Transcript Slide 1
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Advanced
Networking Devices
Chapter 12
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Objectives
• Discuss client/server and peer-to-peer
topologies
• Describe the features and functions of
VPNs
• Configure and deploy VLANs
• Implement advanced switch features
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Overview
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Introduction to advanced
network devices
•
•
•
•
Simple devices each work at one OSI layer
Advanced devices work at multiple layers
Home router really a multilayer switch
CompTIA’s logical network topologies
– The way network systems are organized
– Client/server, peer-to-peer, VPN, and VLAN
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Three parts to Chapter 12
• Logical network topologies
• VLAN in depth
• Multilayer switches
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Logical network
topologies
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Logical network topologies
– Beyond physical or signaling topologies
– Software architecture model
– Roles computers play in network
•Servers
•Clients
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Client/server topologies
– Dedicated servers
– Dedicated clients
•Servers
•Clients
– Earliest networks used this model
– Novell NetWare servers
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.1 A simple client/server network
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.2 Novell NetWare in action
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Peer-to-peer topologies
– Microsoft’s early Windows versions
– Any system server, client, or both
– Depends on configuration
– Windows 9x common example
– Lack of security a problem – no user
accounts
• Permissions Read Only or Full Control
• Available to anyone connected over network
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.3 Sharing options in Windows 98
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Peer-to-peer today
– Adopted by every modern operating
system
– Now offers more robust security
• User accounts
• More advanced permissions
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.4 µTorrent downloading
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Peer-to-peer and client/server today
– Updated – linked to individual applications
– E-mail client and e-mail server
• Outlook a dedicated client
• MS Exchange Server a dedicated server
– Peer-to-peer (P2P) applications
• Act as both client and server
• File-sharing applications
– Bit Torrent, LimeWire, DC++
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Virtual private network (VPN)
– VPN over Internet
• Alternative to expensive remote connections
• Connection using an encrypted tunnel
– Data encrypted and decrypted at endpoints
– Connecting computers must have same
network ID as network
– Tunneling protocols: PPTP and L2TP
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.5 VPN connecting computers across
the United States
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.6 Typical tunnel
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.7 Endpoints must have their own
IP addresses.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• PPTP VPNs
– Point-to-Point Tunneling Protocol (PPTP)
– Advanced version of PPP
– One endpoint on client—other on Routing
and Remote Access Service (RRAS)
– Clients use a virtual NIC that acquires a
DHCP address
– Client connects to RRAS, PPTP creates
tunnel over Internet
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.8 RRAS in action
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.9 VPN connection in Windows
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.10 VPN on a Macintosh OS X system
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• L2TP VPNs
– Layer2 Tunneling Protocol (L2TP)
– Cisco developed
– Good features of PPTP plus…
– Added support to run on most connections
– Moved the endpoint on the local LAN
• VPN concentrator can be endpoint
• Can connect two remote LANs using two VPN
concentrators
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• L2TP has no authentication or encryption
– Usually uses IPSec for security
– Technically should be “L2TP/IPSec” VPN
– Connects client to LAN or LAN to LAN
– VPN clients in all OSs support L2TP/IP Sec
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Site-to-site VPNs
– Used to connect two LANs separated by a
WAN or the cloud
– Uses a VPN concentrator
– Slower, but cheaper, than dedicated leased
line between LANS
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.11 Cisco 2811 Integrated Services Router
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• SSL VPNs
– VPNs using Secure Sockets Layer
– Work at the Transport layer
– Don’t require any special client software
– Clients connect using Web browser
– Traffic secured using SSL
– Two most common types are SSL Portal and
SSL Tunnel VPNs
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• SSL VPNs (cont.)
– SSL portal VPNs
• Client accesses VPN and is presented with a secure
Web page
• Able to access anything on that page, such as
email, data, links, etc.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• SSL VPNs (cont.)
– SSL tunnel VPNs
• Client browser runs an active control, such as Java
or Flash
• Enables much greater access to VPN-connected
network
• Creates a more typical client-to-site connection
than SSL portal VPNs
• User must have sufficient permissions to run
active browser controls
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Alternatives to PPTP, L2TP, and SSL
– Majority of VPNs use PPTP or L2TP
– Open VPN using Secure Shell (SSH)
– Pure IPSec using IPSec tunneling
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
VLANs in depth
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• VLAN
– Virtual Local Area Network (VLAN)
– Used by all but smallest LANs
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Serious networks are complex
– Remote incoming connections
– Public Web or e-mail servers
– Wireless networks
– String of connected switches
– Tremendous amount of traffic
– Security Issues
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• VLANs as solution
– Separate networks with multiple switches
– Segment networks using switches
• Break up broadcast domains
• Serious networks have more than one switch
• Trunking connects VLANs on separate switches
• One port on each switch is trunk port
• Inter-Switch Link (ISL) Cisco form of trunking
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.12 Switch with two VLANs
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.13 Two switches, each with a VLAN 2
and a VLAN 1
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.14 Trunk ports
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• VLANs today
– Every Ethernet switch uses IEEE 802.1Q
– Connect switches from different sources
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Configuring a VLAN-capable switch
– Connect to Web server on switch
– Cisco Catalyst models
– Simple switches at Layer 2 (use MAC
addresses)
– Managed switches use Layer 3 (IP addresses)
– Define the VLANs
– Assign MAC addresses or ports to VLANs
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.15 Catalyst 2950 Series Device Manager
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.16 Defining VLANs in Cisco Network
Assistant
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.17 Assigning a port to a VLAN
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Virtual Trunk Protocol (VTP)
– Large networks with many VLANS would
require a LOT of manual updates
– VTP is a proprietary Cisco protocol that
automates updating multiple VLAN switches
– Three states: Server, Client, or Transparent
– Updating configuration of the Server switch
updates all other switches in the Client state
in minutes – Transparent doesn’t update
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• InterVLAN routing
– Each VLAN a separate broadcast domain
– Need router to communicate between
– Problems with physical routers
– Some switches can do InterVLAN routing
– Cisco 3550
• Supports VLANs and virtual routers
• Works at Layers 2 and 3
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.18 One router connecting multiple VLANs
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.19 Cisco 3550
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.20 Setting up interVLAN routing
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Multilayer switches
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Multilayer switches & InterVLAN routing
– Example: Cisco 3550
• Supports VLANs and virtual routers
• Works at Layers 2 and 3
– On Layer 2 switches, ports do not have IP
addresses
– On a router, every port MUST have an IP
address (due to routing table)
– Multilayer ports can be configured either way
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Load balancing
– Load balancing: many servers look like one
– Creates a server cluster
– Requests are distributed evenly
– Many load balancing methods
– Common to use advanced network devices
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• DNS load balancing
– Oldest and most common method
– Each server has its own IP address
– Multiple A records for one FQDN
– DNS server cycles through A records
– Windows DNS “Enable round robin”
– BIND DNS server has more features
– Requires multiple DNS servers
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.21 Multiple IP addresses, same name
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.22 Enabling round robin
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Using a multilayer or content switch
– Client cache problem with DNS load balancing
– Hide all Web servers behind one IP address
– Special multilayer switch (Layers 3 and 4)
• Is a router performing NAT and port forwarding
• Queries hidden Web server
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Using a content switch for load balancing
– Works at Layer 7 (Application)
– Works with Web servers
– Reads incoming HTTP and HTTPS requests
– Handles SSL certificates and cookies
– Takes workload off Web servers
– Passes cookies to Web browsers
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.23 Layer 7 content switch
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• QoS and traffic shaping
– Quality of Service (QoS)
• Controls bandwidth use
• Rules-based policies prioritize traffic
– Traffic shaping
• Bandwidth management
• Controls flow of packets in or out
• Guarantees a certain amount of bandwidth and/or
latency
• Popular where IT must control user activities
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.24 QOS configuration on a router
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Network protection
– Intrusion protection/intrusion detection
– Port mirroring
– Proxy serving
– Port authentication
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Intrusion detection/intrusion prevention
– Intrusion detection system (IDS)
• Inspects incoming packets
• Network based IDS (NIDS)
• Host-based IDS (HIDS)
• Reporting
– Intrusion protection system (IPS)
• Adds capability to react to attacks
• Can block incoming packets on-the-fly
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.25 Diagram of network-based IDS
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.26 OSSEC HIDS
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Port mirroring
– Mirrors data from ports to a single port
– Works like a configurable promiscuous port
– Allows inspection of traffic to or from certain
computers
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Proxy serving
– Proxy server between clients and external
servers
– Intercepts requests from clients
– Makes requests itself on behalf of clients
– Client must not use DNS to access the type of
server that is proxied
• HTTP, SSL, FTP, Gopher, SOCKS
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.27 Setting a proxy server in Mozilla Firefox
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.28 Web proxy at work
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.29 Squid proxy software
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Port authentication
– Authentication at point of connection
– Critical for AAA authentication
• RADIUS, TACACS+, 802.1X
– Many switches and WAPs support it
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 12.30 802.1X configuration on a Cisco 2811
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.