NETWORKING ESSENTIALS

TABLE OF CONTENTS
Comprehensive Notes ............................................................................................................................................ 4
Chapter 1 ............................................................................................................................................................ 4
Chapter 2 .......................................................................................................................................................... 15
Chapter 3 .......................................................................................................................................................... 26
Chapter 4 .......................................................................................................................................................... 32
Chapter 5 .......................................................................................................................................................... 45
Chapter 6 .......................................................................................................................................................... 53
Chapter 7 .......................................................................................................................................................... 63
Chapter 8 .......................................................................................................................................................... 69
Chapter 9 .......................................................................................................................................................... 79
Chapter 10 ........................................................................................................................................................ 83
Chapter 11 ........................................................................................................................................................ 89
Revision Notes .................................................................................................................................................... 101
Chapter 1 ........................................................................................................................................................ 101
Clobally Connected ..................................................................................................................................... 101
Lans, Wans and the internet ....................................................................................................................... 102
The Network as a platform ......................................................................................................................... 106
The Changing Network Environment.......................................................................................................... 107
The Changing Network Environment.......................................................................................................... 110
Chapter 2 ........................................................................................................................................................ 113
Bootcamp ................................................................................................................................................... 113
Getting Basic ............................................................................................................................................... 116
Address Schemes ........................................................................................................................................ 119
Chapter 3 ........................................................................................................................................................ 121

Rules of Communication ............................................................................................................................. 121

Network Protocols and Standards .............................................................................................................. 121
Moving Data in a Network .......................................................................................................................... 124
Chapter 4 ........................................................................................................................................................ 126
Physical Layer Protocols ............................................................................................................................. 126
Network Media ........................................................................................................................................... 127
Data Link Layer Protocols ........................................................................................................................... 131
Media Access Control ................................................................................................................................. 132
Chapter 5 ........................................................................................................................................................ 137
Ethernet Protocols ...................................................................................................................................... 137
Address Resolution Protocols ..................................................................................................................... 139
LAN Switches .............................................................................................................................................. 140
Chapter 6 ........................................................................................................................................................ 143
Network Layer Protocols ............................................................................................................................ 143
Routing ....................................................................................................................................................... 146
Routers ....................................................................................................................................................... 148
Chapter 7 ........................................................................................................................................................ 151
Transport Layer Protocols ........................................................................................................................... 151
TCP and UDP ............................................................................................................................................... 152
Chapter 8 ........................................................................................................................................................ 155
IPv4 Network Addresses ............................................................................................................................. 155
IPv6 Network Addresses ............................................................................................................................. 158
Connectivity Verification ............................................................................................................................ 161
Chapter 9 ........................................................................................................................................................ 162
Subnetting and IPv4 Network ..................................................................................................................... 162
Addressing Schemes ................................................................................................................................... 163
Design Consideration for IPv6 .................................................................................................................... 164
Chapter 10 ...................................................................................................................................................... 165
Application Layer Protocols ........................................................................................................................ 165

Well-Known Application Layer Protocols and Services .............................................................................. 166

The Message Heard around the world ....................................................................................................... 169
Chapter 11 ...................................................................................................................................................... 171
Create and Grow ......................................................................................................................................... 171
Keeping the network safe ........................................................................................................................... 173
Basic Network Performance ....................................................................................................................... 176
Managing IOS Configuration Files ............................................................................................................... 178
Integrated Routing Services ........................................................................................................................ 179

COMPREHENSIVE NOTES
CHAPTER 1

Globally Connected
Networking Today
o Networks in our daily lives
Breakthroughs in technology have extended
communication possibilities
Creation of data networks has profound effect
Ideas can become a reality, news events are worldwide, and
social interactions and game playing can happen globally
o Technology then and now
Resources include: sharing photos, videos and experiences,
accessing school network, communicating via email, IM, or
VoIP, watching movies/tv shows, playing online games,
checking weather and traffic, as well as bank balance.
Internet of Everything- bringing people, process, data and
things together to make network connections more
relevant/valuable
o The Global Community
Advancements are change agents
Create a world where geography and physical limitations
are irrelevant
Independent of location or time zone
Human networks- online communities
o Networks support the way we learn
Changing the way we learn- Maximising the dissemination
of knowledge
Traditionally- textbook and instructor- both limited
Networks deliver interactive activities, assessments,
feedback, virtual classrooms, on demand video, learning
spaces, mobile learning, distance learning, e-learning,
discussion boards and wikis, admin- student enrolment,
assessment delivery, progress tracking
o Networks support the way we communicate
IM/texting: real time communication between 2+ people,
also file transfer, voice, video communication
Social Media: interactive websites where user generated
content is shared

Collaboration tools: working together on shared

documents- remote locations can contribute equally with

city counterparts
Weblogs: anyone can easily update and edit thoughts to
global audience
Wikis: group creation of information, extensive reviewing
and editing
Podcasts: audio-based medium can deliver recordings to
wide audience
P2P file sharing: share files with each other without having
to store and download them from a central server- install
P2P software
o Networks Support the Way we Work
Initially used to internally record financial, customer and
employee info
Now enables transmission of email, video, messaging, and
telephony
Provides efficient/cost effective employee training
o Networks support the way we Play
Interactive exploration/travelling, previewing destination
before trip
Listen to music, watch movies, read books, watch sports,
Online games and competitions
Hobby communities- sports, collections
Online markets and auctions
Providing Resources in a network
o Networks of many sizes
Simple home networks- printers, documents, local
computers, internet
Large networks- businesses and organisations, allowing
employees to consolidate, store, and access info, also rapid
communication, and provide products and services to
customers
Internet- largest network- network of networks
Collection of interconnected private and public
networks
o Clients and servers
Hosts- send and receive messages on network
End devices- can be client, server, or both.

Servers provide requested information (such as documents,

email or web pages) to other hosts. Servers require server
software. (each service requires separate service software)
Clients request information from the server, and then
displays the information to the user.
Peer-to-Peer
Possible for computer to be client and server
simultaneously

Advantages

Disadvantages

Easy to set up

No central admin

Less complex

Not as secure

Lower cost (no network

Not Scalable
devices or dedicated servers)
Simple tasks- file transfer,
printer sharing

Simultaneous client/server
may slow performance

When multiple PCs, need network device (e.g. hub)

Not appropriate for large businesses- high amounts of
network traffic

LANS, WANS, and the Internet

Components of a Network
o Network infrastructure is platform that supports network- must
be stable and reliable.
o Devices- hardware connected to network (server, computer,
phone)
o Media- Connections between devices- cables, wireless
o Services- Software and processes that run on devices- email,
web. Directs messages to move through network
o End Devices
Form interface between users and communication network
Computers, network printers, VoIP phones, TelePresence
endpoints, security cameras, smartphones, tablets, PDAs,
bar-code scanners
Each host is identified by an address
o Intermediary Network Devices
Network access (switches, WAP), Internetworking (routers),
Security (firewalls)

Direct path of data, but don't create or modify

Functions include
Regenerate and retransmit data signals
Hold info about pathways
Error notification
Direct through detours when link failures occur
Classify priorities with QoS (quality of service)
Permit/deny flow of data (security)
Network Media

Encoding

Metallic wires within

cables

Electrical impulses to match

specific patterns

Glass or plastic fibers

Pulses of light (infrared or visible)

Wireless transmission

Electromagnetic waves

Criteria
Distance the medium can carry a signal
Environment
Amount of data and speed it must be transmitted
Cost of medium and installation
o Network Representations
Network Interface Card (or LAN adapter)- provides physical
connection. Medium connecting plugs into the NIC
Physical Port- connector/outlet on device where medium is
connected to host
Interface- Specialised ports on internetworking devicesconnect to individual networks. Routers used to
interconnect networks, so ports on router called network
interfaces
LANs and WANs
o Network infrastructure varies in size of area, number of users,
and number of services
o LAN
Home, school, office, or campus
Administered by single organisation/individual, on network
level
High speed bandwidth to internal
o WAN
Managed by service providers or Internet service providers

Media type

Interconnect LANs
Usually by multiple service providers
Typically slower speed
o MAN- Metropolitan area network
Physically larger than LAN, still not WAN (a city)
o WLAN- Wireless LAN
o SAN- Storage area network- designed to support file servers
and provide storage, retrieval, and replication of data.
Components include servers, disk arrays, and Fibre Channel
Interconnection
The Internet
o Used to communicate outside of your local network
o Conglomerate of networks not owned by anyone
o Organisations developed to maintain structure and
standardisation of protocols and processes
Internet Engineering Task Force (IETF)
Internet Corporation for Assigned Names and Numbers
(ICANN)
Internet Architecture Board (IAB)
o Intranet
Private connection of LANs and WANs, only accessible to
members of organisation
Can include internal events, health and safety policies,
newsletters, phone directories, class schedules, curricula,
forums
Eliminate paperwork, speed workflows
o Extranet
Individuals from outside the organisation can gain access
to information they require from the organisation's intranet
Examples include outside suppliers and contractors,
hospitals providing booking schedules for doctors
o Internet Access Technologies
Home users need to connect to an internet service provider
(ISP)
Broadband cable, broadband digital subscriber line (DSL),
wireless, and mobile services
Organisations need fast connections for business services,
IP phones, video conferencing, and data centre storage
Business class interconnections provided by SP- business
DSL, leased lines, and Metro Ethernet
o Connecting Remote users to the Internet

Cable

Same coaxial cable that delivers cable

television. High bandwidth, always on
connection. Special cable modem separates
internet data signal, provides Ethernet
connection to host computer

DSL

Provides high-bandwidth, always on

connection to the internet. Requires high
speed modem to separate DSL signal from
telephone signal, provides Ethernet connection
Telephone line splits into 3 channels- voice
telephone calls, faster download channel to
receive, and sending/uploading information
(slower than 2nd channel)

Cellular

Uses cell phone network to connect,

performance limited by phone capabilities and
cell tower
Good for remote communities or those on the
move

Satellite

Good for when there's no DSL or cable access,

dishes require clear line to satellite, so trees
can't be in the way
Equipment and installation costs can be high

Dialup
Inexpensive, using a phone line and modem
telephone Low bandwidth, low speed
o

Connecting Businesses to the Internet

Dedicated
Leased Line

Dedicated connection from SP to customer

premises
Reserved circuits that connect geographical
separate buildings
Rented at monthly/yearly rate

Metro
Ethernet

Dedicated copper or fibre connection10Mbps-10Gbps Copper is cheaper, but

<40Mbps, limited distance

Business DSL Symmetrical DSL (SDSL) and Asymmetrical

DSL (ADSL)
SDSL provides same up and download
speeds
Works up to 5.5km
Satellite

Provide a connection when wired is

unavailable, but slower and less reliable

The Network as a Platform

The Converging Network
o Early networks limited to character based information
o Modern technology allows us to consolidate different networks
into one converged network.
o Computer networks, telephone networks, broadcast networks
Planning the Future
o Convergence shows first phase in building intelligent info
network
o Second phase- consolidate applications that generate, transmit,
and secure messages onto integrated network devices
o Devices that perform telephone switching/video broadcasting
will also route messages through the network
o Result: communications platform provides high quality
application functionality at reduced cost
The Supporting Network Architecture
o Technologies that support the infrastructure and programmed
services and protocols that move messages across the network
o Four basic characteristics that must be addressed
o Fault tolerance
Redundant connections allow for alternative routes of data
Limits the impact of failure
o Scalability
New users and networks can be connected without
degrading existing performance
Internet has a hierarchical layered structure for addressing,
for naming and for connectivity services
Tier 1 ISPs provide global connections, backbone of the
internet
Tier 2 Smaller ISPs provide regional service (have peer
connections bypassing backbone)

Tier 3 local ISPs providing directly to end users

Protocols allow for acceptance of new products and
applications through easy integration
Quality of Service
Managed by the router and ensures first priority data is sent
through first
Web pages low priority, streaming media high priority
(maintain smoothness)
Mechanism to managed congested network traffic
When data to be transmitted exceeds bandwidth, is queued
in memory
Classification- time sensitive more important than delay
tolerable, high importance business transaction is also
important
Security
Admin protect network with software and hardware
security, preventing physical access to network devices
Protect from unauthorised access- e.g. username and
password
Serious consequences from breaches- no communication
or transactions, loss of business, intellectual property
stolen, breach of personal privacy, loss of information
Network infrastructure security- physical securing of
devices that provide network connectivity
Information security- protecting the information contained
in packets, transmitted over network (prevent unauthorised
disclosure, theft, modification, or DoS)
Confidentiality, Integrity, Availability
Circuit switched connection oriented networks
With phone calls, source and destination determined and
temporary path/circuit made
If any link or device in circuit failed, call was dropped, and
new call had to be made with new circuit
Furthermore, established circuits are locked out resources
Expensive to create many alternative paths, so not optimal
for internet
Packet-Switched Networks
Single message broken into multiple message blocks with
addresses of origination point and final destination, sent
along network (no fixed path) and reassembled at the other
side

Only addresses are visible to network- IP address

If path no longer available, next best path is dynamically
chosen

The Changing Network Environment

Network Trends
o Bring Your Own Device
Students and employees bring their own phones, tablets,
laptops, notebooks, e-readers
More flexibility
o Online Collaboration
Ensuring everyone has access to all the information, on the
same page
Decreased budget and personnel, balancing resources
Maintain face to face relationships
o Video Communication
Used for communication, collaboration, and entertainment
Distance business, lowering costs, reduce impact on
environment
Drivers for organisations to develop video solution strategy
Global workforce and need for real time collaboration
Reducing costs and green IT
New opportunities for IP convergence- video
applications such as collab, advertising, and
surveillance systems onto ingle IP network
Media explosion- high quality low cost video recording
devices
Social networking- employees film short videos to
share best practices
Demands for universal media access
o Cloud Computing
Resources delivered as a service over a network, charging a
service fee
Hardware and software requirements of user decreased
Accessing and storing data
Extends IT capabilities without requiring investment in new
infrastructure, personnel, or new software
Benefits
Organisational flexibility
Agility and rapid development
Reduced cost of infrastructure

Refocus of IT resources
Creation of new business models
Types- Private, public, hybrid, and custom
Private- only for specific organisation, e.g.
government- internally managed (expensive to build
up) or externally with strict access security
Public- offered to general population, free or pay per
use, using the internet
Hybrid- 2+ clouds where each part is distinctive but
have connection via a single architecture. Various
services levels based on user access rights
Custom- build to meet the needs of a specific industrycan be private or public
Data centres
Facility used to house computer systems and
associated components, and makes cloud computing
possible
Associated components
Redundant data communication connections
High speed virtual servers (server farms or server
clusters)
Redundant storage systems (SAN)
Redundant/back up power supplied
Environmental controls (AC, fire suppression)
Security devices
Can be one room, one floor, or even a whole building
Use cloud computing and virtualisation (runs several
Oss in parallel on a single CPU, reducing admin and
cost overheads)
Very expensive to build and maintain, generally large
organisations have their own, smaller lease.
Technology Trends in the Home
Smart home technology
Integration of everyday appliances
Powerline Networking
Uses existing electrical wiring to connect devices
"no new wires" saves cost of installing data cables, no cost
to electric bill
Alternative when cables or wireless are not a viable option
Use a standard powerline adapter
Wireless Broadband

WISP (Wireless internet provider)

Rural environments where DSL/cable not found
Connects subscribers to hotspot
Antenna can be attached to existing elevated structure
Wireless Broadband Service
Antenna installed outside the house
Uses same technology used by smartphone/tablet
Security Threats

Virus, worms and trojan horses

Spyware and adware
Zero-day attacks
Hacker attacks
DoS attacks
Data interception and theft
Identity theft
Internal threats
Security solutions
Need multiple solutions and layers
Home/small office
Antivirus and antispyware
Firewall filtering
Corporate
Dedicated firewall systems
Access Control Lists (ACL)
Intrusion Prevention Systems (IPS)- prevent zero day
Virtual Private Networks (VPN)- secure access to
remote workers

Cisco Network Architecture

Network architecture- devices, connections, and products that are
integrated to support necessary technologies and applications

CHAPTER 2

Introduction
Home routers
o Router- forwards data packets to and receives data packets
from the internet
o Switch- connects end devices using network cables
o WAP- consists of a radio transmitter, connecting end devices
wirelessly
o Firewall appliance- secures outgoing traffic and restricts
incoming traffic
Cisco Internetwork Operating System (IOS)
o Collection of network OS used on networking devices
o Used on most devices regardless of type or size
IOS Bootcamp
Cisco IOS
o Operating Systems
All end devices and network devices require an OS
Hardware, Kernel, Shell, GUI
o Purpose of an OS
IOS on switch or router provides an interface
Possible to upgrade the IOS version or feature set for more
capabilities
Cisco IOS release 15.x.
o Location of the Cisco IOS
Several megabytes in size (file)
Stored in semi-permanent memory area called flash
Doesn't lose memory when turned off, but can be
overwritten if need be
Generally IOS copied from flash into RAM
RAM has functions including storing data, increasing
performance, however data lost during power cycle
(restarted)
Amount of memory needed changes per device
o IOS Functions (generally accessed by CLI)
Security
IP addressing
Optimise connectivity- interface-specific configurations
Routing
QoS technologies

Network management technologies

Accessing a Cisco IOS device
o Console
Console port is management port that provides out of
band access
Access via dedicated management channel for maintenance
purposes
When performing initial configuration, computer running
terminal emulation software is connected to console port
using special cable
Commands to set up switch can be entered on switch or
router
Also used when networking services have failed- can't be
accessed remotely
Connect to determine status of device, showing start up,
debugging and error messages
By default, no security, but password should be set
o Telnet SSH and AUX
Telnet
Method for remotely establishing CLI session through
virtual interface
Unlike console, requires active networking services on
device- must have one active interface with address
like IPv4
Cisco IOS devices include Telnet server process- allows
configuration commands from Telnet client
Also has Telnet client, can telnet from device to any
other device with telnet server process
SSH
Secure Shell protocol similar to Telnet, uses more
secure network services- stronger password
authentication, and encryption
Keeps ID, password, and details of management
session private
Most versions use SSH
AUX Port
Remotely establish CLI session via telephone dialup
connection
Modem connected to auxiliary port of router
Out-of-band connection, doesn't need active
networking services on device

Can also be used locally, using direct connection

Terminal Emulation Programs
Includes PuTTY, Tera Term, SecureCRT, HyperTerminal, OS X
Terminal
Some enhance productivity with customisable user
interfaces
Navigating the IOS
o Cisco IOS Modes of Operation
Hierarchical structure for the modes (basic to specialised)
User Executive (User EXEC) mode
Privileged executive (Privileged EXEC) mode
Global Configuration mode
Other specific configuration modes (e.g. interface
configuration mode)
Each mode has distinct prompt and purpose with specific
commands only available in that mode
Structure can be configured to provide security, with
different authentication for each mode
o Primary Modes
Primary modes are user EXEC and privileged EXEC mode
User
Limited capabilities, most basic, first encountered
View only mode, no changes
Default no authentication required to access
Identified by > symbol
Privileged EXEC mode
Can be identified by # symbol
Needed to execute configuration and management
commands
Default no authentication
o Global Configuration Mode and Submodes
Global
Can only be reached from privileged EXEC mode
Primary configuration mode
Affect operation of device as whole
CLI command= configure terminal
Prompt becomes (config)#
Specific Config Modes
From global config, can enter specific modes
Allow config of particular part or function of IOS
Interface mode- to configure a network int.

Line Mode- to configure a physical or virtual line

(console, AUX, VTY)
To return to global, type exit
To return to privileged, type end or control z
o Navigating between IOS modes
The Command Structure
o IOS command Structure
Moving between User EXEC and Privileged EXEC
Enable and disable used to change
Sometimes password is asked for
Basic command Structure
Command is initial word/phrase entered in CL, not case
sensitive
After command comes keywords and/or arguments
IOS Command Conventions
Argument is not predefined word, rather value or
variable from user
Refer to command syntax
String, IP-address, etc
o Cisco IOS Command Reference
Collection of online documentation
Can check
Syntax
Default- manner command is implemented on device
with default config
Mode- mode where it's entered
History- how command works depending on version of
IOS
Usage Guidelines
Examples
o Context-Sensitive Help
Provides list of commands + arguments within context of
the mode
To access, enter ?
To get a list of commands beginning with a particular letter,
enter the letters with ?
To determine what can/should be entered next, enter the
command then a space and a ?
o Command Syntax Check
If interpreter cannot understand something left to right, will
provide feedback

Incomplete command
Incorrect command
Hot Keys and Shortcuts

Ctrl-A - Moves to the beginning of the line

Ctrl-E - Moves to the end of the line

Ctrl-R - Redisplays a line

Ctrl-Z - Exits the configuration mode and returns to

user EXEC

Ctrl-C - Exits the configuration mode or aborts the

current command

Ctrl-Shift-6 - Allows the user to interrupt an IOS

process such as ping or traceroute
Can be abbreviated
IOS examination Commands
Provides information about the configuration, operation, and
status of parts
Show interfaces
Displaces statistics for all interfaces on the device
For specifics, enter show interfaces followed by type
and slot/port number
Show startup-config
Displays the saved configuration located in NVRAM
Show running-config
Displays the contents of the currently running config
file
More
When output is more than single page, --more-appears, press spacebar for more, enter for one more
line
The show version Command
Displays info about the currently loaded IOS version +
hardware and device information
Includes
Software version- stored in flash
Bootstrap version- stored in Boot ROM
System up-time
System restart info- method of restart
Software image name- filename stored in flash
Router type and processor type- model number

Ambiguous Command

Memory type and allocation (shared/main)- RAM and

shared packet buffering
Software features
Hardware interfaces- interfaces available
Configuration register- sets bootup specifications,
console speed setting, and other parameters

Getting Basic
Host Names
o Why the Switch
One of the simplest devices that can be configured on a
network
No configuration prior to functioning
Has initial settings like name, device config, banner
messages, and saving
o Device Names
One of the first steps is configuring unique device name or
hostname
Appear in CLI prompts, authentication processes, and
topology diagrams
Default name is assigned until hostname given
Use naming convention to easily understand
Start with a letter
Contain no spaces
End with a letter or digit
Use only letters, digits, and dashes
Be less than 64 characters
o Host Names
Allow devices to be identified by network admins over
network or internet
Use physical location- floor 1, floor 2, etc
o Configuring Host Names
From privileged EXEC mode, go to global configure
terminal
Enter hostname hostname Sw-Floor-1
Hostname will appear in the prompt
To remove a name, use no hostname
Limiting Access to Device Configurations
o Securing Device Access
Physically- closets and locked racks

Passwords are primary defence

Enable Password- limit access to privileged EXEC
Enable secret- encrypted, limits access to privileged
EXEC
Console password- limits device access using console
connection
VTY password- limits device over telnet
Securing Privileged EXEC access
Use enable secret password command
Older, less secure is enable password password
Securing User EXEC access
Console
Console port must be secured minimum by requiring
password
Reduces chance of unauthorised personnel plugging in
a cable
From global config, use line console 0 to enter line
config mode , then password cisco to specify a
password, then login to require authentication when
logging in
VTY Password
Vty lines allow access to Cisco device via telnet
Default switches support up to 16 vty lines: 0-15
5 is most common number of vty lines configured
Password for each vty line
Same password can be set for all, however one can be
different as fall back for admins
Example- line vty 0 15 then password cisco then
login
By default includes login command. If no login is set,
unauthorised persons could connect across network
Encrypting Password display
Preventing passwords from being plain text is service
password-encryption command
Weak encryption to all unencrypted passwords in config
file, not over media
Once applied, removing encryption does not reverse
Banner Messages
Notification required otherwise prosecution or monitoring
of users not possible
Banners on log in screen can be

"use of device specifically for authorised personnel"

"activity may be monitored"
"Legal action will be taken for unauthorised use"
Shouldn't be welcoming, can also include other information
Message of the day (MOTD)
From global config, use banner motd
Requires use of delimiters to identify content of banner
message
Example: banner motd # message #
Saving Configurations
o Configuration Files
Running Config
Running config file reflects current configuration
applised to IOS device
Contains commands used to determine how device
operates on network
Modifying running config affects operation of device
immediately
Stored in working memory of device- RAM, so
temporarily active while Cisco device is running, but if
powered off, changes are lost unless saved
Options after making a change
Return device to original config
If you want to reset, must replace running
config with start up config, easiest way is to
reload
When initiating reload, IOS will detect unsaved
changes, and a prompt will appear to ask if
you want to save. To discard, enter no, then
enter again
Remove all configs from device
If undesired changes are saved, may need to
clear all configurations
Erase startup-config at privileged EXEC
mode, also need to delete vlan.dat
Make changed config the new start up config
Before changing, use show then use copy
running-config startup-config in privileged
EXEC mode
Start up config

File reflects config that will be used upon reboot,

stored in NVRAM
When running config is changed, important to save
into start up config, otherwise changes will be lost
Capturing Text
Config files can be saved and archived to text document
Steps
File menu click log
Choose location
After capture has been started, execute show
running/startup config
Text displayed in window will be placed into file
When capture is complete, select close
View output to verify not corrupted
Restoring Text Config
Config file can be copied from storage to device
When copied into terminal, IOS executes each line as
command, requiring editing before copying (encrypted
passes into plain text and remove parameter, and get
rid of non commands)
Steps
Edit text
On file menu click send
Locate file to be copied and click open
File is pasted into device
Will become running config on device, convenient

Address Schemes
Ports and Addresses
o IP Addressing of devices
Use of IP addresses (IPv4 or IPv6) is primary means of
enabling devices to locate each other
Examples of end devices
Computers- work stations, laptops, file servers, web
servers
Network printers
VoIP phones
Security Cameras
Smart phones
Mobile handheld devices

Structure of IPv4 is dotted decimal notation with 4 decimal

numbers between 0 and 255. assigned to individual devices
connected to network, logical and provide information
about location
Subnet mask necessary for IP addresses- special type of
IPv4 address that, coupled with IP address, determines
which subnet of a larger network the device is a member
IP addresses can be assigned to physical and virtual
interfaces on devices
o Interfaces and ports
Each physical interface has specifications/standards
Each link requires particular network technology
Ethernet most common, needs RJ-45
Switches have physical ports but also one or more switch
virtual interfaces (SVIs)
Virtual interfaces- no physical hardware
Means to remotely manage a switch over a network
using IPv4
Default SVI is VLAN1
Addressing devices
o Configuring a switch virtual interface
To access switch remotely, IP address and subnet mask
must be configured on SVI
Interface vlan 1- used to navigate to special config from
global
Ip address ip address and subnet mask
No shutdown administratively enables interface to an
active state
o Manual IP address configuration for end devices
End device must be configured with IP address and subnet
mask
Can also configure default gateway and DNS server info
Default gateway is router interface used for network traffic
to exit local network
DNS (Domain Name System) is address of DNS server, used
to translate IP addresses to web addresses
o Automatic IP address configuration for end devices
Dynamic Host Configuration Protocol (DHCP) allows end
devices to have IP info automatically configured
Enables automatic IPv4 address config

Otherwise every time you connected you would have to

manually enter IP address, subnet mask, default gateway,
and DNS server
Can display IP config settings by using ipconfig
o IP Address conflicts
If static (manual) IP address is defined for network device,
(e.g. printer), then DHCP server installed, might get
duplicate IP addresses
To solve, either include printer into DHCP client, or exclude
it from the DHCP scope (but second solution needs admin
privileges on DHCP server)
Another conflict is when manually configuring IP on an end
device in a static IP addresses only network
To solve, determine which IP addresses are available on
particular IP subnet and configure accordingly (static used
in small to medium network)
Verifying Connectivity
o Test the Loopback Address on an End Device
Ping command used to verify IP config on local host
Use ping on reserved address called loopback (127.0.0.1)
Defined by TCIP/IP protocol as reserved address that routes
packets back to host
Returned in less than 1 millisecond, determining that NIC,
drivers, and TCP/IP all functioning correctly
o Testing the interface assignment
Verifying Switch interfaces
Show ip interface brief to verify condition of the switch
interfaces
Testing PC-to-Switch Connectivity
Ping command can be used on a PC
o Testing end to end connectivity
Ping with computers

CHAPTER 3

Rules of Communication
The rules
o What is communication
Needs a sender and a receiver and a channel
Sending is governed by protocols
o Establishing the rules
Identified sender and receiver
Common language and grammar
Speed and time of delivery
Confirmation or acknowledgement requirements
o Message Encoding
Encoding from bits to patterns of light, sound, waves, or
electrical impulses
Destination receives and decodes signals to interpret
message
o Message Formatting and Encapsulation
Placing one message format in another message format
Frame provides address of destination and host
o Message Size
Must meet minimum and maximum size requirementssegmented down
o Message Timing
Access Method- when someone can send a message
Flow Control- how much info sent and speed- transmit at
faster rate than receive and process
Response Timeout- how long to wait for response, what to
do if timeout occurs
o Message Delivery Options
One to one (unicast) or one to many (multicast)
Sometimes necessary to return an acknowledgement
Network Protocols and Standards
Protocols
o Protocols: Rules that Govern Communications
Protocol Suite- group of interrelated protocols necessary to
perform communication function
o Network Protocols
IP, HTTP, DHCP
o Interaction of Protocols

Application protocol- HTTP governs how a web server and

web client interact
Transport Protocol- TCP (Transmission Control Protocol)
managed individual conversations between servers and
clients, controls size and rate of messages
Internet Protocol- IP takes formatted segments from TCP,
encapsulating them, addressing them, and delivering them
Network Access Protocols- Communication over data link
and physical transmission of data. Take packets from IP and
format to be transmitted over media- Ethernet
Protocol Suites
o Protocol suites and industry standards
Example- TCP/IP- open standard (freely available to public)
Standards-based protocol has been endorsed by
networking industry and approved by standards
organisation
Ensures that products from different manufacturers can
interoperate
Some are proprietary- one company controls how the
protocol functions- AppleTalk and Novell Netware
o Creation of the internet and Development of TCP/IP
First packet switching network was ARPANET in 1969
o TCP/IP Protocol suite and communication Process
HTML is data
HTTP header added to the front
TCP manages conversation
IP information added in front of TCP
Ethernet protocol adds info- data link frame (each router
removes and adds new data link)
Standards Organisations
o Open Standards
o ISOC (The internet society)- open development, evolution, and
internet use
o IAB (Internet Architecture Board)- overseen by ISOC, responsible
for overall management and development of internet
Standards- 13 members
o IETF (Internet Engineering Task Force)- develop, update and
maintain internet and TCP/IP technologies. Produces request for
comments (RFC) documents. Consists of working groups (WGs).
IESG (Internet Engineering Steering Group) is responsible for
technical management of IETF

IRTF (Internet Research Task Force)- long term research e.g. anti
spam, crypto forum, peer to peer, and router research
o IEEE (Institute of Electrical and Electronics Engineers)dedicating to advance innovations and standards
o ISO (International Organisation for Standardisation)
Best known for OSI (Open Systems Interconnection)
Published in 1984 for layered framework
TCP/IP protocol suite is for internet
OSI protocol suite is for telecommunications equipment
o Other Standards Organisations
EIA (Electronic Industries Alliance) standards for electrical
wiring, connectors, racks
TIA (Telecommunications Industry Association)
communication standards in radio equipment, cellular
towers, VoIP, satellite
ITU-T (International Telecommunications UnionTelecommunication Standardisation Sector) one of largest
and oldest, defines video compression, IP Television,
broadband communication like DSL
ICANN (Internet Corporation for Assigned Names and
Numbers) coordinates IP address allocation, domain names,
protocol identifiers/port numbers
IANA (Internet Assigned Numbers Authority) department of
ICANN- does IP address allocation, domain name, and
protocol identifiers
Reference Models
o The Benefits of Using a Layered Model
Assists in protocol design
Fosters competition
Prevents technology or capability changes in one layer from
affecting other layers
Provides a common language
Two types of networking Models
Protocol- describes the functions that occur at each
layer of protocols: e.g. TCP/IP
Reference- aids in clearer understanding of functions
and processes involved- provides consistency within all
types of network protocols: e.g. OSI model
o The OSI reference model
Framework on which to build a suite of open systems
protocols
o

7 layers, often referred to by number

The TCP/IP Protocol model
Four categories of functions
Standards discussed in public forum and defined in publicly
available set of RFCs-contain both formal specification of
protocols and resources
RFCs also contain technical and organisational documents
Comparing the OSI model with the TCP/IP model
Network access layer and application layer of TCP/IP are
divided in OSI
In network access layer, TCP/IP doesn't specify which
protocols to use, but OSI discusses necessary procedures to
access media

Moving Data in the Network

Data Encapsulation
o Communicating the Messages
Divide data into packets- segmentation
By sending smaller pieces, many different conversations can
be interleaved- multiplexing
Increases reliability- can be split up to not overload
congested networks, and if a piece fails to arrive, only that
bit needs to be retransmitted
Downside- added complexity
o Protocol Data Units
As data is passed down protocol stack, various protocols
add information at each level- encapsulation process
PDU is form that piece of data takes, changes name at each
layer
Data- general term for PDU at application layer
Segment- Transport layer PDU
Packet- Network layer PDU
Frame- Data link layer PDU
Bits- physical layer PDU
o Encapsulation
Application layer protocol, HTTP, delivers HTML formatted
web page data to transport layer- broken into TCP
segments
Each TCP segment given label (header), with info about
which process on destination computer should receive
message, and how to reassemble

Sends to internet layer, where IP protocol implemented- IP

header added, containing source and destination host IP
address
IP packet sent to network access layer, encapsulated in a
frame header and trailer- header contains source and
destination physical address (devices), trailer contains error
checking info
Bits encoded onto media by server NIC
o Deencapsulation
Process is reversed, unwrapped
Accessing Local Resources
o Network addresses and data-link addresses
Network address
Network layer (layer 3), logical address has info needed
to deliver IP packet
IP address has 2 parts- network prefix (used by routers
to forward packet) and host part (used by last router in
path to deliver packet to device)
Each IP packet has two IP addresses- source and
destination
Data Link Address
Data link (layer 2) physical address delivers data link
frame from one network interface to another network
interface on same network
In order to be transmitted over physical mediumactual network
Source Data link Address- physical address of deviceinitially NIC
Destination data link address- physical address of next
router or interface of destination device
o Communicating with a device on the same network
Network Addresses
Network portion of address is the same, but the host or
device portion of the address will be different
Data Link Addresses
Data link frame sent directly to receiving device
On ethernet, addresses are called Ethernet MAC
addresses (48 bit addresses physically embedded on
Ethernet NIC)
MAC also called physical address or burned-in address
(BIA)

Destination MAC address is address of receiving device

MAC and IP Addresses
Must know physical and logical addresses of destination
host
Source can learn destination IP address using DNS, or
entered manually
Most network applications rely on logical IP address to
identify location
Sending host uses protocol called ARP (Address Resolution
Protocol) to discover MAC address- ARP is broadcast
message containing IP address- each device examines ARP
to see if its their IP address- match replies with its MAC
address
Accessing remote resources
o Default gateway
Router (default gateway IP address of an interface on router
on same network as source) must be used to send a
message to a remote network
o Communicating with a device on a remote network
Network address- network number will be different in the
IP address
Data link frame cannot be sent directly to destination hostnot directly reachable
Destination MAC address- default gateway or router

CHAPTER 4

Introduction
In TCP/IP model, data link layer and physical layer are essentially
one layer
Sending
o DLL's role to prepare data and control how it accesses physical
media
o Physical layer's role controls how data is transmitted onto
physical media- encoding into binary digits
Receiving
o Physical layer receives signals, decoding, and passes to DLL for
accepting and processing
Getting it connected
Connecting to the network
o Physical connection is necessary
NIC
o Ethernet NIC for wired
o WLAN NICs for wireless
Purpose of the Physical Layer
The Physical Layer
o Transport bits that make up DLL frame across the media
o Encodes frames to create electrical, optical, or radio waves
o Signals sent one at a time
o Destination node physical layer retrieves signals, restores to
bits, passes up to DDL as frame
Media
o Copper cable- electrical
o Fibre-Optic Cable- light
o Wireless- Microwaves
Standards
o TCP/IP suite protocols defined by IETF (Internet Engineering
Task Force) in RFCs
o Physical layer consists of circuitry, media, and connectors
o Governed by ISO, TIA/EIA, ITU, ANSI, IEEE, FCC, ETSI, CSA,
CENELEC, JSA

Fundamental Principles of Layer 1

Physical Layer Fundamental Principles
o Physical components are hardware devices, media, and
connectors
Includes NICs, ports, interfaces
o Encoding
Method of converting stream of data bits into predefined
code
Manchester Encoding- 0= high to low, 1 = low to high
(used in older Ethernet, RFID)
Non-return to Zero (NRZ)- two states termed 0 and 1, no
neutral position
o Signaling
Method of representing bits on media
Asynchronous: without clock signal- time spacing is
arbitrary duration, needs start and stop indicator flags
Synchronous: with clock signal occurring at evenly spaced
time durations- bit time
Modulation
Process where one wave (signal) modifies another
(carrier)
Frequency Modulation (FM)- carrier frequency varies
with signal
Amplitude Modulation (AM)- amplitude modifies with
signal
Pulse-coded Modulation (PCM) analogue converted to
digital signal by sampling amplitude and expressing
difference as binary number- sampling rate must be
twice highest frequency in signal
Bandwidth
o Capacity of medium to carry data
o Digital bandwidth- amount of data that can flow in a given
amount of time
o Factors include properties of physical media, and technologies
chosen for signaling and detecting network signals
Throughput
o Measure of the transfer of bits across media over given period
of time
o Factors such as amount, type of traffic, and latency created by
intermediary network devices between source and destination,
mean it's different from bandwidth

Cannot be faster than slowest link of the path

Goodput- throughput minus traffic overhead
Types of Physical Media
o Standards for copper media
Type of copper cabling
Bandwidth of communication
Type of connectors used
Pinout and colour codes of connections
Maximum distance of media
o
o

Copper Cabling
Characteristics
o Inexpensive, easy to install, low resistance
o Limited by distance and signal interference
o Signal attenuation- longer it travels, more it deteriorates
o Electromagnetic Interference (EMI) or radio frequency
interference (RFI): fluorescent lights or electric motors can
distort/corrupt signals
o Crosstalk: EM fields disturb adjacent wires- can hear part of
another voice conversation on phones
o To counter EMI/RFI, some cables wrapped in metallic shielding
with grounding connections
o To counter crosstalk, some cables have opposing circuit wire
pairs twisted together
o Susceptibility can be further limited by choosing most suited
type to environment, designing avoidance cable infrastructure,
and properly handling and terminating cables
Copper Media
o 3 types
Unshielded Twisted-Pair Cable
o UTP most common, terminated with RJ-45 connectors
o 4 pairs of colour coded wires twisted together and encased for
protection
o Twisting protects from signal interference
Shielded Twisted-Pair (STP) Cable
o Better noise protection, but more expensive and difficult to
install
o Shielding and wire twisting to counter EMI/RFI and crosstalk,
and terminated with special shielded connectors (but if

improperly grounded, shield could counterproductively act as

antenna and pick up more signals)
o Foil shields entire bundle of wire- eliminates nearly all (more
common) OR
o Shields bundle as well as individual wire pairs- eliminate ALL
interference
o Used in token ring, now in 10GB standard for Ethernet
Coaxial Cable
o Two conductors with same axis
Copper conductor to transmit
Surrounded by layer of plastic insulation
Surrounded by woven copper braid or foil- second foil and
shield for inner conductor
Entire cable covered in cable jacket
Uses different types of connectors
o Used in cable television one way
o Wireless installations- attach antennas to wireless devices
(carries RF energy between antenna and radio equipment)
o Cable Internet Installations- cable SPs converting from one way
to two way for internet connectivity. Final connection to
location and wiring inside customer's premises still coax, while
rest is replaced by fibre: combined use referred to as Hybrid
Fibre Coax (HFC)
Copper Media Safety
o All susceptible to fire and electrical hazards
o Can present undesirable voltage levels- copper cabling
connecting different floors with different power facilities
o Can also conduct voltage from lightning strikes to network
devices
o Must be installed according to relevant specifications and
building codes

UTP Cabling
o Properties
Four pairs of colour coded wires twisted together
22- or 24- gauge copper wire
No shielding for EMI/RFI, but can limit by
Cancellation: when 2 wires placed together, magnetic
fields exact opposite, cancel each other out, as well as
other EMI and RFI signals

Varying number of twists per wire pair: each coloured

pair twisted different number of times
Standards
Conforms to standards by TIA/EIA
Cable types
Lengths
Connectors
Termination
Method of testing
Electrical characteristics defined by IEEE- places cables into
categories according ability to carry higher bandwidthscat5e is minimally acceptable cable type
Connectors
Usually terminated with RJ-45 Connector
Types
Ethernet Straight through: host to switch or switch to router
Ethernet Crossover: connects similar devices together
Rollover: Cisco Proprietary cable used to connect to router or
switch console port
Testing
UTP cable tester used to test for:
Wire map
Cable length
Signal loss due to attenuation
Crosstalk

o
o

Fibre-Optic Cabling
o Properties
Longer distances and higher bandwidths
Flexible thin transparent strand of pure silica glass
Can transmit signals with less attenuation and immune to
EMI/RFI
Used in:
Enterprise networks: backbone cabling applications
and infrastructure devices
FTTH and Access Networks: Fibre-to-the-home is
always on broadband services
Long-Haul networks: connect countries and cities
Submarine Network: able to survive undersea
environments

Cable Design
Core- pure glass, where light is carried
Cladding- surrounds core, acts as mirror- total internal
reflection
Jacket- PVC jacket protects core and cladding
Types
Light pulses can be lasers or light emitting diodes (LEDs)
Photodiodes detect light pulses, converting them to voltages
and reconstructed into data frames
Single-Mode Fibre (SMF): small core, expensive single laser
light- good for long distance telephony and tv
Multimode fibre (MMF): large core, uses LED at different
angles- popular in LANs, cheaper, up to 550m, but
dispersion
Connectors
Dimensions and methods of mechanical coupling differ
Straight-Tip (ST): bayonet style used with multimode
Subscriber Connector (SC): LAN/WAN connector uses
push/pull mechanism- multi and single-mode
Lucent Connector (LC): smaller size, supports both
Two fibres required to support full duplex operation, so two
fibre cables bundled together and terminated with single
fibre connectors- duplex connector
Patch cords used to interconnect infrastructure devices
Testing
Misalignment: media not precisely aligned when joined
End Gap: media does not completely touch splice or
connection
End Finish: ends not well polished or dirt present at
termination
Can use bright flashlight or OTDR to test
Fibre vs Copper
No interference, longer
More expensive, different skills needed, more careful
handling

Wireless Media
o Properties
Unrestricted by conductors or pathways, great mobility
options, increasing number of wireless devices

Concerns
Coverage areas: good in open areas, but limited inside
Interference: cordless phones, fluorescent lights,
microwave ovens can all disrupt
Security: devices and users not authorised can gain
access- no access to physical media necessary
Types
Data communications Standards
Standard IEEE 802.11: WLAN (Wifi), contention system
with CSMA/CA media access process used
Standard IEEE 802.15: WPAN (Wireless personal area
network), e.g. bluetooth, uses device pairing
Standard IEEE 802.16: Worldwide Interoperability for
Microwave Access (WiMAX), point to multipoint
topology for wireless broadband access
Physical layer specifications applied to areas like
Data to radio signal encoding
Frequency and power of transmission
Signal reception and decoding requirements
Antenna design and construction
Wireless LAN
WAP: concentrates wireless signals and connects to ethernet
Wireless NIC adaptors: provides communication capability to
each network host
802.11 WiFi Standards
IEEE 802.11a: 5GHz and speeds up to 54 Mb/s (not with b
and g), higher frequency, less coverage/penetration
IEEE 802.11b: 2.4GHz 11Mb/s
IEEE 802.11g: 2.4 GHz 54 Mb/s
IEEE 802.11n: 2.4GHz and 5GHz, 150-600 Mb/s range of 70m,
backwards compatible with a/b/g
IEEE 802.11ac: 5Ghz 450 Mb/s - 1.3 Gb/s, backward
compatible with a/ n
IEEE 802.11ad: WiGig uses tri-band of 2.4 GHz, 5GHz, 60GHz,
up to 7Gb/s

Purpose of the Data Link Layer

o Data link Layer

Responsible for exchange of frames between notes, allowing

upper layers to access media and controls how data is
placed/received on media
Accepts layer 3 packets, packaging them into frames
Controls MAC and performs error detection
Sublayer
Logical Link Control (LLC): upper sublayer, puts info in frame
identifying which protocol is used for the frame
Media Access Control (MAC): lower sublayer, provides DLL
addressing and delimiting of data, and type of DLL protocol
in use
MAC
Layer 2 protocols specify encapsulation of packet into frame,
and how to get frames on and off each medium (media
access control method)
Packets traverse over different physical networks- up to data
link layer to prep and control access
Without data link layer, IP would have to do all this work,
plus change as new media developed
Providing access to media
At each node, a router accepts frame, de-encapsulates, reencapsulates, and forwards

Layer 2 Frame Structure

o Formatting Data for Transmission
DLL protocols require control information
Includes header (control information like addressing), data
(IP header, transport layer header, and application data),
and trailer (control information for error detection)
o Creating a Frame
Framing breaks stream into groupings
Start and stop indicator flags- used by MAC sublayer to find
beginning and end limits of frame
Addressing- used by MAC sublayer to identify source and
destination nodes
Type- used by LLC to identify layer 3 protocol
Control- identifies special flow control services
Data- frame payload
Error Detection

Layer 2 Standards
o Generally not defined by RFCs
o Described by Engineering organisations (IEEE, ITU, ISO, ANSI)
and communication companies
Topologies
o Controlling Access
Equivalent of traffic rules regulating entrance of motor
vehicles onto roadway, but varies
Depends on topology and media sharing (point to point or
LAN)
o Physical and Logical
Physical: How end devices and infrastructure devices are
interconnected (point to point or star)
Logical: way a network transfers frames from one node to the
next, using virtual connections; signal paths defined by DLL
protocols
WAN Topologies
o Common Physical WAN
Point-to-Point: permanent link between two endpoints
Hub and Spoke: WAN version of Star- central site
interconnects branch sites using point to point
Mesh: High availability, but every end system connected to
everything, high admin/physical costs
o Logical Point to point topology
Don't have to share media with others, no question about
whether incoming frame is for them
o Physical point to point topology
Use of physical devices does not affect logical topology
Logical connection formed between two devices is called
virtual circuit (even if intermediary devices)
Media access method used by DLL protocol is determined by
logical point to point topology rather than physical
o Half and full duplex
Half Duplex- Both devices can transmit and receive on
media, but not simultaneously; ethernet established
arbitration rules to resolve same time conflicts

Full Duplex- Both devices can transmit and receive at same

time

LAN Topologies
o Physical LAN topologies
Star- End devices connected to central switch; most common
LAN topology as easy to install and troubleshoot, scalable
Extended star/Hybrid: central intermediate devices
interconnect other star topologies (in hybrid, may
interconnect using bus)
Bus: all end systems chained to each other, terminated in
some form on each end; switches not required, used in
legacy ethernet because cheap and easy set up
Ring: end systems connected to neighbour, not terminated;
used in Fiber Distributed Data Interface (FDDI) networkssecond ring for fault tolerance or performance
enhancements
o Logical Topology for shared media
When several entities share media, some mechanism must
be in place to control access- access methods
Contention-based access: all nodes compete, plan if there
are collisions
Controlled access: each node has own time to use medium
o Contention Based Access
Non-deterministic contention-based method, attempt to
access medium whenever it has data to send
Uses Carrier Sense Multiple Access (CSMA) process to first
detect if media carrying a signal
If busy, will wait short time and try again. If free, transmits
data- used by Ethernet and wireless networks
Can fail, causing data collision- corrupted, needs to be resent
Don't have overhead, but doesn't scale well under heavy
media use, and recovery mechanisms diminishes
throughput
Carrier Sense Multiple Access with Collision detection
(CSMA/CD): end device monitors for signal, if free, send, if
detected, wait (used by traditional ethernet)
Carrier sense multiple access with collision avoidance
(CSMA/CA): device checks for data signal- if free, notifies

across media of intentions- once receives clearance to

transmit, sends data (used by wireless 802.11)
Multi-access Topology
Number of nodes communicate with same media (bus)- all
receive frame, only intended recipient processes to see
content
Requires DL MAC method to regulate and reduce collisions
Controlled Access
Network devices take turns to access medium using token
(scheduled access/ deterministic)
Can be inefficient
Token ring, FDDI (based on token bus)- both obsolete
Ring Topology
Logical- Each node receives a frame, removes it, if not
addressed to node, passed on to next node (token passing).
Usually only 1 frame at a time carried by media- if no data
transmitted, signal (token) may be placed on media, and
node only places data frame on media when it has the
token

Data Link Frame

o Frame
Header, data and trailer
Structure of frame/fields vary according to protocol
DLL protocol describes features required for transport of
packets across different media
No one frame structure meets all needs and all types of
media
o Header
Unique to each type of protocol; following is Ethernet
Start Frame Field
Source and Destination Address fields
Type field (upper layer service contained in frame)
Other fields include
QoS/Priority field
Logical connection Control field (establishes logical
connection)
Physical Link control field (establishes media link)
Flow control field
Congestion control field

Layer 2 Address
Physical addresses don't indicate network- unique device
specific address
Used to locate device within limited area
Trailer
Error detection is placing a math summary of bits in packet,
added in DLL
Transmitting node creates logical summary of contentsCyclic Redundancy Check (CRC)
Value placed in Frame Check Sequence (FCS) of frame
Receiving node calculates own logical summary (CRC), and
compares two values
If different, frame discarded
LAN and WAN Frames
Layer 2 protocol depends on logical topology of network,
technology used to implement, and size of network
LAN uses high bandwidth technology, capable of supporting
lots of hosts
High bandwidth technology not cost effective for WANScost of long distance links means low bandwidths
Common DLL protocols
Ethernet
Point-To-Point Protocol (PPP)
802.11 Wireless
High level Data Link Control (HDLC)
Frame Relay
Ethernet Frame
Dominant, defined in 802.2 and 802.3
Supports 10 mbps, 100 mbps, 1gbps, 10 gbps
Methods of detecting and placing data on media varies
Provides service using CSMA/CD as media access method
PPP Frame
Delivers frames between 2 nodes, defined by RFC, developed
as WAN protocol
Can be used on twisted pair, fibre-optic, satellite, and virtual
Uses layered architecture- logical connections called sessions
Session hides media from upper PPP protocol, and can
encapsulate multiple protocols over PP link- each protocol
establishes own PPP session
Also allows 2 nodes to negotiate options- authentication,
compression, multilink

802.11 Wireless Frame (Wi-Fi)

IEEE 802.11 standard uses same LLC and addressing scheme
as other 802 LANs, but differences in MAC sublayer and
physical layer
No definable physical connectivity- external factors may
interfere, and difficult to control access
Contention-based system using CSMA/CA (random back off
procedure)
Use data link acknowledgements to confirm frame received
successfully- if not detected, frame is retransmitted
Other services are authentication, association, and privacy
Frame fields
Protocol Version field
Type and Subtype field (control, data, management)
To DS field (set to 1 in data frames destined for
distribution)
From DS field (set to 1 in data frames exiting
distribution)
More Fragments field (set to 1 for frames with another
fragment)
Retry field (set to 1 if retransmission)
Power management field (1 if node is in power save
mode)
More Data field (1 if more frames buffered for power
saved mode)
Wired Equivalent Privacy (WEP) field (1 if frame
contains WEP encrypted info/security )
Order field (1 that uses Strictly Ordered Service Class)
Duration/ID Field (time or association identity (AID) for
transmission station)
Destination Address field (MAC Address for final )
Source Address
Receiver Address (device thats immediate recipient)
Fragment Number field
Sequence number field
Transmitter Address field
Frame Body field
FCS field (32 bit CRC)

CHAPTER 5

Ethernet Operations
LLC and MAC Sublayers
o Operates in DLL and physical layer
o 802.2 in LLC, 802.3 in MAC and physical
o Supports from 10Mb/s to 100 Gb/s
o

LLC Sublayer

MAC Sublayer

Implemented by hardware: Ethernet

802.3
802.3u fast ethernet
802.3z GigabitEthernet
FDDI
MAC Sublayer
o Two primary responsibilities are data encapsulation and media
access control
o Data Encapsulation
Frame assembly before and disassembly after- add header
and trailer
Frame Delimiting: identifies a group of bits making up a
frame- synchronisation
Addressing: Adds MAC address
Error Detection: CRC in trailer, after reception, node creates
CRC- compares for match
o Media Access Control
Responsible for placement and removal of frames from
media
o Logical topology of Ethernet is multi-access bus: all nodes share
medium
o Contention-based, uses CSMA technology
Media Access Control
o CSMA
Detects if carrying signal
Data collision: when CSMA fails
o CSMA/CD
Using switches and full-duplex mean now unnecessary

Takes network layer packet, adds control information to

help deliver packet to destination node
Can be considered driver software for NIC

CSMA/CA
If free media, sends notification with intent to use, then
sends data
Wireless LAN
MAC Address: Ethernet Identity
o MAC Address used to remove overhead of every computer in
network processing every frame
o MAC added as part of layer 2 PDU
o 48-bit binary value as 12 digits
o Structure
MAC must be globally unique
IEEE enforced rules for vendors - assigns vendors
Organisationally Unique Identifier (OUI) 24 bit code
Last 24 bits must have unique value
Frame Processing
o MAC address (BIA) historically burned into ROM on NIC
o At boot, NIC copies MAC addresses into RAM
o Each NIC in network views packet at MAC to see if destination
o

Ethernet Frame Attributes

o Ethernet Encapsulation
Each section of frame is called a field
802.3 Ethernet and DIX Ethernet II
Difference is addition of Start Frame Delimiter (SFD) and
change from Type to Length in 802.3
Ethernet II used in TCP/IP networks
o Ethernet Frame Size
Both standards define minimum size as 64 bytes and
maximum as 1518 (Preamble and SFD not included)
Any frame less than 64 is collision fragment or runt frame
and is discarded
802.ac extended max to 1522 to accommodate VLAN
QoS leverage User Priority field
o Introduction to the Ethernet Frame
Preamble 7 and Start Frame Delimiter 1 Fields
Used for synch between devices
Tell receivers to get ready for new address
Destination MAC Address Field
6 bytes identifier for recipient
Source MAC Address field 6

Length Field 2
Defines length of data field- used by FCS to ensure no
errors
Describe which protocol is present
If less/more than 1500, then Ethernet II/802.3
Data Field
46-1500
If small packet is encapsulated, additional bits called a
pad used to increase size to 64
Frame Check Sequence Field 4
CRC
If no match, frame is dropped

Ethernet MAC
o MAC Addresses and Hexadecimal
Respresented by 0x prefix, or H suffix
Used to represent MAC or IPv6 addresses
Conversions
Easier to convert to binary, then hex/decimal
o MAC Address Representations
Ipconfig /all used to identify MAC address
o Unicast MAC Address
o

Broadcast MAC Address

Contains destination IP with all 1s in host portion, and all
hosts on LAN receive packet
DHCP and ARP use proadcasts
FF-FF-FF-FF-FF-FF MAC address
Multicast MAC Address
Sends packet to group of devices
Devices in multicast group are assigned group IP address
Between 224.0.0.0 and 239.255.255.255
Source will always have unicast address
Useful in remote gaming, and distance learning
MAC address always begins with 01-00-5E

MAC and IP
o End-to-End Connectivity, MAC, and IP
Source sends packet using IP address, using DNS

In link paths, need to use MAC

Switches look at MAC, routers look at IP

ARP Functions
Broadcast requests and unicast replies
Resolves IPv4 addresses to MAC
o When packet encapsulated to frame, node refers to table to find
DLL address mapped to IPv4 address- called ARP table/cache,
stored in RAM
o Each entry binds IP to MAC- relationship is called a map
o If MAC found in table, uses it as address
Maintains a table of mappings
o Maintained dynamically- monitor incoming traffic, or send ARP
request
o Unicast reply comes, and new entry is made in table
o Time stamped- if expires, removed from table
o Static entries can be entered, and do not expire over time
ARP Operations
Creating the Frame
o If no response, packet dropped as it cannot be created
ARP Role in Remote Communication
If destination host not on local network, delivered to router, using
gateway MAC address
When packet created, compares destination IP address and own IP
address to see if on local network; if not, determines MAC address
for router
Removing entries from an ARP Table
ARP cache timer removes entries- time different
Commands used to manually remove
Need to remove no longer operational devices, otherwise will
attempt to send
ARP tables on Networking devices

Show ip arp used to display ARP table on cisco

Arp -a used to display on Win7

ARP Issues
How ARP can create problems
o Broadcasts, overhead on the media
Possible reduction in performance if lots try to access
simultaneously initially, until ARP established
o

Security

ARP spoofing/poisoning
Inject wrong MAC address with fake ARP replies
Frames sent to wrong destination
Manually configuring static, or restrict
Mitigating ARP problems
o Modern switches provide segmentation, divide LAN into
independent collision domains
o Each port provides full media bandwidth
o Isolate unicast communications so that they're only heard by
source and destination- ARP replies only 2 nodes

Specialised access lists and port security

Switching
Switch port fundamentals
o Based only on OSI MAC address
o Builds MAC address table used to make forwarding decisions
Switch MAC address table
o Switch fabric is integrated circuits and accompanying machine
programming that allows data paths through switch to be
controlled
o For switch to know which port to use, must learn which nodes
exist
o Handles incoming data using MAC address table- records MAC
address of nodes from each port
o If dont know, forwards packet to all ports, receives response
and records
o If connected to another switch, can have multiple MAC
addresses for that switch in table
Duplex Settings
o Port must be configured to match duplex setting of media type

Half Duplex (CSMA/CD)

Unidirectional data flow
Higher collision rates
Hub connectivity
o Full Duplex
Bidirectional, reducing wait time
Frames cannot collide because end nodes have two
separate circuits
Point to point only, attached to dedicated switch port,
requiring full duplex support on both ends
Collision free, and CD circuit disabled
o Cisco Catalyst switch supports full, half, and autonegotiationtwo ports communicate to decide best mode
Auto-MDIX
o Must have correct cable type for each port
o Now support mdix auto interface config command
o Allows either cross over or straight through
Frame forwarding methods on Cisco Switches
o Store-and-forward switching- computes CRC, if valid continues
(needed for QoS) used in cisco catalyst
Cut-through switching
o forwards frame before fully received: at minimum destination
address needed
o Fast-forward Switching- typical method, can have errors, lower
latency
o Fragment-free switching- stores first 64 bytes (most errors occur
here), small CRC
o Some switches do cut-through until lots of errors, then change
to store-and-forward until under threshold again, then goes
back
Memory Buffering on Switches
o May use buffering technique to store, or when destination port
is busy
o Port-based memory: specific incoming and outgoing port
queues
o Shared memory: common memory buffer, dynamically linked,
asymmetric switching allows different data rates on different
ports
o

Fixed or Modular

Fixed versus Modular Configurations

o Power over Ethernet (PoE): allows switch to deliver power to
device over Ethernet cabling
o Forwarding Rate: rates how much data a switch can process per
second
o Entry layer switches have lower FR than enterprise layer
switches
o Switch form factors: Stackable/non-stackable, thickness of
switch (number of rack units), port density
o Fixed configuration Switches: fixed
o Modular Switches: flexible with different sized chassis for
different numbers of modular line cards (containing ports)
o Stackable configuration switches: connected by special cable to
make 1 large switch
Module Options for Cisco Switch Slots

Layer 3 Switching
Layer 2 Versus Layer 3 Switching
o Layer 2 based only on MAC address and depends on routers to
pass data out of LAN
o Layer 3 can also use IP address information, can also perform
routing functions
Cisco Express Forwarding
o CEF decouples layer 2 and layer 3 decision making to accelerate
forwarding
o Forwarding information base (FIB): similar to routing table- best
path to destination network stored in CEF data structuresnetworking device uses FIB lookup table to make decisions
without route cache, and updated when changes
o Adjacency tables maintain layer 2 next-hop addresses
o Separation of FIB and adjacency benefits
Separate building, without any packets being process
switched
MAC header rewrite not stored in cache, so changes do not
require invalidation of entries
Types of Layer 3 Interfaces
o Switch Virtual Interface (SVI): logical interface associated with
VLAN- must be enabled for remote, as well as routing between
VLANs

Routed Port: physical port acting as router port on switchenable them to act as routers
o Layer 3 EtherChannel: logical interface associated with bundle
of routed ports. Used to bundle Ethernet links to aggregate
bandwidth
Configuring a Routed Port on a Layer 3 Switch
o Not associated with VLAN, can be configured with layer 3
routing protocol, and does not support layer 2 protocol
o Interface mode, no switchport
o

CHAPTER 6

Network Layer in Communications

The Network Layer
o Addressing End Devices: must have unique IP address
destination
o Encapsulation: Receives PDU from transport layer, adds header
info (IP source and destination addresses)
o Routing: Provides services to direct packets to host on another
network- must be processed by router, role of router to select
paths for and direct packets
o De-encapsulation: When packet arrives at network layer of
destination, IP checked, if match, header removed, passed to
transport layer
Network Layer Protocols
o Network layer protocols specify the packet structure and
processing used to carry the data from one host to another
host- IPv4, IPv6
o Legacy Protocols include IPX, AppleTalk, CLNS/DECNet
Characteristics of the IP Protocols
Characteristics of IP
o IP is network layer service implemented by TCP/IP Protocol suite
IP- Connectionless
o No dedicated end to end connection created before sending
packet
o Does not require initial exchange of control information, nor
any additional fields in header to maintain connection, greatly
reducing overhead
o Senders unaware whether destination is present/functional, or if
received/accessible/readable
IP- Best Effort Delivery
o No capability to manage/recover from undelivered/corrupt
packets
o No synchronisation data for tracking or confirmation, may be
out of order, corrupt, or missing
o Resolution of these issues in upper layer services (TCP)
o IP more adaptable and accommodating for different types of
communication
IP- Media Independent

Can go on any medium- responsibility of DLL to prepare packet

for transmission
o 1 characteristic of media- max size of PDU allowed- Maximum
Transmission Unit (MTU)
o DLL passes MTU up to network layer
o Sometimes router must 'fragment' packet when forwarding to
medium with smaller MTU
Encapsulating IP
o Header added so it can be routed through complex networks to
reach destination
o Allows services at different layers to develop and scale without
affecting other layers- new protocols can be made without
affecting other layers
o

IPv4 Packet
IPv4 Packet Header
o ARPANET 1983
o IP Header and Payload
o Version: IPv4 is 0100
o Internet Header Length (IHL): 4 bit identifies number of 32 bit
addresses in header- minimum 5, maximum 15 (20-60 bytes)
o Differentiated Services (DS): 8 bits to show priority of packet.
First 6 identify Differentiated Services Code Point (DSCP) for
QoS. Last 2 identify Explicit Congestion Notification (ECN) value
used to prevent dropped packets during congestion
o Total Length: 16 bits defines entire packet size- minimum 20
bytes, max 65,535 bytes
o Identification: 16 bits identifies fragment
o Flags: 3 bits how fragmented, used with Fragment Offset and
Identification fields
o Fragment Offset: 13 bits identifies order to place fragment
o Header Checksum: 16 bits used for error checking header
o TTL: 8 bits specified in seconds but usually hop count,
decreased by 1 each hop. If turns to 0, router discards and
sends ICMP time exceeded message
o Protocol: 8 bits data payload type- ICMP (1), TCP (6) and UDP
(17)
o Source IP Address
o Destination IP Address
IPv4 Header Fields

Remaining Fields identify/validate packet (See blue above)

Or reorder fragmented packet (green)
Sample IPv4 Headers
o
o

IPv6 Packet
Limitations of IPv4
o IP Address Depletion: 4 billion addresses, Increasing IP enabled
devices, always-on connections, and potential growth
o Internet Routing table expansion: More nodes connect, number
of network routes increase, consume memory and processor
resources
o Lack of End-to-end connectivity: Network Address Translation
(NAT) allows for multiple devices to share 1 public IP addressinternal network host address is hidden, problematic for end to
end connectivity
Introducing IPv6
o 1990s IETF
o Increased Address Space: 128 bit hierarchical- 340 undecilion
addresses
o Improved Packet Handling: Simplified, fewer fields, improving
packet handling and support for scalability
o Eliminates need for NAT: reduces problem, everyone can get an
IPv6 address
o Integrated Security: supports authentication and privacy
capabilities
Encapsulating IPv6
o IPv4 Header had 20 octets and 12 basic fields
o IPv6 Header has 40 octets (mostly addresses) and 8 header
fields
o Better routing efficiency for performance and scalability
o No requirement for processing checksums
o Simplified more efficient extension header mechanisms
o Flow label for per-flow processing, don't need to open inner
packet to identify various traffic flows
IPv6 Packet Header
o Version: 4 bits IPv6 is 0110
o Traffic Class: 8 bit field same to DS in IPv4
o Flow Label: 20 bits provides special service to real-time
applications, used to inform routers/switches to maintain same
path for packet flow so not reordered

Payload Length: same as Total length in IPv4

Next Header: Same as protocol Field- payload type, where to
pass up
o Hop Limit: Same as TTL
o Source Address
o Destination Address
o Optional Extension Headers (EH): placed between header and
payload, used for fragmentation, security, mobility, etc.
Sample IPv6 Header
o
o

How a Host Routes

Host Forwarding Decision
o Itself: loopback (127.0.0.1)- useful to test connection
o Local Host
o Remote Host
o Local/remote dependent on IP address and subnet mask of
source compared to destination
Default Gateway
o Maintains routing table- data file in RAM used to store route
info about direct and remote networks
o Hosts have local routing table containing:
Direct Connection: loopback
Local Network Route: network automatically populated
Local Default Route: How to get to default gatewaydynamically or manually configured
IPv4 Host Routing Table
o Route print (netstat -r) used to display host routing table
o Interface List: lists MAC address and assigned interface number
o IPv4 Route Table: Lists all routes
Network Destination: Lists reachable networks
Netmask: subnet mask
Gateway: lists addresses used to get to remote network
destination- if directly reachable, "on-link"
Interface: lists address of physical interface going to
gateway
Metric: Cost of each route
o IPv6 Route Table: lists all IPv6 routes
Ipv4 Host Routing Entries
o Destination networks can be grouped into 5 sections

0.0.0.0: all packets that don't match any addresses go to default

gateway
o 127.0.0.0-127.255.255.255: Loopback
o 192.168.10.0/24: has network address representing all, the host
address, and the broadcast address
o 224.0.0.0: Multicast class D addresses, through loopback or host
IP interface
o 255.255.255.255: limited broadcast IP address values for
loopback/host, used to find DHCP server
Sample IPv4 Host Routing Table
Sample IPv6 Host Routing Table
o If: Lists interface numbers from list section of netstat -r
o

Router Routing Tables

Router Packet-forwarding Decision
o Directly-connected routes: from active router interfaces, added
when interface is configured with IP address and activatedeach interface connected to different network segment,
maintain information about network segments
o Remote Routes: from remote networks, can be manually
configured or dynamically by allowing router to exchange
routing info with others using dynamic routing protocols.
IPv4 Router Routing Table
o Both routing tables identify destination network, metric, and
gateway
o Show ip route used to display routing table, as well as how
route learned, last update, which interface to use
o When packet arrives, header examined for destination network;
if match in table, packets forwarded
Directly Connected Routing Table Entries
o Two entries automatically created when interface is configured
o Route Source: How route was learned (C= connected, L=link
local)
o Destination Network: Address of remote network
o Outgoing Interface: identifies exit interface
o S=Manually created by admin to reach specific network- static
route
o D=Dynamically learned using Enhanced Interior Gateway
Routing Protocol (EIGRP)

O=Dynamically learned using Open Shortest Path First (OSPF)

Remote Network Routing Table Entries
o Normal Local fields plus
o Administrative Distance: Trustworthiness of route source
o Next-Hop: Identifies IP address of next router
o Route timestamp: last heard from
Next-Hop Address
o Address of device processing packet next
o Networks directly connected to router have no next-hop, as
router can forward directly to hosts
o If route representing destination network is not in routing table,
packet is dropped
o Router can be configured to use default static route to create a
Gateway of Last Resort
Sample Router IPv4 Routing Table
o

Anatomy of a Router
A Router is a computer
o Branch: teleworkers, small business, medium size branch sites.
Cisco 800, 1900, 2900, 3900, ISR, G2
o WAN: Large businesses, organisations, enterprises. Catalyst
6500 Series, ASR 1000
o Service Provider: Large SP. ASR 1000, ASR 9000, XD 12000, CRS3, 7600 Series
o All require OS, CPU, RAM, and ROM, NVRAM
Router CPU and OS
o CPU needed to execute OS instructions- initialisation, routing
and switching functions
o OS needed to provide these functions, usually Internetwork
Operating System (IOS)
Router Memory
o RAM
IOS copied on during bootup
Running config file
IP routing table
ARP Cache
Packet Buffer
Use Dynamic RAM- DRAM, which stores instructions and
data needed by CPU
Volatile memory

ROM
Bootup instructions
Basic Diagnostic software- POST
Limited IOS- limited back up of OS
Firmware embedded on integrated circuit
o NVRAM
Permanent storage for startup config
o Flash Memory
IOS copied from flash into RAM during bootup
o 1941 routers come with 2 external Compact Flash slots
Inside a router
o Fan
o Power Supply
o Shield for WAN interface card WIC or high speed WIC
o Advanced Integration Module (AIM) option that offloads
processor-intensive functions such as encryption from the main
CPU
o Synchronous Dynamic RAM used for holding the running config
and routing tables, and for supporting packet buffering
o Nonvolatile RAM and boot flash memory used for storing the
ROMMON boot code as well as
o CPU
Router backplane
o Console Ports: 2 for initial configuration using RJ-45 and USB
Type-B (Mini B)
o AUX port: RJ-45 for remote management access
o Two LAN Interfaces: Gigabit Ethernet
o Enhanced High-speed WAN interface Card (EHWIC) slots: 2
provide modularity and flexibility, supporting different types of
interface modules- serial, DSL, switch port, wireless
o Dual compact flash memory slots: can support 4 GB compact
flash card for more storage space
o 2 USB host ports: additional storage space, secure token
capability
o Compact Flash: store IOS software image, log files, voice config
files, HTML files, backup configs- default only slot 0 is populated
Connecting to a router
o Management Ports: Console and Auxiliary ports used to
configure, manage and troubleshoot router, not packet
forwarding
o

Inband Router interfaces: LAN (ethernet) and WAN (serial and

DSL) interfaces with IP to carry traffic.
o LED indicator shows status information- if off while active,
something is wrong
LAN and WAN interfaces
o Accessing CLI environment- Console, Telnet/SSH, AUX
o Every interface on router is member on a different IP networkIOS does not allow two active interfaces to be on same network
o Ethernet LAN Interfaces: connect to hosts or other routers
o Serial WAN Interfaces: connects routers to larger networks over
larger distance
o

Router Bootup
Cisco IOS
o Addressing, Interfaces, Routing, Security, QoS, Resource
Management (SQRAIR)
o IOS file several mb, stored in flash memory, allowing upgrades
or new features added
o During bootup, IOS copied from flash into RAM; faster, so
increases performance
Bootset files
o IOS Image File: basic operation of device's hardware
components- flash
o Startup configuration file: commands to initially configure
router and create running config- NVRAM
Router bootup process
1. Perform POST and load bootstrap program
i. POST tests router hardware, conducted by ROM chip on
CPU, RAM, NVRAM
ii. After POST, bootstrap copied from ROM to RAM, and
executes bootstrap task mainly to locate Cisco IOS and load
into RAM
2. Locate and load IOS software
i. During self decompression of IOS image file, string of #
displayed
ii. If not located in flash, looked for using TFTP server, if still
not found, scaled down version loaded instead, diagnose
problems or load full version
3. Locate and load startup config file or enter setup mode

i.

Bootstrap searches for startup config- if exists, copied into

running config
ii. If TFTP server not found, router displays setup mode
prompt
Show version output
o Use show version
o IOS version
o Bootstrap Program
o Location of IOS
o CPU and amount of RAM
o Interfaces
o Amount of NVRAM and Flash

Configure Initial Settings- Router Configuration Steps

1. Assign a name
2. Set Passwords
a. Privileged EXEC- Enable secret
b. Console- login, password
c. VTY- login, password
d. Service password-encryption
3. Provide legal notification using motd
4. Save configuration using copy run start
5. Verify using show
Configure Interfaces
Configure LAN Interfaces
o Interface type and number
o IPv4 Address and subnet mask configured
o Activate interface (no shutdown)
o Helpful to configure description on each interface- description

description

Verify Interface Configuration

o Show ip interface brief
o Shows all interfaces, IP address, and status
o Or ping command
o Show ip route
o Show interfaces
o Show ip interface

Configuring the Default Gateway

Default Gateway on a host
o Needed to send to remote networks
Default Gateway on a switch
o Intermediary devices also need default gateway
o Ip default-gateway ip address

CHAPTER 7

Transportation of Data
Role of the Transport Layer
o Tracking the individual communication between applications on
source and destination hosts: establishes temporary
communication sessions. Each set of data called conversation
(web pages, IM, video, etc)
o Segmenting data for manageability and reassembling into
streams of application data: TCP and UDP used to transport
layer segments into appropriate size, adding header
o Identifies proper application for each communication stream:
Transport layer must identify target application - assigns each
application an identifier (port number)
Conversation Multiplexing
o Some types of data use all available bandwidth, making error
recovery and retransmission difficult
o Segmenting allows interleaving (multiplexing) of different
communication from different users on same network
o Provides means to send and receive data when running multiple
applications
o Adds header that allows multiplexing
Transport Layer Reliability
o Manages reliability requirements of conversation
o Specifies how to transfer messages between hosts using
Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP)
o TCP is reliable full featured
o UDP is simple, no reliability provision
TCP
o Tracking transmitted data segments
o Acknowledging received data- sent in certain period of time
o Retransmitting any unacknowledged data
o File Transfer Protocol (FTP) and Hypertext Transfer Protocol
(HTTP) use TCP to ensure data delivery
o Place additional overhead
UDP
o No reliability, no burden on overhead
o Best effort delivery protocol
The right Transport layer protocol for the right application
o TCP good for when very specific sequence or all data needs to
be received needed: Databases, web browsers, email clients

UDP good for video streaming, internet radio,

Introducing TCP and UDP

Introducing TCP
o RFC 793
o Connection-oriented conversations by establishing sessions:
ensures destination can receive the data, negotiate traffic rate
o Reliable Delivery: lost segments resent
o Ordered data reconstruction/Same order delivery: numbers and
sequences segments to ensure proper order reassembly
o Flow control: if congestion, can request reduction of data flow
from source, preventing loss of segments
Role of TCP
o Stateful protocol: keeps track of state of communication
session- what has been acknowledged
o 20 bytes of overhead header
o Sequence number (32): reassembly order
o Acknowledgement number (32): indicates the data received
o Header length (4): data offset, indicates length of header
o Reserved (6): for future
o Control bits (6): flags to indicate purpose/function of TCP
o Window Size (16): number of segments accepted at one time
o Checksum (16): error checking
o Urgent (16): Indicates if data is urgent
Introducing UDP
o RFC 768
o Connectionless
o Unreliable Delivery
o No ordered data reconstruction
o No Flow control
Role of UDP
o Pieces of communication in UDP called datagrams
o DNS, Video Streaming, VoIP
o 8 bytes
o Data continues to flow quickly
o Source port (16)
o Destination port (16)
o Length (16)
o Checksum (16)
Separating Multiple Communications

During phone calls the user, not the protocol, manages lost
information
o Unique identifiers are port numbers
TCP and UDP Port Addressing
o Destination port: determines what kind of data
o Source port: randomly generated by sending device to identify
conversation between two devices, allowing simultaneous
conversations- separate HTTP service requests to web server at
same time
o Combination of source and destination IP addresses and port
numbers called socket
o Identifies server and service
o Socket identifies application process running on individual host
device
o Socket Pair has both source and destination sockets, identifying
specific conversation
o <ip address>:<port number>
o Communication endpoints known, allowing distinguishing
o IANA assigns port numbers
Well-Known Ports (0-1023)
Registered Ports (1024-49151): for user processes or
applications- when not used for server resource, can be
dynamically selected as source port
Dynamic or Private Ports (49152-65535): ephemeral ports,
assigned to identify client application during
communication when client initiates connection to service
Some applications use TCP and UDP- DNS can serve many
client requests very quickly, but requested info might need
reliability
o Netstat
Lists protocols in use, local address and port number,
foreign address and port number, and connection state
Unexplained/unnecessary TCP connections are security
threat and consume resources respectively
TCP and UDP Segmentation
o Different segmentation and order
o

TCP Communications
TCP Reliable Delivery
o Establishing connection, but overhead

TCP Server Processes

o Application processes run on servers, multiple at the same time,
each have port number
o Open application/port accepts segments
o Improve security: restrict server access to open ports
TCP Connection Establishment and Termination
o TCP is full duplex protocol- each connection is two one-way
communication streams
o Control bits indicate progress and status of connection
o Establishes destination device is present, verifies it has an active
accepting service for port number, and informs destination
device intention to connect
o Control information
URG- urgent pointer field significant
ACK- Acknowledgment field significant
PSH- push function
RST- Reset connections
SYN- synchronise sequence numbers
FIN- no more data from sender
TCP Three-Way handshake Analysis
o Step 1-synchronisation
Requests client to server communication with server
SYN set to one, sent to server
Indicate initial value in sequence number field (ISN),
randomly chosen, increments for each byte of data sent
o Step 2- acknowledges first request, synchronises connection
parameters in opposite direction
Server acknowledges session and requests server to client
session
SYN and ACK set to 1, sent to client
o Step 3- acknowledgment informs destination that both sides
agree of established connection
Client acknowledges server to client communication
session
ACK set to 1, sent to server
TCP Session Termination Analysis
o Set FIN control flag in segment header, using 2 way handshake
o Client sends FIN, Server sends ACK, Server sends FIN, Client
sends ACK

Reliability and Flow Control

TCP Reliability- Ordered delivery
o Arrive out of order, assembled in order
o ISN set, incremented by number of bytes
o Indicates order, how to reassemble, any missing packets
o Receiving TCP places data into receiving buffer, placed into
order- any non-contiguous held for later processing
TCP Reliability- Acknowledgement and Window Size
o SEQ and ACK number used to confirm receipt of bytes of data
o SEQ indicates relative number of bytes transmitted, inclusive of
its segment
o TCP uses ACK number sent back to indicate next byte expected
to receive - Expectation acknowledgment
o Source informed that destination has received all bytes in data
stream excluding byte indicated by ACK number- expected to
sent segment using sequence number equal to ACK number
o Amount of data a source can transmit before acknowledgment
must be received is called window size
TCP Reliability- Data loss and Retransmission
o Only acknowledges contiguous sequence bytes
o Returns to last ACK number and retransmits everything
o Typically, host transmits segment, puts copy in retransmission
queue with timer- if ACK not received, retransmitted
o Selective acknowledgments (SACKs): Optional- if both hosts
support, possible to acknowledge discontinuous segments
TCP Flow Control- Window Size and Acknowledgements
o Used to manage the rate of transmission to maximum flow,
while minimising loss and retransmissions
o First determines amount of data segments the destination can
accept
o Uses window size, initially agreed upon during 3 way
o Source must limit amount of data segments sent to destination,
and only after receiving an ACK it will send more
o Slowdown in data transmission helps reduce resource conflict
on network
TCP Flow Control- Congestion Avoidance
o Dynamic window size- control data flow
o When congested, TCP can reduce window size for more
frequent acknowledgment, also slowing down speed of
transmission

Once strain gone, slowly increases until drops another packet,

continuous up and down.

UDP Communication
UDP Low Overhead Versus reliability
o DNS, SNMP, DHCP, RIP, TFTP, VoIP, online games
o TCP would detect small losses and retransmit, which is more
detrimental
UDP Datagram reassembly
o Transaction based- when application has data to send, it sends
data, so arrives in wrong order
USP Server Processes and Requests
o Assigned port numbers, like TCP
UDP Client Processes
o As soon as data ready to be sent and ports randomly identified,
UDP can form datagrams and send them on
o Same ports used for all datagrams in transaction
TCP or UDP, that is the question
Applications that use TCP
o HTTP, FTP, SMTP, Telnet, DNS, SNMP
Applications that use UDP
o Applications that can tolerate data loss but can't have delay:
VoIP and IPTV
o have simple request and reply transactions: DCHP, DNS and
SNMP
o or unidirectional communication
o Handle reliability themselves: TFTP

CHAPTER 8

IPv4 Address Structure

Binary Notation
o In IPv4 networks, represented using 32 bits- but we see as
decimal format
o Positional Notation
Represents different values depending on position the digit
occupies
Binary number system
o Separating each byte (octet) with a dot
IPv4 Subnet Mask
Network portion and host portion of an IPv4 Address
o When determining network/host, need to look at 32 bit stream
o Bits in network portion must be identical for all devices on same
network
o Subnet mask determines which portion of address is networkplaces eight 1s (or 255) for each octet that is network portion, 0
for host
Examining the Prefix Length
o Number of bits set to 1 in subnet mask, slash notation
o For 255.255.255.0, 24 bits set to 1, so prefix length is /24
IPv4 Network, host, and broadcast addresses
o Network Address
All hosts in same network have same portion
Can be referred to as 10.1.1.0 network, 10.1.1.0
255.255.255.0 network, or 10.1.1.0/24 network
First address reserved for network address (10.1.1.0)
o Host Addresses
Can have any combination of 0s and 1s, but not all 0s or
not all 1s
o Broadcast Address
Allows communication to all hosts in network- uses highest
address- bits in host portion are all 1s
Not always an entire octet- directed broadcast
First host and last host addresses
o Must identify first and last host address
o First: always 1 greater than network address- common to use
for router/default gateway address
o Last: 1 less than broadcast address

Bitwise AND operation

o When IPv4 assigned, subnet mask used to determine what
network address device belongs to
o When sending network data, can use to determine whether it
can send packets locally, or default gateway
o When sending packet, compares network portion of own IP to
network portion of destination IP based on subnet
o If match, local, if not match, go to default gateway
o AND
One of three basic binary operations in digital logic.
AND used to determine network addressing
IPv4 host address manually ANDed with subnet mask to
determine network address- result yields network address
Importance of ANDing
o Properties of subnet are used to mask the host bits
o Host potion of network address is all 0s
o Used to network verify and troubleshoot

IPv4 Unicast, Broadcast, and Multicast

Assigning a Static IPv4 Address to a host
o Useful for printers, servers etc that don't change location
o Increased control of network resources- access filters based on
traffic, or from specific address
o Necessary to maintain list
Assigning a Dynamic IPv4 Address to a host
o New laptops/smartphones arrive, easier to do dynamically
o DHCP enables auto assignment- DHCP server needs address
pool used to assign
o Should be planned to exclude static devices
o Leased- if host powered down or taken off network, address
returned to pool for reuse
Unicast Transmission
o Used for normal host-to-host communication
o Use addresses of destination device as address
o Source address is always unicast address of originating host
Broadcast Transmission
o Packet contains all 1s in host portion
o Used for mapping upper layer addresses to lower layer
addresses (ARP)
o Or requesting an address (...ARP)

Or, usually restricted to local network, dependent on

configuration
o Directed: sent to all hosts on specific network (non local)- by
default routers don't forward broadcasts though
o Limited: local networks, always 255.255.255.255
o Broadcasts should be limited- so as not to adversely affect
performance
o Can subdivide networks to improve performance
Multicast Transmission
o Designed to conserve bandwidth
o Responsibility to replicate multicast flows so they reach only
intended recipients
o Examples: video and audio broadcasts, routing information
exchange, distribution of software, remote gaming
o Range is 224.0.0.0 - 239.255.255.255
o Subdivided into reserved link local addresses, globally scoped
addresses, administratively scoped addresses (limited scope
addresses)
o Reserved Link Local Addresses
224.0.0.0-224.0.0.255
Multicast groups on local network
Used in routing protocols used to exchange routing
information
o Globally Scoped Addresses
224.0.1.0-238.255.255.255
Multicast across internet
224.0.1.1 is reserved for network time protocol to
synchronise time of day clocks
o Multicast clients use services to subscribe to multicast group
o Each group represented by a single destination address
o Has group and unique address
o

Types of IPv4 Addresses

Public and Private IPv4 Addresses
o Some blocks of addresses in networks that require limited or no
internet access- private addresses
o 10.0.0.0-10.255.255.255 (10.0.0.0/8)
o 172.16.0.0-172.31.255.255 (172.16.0.0/12)
o 192.168.0.0 - 192.168.255.255 (192.168.0.0/16)
o Defined in RFC 1918, Address Allocation for Private Internets

RFC 6598 IANA reserved another group of shared address

space- only for use in service provider networks- 100.64.0.0/10
o Public Addresses: Majority, over internet
Special-use IPv4 Addresses
o Network and Broadcast Addresses: cannot be assigned to hosts
o Loopback: 127.0.0.1, direct traffic to self, can bypass lower
levels, and ping loopback address
o Link Local Addresses: 169.254.0.0-169.254.255.255, auto
assigned to local host by OS when no IP config available- for
not DHCP, same network, set time to live (TTL) to 1
o TEST-NET Addresses: 192.0.2.0/24 for teaching and learning
purposes- documentation and network examples
o Experimental Addresses: 240.0.0.0-255.255.255.25 reserved for
future use.
Legacy Classful Addressing
o RFC1700, Assigned numbers, grouped unicast ranges into class
A, class B, and class C, with class D as multicast and class E as
experimental
o Company assigned entire network from class A, B or C
depending on size
o Class A: >16mil host addresses, use /8, most significant bit of
high order octet to be 0, only 128 combinations, 10.0.0.010.255.255.255
o Class B: <65,000 hosts, /16, 128.0.0.0-191.255.0.0, around 16,000
networks
o Class C: max 254 hosts, /24, 192.0.0.0-223.255.255.0, occupies
12.5%, but 2 million networks
o Limits to class based system
Not all requirements fit into one of three classes
Abandoned in late 1990s, but OS still puts addresses into a
class
Inefficient, only /8, /16, /24
Wasted addresses
o Classless Addressing
Classless inter-domain Routing (CIDR)
In 1993, IETF created set of standards to allow providers to
allocate any address bit boundary
Temporary solution
Assignment of IP Addresses
o Unique public addresses must be regulated and allocated to
each organisation
o

IANA and RIRs

Manages allocation of IPv4 and IPv6 addresses
Remaining IPv4 address space allocated to Regional
Internet Registries for regional areas
AfriNIC, APNIC, ARIN, LACNIC, RIPENCC,
ISPs
RIRs allocate IP addresses to ISPs
ISPs supply/loan small number of addresses (6-14)
ISP Services
Provides DNS, email, and website, own set of internal data
networks
Tier 1: national/international directly connected to
backbone, customers either lower ISPs or large companies,
highly reliable, multiple fast connections, high costs
Tier 2: Business customers, more services- website
development and maintenance, e-commerce/e-business,
VoIP, slower internet and less reliability
Tier 3: purchase internet from tier 2 ISPs, retail and home
markets, primary need of connectivity and support, smaller
bandwidth/reliability, but good for small companies

IPv4 Issues
The need for IPv6
o 128 bit address for 340 undecillion addresses
o ICMPv6 (Internet Control Message Protocol Version 6) includes

address resolution and address auto-configuration

Depletion of address space was motivating factor- private

addresses and NAT (Network Address Translation) slowed
down, but NAT impede peer-to-peer
o Internet of things: everything is connected (smart home
technology)
IPv4 and IPv6 Coexistence
o Dual Stack
Allows IPv4 and IPv6 to coexist on same network- run
o

simultaneously

Tunneling
Transporting IPv6 packet over an IPv4 network- IPv6
encapsulated in IPv4 packet
Translation
NAT64 allows IPv6-enabled devices to communicate with
IPv4 enabled devices

IPv6 Addressing
IPv6 Address Representation
o 32 bits, can be upper or lowercase
o Preferred format is 4 letters then :
Rule 1: Omit leading 0s
o To reduce, omit leading 0s
Rule 2: Omit all 0 segments
o Compressed format
Types of IPv6 Addresses
IPv6 Address Types
o Unicast: unique identification
o Multicast
o Anycast: any IPv6 unicast address that can be assigned to
multiple devices- beyond scope
IPv6 Prefix Length
o Prefix can range from 0-128, but generally /64
IPv6 Unicast Addresses
o Unicast address uniquely identifies interface on IPv6-enabled
device. 6 types
o Global Unicast: similar to public IPv4 Address, can be
dynamically or statically addressed
o Link-Local: communicate with other devices on same local

link/subnet

Loopback: ::1/128, send a packet to itself

Unspecified Address: ::/128, can only be used as source addresswhen device doesn't have permanent IPv6 address yet, or
irrelevant to destination
o Unique Local: FC00::/7-FDFF::/7, used for local addresses in a
site or limited number of sites, not routable
o IPv4 embedded: used to help transition, beyond scope
IPv6 Link-Local Unicast Addresses
o Cannot be routed, have significant role in aspects of networkevery IPv6 interface must have link-local address
o On FE80::/10 range
o Used by routing protocols to exchange messages as next-hop
address
o
o

IPv6 Unicast Addresses

Structure of an IPv6 Global Unicast Address
o ICANN is operator for IANA allocates IPv6 to 5 RIRs
o Currently only first three bits 001 or 2000::/3 addresses are
being assigned- only 1/8th
o 001 heading the Global routing prefix, Subnet ID, Interface ID
o Global Routing Prefix: Network address, /48
o Subnet ID: Used by organisation to identify subnets within its
site
o Interface ID: host portion- but one host can have many
interfaces, each one having one IPv6 address
Static Configuration of a Global Unicast Address
o Router Config
Replace ip with ipv6 in commands
In interface config, type below, no shutdown, exit
Ipv6 address ipv6-address/prefix-length
o Host Config
Type in global unicast address for router 1 connection, or
default gateway address can match link local address
Dynamic Configuration of a Global Unicast Address Using SLAAC
o Stateless Address Autoconfiguration (SLAAC) allows device to
obtain prefix, prefix length, and default gateway address from
router without server
o Relies on router's ICMP's Router Advertisement (RA) messages
o Routers periodically send out RA messages- default 200
seconds
o Device can send Router Solicitation (RS) using all routers
multicast
o IPv6 router forwards IPv6 packets between networks, configured
static or dynamic IPv6, and sends ICMPv6 RA messages
o By default not enabled, need ipv6 unicast-routing
o RA message can contain 3 options
o 1- SLAAC only: device uses everything received, no info
available from DHCPv6 server
o 2- SLAAC and DHCPv6: use SLAAC info but get other info (like
DNS server address) from DHCPv6 server- called stateless
DHCPv6
o 3- DHCPv6 only: doesn't use RA messages- DHCPv6 assigns and
keeps track of IPv6 addresses
Dynamic configuration of a Global Unicast Address using DHCPv6

IPv6 allows for multiple IPv6 addresses to be configured on

same interface
o Interface ID: if RA message not used, then interface ID is
provided, but if used, then client must determine own ID
EUI-64 Process or Randomly Generated
o Extended Unique Identifier (EUI) defined by IEEE
o Uses client's 48 bit MAC address, and inserts 16 bits into middle
to create 64 bit Interface ID
o In between OUI and device identifier
o OUI's 7th bit is reversed
o Insert 16 bit value FFFE
o Advantage: MAC can be used to determine ID, allows easy
tracking, BUT privacy concerns, traced to physical computer
o Randomly Generated Interface IDs: better security (can't be
tracked by MAC address), beginning with vista
o After ID established, combined with prefix to create global or
link local (FE:80::/10)
Dynamic Link-Local Addresses
o After Global unicast address is assigned, device automatically
creates link-local address
o Link local address of router is default gateway address,
exchange routing protocol messages using this, routing tables
use addresses to identify next hop router
o Dynamically created with FE:80::/10 prefix, and ID
o Cisco uses EUI-64 by default
o Drawback is length
Static Link-Local Addresses
o Provides ability to create address that is recognisable, easy to
remember
o Ipv6 address link-local-address link-local
o Only has to be unique on that link
Verifying IPv6 Address Configuration
o Show ipv6 interface brief
o Serial interfaces don't have MAC addresses, so IOS shows MAC
address of first available ethernet interface
o Show ipv6 route
o In route table, C means directly connected
o Global unicast address installed as local route, which has /128
prefix
o Ping is same
o

IPv6 Multicast Addresses

Assigned IPv6 Multicast Addresses
o Reserved multicast addresses for predefined groups of devices
o Reach a group of devices running common protocol or service
o FF02::1 All-nodes multicast group: like broadcast, ICMP, RA
o FF02::2 All-routers multicast group: all IPv6 routers
Solicited-Node IPv6 Multicast Addresses
o To reduce number of devices to process traffic, use this
o Address only matches the last 24 bits of global unicast address
of device
o This address automatically created when global unicast address
and link-local unicast address are assigned
o FF02:0:0:0:0:1:FF00::/104 multicast prefix
o Least significant 24 bits, copied from global unicast or link local
unicast address of device
ICMP
ICMPv4 and ICMPv6 Messages
o If certain errors, IP messages sent
o ICMP is for both IPv4 and IPv6, messaging protocol and more
respectively
o Host confirmation: Echo used to determine if operational- basis
of ping
o Destination/service unreachable: when host/gateway receives
package it can't deliver- 0=net unreachable, 1=host
unreachable, 2=protocol unreachable, 3=port unreachable
o Time exceeded: TTL field was decremented to 0- router discards,
sends message to source host (IPv6 uses hop limit field)
o Route redirection: notify hosts that better route available - only
when source host on same physical network as both gateways
ICMPv6 Router Solicitation and Router Advertisement Messages
o New protocols as part of neighbour Discovery Protocol (NDP)
ICMPv6 Neighbour Solicitation and Neighbour Advertisement
Messages
o Address resolution: When IPv6 known, but not MAC, sends to
solicited node address
o Duplicate Address Detection: when global/link-local assigned,
DAD should be performed to ensure its unique- sends to own

IPv6 address, if another device has it, they'll respond with NA

message, but if not returned, acceptable
Testing and Verification
Ping: Testing the local Stack
o Local loopback- 127.0.0.1, or ::1
o If error message, then ICP/IP not operational on host
Ping: Testing Connectivity to the Local LAN
o Ping gateway of default gateway
Ping: Testing connectivity to remote
o Lack of ping could be due to security restrictions
Traceroute: Testing the path
o Generates list of hops
o Round Trip Time (RTT): used to locate bad router along path
o TTL/Hop limit: starts with 1, receives response from first host,
then progressively increments TTL field

CHAPTER 9

Network Segmentation
Reasons for subnetting
o Reduces overall network traffic and improve network
performance-(Flat network design- all devices on one IP
network, good for small networks but Broadcasts create traffic
on large)
o Grouped by geographic location, organisational unit, device
type
Communication between subnets
o Routers use subnet mask to determine if local or remote
destination host
o Subnetting creates multiple logical networks from single
address block, each treated separate
o Traffic must be forwarded between subnets using routers-each
interface must have IP address
IP Subnetting is Fundamental
The plan
o Examine needs of organisation's network usage and how
subnets are structured via network requirements study
o Look at entire network, determine main sections, and how
segmented
o Address plan- needs for each subnet in size, hosts, and host
addresses, static/dynamic
o Public addresses generally allocated by SP
o

10.0.0.0

255.0.0.0

172.16.0.0

255.240.0.0

192.168.0.0

255.255.0.0

The plan: address assignment

o Create standards within each subnet range- printers/servers are
static, users receive IP from DHCP using /24, routers assigned
first available host addresses
o How many subnets required and max number needed per
subnet

Subnetting an IPv4 Network

Basic Subnetting
o IPv4 subnets created by using 1+ host bits as network bits- the
more hosts borrowed, more subnets defined
o For each bit borrowed, number of subnets doubled
Subnets in use
o Network Address- all 0 in host
o First host- all 0 plus 1 bit on right
o Last host- all 1 plus 0 on right
o Broadcast address- all 1 bits in host
Subnetting Formulas
o Calculating Subnets
2^n (number of bits borrowed)
2^n (number of bits remaining)
Creating Four subnets
o 2 bits are borrowed, 192
o Host calculation- 2^6 = 64 (only 62 available
Creating Eight subnets
o Borrow 3 host bits
o 255.255.255.224
o Host calculation 32, so 30
Creating 100 Subnets with a /16 prefix
o Borrow 7 bits to make 128, BUT no hosts left
o Need networks with default mask of /16 (255.255.0.0)
o Address Range 128-191 in 1st octet have this
o Now, when borrow, 9 host bits left = 512
Calculating the hosts
o Organisations that require a lot of subnets need to tell ISP
o IP address range 1-126 in first octet /8
o Borrow 10 bits to get 1024, subnet is /18
o 14 bits left, so 16382 hosts
Determining the Subnet Mask
Subnetting based on host requirements
o How many hosts and subnets needed
o Must leave enough hosts for largest subnet
Subnetting network-based requirements
o Sometimes subnet number more important
Subnetting to meet network requirements
o Point to point WAN links only need 2 hosts

o
o
o

Maximum number should allow for growth

First consider number of hosts needed totally
Then number of subnets and hosts in each

Benefits of variable-length subnet masking

Traditional subnetting Wastes addresses
o If all are 30 hosts, then WAN wastes 28 hosts
o Subnetting a subnet to maximise
Variable-length subnet masks
o Varies depending on how many bits borrowed for particular
subnet
Basic VLSM
o Subnetting subnets reduces number addresses per subnet to
appropriate size
o Frees up for future networks
VLSM in Practice

VLSM Chart
o Identify which blocks available for use
o Assign to minimise waste and keep unused contiguous

Structured Design
Planning to address the network
o Preventing Duplication of Addresses: documentation needed
o Providing and Controlling Access: Servers can give info to
internal and external hosts
o Monitoring Security and Performance: examine network traffic
for excessive packet addresses
Assigning addresses to devices
o Address for clients- usually DHCP, reduces burden, virtually
eliminates entry errors, leased
o Address for Servers and Peripherals- static, use consistent
numbering system for devices
o Address for hosts accessible from internet- generally servers,
static, have public space address, or private and router
configured to translate into public
o Addresses for Intermediary devices- concentration point for
traffic, good to monitor, manage, secure network, assigned level
3 addresses manually

Address for the Gateway (Router and firewalls)- IP for each

interface, uses lowest/highest address (uniform across
organisation), network security by filtering packets
Subnetting an IPv6 Network
Subnetting using the subnet
o Subnetted to support hierarchical, logical design of network
o IPv6 address with /48 Global Routing Prefix has /16 subnet ID
o Doesn't require borrowing bits
o Just count up in hex
IPv6 subnet allocation
o WAN subnets are not subnetted further
Subnetting into the interface ID
o Can borrow bits from interface ID
o Typically done for security reasons- less hosts on subnet
o Subnet on nibble boundary- 4 bits (1 hex digit)
o

CHAPTER 10

Application, Session and presentation

OSI and TCP/IP Models Revisited
o TCP/IP Application Layer = OSI model Application,
Presentation and Session Layer
Application layer
o Interface between applications and network
o HTTP, FTP, TFTP, IMAP, DNS
Presentation Layer
o Formats/presents data from source into compatible form for
destination
o Compresses data
o Encrypts data
o Quicktime, MPEG, GIF, JPEG, PNG
Session Layer
o Create and maintain dialogues between source/destination
o Restarts sessions
TCP/IP Application Layer Protocols
o

Domain Name System

Internet names to IP addresses

Telnet

Remote access to servers

Simple Mail Transfer

Protocol

Transfers mail messages and

attachments

Dynamic Host
Configuration Protocol

Assigns IP address, mask, DG, DNS

server address

Hypertext Transfer
Protocol

Transfers files that make up web

pages of WWW

FTP

Interactive file transfer

Trivial File Transfer

Protocol

Connectionless active file transfer

Bootstrap Protocol
(BOOTP)

Precursor to DHCP, obtain IP

address during boot up

Post Office Protocol

Used by email clients to retrieve

email from remote server

Internet Message
Access Protocol

Another email retrieval protocol

How Application protocols interact with end user applications

Peer-to-peer Networks
o 2+ computers connected via network, can share without
server
o Decentralises sources, no extra software required
o However hard to enforce security or user accounts, must
manually set up on each computer, unsafe if more than a
couple computers
P2P Applications
o Can be client and server at same time
o Need user interface and run background service
o Hybrid system: resource sharing decentralised, but indexes
are in centralised directory
o Index server help connection, but once connected, no
additional help
Common P2P Applications
o eDonkey, eMule, Shareaza, BitTorrent, Bitcoin, LionShare
o Gnutella Protocol: allow hard disk file sharing
Client-server model
o Client and server applications in application layer
o Additionally user authentication and identification

o
o
o
o
o
o
o

o
o
o

Common application layer protocols

Application layer protocols revisited
HTTP (web), SMTP (send email), POP (receive email) everyday
Hypertext transfer protocol and hypertext mark up language
Access resources on web server
Http (protocol/scheme)
www.cisco.com (server name)
Index.html (specific filename requested)
Server name converted to numeric address
Browser sends GET request for index.html file
Server sends HTML code to the browser, then browser deciphers
HTML code and formats page for browser window
SMTP, POP, IMAP
Email is store and forward method- stored in databases
Server checks if recipient domain is on local database, if not, sends
DNS to find IP address, then forwarded
SMTP:

POP

application layer sends mail using this (client to server or server

to server)
Proper format and SMPTO on both client and server necessary
Message header (email address and sender address) and
message body
Port 25, client SMTP sends email, server places in local account
or forwards
If destination server not online, or busy, SMTP spool messages
sent later- periodically sends again, and if not delivered after
expiration time, returned to sender

Retrieve mail from mail server- downloaded and deleted from

server
Server starts by listening on port 110 for connection requests
Connection established, server sends greeting, both exchange
commands/responses until closed/aborted
Not centralised, no backup, bad for small business, good for ISP,
don't need to manage large amounts of storage
IMAP
Copies of message are downloaded
File hierarchies created, long term storage and backup, access
email from multiple locations
Costly for ISP

o
o

o
o

o
o

Providing IP Addressing Services

Domain name system
DNS protocol is automated service that matches resource names
with required numeric network address
Use a message
DNS Message format
BIND (Berkeley Internet Name Domain)
Record types
A: End device address
NS: Authoritative name server
CNAME: Canonical name when multiple services have single
network address but each service has own DNS entry
MX: Mail exchange record
BIND looks at own records, then other servers, stored in cache
Ipconfig /displaydns displays all cached
DNS hierarchy

o
o

o
o
o

o
o

o
o
o
o

o
o
o
o

o
o

o
o
o

Domain names for hierarchy

Each DNS server maintains specific database file, only responsible for
managing mappings for small portion- when not in zone, forwards
to another DNS server
Top level domains: type of organisation or country
Decentralised servers
If given server has resource records that correspond to level, it is
authoritative for records
Nslookup
DNS client runs as a service itself (DNS resolver)
Can find the IP address of domain name
Dynamic Host Configuration Protocol
Allows devices on network to obtain IP addresses
Automates IP addresses, subnet masks, gateway, and other
parameters
Good for larger networks or where user population changes, wireless
hotspots
DHCP server usually local PC based server in medium/large
networks, in home usually in local router (IP address from DHCP
server at ISP)
Security risk- any device connected can receive address
DHCP Operation
Leased and returned to pool
Client broadcasts DHCPDISCOVER message
Server replies with DHCPOFFER message with IP address, subnet
mask, IP of DNS, and IP of default gateway
Client can receive multiple DHCPOFFER messages, identifies one
with DHCPREQUEST that accepts, and can also request address it
previously used
Server returns DHCPACK to finalise, but if no longer valid, DHCPNAK
returned, then must start again with discover
To renew lease use DHCPREQUEST
Providing File sharing Services
File Transfer Protocol
Data transfers between client and server
FTP client is application that pushes/pulls data from server running
an FTP daemon (FTPd)
Requires 2 connections- 1 for commands + replies, another for file
transfer

o
o
o

o
o
o
o
o
o
o

Client makes first connection for control traffic (client commands

and server replies)
Client makes second connection for actual data transfer, created
every time data to be transferred
Download = pull, upload = push
Server Message Block
Client/server file sharing protocol describing resources
Messages all have fixed sized header, variable sized parameter and
data component
Messages start, authenticate and terminate sessions
Control file and printer access
Allow application to send or receive messages to/from another
device
Uses DNS naming, so TCP/IP supports SMB
Long-term connection to servers, as if resource is local to client host

Move it

The internet of things

BYOD, access anywhere, virtualisation, and machine-to-machine
(m2m)
50 billion devices by 2020
Smart-tagging and advanced connectivity digitises unintelligent
products
Message travels through a network
Increase due to separation of layers
New applications can be developed without worry about getting
across network
Creation of the Data
o Created in application layer, encoded, compressed,
encrypted (application, presentation, and session)
Segmentation and Initial Encapsulation
o Transport layer, segmented and header added (source and
destination port added)
Addressing
o Address identifiers added to segment
o Network layer adds IP address (DNS helps), source and
destination IP with source and destination port number is
socket
Preparing for Transportation

Network Access Layer for generation of data onto mediaframe with header and trailer (MAC address of source and
next hop)
o Data link Layer of OSI model
o Encodes to bits and electrical pulses that are sent across
Transporting the Data
o Can travel across different media- network access layer
specifies technique of getting across
Delivering the Data to the Correct Destination Application
o Network access to network, to transport, to application layer
o In transport layer, information in header identified specific
process running on destination device
o Individual processes communicate with each other via port
number (source and destination)
o

CHAPTER 11

Devices in a small network

Small network topologies
o Majority of networks are small
o Single router, 1+ switches
o WAP and IP phones
o Internet: single WAN connection from DSL, cable, or ethernet
o Maintenance and troubleshooting of equipment + security
devices and data on network
o Single employee within, or contractor
Device Selection for a small network
o Cost: determined by capacity (number and types of ports,
backplane speed) and features (management capabilities,
security technology, advanced switching technology) + cable
runs. Redundancy also taken into account
o Speed and Types of Ports/Interfaces: today or growth? UTP and
fibre? Newer computers have built in 1Gbps NICs
o Expandability: fixed or modular (expansion slots)
o Operating System Features and Services: Security, QoS, VoIP,
Layer 3 switching, NAT, DHCP
IP addressing for a small network
o End devices, servers/peripherals, hosts accessible from internet,
intermediary devices
o Planning and documentation help tracking and troubleshooting
o Easier to control access when deterministic IP addressing
scheme used- recognition, unable to locate resources
Redundancy in a small network
o Reliability- redundancy required (duplicate equipment or
network links)
o Expensive, so redundant switch connections between multiple
switches and routers
o Multiple NIC ports to switches
o Single exit point to internet- if router fails, whole system goes
down (can pay least cost option with second SP for backup)
Design consideration for a small network
o Secure file and mail servers in centralised location
o Protect location from unauthorised access by implementing
physical and logical security measures
o Redundancy for server farm- if one fails, files not lost
o Configure redundant paths to servers

VoIP converged over network, real time traffic supported,

priority
File Transfer
Email
Voice
Video
Messaging
Transactional

Protocols in a small network

Common applications in a small network
o Network Applications
Software used to communicate over network
Network-aware: end user apps communicate directly with
lower layers of protocol (email clients and web browsers)
o Application Layer Services
FT or network print spooling need assistance of this service
Different data need different services to prepare for
processing down OSI model
Common protocol in a small network
o Network protocols support applications and services
o DNS, Telnet, IMAP, SMTP, POP, DHCP, HTTP, FTP
o Defines Processes, typse of messages, syntax of messages,
meaning of information fields, how messages are sent, expected
response, interaction with lower layer
Real time applications for a small network
o Real time to communicate, require more planning and
dedicated services
o Network devices configured to ensure priority delivery
o Infrastructure
Can existing switches , cabling and routers support? Gigabit
transmission cabling
Older switches can't support Power over Ethernet (PoE),
obsolete cabling cannot support
o VoIP
Traditional telephones (voice-enabled routers: convert
analogue signals to packets)
Less expensive than integrated IP telephony solution, not
same quality
o IP Telephony

IP Phone performs voice-to-IP conversion

Voice enabled routers don't need integrated IP telephone
solution- IP phones use dedicated server for call control
and signalling
Real-Time Applications
Real-Time Transport Protocol (RTP) and Real-Time
Transport Control Protocol (RTCP) support applications that
require delay-sensitive delivery
Allow QoS mechanisms in scalability of network - minimises
latency issues

Growing to Larger Networks

Scaling a small network
o Network Documentation: physical and logical topology
o Device Inventory: List of devices
o Budget: IT Budget with fiscal year equipment purchasing
budget
o Traffic Analysis: Protocols, applications, services and traffic
requirements documented
Protocol analysis of a small network
o Holistic approach with software/hardware protocol analyser
o Allow network pro to quickly compile statistical info about
traffic flows
o Type of traffic and current flow during peak utilisation times
and on different network segments
o Analysed based on source and destination of traffic and type of
traffic being sent
o Decisions on how to manage more efficiently- reducing
unnecessary traffic flows/changing flow patterns by moving
server
Evolving protocol requirements
o Net admin can have IT Snapshots of application utilisation over
time
o OS version, Non network/network applications, CPU, drive and
RAM utilisation
o Shift in utilisation requires net admin to shift network resources
accordingly
Network device security measures

Categories of threats to network security

o Loss of time and money, theft of data
o Access through software vulnerabilities, hardware attacks, or
user/pass
o Software
Information Theft
Identify theft
Data loss/manipulation
Disruption of service
Physical security
o Hardware Threats: physical damage
o Environmental Threats: temperature and humidity extremes
o Electrical threats: voltage spikes brownouts, unconditioned
power, total power loss
o Maintenance Threats: poor handling of electrostatic discharge,
no spare parts, poor cabling, poor labelling
Types of security vulnerabilities
o Vulnerability: degree of weakness (technological, Configuration,
or security policy)
o Threat: people interested and qualified in taking advantage of
weakness. Found through tools, scripts and programs to
launch...
o Attack: against networks/devices, generally endpoint
(computer/servers)

Vulnerabilities and network attacks

Viruses, worms, and trojan horses
o Virus: Software attached to another program to execute
unwanted function on pc. Require delivery mechanism (exe)
o Trojan Horse: Virus where entire application written to look like
something else
o Worms: don't need human interaction- self contained
Enabling vulnerability (installs self by exploiting known
weaknesses)
Propagation mechanism (after gaining access, copies itself
to host and selects new targets)
Payload (attacker has access to host)
Reconnaissance attacks
o Network attack with unauthorised discovery/mapping of
systems, services or vulnerabilities

External attackers use internet tools (nslookup and whois) to

find address space for corporation, then ping to find active (can
use ping sweep tool fping or gping)
Access attacks
o Exploit known vulnerabilities in authentication services, FTP, and
web services
o Web accounts, confidential databases, etc
o Password Attack: packet sniffer to find accounts and passes
transmitted in clear text,
o Dictionary/brute force attacks guessing password
DoS attacks
o Denial of service easy to execute
o Prevent authorised people from using service by consuming
system resources
o

Mitigating Network attacks

Backup, upgrade, update and patch
o Antivirus
o Containment: compartmentalise uninfected parts of network
o Inoculation: start patching all systems, scan for vulnerable
systems
o Quarantine: track down each infect machine and
disconnect/remove/block them
o Treatment: Clean and patch each system (some need complete
core system reinstallations)
o Centralised patch that installs by itself after a set amount of
time
Authentication, authorisation, and accounting
o AAA network security provide framework to set up access
control
o Authentication

who accesses
Username and password, challenge and response
questions, token cards
Local authentication: each device has own database of
user/pass
External Authentication: External network server
authentication- RADIUS (open standard, low use of CPU,
switches routers wireless devices) and TACACS+ (modular
AAA uses daemon running on security server)

Authorisation
What they can do
Determine what sources user can use and which operations
they can perform
o Accounting
Their actions are monitored
What they do, what is accessed, how many times, and
changes made
Firewalls
o Control traffic in network
o Resides between 2+ networks and controls traffic travelling into
network
o Packet Filtering: prevents/allows access based on IP/MAC
address
o Application Filtering: prevents/allows by port number
applications
o URL filtering: URL filtering/keywords
o Stateful packet inspection (SPI): incoming packets must be
legitimate responses from internal requests (can also filter out
DoS)
o Firewalls can also perform NAT, concealing IP addresses from
outside users
o Appliance-based firewalls: built in to security appliance device
o Server-based firewalls: runs on NOS like unix or windows
o Integrated firewalls: router receives firewall functionality
Endpoint security
o Laptops, desktops, servers, smart phones, tablets
o Employees trained on proper use, policies, documentation
o Securing layer 2 devices against MAC address spoofing, MAC
address table overflow attacks, LAN storm attacks (Attack
mitigation)
o

Securing devices
Introduction to securing devices
o Default username and password changed immediately
o Access to system resources restricted
o Any unnecessary services/applications turned off/uninstalled
Passwords
o 8+ characters, complex (uppercase lowercase letters symbols),
meaningless, misspell words, change often, don't write down

On cisco routers, can use space, pass phrase

Verify strength by using brute force attack tools on own
passwords
Basic security Practices
o Additional Password Security
Service password-encryption to prevent people from seeing
passwords in plain text
Security passwords min-length command
Login block-for 120 attempts 3 within 60
o Banners
Able to proscecute anyone accessing system
inappropriately
o Exec Timeout
Automatically disconnect idle users after certain time
Exec-timeout 10
Enable SSH
o Remote Access via SSH
Router has unique host name, and configure IP domain
name
One way secret keys (crypto key generate rsa general-keys
modulus) determines size of key
Create local database username entry (username <name>
secret < secret>)
Enable vty inbound SSH using login local and transport
input ssh
o
o

Ping
Interpreting Ping results
o Identify source of problem
o Checks protocol stack and IPv4 Address and connectivity
o IOS Ping Indicators
! Is receipt of ICMP echo reply, Layer 3 successful
. Indicates time expired, device security or no path to
destination
U unreachable, no route to destination or blocked
o Testing the Loopback: Verifies IP config on local host using
127.0.0.1
Extended ping
o Privileged EXEC mode with no IP address
o Can remotely ping by changing source ping address

Network Baseline
o Process that studies network at intervals, report created over
time
o Copy results from ping/trace into text file time stamped with
date and archived
o Compare results over time- error messages and response times
o Verifies host to host connectivity, latency issues, helpful for
network admins to keep network running efficiently

Tracert
Interpreting Tracert messages
o List of hops
o Form depends where command is issued (tracert from
windows, traceroute from router)
Show Commands
Common show commands revisited
o Show running-config
o Show interface
o Show arp
o Show ip route
o Show protocols
o Show version
Viewing Router settings with the show version Command
o Used to verify/troubleshoot basic hardware/software
components
o IOS version, bootstrap version, filename of IOS and bootstrap,
CPU type, RAM, number and type of physical interfaces, amount
of NVRAM, amount of flash memory, currently configured value
of software configuration register in hexadecimal
o Configuration register tells how to boot up, can change so looks
for IOS in different place on next bootup
Viewing Switch settings with the show version command
o Software and bootstrap version, system up-time, system restart
info, IOS filename, model number and processor type, memory
type (shared/main), hardware interfaces, configuration register
Host and IOS commands

Ipconfig command options

o IP address found
o Ipconfig /all shows MAC address
o Manufacturer of network interface found through OUI portion
of MAC address
o Ipconfig /displaydns displays all cached DNS entries
Arp command options
o Creating, editing, display of mappings of physical addresses to
IPv4 addresses
o Arp -a lists all devices in ARP cache of host
o Arp -d clears cache
Show cdp neighbours command options
o CDP runs at data link layer (cisco proprietary protocol)
o CDP starts by default, automatically discovering neighbours
running CDP, exchanging hardware and software info
o Device identifiers (host name of switch), address list, port
identifier, capabilities list (router or switch), platform
o Show cdp neighbors detail reveals IP address of neighbouring
device
o CDP can be security risk- to disable globally, no cdp run, on
one interface, no cdp enable
Using the show ip interface brief command
o Can be used to verify interfaces of intermediary devices
o Show ip interface brief
o Displays all interfaces, IP addresses, and operational status
Router and switch file systems
Router file systems
o Network admin must also manage config files (backup and
retrieval)
o Cisco IOS File System (IFS) single interface to all file systems
Flash memory file systems
Network file systems (TFTP FTP)
Endpoints for reading/writing data (NVRAM, runningconfig, ROM)
o All files can be viewed and classified
o Allows admin to move around to different directories, list files,
and create subdirectories
o Show file systems shows all available systems, free memory,
type of file, permissions (ro, wo, rw)
o Current default system has * preceding it, # appended to listing
indicating it's a bootable disk

Flash File System: several files located in flash, but last listing is
current Cisco IOS file image
o NVRAM File System: to view, must change current default file
system using cd. Pwd (present working directory) shows which
directory you're working in. dir command lists contents,
including start-up config file
Switch file systems
o Copy config files, archive software images
o Same commands as router
o

Back up and restore configuration files

Backing up and restoring using text files
o Using Tera Term
o File, Log, choose location to save, capture will start, show
command, text displayed will be directed into chosen file, select
close in log window
o Restoring Text Configuration (from file into device)
When copy pasting, must edit so passwords are plain text,
non command text is removed, and IOS messages are
removed
Global config, file, send, open
Backing up and restoring using TFTP
o Config files can be stored on Trivial File Transfer Protocol (TFTP)
server or USB drive
o Back-up: Copy running-config tftp, ip address of storage host,
enter name to assign to file, enter
o Restore: copy tftp running-config, ip address of storage, name
to assign to config file, enter
Using USB ports on a Cisco Router
o Optional secondary storage and additional boot devicemodular integrated services routers can boot IOS image from
USB
o 64, 128, 265MB versions, FAT16 format
o Can hold multiple copies, easily move and copy configs from
router to router
Backing up and restoring Using a USB flash drive
o Backup: show file systems to ensure USB is there, confirm its
name, copy run usbflash0:/ to copy config to USB, then
prompted for filename

Restore: edit file, then copy usbflash0:/R1-Config runningconfig

Integrated Router
Multifunction Device
o Homes use for internet sharing, print sharing, centralised
storage, etc
o Don't need switches and routers, so use multifunction devices
(multifunction device)
o Combined switch and router, happens internally
o Offers wired and wireless connectivity, offering access point
o Also offer DHCP, firewall, and sometimes network attached
storage services (NAS)
Types of Integrated Routers
o Small for home office, or powerful for enterprise branch offices
o Linksys wireless router
Reduces cost of device, but single point of failure
ISR (integrated services router) have modularity, separate
components (allowing adding, replacing, and upgrading)
Allow config settings like passwords, IP addresses, DHCP
settings
Wireless Capability
o Wireless Mode
IEEE 802.11 wireless standard- most support b,g,n
Will return to oldest standard
o SSID (Service Set Identifier)
Helps connect to correct WLAN
Case sensitive, alpha-numeric name for network
Tells wireless devices which WLAN they belong to and
which devices they can communicate with
All wireless devices must have same SSID to communicate
o Wireless Channel
Dividing up available RF spectrum, so each channel can
carry a different conversation
Aps can function closely, as long as they use different
channels
Basic Security of Wireless
o Change default values for SSID, usernames, and passwords
o Disable broadcast SSID
o Configure encryption using WEP or WPA

WEP (Wired Equivalency Protocol)

Uses preconfigured keys to encrypt data
64, 128, or 256 bit keys string of numbers and letters, or
passphrase option
Same WEP keys must be entered on all devices
Weaknesses: static key, programs to find the key, and
access to all transmitted info
Wi-Fi Protected Access (WPA)
Keys from 64-256 bits
But generates new dynamic keys each time client connects
to AP

Configuring the integrated Router

Configuring the Integrated Router
o Ethernet ports, WAP, DHCP server, mini-webserver, and GUI
o Initially access via ethernet port from computer
o Automatically gains default gateway address (check with
ipconfig /all)
o Type it in to access GUI
o Basic config tasks should be conducted before AP is connected
Enabling Wireless
o Wireless mode, SSID, RF channel, security must all be
configured
o Select correct wireless mode (overhead vs connectability)
o Set SSID- can be broadcast or manually configured
o Choice of RF must be made relative to already present wireless
networks surrounding
Configure a wireless client
o Any device with wireless NIC and wireless client software
o Allows hardware to participate in WLAN
o Client config settings must match wireless router (SSID, security,
channel information)
o Verify link of connection status, and actual transmission (ping)

REVISION NOTES
CHAPTER 1
CLOBALLY CONNECTED

Networking Today
o Technology then and now
Resources include: sharing photos, videos and experiences,
accessing school network, communicating via email, IM, or
VoIP, watching movies/tv shows, playing online games,
checking weather and traffic, as well as bank balance.
Internet of Everything- bringing people, process, data and
things together to make network connections more
relevant/valuable
o The Global Community
Create a world where geography and physical limitations are
irrelevant
Independent of location or time zone
o Networks support the way we learn
Maximising the dissemination of knowledge
Traditionally- textbook and instructor- both limited
Networks deliver interactive activities, assessments, feedback,
virtual classrooms, on demand video, learning spaces,
mobile learning, distance learning, e-learning, discussion
boards and wikis, admin- student enrolment, assessment
delivery, progress tracking
o Networks support the way we communicate
IM/texting: real time communication between 2+ people,
also file transfer, voice, video communication
Social Media: interactive websites where user generated
content is shared
Collaboration tools: working together on shared documentsremote locations can contribute equally with city
counterparts
Weblogs: anyone can easily update and edit thoughts to
global audience
Wikis: group creation of information, extensive reviewing and
editing
Podcasts: audio-based medium can deliver recordings to
wide audience

P2P file sharing: share files with each other without having to

store and download them from a central server- install P2P

software
Networks Support the Way we Work
Initially used to internally record financial, customer and
employee info
Now enables transmission of email, video, messaging, and
telephony
Provides efficient/cost effective employee training
Networks support the way we Play
Explore, Shop, Watch, hobby, game

Providing Resources in a network

o Networks of many sizes
Small, Large, Internet
o Clients and servers
Hosts- send and receive messages on network
End devices- can be client, server, or both.
o Peer-to-Peer
Possible for computer to be client and server simultaneously

Advantages

Disadvantages

Easy to set up

No central admin

Less complex

Not as secure

Lower cost (no network

Not Scalable
devices or dedicated servers)
Simple tasks- file transfer,
printer sharing

Simultaneous client/server
may slow performance

LANS, WANS AND THE INTERNET

Components of a Network
o Devices- hardware
End Devices
Form interface between users and communication
network
Each host is identified by an address

Computers, network printers, VoIP phones,

TelePresence endpoints, security cameras,
smartphones, tablets, PDAs, bar-code scanners
Intermediary Network Devices
Direct path of data, but don't create or modify
Functions include
Regenerate and retransmit data signals
Hold info about pathways
Error notification
Direct through detours when link failures occur
Classify priorities with QoS (quality of service)
Permit/deny flow of data (security)
Network access (switches, WAP), Internetworking
(routers), Security (firewalls)
Media- Connections

Media type

Encoding

Metallic wires

Electrical impulses specific patterns

Glass or plastic fibres

Pulses of light (infrared or visible)

Wireless transmission

Electromagnetic waves

Criteria
Distance the medium can carry a signal
Environment
Amount of data and speed it must be transmitted
Cost of medium and installation
Services- Software and processes that run on devices
Network Representations
Network Interface Card (or LAN adapter)- provides physical
connection.
Physical Port- connector/outlet on device where medium is
connected to host
Interface- Specialised ports on internetworking devicesconnect to individual networks. Routers used to
interconnect networks, so ports on router called network
interfaces

o
o

LANs and WANs

o LAN

Home, school, office, or campus

Administered by single organisation/individual, on network
level
High speed bandwidth to internal
WAN
Managed by SPs, ISPs
Interconnect LANs
Usually by multiple service providers
Typically slower speed
MAN- Metropolitan area network
Physically larger than LAN, still not WAN (a city)
WLAN- Wireless LAN
SAN- Storage area network- designed to support file servers
and provide storage, retrieval, and replication of data.
Components include servers, disk arrays, and Fibre Channel
Interconnection

o
o
o

The Internet
o Collection of interconnected private and public networks
o Intranet
Private connection of LANs and WANs, only accessible to
members of organisation
Eliminate paperwork, speed workflows
e.g. internal events, health and safety policies, newsletters,
phone directories, class schedules, curricula, forums
o Extranet
Individuals from outside the organisation can gain access to
information they require from the organisation's intranet
e.g. outside suppliers and contractors, hospitals providing
booking schedules for doctors
o Internet Access Technologies
Home users need to connect to an internet service provider
(ISP)
Business class interconnections provided by SP
o Connecting Remote users to the Internet

Cable

Same coaxial cable that delivers cable

television. High bandwidth, always on
connection. Special cable modem separates
internet data signal, provides Ethernet

connection to host computer

DSL

Provides high-bandwidth, always on

connection to the internet. Requires high speed
modem to separate DSL signal from telephone
signal, provides Ethernet connection
Telephone line splits into 3 channels- voice
telephone calls, faster download channel to
receive, and sending/uploading information
(slower than 2nd channel)

Cellular

Uses cell phone network to connect,

performance limited by phone capabilities and
cell tower
Good for remote communities or those on the
move

Satellite

Good for when there's no DSL or cable access,

dishes require clear line to satellite, so trees
can't be in the way
Equipment and installation costs can be high

Dialup
Inexpensive, using a phone line and modem
telephone Low bandwidth, low speed
o

Connecting Businesses to the Internet

Dedicated
Leased Line

Dedicated connection from SP to customer

premises
Reserved circuits that connect geographical
separate buildings
Rented at monthly/yearly rate

Metro
Ethernet

Dedicated copper or fibre connection10Mbps-10Gbps Copper is cheaper, but

<40Mbps, limited distance

Business DSL

Symmetrical DSL (SDSL) and Asymmetrical

DSL (ADSL)
SDSL provides same up and download
speeds
Works up to 5.5km

Satellite

Provide a connection when wired is

unavailable, but slower and less reliable

THE NETWORK AS A PLATFORM

The Converging Network

o Early networks limited to character based information
o Modern technology allows us to consolidate different networks
into one converged network.
o Computer networks, telephone networks, broadcast networks
Planning the Future
o Convergence shows first phase in building intelligent info
network
o Second phase- consolidate applications that generate, transmit,
and secure messages onto integrated network devices
o Devices that perform telephone switching/video broadcasting
will also route messages through the network
o Result: communications platform provides high quality
application functionality at reduced cost
The Supporting Network Architecture
o Fault tolerance
Redundant connections allow for alternative routes of data,
limiting the impact of failure
o Scalability
New users and networks can be connected without
degrading existing performance
Tier 1 ISPs provide global connections, backbone
Tier 2 Smaller ISPs provide regional service (peer connections
bypass backbone)
Tier 3 local ISPs providing directly to end users
Protocols allow for acceptance of new products and
applications through easy integration
o Quality of Service
Managed by the router and ensures first priority data is sent
through first
Web pages low priority, streaming media high priority
(maintain smoothness)

Classification- time sensitive and business transaction more

important than delay tolerable
Security
Admin protect network with software and hardware security,
preventing physical access to network devices
Serious consequences from breaches- no communication or
transactions, loss of business, intellectual property stolen,
breach of personal privacy, loss of information
Network infrastructure security- physical securing of devices
Information security- protecting information contained in
packets (unauthorised disclosure, theft, modification, DoS)
CIA
Circuit switched connection oriented networks
With phone calls, temporary path/circuit made
If any link or device failed, call was dropped, and new call
had to be made with new circuit
Limited paths
Expensive to create many alternative paths, so not optimal
for internet
Packet-Switched Networks
Single message broken into multiple message blocks with
addresses of origination point and final destination, sent
along network (no fixed path) and reassembled at the other
side
Only addresses are visible to network- IP address
If path no longer available, next best path is dynamically
chosen

THE CHANGING NETWORK ENVIRONMENT

Network Trends
o Bring Your Own Device
Students and employees bring their own phones, tablets,
laptops, notebooks, e-readers
More flexibility
o Online Collaboration
Ensuring everyone has access to all the information, on the
same page
Decreased budget and personnel, balancing resources
Maintain face to face relationships
o Video Communication

Used for communication, collaboration, and entertainment

Distance business, lowering costs, reduce impact on
environment
Drivers for organisations to develop video solution strategy
Global workforce and need for real time collaboration
Reducing costs and green IT
New opportunities for IP convergence- video
applications such as collab, advertising, and
surveillance systems onto single IP network
Media explosion- high quality low cost video recording
devices
Social networking- employees film short videos to
share best practices
Demands for universal media access
Cloud Computing
Resources delivered as a service over a network, charging a
service fee
Benefits
Organisational flexibility
Agility and rapid development
Reduced cost of infrastructure
Refocus of IT resources
Creation of new business models
Types
Private- only for specific organisation, e.g.
government- internally managed (expensive to build
up) or externally with strict access security
Public- offered to general population, free or pay per
use, using the internet
Hybrid- 2+ clouds where each part is distinctive but
have connection via a single architecture. Various
services levels based on user access rights
Custom- build to meet the needs of a specific industrycan be private or public
Data centres
Facility used to house computer systems and
associated components
Associated components
Redundant data communication connections
High speed virtual servers (server farms or server
clusters)

Redundant storage systems (SAN)

Redundant/back up power supplied
Environmental controls (AC, fire suppression)
Security devices
Use cloud computing and virtualisation (runs several
OSs in parallel on a single CPU, reducing admin and
cost overheads)
Very expensive to build and maintain, generally large
organisations have their own, smaller lease.

Technology Trends in the Home

Smart home technology
Integration of everyday appliances
Powerline Networking
Uses existing electrical wiring to connect devices
"no new wires" saves cost of installing data cables, no cost
to electric bill
Alternative when cables or wireless are not a viable option
Use a standard powerline adapter
Wireless Broadband
WISP (Wireless internet provider)
Rural environments where DSL/cable not found
Connects subscribers to hotspot
Antenna can be attached to existing elevated structure
Wireless Broadband Service
Antenna installed outside the house
Uses same technology used by smartphone/tablet
Security Threats

Virus, worms and trojan horses

Spyware and adware
Zero-day attacks
Hacker attacks
DoS attacks
Data interception and theft

Identity theft
Internal threats

Security solutions
Home/small office
Antivirus and antispyware
Firewall filtering
Corporate
Dedicated firewall systems
Access Control Lists (ACL)
Intrusion Prevention Systems (IPS)- prevent zero day
Virtual Private Networks (VPN)- secure access to
remote workers
THE CHANGING NETWORK ENVIRONMENT

Network Trends
o Bring Your Own Device
Students and employees bring their own phones, tablets,
laptops, notebooks, e-readers
More flexibility
o Online Collaboration
Ensuring everyone has access to all the information, on the
same page
Decreased budget and personnel, balancing resources
Maintain face to face relationships
o Video Communication
Used for communication, collaboration, and entertainment
Distance business, lowering costs, reduce impact on
environment
Drivers for organisations to develop video solution strategy
Global workforce and need for real time collaboration
Reducing costs and green IT
New opportunities for IP convergence- video
applications such as collab, advertising, and
surveillance systems onto single IP network
Media explosion- high quality low cost video recording
devices
Social networking- employees film short videos to
share best practices
Demands for universal media access

Cloud Computing
Resources delivered as a service over a network, charging a
service fee
Benefits
Organisational flexibility
Agility and rapid development
Reduced cost of infrastructure
Refocus of IT resources
Creation of new business models
Types
Private- only for specific organisation, e.g.
government- internally managed (expensive to build
up) or externally with strict access security
Public- offered to general population, free or pay per
use, using the internet
Hybrid- 2+ clouds where each part is distinctive but
have connection via a single architecture. Various
services levels based on user access rights
Custom- build to meet the needs of a specific industrycan be private or public
Data centres
Facility used to house computer systems and
associated components
Associated components
Redundant data communication connections
High speed virtual servers (server farms or server
clusters)
Redundant storage systems (SAN)
Redundant/back up power supplied
Environmental controls (AC, fire suppression)
Security devices
Use cloud computing and virtualisation (runs several
OSs in parallel on a single CPU, reducing admin and
cost overheads)
Very expensive to build and maintain, generally large
organisations have their own, smaller lease.

Technology Trends in the Home

Smart home technology
Integration of everyday appliances

Powerline Networking
Uses existing electrical wiring to connect devices
"no new wires" saves cost of installing data cables, no cost
to electric bill
Alternative when cables or wireless are not a viable option
Use a standard powerline adapter
Wireless Broadband
WISP (Wireless internet provider)
Rural environments where DSL/cable not found
Connects subscribers to hotspot
Antenna can be attached to existing elevated structure
Wireless Broadband Service
Antenna installed outside the house
Uses same technology used by smartphone/tablet
Security Threats

Virus, worms and trojan horses

Spyware and adware
Zero-day attacks
Hacker attacks
DoS attacks
Data interception and theft
Identity theft
Internal threats
Security solutions
Home/small office
Antivirus and antispyware
Firewall filtering
Corporate
Dedicated firewall systems
Access Control Lists (ACL)
Intrusion Prevention Systems (IPS)- prevent zero day
Virtual Private Networks (VPN)- secure access to
remote workers

CHAPTER 2
BOOTCAMP

IOS Bootcamp
Cisco IOS
o Location of the Cisco IOS
Stored in flash
Generally IOS copied from flash into RAM
RAM has functions including storing data, increasing
performance, however data lost during power cycle
o IOS Functions (generally accessed by CLI)
Security
IP addressing
Optimise connectivity- interface-specific configurations
Routing
QoS technologies
Network management technologies
Accessing a Cisco IOS device
o Console
Management port that provides out of band access
Access via dedicated management channel for maintenance
purposes- initial configuration, when remote access
unavailable
Connect to determine status of device, showing start up,
debugging and error messages
o Telnet SSH and AUX
Telnet
Method for remotely establishing CLI session through
virtual interface
Unlike console, requires active networking services on
device- must have one active interface with address
like IPv4
Cisco IOS devices include Telnet server process- allows
configuration commands from Telnet client
Also has Telnet client, can telnet from device to any
other device with telnet server process
SSH

Telnet with stronger password authentication, and

encryption
Keeps ID, password, and details of management
session private
Most versions use SSH
AUX Port
Remotely establish CLI session via telephone dialup
connection
Modem connected to auxiliary port of router
Out-of-band connection, doesn't need active
networking services on device
Can also be used locally, using direct connection
Terminal Emulation Programs
Includes PuTTY, Tera Term, SecureCRT, HyperTerminal, OS X
Terminal
Some enhance productivity with customisable user interfaces

Navigating the IOS

o Cisco IOS Modes of Operation
Hierarchical structure for the modes (basic to specialised)
User Executive (User EXEC) mode, Privileged executive
(Privileged EXEC) mode, Global Configuration mode Other
specific configuration modes (e.g. interface configuration
mode)
Structure can be configured to provide security, with
different authentication for each mode
o User EXEC mode >
Limited capabilities, most basic, first encountered,
default no authentication
View only mode, no changes
o Privileged EXEC mode #
Needed to execute configuration and management
commands, default no authentication
o Global Configuration Mode (config)#
Primary configuration mode
Affect operation of device as whole
o Specific Config Modes
Allow config of particular part or function of IOS
Interface mode- to configure a network int.

Line Mode- to configure a physical or virtual line

(console, AUX, VTY)
To return to global, type exit
To return to privileged, type end or control z

The Command Structure

o Cisco IOS Command Reference
Collection of online documentation
Can check Syntax, Default- manner command is
implemented on device with default config, Mode- mode
where it's entered, History- how command works
depending on version of IOS, Usage Guidelines, Examples
o Context-Sensitive Help
Provides list of commands + arguments within context of the
mode
To access, enter ?
To get a list of commands beginning with a particular letter,
enter the letters with ?
To determine what can/should be entered next, enter the
command then a space and a ?
o Command Syntax Check
If interpreter cannot understand something left to right, will
provide feedback- Ambiguous Command, Incomplete
command, Incorrect command
o Hot Keys and Shortcuts

Ctrl-A - Moves to the beginning of the line

Ctrl-E - Moves to the end of the line

Ctrl-R - Redisplays a line

Ctrl-Z - Exits the configuration mode and returns to

user EXEC

Ctrl-C - Exits the configuration mode or aborts the

current command

Ctrl-Shift-6 - Allows the user to interrupt an IOS

process such as ping or traceroute
o IOS examination Commands
Provides information about the configuration, operation, and
status of parts
Show interfaces
Displaces statistics for all interfaces on the device
For specifics, enter type and slot/port number after

Show startup-config
Displays the saved configuration located in NVRAM
Show running-config
Displays the contents of the currently running config
file
More
When output is more than single page, --more-appears, press spacebar for more, enter for one more
line
The show version Command
Displays info about the currently loaded IOS version +
hardware and device information
Includes
Software version- stored in flash
Bootstrap version- stored in Boot ROM
System up-time
System restart info- method of restart
Software image name- filename stored in flash
Router type and processor type- model number
Memory type and allocation (shared/main)- RAM and
shared packet buffering
Software features
Hardware interfaces- interfaces available
Configuration register- sets bootup specifications,
console speed setting, and other parameters

GETTING BASIC

Host Names
o Why the Switch
One of the simplest devices, no configuration prior to
functioning
Has initial settings like name, device config, banner
messages, and saving
o Device Names
Appear in CLI prompts, authentication processes, and
topology diagrams
Default name is assigned until hostname given
Use naming convention to easily understand
Start with a letter
Contain no spaces
End with a letter or digit

Use only letters, digits, and dashes

Be less than 64 characters
Host Names
Allow devices to be identified by network admins over
network or internet
Use physical location- floor 1, floor 2, etc
Configuring Host Names
From privileged EXEC mode, go to global configure
terminal
Enter hostname hostname Sw-Floor-1
Hostname will appear in the prompt
To remove a name, use no hostname

Limiting Access to Device Configurations

o Securing Device Access
Physically- closets and locked racks
Passwords are primary defence
o Securing Privileged EXEC access
Use enable secret password command
Older, less secure is enable password password
o Securing User EXEC access
Console
Secured minimum by requiring password
Reduces chance of unauthorised personnel plugging in
a cable
From global config, use line console 0 to enter line
config mode , then password password to specify a
password, then login to require authentication when
logging in
VTY Password
Vty lines allow access to Cisco device via telnet
Default switches support up to 16 vty lines: 0-15
5 is most common number of vty lines configured
Password for each vty line
Same password can be set for all, however one can be
different as fall back for admins
Example- line vty 0 15 then password password then
login
By default includes login command. If no login is set,
unauthorised persons could connect across network

Encrypting Password display

service password-encryption
Weak encryption to all unencrypted passwords in config file,
not over media
Once applied, removing encryption does not reverse
Banner Messages
Notification required otherwise prosecution or monitoring of
users not possible- shouldn't be welcoming
Banners on log in screen can be "only for authorised, is
monitored, can be prosecuted for unauthorised use"
Message of the day (MOTD) Requires use of delimiters to
identify content of banner message
Example: banner motd # message #

Saving Configurations
o Configuration Files
Running-Config
Running config file reflects current configuration
applied to IOS device, changes take effect immediately
Stored in working memory of device- RAM, so
temporarily active while running, but if powered off,
changes are lost unless saved
Options after making a change
Return device to original config- reload, no at
prompt
Remove all configs from device- Erase startupconfig, also need to delete vlan.dat
Make changed config the new start up configcopy running-config startup-config
Startup-config
File reflects config that will be used upon reboot,
stored in NVRAM
o Capturing Text
Config files can be saved and archived to text document
Steps
File menu click log
Choose location
After capture has been started, execute show
running/startup config
Text displayed in window will be placed into file

When capture is complete, select close

View output to verify not corrupted
Restoring Text Config
Config file can be copied from storage to device
When copied into terminal, IOS executes each line as
command, requiring editing before copying (encrypted
passes into plain text and remove parameter, and get
rid of non commands)
Steps
Edit text
On file menu click send
Locate file to be copied and click open
File is pasted into device
Will become running config on device, convenient

ADDRESS SCHEMES

Ports and Addresses

IP Addressing of devices
o Used by devices to locate each other, physical and virtual
interfaces
Interfaces and ports
o Each physical interface has specifications/standards
o Each link requires particular network technology
o Ethernet most common, needs RJ-45
o Switch Virtual Interfaces (SVIs)
Virtual interfaces- no physical hardware
Means to remotely manage a switch over a network using
IPv4
Default SVI is VLAN1
Addressing devices
Configuring a switch virtual interface
o To access switch remotely, IP address and subnet mask must be
configured on SVI
o Interface vlan 1- used to navigate to special config from global
o Ip address ip address and subnet mask
o No shutdown administratively enables interface to an active
state
Manual IP address configuration for end devices

IP address, subnet mask, default gateway and DNS server info

Automatic IP address configuration for end devices
o Dynamic Host Configuration Protocol (DHCP) allows end
devices to have IP info automatically configured
o Otherwise every time you connected you would have to
manually enter IP address, subnet mask, default gateway, and
DNS server
o Can display IP config settings by using ipconfig
IP Address conflicts
o If static (manual) IP address is defined for network device, (e.g.
printer), then DHCP server installed, might get duplicate IP
addresses
o To solve, either include printer into DHCP client, or exclude it
from the DHCP scope (but second solution needs admin
privileges on DHCP server)
o Another conflict is when manually configuring IP on an end
device in a static IP addresses only network- To solve,
determine which IP addresses are available on particular IP
subnet and configure accordingly (static used in small to
medium network)
o

Verifying Connectivity
Test the Loopback Address on an End Device
o Ping command on reserved address called loopback (127.0.0.1)
Testing the interface assignment
o Show ip interface brief to verify condition of the switch
interfaces
Testing PC-to-Switch Connectivity
o Ping command can be used on a PC
Testing end to end connectivity
o Ping with computers

CHAPTER 3
RULES OF COMMUNICATION

Establishing the rules

o Needs a sender, a receiver and a channel, governed by
protocols
o Common language and grammar
o Speed and time of delivery
o Confirmation or acknowledgement requirements
Message Encoding
o Encoding from bits to patterns of light, sound, waves, or
electrical impulses
o Destination receives and decodes signals to interpret message
Message Formatting and Encapsulation
o Placing one message format in another message format
o Frame provides address of destination and host
o Must meet minimum and maximum size requirementssegmented down
Message Timing
o Access Method- when someone can send a message
o Flow Control- how much info sent and speed- transmit at faster
rate than receive and process
o Response Timeout- how long to wait for response, what to do if
timeout occurs
Message Delivery Options
o One to one (unicast) or one to many (multicast), or one to all
(broadcast)
o Sometimes necessary to return an acknowledgement
NETWORK PROTOCOLS AND STANDARDS

Protocols
Interaction of Protocols

o
o

o
o

Application protocol- HTTP governs how a web server and web

client interact
Transport Protocol- TCP (Transmission Control Protocol)
managed individual conversations between servers and clients,
controls size and rate of messages
Internet Protocol- IP takes formatted segments from TCP,
encapsulating them, addressing them, and delivering them
Network Access Protocols- Communication over data link and
physical transmission of data. Take packets from IP and format
to be transmitted over media- Ethernet

Protocol Suites
Protocol Suite: TCP/IP- open standard (freely available to public)
o
o
o

Standards-based protocol has been endorsed by networking

industry and approved by standards organisation
Ensures that products from different manufacturers can

interoperate
Some are proprietary- one company controls how the protocol

functions- AppleTalk and Novell Netware

Creation of the internet and Development of TCP/IP
o First packet switching network was ARPANET in 1969

Standards Organisations
Open Standards
o ISOC (The internet society)- open development, evolution, and
internet use
o IAB (Internet Architecture Board)- overseen by ISOC, responsible
for overall management and development of internet
Standards- 13 members
o IETF (Internet Engineering Task Force)- develop, update and
maintain internet and TCP/IP technologies. Produces request for
comments (RFC) documents. Consists of working groups (WGs).
IESG (Internet Engineering Steering Group) is responsible for
technical management of IETF
o IRTF (Internet Research Task Force)- long term research e.g. anti
spam, crypto forum, peer to peer, and router research
o IEEE (Institute of Electrical and Electronics Engineers)dedicating to advance innovations and standards
o ISO (International Organisation for Standardisation)
Best known for OSI (Open Systems Interconnection)

Published in 1984 for layered framework

TCP/IP protocol suite is for internet
OSI protocol suite is for telecommunications equipment
Other Standards Organisations
o EIA (Electronic Industries Alliance) standards for electrical
wiring, connectors, racks
o TIA (Telecommunications Industry Association) communication
standards in radio equipment, cellular towers, VoIP, satellite
o ITU-T (International Telecommunications UnionTelecommunication Standardisation Sector) one of largest and
oldest, defines video compression, IP Television, broadband
communication like DSL
o ICANN (Internet Corporation for Assigned Names and
Numbers) coordinates IP address allocation, domain names,
protocol identifiers/port numbers
o IANA (Internet Assigned Numbers Authority) department of
ICANN- does IP address allocation, domain name, and protocol
identifiers

Reference Models
The Benefits of Using a Layered Model
o Assists in protocol design, Fosters competition, Prevents
technology or capability changes in one layer from affecting
other layers, Provides a common language
o Protocol- describes the functions that occur at each layer of
protocols: e.g. TCP/IP
o Reference- aids in clearer understanding of functions and
processes involved- provides consistency within all types of
network protocols: e.g. OSI model
The OSI reference model
o Framework on which to build a suite of open systems protocols
o 7 layers, often referred to by number
The TCP/IP Protocol model
o Four categories of functions
o Standards discussed in public forum and defined in publicly
available set of RFCs-contain both formal specification of
protocols and resources
o RFCs also contain technical and organisational documents
Comparing the OSI model with the TCP/IP model

o
o

Network access layer and application layer of TCP/IP are divided

in OSI
In network access layer, TCP/IP doesn't specify which protocols
to use, but OSI discusses necessary procedures to access media

MOVING DATA IN A NETWORK

Data Encapsulation
Communicating the Messages
o Divide data into packets- segmentation
o By sending smaller pieces, many different conversations can be
interleaved- multiplexing
o Increases reliability- can be split up to not overload congested
networks, and if a piece fails to arrive, only that bit needs to be
retransmitted
o Downside- added complexity
Protocol Data Units
o PDU is form that piece of data takes, changes name at each
layer
Data- general term for PDU at application layer
Segment- Transport layer PDU
Packet- Network layer PDU
Frame- Data link layer PDU
Bits- Physical layer PDU
Encapsulation
o Application layer protocol, HTTP, delivers HTML formatted web
page data to transport layer- broken into TCP segments
o Each TCP segment given label (header), with info about which
process on destination computer should receive message, and
how to reassemble
o Sends to internet layer, where IP protocol implemented- IP
header added, containing source and destination host IP
address
o IP packet sent to network access layer, encapsulated in a frame
header and trailer- header contains source and destination
physical address (devices), trailer contains error checking info
o Bits encoded onto media by server NIC
Accessing Local Resources
Network addresses and data-link addresses
o Network address (layer 3)

Each IP packet has two IP addresses- source and

destination
o Data Link Address (layer 2)
In order to be transmitted over physical medium- actual
network
Source Data link Address- physical address of deviceinitially NIC
Destination data link address- physical address of next
router or interface of destination device
Communicating with a device on the same network
o Network Addresses
Network portion of address is the same, but the host or
device portion of the address will be different
o Data Link Addresses
Data link frame sent directly to destination address
receiving device
On ethernet, addresses are called Ethernet MAC addresses
(48 bit addresses physically embedded on Ethernet NIC)
MAC also called physical address or burned-in address (BIA)
MAC and IP Addresses
o Must know physical and logical addresses of destination host
o Source can learn destination IP address using DNS, or entered
manually
o Most network applications rely on logical IP address to identify
location
o Sending host uses protocol called ARP (Address Resolution
Protocol) to discover MAC address- ARP is broadcast message
containing IP address- each device examines ARP to see if its
their IP address- match replies with its MAC address

Accessing remote resources

Default gateway
o Router (default gateway IP address of an interface on router on
same network as source) must be used to send a message to a
remote network
Communicating with a device on a remote network
o Network address- network number will be different in the IP
address
o Destination MAC address- default gateway or router. Data link
frame cannot be sent directly to destination host- not directly
reachable

CHAPTER 4
PHYSICAL LAYER PROTOCOLS

Purpose of the Physical Layer

The Physical Layer
o Transport bits that make up DLL frame across the media
o Encodes frames to create electrical, optical, or radio waves
o NIC-Ethernet NIC for wired, WLAN NICs for wireless
o Consists of circuitry, media, and connectors
Standards
o TCP/IP suite protocols defined by IETF in RFCs
o Governed by ISO, TIA/EIA, ITU, ANSI, IEEE, FCC, ETSI, CSA,
CENELEC, JSA
Fundamental Principles of Layer 1
Physical Layer Fundamental Principles
o

Encoding

Method of converting stream of data bits into predefined

code
Manchester Encoding- 0= high to low, 1 = low to high
(used in older Ethernet, RFID)
Non-return to Zero (NRZ)- two states termed 0 and 1, no
neutral position

Signaling

Method of representing bits on media

Asynchronous: without clock signal- time spacing is
arbitrary duration, needs start and stop indicator flags
Synchronous: with clock signal occurring at evenly spaced
time durations- bit time
Modulation
Process where one wave (signal) modifies another
(carrier)
Frequency Modulation (FM)- carrier frequency varies
with signal
Amplitude Modulation (AM)- amplitude modifies with
signal
Pulse-coded Modulation (PCM) analogue converted to
digital signal by sampling amplitude and expressing
difference as binary number- sampling rate must be
twice highest frequency in signal

Bandwidth
o Capacity of medium to carry data
o Digital bandwidth- amount of data that can flow in a given
amount of time
o Factors include properties of physical media, and technologies
chosen for signaling and detecting network signals
Throughput
o Measure of the transfer of bits across media over given period
of time
o Factors such as amount, type of traffic, and latency created by
intermediary network devices between source and destination
o Cannot be faster than slowest link of the path
o Goodput- throughput minus traffic overhead
Types of Physical Media
o Standards for copper media
Type of copper cabling
Bandwidth of communication
Type of connectors used
Pinout and colour codes of connections
Maximum distance of media

NETWORK MEDIA

Copper Cabling
Characteristics
o Inexpensive, easy to install, low resistance
o Signal attenuation- longer it travels, more it deteriorates
o Electromagnetic Interference (EMI) or radio frequency
interference (RFI): fluorescent lights or electric motors can
distort/corrupt signals
o Crosstalk: EM fields disturb adjacent wires- can hear part of
another voice conversation on phones
o To counter EMI/RFI, wrapped in metallic shielding with
grounding connections
o To counter crosstalk, opposing circuit wire pairs twisted
together
Shielded Twisted-Pair (STP) Cable
o Better noise protection, but more expensive and difficult to
install
o Terminated with special shielded connectors (but if improperly
grounded, shield could counterproductively act as antenna and
pick up more signals)

Foil shields entire bundle of wire- eliminates nearly all (more

common) OR
o Shields bundle as well as individual wire pairs- eliminate ALL
interference
o Used in token ring, now in 10GB standard for Ethernet
Coaxial Cable
o Two conductors with same axis
Copper conductor to transmit
Surrounded by layer of plastic insulation
Surrounded by woven copper braid or foil- second foil and
shield for inner conductor
Entire cable covered in cable jacket
Uses different types of connectors
o Used in cable television one way
o Wireless installations- attach antennas to wireless devices
(carries RF energy between antenna and radio equipment)
o Cable Internet Installations- cable SPs converting from one way
to two way for internet connectivity. Final connection to
location and wiring inside customer's premises still coax, while
rest is replaced by fibre: combined use referred to as Hybrid
Fibre Coax (HFC)
Copper Media Safety
o All susceptible to fire and electrical hazards
o Can present undesirable voltage levels- copper cabling
connecting different floors with different power facilities
o Can also conduct voltage from lightning strikes to network
devices
o Must be installed according to relevant specifications and
building codes
o

UTP Cabling- Unshielded Twisted Pair

Properties
o Most common, four pairs of colour coded wires twisted
together
o 22- or 24- gauge copper wire
o No shielding for EMI/RFI, but can limit by
Cancellation: when 2 wires placed together, magnetic fields
exact opposite, cancel each other out, as well as other EMI
and RFI signals

Varying number of twists per wire pair: each coloured pair

twisted different number of times
Standards
o Conforms to standards by TIA/EIA: Cable types, Lengths,
Connectors, Termination, and Method of testing
o Electrical characteristics defined by IEEE- places cables into
categories according ability to carry higher bandwidths- cat5e is
minimally acceptable cable type
o Usually terminated with RJ-45 Connector
Types
o Ethernet Straight through: host to switch or switch to router
o Ethernet Crossover: connects similar devices together
o Rollover: Cisco Proprietary cable used to connect to router or
switch console port
Testing
o UTP cable tester used to test for: Wire map, Cable length, Signal
loss due to attenuation, Crosstalk

Fibre-Optic Cabling
Properties
o Longer distances and higher bandwidths
o Can transmit signals with less attenuation and immune to
EMI/RFI
o Used in:
Enterprise networks: backbone cabling applications and
infrastructure devices
FTTH and Access Networks: Fibre-to-the-home is always on
broadband services
Long-Haul networks: connect countries and cities
Submarine Network: able to survive undersea environments
Cable Design
o Core- pure glass, where light is carried
o Cladding- surrounds core, acts as mirror- total internal
reflection
o Jacket- PVC jacket protects core and cladding
Types
o Light pulses can be lasers or light emitting diodes (LEDs)
o Photodiodes detect light pulses, converting them to voltages
and reconstructed into data frames

Single-Mode Fibre (SMF): small core, expensive single laser

light- good for long distance telephony and tv
o Multimode fibre (MMF): large core, uses LED at different anglespopular in LANs, cheaper, up to 550m, but dispersion
Connectors
o Dimensions and methods of mechanical coupling differ
o Straight-Tip (ST): bayonet style used with multimode
o Subscriber Connector (SC): LAN/WAN connector uses push/pull
mechanism- multi and single-mode
o Lucent Connector (LC): smaller size, supports both
o Two fibres required to support full duplex operation, so two
fibre cables bundled together and terminated with single fibre
connectors- duplex connector
o Patch cords used to interconnect infrastructure devices
Testing
o Misalignment: media not precisely aligned when joined
o End Gap: media does not completely touch splice or connection
o End Finish: ends not well polished or dirt present at termination
o Can use bright flashlight or OTDR to test
Fibre vs Copper
o No interference, longer
o More expensive, different skills needed, more careful handling
o

Wireless Media
Properties
o Unrestricted by conductors or pathways, great mobility options,
increasing number of wireless devices
o Concerns
Coverage areas: good in open areas, but limited inside
Interference: cordless phones, fluorescent lights, microwave
ovens can all disrupt
Security: devices and users not authorised can gain accessno access to physical media necessary
Types
o Data communications Standards
Standard IEEE 802.11: WLAN (Wifi), contention system with
CSMA/CA media access process used
Standard IEEE 802.15: WPAN (Wireless personal area
network), e.g. bluetooth, uses device pairing

Standard IEEE 802.16: Worldwide Interoperability for

Microwave Access (WiMAX), point to multipoint topology
for wireless broadband access
o Physical layer specifications applied to areas like
Data to radio signal encoding
Frequency and power of transmission
Signal reception and decoding requirements
Antenna design and construction
Wireless LAN
o WAP: concentrates wireless signals and connects to Ethernet
o Wireless NIC adaptors: provides communication capability to
each network host
802.11 WiFi Standards
o IEEE 802.11a: 5GHz and speeds up to 54 Mb/s (not with b and
g), higher frequency, less coverage/penetration
o IEEE 802.11b: 2.4GHz 11Mb/s
o IEEE 802.11g: 2.4 GHz 54 Mb/s
o IEEE 802.11n: 2.4GHz and 5GHz, 150-600 Mb/s range of 70m,
backwards compatible with a/b/g
o IEEE 802.11ac: 5Ghz 450 Mb/s - 1.3 Gb/s, backward compatible
with a/ n
o IEEE 802.11ad: WiGig uses tri-band of 2.4 GHz, 5GHz, 60GHz, up
to 7Gb/s

DATA LINK LAYER PROTOCOLS

Purpose of the Data Link Layer

Data link Layer
o DLL's role to prepare data and control how it accesses physical
media
o Responsible for exchange of frames between nodes, allowing
upper layers to access media: Accepts layer 3 packets,
packaging them into frames
o Controls MAC and performs error detection
Sublayer
o Logical Link Control (LLC): upper sublayer, puts info in frame
identifying which protocol is used for the frame
Takes network layer packet, adds control information to
help deliver packet to destination node
Can be considered driver software for NIC

Media Access Control (MAC): lower sublayer, provides DLL

addressing and delimiting of data, and type of DLL protocol in
use
Layer 2 protocols specify encapsulation of packet into
frame, and how to get frames on and off each medium
Packets traverse over different physical networks- DLL
preps and controls access
Without DLL, IP would have to do all this work, plus change
as new media developed
Providing access to media
o At each node, a router accepts frame, de-encapsulates, reencapsulates, and forwards
o

Layer 2 Frame Structure

Formatting Data for Transmission
o Includes header (control information like addressing), data (IP
header, transport layer header, and application data), and trailer
(control information for error detection)
Creating a Frame
o Framing breaks stream into groupings
o Start and stop indicator flags- used by MAC sublayer to find
beginning and end limits of frame
o Addressing- used by MAC sublayer to identify source and
destination nodes
o Type- used by LLC to identify layer 3 protocol
o Control- identifies special flow control services
o Data- frame payload
o Error Detection
Layer 2 Standards
Generally not defined by RFCs, rather Engineering organisations
(IEEE, ITU, ISO, ANSI) and communication companies
MEDIA ACCESS CONTROL

Topologies
Physical: How end devices and infrastructure devices are
interconnected
Logical: way a network transfers frames from one node to the next,
using virtual connections; signal paths defined by DLL protocols

WAN Topologies
Common Physical WAN
o Point-to-Point: permanent link between two endpoints
o Hub and Spoke: WAN version of Star- central site interconnects
branch sites using point to point
o Mesh: High availability, but every end system connected to
everything, high admin/physical costs
Logical Point to point topology
o Don't have to share media with others, no question about
whether incoming frame is for them
o Use of physical devices does not affect logical topology
o Logical connection formed between two devices is called virtual
circuit (even if intermediary devices)
o Media access method used by DLL protocol is determined by
logical point to point topology rather than physical
LAN Topologies
Physical LAN topologies
o Star- End devices connected to central switch; most common
LAN topology as easy to install and troubleshoot, scalable
o Extended star/Hybrid: central intermediate devices interconnect
other star topologies (in hybrid, may interconnect using bus)
o Bus: all end systems chained to each other, terminated in some
form on each end; switches not required, used in legacy
Ethernet because cheap and easy set up
o Ring: end systems connected to neighbour, not terminated;
used in Fibre Distributed Data Interface (FDDI) networkssecond ring for fault tolerance or performance enhancements
Logical Topology- Contention Based Access
o Non-deterministic contention-based method, attempt to access
medium whenever it has data to send
o Can fail, causing data collision- corrupted, needs to be resent
o Don't have overhead, but doesn't scale well under heavy media
use, and recovery mechanisms diminishes throughput
o Carrier Sense Multiple Access with Collision detection
(CSMA/CD): end device monitors for signal, if free, send, if
detected, wait (used by traditional Ethernet) Using switches and
full-duplex mean now unnecessary

Carrier sense multiple access with collision avoidance

(CSMA/CA): device checks for data signal- if free, notifies across
media of intentions- once receives clearance to transmit, sends
data (used by wireless 802.11)
Multi-access Topology
o Number of nodes communicate with same media (bus)- all
receive frame, only intended recipient processes to see content
o Requires DL MAC method to regulate and reduce collisions
Controlled Access
o Network devices take turns to access medium using token
(scheduled access/ deterministic)
o Can be inefficient
o Token ring, FDDI (based on token bus)- both obsolete
Ring Topology
o Logical- Each node receives a frame, removes it, if not
addressed to node, passed on to next node (token passing).
o Usually only 1 frame at a time carried by media- if no data
transmitted, signal (token) may be placed on media, and node
only places data frame on media when it has the token
o

Data Link Frame

Header
o Unique to each type of protocol; following is Ethernet
Start Frame Field
Source and Destination Address fields
Type field (upper layer service contained in frame)
o Other fields include
QoS/Priority field
Logical connection Control field (establishes logical
connection)
Physical Link control field (establishes media link)
Flow control field
Congestion control field
Trailer
o Error detection: Transmitting node creates logical summary of
contents- Cyclic Redundancy Check (CRC), Value placed in
Frame Check Sequence (FCS) of frame, Receiving node
calculates own logical summary (CRC), and compares two
values: If different, frame discarded
LAN and WAN Frames

Layer 2 protocol depends on logical topology of network,

technology used to implement, and size of network
o LAN- high bandwidth technology, capable of supporting lots of
hosts
o WANS- cost of long distance links means low bandwidths
o Common DLL protocols
Ethernet
Point-To-Point Protocol (PPP)
802.11 Wireless
High level Data Link Control (HDLC)
Frame Relay
Ethernet Frame
o Dominant, defined in 802.2 and 802.3
o Supports 10 mbps, 100 mbps, 1gbps, 10 gbps
o Provides service using CSMA/CD as media access method
PPP Frame
o Delivers frames between 2 nodes, defined by RFC, developed as
WAN protocol
o Can be used on twisted pair, fibre-optic, satellite, and virtual
o Uses layered architecture- logical connections called sessions
o Session hides media from upper PPP protocol, and can
encapsulate multiple protocols over PP link- each protocol
establishes own PPP session
o Also allows 2 nodes to negotiate options- authentication,
compression, multilink
802.11 Wireless Frame (Wi-Fi)
o IEEE 802.11 standard uses same LLC and addressing scheme as
other 802 LANs, but differences in MAC sublayer and physical
layer
o Contention-based system using CSMA/CA (random back off
procedure)
o Use data link acknowledgements to confirm frame received
successfully- if not detected, frame is retransmitted
o Other services are authentication, association, and privacy
o Frame fields
Protocol Version field
Type and Subtype field (control, data, management)
To DS field (set to 1 in data frames destined for
distribution)
From DS field (set to 1 in data frames exiting distribution)
o

More Fragments field (set to 1 for frames with another

fragment)
Retry field (set to 1 if retransmission)
Power management field (1 if node is in power save mode)
More Data field (1 if more frames buffered for power saved
mode)
Wired Equivalent Privacy (WEP) field (1 if frame contains
WEP encrypted info/security )
Order field (1 that uses Strictly Ordered Service Class)
Duration/ID Field (time or association identity (AID) for
transmission station)
Destination Address field (MAC Address for final )
Source Address
Receiver Address (device thats immediate recipient)
Fragment Number field
Sequence number field
Transmitter Address field
Frame Body field
FCS field (32 bit CRC)

CHAPTER 5
ETHERNET PROTOCOLS

Ethernet Operations
802.2 in LLC, Supports from 10Mb/s to 100 Gb/s
MAC Sublayer
o Implemented by hardware: Ethernet- 802.3, 802.3u fast ethernet,
802.3z GigabitEthernet, FDDI
o

Responsibility 1: Data Encapsulation

Frame assembly before and disassembly after- add header

and trailer
Frame Delimiting: identifies a group of bits making up a
frame- synchronisation
Addressing: Adds MAC address
Error Detection: CRC in trailer, after reception, node creates
CRC- compares for match
o Responsibility 2: Media Access Control: placement/removal of
frames from media
o Logical topology of Ethernet is multi-access bus: all nodes share
medium. Contention-based, uses CSMA technology
MAC Address: Ethernet Identity
o MAC Address used to remove overhead of every computer in
network processing every frame
o MAC added as part of layer 2 PDU
o 48-bit binary value as 12 digits
o MAC must be globally unique: IEEE enforced rules for vendors assigns vendors Organisationally Unique Identifier (OUI) 24 bit
code. Last 24 bits must have unique value
Frame Processing
o MAC address (BIA) historically burned into ROM on NIC
o At boot, NIC copies MAC addresses into RAM
o Each NIC in network views packet at MAC to see if destination

Ethernet Frame Attributes

Ethernet Encapsulation
o Each section of frame is called a field
o 802.3 Ethernet and DIX Ethernet II (latter used in TCP/IP)
o Difference is addition of Start Frame Delimiter (SFD) and change
from Type to Length in 802.3
Ethernet Frame Size

Both standards define minimum size as 64 bytes and maximum

as 1518 (Preamble and SFD not included)
o Any frame less than 64 is collision fragment or runt frame and is
discarded
o 802.ac extended max to 1522 to accommodate VLAN
o QoS leverage User Priority field
Introduction to the Ethernet Frame
o Preamble 7 and Start Frame Delimiter 1 Fields
Used for sync between devices, Tell receivers to get ready
for new address
o Destination MAC Address Field 6
o Source MAC Address field 6
o Length Field 2
Defines length of data field- used by FCS to ensure no
errors
Describe which protocol is present
If less/more than 1500, then Ethernet II/802.3
o Data Field
46-1500
If small packet is encapsulated, additional bits called a pad
used to increase size to 64
o Frame Check Sequence Field 4
CRC
If no match, frame is dropped
o

Ethernet MAC
MAC Addresses and Hexadecimal
o Respresented by 0x prefix, or H suffix
o Used to represent MAC or IPv6 addresses
o Ipconfig /all used to identify MAC address
Unicast MAC Address

Broadcast MAC Address

o DHCP and ARP use broadcasts
o FF-FF-FF-FF-FF-FF MAC address
Multicast MAC Address
o Devices in multicast group are assigned group IP address,
Between 224.0.0.0 and 239.255.255.255
o Useful in remote gaming, and distance learning
o MAC address always begins with 01-00-5E

ADDRESS RESOLUTION PROTOCOLS

ARP Functions
Broadcast requests and unicast replies
Resolves IPv4 addresses to MAC
o When packet encapsulated to frame, node refers to table to find
DLL address mapped to IPv4 address- called ARP table/cache,
stored in RAM
o Each entry binds IP to MAC- relationship is called a map
o If MAC found in table, uses it as address
Maintains a table of mappings
o Maintained dynamically- monitor incoming traffic, or send ARP
request
o Unicast reply comes, and new entry is made in table
o If no response, packet dropped as it cannot be created
o Time stamped- if expires, removed from table
o Static entries can be entered, and do not expire over time
ARP Role in Remote Communication
If destination host not on local network, delivered to router, using
gateway MAC address
When packet created, compares destination IP address and own IP
address to see if on local network; if not, determines MAC address
for router
Removing entries from an ARP Table
ARP cache timer removes entries- time different
Commands used to manually remove
Need to remove no longer operational devices, otherwise will
attempt to send
ARP Issues
How ARP can create problems
o Broadcasts, overhead on the media
Possible reduction in performance if lots try to access
simultaneously initially, until ARP established
o

Security

ARP spoofing/poisoning
Inject wrong MAC address with fake ARP replies

Frames sent to wrong destination

Manually configuring static, or restrict
Mitigating ARP problems
o Modern switches provide segmentation, divide LAN into
independent collision domains
o Each port provides full media bandwidth
o Isolate unicast communications so that they're only heard by
source and destination- ARP replies only 2 nodes

Specialised access lists and port security

LAN SWITCHES

Switching
Switch port fundamentals
o Based only on OSI MAC address
o Builds MAC address table used to make forwarding decisions
Switch MAC address table
o Integrated circuits accompanying machine programming that
allows data paths through switch to be controlled
o For switch to know which port to use, must learn which nodes
exist
o Handles incoming data using MAC address table- records MAC
address of nodes from each port
o If dont know, forwards packet to all ports, receives response
and records
o If connected to another switch, can have multiple MAC
addresses for that switch in table
Duplex Settings
o Port must be configured to match duplex setting of media type
o Half Duplex (CSMA/CD)
Unidirectional data flow
Higher collision rates
Hub connectivity
Both devices can transmit and receive on media, but not
simultaneously; Ethernet established arbitration rules to
resolve same time conflicts
o Full Duplex
Bidirectional, reducing wait time
Frames cannot collide because end nodes have two
separate circuits

Point to point only, attached to dedicated switch port,

requiring full duplex support on both ends
Collision free, and CD circuit disabled
Both devices can transmit and receive at same time
o Cisco Catalyst switch supports full, half, and autonegotiationtwo ports communicate to decide best mode
Auto-MDIX
o Must have correct cable type for each port
o Now support mdix auto interface config command
o Allows either cross over or straight through
Store-and-forward switching- computes CRC, if valid continues
(needed for QoS) used in cisco catalyst
Cut-through switching
o forwards frame before fully received: at minimum destination
address needed
o Fast-forward Switching- typical method, can have errors, lower
latency
o Fragment-free switching- stores first 64 bytes (most errors occur
here), small CRC
o Some switches do cut-through until lots of errors, then change
to store-and-forward until under threshold again, then goes
back
Memory Buffering on Switches
o May use buffering technique to store, or when destination port
is busy
o Port-based memory: specific incoming and outgoing port
queues
o Shared memory: common memory buffer, dynamically linked,
asymmetric switching allows different data rates on different
ports

Fixed or Modular
Fixed versus Modular Configurations
o Power over Ethernet (PoE): allows switch to deliver power to
device over Ethernet cabling
o Forwarding Rate: rates how much data a switch can process per
second
o Entry layer switches have lower FR than enterprise layer
switches

o
o
o
o

Switch form factors: Stackable/non-stackable, thickness of

switch (number of rack units), port density
Fixed configuration Switches: fixed
Modular Switches: flexible with different sized chassis for
different numbers of modular line cards (containing ports)
Stackable configuration switches: connected by special cable to
make 1 large switch

Layer 3 Switching
Layer 2 Versus Layer 3 Switching
o Layer 2 based only on MAC address and depends on routers to
pass data out of LAN
o Layer 3 can also use IP address information, can also perform
routing functions
Cisco Express Forwarding
o CEF decouples layer 2 and layer 3 decision making to accelerate
forwarding
o Forwarding information base (FIB): similar to routing table- best
path to destination network stored in CEF data structuresnetworking device uses FIB lookup table to make decisions
without route cache, and updated when changes
o Adjacency tables maintain layer 2 next-hop addresses
o Separation of FIB and adjacency benefits
Separate building, without any packets being process
switched
MAC header rewrite not stored in cache, so changes do not
require invalidation of entries
Types of Layer 3 Interfaces
o Switch Virtual Interface (SVI): logical interface associated with
VLAN- must be enabled for remote, as well as routing between
VLANs
o Routed Port: physical port acting as router port on switchenable them to act as routers
o Layer 3 EtherChannel: logical interface associated with bundle
of routed ports. Used to bundle Ethernet links to aggregate
bandwidth
Configuring a Routed Port on a Layer 3 Switch
o Not associated with VLAN, can be configured with layer 3
routing protocol, and does not support layer 2 protocol
o Interface mode, no switchport

CHAPTER 6
NETWORK LAYER PROTOCOLS

Network Layer in Communications

The Network Layer
o Addressing End Devices: must have unique IP address
destination
o Encapsulation: Receives PDU from transport layer, adds header
info (IP source and destination addresses)
o Routing: Provides services to direct packets to host on another
network- must be processed by router, role of router to select
paths for and direct packets
o De-encapsulation: When packet arrives at network layer of
destination, IP checked, if match, header removed, passed to
transport layer
Network Layer Protocols
o Network layer protocols specify the packet structure and
processing used to carry the data from one host to another
host- IPv4, IPv6
o Legacy Protocols include IPX, AppleTalk, CLNS/DECNet
Characteristics of the IP Protocols
IP- Connectionless
o No dedicated end to end connection created before sending
packet
o Does not require initial exchange of control information, nor
any additional fields in header to maintain connection, greatly
reducing overhead
o Senders unaware whether destination is present/functional, or if
received/accessible/readable
IP- Best Effort Delivery
o No capability to manage/recover from undelivered/corrupt
packets
o No synchronisation data for tracking or confirmation, may be
out of order, corrupt, or missing
o Resolution of these issues in upper layer services (TCP)
o IP more adaptable and accommodating for different types of
communication
IP- Media Independent

Can go on any medium- responsibility of DLL to prepare packet

for transmission
o 1 characteristic of media- max size of PDU allowed- Maximum
Transmission Unit (MTU)
o DLL passes MTU up to network layer
o Sometimes router must 'fragment' packet when forwarding to
medium with smaller MTU
Encapsulating IP
o Header added so it can be routed through complex networks to
reach destination
o Allows services at different layers to develop and scale without
affecting other layers- new protocols can be made without
affecting other layers
o

IPv4 Packet
IPv4 Packet Header
o ARPANET 1983
o IP Header and Payload
o Version: IPv4 is 0100
o Internet Header Length (IHL): 4 bit identifies number of 32 bit
addresses in header- minimum 5, maximum 15 (20-60 bytes)
o Differentiated Services (DS): 8 bits to show priority of packet.
First 6 identify Differentiated Services Code Point (DSCP) for
QoS. Last 2 identify Explicit Congestion Notification (ECN) value
used to prevent dropped packets during congestion
o Total Length: 16 bits defines entire packet size- minimum 20
bytes, max 65,535 bytes
o Identification: 16 bits identifies fragment
o Flags: 3 bits how fragmented, used with Fragment Offset and
Identification fields
o Fragment Offset: 13 bits identifies order to place fragment
o Header Checksum: 16 bits used for error checking header
o TTL: 8 bits specified in seconds but usually hop count,
decreased by 1 each hop. If turns to 0, router discards and
sends ICMP time exceeded message
o Protocol: 8 bits data payload type- ICMP (1), TCP (6) and UDP
(17)
o Source IP Address
o Destination IP Address
IPv4 Header Fields

o
o

Remaining Fields identify/validate packet (See blue above)

Or reorder fragmented packet (green)

IPv6 Packet
Limitations of IPv4
o IP Address Depletion: 4 billion addresses, Increasing IP enabled
devices, always-on connections, and potential growth
o Internet Routing table expansion: More nodes connect, number
of network routes increase, consume memory and processor
resources
o Lack of End-to-end connectivity: Network Address Translation
(NAT) allows for multiple devices to share 1 public IP addressinternal network host address is hidden, problematic for end to
end connectivity
Introducing IPv6
o 1990s IETF
o Increased Address Space: 128 bit hierarchical- 340 undecilion
addresses
o Improved Packet Handling: Simplified, fewer fields, improving
packet handling and support for scalability
o Eliminates need for NAT: reduces problem, everyone can get an
IPv6 address
o Integrated Security: supports authentication and privacy
capabilities
Encapsulating IPv6
o IPv4 Header had 20 octets and 12 basic fields
o IPv6 Header has 40 octets (mostly addresses) and 8 header
fields
o Better routing efficiency for performance and scalability
o No requirement for processing checksums
o Simplified more efficient extension header mechanisms
o Flow label for per-flow processing, don't need to open inner
packet to identify various traffic flows
IPv6 Packet Header
o Version: 4 bits IPv6 is 0110
o Traffic Class: 8 bit field same to DS in IPv4
o Flow Label: 20 bits provides special service to real-time
applications, used to inform routers/switches to maintain same
path for packet flow so not reordered
o Payload Length: same as Total length in IPv4

o
o
o
o
o

Next Header: Same as protocol Field- payload type, where to

pass up
Hop Limit: Same as TTL
Source Address
Destination Address
Optional Extension Headers (EH): placed between header and
payload, used for fragmentation, security, mobility, etc.

ROUTING

How a Host Routes

Host Forwarding Decision
o Itself: loopback (127.0.0.1)- useful to test connection
o Local Host
o Remote Host
o Local/remote dependent on IP address and subnet mask of
source compared to destination
Default Gateway
o Maintains routing table in RAM
o Hosts have local routing table containing:
Direct Connection: loopback
Local Network Route: network automatically populated
Local Default Route: How to get to default gatewaydynamically or manually configured
IPv4 Host Routing Table
o Route print (netstat -r) used to display host routing table
o Unexplained/unnecessary connections are security
threat/consume resources
o Interface List: lists MAC address and assigned interface number
o IPv4 Route Table: Lists all routes
Network Destination: Lists reachable networks
Netmask: subnet mask
Gateway: lists addresses used to get to remote network
destination- if directly reachable, "on-link"
Interface: lists address of physical interface going to
gateway
Metric: Cost of each route
o IPv6 Route Table: lists all IPv6 routes
Ipv4 Host Routing Entries
o Destination networks can be grouped into 5 sections
o 0.0.0.0: all packets that don't match any addresses go to default
gateway

o
o
o
o

127.0.0.0-127.255.255.255: Loopback
192.168.10.0/24: has network address representing all, the host
address, and the broadcast address
224.0.0.0: Multicast class D addresses, through loopback or host
IP interface
255.255.255.255: limited broadcast IP address values for
loopback/host, used to find DHCP server

Router Routing Tables

Router Packet-forwarding Decision
o Directly-connected routes: from active router interfaces, added
when interface is configured with IP address and activatedeach interface connected to different network segment,
maintain information about network segments
o Remote Routes: from remote networks, can be manually
configured or dynamically by allowing router to exchange
routing info with others using dynamic routing protocols.
IPv4 Router Routing Table
o Both routing tables identify destination network, metric, and
gateway
o Show ip route used to display routing table, as well as how
route learned, last update, which interface to use
Directly Connected Routing Table Entries
o Two entries automatically created when interface is configured
o Route Source: How route was learned (C= connected, L=link
local)
o Destination Network: Address of remote network
o Outgoing Interface: identifies exit interface
o S=Manually created by admin to reach specific network- static
route
o D=Dynamically learned using Enhanced Interior Gateway
Routing Protocol (EIGRP)
o O=Dynamically learned using Open Shortest Path First (OSPF)
Remote Network Routing Table Entries
o Normal Local fields plus
o Administrative Distance: Trustworthiness of route source
o Next-Hop: Identifies IP address of next router
o Route timestamp: last heard from
Next-Hop Address
o Address of device processing packet next

o
o
o

Networks directly connected to router have no next-hop, as

router can forward directly to hosts
If route representing destination network is not in routing table,
packet is dropped
Router can be configured to use default static route to create a
Gateway of Last Resort

ROUTERS

Anatomy of a Router
A Router is a computer
o Branch: teleworkers, small business, medium size branch sites.
Cisco 800, 1900, 2900, 3900, ISR, G2
o WAN: Large businesses, organisations, enterprises. Catalyst
6500 Series, ASR 1000
o Service Provider: Large SP. ASR 1000, ASR 9000, XD 12000, CRS3, 7600 Series
o All require OS, CPU, RAM, and ROM, NVRAM
Router CPU and OS
o CPU needed to execute OS instructions- initialisation, routing
and switching functions
o OS needed to provide these functions, usually Internetwork
Operating System (IOS)
Router Memory
o RAM
IOS copied on during bootup
Running config file
IP routing table
ARP Cache
Packet Buffer
Use Dynamic RAM- DRAM, which stores instructions and
data needed by CPU
Volatile memory
o ROM
Bootup instructions
Basic Diagnostic software- POST
Limited IOS- limited back up of OS
Firmware embedded on integrated circuit
o NVRAM
Permanent storage for startup config
o Flash Memory
IOS copied from flash into RAM during bootup

1941 routers come with 2 external Compact Flash slots

Inside a router
o Fan
o Power Supply
o Shield for WAN interface card WIC or high speed WIC
o Advanced Integration Module (AIM) option that offloads
processor-intensive functions such as encryption from the main
CPU
o Synchronous Dynamic RAM used for holding the running config
and routing tables, and for supporting packet buffering
o Nonvolatile RAM and boot flash memory used for storing the
ROMMON boot code as well as
o CPU
Router backplane
o Console Ports: 2 for initial configuration using RJ-45 and USB
Type-B (Mini B)
o AUX port: RJ-45 for remote management access
o Two LAN Interfaces: Gigabit Ethernet
o Enhanced High-speed WAN interface Card (EHWIC) slots: 2
provide modularity and flexibility, supporting different types of
interface modules- serial, DSL, switch port, wireless
o Dual compact flash memory slots: can support 4 GB compact
flash card for more storage space
o 2 USB host ports: additional storage space, secure token
capability
o Compact Flash: store IOS software image, log files, voice config
files, HTML files, backup configs- default only slot 0 is populated
Connecting to a router
o Management Ports: Console and Auxiliary ports used to
configure, manage and troubleshoot router, not packet
forwarding
o Inband Router interfaces: LAN (ethernet) and WAN (serial and
DSL) interfaces with IP to carry traffic.
o LED indicator shows status information- if off while active,
something is wrong
LAN and WAN interfaces
o Accessing CLI environment- Console, Telnet/SSH, AUX
o Every interface on router is member on a different IP networkIOS does not allow two active interfaces to be on same network
o Ethernet LAN Interfaces: connect to hosts or other routers
o

Serial WAN Interfaces: connects routers to larger networks over

larger distance

Router Bootup
Cisco IOS
o Addressing, Interfaces, Routing, Security, QoS, Resource
Management (SQRAIR)
o IOS file several mb, stored in flash memory, allowing upgrades
or new features added
o During bootup, IOS copied from flash into RAM; faster, so
increases performance
Bootset files
o IOS Image File: basic operation of device's hardware
components- flash
o Startup configuration file: commands to initially configure
router and create running config- NVRAM
Router bootup process
1. Perform POST and load bootstrap program
i. POST tests router hardware, conducted by ROM chip on
CPU, RAM, NVRAM
ii. After POST, bootstrap copied from ROM to RAM, and
executes bootstrap task mainly to locate Cisco IOS and load
into RAM
2. Locate and load IOS software
i. During self decompression of IOS image file, string of #
displayed
ii. If not located in flash, looked for using TFTP server, if still
not found, scaled down version loaded instead, diagnose
problems or load full version
3. Locate and load startup config file or enter setup mode
i. Bootstrap searches for startup config- if exists, copied into
running config
ii. If TFTP server not found, router displays setup mode
prompt

CHAPTER 7
TRANSPORT LAYER PROTOCOLS

Transportation of Data
Role of the Transport Layer
o Tracking conversations: establishes temporary communication
sessions.
o Segmenting/reassembling into streams of application data
o Identifies destination : assigns each a unique identifier (port
number)
Conversation Multiplexing
o Header provides means to send and receive data when running
multiple applications/different users
The right Transport layer protocol for the right application
o TCP good for when very specific sequence or all data needs to
be received needed: Databases, web browsers, email clients,
FTP, HTTP, SMTP, Telnet, DNS, SNMP
o UDP good for video streaming, internet radio, RIP, online
games, Applications that can tolerate data loss but can't have
delay (VoIP and IPTV), have simple request and reply
transactions (DHCP, DNS and SNMP), or unidirectional
communication, or handle reliability themselves: TFTP
Introducing TCP and UDP
Introducing Transmission Control Protocol (RFC 793)
o Establishing sessions, Reliable Delivery, Ordered data
reconstruction, Flow control
o Stateful protocol: keeps track of state of communication
session- what has been acknowledged
o Header- 20 bytes of overhead
Sequence number (32): reassembly order
Acknowledgement number (32): indicates the data received
Header length (4): data offset, indicates length of header
Reserved (6): for future
Control bits (6): flags to indicate purpose/function of TCP
Window Size (16): number of segments accepted at one
time
Checksum (16): error checking
Urgent (16): Indicates if data is urgent
Introducing User Datagram Protocol (RFC 768)

Best effort delivery protocol- no overhead

Connectionless, Unreliable Delivery , No ordered data

reconstruction, No Flow control
o Pieces of communication in UDP called datagrams
o During phone calls the user, not the protocol, manages lost
information
o Header- 8 bytes
Source port (16)
Destination port (16)
Length (16)
Checksum (16)
TCP and UDP Port Addressing
o Destination port: determines what kind of data
o Source port: randomly generated by sending device to identify
conversation between two devices, allowing simultaneous
conversations-e.g. separate HTTP service requests to web server
at same time
o Socket: Combination of IP addresses and port numbers:
identifies server and service running on device
o Socket Pair has both source and destination sockets, identifying
specific conversation: Communication endpoints known,
allowing distinguishing
o <ip address>:<port number>
o IANA assigns port numbers
Well-Known Ports (0-1023)
Registered Ports (1024-49151): for user processes or
applications- when not used for server resource, can be
dynamically selected as source port
Dynamic or Private Ports (49152-65535): ephemeral ports,
assigned to identify client application during
communication when client initiates connection to service
o

TCP AND UDP

TCP Communications
TCP Connection Establishment and Termination
o Open port accepts segments- restrict server access to open
ports (security)
o TCP is full duplex protocol- each connection is two one-way
communication streams
o Control bits indicate progress and status of connection

Establishes destination device is present, has an active

accepting service for port number, and informs destination
device intention to connect
o Control information
URG- urgent pointer field significant
ACK- Acknowledgment field significant
PSH- push function
RST- Reset connections
SYN- synchronise sequence numbers
FIN- no more data from sender
TCP Three-Way handshake Analysis
o Step 1-synchronisation
Requests client to server communication with server
SYN set to 1, sent to server
Indicate initial value in sequence number field (ISN),
randomly chosen, increments for each byte of data sent
o Step 2- acknowledges first request, synchronises connection
parameters in opposite direction
Server acknowledges session and requests server to client
session
SYN and ACK set to 1, sent to client
o Step 3- acknowledgment informs destination that both sides
agree on established connection
Client acknowledges server to client communication
session
ACK set to 1, sent to server
TCP Session Termination Analysis
o Set FIN control flag in segment header, using 2 way handshake
o Client sends FIN, Server sends ACK, Server sends FIN, Client
sends ACK
o

Reliability and Flow Control

TCP Reliability- Ordered Data Reconstruction
o ISN set, incremented by number of bytes- Indicates order, how
to reassemble, any missing packets
o Arrive out of order, assembled in order- Receiving TCP places
data into receiving buffer, placed into order- any noncontiguous held for later processing
TCP Reliability & Flow Control- Acknowledgement and Window Size

Manage rate of transmission to maximum flow, while

minimising loss and retransmissions
o First determines amount of data segments the destination can
accept: Uses window size agreed upon in 3 way
o Window size: Amount of data a source can transmit before
acknowledgment must be received is called
o SEQ indicates inclusive number of bytes transmitted
o Expectation acknowledgment: (exclusive)ACK number sent back
to indicate next expected byte; next segment= ACK number
o Slowdown in data transmission helps reduce resource conflict
on network
TCP Reliable Delivery- Data loss and Retransmission
o Only acknowledges contiguous sequence bytes
o Typically, host transmits segment, puts copy in retransmission
queue with timer- if ACK not received, Returns to last ACK
number and retransmits everything
o Selective acknowledgments (SACKs): Optional- if both hosts
support, possible to acknowledge discontinuous segments
TCP Flow Control- Congestion Avoidance
o Dynamic window size: When congested, TCP can reduce
window size for more frequent acknowledgment, slowing down
speed of transmission
o Once strain gone, slowly increases until drops another packet,
continuous up and down.
o

UDP Communication
UDP Low Overhead Versus reliability
o TCP would detect small losses and retransmit, which is more
detrimental
UDP Datagram reassembly
o Transaction based- when application has data to send, it sends
data, so arrives in wrong order
USP Server Processes and Requests
o Assigned port numbers, like TCP
UDP Client Processes
o As soon as data ready to be sent and ports randomly identified,
UDP can form datagrams and send them on
o Same ports used for all datagrams in transaction

CHAPTER 8
IPV4 NETWORK ADDRESSES

IPv4 Subnet Mask

Host Addresses
o Can have any combination of 0s and 1s, but not all 0s or not all
1s
Bitwise AND operation
o When sending network data, can use to determine whether it
can send packets locally, or default gateway
o Compares network portion of own IP to network portion of
destination IP based on subnet: If match, local, if not match, go
to default gateway
o AND: One of three basic binary operations in digital logic.
Manually ANDed with subnet mask to determine network
address- result yields network address. Used to network verify
and troubleshoot
IPv4 Unicast, Broadcast, and Multicast
Assigning a Static IPv4 Address to a host
o Useful for printers, servers etc that don't change location
o Increased control of network resources- access filters based on
traffic, or from specific address
o Necessary to maintain list
Assigning a Dynamic IPv4 Address to a host
o New laptops/smartphones arrive, easier to do dynamically
o DHCP enables auto assignment. Leased- if host powered down
or taken off network, address returned to address pool for reuse
Unicast Transmission
o Used for normal host-to-host communication
o destination device is address
o Source address is always unicast address of originating host
Broadcast Transmission
o Used for mapping upper layer to lower layer addresses , or
request(ARP)
o Directed: sent to all hosts on specific network (non local)- by
default routers don't forward broadcasts though
o Limited: local networks, always 255.255.255.255
o Broadcasts should be limited- so as not to adversely affect
performance

Can subdivide networks to improve performance

Multicast Transmission
o Designed to conserve bandwidth
o Responsibility to replicate multicast flows so they reach only
intended recipients
o Examples: video and audio broadcasts, routing information
exchange, distribution of software, remote gaming
o Range is 224.0.0.0 - 239.255.255.255
o Reserved Link Local Addresses
224.0.0.0-224.0.0.255
Multicast groups on local network
Used in routing protocols used to exchange routing
information
o Globally Scoped Addresses
224.0.1.0-238.255.255.255
Multicast across internet
224.0.1.1 is reserved for network time protocol to
synchronise time of day clocks
o Administratively scoped addresses (limited scope addresses)
o Multicast clients use services to subscribe to multicast group
o Each group represented by a single destination address
o Has group and unique address
o

Types of IPv4 Addresses

Public and Private IPv4 Addresses
o Some blocks of addresses in networks that require limited or no
internet access- private addresses
o 10.0.0.0-10.255.255.255 (10.0.0.0/8)
o 172.16.0.0-172.31.255.255 (172.16.0.0/12)
o 192.168.0.0 - 192.168.255.255 (192.168.0.0/16)
o RFC 1918, Address Allocation for Private Internets
o RFC 6598 IANA reserved another group of shared address
space- only for use in service provider networks- 100.64.0.0/10
Special-use IPv4 Addresses
o Network and Broadcast Addresses, Loopback,
o Link Local Addresses: 169.254.0.0-169.254.255.255, auto
assigned to local host by OS when no IP config available- for
not DHCP, same network, set time to live (TTL) to 1
o TEST-NET Addresses: 192.0.2.0/24 for teaching and learning
purposes- documentation and network examples

Experimental Addresses: 240.0.0.0-255.255.255.25 reserved for

future use.
Legacy Classful Addressing
o RFC1700, Assigned numbers, grouped unicast ranges
o Class A: >16mil host addresses, use /8, only 128 combinations,
10.0.0.0-10.255.255.255
o Class B: <65,000 hosts, /16, 128.0.0.0-191.255.0.0, around 16,000
networks
o Class C: max 254 hosts, /24, 192.0.0.0-223.255.255.0, occupies
12.5%, but 2 million networks
o Class D: Multicast
o Class E: Experimental
o Abandoned in late 1990s, but OS still puts addresses into a
class. Inefficient, only /8, /16, /24, Wasted addresses
o Classless Addressing
Classless inter-domain Routing (CIDR)- Temporary solution
In 1993, IETF created set of standards to allow providers to
allocate any address bit boundary
Assignment of IP Addresses
o Unique public addresses must be regulated/allocated to each
organisation
o IANA and RIRs
Manages allocation of IPv4 and IPv6 addresses
Remaining IPv4 address space allocated to Regional
Internet Registries for regional areas
AfriNIC, APNIC, ARIN, LACNIC, RIPENCC,
o ISPs
RIRs allocate IP addresses to ISPs
ISPs supply/loan small number of addresses (6-14)
o ISP Services
Provides DNS, email, and website, own set of internal data
networks
o Tier 1: national/international directly connected to backbone,
customers either lower ISPs or large companies, highly reliable,
multiple fast connections, high costs
o Tier 2: Business customers, more services- website development
and maintenance, e-commerce/e-business, VoIP, slower internet
and less reliability
o Tier 3: purchase internet from tier 2 ISPs, retail and home
markets, primary need of connectivity and support, smaller
bandwidth/reliability, but good for small companies
o

IPV6 NETWORK ADDRESSES

IPv4 Issues
The need for IPv6
o 128 bit address for 340 undecillion addresses
o ICMPv6 (Internet Control Message Protocol Version 6)
includes address resolution and address auto-configuration
IPv4 and IPv6 Coexistence
o Dual Stack
Allows IPv4 and IPv6 to coexist on same network- run

simultaneously

Tunneling
Transporting IPv6 packet over an IPv4 network- IPv6
encapsulated in IPv4 packet
Translation
NAT64 allows IPv6-enabled devices to communicate
with IPv4 enabled devices

IPv6 Addressing
32 bits, can be upper or lowercase- Preferred format is 4 letters
then :
Rule 1: Omit leading 0s. Rule 2: Omit all 0 segments
Types of IPv6 Addresses
IPv6 Unicast Addresses
o Prefix can range from 0-128, but generally /64
o Unicast address uniquely identifies interface on IPv6enabled device. 6 types
o Global Unicast: Link-Local: Loopback: ::1/128 Unspecified
Address: ::/128 (can only be used as source address- when
device doesn't have permanent IPv6 address yet, or
irrelevant to destination)Unique Local: FC00::/7-FDFF::/7
(used for local addresses in a site or limited number of sites,
not routable)IPv4 embedded: (used to help transition,
beyond scope)
IPv6 Link-Local Unicast Addresses
o communicate with other devices on same local link/subnet
o Cannot be routed, have significant role in aspects of
network- every IPv6 interface must have link-local address
o On FE80::/10 range

Used by routing protocols to exchange messages as nexthop address

IPv6 Unicast Addresses

Structure of an IPv6 Global Unicast Address
o similar to public IPv4 Address, can be dynamically or
statically addressed
o IANA allocates IPv6 to 5 RIRs- only first three bits 001 or
2000::/3 are assigned- 1/8th
o Global Routing Prefix: Network address, /48
o Subnet ID: Used by organisation to identify subnets within
its site
o Interface ID: host portion- many interfaces, each one has
IPv6 address
Static Configuration of a Global Unicast Address
o Host Config: Type in global unicast address for router 1
connection, or default gateway address can match link local
address
Dynamic Configuration of a Global Unicast Address Using
SLAAC
o Stateless Address Autoconfiguration (SLAAC) allows device
to obtain prefix, prefix length, and default gateway address
from router without server
o Relies on router's ICMP's Router Advertisement (RA)
messages
o Routers periodically send out RA messages- default 200
seconds
o Device can send Router Solicitation (RS) using all routers
multicast
o IPv6 router forwards IPv6 packets between networks,
configured static or dynamic IPv6, and sends ICMPv6 RA
messages
o By default not enabled, need ipv6 unicast-routing
o RA message can contain 3 options
o 1- SLAAC only: device uses everything received, no info
available from DHCPv6 server
o 2- SLAAC and DHCPv6: use SLAAC info but get other info
(like DNS server address) from DHCPv6 server- called
stateless DHCPv6

3- DHCPv6 only: doesn't use RA messages- DHCPv6 assigns

and keeps track of IPv6 addresses
Dynamic configuration of a Global Unicast Address using
DHCPv6
o IPv6 allows for multiple IPv6 addresses to be configured on
same interface
o Interface ID: if RA message not used, then interface ID is
provided, but if used, then client must determine own ID
EUI-64 Process or Randomly Generated
o Extended Unique Identifier (EUI) defined by IEEE
o Uses client's 48 bit MAC address, and inserts 16 bits into
middle to create 64 bit Interface ID
o In between OUI and device identifier
o OUI's 7th bit is reversed
o Insert 16 bit value FFFE
o Advantage: MAC can be used to determine ID, allows easy
tracking, BUT privacy concerns, traced to physical computer
o Randomly Generated Interface IDs: better security (can't
be tracked by MAC address), beginning with vista
o After ID established, combined with prefix to create global
or link local (FE80::/10)
Dynamic Link-Local Addresses
o After Global unicast address is assigned, device
automatically creates link-local address
o Link local address of router is default gateway address,
exchange routing protocol messages using this, routing
tables use addresses to identify next hop router
o Dynamically created with FE:80::/10 prefix, and ID
o Cisco uses EUI-64 by default
o Drawback is length
Static Link-Local Addresses
o Provides ability to create address that is recognisable, easy
to remember
o Ipv6 address link-local-address link-local
o Only has to be unique on that link
Verifying IPv6 Address Configuration
o Show ipv6 interface brief
o Serial interfaces don't have MAC addresses, so IOS shows
MAC address of first available ethernet interface
o Show ipv6 route
o In route table, C means directly connected
o

o
o

Global unicast address installed as local route, which has

/128 prefix
Ping is same

IPv6 Multicast Addresses

Assigned IPv6 Multicast Addresses
o Reserved multicast addresses for predefined groups of
devices
o Reach a group of devices running common protocol or
service
o FF02::1 All-nodes multicast group: like broadcast, ICMP,
RA
o FF02::2 All-routers multicast group: all IPv6 routers
Solicited-Node IPv6 Multicast Addresses
o To reduce number of devices to process traffic, use this
o Address only matches the last 24 bits of global unicast
address of device
o This address automatically created when global unicast
address and link-local unicast address are assigned
o FF02:0:0:0:0:1:FF00::/104 multicast prefix
o Least significant 24 bits, copied from global unicast or link
local unicast address of device
o

Anycast: any IPv6 unicast address that can be assigned to multiple

devices- beyond scope

CONNECTIVITY VERIFICATION

ICMP
ICMPv4 and ICMPv6 Messages
o If certain errors, IP messages sent
o ICMP is for both IPv4 and IPv6, messaging protocol and more
respectively
o Host confirmation: Echo used to determine if operational- basis
of ping
o Destination/service unreachable: when host/gateway receives
package it can't deliver- 0=net unreachable, 1=host
unreachable, 2=protocol unreachable, 3=port unreachable
o Time exceeded: TTL field was decremented to 0- router discards,
sends message to source host (IPv6 uses hop limit field)

Route redirection: notify hosts that better route available - only

when source host on same physical network as both gateways
ICMPv6 Neighbour Solicitation and Neighbour Advertisement
Messages
o New protocols as part of neighbour Discovery Protocol (NDP)
o Address resolution: When IPv6 known, but not MAC, sends to
solicited node address
o Duplicate Address Detection: when global/link-local assigned,
DAD should be performed to ensure its unique- sends to own
IPv6 address, if another device has it, they'll respond with NA
message, but if not returned, acceptable
o

Testing and Verification

Ping: Testing the local Stack
o Local loopback- 127.0.0.1, or ::1
o If error message, then TCP/IP not operational on host
Ping: Testing Connectivity to the Local LAN
o Ping gateway of default gateway
Ping: Testing connectivity to remote
o Lack of ping could be due to security restrictions
Traceroute: Testing the path
o Generates list of hops
o Round Trip Time (RTT): used to locate bad router along path
o TTL/Hop limit: starts with 1, receives response from first host,
then progressively increments TTL field
CHAPTER 9
SUBNETTING AND IPV4 NETWORK

Network Segmentation
Reasons for subnetting
o Reduces overall network traffic and improve network
performance-(Flat network design- all devices on one IP
network, good for small networks but Broadcasts create traffic
on large)
o Grouped by geographic location, organisational unit, device
type
Communication between subnets
o Subnetting creates multiple logical networks from single
address block, each treated separate

IP Subnetting is Fundamental
The plan
o Examine needs (usage and structure) via network requirements
study
o Look at entire network, determine main sections, and how
segmented
o Address plan- needs for each subnet in size, hosts, and host
addresses, static/dynamic
o Public addresses generally allocated by SP
Subnetting an IPv4 Network
Basic Subnetting
o IPv4 subnets created by using 1+ host bits as network bits- the
more hosts borrowed, more subnets defined
o For each bit borrowed, number of subnets doubled
Calculating the hosts
o Borrow however many bits to cover subnet (2^n -2)
o Find subnetting masks
o Calculate network address, host range and broadcast
Benefits of variable-length subnet masking
Traditional subnetting Wastes addresses
o If all are 30 hosts, then WAN wastes 28 hosts
o Subnetting a subnet to maximise
Variable-length subnet masks
o Varies depending on how many bits borrowed for particular
subnet
o Subnetting subnets reduces number addresses per subnet to
appropriate size
o Frees up for future networks
VLSM Chart
o Identify which blocks available for use
o Assign to minimise waste and keep unused contiguous
ADDRESSING SCHEMES

Structured Design
Planning to address the network

Preventing Duplication of Addresses: documentation needed

Providing and Controlling Access: Servers can give info to
internal and external hosts
o Monitoring Security and Performance: examine network traffic
for excessive packet addresses
Assigning addresses to devices
o Address for clients- usually DHCP, reduces burden, virtually
eliminates entry errors, leased
o Address for Servers and Peripherals- static, use consistent
numbering system
o Address for hosts accessible from internet- generally servers,
static, have public space address, or private and router
configured to translate into public
o Addresses for Intermediary devices- concentration point for
traffic, good to monitor, manage, secure network, assigned level
3 addresses manually
o Address for the Gateway (Router and firewalls)- IP for each
interface, uses lowest/highest address (uniform across
organisation), network security by filtering packets
o
o

DESIGN CONSIDERATION FOR IPV6

Subnetting an IPv6 Network

Subnetting using the subnet
o IPv6 address with /48 Global Routing Prefix has /16 subnet ID
o Doesn't require borrowing bits- Just count up in hex
o WAN subnets are not subnetted further
Subnetting into the interface ID
o Can borrow bits from interface ID
o Typically done for security reasons- less hosts on subnet
o Subnet on nibble boundary- 4 bits (1 hex digit)

CHAPTER 10
APPLICATION LAYER PROTOCOLS

Application, Session and presentation

Application layer
o Interface between applications and network
o HTTP, FTP, TFTP, IMAP, DNS
Presentation Layer
o Formats/presents data from source into compatible form for
destination
o Compresses/Encrypts data
o Quicktime, MPEG, GIF, JPEG, PNG
Session Layer
o Create and maintain dialogues between source/destination
o Restarts sessions
TCP/IP Application Layer Protocols
o

Domain Name System

Internet names to IP addresses

Telnet

Remote access to servers

Simple Mail Transfer

Protocol

Transfers mail messages and

attachments

Dynamic Host
Configuration Protocol

Assigns IP address, mask, DG, DNS

server address

Hypertext Transfer
Protocol

Transfers files that make up web

pages of WWW

FTP

Interactive file transfer

Trivial File Transfer

Protocol

Connectionless active file transfer

Bootstrap Protocol
(BOOTP)

Precursor to DHCP, obtain IP address

during boot up

Post Office Protocol

Used by email clients to retrieve

email from remote server

Internet Message Access

Protocol

Another email retrieval protocol

How Application protocols interact with end user applications

Peer-to-peer Networks
o 2+ computers connected via network, can share without server
o Decentralises sources, no extra software required
o However hard to enforce security or user accounts, must
manually set up on each computer, unsafe if more than a
couple computers
P2P Applications
o Can be client and server at same time
o Need user interface and run background service
o Hybrid system: resource sharing decentralised, but indexes are
in centralised directory
o Index server help connection, but once connected, no additional
help
Common P2P Applications
o eDonkey, eMule, Shareaza, BitTorrent, Bitcoin, LionShare
o Gnutella Protocol: allow hard disk file sharing
Client-server model
o Client and server applications in application layer
o Additionally user authentication and identification

WELL-KNOWN APPLICATION LAYER PROTOCOLS AND SERVICES

Common application layer protocols

Hypertext transfer protocol and hypertext mark up language
o Access resources on web server
o Http (protocol/scheme)
o www.cisco.com (server name)
o Index.html (specific filename requested)
o Server sends HTML code to the browser, then browser deciphers
HTML code and formats page for browser window
HTTP and HTTPS
o Request/response protocol
o GET: client request, server responds with status line and
message with file or error
o POST: uploads data files to web server- filling out form
o PUT: uploads resources or content
o HTTPS: Authentication and encryption via additional rules
between application and transport layer, SSL encryption, but
additional load and processing time
SMTP, POP, IMAP

Email is store and forward method-Server checks if recipient

domain is on local database, if not, sends DNS to find IP
address, then forwarded
SMTP:
application layer sends mail using this (client to server or
server to server)
Proper format and SMPTO on both client and server
necessary
Message header (email address and sender address) and
message body
Port 25, client SMTP sends email, server places in local
account or forwards
If destination server not online, or busy, SMTP spool
messages sent later- periodically sends again, and if not
delivered after expiration time, returned to sender
POP
Retrieve mail from mail server- downloaded and deleted
from server
Server starts by listening on port 110 for connection
requests
Connection established, server sends greeting, both
exchange commands/responses until closed/aborted
Not centralised, no backup, bad for small business, good
for ISP, don't need to manage large amounts of storage
IMAP
Copies of message are downloaded
File hierarchies created, long term storage and backup,
access email from multiple locations
Costly for ISP

Providing IP Addressing Services

DNS Message format
o DNS protocol is automated service that matches resource
names with required numeric network address
o BIND (Berkeley Internet Name Domain)
o Record types
A: End device address
NS: Authoritative name server
CNAME: Canonical name when multiple services have single
network address but each service has own DNS entry

MX: Mail exchange record

BIND looks at own records, then other servers, stored in cache
o Ipconfig /displaydns displays all cached
DNS hierarchy
o Decentralised- Each DNS server maintains specific database file,
only responsible for managing mappings for small portionwhen not in zone, forwards to another DNS server
o Top level domains: type of organisation or country
(com/org/au)
o If given server has resource records that correspond to level, it
is authoritative for records
Nslookup: DNS client runs as a service itself (DNS resolver). Can find
the IP address of domain name
Dynamic Host Configuration Protocol
o Allows devices on network to obtain IP addresses, subnet
masks, gateway
o Good for larger networks or where user population changes,
wireless hotspots
o DHCP server usually local PC based server in medium/large
networks, in home usually in local router (IP address from DHCP
server at ISP)
o Security risk- any device connected can receive address
DHCP Operation
o Client broadcasts DHCPDISCOVER message
o Server replies with DHCPOFFER message with IP address, subnet
mask, IP of DNS, and IP of default gateway
o Client can receive multiple DHCPOFFER messages, identifies
one with DHCPREQUEST that accepts, and can also request
address it previously used
o Server returns DHCPACK to finalise, but if no longer valid,
DHCPNAK returned, then must start again with discover
o To renew lease use DHCPREQUEST

Providing File sharing Services

File Transfer Protocol
o FTP client is application that pushes/pulls data from server
running an FTP daemon (FTPd)
o Requires 2 connections- 1 for commands + replies, another for
file transfer
o Client makes first connection for control traffic

Client makes second connection for actual data transfer, created

every time data to be transferred
Server Message Block
o Client/server file sharing protocol describing resources
o Messages all have fixed sized header, variable sized parameter
and data component
o Messages start, authenticate and terminate sessions
o Control file and printer access
o Allow application to send or receive messages to/from another
device
o Uses DNS naming, so TCP/IP supports SMB
o Long-term connection to servers, as if resource is local to client
host
o

THE MESSAGE HEARD AROUND THE WORLD

The internet of things

BYOD, access anywhere, virtualisation, and machine-to-machine
(m2m)
50 billion devices by 2020
Smart-tagging and advanced connectivity digitises unintelligent
products
Message travels through a network
Creation of the Data: Created in application layer, encoded,
compressed, encrypted (application, presentation, and session)
Segmentation and Initial Encapsulation: Transport layer, segmented
and header added (source and destination port added)
Addressing: Network layer adds IP address (DNS helps), source and
destination IP with source and destination port number is socket
Preparing for Transportation
o Network Access Layer for generation of data onto media- frame
with header and trailer (MAC address of source and next hop)
o Data link Layer of OSI model Encodes to bits and electrical
pulses that are sent across
Transporting the Data: Network access layer specifies technique of
getting across different media
Delivering the Data to the Correct Destination Application
o In transport layer, information in header identified specific
process running on destination device

Individual processes communicate with each other via port

number (source and destination)

CHAPTER 11
CREATE AND GROW

Devices in a small network

Small network topologies
o Majority of networks are small: Single router, 1+ switches, WAP
and IP phones, and internet is single WAN connection from DSL,
cable, or ethernet
o Single employee within, or contractor does maintenance and
troubleshooting of equipment + security devices and data on
network
Device Selection for a small network
o Cost: determined by capacity (number and types of ports,
backplane speed) and features (management capabilities,
security technology, advanced switching technology) + cable
runs. Redundancy also taken into account
o Speed and Types of Ports/Interfaces: today or growth? UTP and
fibre? Newer computers have built in 1Gbps NICs
o Expandability: fixed or modular (expansion slots)
o Operating System Features and Services: Security, QoS, VoIP,
Layer 3 switching, NAT, DHCP
IP addressing for a small network
o End devices, servers/peripherals, hosts accessible from internet,
intermediary devices
o Planning and documentation help tracking and troubleshooting
o Easier to control access/locate when deterministic IP addressing
scheme used
Redundancy in a small network
o Reliable but expensive, so redundant switch connections
between multiple switches and routers, multiple NIC ports to
switches
o Single exit point to internet- if router fails, whole system goes
down (can pay least cost option with second SP for backup)
Design consideration for a small network
o Secure file and mail servers in centralised location
o Protect location from unauthorised access by implementing
physical and logical security measures
o Redundancy for server farm/Configure redundant paths to
servers
o - if one fails, files not lost

VoIP converged over network, real time traffic supported,

priority: File Transfer, Email, Voice, Video, Messaging,
Transactional

Protocols in a small network

Common applications in a small network
o Network Applications
Software used to communicate over network
Network-aware: end user apps communicate directly with
lower layers of protocol (email clients and web browsers)
o Application Layer Services
FT or network print spooling need assistance of this service
Different data need different services to prepare for
processing down OSI model
Common protocol in a small network
o DNS, Telnet, IMAP, SMTP, POP, DHCP, HTTP, FTP
o Defines Processes, types of messages, syntax of messages,
meaning of information fields, how messages are sent, expected
response, interaction with lower layer
Real time applications for a small network
o Priority Delivery: Real time to communicate, require more
planning and dedicated services
o Infrastructure
Can existing switches , cabling and routers support? Gigabit
transmission cabling
Older switches can't support Power over Ethernet (PoE),
obsolete cabling cannot support
o VoIP
Traditional telephones (voice-enabled routers: convert
analogue signals to packets)
Less expensive than integrated IP telephony solution, not
same quality
o IP Telephony
IP Phone performs voice-to-IP conversion
Voice enabled routers don't need integrated IP telephone
solution- IP phones use dedicated server for call control
and signalling
o Real-Time Applications

Real-Time Transport Protocol (RTP) and Real-Time

Transport Control Protocol (RTCP) support applications
that require delay-sensitive delivery
Allow QoS mechanisms in scalability of network - minimises
latency issues

Growing to Larger Networks

Scaling a small network
o Network Documentation: physical and logical topology
o Device Inventory: List of devices
o Budget: IT Budget with fiscal year equipment purchasing
budget
o Traffic Analysis: Protocols, applications, services and traffic
requirements documented
Protocol analysis of a small network
o Holistically allows network pro to quickly compile statistical info
about traffic flows during peak utilisation times and on different
network segments (Source, Destination and type of traffic)
o Decisions on how to manage more efficiently- reducing
unnecessary traffic flows/changing flow patterns by moving
server
Evolving protocol requirements
o Net admin can have IT Snapshots of application utilisation over
time
o OS version, Non network/network applications, CPU, drive and
RAM utilisation
o Shift in utilisation requires net admin to shift network resources
accordingly
KEEPING THE NETWORK SAFE

Network device security measures

Categories of threats to network security
o Information Theft, Identify theft, Data loss/manipulation,
Disruption of service
Physical security
o Hardware Threats: physical damage
o Environmental Threats: temperature and humidity extremes
o Electrical threats: voltage spikes brownouts, unconditioned
power, power loss

Maintenance Threats: poor handling of electrostatic

discharge/cabling/labels, no spares
Types of security vulnerabilities
o Vulnerability: degree of weakness (technological, Configuration,
or security policy)
o Threat: people interested and qualified in taking advantage of
weakness. Found through tools, scripts and programs to launch
o Attack: against networks/devices, generally endpoint
(computer/servers)
o

Vulnerabilities and network attacks

Viruses, worms, and trojan horses
o Virus: Software attached to another program to execute
unwanted function on pc. Require delivery mechanism (exe)
o Trojan Horse: Virus where entire application written to look like
something else
o Worms: don't need human interaction- self contained
Enabling vulnerability (installs self by exploiting known
weaknesses)
Propagation mechanism (after gaining access, copies itself
to host and selects new targets)
Payload (attacker has access to host)
Reconnaissance attacks
o Network attack with unauthorised discovery/mapping of
systems, services or vulnerabilities
o External attackers use internet tools (nslookup and whois) to
find address space for corporation, then ping to find active
(ping sweep tool fping/gping)
Access attacks
o Exploit known vulnerabilities in authentication services, FTP,
web services, Web accounts, confidential databases, etc
o Password Attack: packet sniffer to find accounts and passes
transmitted in clear text, OR Dictionary/brute force attacks
guessing password
DoS attacks
o Denial of service easy to execute- Prevent access by consuming
resources
Mitigating Network attacks

Backup, upgrade, update and patch

o Containment: compartmentalise uninfected parts of network
o Inoculation: start patching all systems, scan for vulnerable
systems
o Quarantine: track down each infect machine and
disconnect/remove/block them
o Treatment: Clean and patch each system (some need complete
core system reinstallations)
o Antivirus or Centralised patch that installs by itself after a set
amount of time
Authentication, authorisation, and accounting Framework
o Authentication
Who accesses
Username and password, challenge and response
questions, token cards
Local authentication: each device has own database of
user/pass
External Authentication: External network server
authentication- RADIUS (open standard, low use of CPU,
switches routers wireless devices) and TACACS+ (modular
AAA uses daemon running on security server)
o Authorisation
What they can do- Determine what sources user can use
and which operations they can perform
o Accounting
Their actions are monitored
What they do, what is accessed, how many times, and
changes made
Firewalls
o Resides between 2+ networks and controls traffic travelling into
network
o Packet Filtering: prevents/allows access based on IP/MAC
address
o Application Filtering: prevents/allows by port number
applications
o URL filtering: URL filtering/keywords
o Stateful packet inspection (SPI): incoming packets must be
legitimate responses from internal requests (can also filter out
DoS)
o Firewalls can also perform NAT, concealing IP addresses from
outside users

Appliance-based firewalls: built in to security appliance device

Server-based firewalls: runs on NOS like unix or windows
o Integrated firewalls: router receives firewall functionality
Endpoint security
o Laptops, desktops, servers, smart phones, tablets
o Employees trained on proper use, policies, documentation
o Securing layer 2 devices against MAC address spoofing, MAC
address table overflow attacks, LAN storm attacks (Attack
mitigation)
o
o

Securing devices
Introduction to securing devices
o Default username and password changed immediately
o Access to system resources restricted
o Any unnecessary services/applications turned off/uninstalled
Passwords
o 8+ characters, complex (uppercase lowercase letters symbols),
meaningless, misspell words, change often, don't write down
o On cisco routers, can use space, pass phrase
o Verify strength by using brute force attack tools on own
passwords
Basic security Practices
o Additional Password Security
Service password-encryption to prevent people from
seeing passwords in plain text
Security passwords min-length command
Login block-for 120 attempts 3 within 60
o Banners: Able to prosecute anyone accessing system
inappropriately
o Exec-timeout 10
Enable SSH
o Router has unique host name, and configure IP domain name
o One way secret keys (crypto key generate rsa general-keys
modulus) determines size of key
o Create local database username entry (username <name>
secret < secret>)
o Enable vty inbound SSH using login local and transport input
ssh
BASIC NETWORK PERFORMANCE

Ping
Interpreting Ping results
o Identify source of problem by checking protocol stack, IPv4, and
connectivity
o IOS Ping Indicators
! Is receipt of ICMP echo reply, Layer 3 successful
. Indicates time expired, device security or no path to
destination
U unreachable, no route to destination or blocked
o Testing the Loopback
Extended ping
o Privileged EXEC with no IP address: Can remotely ping by
changing source
Network Baseline
o Process that studies network at intervals, report created over
time
o Copy results from ping/trace into text file time stamped with
date and archived
o Compare results over time- error messages and response times
o Verifies host to host connectivity, latency issues, helpful for
network admins to keep network running efficiently
Tracert
List of hops: (tracert from windows, traceroute from router)
Show Commands
Common show commands revisited
o Show running-config
o Show interface
o Show arp
o Show ip route
o Show protocols
o Show version
Viewing Router settings with the show version Command
o Used to verify/troubleshoot basic hardware/software
components
o IOS version, bootstrap version, filename of IOS and bootstrap,
CPU type, RAM, number and type of physical interfaces, amount

of NVRAM, amount of flash memory, currently configured value

of software configuration register in hexadecimal
o Configuration register tells how to boot up, can change so looks
for IOS in different place on next bootup
Viewing Switch settings with the show version command
o Software and bootstrap version, system up-time, system restart
info, IOS filename, model number and processor type, memory
type (shared/main), hardware interfaces, configuration register

Host and IOS commands

Ipconfig command options
o Ipconfig /all shows MAC address
o Ipconfig /displaydns displays all cached DNS entries
Arp command options
o Arp -a lists all devices in ARP cache of host
o Arp -d clears cache
Show cdp neighbours command options
o CDP runs at data link layer (cisco proprietary protocol), starting
by default, automatically discovering neighbours running CDP
o Exchanges device identifiers (host name of switch), address list,
port identifier, capabilities list (router or switch), platform
o Show cdp neighbors detail reveals IP address of neighbouring
device
o CDP can be security risk- to disable globally, no cdp run, on
one interface, no cdp enable
Using the show ip interface brief command
o Show ip interface brief
o Displays all interfaces, IP addresses, and operational status
(including intermediary)
MANAGING IOS CONFIGURATION FILES

Router and switch file systems

Cisco IOS File System (IFS) single interface to all file systems viewed
and classified
o Flash memory file systems: several files located in flash, but last
listing is current Cisco IOS file image
o Network file systems (TFTP FTP)
o Endpoints for reading/writing data (NVRAM[to view, must
change current default file system using cd. Pwd (present
working directory) shows which directory you're working in. dir

command lists contents, including start-up config file], runningconfig, ROM)

Allows admin to move around to different directories, list files, and
create subdirectories
Show file systems shows all available systems, free memory, type
of file, permissions (ro, wo, rw)
Current default system has * preceding it, # appended to listing
indicating it's a bootable disk

Back up and restore configuration files

Backing up and restoring using text files
o Back-up Using Tera Term: File, Log, choose location to save,
capture will start, show command, text displayed will be
directed into chosen file, select close in log window
o Restoring: When copy pasting, must edit so passwords are plain
text, non command text is removed, and IOS messages are
removed. Global config, file, send, open
Backing up and restoring using TFTP
o Back-up: Copy running-config tftp, ip address of storage host,
enter name to assign to file, enter
o Restore: copy tftp running-config, ip address of storage, name
to assign to config file, enter
Using USB ports on a Cisco Router
o Optional secondary storage and additional boot device- Can
hold multiple copies, easily move and copy configs from router
to router
o 64, 128, 265MB versions, FAT16 format
o Backup: show file systems to ensure USB is there, confirm its
name, copy run usbflash0:/ to copy config to USB, then
prompted for filename
o Restore: edit file, then copy usbflash0:/R1-Config runningconfig
INTEGRATED ROUTING SERVICES

Integrated Router
Multifunction Device
o Homes use for internet sharing, print sharing, centralised
storage, etc
o Offers wired and wireless connectivity, DHCP, firewall, and
sometimes network attached storage services (NAS)

Types of Integrated Routers

o Small for home office, or powerful for enterprise branch offices
o Linksys wireless router
Reduces cost of device, but single point of failure
ISR (integrated services router) have modularity, separate
components (allowing adding, replacing, and upgrading)
Allow config settings like passwords, IP addresses, DHCP
settings
Wireless Capability
o IEEE 802.11 wireless standard- most support b,g,n (Will return to
oldest standard)
o SSID (Service Set Identifier)
Case sensitive, alpha-numeric name for network
Helps connect to correct WLAN: Tells wireless devices
which WLAN they belong to and which devices they can
communicate with
All wireless devices must have same SSID to communicate
o Wireless Channel: Dividing up available RF spectrum, so each
channel can carry a different conversation; Can function closely,
as long as they use different channels
Basic Security of Wireless
o Change default values for SSID, usernames, and passwords
o Disable broadcast SSID
o Configure encryption using WEP or WPA
o WEP (Wired Equivalency Protocol)
Uses preconfigured keys to encrypt data
64, 128, or 256 bit keys string of numbers and letters, or
passphrase option
Same WEP keys must be entered on all devices
Weaknesses: static key, programs to find the key, and
access to all transmitted info
o Wi-Fi Protected Access (WPA)
Keys from 64-256 bits
But generates new dynamic keys each time client connects
to AP

Configuring the integrated Router

Configuring the Integrated Router
o Initially access via Ethernet ports, but also WAP, DHCP server,
mini-webserver, and GUI

Automatically gains default gateway address (check with

ipconfig /all)-Type it in to access GUI
o Basic config tasks should be conducted before AP is connected
Enabling Wireless
o Select correct wireless mode (overhead vs connectability)
o Set SSID- can be broadcast or manually configured
o Choice of RF must be made relative to already present wireless
networks surrounding
o Configure Security
Configure a wireless client
o Any device with wireless NIC and wireless client software
o Client config settings must match router (SSID, security, channel
information)
o Verify connection status, and actual transmission (ping)
o