CIS 81 Fundamentals of Networking Chapter 4: Network Access Rick Graziani Cabrillo College graziani@cabrillo.edu Fall 2015
Chapter 4 4.1 Physical Layer Protocols 4.2 Network Media 4.3 Data Link Layer Protocols 4.4 Media Access Control 4.5 Summary Chapter 4 Sections
Comparing the two models At the network access layer, the TCP/IP protocol suite does not specify which protocols to use when transmitting over a physical medium. Only describes the handoff from the internet layer to the physical network protocols. OSI Layers 1 and 2 discuss the necessary procedures to access the media and the physical means to send data over a network.
Focus on Data Link Layer IP IP Data Link Layer: Post-It Label on IP “box” (demo) Physical Layer: Roll or toss tennis balls (demo)
Reminder of encapsulation/decapsulation Data Link Header IP Header TCP Header HTTP Header Data Link Trailer Data Data Link Header Data Link Header Data Link Trailer Data Link Trailer IP Packet IP Packet Data Link Header Data Link Header Data Link Trailer Data Link Trailer IP Packet IP Packet Data Link Header Data Link Header Data Link Trailer Data Link Trailer IP Packet IP Packet Data Link Header IP Header TCP Header HTTP Header Data Link Trailer Data
Getting it Connected Connecting to the Network Section 4.1.1.1 A physical connection can be a wired connection using a cable or a wireless connection using radio waves.
Getting it Connected Connecting to the Network Section 4.1.1.1 Switches and wireless access points are often two separate dedicated devices, connected to a router. Many homes use integrated service routers (ISRs),
Getting it Connected Network Interface Cards Section 4.1.1.2 Network Interface Cards (NICs) connect a device to the network. Ethernet NICs are used for a wired connection whereas WLAN (Wireless Local Area Network) NICs are used for wireless.
Getting it Connected Network Interface Cards Connecting to the Wireless LAN with a Range Extender Section 4.1.1.2 Wireless devices must share access to the airwaves connecting to the wireless access point. Slower network performance may occur A wired device does not need to share its access Each wired device has a separate communications channel over its own Ethernet cable.
The Physical Layer Section 4.1.2.1 The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.
Purpose of the Physical Layer Physical Layer Media Section 4.1.2.2 The physical layer produces the representation and groupings of bits for each type of media as: Copper cable: The signals are patterns of electrical pulses. Fiber-optic cable: The signals are patterns of light. Wireless: The signals are patterns of microwave transmissions.
Purpose of the Physical Layer Physical Layer Standards Section 4.1.2.3 Upper OSI layers are performed in software designed by software engineers and computer scientists. TCP/IP suite are defined by the Internet Engineering Task Force (IETF) in RFCs
Purpose of the Physical Layer Physical Layer Standards Standard organization Networking Standards ISO ISO 8877: Officially adopted the RJ connectors (e.g., RJ-11, RJ-45) ISO 11801: Network cabling standard similar to EIA/TIA 568. EIA/TIA TIA-568-C: Telecommunications cabling standards, used by nearly all voice, video and data networks. TIA-569-B: Commercial Building Standards for Telecommunications Pathways and Spaces TIA-598-C: Fiber optic color coding TIA-942: Telecommunications Infrastructure Standard for Data Centers ANSI 568-C: RJ-45 pinouts. Co-developed with EIA/TIA ITU-T G.992: ADSL IEEE 802.3: Ethernet 802.11: Wireless LAN (WLAN) & Mesh (Wi-Fi certification) 802.15: Bluetooth Section 4.1.2.3 Who maintaining physical layer standards? Different international and national organizations, regulatory government organizations, and private companies
Fundamental Principles of Layer 1 Physical Layer Fundamental Principles Media Physical Components Frame Encoding Technique Signalling Method Copper cable UTP Coaxial Connectors NICs Ports Interfaces Manchester Encoding Non-Return to Zero (NRZ) techniques 4B/5B codes are used with Multi-Level Transition Level 3 (MLT-3) signaling 8B/10B PAM5 Changes in the electromagnetic field Intensity of the electromagnetic field Phase of the electromagnetic wave Fiber Optic cable Single-mode Fiber Multimode Fiber Lasers and LEDs Photoreceptors Pulses of light Wavelength multiplexing using different colors A pulse equals 1. No pulse is 0. Wireless media Access Points Radio Antennae DSSS (direct-sequence spread-spectrum) OFDM (orthogonal frequency division multiplexing) Radio waves Section 4.1.3.1
Fundamental Principles of Layer 1 Physical Layer Fundamental Principles Section 4.1.3.1 Encoding or line encoding - Method of converting a stream of data bits into a predefined "codes”. Signaling - The physical layer must generate the electrical, optical, or wireless signals that represent the "1" and "0" on the media.
Fundamental Principles of Layer 1 Encoding and Signaling Section 4.1.3.2 http://www.flukenetworks.com/content/neal-allens-network-maintenance-and-troubleshooting-guide-revealed
Fundamental Principles of Layer 1 Bandwidth Bandwidth is the capacity of a medium to carry data. Typically measured in kilobits per second (kb/s) or megabits per second (Mb/s). Section 4.1.3.2
Fundamental Principles of Layer 1 Throughput Section 4.1.3.3 Throughput is the measure of the transfer of bits across the media over a given period of time. Due to a number of factors, throughput usually does not match the specified bandwidth in physical layer implementations. http://www.speedtest.net/ http://ipv6-test.com/speedtest/
Fundamental Principles of Layer 1 Types of Physical Media Section 4.1.3.4 Different types of interfaces and ports available on a 1941 router
Network Media Copper Cabling Section 4.2.1
Copper Cabling Characteristics of Copper Media 2 1 4 3 Section 4.2.1.1 Signal attenuation - the longer the signal travels, the more it deteriorates - susceptible to interference Crosstalk - a disturbance caused by the electric or magnetic fields of a signal on one wire to the signal in an adjacent wire.
Copper Cabling Copper Media Section 4.2.1.2 Counter the negative effects of different types of interference some cables are wrapped in metallic shielding Counter the negative effects of crosstalk, some cables have opposing circuit wire pairs twisted together which effectively cancels the crosstalk.
Copper Cabling Unshielded Twisted-Pair (UTP) Cable Section 4.2.1.3 Read this section… good stuff!
Copper Cabling Shielded Twisted-Pair (STP) Cable Braided or Foil Shield Foil Shields Section 4.2.1.4
Copper Cabling Coaxial Cable Section 4.2.1.5
Copper Cabling Cooper Media Safety Section 4.2.1.6
UTP Cabling Properties of UTP Cabling Section 4.2.2.1 Read this section… more good stuff!
UTP Cabling UTP Cabling Standards Section 4.2.2.2
UTP Cabling UTP Connectors Section 4.2.2.3
UTP Cabling Types of UTP Cable Section 4.2.2.4
UTP Cabling Testing UTP Cables Section 9.4.2.6
Fiber Optic Cabling Properties of Fiber Optic Cabling Section 4.2.3.1
Fiber Optic Cabling Properties of Fiber Optic Cabling Section 4.2.3.1
Fiber Optic Cabling Fiber Media Cable Design Section 4.2.3.2 Please read this section…. More good stuff!
Fiber Optic Cabling Types of Fiber Media Section 4.2.3.3
Fiber Optic Cabling Network Fiber Connectors Section 4.2.3.4
Fiber Optic Cabling Testing Fiber Cables Section 4.2.3.5
Fiber Optic Cabling Fiber versus Copper Implementation issues Copper media Fibre-optic Bandwidth supported 10 Mbps – 10 Gbps 10 Mbps – 100 Gbps Distance Relatively short (1 – 100 meters) Relatively High (1 – 100,000 meters) Immunity to EMI and RFI Low High (Completely immune) Immunity to electrical hazards Media and connector costs Lowest Highest Installation skills required Safety precautions Section 4.2.3.6
Wireless Media Properties of Wireless Media Section 4.2.4.1
Wireless Media Types of Wireless Media IEEE 802.11 standards Commonly referred to as Wi-Fi. Uses CSMA/CA Variations include: 802.11a: 54 Mbps, 5 GHz 802.11b: 11 Mbps, 2.4 GHz 802.11g: 54 Mbps, 2.4 GHz 802.11n: 600 Mbps, 2.4 and 5 GHz 802.11ac: 1 Gbps, 5 GHz 802.11ad: 7 Gbps, 2.4 GHz, 5 GHz, and 60 GHz IEEE 802.15 standard Supports speeds up to 3 Mbps Provides device pairing over distances from 1 to 100 meters. IEEE 802.16 standard Provides speeds up to 1 Gbps Uses a point-to-multipoint topology to provide wireless broadband access. Section 4.2.4.2
Wireless Media 802.11 Wi-Fi Standards Maximum Speed Frequency Backwards compatible 802.11a 54 Mbps 5 GHz No 802.11b 11 Mbps 2.4 GHz 802.11g 802.11n 600 Mbps 2.4 GHz or 5 GHz 802.11b/g 802.11ac 1.3 Gbps (1300 Mbps) 2.4 GHz and 5.5 GHz 802.11b/g/n 802.11ad 7 Gbps (7000 Mbps) 2.4 GHz, 5 GHz and 60 GHz 802.11b/g/n/ac Section 4.2.4.4
The Data Link Layer Section 4.1.2.1 The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.
Purpose of the Data Link Layer The Data Link Layer Section 4.3.1.1 The data link layer is responsible for the exchange of frames between nodes over a physical network media.
Purpose of the Data Link Layer Data Link Sublayers Network Data Link LLC Sublayer MAC Sublayer Physical Purpose of the Data Link Layer Data Link Sublayers Ethernet 802.3 802.11 Wi-Fi Bluetooth 802.15 Data Link layer has two sublayers (sometimes): Logical Link Control (LLC) – Software processes that provide services to the Network layer protocols. Frame information that identifies the Network layer protocol. Multiple Layer 3 protocols, (ICMP, IPv4 and IPv6) can use the same network interface and media. Media Access Control (MAC) - Media access processes performed by the hardware. Provides Data Link layer addressing and framing of the data according to the protocol in use. Section 4.3.1.2
Purpose of the Data Link Layer Providing Access to Media At each hop along the path, a router: Accepts a frame from a medium De-encapsulates the frame Re-encapsulates the packet into a new frame Forwards the new frame appropriate to the medium of that segment of the physical network Section 4.3.1.4
Data Link Layer Layer 2 Frame Structure Section 4.3.2.1 The data link layer prepares a packet for transport across the local media by encapsulating it with a header and a trailer to create a frame.
Topologies Controlling Access to the Media Section 4.4.1.1
Media Access Control Media Access Control - Regulates the placement of data frames onto the media. The method of media access control used depends on: Media sharing Do more than two nodes share the media? If so, how? (Switches, hubs, etc.)
Serial vs multi-access Point-to-Point Point-to-Point networks Only two nodes /30 subnets are common (later) Protocols: PPP, HDLC, Frame Relay Multi-access networks (LANs) Multiple nodes Subnets mask range depends upon the number of hosts (nodes) Protocols: Ethernet, 802.11 (wireless), Frame Relay Multipoint
Topologies Physical and Logical Topologies Section 4.4.1.2
Physical Topology Layer 2 Switch The physical topology is an arrangement of the nodes and the physical connections between them. Multilayer Switch Serial Connections
Logical Topology A logical topology - The way a network transfers frames from one node to the next. Defined by Data Link layer protocols. Media Access Control used. Type of network framing
Point-to-Point topology 11111111 A point-to-point topology connects two nodes directly together. The media access control protocol can be very simple. Frames from one devices are for the device at the other end. Point-to-point topologies, with just two interconnected nodes, do not require special addressing.
Logical Point-to-Point Networks Point-to-point networks may include intermediate devices. No affect on logical topology. The logical connection (in some cases) may be a virtual circuit. A virtual circuit is a logical connection created within a network between two network devices. The two nodes exchange the frames with each other. Data Link Destination address is the device at the other end of the virtual circuit.
Multi-access Topology A logical multi-access topology - Enables a number of nodes to communicate by using the same shared media. “Data from only one node can be placed on the medium at any one time.” (This is only true when using CSMA/CD (hubs), NOT true with switches. Wireless uses CSMA/CA) Every node “may” see all the frames that are on the medium. Data Link Destination Address denote which device the frame is for.
Multi-access Addressing 2222 4444 6666 3333 5555 6666 2222 Multi-access networks require an address to specifically identify the destination.
LAN Topologies Logical Topology for Shared Media Section 4.4.3.2
LAN Topologies Contention-Based Access Characteristics Contention-Based Technologies Stations can transmit at any time Collision exist There are mechanisms to resolve contention for the media CSMA/CD for 802.3 Ethernet networks CSMA/CA for 802.11 wireless networks Section 4.4.3.3
Media Access Control The media access control methods used by logical multi-access topologies are typically: CSMA/CD - Hubs CSMA/CA - Wireless Token passing – Token Ring Later
WAN Topologies Half and Full Duplex Section 4.4.2.4
Duplex Transmissions Simplex Transmission: One way and one way only. One way street Half-duplex Transmission: Either way, but only one way at a time. Two way street, but only one way at a time (land slide). Ethernet hubs use half-duplex Full-duplex Transmission: Both ways at the same time. Two way street Ethernet switches use full-duplex Most serial links are full-duplex
Data Link Frame Fields Data Link frame header fields may include: Start Frame field - Indicates the beginning of the frame Source and Destination address fields - Indicates the source and destination nodes on the media Priority/Quality of Service field - Indicates a particular type of communication service for processing Type field - Indicates the upper layer service contained in the frame Logical connection control field - Used to establish a logical connection between nodes Physical link control field - Used to establish the media link Flow control field - Used to start and stop traffic over the media Congestion control field - Indicates congestion in the media
Framing- The Trailer The signals on the media could be subject to: Interference Distortion Loss This would change the bit values that those signals represent. The trailer is used to determine if the frame arrived without error. Error detection. The Frame Check Sequence (FCS) field is used to determine if errors occurred in the transmission and reception of the frame.
Cyclic Redundancy Check Cyclic redundancy check (CRC) is commonly used. Sending node includes a logical summary of the bits in the frame. Receiving node calculates its own logical summary, or CRC. Compares the two CRC values. Equal – Accepts the frame Different – Discards the frame
Ethernet Protocol for LANs Ethernet is a family of networking technologies that are defined in the IEEE 802.2 and 802.3 standards. Uses 48 bit addressing (Ethernet MAC addresses) for Source and Destination More next week!
Point-to-Point Protocol for WANs Point-to-Point Protocol (PPP) is a protocol used to deliver frames between two nodes. PPP can be used on various physical media, including: Twisted pair Fiber optic lines Satellite transmission
Wireless Protocol for LANs 802.11 is an extension of the IEEE 802 standards. It uses the same 48-bit addressing scheme as other 802 LANs. Contention-based system using a Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA)
Secure Remote Access Switched Networks Cisco Networking Academy program Switched Networks Chapter 2: Basic Switching Concepts and Configuration
Wireshark Telnet Capture
Plaintext Username and Password Captured
Wireshark SSH Capture
Username and Password Encrypted
Secure Remote Access Using SSH Secure Shell (SSH) is a protocol that provides a secure (encrypted) command-line based connection to a remote device. SSH is commonly used in UNIX/Linux-based systems. The IOS software also supports SSH. Because of its strong encryption features, SSH should replace Telnet for management connections. Note: By default, SSH uses TCP port 22 and Telnet uses TCP port 23. 2.2.1.1 SSH Operation
Secure Remote Access Using SSH S1# show version Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE, RELEASE SOFTWARE (fc1) <output omitted> Not all IOS support SSH. A version of the IOS software, including cryptographic (encrypted) features and capabilities, is required to enable SSH on Catalyst 2960 switches. Use the show version command to verify the IOS version. “K9” indicates that the version supports SSH. Verify SSH support using the show ip ssh command The command is unrecognized if SSH is not supported. 2.2.1.1 SSH Operation
Steps to Configuring SSH A switch must be minimally configured with a unique hostname and the correct network connectivity settings. Verify SSH support using the show ip ssh command The command is unrecognized if SSH is not supported. Configure the IP domain using the ip domain-name domain-name global config command. (The domain name and hostname) are the parameters used in order to name the key. Other ways to do it.) Generate RSA key pairs using the crypto key generate rsa global configuration mode command. Cisco recommends a minimum modulus size of 1,024 bits. A longer modulus length is more secure, but it takes longer to generate and to use. Generating an RSA key pair automatically enables SSH.
Steps to Configuring SSH Configure user authentication using the username and global configuration mode command. Configure the vty lines. Use the line vty global configuration mode command Enable local login using the login local line configuration mode command to require local authentication for SSH connections from the local username database. Enable the SSH using the transport input ssh line configuration mode command. Enable SSH version 2. SSH version 1 has known security flaws. Use the ip ssh version 2 global configuration mode command.
Configuring SSH S1(config)# ip domain-name cisco.com S1(config)# crypto key generate rsa The name for the keys will be: S1.cisco.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] *Mar 1 2:59:12.78: %SSH-5-ENABLED: SSH 1.99 has been enabled S1(config)# username admin secret class S1(config)# line vty 0 15 S1(config-line)# transport input ssh S1(config-line)# login local S1(config-line)# exit S1(config)# ip ssh version 2 S1(config)# Configure the IP domain using the ip domain-name domain-name global config command. (The domain name and hostname are the parameters used in order to name the key. Other ways to do it.)
Configuring SSH S1(config)# ip domain-name cisco.com S1(config)# crypto key generate rsa The name for the keys will be: S1.cisco.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] *Mar 1 2:59:12.78: %SSH-5-ENABLED: SSH 1.99 has been enabled S1(config)# username admin secret class S1(config)# line vty 0 15 S1(config-line)# transport input ssh S1(config-line)# login local S1(config-line)# exit S1(config)# ip ssh version 2 S1(config)# 2. Generate RSA key pairs using the crypto key generate rsa global configuration mode command. Cisco recommends a minimum modulus size of 1,024 bits. A longer modulus length is more secure, but it takes longer to generate and to use. Generating an RSA key pair automatically enables SSH.
Configuring SSH S1(config)# ip domain-name cisco.com S1(config)# crypto key generate rsa The name for the keys will be: S1.cisco.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] *Mar 1 2:59:12.78: %SSH-5-ENABLED: SSH 1.99 has been enabled S1(config)# username admin secret class S1(config)# line vty 0 15 S1(config-line)# transport input ssh S1(config-line)# login local S1(config-line)# exit S1(config)# ip ssh version 2 S1(config)# 3. Configure user authentication using the username in global configuration mode command.
Configuring SSH Configure the vty lines. S1(config)# ip domain-name cisco.com S1(config)# crypto key generate rsa The name for the keys will be: S1.cisco.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] *Mar 1 2:59:12.78: %SSH-5-ENABLED: SSH 1.99 has been enabled S1(config)# username admin secret class S1(config)# line vty 0 15 S1(config-line)# transport input ssh S1(config-line)# login local S1(config-line)# exit S1(config)# ip ssh version 2 S1(config)# Configure the vty lines. Enable local login using the login local line configuration mode command to require local authentication for SSH connections from the local username database. Enable the SSH using the transport input ssh line configuration mode command.
Verifying SSH Operation 2.2.1.1 SSH Operation (cont.)
2.2.1.1 SSH Operation (cont.)
2.2.1.1 SSH Operation (cont.)
CIS 81 Fundamentals of Networking Chapter 4: Network Access Rick Graziani Cabrillo College graziani@cabrillo.edu