Download presentation
Presentation is loading. Please wait.
1
Bellevue University CIS 341A Final Review
2
The test Monday, August 4, 2008 50 Question multiple choice, True/False, and fill in the blanks. You have the entire period to complete the exam. Closed book, closed notes, closed communication between students.
3
Scoring 2 points for each correct answer If the entire class gets a question wrong, it will be thrown out and 2 points will be credited to each student
4
What to study The review slides Chapters 8-11 and 14 in your text The quizzes The lab assignments
5
What the exam will cover Layer 2 Switching VLANs Access lists NAT Wide Area Network Protocols
6
Layer 2 Switching Purposes for using switching –Used to break up collision domains –Cost-effective, resilient internetwork Purpose for Spanning-Tree Protocol (STP) –Stops loops in layer 2 switched networks
7
A Layer 2 Switch Breaks up collision domains Doesn’t break up broadcast domains
8
Before Layer 2 Switching
9
Switched LANs
10
Typical Switched Designs
11
Layer 2 Switching Provides Hardware-based bridging using ASICs (Application Specific Integrated Circuits) Wire speed Low latency Low cost
12
Limitations of Layer 2 Switching Layer 2 switches do not break up broadcast domains. Layer 2 switches have no internal security.
13
Layer 2 Switching Functions Address Learning: Layer 2 switches remember the source hardware address of each frame received on an interface. The address is saved in the forward/filter table along with the interface number. Forward/filter decision: When a frame is received, the switch compares the destination hardware address with the entries in the table. If a match is found, the frame is forwarded out the interface associated with that address. If a match is not found, the frame is repeated to all other interfaces. Loop avoidance: Loops can occur if redundant connections are made between switches to improve network reliability. Spanning tree protocol turns off alternate paths until they are needed. That way, traffic has a single path from point of origin to destination.
14
How Switches Learn Hosts’ Locations
15
Spanning Tree Protocol A layer 2 protocol used to prevent loops in a switched network containing redundant connections between switches. Activates alternate paths when primary paths fail.
16
Spanning-Tree Terms STP Root Bridge BPDU Bridge ID Nonroot Bridge Root port Designated port Port cost Nondesignated port Forwarding port Block port
17
Spanning-Tree Port States Disabled - Administratively down Blocking - Receive BPDUs only Listening – Send and receive BPDUs and receive traffic Learning – save MAC address information Forwarding – send/receive traffic
18
Root Bridge A master bridge that transmits network topology control information to other bridges. The bridge having the lowest numbered bridge ID is elected as the root bridge. The 64 bit bridge ID consists of the priority number and MAC address value.
19
Bridge Protocol Data Unit Sent out on each port by each switch. Used by other switches to elect a root bridge and block or allow traffic on ports that are connected between switches
20
Spanning-Tree Example
21
LAN Switch Types Cut-through (FastForward) FragmentFree (modified cut-through) Store-and-forward
22
Virtual LANs (VLANs) Definition: A logical grouping of network users and resources connected to administratively defined ports on a switch. –Layer 2 switches break up collision domains –VLANs break up broadcast domains Features: –Provides a level of security over a flat network –Simplify network management –Add flexibility and scalability to the network
23
Broadcast Control Broadcasts occur in every protocol Bandwidth & Broadcasts Flat network VLANs & Broadcasts
24
Security Flat network problems VLANs
25
Flexibility & Scalability Layer-2 switches only read frames –Can cause a switch to forward all broadcasts VLANs –Essentially create broadcast domains Greatly reduces broadcast traffic Ability to add wanted users to a VLAN regardless of their physical location Additional VLANs can be created when network growth consumes more bandwidth
26
Flat Network
27
VLANs
28
Components of a VLAN One or more VLAN capable switches One or more VLAN capable Layer 3 switches or routers –Provide routing between VLANs
29
VLAN Memberships Static VLANs –Typical method of creating VLANs –Most secure A switch port assigned to a VLAN always maintains that assignment until changed Dynamic VLANs –Node assignment to a VLAN is automatic MAC addresses, protocols, network addresses, etc –VLAN Management Policy Server (VMPS) MAC address database for dynamic assignments MAC-address to VLAN mapping
30
Types of VLAN Links Access link –Carries traffic for only one VLAN Trunk link –Carries traffic for multiple VLANs
31
Identifying VLANs (cont.)
32
Frame Tagging Definition: A means of keeping track of frames as they travel from VLAN to VLAN The tag identifies the destination VLAN for the frame The tag is added to the frame by a VLAN capable Layer 3 Switch or Router that serves as a gateway between VLANs It is removed before the frame is sent out of the access port that is connected to the destination host
33
VLAN ID Methods Inter-Switch Link (ISL) –Cisco proprietary –FastEthernet & Gibabit Ethernet only IEEE 802.1q –Must use if trunking between Cisco & non- Cisco switch
34
Inter-Switch Link (ISL) Protocol Definition: A means of explicitly tagging VLAN information onto an Ethernet frame –Allows VLANs to be multiplexed over a trunk line –Cisco proprietary –External tagging process
35
VLAN Trunk Protocol (VTP) Purpose: to manage all configured VLANs across a switch internetwork & maintain consistency –Allows an administrator to add, delete, & rename VLANs
36
VTP Benefits Benefits –Consistent configuration –Permits trunking over mixed networks –Accurate tracking –Dynamic reporting –Plug-and-Play A VTP server must be created to manage VLANs
37
VTP Modes
38
VTP Modes of Operation Server –Default for all Catalyst switches –Minimum one server for a VTP domain Client –Receives information + sends/receives updates –Cannot make any changes Transparent –Does not participate in a VTP domain but forwards VTP advertisements –Can add/delete VLANs –Locally significant
39
Routing Between VLANs
40
Configuring VLANs Creating VLANs Assigning Switch Ports to VLANs Configuring Trunk Ports Configuring Inter-VLAN routing
41
Access Lists List of conditions that Characterize Packets. Purpose: –Used to permit or deny packets moving through the router –Permit or deny Telnet (VTY) access to or from a router –Create dial-on demand (DDR) interesting traffic that triggers dialing to a remote location
42
Important Rules Packets are compared to each line of the assess list in sequential order Packets are compared with lines of the access list only until a match is made –Once a match is made & acted upon no further comparisons take place An implicit “deny” is at the end of each access list –If no matches have been made, the packet will be discarded
43
Types of Access Lists Standard Access List –Filter by source IP addresses only Extended Access List –Filter by Source IP, Destination IP, Protocol Field, Port Number Named Access List –Another way to create standard and extended access lists. –Allows the use of descriptive names to ease network management.
44
Application of Access Lists Inbound Access Lists –Packets are processed after they are received and before they are routed to the outbound interface Outbound Access Lists –Packets are processed after they are routed to the outbound interface and before they are sent Traffic that originates in the router is not processed through an access list.
45
Wildcard A 32 bit binary number used to specify what part of an IP address must match precisely an access list entry and what part can be any value. –A zero must match (wild card turned off for that bit) –A one can be any value (wild card turned on for that bit)
46
Using a Wildcard to Specify a Range of Subnets Network address = 172.16.8.0/16 Wildcard = 0.0.0.255 This wild card represents the range of IP addresses from 172.16.8.0 – 172.16.8.255
47
Controlling VTY (Telnet) Access Why?? –Without control, any user could Telnet to a router via VTY and try to gain access Controlling access –Create a standard IP access list Permitting only the host/hosts authorized to Telnet into the router –Apply the ACL to the VTY line with the access-class command
48
Net Address Translation (NAT) Allows private IP addresses to be represented by a smaller number of public IP addresses. Configured in a router Three types: –Static –Dynamic –Overloaded (Port Address Translation)
49
Benefits of NAT You can keep reduce the visibility of your private network. You don’t have to change your internal IP addresses when your ISP changes your public IP address. You can use the same private IP addresses for several different networks.
50
Static NAT 1 to 1 correspondence between private and public IP addresses You must designate both addresses manually by interface
51
Configuring Static NAT ip nat inside source static 10.1.1.1 170.46.2.2 ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 170.46.2.1 255.255.255.0 ip nat outside !
52
Dynamic NAT Allows outside IP addresses to be dynamically shared by a number of internal addresses. Requires that you define a pool of outside addresses to be used
53
Configuring Dynamic NAT ip nat pool todd 170.168.2.2 170.168.2.254 netmask 255.255.255.0 ip nat inside source list 1 pool todd ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 170.168.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 !
54
Overloaded NAT Also known as Port Address Translation Allows multiple inside IP addresses to access a pool of outside IP address Uses ports to differentiate between inside addresses. The outside addresses must be defined, along with a range of inside addresses that may have access to them.
55
Configuring PAT 55 ip nat pool globalnet 170.168.2.1 170.168.2.1 netmask 255.255.255.0 ip nat inside source list 1 pool globalnet overload ! interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0/0 ip address 170.168.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.