Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

DblBr-1441_Rowlett

advertisement 
Routing, VLANs and Network
Segmentation
Nick Rowlett
Technology Director – Sparta Schools
Cisco Certified Network Administrator
Microsoft Certified System Administrator
Agenda
Open Systems Interconnection Reference Model
aka The OSI Model
Layer 2 switching protocols; discussion &
demonstration
Layer 3 protocols; discussion & demonstration
Layer 4 – what to know!
Why would I want to segment
my Network?
MIDDLE SCHOOL
ELEMENTARY SCHOOL
ADMIN BLDG.
HIGH SCHOOL
vlan 1
TRUNK
vlan 2
I: The OSI Reference Model
7: Application
6: Presentation
Application
5: Session
4: Transport
3: Network
TCP / UDP
IP - 172.20.64.100
2: Data Link
LLC / MAC - 00-14-22-AE-EB-B0
1: Physical
01001100 / IEEE802.x
Transmission
Medium
Transport
I: The OSI Reference Model
7: Application
7: Application
6: Presentation
6: Presentation
5: Session
5: Session
4: Transport
4: Transport
3: Network
ROUTING - L3
3: Network
2: Data Link
SWITCH – L2
2: Data Link
1: Physical
HUB
Transmission Medium
1: Physical
VLAN Segmentation
VLAN: Virtual Local Area Network
Collision: When two hosts try to communicate at the exact same time
Unicast: Traffic from one host to one host
Multicast: Traffic from one hosts to many hosts
Broadcast: Traffic sent to all hosts
Quality of Service (QoS): guaranteed performance, low latency/errors
LAYER 1
HUB
1 collision domain
1 broadcast domain
LAYER 2
SWITCH
3 collision domains
(1 per port)
1 broadcast domain
LAYER 2
VLAN 1
VLAN 2
Ethernet
• IEEE 802.3
• Transmitted in frames
• Uses MAC addresses to communicate
MAC Addresses
000e.1eca.f834
00-0e-1e-ca-f8-34
Show mac-address-table
MAC
000e.1eca.f834
VLAN
9
PORT
Fa0/1
Unicast / Broadcast
Layer 2: FF:FF:FF:FF:FF:FF
Layer 2 protocols
• Spanning Tree
– STP
– RSTP
– PVST
– PVST+
– MSTP
– R-PVST
• Link Aggregation
– LACP
– Proprietary
Spanning Tree
Bridge Protocol Data Units (BPDU)
Root bridge
election
BPDU
Determine
least cost path
to root bridge
Disable other
paths
Spanning Tree
• Port states:
– Blocking
– Listening
– Learning
– Forwarding
– Disabled
Normal Operation
Broadcast!
Broadcast!
Broadcast!
Broadcast!
Broadcast!
Broadcast!Broadcast!
Broadcast!
Broadcast!
Broadcast!
Broadcast!
Broadcast!
Broadcast!
Broadcast!
Broadcast!
Broadcast!
Broadcast!
Broadcast!
Spanning Tree
• Topology Change Notification
Broadcast!
Root
TCNACK
Broadcast!
Broadcast!
ACK
TCN
Broadcast!
Broadcast!
ACK
TCN
Broadcast!
Spanning Tree
• Portfast (or similar)
– Configure on KNOWN endpoint ports
– Eliminates convergence time to forwarding state
DHCP (Anthropomorphized)
Yo I can give you
192.168.1.1
OK!
Sounds
good,
Can
I get an
IP I’ll
it.
address? use
Anyone?
ARP
• Address Resolution Protocol
• “between” layers 2/3
• Windows: arp –a
Internet Address
Physical Address
Type
10.202.60.1
10.202.61.255
00-24-b5-da-ac-83
ff-ff-ff-ff-ff-ff
dynamic
static
• Switches: show arp
Layer 3 protocols
•
•
•
•
IPv4
IPv6
IPSec
Route sharing protocols
– RIP, OSPF, EIGRP
• ICMP (ping)
IP Address
Host:
Subnet Mask:
Gateway:
Network:
Broadcast:
192.168.1.1
255.255.255.0 (/24)
192.168.1.254
192.168.1.0
192.168.1.255
255.255.255.255
IP Subnetting
192.168.1.1
11000000
128
64
32
16
8
4
2
1
11000000.10101000.00000001.00000001
IP Subnetting
Host
11000000.10101000.00000001.00000001
Subnet Mask
11111111.11111111.11111111.00000000
(255)
(255)
(255)
(0)
Routing
Gateway of Last Resort:
0.0.0.0 via 172.20.0.254
Directly connected:
172.20.16.0/24 is directly connected, Vlan20
Static Route:
192.168.7.0/24 via 172.20.0.1
LAYER 3
10.10.10.2
10.10.10.3
192.168.1.2
192.168.1.3
BROADCAST
BROADCAST
VLAN 1
VLAN 2
LAYER 3 routing
10.10.10.2
10.10.10.3
VLAN 1 10.10.10.1
192.168.1.2
192.168.1.3
VLAN 2 192.168.1.1
‘Bad’ layer 3
10.10.10.2
10.10.10.3
192.168.1.2
BROADCAST
VLAN 1
192.168.1.3
10.10.10.5
10.10.20.17
VLAN 1: 10.10.10.1
VLAN 2: 10.10.20.2
QoS: Prefer VLAN 2
TRUNK
VLANs 1, 2
10.10.10.2
IP PBX
10.10.20.2
INTERNET
VOICE CIRCUIT
MIDDLE SCHOOL
ELEMENTARY SCHOOL
ADMIN BLDG.
HIGH SCHOOL
ADMINISTRATION BUILDING:
NETWORK: 192.168.1.0/24
VLAN 101 – ADMIN_VLAN
VLAN 101 IP: 192.168.1.1
MIDDLE SCHOOL:
NETWORK: 192.168.2.0/24
VLAN 201 – MS_VLAN
VLAN 201 IP: 192.168.2.1
192.168.1.0/24
ELEMENTARY SCHOOL:
NETWORK: 192.168.3.0/24
VLAN 301 – ES_VLAN
192.168.2.0/24
VLAN 301 IP: 192.168.3.1
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
HIGH SCHOOL:
NETWORK: 192.168.4.0/24
192.168.1.0/24VLAN 401 – HS_VLAN
VLAN 401 IP: 192.168.4.1
10.1.1.2/30
192.168.2.0/24
192.168.3.0/24
10.1.1.1/30
192.168.1.0/24
192.168.4.0/24
10.1.2.2/30
192.168.2.0/24
192.168.3.0/24
10.1.2.1/30
192.168.1.0/24
192.168.4.0/24
192.168.2.0/24
192.168.3.0/24
10.1.3.1/30
10.1.3.2/30
192.168.1.0/24
192.168.4.0/24
LAYER 2 TRUNK
192.168.2.0/24
LAYER 3 ROUTED
192.168.3.0/24
192.168.1.0/24
192.168.4.0/24
192.168.1.3
10.10.10.2
10.10.10.3
192.168.1.2
TRUNK
VLAN1
VLAN2
VLAN3
VLAN 1
10.10.10.1
VLAN 2
192.168.1.1
10.10.10.4
172.16.0.1
INTERNET
VLAN 3 (guest)
I: The OSI Reference Model
7: Application
7: Application
6: Presentation
6: Presentation
5: Session
5: Session
4: Transport
4: Transport
3: Network
ROUTING - L3
3: Network
2: Data Link
SWITCH – L2
2: Data Link
1: Physical
HUB
Transmission Medium
1: Physical
Questions?
Related documents
Northampton Community College CISC271a – CCNA 3
Northampton Community College CISC271a – CCNA 3
News Broadcast Comparison worksheet 1
News Broadcast Comparison worksheet 1
Competition 0971: Broadcast Technician
Competition 0971: Broadcast Technician
Elements of Sports Communication
Elements of Sports Communication
Science Fiction Oral History Association Release Form
Science Fiction Oral History Association Release Form
Creative industries business system: technological component
Creative industries business system: technological component
Download
advertisement