handout package · technology for those pursuing the sbe cert ified broadcast networking...
TRANSCRIPT
Handout Package
“Advanced IP Networking for Broadcast
Engineers“
and “CBNE Study Topics”
Wayne M. Pecena, CPBE, CBNE Texas A&M University
Educational Broadcast Services – KAMU
1
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
“Advanced IP Networking for Broadcast Engineers“
and “CBNE Study Topics”May 2, 2016
Wayne M. Pecena, CPBE, CBNE
Texas A&M University
Educational Broadcast Services ‐ KAMU
Certification ExamsMY DISCLAIMER
2
This class should not be considered a COMPRENHSIVE certification preparation class.
However the material presented will provide an excellent background in IP networking technology for those pursuing the SBE Certified Broadcast Networking Technologist
(CBNT) or the Certified Broadcast Networking Engineer (CBNE) certifications.
Why Is This NOT a Preparation Class?
1. I have no inclusive knowledge of the SBE certification exam question pools.2. The published CBNE exam scope covers more than just IP networking.
What I Will Do With Regards to the CBNE:
1. Cover IP Networking Technology fundamentals and focus on topics which represents 60-70 % of published exam content scope
2. Tailor network design examples towards possible CBNE “essay” questions3. Provide suggested self-study material sources to address additional exam content
Practical IP Networking Tutorial For those Not Perusing Certification!
2
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics Agenda for Today
• Networking Fundamentals Review:– Standards Organizations
– Reference Model Review
– Understanding OSI Model Data‐Flow Layers 1‐4
– IP Protocol Review
• Ethernet Switching In‐Depth
• IP Routing In‐Depth
• IP Addressing & Subnetting In‐Depth– IPv4 Addressing
– Introduction to IPv6
• Network Security Concerns
• Practical Network Design & Implementation Exercise
• Bonus Material ‐ CBNE Study Topics
3
Networking Fundamentals Review
4
3
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
5 Things Required To Build a Network
• Send Host
• Receive Host
• Message or Data to Send Between Hosts
• Media to Interconnect Hosts
• Protocol to Define How Data is Transferred
5
A Network is a Group of Host Devices That Share a Common Addressing SchemeA Host is Any Device That Can Be Connected to That Network
IETF – Internet Engineering Task Force
• Request for Comments – RFC’s
– The “Standards Bible” of the Internet
– Explains in Detail All Aspects of IP Networking
– Nomenclature “RFC xxxx”
• Requirement Levels:
– Required
– Recommended
– Elective
– Limited Use
– Not Recommended
6
www.rfc-editor.org/rfc.html
4
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
IEEE‐ Institute of Electrical & Electronic Engineers
• Project 802 Ethernet Standards:– 802.1 Bridging
– 802.3 Ethernet
– 802.11 Wireless
7
http://standards.ieee.org/about/get/
ITU – International Telecommunications Union
• ITU‐T Sector Provides Standardization of Global Telecommunications Standards (except radio)
• Key Standards include:– Coding of Audio – G.711 & G.72x series
– Coding of Still Images ‐ JPEG‐2000 / T.800 series
– Video Coding ‐MPEG2 / MPEG‐4 AVC
– ISDN (Integrated Services Digital Network) – Q.931
– Optical Transport Network (OTN) ‐ G.709 series
– Passive optical networks (PON) ‐ G.983 series
– Public Telecommunication Numbering Plan – E.164
– Signalling System 7 ‐ Q.7xx series
– (x) Digital Subscriber Line)
8
www.itu.int
5
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The OSI ModelOpen Systems Interconnection (OSI) Model
Developed by the International Organization for Standardization (ISO)Conceptual Model – Abstract in Nature – Modular in Structure
Partitions Communications Functions ‐ Provides “Layer Swapping”Defines How Data Traverses From An Application to the Network
9
NetworkingFocus
“All People Seem To
Need Data Processing”
OR“Please Do Not ThrowSausage
Pizza Away”
Open Systems Interconnection “OSI” Model
10
6
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The OSI Model Expanded
11
The Protocol Data Unit
12
“Some People Fear
Birthdays”
7
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Encapsulation & De‐Encapsulation
13
TCP/IP Focused ModelsDOD Model Stack or TCP/IP Model Stack Focused on IP
14
8
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
1 ‐ The Physical Layer
15
Medium defined
Physical interface defined
Places bits onto the physical network medium
Controls the signaling
Takes bits off the physical network medium
Sends / Receives frames to/from the Data Link Layer
Network InterfacesLocal Area Network
• Ethernet
Wide Area Network• Dedicated
– T‐Carrier (T1, T3)
– Optical Carrier (OC‐3, OC‐12, OC‐192)
• Circuit Switched
– ISDN – BRI
– ISDN – PRI
• Packet Switched
– Frame Relay
– ATM
– ADSL / HDSL
– Metro Ethernet
9
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Ethernet ‐ IEEE 802.3• The “de facto Standard” of Networking Today!
• Based Upon Contention ‐ Access to the Wire ‐ “CSMA/CD”
• 4 Building Blocks of the Ethernet System
– Physical Medium
– Signaling Components
– Media Access Control Protocol
– The Ethernet Frame• 802.3 Raw Early Novell Netware IPX
• 802.2 LLC Current Novell NetWare IPX
• Ethernet SNAP IPX, AppleTalk v2
• Ethernet II (DIX) TCP/IP
17
Ethernet Physical Standards
18
10
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Ethernet GBIC & SFP Modules
19
“Giga-Bit Interface Converter” - GBIC Transceiver SC Fiber Connector
“Single Form-factor Pluggable” – SFP (mini GBIC) TransceiverLC Fiber Connector
Copper or Optical Based Transceiver to Provide FlexiblePhysical Interface
Optical GuidelinesExample Loss Budget – Actual Levels Dependent Upon Specific Optical TX & RX Devices
20
-3 to -9 dB -9 to -19 dB
1.0 dB / km – 1310nm MM0.5 dB / km – 1310nm SM
0.3 dB / connector0.3 dB / connector
-6 Ideal -14 dB
Too Much RX PowerCan Be Detrimental AsNot Enough - Attenuate
11
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Power Over Ethernet ‐ PoE
• Allows Data & DC Power To Be Carried on the Same UTP Cable– Un‐Used Pairs (100‐Base‐T)
– Superimposed (1000‐Base‐T)
• IEEE Standardized: 48 vdc (operating range 44‐57 vdc)– 802.3af 13w device power
– 802.3at “PoE+” 25w device power
• Power Sourcing Equipment:
21
PoE Compliant Switch
PoEInjectors
2 ‐ The Data Link Layer
22
Network Layer Packets Encapsulated or De-Encapsulated Into/From into Frames
Physical or Hardware Addressing Implemented
Defines Network Topology
Unique
12
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Layer 1 & Layer 2 Integration at the NIC
23
The Layer 2 Ethernet Frame
24
Do Not Confuse a “Giant” Frame With a “Jumbo” Frame
13
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Jumbo Frames & Overhead
25
1500 Byte Frame Overhead: 38/1500 = 3%
Jumbo Frame: 9000 Bytes9000 Byte Frame Overhead: 38/9000 = 0.4%
But, Jumbo Frames May Impose Challenges!
Ethernet Network Physical Addressing
• MAC Address – 6 Bytes – Hexadecimal Notation ‐ 00:12:3F:8D:4D:A7
– Layer 2 Physical Address
– Fixed “Burned‐in‐Address” – Assigned by NIC Mfg.
– Local in Scope
26
14
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
MAC Address FormatsAlways 48 Bits – Expressed as Hexadecimal
28
Can Be Represented in Several Formats:
00:A0:C9:14:C8:29
00-A0-C9-14-C8-29
00A0.C914.C829
15
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
3 ‐ The Network Layer
29
Internetwork Communications Focused:
Packet Delivery from Source HostTo Destination Host
Logical Addressing Scheme Implementation
Routing Decisions via Routing Protocols
IP Network Virtual Addressing
• IPv4 Address – 4 Bytes – Doted Decimal Notation ‐ 172.15.1.1
– Layer 3 Logical Address
– Can Change – Determined by Network ‐ Assigned by User
– Global in Scope
30
16
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
IPv4 Packet – Layer 3RFC 791
31
4 ‐ The Transport Layer
32
Implements Reliable End-End Data Transport
Implements Error Detection / Correction
Establishes Virtual Connect Between Hosts
Provides Segmentation, Sequencing, Flow Control
17
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
TCP 3‐Way Handshake
33
TCP BasicsTransmission Control ProtocolRFC 675 and later v4 in RFC 793
• “Connection – Oriented” Protocol– Connection Establishment
– Segmentation & Sequencing
– Acknowledgement
– Flow Control or Windowing
• Guaranteed Or Reliable Data Delivery– Acknowledgment of Packet Receipt
– Retransmission Occurs if Packet Not Received
• High Overhead
• Requires Establishment of a “Session”
• TCP Windowing Feature– Dynamic Window Sizing
– “Slow‐Start”
34
18
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
TCP Sequencing
35
TCP Connection Termination
36
19
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The TCP Session Summary
37
SYN + ACK
Time
Network
SYN
ACK
FIN
FIN
ACK
ACK
ACK
ConnectionClosed
Listen
SYN Sent
SYN Received
ConnectionEstablished Connection
Established
ConnectionClosed
FIN Wait 1
FIN Wait 2
CLOSE Wait
Last ACK
ACK
ACK
Data Segment 1
Data Segment 2
Data Segment 3
TCP Congestion ControlRFC 5681
• Control Mechanisms Based Upon Changing Network Environment:– Slow Start
– Fast Retransmit
• TCP Window– Defines Amount of Data a Host Can
38
20
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
UDP BasicsUser Datagram Protocol
RFC 768
• “Connectionless” Protocol
• Simple or Lightweight, but Inherently Unreliable
• “Best Effort” Data Delivery
• Low Overhead, Thus Low Latency
• Why Use?
– Required for Real‐Time Applications:• VOIP or “Video Over IP” or “Voice Over IP”
• AOIP or Audio Over IP”
– Latency More Detrimental Than Data Loss
39
UDP Session
40
Network
SYN
SYN + ACK
ACK
Data
Data
Data
Time
Data
Data
TCP Used toEstablish UDPSession
21
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
TCP and UDP Headers
41
TCP vs UDP
TCP• Connection Oriented
• Guaranteed Delivery
• Acknowledgments Sent
• Reliable, But Higher Latency
• Segments & Sequences Data
• Resends Dropped Segments
• Provides Flow Control
• Performs CRC
• Uses Port Numbers for Multiplexing
UDP• Connectionless
• Not Guaranteed
• No Acknowledgements
• Unreliable, But Low Latency
• No Sequencing
• No Retransmission
• No Flow Control
• Performs CRC
• Uses Port Numbers for Multiplexing
42
22
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Primary IP System Protocols:
• ARP – Address Resolution Protocol
• DHCP – Dynamic Host Configuration Protocol
• DNS – Domain Name System
• ICMP – Internet Control Message Protocol
43
ICMPInternet Control Message Protocol
• Network Layer Based – RFC 1256 – The “Tattle Tale” Protocol
• Common Messages:– Destination Unreachable
– Buffer Full
– Hops or Time Exceeded (TTL)
• Common Uses:– Ping
– Traceroute
Basic “ping” Operation
23
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
ICMPMessages:• Platform Utilized
by Ping & Traceroute
Utilities
45
“ping”Packet Internet Groper
46
Send Hosts Sends ICMP “echo request”Destination Host Replies ICMP “echo reply”
Round-Trip Times Returned
Be Aware of Command Line Options
24
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
“traceroute”RFC 1812
• The Most Widely Used Network Diagnostic Tool / The Most Widely Misunderstood Network Diagnostic Tool
• How?– Send Host Transmits 3 UDP Packets to Receive Host With TTL = 1 (port typical 33434)
– First Hop Router Sends icmp TTL Exceeded
– Send Host Transmits 3 UDP Packets to Receive Host With TTL = 2
– Second Hop Router Sends icmp TTL Exceeded
– Send Host Transmits 3 UDP Packets to Receive Host With TTL = 3
– Third Hop Router Sends icmp TTL Exceeded
– Send Host Transmits 3 UDP Packets to Receive Host With TTL = 4
47
icmp TTL exceeded
icmp TTL exceeded
icmp TTL exceeded
icmp destination port unreachable
TTL=1 TTL=4TTL=3TTL=2
Understanding “traceroute”
48
WindowsCommand
Screen“tracert”
PingPlotter
What IsUp?
25
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Limitations of “ping” & “traceroute”• ICMP May Be Blocked Within Networks
• Routers May Limit ICMP Processing (interfaces limited)
• Realize Layer 2 Devices Will Not Be Seen
• Understand Traceroute Information Displayed:– traceroute Dispalys Forward Path Route (return path may be different)
– traceroute Returns Round‐Trip Latency
• Understand Traceroute Latency Results:– Latency Increase May Not Be Significant
– Latency Increase Must Continue Increasing for Additional Hops To Be of Concern
49
Sockets
• A “Socket” Is a Combination of an IP Address & A Port Number
• Allows Multiple Network Services to Exist on the Same Host (IP Address)
• IP Address + Port Number = Socket
50
IP Address: 192.168.100.10Port Number: 8080YieldsSocket: 192.168.100.10:8080
26
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Port NumbersRFC 1700
• Applications Are Indexed by a “Port Number”
• Allows Differentiation of Multiple Applications
• Port Numbers Can Be Between 0 ‐ 65535
– 0–1023 Are Considered Reserved
– 1024–49151 Can Be Registered
– 49152–65535 Are Considered Dynamic or Private
• 65,535 TCP and 65,535 UDP Port Numbers
51
Registered Ports Numbers:http://www.iana.org/assignments/port‐numbers
Examples:“Well Known” System Port Numbers”
Port 20 / 21 – FTP “File Transfer Protocol”Port 23 – TELNETPort 53 – DNS “Domain Name Service”Port 80 – HTTPPort 110 – POP3 “Post Office Protocol”Port 123 – NTP “Network Time Protocol”Port 161 – SNMP “Simple Network Management Protocol” (UDP)Port 443 - HTTPS
27
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Port Number Application Multiplexing
54
Layer 2Device
Layer 2DeviceLayer 3
Device
28
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Frame & Packet Flow Through Network
55
00:06:5B:01:02:03192.168.1.101
00:06:5B:11:22:33192.168.1.104
00:00:0C:C1:00:01192.168.1.102
00:00:0C:C1:00:30192.168.1.103
00:00:0C:C1:00:20192.168.100.102
00:00:0C:C1:00:10192.168.100.101
Destination MAC00:00:0C:C1:00:20
Source MAC
00:00:0C:C1:00:10Source IP
192.168.1.101Destination IP192.168.1.104 DATA
PRE
CRC
TYPE
Destination MAC00:00:0C:C1:00:01
Source MAC00:06:5B:01:02:03
Source IP192.168.1.101
Destination IP192.168.1.104 DATA
PRE
CRC
TYPE
Destination MAC00:06:5B:11:22:33
Source MAC00:00:0C:C1:00:30
Source IP192.168.1.101
Destination IP192.168.1.104 DATA
PRE
CRC
TYPE
HOST A HOST B
MAC Address Changes As Frame Passes Through the Network
When to Route – When to Switch?
Route to Limit a Broadcast Domain orProvide Interoperability Between Networks
One Host per Switch Portto Create a Zero Collision Domain
29
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Ethernet Switching In‐Depth
57
Ethernet Switching FundamentalsOriginally Known as “Bridging”
• Switches Allow Segmentation of Network– Allows Dedicated Bandwidth and Creates Point‐Point Communication
– Increased Throughput Due to Zero or Minimal Collisions
– Provides Full‐Duplex Operation
– Increased Security Capability
• Switches Selectively Forward Individual “Frames” from a Receiving Port to a Destination Port– Builds Internal Table of Destination Address(s) on each Port
– Forwards Ethernet Frame to Specific Port if Address in Table
– Floods Ports if Address Not in Table OR a Broadcast Frame
30
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Ethernet Switch Functions• Learn MAC Addresses – Build “Table”
• Filter / Forward Ethernet Frames
• Flood Ethernet Frames
• Provide Loop Avoidance ‐ Redundancy (Avoid loops where redundant links exist)
• Provide Port Security Features
Basic Switch Functions
Simplified Ethernet Switch Internals
60
31
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
MAC Address Table & Aging
A Real MAC Address Table
NOTEVLAN 1 is Special
Aging Timer(typical 5 minute default)
Virtual Local Area Network – VLAN
• Allows Separation or Segmentation of Networks Across a Common Physical Media
– Creates Subset of Larger Network
– VLAN Controls Broadcast Domain Reach – Each VLAN is a Broadcast Domain
– Architecture Flexibility
– Security
• Static Port Based VLAN(s)– Most Popular
– Manual Configuration
– Switch Port Security Features
• Dynamic Port Based– MAC‐Based VLAN(s)
• Assignment Based Upon MAC Address
– Protocol‐Based VLAN(s)• Assignment Based Upon Protocol
62
What Happens in the VLAN,Stays in the VLAN
32
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
VLAN Example
63
Switch Port Type Configuration:
Access (Un-Tagged) Link – Member of One VLAN Only Connects to a HostTrunk (Tagged) Link – Carries Traffic From Multiple VLANS Between Switches
Cisco (HP-ComWare-3COM) Terminology
Broadcast Domains
64
RedVLAN
GreenVLAN
BlueVLAN
Broadcast Domains
No Connectivity Exists Between Broadcast Domain, Networks, or Subnets!
33
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Switch Interface Configuration
65
Tag Inserted Tag Removed
Tag added to frame at Egress trunk interface / Tag stripped at Ingress trunk interface
Adding the VLAN Tag
66
Double & Triple Tagging Can Occur
34
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The 802.1Q Tag in Detail
67
32 bits or 4 bytes
Be Aware – Proprietary VLAN Tags Exist (ie Cisco “VTP & ISL”)
VLAN Configurations
VLAN#1
VLAN#2
VLAN#1
VLAN#2
“Trunk” or “Tagged”Inter-Switch
Links
“Trunk” or “Tagged” VLAN #1 & #2
35
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Spanning Tree Protocol “STP”Prevents a “Broadcast Storm” With Redundant Links
70
Switch A
Switch E
Switch D
Switch BSwitch C
Switch A
Switch E
Switch D
Switch B
Switched Topology ExampleActive Topology After
Spanning Tree Example
Switch C
STP Operation:1 - Determine Root Bridge2 - Select Root Port3 - Select Designated Ports4 - Block Ports with Loops
36
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
What Is A “Layer 3” Switch?• “Marketing Terminology” Applied to a One Box Solution:
– Layer 2 Switching
– Layer 3 Routing
• Layer 3 Switch Performs Both!
• Multilayer Switch Port Types:
– Switchport: Layer 2 Port – MAC Addresses Learning
– Layer‐3 Port: Routing Port
– Switched Virtual Interface: VLAN Virtual Interface
• Not for All Environments:
– Limited to Ethernet Ports/Interfaces
– Limited to OSPF and RIP Protocols
71
Layer 3 Switch Internals
37
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
IP Routing In‐Depth
73
Routing
• Routing is Simply the Moving of Information Between Networks (Subnets or Broadcast Domains)
• OSI Model Layer 3 Process
• Routing Types:
– Static Routing
– Dynamic Routing
• Routing Protocol Classes:
– Interior Gateway Protocol (IGP)
– Exterior Gateway Protocols (EGP)
74
38
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Dynamic Routing Categories
• Distance Vector Routing Protocol– Periodic Routing Table Updates
– “Distance” Used as a Metric
– Neighbors “Trust” Neighbors
– Slow Convergence
• Link State Routing Protocol– Maintains Neighbor, Topology, & Shortest‐Path Tables
– Each Router Updates From All Others
– “Cost” Used as a Metric
75
The Routing Protocol
• Learn the route to each subnet in the internetwork (build routing table)
• Determine the “best’ route (one route)
• Remove routes that are no longer valid
• Update routing table to reflect changes
• Perform updates quickly
• Prevent routing loops
39
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Routing Metrics & Administrative DistanceDetermines The Best Path to Target Host
• Cost Metrics:
– Hop Count The Number of Routers in a Path
– Bandwidth Throughput (bps)
– Load Traffic Flowing Through a Router
– Delay Network Latency (distance or congestion)
– Reliability Amount of Downtime of a Network Path
• Administrative Distance
– Indicates Believability of the Route
– Often Used When Multiple Protocols Are Used
– Often Used to Prefer A Certain Path When Multiple Paths Exist
– Routing Protocols Have Default Administrative Distances
77
Smaller Metrics = Best RouteLower Administrative Distance = More Believed
IGP and EGP Protocols
78
IS-ISBGP
RIPIGRP
EIGRPOSPF
RIPIGRP
EIGRPOSPF
Route Source:
Administrative Distance (default)
Direct 0
Static 1
EIGRP 90
OSPF 110
RIP 120
Unknown 255
40
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Distance‐Vector Routing Protocols
• “Routing by Rumor” – The Overall Network is Unknown, Only Directly Connected Neighbors Are Known by Each Router
• Routing Decision Based Upon a “Distance” or Metric and “Direction” or Vector to Describe
the “Next‐Hop”
79
Link‐State Routing Protocols
• Network Topology Information is Flooded Throughout the Network
• Each Router Determines its Own “Best Path”
80
41
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Practical Routing Protocol Choices“Common” IGP Protocols – VLSM Support
81
RIP v2 EIGRP (Cisco) OSPF v2
Type: Distance Vector Hybird Link‐State
Metric: Hop Count Bandwidth/Delay Cost
Administrative Distance:
120 90 110
Hop Count Limit: 15 224 None
Convergence: Slow Fast Fast
Updates: Full Table Every 30 Seconds
Send Only Changes When Change Occurs
Send Only When Change Occurs, But Refreshed Every 30m
RFC Reference: RFC 1388 N/A RFC 2328
RIP v2Routing Information Protocol
RFC 1388
• Advantages:– Simple – Easy to Configure
– Low Maintenance
– General Understanding Of
• Disadvantages:– Higher Router CPU Utilization
– High Bandwidth Use for Routing Updates
– No Knowledge of Link Bandwidth
– Slow Convergence
– Limited Network Size (hop count = 15)
82
42
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
OSPF v2Open Shortest Path First
RFC 2328
• Advantages:– Fast Convergence
– Routing Updates Are Small
– Scales to Varying Network Sizes
– Considers Link Bandwidth Into Metric Calculation
• Disadvantages:– More Knowledge Required – A lot of Options
– Complex to Configure
83
EIGRP v4Enhanced Interior Gateway Routing Protocol
CISCO Proprietary
• Advantages:– Fast Convergence
– No OSPF Area Assignments = Less Complex
– Complex Cost Metric:• Bandwidth
• Delay
• Reliability
• Utilization
• Disadvantages:– More Knowledge Required – A lot of Options
– Need “Cisco” Environment
84
43
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Hop Count May Not Be The Best Metric!
85
IP Addressing & Subnetting In‐Depth
86
44
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The IP Addressing “Rules”• Each Network MUST Have a Unique Network ID
• Each Host MUST Have a Unique Host ID
• Every IP Address MUST Have a Subnet Mask– Implied for a Classful Network
– Explicit Stated for Classless Network
• An IP Address Must Be Unique Globally If Host on the Public Internet
• The First & Last IP Address Of a Network is Not Assignable!
87
The IPv4 Address
• 32 Bit Binary Address and 32 Bit Binary Mask
• 232 Yields 4,294,967,296 Addresses
• 32 Bits Divided Into Four (4) Octets or Bytes
• Expressed in “Dotted Decimal” Notation
88
45
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
2‐Part IPv4 Address
89
IPv4 Address Classes
90
NETWORK HOST HOST HOST
NETWORKNETWORK
NETWORKNETWORKNETWORK
HOSTHOST
HOST
Class A
Class D
Class C
Class E
Class B
Experimental
Multicast
32 bits
8 bits 8 bits8 bits8 bits
46
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
IPv4 “Default” Mask
91
Classful IPv4 Addressing
What Happenedto the 127 network?
47
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
VLSMRFC 1009
• Variable Length Subnet Masking (VLSM)
– Host Addressing & Routing Inside a Routing Domain
– Allowed “Classless” Subnetting• Mask Information is Explicit – Must Be Specified
– Allows More Efficient Use of Address Space – Taylor Address Space to Fit Network Needs
– Allows You to Subnet a Subnet• Subnetting “Borrows” Host Bits to Create More Networks
93
VLSMAllows MaskTo Be Moved
VLSM• Allows Mask to Be Determined on a “Bit Basis”
– Remember: Classful Addressing Specified Network/Host Boundary
– Classless Addressing Allows Network/Host Boundary to Be Specified at an Individual Bit
94
Octet 1 Octet 2 Octet 3 Octet 4
Octet 1 Octet 2 Octet 3 Octet 4
A B C
19 Subnet Mask Bits = 255.255.224.0
Network Host
Network Host
48
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
CIDRRFC 1517, 1518, 1519, 1520
• Classless Interdomain Routing (CIDR)
– Class System No Longer Applies
– Routing Between Routing Domains
– Allows “Supernets” To Be Created
• Combining a Group of Class C Addresses Into a Single Block
– CIDR Notation (slanted notation): 192.168.100.254 /19
95
Mask:
11111111.11111111.11100000.00000000
255.255.224.0
IP Address Mask Formats
96
Classful Addressing:192.168.100.254(Implied Mask 255.255.255.0)
VLSM Addressing:192.168.100.254 255.255.224.0(Explicit Mask 255.255.224.0
CIDR Notation:192.168.100.254 /19 Number of Mask Bits
1 1 1
49
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
IP Address Block SizeBased Upon 2n
97
2n
128
64
32
16
8
4
2
1LSB
Private vs Public IP Addresses
• RFC 1918 Established “Private” Address Space– Class A: 10.0.0.0 to 10.255.255.255
– Class B: 172.16.0.0 to 172.31.255.255
– Class C: 192.168.0.0 to 192.168.255.255
• Key Points:– Private IP Addresses Are NOT Routable Over the Public Network
– Note – Can Be Routed Over a Private Network
– Often Translated With NAT At An Edge Router
• Map Private Address Space to Public Address Space
98
50
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Why Subnetting?
• Creates Smaller Network(s) of a Larger Network
• Reduces Network Traffic – Creates Smaller Broadcast Domains
• Improves Network Performance
• Allows Geographic Separation
• Isolates Network Anomalies
• Enhances Network Management
99
SubnetsHow Many Networks (subnets) Are Shown?
Network 1
Network 3
Network 2
Broadcast Domain
Broadcast Domain
Broadcast Domain
CollisionDomain
CollisionDomain
CollisionDomain
CollisionDomain
51
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Network Address Translation – NATRFC 3022
• NAT Allows a Host Without a Valid Public IP Address to Communicate With a Host That Has a Public IP Address
• HOW?
– Simply Changes the IP Addresses as Packet Passes Through the NAT Device
• WHY?
– Conserve Public IP Address Space
– Security by Obscurity (hide actual host IP address)101
NAT• Types of NAT:
– Static – One‐to‐One Translation
– Dynamic – Pool of Public Addresses Made Available to Outbound Traffic Client Traffic
– NAT Overloading or Port Address Translation (PAT) – Translates to a Single Public IP by Use of a Unique Port Number
• NAT Addressing Terminology:– Inside Local or Inside Private
– Inside Global or Inside Global
– Outside Global or Outside Public
– Outside Local or Outside Private
102
In General:Inside Addresses Are LocalGlobal Addresses Are Public
52
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Static NAT
103
Special Use “Reserved” IPv4 Address SpaceRFC 5735
• 0.0.0.0/8 Network Address “This Network or Wire Address”
• 10.0.0.0/8 Private IP Address Space (RFC 1918)
• 127.0.0.0/8 Loopback Address
• 169.254.0.0/16 IETF Zero Configuration Address Space (RFC 3927)
• 172.16.0.0/16 Private IP Address Space (RFC 1918)
• 192.168.0.0/16 Private IP Address Space (RFC 1918)
• 224.0.0.0/4 Multicast Address Space
• 240.0.0.0/4 Experimental Address Space
• 255.255.255.255/32 Broadcast Address
104
Yields About 3.7 Billion “Useable” IPv4 Addresses
53
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The IPv4 Loop Back Address
• What is Special About 127.0.0.1 ?
– Actually Any 127.0.0.0/8 Address Works OR the Range of127.0.0.1 to 127.255.255.255
• Known as a “Loop‐Back” Address
• Useful For:
– Test Local IP Stack and Network Adapter Test
– May Be Used by Client‐Server Ap on Host
105
An Introduction to IPv6
106
54
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
IPv4 Address Depletion
• As of February 2011 ALL ICANN IPv4 Address Space Assigned!
• Regional Registries Now Have Their Last Allocation!
http://www.potaroo.net/tools/ipv4/plotend.pngUpdated:
4-26-16
IPv6 Address SpaceIETF ‐ RFC 2460
IPv6 Provides Expanded IP Address Space2128 =
340,282,366,920,938,463,463,374,607,431,768,211,456(three hundred forty UNDECILLION addresses)
3.4 x 1038
• But, IPv6 is More Than Expanded Address Space:
– An Opportunity to Re‐Engineer IPv4• Improved Support for Multicasting, Security, & Mobile Aps
• Multiple Addresses per Interface
• Host Auto‐Configuration Capability
• Security Incorporated
• MTU Discovery Incorporated
• Traffic Engineering Provisions Incorporate
55
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The IPv6 Address
128‐Bit Address Binary Format:001001100000011110111000000000001111101010100000000000110010000110010101100110001000011110111100010010000010100011110001
Subdivide Into Eight (8) 16‐bit Groups (quads or chunks):0010011000000111 1011100000000000 0000111110101010 0000000000000011 0010000110010101 1001100010000111 1011110001001000 0010100011110001
Convert Each 16‐bit Group to Hexadecimal:(separate with a colon)
2607:b800:0faa:0003:2195:9887:bc48:28f12607:b800:faa:3:2195:9887:bc48:28f1
Address Summarization
110
128‐Bit Address Represented as a 32 Hexadecimal DigitsSubdivided Into Eight Groups (Chunks, Quads) of Four Hexadecimal Digits
(separated by colon)
2001:0000:0000:0000:0DB8:8000:200C:417Aor
2001:0:0:0:DB8:8000:200C:417A or
2001::DB8:8000:200C:417A
110
56
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Remember:IPv6 Is More Than Address Space
“An Opportunity to Re‐Engineer IPv4”
• Header Simplification for Performance Increase
• Improved Authentication and Security
• Host Auto‐Configuration
• Mobility Incorporated
111
IPv6 Address AssignmentRecommendations
• Service Provider: /32 232 /64 subnets
• Large End User: /48 65,536 /64 subnets
• Small End User: /56 256 /64 subnets
• SOHO: /64 1 /64 subnets
Recognize:A /64 IPv6 subnet = 18,446,744,073,709,552,000
hosts
57
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Implementing IPv6?
Want to Learn More?
IPv6 Enable Your Home Network
But, My Provider is Not IPv6 Enabled!
Then “Tunnel” to an IPv6 Provider:
http://www.tunnelbroker.net/
58
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
115
IPv6 Test Sites
http://ipv6‐test.com/
http://v6.testmyipv6.com/
www.ARIN.net
59
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
An Ipv6 Address You Can Remember
The IPv6 Loopback Address
::1
Summarized from:0:0:0:0:0:0:0:1
Some Final IPv6 Trivia
What Happened to Version 5 or IPv5 of the Internet Protocol?
“IPv5 Simply Does Not Exist!”Version 5 was intentionally skipped to avoid confusion, or at least to rectify it. The problem with version 5 relates to an experimental TCP/IP protocol called the Internet Stream Protocol, Version 2, originally defined in RFC 1190. This protocol was originally seen by some as being a peer of IP at the Internet Layer in the TCP/IP architecture and these packets were assigned IP version 5 to differentiate them from “normal” IPv4 packets. This protocol never went anywhere, but to be absolutely sure that there would be no confusion, version 5 was skipped over in favor of version 6.”
60
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
IPv4 and IPv6Comparison Summary
IPv4Developed: 1973-1977Deployed: 1981232 or 4.3 Billion Addresses
“More Than Anyone Could Possibly Use”
Address Based Assignment Unit /32
IPv6Developed: mid 1990’sDeployed: 19992128 or 340 Undecillion Addresses
“More Than Anyone Could Possibly Use”
Network Based Assignment Unit /64
Vinton Cerf“One of the Fathers of the Internet”
"Who the hell knew how much address space we needed for an experiment?““The experiment has not ended”
“Vint” Cerf comments on his & colleagues 1977 decision to use 32‐bit IP Numbers
61
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Network Security
121
The Challenge
122
SECURITY USEABILITY
62
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Network Security Concerns
• Focused on Protecting the “Network Infrastructure”
• Common Threats:– DHCP Snooping
– ARP Spoofing (IP Spoofing)
– Rogue Routers Advertisements
– Denial of Service Attacks
– Application Layer Attacks
• Implementation Considerations:– Know Your Enemy
– Cost
– Human Factors
– Understand Your Network
– Limit Scope of Access
– Don’t Overlook Physical Security
123
Network Infrastructure Threats
• Denial of Service “DoS”
• Spoofing
• Hijacking
• Authentication Bypass or “Back Door” Access
• Physical Access
• And the list goes on & on…..
124
63
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Common Policy Terminology
• Asset – Any object of value
• Vulnerability – A system weakness to be exploited
• Threat ‐ Possible danger to a system or its information
• Risk – The feasibility that a vulnerability might be exploited
• Exploit ‐ An attack directed at a vulnerability
• Countermeasure ‐ An action or mitigation of a risk
125
Common Policy Attributes
• What Does a Security Policy Define?
– Company Objectives
– System Requirements
– User Rules & Regulations
• Who is the Security Policy Audience?
– “Anyone” Who Has Network Access!126
64
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Security Policy Lifecycle
127
Planning
PolicyCreation
Management & Monitoring
Assessment
Policy Implementation & Enforcement
Detection
ThreatAnalysis
Goals of Network Security
• Provides Confidentiality– Maintain Privacy – Prevent Use by Those Unauthorized
• Provides Authentication– Verify That User’s Are Who They Say They Are
• Maintains Data Integrity– Data Has Not Changed
128
65
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Attributes of a Secure Network
• Layered Approach (“Defense in Depth” NOTE 1)– Different Security Controls Within Different Groups
• Security Domains– Segmentation of Network Into Areas or Groups
• Privileges– Restrict to “Need – To – Access”
– “Deny by Default”
• Access– Restrict by Firewalls, Proxies, etc.
• Logging– Accountability , Monitoring, & Activity Tracking
129
NOTE 1 – Cisco Security Terminology
Apply Layered Network Design
• Separate Networks into “Layers” or Zones or Groups With Different Security Access & Control– External / “DMZ” Perimeter / Internal Zones
– Apply Access Control Between Internal Networks!
130
Non-Secure
Secure
66
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Network Security Tools
• Access Control List
• Firewall– Used to Create a “Trusted” Network Segment by Permitting or Denying
Network Packets
– Types of Firewalls:
• Stateless Packet Filtering – Single Packet Inspection
• Stateful Packet Filtering – Flow or Conversation Inspection
• Ethernet Switch Port Security
• VPN
131
The Access Control List “ACL”Stateless Firewall Functionality
• Simply a “Set of Rules” That Provides a “Permit” or “Deny” Based Upon:
– Layer 3 IP Address
– Layer 4 Port Number
• An ACL is:
– A Table (with explicit DENY)
– Applied to a Specific Switch / Router Interface
132
67
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The “ACL” Rules continued…..
• ACL’s can be Numbered or Named
• Numbered ACL’s Structure:– 1‐99 IP Standard Access List
– 100‐199 IP Extended Access List
– 200‐299 Protocol Access List
– 1300‐1999 IP Standard Access List‐Expanded
– 2000‐2999 IP Extended Access List‐Expanded
• Named ACL Structure:– Standard Named
– Extended Named
133
The “ACL” Rules continued…..
• Standard Access List– Can Only Permit or Deny The Source Host IP Address
– Placed Closest to Destination Host
• Extended Access List– Can Permit or Deny Based Upon:
• Source IP Address
• Destination IP Address
• TCP Port #
• UDP Port #
• TCP/IP Protocol
– Placed Closest to Source Network
134
68
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The “ACL” Rules continued…..
• One “ACL” per Interface per Direction– Ingress
– Egress
• An ACL Only Acts of IP Traffic Passing Through Router
• Organize Structure of ACL:– More specific statements placed first
– Process Sequentially
135
ACL Example(s):
access-list 110 deny ip any host 192.168.100.110
access-list 123 deny ip any host 192.168.100.110 eq 23
Standard IP List Example:Prevent Host 192.168.30.30 from Accessing Host 192.168.10.10
136
Create Access List on Router 1:access list 101 192.168.30.30 0.0.0.0access-list 101 permit any
Apply Access List to Interface:interface E1ip access-group 101 in
Configuration Disclaimer:Exact configuration commands may vary based upon specific equipment models and software version.Generic “Cisco” commands utilized for illustration purposes.
69
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Extended IP List Example:Allow Only http Access to Host 192.168.10.10 from 192.168.30.0 /24
137
Create Access List on Router 2:Access-list 101 permit tcp 192.168.30.0 0.0.0.255 host 192.168.10.10 eq 80access-list 101 permit ip any any
Apply Access List to Interface:interface E0ip access-group 101 in
Configuration Disclaimer:Exact configuration commands may vary based upon specific equipment models and software version.Generic “Cisco” commands utilized for illustration purposes.
A “Practical” ACL ExampleBlock External Users From “Pinging” Inside Hosts
138
Create Access List on Router 1:access list 101 deny icmp any anyaccess-list 101 permit ip any any
Apply Access List to Interface:interface E1ip access-group 101 in
Configuration Disclaimer:Exact configuration commands may vary based upon specific equipment models and software version.Generic “Cisco” commands utilized for illustration purposes.
70
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Firewall• Determines What IP Traffic Can Enter or Exit a Network
Based Upon Pre‐Defined Rules
• Firewall Types:
– Stateless Packet Filtering – Single Packet Inspection
– Access Control List “ACL” – Ingress or Egress Filtering
• No knowledge of flow
• Filters on IP Header info – Layers 1‐3
– Stateful Packet Filtering – Flow or Conversation Inspection
• Filters on IP Header info – Layers 1‐4
• Records conversations – then determines context:
139
Firewall Types:
140
Packet Filtering - “Stateless” Packet Filtering - “Stateful”
Filtering Parameters:IP Source Address
IP Destination AddressProtocol
TCP TrafficUDP Traffic
Port Number
71
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Firewall Implementation
141
Switch Port Security Actions
• Port Security Options:– Specific MAC Address/Port
– Limits on Learned MAC’s
– “Sticky” MAC Learning
• Port Security Violations:– Discards Frame if Disallowed
– Discards Frame if Disallowed and Sends Notification
– Shutdown
142
72
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Implementing Switch Port Security
143
“Shutdown” ports that are un-usedInsure ports are configured as “Access” ports
Assign port to an Un-Used VLAN (do not use VLAN 1)
Configure“Trunk”PortsOnlyWhenrequired
Insure port is configured as “Access” portsAssign port to VLAN (do not use VLAN 1)
Enable Port Security:Specific MAC address
Limit number of MAC addresses / portUse “Sticky Learning” with cautionSpecify the violation response
The IPSec VPN• The Virtual Private Network – “VPN” is a private network built across a public
infrastructure.
• VPN Advantages:
– Provides Confidentiality
– Provides Authentication
– Maintains Data Integrity
– Prevents “Man‐in‐the‐Middle” Scenarios
• VPN’s Built Between:
– Routers
– VPN Appliances
– Soft Clients
• VPN Types:
– IPsec Based
– SSL Based
– GRE Tunnel
144
73
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Conceptual VPN
145
A VPN is NOT a VLANA VPN is a Secure Tunnel Through an Unsecure Network
146
Don Not Confuse VLAN’s and VPN’s
74
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Security “Best Practices” to Consider
• Recognize Physical Security
• Change Default Logins
• Utilize Strong Passwords
• Disable Services Not Required
• Adopt a Layered Design Approach
• Segregate Network(s)
• Separate Networks via VLANS
• Implement Switch Port Security
• Utilize Packet Filtering in Routers & Firewalls
• Do Not Overlook Egress Traffic
• Deny All Traffic – Then Permit Only Required
• Keep Up With Equipment “Patches”
• Utilize Access Logging on Key Network Devices
• Utilize Session Timeout Features
• Encrypt Any Critical Data
• Restrict Remote Access Source
• Understand & Know Your Network Baseline
• Actively Monitor and Look for Abnormalities
• Limit “Need‐to‐Know”
• Disable External “ICMP” Access
• Don’t Use VLAN 1
147
Practical Network Design & Implementation Exercise
148
75
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The Building Blocks: Hubs, Switches, & Routers
• Hub– Layer 1 Device– Acts as a Repeater ‐ All Incoming Frame FWD Out Every Other Port– Half‐Duplex Based – CSMA/CD Algorithm Controlled– No Intelligence – Collision & Broadcast Domain Across All Ports
• Switch– Layer 2 Device – Originally Called “Forwarding”‐ Then “Bridging” ‐ Now Called
“Switching”– Full Duplex Based– Intelligence Based – Selectively Forwards Frame to a Port– Each Port is a Collision Domain (assuming one device per port)– Each Switch is Within a Broadcast Domain
• Router– Layer 3 Device– Forwards Packets Between Different Networks– Creates Broadcast Domains– Each Interface is a Broadcast Domain
149
X
The Flat Network“Legacy Network Architecture”
150
A Single Broadcast DomainCommon Addressed Subnet
Challenges:Manageability, Security, Scalability, Reliability
76
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The Hierarchical Network
151
Organize By:GeographicPolicy / RegulationSecurityPerformance
Logical Networks
152
77
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Network Design Considerations
• Understand “Your” Environment – Each Network is Different!
• IP Addressing Considerations
• VLAN Configuration
• Routing Protocol Selection
• Network Service(s) Selection (DNS, DHCP, etc)
• Security Aspects
• Access, Management, Documentation, & Monitoring
• Physical Layer Scheme
• Hardware (Switch & Router) Selection
Network Architecture Considerations
Core or Backbone
Distribution
Access
“Classic”Layered
Approach
78
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Ethernet Switch Considerations
• Network Role & Location– Self‐Contained– “Stackable”– Modular (chassis + cards)
• Interface Requirements – Capabilities ‐ Range• Interface Density• Layer 3 Capability?• Processor/Memory/MAC Addresses Supported/Multicast IGMP• Backplane Fabric Throughput /Forwarding Rate (Gbps)• Redundancy (power, processor, interfaces)• PoE Requirements / Switch Capacity: (48vdc nominal)
– 802.af (15w) “Class 3”– 802.at (25w) “PoE+”
Router Considerations
• Network Role & Location– Self‐Contained– Modular (chassis + cards)
• Interface Requirements – Capabilities (LAN/WAN)• Processor/Memory/Route Capacity• Fabric/Backplane Throughput (packets per second “PPS”)• Redundancy (power, processor, interfaces)• Required Feature Set:
– Security / IDS– QoS– MPLS– VOIP– NetFlow
79
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
IP Addressing Considerations
• IP Address Planning (range)– Current Needs
– Scalability
– Organize Subnets (Hierarchical)
• IP Address Host Allocation– Public vs Private (RFC 1918)
– Static vs Dynamic Policy
– Assignment Documentation (IPAM sys)
• What About IPv6?– Implementation Factors
– Migration Plan
Switch Access Methods
“User” Mode
“Privilege” Mode
“Global” Configuration Mode
“Interface” Configuration Mode
80
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Practical VLAN Configuration – 1Cisco to Cisco Switch
160
Conceptual Configuration:define vlan 100 & 200 in switchset port 2 mode to accessset port 14 mode to accessset port 23 mode to trunkallow vlan 100 & 200 on trunk port
Exact configuration command will vary by switch model / IOS version
Conceptual Configuration:define vlan 100 & 200 in switchset port 4 mode to accessset port 24 mode to accessset port 23 mode to trunkallow vlan 100 & 200 on trunk port
81
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Configuration DetailSwitch A
Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#interface Fa0/2Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 100Switch(config-if)#no shutSwitch(config-if)#exitSwitch(config)#exit
Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#interface Fa0/14Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 200Switch(config-if)#no shutSwitch(config-if)#exitSwitch(config)#exitSwitch#
Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#interface Fa0/23Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport trunk vlan 100
^% Invalid input detected at '^' marker.
Switch(config-if)#switchport trunk allowed vlan 100,200Switch(config-if)#exitSwitch(config)#exit
Configuration DetailSwitch B
Switch B(config)#interface fa0/4Switch B(config-if)#switchport mode accessSwitch B(config-if)#switchport accss vlan 100 Switch B(config-if)#no shutSwitch B(config-if)#exitSwitch B(config)#exit
Switch B(config)#interface fa0/23Switch B(config-if)#switchport mode trunkSwitch B(config-if)#switchport trunk allowed vlan 100,200Switch B(config-if)#exitSwitch B(config)#exitSwitch B#
Switch B#config tEnter configuration commands, one per line. End with CNTL/Z.Switch B(config)#interface fa0/24Switch B(config-if)#switchport mode accessSwitch B(config-if)#switchport access vlan 200Switch B(config-if)#no shutSwitch B(config-if)#exitSwitch B(config)#exitSwitch B#
82
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Router Configuration:
163
Configuration Disclaimer:Exact configuration commands may vary based upon specific equipment models and software version.Generic “Cisco” commands utilized for illustration purposes.
Blue Network:192.168.100.0 /24
Green Network:192.168.200.0 /24
Red Network:192.168.300.0 /24
Assign Network to an Interface:interface ge0 ip address 192.168.100.1 255.255.255.0no shutdowninterface ge1 ip address 192.168.200.1 255.255.255.0no shutdowninterface ge2 ip address 192.168.300.1 255.255.255.0no shutdown
Enable RIP Routing:router ripnetwork 192.168.100.0network 192.168.200.0network 192.168.300.0
Cisco vs HP Terminology
Function Cisco HP
Switch Port Access Port Untagged Port
VLAN Switch Port
Trunk Port Tagged Port
Aggregated Links
Ether Channel Trunk Group
83
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Practical VLAN Configuration – 2Cisco to HP Switch
165
Conceptual Configuration:define vlan 100 & 200 in switchset port 2 mode to accessset port 14 mode to accessset port 23 mode to trunkallow vlan 100 & 200 on trunk port
Conceptual Configuration:define vlan 100 & 200 in switchset port 7 as untagged vlan 100set port 24 as untagged vlan 200set port 18 as tagged vlan 100 & 200
Cisco Terminology HP TerminologyAccess Mode UntaggedTrunk Mode Tagged
84
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
8
12
14
4
Consider Growth – 20%
10
15
17
5
85
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
IP Address Block SizeBased Upon 2n
169
2n
128
64
32
16
8
4
2
1LSB
IP Addressing PlanBase Network: 192.168.100.0 /25
Use a “VLSM” Subnet Calculator:http://subnettingpractice.com/vlsm.html
1632
32
8
86
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
IP Configuration Plan
IP Configuration Plan ‐ 2
87
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
“EngRack” Switch to “Ennes” Router Interface
“Trunk”Interface “Sub-Interface”
802.1Q Trunk Link
88
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
What is Wrong With This Design?
Why a 100 Mbps Link Here?GigE
100Mbps
Let’s Fix It!
Then Re-Configure Ports:Switch & Router
89
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Another Approach!
“Use a Layer 3 Switch”
Handout Package Contains All Configuration Details
178
90
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Useful Reference Sources:• IEEE Ethernet References: http://standards.ieee.org/about/get/
• IETF Resources: http://www.ietf.org/
• RFC References: www.rfc‐editor.org/rfc.html
• MAC OUI Look‐Up: https://www.wireshark.org/tools/oui‐lookup.html
• IPv4 Address Block Size: http://packetlife.net/media/library/15/IPv4_Subnetting.pdf
• Cisco Oriented Guides: http://routeralley.com/guides.html
• PacketLife “Cheat Sheets”: http://packetlife.net/library/cheat‐sheets/
• On‐Line Subnet Calculator: http://www.subnet‐calculator.com/
• Standalone Subnet Calculator: http://www.solarwinds.com/freetools/advanced‐subnet‐calculator.aspx
179
The “Mask” ios Subnet Calculator:http://www.cylineapro.com/cylsoft‐portfolio/the‐mask‐ipv4‐ipv6‐calculator
My Favorite Reference Texts:
180
91
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
The Real – World OSI ModelRFC 2321 ‐ The Reliable Internetwork Troubleshooting Agent
“A Description of the Usage of Nondeterministic Troubleshooting and Diagnostic Methodologies”
181
ID10T Errors
182
92
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Thank You for Attending!
Wayne M. PecenaTexas A&M Universityw‐[email protected]@tamu.edu
979.845.5662
183
? Questions ?
* BONUS MATERIAL *CBNE Study Topics
184
93
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Cable Category Types
185
Category Maximum Speed Application
1 1 Mbps Voice (not for ethernet)
3 10 Mbps Ethernet 10BaseT
5 100 Mbps Ethernet 100BaseT
5e 1 Gbps Ethernet 1000BaseT
6 10 Gbps Ethernet 10GbE
6a 10 Gbps Ethernet 10GbE
For More Information:http://www.lanshack.com/cat5e-tutorial.aspx/
Ethernet Cable Wiring ‐ Straight
186
94
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Ethernet Cable Wiring ‐ Cross
187
Ethernet Cable Types
Cable Type Legend
Straight-Through
Cross-Over
Router 1 Router 3Router 2
Ethernet 0
Ethernet 0 Ethernet 0
Ethernet 1
Ethernet 1
Ethernet 3
Ethernet 1
EIA/TIA-568A EIA/TIA-568B
EIA/TIA-568B EIA/TIA-568B
MDI
MDIXMDIXMDIX
MDI
MDI
MDI
188
95
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
DTEDevice
DCEDevice
12
36
12
36
Straight – Through Cable
DCEDevice
TX
RX
RX
TX
DCEDevice
36
12
12
36
Cross - Over Cable
TX
RX
RX
TX
Switch
Hub
RouterCross-Over Cable
Straight-Through Cable
Typical Cable Selection(non auto-mdix devices)
MDI
MDI
MDI-X
MDI-X
MDI-X
MDI
MDI
Ethernet Physical Standards
190
IEEE Standard Physical Standard
Cable Type Speed Maximum Length
802.3a 10‐Base‐2 Coax (thin‐net) 10 Mbps 185m
802.3 10‐Base‐5 Coax (thick‐net) 10 Mbps 500m
802.3i 10‐Base‐T Twisted Pair 10 Mbps 100m
802.3u 100‐Base‐TX Twisted Pair 100 Mbps 100m
802.3u 100‐Base‐T4 Twisted Pair 100 Mbps 100m
802.3u 100‐Base‐FX MM Fiber 100 Mbps 400‐2000m
802.3u 100‐Base‐SX MM Fiber 100 Mbps 500m
96
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Ethernet Physical Standards
191
IEEE Standard Physical Standard
Cable Type Speed Maximum Length
802.3ab 1000‐Base‐T Twisted Pair 1 Gbps 100m
802.3z 1000‐Base‐SX MM Fiber 1 Gbps 500m
802.3z 1000‐Base‐LX MM Fiber 1 Gbps 500m
802.3z 1000‐Base‐LX SM Fiber 1 Gbps Several Km
802.3an 10G‐Base‐T Twisted Pair 10 Gbps 100m
802.3ae 10G‐Base‐SR MM Fiber 10 Gbps 300m
802.3ae 10G‐Base‐LR SM Fiber 10 Gbps Several Km
and 20 Gigabit, 40 Gigabit, & 100 Gigabit Ethernet are emerging ……
Fiber Optic Connector Types
192
97
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
WAN Technology• Generally Categorized as Dedicated, Circuit Switched , or Packet Switched:
• Dedicated
– T‐Carrier (data)
– Optical Carrier
• Circuit Switched
– ISDN – BRI
– ISDN – PRI
– T‐Carrier (voice)
• Packet Switched
– X.25
– Frame Relay
– ATM
– ADSL / HDSL
– Metro Ethernet Offerings
193
WAN Link Types
194
Line Type: Signaling Type: Bit Rate
64 DS0 64 kbps
T1 or DS1 DS1 1.544 Mbps
T3 or DS3 DS3 44.735 Mbps
SONET OC:
SONET STS:
Bit Rate
OC‐1 STS‐1 52 Mbps
OC‐3 STS‐3 155 Mbps
OC‐12 STS‐12 622 Mbps
OC‐48 STS‐48 2400 Mbps
OC‐96 STS‐96 5000 Mbps
98
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
DS1 Configuration
• DS1 or T1 Types:
– Channelized (voice)
– PRI (ISDN) (voice or data)
– Clear Channel (data)
• Encoding
– AMI (voice)
– B8ZS (data)
• Framing
– D4 Super Frame (voice)
– Extended Super Frame (data)
• Timing– Must specify source
195
WAN Component ExamplePoint – Point T‐1 or DS‐1
196
Possible Interfaces That Might Be Found
99
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
WAN Component ExampleIntegrated Services Digital Network
• ISDN ‐ Integrated Services Digital Network– ISDN – BRI 2 “B Channels” + “D Channel”
– ISDN – PRI 23 “B Channels” + “D Channel”
• “B” Channel – Bearer Channel – 64k
• “D” Channel – Signaling Channel – 16k / 64k
197
ISDN Reference Devices• TE1 – Terminal Equipment Type 1
– ISDN Telephone Set or Computer Device
• TE2 – Terminal Equipment Type 2– POTS Deskset
• TA – Terminal Adapter– Interfaces analog devices
• NT1 – Network Termination Type 1– TELCO termination Point (Home)
• NT2 – Network Termination Type 2• TELCO termination Point (PBX)
• LT – Line Termination
• ET – Exchange Termination
198
Telco Central Office
100
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Frame Relay Basics• Standardized Packet Switched Network Technology
• Physical & Data Link Layer Based
• Local and Nationwide Scope Reach
• Frame Relay Switches Create Virtual Circuits Between Customer Endpoints
• Permanent Virtual Circuit (PVC) Provided to Customer
• Delivered via Leased Line Facilities – Often Fractional T1 (< 1.5 Mbps)– 56 kbps or 64 kbps increments
• Data Link Connection Identifier – DLCI:
– Identifies the Virtual Connection
– Physical Link Can Accommodate Multiple DLCI’s
– Unique Only To The Endpoint
• Committed Information Rate – CIR
• Extended Information Rate ‐ EIR
199
Frame Relay Architecture
200
PVC’sCreated
Between CustomerEndpoints
Local or Nationwide ScopeFrame Relay Cloud
101
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Wireless Fidelity Networking
• 802.11 Standards– 802.11 2.4 Ghz 2 Mbps (maximum)
– 802.11b 2.4 Ghz 11 Mbps
– 802.11a 5 Ghz 54 Mbps
– 802.11g 2.4 Ghz 54 Mbps
– 802.11n 2.4 “MIMO” 300 Mbps
– 802.ac 2.4 / 5 Ghz 450 / 1300 Mbps
• Frequency Bands (ISM):– 2.4 Ghz 2.4‐2.497 Ghz
– 5 Ghz 5.15 – 5.875 Ghz
201
IEEE 802.11 Wi‐Fi
202
802.11 802.11a 802.11b 802.11g 802.11n
Standardized 1997 1999 1999 2003 2010
Frequency 2.4 Ghz 5 Ghz 2.4 Ghz 2.4 Ghz 2.4/5 Ghz
Channels 3 <24 3 3 Variable
Modulation IR, FHSS, DSSS
OFDM DSSS DSSS/OFDM
DSSS, CCK, OFDM
Mbps 1,2 6,9,12,18,24,36,48,64
1,2,5.5,11 1,2,5.5,116,9,12,18,24,36,48,64
>100(MIMO
supported)
Modulation Legend:IR – Infrared RadiationFHSS – Frequency Hoping Spread SpectrumDSSS- Direct Sequence Spread SpectrumOFDM – Orthogonal Frequency Division Multiplexing
102
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
2.4 gHz Channels
203
5 gHz Channels
204
103
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Wireless Security
• Wireless Equivalent Privacy ‐WEP
• Wi‐Fi Protected Access – WAP
• Wi‐Fi Protected Access 2– WAP2 (802.11i)
• IEEE 802.1x
205
206
http://packetlife.net/media/library/4/IEEE_802.11_WLAN.pdf
104
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Broadcast Digital Content Management & Workflow
207
Content Management & Workflow
• Workflow:
The decisions and processes that occur in the broadcast plant when a
Media Asset enters the system to the distribution of the Media Asset at the output of the system.
• Media Asset (SMPTE definition):
208
Essence Metadata
Content Rights
Media Asset
105
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Wrapper Types:
Wrappers
GXF – General Exchange Format
MXF – Material Exchange Format
AAF – Advanced Authoring Format
QT – Quick Time
LXF – Leitch Exchange Format
WMF – Windows Media Format
and others ……….
209
Metadata Essence
Wrapper
General Server Storage
• Hard Disk Interface Types
– SCSI
– IDE
– SATA
– Fiber Channel (FC)
• RAID Basics
• NAS Fundamentals
• SAN Architecture
210
106
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
Hard Disk Interface TypesData Transfer Rate (maximum)
• SCSI 160 Mbps – 320 Mbps
• IDE/ATA 100 Mbps – 133 Mbps
• SATA 150 Mbps – 300 Mbps
• Fibre Channel 400 Mbps
211
RAID Level BasicsRedundant Array of Independent (Inexpensive) Disks
• RAID Technology:
– Striping
– Mirroring
– Parity
• Choosing a RAID Level:
– Cost
– Data Availability (protection)
– Performance (read/write)
• Levels:
– RAID 0
– RAID 1
– RAID 5
– RAID 10 (RAID 1 + 0)
– And many more……….
212
107
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
RAID Level Overview:
213
RAID Level 0
Data Blocks StrippedNo Redundancy
High Performance
BA
C
E
D
F
RAID Level 1
Data Blocks MirroredHigh RedundancyGood Performance
AA
B
C
B
C
2 disks minimumUsable Capacity = 100%
2 disks minimumUsable Capacity = 50%
RAID Level Overview:
214
108
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
NAS & SAN Architecture• Network Attached Storage
NAS – Provides File System & Storage (stand alone)File Level Based ‐ Shared Storage Over Shared Network
• Storage Area NetworkSAN – Provides Storage OnlyBlock Level Based ‐ Shared Storage Over Dedicated Network
215
Audio & Video Digital Signal Standards
• Digital Audio– AES3
• 32/44.1/48/96 kHz Sampling
• 16 – 24 bits
• Mono or Stereo
• Balanced 110 ohm
• Unbalanced 75 ohm
– AC3• Compressed
• 5.1 channel based (6 channels)
• AC3 Metadata
– Dolby E• Compressed
• 8 channel
• Bound to Video Frame
• Digital Video:– SMPTE 259M SD‐SDI 270 Mbps
– SMPTE 344M ED‐SDI 540 Mbps
– SMPTE 292M HD‐SDI 1.485 Gbps
– SMPTE 372M Dual Link HD‐SDI 2.97 Gbps
– SMPTE 424M 3G‐SDI 2.970 Gbps
216
109
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
SBE Networking Certifications
CBNTCertified Broadcast Networking Technician
• This certification is designed for persons who wish to demonstrate a basic familiarity with networking hardware as utilized in business and audio/video applications in broadcast facilities.
• Exam Focus:– Network topologies and layouts
– Common network protocols
– Wiring standards and practices
– Maintenance, troubleshooting and connectivity issues
– Challenges unique to broadcast‐based networks
CBNECertified Broadcast Networking Engineer• This certification is an “Advanced” level
that reflects the skill and knowledge that will be required in today's world of converged IT and broadcast engineering.
• Exam Focus:
– Audio/Video over IP
– Digital Content Management
– Video Systems in an IT World
– Data Transmission Systems
– General IT Hardware
217
CBNE Recommended Study:
218
110
“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics
My Favorites:
219
Thank You for Attending!
Wayne M. PecenaTexas A&M Universityw‐[email protected]@tamu.edu
979.845.5662
220
? Questions ?
Internet
Ennes
Router
EngRack
Switch
Prod
Switch
Admin
Switch
The “Ennes” Network Architecture for KSBE
VLAN IP Address Configuration:
VLAN: Network: Mask: Default Gateway:
100 – Administration 192.168.100.64 255.255.255.240 192.168.100.65
200 – Production 192.168.100.32 255.255.255.224 192.168.100.33
300 – Engineering 192.168.100.0 255.255.255.224 192.168.100.1
400 - NetMgmt 192.168.100.80 255.255.255.248 192.168.100.81
DHCP
Enabled VLANS:
200 – Production (4 hosts)
300 – Engineering (2 hosts)
400 - NetMgmt
Enabled VLANS:
100 – Administration (2 hosts)
200 – Production (8 hosts)
300 – Engineering (12 hosts)
400 – NetMgmt (1 host)
Enabled VLANS:
100 – Administration (6 hosts)
400 - NetMgmt
Cisco 1841
Cisco C2960GCisco C2960G
Cisco C3750G
Management:
192.168.100.82
Management:
192.168.100.83
Management:
192.168.100.84
Management:
192.168.100.85
Gi1/0/1
Gi1/0/27 Gi1/0/28
Fa0/1Trunk - VLAN(s):
100,200,300,400
Fa0/0
Trunk - VLAN(s): 100,400Trunk - VLAN(s): 200,300,400
Gi0/7 Gi0/7
Configuration Details:
EngRack_SW
EngRack>
EngRack>enable
EngRack#show runnin
EngRack#show running-config
Building configuration...
Current configuration : 3064 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname EngRack
!
!
no aaa new-model
switch 1 provision ws-c3750g-24ts-1u
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200,300,400
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 400
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/23
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200,300,400
switchport mode trunk
!
interface GigabitEthernet1/0/28
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,400
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan400
ip address 192.168.100.82 255.255.255.248
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
login
length 0
line vty 5 15
login
!
end
EngRack#
Configuration Details:
Ennes Router
Ennes>
Ennes>enable
Password:
Ennes#show runni
Ennes#show running-config
Building configuration...
Current configuration : 1104 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Ennes
!
boot-start-marker
boot-end-marker
!
enable password sbe
!
no aaa new-model
dot11 syslog
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp client-id FastEthernet0/0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 100
ip address 192.168.100.65 255.255.255.240
!
interface FastEthernet0/1.2
encapsulation dot1Q 200
ip address 192.168.100.33 255.255.255.224
!
interface FastEthernet0/1.3
encapsulation dot1Q 300
ip address 192.168.100.1 255.255.255.224
!
interface FastEthernet0/1.4
encapsulation dot1Q 400
ip address 192.168.100.81 255.255.255.248
!
router rip
network 192.168.100.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
Ennes#
Configuration Details:
Prod_SW
Prod_SW>
Prod_SW>enable
Prod_SW#show runni
Prod_SW#show running-config
Building configuration...
Current configuration : 1160 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Prod_SW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/1
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet0/3
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet0/4
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet0/7
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet0/8
description Trunk to EngRack_SW
switchport trunk allowed vlan 200,300
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
ip http secure-server
!
control-plane
!
!
line con 0
line vty 5 15
!
end
Prod_SW#
Configuration Details:
Admin_SW
Admin_SW>
Admin_SW>enable
Admin_SW#show runnin
Admin_SW#show running-config
Building configuration...
Current configuration : 1123 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Admin_SW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/1
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/3
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/4
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/5
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/6
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
switchport trunk allowed vlan 100,400
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
control-plane
!
!
line con 0
line vty 5 15
!
end
Admin_SW#