Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide E-Book

Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide

Begin a successful career in networking with 200-301 CCNA certification

Glen D. Singh

BIRMINGHAM—MUMBAI

Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide

Copyright © 2020 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin Boricha

Senior Editor: Rahul Dsouza

Content Development Editors: Ronn Kurien and Nihar Kapadia

Technical Editor: Sarvesh Jaywant

Copy Editor: Safis Editing

Project Coordinator: Neil Dmello

Proofreader: Safis Editing

Indexer: Rekha Nair

Production Designer: Jyoti Chauhan

First published: November 2020

Production reference: 1151020

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80020-809-4

www.packt.com

Packt.com

Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Contributors

About the author

Glen D. Singh is a cybersecurity and networking instructor, InfoSec author, and consultant. His areas of expertise are penetration testing, digital forensics, network security, and enterprise networking. He has many certifications, including CEH, CHFI, and 3xCCNA (cyber ops, security, and routing and switching). He loves teaching and mentoring others, and sharing his wealth of knowledge and experience as an author. He has written books on Kali Linux, Kali NetHunter, and CCNA Security.

Glen has trained many professionals in various sectors ranging from ISPs to government agencies in the field of cybersecurity. As an aspiring game-changer, Glen is passionate about increasing cybersecurity awareness in his homeland, Trinidad and Tobago.

I would like to thank Rahul Nair, Suzanne Coutinho, Ronn Kurien, and the wonderful team at Packt Publishing, who have provided amazing support and guidance throughout this journey. To the technical reviewers, Aaron Caesar and Jessie James Araneta, thank you for your outstanding contribution to making this an amazing book.

About the reviewers

Aaron Caesar holds a BSc. in Computing and Information Systems and other professional certifications in networking and security. His career in technology spans 16 years, including technical support and teaching at various private and public sector agencies. Currently, he is employed at a multinational ISP, providing specialist support to a wide cross-section of the company's corporate customers. Aaron has a passion for learning about information and communication technologies that he continues to pursue daily.

Above all, however, he is a father, husband, son, brother, and friend.

I would like to thank my beautiful wife, Abbigail, for all the support she has provided to me during this process; and all the people who believed in me and my growth. I would also express my gratitude to the author and the team at Packt for giving me this great opportunity to contribute to this excellent book.

Jessie James is a licensed electronics engineer and a Cisco Certified Network Associate. His experience and specialization is mobile and fixed network operation for telecommunications. During the development of this book, he has been working for Etisalat UAE as Operations Field Support – Fixed Network.

I'd like to thank God first, for His almighty guidance on whatever decisions I made. I'd also like to thank Packt Publishing for the opportunity to review this wonderful book. To my parents, siblings, relatives, friends, and mentors (you know who you are), thank you for guiding and supporting me. Lastly, I'd like to thank Bonie for the love and support while reviewing this book.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Preface

Section 1: Network Fundamentals

Chapter 1: Introduction to Networking

Understanding the evolution of networking and the internet  20

Understanding network sizes – SOHO, LAN, and WAN   22

Learning about network protocol suites  25

OSI reference model  25

Understanding the TCP/IP protocol suite  41

Understanding the functions of network devices  42

Hubs  42

Layer 2 switches  45

Layer 3 switches  50

Routers  50

Next-generation firewalls and IPS  51

Access Points  55

Cisco Wireless LAN Controller (WLC)  56

Endpoints and servers  57

Cisco DNA  58

Network topology architectures  58

2 Tier  60

3 Tier   63

Summary  65

Further reading  68

Chapter 2: Getting Started with Cisco IOS Devices

Technical requirements  70

Building a Cisco lab environment  71

Cisco Packet Tracer  71

Virtual CCNA Lab  77

Physical labs  89

Getting started with Cisco IOS devices  90

Boot process  90

Accessing a Cisco IOS device  92

Configuring the Cisco IOS  96

Setting up a small Cisco network  98

Performing troubleshooting procedures  117

Summary  118

Questions  119

Further reading  120

Chapter 3: IP Addressing and Subnetting

Technical requirements  122

The need for IP addressing   122

Characteristics of IPv4  125

Composition of an IPv4 packet  126

Converting binary into decimal  129

Converting decimal into binary   132

Transmission types  137

Classes of IPv4 addresses  140

Public IPv4 address space  141

Private IPv4 address space  142

Special IPv4 addresses  144

Loopback address  145

Test-Net  145

Link Local  145

Subnet mask  146

Network prefix  146

Identifying the Network ID  148

Subnetting  150

Step 1 – Determining the appropriate IP address   152

Step 2 – Creating new subnets (subnetworks)  154

Step 3 – Assigning subnets to each network  157

Step 4 – Performing Variable-Length Subnet Masking (VLSM)  159

IPv6  162

Types of IPv6 addresses  165

Lab – Configuring IPv6 on a Cisco IOS router  168

Lab – Configuring IPv6 on a Windows computer  170

Testing end-to-end connectivity  172

Summary  172

Further reading  173

Chapter 4: Detecting Physical Issues, Wireless Architectures, and Virtualization

Technical requirements  176

Understanding network switch functions  176

Detecting physical issues  178

Wireless technologies  187

2.4 GHz versus 5 GHz  189

Wireless bands  192

SSID, BSSID, and ESS  193

Cisco wireless architectures  195

Autonomous  196

Cloud-based  197

Split-MAC  198

AP modes  199

Wireless components and management  200

Lab – accessing a Cisco WLC GUI  201

Lab – configuring a wireless network using a Cisco WLC  203

Virtualization fundamentals  209

Type 1 hypervisor  210

Type 2 hypervisor  211

Cloud computing  213

Cloud services  215

SaaS   215

PaaS   216

IaaS   216

Cloud delivery models  216

Summary  217

Questions  218

Further reading  221

Section 2: Network Access

Chapter 5: Implementing VLANs, Layer 2 Discovery Protocols, and EtherChannels

Technical requirements  226

Understanding VLANs  226

VLAN ranges  232

Types of VLANs  233

Trunk interfaces  236

Inter-VLAN routing  239

Lab – implementing VLANs  242

Lab – creating trunk interfaces  248

Lab – configuring inter-VLAN routing  252

Layer 2 Discovery Protocols  255

Cisco Discovery Protocol (CDP)  255

Link-Layer Discovery Protocol (LLDP)  257

Understanding and configuring EtherChannels  259

Lab – implementing EtherChannels  263

Summary  265

Questions  266

Further reading  268

Chapter 6: Understanding and Configuring Spanning-Tree

Technical requirements  270

What is Spanning-Tree Protocol?  270

Bridge Protocol Data Unit  273

Root bridge and secondary root bridge  274

Spanning-tree standards  277

Port roles and states  277

Determining the root bridge and port roles  278

PVST+  281

Rapid-PVST+  286

Lab – implementing Rapid-PVST+ on a Cisco network  288

Lab – configuring PortFast and BPDUguard  291

Summary  293

Questions  293

Further reading  295

Section 3: IP Connectivity

Chapter 7: Interpreting Routing Components

Technical requirements  300

Understanding IP routing  300

Components of the routing table  306

Routing protocol codes  306

Prefix and network mask  309

Next hop  310

Administrative Distance  311

Routing metrics  314

Gateway of last resort  317

Summary  318

Questions  318

Further reading  320

Chapter 8: Understanding First Hop Redundancy, Static and Dynamic Routing

Technical requirements  322

Understanding static routing   322

Do we need static routing?  324

Types of static routes  325

Lab – configuring static routing using IPv4  332

Lab – configuring an IPv4 default route  337

Lab – configuring static routing using IPv6  340

Understanding dynamic routing  345

Types of dynamic routing protocols  346

Open Shortest Path First  349

Lab – configuring OSPFv2  363

Validating OSPF configurations  366

Understanding first hop redundancy  370

Various FHRPs  372

Summary  384

Questions  384

Further reading  386

Section 4: IP Services

Chapter 9: Configuring Network Address Translation (NAT)

Technical requirements  390

The challenge of using IPv4 on the internet  390

Understanding NAT  391

Understanding NAT operation and terminology  393

Types of NAT  395

Static NAT  395

Dynamic NAT  397

Configuring PAT  399

Lab – implementing NAT overload (PAT)  403

Lab – implementing static NAT with port forwarding  406

Lab – implementing dynamic NAT  409

Summary  412

Questions  413

Further reading  415

Chapter 10: Implementing Network Services and IP Operations

Technical requirements  418

Understanding NTP  418

Lab – configuring NTP  421

Understanding DHCP  426

DHCP operations  426

Cisco's DHCP configurations   429

DHCP relay  430

Lab – configuring DHCP and DHCP relay  432

Domain Name System  435

DNS root servers  437

DNS record types  438

Lab – configuring DNS  439

Understanding the benefits of using Syslog  442

Syslog severity levels  443

Lab – configuring Syslog  445

Simple Network Management Protocol  448

SNMP versions  451

Management information base  451

Lab – configuring SNMP  453

QoS traffic classification  456

QoS terminologies  458

Traffic type characteristics  459

QoS queuing algorithms  461

QoS policy models  462

QoS implementation methods  464

Summary  466

Questions  467

Further reading  469

Section 5: Security Fundamentals

Chapter 11: Exploring Network Security

Technical requirements  474

Security concepts  474

The CIA triad  475

Threats  478

Vulnerabilities  482

Exploits  495

Attacks  496

Authentication, Authorization, and Accounting  503

Lab – Implementing AAA  506

Elements of a security program  509

Wireshark 101  509

Lab – Analyzing packets  514

Summary  516

Questions  516

Further reading  518

Chapter 12: Configuring Device Access Control and VPNs

Technical requirements  520

Device access control  520

Securing console access  520

Securing an AUX line  525

VTY line access  527

Securing Privilege Exec mode   535

Encrypting all plaintext passwords  539

Virtual Private Networks  540

Site-to-Site VPNs  541

Remote access VPNs  543

IPsec  544

Lab – Configuring a site-to-site VPN  545

Lab – Configuring a remote access VPN  551

Summary  558

Questions  558

Further reading  560

Chapter 13: Implementing Access Control Lists

Technical requirements  562

What are ACLs?  562

Benefits of using ACLs  563

ACL operation  564

ACL wildcard masks  568

Calculating the wildcard mask  569

ACL guidelines and best practices  571

Working with standard ACLs  573

Creating a numbered standard ACL  573

Implementing a named standard ACL  575

Deleting an ACL  576

Lab – implementing a standard numbered ACL  576

Lab – configuring a standard named ACL  580

Lab – securing VTY lines using ACLs  583

Working with extended ACLs  588

Creating a numbered extended ACL  588

Implementing a named extended ACL  589

Lab – implementing extended ACLs  591

Summary  596

Questions  596

Further reading  598

Chapter 14: Implementing Layer 2 and Wireless Security

Technical requirements  600

Types of Layer 2 attacks on a network  600

Network attacks  601

Defense in depth  603

Layer 2 threats  606

Protecting against Layer 2 threats   621

Port security  621

DHCP snooping  634

Dynamic ARP inspection  641

Wireless network security  645

Authentication methods  647

Lab – implementing wireless security using a WLC  649

Summary  655

Questions  656

Further reading  658

Section 6: Automation and Programmability

Chapter 15: Network Automation and Programmability Techniques

Understanding automation   662

Understanding data formats  663

eXtensible Markup Language  665

JavaScript Object Notation  666

YAML Ain't Markup Language  668

Understanding APIs  670

Types of APIs  670

RESTful APIs  671

Understanding network configuration management  676

Fabric, overlay, and underlay  682

Cisco DNA Center  685

Summary  686

Questions  687

Further reading  689

Chapter 16: Mock Exam 1

Chapter 17: Mock Exam 2

Assessments

Other Books You May Enjoy

Preface

Implementing and Administering Cisco Solutions: CCNA 200-301 Exam Guide is an excellent book that focuses on a range of Cisco technologies that will help you gain a firm understanding of networking, IP connectivity, IP services, security, network programmability, and automation.

Throughout this book, you will be exposed to various networking components and discover how they all work together in an enterprise network. You will also learn how to configure Cisco devices using the command-line interface (CLI) to provide network access, services, security, connectivity, and management.

During the course of this book, you will come across different hands-on labs with real-world scenarios that are designed to help you gain essential on-the-job skills and experience. Furthermore, this book will guide you and teach you networking technologies and solutions to implement and administer enterprise networks and infrastructure using Cisco solutions.

By the end of this book, you will have gained the confidence to pass the CCNA 200-301 examination and be well-versed in a variety of network administration and security engineering solutions.

Who this book is for

This guide is targeted at every IT professional looking to boost their network engineering and security administration career. Users interested in certifying in Cisco technologies and starting a career as network security professionals will find this book useful. Readers with no knowledge about Cisco technologies but some understanding of industry-level network fundamentals will have an added advantage.

What this book covers

Chapter 1, Introduction to Networking, introduces various network protocols, devices, and components, and network topology architectures.

Chapter 2, Getting Started with Cisco IOS Devices, introduces Cisco Internetwork Operating System (Cisco IOS). You will learn how to access the device, perform initial configurations, and learn how to verify the device's settings. Additionally, you will learn how to build your personal learning environment to reduce your expenditure in terms of purchasing expensive equipment.

Chapter 3, IP Addressing and Subnetting, covers different classes of IP addresses and their assignments. The second half of the chapter will teach you how to use subnetting to break down a large network into smaller subnetworks.

Chapter 4, Detecting Physical Issues, Wireless Architectures, and Virtualization, covers various Layer 1 issues and takes a deep dive into understanding Cisco Wireless Architectures and deployment models. Additionally, this chapter covers the concept of virtualization and virtual machines.

Chapter 5, Implementing VLANs, Layer 2 Discovery Protocols, and EtherChannels, introduces you to Virtual Local Area Networks (VLANs), configuring and troubleshooting VLANs on a Cisco network, setting up inter-switch connectivity by configuring Trunk links, and configuring inter-VLAN routing to allow multiple VLANs to inter-communicate. Additionally, you will learn how to use various Layer 2 discovery protocols to map devices on a network and use EtherChannels to perform link aggregation.

Chapter 6, Understanding and Configuring Spanning-Tree, covers the importance of designing a proper switch network showing devices should be interconnected to ensure redundancy. Furthermore, the chapter introduces you to a Layer 2 loop prevention mechanism known as the Spanning-Tree Protocol (STP). You will learn about the operations, configurations, and troubleshooting of STP in a Cisco environment.

Chapter 7, Interpreting Routing Components, focuses on the importance of routing and discusses how routers make their forwarding decisions. You will learn all about the components of the routing table and the factors that help a router to choose a preferred path for forwarding packets to their destination.

Chapter 8, Understanding First Hop Redundancy, Static and Dynamic Routing, continues the discussion on routing but takes a more technical approach, such as demonstrating how to implement static and dynamic routing protocols to ensure IP connectivity between multiple networks in a Cisco environment.

Chapter 9, Configuring Network Address Translation (NAT), focuses primarily on Network Address Translation (NAT). The chapter will take you from an introduction to use cases onto the configuration of various types of NAT and troubleshooting techniques.

Chapter 10, Implementing Network Services and IP Operations, introduces you to various network and IP services that are required on almost all enterprise networks and are required knowledge for network engineers. This chapter covers technologies such as NTP, DHCP, DNS, Syslog, and QoS.

Chapter 11, Exploring Network Security, discusses various topics, such as cybersecurity threats and issues many professionals face each day, such as threats, vulnerabilities, exploits, user training, security awareness, and countermeasures.

Chapter 12, Configuring Device Access Control and VPNs, focuses on securing your Cisco switches and routers and configuring secure device access. Additionally, this chapter introduces you to remote access and how to configure Virtual Private Networks (VPNs).

Chapter 13, Implementing Access Control Lists, covers ACLs, which are a mandatory topic for everyone who is starting or is already in the field of networks or security. ACLs are Layer 3 security controls. When implemented on a route, they create a firewall-centric device to filter unwanted traffic.

Chapter 14, Implementing Layer 2 and Wireless Security, introduces you to various Layer 2 attacks on an enterprise network and explains how to implement countermeasures to create a secure network environment.

Chapter 15, Network Automation and Programmability Techniques, broaches the fact that the world of networking is moving toward automation and network engineers will now need to learn how automation can improve efficiency in network deployment and management. This chapter introduces you to network automation techniques and programmability.

Chapter 16, Mock Exam 1, includes a simple mock test containing questions that will help you to prepare for the Cisco CCNA 200-301 examination and will help you identify any topics you need to spend additional time learning about and practicing.

Chapter 17, Mock Exam 2, includes another mock test containing questions that will help you to prepare for the Cisco CCNA 200-301 examination and will help you identify any topics you need to spend additional time learning about and practicing.

To get the most out of this book

All configurations were done using a Windows 10 operating system running Cisco Packet Tracer version 7.3.0.

If you are using the digital version of this book, we advise you to type the code yourself or access the code via the GitHub repository (link available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

After completing this book, using your imagination, attempt to create additional lab scenarios using Cisco Packet Tracer. This will help you to continue learning and further develop your skills as an aspiring network engineer.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Implementing-and-Administering-Cisco-Solutions. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Code in Action

Code in Action videos for this book can be viewed at https://bit.ly/30fYz6L.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781800208094_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "If you use the show flash: command in privilege mode on a Cisco IOS switch, you will see the vlan.dat file."

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

Branch-B(config)#ip route 10.1.1.0 255.255.255.0 10.2.1.5

Branch-B(config)#ip route 172.16.1.0 255.255.255.0 10.2.1.10

Branch-B(config)#ip route 192.168.1.0 255.255.255.0 10.2.1.20

Any command-line input or output is written as follows:

SW1(config)#interface FastEthernet 0/1

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan vlan-ID

SW1(config-if)#no shutdown

SW1(config-if)#exit

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select System info from the Administration panel."

Tips or important notes

Appear like this.

Disclaimer

The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt Publishing does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorization from the appropriate persons responsible.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Section 1: Network Fundamentals

This section introduces you to the world of networking, starting with how devices intercommunicate. It then discusses the various types of networking devices along with their functionality. This section also covers popular networking protocols and services that allow a network to share a resource with other devices. Additionally, you will learn about IPv4 and IPv6 addressing, and subnetting techniques.

This section contains the following chapters:

Chapter 1: Introduction to Networking

Beginning a journey in the field of networking is an exciting one for everyone. I'm sure you are interested in learning about the operations of a computer and especially how the internet, the largest network, functions and grows. Networking is an ever-demanding field in Information Technology (IT); each day, organizations from healthcare providers, educational institutions, government agencies, and other industries are continuously expanding and improving their network infrastructure to support newer services and network traffic. Almost everyone is connected to the internet. Educators and businesses are using various online collaboration platforms to extend their reach to students and potential customers in a global market. All these amazing technologies are made possible by computer networks.

The Cisco Certified Network Associate (CCNA) 200-301 certification is designed to prepare you for associate-level networking roles in the IT industry. CCNA is one of the most popular certification requirements for almost every network engineering job, and there is a very good reason why. The CCNA certification is a foundational level certification with a lot of essential information; I know part of the name contains the word "associate", but that's just in the Cisco certification hierarchy structure since the next level is Cisco Certified Network Professional and so on. The CCNA is one of the most recommended certifications you can follow to begin your networking journey.

The CCNA will teach you how to design, implement, configure, and troubleshoot small- to medium-sized enterprise networks. You will learn to efficiently implement network access, IP connectivity, IP services, and security through an enterprise network. Additionally, gaining your CCNA certification will open up a whole new world of career opportunities as the certification itself is well-respected in the networking field.

Throughout this chapter, you will learn about the important history of how computer networks were developed and the era before the internet. Then, we will cover the early and current generation of the internet and explore how networking has become part of our daily lives. You will learn about communication technologies and networking protocols that are designed to help us connect with our loved ones, friends, and colleagues. You will also learn about the various sizes of networks and components such as routers and switches, which move messages from one device, across a network, to another person. Lastly, you'll learn about the various protocol suites that are built into each operating system and network device that sets the protocol for exchanging messages.

In this chapter, we will cover the following topics:

Understanding the evolution of networking and the internet

In the pre-internet age, scientists, institutions, and other experts were working to create a network that could allow them to connect computers on a worldwide scale. Computer scientists began working on a model; the initial prototype was known as the Advanced Research Projects Agency Network (ARPANET).

ARPANET was developed in the 1960s. It was funded by the US Department of Defense (DoD) with the idea it would be used to connect universities and research centers. The network technology used on this prototype was packet switching. This allowed connected computers to send and receive data on a single network. However, ARPANET was not resilient enough to allow multiple channels of communication on the network.

The US Defense Advanced Research Projects Agency (DARPA) developed the Transmission Control Protocol/Internet Protocol (TCP/IP) suite, which was adopted by ARPANET in the early 1980s. The US DOD called it the official standard computer networking. With the adoption of TCP/IP, ARPANET began to evolve into much larger networks, allowing other organizations to be interconnected, and became what we commonly refer to as the internet today.

The internet is a worldwide collection of many interconnected networks, such as Wide Area Networks (WANs) and Local Area Networks (LANs). Each organization or person who connects a device to the internet simply extends the network (internet), so the internet is continuously growing as more devices are going online. Later in this chapter, we will take a deeper dive and discuss various types and sizes of network topologies.

The internet itself is not owned by any one person or organization in the world. However, there are many groups and organizations that help maintain the stability and set standards for intercommunicating on the internet and private networks.

As an upcoming network engineer, it's good to know a little about the following organizations and groups:

Now that we have covered the history of the internet, we'll look at how various network sizes differ in the next section.

Understanding network sizes – SOHO, LAN, and WAN

Let's imagine we have a few devices that are all interconnected in a single network, sharing files between themselves without having the user (human) physically walk around with a portable storage device such as a flash drive to copy and paste files. Users access a centralized file server within the company's network from their local computer.

The following diagram shows a small network with both a network-shared printer and file server:

Figure 1.1 – Devices interconnected to create a small LAN

This type of network is commonly referred to as a LAN. A LAN is defined as a small computer network that does not exceed the physical space of a home or a single building. To help you understand this, we're going to use a simple analogy. Let's imagine you work for ACME, a fictional-based organization that has a single branch. Within the branch (that is, the physical building), ACME has a LAN that is used to interconnect all their devices – computers, servers, printers, and so on. This LAN allows employees to sit at their workstations and send documents to print via the network to the local printer and access the file server to store and copy files for their projects. Let's call this office location HQ.

The following diagram shows a typical LAN with interconnected devices within the HQ building:

Figure 1.2 – A building containing a LAN

One day, ACME wants to open a new branch in another city to provide services to new and potential customers; however, there is a challenge. We shall refer to the new branch as BranchA. The new location, BranchA, is many miles away and the staff at BranchA need to access resources such as the application server, Customer Relationship Management (CRM) database, and other important resources that are located at the HQ location. One solution would be to create a clone of the servers from HQ to the new location, BranchA; however, this means each time new records and data is updated at the HQ location, it will take a long time to replicate the data on the servers at BranchA. This may create inconsistency issues when employees try to access the most up-to-date files and records at BranchA.

Important note

In our scenario, BranchA is typically known as a Small Office/Home Office (SOHO). This type of network is generally smaller than the main corporate office of a company, but it enables the users to connect or access the resources that are centrally shared on the corporate network (HQ).

A better approach is to create a WAN. A WAN is used to simply extend a LAN over a large geographic distance. A company such as ACME would definitely benefit from using this technology within their organization. By implementing a WAN between their branches, HQ and BranchA, the servers and main resources can simply stay at HQ while employees are still able to access the resources, files, and records across the network at their BranchA location.

The following diagram shows a depiction of a WAN connection between the HQ location and the new branch office:

Figure 1.3 – A WAN connection between two buildings

In modern times, WANs are managed by service providers (SP) and Internet Service Providers (ISPs). WANs can extend your LAN beyond cities, countries, and even continents. ISPs offer a range of WAN services to their customers, such as the following:

As a simple example, MetroE enables customers of a service provider to establish a WAN between branches, functioning like a very huge LAN within the service provider network. This means a company can interconnect multiple branches using a MetroE service within the service provider network. On the customer's end, the network functions as if it were on a large LAN.

Another type of WAN service is MPLS, which provides us with the functionality to extend an organization's network beyond the local service provider's network. Imagine having a WAN circuit starting from the HQ location and passing through multiple ISP networks until the connection is terminated at a remote branch in another country.

With that, we have covered the fundamentals of SOHOs, LANs, and WANs. In the next section, we will learn about the components that help us build and extend networks.

Learning about network protocol suites

Thanks to various technology companies, we can break down communication barriers between people who speak different native languages. We can simply install an app on our smartphone such as Google Translate and translate a foreign language into our own and vice versa.

For a device to communicate with another on a network, it requires a set of protocols or a protocol suite. A protocol suite is a common format that devices can use by following a set of rules for exchanging messages with other devices on a network. A protocol suite enables devices to speak a common, universal language that allows all networking devices to understand each other.

Years ago, computer manufacturers made their own protocol suites, which, in most instances, allowed only same-vendor devices to communicate and exchange data on a network. Some of these protocol suites were AppleTalk and Novel Netware (IPX/SPX), which were proprietary to the vendor and not suitable for consumers on a large scale.

Then came the Open Systems Interconnection (OSI) reference model and the Transmission Control Protocol/Internet Protocol (TCP/IP) suite. In the following subsections, we will further discuss and compare both the OSI model and TCP/IP protocol suite.

OSI reference model

The OSI reference model is a seven (7) layer model that was developed by the International Organization for Standardization (ISO) in the 1970s. It was intended to be a fully operational protocol suite to allow all devices on a network to intercommunicate using a mutual language. However, it was never actually implemented in any systems.

You may be wondering, if it's not implemented in any operating systems and devices, why is it important we learn about the OSI reference model? Each layer of the OSI model has a unique functionality associated with a computer network. This allows network engineers to better understand what happens on each layer when performing troubleshooting tasks.

During the development of the OSI model, it was noted the model consisted of seven layers. These are as follows:

Why are there so many layers? Each layer of the OSI model has a particular responsibility for ensuring a device is able to successfully exchange messages with other devices on a network. In the following sections, we are going to learn the essentials of each layer and how they help us understand network operations. This enables us to better identify and troubleshoot network-related issues in the industry.

Tip

We can take the first letter of each layer of the OSI model to create an easy-to-remember phrase: All People Seem To Need Data Processing.

As an example, when a device such as a computer wants to send a message (data) to another device either on a local or remote network, the data has to flow downward in the OSI model, passing through each layer. During this process, a specific set of rules, encoding, and formatting is applied. This is known as encapsulation. Whenever a recipient is processing a message, it goes upward, passing each layer, and parts of the message are stripped away. This is known as de-encapsulation.

The following diagram shows the typical flow of a message through the OSI model when one device is sending a message and another device is accepting and processing an incoming message:

Figure 1.4 – Visual representation of traffic flowing through the OSI model

In the field of networking, a device such as a computer creates a Protocol Data Unit (PDU), sometimes referred to as a datagram. This is the raw data to be sent across a network to another device. At each layer of the OSI model, the PDU has a different name. These names are used to reference the characteristics of the PDU at a particular layer. In your exam, it's important to use this terminology. The following diagram shows a table containing the layers of the OSI model and the name of the PDU at each layer:

Figure 1.5 – PDUs at each layer of the OSI model

To get a better understanding about each layer of the OSI model and the characteristics of PDUs as they are passed between layers, we will discuss the role and function of each layer in the following sections. Let's take a closer look.

Layer 7 – Application layer

The application layer (Layer 7) is the closest layer to the user within the protocol suite. It provides an interface for communication between the applications running in a local system and the underlying network protocols. To further explain, imagine you would like to get a bit more information on the Cisco Certified Network Associate (CCNA) certification. In today's world, internet access is readily available to us, either on mobile data plans that utilize 4G and LTE technologies or internet cafes and coffee shops with free internet access via their Wi-Fi network. Whichever method we use to access the internet, we always need an important application: a web browser to view web pages in a graphical interface, which helps us navigate the internet easily.

Let's continue with our analogy. One action you may want to perform is to visit Cisco's website at www.cisco.com to research the examination objectives and better prepare yourself for the certification.

Opening your favorite web browser, you enter the URL www.cisco.com and hit Enter. Within a couple of seconds, the Cisco website is displayed within the browser's interface. Looking closely at the address bar in the browser, we can see that the Hypertext Transfer Protocol Secure (HTTPS) protocol has been involved by the web browser, as shown in the following image:

Figure 1.6 – HTTPS protocol used in web browser

Keep in mind that the web browser is simply an application running on our computer or smart device that allows us, the user, to use an application layer protocol such as HTTPS to exchange messages (encoded in web languages) between our computer and a web server. This makes the HTTPS protocol one of many application layer protocols.

The following are some commonly known application layer protocols:

In reference to the OSI model, the web browser (application) creates the raw HTTPS message. At this point, the PDU is known as data. Data has no additional encoding or formatting as it is simply the raw (bare) message the application has generated. However, in this state, the PDU can only be recognized and interpreted by another similar application that understands HTTP/S.

When the application layer has finished its job, it passes the PDU onto the lower layer, known as the presentation layer.

Layer 6 – Presentation layer

A very important factor in communication is how content is presented. We must always try to ensure the format in which the message is written or spoken can be interpreted by the recipient very clearly. Imagine an ambassador who only speaks English is traveling to a foreign country on diplomatic business where the foreign nationals do not speak English. This will be a challenge for the ambassador; it can negatively affect some of the communication that they have with the locals during their visit. Having a dedicated person as a translator will assist the ambassador in communicating clearly with the foreign nationals.

We can apply this analogy to a network. There are many protocols that exist both inside and outside of a computer system; some are on the network itself, while others are on the operating systems of a server or desktop computer. Furthermore, as previously mentioned, each layer of the OSI reference model has its own set of protocols, which aid in the transmission of data between devices.

When an application layer protocol such as HTTPS sends the raw data to the network, it passes through the presentation layer (Layer 6), which has to perform some tasks before sending it to the lower layers. The presentation layer is responsible for the following functions:

Most importantly, data formatting ensures the raw data is presented or formatted into a compatible format for both the lower layers and the recipient's device(s) to understand. It's a bit like creating a universal language on a digital network.

Let's look at a simple analogy to further explain this concept. Imagine having to write a letter to a friend who resides in another country. After writing your letter, you securely enclose it within an envelope and insert the correspondence destination address before dropping it off to the local mail courier. Since the letter is intended for international shipping, the local courier will attach an international shipping label containing a universal format for the addressing information. This means the local courier company may need to pass the letter onto another courier until it reaches the intended destination. During this process, each courier will be able to read and interpret the information printed on the universal shipping label because its format is standardized. The same applies to messages passing to the lower layers of the OSI model, hence the importance of the presentation layer.

Another function of the presentation layer is compressing data before it is placed on the network and decompressing it on the recipient's device. Lastly, the presentation layer encrypts data before transporting it between the sender and receiver over a network. On the receiving device, the presentation layer is responsible for the decryption of the encrypted message.

At the presentation layer, the PDU is still known as data. Next, the PDU is passed on to the session layer.

Layer 5 – Session layer

The session layer (Layer 5) has a simple responsibility. At this layer, there are three main functions that work together with a device to ensure datagrams (messages) can be exchanged across a network. These are as follows:

Keep in mind that, at the session layer, the PDU maintains the same name as the upper layers: data.

Layer 4 – Transport layer

The transport layer (Layer 4) is responsible for moving datagrams between the upper layers (application layer) onto the network itself. At the transport layer, the PDU has a new name, Segment.

At the application layer, there are many applications (programs) that generate network traffic, such as HTTP or SMTP, at any time. When each application layer protocol sends their datagram to the network, the transport layer has the responsibility of tracking these conversations as they occur.

Whenever a device wants to send a message across a network, the transport layer prepares the datagram (message) and separates it into manageable pieces for delivery. This is due to the fact that networking devices such as switches and routers, together with client machines such as desktop and server operating systems, have limitations regarding the amount of data that can be put in an IP packet. Therefore, the transport layer handles how to segment and reassemble these messages between the sender and the receiver.

As mentioned previously, there are many protocols at the application layer that handle data in different ways. Web traffic uses HTTP and HTTPS, which is formatted differently from email traffic, which uses the SMTP application protocol. Each protocol is designed to interpret its own type of traffic just fine, but if foreign traffic enters its application, it would be malformed and foreign in nature and therefore be discarded. One of the most important roles of a transport layer is to ensure data is passed to the corresponding applications. In other words, if a web browser is sending HTTP(S) traffic to a device on a network, the recipient application protocol on the destination device is expected to be running HTTP or HTTPS, such as a web server.

The transport layer ensures each datagram is sent to its corresponding application or application layer protocol by assigning a unique port number to the PDU, therefore creating a transport layer header. This process is known as encapsulation.

To get a better understanding of this process, let's use a simple analogy of a commercial tower whose tenants are various companies sharing the same physical infrastructure: the building. Typically, the main public area is the lobby, displaying a directory listing of each company and their floor number.

Let's think of the building as an operating system (OS). According to RFC 6335, there are 65,535 logical network ports within an OS. These ports are categorized as follows:

Figure 1.7 – Network port number ranges

The well-known ports are those that are commonly used by application layer protocols, which are as follows:

Each application layer protocol/service uses a unique port that they send and receive their traffic type to and from. For example, all HTTP traffic will be sent to a device running a web server application (IIS, Apache, or Nginx) with open port 80. For HTTPS traffic to enter the web server, port 443 is the default port that must be open.

Registered ports are used by software and other vendors who want to use a specific port only for their application. These dynamic ports are used temporarily when a device is sending traffic and are sometimes referred to as ephemeral ports. For example, if a PC wants to send traffic to a web server, we know the web server will have port 80 and/or 443 open by default. However, the PC must use a source port. This means a dynamically generated port (ephemeral) between 49152 to 65535 will be used.

Tip

For more information of service names and port number assignment, please see the following URL: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml.

Getting back to our analogy, each person (datagram) who is entering the building (OS) has the intention of visiting a specific company (application protocol/service). They are instructed to take a specific elevator or staircase (transport layer) to reach the destination company in the building. When the individual (datagram) exits the elevator or staircase, they are faced with a few doors (network ports) to different companies on the same floor. Walking through a door (port) will carry the individual to a specific company. Within the OSI model and TCP/IP protocol suite, the transport layer inserts its own header, which contains the source port number of the sender and the destination port number of the recipient to ensure the datagram goes through the correct network port (doorway). This way, it can reach the relevant application layer protocol to be processed.

The following diagram represents the encapsulation of data. The transport layer inserts our header, which contains the source and destination port addresses:

Figure 1.8 – Transport header information

Within the transport layer, there are two protocols that are responsible for the delivery of messages between a sender and a receiver over a network. These are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).

Transmission Control Protocol

TCP is often referred to as a connection-oriented protocol that guarantees the delivery of a message between a sender and a receiver. Before messages are exchanged between two devices, a TCP three-way handshake is established.

The following diagram shows the TCP three-way handshake process:

Figure 1.9 – TCP three-way handshake

The following is a live capture I took while using Wireshark. Look closely and you'll notice the sender, 172.16.17.14 (Client A), has sent a TCP Synchronization (SYN) packet to a destination address of 172.16.17.18 (Client B). By default, Client B responds with a TCP acknowledgement but additionally with a TCP SYN because it also wants to communicate with Client A. Hence, a TCP SYN/ACK packet gets returned. Finally, Client A receives the TCP SYN/ACK packet and responds with a TCP ACK to establish the TCP three-way handshake, as shown here:

Figure 1.10 – TCP three-way handshake shown in Wireshark

Once this process is complete, whenever each message is delivered to the recipient, a TCP ACK packet is sent back to the sender, indicating a successful delivery. However, if a sender does not receive a TCP ACK response from a recipient after a certain time, the sender will resend the message until a TCP ACK is received. This is how TCP ensures the delivery of messages on a network. However, due to the high overhead of TCP ACK packets on the network, not all application layer protocols uses TCP as their preferred choice of transport protocol. Some use UDP instead.

User Datagram Protocol

The UDP is a connectionless protocol, known for its best-effort delivery methods. Best-effort simply means the UDP protocol will send the message but will not provide reassurance during delivery. This means that if the message is lost during transmission, UDP will not attempt to resend it. Unlike TCP, it does not provide any message delivery guarantees. If an application layer protocol such as DNS uses UDP for transporting its messages, the transport layer will send it off to its intended destination without any prioritization or any reliability during the message's transmission on the network.

Unlike TCP, UDP does not provide any delivery confirmation, though some application layer protocols prefer UDP for its low overhead and speed on the network.

Layer 3 – Network layer

The network Layer, (Layer 3) is responsible for the logical address on the network and the encapsulation of the IP header, which adds both the source (sender) and destination (receiver) IP version 4 (IPv4) and/or Internet Protocol version 6 (IPv6) addresses to the packet.

This layer provides the following functions:

The Internet Protocol (IP) operates at this layer. IP is a connectionless protocol, which means the protocol itself does not establish a session with a recipient before attempting to send or receive messages. In a similar way to the UDP of the upper layer (transport layer), it is also sent using best-effort mechanisms, thus providing no delivery guarantee for IP packets. Lastly, IP can function independently from the medium on the network (copper, fiber optic, or even wireless). Since IP does not have any reliability, the responsibility of ensuring packet delivery depends on the transport layer.

Furthermore, the network layer provides the functionality of directing traffic flows using routing protocols, which operate using the IP. At this layer, routers operate as they have the ability to read and understand IP addressing and the contents of a packet.

When the PDU is passed down to the network layer, it is encapsulated with an IPv4 or an IPv6 header to provide logical addressing, as shown here:

Figure 1.11 – Packet header

Keep in mind that the source and destination IP addresses do not change during their transmission between devices on a network. However, there is one exception: the source IP address changes when it passes a NAT-enabled router, which is configured to change a private IPv4 address into the public IPv4 address of the router's internet-facing interface. We will cover Network Address Translation (NAT) in Chapter 9, Configuring Network Address Translation (NAT).

At this state, the PDU is called a Packet. In later chapters, we'll discuss IPv4 and IPv6 in greater detail.

Layer 2 – Data link layer

The data link layer (Layer 2) of the OSI model is responsible for allowing the messages of the upper layers to access the physical network. It also controls how data is placed and received on the physical network (media), and it handles error detection and flow control. Within the data link layer, there are two sublayers. These are the Logical Link Control (LLC) and the Media Access Control (MAC).

Logical Link Control

LLC encapsulates the packet that's received from the network layer into a frame by adding a Layer 2 header containing the source (sender) and destination (receiver) MAC addresses. At the end of the frame, a trailer is added. The trailer of a frame contains the File Check Sequence (FCS). The data link layer creates a hash value to represent the contents of the frame; this is known as the Cyclic Redundancy Check (CRC) hash value. The CRC value is located in the FCS field of the trailer. The recipient device(s) use this value to determine whether the frame was corrupted or modified during its transmission between the sender and the receiver.

Media Access Control

For a device to connect and communicate on a computer network, a Network Interface Card (NIC) is required. The NIC allows the device to establish a connection to the physical network, regardless of whether the medium is copper or fiber optic cabling, or a wireless connection such as Wi-Fi. The NIC enables a device to exchange messages with another device while using the media (or medium) as the highway.

The MAC address is 48 bits (6 bytes) in length and is presented in the format of hexadecimal values; that is, 0 1 2 3 4 5 6 7 8 9 A B C D E F. An example of a MAC address is 12 : 34 : 56 : 78 : 9A : BC. The first 24 bits of the MAC address are known as the Organization Unique Identifier (OUI). The OUI identifies the manufacturer of the Network Interface Card (NIC) and the second 24 bits are assigned by the manufacturer. The MAC address is also known as a burned-in address (BIA) since it is hardcoded onto the hardware and, theoretically, can't be changed.

The following diagram represents a datagram known as the Frame. It contains both a Data Link Header and a Trailer:

Figure 1.12 – Frame header

Notice that an additional field inserted called the Preamble. The Preamble is a 7-byte field used on an Ethernet frame to indicate the start of the frame, its sequencing, and its synchronization. Before the data link layer places a message on the physical layer, it needs to break it up into smaller piece called bits. Each bit will contain the addressing headers, trailers, and the preamble, which contains a sequence for each bit.

The following diagram represents a depiction of two computers. PC A is sending some messages to PC B and since the blocks represent the message, it has been segmented into small bits. These are then sent across the network to the recipient:

Figure 1.13 – Bits moving across the physical layer

When the bits are received on the destination device, the sequence numbers of each bit will help the recipient reassemble the bits into a message.

To check the MAC address of your network adapters on a Microsoft Windows operating system, use the following instructions:

The following screenshot shows the output after running the ipconfig /all command:

Figure 1.14 – MAC address on a Windows device

On Microsoft Windows, the Physical Address is the MAC address of the NIC.

Important note

On some operating systems, the MAC address is shown in XX:XX:XX:XX:XX:XX, XXXX.XXXX.XXXX, or XX-XX-XX-XX-XX-XX format.

Additionally, if you would like to determine the manufacturer of the device, use the following steps:

The following is the OUI search results:

Figure 1.15 – MAC vendor lookup

Now that you know about the data link layer, how to determine the MAC address, and how to perform a vendor lookup, let's take a look at the physical layer.

Layer 1 – Physical layer

The physical layer (Layer 1) is used to transport the messages that are created by the host device using network media. When messages are placed on the media, they are converted into signals such as electrical, light, and radio frequency, depending on the medium (copper, fiber, or wireless). At this layer, the PDU is known as bits.

Network components

In very network there is some form of media that's used to transport messages (signals) between devices. Ethernet is the underlying technology standard that describes how messages (signals) are transmitted over a cable at a defined speed. Ethernet is part of a family of communication standards developed by the Institute of Electrical and Electronic Engineers (IEEE).

Important note

Specifically, Ethernet is defined by IEEE 802.3.

Furthermore, Ethernet has standards for both copper and fiber optic cabling and supports speeds ranging from 10Megabits per second (Mbps) to 10Gigabits per second (Gbps). Keep in mind that these speeds may vary based on various variables, such as the length of the cable, the type of cable, and whether the signals are transmitted through copper or fiber.

There are two main types of cabling that are used on an Ethernet network: copper and fiber. In the following sections, we will outline the characteristics of each type and their use cases.

Copper cabling is very cheap and easy to implement in almost all environments. There are two popular types of copper cables: Unshielded Twisted Pair (UTP) and Shielded Twisted Pair (STP).

Important note

STP cables provide protection from electromagnetic interference (EMI) compared to the UTP cable. However, due to this added feature, the cost of STP cables is a bit higher because a metal shielding is used during the manufacturing process and this needs to be grounded.

Each of these cables contains a total of eight copper wires, each of which has their own color code, as follows:

With copper, there are a number of cable categories. The following are the characteristics of various cables:

Copper cables are all susceptible to attenuation. Attenuation is the loss of signal over a great distance. In the field of networking, when a device is sending a signal over the wire, the longer the distance the signal has to travel, the more likely the signal will deteriorate (get weaker) as it's moving along the wire.

Nowadays, ISPs are rolling out fiber-optic cables between their head offices and their customers' locations to provide increased bandwidth and other services. You may be wondering, what is fiber optic? Fiber uses light pulses to exchange messages in the form of bits. These light pluses are generated using light-emitting diodes (LEDs) rather than electrical signals used in the regular network cables we are accustomed to. Since fiber cables uses light pulses, this creates a major benefit for network and telecommunication professionals.

The core material a fiber cable is made with is either glass or plastic. The plastic core is cheaper to manufacture and therefore the fiber cable itself is cheaper to the customer. Additionally, it is less fragile compared to a cable with a glass core. The glass core allows for higher throughput due to its less dense material. Keep in mind that neither a glass or plastic core can be bent; both cores can be broken easily with very light force.

Fiber has some benefits; for example, much larger throughputs of network traffic can be supported, signals can travel along a fiber cable for many kilometers without experiencing signal loss, it's immune to EMI and RFI, and it allows service providers to transport more services and bandwidth to customers. However, there are a couple of disadvantages. The cost of fiber is a lot higher than the cost of copper cables because of the material composition. Also, the fragile nature of the fiber optic core (glass or plastic) makes the cable susceptible to damage.

Fiber optic cables can operate in two modes: single mode fiber and multi-mode fiber. The following are the characteristics of these two modes:

Single-mode fiber has the following characteristics:

Multi-mode fiber has the following characteristics: