200-301 CCNA Exam Topics

Exam Description
To earn your CCNA certification, you must pass the 200-301 CCNA exam. This 120-minute exam tests your knowledge of:
Data and Computer Communications, 10th Edition by William Stallings
2. Computer Networking: A Top-Down Approach Featuring the Internet, 6th edition by
James F. Kurose and Keith W. Ross
3. Computer Networks, 5th Edition by Andrew S. Tanenbaum Data Communication and Computer Networks, 5th Edition Behrouz A. Frouzan

Network Fundamentals

Network Access

IP Connectivity

IP Services

Security Fundamentals

Automation and Programmability

1.1 Explain the role and function of network components

1.1.a Routers
1.1.b Layer 2 and Layer 3 switches
 1.1.c Next-generation firewalls and IPS
1.1.d Access points
1.1.e Controllers (Cisco DNA Center and WLC)
1.1.f Endpoints
1.1.g Servers
1.1.h PoE
1.2 Describe characteristics of network topology architectures
1.2.a Two-tier
1.2.b Three-tier
1.2.c Spine-leaf
1.2.d WAN
1.2.e Small office/home office (SOHO)
1.2.f On-premise and cloud

1.3 Compare physical interface and cabling types

1.3.a Single-mode fiber, multimode fiber, copper
1.3.b Connections (Ethernet shared media and point-to-point)

1.4 Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed)
1.5 Compare TCP to UDP
1.6 Configure and verify IPv4 addressing and subnetting

1.7 Describe the need for private IPv4 addressing

1.8 Configure and verify IPv6 addressing and prefix

1.9 Describe IPv6 address types

1.9.a Unicast (global, unique local, and link local)
1.9.b Anycast
1.9.c Multicast
1.9.d Modified EUI 64

1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux)

1.11 Describe wireless principles

1.11.a Nonoverlapping Wi-Fi channels
1.11.b SSID
1.11.c RF
1.11.d Encryption

1.12 Explain virtualization fundamentals (server virtualization, containers, and VRFs)

1.13 Describe switching concepts

1.14 MAC learning and aging
1.15 Frame switching
1.16 Frame flooding
1.17 MAC address table

2.1 Configure and verify VLANs (normal range) spanning multiple switches
2.1.a Access ports (data and voice)
2.1.b Default VLAN
2.1.c InterVLAN connectivity

2.2 Configure and verify inter-switch connectivity

2.2.a Trunk ports
 2.2.b 802.1Q
2.2.c Native VLAN

2.3 Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP)

2.4 Configure and verify (Layer 2/Layer 3) Ether Channel (LACP)

2.5 Describe the need for and basic operations of Rapid PVST+ Spanning Tree Protocol and identify
basic operations
2.5.a Root port, root bridge (primary/secondary), and other port names
2.5.b Port states (forwarding/blocking)
2.5.c PortFast benefits

2.6 Compare Cisco Wireless Architectures and AP Modes

2.7 Describe physical infrastructure connections of WLAN components (AP, WLC, access/trunk
ports, and LAG)

2.8 Describe AP and WLC management access connections (Telnet, SSH, HTTP, HTTPS, console,
and TACACS+/RADIUS)

2.9 Configure the components of a wireless LAN access for client connectivity using GUI only such
as WLAN creation, security settings, QoS profiles, and advanced WLAN settings

3.1 Interpret the components of the routing table

3.1.a Routing protocol code
3.1.b Prefix
3.1.c Network mask
3.1.d Next hop
3.1.e Administrative distance
3.1.f Metric
3.1.g Gateway of last resort

3.2 Determine how a router makes a forwarding decision by default

3.2.a Longest match
3.2.b Administrative distance
 3.2.c Routing protocol metric

3.3 Configure and verify IPv4 and IPv6 static routing

3.3.a Default route
3.3.b Network route
3.3.c Host route
3.3.d Floating static

3.4 Configure and verify single area OSPFv2

3.4.a Neighbor adjacencies
3.4.b Point-to-point
3.4.c Broadcast (DR/BDR selection)
3.4.d Router ID

3.5 Describe the purpose, functions, and concepts of first-hop redundancy protocols

4.1 Configure and verify inside source NAT using static and pools

4.2 Configure and verify NTP operating in a client and server mode

4.3 Explain the role of DHCP and DNS within the network

4.4 Explain the function of SNMP in network operations

4.5 Describe the use of syslog features including facilities and levels

4.6 Configure and verify DHCP client and relay

4.7 Explain the forwarding per-hop behavior (PHB) for QoS such as classification, marking, queuing,
congestion, policing, shaping

4.8 Configure network devices for remote access using SSH

4.9 Describe the capabilities and function of TFTP/FTP in the network

5.1 Define key security concepts (threats, vulnerabilities, exploits, and mitigation techniques)

5.2 Describe security program elements (user awareness, training, and physical access control)

5.3 Configure and verify device access control using local passwords

5.4 Describe security password policies elements, such as management, complexity, and password
alternatives (multifactor authentication, certificates, and biometrics)

5.5. Describe IPsec remote access and site-to-site VPNs

5.6 Configure and verify access control lists

5.7 Configure Layer 2 security features (DHCP snooping, dynamic ARP inspection, and port
security)
 5.8 Differentiate authentication, authorization, and accounting concepts

5.9 Describe wireless security protocols (WPA, WPA2, and WPA3)

5.10 Configure WLAN using WPA2 PSK using the GUI

6.1 Explain how automation impacts network management

6.2 Compare traditional networks with controller-based networking

6.3 Describe controller-based and software defined architectures (overlay, underlay, and fabric)
6.3.a Separation of control plane and data plane
6.3.b North-bound and south-bound APIs

6.4 Compare traditional campus device management with Cisco DNA Center enabled device
management

6.5 Describe characteristics of REST-based APIs (CRUD, HTTP verbs, and data encoding)

6.6 Recognize the capabilities of configuration management mechanisms Puppet, Chef, and Ansible

6.7 Interpret JSON encoded data

Chapter no 1
What is a Network?
A network consists of two or more computers that are linked to share resources (such as printers and
CDs), exchange files, or allow electronic communications.
The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or
infrared light beams.
• A computer network is a digital communication network which allows nodes to share resources.
• When two or more nodes are connected together through some sort of medium and share their resources
is called a Digital network.
Types of Network & Size of Network
• LAN (Local Area Network ): some users in the same room/department connected together using a
switch device
Or: some users in different rooms/departments connected together using a router and some switches.
• WAN (Wide Area Network)Users connected together globally through the Internet, Service Providers
will be needed
A group of devices (Routers, Switches, & and other devices) will be needed.
Computer Network Types

A computer network is a group of computers linked to each other that enables the computer to
communicate with another computer and share its resources, data, and applications.

A computer network can be categorized by their size. A computer network is mainly of four types:

o LAN(Local Area Network)

o PAN(Personal Area Network)
o MAN(Metropolitan Area Network)
o WAN(Wide Area Network)

LAN(Local Area Network)

o Local Area Network is a group of computers connected to each other in a small area such as
building, office.
o LAN is used for connecting two or more personal computers through a communication medium
such as twisted pair, coaxial cable, etc.
o It is less costly as it is built with inexpensive hardware such as hubs, network adapters, and
ethernet cables.
o The data is transferred at an extremely faster rate in Local Area Network.
o Local Area Network provides higher security.
PAN (Personal Area Network)
o Personal Area Network is a network arranged within an individual person, typically within a
range of 10 meters.
o Personal Area Network is used for connecting the computer devices of personal use is known as
Personal Area Network.
o Thomas Zimmerman was the first research scientist to bring the idea of the Personal Area
Network.
o Personal Area Network covers an area of 30 feet.
o Personal computer devices that are used to develop the personal area network are the laptop,
mobile phones, media player and play stations.
There are two types of Personal Area Network:

o Wired Personal Area Network

o Wireless Personal Area Network
Wireless Personal Area Network: Wireless Personal Area Network is developed by simply using
wireless technologies such as Wi-Fi, Bluetooth. It is a low range network.

Wired Personal Area Network: Wired Personal Area Network is created by using the USB.

Examples of Personal Area Network:

o Body Area Network: Body Area Network is a network that moves with a person. For example,
a mobile network moves with a person. Suppose a person establishes a network connection and
then creates a connection with another device to share the information.
o Offline Network: An offline network can be created inside the home, so it is also known as
a home network. A home network is designed to integrate the devices such as printers,
computer, television but they are not connected to the internet.
o Small Home Office: It is used to connect a variety of devices to the internet and to a corporate
network using a VPN

MAN (Metropolitan Area Network)

o A metropolitan area network is a network that covers a larger geographic area by interconnecting
a different LAN to form a larger network.
o Government agencies use MAN to connect to the citizens and private industries.
o In MAN, various LANs are connected to each other through a telephone exchange line.
o The most widely used protocols in MAN are RS-232, Frame Relay, ATM, ISDN, OC-3, ADSL,
etc.
o It has a higher range than Local Area Network (LAN).
Uses of Metropolitan Area Network:

o MAN is used in communication between the banks in a city.

o It can be used in an Airline Reservation.
o It can be used in a college within a city.
o It can also be used for communication in the military.

WAN (Wide Area Network)

o A Wide Area Network is a network that extends over a large geographical area such as states or
countries.
o A Wide Area Network is quite bigger network than the LAN.
o A Wide Area Network is not limited to a single location, but it spans over a large geographical
area through a telephone line, fiber optic cable or satellite links.
o The internet is one of the biggest WAN in the world.
o A Wide Area Network is widely used in the field of Business, government, and education.
Examples of Wide Area Network:

o Mobile Broadband: A 4G network is widely used across a region or country.

o Last mile: A telecom company is used to provide the internet services to the customers in
hundreds of cities by connecting their home with fiber.
o Private network: A bank provides a private network that connects the 44 offices. This network
is made by using the telephone leased line provided by the telecom company.

Advantages of Wide Area Network:

The following are the advantages of the Wide Area Network:

o Geographical area: A Wide Area Network provides a large geographical area. Suppose if the
branch of our office is in a different city then we can connect with them through WAN. The
internet provides a leased line through which we can connect with another branch.
o Centralized data: In case of WAN network, data is centralized. Therefore, we do not need to
buy the emails, files or back up servers.
o Get updated files: Software companies work on the live server. Therefore, the programmers get
the updated files within seconds.
o Exchange messages: In a WAN network, messages are transmitted fast. The web application like
Facebook, WhatsApp, and Skype allows you to communicate with friends.
 o Sharing of software and resources: In WAN network, we can share the software and other
resources like a hard drive, RAM.
o Global business: We can do the business over the internet globally.
o High bandwidth: If we use the leased lines for our company then this gives the high bandwidth.
The high bandwidth increases the data transfer rate which in turn increases the productivity of our
company.

Disadvantages of Wide Area Network:

The following are the disadvantages of the Wide Area Network:

o Security issue: A WAN network has more security issues as compared to LAN and MAN
network as all the technologies are combined together that creates the security problem.
o Needs Firewall & antivirus software: The data is transferred on the internet which can be
changed or hacked by the hackers, so the firewall needs to be used. Some people can inject the
virus in our system so antivirus is needed to protect from such a virus.
o High Setup cost: An installation cost of the WAN network is high as it involves the purchasing
of routers, switches.
o Troubleshooting problems: It covers a large area so fixing the problem is difficult.

Internetwork
o An internetwork is defined as two or more computer network LANs or WAN or computer
network segments are connected using devices, and they are configured by a local addressing
scheme. This process is known as internetworking.
o An interconnection between public, private, commercial, industrial, or government computer
networks can also be defined as internetworking.
o An internetworking uses the internet protocol.
o The reference model used for internetworking is Open System Interconnection (OSI).

Types of Internetwork:

1. Extranet: An extranet is a communication network based on the internet protocol such

as Transmission Control protocol and internet protocol. It is used for information sharing. The access
to the extranet is restricted to only those users who have login credentials. An extranet is the lowest level
of internetworking. It can be categorized as MAN, WAN or other computer networks. An extranet cannot
have a single LAN, at least it must have one connection to the external network.
2. Intranet: An intranet is a private network based on the internet protocol such as Transmission
Control protocol and internet protocol. An intranet belongs to an organization which is only accessible
by the organization's employee or members. The main aim of the intranet is to share the information and
resources among the organization employees. An intranet provides the facility to work in groups and for
teleconferences.

Intranet advantages:
o Communication: It provides a cheap and easy communication. An employee of the organization
can communicate with another employee through email, chat.
o Time-saving: Information on the intranet is shared in real time, so it is time-saving.
o Collaboration: Collaboration is one of the most important advantage of the intranet. The
information is distributed among the employees of the organization and can only be accessed by
the authorized user.
o Platform independency: It is a neutral architecture as the computer can be connected to another
device with different architecture.
o Cost effective: People can see the data and documents by using the browser and distributes the
duplicate copies over the intranet. This leads to a reduction in the cost.
Network Components
What is a switch in networking?
The network switch is also popularly known as an ethernet switch or a LAN switch. It is the network
component that forwards data frames from source to destination on the basis of the device’s mac address.

Basically ethernet switch operates at layer 2 of the OSI model. That is why it is also called a layer 2
device. However, the switch can be layer 2 or layer 3 depending on their roles and functionalities. The
 layer 3 switches can operate at layer 2 as well as layer 3 of the OSI model. I will discuss in details layer 2
and layer 3 switches in the later section of the article.

Characteristics of switch in networking

The major characteristics of the switch are enumerated as.

 Switch forwards frames from source to destination by using the device’s destination mac address.
 Basically, it operates at the data link layer of the OSI model ( However, the layer 3 switch can operate
at both the data link and the network layer of the OSI model).
 Switch stores and maintains the mac address or CAM table in its memory to make a forwarding
decision.
 Modern Switch uses ASIC chip to store mac table.
 The switch is a more intelligent network device as compared to the hub.
 By default, the switch has multiple collision domains and a single broadcast domain.

Types of network switches

The switch can be two types: unmanaged and the managed switch.
The managed switch is further categorised into layer 2 and layer 3 according to their roles and
functionalities.

Unmanaged Switch
 The unmanaged switch is a simple device with multiple LAN ports to connect the different device in
the network.
 It is a plug and plays device and its interfaces are always active.
 Its port is not user-configurable.
 It has a fixed QoS to ensure it’s working well.
 It works at layer 2 of the OSI Model.
 It can maintain only a dynamic mac table.
 The unmanaged switches are available at a very low cost.

Managed Switch
A managed switch is user-configurable with a bundle of features. The managed switch may be a layer 2
or layer 3 switch.

Layer 2 switch in networking

 The layer 2 switch operates at the data link layer of the OSI model.
 The layer 2 switch works similar to the network bridge.
 It uses the device mac address to forward data from one device to the other.
 It works after routers.
 The layer 2 switch support VLAN, STP, QoS, Port security, port mirroring, SNMP etc.

Layer 3 Switch in networking

 The layer 3 switch operates at both the data link and the network layer of the OSI model.
 It is also called a multilayer switch (MLS).
 It can similar to the router in a small network environment where the installation of the router seems to
be costly. The layer 3 switches can perform the function of the router in that situation.
 The layer 3 switch maintains both the mac table and theIP routing.
 The main purpose of the layer 3 switches to perform inter-VLAN routing to connect different VLAN in
a network.
 It can support IP routing, VLAN, STP, QoS, Port security, port mirroring, SNMP, etc.

Comparison between Layer 2 and Layer 3

Switches in Networking
Layer 2 Switch Layer 3 Switch

Layer 2 Switch operates at the data link layer of OSI Layer 3 switch operates at both the data link and the
Model network layer of the OSI model.
 It maintains both the mac table as well as IP routing
It only maintains the mac-address-table
table.

It forwards frames from one host to the other in a It reroutes packets from one VLAN to the other
single LAN. VLAN.

It has to examine both mac and IP table, hence slower

It works faster as it only examines the mac table
than layer 2 switch.

Layer 2 switch utilizes ARP to discover the other Layer 3 switch utilizes IP address for inter VLAN
devices mac address. communication.

How Layer 2 Switch works

By default, the switch contains a single broadcast domain and multiple collision domains. Initially, the
switch broadcast the frame to fetch the destination mac address of the device and makes an entry in the
mac table. The switch then makes a forwarding decision by examining the mac table.

Remember, the data link layer of the OSI model provides hop to hop delivery of the frame. The
destination mac address changes at every hop.
 Look at the diagram above to understand how switches the forward frame on one device to the other.

Suppose PC 1 wants to send data to PC2. The following sequence of events happen to traverse data from
PC1 to PC2

 PC1, PC2 and PCS 3 are connected to the F0/1, F0/2 and F0/3 of the switch1 respectively,
 The mac address of PC1, PC2 and PC3 are AA:AA:AA:00:00:01, AA:AA:AA:00:00:02, and
AA:AA:AA:00:00:03.
 Initially, when the switch is turned on, its mac address table is empty.
 Now, when PC1 wants to send the packet to PC2, the packet arrives at the interface F0/1 of switch1.
 Switch 1 then learns mac address of PC1 and makes an entry in the mac address table.
 However, the packet does not contain the destination mac address to who the packet to be delivered.
 The switch then broadcast the frame to all the ports except the incoming ports.
 The ARP ( Address Resolution Protocol) helps to fetch the destination mac address of the receiving
device and then switch update its mac address table.
 Now the PC2 mac is mapped with the F0/2 of the sitch. The switch then forwards the frame to the PC2.

Ethernet Frame Structure and Field Size

When information is sent from source to destination, the actual information or data has to pass through
the different layers of the OSI reference model. the actual data is encapsulated by the corresponding
layers with their header information. The data with the header field in each layer is called PDU (Protocol
Datagram Unit). The PDU at each layer is represented by a unique name as follows:
PDU OSI Layer

Data Application

Data Presentation

Data Session

Segment Transport

Packet Network

Frame data link

Bits Physical
 In this article, we are talking about the ethernet switch. hence we will concentrate on the data link layer of
the OSI Model.

In the data link layer, the upper layer PDU or packet is encapsulated with header and trailer information
and is termed as the ethernet frame. The Ethernet frame comprises different fields. The frame format and
its different fields are described in IEEE 802.3 standards.

The header field consists of

 Preamble
 SFD
 Destination address
 Source address
 Type/Length

The trailer consists of FCS (Frame Check Sequence)

Data and
Preamble SFD Dest MAC Source MAC Type Field FCS
Padding

46 to 1500
7 bytes 1 byte 6 bytes 6 bytes 2 bytes 4bytes
bytes

Preamble
The preamble field is the beginning of the ethernet frame. It is 7 bytes or 56 bits in length. It is series of
alternating ones (1s) and zeroes (0s). The main function of the preamble is bit synchronization. It allows
the device to synchronise the receiver clock and ensure that the receiver is ready to receive the data.

SFD ( Start Frame Delimiter)

SFD is the second field of the ethernet frame. It is 1 byte or 8 bits in length. The SFD bit pattern is
10101011. It looks similar to the preamble. The only difference is the last bit is always 1 in the SFD field.

Destination Address
The destination address field contains mac address of the receiving device. The length of mac address is 6
bytes or 48 bites.

The mac address of the device is explained in details later in this article.

Source Address
The source address field contains the mac address of the transmitting device.

Type/Length
The Type/Length field is 2 bytes or 16 bits in length. It is used to indicate the upper layer protocols
encapsulated with the payload. It also indicates the length of the ethernet frame.

There are two conditions to represent this frame field: Type and Length

If the size of the ethernet frame is less than or equal to 1500 (bytes), then it represents the length of the
frame.

If it is greater than or equal to 1536, it represents the type of protocols used in the encapsulated packet.
The protocols may be IP v4 or IP v6.

If the value is 0x800 (hexadecimal), it indicates the type of protocol is IP v4.

If the value is 0x86DD (hexadecimal), it indicates the type of protocol is IP v6.

Data
The data field contains the actual data and its range is from 0 10 1500 bytes.

FCS (Frame Check Sequence).

FCS is a4 byte field that added at the end of the frame after data in the ethernet frame. The main purpose
of FCS is to detect the error that has occurred during the frame transmission. It uses a special algorithm
called CRC or Cyclic Redundancy Check for error detection and correction during transmission.

Note!!

Though, Preamble and SFD are starting fields of the ethernet frame. However, they are added to the
physical layer of the OSI Model.

Hence the actual fields of the frame header are the destination, source, Type and FCS.

Thus, the new header size will be 6 + 6 + 2 + 4 = 18 bytes.

The minimum size for the ethernet frame (header + payload + trailer ) must be always 64 bytes.

So, the minimum size of the data must be 64 – 18 = 46 bytes

If the actual data is less than 46 bytes, padding bytes are added to the data. The padding bytes are all
zeroes.

What is a mac address in networking

The mac address stands for Media Access Control Address. It is a globally unique identifier assigned to
the NIC (network interface card ) of the device that is connected to the computer network

The mac address is 6 bytes of 48 bits in length. It is represented in hexadecimal format. It is written in 6
octets separated by colon or hyphen.

For example:

AA.AA.AA.11.11.11

or
 AA:AA:AA:11:11:11

The first three octets are called Organisationally Unique Identifier (OUI) that represents the network
components manufacturers, organization or vendors.

The last three octets are NIC specific. NIC stands for Network Interface Controller. The last three octets
are assigned by the vendors or manufacturers to their devices during manufacture.

What is a Firewall

 In networking security, the firewall acts as a barrier between the trusted / internal network and the
untrusted/external network.
 The trusted network is the internal network of any organization or business establishment. That must
be more secure and confidential. Only authentic or trusted users are allowed to access the trusted
network.
 The untrusted networks are the external networks that are outside the control of the network
administrator and outside the organization’s security domain.
 The firewall serves as the choke point or the entry/exit point for any traffic flowing in and out of the
network.
 Traditional firewall filters packets on the basis of the IP address, port numbers, service protocols, and a
certain set of rules on the firewall device.
 The firewall may be hardware or software.
 What is the need for a firewall in network
security?
The use of the internet is growing exponentially day by day. Consequently, the ongoing threats due to
cybercriminals and malicious activities across the internet have become the biggest challenge for the
organization, government, or business establishments to prevent their trusted network from such threats.

There must be a secured mechanism to prevent the trusted network from the untrusted network (internet).
The firewall proves to be the better option to fulfil this job. The firewall is placed between the inside
network and the outside network. Every packet flowing in and out of the network is allowed to pass
through the firewall. The firewall allows or denies every packet based on IP address, port numbers,
protocols contained in the packet, or the predefined set of rules and policies.

Traditional Firewalls vs Next-generation

Firewalls
Traditional Firewalls
Traditional firewalls are network security devices that filter incoming and outgoing packets through them
based on IP address, port numbers, protocols and the state of the packets. It is the older version of firewall
techniques. It works on the basis of stateful inspection of incoming and outgoing traffic. The traditional
firewalls have certain limitations that they are not much effective in detecting application-level threats.

Next-gen Firewalls
The next-gen firewalls are the 3rd generation firewalls that provide advanced network security
functionality beyond traditional firewalls. In addition to the stateful inspection of incoming and outgoing
traffic, it also provides application-level filtering capabilities, an integrated intrusion prevention system,
deep packet inspection, and advanced malware threat protection.

The major features of Next-gen firewalls are:

 Provide standard firewall functionality like stateful inspection of incoming and outgoing traffic.
 Provide an integrated intrusion prevention system.
 Capability to provide application awareness and control over untrusted or malicious apps.
 Deliver cloud-delivered threat intelligence.
 Provide malware detection and protection system.
 A high degree of network security solution.
 Features of Cisco Next-Gen Firewall
The Cisco Next-Gen firepower firewall series offers a high degree of network security solution to meet
the diverse needs from the small office, home office (SOHO) to high-end data centres and service
providers.

Cisco firepower series NGFW is loaded with a bundle of features. Cisco Next-gen firewall is not just an
access control and traffic filtering mechanism, but it also provides a very high degree of protection and
automatic threat detection.

Some of the key features of Cisco next-gen firewalls are enumerated below.

 Automates networking and security operations.

 Prioritise alerts, correlates threat information and integrates with the rest of your security tools.
 The built-in Next-gen IPS provides breach prevention and advanced security before the threat intend to
get inside the trusted network.
 Built-in sandboxing and advanced malware protection (AMP) continuously monitors and analyse
traffic behaviour. The unusual file behaviours are quickly detected and eliminate the threats.
 provides comprehensive network visibility by deep inspection of every activity across hosts, users ,
netaorks and devices.
 provides flexible deployment options in both on-premise and cloud.
 very fast in detecting threats.

Cisco Next-Gen Firewall series

 Cisco Firepower 1000 series
 Cisco Firepower 2100 series
 Cisco Firepower 4100 series
 Cisco Firepower 9300 series

Cisco Firepower 1000 series

 Cisco Firepower 100
Series (Image credit: Cisco)

Cisco Firepower 1000 series is designed to meet the security needs of small and medium offices. It comes
with four models namely; FPR-1010, FPR-1120, FPR-1140 and FPR-1150. The throughput ranges from
650 Mbps to 3 Gbps. Cisco Firepower 1000 series of NGFW runs Cisco Threat Defence (FTD) and the
Cisco ASA software.

Cisco Firepower 2100 Series

Cisco Firepower
2100 Series ( Image Credit: Cisco)

Cisco Firepower 2100 series comes with four different families namely FPR-2110, FPR-2120, FPR-
2130 and FPR-2140 with throughput varying from 2.3 Gbps to 9Gbps. It is designed to be deployed on
medium to large-sized networks. It provides superior threat defence with its innovative dual-core CPU
architecture. Cisco firepower 21000 series runs either Cisco Threat defence software or the Cisco ASA
software.

Cisco Firepower 4100 Series

Cisco
Firepower 4100 Series (Image Credit: Cisco)

Cisco Firepower 4100 Series is designed to meet the growing needs of the enterprise network data centre.
Its throughput is up to 45Gbps. Its different variants are FPR-4110, FPR-4112, FPR-4115, FPR-4125
and FPR-4145. Cisco Firepower 4100 series provides superior threat defence and runs either on Cisco
Secure Firewall Threat Defense (FTD) or Cisco ASA firewall software.

Cisco Firepower 9300 series

Cisco Firepower 9300 Series

( Image Credit: Cisco)

Cisco Firepower 9300 series provides a very high degree of network security for services providers, high-
performance computing centres, large data centres, and campuses. It runs either the Cisco Secure Firewall
ASA or Threat Defense (FTD) software with throughput ranging from 21Gbps up to 153 Gbps. Its
different models are SM-40, SM-48, SM-56 and SM-56 x 3.

What is IPS in networking?

In the context of computing, IPS stands for Intrusion Prevention System. IPS is a network security
arrangement that thoroughly examines the network traffic flowing in and out of the network. It detects
any malicious threats and vulnerable exploits on the traffic. It also checks for the unusual behaviour of
traffic.

Any suspicious behaviour or threats are recorded and then take preventive action by the IPS to prevent the
suspicious activity from any damage to the trusted network.

What is Cisco DNA center?

DNA in Cisco DNA center stands for Digital Network Architecture.

Cisco DNA centre is intent-based Cisco architecture for the enterprise networks. It provides an open, extensible and software-
driven centralized management platform and dashboard for complete control over the performance status of network components.

It simplifies the process of network management and administration according to business needs.
 Roles and functionalities of Cisco DNA center
 Cisco DNA center provides a centralized management platform for complete management and control over the enterprise
network.
 It is a software-based application that is installed in centralized Cisco DNA appliances to manage the whole network from a
single place.
 It provides graphical representation and a programming interface to design our network, configure the network devices and
troubleshoot the network.
 Cisco DNA center is an intelligent system combining automation, policy analytics and open platform capabilities.
 It fulfils all the required aspects of the intent-based network. An intent-based network (IBM) is a network administration
system that incorporates Artificial Intelligence (AI), network orchestration, machine learning (ML), and automates the
administration and management task all across the network.
 The main goal of the Cisco DNA center is to reduce the manual intervention of human-associated with the traditional
configuration management. It also reduces the complexity of creating, managing network policies.
 It is the heart of Cisco digital network architecture and the powerful network management system that brings all the
functionalities of network components into a single pane of glass.

Roles of Cisco DNA center

The Cisco DNA center has two major roles-

 as the controller in a network that uses Cisco SDA (Cisco DNA centre and SDA are associated closely in the context of
network automation)
 as the controller in a non-SDA network management platform for traditional network devices.

Cisco DNA center is an application-based interface and it is pre-installed in a Cisco network component. It interacts with both
Northbound API and Southbound API. For most of the users, interaction with the Northbound API matters most because the
users of the SDA network interact with SDA using the Northbound REST API or GUI interface of the Cisco DNA centre.

Cisco DNA center also supports several southbound APIs so that the controllers can communicate with devices managed by it.

Telnet, SSH, SNMP are the major protocols that are supported by the traditional network devices. whereas netconf, Restconf
supports more modern devices.

Features of Cisco DNA Center

 Design
 automation
 Security policy
 Assurance
 Provisioning
 Platform

Design

The Cisco DNA center is very helpful in designing complex network architecture and its deployment.

Automation

It automates network management in an efficient manner and reduces manual operation. As result, reducing the cost and time. It
also minimizes the cost associated with human error.

Security Policy

Different security policies can be defined according to the business needs. Group-based policies can be applied to the network
segments and different levels of permission can be applied as per the network hierarchical infrastructure. Policies are applied only
to the users and application, but not to the network devices.

Assurance

The Cisco DNA center creates sensors among all wired and wireless devices across the network and delivers real-time reports
depending on the actual network conditions. The controller Dashboard scans the entire devices uninterruptedly and checks the
real-time performance of the devices. It checks for any performance issues and identifies the most probable cause within a
minute.

Platform

Cisco DNA centre provides an open API for the development of network infrastructure. It allows the custom applications to
enable IT workflows. It further integrates with the technology domain and collaborated with the other vendor’s network
components.

What is WLC?
WLC stands for Wireless Lan Controller.

WLC is a network device that is used to manage the different wireless access points deployed all across the small or large
network. The wireless access point or simply wireless AP allows different wireless endpoint devices to connect to the
mainstream network. The wireless endpoint devices may be such as laptops, smartphones, wireless printers, scanners etc.

Roles and Functionalities of WLC

Nowadays we are so much accustomed to wireless connectivity wherever we go. After the advent of portable wireless devices
such as laptops and smartphones, we want uninterrupted and seamless connectivity on every floor and nook and corner of an
office building. For a large enterprise network, the single wireless access point will not be able to connect all the wireless
devices. Multiple access points are deployed to provide seamless connectivity.

It is quite easier to manage and administer the wireless access devices for a small network where few numbers of wireless devices
are deployed.

But as the size of the network increases, the deployment of the wireless devices also increases. It will be more difficult to
administer and manage all these devices separately. Hence, we need some centralised mechanism to control all these devices
from a single place. We all want to be connected to our network seamlessly when we switch from one access point to the other.
The mechanism of switching wireless devices from one access point to the other access point without disrupting the wireless
connectivity is called roaming.

Wireless LAN Controller is the device or the software loaded on the server that manages and controls the wireless access points
and the wireless device, thereby ensuring the seamless connectivity when you move from one floor to the other floor of the office
building. WLC takes care of all the wireless access from a remote location. and does all the functions like managing,
administering and implementing a security policy.

It takes care of managing, authenticating wireless devices, roaming and connecting new wireless networks.

When a new wireless AP is connected to the network. WLC takes control of the new AP. It then administers and manages the
new device with the current configuration running for the network.

The main objective of the WLC is to control all the wireless access points centrally from a single point of location. Now access
points are just responsible for just forwarding the LAN traffic wirelessly and these access points are then said to be lightweight
access points.

WLC uses the protocols called LWAPP to manage and control large numbers of access points. LWAPP stands for Light-Weight
Access Point Protocol.

Endpoints and Servers

Endpoints
Endpoints are the end devices that sit on the edge of the network. They are the remote computing devices on the network that are
connected to the mainstream network either through network switches or the router.

The user directly interacts with the network through the endpoint devices. Thus, endpoints may exist in different forms according
to the users’ needs and applications. The endpoints may be in the form of laptops, workstations, desktops, IP cameras, IP phones,
telepresence etc. Endpoints are designed to perform specific and limited functions.
 What is Cisco Endpoint
Cisco provides a wide variety of endpoint devices known as Cisco endpoints that range from IP phones to web, mobile and
desktop clients.

Business Phones

 IP phones
 IP phones with MPP firmware
 Webex wireless phones

Collaboration devices

 Cisco Webex Desk series

 Cisco Webex Desk board series
 Cisco Webex room series

Mobile endpoints

 Cisco Jabber

Cisco headset

 Cisco headset 500 series

 Cisco headset 700 series

Servers
A server can be dedicated hardware or in the form of software. The server as the name implies provides services to the client.
In client-server network architecture, the server is a centralised device that provides resources to the client. The client requests
services to the dedicated server, the server then provides services in response to the request made by the client.

Types of servers
The server may be deployed as a single unit or a cluster depending on the size of the network.

A small network with a limited number of clients can deploy a single unit of hardware to accommodate different server roles.
However, for a large enterprise network where the number of clients is very large, a cluster of the server is deployed. Dedicated
hardware is deployed

 Application server
 Database server
 DNS server
 File server
 Mail server
 Webserver

Application server

An application server is a type of server that can host different types of the application framework and provides services to the
clients. Application server generally is referred to as middleware and resides between the database and the end-user. The
application server captures data from the user and stores it in the database server.

Database server

A database server is a kind of server that manages a huge collection of complex databases. Specific database language such as
SQL (Structured Query Language) is used for the insertion, creation, deletion and manipulation of user data.

DNS server

DNS stands for Domain Name System. DNS server translates the web address that we type in the browser to surf the internet into
a numerical address called an IP address. In other words, the DNS server helps to resolve domain names into IP addresses and
vice versa.

File server

A file server is a kind of server that stores and manages data files in the server and provides access to the other systems in a
network. Keeping files in a centralized file server in a network environment avoids data duplicacy. It also simplifies the data
backup and the restore operation.

Mail server

A mail server manages electronic mail or simply e-mail service centrally. A mail server manages a huge number of email clients
and their mailboxes. The major protocols used by email servers are SMTP (Simple Mail Transfer Protocol), IMAP (Internet
Message Access Protocol) and POP3 (Post Office Protocol-3). SMTP is used to send the email, whereas the IMAP and POP3 are
sued to receive the mail

Web server

a web server may be in the form of dedicated hardware or the application software that responds to the HTTP requests from the
client and display the HTML content to the client machine in a readable format. HTTP is a hypertext transfer protocol that
connects the webserver with the remote client over the world wide web.

Cisco Servers
Cisco servers come with a wide variety of high-end servers with different form factors to meet companies business needs.
 UCS B-Series Blade Servers

 UCS B200 M5 Blade Server

 UCS B480 M5 Blade Server
 UCS Mini
 UCS 5100 Series Blade Server Chassis

UCS C-Series Rack Servers

 UCS C125 M5 Rack Server

 UCS C220 M5 Rack Server
 UCS C240 M5 Rack Server
 UCS C240 SD M5 Rack Server
 UCS C480 M5 Rack Server
 UCS C480 ML M5 Rack Server
 Cisco UCS C4200 Series Rack Server Chassis

UCS S-Series Storage Servers

 S3260 M5 Storage Server

Network Device

Network device is the physical device that is used to connect computer hardware such as workstation, printers, faxes, scanners
and other electronic devices to a computer network.

It is also referred to as an intermediary device that helps to transfer information from source to destination in a faster, secure and
reliable way on the same network or different networks.

Different Types of Network Devices

There are many distinctive network devices used in any network to forward data packets from source to destination and operate at
different layers of network model.
 The most popularly used network devices are:

 Repeater
 Hub
 Bridge
 Ethernet Switch
 Router
 Gateway
 Network Interface Card (NIC)

Repeater

Repeater is a network device which works at the physical layer of OSI Model. It receives incoming
signal and re transmits it to extend the signal to longer distance. The incoming weaker signals are
regenerated by repeater and then re-transmitted it with a higher power to reach the destination without
distortion and noise.

It is a two port device: one for incoming signal and other for out going signal.
Hub

Hub is an electronic device which provides a multiple connection point for other devices in a network. It
operates at physical layer of OSI model. It consists of multiple Ethernet ports providing connection for
two or more devices.

It works similarly as the repeater. It receives the incoming signal, regenerates it and forward it to all the
ports.

Hub is not considered to be the intelligent device, since it simply forwards or broadcasts the incoming
packets to all other ports, thereby increasing the traffic congestion and reducing the channel bandwidth. It
 does not bother about the content of the data packets like source IP address, destination IP address, Mac
addresses etc.

Generally, hubs are of two types:

 Passive hub
 Active hub

Passive hub is a central connecting device which only provides connection of different devices. It does
not regenerate or amplify the incoming signal. No active components are available in the device and no
external power supply is need to operate the device.

Unlike passive hub, active hub receives incoming signal, regenerates it and forward to different ports.
Active hub is also called multi-port repeater.
Bridge

A network bridge is an electronic device which operate at data link layer or layer 2 of OSI model. It is
considered to be more intelligent than hub, since it forwards the data frame on the basis of mac address. It
receives the incoming frame, reads the source and destination mac address and then forward the frame to
a particular port. It is a two-port device having single input and single output port. It is used to divide
single local area network working on same protocol to different segments. Each segment in LAN
represents a separate collision domain, thus by reducing the number of collisions on the network and
hence the bridge improves the network performance.

Bridges are of two types:

 Transparent bridge
 Source route bridge

Transparent bridge

Transparent bridge is the most commonly used network bridges and works by learning the mac address
of the incoming packets from all the ports. These bridges operate in such a way that it is hidden or
transparent to source and destination hosts. As soon as the bridge learns the mac address of the incoming
packets, it makes the entry of these mac address and the port no from which it learns the mac. Then, it
makes the decision by filtering or forwarding the packets by referring MAC table. In transparent
bridging, several different bridges are combined for better inspection of incoming traffic. Transparent
bridges are primarily used in Ethernet networks.
Source route bridge

Source route bridging is a data link layer technique to connect two similar LAN segments. This method
is used in token ring network. The end stations participate in bridging algorithm in a distributed way.
 During the process of source route bridging, the source end stations sends out the route explorer frame or
broadcast frame to find the route to destination. Source route bridge forward these frames to all the port of
the bridges of segments. The source route bridge add routing information field (RIF) to the frame
before forwarding it to the network.

When the route explorer frame reaches the destination, the destination end-station uses the the same RIF
to reply the source end-station traversing all the bridges enroute in reverse order.In this way, both the
source and destination end-stations will use the same RIF to exchange information. Source route bridge is
widely used in Token ring network.
Ethernet Switch

Ethernet switches are one of the most popularly and widely used network devices in local area network.
Switch looks similar to active hub, but it works differently as hub does, since hub forwards packets to all
the ports without knowing to which port these packets to be delivered, instead switch maintains a MAC
address table of associated ports connected to it, and makes the decision of packet forwarding on the basis
of MAC table. Hence, switch is considered to be more intelligent than hub. Switch works at layer 2 or
data link layer of OSI model.

Ethernet switch is classified into two categories.

 Unmanaged switch ( Layer 2 Switch)

 Managed switch ( Layer 2 or Layer 3 Switch)

Unmanaged Switch

Unmanaged Switch operates at layer 2 of OSI Model. It consists of multiple Ethernet ports to
interconnect different devices within a local area network. Unmanaged switch is manufactured with
standard configuration and theses configurations cannot be reconfigured or altered at the user end. This is
ready to use device. It does not require any initial setup.
Managed Switch

Managed Switch operates at Layer 2 as well as Layer 3 of OSI model. Managed switch can be
configured at the user end. Network administrator can set up its configuration as per requirement before
deploying it to any network. Some of the features which can be configured are: QoS ( Quality of Service),
VLANs ( Virtual Local Area Networks), Port Mirroring, SNMP ( Simple Network Management
Protocol), MAC address Binding, Port security etc. Sometimes, managed switch is considered to be a
mini router, since it does the function of a router upto some extent to interconnect different VLANs.
Router

Router operates at Network layer of OSI model and is used to interconnect different network. Unlike
switch, router is more sophisticated network device and requires an initial configuration before deploying
it to any network. Router forwards packets from one network to other network on the basis of destination
IP address. For this, each router maintains the IP routing table. When a data packet enters the router, the
router then checks the destination IP address in its routing table. If the entry is found in the IP table, it
then forwards the packet to the port where destination network is connected. But, if the destination
address is not found in the IP table, it discards the packet.

Router acts as traffic cop , it reduces unnecessary traffic congestion. Router maintains routing table
statically and dynamically.
Gateway

Gateway is a broader term and interchangeably used with router. It can be hardware device or software.
Gateway is used to connect the internal network with the internet. Gateway has the capability to convert
data frames to different formats as needed by other networks. It also provides translation of different
protocols for different networks. Broad band modem used in home or office for internet service is the
best example of gateway.
Network Interface Card (NIC)

NIC card is the most important device to connect end devices like PC , workstation, printers to a
network. Every NIC cards manufactured by different vendors all across the word comes with unique
MAC address burned into the firm ware of the device. It is also referred to as LAN card or Ethernet card.
Nowadays, most devices come with integrated NIC card. Separate LAN cards are also available in the
market which can be of different variants. Internal LAN cards are generally fitted in PCI slots of a
motherboard. USB wireless LAN cards are also popularly used.

What is Network Topology?

Topology defines the structure of the network of how all the components are interconnected to each other.
There are two types of topology: physical and logical topology.

 Network topologies give us an overview of logical and physical network layouts containing links and
nodes.
 The physical topology refers to the configuration of computers, cables, or other peripherals, etc.
 The logical topology allows us to pass information between workstations.
 The different types of network topologies are:
 Bus topology
 Mesh topology
 Star topology
 Ring topology
Types of Network Topology
Physical topology is the geometric representation of all the nodes in a network. There are six types of
network topology which are Bus Topology, Ring Topology, Tree Topology, Star Topology, Mesh
Topology, and Hybrid Topology.

1) Bus Topology

o The bus topology is designed in such a way that all the stations are connected through a single cable known
as a backbone cable.

o Each node is either connected to the backbone cable by drop cable or directly connected to the backbone
cable.
 o When a node wants to send a message over the network, it puts a message over the network. All the
stations available in the network will receive the message whether it has been addressed or not.

o The bus topology is mainly used in 802.3 (Ethernet) and 802.4 standard networks.

o The configuration of a bus topology is quite simpler as compared to other topologies.

o The backbone cable is considered as a "single lane" through which the message is broadcast to all the
stations.

o The most common access method of the bus topologies is CSMA (Carrier Sense Multiple Access).

CSMA: It is a media access control used to control the data flow so that data integrity is maintained, i.e.,
the packets do not get lost. There are two alternative ways of handling the problems that occur when two
nodes send the messages simultaneously.

o CSMA CD: CSMA CD (Collision detection) is an access method used to detect the collision. Once the
collision is detected, the sender will stop transmitting the data. Therefore, it works on " recovery after the
collision".

o CSMA CA: CSMA CA (Collision Avoidance) is an access method used to avoid the collision by
checking whether the transmission media is busy or not. If busy, then the sender waits until the media
becomes idle. This technique effectively reduces the possibility of the collision. It does not work on
"recovery after the collision".

Advantages of Bus topology:

o Low-cost cable: In bus topology, nodes are directly connected to the cable without passing through a hub.
Therefore, the initial cost of installation is low.

o Moderate data speeds: Coaxial or twisted pair cables are mainly used in bus-based networks that support
upto 10 Mbps.

o Familiar technology: Bus topology is a familiar technology as the installation and troubleshooting
techniques are well known, and hardware components are easily available.

o Limited failure: A failure in one node will not have any effect on other nodes.

Disadvantages of Bus topology:

o Extensive cabling: A bus topology is quite simpler, but still it requires a lot of cabling.

o Difficult troubleshooting: It requires specialized test equipment to determine the cable faults. If any fault
occurs in the cable, then it would disrupt the communication for all the nodes.
 o Signal interference: If two nodes send the messages simultaneously, then the signals of both the nodes
collide with each other.

o Reconfiguration difficult: Adding new devices to the network would slow down the network.

o Attenuation: Attenuation is a loss of signal leads to communication issues. Repeaters are used to
regenerate the signal.

2) Ring Topology

o Ring topology is like a bus topology, but with connected ends.

o The node that receives the message from the previous computer will retransmit to the next node.

o The data flows in one direction, i.e., it is unidirectional.

o The data flows in a single loop continuously known as an endless loop.

o It has no terminated ends, i.e., each node is connected to other node and having no termination point.

o The data in a ring topology flow in a clockwise direction.

o The most common access method of the ring topology is token passing.

o Token passing: It is a network access method in which token is passed from one node to another
node.

o Token: It is a frame that circulates around the network.

Working of Token passing

o A token moves around the network, and it is passed from computer to computer until it reaches the
destination.
 o The sender modifies the token by putting the address along with the data.

o The data is passed from one device to another device until the destination address matches. Once the token
received by the destination device, then it sends the acknowledgment to the sender.

o In a ring topology, a token is used as a carrier.

Advantages of Ring topology:

o Network Management: Faulty devices can be removed from the network without bringing the network
down.

o Product availability: Many hardware and software tools for network operation and monitoring are
available.

o Cost: Twisted pair cabling is inexpensive and easily available. Therefore, the installation cost is very low.

o Reliable: It is a more reliable network because the communication system is not dependent on the single
host computer.

Disadvantages of Ring topology:

o Difficult troubleshooting: It requires specialized test equipment to determine the cable faults. If any fault
occurs in the cable, then it would disrupt the communication for all the nodes.

o Failure: The breakdown in one station leads to the failure of the overall network.

o Reconfiguration difficult: Adding new devices to the network would slow down the network.

o Delay: Communication delay is directly proportional to the number of nodes. Adding new devices
increases the communication delay.
3) Star Topology

o Star topology is an arrangement of the network in which every node is connected to the central hub, switch
or a central computer.

o The central computer is known as a server, and the peripheral devices attached to the server are known
as clients.

o Coaxial cable or RJ-45 cables are used to connect the computers.

o Hubs or Switches are mainly used as connection devices in a physical star topology.

o Star topology is the most popular topology in network implementation.

Advantages of Star topology

o Efficient troubleshooting: Troubleshooting is quite efficient in a star topology as compared to bus

topology. In a bus topology, the manager has to inspect the kilometers of cable. In a star topology, all the
stations are connected to the centralized network. Therefore, the network administrator has to go to the
single station to troubleshoot the problem.
 o Network control: Complex network control features can be easily implemented in the star topology. Any
changes made in the star topology are automatically accommodated.

o Limited failure: As each station is connected to the central hub with its own cable, therefore failure in one
cable will not affect the entire network.

o Familiar technology: Star topology is a familiar technology as its tools are cost-effective.

o Easily expandable: It is easily expandable as new stations can be added to the open ports on the hub.

o Cost effective: Star topology networks are cost-effective as it uses inexpensive coaxial cable.

o High data speeds: It supports a bandwidth of approx 100Mbps. Ethernet 100BaseT is one of the most
popular Star topology networks.

Disadvantages of Star topology

o A Central point of failure: If the central hub or switch goes down, then all the connected nodes will not be
able to communicate with each other.

o Cable: Sometimes cable routing becomes difficult when a significant amount of routing is required.

4) Tree topology

o Tree topology combines the characteristics of bus topology and star topology.

o A tree topology is a type of structure in which all the computers are connected with each other in
hierarchical fashion.

o The top-most node in tree topology is known as a root node, and all other nodes are the descendants of the
root node.
 o There is only one path exists between two nodes for the data transmission. Thus, it forms a parent-child
hierarchy.

Advantages of Tree topology

o Support for broadband transmission: Tree topology is mainly used to provide broadband transmission,
i.e., signals are sent over long distances without being attenuated.

o Easily expandable: We can add the new device to the existing network. Therefore, we can say that tree
topology is easily expandable.

o Easily manageable: In tree topology, the whole network is divided into segments known as star networks
which can be easily managed and maintained.

o Error detection: Error detection and error correction are very easy in a tree topology.

o Limited failure: The breakdown in one station does not affect the entire network.

o Point-to-point wiring: It has point-to-point wiring for individual segments.

Disadvantages of Tree topology

o Difficult troubleshooting: If any fault occurs in the node, then it becomes difficult to troubleshoot the
problem.

o High cost: Devices required for broadband transmission are very costly.

o Failure: A tree topology mainly relies on main bus cable and failure in main bus cable will damage the
overall network.

o Reconfiguration difficult: If new devices are added, then it becomes difficult to reconfigure.
5) Mesh topology

o Mesh technology is an arrangement of the network in which computers are interconnected with each other
through various redundant connections.

o There are multiple paths from one computer to another computer.

o It does not contain the switch, hub or any central computer which acts as a central point of communication.

o The Internet is an example of the mesh topology.

o Mesh topology is mainly used for WAN implementations where communication failures are a critical
concern.

o Mesh topology is mainly used for wireless networks.

o Mesh topology can be formed by using the formula:

Number of cables = (n*(n-1))/2;

Where n is the number of nodes that represents the network.

Mesh topology is divided into two categories:

o Fully connected mesh topology

o Partially connected mesh topology

 o Full Mesh Topology: In a full mesh topology, each computer is connected to all the computers available in
the network.

o Partial Mesh Topology: In a partial mesh topology, not all but certain computers are connected to those
computers with which they communicate frequently.

Advantages of Mesh topology:

Reliable: The mesh topology networks are very reliable as if any link breakdown will not affect the
communication between connected computers.

Fast Communication: Communication is very fast between the nodes.

Easier Reconfiguration: Adding new devices would not disrupt the communication between other
devices.

Disadvantages of Mesh topology

o Cost: A mesh topology contains a large number of connected devices such as a router and more
transmission media than other topologies.

o Management: Mesh topology networks are very large and very difficult to maintain and manage. If the
network is not monitored carefully, then the communication link failure goes undetected.

o Efficiency: In this topology, redundant connections are high that reduces the efficiency of the network.
6) Hybrid Topology

o The combination of various different topologies is known as Hybrid topology.

o A Hybrid topology is a connection between different links and nodes to transfer the data.

o When two or more different topologies are combined together is termed as Hybrid topology and if similar
topologies are connected with each other will not result in Hybrid topology. For example, if there exist a
ring topology in one branch of ICICI bank and bus topology in another branch of ICICI bank, connecting
these two topologies will result in Hybrid topology.

Advantages of Hybrid Topology

o Reliable: If a fault occurs in any part of the network will not affect the functioning of the rest of the
network.

o Scalable: Size of the network can be easily expanded by adding new devices without affecting the
functionality of the existing network.

o Flexible: This topology is very flexible as it can be designed according to the requirements of the
organization.

o Effective: Hybrid topology is very effective as it can be designed in such a way that the strength of the
network is maximized and weakness of the network is minimized.

Disadvantages of Hybrid topology

 o Complex design: The major drawback of the Hybrid topology is the design of the Hybrid network. It is
very difficult to design the architecture of the Hybrid network.

o Costly Hub: The Hubs used in the Hybrid topology are very expensive as these hubs are different from
usual Hubs used in other topologies.

o Costly infrastructure: The infrastructure cost is very high as a hybrid network requires a lot of cabling,
network devices, etc.

Network Architecture:

 The network architecture tells us a detailed picture of resources and network layers.
 In other words, it shows us the overall design of a computer network.
 It presents the logical and structural layout of networking systems and the related hardware devices such as
routers, switches, etc.

Types of Network Topology Architectures

 Three-Tier Architecture
 Two-Tier Architecture
 Spine Leaf Architecture
 WAN Architecture
 SOHO Architecture
 On-Premise/Cloud Architecture

1. Three-Tier Architecture
According to Cisco, networks have been divided into layers or tiers for better understanding. The three-
tier architecture is one of the oldest and classic networking models.

As the name suggests, the three-tier architecture consists of the following 3 layers:

 Access Layer (bottom layer)

 Distribution Layer (middle layer)
 Core Layer (Topmost layer)

Let’s discuss each one of them.

Access Layer:

 The access layer is the lowest layer in the 3-tier architecture.

 It is also called as workstation layer.
 It is the closest layer to the end users.
 It consists of access switches.
 These switches connect users to the network.
Distribution Layer:

 It is the middle layer in the three-tier architecture.

 The distribution layer is also, sometimes, referred to as the aggregation layer.
 It performs quality of service and security work.
 It consists of multilayer switches.
 It moves the traffic from the access layer to the core layer.
 It aggregates LAN and WAN links.
Core Layer:

 It is the topmost layer in the three-tier architecture.

 The Core layer also has another name which is the backbone layer.
 It connects distribution layer devices.
 It performs high-speed transport of traffic.
 It is reliable and fault-tolerant.

2. Two-Tier Architecture:
The two-tier architecture is more popular architecture than three-tier architecture these days.

 It has a collapsed core. It is called so because it has a blended or collapsed distribution layer and core
layer.
 Therefore, the two-tier architecture consists of only 2 layers:
1. Access Layer
2. Collapsed Core Layer
 It is therefore simpler.
Spine and leaf is the most popular two-tier architecture.

3. Spine Leaf Architecture

 Spine Leaf architecture is a two-layer or two-tier architecture.
 It is mostly used in data centers.
 It has low latency.
 It consists of two layers:
1. Spine Layer
2. Leaf Layer
Spine Layer:

 The spine layer is the top layer.

 The Spine layer consists of very intelligent devices such as Cisco Nexus 9000 devices.
 These devices have ACI Controller intelligence inside them.
Leaf Layer:

 It is the bottom layer in the spine leaf architecture.

 It consists of access switches.
 Each leaf is connected to every spine device.

4. Small Office/Home Office (SOHO) Architecture:
 The SOHO architecture consists of the simplest architecture.
 As the name suggests, it is mostly used in homes and/or small enterprises.
 This type of architecture consists of three components:
1. A small switch
2. A router
3. Connected access devices such as printers, PCs, etc.
 Usually, a single device is used that acts as both a switch and router.
 The devices are hardwired into this router.
This router also acts as a firewall.
5. Wide Area Network (WAN) Architecture:
Imagine this. You have a SOHO network at home and you’ve connected multiple access points. These
access points are making wide-area network connections out to multiple Internet Service
Providers (ISPs).

There are two types of connections formed in the WAN architecture:

 The Primary Connection:

First is the WAN connection formed by the access point using Digital Subscriber Loop (DSL).

 Emergency Connection:
The second is a low-cost WAN connection using an asymmetric DSL, meaning there is a difference
between download and upload speeds. This is the connection to reach out to cloud resources.

These connections are referred to as dual-homed configurations. Such a connection is very strong
because if one ISP connection fails, the second one takes the charge.

In today’s time, better client connectivity technologies are available in the market. These are:

MPLS:

 Multiprotocol Label Switching (MPLS) is a transportation technique for high-performance

telecommunication networks.
 It transfers data from one network node to another node on short path labels.
 MPLS can carry packets of various network protocols, therefore, called multiprotocol.
Metro-Ethernet:

 Metro Ethernet network is mostly used to connect clients to a large service network.
 Metro Ethernet provides multiple configuration options such as point-2-point, point-2-multipoint,
multipoint-2-multipoint, etc.
Internet VPN:

 It consists of the following:

 Dynamic Multipoint VPN (DMVPN)
 Site-to-Site VPN
 Client VPN
 DMVPN is dynamic, meaning it can build VPN connections when required and it can break them when not
needed.
 Site-to-Site VPN links allow the creation of VPN links when sending protected data over a non-trusted
network such as the Internet.
 Client VPN allows remote access to corporate resources.

6. On-Premises and Cloud Architecture:

Cloud technologies have developed virtual service models.

 SaaS:
Cloud architecture is more of an as-a-service model than a network topology. For example, if you’re
using Google Docs on the cloud, you’re not aware of its network topology. This refers to as Software-as-
a-Service (SaaS).

 PaaS:
If you’re working with Platform-as-a-Service (PaaS), you might be familiar with the cloud topology.
You can access any development resource using PaaS such as Operating Systems to test out any
application.

 IaaS:
When you’re setting up a cloud-based network topology, you’re using Infrastructure-as-a-Service (IaaS).
Networks, servers, and firewalls are organized in the topology as virtualized components.
 Conclusion:
That’s all about the different network topology architectures. These architectures help us know better
about the network topologies and how each network component functions in the topology.

Physical Interfaces and Cabling types in

networking
The physical interface is the physical port or the network adaptor provided in network devices that are
used to connect different types of cables for data communication.

The different types of physical interfaces used in Cisco routers and switches are:

 Ethernet: Ethernet is defined as IEEE 802.3 standards. It has a speed of 10 Mbps. The media used for
Ethernet is 10baseT.
 Fast Ethernet: Defined as IEEE802.3u standard and it has a speed of 100 Mbps. the media used for
fast ethernet is 100 base T
 Gigabit Ethernet: The gigabit ethernet is defined as IEEE 802.3ab standard. It has a speed of Gbps.
The media used for gigabit ethernet is 1000 base T
 Serial Interface: The serial interface is typically a WAN interface generally facilitated by service
providers. Most of the time, one end is taken as DCE (Data Communication Equipment) and the other
end as DTE(Data Terminal Equipment). In order to have serial communication, both stations must be
 synchronised with an appropriate clock speed. The DCE end will decide what would be the clock
speed or the bandwidth of the channel.
 FDDI: The acronym for FDDI is Fibre Distributed Data Interface. FDDI uses an optical fibre network
to data transmission at the rate of 100 Mbps up to 200 meters. FDDI network implements token
passing technique to avoid collisions.

Naming Convention of Physical Interfaces of Routers and Switches

The physical interfaces of network devices like routers and switches are denoted by their interface IDs.
The interface Id represents the media types, slot numbers and location parameters.

The interface IDs of routers and switches are represented as:

<InterfaceType><SlotNumber><PortNo>

For example :

FastEthernet0/1 or fa0/1 denotes the FastEthernet interface with slot no 0 and port no 1

Serial0/0 or s0/0 denotes the serial interface with slot no 0 and port number 0.

Compare physical interfaces and cabling types

Physical Interfaces and cables play a major role in connecting the different devices and the network
components throughout the network. The Ethernet physical cable can be :

 Copper cable
 Optical fibre cable
 Copper cable or Twisted Pair Cable

In Ethernet technology, the most common type of copper cable used is twisted pair cable. The twisted-
pair cable is made up of two copper wires twisted together. Each copper wire has a coating of insulation.
One of the conducting wires carries a signal and the other one acts as a ground. Two wires are twisted
together in order to reduce noise or cross talk. The more the number of twists or twists, the greater will be
the transmission speed.

Types of Twisted Pair cable

There are two types of twisted pair cable.

 UTP (Unshielded Twisted Pair) Cable

 STP(Shielded Twisted Pair) Cable

Unshielded Twisted Cable (UTP)

UTP cable is composed of two or four pairs of copper wires twisted together in pairs without any
shielding. Two pairs of wires are twisted together to cancel the external noise and reduce the capacitance
 between the two copper wires. UTP cable is most commonly used for telephone and Ethernet
connections. It is cheaper and easy to install.
Shielded Twisted Pair (STP)

STP cable is composed of four pairs of copper wires. Each pair is shielded with an aluminium file and all
the shielded pair is bunched together within the diagonal wire mesh. The shielding provides better noise
reduction and protects from electromagnetic interference. the shielding also provides a better data transfer
rate than the UTP.

However, the cost of installation of cable is higher than that of UTP. STP are useful eclectic power lines
or cables that run parallel with the networking cable.

Different categories of twisted pair cable

 Cat 1: CAt 1 is a single pair twisted cable that is used only for voice communication old telephone
networks.
 Cat 2: Cat 2 cable consists of 4 pairs of wire, It is used for token ring network and have a data
transmission of up to 4 Mbps.
 Cate 3: Cat 3 consists of 4 pairs of wires. It is used in both token ring and Ethernet networks with data
transmission up to 10 Mbps.
 Cat 4: It also consists of 4 twisted pairs and it can have a data rate of up to 16 Mbps. It was used in
IBM token ring network.
 Cat 5: Category 5 cable can transmit up to 100 Mbps. It has more number of turns of twisted pairs that
helps to achieve a higher data rate and more resistance to cross talk. An example of Cat 5 is 100 Base-
T.
 Cat 5e: Cat5e stands for category 5 enhanced. It is a subtype of cat 5 and supports data rate up to 1
Gbps od 1000Mbps.
 Cat 6: It looks identical to cat 5. A physical separator is placed between each pair in order to reduce
electromagnetic interference (EMI). It is designed to support the data transmission rate up to 1Gbps.
 Cat 6e: Cat 6a stands for category 6 Augmented. It is designed to support data rates up to 10 Gbps
spanning a distance of 100 meters. Cat 6a cables have more numbers of twists and each pair is shielded
to reduce cross-talk efficiently.
 Cat 7: It consists of 4 pairs of tightly twisted copper wires. Each pair is shielded with foil and overall
pairs are covered with a wired braid conductor. It can support data rates of up to 40Gbps at a distance
of 100 meters.
 Cat 8: Cat 8 can support a bandwidth of 2 GHz. It is designed to support a data rate of 25 GHz to
40Ghz at a distance of 30 meters. It is specially used in data centres to connect routers and switches for
very high-speed data transfer over a short distance.

RJ-45 Connector

RJ-45 connectors are used to connect different types of twisted pair cable(UTP/STP) at each end.

RJ-45 (Registered Jack-45) connector is an 8 pin modular plug that is attached to the Ethernet cable at
the end of the cable. RJ-45 connector at both ends of the Ethernet twisted pair cable is popularly called
Ethernet patch cord or cable.

Types of RJ 45 Ethernet cables

 Straight-through cable
 Cross-over cable
 Roll-over cable

Different Types of RJ-45 Ethernet cable

Straight through Cable

The straight-through cables are the most widely used Ethernet LAN to connect a computer or server to a
network switch or router. The cable consists of four pairs of twisted wires. Each pair has different colour
codes with RJ 45 connectors at each end with the same pinout at both ends.

The RJ45 cable comes in two standards as defined by TIA (Telecommunications Industry Association)
for maintaining consistency throughout the Ethernet network. It can be either T568-A or T568B
standards.
 Use of straight cable
 Switch to Router
 Switch to PC /Workstation/ Servers
 Hub to PC or Server
 Cross Over Cable
Unlike Straight through cable, Cross over cable pinout is different as compared to the straight-through
cable. It uses both the TIA standards at each end of the cable. You can find T568A type at one end and
T568B type at the other end. The wires for transmitting and receiving signals are reversed at the
respective end.

Use of cross cable

 Switch to Switch
 Hub to Hub
 Router to Router
 PC to PC
 router to PC
Roll Over Cable
The roll-over cable, also known as Cisco Console Cable is used to connect the router’s console port with
the computer terminals. It also consists of four pairs of flat cables and the pinout at one end of the cable is
revered at the other end.

the rollover cable is used to connect the computer with the console port of the switch or the router for
configuring the device. most of the time rollover cable is attached with RJ-45 to the DB9 connector to
connect the cable with the com port of the computer. However, an integrated cable with RJ 45 at one end
and the DB 9 connector at the other end is also available to connect the device without using RJ45 to the
DB9 connector.
 What is Optical Fiber
The optical fiber is a transmission media where signals are allowed to pass through the glass fiber in
the form of a light pulse. The fiber is generally made up of a glass or plastic material. Optical fiber
consists of core and cladding. The core is the innermost cylinder having a higher refractive index and
the cladding is the middle cylinder with a lower refractive index than that of the core. Both the core
and cladding is made up of glass and plastic. They are protected by the outer buffer layer.

Composition of Optical Fiber cable

The major constituents of fiber optics are:

 Core
 Cladding
 Buffer coating
 Strengthening fibers
 Outer Jacket

Core
A core is the innermost part of the optical fiber cable. The light rays travel through the core by
optical phenomneon called total internal reflection. The refractive index of the core is very high as
compared to the cladding. That means the core is optically denser than the cladding. It is made up of
glass or plastic material.

Cladding
Cladding is just outside the core and cylindrically surrounds the core. The refractive index of the
cladding is less than the core. It is also made up of glass or plastic material.
Buffer Coating
Buffer is a protective coating applied on the outer surface of the cladding. The buffer helps to
encapsulate one or more fibers. It provides strength and protects from physical damage and break.

Strengthening Fiber
The strengthening fiber layer is composed of kevlar or wire strands. It protects the core from
excessive tension during installation and prevents form physical damage.

Outermost Jacket
The outer jacket encapsulates the whole components of optical fibers. It protects from environmental
hazards such as moisture, water, construction equipment etc. It is made up of polyethene or PVC
material.

Principle of operation
The optical fiber technology is based on the optical phenomenon known as total internal reflection.
The principle of optics defines that when the light travels from the denser medium to the rarer
medium, the light rays bend away from the normal. The total internal reflection occurs when the light
ray passes from the optically denser medium to the optically rarer medium and the angle of incidence
must be greater than the critical angle.
 Propagation Modes of optical fiber cable
The optical fiber is categorized into different types according to the mode of light propagation the
way the light wave takes the various path to pass through the fiber and the index of refraction
variation between the core and the cladding.

 Single-mode fiber
 Multi-mode fiber

Single-mode fiber (SMF)

 It allows only one mode of light wave to propagate through the fiber.
 The diameter of the core is 8 to 10 micrometres.
 It uses the laser beam as the light source.
 It is used for very long-distance communications.
 Fabrication of single-mode fiber is quite difficult and it is costlier than the multi-mode fiber.

Multimode fiber (MMF)

 The multimode fibres carry more than one mode of light propagation.
 The diameter of the core ranges from 50 to 100 micrometres.
 The typical size is 62.5 micrometres.
 The different modes of light are passed through the core in different incident angles.
 They are generally used in short-distance communication.
 Fabrication of multimode fiber is easy and the cost is also low as compared to single-mode.
 It uses LED as the source of light waves.
 Difference between Single-mode and multi-mode
fibers
Single Mode Fiber Multi-Mode Fiber

Capable of carrying a single mode of light Capable of carrying multiple modes of light.

The diameter of the core is about 10 The diameter of the core is about 50 to 200
micrometres. micrometres.

Single-mode fiber is used for long-distance Multi-mode fiber is used for short-distance
communication communication.

It can transmit signals at a lower speed than

It can transmit signals at a greater speed.
single-mode.

It has higher bandwidth than multimode It offers lower bandwidth.

Signal loss is comparatively more than single-

Practically no loss or rare loss of signals
mode.

Manufacturing and handling is quite difficult. Manufuacturing and handkliung is easier.

Light-emitting diode (LED) is used as a light

The laser diode is used as a light source.
source.

Multi-mode fibers are further classified into Step Index and graded-index

Step index Fiber

In step-index fiber, the refractive index of the core is uniform and the sharp difference between the
core-cladding interface. The light rays pass through the step-index fiber in a zig-zag manner within
the core. The step-index fiber can be mono mode or multi-mode.

Characteristics of Step Index

 The refractive index of the core is uniform and then there is a sharp decrease in the refractive
index at the core-cladding interface.
 The light waves travel in a zig-zag way within the core.
 The diameter of the core ranges from 50 to 200 microns.
 Graded Index Fiber
In graded-index fiber, the refractive index is uniform at the centre of the core but gradually decreases
as it approaches the core cladding interface. The light when passed through the graded-index core, it
propagates as skew rays or helical rays.

Characteristics of Graded Index

 The Refractive index of the core gradually decreases as it approaches the cladding.
 On the basis of modes, there is only one type of graded index: multi-mode graded index.
 he light waves propagate as skew rays or helical rays.
 The signal distortion is very low.
 The bandwidth of multimode fiber is higher.
 The diameter of the core is 50 micrometre for the multimode graded-index.
 used for long-range communication.

Comparison between Step index and graded

index
Step Index Graded Index

Sudden change in refractive index in core-cladding The Refractive index of the core gradually decreases as it
interface approaches the cladding.

On the basis of modes, step-index is of two types: single- On the basis of modes, there is only one type of graded
mode step-index and multi-mode step-index index index: multi-mode graded index.

The light wave travels in a zig-zag manner within the core. The light waves propagate as skew rays or helical rays.

The signal distortion is more in multi-mode step-index

fiber, while there is no distortion in single-mode step- The signal distortion is very low.
index fiber.

The bandwidth of step-index fiber is very low. The bandwidth of multimode fiber is higher.

The diameter of the core is 50-200 micrometres for The diameter of the core is 50 micrometre for multimode
multimode fibre. For single-mode fibre is 1o micrometer graded-index.

usually used of sort range communication. Used for long-range communication.

 Fiber Optics Connector Types
The most common types of fiber optics connectors are LC, SC, ST, FC, and MTRJ connectors.
Though all these connectors look different, they have the same functionalities and have the same
basic components-coupling device, connector body and ferrules.

SC Connector

 SC stands for subscriber connector.

 Also known as standard connector or square connector.
 It is the most popularly used fiber connector.
 It is a square-type push-pull latch that properly fits into the fibre patch panel with pull-proof
stability.
 IT uses a round ferrule size of 2.5mm to hold the fibre.
 It is used in multi-mode as well as single mode.
 It is low cost and most durable.

LC connector
 LC stands for Lucent Connector.
 It is developed by Lucent Technologies.
 Just like the SC connector, it has a push-pull mechanism for proper insertion into the system
mounting rack with greater stability.
 It has a split sleeve and cylindrical ferrule.
 The ferrule size is 1.25 mm
 LC connectors are mostly used with SFP and SFP+ transceivers for high-speed gigabit
transmission.

ST Connector
 ST stands for straight tip
 ST connector has a Boyenet-type mechanism
 It looks similar to the BNC connector used in coaxial cable.
 It was developed by AT&T.
 It has a spring-loaded ferrule size of 2.5mm with a half twist bayonet mechanism for proper
insertion.
 It is usually used for short as well as long-distance communication.

FC Connector

 FC stands for ferrule connector.

 It was originally known as a field assembly connector. also known as fibre channel
 It is a fibre connector with a threaded body.
 It is particularly designed for installation in a high-vibration environment.
 It uses a ceramic ferrule with a round screw-type fitment made up of stainless steel.

MTRJ Connector

 MT-RJ stands for Mechanical Transfer Registered Jack

 MT-RJ connectors have endpoints similar to RJ 45 jack.
 It is a duplex fiber connector with both fibers housed in a single polymer ferrule.

TCP and UDP in Transport Layer

TCP and UDP are the major transport layer protocols. Before discussing TCP and UDP in detail, let
us understand the main functions of the transport layer.

The transport layer in the OSI model deals with the process-to-process communication between the
two stations. The data from the upper layer is received by the transport layer and broken down into
smaller chunks of a similar size called segments. The segment is further sent to the network layer
after encapsulating essential header information of the transport layer. The other major functions of
the transport layer are segmentation, reassembly, sequencing, flow control, port addressing etc.

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the major protocols
that work at the transport layer for various network application services. TCP is utilized by the
service where reliability is the top priority. UDP is used by services for faster communication like
real-time applications, live streaming etc.
 Transmission Control Protocol (TCP)
 TCP stands for Transmission Control Protocol.
 TCP is said to be a connection-oriented protocol. As it establishes a TCP connection between the
two stations before sending any data to the receiver. The connection is then terminated after the
exchange of data is completed.
 The session establishment and the termination using the three-way and four-way handshaking
respectively. This will be explained in detail in a later section of this article.
 TCP provides reliable communication. Hence, it is also called a reliable transport layer protocol.
The destination must reply with an acknowledgement message after the segment is received. If an
acknowledgement is not received by the sender, the same segment is retransmitted to ensure
reliable communication.
 Another important function of TCP is packet sequencing. When upper layer data are broken down
into smaller segments, each segment is then assigned a sequence number so that when the
segments received by the destination at any order are reassembled into the correct sequence or
order.
 Flow control is yet another function in TCP. The flow control mechanism allows both sender and
receiver to exchange data at the same data rate. The sender and the receiver synchronize and
compromise with the same transmission speed so that the receiver will not be overwhelmed by the
senders data rate.
 The data transfer between the sender and the receiver is carried out with full duplex mode.

User Datagram Protocol (UDP)

 UDP stands for User Datagram Protocol.
 UDP is said to be a connectionless and unreliable transport layer protocol.
 It provides process-to-process communication in the transport layer.
 UDP is a simple protocol with minimum overhead.
 UDP is connectionless because it does not establish any session between the two bodies before
sending packets to the receiver.
 It is also called unreliable because it does not wait for any acknowledgement of the received
packet from the receiver, whether the packet has been received without any error.
 UDP packets are called user datagram and they have fixed header size of 8 bytes.
What are port numbers in TCP and UDP?
The port numbers are unique numbers used with IP addresses. It ranges from 0 to 65535. Port
numbers are controlled and registered by IANA (Internet Assigned Numbers Authority). TCP and
UDP use port numbers to identify the different application services.

IANA has classified the port numbers into three board categories:

Well known Ports

It ranges from 0 to 1023. It is controlled and registered by IANA. Popular application services like
HTTP, FTP, SMTP, and telnet are assigned fixed well-known ports.

Registered Ports
It ranges from 1024 to 49151. It is not controlled by IANA. It is only registered by IANA to prevent
any duplicacy.

Dynamic Ports
It ranges from 49152 to 65535. It is neither controlled nor registered by IANA. Dynamic ports are
mostly used by the processes running on the client end.

How does TCP work

TCP is a connection-oriented and reliable protocol. Before sending data to the destination, the source
always establishes a TCP connection and then begins exchanging information. The connection is
then terminated after the data transmission is over. The establishment and the termination of the TCP
connection is performed using a three-way and four-way handshaking mechanism. Later on, we will
discuss in detail how three-way and four-way handshaking is done.

Now let us understand the TCP segment formats.

TCP Segment Format

Source Port Address

This field contains the port numbers of the sender. When the sender is the client machine, it uses
dynamic port numbers that range from 49152 to 65535. When the sender is the service, it uses well-
known ports that range from 0 to 1023.

Destination Port address

This field contains the port number of the receiver. When the destination host is the server, then it
will be well-known ports. When the destination host is the client, it will be the dynamic ports.

Sequence Number
The TCP sequence number field is a 32-bit value. The value ranges from 0 to 232 – 1
(4,294,967,295). The sequence number tells the receiving host which byte in this sequence comprises
the first byte in the segment.
 Acknowledgement Number
It is also a 16-bit field. When the ACK flag is set ON, it contains the next sequence number of the
data byte and acts as the acknowledgement for the previous TCP sequence received. For example, If
the destination host receives the sequence “X“, then it replies with “X+1” as an acknowledgement
number.

HLEN
It is a 4-bit header length field and indicates the length of the TCP header by a 4-byte word in the
header. The size of the TCP header ranges from 20 to 60 bytes. For 20 bytes of header, the value of
HLEN field would be 5, because 4 x 5 = 20. For 60 bytes, it would be 15, because 4 x15 = 60. Thus,
the value of HLEN field lies between 5 to 15.

Flags
TCP uses six control flags of 1 bit each to perform connection establishment, termination, connection
abortion, flow control, and mode of data transfer.

 URG – This flag represents the urgent pointer. When it is set ON when the segment needs urgent
processing of data.
 ACK – When ACK is set ON, the destination host replies with the acknowledgement number for
every sequence it receives.
 PSH– When it is set ON, then it requests the destination host to pus the data without buffering it.
 RST – This flag is used to restart the connection.
 SYN– It synchronizes the sequence numbers during the three-way handshaking.
 FIN – This flag is used to terminate the connection.

Window Size
It is a 16-bit field and defines the size of the window that the destination host can accept.

Checksum
It is a 16-bit field used for error control. This field is optional in UDP.

Urgent Pointer
The urgent pointer is a 16-bit field to process data urgently. When the URG flag is set ON, it requests
for the urgent process.
Options and Padding
This field can be up to the size of 40 bytes.

UDP Header Format

Source Port Address

It is a 16-bit field that indicates source port numbers. If the client is the source, the source port
address will be dynamic ports. On the other hand, if the server is the source, then it will be the well-
known ports.

Destination Port Address

This field contains a 16-bit destination port address. If the client is the receiver, the destination port
number would be the dynamic port and the server utilizes well-known ports for the destination.

Total Length
The field is a 16-bit length that indicates the length of the UDP segment including the header and the
data.

UDP Checksum
The checksum is a 16-bit or 2-byte field. The checksum field is optional in the UDP segment. It
depends on the application on which UDP is running. The basic function of the checksum field is to
ensure whether the segments are received accurately or not.
Establishing TCP Connection using Three-way
Handshaking

The TCP three-way handshaking process is a three-step process in which the client establishes the
virtual connection with the server prior to the exchange of data between them.

Step1: The client sends the TCP segment to the server with the SYN flag set ON.

Step2: In response to the client request, the server sent the TCP segment with SYN flag and ACK
flag set to ON.

Step3: Finally, the client replies by sending a TCP segment with the ACK flag set to ON.

This completes the process of three-way handshaking and the TCP connection is established between
the client and server, Now, both of them are ready for the exchange of real data between them.

Terminating TCP Connection using Four-way

Handshaking
 After the exchange of data is completed between the client and the server, The TCP connection needs
to be terminated. A four-way handshaking process is performed to terminate the connection.

Step1: The client sends TCP segments with the FIN flag set ON.

Step2: The server replies with the ACK flag set to ON.

Step3: The server then sends TCP segment with FIN flag set.

Step4: Finally the client replies with the ACK flag set to ON.

This will terminate the connection between the client and the server.

Compare TCP and UDP

TCP UDP

 TCP stands for Transmission Control

 UDP stands for User Datagram Protocol
protocol

 TCP is a connection-oriented protocol that  UDP is a connection-less protocol. It does

establishes connections between the hosts not establish a connection between the
before sending any data. hosts.

 TCP is considered to be highly reliable

because it always asks for the  It is un reliable because it does not expect
acknowledgement from the receiver before or wait for the ACK form the receiver.
sending any segment further.

 Header size is 20 bytes.  Header size is 8 bytes.

 Retransmission facility  No such facility.

 TCP is much slower and low efficient as

 UDP is faster and more efficient than TCP.
compared to UDP.

Introduction to IP v4 Address
IP address is a numerical identifier that uniquely identifies the devices in a computer network. Two
types of IP address are widely used in IP network.
 IP version 4
 IP version 6

IP v4 address is a 32 bit logical address.

It is written in decimal format. The 32-bit address length is divided into 4 equal parts called an octet.
Each octet contains 8 bit and is separated by a dot.

For example, 192.168.5.10 is an IP v4 address.

Features of IP v4 Address
 IPv4 is a 32-bit length address.
 It is divided into 4 equal parts.
 Each part consists of 8 bits and is called Octet.
 Each octet is separated by dot notation.
 It is normally written in a human-readable numbering system ie decimal number.
 232 = 4.7 billion of addresses are available for IPV4.
 IPv4 consists of two parts: The network part and the host part.
 The network part shows that the IP address belongs to which network. The host shows the number
of different hosts in the same network.

Classes of IP v4 Address
IP v4 address is classfied into 5 classes:
 Class A address ranges from 0.0.0.0 to 127.255.255.255
 Class B address ranges from 128.0.0.0 to 191.255.255.255
 Class C address ranges from 192.0.0.0 to 223.255.255.255
 Class D address ranges form 224.0.0.0 to 239.255.255.255
 Class E address ranges from 240.0.0.0 to 255.255.255.255

Subnet Mask
The subnet mask is the 32-bit length of series of binary 0s (zeroes) and 1s (ones) that distinguishes
the network part and the host part of an IP address. Series of 1s denote the network portion
and 0s denote the host portion.

When we assign an IP address to any host in a network, a subnet mask is also given to it.

For example,

IP address is 192.168.5.10

The subnet mask is 255.255.255.0

If we convert subnet mask to binary bits, then it looks like this:

11111111.11111111.11111111.00000000

The series of 1s is called the network bits and the 0s are called host bit.
 Network bit will remain unchanged for every IP assigned to any host in the same network and the
network address is derived by ANDing the binary equivalent of IP address and the subnet mask.

These series of 0s can be varied from 0s to 1s for all the hosts within the same network.

Hence, in the above example,

The number of networks is given by = 2n, where n denotes the number of network bits.

and the number of hosts per network is given by=2h-2 where h is the number host bit
Please click on the following link below for details on IP v4 Addressing

What is IP Address and its Classes | My Computer Notes

What is Subnetting
Subnetting is a very important topic in the field of networking. It is quite interesting because it
involves a lot of mathematical calculations. This tutorial tries to explain each and every term that is
related to IP subnetting. I hope it probably helps you a lot to clear your doubt on the subject.

Subnetting is a technique of breaking down a single classful IP network into multiple, logical, and
smaller sub-networks or subnets. It helps to create smaller networks out of a single large network.
Subnetting is done to control the rapid exhaustion of the IP v4 address. There is unnecessary wastage
of host IP addresses while using classful addressing. The wasted IP cannot be allotted to the other
network. To overcome this problem, the concept of subnetting is evolved.

Benefits of Subnetting
The major benefit of subnetting is that it controls the rapid exhaustion of IP addresses. Apart from
this, it has other benefits such as;

 Breaks up the large network into smaller manageable segments.

 Controls Broadcast traffic.
 Reduces network congestion.
 Enhance network security.
 Ease of administration.
 Limitations of classful address explained with
examples.
In classful addressing scheme, Class A, B, and C have following fixed numbers of host per network
using their respective default subnet masks.

So, it is clear from the table above that

 Class A has 24 bits for the host, thus the number of hosts per network in Class A will be 224 –
2= 1,67,77,214.
 Class B has 16 bits for the host, thus the number of hosts per network in Class B is 216 –2=
65,534
 Class C has 8 bit for the host, then, the number of hosts per network in Class C will be 28 –2
= 254

Concept of subnetting explained with an example

Now, let us understand, how subnetting helps to overcome the limitation of classful addressing and
make the host addressing more flexible using subnetting.

Let us take an example to understand the topic more clearly.

Examples of Subnetting
You have a Class C network address 192.68.1.0/24.

Now, you can break this Classful network address in two ways in order to create new subnetwork.
In the first case, how many equal subnets you want to create by breaking the given classful address
and the second case is how many hosts you need in a new subnet

Case1: if we want to create 2 equal subnets out of the classful address

192.168.1.0/24
We know, default subnet mask of the 192.168.1.0 is 255.255.255.0

In binary it is written as :
11111111.11111111.11111111.00000000
In order to create 2 equal subnets out of 192.168.1.0/24, some host bits must be borrowed from the
host to the network portion.

The number of subnet bits that have to be borrowed will be given by the formula,

2<subnet_bits> >= Number of required subnets

In our case, the Number of subnets = 2

Therefore, using the above formula,

we have, 2n >= 2, where n denotes the number of subnet bits.

or, 21 >= 2
Hence; when n=1, we can create two subnets.

Then, the new subnet mask will be

11111111.11111111.11111111.10000000
In decimal, the new subnet mask is written as 255.255.255.128

Now, there are 7 host bits available for each subnet.

Therefore, the numbers of hosts per subnet are given by

2h -2 = 27– 2 = 126, where h= number of host bits

Each block of subnets will have the maximum numbers of IP addresses as 256 – 128 = 128
The IP range for Subnet-0 is 192.168.1.0 to 192.168.1.127
The IP range for Subnet-1 is 192.168.1.128 to 192.168.1.255

Subnets Numer of Block IP Range Valid host IP Network Broadcast

size/
 Total IP
hosts/subnet address address
address

192.168.1.0 to 192.168.1.1 to
Subnet-0 126 128 192.168.1.0 192.168.1.127
192.168.1.127 192.168.1.126

192.168.1.128 to 192.168.1.129 to
Subnet-1 126 128 192.168.1.128 192.168.1.255
192.168.1.255 192.168.1.254

Case 2: if we want to create a subnet having 100 numbers of hosts

Earlier, when classful addressing is used, we have default 8 host bits for Class C.

Thus, the total number of valid host IP available using Class C default mask is

28 – 2 = 254

Then, the valid IP will be 192.168.1.1 to 192.168.1.254

192.168.1.0 is the network address and 192.168.1.255 is the broadcast address.

Thus, if we use classful addressing, we will have 254 host addresses in hand.

But, our requirement is to create a subnetwork which will have only 100 hosts.

Using a classful address, we are wasting 254-100 = 154 IP addresses that cannot be assigned to any
other network.

Here, the concept of subnetting will work to save the wastage of unused IP addresses. This is done by
keeping only that much host bits required for 100 hosts and the extra host bits are borrowed by the
network. The extra host bits borrowed by the network is known as the subnet bits.

So, the number of host bits required for 100 hosts is given by the formula

2<host_bits> – 2 >= Number of required hosts

Therefore, using the above formula,

we have, 2h – 2 >= 100, where h denotes the number of host bits.

or, 27– 2 >= 100
Hence, 7 bits are kept for the host portion, and the rest bits are borrowed by the network.

Then, we will have a new subnet mask,

11111111.11111111.11111111.1000000
 In decimal notation, it is denoted as 255.255.255.128
Block size of IP addresses is given by —-> 256 – 128 = 128
Therefore, the range of IP addresses for a new subnet will be from 192.168.1.0 to
192.168.1.127
Then, the valid host range is from 192.168.1.1 to 192.168.1.126
Here, IP addresses from 192.168.1.128 to 192.168.1 255 are still free to assign to another
subnetwork.

From the above example, we have come to the conclusion that subnetting can be done in two ways.

 Subnetting based on the network where the number of subnets is taken as a priority.
 Subnetting based on the host where the host is taken as a priority.

There are a few things that you must know while creating subnets. For subnetting of any given
classful address, the probable questions that arise in our mind are:

 How many network bits required to create each subnet?

 How many host bits available for host IP?
 How many subnets are formed?
 What are the numbers of hosts per subnet?
 What is the modified mask for the new subnets?
 What are the network and the broadcast addresses of the new subnets?
 What is the IP block size of the subnet?
 What is the IP range for the subnets?
 What is the valid host IP range for the subnets?

The solution of these is based on how we approach t to create subnets: whether network-based or
host-based. We will solve all these questions in the latter part of the tutorials.

Let us discuss the two types of subnetting in more detail.

Types of subnetting
The subnetting is done by borrowing host bits to the network part. The borrowing of bits is done in
two ways.

 Subnetting based on network or FLSM

 Subnetting based on host or VLSM
Subnetting based on the network (FLSM): This type of subnetting is done when fixed numbers of
subnets are required to be created from the single large network. As a result, each new subnets
created have the same subnet mask. Hence, this technique of subnetting is also known as the Fixed
Length Subnet Mask ( FLSM).

FLSM explained with an example

If we want to create 4 subnets out of classful address 192.168.1.0/24 ( here, we are taking Class C
address because class C address subnetting is easier to understand. During the subnetting of Class C,
only the last octet of the IP address gets affected. We will also explain the concept of subnetting in
all three classes of IP addresses separately in the forthcoming section).

To create 4 subnets, we have to borrow the following numbers of host bits to network section;

2n >= 4
or, 22 >=4
Therefore, Network bits required to borrow from the host portion = 2

Thus, the modified subnet mask will be :

11111111.11111111.11111111.11000000
In decimal, we can write as:

255.255.255.192
The block size or the total numbers of IP available for each subnet will be:

256-192 = 64
As we know, the total range of IP available for the given IP address is from 192.168.1.0 to
192.168.1.255
Hence, starting from 192.168.1.0, we can segment the classful address into 4 equal subnets in a
group of 64 blocks.

The distribution of IP for FLSM is mentioned in the table below.

CIDR
Notation Block
Subnets Subnets mask IP Range Usable Host Range Network Address Broadcast Address
size

Subnet-0 255.255.255.192 64 192.168.1.0 192.168.1.63

/26 192.168.1.0 to 192.168.1.1 to
 192.168.1.63 192.168.1.62

192.168.1.64 to 192.168.1.65 to
Subnet-1 255.255.255.192 /26 64 192.168.1.64 92.168.1.127
192.168.1.127 192.168.1.126

192.168.1.128 to 192.168.1.129 to
Subnet-2 255.255.255.192 /26 64 92.168.1.128 192.168.1.191
192.168.1.191 192.168.1.190

192.168.1.192 to 192.168.1.193 to
Subnet-3 255.255.255.192 /26 64 192.168.1.192 192.168.1.255
192.168.1.255 192.168.1.254

Now, you can see from the table above that 4 subnets are created with an equal distribution of 64
IP blocks. Each subnet can have 64 IP addresses. FLSM is efficient if each subnet has an equal
number of hosts i.e. 64 -2 = 62 (deducting network and the broadcast ID from the total IP block).
Each subnet will have the same subnet mask 255.255.255.192 or /26 in CIDR notation.

But, there may be a situation where one subnet may have more than 62 hosts and may have
less than 62. In such a case, FLSM or subnetting by the network will not be helpful.

There comes the concept of VLSM. VLSM says that we can create a subnet according to the
requirements of the host.

Subnetting based on the host (VLSM): This type of subnetting is done when the host is taken as
the first requirement. The subnet is created according to the numbers of hosts in a subnetwork. The
subnets created will have a different subnet mask for each subnet. Hence, it is called Variable
Length Subnet Mask (VLSM). The VLSM has more benefits over the subnetting based on the
network or FLSM. It has better control over the wastage of IP than network-based subnetting.

Let us take an example for a better understanding of VLSM.

VLSM explained with an example

Your organization has four different departments viz A ccounts, HR, Inventory, and
Sales. You want to create separate subnets for each department. However, each department has
variable hosts connected to the network such as

Account = 100 hosts

HR = 50 hosts
Inventory = 25 hosts
Sales = 10 hosts

In this case, you have the option to create each subnet with different subnet masks according to the
host requirement.

For Accounts, where 100 hosts are connected,

The number of host bits required to create a subnet for 100 hosts is given by;

2h -2 >= 100, where h= number of required host bit to create subnets for 100 hosts
or, 27 >= 100
or, 126 >= 100
Hence, h =7
Therefore, the new subnet mask for the subnet: Account is:

11111111.11111111.11111111.10000000
In decimal, it is written as 255.255.255.128

Thus, the block size for Accounts are 256 – 128 = 128
Hence, the range of IP for Account is from 192.168.1.0 to 192.168.1.127
The network address = 192.168.1.0

Broadcast address = 192.168.1.127

Therefore, the valid host range for Account is from 192.168.1.1 to 192.168.1.126

Next, for the HR department, where 50 hosts are connected,

So, the required number of host bits to connect 50 hosts is given by:

2h -2 >= 50
or, 26 – 2 >= 50
or, 62 >= 50
Hence, h =6
Therefore, the new subnet mask for the HR is:
11111111.11111111.11111111.11000000
In decimal, it is written as 255.255.255.192

Thus, the block size for HR is 256 – 192 = 64

Hence, the range of IP for the HR department is from 192.168.1.128 to 192.168.1.191
The network address = 192.168.1.128

Broadcast address = 192.168.1.191

Therefore, the valid host range for HR is from 192.168.1.128 to 192.168.1.190

Next, for the Inventory department, where 25 hosts are connected,

So, the required number of host bits to connect 25 hosts is given by:

2h -2 >= 25
or, 25 – 2 >= 25
or, 30 >= 25
Hence, h =5
Therefore, the new subnet mask for the Inventory Department is:

11111111.11111111.11111111.11100000
In decimal, it is written as 255.255.255.224

Thus, the block size for Inventory is 256 – 224 = 32

Hence, the range of IP for Inventory is from 192.168.1.192 to 192.168.1.223
The network address = 192.168.1.192

Broadcast address = 192.168.1.223

Therefore, the valid host range for Inventory is from 192.168.1.193 to 192.168.1.222

Finally, for the Sales department, where 10 hosts are connected,

So, the required number of host bits to connect 10 hosts is given by:
2h -2 >= 10
or, 24 – 2 >= 10
or, 14 >= 10
Hence, h =4
Therefore, the new subnet mask for the Sales department is:

11111111.11111111.11111111.11110000
In decimal, it is written as 255.255.255.240

Thus, the block size for Sales is 256 – 240 = 16

Hence, the range of IP for Sales is from 192.168.1.224 to 192.168.1.239
The network address = 192.168.1.224

Broadcast address = 192.168.1.239

Therefore, the valid host range for Sales is from 192.168.1.225 to 192.168.1.238
The distribution of IP for VLSM is mentioned in the table below.

Blo Usabl Netw Broad

CIDR
Subn Subnet ck IP e Host ork cast
Notat
ets Mask Siz Range IP Addre Addre
ion
e Range ss ss

192.168.1. 192.168.1
Accoun 255.255.25 0 to .1 to 192.168. 192.168.1
/25 128
ts 5.128 192.168.1. 192.168.1 1.0 .127
127 .126

192.168.1. 192.168.1
255.255.25 128 to .129 to 192.168. 92.168.1.
HR /26 64
5.192 192.168.1. 192.168.1 1.128 191
191 .190

192.168.1. 192.168.1
Invento 255.255.25 192 to .193 to 92.168.1. 192.168.1
/27 32
ry 5.224 192.168.1. 192.168.1 192 .223
223 .222

Sales 255.255.25 /28 16 192.168.1. 192.168.1 192.168. 192.168.1

5.240 224 to .225 to 1.224
 192.168.1. 192.168.1
.2
239 .238

Features of IPv6 Addressing

The IP v6 is loaded with bundles of features. The follwoing are some of the important features of IP v6.

 Larger Addressing space

 Simplifed header length as compared to IPv4
 Enhanced security with in built IPsec
 Seamless mobility
 Auto configuration
 End to end connectivity
 Anycast addressing types
 NO broadcast anymore

Why IPv6 Address needed

Internet is growing day by day. Every device that is connected to the Internet requires a unique address to identify
itself in a network. This unique address is called an IP address.

Since the advent of Internet, IP v4 has taken the responsibility of addressing a device when it is connected to the
network. during the recent decades the enormous growth of internet users led to the rapid exhaustion of IP v4
address. The numerous techniques like sybnetting, CIDR, NAT are adopted to control the IPv4 depletion .However
they are all temporay solution.

The introduction of IP v6 seems to to be the permanent solution in respect of logical addressing scheme. IP v6 is
more flexible and efficient with 128 bits address length.

Types of Addressing modes in IPv6

 Unicast
 Multicast
 Anycast

Unicast
 Unicast addressing mode is referred to the one to one communication betweet source and destination. The source
host is equopped with the destinatiomn address that uniquqly defines the destination host in network. the router or
switch forwards to that unicast IP packets to the destination host only.

Multicast
Multicast in networking is a method os sending Packets from a single device to the mulitple destination
simultameously.

Multicast addressing mode allows the device to transmit datagrams to a specified set of multicast group

Anycast
Anycast in IP v6 addressing can exist in multiple interfaces at different locations. Anycast address can exist more
than once in anywhere in the entire network. Nowadays most of the internet services and web services are located in
multiple places to provide seamless and fast services to the clients or customers. Whenever the client with anycast
address requests for services to the web servers, it sends unicast message to the server that is physically closest to
the host.

IPv6 Addressing Structure

 IPv6 ha 128 bits address length.
 Total 2128 (two to the power 128) addresses are available using IPv6 addressing scheme.
 When multiplied, that will be 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses.
 IPv6 address is represented in hexadecimal numbers.
 To make more readable, 128 bits long IPv6 address is equally divided into 8 blocks. Each is 16 bits or 2 bytes
long.
 Each block of 16 bits are written in 4 hexadecimal digits.
 Each block is separated by colon (:).

For example,

When IPv6 address is represented in 128 bits long binary digits, it looks like
0010000000000001 0000000000000000 0100000000001000 1101111111100001 0000000010101011 0000000000000000
0000000000000000 1111111111111011

When converted into hexadecimal equivalent , it looks like

2001:0000:4008:DFE1:00AB:0000:0000:FFFB

Still, the IPv6 address in hexadecimal notation looks complicated and lengthy. It can be shortened using some rules
as follows.
Rules for Shortening of IPv6 address
The following three steps rules are followed for shortening of IPv6 address.

RULE 1: Always discard all leading zeroes first.

In the above IPv6 address the fifth block 00AB , contains two leading zeros that can be omitted
2001:0000:4008:DFE1:AB:0000:0000:FFFB

RULE 2 : Two or more consecutive blocks of zeroes can be replaced by double colon (::)

In the above address, sixth and seventh block contains consecutive zeroes. They can be omitted and simply replaced
by double colon (::)
2001:0000:4008:DFE1:AB::FFFB

RULE 3 : Replacement of consecutive blocks of zeroes are allowed only once. If still blocks with all zeroes present,
each block with all zeroes is replaced by single z zero.

In the above address, second block contains all zeroes. hence it is replaced by single zero.
2001:0:4008:DFE1:AB::FFFB

What is Prefix and Prefix Length in IPv6 address

You all are familiar about IPv4 address where it consists of host part and the network part. the network part
identifies the network portion. While host part identifies the hosts. The use of subnet mask distinguishes the network
and the host position of IPv4 address. the sequence of 1s in subnet mark represents the network portion and the zeros
denote the host portion. The CIDR notations also used to represent the net mask. The CIDR is a slash notation that
represent the number of network bits.

Let us take the following example.

IP address 192.168.1.10

Default Subnet mask : 255.255.255.255.0

Subnet mask in binary : 11111111 : 11111111 : 11111111 : 11111111 : 00000000

CIDR notation : 192.168.1.10/24

Similarly , IPv6 address uses network prefix to distinguish the network part and the host part in IPv6 address. The
representation of the leftmost contigeous bits of IPv6 address in decimal value is called network prefix length. The
prefix length in IPv6 is represented as similar tothe CIDR notation in IPv4 address.
The network prefix length indicates the network portion of the address.

Let us take an example

2001:00:4008:def1:ab::fffb/64

Apart from 64 bits prefix length, the rest 64 bits is called interface ID that is assigned to the individual hosts.

Interface ID

As you have learn that the second half of 64 bits in IPv6 address is called the Interface Identifier or interface ID. The
interface ID can be unicast or anycast type. It is used to identify the host’s interface.

To assign 64 bit interface ID to the individual host, it takes the advantage of MAC address. MAC address consists of
48 bits and written in hexadecimal numbers. MAC address of any host is considered to be unique across the whole
internet globally.

In order to create 64 bit interface ID, MAC address is equally divided into two parts. The hex value of FFF0 is
inserted in between the equally divided MAC address. This is called IEEE’s modified EUI-64 (Extended Unique
Identifier-64).

Further to convert EUI-64 to IPv6 Interface ID, the value of the most significant 7th bit of EUI-64 ID is
complemented.

Let us take an example .

 Types of IPv6 Address

Global Unicast Address

 Global Unicast Address in IPv6 is similar to the IPv4 public address.

 It is uniquely addresseable and globally identifiable.
 The left most significant 48 bits are global routing prefix.
 the three most significat bits of Global routing prefix is always set to 001.
 The entore range of global unicat address is from 2000 ::/3 to 3FFF ::/3.

Unique Local Address

 The function of unique local address similar to that of IPv4 private address.
 It is globally unique, but it is always used for local communication only.
 The unique local address is free to use for any private organization or enterprise company within their private
network.
 It is not globally routable.
 Unique Local Address is defined in IETF RFC 4193 .
 The range of unique local address starts from FC00::/7.
 The first 7th bits always starts with 1111 110.
 The first 64 bits of unique local address consists of Prefix, Local Bit, Global ID and Subnet ID.

Link Local Address

 The link local address is auto configured.

 Link local address always starts with FE80.
 It cannot be routed to public networks and is limited to the local network.
 It is similar to APIPA address in IPv4 (The scope of IPv4 APIPA address is 169.254.1.0 to 169.254.254.255).
 The first 16 bits of link-local address is always 1111 1110 1000 0000 (FE80). The next 48-bits are set to 0.
Configure and verify IPv6 address

How to enable IPV6 address in router interface

By default, Ipv6 address are not enabled in Cisco router. To enable IPv6 Address in cisco router, the
following command is used to enable ipv6 address globally.
Router1# configure terminal

Router(config)#ipv6 unicast-routing

Next, enable IPv6 on each router interface.

Router(config)#interace gigabitethernet 0/0

Router(config-if)#no shutdown

Th figure below shows how to enable IPv6 in router interface.

 IPv6 Address Configuration Types
There are mainly two ways to configure or assign IPv6 address in the Cisco devices.

 Static Unicast Address Configuration

 Dynamic Unicast Address Configuration

Static Unicast Address Configuration

The static unicast address can be configured in two ways in router interface.

 Full 128 bit address configuration

 Configuring only 64 bit prefix and the other half of the address is derived by router itself using its
interface MAC address.

Configure full 128 bit address

The IOS command for configuring full 128 bit length IPv6 address router interface is
ipv6 address address/prefix length

Let us take an example to show how to configure full 128 not length address
Router#configure terminal

Router(config)#interface GigabitEthernet 0/0

Router(config-if)#ipv6 address 2001:db8:1111:8::10/64

The figure below shows how full 128 bit length address is configured.
Verify full length IPv6 address Configuration

Configuring IPv6 address using modified eui-64

The second option for configuring IPv6 address is by generating unique interface ID modified eui-
64, sometimes also known as eui-64.
ipv6 address address/prefix eui-64

EUI-64 method tells the router to configure interface ID using the device MAC address in which the
hexadecimal field 0xFFFE is inserted in between the equal half of the MAC address .
Router(config)#interface gigabitethernet 0/0

Router(config-if)#ipv6 address 2001:db:1111:1::/64 eui-64

Let us suppose MAC address of the device is 12-34-56-AB-CD-EF

The following rules are followed to generate interface ID out of MAC address
1. Divide the 48 bt MAC address inot equal halfs.
2. Insert FFFE in between them.
3. Convert the first two bytes of MAC into 8 bits.
4. Invert the seventh bits.
5. Convert them back to hexadecimal format.

Configuring and verifying IPv6 address using eui-64 method

 Dynamic Unicast Address Configuration
 Stateful DHCP
 Stateless Address Auto configuration (SLAAC)

Stateful DHCP configuration

IPv6 uses DHCPv6 to statefully assign IPv6 address to the clients. DHCPv6 is upgraded version of
DHCPv4 . The stateful DHCPv6 server takes the control of assigning IP address to the clients.It also
keeps the record of all the clients’ IPv6 address and stores information about them.

The following IOS command is used to configure stateful DHCP address to the router inteface.
Router(config)#interface gigabitethernet 0/0

Router(config-if)# ipv6 address dhcp

Stateless Address Auto Configuration (SLAAC)

SLAAC is a unique feature for ipv6 addressing. For stateless configuration it doesnot need the
service of DHCP server. The client assign the ip address to itself based on prefisxbeing advertised to
its connected interface. This unique feature is poularly knowas as SLAAC. All the cisoc device have
this unique features for stateless auto configuration of IPv6. Hoever the SLAAC dowsnto provide IP
to the clients that are ouside the default gateway. SLAAC uses link-local address nand mac address
to auto confiure the ip address to the device interface.

Here is the command line to configure Stateless Address Atuo configuration to the router inteface.
Router(config)# interface gigabitethernet 0/0

Router (config-if)ipv6 address autoconfig default

Wireless Principles in Computer Networking

Introduction to Wireless Principle
The wireless principle refers to the concept of wireless communication where communication takes
place between two entities without connecting the physical wires or cables. In wireless
communication, the signal or data travels in free space in the form of electromagnetic waves. The
transmitting and the receiving stations use the same radio frequency channel to communicate with
each other. The transmitter sends the data in the form of alternating current. When the alternating
current reaches the antenna, it then propagates through antenna in the form of electromagnetic
waves. The receiving station receives the signal through the antenna and converts them back to the
original data.

The major issues with the wireless communication are data security and the collision. Since, wireless
signal propagates through free space, any unknown station that is within the range of WI-Fi signal
can intercept the wireless data. Hence,various types of data encryption techniques are used to protect
the data privacy.

Another concerning factor is when many stations transmitting the signal at the same time, it can
cause collision of frames transmiiting from multiple devices . CSMA /CA (Carrier Sense Multiple
Access /Collision Detection) technique is used to avoid collision of frames. In wireless network, the
entire devices wait for their turn to transmit, until the other devices stop or complete its transmission,
then it retransmits the data.

Non overlapping of Wi-Fi channels in Wireless

Principles
The wireless local area network is defined in 802.11 by IEEE. The wireless LAN is commonly
named as Wi-Fi. However, the term “Wi-Fi” is the trademark of Wi-Fi Alliance. The task of Wi-Fi
Alliance is to test and certify the wireless devices for IEEE 802.11 standards. It also checks for
interoperability and compatibility of wireless equipment manufactured by different vendors.

Wi-Fi uses two bands of radio frequency namely 2.4 GHz and 5 GHz. These two bands of
frequencies are called ISM band. ISM stands for Industrial Scientific and Medicine. These two bands
of frequency spectrums are free to use. We don’t need to have licence or permission from frequency
governing authirity such as SACFA (Standing Advisory Committee on Frequency Allocation) to use
the channel within ISM band. All the home appliances, access points, cordless phones use the
frequency range of ISM band within their limited range.

Each of 2.4 GHz and 5 GHz are further divided into multiple channels.

2.4 GHz band uses the frequency spectrum for 2041 to 2484 MHz or 2.401 to 2.484 GHz. It is
divided into 14 channels having 5 MHz channel spacing. Each channel is 22 MHz wide. However,
each channel is separated by 5 MHz to its adjacent channel and the width of the entire band of 2.4
GHz is 100 MHz. As a result, 11 channels are overlapped within 100 MHz wide. Only channel 1, 6
and 11 are not overlapped with each other on entire 2.4 GHz band. The channel 1, 6 and 11 are called
non overlapping channels.
In smaller wireless network, single access point is generally used. Hence, you can use any channel
for wireless communication. However, for large network where multiple access points are to be
installed, access points transmitting at the same frequency interfere with each other.

Hence, using non overlapping channels, there will not be any co-channel interference with adjacent
Wi-Fi network.
Channel Number Centre Frequency in MHz Frequency Range in MHz

1 2412 2401-2423

2 2417 2406-2428

3 2422 2411-2433

4 2427 2416-2438

5 2432 2421-2443

6 2437 2426-2448

7 2442 2431-2453

8 2447 2436-2458

9 2452 2441-2463

10 2457 2446-2468

11 2462 2451-2473

12 2467 2456-2478

13 2472 2461-2483

14 2482 2473-2483
SSID (Service Set Identifier)
The SSID stands for Service Set Identifier. It is a unique identifier consisting of 32 alphanumeric
characters used to identify the Wi-Fi network.

An SSID can be thought of as the name of a wireless network. It is a unique identifier that
distinguishes one wireless network from another. Just like how each house on a street has its own
address, every wireless network has its own SSID. When you search for available WiFi networks on
a device, you’ll see a list of SSIDs that are within its wireless range.

Why is SSID important?

The SSID is important because it enables devices to connect to the correct wireless network. When
you want to connect to a specific WiFi network, you need to know the SSID so that your device can
locate the network.

In addition to helping devices find and connect to the correct network, the SSID also plays a role in
securing the network. Most modern routers and access points allow you to configure the SSID to
specific security protocols, such as WPA2 or WEP. By setting a secure SSID, you can prevent
unauthorized access to your network and ensure that only authorized users can connect.

In addition to helping devices find and connect to the correct network, the SSID also plays a role in
securing the network. Most modern routers and access points allow you to configure the SSID to
specific security protocols, such as WPA2 or WEP. By setting a secure SSID, you can prevent
unauthorized access to your network and ensure that only authorized users can connect

Radio Frequency
The radio frequency is the rate of oscillations of electro-magnetic waves that ranges from 3KHz to
300 GHz. In other words, radio frequency is the number of cycles of alternating current that
propagates through the metallic antenna in the form of electromagnetic waves.

Electromagnetic waves are the waves that are generated as a result of vibration between electric field
and magnetic field. While transmitting the data, it is in the form of alternating current. When it
reaches the radiating antenna, it creates an electromagnetic field. As a result, the electromagnetic
waves radiated through the antenna.

The unit of measurement of radio frequency is Hertz. The Hertz is defined as the number of cycles
per second.

Radio frequency spectrum ranges from 30KHz to 300GHz and it is divided into several bands.
 VLF – Very Low Frequency
 LF – Low Frequency
 MF – Medium Frequency
 HF – High Frequency
 VHF – Very High Frequency
 UHF – Ultra High Frequency
 SHF – Super High Frequency
 EHF – Extremely High Frequency

Abbreviat
Frequency band Range of Frequency Wavelength Application
ion

Very Low Frequency VLF 3 KHz-30 KHz 100 km-10 km Maritime Radio Navigation

Low Frequency LF 30 KHz-300 KHz 10 km-1 km Maritime Radio Navigation

Aviation radio Navigation, AM radio

Medium Frequency MF 300 KHz-3 MHz 1 km-100 m
Broadcasting

High Frequency HF 3 MHz-30 MHz 100 m-10 m short wave radio broadcasting

FM radio, VHF television, mobile radio

Very High Frequency VHF 30 MHz-300MHz 10 m-1 m
communication

Ultra-High FrequencyUHF 300 MHz-3 GHz 1 m-100 mm Mobile phones, GPS, Wireless LAN
 Super High Radio Astronomy, Wireless LAN, Modern
SHF 3 GHz-30 GHz 100 maximum
Frequency Radars, Satellite Television broadcasting

Extremely High
EHF 30 GHz-300 GHz 10 mm – 1 mm Radio Astronomy, satellite communication
Frequency

The frequency is inversely proportional to the wavelength. The wavelength is the measure of distance
between the crest and troughs of two successive cycles. It is measured in meters. As the frequency
increases, the wavelength decreases. Hence when we move from lower to higher frequency, the
wavelength of the radiating waves starts deceasing.

The radio frequency is used in any applications such as cordless phones, cell phones, radio
transceiver, broadcasting station, satellite communication, Wi-Fi, Bluetooth and other home
applications like microwave ovens, tv remote etc.

Wireless Encryption
Security is a major concern in wireless communication. The wireless devices like access points,
wireless routers need to be secured using some encryption technology. Since, the wireless devices
that are transmitting the wireless signals may be intercepted by the unknown stations. Hence there
must be some mechanism to restrict the unknown stations intercepting the signal.

There is certain wireless security protocols that are being implemented in wireless security.

Encryption is the method of converting plane data into cryptic form. The encrypted data is
transmitted using cypher code and the data is converted back to its original plan format by decrypting
it at the receiver end.
Wireless encryption is used to secure the wireless data when it is transmitted through free space.
In wireless communication, encryption plays a major role in securing wireless data.
Authentication protocols are used to secure wireless network. A password or an authentication key is
needed to connect to the wireless device.

Some of the important wireless encryption protocols are.

 WEP – Wired Equivalent Privacy

 WPA – Wi-Fi Protected Access
 WPA2 -Wi-Fi Protected Access 2
 WPA2 -Wi-Fi Protected Access 3

WEP (Wired Equivalent Privacy)

It is one of the earliest wireless encryption protocols and was developed in 1999. WEP makes the use
of RC4 encryption algorithm to secure the wireless data. WEP was not predominantly strong to
secure wireless device. It uses only 64-bit encryptwhich that is why it was easier for the hackers to
crack the password of the wireless device with least secure password. WEP is no more used or rarely
used in some old wireless devices.

WPA (Wi-Fi Protected Access)

WPA replaces the least secure WEP standards and officially launched at 2003. WPA uses PSK and
TKIP for encryption. PSK stands for Pre-Shared Key, whereas TKIP stands for Temporal Key
Integrity Protocol. It uses 256-bit encryption mechanism that leads to considerable enhancement in
securing wireless devices. WEP is backward compatible with WEP. However, the cyber experts have
found many vulnerabilities.

WPA2 (Wi-Fi Protected Access 2)

The major flaws in WPA leads to the development of WPA2. WPA2 was officially launched in 2006.
Its use AES and CCMP by replacing TKIP and PSK. CCMP stands for Cipher Block Chain Message
Authentication Protocol, whereas AES stands for Advanced Encryption Standards. However,
KRACK (key reinstallation attack) vulnerabilities exposes the weakness of WPA2.

WPA3 (Wi-Fi Protected Access 3)

WPA 2 uses 4-way authentication. In 2017 security expert found a major flaw in WPA2. KRACK
attack vulnerability.

WPA 3 is the latest wireless encryption protocol. It was developed in 2017. It provides cutting edge
wireless security protocols to the market. It has simplified the process of Wi-Fi security and provides
the most robust authentication for the wireless devices. It has both personal and enterprise security
feature.

WPA 3 uses GCMP for encryption. It has some additional features like PMF (Protected Management
Frames) that prevents 802.11 management form eavesdropping and forging. One more feature is
SAE (Simultaneous Authentication of Equals) that protects 4 ways handshaking when used in
personal mode. The forward secrecy is another unique feature in WPA3 that helps to prevent the
encrypted data being transmitted on the air. so that the attackers can decrypt it in the middle.
Chapter No 2

What is Virtualization in Networking?

Virtualization refers to the process of using special softwares on a physical machine to create virtual
machines. The physical machine is termed as the host machine and the virtual system is known as the
guest machine.

The special software that is installed on top of the physical machine to create virtual machine is
called Hypervisor.

By using the virtualization technique, the network resources of the physical machine are made
available to the software amd hardware alternatives to the virtual machines. The network resources
can be operating systems, servers, application softwares, processors, main memory, storage space
and many more.
 What is the need of virtualization in networking?
Traditionally, a single physical server may have one operating system, limited main memory, certain
storage space, and one or more specific applications running on top of that. The single server can
manage a small network with a limited numbers of clients connected to the server. when there is a
limited number of clients and then the server alone can handle the client request single handedly upto
certain extent. What if the number of clients increase.

Obviously, more numbers of physical server have to be deployed to handle the client request
efficiently without overloading. But there are many demerits of deploying separate physical servers.

 The cost of installing separate serve will increase.

 Each server is dedicated for different applications and services like mail server, web server, DNA,
DHCP, FTP database server etc. Each separate server may not utilize the resource of server
according to their capacity.
 Even the management and administration of all the severs seems to be complex and time
consuming.

Thus, the concept of virtualization came into existence to minimize the above issues of deploying
dedicated server for a dedicated application. The virtualization technique manages to utilize the
capacity of server upto maximum by installing multiple virtual machines on a single physical
machine. Thereby, reducing the installation cost of separate servers. Virtualization also simplifies the
administration amd management of network with the help of the network management software from
a single window.

How does a virtualization work?

Virtualization describes a technology in which an application, guest operating system, data storage is
separated from underlying software and hardware.

A thin software layer known as the hypervisor separates the physical machine from the virtual
environment. The hypervisor allows to manage the physical resources and shares amongst the
virtual machines according to their needs.

Hypervisor plays the major role in administering the virtualization. The hyper visor ia categorized
into two types.

Type 1 and Type 2

Type 1 hypervisor directly runs on top of the host machine. Hence they are also called bare-metal
hypervisor. They control the hardware and manage the virtual machine. They just work like an
independent operating system. The example of Type 1 hypervisor are VMware ESxi, HyperV etc.
 Type 2 hypervisor is also called hosted hypervisor or the virtual machine monitor (VMM). They
act like an application software installed on top of the conventional operating system like windows,
linux, Mac OS. The virtual machines are created and managed by both Virtual machine monitors
through the host operating system. The examples of type 2 Hypervisor are VMware Workstaion
Player, Oracle Virtual Box, Parallel Desktop for Mac.

Types of Virtualization
The use of virtualization concept in IT industries brings postive transformation such as reduced cost
of network resources, higher performance, quick availability, enhanced disaster recovery solution.
For efficient implementation of virtualization, we must have a good knowledge of different types of
virtualization techniques and their roles in virtualization.

There are five different types of virtualization techniques in networking.

 Desktop Virtualization
 Server Virtualization
 Network Vrtualization
 Application Virtualization
 Storage Virtualization

Letus understand the separately in details.

Desktop Virtualization
The desktop virtualization provides multiple desktop environment for the different users through
remote server end. The users are allowed to access their files and application using thin clients. The
thin client is a machine that has a minimum hardware configuration like cpu and memory. However,
files and applications are stored in remote servers. Each user is provided with user id and password
for accessing the different desktop environment. The cloud computing makes use of this features
abundantly.

Server Virtualization
This is another type of virtualization technique where multiple virtual servers are allowed to run on a
single physical server. This will reduce the cost of installing different physical servers for specific
purpose. It helps in virtual migration, reduced cost of installing new virtual server rather than
deploying new physical server. It will also help in energy saving.

Each virtual server runs its own operating system and works independently of each other.
The server virtualization is also called as the hardware based virtualization.

Network Virtualization
The network virtualization is the provision for integration of software and hardware resources as well
as the network functionalites over a software driven single administraitve platform for efficient
management amd administration of the entire network. The network virtualization emulates the use
of virtual switching, virtual routing and forwarding, VLANs and VPNs.

The network virtualization allows creation of virtual tunnels through existing network amd splitting
link bandwidth over muliple channels making them independant of each other.

Application Virtualization
The application virtualization is the process of virtualization that isolates the application or the
programs that is to be virtualized, from the underlying operating system on which it is executed.
The virtual application itself encapsulates from the distributed package. This application behaves at a
runtimes as it is directly interfacing with the original operating system and all the resources are
managed by it. However, they can be isolated or sandboxed in varying degrees.

There are three types of application virtualization: Redirection, Layering and virtual environment.

In redirection, the path of application file is changed so that other application cannot recognize it.

In layering, path of the file is not changed. However it is stored in virtual disk and its features are
hidden from other application.

In virtual environment, each application is stored as virtual file system and registry subsystem in
hyper visor.

Storage Virtualization
In storage virtualization, the data and files of the different virtual machines are stored in a
centralised storage system. This centralised storage system manages storage space allocation
according to the need of each virtual machine.

The storage system alone creates a dedicated, isolated and a highly secured network called SAN
(Storage Area Network). The storage area network consists of enormous volumes of storage space
and arranged in array of large numbers of storage media.. like hard diak or tape drives.

The cloud storage is the best example of storage virtualization.

 Advantages and Disadvantages of Virtualization in Networking

Advantages
 Cost saving
 simplifies management
 Guest isolation
 Enhanced backup anad disaster recovery.

Disadvantages
 Compromised performance, because hist and the guest share the same amd limited resources.
 Increased complexity.
 Risk of failure of host machine leads to disastrous situation.

What is Virtual LAN (VLAN)

VLAN stands for Virtual Area Network. It is defined as the logical grouping of different devices
such as workstations, servers, and network devices within the single broadcast domain, irrespective
of the physical location. Generally, VLAN is implemented in a managed switch.

When we talk about a LAN, it uses multi-port Ethernet hubs and switches to interconnect different
devices within the network. By default, these devices have a single broadcast domain, that means
when a packet arrives in one port, it is broadcast to all the ports. However, the packet is only received
by the destination port, whereas other ports discard them. This unnecessary broadcast of the packet
consumes lots of bandwidth and creates traffic congestion. The problem will be more severe when
there are large numbers of devices connected within a single network.

The security vulnerability is also the major concern with such a flat network because any intruder can
connect the device like a PC or Laptop with any of the free ports of the devices and can monitor the
flow of packet in and out of the network using the packet sniffer software like Wireshark etc.

Thus, to minimize the shortcomings of the flat network, the concept of VLAN evolved. VLAN
breaks up a single broadcast domain into multiple broadcast domains. Hence, when multiple VLANs
are created, the traffic of one VLAN can not be broadcast to other VLAN. This avoids unwanted
traffic overflow and decreasing traffic congestion. Different devices that belong to the same VLAN
membership can be connected together virtually, whatever may be their physical location.
 Advantages of Virtual LANs
VLANs have multiple advantages over the lat network. Thy are enumerated as follows:

 VLAN creates a logical grouping of different devices with the same network, even they are
distributed over different physical locations.
 It breaks up a single broadcast domain into multiple broadcast domains.
 Broadcast is restricted into single VLAN, thus avoiding unnecessary traffic flow and congestion.
 Management of devices becomes much easier.
 Network security is enhanced because different VLANs are virtually isolated from each other.

Types of Virtual LAN Connections

Access Link
The access link is created between the switch port and the end devices. Access link carries the
untagged frame or the traffic of the same VLAN. The port associated with the access link is called an
access port.
Trunk Link
The trunk link is established between the network devices such as switches and routers. The trunk
link can carry tagged frames or the traffic of multiple VLANs. Trunk ports add the unique identifying
 tags with every VLAN frame. These tags may be either 802.1Q tags or Inter-Switch Link (ISL) tags.
The port associated with the trunk link is called trunk port.

Types of VLAN
1. Default VLAN : This VLAN is assigned to all switch interfaces that have not been specifically
assigned to a VLAN. When the switch initially gets powered on, all the switch interfaces become
the member of default VLAN. The default VLAN ID is always VLAN 1 and cannot be assigned to
other VLAN.
2. Port Based VLAN: In this type of VLAN, a group of switch ports are assigned to a designated
VLAN.
3. Tagged VLAN: In tagged VLAN, a VLAN ID is added to the Ethernet frame header so that the
receiving device can distinguish between different VLANs.
4. Community VLAN : In this VLAN, devices are allowed to communicate with other devices within
the same VLAN, but not with devices in other VLANs.
5. Voice VLAN : In this VLAN, network traffic VOiP is separated from all other network traffic,
ensuring quality of service for voice communication.
6. Data VLAN : This VLAN also known as a user VLAN. It divides the whole network into two groups-
user group and the device group. The data VLAN is intended only for user-generated data. It
does not carry management traffic or voice.
7. Management VLAN : The management VLAN allows the network devices to have management
access rights, providing security and control over network administration.

Configuration of Virtual LAN in Switch

To implement, you have to follow the steps below.

Step1: Create VLAN

The first step for configuring VLAN on a managed switch is to create a VLAN ID.
Different VLANs on the network are identified by their VLAN IDs. The VLAN ID is a numerical
number that ranges from 1 to 4094. The VLAN 1 is called default VLAN. The default VLAN 1
always exists on every switch even if it is not configured for VLAN. So, VLAN 1 cannot be assigned
to any other VLANs. Apart from this, VLAN ID 1002 to 1005 is reserved for Token Ring and FDDI
network. You can use VLAN ID 2 to 1001 and from 1006 to 4094. VLAN ID 2 -1001 are
called normal range VLANs and are used for the small and medium-sized enterprise
network. VLAN ID 1006 – 4094 are called extended-range VLANs and are used for large
enterprise networks and service providers where very large numbers of customers are connected.

Switch(config)#VLAN <VLAN ID>

Switch(config)#NAME <VLAN NAME>

Step 2: Assign access Ports to respective VLANs
After VLAN is created, the next step is to assign switch ports to respective VLANs. There are two
types of ports: access ports and trunk ports. The access port is used to connect the switch to the
device in a single VLAN. Whereas the trunk port is assigned to the trunk link. The access ports
connect the device having the same VLAN membership. The access port that is assigned VLAN
membership is configured separated one by one entering the interface mode. Else, if more than one
port is to be configured for VLAN membership, range command is used to configure them all in a
single line command.

When a single interface is selected, then the following command is executed.

Switch(config)#interface <access port ID>

Switch(config-if)# switchport mode access
Switch(config-if)#switchport access VLAN <VLAN ID>

When multiple ports are selected, then the following command is executed.

Switch(config)#interface range <first port ID> – <last port ID>

Switch(config-if)# switchport mode accessSwitch(config-if)#switchport acce
VLAN <VLAN ID>

Step 3: Assign trunk port to a trunk link

The trunk link is established between the managed switches. The trunk port can carry the traffic of
different VLANs.However, you can restrict the traffic of specific VLANs by employing Allow or
deny command.
 Switch(config)#interface <trunk port id>

Switch(config)#switchport mode trunk

This command will allow all VLAN traffic to pass through the Trunk link.

Step 4: Configure IP address to VLAN

The network sees VLAN as the logical interface. Hence, it can be configured with an IP address for
managing and troubleshooting the switch remotely. The VLAN IP addressing is used to provide
inter-VLAN to communicate between the different VLANs.

Switch(config)#interface VLAN <VLAN ID>

Switch(config-if)#ip address <IP address> <Subnet mask>

In the example, we are using the Packet Tracer simulator for implementing VLANs to the switch.

Note!

Packet Tracer is a simulation software designed by Cisco Systems. It provides a virtual platform to design
network topologies and connect different Cisco devices like router, switches, firewalls, servers, and simulate
the configuration of, etc. It almost supports all the configuration commands needed by the routers and
switches as if they are working in the real environment. It is very helpful for the network designers,
administrators, and students to imitate the commands of real Cisco devices. It is freely downloadable from the
Cisco Official website https://www.netacad.com/courses/packet-tracer.

The following VLAN IDs are assigned to the respective branches.

 VLAN 10 for Accounts

 VLAN 20 for HR
 VLAN 30 for Inventory

The Cisco Switch has 24 port FastEthernet ports and the dedicated Gigabit Ethernet ports for the
trunk. The ports FastEthernet 0/1 to FastEthernet 0/8 is assigned to VLAN 10 ( Accounts),
ports FastEthernet 0/9 to FastEthernet 0/16 is dedicated for VLAN 20 ( HR) and the
ports FastEthernet 0/17 to FastEthernet 0/ 24 are for VLAN 30 ( (Inventory). Gigabit Ethernet
port 0/1 is used for the trunk link.
 VLAN 10—– FastEthernet 0/1 to FastEthernet 0/8
 VLAN 20 —— FastEthernet 0/9 to FastEthernet 0/16
 VLAN 30 ——- FastEthernet 0/17 to FastEthernet 0/ 24
 Trunk link —— GigabitEthernet 0/1

LAB Setup
Create a topology in packet tracer with given parameters, as shown in the following image.

Confi
guration of VLAN in Managed Switch
PCs Configuration

Device IP Address Subnet Mask Gateway VLAN Connected With

PC0 192.168.1.2 255.255.255.0 192.168.1.1 VLAN 10 Switch1 on F0/1

PC1 192.168.2.2 255.255.255.0 192.168.2.1 VLAN 20 Switch1 on F0/9

PC2 192.168.3.2 255.255.255.0 192.168.3.1 VLAN 30 Switch1 on F0/17

PC3 192.168.1.3 255.255.255.0 192.168.1.1 VLAN 10 Switch 2 on F0/1

PC4 192.168.2.3 255.255.255.0 192.168.2.1 VLAN 20 Switch 2 on F0/9

PC5 192.168.3.3 255.255.255.0 192.168.3.1 VLAN 30 Switch 2 on F0/17

Switch 1 and Switch 2 Configuration

Port Connected To VLAN Link Status

F0/1 With PC0 VLAN 10 Access OK

F0/9With PC1 VLAN 20 Access OK

F0/17 with PC2 VLAN 30 Access OK

Gig 0/1 with switch 2 VLAN 10,20,30 Trunk OK

Now, follow the step by step configuration as mentioned below:

Step 1: Create VLAN IDs for respective VLANs and name them.

Step 2: Assign access ports to respective VLANs

After creating a VLAN ID, the next job is to assign access ports to respective VLANs. In our case,
we will assign fa0/1 to fa0/8 to VLAN 10, fa0/9 to fa0/16 to VLAN 20, and fa0/17 to fa0/24 to
VLAN 30.
Step 3: Assign switches gigabit port 0/1 to trunk link.

The configuration for switch 1 is complete. Similarly, switch 2 is configured with the same
parameters as switch 1

Step 4: Configure IP addresses to the different PCs

To assign IP addresses to the PCs, just double click on PC-PT and Click Desktop menu item and
click the IP Configuration. Select Static from radio option and fill IP address, subnet mask, and
default gateway IP in given input boxes. Use PC Configuration table to assign correct IP addresses
to all the PCs.
Now, Check whether the VLAN is properly configured or not.

For this, launch a ping command from pc0 to other pcs of VLAN.

First, ping 192.168.1.3 from 192.168.1.2. Since, both PC belong to the same VLAN, it should
communicate with each other. The ping result is as follows :
Next, ping 192.168. 2.3 from 192.168.1.2. Both PCs belong to different VLANs. They should not
communicate with each other. The ping result is as follows
What is Access Port in VLAN
An access port is a switch port that is configured to carry traffic from a single VLAN. Access ports
are mostly used to connect end devices such as computers, servers, printers, and IP telephones to a
switch.

What is Default VLAN

The Default VLAN, also known as VLAN 1, is a default Virtual Local Area Network (VLAN)
created automatically on most switch equipment at the time of installation. By default, all ports on a
switch are also members of VLAN 1, which is assigned to all devices on it that have not been
manually assigned to another VLAN.

The default VLAN is useful for network administrators for its function of providing connectivity to
all devices and ensuring communication between devices that are attached to the switch when other
VLANs have not been created. However, it is frequently recommended to create and use a new
VLAN other than the default VLAN, because the use of VLAN 1 presents security risks, such as any
device attached to the network being able to contact other devices on the same network.