper (transmitting electrical impulses) and fiber (transmitting data in the form of light impulses). Wireless makes use of radio frequency (RF) waves, microwaves, or infrared beams to send data packets from one host to the next. Our next definition has to do with the rules of the road. Human beings can, oftentimes, make up the rules as they go, while exchanging data. For example, while you may speak perfect fluent English, your client may not. They may speak slower, or broken, English—occasionally misusing a noun or applying the wrong tense of a verb or two. As a human, you can assimilate these changes to the expected spontaneously and apply understanding to the communication. Unfortunately, computer systems do not function this way. Standardized, near ritualistic, activities must be in place or the communications process cannot continue. Protocols provide this for your
  • 48. 4 Chapter 1: Networking 101 network. A protocol is simply an agreed upon set of rules for a particular network function. For example, you may agree on a specific method of encoding an electrical signal on a wire to signify a 1 or a 0. Timing sequences, the specific arrangement of bits to signify an address, and how a host can tell that the other end is receiving all the data sent are all examples of protocols in use. Protocols in networking are usually combined in one grouping, referred to as a protocol suite or stack. Once you have bits from your hosts ready to travel on the media, you should familiarize yourself with a few more terms. The first is bandwidth. Just as with the roadways you drive on, a given media only has a finite number of lanes the data can travel on. The more lanes you have, the higher the bandwidth available to you. Bandwidth is generally considered to be the total amount of data (in bits) you can theoretically transmit within a given time period (typically one second). Bandwidth is expressed in bits or bytes per second in digital networking. For example, 10 Mbps would be 10 million bits per second (a million bytes per second would appear as 10 MBps). On analog circuits, bandwidth is expressed in cycles per second (Hertz, or Hz), and is usually simply the difference between the top and bottom frequency range available. Another term closely related to bandwidth is throughput. While bandwidth is the theoretical total amount of data a given media can transmit, throughput is the actual measurement of the data that’s able to pass through the media at any given time. Expressed in the same manner as bandwidth, throughput can be thought of as what you are really getting out of your network. In many cases, throughput is the more Pay close attention to the important measurement and can be affected bandwidth and throughput measurements by an increase in network traffic, transmission of network devices and media. errors, interference, network devices, and a host of other variants. Last in our terminology discussion is the method in which hosts can send and receive traffic. In simplex transmission, devices can only send in one direction. In duplex, devices can send in both directions. To further complicate things, duplex has two implementations: half and full. In half duplex, the systems can transmit in either direction, but only one at a time. In full duplex, both systems can transmit in either direction simultaneously. Whenever possible, network design should include as much full duplexing as possible. In many cases, your duplex setting may be more important than your overall bandwidth/speed available. Incorrect duplex settings could affect the perceived throughput of the network connection.
  • 49. Network Essentials 5 Network Topologies One of the first steps in designing your network is to decide on its topology. A topology is simply the layout of your network hosts and media. The topology can refer to how the network actually looks (the physical topology), as well as how the data travels on your network (referred to as the logical topology). Physical Topologies The physical topology of the network refers to how the network actually looks from a bird’s-eye view—the physical cabling layout of the network itself. Usually, these are very easy to distinguish from one another. The five different physical topologies are bus, ring, star, mesh, and hybrid. See Figure 1-1 for examples of physical topology appearances. A bus topology consists of all devices connecting to a single wire—a coaxial cable. A physical bus looks like a straight line—a stick—with connections to hosts coming off Be sure you understand in a “T” shape. Physical bus topologies are the appearance, benefits, and drawbacks simple to implement and use the least amount of each physical topology. of cabling of any topology; however, they are FIGURE 1-1 Physical topologies Mesh Star Ring Bus
  • 50. 6 Chapter 1: Networking 101 relatively difficult to troubleshoot. A break in the cable in a bus topology brings the entire system down, and breaks are usually very difficult to locate. Additionally, terminators (50-ohm, usually) must be affixed to both ends. A terminator is a resistor attached to each end of a bus topology network to cause the signal to stop rather than reflect back toward the source. A loose or missing terminator will also bring down the entire network. In a ring topology, all devices are connected to each other in the shape of a circle—the first device feeds into the second device, which in turn feeds into the third, and so on and so on until the loop plugs back into the first device. As with bus topology, a break in the cable brings the entire network down. However, cable faults are much easier to find and resolve when compared to bus topology. Another disadvantage of ring topology is that it is difficult to expand. Each device must be reconfigured when you add a new one to the ring. Ring topologies can be either single ring or dual ring. Dual rings provide redundancy in the case of a line break—if a cable breaks on one ring, the devices can use the other to communicate until the fault is repaired. Star physical topology is by far the most common in day-to-day networking. In a star topology, all devices are connected to a single, central device—usually a hub or a switch. The benefits of star are fairly easy to decipher—cable faults only take down the host on that cable (not the entire network), the network is easily expandable, and troubleshooting is very simple. The only drawback is that it uses more cabling than a bus and provides a central point of failure—thus, if the central device fails, the entire network goes down. Star topologies can also include extended star, where the central device extends links to other hubs and switches. Mesh and hybrid topologies are the last two physical topologies. In a mesh topology, every device is directly connected to every other device. Mesh networks have the benefit of complete redundancy—a network break doesn’t affect anything. However, they do use the most cable and have scalability problems. Should you ever have to determine the number of links used in a mesh network, counting them may prove a challenge. The formula for calculating the number of links in a mesh network is N(N–1)/2, where N is the number of hosts. Hybrid topologies are simply any combination of two or more physical topologies. Which would you choose? Most office and home networks are built using star topology. Support is plentiful, media and connection devices are easy to come by, and installation and troubleshooting is a snap. Instances exist, however, where you should choose one of the others, but be prepared to see a lot of star networking.
  • 51. Network Essentials 7 Logical Topologies The physical layout of the network is only half the picture. The logical topology refers to the path the data actually travels on its way through the network. Regardless of what the network physically appears to be, the pathway of the data itself may be something completely different. The two major logical topologies are bus (broadcast) and token (ring). A bus logical topology broadcasts data to all nodes on the network at the same time. This may seem like a difficult concept to grasp, but consider an analogy. Suppose you are holding a copper wire. Ten other people are holding the same wire with you. You apply voltage to the wire. Who gets shocked? The answer is, of course, everyone. It has nothing to do with the address—you may have been signaling the person at the very end of the cable, but given physics, anyone touching the copper will get shocked. In a bus topology, a system listens for the wire to get “quiet,” then broadcasts its message to the cable. All stations receive it, but only the one it is addressed to can open it. Also known as contention-based networking, bus is the most commonly used logical topology, and bus and star physical topologies make use of this method of communication. While it seems like a free-for-all and there’s no guarantee you’ll get to speak on the network, broadcasting is actually very fast and efficient when properly implemented. A token passing, or ring, topology works in a more organized, almost friendly format. In a token passing logical topology, systems can only transmit information when they hold a special data packet, known as a token. The token is passed from one device to the next, in a prescribed, circular path. Each device receives the token and examines it. If it holds a message for the device, it will open and process it. If it doesn’t, it will pass it on to the next device in the ring. If the token is empty and the device has something to transmit, it will place its message in the token and send it along the pathway. If the token is already in use, the device will have to wait for a free token to come along before transmitting. While this seems orderly and less contentious than bus topology, token passing is actually much slower and not used nearly as often. Also known as deterministic based networking, token passing can be used by bus, star, and ring physical topologies. Pay attention to the wording of questions regarding the logical topology. Many times a physical star topology can still pass data from one machine to the next, making it a logical ring. In the event that a star topology acts as a ring, the central device is called a Multi Station Access Unit (MSAU).
  • 52. 8 Chapter 1: Networking 101 Network Categories Defining a network category usually revolves around two things: the geographical area covered and who owns the lines. Networks are typically of two types: LANs and WANs. Additionally, the implementation and functions of these networks also include several other terms, such as SOHO, branch office, and central office. LANs A LAN (local area network) can be defined as a network that serves users within a small geographic footprint. Usually LANs are confined to a single room, floor, or building, although they can cover as much as an entire campus. LANs are generally created to fulfill basic networking needs, such as file and printer sharing, file transfers, or gaming. The key to defining a LAN usually comes with examining the administrative control boundary—if you own all the devices and cabling within it, and it is confined to a manageably small geographic area, it’s a LAN. LANs are generally high speed in nature and contain workstations, servers, printers, hubs, and switches. Depending on their use within the network, devices such as firewalls, gateways, proxies, and routers can also be considered part of a LAN. Lastly, one of the primary defining characteristics of a LAN is its physical data transmission technology. By far, Ethernet is the most common LAN technology, but there are many others, including Token Ring and ATM. LAN traffic is generally considered inside traffic, whereas WAN traffic is considered outside. Another term tossed about in networking is the Metropolitan Area Network (MAN). MANs are usually larger than LANs—spanning a city, for instance— but are not as large as a WAN. In most instances, the term MAN and WAN can be used interchangeably on a given network. WANs A WAN (wide area network) is nothing more than the network connecting a collection of LANs across a wide geographic area—perhaps a state, nation, or even the whole world! Aside from the distance variable, another defining characteristic of WANs is the concept of a leased line. Most companies and individuals do not have the time or resources to install physical cabling across great distances to hook their networks together. Therefore, they simply lease bandwidth from a provider
  • 53. Network Essentials 9 who already has those lines in place. WAN technologies include everything from dial-up networking with a modem to leased dedicated bandwidth space on frame relay networks. WAN technologies fall into three major categories: circuit switched, packet (or cell) switched, and dedicated connections (point to point). Circuit switched WAN connections work much like your telephone at home. When you wish to transmit, you make a call and the line is in use until you are finished transmitting. No one else can use the line, and it remains open, even when you’re not talking. WAN technologies using circuit switching include regular dial-up with a modem, using the plain old telephone system (POTS), or Integrated Services Digital Networking (ISDN), using specialized equipment to send digital messages over special phone lines. The advantages of circuit switched technologies include cost (cheaper, generally), scalability (easy to install and expand), and availability. Packet or cell switching technologies work a little differently than circuit switching. In a packet switched network, the point-to-point circuits between devices are opened for the length of time it takes to send a message, and are then cleared for use. Cell switching works in much the same way. The only difference has to do with the length of the individual packet sent. In cell switching, the cell size is always the same, whereas with packet switching, the sizes of individual packets vary. Packet switching allows multiple connections from one device, but is generally much more expensive than circuit switching. Packet/cell switched technologies are also harder to implement and may not be available in all locations. However, for larger companies or for companies requiring Quality of Service (QoS) features for specialized programs, these technologies are well worth the investment. Point-to-Point, or dedicated, WAN connections are exactly what they sound like—a leased line that directly connects one network to another. The advantage is that the connection is always up and available, and you are guaranteed 100 percent of the bandwidth available 100 percent of the time. The drawback is closely related—whether you use the bandwidth or not, you pay for it. Generally speaking, these connections are rather expensive to implement. Examples of dedicated connection include the “T” lines, such as T1 (1.544 Mbps), T2 (6.312 Mbps), and T3 (44.736 Mbps). Obviously, only one connection device per line is allowed on each end, so scalability with this option is also a concern. For example, suppose a network had one central office and five branch offices. To connect these together using T lines, the route at the central facility would need at least six ports available—one to serve the central office, and five for each branch office. Going a step further, if you decided to fully mesh this network, each router at each location would also need six ports available. In comparison with frame relay, each office router would only need one port, making scalability much easier.
  • 54. 10 Chapter 1: Networking 101 Due to cost and ease of scalability, most enterprise networks make use of packet switched technologies, such as frame relay or ATM. Location Terminology Within the LAN/WAN architecture, your business will have several offices and networks functioning toward your end goal. Each of these locations refers to a specific user, or groups of users, within your network, as well as to the location at which you would find them. A small office/home office (SOHO) is fairly self-explanatory. The SOHO refers to a single user, or a small group of people (one to ten), working from a single location, such as a home or office space. This location usually doesn’t require a dedicated connection to a corporate network, as SOHOs are generally considered to be independent businesses on their own. Typically, network connectivity for the SOHO requires lower bandwidth and, therefore, cheaper options are considered. The branch office is very close in definition to a SOHO, with one major difference. The branch office, oftentimes, supports a small group of people, just as the SOHO does. However, the branch office has its own LAN and is considered a part of the overall corporation or enterprise. Branch offices are, simply, portions of the enterprise that happen to be in different geographical locations than the corporate headquarters. Network connections to branch offices vary greatly depending on the bandwidth and traffic support needs, and can include any of the WAN technologies discussed earlier. Finally, the last “location” to worry about is the mobile user. A mobile user is part of the corporation, but is not located at a branch office. These users may be salespeople, technicians, managers, or any member of the company that is traveling on business. Oftentimes, these users, while not at a location that belongs to the company, need to connect back to the central office for any number of tasks. Connections for mobile users must be guarded very carefully, and strong caution is advised in setting up a method for remote access. Be sure to pay particular Generally speaking, mobile users connect via attention to the network connection dial-in or by using the existing public Internet, via technologies needed by each location. some form of a virtual private network (VPN).
  • 55. The OSI Reference Model 11 CERTIFICATION OBJECTIVE 1.02 The OSI Reference Model Thankfully, standards exist for almost everything in day-to-day life. Imagine, for example, how difficult it would be to replace a missing bolt on your vehicle if the sizes weren’t standardized, or attempting to fix a plumbing problem in your home if every house used different-sized pipes. ISO, the International Organization for Standardization, has created standards for almost everything you can imagine—film, pipe and screw threads, even the size of holes for a paper punch are all covered by an ISO standard. In addition to the multitude of day-to-day life standards, ISO is also responsible for giving us the OSI Reference Model. Functions and Advantages A common question asked by new networkers is, “What, exactly, does the OSI Reference Model do?” The answer may be a little surprising. Technically, the OSI Reference Model does…nothing. You do not buy a box of it, you don’t install it, and you don’t configure it on devices. The main purpose of the OSI Reference Model is to provide a means for us to break down the communications process between two computers into stages, and easily discuss and describe the steps within each stage. While imperfect, the model provides a good method of breaking down the communication process in an organized manner for discussion, troubleshooting, and training. One word bandied about quite a bit in regards to the OSI model is encapsulation. Encapsulation is the process of adding a header and a trailer to a piece of data. While each stage of communication (layer of the model) adds a header to the data, only one layer always adds a trailer. Some texts define encapsulation as occurring in all layers of the model; however, it technically only occurs at one—the Data Link layer. When ISO developed the OSI Reference Model, every effort was made to distinctly separate logical functions from one layer to the next. This design concept greatly enhances vendor efficiency in creating new network devices, protocols, and services. For example, a vendor can choose to work in one layer and modify/enhance
  • 56. 12 Chapter 1: Networking 101 their product without adversely affecting the functions of the other layers. The OSI Reference Model provides several benefits: ■ It simplifies training and learning. ■ It reduces complexity in product and services design. ■ It provides for vendor interoperability. ■ It allows for modular construction. The Layers The OSI Reference Model splits the communications process into seven distinct You should be able to modular layers, with each layer accomplishing explain the benefits of the OSI Reference a specific function independently of all other Model, as well as layered protocol stacks. layers. The layers do rely on layers above and below to provide something to work with, but they don’t necessarily care what they receive to work with. For example, as you’ll see, the network layer doesn’t really care which segment number it is addressing and routing—it simply knows it has a segment to send. Each layer is discussed in further detail next. The individual protocols mentioned will be discussed in greater detail in Chapter 2. Figure 1-2 displays the seven layers. FIGURE 1-2 The OSI Reference Model layers Application layer (7) Presentation layer (6) Session layer (5) Transport layer (4) Network layer (3) Data Link layer (2) Physical layer (1)
  • 57. The OSI Reference Model 13 Because the OSI model acts as a foundation for the rest of networking, it’s very important that you thoroughly understand the stack. It is essential you be able to identify: ■ The order of the layers, from top to bottom, and bottom to top ■ The number that corresponds to each layer ■ The function(s) of each layer ■ The protocols and devices that work at each layer Memorizing the layers and their numbers is actually fairly easy using a mnemonic. Keeping in mind that the “top” of the stack is layer 7—Application—simply take the first letter of each layer and create a phrase to help remember their place in the stack. Common examples are, “Please Do Not Throw Sausage Pizza Away” and “All People Seem To Need Data Processing.” There are, literally, hundreds of different mnemonics new network technicians use to help remember the layers. Find one that works for you and stick Memorize the information with it! In the remainder of this section, we’ll in Table 1-1. Questions may or may not examine each layer in more detail. Refer to be explicit, but you will need to know this Table 1-1, OSI Protocols and Devices, as you information to correctly determine the read more information about the devices and question’s intent. protocols working at each layer. TABLE 1-1 OSI Protocols and Devices Protocols/Standards Working in the Layer Layer Devices Found in the Layer Application Firewall, Gateway, and IDS SMTP, POP3, DNS, DHCP, FTP, HTTP, TFTP, SNMP, VoIP Presentation N/A JPG, JPEG, TIFF, PNG, GIF, MIME Session N/A NFS, ASP, SQL, RPC Transport Firewall TCP, UDP, SPX Network Router IP, IPX, Appletalk Data Link Bridge, Switch Ethernet, PPP, HDLC, Frame Relay, ATM Physical Transceiver, Repeater, Hub RJ45, ST/SC, V series (modem standards)
  • 58. 14 Chapter 1: Networking 101 The Data Layers (Application, Presentation, and Session) It might help you to understand the functions of the seven layers of the OSI model if you think of them in terms of data layers and delivery layers. The data layers would be the top three layers of the model. At the top of the stack, we find layer 7—the Application layer. A common mistake made by new network technicians regarding the Application layer is the belief that the applications themselves reside here. This is not accurate. The Application layer holds the protocols that allow programs to access and make use of a network. For example, Microsoft Outlook—a common e-mail program—can work just fine without a network. You can open, edit, create, and delete e-mails offline just as well as you can online. However, if you wish to use the network to send and receive e-mail, you need an Application layer protocol to do this. In this example, the Application layer protocol would be SMTP. Continuing the e-mail analogy, imagine you are sending an e-mail from a Microsoft Outlook application to a computer running the Thunderbird e-mail application. You may have bold, italics, and any number of font settings within your e-mail. Additionally, you may attach a picture file (jpg) for the recipient to enjoy. Thunderbird might treat bold, italics, and font settings differently than does Outlook, and SMTP is only capable of sending ASCII code (a combination of bits representing an alphanumeric character, commonly referred to as, simply, text). Enter layer 6—the Presentation layer. The Presentation layer is responsible for formatting and code conversion between systems. This layer accepts the data from the Application layer and ensures it is placed in a format the end station can understand. In this case, the e-mail is in text mode, and another protocol, like MIME, translates the jpg into ASCII for transit. Once received at the far end, the recipient’s Presentation layer will perform the reverse, handing the data back to the Application layer protocol. Encryption is another function of the Presentation layer. While the Presentation layer has historically been responsible for encryption, modern systems make use of encryption at other layers—particularly layers 3 and 4. Layer 5—the Session layer—is perhaps the most enigmatic and troublesome of the entire stack. This layer doesn’t necessarily do anything to the data at all. Instead, its function is to work in the background, ensuring the communications process between two systems runs smoothly. The standard definition applied to the Session layer is that it creates, maintains, and tears down sessions. To correctly understand this, consider an analogy.
  • 59. The OSI Reference Model 15 A person and their significant other are driving down the road, discussing the day’s events. While one partner is talking, the other begins to daydream a little. After a few seconds, the one talking says, “Are you listening to me?” BAM!—communications are reestablished and data flow is stabilized. Notice the communications process never actually stopped, it just needed a little “massaging” to continue properly. That is exactly what the Session layer does for us. In addition to changing the world and simplifying our lives, computers are, at heart, insecure little beings and need constant reassurance that the other end is still listening and still playing by the rules. The Session layer takes care of this throughout the communication process. An example of Session layer protocols would be an SQL session or an RPC session between two servers. Certain things are just a given—the sun will set in the West, fried food is always better in the South, and RPC will be used as an example for a Session layer protocol on exams. The Delivery Layers Until this point in the process, we still have one giant block of data handed down from the Application and Presentation layers. In keeping with the old truism, “It’s easier to pour pebbles down a pipe than boulders,” it makes sense that this data could be sent faster if we were to break it up into smaller, more manageable segments. In doing this, each segment could be delivered very quickly, but we’d have to take steps to make sure the recipient could reassemble all the segments in the proper order. Enter layer 4: the Transport layer. The Transport layer’s main job is to efficiently and reliably transport the data from the sender to the recipient. It does this via three main functions: segmentation, the reliable delivery of data, and flow control. Transport layer functions are relatively easy to understand. Segmentation is simply taking a small piece of the bits making up the data as a whole. A small header is put in front of these bits. Inside the header is all sorts of information, including: ■ A sequence numbering system (one of X, two of X, and so on) to mark each segment and provide a means to put them back together on the recipient end ■ A method to let the recipient know which application needs to look at the bits in the data field
  • 60. 16 Chapter 1: Networking 101 ■ A method to ensure segments can be delivered as quickly as possible without overwhelming the recipient ■ A means to ensure that the recipient actually received each segment As you can see, the information in the header is used by both parties to ensure all the segments get there in the order they were sent (reliability) and the recipient is processing data as quickly as possible without being swamped (flow control). The segments are then passed down to layer 3. The Network layer—layer 3—then answers a question that, so far, has not been answered: “Just where is the segment going?” The Network layer is responsible for logical addressing and routing. Receiving a segment from the Transport layer, the Network layer adds a header that includes a source and destination logical (network) address. This address is read by layer-3 devices (routers) and best path determinations are made to deliver the segment to its final destination. At this point, your system has a packet ready to deliver, but still needs a couple of questions answered. Specifically, how do I get on the media and which device inside my network will deliver this to its destination? Enter the Data Link layer. The Data Link layer is responsible for media access, physical addressing, and framing. Media access refers to the method in which your system accesses the media—it either transmits when quiet, or waits for a token. Layer 2 takes the packet and attaches a header and a trailer. The header contains the source and destination physical addresses needed to move the data inside your network segment. The trailer contains something called an FCS—Frame Check Sequence. The FCS is used by layer-2 devices to ensure that the bits inside the frame are in good order. This process is called framing, and is also referred to as encapsulation. Each layer-2 technology has a different method of framing, which will be discussed in greater detail later in this book. Lastly, the frame is passed to layer 1—the Physical layer. At this layer, everything is simply bits. There are no addresses, no routing decisions, and no sense of which application is sending or receiving—if you receive an electrical shock, you give one. The Physical layer is responsible for encoding bits onto a media. Encoding is the process of manipulating an electrical (or light) signal to represent a 1 or a 0. Standards in the Physical layer vary greatly, and apply to such things as the way connectors are affixed to different cable types, or the impedance allowed on a given copper cable. As the bits hit the wire, they are passed up the stack on devices receiving them. The process is reversed on the recipient end, with each layer removing the header from the layer below it to examine the information in its own header. With this information, the recipient can make decisions to continue to pass it up the stack,
  • 61. The OSI Reference Model 17 or dump it. When you consider that this process occurs for each segment of data traveling back and forth between our systems, it really puts into perspective a few second’s wait for a web page to load. The distinction between data and delivery, and the categorizing of the layers within them, can greatly help with troubleshooting and network design.The top three layers are generally application-oriented, and spend their time on the data itself.The bottom four layers are concerned with delivering that data to a recipient. Network Components A thorough understanding of networking components, as well as their functions and placement, is essential to your success both as a networking technician, and as a potential candidate for certification. In this section, we will briefly cover some of the more common network components, and discuss several features, functions, and concerns with each. These devices will, quite obviously, be discussed at greater length throughout the rest of this text, and terminology like collision domain and broadcast domain will also be covered in greater detail. Additionally, the devices are discussed and listed within the layer where they work. Physical Layer Devices Physical layer devices do nothing more than physically connect wiring together to complete a path, or change the connection from one type to another. Examples of physical layer devices include transceivers, repeaters, and hubs. Transceivers connect one media type to another, such as a fiber connection to a copper one. Repeaters are used to extend the range of a given media—whatever they take in one port, they regenerate and repeat out the other. Hubs are nothing more than multiport repeaters. Comparatively, where a repeater takes bits in one port to relay to another, hubs have several ports they accept and relay bits on. Simply speaking, these devices are “dumb” and neither read nor understand data. Physical layer devices will pass on an electric shock, or light signal, exactly as they received it, making no decisions on its path whatsoever. These devices are used to extend the reach of network segments and, in the case of a hub, to share a single media segment between several systems. In other words, if a single network segment is capable of a 10 Mbps transmission, and you connect ten users to it using a hub, each user has an effective bandwidth of 1 Mbps. Physical layer devices extend collision domains, increase network traffic problems, and decrease (effective) available bandwidth.
  • 62. 18 Chapter 1: Networking 101 Data Link Layer Devices Data Link layer devices actually read your internal physical network addresses and make decisions on forwarding or filtering traffic. The addressing used inside your network segment is akin to the street address on the front of a letter addressed to you—it makes sense to your local postal carrier, but wouldn’t mean a thing to someone in a different city or state. These devices have the processing power to read these addresses and make decisions on which port(s) to send the data through. Layer-2 devices include bridges and switches. Switches and bridges split (or segment) collision domains, decrease network traffic problems, and increase effective available bandwidth to hosts. However, keep in mind they are incapable of moving traffic outside your LAN. Network Layer Devices Network layer devices play a unique role in your network design. These devices read the logical network addresses on your data and make decisions about which route to send the data. This sounds very much like the switches and bridges discussed earlier, but keep in mind the layer-3 device not only knows which port to send the data out, but also the best route through outside networks to its final destination. Continuing the analogy from earlier, if the street address on your letter is akin to the physical address of your hosts, the logical address used by layer-3 devices is equivalent to the ZIP code. When you place a letter in your mailbox, the local carrier doesn’t look at the street address, they look at the ZIP code and make a determination about which post office should see the letter next. This process continues until the letter reaches a post office that does recognize the street address. Routers (and sometime firewalls) are layer-3 devices, and not only split collision domains, but also broadcast domains. Routers are placed on the borders of your networks and subnets, for obvious reasons. Other Devices Networks can also include a variety of other devices, such as firewalls, gateways, and proxies. A firewall is a device that typically works at layers 3 and 4, and is used to filter network traffic based upon rules the administrator configures on the device. Generally placed between your network and the Internet, firewalls work on an implicit deny principle—if you do not explicitly allow the traffic, it is blocked. Gateways work at all layers and are generally used to connect networks and applications of different types together. A proxy is a system that provides a specific service to a host. For example, a web proxy will make requests to the Internet for web content on behalf of a host. This increases security and performance since web
  • 63. The OSI Reference Model 19 traffic coming from your network appears from only one system, and hosts can access cached pages on the proxy instead of going out to find them. Generally speaking, these devices are usually placed between your network and the Internet in a special network called a DMZ. While you may not see definition type questions regarding these devices, it’s extremely important to know the basics of their function and placement within your network. Protocol Data Units As important as it is for you to know the OSI model’s protocol and devices, it may be even more important to know the encapsulation steps as the data moves through systems. As the process in data exchange moves from one layer to the next, the information is given a specific name. The protocol data unit (PDU) is the name given to the bits at a given layer. As you remember from the earlier discussion, each layer adds a header to the information given to it from the layer above. The combination of that header and the information passed along from the preceding layer is known as a protocol data unit. PDUs can be referenced by a specific name, or by their layer. For example, the terms packet and layer-3 PDU mean the same thing. The PDUs are listed in Table 1-2. TABLE 1-2 Protocol Data Units Layer PDU Bits Added Application Data Header Presentation Data Header Session Data Depending on the protocol, either none or a header Transport Segment Header Network Packet Header Data Link Frame Header and trailer Physical Bits N/A
  • 64. 20 Chapter 1: Networking 101 The process of headers and/or trailers being affixed to data as it moves through the stack is referred to as encapsulation. It is vital to your success on the exam and as a network technician to know and understand these PDUs. Much like with the OSI model, a mnemonic can help you. An old mnemonic from the military is “Do Sergeants Pay For Beer?” Again, any mnemonic that helps you remember the terms will suffice. The Sergeants line is only one suggestion. Lastly, two additional terms need to be discussed here: adjacent layer interaction and same layer interaction. When the transport layer passes a segment on to the network layer for addressing and routing, that function is known as adjacent layer interaction. Quite simply, a layer interacts with a layer directly above or below it. Same layer interaction, ironically enough, occurs when two different computers interact using the same layer within their respective stacks. For example, the Transport layer on a recipient computer communicates with the Transport layer of the sending computer during the transmission process, to take care of retransmission requests, flow control, and acknowledgments. Despite the fact the layers are on different computers, this process is considered same layer interaction. Figure 1-3 demonstrates same layer and adjacent layer interactions. Be very, very careful with the term encapsulation. Encapsulation is considered a layer-2 function because that is the only layer guaranteed to wrap the data with a header and a trailer. However, FIGURE 1-3 Layer interaction the term is also used to refer to the process at each layer, regardless of a trailer being affixed. Pay attention to the wording of the question to avoid misunderstandings here. Computer A Computer B Application layer (7) Application layer (7) Presentation layer (6) Presentation layer (6) Session layer (5) Session layer (5) Transport layer (4) Transport layer (4) Network layer (3) Network layer (3) Data Link layer (2) Data Link layer (2) Physical layer (1) Physical layer (1)
  • 65. Certification Summary 21 INSIDE THE EXAM Network Essentials This chapter covered many of the bare-bones basics of networking, but don’t be surprised to see several questions on the exam concerning this material. Questions from the chapter may not be explicit—requiring a word-forword definition or a matching scheme—but the information in this chapter will help you answer questions you otherwise may have problems with. For example, a confusing scenario question may pop up, and the only real clue you can glean from it in the short time you have is the key word Frame. Well, framing is a layer-2 function, and the devices you’d need to look at are bridges or switches. Using this tip and the information in this chapter, combined with the explanations found throughout this book, will be the key to your success. Remember, networks require hosts, media, connection devices, data, and applications. The way the cabling appears from a bird’s-eye view is referred to as the physical topology, whereas the logical topology refers to the actual path the data uses to flow through the cabling. The devices making up a network range from Physical-layer dumb devices, all the way up to Application layer components, capable of making all sorts of decisions based on the bit stream read. Network categories and locations deal mainly with the geographic footprint and the users on the network. Pay particular attention to the devices that actually read addresses and make filtering or forwarding decisions. The OSI Reference Model The OSI Reference Model does a good job of breaking down the communication process into easily understood, manageable layers. Each layer has specific functions, devices, and protocols. The bits at each layer are known as PDUs, and each PDU has a specific name. Layers 2 through 4 will be tested most heavily on the exam, so pay close attention to the wording of the questions on the exam. Look for key words to help with each question: encoding is at the Physical layer, framing and error checking are at the Data Link layer, routing is at the Network layer, reliability and error correction are at the Transport layer, and encryption and formatting are at the Presentation layer. Lastly, be sure you can identify each layer by name and number, as well as which devices, protocols, and functions occur at each. CERTIFICATION SUMMARY This chapter focused on two main topics: network terminology and the OSI Reference Model. Network terminology includes terms about what makes up a network (hosts, protocols, and media), how data is transmitted on the wire
  • 66. 22 Chapter 1: Networking 101 (bandwidth, throughput, simplex, and duplex), and various network categories and locations (LANs, WANs, SOHOs, and branch offices). Network topologies include physical (bus, ring, star, and mesh), which describes how the cables physically appear, and logical (broadcast, or bus, and token passing, or ring), which describes how data actually flows through the media. Network categories (LANs and WANs) describe the geographical distance covered and the administrative control of a network. Network locations (SOHO, branch office, and mobile user) describe various users and functions in specific locations and circumstances. The OSI Reference Model provides an easily understood, modular description of data as it flows between two systems. The model splits the communications process into seven distinct layers, numbered seven to one, from top to bottom. Starting at the top, the layers include Application, Presentation, Session, Transport, Network, Data Link, and Physical. Each layer performs a specific function and relies on the layer above and below it to provide and/or take information. The information at each level has a specific name and is known as the PDU for that given layer.
  • 67. Two-Minute Drill ✓ 23 TWO-MINUTE DRILL Network Essentials ❑ Networks consist of specific devices exchanging data over a given media us- ing a specific set of protocols. Transmission can be in one direction (simplex) or in both directions (duplex). Network topologies describe how the network physically appears and how the data moves within the network. The physical and logical topologies are independent of each other. ❑ Each network component provides a specific function and works at a specific layer within a network model. Physical layer devices do not read addresses at all, Data Link layer devices read physical addresses, and Network layer devices read logical addresses. ❑ Network categories include LANs and WANs, with the overall geographic distance covered and services rendered determining the classification. Users work in a SOHO (a stand-alone small office), a branch office (an offsite LAN that is part of the overall enterprise WAN), or connect to a corporate network using mobile technology or VPNs. The OSI Reference Model ❑ The OSI simplifies training and education on networking concepts and stan- dards. Its modular design contributes to easier development and maintenance from multiple vendors. ❑ The OSI layers are Application, Presentation, Session, Transport, Network, Data Link, and Physical. The Application layer allows programs to access a network. The Presentation layer formats (and encrypts, if needed) data for transmittal. The Session layer opens, maintains, and closes a session. The Transport layer segments data and provides for reliable end-to-end delivery. The Network layer logically addresses packets and makes routing decisions. The Data Link layer assigns physical addresses, performs media access functions, and conducts framing (aka, encapsulation). The Physical layer encodes bits onto the wire. ❑ The bits making up the data payload and the header (and trailer for layer 2) at each layer is known as a PDU. The PDU at each layer has a specific name. The PDU at the Application, Presentation, and Session layers is known as
  • 68. 24 Chapter 1: Networking 101 data. At the Transport layer, the PDU is called a segment. The Network layer PDU is called a packet. At the Data Link layer, the PDU is known as a frame, and the PDU at the Physical layer is referred to simply as bits. ❑ In adjacent layer interaction, layers receive a PDU from a layer above or be- low it to perform a function on. In same layer interaction, the same layers on two different machines communicate with each other to accomplish a task.
  • 69. Self Test 25 SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question. Network Essentials 1. Which of the following defines a host? A. Any device with a connection to a network B. Any device on wireless C. Any device processing data D. Any device with an address on a network 2. Which of the following is/are true regarding hex digits? (Choose all that apply.) A. Hex digits are made of four bits. B. Hex digits are made of four bytes. C. Hex can be expressed as 0–9 and A–G. D. Hex can be expressed as 0–9 and A–F. 3. Which physical topology has all systems connecting to a central connection device? A. Bus B. Ring C. Star D. Mesh 4. A new network trainee presents her network diagram, which shows all systems connecting to a hub. She also tells you messages flow from one system to the next in line, until the message reaches the intended recipient. Which physical and logical topologies are in use? A. Physical Bus, Logical Ring B. Physical Star, Logical Ring C. Physical Ring, Logical Bus D. Physical Ring, Logical Ring 5. Which addresses do physical layer devices—such as repeaters and hubs—examine in order to make forwarding decisions? A. Physical B. Logical
  • 70. 26 Chapter 1: Networking 101 C. Host D. None of the above 6. Which of the following WAN technologies is considered packet switched? A. Frame relay B. T1 lines C. Dial-up D. DSL The OSI Reference Model 7. Which OSI layer is concerned with reliable end-to-end delivery of data? A. Application B. Transport C. Network D. Data Link 8. At what layer of the OSI model would you find framing? A. Transport B. Network C. Data Link D. Physical 9. Logical addressing is found in the ________________ layer, while physical addressing is found in the ________________ layer. A. Physical, Network B. Network, Physical C. Data Link, Network D. Network, Data Link 10. The OSI Reference Model layers, in order from top to bottom, are: A. Application, Physical, Session, Transport, Network, Data Link, Presentation B. Application, Presentation, Network, Session, Transport, Data Link, Physical C. Physical, Data Link, Network, Transport, Session, Presentation, Application D. Application, Presentation, Session, Transport, Network, Data Link, Physical
  • 71. Self Test 27 11. What is the PDU at layer 4 called? A. Data B. Segment C. Packet D. Frame E. Bit 12. What is the PDU at layer 3 called? A. Data B. Segment C. Packet D. Frame E. Bit 13. The Transport layer on the recipient machine requests a retransmission of a segment from the sending machine. This is an example of: A. Same layer interaction B. Adjacent layer interaction C. Cross layer interaction D. Split layer interaction
  • 72. 28 Chapter 1: Networking 101 SELF TEST ANSWERS Network Essentials ✓ 1. ® D. Any device with an address on a network (this will normally be an IP address). ® A is incorrect because not every device touching the network has an address. B is incorrect ˚ because the media (wireless or wire) has nothing to do with it. C is incorrect because a computer (or any device) can process data without being connected to the network. ✓ 2. ® A and D. Hex digits are four bits in length and can be manipulated to display the alphanumeric characters 0–9, A–F. ® B. Hex digits are made of four bits, not four bytes. C. Hex digits can only represent ˚ characters up to F. ✓ 3. ® C. A star topology connects all devices to a central point. ® A. All devices are connected to a single wire. B connects all devices in a circle, with one ˚ device connected directly to the next. D has all devices connected directly to all other devices. ✓ 4. ® B. The network diagram displays a physical star, and the description of the data pathway is a logical ring. ® A, C, and D. The diagram is a physical star. ˚ ✓ 5. ® D. Physical layer devices do not see addresses at all; they simply forward bits. ® A. Physical addresses are used by layer-2 devices, such as switches and bridges. B. Logical ˚ addresses are used by layer-3 devices, such as routers. C “Host” is a synonym for logical addresses. ✓ 6. ® A. Frame relay is a packet switched WAN technology. ® B. T1 lines are examples of dedicated connection WAN technology. C. Dial-up is an ˚ example of point-to-point WAN connectivity. D. DSL is not a packet switched technology. The OSI Reference Model ✓ 7. ® B. The Transport layer is responsible for segmentation, flow control, and reliable end-toend data delivery. ® A. The Application layer allows programs to access a network. C. The Network layer ˚ is responsible for logical addressing and routing. D. The Data Link layer is responsible for encapsulation, framing, media access, and physical addressing. ✓ 8. ® C. The Data Link layer is responsible for encapsulation, framing, media access, and physical addressing. ® A. The Transport layer is responsible for segmentation, flow control, and reliable end-to˚ end data delivery. B. The Network layer is responsible for logical addressing and routing. D. The Physical layer is responsible for encoding bits onto the media.
  • 73. Self Test Answers 29 ✓ 9. ® D. The Network layer is responsible for logical addressing and routing, while the Data Link layer is responsible for physical addressing and media access. ® A, B, and C are out of order. ˚ ✓ 10. ® D. From layer 7 to layer 1, the order is Application, Presentation, Session, Transport, Network, Data Link, and Physical. ® A, B, and C do not have the order correct. ˚ ✓ 11. ® B. The layer-4 PDU is called a segment. ® A. Data is the PDU for the top three layers. C. Packet is the PDU at the Network layer. ˚ D. Frame is the PDU for the Data Link layer. E. Bit is the PDU at the Physical layer. ✓ 12. ® C. Packet is the PDU at the Network layer. ® A. Data is the PDU for the top three layers. B. The layer-4 PDU is called a segment. ˚ D. Frame is the PDU for the Data Link layer. E. Bit is the PDU for the Physical layer. ✓ 13. ® A. A layer on one machine communicating directly with the same layer on a distant machine is known as same layer interaction. ® B. This interaction type involves a layer interacting with a layer directly above or below it ˚ in the same stack. C and D do not exist.
  • 74. This page intentionally left blank
  • 75. 2 TCP/IP CERTIFICATION OBJECTIVES 2.01 TCP/IP and OSI Reference Model Comparison 2.04 2.02 Application Layer Functions and Protocols ✓ 2.03 Transport Layer Functions and Protocols Q&A Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use. Internet and Network Access Layer Functions and Protocols Two-Minute Drill Self Test
  • 76. 32 Chapter 2: TCP/IP T he OSI Reference Model and the TCP/IP stack are foundational topics covered in almost every text on networking ever written. The OSI model gives us a great overall picture of data networking, while the TCP/IP stack shows the actual protocols and functions working together to accomplish the task. This chapter is dedicated to examining the layers, functions, and protocols found within the TCP/IP protocol stack. The first part of this chapter compares the TCP/IP suite to the OSI Reference Model. The second, third, and fourth sections cover individual layers, and the functions and working protocols you would find in each. As with Chapter 1, this information helps complete a solid foundation of networking knowledge. CERTIFICATION OBJECTIVE 2.01 TCP/IP and OSI Reference Model Comparison If you’ll remember from Chapter 1, each layer of the OSI model has a particular function or task to accomplish. The TCP/IP stack works in much the same way, with a few key differences. While the OSI Reference Model provides a great means for discussing data operations between two systems, it is not a viable, working protocol stack. TCP/IP has become the de facto protocol standard for networking and, like most operating protocol stacks, TCP/IP does conform to the same networking processes proposed by the OSI Reference Model. TCP/IP History In the late 1970s, and on through the early 1980s, ISO began work on the OSI model in an effort to standardize the burgeoning network protocol field. Work on the OSI model continued and, modeled after the System Network Architecture (SNA) model promoted by IBM, it caught hold in educational and training institutions, but never really caught on as a working suite. Along the same timeline, a small, almost ignored Department of Defense initiative was working on a set of networking rules and functions that would wind up changing the world. The Advanced Research Projects Agency Network (ARPANET) was developed and started operations in 1969. The U.S. government had a simple, albeit never before attempted, goal: create a communications method that could tolerate and
  • 77. TCP/IP and OSI Reference Model Comparison 33 automatically recover from massive outages at any given location. In other words, create a network capable of rerouting traffic around, say, an entire city destroyed by a nuclear bomb. From 1970 to 1983, government researchers and various educational institutions worked on this open standard. TCP/IP was officially adopted by ARPANET and all systems wishing to communicate with this network on January 1, 1983, and the Internet, as we know it, was born. TCP/IP eventually became accepted as the worldwide standard for communication due to its open architecture and, eventually, public input on its inner working. During development, and even today, details on individual protocols and needed functions are released in a Request for Comment (RFC). RFCs are open for public discourse; protocols and functions are refined and improved over time as individuals and institutions provide comments and recommendations on them. The eventual adoption of TCP/IP as an accepted standard greatly accelerated the development of the Internet, as well as the systems and devices connecting to it. The OSI model is still referenced in networking, with many of its terms and functionality used interchangeably with TCP/IP. However, the actual working stack of protocols is the TCP/IP model, and it differs slightly from the OSI stack. Comparing the Models As with the OSI model, TCP/IP divides networking functions into distinct layers. However, TCP/IP does so with only four layers: Application, Transport, Internet, and Network Access. All the functionality of the OSI model also occurs within the TCP/IP model; however, the layers do not line up exactly. Figure 2-1 displays the OSI and TCP/IP model comparison. FIGURE 2-1 OSI Model OSI to TCP/IP comparison Presentation layer (6) TCP/IP Model Application layer (7) Application Session layer (5) Transport layer (4) Transport Network layer (3) Internet Data Link layer (2) Physical layer (1) Network Access
  • 78. 34 Chapter 2: TCP/IP Carefully read questions asking you to match functions and protocols with a particular layer. Identify which stack the question is asking about before answering. For example, a question asking about routing has two different answers, depending on which stack the question is referring to: the Network layer for OSI, or the Internet layer for the TCP/IP model. CERTIFICATION OBJECTIVE 2.02 Application Layer Functions and Protocols As you can see in Figure 2-1, the Application layer of the TCP/IP model encompasses the top three layers of the OSI Reference Model (refer to Chapter 1 for a refresher on the Application, Presentation, and Session layers). All the functions, activities, and protocols from layers 7, 6, and 5 of the OSI model occur in the Application layer of TCP/IP. This TCP/IP layer: ■ Provides applications access to the network through a variety of specialized protocols ■ Provides data formatting, code conversion, and encryption ■ Establishes, maintains, and terminates sessions Literally hundreds of protocols are in the TCP/IP Application layer. Some of the more common protocols are covered throughout the rest of this section. DNS The Domain Name Service (DNS) may well be the most widely and universally used protocol within the Application layer. Its use is so ubiquitous within Internet communications, it’s even used by other protocols! Therefore, it is absolutely essential you understand the purpose of DNS and how it functions. It probably goes without saying that computers and humans communicate in different ways. For one example, computers cannot communicate with each other
  • 79. Application Layer Functions and Protocols 35 unless they are given a specific numerical address. This would work out great if we referred to each other by numbers instead of names: “Hello, 325176652, how are things? Heard from 447987768 lately?” However, people generally speak and communicate with names, and memorizing and using them is much easier for us. Names, though, simply don’t mean anything to computer systems. Consequently, we need a mechanism to give us the flexibility of remembering and referring to systems by easy-to-remember names, while simultaneously providing the numerical addresses computers need. This is where DNS enters the picture. DNS is simultaneously very simple, yet immense in nature and purpose. The main task of DNS is to resolve, or convert, an IP address for a given domain name. This allows an operator to type in a name for a resource, and provides a means for the system to find its numerical address equivalent. A domain name—sometimes referred to as a fully qualified domain name (FQDN)—is a name that is associated with one (or more) specific IP addresses. The name itself comes from a portion of something called the DNS namespace. The entire service referred to as DNS is comprised of three major components: the namespace, zones, and name servers (resolvers). Be sure you understand the function, components, and basic name resolution steps within DNS. Exam questions will most likely reference DNS operation as part of a scenario, and knowing what DNS does and how it works will greatly increase your ability to correctly choose the right answer. The DNS namespace is comprised of a tree structure that, amazingly enough, begins with the root—a single dot (.). The DNS root symbolically provides a starting point for all lookups and names. One step below the root is the top-level domain. Many top-level domains (too many to list here) exist, with each established for a specific purpose. Some of the more common top-level domains are us, gov, edu, com, mil, net, and org. The level immediately below the top-level domain is known as the second-level domain—commonly referred to as the domain name. This portion of the namespace denotes a single organization or entity. For example, Cisco.com indicates a portion of the namespace, found inside the .com top-level domain, belonging to the Cisco organization. All computers and systems under Cisco’s control that Cisco wishes for people to locate via a name will be given an FQDN ending in cisco.com. For example,
  • 80. 36 Chapter 2: TCP/IP a server may be named srv1.cisco.com. This domain can additionally be further subdivided by additional names. For instance, accounting.cisco.com might contain all the computer names within the accounting department. Within each defined area of DNS namespace—referred to as a zone—there must be at least one server storing all the records for that particular zone. The zone file contains all the name-to-IP address mappings, and is queried by DNS to find the addresses of domain names. Table 2-1 lists some of the record types found in the zone file. The last major component of DNS is the servers themselves. Name servers hold the records for a single zone, or sometimes for several zones. Name servers answer DNS requests from clients to resolve FQDNs. The actual request to a given name server usually comes from a resolver. Resolvers are servers on your network that ask name servers for the information. To fully grasp this concept, consider a client trying to resolve the name www.cisco.com. Caching is a process used to limit the number of queries that have to go all the way to the root. Your computer has a DNS cache, and every name server and resolver along the way caches their results.This means systems can sometimes get the answer to a query very quickly, especially if others on their network have queried for the same record. The client operator types www.cisco.com into their web browser. The client system, to resolve to an IP address, sends its resolution DNS request to a local resolver. This resolver then queries name servers, all the way up to a root server, to find the one system holding all the records for cisco.com. That server responds to the resolver with the IP address. The resolver then responds to the client request, and this all results in the user happily surfing on Cisco’s web site. TABLE 2-1 DNS Record Types Record Type Definition SOA Start of Authority: Defines the server that owns the zone records, as well as other administrative information (administrator name, current version, and so on) NS Name server: Defines a name server within the zone. Name servers hold all DNS records for the namespace. A Maps an IP address to a domain name. MX Mail Exchanger: Denotes the server within a namespace that takes care of e-mail traffic. CNAME Canonical Name: An alias used to mask the true identity of a server. This is often used as an alias for specific web sites within a domain.
  • 81. Application Layer Functions and Protocols 37 DNS is a wonderful thing, but can sometimes cause unenviable frustration when working on Cisco products. For example, when working on a Cisco router or switch, if you type in an unrecognized command, the device assumes you want to make a DNS lookup and happily obliges.This lookup doesn’t work, obviously, and takes a long time to run through iterations before returning to the screen. In order to avoid this problem, use the command no ip domain-lookup on your devices (configuration of this command, and others, are covered later in the book—this is solely listed for reference and illustration). DHCP Another well-known and oft-used Application layer protocol is Dynamic Host Configuration Protocol (DHCP). The main function of DHCP is to automatically assign IP addresses from a given pool of addresses to clients within a specific network segment. The pool of addresses a DHCP server uses is known as a scope. Servers and routers are generally configured as DHCP servers within a network. Every host on a TCP/IP network must have an IP address, which can be defined statically, if the administrator has plenty of time, patience, and organizational skills. Once a network grows, Don’t be surprised to see however, this becomes much more challenging DHCP listed as a Network layer utility on the and can quickly get out of hand. A better choice, exam.The actual protocol resides in the and one most administrators choose, is to use Application layer; however, the CCENT DHCP. To correctly apply and use DHCP within exam may list it as a Network, or layer-3, a network, you must install or enable the service, utility. configure the scope and other settings, and correctly place the server within the network. Installing and configuring the service is relatively easy, although there are many situations and configuration options to consider. When configuring the scope, savvy network administrators know to exclude or reserve certain addresses from the pool. Servers, switches, printers, and so on, all have a need for static IP addresses. Therefore, administrators can either assign these addresses statically and exclude those addresses from the scope, preventing clients from inadvertently pulling an address already in use, or reserve address space in DHCP so the devices always pull and maintain the same address. Other configuration additions include the address of the default gateway, DNS servers, WIN servers, and the amount of time a client is allowed to hold the IP address—known as a lease. Configuring DHCP on Cisco devices is covered later in this book. See Figure 2-2 for more information on the process a client uses to request and accept an IP address from a DHCP server.
  • 82. 38 Chapter 2: FIGURE 2-2 The DHCP lease process TCP/IP START New network client, no IP. TCP/IP stack initialization begins. DHCP Discover DHCP server responds with a lease proposal. DHCP Offer Declined Client restarts process. Accept Requesting State: Client indicates to server it wants IP. DHCP Request DHCP server grants lease. DHCP Pack Binding State: Client uses lease information to complete TCP/IP stack configuration. Pay particular attention to the location of DHCP servers in scenario questions. Remember, unless otherwise noted by an ip helper address command within the scenario, DHCP servers will not offer IP addresses to clients on the far side of a router.
  • 83. Application Layer Functions and Protocols 39 Finally, placement of your DHCP server is a very important consideration. DHCP works by broadcasting, which makes a lot of sense when you consider the process. When the computer first boots up, it does not know where the DHCP server is. In truth, it doesn’t even know its own network or address! So, the system sends a broadcast message asking for a DHCP server to provide an IP address. Every server running the DHCP service that receives the broadcast will respond, and the client generally takes the first offer it receives. Since routers do not forward broadcasts, it is important to remember to place a DHCP server on each network segment. If it is placed outside the segment, the systems cannot pull IP addresses. Watch for multiple or rogue DHCP servers on your network. A trainee learning how to configure DHCP on a server may inadvertently give out bogus addresses to many systems in your segment, causing issues for you and your users. Other Protocols While there are many more protocols within the TCP/IP Application layer, and an entire book series could be written just about them, this section concentrates on the protocols you’ll most likely see on the exam. This is not to say this is all you’ll ever need to know about the Application layer; it’s just a focused view. Protocols covered in this section perform most of the basic day-to-day functions found in any network, such as file transfers, e-mail, web surfing, and network management. File Transfer Protocols File Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP) are both found in the TCP/IP Application layer, and they both perform the same function—they transfer files from one system to another. The manner in which they perform these functions differs, as well as where you would traditionally see them in play. FTP is as much a service as it is a protocol, and is comprised of a server, an authentication method, and the protocol itself. The FTP server is simply a machine that has installed and enabled the FTP service. The server administrator will define an authentication method within FTP (oftentimes completely separated from the operating system authentications), as well as assign permissions through the FTP directory structure. Users log on to the FTP service and, using a variety of commands, pull or put files from or to the server. FTP is considered a connection-oriented protocol, requiring a reliable transport protocol to manage acknowledgments of each packet sent. FTP can be installed on almost any server or workstation, as well as on many Cisco devices.
  • 84. 40 Chapter 2: TCP/IP FTP, while containing an authentication function, is not considered secure. Everything in FTP, including usernames, passwords, and data, is transmitted in clear text over the wire. Additionally, most FTP installations allow for an “anonymous” connection—meaning a user doesn’t even have to log on to use the service. TFTP operates a bit differently. While FTP is a reliable protocol, requiring acknowledgments for each packet sent, TFTP works in a “fire and forget” format: packets are sent as quickly as possible without any acknowledgment required (a process known as connectionless). This results in a much faster file exchange, but does not work well across long network segments or across network boundaries since some packets will, eventually, be lost. Another way this protocol differs from FTP is that TFTP requires no authentication at all—users simply connect and transfer files to and from the server. While there is no authentication method in place, TFTP does require the user to know the complete filename and location, as no directory listing is available. It is important to type the filename precisely when transferring to or from a TFTP server. TFTP has traditionally been used to transfer Cisco IOS and configuration files between Cisco devices and a TFTP server on the network. Its small footprint, lack of extensive overhead, and general ease of use make it an easy choice. FTP provides many more features, such as the ability to list the files within the directory, and is a better choice for end users. E-mail Protocols Another important and very common network function is e-mail. The protocols in play to move e-mail through networks are Simple Mail Transfer Protocol (SMTP) and Post Office Protocol version 3 (POP3). SMTP, sometimes jokingly referred to as Send Mail To People, is always used to send mail and always transmits data in clear text (ASCII). Whether the file is being sent from a user or between servers, the protocol in use is always SMTP. POP3 comes in on the recipient side. When a client connects to an e-mail server to pull the messages down to read them, POP3 is the protocol in use. Both SMTP and POP3 are considered connection-oriented protocols. Because SMTP has little to no authentication features built in, attackers can sometimes abuse its hospitality to forward spam. Spam is unsolicited, unwanted e-mail sent in mass quantities, usually for commercial gain or malicious intent. An SMTP server, if not configured properly, will happily forward any e-mail
  • 85. Application Layer Functions and Protocols 41 it receives—basically doing exactly what it was programmed to do. However, spammers connect to SMTP servers from outside the network and feed e-mails to it for delivery. This process is known as SMTP Relay and should be guarded against. IMAP4 (Internet Message Access Protocol) is another protocol that may be used to pull an e-mail message from a server. IMAP has a more sophisticated authentication structure than POP3, but is not as commonly used in modern networks. Network Management Protocols Simple Network Management Protocol (SNMP) is another very important and oft-used Application layer protocol. SNMP provides a much needed, simple to use, and very powerful method of querying and managing devices on your network. However, it simultaneously opens significant security risks. SNMP consists of three major components: a central monitoring station, an agent on each device, and a database of questions. In a typical SNMP setting, a central monitoring station, running an SNMPcompliant application, is used to simplify management. The station begins by broadcasting SNMP GET requests to all devices within its network boundary. This message is received by each SNMP-enabled device and a small application, known as an agent, processes the request. To answer the request, the agent uses an agreed-upon standard set of questions and answers. These questions can be different per device type and vendor. The database that a particular device answers questions from is known as the Management Information Base (MIB). MIBs are normally unique for each device and vendor. The central station repeats SNMP requests against the MIB on each device and, eventually, builds a map of the network. This map can be used by a network management specialist to monitor network health, watch for potential problems, and even send configuration updates or changes to devices. Obviously, SNMP is very powerful. In an effort to provide at least some security to this process, SNMP was configured with two passwords in which to conduct business—a public and a private community string. The public community string is a password used to read information from SNMP-enabled devices. The private string is used to send configuration updates to devices. By default, the public and private strings on every SNMP-enabled device on the planet are set to (surprise) public and private, respectively. Should you choose to take advantage of SNMP within your network, these strings should, obviously, be changed to a more difficult password. Web Surfing Protocols Lastly, no discussion on popular TCP/IP applications would be complete without at least briefly discussing web surfing. Most Internet browsing and viewing is done
  • 86. 42 Chapter 2: TCP/IP using two major protocols: HTTP and HTTPS. The World Wide Web (WWW) application, basically the complex combination of servers and specially formatted documents that make up the Web, is mostly accessed by browsers using Hyper Text Transport Protocol (HTTP). The main purpose of HTTP is to transport Hyper Text Markup Language (HTML) files; HTML is the language used to create a web page. The HTML instructions tell the browser what to display on the screen. The entire process is actually pretty simple. A user first enters a Uniform Resource Locator (URL) in the address bar of their web browser. For example, consider what happens when the user types in http://www.cisco.com/ccna.html. The browser then makes a request, using HTTP, for the HTML file named ccna.html, hosted on the computer (or domain) www.cisco.com, listed in the URL. The file is delivered, and the browser interprets and displays the HTML settings. A URL is made up of three major components: the protocol used, the name of the server (or host) holding the resource, and the name of the page. The protocol comes first, before the //. The domain name listed, such as Cisco .com, comes next and is the host holding the resource. Anything listed after the last “/” is the name of a specific resource (page) on the host. Hyper Text Transport Protocol over SSL (HTTPS) uses much the same process, but adds security and encryption to the process. Secure Sockets Layer (SSL) is an encryption process that secures the communication between the client and the server hosting the site. An exchange of certificates ensures the client can safely exchange data without worrying about third-party interception. HTTPS is very common in online banking, shopping, and secured data sharing implementations. Both HTTP and HTTPS are connection-oriented protocols. CertCam A multimedia demonstration of Wireshark can be found on the CD accompanying this book. EXERCISE 2-1 Viewing TCP/IP Protocols in Action This exercise shows TCP/IP applications in action by viewing the packets captured during a live session. Please note the CCENT exam does not test on packet captures at all. This exercise is provided solely to enhance your understanding of TCP/IP by
  • 87. Application Layer Functions and Protocols 43 viewing the packets in live action. Be sure you have Wireshark installed on your machine before proceeding. 1. Open a command prompt by clicking Start/Run/CMD. Type in ipconfig /release but do not press ENTER yet. 2. Open Wireshark and click Capture | Interfaces from the menu bar at the top. If you have more than one interface, the active interface will show packets being received and sent. Click the Prepare button beside the active interface and configure the settings to match Figure 2-3. Click Start. 3. Once the capture begins, you’ll see Figure 2-4. Additionally, Wireshark will display the capture packets in the background on the Capture Statistics window. At this point, go back to the command prompt window and press ENTER to release your IP address from all interfaces. After the interface releases the address (the command prompt window will display the IP address empty and a waiting prompt), type ipconfig /renew and press ENTER. After the interface gets a new address, type ping www.google.com and press ENTER. Close the cmd prompt window. 4. Go back to the capture window (shown in Figure 2-4) and press Stop—or press the Stop Capture button on the main menu. Wireshark displays the capture window, a frame display window, and a details window at bottom, as shown in Figure 2-5. Packets are displayed in the order in which they were captured. FIGURE 2-3 Interface capture options
  • 88. 44 Chapter 2: TCP/IP FIGURE 2-4 The Capture Statistics window 5. Click the Protocol column header, as shown in Figure 2-6. The packets are now displayed in the order of their type. ARP packets should show up first, with others following in alphabetical order. FIGURE 2-5 Wireshark capture review
  • 89. Application Layer Functions and Protocols FIGURE 2-6 45 The Protocol column header 6. Highlight an ARP packet by clicking it once. Expand the Frame Display window in the middle of the screen by dragging the window open larger. Click the “+” signs beside each area to fully expand the information. All information about the packet, including frame type, protocol used, flags set, and addressing is displayed. Your display should look something like Figure 2-7. 7. Use the scroll bar to the right of the packet capture window to move down to the first DHCP packet. After selecting it and viewing the information in the frame display window, simply arrow down to the next DHCP packet. Notice the information in the frame display window changes to reflect the information from each new packet. Continue to arrow down to view the entire DHCP release and renew process. 8. Repeat the previous steps to view information on DNS packets, as well as any other protocols your particular system may be receiving or sending (FTP, SNMP, SMTP, and so on).
  • 90. 46 Chapter 2: TCP/IP FIGURE 2-7 Examining packets CERTIFICATION OBJECTIVE 2.03 Transport Layer Functions and Protocols No matter what the application protocol, there must be a protocol in place to transport the request and, eventually, the return data. The TCP/IP Transport layer performs the same functions as its namesake layer in the OSI model: segmentation, reliable end-to-end delivery of data, and flow control. Transport layer protocols include Transport Control Protocol (TCP) and User Datagram Protocol (UDP).
  • 91. Transport Layer Functions and Protocols 47 TCP TCP is a connection-oriented reliable transport protocol used by applications that require error correction in delivery. On the good side, TCP provides the reliability services that applications may not have built into them. The drawback is that, in order to do so, TCP adds a lot of overhead to the communications process (see Figure 2-8 to view the TCP header). This slows things down, consumes more bandwidth, and requires more processing for hosts during communication. Protocols making use of TCP as a transport protocol include SMTP, HTTP, HTTP(s), FTP, and a host of others. The TCP communications process encompasses three major functions: session establishment, error recovery, and flow control. Every TCP communication process begins with a session establishment process known as the three-way handshake. In the first phase, the requesting system sends a synchronization request segment, known as a SYN. The SYN segment is a simple request to open a communications channel, and includes the SYN flag set, a sequence number, and port numbers (covered later in this chapter). When the server receives this request, it formulates and sends a synchronization/acknowledgment segment, known as a SYN/ACK. This segment includes the SYN and ACK flags set, an acknowledgment of the requestor’s sequence number, and a separate sequence number. Finally, in the third step, the requesting system sends an acknowledgment segment, known as an ACK. This segment includes the ACK flag set, a copy of the acknowledgment of the original sequence number, and an acknowledgment of the server’s own sequence number. This process can be seen in Figure 2-9. Once the session is established, data can start flowing between the two systems. During data transmission, eventually segments get lost due to a variety of causes. TCP handles error recovery by using the sequence number and acknowledgment FIGURE 2-8 0 4 10 16 SOURCE PORT A TCP header 24 31 DESTINATION PORT SEQUENCE NUMBER ACKNOWLEDGMENT HLEN RESERVED CODE BITS* CHECKSUM WINDOW URGENT POINTER OPTIONS (IF ANY) DATA .... PADDING
  • 92. 48 Chapter 2: TCP/IP FIGURE 2-9 SYN (Synchronization Request) 1 The three-way handshake 2 SYN/ACK (Acknowledgment) Requesting host Receiving host ACK 3 fields in the header. The sequence number agreed upon during the three-way handshake is incremented for every agreed-upon number of data bytes sent. For example, if the two systems agree to send 100 bytes at a time, the sequence number would increase by 100 for every segment sent. In other words, each segment that leaves increases the sequence number by a specific amount. On the receiving end, the recipient system acknowledges the receipt of each segment by incrementing the sequence number to the next expected segment. For example’s sake, imagine an established session with an agreed-upon sequence size of 100. If a system sends a segment with a sequence number of 422, the recipient would send an acknowledgment with the sequence number set to 522. An example of this in practice can be seen in Figure 2-10. Recovery of lost segments is easy to see within this process. The sending machine will wait until it receives an acknowledgment before it sends the next segment in line. If the acknowledgment does not come, or is not the expected reply, the sender knows to retransmit the previous segment(s). For example, imagine a sender has transmitted segments with sequence numbers of 122 and 222, and has received an acknowledgment of 322 (the next segment number). The sender knows the recipient has accepted both previous segments and is expecting 100 bytes (322). The sending machine transmits segments 322 and 422, and waits. If all goes well, the acknowledgment will read 522. If the end station loses the last segment, however, the acknowledgment is 422, telling the sender to retransmit the segment with sequence number 422. This process, also known as ordered data transfer, allows for retransmission of lost segments and ensures all segments are received in the order in which they were sent.
  • 93. Transport Layer Functions and Protocols FIGURE 2-10 Sequence Number: 422 —Send Acknowledgment A TCP acknowledgment 2 4 1 ACK-522 Sequence Number: 522 —Send Acknowledgment Requesting host 49 3 Receiving host ACK-622 Sequence numbers not only help out in keeping segments in order, but they can also help in reducing the number of retransmissions. For example, consider a conversation occurring between two systems with an agreed-upon sequence increment of 1000 bytes. If the sending device has sent three segments and the sequence number started at 1000, the sending device would expect an acknowledgment of 4000. Suppose, however, the recipient only received the first and third segments. The acknowledgment would be 2000, notifying the sender it needed the second segment. However, immediately after sending the acknowledgment, the second segment finally arrived. The sending device, receiving an acknowledgment of 2000, would assume the second segment never arrived. It would then retransmit sequence number 2000 and await an acknowledgment. The recipient now has all three segments, having received the second segment in between all this activity. It now sends an acknowledgment for what it is expecting next—sequence number 4000. Requesting the retransmission of the third segment would have been a waste since it had already been received. TCP also makes use of a timer for error recovery. If the sending machine does not receive an acknowledgment within the allotted time, it will retransmit all outstanding segments.
  • 94. 50 Chapter 2: TCP/IP The last major function in TCP is flow control. This process ensures data is transmitted as quickly as possible without overwhelming the recipient machine. If TCP required an acknowledgment of each and every segment, flow control wouldn’t be needed at all. However, that wouldn’t be very efficient, and the communications process would be dramatically slowed. A more equitable solution would be to have the sending machine transmit several segments and wait for an acknowledgment from the recipient of the entire grouping. Both machines could communicate with each other until a maximum size of segment groupings is agreed upon. TCP accomplishes this by using the window size field in the TCP header. The window size field lets each system know the total number of unacknowledged segments that can be outstanding at any time, and can change at any time during the process. Keeping things simple, assume a sending machine sends segments 1, 2, and 3, with a window size of 3. If the path between the two can transmit all segments within the allotted time, and the recipient can handle it, the acknowledgment will read 4. This lets the sender know all three segments were received and it can send the next three. Starting small, the window size will be slowly incremented by the sending machine until a threshold is met. At this point, the sender and recipient are transmitting data as quickly as possible, without congestion problems. The process of the window size changing during communications is known as sliding windows. Be sure to review and understand the three major functions accomplished within TCP. You will definitely be asked questions testing your knowledge on the order transfer of data, requiring you to predict sequence numbers from a given scenario. Pay close attention to the sequence number itself, as well as the agreed-upon size. UDP The second Transport layer protocol is User Datagram Protocol (UDP), shown in Figure 2-11. Unlike TCP, UDP is a connectionless protocol, meaning it does not require acknowledgments and does not provide for error correction. A much simpler protocol with a smaller header, UDP simply transmits segments as quickly as possible, without regard to the recipient. UDP has the advantage of being much faster than TCP, but it does not provide many of the services that TCP’s larger header allows for. If UDP is used as a transport protocol, reliability becomes a function of the applications themselves.
  • 95. Transport Layer Functions and Protocols FIGURE 2-11 A UDP header Source Port Number (16 Bits) UDP Length (16 Bits) 51 Destination Port Number (16 Bits) UDP Checksum (16 Bits) DATA The UDP header is only eight bytes long. UDP is a good choice in a couple of scenarios. If the data transfer is one (or just a few) packets, then the overhead of TCP is unnecessary. Both DNS and DHCP are good examples. In another good UDP scenario, the applications themselves must be capable of tolerating lost packets, or have some means by which to ask for retransmissions. For example, streaming video and Voice over IP (VoIP) can both tolerate a packet or two lost along the way, as long as the stream doesn’t get too choppy. Port Numbers and Multiplexing Regardless of the transport protocol in use, there must be a method in place to let the recipient Transport layer know which application protocol the transmitted segments should be passed to. For example, imagine a server simultaneously hosting a web site and running an FTP service. A TCP connection sequence occurs and a client connects to the server, sending a request for data. How does the server know which application protocol—HTTP or FTP—is to handle the request? Additionally, consider how confusing things could get if the same address asked for both services in different streams. Port numbers are used to identify which protocol is to answer a request and provide for multiplexing multiple requests from a single source. Both TCP and UDP use port numbers, from 0 to 65,535, which are divided into specific ranges. The numbers up to 1023 are called well-known port numbers and represent applications used by the operating system. Port numbers between 1024 and 49,151 are called registered ports, while those between 49,152 and 65,535 are dynamic ports. Dynamic ports are open for use without restriction, and are used by sending machines to identify individual communication sessions. Well-known ports are listed in Table 2-2. To understand the use of port numbers in TCP for multiplexing, consider the preceding example and the demonstration in Figure 2-12. First, the client requests a web page from the server by choosing a random port number (5000) in the dynamic range for the source, and using the port number for HTTP (80) as the destination. When the data is returned, the ports are reversed—80 is now the source, with 5000 as the destination. While surfing the web site, the same client decides to transfer a file from the FTP service on the server. A second communications request begins,
  • 96. 52 Chapter 2: TABLE 2-2 TCP/IP Application Protocol 20 FTP (Data) 21 FTP (Control) 22 SSH 23 Telnet 25 SMTP 53 DNS 67,68 DHCP 69 TFTP 80 HTTP 110 POP3 161 SNMP 443 Well-Known Port Numbers Port Number HTTPS (SSL) with the recipient choosing another random port number (5001) as the source port, and using the port number for FTP (21) as the destination. Once again, as the data is returned, the port numbers are swapped—21 is now the source with 5001 as the destination. This process allows both systems to track each session separately, even though the address of the requestor and sender remain the same. FIGURE 2-12 Source Port 5000 Port numbers and multiplexing 2 Source Port 80 Source Port 5001 Web server 2 Destination Port 80 Destination Port 5000 Destination Port 21 Source Port 21 1 1 Destination Port 5001 Client
  • 97. Internet and Network Access Layer Functions and Protocols 53 Even though ports 1024 through 49,151 are considered registered ports, they can be used as dynamic ports by systems during communications.The combination of an IP address, a transport protocol, and a port number is known as a socket. Additionally, just for fun, the ports clients used are also known as ephemeral ports.They randomly are assigned from a pool of ports the client has available, and are never reused until a client has exhausted all of its pool of ports. CERTIFICATION OBJECTIVE 2.04 Internet and Network Access Layer Functions and Protocols After the Application and Transport layers have accomplished their functions, the segment is passed down for logical addressing and routing. The same functions and activities from the Network layer of the OSI model occur in the Internet layer of the TCP/IP stack. As with any stack, two major protocol types occur in this layer: routed and routing protocols. Routed protocols define the format and fields of a packet, provide the logical addressing needed to be moved from one location to another, and can be routed from one subnetwork to another across a router. Routing protocols specify the manner in which routes are learned and placed in the route tables of routers, as well as define how the routers talk to each other. Routing protocols will be covered in greater detail in Chapter 6. Routed protocols can be routed across networks (or subnets). Routing protocols are used to exchange information between routers to determine best path availability. You might also see a reference to “non-routable” protocols on the exam. Non-routable protocols cannot, obviously, be moved from one subnet to another. An example is NetBEUI.
  • 98. 54 Chapter 2: TCP/IP IP and ICMP The Internet Protocol (IP) is the routed protocol found in this layer. It provides the hierarchical addressing and routing functions for data delivery across networks. IP addresses are 32 bits in length, with some bits providing a network address and others acting as host addresses inside the network. This ability acts much like a ZIP code in postal addressing, as discussed in the “Network Components” section of Chapter 1. IP address construction, use, and functionality are discussed in greater depth in Chapter 6. While considered a connectionless protocol, IP does make a sincere effort to forward all packets. This is commonly referred to as best-effort delivery. However, due to network congestion, cable faults along the way, and a host of other reasons, packets (sometimes referred to as datagrams) can get lost. In and of itself, IP has no way to deal with datagram loss, or with issues such as out-of-order receipt. The Internet Control Message Protocol (ICMP) was established to alleviate this problem. ICMP is an Internet layer protocol that provides error notification and, sometimes, error correction for IP datagram delivery. ICMP can notify sending hosts when packets are lost or congestion occurs. It can even alter their default gateway information to more efficiently send certain packets! A host of ICMP message types are available, but by far the most familiar and often used are the ECHO REQUEST and ECHO REPLY types. ping is a command-line tool used to test basic network connectivity. It sends an echo request to a distant host, and if the host receives the message, it responds with an echo reply. A successful test means the connection between the two hosts is good from layers 1 through 3. However, a number of reasons exist as to why the connectivity test would fail. A network segment along the path may be too congested to pass the requests, the host might be temporarily offline or configured to not respond to pings, a firewall may be preventing the ping, or a router along the way does not have a route listed in its table for the end destination IP address. Table 2-3 covers common ping responses and their meaning. ping is usually used to systematically test network connectivity between two devices. In doing so, you should always ping from local to remote. For example, suppose a user claims they cannot access a resource on the Internet. To properly troubleshoot this problem, you should first eliminate problems with the local machine by typing ping 127.0.0.1 (or ping localhost). The IP address 127.0.0.1 (also known as localhost) is used to test the TCP/IP binding on the local network card. Next, ping the default gateway for the system. The default gateway is the
  • 99. Internet and Network Access Layer Functions and Protocols TABLE 2-3 55 Meaning Reply from ______ Layer 1–3 connectivity is good for the pathway. Request Timed Out The host did not respond to the ping request. This could mean it is offline, the pathway is corrupt, or ping is being blocked. Destination Unreachable ping Responses ping Response (ICMP Message Type) There is no route to the end station. This could mean your default gateway router cannot find the route, or a router along the way does not have a route. router port or firewall port on the local subnet providing access to outside networks. Lastly, ping the remote host. This systematic approach simplifies and accelerates troubleshooting efforts. The responses to a ping display differently in a Cisco device, with a single character indicating the message type. An exclamation point (!) indicates a good response. Other responses include a dot (.) for timed out, and a capital “U” for destination unreachable. Also, be sure to remember to ping from local to remote in troubleshooting scenarios. A final tool associated with ICMP is traceroute. The traceroute command displays all the IP addresses of all routers along the path to the final destination, which obviously provides a much more granular and meaningful snapshot in any troubleshooting scenario. The traceroute command on Cisco devices displays the IP address of the next hop device along the path. A sample network and traceroute output is displayed in Figure 2-13. Be sure you understand how to use the traceroute command, as well as the meaning of its expected output. You will definitely see exam questions on it.
  • 100. 56 Chapter 2: TCP/IP 172.16.1.1 FIGURE 2-13 199.50.60.15 172.16.1.2 Traceroute 192.168.1.1 172.17.1.1 172.17.1.2 Host1 192.168.1.15 RTR1#traceroute 199.50.60.15 Type escape sequence to abort. Host2 199.50.60.15 Tracing the route to 199.50.60.15 1 172.16.1.2 9 msec 4 msec 4 msec 2 172.17.1.2 22 msec 24 msec 22 msec 3 199.50.60.15 24 msec 24 msec 28 msec Network Access Layer Protocols The Network Access layer of TCP/IP encompasses all the functionality of both the Data Link and Physical layers of the OSI Reference Model. Encapsulation, framing, media access, and physical addressing, as well as all the physical standards associated with cabling, connectors, and encoding, all occur here. Each Network Access layer protocol defines a specific frame type in which to encapsulate a packet for delivery within the network segment. In other words, the packet must be delivered somewhere locally first, before it can make its way out of the network. If all devices on the media use the same Network Access protocol and standard, the frame type is understood and the frame is delivered to the appropriate device. The Network Access layer encompasses a wide variety of protocols and standards, including SLIP, PPP, and Ethernet. Serial In-Line Protocol (SLIP) and Point-to-Point Protocol (PPP) are both designed for point-to-point network segments. SLIP was the first, and generally worked well. However, it was only capable of delivering TCP/IP traffic and, as networking grew, the need for transporting other protocol suites grew with it. PPP was created to address this problem, since it could transmit almost any Internet layer protocol. Within LANs, however, Ethernet is by far the most common Network Access layer standard. Ethernet also defines a specific frame type, using MAC addresses and
  • 101. Internet and Network Access Layer Functions and Protocols 57 allowing for a host of services and functions within the LAN. While point-to-point connections generally do not need to worry about addressing (everything sent is always sent to the same recipient), multiple systems connecting to a single segment do need a method to determine who the message is intended for. Additionally, by putting more than one system on the wire, functionality for dealing with collisions had to be put into place. These functions, along with more details, are covered in Chapter 4. Each network segment uses a specific Network Access layer standard. As the packet moves from one network segment to the next, the frame is stripped off by the router and a new frame is built for transmission on the next segment. For example, an Ethernet segment may pass over a PPP or SLIP network on the way to its destination. INSIDE THE EXAM TCP/IP Much like Chapter 1, questions from this chapter’s material on the exam may not be explicit, but instead be part of scenario-based queries. Direct questions about the material should be fairly straightforward, so a good understanding of the protocols discussed here will help out greatly. On matching questions asking you to identify a particular layer, remember that the TCP/IP layers do not match exactly with the OSI model. The TCP/IP Application layer encompasses the top three layers of the OSI Reference Model, the Internet layer replaces the Network layer, and the Network Access layer encompasses the bottom two OSI layers. You should commit several key points to memory from this chapter, and be sure to understand the basic functions of each of the Application protocols mentioned. At the Transport layer, pay particular attention to the three-way handshake, port numbers, flow control, and multiplexing. Additionally, be very familiar with the differences between TCP and UDP. In the Network Access layer, be sure to remember the frame type changes as the packet travels from network to network.
  • 102. 58 Chapter 2: TCP/IP CERTIFICATION SUMMARY The TCP/IP chapter first compared and contrasted TCP/IP and OSI. All functionality from the OSI Reference Model also occurs within the TCP/IP stack; however, TCP/IP only has four layers. The TCP/IP Application layer comprises layers 7 through 5, and holds several protocols. DNS provides domain-name-to-IPaddress resolution, while DHCP dynamically tracks and assigns IP addresses within a network segment. FTP and TFTP are file transfer protocols. FTP is connectionoriented, while TFTP is connectionless and faster. SMTP and POP3 combine to move e-mail through networks. SNMP is a very powerful protocol for network management functions. HTTP provides for web surfing and HTML transport, while HTTPS provides secured methods for web access. Transport layer protocols include TCP and UDP. TCP is connection-oriented and uses a three-way handshake to set up a session. Within the session, TCP uses sequence numbers and acknowledgments for reliability, and sliding windows for flow control. UDP is connectionless, and faster than TCP, but does not have the flow control and reliability features of TCP. Regardless of TCP or UDP, port numbers are used to track multiple communications sessions between systems. Well-known ports are used to identify the Application layer protocol, while dynamic ports are used by requesters to identify the session. Internet layer protocols include IP and ICMP. IP is a routed protocol, providing hierarchical logical addressing; ICMP provides error notification and other services lacking in IP. Network Access layer standards include SLIP, PPP, and Ethernet.
  • 103. Two-Minute Drill ✓ 59 TWO-MINUTE DRILL TCP/IP and OSI Reference Model Comparison ❑ The TCP/IP model has four layers: Application, Transport, Internet, and Network Access. ❑ TCP/IP’s Application layer maps to the Application, Presentation, and Ses- sion layers of the OSI model. The Internet layer maps to OSI’s Network layer. The Network Access layer holds the Data Link and Physical layers. Application Layer Functions and Protocols ❑ DNS provides domain-name-to-IP-address resolution. DNS makes use of resolvers, name servers, and the domain namespace. Top-level domains fall immediately under the DNS root, and hold individual zones. Each zone has an SOA record and a name server that holds all the records for the zone. ❑ DHCP provides automatic dynamic IP address allocation within your net- work segment. A DHCP server is configured with a range of addresses, called a scope, along with other information—such as default gateway and DNS server addresses. DHCP works on broadcasts, so placement of the server must be within the segment. Multiple DHCP servers on the same segment can be problematic, because bogus addresses may be handed out to clients. ❑ Both FTP and TFTP are file transfer protocols. FTP is connection-oriented and requires some form of authentication, but is considered insecure because it passes everything in clear text. TFTP is connectionless and much faster, but does not offer directory listing or authentication. TFTP is commonly used to transfer Cisco IOS or configuration files. ❑ SMTP, POP3, and IMAP4 work together to transmit e-mail. SNMP is used for network management and configuration options and relies on public and private community strings for security. HTTP transports HTML formatted pages, and HTTPS adds the SSL protocol for encrypted data transfer. ❑ Transport layer protocols include TCP and UDP. TCP is connection- oriented and uses a three-way handshake, with a SYN, SYN/ACK, and ACK transfer to establish a communications channel before data is transmitted. TCP provides reliability by using acknowledgments, and flow control by using a sliding window. UDP is connectionless and does not provide the same
  • 104. 60 Chapter 2: TCP/IP services as TCP; however, it is much faster. UDP is typically used to transfer Cisco IOS and configuration files from devices to a server and vice versa. ❑ Port numbers are used to identify the Application layer protocol to be used. A sending machine applies a source port dynamically and a destination port from the well-known range. Upon the response, the port numbers are swapped in the header. The combination of IP address, sequence number, and port number is known as a socket and allows for multiplexing between two systems. ❑ IP is a connectionless routed protocol assigning hierarchical addresses to packets. IP allows for both host and network address bits within each address. ICMP provides error notification services for IP. ping responses include request timed out (host did not respond), destination unreachable (no route available in a router), and reply from (success). ❑ Network Access layer standards include SLIP, PPP, and Ethernet, as well as many others. SLIP and PPP are used for point-to-point links, while Ethernet is used inside most LANs. Transport Layer Functions and Protocols ❑ TCP is a connection-oriented, reliable layer-4 transport protocol. Applica- tion protocols making use of TCP as a transport protocol include SMTP, HTTP, HTTP(s), and FTP. ❑ The steps within TCP session establishment (known as the three-way hand- shake) include Synchronization, Synchronization Acknowledgment, and Acknowledgment packets (SYN, SYN/ACK, ACK). ❑ TCP handles error recovery by using the sequence number and acknowledg- ment fields in the header. The sequence number agreed upon during the three-way handshake is incremented for every byte of data sent. ❑ Flow control in TCP is accomplished using the window size field in the TCP header. ❑ UDP is a connectionless, unreliable layer-4 transport protocol. UDP does not require acknowledgments, does not provide for error correction, and does not require a session establishment before data is transmitted. Application protocols making use of UDP as a transport protocol include DNS, DHCP, TFTP, and streaming audio programs.
  • 105. Two-Minute Drill 61 ❑ Port numbers in the TCP or UDP header identify which Application layer protocol is to answer a request, as well as to provide for multiplexing multiple requests from a single source. Port numbers range from 0 to 65,535: 0 to 1023 are called well-known port numbers, 1024 to 49,151 are called registered ports, and 49,152 to 65,535 are dynamic ports. Source port numbers are dynamically assigned, and any number over 1023 is an acceptable source port. Internet and Network Access Layer Functions and Protocols ❑ Routed protocols can be routed across networks (or subnets). Routing proto- cols are used to exchange information between routers to determine best path availability. ❑ Internet Protocol (IP) is a routed protocol, using a 32-bit hierarchical ad- dress. IP is considered a connectionless, best-effort protocol. ❑ ICMP is an Internet layer protocol that provides error notification and, some- times, error correction for IP datagram delivery. ❑ ping is a command-line tool used to verify basic network connectivity (up to layer 3). ping uses ICMP ECHO REQUEST, ICMP ECHO REPLY, and other ICMP message types to convey connectivity information. ❑ Encapsulation, framing, media access and physical addressing, as well as all the physical standards associated with cabling, connectors, and encoding, all occur in the Network Access layer. ❑ Serial In-Line Protocol (SLIP) and Point-to-Point Protocol (PPP) are both designed for point-to-point network segments. SLIP is only capable of delivering TCP/IP traffic, while PPP is capable of delivering almost any Internet layer protocol. ❑ Ethernet is the most popular layer-2 technology used within LANs.
  • 106. 62 Chapter 2: TCP/IP SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question. TCP/IP and OSI Reference Model Comparison 1. Which of the following are true when comparing TCP/IP to the OSI Reference Model? (Choose two.) A. The TCP/IP model has seven layers while the OSI model has only four layers. B. The TCP/IP model has four layers while the OSI model has seven layers. C. The TCP/IP Application layer maps to the Application, Session, and Presentation layers of the OSI Reference Model. D. The TCP/IP Application layer is virtually identical to the OSI Application layer. 2. In which layer of the TCP/IP stack is routing and logical addressing found? A. Network B. Data Link C. Internet D. Network Access 3. In which layer of the TCP/IP stack is framing found? A. Network B. Data Link C. Internet D. Network Access 4. Formatting and code conversion occurs in the ________ layer of the OSI model, and the ________ layer of the TCP/IP stack. A. Data Link, Network Access B. Network Access, Data Link C. Application, Presentation D. Presentation, Application
  • 107. Self Test 63 Application Layer Functions and Protocols 5. Which TCP/IP Application layer protocol provides IP address resolution for domain names? A. DHCP B. DNS C. SMTP D. SNMP 6. You receive several calls about a lack of network connectivity from a group of users. After investigating, you find all the users are on a brand-new segment off the internal router. Your network uses DHCP and all users on the original segment are functioning fine. What is the most likely cause of the problem? A. Every user on the new segment has manually assigned their own TCP/IP address information. B. The DHCP server is on the original segment, and DHCP requests are not allowed to cross a router. C. Cabling to a single host on the new segment has been severed, taking down the entire network. D. This is a temporary problem. Simply waiting longer will fix it. 7. Within SNMP, the ________ community string allows a central device to read MIB information, while a ________ community string provides the authentication to send configuration updates. A. Public, Private B. Private, Public C. Read, Read/Write D. Read/Write, Read 8. What signifies the hostname holding the resource in the URL http://www.cisco.com/ education.htm? A. http B. www.cisco.com C. education.htm D. www.cisco.com/education.htm
  • 108. 64 Chapter 2: TCP/IP Transport Layer Functions and Protocols 9. TCP completes a three-way handshake before exchanging data. In order, what are the steps? A. ACK, SYN/ACK, SYN B. ACK, SYN, SYN/ACK C. SYN/ACK, ACK, SYN D. SYN, SYN/ACK, ACK 10. What is the well-known port number for SMTP? A. 21 B. 22 C. 23 D. 25 E. 110 11. A client connects to a server and attempts to pull a web page. What port would appear in the destination field of the requesting machine’s TCP header? A. 23 B. 25 C. 80 D. 88 E. 110 12. Which of the following port numbers could appear in the source port field of a TCP header leaving a requesting system? A. 1022 B. 1023 C. 49,172 D. 80 Internet and Network Access Layer Functions and Protocols 13. Which protocol provides error notification services for IP? A. ping B. SNMP C. DNS D. ICMP
  • 109. Self Test 65 14. While using ping to test network connectivity, you receive a “Destination Unreachable” reply. Which of the following is the most correct interpretation of the result? A. The end host is offline. B. A layer-1 problem exists between the two hosts. C. A layer-3 problem exists between the two hosts. D. The end host is online. 15. The point-to-point protocol ________ was replaced by PPP, largely because it could only transport TCP/IP. A. PPTP B. SLIP C. SNMP D. SMTP
  • 110. 66 Chapter 2: TCP/IP SELF TEST ANSWERS TCP/IP and OSI Reference Model Comparison ✓ 1. ® B and C. The TCP/IP model has four layers. The Application layer maps to the top three layers of the OSI Reference Model. ® A and D. These are contrary to B and C. ˚ ✓ 2. ® C. Routing and logical addressing occur at the Internet layer of the TCP/IP stack. ® A. The Network layer is an OSI model layer. B. Data Link is an OSI model layer. ˚ D. Framing, error checking, and media access occur at the Network Access layer of the TCP/IP stack. ✓ 3. ® D. Framing, error checking, and media access occur at the Network Access layer of the TCP/IP stack. ® A. The Network layer is an OSI model layer. B. Data Link is an OSI model layer. ˚ C. Routing and logical addressing occur at the Internet layer of the TCP/IP stack. ✓ 4. ® D. Formatting and code conversion are Presentation layer functions in the OSI model. The Application layer in TCP/IP maps to the top three layers of the OSI model. ® A, B, and C. None of the remaining options are correct. ˚ Application Layer Functions and Protocols ✓ 5. ® B. DNS resolves an IP address for a domain name. ® A. DHCP provides automatic dynamic address allocation inside a network segment. ˚ C. SMTP provides e-mail transmission between clients and servers. D. SNMP provides network and configuration management services. ✓ 6. ® B. DHCP messages are sent broadcast and, therefore, will not cross the router. ® A. It is unlikely every client manually changed their TCP/IP configuration at the same ˚ time. C. Cabling to a single host would not bring the entire network segment down. D. Waiting will not fix this problem. ✓ 7. ® A. Public and private community strings are used within SNMP to read and write, respectively. ® B. The choices are backwards. Private allows for writing configuration data, while public ˚ allows for reading MIB information. C and D do not exist as community strings. ✓ 8. ® B. Anything between the // and / in the URL is the hostname holding the resource. ® A, C, and D. http is the protocol used, and education.htm is the individual page requested. ˚
  • 111. Self Test Answers 67 Transport Layer Functions and Protocols ✓ 9. ® D. The three-way handshake begins with a synchronization packet (SYN), which is then acknowledged (SYN/ACK). The last step is an acknowledgment of the sequence numbers (ACK). ® A, B, and C. The steps are out of order. ˚ ✓ 10. ® D. The port number for SMTP is 25. ® A. 21 is the port number for FTP. B. 22 is the port number for SSH. C. 23 is the port ˚ number for telnet. E. 110 is the port number for POP3. ✓ 11. ® C. The port number for HTTP, used to pull HTML web pages, is 80. ® A. 23 is the port number for telnet. B. 25 is the port number for SMTP. D. 88 is the port ˚ number for Kerberos. E. 110 is the port number for POP3. ✓ 12. ® C. Source port numbers from a requesting machine are dynamic and must not be from the well-known port range 0–1023. ® A, B, and D. All answers are from the well-known port range, which cannot be used here. ˚ Internet and Network Access Layer Functions and Protocols ✓ 13. ® D. ICMP provides error correction and notification services to IP. ® A. ping is a command-line utility used to test network connectivity. B. SNMP is an ˚ Application layer protocol for network management. C. DNS provides IP address resolution for a domain name. ✓ 14. ® C. Destination unreachable indicates there is no entry in the route table of your system, or a router on the path, for the end host. ® A. If the packet makes it to the end station’s network, and the station is offline, you should ˚ receive a Reply Timed Out message. B. A Destination Host Unreachable message indicates a layer 3 problem, not one in layer 1. D. If the packet reaches the destination network and the device is online, you should receive a Reply From message. ✓ 15. ® B. SLIP was a popular point-to-point protocol early on, but was only capable of transmitting TCP/IP. ® A. PPTP is a tunneling protocol. C. SNMP is an Application layer protocol for network ˚ management. D. SMTP is an Application layer protocol for e-mail.
  • 112. This page intentionally left blank
  • 113. 3 Network Media and Devices CERTIFICATION OBJECTIVES 3.01 Network Media 3.02 Network Devices ✓ Q&A Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use. Two-Minute Drill Self Test
  • 114. 70 Chapter 3: Network Media and Devices S o far, we’ve covered some basic essentials of networking knowledge, and discussed the grouping of rules needed for a network to function. However, while protocols provide the rules and standards needed on our networks, and the knowledge and definitions covered are essential, they only offer portions of the overall networking puzzle. To become an effective networking technician, you need to know the physical as well as the theoretical. In this chapter, we’ll begin the examination of the physical hands-on side of networking by taking an in-depth look at the pathways data uses to travel on a network, known as network media. We’ll first examine some basics and terminology on media in general, followed by a discussion on copper cabling characteristics, types, and connectors. Next, we’ll explore some basics of fiber cabling. Lastly, we’ll complete the chapter with wireless transmission media characteristics and fundamentals. CERTIFICATION OBJECTIVE 3.01 Network Media Just as vehicles need roadways on which to travel, data needs a pathway to use to move from system to system. In the early days of networking, these choices were limited. However, in the modern world, your choice of data pathways ranges from physical cabling to a wide variety of wireless over-the-air options. Network media simply refers to the defined pathway data travels within a network. Your choice of media depends on a variety of considerations, such as bandwidth, attenuation, noise immunity, and cost. Every media choice has a specific maximum bandwidth it is capable of transmitting. In general, installers choose the highest grade of cable available, within cost, for a specific installation. This allows for upgrades in networking devices later on, without removing and installing new cabling. This section concentrates on physical media (cabling), while wireless communications are covered in Chapter 11. Media Terminology Attenuation refers to the degradation of a signal over distance traveled on a media. As data travels down a cable, the signal strength weakens due to imperfections and
  • 115. Network Media 71 interference. Each media type, therefore, has a specific cable length in which signaling works. Some cable types and implementations have relatively short distances, while others can span—literally—miles. Attenuation concerns, unless handled by the cable type itself, are usually mitigated with a layer-1 device—a repeater. Noise immunity is another concern in choosing appropriate media for your network. Noise is a catchall term used to refer to the many different forms of interference that can affect a data signal. Electromagnetic interference (EMI) and radio frequency interference (RFI) are two common culprits in damaging data signals. Depending on your media choice, your network may be susceptible to one, both, or neither. Lastly, many times media choice comes down to cost. Generally speaking, the cost of the media increases as its susceptibility to noise and attenuation decreases. Additionally, media can have several different grades or categories within a specific type. While you may wish to install the best media available, keep in mind that all the devices you purchase for your network must also work on the media, and some media requires a healthy investment in component/hardware upgrades. In other words, the cost isn’t necessarily just about the media, but also includes the upgrade in networking components you may need to run the media. Cabling falls into two major categories: copper-based and fiber-based. Copper cabling uses electrical impulses to send bits, while fiber cabling encodes bits using light impulses. Each category has several defining characteristics and is applied in different situations. In the next section, we’ll discuss some basics of cabling at the LAN level. Most, if not all, of the cable discussions following will be applicable to an Ethernet LAN. Ethernet networking is discussed in greater detail in the next chapter. Copper Cabling Copper cables are the most common media choice for the majority of LAN installations, mainly due to cost and their relative ease of installation. Initially, copper-based networks used coaxial cables as their media; however, most modern implementations use a form of twisted pair. Regardless of which copper cabling you choose, attenuation and EMI are issues to deal with in your network planning. Some, like coax and shielded twisted pair, have at least a modicum of protection against EMI, but all are susceptible to noise interference and eavesdropping. While not a wise option for modern networks, in the early days of Ethernet networking coaxial (coax) cables provided the most popular media choice. A coax cable consists of a central copper core surrounded by insulating material and a
  • 116. 72 Chapter 3: Network Media and Devices braided metal shield. The signal travels through the central core, and the shield provides protection against EMI as well as acting as a ground for the signal. Another consideration with using coax is the actual physical properties of the electrical signal itself. All electrical signals require a terminated ground, or they will “bounce” back through the wire. In coax cabling, terminators must be affixed to both ends of the cable for data networking to function. If a terminator is loose or disconnected, the entire network segment will fail. Coax cables come in a wide variety of standards, but only two were normally used in LAN implementations. Coax cables aren’t a part of modern LAN implementations, but you will still see them on the job—particularly on the WAN provision side. Cable television providers are now taking advantage of the available bandwidth on the RG-6 coax cables already in place throughout much of the country, splitting the data signal from the analog waves carrying the television channels. You can easily tell whether a coax cable is for television/cable modem purposes by looking at the connector. An F-type connector is threaded and screws on a nut-and-bolt assembly. Thicknet cabling (also known as 10BASE5) was the original Ethernet transmission media. As its name implies, the cable itself is relatively thick, stiff, and hard to work with. The benefit of thicknet is that its solid core is capable of transmitting a signal up to 500 meters, and it is highly resistant to EMI. However, connections to the bus required “vampire” clasps (taps), and data transmissions were only capable up to 10 Mbps. Thicknet is no longer used as a data transmission media, although it may appear in older networks. If you were to see either coax type on an existing, relatively modern network, you’ll most likely see thinnet used as a backbone to connect several hubs together. Thinnet (also known as 10BASE2) rapidly replaced thicknet in most LAN installations during the early 1980s. Thinnet is much thinner, lighter, and, more flexible than thicknet, making it easier to work with and install. Due to its thinner core, however, data signals can travel only 185 meters before attenuating. However, attaching hosts to the bus was relatively easy, using Bayonet Neill-Concelman (BNC) and T connectors.
  • 117. Network Media Important topics to remember regarding coax cabling are the maximum data transmission rate (10 Mbps), the segment lengths (185–500), and the connector types (BNC,T, and Terminators). Additionally, remember coax 73 cabling is difficult to troubleshoot: loose or disconnected terminators and/or a single break in the cable will bring the entire segment down, and discovering where the link is broken can be frustrating. Twisted pair has replaced coaxial cabling as the media of choice for most new network installations. Twisted pair cabling is relatively inexpensive and is simple to work with and install. Signals do not travel as far on twisted pair as they do on coax—generally, 100 meters on TP, with up to 500 meters on coax—however, they do provide more options for network topologies and offer much greater transmission speeds—up to 10 Gbps compared to coax’s 10 Mbps. Twisted pair consists of eight separate wires twisted into four distinct color-coded pairs. The pairs consist of four solid color wires—orange, green, blue, and brown—together with a white-striped version in each pair (for example, orange and white orange, green and white green, and so on). The twist ratio, twists per inch, is different on each pair and is used to reduce crosstalk and interference on the wire. Additionally, twisted pair comes in two distinct varieties: shielded and unshielded. The shielded version provides a metal shield to help protect against EMI. The Electronic Industries Alliance, the Telecommunications Industry Association (EIA/TIA), and the American National Standards Institute (ANSI) created several categories for twisted pair cabling in 1991, setting specific measurable standards for attenuation, twist ratio, and grade. The higher the category listed, the better the cable and the more options you have available to you as a network technician. For instance, Category 3 cabling is perfectly acceptable for 10 Mbps Ethernet. However, Category 5 can handle the same 10 Mbps rate, but can also run up into gigabit speeds. In most cases, network designers will call for the highest grade of cabling available in order to provide for Be sure to know the future growth and expansion of services. Twisted transmission rates and implementation pair categories are listed in Table 3-1. uses for each of the categories.
  • 118. 74 Chapter 3: TABLE 3-1 Twisted Pair Categories Network Media and Devices Cable Category Bandwidth Capability Application 1 1 Mbps Voice (telephone) 2 4 Mbps Token ring 3 10 Mbps Ethernet 4 16 Mbps Token ring 5 100 / 1000 Mbps Fast/gigabit Ethernet 5e 1000 Mbps Gigabit Ethernet 6 1000–10,000 Mbps Gigabit and 10-gigabit Ethernet 6e 10,000 Mbps 10-gigabit Ethernet 7 10,000 Mbps 10-gigabit Ethernet Just as with coax cabling, one of the most important pieces of the overall cable plan is the connector allowing a device to access the wire. While thinnet cabling used BNC connectors, T connectors, and Terminators, twisted pair makes use of either an RJ11 or an RJ45 connector. RJ11 connectors—smaller, thinner, and using only six pins (three pair)—are used on telephone twisted pair, while RJ45—larger, thicker, and using eight pins (four pair)—is the choice for data networking. Attaching an RJ45 connector to a twisted pair cable end is a bedrock function for data networkers today and requires knowledge of the physical connector itself and the color-coded cable pairs. The connector has eight copper pins that, before crimped, jut out from the bottom of the connector. These pins have small “teeth” on the inside of the connector that will pierce each cable as the connector is crimped, providing the electrical conduit for the signal. These pins are designed to touch matching pins in an open port. Therefore, it is vitally important that all cables are cut square, arranged properly, and pushed all the way inside the connector before crimping. Poor connectors are the number one source for almost all physical network connectivity problems. On a twisted pair cable, be sure to check that the Kevlar sheath has been pushed into the connector before crimping. If not, the only things holding the connector to the wire are the small copper taps at the end of the connector, and as a result, sooner or later, you’ll have problems with that cable. Before learning the appropriate color combination for an RJ45 connector, you must first understand the pinouts on the devices you are connecting. A pinout is the
  • 119. Network Media 75 allocation of a specific function to an individual pin. For example, one pin can be set to transmit, while another is set to receive. The pinouts on a device are defined by the network standard in use. Ethernet standards, covered more in depth in Chapter 4, prescribe the pinouts listed in Table 3-2. The pinouts on a device port dictate which type of cable should be used in any given scenario. Notice from Table 3-2, the transmit pins on an NIC, pins 1 and 2, are different than the transmit pins on a switch or hub port. Switches and hubs have a pinout that is the reverse of the NIC—pins 1 and 2 are set to receive, while 3 and 6 are set to transmit. Considering this, it should be easy to see that a cable connecting the pins directly to each other, allowing the signal to run straight through, works perfectly between devices of different pinouts. A twisted pair cable that has all pins running to their corresponding twin—pin 1 to pin 1, pin 2 to pin 2, and so on—is known as a straight-through cable. Examining the connectors on both ends of a straight-through cable, you’ll find they are identical. Consider, though, what would happen if you were to plug two devices of the same pinout together. For example, oftentimes network design will call for hubs or switches to be plugged together. If a straight-through cable were used in this instance, pin 1 on one switch port would transmit to pin 1 on the other switch port—which is also set to transmit. Therefore, communication could not occur; pins 1 and 2 on both ends would continually transmit to nothing, and pins 3 and 6 would always be listening, waiting for a signal that would never arrive. In this instance (plugging two devices of the same pinout together), a cable must be created that allows the signal to cross over from pin 1 to pin 3 and pin 2 to pin 6. This is accomplished by swapping the colored TABLE 3-2 Device Pinouts NIC, Router, Wireless Access Point, Network Printers Function and Pinout Function and Pinout Transmit Devices 1 1 Receive Transmit 2 2 Receive Receive 3 3 Transmit 4 4 5 5 6 6 7 7 8 8 Receive Transmit Devices Hub, Switch
  • 120. 76 Chapter 3: Network Media and Devices pairs on one end of the cable to a different pin set than the original. A cable that maps pins this way is known as a crossover cable. If you examine the connectors at the ends of a crossover cable you’ll find the orange and green pairs are swapped, allowing the signal to cross from pins 1 and 2 to pins 3 and 6. Be very aware of which and a computer have the same pinout, cable to use in a given scenario. Pay therefore, a crossover cable is the correct particular attention to the pinouts before choice. answering a question. For example, a router The last cable type is more Cisco-specific and is not used to connect networking devices together. A rollover cable is used in conjunction with a PC serial port and a DB9-to-RJ45 transceiver to physically access a router or switch console port for administrative purposes. Rollover cables map the pins to their opposite on the end of the wire—pin 1 to pin 8, pin 2 to pin 7, and so on—rolling the signal over to the opposite end. More on rollover cables and console administration will be covered later. While true that a cable with a connector on both ends pinned out the same will suffice for straight-through uses, it’s obviously a better choice to make sure all cables within your network are created with the same color scheme. Imagine trying to troubleshoot connectivity problems in a network where every cable had a different pinout! Additionally, the cables are granted a category rating based in part on the twist ratio for each pair. In other words, the individual color codes are created with a specific purpose in mind, and are twisted accordingly. With eight pairs and multiple colors to choose from, it seems logical a standard should be set. Many new Cisco devices have a built-in method to assist with cabling—the port senses the pinout from the far end device and auto-configures the port’s pinouts to match, no matter whether the cable is straight-through or crossover. However, just because this feature is available, you shouldn’t throw caution to the wind and simply use any cable lying around. Sticking with convention assists in troubleshooting and reduces downtime later. The Electronic Industries Alliance and the Telecommunications Industry Association (EIA/TIA) created standards for color coding and connectors for
  • 121. Network Media 77 twisted pair wiring. The EIA/TIA 568A and 568B standards are used for creating twisted pair cabling for Ethernet networks. 568B pinouts on both ends of the cable create a straight-through, while a crossover can be created by using 568B on one end and 568A on the other. The color codes for 568B, from left to right, with the tab down and the open end of the RJ45 connector toward you, are white-orange, orange, white-green, blue, white-blue, green, and white-brown, brown. The 568B standard is most commonly used for Ethernet networks. A simple way to remember the color layout is the pneumonic “Only Good Boys Get Brownies.” The first letter corresponds to the color, and you always alternate white, solid, white, solid, and so on. The 568A pinouts simply reverse the orange and green pair: white-green, green, whiteorange, blue, white-blue, orange, white-brown, brown. Either standard will work just fine for Make sure to familiarize Ethernet straight-through cabling, but typically yourself with the color codes for straightif you see a connector wired to 568A, it will be through (568B) and crossover (568A) a crossover cable, with a 568B pinout on the cables. far end. See Figure 3-1 for a picture of the cable layout by color for each standard. Fiber Cabling While copper cabling is much more common in data networks, fiber cabling offers many advantages and is finding its way more and more into modern networks. Fiber cabling encodes bits into light signals, which are totally immune from both FIGURE 3-1 The EIA/TIA pinouts Pin Pin Pin Pin Pin Pin Pin Pin 1 2 3 4 5 6 7 8 Pin Pin Pin Pin Pin Pin Pin Pin 1 2 3 4 5 6 7 8 EIA/TIA 568B Standard EIA/TIA 568A Standard
  • 122. 78 Chapter 3: Network Media and Devices EMI and eavesdropping. Fiber also offers longer segment lengths, much higher bandwidth speeds, and better security than copper cabling. On the other hand, fiber has historically been the most expensive option—not only the cabling itself but the devices and NICs used to access the fiber media drive up the installation cost. Until recently, it has also been considered relatively difficult to work with, as connectors are difficult to attach and the cable itself is relatively fragile. Fiber cables contain a glass or clear plastic core that is surrounded by a material known as cladding. Cladding works like mirrors to reflect the light signal back toward the core. As an analogy, consider a flashlight pointed at a wall. If you turn the flashlight on and begin walking backward, the circle of light on the wall gets larger, but dimmer. Light signals inside the wire tend to do the same thing, making the signal weaken the further down the wire it travels. Cladding controls this modal dispersion and ensures the signal stays clear and focused directly down the core of the wire. Most fiber cabling in LAN and WAN implementations falls into two major categories: single mode fiber (SMF) and multi mode fiber (MMF). SMF is generally yellow in color, uses a laser as a light signal source, and has a smaller core (9 microns or less in diameter). MMF is orange in color, uses an LED as a light source, and has a larger core (50 to 100 microns in diameter). SMF accommodates high bandwidths and very long segment lengths and is the primary fiber choice for network backbone lengths. MMF carries multiple light signals concurrently, but at a shorter distance than SMF. Just as with coax and twisted pair cabling, fiber cables have specific connectors for each cable type. The most common connectors used in fiber cabling are ST, SC, and MTRJ. ST connectors, often referred to as stick and twist connectors, look very much like the BNC connectors used on coax cabling. SC connectors, known as stick and click, are square and have a tab used for connectivity, much like the tab on the RJ45. Lastly, MTRJ connectors are small form factor (meaning they are smaller in physical size than typical connectors), and are normally used for connections to fiber modules in switches or routers. Fiber cable is used as a backbone inside most LANs. Many times, the cable (yellow or orange) will travel into a small transceiver, which allows a UTP or STP cable to then run into your router or switch. Fiber can be used straight to the desktop, but this is not very common.
  • 123. Network Devices 79 CERTIFICATION OBJECTIVE 3.02 Network Devices Network media supplies the pathway on which data can travel, and protocols furnish the rules that data must comply with while “on the road.” However, it’s logical to then wonder what controls the traffic as it moves through our network highway. While Chapter 1 touched on the devices needed for a network to function, this section goes into a little greater detail on how these devices interact with one another to control traffic. In general, two terms are used in discussion with devices: flooding and filtering. Flooding a packet means the device sends it out of every port, regardless of address. Filtering implies the device reads an address and makes a decision about which port to send it out on, or whether to drop it. More information on Cisco devices is, of course, covered in much greater detail throughout the rest of this book. This section is merely an introduction to network device function. Exam questions won’t usually be merely rote memorization. Rather, the exam will concentrate on the usage of each device in a given scenario. Pay particular attention to the layer at which each device works, and how each device’s function affects network performance. NICs Network interface cards (NICs) provide the interface your system needs to access to physical media. Usually, NICs are built into the motherboard on the computer itself, or are added as some form of expansion bus card. These cards can range from (older) ISA boards and (newer) PCI boards to PCMCIA cards inserted into a laptop port. The card installed on the system must match the media used. For example, you can’t have a 10BASE2 coax card on a network using UTP—the ports and connectors simply don’t match. NICs listen to the wire based on the media access method the network uses. When a frame is detected, the NIC reads the physical address (MAC address) and makes a determination on whether to pass it to the operating system (OS) through
  • 124. 80 Chapter 3: Network Media and Devices the protocol stack bound to the board, or to ignore the frame. If the address in the frame is unicast and matches the NIC’s MAC address, it will accept and process the frame. If the address is broadcast, it will open and process the frame to determine if action needs to be taken. If the address is multicast, the frame will be accepted and the layer-3 address will be used to determine if it is processed or discarded. Because NICs make processing decisions based on the layer-2 addresses, NICs are considered to be layer-2 devices. Transceivers, Repeaters, and Hubs In many instances, various network media will find its way into a network design. For instance, a designer may use fiber cabling as a backbone, daisy-chaining several switches together on the segment, while using UTP for client connectivity to the switches. Something has to provide a means to translate the light signals on the fiber backbone to electrical signals for the UTP and vice versa. A transceiver is used for just such a purpose. Transceivers do not read addresses, nor affect the data at all. They simply convert the signal from one media type to another. Because they are “dumb” to addresses and work purely on bits, transceivers are known as Physical (layer 1) devices. Transceivers are most often seen when connecting a fiber ST or SC backbone to a UTP or STP network, or at legacy router ports. Older Ethernet router ports were built using an AUI connector, and a transceiver allowed a UTP cable to be used with the AUI port. On most modern networks, switches and routers can have a fiber module built in.The module is nothing more than a transceiver crafted to fit in the available slot on the router or switch. Occasionally in your network design, you will come across the need for a longer segment length than is allowed for a given media. For example, a single user may be 120 meters from the communications closet, and your UTP network is only capable of 100-meter segment lengths. To solve this problem, a repeater can be used. Repeaters have two ports and, like transceivers, do not read addresses of any kind, nor do they update the data. Repeaters simply repeat and regenerate a signal in order to overcome the attenuation restrictions of a media type. Because repeaters do not read addresses, nor make any changes to the data, they are also considered layer-1 devices.
  • 125. Network Devices 81 A hub, another layer-1 device, is simply a multiport repeater. Hubs act as a wiring concentration point, allowing systems to plug into a central location, and do not look at addresses of any kind. Hubs do not make any decisions on filtering or forwarding data traffic—whatever enters the hub on one port is flooded out of every other port. To further examine this claim, consider Figure 3-2. Though this is an oversimplified depiction of a hub, the image does show why signals on a hub are sent to all devices. If you take off the top of the hub and examine the wiring within, you’ll notice that all ports basically run to a bus in the back of the box. This means all copper cables are touching; therefore, any electrical charge applied to a single port charges all other ports. The hub is nothing more than a box that ties all the wiring together. Hubs and repeaters provide both good news and bad news regarding your network. On the good side, repeaters allow designers to extend segment lengths in special situations, to provide services to individuals or offices that happen to fall outside the network’s serviceable footprint. On the bad side, repeaters allow for more systems to share the media. As more and more systems attach to the media, more and more bandwidth is shared, and the opportunity for collisions to occur increases (collisions and collision domains are covered in greater detail in Chapter 4). Because of their impact on network performance, and the fact they increase the size of collision domains, hubs and repeaters are not recommended in network design unless absolutely necessary. Bridges and Switches Hubs and repeaters can result in very slow networks. Assume, for example, you have four hubs daisy-chained together, as shown in Figure 3-3, and each hub has ten users on it. After chaining all the hubs together, you have 40 users sharing the same wire segment. The result is that a message from any of the users is repeated to every other FIGURE 3-2 A hub
  • 126. 82 Chapter 3: Network Media and Devices A collision domain with hubs Message to PC3 FIGURE 3-3 PC2 PC3 PC4 PC5 PC6 PC7 PC8 PC1 member on the wire (in Figure 3-3, a message from PC1 to PC3 is flooded to all 40 users). Additionally, the chances of a collision (two devices transmitting at the same time) is relatively high. In this case, 40 systems are all part of the same collision domain—a shared segment of media where a message from one system could collide with messages from other systems. Collisions greatly slow not only the individual systems that are part of the collision, but the network as a whole. An answer to this problem is to segment the collision domain, and in this case, a bridge would work nicely. A bridge is a two-port layer-2 device that is used to effectively split a single collision domain in two. Continuing our example, the bridge would be placed between the hubs, with two chained hubs plugged into one side of the bridge, and the remaining pair plugged into the other port, as shown in Figure 3-4. When the bridge is powered on, it initially acts just like a hub, flooding all messages as they are received. However, it pays attention to the source MAC address in each frame and keeps a table in memory, recording the location of each MAC. After a short amount of time, the bridge learns the MAC addresses on each side of the network and can then begin filtering traffic. As a message is sent from one station, it floods through the hubs and reaches the bridge port. The bridge reads the MAC address and compares it to its table. If the MAC is on the other side of the network, the bridge will allow the message to cross and flood into that segment. If, however, the MAC is on the same side of the bridge as the sending PC, the bridge will not allow the message to cross, effectively splitting the collision domain in half. In our example shown in Figure 3-4, the message from PC1 to PC3 is not forwarded to the other side of the network segment. The bridge learned which side PC3 was on and, after reading the destination MAC address, knew to keep the message on the originating side.
  • 127. Network Devices Collision domain FIGURE 3-4 83 Collision domain Message to PC3 Segmenting with a bridge PC2 PC3 PC4 PC5 PC6 PC7 PC8 PC1 Additionally, our bridge has split the collision domain in half. Because it blocks messages intended for one side from crossing over to the other side, the number of stations that can collide with each other reduces. In our example, the bridge has taken the original single-collision domain of 40 systems and segmented it into two domains of 20 systems each. Messages from PC1 can collide with PC2, PC3, and PC4, but not with systems from the other collision domain! This provides an obvious performance boost to your network and, effectively, cuts the number of collisions in half. This topic is touched on again in Chapter 4. In addition to improving network performance, bridges can also be used to connect two dissimilar layer-2 segments together under one logical address scheme. For example, consider Figure 3-5. In this instance, the bridge is placed between a segment using token passing and a segment using standard Ethernet. The frame type used by the token ring network will not make sense to systems on the Ethernet side, and vice versa. To solve this problem, a translational bridge will read the frame and compare the destination MAC address to its table. If the bridge determines that the destination MAC is on the other side of the segment, the original frame is stripped off and a new frame, matching that type, is built for delivery into the other segment.
  • 128. 84 Chapter 3: Network Media and Devices Host B Application Application Presentation Session Session Transport Translational bridging Host A Presentation FIGURE 3-5 Transport Bridge Network Network IP PKT LLC Link Data Link MAC Ethernet Data Link Token ring Physical Physical Ethernet Ethernet frame Token ring Physical Token ring frame Switches do an even better job of segmenting collision domains. A switch looks much like a hub, and it starts out just like a hub—forwarding all traffic to all ports. However, as you’ll see, this does not last long. As with the diagram for a hub, Figure 3-6 displays an oversimplified version of a switch, with the top taken off. Notice that each wire connection from a port ends with a physical switch that does not physically touch FIGURE 3-6 A switch
  • 129. Network Devices 85 the bus. Chips inside the switch monitor both the port wires and the bus itself. As a message hits a port, that wire energizes and the switch at the end closes, touching the bus. The chips inside the device read the source and destination MAC addresses and make a determination as to which port to send the message. The bus then closes the appropriate switch for that one port, and the message is delivered. After delivery, the switches are opened, awaiting the next message. A final advantage switches hold over hubs deals with simultaneous delivery of frames. If a hub receives two frames at the same time, a collision occurs and neither gets delivered; remember, all ports on a hub share the same media, so only one device can transmit at a time. On a switch, ports do not share the media; they see the line as available 100 percent of the time. Because of this design, a switch is capable of simultaneous frame transmission from multiple hosts — a significant advantage over hubs. Be sure to familiarize yourself with bridge and switch operation in regards to splitting collision domains and speeding up network performance. Remember, both devices initially flood all traffic until the source addresses are learned and entered into an internal table. Exam questions will not only test basic knowledge on this, but will provide scenarios in which you’ll have to determine which system can collide with the source, as well as trace the forwarding of a frame, based on its MAC address. Also, don’t forget: switches and bridges both flood broadcast and multicast traffic, no matter where it comes from. This method of operation offers a couple of advantages. First, because only one wire is allowed to touch the bus at any given time, collisions are effectively eliminated. Second, since the bus ensures the switches close only between sender and receiver, each device receives 100 percent of the available bandwidth speed. Because switches read MAC addresses and make filtering decisions on frames, they are considered layer-2 devices. Routers Bridges and switches do a great job of splitting collision domains and improving LAN traffic speeds. However, switches and bridges do nothing to limit broadcasts (bridges and switches flood all broadcast and multicast traffic), and cannot get traffic out of your network. For these functions, and more, you’ll need a router.
  • 130. 86 Chapter 3: Network Media and Devices Switches can be used to control broadcasts if you configure VLANs. However, VLANs can get very confusing, especially in a large network, and must be used with extreme caution and care. VLANs are covered later in this book. A broadcast domain is the area of your enterprise network a broadcast can be propagated through. Since hubs, bridges, and switches flood broadcast traffic, they serve to expand a broadcast domain—any host connected to these devices receives every broadcast sent by any other host on the device. Administrators should attempt to control broadcast propagation within the network for two main reasons: broadcasts can rapidly consume available bandwidth, and each host must spend its own processing cycles on broadcast messages. The only piece of equipment that splits broadcast domains is a layer-3 device, such as a router or firewall. Getting traffic out of the network is another job for the layer-3 appliance. While a bridge can be used to connect two layer-2 segments, they both must be in the same IP address subnet. For clarification, consider the post office analogy used earlier in this book: A layer-2 device acts like a single postal clerk inside a neighborhood. The clerk can deliver mail inside the neighborhood, where all houses have the same ZIP code, but is not responsible for delivering mail to houses in a different ZIP code. In fact, if the clerk receives a letter destined for another ZIP code, he takes it back to the post office (router) for delivery. A bridge can only connect layer-2 segments where all systems share the same network address. (More on network IP addresses and subnetting will be covered later in this book.) A router is used to connect networks. Acting much like a post office, the router strips off the frame and looks at the Logical (layer 3) address. It then compares the address to a route table and makes a determination on what to do with the packet. If a route exists in the route table, the router will build the appropriate frame for that network’s technology (Ethernet, Point-to-Point, Frame Relay, and so on) and send it out the appropriate port. If there is no entry in the route table, the router will drop the packet. Route tables are built in one of two ways: static or dynamic. Static routing means the administrator simply types in the routes for the route table. Dynamic routing allows the routers within your network to share information with each other about the networks they know of, and information regarding each link. This information is incorporated into the route table and keeps it constantly updated. Much more on routing, route tables, routing protocols, and the like is covered later in this book.
  • 131. Network Devices 87 Security Devices While hubs, bridges, switches, and routers are used to move data around in the network (and you can apply security actions to each), modern networks also make use of devices specifically intended for security purposes. Probably the best known and most often referenced device involving network security is a firewall. Firewalls work by examining traffic at the Network and Transport layers and comparing the frame/packet with a filter list. If the administrator has specifically defined the traffic as allowable, the frame/packet is allowed through. If the traffic presents a security risk, the administrator can add an explicit deny statement, or simply choose to not address the traffic at all in the filter list. Firewalls work with an implicit deny feature, meaning if the traffic is not explicitly allowed by a filter rule, it is automatically dropped. For example, assume a firewall has been placed between an internal network and the Internet. The administrator decides to allow users from inside to surf web traffic, but does not want to allow users from outside (the Internet) to access web resources inside the network. The administrator could add two rules to the filter list: the first rule allows traffic with a source IP address matching the internal network and a destination port of 80 traveling to any IP address to pass through the firewall, and the second prevents traffic with a source IP address from any subnet other than the internal network destined to the internal network IP range with a destination port of 80. You should be very familiar with firewall operations—not necessarily the configuration of the device—but the basics on how it operates. Pay particular attention to the implicit deny feature, the idea of an inside and outside port (network), and how the firewall uses IP addresses and port numbers to filter traffic. Obviously, careful planning is required before installing a firewall—simply taking it out of the box and installing it blocks all traffic to (and sometimes from) the network! Firewalls are typically placed between a public network and the Internet to protect internal users from attack. Additionally, firewall ports are treated just like router ports—each is a separate network. Most designers use firewalls to create demilitarized zone (DMZ) networks to help secure their internal networks. Devices that are to be publicly accessible—such as your company web, DNS, and e-mail servers—are placed in the DMZ, and firewall rules are used to allow access to them, but not your internal network.
  • 132. 88 Chapter 3: Network Media and Devices A firewall is only as good as the configuration placed on it and does not, by itself, represent a total security solution. Use care in the placement of a firewall, as well as in determining which configuration settings to set. A second, very commonly discussed network security device is an intrusion detection system (IDS). Intrusion detection systems perform exactly as the name implies. These devices are placed in a location to monitor all network traffic (usually, just inside—or immediately on the outside—of your network border) and compare the traffic against a set of criteria. If the packet stream matches the criteria (predefined indicators of an intrusion attempt), the IDS takes action. Depending on the type of system used, this could be as simple as an audible alarm and a notification to a log file (for administrator review), or a more active response, such as shutting down the communication stream or redirecting the traffic to another location for analysis during the attack. If the device takes action to prevent the attack, in addition to simply detecting and notifying administrators of it, the system is referred to as an intrusion prevention system (IPS). If the device simply detects attack signatures and provides notification on possible incidents, it is an IDS. More information on firewalls, IDS and IPS, network security, risks, and mitigations is covered in Chapter 12. Putting It All Together Knowing how all the devices work together helps in the overall design of a network. Two of the most important tasks of a network installer are reviewing network diagrams for technical accuracy and performing troubleshooting. A thorough understanding of how data travels through the network via the stages of the OSI Reference Model and within the protocols of TCP/IP helps in this process. A typical network diagram appears in Figure 3-7. Most network diagrams follow the same symbology: ■ Routers are circles. ■ Switches are rectangles with multiple arrows pointing in each direction. ■ Hubs are rectangles with a single arrow pointing in each direction. ■ Bridges are rectangles with a half-moon shape cut out of the top.
  • 133. Network Devices 89 FIGURE 3-7 A typical network diagram Internet Firewall Bridge Hub Workstation Router Switch DMZ Other oft-used symbols include those for firewalls (comprised of a wide variety of symbols, usually including bricks), the cloud (indicating the Internet, or another packet switched network that traffic must travel through), lines representing specific connections (such as wireless, serial, Ethernet, and so on), and other networking equipment (PCs, laptops, servers, firewalls, and others). Make sure you are very familiar with network diagrams.The exam uses the same symbology discussed in this section, but may not label each device on the diagram. In other words, knowing what a switch and bridge do will help you in answering the question, but if you are not familiar with the symbol for each, you may misdiagnose the network diagram provided. Be sure to check the icons used in the diagrams on the exam before the exam starts.The icons should be listed on one of the preparatory pages.
  • 134. 90 Chapter 3: Network Media and Devices INSIDE THE EXAM Network Media Exam questions on media may seem like a straightforward exercise, but be forewarned; they are trickier than you think. It is essential you understand port pinouts, both 568A and 568B cabling standards, and the different cable types (straight-through, crossover, and rollover). Most exam questions will involve a network diagram and a scenario, requiring the knowledge to identify which cable type to use and/or which pin number is being used from one device to the next. Make sure you know the differences between copper and fiber—chiefly the EMI implications. Lastly, be able to identify and match connectors, cables, and ratings. Network Devices Much of the CCENT exam will center on diagnosing problems using a scenario and a network diagram. Be sure you understand each device function and placement, paying special attention to how each device handles frames, packets, collisions, and broadcasts. Also, knowing what layer each device works at will help with many questions. Keep in mind that the layer a device is said to work at is the topmost layer that device works in. For instance, all devices work at the Physical layer and, of course, routers must read layer-2 addresses before processing the packet. Be sure you understand the process of a message received at an interface: bits are interpreted as frames and, once the address is determined to match, the frame is stripped off and the packet is handed up the stack. Lastly, make sure you’re very familiar with the icons used on the exam to represent each device—including the type of line connection to and from the device. CERTIFICATION SUMMARY Important media terminology includes attenuation (the degradation of a signal over distance traveled on media), noise (any form of interference affecting the signal), and EMI (interference caused by magnetic interference). Cable falls into two categories: copper and fiber. Copper is generally cheaper and much more prevalent; however, it is susceptible to EMI. Fiber is immune to EMI but is more expensive. Copper cable includes coax and twisted pair.
  • 135. Certification Summary 91 Twisted pair cables come in a variety of grades, with each Category rating providing a media for a specific purpose. Cat 5e is the minimum recommended for Fast Ethernet. The 568B standard is the most common wiring pinout for RJ45 connectors—white-orange, orange, white-green, blue, white-blue, green, white-brown, brown. 568A swaps the green and orange pairs. The pinout on NICs, routers, WAPs, and printers transmits on pins 1 and 2, and receives on pins 3 and 6. Hub and switch ports have a pinout with pins 1 and 2 set to receive, and 3 and 6 set to transmit. Straight-through cables are used for connecting devices with different pinouts, while crossover cables are used to connect devices with matching pinouts. Rollover cables are used between the serial connection on a PC and the console port on a Cisco router or switch. Fiber cable types include SMF, for high bandwidth and long distances, and MMF, for shorter distances and multiple concurrent signals. Fiber connectors include ST (stick and twist), SC (stick and click), and MTRJ, used mainly for connections to fiber modules in switches and routers. Network devices include NICs, transceivers, hubs, bridges, switches, routers, firewalls, and IDSs. NICs are considered layer-2 devices and allow hosts to access network media. Transceivers are layer-1 devices that translate one Physical layer connection to another. Hubs are layer-1 wiring concentrators, while bridges work at layer-2, and can effectively cut a collision domain in half, increasing performance. Additionally, bridges can be used to tie two different layer-2 segments together, known as translational bridging. Switches split the collision domain by every port, and also work at layer 2. Routers connect networks together and split broadcast domains, while security devices include firewalls and IDS. Firewalls filter traffic between two networks, examining the source layer-3 address and the destination port number to make a decision on permitting or denying the packet. All firewalls work with an implicit deny feature—unless the traffic is explicitly allowed, it is blocked. IDSs monitor network traffic and notify administrators when an attack is occurring. IPSs take action to prevent the attack from continuing.
  • 136. 92 Chapter 3: ✓ Network Media and Devices TWO-MINUTE DRILL Network Media ❑ Concerns in selecting media for the network include attenuation, noise immunity, features, and cost. ❑ Coax cabling is of two major types: thicknet and thinnet. Thicknet segment lengths can reach up to 500 meters, while thinnet segments can reach 185 meters. Coax connectors include BNC and T connectors. ❑ The two major kinds of twisted pair cabling are unshielded twisted pair (UTP) and shielded twisted pair (STP). Twisted pair cabling consists of four color-coded pairs, with each pair twisted at a specific rate (twist ratio), where segment lengths can reach up to 100 meters. ❑ UTP (and STP) is rated in several categories. Category 3 cabling is the mini- mum required for Ethernet networking (10 Mbps). Category 5 cabling is the minimum for Fast and Gigabit Ethernet. ❑ The pinout on NIC, router, wireless access point, and printer ports has pins 1 and 2 set to transmit, and pins 3 and 6 set to receive. Hub and switch ports have pins 1 and 2 set to receive, and pins 3 and 4 set to transmit. ❑ Straight-through cables have all pins on one end of the cable mapped directly to the same pins on the far end, and are used between devices with different pinouts. Crossover cables map pins 1 and 2 on one end to pins 3 and 6 on the far end. They are used between devices with the same pinout. Rollover cables map pins on one end to their opposites on the far end, and are used to connect a PC serial port to a router or serial console port. ❑ The EIA/TIA 568B standard from left to right, with the tab down, has colors in this order: white-orange, orange, white-green, blue, white-blue, green, and white-brown, brown. 568B is the standard used on most straight-through cables. ❑ The EIA/TIA 568A standard from left to right, with the tab down, has the colors in this order: white-green, green, white-orange, blue, white-blue, orange, and white-brown, brown. 568A is most often used on the other end of a 568B cable to create a crossover cable.
  • 137. Two-Minute Drill 93 ❑ Single mode fiber (SMF) has a small core, uses a laser as a transmission light source, and can transmit high bandwidth over very long segment lengths. Multi mode fiber (MMF) has a larger core. ❑ Fiber connectors include ST, SC, and MTRJ connectors. Network Devices ❑ Layer-1 devices include transceivers, repeaters, and hubs. Layer-1 devices extend collision domains, slowing network performance and increasing collisions. ❑ Transceivers are used to connect one physical media type to another. Com- mon examples include AUI to RJ45 and fiber to RJ45. Repeaters are used to amplify the signal, extending the length of a network segment. Hubs are multiport repeater wiring concentrators used in star and broadcast topologies. ❑ Layer-2 devices make filtering decisions based on the physical MAC addresses in the frame, and are used to segment collision domains (reducing collisions and increasing performance). Bridges and switches are layer-2 devices. ❑ Layer-2 devices filter unicast messages, but flood broadcast/multicast messages. ❑ Layer-3 devices—routers—are used to move traffic between networks and split broadcast domains. ❑ Routers strip off the frame and make filtering decisions based on the layer-3 address in the packet. If a route is found in the route table, the packet is then reframed and sent out the correct port. If there is no entry in the route table, the packet is dropped. ❑ Route tables are built statically or dynamically. Static tables are created and updated manually, while routing protocols are used to dynamically update tables. ❑ Security devices include firewalls and IDS/IPS. Firewalls permit or block traffic between networks based on layer-3 addresses and layer-4 port numbers. IDSs monitor network traffic and notify administrators when an attack is in progress. If the system takes action to prevent the attack, it is known as an IPS.
  • 138. 94 Chapter 3: Network Media and Devices SELF TEST The following Self Test questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully since there may be more than one correct answer. Choose all the correct answers for each question. Network Media 1. A network designer is asked to recommend a media type. The customer desires a Fast Ethernet network, but wishes to keep costs at a minimum. Which of the following media types should be recommended? A. Cat 3 UTP B. Cat 5 UTP C. SMF D. MMF 2. Concerning coax cabling, which of the following statements is true? A. Thinnet is capable of bandwidth speeds of up to 100 Mbps, and has a maximum segment length of 500 meters. B. Thicknet is capable of bandwidth speeds of up to 100 Mbps, and has a maximum segment length of 500 meters. C. Thinnet is capable of bandwidth speeds of up to 10 Mbps, and has a maximum segment length of 185 meters. D. Thicknet is capable of bandwidth speeds of up to 10 Mbps, and has a maximum segment length of 185 meters. 3. A customer maintains a twisted pair network. The customer wishes to attain Fast Ethernet speeds, and wishes to take steps to prevent EMI as much as possible. Which cable type would you recommend? A. Cat 5 UTP B. Cat 5e UTP C. Cat 5 STP D. SMF 4. Which of the following is a true statement concerning the UTP cable connection between a PC and a switch? A. Pin 1 on the PC end is set to receive and is connected to pin 1 on the switch end. B. Pin 3 on the PC end is set to receive and is connected to pin 3 on the switch end.
  • 139. Self Test 95 C. Pin 1 on the PC end is set to transmit and is connected to pin 3 on the switch end. D. Pin 3 on the PC end is set to transmit and is connected to pin 1 on the switch end. E. None of the above. 5. Which of the following is a true statement concerning the UTP cable connection between two hubs? A. Pin 1 on one end is set to receive and is connected to pin 3 on the other end. B. Pin 1 on one end is set to receive and is connected to pin 1 on the other end. C. Pin 3 on one end is set to transmit and is connected to pin 3 on the other end. D. None of the above. 6. Which cable type would be used to connect a PC to a router? A. Straight-through B. Crossover C. Rollover D. None of the above 7. Which cable type would be used to connect a router to a switch? A. Straight-through B. Crossover C. Rollover D. None of the above 8. A straight-through cable is created using the 568B standard. Which of the following correctly describes the color-coded cable layout within the connector (from left to right, with the tab down)? A. White-green, green, white-orange, blue, white-blue, orange, white-brown, brown B. White-green, green, white-blue, blue, white-orange, orange, white-brown, brown C. White-orange, orange, white-green, blue, white-blue, green, white-brown, brown D. White-orange, orange, white-blue, blue, white-green, green, white-brown, brown Network Devices 9. A network technician is asked to diagnose network performance issues. An examination of the network shows new hubs were daisy-chained into the existing segment to allow for new users recently. Which of the following is true? A. The addition of hubs extends the collision domain, increasing the probability and frequency of collisions and slowing performance. B. The addition of hubs segments collision domains, decreasing the probability and frequency of collisions and slowing performance.
  • 140. 96 Chapter 3: Network Media and Devices C. The network performance issues will take care of themselves, as some time will be needed for the daisy-chained hubs to learn the MAC addresses of connected devices. D. Daisy-chaining new hubs into the segment has no effect on performance. 10. A network administrator adds a bridge to an existing network segment to increase performance. When the first unicast frame is received by the bridge, what action does it take? A. The frame is filtered based on the address table. B. The frame is kept on the source segment. C. The frame is flooded to the segment on the opposite side of the bridge. D. The frame is discarded, but the addresses are added to the MAC table. 11. A frame is received on switch port 3, and is addressed to the system on switch port 4. Assuming the switch has already built its CAM table, which of the following are true? (Choose two.) A. The switch floods the message to all ports. B. The switch opens the connection to port 4 only and delivers the frame. C. The connection between ports 3 and 4 is allowed to use 100 percent of the available bandwidth. D. The connection between ports 3 and 4 shares the available bandwidth with all connected devices. 12. A broadcast frame is received on switch port 3. Assuming the switch has already built its CAM table, which of the following is true? A. The switch floods the message to all ports. B. The switch discards the frame since switches do not forward broadcast messages. C. Broadcast frames are not sent by PCs. D. None of the above are true. 13. A broadcast frame is received by a router port. Which of the following is true? A. The router floods the broadcast frame to all ports. B. The router discards the frame. C. Broadcast messages are not delivered to routers. D. None of the above are true. 14. Which network device monitors network traffic for network attack signatures and notifies administrators when an attack is in progress? A. An IPS B. An IDS C. A firewall D. None of the above
  • 141. Self Test 97 15. Which network device monitors network traffic for network attack signatures and is capable of stopping the attack in progress? A. An IPS B. An IDS C. A firewall D. None of the above
  • 142. 98 Chapter 3: Network Media and Devices SELF TEST ANSWERS ✓ 1. ® B. Category 5 UTP best fits the scenario. Cat 5 UTP is the minimum cable requirement for Fast Ethernet. ® A. Cat 3 UTP is only rated for 10 Mbps bandwidth speeds. C and D. Both SMF and MMF ˚ will comply with the bandwidth requirements; however, fiber is typically more expensive than UTP. ✓ 2. ® C. Both statements match thinnet characteristics. ® A, B, and D. These answers do not match thinnet and thicknet characteristics. Both can ˚ only transmit at 10 Mbps, at 185- and 500-meter segment lengths, respectively. ✓ 3. ® C. STP has a metal shield around the twisted pairs to mitigate against EMI. ® A and B. UTP has no protection against EMI. D. SMF is a fiber, not a twisted pair, cable. ˚ ✓ 4. ® E. NIC pinouts have pins 1 and 2 set to transmit, and 3 and 6 set to receive. Since both devices have different pinouts, a straight-through (pin 1 to 1, 2 to 2, and so on) cable would be used. ® A and B. Pin 1 on the PC NIC is set to transmit, not receive. C and D. The pinouts listed ˚ indicate a crossover cable. ✓ 5. ® A. Hub port pinouts have pins 1 and 2 set to receive, and 3 and 6 set to transmit. Since both devices have different pinouts, a straight-through (pin 1 to 1, 2 to 2, and so on) cable would be used. ® B. The pinout listed indicates a straight-through cable. C. Pin 3 on hub ports is set to ˚ receive. D is incorrect. ✓ 6. ® B. PCs and routers have the same pinout; therefore, a crossover cable should be used. ® A. A straight-through cable will not work between two devices of the same pinout. ˚ C. Rollover cables are used between a PC and a router/switch console port. D is incorrect. ✓ 7. ® A. Switches and routers have different pinouts; therefore, a straight-through cable should be used. ® B. A crossover cable will not work between two devices of different pinouts. C. Rollover ˚ cables are used between a PC and a router/switch console port. D is incorrect. ✓ 8. ® C. This represents the correct pinout for an RJ45 connector using 568B. ® A, B, and D. These choices do not represent the correct color-code pinout. ˚ ✓ 9. ® A. Hubs are layer-1 devices, which increase the size of the collision domain, and degrade performance. ® B. Layer-1 devices do not segment collision domains. C. Hubs do not learn, nor recognize, ˚ MAC addresses. D. Adding hubs decreases network performance.
  • 143. Self Test Answers 99 ✓ 10. ® C. Bridges must first learn where devices are before filtering frames. Since the table is empty at first, the bridge floods all the frames. ® A. Initially the table is empty, so the frame cannot be filtered. B. The bridge does not keep ˚ frames on a single segment until the table is built. D. Bridges do not discard frames. ✓ 11. ® B and C. Switches provide 100 percent of the bandwidth to all connected hosts. ® A. Switches do not flood unicast messages. D. Switches provide 100 percent of available ˚ bandwidth to all connected hosts. ✓ 12. ® A. Switches flood broadcast frames. ® B. Switches do not discard broadcast frames. C. PCs do send broadcast messages—and quite ˚ often! D is incorrect. ✓ 13. ® B. Routers do not forward broadcast messages. After opening the frame to determine if the router itself is to take action on it, the router will discard the packet. ® A. Routers do not forward broadcast frames. C. Broadcast messages are delivered to every ˚ device on the network segment, including the router. D is incorrect. ✓ 14. ® B. Intrusion detection systems monitor and compare network traffic against attack signatures and create notifications when an attack is in progress. ® A. IPSs not only monitor traffic, but can take action to prevent the attack. C. Firewalls ˚ permit or block traffic, based on a defined list of layer-3 source addresses and port numbers from an administrator. D is incorrect. ✓ 15. ® A. IPSs not only monitor traffic, but can take action to prevent the attack. ® B. IDSs monitor and compare network traffic against attack signatures, and create ˚ notifications when an attack is in progress. However, they cannot take action to prevent attacks. C. Firewalls permit or block traffic, based on a defined list of layer-3 source addresses and port numbers from an administrator. D is not correct.
  • 144. This page intentionally left blank
  • 145. 4 Ethernet Fundamentals CERTIFICATION OBJECTIVES 4.01 Ethernet History 4.02 Ethernet Characteristics 4.03 ✓ Ethernet Standards Q&A Copyright © 2008 by The McGraw-Hill Companies. Click here for terms of use. Two-Minute Drill Self Test
  • 146. 102 Chapter 4: Ethernet Fundamentals W ith many variations and forms, Ethernet has become the most widely implemented networking technology in modern networks. Ethernet is a term used to describe a specific conglomeration of layer-2 technologies, media access methods, addressing, and functionality. Originally designed for smaller internal LAN implementation, Ethernet’s new standards and capabilities have moved it to the forefront of almost any networking need— including even MAN/WAN connections! In this chapter, we’ll examine how an Ethernet network looks and functions, as well as what it takes to put it all together. We’ll first start with a brief history discussion, followed by Ethernet frame types and addressing. After determining what a frame looks like in Ethernet and how addressing works, we’ll delve into Ethernet’s media access method, CSMA/CD. (Another media access method, CSMA/CA, is also covered here.) Finally, we’ll wrap up the chapter by examining the various Ethernet standards definitions, including both the physical and logical characteristics of each. CERTIFICATION OBJECTIVE 4.01 Ethernet History In the early 1970s, researchers at the University of Hawaii began studying a unique problem: how to allow two or more systems access to the same media without their individual signals interfering with each other. The problem was fairly clear. Suppose a computer sends an electrical signal on a cable. Since it is a shared media, all systems receive the signal. Conversely, if a signal is placed on the cable by two systems at the same time, the electrical charge will be doubled and unreadable. If you further complicate the problem by choosing a wireless media, a whole host of other problems are also introduced—for example, if a system wishes to send, how does it sense if the media is cleared? To answer this dilemma, ALOHAnet was born. ALOHAnet was actually created on a wireless network concept. The addressing, frame type, and media access considerations of building this, at the time, were monstrous undertakings. However, the computer science department at the University of Hawaii came up with a method for all systems to share the wireless media, without interfering with each other. Although at the time it was not designated as Ethernet, the technology was born and, rapidly, spread to other media types and implementations.
  • 147. Ethernet Characteristics 103 The first real Ethernet standard was born from a consortium of industry leaders. Digital Equipment Company, Intel, and Xerox (DIX) used the work and findings already accomplished by ALOHAnet to publish the first Ethernet standard. Released as an open standard—allowing others to improve on and add to it—DIX Ethernet transmitted data at 10 Mbps over thicknet cabling, with an overall network range of almost 2 kilometers. DIX Ethernet rapidly outgrew its humble origins and, together with the advent of more and better media, the need for new standardization grew. Starting in 1980, the Institute of Electrical and Electronic Engineers (IEEE) began work on defining new Ethernet standards. Over time, they developed new, better, and faster means for implementing Ethernet’s functionality and, in 1985, released the 802 series. Named the 802 series because the standards begin with an 802, these are the most popular LAN standards worldwide today. The specifics of both initial and newer IEEE 802 standards are covered later in this chapter. CERTIFICATION OBJECTIVE 4.02 Ethernet Characteristics Every networking technology has unique characteristics that describe its functionality, and Ethernet is no different. Ethernet networks have distinctive frame types, media access methods, and data flow, and as the most common LAN technology in modern networks today, it’s important to understand how Ethernet works. In this section, we’ll cover Ethernet’s defining characteristics. Frame Types and Addressing During our discussion on the OSI Reference Model and the TCP/IP stack, we learned that layer 2 requires specification on a specific frame type and physical addressing scheme. In other words, systems within a segment expect bits to fall in a specific order, so they can make a determination on addresses, port numbers, and others. Each frame is made up of bits divided into specific areas known as fields. A field contains a certain number of bits and tells the recipient a specific piece of information—such as address, protocol type, and so on. As bits arrive at an NIC interface one at a time, the NIC looks for them to fall into precise fields, depending on the frame type chosen.
  • 148. 104 Chapter 4: Ethernet Fundamentals Frame Types All frames, regardless of type, usually have some fields in common. Most frames begin with some sort of “start of frame” notification, followed by addresses and a small type field. Lastly, the frame finishes with the data payload and a Frame Check Sequence (FCS) field. The preamble, or “start of frame” notification, notifies systems connected to the media that a frame is incoming. Source and destination physical addresses, generally the next two fields, let systems know who the frame is from and to whom it is intended. The Type field, not present or used in all frame types, simply notifies the recipient system of which network layer protocol (IP, IPX, AppleTalk, or another) is being delivered. The data payload contains the original data, as well as (oftentimes) some padding bits to fulfill transmission size requirements. Lastly, the FCS field provides a means for the end station to verify the frame contents. A cyclic redundancy check (CRC) is run before the frame is transmitted, and the value is placed in the FCS field. On the recipient end, the CRC is run again and checked against the FCS. If the values don’t match, then it indicates the frame is bad. The world of Ethernet includes several different frame types. Luckily, though, implementation of Ethernet has resulted in only three major frame types—and they are so closely related they are often used interchangeably. The initial Ethernet frame was developed by Xerox, and then later changed and adapted by IEEE during the 1980s up through its final revision in 1997. The frame t