Network+ N10-005 Notes

Table of Contents
1.0: NETWORKING CONCEPTS.................................................................................... 6
1.1 Compare the layers of the OSI and TCP/IP models................................................6
OSI Model (Open Systems Interconnection Reference Model)................................6
TCP/IP Model........................................................................................................... 8
1.2 Classify how applications, devices, and protocols relate to the OSI model layers 8
1.3 Explain the purpose and properties of IP addressing............................................9
Basic Binary Math................................................................................................... 9
Subnetting.............................................................................................................. 9
Classes of Addresses............................................................................................ 10
IPv4 vs. IPv6......................................................................................................... 11
MAC Addresses..................................................................................................... 12
APIPA (Automatic Private IP Addressing)...............................................................12
Multicast vs. Unicast vs. Broadcast.......................................................................12
1.4 Explain the purpose and properties of routing and switching.............................13
EIGRP (Enhanced Interior Gateway Routing Protocol)...........................................13
OSPF (Open Shortest Path First)...........................................................................14
RIP (Routing Information Protocol)........................................................................14
IS-IS...................................................................................................................... 14
Link State vs. Distance-Vector vs. Hybrid.............................................................15
Static and Dynamic Routing................................................................................. 15
Routing Metrics..................................................................................................... 16
Next Hop............................................................................................................... 16
Spanning Tree Protocol (STP)................................................................................ 17
VLANs (Virtual LANs)............................................................................................. 17
Port Mirroring........................................................................................................ 18
Broadcast Domain vs. Collision Domain...............................................................18
IGP vs. EGP........................................................................................................... 19
Routing Tables...................................................................................................... 20
Convergence......................................................................................................... 20
Types of Switches................................................................................................. 20
1.5 Identify common TCP and UDP default ports......................................................21
1.6 Explain the function of common networking protocols.......................................22
TCP/IP Protocol Suite............................................................................................. 22
1.7 Summarize DNS concepts and its components..................................................25
1.8 Given a scenario, implement the following network troubleshooting
methodology............................................................................................................ 27
1.9 Identify virtual network components..................................................................28
Virtual Machine Manager (VMM)...........................................................................28
Virtual Servers...................................................................................................... 28
Virtual Desktops................................................................................................... 28
Server Consolidation............................................................................................. 29
Virtual Switches.................................................................................................... 29
Network as a Service (NaaS)................................................................................ 29
Onsite vs. Offsite Virtualization............................................................................ 29

Page 1

Virtual PBX............................................................................................................ 30

2.0: NETWORK INSTALLATION & CONFIGURATION..........................31

2.1 Given a scenario, install and configure routers and switches.............................31
Types of Routers................................................................................................... 31
Routing Tables...................................................................................................... 31
NAT (Network Address Translation).......................................................................32
VLAN..................................................................................................................... 32
Managed vs. Unmanaged Switches......................................................................33
Interface Configurations....................................................................................... 33
PoE (Power Over Ethernet)................................................................................... 33
Traffic Filtering...................................................................................................... 34
Diagnostics........................................................................................................... 34
VTP Configuration (VLAN Trunking Protocol Configuration)..................................34
QoS (Quality of Service)........................................................................................ 34
Port Mirroring........................................................................................................ 35
2.2 Given a scenario, install and configure a wireless network................................35
Wireless LANs....................................................................................................... 35
WAP Placement..................................................................................................... 36
Antenna Types...................................................................................................... 37
Interference.......................................................................................................... 37
Frequencies and Channels.................................................................................... 37
Wireless Standards............................................................................................... 38
SSID Management................................................................................................ 40
2.3 Explain the purpose and properties of DHCP......................................................40
DHCP.................................................................................................................... 40
Reservations......................................................................................................... 41
Scopes.................................................................................................................. 41
Leases................................................................................................................... 41
Options................................................................................................................. 42
2.4 Given a scenario, troubleshoot common wireless problems...............................42
2.5 Given a scenario, troubleshoot common router and switch problems................43
Switching Loops.................................................................................................... 43
Bad Cables/Improper Cable Types........................................................................43
Port Configuration................................................................................................. 44
VLAN Assignment................................................................................................. 44
Mismatched MTU/MUT Black Hole.........................................................................44
Power Failure........................................................................................................ 45
Bad/Missing Routes............................................................................................... 45
Bad Fiber Modules................................................................................................ 46
Wrong Subnet Mask and Gateway........................................................................46
Duplicate IP Address............................................................................................. 46
Wrong DNS........................................................................................................... 46
2.6 Given a set of requirements, plan and implement a basic SOHO network.........47
List of Requirements............................................................................................. 47
SOHO Cabling....................................................................................................... 47
Device Types......................................................................................................... 47
Environmental Limitations.................................................................................... 47
Equipment Limitations.......................................................................................... 47
Compatibility Requirements................................................................................. 47

Page 2

3.0 NETWORK MEDIA AND TOPOLOGIES........................................48

3.1 Categorize standard media types and associated properties.............................48
Fiber..................................................................................................................... 48
Copper.................................................................................................................. 49
Cable Categories.................................................................................................. 50
Straight-Through cables........................................................................................ 50
Crossover cables................................................................................................... 50
Plenum Cables...................................................................................................... 51
Media Converters.................................................................................................. 51
Media Distance and Speed Limitations.................................................................51
Broadband over Powerline (BPL)...........................................................................52
3.2 Categorize standard connector types based on network media.........................52
Fiber..................................................................................................................... 52
Copper.................................................................................................................. 53
3.3 Compare and contrast different wireless standards...........................................54
3.4 Categorize WAN technology types and properties..............................................54
T-Carrier System................................................................................................... 54
Synchronous Optical Networking..........................................................................55
Satellite................................................................................................................ 55
ISDN (Integrated Services Digital Network)..........................................................56
DSL....................................................................................................................... 56
Leased Lines......................................................................................................... 56
Cable.................................................................................................................... 56
Dialup................................................................................................................... 57
Cellular................................................................................................................. 57
OCx Standard....................................................................................................... 58
DWDM (Dense Wavelength-Division Multiplexing)................................................58
PON (Passive Optical Network)............................................................................. 58
Frame Relay.......................................................................................................... 59
ATM (Asynchronous Transfer Mode)......................................................................59
Properties............................................................................................................. 59
3.5 Describe different network topologies................................................................61
MPLS (Multiprotocol Label Switching)...................................................................61
Point-to-Point........................................................................................................ 61
Point-to-Multipoint................................................................................................ 61
Ring, Star, Mesh, Bus and Hybrid Topologies........................................................61
Client-Server......................................................................................................... 62
Peer-to-Peer.......................................................................................................... 62
3.6 Given a scenario, troubleshoot common physical connectivity problems..........62
Bad Connectors and Wiring.................................................................................. 62
Opens and Shorts................................................................................................. 63
Split Cables........................................................................................................... 63
dB Loss................................................................................................................. 63
TXRX Reversed..................................................................................................... 64
Cable Placement................................................................................................... 64
EMI/Interference................................................................................................... 64
Crosstalk (XT)....................................................................................................... 64
3.7 Compare and contrast different LAN technologies.............................................65
Ethernet Frames................................................................................................... 65
Types of LAN Technologies.................................................................................... 65

Page 3

CSMA/CD............................................................................................................... 66
CSMA/CA............................................................................................................... 67
Bonding/Link Aggregation..................................................................................... 67
3.8 Identify components of wiring distribution.........................................................67
Distribution frames............................................................................................... 67
MDF (Main Distribution Frame)............................................................................. 68
IDF (Intermediate Distribution Frame)..................................................................68
Vertical / Horizontal Cross-Connects.....................................................................68
Demarc................................................................................................................. 68
Smartjack............................................................................................................. 68
CSU/DSU (Channel Service Unit / Data Service Unit)............................................69

4.0 NETWORK MANAGEMENT.......................................................70

4.1 Explain the purpose of features of various network appliances.........................70
Load Balancer....................................................................................................... 70
Proxy Servers........................................................................................................ 70
Content Filter........................................................................................................ 70
VPN Concentrator................................................................................................. 71
4.2 Given a scenario, use appropriate hardware tools to troubleshoot connectivity
issues....................................................................................................................... 71
Crimpers............................................................................................................... 71
Linemans Handset............................................................................................... 71
Toner Probe........................................................................................................... 72
Punch Down Tools................................................................................................. 72
Protocol Analyzer.................................................................................................. 72
Loopback Plugs..................................................................................................... 72
TDR/OTDR............................................................................................................. 72
Multimeters........................................................................................................... 73
Environmental Monitors........................................................................................ 73
4.3 Given a scenario, use appropriate software tools to troubleshoot connectivity
issues....................................................................................................................... 73
Using Protocol Analyzers...................................................................................... 73
Throughput Testers............................................................................................... 73
Ping....................................................................................................................... 74
Tracert.................................................................................................................. 74
Nslookup/Dig........................................................................................................ 74
Ipconfig/Ifconfig.................................................................................................... 74
ARP (Address Resolution Protocol)........................................................................75
Nbtstat.................................................................................................................. 75
Netstat.................................................................................................................. 75
Route.................................................................................................................... 75
4.4 Given a scenario, use the appropriate network monitoring resource to analyze
traffic........................................................................................................................ 75
SNMP (Simple Network Management Protocol).....................................................75
Syslog................................................................................................................... 76
Traffic Analysis...................................................................................................... 76
4.5 Describe the purpose of configuration management documentation.................77
Wiring Schemes.................................................................................................... 77
Network Maps....................................................................................................... 77
Documentation..................................................................................................... 77
Cable Management............................................................................................... 77

Page 4

Asset Management............................................................................................... 78
Baselines.............................................................................................................. 78
Change Management............................................................................................ 78
4.6 Explain different methods and rationales for network performance optimization
................................................................................................................................. 78
Methods................................................................................................................ 78
Reasons................................................................................................................ 79

5.0: NETWORK SECURITY.............................................................80

5.1 Given a scenario, implement appropriate wireless security measures...............80
Encryption Protocols............................................................................................. 80
MAC Address Filtering........................................................................................... 80
Signal Strength..................................................................................................... 81
Device Placement................................................................................................. 81
5.2 Explain the methods of network access security................................................81
ACL (Access Control Lists).................................................................................... 81
Tunneling and Encryption..................................................................................... 81
Remote Access..................................................................................................... 83
5.3 Explain methods of user authentication.............................................................83
Hashing................................................................................................................. 83
PKI (Public Key Infrastructure).............................................................................. 83
Kerberos............................................................................................................... 84
AAA (Authentication, Authorization, and Accounting)...........................................85
Network Access Control........................................................................................ 85
CHAP..................................................................................................................... 86
EAP (Extensible Authentication Protocol)..............................................................86
Multi factor Authentication................................................................................... 86
Singe Sign-On (SSO)............................................................................................. 87
5.4 Explain common threats, vulnerabilities, and mitigation techniques.................87
Wireless................................................................................................................ 87
Attacks.................................................................................................................. 88
Mitigation Techniques........................................................................................... 90
5.5 Given a scenario, install and configure a basic firewall......................................91
Types of Firewalls................................................................................................. 91
Stateful Inspection vs. Packet Filtering.................................................................91
Firewall Rules........................................................................................................ 91
PAT (Port Address Translation).............................................................................. 91
DMZ (Demilitarized Zone)..................................................................................... 92
5.6 Categorize different types of network security appliances and methods...........92
IDS and IPS........................................................................................................... 92
Vulnerability Scanners.......................................................................................... 92
Methods................................................................................................................ 92

Page 5

1.0: NETWORKING CONCEPTS

1.1 Compare the layers of the OSI and TCP/IP
models
OSI Model (Open Systems Interconnection Reference
Model)

OSI Data

1.

Converts
informatio
n suitable
for

A vender-neutral basis for open system networks developed by

ISO
Acts as a guide for network protocol, not a be-all-end-all
Developed to standardize networks, even before protocols were
invented
There are unique protocols at every layer
The higher layers request services from other layers
o Application Support Layers: 7 (Application), 6 (Presentation), and
5 (Session)
o Network Support Layers: 4 (Transport), 3 (Network), 2 (Data
Link), and 1 (Physical)
All network technicians use this model
Trick to remember layers from 7 to 1: All People Seem To Need Data
Processing
o Layer 7: Application Layer
The layer that we see on the screen
This is the only layer that users interact with directly
HTTP, FTP, DNS, SNMP, SMTP and POP3 are protocols
associated with Layer 7
All operating systems have an API (Application
Programming Interface) that is used by programmers to
make their programs network aware
o Layer 6: Presentation Layer
Responsible for putting information into a format readable
by the OS
Converts the representation of one system to that of
another system
Performs character encoding, application encryption,
decryption, and data compression
Often combined with Layer 7

Page 6

2.

Data is
converted
into
segment

SSL/TLS and ASN.1 reside at this layer

o Layer 5: Session Layer
Communication management between devices.
Establishes connections between devices and
applications, maintaining the connection and
termination/re-establishing them when required
Where half-duplex or full-duplex and configured
Synchronizes data transfer between devices with
different transmission rates
Sockets, control protocols and tunneling protocols like
RADIUS and TACACS+ exist here
o Layer 4: Transport Layer
Sequences packets so that, upon arrival, they can be
reassembled
The post office layer
Responsible for transporting information, end-to-end data
transmission, and managing the connections between
layers 5 and 3
TCP and UDP reside here
o Layer 3: Network Layer
The routing layer
3. Segments
Protocols for reliability, establishing and maintaining
are
converted
connections, and routing live here
into
IP, IGMP, ICMP, ARP, and RIP
Also responsible for IP Fragmentation, the splitting of one
frame into several different frames/fragments
A fragment contains:
1. DLC Header
2. IP Header
3. TCP Header
4. TCP Data
Everything below the IP Header will be split up and
the IP Header and DLC Header will be duplicated
Fragments are always in multiples of 8 because the
number of fragmentation offset bits in the IP header
Packets at this layer are encapsulated into a frame
o Layer 2: Data Link Layer
The switching layer
4. Packets
Transfers data between adjacent network nodes without
are
converted
errors
The basic network language and foundation for
communication
Contains Data Link Control (DLC) protocols
MAC address on Ethernet
Page 7

Two sublayers:
LLC (Logical Link Control)
o Encapsulates protocols in upper layers so
multiple upper layer protocols can share the
same media
o Includes PPP, SLIP, SONET, and Frame Relay
MAC (Media Access Control)
o Defines how packets are transferred onto
media
Includes the CSMA/CD contention
scheme
o Attaches MAC addresses to frames
Frames at this layer can be 1500 bytes of data each
o Layer 1: Physical Layer
Signaling, cabling, connectors
5. Frames
You have a physical layer problem
are
converted
Answer: Fix cabling, punch-downs, etc.
Ethernet, Fast Ethernet, FDDI, and ATM/Token Ring exist at
this layer

TCP/IP Model

TCP/IP
Information is
assembled
into frames

1.

Frames go
into an IP
packet

Commonly called the Internet Protocol (IP) suite or model

Similar to the OSI model, but more simple with 4 layers
Built around the idea of TCP/IP
o Designed with protocols in mind and to support Internet related
tasks
o PDU (Protocol Data Units)
Units of transmission in a network
Also known as data, frames, packets, and bits
Peer-to-peer communication occurs at the Application and Transport
layers
1. Link Layer (OSI 1 and 2)
o Also called the Network Interface Layer
o Provides services to send and receive data packets
Moves data frames between adjacent nodes
o Handles ARP (OSI Layer 2) protocol
Responsible for finding (encodes and transmits) the MAC
address of a system
The first thing that has to happen before a system can
communicate
2. Internet Layer (OSI 3)
o Transfers data from a source to a destination network
o Handles IPv4, IPv6, ICMP, and IGMP protocols
o Packages data into datagrams
Page 8

3. Transport Layer (OSI 4)

o Provides connection establishment and communication services
2. TCP
Handles communication between hosts
Segments/UD
o Defines protocols for end-to-end transfer of data along with error
P datagrams
and flow controls
o Uses TCP and UDP protocols
4. Applications Layer (OSI 5, 6, 7)
o Encodes data, controls sessions, and defines socket services over
TCP/IP
3. Data
Handles communication between processes
starts and
ends here
o Contains all other protocols we use
o For example: FTP, BOOTP, TFTP, DNS, HTTPS, HTTP, IMAP, Telnet,
SMTP, SNMP, etc.

1.2 Classify how applications, devices, and

SSL/TLS does not allow external applications to execute.

protocols relate
to the OSI model layers

Layer
1
Cables
NICs
Hubs

Layer 2

Encryption devices use HSM (Hardware Security Modules), a basic

Layer 3

Frames
IPMACaddresse
address
s
EUIRouters
48/64
Packets
Switches
Protocol Binding is the

Layer 4

Layer 5

TCPControl
segment and
s
tunnelin
UDPg
datagra
protocols
ms
process of assigning a

Layer 6

Layer 7

Encryptio Decrypte
n devices d
(SSL/TLS) informati
on on
screen
protocol to NIC

1.3 Explain the purpose and properties of IP

addressing
Basic Binary Math

A bit is 0 or 1
8 bits = 1 byte
o Also referred to an octet
A binary-to-decimal conversion chart is good way to calculate a
binary number
Placehold 128 64
32
16
8
4
2
1
er:
Binary #: 1
0
0
0
0
0
1
0
Value =
128 0 + 0 + 0 + 0 + 0 + 2 + 0
130:
+

Page 9

So 11111111 = 255
Anywhere where there is a 0 in a subnet mask means is part
of the host ID

Subnetting

A subnet mask is used to identify the host ID, subnet ID, and
network ID of an IPv4 address
o The formula 2x 2 is used to determine the number of host
addresses
A computer uses a subnet mask to determine if the sending address is
local to the network or located in a different network. If the subnet
masks match, the destination is local
Anywhere a 255 exists in an address is the mask, and the client
addresses are just zeros
There are 256 possible addresses per octet
o Only 254 possible clients/hosts because the subnet address and
broadcast address are subtracted
How to calculate subnet address and broadcast address:
Given IP Address is
11000000.10101000.00000001.00000
192.168.1.165:
000
With subnet mask of
11111111.11111111.11111111.00000
255.255.255.0:
000
Perform bitwise AND:
11000000.10101000.00000001.00000
000
Subnet Address:
192
.168
.
1
.0
Change zeros to 1s in last
11000000.10101000.00000001.11111
octet:
111
Broadcast Address:
192
.168
.
1
.255
o So thus, you figure out the subnet address by converting the IP
address and subnet mask to binary and then using something
called a bitwise AND to write out a new address in which you
place a 1 where ever there is a 1 in the same place in both IP
address and subnet mask. Then the broadcast address is
obtained converting the subnet address to binary and changing
an octet with all zeros to all ones and then reconverting the
binary to decimal.
Common CIDR notations are /8, /16, /24, /32, or multiples
of 8. However, we are not limited to this
To modify the subnet, keep adding 1s to the remaining
zeros in the subnet mask and increment each CIDR
notation by one each time you do that
Page 10

This can leave subnet masks looking like

255.255.255.194
Afterwards, 2^x where x = the amount of zeros that
exist in the subnet mask after subnetting is equal to the
amount of available hosts (0 - y)
Supernetting is to aggregate multiple contiguous IP addresses into a
larger address space

Classes of Addresses

Every device needs a unique address

Every device needs a subnet mask
Every device needs to go through a default gateway (router)
The IP address isnt really a single address, but a combination of a
network ID and a host ID
Classful Subnetting
o Not used since 1993
o Class A: 1.0.0.0 127.255.255.255 (excluding loopback address
127.0.0.1)
255.0.0.0 subnet
1 - 126 leading bit address
128 possible networks
o Class B: 128.0.0.0 191.255.255.255
255.255.0.0 subnet
128 - 191 leading bit address
16,384 possible networks
o Class C: 192.0.0.0 223.255.255.255
255.255.255.0 subnet
192 - 223 leading bit addresses
2,097,152 possible networks
o Class D: 224.0.0.0 239.255.255.255
Multicast servers take on these for all members in a
multicast session
A router must be configured to handle Class D multicast
sessions
o Class E: 240.0.0.0 255.255.255.255
These addresses are reserved for research
Public addresses vs. private addresses
o RFC 1918 is the standard allowing private addresses
o Private addresses can be used more than once because they can
only be used internally (unregistered)
For example: 192.168.0.1 is the IP address for millions of
home users
o When designating private addresses:

Page 11

Class A: 10.0.0.0 - 10.255.255.255 (10.0.0.0/8)

Default subnet mask: 255.0.0.0
Single Class A
Largest CIDR block = 10.0.0/8
Host ID is 24 bits
Class B: 172.16.0.0 - 172.31.255.255 (172.16.0.0/12)
Default subnet mask: 255.240.0.0
16 contiguous Class Bs
Largest CIDR block = 172.16.0.0/12,
Host ID is 20 bits
Class C: 192.168.0.0 - 196.168.255.255 (192.168.0.0/16)
Default subnet mask: 255.255.0.0
256 contiguous Class Cs
Largest CIDR block = 192.168.0.0/16
Host ID is 16 bits
Classless Interdomain Routing (CIDR)
o Useful for further dividing subnets beyond their preconfigured
Class A, B, or C standards to make more efficient use of allocated
subnets and to perhaps have more control over the exact
amount of hosts you need in a network without wasting a ton of
IP addresses in the process.
o Bits are borrowed from the host address for an extended subnet
mask
VLSM (Variable Length Subnet Masking) is used in this
process of creating a custom subnet mask
o For example:
192.168.1.1/24 is the CIDR notation for really saying that
your IP address is 192.168.1.1 and your subnet mask is
255.255.255.0 because the three octets of 255 equal 24bits (8x3=24), so thus you can just say 192.168.1.1 to
mean the same thing.
o So to further divide beyond the preconfigured subnets of Class A,
you will use the IP address of 10.1.0.1/26. This really means you
have an IP address of 10.1.0.1 with a corresponding subnet mask
of 255.255.255.192. The 26 means that, starting from the left,
there are 26 bits that make up the network ID and the remaining
6 bits make up the host ID. This means that the first three octets
of 255 were used (8x3=24) along with two additional bits from
the last octet are part of the network ID. The octet of 192 in the
subnet mask comes from the fact that the two additional bits
taken from the last octet of the IP address have the binary
definitions of 128 and 64 respectively. 128 + 64 = 192, thus
forming the last octet.

Page 12

IPv4 vs. IPv6

IPv4
o
o
IPv6
o
o
o
o

o
o
o

OSI layer 3 address

Series of 4 octets/32-bits
OSI layer 3 address
128-bits long, four 16-bit groups separated by colons instead of
dots
Hexadecimal
Two or more groups of zeros are abbreviated with a double
colon ::
This can happen only once per address
Leading zeros are optional, can be removed up to the fourth zero
in a group
DNS becomes very important due to the complexity of the IPv6
compared to the IPv4
IPv6 Multicast addresses
FF02::1 = All nodes
FF02::2 = All routers
FF02::1:FFXX:XXXX = Solicited-node address
Subnet masks are simple: just append the CIDR-like /64 at the
end of the address
Subnet masks in IPv6 cannot be larger than 64-bits
Every computer will have two IPv6 addresses:
Link-local: FE80::/64
APIPA-like, only can communicate to the local
network with this address
Global-address: Always starts with the number 2
Allows you to communicate with the Internet
To get a global address, the router gives the client a
prefix and the client attaches its EUI-64 address to
the end of it
IPv6 can only do unicast, multicast, or anycast
Anycast: Used by DNS servers for multiple servers around
the world to act as one, sharing one IP address
IPv6 Tunnels
Useful for using IPv6 in networks that do not yet support it
Types:
6to4
6in4 (NAT traversal)
Teredo (NAT traversal)
o Built into Windows
ISATAP

Page 13

o Appends an IPv4 address on a IPv6 prefix

MAC Addresses

MAC stands for Media Access Control

OSI layer 2
The physical address of the network adapter card assigned by the
manufacturer
Referred to as an Extended Unique Identifier (EUI)
o Trademarked by IEEE as EUI-48 and EUI-64
Can be locally assigned, but this is not common
EUI-48
o The traditional Ethernet MAC address
o Six bytes, usually represented in hexadecimal
o First three bytes are assigned as the OUI (Organizationally
Unique Identifier)
o Last three bytes are usually assigned sequentially to prevent
duplicates
o Dell_6f:06:f2, [00:21:70]:[6f:06:f2] and 00-21-70-6f-06-f2 are all
equivalent
OUI/Block

LAN

ID
Identifier/Device ID
EUI-64
o Used in newer technologies
o Used by FireWire and IPv6 link-local auto configuration
o Eight bytes in hexadecimal
o First three bytes are the OUI
o Last five bytes are also assigned sequentially and look the same
as EUI-48, just longer
o Useful for IPv6 hosts
Converting to EUI-64 from EUI-48
o Split the EUI-48 address into two pieces, 24 bits each
o Insert FFFE in the middle of the EUI-48 address
o The 7th bit in the OUI is set to 1 for locally created addresses and
set to 0 for globally unique addresses
o After this 7th bit in the OUI is set, you end up with the EUI-64
address

APIPA (Automatic Private IP Addressing)

A link-local address
o Not routable: It can be used on a local subnet, but is not an
address a router will forward to other subnets
IETF has reserved 169.254.1.0 though 169.254.255.254 for APIPA
o These addresses are automatically assigned
o Uses ARP to confirm the addresses are not already in use
Page 14

Always has a subnet mask of 255.255.0.0

Multicast vs. Unicast vs. Broadcast vs. Anycast

Unicast
o One station sends information to only one other system
o Private information is sent between systems
o Used in web surfing and file transfers
o Not good for streaming media
Broadcast
o Sends information to everyone at once
o One packet is sent out, but everyone receives it
o Only allows a limited scope in what is called a broadcast domain
o Kept only on a small subnet of a network
o Used in routing updates, ARP requests, etc.
Multicast
o Delivery of information to interested systems
o The end station must be configured to accept multicast
o Used for local type of multimedia delivery
o Stock exchanges are done over multicast, for example
o Very specialized and difficult to scale across large networks
Anycast
o Used by IPv6
o Selects one out of many nodes based on which one is the closest

1.4 Explain the purpose and properties of routing

and switching
EIGRP (Enhanced Interior Gateway Routing Protocol)

An interior gateway protocol

Based on the earlier IGRP
Max hop count is 255
This protocol is proprietary to Cisco
Hybrid routing protocol that incorporates link state and
distance-vector
Does not interoperate with other routers
EIGRP metrics:
o Shortest
o Largest bandwidth
o Reliability
o Load
o Highest Minimum path Maximum Transmission Unit (MTU)
It is a hybrid routing protocol

Page 15

A little link state

Looks at whether a link is up or down
A little distance-vector
o Looks at how far away a link is
Supports multiple protocols (IP, IPX, AppleTalk)
Cleanly manages topology changes
o Speed of convergence is always a significant concern in routing
protocols
o Loop free operation
o Uses DUAL (Diffusing Update Algorithm) which chooses the best
path for traffic
Supports minimum bandwidth use
o Efficient discovery of neighbor routers
o Uses proprietary Reliable Transport Protocol (RTP) to
communicate with different routers
RTP is also proprietary to Cisco

OSPF (Open Shortest Path First)

The most commonly used IGP on the Internet

Used internally by most enterprise networks
An interior gateway protocol
o Used within a single autonomous system
A link-state protocol
o Routing is based on the connectivity between routers
o Each link has a cost
Throughput, reliability and round-trip time to make
decisions about which direction to send a packet
o The lowest cost and the fastest path make this determination
Identical costs are load balanced
Dynamic routing protocol
o Detects changes in network link state and modifies the routing
structure very quickly
o This happens within seconds
Uses Dijkstras algorithm known as SPF (Shortest Path First)
Known for low convergence times
OSPF routers and links are grouped logically into areas
o The default area is area 0, which contains the backbone routers
of the system
o Each area has its own database of link states
o Provides a flexible environment to work with
OSPF is used in large organizations/enterprise networks
because it is flexible, has fast convergence and has load
sharing support (load balancing)

Page 16

Supports authentication and prevents looping by using SPF

No IPv6 support until recently

RIP (Routing Information Protocol)

Used in private networks

Versions include: RIP, RIPv2, RIPng (IPv6)
Been around since 1988
Interior gateway protocol
Distance-vector protocol
o Determines how far away a network is based on number of hops
A dynamic routing protocol
Max hops of 15
RIPv1 had not authentication and no support for VLSMs
RIPv2 is for IPv4
o Updated for CIDR and includes built-in authentication to verify
the source
o Maximum hops is 15 before adding information routing table is
disabled
One of the most popular routing protocols
o Good for communicating between different routers

IS-IS

A link state protocol

Has a backbone structure and used in backbone routing by ISPs
Not intended for use with IP
o The version that uses IP is called Integrated IS-IS

Link State vs. Distance-Vector vs. Hybrid

Link state routing protocols

o Most interested in the quality of the link between point A and
point B
o More complex than distance-vector protocols
Allows routers to calculate the best route based on
information provided
o Information passed between routers is related to the current
connectivity (quality, bandwidth, availability, etc.)
Only shares information about individual route changes
(instead of passing on the entire routing table)
o Not prone to routing loops
o Considers the speed of the link
o Very scalable protocol to send traffic
o This is most often used in large networks
o Found in OSPF and IS-IS because they are large and scalable

Page 17

Distance-vector routing protocols

o Most interested in the distance between point A and point B
Hops are the only metric used
o Information passed between routers contains their entire routing
tables
o A copy of a routers routing table is passed to the routers
neighbors where additional information is then added
If all routers have completed sending their routing tables to
each other, the routers are in convergence, or steady-state
o Usually automatic, requiring very little configuration
o Good for smaller networks
Doesnt scale well in very large networks
o RIP, RIPv2, or BGP utilize this protocol
Path vector routing protocols
o Designed for very large networks
o Treats an entire AS as a single node
o Border and exterior routers pass routing information to the next
AS in the chain
o Uses BGP (Border Gateway Protocol)
Hybrid routing protocols
o Combines link state and distance-vector
o Not many examples of a hybrid routing protocol
o EIGRP uses this because of all its different metrics utilize
elements from link state and distance-vector

Static and Dynamic Routing

Dynamic Routing
o Routing protocols that make decisions on their own
More reliable, automatically detects problems
o All automatic and no human configurations are required
Builds and updates routing tables themselves
o Minimal configuration on the router
o Convergence is handled automatically by the routing protocol
The time to converge is based on the protocol
o Many options for dynamic routing, including RIP, OSPF, or EIGRP
Static Routing
o The human configures the routes manually
o Can range from being very simple to very complex
Every network is different
o Very common, even in large environments
Simple to configure
Gives you complete control that dynamic routing does not
give you

Page 18

Routing Metrics

Routing metrics will help you decide which direction the traffic
will take
Different routing protocols use different metrics
o RIP uses hop counts
o EIGRP uses a metric between 0 and 4,294,967,295
o Windows uses a metric between 1 and 9999
Common routing metrics:
o Hop-count
o Speed of the network
o Throughput
o Bandwidth
Throughput of a network route measured in bits/sec
o Cost
The efficiency of a route. Calculated by
8
10
bandwidth(link speed )
o Load
The amount of bandwidth currently being used. Calculated
by Total Bandwidth Available Bandwidth
o Link utilization
o MTU (Maximum Transmission Unit Size)
Determines the largest size of packets that can fit across
networks that a route can carry
Avoids/reduces the fragmentation of IP packets
o Path reliability
The percentage of time a path is available
o Packet loss
o Latency
o Delay
The time it takes for a data packet to reach its destination

Total Delay=Prebugging delay+ Queuing delay+Transmision Delay+ Propogation delay

Next Hop

The next hop is useful to determine for troubleshooting or

building networks
A hop is when a packet passes through a router
The next hop is the destination address of the next gateway
A router only needs to know how to get to the next router, not every
router in the world
Time-to-live in IPv4 or hop limit in IPv6 are ways to avoid packet
looping

Page 19

o Packet looping is when routers send information back-and-forth

to each other and the packet does not get anywhere
The router determines information about the next hop automatically
(dynamic routing) or manually configured (static routing)
Looking at a routing table is a good way to determine the next
hop
o A router sees the destination IP address of the packet and looks
through the routes in its routing table to find the next best route
to send the packet

Spanning Tree Protocol (STP)

Part of the IEEE 802.1D standard that was designed to prevent

loops in bridged (switched) networks
o Works for switches AND bridges
OSI Layer 2 protocol
Used everywhere
Creates a single loop free path with STA (Spanning Tree Algorithm)
Useful for networks to recognize themselves during an outage to
prevent looping
Switches that are connected to each other via different ports are prone
to looping
A newer version of this called Rapid Spanning Tree Protocol
(RSTP) of the IEEE 802.1w standard
Bridges are always talking to each other using MAC-layer multicasts
o Uses the Bridge Protocol Data Unit (BPDU) to determine which
links to block
o Sends configuration and any topology changes
A link will check to see if another link is there every two seconds
In a Spanning Tree Protocol:
o The Root Bridge will be the bridge in which all other bridges are
connected to
o The Root Port is the port on each bridge that the bridge uses to
connect back to the Root Bridge
o The Designated Port is a port on a bridge that sends out traffic
o The Blocked Port is used to block traffic when there are errors
communicating
The network will notice that a port is not sending back the
two second confirmation and after three attempts to
communicate, the network will automatically reconfigure
itself without any loops occurring.
States of STP enabled bridges/switches
o Blocking: No forwarding packets at startup
o Listening: Listens to BPDUs to make sure no loops are occurring

Page 20

o Learning: Develops paths in a network and populates MAC

address table
o Forwarding: Ports enter this state if it is a designated port or root
port after the learning state
o Disabled: Administratively disabled ports that are not part of the
STP process

VLANs (Virtual LANs)

Part of the IEEE 802.1q standard

Logically separates your switch ports into subnets
VLANs cannot communicate to each other without a router
Divides network so nodes on the same VLAN communicate as if
they were in the same broadcast domain
The router/firewall will become the gatekeeper to control the networks
traffic from within
Switches use VLAN identification: frame tagging to add info to each
frame about which VLAN it belongs
Groups users together by function based on what the users do on that
VLAN
VLANs are not limited by distance like LANs on regular switches are
o They dont need to be physically connected to the same switch
Often integrated with NAC (Network Access Control)
Multiple VLANs can share the same network wire called a trunk
Types of VLANs:
o Static VLANs: VLANs based on ports
The most common type
The person will be in the VLAN of the port they plugged
into
o Dynamic VLANs: VLANs based on MAC address
No matter where the person plugs in, they will be in the
same VLAN
To setup a VLAN:
1. Designate each port that you want to be a trunk port with 802.1q
encapsulation
2. Assign each port a VLAN ID to identify to which VLAN it becomes
3. All data frames are tagged with VLAN ID
4. Frame tag is removed when the frame reaches it destination

Port Mirroring

Replicates traffic passing through a switch

Copies packets to a secondary port
Built into the switch
Useful for many reasons:
o Protocol analysis
Page 21

o Security filtering (IDS)

o Stream-to-disk
Not easy to implement sometimes
o This is due to switch limitations
o Some switches simply do not support this
Works by plugging a protocol analyzer into a switch and configuring
it to duplicate traffic to and from specific devices to the protocol
analyzer and the receiving device

Broadcast Domain vs. Collision Domain

Collision domain:
o A historical footnote
o A network where a group of nodes can compete with each other
for media access
o The word collision is misleading because collisions were normal
in the process of transferring information over Ethernet networks
o The network was one big segment and everyone heard everyone
else signals
Similar to ad-hoc networks or NetBIOS networks
Think bus topologies
o Only one station can send data at a time
Accomplished through CSMA (Carrier Sense Multiple
Access)
Stations will listen and send traffic when no communication
is occurring
o A collision occurs when two devices communicated at the same
time
A difference in signal on the wire occurs when a collision
happens and a Collision Detection (CD)(hence CSMA/CD) system
picks up on this and sends a signal
o When networks on collision domains got larger, bridges
separated the network into different parts to reduce collisions
o Very large networks eliminated collision domains by having all
devices connect to a single bridge and communicate in full
duplex
On collision domains, which used hubs, communication
could obviously only be half duplex
o Switches define the size of a collision domain
Broadcast domain:
o A logical area in a network where any node connected to a
computer network can directly transmit to any other node
without going through a central routing device
o Deals with the type of packets going across the network rather
than the signal like in collision domains

Page 22

o Traffic will pass right through the switch/bridge and will only stop
once it reaches a Layer 3 device like a router
o Everyone on the subnet on one side of a router will see the
broadcast
Like in collision domains, multiple routers are placed in a
network to further specialize which systems received the
broadcast
o Only routers can determine the size of a broadcast domain
Multiple collision domains can make up a broadcast domain,
but multiple broadcast domains can only be one collision
domain

IGP vs. EGP

AS (Autonomous System)
o Important for understanding IGP and EGP
o A group of IP routes under common control (clearly defined
routing policy)
o You will configure a network to act as a singe autonomous
system
o IANA assigns an ASN number between 0 and 65,535
IGP (Interior Gateway Protocols)
o Used within a single AS
o Not intended to route between different AS
o OSPF, IS-IS, EIGRP, RIP, and RIPv2 can use this
EGP (Exterior Gateway Protocols)
o Used to route between AS
o Leverages the IGP at the AS to handle local routing
BGP (Border Gateway Protocol)
Connects all AS on the Internet
Known as the glue of the Internet)
Used by ISPs because it supports the implementation of
policies and can restrict access
This is the standard to make EGP possible
Advertises route information about the networks in each AS
and the ASNs

Routing Tables

A list of directions for your packets

Every router has a router table
Any IP device that needs to send packets out to the network has
routing tables
o This includes printers, workstations, tablets, etc.

Page 23

A routing table will have a destination address, gateway address,

interface address and metric (costs associated with that particular
route)
A packet with a destination/gateway/interface with a loopback address
127.0.0.1 will not leave the device and not enter the network
An incorrect address in a routing table will cause a packet to not get
anywhere and the end user will not receive any response

Convergence

The time of the period between a network change and when

the routers respond to this change by updating their routing
tables
Describes a Zen state where a network is working perfectly
When a network changes due to, for example, router reboot, network
outage, scheduled maintenance, or denial of service, the time it
takes for a network to recover is called convergence time
Depending on the routing protocol, convergence time may be small
and not visible to the end user
Dynamic routing protocols recognize when there is errors in the
network and they thus will have different convergence protocols
o OSPF is fast while RIP is slow
Routing protocols are always checking on things and when a change
is detected, the network will go into convergence mode to
figure out what to do next

Types of Switches

Cut-through switch
o Forwards data packets as soon as it receives them and does not
check for any errors. Uses only the header bits to determine the
packets MAC address
Fragment-free switch
o Waits for the first 64 bytes before forwarding in order to check
for corruption
Store-and-forward switch
o Calculates the CRC value and compares it to the packets value
before forwarding. This is the slowest kind of switch because it
inspects a packets entire frame [FCS (Frame Check Sequence)]
before forwarding it
Multi-layer switch
o A layer 2 router/layer 3 switch/IP switch. New technology/not
standardized
Content switch

Page 24

o Analyzes content of packets in real-time. Used for load balancing,

web caching, and application redirection. Also known as a 4-7
switch because they operate at OSI Layers 4 and 7

1.5 Identify common TCP and UDP default ports

IP is connectionless does not guarantee packet delivery on its own

Non-ephemeral ports are permanent ports on a server or service
Ephemeral ports are temporary ports determined in real-time on the
client workstation
TCP and UDP ports are 16-bits in length and can be any number
between 0 and 65,535
o Well-known: 0 1,023
Established port numbers that are well-known
o Registered: 1,024 49,151
Available to reserve, but this is not required
Used by a responding system to get data back to the client
o Dynamic: 49,152 65,535
Only used temporarily by systems
Port numbers are for communication, not security
TCP port numbers are not the same as UDP port numbers
Sockets are communication end-points that define a particular
protocol, address, and port number
o Each socket is bound to a particular port number
o A socket is an end-point for data packets in a network
TCP Ports
o FTP (File Transfer Protocol)
TCP/20 (data transfers), TCP/21 (control commands)
o SSH (Secure Shell)
TCP/22
o Telnet (Non-encrypted terminal access)
TCP/23
o SMTP (Simple Mail Transfer Protocol)
TCP/25
o DNS (Domain Name Services)
TCP/53 (zone transfers)
o HTTP (Hypertext Transfer Protocol)
TCP/80
o POP3 (Post Office Protocol version 3)
TCP/110
o IMAP4 (Hypertext Transfer Protocol Secure)
TCP/443

Page 25

UDP Ports
o DNS (Domain Name Services)
UDP/53 (queries)
o BOOTP/DHCP (Bootstrap Protocol / Dynamic Host Configuration
Protocol)
UDP/67
o TFTP (Trivial File Transfer Protocol)
UDP/69
o NTP (Network Time Protocol)
UDP/123
o SNMP (Simple Network Management Protocol)
UDP/161

1.6 Explain the function of common networking

protocols
TCP/IP Protocol Suite

Similar to the OSI model, but only has four layers

Specifically created to correlate the model to the real world
Layers:
o Link
ARP (Address Resolution Protocol)
IP address to MAC address resolution
RARP (Reverse ARP)
Allows a device to discover its own IP address using
only its MAC address
o Internet
o Transport
TCP (Transmission Control Protocol)
Connection-oriented
Reliable
Sends acknowledgements back is data was received
successfully
Manages out-of-order messages or retransmissions
Analogy: Loads and unloads the moving truck and
checks for out-of-order of missing cargo
UDP (User Datagram Protocol)
Connectionless
Unreliable
Faster than TCP due to lower overhead

Page 26

No acknowledgements back or recording of data or

retransmissions
Used with VoIP
Analogy: Loads and unloads the moving truck, but
doesnt check for out-of-order or missing cargo

o Application
BOOTP (Bootstrap Protocol)
Automates the IP address configuration process
Allocates IP addresses to devices without any local
storage
Replaced by DHCP
DNS (Domain Name Services)
Converts domain names to IP addresses
NTP (Network Time Protocol) / SNTP
Automatically synchronizes clocks on all devices in a
network
Useful because it centralizes the times of all logs on
client workstations
Operates over UDP port 123
Listens on multicast address 224.0.1.1
NNTP (Network News Transfer Protocol)
Posts and retrieves news feeds from USENET
Operates over TCP port 119
NFS (Network File System)
Lets users share files distributes across a network as
if they were stored locally
Operates over port 2049
SMB (Server Message Block) / CIFS (Common Internet File
System)
Uses a client-server model to allow networked
computers to communicate and share resources like
files, printers, and serial ports
o Uses NetBIOS names (workstations, domains,
and AD)
Used in Microsoft systems
Operates over port 445
CIFS is the most recent version of SMB
o Has widespread support on Linux and Mac OS
ICMP (Internet Control Message Protocol)
Sends management messages between systems
Reports on the communication between two devices
Used with ping, sending echo requests and getting
an echo reply
Page 27

IGMP (Internet Group Management Protocol)

Manages membership of multicast groups
Informs a system of which host belongs to which
multicast group
Improves efficiency and bandwidth usage in
multicast sessions
SNMP (Simple Network Management Protocol)
Gathers statistics from network devices
Queries these devices with requests and the device
responds with what was requested
SNMPv1 had structured tables and no encryption
SNMPv2 had data type enhancements, bulk transfers
(asks many things at one time), and no encryption
SNMPv3 is the latest version, had message integrity,
authentication, and encryption
Telnet (Telecommunication Network)
Login to devices remotely
Unencrypted communication (In-the-clear)
Not the best choice for production systems
SSH (Secure Shell)
Looks and acts the same as Telnet
Encrypted communication link (PuTTY)
SCP (Secure Copy Protocol)
Uses SSH to copy files safely between a local and
remote host
Can be implemented as a command line utility
FTP (File Transfer Protocol)
Transfers files between systems
Authenticates with a username and password
Full-featured functionality (list, add, delete, etc.)
Active-mode: uses port 21 to send and port 20 to
receive
o Wont work on NAT or most firewalls
TFTP (Trivial File Transfer Protocol)
Used in very simple file transfer applications or to
boot network devices with no local storage
o Only reads and writes files
No authentication
Not used on production systems
SMTP (Simple Mail Transfer Protocol)
Used most often for sending mail
Transferring between mail servers

Page 28

POP3 (Post Office Protocol version 3)

For receiving mail from a mail server
Downloads the email from the server and then
deletes it
Designed for intermittent connectivity
IMAP4 (Internet Message Access Protocol v4)
Flexibility in connectivity
o Users can access, search, and modify
messages
Updates mail on the server
Keeps the state of the mail (read, replied, deleted,
etc.)
POP3 is more popular, especially for old servers
HTTP (Hypertext Transfer Protocol)
For communication over the Internet
HTTPS (Hypertext Transfer Protocol Secure)
All the power of your browser with an extra layer of
encryption through TLS/SSL
TLS/SSL (Transport Layer Security / Secure Sockets Layer)
SSL
o Operate over port 443
o Created by Netscape
o Combines digital certificates for authentication
with public key encryption
A server driven process
o Limited to HTML, FTP, SMTP, and old TCP/IP
applications
o SSL Steps:
1. The client requests a session from a
server
2. Server responds by sending its digital
certificate and public key to the client
3. Server and client negotiate an encryption
level
4. The client generates and encrypts a
session key and sends it to the server
5. The client and server use the session key
for data encryption
TLS
o The updated IETF (Internet Engineering Task
Force) version of SSL
o Has no limitations and is used for everything
from VoIP, VPNs, to web pages

Page 29

VoIP

o What you will be using today, even though

people might still call it SSL
TLS 1.0 = SSL 3.1
TLS 1.1 = SSL 3.2
(Voice over IP)
SIP (Session Initiation Protocol)
o Initiates, modifies, and terminates sessions
o VoIP signaling protocol
o Builds and tears-down media calls
RTP (Real-Time Transport Protocol)
o Encapsulates streaming media content in timestamped packets
o Carries the media stream
o Uses dynamic ports, so it is very difficult for the
firewall to block this
So SIP sets up the session and RTP is responsible for
digitizing the voice and sending it over the network

1.7 Summarize DNS concepts and its components

DNS (Domain Name System) translates human-readable names

into computer-readable IP addresses
It is hierarchical, meaning that there are many different layers to it
It is a distributed database, meaning that there are many DNS
servers
o 13 root server clusters
o 20 generic top-level domains (gTDLs)
o 248 country code top-level domains (ccTLDs)
DNS hierarchy:
o . (period) is the top level of the Internet and indicates the DNS
root server
o Top-Level Domains (.com, .net, .edu, .org)
Each of these has its own, TLD, servers
o Websites (professormesser.com)
These have second level servers

Page 30

o Servers (www, live, mail, east, west)

"."

(D N S Ro o t
S erve r)

.co m

FQDN (Fully Qualified Domain Name)

63 characters max
o The human readable version of a website
o Must contain a host name and a domain name
Host
Nam
e

Domai
n
TDL

mail.ucdenver.edu
FQDN

255 characters max

DNS Servers
o Authoritative Servers
Stores IP and FQDNs of systems on a domain
o Cache-only Servers
Only forwards requests and caches some common ones
o Parts of a DNS server:
Forward Lookup Zone
Where IP addresses and FQDNs are stored
The most important part of a DNS server
Reverse Lookup Zone
Enables a system to determine an FQDN based on an
IP address
Uses the PTR record
Cached Lookups
Stores already resolved FQDNs

Page 31

The DNS process

o Resolver: Applications on the computer look in the HOSTS file on
the computer to see if the FQDN is local on the computer
A HOSTS file is a plaintext file on a host machine
containing DNS info
o Local Name Server: Looks for cached FQDNs of previous searches
by other people
Has lists of all root servers on the Internet for further
searches
o Root Server: Determines which server to look for the FQDN
This will transfer the request to the .com Name Server, .org
Name Server, ProfessorMesser.com Name Server, etc.
Results of these searches will be cached, so this whole
process wont happen every time
DNS zones
o A zone is an area or namespace located within a domain over
which a particular DNS server has authority
o Primary zone: all changes to a zone must be through a primary
DNS server
o Secondary zone: DNS server hosts a read-only copy of the table
from the primary serer
Records are transmitted via zone transfer
DNS records
o Resource Records (RR)
The database records of domain name services within the
DNS server
Over 30 different RR types
Forward Lookup File stores all the resource records
o Address records (A) (AAAA)
Defines the IP address of a host and maps the host name
to the IPv4 address
This is most queries
A records are for IPv4 addresses
Modify the A record to change the host name to IP
address resolution
AAAA records are for IPv6 addresses
Maps the host name to the IPv6 address
The same DNS server, different records
o Canonical name records (CNAME)
Assigns one or more aliases to a host
A name is an alias of another, canonical name
One physical server, multiple services
For example: broadcast.com gets redirected to yahoo.com

Page 32

o Mail exchanger record (MX)

Determines the host name for a mail server
This isnt an IP address; its a name
o Name server record (NS)
Lists the name servers for a domain
Delegates a DNS zone to use the given authoritative name
servers
NS records point to the name of the server
o Pointer record (PTR)
The reverse of an A or AAAA record
Added to the Reverse Map Zone file
o SRV (Service Locator) record
Used to identify a host that provides a specific service
o SOA (Start of Authority) record
Contains authoritative information for a zone including the
primary DNS name server, contact details for domain
admin, domain serial number, and zone refresh times
Only one SOA record can exist per zone
Dynamic DNS
o Dynamic DNS Update (DDNS)
Updates the name server records with a secure, automated
process
DHCP means the addresses change all the time, so the
end-stations inform the DNS server of their IP address and
thus DDNS is used to update the name server with these
new addresses automatically
o Part of Windows Active Directory
Domain controllers register in DNS
Allows other computers the domain to find the AD servers
o Dynamic DNS Services (DDNS) are designed for SOHO dynamic
IP addresses
The ISP dynamically assigns IP addresses
Built into many SOHO routers accessible via the Internet
(192.168.0.1)
DNS name resolution process
1. Client request a name resolution
2. DNS server queries a root name server
3. Root name server responds with the IP address of the DNS server
for the TLD
4. DNS server queries TLD server
5. DNS server queries other domain servers if necessary
6. Host name is resolved
7. Resolved address is returned to the client

Page 33

1.8 Given a scenario, implement the following

network troubleshooting methodology

Steps for troubleshooting a network:

1. Identify the problem
Information gathering, identify symptoms, question users
with open ended questions, and determine if anything has
changed
Recreate the problem yourself
2. Establish a theory of probable cause
Question the obvious first
3. Test the theory to determine cause
Once theory is confirmed, determine next steps to resolve
problem
If a theory is not confirmed, re-establish a new theory or
escalate
4. Establish a plan of action to resolve the problem and identify
potential effects
5. Implement the solution or escalate as necessary
6. Verify full system functionality and if applicable, implement
7. Document findings, actions, and outcomes

1.9 Identify virtual network components

Virtual Machine Manager (VMM)

Virtual machines are not portable

Hypervisor is a popular VMM
Bridges the virtual world to the physical world
Maintains separation between virtual machines
Types:
o Type 1: Bare Metal
The hypervisor IS the operating system
Software to load includes VMware ESXi, or Microsoft HyperV
o Type 2: Hypervisor runs in the existing OS
Used in virtual desktop environments

Virtual Servers

All virtual networks have virtual desktop servers disabled by default

Runs its own OS application and has its own software-based CPU, NIC,
RAN and hard drive
Type 1: Bare Metal install
Page 34

Multiple CPUs with multiple cores

RAM needs to be over 128 GB
Multi-terabytes hard drive arrays

Virtual Desktops

Requires hosting servers endpoint devices, connection brokers,

management infrastructure, and application delivery and execution
infrastructure
o Connection brokers manage connections between host servers
and end point devices

Server Consolidation

Physically shrinks the data center

Increases flexibility
Lower cost (electricity, cooling, etc.)
Management benefits include fast deployment and load management
between servers

Virtual Switches

Virtual switches are software-based switches that connect systems on

a virtual network
A virtual switch cannot communicate directly to another without the
use of a router
o Two VLANs cant communicate directly without a router
All servers on a virtualized network are connected with enterprise
switches and routers
Different virtualized environments that communicate with each other
can be managed by a virtual switch
Features of using a virtual switch include load balancing and QoS and
are easy to apply
No physical wires
Also gives the ability to virtualize firewalls and IPSs

Network as a Service (NaaS)

Moves the virtualized network into the cloud

Referred to as cloud computing
No physical hardware
The network becomes invisible because the network is running as a
service at a third party facility
Network changes are also invisible
If you have an important application running over the web, it is a good
idea to move the network to the cloud for more efficient management
by a third party

Page 35

Examples include Office 365 cloud subscriptions and Adobe Creative

Cloud

Onsite vs. Offsite Virtualization

Onsite virtualization
o Allows you to manage your own infrastructure
Build it, host it, maintain it
o Advantages include giving you complete control, flexibility to
change an shift as needed, and secure as you need
o Disadvantages include the fact that it is costly, requires
significant networking infrastructure, and not easy to upgrade
Offsite virtualization
o Allows you to virtualize in the cloud
o Requires a stable Internet connection
o Advantages include no infrastructure costs, management is
handled by others, geographical flexibility, and seemingly
unlimited upgrade options
o Disadvantages include the fact that data is in the cloud and there
are contractual limitations
Not a great option if your data is extremely sensitive

Virtual PBX

PBX (Private Branch Exchange)

o Your business phone system
o Usually more than just a phone
o Interactive voice response, voice mail, reporting, and music on
hold
o Very reliable
o You will know when there is a problem with your PBX
Virtual PBX is a cloud-based voice service
o No infrastructure besides the phone
Additional network configurations may be required
o More bandwidth and QoS settings
Virtual PBX gives you big cost savings
o Low cost call routing through the Internet

Page 36

2.0: NETWORK INSTALLATION &

CONFIGURATION
2.1 Given a scenario, install and configure routers
and switches
Types of Routers

Access routers
o Located at remote sites, used in SOHO networks
Distribution routers
o Collects data from multiple access routers and redistributes the
data to a primary enterprise location
Core routers

Page 37

o Designed for use in the center of a network backbone and

connects multiple distribution routers

Routing Tables

The name, destination, and next hop are determined for all
possible directions
A default route should also be configured
Redundant routes in a routing table should have precedence over
one another
You need to visually look at a network to really determine how the
routing tables should be configured
Routers each change the packets MAC address to the MAC
address of the router in the next hop, but never the IP address
of the packet
Types of routes:
o Directly connected routes
o Remote routes
o Host routes
Packets go to a specific IP address
o Default routes
Parts of a routing table:
Network
NetMask
Gateway
Interface
Metric
Destinati
on
Address of Determines the
Address of Where data
Cost of a
host
extent to which
a packets
is sent after
route
destinatio the destination
first
the Network based on
ns
address must
hop/adjace Destination
hops or
match the
nt router
is
other
Network
determined
various
Destination
criteria
before that route
is used

NAT (Network Address Translation)

Internet security that conceals internal routing schemes with an

external address
A router or firewall will perform Layer 3 conversion to convert one IP
address to another
NAT is a one-to-one IP address conversion
o No other addresses change
Destination NAT (DNAT) or Static NAT
o Converts the destination IP address to another IP address

Page 38

External to Internal
Individual port numbers of external traffic are picked
up and the address is converted and routed to the
appropriate server
o Used to convert externally accessible IP addresses to an internal
address
o Address is converted into a specific address
PAT or Source NAT (SNAT)
o Converts a source IP address to another IP address
Internal to External (192.168.0.1 to something unique
before getting onto the Internet)
Often used to convert a large number of internal IP
addresses to one external address
o Uses Dynamic NAT to map an unregistered address with a single
registered address using multiple ports
192.168.0.1 / or home routers
o Used in SOHO networks
o A translation table is held to keep track of what the original IP
addresses were
o Also known as Overloaded NAT
Dynamic NAT
o IP address is converted based on the first available address from
a pool

VLAN

Used to subnet a network to separate users and servers

Assign switch ports to a subnet (VLAN)
o This can also be done automatically with Network Access Control
(NAC)
Connect your switches together with trunks
o A trunk is a specially designed port between switches for many
different VLANs as a way to travel to a destination together
Configuration of VLANs can be done at the command line or in
graphical (web based) interfaces
Trunks must be setup properly so all the VLANs can
communicate within the same subnet

Managed vs. Unmanaged Switches

Unmanaged switches
o Plug and play
o Very few configuration options
o Fixed configurations, so no VLANs
o Very little integration with other devices
No management protocols
Page 39

o Low cost
Managed / Intelligent switches
o Allow you to monitor and configure their operation
o Has its own IP address and a configuration interface
o VLAN support (802.1q)
o Traffic prioritization (QoS)
o Redundancy support
For STP (Spanning Tree Protocol) where many switches are
connected
o External management (SNMP)
o Port mirroring to capture packets

Interface Configurations

Ethernet has many different configuration options and both

sides need to match
Auto:
o Devices on both ends will auto negotiate so they both match
configurations
o Not perfect, mismatches could result
Half-duplex and Full-duplex are other configuration options
that must match:
o You can also configure port speeds (10, 100, 1000, Auto)
o IP addresses, subnet masks, and default gateways are part of the
Ethernet configuration options
MAC filtering can be used for interface configuration in wireless
networks

PoE (Power Over Ethernet)

Power is provided on an Ethernet cable along with the data

Phones, cameras and WAPs are examples of devices that use this
Useful in hard-to-power areas
Power is provided at the switch
o Switches with built in power are called endspans
o Switches with in-line power injectors are called midspans
PoE is part of the IEEE 802.3at-2009 standard and provides
25.5 watts of power
o Mode A (Power is on the same wires as the data)
Phantom power
o Mode B (Power is on the spare wires)
All four pairs are required

Traffic Filtering

Blocks unwanted traffic from entering a network

Most often done at the router or firewall
Page 40

o Not much filtering occurs at the switch

Can be done in almost any router, even the small SOHO routers
URL filtering
o Block based on browser URL
Port filtering
o Block based on destination port number
Scheduling
o Set different kinds of filtering to occur at a certain time of the
day

Diagnostics

Switches and routers can have built-in diagnostics

o Routers and switches can have built-in hardware tests
o They can also provide ongoing monitoring for statistics using
SNMP or through the command line
o They can have protocol diagnostics using ping and tracert

VTP Configuration (VLAN Trunking Protocol Configuration)

VLAN Trunking
o A trunk link connects various VLANs with a single switch
Manual configuration with many VLANs on a switch can be difficult
Cisco created VTP to automatically configure VLANs
o Configure one switch and VTP transfers those settings to the
other switches
Eliminates the overhead in porting a VLAN in another network
MVRP (Multiple VLAN Registration Protocol) does this on nonCisco switches
UTP on a switch:
o Server mode: default
o Client mode: Cannot modify VLANs
o Transport mode: Configuration is not transmitted to other
switches in the group

QoS (Quality of Service)

Manages and controls different kinds of traffic passing through

a network
All traffic, by default, has the same priority and there is no way to
control it
Because of the diverse kinds of traffic on the networks (voice, data,
video, etc), QoS can set priorities for these different kinds of traffic
IntServ (Integrated Services) uses specialized protocols to
reserve network resources
DiffServ (Differentiated Services) uses QoS bits that are
enabled in the IPv4 header
Page 41

o Routers and switches need to take in account these QoS

o Not all routers or switches want to read the QoS bits
Bandwidth management
o Traffic shaping/rate limiting
Only allocate certain amounts of bandwidth to certain
types of traffic
Scheduling algorithms
o Queues different packets and picks who gets to go first
Congestion avoidance
o Uses Random Early Detection (RED) to drop packets before the
buffer fills
o Packets will be resent until they can go through
Policing
o Drops any packets that go over the configured limit
Explicit Congestion notification
o Avoids drops by informing the upstream to slow down
QoS parameters
o An SLA is used to define QoS parameters
Bandwidth
Latency
Jitter
Packet loss
Echo

Port Mirroring

Copies packets on one switch port to another port

o Refers to the physical port on a switch (not TCP or UDP ports)
Not available on all switches
Not always the most functional on switches that do allow it
Cisco: Switches Port Analyzer (SPAN)
3Com: Roving Analysis Port (RAP)
You will configure the switch to send these copied packets to
and from specific devices
Useful for monitoring traffic behind the scenes to understand whats
happening on your network better

2.2 Given a scenario, install and configure a

wireless network

Page 42

Wireless LANs

An STA is a device on a wireless network

A DS (Distribution System) is a wired connection between BSS and
the premise-wide network
o Provides mobile access not network resources
Service Sets
o BSS (Basic Service Set)
A set of devices with an AP connected to a wired network
and has one or more clients
Extends the distance between wireless endpoints by
forwarding signals through the AP
All devices that connect to any particular AP are known as
the BSS
o IBSS (Independent Basic Service Set)
Describes a peer-to-peer network
Each station is a transmit and receive
o ESS (Extended Service Set)
Multiple BSSs for mobility purposes
The full group of participants in a large WLAN that includes
more than one AP
Types of wireless communication on a LAN
o RF (Radio Frequency)
Broadcast radio = non-directional, single frequency
Spread spectrum = more than one frequency
Difficult to tap
Uses:
o FHSS (Frequency Hopping Spread Spectrum)
o DSSS (Direct Sequence Spread Spectrum)
o Infrared
SIR (Serial Infrared)
4.6 115.2 kbps
MIR (Medium Infrared)
0.576 1.152 mbps
Overall transmission from 10 16 mbps
o Bluetooth
30 feet max
Uses a radio frequency
Version 1.1 = 2.4 GHz @ 1 mbps
Version 2.0 = 2.1 3 mbps @ 100 feet
o Microwave
Pulses of electromagnetic energy
1 GHz 300 GHz
Prone to interference
Page 43

Used in satellite networks

Use a wireless repeater to extend a wireless network

WAP Placement

Access point placement should be centered around the users,

their conference rooms, desktops, and other large meeting
areas
Keep in mind the metal and concrete between the WAP and users
o Antenna choice is important
Multiple access points with 20 - 25% overlap is justifiable for a
maximum efficient range
o Keep in mind these should be different frequencies

Antenna Types

Omnidirectional antennas
o One of the most common
o Included on most access points
o Signal is evenly distributed on all sides
o Good choice for most environments
o Disadvantage: No ability to focus signal
Directional antennas
o Focuses the signal in a particular direction
o Sends and receives signal in a single direction
Focused transmission and listening
o Antenna performance is measured in dB
o Double power every 3dB of gain
Yagi antenna
o Very directional and high gain
o Looks like a stick
o Found on rooftops to send signal from one direction to another
Parabolic antenna
o Focuses the signal to a single point
o Looks like a dish
Gain is the ratio of input and output power of an antenna
Larger the antenna, lower the frequency of transmit

Interference

Wireless signals are like any other radio signal

o 2.4 GHz, 3.7 GHz, 5 GHz
Radio signals are always susceptible to interference from
external sources or manmade ones
Predictable interference:
o Florescent lights

Page 44

o Microwave ovens
o Cordless telephones
o High-power source
Unpredictable interference:
o Multi-tenant building with multiple WAPs
You can see interference problems with netstat -e on Linux and
Performance Monitor in Windows
A spectrum analyzer helps you visually see interference

Frequencies and Channels

IEEE 802.11 standards for wireless networking set specific frequencies

14 total wireless channels, but only 11 can be used in the US
Only use channels 1, 6, and 11 for optimal performance in
networks with multiple APs
5 GHz
o Used in 802.11a and 802.11n
o 802.11a uses Dynamic Frequency Selection (DFS)
Avoids interference with weather radar and military
satellites
o Uses OFDM (Orthogonal Frequency Division Multiplexing)
Transmits multiple data streams over a given bandwidth
23 non-overlapping channels / different channels used in
different countries
o 802.11n uses MIMO (Multiple-Input and Multiple Output)
Uses more than one antenna
Supports 4 transmits and 4 receives and sending/receiving
4 data streams
2.4 GHz
o Used in 802.11b, 802.11g and 802.11n
Uses Direct Sequence Spread Spectrum (DSSS)
Data is chipped and transmitted across different
frequencies in a predefined order
o 14 channels
2 MHz wide spaced at 5 MHz intervals
11 of these channels are used in the United States
o 802.11g and 802.11n
Also uses OFDM
Same frequencies as 802.11b, but a different modulation
scheme
o 802.11g uses channels 1, 5, 9, and 13
Non-overlapping 20 MHz OFDM channel scheme
Uses DSSS for slower speeds
o 802.11n uses channels 3 and 11

Page 45

40 MHz OFDM channel scheme

3.7 GHz
o Licensed spectrum was added with 802.11y-2008
o Used in 802.11a
o Range of up to 5,000 meters
Only in the United States

Wireless Standards

All wireless standards are managed by the 802.11 committee (IEEE

802)
Modes:
o Infrastructure mode:
One or more APs in a BSS or ESS
o Ad hoc mode
Peer-to-peer connections with IBSS
802.11a
o Original wireless standard released in October 1999
o Operates at the 5GHz range or 3.7 GHz with special licensing
o 54 Mbit/s
o 150 feet max
More realistically, you get 6, 12 and 25 Mbit/s
o Smaller range than 802.11b
802.11b
o Came out at the same time as 802.11a
o Operates at the 2.4 GHz range
o 11 Mbit/s
o 125 feet max
o Better range than 802.11a
Less absorption problems
o More things created interference at this range (baby monitors,
cordless phones, Bluetooth, etc.)
802.11g
o An upgrade to 802.11b
o Operates at 2.4 GHz range
o 54 Mbit/s
o 125 feet max
o Backwards compatible with 802.11b
o Same interference problems as 802.11b
802.11n
o The latest standard
o Operates at both 5 GHz and 2.4 GHz
o 600 Mbit/s
o 225 feet max

Page 46

o Uses MIMO
802.11ac
o Operates at 56 GHz
o Speeds of up to 1 Gbps
Compatibility (802.11 a/b/g/n)
o 802.11g introduced the need for wireless standards to be
compatible with each other
Due to its requirement to be compatible with 802.11b
o Mixing standards will reduce the speed
o 802.11n attempted to maintain compatibility with the older
wireless standards by offering 2.4 and 5 GHz
Legacy mode: acts as 802.11a, 802.11b, or 802.11g
Mixed mode: Transmits older technologies along with the
new
Interoperability feature adds additional performance costs
o A pure network made up of one standard is the best way to reach
the maximum speeds of that standard
802.22: WRAN (Wireless Regional Area Networks)
o Used in rural areas with lower network usage
o Uses 54 and 862 MHz of whitespace television signals
o Point-to-multipoint
o 18 miles distance limitation for users, but 60 miles for
enterprises
o Similar to DSL in speed
1.5 Mbps down / 384 Kbps up

SSID Management

SSID (Service Set Identification)

o A 32-bit alphanumeric string that identifies a wireless network by
a recognizable name
o Every AP comes with a default SSID
BSSID (Basic Service Set Identification)
o An identifier to the BSS in which all devices on a WLAN are
connecting to a particular AP
o The MAC address of the access point
o Not usually seen by the end user
SSID is often configured to broadcast
o Can be disabled
o However, if you know the name you can still connect
ESSID
o The common SSID given to the APs in a network thats large
enough to require more than one AP
Some programs can act as fake access points

Page 47

2.3 Explain the purpose and properties of DHCP

DHCP

IP address configuration used to be manual before BOOTP came along

in 1993
o Bootstrap Protocol (BOOTP) didnt automatically define
everything and didnt know when an IP address might be
available again
o DHCP replaced BOOTP in 1997
DHCP Assignment process (DORA):
o Step 1: DHCP DISCOVER
A device will send a BOOTP broadcast with the address of
255.255.255.255 (every device on the network sees this)
over UDP port 67 until it reaches a DHCP server
A DHCP relay service will act as a messenger by sending
requests to the DHCP server as a unicast transmission
o Step 2: DHCP OFFER
Once the DHCP receives the broadcast it sends an offer
with an IP address over UPD port 68 back to the client
workstation
o Step 3: DHCP REQUEST
Once the client workstation gets offers from all the DHCP
servers, it makes a decision of which one to use and it
sends a broadcast out to an identifier to the desired DHCP
server
A node will accept the first address it is offered
o Step 4: DHCP ACKNOLAGEMENT
DHCP server sends another broadcast to acknowledge that
it has accepted the transactions
Contains the IP address and settings for a lease period
DHCP server keeps track of assigned addresses so multiple
assignment wont occur

Reservations

A DHCP can provide IP addresses via dynamic allocation

o Addresses are handed out and given back to the DHCP server as
devices join and leave the network
Automatic allocation
o Similar to dynamic allocation, DHCP will keep a list of past
assignments and youll always get the same IP address overtime
you connect to the network

Page 48

Static allocation
o Administratively configured
o The admin will put in a list of MAC addresses and set to assign a
particular IP address to that MAC address
o Also known as Address Reservation or IP Reservation

Scopes

A scope is a grouping of IP addresses for a section of a

network
o Each subnet has its own scope
A scope is generally a contiguous pool of IP addresses
o DHCP exceptions can be made inside the scope
Scope properties:
o IP address range, subnet mask, lease durations, DNS server,
default gateway, etc.
A DHCP server must be configured with at least one scope
Configured with name, description, IP range, lease periods, subnet
mask, default gateway address, domain name and IP address of a DNS
server

Leases

A DHCP lease is temporary, but can seem permanent

Setup by DHCP server as an allocation of addresses
o Administratively configured
DHCP servers can reallocate IP addresses to common clients
A lease length is 8 days by default, but can be configured differently
A workstation can manually release its IP address
DHCP renewal
o T1 Timer
Check in with the lending DHCP server to renew the IP
address
50% of the lease time (by default)
o T2 Timer
If the original DHCP server is down, try rebinding with any
DHCP server
87.5% of the lease time (7/8ths)
o The lease time of a DHCP lease is 8 days
During the 8th day, you enter the rebinding period where if
you still cannot communicate with the original DHCP
server, you will go to another one to renew your lease

Options

A special field in the DHCP message contains many options

Page 49

o 254 usable options (256 options total)

o Common options include subnet mast, DNS server, domain
name, etc.
Options such as 129: Call Server IP address or 135: HTTP Proxy for
phone-specific applications
Global options: apply to all scopes
Scope options: apply to only a particular scope
Class options: apply to nodes specifying a class
Registered client options: applies to scope reservation for IP
addresses
Options are configured on the DHCP server, but not all DHCP
servers offer this

2.4 Given a scenario, troubleshoot common

wireless problems

Interference
o A site survey can help you see what frequencies other networks
around you are using
o External sources may be outside your influence
o Signals may bounce off of obstacles and obstructions
Signal strength
o Interference weakens signal strength
o Transmitting signal, transmitting antenna or the receiving
antenna impact signal strength
Incorrect channel
o Channel selection is usually automatic, so look for a manual
tuning option
Bounce and latency
o Multi-path interference and flat surfaces create bounce and thus
latency
Incorrect WAP placement
o Locate closer to users
Configurations
o Basic configuration settings include the IP addressing,
uplink/WAN connection on the WAP
o SSID mismatch is when two APs have incorrect names that make
it so you cant move from one side of the building to another or
when a device has a different SSID than the AP
Incompatibilities
o WAP must be backwards compatible with older wireless
standards

Page 50

Encryption type
o WPA, WPA2, WPA2-Enterprise, and encryption keys are all
methods of encryption that must be compatible with users and
multiple WAPs

2.5 Given a scenario, troubleshoot common router

and switch problems
Switching Loops

Spanning Tree Protocol is often used to prevent this

This is a big fear for network admins
Switches communicate by MAC address, and nothing at the MAC
address level exists to identify loops
Broadcasts and multicasts are sent to every port on the switch
o This is often a problem
IP addresses have TTL that prevents infinite looping, but switches
dont have TTL
Looping can be cause by both ends of a cable that are plugged
into the same switch
Loops use up a lot of resources
The only way to fix loops is to unplug the cable in question if
Spanning Tree Protocol is not in place
How routing protocols avoid routing loops:
o Defining infinity: any packet should reach it destination in 15
hops or less. Any more hops will result in the packet being
dropped
o Split horizon: a router wont inform another router about a route
if information about that routers destination came from it
o Use of a hold-down timer: a router suspends a route that fails to
deliver packets for a couple of minutes

Bad Cables/Improper Cable Types

Troubleshoot the cables themselves if you cannot get a connection

Slow throughput can often be caused by a bad or improper
cable
Intermittent connectivity is also caused by bad cables
Troubleshooting steps:
o No connection:
Is the cable crimped? Is the a link light?
Is the cables punched correctly?
Swap the cable

Page 51

o Slow throughput:
Do you have a link light?
Is the cable damaged?
Swap the cable
o Intermittent connectivity:
Check for link light flickering
Swap the cable
o Swapping the cables is the number one thing you can do to fix a
network cabling issue
A short can occur if a cable is broken or damaged

Port Configuration

Poor throughput is defined by consistent issues that are easily

reproducible
No connectivity? Check link light
o Auto vs. Manual configuration
o Both sides must be the same configuration
Auto configuration is not perfect, so manual configuration is a
good troubleshooting step
Speed must also be the same on both sides
If duplex is mismatched, the speed will suffer
VLAN configuration can also be an issue, so check to make sure you
are plugging a port into the right VLAN
You can always restore a port to its default settings

VLAN Assignment

Not completely obvious to troubleshoot

No connectivity is defined by having a link light, but not able
to ping, or nodes on a different network segments unable to
communicate
o IP related issue
VLANs either work or dont work because everything is done by IP
address and you cant have a VLAN on the wrong subnet
Check the documentation to compare to the switch configuration
Verify IP addressing, especially if you are statically assigning IP
addresses
o Subnet is critically important
Confirm trunk configurations
o Is the VLAN part of the trunk?
o Is the switch port configured for a trunk on both sides?
A trunking error occurs when the VLAN definition is not broadcast to all
switches on the LAN

Page 52

If you change the VLAN configuration, update the client IP

address

Mismatched MTU/MUT Black Hole

MTU (Maximum Transmission Unit) is the maximum size an IP

packet can be to transmit over a network without having to
fragment it
o Fragmentation slows things down (overhead is involved)
o Losing a fragment loses an entire packet
Programs include a fragment bit to prevent this
o Difficult to know the MTU all the way through the path
Automated methods are inaccurate (filtered ICMP)
A TCP/IP handshake will not occur and a connection wont be
established
Ethernet frame properties:

DLC Header
bytes)

(14

IP Header
bytes)

(20

TCP Header
bytes)

(20

TCP Data
(1460 bytes)

FCS (Frame
Check
Sequence) [4
bytes]

o Total data: 1518 bytes

Individual systems can be configured to send less TCP data to
avoid fragmentation
MTU sizes are usually configured once between two connections
MTUs are a significant concert for tunneled traffic
o A tunnel may be smaller than your local Ethernet segment
Routers will respond back and tell you to fragment if you send packets
with DF (Dont Fragment) sent
ping -f -l [bytes] [IP address] will allow you to set the ICMP length/size
of the data and a separate server on the Internet
o On Mac OS X use ping -D -s [bytes] [IP address]

Power Failure

Easy to troubleshoot in person

o Not as easy from a remote site
Check to see if there are external power outages
Check the power supplies of switches and routers
Intermittent connectivity of switches and routers can be
because of the power supply
Use a UPS to prevent these issues
Make sure you add redundancy to your system to plan for the worst
Audit your data center power to prevent the circuit from
breaking/overloading
Page 53

Monitor ongoing power usage with built-in sensors or log

outages

Bad/Missing Routes

An initial failure to communicate is usually a configuration

issue
A complete failure after the router was running for a while is a larger
issue
Intermittent connectivity on routers can be caused by
configuration issues
Perform a trace route to follow your routing tables in both directions
to see the path all the way to the other side
o May require communication with 3rd-parties
If the router is using dynamic routing tables, it makes it easier to
troubleshoot because you can see the routes currently active
Uses SNMP and ping to monitor the routes

Bad Fiber Modules

No connection is verified by no light at all

An SFP module or GBIC module are modules that holds fiber
connections
Throughput may be slow and connectivity may be intermittent
Make sure the switch and router support certain modules or
fiber type
o Never mix and match fiber modules and types of fiber
Fiber is easily replaceable, so you can just swap out the fiber
module
If the fiber module is not the problem, test the fiber
Monitor the status of the connection overtime to prevent future
error more efficiently
o CRC errors?

Wrong Subnet Mask and Gateway

A wrong subnet can be the result of devices on a LAN not

communication with each other
Check your documentation for the proper settings for these
Monitor the traffic to examine local broadcasts
Check the devices around you to determine if these settings are
consistent or not over multiple devices
Take advantage of tracert and ping

Duplicate IP Address

Static IP address assignments must be very organized to

prevent duplication
Page 54

DHCP is not perfect either, sometimes multiple DHCP servers

overlap and rouge (unofficial) DHCP servers may exist
o Use ipconfig to check and change the IP address to be outside
the DHCP scope
Intermittent connectivity is a sign you have an issue with a
duplicate IP address
Duplicate IP addresses may be blocked by the OS, so the OS will
notify you
Always ping an IP address before static addressing
o Ping 127.0.0.1 to verify that IP is working
o Request timed out means that no response was received from
the device
o Host unreachable means that a host was not reached with the
IP address specified
Put a packet capture device on the network to monitor the DHCP
process to see if DHCP is an issue

Wrong DNS

If there is not Internet access, wrong DNS can be an issue

o Definitely a problem if ping works, but the browser does not
Check the IP address of the DNS server by performing an
nslookup
Try changing the DNS server to troubleshoot

2.6 Given a set of requirements, plan and

implement a basic SOHO network
List of Requirements

SOHOs are networks designed for a 1 to 10 person range

SOHO networks are always a remote site
You need to think about what applications (VPN, web based, etc.)
and what data sharing (backups, data management) is needed for a
particular network

SOHO Cabling

A small office network may need an electrical contractor to

come in, while a home office has very basic requirements
A SOHO network is often wireless, so no cabling may be needed
Cabling at a SOHO office do not change often, so setup only happens
one time
Cable length must not exceed 100 meters in a SOHO network

Page 55

Device Types

A DSL or cable modem is provided by the ISP quite often

o These have features such as NAT (Network Address Translation)
o They also have built-in wireless, content filtering, etc.
An Ethernet switch may be part of the router
All-in-one printers are the perfect choice for a SOHO network

Environmental Limitations

A SOHO has limited support for advanced hardware

Temperature needs to be cool and the area where main hardware is
needs to be ventilated
Humidity must be kept low and the air must be conditioned
A UPS is also a good idea for a SOHO
When the SOHO network uses wireless, make sure you avoid the basic
conflicts

Equipment Limitations

SOHO equipment is smaller and less capable due to smaller

network and power requirements
There is also performance limitations with SOHO hardware
Redundancy limitations, no automated failover
Management and upgradability limitations

Compatibility Requirements

SOHO devices are all configured the same way from ISPs so that
troubleshooting is easy
SOHO networks have standardized networks and identical
configurations
Support is abundant due to these standardized factors
Operating Systems are among the strict compatibility requirements of
SOHOs

3.0 NETWORK MEDIA AND

TOPOLOGIES
Page 56

3.1 Categorize standard media types and

associated properties
Fiber

Transmission by light
Very difficult to monitor tap, as there will be a noticeable signal loss
Signal is slow to degrade and efficient for communication over long
distances
Cladding surrounds the core and reflects light back into it
Immune to radio interference
Multimode fiber
o Light bounces off the sides of the cable
o Short-range communications
2km or shorter
o Used for going between different buildings or in even one
building
o Inexpensive light sources like LEDs are used
o Graded-index MMF
Better prevents light dispersal by the center of the core
being faster than the outer core
Singlemode fiber
o Light is one straight line through the cable
o Used for long-range communication
100km without processing
o 30 MHz bandwidth
o Expensive light sources like laser beams are used
o Has a smaller core than MMF
o Step-index SMF
Total internals reflection is used where the speed of
transmitted light is higher than the cladding and a step
down occurs which reflects all light back into the core
If you cut a fiber cable, you must polish the rough edges so light is not
displaced as it leaves the fiber
Consists of:

Page 57

Core
100 microns
thick

Buffer
Strengthening

Materials

Aramid yard, fiber glass,

or steel wire

Sheilding
materials
Optional

Outer jacket
Plastic coating
Can be plenum

Copper

Coaxial
o Two or more forms of the cable share a common axis
o Used in older Ethernet networks
10Base5 (Thicknet) RG-8/U, 10Base2 (Thinnet) RG-58
RG-8 cables implemented in Thicknet networks
required vampire taps, which cut into the cable to
establish a connection
o Today it is used in television/digital cable
Broadband Internet
o RG-9 cables are used in cable television/modem applications
o RG-62 cables are used in ARCNET networks
o RG-59 cables send video signals to another location
o RG-6 cables are used for DSL and cable TV
Twisted pair
o Uses balanced pair operations
Two wires have equal and opposite signals (Transmit+,
Transmit- / Receive+, Receive-)
o The twist of the cables keeps the cables away from interference
Each cable has a different twist rate
o STP (Shielded Twisted Pair)
Additional shielding that protects against interference
Requires the use of an electrical ground
o UTP (Unshielded Twisted Pair)
No additional shielding

Page 58

The most common twisted pair cabling

Cable Categories

The EIA (Electronic Industries Alliance) is an alliance of trade

associations that creates standards for the computer industry
The TIA (Telecommunications Industry Association) has the standards
of ANSI/TIA/EIA-568
Category 3:
o One of the first standardized categories
o Supported 10 Mbit/s Ethernet and 4 Mbit/s Token Ring
Category 5:
o Update from Category 3
o Supports 100 Mbit/s Ethernet
Category 5e:
o Update from Category 5
o Supports up to 1 Gbit/s Gigabit Ethernet
o Tighter specifications for the cable and connectors
Category 6:
o Supports up to 10 Gbit/s Ethernet through 55 meters
Category 6a:
o Designed for 100m of 10 Gbit/s Ethernet
Category 7:
o 1 Gbps to 10 Gbps

Straight-Through cables

Patch cables
o Network jack to a patch panel
o Cables that connect a network device to a jack are also known as
drop cables
The most common Ethernet cable
Connects workstations to network devices
Wires go straight through the cable to an equivalent connection
Two types of network ports:
o MDI (Media Dependent Interface) is usually a NIC
Pin 1: Transmit+
Pin 2: Transmit Pin 3: Receive+
Pin 6: Receiveo MDIX (Media Dependent Interface Crossover) is usually a network
switch
Pin 1: Receive+
Pin 2: Receive Pin 3: Transmit+

Page 59

Pin 4: Transmit-

Crossover cables

Used to connect MDI to MDI (Workstation to Workstation)

Used to connect MDIX to MDIX (Switch to Switch)
Auto-MDIX is on most Ethernet devices
o Automatically decides to cross over
o If this is enabled on the NIC, a crossover cable is not needed
T1 crossover cable
o Used for CSU/DSU to CSU/DSU
o Takes a signal from the wide area network (T1) to a router
Rollover cables
o The wires in a TIA58 configuration are flipped

Plenum Cables

The plenum is the area inside the fake ceiling of an office

building
A plenum-rated cable has a cable jacket with PVC (polyvinyl
chloride) or FED (Fluorinated Ethylene Polymer)
Not as flexible as regular cables
Cables for risers (between-floor connections) do not have as strict
requirements as plenum spaces

Media Converters

Media conversion happens at OSI layer 1

Coaxial cables can be extended by converting its signal to a fiber cable
in the middle and then back again
Copper to Fiber/Fiber to Copper conversions require powered
connections
You can convert from singlemode to multimode fiber without the
power requirements, but uses mirrors
Fiber to coaxial converter allow fiber for the use of home networks

Media Distance and Speed Limitations

10Base5 (Thinknet) uses the RG-8U coaxial cable running at 10

Mbit/s for 500 meters
10Base2 (Thinnet) uses the RG-58A/U coaxial cable running at 10
Mbit/s for 185 meters
10Base-T uses Category 3 twisted pair cables running at 10 Mbit/s
at 100 meters
100Base-TX uses Category 5 twisted pair cables running at 100
Mbit/s at 100 meters

Page 60

1000Base-T uses Category 5e or Category 6 twisted pair cables

running at 1000 Mbit/s at 100 meters
10GBase-T uses Category 6 twisted pair cables running at 10
Gbit/s at 55 meters
o 10GBaseT also uses Category 6a twisted pair cables running at
10 Gbit/s, but at 100 meters instead
Multimode fiber uses:
o 100Base-FX running at 100 Mbit/s at 2km
o 1000Base-SX running at 1000 Mbit/s at 200-500 meters
o 10GBase-SR running at 10 Gbit/s at 300 meters
Singlemode fiber uses:
o 1000Base-LX running at 1000 Mbit/s at 2km
o 10GBase-LR running at 10 Gbit/s at 10km

Broadband over Powerline (BPL)

Broadband transmission over existing power lines

Can provide Internet access via the power line connections
Good for remote locations
Useful for home automation to control devices from afar
Uses radio communication over many different frequencies
BPL is the IEEE 1901 standard called Homeplug AV
Speeds:
o Low Speed: narrow band (15 to 500 kHz)
o Medium Speed: 9 to 500 kHz at 576 kbps
Interference is a big problem with BPL
Insecure, sends data in plaintext

3.2 Categorize standard connector types based on

network media
Fiber

ST (Straight Tip)
o Bayonet connector
o Push it in and turn it to lock
o Most commonly used in multimode patch panels
SC (Subscriber/Standard/Square Connector)
o Weaker lock
o Connecters are stuck together in pairs (for transmit and receive)
o Transmit and receive will be different colors
o Used in duplex configurations

Page 61

LC (Lucent/Local/Little Connector)
o Smaller than ST or SC
o Also packaged in pairs
o Locks on top of the connector (push down to release)
o Can be used in SMF or MMF
MT-RJ (Mechanical Transfer Register Jack / Media Termination recommended jack)
o Same size as a RJ-45 cable for the same amount of real estate
can be used for fiber
o Both transmit and receive are combined into one connection
o Smallest type of fiber connection
o Used in MMF applications
o Also called fiber jack
FC (Face Contact)
o Heavy duty connections for industrial purposes
o Strong ceramic or metal center tube
o Round-shaped
FDDI (Fiber Distributed Data Interface)
o Also called a MIC (Media Interface Connector)
o 2 connectors that snap into a receptacle
o Used for multimode connections at full-duplex
SMA (Sub Miniature type A)
o Waterproof connection
o Threaded tube on the outside
Bionic Connectors
o Screw on connectors that are now obsolete

Copper

RJ-45
o An 8 position, 8 conductor (8P8C) connector
o Modular connector
RJ-11
o A 6 position, 2 conductor (6P2C) connector
o RJ14 uses 6P4C for dual-line use
o Only two wires/conductors are involved in telephone connections
BNC (Bayonet Neill-Concelman)
o Used for Ethernet connection over Coaxial
o Often seen on 10Base2 networks with RG-58
o Rigid and bulky
F-connector
o Used for cable television
o Used with RG-6/U and RG-59 cabls
o Twists in

Page 62

T-connector
o Links a cable to a device
o Either a BNC or F connector fit into it
DB-9 (RS-232)
o Recommended Standard 232
An industry standard since 1969
o A serial connector used for modems, printers, early mice, etc
o Now used as a configuration port
66 block
o Legacy patch panel for voice-only connections
o A cross-connection device that connects wires to other devices
o 25-pair cables are used here
110 block
o Wire-to-wire patch panel
o Supports data and voice transmissions @ 1 Gbps on CAT 6 cables
o No intermediate interface required
o Many wires are punched down into this
Supports 25 500 wires of the T568A or B standards
o 100-pair cables are used here
Patch panel
o 110 punch-down block to connect wiring closets together
o RJ-45 is on the front so you can make changes more quickly than
a 110 block

3.3 Compare and contrast different wireless

standards
See section 2.2 for an overview of what this section covers
802.11 compliant data frame
Frame
Control
(2
bytes)

Frame
type
security
protocol
s

Duratio
n (2
bytes)

Time
until
next
frame

Address
1 (6
bytes)

Address
2 (6
bytes)

Address
3 (6
bytes)

Sequen
ce
control
(2
bytes)

Address
4 (6
bytes)

MAC addresses for source,

transmitter, receiver, and
Ensures frames are
destination nodes
reassembled in the
correct order

Data (6
2312
bytes)

Frame
Check
Sequen
ce (4
bytes)

Payload
For
integrity
checks

Association: where an AP and a client identify one another before a

connection is established

Page 63

o Client sends out a probe frame or listens for a beacon frame

(that contains the SSID) to find an AP to connect to in a process
called scanning
Roaming: Moving a client from on AP to another without causing
connectivity issues.
o In other words, this is the process of moving from one BSS to
another BSS within the same ESS

3.4 Categorize WAN technology types and

properties
T-Carrier System

A digital and packet switched system

Multiplexed connections: Single medium transmits multiple data
streams
o Cost effective
o Very scalable
Uses two twisted pair wires (transmit/receive)
o Full-duplex
Point-to-point WAN
o A dedicated connection between two endpoints
An ANSI DSH specification
o DSH is a standard building block for channelized systems
DS0 = 64 Kbps
DS1 = 1.5 Mbps
DS2 = 6.3 Mbps
DS3 = 44.4 Mbps
DS4 = 274.2 Mbps
T-Carrier Level 1
o Time-division multiplexing
o For North America, Japan and South Korea
o 24 channels @ 64 Kbit/s per channel and 1.544 Mbit/s line rate
E-Carrier Level 1
o E is for Europe
o 32 channels @ 64 Kbit/s per channel and 2.048 Mbit/s line rate
T-Carrier Level 3
o Delivered on coaxial connections with BNC connectors on the
end
o DS3 is the data carried on a T3
o 28 T1 circuits within a T3
672 T1 channels at 44.736 Mbit/s
E3 = 16 E1 circuits

Page 64

o 512 E1 channels at 33.368 Mbit/s

Synchronous Optical Networking

Multiplexing digital signals over optical cable

All circuits use the same clock
Standards include:
o SONET (Synchronous Optical NETworking)
ANSI (American National Standards Institute) standard
Used in the United States and Canada
Uses STS (Synchronous Transport Signals) / OCx (Optical
Connection) to measure bandwidth
o SDH (Synchronous Digital Hierarchy)
ITU (International Telecommunications Union) standard
Used everywhere where SONET is not
Uses STM (Synchronous Transport Modules) to measure
bandwidth
o SONET and SDH are the same, just regional differences just like
T1/E1

Satellite

Line-of-sight microwave transmission

Communication to a satellite is non-terrestrial communication
5 Mbit/s down, 1 Mbit/s up
Good for remote or difficult-to-network sites
High cost relative to terrestrial networking
High latency (250ms up and down)
Must be in line of sight
o High frequencies of 2 GHz, so bad weather affects signal

ISDN (Integrated Services Digital Network)

Transmitted as digital signals

Each circuit has these identifiers:
o Telephone number
o SPID (Service Profile Identifier)
o Three dynamic connection identifiers
BRI (Basic Rate Interface) 2B+D
o Two 64 kbit/s bearer (B) channels
o One 16 kbit/s signaling (D) channel
PRI (Primary Rate Interface)
o Larger than BRI
o Delivered over a T1 or E1
T1 = 23B + D
E1 = 30B + D + alarm channel

Page 65

o Commonly used as connectivity from the PSTN to large phone

systems (PBX)

DSL

ASDL (Asymmetric Digital Subscriber Line)

o Uses telephone lines
o Download speed is faster than the upload speed (asymmetric)
o 10,000 foot limitation from the central office
o 24 Mbit/s downstream and 3.5 Mbit/s upstream
SDSL (Symmetric DSL)
o Never standardized
VDSL (Very High Bitrate DSL)
o 4 Mbit/s through 100 Mbit/s
In DSL:
o Voice is transmitted over the lower frequencies
o Data is transmitted over the higher frequencies

Leased Lines

Dedicated connection
Fixed monthly fee
Speeds: 56 Kbps 2Mbps

Cable

Data on the cable network

o DOCIS (Data Over Cable Service Interface Specification)
o OSI Layer 1 and 2
Provides multiple services (telephone, data, and voice)
Coaxial cables run at about 20 Mbps on average
Contention based, with users arranged in contention groups of nodes
that split television and data signals at the cable providers end

Dialup

Network with voice telephone lines

o Analog lines with limited frequency response
56 kbit/s modems have compression up to 320 kbit/s, but usually
speed is around 56 kbit/s
Relatively slow throughput, difficult to scale

Cellular

Used by mobile devices

Cellular networks separate land into cells where an antenna
converges a cell with certain frequencies
Page 66

2G
o Comes in:
GSM (Global System for Mobile Communications)
CDMAone (Code Division Multiple Access One)
o Poor data support
o Originally used circuit-switching, and minor upgrades were
responsible for packet switching
3G
o UMTS (Universal Mobile Telecommunications System)
o Uses UDMA2000
LTE (Long Term Evolution)
o Based on GSM/EDGE/HSPA
o Download rates of 300 Mbit/s, upload 75 Mbit/s
o Data rates are 100x faster than that of 3G networks
50+ Mbps up, 100+ Mbps down
HSPA (Evolved High Speed Packet Access)
o Based on CDMA
o High speed data services
o 14 Mbps up, 5.8 Mbps down
o HSDPA (High Speed Downlink Packet Access)
o HSUPA (High Speed Uplink Packet Access)
o HSPA+ (High Speed Packet Access Plus)
Multicarrier technology that aggregates multiple 5 MHz
carriers
Large combined channel decreases latency and supports
bursty traffic
Download rates of 84 Mbit/s, upload 22 Mbit/s
WiMAX (Worldwide Interoperability for Microwave Access)
o Supports both LoS and NLos
o Operates in between 2 and 11 GHz
o Fixed WiMAX
30 mile signal radius
High speed
Wi-fi on steroids
IEEE 802.16
37 Mbit/s down, 17 Mbit/s up
o Mobile WiMAX
IEEE 802.16e-2005
Theoretical throughput of 1 Gbit/s for fixed stations, or 100
Mbit/s for mobile stations
Distance is 3 10 miles max

Page 67

OCx Standard

Specifies the bandwidth for fixed transmissions

Channelized technology based on DS0 (64 Kbps), but with a base rate
of 810 channels
Open-ended
o Allows adding of specifications
Specifically corresponds to SONET data rates
One OC channel = 51.84 Mbps
o OC1 = 51.84 Mbps
o OC3 = 3 OC1s
o OC4 = 4 OC1s
o OC12 = 12 OC1s
o OC18 = 18 OC1s
o OC24 = 24 OC1s
o OC36 = 36 OC1s
o OC192 = 192 OC1s

DWDM (Dense Wavelength-Division Multiplexing)

Multiplex multiple OC carriers into a single fiber

Expand without adding additional fiber strands
Different wavelengths of different colors are for each carrier, not
protocol specific
Ability to expand a single 10 Gbit/s system to add 160 signals
and increase it to 1.6 Tbit/s
o You can add up to 80 separate data channels

PON (Passive Optical Network)

Point-to-multipoint
Single fiber can be split up to serve more than one use
Unpowered networking
o Light is split with mirrors and prisms and the light goes out to
multiple connections to multiple ends
o WDM /DWDM is used to send multiple frequencies out
An Optical Line Terminal (OLT) is used with an Optical Network
Terminal (ONT) that splits the light
o One OLT can connect up to 32 ONUs
Ethernet PON is the IEEE 802.3ah-2004 standard
1 Gbit/s upstream, 1 Gbit/s downstream
Encryption is used to secure the different streams that are passing
and splitting

Frame Relay

OSI Layer 1 and 2 packet switching protocol

Page 68

Enables the transmission of data over a shared medium using

virtual circuits
One of the first cost-effective WAN types
o Departure from circuit-switched T1s
LAN traffic is encapsulated into frame relay frames
Frames are passed into the cloud
o Magically pop out to the other side
64 Kbit/s through DS3 speeds
Includes error handling
Replaced by MPLS

ATM (Asynchronous Transfer Mode)

A common protocol transported over SONET

Cell switching network technology that supports high speed
transfer of voice, video, and data
Cell based communication
Uses 53-byte cells spaced evenly apart (48-bytes for data, 5-bytes
for the routing header)
High throughput, real-time, low latency
o Data, voice and video also
High bandwidth availability
Connection-oriented
Max speeds of OC-192
o Limits based on segmentation and reassembly (SAR)
Disadvantages include the fact that it was expensive and complex
o Because of this, it is no longer used

Properties

Circuit switching
o One endpoint creates a single path connection to another
o The circuit is the connection path between endpoints
o Circuit is established between endpoints before data passes
Like a phone call
Connection is never on after it is done being used
o Nobody else can use the circuit while it is idle, so it is inefficient
with resources
o Capacity is guaranteed (bandwidth is set based on what you
paid)
o Types:
POTS and PSTN (Public Switched Telephone Network)
T1/E1/E3
ISDN
Packet switching
Page 69

o Data is grouped into packets like a network

Data is broken into packets and each packet takes the best
route available
o The media is usually shared
o One connection may have more bandwidth allocated than
another
o Types:
SONNET
ATM
DSL
Frame Relay
MPLS
Cable
Satellite
Wireless
Virtual circuit switching
o A combination circuit and packet switching
o Uses logical circuits
o Each packet has a VCI (Virtual Circuit Identifier) that is local to
the link
o Permanent virtual circuits (PVC)
Always on/fixed
A leased line that is fast and reliable
o Switched virtual circuits (SVC)
A single connection that is made as needed on a per call
basis
Less expensive that PVCs
Cell switching
o Data is transmitted as fixed-length cells instead of variablelength packets
o Similar to packet switching
More predictable than packet switching
o ATM is an example of this
o Makes use of blank/filler data
Transmission media
o Nothing happens unless the media works
o Operates on OSI Layer 1
Coaxial
o Copper cables inside thick cables
o Carries signals over long distances (not as long as fiber)
o Signal leakage and ground loops occur with Coax
o Interference is also a problem
Twisted Pair

Page 70

o Have built in electromagnetic interference cancellation due to

the twist
o Thin and flexible
o Tight specifications for bend radius and pulling tension
Optical Fiber
o Been around since the 1840s
o Very long distance communication
o Not susceptible to EMI
o Must be terminated properly
Watch the bend radius

3.5 Describe different network topologies

MPLS (Multiprotocol Label Switching)

Sends traffic through the WAN by attaching a label to the

information
Routing decisions are easy
Any transport medium or protocol will go through MPLS
Uses label switching
o The router adds a label to each incoming data packet and those
packets are forwarded along a path based on that label, rather
than their IP addresses
OSI Layer 2.5 (between 2 and 3)
o Uses Layer 2 attribution to make path determination more
efficient
Labels are pushed onto packets as they enter the MPLS cloud
Labels are popped off on the way out
CoS (Class of Service) tagging for priority is used

Point-to-Point

A one-to-one connection
Older WAN links (point-to-point T1)
Good for connections between buildings

Point-to-Multipoint

One of the most popular communication methods

Used with 802.11 wireless
Does not imply full connectivity between nodes

Ring, Star, Mesh, Bus and Hybrid Topologies

Ring
o Data flows only in one direction
Page 71

o Each link in the chain acts as a repeater

o Used in many poplar topologies like MANs and WANs due to the
built in fault tolerance
o Used to be used in Token Ring, but not any more
o Dual Ring topologies have data going both ways, which improves
reliability
Star
o Used in most large and small networks
o All devices are connected to a central device
o Switched Ethernet networks use this
Mesh
o Multiple links to the same place
o Redundancy, fault-tolerance, and load balancing built in
o Used in WANs
o Fully meshed and partially meshed
Bus
o Early LANs where a coaxial cable was the bus
o Simple, but prone to errors
One break in the link disable the entire network
o A T-connector connects each device to the bus
Tree
o A root node is connected to second level nodes
o Each level has a point-to-point connection with the previous level
Hybrid
o A combination of one or more physical topologies
o Most networks are hybrid
Logical bus/star/ring topologies
o Act like their respective physical counterparts regardless of their
physical wiring/structure
Dividing networks into segments can improve network performance
Radiated connection
o A broadcast domain with WiFi/APs

Client-Server

Uses a central server that has many clients that are connected
to it
No client-to-client communication
Advantages include great performance and centralize administration
Disadvantages include high cost and great complexity

Peer-to-Peer

All devices are both clients and servers

Devices communicate with one another

Page 72

Advantages include low cost and easy to deploy

Disadvantages include difficulty to administer clients and secure data

3.6 Given a scenario, troubleshoot common

physical connectivity problems
Bad Connectors and Wiring

Connectors are the beginning and end of a connection and a

bad connector is a problem for everyone
Connectors are a point of wear and tear (wires in the ceiling never
move)
Many different connectors mean that there is many different ways for a
connector to fail
To troubleshoot:
o Check the original crimp
o All wires must be crimped
o Sheath may have slipped out due to bad crimping
o Check the lock on the cable and replace if missing

Opens and Shorts

A short circuit is where two connections of different voltages

are touching
o Wires are inside of a cable or connection, so this can be hard to
see
An open circuit is where there is a break in the connection
Connections between shorts and opens can be intermittent, but is
always a complete interruption
To troubleshoot:
o Wiggle the cable and look at the link light
o Replace the cable with the short or open
Can be impossible to repair
o Advanced troubleshooting can be done with a TDR (Time Domain
Reflectometer)

Split Cables

Split pairs are a wiring mistake when you mix up wire pairs on
an RJ-45
A simple wire map will pass
Performance will be impacted and suffers from NEXT (Near-End
Crosstalk)

dB Loss

Usually gradual where signal strength diminishes over time

Page 73

Attenuation is the loss of intensity as signal moves through a

medium, usually a metal cable
o Loss measured in dB per meter
Electrical signals through copper, light through fiber, and radio waves
through air all qualify for dB loss
Decibels are signal strength measurements
o Uses a logarithmic scale where you add and subtract losses and
gains
3 dB
2x the signal
10 dB
10x the signal
20 dB
100x the
signal
30 dB
1000x the
signal
o Example: Calculating signal loss in a fiber connection
Total loss through 1km of fiber
1km = 3.5 dB
Patch panel at each end = .5 dB
2 patch panels = 1 dB
Total link loss = 4.5 dB
o dB loss symptoms:
No connectivity
Intermittent connectivity
Poor performance
Signal too weak
CRC errors
Test each connection
Test distance and signal loss

TXRX Reversed

Transmit/Receive reversed
Wiring mistake is usually a cause for this
East to find this mistake on a wire map
To troubleshoot:
o Auto-MDIX may fix an issue with no connectivity
o Locate the reversal location
Often at a punch down
Check the patch panel

Cable Placement

Cables can be at the workstation, in the ceiling, in the floor, in

between floors, and in the data center

Page 74

Cable management is critical

Separate different cable types (like copper and fiber)
Install the highest category possible because it is very hard to
replace cable
Centralize your wiring plant in the middle of the data center
Use a structured cabling system

EMI/Interference

Do not twist, pull, stretch, or bend the cable past the bend
radius
Do not use staples to secure the cables
With copper cables, avoid power chords, fluorescent lights, electrical
cables, and fire prevention components
Test cables after installation to make sure that no problems with EMI
exist
Causes cracking, humming, poor voice quality, and network
degradation

Crosstalk (XT)

When two cables in parallel of each other interfere with each

other
Signal on one circuit affects another circuit in a bad way
Causes slow performance and dropped packets
Crosstalk can be a leaking of a signal (hearing another
conversation in your phone)
Crosstalk can be measured with cable testers
NEXT (Near End Crosstalk) is the interference measured at the
transmitting end
FEXT (Far End Crosstalk) is the interference measured at the
receiving end
AXT (Alien Crosstalk) is the interference measured from other
cables
ACR (Attenuation to Crosstalk Ratio) is the difference between
insertion loss and NEXT
o Uses a SNR (Signal to Noise Ratio)
To troubleshoot:
o Almost always a wiring issue
Check the crimp
o Maintain the twists in a twisted pair cable
o CAT6a increases the cable diameter, so there is increased
distance between pairs

Page 75

3.7 Compare and contrast different LAN

technologies
Ethernet Frames

Ethernet standard 802.3

PRE
(Preamb
le)
(7 bytes)

Synchronizatio
n and timing
info
Informs all

SFD
(Start
of
Frame
Delimit
er)
(1 byte)

DA
(Destinat
ion
Address)
(6 bytes)

1st byte of data MAC

that identifies theaddress of
destinatio
beginning of
n
actual data
computer
10101011

SA
(Source
Addres
s)
(6
bytes)

Frame
Type
(2
bytes)

MAC
address of
computer
sending
frame

Data
(46
1500
bytes)

ID of frames
type or length
of frame

Frame
Check
Sequen
ce
(4
bytes)

32-bit
CRC
value

Types of LAN Technologies

De facto standards: standards that are publically accepted due to

widespread use
De jure standards: standards that are mandated by law or
organization
o Organizations that can do this are ISO, IEEE, ANSI, TIA/EIA, or
IETF)
10Base-T
o 10 Mbit/s: Standard Ethernet
o Base = baseband (single frequency)
o T = twisted-pair
o Category 3 cables are used with it
o 100 meter maximum distance
100Base-TX
o Fast Ethernet
o Category 5 (or better) twisted pair copper wires
100 meter maximum distance
100Base-FX
o Pair of optical fiber
o Multimode fiber maximum lengths
400 meters (half-duplex), 2km (full-duplex)
o Singlemode fiber maximum lengths
2km+
1000Base-T
o Gigabit Ethernet over Category 5 twisted pair cable
Cat 5e or 6 is also used

Page 76

Uses all four pairs of wires in the cable compared to the

two pairs used by the previous standards
1000Base-X
o Gigabit Ethernet over fiber
o 1000Base-LX = Long wavelength laser (over 5km)
o 1000Base-SX = Short wavelength laser (550 meters)
10GBase-SR
o Short Range
o Multimode fiber, 300 meters with the right fiver
Other fiber might go 80 meters
10Base-LR
o Long Range
o Singlemode fiber, 10km to 25km
10GBase-ER
o Extended Range
o Singlemode fiber, up to 40km
10GBase-SW, 10GBase-LW, 10GBase-EW
o Integrates 10 Gigabit Ethernet into the WAN
o SONET and SDH used
o Same fiber and distances as 10GBase-SR, 10GBase-LR, and
10GBase-ER
10GBase-T
o Uses twisted pair cables
o Category 6 = 55 meters
o Category 6a = 100 meters

CSMA/CD

Used in wired networks

CS = Carrier Sense
The device communicating on the network is listening to tell if
the other side is transmitting
MA = Multiple Access
CD = Collision Detect
o When two stations are talking at once, there is a collision in the
network
Not used much any longer because it is half-duplex
Critical Mass Number: the highest number of devices allowed to
communicate at once
Enables nodes to detect activity on communication channel
3 steps:
1. Nodes prepares data for sending
2. Node checks if channel is busy
3. Node transmits data

Page 77

Two nodes can do this at the same time, causing a collison

CSMA/CA

Uses DCF (Distributed Coordination Function) to avoid collisions

on wireless networks by detecting if the network is busy
o Requires ACK for every packet
CA = Collision Avoidance
Common on wireless networks
o Collision detection is not possible
Common to see RTS/CTS
o Ready To Send/Clear To Send
o Station has to wait until it gets a clear to send
Solves the hidden node problem
o The access point can hear everybody, but the individual stations
cannot hear each other
o This prevents signals overlapping and thus multiple signals being
transmitted at once
Steps:
1. Prepare data to transmit
2. Check if network is free
3. Send a jamming signal and wait
4. Transmit data
5. Check for jamming signal
6. Listen for ACK packet

Bonding/Link Aggregation

A generic term for port trunking, NIC bonding, NIC teaming and LAG
Describes a scenario when you plug in multiple interfaces to
increase the throughput between devices
Allows for high performance (multiple 1 Gbit/s or 10 Gbit/s ports)
Redundancy is included in this due to the multiple interfaces
Common to see this in data center environments
All devices must be able to LAG, as defined by the IEE 802.3ad

3.8 Identify components of wiring distribution

Distribution frames

A part of the network where you punch down cables

Passive cable termination with punch down blocks and patch panels
Usually mounted on the wall or flat surface
Works for all transport media
Page 78

Often used as a room or location name and is significant part of the

network

MDF (Main Distribution Frame)

Central point of the network

o Usually in the data center
Where internal lines connect to an ISP or similar
Connects the service provider the IDF
Acts as a termination point for WAN links
Good test point because all data is passing through this location

IDF (Intermediate Distribution Frame)

Connects workstation devices to the MDF

An extension of the MDF
A strategic distribution point located in the equipment room
Connects the users to the network
o Uplinks from the MDF
o Contains workgroup switches and other local resources
Common in medium to large organizations
An MDF is distributed to an IDF

Vertical / Horizontal Cross-Connects

Horizontal cross-connects
o Connects workstations to the telecommunications closet via drop
cables to the patch panel
Vertical cross-connects
o Connects the telecommunications closet to equipment rooms

Demarc

Means Demarcation Point

The point at which and external service provider assumes responsibility
for a connection
The spot where you connect with the outside world
o Usually the WAN provider or ISP
o At the MDF for telephone connections
o At the CSU/DSU for WAN connections
Used everywhere, even at home (like the router)
Located in a central location in a building
o Usually a network interface device
o Can be as simple as an RJ-45 connection
Customers equipment is the CPE (Customer Premises Equipment)

Page 79

Demarc extensions are connections that lie between an

organizations network and the infrastructure owned by a service
provider
o Occurs in buildings with more than one tenant and the ISP must
split the connections

Smartjack

A Network Interface Device (NID)

A network interface unit that performs any protocol translation
required between a service provider and an internal network
The device that creates the demarc, as it is installed AT the demarc
More than just a box, inside is a circuit card and chassis
Built-in diagnostics and alarm indicators
o Can be used for troubleshooting purposes

CSU/DSU (Channel Service Unit / Data Service Unit)

Sits between the router and the circuit

CSU
o Connects the network provider
DSU
o Connects the data terminal equipment (DTE)
A physical device or built-in to the router
Plugs in with a RJ-48c cable (looks like an RJ-45)
The connectivity to a router is a serial connection usually v.35
or RS-232
Takes the digital signal from the WAN to the router
May also include monitor jacks for diagnostic equipment

Page 80

4.0 NETWORK MANAGEMENT

4.1 Explain the purpose of features of various
network appliances
Load Balancer

The load must be shared between different servers in largescale implementations

A single load-balancing device will distribute the load evenly
across multiple servers
o Invisible to the end-user
Provide fault tolerance to a network
o Server outages have no effect
Very fast convergence
Traffic comes from the Internet, goes into the load balancer,
and then the load balancer distributes the traffic evenly to the
servers
o The load can be configured per server
TCP Offloading: load balancer eliminates the need for the
server to approve before the information is transmitted to it
o Eliminates overhead
SSL Offloading: Encryption/decryption happens only at the load
balancer, not each individual server
o Eliminates overhead
Offers caching for a faster response for common requests
Also offers prioritization through QoS
Offers content switching in which certain applications go to designated
servers

Proxy Servers

An intermediate server that makes requests on your behalf

Page 81

The proxy server makes the request and then provides results back to
the client
Used for access control, caching, URL filtering and content scanning
Three setups of proxy servers:
o Forward Proxy: User and proxy are on an internal network
o Reverse Proxy: Those communicating on an external proxy must
communicate with a proxy server in an internal network before
communicating with a web server
o Open Proxy: Proxy is in the middle of two external networks
Least secure of the three

Content Filter

Allows you to control traffic based on the data within the

content
o Data in the packets
Corporate control of outbound and inbound data of sensitive materials
Prevents users from viewing inappropriate content
Can protect against viruses
Email filtering:
o Uses content filtering to prevent spam, phishing, and
advertisements
URL filtering:
o Allow or restrict based on URL (Uniform Resource Locator)
o Managed by category (auction, hacking, malware, travel,
recreation, etc.)
o Limited control
URL filters sometimes cannot look through encrypted data

VPN Concentrator

A piece of hardware designed to the encrypting and decryption

that is necessary for VPN networks
Used in very large environments uses these because encryption and
decryption in VPN is very CPU intensive
Often used with client software, or software can even be built into the
OS
When the end user starts the software on their computer, a VPN tunnel
is created between the user and the VPN concentrator which encrypt
and decrypts the information

Page 82

4.2 Given a scenario, use appropriate hardware

tools to troubleshoot connectivity issues
Crimpers

Used to pinch a connector on a wire

Used for coaxial, twisted pair, and even fiber
Connects the modular connector to an Ethernet cable, for example
Metal prongs are pushed through the insulation
o Plug is permanently pressed onto the cable sheath

Linemans Handset

Connects to a circuit from the line

o Looks like a phone
Often called a butt set
It is a universal tool for testing multiple types of connectors
o Called myriad connectors or Alligator clips
o Mostly analog connections, but some are digital
Plug the connectors into the connection, you dial a number and
troubleshoot
Often used to confirm an installation

Toner Probe

Tracks where a wire might be going by following the tone

Two pieces:
1. Tone generator that puts an analog sound on the wire
2. Inductive probe detects and makes a sound when you are
near the wire
Simply connect the tone generator to the wire (various different
connections) and use the inductive probe to listen for the tone
o Tone will get louder as you get closer
For fiber cables, this will not work because fiber transmits light

Punch Down Tools

Allows you to punch a wire down into a punch-down block (66

block or 110 block)
Punching down can be very tedious
Punching down also trims the wires, so it is a very efficient process
Can be a very violent process
Best practices:
o Be very organized (document punch-downs)
o Maintain your twists on Ethernet cables

Page 83

High speed capability depends on the quality of the punch

in the end
o Document everything

Protocol Analyzer

Gathers packets from the network and reports the results back
to you
Many open source software is available
Very powerful, but can be hard to user
Must have a port mirror, hub, SPAN (Switched Port Analyzer),
or physical tap to obtain the data
Gather as much information as possible
Clearly document during the capture process
Will convert hexadecimal to ASCII for you in real time
Allows you to troubleshoot hard-to-understand application
problems

Loopback Plugs

Useful for testing physical port or fooling your applications

You send data out of a connection and then sending it right back in
Used for any type of network connections
Not crossover cables, instead they just loopback the information
Usually you dont need them until there is a problem
o Only used for diagnostics
You can make your own loopback plugs

TDR/OTDR

Time Domain Reflectometer / Optical Time Domain

Reflectometer
OTDR is used for fiber connections
Estimates cable lengths, splice locations, impedance, and
signal loss
Sends an electrical signal called a ping down the cable and listens
for certain reflections caused by discontinuity
o Calculates time and distance
Very advanced and expensive devices
Requires training
Resolves Layer 1 issues quickly

Multimeters

Measures voltage, current and resistance

Also called a Volt-Ohm Meter (VOM)
Both analog and digital versions

Page 84

Inexpensive, starts at $10

Easy to use, but be careful around power
You can check AC voltage coming out of a wall or DC voltage coming
out of a PSU or CMOS battery
You can also check for continuity, connectivity, and fuse status
with multimeters

Environmental Monitors

Has electronic sensitivity to the environment

Useful for testing for temperature, humidity, water, and power
voltages
Provides real-time monitoring
Has multiple inputs for looking for different things in different places
They can have sensors on the floor that alerts if there is flooding
Servers may have these built into them

4.3 Given a scenario, use appropriate software

tools to troubleshoot connectivity issues
Using Protocol Analyzers

A protocol analyzer can help solve complex application issues

WireShark is a popular protocol analyzer
First, you must capture the data and store the packets into memory
Second, filter by types of traffic to pinpoint what you are looking for

Throughput Testers

A specialized piece of software or hardware that allows you to

push the limits of a resource/device
o Network throughput or application performance
Software based throughput testers run from workstations or servers
Hardware based throughput testers are very high-end, but very
expensive
Allows you to see what the bandwidth or speed a type of
resource would perform at

Ping

Allows you to test reachability

Uses ICMP (Internet Control Message Protocol)
One of the primary network troubleshooting tools
Each OS where you are using ping will have different syntax and
features available

Page 85

Ping tells you round-trip time in milliseconds, time-to-live, and packets

received/lost
ICMP related tools are a very low priority for routers

Tracert

Determines the route a packet takes to a destination

o Maps the entire path
Windows calls it tracert and Linux/Unix (POSIX) calls it trace route
o On UNIX systems, the tool MTR (My Trace Route) combines ping
and trace route to identify packet loss
Takes advantage of ICMP Time To Live Exceeded error message
o The TTL refers to hops, not seconds or minutes
o TTL = 1 is the first router, TTL = 2 is the second router
Not all devices will reply with ICMP Time To Live Exceeded
o Firewalls can filter this out
o These locations will display as a time out error message

Nslookup/Dig

Looks up information from DNS servers

o Canonical names, IP addresses, cache timers, etc.
nslookup
o Both Windows and POSIX
o Looks up names and IP addresses
Dig (Domain Information Groper)
o Provides more advanced domain information
o Dig is installed automatically for POSIX, but is third-party for
Windows
o Provides Question and Answer sections
Non-authoritative answer means that the answer did not come
from the local DNS server, but an external DNS server
Both nslookup and dig are command line tools

Ipconfig/Ifconfig

Allow you to ping your local router/gateway

ifconfig is for Windows and ifconfig is for POSIX
ifconfig is comparable to ifconfig, but the syntax may be different

ARP (Address Resolution Protocol)

Determines the MAC address based on the IP address

Syntax might be different for Windows vs. POSIX
Devices will have ARP caches so nothing is repeated in a short time
frame

Page 86

Nbtstat

NetBIOS over TCP/IP

Used for Windows NetBIOS traffic over TCP/IP
A Windows-only utility for querying NetBIOS over TCP/IP
information
Lists local and remote devices
nbtstat -n lists local NetBIOS names
nbtstat -A lists remote NetBIOS names referenced by IP address
nbtstat -a lists remote NetBIOS names, referenced by name

Netstat

Stands for Network Statistics and gives you just that

Differs between OS versions
netstat -a shows all active connections
netstat -b shows what binaries/executable are opening up and
providing services on particular ports
netstat -n explicitly does not perform DNS resolutions to improve
speed
o You can append the n immediately after any other flag

Route

Helps you manage your IP routing table

o Print, add, delete, and change
Available in many different operating systems
Used mostly to view the routing table
o Very rarely would you need to change, add, or delete a route
route -f clears the routing table
route -p change/add route
route print prints the interfaces, IPv4 routing table, and IPv6 routing
table
route delete deletes the table, and route add allows you to add a
route
show ip route is a command to use on Cisco routers to view the
routing table

4.4 Given a scenario, use the appropriate network

monitoring resource to analyze traffic
SNMP (Simple Network Management Protocol)

Queries network devices to manage them, determine

throughput, and more
Page 87

Uses a MIB (Management Information Base)

o A database of data that lists all the variables and statistics that a
particular device can gather
o Each type of device uses a different MIB
SNMPv1: The original
o Queried devices and got responses back in structured tables inthe-clear with no security
SNMPv2:
o Provided data type enhancements, bulk transfers, but still no
encryption
SNMPv3:
o Provided message integrity, authentication, and encryption
SNMP information can be very detailed, it literally tells you
everything about a device
Allows you to put to gather analytical views of what is going on the
network
All devices with SNMP enabled record information about their
activity

Syslog

It is very important to centralize all the logs from various

different devices
Syslog is a standard protocol for forwarding log messages
Syslog provides an interface to view all the different logs from firewalls,
Windows servers, routers, etc.
Syslog is hosted on a big server, so the more disk space the more info
you can record
Syslog methods are standardized, but the actual content is not
Reporting options include text and graphics and long-term analytics
Not simple to use, requires training

Traffic Analysis

Valuable data such as bandwidth and response times is stored

in packets
o Traffic analysis allows you to obtain this data
You can detect trends and perhaps predict the future on the network
To gather this data, use packet analyzers to read every packet
and store the raw data or meta-data (statistics of the data) to
memory
Some devices gather statistics for us like SNMP, RMON, and NetFlow
o Standalone probes, server, and workstation logs also provide
information
Low-level details:

Page 88

o Bandwidth utilization
o Errors
Flow information:
o TCP response time
o TCP/UDP port usage
Application details:
o Application use
o Application response time
o Sub-application usage (Ex: Google Mail, Google Plus, etc.)

4.5 Describe the purpose of configuration

management documentation
Wiring Schemes

Cables can foul up a perfectly good plan

Many connectors look alike, so a cable-mapping device can be
useful
T568A and T568B termination
o Pin assignments from EIA/TIA-568-B standard
o Eight conduction 100-ohm balanced twisted-pair cabling
o T568A and T568B have different pin assignments
o T568A is for horizontal cabling
o T568B is the most commonly used type
o You cant terminate one side of the cable with T568 with T568B
o T568A Colors: WG, G, WO, B, WB, O, WBR, BR
o T568B Colors: WO, O, WG, B, WB, G, WBR, BR

Network Maps

Networks are built in phases, or large chunks that change at a

time
o These changes are invisible often due to the cables being in the
walls and ceiling
Documentation is essential to keep track of how a network is
distributed
o Physical and logical
Specialized software allows you to create maps
Physical network maps
o Follows the physical wire and devices
Logical network maps
o High level views like WAN layout and application flows

Page 89

o Useful for planning and collaboration

o A graphical representation

Documentation

Institutional knowledge can be bad

o Only Tom knows where that wire goes
In other words, institutional knowledge is not necessarily
properly documented
The location for the documentation and how the
documentation is stored must be standardized
o The Helpdesks support tickets can be a great way to document
cases of issues

Cable Management

Cable management has a standard: ANSI/TIA/EIA 606

o Information should be presented and reported in a certain way
o Pathways, space, and grounding need to be done in a specific
way
o Colors of cables should be specific to their purpose
Everything is tagged and labeled in a standard format:
o Ex: CB01-01A-D088 (Main facility, Floor 1 space A, Data port 88)

Asset Management

A record of every asset (routers, switches, cables, fiber models,

CSU/DSUs, etc)
Important for financial reasons, audits, and tax depreciation
Every asset should be tagged with a barcode, RFID, or other
tracking numbers
A master database will store all this information

Baselines

Various data should be baselined to obtain solid metrics to

predict what will happen in the future
Having statistics that go back a long period of time allow you to predict
the future
Baselines are a point of reference for certain data
Important for business decisions on how one should manage their
network
The statistics used for baselines include aforementioned
aspects such as SNMP and traffic analyzing

Change Management

The structured and manageable change of technology

Page 90

o This includes OS upgrades, application installation, and router

modification
The goal is to minimize the impact of changes to customers,
businesses and organizations
Change management is a process and procedure
This is the business side of IT that is designed to protect the
organization
The process varies widely and every change has a window and
recovery plan
Very little technology is involved in this process
o It is a way to rather organize this technology

4.6 Explain different methods and rationales for

network performance optimization
Methods

QoS
o Prioritize traffic performance based on application type
VoIP traffic has priority over web-browsing
Prioritize by maximum bandwidth or traffic rate
o This traffic shaping is known as rate limiting
o Weighting and load balancing is also involved
o Protocol-level management is also useful
CoS (Class of Service) = 802.1q trunk
ToS (Type of Service) = IPv4 and IPv6 header
Load balancing
o Distributes loads over many servers
o A grouping of multiple servers is called a cluster
o Very common in large environments
o CARP (Common Address Redundancy Protocol)
Assign multiple hosts with the same IP address
Open standard, similar to Ciscos HSRP
Implemented in BSD
o Many options for balancing
This includes load distribution and content distribution
o Can load balance in software, but hardware is the best bet
High availability
o Design a system for smallest chance of downtime
o There can only be 5 minutes of downtime per year to maintain
99.999% uptime (five nines)
o Higher availability almost always means higher costs

Page 91

o Nothing is 100% available all the time

Fault tolerance
o Maintain uptime in case of a failure
o Adds complexity
The cost of managing the environment increases
o Also single devices must be fault tolerant
RAID, redundant power supplies, and redundant NICs will
accomplish this
o Multiple device fault tolerance is also critical:
Server farms with load balancing or multiple network paths
will accomplish this
Caching engines
o Store frequently-requested content to speed response time for
users
o Often combined with web proxy technologies
Can save bandwidth in the right environment
o Dynamic web pages and streaming media cannot be cached
because they constantly change
o Many solutions exist to implement cache engines

Reasons

The number one priority is uptime

o You must plan for contention and unforeseen circumstances
High bandwidth applications take up a lot of resources, and this is a
reason to optimize a network
VoIP
o Packets must arrive on time
o Old data is useless (1/4 of a second is considered old)
Jitter
Video applications
o Latency sensitivity and high-bandwidth are involved in real-time
video applications
Latency sensitivity
o A slow network means degraded application functionality
o Real-time information is important

5.0: NETWORK SECURITY

Page 92

5.1 Given a scenario, implement appropriate

wireless security measures
Encryption Protocols

WEP (Wired Equivalent Privacy)

o Different levels of encryption key strength: 64-bit or 128-bit key
size
o Cryptographic vulnerabilities identified in 2001
First bytes of the output key stream are strongly nonrandom
Once you gather enough packets, you can easily discover
the entire WEP key
WPA (Wi-Fi Protected Access)
o Used the RC4 cipher with TKIP (Temporal Key Integrity Protocol)
o Initialization Vector (IV) is larger and an encrypted hash
o A short term work around before WPA2
WPA2
o Standardized in 2004
o Used the AES (Advanced Encryption Standard) cipher that
replaced RC4 and CCMP (Counter Mode with Cipher Block
Chaining Message Authentication Code Protocol) replaced TKIP
WPA2-Enterprise
o Adds 802.1x authentication
o RADIUS server authentication
o This is what the UCDenver network uses

MAC Address Filtering

Permits access to a wireless network based on the physical

hardware address of a device
Easy to find working MAC addresses through a wireless LAN analysis
Not a good security measure because of the fact that you can discover
what MAC addresses connect to a network, and then change the MAC
address on another computer to those MAC addresses
You can easily administer MAC address filtering via the router/WAP
console

Signal Strength

Power level controls

o A wireless configuration that should be set as low as possible
without loosing throughput
o High-gain antennas can hear a lot, so the location of the WAP is
important

Page 93

Device Placement

Antenna placement is extremely important in optimizing a

wireless network
You many need multiple access points, all being different
channels so they do not interfere with each other

5.2 Explain the methods of network access security

ACL (Access Control Lists)

Selectively prevents traffic from moving from one place to

another
ACLs are permissions associated with an object
o Used in file systems, network devices, operating systems, and
more
States the permissions that a user can have
MAC address filtering is used in ACLs as well
o Restricted to access by local physical addresses
IP filtering is also used in ACLs
o Allows you to restrict access by network address
Port filtering is also done
o TCP/UDP services can be limited
Access list example:
o #access-list 1 deny 172.16.2 0.0.0.0
o #access-list 1 permit any

Tunneling and Encryption

VPN
o Sets up a secure, encrypted connection from software on a
device, through a VPN concentrator, to an external, private
network
SSL VPN (Secure Sockets Layer VPN)
o Uses common SSL protocol (TCP/443)
o Almost no firewall issues
o No big VPN clients, usually client-to-site communication
o It will authenticate users
o Can be run from a browser or from a light VPN client across many
different operating systems
PPTP (Point to Point Tunneling Protocol)
o Only creates the connection/tunnel that an encrypted connection
uses
o Does not encrypt any information
Page 94

o However, it can authenticate across the network using the

following methods:
MS-CHAPv2 (Microsoft Challenge-Handshake
Authentication Protocol)
Allows you to login with your domain credentials
Integrated into Windows
EAP-TLS (Extensible Authentication Protocol - Transport
Layer Security)
A way to authenticate and encrypt information
o Data can be encrypted with MPEE (Microsoft Point-to-Point
Encryption)
o Very easy to use, just enter a username and password
L2TP (Layer 2 Tunneling Protocol)
o Update to PPTP
o Used UDP/1701
o Address IPSec for encryption
o Service providers often use L2TP to provide endpoint
connectivity
o Commonly found on mobile devices
IPSec (Internet Protocol Security)
o Security for OSI Layer 3
o Authentication and encryption for every packet (packet signing)
Standardized via RFC 4301 and RFC 4309
o Two protocols associated with it:
Authentication Header (AH)
Hash of the packet and a shared key
o MD5, SHA-1, or SHA-2 are common
Builds its own AH header in a packet (in between the
IP header and the data)
o Sometimes creates its own IP header and AH
header in front of the original IP header and
data
Encapsulation Security Payload (ESP)
Encrypts the packet
Hashes the packet and uses 3DES or AES for
encryption
An ESP header is included between the IP header and
data in a packet and a ESP trailer after the data
along with an Integrity Check Value at the end of the
packet
Both of these can be used together:

Page 95

An AH Header and an ESP Header are in between the

IP header and the data and a ESP trailer and Integrity
Check Value are at the end
o Phase 1: Key Exchange
Uses ISAKMP (Internet Security Association and Key
Management Protocol)
Two devices communicate back and forth and
exchange keys
Uses UDP/500
o Phase 2: Quick Mode
Coordinates ciphers and key sizes

Remote Access

RAS (Remote Access Service)

o Used in the days of dial-up
o Implemented through software or hardware and you use phone
lines to dial in to the RAS server
o Microsoft created the term
PPP (Point-to-Point Protocol)
o OSI Layer 2 protocol
o Provides authentication, compresses data, error detection, and
multilink
o Used in many physical networking environments
o PPPoE (PPP over Ethernet)
Common on DSL networks
Easy to implement due to universal OS support and no
routing required
RDP (Remote Desktop Protocol)
o Allows you to share a desktop from a remote location over
TCP/3389
o Remote Desktop Services is on many Windows versions
ICA (Independent Computing Architecture)
o Citrix proprietary protocol, but broadly used in Windows Terminal
Services
o Runs remote applications remotely and can be seamlessly
integrated
o Many clients connecting to one server
Centralized management with reduction in client footprint
SSH
o Text-based terminal access
o An encrypted terminal

Page 96

5.3 Explain methods of user authentication

Hashing

When you log in, a hash of the password (MD5 or SHA) is stored
locally on the computer and this hash is compared with an
identical hash on the server
o If both the hashes match, you are authenticated

PKI (Public Key Infrastructure)

A digital, public key certificate

Binds a public key with a digital signature
The digital signature adds trust
o PKI uses Certificate Authority for additional trust
o Web of Trust adds other users for additional trust
Certificate creation can be built into the OS
o Part of Windows Domain Services and are 3rd party for Linux
Uses asymmetric encryption
o User provides one key encrypted with one key, and that key is
decrypted with another key
The public key is encrypted and only the private key can decrypt
the data
A PKI takes a lot of planning
o Policies, procedures, hardware, software, etc.
PKI also refers to the binding of public keys to people

Kerberos

A network authentication protocol that only requires you to log

in once and is trusted by the system
Uses mutual authentication where the client and server directly
communicate
o Protects against man-in-the-middle attacks
Standard since the 1980s via RFC 4120
Microsoft has used Kerberos since Windows 2000
In Greek mythology, Kerberos was the three headed dog guardian of
the underworld
These three heads are the three aspects of Kerberos:
o KDC (Key Distribution Center)
Responsible for verifying the users identity using
TCP/UDP/88
o Authentication Service
Authenticates a user over a network
o Ticket Granting Service
Provides the user to go to any resource across a network

Page 97

Kerberos Authentication Process

o Authentication:
Step 1:
Send the AS (Authentication Service) a logon request
Encrypt the date and time on the local computer
The users password hash is the key (but the
password has isnt sent across the network)
Step 2:
If the time is within 5 minutes, the AS sends a TGT
(Ticket Granting Ticket)
TGT is the client name, IP address, timestamp, and
validity period (10 hours max)
Tickets are encrypted with the KDC (Key Distribution
Center) secret key so it cant be decrypted
o Client Service Authentication
Step 1:
Send the ticket to the TGS (Ticket Granting Service)
A copy of the TGT and the name of application server
is on the ticket along with a time stamped client ID
encrypted with TGS session key
The TGS returns to the client the service session key
to use with the application server. This is also
encrypted with the TGS session key
Service ticket containing user information and
service session key is encrypted with the application
server secret key
Step 2:
Client sends to the application sever the encrypted
service ticket and another time-stamped
authenticator
Step 3:
Application server decrypts the service ticket to
confirm the message is untampered
Application server decrypts authenticator with
service session key
Application server may respond with a timestamp
encrypted with the service session key. Client can
decrypt and compare to verify no man-in-the-middle
Step 4:
Application server now responds to client requests

Page 98

AAA (Authentication, Authorization, and Accounting)

Checks credentials, provides access information, and logs

access time
Centralizes everything with one password
RADIUS (Remote Authentication Dial-In User Service)
o Old protocol that uses dial-in
o Uses UDP by default
o Information on a dial-in network is sent to a RAS and checks with
the AAA server to check the authentication
TACACS (Terminal Access Controller Access-Control System)
o Created to control access to dial-up lines to ARPANET
o XTACASCS (Extended TACACS)
Cisco proprietary
Provides additional support for accounting and auditing
o TACACS+
The latest Cisco proprietary version of TACACS
Not backwards compatible
Provides more authentication requests and response codes

Network Access Control

IEEE
o
o
o
o
o

802.1X is Port Based Network Access Control (PNAC)

You dont get access to a network until you authenticate
Extensive use of EAP and RADIUS
Performs a posture assessment of a remote device
Determines a threat before allowing it to access
These ports refer to the physical ports in the wall, not TCP/UDP
ports
o Workstation (supplicant) -> Authenticator (Sends EAP request) ->
Authentication Server

CHAP

PAP (Password Authentication Protocol)

o Old, seldom used today
o Sends usernames and passwords in the clear
o Unsophisticated and insecure
CHAP (Challenge-Handshake Authentication Protocol)
o Encrypted challenge is sent over the network
o A three-way handshake occurs
Server sends challenge message, client responds with
password hash, and server compares received hash with
stored hash
Continues throughout the connection
o MS-CHAP is CHAP for Microsoft

Page 99

EAP (Extensible Authentication Protocol)

An authentication framework that provides many different

ways to authenticate based on RFC standards
Used commonly on wireless networks
o WPA and WPA use five EAP types
A framework, not a protocol
o Provides authentication, but used within a protocol
Uses 802.1X
o EAP over LANs
LEAP (Lightweight EAP)
o Cisco proprietary
o Based on MS-CHAP, and uses passwords only
o Insecure, didnt last for long
PEAP (Protected EAP)
o Created by Cisco, Microsoft, and RSA Security
o Encapsulates EAP in a TLS tunnel and is one certificate on the
server

Multi factor Authentication

More than one types of information is used to authenticate a

user on a network
o Something you know, something you have, and something you
are
Can be expensive due to separate hardware tokens
o Free mobile applications can make this inexpensive
Something you have:
o Smart card
Integrates with devices and may require a PIN
o USB token
Certificate is on the USB device
o Hardware of software tokens
Generate pseudo-random authentication codes
o Your phone
SMS code is sent to your phone

Singe Sign-On (SSO)

A method to authenticate the user just one time

Many different methods act as a SSO:
o Kerberos
o 3rd-party options
Not seen much in smaller environments
SaaS (Software as a Service)

Page 100

o Cloud-based software, that is changing the way we use

applications
o Google Docs for example

5.4 Explain common threats, vulnerabilities, and

mitigation techniques
Wireless

Wardriving
o Combines WiFi monitoring and GPS
o Describes the situation where people drive around and logging
for access points
o Allows one to gather a huge amount of intel in a short period of
time
o You can combine all this data into a geographic view
Warchalking
o In the early days people drew symbols on the sidewalk to
indicate the state of the WAP

WEP cracking
o IV (Initialization Vectors) are an extra bit of data thrown into a
packet to change things around
Changes every time data is sent
o With 802.11 WEP, the IV is passed along with the encrypted data
o A 64-bit key has a 40-bit key and a 24-bit IV
o Plaintext and the CRC (checks for integrity) are XORd with the IV and the
WEP (encrypted with RC4) into Cyphertext (with the IV)
16,777,216 possible RC4 cypher streams for the IV, which
is all that you need to reverse this process
o Everybody has the same key in WEP
No key management
o Some IVs dont properly provide good encryption
o Bad guys will inject frames to intentionally duplicate IVs
More duplicate IVs makes for easier key identification
WPA cracking
o WPA is cryptographically stronger that WEP
o WPA2-Enterprise keys constantly change
o WPA2-Personal has a PSK (Pre-Shared Key)
Venerable to brute-force and dictionary attacks
Page 101

Rouge access points

o Schedule a periodic site survey to be sure nobody has set up a
malicious rouge WAP
o Using 802.1x can prevent this security threat
Evil twins
o When somebody sets up a malicious WAP that tries to trick users
to connect to them
o Very easy to accomplish this
o Sometimes they can overpower existing access points

Attacks

DoS (Dial of Service)

o When somebody forces a service to overload on a network
o Bad guys take advantage of a design failure of vulnerability
Keep systems patched
o Can cause a system to be unavailable
o Can be a smokescreen for some other type of attack
Can be a precursor to a DNS spoofing attack
o This does not have to a complicated attack
You can simply turn off the power
DDoS (Distributed Denial of Service)
o Launching an army of computers to bring down a service by
using all of the networks resources
o Botnets are used most often, where thousands or millions of
computers are part of a system
o DDoS can be an asymmetric threat
The attacker may have fewer resources than the victim
Smurf attack
o A type of DoS attack that crafts a ping request from a different IP
address to the broadcast address of a network
o When a broadcast address is pinged, all computers on that
subnet or network also ping the server
o This can create a server outage
Man-in-the-middle attacks
o When another entity intercepts a conversation by redirecting the
traffic and even modifies the data
o Uses ARP poisoning (spoofing) where you can watch all the traffic
going by
o When a bad guy poses as another MAC address
Social engineering
o Electronically undetectable
o Look out for suspicious phone calls or unattended persons
o Sometimes people within the organization may bypass security
control
Page 102

o Can be as simple as plugging in an unknown USB drive

Virus
o Malware that can reproduce itself
o All it needs you to do is to execute a program
o Reproduces itself through file systems on the network
o May or may not cause problems
o Always update an anti-virus software
o Boot sector virus
Virus roots itself in the boot sector in a hard drive
o Program viruses
Part of the application/executable
o Script viruses
OS and browser based scripts that run
o Macro viruses
Common in Microsoft Office
o Multipartite viruses
Multiple viruses are working together
Worms
o Malware that self-replicates
o Uses the network as a transmission medium
o One worm on a network can affect multiple machines at once
o Worms like Nachi can do good things
o Firewalls and IDS/IPS can mitigate many work infestations
o Conficker worm
Infects shared computers with weak passwords, out of date
computers, open network shares, and USB memory sticks
Buffer overflow attacks
o Overwriting a buffer of memory
o Developers need to perform bounds checking to prevent this
o Not a simple exploit
o Sometimes buffer overflows can only cause a program to crash
Packet sniffing attacks
o Capturing traversing unencrypted packets on the network
o Relatively difficult to capture over wired networks
o Easy to gather packets on a wireless network
Must be quiet and not transmitting anything
o To prevent this, use encryption on your WAP (only WPA and
WPA2)
If you type https in a URL, you are encrypting your traffic
You can use end-to-end VPN as well
FTP bounce attack
o Use with an FTP server to send traffic to a third device on the
network

Page 103

o Takes advantage of passive mode FTP

o You can tell the server to send a file to a completely different
place
o Difficult to find an FTP server that has this vulnerability today
o This is an old attack

Mitigation Techniques

Training and awareness

o Do not put passwords on sticky notes
o Make sure users know where to store data on the network
o Clean desk policies can be safe to implement
o Personally owned devices must be managed securely
o Tailgating can also be a big issue
o Be aware of viruses, phishing attacks, and spyware
o Social networks have a false sense of trust
Patch management
o Patches are updates, which are very important
o Service Packs are many patches at once
o Windows Server Update Services (WSUS) is centralized patch
management for Windows devices
o At home, patch management is more manual
Policies and procedures
o National Institute of Standards and Technology NIST Special
Publication 800-53 laid out security controls
Technical:
802.1x, biometrics, card readers, IPS/IDS, firewalls
Management:
Third-party testing, long-term security budgeting
Operational:
Security lunch-and-learns/brown bags, disaster
recovery planning, incidence response planning
o Do a mandatory training session to users so they understand
what the policies and procedures are
o Security training best practices
How to deal with viruses
Company policy for visitors
How to react to security concerns
o Some users may need specific security training
Incident response
o Collect and protect information relating to an intrusion
o RFC 3227 are Guidelines for Evidence Collection and Archiving
o Perform the standard digital forensic process:
Acquisition, analysis, and reporting

Page 104

o Information must be detail oriented

o Order of volatility: the time that data sticks around
From most to least volatile: registers, cache, routing table,
ARP cache, memory, temporary file systems, disks, remote
logging, physical configuration, archive media
o Image an entire hard drive to protect information regarding an
incident
o Review network traffic and logs from routers, firewalls, and
switches
o Create a hash of a file to later prove the file was untouched
o Interview witnesses

5.5 Given a scenario, install and configure a basic

firewall
Types of Firewalls

Hardware firewalls
o Filters traffic by port number
o Work at OSI Layer 4
Some can filter through OSI Layer 7
o Can encrypt traffic into/out of the network
o Can proxy traffic
o Most firewalls can be layer 3 devices (routers)
Software firewalls
o Personal firewalls
o Included in many operation systems
o Stops unauthorized network access
Stateful firewall
Blocks traffic by application
o Windows Firewall is a popular software-based firewall

Stateful Inspection vs. Packet Filtering

Stateless firewalls were nothing more than packet filters

Stateful firewalls understand all the flows on the network
o The firewall knows what devices, ports and what packets are
allowed to pass data through the firewall
o Much more powerful than stateless firewalls

Firewall Rules

Block/allow traffic based on tuples

o Source IP, destination IP, port number, time of day, application,
etc.
Firewalls take a top-to-bottom logical approach
Page 105

Can be very general or very specific

o Specific rules are usually at the top
Implicit deny: firewalls will allows traffic through as long as that
traffic is in an ACL
o Most firewalls include a deny at the bottom

PAT (Port Address Translation)

Performs NAT, but also modifies the port numbers along with
the IP address
The NAT Conversion Table within the firewall keeps track of the
original and modified IP addresses and port number
Static NAT
o Inbound traffic to public IP addresses get NATed over a particular
port to a specified web server

DMZ (Demilitarized Zone)

An area on a network specifically for inbound traffic

Not on the internal network, but within the firewall
NAT will be performed on users in this zone as well

5.6 Categorize different types of network security

appliances and methods
IDS and IPS

Intrusion Detection/Prevention System

Designed to prevent and detect intrusions
Detection = alarm or alert
Prevention = stop it before it gets into the network
Network-based IPS
o Software or hardware (for enterprises) are used
Host based IPS
o Started as a separate application
Now integrated into many endpoint products
o Protect based on signatures
o Protect based on activity

Vulnerability Scanners

A passive test that looks for problems with a server or

application to see where openings might be
Port scanning is used to accomplish this
Test from the outside and inside of the network
o Most attacks will come from outside of the network

Page 106

Make sure you have the latest signatures before you do your scanning
The scan can inform you if there is lack of security controls,
misconfigurations, and real vulnerabilities

Methods

Honeypots are a security tool that tries to trick the bad guys
into performing their tricks so you can later use this
knowledge to prevent intrusion
The bad guys are probably a machine
Honeypots are single-use/single-system traps
Honeynets use more than more than one honeypot on a network

Page 107