Advanced Networking Devices
Download
Report
Transcript Advanced Networking Devices
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Advanced Networking Devices
Chapter 12
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Objectives
• Discuss client/server and peer-to-peer
topologies
• Define capabilities and management of
managed switches
• Describe the features and functions of VPNs
• Configure and deploy VLANs
• Implement advanced switch features
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Introduction
• Simple devices each work at one OSI layer
– Hubs: Layer 1
– Switches: Layer 2
– Routers: Layer 3
– Protocols function at upper layers
• High-level view of network components
– Servers, clients, peer-to-peer networks, and
connections
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Client/Server and Peer-to-Peer
Topologies
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Historical/Conceptual
Client/Server
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Client/Server Topology
•
•
•
•
Dedicated servers
Clients never functioned as servers
Earliest networks used this model
Example: Novell Netware servers
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.1 A simple client/server network
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.2 Novell Netware in action
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Peer-to-Peer
• Microsoft’s early Windows versions
• Any system acts as a server, a client, or both
– Depends on the configuration
• Windows 9x is a common example
• Lack of security was a problem with no user
accounts
– Permissions: Read Only or Full Control
– Easy to share but hard to control access
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.3 Sharing options in Windows 98
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Test Specific
Client/Server and
Peer-to-Peer Today
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Client/Server and Peer-to-Peer Today
• Every modern operating system has
abandoned the classic client/server or peerto-peer label
• Windows, Linux and OS X:
– Are capable of acting as a server or a client
– Provide robust security through user accounts,
permissions, and other measures
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Client/Server and Peer-to-Peer Today
(cont’d.)
• Client/server and peer-to-peer now refer to
applications
– Examples: Outlook (a dedicated client) and
Exchange (a dedicated server)
• Peer-to-peer (P2P) applications
– Act as both client and server
– Examples: Bit Torrent (an entire protocol),
LimeWire, and DC++
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.4 Transmission downloading
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Virtual Private Networks (VPNs)
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
VPN over the Internet
• Alternative to expensive remote connections
• Connection using an encrypted tunnel
• Data is encrypted and decrypted at the
endpoints
• Connecting computers must all have the same
network ID
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
VPN Protocols
• VPN client program protocol
– Uses one of many tunneling protocols
• The remote client connects to the local LAN
– Queries the local DHCP server for an IP address
– Client is on the same network ID as the local LAN
• The remote computer has two IP addresses
– Internet connection’s IP address
– VPN client tunnel endpoint IP address
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.5 VPN connecting computers across
the United States
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.6 Typical tunnel
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.7 Endpoints must have their own IP addresses
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
PPTP VPNs
• Point-to-Point Tunneling Protocol (PPTP)
– An advanced version of PPP
• PPTP VPNs
– Endpoints are on the client and the server—
Routing and Remote Access Service (RRAS)
– Client side uses a virtual NIC that acquires a DHCP
address
– When the client connects to the RRAS, PPTP
creates a secure tunnel over the Internet
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Host-to-Site Connection
• Single computer logs into a remote network
– Becomes a member of that network
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.8 RRAS in action
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.9 VPN connection in Windows
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.10 VPN on a Macintosh OS X system
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Layer2 Tunneling Protocol (L2TP) VPNs
•
•
•
•
Developed by Cisco
Included all the good features of PPTP
Added support to run on most connections
Moved the endpoint on the local LAN
– VPN concentrator can be an endpoint
• Can connect two remote LANs using two VPN
concentrators
– Called site-to-site VPN connection
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.11 Cisco 2811 Integrated Services Router
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
L2TP VPNs (cont’d.)
• L2TP has no authentication or encryption
– Uses IPsec for security
– Technically should be “L2TP/IPsec” VPN
– Works well with single client connecting to a LAN
– VPN clients in all operating systems support
L2TP/IPsec
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SSL VPNs
•
•
•
•
•
VPNs using Secure Sockets Layer (SSL)
No special client software is required
Clients connect using a Web browser
Traffic is secured using SSL
Most common types
– SSL Portal VPNs
– SSL Tunnel VPNs
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SSL Portal VPNs
• Client accesses the VPN and is presented with
a secure Web page
• Able to access anything on that page
– Examples: e-mail, data, and links to other pages
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
SSL Tunnel VPNs
• The client browser runs an active control, e.g.,
Java or Flash
• Enables much greater access to the VPNconnected network
• Creates a more typical host-to-site connection
than SSL portal VPNs
• The user must have sufficient permissions to
run the active browser controls
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Switch Management
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Switch Management
• Methods of connecting managed switches
– Plug directly into a serial interface and use a
virtual terminal program (e.g., PuTTY) to connect
to a command-line interface
– Get the switch on the network and use a virtual
terminal program to connect to a command-line
interface
– Get the switch on the network and use the
switch’s built-in Web interface
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Switch Management (cont’d.)
• A console port is a special serial port on many
managed switches
• A managed switch has the same configuration
issues as a new router
• Basic configuration
– Update the firmware
– Configure a client or client software to connect to
the managed switch
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.12 Plugging into a managed switch’s console
port using a serial cable
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
In-Band and Out-of-Band
Management
• In-band management
– Configure a switch over the network
• Out-of-band management
– Dedicate one port on every managed device
– Configure the interface by directly connecting to
that management port
– Plug all dedicated ports into a switch separated
from the rest of the network (to prevent
unauthorized access)
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Virtual LANs
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Serious Networks are Complex
•
•
•
•
•
•
Remote incoming connections
Public Web or e-mail servers
Wireless networks
String of connected switches
Tremendous amount of traffic
Security issues
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Virtual Local Area Network (VLAN)
• Enables segmentation of a network using
switches
• Created by taking a single physical broadcast
domain and breaking into multiple broadcast
domains
– Assign each port to specific VLAN
• Special switches have extra programming to
create virtual networks
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
VLANs (cont’d.)
• Managed switches can handle multiple VLANs
• VLAN example
– Take single switch and turn it into two VLANs:
VLAN1 and VLAN2
– Assign ports to those VLANs
– Any host plugged into a VLAN1 port becomes part
of the broadcast domain VLAN1
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.13 Switch with two VLANs
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.14 Switch with two VLANs
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.15 Two switches, each with a VLAN 2 and a VLAN 1
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Trunking
• Most networks have more than one switch
– Need to enable data to flow between switches
• Trunking
– Transferring VLAN traffic between switches
– Configure a port on each switch as a trunk port
– Native VLAN: VLAN designation for a trunk port
– The trunk port is configured to carry all traffic
between all switches in a LAN
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.16 Trunk ports
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Trunking (cont’d.)
• Early days of VLANs
– Inter-Switch Link (ISL): Cisco’s proprietary form of
trunking
• VLANs today
– Every Ethernet switch uses IEEE 802.1Q trunk to
connect switches from different manufacturers
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Configuring a VLAN-Capable Switch
• Methods for performing configuration
– Use a serial (console) port
– Most common method: log into the switch using
SSH and use command-line interface
– Access the switch with a Web browser interface
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Configuration Process
• Define the VLANs
• Assign ports to VLANs
– Process is known as VLAN assignment)
– Whatever computer plugs into that port, its traffic
will be tagged with that port’s VLAN
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.17 Catalyst 2970 Series Device Manager
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.18 Defining VLANs in Cisco Network Assistant
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.19 Assigning a port to a VLAN
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Tagging
• Enables a frame from a workstation in
VLAN100 to make it to a destination
workstation in the same VLAN
• Access ports are regular ports that have been
configured as part of a VLAN
– Tag traffic with the appropriate VLAN when
frames enter the switch
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Tagging (cont’d.)
• Access ports connect to workstations
• Trunk ports connect to other trunk ports
• The switch tags incoming frames with the
appropriate VLAN
– The frames are routed to a destination
workstation connected on the same switch or to a
destination workstation connected a different
switch (sent out the trunk port)
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Virtual Trunking Protocol (VTP)
• Large networks with many VLANS would
require intensive work to update
• Virtual Trunking Protocol (VTP)
– Proprietary Cisco protocol that automates updates
to multiple VLAN switches
– Three switch states: server, client, or transparent
– Updating the configuration of the server switch
updates all other switches in the client state in
minutes; transparent state does not update
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
InterVLAN Routing
• Early days: one router with multiple ports was
the network backbone
– Forces all traffic to go through the router
– Not a flexible solution for adding VLANs
• Cisco 3550
– Supports VLANs and virtual routers
– Works at Layers 2 and 3
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.20 One router connecting multiple VLANs
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.21 Cisco 3550
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.22 Setting up interVLAN routing
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
DHCP and VLANs
• By default, DHCP requests cannot pass
through a router
• When DHCP relay is enabled and configured
within a router
– The router will pass DHCP requests and responses
across the router interfaces
• Cisco implements DHCP relay through a
configuration command called IP helper
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Troubleshooting VLANs
• Check the port assignment
• A device with an incorrect VLAN assignment
– Will not be seen
– Will not have access to resources it needs
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Multilayer Switches
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Multilayer Switches
• Example: Cisco 3550
– Supports interVLAN routing
• Works at Layer 2 and Layer 3
– Layer 2 forwards traffic based on MAC address
– Layer 3 (router) forwards traffic based on IP
address
• Any port can be configured to work as a
switchport or a router port
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Load Balancing
• Popular Internet servers cannot support load
using a single system
– Load balancing: many servers look like one server
– Creates a server cluster
– Requests are distributed evenly
– Different load balancing methods are available
– It is common to use an advanced network device
called a load balancer
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
DNS Load Balancing
• Oldest and still a very common method
• Each server has its own IP address
• Each DNS server has multiple “A” records with
the same FQDN
– Round robin: the DNS server cycles through these
records so the same domain name resolves to
different IP addresses
• The BIND DNS server has more features
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.23 Multiple IP addresses, same name
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.24 Enabling round robin
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Using a Multilayer Switch
• Web clients cache the DNS server’s IP address
– Reduces load balancing effectiveness
• Using a multilayer switch for load balancing
– Hide all Web servers behind one IP address
– Use a multilayer switch (Layers 3 and 4)
• Router performing NAT and port forwarding
• Queries hidden Web servers and sends HTTP requests
to servers with lighter load
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Using a Content Switch
• Using a content switch for load balancing
– Works at Layer 7 (Application)
– Designed to work with Web servers
– Reads incoming HTTP and HTTPS requests
– Handles SSL certificates and cookies
– Reduces Web servers’ workload
– Passes cookies to Web browsers
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.25 Layer 7 content switch
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
QoS and Traffic Shaping
• Quality of service (QoS)
– Rules-based policies to prioritize traffic
– Controls maximum bandwidth
• Traffic shaping
– Bandwidth management
– Controls the flow of packets in or out
– Guarantees a certain amount of bandwidth/latency
– Popular where IT must control user activities
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.26 QOS configuration on a router
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Port Bonding
• Joining two or more connections’ ports
logically in a switch so that the resulting
bandwidth is treated as a single connection
– Throughput is multiplied by the number of linked
connectors
– All of the cables from the joined ports go to the
same device—another switch, a storage area
network (SAN), a station, or other device
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Port Bonding (cont’d.)
• Other names for port bonding
– Link aggregation
– NIC bonding
– NIC teaming
• Protocols
– Cisco’s Port Aggregation Protocol (PAgP)
– IEEE’s Link Aggregation Control Protocol (LACP)
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Network Protection
•
•
•
•
Intrusion protection/intrusion detection
Port mirroring
Proxy serving
AAA
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Intrusion Detection System (IDS)
• Inspects incoming packets
– Alerts network administrator
• Network based IDS (NIDS)
– Report to a central application
• Host-based IDS (HIDS)
– Monitors events such as system file modification
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.27 Diagram of network-based IDS
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.28 OSSEC HIDS
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Intrusion Protection System (IPS)
• Similar to an IDS
• Consequences due to active network traffic
flow monitoring
– Can stop an attack while it is happening
– The network bandwidth and latency take a hit
– If the IPS goes down, the link might go down too
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Port Mirroring
• Copies data from ports to a single port
• Works like a configurable promiscuous port
• Allows inspection of traffic to or from certain
computers
– Local port mirroring copies data from ports on a
switch to a specific port; must connect directly to
the switch to monitor the data
– Remote port mirroring does not require
connecting to the switch directly
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Proxy Serving
• A proxy server sits between clients and
external servers
• Intercepts requests from clients
• Makes requests itself on behalf of clients
• The proxy server’s IP address is entered in the
client’s connection settings
– Client’s requests are redirected to the proxy server
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.29 Setting a proxy server in Mozilla Firefox
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.30 Web proxy at work
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Proxy Caching
• One benefit of using a proxy server: caching
– Gives clients a faster response
• Forward proxy server
– Acts on behalf of clients
– Hands information to clients
• Reverse proxy server
– Acts on behalf of its servers
– Clients do not receive information about servers
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.31 Squid Proxy Server software
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
AAA
• Authentication, authorization, and accounting
(AAA) are vitally important for security on
switches to support port authentication
– Supported by intelligent switches
• Port authentication protects a network from
unwanted people trying to access the network
– Authentication is required at the point of
connection
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
AAA (cont’d.)
• Critical for AAA authentication
– RADIUS, TACACS+, 802.1X
• Configuring a switch for AAA is a complex
procedure
Copyright © 2015 by McGraw-Hill Education. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Fourth Edition (Exam N10-006)
Figure 12.32 802.1X configuration on a Cisco 2811
Copyright © 2015 by McGraw-Hill Education. All rights reserved.