Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Electrical Engineering

Chapter 11 Intructor Training

Chapter 11: It’s a
Network
Introduction to Networking
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
NOTICE
Date Thursday 16th January 2014 Lab 405 in 2PM.
Note: This is a closed book multiple choice exam covering
all 7 chapters. Normal DIT exam regulations apply. Also no
calculators allowed.
I will do a tutorial from 3:30PM to 5:30PM on Tuesday14th
January 2014 in Rm 407 (Lecture Theatre).
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
1
Devices in a Small Network
Device Selection for a Small Network
 Factors to be considered when selecting intermediate
devices (Routers, Switches)
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
Devices in a Small Network
Device Selection for a Small Network
 Cost
Determined by its capacity and features. Includes the number /type/ speed of ports. Other
factors network management capabilities, embedded security technologies, and optional
advanced switching technologies. The expense of cable runs required to connect every
device on the network must also be considered. Another key element affecting cost
consideration is how much redundancy to incorporate into the network – this includes
devices, ports per device, and copper or fiber-optic cabling.
 Speed and Types of Ports/Interfaces
Choosing the number and type of ports on a router or switch is a critical decision.
Copper/Fibre 10/100/100 Mbps
 Expandability
Networking devices come in both fixed and modular physical configurations. Fixed - specific
number and type of ports or interfaces. Modular devices have expansion slots that provide
the flexibility to add new modules as requirements evolve.
 Operating System Features and Services
Depending on the version of the operating system, a network device can support certain
features and services, such as: Security, QoS, VoIP, Layer 3 switching, NAT, DHCP
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
2
Devices in a Small Network
Addressing for a Small Network
 IP addressing scheme should be planned, documented
and maintained based on the type of devices receiving
the address.
 Examples of devices that will be part of the IP design:
End devices for users
Servers and peripherals
Hosts that are accessible from the Internet
Intermediary devices
 Planned IP schemes help the administrator:
Track devices and troubleshoot
Control access to resources
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
Devices in a Small Network
Redundancy in a Small Network
 Redundancy helps to eliminate single points of failure.
 Improves the reliability of the network.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
3
Devices in a Small Network
Design Considerations for a Small Network
 The following should be included in the network
design:
Secure file and mail servers in a centralized location.
Protect the location by physical and logical security measures.
Create redundancy in the server farm.
Configure redundant paths to the servers.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
Protocols in a Small Network
Real-Time Applications for a Small Network
 Infrastructure - needs to be evaluated to ensure it will
support proposed real time applications.
 VoIP is implemented in organizations that still use
traditional telephones
 IP telephony - the IP phone itself performs voice-to-IP
conversion
 Real-time Video Protocols - Use Time Transport
Protocol (RTP) and Real-Time Transport Control
Protocol (RTCP)
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
4
Growing to Larger Networks
Scaling a Small Network
Important considerations when growing to a larger network:
 Documentation – physical and logical topology
 Device inventory – list of devices that use or comprise the
network
 Budget – itemized IT budget, including fiscal year
equipment purchasing budget
 Traffic Analysis – protocols, applications, and services
and their respective traffic requirements should be
documented
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
Growing to Larger Networks
Evolving Protocol Requirements
 Network administrators can obtain IT “snapshots” of
employee application utilization.
 Snapshots track network utilization and traffic flow
requirements.
 Snapshots help identify
any network modifications
needed.
 These snapshots typically
include information such as
OS version, Network &
Non-Network Applications,
and CPU, Drive & RAM
utilization.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
5
Growing to Larger Networks
Protocol Analysis of a Small Network
Information gathered by protocol analysis can be used to
make decisions on how to manage traffic more efficiently.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
Protocols in a Small Network
Common Protocols in a Small Network
 Network protocols support applications and services.
•
Common network protocols include DNS, Telnet, IMAP, SMTP, POP,
DHCP, HTTP, and FTP.
 Network protocols define:
• Processes on either end of a communication session.
• Types of messages.
• Syntax of the messages.
• Meaning of informational fields.
• How messages are sent and
the expected response.
• Interaction with the next
lower layer.
 Secure versions of some of these protocols are HTTPS, SFTP, and SSH.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
6
Protocols in a Small Network
Real-Time Applications for a Small Network
 Infrastructure - needs to be evaluated to ensure it will
support proposed real time applications.
 VoIP is implemented in organizations that still use traditional
telephones. VoIP uses voice-enabled routers that convert
analog voice from traditional telephone signals into IP
packets.
 IP telephony - the IP phone itself performs the voice-to-IP
conversion. Voice-enabled routers are not required. IP
phones use a dedicated server for call control and signalling.
 Real-time Video Protocols - Use Real-Time Transport
Protocol (RTP) and Real-Time Transport Control Protocol
(RTCP) support applications that require delay-sensitive
delivery.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Cisco Confidential
14
Network Device Security Measures
Threats to Network Security
 Categories of Threats to Network Security
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
7
Network Device Security Measures
Physical Security
Four classes of physical threats are:
 Hardware threats - physical damage to servers, routers,
switches, cabling plant, and workstations.
 Environmental threats - temperature extremes (too hot
or too cold) or humidity extremes (too wet or too dry)
 Electrical threats - voltage spikes, insufficient supply
voltage (brownouts), unconditioned power (noise), and
total power loss
 Maintenance threats - poor handling of key electrical
components (electrostatic discharge), lack of critical
spare parts, poor cabling, and poor labeling
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
Network Device Security Measures
Types of Security Vulnerabilities
 Technological weaknesses (TCP/IP weakness – HTTP, FTP
& ICMP are inherently insecure).
 Configuration weaknesses (unsecured user accounts, easily
guessed passwords, unsecured default settings).
 Security policy weaknesses
(lack of a written policy
makes enforcement
difficult, lack of a disaster
recovery plan to deal with
attacks, unauthorized
software and hardware
changes creating security
holes).
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
8
Vulnerabilities and Network Attacks
Viruses, Worms and Trojan Horses
 A virus - malicious software that is attached to another
program to execute a particular unwanted function on a
workstation.
 A Trojan horse - the entire application was written to
look like something else, when in fact it is an attack
tool.
 Worms - self-contained programs that attack a system
and try to exploit a specific vulnerability in the target.
The worm copies its program from the attacking host to
the newly exploited system to begin the cycle again.
•
The key element that distinguishes a computer worm from a
computer virus is that human interaction is required to
facilitate the spread of a virus.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Vulnerabilities and Network Attacks
Reconnaissance Attacks
 Reconnaissance attacks - the unauthorized discovery and
mapping of systems, services, or vulnerabilities.
 Attackers use Internet tools such as nslookup and whois to
determine IP addresses, then ping to identify active
addresses.
 To automate this step, they may
use a ping sweep tool (fping or
gping) which systematically
pings all network addresses
in a given range.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
9
Vulnerabilities and Network Attacks
Access Attacks
 Access attacks - the unauthorized manipulation of data,
system access, or user privileges.
•
Access attacks can be classified into four types: Password attack,
Trust exploitation, Port Redirection, and Man-in-the-Middle attack.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
Vulnerabilities and Network Attacks
Denial of Service Attacks (DoS)
 Denial of service - the disabling or corruption of networks,
systems, or services so legitimate users are denied service.
 For example, a Ping of Death sends a malformed ping to a
computer. A ping is normally 56 bytes but sending one larger
than the IPv4 max size (65,535 bytes) could crash the target
computer.
 NOTE: A packet of such
a size normally can’t be
sent, but if it is fragmented,
when the target computer
reassembles the packet
a buffer overflow can
occur, which often causes
a system crash.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
10
Mitigating Network Attacks
Backup, Upgrade, Update, and Patch
 Keep current with the latest versions of antivirus software.
 Install updated security patches.
 Antivirus software can be deployed at the user level and at
the network level.
 Could manage critical security
patches with a central patch
server that all must check in
with after a set period of time,
as shown in Fig. Any patches
not applied to a host are
automatically downloaded
from the patch server and
installed without user intervention.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
Mitigating Network Attacks
Authentication, Authorization, and Accounting
Authentication, Authorization, and Accounting (AAA, or “triple
A”) provide the primary framework to set up access control
on a network device, i.e., AAA is a way to control access.
 Authentication - Users and administrators must prove their
identity. Authentication can be established using username
and password combinations, challenge and response
questions, token cards, and other methods.
•
RADIUS and TACACS+ are for external authentication of users.
 Authorization - which resources the user can access and
which operations the user is allowed to perform.
 Accounting - records what the user accessed, the amount
of time the resource is accessed, and any changes made.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
22
11
Mitigating Network Attacks
Firewalls
A firewall resides between two or more networks. Firewall
products come packaged in various forms, as shown in the
Figure. They controls traffic and helps prevent unauthorized
access. Methods used are:
 Packet Filtering - based on IP or MAC addresses.
 Application Filtering - Prevents
or allows access by specific
application types based on
port numbers.
 URL Filtering - based on
specific URLs or keywords.
 Stateful Packet Inspection
(SPI) - Incoming packets must be legitimate responses to
requests from internal hosts.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
23
Mitigating Network Attacks
Endpoint Security
 Common endpoints are laptops, desktops, servers,
smart phones, and tablets.
 Employees must follow the companies documented
security policies to secure their devices.
 Policies often include the use of anti-virus software and
host intrusion prevention.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24
12
Securing Devices
Introduction to Securing Devices
 Part of network security is securing devices, including
end devices and intermediate devices.
 Default usernames and passwords should be changed
immediately.
 Access to system resources should be restricted to only
the individuals that are authorized to use those
resources.
 Any unnecessary services and applications should be
turned off and uninstalled, when possible.
 Update with security patches as they become available.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
25
Securing Devices
Passwords
 To protect network devices, it is important to use strong
passwords. Standard guidelines to follow are:
•
Use a password length of at least 8 characters.
•
Use a mix of uppercase and lowercase letters, numbers, symbols,
and spaces (if allowed).
•
Avoid passwords based on repetition, dictionary words, usernames,
birthdates, or other easily identifiable pieces of information.
•
Deliberately misspell a password. For example, Smith = Smyth =
5mYth or Security = 5ecur1ty.
•
Change passwords often.
•
Do not write passwords down
and leave them in obvious
places such as on the desk
or monitor.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
26
13
Securing Devices
Basic Security Practices
 Encrypt passwords - Global config command service
password-encryption prevents unauthorized viewing of
passwords in plaintext in the config file.
 Require minimum length passwords.
 Block brute force attacks – The command blocks login attempts
for 120 seconds, if there are three failed login attempts within
60 seconds.
 Use Banner Message.
 Set EXEC timeout - This
command will disconnect
users after 10 minutes.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
27
Securing Devices
Enable SSH
 The legacy protocol to manage devices remotely is Telnet,
which is not secure as data is transmitted unencrypted.
 It is highly recommended to
enable SSH on devices for
secure remote access.
 Start by ensuring the router
has a unique host name (R1).
 Then configure the IP domain
name using the ip domainname domainname command.
 The 4 steps are shown in the
figure.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
28
14
Ping
Interpreting ICMP Messages
 The ping command is used to verify the internal IP
configuration on the local host.
 The ping command moves from Layer 3 of the OSI
model to Layer 2 and then Layer 1. Ping uses the ICMP
protocol to check for connectivity.
 IOS Ping Indicators:
•
! - indicates receipt of an
ICMP echo reply message.
•
. - indicates a time expired
while waiting for an ICMP
echo reply message.
•
U - an ICMP unreachable
message was received.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
29
Ping
Leveraging Extended Ping
 The Cisco IOS offers an "extended" mode of the ping command
(Pressing Enter accepts the indicated default values):
 This example illustrates how to
force the source address for a
ping to be 10.1.1.1 (see R2 in
the figure); the source address
for a standard ping would be
209.165.200.226. Thus the
administrator can verify remotely
(from R2) that R1 has the route
10.1.1.0/24 in its routing table.
R2# ping
Protocol [ip]:
Target IP address: 192.168.10.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.1.1
Type of service [0]:
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
30
15
Ping
Network Baseline
 A baseline is a process for studying the network at regular
intervals to ensure that it is working as designed.
 Measuring performance at varying times (see Figures on left
below) and loads will assist in creating a better picture of
overall network performance.
 Capturing ping command output can
also be completed from the IOS prompt.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
31
Cisco Confidential
32
Tracert
Interpreting tracert Messages
 A trace returns a list of hops as a
packet is routed through a network.
 When performing a
trace from a Windows
computer use tracert,
and from a router CLI
use traceroute.
 Similar to ping, capturing
the traceroute output
can also be done from
the router prompt.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
16
Show Commands
Common show Commands Revisited
 The status of nearly every process or function of the
router can be displayed using a show command.
 Frequently used show commands:
show running-config
show interfaces
show arp
show ip route
show protocols
show version
Show ip int brief
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
33
Show Commands
Viewing Router Settings with show version
 The configuration register tells
the router how to boot. There
are many possible settings for
the configuration register. The
most common ones are:
 0x2102 - Factory default
setting for Cisco routers (load
the IOS image from flash and
load the startup config file
from NVRAM).
 0x2142 - Router ignores the
contents of Non-Volatile RAM
(NVRAM).
 0x2120 - Router boots into
ROMmon mode.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Configuration register
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
34
17
Show Commands
Viewing Switch Settings with show version
 The show version command on a switch displays information about
the currently loaded software version, along with hardware and device
information such as S/W ver, Bootstrap ver, system up-time, restart info
(e.g., power cycle, crash), IOS filename, model number, memory type
(shared/main), RAM, hardware interfaces, configuration register.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
35
Host and IOS Commands
ipconfig Command Options
 ipconfig - displays ip address, subnet mask, default
gateway.
 ipconfig /all – also displays MAC address.
 ipconfig /displaydns - displays all cached DNS
entries in a Windows system.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
36
18
Host and IOS Commands
arp Command Options
 The arp command enables the creation, editing, and
display of mappings of physical addresses to known
IPv4 addresses. The arp command is executed from
the Windows command
prompt.
 The arp –a command
lists all devices currently
in the ARP cache of the
host.
 The arp -d
command
clears the
cache.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
37
Host and IOS Commands
show cdp neighbors Command Options
 CDP is a Cisco-proprietary protocol that runs at the data link
layer. On boot up, CDP starts up by default.
 Below, R3 has used cdp to gather detailed information about
R2, and switch S3 connected to the FE interface on R3.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
38
19
Host and IOS Commands
Using show ip interface brief - Router
 Can be used to verify the status of all network interfaces
on a router or a switch.
 The up in the Status column shows that this interface is
operational at Layer 1. The up in the Protocol column
indicates that the Layer 2 protocol is operational.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
39
Host and IOS Commands
Using show ip interface brief - Switch
 An IP address is only necessary if the switch will be
managed over the network using Telnet or SSH. If the
network administrator plans to remotely connect to the
switch from a location outside of the local LAN, then a
default gateway must also be configured.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
40
20
Router and Switch File Systems
Router File Systems
 show file systems command - lists all of the available
file systems on a Cisco 1941 route.
 * Asterisk indicates
this is the current
default file system.
 The pound or hash
symbol (#)
appended to the
flash listing
indicates that it is
a bootable disk.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
41
Backup and Restore Configuration Files
Backup and Restore using Text Files
 Configuration files can be saved/archived to a text file using
Tera Term, or HyperTerminal.
 A configuration can also be copied from a file to a device.
When copied from a text file and pasted into a terminal
window, the IOS executes each line of the configuration text
as a command.
 The file will require editing
to ensure that encrypted
passwords are in plaintext
and that non-command text
such as "--More--" and IOS
messages are removed.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
42
21
Backup and Restore Configuration Files
Backup and Restore using TFTP
 Configuration files can be stored on a
Trivial File Transfer Protocol (TFTP) server.
 copy running-config tftp – save the
running configuration to a tftp server.
 NOTE: Download a
free TFTP server from:
www.solarwinds.com
 copy startup-config tftp - save startup configuration
to a tftp server.
 To restore the running configuration:
 Enter the copy tftp running-config command.
 Enter the IP address of the host where the configuration file is stored.
 Enter the name to assign to the configuration file.
 Press Enter to confirm each choice.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
43
Backup and Restore Configuration Files
Using USB Interfaces on a Cisco Router
 USB flash feature provides an optional secondary storage
capability and an additional boot device.
 USB flash drive must be formatted in a FAT16 format.
 Can hold multiple copies of the Cisco IOS and multiple
router configurations.
 Allows administrator to easily move configurations from
router to router.
 Router USB ports
are usually
USB 2.0.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
44
22
Backup and Restore Configuration Files
Backup and Restore Using USB
 Issue the show file systems command to verify
that the USB drive is there, and confirm the name.
 Use the copy run usbflash0:/ command to
copy the configuration file to the USB flash drive.
• The slash is optional but
indicates the root directory
of the USB flash drive.
 Use the dir command to see the
file on the USB drive and use the
more command to see the contents.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
45
Integrated Router
Multi-function Device
 Home networks are being used to provide connectivity and
Internet sharing among multiple PC systems, etc.
 Many home and small business networks utilize the services
of a multi-function device.
 Incorporates a switch, router, and wireless access point (AP),
and also a DHCP service, a firewall.
 Provides routing, switching and wireless connectivity.
 Linksys wireless routers are simple in design and used in
home networks.
 Cisco Integrated Services Router
(ISR) product family offers a wide
range of products, designed for
small office to larger networks.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
46
23
Integrated Router
Multi-function Device
 An example of this type of
integrated router is a
Linksys wireless router.
 It does not typically have
separate components,
making it cheaper.
 Ethernet ports – connected to the internal switch portion,
with an internal connection to the router (Internet) port.
 Internet port – A single port connected to the router portion
of the multifunction device. This is used to connect the device
to another network such as the Internet (e.g phone line for
broadband). The router portion of a multifunction device
maintains routing tables.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
47
Cisco Confidential
48
Integrated Router
Wireless Capability
 Wireless Mode – Most
integrated wireless routers
support 802.11b, 802.11g and
802.11n, which are compatible.
(802.11a is another standard).
 Service Set Identifier (SSID) –
Case-sensitive, alpha-numeric
name for your home wireless
network.
 Wireless Channel – RF
spectrum divided up into
channels.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
24
Integrated Router
Basic Security of Wireless
1. Change default values for SSID, usernames, and passwords.
2. Disable SSID broadcasting.
3. Configure Encryption using WEP or WPA.
 Wired Equivalency Protocol (WEP) - uses pre-configured
keys to encrypt and decrypt data. Every wireless device
allowed to access the network must have the same WEP key
entered. There are applications readily available on the
Internet to discover the WEP key. **** Rubbish ****
 Wi-Fi Protected Access (WPA) – also uses encryption keys
from 64 bits up to 256 bits. New keys are generated each time
a connection is established with the AP. Therefore more
secure. ******* Much more Secure ****
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
49
Integrated Router
Configuring the Integrated Router
 The Linksys device acts as both a DHCP server and a miniwebserver that supports a web-based configuration GUI.
 Initially access the router by cabling a computer to one of the
router’s LAN Ethernet ports.
 The connecting device will automatically obtain IP addressing
information from Integrated Router, and this IP address can
be used by a web browser to access the configuration GUI.
 Change default username and password and the default
Linksys IP address for security
purposes, before the AP is
connected to a live network.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
50
25
Integrated Router
Enabling Wireless
1. Configure the wireless mode (Network Mode:
802.11a,/b/g/n).
2. Configure the SSID (Network Name) – the SSID is
broadcast by default.
3. Configure RF channel (Radio Band).
4. Configure any
desired security
encryption.
Presentation_ID
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
51
Integrated Router
Configure a Wireless Client
 The wireless client configuration settings must match that
of the wireless router. This includes:
1. SSID
2. Security Settings
3. Channel information (if manually set)
 Wireless client software
can be integrated into the
device operating system
or stand alone, downloadable,
wireless utility software.
 Open the wireless link information
screen to display information such
as: the connection data rate,
connection status, and wireless
channel used, as shown in the
figure.
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
52
26
Presentation_ID
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
53
27
Related documents
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Cisco Services are most attractive to customers when they are sold
Cisco Services are most attractive to customers when they are sold
CCENT 640-822 ICND1 Exam Topics Review
CCENT 640-822 ICND1 Exam Topics Review
Class Schedule
Class Schedule
Full-time Information System Administrator
Full-time Information System Administrator
7 Survival Skills - 21st Century Schools
7 Survival Skills - 21st Century Schools
CCNA Security – Chapter 6 Case Study © 2009 Cisco Learning
CCNA Security – Chapter 6 Case Study © 2009 Cisco Learning
102 - ICM Software House
102 - ICM Software House
Download