NETWORK ACCESS4.1 # ETHERNET AT THE DATA LINK LAYER
Ethernet provides services correcponding to Layer1 & Layer2 of the OSI reference model and IEEE 802.3 specifies the physical layer (Layer1) and the channel-access portion of the Data Link (Layer2). in additio, IEEE 502.3 doesn't define a logical link control protocol but doesn't specify several defferent physical layers, whereas Ethernet define only one.
# ETHERNET ADDRESSIG
Every network device has unique physical identity that is assigned by the manufacturing vendor is called MAC address or Ethernet address. The MAC address is also known as the hardware address while the IP address is the logical address of the device. The MAC address is defined in the Hexa-decimal format generally. It consists of 6 bytes (48 bits) where the first three bytes are used as the identity of the vendor and the last three bytes are used as the mode identity. The MAC address works on th mac sub-layr of the data link layer of the OSI model.
Switches give network managers te ability to increase bandwidth without adding unesessary complexity to the network. Layer 2 data frames cosist of both infrastructure content such as end user content and MAC media access control address also known as Ethenet address. At data link layer no modification is required to the MAC address of the data frame when going between like physical layer interfaces such as from Ethernet to Fast ethernet. However chages to MAC address of the data frames might occur when bridging between unlike media types such as FDDI and Ethernet or Toke ring and Ethernet.
Switches learn the mac address and built a table on the base of mac addressing of the LAN segment called MAC address table. ARP, the Address Resolution Protocol is the protocol that resolves the IP addresses into MAC addresses. RARP, the Reverse Address Resolution Protocol is a reverse of ARP and resolves MAC addresses into IP addresses.
The MAC layer of the Gigabit Ethernet is similar to those of standard ethernet and fast ethernet. MAC layer of Gigabit Ethernet should be maintain full duplex and half duplex broadcasting. The characteristics of Ethrnet such as collsion detection, maximum network diameter, repeater rules, MAC addressing and so forth will be the Gigabit ethernet. Support for half duplex ethernet adds frame bursting and carrier extension, two functions not found in ethernet and fast ethernet.
# ETHERNET FRAMES
There ar various types of frames such as Ethernet frames, Ethernet jumbo frames and Snap frames etc. The following illustrates the frame fields accociated with both ethernet and Ethernet IEEE 802.3 jumbo frames.Various fields exits for both Etheret frames and Ethernet jumbo frames :
a) SDF (start Frame Delimiter) b) FCS (Frame Check Sequence)
The Ethernet frames field illustrated in the table are as follows :
∎ Preamable: The alternating pattern of one and zeros tells receiving stations that and Ethernet or Ethernet jumbo frame is coming. The Ethernet frame includes an additional byte that is equivalent of the Start of Frame (SOF) field specified in the Ethernet IEEE 802.3 jumbo frames.
∎ Start of Frame (SOF): The IEEE 802.3 delimeter byte ends with two consecutive 1 bits, which serve to synchronize the frame reception portions of all stations on the LAN. SOF is explicitly specified in ethernet. It is also knowns as Start Frame Delimiter (SFD).
∎ Source and Destination Address: The first 3 bytes of the addresses ar sppecifid by the IEEE on the vendor dependent basis. The last 3 bytes are specified by the Ethernet or IEEE 802.3 vendor. Souce address should be unicast address which is the address of a singl device while destination address could be unicast multicast of broadcast address of all nodes.
∎ Type (Ethernet): After ethernet processing is completed this upper layer receives data.
∎ Length(Ethernet jumbo frame): The lenght indicates th number of bytes of data that follows this field.
∎ Data (Ethernet): Wehn processing at physical layer and link layer is completed, frame data is forward towards upper layer protocol for processing which is show in type field. Although Ethernet version 2 doesn't specify any padding (in contract to IEEE 802.3), Ethernet expects at least 46 byts of data.
∎ Data (Ethernet jumbo Frame): After physical layer and link layer procssing is complete, the data is sent to an upper layer protocol, which must be defined withi the data portion of the frame, if at all. When frame data is not enough and it should be minimum 64 bytes frame.
∎ Frame Check Sequence (FCS): It contains 4 bytes of CRC value which sendind device has created and it is then calculated again by receiving device to find out damaged frames.
SNAP Frame
The SNAP frame has its own protocol field to identify the application layer protocol. This is really a way to allow an Ethernet frame to be used in an 802.3 frame. You can identify a SNAP frame because the field of DSAP and SSAP are always AA and the command field is always 3. To allow the proprietary protocols by application developers to be used in the LLC frame, the IEEE defined the SNAP format. It is mostly used in AppleTalk proprietary frams ad not used vry much. Cisco used a SNAP frame with their proprietary protocol CDP.
4.2 # CISCO DISCOVERY PROTOCOL (CDP) INTRODUCTION
It is a tool which allow to discover the networking devices in the network. The network administrator can manage the networking devices with the help of CDP. CDP protocol remains enable by default in all Cisco routers and switches. CDP supports all LAN and WAN media. The CDP packets forwarded on a fix interval of 60 seconds on multicast addresses in the network. The SNMP message of CDP contains the hardware platform, IP addresses, hostname and duplex setting etc.
CDP find the networking devices and their configuration in the network. CDP find the IP address of a router out of the gateway or WAN link. The CDP is compatible with LLDP on another device than Cisco. In short we can say the CDN helps to collect the information of hardware and protocols of the next devices. These information can be used for troubleshooting and maintenance of the network.
R1# show cdp entry *
Device ID: R3
Entry address(es):
IP address : 10.10.20.2
Platform: cisco C2800, Capabilities: Router
Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/0
Holdtime: 161
R1# show cdp interface
Vlan1 is administratively down, line protocol is down
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet0/0 is up, line protocol is up
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet0/1 is up, line protocol is up
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/0 is up, line protocol is up
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/1 is administratively down, line protocol is down
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
R1# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
R3 Fas 0/1 153 R C2800 Fas 0/0
R2 Fas 0/0 153 R C2800 Fas 0/0
By default, CDP enable on device. To disable the CDP, use no cdp run command in global configuration mode.
R1(config) # no cdp run (to disable the cdp)
R1(config) # cdp run (to enable the cdp)
By default CDP is enable on each interface, to disable cdp use no cdp enable command in interface mode.
R1(config-if) no cdp enable (to disable the cdp)
R1(config-if) cdp enable (to enable the cdp)
R1# show cdp neighbors (show a list of lldp neighbors and some basic information)
4.3 # LINK LAYER DISCOVERY PROTOCOL (CDP) INTRODUCTION
It is an industry standard protocol. By default, LLDP is disable on all devices. LLDP enables Ethernet network devices, such as switches and routers, to transmit and/or receive descriptive information, and to store such information learned about other devices. The data sent and received by LLDP is useful for many reasons:
∎ devices can discover neighbors —-- other devices directly connected to it.
∎ LLDP message timer = 30 sec and LLDP hold-down timer =120 sec.
∎ LLDP messages use multicast MAC address = 0180.C200.000E.
∎ A device can run CDP and LLDP at the same time.
we will need to specify the interfaces which we will want to enable LLDP and enter their interface configuration mode
1. R1(config)# lldp run (to enable the lldp on device)
2. R1(config)# no lldp run (to disable the lldp on device)
DistSW1#conf t
DistSW1(config)# int range fa0/1-4
DistSW1(config-if-range)# lldp transmit (allow interface to transmit lldp messages)
DistSW1(config-if-range)# lldp receive (allow interface to receive lldp messages)
DistSW1(config-if-range)# end
4. R1# show lldp neighbors (show a list of lldp neighbors and some basic information)
5. R1# show lldp
6. R1# show lldp traffic
7. R1# show lldp entry entry
8. R1# show lldp interface interface-id
9. R1# show lldp neighbors interface-id
10. R1# show lldp errors
11. R1# clear lldp counters
4.4 # ETHERCHANNEL (LAYER2 / LAYER3) LACP
It is defined as agregating multiple physical interface that creates a logical interface is known as port channel. It is used to combine links from one networked device to another logically so they act like one line (for example you can connect two switches together, or a switch to a server). This can be helpful when you’re trying to load balance. It can be used in conjunction with STP, but essentially replaces it. MAC bundle traffice in etherchannels is representing to Layer-2 level. IP bundle traffice in etherchannels is representing to Layer-3 level and Port bundle traffice in etherchannels is representing to Layer-4 level.
Fast EtherChannel allows multiple physical Fast Ethernet links to combine into one logical channel. This allows load sharing of traffic among the links in the channel as well as redundancy in the event that one or more links in the channel fail and also covers the Port Aggregation Protocol (PAgP) and trunking support over EtherChannel. Fast EtherChannel can be used to interconnect LAN switches, routers, Firewall, servers, and clients via unshielded twisted pair (UTP) wiring or single-mode and multimode fiber. This document refers to Fast EtherChannel, Gigabit EtherChannel, port channel, channel and port group with a single term, EtherChannel. The information in the document applies to all of these EtherChannels.
The Cisco-proprietary hash algorithm computes a value in the range 0 to 7. With this value as a basis, a particular port in the EtherChannel is chosen. The port setup includes a mask which indicates which values the port accepts for transmission. With the maximum number of ports in a single EtherChannel, which is eight ports, each port accepts only one value. If you have four ports in the EtherChannel, each port accepts two values, and so forth. This table lists the ratios of the values that each port accepts, which depends on the number of ports in the EtherChannel:
| Number of Ports in the EtherChannel | Load Balancing |
|---|---|
| 8 | 1:1:1:1:1:1:1:1 |
| 7 | 2:1:1:1:1:1:1 |
| 6 | 2:2:1:1:1:1 |
| 5 | 2:2:2:1:1 |
| 4 | 2:2:2:2 |
| 3 | 3:3:2 |
| 2 | 4:4 |
Verify your configuration of EtherChannel (L2/3)
1. CONFIGURE THE SWITCH-1
sW-1> enable
sW-1# configure terminal
sW-1(config)# interface port channel 1
sW-1(config-if)# switchport mode access
sW-1(config-if)# exit
sW-1(config)# interface port channel 2
sW-1(config-if)# switchport mode access
sW-1(config-if)# exit
sW-1(config)# interface range Fa0/1 – 2
sW-1(config-if-range)# shutdown
sW-1(config-if-range)# channel-group 1 mode on
sW-1(config-if-range)# end
sW-1# configure terminal
sW-1(config-if)# interface range Fa0/3 – 4
sW-1(config-if-range)# shutdown
sW-1(config-if-range)# channel-group 2 mode desirable
sW-1(config-if-range)# no shutdown
sW-1(config-if-range)# end
sW-1(config-if)# interface range Fa0/1 – 2
sW-1(config-if-range)# no shutdown
sW-1(config-if-range)# end
2. CONFIGURE THE SWITCH-2
sW-2> enable
sW-2# configure terminal
sW-2(config)# interface port channel 2
sW-2(config-if)# switchport mode access
sW-2(config-if)# exit
sW-2(config)# interface port channel 3
sW-2(config-if)# switchport mode access
sW-2(config-if)# exit
sW-2(config-if)# interface range Fa0/3 – 4
sW-2(config-if-range)# shutdown
sW-2(config-if-range)# channel-group 2 mode auto
sW-2(config-if-range)# end
sW-2# configure terminal
sW-2(config)# interface range Fa0/5 – 6
sW-2(config-if-range)# shutdown
sW-2(config-if-range)# channel-group 3 mode active
sW-2(config-if-range)# no shutdown
sW-2(config-if)# end
sW-2(config)# interface range Fa0/1 – 2
sW-2(config-if-range)# no shutdown
sW-2(config-if-range)# end
3. CONFIGURE THE SWITCH-3
sW-3> enable
sW-3# configure terminal
sW-3(config)# interface port channel 2
sW-3(config-if)# switchport mode access
sW-1(config-if)# exit
sW-3(config)# interface port channel 3
sW-3(config-if)# switchport mode access
sW-3(config-if)# exit
sW-3(config-if)# interface range Fa0/3 – 4
sW-3(config-if-range)# shutdown
sW-3(config-if-range)# channel-group 2 mode on
sW-3(config-if-range)# end
sW-3# configure terminal
sW-3(config-if)# interface range Fa0/5 – 6
sW-3(config-if-range)# shutdown
sW-3(config-if-range)# channel-group 3 mode passive
sW-3(config-if-range)# no shutdown
sW-3(config-if-range)# end
sW-3(config-if)# interface range Fa0/1 – 2
sW-3(config-if-range)# no shutdown
sW-3(config-if-range)# end
Note: If you want to configure the etherChannel layer-3 level then you would give the ip address on port channels interfaces like below mentioned
sW(config)# interface port channel 2
sW(config-if)# ip address 192.168.10.1 255.255.255.0
sW(config-if)# exit
4.5 # COMPARE CISCO WIRELESS AND CLOUND-BASED AP ARCHITECTURES
An autonomous AP is self-contained. Each AP must be configured and maintained individually. Each AP must also be configured with a management IP address. Each autonomous AP handles its own security policies with no central point of entry between the wireless and wired networks.
APs are managed, controlled and monitored centrally from the cloud. Each AP will contact the cloud when it powers up and will self-configure. Configure and manage APs, Monitor wireless performance and activity, generate reports etc.
Physical interface have some form of physical element - for example, an RJ-45 male connector on an ethnet cable.
Virtual interfaces are software-based interfaces that you create in the memory of the networking device useing CISCO IOS Commands. Virtual infaces don't have a hardware component such as the RJ-45 female port on a 100BASE-T fast Ethernet network interface car.
Distribution system port: used for all normal AP and management traffic; usually connects to a switch port in 802.1Q trunk mode. You can also configure all of them to operate as single logical group, much like an EthernetChannel or port-channel on a switch. This is known as a Link Aggregation Group (LAG).
4.6 # DESCRIBE AP AND WLC MANAGEMENT ACCESS CONNECTIONES
1) How to configure the telnet ?
WLC(config)# line vty 0 4
WLC(config-line)# speed 9200
WLC(config-line)# password password_teln et
WLC(config- line)# login
WLC(config-line)# exec-timeout 5 0
WLC(config- line)# exit
{ (conf)# clear line 3 (Terminating) }
2) How to configure the SSH ?
WLC(config)# line vty 0 4
WLC(config-line)# transport input ssh
WLC(config-line)# end
WLC(config) #username senior
WLC(config-if)# ip domain-name ssm.in
WLC(config-if)# crypto key generate rsa
WLC(config-if)# ip ssh version 1/2
WLC(config-if)# ip ssh timeout 90 authentication-retries 2
WLC(config-if)# exit
Client computer: PC>SSH –L senior 192.168.1.11
3) How to configure the HTTP ?
WLC(config)# ip forward-protocol nd
WLC(config)# ip http server
WLC(config)# ip http authentication local
WLC(config)# ip http secure-server
4) How to configure the management-connection ?
WLC(config)# interface GigabitEthernet0
WLC(config-if)# vrf forwarding Mgmt-intf
WLC(config-if)# ip address 192.168.117.20 255.255.255.0
WLC(config-if)# negotiation auto
WLC(config-if)# exit
| For | SSh | Telnet |
|---|---|---|
| Security | Highly security | Less secure than SSH |
| Port number | Use TCP port number 22 | Use TCP port number 23 |
| Data format | SSH sends all the data in encrypted format. SSH uses a secure channel to transfer data over the network | Telnet sends the data in plain text |
| Authentication | SSh uses public key encryption in order to authentication the remote users | Telnet uses no authentication mechanisms |
| Data Privacy | usernames and Password can be prone to maliciois attack | Data sent using this protocol can't be easily interpreted by the hacker |
| Key Network | Suitable for public network | Suitable for private network |
| Vulnerabilities | Can be considered a replacement of telnet since has overcome many of security issues of telnet | Is order the SSH ans has many vulnerability tha SSH |
| Bandwidth usage | High bandwidth usage | Low bandwidth usage |
| For | HTTP | HTTPS |
|---|---|---|
| Security | System for transmitting and receiving information over internet | It need arose to addres exchange of confidentional information over insecure internet |
| Port number | Use TCP port number 80 | Use TCP port number 443 |
| Data formatk | It is appropriate when non-sensitive information needs to be exchanged. | Transfer of encrypted information |
| Authentication | Used for data transfer with header from client | HTTP within SSL/TLS |
4.7 # DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP)
DHCP server assigns the IP address automatically and works on assigned Port No. 67 for Server provide the services and Port No.68 for Client listen the services. DHCP is working with the help of DORA (Discover Offer Request Acknowledgement).
DORA processingo Servers send the message and broadcast to all port is known as Discover message.
o Discover cover the MAC address, then again server send the message against Discover and broadcast to all port is known as Offer message.
o New client send the offer message for allocation is known as Request message.
o Server receives the request message and broadcast the new message for client is known as Acknowledgement message.
Configuration:
Switch (config) #interface fa 0/1
Switch (config-if) # ip address 192.168.1.11 255.255.255.0
witch (config-if) # no shutdown
Switch (config-if) # exit
Switch (config-if) # ip dhcp excluded-address 192.168.1.2 192.168.1.7
Switch (config) # ip dhcp pool server
Switch (config-if) # network 192.168.1.0 255.255.255.0
Switch (config-if) # default-router 192.168.1.1
Switch (config-if) # dns-server 10.10.0.8
Switch (config-if) # exit
Switch # show ip dhcp binding
Be updated into yourself and improve lives through DIT
0 Comments