Layer 1: Physical - Dealing with Bits!
Cabling
2 pair wires:
- Ethernet: 10Base-T | 802.3 | 10Mb/s
- Fast Ethernet: 100Base-T | 802.3u | 100Mb/s
- Straight-Through Cable:
- PC NIC transmits data on pins 1&2, switch receives on pins 1&2
- PC NIC receives data on pins 3&6, switch transmits on pins 3&6
- router transmits and receives on same pins as NIC when connected to a switch
- Crossover Cable:
- pin 1->3, 2->6, 3->1, 6->2
- transmit pin connected to receive pin
- allows router to router communication, or switch to switch, or any 2 of the same devices
- Devices that transmit on pins 1,2 & receive on pins 3,6:
- PC NICs, Routers, WAPs, Network Printers
- Devices that receive on pins 1,2 & transmit on pins 3,6:
- Hubs, Switches
- full-duplex transmission: send and receive simultaneously
- Auto MDI-X:
- newer devices automatically detect what cable is used and can switch which pins they use to transmit/receive
- no need for crossover cables anymore
4 pair wires:
- Gigabit Ethernet: 1000Base-T | IEEE 802.3ab
- 10 Gig Ethernet: 10GBase-T | 802.3an
- each pair of wires is bi-directional: can send & receive
- all ethernet cables have 100 M max length
Fiber Optic Cables:
- 10GBase-SR: 400 M
- 10GBase-LR: 10 KM
- one cable to transmit and one to receive on each end
- SFP transceiver (Small FormFactor Pluggable):
- plugs into back of switch/router to plug in fiber optic cables
Hubs
Every device connected to a hub is in the same collision domain
- hub just broadcasts all frames to all devices
hubs use half duplex --> hubs operate at layer 1 ***
- CSMA/CD (Carrier Sense Multiple Access with Collision Detection): hub uses this to avoid collisions
- devices listen to collision domain before sending frames, avoid sending when others send
- if collision occurs, device sends jamming signal to inform other devices
- each device waits a random period of time before sending frames again
PoE
PoE (Power over Ethernet):
- allows PSE (Power Sourcing Equipment) to provide power to PD (Powered Devices) over an Ethernet cable
- PSE: switch/hub
- PD: IP phone, IP camera, WAPs, etc...
- PSE sends low power signals to PDs to determine how much e-
- power policing: prevents PDs from taking too much e-
- "power inline police" --> interface put in error-disabled state, stops sending e-, "no shutdown" to restart
- also generates Syslog message
- "power inline police action log" --> restarts device & send Syslog message if PD takes too much e-
- "show power inline police "
- PoE standards (Probably NOT on Exam):
1) Cisco ILP (Inline Power) | 7W
2) PoE Type 1 (802.3af) | 15W
3) PoE+ Type 2 (802.3at) | 30W
4) UPoE Type 3 (802.3bt) | 60W
5) UPoE+ Type 4 (802.3bt) | 100W
LAN Architectures
LAN Architectures:
- Topologies:
- Star: all devices connected to one device (all PCs to one switch)
- Full-Mesh: all devices connected to each other
- Partial-Mesh: some devices are connected to each other
- 2-Tier & 3-Tier LAN:
- 2-Tier (AKA Collapsed Core design):
- Access Layer: end hosts connect here (lots of ports for switch on access layer)
- VLANs, port security, QoS, DAI, all enabled here, PoE ports
- Distribution Layer (AKA Distribution-Core layer): aggregates connections from acces layer switches
- connects to WAN
- connections between distribution layer switches = layer 3 (can use OSPF)
- 3-Tier: Cisco recommends adding Core layer (3-Tier) when more than 3 Distribution layer switches in single location
- each Distribution layer connects to Core layer
- layer 3, no spanning tree, FAST
- backbone of LAN = Core layer
- Spine-Leaf (Data Center):
- used to use 3-Tier LAN Architecture --> good for North-South traffic (internet and up/down layers) but not East-West
- traffic between servers is more common, splitting workload among multiple servers is very common now
- Spine-Leaf (ACI Application Centric Infrastructure):
- 2-Tier
- Spine switches: layer 3
- spine switches do NOT connect to other spine switches
- Leaf switches: layer 2
- every leaf switch connected to every spine switch
- leaf switches do NOT connect to other leaf switches
- end hosts only connect to leaf switches
- SOHO (Small Offic Home Office):
- single device acting as router, switch, firewall, modem, AP, etc...
WAN Architectures
WAN Architectures:
- Intro to WANs:
- WAN usually refers to private company intranet that span large distances
- each office connected to central Data center over leased line
- leased lines connect to service provider normally
- (Hub & Spoke / Star topology):
- Central Data Center = Hub ; Offices = spokes
- Leased Lines:
- dedicated physical link between 2 sites
- uses Serial connection: PPP / HDLC encapsulation
- standards: T1, T2, T3 (slowest to fastest)
- MPLS (Multi Protocol Label Switching) VPNs:
- ISP provides this
- shared infrastructure, similar to internet
- Label Switching allows VPN
- use label to decide where to forward packet, NOT IP addresses
- Router Types:
- CE router: Customer Edge router
- do NOT use MPLS
- PE router: Provider Edge router
- use MPLS
- P router: Provider Core router
- use MPLS
- layer 3 MPLS VPNs:
- CE & PE routers form peerings using routing protocol (ex: OSPF)
- layer 2 MPLS VPNs:
- as if CE routers are connected directly to each other
- service provider is totally transparent, acting like a big switch connecting CE routers
- Internet Connectivity:
- DSL: phone lines
- DSL Modem: necessary to convert data into format suitable to be sent over phone lines
- Cable internet: CATV
- Cable Modem: same as DSL Modem
- Redundant Internet Connections:
- Single Homed: 1 connection to 1 ISP
- Dual Homed: 2 connection to 1 ISP
- MultiHomed: 1 connection to 2 ISPs
- Dual MultiHomed: 2 connection to 2 ISPs
- Internet VPNs:
- WAN over shared infrastructure
- 2 Types:
1) Site-to-site VPNs using IPsec
- VPN between 2 devices connected (routers) over internet
- VPN tunnel created, encrypts original IP header, encapsulates w VPN header & adds new IP header
- also combines original packet with session (encryption) key
- router does all this and sends to other router, receiving router decrypts
- IPsec ONLY supports unicast, no broadcast/multicast
- routing protocols like OSPF CANNOT be used (rely on multicast)
- GRE over IPsec solves this
- configuring full-mesh between all routers isn't easy/fast
- Cisco DMVPN solves this
- GRE (Generic Routing Encapsulation) over IPsec:
- GRE creates tunnels like IPsec BUT does NOT encrypt original packet
- not secure
- allows OSPF, multicast, broadcast, all other routing protocols
- GRE over IPsec: gives flexibility of GRE & security of IPsec
- original packet encapsulated with GRE header & new IP header, THEN encrypt GRE packet, THEN encapsulated again with IPsec VPN header & new IP header
- DMVPN (Dynamic Multipoint):
- allows Cisco routers to dynamically create full-mesh of IPsec tunnels automatically
- manually config Hub-Spoke (one router connects to all)
- Hub router gives directions to spoke routers on how to mesh
2) Remote-access VPNs using TLS
- allows end devices to access resources in company LAN securely over internet
- connects one device to a site
- on demand access over insecure connection
- uses TLS as opposed to IPsec
- company router/firewall acts as TLS server
Wireless Fundamentals
Wireless Fundamentals:
- RF (Radio Frequency):
- apply alternating current to antenna, creates EM fields, propogate as waves
- Aplitude: strength of wave
- Frequency: cycles per second of wave
- Period: time for 1 cycle
- 30 Hz - 300 GHz
- Wi-Fi Standards:
*** MEMORIZE NAMES, MAX SPEED, & GHZ FREQUENCY ***
- 802.11 2.4 GHz 2 Mb/s
- 802.11b 2.4 GHz 11 Mb/s
- 802.11a 5 GHz 54 Mb/s
- 802.11g 2.4 GHz 54 Mb/s
- 802.11n 2.4/5 GHz 600 Mb/s Wi-Fi 4 AKA HT (High Throughput) Wi-Fi
- 802.11ac 5 GHz 6.93Gb/s Wi-Fi 5 AKA VHT (Very HT)
- 802.11ax 2.4/5/6 GHz 27.7Gb/s Wi-Fi 6
- WLAN (Wireless LAN) Fundamentals:
- Wi-Fi Alliance certifies devices that are in compliance with 802.11 standards
- Wi-Fi is technically not the term to use when referring to WLANs
- Issues:
- all devices receive all frames
- collisions can occur & bad privacy
- important to encrypt data within LAN
- CSMA/CA (Carrier Sense Multiple Access / Collision Avoidance)
- very similar to CSMA/CD (used by hubs to avoid collisions)
- Wireless Signal Factors:
- absorption: signal passes through material, converts to heat (weaken signal)
- reflection: signal bounces off material like metal (can prevent com)
- refraction: signal wave bent when going through diff medium
- diffraction: signal wave travels around obstacle (blind spots)
- scattering: material causing signal to scatter in all directions (dust, uneven surface)
- interference: multiple devices using same channel
- Channels:
- 2.4 GHz
- recommended to use channels 1, 6, 11
- don't overlap
- arrange in honeycomb pattern
- 5 GHz: divided into 4 smaller bands
- 6 GHz
- large WLANs should use multiple channels to avoid interference
- Service Sets:
- groups of wireless network devices
- all devices in same service set share same Service Set ID (SSID)
- SSID = human readable name for connection (doesn't have to be unique)
- 3 types:
1) Independent Service Sets:
- IBSS (Independent Basic Service Set): devices that connect directly to each other WITHOUT an AP
- ad hoc networks
- (ex: AirDrop)
- not scalable beyond a couple devices
2) Infrastructure Service Sets:
a) BSS (Basic Service Set): group of devices that connect to eachother via an AP
- BSA (Basic Service Area): area where signal is usable
- other APs can use same SSID but not same BSSID
- BSSID = MAC of AP's radiio
- wireless devices request to associate with the BSS
- clients / stations = devices that are associated
- AP in repeater mode extends range of BSS
- repeater with 2 channels can receive on one and transmit on other (full-duplex)
b) ESS (Extended Service Set): create larger WLANs beyond single AP
- 2 or more BSSs connected by a switch
- each BSS needs different BSSIDs, channels
- moving between the 2 BSSs don't need to reconnect, seamless
- Roaming
- should be 10-15% overlap in BSAs
3) Mesh Service Sets:
- MBSS (Mesh Basic Service Set): used when difficult to run physical ethernet connection to each AP
- each AP sends traffic back to the 1 central switch connected to only 1 AP
- all APs connected in mesh to get data back to switch
- RAP (Root AP): AP connected directly to switch
- MAP (Mesh AP): APs connected to eachother and to RAP
- protocol used to determine best path for data
- Distribution System (DS): upstream wired network
- RAP connects to switch in DS if not an isolated network
- APs can separate into multiple WLANs with diff SSIDs mapped to separate VLANs in the DS
- WGB (Work Group Bridge): connect wired devices to wireless network & client of other AP
- Outdoor Bridge: wirelessly connect point to point / point to multipoint over long distances
- hub and spoke topology
Wireless Architectures
Wireless Architectures:
- 802.11 messages / frame format:
- different 802.11 standards have different frame formats
- 802.11 frame > ethernet frame
- Frame:
- Frame Control: message type & subtype (2 bytes)
- Duration/ID: depend on message in frame control, can indicate 2 things
1) time in microseconds channel is dedicated to transmit frame
2) identifier for connection
3) addresses (up to 4):
- DA (Destination Address): final recipient of frame
- SA (Source Address): original source of frame
- RA (Receiver Address): immediate recipient of frame
- TA (Transmitter Address): immediate sender of frame
4) sequence control: reassemble fragmented frames
5) QoS control
6) HT (High Throughput) control: added to 802.11n for high throughput operations
7) frame body (packet)
8) FCS (Frame Sequence Check)
- 3 connection states for 802.11:
1) not authenticated, not associated
2) authenticated, not associated
3) authenticated, associated
- must be both authenticated and associated with AP to send traffic
- 802.11 connection process:
- * stations/clients can active scan / passive scan for APs
- client/station sends probe request & AP sends probe response
- client/station sends authentication request & AP sends authentication response
- client/station sends association request & AP sends association response
- 802.11 Message Types:
- management: beacon, probe request/response, authentication, association
- control: assist with delivery of management and data frames
- RTS (Request To Send), CTS (Clear To Send), ACK
- data: actual data sent
- Methods of Deploying WAPs:
- Autonomous APs: self reliant, no dependency on WLC
- config manually, individually (CLI, SSH, Telnet)
- each AP is autonomous, must all be configured manually, individually
- each AP should connect to wired network using trunk link (VLAN for managment separate)
- each SSID has different VLAN
- Lightweight APs: functions split between AP and WLC
- AP controls real-time operations
- WLC controls security, QoS, roaming, association, etc...
- AKA Split-MAC Architecture
- config all APs with one central WLC
- WLC can be in same or different VLAN as APs
- each SSID has different VLAN
- WLCs & APs authenticate each other with X.509 certificates
- WLCs use protocol called CAPWAP to communicate
- CAPWAP control tunnel: UDP 5246
- CAPWAP data tunnel: UDP 5247
- does not connect directly to wired network, WLC first
- DTLS (Datagram TLS) used if you want to encrypt traffic
- APs usually connect to WLC w accessports, not trunk ports (b/c CAPWAP)
- WLC connects to wired network with trunk port
- Lightweight AP modes:
- Local: default, AP offers BSS
- FlexConnect: AP offers BSS, allows AP to locally switch traffic between wired & wireless networks if WLC goes down
- Sniffer: AP does NOT offer BSS for clients, captures frames & sends to Wireshark (or other apps)
- Monitor: AP does NOT offer BSS for clients, receives frames to detect rogue devices
- AP can send de-authentication messages to de-associate device from AP
- Rogue Detector: (no radio) AP only listens on wired network, receives list of sus rogue clients & AP MACs from WLC
- listens for ARP messages and correlates to info received from WLC
- SE-Connect (Spectrum Expert): performs RF spectrum analysis on all channels, sends info to Cisco Spectrum Expert software on PC
- used to collect/analyze data, find sources of interference
- Bridge/Mesh: like autonomous AP's outdoor bridge, can be dedicated bridge between sites over long distances (can have mesh betw APs)
- Flex plus Bridge: adds FlexConnect functionality to Bridge/Mesh mode, WAPs can forward traffic even if WLC lost
- Cloud-based APs:
- in between autonomous and split-MAC/Lightweight AP architectures
- autonomous APs centrally managed in cloud
- Cisco Meraki --> popular cloud-based Wi-Fi solution
- Meraki dashboard: monitor everything, edit APs
- regular data traffic NOT sent to cloud, ONLY control traffic
WLC (Wireless LAN Controller) Deployments:
- WLCs benefits:
- scalability
- dynamic channel assignment
- transmit power optimization
- self-healing wireless coverage: if one WAP fails, will auto increase transmit power to other APs
- seamless roaming: clients roaming between clients with no delay
- client load balancing
- security / QoS central management
- WLC Deployment Models:
- 4 main models in Split-MAC arch:
1) unified: WLC is separate hardware appliance
- support up to 6000 APs
2) cloud-based: WLC is VM in cloud
- support up to 3000 APs
3) embedded: WLC integrated in switch
- support up to 200 APs
4) mobility express: WLC integrated in an AP
- support up to 100 APs