1 / 60

Lesson 1: Local Area Network (LAN) Technologies

Lesson 1: Local Area Network (LAN) Technologies. LAN encapsulations Ethernet Token Ring FDDI IEEE 802.11. LAN Encapsulations. Delimitation Protocol identification Addressing Bit-level integrity check. Ethernet. Ethernet II IEEE 802.3 IEEE 802.3 SNAP. Ethernet II. Preamble.

ayita
Download Presentation

Lesson 1: Local Area Network (LAN) Technologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Lesson 1: Local Area Network (LAN) Technologies • LAN encapsulations • Ethernet • Token Ring • FDDI • IEEE 802.11

  2. LAN Encapsulations • Delimitation • Protocol identification • Addressing • Bit-level integrity check

  3. Ethernet • Ethernet II • IEEE 802.3 • IEEE 802.3 SNAP

  4. Ethernet II Preamble Destination Address Source Address EtherType ... 46 - 1,500 bytes Payload Frame Check Sequence

  5. The Maximum Extent Ethernet Network 2500 meters Repeater A B Slot time = 57.6ms

  6. IEEE 802.3 Frame Format Preamble Start Delimiter Destination Address IEEE 802.3 Header Source Address Length DSAP IEEE 802.2 LLC Header SSAP Control Payload . . . IEEE 802.3 Trailer Frame Check Sequence

  7. IEEE 802.3 SNAP Frame Format Preamble Start Delimiter Destination Address IEEE 802.3 Header Source Address Length DSAP = 0xAA IEEE 802.2 LLC Header SSAP = 0xAA Control = 0x03 Organization Code = 0x00-00-00 SNAP Header EtherType = 0x08-00 IP Datagram 38-1,492 bytes . . . IEEE 802.3 Trailer Frame Check Sequence

  8. Special Bits on Ethernet MAC Addresses Destination Address Source Address 0 - Individual 1 - Group 0 - Universal Admin 1 - Local Admin 0 - No Routing 1 - Routing Present 0 - Universal Admin 1 - Local Admin

  9. IEEE 802.5 Frame Format Start Delimiter Access Control Frame Control IEEE 802.5 Header Destination Address Source Address DSAP IEEE 802.2 LLC Header SSAP Control Payload . . . Frame Check Sequence End Delimiter IEEE 802.5 Trailer Frame Status

  10. IEEE 802.5 SNAP Frame Format Start Delimiter Access Control Frame Control IEEE 802.5 Header Destination Address Source Address DSAP = 0xAA IEEE 802.2 LLC Header SSAP = 0xAA Control = 0x03 Organization Code = 0x00-00-00 SNAP Header EtherType = 0x08-00 IP Datagram . . . Frame Check Sequence End Delimiter IEEE 802.5 Trailer Frame Status

  11. Special Bits on Token Ring MAC Addresses Destination Address 0 - Functional 1 - Nonfunctional 0 - Universal Admin 1 - Local Admin 0 - Individual 1 - Group Source Address 0 - Universal Admin 1 - Local Admin 0 - No Routing 1 - Routing Present

  12. FDDI Frame Format Preamble Start Delimiter Frame Control FDDI Header Destination Address Source Address DSAP IEEE 802.2 LLC Header SSAP Control Payload . . . Frame Check Sequence End Delimiter FDDI Trailer Frame Status

  13. FDDI SNAP Frame Format Preamble Start Delimiter Frame Control FDDI Header Destination Address Source Address DSAP = 0xAA IEEE 802.2 LLC Header SSAP = 0xAA Control = 0x03 Organization Code = 0x00-00-00 SNAP Header EtherType = 0x08-00 IP Datagram . . . Up to 4,352 bytes Frame Check Sequence End Delimiter FDDI Trailer Frame Status

  14. IEEE 802.11 Frame Format Frame Control Duration/ID Address 1 IEEE 802.11 Header Address 2 Address 3 Sequence Control Address 4 DSAP IEEE 802.2 LLC Header SSAP Control Payload . . . IEEE 802.11 Trailer Frame Check Sequence

  15. The Frame Control Field Protocol Version Type Subtype To DS From DS More Fragments Retry Power Management More Data WEP Order

  16. IEEE 802.11 SNAP Frame Format Frame Control Duration/ID Address 1 IEEE 802.11 Header Address 2 Address 3 Sequence Control DSAP = 0xAA IEEE 802.2 LLC Header SSAP = 0xAA Control = 0x03 Organization Code = 0x00-00-00 EtherType SNAP Header = 0x08-00 IP Datagram . . . IEEE 802.11 Trailer Frame Check Sequence

  17. Lesson 2: Wide Area Network (WAN) Technologies • WAN encapsulations • Point-to-Point Protocol • Frame relay

  18. WAN Encapsulations • Delimitation • Protocol identification • Addressing • Bit-level integrity check

  19. Point-to-Point Protocol (PPP) • Data Link Layer encapsulation method • Link Control Protocol (LCP) • Network Control Protocols (NCPs)

  20. PPP Encapsulation Using HDLC Framing Flag Address Control Protocol IP Datagram Frame Check Sequence Flag = 0x7E = 0xFF = 0x03 = 0x00-21 . . . = 0x7E

  21. Typical PPP Framing Flag Protocol IP Datagram Frame Check Sequence Flag = 0x7E = 0x21 . . . = 0x7E

  22. Multilink Protocol Long Sequence Number Format Flag Protocol Beginning Fragment Bit Ending Fragment Bit Reserved Sequence Number Multilink Fragment Frame Check Sequence Flag = 0x7E = 0x3D . . . = 0x7E

  23. Multilink Protocol Short Sequence Number Format Flag Protocol Beginning Fragment Bit Ending Fragment Bit Reserved Sequence Number Multilink Fragment Frame Check Sequence Flag = 0x7E = 0x3D . . . = 0x7E

  24. Frame Relay Encapsulation for IP Datagrams Flag Address Control = 0x7E = 0x03 NLPID = 0xCC IP Datagram . . . Frame Check Sequence Flag = 0x7E

  25. Frame Relay Two-Byte Address Field DLCI C/R EA DLCI FECN BECN DE EA = 0 First byte = 0 Second byte = 1

  26. Lesson 3: Address Resolution Protocol (ARP) • Overview of ARP • ARP frame structure • ARP in Windows Server 2008 and Windows Vista • Inverse ARP • Proxy ARP

  27. Overview of ARP • Resolves the next-hop IP address of a node to its corresponding media access control (MAC) address • For direct deliveries, ARP resolves the datagram’s destination IP address • For indirect deliveries, ARP resolves the IP address of a neighboring router • ARP message exchange • Broadcast ARP Request • Unicast ARP Reply

  28. The ARP or Neighbor Cache • Table of resolved IP addresses and their corresponding MAC addresses • Checked before sending ARP Request message • Network black holes

  29. ARP Frame Structure Hardware Type Protocol Type Hardware Address Length Protocol Address Length Operation Sender Hardware Address Sender Protocol Address Target Hardware Address Target Protocol Address = 0x0800 = 6 = 4

  30. ARP in Windows Server 2008 and Windows Vista • Works in the same way as Neighbor Discovery in IP version 6 (IPv6) • Neighbor Discovery processes • Address resolution • Duplicate address detection • Neighbor unreachability detection

  31. Address Resolution Node 1 IP Address: 10.0.0.99 MAC Address: 00-60-08-52-F9-D8 Node 2 IP Address: 10.0.0.1 MAC Address: 00-10-54-CA-E1-40  ARP Request SHA: 00-60-08-52-F9-D8 SPA: 10.0.0.99 THA: 00-00-00-00-00-00 TPA: 10.0.0.1  ARP Reply SHA: 00-10-54-CA-E1-40 SPA: 10.0.0.1 THA: 00-60-08-52-F9-D8 TPA: 10.0.0.99

  32. Duplicate Address Detection • ARP Request for one’s own address • Reply received: Duplicate IP address • No reply received: Unique IP address for the network segment • Duplicate address ARP exchange • Broadcast ARP Request sent by offending node • Unicast ARP Reply sent by defending node

  33. Neighbor Unreachability Detection • Reachable if IP packets sent to the neighboring node were received and processed by the neighboring node • Exchange of ARP Request and ARP Reply messages • Indications from Transmission Control Protocol (TCP) that sent data is being acknowledged

  34. Neighbor Cache Entry States • INCOMPLETE • REACHABLE • STALE • DELAY • PROBE

  35. Inverse ARP • Used for non-broadcast multiple access (NBMA) technologies (frame relay) • MAC-level address is known, but IP address of node at the other end of the connection is not • Inverse ARP message exchange • InARP Request • InARP Reply

  36. Proxy ARP Node 1 Single Subnet Proxy ARP Device Node 2

  37. A Windows Server 2008 Remote Access Server and Proxy ARP 10.1.1.0/24 10.1.1.50 Windows Server 2008 Remote Access Server 10.1.1.8 Remote Access Client Assigned address: 10.1.1.201 Configured range: 10.1.1.200-10.1.1.254

  38. Lesson 4: Point-to-Point Protocol (PPP) • PPP overview • PPP connection process • Link Control Protocol (LCP) • PPP authentication protocols • Network Control Protocols (NCPs) • PPP over Ethernet (PPPoE)

  39. PPP Overview • A Data Link Layer encapsulation method • LCP for negotiating the Data Link Layer characteristics • NCPs for negotiating Network Layer protocols over the point-to-point connection

  40. PPP Connection Process 1. PPP configuration using LCP 2. Authentication 3. Callback 4. Protocol configuration using NCPs

  41. LCP Frame Structure Flag Address Control Protocol Code Identifier Length Data Frame Check Sequence Flag = 0x7E = 0xFF = 0x03 = 0xC0-21 LCP Frame . . . = 0x7E

  42. LCP Options Protocol Code Identifier Length Type Length Option Data = 0xC0-21 LCP Option . . .

  43. LCP Negotiations • LCP messages • Configure-Request • Configure-Nak • Configure-Reject • Configure-Ack • For Peer A and Peer B • Peer A initiates an LCP negotiation for the data to be sent by Peer B • Peer B initiates a separate LCP negotiation for the data to be sent by Peer A

  44. PPP Authentication Protocols • Password Authentication Protocol (PAP) • Challenge Handshake Authentication Protocol (CHAP) • Microsoft-CHAP version 2 (MS-CHAP v2) • Extensible Authentication Protocol (EAP)

  45. PAP • Simple, plaintext authentication protocol • PAP authentication process: 1. Connection-initiating PPP peer (the calling peer) sends a PAP Authenticate-Request message to the authenticating PPP peer (the answering peer) 2. The answering peer validates the user name and password and sends either a PAP Authenticate-Ack or PAP Authenticate-Nak message

  46. PAP Authentication Request Message Protocol Code Identifier Length Peer ID Length Peer ID Password Length Password = 0xC0-23 = 1 . . . . . .

  47. PAP Authenticate-Ack and Authenticate-Nak Messages Protocol Code Identifier Length Message Length Message = 0xC0-23 = 2 or 3 . . .

  48. CHAP • More secure authentication protocol • Provides proof of knowledge of password without sending the password • CHAP authentication process 1. The answering peer sends a CHAP Challenge message that contains a challenge string 2. The calling peer sends a CHAP Response message that contains a Message Digest-5 (MD5) hash of the CHAP session ID, the challenge string, and the user’s password 3. The answering peer verifies hash and sends a CHAP Success or CHAP Failure message

  49. CHAP Challenge or Response Messages Protocol Code Identifier Length Value Size Value Name = 0xC2-23 . . . . . .

  50. CHAP Success or Failure Messages Protocol Code Identifier Length Message = 0xC2-23 . . .

More Related