Learning about networks can be frustrating, so I condensed a bunch of topics covered in the CCNA to help summarize what may confuse new learners. In this last post, I will recap the end material finishing off the CCNA series. As always, if you would like to view the raw compilation of notes I've written, please feel free to check out my repo.
Like the other portions of this series, each section is separated by a divider
Connecting networks starts out reviewing many enterprise concepts brought up in my last post and dives further into the importance of segmentation in hierarchical design. We are going to skip ahead to WAN (Wide Area Network) material however. WAN's mostly operate on the physical and data link layers, can be circuit, or packet switched by design and utilize a few technologies like Frame Relay, ATM and Point-to-Point protocols. On the physical end, we have CPE (Customer Premises Equipment), DCE (Data Communications) and DTE (Data Terminal). DCE's are the devices that put data on local loops, using a DTE to connect to it.
More importantly, pay attention to the Demarcation Point, since this is where a separation between customer equipment and a service provider happens. This split works through the use of a junction box that connects CPE wiring to a local loop. The local loop, or last-mile, is the copper, or fiber that connects CPE's to the Central Office of a service provider.
There are lots of devices discussed here within WAN environments, but the one I want you to pay attention to in this recap is the CSU/DSU, or Channel Service Unit/Data Service Unit. A CSU ensures the connection integrity of digital signatures, and the DSU converts frames a LAN can interpret.
Circuit switching establishes a dedicated circuit as the name implies, and there are two primary types involved: PSTN's (Public Switched Phone Network), which I dive into in the Phone Story post, and ISDN's (Integrated Services Digital Network). With packet switching, traffic is split into ..you guessed it.. packets and routed over a shared network, so there isn't a need for a circuit in this case.
I'm going to gloss over to long-range communications really quick because you should also know some of the material in regards to Dense Wavelength Division Multiplexing, which is a bidirectional communication method that can multiplex multiple channels. It basically assigns incoming optical signals to frequencies.
One last point here: You should know a VPN (Virtual Private Network) is an encrypted connection between private networks over public Internet and that they use tunnels (there are tons of resources online). I also understand some material is dated, but you should still learn it if you plan on sitting for the exam.
The main points I want to bring up are that Point-to-Point communication links are dedicated and use what's called TDM, or Time-Division Multiplexing. Before I go any further, it's important to understand that multiplexing allows many logical signals to share a single physical channel. TDM is one and STDM (Statistical Time-Division Multiplexing) is another.
With TDM, the bandwidth of a single link is divided and separated into time slots before being transmitted over it. Each channel takes a turn using the link. A MUX, or multiplexer accepts three separate signals, breaks them into pieces and puts them in a single channel (shown in the image above), while interleaving keeps track of bits from each for reassembly. SONET (Synchronous Optical Networking) and SDH (Synchronous Digital Hierarchy), are the standard for transportation of TDM data.
Statistical Time-Division Multiplexing on the other hand, was created to fix some issues with TDM, and allows channels to compete for available free space. A memory buffer temporarily stores data during high traffic.
The texts go into cabling standards and WAN encapsulation protocols, so you should have an idea of how HDLC (High-level Data Link Control) is the default encapsulation type, how SLIP (Serial Line Internet Protocol) is a standard protocol for PPP serial connections using TCP/IP and what X.25, Frame Relay and ATM all do. Read through how HDLC encapsulation works, how it uses flags to mark the beginning and end of a frame, and how Cisco developed an extension called cHDLC.
There are three phases for establishing PPP sessions, creatively called Phase 1, Phase 2, and Phase 3 and I'll briefly touch up on this. In phase 1, we see a link establishment and negotiation. When this is done a receiving router sends a config-ack frame back to the initiator. In phase 2, we see a link quality determination, but it's optional and can actually delay transmission information. Lastly, in phase 3, we see negotiation on the network layer.
/* Commands to know with PPP */ sh int // Show interfaces sh int serial // Verify HDLC/PPP encapsulation sh ppp multilink // Verify PPP multilinks are enabled
A Little on PAP & CHAP
I'm going to touch on Password Authentication Protocol and Challenge Handshake Authentication Protocol here, because really anytime you get the opportunity to learn how varying handshakes work, it's advantageous for you to do so. PAP is a 2-way handshake that offers NO encryption whatsoever and that means everything is in plain text (yikes). It doesn't even bother to re-authenticate once a connection has been established, so it's an avoid if possible sort of deal.
CHAP on the other hand, is a 3-way handshake that uses a shared secret exchange and makes periodic checks to ensure nodes are still using valid passwords. A local router sends a challenge message to a remote one, the remote one responds with a value calculation using a 1-way hash and the local router checks it against its own hash. CHAP provides protection against playback attacks unlike PAP.
/* PPP Auth */ ppp authentication <chap | chap pap> <if-needed> <list-name> // chap enables CHAP on a serial int and chap pap enables both - chap before pap // if-needed and list-name are used with TACACS/XTACACS
/* Config CHAP */ username router password class int s0/0/0 ip address 10.0.1.1 255.255.255.252 ipv6 address 2001:db8:cafe:1::1/64 encapsulation ppp ppp authentication chap
/* Debug commands */ debug ppp packet // Packet exchanges under normal PPP debug ppp negotiation // View LCP negotiations/auth/NCP negotiation debug ppp error // Display protocol errors/stats associated w/negotiation/op
NAT & PAT
Remember learning about the problems involved with IPv4 when it came to address space? There simply weren't enough unique addresses for everyone and this became problematic. Well, NAT, or Network Address Translation was developed to stop the depletion of IPv4 addresses, by acting as a barrier between private and public spaces. What this means is that a local private network can have private addresses, that look like a single IP to public networks.
NAT has 4 different types of addressing:
- Inside local: The address of a source seen from inside a network
- Inside global: The address of a source seen from outside a network
- Outside local: The address of a destination as seen from inside a network
- Outside global: The address of a destination as seen from outside a network
It's important to note things are ALWAYS applied from the perspectives of devices when dealing with translated addresses here, so I'm going to provide another bullet list:
- Inside address: The address of a device being translated by NAT
- Outside address: The destination device
- Local address: Any address on the inside of a network
- Global address: Any address on the outside of a network
There are also three NAT translation types: Static, Dynamic and PAT (Port Address Translation). Static NAT deals with 1-to-1 address mapping between a local and global address, which remains constant, so when devices send traffic to the Internet, the inside local address is translated to the configurations inside the global address. The outside sees them as having public IPv4's. This is handy for things that have to have consistent address (servers). Dynamic NAT deals with a many-to-many address mapping between local and global addresses and uses a pool of public addresses, assigning them on a first-serve basis.
PAT, or NAT overloading, deals with a many-to-1 address map between local and global addresses and maps multiple private IPv4's to a single or a few public addresses that are also tracked by port number. When a device initiates a TCP/IP session, it generates a TCP/UDP source port value to identify it. When a NAT router receives a packet from a client, it uses this number for NAT translation.
NAT: Translates addresses on a 1-to-1 basis between private and public IP's.
PAT: Modifies both address and port number
/* Verify commands */ sh ip nat translations // Shows active NAT translations sh ip nat statistics // Total number of active translations/configurations clear ip nat statistics // Verify things are working by clearing stats
There is a LOT more that goes into configurations here, but I won't delve much deeper into it, because I would be here all night. You should have an extremely good working understanding of this however because it is used quite a bit.
The material goes on to cover ASA's and the configurations involved with their setup and general DMZ related stuff, and you should familiarize with this material as well because there are a lot of neat perks and gems here. You should also have a base working understanding of SYSLOG, SNMP and NetFlow and the pros and cons of use. Lastly, the material covers quite a bit of information about various troubleshooting methods you can employ.
With that said, I tried to condense this material as much as possible, but these guides are intended to be read as you study for the CCNA to help solidify some of the material learned. We went over everything from the OSI model, to subnetting, to routing protocols and some of the quirky things you learn about how things work across the wire over a 4 part series. I hope that these posts have proven themselves to be useful in some way to my readers and wish you all the best of luck in learning and hope that you pass any certifications you may be planning on taking in the future!