NWS Cha 8: Subnets and VLANS

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

As a shortcut to calculating the number of hosts, you can use the form

2^h- 2=Z • h equals the number of bits remaining in the host portion. • Z equals the number of hosts available in each subnet. So, 2^5 2 yields 30 possible hosts per subnet.

access port

Connects the switch to an endpoint, such as a workstation. The computer connected to an access port does not know which VLAN it belongs to, nor can it recognize other VLANs on the same switch.

VTP (VLAN Trunk Protocol)

The most popular protocol for exchanging VLAN information over trunks is Cisco's VTP (VLAN Trunk Protocol). VTP allows changes to a VLAN database on one switch, called the stack master, to be communicated to all other switches in the network. This provides network administrators with the ability to centrally manage all VLANs by making changes to a single switch. Other switches besides the stack master in the same VTP domain can also communicate VLAN updates, such as the addition of a new VLAN

magic number

When examining the subnet mask for a network, if any octet is not 255 or 0, you know that this network is a subnet and classful addressing is not used. The unusual octet (224 in our example) is often called the interesting octet. Subtract the interesting octet value from 256 and you get what is called the magic number.

DHCP relay agent

A centrally managed DHCP server can provide DHCP assignments to multiple subnets (and VLANs) with the help of a DHCP relay agent. The following steps describe this process: Step 1—A router, firewall, or Layer 3 switch programmed to support relay agent software receives the DHCP request from a client in one of its local broadcast domains. Step 2—The Layer 3 device creates a message of its own and routes this transmission to the specified DHCP server in a different broadcast domain. Step 3—The DHCP server notes the relay agent's IP address and assigns the DHCP client an IP address on the same subnet

How Subnet Masks Work

A device uses a subnet mask to determine which subnet or network it belongs to. Let's review a little of what you've already learned regarding IP addresses and subnet masks. Recall that an IPv4 address has 32 bits and is divided into two parts: the network portion, which identifies the network and is called the network ID, and the host portion, which identifies the host and is called the host ID. When a computer is ready to send a transmission to another host, it first compares the bits in its own network ID to the bits in the network ID of the destination host. If the bits match, the remote host is on the sending computer's own network, and it sends the transmission directly to that host. If the bits don't match, the destination host is on another network, and the computer sends the transmission to the default gateway on its network. The gateway is responsible for sending the transmission toward the correct network.

trunking

A single switch can support traffic belonging to several VLANs across the network, thanks to the technique known as trunking. The term trunk originated in the telephony field, where it refers to an aggregation of logical connections over one physical connection. For example, a trunk carries signals for many residential telephone lines in the same neighborhood over one cable. Similarly, in the context of switching, a trunk is a single physical connection between networking devices through which many logical VLANs can transmit and receive data.

VLAN (virtual local area network or virtual LAN)

As you've learned, a subnet groups IP addresses so that clients on a large network can be logically organized into smaller networks. As you've also seen, this is often accomplished by adding routers (or Layer 3 switches) to the network or by using multiple ports on a single router (or Layer 3 switch). This creates multiple LANs within the larger network, with subnets organizing the available IP address space. By contrast, a VLAN (virtual local area network or virtual LAN) groups ports on a Layer 2 switch so that some of the local traffic on the switch is forced to go through a router, thereby limiting the traffic to a smaller broadcast domain. As virtual LANs, VLANs abstract the broadcast domain from the networking hardware. This is similar to how VMs abstract computing functions from a computer's hardware. When using VLANs, the boundaries of the broadcast domain can be virtually defined anywhere within a single physical LAN. Recall the example given earlier in this chapter of a large network on three floors of a building, as shown earlier in Figure 8-2. Rather than placing new routers on each floor of the building, you could use managed switches and VLANs to segment the network. For example, suppose you segment the network by department in the company rather than by floors in the building, as shown in Figure 8-15. To do this, you would install managed switches to replace the original switches if necessary. (It may not be necessary, because many enterprise switches these days have built-in VLAN functionality.) Next, you assign each host to a specific VLAN. You do this by configuring the switch port that each host is connected to.

subnetting

How do you divide the pool of IP addresses so that a computer on Subnet 2 knows to send transmissions for devices on other subnets to the default gateway instead of trying to communicate with them directly? The solution is to divide your pool of IP addresses into three groups, or subnets, one for each LAN or floor of the building. This technique is called subnetting. Subnetting helps solve the fundamental problem with classful addressing: too many host addresses assigned to each classful network, resulting in available addresses being used up too quickly. For example, a single Class B network can have up to 65,534 IP addresses and hosts all on the one LAN. Imagine the challenges involved in managing such a highly populated LAN, not to mention the poor performance that would result. Subnetting helps us manage IP address space more efficiently. Also, though it might not be obvious at this point, using well-chosen subnets provides the following benefits: • Network documentation is easier to manage. • Problems are easier to locate and resolve

native VLAN mismatch, or just VLAN mismatch

However, switch ports on each end of a trunk should agree on the native VLAN assignment. If the ports don't agree, this is called a native VLAN mismatch, or just VLAN mismatch, and will result in a configuration error.

ip helper-address

On some Cisco products, a more robust command, ip helper-address, can be configured to create and send helper messages that support several types of UDP traffic, including DHCP, TFTP, DNS, and TACACS1 (which you'll learn more about later).

classless addressing

Subnetting, which alters the rules of classful IPv4 addressing, is called classless addressing. To create a subnet, you borrow bits that would represent host information in classful addressing and use those bits instead to represent network information. By doing so, you increase the number of bits available for the network ID, and you also reduce the number of bits available for identifying hosts.

tag

To identify the transmissions that belong to each VLAN, the switch adds a tag to Ethernet frames that identifies the port through which they arrive at the switch. This VLAN identifier is specified in the 802.1Q standard, which is the IEEE standard that defines how VLAN information appears in frames and how switches interpret that information. Note that the 802.1Q standard is sometimes referred to as dot1q. Also, the port information required by this standard is sometimes referred to as the 802.1Q tag or dot1q tag

VLSM (Variable Length Subnet Mask)

Traditional subnetting reduces the waste of IP addresses, but results in multiple subnets that are all the same size. This uniformity in subnet size can be inefficient in complex networks. VLSM (Variable Length Subnet Mask) allows subnets to be further subdivided into smaller and smaller groupings until each subnet is about the same size as the necessary IP address space. This is often referred to as "subnetting a subnet."

default VLAN

Typically preconfigured on a switch and initially includes all the switch's ports. Other VLANs might be preconfigured as well, depending on the device and manufacturer. The default VLAN cannot be renamed or deleted; however, ports in the default VLAN can be reassigned to other VLANs.

CIDR (Classless Interdomain Routing)

You can't just look at an IP address and immediately see how many of its bits are network bits and how many are host bits. Instead, you can use a subnet mask to determine this information. Another option is to use CIDR (Classless Interdomain Routing), devised by the IETF in 1993. This shorthand method for identifying network and host bits in an IP address is also known as CIDR notation or slash notation. (Note that CIDR is pronounced cider.) CIDR notation takes the network ID or a host's IP address and follows it with a forward slash (/), which is then followed by the number of bits that are used for the network ID. For example, this private IP address could be written as 192.168.89.127/24, where 24 represents the number of 1s in the subnet mask and therefore the number of bits in the network ID. In CIDR terminology, the forward slash, plus the number of bits used for the network ID—for example, /24—is known as a CIDR block.

Managed switches

can be configured via a command-line interface or a web-based management GUI (see Figure 8-16), and sometimes can be configured in groups. Usually, they are also assigned IP addresses for the purpose of continued management. VLANs can only be implemented through managed switches, whose ports can be partitioned into groups. Figure 8-17 shows the switch ports that are configured for the VLANs listed on the switch's management interface in Figure 8-16.

Types of VLANs

default VLAN, native VLAN

unmanaged switch

provides plug-and-play simplicity with minimal configuration options and has no IP address assigned to it. Unmanaged switches are not very expensive, but their capabilities are limited and they cannot support VLANs

trunk port

—Connects the switch to a router or another switch (or possibly a server). This interface manages traffic from multiple VLANs (see Figure 8-23). A trunk line (or just "trunk") is a link between two trunk ports.

native VLAN

—Receives all untagged frames from untagged ports. By default, this is the same as the default VLAN. However, this configuration poses a security risk when untagged traffic is allowed to travel in a VLAN-managed network. To protect the network from unauthorized traffic, the native VLAN should be changed to an unused VLAN so that untagged traffic essentially runs into a dead-end.

site prefix or global routing prefix

• The first four blocks or 64 bits normally identify the network and serve as the network prefix, also called the site prefix or global routing prefix, as shown in Figure 8-12. In the IPv6 address 2608:FE10:1:AA:002:50FF:FE2B:E708, the site prefix is 2608:FE10:1:AA and the interface ID is 002:50FF:FE2B:E708. You might see site prefixes represented as, for example, 2608:FE10:1:AA::/64, where the number of bits that identify the network follow a slash

VLAN hopping

• double tagging—The hacker stacks VLAN tags in Ethernet frames. When the first, legitimate tag is removed by a switch, the second, illegitimate tag is revealed, tricking a switch into forwarding the transmission on to a restricted VLAN. • switch spoofing—An attacker connects to a switch and then makes the connection look to the switch as if it's a trunk line. The switch might auto- configure its port into trunk mode when it detects trunk mode on the other end of the connection. A hacker can then feed his own VLAN traffic into that port and access VLANs throughout the network


संबंधित स्टडी सेट्स

Global Economic Sectors and Systems

View Set

CH 7: The Flow of Food (Storage)

View Set

Automatic Transmissions Final: Chapters 4, 5, 6, 7, & 10

View Set

Frankenstein Quiz 2 Chapter 6-10; Vocabulary

View Set