Technical Training v1.1.pptx

T E C H N I C A L T R A I N I N G
www.cyberoam.com © Copyright 2012. Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Technical Training v1.1

TRAINING PREREQUISITES
The training program assumes participants to have
operational familiarity With following concepts
Operational OS understanding.
OSI & TCP/IP layers and their Functions.
Ethernet Standards.
TCP/IP Protocol Suite
Protocols like HTTP, HTTPS, DNS, FTP, SSH etc.
Fundamentals of IP addressing

MODULE 1 - SWITCHING
 Switching Services
 LAN Switch Types
 VLANs
 VLAN trunking Protocols
 Inter VLAN Routing
 Layer 2 and Layer 3 Switching

MODULE 2 - ROUTING
 IP Routing Basics
 Static and Dynamic NAT
 Port Forwarding
 Static Routing
 Dynamic Routing Basics

MODULE 3 - SECURITY
 Types of Threats
 Layer 2 Security
 Layer 3 Security
 IDS & IPS
 VPN

MODULE 4 - CCNSP
 About Cyberoam and Features
 Cyberoam Deployment Modes
 Appliance Access Control
 Firmware and Backup Management
 Boot Loader
 Firewall Management
 Layer 2 Firewall & Security Features
 User Authentication and Login Restriction
 User Types and Profile Management
 External Authentication Types
 Web and Application Filter

MODULE 4 - CCNSP
 Cyberoam Web Proxy Features
 Access Time, Data Transfer, Surfing Quota and QOS policies
 Gateway Antivirus and Antispam
 Cyberoam VPN Features
 Gateway Management
 Cyberoam Routing Features
 Logging Management (Syslog/SNMP)
 Diagnostic Tools
 Use of CLI based IPSec route to add routes for destination routes on
tunnel.
 Use CTAS at BO using HO’s AD and use of IPSec route for CTAS.

Module 1
S W I T C H I N G

Switching Concepts
Layer 2 Switching
VLANs
Spanning Tree Protocol
Layer 3 Switching
Troubleshooting LAN Switching
OBJECTIVES

OSI REFERENCE MODEL
 International standard organization (ISO) established a committee in 1977 to
develop an architecture for computer communication.
 Open Systems Interconnection (OSI) reference model is the result of this effort.
 In 1984, the Open Systems Interconnection (OSI) reference model was approved
as an international standard for communications architecture.
 Term “open” denotes the ability to connect any two systems which conform to
the reference model and associated standards.

OSI REFERENCE MODEL
 The OSI model is now considered the primary Architectural model for inter-
computer communications.
 The OSI model describes how information or data makes its way from application
programmes (such as spreadsheets) through a network medium (such as wire) to
another application programme located on another network.
 The OSI reference model divides the problem of moving information between
computers over a network medium into SEVEN smaller and more manageable
problems .
 This separation into smaller more manageable functions is known as layering.

OSI LAYER

OSI: A LAYERED NETWORK MODEL
 The process of breaking up the functions or tasks of networking into layers
reduces complexity.
 Each layer provides a service to the layer above it in the protocol specification.
 Each layer communicates with the same layer’s software or hardware on other
computers.
 The lower 4 layers (transport, network, data link and physical —Layers 4, 3, 2,
and 1) are concerned with the flow of data from end to end through the
network.
 The upper four layers of the OSI model (application, presentation and session—
Layers 7, 6 and 5) are orientated more toward services to the applications.
 Data is Encapsulated with the necessary protocol information as it moves down
the layers before network transit.

PHYSICAL LAYER
 Provides physical interface for transmission of information.
 Defines rules by which bits are passed from one system to another on a physical
communication medium.
 Covers all - mechanical, electrical, functional and procedural - aspects for physical
communication.
 Such characteristics as voltage levels, timing of voltage changes, physical data
rates, maximum transmission distances, physical connectors, and other similar
attributes are defined by physical layer specifications.

DATA LINK LAYER
 Data link layer attempts to provide reliable communication over the physical layer
interface.
 Breaks the outgoing data into frames and reassemble the received frames.
 Create and detect frame boundaries.
 Handle errors by implementing an acknowledgement and retransmission scheme.
 Implement flow control.
 Supports points-to-point as well as broadcast communication.
 Supports simplex, half-duplex or full-duplex communication.

NETWORK LAYER
 Implements routing of frames (packets) through the network.
 Defines the most optimum path the packet should take from the source to the
destination
 Defines logical addressing so that any endpoint can be identified.
 Handles congestion in the network.
 Facilitates interconnection between heterogeneous networks (Internetworking).
 The network layer also defines how to fragment a packet into smaller packets to
accommodate different media.

TRANSPORT LAYER
 Purpose of this layer is to provide a reliable mechanism for the exchange of data
between two processes in different computers.
 Ensures that the data units are delivered error free.
 Ensures that data units are delivered in sequence.
 Ensures that there is no loss or duplication of data units.
 Provides connectionless or connection oriented service.
 Provides for the connection management.
 Multiplex multiple connection over a single channel.

SESSION LAYER
 Session layer provides mechanism for controlling the dialogue between the two
end systems. It defines how to start, control and end conversations (called
sessions) between applications.
 This layer requests for a logical connection to be established on an end-user’s
request.
 Any necessary log-on or password validation is also handled by this layer.
 Session layer is also responsible for terminating the connection.
 This layer provides services like dialogue discipline which can be full duplex or
half duplex.
 Session layer can also provide check-pointing mechanism such that if a failure of
some sort occurs between checkpoints, all data can be retransmitted from the
last checkpoint.

PRESENTATION LAYER
 Presentation layer defines the format in which the data is to be exchanged
between the two communicating entities.
 Also handles data compression and data encryption (cryptography).

APPLICATION LAYER
 Application layer interacts with application programs and is the highest level of
OSI model.
 Application layer contains management functions to support distributed
applications.
 Examples of application layer are applications such as file transfer, electronic
mail, remote login etc.

OSI IN ACTION
 A message begins at the top application
layer and moves down the OSI layers to
the bottom physical layer.
 As the message descends, each
successive OSI model layer adds a header
to it.
 A header is layer-specific information that
basically explains what functions the
layer carried out.
 Conversely, at the receiving end, headers
are striped from the message as it travels
up the corresponding layers.

THE LAYER FUNCTIONS

OSI & TCP/IP MODEL

NETWORK LAYER PROTOCOLS AND INTERNET
PROTOCOL (IP)
 Define the basic role of the Network Layer in data networks

 Identify the basic characteristics and the role of the IPv4 protocol
PROTOCOL (IP)

 Describe the implications for the use of the IP protocol as it is
connectionless
PROTOCOL (IP)

 Describe the implications for the use of the IP protocol as it is
considered an unreliable protocol
PROTOCOL (IP)

PROTOCOL (IP)
 Describe the implications for the use of the IP as it is media
independent

 Describe the role of framing in the Transport Layer and explain that
segments are encapsulated as packets
PROTOCOL (IP)

 Identify the major header fields in the IPv4 protocol and describe each
field's role in transporting packets
PROTOCOL (IP)

Hub
 A frame sent by one node is always sent to every other node. Hubs are also
called “repeaters” because they just “repeat” what they hear.
 Receives a frame on one port and sends it out every other port, always.
 Collision domain is not reduced
 Traffic ends up in places where it’s not needed
HUB

 Used to connect hosts to Ethernet LAN and to connect multiple
Ethernet LANs
 Collisions are propagated
IP
LLC
802.3 MAC
IP
LLC
802.3 MAC
Hub
Hub
Ethernet
Hub
Ethernet
Hub
Host
Host
HUB

SWITCH
 Learns the location of each node by looking at the
source address of each incoming frame, and
builds a forwarding table
 Forwards each incoming frame to the port where
the destination node is
 Reduces the collision domain
 Makes more efficient use of the wire
 Nodes don’t waste time checking frames not destined
to them

SWITCH FUNCTIONS
 Various types of Ethernet Connectivity, 10M to 10G
 Provides access to end-user devices
 Core functions:
 Address Learning
 Forwarding/ Filtering
 Loop Avoidance
 Operates Using OSI Layer 2 Concepts by Default

Switch
Address Port
AAAAAAAAAAAA 1
BBBBBBBBBBBB 5
A
B
Forwarding Table
SWITCH

BROADCAST AND COLLISION DOMAINS
Number of Collision Domains= (# of ports)
One Broadcast Domain

SWITCHES AND BROADCAST
 A switch broadcasts some frames
 When the destination address is not found in the table
 When the frame is destined to the broadcast address (FF:FF:FF:FF:FF:FF)
 When the frame is destined to a multicast Ethernet address
 So, switches do not reduce the broadcast domain!

SWITCHING SERVICES
 Layer 2 switching provides
 Hardware-based bridging (ASIC)
 Wire speed
 Low latency
 Low cost

LAN SWITCH TYPES
 LAN switch types decide how a frame is handled when it’s received
on a switch port.
 Latency
 Definition: The time it takes for a frame to be sent out an exit port once the
switch receives the frame
 Depends on the chosen switching mode
 There are three switching modes
 Cut-through (FastForward)
 FragmentFree (modified cut-through)
 Store-and-forward

CUT-THROUGH (REAL TIME)
 The LAN switch copies only the destination address (the first six
bytes following the preamble) onto its onboard buffers.
 Then looks up the hardware destination address in the MAC
switching table, determines the outgoing interface, and proceeds to
forward the frame toward its destination

FRAGMENTFREE
 The switch waits for the collision window (64 bytes) to pass before
forwarding.
 This is b/c if a packet has an error, it almost always occurs within the
first 64 bytes. (Note: Ethernet frames must be >= 64 and < 1518)
 It’s the default switching method for the 1900 switches.

STORE-AND-FORWARD
 Cisco’s primary LAN switching method
 In this mode, the LAN switch copies the entire frame onto its onboard
buffers and then computes the cyclic redundancy check (CRC).
 Because it copies the entire frame, latency through the switch varies
with frame length.
 The frame is discarded if:
 It contains a CRC error
 It’s too short (less than 64 bytes including the CRC)
 It’s too long (more than 1518 bytes including CRC)

LAN SWITCH TYPES
 Cut-through (Fast Forward)
 FragmentFree (modified cut-through)
 Store-and-forward

LAYER 2 SWITCHING LIMITATION
 Must break up the collision domains correctly.
 Make sure that users spend 80 percent of their time on the local
segment.
 Switches do not break up broadcast domains by default.

BRIDGES/LAN SWITCHES
 A bridge or LAN switch is a device that interconnects two or more Local Area
Networks (LANs) and forwards packets between these networks.
 Bridges/LAN switches operate at the Data Link Layer (Layer 2).
Bridge
IP
LLC
802.3 MAC 802.3 MAC 802.5 MAC
LLC
IP
LLC
802.5 MAC
LAN LAN
Token-
ring
Bridge

BRIDGING VS. LAN SWITCHING
 Bridges are software based, while switches are hardware based
because they use ASIC chip to help make filtering decisions.
 A Switch can be viewed as a multiport bridge.
 Bridges can only have one spanning-tree instance per bridge, while
switches can have many.
 Switches have a higher number of ports than most bridges.
 Both bridges and switches forward layer 2 broadcasts.
 Bridges and Switches learn MAC addresses by examining the source
address of each frame received.
 Both bridges and switches make forwarding decisions based on later 2
addresses.

LAYER 2 SWITCHING
 Switch ports - types
 IOS Switch options
 Dynamic Trunking Protocol (DTP)
 IEEE 802.1Q

SWITCH PORTS
 Layer 2-only interfaces associated with a physical port on the switch
 Belong to one or more VLANs.
 Can be access ports or a trunk ports
 Dynamic Trunking Protocol (DTP) can negotiate with the port on the
other end of the link
 Used for managing the physical interface and associated Layer 2
protocols
 Configure switch ports by using the switchport interface configuration
commands.

ACCESS PORTS
 Belong to and carry the traffic of only one VLAN (unless it is
configured as a voice VLAN port)
 Traffic is received and sent in native formats on the channel between
host and port with no VLAN tagging
 Traffic arriving on an access port is assumed to belong to the VLAN
assigned to the port
 If an access port receives a tagged packet (IEEE 802.1Q tagged), the
packet is dropped, and the source address is not learned

TRUNK PORTS
 A trunk is a point-to-point link between one or more Ethernet switch
interfaces and another networking device such as a router or a switch
 Ethernet trunks carry the traffic of multiple VLANs over a single link
e.g. between switch and router.
 Can extend VLANs across an entire network
 Example: The Cisco Catalyst 2960 switch supports IEEE 802.1Q
encapsulation

STATIC AND DYNAMIC ACCESS PORTS
 Static access ports are manually assigned to a VLAN
 VLAN membership of dynamic access ports is learned through
incoming packets
 By default all ports are member of VLAN 1
 Forwarding to and from the port enabled only when VLAN
membership of the port is discovered
 Dynamic access ports assigned to a VLAN by a VLAN Membership.

DYNAMIC TRUNKING PROTOCOL
 DTP is a Cisco-only protocol - proprietary
 Allows trunk to be dynamically established between 2 switches
 Not all switches support DTP
 Set one end of trunk using :
switchport mode trunk
 Set opposite end using :
switchport mode dynamic auto|desirable

AUTO OR DESIRABLE?
 Desirable makes the interface actively attempt to convert the link to a
trunk link
 Interface becomes a trunk interface if the neighbouring interface is set
to trunk, desirable, or auto mode
 This is the default mode for all Ethernet interfaces. If the neighbouring
interface is set to the access or non-negotiate mode, the link will
become a non-trunking link

AUTO
 Auto makes the interface willing to convert the link to a trunk link if
the neighbouring interface is set to trunk or desirable mode.
 Otherwise, the link will become a non-trunking link.

802.1Q
 The IEEE standard that defines how Ethernet frames should be tagged
when moving across switch trunks
 This means that switches from different vendors are able to exchange
VLAN traffic.

TAGGED VS. UNTAGGED
 Edge ports are not tagged, they are just “members” of a VLAN
 You only need to tag frames in switch-to-switch links (trunks), when
transporting multiple VLANs
 A trunk can transport both tagged and untagged VLANs
 As long as the two switches agree on how to handle those

IOS SWITCH OPTIONS
 Open Packet Tracer, configure terminal
 Access the interfaces of the switch
Switch(config-if)#?
cdp Global CDP configuration subcommands
description Interface specific description
duplex Configure duplex operation
mac-address Manually set interface MAC address
shutdown Shutdown the selected interface
speed Configure speed operation
switchport Set switching mode characteristics

802.1Q TAGGED FRAME

VIRTUAL LANS (VLANS)
 VLAN Concepts
 VLAN Configuration and Verification
 Trunking with ISL & 802.1Q
 VLAN Trunking Protocol (VTP)
 VTP Configuration & Verification

VIRTUAL LANS (VLANS)
 Definition: A logical grouping of network users and resources
connected to administratively defined ports on a switch.
 Smaller broadcast domains
 Organized by:
• Location
• Function
• Department
• Application or protocol

SWITCHES

FEATURES OF VLANS
 Simplify network management
 Provides a level of security over a flat network
 Flexibility and Scalability

BROADCAST CONTROL
 Broadcasts occur in every protocol
 Bandwidth & Broadcasts
 Flat network
 VLANs & Broadcasts

FLAT NETWORK STRUCTURE

FLEXIBILITY & SCALABILITY
 Layer-2 switches only read frames
 Can cause a switch to forward all broadcasts
 VLANs
 Essentially create broadcast domains
• Greatly reduces broadcast traffic
• Ability to add wanted users to a VLAN regardless of their physical location
• Additional VLANs can be created when network growth consumes more
bandwidth

SWITCHED NETWORK

PHYSICAL LANS CONNECTED TO A ROUTER

VLANS REMOVE THE PHYSICAL BOUNDARY

VLAN MEMBERSHIPS
 Static VLANs
 Typical method of creating VLANs
 Most secure
• A switch port assigned to a VLAN always maintains that assignment until changed
 Dynamic VLANs
 Node assignment to a VLAN is automatic
• MAC addresses, protocols, network addresses, etc
 VLAN Management Policy Server (VMPS)
• MAC address database for dynamic assignments
• MAC-address to VLAN mapping

IDENTIFYING VLANS
 Access links
 A link that is part of only one VLAN
 Trunk links
 Carries multiple VLANs

FRAME TAGGING
 Definition: A means of keeping track of users & frames as they travel the switch
fabric & VLANs
 User-defined ID assigned to each frame
 VLAN ID is removed before exiting trunked links & access links
802.1Q Trunk
Tagged Frames
VLAN X VLAN Y
VLAN X VLAN Y
Edge Ports
Trunk Port
This is called “VLAN Trunking”

VLAN ID METHODS
 Inter-Switch Link (ISL)
 Cisco proprietary
 FastEthernet & Gibabit Ethernet only
 IEEE 802.1q
 Must use if trunking between Cisco & non-Cisco switch

INTER-SWITCH LINK (ISL) PROTOCOL
 Definition: A means of explicitly tagging VLAN information onto an
Ethernet frame
 Allows VLANs to be multiplexed over a trunk line
 Cisco proprietary
 External tagging process

VLAN TRUNK PROTOCOL (VTP)
 Purpose: to manage all configured VLANs across a switch internetwork
& maintain consistency
 Allows an administrator to add, delete, & rename VLANs

VTP BENEFITS
 Benefits
 Consistent configuration
 Permits trunking over mixed networks
 Accurate tracking
 Dynamic reporting
 Plug-and-Play
 A VTP server must be created to manage VLANs

VTP MODES

VTP MODES OF OPERATION
 Server
 Default for all Catalyst switches
 Minimum one server for a VTP domain
 Client
 Receives information + sends/receives updates
 Cannot make any changes
 Transparent
 Does not participate in a VTP domain but forwards VTP advertisements
 Can add/delete VLANs
 Locally significant

ROUTER WITH INDIVIDUAL VLAN ASSOCIATIONS

ROUTING BETWEEN VLANS

CONFIGURING VLANS
 Creating VLANs
 Assigning Switch Ports to VLANs
 Configuring Trunk Ports
 Configuring Inter-VLAN routing

CONFIGURING VTP
 Switches are configured to be VTP servers by default.

INTER-VLAN CONFIGURATION EXAMPLE

EXAMPLE 2

EXAMPLE 3

LAB
 Assign VLAN membership according to below diagram
 Configure trunk link between switches
 Configure VTP in Switches and verify status
 Check connectivity

SPANNING TREE PROTOCOL
 Switching Loops
 Introduction to Spanning Tree Protocol
 Electing Root Switch
 Configuration and Verification of STP

SWITCHING LOOP
 When there is more than one path between two switches
 What are the potential problems?
Switch A Switch B
Swtich C

SWITCHING LOOP
 If there is more than one path between two switches:
 Forwarding tables become unstable
• Source MAC addresses are repeatedly seen coming from different ports
 Switches will broadcast each other’s broadcasts
• All available bandwidth is utilized
• Switch processors cannot handle the load

Switch A Switch B
Swtich C
 Node1 sends a broadcast frame (e.g. an ARP request)
Node 1
SWITCHING LOOP

Switch A Switch B
Swtich C
 Switches A, B and C broadcast node 1’s frame out every port
Node 1
SWITCHING LOOP

Switch A Switch B
Swtich C
 But they receive each other’s broadcasts, which they need to forward
again out every port!
 The broadcasts are amplified, creating a broadcast storm…
Node 1
SWITCHING LOOP

SWITCHING LOOP
 But you can take advantage of loops
 Redundant paths improve resilience when
• A switch fails
• Wiring breaks
 How to achieve redundancy without creating dangerous traffic loops?

SPANNING-TREE PROTOCOL (STP)
STP
Root Bridge
BPDU
Bridge ID
Nonroot Bridge
Root port
Designated port
Port cost
Nondesignated port
Forwarding port
Block port

Spanning-Tree Operations
• Selecting the root bridge
• Selecting the designated port

Spanning-Tree Port States
• Blocking
• Listening
• Forwarding
• Disabled

Spanning-Tree Example

WHAT IS A SPANNING TREE
 “Given a connected, undirected graph, a spanning tree of that graph is
a subgraph which is a tree and connects all the vertices together”.
 A single graph can have many different spanning trees.

 The purpose of the protocol is to have bridges dynamically discover a
subset of the topology that is loop-free (a tree) and yet has just
enough connectivity so that where physically possible, there is a path
between every switch.

 Flavors of STP
 Traditional Spanning Tree (802.1d)
 Rapid Spanning Tree or RSTP (802.1w)
 Multiple Spanning Tree or MSTP (802.1s)

 Switches exchange messages that allow them to compute the
Spanning Tree
 These messages are called BPDUs (Bridge Protocol Data Units)
 Two types of BPDUs:
• Configuration
• Topology Change Notification (TCN)

 Traditional Spanning Tree (802.1d)
 First Step
 Decide on a point of reference: the Root Bridge
 The election process is based on the Bridge ID, which is composed of:
• The Bridge Priority: A two-byte value that is configurable
• The MAC address: A unique, hardcoded address that cannot be changed.
TRADITIONAL SPANNING TREE

ROOT BRIDGE SELECTION (802.1D)
 Each switch starts by sending out BPDUs with a Root Bridge ID equal
to its own Bridge ID
 I am the root!
 Received BPDUs are analyzed to see if a lower Root Bridge ID is being
announced
 If so, each switch replaces the value of the advertised Root Bridge ID with this
new lower ID
 Eventually, they all agree on who the Root Bridge is

 All switches have the same priority.
 Who is the elected root bridge?
Switch B Switch C
Switch A
32678.0000000000AA
32678.0000000000BB 32678.0000000000CC
ROOT BRIDGE SELECTION (802.1D)

ROOT PORT SELECTION (802.1D)
 Now each switch needs to figure out where it is in relation to the Root
Bridge
 Each switch needs to determine its Root Port
 The key is to find the port with the lowest Root Path Cost
 The cumulative cost of all the links leading to the Root Bridge

 Each link on a switch has a Path Cost
 Inversely proportional to the link speed
e.g. the faster the link, the lower the cost
Link Speed STP Cost
10 Mbps 100
100 Mbps 19
1 Gbps 4
10 Gbps 2

 Root Path Cost is the accumulation of a link’s Path Cost and the Path
Costs learned from neighboring Switches.
 It answers the question: How much does it cost to reach the Root Bridge
through this port?

 Root Bridge sends out BPDUs with a Root Path Cost value of 0
 Neighbor receives BPDU and adds port’s Path Cost to Root Path Cost
received
 Neighbor sends out BPDUs with new cumulative value as Root Path
Cost
 Other neighbor’s down the line keep adding in the same fashion

 On each switch, the port where the lowest Root Path Cost was
received becomes the Root Port
 This is the port with the best path to the Root Bridge

32678.0000000000BB 32678.0000000000CC
Cost=19 Cost=19
Cost=19
What is the Path Cost on each Port?
What is the Root Port on each switch?
Switch B Switch C
Switch A
32678.0000000000AA
1 2
1 1
2 2

32678.0000000000BB 32678.0000000000CC
Cost=19 Cost=19
Cost=19
Switch B Switch C
Switch A
32678.0000000000AA
1 2
1 1
2 2
Root Port
Root Port

ELECTING DESIGNATED PORTS
 OK, we now have selected root ports but we haven’t solved the loop
problem yet, The links are still active!
 Each network segment needs to have only one switch forwarding
traffic to and from that segment
 Switches then need to identify one Designated Port per link
 The one with the lowest cumulative Root Path Cost to the Root Bridge

32678.0000000000BB 32678.0000000000CC
Cost=19 Cost=19
Cost=19
Switch B Switch C
Switch A
32678.0000000000AA
1 2
1 1
2 2
Which port should be the Designated Port on each segment?

ELECTING DESIGNATED PORTS
 Two or more ports in a segment having identical Root Path Costs is
possible, which results in a tie condition
 All STP decisions are based on the following sequence of conditions
 Lowest Root Bridge ID
 Lowest Root Path Cost to Root Bridge
 Lowest Sender Bridge ID
 Lowest Sender Port ID

32678.0000000000BB 32678.0000000000CC
Cost=19 Cost=19
Cost=19
Switch B Switch C
Switch A
32678.0000000000AA
1 2
1 1
2 2
Designated
Port
Designated
Port
Designated
Port
In the B-C link, Switch B has the
lowest Bridge ID, so port 2 in
Switch B is the Designated Port

BLOCKING A PORT
 Any port that is not elected as either a Root Port, nor a Designated
Port is put into the Blocking State.
 This step effectively breaks the loop and completes the Spanning Tree.

32678.0000000000BB 32678.0000000000CC
Cost=19 Cost=19
Cost=19
Switch B Switch C
Switch A
32678.0000000000AA
1 2
1 1
2 2
Port 2 in Switch C is put into the Blocking State, because it is neither a
Root Port nor a Designated Port

SPANNING TREE PROTOCOL STATES
 Disabled
 Port is shut down
 Blocking
 Not forwarding frames
 Receiving BPDUs
 Listening
 Sending and receiving BPDUs

SPANNING TREE PROTOCOL STATES
 Learning
 Learning new MAC addresses
 Forwarding
 Forwarding frames
 Learning new MAC addresses

LAB
 Identify root bridge in below scenario for VLAN 10, 20 and verify
port status
 configure Switch 1 as a root bridge for vlan 10 and switch 2 for vlan
20
 Enable port-fast on edge ports

LAYER 3 SWITCHING
 Introduction to Layer 3 Switching
 VLAN Interface
 Inter-VLAN routing using Layer 3 Switch
 Inter-VLAN routing using Router
 Configuring and Verifying Ether Channel

LAYER3 SWITCHING
 Packet forwarding is handled by specialized hardware ASICs.
 Goal is to capture the speed of switching and the scalability of routing.
 Layer 3 switch acts on a packet as a router would
 Determining the forwarding path based on Layer 3 information
 Validating the integrity the L 3 header via checksum
 Verifying packet expiration and updates accordingly
 Processing and responding to any option information
 Updating forwarding statistics in the Management Information Base (MIB)
 Applying security controls if required
 Implementing quality of service (QoS)

MULTILAYER SWITCHING
 Combines Layer 2 switching and Layer 3 routing functionality
 moves campus traffic at wire speed and at same time satisfies Layer 3 routing
requirements
 Accelerates routing performance through the use of dedicated ASICs.
 MLS can operate at Layer 3 or 4.
• When operating as a Layer 3 switch, the switch caches flows based on IP
addresses.
• When operating as a Layer 4 switch, the switch caches conversations based on
source address, destination address, source port, and destination port

VLAN INTERFACE
 VLAN interfaces in L3 switch
 Switch#conf t
 Switch(config)#interface vlan 10
 Switch(config-if)#ip address x.x.x.x m.m.m.m

INTER-VLAN ROUTING USING L3 SWITCH
 In Layer 3 switch inter-vlan routing can be enabled by below
command
 Switch(config)#ip routing

INTER-VLAN ROUTING USING ROUTER
 Inter-vlan routing using router known as “Router on a Stick”
Router(config)#interface FastEthernet0/0
Router(config-if)#no ip address
Router(config-if)#no shutdown
Router(config)#interface FastEthernet0/0.1
Router(config-subif)# encapsulation dot1Q VLAN-id
Router(config-subif)# ip address x.x.x.x m.m.m.m

LINK AGGREGATION
 Also known as port bundling, link bundling
 You can use multiple links in parallel as a single, logical link
 For increased capacity
 For redundancy (fault tolerance)
 LACP (Link Aggregation Control Protocol) is a standardized method of
negotiating these bundled links between switches

LACP OPERATION
 Two switches connected via multiple links will send LACPDU packets,
identifying themselves and the port capabilities
 They will then automatically build the logical aggregated links, and
then pass traffic
 Switch ports can be configured as active or passive

LACP OPERATION
 Switches A and B are connected to each other using two sets of Fast
Ethernet ports
 LACP is enabled and the ports are turned on
 Switches start sending LACPDUs, then negotiate how to set up the
aggregation
Switch A Switch B
LACPDUs
100 Mbps
100 Mbps

LACP OPERATION
 The result is an aggregated 200 Mbps logical link.
 The link is also fault tolerant: If one of the member links fail, LACP will
automatically take that link off the bundle, and keep sending traffic
over the remaining link.
200 Mbps logical link
Switch A Switch B
100 Mbps
100 Mbps

DISTRIBUTING TRAFFIC
 Bundled links distribute frames using a hashing algorithm, based on
 Source and/or Destination MAC address
 Source and/or Destination IP address
 Source and/or Destination Port numbers
 This can lead to unbalanced use of the links, depending on the nature
of the traffic
 Always choose the load-balancing method that provides the most
distribution

LAB

TROUBLESHOOTING LAN SWITCHING
 Overview of Normal LAN Switch
Forwarding Process
 Common Layer 1 Problems
 Isolate Interface Problems
 Interface Status and Reason for
Nonworking Status
 Isolate VLAN and Trunking Problems
 Interface Speed and Duplex Issues
 Analyzing Layer 2 Forwarding Path

802.3 LAN DEVELOPMENT: TODAY’S LANS

DEVICES FUNCTION AT LAYERS

FACTORS THAT IMPACT NETWORK
PERFORMANCE
 Network traffic (congestion).
 Multitasking desktop operating systems (Windows, UNIX, and Mac)
allow simultaneous network transactions.
 Faster desktop operating systems (Windows, UNIX, and Mac) can
initiate faster network activity.
 Increased number of client/server applications using shared network
data.

TYPICAL CAUSES OF NETWORK CONGESTION

ETHERNET 802.3
 Performance of a shared-medium Ethernet/802.3 LANs is negatively
affected by factors such as the following:
 The broadcast delivery nature of Ethernet.
 Carrier sense multiple access collision detect (CSMA/CD) access method allows
only one host to transmit at a time.
 Multimedia applications with higher bandwidth demand such as video and the
Internet.
 The latency of additional devices added by the extension of LANs by using
repeaters.
 The distance added by using Layer 1 repeaters.

HALF-DUPLEX ETHERNET DESIGN

NETWORK CONGESTION

NETWORK LATENCY
Latency, or delay, is the time a frame or a packet takes to travel from the
source station to the final destination.

ETHERNET 10BASE-T TRANSMISSION TIMES
 Bit time (or slot time) — The basic unit of time in which 1 bit can be sent. For
electronic or optical devices to recognize a binary 1 or 0, there is a minimum
duration during which the bit is "on" or "off. “
 Transmission time — Equals the number of bits being sent times the bit time for a
given technology. Another way to think about transmission time is as the time it
takes a frame to actually be transmitted. (Small frames take a shorter amount of
time, large frames take a longer amount of time to be transmitted.)

FULL-DUPLEX TRANSMITTING

LAN SEGMENTATION
Segmentation allows network congestion to be significantly reduced
within each segment.

LAN SEGMENTATION WITH ROUTERS

LAN SEGMENTATION WITH SWITCHES

LAN SWITCH OPERATION

ETHERNET SWITCH LATENCY

LAYER 2 SWITCHING

LAYER 3 SWITCHING

MEMORY BUFFERING
 Port-based memory buffering
 Packets are stored in queues that are linked to specific incoming ports.
 It is possible for a single packet to block all other packets because its
destination port is busy (even if the other packets could be delivered).
 Shared-memory buffering
 All packets use a common memory buffer.
 Packets in the buffer are then linked (mapped) dynamically to the appropriate
destination port.
 Helps balance between 10- and 100-Mbps ports.

HOW SWITCHES AND BRIDGES FILTER FRAMES
 Bridges and switches only forward frames, which need to travel
from one LAN segment to another.
 To accomplish this task, they must learn which devices are
connected to which LAN segment.
 Bridges are capable of filtering frames based on any Layer 2 fields.

SWITCHES AND COLLISION DOMAINS
The network area where frames originate and collide is called the
collision domain. All shared media environments are collision domains.

THREE METHODS OF COMMUNICATION

NETWORK TROUBLESHOOTING
 Approach might vary slightly depending upon the scenario:
 Lab
 New implementation
 Existing network
• Change made
• No changes made
 Use all possible resources:
 Support contracts
 Web sites and newsgroups
 Books
 Friends and other people
 Management

DIFFERENT MODELS

LAYER 1 PROBLEMS
Layer 1 errors can include:
• Broken cables
• Disconnected cables
• Cables connected to the wrong ports
• Intermittent cable connection
• Wrong cables used for the task at hand (must use rollovers, crossover cables, and
straight-through cables correctly)
• Transceiver problems
• DCE cable problems
• DTE cable problems
• Devices turned off

LAYER 2 PROBLEMS
• Improperly configured serial interfaces
• Improperly configured Ethernet interfaces
• Improper encapsulation set (HDLC is default for serial interfaces)
• Improper clock rate settings on serial interfaces
• Network interface card (NIC) problems

LAYER 3 PROBLEMS
• Routing protocol not enabled
• Wrong routing protocol enabled
• Incorrect IP addresses
• Incorrect subnet masks

VARIOUS COMMANDS
 These commands show various levels of connectivity or lack of
connectivity:
 Ping
 Traceroute
 Telnet
 Show interfaces
 Show cdp neighbors
 Show ip protocols
 Debug
 Show running-config

Module 2
R O U T I N G

OBJECTIVES
 Fundamentals of WAN
 IP Routing Basics
 Routing Protocols and Configurations
 Routing Protocols Troubleshooting
 Routing Protocols Redistribution

FUNDAMENTALS OF WAN
 Introduction to WAN
 WAN Connection Types
 WAN Encapsulation Protocols
 Synchronous Serial Links
 PPP Features
 WAN Cabling Standards
 DSL/ADSL/SDSL
 NAT/PAT
 TCP/IP Applications and Flow Control
 TCPDUMP and Wireshark Outputs

DIFFERENCE BETWEEN LAN AND WAN
 In general, a LAN is internally owned in a business whereas a WAN is
leased infrastructure.
 The key to understanding WAN technologies is to be familiar with the
different WAN terms and connection types often used by service
providers.

WAN TECHNOLOGY/TERMINOLOGY
 Devices on the subscriber premises are called customer premises equipment
(CPE).
 The subscriber owns the CPE or leases the CPE from the service provider.
 A copper or fiber cable connects the CPE to the service provider’s nearest
exchange or central office (CO).
 This cabling is often called the local loop, or "last-mile".

 A dialed call is connected locally to other local loops, or non-locally through a
trunk to a primary center.
 It then goes to a sectional center and on to a regional or international carrier
center as the call travels to its destination.

 Devices that put data on the local loop are called data circuit-terminating
equipment, or data communications equipment (DCE).
 The customer devices that pass the data to the DCE are called data terminal
equipment (DTE).
 The DCE primarily provides an interface for the DTE into the communication link
on the WAN cloud.

 The DTE/DCE interface uses various physical layer protocols, such as High-Speed
Serial Interface (HSSI) and V.35.
 These protocols establish the codes and electrical parameters the devices use to
communicate with each other.

 The bps values are generally full duplex.

Name Abbr. Size
Kilo K 2^10 = 1,024
Mega M 2^20 = 1,048,576
Giga G 2^30 = 1,073,741,824
Tera T 2^40 = 1,099,511,627,776
Peta P 2^50 = 1,125,899,906,842,624
Exa E 2^60 = 1,152,921,504,606,846,976
Zetta Z 2^70 = 1,180,591,620,717,411,303,424
Yotta Y 2^80 = 1,208,925,819,614,629,174,706,176

WAN DEVICES
 Frame Relay, ATM, X.25 switch
Frame Relay, ATM, X.25
switch

EXTERNAL CSU/DSU
 For digital lines, a channel service unit (CSU) and a data service unit (DSU) are
required.
 The two are often combined into a single piece of equipment, called the CSU/DSU.
To router
To T1 circuit

CSU/DSU INTERFACE CARD
 The CSU/DSU may also be built into the interface card in the router.

MODEMS
 Modems transmit data over voice-grade telephone lines by modulating and demodulating
the signal.
 The digital signals are superimposed on an analog voice signal that is modulated for
transmission.
 The modulated signal can be heard as a series of whistles by turning on the internal
modem speaker.
 At the receiving end the analog signals are returned to their digital form, or demodulated.

WAN STANDARDS ORGANIZATIONS
 WAN standards typically describe both physical layer delivery methods and data
link layer requirements, including physical addressing, flow control, and
encapsulation.
 WAN standards are defined and managed by a number of recognized authorities.

PHYSICAL LAYER STANDARDS
 The physical layer protocols describe how to provide electrical, mechanical,
operational, and functional connections to the services provided by a
communications service provider.

WAN - DATA LINK ENCAPSULATION
 The data link layer protocols define how data is encapsulated for transmission to
remote sites, and the mechanisms for transferring the resulting frames.
 A variety of different technologies are used, such as ISDN, Frame Relay or
Asynchronous Transfer Mode (ATM).
 These protocols use the same basic framing mechanism, high-level data link
control (HDLC), an ISO standard, or one of its sub-sets or variants.

HDLC FRAMING
 The choice of encapsulation protocols depends on the WAN technology and the
equipment.
 The address field is not needed for WAN links, which are almost always point-to-
point. The address field is still present and may be one or two bytes long.
 Several data link protocols are used, including sub-sets and proprietary versions of
HDLC.
 Both PPP and the Cisco version of HDLC have an extra field in the header to
identify the network layer protocol of the encapsulated data.

WAN LINK OPTIONS

CIRCUIT SWITCHED
 When a subscriber makes a telephone call (or ISDN), the dialed number is used to
set switches in the exchanges along the route of the call so that there is a
continuous circuit from the originating caller to that of the called party.
 The internal path taken by the circuit between exchanges is shared by a number
of conversations.
 Time division multiplexing (TDM) is used to give each conversation a share of the
connection in turn.
 TDM assures that a fixed capacity connection is made available to the subscriber.
POTS, ISDN

PACKET SWITCHING
Frame Relay, X.25,
ATM
 An alternative is to allocate the capacity to the traffic only when it is needed, and share
the available capacity between many users.
 With a circuit-switched connection, the data bits put on the circuit are automatically
delivered to the far end because the circuit is already established.
 If the circuit is to be shared, there must be some mechanism to label the bits so that the
system knows where to deliver them.
 It is difficult to label individual bits, therefore they are gathered into groups called cells,
frames, or packets.
 The packet passes from exchange to exchange for delivery through the provider network.
 Networks that implement this system are called packet-switched networks.

USING LEASED LINES TO THE WAN CLOUD
 To connect to a packet-switched network, a subscriber needs a local loop to the nearest
location where the provider makes the service available.
 This is called the point-of-presence (POP) of the service.
 Normally this will be a dedicated leased line.
 This line will be much shorter than a leased line directly connected to the subscriber
locations, and often carries several VCs.
 Since it is likely that not all the VCs will require maximum demand simultaneously, the
capacity of the leased line can be smaller than the sum of the individual VCs.

ANALOG DIALUP
 When intermittent, low-volume data transfers are needed, modems and analog
dialed telephone lines provide low capacity and dedicated switched connections.

ISDN
 Integrated Services Digital Network (ISDN) turns the local loop into a TDM digital
connection. Usually requires a new circuit.
 The connection uses 64 kbps bearer channels (B) for carrying voice or data and a
signaling, delta channel (D) for call set-up and other purposes.

TIME DIVISION MULTIPLEXING (TDM)
 Two or more “channels” of information are transmitted over the same link by
allocating a different time interval for the transmission of each channel, i.e. the
channels take turns to use the link.
 Some kind of periodic synchronizing signal or distinguishing identifier is required
so that the receiver can tell which channel is which.
 TDM becomes inefficient when traffic is intermittent because the time slot is still
allocated even when the channel has no data to transmit

LEASED LINES
 A point-to-point link provides a pre-established WAN communications path from
the customer premises through the provider network to a remote destination.
 Point-to-point lines are usually leased from a carrier and are called leased lines.
 Leased lines are available in different capacities.
 Leased lines provide direct point-to-point connections between enterprise LANs
and connect individual branches to a packet-switched network.

X.25
 The first of these packet-switched networks
was standardized as the X.25 group of
protocols.
 X.25 provides a low bit rate shared variable
capacity that may be either switched or
permanent.
 X.25 is a network-layer protocol and
subscribers are provided with a network
address.
 Virtual circuits can be established through
the network with call request packets to the
target address.
 The resulting SVC is identified by a channel
number. X.25 technology is no longer widely
available as a WAN technology in the US.
 Frame Relay has replaced X.25 at many
service provider locations.

FRAME RELAY
 Frame Relay differs from X.25 in several aspects.
 Most importantly, it is a much simpler protocol that works at the data link layer rather than the
network layer.
 Frame Relay implements no error or flow control.
 The simplified handling of frames leads to reduced latency, and measures taken to avoid frame
build-up at intermediate switches help reduce jitter.
 Most Frame Relay connections are PVCs rather than SVCs.
 Frame Relay provides permanent shared medium bandwidth connectivity that carries both voice
and data traffic.

ATM
 Communications providers saw a need for a permanent shared network technology that
offered very low latency and jitter at much higher bandwidths.
 Their solution was Asynchronous Transfer Mode (ATM). ATM has data rates beyond 155
Mbps.
 As with the other shared technologies, such as X.25 and Frame Relay, diagrams for ATM
WANs look the same.

ATM
 ATM is a technology that is capable of transferring voice, video, and data through private
and public networks.
 It is built on a cell-based architecture rather than on a frame-based architecture.
 ATM cells are always a fixed length of 53 bytes.
 The 53 byte ATM cell contains a 5 byte ATM header followed by 48 bytes of ATM payload.
 Small, fixed-length cells are well suited for carrying voice and video traffic because this
traffic is intolerant of delay.
 Video and voice traffic do not have to wait for a larger data packet to be transmitted.
 The 53 byte ATM cell is less efficient than the bigger frames and packets of Frame Relay
and X.25.
 Furthermore, the ATM cell has at least 5 bytes of overhead for each 48-byte payload.
 A typical ATM line needs almost 20% greater bandwidth than Frame Relay to carry the
same volume of network layer data.

DSL/ADSL/SDSL
 Digital Subscriber Line (DSL) technology is a broadband technology that uses existing twisted-pair
telephone lines to transport high-bandwidth data to service subscribers.
 The term xDSL covers a number of similar yet competing forms of DSL technologies.
 DSL technology allows the local loop line to be used for normal telephone voice connection and an
always-on connection for instant network connectivity. The two basic types of DSL technologies
are asymmetric (ADSL) and symmetric (SDSL).
 All forms of DSL service are categorized as ADSL or SDSL and there are several varieties of each
type.
 Asymmetric service provides higher download or downstream bandwidth to the user than upload
bandwidth.
 Symmetric service provides the same capacity in both directions.

DSLAM
 Multiple DSL subscriber lines are multiplexed into a single, high capacity link by
the use of a DSL Access Multiplexer (DSLAM) at the provider location.
 DSLAMs incorporate TDM technology to aggregate many subscriber lines into a
less cumbersome single medium, generally a T3/DS3 connection techniques to
achieve data rates up to 8.192 Mbps.

CABLE MODEM
 Coaxial cable is widely used to distribute television signals.
 This allows for greater bandwidth than the conventional telephone local loop.
 Enhanced cable modems enable two-way, high-speed data transmissions using
the same coaxial lines that transmit cable television.
 Some cable service providers are promising data speeds up to 6.5 times that of T1
leased lines.

CABLE MODEM
 Cable modems provide an always-on connection and a simple installation.
 A cable modem is capable of delivering up to 30 to 40 Mbps of data on one 6 MHz
cable channel.
 With a cable modem, a subscriber can continue to receive cable television service
while simultaneously receiving data to a personal computer.
 This is accomplished with the help of a simple one-to-two splitter.

WAN TOPOLOGIES
Star or Hub-and-Spoke
Full-Mesh
Partial-Mesh

THE DATA LINK LAYER IN THE INTERNET
A home personal computer acting as an internet host.
Technology like Ethernet cannot provide “high-level” functionality like connection
management and parameter negotiation

PPP DESIGN REQUIREMENTS [RFC 1557]
 Functionality
 Packet framing - encapsulation of network-layer datagram in data link frame
 Multi-protocol - carry network layer data of any network layer protocol (not
just IP) at same time ability to demultiplex upwards
 Bit transparency - must carry any bit pattern in the data field (even if
underlying channel can't)
 Error detection - not correction
 Connection liveness: detect, signal link failure to network layer
 Authentication: who are you (or at least whose account do I bill for your dial-in
time?)
• This information is used by traffic management software to control bandwidth to
individual subscribers
 Management features: loopback detection

PPP DATA FRAME
 Flag: delimiter (framing)
 Address: ignored. (historical)
 Control: ignored. (historical)
 Protocol: upper layer protocol to which frame delivered (e.g., PPP-LCP,
IP, IPCP, etc)
 info: upper layer data being carried
 check: cyclic redundancy check for error detection

BYTE STUFFING
flag byte
pattern
in data
to send
flag byte pattern plus
stuffed byte in transmitted
data

POINT-TO-POINT PROTOCOL (PPP)
 Purpose
 Transport layer-3 packets across a Data Link layer point-to-point link
 Can be used over asynchronous serial (dial-up) or synchronous serial
(ISDN) media
 Uses Link Control Protocol (LCP)
• Builds & maintains data-link connections

POINT-TO-POINT PROTOCOL STACK

PPP MAIN COMPONENTS
 EIA/TIA-232-C
 Intl. Std. for serial communications
 HDLC
 Serial link datagram encapsulation method
 LCP
 Used in P-t-P connections:
• Establishing
• Maintaining
• Terminating
 NCP
 Method of establishing & configuring Network Layer protocols
 Allows simultaneous use of multiple Network layer protocols

LCP CONFIGURATION OPTIONS
 Authentication
 PAP
 CHAP
 Compression
 Stacker
 Predictor
 Error detection
 Quality
 Magic Number
 Multilink
 Splits the load for PPP over 2+ parallel circuits; a bundle

PPP SESSION ESTABLISHMENT
 Link-establishment phase
 Authentication phase
 Network-layer protocol phase

PPP SESSION ESTABLISHMENT

PPP AUTHENTICATION METHODS
 Password Authentication Protocol (PAP)
 Passwords sent in clear text
 Remote node returns username & password
 Challenge Authentication Protocol (CHAP)
 Done at start-up & periodically
 Challenge & Reply
• Remote router sends a one-way hash MD5

CONFIGURING PPP
 Step #1: Configure PPP on RouterA & RouterB:
Router__#config t
Router__(config)#int s0
Router__(config-if)#encapsulation ppp
Router__(config-if)#^Z
 Step #2: Define the username & password on each router:
RouterA: RouterA(config)#username RouterB password cisco
RouterB: RouterB(config)#username RouterA password cisco
NOTE: (1) Username maps to the remote router
(2) Passwords must match
 Step #3: Choose Authentication type for each router; CHAP/PAP
Router__(Config)#int s0
Router__(config-if)#ppp authentication chap
Router__(config-if)#ppp authentication pap
Router__(config-if)#^Z

PPP EXAMPLE 1

PPP EXAMPLE 2

PPP EXAMPLE 3

PPP EXAMPLE 4

WHAT IS NAT?
 Similar to Classless Inter-Domain Routing (CIDR), the original intention
for NAT was to slow the depletion of available IP address space by
allowing many private IP addresses to be represented by some smaller
number of public IP addresses.
 Benefits of NAT
 You need to connect to the Internet and your hosts don’t have globally unique
IP addresses.
 You change to a new ISP that requires you to renumber your network.
 You need to merge two intranets with duplicate addresses.

WHERE NAT IS TYPICALLY CONFIGURED

BASIC NAT

THREE TYPES OF NAT
 Static
 Dynamic
 Overloading

STATIC NAT
 Let’s take a look at a simple basic static NAT configuration:
ip nat inside source static 10.1.1.1 170.46.2.2
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0
ip address 170.46.2.1 255.255.255.0
ip nat outside
!

DYNAMIC NAT
 Here is a sample output of a dynamic NAT configuration:
ip nat pool NET 170.168.2.2 170.168.2.254 netmask 255.255.255.0
ip nat inside source list 1 pool NET
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0
ip address 170.168.2.1 255.255.255.0
ip nat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255
!

PORT ADDRESS TRANSLATION

PAT
 Here is a sample output of a PAT configuration:
ip nat pool NET 170.168.2.1 170.168.2.1 netmask 255.255.255.0
ip nat inside source list 1 pool NET overload
!
interface Ethernet0/0
ip address 10.1.1.10 255.255.255.0
ip nat inside
!
interface Serial0/0
ip address 170.168.2.1 255.255.255.0
ip nat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255

TRANSPORT CONTROL PROTOCOLS
 The function of the Transport Layer is to
insure packets have no errors and that all
packets arrive and are correctly reassembled.
Two protocols are used:
 User Datagram Protocol.
• Provides unreliable, connectionless delivery
service using Internet Protocol.
• Application programs utilizing UDP accepts
full responsibility for packet reliability
including message loss, duplication, delay, out
of sequence, multiplexing and connectivity
loss.
 Transmission Control Protocol.
• Provides a reliable, connection delivery
service using Internet Protocol.
• It provides reliable packet delivery, packet
sequencing, error control, multiplexing.
Hardware
IP
Applications
TCP UDP
Packet
Packet Packet
Packet
Packet
TCP and UDP pass IP packets to
the applications

CONNECTIONLESS VS. CONNECTION-ORIENTED
PROTOCOLS
 Connection-oriented
• Two computers connect before sending any
data, sender lets receiver know that data is on
the way; recipient acknowledges receipt of
data (ACK) or denies receipt (NACK). The
ACKing and NACKing is called handshaking.
(Type supported by TCP). Reliable, but carries
overhead burden.
 Connectionless
• Computers involved know nothing about each
other or the data being sent. Makes no
attempt to cause networks senders and
receivers to exchange information about their
availability or ability to communicate with one
another, “best effort” delivery. (Type
supported by IP, UDP). Not reliable, but faster
and may be good enough. Also upper layer
apps may worry about errors and reliability
processing, so no need to do it twice.

TRANSPORT LAYER PORTS
 Both TCP and UDP use port numbers to pass to the upper layers.
 Port numbers have the following ranges:
• 0-255 used for public applications, 0-1023 also called well-known ports, regulated by
IANA.
• Numbers from 255-1023 are assigned to marketable applications
• 1024 through 49151 Registered Ports, not regulated.
• 49152 through 65535 are Dynamic and/or Private Ports .
 Port numbers are used to keep track of different
conversations that cross the network at the same
time.
 Port numbers identify which upper layer service
is needed, and are needed when a host
communicates with a server that uses multiple
services.

9 Discard Discard all incoming data port
7 Echo Echo
19 Chargen Exchange streams of data port
20 FTP-Data File transfer data port
21 FTP-CMD File transfer command port
23 Telnet Telnet remote login port
25 SMTP Simple Mail Transfer Protocol port
53 DOMAIN Domain Name Service
79 Finger Obtains information about active users
80 HTTP Hypertext Transfer Protocol port
88 Kerberos Authentication Protocol
110 POP3 PC Mail retrieval service port
119 NNTP Network news access port
161 SMTP Network Management
179 BGP Border Gateway Protocol
513 Rlogin Remote Login In
Port Application Description
SOME WELL-KNOWN TCP PORTS

Destination Port
Source Port
PORTS FOR CLIENTS
80
80 1032
1. Client requests a web page from server
1032
2. Server responds to client
 Clients and servers both use ports to distinguish what process each
segment is associated with.
 Source ports, which are set by the client, are determined dynamically,
usually a randomly assigned a number above 1023.

FCS
PREAMBLE
DESTINATION ADDR
00 00 1B 12 23 34
SOURCE ADDR
00 00 1B 09 08 07
FIELD
TYPE
ETHERNET
6
Source IP Address; 128.66.12.2
Destination IP Address; 128.66.13.1
IP Header
TCP Header
IP
HEADER
TCP
HEADER
DATA
Source Port 5512 Destination Port
23
Telnet
DATA LINK
LAYER
NETWORK
LAYER
TRANSPORT
LAYER
APPLICATION
LAYER
PROTOCOLS AND PORT NUMBERS

TCP OPERATION
 TCP is a connection-oriented protocol.
 TCP provides the following major services to the upper protocol layers:
 Connection-oriented data management to assure the end-to-end transfer of data across the
network(s).
 Reliable data transfer to assure that all data is accurately received, in sequence and with no
duplicates.
 Stream-oriented data transfer takes place between the sender application and TCP and the
receiving application and TCP.
• To stream is to send individual characters not blocks or frames.
 Prior to data transmission, hosts establish a virtual connection via a
synchronization process. The synch process is a 3-way “handshake”, which ensures
both sides are ready to transfer data and determines the initial sequence
numbers.
 Sequence numbers give hosts a way to acknowledge what they have received. TCP
header contain SYN bits, or flags, to achieve this.

TCP 3-WAY HANDSHAKE
TCP is a connection oriented protocol. Communicating hosts go through a synchronization
process to establish a virtual connection. This synchronization process insures that both
sides are ready for data transmission and allows the devices to determine the initial
sequence numbers.
Send ACK
ACK = y + 1
Receive SYN
Seq = x
Send SYN
Seq = y
ACK = x + 1
Receive SYN
Seq = y
ACK = x + 1
Send SYN
Seq = x
Receive ACK
ACK = y + 1
Sequence numbers are
reference numbers between
the two devices. The sequence
numbers give each host a way
to ACK the SYN, so the receiver
knows which connection
request the sender is
responding to.

DENIAL OF SERVICE ATTACKS
1. Hacker initiates a SYN but spoofs the source
IP address.
DOS attacks are designed to deny services to legitimate users. DoS attacks are used
by hackers to overwhelm and crash systems. SYN flooding is a DoS attack that
exploits the three way handshake.
To defend against these attacks, decrease the connection timeout period and
increase the connection queue size. Software also exists that can detect these types
of attacks and initiate defensive measures.
Send SYN
Receive SYN
Send SYN/ACK
Send SYN
Send SYN
Send SYN
Send SYN
Send SYN
2. Target replies to the unreachable IP address
and waits for final ACK.
3. Hackers floods target with false SYN
requests tying up its connection resources,
preventing it from responding to legitimate
connection requests.

TCP WINDOWS AND FLOW CONTROL
 Data often is too large to be sent in a single segment. TCP splits the data into
multiple segments.
 TCP provides flow control through “windowing” to set the pace of how much data
is sent at a time – i.e. how many bytes per window, and how many windows
between ACKs.
Window Size = 1 Window Size = 3

 Window size determines the amount of
data that you can transmit before receiving
an acknowledgment. This is how TCP
assists in congestion control.
 Sliding window refers to the fact that the
window size is negotiated dynamically
during the TCP session.
 Expectational acknowledgment means
that the acknowledgment number refers
to the octet that is next expected.
 If the source receives no acknowledgment,
it knows to retransmit at a slower rate.
WINDOWING AND WINDOW SIZE
Fast enough for
you?
I didn’t get all
of that, slow
down.

SEQUENCE AND ACK NUMBERS
 Each TCP segment is numbered before transmission so that the
receiver will be able to properly reassemble the bytes in their original
order.
 They also identify missing data pieces so the sender can retransmit
them. Only the missing segments need to be re-transmitted.
 Positive Acknowledgement and Retransmission
 TCP utilizes PAR to control data flow and confirm data delivery.
 Source sends packet, starts timer, and waits for ACK.
 If timer expires before source receives ACK, source retransmits the packet and
restarts the timer.

VERS
FCS
PREAMBLE DESTINATION
ADDRESS
SOURCE
ADDRESS
FIELD
TYPE
ETHERNET
0-65535
2
6
6
8 4
HLEN TOS Total Length
4 bits 4 bits 8 bits 16 bits
Identification
16 bits
Flags
3 bits
Fragment Offset
13 bits
TTL
8 bits
Protocol
8 bits
Checksum
16 bits
Source IP Address
32 bits
Destination IP Address
32 bits
IP Options(if any)
32 bits
TCP Data (if any)
Source Port Destination Port
Sequence Number
Acknowledgement Number
Offset U A P R S F
Reserved Receive Window Size
Checksum Urgent Pointer
16 bits 16 bits
32 bits
32 bits
4 bits 6 bits 16 bits
16 bits 16 bits
IP Header
TCP Header
IP Datagram
Options (if any)
DATA
IP
HEADER
TCP
HEADER
TCP ENCAPSULATION

Number of the calling port Number of the called port
Used to ensure correct
sequencing of the arriving data
Next expected TCP
octet
Number of 32-bit words in the
header
set to zero
Control setup and termination of
session
Number of octets sender is willing to
accept
Indicates the end of the urgent data
Upper layer protocol data
TCP SEGMENT FORMAT

DETAILS ON TCP FIELDS
 Sequence Number
 TCP numbers each byte in the TCP data with a sequence number.
 The sequence number identifies the first byte in the data segment being
transmitted from the sending TCP to the receiving TCP.
 Acknowledgement Number
 The acknowledgement number contains the next sequence number the
receiving station (sending the acknowledgement) expects to receive. The
Acknowledgement flag is set.
 Offset. It is perhaps more descriptive to call this field the TCP Header Length.
This field is required because the length of the options field is variable.
 It indicates where the TCP header ends and the data begins. The header is 20
bytes without the options field.
 Reserved
 This field is reserved for future use and is set to zero.

 TCP software uses the 6 Code Bits to determine the purpose and
contents of the segment.
 Urg
• This flag indicates that this segment contains an Urgent pointer field. 1 = Urgent, 0
= Not Urgent.
• This field presents a way for the sender to transmit emergency data to the
receiver. The URG flag must be set.
• The Urgent Pointer is a 16 bit positive offset that is added to the sequence number
field in the TCP header to obtain the sequence number of the last byte of the
urgent data.
• The application determines where the urgent data starts in the data stream.
• The field is normally used by the application to indicate the pressing of an
interrupt key during Telnet/Rlogin or a file transfer abort during FTP.
 Ack
• This flag indicates that this segment contains an Acknowledgement field. 1 = Ack, 0
= No Ack.

 TCP software uses the 6 Code Bits to determine the purpose and
contents of the segment.
 Psh
• The segment requests a Push. TCP software usually gathers enough data to fill the
transmit buffer prior to transmitting the data. 1 = Push, 0 = No Push. If an
application requires data to be transmitted even though a buffer may not be full
then a PUSH flag bit is set. At the receive side the PUSH makes the data available
to the application without delay.
 Reset
• This field will Reset the connection. 1 = Reset, 0 = No Reset.
 Syn
• This flag field is used to Synchronize sequence numbers to initiate a connection. 1
= Syn, 0 = No Syn
 Fin
• The Finish flag bit is used to indicate the termination of a connection. 1 = Fin, 0 =
No Fin.

UDP/TCP OPERATION COMPARISON
• There are two protocols at Layer 4 – TCP
and UDP. Both TCP and UDP use IP as
their underlying protocol.
• TCP must be used when applications
need to guarantee the delivery of a
packet. When applications do not need a
guarantee, UDP is used.
• UDP is often used for applications and
services such as real-time audio and
video. These applications require less
overhead. They also do not need to be
re-sequenced since packets that arrive
late or out of order have no value.
TCP UDP
Connection-oriented
delivery
Connectionless delivery,
faster
Uses windows and ACKs No windows or ACKs
Full header Smaller header, less
overhead
Sequencing No sequencing
Provides reliability Relies on app layer
protocols for reliability
FTP, HTTP, SMTP, and
DNS
DNS, TFTP, SNMP, and
DHCP
 0 – 15   16 - 31   31 - 47   48 – 63  64 
Source Port Destination Port Length Checksum Data…
UDP segment format

USER DATAGRAM PROTOCOL
 UDP is a connectionless, unreliable Transport level service protocol. It is primarily used for
protocols that require a broadcast capability. i.e RIP.
 It provides no packet sequencing, may lose packets, and does not check for duplicates.
• It is used by applications that do not need a reliable transport service.
• Application data is encapsulated in a UDP header which in turn is encapsulated in an
IP header.
 UDP distinguishes different applications by port number which allows multiple
applications running on a given computer to send /receive datagrams independently of
one another.
FCS
IP HEADER
PREAMBLE
DESTINATION
ADDRESS
SOURCE
ADDRESS
FIELD
TYPE
ETHERNET
8-1500
2
6
6
8 4
UDP Source Port
0 15 16 31
UDP Message Length
Data
UDP Destination Port
UDP Checksum
. . .
UDP DATAGRAM

UDP PORT NUMBERS
Echo 7 Echo user datagram back to user
Discard 9 Discard user datagrams
Daytime 13 Report time in a user friendly fashion
Quote 17 Return "Quote of the day"
Chargen 19 Character generator
Nameserver 53 Domain Name Server
Sql-Net 66 Oracle Sequel Network
BOOTPS 67 Server port to download configuration information
BOOTPC 68 Client port to receive configuration information
TFTP 69 Trivial File Transport Protocol
POP3 110 Post Office Protocol - V3
SunRPC 111 Sun Remote Procedure Call
NTP 123 Network Time Protocol
SNMP 161 Used to receive network management queries
SNMP-trap 162 Used to receive network problem reports.
IRC 194 Internet Relay Chat
IPX 213 IPX - IP Tunneling
SysLog 514 System Log
RIP 520 Routing Information Protocol

LAB
 Open Wireshark or Etherreal and Identify TCP/UDP Connections with
flags and reasons.

IP ROUTING BASICS
 Static and Connected Routes
 IP Forwarding by Matching most Specific
Route
 Configuring Static Routes
 Verifying Routing Table

Technical Training v1.1.pptx

Recommended

Recommended

More Related Content

Similar to Technical Training v1.1.pptx

Similar to Technical Training v1.1.pptx (20)

Recently uploaded

Recently uploaded (20)

Technical Training v1.1.pptx