Module 3: Planning and Troubleshooting Routing and Switching

Overview Selecting Intermediate Devices Planning an Internet Connectivity Strategy Planning Routing Communications Troubleshooting TCP/IP Routing

Lesson: Selecting Intermediate Devices Types of Devices Multimedia: The Role of Routing in a Network Infrastructure When to Use Routing Types of Networking Domains What Are the Features of Switches? Virtual LANs Full-Duplex Transmission in Switched Environments Guidelines for Selecting an Appropriate Intermediate Device

Types of Devices DeviceOSI layerDefinition Hub Physical (layer 1) Extends the network by retransmitting the signal Does not process the data Is invisible to the nodes Switch Data-link (layer 2) Forwards frames according to the destination address Uses temporary or virtual connections to connect source and destination ports Router Network (layer 3) Used to link WANs and dissimilar LANs Operates at the packet level Sends packets based on packet addressing Layer 3 switch Network (layers 2 and 3) Is a limited-purpose hardware-based IP router with bridging capabilities Also performs layer 2 switching

Multimedia: The Role of Routing in a Network Infrastructure The objective of this presentation is to explain the role of routing in a network infrastructure You will learn how to:  Describe how routing fits into the network infrastructure  Explain the difference between local and remote routing  Describe how the Routing and Remote Access service fits into the network infrastructure

When to Use Routing Use routing to: Isolate networks from each other Provide a start for a secure network implementation Isolate networks from each other Provide a start for a secure network implementation Traditional uses of routers Connecting WANs Segmenting LANs Connecting WANs Segmenting LANs

Switch Segment B Hub Segment A Broadcast Domain Collision Domain B Collision Domain A Hub Types of Networking Domains

What Are the Features of Switches? Switch feature Benefits Layer 3 Routes packets at layer 3 Forwards frames at layer 2 Cost Substantially cheaper than similar performance routers Hardware routing Fast performance (near wire speed) Minimal latency

Virtual LANs Layer 3 Switch Hub VLAN 1 VLAN 2 VLAN ABE – Broadcast Domain VLAN CDFG – Broadcast Domain ABCDEFG

Full-Duplex Transmission in Switched Environments Switch Full-duplex communication Switched Environment Frame B Frame A Frame D Frame C

Guidelines for Selecting an Appropriate Intermediate Device Ease of implementation Speed Functionality Programmability Cost Layer 1 support Protocol support Administration and troubleshooting sophistication

Practice: Selecting Intermediate Devices In this practice, you will learn how to:  Select an appropriate intermediate device  Identify the required features of the intermediate device

Lesson: Planning an Internet Connectivity Strategy Multimedia: Strategies for Network Connectivity to the Internet Requirements for an Internet Connectivity Solution NAT as a Solution for Internet Connectivity ISA as a Solution for Internet Connectivity Multimedia: Selecting a NAT/Basic Firewall or ISA Server Solution Guidelines for Planning an Internet Connectivity Strategy

Multimedia: Strategies for Network Connectivity to the Internet The objective of this presentation is to examine some best practices for connecting a corporate network to the Internet You will learn how to:  Explain how to enable a connection from your corporate network to the Internet  Explain the functionality of NAT, ICS, and ISA servers  Identify some best practices for planning a secure network connection to the Internet

Requirements for an Internet Connectivity Solution Internet connectivity requirements Scalability and fault tolerance Filtering User access Authentication Bandwidth control Time-of-day access Extensibility and flexibility Application connectivity Scalability and fault tolerance Filtering User access Authentication Bandwidth control Time-of-day access Extensibility and flexibility Application connectivity

NAT as a Solution for Internet Connectivity Why NAT is a good solution  Same security requirements for all users  Non-routed private network  Required private addressing NAT Table maps to

Why ISA is a good solution  Secure Internet and private network access  Routed or non-routed network ISA as a Solution for Internet Connectivity Intranet ISA Server maps to

Multimedia: Selecting a NAT/Basic Firewall or ISA Server Solution The objective of this presentation is to explain how to choose between a NAT/basic firewall or ISA Server solution You will learn how to:  Identify when to use a NAT/basic firewall solution  Identify when to use an ISA server solution  Identify the criteria for selecting the most appropriate firewall solution  Apply the appropriate firewall solution for your organization

Guidelines for Planning an Internet Connectivity Strategy Define the existing network structure Identify connectivity requirements Select an appropriate solution Define security requirements

Practice: Planning an Internet Connectivity Strategy In this practice, you will learn how to plan an Internet connectivity strategy

Lesson: Planning Routing Communications Determining the Appropriate Connection Method Selecting a Routing Protocol Using IP Packet Filters Multimedia: Configuring a Router to Filter Protocols When Are VPN Tunnels Used? Using IPSec in Tunnel Mode Guidelines for Planning Router Connectivity

Determining the Appropriate Connection Method Connection methodWhen used Leased lines Security is important Speed and reliability are required No budget constraints Tunneling Security is important No modem infrastructure Demand-dial routing Security is important On demand Limited traffic Per-instance fee pricing structure Demand-dial -persistent Ample traffic Flat fee pricing structure

Selecting a Routing Protocol ProtocolCriteria Static routes Routing information rarely changes Small internetworks Scalability not an issue Manual updates required RIP (dynamic) Routing information constantly changes Automatic routing table updates required Existing routers use RIP Design includes demand-dial interface Maximum number of routers an IP packet will cross is 15 OSPF (dynamic) Routing information constantly changes Existing routers use OSPF Design includes redundant paths between two subnets Design has more than 50 subnets

All other protocols ICMP Using IP Packet Filters Branch Office Interface A inbound filter Interface B outbound filter Interface C outbound filter All protocols All other protocols SNMP Corporate Headquarters

Multimedia: Configuring a Router to Filter Protocols The objective of this presentation is to show how to configure a router to filter specific protocols  Use the Routing and Remote Access service to add a router to the console  Configure the router to process ICMP packets  Use the ping command to identify blocked outgoing filters

When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or EAP-TLS Router authentication uses user-based certificates All routers support VPN tunnels You are using MS-CHAP or EAP-TLS Router authentication uses user-based certificates VPN with L2TP tunnel Used if: All routers support VPN tunnels Router authentication uses computer-based certificates or user-based certificates All routers support VPN tunnels Router authentication uses computer-based certificates or user-based certificates

Using IPSec in Tunnel Mode Using IPSec in tunnel mode:  Enforces IPSec policies for all tunnel traffic  Supports point-to-point security  Specifies tunnel endpoint at both routers Security Between Networks Windows Server/Router

Guidelines for Planning Router Connectivity Identify the router connection method Determine which connectivity options to use Determine which routing protocol to use Identify filter settings

Practice: Planning Routing Communications In this practice, you will plan router communications based on the provided scenario

Lesson: Troubleshooting TCP/IP Routing How to Isolate a Routing Problem When to Use Each of the Troubleshooting Tools Demonstration: Using Troubleshooting Tools Troubleshooting TCP/IP Routing

How to Isolate a Routing Problem Inside-Out Strategy Outside-In Strategy Can you ping the remote host? Can you tracert to remote host? Can you access the failed system? If problem still exists, check route configuration Contact the administrator of the failed system Check system configuration Fix configuration problem Determine where trace fails Yes No Yes No Is the IP configuration correct? Correct the configuration Use tracert to identify communication breakdown No Is the routing table accurate? Correct/delete the incorrect route entries Contact network support engineer Can you ping the gateway? Can you ping interior gateways? No Yes Divide-by-Half : Isolate by ½ the connection issue, then isolate by ½ again

When to Use Each of the Troubleshooting Tools Troubleshooting area Utility to use Local computer configuration Hostname Ipconfig NetStat Nbtstat ARP Network connections NetDiag Tracing paths Tracert Ping Pathping DNS NSlookup

Demonstration: Using Troubleshooting Tools The instructor will demonstrate the use of Netdiag for troubleshooting routing issues

Troubleshooting TCP/IP Routing TCP/IP configuration Default client route and static route configuration Demand-dial routing configuration Router configuration

Practice: Troubleshooting TCP/IP Routing In this practice, you will troubleshoot TCP/IP routing in a sample enterprise

Lab A: Planning and Troubleshooting Routing Exercise 1: Planning a Routing Strategy Exercise 2: Troubleshooting a Routing Problem