module 3: planning and troubleshooting routing and switching
TRANSCRIPT
Module 3: Planning and Troubleshooting Routing
and Switching
Overview
Selecting Intermediate Devices
Planning an Internet Connectivity Strategy
Planning Routing Communications
Troubleshooting TCP/IP Routing
Lesson: Selecting Intermediate Devices
Types of Devices
Multimedia: The Role of Routing in a Network Infrastructure
When to Use Routing
Types of Networking Domains
What Are the Features of Switches?
Virtual LANs
Full-Duplex Transmission in Switched Environments
Guidelines for Selecting an Appropriate Intermediate Device
Types of Devices
Device OSI layer Definition
HubPhysical (layer 1)
Extends the network by retransmitting the signalDoes not process the dataIs invisible to the nodes
SwitchData-link (layer 2)
Forwards frames according to the destination address
Uses temporary or virtual connections to connect source and destination ports
RouterNetwork (layer 3)
Used to link WANs and dissimilar LANsOperates at the packet levelSends packets based on packet addressing
Layer 3 switch
Network (layers 2 and 3)
Is a limited-purpose hardware-based IP router with bridging capabilities Also performs layer 2 switching
Multimedia: The Role of Routing in a Network Infrastructure
The objective of this presentation is to explain the role of routing in a network infrastructure
You will learn how to:
Describe how routing fits into the network infrastructure
Explain the difference between local and remote routing
Describe how the Routing and Remote Access service fits into the network infrastructure
When to Use Routing
Use routing to:Use routing to:
Isolate networks from each other
Provide a start for a secure network implementation
Isolate networks from each other
Provide a start for a secure network implementation
Traditional uses of routersTraditional uses of routers
Connecting WANs
Segmenting LANs
Connecting WANs
Segmenting LANs
SwitchSwitch
Segment BSegment B
HubHub
Segment ASegment A
Broadcast DomainBroadcast Domain
Collision Domain BCollision Domain BCollision Domain ACollision Domain A
HubHub
Types of Networking Domains
What Are the Features of Switches?
Switch feature Benefits
Layer 3Routes packets at layer 3Forwards frames at layer 2
CostSubstantially cheaper than similar performance routers
Hardware routingFast performance (near wire speed)Minimal latency
Virtual LANs
Layer 3 SwitchLayer 3 Switch
HubHubHubHubHubHub
VLAN 1VLAN 1 VLAN 2VLAN 2
VLAN ABE – Broadcast DomainVLAN ABE – Broadcast Domain VLAN CDFG – Broadcast DomainVLAN CDFG – Broadcast Domain
A B C D E F G
Full-Duplex Transmission in Switched Environments
SwitchSwitch
Full-duplex communicationFull-duplex communication
Switched EnvironmentSwitched Environment
Frame BFrame BFrame AFrame A Frame DFrame DFrame CFrame C
Guidelines for Selecting an Appropriate Intermediate Device
Ease of implementationEase of implementation
SpeedSpeed
FunctionalityFunctionality
ProgrammabilityProgrammability
CostCost
Layer 1 supportLayer 1 support
Protocol supportProtocol support
Administration and troubleshooting sophisticationAdministration and troubleshooting sophistication
Practice: Selecting Intermediate Devices
In this practice, you will learn how to:
Select an appropriate intermediate device
Identify the required features of the intermediate device
Lesson: Planning an Internet Connectivity Strategy
Multimedia: Strategies for Network Connectivity to the Internet
Requirements for an Internet Connectivity Solution
NAT as a Solution for Internet Connectivity
ISA as a Solution for Internet Connectivity
Multimedia: Selecting a NAT/Basic Firewall or ISA Server Solution
Guidelines for Planning an Internet Connectivity Strategy
Multimedia: Strategies for Network Connectivity to the Internet
The objective of this presentation is to examine some best practices for connecting a corporate network to the Internet
You will learn how to: Explain how to enable a connection from
your corporate network to the Internet Explain the functionality of NAT, ICS, and
ISA servers Identify some best practices for planning
a secure network connection to the Internet
Requirements for an Internet Connectivity Solution
Internet connectivity requirementsInternet connectivity requirements
Scalability and fault tolerance
Filtering
User access
Authentication
Bandwidth control
Time-of-day access
Extensibility and flexibility
Application connectivity
Scalability and fault tolerance
Filtering
User access
Authentication
Bandwidth control
Time-of-day access
Extensibility and flexibility
Application connectivity
131.107.0.9
NAT as a Solution for Internet Connectivity
131.107.0.9
10.10.10.710.10.10.7
Why NAT is a good solution
Same security requirements for all users
Non-routed private network
Required private addressing
NAT TableNAT Table
10.10.10.0 maps to 131.107.0.910.10.10.0 maps to 131.107.0.9
10.10.10.610.10.10.6
10.10.10.1010.10.10.10
131.107.0.9
Why ISA is a good solution
Secure Internet and private network access
Routed or non-routed network
ISA as a Solution for Internet Connectivity
IntranetIntranet
10.10.10.810.10.10.8
ISA ServerISA Server
10.10.10.0 maps to 131.107.0.910.10.10.0 maps to 131.107.0.9
10.10.10.710.10.10.7
10.10.10.910.10.10.9
10.10.10.1010.10.10.10
10.10.10.810.10.10.8
131.107.0.9
Multimedia: Selecting a NAT/Basic Firewall or ISA Server Solution
The objective of this presentation is to explain how to choose between a NAT/basic firewall or ISA Server solution
You will learn how to: Identify when to use a NAT/basic firewall
solution Identify when to use an ISA server
solution Identify the criteria for selecting the most
appropriate firewall solution Apply the appropriate firewall solution for
your organization
Guidelines for Planning an Internet Connectivity Strategy
Define the existing network structureDefine the existing network structure
Identify connectivity requirementsIdentify connectivity requirements
Select an appropriate solutionSelect an appropriate solution
Define security requirementsDefine security requirements
Practice: Planning an Internet Connectivity Strategy
In this practice, you will learn how to plan an Internet connectivity strategy
Lesson: Planning Routing Communications
Determining the Appropriate Connection Method
Selecting a Routing Protocol
Using IP Packet Filters
Multimedia: Configuring a Router to Filter Protocols
When Are VPN Tunnels Used?
Using IPSec in Tunnel Mode
Guidelines for Planning Router Connectivity
Determining the Appropriate Connection Method
Connection method When used
Leased lines
Security is important Speed and reliability are required No budget constraints
Tunneling Security is important No modem infrastructure
Demand-dial routing Security is important
On demand Limited traffic Per-instance fee pricing structure
Demand-dial -persistent
Ample traffic Flat fee pricing structure
Selecting a Routing Protocol
Protocol Criteria
Static routes
Routing information rarely changes Small internetworks Scalability not an issue Manual updates required
RIP (dynamic)
Routing information constantly changes Automatic routing table updates required Existing routers use RIP Design includes demand-dial interface Maximum number of routers an IP packet will cross is 15
OSPF (dynamic)
Routing information constantly changes Existing routers use OSPF Design includes redundant paths between two subnets Design has more than 50 subnets
All other protocolsAll other protocols
ICMPICMP
Using IP Packet Filters
Branch OfficeBranch Office
Branch OfficeBranch Office
Interface A inbound
filter
Interface A inbound
filter
Interface B outbound
filter
Interface B outbound
filter
Interface C outbound
filter
Interface C outbound
filter
All protocolsAll protocols
All other protocolsAll other protocols
SNMPSNMP
Corporate HeadquartersCorporate Headquarters
Multimedia: Configuring a Router to Filter Protocols
The objective of this presentation is to show how to configure a router to filter specific protocols
Use the Routing and Remote Access service to add a router to the console
Configure the router to process ICMP packets
Use the ping command to identify blocked outgoing filters
When Are VPN Tunnels Used?
VPN with PPTP tunnel
Used if:Used if:
All routers support VPN tunnels
You are using MS-CHAP or EAP-TLS
Router authentication uses user-based certificates
All routers support VPN tunnels
You are using MS-CHAP or EAP-TLS
Router authentication uses user-based certificates
VPN with L2TP tunnel
Used if:Used if:
All routers support VPN tunnels
Router authentication uses computer-based certificates or user-based certificates
All routers support VPN tunnels
Router authentication uses computer-based certificates or user-based certificates
Using IPSec in Tunnel Mode
Using IPSec in tunnel mode: Enforces IPSec policies for all tunnel traffic Supports point-to-point security Specifies tunnel endpoint at both routers
Security Between NetworksSecurity Between Networks
Windows Server/RouterWindows Server/Router
Windows Server/RouterWindows Server/Router
Guidelines for Planning Router Connectivity
Identify the router connection methodIdentify the router connection method
Determine which connectivity options to useDetermine which connectivity options to use
Determine which routing protocol to useDetermine which routing protocol to use
Identify filter settingsIdentify filter settings
Practice: Planning Routing Communications
In this practice, you will plan router communications based on the provided scenario
Lesson: Troubleshooting TCP/IP Routing
How to Isolate a Routing Problem
When to Use Each of the Troubleshooting Tools
Demonstration: Using Troubleshooting Tools
Troubleshooting TCP/IP Routing
How to Isolate a Routing Problem
Inside-Out StrategyInside-Out StrategyOutside-In StrategyOutside-In Strategy
Can you ping the
remote host?
Can you tracert to
remote host?
Can you access the
failed system?
If problem still exists, check route configuration
Contact the administrator
of the failed system
Check system configuration
Fix configuration
problem
Determine where trace
fails
YesYes
No No
Yes
No
Is the IP configuration
correct?
Correct the configuration
Use tracert to identify
communication breakdown
No
Is the routing table
accurate?
Correct/delete the incorrect route entries
Contact network support engineer
Can you ping the gateway?
Can you ping interior gateways?
No
No
No
Yes
Yes
Yes
Divide-by-Half : Isolate by ½ the connection issue, then isolate by ½ againDivide-by-Half : Isolate by ½ the connection issue, then isolate by ½ again
When to Use Each of the Troubleshooting Tools
Troubleshooting area Utility to use
Local computer configuration
HostnameIpconfigNetStatNbtstatARP
Network connections NetDiag
Tracing paths
TracertPingPathping
DNS NSlookup
Demonstration: Using Troubleshooting Tools
The instructor will demonstrate the use of Netdiag for troubleshooting routing issuesThe instructor will demonstrate the use of Netdiag for troubleshooting routing issues
Troubleshooting TCP/IP Routing
TCP/IP configuration
Default client route and static route configuration
Demand-dial routing configuration
Router configuration
Practice: Troubleshooting TCP/IP Routing
In this practice, you will troubleshoot TCP/IP routing in a sample enterprise
Lab A: Planning and Troubleshooting Routing
Exercise 1: Planning a Routing Strategy
Exercise 2: Troubleshooting a Routing Problem