1 / 55

Bellevue University CIS 341A

Bellevue University CIS 341A. Final Review. The test. Monday, August 4, 2008 50 Question multiple choice, True/False, and fill in the blanks. You have the entire period to complete the exam. Closed book, closed notes, closed communication between students. Scoring.

fallon-pittman
Download Presentation

Bellevue University CIS 341A

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bellevue UniversityCIS 341A Final Review

  2. The test • Monday, August 4, 2008 • 50 Question multiple choice, True/False, and fill in the blanks. • You have the entire period to complete the exam. • Closed book, closed notes, closed communication between students.

  3. Scoring • 2 points for each correct answer • If the entire class gets a question wrong, it will be thrown out and 2 points will be credited to each student

  4. What to study • The review slides • Chapters 8-11 and 14 in your text • The quizzes • The lab assignments

  5. What the exam will cover • Layer 2 Switching • VLANs • Access lists • NAT • Wide Area Network Protocols

  6. Layer 2 Switching • Purposes for using switching • Used to break up collision domains • Cost-effective, resilient internetwork • Purpose for Spanning-Tree Protocol (STP) • Stops loops in layer 2 switched networks

  7. A Layer 2 Switch • Breaks up collision domains • Doesn’t break up broadcast domains

  8. Before Layer 2 Switching

  9. Switched LANs

  10. Typical Switched Designs

  11. Layer 2 Switching Provides • Hardware-based bridging using ASICs (Application Specific Integrated Circuits) • Wire speed • Low latency • Low cost

  12. Limitations of Layer 2 Switching • Layer 2 switches do not break up broadcast domains. • Layer 2 switches have no internal security.

  13. Layer 2 Switching Functions • Address Learning: Layer 2 switches remember the source hardware address of each frame received on an interface. The address is saved in the forward/filter table along with the interface number. • Forward/filter decision: When a frame is received, the switch compares the destination hardware address with the entries in the table. If a match is found, the frame is forwarded out the interface associated with that address. If a match is not found, the frame is repeated to all other interfaces. • Loop avoidance: Loops can occur if redundant connections are made between switches to improve network reliability. Spanning tree protocol turns off alternate paths until they are needed. That way, traffic has a single path from point of origin to destination.

  14. How Switches Learn Hosts’ Locations

  15. Spanning Tree Protocol • A layer 2 protocol used to prevent loops in a switched network containing redundant connections between switches. • Activates alternate paths when primary paths fail.

  16. Spanning-Tree Terms • Root port • Designated port • Port cost • Nondesignated port • Forwarding port • Block port • STP • Root Bridge • BPDU • Bridge ID • Nonroot Bridge

  17. Spanning-Tree Port States • Disabled - Administratively down • Blocking - Receive BPDUs only • Listening – Send and receive BPDUs and receive traffic • Learning – save MAC address information • Forwarding – send/receive traffic

  18. Root Bridge • A master bridge that transmits network topology control information to other bridges. • The bridge having the lowest numbered bridge ID is elected as the root bridge. • The 64 bit bridge ID consists of the priority number and MAC address value.

  19. Bridge Protocol Data Unit • Sent out on each port by each switch. • Used by other switches to elect a root bridge and block or allow traffic on ports that are connected between switches

  20. Spanning-Tree Example

  21. LAN Switch Types • Cut-through (FastForward) • FragmentFree (modified cut-through) • Store-and-forward

  22. Virtual LANs (VLANs) • Definition:A logical grouping of network users and resources connected to administratively defined ports on a switch. • Layer 2 switches break up collision domains • VLANs break up broadcast domains • Features: • Provides a level of security over a flat network • Simplify network management • Add flexibility and scalability to the network

  23. Broadcast Control • Broadcasts occur in every protocol • Bandwidth & Broadcasts • Flat network • VLANs & Broadcasts

  24. Security • Flat network problems • VLANs

  25. Flexibility & Scalability • Layer-2 switches only read frames • Can cause a switch to forward all broadcasts • VLANs • Essentially create broadcast domains • Greatly reduces broadcast traffic • Ability to add wanted users to a VLAN regardless of their physical location • Additional VLANs can be created when network growth consumes more bandwidth

  26. Flat Network

  27. VLANs

  28. Components of a VLAN • One or more VLAN capable switches • One or more VLAN capable Layer 3 switches or routers • Provide routing between VLANs

  29. VLAN Memberships • Static VLANs • Typical method of creating VLANs • Most secure • A switch port assigned to a VLAN always maintains that assignment until changed • Dynamic VLANs • Node assignment to a VLAN is automatic • MAC addresses, protocols, network addresses, etc • VLAN Management Policy Server (VMPS) • MAC address database for dynamic assignments • MAC-address to VLAN mapping

  30. Types of VLAN Links • Access link • Carries traffic for only one VLAN • Trunk link • Carries traffic for multiple VLANs

  31. Identifying VLANs (cont.)

  32. Frame Tagging • Definition: A means of keeping track of frames as they travel from VLAN to VLAN • The tag identifies the destination VLAN for the frame • The tag is added to the frame by a VLAN capable Layer 3 Switch or Router that serves as a gateway between VLANs • It is removed before the frame is sent out of the access port that is connected to the destination host

  33. VLAN ID Methods • Inter-Switch Link (ISL) • Cisco proprietary • FastEthernet & Gibabit Ethernet only • IEEE 802.1q • Must use if trunking between Cisco & non-Cisco switch

  34. Inter-Switch Link (ISL) Protocol • Definition: A means of explicitly tagging VLAN information onto an Ethernet frame • Allows VLANs to be multiplexed over a trunk line • Cisco proprietary • External tagging process

  35. VLAN Trunk Protocol (VTP) • Purpose: to manage all configured VLANs across a switch internetwork & maintain consistency • Allows an administrator to add, delete, & rename VLANs

  36. VTP Benefits • Benefits • Consistent configuration • Permits trunking over mixed networks • Accurate tracking • Dynamic reporting • Plug-and-Play • A VTP server must be created to manage VLANs

  37. VTP Modes

  38. VTP Modes of Operation • Server • Default for all Catalyst switches • Minimum one server for a VTP domain • Client • Receives information + sends/receives updates • Cannot make any changes • Transparent • Does not participate in a VTP domain but forwards VTP advertisements • Can add/delete VLANs • Locally significant

  39. Routing Between VLANs

  40. Configuring VLANs • Creating VLANs • Assigning Switch Ports to VLANs • Configuring Trunk Ports • Configuring Inter-VLAN routing

  41. Access Lists • List of conditions that Characterize Packets. • Purpose: • Used to permit or deny packets moving through the router • Permit or deny Telnet (VTY) access to or from a router • Create dial-on demand (DDR) interesting traffic that triggers dialing to a remote location

  42. Important Rules • Packets are compared to each line of the assess list in sequential order • Packets are compared with lines of the access list only until a match is made • Once a match is made & acted upon no further comparisons take place • An implicit “deny” is at the end of each access list • If no matches have been made, the packet will be discarded

  43. Types of Access Lists • Standard Access List • Filter by source IP addresses only • Extended Access List • Filter by Source IP, Destination IP, Protocol Field, Port Number • Named Access List • Another way to create standard and extended access lists. • Allows the use of descriptive names to ease network management.

  44. Application of Access Lists • Inbound Access Lists • Packets are processed after they are received and before they are routed to the outbound interface • Outbound Access Lists • Packets are processed after they are routed to the outbound interface and before they are sent • Traffic that originates in the router is not processed through an access list.

  45. Wildcard • A 32 bit binary number used to specify what part of an IP address must match precisely an access list entry and what part can be any value. • A zero must match (wild card turned off for that bit) • A one can be any value (wild card turned on for that bit)

  46. Using a Wildcard to Specify a Range of Subnets Network address = 172.16.8.0/16 Wildcard = 0.0.0.255 This wild card represents the range of IP addresses from 172.16.8.0 – 172.16.8.255

  47. Controlling VTY (Telnet) Access • Why?? • Without control, any user could Telnet to a router via VTY and try to gain access • Controlling access • Create a standard IP access list • Permitting only the host/hosts authorized to Telnet into the router • Apply the ACL to the VTY line with the access-class command

  48. Net Address Translation (NAT) • Allows private IP addresses to be represented by a smaller number of public IP addresses. • Configured in a router • Three types: • Static • Dynamic • Overloaded (Port Address Translation)

  49. Benefits of NAT • You can keep reduce the visibility of your private network. • You don’t have to change your internal IP addresses when your ISP changes your public IP address. • You can use the same private IP addresses for several different networks.

  50. Static NAT • 1 to 1 correspondence between private and public IP addresses • You must designate both addresses manually by interface

More Related