Skrpunes Network Notes Draft

8/6/2019 Skrpunes Network Notes Draft

1/44

Skrpunes Network+ NotesBased on the CBT Nuggets Network+ Video Series

Author: Skrpune, ProProfs.com

Table of Contents1. Network Topologies Part 1 ...............................................................................................................................................2. Network Topologies Part 2 ...............................................................................................................................................3. Media Connectors & Cabling ............................................................................................................................................4. Network Devices & Components Part 1 ...........................................................................................................................5. Network Devices & Components Part 2 ...........................................................................................................................6. OSI Model ...................................................................................................................................................................... 7. Media Access Control .................................................................................................................................................... 18. IP Addressing ................................................................................................................................................................. 9. Network Layer Protocols ................................................................................................................................................ 1

10. TCP/IP Suite of Protocols & Services ........................................................................................................................... 11. TCP/UDP Protocols & Services ................................................................................................................................... 12. Additional Network Protocols & Services ..................................................................................................................... 13. WAN Technologies ...................................................................................................................................................... 214. Wireless Technologies ................................................................................................................................................. 215. Internet Access Technologies ...................................................................................................................................... 216. Remote Access Protocols & Services .......................................................................................................................... 217. Server Remote Connectivity & Configuration ............................................................................................................... 218. Security Protocols ........................................................................................................................................................ 219. Authentication Protocols ............................................................................................................................................... 220. Network Operating Systems ......................................................................................................................................... 3

21. Client Workstation Connectivity .................................................................................................................................... 322. Firewalls & Proxy Services ........................................................................................................................................... 323. VLANs .......................................................................................................................................................................... 324. Intranets & Extranets .................................................................................................................................................... 325. Anti-Virus Protection..................................................................................................................................................... 326. Fault Tolerance & Disaster Recovery ........................................................................................................................... 327. Troubleshooting Strategies .......................................................................................................................................... 428. Troubleshooting Utilities ............................................................................................................................................... 429. Physical Network Troubleshooting ............................................................................................................................... 430. Troubleshooting in Client/Server Environments ........................................................................................................... 4


2/44

1. Network Topologies Part IPhysical & Logical Topologies- Bus Topology need terminator on each end of backbone

oPhysical Bus physical arrangement in a series, not used much anymoreoLogical Bus i.e., hub in a physical star acting as the logical bus

- Star TopologyoPhysical Star hub or switch at the center of the staroLogical Star i.e., switchoUsed in LAN / WAN

Shared Ethernet bus if hubSwitch does dynamic bridge Maximize bandwidth via transparent braiding

- Ring TopologyoPhysical Ring physical closed loopoFDDI = both physical & logical ringoToken Ring = physical star, but logically a ring to pass token from node to node

BUT each node must be attached to a hub/concentrator or a MSAU / MAU (multistation access unit)- MeshTopology

oAKA, Frame Relay, ATMoPartial Mesh = used where need most redundancy or bandwidth

IEEE 802.2 / LLC- LLC = Logic Link Control

oMaps to Data Link Layer 2 of OSI Model- What does LLC do??

oManages data link connections, works with physical mediumoAddressing reads MAC addressesoSAPs service access pointso

Performs sequencing of data packets as they are moved around networkoIn a nutshellprovides basic networking between devices

IEEE 802.3 / ETHERNET (CSMA/CD)- Dominant LAN Technology = ~85%!!!- CSMA/CD = Carrier Sense Multiple Access/Collision Detection

oFIRST, before sending, polls the channel to see if another node is transmittingoIf not carrier is senses, then it transmitsoIf have a collision (i.e., 2 signals at once), will retry to send after a wait periodoPuts limits to number of machines that can access network before collision increase & network gets too crowded

- Collision Domain logical network segment where data packets can collide with each otheroNOTE: Switches create smaller collision domains than hubs & reduce congestion

- 10BaseT / 10Mbps Ethernet developed by DEC + Intel + Xerox- Half-Duplex Switching cannot send & receive at same time

oI.e., walkie-talkie- Full-Duplexed Switching can send & receive; two-way transmission

oI.e., telephone- Advantages of using Ethernet

oEasy to manage, maintain, implementoFlexibleoWidely supported

- Terminology / ComponentsoDTE = Data Terminal Equipment source or destination of data (laptop, PC, Server, Printer)oDCE = Data Communication Equipment receive & forward frames on LAN network or to other LANs (Switch, Hub, Router, Modem)

Ethernet Types / Speeds (Using CSMA/CD10 Mbps 10BaseT100 Mbps Fast Ethernet1000 Mbps / 1 Gbps Gigabit Ethernet10000 Mbps / 10 Gbps 10 Gigabit Etherne

PHYSICALBUS STAR TOPOLOGY

RING TOPOLOGY

HUB

LOGICALBUS

OSI LAYERS

7 APPLICATION

6 PRESENTATION

5 SESSION

4 TRANSPORT3 NETWORK

2 DATA LINK

1 PHYSICAL

MESH TOPOLOGY

ISP

PARTIAL MESH


3/44

WAN

Primary Ring

Secondary Ring

2. Network Topologies Part IICSMA/CA- CSMA/CA = Carrier Sense Multiple Access/Collision Avoidance

oNode signals its intent to transmit prevents other devices from sending, hence avoiding collision!oUsed in Apple Talk / Local TalkoCA algorithm by which channel time on ring is reserved to avoid collision

Use RTS Request To Send (jam signal of sorts) wait to receive OK If another node tries to send a frame & sees a jam signal, will stop & retry later

oCSMA/CA is principle median access method for 802.11 & WLANs tooNeed collision avoidance on 802.11 & WLANs because wireless uses half duplexradio signals

802.5 / TOKEN RING- Uses CSMA/CA- Created by IBM, still their main LAN technology- 802.5 IEEE Standard, modeled after IBMs token ring- Uses Physical Star, Logical Ring

oAll nodes attached to MSAU MultiStation Access Unit)oMSAU performs the token passing inside the device

- Speeds of 4.16 Mbps & 16 Mbps- Baseband transmission uses full transmission rangefor one signal (as opposed to Broadband/DSL/Cable)

oOther Baseband TransmissionsHSTR (High Speed Token Ring - 100 Mbps, 16 Mbps, 4 Mbps); 802.5t, 802.5u, 802.5v, etc.

- Token Passing Access Method -oMove a small frame (00110110), broken up by fields, etc.

oIf node gets a token & had no data to send, just sends the token along to next device on logical ringoIf node has data to send, i.e. to printer, will grab the frame & alter a 0 or 1 & will append the info it wants to transmit (adds its own stuff

***While the data frame circles the ring, no token can be on the network, unless using Early Token Release Early Token Release allows release while a frame transmission is being finished, i.e., put in qeue so can grab the token ASAUsed in never implementationsUnless ETR being used, all nodes have to wait delays the sending but NO COLLISIONS!

oFrame circles ring until reaches destination OR until gets dropped by original sending station- Token Rings are Deterministic

oDeterministic = possible to calculate max. time passed before any station is capable of transmitting because knows size/factors/etc. tocomplete current task

oGreat for applications, where you need to know the extend of network delayoUses complex priority mechanism can assign higher priority for servers, etc.

Priority field & Reservation field (can use to shield from lower priority users)FDDI: Fiber Distributed Data Interface- FDDI Characteristics/Terminology:

o100 Mbps; Fiber Optic (MAN, WAN)oBaseband; physical ring of trees; logical ringoDualRing; traffic on each ring is counter-rotating

Primary usually default for signal use Secondary backup If one ring fails, the other doubles back onto itself & converts into one/single

(token) ring; if there is a failure in the remaining ring, it breaks down intoindependent rings

oANSI American National Standards InstituteoGreat for distributed application modeloOften used for backboneoCDDI also in use now too Copper Distributed Data Interfaceo100 Mbps, using twisted pair copperoSAS Single Attachment/Attached Station (i.e., regular PC/laptops, etc.)

Connected to only to one / Primary ring via concentrator (cant directly attach to ring)oDAS Dual Attachment/Attached Station (i.e., server, devices w/2 network attachments)

Connected toboth ringsoSAC Single Attachment/Attached Concentrator

Connected only to Primary ring (through a tree)oDAC Dual Attachment/Attached Concentrator

Connects to both Primary & Secondary rings: HIGHLY fault tolerant Provides connection for additional stations & concentrators; Is the root of a tree

- FDDI Fault Tolerance Methods = Dual Rings & Dual Homing (can made a server/device into a DAS for more fault tolerance)- TRT: Token Rotation Time amount of time it takes token to travel around network- THT: Token Holding time amount of time a station can hold the token

MSAU

MSAU


4/44

DAS

SASSAS

NOTE: Can use two (2) DACs for redundancy

Routers, Switches,Multi-Layer Switches

Application & File Servers


5/44

3. Media Connectors & Cabling

CABLE

STANDARDS 10BaseT 802.3 LANs 10Mbps Baseband one Ethernet signal using full

bandwidth (no multiplexing)Twisted Pair(UTP & TP)

330 / 100m maxsegment length

10Base-FL 802.3 10Mbps Link between concentrator & end user station(workstation/server or router/switch)

Fiber Optic

100BaseT 802.3u 100Mbps Fast EthernetBased on CSMA/CD

Twisted Pair ORFiber Optic

100BaseT Cabling Schemes: 100BaseTX Predominant2 pair high quality TP

Twisted Pair(Cat5 UTP/STP)

100BaseT4 4 pair regular quality TP wires Twisted Pair

100BaseFX 2 MMF fiber optic cables Fiber Optic1000Base-CX Gigabit

Ethernet1000Mbps(1Gbps)

2 pair 150 STP Twisted Pair(STP)

1000Base-SX 1000Mbps(1Gbps)

2 MMF short wave laser Fiber Optic(MMF)

1000Base-LX 1000Mbps(1Gbps)

2MMF/SMF long wave laser Fiber Optic(MMF & SMF)

10GBase-SR 802.3ae 10Gbps 33-300 m length10GBase-LR 10Gbps Backbone, MAN, etc. Fiber Optic Up to 10km max

cable length10GBase-ER 10Gbps MAN, etc. Fiber Optic Up to 40km max

cable length

UTP STP

-

Twisted pair cabling with no additional shielding- Usually includes 4 pairs of wires in a common sheath- Typicall 100 Ohm Category 3, 4, 5, 5e, 6 (&7) cables from

TIA/EIA 568-A standard- 10Base T; 100BaseTX; 100BaseT2 = 2 wire pairs- 100BaseT4; 1000BaseT = 4 wire pairs

-

150 Ohm IBM cabling system for Token Ring- Twisted pairs wrapped individually in a foil shield & w/outer braided wires

(further reduces crosstalk & EMI)- Originally IBM cable types 1, 2, 6, 8, 9 supported token ring up to 16 Mhz- Can be used in Ethernet: 10BaseT, 100BaseTX, 100BaseT-2 using special

impedence matching transformers- Better performance BUT a lot of effort: monitoring, maintenance, $$$$$- Newer types = STP-A: 1A, 2A, 6A, 9A support FDDI up to 100Mhz- Type 1 is heavy black cable associated with IBM cabling system

Characteristics of BOTH: - Between 1-3 twists per inch- Two insulated copper wires twisted together = 1 pair

CONNECTOR

S

RJ-11 RJ-45 F-Type ST SC MTRJ FiberLC

-Registered Jack 11-Global standard-4 copper wires-Phone/fax/modem-Cat3-Historically used for LAN

-Ethernet LANs-Cat5, Cat5e, Cat6-Wider than RJ-11-Up to 8 wires-Typically w/UTP-Telephony, Token Ring,ISDN, 10BaseT, 100BaseT4

-Coax -Fiber Optic-Straight Tip (cantwist on/off)

-Fiber Optic-Square tip

-Fiber Optic -Fiber Optic-Connects MMF &SMF-Usu. used for MMF- Local, LANconnections

UTP Cat3 100Mbps (16Mhz) Voice/Data transmission4 UTPRJ-11

ISDNT1 / 1.54 Mbps1-BaseT; 100BaseT4Token Ring 4MbpsPOTS (plain old telephone system)

Cat5 100Mbps max(100Mhz)

Patch cables at PC, workstation, etcHigh grade Type 1 cable1994-replaced with 5e4 UTP; 100m max distance; RJ-45

10BaseT100BaseT4100BaseTXFDDI, ATM

Cat5e 1Gbps / 1000Mbps(350Mhz)

Gigabit ethernet BUT also backwards compatibleRJ-45

1000BaseT155Mbps ATM

Cat6 Better performance; Higher signal/noise ratioOverall better reliabilityFor future enhancement in data rate & application usageRJ-45

10BaseTFast EthernetGigabit Ethernet

STP Shielding reduces EMI & crosstalkUse IDC/UDC connectors, also RJ-45

10BaseT 100BaseTX100BaseT-2 FDDI


6/44

COAX RG8 10Mbps ThickNetNo hub neededEconomical; good shielding; not too flexible

10Base5AUI connector & VampTap

RG58 10Mbps ThinNetNo hub neededEconomical; good shielding; not too flexible

10Base2BNC connector

FIBEROPTIC

SMF 2.5 Gbps Single Mode FiberOnly transmit light in one fundamental mode/pathVery small core diameterTransmits over longer distance than MMFSupports very high bandwidth

Connectors:ST (straight tip) & SC (square)MTRJFiberLC (usu. MMF; local/LANconnections)

MMF 2.5 Gbps Multi Mode FiberLight travels in multiple modes/paths within the wireLarger center core / thicker than SMFUsed for relatively short distance, i.e., LANs & Campusnetworking

Connectors:ST (straight tip) & SC (square)MTRJFiberLC (usu. MMF; local/LANconnections)

OTHERS: IEEE 1394/ Firewire Used for data transfer from peripherals to PCUSB Universal Serial Bus Connects peripheral devices for high speed data transfer; also used for USB

NICsCable Type Common Name Physical Layer

NameSpeed Max Length

(M)Links &

SegmentsNotes

COAXIAL RG-6 Satellite TV N/A N/A Satellite TVRG-8 (AUI) Thicknet 10Base5 10 Mbps 50 (drop)

500 (backbone)100/segment Thicker wire; u

in some netwoRG-58 (BNC) Thinnet 10Base2 10 Mbps 185 30/segment Small bus topol

RG-59 Cable TV N/A N/A UTP(UnshieldedTwisted Pair)- general UTP& STP note:cancels outinterferenceby twisting thewires. The #after CAT iscode for howmany twistsper foot.

- RJ-45

CAT3 UTP Fast Ethernet 10 Base-T 10/100 Mbps 100 1 per link/drop Phone/data3-4 TPF

CAT4 UTP Fast Ethernet 10 Base-T 16 Mbps 100 1 per link/drop 5-6 TPFCAT5 Fast Ethernet 10 Base-T

100 Base-T4100 Base-TX

10/100 Mbps 100 1 per link/drop(-T) 3-4 TPI

CAT5e Gigabit Ethernet 10 Base-T100 Base-T4100 Base-TX1000 Base-T

10/100/1000Mbps

100 More reliablIGBPS netwo

CAT6 Gigabit Ethernet 10 Base-T100 Base-T4100 Base-TX

1000 Base-T

10/100/1000Mbps

100 .

CAT 7 Has 2 added wire

STP (Shielded Twisted Pair)(IDC/UDC)

Need for Star-ToNetwork

FIBER(ST/SC)

SMFSingle-Mode

10-Base-F 2.5 Gbps 2000 1 per link/drop

MMFMulti-Mode

10 Base-F 2.5 Gbps 2000 1 per link/drop .

* TPF = twists per foot of cable * TPI = twists per inch of cable * All CAT cable can be used for Token Ring.* 10 Base-T, 100 Base-TX, 100 Base-T2 use 2 wire pairs * 100 Base-T4, 1000 Base-T use 4 wire pairs

Connectors BNC RJ-45 AUI ST/SC IDC/UDC

- Bayonet NaurConnector- connects to networkcard or T-connector

- Coax

- UTP/STP- 8 total wires- RJ-11 has 4

- Attachment UnitInferface- 15 pin socketconnector

- ST (straight tip)- SC (square one)- Fiber

- very expensive- copper jacket &wires/pairs wrapped- IBM-type/Universal

Data Connector- Twisted Pair

Other connector bits T-Connector Vamp Tap Terminator

- intermediary connector- Coax

- thicknet coax cable- pierces to contact copper core

- stops signal so no echo- can use with T-Connector

Twisted PairCoax (hash marks = shieldin )10BaseFL Fiber O tic


7/44

4. Network Devices & Components Part I

- Network Interfaces:oPCMCIAoPCI CardoNIC (Network Interface Card)

NIC has circuitry & software to support encoding & decoding framesoSwitches/HubsoLogical Bus i.e., hub in a physical star acting as the logical bus

- NICsoOperate on OSI Layers 1 & 2oHave circuitry & software to support encoding & decodingframes

- Hubs & RepeatersoLayer ONE DevicesoHUBS usually used in smaller offices or in home networks

Use logical bus topology in a physical star topology CSMA/CD is handled by the hub On small/workgroup hubs, last port (uplink) allows link to other hubs

oTypes of Hubs Passive Hub doesnt amplify any electrical signals Active Hub amplifies the signal Intelligent Hub active hub plus some added features, i.e., stackable; software for SNMP, WAN, etc.

oRepeater Amplifies the signal: reshapes wave forms & extends the LAN segments

Usually used for office buildings, i.e., extending the LAN beyond usual length constraints to reach other floors, etc. Concentrator multi-port repeater

oNOTE: all notes/hosts connected via repeaters & hubs are all on the same: Network Collision Domain Broadcast Domain

- Bridges connects & subdivides LANsoUses a process to learn about devices on the network to streamline future communications via a MAC address table:

Host A sends packet, which is framed with data Frame has ID for node of origin and destination = MAC Address The packet is broadcast throughout the network Bridge forward traffic out to all nodes Bridge checks Host As MAC Address & adds it to its MAC table

- Switches = multi-port bridgesoSwitches optimize the collision domain (whereas routers optimize the broadcast domain)

Use software & hardware to create full duplex non-collision domain to communicate uber-fast.o

Multi-layer switch Operates as a Switch at Layer 2 Operates as a Router at Layer 3

oExamples of some commands at a Switch interface, i.e., l ike that of Cisco Catalyst 3550 Show version = display switch info Config terminal = allows for configuration of the terminal ? = lists available commands within the switchs configuration interface

HUB

BRIDGE

SWITCH

A

B


8/44

5. Network Devices & Components Part IIPhysical & Logical Topologies- Routers

oSimilar to bridges, but added functionalityoCan be computer or system/device OR softwareoUsually transfer data between networks using same protocolsoConnects 2 networks LANs, WAN, MAN, or LAN-to-ISP (via destination IP addressing)

Looks at packets & then routes the packetoUsage: Internet, small-big businesses, homes, oLayer 3 of OSI ModeloCreate/maintain table of available routs so can forward the packets most efficiently

Best routes change due to traffic, down routers, etc. NOTE: can enter C:\> route print to see route table

oCan use command line interface OR protocols (RIP, OSPF, BGP) to onfigure & dynamically get/set info RIP = Routing Information Profocol; RIP v.2 = latest OSPF = Open Shortest Path First BGP = Border Gateway Protocol All Protocols use different set of calculations/algorithms to choose best route via criteria/metrics/parameters

oTo access command line interface for router: Via Console port Telnet in Secure Shell to get terminal emulation NOTE: can usu. access router/switch/hub/firewall/VPN concentrator via web-based interface BUT uses HTTP (not secure)

oSample of command line interface / administration interface for a router: (UNIX, LINUX based) CISCO3660# show version CIOS CISCO3660# config terminal CISCO3660# ? shows all available commands

- GatewaysoDevice/application that passes data between networks of similar function but maybe different medium or

implementation I.e., wireless to local LAN or ISP

oFunctions at all different OSI Model layers BUT a router can be considered a Layer 3 Gateway, where a mail gateway (i.e., server) is a

Layer 7/Application Gateway (i.e., between email systems)oA Gateway can:

Use protocol translators Do impedence matching Do rate conversions Fault isolation Signal translation all in order to provide communication/interoperability between disparate systems (AOL & Prodigy are gateways of sorts)

- Transceiver (AKA, Media Converter or Media Adapter)oTransmits AND Receives Full Duplex deviceoUsually used on routers for different cable connections:

AUIDV15 = older AUI RJ45 = newer GBIC = Gigabit interface converter

Converts light stream of fiber optic cable into the electronic signals used on NICAllows one (1) GB port to support full range of media, from copper to 100km SMF

- ISDN Adapters CSU / DSUoISDN = Integrated Services Digital NetworkoDigital method of moving voice/data; older tech.; newer have adapter built into Cisco card in the Switch; If using phone/older need adapte

- ModemsoModulator Demodulator:

Use dialup through an ISP Modulate outgoing from digital to analog to travel on POTS Demodulates incoming from analog to digital for PC

oInternal: 14.4Kbps (16,000Bps) 56 KbpsoExternal: 128Kbps 256 Kbps or higher

ROUTER


9/44

- Firewall

oFirewall hardware device/software application that functions in a network environment to prevent somecommunications that are explicitly forbidden by a corporate security policy

oGoals/Characteristics: Can be Hardware or Software running on a Server or Both Prevents spread, provides security & controls traffic between different types of security zones Will have varying levels of trust to control connectivity & packet flow between the different zones Goal is to prevent hackers & unauthorized people from accessing your private network Firewall examines all packets/messages inbound & outbound from the network

oPhysical Firewall One interface connected to internal organization has to be the MOST secure interface One interface to the Public May have more going to other security zones (like a Host or DMZ)

- VPN ConcentratorsoVPNConcentrator used to create virtual private networks using a fleet of protocols to encrypt &

decrypt traffic to terminated end points

oCan also use software solutions running on servers or can be integrated into routers sitting atperimeter of your network I.e., Cisco allows you to have firewall & VPN capabilities & intrusion detection services

tooall built into the OS of the Router or the Multi-Layer Switch device.oVPN Concentrator administration:Can use Unix-based command line interface (like with Routers &

Gateways) OR via web interface Unix-based command line interface (like with Routers & Gateways) some are in a menu system similar to FDISK or BIOS Via web interface easier to work with web-based menu NOTE: if managing multiple hubs/routers/VPN Concentrators, use a third party management system, i.e., Computer

AssociatesManage users, groups; tunnels; IPtunnelsSSL, secure shell, web VPN HTTP to access some let you use HTTPS


10/44

6. OSI MODELOSI = Open System Interconnection- Global networking framework standard- Control is passed through 7 layers, Most layers exist in all communication systems- Layers can be combined i.e., Microsoft combines several top layers, i.e., app/presentation/session + transport + network + data-link/physica

OSILAYERS

Application Layer -Provides file, print, message services.-Protocols for service usage & advertisement.-Window for users & applications to access network services.

Presentation - Provides data translation typically part of OS.- Converts inbound & outbound data from one format to another.

- Also handles syntax, compression & encryption.Session - Establishes communication sessions between network devices.

- Handles dialog control & coordinates sessions and connections, i.e., decides whether duplex, half-duplex, etc.

Transport - Ensures data deliverability & reliability & priority.- Maintains data integrity.- Makes sure that packets are ordered & that there is no loss/duplication.

Network - Responsible for routing & forwarding data packets.- Controls packet on basis of network state, priority, & quality of service, etc.

Data link - Provides error-free transmission of data frames.- Sends frames from network to physical layer.- Converts raw bits into frames & vice-versa.

Physical - Packages & transmits bits on the physical media.

*Includes encoding & functions at the mechanical and electrical level.


11/44

7. MAC Addressing*Note: layers 2-4 are where most networking type folks do their workData Link / OSI Layer 2

oOSI Layer 2 = Data Link = TWO parts: LLC AND MAC, subdivided by IEEE into two layers- Reliable data transmission over various media (wireless, fiber, etc.)- Defines:

oPhysical addressing separate from network address; physical address defines how physical network devices are addressedoTopology how the network devices are physically connected, i.e., ring, staroError notification alert/send message to upper layer protocols (3 & 4 & up) that theres been a transmission erroroFrame sequencing putting in proper orderoFlow control moderates data transmission rate so receiving network/device wont get overwhelmed w/more data than can handle a

any given time.- IEEE subdivided data link into the two layersLLC & MAC- LLC = Logical Link Control

oManages communications between network devices on network over a single network link.oSupports both connectionless & connection-oriented upper-layer protocolsoDefined by 802.3 fields in Layer 2 framesoProvides interface between MAC Sub-layer & Upper Layers

- MAC Sub-Layer Management Functions:oTo manage protocol access to underlying physical medium of the networkoControls node access to physical medium and is protocol-specificoBoth MACs must support the same transmission rate to functionotherwise need intermediary device like router to provide translatiooEncapsulates data into frames & starts frame transmission/recovery.

-

MAC Addressing (i.e., data link addressing)oUsed to identify nodes/devices implementing IEEE MAC addresses on the data l ink layeroMust be unique for each LAN interface, i.e., NICo48-bit address, expressed as 12 hexadecimal digits, i.e.: 00-40-CA-47-C4-BF OR 0090.bf1f.e000 OR 0040.ca19.c776, etc.oTo FIND MAC address, go to C: prompt & enter IPCONFIG /ALL find the Ethernet NIC Physical addressoBIA = burned in address, burned into ROM & then stored in RAMoFirst 6 digits (24 bits) = OUI organizationally unique identifier.oLast 6 digits (24 bits) = Vendor Assigned, i.e., serial

number assigned by the vendor- Address Resolution Protocol (ARP)

oMethod used in TCP/IP suite to map IP addresses tophysical addresses in order to forward data/frames

oSending workstation checks its MAC Address Table ( inthis case an ARP table)

oIf nothing there for the desired destination address, sendsout a broadcast hey, where are you?!

oThe desired destination hears the call, it compares itsmatching IP address to the message & responds withits MAC Address

oIF going beyond your local network, forwards ARP requestto its default gateway/next hop router (usually a Router ora multi-honed Server with 2 NICs) on same network. Gateway/Router forwards packets until gets to right network with router thathas the MAC address of destinationif not, will send out its own broadcast to find the MAC address on its local network.

- Basic Ethernet Frame FormatoWhen datagrams come down OSI stack to Network (Layer 3), IP header is wrapped around that datagram & it becomes a packetoThat packet gets passed down to Data Link Layer 2 & that information becomes encapsulated & becomes a frame

- MTU = Maximum Transmission Unit = for Ethernet frame it is 1500 bytes

Transmission order: left-to-right, bit serial

FCS error detection coverage

FCS generation span

PRE SFD DA SA Length/Type Data Pad FCS

7 1 6 6 4 46-1500 4

(Field length in bytes)

HUB ROUTERNETWORK B

- PRE = Preamble; notifies receiving nodes that a frame is coming down thpipe; to synchronize reception of those frames on physical media on theincoming bit stream of the receiving device

- SFD = Start of Frame Delimiter (also SOF); ends w/ two consecutive Obits to signify that next bit = left-most bit in the left-most byte of the destinaddress (i.e., hark!, destination address is next!)

- DA = Destination Address; 6 bytes / 48 bits in hex format = MAC addres- SA = Source Address; 6 bytes / 48 bitsNOTE: SA & DA will change as moves thru network, but data wi ll contain infabout orig. IP addresses of the original SA & DA- Length/Type = # of MAC client data bytes in data field OR frame type ID- Data = the actual data, of course!- Pad- FSC = Frame Check Sequence; 4 bytes; contains CRC (cyclical redund

check created by sending a MAC frame & seeing if its still the same aft

sendingif see problems, then can have the frame resent)


12/44

8. IP Addressing- IP Address = field in the IP header thats added to data as its moved around the network

oEach field fits 32 bits source address & destination addressoFour octets of 8 bits: 128 64 32 16 8 4 2 1

128 position = high order bit1 position = low order bit

oEach position is 2 to the nth power: 7 6 5 4 3 2 1 0oAdd all numbers of octet = 255 BUT have 256 values (0-255)

- Binary conversion to Base 10/Decimal:oAdd up the position/bits where there is a value of 1, i.e.

11000000 = 128 + 64 = 1921010100 = 128 + 32 + 8 = 16801100101 = 64 + 32 + 4 + 1= 10100101101 = 32 + 8 + 4 + 5 = 45SO 11000000.1010100.01100101.00101101= 192.168.101.45

- NOTE: each IP address is two parts:oNetworkoThe Location on the network

- Subnet MaskoNon-zero (1 = ON) bits tell us what parts are reserved for the Network addressoZeros (0 = OFF) bits tell us what parts are reserved for the host address

- Class AoFirst octet represents the networks; remaining three octets (24 bits) are for the hosts (224 hosts!)

o255.0.0.0 = Subnet Mask- Class B

oTwo octets for hosts = 16 bits for hostso 255.255.0.0 = Subnet Mask

- Class CoFirst three octets for network = 24 bits for networkoONLY last octet for hosts = 8 bitso255.255.255.0 = Subnet Mask

- NOTE: do not count:oXX.XX.XX.0 this is the network address (on a Class C)oXX.XX.XX.255 this is the BROADCAST addressoSO your possible number of hosts ALWAYS excludes these two addresses/values per network

- Private/Reserved Address RangesoNOT recognized on the internet, info will be droppedoUsed commonly for examples or testing or trainingoRFC (request for comment) 1918 = docs used for reserved address standardsoCorporations use reserved addresses internally via NAT (Network Address

Translation) to extend the number of addresses available via IPv4 SO manycompanies can use the same network addresses behind their firewall, as long ashave a PUBLIC IP address on the Firewall/on the other side

- Subnetworks & SubnettingoCreate smaller broadcast domains within one large broadcast domainoAdjust Subnet Mask by partitioning bits between subnetworks & hosts, i.e.:

-Class C usually 255.255.255.0 BUT if change to 255.255.255.192 THEN:first 2 bits of last octets are used for subnetworks & can use last 6bits for hosts

- CIDR = Classless Inter-Domain RoutingoAssumes entire 32-bit address for usageno more classes! Put a forward slash (/) at end followed by # bits being used for the netwoo192.168.101.45/24oNumber of available hosts = 2^n 2, where N is the number of bits being used for the host

- Main three ways to dole out IP addresses & subnet masksoStatic directly assign by hand using software/GUIoDynamic use DHCP to assign IP addresses automatically within a certain scope of addressesoAPIPA (RFC 3330) Automatic Private IP Addressing assigns a temporary IP address in the range 169.254.0.1 169.254.255.254

(NOT publicly usable but some PCs/programs need an address to function in a Peer to Peer network & get your DHCP going)- IP Version 6 (IPNG or IPv6)

oExpands address space, security & quality of service over IPV4 more fields, space, bitsoGoverned by Internet Task Force (IETF)oAddress space is 128 bits expressed in hexadecimalo~340 UNDECILLION (?!) addresses total; IPV4 ~ 4 billion totaloEXAMPLE: 3ff3:0501:0008:0000:0260:97ff:fe40:efab (For more info see http://www.pcsupportadvisor.com/nasample/c0655.pdf)

AddressClass

1st OctetRange

Octets forNetwork

Number ofNetworks

Hosts peNetwork

A 1-127 1 126 16,777,2B 128-191 2 16,384 65,534C 192-223 3 2,097,152 254D 224-239 - - -E 240-247 - - -NOTE: 127.0.0.1 used as loopback address for testing

D used for multicastingE used for experimental purposes

PRIVATE/RESERVED ADDRESSES (by clasA 10.0.0.0 to 10.255.255.255

B 172.16.0.0 to 17.31.255.255

C 192.168.0.0 to 192.168.255.255


13/44

9. Network Layer Protocols- Network Layer 3 Protocols (other than TCP/IP):

oAppleTalkoNetBEUIoIPX/SPX

- NetBEUI NetBIOS Extended User InterfaceoReally in Layer 4 not routableoUsed w/Microsoft & IBM (NT, LAN Manager, WIN for Workgroups, Win 95, Win 98, Workgroup add-on for DOS, OS/2)oMinimal configuration needed, rapid data transfer; needs computer name & workgroup/domain name (NetBIOS)oNot used very much today, mostly obsoleteoTo access/set up in Win 95:

Network Applet > Configuration tab > add NetBEUIProtocol > Add > Microsoft > BetBEUI > Reboot > Check bindings tab need TCP/IP & NetBEUI bound to the NIC **Make sure File & Printer Sharing is on all PCs & turn OFF TCP/IP bindings for File/Print Share & Client for Microsoft Networks

- AppleTalkoDeveloped early 80s for Mac systemsoEarly distributed client/server networking solutions for file & printer sharingrequires little user input/interactionoTwo versions: AppleTalk Phase 1 & 22 is the one discussed hereo4 Key components:

Nodes computer, router, server, printerSockets unique addressable locations on a node; logical point where upper layer datagram delivery protocols (DDPs socket

clients) & services work together and interact.Networks single logical cable to multiple nodes Zones logical group of nodes/networks defined by administrator during network setup. Do NOT need to be physically contiguo

oNon-Extended AppleTalk networkPhysical network segment that is assigned only a single network number

(1-1024) (10-bit; 2^10)Each node # has to be unique for that networkNo more than one zone configured on it

oExtended AppleTalk network Networks can extend beyond the zone, or multiple networks in one zone

oLocal TalkHas media access dependencies on lower layer protocols, i.e., Ethernet, FDDI, Token Ring. Four main media access protocols:

Ether Talk Token TalkFDDI Talk Local Talk

12

34

5

Network

Zone CZone A

Zone B

Non-ExtendedAppleTalkNetwork

100.101

Network 100

100.15

100.1100.51

PurchasingZone

100.101

100.3 101.1

10212 101.12100.15

102.49

101.93

103.10Accounting

Zone

ExtendedAppleTalkNetwork


14/44

Local Talk is a proprietary (Data Link) Layer 2 implementation cheap & efficient for small LANsUsually built into MAC productsUses twisted pair cabling, in a bus topology 300m segment limits; 32 nodesRouters (intermediate devices) can be used for a star topology

oLLAP LocalTalk Link Access ProtocolMedia access protocolCommunicates between LocalTalk & upper layer protocolsDelivers frames between nodes, guarantees error-free delivery, and performs best effort delivery

oAppleTalk addresses = 48 bits

NETWORK (16 bits)1-65536 NODE (16 Bits)Unique random # SOCKET (16 Bits)Unique to each NIC/interface100 11 50

Using example above, AppleTalk address can be expressed as:100.11.50 OR 100.11, Socket 50

Dynamically doled out when attached to network: provisional network layer address is handed out (kinda like APIPA) in the rangeof 65280-65534

Node = random #, unique thoughSocket = individual to each NIC/network interface/connection

oZIP = Zone Informational ProtocolUsed to communicate with router; supplies node with Node Number for the networkRouter replies to node with valid range for networkNode selects a valid network numberthen broadcasts to be sure its untaken

If another node responds, process starts all over againif not, then the node keeps the node numberoAARP AppleTalk Address Resolution Protocol Layer 3 protocolAssociates network address with nodes/services/sockets taking place on the network

oRTMP Routing Table Maintenance Protocol Layer 4/Transport Layer protocolBased on RIP to establish routing tables using a hop count metricHop Count = # devices to go through to get to another nodeCreates/maintains tables on intermediate devices using AppleTalkStores entries for any network a packet has the potential of reaching Information is periodically exchanged by routers to ensure up to date

- Novell Netware IPX/SPXoNetware = Novells NOSoCombination of Layer 3 & 4oNetware comes from XNS

(Xeroxs NetworkingSystem, 70s 80s)

oIPX = Internetwork Packet Exchange (parallels to IP) Novells original Layer 3 protocol Uses IPX RIP (not TCPs RIP incompatible) or NLSP (Netware Link State Protocol) Network address must be unique Address expressed in Hexadecimal format of Network Number + node number, 80 bits total

NETWORK (32 bits) MAC ADDRESS (48 Bits)00000001 1c.0f1e.8d7a.a36c

oSPX = Sequenced Packet Exchange (parallels to TCP)

Less important to IPX than TCP is to IPoEncapsulation wrap upper layer protocol info into frames, so can support different protocols/environments

Transport

Network

Data Link

Physical

IPX

EthernetIEEE 802.3

Token RingIEEE 802.5 PPPARCnetFDDI

SPX

802.3 IPX

Ethernet_802.3

802.3 802.2 LLC IPX

Ethernet_802.2

IPXEthernet

Ethernet_II

IPX802.2 LLC SNAP802.3

Ethernet_SNAP

DATA

Added info/bits at front socan operate indifferentenvironments


15/44

10. TCP/IP Suite of Protocols & Services- TCP/IP = Transmission Control Protocol, over Internet Protocol

oStandardized processes for communicationoOpen nature, so different OSs can use TCP/IP to talk WAN, LAN, MAN, Mac, PC, LinuxoDeveloped by DOD in the 70s, came from ARPAnet

- TCPoMain, most common L4 (Transport Layer) protocoloBasis of most internet servicesoConnect & exchange data streamsoGuaranteed delivery, packet assembly & reassembly, detection & retransmission of lost packetsoConnection-orientedoDocumented in RFC (Request For Comment) 793

- UDP = User Datagram ProtocoloCommunication protocol for L3, L4 (mainly), L5 (Network, Transport, Session layers, respectively)oConnectionless no guaranteed reliabilityoApplications using UDP must perform reliability, error checking, etc. functions themselvesoUDP is stateless with no acknowledgementsoUsed for DNS queries & multimedia/streaming videooDocumented in RFC 768

- FTP = File Transfer ProtocoloStandard file exchange protocol for IP networksoanonymous FTP is common practiceoUsed to upload web pages to server & download files & applications

NOTE: when go to download.com, etc., youre using FTP to download filesmay not SEE it, but going on behind scenes

oDocumented in RFC 959oCommon FTP programs: WSFTP, CuteFTPcan also run FTP from c:\> ftp helpoCommon commands: get, mget, put, mputoUses TCP Ports 20 & 21(one port for data & oneportfor control info)

- TFTP = Trivial File Transfer ProtocoloUsed UDP (instead of TCP like FTP); simpleroDocumented in RFC 1350oOperates on Port 69 (sockets)oUsed for starting diskless workstations & downloading applications & small files; can reboot servers, download files to router/switch, eoNo passwords or directory trees

- SMTP = Simple Mail Transport ProtocoloDefacto email transmission standardoServer to server email transport (use POP3/IMAP4 to download email)oStandard listof commands documented in RFC 2821:

*MAIL, RCPT, DATA, RSET, VRFY, EXPN, HELP, NOOP, QUIToAllows PC/Server to act as email post officeoPopular SMTP server = Microsoft Exchange 2000/2003oDefault = TCP port 25oSetting up SMTP in Outlook Express:

Tools > Accounts > Click on desired email account > Properties > Servers tab set the SMTP server settings for email hereCan also perform: Import/Export/Set Order of email accounts; Remove; Add

- POP3 Post Office Protocol, version 3oStandard protocol for retrieving email from mail serveroGood for dialup with permanent connectionoClient computer performs all management locallyoPassword authentication is clear text; uses TCP Port 110 (no encryption, not too secure)

- IMAP4 = Internet Message Access ProtocoloOriginally created by/for Stanford UniversityoRemote mailbox access protocoloAllows for selective downloadingoIncludes more features, like searchingoSupports public foldersoTCP Port 143

- HTTP = Hypertext Transfer ProtocoloDefault is TCP Port 80oHandles pages on the internet/wwwoUses hypertext (HTML) for browningoUsed for document retrieval between servers & web clientoHTTP://is a uniform resource locator, or URL


16/44

oUses clear text, not secure- HTTPS = HTTP-Secure, or HTTP over SSL

oHTTPS:// is shown in the browser AND a graphical padlock as welloSecure connectionoUses TCP Port 443 (SSL Port)oTLS = Transfer Layer Security newer version, may replace SSL

- TELNET = Protocol AND a ProgramoC:\> telnet OR telnet blah.com

>Username; >Passwordtelnet /? lists switches available: -a, -t, -e, -f, -l, port

oUnsecure, uses clear textoTerminal emulation allows you to log on to other computes on the internet, assuming you have access to run programs & commanoUses TCP Port 23

- SSH = Secure ShelloUses TCP Port 22oDevelped by SSH Communications SecurityoOffers strong authentication & encryption, used for:

Remote log in, running commands, moving files, etc.Replaces TELNET, RLOGIN, RSH, RCP, RDIST

oPutTY = free telnet/SSH client- ARP = Address Resolution Protocol

oUsed in TCP/IP usually Layer 2/3 (Data Link & Network Layers, respectively)oDynamically (or manually) binds IP addresses to hardware (MAC) addressesoBroadcasts on network segment ONLY learns about local area & adds info to ARP cache

To show interface address, MAC, & type (static vs dynamic):C:\> ARP - a

- NNTP = Network News Transport ProtocoloClient/server protocol; handles usenet & newsgroup postingsoNNTP readers included in all browsers (with most email programs too, even Outlook Express)oNewsreaders = separate NNTP clients (not part of an email program or browser, standalone program)


17/44

Source Port Source Port

Urgent PointerChecksum

Sequence #

Acknowledgement #

Option ( + Padding)

Data (Variable size)

Re-served

WindowDataOffset

Flags

TCP PACKET32 bits each row

= 160 bits= 20 bytes

11. TCP/UDP Protocols & Services- TCP characteristics:

oStream data transfers (sequence #s)Sequences bytes with a forwarding acknowledgement # (FA #) tells destination I expect to receive thisbyte # next

oReliable communicationoEfficient flow control (communicates the highest sequence #)oFull-duplex communicationoMultiplexing services several simultaneous upper layer services

- TCP Three-Way HandshakeoClient initiates link by sending initial sequence # & setting the SYN bit (X)

Synchronization bit = set to 1oServer receives the SYN, records the sequence #, and replies with a SYN-ACK (X + 1)oClient adds its own sequence # (FA): acknowledges all bytes sent by server and indicates what byte it expects next so that data transf

can commence- TCP Packet Components

oSource PortoDestination Port indicates type of communication

I.e., 23 for SMTP ; 53 for DNS ; 119 for NNTPoSequence # - number assigned to first byte of data in

messageoAcknowledgement # - contains Sequence # of next byte of data the

sender of the TCP packet is expecting to receiveoData Offset - # of 32 bit words in TCP header tells where fields start & end

oReserve for future useoFlags carries control info, i.e., SYN, ACK, FIN (indicates final communication)oWindow sliding window

Can designate size of senders receive windows buffer space available for incoming dataPerforms Flow Control

oChecksum can use to indicate whether the packet is damaged/has errors/needs retransmissionoUrgent Pointer points to first urgent data byte in the packet, if there is any urgent dataoOption (+ Padding)oData received from Layers 7, 6, 5 (Application, Presentation, Session)

- UDPoConnectionlessL4 (Transport Layer) protocoloPorts differentiate applications/servicesoNo reliability, no flow control, no error recoveryoUses less overhead / fewer bytes than TCPoUsed by SNMP, DNS, TFTP (port 69)oPacket contains FOUR fields only

Source Port 16 bitsDestination Port

1-1023 = Well Known1024-4915149152-65535 = free to be used by anyone*For more info, see iana.org/assignments/port-numbers

Length TOTAL, including dataChecksum optional, depends on application

20 FTP21 FTP22 SSH23 TELNET25 SMTP53 DNS69 TFTP80 HTTP110 POP3119 NNTP123 NTP143 IMAP4443 HTTPS

Source Port16 bits

ChecksumLength

Destination Port1-65535UDP

Packet


18/44

BRANCH OFFICE

LAPTOPUSER

SOHO

ISP

WINSSERVER

Work-station A

12. Additional Network Protocols & ServicesNETWORK AWARE FILE SYSTEMS:NFS (Network File System) Unix/Linux oMakes remote directories & files available locally

oNFS mounted file system is transparent & is independent of platform, OS, or architectureoDesigned by Sun MicrosystemsoVFS interface over TCP/IPoPart of open network computing (ONC)

AFP: AppleTalk File Protocol oDetermines sharing of data & applicationsoTransparent to user via GUIoNon-apple networks have to use AFP in order to access data on AppleTalk Servers

SMB: Server Message Block oFile sharing for legacy Windows (NetBIOS) & DOSoUsed for network aware OSsoNetwork protocol applied to files, serial ports, printers, etc.oIn Win 2000/2003, replaced by CIFS (Common Internet File System)

WINS: Windows Internet Naming Service oNaming service for Naming service for NetBIOS computer namesoWINS is to NetBIOS as DNS is to IP AddressesoRather than using broadcasts, uses centralized database of computer names & services

better efficiency, less network trafficoWINS died out basically with Windows 2003oWINS Client tells its Server its name at startupoNOTE: can set the computer name in XP via:

Network Connections > LAN > Right-Click > Properties > General Tab > TCP/IP >Properties > Advanced > General Tab > Advanced > WINS tab (tabs are IP Settings &DNS & WINS & Options)

oLM HOSTS =LAN Manager Hosts Resolve IP addresses to computer names Used for static addressing

oWINS also handy for remote connections/branches Workstation A checks cache for remote computer name If not in cache, checks with WINS Server If not there, then checks LMHOSTS Next, HOSTS-DNS

LDAP Lightweight Directory Access Protocol oAllows clients/servers to access active directory database(central repository for all objects [users, groups, computers, and servers] in a Windows2000/2003 domain)

oBased on X.500 directory standard, more elaborateoEstablished by the IETFoLDAP v2 & v3 supported by active directory

DNS Domain Name System oDatabase that maps domain name to IP addressoTop Level Domains: .COM, .EDU, .NET, .GOV, .MIL, .INT, .ORGoIcann.org/tlds/ - for full/updated listing of TLDs

WINS: DNS:

DNS Domain Name SystemSample scenario for student user at college, wanting to visit www.website.com fromtheir college dorm room:

1. User sends Query > College> .EDU> Root > .COM2. College > .COM > Website3. College > Website > College > User

Return message of: The IP Address is xxx.xxx.xxx.xxx4. TCP/IP Communication from User > www.website.com via the IP Address

2

1

Mail www

ROOT

.COM .EDU .NET

COLLEGEWEBSITE

User

The IP Address isxxx.xxx.xxx.xxxTCP/IP Communication

3

4

DNSClient

ISP

DNSSERVER

ROUTERSWITCH


19/44

DNSClient

ISP

DNSServer

ROUTER

MailServer

DirectoryServer

DHCPServer

SWITCH

WINSServer

DHCP Dynamic Host Configuration Protocol oConfigure dynamically at Host startupoTCP/IP stack initializes, contacts DHCP Server to get IP address, etc.oUsually have many logical servers, but one physical server or one group of physical servers

oDHCP Lease process:1. Workstation/Client broadcasts a DHCP Discover Packet2. DHCP Server(s) return a DHCP Offer

- If dont have a DHCP Server for each LAN, router can beconfigured to forward broadcast to a selected DHCP Server

on a remote network or on another segment.- DHCP Lease terms may be minutes, days, etc.- If a servers offer doesnt get selected, it releases its offeredaddress for other Clients to use

3. Client receives DHCP offer(s) & selects onesends a DHCPRequest Packet to the selected DHCP Server

4. DHCP Server returns a DHCP ACK (yes) /NACK (no)NOTE: Server may do ARP first to see if the address requested is taken before returning an ACK/NACK response.If Client receives ACK, the lease maintenance is the Clients responsibility5a. Client sends a DHCP request (prior to expiration of current lease in order to renew) OR5b. Client sends a DHCP release (to release/finish lease prior to expiry date) to DHCP Server so can be used by other ClientsIf Client receives NACK, Client sends out another DHCP Discover Packet

oNon-renewed leases are released for other Clients to useSNMP Simple Network Management Protocol oManages networked devices, i.e., hubs, switches & routers RFC 1157

oMonitors/controls via PDUs Protocol Data UnitsoDevices run agents, or software used to gather info regarding performance, etc.o Information is stored in an MIB Management Information BaseoSNMP v3 is the most current & most secure (as of the 2005 CBT Nuggets video)

NAT Network Address Translation o IP Masquerading source/destination addresses translated as pass thrurouter, firewall, proxyoAllows many internal (private) hosts to access the internet (public) via single/couple addresseo Internal addresses scheme is protectedoOvercomes the constraints of depleted IP address space with IP v4o(Privately) uses RFC 1918 addresses, Class A/B/C

ICMP Internet Control Message Protocol oRFC792 used for error packets, control packets, informational packets for IPoPING & TRACERT use ICMPoReports to sender if something has gone wrong in transmission/if packets not deliveredoValuable for doing diagnostics & troubleshooting

IGMP Internet Group Multicast Protocolo

Standard for IP multicasting on the internetoHelps keep established home membership in a groupoKeeps local routers up to date on members as hosts join/leaveoRFC 2236 = IGMP v3

LPR (LPD) Line Printer Remote oLPD is Berkeley Printing systemoProvides network print services & spoolingoUses TCP/IP to establish links between network printers & Clients/WorkstationsoDeveloped for BSD UnixoLDP is installed on printer/printer serverLPR is installed on Client device/Workstation

NTP Network Time Protocol oUsed especially on enterprise networksoAssures time synchronization for TCP/IP networksoReferences to radio & atomic clocks on internetoSynchronizes distributed clocks to millisecondsoLinux has free program NTPD or NTPDaemon available via freeware

3

DHCPSERVER

ISP

ROUTERDNS

Client

SWITCH

4

1

2


20/44

BRANCH #VPN

Concentrator

Central Site/ HQ

ROUTER

BRANCH #1

SOHO

WAN

SWITCH

SWITCH SWITCH

SWITCH

DCE

Carrier Network

DCE

DCE

Customer

Customer

Customer

13. WAN Technologies- Wide Area Network= data communication network over a broad geographic area, not confined to direct/local

networksoUsually in bottom 3 layers of the OSI Physical & Data Link & Network

- Point to Point WANoSolitary, pre-configured, dedicated path between customer & remote networkoUsually consist of leased lines, with wire pairs being dedicated communication pathsoMore expensive, and price based on needed bandwidth & distanceoLargely replaced by Frame Relay

- Circuitry Switching WANoData connections are active only when needed, otherwise are shut down (i.e., like telephone call)oOne type is ISDNoDCE = Data Communication/Circuit Equipment

I.e., CSU/DSU = Channel Service Unit / Data Service Unit (essentially, a modem)

oDTE = Data Terminal Equipment

- Packet Switched WANoMost popularoIndividuals can share resources of common carriers and reap a better cost benefitoPacket Switching multiplexes data into smaller packets so can take separate paths across carrier network to destination (i.e.,

insert multiplexers at the DCE locations of the above diagram)oCarrier uses Virtual Circuits through network (cloud in diagram)oTypes of Packet Switched WANs:

ATM asynchronous transfer mode Frame RelaySMDS switched multimegabit data servicesX.25

oVirtual Circuit logical link/connection created within a shared infrastructure network between two (2) networked devicesoSVC - Switched Virtual Circuits created dynamically:

1. Establish circuit2. Transfer data3. Terminate circuit

oPVC Permanent Virtual Circuits decrease bandwidth use for establishing communication circuit; need constant data flow

Need constant data flow, since often used for used for file transfer, web access, email transferMore expensive $$$$$$

- Frame RelayoHi performance, flexible WAN protocoloUses packetswitching technologyoHosts can dynamically share medium AND bandwidth from the cloudoLayer 2 (Data Link) SuiteoMore efficient & better performance than X.25oUses DLCI for Layer 2 addressing

DLCI = Data Link Connection Identifier- ISDN Integrated Services Digital Network

oOffered through regional telephone carriersoCircuitswitching WAN


21/44

oDigitizes voice, data, graphics, music, etc. over existing copperphonelinesoDigital telephony & data transferoISDN uses several devices / reference points

DCE for ISDN = CSU/DSU, Channel Service Unit / Data Service Unit, which acts as interface between provider/carrier switches &DTE (Data Terminal Equipment - PC/Telephone/Server/Router)

DCE can also be multiplexer, translators TA Terminal AdapterNT1 Network Termination 1 ; NT2 Network Termination 2

oTwo (2) main types: ISDN BRI & ISDN PRI

- IDSN BRI Basic Rate Interfaceo2B + 1D Channel = 2 (64 Kbps) + 1(16 Kbps control/signal info) = 128 Kbps User Data

D Channel MAY be used for data as well- ISDN PRI Primary Rate Interface

o23B (64 Kbps) + 1 D (64 Kbps, data OR control info) = 1.544 Mbps = T1 line!!Can get fractional, using only SOME channels to bring down cost/speed to whatever is neededAbove calcs only for USA/Canada/Japan UK/Australia have 30 B channels, with up to 2.048 Mbps

- FDDI Fiber Distributed Data InterfaceoUsed for hi-speed LAN backbone & WANs like MAN, government WANs, etc.oDual ring over fiberoSMF & MMF

CDDI = over copperoHas 4 specifications:

MAC defines medium access, frames, addresses, errorsPHY physical layer specifications encoding, clocking, framingPMD physical medium dependentSMT station management configuration of stations, concentrations, servers, end user devices

- WAN CarriersoT1 DS1 = 1.544 Mbps ISDN PRI

E1 European = 2.048 MbpsoT3 - E3 leased line connections; voice, data, etc.

45Mbps = 28T1 channelsoOCX optical carrier for SONET

OC1 OC192 optical transmission, uses fiber optic lines- X.25

oITU-T (International Telecummunications Unions Telecomm.) Global WAN StandardoWorks with many connected systemsoUsed in packet switched networks of carriers/telecommunications companiesoborn in 1970s when need arose for a WAN standardoX.25 defines DTE, DCE & PSEoAlso usees PAD (Packet Assembler / Disassembler) devices

oMaps to layers 1, 2, 3 of OSI (Physical & Data Link & Network)oPSE Packet Switching Exchange cloud/matrixoPAD used when DTE device too simple to fully implement X.25

Use PAD between DTE & DCE

OC Standard Transmission Rate

OC-1 51.85 MbpsOC-3 155.52 MbpsOC-12 622.08 MbpsOC-24 1.244 GbpsOC-48 2.488 GbpsOC-192 9.952 Gbps

DTE DCEPAD

NT2 LT

TEL

TEL

NT2TA

NT1

NT1 LT

ET

ET

U

V

V

UT

S T

S

@PHONE CO.

DTE Data Terminal Equipment: PC, Tel, etc.


22/44

14. Wireless Technologies- Wireless Summary:

oLots of wireless solutions availableoLots of devices provide wireless options/connectivityoBenefits to wireless

Extend your technology portfolioGoes where wiring (cable/fiber) cant go fewer physical limitations to installation & less impact/cleanupCan be cheaper & more rapidly deployedthan wired networkideal for small office /temp WLAN while wait on LAN installatioExtends existing broadband & high-speed solutions/connectionsGreat alternative when geographically challenged or when need to be mobile

oUsesPhones, laptops, home networks, video game controllers, garage door openers, etc.

- Who Defines Wireless??

IEEE Institute of Electrical and Electronics Engineers WWANs - Wireless Wide Area Networks- 2G Second GenerationIETF Internet Engineering Task Force WMANs - campus, govt, etc.

- can be used as backup to wiredWECA Wireless Ethernet Compatibility Alliance WLANs - home/office/airport

- Use Radio or Peer to Peer (Infrared)ITU International Telecommunications Union WPANs - Wireless Personal Area Network

- ad hoc / mobile devices- POS=personal operating space of ~10m- IEEE 802.15- Bluetooth & Infrared

- IEEE 802.11 Standards802.11A 802.11B 802.11G

Adds to the original 802.11 WLANspecifications up to 54 Mbps bandwidth @ 5GHz radio

bandNot frequently used even though faster

than 802.11bNot compatible with 802.11a or 802.11g

Most popular WLAN spec (hotspots)Up to 11Mbps, w/fallback to 5.5, 2, 1Mbps

Transfer rates dependent on distanceto WAP & # of other users

Uses 2.4 GHz radio band/frequencyNot compatible with 802.11a

Gaining in popularity (although N)Compatible with 802.11b, NOT 802.1

Up to 54Mbps w/fallbacks 2.4 GHz radio band/frequencyDeveloped as higher speed technolo

when communicating with other802.11g devices

- WPAN Communication Methods: Infrared & Bluetooth ComparisonInfrared Bluetooth

Uses infrared light to carry dataNeeds hardware & software to function/communicateGoverned by IrDA (Infrared Data Association) Laptops, printers, PDAs, phones, headsetsCan also use USB port adapter ~ same rate as parallet port up to ~4Mbps Line of site range of ~18 if obstructed, bye-bye signal

Specification for short-range wirelessCell phones, pagers, PDAscan get a 3-in-1 phone to sync

with desktop/laptop Bluetooth headsets VERY popular; keyboard/mouse, etc. Very popular for WPAN communication

- Spread Spectrum method used to modulate data into manageable bits to get sent via wireless communicationoTransmitted in bandwidth that is considerably greater than the frequency content of the original data

DSSS: Direct Sequence Spread Spectrum FHSS: Frequency Hopping Spread SpectrumDS-CDMA: Direct Sequence Code-Division Multiple Access Stream divided into smaller chunks, which are assigned to frequency

channels across the spectrum Better performance than FHSS but more susceptible to interference 802.11 a/b/g use DSSS (OFDM [Orthogonal Frequency-Division

Multiplexing] used for 802.11a/g higher & Broadband speeds)

FH-CDMA: Frequency Hopping Code-Dvsn Multiple AccessRepeated rapid swapping of frequencies/channels during

transmission process, coordinated between sender & receiverOriginally used to thwart electronic eavesdropping/jammingUsed with original 802.11 standardUsed by Bluetooth

PC

PC

WAP(Bridge)

ETHERNET HUBOR SWITCH

Typical Office Wireless Environment

WIRELESS ROUTERHub OR Switch ORDSL/Cable Modem

Typical Home Wireless Environment


23/44

15. Internet Access Technologies- Dial-Up via PSTN & POTS

oPOTS = Plain Old Telephone SystemoPSTN = Public Switched Tel. NetworkoV-Series

V8 - V29 (9600 baud rate per second) baud rate = # times per second the carrier signal is changedV32, V34, V90 (56,000 baud rate)V110 asynchronous DTE can use ISDN (128,000 bps)

oAdvantages to & Features of Dial-UpEconomical; great for backup to cable/DSL

Flexible; easy to set up ad hoc connection 33,600 bps = V34 on POTS ISDN basic rate interface (BRI 2B + 1D channel) = 64 x 2 = 128 kbps

- DSL Digital Subscriber LineoModem technology; uses existing twisted pair phone lines for high bandwidth data transferoMostly home usage, but some usage in small businessesoxDSL = different flavors of DSL

ADSL, SDSL, HDSL, HDSL-2, G.HDSL, IDSL, VDSLoDedicated; P2P access; over copper on local loop (last mile need to be ~


24/44

16. Remote Access Protocols & Services- SLIP Serial Line Internet Protocol: access remote networks using serial ports & modems for internet connectivity

oDefined in RFC 1055; mostly replaced by PPPoPacket-based protocol; for IP onlyoWas ONCE the most popular encapsulation protocol for remote access, but no moreoCan use telephone serial line & DCE / DTE modem to browse internet, FTP, etc.oDownside have to know your IP address & that of your destination PC youre trying to remote control

- PPP Point to Point ProtocoloBetter engineered & feature-richoDoesnt require IP addresses to be configured before link establishedoOffers advantages over SLIP configuration is easier, and have:oMultiprotocol support IP, IPX, DECnet, AppleTalko3 Main Components of PPP:

HDLC to frame datagrams (from upper layers) over serial links LCP for layer 2 connection management (the horse in the Lord of the Token Rings saga)NCP for multiprotocol support (the guy on the horse in the Lord of the Token Rings saga)

oPPP OperationStandard for assigning & managing IP addressesAsynchronous (i.e., email) & synchronous (i.e., IM) encapsulationProtocol multiplexing can run many protocols at once in one organization/LAN/WANOffers easy link setup, configuration, testing, error detection, compression

oPPP overall process:1.Modem sends LCP (link control protocol) frames to receiver

2. Sends NCP (network control protocol) frames, i.e., AppleTalk, IP, etc.3. Continues until cancellation, or until inactivity timer goes off, or connection otherwise disconnectedoCables used:

RS 232 (EIA/TIA 232) & RS 422 (EIA/TIA 422)- PPPoE Point to Point Protocol over Ethernet

oConnects many users & hosts on Ethernet segment to remote site via common CPE (customer premises equipment)oEncapsulates PPP frames in Ethernet framesoUsed by cable modems & DSL (usu. SOHO application)oAuthentication, encryption & compressionoAlways on service; RFC 2516

- RAS Remote Access Service (now use RRAS Routing & Remote Access)oWindows NT 4.0 service for remote networking through dial-up connectivity from remote users/LANsoUses modem dial-up, X.25, or WAN linkoWorks with networking protocols, i.e. NetBEUI, IPX, TCP/IPoClient needs RAS client software OR 3rd party PPP application; Server runs the RAS serviceoIn XP, can set new dial-up RAS connection up via:

Start > All Programs > Accessories > Communications > New Connection Wizard > Connect to network at my workplace (alsohave choice to set up Internet Connection & Set up Home/small office network & Setup an advanced connection) > Dial-Up >Company Name > Phone Number VOILA!

- RDP Remote Desktop ProtocoloIntroduced in Windows NT 4.0; remote connectivity protocol used by Linux & Microsoft (Terminal Services)oRDP Server listens on TCP Port 3389oRDP 5.1 comes with Windows XP (Remote Desktop Connection)oProvides remote display & input ability, audio, file/port/printer redirection, clipboard sharing, encryptionoAccess in XP via:

Start > All Programs > Accessories > Communications > Remote Desktop Connections > Options button > General / Display /Local Resources / Programs / Experience = different tabs for setting up the connection(s)

oCan use RDP to connect to user PCs for remote troubleshootingoNOTE: can use Terminal Server/Services instead

- ICS Internet Connection SharingoUsed in home networks & SOHOoMicrosoft feature allows LAN hosts to share a single internet connection & a single IP addressoUses DHCP & NAT services (IP masquerading)oWorks with all popular internet connection technologies DSL, cable, ISDN, satellite, dial-upoOther products out there i.e. WinGate & WinProxy turn your PC into a gateway/proxy server via softwareoTo set up, need to set up on all LAN connections:

Control Panel > Network Connections > LAN > Right-click > Properties > select TCP/IP > Properties >MUST ensure that Obtain IP address automatically is checked!

also should go to Advanced Tab > Internet Connection Sharing > ensure allow other network users to connect through thiscomputers internet connection is checked in order to share


25/44

17. Server Remote Connectivity Configuration

oRAS = modular solution can add whatever modules you need to do businessoNLB = Network Load Balancing solution use 2+ servers, act as 1 logical serveroDualHoming = 2 NICs on one machine often = one Public, one Private (NAT); covered in RFC 1918oDMZ = demilitarized zone own/separate security zone

- NOS Remote Access ServicesoDial-up Services (dial on demand, DOD ISDN, telco/POTS)oRadius authentication & authorization Password + (Biometrics; Pin; Digital Certificate; Smart card; Token; Thumbprint)

oVirtual private networking secure links (L2TP, PPP, IPsec, SSLVPN) between 2 different networksoAccounting & reporting services when, how long, disconnect time, etc.oModular add-in services to NOSs can activate individual features across most OSs

- Popular NOS SolutionsoNovell Netware Open Enterprise Server (SuSE)oSun Solaris Secure Shell (replaced IPSec VPN standard)oMac OS X (Unix-based component)oLinux (Red Hat, Debian, Mandrake)oWindows 2000/2003 RRAS / IAS

RRAS = Routing & Remote Access Service uses OSPF, RIPv2 IAS = Internet Authentication Service Microsoft version of Radius for authentication & authorization & accounting (AAA)

- Client Connectivity via one of two methods:o Integrated remote access program (i.e., Internet Connect on Mac OS X) NOTE: Need security layer operating above thisoIntegrated VPN client OR- 3rd party solution, i.e. Cisco VPN Client secure tunnel for a VPN

CorporateNetwork

Perimeter (edge)

Router + Built-in Firewall

MultiLayerSwitch OR

Hi-EndRouter

ISP

EXAMPLE 2 smaller/simpler solution: using Router + Built-In Firewall here, in place of Perimeter Router. Can also use Multi-Honed Linux Server with Firewall

L3 Switch or Router (VLAN)

CorporateNetwork

Perimeter (edge)

MultiLayerSwitch OR

Hi-EndRouter

ISP

EXAMPLE 3 more expensive solution, using second Multi-Layer Switch or High End Router & integrated Firewall

ROUTER

NLB

CorporateNetwork

Switch

Perimeter (edge)

Perimeter RouterFirewall

MultiLayerSwitch OR

Hi-EndRouter

ISP

Remote Access Server in DMZ,running RAS, NAT, Auth. VPNWindows 2000/2003 Unix/Linux-based (Mac OS X too)

EXAMPLE1

NOTE: this network interface must be FAST. Either:- Etherchannel (~100Mbps)- Fiber channel (FDDI Ring)


26/44

BRANCH #2

Internet

BRANCH #1

SOHO

Central Site / HQ

VPN Client(Mobile User

VPNConcentrator

18. Security Protocols- VPNs Virtual Private Networks

oGeneric term for a private/encrypted connection over a public network between 2 terminating points of 2+ private networks; wide areanetwork over public lines

oTerminating Points = router/concentrator; mobile users; remote access sitesoCost effective cheap access to public network without the need for expensive leased line connections (i.e., T1)

oCategories of VPNs: Remote Access VPN for the telecommuter/mobile user

Access through their own ISP to terminating site on other side of the tunnelUse VPN software on client side

Site to Site VPN LAN to LAN VPN

Extend to another corporate site via the internet to extend the LANMore permanent solution usually involves use of a hardware/software combo &

data usually encrypted

- Tunneling allows one network to send data using another networks connectionoEncapsulates the network protocols used by the client within the packets carried by the second network embeds own network info in

the TCP/IP packets For example, when sending gift via USPS, put in an outer packaging to protect it

oSoftware Client = NetScreen; Cisco; etc allows administrators to set security policies for access (i.e., authentication, key exchange)Equivalent of PPP on steroids!Software clients used in situations with a couple of users hard to manage/implement/administrate with more than few users

oHardware Client used in larger settings remote office, many users Takes control away from end users, puts firmly into hands of administrators

- PPTP Point-to-Point Tunneling Protocol

VPNCONCENTRATOR

INTERNET

Certicom PDAIPSecVPN Client Software Client

Hardware Client

VPNConcentrator

Central Site ROUTER

VPN TUNNELRemote Access Site

Remote Access Site

Telecommuter

Mobile User (DSL, ISDN, analog cable)


27/44

oVPN Tunneling (encapsulation) protocol; uses encryption Documented in RFC 1999

oIncluded in NOSs; Microsoft uses for low cost secure remote access to corporate networksoSupports: TCP/IP; IPX/SPX; NetBEUIoWeaker security/confidentiality than IPSec

- L2TP Layer 2 Tunneling ProtocoloIETF standardoMarriage of Microsofts PPTP & Ciscos L2F protocolsoBased on IPSec; documented in RFC 2661oSupports multiple protocols & NAT (Network Address Translation allows you to use private IP addresses & communicate over the

internet)- IPSec IP Security

oOperates at Layer 3 (Network Layer of OSI Model) to encrypt & authenticate & manage keys for TCP/IP transmissionsoFour Core IPSec Services:

Confidentiality: encrypts dataDate Integrity: no change to date in transitAuthentication: verifies users & data origin; non-repudiation AntiReplay: ensures that each packet is unique

oAuthenticates in two phases:Key Management uses IKE (Internet Key Exchange) to manage keys; runs on UDP port 500. Determines which keys will be

used by communicating nodes.Encryption two types available:

1. AH: Authentication Header only encrypts header, not data2. ESP: Encapsulating Security Payload encrypts entire IP package/data payload for added security; DES, 3DES, AES

oMost commonly run on routers or other VPN connectivity devices- SSL Secure Sockets Layer

oEncrypts data over internetoUses Public Key Infrastructure (PKI) to encrypt dataoDeveloped originally by Netscape, used widely by everyone now.oMain protocol for secure transactions between web browsers (end users) & serversoSSL3 offers:

PrivacyAuthenticationMessage integrity

oIndicated via: HTTPS + lock symbol (sometimes get a pop up too depending on web browser being used)oTCP port 443 (rather than HTTP port 80)oEstablish unique SSL session each time client/server create SSL connection, created by the SSL handshake protocol.

Client_hello & server_hello messages- WEP Wired Equivalent Privacy

oUses keys to authenticate clients and to encrypt data in transitoPrevents eavesdropping & packet sniffingoOptional standard for 802.11 WLANoAll products must support same XX-bit of WEP (40 bit/64/128)oFlawed using the same key to encrypt & authenticate means if access one, access alltoo easy to break into, not very secure

- WPA WiFi Protected Access (created/endorsed by WiFi Alliance)oMeant be used with authentication server (Radius or Tacacs+) but doesnt need to be (can use WPA-Personal)oCan dynamically & rapidly change keys; uses stronger 48- or 128-bit keysoImproved data security & secure message authentication


28/44

19. Authentication Protocols- Authentication security mechanism, used to validate identity of a data channel OR user OR message OR service; ensures person/servi

is as advertised

- PAP: Password Authentication ProtocoloMost basic/elementary form of authentication compares credentials to table of name-password pairsoUsed as basic authentication of httpoRFC 1334oNOT secure/encrypted over network or internet; info IS encrypted on server side:

- CHAP = Challenge Handshake Authentication ProtocoloVerifies the identity of a client with a 3-way handshake

CHAP agent sends key to client a shared, secret key is used to encrypt the User Name & PasswordCHAP sends challenges out at regular intervals to weed out intruders disguised as clientRFC1994 originally didnt prevent unauthorized access (!); access was determined by the router and/or server

oMSCHAP = Microsofts version of CHAPV.1 & V.2 used by Windows 2000 & 2003; prevents unauthorized access IAS, RRAS, RAS at Server; all these use active directory database to determine level of access granted to Client

oEncrypts the data load using the shared secret keyoHASH = one-way functionoCHAP Process:

Link established between Server & ClientMD5 Message Digest 5 = take

credential info & once apply one-wayhas to it, you will have a fixed link resultor DIGESTwhich is sent back to the authenticator

IF MATCHES: all OK, connection continuesbut IF DOES NOT MATCH, connection is terminated-

RADIUS = Remote Auth. Dial In User ServiceoAAA = Authentication & Authorization & Accounting for network access and IP mobile availability (see notes below in AAA sectionoCredentials are passed to NAS (Network Authentication Server) via PPPthen forwarded to RADIUS Server (Cisco Access Contr

Services, or ACS)oRadius uses following schemes: PAP, CHAP, EAPoValuable for recording authorization, accounting, billing with extensive protocolsoOPEN Protocol can use own customized version for own purposesoUsed by ISPs to measure bandwidth usageoDIAMETER = planned replacement for RADIUS

- TACAS+ = Terminal Access Controller Access Control SystemoPredecessor to Extended TACASoUsed for authentication & authorization in UNIX networks & Cisco infrastructuresoOffers limited accountingo

Totally new replacement use TACAS OR RADIUS, not bothoStores usernames & passwords; encrypts communications to the NAS; authorizesoCentralized management for remote sites

- AAA = Authentication & Authorization & AccountingoAuthentication = ensuring youre who you say you areoAuthorization = verifying what you have access tooAccounting = when you log in/out, how long you accessed what, etc good for billing & auditing servicesoNOTE: when network gets larger, good idea to get dedicated AAA ServeroLDAP = Lightweight Directory Access Protocol

1. User name/password sent in CLEAR TEXT2. Checked againstencrypted info onserver side

3. Acknowledgement sent back from server

2. MD5 (Message Digest 5)SERVER

3. If MD5 does NOT match, connection is terminated

1. Link Established

CLIE

Client

Server(Table)


29/44

- EAP = Extensible Authentication ProcotoloExtensible can be modified & customizedoUniversal, open protocoloUsed in P2P & Wireless Networks (WLANs)oWPA & WPA2 use 5 EAP types:

LEAPEAP-TLSEAP-MD5EAP-TTLSPEAP

oDefined by RFC 2284oSupports passwords, tokens, token cards (ATM cards), digital certificates, PKI, biometric methods, etc. i.e., its versatile!

- KERBEROSoIETF Auth. Standard, using centralized ticket-granting serveroClients need to rely on a third-party to perform authentication & authorization on TCP/IP systemoEncrypted tickets are transmitted in lieu of usernames & passwordsoApplications & OSs must be kerberizedoKey Distribution Center Implements:

AS: Authentication Service TGS: Ticket-Granting Service

oUsually have redundancy & security, and database with allusernames & passwords

oAD (Active Directory)oSlave Server can be used as backup

SWITCH

KerberizedClient A

KerberizedClient B

KDC


30/44

20. Network Operating Systems- UnixNetworking Services

oIntroduced TCP/IP & UUCP (Unix to Unix Copy Protocol)oBSD Berkeley Software Distributionled to:

Free BSD, Net BSD, Open BSD, and DARWINoAIX Advanced Interactive eXecute proprietary version, IBMoSun Solaris Sun Microsystems Sun OS

Open Windows; CDE. = GUIsoHP UX developed by HP in the late 80s

- LinuxNetworking ServicesoTCP/IP on Linux in 1992 (prior to that it was UUCP)oNet-4 version networking standardoSupports TCP/IP, IPX, AppleTalk, SLIP/PPPoFirewalls, NAT, accounting services, tunnelingoRuns on Ethernet, token ring, FDDI, frame relay, ISDN, ATMo200+ distributions: Mandrake, Debian, Suse (sp?)oSamba protocols used to talk to Windows-based machines

- Three ways to move files over internet:oNFS = Network File System

Used to access network resources & file/print services (all ofwhich appear LOCAL)

Used by Unix & Linux, although independent of platformRedirects things over the network

Client/Server suite using a virtual file system running onTCP/IPDeveloped by Sun Microsystems Trend is moving to CIFS Open Standard (Windows 2000,

2003)oFTP = File Transfer Protocol

oCIFS = Common Internet File System- MAC OS/X Server (Tigernow moving to Leopard tho)

oUses AFP (Apple File Protocol)oIncludes SMB & NFS to run on Mac OSX, Apple Share, Unix, Linux, Netware, WindowsoUses Unix core from BSD open source communityoNo proprietary technology is used Apache wb server, Sambe, Open LDAP, KerberosoFully supported with AFP over TCP/IPoNotes on MAC Stuffs:

Mac-Finder allows you to browse the network. & dont need new software to connect MAC to Windows network LTLM2 LT Lan Manager 2

- Netware (Now marketed as Suse Linux Enterprise Server)oNow open sourceoUses TCP/IPoInteroperability is for migrationoNetware versions add open source functionalityoMoving away from NCP (NetWare Core Protocol) & IPX/SPX

Now uses TCP/IP & CIFSoMarriage of: Netware technology & Suse Linux O/S

- Windows 2000/2003 NOS- Windows 2000 Advanced Server

oControl PanelAdd/Remove Components can add Unix/Linux packages

oIIS Internet Information Services

oControl Panel | Administrative ToolsDHCP can set scope/scope options time server, set router, name server,

DNS/log serversDNS Forward & Reverse lookup zones database of information (resolves

domain names to IP addresses & vice versa) IAS AAA (authentication, authorization, accounting) add clients, etc.Routing & Remote Access Server Terminal Services Manager

File System CIFS FTP NF

Mountable as local drive YES NO YEEncrypted Passwords supported YES NO NOOptimized for modem dial-up connections YES NO NOUnicode file names supported YES NO NOSecure anonymous requests allowed YES YES NO

NO extra software required for file transfer YES NO YENO extra drivers required for Win 3.11 YES n/a NONO extra drivers required for Win 95 YES n/a NONO extra drivers required for Win NT YES n/a NONO extra drivers required for OS/ 2 YES n/a YENO extra drivers required for Unix YES n/a NOUsed for internet & LAN networks YES NO NO

2000/2003 Lower Layer Services Provided

DHCP Routing & Remote AccessIAS, IPSec Terminal ServicesIPv6, VPNs Wireless Networking Suppor

Windows 2000/2003 NOS:Web Server / Web Application ServerRemote Access / VPN Server (terminate VPat Server side)DNS, DHCP, WINSStreaming MediaSecurity Proxy ServerIAS (Internet Authentication Server


31/44

21. Client Workstation Configuration & ConnectivityStructured Wiring & Cabling- Structured Wiring for SOHO or SMB LAN

oWiring Panels in Wiring Closet or Server RoomoPatch Panels custom cut cable to reach patch panels (wall jacks), rather than direct drop of wiring to computersoCentral Wiring Point can be switch, group of switches, punch down panel, patch panel, etc.oCrimping Tools: can get just for RJ-45 or can get with interchangeable modular dye for RJ-11, etc.

Use cutter part/stripper blade to trim off the outer jacket/plastic casing & reveal twisted wire pairs inside Trim inner wires down to ~1/2 to prepare for insertion into RJ-45 connectorUsed to crimp the connector into place

oTypical Ethernet Scenario:

oGeneral Procedure for preparing / installing a small office network:Cut cable to planned lengths from CWP to holes where wall plates are attachedRun cables according to local building specifications Use crimping tools to strip cable: squeeze handle & keep the cable perpendicular to the tool blades; remove outer shielding to 1-

1/2 exposure for insertion into punchdown blocks or keystone female jackstrim to for insertion into RJ-45 connectorUse punchdown tool to set twisted wire pairs into place in keystone female jack or at patch panel or punchdown block

oGuidelines: Always use more cable than necessary Test each part of a network as you install it (easier to keep track & replace right away if not functional)Stay at least 3 away from fluorescent light boxes & other electrical devices that may cause interferenceCover cable with cable protector if it must be run across a floor Label both ends of each cable; keep a spreadsheet/record of the labeling schemeUse cable ties to keep cables bundled & neat & under control

Preparing & crimping Cat5 cabling:

Wiring Keystone Jacks:

PC

Bulk Cable connects keystone toPatch Panel /CWP

WallJack

Patch Cords used toconnect panel to Central

Switch

Patch Panel-OR-

Punch-Down Block

Patch Panels: Rear & Front


32/44

T568B/ATT T568A/EIAWhite/Orange White/GreenOrange GreenWhite/Green White/OrangeBlue BlueWhite/Blue White/BlueGreen OrangeWhite/Brown White/Brown

Brown Brown

Network Interface Configuration- Workstation Network Interfaces:

oPCI Network Interface Card usually 10/100oUSB converter dongleoPCMCIA card for laptop usually 10/100 LAN card

Dongle extension to RJ-45 keystone OR Integrated/onboard dongle on the card itselfOTHER TYPES: Wireless; Fiber Optic; Etc

- Configuring the NIC

oLower Layer Configuration:GENERALLY can just plug in the network device & Plug-and-Play will take over, BUTenerally can just plus in the network devic

& Plug-and-Play will take over, but be sure to check device compatibility with your OS & download newest applicable devicedrivers if not included with the device

Check Device Manager to be sure all is honky-doryoUpper

Documents

Skrpunes Network Notes Draft