Network + n10-008
Route flapping
- In a complex environment with routing configured route flapping can be caused by several factors . Devices can be misconfigured , or there could even be a problem on one segment of the network that can cause route flapping on other segments . To avoid route flapping issues , always ensure dynamic routing is configured correctly , and use stub routing and summary routes where you can .
Encryption Standards
A wireless network can use different cryptographic protocols , which have evolved over the years . Even though , at one time , Wired Equivalent Privacy ( WEP ) and WiFi Protected Access ( WPA ) were popular protocols and were widely used . However , WEP and WPA are no longer supported by the wireless access points because of their vulnerabilities and weaknesses . WPA2 is the default cryptography protocol that is supported by all wireless access points .
MAC Address Table and ARP
A MAC address table maps the MAC address to an interface on the switch . Using a MAC address table , the switch will know where to send a frame since the destination MAC address is specified in the table . When the frame arrives on the switch port , the switch will read its source MAC address table and create an entry in the MAC address table , mapping that MAC address to a port from where that frame arrived . MAC address table is a basic part of every switch , and the entries usually expire after 5 minutes .
Pointer record PTR
A PTR record provides the IP address associated with a domain name . It does the exact opposite of an A record .
VPN Headend
A VPN headend is a device that terminates the VPN tunnel at a site . Depending on the type of VPN and the hardware you use , a VPN headend may support route - based and policy - based tunnels .
Captive Portal
A captive portal is an authentication method for a wireless network . If you have ever attempted to connect to a wireless network in a hotel or at the airport , you can connect to the wireless network without any authentication . Even though you are connected , when you attempt to browse the Internet , you are redirected to a captive portal , which requires authentication to browse the Internet . For example , you may be asked to use your mobile number as the username , and then an SMS is sent to the mobile number . The SMS is used as the password . Such a method is mostly utilized at airports . In hotels , you may be given a paper with the user credentials for the captive portal , or they can be sent via an SMS . You may be required to accept the Acceptable Usage Policy on the portal .
Cold site
A cold site will include all of the hardware required in a failure but will need to be configured with the most current data . Failing over to a cold site might cause downtime of access to network resources while a cold site needs to acquire the data before the restore process can occur.
Certificate issues 3
Other common issues related to certificates can be related to certificate validity . If a certificate expires , you will have issues accessing the resources . For example , if you have enabled 802.1x authentication in your network , and if you do not own the certificate on your computer , you will not be able to access the network Always remember to check the validity date of your certificate and if the certificate is present on the certificate store for user's experiencing problems .
Independent Basic Service Set ( IBSS )
If you have ever connected your mobile phone with another one using Bluetooth , you have created an ad - hoc wireless network . It is also called the that requires no access point or router in between . In an ad - hoc or IBSS , both devices Independent Basic Service Set ( IBSS ) communicate with each other without any controller in between . A wireless router or access point is required to authenticate the wireless clients .
Channels
In the case of 5GHZ channels , there are quite a few channels available . The channels begin at 36 and increment by 4 up to 56. But from that point , it's a little bit random . You then have channels 100 , 120 , 124 , 132 , 140 , 157 , 161 , and 165. But the frequencies for each of those channels don't overlap with each other . So this is why the 5 GHZ channels are less susceptible to interference . You have dedicated frequencies for each channel .
WPA2 can be implemented in two different modes :
Personal In the Personal mode , a shared secret is used to authenticate the client . It uses the AES - CCMP encryption algorithm for data encryption during transmission . One of the key use cases of personal mode is at home or in small organizations . Enterprise An authentication server is used to authenticate the client . When you are using an authentication server , you are configuring the WPA2 Enterprise . It uses IEEE 802.1X for enterprise grade authentication . Just like WPA2 - Personal , it also uses the AES - CCMP encryption algorithm .
Name Server record NS
Name Server records are configured to indicate which DNS server is authoritative in the domain . It provides information on the domain's IP address .
Heating Ventilation and Air Conditioning HVAC Systems
Network equipment is very sensitive to varying temperatures , which might shorten equipment's life span . Implementing an HVAC system will regulate the temperature for optimal functionality To ensure that network communication is highly available additional hardware devices need to be implemented , which will ensure redundancy in the event of hardware failure . These hardware devices can include switches , routers and hardware - based firewalls . The addition of these additional hardware devices will require a more complex configuration to cluster these devices together.
Port Mirroring
Port mirroring , also known as SPAN or Switched Port Analyzer on Cisco switches , is another switch feature that can be configured . When you configure SPAN on a port , your switch will send a copy of all traffic received or transmitted ( or both ) on that port to a monitoring device such as an analyzer connected to another port on the switch .
Site Survey
A wireless site survey is conducted before you deploy a wireless network . You want to deploy an optimized wireless network that provides good throughput and speed with minimum interference , which is not possible to achieve without a wireless site survey . With the help of a site survey application or a hardware analyzer , you can determine the best location for your wireless routers and access points . You can determine the number of access points you need and their location . Other than this , you can also determine the dead zones where you need to put a range extender or an access point .
Power Distribution Units PDUS
Power distribution units ( PDUs ) are used to ensure enough power outlets are available for devices . PDU's are mostly used in data centers for the distribution of power outlets and are equipped to protect the networking equipment against power surges .
NTP Servers
Servers are used to distribute synchronized time to NTP clients . synchronize from time sources located at the more NTP Servers are also NTP Clients due to the need to trusted levels of the Stratum hierarchy . Only the time sources at Level 0 are not NTP clients . In this exercise , a previously configured NTP client will be configured to act as a time source .
802.11ax
The 802.11ax standard , also known as WiFi 6 , is an improvement of its predecessor , which was 802.11ac . The 802.11ax standard is named WiFi 6 and can operate in 2.4Ghz and 5Ghz frequency ranges . It can support up to eight MU - MIMO transmissions . It can provide four times the speed of 802.11ac .
802.11n
This is faster than 802.11g , also known as WiFi 4 , and is supported by network devices . 802.11n has a network speed of 600 Mbps and a maximum range of 230 feet . This standard uses multiple input / multiple outputs ( MIMO ) and may cause 802.11b / g networks . 802.11n has a higher price point than 802.11g . interference with nearby
Mean time to repair MTTR
This measures the amount of time it will take to restore the data after an incident has occurred or how long it will take to repair damaged network equipment .
High CPU on devices
This problem can be caused by different factors like old hardware , excessive traffic , switching loops and similar It manifests as slow and intermittent traffic flow .
802.11b
This provides a range of 150 feet and is the oldest standard still in use and supported by wireless routers . Wireless devices widely support this . IEEE 802.11b provides data rates of up to 11 Mbps using the 2.4 GHz band . This standard provides lower maximum data rates but a greater range than the 802.11 a standard since the 2.4 GHz frequencies used are not as readily absorbed by walls and obstacles as the 5 GHz frequencies used in 802.11a are .
Virtual Router Redundancy Protocol VRRP
This routing protocol automatically assigns available internet routers to hosts on the network . By assigning these configurations dynamically , it will ensure the high availability of internet connections .
802.11a
This runs at 54 Mbps and is not compatible with 802.11b as it operates at the 5 GHz band . This standard was the first amendment of the original legacy IEEE 802.11 standard ( 1997 ) , improving data rates from up to 2 Mbps of the original standard . It can cover an indoor area ranging from 35m to 125m .
Client to - Site VPN- To ensure that a company's employees can securely connect to resources from remote locations , a Client - to - site VPN connection needs to be created . This will ensure that the connection is encrypted over the public internet connection .
To ensure that a company's employees can securely connect to resources from remote locations , a Client - to - site VPN connection needs to be created . This will ensure that the connection is encrypted over the public internet connection .
Port Security
Port security is a kind of MAC filtering security feature that you can configure on switches . When you enable port security on a switchport , you are actually limiting the number of MAC addresses on that port and enabling MAC address filtering . In practice , you will configure port security on all user - based ports and not on ports connecting to other switches When port security is enabled on a port users cannot change their PC and connect another device to that port . If they do , the port would be locked . This is called port security violation
802.11g
Today , this is supported by wireless devices and network equipment and is an economical option for buying a wireless access point . 802.11g is the same speed as 802.11a . However , it has a longer range of 170 feet and supports the 2.4 GHz , frequency band . IEEE 802.11g provides data rates of up to 54 Mbps . This functions in the 2.4 GHz band ( like 802.11b ) but uses the same Orthogonal Frequency - Division Multiplexing ( OFDM ) -based transmission scheme as 802.11a . A wireless keyboard also operates at the 2.4 GHz band , hence can likely cause interference with the 802.11g network .
Virtual Network Computing VNC
Virtual Network Computing is the process of connecting to a remote device to manage the device remotely . The local user connected to the device can see what the remote user is doing . The fundamental difference between VNC and RDP is that the local user will not see what the remote user is doing when an RDP session is initiated
WiFi Protected Access 2 ( WPA2 )
WPA is no longer considered a secure solution and has been replaced by WPA2 , also known as 802.11i , which is currently mandatory on all WiFi devices and provides CCMP and AES encryption support . WPA2 - AES is the standard for newer wireless routers where all clients support AES . The WPA and WPA2 standards have adopted EAP with a myriad of EAP types as official authentication mechanisms . One of these is the EAP Transport Layer Security ( EAP TLS ) that uses the Transport Layer Security ( TLS ) protocol and is well - supported among wireless vendors .
Stratum
is an indication of how trustworthy a device connected to an Atomic clock or GPS antenna . Hence clock is as a time source . Level 1 is a device directly it's the most Trusted / Accurate . Level 15 is the least trusted and cannot be used as a Time Source . Stratum 0 Atomic Clock / GPS Satellite
Uninterruptible Powers Supplies UPS
is implemented to ensure that the network equipment is available when a power outage is experienced . This equipment is generally used in conjunction with a generator . When there is a power outage , it will first failover to the UPS , initializing the generator to start providing a steady electricity supply .
NTP Network Time Protocol
is used to keep networked machines across the globe in sync . All machines are synced to UTC ( Universal Time Constant and then offset to display local time . This allows the use of a singular synced time variable across the globe which can then be used to derive local time depending on the machines location on the globe . Stratum is used in NTP to rank clocks according to how trusted they are as time sources .
Virtual desktop :
45 virtual desktop session can be created using a cloud provider , for example , Microsoft Azure . These virtual desktop sessions can be used to access a virtual Windows 10 device configured with specific applications for users . Multiple sessions of the same device can be accessed simultaneously by users . This ensures that the data being accessed remotely is safe and secure .
The range of each of the networks is as follows :
802.11a - 50 feet 802.11b - 150 feet • 802.11g - 50 feet 802.11n - 175 feet • 802.11ac - 230 feet 802.11ax - 11 feet
802.11ac
802.11ac , also known as WiFi 5 , offers a speed of 1.33 Gigabits and a similar range to 802.11n ( 230 feet ) . IEEE 802.11ac is an amendment that improves upon the previous IEEE 802.11 standards . Characteristics of this standard include the introduction of wider channels ( 80 or 160 MHz compared to 40 MHz for 802.11n ) in the 5 GHz band , more spatial streams ( up to 8 ) , and the addition of Multi - User MIMO ( MU - MIMO ) . 802.11ac can transmit data at 1300 Mbps ( megabits per second ) or 162.5 MBps ( megabytes per second ) . Despite the speed and range of different wireless standards , they need to be used correctly . For example , if the wireless router or access points are not hardened , then no standard is safe for use .
Service record SRV
: An SRV record is configured to point to a specific host and port on which the resource is available , for example , instant messaging or voice over IP services
Advanced Encryption Standard ( AES ) Advanced
Advanced Encryption Standard or AES is a symmetric encryption algorithm . AES supports different encryption keys , which can go up to 256 bits . It can perform 128 - bit encryption and encrypt data using 192 - bit or 256 - bit keys that are considered highly confidential and sensitive . Since it is a symmetric encryption algorithm , it has several use cases , such as WPA2 , mobile apps , VPNs , and filesystem encryption . Encryption Key : 128 - bit , 192 - bit , and 256 - bit
AP Association Time
After a wireless device authenticates with a wireless network , it registers itself on the wireless network . This process is known as association , which occurs only in the wireless infrastructure networks and not in peer - peer mode . A wireless device can associate with only one wireless network at a time . For example , a mobile device cannot associate with two wireless networks , but it can associate with a mobile data and wireless network . As long as it stays associated with the wireless router or access point , it is known as the association time It is the wireless device that sends an association request to the wireless router or access point , which after receiving it , processes the request . After the request is processed , a status code of 0 and an Association ID ( AID ) are sent to the wireless device . The status code of 0 means that the request has been successfully processed . If the association fails , no AID is sent to the wireless device . The wireless router or access point sends only a status code .
Recovery time objective RTO
After an incident has occurred , a company needs to stipulate the amount of time the specific application can be not available without harming the business . It is also used to stipulate the time it will take to restore the data or application to a functional state .
Fire Suppression Systems
An essential requirement to protect the network equipment is a fire suppression system that will extinguish , contain or prevent the spread of the fire where the equipment is hosted , for example , a data center .
Industrial Control Systems / Supervisory Control and Data Acquisition ( SCADA )
An industrial control system ( ICS ) is a type of command - and - control system used in industrial plants . To manage the ICS systems , you need Supervisory Control and Data Acquisition ( SCADA ) systems equipped with a graphical user interface ( GUI ) that provides insights into the entire ICS system . The user using the SCADA system can use it to modify a running process in real - time .
Authoritative name servers
An internal DNS server will be hosted inside of the network and will only be accessible for internally connected devices . An external DNS server can be configured on the same network and handle only external requests . If an internal DNS server gets a request from an internal device and can not resolve it , the internal DNS server will contact the external DNS server to resolve the specific request .
Internal and External Dns servers
An internal DNS server will be hosted inside of the network and will only be accessible for internally connected devices . An external DNS server can be configured on the same network and handle only external requests . If an internal DNS server gets a request from an internal device and can not resolve it , the internal DNS server will contact the external DNS server to resolve the specific request .
Intrusion Detection System IDS ) Device
An intrusion detection system ( IDS ) is a device that monitors network traffic . It has certain rules configured against which the network traffic is monitored . If there is a violation of a rule , it generates an alert , which can be sent to the administrator or a central logging mechanism .
Intrusion Prevention System
An intrusion prevention system ( IPS ) is a network security appliance that monitors network or system activities for malicious activity , identifies this activity and logs information about it . An IPS system differs from an IDS system in that it goes one step further and attempts to block or stop the malicious actions taking place . It performs real - time monitoring , and if there is any suspicious traffic or activity detected on the network , it can perform actions like shutting down a port or even dropping the packets that are part of the suspicious traffic .
lot Access Considerations
An loT device is a hardware that can collect data and communicate the data to other devices over the Internet . Each loT device has an IP address that can be used for communication as well as remote monitoring and controlling . In other words , anything that uses a sensor and has the capability of autonomous computing can be assigned an IP address and configured as a smart device . For example , if you add a sensor and computing capability to a refrigerator , it becomes a smart device that can be networked as an loT device . In most cases , loT devices are configured with the default configuration , which leads to several vulnerabilities . To enable secure access to loT devices , you need to ensure that these inherent vulnerabilities are addressed . It is always recommended that an loT device should be configured in a separate wireless network , not with general devices , such as laptops and mobile . For example , you can configure loT devices to be part of a guest network and secure them using a strong password . Another access consideration is that you should never attempt to access loT devices using a public network , such as at the airport . To prevent insecure access to loT devices , you should ensure you have managed to perform some of the following tasks : Change the default or guessable passwords • Shut down insecure services or implement a method to secure them . Restricted use of loT devices in a secure environment Modify the default settings
Antenna Placement
Antenna placement plays a crucial role in wireless network performance and area coverage . There is improved performance when there is a clear line of sight between the recipient device and the wireless antenna . However , when there are more obstacles in the line of sight , performance can deteriorate . Placing the wireless antenna in a central location is always recommended from where the wireless clients can connect . For example , if it is a large hall with 60-70 users , you can place . the wireless access points in the middle of the hall , such as a ceiling - mounted one . This way , the wireless antennas will be able to broadcast in all directions . Poor antenna placement may lead to poor wireless network performance . You also must ensure you place the wireless antennas at a reasonable height to avoid obstacles like furniture . If you put the wireless antenna 25 feet or above , it may reduce the signal strength .
Remote Desktop Gateway
By implementing Remote Desktop Gateway users can access internal resources remotely without the need to use a virtual private network . A Remote Desktop Gateway uses the Remote Desktop Protocol in conjunction with HTTPS to facilitate a secure connection
Antenna Polarization
Antenna polarization is the orientation of the antenna concerning the surface of the earth . When referring to polarization , you need to consider the following : . Operating frequency . The area to be covered Physical constraints , including the space in which you need to install it Most antennas are vertical even though the clients are horizontal and parallel to the antennas However , the vertical antenna produces the best signals to devices that are in a horizontal position . If you use the vertical antennas and lay them on the side , they would send the signa upwards or downwards , but not horizontally . Even though most wireless routers or access points use vertical antennas , they must use the same polarization if there are more than one antennas .
Authoritative name servers
Authorative name servers contain specific information of the domain where it is located and are normally the last point of contact to resolve an IP address to a hostname .
Basic Service Set ( BSS )
Basic Service Set is an operating mode in which you have one access point and several wireless clients . When the wireless clients need to connect to the wired network , they must first authenticate themselves with the access point . After the wireless clients are authenticated , they can communicate with the clients on the wired network . Since there is only one access point , the mobility of the wireless clients is not supported . With the use of an access point , this mode is also known as the infrastructure mode . It can work only in a limited . area depending upon the signal spread of the access point .
Code - Division Multiple Access ( CDMA )
CDMA is handset - specific and has lower radiation emission because no pulses are produced . It also offers high data transmission along with automatic signal encryption . It is a less accepted technology , and therefore , a user with CDMA technology may have limited roaming capability . CDMA stores its information in a handset and , therefore , is handset - specific . CDMA cannot transmit voice and data at the same time . CDMA uses 1xEV - DO ( EVDO ) , which is a 3G standard for CDMA networks . CDMA uses codes to identify callers .
Canonical name CNAME
CNAME records are used in conjunction with A records in a DNS system and are configured to point to the domain and never to an IP address . It can be used to set up aliases for resources on the network .
Certificate Issues
Certificates are widely used today because they provide different security features that help in encrypting communications . Certificates are used in many ways . For example , to have a secure HTTPS website , use multifactor authentication for network access , and perform SSL inspection on your firewall , you will need valid certificates .
Link congestion
If something or somebody uses too much of the available bandwidth , the rest of the network will suffer . You need to ensure that the bandwidth demand is calculated correctly . If your devices support it , you can configure Quality of Service ( QoS ) , which can handle congestion and prioritize your traffic .
Regulatory Impacts
Depending on the country , not all channels are allowed because each country regulates radio transmissions themselves . Hence it depends on where you are in terms of which channels are allowed to be used .
Certificate issues 2
Different issues can arise in these configurations . For example , if you do not have a trusted certificate for your website , your browser will access your website through a security warning page . You had come across such a scenario in one of the previous tasks when you accessed the pfsense firewall webpage .
Interference
If running a wireless network , be ready to have interferences from various home appliances , which mostly run at 2.4 GHz . Several wireless networks mostly use the same 2.4 GHz frequency and are bound to interfere with these devices . Some of the home appliances that can cause interference are : • Mobile phones • Microwave • Bluetooth • Smart home appliance When there is an interference , you can face issues , such as : h • Lower data rates • Latency • Jitter
Channel Bonding
Each channel in wireless has a certain throughput . To increase the throughput , you can configure channel bonding , which requires you to combine two adjacent channels into one channel . The new combined channel has the throughput of both the channels , but you can only create channel bonding if both the channels are adjacent to each other . For example , if you are using 802.11n , which uses 20 MHz channels , you can combine two channels and create a channel bonding of 40 MHz .
Effective Isotropic Radiated Power ( EIRP ) / Power Settings
Effective Isotropic Radiated Power ( EIRP ) determines the antenna power or the signal strength The power is determined at the starting point of the signal transmission , which means at the antenna . Other factors , such as interference or obstructions , are not considered . The EIRP value is determined in decibels over isotropic , dBi . There are no screenshot items for this exercise .
Extended Service Set ( ESS )
Extended Service Set works similarly but with a slight difference . Instead of one access point , it has a physical subnet that has more than one access point . After a wireless client authenticates with one access point , it can roam around and connect with different access points . The access points are configured so that they can share information of the authenticated wireless clients . There can be several access points . Each one of them needs to have the same SSID . The name of the access point , known as BSSID , can be different , however . For example , let's assume that there are four access points with the same SSID . Each can have a unique BSSID , such as BSSID1 , BSSID2 , BSSID3 , and BSSID4 . With several access points , a larger surface area can be covered , and many users can be supported .
First Hop Redundancy Protocol FHRP )
FHRP is a routing protocol implemented to ensure the internal network traffic is routed to the internet through the default gateway as an alternative when the primary router fails .
Geofencing
Geofencing is a method of defining a boundary for mobile devices . This method can be implemented either using the Global Positioning System ( GPS ) or Radio Frequency Identification ( RFID ) to define the network boundary in which the device must stay . In simple terms , it is a perimeter for mobile devices . When a user carrying the mobile device moves in or out of the defined parameter , the administrator can trigger an alert . Several large retail stores use geofencing 1 detect a user when a user enters a defined perimeter . When the user enters the perimeter , a promotional SMS can be sent to their mobile devices .
Global System for Mobile Communications ( GSM )
Global System for Mobile Communications or GSM is a cellular technology that is primarily used for calls and data transmissions simultaneously . It uses 900 and 1800 MHZ as the frequency bands , which are known as GSM - 900 and DCS - 1800 . Unlike CDMA , GSM uses digital signals . the processing of information , GSM uses two different channels , which are . Physical Logical GSM uses Frequency Division Multiple Access ( FDMA ) and Time Division Multiple Access ( TDMA ) as the base technologies to identify callers . GSM uses General Packet Radio Service ( GPRS ) , due to which it has a lower data transmission rate .
Encryption Algorithm : AES , CCMP
IV Size : 48 - bits Encryption Key : 128 - Bits ( With AES , it supports 128 - bit , 192 - bit , and 256 - bit encryption ) Integrity Check Method : CBC - MAC WPA2 primarily uses one of the two encryption methods : Temporal Key Integrity Protocol ( TKIP ) Temporal Key Integrity Protocol ( TKIP ) was initially introduced with WiFi Protected Access ( WPA ) . The role of TKIP was to change the encryption keys for every packet that was being sent . It created a unique base key for each packet that was being transmitted . It never recycled the same base key twice , making it difficult to guess and crack the base key . This meant that even if a wireless device was connected to a wireless router or access point running WPA , the same base key was never used , even if the device connected multiple times . For every new connection made to the wireless router or access point , a new unique base key was generated . Encryption Key : 128 - Bits
Roaming
It is possible to configure roaming for wireless clients . When we use the term , the wireless clients can move from one access point to another while keeping a persistent connection . The access points need to be configured with the same SSID . In the roaming process , there is a handoff process that needs to be completed . The handoff process includes three key steps 1. Scanning : A wireless client finds another access point when the connection is lost or has moved away from one access point . 2. Authentication : The client device sends an authentication request to the access point . The access point verifies the client's device and authenticates accordingly . 3. Association : The client device sends the association request to the newly found access point . After the association process is completed , the new access point sends a message with the disassociation packet to the old access point . After the old access point dissociates from the client , the new access point updates the routing tables . You need to set up two or more access points with the same SSID for the roaming process .
Link failure -
LAN or WAN links can fail , and the difference between them is the scope of impact . If one LAN link fails , it will impact one user , but if a WAN link fails , it will impact all users that use the WAN link . It is always good practice to have redundancy for WAN connections .
Low Optical Link Budget
Link budget is the amount of loss that your optical link can tolerate without affecting the proper operation of the network
Long - Term Evolution ( LTE )
Long - Term Evolution or LTE is primarily used for high - speed data transmissions . It uses two different sets of bands , which are : • Frequency bands 1-25 : Reserved for Frequency Division Duplex ( FDD ) • Frequency bands 33-41 : Reserved for Time Division Duplex ( TDD ) For the processing of information , LTE uses three different channels , which are : • Physical • Logical ▪ Transport LTE is the 4th generation mobile communication standard that uses the Orthogonal Frequency Division Multiplexing ( OFDM ) for data transmission .
Auto - Medium Dependent Interface Crossover ( MDI - X )
MDI is a medium - dependent interface typically used on integrated NIC cards on a PC . MDIX - where X stands for crossover , is an interface found on PC , router , hub or switch , and is a crossover version of an MDI port Generally , if you are connecting two computers directly , you should use a crossover cable . If you are connecting a computer to a switch , you will use a straight - through cable . Today , most Ethernet interfaces have auto - mdix enabled , so you can use either a crossover or a straight - through cable . On older Cisco devices , you can configure this feature on a switch port using the commands mdix auto .
Mean time between failure MTBF
MTBF is the time that elapses from the unplanned failure of network equipment . This can be used to determine the reliability of the equipment .
Mail Exchange Record MX record
MX records are configured on a DNS server to specify an SMTP server for the specific domain . These records are used to route outgoing emails to a mail server .
Recursive lookup
Recursive DNS queries are used when a DNS server queries other DNS servers on the network to determine the location of a specific IP address of a resource on the network .
Root DNS Servers
Root DNS servers ' essential functionality is the translation of hostnames to IP addresses and provides answers to queries from devices on the network .
Active - Active Vs Active - Passive Failover
Routers can be configured with additional internet settings for high availability to access different sites . These configurations include an active - active failover where both the Internet Service Providers will be configured and used . When an internet outage occurs , it will automatically fail over to the active connection . In an active - passive failover , the secondary ISP is inactive until a failure occurs , where it will then become active after the outage occurs .
Service Set Identifier ( SSID )
SSID or Service Set Identifier is the name for your wireless LAN connection given by the manufacturer . It is broadcasted by the wireless access point and are human - readable . SSID does not provide any measure of security . It allows you to connect consists of text strings , which to the correct , specific wireless LAN . A connection with the SSID is called an association . A wireless device sends an association request to the access point , and the access point either device is associated , it becomes the wireless client . allows or denies the request . Once the for clients to connect . Communication from one wireless client to another goes via the access point . SSID is required
Multiple Input Multiple Output ( MIMO ) and Multi - User MIMO ( MU - MIMO )
The 802.11n and 802.11ac wireless standards have a feature named Multiple input multiple output or MIMO . When a signal is being sent out , it is broken into several streams , which are delivered using different antennas on the wireless router or the access point . The recipient , on the other side , recombines the streams into the original signal . This method is called spatial multiplexing . However , to use this feature , both the sender and recipient devices need to have this capability . A Single User MIMO or SU - MIMO is capable of serving one device at a time . Multi - User MIMO or MU - MIMO works similarly with one significant difference - it can simultaneously serve more than one device . MU - MIMO was introduced in 802.11ac standard but was able to cater only to the downlink connections . With the recent launch of 802.11ax , also known as WiFi 6 , it can now support uplink connections . An important fact to note is that it works only with the 5GHz frequency band .
Received Signal Strength Indication ( RSSI ) Signal Strength
The Received Signal Strength Indicator ( RSSI ) is the signal strength received by a wireless antenna . The RSSI value determines the quality of the wireless signal . When a wireless signal . is transmitted , there are possible antenna and cable losses . The balance value is the RSSI value of the signal . The strength of the signal is determined by the RSSI value , which , if higher , determines a strong signal . For example , the value of -50 dBm is considered excellent , and the value of -90 dBm is very low . The RSSI value determines the strength of a signal that is detected and received by a wireless device This signal is sent by the wireless router or the access point . The RSSI value for a wireless device near the wireless router or access point is higher , which means a stronger signal than a wireless device far away from the wireless router or access point .
Routing and Remote Access
The Routing and Remote Access ( RRAS ) Service is used to create and configure VPN connections on Microsoft devices .
Distance
The distance between the wireless access point or router and the client also impacts connectivity . If the wireless clients are far away from the access point , they will get a weaker signal . If they move closer to the access point , then the signal strength increases . You need to always remember that walls and other devices may also reduce the signals reaching you . You may need wireless signal amplifiers if you cannot reduce the distance between the client and the access point .
Link loss budget
The link loss budget is calculated by adding the losses of all components used in a cable plant . These two terms are related , and your data communication over a particular optical link will work correctly only when you have a low optical link budget and when the link loss does not exceed the link budget for the link . Link budget and low optical link budget are very important for optic network cabling because you need to predict it and ensure the quality of the communication link without any interruptions .
Site to - Site VPN-
These connections are used when an organization has offices located in different cities , regions , or countries . Creating this connection enables the different offices to connect securely over a public internet connection using encryption technologies .
WiFi Protected Access III ( WPA3 )
WPA3 is the successor of WPA2 . It adds several new capabilities that did not exist in WPA2 . For example , it adds some of the key capabilities , such as : • Protection from several attacks , such as de - authentication , handshake capture dictionary , PMKID Hash Dictionary , KRACK exploit , and handshake capture encrypts / decrypt . ● Uses WiFi Easy Connect instead of WiFi Protected Setup ( WPS ) . WiFi Easy Connect uses Device Provisioning Protocol ( DPP ) . ● Replaces Pre - Shared Key ( PSK ) with Simultaneous Authentication of Equals ( SAE ) • Supports Protected Management Frames ( PMF ) ● Blocks authentication after a number of failed attempts Encryption Algorithm : AES - GCM & Elliptical Curve Cryptography of CNSA Suite Encryption Key : 192 - bits for Enterprise , 128 - bit for Personal Integrity Check Method : Secure Hash Algorithm
Recovery point objective RPO )
When an incident occurs , a company needs to have a policy in place to determine the amount of data that can be lost without having a detrimental effect on the company's operations .
3G , 4G , and 5G
When talking about mobile networks , the letter G denotes Generation . For example , when you refer to 3G , it is the third generation . When you refer to a specific generation , s mainly identified with its speed . Each of the new generations uses the capabilities of the previous generation with additional new capabilities . The speed of each remains a key differentiator . The max bandwidths offered by each one of them is as follows : 3G : 2 Mbps - 21 Mbps . • 4G : 100 Mbps - 1 Gbps 5G : > 1Gbps Each one of them is designed to use different types of Internet service , such as : 3G : Broadband 4G : Ultra Broadband . 5G : Wireless World Wide Web Each one of them is also designed to use for different applications , such as : 3G : Video conferencing , mobile TV , and Global Positioning System ( GPS ) • 4G : High - speed applications , mobile TV , and wearable devices • 5G : High - resolution video streaming , robots , remote - controlled devices
Channel Utilization
When you configure a wireless router or an access point , it automatically configures the channels it will use . When a client connects to a wireless router or access point , it detects the channel automatically and uses the same channel . However , if too many wireless devices connect to the same channel , the channel utilization may be overburdened . In such a scenaric you should configure the clients to use different channels so that the traffic can be evenly distributed . There are tools available that help you provide a detailed report on channel utilization . To reduce overutilization , you can configure the wireless router and access point to configure the dynamic allocation of channels to the wireless devices .
Antenna Types
Wireless antennas are there in devices with wireless network capabilities . There are essentially two types of wireless antennas : • Directional or Unidirectional : throws the signals in a specific direction . • Omnidirectional : throws the signals at 360 - degree . You can use directional or unidirectional antennas to extend the wireless signals into a specific dead zone . For example , if you have a dead zone , you can use a unidirectional or directional antenna to extend the signals into that specific zone . The omnidirectional antennas are used for point - to - point connections .
Antenna Types
Wireless antennas are there in devices with wireless network capabilities . There are essentially two types of wireless antennas : • Directional or Unidirectional : throws • Omnidirectional : throws the signals at 360 - degree . the signals in a specific direction . You can use directional or unidirectional dead zone . For example , if you antenna to extend the signals into that specific zone . Omnidirectional antennas are used for have a dead zone , you can use a antennas to extend the wireless signals into a specific unidirectional or directional point - to - point connections .
Frequencies and Range
Wireless networks work with certain frequencies , which are primarily 2.4 and 5 GHz . Here is the breakdown of the wireless networks that use each one of them : 2.4 GHz 802.11b 802.11g • 802.11n 802.11ax - 5 GHz • 802.11a • 802.11n • 802.11ac • 802.11ax The 802.11n and 802.11ax wireless networks can work with both 2.4 and 5 GHz frequencies .
EAP
authentication server , such as a RADIUS server . The EAP protocol is the actual carrier for the IEEE 802.1x uses EAP to share authentication information between the supplicant and the authentication information and is used with various wireless protocols , such as WPA and WPA2 There are different variants of EAP . Some of them use certificates while others do not . One of the drawbacks of EAP is that it , by default , does not secure authentication information . It takes for granted that the information that it is carrying is secured or encrypted .
Cloud failover sites
can be used by configuring the failover site on a Cloud Service provider instead of failing over to an on - premise hosted infrastructure . To further ensure network resources are highly available , the facilities that will be hosting the network equipment needs to be equipped with the following infrastructure hardware.
DNS caching & Time to live configuration
configuration : DNS caching is a temporary database stored on a client machine . This database contains records of the recently visited sites and resources by the user . Time to live ( TTL ) is the time specified for how long a specific record should be stored on a server before it will be removed
Text record TXT )
domain administrator will create TXT records to add notes to the DNS system for reference . In addition , these records can also contain data referencing other devices .
Start of Authority SOA
records are part of the DNS Zone file and specify the Authoritative Name Server for the DNS zone . The details for the domain administrator and how often the DNS information needs to be updated are also part of these records
Hot Site
resources . In comparison , a hot site is readily available in the event of a disaster , and little or no interruption to network resources will be experienced with this type of failover . The difference between a cold and warm site is that a warm site will contain the data , but it has not been configured.
Cameras Cameras are deployed for surveillance purposes in a facility . You can deploy analog closed circuit television ( CCTV ) cameras that are typically connected with a hard drive . Cameras can be of different types
• Fixed : Are usually fixed on the wall in such a position that they can record the entry and exit of each individual through the door . • Pan - Tilt - Zoom ( PTZ ) : Are used for zooming on to an individual . For example , if a large crowd is in a room , you can use a PTZ camera to zoom into an individual . • CCTV : Are mainly used for monitoring a specific area within the building . The footage is recorded in a video format , which can later be played back . • IP - based : Are used with an IP - based network and use regular network cables . The benefit of such cameras is that they can be installed anywhere as long as a network cable is available . Most use Power over Ethernet ( PoE ) , which does not require a separate power connection .
Heating Ventilation , and Air Conditioning ( HVAC ) Sensors HVAC stands for heating , ventilation and air conditioning . When you construct a building , you need to be conscious of HVAC . HVAC systems are designed to use sensors to manage and increase efficiency in managing HVAC . Some of the key components of HVAC systems are :
• Sensors Controllers • Output devices • Communication protocols • Terminal interface Each component is controlled either by firmware or critical , sensors play a vital role in HVAC systems . They are responsible for identifying software . Even though each component is equipment malfunctions or improper conditions that can lead to environmental hazards . For example , sensors can detect :
Firewall
• Software - based applications are either part of the operating system or can be installed a third - party application . Zone Alarm is an example of a third - party firewall , whereas Windows Defender Firewall is part of the Windows operating system . • Hardware - based : Are dedicated hardware devices that act as a firewall . Cisco Adaptive Security Appliance ( ASA ) is a hardware - based firewall .
The SCADA systems play a big role in acquiring data from specified points in an industrial process and control industrial processes and machinery . Some of the key SCADA components are
● Master Terminal Unit ( MTU ) : The core of the SCADA system responsible for collecting and storing data . It receives data from the Remote Terminal Units . • Remote Terminal Unit ( RTU ) : Connects with the sensors to receive their data . They are geographically dispersed and performs tasks after it receives commands from MTU . • Programmable Logic Controller ( PLC ) : Connects with the sensors to receive its data and then performs the conversion of the sensor data to digital format . Human Machine Interface ( HMI ) : Is the interface that displays the data to the user .