NETWORKING

DEVICES
&
INITIAL
CONFIGURATI
ON
Chapter 1:
Network
Design
Network
Architecture
Refers to the technologies that support the
infrastructure, the programmed services
and rules, or protocols, that move data
across the network.

As networks evolve, there are four basic

characteristics that network architects
must address to meet user expectations:

• Fault Tolerance
• Scalability
• Quality of Service (QoS)
• Security
Fault Tolerance
• A fault tolerant network is a network that can continue operations without interruption when one or more
components of the network fail.
• Limits the number of affected devices during a failure. It allows quick recovery when such a failure occurs.
• These networks depend on multiple paths between the source and destination of a message. If one path fails,
the messages are instantly sent over a different link.

• Installing additional links within the network allows us to have multiple paths to reach ISP & the internet
• Having multiple paths to a destination is known as redundancy, the more redundancy in a network, the more
fault tolerant it becomes.
Scalability
• A scalable network expands quickly to support new users and applications.
• It does this without degrading the performance of services that are being accessed by existing
users.
• Networks can be scalable because the designers follow accepted standards and protocols.
Quality of Service
• As data, voice, and video content continue to converge onto the same network, QoS becomes a
primary mechanism for managing congestion and ensuring reliable delivery of content to all users.
• Network bandwidth is measured in bps. When simultaneous communications are attempted across
the network, the demand for network bandwidth can exceed its availability, creating network
congestion.
• The focus of QoS is to prioritize time-sensitive traffic. The type of traffic, not the content of the
traffic, is what is important.
Network Security
• Network administrators must address two types of network security concerns: network infrastructure security and
information security.
• They must also protect the information contained within the packets being transmitted over the network, and the
information stored on network attached devices.

There are three primary requirements to achieve the goals of network security:
• Confidentiality – means that only the intended and authorized recipients can access and read data
• Integrity - assures users that the information has not been altered in transmission, from origin to destination.
• Availability - assures users of timely and reliable access to data services for authorized users.
Physical and Logical Addresses
The IP address is similar to the address of a person. It is known as a logical address because it is
assigned logically based on where the host is located. The IP address, or network address, is assigned
to each host by a network administrator based on the local network.

• IP addresses contain two parts. One part identifies the network portion. The network portion of the
IP address will be the same for all hosts connected to the same local network.

• The second part of the IP address identifies the individual host on that network. Both the physical
MAC and logical IP addresses are required for a computer to communicate on a hierarchical network.
Chapter 2:
Cloud &
Virtualizati
on
Cloud & Cloud Services

When talking about the cloud, we are talking about data centers, cloud
computing, and virtualization.
• Data centers are usually large facilities which provide massive amounts of
power, cooling, and bandwidth. Only very large companies can afford their
own data centers. Most smaller organizations lease the services from a
cloud provider.

Cloud services include the following:

• SaaS – Software as a service refers to on demand software or a subscription
model where the license and the delivery of the software happens through
the cloud e.g. Office 365, Adobe Creative Cloud (Access to the software
happens typically through a web browser, software is typically not owned but
rather leased.
• PaaS – Platform as a service is where the cloud service provider provides
the platform, like the Java or .NET platform for a developer to develop an
application or app.
• IaaS – Infrastructure as a service refer to virtual computing that can be
provided over the internet on demand. This includes computing such as
virtual servers as virtualized storage and virtualized networking
capabilities that can be provisioned, allocated, and supplied on demand on
an as needed basis.
There are four primary cloud models;

• Public clouds - Cloud-based applications and services offered in

a public cloud are made available to the general population.
• Private clouds - Cloud-based applications and services offered
in a private cloud are intended for a specific organization or
entity, such as the government.
• Hybrid clouds - A hybrid cloud is made up of two or more
clouds, where each part remains a separate object, but both are
connected using a single architecture. e.g. AWS Outposts, Azure
Stack, Azure Arc, Azure VMware Solution, Google Anthos
• Community clouds - A community cloud is created for exclusive
use by a specific community. The differences between public
clouds and community clouds are the functional needs that have
been customized for the community. For example, healthcare
organizations must remain compliant with policies and laws (e.g.,
HIPAA) that require special authentication and confidentiality.
Virtualization
Virtualization means creating a virtual rather than physical version of something, such as a computer. An example would be
running a "Linux computer" on your Windows PC.
Virtualization is the foundation of cloud computing. Without it, cloud computing, as it is most-widely implemented, would not be
possible

Advantages
One major advantage of virtualization is overall reduced cost:
• Less equipment is required - Virtualization enables server consolidation, which requires fewer physical devices and lowers
maintenance costs.
• Less energy is consumed - Consolidating servers lowers the monthly power and cooling costs.
• Less space is required - Server consolidation reduces the amount of required floor space.
These are additional benefits of virtualization:
• Easier prototyping - Self-contained labs, operating on isolated networks, can be rapidly created for testing and prototyping
network deployments.
• Faster server provisioning - Creating a virtual server is far faster than provisioning a physical server.
• Increased server uptime - Most server virtualization platforms now offer advanced redundant fault tolerance features.
• Improved disaster recovery - Most enterprise server virtualization platforms have software that can help test and automate
failover before a disaster happens.
• Legacy support - Virtualization can extend the life of OSs and applications providing more time for organizations to migrate to
newer solutions.
Hypervisors
The hypervisor is a program, firmware, or hardware that
adds an abstraction layer on top of the physical hardware.
• The abstraction layer is used to create virtual machines
which have access to all the hardware of the physical
machine such as CPUs, memory, disk controllers, and
NICs.
• Each of these virtual machines runs a complete and
separate operating system.

Type 1 Hypervisor:
• Type 1 hypervisors are also called the “bare metal”
approach because the hypervisor is installed directly on
the hardware.
• Type 1 hypervisors are usually used on enterprise
servers and data center networking devices.
• With Type 1 hypervisors, the hypervisor is installed
directly on the server or networking hardware. Then,
instances of an OS are installed on the hypervisor, as
shown in the figure.
• Type 1 hypervisors have direct access to the hardware
resources; therefore, they are more efficient than
hosted architectures. They improve scalability,
performance, and robustness.
Hypervisors Cont'd
Type 2 Hypervisors

• A Type 2 hypervisor is software that creates and runs VM instances.

• The computer, on which a hypervisor is supporting one or more VMs, is a host machine.
• Type 2 hypervisors are also called hosted hypervisors. This is because the hypervisor is installed
on top of the existing OS, such as macOS, Windows, or Linux. Then, one or more additional OS
instances are installed on top of the hypervisor, as shown in the figure.
• An advantage of Type 2 hypervisors is that management console software is not required.
Chapter 3:
Ethernet
Switching
Ethernet
Ethernet is one of two LAN technologies used today, with the other
being Wireless LANs (WLANs). Ethernet uses wired communications,
including twisted pair, fiber-optic links, and coaxial cables.
The Institute of Electrical and Electronics Engineers, or IEEE ",
maintains the networking standards, including Ethernet and wireless
standards.
IEEE committees are responsible for approving and maintaining the
standards for connections, media requirements and communications
protocols
Ethernet operates in the data link layer and the physical layer. It is a
family of networking technologies defined in the IEEE 802.2 and 802.3
standards. Ethernet supports data bandwidths of the following:

• 10 Mbps
• 100 Mbps
• 1000 Mbps (1 Gbps)
• 10,000 Mbps (10 Gbps)
• 40,000 Mbps (40 Gbps)
• 100,000 Mbps (100 Gbps)

Ethernet standards define both the Layer 2 protocols and the Layer 1
technologies of the OSI Model
 Data Link Sublayers

IEEE 802 LAN/MAN protocols, including Ethernet, use the following

two separate sublayers of the data link layer to operate. They are the
Logical Link Control (LLC) and the Media Access Control (MAC), as
shown in the figure.

LLC and MAC have the following roles in the data link layer:
• LLC Sublayer - This IEEE 802.2 sublayer communicates between
the networking software at the upper layers and the device
hardware at the lower layers. It places information in the frame
that identifies which network layer protocol is being used for the
frame. This information allows multiple Layer 3 protocols, such as
IPv4 and IPv6, to use the same network interface and media.
• MAC Sublayer - This sublayer (IEEE 802.3, 802.11, or 802.15 for
example) is implemented in hardware and is responsible for data
encapsulation and media access control. It provides data link layer
addressing and is integrated with various physical layer
technologies.
MAC Sublayer
The MAC sublayer is responsible for data encapsulation and
accessing the media.

Data Encapsulation: also known as data hiding, is the mechanism

whereby the implementation details of a class are kept hidden from
the user

IEEE 802.3 data encapsulation includes the following:

• Ethernet frame - This is the internal structure of the Ethernet

frame.
• Ethernet Addressing - The Ethernet frame includes both a source
and destination MAC address to deliver the Ethernet frame from
Ethernet NIC to Ethernet NIC on the same LAN.
• Ethernet Error detection - The Ethernet frame includes a frame
check sequence (FCS) trailer used for error detection.
• Accessing the Media - As shown in the figure, the IEEE 802.3
MAC sublayer includes the specifications for different Ethernet
communications standards over various types of media including
copper and fiber.
Ethernet Frame Fields
• The minimum Ethernet frame size is 64 bytes and the expected maximum is 1518 bytes. This
includes all bytes from the destination MAC address field through the frame check sequence
(FCS) field. The preamble field is not included when describing the size of the frame.
• Any frame less than 64 bytes in length is considered a “collision fragment” or “runt frame” and is
automatically discarded by receiving stations. Frames with more than 1500 bytes of data are
considered “jumbo” or “baby giant frames”.

If the size of a transmitted frame is less than the minimum, or greater than the maximum, the
receiving device drops the frame. Dropped frames are likely to be the result of collisions or other
unwanted signals. They are considered invalid. Jumbo frames are usually supported by most Fast
Ethernet and Gigabit Ethernet switches and NICs.
Unicast MAC Address

In Ethernet, different MAC addresses are used for Layer 2

unicast, broadcast, and multicast communications.

A unicast MAC address is the unique address that is used

when a frame is sent from a single transmitting device to a
single destination device

In the example shown on the right, a host with IPv4 address

192.168.1.5 (source) requests a web page from the server
at IPv4 unicast address 192.168.1.200. For a unicast packet
to be sent and received, a destination IP address must be in
the IP packet header. A corresponding destination MAC
address must also be present in the Ethernet frame header.
The IP address and MAC address combine to deliver data to
one specific destination host.

.
 Broadcast MAC
Address
An Ethernet broadcast frame is received and processed
by every device on the Ethernet LAN.

Features of an Ethernet broadcast are as follows:

• It has a destination MAC address of FF-FF-FF-FF-FF-FF in
hexadecimal (48 ones in binary).
• It is flooded out all Ethernet switch ports except the incoming
port.
• It is not forwarded by a router.

The source host sends an IPv4 broadcast packet to all

devices on its network. The IPv4 destination address is a
broadcast address, 192.168.1.255. When the IPv4
broadcast packet is encapsulated in the Ethernet frame,
the destination MAC address is the broadcast MAC
address of FF-FF-FF-FF-FF-FF in hexadecimal (48 ones in
binary).
Multicast MAC Address

An Ethernet multicast frame is received and processed

by a group of devices on the Ethernet LAN that belong
to the same multicast group.

• The features of an Ethernet multicast are as follows:

• There is a destination MAC address of 01-00-5E when the
encapsulated data is an IPv4 multicast packet and a
destination MAC address of 33-33 when the encapsulated
data is an IPv6 multicast packet.
• There are other reserved multicast destination MAC
addresses for when the encapsulated data is not IP, such as
Spanning Tree Protocol (STP) and Logical Link Discovery
Protocol LLDP.
• It is flooded out all Ethernet switch ports except the incoming
port, unless the switch is configured for multicast snooping.
• It is not forwarded by a router, unless the router is configured
to route multicast packets.
Chapter 4:
Network
Layer
Network Layer
Characteristics
The network layer, or OSI Layer 3, provides services to allow end devices to
exchange data across networks. IPv4 and IPv6 are the principal network layer
communication protocols. Other network layer protocols include routing protocols
such as OSPF and messaging protocols such as ICMP
Network layer protocols perform four operations: addressing end devices,
encapsulation, routing, and de-encapsulation to accomplish end to end
communication.

• Addressing end devices - End devices must be configured with a unique IP

address for identification on the network.
• Encapsulation - Encapsulation involves adding headers to the original data
at each layer of the OSI or TCP/IP model as it moves down the stack
The network layer encapsulates the protocol data unit (PDU) from the transport
layer into a packet. The encapsulation process adds IP header information, such
as the IP address of the source (sending) and destination (receiving) hosts. The
encapsulation process is performed by the source of the IP packet.
• Routing - The network layer provides services to direct the packets to a
destination host on another network. To travel to other networks, the packet
must be processed by a router. The role of the router is to select the best path
and direct packets toward the destination host in a process known as routing.
A packet may cross many routers before reaching the destination host. Each
router a packet crosses to reach the destination host is called a hop.
• De-encapsulation - When the packet arrives at the network layer of the
destination host, the host checks the IP header of the packet. If the
destination IP address within the header matches its own IP address, the IP
header is removed from the packet. After the packet is de-encapsulated by
the network layer, the resulting Layer 4 PDU is passed up to the appropriate
service at the transport layer. The de-encapsulation process is performed by
the destination host of the IP packet.
IP Encapsulation

• IP encapsulates the transport layer segment or other data by

adding an IP header. The IP header is used to deliver the packet to
the destination host
The figure on the right illustrates how the transport layer PDU is
encapsulated by the network layer PDU to create an IP packet
• IP encapsulation allows data to be transmitted across networks
that may use different protocols or technologies.
• It enables routing of IP packets over networks that may not
inherently support IP, such as Ethernet or Frame Relay networks.

• The process of encapsulating data layer by layer enables the

services at the different layers to develop and scale without
affecting the other layers. This means the transport layer
segments can be readily packaged by IPv4 or IPv6 or by any new
protocol that might be developed in the future.
• The IP header is examined by Layer 3 devices (i.e., routers and
Layer 3 switches) as it travels across a network to its destination
Characteristics of IP
IP was designed as a protocol with low overhead. It provides only the functions that are necessary to deliver a packet from a source to a
destination over an interconnected system of networks. The protocol was not designed to track and manage the flow of packets. These functions, if
required, are performed by other protocols at other layers, primarily TCP at Layer 4.

These are the basic characteristics of IP:

• Connectionless
• Best Effort
• Media Independent

Connectionless: There is no connection with the destination established before sending data packets.
• Connectionless communication is conceptually like sending a letter to someone without notifying the recipient in advance.
• Connectionless data communications work on the same principle. As shown in the figure, IP requires no initial exchange of control information
to establish an end-to-end connection before packets are forwarded.
Characteristics of IP Cont'd
Best Effort : The IP protocol does not guarantee that all packets that are delivered are, in fact, received.

As an unreliable network layer protocol, IP does not guarantee that all sent packets will be received. Other
protocols manage the process of tracking packets and ensuring their delivery. The figure illustrates
the unreliable or best-effort delivery characteristic of the IP protocol.

Media Independent: IP operates independently of the media that carry the data at lower layers of the
protocol stack. As shown in the figure, IP packets can be communicated as electronic signals over copper
cable, as optical signals over fiber, or wirelessly as radio signals.

The OSI data link layer is responsible for taking an IP packet and preparing it for transmission over the
communications medium. This means that the delivery of IP packets is not limited to any medium.
IPv4 Packet
• The IPv4 packet header is used to ensure that a packet is delivered to its next stop on the
way to its destination end device.
• An IPv4 packet header consists of fields containing binary numbers which are examined
by the Layer 3 process.
Significant fields in the IPv4 header include version, DS, TTL, protocol, header checksum,
source IPv4 address, and destination IPv4 address.
• Version: Contains a 4-bit binary value set to 0100 that identifies this as an IPv4 packet.
• Differentiated Services or DiffServ (DS): Formerly called the type of service (ToS)
field, the DS field is an 8-bit field used to determine the priority of each packet. The six
most significant bits of the DiffServ field are the differentiated services code point (DSCP)
bits and the last two bits are the explicit congestion notification (ECN) bits.
• Time to Live:TTL contains an 8-bit binary value that is used to limit the lifetime of a
packet. The source device of the IPv4 packet sets the initial TTL value. It is decreased by
one each time the packet is processed by a router. If the TTL field decrements to zero, the
router discards the packet and sends an Internet Control Message Protocol (ICMP) Time
Exceeded message to the source IP address. Because the router decrements the TTL of
each packet, the router must also recalculate the Header Checksum.
• Protocol: This field is used to identify the next level protocol. This 8-bit binary value
indicates the data payload type that the packet is carrying, which enables the network
layer to pass the data to the appropriate upper-layer protocol.
• Head Checksum: This is used to detect corruption in the IPv4 header.
• Source IPv4 Address: This contains a 32-bit binary value that represents the source
IPv4 address of the packet. The source IPv4 address is always a unicast address.
• Destination IPv4 Address: This contains a 32-bit binary value that represents the
destination IPv4 address of the packet. The destination IPv4 address is a unicast,
multicast, or broadcast address.
Limitations of IPv4
Through the years, additional protocols and processes have been developed to address new
challenges. However, even with changes, IPv4 still has three major issues:

• IPv4 address depletion - IPv4 has a limited number of unique public addresses available.
Although there are approximately 4 billion IPv4 addresses, the increasing number of new IP-enabled
devices, always-on connections, and the potential growth of less-developed regions have increased
the need for more addresses.
• Lack of end-to-end connectivity - Network Address Translation (NAT) is a technology commonly
implemented within IPv4 networks. NAT provides a way for multiple devices to share a single public
IPv4 address. However, because the public IPv4 address is shared, the IPv4 address of an internal
network host is hidden. This can be problematic for technologies that require end-to-end
connectivity.
• Increased network complexity – While NAT has extended the lifespan of IPv4 it was only meant
as a transition mechanism to IPv6. NAT in its various implementation creates additional complexity
in the network, creating latency and making troubleshooting more difficult.
IPv6 Packet

• Improvements that IPv6 provides include the following: increased

address space, improved packet handling, and it eliminates the need
for NAT.

• Increased address space - IPv6 addresses are based on 128-bit

hierarchical addressing as opposed to IPv4 with 32 bits.
• Improved packet handling - The IPv6 header has been simplified
with fewer fields.
• Eliminates the need for NAT - With many public IPv6 addresses,
NAT between a private IPv4 address and a public IPv4 is not needed.
This avoids some of the NAT-induced problems experienced by
applications that require end-to-end connectivity.
The 32-bit IPv4 address space provides approximately 4,294,967,296
unique addresses. IPv6 address space provides
340,282,366,920,938,463,463,374,607,431,768,211,456, or 340
undecillion addresses. This is roughly equivalent to every grain of sand on
Earth.
• The IPv6 simplified header fields include version, traffic class, flow
label, payload length, next header, hop limit, source IP address, and
destination IP address.
• Version - This field contains a 4-bit binary value set to 0110 that
identifies this as an IP version 6 packet.
• Traffic Class - This 8-bit field is equivalent to the IPv4 Differentiated Services
(DS) field.
• Flow Label - This 20-bit field suggests that all packets with the same flow label
receive the same type of handling by routers.
IPv6 Packet

• Payload Length - This 16-bit field indicates the length of the data portion or payload of the IPv6 packet. This
does not include the length of the IPv6 header, which is a fixed 40-byte header.
• Next Header - This 8-bit field is equivalent to the IPv4 Protocol field. It indicates the data payload type that
the packet is carrying, enabling the network layer to pass the data to the appropriate upper-layer protocol.
• Hop Limit - This 8-bit field replaces the IPv4 TTL field. This value is decremented by a value of 1 by each
router that forwards the packet. When the counter reaches 0, the packet is discarded, and an ICMPv6 Time
Exceeded message is forwarded to the sending host,. This indicates that the packet did not reach its
destination because the hop limit was exceeded.
• Source IPv6 Address - This 128-bit field identifies the IPv6 address of the sending host.
• Destination IPv6 Address - This 128-bit field identifies the IPv6 address of the receiving host.
Chapter 5:
IPv4
Address
Structure
Network and Host Portions
• An IPv4 address is a 32-bit hierarchical address that is made up of a network portion and a host portion

• The bits within the network portion of the address must be identical for all devices that reside in the same network.
• The bits within the host portion of the address must be unique to identify a specific host within a network.
IPv4 Configuration on a Windows
Computer

• IPv4 address - This is the unique IPv4 address of

the host.
• Subnet mask- This is used to identify the
network/host portion of the IPv4 address.
• A default gateway IPv4 address is required
to reach remote networks and DNS server
IPv4 addresses are required to translate
domain names to IPv4 addresses.
• The IPv4 subnet mask is used to differentiate the
network portion from the host portion of an IPv4
address. When an IPv4 address is assigned to a
device, the subnet mask is used to determine the
network address of the device. The
network address represents all the devices on the
same network.
Associating an IPv4 Address with its Subnet
Mask

• The subnet mask does not actually contain the network or host portion of an IPv4 address, it just tells the
computer where to look for the part of the IPv4 address that is the network portion and which part is the host
portion.
• The actual process used to identify the network portion and host portion is called ANDing.
Prefix Length
An alternative method of identifying a subnet mask, a method called the prefix length.
The prefix length is the number of bits set to 1 in the subnet mask. It is written in “slash notation”, which is noted
by a forward slash (/) followed by the number of bits set to 1. For example, 192.168.10.10 255.255.255.0 would
be written as 192.168.10.10/24.

The first column lists various subnet masks that can be used with a host address. The second column displays
the converted 32-bit binary address. The last column displays the resulting prefix length
Determining the Network: Logical AND

• A logical AND is one of three Boolean operations used in Boolean or digital logic. The other two are
OR and NOT. The AND operation is used in determining the network address.

• The AND operation is used in determining the network address.

• Logical AND is the comparison of two bits. Note how only a 1 AND 1 produces a 1. Any other combination results
in a 0.
• 1 AND 1 = 1
• 0 AND 1 = 0
• 1 AND 0 = 0
• 0 AND 0 = 0

• In digital logic, 1 represents True and 0 represents False. When using an AND operation, both input
values must be True (1) for the result to be True (1).
• To identify the network address of an IPv4 host, the IPv4 address is logically ANDed, bit by bit, with the subnet
mask. ANDing between the address and the subnet mask yields the network address.
To illustrate how AND is used to discover a network address, consider a host with IPv4 address 192.168.10.10 and subnet mask
of 255.255.255.0, as shown in the figure:
• IPv4 host address (192.168.10.10) - The IPv4 address of the host in dotted decimal and binary formats.
• Subnet mask (255.255.255.0) - The subnet mask of the host in dotted decimal and binary formats.
• Network address (192.168.10.0) - The logical AND operation between the IPv4 address and subnet mask results in an IPv4
network address shown in dotted decimal and binary formats.

• Using the first sequence of bits as an example, notice the AND operation is performed on the 1-bit of the host address with the
1-bit of the subnet mask. This results in a 1 bit for the network address. 1 AND 1 = 1.
• The AND operation between an IPv4 host address and subnet mask results in the IPv4 network address for this host. In this
example, the AND operation between the host address of 192.168.10.10 and the subnet mask 255.255.255.0 (/24), results in
the IPv4 network address of 192.168.10.0/24. This is an important IPv4 operation, as it tells the host what network it belongs
to.
Chapter 6:
Address
Resolution
Protocol
ARP
A network that is using the IPv4 communications protocol need the ARP to map IPv4 addresses to
MAC addresses.
Every IP device on an Ethernet network has a unique Ethernet MAC address. When a device sends an
Ethernet Layer 2 frame, it contains two addresses:

• Destination MAC address - The Ethernet MAC address of the destination device on the same
local network segment.
• Source MAC address - The MAC address of the Ethernet NIC on the source host.

To send a packet to another host on the same local IPv4 network, a host must know the IPv4 address
and the MAC address of the destination device. Device destination IPv4 addresses are either known or
resolved by device name. However, MAC addresses must be discovered.
A device uses Address Resolution Protocol (ARP) to determine the destination MAC address of a local
device when it knows its IPv4 address.
ARP provides two basic functions:
• Resolving IPv4 addresses to MAC addresses
• Maintaining a table of IPv4 to MAC address mappings
ARP
To send a packet to another host on the same local IPv4 network, a host must know the IPv4 address
and the MAC address of the destination device. Device destination IPv4 addresses are either known
or resolved by device name. However, MAC addresses must be discovered.
A device uses ARP to determine the destination MAC address of a local device when it knows its IPv4
address.

• The sending device will search its ARP table for a destination IPv4 address and a corresponding
MAC address.
• If the packet’s destination IPv4 address is on the same network as the source IPv4 address, the
device will search the ARP table for the destination IPv4 address.
• If the destination IPv4 address is on a different network than the source IPv4 address, the device
will search the ARP table for the IPv4 address of the default gateway.
• Each entry, or row, of the ARP table binds an IPv4 address with a MAC address. We call the
relationship between the two values a map. ARP messages are encapsulated directly within an
Ethernet frame. There is no IPv4 header. The ARP request is encapsulated in an Ethernet frame
using the following header information:
• Destination MAC address – This is a broadcast address FF-FF-FF-FF-FF-FF requiring all Ethernet
NICs on the LAN to accept and process the ARP request.
• Source MAC address – This is MAC address of the sender of the ARP request.
• ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame
needs to be passed to the ARP process.
• Because ARP requests are broadcasts, they are flooded out all ports by the switch, except the receiving port.
Only the device with the target IPv4 address associated with the ARP request will respond with an ARP reply.
• After the ARP reply is received, the device will add the IPv4 address and the corresponding MAC address to its
ARP table.
• When the destination IPv4 address is not on the same network as the source IPv4 address, the source device
needs to send the frame to its default gateway which is the interface of the local router.
• Whenever a source device has a packet with an IPv4 address on another network, it will encapsulate that packet
in a frame using the destination MAC address of the router. The IPv4 address of the default gateway is stored in
the IPv4 configuration of the hosts.
• If the destination host is not on its same network, the source checks its ARP table for an entry with the
IPv4 address of the default gateway. If there is not an entry, it uses the ARP process to determine a MAC
address of the default gateway.
• On a Cisco router, the show ip arp command is used to display the ARP table. On a Windows 10 PC, the arp –
a command is used to display the ARP table.
• As a broadcast frame, an ARP request is received and processed by every device on the local network.
• If a large number of devices were to be powered up and all start accessing network services at the same time,
there could be some reduction in performance for a short period of time. Therefore, in some cases, the use of
ARP can lead to a potential security risk.
• A threat actor can use ARP spoofing to perform an ARP poisoning attack. This is a technique used by a threat
actor to reply to an ARP request for an IPv4 address that belongs to another device, such as the default
gateway.
• The threat actor sends an ARP reply with its own MAC address. The receiver of the ARP reply will add the
wrong MAC address to its ARP table and send these packets to the threat actor.
Chapter 7:
IP
Addressin
g Services
Domain Name System
IP Addressing Services
• In data networks, devices are labeled with numeric IP addresses to send and receive data over networks. Domain names were
created to convert the numeric address into a simple, recognizable name.
• The DNS protocol defines an automated service that matches resource names with the required numeric network address.
• The DNS protocol communications use a single format called a message. This message format is used for all types of client
queries and server responses, error messages, and the transfer of resource record information between servers.
• The DNS protocol defines an automated service that matches resource names with the required numeric network address. It
includes the format for queries, responses, and data.
• On the internet, fully-qualified domain names (FQDNs), such as http://www.cisco.com, are much easier for people to
remember than 198.133.219.25, which is the actual numeric address for this server.
• If Cisco decides to change the numeric address of www.cisco.com, it is transparent to the user because the domain name
remains the same. The new address is simply linked to the existing domain name and connectivity is maintained.

Step 1
• The user types an FQDN into a browser application Address field.
 Step 2 Step 4
A DNS query is sent to the designated The DNS query response is sent back to the
client with DNS server for the client computer. the IP address
for the FQDN

Step 3
Step 5
The DNS server matches the FQDN with its IP address. The client computer uses
the IP address to make
requests of the server.
 DNS Hierarchy
• DNS uses domain names to form the hierarchy.
• The naming structure is broken down into zones. Each DNS
server maintains a specific database file and is
only responsible for managing name-to-IP mappings for that
small portion of the entire DNS structure.
• When a DNS server receives a request for a name translation
that is not within its DNS zone, the DNS server forwards the
request to another DNS server within the proper zone for
translation.
• DNS is scalable because hostname resolution is spread
across multiple servers.

The different top-level domains represent either the type of

organization or the country of origin. Examples of top-level
domains are the following:

• .com - a business or industry

• .org - a non-profit organization
• .au - Australia
• .co - Colombia
• .bw - Botswana
DHCP Services
• The Dynamic Host Configuration Protocol (DHCP) for IPv4 service automates the assignment of IPv4 addresses,
subnet masks, gateways, and other IPv4 networking parameters.
• This is referred to as dynamic addressing. The alternative to dynamic addressing is static addressing. When
using static addressing, the network administrator manually enters IP address information on hosts.
• When a host connects to the network, the DHCP server is contacted, and an address is requested. The DHCP
server chooses an address from a configured range of addresses called a pool and assigns (leases) it to the
host.
• On larger networks, or where the user population changes frequently, DHCP is preferred for address
assignment. New users may arrive and need connections; others may have new computers that must be
connected. Rather than use static addressing for each connection, it is more efficient to have IPv4 addresses
assigned automatically using DHCP
• DHCP can allocate IP addresses for a configurable period of time, called a lease period. The lease period is an
important DHCP setting, When the lease period expires or the DHCP server gets a DHCPRELEASE message
the address is returned to the DHCP pool for reuse.
• Various types of devices can be DHCP servers. The DHCP server in most medium-to-large networks is usually a
local, dedicated PC-based server. With home networks, the DHCP server is usually located on the local router
that connects the home network to the ISP.
• DHCPv6 provides similar services for IPv6 clients. One important difference is that DHCPv6 does not provide a default gateway
address. This can only be obtained dynamically from the Router Advertisement message of the router.
• When an IPv4, DHCP-configured device boots up or connects to the network, the client broadcasts a
DHCPDISCOVER message to identify any available DHCP servers on the network.
• A DHCP server replies with a DHCPOFFER message, which offers a lease to the client. The client sends a
DHCPREQUEST message that identifies the explicit server and lease offer that the client is accepting.
• Assuming that the IPv4 address requested by the client, or offered by the server, is still available, the server
returns a DHCPACK message that acknowledges to the client that the lease has been finalized. If the offer is no
longer valid, then the selected server responds with a DHCPNAK message. If a DHCPNAK message is returned,
then the selection process must begin again with a new DHCPDISCOVER message being transmitted.
• DHCPv6 has a set of messages that is similar to those for DHCPv4. The DHCPv6 messages are SOLICIT,
ADVERTISE, INFORMATION REQUEST, and REPLY.
Chapter 8:
Transport
Layer
Role of the Transport Layer

• Application layer programs generate data that

must be exchanged between source and
destination hosts.
• The transport layer is responsible for logical
communications between applications running on
different hosts.
• This may include services such as establishing a
temporary session between two hosts and the
reliable transmission of information for an
application.
• The transport layer is the link between the
application layer and the lower layers that are
responsible for network transmission
• The transport layer has no knowledge of the
destination host type, the type of media over
which the data must travel, the path taken by the
data, the congestion on a link, or the size of the
network.
 • Tracking Individual Conversations - At the transport layer, each set of data
flowing between a source application and a destination application is known as a
Transport Layer conversation and is tracked separately. It is the responsibility of the transport layer
to maintain and track these multiple conversations.
Responsibilities
• Segmenting Data and Reassembling Segments - It is the transport layer
responsibility to divide the application data into appropriately sized blocks.
Depending on the transport layer protocol used, the transport layer blocks are
called either segments or datagrams.

• Add Header Information - The transport layer protocol also adds header
information containing binary data organized into several fields to each block
of data.

• Identifying the Applications - The transport layer must be able to separate and
manage multiple communications with different transport requirement needs.

• Conversation Multiplexing - Sending some types of data (e.g., a streaming

video) across a network, as one complete communication stream, can consume
all the available bandwidth. The transport layer uses segmentation and
multiplexing to enable different communication conversations to be interleaved on
the same network.
 Transport Layer Protocols

Transport layer protocols specify how to transfer messages

between hosts and are responsible for managing reliability
requirements of a conversation.

The transport layer includes two protocols:

• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)

• TCP (Transmission Control Protocol)

TCP is considered a reliable, full-featured transport layer
protocol, which ensures that all of the data arrives at the
destination. TCP includes fields which ensure the delivery of
the application data. These fields require additional
processing by the sending and receiving hosts.

To maintain the state of a conversation and track the

information, TCP must first establish a connection between the
sender and the receiver. This is why TCP is known as a
connection-oriented protocol.
TCP Features

• TCP provides reliability and flow control using these basic operations:
• Number and track data segments transmitted to a specific host from a specific application
• Acknowledge received data
• Retransmit any unacknowledged data after a certain amount of time
• Sequence data that might arrive in wrong order
• Send data at an efficient rate that is acceptable by the receiver

In addition to supporting the basic functions of data segmentation and reassembly, TCP also provides the following services:

• Establishes a Session - TCP is a connection-oriented protocol that negotiates and establishes a permanent connection (or session) between
source and destination devices prior to forwarding any traffic. Through session establishment, the devices negotiate the amount of traffic that
can be forwarded at a given time, and the communication data between the two can be closely managed.
• Ensures Reliable Delivery - For many reasons, it is possible for a segment to become corrupted or lost completely, as it is transmitted over the
network. TCP ensures that each segment that is sent by the source arrives at the destination.
• Provides Same-Order Delivery - Because networks may provide multiple routes that can have different transmission rates, data can arrive in
the wrong order. By numbering and sequencing the segments, TCP ensures segments are reassembled into the proper order.
• Supports Flow Control - Network hosts have limited resources (i.e., memory and processing power). When TCP is aware that these resources
are overtaxed, it can request that the sending application reduce the rate of data flow. This is done by TCP regulating the amount of data the
source transmits. Flow control can prevent the need for retransmission of the data when the resources of the receiving host are overwhelmed.
Applications That Use TCP
TCP handles all tasks associated with dividing the data stream into segments, providing reliability, controlling data
flow, and reordering segments. TCP frees the application from having to manage any of these tasks. HTTP, FTP,
SMTP, and SSH, can simply send the data stream to the transport layer and use the services of TCP.

For other applications it is important that all the data arrives and that it can be processed in its proper sequence.
For these types of applications, TCP is used as the transport protocol. For example, applications such as
databases, web browsers, and email clients, require that all data that is sent arrives at the destination in its
original condition. Any missing data could corrupt a communication, making it either incomplete or unreadable.
Real-Life Examples of TCP :

• Text Communication –
We all are aware of the importance of Text Communication in the present times. Any discrepancy in texting
between sender and receiver cannot be tolerated. Hence TCP is used in Text Communication due to its reliable
transmission, error control, and in order receiving of the data.
Example : Whatsapp, Instagram, Google Chat, iMessage.

• Transfer of files or FTP –

TCP is used in File transfer when we cannot tolerate the loss of data and receiving the data incorrect order is of
utmost importance. FTP uses two TCP connections i.e control connection and data connection.
Control Connection : FTP sends information like user identification and passwords.
Data Connection: In this connection, files are sent over the network.
Ex : FileZilla Client and Server

• Hyper Text Transfer Protocol (HTTP) –

It is used to access the data present on the World Wide Web. It uses TCP protocol for accessing the web pages
present on the internet due to the fact that TCP provides inorder data, error control and flow control, and
retransmission of data segments.

• Simple Mail Transfer Protocol(SMTP)

It is an application layer protocol that is used to send Emails from one system to another. SMTP uses the services
of TCP to start a connection with the SMTP server. Once the SMTP server accepts the connection request, it
allows the sender to send the mails.
Ex: Yahoo, Gmail, Outlook
Advantages :

• Flow Control
• Error Control
• Congestion Control
• Process to Process Communication
• In order delivery of data segments

Disadvantages :
• The data segments don’t get transmitted immediately
• More overhead(20-60Bytes)
• It has a large TCP Header
User Datagram Protocol (UDP)

UDP is a lightweight, simple, and efficient protocol suitable for

applications where real-time communication and low latency are more
important than reliable data transmission. It offers the same data
segmentation and reassembly as TCP, but without TCP reliability and
flow control, it does not require an established connection. Skype,
Google Meet, zoom, and Facetime are examples of applications that
use UDP.

• UDP does not track information sent or received between the client
and server, UDP is also known as a stateless protocol.
• It is also known as a best-effort delivery protocol because there is
no acknowledgment that the data is received at the destination.

• With UDP, there are no transport layer processes that inform the
sender of a successful delivery. UDP is preferable for applications
such as VoIP. Acknowledgments and retransmission would slow
down delivery.

• UDP is also known as a best-effort delivery protocol because there

is no acknowledgment that the data is received at the destination.
With UDP, there are no transport layer processes that inform the
sender of a successful delivery.
UDP features include the following:

• Data is reconstructed in the order that it is received.

• Any segments that are lost are not resent.
• There is no session establishment.
• The sending is not informed about resource availability.

UDP is a stateless protocol, meaning neither the client, nor the server, tracks the state of the
communication session. If reliability is required when using UDP as the transport protocol, it must be
handled by the application.

The blocks of communication in UDP are called datagrams, or segments. These datagrams are sent
as best effort by the transport layer protocol. The UDP header is far simpler than the TCP header
because it only has four fields and requires 8 bytes (i.e., 64 bits).

There are three types of applications that are best suited for UDP are live video and multimedia
applications, simple request and reply applications, applications that handle reliability themselves.
Real-Life Examples of UDP :

• Online Games –
Most of the online games we play use the services of User Datagram Protocol. Since
any amount of delay cannot be tolerated in online games UDP is widely used over TCP
which is quite slower. UDP doesn’t retransmit the lost data and is a connectionless
protocol due to which it is much faster.
Ex : All online games

• Video Conferencing –
Video Conferencing apps like Skype, Google meet, Zoom, all use the services of UDP
due to the fact that they are real-time applications and any delay in receiving the data
cannot be tolerated.
Ex: Skype, Google Meet, zoom, and Facetime.

• Voice Over IP(VoIP) –

It is similar to Video Conferencing, where apps like Viber, Whatsapp, Google Hangouts
use UDP for converting our voice to digital data and transmit it over the network, hence
the name VoIP.
Ex : Viber, Whatsapp Voice calling, Wi-Fi calling.

• Domain Name System(DNS) –

It is a service used for mapping domain names to their corresponding IP address. It is
used by the application layer. It can also be looked at as a distributed DataBase that has
a hierarchical name Server. DNS uses UDP for fetching the corresponding IP address
due to the following reasons:

a) UDP is much faster than TCP. After all, speed matters a lot when loading a webpage
b) DNS requests are typically small requests and can be accommodated inside UDP
segments(Header).
c) Even though UDP is unreliable, it can be achieved in the application layer too
Advantages :

• The packet created by UDP is relatively smaller than that of TCP(UDP Header: 8 bytes)
• Connectionless Transmission
• It is Faster, Simpler and Efficient

Disadvantages :

• There is no guarantee that the sender will receive the data

• Lack of proper Error checking mechanisms
• The lost packets will not be retransmitted
• There is a possibility of receiving out of order packets
Chapter 9:
The Cisco
IOS
Command
Line
The Cisco IOS Command Line Interface
• The Cisco IOS command line interface (CLI) is a text-based program that enables entering and
executing Cisco IOS commands to configure, monitor, and maintain Cisco devices.
• CLI commands are used to alter the configuration of the device and to display the current
status of processes on the router. When the router has completed the power-up sequence and the
Router> prompt appears, the CLI can be used to enter Cisco IOS commands.
• CLI commands are used to alter the configuration of the device and to display the current status
of processes on the router. For experienced users, the CLI offers many time-saving features for
creating both simple and complex configurations. Almost all Cisco networking devices use a
similar CLI. When the router has completed the power-up sequence and the Router> prompt
appears, the CLI can be used to enter Cisco IOS commands, as shown in the command output.
All network devices require an OS and that they can be configured using the CLI or a GUI. Using the CLI may provide the network administrator
with more precise control and flexibility than using the GUI

As a security feature, the Cisco IOS software separates management access into the following two command modes:
• User EXEC Mode - This mode is useful for basic operations. It allows a limited number of basic monitoring commands but does not allow the
execution of any commands that might change the configuration of the device. The user EXEC mode is identified by the CLI prompt that ends
with the > symbol.
• Accessing User EXEC Mode: When you connect to a Cisco device, you typically start in User EXEC Mode. You can access it directly through a
console connection, Telnet, SSH, or other remote management methods. The initial prompt will be Router> or Switch>.

• Privileged EXEC Mode - To execute configuration commands, a network administrator must access privileged EXEC mode. The privileged
EXEC mode can be identified by the prompt ending with the # symbol. Higher configuration modes, like global configuration mode, can only be
reached from privileged EXEC mode. Global configuration mode is identified by the CLI prompt that ends with (config)#
• Accessing Privileged EXEC Mode: To enter Privileged EXEC Mode, users typically start from User EXEC Mode (indicated by the Router> or
Switch> prompt) and then use the enable command. If the device is configured with a password, users will be prompted to enter it.
• Global Configuration Mode is a privileged mode in Cisco IOS that allows administrators to make changes to the overall
configuration of the device. When you enter Global Configuration Mode, you can configure various parameters that affect the
behavior of the device as a whole, such as interface settings, routing protocols, security features, and more. Here's how to
access Global Configuration Mode and some common tasks performed within it:
• Accessing Global Configuration Mode: To enter Global Configuration Mode, you typically start from the privileged EXEC
mode (designated by the > prompt) and then use the configure terminal or conf t command. This places you in Global
Configuration Mode, indicated by the (config) or (config)# prompt, depending on the device.

The commands used to navigate between the different IOS command modes are:

• enable - used to enter into privileged mode from user mode

• disable - used to exit privileged EXEC mode and return to user EXEC mode, or exit to a lower privilege level, enter
the disable EXEC command.
• configure terminal - The configure terminal command enters Global mode. In this mode, you can create system-wide
resources for various system services, configure global behaviors, and enter specialized configuration modes.
• exit - Use the exit command in subinterface configuration mode to return to interface configuration mode.
• ctrl+Z - Return to the EXEC mode from any configuration mode exit command Return to the previous mode or exit from the
CLI from Exec mode.
• line vty 0 15 - line vty is when you remote into the switch/router via telnet or ssh.
• interface vlan - provides the commands to define or modify the configuration of a VLAN interface
Show Commands

• The Cisco IOS provides commands to verify the

operation of router and switch interfaces.
• The Cisco IOS CLI show commands display
relevant information about the configuration and
operation of the device. Network technicians
use show commands extensively for viewing
configuration files, checking the status of device
interfaces and processes, and verifying the
device operational status. The status of nearly
every process or function of the router can be
displayed using a show command.
• Commonly used show commands and when to
use them are listed in the table on the right
Chapter 10:
Build a
Small
Cisco
Network