Scribd
Upload
11 views34 pages

Network Device Configuration

Network device and co0nfigiration

Uploaded by

zebrehe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views34 pages

Network Device Configuration

Network device and co0nfigiration

Uploaded by

zebrehe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

Ambo University

Institute of Technology
Department of Information Technology

Lecturer's Name: Mulugeta.A


Course Name Computer Network Device Configuration
Course Number ITec4113
ECTS Credits 5
Target Group 4rd year IT Student
Department IT
The course Status Core
Compiled By: Mulugeta.A @ 2017
Chapter 1: Device Configuration
 Introduction to Networking
 VLANs
 Wireless Mobility configuration menu
 Device Schedules
 VPN Policy Manager
 Element Management

Compiled By: Mulugeta.A @ 2017


What is network?

 It is a collection of different communication devices that are interconnected with each

other. Interconnected devices should exchange data or share a resource.

What is networking?

 The process involved in designing, implementing, upgrading, managing and working

with networks and networking technologies.

Computer network?

 A type of network that interconnects two or more autonomous (independent)

computers. The computers can be geographically located anywhere. Computer

networks are composed of both software and hardware. The software component

consists of services and protocols that run on the hardware components. The hardware

part consists of different end systems, intermediary devices and network media.
Compiled By: Mulugeta.A @ 2017
Compiled By: Mulugeta.A @ 2017
Source

– generates data to be transmitted

Transmitter

– Converts data into transmittable signals

Transmission System

– Carries data

Receiver

– Converts received signal into data

Destination

– Takes incoming data

Compiled By: Mulugeta.A @ 2017


Communication over a network begins with a message, or information, that must
be sent from one individual or device to another. People exchange ideas using
many different communication methods.
These communication methods have four elements in common:
1. Source - a source can people, or electronic devices, that need to send a
message to other individuals or devices
2. Destination - the destination receives the message and interprets it
3. Media (Channel): consists of physical entities that provide the pathway over
which the message can travel from source to destination
4. Protocols: are the set of rules that govern the process of sending and
receiving messages over a given network.
Compiled By: Mulugeta.A @ 2017
The various elements that make up a network :

– Devices: These are used to communicate with one another

– Medium: This is how the devices are connected together

– Messages: Information that travels over the medium

– Rules: Governs how messages flow across network

– Converged network: A type of network that can carry voice, video & data over the same

network.

Compiled By: Mulugeta.A @ 2017


Basic measures to secure data networks

– Ensure confidentiality through use of

• User authentication

• Data encryption

– Maintain communication integrity through use of

• Digital signatures

– Ensure availability through use of

• Firewalls

• Redundant network architecture

• Hardware without a single point of failure

Compiled By: Mulugeta.A @ 2017


Why Networking is a big deal?

 Overcome geographic limits,

 Access remote data and Separate clients and server

Advantages of Networks

 Data and Hardware sharing,

 Personal communication

 Entertainment, Back-up, User and data management

Disadvantages of Networks

 Viruses, Crackers and Unauthorized users, Network hardware and software costs,

Networks set up costs

Compiled By: Mulugeta.A @ 2017


PAN: a personal area network is a computer network used for communication
among computer devices (including telephones and personal digital
assistants) close to one person.
Technologies: USB and Fire wire (wired), IrDA and Bluetooth (wireless)
LAN: a local area network is a CN covering a small geographic area, like a home,
office, or group of buildings, Technology: Ethernet (wired) or Wi-Fi (wireless)
 MAN: Metropolitan Area Networks are large CNs usually spanning a city
Technologies: Ethernet (wired) or WiMAX (wireless)
 WAN: Wide Area Network is a CN that covers a broad area, e.g., cross
metropolitan, regional, or national boundaries, Examples: Internet
Wireless Technologies: HSDPA, EDGE, GPRS, GSM.

Compiled By: Mulugeta.A @ 2017


 LAN uses Ethernet which in turn works on shared media. Shared media in Ethernet create
one single Broadcast domain and one single Collision domain.
 With the introduction of switches to Ethernet has removed single collision domain issue
and each device connected to switch works in its separate collision domain. But even
Switches cannot divide a network into separate Broadcast domain. On the other hand
 A station is considered part of a LAN if it physically belongs to that LAN. The criterion Of
membership is geographical station.
 What happens if we need a virtual connection between two stations belonging to two
different physical LANs?
 We can roughly define a virtual local are a network (VLAN) as a local area network
configured by software, not by Physical wiring.
 Virtual LAN is a method to divide a single Broadcast domain into more than one
Broadcast domains. Host in one VLAN cannot speak to a host in another. By default, all
hosts are placed into same VLAN called VLAN1.
 A VLAN is a broadcast domain created by one or more switches.

Compiled By: Mulugeta.A @ 2017


• In above pictures, different VLANs are depicted in different color codes.
Hosts in one VLAN, even if connected on the same Switch cannot see or
speak to other hosts in different VLANs.
• VLAN is Layer -2 technology which works closely on Ethernet. To route
packets between two different VLANs a Layer-3 device (such as Router) is
required.
Compiled By: Mulugeta.A @ 2017
 VLANs provide segmentation based on broadcast domains.

 VLANs logically segment switched networks based on the functions, project teams,
or applications of the organization regardless of the physical location or connections
to the network.

 All workstations and servers used by a particular workgroup share the same VLAN,
regardless of the physical connection or location.

Compiled By: Mulugeta.A @ 2017


 2 VLANs or more within a single switch
 VLANs address scalability, security, and network management.
 Routers in VLAN topologies provide broadcast filtering, security, and traffic
flow management.
 Edge ports, where end nodes are connected, are configured as members of a
VLAN
 The switch behaves as several virtual switches, sending traffic only within
VLAN members.
 Switches may not bridge any traffic between VLANs, as this would violate the
integrity of the VLAN domain.
 Traffic should only be routed between VLANs.

Compiled By: Mulugeta.A @ 2017


10.1.0.0/16

10.2.0.0/16

Without
VLANs: 10.3.0.0/16

 Without VLANs, each group is on a different


IP network and on a different switch. One link per VLAN or a single VLAN
Trunk
10.1.0.0/16
 Using VLANs. Switch is configured with the
ports on the appropriate VLAN. Still, each With
group on a different IP network; however, VLANs
they are all on the same switch. 10.2.0.0/16

 What are the broadcast domains in each?

10.3.0.0/16

Compiled By: Mulugeta.A @ 2017


172.30.1.21
Switch 1
172.30.2.12
255.255.255.0
255.255.255.0
VLAN 1
VLAN 2

172.30.2.10 172.30.1.23
1 2 3 4 5 6 . Port 255.255.255.0 255.255.255.0
1 2 1 2 2 1 . VLAN VLAN 2 VLAN 1

Two VLANs
 Two Subnets
 Important notes on VLANs:
 VLANs are assigned to switch ports. There is no “VLAN” assignment
done on the host.
 In order for a host to be a part of that VLAN, it must be assigned an IP
address that belongs to the proper subnet.
Compiled By: Mulugeta.A @ 2017
ARP
Request

172.30.1.21
Switch 1
172.30.2.12
255.255.255.0
255.255.255.0
VLAN 1
VLAN 2

172.30.2.10 172.30.1.23
1 2 3 4 5 6 . Port 255.255.255.0 255.255.255.0
1 2 1 2 2 1 . VLAN VLAN 2 VLAN 1

Two VLANs
 Two Subnets
 VLANs separate broadcast domains == subnets.
e.g. without VLAN the ARP would be seen on all subnets.
 Assigning a host to the correct VLAN is a 2-step process:
 Connect the host to port on the switch.
 Assign the correct IP address to host depending on the VLAN membership

Compiled By: Mulugeta.A @ 2017


 As a device enters the network, it assumes the VLAN membership of the port
to which it is attached.

 The default VLAN for every port in the switch is VLAN 1 and cannot be
deleted.

 All other ports on the switch may be reassigned to arbitrary VLANs.

Compiled By: Mulugeta.A @ 2017


 Two switches can exchange traffic from one or more VLANs

 Inter-switch links are configured as trunks, carrying frames


from all or a subset of a switch’s VLANs

 Each frame carries a tag that identifies which VLAN it belongs


to

Compiled By: Mulugeta.A @ 2017


No VLAN Tagging

VLAN Tagging

 VLAN tagging is used when a single link needs to carry


traffic for more than one VLAN.

Compiled By: Mulugeta.A @ 2017


Tagged Frames

802.1Q Trunk
Trunk Port
VLAN X VLAN Y VLAN X VLAN Y
Edge Ports

This is called “VLAN Trunking”

Compiled By: Mulugeta.A @ 2017


 You can no longer “just replace” a switch
 Now you have VLAN configuration to maintain

 Field technicians need more skills

 You have to make sure that all the switch-to-switch


trunks are carrying all the necessary VLANs
 Need to keep in mind when adding/removing VLANs

Compiled By: Mulugeta.A @ 2017


 You want to segment your network into multiple subnets,
but can’t buy enough switches
 Hide sensitive infrastructure like IP phones, building controls, etc.

 Separate control traffic from user traffic


 Restrict who can access your switch management address

Compiled By: Mulugeta.A @ 2017


 Because you can, and you feel cool

 Because they will completely secure your hosts (or so you think)

 Because they allow you to extend the same IP network over multiple
separate buildings

Compiled By: Mulugeta.A @ 2017


 Extending a VLAN to multiple buildings across trunk ports

 Bad idea because:

 Broadcast traffic is carried across all trunks from one end of the
network to another

 Broadcast storm can spread across the extent of the VLAN

 Maintenance and troubleshooting nightmare

Type of VLAN

There are two types of VLAN

 Port based VLAN

 MAC based VLAN

Compiled By: Mulugeta.A @ 2017


1. Users assign membership by port

2. Easily administer by GUI

3. Requires no lookup when we done in ASCIs

4. Maximize security in between VLAN

5. Packet don’t ‘leak’ in to other domain

6. Easily control through the network

VLAN membership by MAC Address

1. User assigned membership by MAC address

2. Offers flexibility, yet add overhead

3. Impact scalability, performance and administration

4. Offers similar process for other higher layers


Compiled By: Mulugeta.A @ 2017
Compiled By: Mulugeta.A @ 2017
 Some pros of VLAN:

 Easily move workstations on the LAN.

 Easily add workstations to the LAN.

 Easily control network traffic.

 Improve security

 Allows us to split switches into separate (virtual) switches

 Only members of a VLAN can see that VLAN’s traffic

 Inter-VLAN traffic must be routed (i.e. go through a router)


because they are separate subnets

Compiled By: Mulugeta.A @ 2017


 Virtual Private Network is a type of private network that uses public
telecommunication, such as the Internet, instead of leased lines to
communicate.

 Became popular as more employees worked in remote locations.

 Terminologies to understand how VPNs work ?.

Compiled By: Mulugeta.A @ 2017


 Network users can access the network (Intranet) from
remote locations.

 Secured networks.

 The Internet is used as the backbone for VPNs

 Saves cost tremendously from reduction of equipment and


maintenance costs.

 Scalability

Compiled By: Mulugeta.A @ 2017


 Two connections – one is made to the Internet and the second is made to
the VPN.

 Data grams – contains data, destination and source information.

 Firewalls – VPNs allow authorized users to pass through the firewalls.

 Protocols – protocols create the VPN tunnels.

Compiled By: Mulugeta.A @ 2017


 Authentication – validates that the data was sent from the sender.

 Access control – limiting unauthorized users from accessing the network.

 Confidentiality – preventing the data to be read or copied as the data is


being transported.

 Data Integrity – ensuring that the data has not been altered

Compiled By: Mulugeta.A @ 2017


 PPTP -- Point-to-Point Tunneling Protocol

 L2TP -- Layer 2 Tunneling Protocol

 IPsec -- Internet Protocol Security

 SOCKS – is not used as much as the ones above

Compiled By: Mulugeta.A @ 2017


What does “implementation” mean in VPNs?

3 types
 Intranet – Within an organization

 Extranet – Outside an organization

 Remote Access – Employee to Business

Good Lack and Congratulation

Compiled By: Mulugeta.A @ 2017

You might also like