Term
|
Definition
(also called NIC teaming), two or more physical connections to the same network are logically grouped
(or bonded). Data is divided and sent on multiple interfaces, effectively increasing the speed at which the device can send and
receive on the network |
|
|
Term
|
Definition
is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The
spanning tree protocol (STP) runs on each switch and is used to select a single path between any two switches. |
|
|
Term
|
Definition
Load balancing configures a group of servers in a logical group (called a server farm). Incoming requests to the group are distributed to individual members within the group. Incoming requests can be distributed evenly or unevenly between group members based on additional criteria such as server capacity. |
|
|
Term
|
Definition
Caching is the process of saving previously acquired data for quick retrieval at a later time. With caching, data is stored in memory or on disk within a network device, where it can quickly be retrieved when needed. Recalling the data from the cache is faster than requesting the data from the original location. |
|
|
Term
|
Definition
QoS refers to a set of mechanisms that try to guarantee timely delivery or minimal delay of important or timesensitive communications. |
|
|
Term
|
Definition
is a device that is capable of modifying the flow of data through a network in response to network traffic conditions. Specific -Bandwidth throttling-imit the amount of data that can be downloaded from a website in an hour -Rate limiting to restrict the maximum bandwidth available to a customer |
|
|
Term
Multilayer switch/content switch |
|
Definition
Normal switching occurs at the OSI model layer 2, using the MAC address to perform frame forwarding. Switches use specialized hardware called an applicationspecific integrated circuit (ASIC), which performs switching functions in hardware rather than using the CPU and software. |
|
|
Term
Common Address Redundancy Protocol (CARP) |
|
Definition
CARP is an implementation of fault tolerance that allows multiple firewalls and/or routers on the same local network to share a set of IP addresses. If one of the firewalls or routers fails, the shared IP address allows hosts to continue communicating with the firewall or router without interruption. |
|
|
Term
NIC Teaming, also known as Load Balancing/Failover |
|
Definition
allows multiple network adapters to function together as a single network interface
1. To provide additional bandwidth. If you configure the team so all of the NICs are active at the same time, then the system gets the form of group bandwidth of all the NICs in the team 2.To provide fault tolerance |
|
|
Term
|
Definition
1.You need to install at least two Ethernet interfaces in the system 2.The drivers used for the NICs must support teaming 3.The computer's operating system must support NIC teaming. |
|
|
Term
|
Definition
Switchdependent teaming requires the adapters in a team to be connected to the same switch. This configuration is used to implement bandwidth aggregation. All of the NICs within the team are in an active/active state, meaning they are online and processing frames all of the time. |
|
|
Term
|
Definition
allows the adapters in a team to be connected to different switches. This configuration is used to provide failover redundancy and increase the system’s availability. Using multiple NICs and switches protects the system from a failed network card and a failed network switch. 1.switches are not aware that the interfaces on the server are members of a NIC team. 2.One interface in the team operates in passive mode. It doesn't process frames unless one of the other interfaces in the team fails. |
|
|
Term
|
Definition
are devices that can encrypt and decrypt packets. When you create a VPN, you establish a security association between the two tunnel endpoints. The endpoints create a secure, |
|
|
Term
|
Definition
Routers use the unencrypted packet headers to deliver the packet to the destination device. Intermediate routers along the path cannot read the encrypted packet contents 1.A VPN can be used over a local area network, across a WAN connection, over the Internet, and even over a dialup connection. 2.VPNs work by using a tunneling protocol that encrypts packet contents and wraps them in an unencrypted packet. |
|
|
Term
PointtoPoint Tunneling Protocol (PPTP) |
|
Definition
Microsoft as one of the first VPN protocols
Uses standard authentication protocols, such as CHAP and PAP. Supports TCP/IP only. Encapsulates other LAN protocols and carries the data securely over an IP network. Uses MPPE for data encryption. Is supported by most operating systems and servers. Uses TCP port 1723 |
|
|
Term
Layer Two Tunneling Protocol (L2TP) |
|
Definition
L2TP is an open standard for secure multiprotocol routing. L2TP: Supports multiple protocols (not just IP). Uses IPsec for encryption. Is not supported by older operating systems. Uses TCP port 1701 and UDP port 500. |
|
|
Term
Internet Protocol Security (IPsec) |
|
Definition
authentication and encryption, and it can be used in conjunction with L2TP or by itself as a VPN solution. IPsec includes the following three protocols for authentication, data encryption, and connection negotiation: 1.Authentication Header (AH) enables authentication with IPsec. 2.Encapsulating Security Payload (ESP) provides data encryption. 3.Internet Key Exchange (IKE) negotiates the connection. |
|
|
Term
secure IPsec the following types of comm. |
|
Definition
1.Hosttohost communications within a LAN. 2.VPN communications through the Internet, 3.Any traffic supported by the IP protocol, including web, email, Telnet, file transfer, SNMP traffic, as well as countless others. |
|
|
Term
|
Definition
uses either digital certificates or preshared keys IPsec cannot be used used with NAT. This is because when NAT modifies the source or destination address of a packet, |
|
|
Term
|
Definition
The SSL protocol has long been used to secure traffic generated by IP protocols such as HTTP, FTP, and email. SSL can also be used as a VPN solution, typically in a remote access scenario. Authenticates the server to the client using public key cryptography and digital certificates. Encrypts the entire communication session. Uses port 443, which is already open on most firewalls. |
|
|
Term
Generic Routing Encapsulation (GRE) |
|
Definition
GRE is a tunneling protocol that was developed by Cisco. GRE can be used to route any Layer 3 protocol across an IP network. Creates a tunnel between two routers. Encapsulates packets by adding a GRE header and a new IP header to the original packet. Does not offer any type of encryption. Can be paired with other protocols, such as IPsec or PPTP, to create a secure VPN connection. |
|
|
Term
|
Definition
connects 2 or more media segments on the same subnet, and it filters traffic between both segments based on the MAC address in the frame layer 2 OSI model are used to separate one part of a subnet form another/ elimantes unecessary traffic between segments and keeps the network from wasting bandwith. |
|
|
Term
|
Definition
1.Frequency Hopping Spread Spectrum (FHSS) 2.DirectSequence Spread Spectrum (DSSS) 3.Orthogonal FrequencyDivision Multiplexing (OFDM) |
|
|
Term
|
Definition
|
|
Term
Frequency Hopping Spread Spectrum (FHSS) |
|
Definition
Because FHSS shifts automatically between frequencies, it can avoid interference that may be on a single frequency. Hopping between frequencies increases transmission security by making eavesdropping and data capture more difficult. |
|
|
Term
DirectSequence Spread Spectrum (DSSS) |
|
Definition
With DSSS, the transmitter breaks data into pieces and sends the pieces across multiple frequencies in a defined range. DSSS is more susceptible to interference and less secure then FHSS. |
|
|
Term
Orthogonal FrequencyDivision Multiplexing (OFDM) |
|
Definition
breaks data into very small data streams in order to send the information across long distances where environmental obstacles may be an issue 1.which allows for a very large number of small data streams in a single frequency. Reduces the effects of signal interference caused by environmental obstacles, such as walls or buildings. 2.Is used by 802.11g/a/n and ac wireless 3.networks to achieve higher transfer speeds |
|
|
Term
|
Definition
An ad hoc network works in peertopeer mode without an access point. The wireless NICs in each host communicate directly with one another. An ad hoc network: Uses a physical mesh topology with a logical bus topology. Is cheap and easy to set up. Cannot handle a large number of hosts. Requires special modifications to reach wired networks. |
|
|
Term
|
Definition
wireless network uses an access point (AP) that functions like a hub on an Ethernet network. |
|
|
Term
|
Definition
Wireless networks use Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) to control media access and avoid (rather than detect) collisions. Collision avoidance uses the following process 1.The sending device listens to make sure that no other device is transmitting. If another device is transmitting, the device waits a random period of time (called a backoff period) before attempting to send again 2.the sending device broadcasts a Request to send (RTS) message to the receiver or AP. The RTS includes the source and destination, as well as information on the duration of the requested communication. 3. The receiving device responds with a Clear to send (CTS) message. The CTS also includes the communication duration period. Other devices use the information in the RTS and CTS to delay send attempts until the communication duration period (and subsequent acknowledgement) has passed. 4. The sending device transmits the data. The receiving device responds with an acknowledgement (ACK). If an acknowledgement is not received, the sending device assumes a collision occurred and retransmits the affected packet. in halfduplex |
|
|
Term
|
Definition
A wireless NIC sends and receives signals |
|
|
Term
|
Definition
An STA is a wireless NIC in an end device such as a laptop or wireless PDA. STA often refers to the device itself, not just the NIC. |
|
|
Term
|
Definition
An AP, sometimes called a wireless AP (WAP), is the device that coordinates all communications between wireless devices, as well as the connection to the wired network. It acts as a hub on the wireless side and a bridge on the wired side. It also synchronizes the stations within a network to minimize collisions. |
|
|
Term
|
Definition
A BSS, also called a cell, is the smallest unit of a wireless network. All devices in the BSS can communicate with each other. The devices in the BSS depend on the operating mode. In an ad hoc implementation, each BSS contains two devices that communicate directly with each other. In an infrastructure implementation, the BSS consists of one AP and all STAs associated with the AP. |
|
|
Term
Independent Basic Service Set (IBSS) |
|
Definition
An IBSS is a set of STAs configured in ad hoc mode. |
|
|
Term
|
Definition
An ESS consists of multiple BSSs with a distribution system (DS). The graphic above is an example of an ESS. In an ESS, BSSs that have an overlapping transmission range use different frequencies. |
|
|
Term
|
Definition
The DS is the backbone or LAN that connects multiple APs (and BSSs) together. The DS allows wireless clients to communicate with the wired network and with wireless clients in other cells. |
|
|
Term
Basic Service Set Identifier (BSSID) |
|
Definition
network. The BSSID allows devices to find a specific AP within an ESS that has multiple access points, and it is used by STAs to keep track of APs when roaming between BSSs. |
|
|
Term
different intrusion detection system (IDS) |
|
Definition
1.Response capability 2.Recognition method 3.Detection scope |
|
|
Term
|
Definition
A passive IDS monitors, logs, and detects security breaches but takes no action to stop or prevent the attack. A passive IDS: An active IDS (also called an intrusion protection system or IPS) performs the functions of an IDS but can also react when security breaches occur. |
|
|
Term
|
Definition
defines how the system distinguishes attacks and threats from normal activity. 1.Signature recognition, also referred to as pattern matching or dictionary recognition, looks for patterns in network traffic and compares them to known attack patterns called signatures. 2.Anomaly recognition, also referred to as behavior or heuristic recognition, monitors traffic to define a standard activity pattern as "normal." |
|
|
Term
|
Definition
classified based on where the system runs and the scope of threats it looks for. 1.A hostbased IDS (HIDS) is installed on a single host and monitors all traffic coming into the host. A HIDS: Is used to detect attacks that are unique to the services on the system 2.A networkbased IDS (NIDS) is a dedicated device installed on the network. It analyzes all traffic on the network. A NIDS is: Typically implemented as part of a firewall device acting as a router. |
|
|
Term
performing regular monitoring with common network tools |
|
Definition
1.Use a packet sniffer to examine network traffic. 2.Use a port scanner to check for open ports on a system or a firewall. 3.Run security scanning software on each system to detect malware or other security vulnerabilities |
|
|
Term
|
Definition
is a device or virtual machine that entices intruders by displaying a vulnerability, configuration flaw, or appearing to contain valuable data |
|
|
Term
|
Definition
is a network of honeypots. |
|
|
Term
|
Definition
also called a sticky honeypot) is a honeypot that answers connection requests in such a way that the attacking computer is "stuck" for a period of time. |
|
|
Term
|
Definition
a software program that passively searches an application, computer, or network for weaknesses, |
|
|
Term
|
Definition
tool that sends ICMP echo/request packets to one or multiple IP addresses. To protect against attacks that use ICMP, use a ping scanner to identify the systems on the network that respond to ICMP requests, |
|
|
Term
|
Definition
is a tool that probes systems for open ports. The most common use of a port scanner is to perform a TCP SYN scan |
|
|
Term
|
Definition
is a tool that discovers devices on the network and displays the devices in a graphical representation. Network mappers typically use a ping scan to discover devices and a port scanner to identify open ports on those devices. |
|
|
Term
|
Definition
tool that performs cryptographic attacks on passwords. Use a password cracker to identify weak passwords and passwords protected with weak encryption. |
|
|
Term
Open Vulnerability. and Assessment Language (OVAL) |
|
Definition
The Open Vulnerability and Assessment Language is an international standard for testing, analyzing, and reporting the security vulnerabilities of a system. |
|
|
Term
|
Definition
56 Kbps POTS stands for Plain Old Telephone Service Existing wires use only one twisted pair. Analog signals are used through the local loop. |
|
|
Term
|
Definition
1.544 Mbps run over 2 pairs UTP cabling but they can run coaxial , fiber optic or satelitte connect CSU and DSU |
|
|
Term
|
Definition
44.736 mb 672 channels that each run at 6 kps DS3 |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
Optical carrier specifications define the types and throughput of fiber optic cabling used in SONET |
|
|
Term
|
Definition
The WAN cloud is the collection of equipment that makes up the WAN network. The WAN cloud is owned and maintained by telecommunications companies. It is represented as a cloud because the physical structure varies, and different networks with common connection points may overlap. |
|
|
Term
|
Definition
The central office is a switching facility connected to the WAN, and it is the nearest point of presence for the WAN provider. It provides WAN cloud entry and exit points. |
|
|
Term
|
Definition
The local loop is the cable that extends from the central office to the customer location. The local loop is owned and maintained by the WAN service provider. It typically uses UTP, but it can also be implemented using fiber optic cabling or other media. |
|
|
Term
|
Definition
When you contract with a local exchange carrier (LEC) for data or telephone services, they install a physical cable and a termination jack onto your premises. The demarcation point marks the boundary between the telco equipment and your organization's network or telephone system. |
|
|
Term
Customer Premises Equipment (CPE) |
|
Definition
Devices physically located on the subscriber's premises are referred to as the customer premises equipment. CPE includes both the wiring and devices that the subscriber owns and the equipment leased from the WAN provider. |
|
|
Term
|
Definition
terminates the digital signal and provides error correction and line monitoring |
|
|
Term
|
Definition
converts the digital data into synchronous serial data for connection to a router. |
|
|
Term
|
Definition
A circuitswitched network uses a dedicated connection between sites. Circuit switching is ideal for transmitting data that must arrive quickly in the order it is sent, as is the case with realtime audio and video. |
|
|
Term
|
Definition
A packetswitched network allows data to be broken up into packets. Packets are transmitted along the most efficient route to the destination. Packet switching is ideal for transmitting data that can handle transmission delays, as is often the case with web pages and email. |
|
|
Term
process needed to remote access facts |
|
Definition
Physical connection
Connection parameters -After the physical connection is set up, a Data Link layer connection is established. During this phase, additional parameters that will be used during the connection are decided. PPP or PPPoe Protocols negotiated at this phase control the following parameters: Upper layer protocol suite (such as IP) Network layer addressing Compression (if any) Encryption (if any) Authentication method Authentication The authentication protocol is negotiated during the connection parameter phase. After devices agree on the authentication protocol to use, the logon credentials are exchanged and logon is allowed or denied. Several common protocols are used for remote access authentication. Challenge Handshake Authentication Protocol (CHAP) Microsoft Challenge Handshake Authentication Protocol (MSCHAP) Extensible Authentication Protocol (EAP)
Authorization-is the process of identifying the resources that a user can access over the remote access connection. Authorization can restrict access based on the following parameters: Time of day Type of connection (e.g., PPP or PPPoE, wired or wireless) Location of the resource (e.g., restrict access to specific servers
Accounting -is an activity that tracks or logs the use of the remote access connection. Accounting is often used by ISPs to bill for services based on time spent or the amount of data downloaded. |
|
|
Term
used Remote Access Service |
|
Definition
used by a remote access server to control access for remote access clients. Clients might be granted access to resources on only the remote access server, or they might be allowed to access resources on other hosts on the private network. |
|
|
Term
|
Definition
is used by Microsoft servers for centralized remote access administration. RADIUS: Combines authentication and authorization using policies to grant access. Uses UDP. Encrypts only the password. Often uses vendorspecific extensions. RADIUS solutions from different vendors might not be compatible. |
|
|
Term
|
Definition
was originally developed by Cisco for centralized remote access administration. TACACS+: Provides three protocols, one each for authentication, authorization, and accounting. This allows each service to be provided by a different server. Uses TCP port 49. Encrypts the entire packet contents. Supports more protocol suites than RADIUS. |
|
|
Term
|
Definition
creates logical groups of hosts—messages sent to the group are received by all group membersstreaming video and audio applications, such as video conferencing Frames that contain multicast traffic are sent to a special MAC address. A regular switch that receives multicast traffic sends the traffic out all ports, because the destination MAC address will be an unknown address. |
|
|
Term
|
Definition
Messages are sent to a specific host address. The sending device must know the IP address of all recipients, and must create a separate packet for each destination device. |
|
|
Term
|
Definition
A single packet is sent to the broadcast address and is processed by all hosts. All hosts, and not just group members, receive the packet. Broadcast packets are not typically forwarded by routers, so broadcast traffic is limited to within a single subnet. |
|
|
Term
Internet Group Management Protocol (IGMP) |
|
Definition
is used to identify group members and to forward multicast packets on to the segments where group members reside. IGMP routers keep track of the attached subnets that have group members, using the following process: 1.A router sends out a host membership query. 2. Hosts that are members of any groups respond with a list of the groups they belong to. 3. The router uses these responses to compile a list of the groups on the subnet that have group members. 4. When a host joins a new group, it automatically sends a join group message to the router. 5. The IGMP router reports to upstream routers that they have members of a specific group. snooping on a switch allows the switch to control which ports get IGMP traffic for a specific group. |
|
|
Term
Which process used when sending a multicast stream: |
|
Definition
The sending server sends packets addressed to the multicast group. 1. The sending server sends packets addressed to the multicast group. 2. Routers receive the multicast packets and check their lists of group members. subnet does not have any group members, the packet is not forwarded on that subnet. router does not have any subnets with group members, the packet is dropped and not forwarded. |
|
|
Term
Public Switched Telephone Network (PSTN) |
|
Definition
POTS phone line with a modem. Dialup uses a single 64 Kbps channel. |
|
|
Term
Digital Subscriber Line (DSL) |
|
Definition
offers digital communications over existing POTS lines. Data is sent using multiplexed channels over existing telephone wiring. Implementation requires a DSL router or a single DSL network interface connected to the phone line. |
|
|
Term
|
Definition
provides different download and upload speeds. allows regular analog phone calls and digital access on the same line at the same time. Splitters are required to separate the analog signals from the digital signals |
|
|
Term
|
Definition
provides equal download and upload speeds. The entire line is used for data; simultaneous voice and data is not supported. Splitters are not required, because voice traffic does not exist on the line |
|
|
Term
There are 2 Cellular types |
|
Definition
Global System for Mobile Communicationswas created in Europe and is used by the majority of the world's mobile service providers. GSM uses timedivision multiple access (TDMA) technology to allow multiple connections on the same frequency. Code Division Multiple Access (CDMA) is used by the majority of mobile service providers within the United States. It enables multiple connections on the same frequency. With CDMA, each call is encoded with a unique key and then transmitted simultaneously. The unique keys are then used to extract each call from the transmission. |
|
|
Term
|
Definition
networks were the first to offer digital data services. 2G data speeds are slow (14.4 Kbps) and are used mainly for text messaging, not Internet connectivity. 2.5G supports speeds up to 144 Kbps. |
|
|
Term
|
Definition
also called 2.75G) networks are an intermediary between 2G and 3G networks. EDGE is the first cellular technology to be truly Internet compatible, with speeds of 400–1,000 Kbps. |
|
|
Term
|
Definition
simultaneous voice and data. Minimum speeds for stationary users are quoted at 2 Mbps or higher. The following extensions enhance 1.HSPA+ -also known as smart antenna) uses multipleinput and multipleoutput (MIMO), and significantly increases data throughput and link range without additional bandwidth or increased transmit power. 2. Long Term Evolution (LTE) and LTEAdvanced increase downlink/uplink speeds to 100/50 Mbps and 1Gbps/500Mbps, respectively. |
|
|
Term
|
Definition
Uses MIMO. Is not compatible with 3G; 4G requires a complete retrofit on the part of service providers and new equipment for the consumer. Utilizes Worldwide Interoperability for Microwave Access (WiMAX). WiMAX delivers highspeed Internet service (up to 1 Gbps for stationary users) to large geographical areas. |
|
|
Term
Broadband over power line (BPL) |
|
Definition
a system that transmits twoway data over the existing electrical distribution wiring. This service could be enabled within a single building or provided throughout a metropolitan area. BPL avoids the expense of a dedicated network of wires for data communication |
|
|
Term
Integrated Services Digital Network (ISDN) |
|
Definition
offers digital communications over existing POTS lines or T1 lines. ISDN is more common in Europe than in the United States. The transmission medium is divided into channels for digital data. Subscribers must be within a certain distance of the phone company equipment, although this distance can be extended with repeaters. Phone calls use digital ISDN phones or analog phones connected to a converter. |
|
|
Term
|
Definition
provides two 64 Kbps data channels and one 16 Kbps control channel. BRI uses 4 wires on the existing POTS installation. With ISDN BRI, you can use one channel for voice and one channel for data, or both channels for different voice calls. Depending on the implementation, you can also bond the B channels to use them together for faster data speeds. |
|
|
Term
|
Definition
(primary rate) provides 23 64 Kbps data channels and one 64 Kbps control channel on a T1 line (or 30 64 Kbps data channels and one 64 Kbps control channel on an E1 line). |
|
|
Term
|
Definition
is a protocol optimized for the transmission of voice data (telephone calls) through a packetswitched IP network. VoIP routes phone calls through an IP network, including the Internet, instead of through the public switched telephone system (PSTN). |
|
|
Term
|
Definition
1.Using an analog telephone adapter to connect the existing analog phone system to a VoIP network 2.Using a VoIP phone that is capable of sending and receiving digital voice signals that are already formatted for the VoIP network. When using VoIP phones, you may need to connect the phones to special switches with Power over Ethernet (PoE) capabilities. 3.Running special software that allows a computer to send and receive VoIP calls. The software converts the input fro |
|
|
Term
unified communication devices to provide voice services |
|
Definition
Voice Voicemail Instant messaging Presence information (identifies whether a user is online and available or not) Video conferencing Faxing Web conferencing and desktop sharing |
|
|
Term
How does VoIP uses regular IP packets for sending voice data over a network |
|
Definition
1. If a regular phone is used, analog signals are converted to digital data. 2. Digital data is segmented and placed into IP packets. 3. Packets are sent through an IP network. A VoIP call consists of two data flows: The voice carrier stream, consisting of Realtime Transport Protocol (RTP) packets that contain the actual voice samples. The call control signaling uses one of several protocols to set up, maintain, teardown, and redirect the call. Protocols used in call control include the following: H.323 Session Initiation Protocol (SIP) Media Gateway Control Protocol (MGCP) 4. At the receiving end, packets become segments, which are reassembled into the voice data stream. If necessary, digital data is converted back to analog for use on an analog phone or for final transmission onto the PSTN. |
|
|
Term
Advantage IP network for voice |
|
Definition
Administration is simplified because you maintain a single network for both data and voice instead of using a separate infrastructure for voiceonly traffic. Costs are typically lower than longdistance costs over the PSTN. Adding additional phone lines is easier and less expensive than adding lines from the PSTN. Because VoIP packets are regular IP packets, encryption is easily added to VoIP data—something that is difficult to accomplish for traditional PSTN calls. |
|
|
Term
What are the problems with VoIP |
|
Definition
1. Delay 2.Jitter 3.PAcket loss 4.Echo 5.Power loss |
|
|
Term
|
Definition
integrates multiple types of realtime, IPbased digital communication together into a single system. Types of communication include: Voice calls Audio conferencing Video conferencing (VTC) Desktop sharing Instant messaging
UC systems also provide nonrealtime communications, including: Texting Voicemail Email Faxing |
|
|
Term
unified communications is used |
|
Definition
of these services and applications are designed to work together seamlessly. A UC system provides users with multiple options for exchanging information with each other. For example, a user can use a UC system to schedule and host a video conference |
|
|
Term
|
Definition
presence information, which lets users inform each other of their availability for communication. For example, a user's status could be displayed as: Available Busy On a call Do not disturb Away from my computer Offline |
|
|
Term
|
Definition
when one employee specifies that a particular task is complete in the organization's workflow application, a notification is automatically sent to the next employee in the business process, indicating that the task is now ready to be worked on. |
|
|
Term
what are UC system contains many components |
|
Definition
The UC server manages the entire UC system and provides the necessary services. UC devices connect to the UC server and are used to access the services it provides. UC devices can be divided into two categories: Hardware UC devices like an IP phone are designed to work specifically with the UC server. Software UC devices include computers, tablets, and smart phones that have the necessary client software installed to access the UC system. Some UC products require a proprietary client to be installed, while others simply use the web browser already installed on these devices. A UC gateway connects the digital, IPbased UC network with legacy analog networks, such as the Public Switched Telephone Network (PSTN). |
|
|
Term
below describes the method used to obtain an address from a DHCP server |
|
Definition
DHCP Discover (D) The client begins by sending out a DHCP Discover frame to identify DHCP servers on the network. DHCP Offer (O) A DHCP server that receives a Discover request from a client responds with a DHCP Offer advertisement, which contains an available IP address. If more than one DHCP server responds with an offer, the client usually responds to the first offer that it receives. DHCP Request (R) The client accepts the offered address by sending a DHCP Request back to the DHCP server. If multiple offers were sent, the DHCP Request message from the client also informs the other DHCP servers that their offers were not accepted and the IP addresses contained in their offers can be made available to other clients. DHCP ACK (A) The DHCP server responds to the request by sending a DHCP ACK (acknowledgement). At this point, the IP address is leased to and configured on the DHCP client. If the DHCP server is on a different subnet, additional configuration steps are required, since the DHCP broadcast frames are dropped by network routers by default. |
|
|
Term
what is scope and important of it |
|
Definition
is the range of IP addresses that the DHCP server can assign to clients. When working with scopes, remember the following: There should be only one scope per network segment. The scope must be activated before the DHCP server can assign addresses to clients. After you activate a scope, you should not change it. A scope has a subnet mask that determines the subnet for a given IP address. You cannot change the subnet mask of an existing DHCP scope; to change the subnet mask used by a scope, you must delete and recreate the scope. Lease duration values are part of the scope properties, and they determine the length of time a client can use an IP address leased through DHCP. |
|
|
Term
other service provide DHCP |
|
Definition
The following three levels of options can be configured: Server options are applied to all computers that get an IP address from the DHCP server, regardless of which scope they obtain the address from. (e.g., if your organization has only one DNS server, then all DHCP clients need the same DNS server address.) Scope options are applied to all computers that get an IP address from a particular scope on the DHCP server. (e.g., because scopes are associated with specific subnets, each scope needs to be configured with the appropriate default gateway address option.) Client options are applied to a specific DHCP client. The client's MAC address is used to identify which system receives the option. |
|
|
Term
What are the DHCP server status |
|
Definition
A check mark in a green circle indicates that the DHCP server is connected and authorized. A red down arrow indicates that the DHCP server is connected but not authorized. A horizontal white line inside a red circle indicates that the DHCP server is connected, but the current user does not have the administrative credentials necessary to manage the server. An exclamation point inside a yellow triangle indicates that 90% of available addresses for server scopes are either in use or leased. An exclamation point inside a blue circle indicates that 100% of available addresses for server scopes are either in use or leased. |
|
|
Term
|
Definition
a softwareor hardwarebased network security system that allows or denies network traffic according to a set of rules. |
|
|
Term
|
Definition
is installed on the edge of a private network or network segment. Most networkbased firewalls are considered hardware firewalls, even though they use a combination of hardware and software to protect the network from Internet attacks. Networkbased firewalls are more expensive and require more configuration than other types of firewalls, but they are much more robust and secure. |
|
|
Term
|
Definition
is installed on a single computer in a network. Almost all hostbased firewalls are software firewalls. A hostbased firewall can be used to protect a computer when no networkbased firewall exists (e.g., when connected to a public network). Hostbased firewalls are less expensive and easier to use than networkbased firewalls, but they don't offer the same level of protection or customization. used in addition to a networkbased firewall to provide multiple layers of protection |
|
|
Term
|
Definition
allowed and blocked traffic. A rule identifies characteristics of the traffic: The interface the rule applies to The direction of traffic (inbound or outbound) Packet information such as the source or destination IP address or port number The action to take when the traffic matches the filter criteria |
|
|
Term
|
Definition
This is a line at the end of the ACL stating that if a packet doesn't match any of the defined rules, then it will be dropped. |
|
|
Term
packet filtering firewall |
|
Definition
makes decisions about which network traffic to allow by examining information in the IP packet header such as source and destination addresses, ports, and service protocols. A packet filtering firewall: Uses ACLs or filter rules to control traffic. Operates at OSI Layer 3 (Network layer). Offers high performance because it examines only the addressing information in the packet header. Can be implemented using features that are included in most routers. Is a popular solution because it is easy to implement and maintain, has a minimal impact on system performance, and is fairly inexpensive. A packet filtering firewall is considered a stateless firewall because it examines each packet and uses rules to accept or reject it, |
|
|
Term
|
Definition
gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuitlevel gateway
Operates at OSI Layer 5 (Session layer). Keeps a table of known connections and sessions. Packets directed to known sessions are accepted. Verifies that packets are properly sequenced. Ensures that the TCP threeway handshake process occurs only when appropriate. Does not filter packets. Instead, it allows or denies sessions. considered a stateful firewall because it keeps track of the state of a session. uses dynamic ports, because the firewall matches the session information for filtering and not the port numbers. In general, circuitlevel proxies are slower than packet filtering firewalls |
|
|
Term
|
Definition
is capable of filtering based on information contained within the data portion of a packet. An applicationlevel gateway: Examines the entirety of the content being transferred (not just individual packets). Operates at OSI Layer 7 (Application layer). Understands, or interfaces with, the applicationlayer protocol. Can filter based on user, group, and data (e.g., URLs within an HTTP request). Is the slowest form of firewall because entire messages are reassembled at the Application layer. One example of an applicationlevel gateway is a proxy server |
|
|
Term
|
Definition
Control both inbound and outbound traffic. Increase performance by caching frequently accessed content. Content is retrieved from the proxy cache instead of the original server. Filter content and restrict access depending on the user or specific website. Shield or hide a private network. |
|
|
Term
what are the two different types of proxy servers |
|
Definition
A forward proxy server handles requests from inside a private network out to the Internet. A reverse proxy server handles requests from the Internet to a server located inside a private network. A reverse proxy can perform load balancing, authentication, and caching. |
|
|
Term
unified threat management device |
|
Definition
combines multiple security features into a single network appliance. A single UTM device can provide several security features: Firewall VPN Antspam Antivirus Load balancing disadvantage single point of failure |
|
|
Term
UTM devices are best suited for |
|
Definition
Offices where space limits don't allow for multiple security appliances. Satellite offices that need to be managed remotely. Configuration changes need to be made on only one device, rather than multiple devices. Smaller businesses that wouldn't benefit from the robust features provided by specific security appliances |
|
|
Term
method of using firewalls is to define various network zones |
|
Definition
you can define a zone that includes all hosts on your private network protected from the Internet, and you can define another zone within your network for controlled access to specific servers that hold sensitive information. |
|
|
Term
what does ICANN specifies |
|
Definition
Well known ports range from 0 to 1023 and are assigned to common protocols and services. Registered ports range from 1024 to 49151 and are assigned by ICANN to a specific service. Dynamic (also called private or high) ports range from 49152 to 65535 and can be used by any service on an ad hoc basis. Ports are assigned when a session is established, and ports are released when the session ends. |
|
|
Term
|
Definition
Ports allow a single host with a single IP address to run network services. Each port number identifies a distinct service. Each host can have over 65,000 ports per IP address. Port use is regulated by the Internet Corporation for Assigned Names and Numbers (ICANN). |
|
|
Term
File Transfer Protocol (FTP) |
|
Definition
20 TCP and UDP 21 TCP and UDP |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
Simple Mail Transfer Protocol (SMTP) |
|
Definition
|
|
Term
|
Definition
|
|
Term
Dynamic Host Configuration Protocol (DHCP) |
|
Definition
67 TCP and UDP 68 TCP and UDP |
|
|
Term
Trivial File Transfer Protocol (TFTP) |
|
Definition
|
|
Term
Hypertext Transfer Protocol (HTTP) |
|
Definition
|
|
Term
Post Office Protocol (POP3) |
|
Definition
|
|
Term
Network News Transport Protocol (NNTP) |
|
Definition
|
|
Term
Network Time Protocol (NTP) |
|
Definition
|
|
Term
NetBIOS Name Service NetBIOS Datagram Service NetBIOS Session Service |
|
Definition
137 TCP and UDP 138 TCP and UDP 139 TCP and UDP |
|
|
Term
Internet Message Access Protocol (IMAP4) |
|
Definition
|
|
Term
Simple Network Management Protocol (SNMP) |
|
Definition
|
|
Term
Lightweight Directory Access Protocol (LDAP) |
|
Definition
|
|
Term
HTTP over Secure Sockets Layer (HTTPS) |
|
Definition
|
|
Term
Microsoft Server Message Block (SMB) File Sharing |
|
Definition
|
|
Term
|
Definition
|
|
Term
Cisco Media Gateway Control Protocol (MGCP) |
|
Definition
|
|
Term
Remote Desktop Protocol (RDP) |
|
Definition
|
|
Term
Realtime Transport Protocol (RTP) Data |
|
Definition
|
|
Term
Realtime Transport Protocol (RTP) Control |
|
Definition
|
|
Term
Session Initiation Protocol (SIP) Session Initiation Protocol (SIP) over TLS |
|
Definition
|
|
Term
|
Definition
maps logical hostnames to IP addresses
Each division of the database is held in a zone database file. Zones typically contain one or more domains, although additional servers might hold information for child domains. DNS servers hold zone files and process name resolution requests from client systems |
|
|
Term
|
Definition
The . (dot) domain, also called the root domain, denotes a fully qualified, unambiguous domain name. |
|
|
Term
|
Definition
A TDL is the last part of a domain name (e.g., .com, .edu, .gov). TDLs are managed by the Internet Corporation of Assigned Names and Numbers (ICANN). |
|
|
Term
Fully qualified domain name (FQDN) |
|
Definition
The FQDN includes the hostname and all domain names, separated by periods. The final period (for the root domain) is often omitted and only implied. |
|
|
Term
|
Definition
The host name is the part of a domain name that represents a specific host. For example, with "www" is the host name of www.example.com. |
|
|
Term
|
Definition
are used to store entries for hostnames, IP addresses, and other information in the zone database. Each host has at least one record in the DNS database that maps the hostname to the IP address.
The A record maps an IPv4 (32bit) DNS hostname to an IP address. This is the most common resource record type. The AAAA record maps an IPv6 (128bit) DNS hostname to an IP address. The PTR record maps an IP address to a hostname (it "points" to an A record). The MX record identifies servers that can be used to deliver email. The CNAME record provides alternate names (or aliases) to hosts that already have a host record. Using a single A record with multiple CNAME records means that when the IP address changes, only the A record needs to be modified. |
|
|
Term
|
Definition
An authoritative server is a DNS server that has a full, complete copy of all the records for a particular domain. |
|
|
Term
|
Definition
enables clients or the DHCP server to update records in the zone database. Without dynamic updates, all A (host) and PTR (pointer) records must be configured manually. With dynamic updates, host records are created and deleted automatically whenever the DHCP server creates or releases an IP address lease. Dynamic updates occur when: A network host's IP address is added, released, or changed. The DHCP server changes or renews an IP address lease. The client's DNS information is manually changed using ipconfig /registerdns |
|
|
Term
|
Definition
s the process by which a DNS server uses root name servers and other DNS servers to perform name resolution The host looks in its local cache to see if it has recently resolved the hostname. . The host looks in its local cache to see if it has recently resolved the hostname. 2. If the information is not in the cache, it checks the Hosts file. The Hosts file is a static text file that contains hostnametoIP address mappings. 3. If the IP address is not found, the host contacts its preferred DNS server. If the preferred DNS server can't be contacted, the host continues contacting additional DNS servers until one responds. 4. The host sends the name information to the DNS server. The DNS server checks its cache and Hosts file. If the information is not found, the DNS server checks any zone files that it holds for the requested name. 5. If the DNS server can't find the name in its zones, it forwards the request to a root zone name server. This server returns the IP address of a DNS server that has information for the corresponding toplevel domain (such as .com). 6. The first DNS server requests the information from the toplevel domain server. The server returns the address of a DNS server with the information for the next highest domain. This process continues until a DNS server is contacted that holds the necessary information. 7. The DNS server places the information in its cache and returns the IP address to the client host. The client host also places the information in its cache and uses the IP address to contact the desired destination device. |
|
|
Term
|
Definition
finds the IP address for a given hostname |
|
|
Term
|
Definition
finds the hostname from a given IP address. |
|
|
Term
|
Definition
The last address in the range is the broadcast address, and it is used to send messages to all hosts on the network. In binary form, the broadcast address has all 1s in the host portion of the address. 115.255.255.255 is the broadcast address for network 115.0.0.0 |
|
|
Term
|
Definition
The Internet Assigned Numbers Authority manages the assignment of IP addresses on the Internet |
|
|
Term
|
Definition
Corporation for Assigned Names and Numbers IANA is operated by the Internet |
|
|
Term
|
Definition
Regional Internet Registries IANA allocates blocks of IP addresses has authority over IP addresses in a specific region of the world. assigns blocks of addresses to Internet Service Providers (ISPs). |
|
|
Term
|
Definition
assigns one or more IP addresses to individual computers or organizations connected to the Internet. |
|
|
Term
|
Definition
classful because the default subnet mask identifies the network portion and the host portion of the IP address. Classless addresses, |
|
|
Term
|
Definition
on the other hand, use a custom mask value to separate the network and host portions of the IP address. |
|
|
Term
|
Definition
Classless InterDomain Routing allows you to use only part of an octet for the network address |
|
|
Term
|
Definition
classful because the default subnet mask identifies the network portion and the host portion of the IP address. Classless addresses, |
|
|
Term
|
Definition
protocol used to connect to a WAN over dedicated (leased) lines
is a packet switching technology that supports variablesized data units called frames
Virtual circuits can be configured in two different ways. A pointtopoint circuit is established between two locations. A pointtomultipoint circuit is a single circuit that can be used to reach multiple locations. |
|
|
Term
synchronous Transfer Mode (ATM) |
|
Definition
WAN communication technology originally designed for carrying timesensitive data like voice and video. It can also be used for regular data transport. ATM is a packet switching technology that uses fixedlength data units called cells. Each cell is 53 bytes. ATM establishes a virtual circuit between two locations. A virtual channel is a data stream sent from one location to another. A virtual path is a collection of data streams with the same destination. |
|
|
Term
Synchronous Optical Networking (SONET) |
|
Definition
a subset or variation of the Synchronous Digital Hierarchy (SDH) standards for networking over an optical medium. It was originally developed as a WAN solution to interconnect optical devices from various vendors. SONET is a packet switching technology that uses different frame sizes, based on the bandwidth used on the SONET network. SONET is classified as a transport protocol, because it can carry other types of traffic, such as ATM, Ethernet, and IP. Most PSTN networks use SONET within the long distance portion of the PSTN network. SONET networks use dual, counterrotating fiber optic rings. If a break occurs in one ring, data can be routed over the other ring to keep traffic flowing. |
|
|
Term
Multiprotocol Label Switching (MPLS) |
|
Definition
WAN data classification and data carrying mechanism. MPLS is a packet switching technology that supports variablelength frames. MPLS adds a label to packets between the existing Network and Data Link layer formats. Labels are added when the packet enters the MPLS network and are removed when the packet exits the network. |
|
|
Term
What the different types of IPV6 |
|
Definition
ineterface can have more than one IPv6 Unicast Multicast Anycast Loopback |
|
|
Term
|
Definition
addresses are assigned to a single interface, for the purpose of allowing that one host to send and receive data. Packets sent to a unicast address are delivered to the interface identified by that address.
Linklocal Unique local Global unicast |
|
|
Term
|
Definition
addresses (also known as local link addresses) are addresses that are valid on only the current subnet. Details include the following: Linklocal addresses have an FE80::/10 prefix. This includes any address beginning with FE8, FE9, FEA, or FEB. All nodes must have at least one linklocal address, although each interface can have multiple addresses. Linklocal addresses are used for automatic address configuration, for neighbor discovery, or for subnets that have no routers. Do not use linklocal IPv6 addressing on routed networks. Routers never forward packets destined for linklocal addresses to other subnets. |
|
|
Term
|
Definition
addresses are private addresses used for communication within a site or between a limited number of sites. In other words, unique local addressing is commonly used for network communications that do not cross a public network; they are the equivalent of private addressing in IPv4
Because unique local addresses are not registered with IANA, they cannot be used on a public network (such as the Internet) without address translation. Addresses beginning with a prefix of FC00 or FD00 are unique local addresses. Following the prefix, the next 40 bits are used for the Global ID. The Global ID is generated randomly, creating a high probability of uniqueness on the entire Internet. Following the Global ID, the remaining 16 bits in the prefix are used for subnet information. Unique local addresses are likely to be globally unique, but they are not globally routable. Unique local addresses might be routed between sites by a local ISP. |
|
|
Term
|
Definition
addresses are addresses that are assigned to individual interfaces that are globally unique. All IPv6 addresses that haven't been specifically reserved for other purposes are defined as global unicast addresses. The global routing prefix assigned to an organization by an ISP is typically 48 bits long (/48), but it could be as short as /32 or as long as /56, depending on the ISP. All subnet IDs within the same organization must begin with the same global routing prefix, but they must also be uniquely identified using a different value in the subnet field. separate IPv6 subnets should be defined by the following: Network segments separated by routers VLANs Pointtopoint WAN links |
|
|
Term
|
Definition
addresses represent a dynamic group of hosts. Packets sent to a multicast address are sent to all interfaces identified by that address. If different multicast addresses are used for different functions, only the devices that need to participate in a particular function will respond to the multicast; devices that have no need to participate in the function will ignore the multicast. |
|
|
Term
|
Definition
address is a unicast address that is assigned to more than one interface, typically belonging to different hosts. An anycast packet is routed to the nearest interface having that address (based on routing protocol decisions). Details include the following: An anycast address is the same as a unicast address. Assigning the same unicast address to more than one interface makes it an anycast address. You can have a linklocal, unique local, or global unicast anycast address. When you assign an anycast address to an interface, you must explicitly identify the address as an anycast address (to distinguish it from a unicast address). Anycast addresses can be used to locate the nearest server of a specific type (e.g., the nearest DNS or network time server). |
|
|
Term
|
Definition
The local loopback address for the local host is 0:0:0:0:0:0:0:1 (also identified as ::1 or ::1/128). The local loopback address is not assigned to an interface. It can be used to verify that the TCP/IP protocol stack has been properly installed on the host. |
|
|
Term
|
Definition
configuration enables a host to communicate with IPv4 and IPv6 hosts; the IPv4 and IPv6 protocol stacks run concurrently on a host. IPv4 is used to communicate with IPv4 hosts, and IPv6 is used to communicate with IPv6 hosts. When dual stack is implemented on hosts, intermediate routers and switches must also run both protocol stacks. |
|
|
Term
Tunneling and several tunneling solutions |
|
Definition
allows IPv6 hosts or sites to communicate over the existing IPv4 infrastructure. With tunneling, a device encapsulates IPv6 packets within IPv4 packets for transmission across an IPv4 network, and then the IPv6 packets are deencapsulated by another device at the other end.
1.Manually configured tunnel 2.6to4 tunneling 3.4to6 tunneling 4.Intrasite Automatic Tunnel Addressing Protocol (ISATAP) 5.Teredo tunneling |
|
|
Term
|
Definition
With a manually configured tunnel, tunnel endpoints are configured as pointtopoint connections between devices. Because of the time and effort required for configuration, use manually configured tunnels only when you have a small number of sites that need to connect through the IPv4 Internet, or when you want to configure secure sitetosite associations. Manual tunneling: Is configured between routers at different sites. Requires dual stack routers as the tunnel endpoints. Hosts can be IPv6only hosts. Works through NAT. Uses a static association of an IPv6 address to the IPv4 address of the destination tunnel endpoint |
|
|
Term
|
Definition
With 6to4 tunneling, tunneling endpoints are configured automatically between devices. Use 6to4 tunneling to dynamically connect multiple sites through the IPv4 Internet. Because of its dynamic configuration, 6to4 tunneling is easier to administer than manual tunneling. 6to4 tunneling: Is configured between routers at different sites. Requires dual stack routers as the tunnel endpoints. Hosts can be IPv6only hosts. Works through NAT. Uses a dynamic association of an IPv6 site prefix to the IPv4 address of the destination tunnel endpoint. Automatically generates an IPv6 address for the site using the 2002::/16 prefix, followed by the public IPv4 address of the tunnel endpoint router. |
|
|
Term
|
Definition
4to6 tunneling works in a manner similar to 6to4 tunneling. However, instead of tunneling IPv6 traffic through an IPv4 network, 4to6 tunnels IPv4 traffic through an IPv6 network by encapsulating IPv4 packets within IPv6 packets. |
|
|
Term
Intrasite Automatic Tunnel Addressing Protocol (ISATAP) |
|
Definition
IPv6 communication over a private IPv4 network. ISATAP tunneling: Is configured between individual hosts and an ISATAP router. Requires a special dual stack ISATAP router to perform tunneling, and dual stack or IPv6only clients. Dual stack routers and hosts perform tunneling when communicating on the IPv4 network. Does not work through NAT. Automatically generates linklocal addresses that includes the IPv4 address of each host. The prefix is the wellknown linklocal prefix: FE80::/16. The remaining prefix values are set to 0. The first two quartets of the interface ID are set to 0000:5EFE. The remaining two quartets use the IPv4 address, written in either dotted decimal or hexadecimal notation. For example, a host with an IPv4 address of 192.168.12.155 would have the following IPv6 address when using ISATAP: FE80::5EFE:C0A8:0C9B (also designated as FE80::5EFE:192.168.12.155). Use ISATAP to begin a transition to IPv6 within a site. You can start by adding a single ISATAP router and configuring each host as an ISATAP client. |
|
|
Term
|
Definition
Teredo tunneling establishes a tunnel between individual hosts so they can communicate through a private or public IPv4 network. Teredo tunneling: Is configured between individual hosts. Uses dual stack hosts and performs tunneling of IPv6 to send on the IPv4 network. Works through NAT. In Windows 7, the Teredo component is enabled but inactive by default. In Windows 8, Teredo is enabled by default on work and home network profiles. On Linux, the Miredo client software is used to implement Teredo tunneling. |
|
|
Term
|
Definition
The entire 128bit address and all other configuration information is statically assigned to the host. |
|
|
Term
|
Definition
The prefix is statically assigned and the interface ID is derived from the MAC address. |
|
|
Term
Stateless Autoconfiguration |
|
Definition
Clients automatically generate the interface ID and learn the subnet prefix and default gateway through the Neighbor Discovery Protocol (NDP). NDP uses the following messages for autoconfiguration: A Router solicitation (RS) is a message sent by the client, requesting that routers respond. A Router advertisement (RA) is a message sent periodically by the router and in response to RS messages, informing clients of the IPv6 subnet prefix and the default gateway address. Hosts also use NDP to discover the addresses of other interfaces on the network, removing the need for the Address Resolution Protocol (ARP). Sets the interface ID automatically. Obtains the subnet prefix and default gateway from the RA message. Obtains DNS and other configuration information from a DHCPv6 server. The host sends out an INFORMATIONREQUEST message addressed to the multicast address FF02::1:2, requesting this information from the DHCPv6 server. |
|
|
Term
|
Definition
IPv6 uses an updated version of DHCP (called DHCPv6) that operates in one of two modes: Stateful DHCPv6 is when the DHCP server provides each client an IP address, default gateway, and other IP configuration information (such as the DNS server IP address). The DHCP server tracks the status (or state) of the client. Stateless DHCPv6 does not provide the client an IP address and does not track the status of each client. It is instead used to supply the client with the DNS server IP address. Stateless DHCPv6 is most useful when used in conjunction with stateless autoconfiguration |
|
|
Term
host starts up how does the process to configure the IPv6 address for each interface |
|
Definition
The host generates an IPv6 address using the linklocal prefix (FE80::/10) and modifies the MAC address to get the interface ID. The host sends a neighbor solicitation (NS) message addressed to its own linklocal address to see if the address it has chosen is already in use The host waits for an RA message from a router to learn the prefix The RA message contains information that identifies how the IPv6 address and other information should be configured. The following table shows possible combinations If a manual address or stateful autoconfiguration is used, the host sends an NS message to make sure the address is not already in use. |
|
|
Term
Stateful Autoconfiguration |
|
Definition
Obtains the interface ID, subnet prefix, default gateway, and other configuration information from a DHCPv6 server. The host sends out a REQUEST message addressed to the multicast address FF02::1:2, requesting this information from the DHCPv6 server. |
|
|
Term
|
Definition
Is a Data Link (Layer 2) protocol designed to facilitate communication over leased lines. Can be used on a wide variety of physical interfaces, including asynchronous serial, synchronous serial (dialup), and ISDN. Defines a header and trailer that specify a protocol type field. Contains protocols that integrate and support higher level protocols. Supports multiple Network layer protocols over the same link. Supports both IPv4 and IPv6. Provides optional authentication through PAP (2way authentication) or CHAP (3way authentication): PAP transmits the password in cleartext over the link. CHAP uses a hash of the password for authentication. The password itself is not transmitted on the link. Supports multilink connections, loadbalancing traffic over multiple physical links. Includes Link Quality Monitoring (LQM), which can detect link errors and can automatically terminate links with excessive errors. Includes looped link detection, which can identify when messages sent from a router are looped back to that router: Routers send magic numbers in communications. If a router receives a packet with its own magic number, the link is looped. |
|
|
Term
|
Definition
(MLP) is available on some routers. MLP is used to aggregate multiple WAN links into a single logical channel. |
|
|
Term
PPP uses these two main protocols |
|
Definition
Link Control Protocol (LCP)
Network Control Protocol (NCP) |
|
|
Term
Link Control Protocol (LCP) |
|
Definition
LCP is responsible for establishing, maintaining, and tearing down the PPP link. LCP packets are exchanged periodically. During link establishment, LCP agrees on encapsulation, packet size, and compression settings. LCP also indicates whether authentication should be used. Throughout the session, LCP packets are exchanged to: Detect loops. Detect and correct errors. Control the use of multiple links (multilink). When the session is terminated, LCP tears down the link. A single Link Control Protocol runs for each physical connection. |
|
|
Term
Network Control Protocol (NCP) |
|
Definition
NCP is used to agree on and configure Network layer protocols. Each Network layer protocol has a corresponding control protocol packet. Examples of control protocols include: IP Control Protocol (IPCP) IP version 6 Control Protocol (IPv6CP) A single PPP link can run multiple control protocols—one for each Network layer protocol supported on the link. |
|
|
Term
PPP establishes communication in three phases |
|
Definition
1. LCP phase—LCP packets are exchanged to open the link and agree on link settings. 2. Authenticate phase (optional)—Authenticationspecific packets are exchanged to configure authentication parameters and to authenticate the devices. LCP packets might also be exchanged during this phase to maintain the link. 3. NCP phase—NCP packets are exchanged to agree on which upper layer protocols to use. For example, routers might exchange IPCP and Cisco Discovery Protocol Control Protocol (CDPCP) packets to agree on using IP and CDP for Network layer communications. During this phase, LCP packets might continue to be exchanged |
|
|
Term
To configure PPP on the router, do the following |
|
Definition
1. Enable PPP encapsulation on the interface. You must set the encapsulation method to PPP before you can configure authentication or compression. 2. Select CHAP or PAP as the authentication method. 3. Configure username and password combinations. Keep in mind the following: Both routers need to be configured with a username and password. The username identifies the hostname of each router. The password must be the same on both routers. |
|
|
Term
network is made up of the following components |
|
Definition
computer transmiising media a path for electical signals between devices network interfaces device that send a receive electrial signals protocols rules or standards that describe how hosts communicate and exchange data |
|
|
Term
|
Definition
PeertoPeer ClientServer |
|
|
Term
|
Definition
In a clientserver network, hosts have specific roles. For example, some hosts are assigned server roles, which allow them to provide network resources to other hosts. Other hosts are assigned client roles, which allow them to consume network resources. Advantages of clientserver networks include the following: Easy to expand (scalable) Easy to support Centralized services Easy to back up Disadvantages of clientserver networks include the following: Expensive server operating systems Extensive advanced planning required |
|
|
Term
|
Definition
In a peertopeer network, each host can provide network resources to other hosts or access resources located on other hosts. Each host is in charge of controlling access to those resources. Advantages of peertopeer networks include the following: Easy implementation Inexpensive Disadvantages of peertopeer networks include the following: Difficult to expand (not scalable) Difficult to support Lack centralized control No centralized storage |
|
|
Term
Personal Area Network (PAN) |
|
Definition
A personal area network is a very small network used for communicating between personal devices. For example, a PAN may include a notebook computer, a wireless headset, a wireless printer, and a smart phone. A PAN is limited in range to only a few feet. A PAN is typically created using Bluetooth wireless technologies. |
|
|
Term
|
Definition
A local area network is a network in a small geographic area, like an office. A LAN typically uses wires to connect systems together. |
|
|
Term
Metropolitan Area Network (MAN) |
|
Definition
A metropolitan area network is a network that covers an area as small as a few city blocks to as large as an entire metropolitan city. MANs are typically owned and managed by a city as a public utility. Be aware that many IT professionals do not differentiate between a wide area network and a MAN, as they use essentially the same network technologies. |
|
|
Term
|
Definition
A wide area network is a group of LANs that are geographically isolated, but are connected to form a large internetwork. |
|
|
Term
The following table lists several ways to describe a network: |
|
Definition
Host Role Geography Management Participation |
|
|
Term
|
Definition
Network Subnet Internetwork |
|
|
Term
|
Definition
The term network often describes a computer system controlled by a single organization. This could be a local area network at a single location or a wide area network used by a single business or organization. If two companies connected their internal networks to share data, you could call it one network. In reality, however, it is two networks, because each network is managed by a different company. |
|
|
Term
|
Definition
A subnet is a portion of a network with a common network address. All devices on the subnet share the same network address, but they have unique host addresses. Each subnet in a larger network has a unique subnet address. Devices connected through hubs or switches are on the same subnet. Routers are used to connect multiple subnets. |
|
|
Term
|
Definition
A network with geographically disperse (WAN) connections that connect multiple LANs is often called an internetwork. Additionally, connecting two networks under different management is a form of internetworking, because data must travel between two networks. |
|
|
Term
|
Definition
Personal Area Network (PAN) Local Area Network (LAN) Wireless Local Area Network (WLAN) Metropolitan Area Network (MAN) Wide Area Network (WAN) |
|
|
Term
|
Definition
Internet Intranet Extranet |
|
|
Term
|
Definition
The Internet is a large, worldwide, public network. The network is public because virtually anyone can connect to it, and users or organizations make services freely available on the Internet. Users and organizations connect to the Internet through an Internet service provider (ISP). The Internet uses a set of communication protocols (TCP/IP) for providing services. Individuals and organizations can make services (such as a website) available to other users on the Internet. |
|
|
Term
|
Definition
An intranet is a private network that uses Internet technologies. Services on an intranet are only available to hosts that are connected to the private network. For example, your company might have a website that only employees can access. |
|
|
Term
|
Definition
An extranet is a private network that uses Internet technologies, but its resources are made available to external (but trusted) users. For example, you might create a website on a private network that only users from a partner company can access |
|
|
Term
The following are the components of fiber optic cabling: |
|
Definition
The core carries the signal. It is made of plastic or glass. The cladding maintains the signal in the center of the core as the cable bends. The sheathing protects the cladding and the core. |
|
|
Term
Fiber optic cabling offers the following advantages and disadvantages: |
|
Definition
Advantages Totally immune to EMI (electromagnetic interference) Highly resistant to eavesdropping Supports extremely high data transmission rates Allows greater cable distances without a repeater Disadvantages Very expensive Difficult to work with Special training required to attach connectors to cables |
|
|
Term
|
Definition
Data transfers through the core using a single light ray (the ray is also called a mode). The core diameter is around 10 microns. At distances up to 3 km, single mode delivers data rates up to 10 Gbps. Cable lengths can extend a great distance. |
|
|
Term
|
Definition
Data transfers through the core using multiple light rays. The core diameter is around 50 to 100 microns. At distances of under 2 km, multimode delivers data rates up to 1 Gbps. Cable lengths are limited in distance. |
|
|
Term
|
Definition
Used with single mode and multimode cabling. Has a keyed, bayonettype connector. Also called a pushin and twist connector. Each wire has a separate connector. Nickel plated with a ceramic ferrule to ensure proper core alignment and to prevent light ray deflection. As part of the assembly process, the exposed fiber tip must be polished to ensure that light is passed on from one cable to the next with no dispersion |
|
|
Term
|
Definition
Used with single mode and multimode cabling. Has a pushon/pulloff connector type that uses a locking tab to maintain connection. Each wire has a separate connector. Uses a ceramic ferrule to ensure proper core alignment and to prevent light ray deflection. As part of the assembly process, the exposed fiber tip must be polished. |
|
|
Term
|
Definition
Used with single mode and multimode cabling. Composed of a plastic connector with a locking tab, similar to a RJ45 connector. A single connector with two ends keeps the two cables in place. Uses a ceramic ferrule to ensure proper core alignment and to prevent light ray deflection. Is half the size of other fiber optic connectors. |
|
|
Term
|
Definition
Used with single mode and multimode cabling. Composed of a plastic connector with a locking tab. Uses metal guide pins to ensure that it is properly aligned. A single connector with one end holds both cables. Uses a ceramic ferrule to ensure proper core alignment and to prevent |
|
|
Term
|
Definition
Used only with single mode cabling. Each wire has a separate connector. Uses a threaded connector. Designed to stay securely connected in environments where it may experience physical shock or intense vibration. |
|
|
Term
|
Definition
To use this standard, arrange the wires from pins 1 to 8 in each connector in the following order: GW, G, OW, B, BW, O, BrW, Br. |
|
|
Term
|
Definition
To use this standard, arrange the wires from pins 1 to 8 in each connector in the following order: OW, O, GW, B, BW, G, BrW, Br |
|
|
Term
|
Definition
Computers connect to the network through a hub or switch with a straightthrough cable. There are two standards for creating straightthrough cables It doesn't matter which standard you use, but once you choose a standard, you should use the same one for all your cables to avoid confusion later on during troubleshooting. |
|
|
Term
|
Definition
Computers can connect directly to one another using a crossover cable. The easiest way to create a crossover cable is to arrange the wires using the T568A standard in the first connector and the T568B standard in the second connector. |
|
|
Term
Ethernet specifications use the following pins: |
|
Definition
Pin 1: Tx+ Pin 2: TxPin 3: Rx+ Pin 4: Unused Pin 5: Unused Pin 6: RxPin 7: Unused Pin 8: Unused |
|
|
Term
Main Distribution Frame (MDF) |
|
Definition
The main distribution frame is the main wiring point for a building. It is usually located on the bottom floor or basement. The LEC typically installs the demarc to the MDF. |
|
|
Term
Intermediate Distribution Frame (IDF) |
|
Definition
An intermediate distribution frame is a smaller wiring distribution point within a building. IDFs are typically located on each floor directly above the MDF, although additional IDFs can be added on each floor as necessary. |
|
|
Term
|
Definition
extends the demarcation point from its original location to another location within the building. The demarc extension usually consists of a single wire bundle that attaches to the existing demarc and supplies a termination point to a different location. You might need a demarc extension if your network occupies an upper floor of a building. The LEC will typically install the demarc into the MDF on the bottom floor, and you will need to install an extension to place the demarc into the IDF on your floor. You are responsible for installing the demarc extension, but the LEC might do it for an additional charge. |
|
|
Term
|
Definition
A vertical cross connect connects the MDF on the main floor to IDFs on upper floors. Cabling runs vertically between the MDF and the IDFs. |
|
|
Term
|
Definition
A horizontal cross connect connects IDFs on the same floor. Cabling runs horizontally between the IDF |
|
|
Term
|
Definition
A 25 pair cable consists of 25 pairs of copper wires in a single bundle (containing a total of 50 wires). 25 pair cables are often used for telephone installations that have multiple telephone lines, for replacing multiple Cat3/5/5e/6 cables in a single bundle, and for horizontal and vertical cross connects between the MDF and IDFs. Individual wires within the 25 pair cable use the following color coding scheme: A total of 10 colors are used in two different groups: Group 1 colors are white, red, black, yellow, and violet. Group 2 colors are blue, orange, green, brown, and slate. There are 5 wires of each color. Every colored wire in group 1 is paired with each color in group 2. For example, you will have the following pairs for the white wires: White with blue White with orange White with green White with brown White with slate |
|
|
Term
|
Definition
A 100 pair cable consists of 100 pairs of copper wires in a single bundle (containing 200 wires). 100 pair wires use the same coloring scheme as 25 pair wires, repeated 4 times. Generally, each bundle of 25 wires is wrapped together with a colored nylon string to help separate wires of the same |
|
|
Term
|
Definition
A 66 block is a punchdown block used for connecting individual copper wires together. The 66 block has 25 rows of four metal pins. Pushing a wire into a pin pierces the plastic sheath on the wire, making contact with the metal pin. There are two different 66 block configurations: With the 25 pair block (also called a nonsplit block), all 4 pins are bonded (electrically connected). Use the 25 pair block to connect a single wire with up to 3 other wires. With the 50 pair block (also called a split block), each set of 2 pins in a row are bonded. Use the 50 pair block to connect a single wire to one other wire. With a 50 pair block, use a bridge clip to connect the left two pins to the right two pins. Adding or removing the bridge clip is an easy way to connect wires within the row for easy testing purposes. 66 blocks are used primarily for telephone applications. When used for data applications: Be sure to purchase 66 blocks rated for Cat5. When inserting wires in the block, place both wires in a pair through the same slot to preserve the twist as much as possible. |
|
|
Term
|
Definition
A 110 block is a punchdown block used for connecting individual wires together. The 110 block comes in various sizes for connecting pairs of wires (for example 50, 100, or 300 pair). The 110 block has rows of plastic slots. Each plastic slot connects two wires together: Place the first wire into the plastic slot on the 110 block. Insert a connecting block over the wire and slot. The connecting block has metal connectors that pierce the plastic cable sheath. Place the second wire into the slot on the connecting block. C4 connectors connect four pairs of wires; C5 connectors connect five pairs of wires. When connecting data wires on a 110 block, you typically connect wires in the following order: White wire with a blue stripe, followed by the solid blue wire. White wire with an orange stripe, followed by the solid orange wire. White wire with a green stripe, followed by the solid green wire. White wire with a brown stripe, followed by the solid brown wire. Use BLOG (BLueOrangeGreen) to remember the wire order, and remember to start with the white striped wire first. 110 blocks can be used for both telephone and data, and are better suited for Cat5 installations. When using 110 blocks for Cat5 wiring, be sure to preserve the twists in each wire pair to within onehalf of an inch of the connecting block. |
|
|
Term
|
Definition
A patch panel is a device that is commonly used to connect individual stranded wires into female RJ45 connectors. For example, you might connect 4 pairs of wires from a punchdown block to a port on the patch panel. On the patch panel, you then connect drop cables (cables with RJ45 connectors) to the patch panel on one end and a computer on the other end. |
|
|
Term
|
Definition
bus topology not suitable for ring or star topologies ends of the cable must be terminated. It is composed of two conductors that share a common axis within a single cable. |
|
|
Term
Coaxial cable is built with the following components |
|
Definition
Two concentric metallic conductors: The inner conductor carries data signals. It is made of copper or copper coated with tin. The mesh conductor is a second physical channel that also grounds the cable. It is made of aluminum or copper coated tin. An insulator that surrounds the inner conductor and keeps the signal separated from the mesh conductor. It is made of PVC plastic. A mesh conductor that surrounds the insulator and grounds the cable. It is made of aluminum or copper coated tin. A cable encasement that surrounds and protects the wire. It is made of PVC plastic. |
|
|
Term
Coaxial cable has the following advantages and disadvantages: |
|
Definition
Advantages Highly resistant to EMI (electromagnetic interference) Highly resistant to physical damage
Disadvantages More expensive than UTP Inflexible construction (more difficult to install) Unsupported by newer networking standards |
|
|
Term
|
Definition
10Base2 Ethernet networking (also called Thinnet) 50 ohms |
|
|
Term
|
Definition
Cable TV and cable networking 75 ohms |
|
|
Term
|
Definition
Cable TV, satellite TV, and cable networking RG6 has less signal loss than RG59 and is a better choice for networking applications, especially when longer distances (over a few feet) are involved. 75 ohms |
|
|
Term
|
Definition
10Base5 Ethernet networking (also called Thicknet) 50 ohms |
|
|
Term
|
Definition
Twisted onto the cable Used to create cable and satellite TV connections Used to connect a cable modem to a broadband cable connection |
|
|
Term
|
Definition
Molded onto the cable Used in 10Base2 Ethernet networks |
|
|
Term
|
Definition
Is a DB15 serial connector Used in 10Base5 Ethernet networks |
|
|
Term
what are the facts components of twisted pair cabling |
|
Definition
Two wires carry data signals (one conductor carries a positive signal; the other carries a negative signal). They are made of 22 or 24 gauge copper wiring. Either PVC or plenum plastic insulation surrounds each wire. Plenum cable is fire resistant and nontoxic; it must be used when wiring above ceiling tiles. PVC cable cannot be used to wire above ceilings, because it is toxic when burned. The two wires are twisted to reduce the effects of electromagnetic interference (EMI) and crosstalk. Because the wires are twisted, EMI affects both wires equally and should be cancelled out. Multiple wire pairs are bundled together in an outer sheath. Twisted pair cable can be classified according to the makeup of the outer sheath, as described: Shielded Twisted Pair (STP) has a grounded outer copper shield around the bundle of twisted pairs or around each pair. This provides added protection against EMI. Unshielded Twisted Pair (UTP) does not have a grounded outer copper shield. UTP cables are easier to work with and are less expensive than shielded cables. |
|
|
Term
|
Definition
RJ11 A phone cable is used to connect a PC to a phone jack in a wall outlet to establish a dialup Internet connection. It has two pairs of twisted cable (a total of 4 wires) |
|
|
Term
|
Definition
RJ45 Cat 3 is designed for use with 10 megabit Ethernet or 16 megabit token ring. |
|
|
Term
|
Definition
RJ45 Cat 5 supports 100 megabit Ethernet and ATM networking. Cat 5 specifications also support gigabit (1000 Mb) Ethernet. |
|
|
Term
|
Definition
RJ45 Cat 5e is similar to Cat 5 but provides better EMI protection. It supports 100 megabit and gigabit Ethernet. |
|
|
Term
|
Definition
RJ45 Cat 6 supports 10 Gbps Ethernet and highbandwidth, broadband communications. Cat 6 cables often include a solid plastic core that keeps the twisted pairs separate and prevents the cable from being bent too tightly. |
|
|
Term
|
Definition
RJ45 Cat 6a is designed to provide better protection against EMI and crosstalk than Cat 6 cabling. Cat 6a provides better performance than Cat 6, especially when used with 10 Gbps Ethernet. |
|
|
Term
|
Definition
Has 4 connectors Supports up to 2 pairs of wires Uses a locking tab to keep the connector secure in an outlet Used primarily for telephone wiring |
|
|
Term
|
Definition
Has 8 connectors Supports up to 4 pairs of wires Uses a locking tab to keep the connector secure in an outlet Used for Ethernet and some token ring connections There is another connector type called RJ48c that is almost identical to RJ45. RJ48c uses the sam |
|
|
Term
|
Definition
is responsible for converting binary data into a format to be sent on the network medium. A transceiver and modem Network adapters are Layer 1 devices because they send and receive signals on the network medium. They are also Layer 2 devices because they must follow the rules for media access, and because they read the physical address in a frame. |
|
|
Term
|
Definition
A transceiver module is used to change the media type of a port on a network device, such as a switch or a router. The following are the most common types of transceiver modules: A GBIC (gigabit interface converter) is a largersized transceiver that fits in a port slot and is used for Gigabit media including copper and fiber optic. An SFP (small formfactor pluggable) is similar to a GBIC but is a smaller size. An SFP is sometimes called a miniGBIC. An XFP transceiver is similar in size to an SFP but is used for 10 Gigabit networking. |
|
|
Term
|
Definition
A media converter is used to connect network adapters that are using different media types. For example, a media converter could be used to connect a server with a fiber optic Ethernet NIC to a copper Ethernet cable. Media converters work at the Physical layer (Layer 1). Media converters do not read or modify the MAC address in any way. Media converters only convert from one media type to another within the same architecture (such as Ethernet). A media converter cannot translate between two different architectures. (This must be done using a bridge or a router. Converting from one architecture to another would require modifying the frame contents to modify the Data Link layer address.) |
|
|
Term
|
Definition
address is a unique identifier burned into the ROM of every Ethernet NIC. The MAC address is a 12digit (48bit) hexadecimal number (each number ranges from 0–9 or A–F). The MAC address is globally unique by design. The first half (first 6 digits) of the MAC address is assigned to each manufacturer. The manufacturer determines the rest of the address, assigning a unique value that identifies the host address. A manufacturer that uses all the addresses in the original assignment can apply for a new MAC address assignment. Devices use the MAC address to send frames to other devices on the same subnet. Some network cards allow you to change the MAC address through jumpers, switches, or software. However, there are few legitimate reasons for doing so. . |
|
|
Term
Address Resolution Protocol (ARP) |
|
Definition
used by hosts to discover the MAC address of a device from its IP address. Before two devices can communicate, they must know the MAC address of the receiving device. If the MAC address isn't known, ARP does the following to find it: 1. The sending device sends out a broadcast frame. The destination MAC address is all Fs (FFFF:FFFF:FFFF). The sending MAC address is its own MAC address. The destination IP address is the known IP address of the destination host. The sending IP address is its own IP address. 2. All hosts on the subnet process the broadcast frame, looking at the destination IP address. 3. If the destination IP address matches its own address, the host responds with a frame that includes its own MAC address as the sending MAC address. 4. The original sender reads the MAC address from the frame and associates the IP address with the MAC address, saving it in its cache. Once the sender knows the MAC address of the receiver, it sends data in frames addressed to the destination device. These frames include a Cyclic Redundancy Check (CRC), which is used to detect frames that have been corrupted during transmission. Hosts use the Reverse Address Resolution Protocol (RARP) to find the IP address of a host with a known MAC address. |
|
|
Term
Electromagnetic interference (EMI) and radio frequency interference (RFI) |
|
Definition
Electromagnetic interference and radio frequency interference are external signals that interfere with normal network communications. Common sources of EMI/RFI include nearby generators, motors (such as elevator motors), radio transmitters, welders, transformers, and fluorescent lighting. To protect against EMI/RFI: Use fiber optic instead of copper cables. Fiber optic cables are immune to EMI/RFI. Use shielded twisted pair cables. Shielded cables have a metal foil that encloses all of the wires. Some cables might also include a drain wire (a bare wire in the cable that absorbs EMI/RFI). Avoid installing cables near EMI/RFI sources. |
|
|
Term
|
Definition
Crosstalk is interference that is caused by signals within the twisted pairs of wires. For example, current flow on one wire causing a current flow on an adjacent wire. The twisting of wires into pairs helps reduce crosstalk between wires. Each pair of wires is twisted at a different rate to reduce crosstalk between pairs. Crosstalk is often introduced within connectors, where the twists are removed to add the connector. Crosstalk can also occur where wires are crushed or where the plastic coating is worn. There are several forms of crosstalk Near end crosstalk Far end crosstalk Alien crosstalk |
|
|
Term
|
Definition
(NEXT) is measured on the same end as the transmitter. For example, when a signal is sent on one wire, near end crosstalk measures the interference on an adjacent wire at the same connector end |
|
|
Term
|
Definition
is measured on the opposite end from the transmitter. For example, when a signal is sent on one wire, far end crosstalk measures the interference on an adjacent wire at the opposite connector end. |
|
|
Term
|
Definition
is introduced from adjacent, parallel cables. For example, a signal sent on one wire causes interference on a wire that is within a separate twisted pair cable bundle |
|
|
Term
|
Definition
is the loss of signal strength from one end of a cable to the other. This is also known as dB loss. The longer the cable, the more attenuation. For this reason, it is important never to exceed the maximum cable length defined by the networking architecture. Cables at a higher temperature experience more attenuation than cables at a lower temperature. A repeater regenerates the signal and removes the effects of attenuation |
|
|
Term
Open impedance mismatch (echo) |
|
Definition
is the measure of resistance within the transmission medium. Impedance is measured in ohms (Ω). All cables must have the same impedance rating. The impedance rating for the cable must match the impedance of the transmitting device. Impedance is mostly a factor in coaxial cables used for networking. Be sure to choose cable with the correct rating (50 or 75 ohm) based on the network type. Never mix cables with different ratings. When signals move from a cable with one impedance rating to a cable with another rating, some of the signal is reflected back to the transmitter, distorting the signal. With video (cable TV), impedance mismatch is manifested as ghosting of the image. Cable distance does not affect the impedance of the cable |
|
|
Term
|
Definition
An electrical short occurs when electrical signals take a path other than the intended path. In the case of twisted pair wiring, a short means that a signal sent on one wire arrives on a different wire. Shorts occur when two wires touch; this can be caused by worn wire jackets, crushed wires, or a metal object piercing two or more wires |
|
|
Term
|
Definition
An open circuit is when a cut in the wire prevents the original signal from reaching the end of the wire. An open circuit is different from a short in that the signal stops (electricity cannot flow because the path is disconnected). |
|
|
Term
|
Definition
A miswired cable is caused by incorrect wire positions on both connectors. reverse connection Wiremapping A split pair |
|
|
Term
|
Definition
n is when a cable is wired using one standard on one end and another standard on the other end, creating a crossover cable. While this condition might be intentional, it can cause problems when a crossover cable is used instead of a straightthrough cable |
|
|
Term
|
Definition
refers to the matching of a wire with a pin on one end with the same pin on the other end. For example, an error in the wiremapping results when the wire at pin 1 connects to pin 4 |
|
|
Term
|
Definition
condition is when a single wire in two different pairs is reversed at both ends. For example, if instead of the solid green wire, the solid brown wire is matched with the green/white wire in pins 1 and 2. With a split pair configuration, the cable might still work (especially if it is short), but it could introduce crosstalk. When the 568A/B standards for making drop cables are followed, one pair is split to meet the standards. In this case, a common split pair error is simply placing all wire pairs in order in the connector instead of splitting the pair according to the standard. When connecting cables using a punchdown block, pairs are not split. |
|
|
Term
Incorrect termination or bad connector |
|
Definition
occurs when an incompatible or incorrect connector is used. This can result in reduced performance or complete connection loss. s a damaged connector that is causing connectivity issues. For example, a broken locking tab on an RJ45 connector can cause intermittent connection problems. |
|
|
Term
Troubleshooting fiber optic wiring Connectors |
|
Definition
For light to pass through a fiber optic connector, the fiber within the jack must line up perfectly with the fiber in the connector. Using the wrong connector will result in misaligned fibers, disrupting the light signal, even if the connector is successfully locked into the jack Dirty connectors can also impede or disrupt the light signal, so it's important that they are kept clean. Several cleaning methods can be used with fiber optic connectors: For connectors where the ferrule protrudes out of the connector, such as the FC connector, you can wipe the end of the ferrule with a lintfree cloth that has a small amount of denatured alcohol applied. Immediately wipe the ferrule dry with a dry, lintfree cloth. For fiber optic connectors where the end of the ferrule is less accessible, you must use a specialized cleaning tool. Some cleaning tools allow you to plug in the fiber optic cable and then clean it by pumping the tool's handle. To clean the jacks on fiber optic network interfaces, you can purchase a specialized fiber optic cleaning stick to remove foreign material. |
|
|
Term
|
Definition
The better the polish on the connector, the better the light will pass through without reflection. |
|
|
Term
|
Definition
Whenever a connector is installed on the end of fiber optic cable, a degree of signal loss occurs |
|
|
Term
|
Definition
Physical Contact (PC) polishing is usually used with single mode fiber. The ends of the fiber are polished with a slight curvature so that when the cable end is inserted into the connector, only the cores of the fiber actually touch each other. Super Physical Contact (SPC) and Ultra Physical Contact (UPC) polishing uses a higher grade of polish and has more of a curvature than PC polishing, further reducing ORL reflections. Angled Physical Contact (APC) polishing is used to reduce back reflection as much as possible. An APC connector has an 8degree angle cut into the ferrule, which prevents reflected light from traveling back down the fiber. Any reflected light is bounced out into the cable cladding instead. You can only use anglepolished connectors with other anglepolished connectors. Using an anglepolished connector with a nonanglepolished connector causes excessive insertion loss. |
|
|
Term
|
Definition
Fiber optic cabling is much less forgiving of physical abuse than copper wiring. The fiber core is fragile and can be easily damaged by rough handling. For example, bending a fiber cable at too tight of a radius will break the core. Wavelength mismatch will cause serious issues with fiber optic cables. You cannot mix and match different types of cable. For example, if you connect single mode fiber to multimode fiber, you will introduce a catastrophic signal loss of up to 99%. Even connecting cables of the same type that have different core diameters can cause a loss of up to 50% of the signal strength. |
|
|
Term
|
Definition
Many network switches and routers allow you to insert a gigabit interface converter (GBIC) in an empty slot to convert the interface from copper wiring to fiber optic. Other devices use a small formfactor pluggable (SFP) module to accomplish the same goal. Several issues that can occur when using fiber optic media adapters: Some GBIC/SFP modules use multimode fiber, while others use single mode. Make sure that you use the correct type of fiber optic cable and connector required by the specific adapter. Media adapter modules malfunction on occasion. If you have lost connectivity on one of these links, ensure the adapter module is working correctly |
|
|
Term
|
Definition
Light signals being transmitted through a fiber optic cable experience attenuation as they pass through the cable. Several factors contribute to signal loss: Cable length Connectors Splices You can use these factors to calculate how much signal loss (measured in dB) you should reasonably expect in a given run of fiber optic cabling. Signal loss is calculated by summing the average loss of all the components used in the cable run to generate an 5/5/2016 TestOut LabSim http://cdn.testout.com/clientv5110337/startlabsim.html?culture=enus 2/2 Attenuation estimate of the total attenuation that will be experienced endtoend. This estimate is called a loss budget. When calculating a loss budget for a segment of fiber optic cable, use the following guidelines: Connectors: 0.3 dB loss each Splices: 0.3 dB loss each Multimode cabling: 1–3 dB loss per 1000 meters, depending on the thickness and quality of the cable. Single mode cabling: 0.4–0.5 dB loss per 1000 meters, depending on the thickness and quality of the cable. The total attenuation should be no more than 3 dB less than the total power at the transmission source. This is called the link loss margin. For example, if the total power output at the transmission source of a cable run is 15 dB, then the total attenuation over the cable run should not exceed 12 dB. This ensures that the cable will continue to function as its components (e.g., LED light transmitters and connectors) degrade with age and use. |
|
|
Term
|
Definition
A loopback plug reflects a signal from the transmit port on a device to the receive port on the same device. Use the loopback plug to verify that a device can both send and receive signals. |
|
|
Term
|
Definition
is a special loopback plug installed at the demarcation point for a WAN service. Technicians at the central office can send diagnostic commands to the smart jack to test connectivity between the central office and the demarc. |
|
|
Term
|
Definition
) verifies that the cable can carry a signal from one end to the other and that all wires are in the correct positions. Higherend cable testers can check for various miswire conditions (wire mapping, reversals, split pairs, shorts, or open circuits). You can use a cable tester to quickly tell the difference between a crossover and a straightthrough cable. Most testers have a single unit that tests both ends of the cable at once. Many testers come with a second unit that can be plugged into one end of a long cable run to test the entire cable |
|
|
Term
Timedomain reflectometer (TDR) and Optical timedomain reflector (OTDR) |
|
Definition
A timedomain reflectometer is a special device that sends electrical pulses on a wire in order to discover information about the cable. The TDR measures impedance discontinuities (i.e., the echo received on the same wire in response to a signal on the wire). The results of this test can be used to identify several variables: Estimated wire length Cable impedance The location of splices and connectors on the wire The location of shorts and open circuits An optical timedomain reflector performs the same function as a TDR but is used for fiber optic cables. An OTDR sends light pulses into the fiber cable and measures the light that is scattered or reflected back to the device. The information is then used to identify specifics about the cable: The location of a break Estimated cable length Signal attenuation (loss) over the length of the cable |
|
|
Term
|
Definition
A toner probe is composed of two devices that are used together to trace the end of a wire from a known endpoint to the termination point in the wiring closet |
|
|
Term
|
Definition
keeps track of voltage conditions on a power line. Basic recorders simply keep track of the occurrence of undervoltage or overvoltage conditions, while more advanced devices track conditions over time and create a graph, saving data from a program running on a computer. |
|
|
Term
|
Definition
r does what its name implies—it monitors the environmental conditions of a specific area or device |
|
|
Term
|
Definition
bus star ring star star mesh |
|
|
Term
Devices use the following process to send data: |
|
Definition
Because all devices have equal access (multiple access) to the transmission media, a device listens to the transmission medium to determine if it is free before sending data (carrier sense). If it is not free, the device waits a random amount of time and listens again to the transmission medium. If it is free, the device transmits its message. If two devices transmit at the same time, a collision occurs. The sending devices detect the collision (collision detection) and send a jam signal to notify all other hosts that a collision has occurred. Both devices wait a random length of time before attempting to resend the original message (backoff). |
|
|
Term
|
Definition
Devices with collision detection turned on operate Collision detection is turned on. The device can send or receive in only one direction at a time. Devices connected to a hub must use halfduplex communication. Up to the rated bandwidth (10 Mbps for 10BaseT, 100 Mbps for 100BaseT, etc.) |
|
|
Term
|
Definition
Collision detection is turned off. The device can send and receive at the same time. Requires fullduplex capable NICs. Requires switches with dedicated switch ports (a single device per port). Double the rated bandwidth (20 Mbps for 10BaseT, 200 Mbps for 100BaseT, etc.) |
|
|
Term
|
Definition
The preamble is a set of alternating ones and zeros terminated by two ones (11) that mark it as a frame. The destination address identifies the receiving host's MAC address. The source address identifies the sending host's MAC address. The data is the information that needs to be transmitted from one host to the other. Optional bits to pad the frame. Ethernet frames are sized between 64 and 1518 bytes. If the frame is smaller than 64 bytes, the sending NIC places "junk" data in the pad to make it the required minimum of 64 bytes. The cyclic redundancy check (CRC) is the result of a mathematical calculation performed on the frame. The CRC 5/5/2016 TestOut LabSim http://cdn.testout.com/clientv5110337/startlabsim.html?culture=enus 2/2 helps verify that the frame contents have arrived uncorrupted. |
|
|
Term
|
Definition
e TVs, kitchen appliances, environmental controls, and industrial equipment is commonplace in the modern networking environment hey aren't designed to be customized or directly configured by system administrators. |
|
|
Term
Supervisory Control and Data Acquisition (SCADA) and 2 important functions |
|
Definition
which are used to manage automated factory equipment
Supervisory control is used to remotely control equipment over a network connection. Data acquisition is used to gather information from the remote equipment, allowing you to monitor its status. |
|
|
Term
Distributed Control System (DCS), which is typically implemente |
|
Definition
A central supervisory computer that communicates with and sends control commands to connected SCADA devices. Remote terminal units (RTUs) implemented within the SCADA devices being controlled. RTUs connect the equipment to the network, converting digital data from the network into signals the equipment can process, and vice versa. This enables the equipment to receive commands from the supervisory system and to send status information back. Most RTUs use wireless communications and are better suited for large geographical areas. Programmable logic controllers (PLCs) perform a function similar to RTUs (connecting SCADA equipment to the network). Most PLCs use a physical connection and are better suited for small plants or factories. A network link is used to connect the supervisory computer to the RTUs or PLCs. This can be done using an Internet connection, a satellite link, a private WAN link, or even a modem connection using a telephone line. |
|
|
Term
|
Definition
Bridges and switches build a list of Layer 2 MAC addresses, with the port used to reach each device. Bridges and switches automatically learn about devices to build the forwarding database, but a network administrator can also program the device database manually. When a frame arrives on a switch port (also called an interface), the switch examines the source and destination address in the frame header and uses the information to complete the following tasks: The switch examines the source MAC address of the frame and notes which switch port the frame arrived on. 2. The switch examines the destination MAC address of the frame. |
|
|
Term
destination MAC address of the frame |
|
Definition
A broadcast address, then the switch sends a copy of the frame to all connected devices on all ports. This is called flooding the frame. A unicast address, but no mapping exists in the CAM table for the destination address, the switch floods the frame to all ports. The connected device that the frame is addressed to will accept and process the frame. All other devices will drop the frame. A unicast address and mapping exists in the CAM table for the destination address, the switch sends the frame to the switch port specified in the CAM table. This is called forwarding the frame. A unicast address and mapping exists in the CAM table for the destination address, but the destination device is connected to the same port from which the frame was received, the switch ignores the frame and does not forward it. This is called filtering the frame |
|
|
Term
|
Definition
Not in the switch's Content Addressable Memory (CAM) table, a new entry is added to the table that maps the source device's MAC address to the port on which the frame was received. Over time, the switch builds a map of the devices that are connected to specific switch ports. Already mapped to the port on which the frame was received, no changes are made to the switch's CAM table. Already in the switch's CAM table, but the frame was received on a different switch port, the switch updates the record in the CAM table with the new port. |
|
|
Term
|
Definition
The switch has multiple interface modes, depending on the physical (or logical) interface type. For this course, you should be familiar with the following switch interface modes: Ethernet (10 Mbps Ethernet) FastEthernet (100 Mbps Ethernet) GigabitEthernet (1 GB Ethernet) VLAN The VLAN interface configuration mode is used to configure the switch IP address, and for other management functions. It is a logical management interface configuration mode, rather than the physical interface configuration modes used for the FastEthernet and GigabitEthernet ports. Switch(configif)# |
|
|
Term
|
Definition
Details of the configvlan mode include the following: It can be used to perform all VLAN configuration tasks. Changes take place immediately. Do not confuse the configvlan mode with the VLAN interface configuration mode. Switch(configvlan)# |
|
|
Term
|
Definition
Details of the VLAN configuration mode include the following: It allows you to configure a subset of VLAN features. Changes do not take effect until you save them, either before or while exiting the configuration mode. Changes are not stored in the regular switch configuration file. For most modern Cisco switches, it is recommended that you configure VLAN parameters from configvlan mode, as VLAN configuration mode is being deprecated (phased out). Switch(vlan)# |
|
|
Term
|
Definition
Use this mode to configure parameters for the terminal line, such as the console, Telnet, and SSH lines.
Switch(configline)# |
|
|
Term
Moves to interface configuration mode |
|
Definition
switch(config)#interface FastEthernet 0/14 switch(config)#interface GigabitEthernet 0/1 |
|
|
Term
Moves to configuration mode for a range of interfaces |
|
Definition
switch(config)#interface range fastethernet 0/14 24 switch(config)#interface range gigabitethernet 0/1 4 switch(config)#interface range fa 0/1 4 , 7 10 switch(config)#interface range fa 0/8 9 , gi 0/1 2 |
|
|
Term
Sets the port speed on the interface |
|
Definition
switch(configif)#speed 10 switch(configif)#speed 100 switch(configif)#speed 1000 switch(configif)#speed auto |
|
|
Term
Sets the duplex mode on the interface |
|
Definition
switch(configif)#duplex half switch(configif)#duplex full switch(configif)#duplex auto |
|
|
Term
Enables or disables the interface |
|
Definition
switch(configif)#no shutdown switch(configif)#shutdown |
|
|
Term
Shows the interface status of all ports |
|
Definition
switch#show interface status |
|
|
Term
Shows the line and protocol status of all ports |
|
Definition
switch#show ip interface brief |
|
|
Term
|
Definition
All switch ports are enabled (no shutdown) by default. Port numbering on some switches begins at 1, not 0. For example, FastEthernet 0/1 is the first FastEthernet port on a switch. Through autonegotiation, the 10/100/1000 ports configure themselves to operate at the speed of attached devices. Some switches always use the storeandforward switching method. If the speed and duplex settings are set to auto, the switch will use autoMDIX to sense the cable type (crossover or straightthrough) connected to the port and will automatically adapt itself to the cable type used , the link speed and duplex configurations for Ethernet interfaces in Cisco devices are set using IEEE 802.3u autonegotiation The interface will attempt to sense the link speed, if possible. If it cannot, the slowest link speed supported on the interface is used (usually 10 Mbps). If the link speed selected is 10 Mbps or 100 Mbps, halfduplex is used. If it is 1000 Mbps, fullduplex is used |
|
|
Term
storage area network (SAN), |
|
Definition
multiple servers are configured to share a common storage device. The following are facts about SANs: A SAN uses a dedicated network. SAN servers have multiple network adapters installed: At least one interface is connected to the standard production network. An additional network interface is connected to the SAN, which connects the server to the shared storage. The SAN is dedicated solely to transferring data between the SAN servers and the shared storage device. There are two commonly used SAN technologies: Fibre Channel (FC) is the most expensive type of SAN, but it provides the best performance. iSCSI is a much less expensive type of SAN, but it doesn't provide the same performance as FC. SAN storage devices are called targets. The serve they are commonly deployed in a clustered configuration. All of the cluster data exists on the shared storage, so there's no need to replicate data between servers. To users on the network, the cluster appears as a single file server. If one of the servers in the cluster goes down, the other devices immediately take over and continue to provide access to the files on the shared storage device. Clustered SAN servers can be configured to load balance |
|
|
Term
|
Definition
A switched FC SAN uses fiber optic cabling, network adapters, and switches to build the SAN fabric. To build an FC SAN, you need to: Install a FC adapter in each server. Deploy a FC switch. Connect each server to the FC switch using the appropriate fiber optic cabling. Deploy a shared storage device. Typically, this is an external RAID device containing multiple hard disk drives. The array enclosure has an FC network adapter to connect it to the FC switch using the appropriate fiber optic cabling. When physically configured, FC uses SCSI protocols to access and manage the shared storage: The storage devices on the FC target appear to the operating system on the initiators to be locally attached SCSI hard disks. The initiators send SCSI commands over the SAN fabric to manage the remote storage on the target. FC supports multiple initiators. Each server in the SAN fabric is an initiator and can send disk I/O SCSI commands to the shared storage device |
|
|
Term
|
Definition
iSCSI is a network protocol that encapsulates SCSI commands within IP packets and transmits them over a standard Ethernet network. It is much less expensive to implement iSCSI, because it uses standard Ethernet hardware to create the SAN fabric. To create an iSCSI SAN, you need to implement a: Dedicated Ethernet cabling (fiber optic or UTP). Dedicated Ethernet switch. Dedicated Ethernet NIC in each server. Storage array with an Ethernet interface. As a best practice, you should implement a dedicated Ethernet network infrastructure (cabling, switches, and NICs) that allows only iSCSI SAN traffic. When physically configured, iSCSI uses SCSI protocols to access and manage the shared storage: The iSCSI initiator connects to and communicates with iSCSI targets. The iSCSI initiator sends SCSI commands within IP packets to the iSCSI target over the network. The iSCSI target redirects the SCSI commands to its locally attached storage devices. The storage devices on the remote iSCSI target appear to the operating system on the iSCSI initiator as locally attached hard disks. iSCSI uses port 3260 by default |
|
|
Term
SCSI and FC, you should be aware of several factors that may influence your decision |
|
Definition
iSCSI is less expensive and easier to implement than FC. FC requires specialized hardware and knowledge, while iSCSI can be implemented using standard Ethernet hardware and TCP/IP. iSCSI is not as fast as FC. Using Gigabit Ethernet hardware, an iSCSI implementation can approximate the speed of the slowest FC SAN. 5/6/2016 TestOut LabSim http://cdn.testout.com/clientv5110337/startlabsim.html?culture=enus 2/2 FC has a distance limitation of 10km. With iSCSI, IP packets can be routed over many networks, accommodating longer distances. However, performance will be impacted, as routing iSCSI packets between networks introduces latency. Both iSCSI and FC provide security features that that can be used to authenticate connections and encrypt data transmissions. |
|
|
Term
NetworkAttached Storage (NAS |
|
Definition
) is a selfcontained storage appliance designed to allow clients to store and share files over the network. It can also be used for backups and media streaming.�A NAS device is essentially a pared down file server that has been optimized to store files for network users ppliance connects to the network switch by using a wired or wireless network interface. Because it is optimized to provide network storage can usually provide better performance than a standard file serve e is also usually less expensive to implement than a SAN storage solution, but it can't provide the same level of performance |
|
|
Term
NAS device typically consists of |
|
Definition
A RAID array with terabytes of storage space. A motherboard with a processor and memory. One or more NICs. A minimal network operating system |
|
|
Term
|
Definition
After a NAS device is configured on a network, it appears to other network hosts as a file server with shared folders. NAS devices use standard network protocols to provide read and write access to files on the device, including: Server Message Block (SMB) Common Internet File System (CIFS) Network File System (NFS) Apple Filing Protocol (AFP) |
|
|
Term
|
Definition
A NAS appliance provides a webbased interface that is used to configure its settings, such as its IP address, subnet mask, security settings, shared folders, and so on. |
|
|
Term
|
Definition
NAS appliances can be integrated into your existing network environment. For example, they can usually be joined to an Active Directory domain. This allows you to use your existing domain user accounts to authenticate to the device and to control access to its stored data. |
|
|
Term
|
Definition
Higher end NAS devices usually provide fault tolerance through clustering. Multiple NAS devices are grouped together in a cluster and all of the data is replicated between the devices. To users on the network, the cluster appears as a single file server. If one of the devices in the cluster goes down, the other devices immediately take over and continue providing access to the files. This is called a failover, and it usually takes only a second or two to complete. |
|
|
Term
|
Definition
Clustered NAS systems can be configured to load balance. If the storage provided by a NAS cluster is heavily accessed by network users, a bottleneck might be created, degrading performance. Using a load balancing cluster, the network load can be divided up and distributed between multiple devices in the cluster. This can dramatically speed up performance of the storage system. |
|
|
Term
connecting Ethernet device |
|
Definition
t is important that the transmit (Tx) wires from one device are matched with the receive (Rx) wires on the other device. To help understand how to connect devices together, be aware of the following: Network interface cards in workstations and routers send data on the transmit pins and expect to receive data on the receive pins. Crossing is automatically performed within a hub or the switch between ports used for connecting devices to the hub or a switch. Uplink ports on hubs and switches are not crossed. |
|
|
Term
|
Definition
A straightthrough cable connects each wire to the same pin on each connector (pin 1 to pin 1, pin 2 to pin 2, etc.). A straightthrough cable is used when the crossover is performed with a hub or a switch. Use a straightthrough cable when connecting the following devices: Workstation to a regular port on a hub or switch Router to a regular port on a hub or a switch Regular port on a hub or switch to an uplink port on a hub or a switch cable is used from the hub or switch in the wiring closet to the wall plate in an office, and another straightthrough cable is used between the wall plate and the workstation. Crossing is performed at the hub or the switch, not at any of the cables connecting the workstation to the hub or switch. To tell the difference between a crossover and a straightthrough cable, place the connectors sidebyside facing the same direction. If the wires are in the same order on both connectors, the cable is a straightthrough cable. If the wires are in a different order, the cable is a crossover cable. |
|
|
Term
|
Definition
cable matches the transmit (Tx) wires on one connector with the receive (Rx) wires on the other connector. A crossover cable is used when crossing is not performed automatically, or when crossover is being performed twice. Use a crossover cable when connecting the following devices: Workstation to a workstation, router to a router, or workstation to a router (in a backtoback configuration) Uplink port on a hub or a switch to an uplink port on a hub or a switch Workstation or a router to the uplink port on a hub or a switch Hub or switch using a regular port to a hub or a switch using the regular port when connecting two like devices; use a straightthrough cable when connecting different devices or port types. If crossover is not performed by either device, use a crossover cable to connect the devices. If crossover is performed by both devices, use a crossover cable to perform the crossing three times. If crossover is performed by one device, use a straight through cable. s often have a different jacket color (such as red). However, you cannot rely only on the cable color to tell the difference between a crossover and a straightthrough cable. |
|
|
Term
|
Definition
is a cable with an RJ45 connector on one end and an RS232 (serial) connector on the other end. Use a rollover cable to connect the serial port on a workstation to the console connector on a router or switch. Then run a terminal emulation program on the workstation to connect to the console of the router or switch to perform configuration and management tasks. A rollover cable might also have an RJ45 connector on both ends, requiring an adapter to convert from the RJ45 connector to the serial cable. When terminated with an RJ45 connector on both ends, the wires within the connectors are rolled over to the opposite connector as follows: Pin 1 is connected to pin 8 Pin 2 is connected to pin 7 Pin 3 is connected to pin 6 Pin 4 is connected to pin 5 |
|
|
Term
connecting Ethernet device |
|
Definition
t is important that the transmit (Tx) wires from one device are matched with the receive (Rx) wires on the other device. To help understand how to connect devices together, be aware of the following: Network interface cards in workstations and routers send data on the transmit pins and expect to receive data on the receive pins. Crossing is automatically performed within a hub or the switch between ports used for connecting devices to the hub or a switch. Uplink ports on hubs and switches are not crossed. |
|
|
Term
|
Definition
A straightthrough cable connects each wire to the same pin on each connector (pin 1 to pin 1, pin 2 to pin 2, etc.). A straightthrough cable is used when the crossover is performed with a hub or a switch. Use a straightthrough cable when connecting the following devices: Workstation to a regular port on a hub or switch Router to a regular port on a hub or a switch Regular port on a hub or switch to an uplink port on a hub or a switch cable is used from the hub or switch in the wiring closet to the wall plate in an office, and another straightthrough cable is used between the wall plate and the workstation. Crossing is performed at the hub or the switch, not at any of the cables connecting the workstation to the hub or switch. To tell the difference between a crossover and a straightthrough cable, place the connectors sidebyside facing the same direction. If the wires are in the same order on both connectors, the cable is a straightthrough cable. If the wires are in a different order, the cable is a crossover cable. |
|
|
Term
|
Definition
cable matches the transmit (Tx) wires on one connector with the receive (Rx) wires on the other connector. A crossover cable is used when crossing is not performed automatically, or when crossover is being performed twice. Use a crossover cable when connecting the following devices: Workstation to a workstation, router to a router, or workstation to a router (in a backtoback configuration) Uplink port on a hub or a switch to an uplink port on a hub or a switch Workstation or a router to the uplink port on a hub or a switch Hub or switch using a regular port to a hub or a switch using the regular port when connecting two like devices; use a straightthrough cable when connecting different devices or port types. If crossover is not performed by either device, use a crossover cable to connect the devices. If crossover is performed by both devices, use a crossover cable to perform the crossing three times. If crossover is performed by one device, use a straight through cable. |
|
|
Term
|
Definition
is a cable with an RJ45 connector on one end and an RS232 (serial) connector on the other end. Use a rollover cable to connect the serial port on a workstation to the console connector on a router or switch. Then run a terminal emulation program on the workstation to connect to the console of the router or switch to perform configuration and management tasks. A rollover cable might also have an RJ45 connector on both ends, requiring an adapter to convert from the RJ45 connector to the serial cable. When terminated with an RJ45 connector on both ends, the wires within the connectors are rolled over to the opposite connector as follows: Pin 1 is connected to pin 8 Pin 2 is connected to pin 7 Pin 3 is connected to pin 6 Pin 4 is connected to pin 5 |
|
|
Term
|
Definition
Physical machine (also known as the host operating system) has the actual hardware in place on the machine (hard disk drive(s), optical drive, RAM, motherboard).
Hypervisor A hypervisor is thin layer of software that resides between the virtual operating system(s) and the hardware. A hypervisor allows virtual machines to interact with the hardware without going through the host operating system. A hypervisor also manages access to the following system resources: CPU Storage RAM There are several different types of hypervisor software. VMware Workstation and ESX (made by VMware) HyperV (made by Microsoft) XEN (open source)
Virtual machineis a software implementation of a computer that executes programs like a physical machine. The virtual machine appears to be a selfcontained and autonomous system.
Virtual hard disk (VHD) virtual hard disk is a file created within the host operating system that simulates a hard disk for the virtual machine |
|
|
Term
Types of virtualization include the following: |
|
Definition
Full In full virtualization, the virtual machine completely simulates a real physical host. This allows most operating systems and applications to run within the virtual machine without being modified in any way. Partial In partial virtualization, only some of the components of the virtual machine are virtualized. The guest operating systems use some virtual components and some real physical hardware components in the actual device where the hypervisor is running. Operating systems or applications must be modified before they can run in a partial virtualization environment. Paravirtualization In paravirtualization, the hardware is not virtualized. All of the guest operating systems running on the hypervisor directly access various hardware resources in the physical device; components are not virtual. The guest operating systems run in isolated domains on the same physical hardware. Operating systems or applications must be modified before they can run in a paravirtualization environment. |
|
|
Term
Network Address Translation (NAT) |
|
Definition
allows you to connect a private network to the Internet without obtaining registered addresses for every host. Private addresses are translated to the public address of the NAT router: Hosts on the private network share the IP address of the NAT router or a pool of addresses assigned for the network The NAT router maps port numbers to private IP addresses. Responses to Internet requests include the port number appended by the NAT router. This allows the NAT router to forward responses back to the correct private host. Technically speaking, NAT translates one address to another. Port address translation (PAT) associates a port number with the translated address. With only NAT, you would need a public address for each private host. NAT associates a single public address with a single private address. PAT allows multiple private hosts to share a single public address. Each private host is associated with a unique port number on the NAT router. Because virtually all NAT routers perform PAT, you are normally using PAT and not just NAT when you use a NAT router. (NAT is usually synonymous with PAT.) NAT supports a limit of 5,000 concurrent connections. NAT provides some security for the private network, because it translates or hides private addresses. A NAT router can act as a limitedfunction DHCP server, assigning addresses to private hosts. A NAT router can forward DNS requests to the Internet. The following are three types of NAT implementation |
|
|
Term
|
Definition
Dynamic NAT automatically maps internal IP addresses with a dynamic port assignment. On the NAT device, the internal device is identified by the public IP address and the dynamic port number. Dynamic NAT allows internal (private) hosts to contact external (public) hosts, but not vice versa—external hosts cannot initiate communications with internal hosts. This implementation is also sometimes called ManytoOne NAT, because many internal private IP address are mapped to one public IP address on the NAT router |
|
|
Term
|
Definition
maps a single private IP address to a single public IP address on the NAT router. Static NAT is used to take a server on the private network (such as a web server) and make it available on the Internet. Using a static mapping allows external hosts to contact internal hosts—external hosts contact the internal server using the public IP address and the static port. This implementation is called OnetoOne NAT, because one private IP address is mapped to one public IP address. One commonly used implementation of static NAT is called port forwarding. Port forwarding allows incoming traffic addressed to a specific port to move through the firewall and be transparently forwarded to a specific host on the private network. Inbound requests are addressed to the port used by the internal service on the router's public IP address (such as port 80 for a web server). This is often called the public port. Port forwarding associates the inbound port number with the IP address and port of a host on the private network. This port is often called the private port. Based on the public port number, incoming traffic is redirected to the private IP address and port of the destination host on the internal network. |
|
|
Term
|
Definition
Dynamic and Static NAT, where two IP addresses are given to the public NAT interface (one for dynamic NAT and one for static NAT), allows traffic to flow in both directions |
|
|
Term
Routing Information Protocol (RIP) |
|
Definition
RIP is a distance vector routing protocol used for routing within an autonomous system (i.e., an IGP). RIP uses hop count as the metric. RIP networks are limited in size to a maximum of 15 hops between any two networks. A network with a hop count of 16 indicates an unreachable network. RIP v1 is a classful protocol; RIP v2 is a classless protocol. RIP is best suited for small private networks. |
|
|
Term
Enhanced Interior Gateway Routing Protocol (EIGRP) |
|
Definition
EIGRP is a hybrid routing protocol developed by Cisco for routing within an AS. EIGRP uses a composite number for the metric, which indicates bandwidth and delay for a link. The higher the bandwidth, the lower the metric. EIGRP is a classless protocol. EIGRP is best suited for medium to large private networks. |
|
|
Term
Open Shortest Path First (OSPF) |
|
Definition
OSPF is a linkstate routing protocol used for routing within an AS. OSPF uses relative link cost for the metric. OSPF is a classless protocol. OSPF divides a large network into areas. Each autonomous system requires an area 0 that identifies the network backbone. All areas are connected to area 0, either directly or indirectly through another area. Routes between areas must pass through area 0. Internal routers share routes within an area; area border routers share routes between areas; autonomous system boundary routers share routes outside of the AS. A router is the boundary between one area and another area. OSPF is best suited for large private networks |
|
|
Term
Intermediate System to Intermediate System (ISIS) |
|
Definition
ISIS is a linkstate routing protocol used for routing within an AS. ISIS uses relative link cost for the metric. ISIS is a classless protocol. The original ISIS protocol was not used for routing IP packets; use Integrated ISIS to include IP routing support. ISIS divides a large network into areas. There is no area 0 requirement, and ISIS provides greater flexibility than OSPF for creating and connecting areas. L1 routers share routes within an area; L2 routers share routes between areas; an L1/L2 router can share routes with both L1 and L2 routers. A network link is the boundary between one area and another area. ISIS is best suited for large private networks; it supports larger networks than OSPF. ISIS is typically used within an ISP and easily supports IPv6 routing. |
|
|
Term
Border Gateway Protocol (BGP) |
|
Definition
BGP is an advanced distance vector protocol (also called a path vector protocol). BGP is an exterior gateway protocol (EGP) used for routing between autonomous systems. BGP uses paths, rules, and policies instead of a metric for making routing decisions. BGP is a classless protocol. Internal BGP (iBGP) is used within an autonomous system; External BGP (eBGP) is used between autonomous systems. BGP is the protocol used on the Internet; ISPs use BGP to identify routes between autonomous systems. Very large networks can use BGP internally, but typically share routes on the Internet only if the AS has two (or more) connections to the Internet through different ISPs. |
|
|
Term
commonly used methods for optimizing network routing include |
|
Definition
Administrative distance values Route summarization Redundant default gateway routers |
|
|
Term
|
Definition
is a number assigned to a source of routing information (such as a static route or a specific routing protocol). The router uses this value to select the source of information to use when multiple routes to a destination exist. A smaller number indicates a more trusted route. T |
|
|
Term
router uses the following criteria |
|
Definition
can use multiple routing protocols to learn about routes to other network 1. If a router has learned of two routes to a single network through different routing protocols (such as RIP and OSPF), it will choose the route with the lowest administrative distance (OSPF in this example). 2. If a router has learned of two routes through the same protocol (e.g., two routes through EIGRP), the router will choose the route that has the best cost as defined by the routing metric (for EIGRP, the link with the highest bandwidth and least delay will be used). |
|
|
Term
|
Definition
groups contiguous networks that use the same routing path, advertising a single route as the destination for the grouped subnets. Keep in mind that summarization: Reduces the size of the routing table. A single route to the summarized network takes the place of multiple routes to individual subnets. Speeds convergence. The accessibility of each subnet address is indicated by the accessibility of the summarized address. Retains all necessary routing information, so all networks are still reachable after summarization |
|
|
Term
Route summarization Can happen in one of two ways: |
|
Definition
Automatic With automatic summarization, the router identifies adjacent networks and calculates the summarized route. Autosummarization is supported on classless and classful routing protocols. Autosummarization uses the default class boundary to summarize routes. RIP (version 1 and version 2) and EIGRP support autosummarization; OSPF does not. For RIPv2 and EIGRP, you can disable automatic summarization. Manual With manual summarization, an administrator identifies the summarized route to advertis |
|
|
Term
|
Definition
With virtual servers, multiple instances of a server operating system are run on a single physical computer. You can migrate servers on older hardware to newer computers or add virtual servers to computers with extra unused hardware resources. |
|
|
Term
|
Definition
strategies include: Making multiple desktops available on the same local workstation host. This implementation is very useful when testing an application on multiple platforms. Implementing multiple desktops on one physical server host and allowing all end users to access those virtual desktops remotely. All of the user desktops are provided as virtual machines from this one hypervisor server. The user des |
|
|
Term
|
Definition
allow virtual servers and desktops to communicate with each other. Using the host operating system, virtual networks can allow communication to network devices out on the physical network. The following are possible components of virtual networks: Virtual switches allow multiple virtual servers and desktops to communicate on virtual network segments and the physical network. Virtual switches are often configured in the hypervisor. Virtual network adapters are created and assigned to a desktop or server in the hypervisor. Multiple network adapters can be assigned to a single virtual machine. Each network adapter has its own MAC address. Each network adapter is configured to connect to only one network at a time (i.e., a virtual network or the physical network, but not both). |
|
|
Term
|
Definition
s allow you to move businesscritical networking and other ITrelated components to another physical location. This implementation requires minimal hardware at the physical site. Examples of offsite virtual networks include: An offsite datacenter, where a contracted vendor manages the hardware and software to provide the virtual network that is accessed by the end users A virtual PBX, where a virtual phone system handles call routing, voicemail, and conference calling. A PBX is typically implemented as dedicated hardware within an organization and can be quite expensive. A virtual PBX takes calls internally at the service provider's site and routes them to the correct employee on the contracted site |
|
|
Term
Network as a Service (NaaS) |
|
Definition
s similar to the offsite virtual network, in that all of the servers and desktops are virtualized and managed by a contracted third party. NaaS virtualizes the entire network infrastructure. No physical wiring is needed, because the network infrastructure is virtual, and the network is run at the service provider's site. A basic network is implemented on the contracted site in order to get out to the service provider's site. Typically, all administration tasks of the network are handled by the service provider. |
|
|
Term
Virtual network interfaces |
|
Definition
Within each virtual machine, you can configure one or more virtual network interfaces, which function in much the same manner as physical network interfaces. Virtual interfaces use Ethernet standards to transmit and receive frames on the network. The operating system within the virtual machine must have the appropriate driver installed to support the virtual network interface, just as with a physical network interface. When you configure a virtual network interface within a virtual machine's configuration, you can specify: The type of physical network interface to emulate. This allows for the best possible driver support by the operating system within the virtual machine. A MAC address. Most hypervisors automatically assign a MAC address to each virtual network interface. However, some hypervisors allow you to use a custom MAC address, if needed. The network to connect to. Most hypervisors allow you to define many different virtual networks. When you configure a virtual network interface, you will select which virtual network you want it to be connected to. |
|
|
Term
|
Definition
A virtual switch allows one virtual machine to communicate with another in much the same way that a physical switch allows physical hosts to communicate with each other. Virtual switches are typically implemented in two ways: As software that is integrated within the hypervisor. This is sometimes called softwaredefined networking (SDN). Within the firmware of the hypervisor hardware. A virtual switch functions in the same manner as a physical switch. After initially coming online, a virtual switch floods each frame it receives until it builds a table that identifies which MAC addresses are connected to each port. When the table is done, the switch can intelligently forward frames to the port where the destination host is connected |
|
|
Term
|
Definition
Most virtual switch implementations support VLANs. You can define VLANs within the virtual switch and associate specific hosts with a specific VLAN. However, because virtual hosts are not physically connected to the switch with cables, VLAN membership is defined within the configuration of each virtual machine. The VLAN configuration of most virtual switches is compatible with the VLAN configuration used by most hardware switches. This allows VLAN information to be trunked from the virtual switch to switches on the physical network, enabling a VLAN to span both physical and virtual networks. |
|
|
Term
|
Definition
You can use virtualization technology to create virtual routers. To do this, a router must support Virtual Routing and Forwarding (VRF) technology. VRF allows a router to host multiple routing tables simultaneously. A physical router can support only a single network on each router interface. However, a virtual router can support multiple networks on each router interface. A different routing table is used for each network. This is useful in situations where multiple virtual networks exist on the same physical network. As with physical routers, a routing protocol is used by the virtual router to route data between networks. |
|
|
Term
|
Definition
Virtualized hosts are susceptible to the same network exploits as physical network hosts and need to be protected by a firewall. Protecting communications between virtual hosts is challenging because the data never leaves the virtual network, so it can't be protected with a physical firewall. One strategy for protecting virtual machines with a firewall is to route virtual machinetovirtual machine traffic out of the virtual network and onto the physical network, where a physical firewall can be used to filter the traffic. A better strategy is to implement a virtual firewall within the hypervisor itself to monitor and filter traffic on the virtual network as it flows between virtual machines. |
|
|
Term
|
Definition
occurs when you configure VLANs that span multiple switches . In this example, each switch has two VLANs configured, with one port on each VLAN. Workstations in VLAN 1 can only communicate with other workstations in VLAN 1. This means that workstations connected to the same switch in this example cannot communicate directly with each other. Communications between workstations within each VLAN must pass through the trunk link to the other switch. Access ports are connected to endpoint devices (such as workstations), while trunk ports are connected to other switches. An access port can be a member of only a single VLAN. Trunk ports are members of all VLANs on the switch by default. Any port on a switch can be configured as a trunk port. By default, trunk ports carry traffic for all VLANs between switches. However, you can reconfigure a trunk port so that it carries only specific VLANs on the trunk link. |
|
|
Term
what happens when trunking is used |
|
Definition
frames that are sent over a trunk port are tagged with the VLAN ID number so the receiving switch knows which VLAN the frame belongs to. In VLAN tagging: Tags are appended by the first switch in the path and removed by the last. Only VLANcapable devices understand the frame tag. Tags must be removed before a frame is forwarded to a nonVLAN capable device. |
|
|
Term
trunking protocol defines |
|
Definition
the process that switches use to tag frames with a VLAN ID. One widely implemented trunking protocol is the IEEE 802.1Q standard, which supports a wide range of switches from many device manufacturers. 802.1Q supports VLAN numbers 1 through 4094. |
|
|
Term
|
Definition
frames from the default VLAN are not tagged, but frames from all other VLANs are tagged. For example, suppose VLAN 1 is the default VLAN on a switch (the default setting on most Cisco switches). In this configuration, any frame on VLAN 1 that is placed on a trunk link will not be assigned a VLAN tag. If a switch receives a frame on a trunk port that doesn't have a VLAN tag, the frame is automatically put onto VLAN 1. When using switches from multiple vendors in the same network, be sure that each device supports the 802.1Q standard. |
|
|
Term
VLAN Trunking Protocol (VTP) |
|
Definition
simplifies VLAN configuration on a multiswitch network by propagating configuration changes between switches. For VTP to work, the switches must be connected by trunk links. |
|
|
Term
VTP, server mode switches are configured in one server mode |
|
Definition
e is used to modify the VLAN configuration. The switch then advertises VTP information to other switches in the network |
|
|
Term
VTP, server mode switches are configured in one client mode |
|
Definition
e receives changes from a VTP server switch and passes that information on to other switches. Changes cannot be made to the local VLAN configuration on a client switch. |
|
|
Term
VTP, server mode switches are configured in one transparent mod |
|
Definition
e allows for local configuration of VLAN information, but it does not update its configuration with information from other switches. Likewise, local VLAN information is not advertised to other switches. However, VTP information received on the network is passed on to other switches. use transparent mode. |
|
|
Term
Enables trunking on the interface |
|
Definition
Switch(configif)#switchport mode trunk |
|
|
Term
Configures an interface as an access port, which disables trunking on the interface (if it was previously configured) |
|
Definition
Switch(configif)#switchport mode access |
|
|
Term
Sets the trunking protocol to 802.1Q |
|
Definition
Switch(configif)#switchport trunk encapsulation dot1q |
|
|
Term
Allows the trunking protocol to be negotiated between switches |
|
Definition
Switch(configif)#switchport trunk encapsulation negotiate |
|
|
Term
Configures the VLAN that sends and receives untagged traffic on the trunk port when the interface is in 802.1Q trunking mode |
|
Definition
Switch(configif)#switchport trunk native vlan [vlan_id] |
|
|
Term
Defines which VLANs are allowed to communicate over the trunk |
|
Definition
Switch(configif)#switchport trunk allowed vlan all Switch(configif)#switchport trunk allowed vlan add [vlan_id] |
|
|
Term
Removes a VLAN from a trunk link |
|
Definition
Switch(configif)#switchport access vlan [number] |
|
|
Term
Shows interface trunking information with the following: Mode Encapsulation Trunking status VLAN assignments |
|
Definition
Switch#show interface trunk Switch#show interface fa0/1 trunk |
|
|
Term
SW1 and SW2, are connected through their respective Gi0/1 interfaces. The following commands configure a trunk link between the switches |
|
Definition
SW1>ena SW1#conf t SW1(config)#int gi 0/1 SW1(configif)#switchport mode trunk SW2>ena SW2#conf t SW2(config)#int gi 0/1 SW2(configif)#switchport mode trunk |
|
|
Term
tools you can use to check the health of your network Logs |
|
Definition
Logs contain a record of events that have occurred on a system. Logging capabilities are built into operating systems, services, and applications. Log entries are generated in response to changes in configuration, system state, or network conditions. By default, some logging is enabled and performed automatically. To gather additional information, you can usually enable more extensive logging. Many systems have logs for different purposes, such as a system log for operating system entries, a security log for security related entries, and an application log (also called a performance log) for events related to specific services and processes, such as connections from a web server. Logging requires system resources (processor, memory, and disk). You should only enable additional logging based on information you want to gather, and you should disable logging after you obtain the information you need. Logs must be analyzed to be useful; only by looking at the logs will you be able to discover problems. Depending on the log type, additional tools might be available to analyze logs for patterns. syslog is a standard for managing and sending log messages from one computer system to another. syslog can analyze messages and notify administrators of problems or performance. |
|
|
Term
The following table lists some tools you can use to check the health of your network: Load tester |
|
Definition
r simulates a load on a server or service. For example, the load tester might simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email. Use a load tester to make sure that a system has sufficient capacity for expected loads. It can even estimate failure points where the load is more than the system can handle. |
|
|
Term
The following table lists some tools you can use to check the health of your network: Throughput tester |
|
Definition
measures the amount of data that can be transferred through a network or processed by a device (such as the amount of data that can be retrieved from a disk in a specific period of time). On a network, a throughput tester sends a specific amount of data through the network and measures the time it takes to transfer that data, creating a measurement of the actual bandwidth. Use a throughput tester to validate the bandwidth on your network and to identify when the bandwidth is significantly below what it should be. A throughput tester can help you identify when a network is slow, but will not give you sufficient information to identify why it is slow. |
|
|
Term
The following table lists some tools you can use to check the health of your network: Packet sniffer |
|
Definition
A packet snifer is special software that captures (records) frames that are transmitted on the network. Use a packet sniffer to: Identify the types of traffic on a network. View the exchange of packets between communicating devices. For example, you can capture frames related to DNS and view the exact exchange of packets for a specific name resolution request. Analyze packets sent to and from a specific device. View packet contents. A packet sniffer is typically run on one device with the intent of capturing frames for all other devices on a subnet. Using a packet sniffer in this way requires the following configuration changes: By default, a NIC will only accept frames addressed to itself. To enable the packet sniffer to capture frames sent to other devices, configure the NIC in promiscuous mode (sometimes called pmode). In pmode, the NIC will process every frame it sees. When using a switch, the switch will forward packets only to the switch port that holds a destination device. When your packet sniffer is connected to a switch port, it will not see traffic sent to other switch ports. To configure the switch to send all frames to the packet sniffing device, configure port mirroring on the switch; all frames sent to all other switch ports will be forwarded on the mirrored port. If the packet sniffer is connected to a hub, it will already see all frames sent to any device on the hub. |
|
|
Term
The following table lists some tools you can use to check the health of your network: Protocol Analyzer |
|
Definition
special type of packet sniffer that captures transmitted frames. A protocol analyzer is a passive device in that it copies frames and allows you to view frame contents but does not allow you to capture, modify, and retransmit frames (activities that are used to perform an attack). Use a protocol analyzer to: Check for specific protocols on the network, such as SMTP, DNS, POP3, and ICMP. Find devices that might be using restricted protocols (such as ICMP) or legacy protocols (for example IPX/SPX or NetBIOS) Analyze traffic that might be sent by attackers Identify frames that might cause errors. Determine which flags are set in a TCP handshake 5/12/2016 TestOut LabSim http://cdn.testout.com/clientv5110341/startlabsim.html?culture=enus 2/2 Protocol Analyzer Detect many malformed or fragmented packets Examine the data contained within a packet. Identify users that are connecting to unauthorized websites Discover cleartext passwords allowed by protocols or services Identify unencrypted traffic that includes sensitive data Troubleshoot communication problems or investigate the source of heavy network traffic. A protocol analyzer shows the traffic that exists on the network and the source and destination of that traffic. It does not tell you if the destination ports on a device are open unless you see traffic originating from that port. For example, seeing traffic addressed to port 80 of a device does not automatically mean the firewall on that device is open or that the device is responding to traffic directed to that port. When using a protocol analyzer, you can filter the frames so that you see only the frames with information of interest. Filters can be configured to show only frames or packets to or from specific addresses, or frames that include specific protocol types. A capture filter captures only the frames identified by the filter. Frames not matching the filter criteria will not be captured. A display filter shows only the frames that match the filter criteria. Frames not matching the filter criteria are still captured, but are not shown. The results of a capture can be saved in order to analyze frames at a later time or on a different device. |
|
|
Term
|
Definition
most routers and switches send logging messages to a logging process. Many servers, especially Linux or UNIX servers, do this as well example *Aug 8 11:18:12.081: %LINEPROTO5UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down |
|
|
Term
|
Definition
This facility is used by all services associated with system security or authorization |
|
|
Term
|
Definition
This facility accepts log messages from the cron and at services, which are used to automatically run tasks on the system. |
|
|
Term
|
Definition
This facility is used by system services (called daemons) that do not have their own dedicated facility. |
|
|
Term
|
Definition
This facility is used for all Linux kernel log messages. |
|
|
Term
|
Definition
This facility handles messages from the printing subsystem |
|
|
Term
|
Definition
This facility is used for log messages from the mail MTA service running on the system. |
|
|
Term
|
Definition
This facility is used for internal messages from the syslog service itself. |
|
|
Term
|
Definition
This facility is used for userrelated log messages (such as failed login attempts). |
|
|
Term
|
Definition
These facilities can be used to capture log messages from your own applications that you develop. |
|
|
Term
|
Definition
7 (Debug): Debug information 6 (Information): Informational messages 5 (Notice): Issues of concern that do not represent a problem 4 (Warning): Issues that, if not addressed, could become a problem. 3 (Error): Nonurgent errors that need to be addressed when possible. 2 (Critical): Serious errors in secondary subsystem that should be addressed immediately. 1 (Alert): Serious errors in primary subsystem that should be addressed immediately. 0 (Emergency): Errors that will cause the system to become unusable. |
|
|
Term
|
Definition
Provides a mnemonic to help the administrator quickly identify the nature of the message. In this example: UPDOWN: |
|
|
Term
|
Definition
Provides a description of the event. In this example: Line protocol on Interface FastEthernet0/0, changed state to down |
|
|
Term
Cisco devices key things to know about Cisco syslog |
|
Definition
it is impractical to visit each device to view log messages. Instead, you can configure your to redirect logging to a syslog server somewhere in the network. By doing this, all log messages from all devices can be consolidated and viewed from a single location. |
|
|
Term
Enables the message logging process. |
|
Definition
|
|
Term
Specifies the host IP address or hostname of the syslog server that will receive the messages |
|
Definition
(config)#logging host [address] (config)#logging host [hostname] |
|
|
Term
Specifies that the messages are to be buffered. |
|
Definition
|
|
Term
Specifies which messages will be redirected to the syslog server based on severity. Messages at or numerically lower than the specified level are logged. System logging message severity levels includ |
|
Definition
{Emergencies | 0} System unusable {Alerts | 1} Immediate action needed {Critical | 2} Critical conditions {Errors | 3} Error conditions {Warnings | 4} Warning conditions {Notifications | 5} Normal but significant conditions {Informational | 6} Informational messages only {Debugging | 7} Debugging messages (config)#logging trap [severitylevel] (config)#logging trap [07] |
|
|
Term
|
Definition
command will send level 0 to level 6 system messages to the syslog server. On some servers and IOS versions, the device also buffers the messages |
|
|
Term
Specifies the source IP address of system logging packets |
|
Definition
(config)#logging sourceinterface [type] [number] |
|
|
Term
Displays logging settings on the device, as well as the number of messages logged. |
|
Definition
|
|
Term
example, the router is configured to redirect log messages with a severity level of 4 and lower to a syslog server with an IP address of 17.17.8.200 |
|
Definition
Router(config)#logging on Router(config)#logging host 172.17.8.200 Router(config)#logging trap 4 |
|
|
Term
Log redirection can be accomplished on Linux (and UNIX) servers and workstations in the network as well. To do this, you must complete the following tasks |
|
Definition
. Open /etc/syslog.conf in a text editor. 2. Add the following line to the beginning of the file: *.* @IP_address_of_loghost. For example, to redirect all messages to a log server host with an IP address of 192.168.1.10, you would enter *.* @192.168.1.10. 3. Save the file and exit your edito. 4. Restart the syslogd daemon. |
|
|
Term
To configure a Linux or UNIX system to function as a syslog server that accepts log messages from other devices, you must do the following: |
|
Definition
1. In a text editor, open /etc/sysconfig/syslog. 2. Locate to the SYSLOGD_PARAMS directive and set it to a value of –r. 3. Save the changes and exit the file. 4. Restart the syslogd daemon |
|
|
Term
Simple Network Management Protocol (SNMP) |
|
Definition
is designed for managing complex networks. SNMP lets network hosts exchange configuration and status information. This information can be gathered by management software and used to monitor and manage the network. |
|
|
Term
SNMP uses the following components: Manager |
|
Definition
is the computer used to perform management tasks. The manager queries agents and gathers responses by sending messages |
|
|
Term
SNMP uses the following components: Agent |
|
Definition
is a software process that runs on managed network devices. The agent communicates information to the manager and can send dynamic messages to the manager. |
|
|
Term
SNMP uses the following components: Management Information Base (MIB) |
|
Definition
is a database of host configuration information. Agents report data to the MIB, and the manager can then view information by requesting data from the MIB. Object identifiers (OIDs) specify managed objects in a MIB hierarchy |
|
|
Term
SNMP uses the following components: Trap |
|
Definition
is an event configured on an agent. When the event occurs, the agent logs details regarding the event. |
|
|
Term
SNMP uses the following components: Get |
|
Definition
is a message sent from a management system, requesting information about a specific OID |
|
|
Term
SNMP uses the following components: Walk |
|
Definition
uses GETNEXT messages to navigate the structure of an MIB. |
|
|
Term
SNMP uses the following components: Alert |
|
Definition
can be configured so that when an event occurs (e.g., a trap), a message will be sent via email or SMS (text message |
|
|
Term
|
Definition
Agents and the manager are configured to communicate with each other using identifies a group of devices under the same administrative control is not a password but simply a value configured on each device. Devices with different community names are unable to send SNMP messages to each other. |
|
|
Term
ireless network design process is composed of the following steps Gather network requirements |
|
Definition
Meet with all stakeholders and decision makers to discuss the implementations and gather detailed information. For example, you should: Identify the intended use of the wireless network. Identify the location of wireless service areas. Anticipate the number of wireless devices to be supported in each area. Discuss future network needs so that you can plan for expansion. Discuss data encryption and network security requirements. |
|
|
Term
Clearly identify expectations |
|
Definition
Expectations should be clearly set and managed to ensure that the network design will fulfill the criteria identified in the previous step. Continue to meet with all stakeholders regularly throughout the process to communicate status, discuss anticipated changes, and review expectations. Document all discussions and decisions. |
|
|
Term
Identify key design considerations |
|
Definition
Create an initial design document by laying out the network on paper. Identify key wireless network design considerations, such as: Environmental conditions. Physical RF obstructions that could disrupt a wireless radio signal. Dynamic RF obstructions that are transient in nature. Future construction that could disrupt an RF signal. Sources of RF interference, both internal and external. The availability of mounting points for networking hardware, such as poles, suspended tile ceilings, and so on. Estimated bandwidth utilization requirements. Zoning and permitting requirements. This is usually only required for outdoor deployments. Check your local laws for specific requirements. Later, you will conduct a site survey to validate the initial design. |
|
|
Term
Conduct initial RF modeling and mapping |
|
Definition
Map and model the initial RF design on paper by doing the following: Compile all available asset information. This includes existing mounting locations, network media, and network hardware. Create an initial RF model. RF modeling is the process of identifying initial access point locations, assigning frequencies, and planning power levels. |
|
|
Term
|
Definition
ou need to understand the network's bandwidth requirements. To do this, identify the following: The amount of bandwidth required in various locations. The number of clients that will utilize this network. This is referred to as the device density. The frequency that will be used. |
|
|
Term
Received Signal Strength Indicator (RSSI) |
|
Definition
You can measure the strength of the signal at a given distance from the access point by using is measured as a negative number; a smaller value indicates a stronger signal |
|
|
Term
|
Definition
Your initial network design may not be accurate due to environment or other conditions that you can't account for on paper. To determine what these conditions are, you need to conduct a site survey. Visit each location where an access point will be installed, determine what the RF environment looks like, and then set up a temporary wireless network in the location to see how the radio signal behaves. There are several things you should do: Inspect each mounting location identified in your initial design and ensure it is a viable location for an access point. Document structural or environmental concerns that may disrupt the RF signal from the access point. Verify that the access point can reach the wireless controller from the location. For a wired backhaul, you must be able to run a wire to the controller. For a wireless backhaul, the access point's wireless signal must be able to reach either the controller itself or another access point that can relay it to the controller. Assess the availability of power to and grounding for the access point. Log the location's GPS coordinates. Use digital photos to document the location and its surrounding environment. |
|
|
Term
Wireless Site Survey Site survey test equipment |
|
Definition
You should bring access points to each location to test the signal quality and to identify the node density required in each area. Your site survey kit should include: Two access points. Two laptops with a network performance measurement utility, such as Iperf, installed so you can evaluate the network throughput available at each location. A tall ladder so you can test each AP at height or close to height. During the site survey, you will not physically install each access point. Instead, use a ladder to approximate the AP's final mounting location for testing. In outdoor deployments, you may need to use a bucket truck instead of a ladder to do this. 2way radios to communicate with your assistants. A spectrum analyzer. |
|
|
Term
Wireless Site Survey Testing procedure |
|
Definition
The site survey test procedure involves the following tasks: Mount Align Test Move Test Perform a spectrum analysis |
|
|
Term
Wireless Site Survey Goodput |
|
Definition
refers to the number of useful bits delivered from the sender to the receiver over the wireless network connection within a specified amount of time. Errors due to lost, corrupt, or dropped packets require retransmission and reduce the goodput of the connection. |
|
|
Term
Wireless Site Survey Spectrum analysis and channel plan |
|
Definition
During the survey, you should use a spectrum analyzer at different times of day to check channel utilization and to identify sources of RF inference at each location where you plan to deploy an access point. You can use freeware tools such as NetStumbler or Kismet to create a snapshot of wireless spectrum usage by nearby home and business networks, along with their proximity to your network. When you perform your spectrum analysis, you should record: The number of other APs in the area. Channel utilization in the 2.4 and 5.x GHz bands to aid in channel planning. When running your spectrum analysis, you should gather data at the height where: The AP will be installed. User devices will be located. A spectrum analyzer can determine the noise floor in the desired frequency range, allowing you to select the best available wireless channel. To do this, identify the: Received Signal Level (RSL), which identifies how strong the radio signal is at the receiver. The closer you are to the transmitter, the stronger the RSL. The farther away you are, the lower the RSL. Signal to Noise Ratio (SNR), which compares the level of the wireless network signal (RSL) to the level of background noise (measured in decibels). An SNR higher than 1:1 indicates more signal than noise, which is desirable. The farther a receiver is from a transmitter, the lower the RSL and the SNR. If the RSL falls below the noise floor, connectivity is lost. Using the spectrum analyzer data, develop a channel plan that will work in your environment. Be sure to identify all of the frequencies that will be used. |
|
|
Term
Wireless Site Survey Site survey report |
|
Definition
Once the site survey is completed, you should create a site survey report containing: A physical network diagram, including each access point, controller, and the media that connects them. An RF model that includes a frequency/channel plan. The spectrum analysis results. A logical network diagram containing SSIDs, IP addressing, and VLAN information. Photographs and diagrams of each access point mounting site. A list of structural modifications required to build the network. A list of alternate mounting locations (if necessary). A list of equipment that must be purchased. A cost estimate for equipment and labor |
|
|
Term
Wireless Site Survey Core network planning |
|
Definition
Plan out the core network. You should identify the: IP addressing scheme. VLAN configuration. Avoid a VLAN configuration that has a large number of wireless clients in the same VLAN, because it will likely result in an excessive amount of broadcast traffic. To remedy this, you can Create multiple, smaller VLANs. This will reduce broadcast traffic, but it will also require additional routers to route traffic between VLANs. Implement VLAN pooling. In this configuration, each wireless client is randomly assigned a VLAN from a pool of VLANs on the same SSID. This strategy automatically partitions a single broadcast domain into multiple VLANs. Use this information to create a logical network diagram that can be used during the actual deployment of the wireless network. |
|
|
Term
Wireless Site Survey Node density and spacing |
|
Definition
Using the network diagram you have created, identify: How many wireless controllers are needed. How many access points are needed. What media needs to be implemented. Use this information to generate an equipment list. If you think spare devices will be needed, account for them in the list. |
|
|
Term
Moblie Device Management Request Process |
|
Definition
Mobile devices will usually contain confidential information, thereby creating a security risk for an organization. To control the risk, an organization should control who is issued a device and what information is put on the device |
|
|
Term
Moblie Device Management Asset tracking and inventory control |
|
Definition
Because mobile devices are not tied to a physical location, asset tracking and inventory control are very important. At a minimum, you should track the following for each device owned by your organization: The make and model number of the device The device serial number The operating system version number The date the device was purchased and the vendor it was purchased from The endofwarranty date for the device The vendor providing support for the device The employee to whom the device has been issued There are many mobile endpoint management solutions that can be implemented to automate asset tracking and inventory control processes. Most of these solutions can also use the following technologies to track the physical location of your mobile devices: The Global Position System (GPS) can track the location of GPSenabled devices to within a meter. WiFi triangulation can track the location of devices in heavilypopulated urban areas to within a few meters, depending upon the number of networks in range and the accuracy of their signal strength data. Cell phone tower triangulation can track the location of devices to within a kilometer, depending upon the signal strength and number of cell towers within range. IP address resolution is much less accurate than the other options, tracking the location of devices to within roughly 20 kilometers |
|
|
Term
Moblie Device Management Acceptable use |
|
Definition
The acceptable use policy should define personal use and afterhours use. Irresponsible, illegal, or malicious use of the device could leave an organization liable for damages if such use is not prohibited by a policy. |
|
|
Term
Moblie Device Management Authentication |
|
Definition
All devices should be accessible only after a password, PIN, or gesture has been supplied by the user. |
|
|
Term
Moblie Device Management Unused features |
|
Definition
Just as with a desktop or server system, you should disable or uninstall unused features on mobile devices. Unused features or services can expose threat vectors into the device |
|
|
Term
Moblie Device Management Storage segmentation |
|
Definition
Consider segmenting personal data from organizational data on mobile devices. This storage strategy allows: Encryption to be applied only to sensitive organizational data on the device. Only organizational data to be removed during a remote wipe, preserving personal data. |
|
|
Term
Moblie Device Management Reporting system |
|
Definition
A procedure to immediately report the loss of a device will enable the device to be disabled quickly and reduce the chance of confidential information being compromised. |
|
|
Term
bring your own device (BYOD) Malware propagation If a user's tablet or phone has been infected with malware, then the infection can be spread when they connect their device to your organization's network. |
|
Definition
Consider implementing a network access control (NAC) solution that remediates devices before allowing them to connect to your network. Alternatively, consider implementing a guest wireless network that is isolated from your organization's production network. Userowned devices can connect to this network to gain Internet access but are quarantined from the rest of your organization's production network. |
|
|
Term
bring your own device (BYOD) Loss of control of sensitive data If a user copies sensitive data to their device, your organization could potentially lose control of that information. Even the question of who owns the data after it has been copied to the personal device becomes problematic. Consider the following scenarios: The user may not have implemented appropriate security settings on their device, allowing anyone who gains access to the device to view the sensitive data. The user may lose the device, allowing anyone who finds it to access the sensitive data. The device may become infected with malware, potentially exposing the sensitive data. |
|
Definition
Implement an acceptable use policy that defines what kind of data is allowed on personallyowned devices and what kind of data is prohibited. Information classification labels can be useful when implementing this policy. Consider requiring personal devices to be enrolled into a mobile device management infrastructure, such as Microsoft Intune, to enforce mobile device security policies. |
|
|
Term
bring your own device (BYOD) If a user is so inclined, they could use their mobile device to conduct a malicious insider attack. For example, they could: Use the builtin camera, which nearly all modern mobile devices have, to take pictures of sensitive internal information. Use the builtin microphone to record conversations. Use the builtin video function to record proprietary processes and procedures. Use the device's mobile broadband connection to transfer stolen data to parties outside the organization, bypassing the organization's network security mechanisms. |
|
Definition
Implement an acceptable use policy that: Specifies where and when mobile devices can be possessed within the organization. For example, the possession of mobile devices may be prohibited in high security areas. Notifies users that personallyowned devices are subject to random searches if brought on site. |
|
|
Term
bring your own device (BYOD) Device management If a user brings a personallyowned device on site, then the question of who is responsible for managing the device needs to be clearly identified. Responsibility for the following needs to be defined: Operating system updates App updates Antimalware installation Antimalware definition updates |
|
Definition
Relying on the end user to implement these updates is unwise. Instead, consider implementing a network access control (NAC) solution that remediates devices before allowing them to connect to your network. |
|
|
Term
bring your own device (BYOD) Support If a user brings a personallyowned device on site, then the question of who will provide support for the device and the apps used on the device needs to be clearly identified. Will the organization's help desk provide support, or must the user depend upon support provided by the device manufacturer? |
|
Definition
Implement an acceptable use policy that specifies: Where users can get support for personallyowned mobile devices. Which apps are allowed for use with organizational data. Where users can get support for these apps. |
|
|
Term
intrusion detection system Response capability A passive IDS |
|
Definition
logs, and detects security breaches but takes no action to stop or prevent the attack. A passive IDS: Can send an alert, but it is the network administrator's job to interpret the degree of the threat and to respond accordingly. Might perform shunning, which simply drops offending traffic without additional actions. Cannot be detected on the network because it takes no detectible action |
|
|
Term
intrusion detection system Response capability active IDS |
|
Definition
(also called an intrusion protection system or IPS) performs the functions of an IDS but can also react when security breaches occur. An IPS: Can automate responses, which may include dynamic policy adjustment and reconfiguration of supporting network devices to block the offending traffic. Can terminate sessions by using the TCPRST command. It can also terminate or restart other processes on the system. Performs behaviors that can be seen by anyone watching the network. Usually these actions are necessary to block malicious activities or discover the identity of an intruder. Updating filters and performing reverse lookups are common behaviors of an active IDS. |
|
|
Term
intrusion detection system Detection scope hostbased IDS (HIDS) |
|
Definition
is installed on a single host and monitors all traffic coming into the host. A HIDS: Is used to detect attacks that are unique to the services on the system. It can monitor application activity and modifications, as well as local system files, logon audit files, and kernel audit files. Is typically unaware of other devices on the network, but it can be detected and become the target of an attack itself. May rely on the auditing and logging capabilities of the operating system. Can analyze encrypted traffic (because services running on the host decrypt the traffic). Antivirus software is the most common form of a hostbased IDS. |
|
|
Term
intrusion detection system Detection scope A networkbased IDS (NIDS) |
|
Definition
is a dedicated device installed on the network. It analyzes all traffic on the network. A NIDS is: Typically implemented as part of a firewall device acting as a router. When a NIDS is implemented as a standalone device, all traffic must be directed to the device using one of the following strategies: Connect the IDS and other devices using a hub. The IDS will then see all traffic sent to all devices on the subnet. Connect the IDS to a switch, and enable spanning or diagnostic capabilities on the switch port to forward all traffic to that switch port. Use a tap to connect the IDS directly to the network medium. Mostly unaware of individual hosts on the network. It cannot be detected by attacking systems. Suited for detecting and blocking port scanning and DoS attacks. Unable to analyze encrypted traffic. |
|
|
Term
you can also catch threats to your network by performing regular monitoring with common network tools which are? |
|
Definition
Use a packet sniffer to examine network traffic. Use a port scanner to check for open ports on a system or a firewall. Run security scanning software on each system to detect malware or other security vulnerabilities (such as opened ports, weak passwords, or missing operating system patches) Keep operating systems and applications up to date with the latest patches. Download the most recent signature files to protect against attacks. Monitor system logs for unusual activity that could indicate an attempted (or successful) attack. |
|
|
Term
|
Definition
t is the process of identifying the weaknesses in a system or network. Attackers take advantage of vulnerabilities in order to gain access to information or networks to which they are not authorized. An administrator performs vulnerability assessment in order to plug security holes and provide a more secure network. |
|
|
Term
|
Definition
r is a software program that passively searches an application, computer, or network for weaknesses, such as: Open ports Active IP addresses Running applications or services Missing critical patches Default user accounts that have not been disabled Default or blank passwords Misconfigurations Missing security controls A vulnerability scanner: Should be updated regularly to include the latest known vulnerabilities. Is the least intrusive method to check the environment for known software flaws (port scanners and penetration testers are potentially more intrusive; protocol analyzers cannot check for known software flaws). Can be used to scan again after a security hole has been patched in order to verify that the vulnerability has been removed and the system is secure. There are several security tools that can be used for vulnerability scanning. Nessus is a comprehensive vulnerability assessment tool. Microsoft Baseline Security Analyzer (MBSA) is used to evaluate security vulnerabilities in Microsoft products. Retina Vulnerability Assessment Scanner is used to remotely scan an organization's network for vulnerabilities |
|
|
Term
|
Definition
is a tool that probes systems for open ports. The most common use of a port scanner is to perform a TCP SYN scan. A port scanner performs a twoway handshake (also called a halfopen scan), which does not complete the TCP threeway handshake process (the TCP session is not established). Devices that respond have ports that are in a listening state. The port scan output is a combination of the IP address and port number separated by a colon (e.g., 192.168.0.1:x, where x is the port number) for both the source and the destination of the port scan. Nmap is a common port scanner. |
|
|
Term
|
Definition
is a tool that discovers devices on the network and displays the devices in a graphical representation. Network mappers typically use a ping scan to discover devices and a port scanner to identify open ports on those devices. Many port scanners are technically network mappers. |
|
|
Term
|
Definition
is a tool that performs cryptographic attacks on passwords. Use a password cracker to identify weak passwords and passwords protected with weak encryption. Common password cracking tools include the following: John the Ripper Cain and Abel L0phtcrack (also called LC6) |
|
|
Term
Open Vulnerability and Assessment Language (OVAL) |
|
Definition
nd Assessment Language is an international standard for testing, analyzing, and reporting the security vulnerabilities of a system. OVAL is cosponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. OVAL regulates the proper XML format for describing and documenting system vulnerabilities. Each vulnerability, configuration issue, program, or patch that might be present on a system is called a definition. OVAL repositories are like libraries or databases that contain multiple definitions |
|
|
Term
|
Definition
also called a screened subnet, is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the Internet). Publicly accessible resources (servers) are placed inside the screened subnet. Examples of publicly accessible resources include web, FTP, or email servers. Packet filters on the outer firewall allow traffic directed to the public resources inside the DMZ. Packet filters on the inner firewall prevent unauthorized traffic from reaching the private network. If the firewall managing traffic into the DMZ fails, only the servers in the DMZ are subject to compromise. The LAN is protected by default. When designing the outer firewall packet filters, a common practice is to close all ports and open only those ports necessary for accessing the public resources inside the DMZ. Typically, firewalls allow traffic originating in the secured internal network into the DMZ and through to the Internet. Traffic that originates in the DMZ (low security area) or the Internet (no security area) should not be allowed access to the intranet (high security area). |
|
|
Term
The DMZ is created using the following configurations |
|
Definition
Configure two firewall devices: one connected to the public network and one connected to the private network. Configure a single device with three network cards: one connected to the public network, one connected to the private network, and one connected to the screened subnet. Configure a single device with two network cards: one connected to the public network and another connected to a private subnet containing hosts that are accessible from the private network. Configure proxy ARP so the public interface of the firewall device responds to ARP requests for the public IP address of the device. |
|
|
Term
There are two types of firewalls that you can implemen |
|
Definition
routed firewall, is also a Layer 3 router. In fact, many hardware routers include firewall functionality. Transmitting data through this type of firewall counts as a router hop. A routed firewall usually supports multiple interfaces, each connected to a different network segment. A transparent firewall, also called a virtual firewall, operates at Layer 2 and is not seen as a router hop by connected devices. Both the internal and external interfaces on a transparent firewall connect to the same network segment. Because it is not a router, you can easily introduce a transparent firewall into an existing network |
|
|
Term
access control lists (ACLs) to manage incoming or outgoing traffic. You should be familiar with the following characteristics of an ACL |
|
Definition
ACLs describe the traffic type that will be controlled. ACL entries: Describe traffic characteristics. Identify permitted and denied traffic. Can describe a specific traffic type, or allow or restrict all traffic. When created, an ACL usually contains an implicit deny any entry at the end of the list. Each ACL applies only to a specific protocol. Each router interface can have up to two ACLs for each protocol: one for incoming traffic and one for outgoing traffic. When an ACL is applied to an interface, it identifies whether the list restricts incoming or outgoing traffic. Each ACL can be applied to more than one interface. However, each interface can have only one incoming and one outgoing list. ACLs can be used to log traffic that matches the list statements. Many hardware routers, such as those from Cisco, also provide a packet filtering firewall. These devices are frequently used to fill both network roles (router and firewall) at the same time. |
|
|
Term
When you create an ACL on a Cisco device |
|
Definition
a deny any statement is automatically added at the end of the list (this statement does not appear in the list itself). For a list to allow any traffic, it must have at least one permit statement that either permits a specific traffic type or permits all traffic not specifically restricted. |
|
|
Term
|
Definition
Standard ACLs: Can filter only on source hostname or host IP address. Should be placed as close to the destination as possible. Use the following number ranges: 1–99 1300–1999 |
|
|
Term
|
Definition
Extended ACLs: Can filter by: Source IP protocol (IP, TCP, UDP, etc.) Source hostname or host IP address Source or destination socket number Destination hostname or host IP address Precedence or TOS values Should be placed as close to the source as possible. Use the following number ranges: 100–199 2000–2699 |
|
|
Term
|
Definition
uses switch ports to define a broadcast domain. When you define a VLAN, you assign devices on different switch ports to a separate logical (or virtual) LAN. Although a switch can support multiple VLANs, each switch port can be assigned to only one VLAN at a time |
|
|
Term
what is used to route VLAN traffic |
|
Definition
VLAN IDs: Are appended to the header of each frame. Allow switches to identify which VLAN the frame belongs to. Are used for interswitch traffic. VLAN IDs are only understood by switches. VLAN IDs are added and removed by switches, not the clien |
|
|
Term
Creating VLANs with switches offers many administrative benefits. You can |
|
Definition
Create virtual LANs based on criteria other than physical location (such as workgroup, protocol, or service). Simplify device moves (devices are moved to new VLANs by modifying the port assignment). Control broadcast traffic and create collision domains based on logical criteria. Control security (isolate traffic within a VLAN). Loadbalance network traffic (divide traffic logically rather than physically). VLANs are commonly used with Voice over IP (VoIP) to separate voice traffic from data traffic. Traffic on the voice VLAN can be given a higher priority to ensure timely delivery |
|
|
Term
Authentication to wireless networks Open |
|
Definition
Open authentication requires that clients provide a MAC address in order to connect to the wireless network. You can use open authentication to allow any wireless client to connect to the AP. Open authentication is typically used on public networks. You can implement MAC address filtering to restrict access to the AP to only known (or allowed) MAC addresses. Because MAC addresses are easily spoofed, this provides little practical security. |
|
|
Term
Authentication to wireless networks Shared key |
|
Definition
With shared key authentication, clients and APs are configured with a shared key (called a secret or a passphrase). Only devices with the correct shared key can connect to the wireless network. All APs and all clients use the same authentication key. Use shared key authentication on small, private networks. Shared key authentication is relatively insecure, as hashing methods used to protect the key can be easily broken. |
|
|
Term
Authentication to wireless networks 802.1x |
|
Definition
802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. Originally designed for Ethernet networks, the 802.1x standards have been adapted for use in wireless networks to provide secure authentication. 802.1x authentication requires the following components: A RADIUS server to centralize user account and authentication information. A centralized database for user authentication is required to allow wireless clients to roam between cells but authenticate using the same account information. A PKI for issuing certificates. At a minimum, the RADIUS server must have a server certificate. To support mutual authentication, each client must also have a certificate. Use 802.1x authentication on large, private networks. Users authenticate with unique usernames and passwords. |
|
|
Term
Security for wireless networking is provided from the following standard Wired Equivalent Privacy (WEP) |
|
Definition
WEP is an optional component of the 802.11 specifications that was deployed in 1997. WEP was designed to provide wireless connections with the same security as wired connections. WEP has the following weaknesses: A static preshared key (PSK) is configured on the AP and the client and cannot be dynamically changed or exchanged without administration. As a result, every host on large networks usually uses the same key. Because key values are short and don't change, the key can be captured and easily broken. When using WEP, use open authentication. Shared key authentication with WEP uses the same key for both encryption and authentication, exposing the key to additional attacks. |
|
|
Term
Security for wireless networking is provided from the following standards: WiFi Protected Access (WPA) |
|
Definition
WPA is the implementation name for wireless security based on initial 802.11i drafts that was deployed in 2003. It was intended to be an intermediate measure to take the place of WEP while a fully secured system (802.11i) was prepared. WPA: Uses Temporal Key Integrity Protocol (TKIP) for encryption. Supports both preshared key (WPAPSK or WPA Personal) and 802.1x (WPA Enterprise) authentication. Can use dynamic keys or preshared keys. Can typically be implemented in WEPcapable devices through a software/firmware update. WPA keys can also be predicted by reconstructing the Message Integrity Check (MIC) of an intercepted packet, sending the packet to an AP, and observing whether the packet is accepted by the AP. |
|
|
Term
Security for wireless networking is provided from the following standard WiFi Protected Access 2 (WPA2) or 802.11i |
|
Definition
WPA2 is the implementation name for wireless security that adheres to the 802.11i specifications. It was deployed in 2005. It is built upon the idea of Robust Secure Networks (RSN). Like WPA, it resolves the weaknesses inherent in WEP; it is intended to eventually replace both WEP and WPA. WPA2: Uses Advanced Encryption Standard (AES) as the encryption method. It is similar to (yet more secure than) TKIP but requires special hardware for performing encryption Uses Counter Mode with CBCMAC Protocol (CCMP), also known as AESCCMP. Supports both preshared key (WPA2PSK or WPA2 Personal) and 802.1x (WPA2 Enterprise) authentication. Can use dynamic keys or preshared keys. WPA2 has the same advantages over WEP as WPA. While WPA2 is more secure than WPA, its main disadvantage is that it requires new hardware for implementation. |
|
|
Term
transmitting data on a wireless network security things know |
|
Definition
it's important to know if the channel you are using is encrypted. Information sent on unencrypted channels, where no security is being used, can be easily intercepted and viewed. If needed, IPsec can be used to provide security when sending information on an unencrypted channel. |
|
|
Term
|
Definition
Change the administrator account name and password
Change SSID from default
Update the firmware
Enable the firewall on the AP
Disable DHCP
Enable MAC address filtering
Reduce RF emanations- Signals produced by electronic devices that extend beyond their intended area are called emanation leaks. These leaks can be captured and analyzed by someone with the proper equipment. Emanations are produced by almost all electronic devices and come in several forms: Radio signals from wireless networks Electromagnetic signals from copper network cables and computer monitors Sounds or vibrations from computer equipment or users (e.g., someone typing on a keyboard) For a wireless network, there are several things you can do to contain RF emanations. Select the appropriate antennas for your wireless implementation and ensure that they have proper orientation. Use a directional antenna, which broadcasts the signal in a specific direction, on outside walls to prevent signals from emanating outside the building. In the center of your building, it's probably safe to use an omnidirectional antenna, which disperses the signal in a 360degree pattern. Instead of using a single AP with a highstrength signal, use multiple APs with lowerstrength signals. 5/13/2016 TestOut LabSim http://cdn.testout.com/clientv5110341/startlabsim.html?culture=enus 3/3 Use a wireless analyzer to identify locations of RF emanation leaks. If a leak is found, consider moving the offending AP or reducing its signal strength. If your network handles highly sensitive data, consider implementing TEMPEST methods and standards to shield against emanation leaks |
|
|
Term
|
Definition
are built by Bridges and switches A forwarding database is a list of Layer 2 MAC addresses, with the port used to reach each device. Bridges and switches automatically learn about devices to build the forwarding database, but a network administrator can also program the device database manually. |
|
|
Term
ame arrives on a switch port (also called an interface), the switch examines the source and destination address in the frame header and uses the information to complete the following tasks: |
|
Definition
1. The switch examines the source MAC address of the frame and notes which switch port the frame arrived on. 2. The switch examines the destination MAC address of the frame. |
|
|
Term
the result of The switch examines the source MAC address of the frame and notes which switch port the frame arrived on. |
|
Definition
If the source MAC address is: Not in the switch's Content Addressable Memory (CAM) table, a new entry is added to the table that maps the source device's MAC address to the port on which the frame was received. Over time, the switch builds a map of the devices that are connected to specific switch ports. Already mapped to the port on which the frame was received, no changes are made to the switch's CAM table. Already in the switch's CAM table, but the frame was received on a different switch port, the switch updates the record in the CAM table with the new port. |
|
|
Term
the result of The switch examines the destination MAC address of the frame. |
|
Definition
If the destination MAC address of the frame is: A broadcast address, then the switch sends a copy of the frame to all connected devices on all ports. This is called flooding the frame. A unicast address, but no mapping exists in the CAM table for the destination address, the switch floods the frame to all ports. The connected device that the frame is addressed to will accept and process the frame. All other devices will drop the frame. A unicast address and mapping exists in the CAM table for the destination address, the switch sends the frame to the switch port specified in the CAM table. This is called forwarding the frame. A unicast address and mapping exists in the CAM table for the destination address, but the destination device is connected to the same port from which the frame was received, the switch ignores the frame and does not forward it. This is called filtering the frame. |
|
|
Term
Switch config. Interface Configuration |
|
Definition
The switch has multiple interface modes, depending on the physical (or logical) interface type. For this course, you should be familiar with the following switch interface modes: Ethernet (10 Mbps Ethernet) FastEthernet (100 Mbps Ethernet) GigabitEthernet (1 GB Ethernet) VLAN The VLAN interface configuration mode is used to configure the switch IP address, and for other management functions. It is a logical management interface configuration mode, rather than the physical interface configuration modes used for the FastEthernet and GigabitEthernet ports.
Switch(configif)# |
|
|
Term
Switch config. Configvlan |
|
Definition
Details of the configvlan mode include the following: It can be used to perform all VLAN configuration tasks. Changes take place immediately. Do not confuse the configvlan mode with the VLAN interface configuration mode. Switch(configvlan)# |
|
|
Term
Switch config. VLAN Configuration |
|
Definition
Details of the VLAN configuration mode include the following: It allows you to configure a subset of VLAN features. Changes do not take effect until you save them, either before or while exiting the configuration mode. Changes are not stored in the regular switch configuration file. For most modern Cisco switches, it is recommended that you configure VLAN parameters from configvlan mode, as VLAN configuration mode is being deprecated (phased out). Switch(vlan)# |
|
|
Term
Switch config. Line Configuration |
|
Definition
Use this mode to configure parameters for the terminal line, such as the console, Telnet, and SSH lines. Switch(configline)# |
|
|
Term
Moves to interface configuration mode |
|
Definition
switch(config)#interface FastEthernet 0/14 switch(config)#interface GigabitEthernet 0/1 |
|
|
Term
Moves to configuration mode for a range of interfaces |
|
Definition
switch(config)#interface range fastethernet 0/14 24 switch(config)#interface range gigabitethernet 0/1 4 switch(config)#interface range fa 0/1 4 , 7 10 switch(config)#interface range fa 0/8 - 9 , gi 0/1 - 2 |
|
|
Term
Sets the port speed on the interface |
|
Definition
switch(configif)#speed 10 switch(configif)#speed 100 switch(configif)#speed 1000 switch(configif)#speed auto |
|
|
Term
Sets the duplex mode on the interface |
|
Definition
switch(configif)#duplex half switch(configif)#duplex full switch(configif)#duplex auto |
|
|
Term
Enables or disables the interface |
|
Definition
switch(configif)#no shutdown switch(configif)#shutdown |
|
|
Term
Shows the interface status of all ports |
|
Definition
switch#show interface status |
|
|
Term
Shows the line and protocol status of all ports |
|
Definition
switch#show ip interface brief |
|
|
Term
some facts about switch configuration |
|
Definition
All switch ports are enabled (no shutdown) by default. Port numbering on some switches begins at 1, not 0. For example, FastEthernet 0/1 is the first FastEthernet port on a switch. Through autonegotiation, the 10/100/1000 ports configure themselves to operate at the speed of attached devices. If the attached ports do not support autonegotiation, you can explicitly set the speed and duplex parameters. Some switches always use the storeandforward switching method. On other models, you may be able to configure the switching method. If the speed and duplex settings are set to auto, the switch will use autoMDIX to sense the cable type (crossover or straightthrough) connected to the port and will automatically adapt itself to the cable type used. When you manually configure the speed or duplex setting, it disables autoMDIX, so you need to be sure you use the correct cable. By default, the link speed and duplex configurations for Ethernet interfaces in Cisco devices are set using IEEE 802.3u autonegotiation. The interface negotiates with remote devices to determine the correct settings. However, autonegotiation can be disabled on the Cisco device and other Ethernet network hosts, and static values can be manually assigned. Devices with autonegotiation enabled will try to negotiate link speed and duplexing but will get no response. When autonegotiation fails, Cisco devices that have autonegotiation enabled default to the following: The interface will attempt to sense the link speed, if possible. If it cannot, the slowest link speed supported on the interface is used (usually 10 Mbps). If the link speed selected is 10 Mbps or 100 Mbps, halfduplex is used. If it is 1000 Mbps, fullduplex is used. |
|
|
Term
Switch troubleshooting managing switches Collisions |
|
Definition
A collision occurs when two devices that share the same media segment transmit at the same time. In a switched network, collisions should only occur on ports that have more than one device attached (such as a hub with workstations connected to it). To eliminate collisions, connect only a single device to each switch port. For example, if a hub is connected to a switch port, replace it with another switch. If collisions are still detected, troubleshoot cable and NIC issues. |
|
|
Term
Switch troubleshooting managing switches Duplex mismatch |
|
Definition
A duplex mismatch occurs when two devices are using different duplex settings. In such a case, one device will try to transmit using full duplex, while the other will expect half duplex communications. By default, devices are configured to use autonegotiation to detect the correct duplex setting to use. If a duplex method cannot be agreed upon, devices default to half duplex. A duplex mismatch can occur in the following cases: Both devices are configured to use different duplex settings. Autonegotiation does not work correctly on one device. One device is configured for autonegotiation and the other device is manually configured for full duplex. Symptoms of a duplex mismatch include very slow network communications. Ping tests might appear to complete correctly, but normal communications work well below the expected speeds, even for half duplex communications. |
|
|
Term
Switch troubleshooting managing switches Slow link speed |
|
Definition
Most network components are capable of supporting multiple network specifications. For example, a NIC might support 10BaseT, 100BaseTX, and 1000BaseT. By default, these devices use the maximum speed supported by all devices on the network. Do the following if the speed of a segment is lower than expected (for example, 10 Mbps instead of 100 Mbps, or 100 Mbps instead of 1000 Mbps): Check individual devices to verify that they all support the higher speed. Check individual devices to see if any have been manually configured to use the lower speed. Use a cable certifier to verify that the cables meet the rated speeds. Bad cables are often the cause of 1000BaseT networks operating at only 100BaseTX speeds. |
|
|
Term
Switch troubleshooting managing switches Switching loop |
|
Definition
occurs when there are multiple active paths between two switches. Switching loops lead to incorrect entries in a MAC address table, making a device appear to be connected to the wrong port; this causes unicast traffic to be circulated in a loop between switches. The Spanning Tree Protocol (STP) ensures that only one path between switches is active at any given time. STP is usually enabled by default on switches to prevent switching loops. |
|
|
Term
Switch troubleshooting managing switches Broadcast storm |
|
Definition
is excessive broadcast traffic that renders normal network communications impossible. The following can cause broadcast storms: Switching loops that cause broadcast traffic to be circulated endlessly between switches Denial of Service (DoS) attacks To reduce broadcast storms, do the following: Run STP to prevent switching loops Implement switches with builtin broadcast storm detection, which limits the bandwidth that broadcast traffic can use Use VLANs to create separate broadcast domains on switches |
|
|
Term
Switch troubleshooting managing switches Incorrect VLAN membership |
|
Definition
VLANs create logical groupings of computers based on switch port. Because devices on one VLAN cannot communicate directly with devices in other VLANs, incorrectly assigning a port to a VLAN can prevent a device from communicating through the switch. VLAN membership is defined by switch port, not by MAC address. Connecting a device to a different switch port could change the VLAN membership of the device. On the switch, verify that ports are assigned to the correct VLANs and that any unused VLANs are removed from the switch. |
|
|
Term
Switch troubleshooting managing switches Frame errors |
|
Definition
The switch examines incoming frames and will only forward frames that are complete and correctly formed; invalid frames are simply dropped. Most switches include logging capabilities to track the number of corrupt or malformed frames. The following are common causes of frame errors: Frames that are too long are typically caused by a faulty network card that jabbers (constantly sends garbage data). Frames that are too short are typically caused by collisions. CRC errors indicate that a frame has been corrupted in transit. All types of frame errors can be caused by faulty cables or physical layer devices. |
|
|
Term
Network optimization has two main goals: |
|
Definition
Provide redundancy of services or devices so that network access can continue in the event of a failure of one or more components. Redundancy to provide access is often called fault tolerance. High availability is when a network or a service is up and accessible most of the time. Uptime is the percent of time the network or service is up and accessible. 2. Improve the response and performance of network services or devices. |
|
|
Term
|
Definition
g (also called NIC teaming), two or more physical connections to the same network are logically grouped (or bonded). Data is divided and sent on multiple interfaces, effectively increasing the speed at which the device can send and receive on the network. On an Ethernet network, a device must have multiple NICs connected to different switch ports. The host operating system must be configured to bond the network adapters into a single entity. The switch ports must be bonded together to recognize both ports as a valid destination for the same device. Bonding primarily provides increased performance, although some fault tolerance is provided if one NIC goes down. Similar solutions allow you to bond multiple dialup connections or ISDN channels together. |
|
|
Term
|
Definition
is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol (STP) runs on each switch and is used to select a single path between any two switches. Without STP, switches that are connected together with multiple links would form a switching loop. Spanning tree provides only a single active path between switches. Switch ports that are part of that path are placed in a forwarding state. Switch ports that are part of redundant but unused paths are placed in a blocking (nonforwarding) state. When an active path goes down, STP automatically recovers and activates the necessary backup ports to provide continued connection between devices. Spanning tree provides fault tolerance in case a switch port or network segment is broken, but it does not provide increased performance (only one path is active at a time). |
|
|
Term
|
Definition
configures a group of servers in a logical group (called a server farm). Incoming requests to the group are distributed to individual members within the group. Incoming requests can be distributed evenly or unevenly between group members based on additional criteria such as server capacity. The primary goal of load balancing is to improve performance by configuring multiple devices to respond as one. Load balancing also provides fault tolerance if the load balancing mechanism is able to detect when a specific farm member is unavailable, automatically distributing new requests to the available members |
|
|
Term
|
Definition
is the process of saving previously acquired data for quick retrieval at a later time. With caching, data is stored in memory or on disk within a network device, where it can quickly be retrieved when needed. Recalling the data from the cache is faster than requesting the data from the original location. A common application of a caching engine on a network is a proxy server configured to cache web content. The proxy server is placed close to the users, typically within the same local area network. As users visit websites, content is retrieved from the web servers on the Internet and is cached on the proxy server. Subsequent requests for the same website are sent by the proxy server from cache, rather than retrieved from the Internet. Caching engines are primarily implemented to improve performance, but they offer some degree of fault tolerance. Cached content can be accessed even if the source device is offline. Caching can lead to outofdate content if something has changed on the source but has not been refreshed in cache. |
|
|
Term
|
Definition
QoS refers to a set of mechanisms that try to guarantee timely delivery or minimal delay of important or timesensitive communications. QoS is particular important when implementing Voice over IP (VoIP), Video over IP, online gaming, or unified communications where delay or data loss make the overall experience unacceptable n addition to delay, QoS mechanisms seek to limit the effects of packets arriving out of order, corrupt packets, and lost or dropped packets. Giving higher priority to some traffic means that less important traffic might be delayed. It is assumed that while the delay might make the end user wait, the delay would not make the resulting data unusable. |
|
|
Term
QoS prioritizes traffic from different data streams by using one of the following two classification systems: |
|
Definition
Class of Service (COS) Individual frames are marked and classified at Layer 2. A priority value between 0 and 7 is assigned to the 3bit COS field. Each priority value specifies a specific traffic type. 0 – Best effort (default) 1 – Background 2 – Excellent effort 3 – Critical applications 4 – Video (< 100ms latency) 5 – Voice (< 10ms latency) 6 – Internetwork control 7 – Network control |
|
|
Term
QoS might include a guaranteed level of service, usually outlined in a ServiceLevel Agreement |
|
Definition
Constant or reserved means that a certain level of service is guaranteed to always be available. This level is only possible by reserving service, even when no data is being sent. Variable service guarantees a certain capacity, but service might vary depending on conditions. This level of service is sufficient for voice or video. Available guarantees a minimum level of service. Additional capacity can be used if it is available, but only the minimum is guaranteed. Unspecified service provides whatever service is available with little to no guarantee. This level of service should only be used for data that can tolerate long delays |
|
|
Term
Differentiated Services Code Point (DSCP) |
|
Definition
Classification occurs at Layer 3. Precedence values are inserted in the DiffServ field of an IP packet. Up to 64 different classifications are possible, but most networks use only the following classes: Default – Best effort Expedited Forwarding (EF) – Low loss, low latency Assured Forwarding (AF) – Assured delivery under prescribed conditions Class Selector – Maintains backward compatibility with IP Precedence field |
|
|
Term
|
Definition
(also called a bandwidth shaper) is a device that is capable of modifying the flow of data through a network in response to network traffic conditions. Specific applications for a traffic shaper include the following: A device used with QoS ensures timely delivery of timesensitive data streams. Bandwidth throttling to restrict the amount of data sent within a specific time period (e.g., to limit the amount of data that can be downloaded from a website in an hour). Rate limiting to restrict the maximum bandwidth available to a customer (used by an ISP or a WAN provider). |
|
|
Term
Multilayer switch/content switch |
|
Definition
Normal switching occurs at the OSI model layer 2, using the MAC address to perform frame forwarding. Switches use specialized hardware called an applicationspecific integrated circuit (ASIC), which performs switching functions in hardware rather than using the CPU and software. ASIC allows switches to perform the switching function at wire speed, meaning that frames are switched without the delay that would be introduced if the CPU and software were required to process the frame. A multilayer switch operates at other OSI model layers and can use other information within a packet to make forwarding decisions. For example, a layer 3 switch uses the IP address for making forwarding decisions. Layer 4–7 switches (also called content switches, web switches, or application switches) are typically used for load balancing. The switch distributes packets between multiple servers. Some switches can transform packets at wire speed (e.g., by performing NAT or adding/removing encryption with SSL or digital certificates) |
|
|
Term
Common Address Redundancy Protocol (CARP) |
|
Definition
is an implementation of fault tolerance that allows multiple firewalls and/or routers on the same local network to share a set of IP addresses. If one of the firewalls or routers fails, the shared IP address allows hosts to continue communicating with the firewall or router without interruption. |
|
|
Term
NIC Teaming, also known as Load Balancing/Failover (LBFO) |
|
Definition
allows multiple network adapters to function together as a single network interface. NIC teaming can be can be used to accomplish two different purposes: 1. To provide additional bandwidth. If you configure the team so all of the NICs are active at the same time, then the system gets the aggregated bandwidth of all the NICs in the team. For example, if you were to create a team from two 1 Gbps network cards, the server would get an aggregated network bandwidth of 2 Gbps. 2. To provide fault tolerance. Multiple network cards are bound together into a team and are then configured so that if one interface fails, the other one will take over for the failed interface. This helps ensure that the system remains accessible over the network in the event of a failed network interface |
|
|
Term
When configuring NIC teaming, keep the following in mind |
|
Definition
You need to install at least two Ethernet interfaces in the system. The drivers used for the NICs must support teaming. Check with the hardware manufacturer to verify whether a particular driver supports teaming. The computer's operating system must support NIC teaming. Most versions of Windows Server support NIC teaming. Newer versions of Windows Server support up to 32 interfaces in a single NIC team. Most Windows workstation operating systems do not natively support NIC teaming. Most Linux distributions support NIC teaming, but it is referred to as bonding |
|
|
Term
|
Definition
Switchdependent teaming requires the adapters in a team to be connected to the same switch. This configuration is used to implement bandwidth aggregation. All of the NICs within the team are in an active/active state, meaning they are online and processing frames all of the time. You can implement switchdependent teaming in two ways: Generic or static teaming requires that the switch and the host identify the links in the team. Link Aggregation Control Protocol (LACP) teaming uses LACP to dynamically configure the links between the host and the switch. |
|
|
Term
|
Definition
Switchindependent teaming allows the adapters in a team to be connected to different switches. This configuration is used to provide failover redundancy and increase the system’s availability. Using multiple NICs and switches protects the system from a failed network card and a failed network switch. In this configuration: The switches are not aware that the interfaces on the server are members of a NIC team. One interface in the team operates in passive mode. It doesn't process frames unless one of the other interfaces in the team fails. |
|
|
Term
|
Definition
providing redundant paths between segments could cause frames to be endlessly passed between the redundant paths |
|
|
Term
|
Definition
frames to be endlessly passed between the redundant paths. This condition is known as a switching loop. To prevent switching loops, the IEEE 802.1d committee defined the Spanning Tree Protocol (STP). With STP, one switch for each route is assigned as the designated bridge. Only the designated bridge can forward packets. Redundant switches are assigned as backups |
|
|
Term
The spanning tree protocol: |
|
Definition
Eliminates loops. Provides redundant paths between devices. Enables dynamic role configuration. a single active path between two switches at any given time. If that active link goes down, it can sometimes take 30 seconds or more for STP to detect that the link has gone down before it activates a redundant link. Recovers automatically from a topology change or device failure. Identifies the optimal path between any two network devices. |
|
|
Term
spanning tree protocol uses a spanning tree algorithm (STA) |
|
Definition
to calculate the best loopfree path through a network by assigning a role to each bridge or switch. The bridge role determines how the device functions in relation to other devices and whether the device forwards traffic to other segments |
|
|
Term
|
Definition
root bridge is the master, or controlling, bridge. There is only one root bridge in the network. The root bridge is the logical center of the spanning tree topology in a switched network. The root bridge is determined by the switch with the lowest bridge ID (BID): The bridge ID is composed of two parts—a bridge priority number and the MAC address assigned to the switch. The default priority number for all switches is 32,768. This means the switch with the lowest MAC address becomes the root bridge unless you customize the priority values. You can manually configure the priority number to force a specific switch to become the root switch. The root bridge periodically broadcasts configuration messages. These messages are used to select routes and reconfigure the roles of other bridges, if necessary. All ports on a root bridge forward messages to the network |
|
|
Term
|
Definition
A designated bridge is any other device that participates in forwarding packets through the network. They are selected automatically by exchanging bridge configuration packets. To prevent bridge loops, there is only one designated bridge per segment. |
|
|
Term
|
Definition
All redundant devices are classified as backup bridges. They listen to network traffic and build the bridge database. However, they will not forward packets. They can take over if the root bridge or a designated bridge fails. |
|
|
Term
Bridge Protocol Data Units (BPDUs) |
|
Definition
special packets sent to and received from other bridges are used to determine bridge roles and port states, verify that neighbor devices are still functioning, and recover from network topology changes. |
|
|
Term
During the negotiation process and normal operations, each switch port is in one of the following states: Disabled |
|
Definition
A port in the disabled state is powered on but does not participate in forwarding or listening to network messages. A bridge must be manually placed in the disabled state. |
|
|
Term
During the negotiation process and normal operations, each switch port is in one of the following states:Blocking |
|
Definition
When a device is first powered on, its ports are in the blocking state. Backup bridge ports are always in the blocking state. Ports in a blocking state receive packets and BPDUs sent to all bridges, but they will not process any other packets. |
|
|
Term
During the negotiation process and normal operations, each switch port is in one of the following states: Listening |
|
Definition
The listening state is a transitory state between blocking and learning. The port remains in the listening state for a specific period of time. This time period allows network traffic to settle down after a change has occurred. For example, if a bridge goes down, all other bridges go into the listening state for a period of time. During this time the bridges redefine their roles |
|
|
Term
During the negotiation process and normal operations, each switch port is in one of the following states:Learning |
|
Definition
A port in the learning state receives packets and builds the bridge database (associating MAC addresses with ports). A timer is also associated with this state. The port goes to the forwarding state after the timer expires. |
|
|
Term
During the negotiation process and normal operations, each switch port is in one of the following states:Forwarding |
|
Definition
The root bridge and designated bridges are in the forwarding state when they can receive and forward packets. A port in the forwarding state can learn and forward. All ports of the root switch are in the forwarding state. |
|
|
Term
During the configuration process, ports on each switch are configured as one Root port |
|
Definition
The port on a designated switch with the lowest port cost back to the root bridge is identified as the root port. Each designated switch has a single root port (a single path back to the route bridge). Root ports are in the forwarding state. The root bridge does not have a root port. |
|
|
Term
During the configuration process, ports on each switch are configured as on Designated port |
|
Definition
One port on each segment is identified as the designated port. The designated port identifies which port on the segment is allowed to send and receive frames. All ports on the root bridge are designated ports (unless the switch port loops back to a port on the same switch). Designated ports are selected based on the lowest path cost to get back to the root switch. Default IEEE port costs include the following: 10 Mbps = 1000 100 Mbps = 19 1 Gbps = 4 10 Gbps = 2 If two switches have the same cost, the switch with the lowest priority becomes the designated switch, and its port the designated port. If two ports have the same cost, the port on the switch with the lowest port ID becomes the designated port. The port ID is derived from two numbers—the port priority and the port number. The port priority ranges from 0–255, with a default of 128. The port number is the number of the switch's port. For example, the port number for Fa0/3 is 3. With the default port priority setting, the lowest port number becomes the designated port. Designated ports are used to send frames back to the root bridge. Designated ports are in the forwarding state. |
|
|
Term
During the configuration process, ports on each switch are configured as on Blocking port |
|
Definition
A blocking port is any port that is not a root or a designated port. A blocking port is in blocking state. |
|
|
Term
Devices participating in the spanning tree protocol use the following process to configure themselves |
|
Definition
1. At startup, switches send BPDUs out each port. 2. Switches read the bridge ID contained in the BPDUs to elect (identify) a single root bridge (the device with the lowest bridge ID). All the ports on the root bridge become designated ports. 3. Each switch identifies its root port (the port with the lowest cost back to the root bridge). 4. Switches on redundant paths identify a designated switch for each segment. A designated port is also identified on each designated switch. 5. Remaining switch ports that are not root or designated ports are put in the blocking state to eliminate loops. 6. After configuration, switches periodically send BPDUs to ensure connectivity and discover topology changes. |
|
|
Term
Sets the spanning tree mode Switch(config)#spanningtree mode {pvst | rapidpvst} |
|
Definition
PVST+ (Per VLAN Spanning Tree Protocol), also known as PVSTP, is a Cisco proprietary protocol used on Cisco switches. Rapid PVST+ is Cisco's proprietary version of Rapid STP, which is based on the 802.1w standard. PVST+ and Rapid PVST+ are the same except that Rapid PVST+ uses a rapid convergence based on the 802.1w standard. To provide rapid convergence, Rapid PVST+ deletes learned MAC address entries on a perport basis after receiving a topology change. |
|
|
Term
Forces the switch to be the root of the spanning tree. |
|
Definition
Switch(config)#spanningtree vlan [14094] root primary |
|
|
Term
Manually sets the cost. The cost range value depends on the pathcost calculation method: |
|
Definition
Switch(config)#spanningtree vlan [14094] cost [1 200000000] For the short method the range is 1 to 65536. For the long method the range is from 1 to 200000000. |
|
|
Term
Manually sets the bridge priority number: Switch(config)#spanning tree vlan [14094] priority [061440] |
|
Definition
The priority value ranges between 0 and 61440. Each switch has the default priority of 32768. Priority values are set in increments of 4096. If you enter another number, your value will be rounded to the closest increment of 4096, or you will be prompted to enter a valid value. The switch with the lowest priority number becomes the root bridge. |
|
|
Term
Disables spanning tree on the selected VLAN |
|
Definition
Switch(config)#no spanningtree vlan [1 4094] |
|
|
Term
Shows spanning tree configuration information, including the following: Switch#show spanningtree |
|
Definition
Root bridge priority and MAC address The cost to the root bridge Local switch bridge ID and MAC address The role and status of all local interfaces The priority and number for each interface To verify that spanning tree is working, look for an entry similar to the following for each VLAN: Spanning tree enabled protocol ieee |
|
|
Term
Shows information about the root bridge for a specific VLAN. Information shown includes:Switch#show spanningtree vlan [14094] root |
|
Definition
The root bridge ID, including the priority number and the MAC address The cost to the root bridge from the local switch The local port that is the root port |
|
|
Term
Switch#show spanningtree vlan [14094] bridge |
|
Definition
Shows spanning tree configuration information about the local switch for the specified VLAN. Information includes the local bridge ID, including the priority and MAC address. |
|
|
Term
Shortest Path Bridging (SPB) |
|
Definition
has been developed to eventually replace STP. SPB is a routing protocol defined in the IEEE 802.1aq standard that adds routing functions to Layer 2 switching. SPB uses a linkstate routing protocol to allow switches to learn the shortest paths through a switched Ethernet network and to dynamically adjust those paths as the topology changes, just like a Layer 3 router does. ddresses this issue by applying Layer 3 routing protocols to Layer 2 switches. This allows those switches to actually route Ethernet frames between switches, just as Layer 3 protocols route packets between routers. By doing this, SPB allows multiple links between switches to be active at the same time without creating a switching loop. This functionality is designed to eliminate the time lag associated with failed links managed by STP. If a link between switches goes down on a network that uses SPB, the frames can be immediately rerouted to the destination segment by using redundant links between switches that are already active and able to forward frames. |
|
|
Term
|
Definition
combines multiple ports on a Cisco switch into a single, logical link between two switches. With EtherChannel You can combine 28 ports into a single link. All links in the channel group are used for communication between the switches. Bandwidth between switches is increased. Automatic redundant paths between switches are established. If one link fails, communication will still occur over the other links in the group. Spanning tree convergence times are reduced. Each channel group has its own number. All ports assigned to the same channel group will be viewed as a single logical link. |
|
|
Term
Cisco switches can use the following protocols for EtherChannel configuration: Port Aggregation Protocol (PAgP) |
|
Definition
l prevents loops, limits packet loss due to misconfigured channels, and aids in network reliability. PAgP operates in the following modes: Auto places the port into a passive negotiating state and forms an EtherChannel if the port receives PAgP packets. While in this mode, the port does not initiate the negotiation. Desirable places the port in a negotiating state to form an EtherChannel by sending PAgP packets. A channel is formed with another port group in either the auto or desirable mode. |
|
|
Term
Cisco switches can use the following protocols for EtherChannel configuration: Link Aggregation Control Protocol (LACP) |
|
Definition
l is based on the 802.3ad standard and has similar functions to PAgP. LACP is used when configuring EtherChannel between Cisco switches and nonCisco switches that support 802.3ad. LACP operates in the following modes: Passive places the port into a passive negotiating state and forms an EtherChannel if the port receives LACP packets. While in this mode, the port does not initiate the negotiation. Active places the port in a negotiating state to form an EtherChannel by sending LACP packets. A channel is formed with another port group in either the active or passive mode. |
|
|
Term
Selects the EtherChannel protocol on the interface cmd |
|
Definition
Switch(configif)#channelprotocol lacp Switch(configif)#channelprotocol pagp |
|
|
Term
Selects the PAgP mode on the interface cmd |
|
Definition
Switch(configif)#channelgroup [18] mode auto Switch(configif)#channelgroup [18] mode desirable |
|
|
Term
Selects the LACP mode on the interface cmd |
|
Definition
Switch(configif)#channelgroup [18] mode active Switch(configif)#channelgroup [18] mode passive |
|
|
Term
Disables EtherChannel on the interfacecmd |
|
Definition
Switch(configif)#no channelgroup [18] |
|
|
Term
Displays EtherChannel details on the switch cmd |
|
Definition
|
|
Term
Displays EtherChannel information for a channel, with a one line summary per channel group cmd |
|
Definition
Switch#show etherchannel summary |
|
|
Term
Switch>ena Switch#conf t Switch(config)#int range gi 0/1 2 Switch(configifrange)#channelprotocol pagp Switch(configifrange)#channelgroup 5 mode desirable |
|
Definition
The following commands configure GigabitEthernet 0/1 and 0/2 interfaces to actively initiate the negotiation of an EtherChannel with the PAgP protocol and a channel group of 5 |
|
|
Term
Switch>ena Switch#conf t Switch(config)#int range ga 0/1 4 Switch(configifrange)#channelprotocol lacp Switch(configifrange)#channelgroup 3 mode passive Switch(configifrange)#duplex full |
|
Definition
The following commands configure FastEthernet 0/1 through 0/4 interfaces to form an EtherChannel with the LACP protocol if the other device actively initiates the EtherChannel connection: |
|
|
Term
Use the following guidelines to troubleshoot an EtherChannel configuration: |
|
Definition
Make sure that all ports in an EtherChannel use the same protocol (PAgP or LACP): If the channelgroup command is used with the desirable option on one switch (PAgP), the other switch must use either desirable or auto. If the channelgroup command is used with the active option (LACP), the other switch must use either active or passive. Verify that all ports in the EtherChannel have the same speed and duplex mode. LACP requires that the ports operate only in fullduplex mode. Check the channel group number. A port cannot belong to more than one channel group at the same time. Verify that all ports in the EtherChannel have the same access VLAN configuration or are VLAN trunks with the same allowable VLAN list and the same native VLAN. Check the spanning tree configuration. If you do not configure EtherChannel, the spanning tree algorithm will identify each link as a redundant path to the other bridge and will put one of the ports in a blocking state. Check the port type and number. You can configure an LACP EtherChannel with up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. Be sure to enable all ports in an EtherChannel. A port in an EtherChannel that is disabled using the shutdown interface configuration command is treated as a link failure, and its traffic is transferred to one of the remaining ports in the EtherChannel. Do not configure more than 6 EtherChannels on one switch. |
|
|