Training Day Slides

  • Published on
    20-Jan-2015

  • View
    991

  • Download
    0

Embed Size (px)

DESCRIPTION

Training Presentation on IP Networks and basic design

Transcript

<ul><li> 1. MaxWiFi Training Day IT Network Design and Installation Monday 24th November 2008 Tuesday 25th November 2008</li></ul> <p> 2. What Do We Do? </p> <ul><li>To provide a fast, reliable Internet solution to all clients while maintaining flexibility to accommodate bespoke networks based around clients key requirements </li></ul> <ul><li>Ensure 100% reliability during all of the Event by providing fault tolerance and dynamic load balancing</li></ul> <p> 3. Three Tier Network Model 4. OSI MODEL Ensures delivery of packets Transforms raw bits into frames Transmits signals across cable Controls and routes packets Establishes and maintains sessions Manages data conversion and syntex Top layer protocols, HTTP, FTP etc 5. TCP/IP Model </p> <ul><li>Actual Implemented Network Model facilitating standards across vendors. </li></ul> <ul><li>Similar to OSI model, based on packet-switching technology </li></ul> <ul><li>Originally created by the U.S to maintain data communication even under foreign attack. </li></ul> <p> 6. Internet Protocol (IP)</p> <ul><li>32 bits representing a numerical address for each device on a network. </li></ul> <ul><li>5 main classes of IP addresses </li></ul> <ul><li>IP address is separated into 3 parts, network, subnet and host </li></ul> <ul><li>Class A, B and C are used in defining hosts</li></ul> <ul><li>Class D is used for multicasts addressing (routing protocols use multicasts to communicate routing updates and replies) </li></ul> <p> 7. Class A IP addresses </p> <ul><li>First octet I.E 10.59.0.34, 10 is the first octet, represents the Network number so there is up to 127 networks in a class a range (1-127) </li></ul> <ul><li>Last three octets represents host number, so there are 16777214 available hosts for each network. </li></ul> <ul><li>(we work this out by calculating how many bits there are in the host portion , there are 8 bits in each octet, 3 octets for host so 24 bits and each bit represents a 1 or 0 so its 2^24 -2(for the network and broadcast address) </li></ul> <p> 8. Class B IP addresses </p> <ul><li>First two octets I.E 172.16.0.34, represents the Network number so there is up to 16,000 networks in a class a range (1-127) </li></ul> <ul><li>Last two octets represents host number, so there are 65,534 available hosts for each network. </li></ul> <ul><li>(we work this out by calculating how many bits there are in the host portion , there are 8 bits in each octet, 2 octets for host so 16 bits and each bit represents a 1 or 0 so its 2^16 -2(for the network and broadcast address) </li></ul> <p> 9. Class C IP Addresses </p> <ul><li>First three octets I.E192.168.0 .34, represents the Network number so using the formulae 2^21 we know there is up to 2097125 networks in a class C range </li></ul> <ul><li>Last octet represents host number, so there are 254 available hosts for each network. </li></ul> <ul><li>(we work this out by calculating how many bits there are in the host portion , there are 8 bits in each octet, 1 octet for host so 8 bits and each bit represents a 1 or 0 so its 2^8 -2(for the network and broadcast address) leaving 254 usable host IP addresses. </li></ul> <p> 10. Class D and E Addresses </p> <ul><li>Class D addresses are 224.0.0.1 to 239.255.255.255 </li></ul> <ul><li><ul><li>Multicast addresses Used By Routing protocols to communicate between routers (routing updates etc) </li></ul></li></ul> <ul><li>Class E addresses are 240.0.0.1 to 254.255.255.255, these are reserved and should not be used on any IP network. </li></ul> <ul><li>ANY QUESTIONS SO FAR? </li></ul> <p> 11. Whats in a frame? </p> <ul><li>Layer 2 Protocol Data unit which encapsulates the layer 3 packet and transports it across the LAN to another PC or a router/gateway. </li></ul> <ul><li>Contains Source and destination MAC address</li></ul> <p> 12. ARP - Address Resolotion Protocol </p> <ul><li>802.3 Ethernet mechanism to resolve mac address when only ip address is known </li></ul> <ul><li>Broadcast mechanism so more network nodes on same network means more bandwidth intensive. </li></ul> <p> 13. ARP - Address Resolution Protocol </p> <ul><li>PC A: who is 192.168.0.35 </li></ul> <ul><li>PC B: I am 192.168.0.35 </li></ul> <p> 14. Proxy ARP:</p> <ul><li>Host A needs to send a packet to Host C , looks at its ip address and does arp request. </li></ul> <ul><li>Router intercepts and places its own mac address in ARP reply </li></ul> <ul><li>Router does the same for Host C replys </li></ul> <p> 15. 10BASET 100BASETX Networks </p> <ul><li>10BASET represents old mostly outdated hub networks which ran on half duplex transmission </li></ul> <ul><li>Computers connected to hubs shared bandwidth as only one frame could be on the wire at a time </li></ul> <ul><li>CSMA/CD (Carrier sense multiple access/ carrier detection) would allow devices to sense collisions and resend after a random time sequence. </li></ul> <p> 16. LAN Switches </p> <ul><li>Full duplex, allowed devices to receive and send at same time. </li></ul> <ul><li>Gave full bandwidth to every device connected. </li></ul> <ul><li>Stackable - some switches are stackable- meaning they multiple clusters of switchs can operate as one logical switch. </li></ul> <ul><li>LLC (logical link control 802.2) allows for intelligent frame switching due to mac table. </li></ul> <p> 17. VLANS AND 802.1Q Trunk </p> <ul><li>Allowed multiple networks on one switch </li></ul> <ul><li>Separate voice traffic from data traffic </li></ul> <ul><li>Span vlans across multiple switchs with use of 802.1q trunking </li></ul> <ul><li>802.1q is vendor neutral trunk protocol which allows trunks to be created betwenn different vendor switches. </li></ul> <p> 18. Spanning-Tree Protocol </p> <ul><li>Allows a loop free redundant network </li></ul> <p> 19. Cisco IOS and CLI </p> <ul><li>Cisco Internetwork Operating system, giving a more granular approach to network design and implementation. </li></ul> <ul><li>Each IOS offers different functionality in context of your business needs and objectives. </li></ul> <p> 20. CLI Modes: User Mode </p> <ul><li>Basic mode only allowing basic commands such as show system information and system output </li></ul> <ul><li>Cant be used to modify configuation parametres or to restart system, essentially no damage can be done via this mode. </li></ul> <ul><li>Can establish you are in user mode by the prompt </li></ul> <ul><li><ul><li>Routername&gt; </li></ul></li></ul> <p> 21. Enabled Mode </p> <ul><li>Higher privileged mode used for moreauthoritative commands. </li></ul> <ul><li>Used to reboot device and to load/save configs. </li></ul> <ul><li>Also used for debugging - probably key command in enabled mode for troubleshooting. </li></ul> <ul><li>Used to telnet between devices </li></ul> <ul><li>Show commands- see specific components of configuration such as access lists or ~NAT translations </li></ul> <ul><li>Ping other devices or routers- extended ping </li></ul> <ul><li>Traceroute- tests latency and diagnose problem on every hop to destination. </li></ul> <p> 22. Router Configuation Mode </p> <ul><li>Most Dangerous mode in the CLI, you can make global modifications to router </li></ul> <ul><li>Create and Modify NAT </li></ul> <ul><li>Create and Modify ACL (Access control Lists) </li></ul> <ul><li>Make static Routes </li></ul> <ul><li>QoS - class maps and policy maps </li></ul> <ul><li>DHCP </li></ul> <ul><li>IPSec VPN implentation </li></ul> <ul><li>Dot1q vlan sub interfaces </li></ul> <ul><li>Saving and loading configurations from tftp </li></ul> <p> 23. Switch Configuration Mode </p> <ul><li>VLAN setup </li></ul> <ul><li>VTP (virtual trunk protocol) </li></ul> <ul><li>Switch Port interfaces and static and dynamic trunking </li></ul> <ul><li>Layer 3 features such as routing and intervlan routing </li></ul> <ul><li>Voice Vlan tagging (Cisco 3550 series)and native Vlan </li></ul> <ul><li>Saving and loading configurations from tftp </li></ul> <ul><li>Spanning tree portfast. </li></ul> <ul><li>Port security and storm control </li></ul> <p> 24. NAT (Network Address Translation) </p> <ul><li>Used to allow multiple devices share (or overload) a public ip address. </li></ul> <ul><li>Define what ip addresses / range of ip addresses use what public ip address via Access lists </li></ul> <ul><li>Static Nat is one-to-one mapping (one lan ip to one public) </li></ul> <ul><li>NAT with PAT (port address translation) allows multiple LAN ip addresses to one public IP </li></ul> <ul><li>Used to define incoming traffic to different servers (port forwarding) </li></ul> <ul><li>Lets start of by creating a nat pool </li></ul> <p> 25. NAT (Network Address Translation) </p> <ul><li>Routername(config)#ip nat poolpoolname88.97.219.110 88.97.219.112 netmask 255.255.255.248</li></ul> <ul><li><ul><li>This creates nat pool containing 3 public ip addresses to use </li></ul></li></ul> <ul><li><ul><li>Now we have created the pool, we need to define lan IP </li></ul></li></ul> <ul><li><ul><li>Routername(config)# access-list 10 permit 172.16.0.0 0.0.255.255 </li></ul></li></ul> <ul><li><ul><li>-Now we need to tell the router to usepoolnamewith access list 10 </li></ul></li></ul> <ul><li><ul><li>Routername(config)#ip nat inside source list 10 poolpoolnameoverload </li></ul></li></ul> <p> 26. NAT (Network Address Translation) </p> <ul><li>Routername(config)#ip nat inside source static tcp 10.59.0.100 80 interface fastethernet0/0 80 </li></ul> <ul><li><ul><li>Or </li></ul></li></ul> <ul><li>Routername(config)#ip nat inside source static tcp 10.59.0.100 80 88.97.219.110 80 </li></ul> <ul><li><ul><li>This now forwards incoming traffic with destination port 80 to 10.59.0.100 </li></ul></li></ul> <p> 27. Sub-Interface Ip and Nat </p> <ul><li>Lets define the inside interface(telling router that our fastethernet1 interface is for inside nat) and give it a ip address </li></ul> <ul><li><ul><li>Routername(config)#interface fastethernet0/1 </li></ul></li></ul> <ul><li><ul><li>Routername(config-if)#ip address 172.16.0.1 255.255.0.0 </li></ul></li></ul> <ul><li><ul><li>Routername(config-if)#ip nat inside </li></ul></li></ul> <ul><li><ul><li>Lets define the outside interface (telling router that our fastethernet0 interface is for outside nat) and give it a ip address </li></ul></li></ul> <ul><li><ul><li>Routername(config)#interface fastethernet0/0 </li></ul></li></ul> <ul><li><ul><li>Routername(config-if)#ip address 88.97.219.110 255.255.255.248 </li></ul></li></ul> <ul><li><ul><li>Routername(config-if)#ip nat outside </li></ul></li></ul> <p> 28. Static Routes </p> <ul><li>Need to tell the router where to send packets with a unknown destination </li></ul> <ul><li>In configuation mode, we define the route </li></ul> <ul><li><ul><li>Routername(config)#ip route 0.0.0.0 0.0.0.0 fastethernet0/0 </li></ul></li></ul> <ul><li><ul><li>Or</li></ul></li></ul> <ul><li><ul><li>Routername(config)#ip route 0.0.0.0 0.0.0.0 68.78.45.67 </li></ul></li></ul> <ul><li><ul><li>So now we have a router that can route from lan to wan , performing NAT and sending internet traffic correctly to the wan interface. </li></ul></li></ul> <ul><li><ul><li>So lets look at DHCP next. </li></ul></li></ul> <p> 29. DHCP (Dynamic Host Configuation Protocol) </p> <ul><li>Used to assign Ip addresses from a set pool </li></ul> <ul><li>Assigns default gateway, DNS and other network information </li></ul> <ul><li>Multiple dhcp pools for each interface or sub-interface for intervlan routing </li></ul> <ul><li>TFTP assignment to voip phones </li></ul> <p> 30. DHCP Configuation </p> <ul><li>Routername(config)#ip dhcp poolpoolname </li></ul> <ul><li>Routername(dhcp-confg)#network 172.16.0.0 255.255.0.0 </li></ul> <ul><li><ul><li>This tells the router to assign ip addresses to requests originating from the 172.16.0.0 interface </li></ul></li></ul> <ul><li>Routername(dhcp-confg)#default-router 172.16.0.1 </li></ul> <ul><li><ul><li>This tells the router to tell clients that the default gateway is 172.16.0.1 </li></ul></li></ul> <ul><li>Routername(dhcp-confg)#dns-server 208.67.222.222 208.67.220.220 </li></ul> <ul><li><ul><li>This tells the router to hand out 208.67.222.222 and 208.67.220.220 as the primary and secondary dns servers </li></ul></li></ul> <p> 31. CLI- saving and loading configs </p> <ul><li>Everything done in Configuation terminal is applied to running-configuation </li></ul> <ul><li>Routername(config)#copy running-config startup-config </li></ul> <ul><li><ul><li>Now the config is saved to nvram so when the router is rebooted,the config will be the same </li></ul></li></ul> <ul><li><ul><li>Routername(config)#copy startup-config tftp://172.16.0.100 </li></ul></li></ul> <ul><li><ul><li><ul><li>Copy the config to a tftp server (LAN or WAN) </li></ul></li></ul></li></ul> <ul><li><ul><li>Routername(config)#copy tftp://172.16.0.100/startup.txt start </li></ul></li></ul> <ul><li><ul><li><ul><li>Copys a configuation text file from tftp server to startup-config </li></ul></li></ul></li></ul> <p> 32. Cisco Catalyst 3550 </p> <ul><li>Similar to router IOS with three modes, user mode, exec mode and configuation mode </li></ul> <ul><li>How to set up vlans, assign a ip address to a vlan for management purposes </li></ul> <ul><li>Assign ports or range of ports to a vlan </li></ul> <ul><li>Apply CoS tagging to allow voip traffic to be seperated from non-voip traffic on a switchport </li></ul> <ul><li>Set up trunk ports using 802.1q trunking </li></ul> <ul><li>Storm-control and portfast </li></ul> <p> 33. Vlans and VTP </p> <ul><li>Switchname(config)# </li></ul> <ul><li>Switchname(config)#vlan 1 </li></ul> <ul><li>Switchname(config-vlan)#name voip </li></ul> <ul><li>We have now named a vlan, this now puts the vlan into the vlan database </li></ul> <ul><li><ul><li>Now lets give this vlan a ip address of 172.16.200.1, this effectly gives this switch this ip address </li></ul></li></ul> <ul><li><ul><li>Switchname(config)# interface vlan 1 </li></ul></li></ul> <ul><li><ul><li>Switchname(config-vlan-if)#ip address 172.16.200.1 </li></ul></li></ul> <p> 34. 802.1q and sub-interfaces </p> <ul><li>Create multiple interfaces from one physical interface, each sub-interface for each vlan </li></ul> <ul><li>Created on router lan interface </li></ul> <ul><li><ul><li>Lets create a Sub-interface </li></ul></li></ul> <ul><li><ul><li>Routername(config)#interface fas0/1.1 </li></ul></li></ul> <ul><li><ul><li>Routername(config-subif)#encapsulation dot1q 1 native </li></ul></li></ul> <ul><li><ul><li>Routername(config-subif)#ip address 172.16.0.1 255.255.0.0 </li></ul></li></ul> <ul><li><ul><li>Routername(config-subif)#ip nat inside </li></ul></li></ul> <p> 35. 802.1q and sub-interfaces </p> <ul><li>Routername(config)#interface fas0/1.2 </li></ul> <ul><li>Routername(config-subif)#encapsulation dot1.q 2 </li></ul> <ul><li>Routername(config-subif)#ip address 172.32.0.1 255.255.0.0 </li></ul> <ul><li>Routername(config-subif)#ip nat inside </li></ul> <ul><li><ul><li>We have now set up a second interface in vlan 2 so all devices on vlan 2 on the switch/s will use this interface as gateway and obtain dhcp via this interface. </li></ul></li></ul> <ul><li><ul><li>We have now got 2 sub-interfaces under the physical fastethernet0/1 interface, all we have to do is setup dhcp for new network and amend access list 10 to allow new network to be natted. </li></ul></li></ul> <p> 36. Switchport Trunk </p> <ul><li>`statically assign a trunk port between the router and switch </li></ul> <ul><li><ul><li>Switchname(config)#interface fas0/1 </li></ul></li></ul> <ul><li><ul><li>Switchname(config-if)#switchport trunk encapsulation dot1q </li></ul></li></ul> <ul><li><ul><li>Switchname(config-if)#switchport mode trunk </li></ul></li></ul> <ul><li><ul><li>Switchname(config-if)#speed 100 </li></ul></li></ul> <ul><li><ul><li>Switchname(config-if)#duplex full </li></ul></li></ul> <ul><li><ul><li>We have set up fastethernet port 1 on switch to trunk to router </li></ul></li></ul> <ul><li><ul><li>Lets assign ports 3 to 10 on switch to vlan 2 data </li></ul></li></ul> <ul><li><ul><li>Switchname(config)#interface range fas0/3 - 10 </li></ul></li></ul> <ul><li><ul><li>Switchname(config-if)#switchport mode access </li></ul></li></ul> <ul><li><ul><li>Switchname(config-if)#switchport access vlan 2</li></ul></li></ul> <p> 37. Cisco VTP (virtual trunk protocol) </p> <ul><li>Allows easy implemantaion of Spanning Vlans via centralised managemant </li></ul> <ul><li>Three modes of VTP- server, client and transparent </li></ul> <ul><li>Create vlans on server and vlans will replicate on all switchs in same vtp domain </li></ul> <ul><li>Our VTP domain is Maxwifiso </li></ul> <p> 38. VTP (virtual trunking protocol/ </p> <ul><li>WE log onto our designated VTP server switch </li></ul> <ul><li><ul><li>Switchname(config)#vtp domain maxwifi </li></ul></li></ul> <ul><li><ul><li>Switchname(config)#vtp password voysey </li></ul></li></ul> <ul><li><ul><li>Switchname(config)#vtp mode server </li></ul></li></ul> <ul><li><ul><li>WE then log onto our client switch </li></ul></li></ul> <ul><li><ul><li>Switchname2(config)#vtp domain maxwifi </li></ul></li></ul> <ul><li><ul><li>Switchname(config)#vtp password voysey </li></ul></li></ul> <ul><li><ul><li>Switchname(config)#vtp mode client </li></ul></li></ul> <p> 39. Qos(quality of service) via CoS (class of service) </p> <ul><li>Switchport to recognise voice traffic from non voice via layer 2 CoS </li></ul> <ul><li>Set up a voice vlan and data vlan on same port </li></ul> <ul><li>Enable qos to trust cos and voip traffic</li></ul> <p> 40. Voice Vlan </p> <ul><li>These commands will set up a port to separate voice and non voice into 2 different vlans </li></ul> <ul><li><ul><li>Switchname(config)#mls qos </li></ul></li></ul> <ul><li><ul><li>Switchname(config)#interface range fas0/2 - 12 </li></ul></li></ul> <ul><li><ul><li>Switchname(config-if)#mls qos trust cos </li></ul></li></ul> <ul><li><ul><li>Switchname(config-if)#mls qos trust device cisco-phone </li></ul></li></ul> <ul><li><ul><li>Switchname(config-if)#switchport voice vlan 1 </li></ul></li></ul> <ul><li><ul><li>Switchname(config-if)#switchport access vlan 2 </li></ul></li></ul> <ul><li><ul><li>Now a pc plugged directly into a phone will use vlan 2 and the phone will use vlan 1 , seperating traffic. </li></ul></li></ul> <p> 41. Cisco Aironet 1200 series </p> <ul><li>GUI or CLI Based </li></ul> <ul><li>Uses A, B and G standard (2.4 and 5GHZ) </li></ul> <ul><li>Supports multiple modes of encryption including WEP and WPA with TKIP </li></ul> <p> 42. Cisco 1200 aironet config </p> <ul><li>We need to assign a static ip to the device or it will pick one up dynamically via dhcp</li></ul> <ul><li><ul><li>Apname(config)#interface BVi1 </li></ul></li></ul> <ul><li><ul><li>Apname(config-if)#ip address 172.32.0.100 255.255.0.0 </li></ul></li></ul> <ul><li><ul><li>We have now assigned a ip so now we will set up SSID </li></ul></li></ul> <ul><li><ul><li>Apname(config)#dot11 ssid MaxWiFi </li></ul></li></ul> <ul><li><ul><li>Apname(config-ssid)#authentication open </li></ul></li></ul> <ul><li><ul><li>Apname(config-ssid)#authentication key-management wpa </li></ul></li></ul> <ul><li><ul><li>Apname(config -ssid)#guest-mode </li></ul></li></ul> <ul><li><ul><li>Apname(config-ssid)#wpa-psk ascill wirele55 </li></ul></li></ul> <p> 43. Cisco 1200 aironet setup </p> <ul><li>We will now apply the ssid MaxWiFi to dot11radio0 interface </li></ul> <ul><li><ul><li>Apname(config)#interface dot11radio0 </li></ul></li></ul> <ul><li><ul><li>Apname(config-if)#encryption mode ciphers TKIP </li></ul></li></ul> <ul><li><ul><li>This has set the interface to support TKIP cipher keys which is requi