Access Layer Functionality

This section describes the access layer functions and the interaction of the access layer with the distribution layer and local or remote users. The access layer is the concentration point at which clients access the network. Access layer devices control traffic by localizing service requests to the access media. The purpose of the access layer is to grant user access to network resources. Following are the access layer's characteristics In the campus environment, the access layer typically...

Administrative Distance

Most routing protocols have metric structures and algorithms that are incompatible with other protocols. It is critical that a network using multiple routing protocols be able to seamlessly exchange route information and be able to select the best path across multiple protocols. Cisco routers use a value called administrative distance to select the best path when they learn of two or more routes to the same destination from different routing protocols. Administrative distance rates a routing...

Analyzing Network Traffic and Applications

Traffic analysis is the third step in characterizing a network. Traffic analysis verifies the set of applications and protocols used in the network and determines the applications' traffic patterns. It might reveal any additional applications or protocols running on the network. Each discovered application and protocol should be described in the following terms Security-related requirements Scope (in other words, the network modules in which the application or protocol is used) Use the...

ANS Components

Figure 3-24 illustrates an example of ANS deployed in offices connected over a WAN, providing LAN-like performance to users in the branch, regional, and remote offices. ANS components are deployed symmetrically in the data center and the distant offices. The ANS components in this example are as follows Cisco Wide Area Application Services (WAAS) software Cisco WAAS software gives remote offices LAN-like access to centrally hosted applications, servers, storage, and multimedia. Cisco Wide Area...

ANS Examples

Table 3-1 illustrates some sample application deployment issues that many IT managers face today and how ANS resolves these issues. Table 3-1 Examples of Application Deployment Issues and Solutions Table 3-1 Examples of Application Deployment Issues and Solutions Consolidation of data centers results in remote employees having slower access to centrally managed applications Wide-area application services in the branch office that compress, cache, and optimize content for remote users so that...

Answers to Review Questions

The Cisco vision for an intelligent information network includes the following Integration of networked resources and information assets that have been largely unlinked Intelligence across multiple products and infrastructure layers Active participation of the network in the delivery of services and applications 2. Evolving to an intelligent information network consists of three phases in which functionality can be added to the infrastructure as required Phase 1 Integrated transport Everything...

Answers to Review Questions and Case Studies

This appendix provides internetworking expert solutions (listed by chapter) to the review questions and case study questions in each chapter. A solution is provided for each case study task based on assumptions made. There is no claim that the provided solution is the best or only solution. Your solution might be more appropriate for the assumptions you made. The provided solution enables you to understand the author's reasoning and offers a means of comparing and contrasting your solution.

Ii

For the Enterprise Campus, DHCP and internal DNS servers should be located in the Server Farm these servers should be redundant. For remote locations, Cisco routers can provide DHCP and DNS at the Enterprise Edge. External DNS servers should be redundant for example, at two service provider facilities, or one at a service provider facility and one in a demilitarized zone at the Enterprise Campus or remote data center.

Calculating the Networks for a Subnet Mask

After you identify your subnet mask, you must calculate the ten subnetted network addresses to use with 172.16.0.0 255.255.240.0. One way to do this is as follows Step 1 Write the subnetted address in binary format, as shown at the top of Figure B-7. If necessary, use the decimal-to-binary conversion chart provided in Table B-1. Figure B-7 Calculating the Subnets Shown in Figure B-6 In Binary 10101100.00010000.00000000.00000000 Step 2 On the binary address, draw a line...

Calculating Trunk Capacity or Bandwidth

The trunk capacity for voice calls can be calculated by the following formula Trunk capacity (number of simultaneous calls to be supported) * (bandwidth required per call) The first component of this formula, the number of simultaneous calls to be supported, is the number of circuits required for the known amount of traffic, as calculated from the Erlang tables. NOTE If 100 percent of calls must go through, Erlang tables are not required instead, the maximum number of simultaneous calls...

Case Study 102 ACMC Hospital Network Connecting More Hospitals

This case study is a continuation of ACMC Hospital Case Study 10-1. Use the scenarios, information, and parameters provided at each task of the ongoing case study. If you encounter ambiguities, make reasonable assumptions and proceed. For all tasks, use the initial customer scenario and build on the solutions provided thus far. You can use any and all documentation, books, white papers, and so on. In each step, you act as a network design consultant. Make creative proposals to accomplish the...

Case Study ACMC Hospital Network Upgrade

This case study analyzes the network infrastructure of Acme County Medical Center (ACMC) Hospital, a fictitious small county hospital in the United States. This same case study is used throughout the remainder of the book so that you can continue to evaluate your understanding of the concepts presented. Use the scenarios, information, and parameters provided at each task of the ongoing case study. If you encounter ambiguities, make reasonable assumptions and proceed. For all tasks, use the...

Case Study ACMC Hospital Routing Protocol Design

This case study is a continuation of the ACMC Hospital case study introduced in Chapter 2. Use the scenarios, information, and parameters provided at each task of the ongoing case study. If you encounter ambiguities, make reasonable assumptions and proceed. For all tasks, use the initial customer scenario and build on the solutions provided thus far. You can use any and all documentation, books, white papers, and so on. In each step, you act as a network design consultant. Make creative...

Case Study Answers

Both are fast to converge, send triggered updates, can be used to create hierarchical networks, and support manual summarization and VLSM. Route summarization should be implemented. The IP addressing scheme proposed in the case study solution for Chapter 6 was designed to easily allow summarization. If desired, static routes could be used for the connections to the remote clinics. If a WAN backup is provided by an IPsec VPN connection over the Internet, a...

Case Study Questions

Step 1 Identify key business security requirements, risks, and threats about which ACMC should be concerned. Step 2 Design the Enterprise Edge modules for ACMC (E-commerce, Internet Connectivity, Remote Access and VPN, and WAN and MAN and Site-to-Site VPN). Determine how they should connect to the rest of the ACMC Hospital network. The design can use a consolidated approach in which devices are shared between modules. Step 3 Design the security for remote clinics, using the Internet with VPN...

Catalyst Services Modules

The following are various security-related modules for the Cisco Catalyst 6500 Series switching platform (and some are also for the Cisco 7600 Series routers) Cisco Catalyst 6500 Series FWSM The Cisco FWSM is a high-speed, integrated firewall module for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers. Up to four Cisco FWSMs can be installed in a single chassis, providing scalability up to 20 Gbps per chassis. The Cisco FWSM includes many advanced features, such as multiple...

Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers' feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at...

Centralized WLAN Components

As illustrated in Figure 3-23, the four main components in a centralized WLAN deployment are as follows End-user devices A PC or other end-user device in the access layer uses a wireless NIC to connect to an access point (AP) using radio waves. Wireless APs APs, typically in the access layer, are shared devices that function similar to a hub. Cisco APs can be either lightweight or autonomous. Lightweight APs are used in centralized WLAN deployments. A lightweight AP receives control and...

Characteristics of the OSI Layers

The OSI reference model's seven layers can be divided into two categories upper layers and lower layers. The upper layers contend with application issues and are generally only implemented in software. The highest layer, the application layer, is closest to the end user. Both users and application layer processes interact with software applications that contain a communications component. The term upper layer is sometimes used to refer to any layer above another layer in the OSI model....

Cisco UWN Review

Figure 9-22 reviews the key concepts of the Cisco UWN design. 614 Chapter 9 Wireless Network Design Considerations Figure 9-22 Cisco UWN Third-Party Integrated Applications E911, Asset Tracking, ERP Workflow Automation 614 Chapter 9 Wireless Network Design Considerations Figure 9-22 Cisco UWN Third-Party Integrated Applications E911, Asset Tracking, ERP Workflow Automation Cisco client devices or Cisco Compatible client devices are at the foundation of the UWN, connected to Cisco lightweight...

Comparison of Routing Protocol Convergence

As shown in Figure 7-8, different routing protocols need different amounts of time to converge in a given network. Although the convergence depends on the network's topology and structure, pure distance vector protocols are slower to converge than link-state protocols. The use of periodic updates and the hold-down mechanism are the main reasons for slow convergence. As a result, the fast-converging protocols should be used when the network's convergence time is crucial. Figure 7-8 Routing...

Configuring Inside Global Address Overloading or PAT

The following procedure configures inside global address overloading Step 1 At a minimum, IP routing and appropriate IP addresses must be configured on the router. Step 2 Configure dynamic address translation, as described in the Configuring NAT for Basic Local IP Address Translation section earlier in this appendix. When you define the mapping between the access list and the IP NAT pool, add the overload keyword to the command Router(config) ip nat inside source list access-list-number pool...

D

DAI (Dynamic Address Inspection), DoS attacks, 659 dark fiber (cable), 314-315 data availability, 655 Data Center Access layer (Enterprise Data Center networks), 274 Data Center Aggregation layer (Enterprise Data Center networks), 274-275 Data Center Core layer (Enterprise Data Center networks), 275 Data Center modules (Enterprise Architecture), 144, 158 Data Center networks, 268 architecture framework, 269-271 cooling, 276 Data Center Access layer, 274 Data Center Aggregation layer, 274-275...

Data units

A frame is an information unit whose source and destination are data link layer entities. A frame is composed of the data link layer header (and possibly a trailer) and upper-layer data. The header and trailer contain control information that is intended for the destination system's data link layer entity. The data link layer header and trailer encapsulate data from upper-layer entities. Figure C-8 illustrates the basic components of a data link layer frame. Figure C-8 Data from Upper-Layer...

Deploying Security in the Enterprise Campus

Consider an organization that has experienced several incidents in which laptop users on the campus network have brought in viruses from home, some users have attempted to intercept network traffic, and some interns have tried to hack the network infrastructure. To manage the risks, the organization implements identity and access control solutions, threat detection and mitigation solutions, infrastructure protection, and security management. Figure 10-21 illustrates where various security...

Design Considerations for Guest Services in Wireless Networks

Providing wireless guest services with traditional autonomous APs poses significant challenges. To maintain internal corporate network security, guest traffic must be restricted to the appropriate subnet and VLAN these guest VLANs must extend throughout the infrastructure to reach every location where guest access is required. Reconfiguring of the access switches that serve conference rooms, offices, and cubicles to selectively adjust VLANs for guest access can involve many network staff hours....

Designing High Availability into a Network

Redundant network designs duplicate network links and devices, eliminating single points of failure on the network. The goal is to duplicate components whose failure could disable critical applications. Because redundancy is expensive to deploy and maintain, redundant topologies should be implemented with care. Redundancy adds complexity to the network topology and to network addressing and routing. The level of redundancy should meet the organization's availability and affordability...

Designing Remote Connectivity

This chapter discusses the WAN function that provides access to remote sites and the outside world. It details WAN technologies and WAN design considerations. The chapter explores how these technologies are used, including for remote access, with virtual private networks (VPN), for backup, and how the Internet is used as a backup WAN. This chapter describes the Enterprise WAN and metropolitan-area network (MAN) architecture, and the Enterprise Branch and Teleworker architectures. The selection...

Determining an IP Address Class

To accommodate large and small networks, the 32-bit IP addresses are segregated into Classes A through E. The first few bits of the first octet determine the class of an address this then determines how many network bits and host bits are in the address. Figure B-4 illustrates the bits for Class A, B, and C addresses. Each address class allows for a certain number of network addresses and a certain number of host addresses within a network. Table B-2 shows the address format, the address range,...

Distance Vector Example

A distance vector router's understanding of the network is based on its neighbor's perspective of the topology consequently, the distance vector approach is sometimes referred to as routing by rumor. Routers running traditional distance vector protocols periodically send their complete routing tables to all connected neighbors. Convergence might be slow because triggered updates are not typically used (RIPv2 is an exception) and loop detection timers are long. In large networks, running a...

Distance Vector Versus Link State Versus Hybrid Protocols

There are two main types of routing protocols Distance vector protocol In a distance vector protocol, routing decisions are made on a hop-by-hop basis. Each router relies on its neighbor routers to make the correct routing decisions. The router passes only the results of this decision (its routing table) to its neighbors. Distance vector protocols are typically slower to converge and do not scale well however, they are easy to implement and maintain. Examples of distance vector protocols...

Documenting the Design

A design document lists the design requirements, documents the existing network and the network design, identifies the proof-of-concept strategy and results, and details the implementation plan. The final design document structure should be similar to the one in Figure 2-26, which includes Introduction Every design document should include an introduction to present the main reasons leading to the network design or redesign. Design requirements Also a mandatory part of any design document, this...

Dynamic IPv6 Address Assignment

IPv6 dynamic address assignment strategies allow dynamic assignment of IPv6 addresses, as Link-local address The host configures its own link-local address autonomously, using the link-local prefix FE80 0 10 and a 64-bit identifier for the interface, in an EUI-64 format. Stateless autoconfiguration A router on the link advertises either periodically or at the host's request network information, such as the 64-bit prefix of the local network and its willingness to function as a default router...

E

E& M (Ear & Mouth) signaling, analog signaling, 491 EAP-FAST (EAP-Flexible Authentication via Secure Tunneling), UWN, 587 EAP-TLS (EAP-Transport Layer Security), UWN, 587 EAP-TTLS (EAP-Tunneled Transport Layer Security), UWN, 587 EBGP (External Border Gateway Protocol), 460 echo cancellers, 528-529 echo trails, 529 hybrid transformers, 528 inverse speech, 529 irritation zones, 529 telephones, 528 voice networks, 527-528 ECN (Explicit Congestion Notification), 329-330 Architecture), 152...

Effl

Stairwells (Reinforced Building Area) KEY In general, an AP can support approximately seven to eight wireless phones or about 20 POINT data-only devices. The facility should be visually inspected to identify potential issues, such as metal racks, elevator shafts, stairwells, and microwave equipment. The next step in the RF site survey process is to identify preliminary AP locations based on the planned coverage area and user density. This step can be supported with several tools. For example,...

Enterprise Branch Architecture

Recall that the Cisco Enterprise Architecture, based on the Cisco SONA, includes branch modules that focus on the remote places in the network. Enterprises are seeking opportunities to protect, optimize, and grow their businesses by increasing security consolidating voice, video, and data onto a single IP network and investing in applications that will improve productivity and operating efficiencies. These services provide enterprises with new opportunities to reduce costs, improve...

Enterprise Campus Design

As discussed in Chapter 3, the Enterprise Campus functional area is divided into the following modules Campus Infrastructure This module includes three layers The Building Distribution layer Edge Distribution (optional) This section discusses the design of each of the layers and modules within the Enterprise Campus and identifies best practices related to the design of each.

Enterprise Campus Requirements

As shown in Table 4-3, each Enterprise Campus module has different requirements. For example, this table illustrates how modules located closer to the users require a higher degree of scalability so that the Campus network can be expanded in the future without redesigning the complete network. For example, adding new workstations to a network should result in neither high investment cost nor performance degradations. Table 4-3 Enterprise Campus Design Requirements Table 4-3 Enterprise Campus...

Enterprise Data Center Module

The Enterprise Data Center module has an architecture that is similar to the campus Server Farm module discussed earlier. The Enterprise Data Center network architecture allows the network to evolve into a platform that enhances the application, server, and storage solutions and equips organizations to manage increased security, cost, and regulatory requirements while providing the ability to respond quickly to changing business environments. The Enterprise Data Center module may include the...

Enterprise Edge WAN and MAN Considerations

When selecting Enterprise Edge technologies, consider the following factors Support for network growth Enterprises that anticipate significant growth should choose a technology that allows the network to grow with their business. WAN technologies with high support for network growth make it possible to add new branches or remote offices with minimal configuration at existing sites, thus minimizing the costs and IT staff requirements for such changes. WAN technologies with lower support for...

Enterprise Teleworker Module

The Enterprise Teleworker module provides people in geographically dispersed locations, such as home offices or hotels, with highly secure access to central-site applications and network services. The Enterprise Teleworker module supports a small office with one to several employees or the home office of a telecommuter. Telecommuters might also be mobile users people who need access while traveling or who do not work at a fixed company site. Depending on the amount of use and the WAN services...

Evolution of Enterprise Networks

You do not have to go far back in history to find a time when networks were primarily used for file and print services. These networks were isolated LANs that were built throughout the enterprise organization. As organizations interconnected, these isolated LANs and their functions grew from file and print services to include critical applications the critical nature and complexity of the enterprise networks also grew. As discussed in the previous section, Cisco introduced the hierarchical...

Flat Routing Protocols

Flat routing protocols have no means of limiting route propagation in a major network (within a Class A, B, or C network) environment. These protocols are typically classful distance vector protocols. Recall from Chapter 6 that classful means that routing updates do not include subnet masks and that the protocol performs automatic route summarization on major network (class) boundaries. Summarization cannot be done within a major network. These protocols support only fixed-length subnet masking...

Global Aggregatable Unicast Addresses

IPv6 global aggregatable unicast addresses are equivalent to IPv4 unicast addresses. The structure of global aggregatable unicast addresses enables summarization (aggregation) of routing prefixes so that the number of routing table entries in the global routing table can be reduced. Global unicast addresses used on links are aggregated upward, through organizations, and then to intermediate-level ISPs, and eventually to top-level ISPs. A global unicast address typically consists of a 48-bit...

Gradient of Trust

The gradient of trust determines the trust level between domains, which can be minor to extreme, and determines the extent of security safeguards and attention to monitoring required. The trust relationship between segments should be controlled at defined points, using some form of network firewall or access control, as illustrated in the examples in Figure 10-11. Mastering domains of trust is a key component of good network security design. Figure 10-11 Domains and Gradients of Trust Private...

Guidelines for Creating an Enterprise Network

When creating an Enterprise network, divide the network into appropriate areas, where the Enterprise Campus includes all devices and connections within the main Campus location the Enterprise Edge covers all communications with remote locations and the Internet from the perspective of the Enterprise Campus and the remote modules include the remote branches, teleworkers, and the remote data center. Define clear boundaries between each of the areas. NOTE Depending on the network, an enterprise...

H

Examples of, 507 gatekeepers, 505-506 gateways, 504 MCU, 506 terminals, 504 IPv6 packet headers, 406-407 TCP headers (TCP IP protocol suite, transport layer), 20 UDP headers (TCP IP protocol suite, transport layer), 20 health checklists (networks), network design methodologies, 102-103 HID (Human Interface Device), 164 hierarchical network design access layer, 129 example of, 133 L2 switching, 132-133 multilayer switching, 132-133 role of, 131 backbone layer. See core layer core layer, 129,...

H323

H.323 is an ITU-T standard for packet-based audio, video, and data communications across IP-based networks. The ITU-T H.323 standard is a foundation for audio, video, and data communications across IP-based networks, including the Internet. By complying with the H.323 standard, multimedia products and applications from multiple vendors can interoperate, thereby allowing users to communicate without concern for compatibility. The H.323 standard is broad in scope and includes standalone devices...

Hierarchical Routing in the WAN

Figure 3-7 shows an example of hierarchical routing in the WAN portion of a network. Figure 3-7 Hierarchical Routing in the WAN Figure 3-7 Hierarchical Routing in the WAN In Figure 3-7, a typical packet between access sites follows these steps Step 1 The packet is Layer 3-forwarded toward the distribution router. Step 2 The distribution router forwards the packet toward a core interface. Step 3 The packet is forwarded across the WAN core. Step 4 The receiving distribution router forwards the...

IEEE 80211 Operational Standards

In September 1999 the IEEE ratified the IEEE 802.11a standard (5 GHz at 54 Mbps) and the IEEE 802.11b standard (2.4 GHz at 11 Mbps). In June 2003, the IEEE ratified the 802.11g standard (2.4 GHz at 54 Mbps) this standard is backward-compatible with 802.11b systems, because both use the same 2.4-GHz bandwidth. The following are the existing IEEE 802.11 standards for wireless communication 802.11a 54 Mbps at 5 GHz, ratified in 1999 802.11b 11 Mbps 2.4 GHz, ratified in 1999 802.11d World mode,...

IEEE 8021x and IBNS

Recall from Chapter 9 that IEEE 802.1X is an open standards-based protocol for authenticating network clients (or ports) based on a user ID or on the device. 802.1X runs between end devices or users (called supplicants) trying to connect to ports, and an Ethernet device, such as a Cisco Catalyst switch or Cisco wireless access point (AP) (called the authenticator). Authentication and authorization are achieved with back-end communication to an authentication server such as Cisco Secure Access...

IGP and EGP Example

Figure 7-2 shows three interconnected autonomous systems (domains). Each AS uses an IGP for intra-AS (intra-domain) routing. Figure 7-2 Interior Protocols Are Used Inside and Exterior Protocols Are Used Between Autonomous Systems Figure 7-2 Interior Protocols Are Used Inside and Exterior Protocols Are Used Between Autonomous Systems The autonomous systems require some form of interdomain routing to communicate with each other. Static routes are used in simple cases typically, an EGP is used....

Information Exchange Process

The information exchange process occurs between peer OSI layers. Each layer in the source system adds control information to data, and each layer in the destination system analyzes and removes the control information from that data. For example, if System A sends data from a software application to System B, the data is passed to System A's application layer. System A's application layer then communicates any control information required by System B's application layer by prepending a header to...

Integrated Security Within Network Devices

The section explains the security features integrated in Cisco network devices. To design and implement a secure network, it is necessary to integrate security in every part of the network environment. Cisco network devices supporting integrated security include the following Security appliances, including Cisco PIX security appliances Endpoint security solutions The following sections describe these devices. Devices based on Cisco IOS software incorporate various security features to create an...

Interaction Between OSI Model Layers

A given OSI layer generally communicates with three other OSI layers the layer directly above it, the layer directly below it, and its peer layer in other networked computer systems. For example, System A's data link layer communicates with System A's network layer, System A's physical layer, and System B's data link layer. Figure C-3 illustrates this interaction example. Figure C-3 OSI Model Layer Communicates with Three Other Layers

Interface Identifiers in IPv6 Addresses

In IPv6, a link is a network medium over which network nodes communicate using the link layer. Interface IDs in IPv6 addresses are used to identify a unique interface on a link. They can also be thought of as the host portion of an IPv6 address. Interface IDs are required to be unique on a link and can also be unique over a broader scope. When the interface identifier is derived directly from the data link layer address of the interface, the scope of that identifier is assumed to be universal...

Internal Security

Strongly protecting the internal Enterprise Campus by including security functions in each individual element is important for the following reasons If the security established at the Enterprise Edge fails, an unprotected Enterprise Campus is vulnerable. Deploying several layers of security increases the protection of the Enterprise Campus, where the most strategic assets usually reside. Relying on physical security is not enough. For example, as a visitor to the organization, a potential...

Introduction to Integrated Networks

Figure 8-14 illustrates a typical enterprise WAN with separate data and voice networks. Integrating data, voice, and video in a network enables vendors to introduce new features. The unified communications network model enables distributed call routing, control, and application functions based on industry standards. Enterprises can mix and match equipment from multiple vendors and geographically deploy these systems wherever they are needed. One means of creating an integrated network is to...

Introduction to Wireless Technology

NOTE As noted in the introduction to this book, we assume that you understand the wireless networking material in the Cisco Press title Building Cisco Multilayer Switched Networks (BCMSN) (Authorized Self-Study Guide), 4th Edition, ISBN 1-58705-273-3. This section includes some material from that book as an introduction to wireless technology. Refer to that Cisco Press BCMSN title for more detailed information. A wireless communication system uses radio frequency (RF) energy to transmit data...

IP Standard Access Lists

Standard access lists permit or deny packets based only on the packet's source IP address, as shown in Figure B-9. The access list number range for standard IP access lists is 1 to 99 or from 1300 to 1999. Standard access lists are easier to configure than their more robust counterparts, extended access lists. Figure B-9 Standard IP Access Lists Filter Based Only on the Source Address A standard access list is a sequential collection of permit and deny conditions that apply to source IP...

IP Telephony Components

An IP telephony network contains four main voice-specific components IP phones IP phones are used to place calls in an IP telephony network. They perform voice-to-IP (and vice versa) coding and compression using special hardware. IP phones offer services such as user directory lookups and Internet access. The phones are active network devices that require power to operate power is supplied through the LAN connection using PoE or with an external power supply. Switches with inline power Switches...

Pv4 Access Lists

Figure B-8 Access Lists Control Packet Movement Through a Network Transmission of Packets on an Interface Table B-5 shows the available types of IP access lists on a Cisco router and their access list numbers. Named access lists are also available for IP. This section covers IP standard and extended access lists. For information on other types of access lists, refer to the technical documentation on the Cisco website at http www.cisco.com. WARNING Cisco IOS Release 10.3 introduced substantial...

Pv4 Addresses and Subnetting Job

Figure B-1 is a job aid to help you with various aspects of IP addressing, including how to distinguish address classes, the number of subnets and hosts available with various subnet masks, and how to interpret IP addresses. Net First Standard Mask Class Host Octet Binary A N.H.H.H 1-126 1111 1111 0000 0000 0000 0000 0000 0000 B N.N.H.H 128-191 1111 1111 1111 1111 0000000000000000 C N.N.N.H 192-223 1111 1111 1111 1111 1111 1111 00000000 Address 172.16.5.72 1010 1100 0001 0000 0000 0101 0100...

Pv6 Routing Protocols

The routing protocols available in IPv6 include interior gateway protocols (IGP) for use within an autonomous system and exterior gateway protocols (EGP) for use between autonomous systems. As with IPv4 CIDR, IPv6 uses the same longest-prefix match routing. Updates to the existing IPv4 routing protocols were necessary for handling longer IPv6 addresses and different header structures. Currently, the following updated routing protocols or draft proposals are available Integrated IS-IS version 6...

J K L

Jitters (voice video applications), 318, 526 L2 (Layer 2) switching, 132-133, 137-138 L3 (Layer 3) switching. See multilayer switches Label Distribution Protocol, 302 LAN (Local Area Networks), 4, 11 OSI model, 7 protocols, 6 standards, 11 switches, 15 VLAN, 47 membership in, 48 routing, 51 STP, 49-50 trunks, 49 WLAN, 565-566 571-577 absorption (RF), 567 agencies and standards groups, 570-571 antennas, 570, 573 AP power, 578-579 AP, BSS, 579 AP, SSID, 579 autonomous AP, 578 centralized...

LANs and WANs

LANs were first used between PCs when users needed to connect with other PCs in the same building to share resources. A LAN is a high-speed, yet relatively inexpensive, network that allows connected computers to communicate. LANs have limited reach (hence the term local-area network), typically less than a few hundred meters, so they can connect only devices in the same room or building, or possibly within the same campus. A LAN is an always-on connection in other words, you don't have to dial...

Link State Example

Both OSPF and Integrated IS-IS use the Hello protocol for establishing neighbor relationships. Those relationships are stored in a neighbor table (also called an adjacencies database). Each router learns a complete network topology from information shared through these neighbor relationships. That topology is stored in the router's link-state database (LSDB), also called the topology table or topology database. Each router uses this topology and the SPF algorithm to create a shortest-path tree...

LWAPP Fundamentals

LWAPP is an IETF draft protocol that defines the control messaging for setup and path authentication and runtime operations between APs and WLCs. LWAPP also defines the tunneling mechanism for data traffic. The LWAPP tunnel uses Layer 2 or Layer 3 transport. LWAPP defines how the lightweight APs communicate with the WLC. LWAPP data messages encapsulate and forward data frames from and to wireless clients. LWAPP control messages are management messages exchanged between a WLC and the APs. LWAPP...

NAC Framework and Cisco NAC Appliance

NAC allows network access only to compliant and trusted wired or wireless endpoint devices, such as PCs, laptops, servers, and personal digital assistants (PDA), and it can restrict the access of noncompliant devices. Two NAC options are available the NAC framework and the NAC appliance. The NAC framework is an industrywide initiative led by Cisco that uses the network infrastructure and third-party software to enforce security policy compliance on all endpoints. The NAC framework is sold...

Name Resolution

Names are used to identify different hosts and resources on the network and to provide user-friendly interaction with computers a name is much easier to remember than an IP address. This section covers the purpose of name resolution, provides information about different available name resolution strategies, and discusses Domain Name System (DNS) name resolution. Hosts (computers, servers, printers, and so forth) identify themselves to each other using various naming schemes. Each computer on...

Net Flow Versus RMON Information Gathering

NetFlow can be configured on individual interfaces, thereby providing information on traffic that passes through those interfaces and collecting the following types of information Source and destination interfaces and IP addresses Input and output interface numbers TCP UDP source port and destination ports Number of bytes and packets in the flow Source and destination autonomous system numbers (for BGP) Compared to using SNMP with RMON MIB, NetFlow's information-gathering benefits include...

Network Hierarchy

This section explains the hierarchical network model, which is composed of the access, distribution, and core layers. The functions generally associated with each of these layers are discussed, as is the most common approach to designing a hierarchical network. Historically used in the design of enterprise local-area network and wide-area network data networks, this model works equally well within the functional modules of the Cisco Enterprise Architecture. These modules are discussed later in...

Objectives of This Book

The goal of this book is to provide you with the knowledge you need to gather internetworking requirements, identify solutions, and design the network infrastructure and services to ensure basic functionality, using the principles of hierarchical network design to structure and modularize a converged enterprise network design. Design tasks might include understanding the design methodology structuring and modularizing the network design using the Cisco Enterprise Architecture designing the...

OSI Layer Services

One OSI layer communicates with another layer to make use of the services provided by that other layer. The services provided by adjacent layers help a given OSI layer communicate with its peer layer in other computer systems. Layer services involve three basic elements the service user, the service provider, and the service access point (SAP). In this context, the service user is the OSI layer that requests services from an adjacent OSI layer. The service provider is the OSI layer that...

OSI Models Data Link Layer

The data link layer reliably transits data across a physical network link. Different data link layer specifications define different network and protocol characteristics, including physical addressing, network topology, error notification, frame sequencing, and flow control. Physical addressing (as opposed to network addressing) defines how devices are addressed at the data link layer. A network topology consists of the data link layer specifications that often define how devices are to be...

OSI Models Presentation Layer

The presentation layer provides a variety of coding and conversion functions that are applied to application layer data. These functions ensure that information sent from one system's application layer is readable by another system's application layer. Some examples of presentation layer coding and conversion schemes include common data representation formats, conversion of character representation formats, common data compression schemes, and common data encryption schemes. Common data...

OSPF Characteristics

OSPF is a link-state protocol that has the following characteristics for deployment in enterprise networks Fast convergence OSPF achieves fast convergence times using triggered link-state updates that include one or more link-state advertisements (LSA). LSAs describe the state of links on specific routers and are propagated unchanged within an area. Therefore, all routers in the same area have identical topology tables each router has a complete view of all links and devices in the area....

Overloading Inside Global Addresses

Figure D-3 illustrates NAT operation when a single inside global address simultaneously represents multiple inside local addresses overloading addresses is also known as PAT. Figure D-3 PAT Overloading Inside Global Addresses Figure D-3 PAT Overloading Inside Global Addresses The following describes the process of overloading inside global addresses, as depicted in Step 1 The user at Host 10.1.1.1 opens a connection to Host B. Step 2 The first packet the router receives from Host 10.1.1.1...

P

P2P VPN (Peer-to-Peer Virtual Private Networks), WAN design, 337 packet sniffers, Edge Distribution module, 263 packet-switched networks, 12, 296-298 packets, 856 BER, WAN design, 318 classification, 242, 538 delays, voice networks, 521-523 FEC, 301 filtering, ACL extended, 830-837, 839 standard, 821-829 IPv6, packet headers, 406-407 loss voice networks, 527 WAN design, 318 marking, 242, 538 switching, 27 unicast packets, 16 PAgP (Port Aggregation Protocol), managing in Enterprise Campus...

Physical Security Guidelines

The traditional method of managing the risk of physical compromise is to deploy physical access controls using techniques such as locks or alarms. It is also important to identify how a physical security breach might interact with network security mechanisms. For example, there could be a significant risk if an attacker physically accesses a switch port located in a corporate building and from there has unrestricted access to the corporate network. If, during the development of the security...

Private and Public IPv4 Addresses

Recall from Chapter 1 that the IP address space is divided into public and private spaces. Private addresses are reserved IP addresses that are to be used only internally within a company's network, not on the Internet. Private addresses must therefore be mapped to a company's external registered address when sending anything on the Internet. Public IP addresses are provided for external communication. Figure 6-1 illustrates the use of private and public addresses in a network. Figure 6-1...

R

RAP (Rooftop AP), outdoor wireless network design considerations, 632-633 RDP (Remote Desktop Protocol), 171 REAP (Remote Edge Access Protocols), 639-641 REAP mode (lightweight AP), 601 reconnaissance (networks) Edge Distribution module, Campus Core layer, 263 RED (Random Early Detection), 329 redesigning networks (network design methodologies), 119-120 redirect servers, SIP, 518 redundancy building distribution layer, Enterprise Campus networks, 253-255 deterministic WLC redundancy, 624 N + 1...

Recommended Practices for Infrastructure Protection

The following are some recommended practices for infrastructure protection Allow only SSH, instead of Telnet, to access devices. Enable AAA and role-based access control (using RADIUS or TACACS+) for access to the command-line interface (CLI) and privileged mode access on all devices. Collect and archive syslog messages (event notification messages) from network devices on a syslog server. When using Simple Network Management Protocol (SNMP), use SNMP version 3 (SNMPv3) and its authentication...

Remote Access Network Design

When you're designing remote-access networks for teleworkers and traveling employees, the type of connection drives the technology selection, such as whether to choose a data link or a network layer connection. By analyzing the application requirements and service provider offerings, you can choose the most suitable of a wide range of remote-access technologies. Typical remoteaccess requirements include the following Data link layer WAN technologies from remote sites to the Enterprise Edge...

Restricting Virtual Terminal Access

This section discusses how you can use standard access lists to limit virtual terminal access. Standard and extended access lists block packets from going through the router. They are not designed to block packets that originate within the router. An outbound Telnet extended access list does not prevent router-initiated Telnet sessions by default. For security purposes, users can be denied virtual terminal (vty) access to the router, or they can be permitted vty access to the router but denied...

Review Questions

Answer the following questions, and then refer to Appendix A for the answers. 1. Figure 3-38 presents a sample hierarchically structured network. Some of the devices are marked with letters. Map the marked devices to the access, distribution, and core layers in this figure. 2. Describe the role of each layer in the hierarchical network model. 3. True or false Each layer in the hierarchical network model must be implemented with distinct physical devices. 4. Which two statements are true a....

RIPv2 Convergence Example

RIPv2 is a distance vector protocol that periodically propagates its routing information. Distance vector protocols use the principle of hold-down to prevent routing loops. Putting a route in hold-down after the route has failed (perhaps due to a link failure) means that if a routing update arrives with the same or a worse metric, the new route is not installed until the hold-down timer expires. Even though the destination might no longer be reachable, a route in hold-down is still used to...

Risk Integrity Violations and Confidentiality Breaches

Key security risks are integrity violations and confidentiality breaches. Integrity violations can occur when an attacker attempts to change sensitive data without proper authorization. An example of an integrity violation is when an attacker obtains permission to write to sensitive data and then changes or deletes it. The owner of the data might not detect such a change until it is too late, perhaps when the change has already resulted in tangible loss. Because of the difficulty of detecting...

Routers Work at the Lower Three OSI Layers

The router doesn't care what is in the higher layers what kind of data is in the packet. The router is just responsible for sending the packet the correct way. The router does have to be concerned with the data link and physical layers, though, because it might have to receive and send data on different media. For example, a packet received on an Ethernet LAN might have to be sent out on a Frame Relay WAN, requiring the router to know how to communicate on both these types of media. In terms of...

Routing in the Building Distribution Layer

The Building Distribution layer is the intermediate point between the Campus Core and the Building Access layers. In addition to other issues (such as physical media and IP addressing), the choice of routing protocol depends on the routing protocols used in the Campus Core and Building As a recommended practice, the same routing protocol should be used in all three layers of the Enterprise Campus. If multiple routing protocols must be used, the Building Distribution layer redistributes among...

Routing in the Enterprise Edge Modules

In the Enterprise Edge modules, the underlying physical topology, IP addressing, and the deployed equipment also drive the choice of routing protocol. The routing protocols in the Enterprise Edge modules are typically OSPF, EIGRP, BGP, and static routing. NOTE Routing protocols running in the enterprise edge module are referred to as edge routing protocols. EIGRP gives an administrator more influence on routing and is suitable for NBMA environments in which there is a split-horizon issue...

Security Services in a Modular Network Design

Security is an infrastructure service that increases the network's integrity by protecting network resources and users from internal and external threats. Without a full understanding of the threats involved, network security deployments tend to be incorrectly configured, too focused on security devices, or lacking appropriate threat response options. Security both in the Enterprise Campus (internal security) and at the Enterprise Edge (from external threats) is important. An enterprise should...

Services Within Modular Networks

Businesses that operate large enterprise networks strive to create an enterprise-wide networked infrastructure and interactive services to serve as a solid foundation for business and collaborative applications. This section explores some of the interactive services with respect to the modules that form the Cisco Enterprise Architecture. A network service is a supporting and necessary service, but not an ultimate solution. For example, security and QoS are not ultimate goals for a network they...

Structured Design

The output of the design should be a model of the complete system. The top-down approach is highly recommended. Rather than focusing on the network components, technologies, or protocols, instead focus on the business goals, technical objectives, and existing and future network applications and services. Structured design focuses on a systematic approach, dividing the design task into related, less complex components, as follows First, identify the applications needed to support the customer's...

Summary of Interior Routing Protocol Features

There is no best or worst routing protocol. The decision about which routing protocol to implement (or whether multiple routing protocols should indeed be implemented in a network) can be made only after you carefully consider the design goals and examine the network's physical topology in detail. Table 7-2 summarizes some characteristics of IP routing protocols discussed in this chapter. Although they are no longer recommended enterprise protocols, RIPv1, RIPv2, and IGRP are also included in...

Summary of the Contents

The chapters and appendixes of this book are as follows Chapter 1, Network Fundamentals Review, introduces some fundamental concepts and terminology that are the foundation for the material in the rest of the book. Chapter 2, Applying a Methodology to Network Design, introduces the Cisco vision of intelligent networks and the Service Oriented Network Architecture (SONA) architectural framework. The lifecycle of a network and a network design methodology based on the lifecycle are presented, and...

TCPIP Internet Layer Protocols

The TCP IP Internet layer corresponds to the OSI network layer and includes the IP-routed protocol, as well as a protocol for message and error reporting. The protocols at this layer include the following IP Provides connectionless, best-effort delivery of datagrams through the network. A unique IP address a logical address is assigned to each interface of each device in the network. IP and IP addresses are introduced later in this chapter and are described in more detail in Appendix B, IPv4...

Technical Requirements Bandwidth

KEY Bandwidth is the amount of data transmitted or received per unit time, such as 100 Mbps. POINT In a qualitative sense, the required bandwidth is proportional to the data's complexity for a given level of system performance. For example, downloading a photograph in 1 second takes more bandwidth than downloading a page of text in 1 second. Large sound files, computer programs, and animated videos require even more bandwidth for acceptable system performance. One of the main issues involved in...

The Enterprise Data Center

This section describes technology and trends influencing the Enterprise Data Center. For large enterprises with a significant number of servers, a dedicated Enterprise Data Center provides employees, partners, and customers with access to data and resources to effectively work, collaborate, and interact. Historically, most Enterprise Data Centers grew rapidly as organizational requirements expanded. Applications were implemented as needed, often resulting in underutilized, isolated...

The OSI Layers

The following sections briefly describe each of the seven layers of the OSI model, starting at the lowest layer. Appendix C, Open System Interconnection (OSI) Reference Model, delves deeper into the details of the OSI model. The OSI physical layer defines specifications such as the electrical and mechanical conditions necessary for activating, maintaining, and deactivating the physical link between devices. Specifications include voltage levels, maximum cable lengths, connector types, and...