Introduction to IP Addressing And Networking :
Network can be defined as the interconnection of autonomous computers linked together to facilitate communication while network is a simple concept of connected computers.
Networks and networks have grown exponentially over the last 15 years; they have evolved at a low speed only to keep up with major increases in critical user basic needs such as data sharing and printers, as well as more advanced demands such as video conferencing.
LOCAL AREA NETWORK (LAN)
A LAN (Local Area Network) is a group of computers and network devices connected together, usually in the same building. A Local Area Network (LAN) is a high-speed communication system designed to link computers and other data processing devices together within a small geographic area, such as a workgroup, department, or building. Local Area Networks implement shared access technology. This means that all devices connected to a LAN share a single communication medium, usually coaxial cable, twisted pair, or optical fiber.
METROPOLITAN REGIONAL NETWORK (MAN)
A metropolitan area network or MAN is a large computer network that usually spans a single city or town. They usually use wireless infrastructure or fiber optic connections to connect their sites.
The IEEE 802-2001 standard describes a MAN as: “A MAN is optimized for a larger geographic area than a LAN, ranging from a few building blocks to an entire city. A MAN can also depend on communication channels with medium to high data rates. A MAN can be owned and operated by one organization, but will typically be used by many individuals and organizations MANs can also be owned and operated as public utilities They will often provide the means for internetworking local networks. Metropolitan area networks can span up to 50 km.”
WIDE AREA NETWORK (WAN)
Wide Area Network (WAN) is a computer network that covers a large area. WAN compared to MAN, is not limited to geographic location, although it may be limited to geographic location, it may also be limited to country or country boundaries. A WAN connects multiple LANs, and may be limited to a company (company or organization) or accessible to the public.
This technology is high-speed and relatively expensive. INTERNET is an example of a worldwide public WAN.
Routers are used to connect networks together and route data packets from one network to another. Routers, by default share a broadcast domain, which is the collection of all devices on a network segment that hears all broadcasts sent on that segment.
Routers also break collision domains. This is an Ethernet term used to describe a network scenario where one particular device sends a packet on a network segment, forcing every other device on that segment to pay attention to it. At the same time, different devices try to transmit, causing a collision, after which both devices have to retransmit one by one.
The router runs on layer 3 of the OSI (Open Systems Interconnection) reference model.
Switches are used for network segmentation based on MAC addresses. The switch looks at the hardware address of the incoming frame before deciding whether to forward the frame or drop it.
The switch breaks the collision domain but the hosts on the switch are still members of one large broadcast domain.
A hub is really a multiple port repeater. The repeater receives the digital signal and re-amplifies or regenerates that signal, and then forwards the digital signal out all active ports without seeing any data. Active hubs do the same. This means all devices plugged into the hub are in the same collision domain as well as in the same broadcast domain, meaning that the devices share the same bandwidth. Hubs operate at the physical layer of the OSI model.
An IP address is a numeric identifier assigned to each machine on an IP network. It designs the specific location of the device on the network. An IP address is a software address and is designed to allow hosts on one network to communicate with hosts on a different network regardless of the type of LAN in which the host participates.
Bit: A bit is a single digit, either 1 or 0.
Byte: A byte is 7 or 8 bits, depending on whether parity is used.
Octet: An octet, consisting of 8 bits is just a regular 8 bit binary number. In most cases, bytes and octets are completely interchangeable.
Network address: This is the designation used in routing to send packets to remote networks. For example 10.0.0.0, 172.16.0.0, and 192.168.10.0 are network addresses.
Broadcast address: The address used by applications and hosts to send information to all nodes on the network is called a broadcast address. Examples include 255.255.255.255 which is all networks, all nodes; 172.16.255.255, which is all the subnets and hosts on the 172.16.0.0 network.
HIERARCHICAL IP EXPERIENCE SCHEME
An IP address consists of 32 bits of information (IPV4). IPV6, the new version of IP consists of 128 bits of information. 32-bit IP is divided into four parts called octets or bytes, each containing 1 byte (8bit).
IP addresses are represented using one of these 3 methods.
Dotted decimal, as in 172.16.30.56
Binary, as in 10101100.00010000011110.00111000
Hexadecimal, as in AC.10.1E.38
All of these examples represent the same IP address. But the most commonly used is the dotted decimal. The Windows Registry stores the machine’s IP address in hex.
A 32 bit IP address is a structured or hierarchical address, as opposed to a flat non-hierarchical address. Although both types of addressing schemes can be used, hierarchical addressing is chosen for good reasons. The advantage of this scheme is that it can handle a large number of addresses, i.e. 4.3 billion (a 32 bit address space with two possible values for each position i.e. 1 or 0 gives 237, or 4,294,967,296).
Disadvantages of flat addressing schemes have to do with routing. If each address is unique, all routers on the internet need to store the address of every machine on the internet. This will make efficient routing impossible.
NETWORK ADDRESS TYPE
Network addresses uniquely identify each network. Every machine on the same network shares that network address as part of its IP address. In the IP address 172.16.30.56, 172.16 is the network address.
The node address is assigned and uniquely identifies each machine on the network. This number can also be referred to as the host address. In 172.16.30.56, 30.56 is the address of the node. Class A networks are used when a small number of networks having a very large number of nodes are required. Class C networks are used when multiple networks with a small number of nodes are required.
CLASS A ADDRESS
The first bit of the first byte in a class A network address must always be off or 0. This means a class A address must be between 0 and 127, inclusive.
If we turn off the other 7 bits and then turn them all on, we will find the class A network address range.
000000000 = 0
01111111 = 127
The class A format is network.node.node.node, so for example at the IP address 126.96.36.199, the number 49 is the network address and 22.102.70 is the node address. Each machine on this particular network will have a special network address 49.
CLASS ADDRESS B
The first bit of the first byte must always be enabled, but the second bit must always be turned off.
If we can enable the first bit and the second bit and if the other 6 bits are all and then all, we will find the class B range of network addresses.
10000000 = 128
10111111 = 191
The class B format is network.network.node.node, so far the IP address is 188.8.131.52, 132.163 is the network address and 40.57 is the node address.
CLASS ADDRESS C
The first and second bits of the first byte must always be enabled, but the third bit can never turn on.
If we enable the first and second bits and the third bits and then all the other 5 bits all and all, we will find the class C range of network addresses.
11000000 = 192
11011111 = 223
The class C format is network.network.network.node, for example the IP address is 184.108.40.206, 195.166.231 is the network address and 75 is the node address.
ADDRESS CLASS D AND CLASS E
Addresses between 224 and 255 are reserved for class D and E networks. Class D (224-239) is used for multicast addresses and class E (240-255) for scientific purposes.
PERSONAL IP ADDRESS
A private IP address is one that can be used on a private network, but cannot be routed over the internet. It is designed for the purpose of creating a much-needed security measure, but also saving valuable IP address space. If every host on every network had to have a routable IP address, we would have run out of IP addresses to share years ago.
Class A 10.0.0.0 to 10.255.255.255
Class B 172.16.0.0 to 172.31.255.255
Class C 192.168.0.0 to 192.168.255.255
IP ADDRESS TROUBLESHOOTING
Following are the troubleshooting steps in solving problems on IP networks.
1. Open a DOS window and ping 127.0.0.1. This is a diagnostic or loopback address, and if you get a successful ping, your IP stack is considered initialized. If it fails, then you have an IP stack failure and need to reinstall TCP/IP on the host.
2. From the DOS window, ping the IP address of the local host. If it works, it means that your Network Interface Card (NIC) is working. If it fails, then there is a problem with the NIC card. This doesn’t mean that the cable is plugged into the NIC, just that the IP protocol stack on the host can communicate with the NIC.
3. From a DOS window, ping the default gateway. If the ping is successful, the NIC is connected to the network and can communicate on the local network. If that fails, then you have local physical network issues that can occur anywhere from the NIC to the gateway.
4. If steps 1 to 3 are successful, try pinging the remote server. If it works then you have IP communication between local host and remote server, you also know remote physical network is working.
5. If the user is still unable to communicate with the server after successful steps 1 to 4, there may be a resolution issue and need to check the Domain Name Server (DNS) settings.
NETWORK ADDRESS TRANSLATION
Network Address Translation (NAT) is used primarily to translate private addresses within the network to global external addresses. The main idea is to save the global address space of the internet, but also improve network security by hiding the internal IP address from the external network.
TABLE 3: ADVANTAGES AND DISADVANTAGES OF NAT
Saves on legally registered addresses.
Reduce the occurrence of overlapping addresses.
Increase flexibility when connecting to the internet.
Eliminates address renumbering as network changes.
Translation introduces switching path delay
Loss of end-to-end traceability
Certain apps will not work with NAT enabled.
TYPE OF NAT
Static NAT: This type of NAT is designed to allow one-to-one mapping between local and global addresses. Static NAT requires that there is one real internet IP address for each host on your network.
Dynamic NAT: This version provides the ability to map unregistered IP addresses to registered IP addresses from a pool of registered IP addresses.
Overloading: This is also known as Port Address Translation (PAT). This is the most popular type of NAT configuration. Overloading is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address using different ports. With overload, thousands of users can connect to the internet using only one real global IP address.
Local address: Local hostname before translation.
Global address: The name of the address after the translation.
Inside locale: The name of the inside source address before translation.
Off-local: Destination hostname before translation.
Inside global: The hostname inside after translation
Outer global: Outer destination hostname after translation.
LAYER 2 SWITCHING
Layer2 switching is the process of using the hardware addresses of devices on a LAN to segment the network. The term layer 2 switching is used because the switch operates at the data-link layer which is the second layer of the OSI reference model.
Layer2 switching is considered a hardware-based interface because it uses specialized hardware called application-specific integrated circuits (ASICs). ASICs can run up to gigabit speeds with very low latency.
The switch reads each frame as it passes through the network, the layer2 device then places the source hardware address in the filter table and keeps track of which port the frame was received. The information (recorded in the switch filter table) is what helps the machine determine the location of a particular sending device.
Once the filter table is built on the layer2 device, it will only forward the frame to the segment where the destination hardware is located. If the destination device is on the same segment as the frame, the layer2 device will block the frame from going to another segment. If the destination is on a different segment, frames can only be transmitted to that segment. This is called the TRANSPARENT BRIDGE.
When the switch interface receives a frame with a destination hardware address not found in the device filter table, it will forward the frame to all connected segments. If the unknown device that was sent the frame replies to this forwarding action, the switch will update its filter table regarding the location of that device.
ADVANTAGES OF LAYER2 SWITCHING
The biggest benefit of switching LANs through a hub-centered implementation is that each device in each segment plugged into the switch can transmit simultaneously whereas hubs only allow one device per network segment to communicate at a time.
Switches are faster than routers because they don’t take time to look at Network layer header information. Instead, they look at the frame’s hardware address before deciding to forward the frame or drop it.
A switch creates a dedicated collision domain and provides independent bandwidth on each port unlike a hub. The image below shows five hosts connected to the switch, all running 10Mbps half-duplex to the server. Unlike the hub, each host has a dedicated 10Mbps communication to the server.
LAYER2 SWITCH LIMITATION
The routed network breaks down the collision domain but the network is still one large broadcast domain. This not only limits the size and growth potential of your network, it can also reduce its overall performance.
LAYER2 SWITCHING FUNCTION
There are three different functions of layer2 switching, these are:
When the switch is first turned on, the MAC forwarding/filter table is empty. When a device transmits and the interface receives a frame, the switch places the frame’s source address in the MAC forward/filter table, allowing it to remember which interface the sending device is on. The switch then has no choice but to flood the network with these frames out of every port except the source port because it doesn’t know where the actual destination device is.
If a device responds to a flooded frame and sends a frame back, the switch takes the source address of the frame and places that MAC address in its database as well, associating this address with the interface that received the frame. Since the switch now has both relevant MAC addresses in its filtering table, the two devices can now establish a point-to-point connection. The switch doesn’t need to flood the frame as it did the first time.
If there is no communication to a specified address within a specified period of time, the switch deletes the entry from the database to keep it current.
When a frame arrives at the switch interface, the destination hardware address is compared with the forward/filter MAC database. If the destination hardware address is known and registered in the database, the frame is only sent over the correct outgoing interface.
The switch does not send frames out any interface except the destination interface. It maintains bandwidth on other network segments and is called FRAME FILTERING.
When two switches are linked together, redundant links between the switches are a good idea because they help prevent total network failure if one link stops functioning.
Redundant links are helpful but often cause more problems than they solve, this is because frames can overwhelm all redundant links simultaneously creating a network loop.
The switch uses a protocol called STP (Spanning Tree Protocol) created by Digital Equipment Corporation (DEC) now Compaq to avoid network loops by shutting down redundant links. With STP running, frames will be forwarded only on premium STP selected links.
CONFIGURING A CISCO 2950 CATALYST SWITCH FAMILY.
The 2950 switch is one of the high-end models of the Cisco Catalyst switch family. The 2950 comes in a variety of flavors and runs 10Mbps to 1Gbps switch ports with twisted-pair or fiber. They can provide basic data, video, and voice services.
2950 SWITCH START
When switch 2950 is first turned on, it will undergo a Power-on-Self-test (POST). At first all port LEDs are green, and if upon completion of posting determines that all ports are in good condition, all LEDs flash and then turn off. But if POST finds a failed port, the system LED and port LED turn yellow.
However, unlike routers, switches can actually be used Fresh-out-of-the-box. You simply plug the switch into your network and connect the network segments together without any configuration.
To connect to a Cisco switch, use a coiled Ethernet cable to connect the host to the switch console’s serial communication port. Once you have the correct cable connected from your PC to the Cisco switch, you can start HyperTerminal to establish a console connection and configure the device as follows:
1. Open HyperTerminal by clicking the start button then All programs, then Accessories, then Communication, then clicking HyperTerminal. Enter a name for the connection. It’s irrelevant what you call it. Then click OK.
2. Select the COM1 or COM2 communication port, whichever is open on your PC.
3. Now in the port settings. The default value (2400bps and no flow control hardware) will not work, you have to set the port settings as shown in the screenshot below.
Notice that the bit rate is set to 9600 and the flow control is set to none. At this point click OK and press the Enter key, and you should be connected to the console port of your Cisco switch.
Here’s the initial output of switch 2950:
— System Configuration Dialog —
Do you want to enter the initial configuration dialog? [Yes/no]: no
Press RETURN to get started!
00:04:53: %LINK-5-CHANGED: Vlan1 interface, changed state to administratively inactive
00:04:54: %LINEPROTO-5-UPDOWN: Path protocol on Vlan1 Interface, changed state to down
The switch > prompt is called user exec mode and is mostly used for viewing statistics. You can only view and change Cisco switch configurations in privileged exec mode which you enter with the enable command.
Global configuration mode can be entered from privileged mode by using the terminal command configure or simply config t.
Switch# configuration to
Enter configuration commands, one per line, End with CNTL/Z.
Switch(config)# zenith hostname
The hostname command is used in naming switches. The switch hostname is only locally significant but it’s still helpful to set the hostname on the switch so you can identify the switch when connecting to it.
SET ENABLE PASSWORD MODE AND LINE PASSWORD.
Zenith# configuration for
Enter configuration commands, one per line, End with CNTL/Z.
Zenith(config)# enable password bank
Zenith(config)# enable middle secret
The enable password bank command sets the enable password as the bank and the activate middle secret command sets the enable secret password as the middle. An enable secret password is more secure and replaces an enable password if set. Secret enable password and enable password cannot be the same on switch 2950.
Zenith(config)# line ?
First line number
main terminal line console
vty Terminal virtual
Zenith(config)# vty line ?
First line number
Zenith(config)# vty line 0 15
Zenith(config-line)# password alex
Zenith(config-line)# line con 0
Zenith(config-line)# password malouda
The vty line 0 15, the alex command login and password set the telnet password to alex and the con line 0, the login and malouda command password set the console password to malouda.
SETTING UP IP INFORMATION
You don’t need to set any IP configuration on the switch to make it work. You just plug it in. But there are two reasons we set the IP address information on the switch.
To manage the switch via Telnet or other management software.
To configure switches with different VLANs and other network functions.
Zenith(config)# int vlan 1
Zenith(config-if)# ip address 172.16.10.17 255.255.255.0
Zenith(config-if)# without shutdown
Zenith(config)# ip default-gateway 172.16.10.1
The IP address is set to 172.16.10.17 and the no shutdown command must be applied to activate the interface.
CONFIGURING INTERFACE DESCRIPTION
You can administratively assign a name to each interface on a switch with the description command.
Zenith(config)# int fastethernet 0/ ?
FastEthernet Interface Number.
Zenith(config)# int fastethernet 0/1
Zenith(config-if)# Description of LAN Sales
Zenith(config-if)# int f0/12
Zenith(config-if)# description Connection to Mail server
You can view the description at any time with the show interface command or the show running-config command from global configuration mode.
DELETE AND SAVE SWITCH CONFIGURATION
Zenith# copy running-config startup-config
Zenith# delete startup-configuration
The first command copies the configuration to NVRAM (Non-volatile RAM) while the erase startup-config command deletes the switch configuration.
Zenith# delete startup-configuration
Deleting the nvram file system will delete all files! Continue? [confirm] [Enter]
Delete nvram: done
VIRTUAL LANS (VLANs)
A virtual LAN (VLAN) is a logical grouping of network users and resources connected to administratively defined ports on a switch. When one creates a VLAN, one creates a smaller broadcast domain in the enabled internetwork by assigning different ports on the switch to different subnets. VLANs are treated like subnets or broadcast domains of their own, meaning that frames broadcast to the network are only routed between ports that are logically grouped within the same VLAN.
By default, no hosts in a given VLAN can communicate with other hosts that are members of another VLAN.
5.1 VLAN ADVANTAGES
A group of users who need security can be put in a VLAN so that no users outside the VLAN can communicate with them.
As a logical grouping of users by function, VLANs can be considered independent of their physical or geographic location.
VLANs can improve network security.
It can block broadcast storms caused by faulty NIC (Network Interface Card) cards.
VLANs increase the number of broadcast domains while reducing their size.
VLANs are usually created by an administrator, who then assigns a switch port to each VLAN. Such VLANs are called static VLANs. If the administrator wants to do a little more work up front and assign all of the host device hardware addresses to a database, then the switch can be configured to dynamically assign a VLAN whenever a host is plugged into the switch. These are called dynamic VLANs.
Static VLANs are the usual way to create VLANs, and are also the most secure. The switch port that you assign a VLAN association to always maintains that association until the administrator manually changes the port assignment.
Dynamic VLANs determine node VLAN assignments automatically. Using intelligent management software, you can base assignments on hardware addresses, protocols, or even applications to create dynamic VLANs.
An example is the VLAN Management Policy Server (VMPS) service which is used to manage a MAC address database that can be used for dynamic VLAN addressing. The VMPS database maps MAC addresses to VLANs.
As frames are routed across the network, the switch must be able to track all frames. Frames are handled differently according to the type of link they pass through. The frame identification method uniquely assigns a user-defined ID to each frame. This is sometimes referred to as the “VLAN ID”.
Each switch that a frame reaches must first identify the VLAN ID of the frame tag, and then figure out what to do with the frame by looking at the information in the filter table. If the frame reaches a switch that has another trunked link, it is forwarded to the trunk-link port.
Once the frame reaches the egress to the access link that matches the frame’s VLAN ID, the switch removes the VLAN identifier. This is so that the destination device can receive the frame without having to understand their VLAN identification.
There are two different types of links in an enabled environment, namely:
Access link: This type of link is only part of one VLAN. Any device connected to the access link is not aware of VLAN membership; the device only assumes its share of the broadcast domain. Access link devices cannot communicate with devices outside their VLAN unless the packets are routed.
Trunk links: Trunk links can carry multiple VLANs. A trunk link is a 100 or 1000Mbps point-to-point link between two switches, between the switch and the server. It carries traffic of multiple VLANs from 1 to 1005 at a time. Trunking allows you to create a single port share from multiple VLANs at the same time. It also allows VLANs to span multiple switches.
METODE IDENTIFIKASI VLAN
Pada dasarnya ada dua cara menandai bingkai.
Tautan Antar Sakelar (ISL)
Tujuan utama dari metode penandaan bingkai ISL dan 802.1Q adalah untuk menyediakan komunikasi VLAN antar-switch.
Protokol Inter-switch Link (ISL): Ini adalah switch Cisco berpemilik, dan digunakan hanya untuk link Ethernet cepat dan gigabit Ethernet. Perutean ISL dapat digunakan pada port switch, antarmuka router, dan kartu antarmuka server ke server trunk.
IEEE 802.1Q: Dibuat oleh IEEE sebagai metode standar penandaan bingkai, ini bukan milik Cisco, jadi jika Anda melakukan trunking antara tautan sakelar Cisco dan merek sakelar yang berbeda; Anda harus menggunakan 802.1Q agar link trunk berfungsi.
PROTOKOL TRUNKING VLAN (VTP)
Protokol ini dibuat oleh Cisco tetapi bukan hak milik. Tujuan dasar dari VLAN Trunking protocol (VTP) adalah untuk mengelola semua VLAN yang dikonfigurasi pada internetwork yang diaktifkan dan untuk menjaga konsistensi di seluruh jaringan. VTP memungkinkan administrator untuk menambah, menghapus, dan mengganti nama VLAN pada sakelar, informasi yang kemudian disebarkan ke semua sakelar lain di domain VTP.
Sebelum seseorang bisa mendapatkan VTP untuk mengelola VLAN di seluruh jaringan, seseorang harus membuat server VTP. Semua switch yang berbagi informasi VLAN yang sama harus berada dalam domain VTP yang sama.
Seseorang dapat menggunakan domain VTP jika ada lebih dari satu sakelar yang terhubung dalam jaringan, tetapi jika semua sakelar hanya dalam satu VLAN, tidak perlu menggunakan VTP. Informasi VTP dikelola antara switch melalui port trunk.
Laporan ini memaparkan seseorang pada berbagai aspek jaringan komputer, perutean IP dan pengalihan IP dan bagaimana mengelola jaringan dari jaringan kantor ke jaringan yang lebih besar. Area yang tercakup dalam laporan ini meliputi pengalamatan IP, Terjemahan Alamat Jaringan (NAT), pengalihan IP, dan Jaringan Privat Virtual (VPN).