Chapter 8 Concepts

Ace your homework & exams now with Quizwiz!

Subnetting

- Alters the rules of classful IPv4 addressing - Borrow bits that would represent host info - Use those bits instead to represent network info -- increase the number of bits available for network ID (increase number of networks) -- reduce the number of bits available for identifying hosts (decrease number of hosts per network)

Managed switch

- Can be configured via a command-line interface or a web-based management GUI - Are usually assigned an IP address - VLANs can only be implemented through managed switches - Ports can be partitioned into groups

Default subnet masks

- Class A - 8 bits or 255.0.0.0 - Class B - 16 bits or 255.255.0.0 - Class C - 24 bits or 255.255.255.0

Subnet example:

A business has grown from 20 or 30 computers to having a few hundred computers and devices: - There is only a single LAN or broadcast domain - One router serves as the default gateway for the entire network

Unmanaged switch

Provides plug-and-play simplicity with minimal configuration - Has no IP address assigned to it

Network segmentation

When a network is segmented into multiple smaller networks: 1. Traffic on one network is separated from another network's traffic 2. Each network is its own broadcast domain

To create VLSM subnets:

1. Create the largest subnet first 2. Create the next largest subnet, and the next one, and so on

VLAN types

1. Default VLAN - typically preconfigured on a switch and initially includes all switch ports 2. Native VLAN - receives all untagged frames from untagged ports 3. Data VLAN - carries user-generated traffic, such as email, web browsing, or database updates 4. Management VLAN - can be used to provide administrative to a switch 5. Voice VLAN - supports VoIP traffic

Two approaches to VLAN hopping

1. Double tagging - hacker stacks VLAN tags in ethernet frames -- first, legitimate tag is removed by switch -- second, illegitimate tag is revealed, tricking switch into forwarding transmission on to a restricted VLAN 2. Switch spoofing - attacker connects to a switch and makes the connection look to the switch as if it's a trunk line -- hacker can feed his own VLAN traffic into that port and access VLANs throughout the network

Segmentation accomplishes the following:

1. Enhance security 2. Improve performance 3. Simplify troubleshooting

How sugnet masks work

1. IPv4 address is divided into two parts: -- network ID and host ID 2. Subnet mask is used so devices can determine which part of an IP address is network ID and which part is the host ID: -- number of 1s in the subnet mask determines the number of bits in the IP address belown to the network ID -- IP address is 192.168.123.132 in binary: 11000000.10101000.01111011.10000100 -- subnet mask 255.255.255.0 in binary: 11111111.11111111.11111111.0000000 -- network ID: 192.168.123.0 -- host portion: 0.0.0.132

Common VLAN configuration errors

1. Incorrect port mode - switch ports connected to endpoints should nearly always use access mode 2. Incorrect VLAN assignment - can happen due to a variety of situations 3. VLAN isolation - you can potentially cut off an entire group from the rest of the network

Reasons for using VLANs

1. Isolating connections with heavy or unpredictable traffic patterns 2. Identifying groups of devices whose data should be given priority handling 3. Containing groups of devices that rely on legacy protocols incompatible with the majority of the network's traffic 4. Separating groups of users who need special security or network functions 5. Configuring temporary networks 6. Reducing the cost of networking equipment

Cisco's VTP (VLAN trunking protocol)

1. The most popular protocol for exchanging VLAN info over trunks 2. VTP allows changes to VLAN database on one switch, called the stack master, to be communicated to all other switches in the network

Subnets

1. To better manage network traffic, segment the network so that each floor contains one LAN, or broadcast domain -- install a router on each floor 2. You will need to configure clients on each subnet so they know which devices are on their own subnet -- divide the pool of IP addresses into three groups or subnets (technique called subnetting)

VLAN hopping

1. occurs when an attacker generates transmissions that appear to belong to a protected VLAN 2. Crosses VLANs to access sensitive data or inject harmful software

Implement subnets

A centrally managed DHCP server can provide DHCP assignments to multiple subnets with the help of DHCP relay agent: 1. A router, firewall, or layer 3 switch receives the DHCP request from a client in one of its local broadcast domains 2. The layer 3 device creates a message of its own and routes this transmission to specified DHCP server in a different broadcast domain 3. DHCP server notes the relay agent's IP address and assigns the DHCP client an IP address on the same subnet

Switch ports

A port on a switch is configured as either an access port or a trunk port - Access port: used for connecting a single node - trunk port: capable of managing traffic among multiple VLANs

Trunk

A single physical connection between switches through which many logical VLANs can transmit and receive data - Trunking protocols assign and interpret VLAN tags in Ethernet frames

Subnet Mask tables

Class A, Class B, and Class C networks can be subnetted: - each class has different number of host information bits usable for subnet info - varies depending on network class and the way subnetting is used

CIDR

Classless Interdomain Routing. - Provides additional ways of arranging network and host information in an IP address -Takes the network ID or a host's IP address and follows it with a forward slash (/), followed by the number of bits used for the network ID Example: 192.168.89.127/24 - - 24 represents the number of 1s in the subnet mask and the number of bits in the network ID - Known as a CIDR block

VLANs and subnets

Each VLAN is assigned its own subnet of IP addresses

Subnetting questions on exams

Likely to see two types of subnet calculation problems: 1. Given certain network requirements (required number of hosts or subnets), calculate possible subnets and host IP address ranges 2. Given an IP address, determine its subnet's network ID, broadcast address, and first/last host addresses

VLAN hopping mitigation

Mitigation efforts to reduce the risk of VLAN hopping: 1. don't use the default VLAN 2. change the native VLAN to an unused VLAN ID 3. disable auto-trunking on switches that don't need to support traffic from multiple VLANs 4. on switches that carry traffic from multiple VLANs, configure all ports as access ports unless they are used as trunk ports 5. specify which VLANs are supported on each trunk instead of accepting a range of all VLANs 6. Use physical security methods such as door locks to restrict access to network equipment

Network groupings

Networks are commonly segmented according to one of the following groupings: 1. Geographic locations 2. Departmental boundaries 3. Device types

Subnets in IPv6

Subnetting in IPv6 is simpler than IPv4. - classes not used - subnet masks not used - single IPv6 subnet is capable of supplying 18,446,744,073,709,551,616 IPv6 addresses Subnetting helps administrators manage the enormous volume of IPv6 addresses. IPv6 addresses commonly written as eight clocks of four hexadecimal characters: - Last four blocks identify the interface - First four blocks identify the network and serve as the network prefix (AKA the site prefix or global routing prefix) - Fourth hexadecimal block in the site prefix can be altered to create subnets

802.1Q

The IEEE standard that specifies how VLAN info appears in frames and how switches interpret that info

Identify transmissions

To identify the transmissions that belong to each VLAN - The switch adds a tag to Ethernet frames that identifies the port through which they arrive at the switch - Tag travels with transmission until it reaches a router or the switch port connected to the destination device (whichever comes first) - If the frame is being routed to a new VLAN: -1. router adds a new tag -2. tag is removed once frame reaches its final switch port

VLSM

Variable Length Subnet Mask. Allows subnets to be further subdivided into smaller and smaller groupings until each subnet is about the same size as the necessary IP address space. Often referred to as "subnetting a subnet".

VLAN

Virtual local area network - Groups ports on a switch so that some of the local traffic on the switch is forced to go through a router - Limiting traffic to a smaller broadcast domain


Related study sets

Semester 1 exam engineering review

View Set

Chapter 19: Title of Goods and Risk to Loss

View Set

International Business Chapter 9

View Set

Lesson 6 - Privacy and Confidentiality

View Set

EXIT HESI - Comprehensive PN Exam A Practice Questions

View Set

Comptia A+ Windows shortcuts and paths

View Set

Trevor Cicala's Security+ Flash Cards

View Set

Ch 20 DNA Tools and Biotechnology

View Set