Networking Facts: Baseband Signaling and Broadband Signaling

Networking Facts Baseband signaling allows one signal at a time on the
A network is a group of computers (often called nodes or hosts) that Baseband

network medium (cabling).
can share information through their interconnections. A network is
made up of the following components: Broadband signaling divides the network medium into
Broadband multiple channels, allowing several signals to traverse
• Computer systems (nodes or hosts) the medium at the same time.
• Transmission media--a path for electrical signals between devices
• Network interfaces--devices that send and receive electrical Networking Configuration
signals Network architecture is a set of standards for how computers are
• Protocols--rules or standards that describe how hosts physically connected and how signals are passed between hosts.
communicate and exchange data
Some typical network architectures are described in the table below.
There are several ways to classify networks. The following table lists Network
several ways to describe a network. Description
Architecture
Network Type Description Ethernet is a wired networking standard and is the
Ethernet
Host Role most common networking architecture used in LANs.
In a peer to peer network, the hosts provide and Dial-up networking is a common way to connect a
consume network services, and each host has the same computer to a remote network, such as the Internet. A
Dial-up Modem
operating system. modem on each computer uses the phone lines to
send and receive data.
Advantages of peer to peer networks include: DSL is a fast-growing alternative to dial-up networking
DSL (Digital
• Easy implementation Subscriber Line)
to connect to the Internet. DSL uses regular phone
• Inexpensive lines to send digital broadband signals.
Peer-to-Peer
ADSL offers differing upload and download speeds and
Disadvantages of peer to peer networks include: can be configured to deliver up to six megabits of data
Asymmetrical
• Difficult to expand (not scalable) DSL (ADSL)
per second (6000K) from the network. ADSL enables
voice and high-speed data to be sent simultaneously
• Difficult to support over the existing telephone line.
• Lack centralized control
A non-standard version of ADSL. Note that standard
• No centralized storage Rate Adaptive
ADSL also permits the ADSL modem to adapt speeds
DSL (RADSL)
In a client/server network, hosts have specific roles. For of data transfer.
example, some hosts are assigned server roles which Up to 26 Mb/s, over distances up to 50 Meters on short
allows them to provide network resources to other hosts. loops such as from fiber to the curb. In most cases,
Other hosts are assigned client roles which allows them Very High Bit VDSL lines will be served from neighbourhood cabinets
to consume network resources. Unlike peer to peer Rate DSL that link to a Central Office via optical fiber. VDSL is
networks, hosts in a client/server network have different (VDSL) currently being introduced in market trials to deliver
operating systems. video services over existing phone lines. VDSL can
also be configured in symmetric mode.
Advantages of client/server networks include:
This variety created in the late 1980s delivers
Client/Server • Easily expanded symmetric service at speeds up to 2.3 Mbps in both
• Easy to support directions. Available at 1.5 or 2.3 Mbps, this symmetric
• Centralized services fixed rate application does not provide standard
High Data Rate
telephone service over the same line and is already
• Easy to backup DSL (HDSL)
standardized through ETSI and ITU (International
Telecommunications Union). Seen as an economical
Disadvantages of client/server networks include: replacement for T1 or E1, it uses one, two or three
• Server operating systems are expensive twisted copper pairs.
• Requires extensive advanced planning This is a form of DSL that supports symmetric data
rates of up to 144 Kbps using existing phone lines. It is
Geography and Size Integrated
unique in that it has the ability to deliver services
LANs reside in a small geographic area, like in an office. Services Digital
Local Area through a DLC (Digital Loop Carrier: a remote device
A series of connected LANs, or a LAN connected across Network DSL
Network (LAN) often placed in newer neighborhoods to simplify the
several buildings or offices, is called an internetwork. (IDSL)
distribution of cable and wiring from the phone
Wide Area company).
A WAN is a group of LANs that are geographically
Network ISDN is another alternative to traditional dial-up that
isolated but connected to form a large internetwork.
(WAN) can be used to connect to the Internet or to directly
Participation communicate with another computer connected to the
ISDN network. ISDN can use regular telephone wiring,
A LAN or WAN for private individual or group use which ISDN (Integrated but must be connected to a special ISDN network.
may or may not be secure. Examples include home and Services Digital
organization networks. Intranets and extranets, although Network)
• BRI ISDN is 2 “B” Channels at 64Kbps for a total
of 124Kbps (BRI=Basic Rate Interface)
related to the Internet, are private networks. Both an
Private • PRI ISDN also known as T1 is 23”B” Channels
extranet and intranet are tightly controlled, and made
available only to select organizations. An extranet is and one 64Kpbs “D” Channel (PRI=Primary Rate
made available to the public and an intranet is made Interface)
available internally. Wireless networking uses radio waves or infrared light
A large collection of unrelated computers, with each to send data between hosts. Most wireless networks
Wireless
Public node on the network having a unique address. The connect into larger wired networks which are in turn
Internet, for example, is a public network. connected to the Internet.
Signaling
Network+ N10-003 Cheat Sheet Page 1

Note: You do not need to know what each type of DLS is or does. You A mesh topology exists when there are multiple paths
may be asked to select what are valid DSL types from a list. between any two nodes on a network. Mesh topologies are
created using point-to-point connections. This increases the
Communication between hosts on a network generally takes one of network's fault tolerance because alternate paths can be
three forms: used when one path fails. Two variations of mesh topologies
• Simplex--one-way communication from a sender to a receiver. exist:
• Half-duplex--two-way communication between two hosts. • Partial Mesh--Some redundant paths exist.
Communication only travels in one direction at a time. • Full Mesh--Every node has a point-to-point connection
• Duplex--two-way communication between hosts. Communication with every other node.
can travel in both directions simultaneously. Full mesh topologies are usually impractical because the
Mesh
number of connections increases dramatically with every new
Topology Facts node added to the network. However, a full mesh topology
Topology is the term used to describe how devices are connected and becomes more practical through the implementation of an ad-
how messages flow from device to device. There are two types of hoc wireless network. With this topology, every wireless
network topologies: network card can communicate directly with any other
• The physical topology describes the physical way the network is wireless network card on the network. A separate and
wired. dedicated network interface and cable for each host on the
network is not required.
• The logical topology describes the way in which messages are
sent.
Logical Topologies
The following table describes several common physical topologies. A logical topology is the way that the signals act on the network media,
or the way that the data passes through the network from one device
Topology Description to the next without regard to the physical interconnection of the
A physical bus topology consists of a trunk cable with nodes devices. Logical topologies are bound to the network protocols that
either inserted directly into the trunk, or nodes tapping into direct how the data moves across a network.
the trunk using offshoot cables called drop cables.
• Signals travel from one node to all other nodes on the In the Bus Logical Topology each time a node on the network has data
for another node; the sending node broadcasts the data to the entire
bus.
network. The various nodes hear it and look to see if the data is for
• A device called a terminator is placed at both ends of them. If so, they keep the data. If not they ignore the data. Ethernet
the trunk cable. is the best known example of a logical bus network. LocalTalk is also
Bus • Terminators absorb signals and prevent them from another example of a logical bus network.
reflecting repeatedly back and forth on the cable.
The physical bus: In the Ring Logical Topology only one node can send information
• Requires less cable than the star across the network at any given time. This is achieved by way of a
token. The Token Ring and Fiber Distributed Data Interface are
• Can be difficult to isolate cabling problems examples of a Logical Ring Network
• A ring topology connects neighboring nodes until they
Note: Remember if you see logical in the question about a 10BaseT,
form a ring. Signals travel in one direction around the 100BaseT network it is referring to the bus topology.
ring. In ring topologies, each device on the network acts
as a repeater to send the signal to the next device. With To connect to a TCP/IP network you do not need a default Gateway,
a ring: unless you are required to connect to the Internet or another network,
• Installation requires careful planning to create a to be entered into the client configuration. Only an IP address and a
continuous ring. subnet mask are required to be able to communicate on the network.
• Isolating problems can require going to several physical A default gateway is required for access to another network such as
locations along the ring. the internet.
• A malfunctioning node or cable break can prevent
100VG-anyLAN
signals from reaching nodes further along on the ring. IEEE 802.12 also called Demand Priority. The VG stands for Voice
• MSAU’s use “RING IN” and “RING OUT” ports for Grade the 100 is obviously 100Mbps while the “anylan” part refers to
Ring multiple MSAU’s. These need to be configured in the the ability to work within just about any Ethernet LAN technology.
proper order. With multiple MSUA’s the “ring out” needs Questions about this topic may include what method access is used by
to connect to the “ring in” in order to complete the ring. 100VG-anyLAN. The difference here is Demand Priority over
• Adding a work station to a physical ring topology will CMSA/CD that is part of 802.3 Ethernet protocol.
disconnect all clients from the network.
Twisted Pair Facts
• Token Ring 802.5: Remember that Token Ring
Twisted pair cables support a wide variety of fast, modern network
networks do not have any collisions as they use a token standards. Twisted pair cabling is composed of the following
pass to communicate. Questions regarding networks components:
where no collisions are the highest priority could be
referring to Token Ring. A Token Ring network also • Two wires that carry the data signals (one conductor carries a
provides equal access to all computers. positive signal; one carries a negative signal). They are made of
22 or 24 gauge copper wiring.
A star topology uses a hub (or switch) to concentrate all
network connections to a single physical location. With the • PVC or plenum plastic insulation surrounds each wire. Plenum
star: cable is fire resistant and non-toxic. It must be used when wiring
above ceiling tiles. PVC cable cannot be used to wire above
• All network connections are located in a single place, ceilings because it is toxic when burned.
which makes it easy to troubleshoot and reconfigure.
• Two wires are twisted to reduce the effects of electromagnetic
• Nodes can be added to or removed from the network interference (EMI) and crosstalk. Because the wires are twisted,
Star easily. EMI should affect both wires equally and can be cancelled out.
• Cabling problems usually affect only one node. • Multiple wire pairs are bundled together in an outer sheath.
• Requires more cable than any other topology. Every Twisted pair cable can be classified according to the makeup of
node has its own cable. the outer sheath:

o Shielded Twisted Pair (STP) has a grounded outer copper
shield around the bundle of twisted pairs or around each pair. The easiest way to create a crossover
This provides added protection against EMI. cable is to arrange the wires in the first
o Unshielded Twisted Pair (UTP) does not have a grounded connector using the T568A standard
outer copper shield. UTP cables are easier to work with and and arrange the wires in the second
are less expensive than shielded cables. connector using the T568B standard.
The table below describes the different unshielded twisted pair (UTP)
cable types (categories). Ethernet specifications use the following pins (Tx is a pin used for
Type Connector Description transmitting and Rx is a pin used for receiving):
Phone RJ-11 Used to connect a PC to a phone jack in a wall • Pin 1: Tx+
cable outlet to establish a dial-up Internet connection. • Pin 2: Tx-
Has two pairs of twisted cable (a total of 4 wires). • Pin 3: Rx+
Cat 3 RJ-45 Designed for use with 10 megabit Ethernet or 16 • Pin 4: Unused
megabit token ring.
• Pin 5: Unused
Cat 5 RJ-45 Supports 100 megabit and 1 gigabit Ethernet and • Pin 6: Rx-
ATM networking.
• Pin 7: Unused
Cat 5e RJ-45 Similar to Cat 5 but provides better EMI protection.
Supports 1 and 10 gigabit Ethernet (gigabit • Pin 8: Unused
connections require the use of all four twisted
pairs). Coaxial Cable Facts
Coaxial cable is an older technology that is usually implemented with a
Cat 6 RJ-45 Supports high-bandwidth, broadband bus topology. It is not suitable for ring or star topologies because the
communications. ends of the cable must be terminated. It is composed of two
Cat-6 RJ-45 Used for data transmissions. Supports up to 600 conductors, which share a common axis, within a single cable.
STP MHz and used in Ethernet, Fast Ethernet,
Gigabit Ethernet, Token Ring, and 155 Mbps ATM. Coaxial cable is built with the following components:
• Two concentric metallic conductors:
The table below describes the two types of connectors used with o The inner conductor, which carries data signals. It is
twisted pair cables. made of copper or copper coated with tin.
Connector Description o The mesh conductor is a second physical channel that
also grounds the cable. It is made of aluminum or copper
• Has 4 connectors coated tin.
RJ-11 • Supports up to 2 pairs of wires • The insulator, which surrounds the inner conductor, keeps the
• Uses a locking tab to keep connector secure in signal separated from the mesh conductor. It is made of PVC
outlet plastic.
• Used primarily for telephone wiring • The mesh conductor, which surrounds the insulator and grounds
the cable. It is made of aluminum or copper coated tin.
• Has 8 connectors • The PVC sheath, which is the cable encasement. It surrounds
RJ-45 • Supports up to 4 pairs of wires and protects the wire. It is made of PVC plastic.
• Uses a locking tab to keep connector secure in
outlet Coaxial cable has the following advantages and disadvantages:
• Used for Ethernet and some token ring connections Advantages • Highly resistant to EMI (electromagnetic
Each type of UTP cable can be substituted for any category below it, interference)
but never for a category above. For example, Cat 6 can be substituted • Highly resistant to physical damage
for a task requiring Cat 5e; however, neither Cat 5 nor Cat 3 should be
used for this particular task.
Disadvantages • Expensive
• Inflexible construction (difficult to install)
Making Cable Facts • Unsupported by newer networking standards
Twisted pair cables remain one of the primary ways that computers
connect to a network. Computers connect to the network through a hub
or switch with a straight-through cable. Computers can connect directly The table below describes the different coaxial cable grades.
to one another using a crossover cable. Resistance
Grade Uses
Rating
The table below illustrates both straight-through and crossover cable
configurations. • 10Base2 Ethernet networking (also known
Cable Description RG-58 as Thinnet) 50 ohms
There are two standards for creating
straight-through cables: • Limited to 185 meters
• T568A--To use this standard, RG-59 Cable TV and cable networking 75 ohms
arrange the wires from pins 1 to 8 RG-6 Satellite TV 75 ohms
in each connector in the following
order: GW, G, OW, B, BW, O, • 10Base5 Ethernet networking (also known
BrW, Br. as Thicknet)
RG-8 50 ohms
• T568B--To use this standard,
arrange the wires from pins 1 to 8 • Limited to 500 meters
in each connector in the following
order: OW, O, GW, B, BW, G,
BrW, Br.

The table below describes the types of connectors used with coaxial
cable. • Also called a push in and twist
connector
Connector Description
• Each wire has a separate
• Twisted onto the cable connector
• Used to create cable and satellite TV • Nickel plated with a ceramic
F-Type
connections ferrule to insure proper core
• Used to hook a cable modem to a alignment and prevent light ray
deflection
broadband cable connection
• Also referred to as ‘T Connectors’
• As part of the assembly process,
it is necessary to polish the
BNC exposed fiber tip to ensure that
• Molded onto the cable light is passed on from one cable
• Used in 10Base2 Ethernet networks to the next with no dispersion
AUI • Used with single- and multi-mode

• DB15 serial connector cabling
• Used in 10Base5 Ethernet networks • Push on, pull off connector type
that uses a locking tab to
maintain connection
Fiber Optic Facts Subscriber Connector (SC)
To connect computers using fiber optic cables, you need two fiber • Each wire has a separate
strands. One strand transmits signals, and the other strand receives connector
signals. Fiber optic cabling is composed of the following components: • Uses a ceramic ferrule to insure
• The core carries the signal. It is made of plastic or glass. proper core alignment and
prevent light ray deflection
• The cladding maintains the signal in the center of the core as the
cable bends. • As part of the assembly process,
it is necessary to polish the
• The sheathing protects the cladding and the core. exposed fiber tip
Fiber optic cabling offers the following advantages and disadvantages: • Used with single- and multi-mode
cabling
Advantages • Totally immune to EMI (electromagnetic
interference) • Composed of a plastic connector
with a locking tab, similar to a
• Highly resistant to eavesdropping RJ-45 connector
Lucent Connector (LC)
• Supports extremely high data transmission rates • A single connector with two ends
• Allows greater cable distances without a repeater keeps the two cables in place
Disadvantages • Very expensive • Uses a ceramic ferrule to insure
proper core alignment and
• Difficult to work with prevent light ray deflection
• Special training required to attach connectors to • Half the size of other fiber-optic
cables connectors
Multi-mode and single mode fiber cables are distinct from each other • Used with single and multi-
and not interchangeable. mode cabling
• Composed of a plastic
The table below describes multi-mode and single mode fiber cables. connector with a locking tab
Type Description Mechanical Transfer-Registered • Uses metal guide pins to
Jack Connector (MT-RJ) ensure it is properly aligned
• Transfers data through the core using a single light ray (the
• A single connector with one
ray is also called a mode)
end holds both cables
• The core diameter is 8 to 10 microns and 125 micron
• Uses a ceramic ferrule to
Single cladding
insure proper core
Mode • Supports a large amount of data alignment and prevent light
• Cable lengths can extend a great distance ray deflection
• Full duplex
802.3z
• Connectors are: MT-RJ and LC
The Gigabit Ethernet SX feature is a TCP/IP attachment that offers
• Transfers data through the core using multiple light rays high-speed data transfers using multi-mode optical fiber. 1000BASE-
SX
Multi-
• The core diameter is 50 to 100 microns and 125 micron
cladding USB and FireWire Facts
mode
• Cable lengths are limited in distance (550 meters) You can create a network connection between two PCs by plugging a
• Full duplex USB cable into their USB ports. You can also use software that allows
you to connect multiple PCs through a USB hub. USB is a serial
communication specification. There are two USB versions:
Fiber optic cabling uses the following connector types:
• USB 1.0 runs at 12 megabits per second.
Type Description
• USB 2.0 runs at 480 megabits per second.
Straight Tip (ST) Connector • Used with single and multi-mode
cabling The table below describes the three types of USB connectors.
• Keyed, bayonet-type connector Connector Description

• Generally plugs directly into the in the original assignment can apply for a new MAC
A Connector computer or a hub address assignment.
• To connect two computers together
directly, select a USB cable with two A A NIC communicates across the network using the following method:
connectors 1. The NIC receives data from the PC.
2. The NIC breaks the data into frames, which include the following
• Generally plugs into a hub, printer, or information:
other peripheral device to connect the o The receiving NIC's MAC address
B Connector device to the computer o The sending NIC's MAC address
• Most USB cables have an A connector o The data it is transmitting
on one end (to connect to the cable) o The CRC (cyclic redundancy checking) which is used to
and a B connector on the other end (to
verify correct transmission and reception of the data
connect to the device)
3. The NIC encodes the frames as electrical or light impulses and
• Designed to plug in to devices with transmits them across the network.
Mini Connector mini plugs such as a digital camera 4. The receiving NIC verifies the NIC addresses and CRC.
5. The receiving NIC tracks the frames and reassembles the data.
• Most USB cables with a mini 6. The receiving NIC sends the data to the PC.
connector have an A connector on the
other end to connect to the computer Network Connection Device Facts
You can also create a network connection between two PCs using The following table lists several common connection devices used
their FireWire (IEEE 1394) ports. within a LAN.
Device Description
The table below describes Firewire and its connectors.
A hub is the central connecting point of a physical star,
Connector Description
logical bus topology. Hubs manage communication among
6-pin Connector • Supports data transfer speeds at hosts using the following method:
upwards of 400 Mbps • A host sends a frame to another host through the hub.
• 6-pin connector is used when making • The hub duplicates the frame and sends it to every host
4-pin Connector connections between PCs connected to the hub.
• 4-pin connector is used to connect to
Hub
• The host to which the frame is addressed accepts the
peripheral devices frame. Every other host ignores the frame.
Network Adapter Facts Active VS’s Passive hubs – Active hubs regenerate the
A network adapter connects a host to the network medium. Some signals while passive hubs do not. Active hubs are generally
computers, like laptops, come with built-in network adapters. Other more expensive than passive hubs. Both passive and active
computers use NICs (network interface cards) that plug in to the hubs work at the physical layer (layer1) of the OSI model.
system's expansion slots or which are external to the computer and Use crossover cables and not patch cables to connect
connect through an existing computer port. A common network multiple hubs together.
interface card is one used on an Ethernet network. Switches provide functionality similar to hubs, but typically on
a larger scale and with higher performance (A switch offers
The table below describes the components of an Ethernet NIC. guaranteed bandwidth to each port). Unlike a hub, a switch
Component Description forwards frames only to the intended host, not every host
connected to the switch.
Media These connect the network interface and host to the A switch builds a database based on MAC addresses to
connectors network media. make forwarding decisions.
This visually indicates the network connection status. • The process begins by examining the source address of
Link indicator Green generally indicates a good connection, and red or an incoming packet. If the source address is not in the
an unlit diode indicates a bad connection. forwarding database, an entry for the address is made
A NIC's transceiver is responsible for transmitting and in the database. The port it came in on is also recorded.
receiving network communications. To send signals to the • The destination address is then examined.
network, it converts digital data from a PC to digital Switch o If the destination address is not in the database,
signals. The type of signal the transceiver sends depends the packet is sent out all ports except for the one
Transceiver
on the type of network. A fiber optic NIC sends light on which it was received.
signals; an Ethernet NIC sends electronic signals. To o If the destination address is in the database, the
receive signals, the transceiver converts digital signals
packet is forwarded to the appropriate port if the
from the network to digital data for the PC.
port is different than the one on which it was
MAC Address The MAC address is a unique hexadecimal identifier received.
burned into the ROM (physically assigned address) of o Broadcast packets are forwarded to all ports
every network interface. except the one on which they were received.
• The MAC address is a 12-digit hexadecimal number
(each number ranges from 0-9 or A-F). Eventually, a switch learns the location of all devices on the
• The address is often written as 00-B0-D0-06-BC-AC network. Incoming frames are then sent directly to the switch
or 00B0.D006.BCAC, although dashes, periods, and port to which a specific host is connected.
colons can be used to divide the MAC address parts. Bridge Bridges connect separate media segments (networks) that
• The MAC address is guaranteed unique through use the same protocol. Like a switch, bridges use MAC
design. The first half (first 6 digits) of the MAC addresses to determine a frame's destination and to build a
address is assigned to each manufacturer. The table of device addresses and their corresponding segments.
manufacturer determines the rest of the address, This also allows a bridge to prevent messages within a
assigning a unique value which identifies the host media segment from crossing over to another segment. This
address. A manufacturer that uses all the addresses keeps the network from wasting bandwidth by eliminating
unnecessary traffic between segments. If a bridge does not

have the destination address in its forwarding table, then it
will forward it to all ports except the originating port. The following table is a quick reference guide to network devices.
Device Purpose Operation Remarks
A transparent bridge can be used to segment a network. It’s
called transparent because other devices on the network do Connects all nodes in a
not need to be aware of it. This would be used to relieve concentrator
network together;
congestion on a network by segmenting it. (passive),
Hub transmissions received in 1 Layer 1
repeater
port are rebroadcast to all
Translational bridges are used when you need to translate (active), MAU
ports
data from one format to another across segments.
A wireless access point (WAP) is a hub for a wireless Connects all
multiport
Wireless network. A WAP works like a hub except that hosts connect nodes/segments in a
bridge,
Access using radio waves instead of wires. Note: A WAP can have Switch network together; filters Layer 2
configure
Point ports that interface with a wired portion of a segment, and forwards packets;
VLANs
(WAP) allowing you to connect the WAP to the wired network. Some isolate collision domains
WAPs even have built-in wired hubs or switches.
Connects 2 network
segments with dissimilar
Internetwork Device Facts wired or
Bridge media types; isolate Layer 2
In a broad sense, the term network can describe any collection of wireless
collision domains within a
devices connected together to share information and resources. For
segment
example, the Internet is a worldwide network linking computers so they
can share resources. The telephone company is another type of
network, connecting phones and providing services. Connects 2 networks with
different topologies; maps
Router Layer 3 Brouter, IOS
Likewise, the term internetwork might mean connecting two separately nodes & routes packets;
managed networks together, or it might mean connecting two network isolates broadcast domains
segments together. Devices such as hubs, switches, and bridges
connect multiple devices to the same network segment. Internetwork Connects 2 networks with
devices connect multiple networks or subnets together, and enable different protocols or Layer 4, 5, connection to
Gateway
communication between hosts on different types of networks. technologies; could be 6, 7 ISP, PABX
hardware or software
The following table lists several common internetworking devices.
An expansion card
Device Description installed in a device to PCI, USB,
A gateway is a generic term used to describe any device that NIC connect/interface to the Layer 1, 2 PCMCIA, built-
connects one administratively managed network with another. network; particular to in M/B
For example, a gateway connects a business network to the media & protocol
Internet. The gateway device controls the flow of data between
the two networks. In addition, the term gateway is often used A 2 in 1 device used to
Gateway connect a digital carrier to
to describe a specialized device that translates data sent T1, T3; V.35
between two networks using different protocols. Gateways CSU/DSU the network equipment; -
interface
work on the top 3 layers of the OSI and are required input provides diagnostics &
within the TCP/IP setting for a client for connection to another buffering
network such as the Internet.
The terminal adapter used
A router is a device that connects two or more network ISDN
to connect to the internet - BRI TA
segments or subnets. adapter
via ISDN technology
• Each subnet has a unique, logical network address.
• Routers can be used to connect networks within a single A device used to connect
LAN, or they can be used as gateways to connect mobile PCs to a wired infrastructure
WAP Layer 1, 2
multiple LANs together. network wirelessly via RF mode, WiFi
Router technology
• Routers can be used to connect networks with different
architectures (such as connect an Ethernet network to a
A device that changes
token ring network).
digital to analog signal and POTS (V.92),
Modem -
vice versa; xDSL, cable
In addition to simply linking multiple subnets together, routers
modulator/demodulator
keep track of other subnets on the internetwork and decide the
direction data should travel to reach the destination.
A device that transmits or
A firewall is a router with additional security features. Firewalls receives analog or digital media
can be programmed with security rules to restrict the flow of Transceiver signals; allows a NIC to - converter,
traffic between networks. connect to a different DIX/AUI
• A firewall can control the type of traffic allowed in to a media type
Firewall network and the type of traffic allowed out of a network.
A stand-alone device or
• Rules set up on the firewall determine the types of software used to protect
port blocking,
permitted and prohibited traffic. packet filtering,
Firewall networks from spyware, -
• A firewall can be either hardware devices or software hackers, worms, phising,
proxy server,
installed onto operating systems. DMZ
trojans
Note: There are also some switches (called Layer 3 switches) that
Ethernet Facts
have built-in router functionality. These switches examine the logical
Ethernet is the most popular networking architecture for LANs. It offers
network address (instead of the MAC address) to switch packets
high performance at a low cost and is easy to install and manage.
between networks.

The following table describes various details about Ethernet.
Characteristic Description Ethernet Specifications
Ethernet standards are defined by the work of the IEEE 802.3
Ethernet uses one or more of the following networking committee.
topologies:
Topology • Physical bus, logical bus The following table compares the characteristics of various Ethernet
implementations.
• Physical star, logical bus
• Physical star, logical star Maximum
Category Standard Bandwidth Cable Type Segment
Ethernet uses a contention-based media access Length
method called Carrier Sense, Multiple Access/Collision
10 Mbps (half
Detection (CSMA/CD). Devices use the following
duplex) Twisted pair
process to send data. 10BaseT 100 meters
20 Mbps (full (Cat3, 4, or 5)
1. Because all devices have equal access (multiple
Ethernet duplex)
access) to the transmission media, a device with
data to send first listens to the transmission 10 Mbps
1,000 to 2,000
medium to determine if it is free (carrier sense). 10BaseFL (multimode Fiber optic
meters
2. If it is not free, the device waits a random time cable)
and listens again to the transmission medium. 100 Mbps Twisted pair
When it is free, the device transmits its message. (half duplex) (Cat5 or higher)
Media Access 3. If two devices transmit at the same time, a 100BaseT4 100 meters
200 Mbps Uses 4 pairs of
Method collision occurs. The sending devices detect the Fast (full duplex) wires
collision (collision detection) and send a jam Ethernet
signal to notify all other hosts that a collision has 100 Mbps
occurred. 100BaseFX (multimode Fiber optic 412 meters
4. Both devices wait a random length of time before cable)
attempting to resend the original message (called UTP Twisted
backoff). 1000BaseT 100 meters
pair (Cat5e)
Note: When switches are used on an Ethernet 25 meters, used
1000BaseCX Special copper
network, collisions disappear. Most devices can detect within wiring
(short copper) (150 ohm), STP
this and will turn off collision detection and use full- 1,000 Mbps closets
duplex communication. Gigabit (half duplex) 220 to 550
Ethernet 1000BaseSX 2,000 Mbps MM fiber –50 meters
Ethernet supports the following cable types:
(short) (full duplex) Micron depending on
• Unshielded twisted-pair cables (UTP) with RJ-45 cable quality
connectors. This is the most common
Transmission transmission medium used for Ethernet. 550 (multimode)
1000BaseLX MM fiber optic or
Media • Fiber optic, most commonly used in high-speed 10 Km (single-
(long) SM fiber optic
mode)
applications such as servers or streaming media.
• Coaxial for older Ethernet implementations (often 10 GBaseSR MM Fiber optic 2 to 300 meters
called thinnet or thicknet networks). 2 to 10
10 G 10 GBaseLR 10 Gbps (full SM Fiber optic
Devices used on Ethernet networks include: kilometers
Ethernet duplex only)
• NICs with transceivers 10 GBaseER SM Fiber optic
2 to 40
Networking kilometers
Devices
• Hubs
• Switches
You should also know the following facts about Ethernet:
• Routers
• The maximum cable length for UTP Ethernet "T" implementations
Physical Ethernet devices are identified using the MAC address is 100 meters for all standards.
Addresses which is burned into the network interface card. • You may also see 10Base2 and 10Base5 Ethernet
A frame is a unit of data that is ready to be sent on the implementations, both of which are older implementations using
network medium. Ethernet frames contain the following coaxial cable. You will not be required to know these for the
components: Network+ exam.
• The preamble is a set of alternating ones and • Ethernet standards support a maximum of 1024 hosts.
zeroes terminated by two ones (i.e., 11) that
marks it as a frame. Token Ring Facts
• The destination address identifies the receiving Token ring began as a proprietary networking standard developed by
IBM. Now there is a public token ring networking standard created by
host's MAC address.
the IEEE 802.5 committee and other vendors that manufacture token
• The source address identifies the sending host's ring components. Token ring was a popular networking architecture
MAC address. that is quickly being replaced by Ethernet. However, you may still
Frames • The data, or the information that needs to be encounter token ring in some existing networks.
transmitted from one host to the other.
• Optional bits to pad the frame. Ethernet frames Token ring networks have the following advantages:
are sized between 64 and 1518 bytes. If the • There are no collisions.
frame is smaller than 64 bytes, the sending NIC • The transmitting host can use the entire bandwidth to send its
places "junk" data in the pad to make it the data.
required 64 bytes.
• You can assign priorities to designated hosts to give them greater
• The CRC (cyclical redundancy check) is the result network access.
of a mathematical calculation performed on the
frame. The CRC helps verify that the frame
• Troubleshooting broken network connections is made easy by
built-in diagnostic devices.
contents have arrived uncorrupted.

Token ring networks have the following disadvantages:
• Higher cost than Ethernet networks. The following table describes various details about FDDI.
• Slower operating speeds than Ethernet networks. Characteristic Description
FDDI networks are wired using a physical ring, logical
The following table describes various details about token ring. ring topology or a physical star, logical ring topology.
Characteristic Description Topology FDDI uses dual counter-rotating rings for data (two
rings are used, with each sending data in the opposite
Token ring networks are wired using a physical star, direction).
Topology logical ring topology (a physical ring topology is also
possible but not common). FDDI uses a token-passing media access method.
FDDI provides a ring wrapping feature which uses both
Token ring uses a token-passing media access Media Access
rings for sending data. If a break occurs in one ring,
method: Method
data can be sent on the other ring, thus isolating the
1. A token passes from host to host. break.
2. When a host needs to transmit, it grabs the token.
3. The host encapsulates its data into a frame and As the name suggests, FDDI networks use fiber optic
Transmission
transmits it around the ring. cables. Newer specifications allow the use of Cat 5
Media
4. Each host examines the recipient address of the UTP (sometimes called CDDI).
frame until it arrives at the recipient. FDDI networks use fiber optic connectors. SC and ST
5. The recipient transmits a success frame to the are both fiber optic connectors and can be used on an
Media Access
transmitting host to confirm that it received the FDDI network though the MIC connector is the most
Method
data. common. Two types of devices might be connected to
6. Once it receives a success frame, the sending an FDDI network:
Networking
host creates and releases a new token.
Devices • Dual Attachment Stations (DAS), also called
Class A devices, attach to both rings (primary and
A host can communicate directly only with machines
secondary).
immediately upstream or downstream from them in the
data flow. A broken ring results when a host fails. Other • Single Attachment Stations (SAS), also called
hosts on the network can no longer communicate with Class B devices, attach to one ring (primary).
any hosts downstream from the break. FDDI operates at 100 Mbps on a single ring. When
Token ring networks support the following transmission Speed both rings are used, data can travel at an effective rate
media: of 200 Mbps.
• Special IBM-type cables FDDI can operate over distances up to 200 km (124
• STP and UTP Additional miles). When two rings are used, the distance is
Specifications limited to 100 km (62 miles).
• Fiber optic FDDI networks can support up to 1000 devices.
Transmission Token Ring uses several types of drop cables to
Media connect workstations to the MSAU (multistation access Infrared Facts
unit): Infrared wireless networking employs light waves that are outside of
the visible light spectrum. It uses light from three regions:
• Type 1 or Type 2 shielded twisted pair (STP)
wiring with a DB-9 connector. • The near IR band (the light wave closest to the color red)
• Category 3 (4 Mbps) or Category 5 (16 Mbps) • The intermediate (IM) IR band
unshielded twisted pair (UTP) cabling with RJ-45 • The far IR band
connectors.
The central connecting point for a token ring network is Infrared devices can operate in one of two modes:
an MAU (multi-station access unit). You can uplink Method Description
Networking MAUs by connecting patch cables between the RI (ring
Devices in) and RO (ring out) ports on each MAU. Be aware that • Devices must have a direct LoS (line-of-sight)
you must connect both sets of RI and RO ports on both connection and the maximum distance between
Line of
MAUs to make sure the ring is complete. devices is 1 meter.
Sight (LoS)
Common token ring networks operate at either 4 or 16 • Because of the LoS connection requirement,
Mbps. Newer standards include 100 Mbps and Gigabit communication signals are easily interrupted.
Speed
(1000 Mbps) token ring, although these have never • Diffuse mode (also called scatter mode) operates by
been widely adopted. broadcasting a large beam of light rather than a narrow
beam. It does not require LOS connections.
FDDI Facts Diffuse • Despite its advantages, diffuse mode still operates
Fiber Distributed Data Interface (FDDI) is a fiber-optic, token-ring Mode under range limitations. The IR access point and
architecture originally standardized by the American National devices must be in the same room with each other.
Standards Institute (ANSI). This standard is in many respects similar to
the IEEE 802.5 standard, but is characterized by higher data transfer • Diffuse mode is also subject to signal disruptions (such
rates (100 to 200 Mbps). as from obstructions).
FDDI is typically implemented in situations where high data transfer
rates are needed, including: You should know the following facts about wireless IR:
• LAN Backbones--The FDDI network forms a high-speed • IR data transfers occur at 4 Mbps.
backbone for the rest of the network. • IR networks are very insecure because the signals are not
• Computer-room Networks--These networks connect high- encrypted, and they can be easily intercepted.
performance mainframes and other computers. • A common use for IR in networking is in transferring data between
• High-speed LANs--The speed of FDDI is ideal for networks with a handheld or notebook computer and a desktop computer.
high data traffic, powerful workstations (engineering or computer-
aided design workstations), or networks requiring high transfer Wireless Architecture Facts
rates (i.e. digital video).

When you implement a radio frequency wireless network, you use
radio waves rather than wires to connect your hosts. Radio waves are • A wireless bridge connects two wireless WAPs into
considered unbounded media because, unlike wires, they have nothing a single network or connects your wireless WAP to
to encase them. The most commonly used frequency for wireless a wired network. Most WAPs today include
networking is the 2.4 GHz frequency. bridging features.
The following table describes details of a wireless networking Note: Many wireless access points include ports (or
architecture. hubs, switches, or routers) to connect the wireless
network to the wired portion of the network.
Characteristic Description
FHSS uses a narrow frequency band Wireless Standards
and 'hops' data signals in a predictable Radio frequency wireless networking standards are specified by
sequence from frequency to frequency various IEEE 802.11 committees.
over a wide band of frequencies.
Because FHSS hops between Wireless networking technologies
frequencies, it can avoid interference
Frequency Data Transmission
on one cable as it shifts to another. Standard Frequency Topology Range
Hopping Speed Type
Hopping between frequencies
Spread
increases transmission security by
Spectrum IEEE
making eavesdropping and data
Signaling (FHSS) 802.11 2 Mbps 2.4 GHz FHSS or DSSS Point-point 30 m
capture more difficult.
Method Legacy
Because FHSS shifts automatically
between frequencies, it can avoid
IEEE
interference that may be on a single 11
802.11b 2.4 GHz DSSS with CCK Point-point 30 m
frequency. FHSS applies to 802.11 is WiFi
Mbps
still in use with Bluetooth.
Direct- The transmitter breaks data into pieces IEEE
54
Sequence and sends the pieces across multiple 802.11a 5 GHz OFDM Point-point 30 m
Mbps
Spread frequencies in a defined range. DSSS WiFi
Spectrum is more susceptible to interference and
(DSSS) less secure then FHSS. >20 Mbps:
IEEE
54 OFDM, <20
802.11g 2.4 GHz Point-point 30 m
• Works in peer-to-peer mode WiFi
Mbps Mbps: DSSS
without a WAP (the wireless NICs with CCK
in each host communicate directly
with one another) IEEE
540
802.11n 2.4 GHz MIMO Point-point 50 m
Ad hoc
• Uses a physical mesh topology WiFi
Mbps
• Cheap and easy to set up but
cannot handle more than four Bluetooth 2 Mbps 2.45 GHz FHSS Scatternet 10 m
hosts
• Requires special modifications to 100
reach wired networks kbps~ 100 GHz ~ Point-point
Infrared Baseband 1m
Topology 16 1000 THz LOS
• Employs a WAP that functions like Mbps
a hub on an Ethernet network
IEEE 2 GHz ~ 11
• Uses a physical star topology 802.16
75
GHz, 66 BPSK
Point-point
30 km
Mbps Cellular
• You can easily add hosts without WiMax GHz
Infrastructure increasing administrative efforts
(scalable)
The actual range depends on several factors such as; the greater the
• Allows you to connect easily to a distance, the weaker the signal. As the distance between devices
wired network increases, the data transfer rate drops. The distances listed here are
• Requires more planning to rough maximums assuming no obstructions. For communications at
implement effectively the stated speed in a typical environment (with one or two walls), the
actual distance would be roughly half of the maximums.
Wireless networks use Carrier Sense Media
Access/Collision Avoidance (CSMA/CA) to control
Note: Some newer 802.11g devices can use multiple channels (dual-
media access and avoid (rather than detect) collisions.
band) to effectively double the data transfer rate to 108 Mbps.
Collision avoidance involves implementing the following
However, dual-band wireless is especially susceptible from
practices:
interference from other wireless devices (such as phones). Wireless
Media Access
• If a host detects traffic on the network, it equipment does not come with enabled security features. You must
experiences a longer back-off time than hosts on a enable the types of security you want to implement.
wired network before attempting to transmit again.
• Every transmission must be acknowledged. As Wireless antennas are either Omni-directional or directional. Omni
every frame is acknowledged by the receiving host, directional antennas provide a 360 degree dispersed wave pattern
other hosts receive a message indicating that they while directional antennas range is directional towards the transmitter.
must wait to transmit. Omni-directional antenna work best outdoors in open areas and are
“Vertical” antennas.
Devices Devices on a wireless network include:
• A wireless NIC for sending and receiving signals. The table below describes common wireless security features.
• A wireless access point (WAP) is the equivalent of Feature Description
an Ethernet hub. The wireless NICs connect to the
SSID (Service The SSID is used to group several wireless devices and
WAP, and the WAP manages network
Set Access Points as part of the same network and to
communication.

distinguish these devices from other adjacent wireless (proposed 802.15)
networks. The SSID is also commonly referred to as the
Frequency 2.45 GHz
network name.
• The SSID is a 32-bit value that you assign to both Speed 1 or 2 (2nd generation) Mbps
the WAP and the host's NIC. Range 30 Ft.
• The SSID is part of the header of every frame that Signal FHSS
travels on the network.
• In order to communicate across the network, the Bluetooth devices take the following steps to form a PAN:
data frames from a host must include an SSID in
Step Description
the header that matches the WAP's SSID.
Identification) • The SSID name is case-sensitive. A Bluetooth device broadcasts its MAC address
1. Device Discovery
when it starts up.
Most WAPs come with a default SSID, which you The device identifies itself using a name the user
2. Name Discovery
should change as part of your security implementation. previously configured.
Even after you change the SSID, it is still only a minimal
3. Bonding
security feature. There are two type of SSIDs: The device joins the PAN.
(Association)
• BSSID (Basic Service Set Identification) is used by
an ad-hoc wireless network with no access points. The device tells other devices what services it
4. Service Discovery
provides.
• ESSID (Extended Service Set Identification), or
ESS Identifier, is used in an infrastructure wireless
network that has access points. You should know the following facts about Bluetooth:
WEP is a 64- or 128-bit encryption mechanism. WEP

• A Bluetooth network uses a master/slave networking mode:
was designed to provide wireless networks the same o One master device controls up to seven slave devices.
type of protection that cables provide on a wired o A PAN can have up to 255 total slave devices.
network. WEP has two implementations: o Bluetooth runs at 720Kbs or sometimes seen 721Kbs.
• Open System uses encryption but does not require • Bluetooth uses a 128-bit proprietary encryption mechanism to
authentication. Encryption keys are typically encrypt its signals.
generated automatically.
• Shared Key encrypts the SSID and the data. You Wireless Personal Network (WPN)
must configure all devices with a shared key (the Any questions referring to Wireless Personal Networks (WPN) are not
key is not case-sensitive). referring to any 802.11 standard. WPN’s are: Bluetooth, Infra-red
WEP (Wireless (IrDa) as examples. If it states Wireless Personal Network the answer
Equivalent WEP suffers from the following weaknesses: will not be any 802.11 or Wi-Fi standards. Wi-Fi is any 802.11
Privacy) • The key is static. Because it doesn't change, it can standard and does not apply to WPN.
be captured and broken.
GPRS is not a WPN. GPRS is used to connect via cellular coverage.
• Every host on the network uses the same key. It is data service used by GSM cell phones and by some add-on cards
for laptops and PDA's and is not a WPN and does not fall under the
On a wireless network that is employing WEP (Wired 802.11 or Wi-Fi standards either. GPRS is the data access on your
Equivalent Privacy), only users with the correct WEP cell phone.
key are allowed to authenticate through the WAP
(Wireless Application Protocol) access points. WEP is The IEEE 802 family of networking standards
intended to prevent unauthorized users by employing a
Standard Description
wireless session key for access. WEP runs in either: 40,
64 or 128 bit encryption. Not in 32 bit. 802.1 Internetworking.
WPA is a security mechanism that attempts to address 802.2 Logical Link Control (LLC).
the weaknesses of WEP in the following ways: 802.3 Ethernet networks using Carrier Sense Multiple
• WPA uses dynamic keys that change periodically. Access/Collision Detection (CSMA/CD).
802.4 Token Bus networks.
• Each host uses a unique key which is generated
from a passphrase (the passphrase is case-
sensitive). 802.5 Token Ring networks.
WPA (Wi-Fi
Protected • WPA requires authentication.
Access) Despite its increased strength, WPA has the following 802.6 Metropolitan Area Networks (MANs).
disadvantages:
• It is not widely implemented. 802.7 Broadband technical advisory
• It is more difficult to configure than WEP. 802.8 Fiber optic
• All wireless equipment on the wireless network 802.9 Integrated voice/data
must support WPA. 802.10 Network security
Note: You can also enable IPSec on your wireless connections to 802.11 Wireless networks.
provide encryption of data transmissions. 802.12 Demand Priority networks using 100 Mbps or more
speeds. including the 100BASEVGAnyLAN
Bluetooth Facts (Hewlett-Packard).
The Bluetooth standard was designed to allow people to connect in 802.14 Cable Modem
PAN (personal area network) configurations using cell phones, PDAs
(personal digital assistants), printers, mice, keyboards and other 802.15 Wireless Personal Area Network (PAN)
Bluetooth equipped devices. 802.16 Broadband Wireless Access
802.17 Resilient packet ring
Bluetooth is a proposed standard of the IEEE 802.15 committee:
Specification Bluetooth OSI Model Facts

The OSI model classifies and organizes the tasks that hosts perform to MPEG, MIDI, SSL and TLS.
prepare data for transport across the network. Using the OSI model to
discuss networking concepts has the following advantages: Session Layer 5: Defines how two computers establish, synchronize,
• Provides a common language or reference point between network maintain, and end communication sessions. A good example situation
professionals is the streaming of live multimedia audio and video, where near perfect
• Divides networking tasks into logical layers for easier synchronization between video and audio is desired. IP and IPX
comprehension operate at this layer.
• Allows specialization of features at different levels Examples include: SAP, RPC, SQL, NFS, NetBIOS names, AppleTalk
• Aids in troubleshooting ASP, DECnet SCP.
• Promotes standards of interoperability between networks and
devices Transport Layer 4: The Transport layer provides a transition between
• Provides modularity in networking features (developers can the upper and lower layers of the OSI model, making the upper and
change features without changing the entire approach) lower layers transparent from each other. Includes most of the error
However, you must remember the following limitations of the OSI control and flow control. TCP and SPX operate at this layer.
model.
End-to-End Functions:
• OSI layers are theoretical and do not actually perform real Port Identification: Port (or socket) numbers are used to identify distinct
functions. applications running on the same system. This allows each host to
• Industry implementations rarely have a layer-to-layer provide multiple services.
correspondence with the OSI layers.
• Different protocols within the stack perform different functions that Message Segmentation and Combination: The Transport layer receives
large packets of information from higher layers and breaks them into
help send or receive the overall message.
smaller packets called segments. Segmentation is necessary to enable
• A particular protocol implementation may not represent every OSI the data to meet network size and format restrictions.
layer (or may spread across multiple layers). The receiving Transport layer uses packet sequence numbers to
reassemble segments into the original message.
To help remember the layer names of the OSI model, try the following
mnemonic device (moving from the bottom layer to the top layer): Connection-oriented Services: Connection-oriented protocols perform
Please Do Not Throw Sausage Pizza Away. error detection and correction and identify lost packets for
retransmission. A connection-oriented protocol is a good choice where:
• Reliable, error-free communications are more important than
speed
• Larger chunks of data are being sent
Connectionless services: Assume an existing link between devices and
allow transmission without extensive session establishment.
Connectionless communications use no error checking, session
establishment, or acknowledgements. Connectionless protocols allow
quick, efficient communication at the risk of data errors and packet
loss.
Connectionless protocols are a good choice where:
• Speed is important
• Smaller chunks of data are being sent
Application Layer 7: The application refers to communication services Examples include: TCP, UDP and SPX.
to applications and is the interface between the network and the
application. This layer is responsible for providing network services Network Layer 3: The Network layer describes how data is routed
such as: file services, print services, and messaging services. across networks and on to the destination. Network layer functions
include:
Application layer functions typically include identifying communication
partners, determining resource availability, and synchronizing • Routing occurs at this layer.
communication. When identifying communication partners, the • Maintaining addresses of neighboring routers.
application layer determines the identity and availability of • Maintaining a list of known networks.
communication partners for an application with data to transmit. When
determining resource availability, the application layer must decide • Data is placed into packets.
whether sufficient network resources for the requested communication • Determining the next network point to which data should be sent.
exist. In synchronizing communication, all communication between Routers use a routing protocol to take into account various factors
applications requires cooperation that is managed by the application such as the number of hops in the path, link speed, and link
layer. reliability to select the optimal path for data.
Examples include: Telnet, HTTP, HTTPS, FTP, TFTP, SFTP, Internet Packets forwarded from the Transport to the Network layer become
browsers, POP3, NTP, NNTP, DNS, NFS, SSH, SNMP, SMTP datagrams and network-specific (routing) information is added. Network
gateways, IMAP4, LDAP, LPR, X.400 mail and FTAM. layer protocols then ensure that the data arrives at the intended
destinations. Some error control and flow control is performed at this
Presentation Layer 6: This layer provides independence from level. The following protocols operate at this layer: IP,.
differences in data representation by translating from application to
network format, and vice versa. The presentation layer works to The Network layer uses logical addresses for identifying hosts and
transform data into the form that the application layer can accept. This making routing decisions. The type of addresses used are determined
layer formats and encrypts data to be sent across a network, providing by the protocol.
freedom from compatibility problems. It is sometimes called the syntax • IP uses IP addresses that identify both the logical network and
layer. host addresses
Examples include: JPEG, ASCII, EBCDIC, TIFF, GIF, PICT, encryption,

• IPX uses an 8-digit hexadecimal number for the network called the

Internal Network Number (INN), and MAC addresses for the host Architectures and Protocol Suites
address The layered approach to networking allows different vendors to focus
• AppleTalk uses a network number, ranging from 1 to 65,278 and a on specific aspects of networking and allows for some degree of
modularity in putting together network hardware and services. One
host number, ranging from 1 to 253
common division between networking specifications is between the
Physical and Data Link layers and the upper layers.
Examples include: IP, ICMP, IGMP, ARP, RARP, IPX, NetBEUI and
DDP
Layers Description
Data Link Layer, Layer 2: This layer really has two separate layers; The Physical and Data Link layers together define the
Logical Link Control & Media Access Control. Responsible for the hardware devices on a network and how devices
logical topology and logical (MAC) addressing. Individual network card Physical communicate. A collection of Physical and Data Link
addresses also function at this level. and Data standards is often called network architecture. Architecture
Link Layers standards are defined by IEEE committees and other
Media Access Control: The Media Access Control (MAC) layer defines standards bodies. Common architectures include Ethernet,
specifications for controlling access to the media. The MAC sublayer is token ring, FDDI, and wireless networking.
responsible for:
Upper layer protocols are defined by standards bodies and
• Adding frame start and stop information to the packet Upper software vendors. Groups of protocols at various OSI model
• Adding Cyclical Redundancy Check (CRC) for error checking Layers layers (called protocol suites or protocol stacks) are
• Converting frames into bits to be sent across the network designed to interact and be used together.
• Identifying network devices and network topologies in preparation

for media transmission The separation between architecture standards and protocol suites
allows software vendors to focus on upper-layer features without
• Defining an address (such as the MAC address) for each physical regard to the physical design of the network. As the following graphic
device on the network illustrates, a single protocol suite can be used on multiple network
Controlling access to the transmission medium (for example through architectures.
CSMA/CD, CSMA/CA, or token passing).
Logical Link Control: The Logical Link Control (LLC) layer provides an
interface between the MAC layer and upper-layer protocols. LLC
protocols are defined by the IEEE 802.2 committee. The LLC sublayer
is responsible for:
• Maintaining orderly delivery of frames through sequencing
• Controlling the flow or rate of transmissions
• Ensuring error-free reception of messages by retransmitting
• Converting data into an acceptable form for the upper layers
• Removing framing information from the packet and forwarding the
message to the Network layer
• Provide a way for upper layers of the OSI model to use any MAC
layer protocol
Defining Service Access Points (SAPs) by tracking and managing When you configure a computer to connect to the network, you must
different protocols. configure the appropriate protocols so that the computer can
communicate with other hosts on the network. Often the choice of the
Examples include: switches, bridges, wireless access points protocol suite to use depends on the network operating system and the
Physical Layer 1: Responsible for placing the network data on the wire, services that must be provided to network clients.
by changing binary data into electrical pulses on the physical medium
(also known as ‘signal encoding’). The physical topology is defined at Be aware of the following facts regarding protocol suite support and
this level. features:
Examples include: Hubs, Repeaters, NICs, Transceiver, Token Ring • Virtually all operating systems today provide native (built-in)
MAU support for TCP/IP.
• Most older versions of some operating systems used a different
protocol as the default protocol suite. For example, older NetWare
servers used IPX/SPX, while Mac OS systems used AppleTalk.
• Older operating systems without native TCP/IP support enabled
TCP/IP communications by either installing the protocol stack or
through a process known as encapsulation or tunneling. With this
process, non-TCP/IP packets are re-packaged as TCP/IP packets
at the sending device. The receiving device strips off the TCP/IP
headers to reveal the original packets.
• Addressing as referred to in this table refers to logical host and
network addresses (addresses used at the Network layer). Do not
confuse logical addresses with physical (MAC) addresses. Be
aware, however, that some protocols (such as IPX/SPX) use the
MAC address as the logical host address.
• IPX/SPX must also be configured with a Data Link layer frame
type. The frame type specifies the format of the frames.
IP Address and Subnet Mask Facts

IP addresses allow hosts to participate on IP based networks. An IP
address:

• Is a 32-bit binary number represented as four octets (four 8-bit 255.255.255.254.
numbers). Each octet is separated by a period. • These addresses are reserved for experimental use.
• IP addresses can be represented in one of two ways:
o Decimal (for example 131.107.2.200). In decimal notation, As you are assigning IP addresses to hosts, be aware of the following
each octet must be between 0 and 255. special considerations:
o Binary (for example Address Consideration
10000011.01101011.00000010.11001000). In binary
notation, each octet is an 8-digit number. The first address in an address range is used to identify the
network itself. For the network address, the host portion of
• The IP address includes both the network and the host address. the address contains all 0's. For example:
• Each IP address has an implied address class that can be used to Network • Class A network address: 115.0.0.0
infer the network portion of the address.
• Class B network address: 154.90.0.0
• The subnet mask is a 32-bit number that is associated with each
IP address that identifies the network portion of the address. In • Class C network address: 221.65.244.0
binary form, the subnet mask is always a series of 1's followed by The last address in the range is used as the broadcast
a series of 0's (1's and 0's are never mixed in sequence in the address and is used to send messages to all hosts on the
mask). A simple mask might be 255.255.255.0. network. In binary form, the broadcast address has all 1's in
the host portion of the address. For example, assuming the
default subnet masks are used:
• 115.255.255.255 is the broadcast address for network
115.0.0.0
Broadcast 154.90.0.0
221.65.244.0
Note: The broadcast address might also be designated by

setting each of the network address bits to 0. For example,
0.0.255.255 is the broadcast address of a Class B address.
This designation means "the broadcast address for this
network."
When you are assigning IP addresses to hosts, be aware of
The following table describes each of the default IP address classes. the following:
Class Characteristics • Each host must have a unique IP address.
• Each host on the same network must have an IP
• The first octet is a number between 1 and 126. address with a common network portion of the
• The default subnet mask is 255.0.0.0. Therefore, the address. This means that you must use the same
first octet is the network address (the last three subnet mask when configuring addresses for hosts on
octets are used for host addresses). the same network.
Class A
• There are 126 Class A network IDs.
The range of IP addresses available to be assigned to
• Each Class A network can have up to 16.7 million network hosts is identified by the subnet mask and/or the
host addresses. address class. When assigning IP addresses to hosts, be
• Most of these addresses are already assigned. Host aware that you cannot use the first or last addresses in the
Addresses range (these are reserved for the network and broadcast
• The first octet is between 128 and 191. addresses respectively). For example:
• The default subnet mask is 255.255.0.0. Therefore, • For the class A network address 115.0.0.0, the host
the first two octets are the network address (the last range is 115.0.0.1 to 115.255.255.254.
two octets are used for host addresses).
Class B • For the class B network address 154.90.0.0, the host
• There are 16,384 Class B network IDs. range is 154.90.0.1 to 154.90.255.254.
• Each Class B network can have up to 65,534 host • For the class C network address 221.65.244.0, the
addresses. host range is 221.65.244.1 to 221.65.244.254.
• Most of these addresses are assigned.
Note: A special way to identify a host on a network is by
• The first octet is between 192 and 223. setting the network portion of the address to all 0's. For
• The default subnet mask is 255.255.255.0. example, the address 0.0.64.128 means "host 64.128 on
Therefore, the first three octets are the network this network."
address (the last octet is used for host addresses). Addresses in the 127.0.0.0 range are reserved to refer to
Class C • There are 2,097,152 Class C network IDs. Local Host
the local host (in other words "this" host or the host you're
• Each Class C network can have only 254 host ID currently working at). The most commonly-used address is
127.0.0.1 which is the loopback address.
addresses.
• This class is the most likely to have an available ID
address for assignment.
• These addresses range from 224.0.0.0 to

239.255.255.255.
Class D
• These addresses represent multicast groups rather
than network and host IDs.
Class E • These addresses range from 240.0.0.0 to

188.50.3.0
(and so on)
188.50.1.1 to
188.50.1.254
188.50.2.1 to
Host Address 188.50.0.1 to
188.50.2.254
Range(s) 188.50.255.254
188.50.3.1 to
188.50.3.254
(and so on)
Note: It is possible to use subnet masks that do not use an entire

octet. For example, the mask 255.255.252.0 uses three extra binary
bits in the third octet. However, for the Network+ exam, you do not
need to know how to work with such custom masks.
IPv6 Facts
The current IP addressing standard, version 4, will eventually run out
of unique addresses, so, a new system is being developed. It is named
IP version 6 or IPv6. You should know the following about IPv6:
Subnetting Facts
Subnetting is the process of dividing a large network into smaller • Full implementation should be around 2015.
networks. When you subnet a network, each network segment (called • The new version will dramatically increase address availability:
a subnet) has a different network address (also called a subnet o IPv6 will provide about 3.4 x 1038 globally unique addresses.
address). In practice, the terms network and subnet are used o IPv6 provides 79,228,162,514,264,337,593,543,950,336
interchangeably to describe a physical network segment with a unique
times as many addresses as IPv4.
network address.
• The new IP address is a 128-bit binary number. A sample IPv6 IP
From a physical standpoint, subnetting is necessary because all address looks like:
network architectures have a limit on the number of hosts allowed on a 35BC:FA77:4898:DAFC:200C:FBBC:A007:8973.
single network segment. As your network grows, you will need to o Bits are divided into eight groups of 16-bit hexadecimal
create subnets (physical networks) to: sections.
• Increase the number of devices that can be added to the LAN (to o Each group is represented as a hexadecimal number
overcome the architecture limits) between 0 and FFFF.
• Reduce the number of devices on a single subnet to reduce o Hex values are separated by colons.
congestion and collisions o Leading zeros can be omitted in each section.
• Reduce the processing load placed on computers and routers o Addresses with consecutive zeros can be expressed more
• Combine networks with different media types within the same concisely by substituting a double-colon for the group of
internetwork (subnets cannot be used to combine networks of zeros. For example:
different media type on to the same subnet)  FEC0:0:0:0:78CD:1283:F398:23AB
 FEC0::78CD:1283:F398:23AB (concise form)
Subnetting is also used to efficiently use the available IP addresses.
For example, an organization with a class A network ID is allocated • IPv6 addresses are 4 times as large as IPv4 addresses (without
enough addresses for 16,777,214 hosts. If the organization actually optional fields, addresses are only twice as large).
uses only 10,000,000 host IDs, over 6 million IP addresses are not • The network ID part of the address is hierarchical and includes
being used. Subnetting provides a way to break the single class A identifiers for various levels of the network from top level network
network ID into multiple network IDs. segments down to an organization's specific network segment
• Subnetting uses custom rather than the default subnet masks. IDs.
For example, instead of using 255.0.0.0 with a Class A address, • IPv6 allows the addition of header extensions. Flexible packet
you might use 255.255.0.0 instead. headers can:
• Using custom subnet masks is often called classless addressing o Include optional fields and other extensions
because the subnet mask cannot be inferred simply from the o Increase IPv6 from 2 times to 4 times larger than IPv4,
class of a given IP address. The address class is ignored and the through the addition of optional fields
mask is always supplied to identify the network and host portions o Allow IETF (Internet Engineering Task Force) to adapt the
of the address. protocol changes in underlying network hardware or to new
• When you subnet a network by using a custom mask, you can applications
divide the IP addresses between several subnets. However, you • In general, IPv6 bases node IDs on physical addresses.
also reduce the number of hosts available on each network.
• Multicast IPv6 addresses always begin with a binary 1111 1111
The following table shows how a Class B address can be subnetted to (hexadecimal FF.)
provide additional subnet addresses. Notice how by using a custom • Following is the IPv6 local loopback address: 0:0:0:0:0:0:0:1 or :1
subnet mask the Class B address looks like a Class C address. (concise form.)
Default Example Custom Example
Additional features of IPv6 are displayed in the table.
Network Address 188.50.0.0 188.50.0.0
Feature Description
Subnet Mask 255.255.0.0 255.255.255.0
Because hardware IDs are used for node IDs, IPv6
# of Subnet Auto-
One 254 nodes simply need to discover their network ID. This
Addresses configuration
can be done by communicating with a router.
# of Hosts per Built-in support for bandwidth reservations which make
65,534 254 per subnet
Subnet Built-in Quality guaranteed data transfer rates possible. (Quality of
Subnet Address(es) 188.50.0.0 (only one) 188.50.1.0 of Service service features are available as add-ons within an IPv4
188.50.2.0 environment, but are not part of the native protocol.)

IPv6 has built-in support for security protocols such as Port Name Function
Built-in Security
IPSec. (IPSec security features are available as add-
Features
ons within an IPv4 environment.) 20 FTP Reliable transfer of data; uses TCP
Source IPv6 nodes have the option to include addresses that
Intelligent determine part or all of the route a packet will take 21 FTP Provides flow control; uses TCP
Routing through the network.
Executes command and moves files; remote login
22 SSH
protocol; uses TCP
Dual-Stack
A dual-stack host provides two discrete network implementations in the
Network Layer of the OSI Model. The term stack here 23 TELNET Connects a remote computer to a server; uses TCP
refers to the protocol stack or suite of protocols used in
computer networking software. Delivers emails between email servers; sending of
25 SMTP
emails; uses TCP
Dual-stack IP hosts run both the IPv4 and the IPv6 versions of the
Internet Protocol, however they don’t have to exist Translates hostnames to IP addresses; uses TCP
53 DNS
independently. Dual stack involves running IPv4 and IPv6 (zone transfers), UDP (queries)
at the same time. End nodes and routers/switches run
both protocols, and if IPv6 communication is possible that Bootstrap Protocol is a network protocol used by a
is the preferred protocol. network client to obtain an IP address from a
configuration server.
Tunneling BOOTPS/
67
The term tunneling protocol is used to describe when one network DHCP DHCP is a network application protocol used by
protocol called the payload protocol is encapsulated within DHCP clients to obtain configuration information for
a different delivery protocol. Reasons to use tunneling operation in an Internet Protocol network.; uses
include carrying a payload over an incompatible delivery UDP
network, or to provide a secure path through an un-trusted
network. 69 TFTP Simple transfer of data; uses UDP
6to4 Routing Opens a browser connection to a webpage; uses

80 HTTP
6to4 is a system that allows IPv6 to be transmitted over an IPv4 TCP
network without the need to configure explicit tunnels.
Routing conventions are also in place which allows 6to4 Delivers emails between a mail server and client;
110 POP3
hosts to communicate with hosts on the IPv6 internet. It is receiving of emails; uses TCP
typically used when an end-site or end-user wants to
connect to the IPv6 Internet using their existing IPv4 123 NTP Sets computer clock to standard time; uses UDP
connection.
Downloads emails; stores and searches messages
143 IMAP4
Common Ports from newsgroups; receiving of emails; uses TCP
Network ports are logical connections, provided by the TCP or UDP
protocols at the Transport layer, for use by protocols in the upper Monitors network-attached devices for conditions
161 SNMP
layers of the OSI model. The TCP/IP protocol stack uses port numbers that warrant administrative attention; uses UDP
to determine what protocol incoming traffic should be directed to.
Allows browsers and servers to authenticate and
443 HTTPS
Some characteristics of ports are listed below: encrypt network packets; uses SSL; uses TCP
• Ports allow a single host with a single IP address to run network
services. Each port number identifies a distinct service. Common TCP/IP Protocols
• Each host can have over 65,000 ports per IP address.
• Port use is regulated by the Internet Corporation for Assigning
Names and Numbers (ICANN).
ICANN specifies three categories for ports.

Categories Characteristics
Well Known
• Assigned for specific protocols and services
• Port numbers range from 0 to 1023
• ICANN can assign a specific port for a newly created

Registered network service
• Port numbers range from 1024 to 49151
• Assigned when a network service establishes contact

and released when the session ends
• Allows applications to 'listen' to the assigned port for The following table lists several protocols in the TCP/IP protocol suite.
Dynamic other incoming requests (traffic for a protocol can be Category Protocol Description
(Private or received through a port other than the port that
High) protocol is assigned, as long as the destination MAC Address ARP provides IP address-to-MAC
application or service is 'listening' for that type of Resolution Address address name address resolution. Using
traffic on that port) Resolution ARP, a host that knows the IP address of
Protocol (ARP) a host can discover the corresponding
• Port numbers range from 49,152 to 65,535
MAC address.
Bootstrap Both BootP and RARP are used to
The following table lists the well known ports that correspond to
Protocol discover the IP address of a device with a
common Internet services.

(BootP) known MAC address. BootP is an between dissimilar computer systems.
enhancement to RARP, and is more FTP can transfer both binary and text
Reverse commonly implemented than RARP. As files, including HTML, to another host.
Address its name implies, BootP is used by FTP URLs are preceded by ftp:// followed
Resolution computers as they boot to receive an IP by the DNS name of the FTP server. To
Protocol address from a BootP server. The BootP log in to an FTP server, use:
(RARP) address request packet sent by the host ftp://username@servername.
is answered by the server.
TFTP is similar to FTP. It lets you transfer
IP is the main TCP/IP protocol. It is a Trivial File files between a host and an FTP server.
connectionless protocol that makes Transfer However, it provides no user
Network Layer Internet routing path decisions, based on the Protocol (TFTP) authentication and uses UDP instead of
Protocol Protocol (IP) information it receives from ARP. It also TCP as the transport protocol.
handles logical addressing issues
SFTP is a file transfer protocol that uses
through the use of IP addresses.
Secure File Secure Shell (SSH) to secure data
TCP operates at the Transport layer. It Transfer transfers. SSH ensures that SFTP
provides connection-oriented services Protocol transmissions use encrypted commands
Transmission and performs segment sequencing and (SFTP) and data which prevent data from being
Control service addressing. It also performs transmitted over the network in clear text.
Protocol (TCP) important error-checking functions, uses
SCP is associated with Unix/Linux
flow control, and is considered a host-to-
networks and used to transfer files
host protocol.
Transport Secure Copy between systems. Like SFTP, SCP relies
Layer UDP is considered a host-to-host (SCP) on SSH to ensure that data and
Protocols protocol like TCP. It also performs passwords are not transmitted over the
functions at the Transport layer. network in clear text.
However, it is not connection-oriented
User Datagram RCP is used to transfer files between
like TCP. Because of less overhead, it
Protocol (UDP) Remote Copy computers however, it is an insecure
transfers data faster, but is not as
Protocol (RCP) protocol and transmits data over the
reliable. It is a good protocol to use for
network in clear text.
small amounts of data and applications
that use a simple query/response model. Simple Mail SMTP is used to route electronic mail
Transfer through the internetwork. E-mail
HTTP is used by Web browsers and Web
Protocol applications provide the interface to
servers to exchange files (such as Web
(SMTP) communicate with SMTP or mail servers.
pages) through the World Wide Web and
HyperText intranets. HTTP can be described as an IMAP is an e-mail retrieval protocol
Transfer information requesting and responding designed to enable users to access their
Protocol protocol. It is typically used to request Internet e-mail from various locations without the
(HTTP) and send Web documents, but is also Message need to transfer messages or files back
used as the protocol for communication E-mail Access and forth between computers. Messages
Web Browsing between agents using different TCP/IP Protocol (IMAP) remain on the remote mail server and are
protocols. not automatically downloaded to a client
system.
HyperText
Transfer POP3 is part of the TCP/IP protocol suite
Protocol over Post Office and used to retrieve e-mail from a remote
HTTPS is a secure form of HTTP that Protocol 3 server to a local client over a TCP/IP
Secure Socket
uses SSL as a sublayer for security. (POP3) connection. With POP3, e-mail messages
Layer or HTTP
over SSL are downloaded to the client.
(HTTPS) SNMP is a protocol designed for
SSL secures messages being transmitted managing complex networks. SNMP lets
Simple Network
on the Internet. It uses RSA for network hosts exchange configuration
Management
authentication and encryption. Web and status information. This information
Secure Sockets Protocol
browsers use SSL (Secure Sockets can be gathered by management
Layer (SSL) (SNMP)
Layer) to ensure safe Web transactions. software and used to monitor and
URLs that begin with https:// trigger your manage the network.
Web browser to use SSL. Telnet allows an attached computer to
TLS ensures that messages being act as a dumb terminal, with data
Remote
transmitted on the Internet are private processing taking place on the TCP/IP
Terminal
Security and tamper proof. TLS is implemented Network host computer. It is still widely used to
Emulation
Protocols through two protocols: Management provide connectivity between dissimilar
(Telnet)
• TLS Record--Can provide systems. Telnet can also be used to test
a service by the use of HTTP commands.
connection security with encryption
Transport Layer
(with DES for example). SSH allows for secure interactive control
Security (TLS)
• TLS Handshake--Provides mutual of remote systems. SSH uses RSA public
authentication and choice of key cryptography for both connection and
encryption method. Secure Shell authentication. SSH uses the IDEA
(SSH) algorithm for encryption by default, but is
TLS and SSL are similar but not able to use Blowfish and DES. SSH is a
interoperable. secure and acceptable alternative to
Telnet.
File Transfer File Transfer FTP provides a generic method of
Protocol (FTP) transferring files. It can include file File and Print Network File NFS was initially developed by Sun
security through usernames and Services System (NFS) Microsystems. It consists of several
passwords, and it allows file transfer protocols that enable users on various

platforms to seamlessly access files from Identifies the DNS server that is used to resolve host
DNS server
remote file systems. names to IP addresses.
LPD/LPR is the most widely-used cross MAC Identifies the physical address. On an Ethernet network,
platform print protocol. LPD/LPR address this address is burned in to the network adapter hardware.
Line Printer
establishes connection between printing
Daemon/Line
devices and workstations. LPD is usually DNS Facts
Print Remote
loaded on the printing device. LPR is The Domain Name System (DNS) is a hierarchical, distributed
(LPD/LPR)
usually loaded onto the client database that maps logical host names to IP addresses. The DNS
workstation. hierarchy is made up of the following components:
ICMP works closely with IP in providing • . (dot) domain (also called the root domain)
error and control information, by allowing
hosts to exchange packet status
• Top Level Domains (TLDs) such as .com, .edu, .gov
information, which helps move the • Additional domains such as yahoo.com, microsoft.com, etc.
packets through the internetwork. Two • Hosts
Internet Control common management utilities, ping and
Message traceroute, use ICMP messages to DNS is a distributed database because no one server holds all of the
Protocol check network connectivity. ICMP also DNS information. Instead, multiple servers hold portions of the data.
(ICMP) works with IP to send notices when
destinations are unreachable, when • Each division of the database is held in a zone database file.
Additional devices' buffers overflow, the route and • Zones typically contain one or more domains, although additional
Protocols hops packets take through the network, servers might hold information for child domains.
and whether devices can communicate • DNS servers hold zone files and process name resolution
across the network. requests from client systems.
IGMP is a protocol for defining host
groups. All group members can receive When you use the host name of a computer (for example if you type a
Internet Group URL such as www.mydomain.com), your computer uses the following
broadcast messages intended for the
Membership process to find the IP address.
group (called multicasts). Multicast
Protocol 1. The host looks in its local cache to see if it has recently resolved
groups can be composed of devices
(IGMP) the host name.
within the same network or across
networks (connected with a router). 2. If the information is not in the cache, it checks the Hosts file. The
Hosts file is a static text file that contains hostname-to-IP address
DNS is a system that is distributed mappings.
throughout the internetwork to provide 3. If the IP address is not found, the host contacts its preferred DNS
Domain Name
address/name resolution. For example, server. If the preferred DNS server can't be contacted, it
System (DNS)
the name www.mydomain.com would be continues contacting additional DNS servers until one responds.
identified with a specific IP address. 4. The host sends the name information to the DNS server. The
NTP is used to communicate time DNS server then checks its cache and Hosts file. If the
Network Time
synchronization information between information is not found, the DNS server checks any zone files
Protocol (NTP)
systems on a network. that it holds for the requested name.
5. If the DNS server can't find the name in its zones, it forwards the
Network News
Services NNTP is the most widely-used protocol request to a root zone name server. This server returns the IP
Transport
that manages notes posted on Usenet address of a DNS server that has information for the
Protocol
Newsgroups. corresponding top-level domain (such as .com).
(NNTP)
6. The first DNS server then requests the information from the top-
LDAP is used to allow searching and level domain server. This server returns the address of a DNS
Lightweight updating of a directory service. The server with the information for the next highest domain. This
Directory LDAP directory service follows a process continues until a DNS server is contacted that holds the
Access client/server model. One or more LDAP necessary information.
Protocol servers contain the directory data, the 7. The DNS server places the information in its cache and returns
(LDAP) LDAP client connects to an LDAP Server the IP address to the client host. The client host also places the
to make a directory service request. information in its cache and uses the IP address to contact the
The TCP/IP protocol suite was developed to work independently of the desired destination device.
Physical layer implementation. You can use a wide variety of
architectures with the TCP/IP protocol suite. You should know the following facts about DNS:
• A forward lookup finds the IP address for a given host name. A
Internet Connectivity Parameters reverse lookup finds the host name from a given IP address.
The following table summarizes many of the configuration settings for • An authoritative server is a DNS server that has a full, complete
a TCP/IP network. copy of all the records for a particular domain.
Parameter Purpose • Zone files hold records that identify hosts.
Identifies both the logical host and logical network o A records map host names to IP addresses.
IP address addresses. Two devices on the same network must have IP o PTR (pointer) records map IP addresses to host names.
addresses with the same network portion of the address.
• Recursion is the process by which a DNS server or host uses root
Identifies which portion of the IP address is the network name servers and subsequent servers to perform name
Subnet
address. Two devices on the same network must be resolution. Most client computers do not perform recursion, rather
mask
configured with the same network mask. they submit a DNS request to the DNS server and wait for a
Identifies the router to which packets for remote networks complete response. Many DNS servers will perform recursion.
Default
are sent. The default gateway address is the IP address of • Some DNS servers might forward the name resolution request to
the interface on the same subnet as the local host. Without another DNS server and wait for the final response rather than
gateway
a default gateway set, most clients will be unable to performing recursion.
communicate with hosts outside of the local subnet. • Root DNS servers hold information for the root zone ( . ). Root
Host name Identifies the logical name of the local system. servers answer name resolution requests by supplying the

address of the corresponding to top-level DNS server (servers as scopes).
authoritative for .com, .edu, and such domains).
• The DHCP server can also be configured to
• On very small networks, you could configure a HOSTS file with pass out other IP configuration such as the
several entries to provide limited name resolution services. default gateway and DNS server addresses.
However, you would have to copy the HOSTS file to each client.
The work involved in this solution is only suitable for temporary • The DHCP server ensures that each client has a
testing purposes or to override information that might be received unique IP address.
from a DNS server. • The DHCP server can be configured to not
• DNS is a multi platform service for dynamic name resolution. Do assign specific addresses in the range, or to
not be tricked by questions asking how Unix/Linux, Apple/MAC assign a specific address to a specific host.
machines do dynamic name resolutions. DNS is not Windows • The DHCP server assigns the IP address and
specific. In fact DNS was originally used with Unix and Microsoft other information to the client. The assignment is
adapted it to their networks. Some people get confused and think called a lease, and includes a lease time that
DNS is part of AD in a Windows network. The utilities used to identifies how long the client can use the IP
display this information may vary between platforms, but DNS is address.
the preferred method for name resolution for other platforms. • Periodically and when the client reboots, it
Remember that the Internet works off DNS and web servers are contacts the DHCP server to renew the lease on
often not on a Windows platform. Most Internet based web- the IP address.
servers run Unix/Linux while some do run Windows.
• The DHCP lease process uses frame-level
• A start of authority (SOA) record is information stored in a broadcasts. For this reason, DHCP requests
DNS zone about that zone and about other DNS records. A typically do not pass through routers to other
DNS zone is the part of a domain for which an individual subnets. To enable DHCP across subnets:
DNS server is responsible. Each zone contains a single SOA
record. The SOA record stores information about the name
o Enable BootP (DHCP broadcast) requests
of the server that supplied the data for the zone; the through the router.
administrator of the zone; the current version of the data file; o Configure a computer for BootP
the number of seconds a secondary name server should forwarding to request IP information on
wait before checking for updates; the number of seconds a behalf of other clients.
secondary name server should wait before retrying a failed • You can configure a DHCP server to deliver the
zone transfer; the maximum number of seconds that a same address to a specific host each time it
secondary name server can use data before it must either be requests an address also known as a
refreshed or expire; and a default number of seconds for the reservation.
time-to-live file on resource records. Use DHCP for small, medium, or large networks.
DHCP requires a DHCP server and minimal
Fully Qualified Domain Name (FQDN) configuration.
FQDN is an address that contains both the hostname and the domain
name. For example: localhost. network.com is a FQDN as opposed APIPA is a Microsoft implementation of automatic IP
the NetBIOS names that do not contain both host and domain. address assignment without a DHCP server. Using
APIPA, hosts assign themselves an IP address on
WINS Facts the 169.254.0.0 network (mask of 255.255.0.0). With
Windows Internet Naming System (WINS) is similar to DNS, but APIPA:
instead of domain name-to-IP address resolution, WINS performs • The host is configured to obtain IP information
NetBIOS name-to-IP address resolution. By default, Windows clients from a DHCP server (this is the default
use broadcasts to resolve NetBIOS names. To reduce the traffic configuration).
caused by NetBIOS name broadcasts, you can configure WINS • If a DHCP server can't be contacted, the host
servers on the network (a WINS server functions similarly to a DNS uses APIPA to assign itself an IP address.
server in that it maintains a database of host names and IP
addresses). NetBIOS names are used on Windows 9x/ME systems to • The host only configures the IP address and
locate other hosts on the network. Automatic Private mask. It does not assign itself the default
IP Addressing gateway and DNS server addresses. For this
A client uses the following process to resolve NetBIOS names: (APIPA) reason, APIPA can only be used on a single
1. The client checks its NetBIOS name cache. subnet.
2. If the IP address is not found, it checks its LMHOSTS file (a file of Use APIPA:
static information similar to a HOSTS file). • On small, single-subnet networks where you do
3. If the IP address is not found, not need to customize the IP address range.
o If the host does not have a WINS server address • As a fail safe for when a DHCP server is
configured, it will send a broadcast requesting that the host unavailable to provide limited communication
respond with IP address information. capabilities.
o If the host is configured with a WINS server address, it
requests the information from the WINS server. The WINS Note: The IPv6 addressing standard also reserves all
server checks its database and returns the information. addresses beginning with a binary 1111 1110 10
(hexadecimal FE80::/64) for automatic assignment
Addressing Method Facts (this is called the link-local address range).
The following table lists several options for assigning IP addresses. Static (manual) Using static addressing, IP configuration information
Method Uses assignment must be manually configured on each host. Use static
addressing:
Dynamic Host A DHCP server is a special server configured to pass
Configuration out IP address and other IP configuration information • On networks with a very small number of hosts.
Protocol (DHCP) to network clients. • On networks that do not change often or that will
• When a client boots, it contacts the DHCP not grow.
server for IP configuration information. • To permanently assign IP addresses to hosts
• The DHCP server is configured with a range of that must have always have the same address
IP addresses it can assign to hosts (also known (such as printers, servers, or routers).

o IP address in the range of 192.168.0.0 with a mask of
• For hosts that cannot accept an IP address from
255.255.255.0.
DHCP.
o DNS server address of 192.168.0.1 (the private interface of
• To reduce DHCP-related traffic.
the ICS system).
Note: Static addressing is very susceptible to
o Default gateway address of 192.168.0.1.
configuration errors and duplicate IP address • Do not use DHCP servers, DNS servers, or Active Directory on
configuration errors (two hosts that have been your private network.
assigned the same IP address). Static addressing
also disables both APIPA and DHCP capabilities on SNMP Facts
the host. Simple Network Management Protocol (SNMP) is a protocol designed
for managing complex networks. SNMP lets network hosts exchange
NAT Facts configuration and status information. This information can be gathered
Network Address Translation (NAT) allows you to connect a private by management software and used to monitor and manage the
network to the Internet without obtaining registered addresses for network.
every host. Private addresses are translated to the public address of
the NAT router. SNMP uses the following components.
• Hosts on the private network share the IP address of the NAT Component Description
router. A manager is the computer used to perform
• The NAT router maps port numbers to private IP addresses. Manager management tasks. The manager queries agents
Responses to Internet requests include the port number and gathers responses.
appended by the NAT router. This allows the NAT router to An agent is a software process that runs on
forward responses back to the correct private host. managed network devices. The agent communicates
Agent
• NAT supports a limit of 5,000 concurrent connections. information with the manager and can send dynamic
• NAT provides some security for the private network because it messages to the manager.
translates or hides the private addresses. The MIB is a database of host configuration
Management
• A NAT router can act as a limited-function DHCP server, information. Agents report data to the MIB, and the
Information Base
assigning addresses to private hosts. manager can then view information by requesting
(MIB)
data from the MIB.
• A NAT router can forward DNS requests to the Internet.
A trap is an event configured on an agent. When the
• Dynamic NAT allows internal (private) hosts to contact external
Trap event occurs, the agent logs details regarding the
(public) hosts but not vice versa. event.
• Static NAT allows external hosts to contact internal hosts but
prevents the use of dynamic NAT.
Zeroconf Facts
• Dynamic and Static NAT, in which two IP addresses are given to Zero Configuration Networking (Zeroconf) is a standards-based
the public NAT interface (one for dynamic NAT and one for static initiative of an IETF working groups whose goals are to:
NAT), allows traffic to flow in both directions. • Make current computer network administration easier by
performing configuration tasks automatically without the need for
When connecting a private network to the Internet through NAT, assign
network services such as DNS or DHCP
IP addresses in several predefined private address ranges. These
address ranges are guaranteed to not be in use on the Internet and do • Enable the creation and implementation of a new generation of
not need to be registered. network related products
Addressing • Accomplish all of this without disrupting the existing network
Address Ranges infrastructure of large networks
Method
• 10.0.0.1 to 10.255.255.254 With Zeroconf, you should be able to connect two computers and
IP version 4 • 172.16.0.1 to 172.31.255.254 automatically have them be able to communicate. You should also be
able to set up a small network by simply connecting devices and
• 192.168.0.1 to 192.168.255.254 without performing any additional configuration tasks.
IPv6 reserves all addresses beginning with a binary 1111
1110 11 (hexadecimal FEC0::/48) for private IP To enable Zeroconf networking, the following features must be
IP version 6 enabled:
networks. This address range is called the site-local
address range. Feature Description
IP hosts must be able to obtain an IP address without a
ICS Facts DHCP server. The Zeroconf working group has
Internet Connection Sharing (ICS) is a service available on Windows completed the IPv4LL which reserves specifies how a
systems that enables multiple computers on a single small network to device uses autoconfiguration to assign itself an IP
access the Internet by sharing one computer's connection. With ICS, addresses on the 169.254.0.0 network (mask of
most configuration tasks are completed automatically. When using IPv4 Link-
Local 255.255.0.0). IPv4LL is currently implemented as follows:
ICS:
Addresses • Automatic Private IP Addressing (APIPA) on
• The ICS system is configured as a NAT router, a limited DHCP (IPv4LL) Microsoft systems.
server, and a DNS proxy (name resolution requests from the
private network are forwarded to DNS servers on the Internet). • Implementations on Linux, Mac OS, and other
devices such as printers.
• The IP address for the private interface is automatically changed
to 192.168.0.1 with a mask of 255.255.255.0. Note: IPv6 supports link-local addressing by design.
• The default gateway of the ICS system is set to point to the Host Name IP hosts should be able to perform IP address-to-host
Internet connection. Resolution name resolution without a DNS server. Current
• Hosts on the private network should use DHCP for address and implementations include:
DNS server information. • Multicast DNS (mDNS) used by Mac OS.
• The ICS system uses DHCP to deliver the following information to • Link-local Multicast Name Resolution (LLMNR)
hosts on the private network:

under development by Microsoft. home or while traveling, you can then use Remote Desktop to
access your work computer, running applications, accessing
IP hosts must be able to automatically find available
files, and even printing documents.
services, such as file servers, printers, and routers.
Current implementations include:
• DNS Service Discovery (DNS-SD) used by Mac OS. Client Software Facts
You will need to be familiar with the following client operating systems:
Service • Simple Service Discovery Protocol (SSDP) used by
Location Microsoft in Universal Plug-and-Play (UPnP).
• Microsoft Windows
• Service Location Protocol (SLP), an industry • Unix/Linux/Mac OS X
standard used on NetWare servers and others. SLP • Mac OS (version 9 or earlier)
is losing in popularity in favor of the other solutions
listed here. Server operating systems must be configured to share resources on
the network. In a similar fashion, client systems must have the
Multicast addresses must be automatically allocated
necessary software to be able to communicate with the server.
without using a MADCAP (multicast addressing) server.
Multicast
Standards for multicast address allocation are currently
Allocation Necessary software can be divided into the following categories:
under work. One proposed standard is Zeroconf Multicast
Address Allocation Protocol (ZMAAP). Component Description
Each computer on the network must use the same
The two biggest corporations developing to Zeroconf proposed protocols to communicate. Examples include:
standards are Apple and Microsoft. Bonjour (also called Rendezvous) • TCP/IP--All recent operating systems support
for Mac OS is a suite of Zeroconf protocol implementations. Microsoft TCP/IP. Nearly all operating systems use TCP/IP as
is actively developing protocols and implementing components of the default protocol.
Zeroconf as outlined above.
• IPX/SPX--Older NetWare servers used IPX/SPX as
Remote Management Facts the default protocol. For these older servers, you
The following table lists several tools you can use to remotely manage could specifically install TCP/IP and use either
network devices. Protocols protocol. Newer versions of NetWare provide native
support for TCP/IP.
Tool Description
• AppleTalk--Older Mac OS versions used AppleTalk
Telnet is a terminal emulation utility. It allows you to connect as the default protocol. AppleTalk over IP allowed the
to a remote system and work as if you were sitting at the Mac OS to use TCP/IP. With Mac OS X, TCP/IP is
remote system. As you enter commands in the Telnet window the default protocol.
locally, the remote system processes the commands. A
Telnet connection requires the remote system to be running When you configure the client operating system, you will
as a telnet server (access is generally through port 23), and need to make sure the correct protocol(s) are installed to
Telnet you have to know which terminal the server supports. The list communicate with the servers and other network hosts.
below shows common terminals:
Services enable client systems to provide limited services,
• vt100 essentially making them servers on the network. For
• VT-100 Services example, the File and Printer Sharing for Microsoft
• ANSI Networks service on a Windows system allows the client
to share files and printers.
• DECVT-100
Client software enables the client to access special
Despite its usefulness, Telnet does not allow you to encrypt features provided by the server. For example:
information, making it very insecure. SSH, on the other hand,
Secure
provides the same capabilities as Telnet in an encrypted,
• The Novell Client software enables the client to
Shell access eDirectory.
secure environment. After SSH establishes the secure
(SSH) Client • The Microsoft client software enables the client to
connection, you can safely enter user account information,
Software access Active Directory.
passwords, and commands. SSH usually runs on port 22.
Terminal Services is a Microsoft remote system access tool.
Note: On most systems, when you install the client
Where Telnet and SSH are command line utilities, Terminal
software, the corresponding protocols and services are
Services allows you to work through a GUI.
also installed.
From a client system, you log in to a server or other computer
running Terminal Services. Terminal Services uses the When you are configuring a client system to connect to a server that
Remote Desktop Protocol (RDP). uses the same operating system family (such as connecting a
Windows XP system to a Windows 2003 server), the necessary
• RDP shows the screen of the remote server on the protocols, services, and client software will be installed by default. If,
client.
Terminal however, you need to configure clients to connect to servers running a
Services
• Information about mouse movements and keystrokes on different operating system, you might need to add special software
the client are sent using RDP to the server. manually.
• The server processes the actions as if they were
performed locally. The following table lists the software to install for various client/server
combinations.
• As the screen on the server changes, RDP sends those
changes to the client to display the results of those
actions. Client Server Install
Terminal Services can be used to remotely manage servers Windows NetWare To connect a Windows or Linux
or to run applications on the server. system to a NetWare server:
Linux
Remote Remote Desktop is a Microsoft service that uses Terminal • On the Windows client install
Desktop Services technology to allow you to remotely access any either the NetWare Client for
Remote Desktop-enabled system. For example, you can Windows or the Microsoft Client
enable Remote Desktop on a computer at your office. From Services for NetWare

and individual files. NTFS permissions are Full
Control, Modify, Read & Execute, List Folder
Contents, Read, and Write (some permissions
• On the Linux client install the apply only to folders).
NetWare Client for Linux
Windows Mac OS (AFP) To connect a Windows client to a Mac
• Permissions can be set for individual users or
groups.
OS server running AFP or vice-versa,
Each permission can be either Allowed or Denied. To
• Install a service such as DAVE assign permissions, add users or groups to the list of
or Sharity on the Mac. This authorized users and assign the desired permissions.
enables the Mac to use SMB to
communicate with the Windows Windows networks can be administered using the
Mac OS (AFP) Windows
system, making it look like a following:
Windows server or a client. • Workgroup--In a workgroup model, all users and
• No special software is required resource access is controlled on a host-by-host
on the Windows client or server. basis.
Unix/Linux/Mac To connect a Windows client to a

• Domain--Windows NT networks use the domain
Windows as a centralized database for user accounts.
OS X Unix/Linux/Mac OS X server or vice-
Servers called domain controllers hold a copy of
versa,
the domain database.
• Install a service such as Samba
on the Unix/Linux/Mac OS X
• Active Directory--Windows 2000/2003 servers
can be configured in a multi-domain model
system. This enables the host to
User and through Microsoft's directory service Active
Unix/Linux/Mac use SMB to communicate with
Windows Resource Directory. Active Directory is organized as
OS X the Windows system, making it
Administration follows:
look like a Windows server or a
client. o The domain is the basic container in the
directory.
• No special software is required
on the Windows client or server.
o Within the domain, Organizational Units
and generic Container objects organize
network resources.
Windows OS Facts o Objects such as User accounts, Groups, or
You should be familiar with the following facts about Windows
Servers control resource access and
networking.
simplify network administration.
Feature Description o For large networks, multiple domains are
Windows has both client and server versions. grouped into trees. Trees are grouped into
Windows is the most widely-used client operating forests.
system. To connect a Windows system to another
server operating system: • Login using a workgroup model requires
connecting to the server where the resources
Client/Server • For NetWare servers, install the Novell Client reside and supplying a username and password.
Support software on the Windows client.
• Login to the domain requires connecting to the
• For Unix/Linux/Mac OS X servers, install Samba domain and supplying the username and
or a similar service on the server. Login password.
• For Mac OS running AFP, install DAVE, Sharity, • Login to Active Directory requires supplying the
or a similar service on the server. username, domain, and password. A sample
• Windows 3.x/9x/ME uses NetBEUI. TCP/IP login might look like: JJones@westsim.com.
support is provided through NetBIOS over Note: Passwords on a Microsoft network are case-
TCP/IP (NBT). sensitive.
Protocol Support • Windows NT/2000/XP/2003 uses TCP/IP.
NetBEUI can be added optionally. NTFS Permissions Facts
Network operating systems that use user-level security require users to
• IPX/SPX, or AppleTalk can be added as log on with a username and password before using network resources.
required. Once logged on, users can use resources according to the access
Network file services are provided by: rights granted to the user account. Network operating systems often let
• Server Message Block (SMB) for Windows you create groups of user accounts and assign access rights to the
group rather than to each individual account.
File and Printer 3.x/9x/ME
Windows, through the application of NT File System (NTFS), lets you
Sharing Protocols • Common Internet File System (CIFS) for control which actions a user or group of users can take at a computer.
Windows NT/2000/XP/2003 (CIFS is an
extension of SMB) Windows calls such actions rights. In addition, you can control which
Windows supports the following file systems: actions a user can perform on a given object (such as a folder, file, and
printer). Windows calls such actions permissions. The specific
• FAT permissions you can assign depend on the object.
File System • FAT32
• NTFS (Windows NT/2000/XP/2003) You should know the following facts about NTFS permissions:
Choose NTFS for file system features such as • The NTFS File permissions are as follows:
encryption and file system security. o Read
File System Windows secures files using two sets of permissions: o Write
Security • Share permissions are set on shared volumes or o Read and Execute
folders. Share permissions are Full Control, o Modify
Change, and Read. o Full Control
• NTFS permissions are set on volumes, folders,

• The Read permission allows users to open, view attributes, • Network File System (NFS)--NFS is used to
ownership and permissions, but not alter the file. share files and resources among Linux/UNIX
• The Write permission includes all the permissions of Read and, in systems.
addition, allows users to overwrite the contents of a file. • Line Printer Daemon (LPD)--LPD receives and
• The Read and Execute permission includes all the permissions of processes LPR requests, and it provides printer
Read and, in addition, allows users file execution rights. spooling services.
• The Modify permission includes all the permissions of Read, • Line Printer Remote (LPR)--LPR is the command
Write, Read and Execute and, in addition, allows users to create and manage print jobs.
permission to modify or delete a file.
File and Printer
• The Full Control permission includes all the permissions. In Sharing Protocols
Note: The actual command is lpr followed by the
addition the Full Control permission will allow users to set NTFS filename. If a default printer has not been added to the
security permissions. client system, the printer name will need to be
identified when the command is issued. Linux printing
• The NTFS Folder permissions are the same as the file is not always done from the command line using lpr.
permission, only applicable to folders. This permission includes
an additional permission; List. Graphical utilities such as the popular StarOffice,
• The List permission allows users to view the contents of a folder. allow you to print like a Windows environment using
drop down menus. In such a case, a printing
Windows NT--Each workstation maintains a flat local directory of users command like lpr works in the background to send the
and groups. In addition, directory servers called domain controllers can file to the printer.
store a centralized list of users and groups that can be accessed if the
Linux supports several file system formats. The most
workstation is a member of the NT domain. One domain controller
popular are:
called the primary domain controller (PDC) stores a read/write copy of
the domain's directory database. Other domain controllers called • ext2
backup domain controllers (BDCs) store read-only copies. The • ext3
directory database is often called the SAM (Security Accounts File System
• reiserFS
Manager) database. To use a workstation, you can log on using a local
user account. To use the network, a domain controller must validate
reiserFS is the newest and most fully-featured file
your network username and password.
system. Each of the file systems listed here support
file system security controls.
Windows 2000/XP--Individual workstations have flat directories like
Windows NT. The network directory is a hierarchical directory called File system access is controlled through permissions.
Active Directory. The directory is divided into pieces called domains • Permissions can be set on the volume, folder, or
and stored on directory servers called domain controllers. All domain file level.
controllers store read/write copies of the domain database. Active
Directory domains are named and organized using DNS names. To • Permissions are assigned to three different types
use the network, a domain controller must validate your username and of users:
password. o User (the file owner)
o Group (a group that has "ownership" of the
When creating user accounts, you should create and document a file)
naming standard. File System
Security
o Other (everyone else or public permissions)
When granting access rights to user accounts, grant no more rights • Permissions are Read, Write, and Execute.
than are sufficient for a user to perform their job. Limit those who get Permissions are often listed showing the allowed
administrative rights, and limit or disable access rights for guest permissions for each user type as follows: rwxrw-
accounts. Consider renaming the administrative user account. r--.
o User has Read, Write, and Execute
Linux OS Facts permissions.
You should understand the following facts about Linux: o Group has Read and Write permissions.
• Linux was created to be very similar to Unix. Linux operates o Other has Read permissions.
similar to Unix and shares many of the same services and utilities.
By default, user accounts and resource access is
• Linux is open-source software. It is distributed with the source controlled on a host-by-host basis on Linux systems.
code and users can modify the code to meet their needs. User and To centralize resource management, use:
• Linux is developed by a community of programmers. Resource
Administration
• Network Information Service (NIS) to configure a
• Linux is packaged into distributions. A distribution contains the central server for user account administration.
Linux kernel (the core operating system file) and other utilities and • A third-party directory service such as eDirectory.
services packaged to work together. Various organizations
To log in to a Linux system, connect to the server and
produce their own distributions. Two common distributions are
supply a username and password.
Red Hat and SUSE Linux. Login
• The supervisor user account is named root.
Unix and Mac OS X systems have similar characteristics. • Passwords are case-sensitive.
Feature Description
Linux has both client and server versions. In mixed NetWare OS Facts
server environments: Netware is based off of X.500. X.500 is a series of computer
networking standards covering electronic directory services. X-400 is
• Install the Novell Client for Linux to connect to a an inter-mail exchange standard. Netware is a basic directory services
Client/Server NetWare server. hierarchical Netware Directory Services (NDS). NDS is sprung from X-
Support • Install a service such as Samba on the Linux 500.
(and Unix) system to connect to Windows
servers or allow Windows clients to access In order for MS clients to communicate with Netware servers you must
resources on the Linux server. have NWlink and GSNW (Gateway Services for Netware) installed on
Protocol Support Linux (and Unix) includes native support for TCP/IP. the clients.

(such as Users, Servers, Volumes).
You should be familiar with the following facts about NetWare
networking. • Login to a bindery server requires connecting to
Feature Description the server and supplying the user name and
password.
NetWare is a server only operating system. To connect
a Windows or Linux client to a NetWare server: • Login to eDirectory requires connecting to the
Tree name and supplying the User object name
• On the Windows client install either Novell Client and password. A sample User object
for Windows or Client for NetWare Networks identification might be: JJones.Sales.Seattle.
• On the Linux client install the NetWare Client for o The user object is identified by the common
Client/Server Linux name followed by the path (context) of
Support
Login containers in the eDirectory tree (up to but
The client software will also install IPX/SPX if it is not including the root).
required. (Note: NetWare uses different frame types o When logging in, precede the User object
depending on the version of the software. The frame
name with a period.
types of the host and server must match for
communication to occur.)
o Optionally, you can configure the
workstation with the context and log in
• For NetWare 3.x, IPX/SPX is the default protocol. using just the User object common name.
TCP/IP support is provided through tunneling. In this case, do not precede the User object
• For NetWare 4.x, you can load either IPX/SPX or name with a period.
Protocol Support o Passwords on a NetWare system are not
TCP/IP.
case sensitive.
• For NetWare 5.x and higher, TCP/IP is the native
protocol. You can also load IPX/SPX if needed.
Mac OS Facts
File and Printer Network file services are provided by the NetWare Macintosh is a computer produced by Apple Corporation. Earlier
Sharing Protocol Core Protocol (NCP). versions of the Mac OS used a proprietary operating system. With Mac
NetWare servers support two volume types: OS X, the operating system is based on a Unix core. For this reason,
• Traditional volumes the characteristics of Mac OS X are similar to the Linux operating
File System system.
• NSS volumes allow for larger volume sizes and
additional volume management tools Note: The information in the following table applies to Mac OS
File system access on a NetWare server is controlled versions 9 and earlier.
through file system rights. Feature Description
• Rights can be assigned at the volume, folder, or The Macintosh operating system has both client and
file level. server versions. In heterogeneous networking
Client/Server
• File system rights are Supervisor, Read, Write, Support
environment, install a service such as DAVE or Sharity
Create, Erase, Modify, File Scan, and Access on the Mac system to connect to Windows servers or
Control. Some rights apply only to volumes or to allow Windows clients to connect.
directories and not files. Mac OS 9 and lower uses the AppleTalk protocol.
• Users and groups (called trustees) are granted Protocol Support TCP/IP support is provided through AppleTalk over
File System rights. TCP/IP.
Security
• Rights granted to volumes and folders flow • Apple File Protocol (AFP)
down to lower levels in the directory structure. A File and Printer
trustee with rights to a folder has those same Sharing • Printer Access Protocol (PAP)
Protocols
rights to all files and folders within that folder. • Apple File Sharing (AFS)
• Inherited Rights Filters (IRFs) block rights from File system security on a Mac are controlled through
flowing down to lower levels. permissions.
You can also use file and directory attributes to provide • Permissions can only be set at the folder level
some file system security. Attributes include Read (not on individual files). Permissions apply to the
Only, Rename Inhibit, Execute, and Delete Inhibit. entire contents of the folder.
• Permissions are assigned to three different types
User and • NetWare 3.x uses a bindery approach to File System of users:
Resource controlling resource access. The bindery is a
Administration Security o Owner (private permissions)
database on each NetWare server. User
accounts exist independently on each server.
o User/Group (group permissions)
Resource access must be configured on a server- o Everyone (public permissions)
by-server basis. You can only assign permissions to a single
• NetWare 4.x and higher uses a directory service owner and a single User/Group.
called eDirectory (formerly called Novell Directory • Permissions are See Folders, See Files, and
Services (NDS)). User accounts are configured in Make Changes.
the directory. eDirectory can also run on other User accounts and resource access is controlled on
servers such as Windows and Linux. eDirectory is User and each server. The Mac OS does not have its own
organized using the following: Resource directory service. However, you can use a third-party
o A Tree represents the entire network which Administration directory service such as Open Directory to centralize
might be one or more distinct divisions. user accounts and resource access administration.
o Beneath the Tree are one or more To log in, connect to the server and supply a valid
Organization objects. Login
username and password.
o Within each Organization object are
Organizational Unit objects.
WAN Facts
o Resources are represented as objects WANs employ one of the two following methods to transfer data:

Method Description Bandwidth Signaling
Service Line Type Characteristics
(Max.) Method
A circuit switched network uses a dedicated connection
Circuit between sites. Circuit switching is ideal for transmitting data Dedicated line
Switching that must arrive quickly in the order it is sent, as is the case Variable packet sizes
with real-time audio and video. (frames)
POTS (Plain
Ideal for low-quality
A packet switched network allows data to be broken up into Old
X.25 64 Kbps Analog lines because it
packets. Packets are transmitted along the most efficient Telephone
Packet includes extensive
route to the destination. Packet switching is ideal for System)
Switching error detection and
transmitting data that can handle transmission delays, as is
correction
often the case with Web pages and e-mail.
mechanisms
WANs can use one of several cable standards. When you contract for
WAN services, you will need to understand your bandwidth needs to POTS
Frame Variable packet sizes
choose the appropriate cabling option. 1.54 Mbps T-1 Digital
Relay (frames)
T-3
The table below describes common WAN carriers. Basic rate operates
Integrated
Carrier Speed Description 144 Kbps over regular
Services
(BRI) POTS telephone lines and is
Digital Digital
T1 1.544 Mbps • T-Carrier is a digital standard
Network
4 Mbps T-1 a dialup service
widely deployed in North America. (PRI) Primary rate operates
(ISDN)
• T1 lines usually run over two-pairs over T-carriers
of unshielded twisted pair (UTP)
cabling, although they can also run Internet Connectivity Facts
over other media such as coaxial, Internet connectivity provides methods (sets of standards) that allow
fiber-optic, and satellite. computers to connect to the Internet through an ISP. The two primary
• A T1 line has 24 channels that methods of Internet connection are through dialup or LAN.
each run at 64 Kbps.
• T3 lines usually run over fiber-optic Method Description
T3 44.736 Mbps
cable. • Uses a single POTS (Plain Old Telephone
• A T3 line has 672 channels that Service) phone line with a modem.
each run at 64 Kbps. • Uses a single channel on the line.
• A T1/T3 connection requires a • Common data transfer rates include 28.8 Kbps,
Channel Service Unit (CSU) and a 33.3 Kbps, 56 Kbps.
Data Service Unit (DSU). (A DSU
reads and writes synchronous PSTN (Public • Offers sufficient network connectivity for a minimal
digital signals, and a CSU Switched investment.
Telephone
manages the digital channel.)
Network)
• Is available virtually anywhere that regular voice
grade communications are available.
E1 2.048 Mbps • E-Carrier is a digital standard very
similar to T-Carrier, but it is widely • Configuring a dial-up connection requires the
deployed in Europe. destination host's phone number (username and
password are required at log on).
• An E1 line has 32 channels that
run at 64 Kbps. • The phone line cannot be used for voice and the
E3 34.368 Mbps Internet concurrently.
• An E3 line transmits 16 E1 signals
at the same time. • A newer broadband digital service provided by
• E1/E3 connections also require a telephone service providers.
CSU/DSU. • Sends digital signals over existing copper
telephone wire using multiple channels.
J1 1.544 Mbps • J-Carrier is a digital standard very
similar to T-Carrier, but it is widely • One channel is dedicated to phone line data,
deployed in Japan. additional channels are used for data.
• A J1 line is virtually identical to a • The phone line can be used for voice and the
T1 line. DSL (Digital Internet concurrently.
J3 32.064 Mbps
• A J3 line has 480 channels that run
Subscriber Line) • Requires a DSL router (or a cable modem) or NIC
at 32 Mbps. attached (with USB or Ethernet) to the phone line.
• J1/J3 connections also require a • Some implementations require filters (also called
CSU/DSU. splitters) before the phone.
OC-1 51.84 Mbps

• Requires a location to be within a fixed distance of
network switching equipment.
OC-3 155.52 Mbps • Optical carrier specifications
defines the types and throughput of • There are multiple variations of DSL (collectively
OC-12 622.08 Mbps fiber optic cabling used in SONET referred to as xDSL).
OC-24 1244.16 Gbps (Synchronous Optical Network). ISDN (Integrated • A natively digital service, running over a switched
OC-48 2488.32 Gbps • Each OC level is a multiple of the Services Digital network (4-wire copper telephone lines in a local
Base Rate (OC-1). To get the Network) loop and standard telephone lines).
OC-192 10 Gbps 622.08 Mbps throughput rating of
OC-12, multiply the 51.84 Mbps • A virtual circuit is established through dial-up
OC-256 13.271 Gbps before communication (on-demand service).
Base Rate by 12.
OC-768 39.2 Gbps • Supports most upper-level protocols
(communication protocols allow all media types to
Following are three WAN service options you can choose. transmit over the same line at high speeds).

• Levels of ISDN service include: SLIP is used to connect to a TCP/IP network through
o BRI (Basic Rate Interface): phone lines. For example, you may have to configure:
• IP addresses
 2 64-Kbps bearer (B) channels can
transfer data up to 128 Kbps (data • Data compression
compression increases the data • Maximum transmission unit (MTU)
transfer rate). Only one B channel is • Maximum receive unit (MRU)
used during phone use reducing
Note: The Serial Line Interface Protocol (SLIP) is only
maximum speed to 64 Kbps.
supported by Windows 2000 as an outbound access
 1 16-Kbps delta (D) channel for protocol. You cannot configure Windows 2000 to accept
connection control. inbound connections.
 Often called 2B + 1D. PPP makes establishing a remote connection much
 Suitable for periodic bursts of data. easier. To configure PPP, you supply the telephone
o PRI (Primary Rate Interface): PPP (Point- number to dial and any authentication parameters (such
to-Point as username and password). PPP negotiates
 23 B channels (each at 64 Kbps) for Protocol) communication parameters including IP addressing,
data transmission. compression, and encryption. PPP also supports multiple
 1 D channel (at 64 Kbps) for protocol suites including TCP/IP, IPX/SPX, and AppleTalk.
connection control. PPPoE is a variation of Point-to-Point Protocol (PPP) that
 Often called 23B + 1D. sends PPP packets over an Ethernet network and an
• Not available in all service areas; subscribers are PPPoE
"always on" WAN link (DSL or cable modem, for example)
required to be within a certain proximity of rather than over a dial-up connection. In this way, Internet
(Point-to-
telephone company equipment. service providers can install PPP-based remote access
Point
servers and require remote clients to establish a
• Implemented widely in Europe (limited Protocol over
connection before being granted access to the Internet.
implementation in the US). Ethernet)
This lets Internet usage be better tracked and regulated.
• High-speed bi-directional channel connected PPP over Ethernet automatically discovers the remote
directly to an Internet Service Provider (ISP) access server using broadcast messages.
through cable TV lines. Remote The Remote Desktop Protocol is used by Windows
Cable • Uses a cable modem to convert analog signals Desktop Terminal Services based applications, including Remote
over multiple channels. Protocol Desktop.
(RDP)
• Dependent upon service offerings from the
regional cable television company.
Remote Access Authentication Facts
• Satellite service providers offer nearly 100% global Authentication protocols ensure that remote users have the necessary
network coverage (a local network infrastructure is credentials for remote access. Each protocol includes different levels
unnecessary). of protection to safeguard login credentials. As a rule, always
• Requires a local portable transmitter with an implement the highest level of authentication possible.
antenna (dish) directed skywards to a satellite.
The following table compares different protocols and methods used for
Satellite • Requires direct line of sight (dish placement is remote access authentication.
crucial).
Protocol/Method Characteristics
• Subject to mild atmospheric and weather
conditions (fog or slight wind can disrupt service). • Username and password are sent in clear text
• Many services only allow for satellite downloading for authentication.
(very fast). A POTS modem may be required to • Password can be easily intercepted, through
upload (very slow). Password packet sniffing and viewed with a simple traffic
Authentication analyzer.
• Offers continuous network access through
strategic placement of Wireless Access Points.
Protocol (PAP) • Use only when no other form of authentication is
supported.
• Broadcast openly and can be easily detected (data
Wireless encryption is advisable). • PAP protocols are supported by multiple
platforms, including Microsoft and Linux.
• Availability is increasing (businesses, hotels,
airports, and even some communities currently • Used to connect to a Shiva LAN Rover
provide wireless service). Shiva Password (proprietary equipment required).
Authentication
Protocol (SPAP) • Uses an encrypted password for authentication.
Remote Access Protocol Facts • Password encryption is easily reversible.
Using Remote Access Services (RAS), users connect to and
authenticate on the network through a modem bank. Once • Encrypts both password and username.
authenticated, users can access resources on the remote access
server or be granted access to resources on the private network. Users Challenge
• Uses a three-way handshake
(challenge/response).
can map network drives, modify files and data, and connect to shared Handshake
folders as if they were at a computer in the office. Authentication • Periodically verifies the identity of a peer using a
Protocol (CHAP) three-way handshake.
The table below describes some common remote connection • Uses MD-5 hashing of the shared secret for
protocols. authentication.
Protocol Description Microsoft • Uses a three-way handshake
SLIP (Serial SLIP is an older remote access protocol that does not Challenge (challenge/response).
Line Internet support encryption or the use of DHCP to automatically Handshake
Protocol) assign client IP addresses. For this reason, many Authentication • The server authenticates the client (the client
Protocol version 1 cannot authenticate the server).
transmission parameters must be configured manually.

(MS-CHAP v1) • Encrypts the secret used for authentication. o Authenticates users when they attempt to
access a network service.
Microsoft • Similar to MS-CHAP v1, uses a
Challenge challenge/response mechanism for Kerberos is not Microsoft specific. It is often used in
Handshake authentication. multi platform networks and is a common
Authentication • Allows both the client and the server to authentication method for MAC OSx server. Even
Protocol version2 authenticate each other (mutual authentication). though MAC OSx server is rare.
(MS-CHAP v2)
• Encrypts the secret used for authentication. • Is a remote authentication protocol that is used
to communicate with an authentication server
• A set of interface standards that allows you to Terminal Access commonly used in UNIX networks.
use various authentication methods. Controller Access
• Allows a remote access server to communicate
• Defines access definitions, providing protection Control System
with an authentication server in order to
mechanisms and custom solutions. (TACACS)
determine if the user has access to the network.
• Does not maintain a database of user accounts • Also an AAA protocol.
and passwords.
Extensible • The client and server negotiate the
Note: To correctly configure a Unix remote access connection you
Authentication characteristics of authentication.
Protocol (EAP) must configure both the “Devices” and “Dialers” files.
• Supports multiple authentication methods
(smartcards, biometrics, and digital certificates). VPN Facts
• An extension of the Point to Point Protocol A Virtual Private Network (VPN) is used primarily to support secured
(PPP). communications over an un-trusted network. A VPN can be used over
a local area network, across a WAN connection, over the Internet, and
• EAP is the most extendible authentication
even between a client and a server over a dial-up connection through
protocol. Token Cards, Bio metrics, public keys,
the Internet. VPNs work by using a tunneling protocol that wraps and
digital certificates, etc.
protects packets in transit. Only the destination device can unwrap the
• Provides authentication, including passwords, to packets to read them.
wireless LAN clients.
The following table shows some common tunneling protocols.
• When using PEAP, select one of the following
two options: Protocol Description
Protected
o PEAP-EAP-TLS. This method uses • Based on Point-to-Point Protocol (PPP)
certificates (either on the local system or
Extensible
on a smart card).
• Uses standard authentication protocols, such
Authentication as CHAP or PAP
Protocol (PEAP) o PEAP-MS-CHAP v2. This method uses
certificates on the server, but passwords • Supports TCP/IP only
on the client. Use this method when the Point-to-Point • Encapsulates other LAN protocols and carries
client does not have a certificate. Tunneling Protocol the data securely over an IP network
• One of the most effective wireless security (PPTP) • Does not encrypt data (used in conjunction
solutions. with Microsoft Point-to-Point Encryption for
encryption)
• Centralizes control of remote access
authentication (in multiple remote access server
• Is supported by most operating systems and
networks). servers
o All remote access policies are maintained • L2TP is making PPTP obsolete
on a single Radius server. • Offers mutual authentication
RADIUS (Remote o All other Network Access Servers (NASs) Layer 2 Forwarding
are RADIUS clients. (L2F) • Does not encrypt data
Authentication
Dial-In User • Uses the MD-5 encryption method to encrypt • Merged with PPTP to create L2TP
Service) password information. • Can use certificates for authentication
• A platform independent method. • Uses IPSec for encryption (requires
Layer Two Tunneling
• An AAA (authentication, authorization and certificates)
Protocol (L2TP)
accounting) protocol for applications such as • Supports multiple protocols (not just IP)
network access or IP mobility. It is intended to
work in both local and roaming situations • Not supported by older operating systems
Kerberos • Kerberos prevents eavesdropping or replay

Internet Protocol • Most widely deployed VPN technology
Security (IPSec)
attacks, and ensures the integrity of the data. It’s • Used with IP only and can encrypt any traffic
a secure method for authenticating requests for supported by the IP protocol
services. • Requires either certificates or pre-shared
• Employs DES (Data Encryption Standard). keys
• A Key Distribution Center (KDC) approves • Implemented through two protocols:
authentication by issuing a ticket (Security o Authentication Header (AH)
token). authenticates the sender and verifies
• The ticket is checked to validate identity and data fidelity
grant resource access. o Encapsulating Security Payload (ESP)
• A ticket: encrypts data within the packet
o Includes a time stamp (requires time • Operates in one of two modes:
synchronization). o Transport (end-to-end) mode
o Notifies the network service of the o Tunnel (gateway-to-gateway) mode
authenticated user.

Countermeasures to social engineering include:
• Can be used with L2TP or alone to protect
data • Educate and train your employees (the primary countermeasure
to social engineering is awareness on the part of users).
You should also be aware that ports must be opened in firewalls to
allow network access for remote users. Because VPN technology • Err on the side of caution.
encrypts the data packets and because firewalls are not designed to • Always demand proof of identity over the phone and in person.
nor capable of inspecting the encrypted contents, it is possible for • Define values for types of information, such as dial-in numbers,
malicious code or an attack to occur through a VPN. user names, passwords, network addresses, etc. The greater the
value, the higher the security around those items should be
Unauthorized Access Facts maintained.
Access by anyone without authority, privileges or rights, of a private
network is unauthorized access. This type of access is usually • If someone requests privileged information, find out why they
motivated by a desire to find private information or cause problems want it and whether they are authorized to obtain it.
within a private network. Unauthorized access often occurs by using an • Dispose of sensitive documents securely, such as shredding or
existing user account and discovering or cracking the password incinerating.
associated with the account. Adopt these practices to increase the • Dispose of disks and devices securely by shredding floppy disks
security of user accounts and passwords: or overwriting disks with all 1's, all 0's, then all random characters.
• Implement a secure password policy. Adopt some of the following • Promptly report any incidents of social engineering.
practices into the password policy:
o Minimum password length of 8 characters. Virus Facts
o Passwords should include a combination of letters (both A virus (sometimes called malware) is a program that has no useful
upper and lower case) numbers and symbols. purpose, but attempts to spread itself to other systems and often
o Do not allow easy passwords, like names of spouses, damages resources on the systems where it is found.
children, pets or significant dates, such as anniversaries
and birthdays. Common virus examples are listed in the following table.
o Never allow network users to create a hard copy (e.g., Virus Type Characteristics
write it down or store it in a file) of their password. A boot sector virus attaches itself to the Master Boot Record
o Set passwords to expire. Do not allow users to reuse old Boot Sector (MBR). It can cause the host to not boot up or make files on
passwords. the host inaccessible.
• Assign each individual using the network a personal password- An executable virus inserts itself into a legitimate program.
protected account. Do not allow users to share accounts. When the application executes, the virus executes its own
• Disable unused user accounts. Disabled accounts cannot be used Executable program. It can be as benign as displaying an annoying
to log on to the network, even if someone knows the password. onscreen message or as serious as physically harming the
hard disk.
• Implement account lockout. With account lockout, a series of
unsuccessful login attempts (login tries with the wrong password) A trojan horse program disguises itself as useful software
will lock the account. Account lockout limits the number of tries a such as utilities, screen savers, and games. When run, the
Trojan
hacker has to guess a password. malicious code executes as well. Examples include Back
Orifice, NetBus, Whack-a-Mole.
• Implement account validity dates. For example, a temporary user
account might be configured to expire in one month. A worm is a program that can replicate and propagate itself.
• Change all default passwords for default user accounts. The worm infects one system and spreads to other systems
Worm on the network. Common worms are often attached to e-
Unauthorized access can also be accomplished through social mails. When you run the attachment, it e-mails itself to
engineering. Social engineering exploits human nature by convincing everyone in your address book.
someone to reveal information or perform an activity. Examples of A macro virus is malicious code written as a macro and
social engineering include: embedded into a legitimate file. When the file is opened, the
• Impersonating support staff or management, either in person or macro runs.
over the phone. • Files used by programs with scripting capabilities are
• Asking for someone to hold open a door rather than using a key Macro susceptible to macro viruses. For example, a file with a
for entrance. .doc (Microsoft Word) extension could contain a macro
virus.
• Spoofed e-mails that ask for information or ask you to do things
(such as delete a file or go to a Web site and enter sensitive • To protect your system, disable macro and script
information). processing in the host application.
• Looking on desks for usernames and passwords.
The best protection is to remove the computer from the network and
• Accessing an online account at an unattended workstation, not allow any outside software to be installed. Unfortunately, this
especially if the account has administrative privileges. solution is impractical. To protect against viruses, take the following
measures:
Specific social engineering attacks include:
• Deploy anti-virus software. Be sure to update the virus definition
Attack Description files regularly.
Dumpster
Looking in the trash for sensitive information • Educate users.
Diving
• Block attachments at network borders, in particular those
Keyboard Looking over the shoulder of someone working on a containing executable code (.exe, .bat, .doc files with macros).
Surfing laptop.
• Prevent the download of software from the Internet.
Sending e-mails that appear to come from a financial • Enforce strict software installation policies.
institution. The e-mail directs users to an official-looking
Phishing
Web site where they are asked to type in personal • Remove removable drives (floppy and CD-ROM drives) to prevent
information. unauthorized software entering a system.
Entering a secured building by following an authorized Internetwork Security Facts

Piggybacking
employee.

A common method of controlling internetwork security is to identify proxy server is a type of firewall. A proxy server is often
various network zones. Each zone identifies a collection of users who called an application level gateway because it works with
have similar access needs. Following are three common zones: applications. Proxies can be configured to:
• An intranet is a private network (LAN) that employs Internet • Use access controls to control both inbound or
information services for internal use only. For example, your outbound traffic.
company network might include Web servers and e-mail servers
that are used by company employees. • Increase performance by caching heavily accessed
content. Performance may decrease because proxy
• The Internet is a public network that includes all publicly available servers require manual configuration on all network
Web servers, FTP servers, and other services. The Internet is host workstations.
public because access is largely open to everyone.
• Filter content.
• An extranet is a privately-controlled network, distinct from, but
located between the Internet and a private LAN. An extranet is • Shield or hide a private network.
often used to grant resource access to business partners, • Restrict access by user or by specific Web sites.
suppliers and even customers outside of the organization.
VLAN Facts
To control access between intranets, extranets, and the Internet, use a A virtual LAN (VLAN) is a logical grouping of computers using a VLAN-
firewall. A firewall is a network device installed on the border of capable switch. When you define virtual LANs, you assign devices on
secured networks to protect a private network from a public network or different switch ports to different logical (or virtual) LANs. Although
to separate one private network from another. Firewalls can be each switch can be connected to multiple VLANs, each switch port can
hardware devices or software installed onto operating systems. be assigned to only one VLAN at a time. Another key factor here is
you need routers on each VLAN.
The following table describes common firewall implementations.
Firewall Type Characteristics Creating VLANs with switches offers the following administrative
A packet filtering firewall makes decisions about which benefits.
network traffic to allow by examining packet content • You can create virtual LANs based on criteria other than physical
such as source and destination addresses, ports, and location (such as workgroup, protocol, or service)
service protocols. A packet filtering firewall: • You can simplify device moves (devices are moved to new
• Uses access control lists (ACLs) or filter rules to VLANs by modifying the port assignment)
control traffic. • You can control broadcast traffic based on logical criteria (only
• Operates at OSI layer 3 (Network layer). devices in the same VLAN receive broadcast traffic)
• Offers high performance because it only examines • You can control security (isolate traffic within a VLAN)
addressing information in the packet header. • You can create additional collision domains on a LAN
Packet filtering • Is a popular solution because it is easy to
Firewall implement and maintain, has a minimal impact on Creating VLANs with switches offers the following benefits over using
system performance, and is fairly inexpensive. routers to create distinct networks.
• Can be implemented using features that are • Switches are easier to administer than routers
included in most routers. • Switches are less expensive than routers
• Is subject to DoS and buffer overflow attacks. • Switches offer higher performance (introduce less latency)
One of the most popular ways to implement a firewall is When you use switches to create VLANs, you will still need routers to:
to identify the services that are running on a host
system. Then open the corresponding ports for those • Route data in to and out of the local area network
services (allowing traffic to those services) and close all • Route data between VLANs
other ports (preventing traffic to the services not running
on the system). IPSec Facts
Internet Protocol Security (IPSec) is a collection of open standards
A circuit-level gateway monitors traffic between trusted
being developed by the Internet Engineering Task Force (IETF) IPSec
hosts and un-trusted hosts via virtual circuits or
working group. These standards ensure private communication over
sessions. A circuit-level gateway:
Internet Protocol (IP) networks through encryption of IP packets. IPSec
Circuit-level • Operates at OSI Layer 5 (Session layer). can be used to secure the following types of communications:
Gateway • Verifies sequencing of session packets. • Host-to-host communications within a LAN.
• Hides the private network from the public network. • VPN communications through the Internet, either by itself or in
• Does not filter packets. Rather it allows or denies conjunction with the L2TP VPN protocol.
sessions. • Any traffic supported by the IP protocol including Web, e-mail,
A DMZ is a partially protected network that is accessible Telnet, file transfer, and SNMP traffic as.
from the Internet as well as the private LAN, but access
from the DMZ to the LAN is prevented. IPSec includes two protocols that provide different features.
• The DMZ can be used to protect publicly accessible Protocol Function
resources, such as Web, FTP, and e-mail servers. Authentication Header Provides authentication features. Use AH to
The area hosting these services is typically called a (AH) enable authentication with IPSec.
Demilitarized screened subnet.
Encapsulating Security Provides data encryption. Use ESP to encrypt
Zone (DMZ) • The DMZ can be comprised of two firewalls or a Payload (ESP) data.
single device with three NICs (one to connect to the
Internet, one to connect to protected Internet Note: If you use only AH, data is not encrypted.
resources, and one to connect to the private LAN).
When you implement IPSec, you have the choice of using tunnel or
• If the firewall managing traffic into the DMZ fails, transport mode. The choice you make depends on the IPSec
only the servers in the DMZ are subject to capabilities of the communicating devices and affects the composition
compromise. The LAN is protected by default. of packets.
Proxy Server A proxy server is a device that stands as an intermediary Mode Description
between a secure private network and the public. A

Transport mode is used for end-to-end (host-to-host) Example of a differential backup
encryption of data. When using transport mode, both the
source and the destination device use IPSec. Intermediate
devices do not use IPSec. The following process is used
between two devices using transport mode:
1. The sending device creates an IPSec packet.
Transport
2. Intermediary devices are able to read the
destination address even though they don't
understand IPSec and can't read the packet
contents.
3. The receiving device understands IPSec and can
read the packet contents.
Tunnel mode is used for router-to-router communications.
This creates a secure communication channel between the
two routers. Use tunnel mode when neither or only one end
device can use IPSec. The following process is used with
tunnel mode to use IPSec between two devices that do not
support IPSec. Example of an incremental backup
1. The non-IPSec source device sends a normal
packet to the router.
2. The router adds IPSec authentication and/or
encryption.
3. The packet is sent through the un-trusted network.
Intermediary devices are able to read the
destination address even though they don't
Tunnel understand IPSec and can't read the packet
contents.
4. The destination router removes the IPSec
information and forwards the non-IPSec packet to
the destination device.
5. The destination device receives the packet.
Note: You can also use tunnel mode if only one end device
understands IPSec. For example, the source device can
generate the IPSec packet, and the destination router can Most of the time, you will perform backups using a strategy that
remove the IPSec information before forwarding it on to the combines backup types. The following table compares common
destination host. The destination host can then send a normal backup strategies.
packet in response, with the router adding IPSec information Strategy Backup Characteristics Restore Characteristics
before forwarding it back to the original source host.
Requires large tapes for each
As you consider implementing IPSec, keep in mind the following: To restore, restore only the
backup.
Full Backup last backup. This is the
• IPSec is supported natively by all versions of Windows since Takes a long time to perform
fastest restore method.
Windows 2000. However, earlier operating systems like Windows each backup.
98 require additional client software in order to use IPSec. Perform a full backup
• IPSec (or any other encryption system) creates additional server periodically (for example once
processor load, as the encryption process involves computations. a week), followed by
To restore, restore the full
Before implementing IPSec you should first determine if your incremental backups every
Full + backup and every
servers can easily accommodate this extra workload. other day.
Incremental subsequent incremental
• Implementing encryption also increases the amount of network backup.
traffic that is created, as in addition to the normal traffic, there is Incremental backups are quick
additional traffic associated with the encryption process. to perform. This is the fastest
backup method.
Backup and Restore Facts To restore, restore the last
Most backup methods use the archive bit on a file to identify files that Differential backups take full backup and the last
need to be backed up. When a file is modified, the system Full + progressively longer to differential backup.
automatically flags the file as needing to be archived. When the file is Differential complete as time elapses Next to a full backup, this
backed up, the backup method may reset (clear) the archive bit to since the last full backup. is the fastest restore
indicate it has been backed up. method.
Note: Do not combine incremental and differential backups.
The following table shows the type of data backed up using each
backup method. Keep in mind the following facts about doing backups:
Resets Archive • Backup user data more often than system state data (it changes
Backup Type Backs Up
Bit? more frequently).
Full
Backs up all files regardless of the
Yes • Backup system state data and applications whenever you make a
archive bit. system change.
Incremental
Backs up files on which the archive bit
Yes • During a system state backup, all system configuration
is set. information is backed up (system data cannot be backed up
Backs up files on which the archived selectively in portions).
Differential No
bit is set. • Files backed up from one system might not restore to another
Backs up all files regardless of the system. Restore to a system running the same OS.
Copy No • Be sure to test your backup and restore strategy. It does no good
archive bit status.
to back up your data if you can't restore it.

• Backup media should be stored offsite to prevent the same RAID 1 systems are often combined with RAID 0 to improve
disaster from affecting the network and the backup media. performance. Such a system is sometimes referred to by the combined
number: a RAID 10 system.
Types of backup tape drives
Advantages
Data • RAID 1 offers excellent read speed and a write-speed that is
Drive Description Capacity Transfer
comparable to that of a single disk.
Speed
• In case of a disk failure, the data does not have to be rebuilt;
Quarter Inch Cartridge; 20 GB, 50 60 kbps, 125 it just has to be copied to the replacement disk.
QIC
formats: 3.5", 5.25" GB kbps • RAID 1 is a very simple technology.
Enhancement of QIC; 4/8 GB, 1 Mbps, 1.83 Disadvantages

Travan
formats: TR4, TR5 10/20 GB Mbps • The main disadvantage is that the effective storage capacity
is only half of the total disk capacity because all data get
Digital Audio Tape; formats: 40 GB written twice.
4.8 Mbps, 20
DAT DDS (Digital Data Storage), (DDS), 160
DLT (Digital Linear Tape) GB (DLT)
Mbps • Software RAID 1 solutions do not always allow a hot swap of
a failed disk (meaning it cannot be replaced while the server
An 8mm backup format keeps running). Ideally a hardware controller is used.
used in computer systems; 10/20 GB, 3 Mbps, 6
Mammoth RAID 3
AIT (Advanced Intelligent 20/40 GB Mbps
Tape) On RAID 3 systems, data blocks are subdivided (striped) and written in
parallel on two or more drives. An additional drive stores parity
information. You need at least 3 disks for a RAID 3 array.
Redundant Array of Independent Disks (RAID) Facts
RAID 0: striping
In a RAID 0 system, data are split up in blocks that get written across
all the drives in the array. By using multiple disks (at least 2) at
the same time, RAID 0 offers superior I/O performance. This
performance can be enhanced further by using multiple
controllers, ideally one controller per disk.
Since parity is used, a RAID 3 stripe set can withstand a single disk
failure without losing data or access to data.
Advantages
• RAID-3 provides high throughput (both read and write) for
large data transfers.
• Disk failures do not significantly slow down throughput.
Advantages
Disadvantages
• RAID 0 offers great performance, both in read and write • This technology is fairly complex and too resource intensive
operations. There is no overhead caused by parity controls.
to be done in software.
• All storage capacity can be used, there is no disk overhead.
• Performance is slower for random, small I/O operations.
• The technology is easy to implement.
RAID 5
Disadvantages RAID 5 is the most common secure RAID level. It is similar to RAID-3
RAID 0 is not fault-tolerant. If one disk fails, all data in the RAID 0 array except that data are transferred to disks by independent read and write
are lost. It should not be used on mission-critical systems. operations (not in parallel). The data chunks that are written are also
larger. Instead of a dedicated parity disk, parity information is spread
RAID 1: mirroring across all the drives. You need at least 3 disks for a RAID 5 array.
Data are stored twice by writing them to both the data disk (or set of A RAID 5 array can withstand a single disk failure without losing data
data disks) and a mirror disk (or set of disks). If a disk fails, the or access to data. Although RAID 5 can be achieved in software, a
controller uses either the data drive or the mirror drive for data hardware controller is recommended. Often extra cache memory is
recovery and continues operation. You need at least 2 disks for a RAID used on these controllers to improve the write performance.
1 array.

Advantages links between devices.
Read data transactions are very fast while write data transaction are
somewhat slower (due to the parity that has to be calculated). • On a LAN, you can wire the network
such that two paths exist between any
Disadvantages two devices. You can also install
multiple network adapters (also called
• Disk failures have an effect on throughput, although this is adapter teaming) in a single device
still acceptable. and provide two network connections
• Like RAID 3, this is complex technology. for that device. This provides link fault
tolerance and increases performance
RAID 10: a mix of RAID 0 & RAID 1 as the server can use multiple NICs
RAID 10 combines the advantages (and disadvantages) of RAID 0 and for sending data.
RAID 1 in a single system. It provides security by mirroring all data on • To increase Internet availability, obtain
a secondary set of disks (disk 3 and 4 in the drawing below) while two different Internet connections.
using striping across each set of disks to speed up data transfers.
o To reduce costs, one could be a
high-speed link used for day-to-
day operations and the other a
low-speed link used for a
backup.
o To provide redundancy, the
links should be provided by
different ISPs with different
connectivity methods. Simply
installing two links from the
same ISP does not protect you
if the single ISP experiences
problems.
When using backup servers, two servers
are configured in a master/slave
relationship.
Backup • Data is written to both servers.
Server • The master server is the main server
that communicates with clients.
Redundancy Facts • If the master fails, the backup server
The best way to handle a disaster is by anticipating potential problems automatically takes over.
and putting into place measures to prevent or speed recovery. One Server clustering configures multiple
way to increase the availability of your network is through redundancy. servers as a group.
Redundancy provides duplicate or multiple components such that a
failure in any one component does not cause a disruption in service. • All servers work together. Incoming
Redundancy provides fault tolerance such that a failure in one client requests are routed to a free
component does not make the system or data unavailable. In a true server in the cluster.
fault tolerant strategy, all system components must be considered. • Clients see the cluster as a single
computer.
The following table lists several methods of providing redundancy for Redundant
Servers • Clusters provide an increase in
your system. performance because the processing
Option Characteristics load is shared between all servers in
One way to provide redundancy is to install the cluster.
multiple components that perform the same Clustered • Clusters typically share a common
function. Mirrored drives, duplicate disk Servers data storage. All data from all servers
Dual is stored on the shared data store.
controllers, and redundant power supplies
Components
or Uninterruptible Power Supplies (UPS) • If one server in the cluster fails, the
are examples of having multiple other servers continue to receive
components that perform the same tasks. client connections and process
A hot spare is a component that is requests (providing fault tolerance and
connected to a system. A hot spare can failover service solutions for a
Hot Spare network).
take over automatically when another
component fails. • Server clusters ensure that data and
Redundant network services such as DHCP,
Components A cold spare is a component that sits on
the shelf until there is a failure. Cold spares DNS, RAS are available in the event
Cold Spare obviously need more time to implement of a server failure.
recovery, but they don't have the Redundant Hot Site • This is a fully configured facility with
maintenance requirements of hot spares. Sites power, A/C, etc., fully functional
A component that is hot-swappable can be servers and clients that are up-to-date
removed and replaced while the system is mirroring the production system.
still running. The component that is most • A hot site is immediately available in
Hot Swap likely to fail in a power supply is actually the the event of a disaster.
cooling fan; therefore maintaining spare
fans for a hot-swap strategy is a key to • The site is expensive to maintain;
preventing power failure disruptions. requires constant maintenance of the
hardware, software, data, and
Redundant Communication To increase the availability of device applications; and presents a security
Links communications, you can install redundant

risk. Remember, however, that troubleshooting is a process of both
deduction and induction. Experience will show you when deviating
• This facility is necessary when an from this process can save both time and effort.
organization cannot tolerate any
downtime. Troubleshooting Tools
The table below describes the tools you can use to troubleshoot
• This is a facility readily available with
network problems.
power, A/C, and computers, but the
applications may not be installed or Task Tool(s) Description
configured. Shows MAC address-to-IP address
View the ARP
• Extra communications links and other
table
arp (Windows) mappings including the local MAC and
data elements that commonly take a IP addresses.
Warm Site
long time to order and install will be ipconfig Displays IP configuration information
present. (Windows for network adapters including:
• The warm site is considerably cheaper 2000/XP/2003) • IP address and mask
than a hot site.
winipcfg • Default gateway
• Lower administrative and View IP (Windows 98/ME)
maintenance resources consumed. configuration • DNS servers
information • WINS servers
• This is the least ready of the three site
types, but it is probably the most ifconfig (Linux) • DHCP server used for
common. configuration
• The site is ready for equipment to be • MAC address
brought in during an emergency Shows IP-related statistics including:
because there is no hardware on site. • Current connections
• The site might have electrical power
View IP and • Incoming and outgoing
and HVAC, but it may or may not have netstat
Cold Site routing connections
communication links. (Windows)
statistics • Active sessions, ports, and
• A cold site is low cost, and may be
sockets
better than nothing.
• The local routing table
• A cold site often offers a false sense
of security. The actual amount of work Displays the NetBIOS name tables for
View NetBIOS
involved in getting a cold site up and nbtstat both the local computer and remote
over TCP/IP
running might be more than expected (Windows) computers and the NetBIOS name
information
and might take too long to adequately cache.
keep the business running. Sends an ICMP echo request/reply
contacts packet to a remote host. A
Troubleshooting Methodology Facts response from the remote host
Good troubleshooting is a process that combines knowledge, indicates that both hosts are correctly
Test host-to-
experience, and intuition. As you practice service and support in a configured and a connection exists
host ping
work environment, you will add to your experience and develop between them. Using the -t switch with
connectivity
intuition that will help you to quickly solve a variety of problems. ping can be useful in determining
whether the network is congested, as
Regardless of your current troubleshooting abilities, you will benefit such a condition will cause sporadic
from following a systematic approach to problem-solving. failures in the ping stream.
tracert Like ping, traceroute tests
The following process has proven effective in a variety of situations: (Windows) connectivity between devices, but as it
1. Identify the symptoms and potential causes. Ask the user to does so it shows the path between the
describe the problem, check for error messages, or recreate the Identify the two devices. Responses from each
problem. Resist the urge to start fixing things at this point. path between hop on the route are measured three
2. Identify the affected area. Determine how large the problem is. two hosts traceroute times to provide an accurate
For example, fixes for one client workstation would likely be very (Linux) representation of how long the packet
different than fixes for a network segment. takes to reach, and be returned by
3. Establish what has changed. Most often, problems are caused by that host.
new hardware or software or changes to the configuration. If
necessary, carefully ask users to discover what might have nslookup
changed that could have caused the problem. (Windows and Resolves (looks up) the IP address of
4. Select the most probable cause. Review the list of potential Linux) a host name. Displays other name
Test name
causes. Look for common errors or solutions that can be tried resolution-related information such as
resolution dig (Linux, this is the DNS server used for the lookup
quickly. the preferred tool request.
5. Implement an action plan, addressing the most likely problem and on Linux)
account for side effects of the proposed plan. When side effects
have been weighed against the fix and all concerns have been
addressed, fix the problem. Identifying Communication Problems
6. Test the result. Ensure that the problem is resolved and that The first sign of a communication problem often comes when a user
implementation of fix did not cause any new problems. says "The network is down" or "I can't reach the server." As part of the
7. Identify the results and effects of the solution. Make sure that the troubleshooting process, you need to identify the scope of the problem
solution has fully fixed the problem and has not caused any other so you can take the proper actions to correct the problem.
problems.
8. Document the solution and process. In the future, you can check The following example shows one way to troubleshoot communication
your documentation to see what has changed or to help you problems. In this scenario, workstation A can't communicate with
remember the solution to common problems. workstation C.

If a single device is unable to communicate on the network, begin by
verifying the physical network connection. Most network cards include
link and status lights that can help you verify physical connectivity. The
following table describes various light combinations and their meaning
in troubleshooting.
Light
Meaning
Link Activity Collision
The network card does not have a
connection to the network. For the link
light to be lit, the computer must detect a
connection to another device. Possible
The following table lists several tasks you can perform to troubleshoot causes of no link light include:
connectivity problems.
Unlit Unlit Unlit • Bad NIC
The tasks listed here are listed in order of one way to troubleshoot the • Faulty cable
reported problem. These steps trace the problem backwards from the • Missing device on the other end
remote host to the local host (another way to troubleshoot the issue is (unplugged cable)
to work through these steps in reverse order). Be aware that
depending on the situation, you might be able to troubleshoot the • Switch or hub port turned off or bad
problem more efficiently by skipping some tests or changing the order. If the link light comes on but is not green,
Task Description then the NIC has detected a signal but
the signal is not what was expected.
Often the best place to start in troubleshooting a problem Possible causes include:
is to ping the host you are trying to contact. Performing
this test first verifies the reported problem. If successful, • Faulty transceiver on the NIC or on
the problem is not related to network connectivity. Check the remote device
other problems such as name resolution or service Red/
Unlit Unlit • Incorrectly configured network
Ping host C Amber
access. cabling
Note: If you have access to another computer, try pinging • Incompatible networking standards
the destination host from that computer. If successful, Note: On some switches, an amber link
then skip the remaining tasks and troubleshoot the local light indicates a slower connection (such
host configuration or physical connection. as 10 Mbps compared to a 100 Mbps
If you cannot contact a specific remote host, try pinging connection which might show a green
another host in the same remote network. If successful, light).
Ping host D
then the problem is with the remote host (either a A solid (normally green) link light
misconfiguration, broken link, or unavailable host). indicates a valid network connection.
If you cannot contact any host in the remote network, try Solid However, an Activity light that never
Unlit Unlit
pinging hosts on other remote networks (you might try Green lights up means that no data is being
several other networks). If successful, or if you can received. Check all components and
contact some remote networks and not others, then the connections.
Ping host E
problem is with the routing path between your network This is a normal condition that indicates a
and the specific remote network. You can then use the valid, active connection. The Activity light
traceroute/tracert commands to check the path to the will periodically flash, even if you are not
problem network. Solid
Flashing Unlit currently sending data over the link (this
Green
If you cannot contact any remote network, ping the default is known as a heartbeat or keepalive
gateway router. If successful, and you still cannot contact signal that lets the NIC know it has an
Ping the active connection).
any remote host, have the router administrator verify the
default
router configuration. Check for broken links to the remote This is a normal condition. A small
gateway
network, interfaces that have been shut down, or access number of collisions are to be expected
control lists or other controls that might be blocking traffic. Solid Flashing/Lit on an Ethernet network.
Flashing
If you cannot contact the default gateway router, ping Green occasionally Note: If your network uses full-duplex
Ping host B other hosts on the local network. If successful, then check switches, there should be no collisions on
the default gateway router. the network.
If you cannot communicate with any host on the local If the collision light is constantly flashing,
network, then the problem is likely with the local host or its then there are too many collisions on the
Troubleshoot network. Possible causes include:
connection to the network. Troubleshoot the following:
the local host
connection or • Check physical connectivity • A faulty NIC somewhere on the
configuration • network. A NIC somewhere is
Validate the TCP/IP configuration on the local host
constantly sending out frames
• Validate IP configuration settings without first listening to make sure
One special ping test you can perform is to ping the local host. When Solid Flashing/Lit the medium is free. This condition is
Flashing
you ping the local host, you are verifying that TCP/IP is correctly Green constantly known as chattering or jabbering.
installed and configured on the local host. In essence, you are finding • Too many devices on the network.
out if the workstation can communicate with itself. To ping the local As the number of devices increases,
host, use the following command: so too will collisions. Reducing the
ping 127.0.0.1 number of devices, or using
If this test fails, check to make sure the TCP/IP is correctly configured switches, bridges, or routers to
on the system. Note: This test does not check physical connectivity. divide the network will reduce the
The ping can succeed even if the host is disconnected from the number of collisions.
network.
Physical Troubleshooting Tools
Troubleshooting Link Status

The following troubleshooting tools can be useful in troubleshooting o Check for other devices that might be generating
physical connectivity problems. interference.
Tool/Method Description o For wireless and satellite devices, make sure that receivers
Wire crimper are pointed at source devices and within the specified
distance of the transmitting device. Be aware that weather
and other atmospheric conditions can also adversely affect
Use a wire crimper to attach cable connectors to communications.
bare wires, such as when you are making your
own cables.
• Check for kinked cables that might be on the verge of breaking. In
particular, verify that cables are not routed underfoot or under
carpeting where regular wear can cause cables to break.
Punch-down block Troubleshooting the Fault Domain

When troubleshooting physical problems, it helps to identify the fault
A punch-down block is typically used in domain. The fault domain is the location of a physical problem and is
telephone wiring cabinets to connect individual often manifested by identifying the boundary between communicating
strands of twisted pair wires. You use a punch- devices. For example, if a cable break occurs, a given host might be
down tool to attach wires to the punch down able to communicate with some devices but not others. When you
block. identify the fault domain, you identify the boundaries of communication
and identify the most probable location of the physical problem.
The following table compares how a single break in the network affects
Media tester device-to-device communication for specific topologies.
Topology Effect
Use a media tester to make sure that a cable is A break in the network bus means that the end of the network
unbroken and that all cables are connected to bus is no longer terminated. For this reason, a break in the
the correct pins inside the connector. Bus bus typically means that no devices can communicate.
Identifying the location of the break is difficult on a true bus
network.
A break in a cable in a star means that the device connected
Tone generator to the central device (hub or switch) through that cable can
Star
no longer communicate on the network. All other hosts will be
A tone generator sends an electronic signal on a able to communicate with all other devices.
wire or cable. Use a tone generator to locate the
A break in the ring means that messages can only travel in
other end of a specific cable. Generate the tone
one direction (downstream) up to the break. Computers can
on one end of the cable, then test the other ends Ring
send messages downstream to other devices, but because of
of many cables until you detect the tone.
the break will not be able to receive any responses.
A break in one ring in a dual ring configuration has no effect
Time Domain Reflector Dual Ring on communications. A decrease in bandwidth might result,
(TDR) but data can be sent on the other ring.
Like a tone generator, a TDR sends signals on a A break in a single link in a mesh topology has no effect on
cable or a wire. Use a TDR to get information communications. Data can be routed to the destination
Mesh
about the cable such as its length and to identify device by taking a different (sometimes longer) path through
the distance to the break in a cable. the mesh topology.
Interpreting ipconfig
You can use ipconfig /all to troubleshoot IP configuration problems.
Loopback plug Following is sample output from the ipconfig /all command:
A loopback plug reflects a signal from the Windows 2000 IP Configuration
transmit port on a device to the receive port on Host Name . . . . . . . . . . . . : NY-DEV-WRK3
the same device. Use the loopback plug to verify Primary DNS Suffix . . . . . . . : westsim.com
that a device can both send and receive signals. Node Type . . . . . . . . . . . . : Broadcast
A failure in the loopback test indicates a faulty IP Routing Enabled. . . . . . . . : No
network card. A successful loopback test means WINS Proxy Enabled. . . . . . . . : No
the problem is in the network cabling or other DNS Suffix Search List. . . . . . : westsim.com
connectivity devices.
Ethernet adapter Local Area Connection:
One valuable troubleshooting method is to keep
a set of components that you know are in proper Connection-specific DNS Suffix . : westsim.com
Known good spares functioning order. If you suspect a problem in a Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
component, swap it with the known good Controller (3C905C-TX Compatible)
component. Physical Address. . . . . . . . . : 00-06-5B-1C-92-B8
DHCP Enabled. . . . . . . . . . . : Yes
Often, physical problems are intermittent and might go away even Autoconfiguration Enabled . . . . : Yes
before you take corrective action. If the problem appears to be a IP Address. . . . . . . . . . . . : 192.168.1.141
physical problem, check the following: Subnet Mask . . . . . . . . . . . : 255.255.255.0
• Verify that connectors and components are securely fastened and Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.20
that connectors are clean
DNS Servers . . . . . . . . . . . : 192.168.1.20
• Check for EMI and other atmospheric conditions that might be 192.168.1.27
causing communication problems. Lease Obtained. . . . . . . . . . : Monday, April 18, 2005 7:46:41 AM
o For wired networks, verify that cables are not near Lease Expires . . . . . . . . . . : Monday, April 18, 2005 11:46:41 AM
fluorescent lights or other sources of interference.

The following table describes how the output for this command to retry to contact the DHCP server once DHCP problems have been
changes based on how IP settings are configured and for specific resolved. Use the following commands:
problem situations. • Use ipconfig /release to stop using the current dynamic IP
Condition ipconfig /all Output configuration parameters.
If the workstation is configured with static IP information, • Use ipconfig /renew to retry the DHCP server request process to
the following conditions will exist: obtain IP configuration parameters.
Static IP Note: To display the TCP/IP configuration on a Linux computer, use
Configuration
• The DHCP Enabled line will show No
the ifconfig command. Use winipcfg to view the TCP/IP
• The DHCP Server, Lease Obtained, and Lease configurations on earlier versions of Windows including Windows 98
Expires lines will not be shown and Me.
If the workstation has received configuration information
from a DHCP server, the following conditions will exist: ARP, NETSTAT, and NBSTAT Facts
The following table lists several commands on a Windows system that
• The DHCP Enabled line will show Yes you can use to gather information about network connections.
DHCP • The DHCP Server line will show the IP address of
Tool Option(s)
Configuration the DHCP server from which configuration
information was received arp -a shows the IP address-to-MAC address mapping table
• The Lease Obtained and Lease Expires lines will (the address cache)
arp
arp -s is used to add static entries into the table. Remember “s”
show the lease information
for STATIC
A rogue DHCP server is an unauthorized DHCP server
netstat shows the active connections
on the network. Symptoms of a rogue DHCP server
include: netstat -a shows detailed information for active connections
netstat
• Conflicting IP addresses on the network netstat -r shows the routing table of the local host
• Incorrect IP configuration information on some netstat -s shows TCP/IP statistics
hosts
Rogue DHCP To identify a rogue DHCP server using ipconfig, verify nbtstat -c shows the IP address-to-NetBIOS name mapping
nbtstat
Server the DHCP Server address. If this address is not the table (the name cache)
address of your DHCP server, you have a rogue DHCP
server. Note: Occasionally, the ARP table will have stale entries. This
Note: When you have a rogue DHCP server on the happens when:
network, some hosts will likely receive configuration • The IP address assigned to a host changes (for example if it were
information from the correct DHCP server and some to receive a different IP address from a DHCP server)
from the rogue DHCP server.
• The MAC address of a host changes (for example if the NIC has
Your DHCP server can send out various IP been replaced)
configuration values in addition to the IP address and If this is the case, when the local computer consults its cache for ARP
mask. If network hosts are configured with incorrect IP information, it will be incorrect and will therefore not be able to contact
Incorrectly
values (such as incorrect default gateway or DNS server the remote host. To correct the problem, use the arp -d * command to
Configured
addresses), first verify that the workstations are delete the cache. This causes the computer to use ARP to rediscover
DHCP Server
contacting the correct DHCP server. If the correct server the information.
is being used, go to the DHCP server to verify that it is
sending out correct configuration information. Route: Route is a command line method for viewing, adding,
If the workstation has used APIPA to set configuration changing or deleting the routing table on a local machine. Remember
information, the following conditions will exist: that Netstat will show you this information too with the proper
parameter. Netstat –r
• The DHCP Enabled line will show Yes
• Rlogin – is a Unix utility for remote access similar to Telnet.
• The Autoconfiguration Enabled line will show
Yes • Rendezvous is an Apple MAC OS X protocol that allows the
connection of network devices. You would use this protocol to set
• The DHCP Server, Lease Obtained, and Lease
up AFS (Apple File Service) from an OS X server. Now called
Expires lines will not be shown
Bonjour.
• The IP address will be in the range of 169.254.0.1
to 169.254.255.254 with a mask of 255.255.0.0 Troubleshooting Name Resolution Facts
• The Default Gateway line will be blank Name resolution problems typically have the following symptoms:
• The DNS Servers line will not be shown • You can ping a destination host using its IP address.
APIPA Note: When APIPA is used, the workstation sets its own • Methods that use the logical host name to communicate with the
Configuration IP address and mask. It does not automatically host fails. This might include things such as:
configure default gateway or DNS server values. o Typing a URL into the browser.
o Pinging the host using the host name.
When APIPA is being used:
o Searching for the host by its name.
• Communication is restricted to hosts within the
same subnet (there is no default gateway set).
To troubleshoot DNS name resolution, use one of the following tools:
• Hosts can communicate with other hosts that have • nslookup for Windows or Linux systems
used APIPA. If some hosts are still using an
address assigned by the DHCP server (even if the • dig for Linux systems (dig is replacing nslookup on Linux
DHCP server is down), these hosts will not be able systems)
to communicate with the APIPA hosts.
The following table lists several ways to use these commands.
• Name resolution will not be performed (there are
no DNS server addresses configured). Use... To... Example
If the workstation has received configuration information from the nslookup nslookup
Query the IP address of a host.
wrong DHCP server or configured itself using APIPA, you might need host www.google.ca
nslookup Start nslookup in interactive nslookup

mode. The default interactive computers on the remote network. If you are unable
mode query is for A records, but to do so, verify that the client computer has a
you can use the set type= set type=ns connection to the remote server:
command to change the query • Verify that the remote access server is
type. configured to route communications to the
Query a host. The default query is private network
for A records. You can change the • Verify that the target system is online and has a
default search by appending one valid connection
of the record types you see below
to the end of the command.
• Verify that the client, remote access server, and
target servers are using the same networking
• a--address records protocols
• any--any type of record dig www.vulture.com One simple method to test these items is to try to ping
dig host the remote server. If successful, physical and
• mx--mail exchange records ns
configuration problems are ruled out.
• ns--name server records
• soa--sort of authority records If you can ping a remote server or a server on the LAN but can't
• hinfo--host info records access resources on that server (such as a Web page, shared file, or
• axfr--all records in the zone shared printer), you will need to troubleshoot resource access. When a
user reports a problem in resource access, a good place to start is to
• txt--text records try to access those same resources from your system. If you can reach
Query the root server at the IP those resources but they cannot, try the following:
dig @IP address or host name for A • Verify that their system has a valid physical connection to the
address or records for the domain. You can dig @192.168.1.1 network.
host name change the default query type by vulture.com ns • Verify network login for that user. Even if the user has
domain appending a different record type
authenticated to a remote access server, they might need to
to the back of the command.
authenticate again to access the resource. Check to make sure
dig -x IP Find the host name for the queried that:
dig -x 62.34.4.72
address IP address. o The user account exists.
o The correct login credentials (username/password) are
Troubleshooting Resource Access being used. Check to make sure the user doesn't have the
When troubleshooting on a LAN, you can typically troubleshoot CAPS lock on.
physical connectivity problems independently from configuration and o The account has not been disabled or locked out. An
access resource problems. However, when you are troubleshooting account that is disabled cannot be used for login. An
remote access or Internet connections, the symptoms of problems are account that is locked out is temporarily disabled due to too
more complex. many incorrect login attempts.
One way to troubleshoot dial-up connections is to understand the • Verify that the user has the necessary rights or permissions to
connection process. After you have identified where the connection access the resource. If necessary, modify the access control list
fails, you can examine the physical and software configuration to (ACL) to give needed permissions.
identify the correct action to take. The following table lists the different If you are unable to access the resources from your computer as well,
steps in the remote access connection process and the things you can then the problem is likely more global than just the single user. Try the
examine for failure in each step. following:
Process Troubleshooting Actions • Re-verify that the server is connected and configured on the
network (ping the server to re-verify the physical connectivity).
If there is no dial tone:
• Make sure that the service is started. For example, if it is a Web
• Verify that the modem is installed and properly server, make sure the HTTP service is running.
configured
1. Dial tone • Make sure that the resource has been shared and enabled for
• Verify that the modem is connected to the phone network access.
line and the cable is good
• Check for access permissions that would deny both you and the
• Make sure no one else is on the line other user access.
If you hear a dial tone but you cannot connect to the
remote server:
2. Remote server • Verify that the modem is dialing the correct
dial-up and number
answer • Verify that the remote server is online
(physically) and that it is configured to answer
incoming calls
After the remote server answers the incoming call, it
must authenticate the computer through a valid
username/password combination. If the remote server
answers but you are unable to authenticate:
3. Authentication • Verify the login credentials entered on the local
(login) system
• Verify that the remote server is configured to
allow logins
• Verify that the client and server are using
matching authentication protocols
4. Connectivity to After you have authenticated to the remote access
remote servers server, the next step is to access resources on other

MAC Media Access Control
List of Acronyms MAN Metropolitan Area Network
A Address (DNS Resource Record) MAU Multi-station Access Unit
ADSL Asymmetrical Digital Subscriber Line MBR Master Boot Record
AFP Apple File Protocol MIB Management Information Base
AIX Advanced Interactive Executive MMF Multimode Fiber
ARB All Rings Broadcast MS-CHAP Microsoft Challenge Handshake Authentication Protocol
ARP Address Resolution Protocol MSDN Microsoft Developers Network
AS Autonomous System MSS Maximum Segment Size
AUI Attached Unit Interface MTU Maximum Transfer Unit
BDC Backup Domain Controller MX Mail Exchange (DNS Resource Record)
BIOS Basic Input/Output System NAT Network Address Translation
BNC Bayonette-Neill-Concelman NBF NetBEUI Frame
BSD Berkeley Software Distribution NCP Netware Core Protocol
CATV Cable Television NCPB Netware Core Packet Burst
CHAP Challenge Handshake Authentication Protocol NDIS Network Driver Interface Specification
CNAME Canonical Name (DNS Resource Record) NDPS Novell Distributed Print Services
CRC Cyclical Redundancy Check NDS Novell Directory Services
CSMA/CD Carrier Sense Multiple Access With Collision Detection NetBEUI NetBIOS Enhanced User Interface
CSU Channel Service Unit NetBIOS Network Basic Input/Output System
DAT Digital Audio Tape NFS Network File System
DFS Distributed File System NIC Network Interface Card
DHCP Dynamic Host Configuration Protocol NMP Name Management Protocol
DLT Digital Linear Tape NNTP Network News Transfer Protocol
DMA Direct Memory Access NS Name Server (DNS Resource Record)
DMP Diagnostic And Monitoring Protocol NSS Novell Storage Services
DNS Domain Name Service NTP Network Time Protocol
DQDB Distributed Queue Dual Bus ODI Open Data-Link Interface
DSL Digital Subscriber Line OSI Open Systems Interconnect
DSU Data Service Unit OSPF Open Shortest Path First
EAP Extensible Authentication Protocol OUI Organizationally Unique Identifier
EGP Exterior Gateway Protocol PAP Password Authentication Protocol
FAT File Allocation Table PDA Personal Data Assistant
FCS Frame Check Sequence PDC Primary Domain Controller
FDDI Fiber Distributed Data Interface PDU Protocol Data Unit
FOIRL Fiber Optical Inter-Repeater Link POP3 Post Office Protocol v3
FTP File Transfer Protocol POTS Plain Old Telephone Services
GGP Gateway-to-Gateway Protocol PPP Point-to-Point Protocol
GUI Graphical User Interface PPPoE Point-to-Point Protocol over Ethernet
HDSL High-Bit-Rate Digital Subscriber Line PPTP Point-to-Point Tunneling Protocol
HTTP Hypertext Transfer Protocol PSTN Public Switched Telephone Network
HTTPS Secure Hypertext Transfer Protocol PTR Pointer (DNS Resource Record)
I/O Input/Output QIC Quarter-Inch Cartridge
IANA Internet Assigned Numbers Authority RADIUS Remote Authentication Dial-In User Service
ICMP Internet Control Message Protocol RADSL Rate-Adaptive Digital Subscriber Line
ICS Internet Connection Sharing RAID Redundant Array of Independent Disks
IDC IBM Data Connector RARP Reverse Address Resolution Protocol
IDP Internetwork Datagram Packet RAS Remote Access Service
IDSL ISDN Digital Subscriber Line RD+ Positive Receive Data
IEEE Institute of Electrical and Electronic Engineers RDP Remote Desktop Protocol
IETF Internet Engineering Task Force RFC Request For Comments
IGMP Internet Group Multitask Protocol RIP Routing Information Protocol
IGP Interior Gateway Protocol RMON Remote Monitoring Protocol
IHL Internet Header Length SAP Service Access Point
IIS Internet Information Server SCSI Small Computer System Interface
IMAP4 Internet Message Access Protocol v4 SDSL Symmetrical Digital Subscriber Line
IP Internet Protocol SFTP Secure File Transfer Protocol
IPSec Internet Protocol Security SLIP Serial Line Internet Protocol
IPX Internetwork Packet Exchange SMB Server Message Block
IPX/SPX Internetwork Packet Exchange/Sequence Packet SMF Single Mode Fiber
Exchange SMTP Simple Mail Transfer Protocol
IR Infrared SNAP Subnet Access Protocol
IRQ Interrupt Request SOA Start Of Authority (DNS Resource Record)
IS Integrated Services SPA Spanning Tree Algorithm
ISDN Integrated Services Digital Network SSH Secure Shell
ISN Initial Sequence Number SSL Secure Sockets Layer
ISP Internet Service Provider STP Shielded Twisted Pair
LAN Local Area Network TCP Transmission Control Protocol
LCP Link Control Protocol TCP/IP Transmission Control Protocol/Internet Protocol
LDAP Lightweight Directory Access Protocol TD+ Positive Transmit Data
LED Light Emitting Diode Telnet Telecommunications Network Protocol
LL2TP Layer 2 Tunneling Protocol TFTP Trivial File Transfer Protocol
LLC Logical Link Control TTL Time To Live
LPD Line Printer Daemon UART Universal Asynchronous Receiver-Transmitter
LPR Line Printer Remote UDC Universal Data Connector
LTO Linear Tape-Open UDP User Datagram Protocol

URL Uniform Resource Locator
USB Universal Serial Bus
UTP Unshielded Twisted Pair
VDSL Very-High-Bit-Rate Digital Subscriber Line
VFAT Virtual File Allocation Table
VLAN Virtual Local Area Network
VPN Virtual Private Network
WAN Wide Area Network
WAP Wireless Access Point
WECA Wireless Ethernet Compatibility Alliance
WEP Wired Equivalent Privacy
WINS Windows Internet Name Service
WLAN Wireless Local Area Network
WPA Wi-Fi Protected Access
WPAN Wireless Personal Area Network
XNS Xerox Networking Services
Zeroconf Zero Configuration

Networking Facts: Baseband Signaling and Broadband Signaling

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Networking Facts: Baseband Signaling and Broadband Signaling

Uploaded by

Copyright:

Available Formats

Networking Facts Baseband signaling allows one signal at a time on the

A network is a group of computers (often called nodes or hosts) that Baseband

Network+ N10-003 Cheat Sheet Page 1

Network+ N10-003 Cheat Sheet Page 2

Network+ N10-003 Cheat Sheet Page 3

AUI • Used with single- and multi-mode

Network+ N10-003 Cheat Sheet Page 4

Network+ N10-003 Cheat Sheet Page 5

Network+ N10-003 Cheat Sheet Page 6

Network+ N10-003 Cheat Sheet Page 7

Network+ N10-003 Cheat Sheet Page 8

Network+ N10-003 Cheat Sheet Page 9

WEP is a 64- or 128-bit encryption mechanism. WEP

Network+ N10-003 Cheat Sheet Page 10

Examples include: JPEG, ASCII, EBCDIC, TIFF, GIF, PICT, encryption,

Network+ N10-003 Cheat Sheet Page 11

• Identifying network devices and network topologies in preparation

IP Address and Subnet Mask Facts

Network+ N10-003 Cheat Sheet Page 12

Note: The broadcast address might also be designated by

• These addresses range from 224.0.0.0 to

Network+ N10-003 Cheat Sheet Page 13

Note: It is possible to use subnet masks that do not use an entire

Network+ N10-003 Cheat Sheet Page 14

6to4 Routing Opens a browser connection to a webpage; uses

ICANN specifies three categories for ports.

• ICANN can assign a specific port for a newly created

• Assigned when a network service establishes contact

Network+ N10-003 Cheat Sheet Page 15

Network+ N10-003 Cheat Sheet Page 16

Network+ N10-003 Cheat Sheet Page 17

Network+ N10-003 Cheat Sheet Page 18

Network+ N10-003 Cheat Sheet Page 19

Network+ N10-003 Cheat Sheet Page 20

Unix/Linux/Mac To connect a Windows client to a

Network+ N10-003 Cheat Sheet Page 21

Network+ N10-003 Cheat Sheet Page 22

Network+ N10-003 Cheat Sheet Page 23

OC-1 51.84 Mbps

Network+ N10-003 Cheat Sheet Page 24

Network+ N10-003 Cheat Sheet Page 25

Kerberos • Kerberos prevents eavesdropping or replay

Network+ N10-003 Cheat Sheet Page 26

Entering a secured building by following an authorized Internetwork Security Facts

Network+ N10-003 Cheat Sheet Page 27

Network+ N10-003 Cheat Sheet Page 28

Network+ N10-003 Cheat Sheet Page 29

Enhancement of QIC; 4/8 GB, 1 Mbps, 1.83 Disadvantages

Network+ N10-003 Cheat Sheet Page 30

Network+ N10-003 Cheat Sheet Page 31

Network+ N10-003 Cheat Sheet Page 32

Network+ N10-003 Cheat Sheet Page 33

Punch-down block Troubleshooting the Fault Domain

Network+ N10-003 Cheat Sheet Page 34

Network+ N10-003 Cheat Sheet Page 35

Network+ N10-003 Cheat Sheet Page 36

Network+ N10-003 Cheat Sheet Page 37

Network+ N10-003 Cheat Sheet Page 38

You might also like