Layer 1: Physical - Dealing with Bits!


2 pair wires:
- Ethernet: 10Base-T | 802.3 | 10Mb/s
- Fast Ethernet: 100Base-T | 802.3u | 100Mb/s
- Straight-Through Cable:
	- PC NIC transmits data on pins 1&2, switch receives on pins 1&2
	- PC NIC receives data on pins 3&6, switch transmits on pins 3&6
	- router transmits and receives on same pins as NIC when connected to a switch
- Crossover Cable:
	- pin 1->3, 2->6, 3->1, 6->2
		- transmit pin connected to receive pin
	- allows router to router communication, or switch to switch, or any 2 of the same devices
- Devices that transmit on pins 1,2 & receive on pins 3,6:
	- PC NICs, Routers, WAPs, Network Printers
- Devices that receive on pins 1,2 & transmit on pins 3,6:
	- Hubs, Switches
- full-duplex transmission: send and receive simultaneously
- Auto MDI-X:
	- newer devices automatically detect what cable is used and can switch which pins they use to transmit/receive
	- no need for crossover cables anymore

4 pair wires:
- Gigabit Ethernet: 1000Base-T | IEEE 802.3ab
- 10 Gig Ethernet: 10GBase-T | 802.3an
- each pair of wires is bi-directional: can send & receive
- all ethernet cables have 100 M max length

Fiber Optic Cables:
- 10GBase-SR: 400 M
- 10GBase-LR: 10 KM
- one cable to transmit and one to receive on each end
- SFP transceiver (Small FormFactor Pluggable):
	- plugs into back of switch/router to plug in fiber optic cables


Every device connected to a hub is in the same collision domain
	- hub just broadcasts all frames to all devices
hubs use half duplex --> hubs operate at layer 1 ***
	- CSMA/CD (Carrier Sense Multiple Access with Collision Detection): hub uses this to avoid collisions
		- devices listen to collision domain before sending frames, avoid sending when others send
		- if collision occurs, device sends jamming signal to inform other devices
			- each device waits a random period of time before sending frames again


PoE (Power over Ethernet):
	- allows PSE (Power Sourcing Equipment) to provide power to PD (Powered Devices) over an Ethernet cable
		- PSE: switch/hub
		- PD: IP phone, IP camera, WAPs, etc...
	- PSE sends low power signals to PDs to determine how much e-
	- power policing: prevents PDs from taking too much e-
		- "power inline police" --> interface put in error-disabled state, stops sending e-, "no shutdown" to restart
			- also generates Syslog message
		- "power inline police action log" --> restarts device & send Syslog message if PD takes too much e-
		- "show power inline police "
	- PoE standards (Probably NOT on Exam):
		1) Cisco ILP (Inline Power)	| 7W
		2) PoE Type 1 (802.3af) 	| 15W
		3) PoE+ Type 2 (802.3at)	| 30W
		4) UPoE Type 3 (802.3bt)	| 60W
		5) UPoE+ Type 4 (802.3bt)	| 100W

LAN Architectures

LAN Architectures:
	- Topologies:
		- Star: all devices connected to one device (all PCs to one switch)
		- Full-Mesh: all devices connected to each other
		- Partial-Mesh: some devices are connected to each other
	- 2-Tier & 3-Tier LAN:
		- 2-Tier (AKA Collapsed Core design):
			- Access Layer: end hosts connect here (lots of ports for switch on access layer)
				- VLANs, port security, QoS, DAI, all enabled here, PoE ports
			- Distribution Layer (AKA Distribution-Core layer): aggregates connections from acces layer switches
				- connects to WAN
				- connections between distribution layer switches = layer 3 (can use OSPF)
		- 3-Tier: Cisco recommends adding Core layer (3-Tier) when more than 3 Distribution layer switches in single location
			- each Distribution layer connects to Core layer
			- layer 3, no spanning tree, FAST
			- backbone of LAN = Core layer
	- Spine-Leaf (Data Center):
		- used to use 3-Tier LAN Architecture --> good for North-South traffic (internet and up/down layers) but not East-West
			- traffic between servers is more common, splitting workload among multiple servers is very common now
		- Spine-Leaf (ACI Application Centric Infrastructure):
			- 2-Tier
			- Spine switches: layer 3
				- spine switches do NOT connect to other spine switches
			- Leaf switches: layer 2
				- every leaf switch connected to every spine switch
				- leaf switches do NOT connect to other leaf switches
				- end hosts only connect to leaf switches
	- SOHO (Small Offic Home Office):
		- single device acting as router, switch, firewall, modem, AP, etc...

WAN Architectures

WAN Architectures:
	- Intro to WANs:
		- WAN usually refers to private company intranet that span large distances
		- each office connected to central Data center over leased line 
			- leased lines connect to service provider normally
			- (Hub & Spoke / Star topology):
				- Central Data Center = Hub ; Offices = spokes

	- Leased Lines:
		- dedicated physical link between 2 sites
		- uses Serial connection: PPP / HDLC encapsulation
			- standards: T1, T2, T3 (slowest to fastest)

	- MPLS (Multi Protocol Label Switching) VPNs:
		- ISP provides this
		- shared infrastructure, similar to internet
		- Label Switching allows VPN
			- use label to decide where to forward packet, NOT IP addresses
		- Router Types:
			- CE router: Customer Edge router
				- do NOT use MPLS
			- PE router: Provider Edge router
				- use MPLS
			- P router:  Provider Core router
				- use MPLS
		- layer 3 MPLS VPNs:
			- CE & PE routers form peerings using routing protocol (ex: OSPF)
		- layer 2 MPLS VPNs:
			- as if CE routers are connected directly to each other
			- service provider is totally transparent, acting like a big switch connecting CE routers

	- Internet Connectivity:
		- DSL: phone lines
			- DSL Modem: necessary to convert data into format suitable to be sent over phone lines
		- Cable internet: CATV 
			- Cable Modem: same as DSL Modem
		- Redundant Internet Connections:
			- Single Homed: 	1 connection to 1 ISP
			- Dual Homed:   	2 connection to 1 ISP
			- MultiHomed: 		1 connection to 2 ISPs
			- Dual MultiHomed:  2 connection to 2 ISPs

	- Internet VPNs:
		- WAN over shared infrastructure
		- 2 Types:
			1) Site-to-site VPNs using IPsec
				- VPN between 2 devices connected (routers) over internet
				- VPN tunnel created, encrypts original IP header, encapsulates w VPN header & adds new IP header
					- also combines original packet with session (encryption) key
					- router does all this and sends to other router, receiving router decrypts
				- IPsec ONLY supports unicast, no broadcast/multicast
					- routing protocols like OSPF CANNOT be used (rely on multicast)
						- GRE over IPsec solves this
				- configuring full-mesh between all routers isn't easy/fast
					- Cisco DMVPN solves this
				- GRE (Generic Routing Encapsulation) over IPsec: 
					- GRE creates tunnels like IPsec BUT does NOT encrypt original packet
						- not secure
						- allows OSPF, multicast, broadcast, all other routing protocols
					- GRE over IPsec: gives flexibility of GRE & security of IPsec
						- original packet encapsulated with GRE header & new IP header, THEN encrypt GRE packet, THEN encapsulated again with IPsec VPN header & new IP header
				- DMVPN (Dynamic Multipoint): 
					- allows Cisco routers to dynamically create full-mesh of IPsec tunnels automatically
					- manually config Hub-Spoke (one router connects to all)
						- Hub router gives directions to spoke routers on how to mesh
			2) Remote-access VPNs using TLS
				- allows end devices to access resources in company LAN securely over internet
				- connects one device to a site
				- on demand access over insecure connection
				- uses TLS as opposed to IPsec
				- company router/firewall acts as TLS server

Wireless Fundamentals

Wireless Fundamentals:
	- RF (Radio Frequency):
		- apply alternating current to antenna, creates EM fields, propogate as waves
			- Aplitude: strength of wave
			- Frequency: cycles per second of wave
				- Period: time for 1 cycle
		- 30 Hz - 300 GHz
	- Wi-Fi Standards:
		- 802.11	2.4 	GHz		2	Mb/s
		- 802.11b	2.4 	GHz		11	Mb/s
		- 802.11a	5 		GHz		54	Mb/s
		- 802.11g	2.4 	GHz		54	Mb/s
		- 802.11n	2.4/5 	GHz		600	Mb/s	Wi-Fi 4		AKA HT (High Throughput) Wi-Fi 
		- 802.11ac	5		GHz		6.93Gb/s	Wi-Fi 5		AKA VHT (Very HT)
		- 802.11ax	2.4/5/6 GHz		27.7Gb/s	Wi-Fi 6
	- WLAN (Wireless LAN) Fundamentals:
		- Wi-Fi Alliance certifies devices that are in compliance with 802.11 standards
			- Wi-Fi is technically not the term to use when referring to WLANs
		- Issues:
			- all devices receive all frames
			- collisions can occur & bad privacy
			- important to encrypt data within LAN 
				- CSMA/CA (Carrier Sense Multiple Access / Collision Avoidance)
					- very similar to CSMA/CD (used by hubs to avoid collisions)
		- Wireless Signal Factors:
			- absorption: signal passes through material, converts to heat (weaken signal)
			- reflection: signal bounces off material like metal (can prevent com)
			- refraction: signal wave bent when going through diff medium
			- diffraction: signal wave travels around obstacle (blind spots)
			- scattering: material causing signal to scatter in all directions (dust, uneven surface)
			- interference: multiple devices using same channel
		- Channels:
			- 2.4 GHz
				- recommended to use channels 1, 6, 11
					- don't overlap
					- arrange in honeycomb pattern
			- 5 GHz: divided into 4 smaller bands
			- 6 GHz
			- large WLANs should use multiple channels to avoid interference
		- Service Sets:
			- groups of wireless network devices
			- all devices in same service set share same Service Set ID (SSID)
				- SSID = human readable name for connection (doesn't have to be unique)
			- 3 types:
				1) Independent Service Sets:
					- IBSS (Independent Basic Service Set): devices that connect directly to each other WITHOUT an AP
					- ad hoc networks
						- (ex: AirDrop)
					- not scalable beyond a couple devices
				2) Infrastructure Service Sets:
					a) BSS (Basic Service Set): group of devices that connect to eachother via an AP 
						- BSA (Basic Service Area): area where signal is usable
						- other APs can use same SSID but not same BSSID
							- BSSID = MAC of AP's radiio
						- wireless devices request to associate with the BSS
							- clients / stations = devices that are associated
						- AP in repeater mode extends range of BSS
							- repeater with 2 channels can receive on one and transmit on other (full-duplex)
					b) ESS (Extended Service Set): create larger WLANs beyond single AP
						- 2 or more BSSs connected by a switch
						- each BSS needs different BSSIDs, channels
						- moving between the 2 BSSs don't need to reconnect, seamless
							- Roaming
						- should be 10-15% overlap in BSAs
				3) Mesh Service Sets:
					- MBSS (Mesh Basic Service Set): used when difficult to run physical ethernet connection to each AP
					- each AP sends traffic back to the 1 central switch connected to only 1 AP
						- all APs connected in mesh to get data back to switch
						- RAP (Root AP): AP connected directly to switch
						- MAP (Mesh AP): APs connected to eachother and to RAP
							- protocol used to determine best path for data
					- Distribution System (DS): upstream wired network
						- RAP connects to switch in DS if not an isolated network
						- APs can separate into multiple WLANs with diff SSIDs mapped to separate VLANs in the DS
				- WGB (Work Group Bridge): connect wired devices to wireless network & client of other AP
				- Outdoor Bridge: wirelessly connect point to point / point to multipoint over long distances
					- hub and spoke topology

Wireless Architectures

Wireless Architectures:
	- 802.11 messages / frame format:
		- different 802.11 standards have different frame formats
		- 802.11 frame > ethernet frame 
		- Frame:
			- Frame Control: message type & subtype (2 bytes)
			- Duration/ID: depend on message in frame control, can indicate 2 things
				1) time in microseconds channel is dedicated to transmit frame
				2) identifier for connection
				3) addresses (up to 4):
					- DA (Destination Address): final recipient of frame
					- SA (Source Address): original source of frame
					- RA (Receiver Address): immediate recipient of frame
					- TA (Transmitter Address): immediate sender of frame
				4) sequence control: reassemble fragmented frames
				5) QoS control
				6) HT (High Throughput) control: added to 802.11n for high throughput operations
				7) frame body (packet)
				8) FCS (Frame Sequence Check)
		- 3 connection states for 802.11:
			1) not authenticated, not associated
			2) authenticated, not associated
			3) authenticated, associated
				- must be both authenticated and associated with AP to send traffic
		- 802.11 connection process:
			- * stations/clients can active scan / passive scan for APs
			- client/station sends probe request & AP sends probe response
			- client/station sends authentication request & AP sends authentication response
			- client/station sends association request & AP sends association response
		- 802.11 Message Types:
			- management: beacon, probe request/response, authentication, association
			- control: assist with delivery of management and data frames
				- RTS (Request To Send), CTS (Clear To Send), ACK
			- data: actual data sent

	- Methods of Deploying WAPs:

		- Autonomous APs: self reliant, no dependency on WLC
			- config manually, individually (CLI, SSH, Telnet)
			- each AP is autonomous, must all be configured manually, individually
			- each AP should connect to wired network using trunk link (VLAN for managment separate)
				- each SSID has different VLAN

		- Lightweight APs: functions split between AP and WLC
			- AP controls real-time operations
			- WLC controls security, QoS, roaming, association, etc...
			- AKA Split-MAC Architecture
			- config all APs with one central WLC
			- WLC can be in same or different VLAN as APs
				- each SSID has different VLAN
			- WLCs & APs authenticate each other with X.509 certificates
			- WLCs use protocol called CAPWAP to communicate
				- CAPWAP control tunnel: UDP 5246
				- CAPWAP data tunnel: UDP 5247
					- does not connect directly to wired network, WLC first
					- DTLS (Datagram TLS) used if you want to encrypt traffic
			- APs usually connect to WLC w accessports, not trunk ports (b/c CAPWAP)
				- WLC connects to wired network with trunk port
			- Lightweight AP modes:
				- Local: default, AP offers BSS
				- FlexConnect: AP offers BSS, allows AP to locally switch traffic between wired & wireless networks if WLC goes down
				- Sniffer: AP does NOT offer BSS for clients, captures frames & sends to Wireshark (or other apps)
				- Monitor: AP does NOT offer BSS for clients, receives frames to detect rogue devices
					- AP can send de-authentication messages to de-associate device from AP
				- Rogue Detector: (no radio) AP only listens on wired network, receives list of sus rogue clients & AP MACs from WLC
					- listens for ARP messages and correlates to info received from WLC
				- SE-Connect (Spectrum Expert): performs RF spectrum analysis on all channels, sends info to Cisco Spectrum Expert software on PC
					- used to collect/analyze data, find sources of interference
				- Bridge/Mesh: like autonomous AP's outdoor bridge, can be dedicated bridge between sites over long distances (can have mesh betw APs)
				- Flex plus Bridge: adds FlexConnect functionality to Bridge/Mesh mode, WAPs can forward traffic even if WLC lost

		- Cloud-based APs:
			- in between autonomous and split-MAC/Lightweight AP architectures
			- autonomous APs centrally managed in cloud
			- Cisco Meraki --> popular cloud-based Wi-Fi solution
				- Meraki dashboard: monitor everything, edit APs
			- regular data traffic NOT sent to cloud, ONLY control traffic

	WLC (Wireless LAN Controller) Deployments:
		- WLCs benefits:
			- scalability 
			- dynamic channel assignment 
			- transmit power optimization
			- self-healing wireless coverage: if one WAP fails, will auto increase transmit power to other APs
			- seamless roaming: clients roaming between clients with no delay
			- client load balancing
			- security / QoS central management
		- WLC Deployment Models:
			- 4 main models in Split-MAC arch:
				1) unified: WLC is separate hardware appliance
					- support up to 6000 APs
				2) cloud-based: WLC is VM in cloud
					- support up to 3000 APs
				3) embedded: WLC integrated in switch
					- support up to 200 APs
				4) mobility express: WLC integrated in an AP
					- support up to 100 APs