Term
|
Definition
| (also called NIC teaming), two or more physical connections to the same network are logically grouped
(or bonded). Data is divided and sent on multiple interfaces, effectively increasing the speed at which the device can send and
receive on the network |
|
|
Term
|
Definition
is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The
spanning tree protocol (STP) runs on each switch and is used to select a single path between any two switches. |
|
|
Term
|
Definition
Load balancing configures a group of servers in a logical group (called a server farm). Incoming requests to the group are
distributed to individual members within the group. Incoming requests can be distributed evenly or unevenly between group
members based on additional criteria such as server capacity. |
|
|
Term
|
Definition
Caching is the process of saving previously acquired data for quick retrieval at a later time. With caching, data is stored in
memory or on disk within a network device, where it can quickly be retrieved when needed. Recalling the data from the cache
is faster than requesting the data from the original location. |
|
|
Term
|
Definition
QoS refers to a set of mechanisms that try to guarantee timely delivery or minimal delay of important or timesensitive
communications. |
|
|
Term
|
Definition
is a device that is capable of modifying the flow of data through a network in
response to network traffic conditions. Specific
-Bandwidth throttling-imit the amount of data
that can be downloaded from a website in an hour
-Rate limiting to restrict the maximum bandwidth available to a customer |
|
|
Term
Multilayer
switch/content
switch |
|
Definition
Normal switching occurs at the OSI model layer 2, using the MAC address to perform frame forwarding. Switches use
specialized hardware called an applicationspecific
integrated circuit (ASIC), which performs switching functions in hardware
rather than using the CPU and software. |
|
|
Term
Common
Address
Redundancy
Protocol
(CARP) |
|
Definition
CARP is an implementation of fault tolerance that allows multiple firewalls and/or routers on the same local network to share a
set of IP addresses. If one of the firewalls or routers fails, the shared IP address allows hosts to continue communicating with
the firewall or router without interruption. |
|
|
Term
| NIC Teaming, also known as Load Balancing/Failover |
|
Definition
allows multiple network adapters to function together as a single network
interface
1. To provide additional bandwidth. If you configure the team so all of the NICs are active at the same time, then the system gets the form of group
bandwidth of all the NICs in the team
2.To provide fault tolerance |
|
|
Term
|
Definition
1.You need to install at least two Ethernet interfaces in the system
2.The drivers used for the NICs must support teaming
3.The computer's operating system must support NIC teaming. |
|
|
Term
|
Definition
Switchdependent
teaming requires the adapters in a team to be connected to the same switch. This configuration is used to
implement bandwidth aggregation. All of the NICs within the team are in an active/active state, meaning they are online and
processing frames all of the time. |
|
|
Term
|
Definition
allows the adapters in a team to be connected to different switches. This configuration is used to
provide failover redundancy and increase the system’s availability. Using multiple NICs and switches protects the system from
a failed network card and a failed network switch.
1.switches are not aware that the interfaces on the server are members of a NIC team.
2.One interface in the team operates in passive mode. It doesn't process frames unless one of the other interfaces in the
team fails. |
|
|
Term
|
Definition
are devices that can encrypt and decrypt packets. When you create a VPN, you establish a security association between the two
tunnel endpoints. The endpoints create a secure, |
|
|
Term
|
Definition
Routers use the unencrypted packet headers to deliver the packet to the destination device. Intermediate routers along the path cannot read the
encrypted packet contents
1.A VPN can be used over a local area network, across a WAN connection, over the Internet, and even over a dialup
connection.
2.VPNs work by using a tunneling protocol that encrypts packet contents and wraps them in an unencrypted packet. |
|
|
Term
PointtoPoint
Tunneling
Protocol
(PPTP) |
|
Definition
Microsoft as one of the first VPN protocols
Uses standard authentication protocols, such as CHAP and PAP.
Supports TCP/IP only.
Encapsulates other LAN protocols and carries the data securely over an IP network.
Uses MPPE for data encryption.
Is supported by most operating systems and servers.
Uses TCP port 1723 |
|
|
Term
Layer Two
Tunneling
Protocol
(L2TP) |
|
Definition
L2TP is an open standard for secure multiprotocol routing. L2TP:
Supports multiple protocols (not just IP).
Uses IPsec for encryption.
Is not supported by older operating systems.
Uses TCP port 1701 and UDP port 500. |
|
|
Term
Internet
Protocol
Security
(IPsec) |
|
Definition
authentication and encryption, and it can be used in conjunction with L2TP or by itself as a VPN solution. IPsec
includes the following three protocols for authentication, data encryption, and connection negotiation:
1.Authentication Header (AH) enables authentication with IPsec.
2.Encapsulating Security Payload (ESP) provides data encryption.
3.Internet Key Exchange (IKE) negotiates the connection. |
|
|
Term
| secure IPsec the following types of comm. |
|
Definition
1.Hosttohost
communications within a LAN.
2.VPN communications through the Internet,
3.Any traffic supported by the IP protocol, including web, email, Telnet, file transfer, SNMP traffic, as well as countless
others. |
|
|
Term
|
Definition
uses either digital certificates or preshared
keys
IPsec cannot be used used with NAT. This is because when NAT modifies the source or destination
address of a packet, |
|
|
Term
|
Definition
The SSL protocol has long been used to secure traffic generated by IP protocols such as HTTP, FTP, and email. SSL can also be
used as a VPN solution, typically in a remote access scenario.
Authenticates the server to the client using public key cryptography and digital certificates.
Encrypts the entire communication session.
Uses port 443, which is already open on most firewalls. |
|
|
Term
Generic
Routing
Encapsulation
(GRE) |
|
Definition
GRE is a tunneling protocol that was developed by Cisco. GRE can be used to route any Layer 3 protocol across an IP network.
Creates a tunnel between two routers.
Encapsulates packets by adding a GRE header and a new IP header to the original packet.
Does not offer any type of encryption.
Can be paired with other protocols, such as IPsec or PPTP, to create a secure VPN connection. |
|
|
Term
|
Definition
connects 2 or more media segments on the same subnet, and it filters traffic between both segments based on the MAC address in the frame
layer 2 OSI model
are used to separate one part of a subnet form another/ elimantes unecessary traffic between segments and keeps the network from wasting bandwith. |
|
|
Term
|
Definition
1.Frequency Hopping
Spread Spectrum
(FHSS)
2.DirectSequence
Spread
Spectrum (DSSS)
3.Orthogonal FrequencyDivision
Multiplexing
(OFDM) |
|
|
Term
|
Definition
|
|
Term
Frequency Hopping
Spread Spectrum
(FHSS) |
|
Definition
Because FHSS shifts automatically between frequencies, it can avoid interference that
may be on a single frequency.
Hopping between frequencies increases transmission security by making
eavesdropping and data capture more difficult. |
|
|
Term
DirectSequence
Spread
Spectrum (DSSS) |
|
Definition
With DSSS, the transmitter breaks data into pieces and sends the pieces across multiple
frequencies in a defined range. DSSS is more susceptible to interference and less secure then
FHSS. |
|
|
Term
Orthogonal FrequencyDivision
Multiplexing
(OFDM) |
|
Definition
breaks data into very small data streams in order to send the information across long
distances where environmental obstacles may be an issue
1.which allows for a very large number
of small data streams in a single frequency.
Reduces the effects of signal interference caused by environmental obstacles, such as
walls or buildings.
2.Is used by 802.11g/a/n and ac wireless 3.networks to achieve higher transfer speeds |
|
|
Term
|
Definition
An ad hoc network works in peertopeer
mode without an access point. The wireless NICs in
each host communicate directly with one another. An ad hoc network:
Uses a physical mesh topology with a logical bus topology.
Is cheap and easy to set up.
Cannot handle a large number of hosts.
Requires special modifications to reach wired networks. |
|
|
Term
|
Definition
wireless network uses an access point (AP) that functions like a hub on an
Ethernet network. |
|
|
Term
|
Definition
Wireless networks use Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) to control media access and avoid
(rather than detect) collisions. Collision avoidance uses the following process
1.The sending device listens to make sure that no other device is transmitting. If another device is transmitting, the
device waits a random period of time (called a backoff period) before attempting to send again
2.the sending device broadcasts a Request to send (RTS) message to the receiver or
AP. The RTS includes the source and destination, as well as information on the duration of the requested
communication.
3. The receiving device responds with a Clear to send (CTS) message. The CTS also includes the communication
duration period. Other devices use the information in the RTS and CTS to delay send attempts until the
communication duration period (and subsequent acknowledgement) has passed.
4. The sending device transmits the data. The receiving device responds with an acknowledgement (ACK). If an
acknowledgement is not received, the sending device assumes a collision occurred and retransmits the affected packet.
in halfduplex |
|
|
Term
|
Definition
| A wireless NIC sends and receives signals |
|
|
Term
|
Definition
An STA is a wireless NIC in an end device such as a laptop or wireless PDA. STA often refers to the device itself, not just the
NIC. |
|
|
Term
|
Definition
An AP, sometimes called a wireless AP (WAP), is the device that coordinates all communications between wireless devices, as
well as the connection to the wired network. It acts as a hub on the wireless side and a bridge on the wired side. It also
synchronizes the stations within a network to minimize collisions. |
|
|
Term
|
Definition
A BSS, also called a cell, is the smallest unit of a wireless network. All devices in the BSS can communicate with each other. The
devices in the BSS depend on the operating mode.
In an ad hoc implementation, each BSS contains two devices that communicate directly with each other.
In an infrastructure implementation, the BSS consists of one AP and all STAs associated with the AP. |
|
|
Term
Independent
Basic
Service Set
(IBSS) |
|
Definition
| An IBSS is a set of STAs configured in ad hoc mode. |
|
|
Term
|
Definition
An ESS consists of multiple BSSs with a distribution system (DS). The graphic above is an example of an ESS. In an ESS, BSSs
that have an overlapping transmission range use different frequencies. |
|
|
Term
|
Definition
The DS is the backbone or LAN that connects multiple APs (and BSSs) together. The DS allows wireless clients to communicate
with the wired network and with wireless clients in other cells. |
|
|
Term
Basic
Service
Set
Identifier
(BSSID) |
|
Definition
network. The BSSID allows
devices to find a specific AP within an ESS that has multiple access points, and it is used by STAs to keep track of APs when
roaming between BSSs. |
|
|
Term
| different intrusion detection system (IDS) |
|
Definition
1.Response
capability
2.Recognition
method
3.Detection
scope |
|
|
Term
|
Definition
A passive IDS monitors, logs, and detects security breaches but takes no action to stop or prevent the attack. A passive
IDS:
An active IDS (also called an intrusion protection system or IPS) performs the functions of an IDS but can also react
when security breaches occur. |
|
|
Term
|
Definition
defines how the system distinguishes attacks and threats from normal activity.
1.Signature recognition, also referred to as pattern matching or dictionary recognition, looks for patterns in network traffic
and compares them to known attack patterns called signatures.
2.Anomaly recognition, also referred to as behavior or heuristic recognition, monitors traffic to define a standard activity
pattern as "normal." |
|
|
Term
|
Definition
classified based on where the system runs and the scope of threats it looks for.
1.A hostbased
IDS (HIDS) is installed on a single host and monitors all traffic coming into the host. A HIDS:
Is used to detect attacks that are unique to the services on the system
2.A networkbased
IDS (NIDS) is a dedicated device installed on the network. It analyzes all traffic on the network. A
NIDS is:
Typically implemented as part of a firewall device acting as a router. |
|
|
Term
performing regular monitoring with common
network tools |
|
Definition
1.Use a packet sniffer to examine network traffic.
2.Use a port scanner to check for open ports on a system or a firewall.
3.Run security scanning software on each system to detect malware or other security vulnerabilities |
|
|
Term
|
Definition
is a device or virtual machine that entices intruders by displaying a vulnerability, configuration flaw, or appearing to contain valuable
data |
|
|
Term
|
Definition
| is a network of honeypots. |
|
|
Term
|
Definition
also called a sticky honeypot) is a honeypot that answers connection requests in such a way that the attacking computer is "stuck" for a
period of time. |
|
|
Term
|
Definition
| a software program that passively searches an application, computer, or network for weaknesses, |
|
|
Term
|
Definition
tool that sends ICMP echo/request packets to one or multiple IP addresses. To protect against attacks that
use ICMP, use a ping scanner to identify the systems on the network that respond to ICMP requests, |
|
|
Term
|
Definition
is a tool that probes systems for open ports. The most common use of a port scanner is to perform a TCP SYN
scan |
|
|
Term
|
Definition
is a tool that discovers devices on the network and displays the devices in a graphical representation.
Network mappers typically use a ping scan to discover devices and a port scanner to identify open ports on those devices. |
|
|
Term
|
Definition
tool that performs cryptographic attacks on passwords. Use a password cracker to identify weak
passwords and passwords protected with weak encryption. |
|
|
Term
Open
Vulnerability.
and Assessment
Language
(OVAL) |
|
Definition
The Open Vulnerability and Assessment Language is an international standard for testing, analyzing, and reporting the
security vulnerabilities of a system. |
|
|
Term
|
Definition
56 Kbps
POTS stands for Plain Old Telephone Service
Existing wires use only one twisted pair.
Analog signals are used through the local loop. |
|
|
Term
|
Definition
1.544 Mbps
run over 2 pairs UTP cabling but they can run
coaxial , fiber optic or satelitte
connect CSU and DSU |
|
|
Term
|
Definition
44.736 mb
672 channels that each run at 6 kps
DS3 |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Optical carrier specifications define the types and throughput of fiber optic cabling used in SONET |
|
|
Term
|
Definition
The WAN cloud is the collection of equipment that makes up the WAN network. The WAN cloud is owned and maintained by
telecommunications companies. It is represented as a cloud because the physical structure varies, and different networks with
common connection points may overlap. |
|
|
Term
|
Definition
The central office is a switching facility connected to the WAN, and it is the nearest point of presence for the WAN provider. It
provides WAN cloud entry and exit points. |
|
|
Term
|
Definition
The local loop is the cable that extends from the central office to the customer location. The local loop is owned and maintained
by the WAN service provider. It typically uses UTP, but it can also be implemented using fiber optic cabling or other media. |
|
|
Term
|
Definition
When you contract with a local exchange carrier (LEC) for data or telephone services, they install a physical cable and a
termination jack onto your premises. The demarcation point marks the boundary between the telco equipment and your
organization's network or telephone system. |
|
|
Term
Customer
Premises
Equipment
(CPE) |
|
Definition
Devices physically located on the subscriber's premises are referred to as the customer premises equipment. CPE includes both the
wiring and devices that the subscriber owns and the equipment leased from the WAN provider. |
|
|
Term
|
Definition
| terminates the digital signal and provides error correction and line monitoring |
|
|
Term
|
Definition
| converts the digital data into synchronous serial data for connection to a router. |
|
|
Term
|
Definition
A circuitswitched
network uses a dedicated connection between sites. Circuit switching is ideal for transmitting data that must
arrive quickly in the order it is sent, as is the case with realtime
audio and video. |
|
|
Term
|
Definition
A packetswitched
network allows data to be broken up into packets. Packets are transmitted along the most efficient route to the
destination. Packet switching is ideal for transmitting data that can handle transmission delays, as is often the case with web pages
and email. |
|
|
Term
| process needed to remote access facts |
|
Definition
Physical
connection
Connection
parameters -After the physical connection is set up, a Data Link layer connection is established. During this phase, additional parameters
that will be used during the connection are decided.
PPP or PPPoe
Protocols negotiated at this phase control the following parameters:
Upper layer protocol suite (such as IP)
Network layer addressing
Compression (if any)
Encryption (if any)
Authentication method
Authentication The authentication protocol is negotiated during the connection parameter
phase. After devices agree on the authentication protocol to use, the logon credentials are exchanged and logon is allowed or
denied. Several common protocols are used for remote access authentication.
Challenge Handshake Authentication Protocol (CHAP)
Microsoft Challenge Handshake Authentication Protocol (MSCHAP)
Extensible Authentication Protocol (EAP)
Authorization-is the process of identifying the resources that a user can access over the remote access connection. Authorization
can restrict access based on the following parameters:
Time of day
Type of connection (e.g., PPP or PPPoE, wired or wireless)
Location of the resource (e.g., restrict access to specific servers
Accounting -is an activity that tracks or logs the use of the remote access connection. Accounting is often used by ISPs to bill for
services based on time spent or the amount of data downloaded. |
|
|
Term
| used Remote Access Service |
|
Definition
used by a remote access server to control access for remote access clients. Clients might be granted access to
resources on only the remote access server, or they might be allowed to access resources on other hosts on the private network. |
|
|
Term
|
Definition
is used by Microsoft servers for centralized remote access administration. RADIUS:
Combines authentication and authorization using policies to grant access.
Uses UDP.
Encrypts only the password.
Often uses vendorspecific
extensions. RADIUS solutions from different vendors
might not be compatible. |
|
|
Term
|
Definition
was originally developed by Cisco for centralized remote access administration.
TACACS+:
Provides three protocols, one each for authentication, authorization, and accounting.
This allows each service to be provided by a different server.
Uses TCP port 49.
Encrypts the entire packet contents.
Supports more protocol suites than RADIUS. |
|
|
Term
|
Definition
creates logical groups of hosts—messages sent to the group are received by all group membersstreaming video and audio applications, such as video conferencing
Frames that contain multicast traffic are sent to a special MAC address.
A regular switch that receives multicast traffic sends the traffic out all ports, because the destination MAC address will be an unknown address. |
|
|
Term
|
Definition
Messages are sent to a specific host address. The sending device must know the IP address of all recipients, and must create a
separate packet for each destination device. |
|
|
Term
|
Definition
A single packet is sent to the broadcast address and is processed by all hosts. All hosts, and not just group members, receive the
packet. Broadcast packets are not typically forwarded by routers, so broadcast traffic is limited to within a single subnet. |
|
|
Term
| Internet Group Management Protocol (IGMP) |
|
Definition
is used to identify group members and to forward multicast packets on to the segments
where group members reside. IGMP routers keep track of the attached subnets that have group members, using the following process:
1.A router sends out a host membership query.
2. Hosts that are members of any groups respond with a list of the groups they belong to.
3. The router uses these responses to compile a list of the groups on the subnet that have group members.
4. When a host joins a new group, it automatically sends a join group message to the router.
5. The IGMP router reports to upstream routers that they have members of a specific group.
snooping on a switch allows the switch to control which ports get IGMP traffic for a specific group. |
|
|
Term
| Which process used when sending a multicast stream: |
|
Definition
The sending server sends packets addressed to the multicast group.
1. The sending server sends packets addressed to the multicast group.
2. Routers receive the multicast packets and check their lists of group members.
subnet does not have any group members, the packet is not forwarded on that subnet.
router does not have any subnets with group members, the packet is dropped and not forwarded. |
|
|
Term
Public
Switched
Telephone
Network
(PSTN) |
|
Definition
POTS phone line with a modem.
Dialup
uses a single 64 Kbps channel. |
|
|
Term
Digital
Subscriber
Line
(DSL) |
|
Definition
offers digital communications over existing POTS lines.
Data is sent using multiplexed channels over existing telephone wiring.
Implementation requires a DSL router or a single DSL network interface connected to the phone line. |
|
|
Term
|
Definition
provides different download and upload speeds.
allows regular analog phone calls and digital access on the same line at the same time. Splitters are
required to separate the analog signals from the digital signals |
|
|
Term
|
Definition
provides equal download and upload speeds.
The entire line is used for data; simultaneous voice and data is not supported.
Splitters are not required, because voice traffic does not exist on the line |
|
|
Term
| There are 2 Cellular types |
|
Definition
Global System for Mobile Communicationswas created in Europe and is used by the majority of the world's
mobile service providers. GSM uses timedivision
multiple access (TDMA) technology to allow multiple connections on
the same frequency.
Code Division Multiple Access (CDMA) is used by the majority of mobile service providers within the United States. It
enables multiple connections on the same frequency. With CDMA, each call is encoded with a unique key and then
transmitted simultaneously. The unique keys are then used to extract each call from the transmission. |
|
|
Term
|
Definition
networks were the first to offer digital data services. 2G data speeds are slow (14.4 Kbps) and are
used mainly for text messaging, not Internet connectivity. 2.5G supports speeds up to 144 Kbps. |
|
|
Term
|
Definition
also called 2.75G) networks are an intermediary between 2G and 3G networks. EDGE is the first cellular
technology to be truly Internet compatible, with speeds of 400–1,000 Kbps. |
|
|
Term
|
Definition
simultaneous voice and data. Minimum speeds for stationary users are quoted at 2 Mbps or higher. The
following extensions enhance
1.HSPA+ -also known as smart antenna) uses multipleinput
and multipleoutput
(MIMO), and significantly
increases data throughput and link range without additional bandwidth or increased transmit power.
2. Long Term Evolution (LTE) and LTEAdvanced
increase downlink/uplink speeds to 100/50 Mbps and
1Gbps/500Mbps, respectively. |
|
|
Term
|
Definition
Uses MIMO.
Is not compatible with 3G; 4G requires a complete retrofit on the part of service providers and new equipment for
the consumer.
Utilizes Worldwide Interoperability for Microwave Access (WiMAX). WiMAX delivers highspeed
Internet
service (up to 1 Gbps for stationary users) to large geographical areas. |
|
|
Term
Broadband
over
power line
(BPL) |
|
Definition
a system that transmits twoway
data over the existing electrical distribution wiring. This service could be enabled within a
single building or provided throughout a metropolitan area. BPL avoids the expense of a dedicated network of wires for data
communication |
|
|
Term
Integrated
Services
Digital
Network
(ISDN) |
|
Definition
offers digital communications over existing POTS lines or T1 lines.
ISDN is more common in Europe than in the United States.
The transmission medium is divided into channels for digital data.
Subscribers must be within a certain distance of the phone company equipment, although this distance can be extended
with repeaters.
Phone calls use digital ISDN phones or analog phones connected to a converter. |
|
|
Term
|
Definition
provides two 64 Kbps data channels and one 16 Kbps control channel. BRI uses 4 wires on the
existing POTS installation. With ISDN BRI, you can use one channel for voice and one channel for data, or both channels
for different voice calls. Depending on the implementation, you can also bond the B channels to use them together for
faster data speeds. |
|
|
Term
|
Definition
(primary rate) provides 23 64 Kbps data channels and one 64 Kbps control channel on a T1 line (or 30 64 Kbps
data channels and one 64 Kbps control channel on an E1 line). |
|
|
Term
|
Definition
is a protocol optimized for the transmission of voice data (telephone calls) through a packetswitched
IP network.
VoIP routes phone calls through an IP network, including the Internet, instead of through the public switched telephone system (PSTN). |
|
|
Term
|
Definition
1.Using an analog telephone adapter to connect the existing analog phone system to a VoIP network
2.Using a VoIP phone that is capable of sending and receiving digital voice signals that are already formatted for the VoIP network. When using
VoIP phones, you may need to connect the phones to special switches with Power over Ethernet (PoE) capabilities.
3.Running special software that allows a computer to send and receive VoIP calls. The software converts the input fro |
|
|
Term
| unified communication devices to provide voice services |
|
Definition
Voice
Voicemail
Instant messaging
Presence information (identifies whether a user is online and available or not)
Video conferencing
Faxing
Web conferencing and desktop sharing |
|
|
Term
| How does VoIP uses regular IP packets for sending voice data over a network |
|
Definition
1. If a regular phone is used, analog signals are converted to digital data.
2. Digital data is segmented and placed into IP packets.
3. Packets are sent through an IP network. A VoIP call consists of two data flows:
The voice carrier stream, consisting of Realtime
Transport Protocol (RTP) packets that contain the actual voice samples.
The call control signaling uses one of several protocols to set up, maintain, teardown, and redirect the call. Protocols used in call control
include the following:
H.323
Session Initiation Protocol (SIP)
Media Gateway Control Protocol (MGCP)
4. At the receiving end, packets become segments, which are reassembled into the voice data stream. If necessary, digital data is converted back to
analog for use on an analog phone or for final transmission onto the PSTN. |
|
|
Term
| Advantage IP network for voice |
|
Definition
Administration is simplified because you maintain a single network for both data and voice instead of using a separate infrastructure for voiceonly
traffic.
Costs are typically lower than longdistance
costs over the PSTN.
Adding additional phone lines is easier and less expensive than adding lines from the PSTN.
Because VoIP packets are regular IP packets, encryption is easily added to VoIP data—something that is difficult to accomplish for traditional
PSTN calls. |
|
|
Term
| What are the problems with VoIP |
|
Definition
1. Delay
2.Jitter
3.PAcket loss
4.Echo
5.Power loss |
|
|
Term
|
Definition
integrates multiple types of realtime,
IPbased
digital communication together into a single system. Types of
communication include:
Voice calls
Audio conferencing
Video conferencing (VTC)
Desktop sharing
Instant messaging
UC systems also provide nonrealtime
communications, including:
Texting
Voicemail
Email
Faxing |
|
|
Term
| unified communications is used |
|
Definition
of these services and applications are designed to work together seamlessly. A UC
system provides users with multiple options for exchanging information with each other. For example, a user can use a UC system to
schedule and host a video conference |
|
|
Term
|
Definition
presence information, which lets users inform each other of their availability for communication. For example,
a user's status could be displayed as:
Available
Busy
On a call
Do not disturb
Away from my computer
Offline |
|
|
Term
|
Definition
when one employee specifies that a particular task is complete in the organization's workflow
application, a notification is automatically sent to the next employee in the business process, indicating that the task is now ready to be
worked on. |
|
|
Term
| what are UC system contains many components |
|
Definition
The UC server manages the entire UC system and provides the necessary services.
UC devices connect to the UC server and are used to access the services it provides. UC devices can be divided into two categories:
Hardware UC devices like an IP phone are designed to work specifically with the UC server.
Software UC devices include computers, tablets, and smart phones that have the necessary client software installed to access the UC system.
Some UC products require a proprietary client to be installed, while others simply use the web browser already installed on these devices.
A UC gateway connects the digital, IPbased
UC network with legacy analog networks, such as the Public Switched Telephone Network (PSTN). |
|
|
Term
| below describes the method used to obtain an address from a DHCP server |
|
Definition
DHCP
Discover
(D)
The client begins by sending out a DHCP Discover frame to identify DHCP servers on the network.
DHCP
Offer (O)
A DHCP server that receives a Discover request from a client responds with a DHCP Offer advertisement, which contains an
available IP address. If more than one DHCP server responds with an offer, the client usually responds to the first offer that it
receives.
DHCP
Request
(R)
The client accepts the offered address by sending a DHCP Request back to the DHCP server. If multiple offers were sent, the
DHCP Request message from the client also informs the other DHCP servers that their offers were not accepted and the IP
addresses contained in their offers can be made available to other clients.
DHCP
ACK (A)
The DHCP server responds to the request by sending a DHCP ACK (acknowledgement). At this point, the IP address is leased to
and configured on the DHCP client.
If the DHCP server is on a different subnet, additional configuration steps are required, since the DHCP broadcast frames are dropped by network
routers by default. |
|
|
Term
| what is scope and important of it |
|
Definition
is the range of IP addresses that the DHCP server can
assign to clients. When working with scopes, remember the following:
There should be only one scope per network segment.
The scope must be activated before the DHCP server can assign addresses to clients. After you activate a scope, you should not change it.
A scope has a subnet mask that determines the subnet for a given IP address. You cannot change the subnet mask of an existing DHCP scope; to
change the subnet mask used by a scope, you must delete and recreate the scope.
Lease duration values are part of the scope properties, and they determine the length of time a client can use an IP address leased through DHCP. |
|
|
Term
| other service provide DHCP |
|
Definition
The following three levels
of options can be configured:
Server options are applied to all computers that get an IP address from the DHCP server, regardless of which scope they obtain the address from.
(e.g., if your organization has only one DNS server, then all DHCP clients need the same DNS server address.)
Scope options are applied to all computers that get an IP address from a particular scope on the DHCP server. (e.g., because scopes are associated
with specific subnets, each scope needs to be configured with the appropriate default gateway address option.)
Client options are applied to a specific DHCP client. The client's MAC address is used to identify which system receives the option. |
|
|
Term
| What are the DHCP server status |
|
Definition
A check mark in a green circle indicates that the DHCP server is connected and authorized.
A red down arrow indicates that the DHCP server is connected but not authorized.
A horizontal white line inside a red circle indicates that the DHCP server is connected, but the current user does not have the administrative
credentials necessary to manage the server.
An exclamation point inside a yellow triangle indicates that 90% of available addresses for server scopes are either in use or leased.
An exclamation point inside a blue circle indicates that 100% of available addresses for server scopes are either in use or leased. |
|
|
Term
|
Definition
a softwareor
hardwarebased
network security system that allows or denies network traffic according to a set of rules. |
|
|
Term
|
Definition
is installed on the edge of a private network or network segment.
Most networkbased
firewalls are considered hardware firewalls, even though they use a combination of hardware and software to protect
the network from Internet attacks.
Networkbased
firewalls are more expensive and require more configuration than other types of firewalls, but they are much more robust
and secure. |
|
|
Term
|
Definition
is installed on a single computer in a network.
Almost all hostbased
firewalls are software firewalls.
A hostbased
firewall can be used to protect a computer when no networkbased
firewall exists (e.g., when connected to a public network).
Hostbased
firewalls are less expensive and easier to use than networkbased
firewalls, but they don't offer the same level of protection or
customization.
used in addition to a networkbased
firewall to provide multiple layers of protection |
|
|
Term
|
Definition
allowed and blocked traffic. A rule identifies characteristics of
the traffic:
The interface the rule applies to
The direction of traffic (inbound or outbound)
Packet information such as the source or destination IP address or port number
The action to take when the traffic matches the filter criteria |
|
|
Term
|
Definition
This is a line at the end of the ACL stating that if a packet doesn't match any of the defined rules, then it
will be dropped. |
|
|
Term
| packet filtering firewall |
|
Definition
makes decisions about which network traffic to allow by examining information in the IP packet header
such as source and destination addresses, ports, and service protocols. A packet filtering firewall:
Uses ACLs or filter rules to control traffic.
Operates at OSI Layer 3 (Network layer).
Offers high performance because it examines only the addressing information in the packet header.
Can be implemented using features that are included in most routers.
Is a popular solution because it is easy to implement and maintain, has a minimal impact on system performance, and is
fairly inexpensive.
A packet filtering firewall is considered a stateless firewall because it examines each packet and uses rules to accept or reject it, |
|
|
Term
|
Definition
gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuitlevel
gateway
Operates at OSI Layer 5 (Session layer).
Keeps a table of known connections and sessions. Packets directed to known sessions are accepted.
Verifies that packets are properly sequenced.
Ensures that the TCP threeway
handshake process occurs only when appropriate.
Does not filter packets. Instead, it allows or denies sessions.
considered a stateful firewall because it keeps track of the state of a session.
uses dynamic ports, because the firewall matches the session information for filtering and not the port numbers.
In general, circuitlevel
proxies are slower than packet filtering firewalls |
|
|
Term
|
Definition
is capable of filtering based on information contained within the data portion of a packet. An
applicationlevel
gateway:
Examines the entirety of the content being transferred (not just individual packets).
Operates at OSI Layer 7 (Application layer).
Understands, or interfaces with, the applicationlayer
protocol.
Can filter based on user, group, and data (e.g., URLs within an HTTP request).
Is the slowest form of firewall because entire messages are reassembled at the Application layer.
One example of an applicationlevel
gateway is a proxy server |
|
|
Term
|
Definition
Control both inbound and outbound traffic.
Increase performance by caching frequently accessed content. Content is retrieved from the proxy cache instead of the
original server.
Filter content and restrict access depending on the user or specific website.
Shield or hide a private network. |
|
|
Term
| what are the two different types of proxy servers |
|
Definition
A forward proxy server handles requests from inside a private network out to the Internet.
A reverse proxy server handles requests from the Internet to a server located inside a private network. A reverse proxy
can perform load balancing, authentication, and caching. |
|
|
Term
| unified threat management device |
|
Definition
combines multiple security features into a single network appliance. A single UTM device
can provide several security features:
Firewall
VPN
Antspam
Antivirus
Load balancing
disadvantage single point of failure |
|
|
Term
| UTM devices are best suited for |
|
Definition
Offices where space limits don't allow for multiple security appliances.
Satellite offices that need to be managed remotely. Configuration changes need to be made on only one device, rather
than multiple devices.
Smaller businesses that wouldn't benefit from the robust features provided by specific security appliances |
|
|
Term
| method of using firewalls is to define various network zones |
|
Definition
you can define a zone that
includes all hosts on your private network protected from the Internet, and you can define another zone within your network for controlled
access to specific servers that hold sensitive information. |
|
|
Term
| what does ICANN specifies |
|
Definition
Well known ports range from 0 to 1023 and are assigned to common protocols and services.
Registered ports range from 1024 to 49151 and are assigned by ICANN to a specific service.
Dynamic (also called private or high) ports range from 49152 to 65535 and can be used by any service on an ad hoc basis. Ports are assigned when a
session is established, and ports are released when the session ends. |
|
|
Term
|
Definition
Ports allow a single host with a single IP address to run network services. Each port number identifies a distinct service.
Each host can have over 65,000 ports per IP address.
Port use is regulated by the Internet Corporation for Assigned Names and Numbers (ICANN). |
|
|
Term
| File Transfer Protocol (FTP) |
|
Definition
20 TCP and UDP
21 TCP and UDP |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| Simple Mail Transfer Protocol (SMTP) |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Dynamic Host Configuration Protocol (DHCP) |
|
Definition
67 TCP and UDP
68 TCP and UDP |
|
|
Term
| Trivial File Transfer Protocol (TFTP) |
|
Definition
|
|
Term
| Hypertext Transfer Protocol (HTTP) |
|
Definition
|
|
Term
| Post Office Protocol (POP3) |
|
Definition
|
|
Term
| Network News Transport Protocol (NNTP) |
|
Definition
|
|
Term
| Network Time Protocol (NTP) |
|
Definition
|
|
Term
NetBIOS Name Service
NetBIOS Datagram Service
NetBIOS Session Service |
|
Definition
137 TCP and UDP
138 TCP and UDP
139 TCP and UDP |
|
|
Term
| Internet Message Access Protocol (IMAP4) |
|
Definition
|
|
Term
| Simple Network Management Protocol (SNMP) |
|
Definition
|
|
Term
| Lightweight Directory Access Protocol (LDAP) |
|
Definition
|
|
Term
| HTTP over Secure Sockets Layer (HTTPS) |
|
Definition
|
|
Term
| Microsoft Server Message Block (SMB) File Sharing |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Cisco Media Gateway Control Protocol (MGCP) |
|
Definition
|
|
Term
| Remote Desktop Protocol (RDP) |
|
Definition
|
|
Term
Realtime
Transport Protocol (RTP) Data |
|
Definition
|
|
Term
Realtime
Transport Protocol (RTP) Control |
|
Definition
|
|
Term
Session Initiation Protocol (SIP)
Session Initiation Protocol (SIP) over TLS |
|
Definition
|
|
Term
|
Definition
maps logical hostnames to IP addresses
Each division of the database is held in a zone database file.
Zones typically contain one or more domains, although additional servers might hold information for child domains.
DNS servers hold zone files and process name resolution requests from client systems |
|
|
Term
|
Definition
| The . (dot) domain, also called the root domain, denotes a fully qualified, unambiguous domain name. |
|
|
Term
|
Definition
A TDL is the last part of a domain name (e.g., .com, .edu, .gov). TDLs are managed by the Internet Corporation of Assigned
Names and Numbers (ICANN). |
|
|
Term
Fully
qualified
domain
name
(FQDN) |
|
Definition
The FQDN includes the hostname and all domain names, separated by periods. The final period (for the root domain) is often
omitted and only implied. |
|
|
Term
|
Definition
The host name is the part of a domain name that represents a specific host. For example, with "www" is the host name of
www.example.com. |
|
|
Term
|
Definition
are used to store entries for hostnames, IP addresses, and other information in the zone database. Each host has at least
one record in the DNS database that maps the hostname to the IP address.
The A record maps an IPv4 (32bit)
DNS hostname to an IP address. This is the most common resource record type.
The AAAA record maps an IPv6 (128bit)
DNS hostname to an IP address.
The PTR record maps an IP address to a hostname (it "points" to an A record).
The MX record identifies servers that can be used to deliver email.
The CNAME record provides alternate names (or aliases) to hosts that already have a host record. Using a single A
record with multiple CNAME records means that when the IP address changes, only the A record needs to be modified. |
|
|
Term
|
Definition
| An authoritative server is a DNS server that has a full, complete copy of all the records for a particular domain. |
|
|
Term
|
Definition
enables clients or the DHCP server to update records in the zone database. Without dynamic updates, all A (host) and
PTR (pointer) records must be configured manually. With dynamic updates, host records are created and deleted automatically
whenever the DHCP server creates or releases an IP address lease. Dynamic updates occur when:
A network host's IP address is added, released, or changed.
The DHCP server changes or renews an IP address lease.
The client's DNS information is manually changed using ipconfig /registerdns |
|
|
Term
|
Definition
s the process by which a DNS server uses root name servers and other DNS servers to perform name resolution
The host looks in its local cache to see if it has recently resolved the hostname. .
The host looks in its local cache to see if it has recently resolved the hostname.
2. If the information is not in the cache, it checks the Hosts file. The Hosts file is a static text file that contains hostnametoIP
address mappings.
3. If the IP address is not found, the host contacts its preferred DNS server. If the preferred DNS server can't be contacted, the host continues
contacting additional DNS servers until one responds.
4. The host sends the name information to the DNS server. The DNS server checks its cache and Hosts file. If the information is not found, the DNS
server checks any zone files that it holds for the requested name.
5. If the DNS server can't find the name in its zones, it forwards the request to a root zone name server. This server returns the IP address of a DNS
server that has information for the corresponding toplevel
domain (such as .com).
6. The first DNS server requests the information from the toplevel
domain server. The server returns the address of a DNS server with the
information for the next highest domain. This process continues until a DNS server is contacted that holds the necessary information.
7. The DNS server places the information in its cache and returns the IP address to the client host. The client host also places the information in its
cache and uses the IP address to contact the desired destination device. |
|
|
Term
|
Definition
| finds the IP address for a given hostname |
|
|
Term
|
Definition
| finds the hostname from a given IP address. |
|
|
Term
|
Definition
The last address in the range is the broadcast address, and it is used to send messages to all hosts on the network. In binary form, the
broadcast address has all 1s in the host portion of the address.
115.255.255.255 is the broadcast address for network 115.0.0.0 |
|
|
Term
|
Definition
The Internet Assigned Numbers Authority
manages the assignment of IP addresses on the Internet |
|
|
Term
|
Definition
Corporation for Assigned Names and Numbers
IANA is operated by the Internet |
|
|
Term
|
Definition
Regional Internet Registries
IANA allocates blocks of IP addresses
has authority over IP addresses in a specific region of the
world.
assigns blocks of addresses to Internet Service Providers (ISPs). |
|
|
Term
|
Definition
| assigns one or more IP addresses to individual computers or organizations connected to the Internet. |
|
|
Term
|
Definition
classful because the default subnet mask identifies the network portion and the host portion of the IP address. Classless
addresses, |
|
|
Term
|
Definition
| on the other hand, use a custom mask value to separate the network and host portions of the IP address. |
|
|
Term
|
Definition
Classless InterDomain
Routing
allows you to use only part of an octet for the network address |
|
|
Term
|
Definition
classful because the default subnet mask identifies the network portion and the host portion of the IP address. Classless
addresses, |
|
|
Term
|
Definition
protocol used to connect to a WAN over dedicated (leased) lines
is a packet switching technology that supports variablesized
data units called frames
Virtual circuits can be configured in two different ways.
A pointtopoint
circuit is established between two locations.
A pointtomultipoint
circuit is a single circuit that can be used to reach multiple locations. |
|
|
Term
synchronous
Transfer
Mode (ATM) |
|
Definition
WAN communication technology originally designed for carrying timesensitive
data like voice and video. It can also
be used for regular data transport.
ATM is a packet switching technology that uses fixedlength
data units called cells. Each cell is 53 bytes.
ATM establishes a virtual circuit between two locations.
A virtual channel is a data stream sent from one location to another.
A virtual path is a collection of data streams with the same destination. |
|
|
Term
Synchronous
Optical
Networking
(SONET) |
|
Definition
a subset or variation of the Synchronous Digital Hierarchy (SDH) standards for networking over an optical medium.
It was originally developed as a WAN solution to interconnect optical devices from various vendors.
SONET is a packet switching technology that uses different frame sizes, based on the bandwidth used on the SONET
network.
SONET is classified as a transport protocol, because it can carry other types of traffic, such as ATM, Ethernet, and IP.
Most PSTN networks use SONET within the long distance portion of the PSTN network.
SONET networks use dual, counterrotating
fiber optic rings. If a break occurs in one ring, data can be routed over the
other ring to keep traffic flowing. |
|
|
Term
Multiprotocol
Label
Switching
(MPLS) |
|
Definition
WAN data classification and data carrying mechanism.
MPLS is a packet switching technology that supports variablelength
frames.
MPLS adds a label to packets between the existing Network and Data Link layer formats. Labels are added when the
packet enters the MPLS network and are removed when the packet exits the network. |
|
|
Term
| What the different types of IPV6 |
|
Definition
ineterface can have more than one IPv6
Unicast
Multicast
Anycast
Loopback |
|
|
Term
|
Definition
addresses are assigned to a single interface, for the purpose of allowing that one host to send and receive data. Packets
sent to a unicast address are delivered to the interface identified by that address.
Linklocal
Unique
local
Global
unicast |
|
|
Term
|
Definition
addresses (also known as local link addresses) are addresses that are valid on only the current subnet.
Details include the following:
Linklocal
addresses have an FE80::/10 prefix. This includes any address beginning with FE8, FE9,
FEA, or FEB.
All nodes must have at least one linklocal
address, although each interface can have multiple addresses.
Linklocal
addresses are used for automatic address configuration, for neighbor discovery, or for subnets
that have no routers.
Do not use linklocal
IPv6 addressing on routed networks. Routers never forward packets destined for
linklocal
addresses to other subnets. |
|
|
Term
|
Definition
addresses are private addresses used for communication within a site or between a limited number
of sites. In other words, unique local addressing is commonly used for network communications that do not cross
a public network; they are the equivalent of private addressing in IPv4
Because unique local addresses are not registered with IANA, they cannot be used on a public network
(such as the Internet) without address translation.
Addresses beginning with a prefix of FC00 or FD00 are unique local addresses.
Following the prefix, the next 40 bits are used for the Global ID. The Global ID is generated randomly,
creating a high probability of uniqueness on the entire Internet.
Following the Global ID, the remaining 16 bits in the prefix are used for subnet information.
Unique local addresses are likely to be globally unique, but they are not globally routable. Unique local
addresses might be routed between sites by a local ISP. |
|
|
Term
|
Definition
addresses are addresses that are assigned to individual interfaces that are globally unique. All IPv6
addresses that haven't been specifically reserved for other purposes are defined as global unicast addresses. The
global routing prefix assigned to an organization by an ISP is typically 48 bits long (/48), but it could be as short
as /32 or as long as /56, depending on the ISP. All subnet IDs within the same organization must begin with the
same global routing prefix, but they must also be uniquely identified using a different value in the subnet field.
separate IPv6 subnets should be defined by the following:
Network segments separated by routers
VLANs
Pointtopoint
WAN links |
|
|
Term
|
Definition
addresses represent a dynamic group of hosts. Packets sent to a multicast address are sent to all interfaces identified by
that address. If different multicast addresses are used for different functions, only the devices that need to participate in a
particular function will respond to the multicast; devices that have no need to participate in the function will ignore the
multicast. |
|
|
Term
|
Definition
address is a unicast address that is assigned to more than one interface, typically belonging to different hosts. An
anycast packet is routed to the nearest interface having that address (based on routing protocol decisions). Details include the
following:
An anycast address is the same as a unicast address. Assigning the same unicast address to more than one interface
makes it an anycast address.
You can have a linklocal,
unique local, or global unicast anycast address.
When you assign an anycast address to an interface, you must explicitly identify the address as an anycast address (to
distinguish it from a unicast address).
Anycast addresses can be used to locate the nearest server of a specific type (e.g., the nearest DNS or network time
server). |
|
|
Term
|
Definition
The local loopback address for the local host is 0:0:0:0:0:0:0:1 (also identified as ::1 or ::1/128). The local loopback address is
not assigned to an interface. It can be used to verify that the TCP/IP protocol stack has been properly installed on the host. |
|
|
Term
|
Definition
configuration enables a host to communicate with IPv4 and IPv6 hosts; the IPv4 and IPv6 protocol stacks run
concurrently on a host. IPv4 is used to communicate with IPv4 hosts, and IPv6 is used to communicate with IPv6 hosts. When dual
stack is implemented on hosts, intermediate routers and switches must also run both protocol stacks. |
|
|
Term
| Tunneling and several tunneling solutions |
|
Definition
allows IPv6 hosts or sites to communicate over the existing IPv4 infrastructure. With tunneling, a device encapsulates
IPv6 packets within IPv4 packets for transmission across an IPv4 network, and then the IPv6 packets are deencapsulated
by another
device at the other end.
1.Manually
configured
tunnel
2.6to4
tunneling
3.4to6
tunneling
4.Intrasite
Automatic
Tunnel
Addressing
Protocol
(ISATAP)
5.Teredo
tunneling |
|
|
Term
|
Definition
With a manually configured tunnel, tunnel endpoints are configured as pointtopoint
connections between
devices. Because of the time and effort required for configuration, use manually configured tunnels only when
you have a small number of sites that need to connect through the IPv4 Internet, or when you want to configure
secure sitetosite
associations. Manual tunneling:
Is configured between routers at different sites.
Requires dual stack routers as the tunnel endpoints. Hosts can be IPv6only
hosts.
Works through NAT.
Uses a static association of an IPv6 address to the IPv4 address of the destination tunnel endpoint |
|
|
Term
|
Definition
With 6to4
tunneling, tunneling endpoints are configured automatically between devices. Use 6to4
tunneling
to dynamically connect multiple sites through the IPv4 Internet. Because of its dynamic configuration, 6to4
tunneling is easier to administer than manual tunneling. 6to4
tunneling:
Is configured between routers at different sites.
Requires dual stack routers as the tunnel endpoints. Hosts can be IPv6only
hosts.
Works through NAT.
Uses a dynamic association of an IPv6 site prefix to the IPv4 address of the destination tunnel
endpoint.
Automatically generates an IPv6 address for the site using the 2002::/16 prefix, followed by the public
IPv4 address of the tunnel endpoint router. |
|
|
Term
|
Definition
4to6
tunneling works in a manner similar to 6to4
tunneling. However, instead of tunneling IPv6 traffic
through an IPv4 network, 4to6
tunnels IPv4 traffic through an IPv6 network by encapsulating IPv4 packets
within IPv6 packets. |
|
|
Term
Intrasite
Automatic
Tunnel
Addressing
Protocol
(ISATAP) |
|
Definition
IPv6 communication over a private IPv4 network. ISATAP tunneling:
Is configured between individual hosts and an ISATAP router.
Requires a special dual stack ISATAP router to perform tunneling, and dual stack or IPv6only
clients.
Dual stack routers and hosts perform tunneling when communicating on the IPv4 network.
Does not work through NAT.
Automatically generates linklocal
addresses that includes the IPv4 address of each host.
The prefix is the wellknown
linklocal
prefix: FE80::/16.
The remaining prefix values are set to 0.
The first two quartets of the interface ID are set to 0000:5EFE.
The remaining two quartets use the IPv4 address, written in either dotted decimal or
hexadecimal notation.
For example, a host with an IPv4 address of 192.168.12.155 would have the following IPv6
address when using ISATAP: FE80::5EFE:C0A8:0C9B (also designated as
FE80::5EFE:192.168.12.155).
Use ISATAP to begin a transition to IPv6 within a site. You can start by adding a single ISATAP router and
configuring each host as an ISATAP client. |
|
|
Term
|
Definition
Teredo tunneling establishes a tunnel between individual hosts so they can communicate through a private or public IPv4 network. Teredo tunneling:
Is configured between individual hosts.
Uses dual stack hosts and performs tunneling of IPv6 to send on the IPv4 network.
Works through NAT.
In Windows 7, the Teredo component is enabled but inactive by default. In Windows 8, Teredo is enabled by
default on work and home network profiles. On Linux, the Miredo client software is used to implement Teredo
tunneling. |
|
|
Term
|
Definition
The entire 128bit
address and all other configuration information is statically assigned to the host. |
|
|
Term
|
Definition
| The prefix is statically assigned and the interface ID is derived from the MAC address. |
|
|
Term
Stateless
Autoconfiguration |
|
Definition
Clients automatically generate the interface ID and learn the subnet prefix and default gateway through the Neighbor
Discovery Protocol (NDP). NDP uses the following messages for autoconfiguration:
A Router solicitation (RS) is a message sent by the client, requesting that routers respond.
A Router advertisement (RA) is a message sent periodically by the router and in response to RS messages,
informing clients of the IPv6 subnet prefix and the default gateway address.
Hosts also use NDP to discover the addresses of other interfaces on the network, removing the need for the Address
Resolution Protocol (ARP).
Sets the interface ID automatically.
Obtains the subnet prefix and default gateway from the RA message.
Obtains DNS and other configuration information from a DHCPv6 server.
The host sends out an INFORMATIONREQUEST
message addressed to the multicast address FF02::1:2,
requesting this information from the DHCPv6 server. |
|
|
Term
|
Definition
IPv6 uses an updated version of DHCP (called DHCPv6) that operates in one of two modes:
Stateful DHCPv6 is when the DHCP server provides each client an IP address, default gateway, and other IP
configuration information (such as the DNS server IP address). The DHCP server tracks the status (or state) of the
client.
Stateless DHCPv6 does not provide the client an IP address and does not track the status of each client. It is instead
used to supply the client with the DNS server IP address. Stateless DHCPv6 is most useful when used in
conjunction with stateless autoconfiguration |
|
|
Term
| host starts up how does the process to configure the IPv6 address for each interface |
|
Definition
The host generates an IPv6 address using the linklocal
prefix (FE80::/10) and modifies the MAC address to get the interface ID.
The host sends a neighbor solicitation (NS) message addressed to its own linklocal
address to see if the address it has chosen is already in use
The host waits for an RA message from a router to learn the prefix
The RA message contains information that identifies how the IPv6 address and other information should be configured. The following table shows
possible combinations
If a manual address or stateful autoconfiguration is used, the host sends an NS message to make sure the address is not already in use. |
|
|
Term
Stateful
Autoconfiguration |
|
Definition
Obtains the interface ID, subnet prefix, default gateway, and other configuration information from a DHCPv6
server.
The host sends out a REQUEST message addressed to the multicast address FF02::1:2, requesting this
information from the DHCPv6 server. |
|
|
Term
|
Definition
Is a Data Link (Layer 2) protocol designed to facilitate communication over leased lines.
Can be used on a wide variety of physical interfaces, including asynchronous serial, synchronous serial (dialup),
and ISDN.
Defines a header and trailer that specify a protocol type field.
Contains protocols that integrate and support higher level protocols.
Supports multiple Network layer protocols over the same link.
Supports both IPv4 and IPv6.
Provides optional authentication through PAP (2way
authentication) or CHAP (3way
authentication):
PAP transmits the password in cleartext over the link.
CHAP uses a hash of the password for authentication. The password itself is not transmitted on the link.
Supports multilink connections, loadbalancing
traffic over multiple physical links.
Includes Link Quality Monitoring (LQM), which can detect link errors and can automatically terminate links with excessive errors.
Includes looped link detection, which can identify when messages sent from a router are looped back to that router:
Routers send magic numbers in communications. If a router receives a packet with its own magic number, the link is looped. |
|
|
Term
|
Definition
(MLP) is available on some routers. MLP is used to aggregate multiple WAN links into a single logical
channel. |
|
|
Term
| PPP uses these two main protocols |
|
Definition
Link Control
Protocol (LCP)
Network Control
Protocol (NCP) |
|
|
Term
Link Control
Protocol (LCP) |
|
Definition
LCP is responsible for establishing, maintaining, and tearing down the PPP link. LCP packets are exchanged periodically.
During link establishment, LCP agrees on encapsulation, packet size, and compression settings. LCP also
indicates whether authentication should be used.
Throughout the session, LCP packets are exchanged to:
Detect loops.
Detect and correct errors.
Control the use of multiple links (multilink).
When the session is terminated, LCP tears down the link.
A single Link Control Protocol runs for each physical connection. |
|
|
Term
Network Control
Protocol (NCP) |
|
Definition
NCP is used to agree on and configure Network layer protocols. Each Network layer protocol has a corresponding control
protocol packet. Examples of control protocols include:
IP Control Protocol (IPCP)
IP version 6 Control Protocol (IPv6CP)
A single PPP link can run multiple control protocols—one for each Network layer protocol supported on the
link. |
|
|
Term
| PPP establishes communication in three phases |
|
Definition
1. LCP phase—LCP packets are exchanged to open the link and agree on link settings.
2. Authenticate phase (optional)—Authenticationspecific
packets are exchanged to configure authentication parameters and to authenticate the devices.
LCP packets might also be exchanged during this phase to maintain the link.
3. NCP phase—NCP packets are exchanged to agree on which upper layer protocols to use. For example, routers might exchange IPCP and Cisco
Discovery Protocol Control Protocol (CDPCP) packets to agree on using IP and CDP for Network layer communications. During this phase, LCP
packets might continue to be exchanged |
|
|
Term
| To configure PPP on the router, do the following |
|
Definition
1. Enable PPP encapsulation on the interface. You must set the encapsulation method to PPP before you can configure authentication or compression.
2. Select CHAP or PAP as the authentication method.
3. Configure username and password combinations. Keep in mind the following:
Both routers need to be configured with a username and password.
The username identifies the hostname of each router.
The password must be the same on both routers. |
|
|
Term
| network is made up of the following components |
|
Definition
computer
transmiising media a path for electical signals between devices
network interfaces device that send a receive electrial signals
protocols rules or standards that describe how hosts communicate and exchange data |
|
|
Term
|
Definition
PeertoPeer
ClientServer |
|
|
Term
|
Definition
In a clientserver network, hosts have specific roles. For example, some hosts are assigned server roles,
which allow them to provide network resources to other hosts. Other hosts are assigned client roles, which
allow them to consume network resources. Advantages of clientserver networks include the following:
Easy to expand (scalable)
Easy to support
Centralized services
Easy to back up
Disadvantages of clientserver networks include the following:
Expensive server operating systems
Extensive advanced planning required |
|
|
Term
|
Definition
In a peertopeer network, each host can provide network resources to other hosts or access resources located
on other hosts. Each host is in charge of controlling access to those resources. Advantages of peertopeer
networks include the following:
Easy implementation
Inexpensive
Disadvantages of peertopeer networks include the following:
Difficult to expand (not scalable)
Difficult to support
Lack centralized control
No centralized storage |
|
|
Term
Personal Area
Network
(PAN) |
|
Definition
A personal area network is a very small network used for communicating between personal devices. For
example, a PAN may include a notebook computer, a wireless headset, a wireless printer, and a smart phone.
A PAN is limited in range to only a few feet. A PAN is typically created using Bluetooth wireless
technologies. |
|
|
Term
|
Definition
A local area network is a network in a small geographic area, like an office. A LAN typically uses wires to
connect systems together. |
|
|
Term
Metropolitan
Area Network
(MAN) |
|
Definition
A metropolitan area network is a network that covers an area as small as a few city blocks to as large as an
entire metropolitan city. MANs are typically owned and managed by a city as a public utility. Be aware that
many IT professionals do not differentiate between a wide area network and a MAN, as they use essentially
the same network technologies. |
|
|
Term
|
Definition
A wide area network is a group of LANs that are geographically isolated, but are connected to form a large
internetwork. |
|
|
Term
| The following table lists several ways to describe a network: |
|
Definition
Host Role
Geography
Management
Participation |
|
|
Term
|
Definition
Network
Subnet
Internetwork |
|
|
Term
|
Definition
The term network often describes a computer system controlled by a single organization. This could be a
local area network at a single location or a wide area network used by a single business or organization. If
two companies connected their internal networks to share data, you could call it one network. In reality,
however, it is two networks, because each network is managed by a different company. |
|
|
Term
|
Definition
A subnet is a portion of a network with a common network address.
All devices on the subnet share the same network address, but they have unique host addresses.
Each subnet in a larger network has a unique subnet address.
Devices connected through hubs or switches are on the same subnet. Routers are used to connect
multiple subnets. |
|
|
Term
|
Definition
A network with geographically disperse (WAN) connections that connect multiple LANs is often called an
internetwork. Additionally, connecting two networks under different management is a form of
internetworking, because data must travel between two networks. |
|
|
Term
|
Definition
Personal Area
Network
(PAN)
Local Area
Network
(LAN)
Wireless
Local Area
Network
(WLAN)
Metropolitan
Area Network
(MAN)
Wide Area
Network
(WAN) |
|
|
Term
|
Definition
Internet
Intranet
Extranet |
|
|
Term
|
Definition
The Internet is a large, worldwide, public network. The network is public because virtually anyone can
connect to it, and users or organizations make services freely available on the Internet.
Users and organizations connect to the Internet through an Internet service provider (ISP).
The Internet uses a set of communication protocols (TCP/IP) for providing services.
Individuals and organizations can make services (such as a website) available to other users on the
Internet. |
|
|
Term
|
Definition
An intranet is a private network that uses Internet technologies. Services on an intranet are only available to
hosts that are connected to the private network. For example, your company might have a website that only
employees can access. |
|
|
Term
|
Definition
An extranet is a private network that uses Internet technologies, but its resources are made available to
external (but trusted) users. For example, you might create a website on a private network that only users
from a partner company can access |
|
|
Term
| The following are the components of fiber optic cabling: |
|
Definition
The core carries the signal. It is made of plastic or glass.
The cladding maintains the signal in the center of the core as the cable bends.
The sheathing protects the cladding and the core. |
|
|
Term
| Fiber optic cabling offers the following advantages and disadvantages: |
|
Definition
Advantages
Totally immune to EMI (electromagnetic interference)
Highly resistant to eavesdropping
Supports extremely high data transmission rates
Allows greater cable distances without a repeater
Disadvantages
Very expensive
Difficult to work with
Special training required to attach connectors to cables |
|
|
Term
|
Definition
Data transfers through the core using a single light ray (the ray is also called a mode).
The core diameter is around 10 microns.
At distances up to 3 km, single mode delivers data rates up to 10 Gbps.
Cable lengths can extend a great distance. |
|
|
Term
|
Definition
Data transfers through the core using multiple light rays.
The core diameter is around 50 to 100 microns.
At distances of under 2 km, multimode delivers data rates up to 1 Gbps.
Cable lengths are limited in distance. |
|
|
Term
|
Definition
Used with single mode and multimode cabling.
Has a keyed, bayonettype connector.
Also called a pushin and twist connector.
Each wire has a separate connector.
Nickel plated with a ceramic ferrule to ensure proper core alignment
and to prevent light ray deflection.
As part of the assembly process, the exposed fiber tip must be polished
to ensure that light is passed on from one cable to the next with no
dispersion |
|
|
Term
|
Definition
Used with single mode and multimode cabling.
Has a pushon/pulloff connector type that uses a locking tab to
maintain connection.
Each wire has a separate connector.
Uses a ceramic ferrule to ensure proper core alignment and to prevent
light ray deflection.
As part of the assembly process, the exposed fiber tip must be polished. |
|
|
Term
|
Definition
Used with single mode and multimode cabling.
Composed of a plastic connector with a locking tab, similar to a RJ45
connector.
A single connector with two ends keeps the two cables in place.
Uses a ceramic ferrule to ensure proper core alignment and to prevent
light ray deflection.
Is half the size of other fiber optic connectors. |
|
|
Term
|
Definition
Used with single mode and multimode cabling.
Composed of a plastic connector with a locking tab.
Uses metal guide pins to ensure that it is properly aligned.
A single connector with one end holds both cables.
Uses a ceramic ferrule to ensure proper core alignment and to prevent |
|
|
Term
|
Definition
Used only with single mode cabling.
Each wire has a separate connector.
Uses a threaded connector.
Designed to stay securely connected in environments where it may
experience physical shock or intense vibration. |
|
|
Term
|
Definition
To use this standard, arrange the wires
from pins 1 to 8 in each connector in the
following order: GW, G, OW, B, BW, O, BrW,
Br. |
|
|
Term
|
Definition
To use this standard, arrange the wires
from pins 1 to 8 in each connector in the
following order: OW, O, GW, B, BW, G, BrW,
Br |
|
|
Term
|
Definition
Computers connect to the network through a hub or switch
with a straightthrough cable. There are two standards for
creating straightthrough cables It doesn't matter which standard you use, but once you
choose a standard, you should use the same one for all your
cables to avoid confusion later on during troubleshooting. |
|
|
Term
|
Definition
Computers can connect directly to one another using a
crossover cable. The easiest way to create a crossover cable
is to arrange the wires using the T568A standard in the
first connector and the T568B standard in the second
connector. |
|
|
Term
| Ethernet specifications use the following pins: |
|
Definition
Pin 1: Tx+
Pin 2: TxPin
3: Rx+
Pin 4: Unused
Pin 5: Unused
Pin 6: RxPin
7: Unused
Pin 8: Unused |
|
|
Term
Main
Distribution
Frame
(MDF) |
|
Definition
The main distribution frame is the main wiring point for a building. It is usually located on the bottom floor or basement. The
LEC typically installs the demarc to the MDF. |
|
|
Term
Intermediate
Distribution
Frame
(IDF) |
|
Definition
An intermediate distribution frame is a smaller wiring distribution point within a building. IDFs are typically located on each
floor directly above the MDF, although additional IDFs can be added on each floor as necessary. |
|
|
Term
|
Definition
extends the demarcation point from its original location to another location within the building.
The demarc extension usually consists of a single wire bundle that attaches to the existing demarc and supplies a
termination point to a different location.
You might need a demarc extension if your network occupies an upper floor of a building. The LEC will typically install
the demarc into the MDF on the bottom floor, and you will need to install an extension to place the demarc into the IDF
on your floor.
You are responsible for installing the demarc extension, but the LEC might do it for an additional charge. |
|
|
Term
|
Definition
A vertical cross connect connects the MDF on the main floor to IDFs on upper floors. Cabling runs vertically between the MDF
and the IDFs. |
|
|
Term
|
Definition
| A horizontal cross connect connects IDFs on the same floor. Cabling runs horizontally between the IDF |
|
|
Term
|
Definition
A 25 pair cable consists of 25 pairs of copper wires in a single bundle (containing a total of 50 wires). 25 pair cables are often
used for telephone installations that have multiple telephone lines, for replacing multiple Cat3/5/5e/6 cables in a single bundle,
and for horizontal and vertical cross connects between the MDF and IDFs. Individual wires within the 25 pair cable use the
following color coding scheme:
A total of 10 colors are used in two different groups:
Group 1 colors are white, red, black, yellow, and violet.
Group 2 colors are blue, orange, green, brown, and slate.
There are 5 wires of each color.
Every colored wire in group 1 is paired with each color in group 2. For example, you will have the following pairs for
the white wires: White with blue White with orange White with green White with brown White with slate |
|
|
Term
|
Definition
A 100 pair cable consists of 100 pairs of copper wires in a single bundle (containing 200 wires).
100 pair wires use the same coloring scheme as 25 pair wires, repeated 4 times.
Generally, each bundle of 25 wires is wrapped together with a colored nylon string to help separate wires of the same |
|
|
Term
|
Definition
A 66 block is a punchdown block used for connecting individual copper wires together.
The 66 block has 25 rows of four metal pins. Pushing a wire into a pin pierces the plastic sheath on the wire, making
contact with the metal pin.
There are two different 66 block configurations: With the 25 pair block (also called a nonsplit block), all 4 pins are bonded (electrically connected). Use the 25
pair block to connect a single wire with up to 3 other wires. With the 50 pair block (also called a split block), each set of 2 pins in a row are bonded. Use the 50 pair block
to connect a single wire to one other wire.
With a 50 pair block, use a bridge clip to connect the left two pins to the right two pins. Adding or removing the bridge
clip is an easy way to connect wires within the row for easy testing purposes.
66 blocks are used primarily for telephone applications. When used for data applications:
Be sure to purchase 66 blocks rated for Cat5. When inserting wires in the block, place both wires in a pair through the same slot to preserve the twist as much as
possible. |
|
|
Term
|
Definition
A 110 block is a punchdown block used for connecting individual wires together.
The 110 block comes in various sizes for connecting pairs of wires (for example 50, 100, or 300 pair).
The 110 block has rows of plastic slots. Each plastic slot connects two wires together:
Place the first wire into the plastic slot on the 110 block.
Insert a connecting block over the wire and slot. The connecting block has metal connectors that pierce the
plastic cable sheath.
Place the second wire into the slot on the connecting block.
C4 connectors connect four pairs of wires; C5 connectors connect five pairs of wires. When connecting data wires on a 110 block, you typically connect wires in the following order: White wire with a blue stripe, followed by the solid blue wire. White wire with an orange stripe, followed by the solid orange wire. White wire with a green stripe, followed by the solid green wire. White wire with a brown stripe, followed by the solid brown wire.
Use BLOG (BLueOrangeGreen) to remember the wire order, and remember to start with the white striped
wire first.
110 blocks can be used for both telephone and data, and are better suited for Cat5 installations. When using 110 blocks for Cat5
wiring, be sure to preserve the twists in each wire pair to within onehalf of an inch of the connecting block. |
|
|
Term
|
Definition
A patch panel is a device that is commonly used to connect individual stranded wires into female RJ45 connectors. For example,
you might connect 4 pairs of wires from a punchdown block to a port on the patch panel. On the patch panel, you then connect
drop cables (cables with RJ45 connectors) to the patch panel on one end and a computer on the other end. |
|
|
Term
|
Definition
bus topology
not suitable for ring or star topologies
ends of the cable must be terminated. It is composed of two conductors that share a common axis within a single cable. |
|
|
Term
| Coaxial cable is built with the following components |
|
Definition
Two concentric metallic conductors:
The inner conductor carries data signals. It is made of copper or copper coated with tin.
The mesh conductor is a second physical channel that also grounds the cable. It is made of aluminum or copper coated tin.
An insulator that surrounds the inner conductor and keeps the signal separated from the mesh conductor. It is made of PVC plastic.
A mesh conductor that surrounds the insulator and grounds the cable. It is made of aluminum or copper coated tin.
A cable encasement that surrounds and protects the wire. It is made of PVC plastic. |
|
|
Term
| Coaxial cable has the following advantages and disadvantages: |
|
Definition
Advantages
Highly resistant to EMI (electromagnetic interference)
Highly resistant to physical damage
Disadvantages
More expensive than UTP
Inflexible construction (more difficult to install)
Unsupported by newer networking standards |
|
|
Term
|
Definition
| 10Base2 Ethernet networking (also called Thinnet) 50 ohms |
|
|
Term
|
Definition
| Cable TV and cable networking 75 ohms |
|
|
Term
|
Definition
Cable TV, satellite TV, and cable networking
RG6 has less signal loss than RG59 and is a better choice for networking applications, especially when longer
distances (over a few feet) are involved.
75 ohms |
|
|
Term
|
Definition
| 10Base5 Ethernet networking (also called Thicknet) 50 ohms |
|
|
Term
|
Definition
Twisted onto the cable
Used to create cable and satellite TV connections
Used to connect a cable modem to a broadband cable connection |
|
|
Term
|
Definition
Molded onto the cable
Used in 10Base2 Ethernet networks |
|
|
Term
|
Definition
Is a DB15 serial connector
Used in 10Base5 Ethernet networks |
|
|
Term
what are the facts components of twisted pair
cabling |
|
Definition
Two wires carry data signals (one conductor carries a positive signal; the other carries a negative signal). They are made of 22 or 24 gauge copper
wiring.
Either PVC or plenum plastic insulation surrounds each wire. Plenum cable is fire resistant and nontoxic; it must be used when wiring above
ceiling tiles. PVC cable cannot be used to wire above ceilings, because it is toxic when burned.
The two wires are twisted to reduce the effects of electromagnetic interference (EMI) and crosstalk. Because the wires are twisted, EMI affects both
wires equally and should be cancelled out.
Multiple wire pairs are bundled together in an outer sheath. Twisted pair cable can be classified according to the makeup of the outer sheath, as
described:
Shielded Twisted Pair (STP) has a grounded outer copper shield around the bundle of twisted pairs or around each pair. This provides
added protection against EMI.
Unshielded Twisted Pair (UTP) does not have a grounded outer copper shield. UTP cables are easier to work with and are less expensive
than shielded cables. |
|
|
Term
|
Definition
RJ11 A phone cable is used to connect a PC to a phone jack in a wall outlet to establish a dialup Internet connection. It has
two pairs of twisted cable (a total of 4 wires) |
|
|
Term
|
Definition
RJ45
Cat 3 is designed for use with 10 megabit Ethernet or 16 megabit token ring. |
|
|
Term
|
Definition
RJ45
Cat 5 supports 100 megabit Ethernet and ATM networking. Cat 5 specifications also support gigabit (1000 Mb)
Ethernet. |
|
|
Term
|
Definition
RJ45
Cat 5e is similar to Cat 5 but provides better EMI protection. It supports 100 megabit and gigabit Ethernet. |
|
|
Term
|
Definition
RJ45
Cat 6 supports 10 Gbps Ethernet and highbandwidth, broadband communications. Cat 6 cables often include a solid
plastic core that keeps the twisted pairs separate and prevents the cable from being bent too tightly. |
|
|
Term
|
Definition
RJ45
Cat 6a is designed to provide better protection against EMI and crosstalk than Cat 6 cabling. Cat 6a provides better
performance than Cat 6, especially when used with 10 Gbps Ethernet. |
|
|
Term
|
Definition
Has 4 connectors
Supports up to 2 pairs of wires
Uses a locking tab to keep the connector secure in an outlet
Used primarily for telephone wiring |
|
|
Term
|
Definition
Has 8 connectors
Supports up to 4 pairs of wires
Uses a locking tab to keep the connector secure in an outlet
Used for Ethernet and some token ring connections
There is another connector type called RJ48c that is almost identical to RJ45. RJ48c uses the sam |
|
|
Term
|
Definition
is responsible for converting binary data into a format to be sent on the network medium.
A transceiver and modem
Network adapters are Layer 1 devices because they send and receive signals on the network medium. They are also Layer 2 devices because they
must follow the rules for media access, and because they read the physical address in a frame. |
|
|
Term
|
Definition
A transceiver module is used to change the media type of a port on a network device, such as a switch or a router. The following
are the most common types of transceiver modules:
A GBIC (gigabit interface converter) is a largersized transceiver that fits in a port slot and is used for Gigabit media
including copper and fiber optic.
An SFP (small formfactor pluggable) is similar to a GBIC but is a smaller size. An SFP is sometimes called a miniGBIC.
An XFP transceiver is similar in size to an SFP but is used for 10 Gigabit networking. |
|
|
Term
|
Definition
A media converter is used to connect network adapters that are using different media types. For example, a media converter could
be used to connect a server with a fiber optic Ethernet NIC to a copper Ethernet cable.
Media converters work at the Physical layer (Layer 1). Media converters do not read or modify the MAC address in any
way.
Media converters only convert from one media type to another within the same architecture (such as Ethernet). A media
converter cannot translate between two different architectures. (This must be done using a bridge or a router. Converting
from one architecture to another would require modifying the frame contents to modify the Data Link layer address.) |
|
|
Term
|
Definition
address is a unique identifier burned into the ROM of every Ethernet NIC.
The MAC address is a 12digit (48bit) hexadecimal number (each number ranges from 0–9 or A–F).
The MAC address is globally unique by design. The first half (first 6 digits) of the MAC address is assigned to each
manufacturer. The manufacturer determines the rest of the address, assigning a unique value that identifies the host
address. A manufacturer that uses all the addresses in the original assignment can apply for a new MAC address
assignment.
Devices use the MAC address to send frames to other devices on the same subnet.
Some network cards allow you to change the MAC address through jumpers, switches, or software. However, there are
few legitimate reasons for doing so.
. |
|
|
Term
Address
Resolution
Protocol
(ARP) |
|
Definition
used by hosts to discover the MAC address of a device from its IP address. Before two devices can communicate, they
must know the MAC address of the receiving device. If the MAC address isn't known, ARP does the following to find it:
1. The sending device sends out a broadcast frame.
The destination MAC address is all Fs (FFFF:FFFF:FFFF).
The sending MAC address is its own MAC address.
The destination IP address is the known IP address of the destination host.
The sending IP address is its own IP address.
2. All hosts on the subnet process the broadcast frame, looking at the destination IP address.
3. If the destination IP address matches its own address, the host responds with a frame that includes its own MAC address
as the sending MAC address.
4. The original sender reads the MAC address from the frame and associates the IP address with the MAC address, saving it
in its cache.
Once the sender knows the MAC address of the receiver, it sends data in frames addressed to the destination device. These frames
include a Cyclic Redundancy Check (CRC), which is used to detect frames that have been corrupted during transmission.
Hosts use the Reverse Address Resolution Protocol (RARP) to find the IP address of a host with a known MAC address. |
|
|
Term
Electromagnetic
interference
(EMI) and
radio frequency
interference
(RFI) |
|
Definition
Electromagnetic interference and radio frequency interference are external signals that interfere with normal network
communications. Common sources of EMI/RFI include nearby generators, motors (such as elevator motors), radio
transmitters, welders, transformers, and fluorescent lighting.
To protect against EMI/RFI:
Use fiber optic instead of copper cables. Fiber optic cables are immune to EMI/RFI.
Use shielded twisted pair cables. Shielded cables have a metal foil that encloses all of the wires. Some cables might
also include a drain wire (a bare wire in the cable that absorbs EMI/RFI).
Avoid installing cables near EMI/RFI sources. |
|
|
Term
|
Definition
Crosstalk is interference that is caused by signals within the twisted pairs of wires. For example, current flow on one wire
causing a current flow on an adjacent wire.
The twisting of wires into pairs helps reduce crosstalk between wires.
Each pair of wires is twisted at a different rate to reduce crosstalk between pairs.
Crosstalk is often introduced within connectors, where the twists are removed to add the connector. Crosstalk can also
occur where wires are crushed or where the plastic coating is worn.
There are several forms of crosstalk
Near end crosstalk
Far end crosstalk
Alien crosstalk |
|
|
Term
|
Definition
(NEXT) is measured on the same end as the transmitter. For example, when a signal is sent on one
wire, near end crosstalk measures the interference on an adjacent wire at the same connector end |
|
|
Term
|
Definition
is measured on the opposite end from the transmitter. For example, when a signal is sent
on one wire, far end crosstalk measures the interference on an adjacent wire at the opposite connector end. |
|
|
Term
|
Definition
is introduced from adjacent, parallel cables. For example, a signal sent on one wire causes interference
on a wire that is within a separate twisted pair cable bundle |
|
|
Term
|
Definition
is the loss of signal strength from one end of a cable to the other. This is also known as dB loss.
The longer the cable, the more attenuation. For this reason, it is important never to exceed the maximum cable length
defined by the networking architecture.
Cables at a higher temperature experience more attenuation than cables at a lower temperature.
A repeater regenerates the signal and removes the effects of attenuation |
|
|
Term
Open
impedance
mismatch
(echo) |
|
Definition
is the measure of resistance within the transmission medium.
Impedance is measured in ohms (Ω).
All cables must have the same impedance rating. The impedance rating for the cable must match the impedance of
the transmitting device.
Impedance is mostly a factor in coaxial cables used for networking. Be sure to choose cable with the correct rating
(50 or 75 ohm) based on the network type. Never mix cables with different ratings. When signals move from a cable with one impedance rating to a cable with another rating, some of the signal is
reflected back to the transmitter, distorting the signal. With video (cable TV), impedance mismatch is manifested as
ghosting of the image.
Cable distance does not affect the impedance of the cable |
|
|
Term
|
Definition
An electrical short occurs when electrical signals take a path other than the intended path. In the case of twisted pair wiring, a
short means that a signal sent on one wire arrives on a different wire. Shorts occur when two wires touch; this can be caused
by worn wire jackets, crushed wires, or a metal object piercing two or more wires |
|
|
Term
|
Definition
An open circuit is when a cut in the wire prevents the original signal from reaching the end of the wire. An open circuit is
different from a short in that the signal stops (electricity cannot flow because the path is disconnected). |
|
|
Term
|
Definition
A miswired cable is caused by incorrect wire positions on both connectors.
reverse connection
Wiremapping
A split pair |
|
|
Term
|
Definition
n is when a cable is wired using one standard on one end and another standard on the other end,
creating a crossover cable. While this condition might be intentional, it can cause problems when a crossover cable is
used instead of a straightthrough cable |
|
|
Term
|
Definition
refers to the matching of a wire with a pin on one end with the same pin on the other end. For
example, an error in the wiremapping results when the wire at pin 1 connects to pin 4 |
|
|
Term
|
Definition
condition is when a single wire in two different pairs is reversed at both ends. For example, if instead of
the solid green wire, the solid brown wire is matched with the green/white wire in pins 1 and 2. With a split pair
configuration, the cable might still work (especially if it is short), but it could introduce crosstalk.
When the 568A/B standards for making drop cables are followed, one pair is split to meet the standards. In
this case, a common split pair error is simply placing all wire pairs in order in the connector instead of
splitting the pair according to the standard. When connecting cables using a punchdown block, pairs are not split. |
|
|
Term
Incorrect
termination or
bad connector |
|
Definition
occurs when an incompatible or incorrect connector is used. This can result in reduced performance
or complete connection loss.
s a damaged connector that is causing connectivity issues. For example, a broken locking tab on an RJ45
connector can cause intermittent connection problems. |
|
|
Term
| Troubleshooting fiber optic wiring Connectors |
|
Definition
For light to pass through a fiber optic connector, the fiber within the jack must line up perfectly with the fiber in the
connector. Using the wrong connector will result in misaligned fibers, disrupting the light signal, even if the connector is
successfully locked into the jack
Dirty connectors can also impede or disrupt the light signal, so it's important that they are kept clean. Several cleaning
methods can be used with fiber optic connectors:
For connectors where the ferrule protrudes out of the connector, such as the FC connector, you can wipe the end
of the ferrule with a lintfree cloth that has a small amount of denatured alcohol applied. Immediately wipe the
ferrule dry with a dry, lintfree cloth.
For fiber optic connectors where the end of the ferrule is less accessible, you must use a specialized cleaning tool.
Some cleaning tools allow you to plug in the fiber optic cable and then clean it by pumping the tool's handle.
To clean the jacks on fiber optic network interfaces, you can purchase a specialized fiber optic cleaning stick to
remove foreign material. |
|
|
Term
|
Definition
The better the polish on the connector,
the better the light will pass through without reflection. |
|
|
Term
|
Definition
| Whenever a connector is installed on the end of fiber optic cable, a degree of signal loss occurs |
|
|
Term
|
Definition
Physical Contact (PC) polishing is usually used with single mode fiber. The ends of the fiber are polished with a slight
curvature so that when the cable end is inserted into the connector, only the cores of the fiber actually touch each other.
Super Physical Contact (SPC) and Ultra Physical Contact (UPC) polishing uses a higher grade of polish and has more of
a curvature than PC polishing, further reducing ORL reflections.
Angled Physical Contact (APC) polishing is used to reduce back reflection as much as possible. An APC connector has an
8degree angle cut into the ferrule, which prevents reflected light from traveling back down the fiber. Any reflected light
is bounced out into the cable cladding instead. You can only use anglepolished connectors with other anglepolished
connectors. Using an anglepolished connector with a nonanglepolished connector causes excessive insertion loss. |
|
|
Term
|
Definition
Fiber optic cabling is much less forgiving of physical abuse than copper wiring. The fiber core is fragile and can be easily
damaged by rough handling. For example, bending a fiber cable at too tight of a radius will break the core. Wavelength mismatch will cause serious issues with fiber optic cables. You cannot mix and match different types of cable.
For example, if you connect single mode fiber to multimode fiber, you will introduce a catastrophic signal loss of up to
99%. Even connecting cables of the same type that have different core diameters can cause a loss of up to 50% of the
signal strength. |
|
|
Term
|
Definition
Many network switches and routers allow you to insert a gigabit interface converter (GBIC) in an empty slot to convert the
interface from copper wiring to fiber optic. Other devices use a small formfactor pluggable (SFP) module to accomplish the same
goal. Several issues that can occur when using fiber optic media adapters:
Some GBIC/SFP modules use multimode fiber, while others use single mode. Make sure that you use the correct type of
fiber optic cable and connector required by the specific adapter.
Media adapter modules malfunction on occasion. If you have lost connectivity on one of these links, ensure the adapter
module is working correctly |
|
|
Term
|
Definition
Light signals being transmitted through a fiber optic cable experience attenuation as they pass through the cable. Several factors
contribute to signal loss:
Cable length
Connectors
Splices
You can use these factors to calculate how much signal loss (measured in dB) you should reasonably expect in a given run of fiber
optic cabling. Signal loss is calculated by summing the average loss of all the components used in the cable run to generate an
5/5/2016 TestOut LabSim
http://cdn.testout.com/clientv5110337/startlabsim.html?culture=enus 2/2
Attenuation
estimate of the total attenuation that will be experienced endtoend. This estimate is called a loss budget.
When calculating a loss budget for a segment of fiber optic cable, use the following guidelines:
Connectors: 0.3 dB loss each
Splices: 0.3 dB loss each
Multimode cabling: 1–3 dB loss per 1000 meters, depending on the thickness and quality of the cable.
Single mode cabling: 0.4–0.5 dB loss per 1000 meters, depending on the thickness and quality of the cable.
The total attenuation should be no more than 3 dB less than the total power at the transmission source. This is called the link loss
margin. For example, if the total power output at the transmission source of a cable run is 15 dB, then the total attenuation over
the cable run should not exceed 12 dB. This ensures that the cable will continue to function as its components (e.g., LED light
transmitters and connectors) degrade with age and use. |
|
|
Term
|
Definition
A loopback plug reflects a signal from the transmit port on a device to the receive port on the same device. Use the loopback
plug to verify that a device can both send and receive signals. |
|
|
Term
|
Definition
is a special loopback plug installed at the demarcation point for a WAN service. Technicians at the central office
can send diagnostic commands to the smart jack to test connectivity between the central office and the demarc. |
|
|
Term
|
Definition
) verifies that the cable can carry a signal from one end to the other and that all wires are in the
correct positions.
Higherend cable testers can check for various miswire conditions (wire mapping, reversals, split pairs, shorts, or open
circuits).
You can use a cable tester to quickly tell the difference between a crossover and a straightthrough cable.
Most testers have a single unit that tests both ends of the cable at once. Many testers come with a second unit that can
be plugged into one end of a long cable run to test the entire cable |
|
|
Term
Timedomain
reflectometer
(TDR)
and
Optical timedomain
reflector
(OTDR) |
|
Definition
A timedomain reflectometer is a special device that sends electrical pulses on a wire in order to discover information about the
cable. The TDR measures impedance discontinuities (i.e., the echo received on the same wire in response to a signal on the
wire). The results of this test can be used to identify several variables:
Estimated wire length
Cable impedance
The location of splices and connectors on the wire
The location of shorts and open circuits
An optical timedomain reflector performs the same function as a TDR but is used for fiber optic cables. An OTDR sends light
pulses into the fiber cable and measures the light that is scattered or reflected back to the device. The information is then used
to identify specifics about the cable:
The location of a break
Estimated cable length
Signal attenuation (loss) over the length of the cable |
|
|
Term
|
Definition
A toner probe is composed of two devices that are used together to trace the end of a wire from a known endpoint to the
termination point in the wiring closet |
|
|
Term
|
Definition
keeps track of voltage conditions on a power line. Basic recorders simply keep track of the occurrence
of undervoltage or overvoltage conditions, while more advanced devices track conditions over time and create a graph, saving
data from a program running on a computer. |
|
|
Term
|
Definition
| r does what its name implies—it monitors the environmental conditions of a specific area or device |
|
|
Term
|
Definition
bus star
ring star
star
mesh |
|
|
Term
| Devices use the following process to send data: |
|
Definition
Because all devices have equal access (multiple access) to the transmission media, a device listens to the transmission
medium to determine if it is free before sending data (carrier sense).
If it is not free, the device waits a random amount of time and listens again to the transmission medium. If it is free,
the device transmits its message.
If two devices transmit at the same time, a collision occurs. The sending devices detect the collision (collision
detection) and send a jam signal to notify all other hosts that a collision has occurred.
Both devices wait a random length of time before attempting to resend the original message (backoff). |
|
|
Term
|
Definition
Devices with collision detection turned on operate
Collision detection is turned on.
The device can send or receive in only
one direction at a time.
Devices connected to a hub must use
halfduplex communication.
Up to the rated bandwidth (10 Mbps for 10BaseT,
100 Mbps for 100BaseT, etc.) |
|
|
Term
|
Definition
Collision detection is turned off.
The device can send and receive at the
same time.
Requires fullduplex capable NICs.
Requires switches with dedicated switch
ports (a single device per port).
Double the rated bandwidth (20 Mbps for
10BaseT, 200 Mbps for 100BaseT, etc.) |
|
|
Term
|
Definition
The preamble is a set of alternating ones and zeros terminated by two ones (11) that mark it as a frame.
The destination address identifies the receiving host's MAC address.
The source address identifies the sending host's MAC address.
The data is the information that needs to be transmitted from one host to the other.
Optional bits to pad the frame. Ethernet frames are sized between 64 and 1518 bytes. If the frame is smaller than 64
bytes, the sending NIC places "junk" data in the pad to make it the required minimum of 64 bytes.
The cyclic redundancy check (CRC) is the result of a mathematical calculation performed on the frame. The CRC
5/5/2016 TestOut LabSim
http://cdn.testout.com/clientv5110337/startlabsim.html?culture=enus 2/2
helps verify that the frame contents have arrived uncorrupted. |
|
|
Term
|
Definition
e TVs, kitchen appliances, environmental controls, and industrial equipment is commonplace
in the modern networking environment
hey aren't designed to be customized
or directly configured by system administrators. |
|
|
Term
Supervisory Control and Data Acquisition (SCADA)
and 2 important functions |
|
Definition
which are used to
manage automated factory equipment
Supervisory control is used to remotely control equipment over a network connection.
Data acquisition is used to gather information from the remote equipment, allowing you to monitor its status. |
|
|
Term
| Distributed Control System (DCS), which is typically implemente |
|
Definition
A central supervisory computer that communicates with and sends control commands to connected SCADA devices.
Remote terminal units (RTUs) implemented within the SCADA devices being controlled. RTUs connect the equipment to the network, converting
digital data from the network into signals the equipment can process, and vice versa. This enables the equipment to receive commands from the
supervisory system and to send status information back. Most RTUs use wireless communications and are better suited for large geographical areas.
Programmable logic controllers (PLCs) perform a function similar to RTUs (connecting SCADA equipment to the network). Most PLCs use a
physical connection and are better suited for small plants or factories.
A network link is used to connect the supervisory computer to the RTUs or PLCs. This can be done using an Internet connection, a satellite link, a
private WAN link, or even a modem connection using a telephone line. |
|
|
Term
|
Definition
Bridges and switches build
a list of Layer 2 MAC addresses, with the port used to reach each
device. Bridges and switches automatically learn about devices to build the forwarding database, but a network administrator can also
program the device database manually. When a frame arrives on a switch port (also called an interface), the switch examines the source and
destination address in the frame header and uses the information to complete the following tasks:
The switch examines the source
MAC address of the frame and notes
which switch port the frame arrived
on.
2. The switch examines the
destination MAC address of the
frame. |
|
|
Term
| destination MAC address of the frame |
|
Definition
A broadcast address, then the switch sends a copy of the frame to all connected devices on all
ports. This is called flooding the frame.
A unicast address, but no mapping exists in the CAM table for the destination address, the
switch floods the frame to all ports. The connected device that the frame is addressed to will
accept and process the frame. All other devices will drop the frame.
A unicast address and mapping exists in the CAM table for the destination address, the switch
sends the frame to the switch port specified in the CAM table. This is called forwarding the
frame.
A unicast address and mapping exists in the CAM table for the destination address, but the
destination device is connected to the same port from which the frame was received, the switch
ignores the frame and does not forward it. This is called filtering the frame |
|
|
Term
|
Definition
Not in the switch's Content Addressable Memory (CAM) table, a new entry is added to the table
that maps the source device's MAC address to the port on which the frame was received. Over
time, the switch builds a map of the devices that are connected to specific switch ports.
Already mapped to the port on which the frame was received, no changes are made to the
switch's CAM table.
Already in the switch's CAM table, but the frame was received on a different switch port, the
switch updates the record in the CAM table with the new port. |
|
|
Term
|
Definition
The switch has multiple interface modes, depending on the physical (or logical)
interface type. For this course, you should be familiar with the following switch
interface modes:
Ethernet (10 Mbps Ethernet)
FastEthernet (100 Mbps Ethernet)
GigabitEthernet (1 GB Ethernet)
VLAN
The VLAN interface configuration mode is used to configure the switch IP
address, and for other management functions. It is a logical management
interface configuration mode, rather than the physical interface configuration
modes used for the FastEthernet and GigabitEthernet ports.
Switch(configif)# |
|
|
Term
|
Definition
Details of the configvlan mode include the following:
It can be used to perform all VLAN configuration tasks.
Changes take place immediately.
Do not confuse the configvlan mode with the VLAN interface configuration
mode.
Switch(configvlan)# |
|
|
Term
|
Definition
Details of the VLAN configuration mode include the following:
It allows you to configure a subset of VLAN features.
Changes do not take effect until you save them, either before or while exiting
the configuration mode.
Changes are not stored in the regular switch configuration file.
For most modern Cisco switches, it is recommended that you configure
VLAN parameters from configvlan mode, as VLAN configuration mode is
being deprecated (phased out).
Switch(vlan)# |
|
|
Term
|
Definition
Use this mode to configure parameters for the terminal line, such as the console,
Telnet, and SSH lines.
Switch(configline)# |
|
|
Term
| Moves to interface configuration mode |
|
Definition
switch(config)#interface FastEthernet 0/14
switch(config)#interface GigabitEthernet 0/1 |
|
|
Term
| Moves to configuration mode for a range of interfaces |
|
Definition
switch(config)#interface range fastethernet 0/14 24
switch(config)#interface range gigabitethernet 0/1 4
switch(config)#interface range fa 0/1 4 , 7 10
switch(config)#interface range fa 0/8 9 , gi 0/1 2 |
|
|
Term
| Sets the port speed on the interface |
|
Definition
switch(configif)#speed 10
switch(configif)#speed 100
switch(configif)#speed 1000
switch(configif)#speed auto |
|
|
Term
| Sets the duplex mode on the interface |
|
Definition
switch(configif)#duplex half
switch(configif)#duplex full
switch(configif)#duplex auto |
|
|
Term
| Enables or disables the interface |
|
Definition
switch(configif)#no shutdown
switch(configif)#shutdown |
|
|
Term
| Shows the interface status of all ports |
|
Definition
| switch#show interface status |
|
|
Term
| Shows the line and protocol status of all ports |
|
Definition
| switch#show ip interface brief |
|
|
Term
|
Definition
All switch ports are enabled (no shutdown) by default.
Port numbering on some switches begins at 1, not 0. For example, FastEthernet 0/1 is the first FastEthernet port on a switch.
Through autonegotiation, the 10/100/1000 ports configure themselves to operate at the speed of attached devices.
Some switches always use the storeandforward switching method.
If the speed and duplex settings are set to auto, the switch will use autoMDIX to sense the cable type (crossover or straightthrough) connected to
the port and will automatically adapt itself to the cable type used
, the link speed and duplex configurations for Ethernet interfaces in Cisco devices are set using IEEE 802.3u autonegotiation
The interface will attempt to sense the link speed, if possible. If it cannot, the slowest link speed supported on the interface is used (usually
10 Mbps).
If the link speed selected is 10 Mbps or 100 Mbps, halfduplex is used. If it is 1000 Mbps, fullduplex is used |
|
|
Term
| storage area network (SAN), |
|
Definition
multiple servers are configured to share a common storage device. The following are facts about SANs:
A SAN uses a dedicated network.
SAN servers have multiple network adapters installed:
At least one interface is connected to the standard production network.
An additional network interface is connected to the SAN, which connects the server to the shared storage.
The SAN is dedicated solely to transferring data between the SAN servers and the shared storage device.
There are two commonly used SAN technologies:
Fibre Channel (FC) is the most expensive type of SAN, but it provides the best performance.
iSCSI is a much less expensive type of SAN, but it doesn't provide the same performance as FC.
SAN storage devices are called targets.
The serve
they are commonly deployed in a clustered configuration. All of the cluster
data exists on the shared storage, so there's no need to replicate data between servers. To users on the network, the cluster appears as a single
file server. If one of the servers in the cluster goes down, the other devices immediately take over and continue to provide access to the files
on the shared storage device.
Clustered SAN servers can be configured to load balance |
|
|
Term
|
Definition
A switched FC SAN uses fiber optic cabling, network adapters, and switches to build the SAN fabric. To build an FC SAN, you need
to:
Install a FC adapter in each server.
Deploy a FC switch.
Connect each server to the FC switch using the appropriate fiber optic cabling.
Deploy a shared storage device. Typically, this is an external RAID device containing multiple hard disk drives. The array
enclosure has an FC network adapter to connect it to the FC switch using the appropriate fiber optic cabling.
When physically configured, FC uses SCSI protocols to access and manage the shared storage:
The storage devices on the FC target appear to the operating system on the initiators to be locally attached SCSI hard disks.
The initiators send SCSI commands over the SAN fabric to manage the remote storage on the target.
FC supports multiple initiators. Each server in the SAN fabric is an initiator and can send disk I/O SCSI commands to the
shared storage device |
|
|
Term
|
Definition
iSCSI is a network protocol that encapsulates SCSI commands within IP packets and transmits them over a standard Ethernet network.
It is much less expensive to implement iSCSI, because it uses standard Ethernet hardware to create the SAN fabric. To create an
iSCSI SAN, you need to implement a:
Dedicated Ethernet cabling (fiber optic or UTP).
Dedicated Ethernet switch.
Dedicated Ethernet NIC in each server.
Storage array with an Ethernet interface.
As a best practice, you should implement a dedicated Ethernet network infrastructure (cabling, switches, and NICs) that
allows only iSCSI SAN traffic.
When physically configured, iSCSI uses SCSI protocols to access and manage the shared storage:
The iSCSI initiator connects to and communicates with iSCSI targets.
The iSCSI initiator sends SCSI commands within IP packets to the iSCSI target over the network.
The iSCSI target redirects the SCSI commands to its locally attached storage devices.
The storage devices on the remote iSCSI target appear to the operating system on the iSCSI initiator as locally attached hard
disks.
iSCSI uses port 3260 by default |
|
|
Term
| SCSI and FC, you should be aware of several factors that may influence your decision |
|
Definition
iSCSI is less expensive and easier to implement than FC.
FC requires specialized hardware and knowledge, while iSCSI can be implemented using standard Ethernet hardware and TCP/IP.
iSCSI is not as fast as FC. Using Gigabit Ethernet hardware, an iSCSI implementation can approximate the speed of the slowest FC SAN.
5/6/2016 TestOut LabSim
http://cdn.testout.com/clientv5110337/startlabsim.html?culture=enus 2/2
FC has a distance limitation of 10km. With iSCSI, IP packets can be routed over many networks, accommodating longer distances. However,
performance will be impacted, as routing iSCSI packets between networks introduces latency.
Both iSCSI and FC provide security features that that can be used to authenticate connections and encrypt data transmissions. |
|
|
Term
| NetworkAttached Storage (NAS |
|
Definition
) is a selfcontained storage appliance designed to allow clients to store and share files over the network. It
can also be used for backups and media streaming.�A NAS device is essentially a pared down file server that has been optimized to store
files for network users
ppliance connects to the network switch by using a wired or wireless network interface. Because it is optimized to provide network
storage
can usually provide better performance than a standard file serve
e is also usually less expensive to
implement than a SAN storage solution, but it can't provide the same level of performance |
|
|
Term
| NAS device typically consists of |
|
Definition
A RAID array with terabytes of storage space.
A motherboard with a processor and memory.
One or more NICs.
A minimal network operating system |
|
|
Term
|
Definition
After a NAS device is configured on a network, it appears to other network hosts as a file server with shared folders. NAS
devices use standard network protocols to provide read and write access to files on the device, including:
Server Message Block (SMB)
Common Internet File System (CIFS)
Network File System (NFS)
Apple Filing Protocol (AFP) |
|
|
Term
|
Definition
A NAS appliance provides a webbased interface that is used to configure its settings, such as its IP address, subnet mask,
security settings, shared folders, and so on. |
|
|
Term
|
Definition
NAS appliances can be integrated into your existing network environment. For example, they can usually be joined to an
Active Directory domain. This allows you to use your existing domain user accounts to authenticate to the device and to control
access to its stored data. |
|
|
Term
|
Definition
Higher end NAS devices usually provide fault tolerance through clustering. Multiple NAS devices are grouped together in a
cluster and all of the data is replicated between the devices. To users on the network, the cluster appears as a single file server.
If one of the devices in the cluster goes down, the other devices immediately take over and continue providing access to the
files. This is called a failover, and it usually takes only a second or two to complete. |
|
|
Term
|
Definition
Clustered NAS systems can be configured to load balance. If the storage provided by a NAS cluster is heavily accessed by
network users, a bottleneck might be created, degrading performance. Using a load balancing cluster, the network load can be
divided up and distributed between multiple devices in the cluster. This can dramatically speed up performance of the storage
system. |
|
|
Term
| connecting Ethernet device |
|
Definition
t is important that the transmit (Tx) wires from one device are matched with the receive (Rx) wires on
the other device. To help understand how to connect devices together, be aware of the following:
Network interface cards in workstations and routers send data on the transmit pins and expect to receive data on the receive pins.
Crossing is automatically performed within a hub or the switch between ports used for connecting devices to the hub or a switch.
Uplink ports on hubs and switches are not crossed. |
|
|
Term
|
Definition
A straightthrough cable connects each wire to the same pin on each connector (pin 1 to pin 1, pin 2 to pin 2, etc.). A straightthrough
cable is used when the crossover is performed with a hub or a switch. Use a straightthrough cable when connecting the
following devices:
Workstation to a regular port on a hub or switch
Router to a regular port on a hub or a switch
Regular port on a hub or switch to an uplink port on a hub or a switch
cable is used from the hub or switch in the wiring closet to the wall plate in an office, and another
straightthrough cable is used between the wall plate and the workstation. Crossing is performed at the hub or the switch, not at any of the
cables connecting the workstation to the hub or switch.
To tell the difference between a crossover and a straightthrough cable, place the connectors sidebyside facing the same direction.
If the wires are in the same order on both connectors, the cable is a straightthrough cable.
If the wires are in a different order, the cable is a crossover cable. |
|
|
Term
|
Definition
cable matches the transmit (Tx) wires on one connector with the receive (Rx) wires on the other connector. A crossover
cable is used when crossing is not performed automatically, or when crossover is being performed twice. Use a crossover cable when
connecting the following devices:
Workstation to a workstation, router to a router, or workstation to a router (in a backtoback configuration)
Uplink port on a hub or a switch to an uplink port on a hub or a switch
Workstation or a router to the uplink port on a hub or a switch
Hub or switch using a regular port to a hub or a switch using the regular port
when connecting two like devices; use a straightthrough cable when connecting different devices or
port types.
If crossover is not performed by either device, use a crossover cable to connect the devices.
If crossover is performed by both devices, use a crossover cable to perform the crossing three times.
If crossover is performed by one device, use a straight through cable.
s often have a different jacket color (such as red). However, you cannot rely only on the cable color
to tell the difference between a crossover and a straightthrough cable. |
|
|
Term
|
Definition
is a cable with an RJ45 connector on one end and an RS232 (serial) connector on the other end. Use a rollover cable
to connect the serial port on a workstation to the console connector on a router or switch. Then run a terminal emulation program on
the workstation to connect to the console of the router or switch to perform configuration and management tasks.
A rollover cable might also have an RJ45 connector on both ends, requiring an adapter to convert from the RJ45 connector to the
serial cable. When terminated with an RJ45 connector on both ends, the wires within the connectors are rolled over to the opposite
connector as follows:
Pin 1 is connected to pin 8
Pin 2 is connected to pin 7
Pin 3 is connected to pin 6
Pin 4 is connected to pin 5 |
|
|
Term
| connecting Ethernet device |
|
Definition
t is important that the transmit (Tx) wires from one device are matched with the receive (Rx) wires on
the other device. To help understand how to connect devices together, be aware of the following:
Network interface cards in workstations and routers send data on the transmit pins and expect to receive data on the receive pins.
Crossing is automatically performed within a hub or the switch between ports used for connecting devices to the hub or a switch.
Uplink ports on hubs and switches are not crossed. |
|
|
Term
|
Definition
A straightthrough cable connects each wire to the same pin on each connector (pin 1 to pin 1, pin 2 to pin 2, etc.). A straightthrough
cable is used when the crossover is performed with a hub or a switch. Use a straightthrough cable when connecting the
following devices:
Workstation to a regular port on a hub or switch
Router to a regular port on a hub or a switch
Regular port on a hub or switch to an uplink port on a hub or a switch
cable is used from the hub or switch in the wiring closet to the wall plate in an office, and another
straightthrough cable is used between the wall plate and the workstation. Crossing is performed at the hub or the switch, not at any of the
cables connecting the workstation to the hub or switch.
To tell the difference between a crossover and a straightthrough cable, place the connectors sidebyside facing the same direction.
If the wires are in the same order on both connectors, the cable is a straightthrough cable.
If the wires are in a different order, the cable is a crossover cable. |
|
|
Term
|
Definition
cable matches the transmit (Tx) wires on one connector with the receive (Rx) wires on the other connector. A crossover
cable is used when crossing is not performed automatically, or when crossover is being performed twice. Use a crossover cable when
connecting the following devices:
Workstation to a workstation, router to a router, or workstation to a router (in a backtoback configuration)
Uplink port on a hub or a switch to an uplink port on a hub or a switch
Workstation or a router to the uplink port on a hub or a switch
Hub or switch using a regular port to a hub or a switch using the regular port
when connecting two like devices; use a straightthrough cable when connecting different devices or
port types.
If crossover is not performed by either device, use a crossover cable to connect the devices.
If crossover is performed by both devices, use a crossover cable to perform the crossing three times.
If crossover is performed by one device, use a straight through cable. |
|
|
Term
|
Definition
is a cable with an RJ45 connector on one end and an RS232 (serial) connector on the other end. Use a rollover cable
to connect the serial port on a workstation to the console connector on a router or switch. Then run a terminal emulation program on
the workstation to connect to the console of the router or switch to perform configuration and management tasks.
A rollover cable might also have an RJ45 connector on both ends, requiring an adapter to convert from the RJ45 connector to the
serial cable. When terminated with an RJ45 connector on both ends, the wires within the connectors are rolled over to the opposite
connector as follows:
Pin 1 is connected to pin 8
Pin 2 is connected to pin 7
Pin 3 is connected to pin 6
Pin 4 is connected to pin 5 |
|
|
Term
|
Definition
Physical
machine (also known as the host operating system) has the actual hardware in place on the machine (hard disk drive(s),
optical drive, RAM, motherboard).
Hypervisor A hypervisor is thin layer of software that resides between the virtual operating system(s) and the hardware. A hypervisor allows
virtual machines to interact with the hardware without going through the host operating system. A hypervisor also manages access
to the following system resources:
CPU
Storage
RAM
There are several different types of hypervisor software.
VMware Workstation and ESX (made by VMware)
HyperV (made by Microsoft)
XEN (open source)
Virtual
machineis a software implementation of a computer that executes programs like a physical machine. The virtual
machine appears to be a selfcontained and autonomous system.
Virtual hard
disk (VHD) virtual hard disk is a file created within the host operating system that simulates a hard disk for the virtual machine |
|
|
Term
| Types of virtualization include the following: |
|
Definition
Full
In full virtualization, the virtual machine completely simulates a real physical host. This allows most operating systems and
applications to run within the virtual machine without being modified in any way.
Partial
In partial virtualization, only some of the components of the virtual machine are virtualized.
The guest operating systems use some virtual components and some real physical hardware components in the actual
device where the hypervisor is running.
Operating systems or applications must be modified before they can run in a partial virtualization environment.
Paravirtualization
In paravirtualization, the hardware is not virtualized.
All of the guest operating systems running on the hypervisor directly access various hardware resources in the
physical device; components are not virtual.
The guest operating systems run in isolated domains on the same physical hardware.
Operating systems or applications must be modified before they can run in a paravirtualization environment. |
|
|
Term
| Network Address Translation (NAT) |
|
Definition
allows you to connect a private network to the Internet without obtaining registered addresses for every
host. Private addresses are translated to the public address of the NAT router:
Hosts on the private network share the IP address of the NAT router or a pool of addresses assigned for the network
The NAT router maps port numbers to private IP addresses. Responses to Internet requests include the port number appended by the NAT router.
This allows the NAT router to forward responses back to the correct private host.
Technically speaking, NAT translates one address to another. Port address translation (PAT) associates a port number with the translated address. With only NAT, you would need a public address for each private host. NAT associates a single public address with a single private address.
PAT allows multiple private hosts to share a single public address. Each private host is associated with a unique port number on the NAT
router.
Because virtually all NAT routers perform PAT, you are normally using PAT and not just NAT when you use a NAT router. (NAT is usually
synonymous with PAT.)
NAT supports a limit of 5,000 concurrent connections.
NAT provides some security for the private network, because it translates or hides private addresses.
A NAT router can act as a limitedfunction DHCP server, assigning addresses to private hosts.
A NAT router can forward DNS requests to the Internet.
The following are three types of NAT implementation |
|
|
Term
|
Definition
Dynamic NAT automatically maps internal IP addresses with a dynamic port assignment. On the NAT device, the internal
device is identified by the public IP address and the dynamic port number. Dynamic NAT allows internal (private) hosts to
contact external (public) hosts, but not vice versa—external hosts cannot initiate communications with internal hosts. This
implementation is also sometimes called ManytoOne NAT, because many internal private IP address are mapped to one
public IP address on the NAT router |
|
|
Term
|
Definition
maps a single private IP address to a single public IP address on the NAT router. Static NAT is used to take a
server on the private network (such as a web server) and make it available on the Internet. Using a static mapping allows
external hosts to contact internal hosts—external hosts contact the internal server using the public IP address and the static
port. This implementation is called OnetoOne NAT, because one private IP address is mapped to one public IP address.
One commonly used implementation of static NAT is called port forwarding. Port forwarding allows incoming traffic
addressed to a specific port to move through the firewall and be transparently forwarded to a specific host on the private
network. Inbound requests are addressed to the port used by the internal service on the router's public IP address (such as
port 80 for a web server). This is often called the public port. Port forwarding associates the inbound port number with the
IP address and port of a host on the private network. This port is often called the private port. Based on the public port
number, incoming traffic is redirected to the private IP address and port of the destination host on the internal network. |
|
|
Term
|
Definition
Dynamic and Static NAT, where two IP addresses are given to the public NAT interface (one for dynamic NAT and one for
static NAT), allows traffic to flow in both directions |
|
|
Term
Routing
Information
Protocol (RIP) |
|
Definition
RIP is a distance vector routing protocol used for routing within an autonomous system (i.e., an IGP).
RIP uses hop count as the metric.
RIP networks are limited in size to a maximum of 15 hops between any two networks. A network with a hop
count of 16 indicates an unreachable network.
RIP v1 is a classful protocol; RIP v2 is a classless protocol.
RIP is best suited for small private networks. |
|
|
Term
Enhanced Interior
Gateway Routing
Protocol (EIGRP) |
|
Definition
EIGRP is a hybrid routing protocol developed by Cisco for routing within an AS.
EIGRP uses a composite number for the metric, which indicates bandwidth and delay for a link. The higher the
bandwidth, the lower the metric.
EIGRP is a classless protocol.
EIGRP is best suited for medium to large private networks. |
|
|
Term
Open Shortest Path
First (OSPF) |
|
Definition
OSPF is a linkstate routing protocol used for routing within an AS.
OSPF uses relative link cost for the metric.
OSPF is a classless protocol.
OSPF divides a large network into areas.
Each autonomous system requires an area 0 that identifies the network backbone.
All areas are connected to area 0, either directly or indirectly through another area.
Routes between areas must pass through area 0.
Internal routers share routes within an area; area border routers share routes between areas; autonomous system
boundary routers share routes outside of the AS.
A router is the boundary between one area and another area.
OSPF is best suited for large private networks |
|
|
Term
Intermediate
System to
Intermediate
System
(ISIS) |
|
Definition
ISIS is a linkstate routing protocol used for routing within an AS.
ISIS uses relative link cost for the metric.
ISIS is a classless protocol.
The original ISIS protocol was not used for routing IP packets; use Integrated ISIS to include IP routing
support.
ISIS divides a large network into areas. There is no area 0 requirement, and ISIS provides greater flexibility
than OSPF for creating and connecting areas.
L1 routers share routes within an area; L2 routers share routes between areas; an L1/L2 router can share routes
with both L1 and L2 routers.
A network link is the boundary between one area and another area.
ISIS is best suited for large private networks; it supports larger networks than OSPF. ISIS is typically used
within an ISP and easily supports IPv6 routing. |
|
|
Term
Border Gateway
Protocol (BGP) |
|
Definition
BGP is an advanced distance vector protocol (also called a path vector protocol). BGP is an exterior gateway protocol
(EGP) used for routing between autonomous systems.
BGP uses paths, rules, and policies instead of a metric for making routing decisions.
BGP is a classless protocol.
Internal BGP (iBGP) is used within an autonomous system; External BGP (eBGP) is used between autonomous
systems.
BGP is the protocol used on the Internet; ISPs use BGP to identify routes between autonomous systems. Very
large networks can use BGP internally, but typically share routes on the Internet only if the AS has two (or more)
connections to the Internet through different ISPs. |
|
|
Term
| commonly used methods for optimizing network routing include |
|
Definition
Administrative distance values
Route summarization
Redundant default gateway routers |
|
|
Term
|
Definition
is a number assigned to a source of routing information (such as a static route or a specific routing protocol).
The router uses this value to select the source of information to use when multiple routes to a destination exist. A smaller number indicates a
more trusted route. T |
|
|
Term
| router uses the following criteria |
|
Definition
can use multiple routing protocols to learn about routes to other network
1. If a router has learned of two routes to a single network through different routing protocols (such as RIP and OSPF), it will choose the route with
the lowest administrative distance (OSPF in this example).
2. If a router has learned of two routes through the same protocol (e.g., two routes through EIGRP), the router will choose the route that has the best
cost as defined by the routing metric (for EIGRP, the link with the highest bandwidth and least delay will be used). |
|
|
Term
|
Definition
groups contiguous networks that use the same
routing path, advertising a single route as the destination for the grouped subnets. Keep in mind that summarization:
Reduces the size of the routing table. A single route to the summarized network takes the place of multiple routes to individual subnets.
Speeds convergence. The accessibility of each subnet address is indicated by the accessibility of the summarized address.
Retains all necessary routing information, so all networks are still reachable after summarization |
|
|
Term
| Route summarization Can happen in one of two ways: |
|
Definition
Automatic
With automatic summarization, the router identifies adjacent networks and calculates the summarized route.
Autosummarization is supported on classless and classful routing protocols.
Autosummarization uses the default class boundary to summarize routes.
RIP (version 1 and version 2) and EIGRP support autosummarization; OSPF does not.
For RIPv2 and EIGRP, you can disable automatic summarization.
Manual With manual summarization, an administrator identifies the summarized route to advertis |
|
|
Term
|
Definition
With virtual servers, multiple instances of a server operating system are run on a single physical computer. You can migrate
servers on older hardware to newer computers or add virtual servers to computers with extra unused hardware resources. |
|
|
Term
|
Definition
strategies include:
Making multiple desktops available on the same local workstation host. This implementation is very useful when
testing an application on multiple platforms.
Implementing multiple desktops on one physical server host and allowing all end users to access those virtual
desktops remotely.
All of the user desktops are provided as virtual machines from this one hypervisor server.
The user des |
|
|
Term
|
Definition
allow virtual servers and desktops to communicate with each other. Using the host operating system, virtual
networks can allow communication to network devices out on the physical network. The following are possible components
of virtual networks:
Virtual switches allow multiple virtual servers and desktops to communicate on virtual network segments and the
physical network. Virtual switches are often configured in the hypervisor.
Virtual network adapters are created and assigned to a desktop or server in the hypervisor.
Multiple network adapters can be assigned to a single virtual machine.
Each network adapter has its own MAC address.
Each network adapter is configured to connect to only one network at a time (i.e., a virtual network or the
physical network, but not both). |
|
|
Term
|
Definition
s allow you to move businesscritical networking and other ITrelated components to another physical
location. This implementation requires minimal hardware at the physical site. Examples of offsite virtual networks include:
An offsite datacenter, where a contracted vendor manages the hardware and software to provide the virtual network
that is accessed by the end users
A virtual PBX, where a virtual phone system handles call routing, voicemail, and conference calling.
A PBX is typically implemented as dedicated hardware within an organization and can be quite expensive.
A virtual PBX takes calls internally at the service provider's site and routes them to the correct employee on
the contracted site |
|
|
Term
Network as a
Service (NaaS) |
|
Definition
s similar to the offsite virtual network, in that all of the servers and desktops are virtualized and managed by a
contracted third party.
NaaS virtualizes the entire network infrastructure. No physical wiring is needed, because the network infrastructure
is virtual, and the network is run at the service provider's site.
A basic network is implemented on the contracted site in order to get out to the service provider's site.
Typically, all administration tasks of the network are handled by the service provider. |
|
|
Term
Virtual network
interfaces |
|
Definition
Within each virtual machine, you can configure one or more virtual network interfaces, which function in much the same
manner as physical network interfaces. Virtual interfaces use Ethernet standards to transmit and receive frames on the
network. The operating system within the virtual machine must have the appropriate driver installed to support the virtual
network interface, just as with a physical network interface. When you configure a virtual network interface within a virtual machine's configuration, you can specify:
The type of physical network interface to emulate. This allows for the best possible driver support by the operating
system within the virtual machine.
A MAC address. Most hypervisors automatically assign a MAC address to each virtual network interface. However,
some hypervisors allow you to use a custom MAC address, if needed.
The network to connect to. Most hypervisors allow you to define many different virtual networks. When you
configure a virtual network interface, you will select which virtual network you want it to be connected to. |
|
|
Term
|
Definition
A virtual switch allows one virtual machine to communicate with another in much the same way that a physical switch allows
physical hosts to communicate with each other. Virtual switches are typically implemented in two ways:
As software that is integrated within the hypervisor. This is sometimes called softwaredefined networking (SDN). Within the firmware of the hypervisor hardware.
A virtual switch functions in the same manner as a physical switch. After initially coming online, a virtual switch floods each
frame it receives until it builds a table that identifies which MAC addresses are connected to each port. When the table is
done, the switch can intelligently forward frames to the port where the destination host is connected |
|
|
Term
|
Definition
Most virtual switch implementations support VLANs. You can define VLANs within the virtual switch and associate specific
hosts with a specific VLAN. However, because virtual hosts are not physically connected to the switch with cables, VLAN
membership is defined within the configuration of each virtual machine.
The VLAN configuration of most virtual switches is compatible with the VLAN configuration used by most hardware
switches. This allows VLAN information to be trunked from the virtual switch to switches on the physical network, enabling
a VLAN to span both physical and virtual networks. |
|
|
Term
|
Definition
You can use virtualization technology to create virtual routers. To do this, a router must support Virtual Routing and
Forwarding (VRF) technology. VRF allows a router to host multiple routing tables simultaneously.
A physical router can support only a single network on each router interface. However, a virtual router can support multiple
networks on each router interface. A different routing table is used for each network. This is useful in situations where
multiple virtual networks exist on the same physical network. As with physical routers, a routing protocol is used by the
virtual router to route data between networks. |
|
|
Term
|
Definition
Virtualized hosts are susceptible to the same network exploits as physical network hosts and need to be protected by a
firewall. Protecting communications between virtual hosts is challenging because the data never leaves the virtual network, so
it can't be protected with a physical firewall. One strategy for protecting virtual machines with a firewall is to route virtual
machinetovirtual machine traffic out of the virtual network and onto the physical network, where a physical firewall can be
used to filter the traffic. A better strategy is to implement a virtual firewall within the hypervisor itself to monitor and filter
traffic on the virtual network as it flows between virtual machines. |
|
|
Term
|
Definition
occurs when you configure VLANs that span multiple switches .
In this example, each switch has two VLANs configured, with one port on each VLAN. Workstations in VLAN 1 can only communicate
with other workstations in VLAN 1. This means that workstations connected to the same switch in this example cannot communicate directly
with each other. Communications between workstations within each VLAN must pass through the trunk link to the other switch.
Access ports are connected to endpoint devices (such as workstations), while trunk ports are connected to other switches.
An access port can be a member of only a single VLAN.
Trunk ports are members of all VLANs on the switch by default.
Any port on a switch can be configured as a trunk port.
By default, trunk ports carry traffic for all VLANs between switches. However, you can reconfigure a trunk port so that it carries only specific
VLANs on the trunk link. |
|
|
Term
| what happens when trunking is used |
|
Definition
frames that are sent over a trunk port are tagged with the VLAN ID number so the receiving switch knows which
VLAN the frame belongs to. In VLAN tagging:
Tags are appended by the first switch in the path and removed by the last.
Only VLANcapable devices understand the frame tag.
Tags must be removed before a frame is forwarded to a nonVLAN capable device. |
|
|
Term
| trunking protocol defines |
|
Definition
the process that switches use to tag frames with a VLAN ID. One widely implemented trunking protocol is the
IEEE 802.1Q standard, which supports a wide range of switches from many device manufacturers. 802.1Q supports VLAN numbers 1
through 4094. |
|
|
Term
|
Definition
frames from the default VLAN are not tagged, but frames from all other VLANs are tagged. For example, suppose
VLAN 1 is the default VLAN on a switch (the default setting on most Cisco switches). In this configuration, any frame on VLAN 1 that is
placed on a trunk link will not be assigned a VLAN tag. If a switch receives a frame on a trunk port that doesn't have a VLAN tag, the
frame is automatically put onto VLAN 1.
When using switches from multiple vendors in the same network, be sure that each device supports the 802.1Q standard. |
|
|
Term
| VLAN Trunking Protocol (VTP) |
|
Definition
simplifies VLAN configuration on a multiswitch network by propagating configuration changes
between switches. For VTP to work, the switches must be connected by trunk links. |
|
|
Term
| VTP, server mode switches are configured in one server mode |
|
Definition
| e is used to modify the VLAN configuration. The switch then advertises VTP information to other switches in the network |
|
|
Term
VTP, server mode switches are configured in one
client mode |
|
Definition
e receives changes from a VTP server switch and passes that information on to other switches. Changes cannot be made to the
local VLAN configuration on a client switch. |
|
|
Term
VTP, server mode switches are configured in one
transparent mod |
|
Definition
e allows for local configuration of VLAN information, but it does not update its configuration with information from
other switches. Likewise, local VLAN information is not advertised to other switches. However, VTP information received on the network is passed
on to other switches.
use transparent mode. |
|
|
Term
| Enables trunking on the interface |
|
Definition
| Switch(configif)#switchport mode trunk |
|
|
Term
Configures an interface as an access port, which disables trunking on the interface (if it was
previously configured) |
|
Definition
| Switch(configif)#switchport mode access |
|
|
Term
| Sets the trunking protocol to 802.1Q |
|
Definition
Switch(configif)#switchport trunk
encapsulation dot1q |
|
|
Term
| Allows the trunking protocol to be negotiated between switches |
|
Definition
Switch(configif)#switchport trunk
encapsulation negotiate |
|
|
Term
Configures the VLAN that sends and receives untagged traffic on the trunk port when the
interface is in 802.1Q trunking mode |
|
Definition
Switch(configif)#switchport trunk native vlan
[vlan_id] |
|
|
Term
| Defines which VLANs are allowed to communicate over the trunk |
|
Definition
Switch(configif)#switchport trunk allowed
vlan all
Switch(configif)#switchport trunk allowed
vlan add [vlan_id] |
|
|
Term
| Removes a VLAN from a trunk link |
|
Definition
Switch(configif)#switchport access vlan
[number] |
|
|
Term
Shows interface trunking information with the following:
Mode
Encapsulation
Trunking status
VLAN assignments |
|
Definition
Switch#show interface trunk
Switch#show interface fa0/1 trunk |
|
|
Term
SW1 and SW2, are connected through their respective Gi0/1 interfaces. The following commands configure
a trunk link between the switches |
|
Definition
SW1>ena
SW1#conf t
SW1(config)#int gi 0/1
SW1(configif)#switchport mode trunk
SW2>ena
SW2#conf t
SW2(config)#int gi 0/1
SW2(configif)#switchport mode trunk |
|
|
Term
tools you
can use to check the health of your network
Logs |
|
Definition
Logs contain a record of events that have occurred on a system. Logging capabilities are built into operating systems, services, and
applications. Log entries are generated in response to changes in configuration, system state, or network conditions.
By default, some logging is enabled and performed automatically. To gather additional information, you can usually
enable more extensive logging.
Many systems have logs for different purposes, such as a system log for operating system entries, a security log for
security related entries, and an application log (also called a performance log) for events related to specific services and
processes, such as connections from a web server.
Logging requires system resources (processor, memory, and disk). You should only enable additional logging based on
information you want to gather, and you should disable logging after you obtain the information you need.
Logs must be analyzed to be useful; only by looking at the logs will you be able to discover problems. Depending on the
log type, additional tools might be available to analyze logs for patterns.
syslog is a standard for managing and sending log messages from one computer system to another. syslog can analyze
messages and notify administrators of problems or performance. |
|
|
Term
The following table lists some tools you
can use to check the health of your network:
Load tester |
|
Definition
r simulates a load on a server or service. For example, the load tester might simulate a large number of client
connections to a website, test file downloads for an FTP site, or simulate large volumes of email. Use a load tester to make sure
that a system has sufficient capacity for expected loads. It can even estimate failure points where the load is more than the system
can handle. |
|
|
Term
The following table lists some tools you
can use to check the health of your network:
Throughput
tester |
|
Definition
measures the amount of data that can be transferred through a network or processed by a device (such as the
amount of data that can be retrieved from a disk in a specific period of time). On a network, a throughput tester sends a specific
amount of data through the network and measures the time it takes to transfer that data, creating a measurement of the actual
bandwidth. Use a throughput tester to validate the bandwidth on your network and to identify when the bandwidth is significantly
below what it should be.
A throughput tester can help you identify when a network is slow, but will not give you sufficient information to identify
why it is slow. |
|
|
Term
The following table lists some tools you
can use to check the health of your network:
Packet
sniffer |
|
Definition
A packet snifer is special software that captures (records) frames that are transmitted on the network. Use a packet sniffer to:
Identify the types of traffic on a network.
View the exchange of packets between communicating devices. For example, you can capture frames related to DNS and
view the exact exchange of packets for a specific name resolution request.
Analyze packets sent to and from a specific device.
View packet contents.
A packet sniffer is typically run on one device with the intent of capturing frames for all other devices on a subnet. Using a packet
sniffer in this way requires the following configuration changes:
By default, a NIC will only accept frames addressed to itself. To enable the packet sniffer to capture frames sent to other
devices, configure the NIC in promiscuous mode (sometimes called pmode). In pmode, the NIC will process every
frame it sees. When using a switch, the switch will forward packets only to the switch port that holds a destination device. When your
packet sniffer is connected to a switch port, it will not see traffic sent to other switch ports. To configure the switch to
send all frames to the packet sniffing device, configure port mirroring on the switch; all frames sent to all other switch
ports will be forwarded on the mirrored port.
If the packet sniffer is connected to a hub, it will already see all frames sent to any device on the hub. |
|
|
Term
The following table lists some tools you
can use to check the health of your network:
Protocol
Analyzer |
|
Definition
special type of packet sniffer that captures transmitted frames. A protocol analyzer is a passive device in
that it copies frames and allows you to view frame contents but does not allow you to capture, modify, and retransmit frames
(activities that are used to perform an attack). Use a protocol analyzer to:
Check for specific protocols on the network, such as SMTP, DNS, POP3, and ICMP.
Find devices that might be using restricted protocols (such as ICMP) or legacy protocols (for example IPX/SPX
or NetBIOS)
Analyze traffic that might be sent by attackers
Identify frames that might cause errors.
Determine which flags are set in a TCP handshake
5/12/2016 TestOut LabSim
http://cdn.testout.com/clientv5110341/startlabsim.html?culture=enus 2/2
Protocol
Analyzer
Detect many malformed or fragmented packets
Examine the data contained within a packet.
Identify users that are connecting to unauthorized websites
Discover cleartext passwords allowed by protocols or services
Identify unencrypted traffic that includes sensitive data
Troubleshoot communication problems or investigate the source of heavy network traffic.
A protocol analyzer shows the traffic that exists on the network and the source and destination of that traffic. It does not
tell you if the destination ports on a device are open unless you see traffic originating from that port. For example, seeing
traffic addressed to port 80 of a device does not automatically mean the firewall on that device is open or that the device
is responding to traffic directed to that port.
When using a protocol analyzer, you can filter the frames so that you see only the frames with information of interest.
Filters can be configured to show only frames or packets to or from specific addresses, or frames that include specific
protocol types.
A capture filter captures only the frames identified by the filter. Frames not matching the filter criteria will not be
captured.
A display filter shows only the frames that match the filter criteria. Frames not matching the filter criteria are still
captured, but are not shown.
The results of a capture can be saved in order to analyze frames at a later time or on a different device. |
|
|
Term
|
Definition
most routers and switches send logging messages to a logging process. Many servers, especially Linux or UNIX servers, do this
as well
example
*Aug 8 11:18:12.081: %LINEPROTO5UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down |
|
|
Term
|
Definition
| This facility is used by all services associated with system security or authorization |
|
|
Term
|
Definition
This facility accepts log messages from the cron and at services, which are used to automatically run tasks on the
system. |
|
|
Term
|
Definition
| This facility is used by system services (called daemons) that do not have their own dedicated facility. |
|
|
Term
|
Definition
| This facility is used for all Linux kernel log messages. |
|
|
Term
|
Definition
| This facility handles messages from the printing subsystem |
|
|
Term
|
Definition
| This facility is used for log messages from the mail MTA service running on the system. |
|
|
Term
|
Definition
| This facility is used for internal messages from the syslog service itself. |
|
|
Term
|
Definition
| This facility is used for userrelated log messages (such as failed login attempts). |
|
|
Term
|
Definition
| These facilities can be used to capture log messages from your own applications that you develop. |
|
|
Term
|
Definition
7 (Debug): Debug information
6 (Information): Informational messages
5 (Notice): Issues of concern that do not represent a problem
4 (Warning): Issues that, if not addressed, could become a problem.
3 (Error): Nonurgent errors that need to be addressed when possible.
2 (Critical): Serious errors in secondary subsystem that should be addressed immediately.
1 (Alert): Serious errors in primary subsystem that should be addressed immediately.
0 (Emergency): Errors that will cause the system to become unusable. |
|
|
Term
|
Definition
Provides a mnemonic to help the administrator quickly identify the nature of the message. In this example:
UPDOWN: |
|
|
Term
|
Definition
Provides a description of the event. In this example:
Line protocol on Interface FastEthernet0/0, changed state to down |
|
|
Term
| Cisco devices key things to know about Cisco syslog |
|
Definition
it is impractical to visit each device to view log messages. Instead,
you can configure your
to redirect logging to a syslog server somewhere in the network. By doing this, all log messages from
all devices can be consolidated and viewed from a single location. |
|
|
Term
| Enables the message logging process. |
|
Definition
|
|
Term
| Specifies the host IP address or hostname of the syslog server that will receive the messages |
|
Definition
(config)#logging host
[address]
(config)#logging host
[hostname] |
|
|
Term
| Specifies that the messages are to be buffered. |
|
Definition
|
|
Term
Specifies which messages will be redirected to the syslog server based on severity. Messages at or numerically lower
than the specified level are logged. System logging message severity levels includ |
|
Definition
{Emergencies | 0} System unusable
{Alerts | 1} Immediate action needed
{Critical | 2} Critical conditions
{Errors | 3} Error conditions
{Warnings | 4} Warning conditions
{Notifications | 5} Normal but significant conditions
{Informational | 6} Informational messages only
{Debugging | 7} Debugging messages
(config)#logging trap
[severitylevel]
(config)#logging trap
[07] |
|
|
Term
|
Definition
command will send level 0 to level 6 system messages to the syslog server. On
some servers and IOS versions, the device also buffers the messages |
|
|
Term
| Specifies the source IP address of system logging packets |
|
Definition
(config)#logging sourceinterface
[type]
[number] |
|
|
Term
| Displays logging settings on the device, as well as the number of messages logged. |
|
Definition
|
|
Term
example, the router is configured to redirect log messages with a severity level of 4 and lower to a syslog server with an IP
address of 17.17.8.200 |
|
Definition
Router(config)#logging on
Router(config)#logging host 172.17.8.200
Router(config)#logging trap 4 |
|
|
Term
Log redirection can be accomplished on Linux (and UNIX) servers and workstations in the network as well. To do this, you must complete
the following tasks |
|
Definition
. Open /etc/syslog.conf in a text editor.
2. Add the following line to the beginning of the file: *.* @IP_address_of_loghost.
For example, to redirect all messages to a log server host with an IP address of 192.168.1.10, you would enter *.* @192.168.1.10.
3. Save the file and exit your edito.
4. Restart the syslogd daemon. |
|
|
Term
To configure a Linux or UNIX system to function as a syslog server that accepts log messages from other devices, you must do the
following: |
|
Definition
1. In a text editor, open /etc/sysconfig/syslog.
2. Locate to the SYSLOGD_PARAMS directive and set it to a value of –r.
3. Save the changes and exit the file.
4. Restart the syslogd daemon |
|
|
Term
| Simple Network Management Protocol (SNMP) |
|
Definition
is designed for managing complex networks. SNMP lets network hosts exchange
configuration and status information. This information can be gathered by management software and used to monitor and manage the
network. |
|
|
Term
SNMP uses the following components:
Manager |
|
Definition
is the computer used to perform management tasks. The manager queries agents and gathers responses by sending
messages |
|
|
Term
SNMP uses the following components:
Agent |
|
Definition
is a software process that runs on managed network devices. The agent communicates information to the manager
and can send dynamic messages to the manager. |
|
|
Term
SNMP uses the following components:
Management
Information
Base (MIB) |
|
Definition
is a database of host configuration information. Agents report data to the MIB, and the manager can then view
information by requesting data from the MIB. Object identifiers (OIDs) specify managed objects in a MIB hierarchy |
|
|
Term
SNMP uses the following components:
Trap |
|
Definition
| is an event configured on an agent. When the event occurs, the agent logs details regarding the event. |
|
|
Term
SNMP uses the following components:
Get |
|
Definition
| is a message sent from a management system, requesting information about a specific OID |
|
|
Term
SNMP uses the following components:
Walk |
|
Definition
| uses GETNEXT messages to navigate the structure of an MIB. |
|
|
Term
SNMP uses the following components:
Alert |
|
Definition
can be configured so that when an event occurs (e.g., a trap), a message will be sent via email or SMS (text
message |
|
|
Term
|
Definition
Agents and the manager are configured to communicate with each other using
identifies a group
of devices under the same administrative control
is not a password but simply a value configured on each device.
Devices with different community names are unable to send SNMP messages to each other. |
|
|
Term
ireless network design process is composed of the following steps
Gather
network
requirements |
|
Definition
Meet with all stakeholders and decision makers to discuss the implementations and gather detailed information. For example,
you should:
Identify the intended use of the wireless network.
Identify the location of wireless service areas.
Anticipate the number of wireless devices to be supported in each area.
Discuss future network needs so that you can plan for expansion.
Discuss data encryption and network security requirements. |
|
|
Term
Clearly
identify
expectations |
|
Definition
Expectations should be clearly set and managed to ensure that the network design will fulfill the criteria identified in the
previous step. Continue to meet with all stakeholders regularly throughout the process to communicate status, discuss anticipated
changes, and review expectations. Document all discussions and decisions. |
|
|
Term
Identify key
design
considerations |
|
Definition
Create an initial design document by laying out the network on paper. Identify key wireless network design considerations, such
as:
Environmental conditions.
Physical RF obstructions that could disrupt a wireless radio signal.
Dynamic RF obstructions that are transient in nature.
Future construction that could disrupt an RF signal.
Sources of RF interference, both internal and external.
The availability of mounting points for networking hardware, such as poles, suspended tile ceilings, and so on.
Estimated bandwidth utilization requirements.
Zoning and permitting requirements. This is usually only required for outdoor deployments. Check your local laws for
specific requirements.
Later, you will conduct a site survey to validate the initial design. |
|
|
Term
Conduct
initial RF
modeling and
mapping |
|
Definition
Map and model the initial RF design on paper by doing the following:
Compile all available asset information. This includes existing mounting locations, network media, and network
hardware.
Create an initial RF model. RF modeling is the process of identifying initial access point locations, assigning
frequencies, and planning power levels. |
|
|
Term
|
Definition
ou need to understand the network's bandwidth requirements. To do this, identify the following:
The amount of bandwidth required in various locations.
The number of clients that will utilize this network. This is referred to as the device density.
The frequency that will be used. |
|
|
Term
| Received Signal Strength Indicator (RSSI) |
|
Definition
You can measure the strength of the
signal at a given distance from the access point by using
is measured as a
negative number; a smaller value indicates a stronger signal |
|
|
Term
|
Definition
Your initial network design may not be accurate due to environment or other conditions that you can't account for on paper. To
determine what these conditions are, you need to conduct a site survey.
Visit each location where an access point will be installed, determine what the RF environment looks like, and then set up a
temporary wireless network in the location to see how the radio signal behaves. There are several things you should do:
Inspect each mounting location identified in your initial design and ensure it is a viable location for an access point.
Document structural or environmental concerns that may disrupt the RF signal from the access point.
Verify that the access point can reach the wireless controller from the location.
For a wired backhaul, you must be able to run a wire to the controller.
For a wireless backhaul, the access point's wireless signal must be able to reach either the controller itself or
another access point that can relay it to the controller.
Assess the availability of power to and grounding for the access point.
Log the location's GPS coordinates. Use digital photos to document the location and its surrounding environment. |
|
|
Term
Wireless Site Survey
Site survey
test equipment |
|
Definition
You should bring access points to each location to test the signal quality and to identify the node density required in each area.
Your site survey kit should include:
Two access points.
Two laptops with a network performance measurement utility, such as Iperf, installed so you can evaluate the network
throughput available at each location.
A tall ladder so you can test each AP at height or close to height.
During the site survey, you will not physically install each access point. Instead, use a ladder to approximate
the AP's final mounting location for testing. In outdoor deployments, you may need to use a bucket truck
instead of a ladder to do this.
2way radios to communicate with your assistants.
A spectrum analyzer. |
|
|
Term
Wireless Site Survey
Testing
procedure |
|
Definition
The site survey test procedure involves the following tasks:
Mount
Align
Test
Move
Test
Perform a spectrum analysis |
|
|
Term
Wireless Site Survey
Goodput |
|
Definition
refers to the number of useful bits delivered from the sender to the
receiver over the wireless network connection within a specified amount of time. Errors due to lost, corrupt, or dropped
packets require retransmission and reduce the goodput of the connection. |
|
|
Term
Wireless Site Survey
Spectrum
analysis and
channel plan |
|
Definition
During the survey, you should use a spectrum analyzer at different times of day to check channel utilization and to identify
sources of RF inference at each location where you plan to deploy an access point. You can use freeware tools such as
NetStumbler or Kismet to create a snapshot of wireless spectrum usage by nearby home and business networks, along with their
proximity to your network. When you perform your spectrum analysis, you should record:
The number of other APs in the area.
Channel utilization in the 2.4 and 5.x GHz bands to aid in channel planning.
When running your spectrum analysis, you should gather data at the height where:
The AP will be installed.
User devices will be located.
A spectrum analyzer can determine the noise floor in the desired frequency range, allowing you to select the best available
wireless channel. To do this, identify the:
Received Signal Level (RSL), which identifies how strong the radio signal is at the receiver. The closer you are to the
transmitter, the stronger the RSL. The farther away you are, the lower the RSL.
Signal to Noise Ratio (SNR), which compares the level of the wireless network signal (RSL) to the level of
background noise (measured in decibels).
An SNR higher than 1:1 indicates more signal than noise, which is desirable. The farther a receiver is from a transmitter, the
lower the RSL and the SNR. If the RSL falls below the noise floor, connectivity is lost.
Using the spectrum analyzer data, develop a channel plan that will work in your environment. Be sure to identify all of the
frequencies that will be used. |
|
|
Term
Wireless Site Survey
Site survey
report |
|
Definition
Once the site survey is completed, you should create a site survey report containing:
A physical network diagram, including each access point, controller, and the media that connects them.
An RF model that includes a frequency/channel plan.
The spectrum analysis results.
A logical network diagram containing SSIDs, IP addressing, and VLAN information.
Photographs and diagrams of each access point mounting site.
A list of structural modifications required to build the network.
A list of alternate mounting locations (if necessary).
A list of equipment that must be purchased.
A cost estimate for equipment and labor |
|
|
Term
Wireless Site Survey
Core network
planning |
|
Definition
Plan out the core network. You should identify the:
IP addressing scheme.
VLAN configuration.
Avoid a VLAN configuration that has a large number of wireless clients in the same VLAN, because it will likely result in an
excessive amount of broadcast traffic. To remedy this, you can
Create multiple, smaller VLANs. This will reduce broadcast traffic, but it will also require additional routers to route
traffic between VLANs.
Implement VLAN pooling. In this configuration, each wireless client is randomly assigned a VLAN from a pool of
VLANs on the same SSID. This strategy automatically partitions a single broadcast domain into multiple VLANs.
Use this information to create a logical network diagram that can be used during the actual deployment of the wireless network. |
|
|
Term
Wireless Site Survey
Node density
and spacing |
|
Definition
Using the network diagram you have created, identify:
How many wireless controllers are needed.
How many access points are needed. What media needs to be implemented.
Use this information to generate an equipment list. If you think spare devices will be needed, account for them in the list. |
|
|
Term
Moblie Device Management
Request Process |
|
Definition
Mobile devices will usually contain confidential information, thereby creating a security risk for an organization. To control
the risk, an organization should control who is issued a device and what information is put on the device |
|
|
Term
Moblie Device Management
Asset tracking
and inventory
control |
|
Definition
Because mobile devices are not tied to a physical location, asset tracking and inventory control are very important. At a
minimum, you should track the following for each device owned by your organization:
The make and model number of the device
The device serial number
The operating system version number
The date the device was purchased and the vendor it was purchased from
The endofwarranty date for the device
The vendor providing support for the device
The employee to whom the device has been issued
There are many mobile endpoint management solutions that can be implemented to automate asset tracking and inventory
control processes. Most of these solutions can also use the following technologies to track the physical location of your
mobile devices:
The Global Position System (GPS) can track the location of GPSenabled devices to within a meter. WiFi triangulation can track the location of devices in heavilypopulated urban areas to within a few meters,
depending upon the number of networks in range and the accuracy of their signal strength data.
Cell phone tower triangulation can track the location of devices to within a kilometer, depending upon the signal
strength and number of cell towers within range.
IP address resolution is much less accurate than the other options, tracking the location of devices to within roughly
20 kilometers |
|
|
Term
Moblie Device Management
Acceptable use |
|
Definition
The acceptable use policy should define personal use and afterhours use. Irresponsible, illegal, or malicious use of the device
could leave an organization liable for damages if such use is not prohibited by a policy. |
|
|
Term
Moblie Device Management
Authentication |
|
Definition
| All devices should be accessible only after a password, PIN, or gesture has been supplied by the user. |
|
|
Term
Moblie Device Management
Unused features |
|
Definition
Just as with a desktop or server system, you should disable or uninstall unused features on mobile devices. Unused features or
services can expose threat vectors into the device |
|
|
Term
Moblie Device Management
Storage
segmentation |
|
Definition
Consider segmenting personal data from organizational data on mobile devices. This storage strategy allows:
Encryption to be applied only to sensitive organizational data on the device.
Only organizational data to be removed during a remote wipe, preserving personal data. |
|
|
Term
Moblie Device Management
Reporting
system |
|
Definition
A procedure to immediately report the loss of a device will enable the device to be disabled quickly and reduce the chance of
confidential information being compromised. |
|
|
Term
bring your own device (BYOD)
Malware
propagation
If a user's tablet or phone has been infected with malware, then the
infection can be spread when they connect their device to your
organization's network. |
|
Definition
Consider implementing a network access control (NAC) solution that remediates devices before
allowing them to connect to your network.
Alternatively, consider implementing a guest
wireless network that is isolated from your
organization's production network. Userowned
devices can connect to this network to gain Internet
access but are quarantined from the rest of your
organization's production network. |
|
|
Term
bring your own device (BYOD)
Loss of
control of
sensitive
data
If a user copies sensitive data to their device, your organization could
potentially lose control of that information. Even the question of who
owns the data after it has been copied to the personal device becomes
problematic. Consider the following scenarios:
The user may not have implemented appropriate security
settings on their device, allowing anyone who gains access to
the device to view the sensitive data.
The user may lose the device, allowing anyone who finds it to
access the sensitive data.
The device may become infected with malware, potentially
exposing the sensitive data. |
|
Definition
Implement an acceptable use policy that defines
what kind of data is allowed on personallyowned
devices and what kind of data is prohibited.
Information classification labels can be useful
when implementing this policy.
Consider requiring personal devices to be enrolled
into a mobile device management infrastructure,
such as Microsoft Intune, to enforce mobile device
security policies. |
|
|
Term
bring your own device (BYOD)
If a user is so inclined, they could use their mobile device to conduct a
malicious insider attack. For example, they could:
Use the builtin camera, which nearly all modern mobile
devices have, to take pictures of sensitive internal information.
Use the builtin microphone to record conversations.
Use the builtin video function to record proprietary processes
and procedures.
Use the device's mobile broadband connection to transfer
stolen data to parties outside the organization, bypassing the
organization's network security mechanisms. |
|
Definition
Implement an acceptable use policy that:
Specifies where and when mobile devices
can be possessed within the organization.
For example, the possession of mobile
devices may be prohibited in high security
areas.
Notifies users that personallyowned
devices are subject to random searches if
brought on site. |
|
|
Term
bring your own device (BYOD)
Device
management
If a user brings a personallyowned device on site, then the question of
who is responsible for managing the device needs to be clearly
identified. Responsibility for the following needs to be defined:
Operating system updates
App updates
Antimalware installation
Antimalware definition updates |
|
Definition
Relying on the end user to implement these updates
is unwise. Instead, consider implementing a
network access control (NAC) solution that
remediates devices before allowing them to
connect to your network. |
|
|
Term
bring your own device (BYOD)
Support
If a user brings a personallyowned device on site, then the question of
who will provide support for the device and the apps used on the
device needs to be clearly identified. Will the organization's help desk
provide support, or must the user depend upon support provided by the
device manufacturer? |
|
Definition
Implement an acceptable use policy that specifies:
Where users can get support for
personallyowned mobile devices. Which apps are allowed for use with
organizational data. Where users can get support for these
apps. |
|
|
Term
intrusion detection system
Response capability
A passive IDS |
|
Definition
logs, and detects security breaches but takes no action to stop or prevent the attack. A passive
IDS:
Can send an alert, but it is the network administrator's job to interpret the degree of the threat and to respond
accordingly.
Might perform shunning, which simply drops offending traffic without additional actions.
Cannot be detected on the network because it takes no detectible action |
|
|
Term
intrusion detection system
Response capability
active IDS |
|
Definition
(also called an intrusion protection system or IPS) performs the functions of an IDS but can also react
when security breaches occur. An IPS:
Can automate responses, which may include dynamic policy adjustment and reconfiguration of supporting
network devices to block the offending traffic.
Can terminate sessions by using the TCPRST command. It can also terminate or restart other processes on the
system.
Performs behaviors that can be seen by anyone watching the network. Usually these actions are necessary to
block malicious activities or discover the identity of an intruder. Updating filters and performing reverse lookups
are common behaviors of an active IDS. |
|
|
Term
intrusion detection system
Detection
scope
hostbased IDS (HIDS) |
|
Definition
is installed on a single host and monitors all traffic coming into the host. A HIDS:
Is used to detect attacks that are unique to the services on the system. It can monitor application activity and
modifications, as well as local system files, logon audit files, and kernel audit files.
Is typically unaware of other devices on the network, but it can be detected and become the target of an attack
itself.
May rely on the auditing and logging capabilities of the operating system.
Can analyze encrypted traffic (because services running on the host decrypt the traffic).
Antivirus software is the most common form of a hostbased IDS. |
|
|
Term
intrusion detection system
Detection
scope
A networkbased IDS (NIDS) |
|
Definition
is a dedicated device installed on the network. It analyzes all traffic on the network. A
NIDS is:
Typically implemented as part of a firewall device acting as a router. When a NIDS is implemented as a
standalone device, all traffic must be directed to the device using one of the following strategies:
Connect the IDS and other devices using a hub. The IDS will then see all traffic sent to all devices on
the subnet.
Connect the IDS to a switch, and enable spanning or diagnostic capabilities on the switch port to
forward all traffic to that switch port.
Use a tap to connect the IDS directly to the network medium.
Mostly unaware of individual hosts on the network. It cannot be detected by attacking systems.
Suited for detecting and blocking port scanning and DoS attacks.
Unable to analyze encrypted traffic. |
|
|
Term
you can also catch threats to your network by performing regular monitoring with common
network tools which are? |
|
Definition
Use a packet sniffer to examine network traffic.
Use a port scanner to check for open ports on a system or a firewall.
Run security scanning software on each system to detect malware or other security vulnerabilities (such as opened ports, weak passwords, or missing
operating system patches)
Keep operating systems and applications up to date with the latest patches. Download the most recent signature files to protect against attacks.
Monitor system logs for unusual activity that could indicate an attempted (or successful) attack. |
|
|
Term
|
Definition
t is the process of identifying the weaknesses in a system or network. Attackers take advantage of vulnerabilities in
order to gain access to information or networks to which they are not authorized. An administrator performs vulnerability assessment in
order to plug security holes and provide a more secure network. |
|
|
Term
|
Definition
r is a software program that passively searches an application, computer, or network for weaknesses,
such as:
Open ports
Active IP addresses
Running applications or services
Missing critical patches
Default user accounts that have not been disabled
Default or blank passwords
Misconfigurations
Missing security controls
A vulnerability scanner:
Should be updated regularly to include the latest known vulnerabilities.
Is the least intrusive method to check the environment for known software flaws (port scanners and penetration
testers are potentially more intrusive; protocol analyzers cannot check for known software flaws).
Can be used to scan again after a security hole has been patched in order to verify that the vulnerability has been
removed and the system is secure.
There are several security tools that can be used for vulnerability scanning.
Nessus is a comprehensive vulnerability assessment tool.
Microsoft Baseline Security Analyzer (MBSA) is used to evaluate security vulnerabilities in Microsoft products.
Retina Vulnerability Assessment Scanner is used to remotely scan an organization's network for vulnerabilities |
|
|
Term
|
Definition
is a tool that probes systems for open ports. The most common use of a port scanner is to perform a TCP SYN
scan.
A port scanner performs a twoway handshake (also called a halfopen scan), which does not complete the TCP
threeway handshake process (the TCP session is not established).
Devices that respond have ports that are in a listening state.
The port scan output is a combination of the IP address and port number separated by a colon (e.g., 192.168.0.1:x,
where x is the port number) for both the source and the destination of the port scan.
Nmap is a common port scanner. |
|
|
Term
|
Definition
is a tool that discovers devices on the network and displays the devices in a graphical representation.
Network mappers typically use a ping scan to discover devices and a port scanner to identify open ports on those devices.
Many port scanners are technically network mappers. |
|
|
Term
|
Definition
is a tool that performs cryptographic attacks on passwords. Use a password cracker to identify weak
passwords and passwords protected with weak encryption. Common password cracking tools include the following:
John the Ripper
Cain and Abel
L0phtcrack (also called LC6) |
|
|
Term
Open
Vulnerability
and Assessment
Language
(OVAL) |
|
Definition
nd Assessment Language is an international standard for testing, analyzing, and reporting the
security vulnerabilities of a system.
OVAL is cosponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland
Security.
OVAL regulates the proper XML format for describing and documenting system vulnerabilities.
Each vulnerability, configuration issue, program, or patch that might be present on a system is called a definition.
OVAL repositories are like libraries or databases that contain multiple definitions |
|
|
Term
|
Definition
also called a screened subnet, is a buffer network (or subnet) that sits between the private network and an
untrusted network (such as the Internet).
Publicly accessible resources (servers) are placed inside the screened subnet. Examples of publicly accessible resources include web, FTP, or email
servers.
Packet filters on the outer firewall allow traffic directed to the public resources inside the DMZ. Packet filters on the inner firewall prevent
unauthorized traffic from reaching the private network.
If the firewall managing traffic into the DMZ fails, only the servers in the DMZ are subject to compromise. The LAN is protected by default. When designing the outer firewall packet filters, a common practice is to close all ports and open only those ports necessary for accessing the public
resources inside the DMZ.
Typically, firewalls allow traffic originating in the secured internal network into the DMZ and through to the Internet. Traffic that originates in the
DMZ (low security area) or the Internet (no security area) should not be allowed access to the intranet (high security area). |
|
|
Term
| The DMZ is created using the following configurations |
|
Definition
Configure two firewall devices: one connected to the public network and one connected to the private network.
Configure a single device with three network cards: one connected to the public network, one connected to the private network, and one
connected to the screened subnet.
Configure a single device with two network cards: one connected to the public network and another connected to a private subnet
containing hosts that are accessible from the private network. Configure proxy ARP so the public interface of the firewall device responds
to ARP requests for the public IP address of the device. |
|
|
Term
| There are two types of firewalls that you can implemen |
|
Definition
routed firewall, is also a Layer 3 router. In fact, many hardware routers include firewall functionality. Transmitting data through this type of
firewall counts as a router hop. A routed firewall usually supports multiple interfaces, each connected to a different network segment.
A transparent firewall, also called a virtual firewall, operates at Layer 2 and is not seen as a router hop by connected devices. Both the internal and
external interfaces on a transparent firewall connect to the same network segment. Because it is not a router, you can easily introduce a transparent
firewall into an existing network |
|
|
Term
access control lists (ACLs) to manage incoming or outgoing traffic. You should be familiar with the following characteristics
of an ACL |
|
Definition
ACLs describe the traffic type that will be controlled.
ACL entries:
Describe traffic characteristics.
Identify permitted and denied traffic.
Can describe a specific traffic type, or allow or restrict all traffic.
When created, an ACL usually contains an implicit deny any entry at the end of the list.
Each ACL applies only to a specific protocol.
Each router interface can have up to two ACLs for each protocol: one for incoming traffic and one for outgoing traffic. When an ACL is applied to an interface, it identifies whether the list restricts incoming or outgoing traffic.
Each ACL can be applied to more than one interface. However, each interface can have only one incoming and one outgoing list.
ACLs can be used to log traffic that matches the list statements.
Many hardware routers, such as those from Cisco, also provide a packet filtering firewall. These devices are frequently used to fill both network
roles (router and firewall) at the same time. |
|
|
Term
| When you create an ACL on a Cisco device |
|
Definition
a deny any statement is automatically added at the end of the list (this statement does not
appear in the list itself). For a list to allow any traffic, it must have at least one permit statement that either permits a specific traffic type or
permits all traffic not specifically restricted. |
|
|
Term
|
Definition
Standard ACLs:
Can filter only on source hostname or host IP address.
Should be placed as close to the destination as possible.
Use the following number ranges:
1–99
1300–1999 |
|
|
Term
|
Definition
Extended ACLs:
Can filter by:
Source IP protocol (IP, TCP, UDP, etc.)
Source hostname or host IP address
Source or destination socket number
Destination hostname or host IP address
Precedence or TOS values
Should be placed as close to the source as possible.
Use the following number ranges:
100–199
2000–2699 |
|
|
Term
|
Definition
uses switch ports to define a broadcast domain. When you define a VLAN, you assign devices on different switch
ports to a separate logical (or virtual) LAN. Although a switch can support multiple VLANs, each switch port can be assigned to only one
VLAN at a time |
|
|
Term
| what is used to route VLAN traffic |
|
Definition
VLAN IDs:
Are appended to the header of each frame.
Allow switches to identify which VLAN the frame belongs to.
Are used for interswitch traffic.
VLAN IDs are only understood by switches. VLAN IDs are added and removed by switches, not the clien |
|
|
Term
| Creating VLANs with switches offers many administrative benefits. You can |
|
Definition
Create virtual LANs based on criteria other than physical location (such as workgroup, protocol, or service).
Simplify device moves (devices are moved to new VLANs by modifying the port assignment).
Control broadcast traffic and create collision domains based on logical criteria.
Control security (isolate traffic within a VLAN).
Loadbalance network traffic (divide traffic logically rather than physically).
VLANs are commonly used with Voice over IP (VoIP) to separate voice traffic from data traffic. Traffic on the voice VLAN can be given a higher
priority to ensure timely delivery |
|
|
Term
Authentication to wireless networks
Open |
|
Definition
Open authentication requires that clients provide a MAC address in order to connect to the wireless network.
You can use open authentication to allow any wireless client to connect to the AP. Open authentication is typically used on
public networks.
You can implement MAC address filtering to restrict access to the AP to only known (or allowed) MAC addresses.
Because MAC addresses are easily spoofed, this provides little practical security. |
|
|
Term
Authentication to wireless networks
Shared
key |
|
Definition
With shared key authentication, clients and APs are configured with a shared key (called a secret or a passphrase). Only devices with
the correct shared key can connect to the wireless network.
All APs and all clients use the same authentication key.
Use shared key authentication on small, private networks.
Shared key authentication is relatively insecure, as hashing methods used to protect the key can be easily broken. |
|
|
Term
Authentication to wireless networks
802.1x |
|
Definition
802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients.
Originally designed for Ethernet networks, the 802.1x standards have been adapted for use in wireless networks to provide secure
authentication. 802.1x authentication requires the following components:
A RADIUS server to centralize user account and authentication information. A centralized database for user authentication is
required to allow wireless clients to roam between cells but authenticate using the same account information.
A PKI for issuing certificates. At a minimum, the RADIUS server must have a server certificate. To support mutual
authentication, each client must also have a certificate.
Use 802.1x authentication on large, private networks. Users authenticate with unique usernames and passwords. |
|
|
Term
Security for wireless networking is provided from the following standard
Wired
Equivalent
Privacy (WEP) |
|
Definition
WEP is an optional component of the 802.11 specifications that was deployed in 1997. WEP was designed to provide wireless
connections with the same security as wired connections. WEP has the following weaknesses:
A static preshared key (PSK) is configured on the AP and the client and cannot be dynamically changed or
exchanged without administration. As a result, every host on large networks usually uses the same key.
Because key values are short and don't change, the key can be captured and easily broken.
When using WEP, use open authentication. Shared key authentication with WEP uses the same key for both
encryption and authentication, exposing the key to additional attacks. |
|
|
Term
Security for wireless networking is provided from the following standards:
WiFi
Protected
Access (WPA) |
|
Definition
WPA is the implementation name for wireless security based on initial 802.11i drafts that was deployed in 2003. It was
intended to be an intermediate measure to take the place of WEP while a fully secured system (802.11i) was prepared. WPA:
Uses Temporal Key Integrity Protocol (TKIP) for encryption.
Supports both preshared key (WPAPSK or WPA Personal) and 802.1x (WPA Enterprise) authentication.
Can use dynamic keys or preshared keys.
Can typically be implemented in WEPcapable devices through a software/firmware update.
WPA keys can also be predicted by reconstructing the Message Integrity Check (MIC) of an intercepted packet,
sending the packet to an AP, and observing whether the packet is accepted by the AP. |
|
|
Term
Security for wireless networking is provided from the following standard
WiFi
Protected
Access 2
(WPA2) or
802.11i |
|
Definition
WPA2 is the implementation name for wireless security that adheres to the 802.11i specifications. It was deployed in 2005. It
is built upon the idea of Robust Secure Networks (RSN). Like WPA, it resolves the weaknesses inherent in WEP; it is intended
to eventually replace both WEP and WPA. WPA2:
Uses Advanced Encryption Standard (AES) as the encryption method. It is similar to (yet more secure than) TKIP but
requires special hardware for performing encryption
Uses Counter Mode with CBCMAC Protocol (CCMP), also known as AESCCMP.
Supports both preshared key (WPA2PSK or WPA2 Personal) and 802.1x (WPA2 Enterprise) authentication.
Can use dynamic keys or preshared keys.
WPA2 has the same advantages over WEP as WPA. While WPA2 is more secure than WPA, its main disadvantage is
that it requires new hardware for implementation. |
|
|
Term
| transmitting data on a wireless network security things know |
|
Definition
it's important to know if the channel you are using is encrypted. Information sent on unencrypted
channels, where no security is being used, can be easily intercepted and viewed. If needed, IPsec can be used to provide security when sending
information on an unencrypted channel. |
|
|
Term
|
Definition
Change the
administrator
account name and
password
Change SSID
from default
Update the
firmware
Enable the
firewall on the
AP
Disable DHCP
Enable MAC
address filtering
Reduce RF
emanations- Signals produced by electronic devices that extend beyond their intended area are called emanation leaks. These leaks can be
captured and analyzed by someone with the proper equipment. Emanations are produced by almost all electronic devices and
come in several forms:
Radio signals from wireless networks
Electromagnetic signals from copper network cables and computer monitors
Sounds or vibrations from computer equipment or users (e.g., someone typing on a keyboard)
For a wireless network, there are several things you can do to contain RF emanations.
Select the appropriate antennas for your wireless implementation and ensure that they have proper orientation.
Use a directional antenna, which broadcasts the signal in a specific direction, on outside walls to prevent
signals from emanating outside the building.
In the center of your building, it's probably safe to use an omnidirectional antenna, which disperses the
signal in a 360degree pattern.
Instead of using a single AP with a highstrength signal, use multiple APs with lowerstrength signals.
5/13/2016 TestOut LabSim
http://cdn.testout.com/clientv5110341/startlabsim.html?culture=enus 3/3
Use a wireless analyzer to identify locations of RF emanation leaks. If a leak is found, consider moving the
offending AP or reducing its signal strength.
If your network handles highly sensitive data, consider implementing TEMPEST methods and standards to shield
against emanation leaks |
|
|
Term
|
Definition
are built by Bridges and switches
A forwarding database is a list of Layer 2 MAC addresses, with the port used to reach each
device. Bridges and switches automatically learn about devices to build the forwarding database, but a network administrator can also
program the device database manually. |
|
|
Term
ame arrives on a switch port (also called an interface), the switch examines the source and
destination address in the frame header and uses the information to complete the following tasks: |
|
Definition
1. The switch examines the source
MAC address of the frame and notes
which switch port the frame arrived
on.
2. The switch examines the
destination MAC address of the
frame. |
|
|
Term
the result of
The switch examines the source
MAC address of the frame and notes
which switch port the frame arrived
on. |
|
Definition
If the source MAC address is:
Not in the switch's Content Addressable Memory (CAM) table, a new entry is added to the table
that maps the source device's MAC address to the port on which the frame was received. Over
time, the switch builds a map of the devices that are connected to specific switch ports.
Already mapped to the port on which the frame was received, no changes are made to the
switch's CAM table.
Already in the switch's CAM table, but the frame was received on a different switch port, the
switch updates the record in the CAM table with the new port. |
|
|
Term
the result of
The switch examines the
destination MAC address of the
frame. |
|
Definition
If the destination MAC address of the frame is:
A broadcast address, then the switch sends a copy of the frame to all connected devices on all
ports. This is called flooding the frame.
A unicast address, but no mapping exists in the CAM table for the destination address, the
switch floods the frame to all ports. The connected device that the frame is addressed to will
accept and process the frame. All other devices will drop the frame.
A unicast address and mapping exists in the CAM table for the destination address, the switch
sends the frame to the switch port specified in the CAM table. This is called forwarding the
frame.
A unicast address and mapping exists in the CAM table for the destination address, but the
destination device is connected to the same port from which the frame was received, the switch
ignores the frame and does not forward it. This is called filtering the frame. |
|
|
Term
Switch config.
Interface
Configuration |
|
Definition
The switch has multiple interface modes, depending on the physical (or logical)
interface type. For this course, you should be familiar with the following switch
interface modes:
Ethernet (10 Mbps Ethernet)
FastEthernet (100 Mbps Ethernet)
GigabitEthernet (1 GB Ethernet)
VLAN
The VLAN interface configuration mode is used to configure the switch IP
address, and for other management functions. It is a logical management
interface configuration mode, rather than the physical interface configuration
modes used for the FastEthernet and GigabitEthernet ports.
Switch(configif)# |
|
|
Term
Switch config.
Configvlan |
|
Definition
Details of the configvlan mode include the following:
It can be used to perform all VLAN configuration tasks.
Changes take place immediately.
Do not confuse the configvlan mode with the VLAN interface configuration
mode.
Switch(configvlan)# |
|
|
Term
Switch config.
VLAN
Configuration |
|
Definition
Details of the VLAN configuration mode include the following:
It allows you to configure a subset of VLAN features.
Changes do not take effect until you save them, either before or while exiting
the configuration mode.
Changes are not stored in the regular switch configuration file.
For most modern Cisco switches, it is recommended that you configure
VLAN parameters from configvlan mode, as VLAN configuration mode is
being deprecated (phased out).
Switch(vlan)# |
|
|
Term
Switch config.
Line
Configuration |
|
Definition
Use this mode to configure parameters for the terminal line, such as the console,
Telnet, and SSH lines.
Switch(configline)# |
|
|
Term
| Moves to interface configuration mode |
|
Definition
switch(config)#interface FastEthernet 0/14
switch(config)#interface GigabitEthernet 0/1 |
|
|
Term
| Moves to configuration mode for a range of interfaces |
|
Definition
switch(config)#interface range fastethernet 0/14 24
switch(config)#interface range gigabitethernet 0/1 4
switch(config)#interface range fa 0/1 4 , 7 10
switch(config)#interface range fa 0/8 - 9 , gi 0/1 - 2 |
|
|
Term
| Sets the port speed on the interface |
|
Definition
switch(configif)#speed 10
switch(configif)#speed 100
switch(configif)#speed 1000
switch(configif)#speed auto |
|
|
Term
| Sets the duplex mode on the interface |
|
Definition
switch(configif)#duplex half
switch(configif)#duplex full
switch(configif)#duplex auto |
|
|
Term
| Enables or disables the interface |
|
Definition
switch(configif)#no shutdown
switch(configif)#shutdown |
|
|
Term
| Shows the interface status of all ports |
|
Definition
| switch#show interface status |
|
|
Term
| Shows the line and protocol status of all ports |
|
Definition
| switch#show ip interface brief |
|
|
Term
| some facts about switch configuration |
|
Definition
All switch ports are enabled (no shutdown) by default.
Port numbering on some switches begins at 1, not 0. For example, FastEthernet 0/1 is the first FastEthernet port on a switch.
Through autonegotiation, the 10/100/1000 ports configure themselves to operate at the speed of attached devices. If the attached ports do not
support autonegotiation, you can explicitly set the speed and duplex parameters.
Some switches always use the storeandforward switching method. On other models, you may be able to configure the switching method.
If the speed and duplex settings are set to auto, the switch will use autoMDIX to sense the cable type (crossover or straightthrough) connected to
the port and will automatically adapt itself to the cable type used. When you manually configure the speed or duplex setting, it disables autoMDIX,
so you need to be sure you use the correct cable.
By default, the link speed and duplex configurations for Ethernet interfaces in Cisco devices are set using IEEE 802.3u autonegotiation. The
interface negotiates with remote devices to determine the correct settings. However, autonegotiation can be disabled on the Cisco device and other
Ethernet network hosts, and static values can be manually assigned. Devices with autonegotiation enabled will try to negotiate link speed and
duplexing but will get no response. When autonegotiation fails, Cisco devices that have autonegotiation enabled default to the following:
The interface will attempt to sense the link speed, if possible. If it cannot, the slowest link speed supported on the interface is used (usually
10 Mbps).
If the link speed selected is 10 Mbps or 100 Mbps, halfduplex is used. If it is 1000 Mbps, fullduplex is used. |
|
|
Term
Switch troubleshooting managing switches
Collisions |
|
Definition
A collision occurs when two devices that share the same media segment transmit at the same time. In a switched network,
collisions should only occur on ports that have more than one device attached (such as a hub with workstations connected to it).
To eliminate collisions, connect only a single device to each switch port. For example, if a hub is connected to a switch
port, replace it with another switch.
If collisions are still detected, troubleshoot cable and NIC issues. |
|
|
Term
Switch troubleshooting managing switches
Duplex
mismatch |
|
Definition
A duplex mismatch occurs when two devices are using different duplex settings. In such a case, one device will try to transmit
using full duplex, while the other will expect half duplex communications. By default, devices are configured to use autonegotiation
to detect the correct duplex setting to use. If a duplex method cannot be agreed upon, devices default to half duplex.
A duplex mismatch can occur in the following cases:
Both devices are configured to use different duplex settings.
Autonegotiation does not work correctly on one device.
One device is configured for autonegotiation and the other device is manually configured for full duplex.
Symptoms of a duplex mismatch include very slow network communications. Ping tests might appear to complete
correctly, but normal communications work well below the expected speeds, even for half duplex communications. |
|
|
Term
Switch troubleshooting managing switches
Slow link
speed |
|
Definition
Most network components are capable of supporting multiple network specifications. For example, a NIC might support 10BaseT,
100BaseTX, and 1000BaseT. By default, these devices use the maximum speed supported by all devices on the network.
Do the following if the speed of a segment is lower than expected (for example, 10 Mbps instead of 100 Mbps, or 100 Mbps
instead of 1000 Mbps):
Check individual devices to verify that they all support the higher speed.
Check individual devices to see if any have been manually configured to use the lower speed.
Use a cable certifier to verify that the cables meet the rated speeds. Bad cables are often the cause of 1000BaseT
networks operating at only 100BaseTX speeds. |
|
|
Term
Switch troubleshooting managing switches
Switching
loop |
|
Definition
occurs when there are multiple active paths between two switches. Switching loops lead to incorrect entries in a
MAC address table, making a device appear to be connected to the wrong port; this causes unicast traffic to be circulated in a loop
between switches.
The Spanning Tree Protocol (STP) ensures that only one path between switches is active at any given time. STP is usually
enabled by default on switches to prevent switching loops. |
|
|
Term
Switch troubleshooting managing switches
Broadcast
storm |
|
Definition
is excessive broadcast traffic that renders normal network communications impossible. The following can cause
broadcast storms:
Switching loops that cause broadcast traffic to be circulated endlessly between switches
Denial of Service (DoS) attacks
To reduce broadcast storms, do the following:
Run STP to prevent switching loops
Implement switches with builtin broadcast storm detection, which limits the bandwidth that broadcast traffic can use
Use VLANs to create separate broadcast domains on switches |
|
|
Term
Switch troubleshooting managing switches
Incorrect
VLAN
membership |
|
Definition
VLANs create logical groupings of computers based on switch port. Because devices on one VLAN cannot communicate directly
with devices in other VLANs, incorrectly assigning a port to a VLAN can prevent a device from communicating through the
switch.
VLAN membership is defined by switch port, not by MAC address. Connecting a device to a different switch port could
change the VLAN membership of the device. On the switch, verify that ports are assigned to the correct VLANs and that
any unused VLANs are removed from the switch. |
|
|
Term
Switch troubleshooting managing switches
Frame
errors |
|
Definition
The switch examines incoming frames and will only forward frames that are complete and correctly formed; invalid frames are
simply dropped. Most switches include logging capabilities to track the number of corrupt or malformed frames. The following
are common causes of frame errors:
Frames that are too long are typically caused by a faulty network card that jabbers (constantly sends garbage data).
Frames that are too short are typically caused by collisions.
CRC errors indicate that a frame has been corrupted in transit.
All types of frame errors can be caused by faulty cables or physical layer devices. |
|
|
Term
| Network optimization has two main goals: |
|
Definition
Provide redundancy of services or devices so that network access can continue in the event of a failure of one or more components.
Redundancy to provide access is often called fault tolerance.
High availability is when a network or a service is up and accessible most of the time.
Uptime is the percent of time the network or service is up and accessible.
2. Improve the response and performance of network services or devices. |
|
|
Term
|
Definition
g (also called NIC teaming), two or more physical connections to the same network are logically grouped
(or bonded). Data is divided and sent on multiple interfaces, effectively increasing the speed at which the device can send and
receive on the network.
On an Ethernet network, a device must have multiple NICs connected to different switch ports.
The host operating system must be configured to bond the network adapters into a single entity.
The switch ports must be bonded together to recognize both ports as a valid destination for the same device.
Bonding primarily provides increased performance, although some fault tolerance is provided if one NIC goes down. Similar
solutions allow you to bond multiple dialup connections or ISDN channels together. |
|
|
Term
|
Definition
is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The
spanning tree protocol (STP) runs on each switch and is used to select a single path between any two switches.
Without STP, switches that are connected together with multiple links would form a switching loop.
Spanning tree provides only a single active path between switches. Switch ports that are part of that path are placed in a
forwarding state.
Switch ports that are part of redundant but unused paths are placed in a blocking (nonforwarding) state. When an active path goes down, STP automatically recovers and activates the necessary backup ports to provide
continued connection between devices.
Spanning tree provides fault tolerance in case a switch port or network segment is broken, but it does not provide increased
performance (only one path is active at a time). |
|
|
Term
|
Definition
configures a group of servers in a logical group (called a server farm). Incoming requests to the group are
distributed to individual members within the group. Incoming requests can be distributed evenly or unevenly between group
members based on additional criteria such as server capacity.
The primary goal of load balancing is to improve performance by configuring multiple devices to respond as one. Load
balancing also provides fault tolerance if the load balancing mechanism is able to detect when a specific farm member is
unavailable, automatically distributing new requests to the available members |
|
|
Term
|
Definition
is the process of saving previously acquired data for quick retrieval at a later time. With caching, data is stored in
memory or on disk within a network device, where it can quickly be retrieved when needed. Recalling the data from the cache
is faster than requesting the data from the original location.
A common application of a caching engine on a network is a proxy server configured to cache web content. The proxy server is
placed close to the users, typically within the same local area network. As users visit websites, content is retrieved from the web
servers on the Internet and is cached on the proxy server. Subsequent requests for the same website are sent by the proxy server
from cache, rather than retrieved from the Internet.
Caching engines are primarily implemented to improve performance, but they offer some degree of fault tolerance. Cached
content can be accessed even if the source device is offline.
Caching can lead to outofdate content if something has changed on the source but has not been refreshed in cache. |
|
|
Term
|
Definition
QoS refers to a set of mechanisms that try to guarantee timely delivery or minimal delay of important or timesensitive
communications. QoS is particular important when implementing Voice over IP (VoIP), Video over IP, online gaming, or
unified communications where delay or data loss make the overall experience unacceptable
n addition to delay, QoS mechanisms seek to limit the effects of packets arriving out of order, corrupt packets, and lost
or dropped packets.
Giving higher priority to some traffic means that less important traffic might be delayed. It is assumed that while the
delay might make the end user wait, the delay would not make the resulting data unusable. |
|
|
Term
| QoS prioritizes traffic from different data streams by using one of the following two classification systems: |
|
Definition
Class of Service (COS)
Individual frames are marked and classified at Layer 2.
A priority value between 0 and 7 is assigned to the 3bit COS field.
Each priority value specifies a specific traffic type.
0 – Best effort (default)
1 – Background
2 – Excellent effort
3 – Critical applications
4 – Video (< 100ms latency)
5 – Voice (< 10ms latency)
6 – Internetwork control
7 – Network control |
|
|
Term
| QoS might include a guaranteed level of service, usually outlined in a ServiceLevel Agreement |
|
Definition
Constant or reserved means that a certain level of service is guaranteed to always be available. This level is
only possible by reserving service, even when no data is being sent.
Variable service guarantees a certain capacity, but service might vary depending on conditions. This level of
service is sufficient for voice or video.
Available guarantees a minimum level of service. Additional capacity can be used if it is available, but only
the minimum is guaranteed.
Unspecified service provides whatever service is available with little to no guarantee. This level of service
should only be used for data that can tolerate long delays |
|
|
Term
| Differentiated Services Code Point (DSCP) |
|
Definition
Classification occurs at Layer 3.
Precedence values are inserted in the DiffServ field of an IP packet.
Up to 64 different classifications are possible, but most networks use only the following classes:
Default – Best effort
Expedited Forwarding (EF) – Low loss, low latency
Assured Forwarding (AF) – Assured delivery under prescribed conditions
Class Selector – Maintains backward compatibility with IP Precedence field |
|
|
Term
|
Definition
(also called a bandwidth shaper) is a device that is capable of modifying the flow of data through a network in
response to network traffic conditions. Specific applications for a traffic shaper include the following:
A device used with QoS ensures timely delivery of timesensitive data streams.
Bandwidth throttling to restrict the amount of data sent within a specific time period (e.g., to limit the amount of data
that can be downloaded from a website in an hour).
Rate limiting to restrict the maximum bandwidth available to a customer (used by an ISP or a WAN provider). |
|
|
Term
Multilayer
switch/content
switch |
|
Definition
Normal switching occurs at the OSI model layer 2, using the MAC address to perform frame forwarding. Switches use
specialized hardware called an applicationspecific integrated circuit (ASIC), which performs switching functions in hardware
rather than using the CPU and software. ASIC allows switches to perform the switching function at wire speed, meaning that
frames are switched without the delay that would be introduced if the CPU and software were required to process the frame.
A multilayer switch operates at other OSI model layers and can use other information within a packet to make forwarding
decisions. For example, a layer 3 switch uses the IP address for making forwarding decisions.
Layer 4–7 switches (also called content switches, web switches, or application switches) are typically used for load balancing.
The switch distributes packets between multiple servers.
Some switches can transform packets at wire speed (e.g., by performing NAT or adding/removing encryption with SSL
or digital certificates) |
|
|
Term
Common
Address
Redundancy
Protocol
(CARP) |
|
Definition
is an implementation of fault tolerance that allows multiple firewalls and/or routers on the same local network to share a
set of IP addresses. If one of the firewalls or routers fails, the shared IP address allows hosts to continue communicating with
the firewall or router without interruption. |
|
|
Term
| NIC Teaming, also known as Load Balancing/Failover (LBFO) |
|
Definition
allows multiple network adapters to function together as a single network
interface. NIC teaming can be can be used to accomplish two different purposes:
1. To provide additional bandwidth. If you configure the team so all of the NICs are active at the same time, then the system gets the aggregated
bandwidth of all the NICs in the team. For example, if you were to create a team from two 1 Gbps network cards, the server would get an
aggregated network bandwidth of 2 Gbps.
2. To provide fault tolerance. Multiple network cards are bound together into a team and are then configured so that if one interface fails, the other one
will take over for the failed interface. This helps ensure that the system remains accessible over the network in the event of a failed network
interface |
|
|
Term
| When configuring NIC teaming, keep the following in mind |
|
Definition
You need to install at least two Ethernet interfaces in the system.
The drivers used for the NICs must support teaming. Check with the hardware manufacturer to verify whether a particular driver supports teaming.
The computer's operating system must support NIC teaming.
Most versions of Windows Server support NIC teaming.
Newer versions of Windows Server support up to 32 interfaces in a single NIC team.
Most Windows workstation operating systems do not natively support NIC teaming.
Most Linux distributions support NIC teaming, but it is referred to as bonding |
|
|
Term
|
Definition
Switchdependent teaming requires the adapters in a team to be connected to the same switch. This configuration is used to
implement bandwidth aggregation. All of the NICs within the team are in an active/active state, meaning they are online and
processing frames all of the time.
You can implement switchdependent teaming in two ways:
Generic or static teaming requires that the switch and the host identify the links in the team.
Link Aggregation Control Protocol (LACP) teaming uses LACP to dynamically configure the links between the host
and the switch. |
|
|
Term
|
Definition
Switchindependent teaming allows the adapters in a team to be connected to different switches. This configuration is used to
provide failover redundancy and increase the system’s availability. Using multiple NICs and switches protects the system from
a failed network card and a failed network switch. In this configuration:
The switches are not aware that the interfaces on the server are members of a NIC team.
One interface in the team operates in passive mode. It doesn't process frames unless one of the other interfaces in the
team fails. |
|
|
Term
|
Definition
providing redundant paths
between segments could cause frames to be endlessly passed between the redundant paths |
|
|
Term
|
Definition
frames to be endlessly passed between the redundant paths. This condition is known as a switching loop.
To prevent switching loops, the IEEE 802.1d committee defined the Spanning Tree Protocol (STP). With STP, one switch for each route is
assigned as the designated bridge. Only the designated bridge can forward packets. Redundant switches are assigned as backups |
|
|
Term
| The spanning tree protocol: |
|
Definition
Eliminates loops.
Provides redundant paths between devices.
Enables dynamic role configuration.
a single active path between two switches at
any given time. If that active link goes down, it can sometimes take 30 seconds or more for STP to detect that the link has gone down before
it activates a redundant link.
Recovers automatically from a topology change or device failure.
Identifies the optimal path between any two network devices. |
|
|
Term
| spanning tree protocol uses a spanning tree algorithm (STA) |
|
Definition
to calculate the best loopfree path through a network by assigning a role to
each bridge or switch. The bridge role determines how the device functions in relation to other devices and whether the device forwards
traffic to other segments |
|
|
Term
|
Definition
root bridge is the master, or controlling, bridge.
There is only one root bridge in the network. The root bridge is the logical center of the spanning tree topology in a
switched network.
The root bridge is determined by the switch with the lowest bridge ID (BID):
The bridge ID is composed of two parts—a bridge priority number and the MAC address assigned to the switch.
The default priority number for all switches is 32,768. This means the switch with the lowest MAC address
becomes the root bridge unless you customize the priority values.
You can manually configure the priority number to force a specific switch to become the root switch.
The root bridge periodically broadcasts configuration messages. These messages are used to select routes and reconfigure
the roles of other bridges, if necessary.
All ports on a root bridge forward messages to the network |
|
|
Term
|
Definition
A designated bridge is any other device that participates in forwarding packets through the network.
They are selected automatically by exchanging bridge configuration packets.
To prevent bridge loops, there is only one designated bridge per segment. |
|
|
Term
|
Definition
All redundant devices are classified as backup bridges.
They listen to network traffic and build the bridge database. However, they will not forward packets.
They can take over if the root bridge or a designated bridge fails. |
|
|
Term
| Bridge Protocol Data Units (BPDUs) |
|
Definition
special packets
sent to and received from other bridges are
used to determine bridge roles and port states, verify that neighbor devices are still functioning, and recover from network topology changes. |
|
|
Term
| During the negotiation process and normal operations, each switch port is in one of the following states: Disabled |
|
Definition
A port in the disabled state is powered on but does not participate in forwarding or listening to network messages. A bridge must
be manually placed in the disabled state. |
|
|
Term
| During the negotiation process and normal operations, each switch port is in one of the following states:Blocking |
|
Definition
When a device is first powered on, its ports are in the blocking state. Backup bridge ports are always in the blocking state. Ports in
a blocking state receive packets and BPDUs sent to all bridges, but they will not process any other packets. |
|
|
Term
| During the negotiation process and normal operations, each switch port is in one of the following states: Listening |
|
Definition
The listening state is a transitory state between blocking and learning. The port remains in the listening state for a specific period
of time. This time period allows network traffic to settle down after a change has occurred. For example, if a bridge goes down,
all other bridges go into the listening state for a period of time. During this time the bridges redefine their roles |
|
|
Term
| During the negotiation process and normal operations, each switch port is in one of the following states:Learning |
|
Definition
A port in the learning state receives packets and builds the bridge database (associating MAC addresses with ports). A timer is also
associated with this state. The port goes to the forwarding state after the timer expires. |
|
|
Term
| During the negotiation process and normal operations, each switch port is in one of the following states:Forwarding |
|
Definition
The root bridge and designated bridges are in the forwarding state when they can receive and forward packets. A port in the
forwarding state can learn and forward. All ports of the root switch are in the forwarding state. |
|
|
Term
During the configuration process, ports on each switch are configured as one
Root port |
|
Definition
The port on a designated switch with the lowest port cost back to the root bridge is identified as the root port.
Each designated switch has a single root port (a single path back to the route bridge).
Root ports are in the forwarding state.
The root bridge does not have a root port. |
|
|
Term
During the configuration process, ports on each switch are configured as on
Designated
port |
|
Definition
One port on each segment is identified as the designated port. The designated port identifies which port on the segment is allowed
to send and receive frames.
All ports on the root bridge are designated ports (unless the switch port loops back to a port on the same switch).
Designated ports are selected based on the lowest path cost to get back to the root switch. Default IEEE port costs include
the following:
10 Mbps = 1000
100 Mbps = 19
1 Gbps = 4
10 Gbps = 2
If two switches have the same cost, the switch with the lowest priority becomes the designated switch, and its port the
designated port.
If two ports have the same cost, the port on the switch with the lowest port ID becomes the designated port.
The port ID is derived from two numbers—the port priority and the port number.
The port priority ranges from 0–255, with a default of 128.
The port number is the number of the switch's port. For example, the port number for Fa0/3 is 3. With the default port priority setting, the lowest port number becomes the designated port.
Designated ports are used to send frames back to the root bridge.
Designated ports are in the forwarding state. |
|
|
Term
During the configuration process, ports on each switch are configured as on
Blocking
port |
|
Definition
| A blocking port is any port that is not a root or a designated port. A blocking port is in blocking state. |
|
|
Term
| Devices participating in the spanning tree protocol use the following process to configure themselves |
|
Definition
1. At startup, switches send BPDUs out each port.
2. Switches read the bridge ID contained in the BPDUs to elect (identify) a single root bridge (the device with the lowest bridge ID). All the ports on
the root bridge become designated ports.
3. Each switch identifies its root port (the port with the lowest cost back to the root bridge).
4. Switches on redundant paths identify a designated switch for each segment. A designated port is also identified on each designated switch.
5. Remaining switch ports that are not root or designated ports are put in the blocking state to eliminate loops.
6. After configuration, switches periodically send BPDUs to ensure connectivity and discover topology changes. |
|
|
Term
Sets the spanning tree mode
Switch(config)#spanningtree
mode {pvst | rapidpvst} |
|
Definition
PVST+ (Per VLAN Spanning Tree Protocol), also known as PVSTP, is a Cisco proprietary protocol used
on Cisco switches.
Rapid PVST+ is Cisco's proprietary version of Rapid STP, which is based on the 802.1w standard.
PVST+ and Rapid PVST+ are the same except that Rapid PVST+ uses a rapid convergence based on the
802.1w standard. To provide rapid convergence, Rapid PVST+ deletes learned MAC address entries on a
perport basis after receiving a topology change. |
|
|
Term
| Forces the switch to be the root of the spanning tree. |
|
Definition
Switch(config)#spanningtree
vlan [14094] root
primary |
|
|
Term
| Manually sets the cost. The cost range value depends on the pathcost calculation method: |
|
Definition
Switch(config)#spanningtree
vlan [14094] cost [1
200000000]
For the short method the range is 1 to 65536.
For the long method the range is from 1 to 200000000. |
|
|
Term
Manually sets the bridge priority number:
Switch(config)#spanning
tree vlan [14094]
priority [061440] |
|
Definition
The priority value ranges between 0 and 61440.
Each switch has the default priority of 32768.
Priority values are set in increments of 4096. If you enter another number, your value will be rounded to
the closest increment of 4096, or you will be prompted to enter a valid value.
The switch with the lowest priority number becomes the root bridge. |
|
|
Term
| Disables spanning tree on the selected VLAN |
|
Definition
Switch(config)#no
spanningtree vlan [1
4094] |
|
|
Term
Shows spanning tree configuration information, including the following:
Switch#show spanningtree |
|
Definition
Root bridge priority and MAC address
The cost to the root bridge
Local switch bridge ID and MAC address
The role and status of all local interfaces
The priority and number for each interface
To verify that spanning tree is working, look for an entry similar to the following for each VLAN:
Spanning tree enabled protocol ieee |
|
|
Term
Shows information about the root bridge for a specific VLAN. Information shown includes:Switch#show spanningtree
vlan [14094] root |
|
Definition
The root bridge ID, including the priority number and the MAC address
The cost to the root bridge from the local switch
The local port that is the root port |
|
|
Term
Switch#show spanningtree
vlan [14094] bridge |
|
Definition
Shows spanning tree configuration information about the local switch for the specified VLAN. Information includes
the local bridge ID, including the priority and MAC address. |
|
|
Term
| Shortest Path Bridging (SPB) |
|
Definition
has been developed to eventually
replace STP. SPB is a routing protocol defined in the IEEE 802.1aq standard that adds routing functions to Layer 2 switching. SPB uses a
linkstate routing protocol to allow switches to learn the shortest paths through a switched Ethernet network and to dynamically adjust those
paths as the topology changes, just like a Layer 3 router does.
ddresses this issue by applying Layer 3 routing protocols to Layer 2 switches. This allows those switches to actually route Ethernet
frames between switches, just as Layer 3 protocols route packets between routers. By doing this, SPB allows multiple links between switches
to be active at the same time without creating a switching loop. This functionality is designed to eliminate the time lag associated with failed
links managed by STP. If a link between switches goes down on a network that uses SPB, the frames can be immediately rerouted to the
destination segment by using redundant links between switches that are already active and able to forward frames. |
|
|
Term
|
Definition
combines multiple ports on a Cisco switch into a single, logical link between two switches. With EtherChannel
You can combine 28 ports into a single link.
All links in the channel group are used for communication between the switches.
Bandwidth between switches is increased.
Automatic redundant paths between switches are established. If one link fails, communication will still occur over the other links in the group.
Spanning tree convergence times are reduced.
Each channel group has its own number. All ports assigned to the same channel group will be viewed as a single logical link. |
|
|
Term
Cisco switches can use the following protocols for EtherChannel configuration:
Port Aggregation
Protocol (PAgP) |
|
Definition
l prevents loops, limits packet loss due to misconfigured channels, and aids in network reliability.
PAgP operates in the following modes:
Auto places the port into a passive negotiating state and forms an EtherChannel if the port receives PAgP packets. While in this mode, the port does not initiate the negotiation.
Desirable places the port in a negotiating state to form an EtherChannel by sending PAgP packets. A channel is
formed with another port group in either the auto or desirable mode. |
|
|
Term
Cisco switches can use the following protocols for EtherChannel configuration:
Link Aggregation
Control Protocol
(LACP) |
|
Definition
l is based on the 802.3ad standard and has similar functions to PAgP. LACP is used when
configuring EtherChannel between Cisco switches and nonCisco switches that support 802.3ad. LACP operates in the
following modes:
Passive places the port into a passive negotiating state and forms an EtherChannel if the port receives LACP
packets. While in this mode, the port does not initiate the negotiation.
Active places the port in a negotiating state to form an EtherChannel by sending LACP packets. A channel is
formed with another port group in either the active or passive mode. |
|
|
Term
| Selects the EtherChannel protocol on the interface cmd |
|
Definition
Switch(configif)#channelprotocol lacp
Switch(configif)#channelprotocol pagp |
|
|
Term
| Selects the PAgP mode on the interface cmd |
|
Definition
Switch(configif)#channelgroup [18] mode auto
Switch(configif)#channelgroup [18] mode
desirable |
|
|
Term
| Selects the LACP mode on the interface cmd |
|
Definition
Switch(configif)#channelgroup [18] mode active
Switch(configif)#channelgroup [18] mode
passive |
|
|
Term
| Disables EtherChannel on the interfacecmd |
|
Definition
| Switch(configif)#no channelgroup [18] |
|
|
Term
| Displays EtherChannel details on the switch cmd |
|
Definition
|
|
Term
Displays EtherChannel information for a channel, with a one line summary per channel
group
cmd |
|
Definition
| Switch#show etherchannel summary |
|
|
Term
Switch>ena
Switch#conf t
Switch(config)#int range gi 0/1 2
Switch(configifrange)#channelprotocol pagp
Switch(configifrange)#channelgroup 5 mode desirable |
|
Definition
The following commands configure GigabitEthernet 0/1 and 0/2 interfaces to actively initiate the negotiation of an EtherChannel with the
PAgP protocol and a channel group of 5 |
|
|
Term
Switch>ena
Switch#conf t
Switch(config)#int range ga 0/1 4
Switch(configifrange)#channelprotocol lacp
Switch(configifrange)#channelgroup 3 mode passive
Switch(configifrange)#duplex full |
|
Definition
The following commands configure FastEthernet 0/1 through 0/4 interfaces to form an EtherChannel with the LACP protocol if the other
device actively initiates the EtherChannel connection: |
|
|
Term
| Use the following guidelines to troubleshoot an EtherChannel configuration: |
|
Definition
Make sure that all ports in an EtherChannel use the same protocol (PAgP or LACP):
If the channelgroup command is used with the desirable option on one switch (PAgP), the other switch must use either desirable or
auto.
If the channelgroup command is used with the active option (LACP), the other switch must use either active or passive.
Verify that all ports in the EtherChannel have the same speed and duplex mode. LACP requires that the ports operate only in fullduplex mode.
Check the channel group number. A port cannot belong to more than one channel group at the same time.
Verify that all ports in the EtherChannel have the same access VLAN configuration or are VLAN trunks with the same allowable VLAN list and the
same native VLAN.
Check the spanning tree configuration. If you do not configure EtherChannel, the spanning tree algorithm will identify each link as a redundant path
to the other bridge and will put one of the ports in a blocking state.
Check the port type and number. You can configure an LACP EtherChannel with up to 16 Ethernet ports of the same type. Up to eight ports can be
active, and up to eight ports can be in standby mode.
Be sure to enable all ports in an EtherChannel. A port in an EtherChannel that is disabled using the shutdown interface configuration command is
treated as a link failure, and its traffic is transferred to one of the remaining ports in the EtherChannel.
Do not configure more than 6 EtherChannels on one switch. |
|
|
