0 evaluări0% au considerat acest document util (0 voturi)
42 vizualizări2 pagini
A fault-tolerant network is a network that can minimize the impact of hardware and software failures and quickly resume operations if failures occur. Protocols establish communication rules between network devices and ensure messages are sent to the correct recipients. Cisco's Borderless Network architecture allows organizations to securely connect anyone from anywhere on any device. It addresses challenges like supporting converged networks and changing work patterns.
A fault-tolerant network is a network that can minimize the impact of hardware and software failures and quickly resume operations if failures occur. Protocols establish communication rules between network devices and ensure messages are sent to the correct recipients. Cisco's Borderless Network architecture allows organizations to securely connect anyone from anywhere on any device. It addresses challenges like supporting converged networks and changing work patterns.
A fault-tolerant network is a network that can minimize the impact of hardware and software failures and quickly resume operations if failures occur. Protocols establish communication rules between network devices and ensure messages are sent to the correct recipients. Cisco's Borderless Network architecture allows organizations to securely connect anyone from anywhere on any device. It addresses challenges like supporting converged networks and changing work patterns.
Sebuah jaringan fault tolerant artinya sebuah jaringan yang
mampu meminimalkan akibat dari kegagalan hardware dan
software, serta dapat beroperasi lagi dengan cepat jika kegagalan itu terjadi.
Protokol adalah aturan yang digunakan oleh perangkat jaringan untuk berkomunikasi satu sama lain. protokol dapat berlapis, dimana protokol yang satu berfungsi diatas protokol yang lain Protokol tersebut akan mengatur format, pengalamatan dan mekanisme routing yang menjamin pesan dikirim pada penerima yang tepat
QOS, Sebuah jaringan terkonvergensi, harus mampu mengatur prioritas dari service service yang menggunakannya. Sehingga dicapat standar kualitas yang memenuhi harapan user
Cisco Borderless Network is a network architecture that allow organizations to connect anyone, anywhere, anytime, and on any device securely, reliably, and seamlessly It is designed to address IT and business challenges, such as supporting the converged network and changing work patterns Borderless switched network design guidelines are built upon the following principles: Hierarchical, rule of each devices Modularity, easily expanded Resiliency, always on Flexibility, intelliggent load sharing
Form Factor Switch Fixed = tetap, tak modular Modular = ada modul yang dapat ditambah/ diganti Stackable = dapat di tumpuk dan dipandang sebagai tunggal
Mengurangi Kemacetan Jaringan facilitating the segmentation of a LAN into separate collision domains = memecah collision domain menyediakan komunikasi full-duplex antara perangkat taking advantage of their high port density buffering large frames employing high speed ports taking advantage of their fast internal switching process having a low per-port cost
Secure Shell (SSH) is a protocol that provides a secure (encrypted) command-line based connection to a remote device SSH is commonly used in UNIX-based systems Cisco IOS also supports SSH A version of the IOS software including cryptographic (encrypted) features and capabilities is required in order to enable SSH on Catalyst 2960 switches Because its strong encryption features, SSH should replace Telnet for management connections SSH uses TCP port 22 by default. Telnet uses TCP port 23
MAC Address Flooding Switches automatically populate their CAM tables by watching traffic entering their ports Switches will forward traffic trough all ports if it cant find the destination MAC in its CAM table Under such circumstances, the switch acts as a hub. Unicast traffic can be seen by all devices connected to the switch An attacker could exploit this behavior to gain access to traffic normally controlled by the switch by using a PC to run a MAC flooding tool. Such tool is a program created to generate and send out frames with bogus source MAC addresses to the switch port As these frames reach the switch, it adds the bogus MAC address to its CAM table, taking note of the port the frames arrived Eventually the CAM table fills out with bogus MAC addresses The CAM table now has no room for legit devices present in the network and therefore will never find their MAC addresses in the CAM table. All frames are now forwarded to all ports, allowing the attacker to access traffic to other hosts
Network Time Protocol NTP is a protocol used to synchronize the clocks of computer systems data networks NTP can get the correct time from an internal or external time source Time sources can be: o Local master clock o Master clock on the Internet o GPS or atomic clock A network device can be configured as either an NTP server or an NTP client
VLAN Definitions VLAN (virtual LAN) is a logical partition of a layer 2 network Multiple partition can be created, allowing for multiple VLANs to co-exist Each VLAN is a broadcast domain, usually with its own IP network VLANS are mutually isolated and packets can only pass between them through a router The partitioning of the layer 2 network takes inside a layer 2 device, usually a switch.
VLAN Trunks A VLAN trunk carries more than one VLAN Usually established between switches so same-VLAN devices can communicate even if physically connected to different switches A VLAN trunk is not associated to any VLANs. Neither is the trunk ports used to establish the trunk link
Introduction to DTP Switch ports can be manually configured to form trunks Switch ports can also be configured to negotiate and establish a trunk link with a connected peer Dynamic Trunking Protocol (DTP) is a protocol to manage trunk negotiation DTP is a Cisco proprietary protocol and is enabled by default in Cisco Catalyst 2960 and 3560 switches
Switch spoofing Attack There are a number of different types of VLAN attacks in modern switched networks. VLAN hopping is one them. The default configuration of the switch port is dynamic auto By configuring a host to act as a switch and form a trunk, an attacker could gain access to any VLAN in the network. Because the attacker is now able to access other VLANs, this is called a VLAN hopping attack To prevent a basic switch spoofing attack, turn off trunking on all ports, except the ones that specifically require trunking
VLAN Design Guideline Move all ports from VLAN1 and assign them to a not-in- use VLAN Shut down all unused switch ports Separate management and user data traffic Change the management VLAN to a VLAN other than VLAN1. The same goes to the native VLAN Make sure that only devices in the management VLAN can connect to the switches The switch should only accept SSH connections Disable autonegotiation on trunk ports Do not use the auto or desirable switch port modes
Router Memory
Packet Forwarding Methods Process switching An older packet forwarding mechanism still available for Cisco routers. Fast switching A common packet forwarding mechanism which uses a fast-switching cache to store next hop information. Cisco Express Forwarding (CEF) The most recent, fastest, and preferred Cisco IOS packet-forwarding mechanism. Table entries are not packet-triggered like fast switching but change-triggered.
Best Path Best path is selected by a routing protocol based on the value or metric it uses to determine the distance to reach a network. A metric is the value used to measure the distance to a given network. Best path to a network is the path with the lowest metric. Dynamic routing protocols use their own rules and metrics to build and update routing tables for example:
Routing Information Protocol (RIP) - Hop count Open Shortest Path First (OSPF) - Cost based on cumulative bandwidth from source to destination Enhanced Interior Gateway Routing Protocol (EIGRP) - Bandwidth, delay, load, reliability