DIOS Philippines IT Training

Network Fundamentals
Chapter 1 Networking Basics
Chapter Objective:
At the end of this chapter you are expected
to have an understanding on the following:
• basic networking concepts, network symbols
• OSI and TCP/IP model
• Network Design Concepts, Topologies, Physical connections, Network Types
• Port numbers
• IP Addressing, IP Address Classes, Private IPs, and Subnetting – how, why
and when
• End-to-end communications (UDP and TCP/IP)
Chapter 1 Networking Basics
What is a Network
• A network consists of two or more computers
that are linked in order to share resources,
exchange files, or allow electronic
communications. The computers on a network
may be linked through cables, telephone lines,
radio waves, satellites, or infrared light beams.
• The data is conveyed with the use of on-and-off
pulses of electricity.
 Understanding the pieces of a network
The Basic Network

INTERNET

WAN

WAN interface
card
Network Application

• Home
• Office
• Internet – Web Browsing Intranet/Internet
• Database Application – Oracle/Mysql/Sql
• Instant Messenger
• Email / Online BBS
• Online Games
Common Data Network Symbols

Router Wireless Link Phone

Wireless Router Laptop Modem

Bridge Repeater

Firewall
Switch Gigabit Switch

Hub Serial Link

Serial Link DCE
Wireless Access Internet/Cloud
Token Token Ring
Ring
Wireless Bridge
Copper IP Phone

Cross Over
Network Devices
• Network Interface Cards – Layer 2 device that connects computers to other network
equipment to the transmission medium
- connects Host to the network
- detects collision on the ethernet network/prevents collision on token
- passes frames to the upper/lower layer of the OSI
• Routers – A network layer device that connects two networks. Determines the best
path for data packets transmission end-to-end. Blocks layer 2 broadcast.
• Repeaters - A physical layer device that amplifies the signals it receives on one port
and resends or repeats them on another. Used to extend the maximum length of a
network segment.
• Hubs – A physical layer device that serves as a central connection point for
networked devices. A hub repeats the signal it receives on one port to all other ports.
Speed 10mbps to 100mpbs.
• Bridges – A data link layer device that logically separates a network into segments
but lets the two segments appear to be one network to higher layer protocols.
• Switches – A layer 2 device that is used to connect 1 or many segments of LANs
and to filter and forward packets among them. Often referred to as multi-port
bridges.
 Network Media
• the actual path over which data/signal
travels as it moves from one component to
another.

Network Media Types

• Copper – Wired
• Glass – Wired
• Air – wireless
• Radio - Wireless
Network Design

Characteristics of a Network / Consideration for

Network Applications/Design
•Speed – called data rate/bandwidth, measured in bits
(bits, bytes, kb, mb, gb, tb)
•Cost – cost of network components, installation, maintenance
•Security – how secure the network.
•Delay - the time data travels from one point to another
•Availability – the measure of likelihood that the link is available
between the end points
•Topology – physical defines the physical components like cable
types, devices, while Logical defines the path the data travels.
Common Network Types
LAN - Local Area Network
• A LAN connects network devices over a relatively short distance. A
networked office building, school, or home usually contains a single
LAN, though sometimes one building will contain a few small LANs
and occasionally a LAN will span a group of nearby buildings. LAN
is often but not always implemented as a single IP subnet.

•In addition to operating in a

limited space, LANs are also
typically owned, controlled,
and managed by a single
person or organization. They
also tend to use certain
connectivity technologies,
primarily Ethernet and Token
Ring.
WAN - Wide Area Network

• a WAN spans a large physical distance. The Internet is the largest

WAN, spanning the Earth.
• A WAN is a geographically-dispersed collection of LANs. A network
device called a router connects LANs to a WAN. In IP networking,
the router maintains both a LAN address and a WAN address.

A WAN differs from a LAN in several

important ways:
• Most WANs are not owned by
any one organization but rather
exist under collective or
distributed ownership and
management.
• WANs tend to use technology
like ATM, Frame Relay and
X.25 for connectivity over the
longer distances.
• Cost
Other Types of Area Networks

• Wireless Local Area Network - a LAN based on WiFi wireless

network technology
• Metropolitan Area Network - a network spanning a physical area
larger than a LAN but smaller than a WAN, such as a city. A MAN is
typically owned an operated by a single entity such as a government
body or large corporation.
• Campus Area Network - a network spanning multiple LANs but
smaller than a MAN, such as on a university or local business
campus.
• Storage Area Network - connects servers to data storage devices
through a technology like Fibre Channel.
• System Area Network - links high-performance computers with
high-speed connections in a cluster configuration. Also known as
Cluster Area Network.
 Network Topology
Bus Topology
A bus network topology is a network architecture in
which a set of clients are connected via a shared
communications line, called a bus.
Advantages
• Easy to implement and extend
• Well suited for temporary or small networks not requiring high speeds (quick setup)
• Cheaper than other topologies.
• Cost effective as only a single cable is used
• Cable faults are easily identified.
• Weight reduction due to less wires
Disadvantages
• Limited cable length and number of stations.
• If there is a problem with the cable, the entire network goes down.
• Maintenance costs may be higher in the long run.
• Performance degrades as additional computers are added or on heavy traffic.(shared
bandwidth)
• Proper termination is required (loop must be in closed path).
• Significant Capacitive Load (each bus transaction must be able to stretch to most distant
link).
• It works best with limited number of nodes.
• It is slower than the other topologies.
Ring Topology
A ring network is a network topology in which each node connects
to exactly two other nodes, forming a single continuous pathway for
signals through each node - a ring. Data travels from node to node,
with each node along the way handling every packet.

Advantages
•Very orderly network where every device has access to the token and the opportunity to
transmit
•Performs better than a star topology under heavy network load
•Can create much larger network using Token Ring
•Does not require network server to manage the connectivity between the computers

Disadvantages
•One malfunctioning workstation or bad port in the MAU can create problems for the
entire network
•Moves, adds and changes of devices can affect the network
•Network adapter cards and MAU's are much more expensive than Ethernet cards and
hubs
•Much slower than an Ethernet network under normal load
Star Topology
A Star topology is a network topology where each machine is connected to a central hub,
The hub acts as a signal booster or repeater which in turn allows the signal to travel
greater distances. The star topology reduces the chance of network failure by connecting
all of the systems to a central node.
Advantages
Better Performance
Isolation of Devices
Benefits from Centralization
Simplicity
Disadvantage
Failure of central device brings the entire network down

Mesh Topology
Mesh topology is distinguished by having redundant links between devices.
Advantages
•Fault Tolerance
•Disadvantages
•Installation and configuration
•Maintenance of redundant links
Network Architecture
•Four basic that are needed to be addressed in order to meet user expectations:
•- Fault Tolerance - Scalability
•- Quality of Service (QOS) - Security
Port Numbers
• Controlled by Internet Assigned Numbers Authority (IANA)
• Allows and keeps track of different applications accessed at the same
time

How Port Numbers Work

-provides sessions, provides hosts to know where to send
information in case of multiple windows/sessions/sockets
opened end-to-end.
Well Known Port Numbers (1-1024)
Registered (1025-49151)
Vendor Assigned/Dynaminc – (49152-65535)
TCP UDP

FTP 21 DNS CLIENT 53

SSH 22 TFPT 69
TELNET 23

SMTP 25
DNS SERVER 53
HTTP 80
HTTPS 443
POP3 110
The OSI Model (Open Systems Interconnection)
Purpose
• Help break down network functions
• Creates standard for equipment manufacturing
• Allows vendor to focus in specialized areas of networking
Layer Layer Name PDU Name Devices per layer What it do

7 Application Data Interfaces with the application

Provides network access to applications

6 Presentation Encryption/formats in standard format

5 Session Starts and ends sessions

Keeps session logically separated, multiple
connection management

4 Transport Segments Dictates how data is send (reliable/unreliable)

Defines well known ports, provides some error
detection, flow control
Connection oriented or connectionless

3 Network Packets Routers Provides logical addressing

Finds best path to destination

2 Datalink Frame Mac/Switch/Bridge/NIC Provides physical addressing,

connection/connection less
Ensures data is error free, frame sequencing
1 Physical Bits Cables/WAN/repeaters Physical aspects, electric signals, access to
Hubs cables, pin outs
 SERVER B HTTP/Mail Server/FTP
IP Address: 203.215.91.3

OSI In Action
Subnet Mask 255.255.255.128
MAC: DD:EE:FF:GG:HH:II

HOST A
IP Address: 192.168.2.10
SENDS MAIL/FTP
Subnet Mask: 255.255.255.0
MAC: AA:BB:CC:DD:EE:FF WWW.CISCO.COM

Application Uses web browser, ie and typed in cisco.com, asks dns to resolve cisco.com ip, get website Application
request

Presentation Formats data, html, asci, encryption Presentation

Session Creates separate session Session
Transport chooses reliable or unreliable , http = reliable requires ack Transport
sender sets source and dest. port address, s: 1050 (dynamic) d:80 (http)

Network Assigns Source IP: 192.168.2.10 Network

Assigns Destination IP ( 203.215.91.3)
(source IP and destination IP does not change)

Datalink Creates frames, provides physical addressing Datalink

Source MAC:AA:BB:CC:DD:EE:FF Destinationation MAC: DD:EE:FF:GG:HH:II

Physical Submits bits to the wire Physical

OSI and TCP/IP

OSI Model TCP/IP

TCP/IP Protocol Suite
Model
Application

Presentation Application Telnet FTP SMTP DNS RIP SNMP

Session
Transport Transport TCP UDP

Network Internet ARP IP IGMP ICMP

Datalink Network Frame

Ethernet Token Ring ATM
Physical Access Relay
Understanding TCP/IP
Internet Protocol (IP)
• Connectionless
• Uses hierarchical addressing
• Provides best-effort delivery
• Has no built-in data delivery
• Operates at Layer 3 of the OSI (network) and Layer 2 of the TCP/IP
(Internet model)
• Has no built-in data recovery

IP HEADER
IP Address (IPv4) Basics
• Unique numerical address used on a device participating in a
computer network
• Consists of two parts, the network and the host (unique)
• The subnet mask dictates which portions of the IP address
identifies the network and host.
• 32 bits, 4 Octet, each octet from 0-255
192.168.1.0 network
IP Address : 192. 168. 1.20 < identified by
Subnet Mask : 255.255.255.0 subnet mask as host
Gateway : 192.168.1.1

IP Address : 192.168. 1.40 < host bits

Subnet Mask : 255.255.255. 0
Gateway : 192.168.1.1
 Default Address Classes
3 Usable Address Class
Range of Default 1st Octet Number of Number of
Class
First Octet Subnet Mask Binary Networks Networks
Class A 1-126 255.0.0.0 0XXXXXXX 224 = 16,777,216
2 = 128
7

Class B 128-191 255.255.0.0 10XXXXXX 214 = 16,384 216 = 65,536

Class C 192-223 255.255.255.0 11XXXXXX 221 = 2,097,152 28 = 256

Class D First Octed is 224-239 Multi-cast Group 1110

Class E Reserved 1111

Public Addresses
Usable on the Internet

Private Address
created to conserve IPv4 addresses
Usable on internal networks (non-routable) – requires NAT to connect to the
3 Classes of Private Address internet
8 bit block / Class A: 10.0.0.0 – 10.255.255.255
20 bit block / Class B: 172.16.0.0 – 172.31.255.255
16 bit block / Class C: 192.168.0.0 – 192.168.255.255
Reserved IP Addresses
Address Reserved for Specific Purposes

Network Address – An IP Address that has all 0s on the host portion

ex. 172.16.0.0/255.255.0.0

Directed Broadcast Address – An IP Address that has all 1s on the host portion
ex. 172.16.255.255/255.255.0.0

Local Broadcast Address – 255.255.255.255

Loopback Address – used for test, sending to itself

169.254.x.x – autoconfiguration range

 Classfull Vs. Classless
Current technology - Classless IP Addressing
– The subnet mask determines the network portion and the host
portion.
– Value of first octet does NOT matter (older classful IP addressing)
– Hosts and Classless Inter-Domain Routing (CIDR).
– Classless IP Addressing is what is used within the Internet and in
most internal networks.

Older technology - Classful IP Addressing

– Value of first octet determines the network portion and the host
portion.
– Used with classful routing protocols like RIPv1.
– The Cisco IP Routing Table is structured in a classful manner
Classfull Address Looks at the first Octet to see
which Class it belongs
Class C = last Octet is host

192.168.1.0 192.4.0.0

10.2.0.0 172.0.0.0

Looks at the first Octet to see Looks at the first Octet to see
which Class it belongs which Class it belongs
Class A = 2, 3 and 4 Octet are host Class A = 2, 3 and 4 Octet are host
 Looks at the subnet mask Octet
to see which is the network and
Classless Address which is the host portion
Last octed = host

Last 4 bits of the 192.168.1.0 192.168.0.0

4th octet is the 255.255.255.240 255.255.255.0
host portion

10.2.0.0 172.0.0.0
255.255.128.0 255.255.255.0

4th octet + last 7 bits is the 4th octet is the host portion
host portion
Media Access Control (MAC) address
•The ethernet address, or MAC address is a Layer 2 address, typically
burned into adapter.
•Format : 00-0d-65-ac-50-7f
•48 bits

Organizational Unique Identifier (OUI) – First 24 bits, IEEE assigned,

identifies the manufacture of the card
Vendor Assigned: 24 bits, uniquely identifies the Ethernet hardware

OIU Vendor Assigned

mac address 00-0d-65 ac-50-7f
Local and Remote Communication
Local/LAN
Host A compares his IP
address and subnet mask with
IP and subnet mask of Host B
192.168.1.2
192.168.1.3
255.255.255.0 < same network
HOST A - 192.168.1.2
255.255.255.0
Default gateway: 192.168.1.1
MAC:aa:bb:cc:dd:ee:ff
HOST B - 192.168.1.3
255.255.255.0
Default gateway: 192.168.1.1
MAC:bb:cc:dd:ee:ff:gg
Network
Layers Datalink
Host A wants to send data to Host B Physical
Host A confirmed that they
are on the same network but
doesn’t have Host B’s mac
address on its arp table
Host A sends an arp Smac:aa:bb:cc:dd:ee:ff
broadcast to Host B with the
SIP: 192.168.1.2
ff: fields
DIP: 192.168.1.3
Router drops /
blocks the
Host B Replies with its MAC
broadcast
Address, transmission
begins
 Remote Communication
Host A compares his IP
address and subnet mask with
IP and subnet mask of Host B
HOST A - 192.168.1.2
255.255.255.0 192.168.1.2 255.255.255.0
Default gateway: 192.168.1.1 203.215.91.3 255.255.255.252
MAC:aa:bb:cc:dd:ee:ff Not same not same
Host A forwards the data to his
default-gateway with the ff:
fields
SMAC: aa:bb:cc:dd:ee:ff
SIP: 192.168.1.2
gg:hh:ii:jj:kk:ll:mm:nn
DMAC:
203.215.91.3

192.168.1.1 Ee:ff:gg:hh:ii:jj:kk:ll
SIP:192.168.1.1 203.215.91.2
cc:dd:ee:ff:gg:hh:ii:jj
SMAC: cc:dd:ee:ff:gg:hh:ii:jj SIP:192.168.1.1
10.10.1.1
DIP:203.215.91.3 R3 SMAC:ee:ff:gg:hh:ii:jj:kk:ll
SIP:192.168.1.1 DMAC:dd:ee:ff:gg:hh:ii:jj:kk DIP:203.215.91.3
SMAC: aa:bb:cc:dd:ee:ff
R1 10.10.1.5 DMAC:ff:gg:hh:ii:jj:kk:ll:mm
DIP:203.215.91.3
DMAC:cc:dd:ee:ff:gg:hh:ii:jj
SIP:192.168.1.1
R2
SMAC:ff:gg:hh:ii:jj:kk:ll:mm
SIP:192.168.1.1 DIP:203.215.91.3
SMAC: dd:ee:ff:gg:hh:ii:jj:kk DMAC:gg:hh:ii:jj:kk:ll:mm:nn
10.10.1.2
DIP:203.215.91.3
dd:ee:ff:gg:hh:ii:jj:kk DMAC:ee:ff:gg:hh:ii:jj:kk:ll

R4

ff:gg:hh:ii:jj:kk:ll:mm
203.215.91.2
TCP/UDP Communications
Layers: Transport, Network, Datalink, Physical

UDP
• Connectionless
• Best Effort Delivery (no error detection)
• Unreliable
• No windowing
• Trades reliability for speed
TCP
• Builds Connection
• Uses Sequence Number (error detection)
• Reliable (uses ack) (used for error recovery)
• Uses Windowing

Sending Data using UDP

• Creates session and sends data with out waiting for acknowledgement if it is
received
 Sending Data using TCP (3 way handshake) Positive Acknowledgement
with Retransmission (PAR) Sequence Numbering
Computer A sends a
synchronize message
to B containing a
sequence number;
seq=100
Computer B acknowledges that it received the
Computer A receives the Ack it expects and
message by incrementing the sequence number
the connection is now established.
(“ACK”) and sends its own sequence. Ack=101,
All communication will now send
syn=300
incremented syns and acks to ensure
a good connection;syn=102, ack=301.
Computer A receives the Ack it expects and
the connection is now established. All communication
will now send incremented syns and acks to ensure
a good connection; syn=102, ack=301.

Computer A sends data with sequence no. 10 SEQ 10

Upon receipt, Computer B sends a return data
SEQ 5 seq number 5 and an acknowledgement that it
ACK 11 received that data (seq10) by sending ACK11
Upon receipt, Computer A learned
SEQ 11
that seq10 was received by B thru
ACK 6
ACK11 and sends the next data
SEQ11 with ack6 indicating it
SEQ 5
received SEQ5 and incremented it
ACK 11
by 1
Data Transmission
problem
After waiting for dropped data timer,
Computer B resends the last seq and ack
DROPPED
numbers telling the other side about the last
After receiving the same seq. number and sequence it received.
ack number, Computer A learns that the
last data it send got dropped and resends
SEQ 5
it. SEQ 11 ACK 11
ACK 6
TCP Windowing

Amount of data a sender can send before waiting for an ack

Recipient controls how much data is sent.
Receiver controls the amount of data sent to the wire

My window size is 3
PACKET 1

PACKET 2
ACK2 packets
received. Change
PACKET 3 PACKET 3 DROPPED window size 2

PACKET 3

PACKET 4

Receiver controls the amount of

Data sent to the wire
Subnetting
Subnetting is essentially the modification/breaking up of a single IP network to
create two or more logically visible sub-sections.
Burrows host bits to form more networks
When is subnetting necessary?
Subnetting is required when one network number needs to be distributed
across multiple LAN segments. This may be the case in instances when:
A company uses two or more types of LAN technology (for example, Ethernet,
Token Ring) on their network.

Two network segments are restricted by distance limitations (for example,

remote offices linked via point-to-point circuit).

Segments need to be localized for network management reasons (accounting

segment, sales segment, etc.).

Hosts which dominate most of the LAN bandwidth need to be isolated.

Breakdown network to increase latency/ breakdown broadcast domain

Cisco recommends less than 500 hosts per network
IP Address (IPv4)
Understanding Binary (base2) number system
-Used by computer, 1s (on) and 0s (off)
-In every network First address is network address, last address is broadcast

Exponent 7 6 5 4 3 2 1 0
Place Value 128 64 32 16 8 4 2 1
192 1 1 0 0 0 0 0 0
168 1 0 1 0 1 0 0 0
1 0 0 0 0 0 0 0 1
224 1 1 1 0 0 0 0 0

192 168 1 1=on 224

-128 128=on -128 128=on -1 Rest 0 -128 128=on
64 40 0 96
-64 64=on -32 32=on -64 64=on
0 8 32
-8 8=on -32 32=on
0 -0
Slash Notation
Total number of network bits
1st Octed 2nd Octet 3rd Octet 4th Octet Slash
Notation
Number of 8 8 8 4
Network Bits

Network Mask 255 255 255 240 /28

Binary 11111111 11111111 11111111 11110000 28 bits
Equivalent

*Routers perform logical AND with the IP and Network Mask to determine which
network the IP belongs
Ex. IP address 192.168.1.3 255.255.255.240 Ex. IP address 192.168.1.60 255.255.255.240

192.168.1 .00000011 192.168.1 .00111100

255.255.255.11110000 255.255.255.11110000

00000000 00110000

Belongs to network 192.168.1.0/28 Belongs to network 192.168.1.48/28

Broadcast = 00001111 or .15 Broadcast = 00111111 or .63

Next Network = 00010000 or .16 Next network = 01000000 or .64

TYPES OF SUBNETTING
1) Subnetting given a required number of networks
2) Subnetting given a required number of clients/hosts
3) Finding original network range (IP address & Subnet Mask given)
• A service provider has given you the Class C network range
200.40.1.0./24 Your company needs 20 networks.
1) Determine the number of subnets and convert to binary
requirement = 20 networks = 000 10100 <no. of bits required
2) Reserve required bits in subnet mask and find incremental
value
- Our original subnet mask is 255.255.255.0 (Class C subnet)
- The full binary representation of the subnet mask is as follows:
255.255.255.0 = 11111111.11111111.11111111.00000000 reserved host bits
- We must “convert” 5 of the client bits (0) to network bits (1) in order

to satisfy the requirements:

New Mask = 11111111.11111111.11111111.00000000 or 255.255.255.0
 Finding the Increment - last possible network
New Mask = 11111111.11111111.11111111.11111000 =8
last network bit is your increment bit.
New mask is 255.255.255.248 or /29

3) Use increment (8) to find network ranges

- Start with your given network address and add your increment to the
subnetted octet, you can now fill in the ranges.

Networks Network Valid Host Range Broadcast

200.40.1.0 Address Address
200.40.1.8 200.40.1.0 269.40.1.1 - 6 (6 hosts) 200.40.1.7
200.40.1.16
200.40.1.8 269.40.1.9 - 14 (6 hosts) 200.40.1.15
200.40.1.24
200.40.1.32 200.40.1.16 … 200.40.1.23
200.40.1.40 200.40.1.24 … 200.40.1.31
200.40.1.48
200.40.1.32 … 200.40.1.39
200.40.1.56
200.40.1.64 200.40.1.40 … 200.40.1.47
…………… 200.40.1.48 … 200.40.1.55
……………
200.40.1.56 … 200.40.1.63
Up to range of
200.40.1.248 total 200.40.1.64 … 200.40.1.71
of 32 networks … … ……………
200.40.1.248 200.40.1.249 – 254 (6 hosts) 200.40.1. 255
Subnetting when given a required number of clients
A service provider has given you the Class C network range 200.40.1.0. Your
company needs 50 hosts per network
Step 1) Determine the number of clients and convert to binary

- In this example, the binary representation of 50 = 00110010

Step 2) Reserve required bits in subnet mask and find incremental value

- The binary value of 50 clients tells us that we need at least 6 client bits to satisfy
this requirement.
original subnet mask is 255.255.255.0 (Class C subnet) , convert to binary

255.255.255.0 = 11111111.11111111.11111111.00000000

Place the 6 “host” bits starting from right, the rest of the octet is 1.

New Mask = 11111111.11111111.11111111.1(1) 000000 

Or 255.255.255.192

Increment is the last “1” bit or the 64

Step 3) Use increment to find network ranges

- Start with your given network address and add your increment to the subnetted
octet:

209.50.1.0
209.50.1.64
209.50.1.128
209.50.1.192

- You can now fill in your end ranges, which is the last possible IP address before
you start the next range

209.50.1.0 – 209.50.1.63
209.50.1.64 – 209.50.1.127
209.50.1.128 – 209.50.1.191
209.50.1.192 – 209.50.1.255

Remember that the first and last address of the range are network and broadcast
Given an IP address & Subnet Mask, find original network range
192.168.1.58
255.255.255.240
Identify the original range of addresses (the subnet) that this IP address belongs to

break the subnet mask back into binary and find the increment that was used

255.255.255.240 = 11111111.11111111.11111111.111(1)0000

Last 1 bit is the increment = 16

- Use this increment to find the network ranges until you pass the given IP address:
192.168.1.0
192.168.1.16
192.168.1.32
192.168.1.48
192.168.1.64 (passed given IP address 192.168.1.58)

- Now, fill in the end ranges to find the answer to the scenario:
192.168.1.0 – 192.168.1.15
192.168.1.16 – 192.168.1.31
192.168.1.32 – 192.168.1.47
192.168.1.48 – 192.168.1.63 (IP address 192.168.1.58 belongs to this range)
Variable Length Subnet Mask
VLSM provides the ability to subnet an already subnetted network address
Saves unused IP address, most efficient addressing

30 hosts

2 hosts p2p link 2 hosts p2p link

60 hosts 10 hosts

192.168.1.0/24
1 Convert required no. of hosts to binary. Get the range by adding increment
60=00111100 = 6 bits 192.168.1.0 add increment (64)
Reserve host bits
192.168.1.1-62- range
11 000000 increment is 64 (last 1) (/26)
192.168.1.63 - broadcast
2 Convert required no. of hosts to binary. 192.168.1.64
30=000 11110 = 5 bits 192.168.1.64 add next req. increment
Reserve host bits 192.168.1.65-94 (32host)
11100000 increment is 32 (last 1) (/27) 192.168.1.95
192.168.1.96
3 Convert required no. of hosts to binary.
192.168.1.96 add next req. increment
10=0000 1010 = 4 bits
192.168.1.97-104 (10host)
Reserve host bits
192.168.1.105
11110000 increment is 16 (last 1) (/28)
192.168.1.106
4 Convert required no. of hosts to binary. Get the range by adding increment
2=00000010 = 2 bits 192.168.1.106 add increment (4)
Reserve host bits
192.168.1.107-108- range
11111100 increment is 4 (last 1) (/30)
192.168.1.109 - broadcast
30 hosts 192.168.1.110
192.168.1.0/27
192.168.1.110 add next req. increment
192.168.1.111-112 (4)
192.168.1.110/30 192.168.1.114/30
192.168.1.113 - broadcast
192.168.1.114

192.168.1.118/30

60 hosts 10 hosts
192.168.1.0/26 192.168.1.0/28
VLSM address
 Chapter 2 Local Area Network
LAN Method of Communications / Types of Ethernet Traffic

Unicast – one host sends data to a specific host

Broadcast – one host sends data to all, data is received by all hosts connected
except from the one it came from.

Multicast – data is sent to a specific group

Multicast group
member
Commonly used types of UTP cabling are as
follows:
• Category 1 —Used for telephone communications. Not suitable for
transmitting data.
• Category 2 —Capable of transmitting data at speeds up to 4
megabits per second (Mbps).
• Category 3 —Used in 10BASE-T networks. Can transmit data at
speeds up to 10 Mbps.
• Category 4 —Used in Token Ring networks. Can transmit data at
speeds up to 16 Mbps.
• Category 5 —Can transmit data at speeds up to 100 Mbps.
• Category 5e —Used in networks running at speeds up to 1000
Mbps (1 gigabit per second [Gbps]).
• Category 6 —Typically, Category 6 cable consists of four pairs of
24 American Wire Gauge (AWG) copper wires. Category 6 cable is
currently the fastest standard for UTP.
UTP Cabling Standards
• Straight Thru = T568A + T568A / T568A+T568B – used on
connect different devices
• Cross Over = T568A + T568B – used to connect same devices (eg.
Router to router

Cabling
• Patch Panels
• Wall Jack
• Crimping Tools
What is CSMA/CD
Carrier Sense Multiple Access/ Collision Detection
rules/standard on how Ethernet devices transmit information to the
Ethernet network
• Carrier – Network Signal
• Sense – The ability of host to detect if there is a transmission
• Multiple Access – all devices have equal access
• Collision – happens when two devices sends at once
• Detection – how hosts handle collisions when collisions occur

• Back off algorithm – random timer before hosts can resend data
after collision detection
 problems with CSMA/CD
LAN Design Challenges
Data Collision, bandwidth

Collision Domain
• several users would all share the same port on a network device
and would compete for resources (bandwidth) and only one host
can transmit at a time. Ex. ARP
• how many devices can send or receive data at the same time
• if two hosts sends data at the same time, a collision occurs
Broadcast domain – span of the network where hosts can be reached
via broadcast.
Hub = 1 collision domain
All hosts are listening to the wire to see if it
is free.

Host 1 wants to send data to Host 2 and

checks the wire if it is free and sends data

Hub sends it to all ports.

More computer causes clogging/collision

Network Segmenting
Why segment a network

Increases the bandwidth available to each user: Bandwidth is a shared entity, but each segment and
its users have full use of the bandwidth available. For example, if there are 100 users on a 100 Mbps
segment, each user has an average of 1 Mbps of available bandwidth. If this same segment were
further segmented into 10 segments with 10 users on each segment, however, then every user would
have an average of 10 Mbps of available bandwidth.
·
Fewer collisions: In general, traffic tends to stay within a segment, and less traffic is routed beyond
the segment to contend for access to the backbone.
·
Reduces Ethernet distance limitations: There are inherent distance limitations on an Ethernet
network. When a network is segmented with a router (and only a router; not a bridge,
and not a switch), the beginning point from which the maximum distance for the cabling is
determined is re−established.

Segmenting Methods
using bridge using switch using routers
Network Segmenting
breaking up of collision domain to reduce congestion

• Bridges – A data link layer device that logically separates a

network into segments but lets the two segments appear to be one
network to higher layer protocols. Can forward or block frames.

Segment A Segment B
BRIDGE (created 2 collision domains)
Learns mac address connected on
Segment A and B

Hosts on Segment A can send data on other

hosts on Segment A while Hosts on Segment B
can send data on hosts on Segment B at the
same time. If host on Segment A sends data for
host on Segment B, the bridge will pass it to the
other side of the network
Problem =slow (software based), few ports
Switch Operation
• Each ports is a collision domain
• Full-duplex
• Hardware based data processing (ASIC)
• Higher port density than bridges
• Data Buffering MAC Table is also called:
CAM Table
• VLANs Bridging Table
• Supports higher bandwidth Switch Table

COLLISION DOMAIN COLLISION DOMAIN

Multicast group
member
COLLISION DOMAIN
COLLISION DOMAIN

BROADCAST DOMAIN
Maintains CAM (Content Accessible
Memory) Table
Which stores MAC Address
- makes the switch intelligent
• A switch uses MAC Address to forward frames, when it is first
powered on, the MAC address (CAM table) is empty and learns the
MAC address via the attached devices ARP (address resolution
protocol) requests.
• (CAM Table Empty) Host A sends a frame to Host C., when switch
receives it, it floods the frame to all other port (destination unknown),
the MAC address of Host A is learned and added to the table and
associates it with the port it was received.
• Host C takes the ownership and replies with its IP address. Switch
adds Host C MAC address and the port to the CAM table.
• Host A now sends frame to specific port instead of flooding the
frame.

CAM Table

MAC Address IP Address Port

aa:bb:cc:dd:ee:ff 192.168.1.2 Fa0/1

aa:bb:cc:dd:ee:ff cc:dd:ee:ff:gg:hh
bb:aa:bb:cc:dd:ee 192.168.1.4 Fa0/2

cc:dd:ee:ff:gg:hh 192.168.1.3 Fa0/3

bb:cc:dd:ee:ff:gg
Switch Frame Transmission Mode
• Cut-Through – The switch checks the destination address and immediately
begins forwarding the frame. Decreases latency but can also transmit frames
containing errors.
• Store and forward – the switch waits to receive the entire frame before
forwarding. Reads the entire frame and performs Cyclic Redundancy Check
(CRC), if bad, the frame is discarded. Increased latency.
• Fragment-free – the switch reads the first 64kb before forwarding the frame
(the minimum number of bytes needed to detect and filter out collision
frames).

How Switch Segments the network

• Mac Address Learning – switches learn the MAC address of devices
attached to each of their ports. These addresses are store in a MAC
database (CAM table).
• Forwarding and Filtering – switches determine which port a frame must be
sent out to reach the destination. If known address, it is sent only to the port,
otherwise, the frame is flooded to all ports except from the port it was
received.
• Flooding – switches flood all unknown frames, broadcasts/multicasts to all
ports except to the one it was received.
PT Activity Building A switched Network

DHCP Pool = lan clients

Scope = 192.168.1.0/24
Range = 192.168.100 – 254
Excluded = 192.168.1 – 99
Reserved: (dynamic manual)
192.168.1.100/dynamic
Aa:bb:cc:dd:ee:ff

Static Allocation
192.168.1.1
192.168.100
192.168.101
192.168.1.101/dynamic
192.168.102

192.168.1.102/dynamic
DHCP Server
Chapter 3 Cisco IOS

Objectives:
At the end of the training, you are expected to
have good understanding on the following:
•Cisco IOS and its use and features
•Cisco Boot process
•Accessing Cisco Routers/Switch/IOS
•Cisco IOS Function Level
•Cisco Enhance Editing Commands
Cisco IOS
internetwork operating system
• Provides the following features:
• Carries network protocols and functions
• Connectivity
• Security
• Scalability
• Reliability

Can be accessed thru console, cable telnet/SSH connection.

Cisco IOS Boot Process

1. completes Power-On Self-Test (POST)
2. Finds and loads IOS
3. Finds and applies device configuration
Cisco IOS Naming Convention

Base—entry level image (IP Base, Enterprise Base)

Services—addition of IP Telephony Service, MPLS, Voice over IP (VoIP), Voice over Frame Relay
(VoFR), and ATM (SP Services, Enterprise Services)
Advanced—addition of VPN, Cisco IOS Firewall, 3DES encryption, SSH, Cisco IOS IPsec and Intrusion
Detection Systems (IDS) (Advanced Security, Advanced IP Services)
Enterprise—addition of multi-protocols, including IBM, IPX, AppleTalk (Enterprise Base, Enterprise
Services)

The Cisco IOS software image name represents the hardware, feature set, format,
and other information about the image file

Example of a Cisco IOS Image Name

 Booting the Router

Full IOS

Stripped IOS version

• Test the router hardware (POST).

• Find and load the Cisco IOS software.
• Find and apply configuration statements, including protocol functions
and interface addresses.
Boot System Command
Configuration register

• Check Configuration Register value (NVRAM)

• 0 = ROM Monitor mode
• 1 = ROM IOS
• 2 - 15 = startup-config in NVRAM

• The order in which the router looks for system bootstrap information
depends on the boot field setting in the configuration register.
• The configuration register is a 16-bit register in NVRAM.
• The lowest four bits of the configuration register form the boot field.
• To ensure that the upper 12 bits are not changed, first retrieve the
current values of the configuration register using the show version
command.
• Then use the config-register command, changing only the value
of the last hexadecimal digit.
 Showing the configuration register
show version
• Gateway-Router>show version
• Cisco Internetwork Operating System Software
• IOS (tm) C2600 Software (C2600-DO3S-M), Version 12.0(5)T1, RELEASE SOFTWARE (fc1)
• Copyright (c) 1986-1999 by cisco Systems, Inc.
• Compiled Tue 17-Aug-99 13:18 by cmong
• Image text-base: 0x80008088, data-base: 0x80CB67B0

• ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

• NoSmo-Gateway uptime is 5 weeks, 3 days, 20 hours, 33 minutes

• System returned to ROM by power-on
• System restarted at 13:30:22 PST Thu Mar 7 2002
• System image file is "flash:c2600-do3s-mz.120-5.T1" Location of ios and filename
• cisco 2621 (MPC860) processor (revision 0x102) with 39936K/9216K bytes of memory
• .
• Processor board ID JAB03520113 (2485375272)
• M860 processor: part number 0, mask 49
• Bridging software.
• X.25 software, Version 3.0.0.
• 2 FastEthernet/IEEE 802.3 interface(s)
• 4 Serial(sync/async) network interface(s)
• 32K bytes of non-volatile configuration memory.
• --More—
• Configuration register is 0x2102
Config register

• Gateway-Router>
External/Remote Cisco Device Configuration
•Console terminal
•Remote Terminal (aux port)
•Telnet
•TFTP
•Ciscoworks
•SSH
Only a console or remote terminal connection can initially
configure a cisco device

Configuring/connecting to console

1.Needs console cable (rollover) and a pc

2.Connect the rj45 end of the cable to the Cisco device’s console
port
3.Connect the other end to the pc
4.Set pc’s com port to: baud rate-9600bps, 8 databits, no parity, 1
stop bit, no flow control
 Cisco IOS Function Level
IOS function level Access Level Function Indicator

User Exec mode User mode Limited, view only >

Privileged Exec mode Enable mode View and change configuration Router#
Global Exec mode configuration Config mode Change settings such as ip (Conf)#
Interface Configuration Change interface settings (Conf-if)#

The Friendly Cisco IOS HELP keys

? - displays available command per level
-more – indicates there are more options to choose below, press space bar to view, enter
next line or any key to proceed
s + ? – displays all commands that starts with letter s

Show – shows all variants of show command, displays information

Enhanced Editing commands (shortcuts)
Command Actions
Ctrl-A Moves the cursor to the beginning of the line
Ctrl-E Moves cursor to the end of the line
Esc-B Moves the cursor back one word
Esc-F Moves the cursor forward one word
Ctrl-B Moves the cursor back one Character
Ctrl-F Moves the cursor forward one character
Ctrl-D Deletes a single character
Backspace Removes one character to the left of the cursor
Ctrl-R Redisplays a line
Ctrl-U Erases from the cursor to the beginning of the line
Ctrl-W Erases a word
Ctrl-Z Ends the configuration mode and returns to the EXEC mode
Tab Completes a partially entered (unambiguous) command
Ctrl-P or up arrow Recalls a command beginning from the most recent
Ctrl-N or down arrow Returns the most common command in the buffer

Command history – default 10 lines, max 256 using history-size command

History-size (no. of lines
Show history
Chapter 4 Basic Router/Switch Configuration
Objective:
At the end of this chapter, you are expected to have a good
understanding on the following areas:

• Understanding Router functions and use

• Basic router/switch boot process, switch interfaces
• Connecting to cisco router/switch
• Basic Switch/Router security(setting port security, telnet,
ssh, console passwords)
• Connecting hosts to switch
• Basic Router interface configuration and router as a
DHCP server
• Creating Switch VLAN
• Creating router subinterfaces and InterVLAN routing
(router-on-a-stick)
• Discovering Neighbor cisco devices
 Switch LED Indicators
Led status provides information on switch status during
start-up, normal conditions, and fault operations.
Pressing the mode button toggles through the following
display mode
-Port Status
- Bandwidth utilization
-Full-duplex support

Sytem LED Green: system good

Redundant Power Supply
(RPS)
Port Status (STAT)
Bandwidth Utilization (UTL)
Full-duplex (FDUP)
Amber: system malfunction; one or more POST errors
Green: RPS good Flashing Green: RPS connected but is
used by other device Amber: RPS bad
Flashing Amber: PS and RPS good and used by the switch
Green: Link present Flashing Green: link present/activity
Alternating Green and Amber: Link Fault
Amber: Port not forwarding
Green: Bandwitdh util displayed over the amber LED
Amber: Max backplane util since last powered on
Green and Amber: model dependent
Green: full duplex Off: half-duplex
 Switch Basics
Connect console cable to switch console port
Set terminal program (hyperterminal/putty)
baud rate-9600bps,8 databits, no parit,1 stop bit, no flow control
•The number of Ethernet switching interfaces
show version •The serial numbers of the device and its power
• The version of the IOS operating system supplies
• The version of the ROM bootstrap •The MAC address of the switch
• The version of the boot loader •The revision number of the motherboard
• How someone last powered on the device •The model number of the switch
• The time and date the system last started •Whether you've enabled password recovery
• The "uptime" for the system
• The image file that the device last started (i.e., the actual path to the IOS software)
• How much RAM the device has
• The processor board ID, which you can use to determine the version of the device's motherboard
• The number and type of each interface on the device (e.g., Qty 2 Ethernet, Qty 6 Serial (routers, etc.)
• The number of terminal lines on the router if a router has asynchronous serial lines attached
• The amount of nonvolatile RAM (NVRAM), used to hold the SAVED version of the configuration file,
also known as the startup-configuration
• The amount and type of Flash on the device (except on a switch), used to hold the operating system
when it isn't in use (Think of it as the equivalent to a hard drive on a PC.)
• The configuration register on the device, which is a hexadecimal number used to tell the device what
to do when it boots. (Typically, this only changes when you need to bypass the configuration file
because of a lost password, but you can also change it for other special cases.)
• The hostname of the device
Switch Basics
Showing Switch Status Configure hosts with IP range:
Show running-config 10.0.0.0 – 10.0.0.254

Show startup-config 255.255.255.0

console
Show version
Show interfaces
10.0.0.1 10.0.0.2 10.0.0.3

MAC Address Management

-learn by the switch (dynamic)
-static – assigned by admin

Mac-address-static (mac-address) vlan (vlan id) interface (interface id)

-Associates a MAC address to a particular switch port.
Configuring Switch from CLI
The following Two configuration modes are available
-The Global configuration mode
switch#conf t
switch(config)#hostname L2Switch
- Interface configuration mode
switch(config)#interface fa0/1
switch(config-if)#switchport mode access
Configuring switch management vlan

VLAN1 = default logical interface used for management

To assign IP Address on a switch management VLAN
switch(config)# Interface vlan1
switch(config-if)# Ip address 10.0.0.200 255.255.255.0
switch(config-if)# No shutdown

Configuring Switch default-gateway

switch(config)# ip default-gateway 10.0.0.1 255.255.255.0
Switch Security
Basic security suggestions for network devices
• Use complex passwords
• Limit telnet by using access list
• Use SSH instead of telnet
• Physically secure access to switch
• Use banners to warn against unauthorized access
• Set up monitor sys log
• Configure port security
• Disable unused ports
• Set ports either as trunk or access

Configuring console password Configuring enable & secret password

Switch(config)#line console 0 Switch(config)#enable password cisco
Switch(config-line)#login Switch(config)#enable secret cisco1
Switch(config-line)#password ccna

Configuring telnet password

Switch(config)#line vty 0 15
Switch(config-line)#login
Switch(config-line)#password ccna
Configuring Login and MOTD banner
Switch#conf t
Switich(config)#banner login # <indicates next chars are the banners <start banner text
here> # <indicates end of banner text

Switch#conf t
Switch(config)#banner motd # <indicates next chars are the banners <start banner text
here> # <indicates end of banner text

Configuring SSH (encrypted)

Switch(config)#username cisco password 0 ccna <create username and password
Switch(config)#ip domain-name cisco.com <assign domain name to the device
Switch(config)#crypto key generate rsa <generate rsa key
Switch(config)#512
Switch(config)#ip ssh ver 2 <enable SSH
Switch(config)#line vty 0 15
Switch(config-line)#login local
Switch(config-line)#transport input telnet ssh <enable vty to authenticate using SSH
Securing VTY Access

Restricting access to VTY lines by ip address, done by using Access lists

Uses wild card mask for ip ranges
Access list number from 1 to 99 or 1300 to 1999
<syntax>
Access-list <access-list no.> -permit/deny <source address> <wildcardmask
Access class <access-list no.> in/out

(create access list no. 10 permitting telnet access to VTY lines from network 192.168.10.0/24)
Switch(config)#access-list 10 permit 192.168.10.0 0.0.0.255
Switch(config)#line vty 0 15
Switch(config-if)access-class 10 in <applies access-list to telnet ports

Telnet = used to connect to remote hosts/cisco devices, requires ip address, username &
password

Securing Unused Ports

- Disable ports (issue shutdown command on unused ports)
- Place unused ports in an unused VLAN
Configuring Port Security
-limits number of MAC addresses allowed per port and which are allowed
-Can be manually configured or dynamically learned by the switch.
- Switch port-security mac-address [mac-address]
Manually configures the port to use a specific MAC
- Switchport port-security maximu [value]
Configures the maximum number of MAC addresses allowed on the port. Default 1
-Switchport port-security violation [restrict|shutdown]
option provides the action to be taken when maximum no. of MAC address is reached when
MAC addresses not associated with the port try to access the port.
Restrict, tells switch to restrict access, shutdown tells the switch to shutdown the port.
Switch(config)#int fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)# switchport port-security max 1
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security violation restrict
To verify: use show port-security command
RESOLVING SWITCH ISSUES
When troubleshooting switches always remember that:
-Switches operate at Layer 2 of the OSI model
-Switches provide an interface to the physical media
-Problems generally are seen at Layer 1 and Layer 2
-Layer 3 issues could be regarding IP connectivity to the switch
-Be familiar with switch operation
Switch Issues
Common switch Layer 1 issues include the following
-Bad Wire (shows excessive collisions and noise – show ip interface)
-EMI is introduced
-New equipment is installed – check voltage stability
-Wire length (look at collision and late collision – show ip interface)
-Cable type, and if cable is connected to the right port.

Identifying and Resolving Access Port Issues

-Media Related Issues (up and down port)
-Duplex mismatch (one end uses full other end uses half –
autonegotiation failure)
-Speed mismatch (one end using 100 other end using 10 –
autonegotiation failure)
-check port status
VLANs
VLANs are users grouped in a logical broadcast domains that can span multiple physical
segments. VLAN allow logically defined user groups rather than defined by their physical
locations.
Characteristics of VLAN
• VLAN can span multiple LAN segments
• VLAN improves segmentation, flexibility, and security
• VLAN segmentation is not bound by the physical location of the users
• Only ports on the specific VLAN share broadcast, other VLAN do not see other VLAN
broadcast
• A VLAN can exist on one or several switches
• Provides QOS and Access Control
VLAN Operation
VLAN traffic stays only on the VLAN it
originated. Reducing overall network traffic.
VLAN require a trunk connection between
switches
Each trunk can carry traffic for multiple VLAN
Only one VLAN membership per port only
Normal Switch V.S. VLAN 1 VLAN = 1 Subnet = 1 Broadcast Domain
One Collision Domain per port
Broadcast are sent to all ports
One subnet per LAN
Very Limited Access Control

VLAN range is from 1 to 4094

VLAN 1002 – 1005 are reserved
Switch supports up to 255 VLANs
VLAN requires trunk port to pass traffic across multiple switches

VLAN Port Membership Modes

Static Access – port belongs to a single VLAN and statically assigned

Trunk – port is member of all VLAN, sends / receives tagged frames from
multiple VLAN
Dynamic Access – belongs to one VLAN. Assigned by a VLAN Membership
Policy Server (VMPS). Cannot connect to other switches.
Voice VLAN – connected to ip phone that is configured to connect to a Voice
VLAN and Data VLAN
Native VLAN – receives/sends untagged frames.
VLAN Assignment
VLAN Membership can be either static or dynamic
Static – The VLAN port is statically configured by admin
Dynamic assignment – the switch uses a VMPS (VLAN Membership Policy
Server). The VMPS is a database that maps MAC addresses to VLAN.

Adding and Assigning VLANS

CISCO(config)#vlan 1 !!!Configure port to be part of certain VLAN
CISCO(config-vlan)#name management CISCO(config)#interface fastethernet 0/5
CISCO(config-vlan)#exit CISCO(config-if)#switchport mode access
CISCO(config-if)#switchport access vlan 10
CISCO(config)#vlan 10 CISCO(config-if)#end
CISCO(config-vlan)#name sales !!!Configure multiple port to be part of certain VLAN
CISCO(config-vlan)#exit CISCO(config)#interface range fastethernet 0/7 - 9
CISCO(config)#vlan 20 CISCO(config-if)#switchport mode access
CISCO(config-if)#switchport access vlan 20
CISCO(config-vlan)#name hrd CISCO(config-if)#end
CISCO(config-vlan)#exit !!!configure fa port connected to router to trunk
CISCO(config)#vlan 30 CISCO(config)#interface fastethernet 0/0
CISCO(config-vlan)#name accounting CISCO(config-if)#switchport mode trunk
CISCO(config-vlan)#exit CISCO(config-if)#switchport trunk encapsulation dot1q
CISCO(config-if)#duplex full
 VLAN1 = 20 hosts
Subnet – 192.168.10.0/24

VLAN1 = 10 hosts
Subnet – 192.168.20.0/24

VLAN1 = 10 hosts
Subnet – 192.168.20.0/24

VLAN1 = 10 hosts
Subnet – 192.168.20.0/24
Port Forwarding 192.168.1.2
Mail/Web Server

203.215.91.3
192.168.1.1

192.168.1.3
FTP/DHCP

192.168.1.5
DNS/AD

192.168.1.4
NAT/PAT – DHCP Database
Server Technologies and Advertising Them.

DHCP History
BootP
RARP
DHCP

Web Server
Dominant Application
Apache
MS IIS

Mail Server
POP3
SMTP

FTP
Microsoft FTP server – built in
Filezilla