1. CIS 81 Fundamentals of Networking Chapter 4: Network Access
Rick Graziani
Cabrillo College
Fall 2015

2. Chapter 4 4.1 Physical Layer Protocols 4.2 Network Media
4.3 Data Link Layer Protocols
4.4 Media Access Control
4.5 Summary
Chapter 4 Sections

3. Comparing the two models
At the network access layer, the TCP/IP protocol suite does not specify which protocols to use when transmitting over a physical medium.
Only describes the handoff from the internet layer to the physical network protocols.
OSI Layers 1 and 2 discuss the necessary procedures to access the media and the physical means to send data over a network.

4. Focus on Data Link LayerIP IP
Data Link Layer: Post-It Label on IP “box” (demo)
Physical Layer: Roll or toss tennis balls (demo)

5. Reminder of encapsulation/decapsulation
Data Link Header
IP Header
TCP Header
HTTP Header
Data Link Trailer
Data
Data Link Header
Data Link Header
Data Link Trailer
Data Link Trailer
IP Packet
IP Packet
Data Link Header
Data Link Header
Data Link Trailer
Data Link Trailer
IP Packet
IP Packet
Data Link Header
Data Link Header
Data Link Trailer
Data Link Trailer
IP Packet
IP Packet
Data Link Header
IP Header
TCP Header
HTTP Header
Data Link Trailer
Data

6. Getting it Connected Connecting to the Network
Section
A physical connection can be a wired connection using a cable or a wireless connection using radio waves.

7. Getting it Connected Connecting to the Network
Section
Switches and wireless access points are often two separate dedicated devices, connected to a router.
Many homes use integrated service routers (ISRs),

8. Getting it Connected Network Interface Cards
Section
Network Interface Cards (NICs) connect a device to the network.
Ethernet NICs are used for a wired connection whereas WLAN (Wireless Local Area Network) NICs are used for wireless.

9. Getting it Connected Network Interface Cards
Connecting to the Wireless LAN with a Range Extender
Section
Wireless devices must share access to the airwaves connecting to the wireless access point.
Slower network performance may occur
A wired device does not need to share its access
Each wired device has a separate communications channel over its own Ethernet cable.

10. The Physical Layer
Section
The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.

11. Purpose of the Physical Layer Physical Layer Media
Section
The physical layer produces the representation and groupings of bits for each type of media as:
Copper cable: The signals are patterns of electrical pulses.
Fiber-optic cable: The signals are patterns of light.
Wireless: The signals are patterns of microwave transmissions.

12. Purpose of the Physical Layer Physical Layer Standards
Section
Upper OSI layers are performed in software designed by software engineers and computer scientists.
TCP/IP suite are defined by the Internet Engineering Task Force (IETF) in RFCs

13. Purpose of the Physical Layer Physical Layer Standards
Standard organization
Networking Standards
ISO
ISO 8877: Officially adopted the RJ connectors (e.g., RJ-11, RJ-45)
ISO 11801: Network cabling standard similar to EIA/TIA 568.
EIA/TIA
TIA-568-C: Telecommunications cabling standards, used by nearly all voice, video and data networks.
TIA-569-B: Commercial Building Standards for Telecommunications Pathways and Spaces
TIA-598-C: Fiber optic color coding
TIA-942: Telecommunications Infrastructure Standard for Data Centers
ANSI
568-C: RJ-45 pinouts. Co-developed with EIA/TIA
ITU-T
G.992: ADSL
IEEE
802.3: Ethernet
802.11: Wireless LAN (WLAN) & Mesh (Wi-Fi certification)
802.15: Bluetooth
Section
Who maintaining physical layer standards?
Different international and national organizations, regulatory government organizations, and private companies

14. Fundamental Principles of Layer 1 Physical Layer Fundamental Principles
Media
Physical Components
Frame Encoding Technique
Signalling Method
Copper cable
UTP
Coaxial
Connectors
NICs
Ports
Interfaces
Manchester Encoding
Non-Return to Zero (NRZ) techniques
4B/5B codes are used with Multi-Level Transition Level 3 (MLT-3) signaling
8B/10B
PAM5
Changes in the electromagnetic field
Intensity of the electromagnetic field
Phase of the electromagnetic wave
Fiber Optic cable
Single-mode Fiber
Multimode Fiber
Lasers and LEDs
Photoreceptors
Pulses of light
Wavelength multiplexing using different colors
A pulse equals 1.
No pulse is 0.
Wireless media
Access Points
Radio
Antennae
DSSS (direct-sequence spread-spectrum)
OFDM (orthogonal frequency division multiplexing)
Radio waves
Section

15. Fundamental Principles of Layer 1 Physical Layer Fundamental Principles
Section
Encoding or line encoding - Method of converting a stream of data bits into a predefined "codes”.
Signaling - The physical layer must generate the electrical, optical, or wireless signals that represent the "1" and "0" on the media.

16. Fundamental Principles of Layer 1 Encoding and Signaling
Section

17. Fundamental Principles of Layer 1 Bandwidth
Bandwidth is the capacity of a medium to carry data.
Typically measured in kilobits per second (kb/s) or megabits per second (Mb/s).
Section

18. Fundamental Principles of Layer 1 Throughput
Section
Throughput is the measure of the transfer of bits across the media over a given period of time.
Due to a number of factors, throughput usually does not match the specified bandwidth in physical layer implementations.

19. Fundamental Principles of Layer 1 Types of Physical Media
Section
Different types of interfaces and ports available on a 1941 router

20. Network Media Copper Cabling
Section 4.2.1

21. Copper Cabling Characteristics of Copper Media2 1 4 3
Section
Signal attenuation - the longer the signal travels, the more it deteriorates - susceptible to interference
Crosstalk - a disturbance caused by the electric or magnetic fields of a signal on one wire to the signal in an adjacent wire.

22. Copper Cabling Copper Media
Section
Counter the negative effects of different types of interference some cables are wrapped in metallic shielding
Counter the negative effects of crosstalk, some cables have opposing circuit wire pairs twisted together which effectively cancels the crosstalk.

23. Copper Cabling Unshielded Twisted-Pair (UTP) Cable
Section
Read this section… good stuff!

24. Copper Cabling Shielded Twisted-Pair (STP) Cable
Braided or Foil Shield
Foil Shields
Section

25. Copper Cabling Coaxial Cable
Section

26. Copper Cabling Cooper Media Safety
Section

27. UTP Cabling Properties of UTP Cabling
Section
Read this section… more good stuff!

28. UTP Cabling UTP Cabling Standards
Section

29. UTP Cabling UTP Connectors
Section

30. UTP Cabling Types of UTP Cable
Section

31. UTP Cabling Testing UTP Cables
Section

32. Fiber Optic Cabling Properties of Fiber Optic Cabling
Section

33. Fiber Optic Cabling Properties of Fiber Optic Cabling
Section

34. Fiber Optic Cabling Fiber Media Cable Design
Section
Please read this section…. More good stuff!

35. Fiber Optic Cabling Types of Fiber Media
Section

36. Fiber Optic Cabling Network Fiber Connectors
Section

37. Fiber Optic Cabling Testing Fiber Cables
Section

38. Fiber Optic Cabling Fiber versus Copper
Implementation issues
Copper media
Fibre-optic
Bandwidth supported
10 Mbps – 10 Gbps
10 Mbps – 100 Gbps
Distance
Relatively short
(1 – 100 meters)
Relatively High
(1 – 100,000 meters)
Immunity to EMI and RFI
Low
High
(Completely immune)
Immunity to electrical hazards
Media and connector costs
Lowest
Highest
Installation skills required
Safety precautions
Section

39. Wireless Media Properties of Wireless Media
Section

40. Wireless Media Types of Wireless Media
IEEE standards
Commonly referred to as Wi-Fi.
Uses CSMA/CA
Variations include:
802.11a: 54 Mbps, 5 GHz
802.11b: 11 Mbps, 2.4 GHz
802.11g: 54 Mbps, 2.4 GHz
802.11n: 600 Mbps, 2.4 and 5 GHz
802.11ac: 1 Gbps, 5 GHz
802.11ad: 7 Gbps, 2.4 GHz, 5 GHz, and 60 GHz
IEEE standard
Supports speeds up to 3 Mbps
Provides device pairing over distances from 1 to 100 meters.
IEEE standard
Provides speeds up to 1 Gbps
Uses a point-to-multipoint topology to provide wireless broadband access.
Section

41. Wireless Media 802.11 Wi-Fi Standards
Maximum Speed
Frequency
Backwards compatible
802.11a
54 Mbps
5 GHz No
802.11b
11 Mbps
2.4 GHz
802.11g
802.11n
600 Mbps
2.4 GHz or 5 GHz
802.11b/g
802.11ac
1.3 Gbps
(1300 Mbps)
2.4 GHz and 5.5 GHz
802.11b/g/n
802.11ad
7 Gbps
(7000 Mbps)
2.4 GHz, 5 GHz and 60 GHz
802.11b/g/n/ac
Section

42. The Data Link Layer
Section
The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.

43. Purpose of the Data Link Layer The Data Link Layer
Section
The data link layer is responsible for the exchange of frames between nodes over a physical network media.

44. Purpose of the Data Link Layer Data Link Sublayers
Network
Data Link
LLC Sublayer
MAC Sublayer
Physical
Purpose of the Data Link Layer Data Link Sublayers
Ethernet
802.3
802.11
Wi-Fi
Bluetooth
802.15
Data Link layer has two sublayers (sometimes):
Logical Link Control (LLC) – Software processes that provide services to the Network layer protocols.
Frame information that identifies the Network layer protocol.
Multiple Layer 3 protocols, (ICMP, IPv4 and IPv6) can use the same network interface and media.
Media Access Control (MAC) - Media access processes performed by the hardware.
Provides Data Link layer addressing and framing of the data according to the protocol in use.
Section

45. Purpose of the Data Link Layer Providing Access to Media
At each hop along the path, a router:
Accepts a frame from a medium
De-encapsulates the frame
Re-encapsulates the packet into a new frame
Forwards the new frame appropriate to the medium of that segment of the physical network
Section

46. Data Link Layer Layer 2 Frame Structure
Section
The data link layer prepares a packet for transport across the local media by encapsulating it with a header and a trailer to create a frame.

47. Topologies Controlling Access to the Media
Section

48. Media Access Control
Media Access Control - Regulates the placement of data frames onto the media.
The method of media access control used depends on:
Media sharing
Do more than two nodes share the media?
If so, how? (Switches, hubs, etc.)

49. Serial vs multi-access
Point-to-Point
Point-to-Point networks
Only two nodes
/30 subnets are common (later)
Protocols: PPP, HDLC, Frame Relay
Multi-access networks (LANs)
Multiple nodes
Subnets mask range depends upon the number of hosts (nodes)
Protocols: Ethernet, (wireless), Frame Relay Multipoint

50. Topologies Physical and Logical Topologies
Section

51. Physical Topology
Layer 2 Switch
The physical topology is an arrangement of the nodes and the physical connections between them.
Multilayer Switch
Serial Connections

52. Logical Topology
A logical topology - The way a network transfers frames from one node to the next.
Defined by Data Link layer protocols.
Media Access Control used.
Type of network framing

53. Point-to-Point topology
A point-to-point topology connects two nodes directly together.
The media access control protocol can be very simple.
Frames from one devices are for the device at the other end.
Point-to-point topologies, with just two interconnected nodes, do not require special addressing.

54. Logical Point-to-Point Networks
Point-to-point networks may include intermediate devices.
No affect on logical topology.
The logical connection (in some cases) may be a virtual circuit.
A virtual circuit is a logical connection created within a network between two network devices.
The two nodes exchange the frames with each other.
Data Link Destination address is the device at the other end of the virtual circuit.

55. Multi-access Topology
A logical multi-access topology - Enables a number of nodes to communicate by using the same shared media.
“Data from only one node can be placed on the medium at any one time.”
(This is only true when using CSMA/CD (hubs), NOT true with switches. Wireless uses CSMA/CA)
Every node “may” see all the frames that are on the medium.
Data Link Destination Address denote which device the frame is for.

56. Multi-access Addressing
2222
4444
6666
3333
5555
6666
2222
Multi-access networks require an address to specifically identify the destination.

57. LAN Topologies Logical Topology for Shared Media
Section

58. LAN Topologies Contention-Based Access
Characteristics
Contention-Based Technologies
Stations can transmit at any time
Collision exist
There are mechanisms to resolve contention for the media
CSMA/CD for Ethernet networks
CSMA/CA for wireless networks
Section

59. Media Access Control
The media access control methods used by logical multi-access topologies are typically:
CSMA/CD - Hubs
CSMA/CA - Wireless
Token passing – Token Ring
Later

60. WAN Topologies Half and Full Duplex
Section

61. Duplex Transmissions Simplex Transmission: One way and one way only.
One way street
Half-duplex Transmission: Either way, but only one way at a time.
Two way street, but only one way at a time (land slide).
Ethernet hubs use half-duplex
Full-duplex Transmission: Both ways at the same time.
Two way street
Ethernet switches use full-duplex
Most serial links are full-duplex

62. Data Link Frame Fields Data Link frame header fields may include:
Start Frame field - Indicates the beginning of the frame
Source and Destination address fields - Indicates the source and destination nodes on the media
Priority/Quality of Service field - Indicates a particular type of communication service for processing
Type field - Indicates the upper layer service contained in the frame
Logical connection control field - Used to establish a logical connection between nodes
Physical link control field - Used to establish the media link
Flow control field - Used to start and stop traffic over the media
Congestion control field - Indicates congestion in the media

63. Framing- The Trailer The signals on the media could be subject to:
Interference
Distortion
Loss
This would change the bit values that those signals represent.
The trailer is used to determine if the frame arrived without error.
Error detection.
The Frame Check Sequence (FCS) field is used to determine if errors occurred in the transmission and reception of the frame.

64. Cyclic Redundancy Check
Cyclic redundancy check (CRC) is commonly used.
Sending node includes a logical summary of the bits in the frame.
Receiving node calculates its own logical summary, or CRC.
Compares the two CRC values.
Equal – Accepts the frame
Different – Discards the frame

65. Ethernet Protocol for LANs
Ethernet is a family of networking technologies that are defined in the IEEE and standards.
Uses 48 bit addressing (Ethernet MAC addresses) for Source and Destination
More next week!

66. Point-to-Point Protocol for WANs
Point-to-Point Protocol (PPP) is a protocol used to deliver frames between two nodes.
PPP can be used on various physical media, including:
Twisted pair
Fiber optic lines
Satellite transmission

67. Wireless Protocol for LANs
is an extension of the IEEE 802 standards.
It uses the same 48-bit addressing scheme as other 802 LANs.
Contention-based system using a Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA)

68. Secure Remote Access Switched Networks
Cisco Networking Academy program
Switched Networks
Chapter 2: Basic Switching Concepts and Configuration

69. Wireshark Telnet Capture

70. Plaintext Username and Password Captured

71. Wireshark SSH Capture

72. Username and Password Encrypted

73. Secure Remote Access Using SSH
Secure Shell (SSH) is a protocol that provides a secure (encrypted) command-line based connection to a remote device.
SSH is commonly used in UNIX/Linux-based systems.
The IOS software also supports SSH.
Because of its strong encryption features, SSH should replace Telnet for management connections.
Note:
By default, SSH uses TCP port 22 and Telnet uses TCP port 23.
SSH Operation

74. Secure Remote Access Using SSH
S1# show version Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE, RELEASE SOFTWARE (fc1)
<output omitted>
Not all IOS support SSH.
A version of the IOS software, including cryptographic (encrypted) features and capabilities, is required to enable SSH on Catalyst 2960 switches.
Use the show version command to verify the IOS version.
“K9” indicates that the version supports SSH.
Verify SSH support using the show ip ssh command
The command is unrecognized if SSH is not supported.
SSH Operation

75. Steps to Configuring SSH
A switch must be minimally configured with a unique hostname and the correct network connectivity settings.
Verify SSH support using the show ip ssh command
The command is unrecognized if SSH is not supported.
Configure the IP domain using the ip domain-name domain-name global config command. (The domain name and hostname) are the parameters used in order to name the key. Other ways to do it.)
Generate RSA key pairs using the crypto key generate rsa global configuration mode command.
Cisco recommends a minimum modulus size of 1,024 bits.
A longer modulus length is more secure, but it takes longer to generate and to use.
Generating an RSA key pair automatically enables SSH.

76. Steps to Configuring SSH
Configure user authentication using the username and global configuration mode command.
Configure the vty lines.
Use the line vty global configuration mode command
Enable local login using the login local line configuration mode command to require local authentication for SSH connections from the local username database.
Enable the SSH using the transport input ssh line configuration mode command.
Enable SSH version 2.
SSH version 1 has known security flaws.
Use the ip ssh version 2 global configuration mode command.

77. Configuring SSH
S1(config)# ip domain-name cisco.com
S1(config)# crypto key generate rsa
The name for the keys will be: S1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
*Mar 1 2:59:12.78: %SSH-5-ENABLED: SSH 1.99 has been enabled
S1(config)# username admin secret class
S1(config)# line vty 0 15
S1(config-line)# transport input ssh
S1(config-line)# login local
S1(config-line)# exit
S1(config)# ip ssh version 2
S1(config)#
Configure the IP domain using the ip domain-name domain-name global config command. (The domain name and hostname are the parameters used in order to name the key. Other ways to do it.)

78. Configuring SSH
S1(config)# ip domain-name cisco.com
S1(config)# crypto key generate rsa
The name for the keys will be: S1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
*Mar 1 2:59:12.78: %SSH-5-ENABLED: SSH 1.99 has been enabled
S1(config)# username admin secret class
S1(config)# line vty 0 15
S1(config-line)# transport input ssh
S1(config-line)# login local
S1(config-line)# exit
S1(config)# ip ssh version 2
S1(config)#
2. Generate RSA key pairs using the crypto key generate rsa global configuration mode command.
Cisco recommends a minimum modulus size of 1,024 bits.
A longer modulus length is more secure, but it takes longer to generate and to use.
Generating an RSA key pair automatically enables SSH.

79. Configuring SSH
S1(config)# ip domain-name cisco.com
S1(config)# crypto key generate rsa
The name for the keys will be: S1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
*Mar 1 2:59:12.78: %SSH-5-ENABLED: SSH 1.99 has been enabled
S1(config)# username admin secret class
S1(config)# line vty 0 15
S1(config-line)# transport input ssh
S1(config-line)# login local
S1(config-line)# exit
S1(config)# ip ssh version 2
S1(config)#
3. Configure user authentication using the username in global configuration mode command.

80. Configuring SSH Configure the vty lines.
S1(config)# ip domain-name cisco.com
S1(config)# crypto key generate rsa
The name for the keys will be: S1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
*Mar 1 2:59:12.78: %SSH-5-ENABLED: SSH 1.99 has been enabled
S1(config)# username admin secret class
S1(config)# line vty 0 15
S1(config-line)# transport input ssh
S1(config-line)# login local
S1(config-line)# exit
S1(config)# ip ssh version 2
S1(config)#
Configure the vty lines.
Enable local login using the login local line configuration mode command to require local authentication for SSH connections from the local username database.
Enable the SSH using the transport input ssh line configuration mode command.

81. Verifying SSH Operation
SSH Operation (cont.)

82. SSH Operation (cont.)

83. SSH Operation (cont.)

84. CIS 81 Fundamentals of Networking Chapter 4: Network Access
Rick Graziani
Cabrillo College