training day slides
Post on 20-Jan-2015
1.006 Views
Preview:
DESCRIPTION
TRANSCRIPT
MaxWiFi Training DayIT Network Design and
Installation
Monday 24th November 2008
Tuesday 25th November 2008
What Do We Do?
• To provide a fast, reliable Internet solution to all clients while maintaining flexibility to accommodate bespoke networks based around clients key requirements
• Ensure 100% reliability during all of the Event by providing fault tolerance and dynamic load balancing
Three Tier Network Model
OSI MODEL
Ensures delivery of packets
Transforms raw bits into frames
Transmits signals across cable
Controls and routes packets
Establishes and maintains sessions
Manages data conversion and syntex
Top layer protocols, HTTP, FTP etc
TCP/IP Model
• Actual Implemented Network Model facilitating standards across vendors.
• Similar to OSI model, based on packet-switching technology
• Originally created by the U.S to maintain data communication even under foreign attack.
Internet Protocol (IP)
• 32 bits representing a numerical address for each device on a network.
• 5 main classes of IP addresses• IP address is separated into 3 parts, network, subnet and host• Class A, B and C are used in defining hosts • Class D is used for multicasts addressing (routing protocols use
multicasts to communicate routing updates and replies)
Class A IP addresses
• First octet I.E 10.59.0.34, 10 is the first octet, represents the Network number so there is up to 127 networks in a class a range (1-127)
• Last three octets represents host number, so there are 16777214 available hosts for each network.
• (we work this out by calculating how many bits there are in the host portion , there are 8 bits in each octet, 3 octets for host so 24 bits and each bit represents a 1 or 0 so its 2^24 -2(for the network and broadcast address)
Class B IP addresses
• First two octets I.E 172.16.0.34, represents the Network number so there is up to 16,000 networks in a class a range (1-127)
• Last two octets represents host number, so there are 65,534 available hosts for each network.
• (we work this out by calculating how many bits there are in the host portion , there are 8 bits in each octet, 2 octets for host so 16 bits and each bit represents a 1 or 0 so its 2^16 -2(for the network and broadcast address)
Class C IP Addresses
• First three octets I.E 192.168.0.34, represents the Network number so using the formulae 2^21 we know there is up to 2097125 networks in a class C range
• Last octet represents host number, so there are 254 available hosts for each network.
• (we work this out by calculating how many bits there are in the host portion , there are 8 bits in each octet, 1 octet for host so 8 bits and each bit represents a 1 or 0 so its 2^8 -2(for the network and broadcast address) leaving 254 usable host IP addresses.
Class D and E Addresses
• Class D addresses are 224.0.0.1 to 239.255.255.255– Multicast addresses Used By Routing protocols to communicate
between routers (routing updates etc)
• Class E addresses are 240.0.0.1 to 254.255.255.255, these are reserved and should not be used on any IP network.
• ANY QUESTIONS SO FAR?
Whats in a frame?
• Layer 2 Protocol Data unit which encapsulates the layer 3 packet and transports it across the LAN to another PC or a router/gateway.
• Contains Source and destination MAC address
ARP - Address Resolotion Protocol
• 802.3 Ethernet mechanism to resolve mac address when only ip address is known
• Broadcast mechanism so more network nodes on same network means more bandwidth intensive.
ARP - Address Resolution Protocol
• PC A: “who is 192.168.0.35”
• PC B: “ I am 192.168.0.35”
Proxy ARP: • Host A needs to send a
packet to Host C , looks at its ip address and does arp request.
• Router intercepts and places its own mac address in ARP reply
• Router does the same for Host C replys
QuickTime™ and a decompressor
are needed to see this picture.
10BASET 100BASETXNetworks
• 10BASET represents old mostly outdated hub networks which ran on half duplex transmission
• Computers connected to hubs shared bandwidth as only one frame could be on the wire at a time
• CSMA/CD (Carrier sense multiple access/ carrier detection) would allow devices to sense collisions and resend after a random time sequence.
LAN Switches
• Full duplex, allowed devices to receive and send at same time.
• Gave full bandwidth to every device connected.
• Stackable - some switches are stackable- meaning they multiple clusters of switchs can operate as one logical switch.
• LLC (logical link control 802.2) allows for intelligent frame switching due to mac table.
VLANS AND 802.1Q Trunk• Allowed multiple
networks on one switch• Separate voice traffic
from data traffic• Span vlans across
multiple switchs with use of 802.1q trunking
• 802.1q is vendor neutral trunk protocol which allows trunks to be created betwenn different vendor switches.
Spanning-Tree Protocol
• Allows a loop free redundant network
Cisco IOS and CLI
• Cisco Internetwork Operating system, giving a more granular approach to network design and implementation.
• Each IOS offers different functionality in context of your business needs and objectives.
CLI Modes: User Mode
• Basic mode only allowing basic commands such as show system information and system output
• Cant be used to modify configuation parametres or to restart system, essentially no damage can be done via this mode.
• Can establish you are in user mode by the prompt
Routername>
Enabled Mode
• Higher privileged mode used for more authoritative commands.• Used to reboot device and to load/save configs.
• Also used for debugging - probably key command in enabled mode for troubleshooting.
• Used to telnet between devices• Show commands- see specific components of configuration
such as access lists or ~NAT translations• Ping other devices or routers- extended ping• Traceroute- tests latency and diagnose problem on every hop to
destination.
Router Configuation Mode
• Most Dangerous mode in the CLI, you can make global
modifications to router • Create and Modify NAT• Create and Modify ACL (Access control Lists)• Make static Routes• QoS - class maps and policy maps• DHCP• IPSec VPN implentation• Dot1q vlan sub interfaces• Saving and loading configurations from tftp
Switch Configuration Mode
• VLAN setup• VTP (virtual trunk protocol)• Switch Port interfaces and static and dynamic trunking• Layer 3 features such as routing and intervlan routing• Voice Vlan tagging (Cisco 3550 series)and native Vlan• Saving and loading configurations from tftp• Spanning tree portfast.• Port security and storm control
NAT (Network Address Translation)
• Used to allow multiple devices share (or overload) a public ip address.
• Define what ip addresses / range of ip addresses use what public ip address via Access lists
• Static Nat is one-to-one mapping (one lan ip to one public)• NAT with PAT (port address translation) allows multiple LAN ip
addresses to one public IP• Used to define incoming traffic to different servers (port
forwarding)
• Lets start of by creating a nat pool
NAT (Network Address Translation)
• Routername(config)#ip nat pool poolname 88.97.219.110 88.97.219.112 netmask 255.255.255.248 – This creates nat pool containing 3 public ip addresses to use
– Now we have created the pool, we need to define lan IP
Routername(config)# access-list 10 permit 172.16.0.0 0.0.255.255
-Now we need to tell the router to use poolname with access list 10
Routername(config)#ip nat inside source list 10 pool poolname overload
NAT (Network Address Translation)
• Routername(config)#ip nat inside source static tcp 10.59.0.100 80 interface fastethernet0/0 80– Or
• Routername(config)#ip nat inside source static tcp 10.59.0.100 80 88.97.219.110 80
– This now forwards incoming traffic with destination port 80 to 10.59.0.100
Sub-Interface Ip and Nat
• Lets define the inside interface(telling router that our fastethernet1 interface is for inside nat) and give it a ip address– Routername(config)#interface fastethernet0/1– Routername(config-if)#ip address 172.16.0.1 255.255.0.0– Routername(config-if)#ip nat inside
– Lets define the outside interface (telling router that our fastethernet0 interface is for outside nat) and give it a ip address
– Routername(config)#interface fastethernet0/0– Routername(config-if)#ip address 88.97.219.110 255.255.255.248– Routername(config-if)#ip nat outside
Static Routes
• Need to tell the router where to send packets with a unknown destination
• In configuation mode, we define the route– Routername(config)#ip route 0.0.0.0 0.0.0.0 fastethernet0/0
– Or
– Routername(config)#ip route 0.0.0.0 0.0.0.0 68.78.45.67
So now we have a router that can route from lan to wan , performing NAT and sending internet traffic correctly to the wan interface.
So lets look at DHCP next….
DHCP (Dynamic Host Configuation Protocol)
• Used to assign Ip addresses from a set pool
• Assigns default gateway, DNS and other network information
• Multiple dhcp pools for each interface or sub-interface for intervlan routing
• TFTP assignment to voip phones
DHCP Configuation
• Routername(config)#ip dhcp pool poolname• Routername(dhcp-confg)#network 172.16.0.0 255.255.0.0
– This tells the router to assign ip addresses to requests originating from the 172.16.0.0 interface
• Routername(dhcp-confg)#default-router 172.16.0.1– This tells the router to tell clients that the default gateway is
172.16.0.1
• Routername(dhcp-confg)#dns-server 208.67.222.222 208.67.220.220– This tells the router to hand out 208.67.222.222 and
208.67.220.220 as the primary and secondary dns servers
CLI- saving and loading configs
• Everything done in Configuation terminal is applied to running-configuation
• Routername(config)#copy running-config startup-config– Now the config is saved to nvram so when the router is
rebooted,the config will be the same
• Routername(config)#copy startup-config tftp://172.16.0.100• Copy the config to a tftp server (LAN or WAN)
• Routername(config)#copy tftp://172.16.0.100/startup.txt start• Copys a configuation text file from tftp server to startup-config
Cisco Catalyst 3550
• Similar to router IOS with three modes, user mode, exec mode and configuation mode
• How to set up vlans, assign a ip address to a vlan for management purposes
• Assign ports or range of ports to a vlan• Apply CoS tagging to allow voip traffic to be seperated from
non-voip traffic on a switchport• Set up trunk ports using 802.1q trunking• Storm-control and portfast
Vlans and VTP
• Switchname(config)#
• Switchname(config)#vlan 1• Switchname(config-vlan)#name voip
We have now named a vlan, this now puts the vlan into the vlan database– Now lets give this vlan a ip address of 172.16.200.1, this effectly
gives this switch this ip address
Switchname(config)# interface vlan 1
Switchname(config-vlan-if)#ip address 172.16.200.1
802.1q and sub-interfaces
• Create multiple interfaces from one physical interface, each sub-interface for each vlan
• Created on router lan interface
– Lets create a Sub-interface– Routername(config)#interface fas0/1.1– Routername(config-subif)#encapsulation dot1q 1 native– Routername(config-subif)#ip address 172.16.0.1
255.255.0.0– Routername(config-subif)#ip nat inside
802.1q and sub-interfaces
• Routername(config)#interface fas0/1.2• Routername(config-subif)#encapsulation dot1.q 2• Routername(config-subif)#ip address 172.32.0.1 255.255.0.0• Routername(config-subif)#ip nat inside
– We have now set up a second interface in vlan 2 so all devices on vlan 2 on the switch/s will use this interface as gateway and obtain dhcp via this interface.
– We have now got 2 sub-interfaces under the physical fastethernet0/1 interface, all we have to do is setup dhcp for new network and amend access list 10 to allow new network to be natted.
Switchport Trunk
• `statically assign a trunk port between the router and switch– Switchname(config)#interface fas0/1
– Switchname(config-if)#switchport trunk encapsulation dot1q
– Switchname(config-if)#switchport mode trunk
– Switchname(config-if)#speed 100
– Switchname(config-if)#duplex full
We have set up fastethernet port 1 on switch to trunk to router
Lets assign ports 3 to 10 on switch to vlan 2 data
Switchname(config)#interface range fas0/3 - 10
Switchname(config-if)#switchport mode access
Switchname(config-if)#switchport access vlan 2
Cisco VTP (virtual trunk protocol)
• Allows easy implemantaion of Spanning Vlans via centralised managemant
• Three modes of VTP- server, client and transparent
• Create vlans on server and vlans will replicate on all switchs in same vtp domain
• Our VTP domain is Maxwifi…so
VTP (virtual trunking protocol/
• WE log onto our designated VTP server switch– Switchname(config)#vtp domain maxwifi
– Switchname(config)#vtp password voysey
– Switchname(config)#vtp mode server
WE then log onto our client switch
Switchname2(config)#vtp domain maxwifi
Switchname(config)#vtp password voysey
Switchname(config)#vtp mode client
Qos(quality of service) via CoS (class of service)
• Switchport to recognise voice traffic from non voice via layer 2 CoS
• Set up a voice vlan and data vlan on same port
• Enable qos to trust cos and voip traffic
Voice Vlan
• These commands will set up a port to separate voice and non voice into 2 different vlans– Switchname(config)#mls qos
– Switchname(config)#interface range fas0/2 - 12
– Switchname(config-if)#mls qos trust cos
– Switchname(config-if)#mls qos trust device cisco-phone
– Switchname(config-if)#switchport voice vlan 1
– Switchname(config-if)#switchport access vlan 2
Now a pc plugged directly into a phone will use vlan 2 and the phone will use vlan 1 , seperating traffic.
Cisco Aironet 1200 series
• GUI or CLI Based
• Uses A, B and G standard (2.4 and 5GHZ)
• Supports multiple modes of encryption including WEP and WPA with TKIP
Cisco 1200 aironet config
• We need to assign a static ip to the device or it will pick one up dynamically via dhcp
– Apname(config)#interface BVi1– Apname(config-if)#ip address 172.32.0.100 255.255.0.0
– We have now assigned a ip so now we will set up SSID– Apname(config)#dot11 ssid MaxWiFi– Apname(config-ssid)#authentication open– Apname(config-ssid)#authentication key-management wpa– Apname(config -ssid)#guest-mode– Apname(config-ssid)#wpa-psk ascill wirele55
Cisco 1200 aironet setup
• We will now apply the ssid MaxWiFi to dot11radio0 interface– Apname(config)#interface dot11radio0
– Apname(config-if)#encryption mode ciphers TKIP
This has set the interface to support TKIP cipher keys which is required for WPA
• Apname(config-if)#channel least-congested• Or• Apname(config-if)#channel (1-13)• Apname(config-if)#ssid MaxWiFi
• This will now broadcast MaxWiFi with wpa encryption
top related