Chapter 8
What is the formula to determine the magic number?
2^h
What is the formula to calculate the number of hosts in a subnet?
2^h-2=Z
What is the formula to determine the number of bits to determine the number of subnets needed?
2^n=Y
What is the maximum number of IP addresses and hosts available on a Class B network?
65,534
VLAN hopping
An exploit where a hacker generates transmissions that appear to belong to a protected VLAN, then cross VLANs to access sensitive data or inject harmful software.
Access Port
Connects switches to endpoints. Computers connected to access points do now know which VLAN it belongs to, nor can it recognize other VLANs on the same switch.
Trunk Port
Connects the switch to a router or another switch. This interface manages traffic from multiple VLANs.
Default VLAN
Preconfigured on a switch and initially includes all the switch's ports. Cannot be renamed or deleted, but the ports can be reassigned to other VLANs.
Management VLAN
Provides administrative access to a switch.
Unmanaged Switch
Provides plug-and-play simplicity with minimal configuration options and has no IP assigned to it. They cannot support VLANs.
Native VLAN
Receives all untagged frames from untagged ports; by default, it is the same as the default VLAN.
RIR
Regional Internet Registry
Site prefix/Global routing prefix
The first four blocks of an IPv6 address, used to identify the network and serve as the network prefix.
CIDR Block
The forward slash plus the number of bits used for the network ID. Example: /24
What determines the number of bits that belong to a network ID in an IP address?
The number of 1s in the subnet mask.
What does the h in 2^h-2=Z represent?
The number of bits remaining in the host portion.
What does the N in 2^n=Y represent?
The number of bits that must be switched from the host address to the network ID.
What does the Z in 2^h-2=Z represent?
The number of hosts available in each subnet.
What does the Y in 2^n=Y represenet?
The number of subnets that result from the calculation.
Magic Number
The number that can be used to calculate the network IDs in all the subnets of the larger network.
Host ID
The portion of an IP address that identifies the host, or a specific machine on the network.
Network ID
The portion of an IP address that identifies the network. Also called a network number or network prefix.
Inter-VLAN Routing
The process of forcing a VLAN to go through a router to communicate with another VLAN. Sometimes called ROAS (Router-on-a-stick)
Native VLAN mismatch
The result of a disagreement over the native VLAN assignment, and will result in a configuration error.
Stack Master
The switch on which VLAN database information is altered, and then communicated to all other switches in the network.
Where did the term "trunk" originate?
The telephony field, where it refers to an aggregation of logical connections over one physical connection.
ANDing
The term used to calculate a host's network ID given its IPv4 address and subnet mask.
Interesting Octet
The unusual octet in a subnet mask. Can be subtracted from 256 to find the magic number.
What do the last four blocks of an IPv6 address do?
They are used to identify the interface.
Switch Spoofing
When an attack connects to a switch and then makes the connection look to the switch as if it's a trunk line.
Double Tagging
When an attacker stacks VLAN tags in Ethernet frames to trick a switch into forwarding the transmission to a restricted VLAN.
Classless Addressing
Altering the rules of classful IPv4 addressing, the process known as subnetting.
Class B IP Address
An IP address with 16 bits in the network ID, and 16 in the host ID.
Class C IP Address
An IP address with 24 bits in the network ID, and 8 in the host ID.
Class A IP Adress
An IP address with 8 bits in the network ID, and 24 in the host ID.
What is the range of CIDR notations available for a Class B subnet mask?
/17 - /30
What is the range of CIDR notations available for a Class C subnet mask?
/25 - /30
What is the default selection for an MTU?
1500 bytes
Unicast Address
Address assigned to a single interface on the network.
ip helper-address
A command on some Cisco products that can be configured to create and send helper messages that support multiple types of UDP traffic, including DHCP, TFTP, DNS, and TACACS+
Network Segmentation
A large broadcast domain is divided into smaller segments, and the IP address space is subdivided as well.
Trunk Line
A link between two trunk ports.
DHCP relay agent
A small application that works with a centrally managed DHCP server to provide DHCP assignments to multiple subnets and VLANs.
VLSM (Variable Length Subnet Mask)
A subnet mask that allows subnets to be further subdivided into smaller and smaller groupings until each subnet is about the same size as the necessary IP address space.
Trunking
A technique that allows a switch to support traffic belonging to several VLANs across the network.
Tag
Added by a Switch, a tag identifies the port through which a VLAN transmission arrived.
How can you create subnets within a site using IPv6?
By altering the fourth hexadecimal block in the site prefix, or the fourth block in the address.
How do you manage IP addresses at a logical layer?
By configuring the clients on each subnet so they know which devices are on their own subnet, and which are not.
How can you view a configured VLAN?
By using "show vlan" on a Cisco switch.
Managed Switches
Can be configured via a command line interface or a web-based management GUI, and sometimes configured in groups. They are also assigned IP addresses.
Data VLAN
Carries user-generated traffic.
VTP (VLAN Trunk Protocol)
Cisco's protocol for exchanging VLAN information over trunks. It allows changes to a VLAN database on one switch.
CIDR Notation
Devised in 1993 by the IETF, CIDR is a shorthand method for identifying network and host bits in an IP address. Also called slash notation.
What are some benefits of network segmentation?
Enhanced security, improved performance, easier troubleshooting.
A VLAN can only have ports on one switch.
False; they can be on any number of switches.
Different VLANs on the same switch can talk to each other.
False; they must go through the router.
What are the most common ways of segmenting a network?
Geographically, departmentally, and by device type.
VLAN (Virtual Local Area Network)
Groups ports on a layer 2 switch so that some of the local traffic on the switch is forced to go through a router.
What kind of class system to IPv6 addresses use?
IPv6 addresses are classless, and do not use subnet masks.
SAID (Security Association Identifier)
Indicates to other connectivity devices which VLAN a transmission defaults to; by default, Cisco switches assign a VLAN the said of 100,000, plus the VLAN number.
What are some benefits of using a VLAN?
Isolating connections, prioritizing data handling, containing groups using legacy protocols, separating users who need limited security, configuring temporary networks, and reducing the cost of network equipment.
At what levels of the OSI model can a network be segmented?
Layer 1: By using physical devices to create separate LANs. Layer 2: By creating virtual LANs. Layer 3: By subnetting to organize devices within the available IP address space.
What does the "show vlan" command do?
Lists the current VLANs recognized by a Cisco switch.
What is the command to change a native VLAN?
On a Cisco switch, "switchport trunk native vlan." On a Juniper switch, "set port-mode trunk" followed by "set native-vlan-id."
How can a network be segmented?
Physically with multiple LANs, or logically through the use of VLANs.
Voice VLAN
Supports VoIP traffic, which requires high bandwidths, priority over other traffic, flexible routing, and minimized latency.
802.1Q Standard
The IEEE standard that defines how VLAN information appears in frames and how switches interpret that information.