Download CCNA 3 Module 2 Introduction to Classless Routing

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
Document related concepts

Internet protocol suite wikipedia , lookup

Deep packet inspection wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Distributed firewall wikipedia , lookup

Computer network wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Airborne Networking wikipedia , lookup

Network tap wikipedia , lookup

Virtual LAN wikipedia , lookup

Transcript 
CCNP 3 v4 Module 1
Designing a Network Using the
Campus Infrastructure Model
© 2003, Cisco Systems, Inc. All rights reserved.
1
Objectives
• Describing the Campus Infrastructure
Model
• Deploying Technology in the Campus
Infrastructure Model
© 2003, Cisco Systems, Inc. All rights reserved.
2
Overview
• Cisco Systems has developed a blueprint
for designing networks around the needs
of today’s users, and the improved
infrastructure technologies that exist to
meet those needs in a modern network.
• This blueprint, called the Enterprise
Composite Network model, is a modular,
hierarchical approach to network design.
© 2003, Cisco Systems, Inc. All rights reserved.
3
Devices in a Nonhierarchical Network
• The simplest Ethernet network
infrastructure is composed of a single
collision and broadcast domain.
• This type of network is referred to as a
"flat" network because any traffic that is
transmitted within this network is seen by
all of the interconnected devices.
–Hubs
© 2003, Cisco Systems, Inc. All rights reserved.
4
Issues with Nonhierarchical Network
• Benefits:
– Very simple to install and configure
– Good fit for small or home office (SOHO)
• Drawbacks:
– Does not scale well as network grows
– Collisions and broadcasts on the network
increase as devices are added
– Difficult to isolate problems
© 2003, Cisco Systems, Inc. All rights reserved.
5
Nonhierarchical (“flat”) Network
© 2003, Cisco Systems, Inc. All rights reserved.
6
Table of Device Hierarchy
© 2003, Cisco Systems, Inc. All rights reserved.
7
Layer 2 Network Issues
•
•
Layer 2 switches can significantly improve
performance in a CSMA/CD network when used
in place of hubs.
–
This is because each switch port represents a
single collision domain
–
Device connected to any switch port do not have to
compete with other devices to access the media
Ideally, every host on a given network segment
is connected to its own switch port.
–
This is known as microsegmentation
–
Microsegmentation essentially eliminates collisions
© 2003, Cisco Systems, Inc. All rights reserved.
8
Virtual LANs - VLANs
•
•
•
Additionally, VLANs can be used to break up the
Layer 2 topology – broadcast domain – into
smaller broadcast domains.
Remember, every VLAN is its own broadcast
domain/subnet.
Every VLAN needs its own Layer 3 gateway to
route between VLANs and to the Internet
– VLANs also help to secure the network by keeping
one VLAN from another by default
– For one VLAN to communicate with another, a router
or routing capable device must be used which allows
for Layer 3 ACLs
© 2003, Cisco Systems, Inc. All rights reserved.
9
Drawbacks of Nonheir. Switched Network
•
For all their benefits, some drawbacks still exist
in a nonhierarchical-switched network:
1. If switches are not configured with VLANs, very
large broadcast domains may be created.
2. If VLANs are created, traffic cannot move between
VLANs using only Layer 2 devices.
3. As the Layer 2 network grows, the potential for
bridge loops increase.
– Therefore, the need to use a Spanning Tree
Protocol becomes imperative.
© 2003, Cisco Systems, Inc. All rights reserved.
10
Nonhier. Switched Network
© 2003, Cisco Systems, Inc. All rights reserved.
11
Layer 3 Routing
• A major limitation of a Layer 2 switch is that they
cannot switch traffic between Layer 3 network
segments.
–IP subnets, for example
–Traditionally done using a router
• Unlike switches, a router acts as a broadcast
boundary and does not forward broadcasts
between its interfaces.
• Also, the router can act as a security device,
manage quality of service and apply network
policy.
© 2003, Cisco Systems, Inc. All rights reserved.
12
Layer 3 Hier. Topology
© 2003, Cisco Systems, Inc. All rights reserved.
13
Layer 3 Concerns
•
•
Security configurations, such as access lists
may cause network delay and increased
troubleshooting.
Routers terminate VLANs and end-to-end
VLANs are no longer needed – replaced by
local VLANs.
– Additional routing configuration (dynamic or static)
•
Increasing the number of routers, increases the
network complexity.
– If all traffic is now routed then all devices (routers,
firewalls, Layer 3 switches) must know about all
routes and have a default route.
© 2003, Cisco Systems, Inc. All rights reserved.
14
Multilayer Switching
•
Multilayer switching is hardware-based
switching and routing, integrated into a single
platform.
•
Frame and packet forwarding operation is
handled by the same specialized hardware ASIC
and other specialized circuitry.
– Application Specific Integrated Circuit (ASIC)
– A multilayer switch does everything to a frame and
packet that a traditional switch or router does
© 2003, Cisco Systems, Inc. All rights reserved.
15
Multilayer Switch Capabilities
•
Provides multiple simultaneous switching paths
•
•
Segments broadcast and failure domains
Provides destination specific frame forwarding based on Layer 2 information
•
•
•
Determines the forwarding path based on Layer 3 information
Validates the integrity of the Layer 2 frame and Layer 3 packet via checksums and
other methods
Verifies packet expiration and updates accordingly
•
•
Processes and responds to any option information
Updates forwarding statistics in the Management Information Base (MIB)
•
•
Applies security and policy controls, if required
Provides optimal path determination
•
The more expensive or sophisticated multilayer switches are modular and support a
wide variety of media types and port densities.
•
•
Has the ability to support QoS
Has the ability to support VoIP and in-line power requirements
© 2003, Cisco Systems, Inc. All rights reserved.
16
Multilayer Switch Topology
© 2003, Cisco Systems, Inc. All rights reserved.
17
Multilayer Switching Issues
• Multilayer switches combine the benefits of switching
and routing onto a single hardware platform and can
enhance overall network performance when deployed
properly.
• However, by combing both switching and routing
functions into one device we create a single point of
failure
• Possible bridging loops
• Multilayer switching functions may be underutilized
© 2003, Cisco Systems, Inc. All rights reserved.
18
Enterprise Composite Network Model
•
The Enterprise Composite Network Model
provides a modular framework for designing
networks.
–
•
Modular design allows flexibility in network design
and facilitates ease of implementation and
troubleshooting.
The hierarchical model divides networks into
the Building Access, Building Distribution, and
Building Core layers
© 2003, Cisco Systems, Inc. All rights reserved.
19
Access, Distribution and Core Layers
© 2003, Cisco Systems, Inc. All rights reserved.
20
Access Layer
• The Building Access layer is used to
grant user access to network devices.
– generally incorporates switched LAN
devices with ports that provide connectivity
to workstations and servers
• In the WAN environment, the Building
Access layer at remote sites may provide
access to the corporate network across
WAN technology.
– Possible dial-up or VPN technology
© 2003, Cisco Systems, Inc. All rights reserved.
21
Distribution Layer
• The Building Distribution layer aggregates
the wiring closets and uses switches to
segment workgroups and isolate network
problems.
• Routing and packet manipulation occur in
the Building Distribution layer.
–Inter-VLAN routing
–Access control lists
–3550, 3560, 3570 and possible 4500 series
© 2003, Cisco Systems, Inc. All rights reserved.
22
Core Layer
• The Building Core layer is a high-speed
backbone and is designed to switch packets as
fast as possible.
–Similar to a WAN Core layer
• Routing and packet manipulation above Layer 2
should be avoided in the Core, if possible.
–High-speed Multilayer switches
–4500, 6500 series switches
© 2003, Cisco Systems, Inc. All rights reserved.
23
Benefits of Enterprise Composite Model
• To scale the hierarchical model, Cisco
introduced the Enterprise Composite
Network model
• This model further divides the enterprise
network into physical, logical, and
functional boundaries.
© 2003, Cisco Systems, Inc. All rights reserved.
24
Network Composite Model
•
The Enterprise Composite Network model
meets these criteria:
– It defines a deterministic network with clearly
defined boundaries between modules and clear
demarcation points.
– It provides scalability by allowing enterprises to add
modules (segments) easily.
•
As network complexity grows, designers can add
new functional modules.
– It offers more network integrity in network design,
allowing the designer to add services and solutions
without changing the underlying network design.
© 2003, Cisco Systems, Inc. All rights reserved.
25
Overview of Network Composite Model
© 2003, Cisco Systems, Inc. All rights reserved.
26
Issues of Poor Network Design
• A poorly designed network has increased
support costs, reduced service availability
and limited support for new applications
and solutions
• Less than optimal performance will effect
end-users directly as well as effect access
to central resources.
© 2003, Cisco Systems, Inc. All rights reserved.
27
Issues of Poor Network Design
© 2003, Cisco Systems, Inc. All rights reserved.
28
Unbounded Failure Domains
•
One of the most important reasons to
implement an effective design is to minimize
how far reaching a network problem is when it
occurs.
– For example, since a VLAN is it’s own broadcast
domain, then a broadcast storm or multicast traffic
will be contained to just that VLAN.
•
When Layer 2 and Layer 3 boundaries are not
clearly defined, failure in one network area can
have a far-reaching effect.
© 2003, Cisco Systems, Inc. All rights reserved.
29
Broadcast Domains
• Broadcasts exist in every network.
• Many applications and many network operations
require broadcasts to function properly,
therefore, it is not possible to completely
eliminate broadcasts.
• Just as with failure domains, in order to minimize
the negative impact of broadcasts, broadcast
domains should have clear boundaries and
include an optimal number of devices.
© 2003, Cisco Systems, Inc. All rights reserved.
30
Large Amounts of Unknown Unicast Traffic
• Frames arriving for a destination MAC address
not recorded in the MAC table are flooded out all
switch ports and this is known as an "unknown
MAC unicast flooding."
• Because this causes excessive traffic on switch
ports, NICs have to attend to a larger number of
frames on the wire and security can be
compromised as data is being propagated on a
wire for which is was not intended.
© 2003, Cisco Systems, Inc. All rights reserved.
31
Multicast Traffic on Unintended Ports
• IP multicast is a technique that allows IP traffic to
be propagated from one source to a multicast
group identified by a single IP and MAC
destination group address pair.
• Without multicast management protocols such
as IGMP and CGMP, multicast frames will be
flooded out all switch ports
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ipmulti.htm
© 2003, Cisco Systems, Inc. All rights reserved.
32
Possible Security Vulnerabilities
• Maximum number of MAC addresses can
be configured on a switch port to keep the
CAM table from being flooded
• Setting the “sticky” configuration can
guard against TCP/IP hijacking attacks
–Man-in-the-middle attacks
–Rogue network devices
© 2003, Cisco Systems, Inc. All rights reserved.
33
Designing Hierarchical IP Addressing
• Hierarchical network addressing means
that IP network numbers are applied to the
network segments or VLANs in an orderly
fashion that takes into consideration the
network as a whole.
• Blocks of contiguous network addresses
are reserved for, and configured on
devices in a specific area of the network.
© 2003, Cisco Systems, Inc. All rights reserved.
34
Benefits of Hierarchical IP Scheme
1. Ease of Management and Troubleshooting
2. Minimize Error
3. Reduced number of routing table entries
4. Scalable logical design
© 2003, Cisco Systems, Inc. All rights reserved.
35
Guidelines for Applying IP Address Space
• Design the IP addressing scheme so that blocks of 4, 8, 16,
32, or 64 contiguous network numbers can be assigned to
the subnets in a given Building Distribution and Access
switch block.
• At the Building Distribution layer, continue to assign network
numbers contiguously out toward to the Access Layer
devices.
• Have a single IP subnet correspond with a single VLAN.
• Subnet at the same binary value on all network numbers
avoiding variable length subnet masks when possible in
order to minimize error and confusion when troubleshooting
or configuring new devices and segments
© 2003, Cisco Systems, Inc. All rights reserved.
36
Contiguous Blocks of IP Addresses
Error!
10.1.0.0-10.1.3.0/24
10.2.0.0-10.2.3.0/24
© 2003, Cisco Systems, Inc. All rights reserved.
10.3.0.0-10.3.3.0/24
37
Interconnection Technologies
© 2003, Cisco Systems, Inc. All rights reserved.
38
Determining Cabling Needs
Fiber vs. Copper
Redundant Links
Spanning Tree
Crossover vs. Straight-through
© 2003, Cisco Systems, Inc. All rights reserved.
39
Mapping VLANs in a Hier. Network
• When mapping VLANs onto the new hierarchical
network design, keep these parameters in mind:
•
Examine the subnetting scheme that has been applied to the
network and associate a VLAN to each subnet.
•
Configure routing between VLANs at the distribution layer.
– Routing always occurs at the distribution layer switch.
•
Make end-user VLANs and subnets local to a specific switch
block.
•
Ideally limit a VLAN to one access switch or switch stack
(network closet/wing/floor).
– It however may be necessary to span a VLAN across
multiple access switches within a switch block to support
say wireless mobility.
© 2003, Cisco Systems, Inc. All rights reserved.
40
Mapping VLANs in a Hier. Network
VLANs often referred to as colors
© 2003, Cisco Systems, Inc. All rights reserved.
41
Traffic Source to Destination Path
Make sure everything
is connected and reachable
© 2003, Cisco Systems, Inc. All rights reserved.
42
Cisco Catalyst Switches
© 2003, Cisco Systems, Inc. All rights reserved.
43
Catalyst Command Line Interfaces
• Older Catalyst switches use the CatOS, which is
a set-based command line:
Console>show port 3/5
Console>enable
Console(enable)>set port enable 3/5
• Newer Catalyst switches use the IOS command
line that you are already familiar with:
Switch# config terminal
Switch(config)#interface fastethernet 0/3
Switch(config-if)#no shut
Switch(config-if)#end
Switch# show interface fastethernet 0/3
© 2003, Cisco Systems, Inc. All rights reserved.
44
Summary
© 2003, Cisco Systems, Inc. All rights reserved.
45
Related documents
If your staff need to upgrade or re
If your staff need to upgrade or re
JOB DESCRIPTION NETWORK ADMINISTRATOR
JOB DESCRIPTION NETWORK ADMINISTRATOR
Network Addressing
Network Addressing
Research Scientist – Prague, Czech Republic Cisco Systems
Research Scientist – Prague, Czech Republic Cisco Systems
Cisco PWR-C45-1000AC= power supply unit (PWR
Cisco PWR-C45-1000AC= power supply unit (PWR
Career Highlights - University of the Pacific
Career Highlights - University of the Pacific
Course Overview
Course Overview
CCNA 3—Switching Basics and Intermediate Routing
CCNA 3—Switching Basics and Intermediate Routing
Rex Spell - rabidcat.org
Rex Spell - rabidcat.org
Router/Switch Security
Router/Switch Security
O L G A F O S T... Inside Sales Account Manager
O L G A F O S T... Inside Sales Account Manager