The devices that are used to connect network segments together include bridges, switches, routers, and gateways.. Figure 4-32 Bridges Segmenting a Network When a bridge receives a frame
Trang 1the geographical area past what a single LAN can support, as shown in Figure 4-32
The devices that are used to connect network segments together include bridges, switches,
routers, and gateways Switches and bridges operate at the data link layer of the OSI
model The function of the bridge is to make intelligent decisions about whether or not
to pass signals on to the next segment of a network Bridges can also be used to connect
dissimilar protocols and media as with wireless bridges interconnecting Ethernet LANs
in a metropolitan area
Figure 4-32 Bridges Segmenting a Network
When a bridge receives a frame on the network, the destination MAC address is
looked up in the bridge table to determine whether to filter, flood, or copy the frame
onto another segment This decision process occurs as follows:
■ If the destination device is on the same segment as the frame, the bridge blocks
the frame from going on to other segments, as shown in Figure 4-33 This
pro-cess is known as filtering.
■ If the destination device is on a different segment, the bridge forwards the frame
to the appropriate segment, as shown in Figure 4-34
Bridge
Computer A 00-50-DA-0D-F5-2D 00-50-04-7C-2B-01Computer B 00-50-F1-12-8A-00Computer C
Segment 1
To Segment 1
To Segment 2
Computer D 00-50-C2-43-0F-1B 00-50-B5-00-92-8BComputer E 00-50-BA-41-44-3CComputer F
Segment 2
Trang 2Figure 4-33 Bridges Segmenting a Network: Filtering
Figure 4-34 Bridges Segmenting a Network: Forwarding
Hh
Hh
Xc
In this example, a data packet originates from Computer V and its destination is Computer Xc The packet reaches its final destination and is not broadcast to other segments of the network.
Hh
Hh
Xc
In this example, a data packet originates from Computer V and its destination is Computer Hh The bridge checks its table to determine whether or not to allow the signal to continue to other segments of the network.
Trang 3■ If the destination address is unknown to the bridge, the bridge forwards the
frame to all segments except the one on which it was received This process is
known as flooding.
If placed strategically, a bridge greatly improves network performance
Switches
Aswitch is sometimes described as a multiport bridge While a typical bridge might
have just two ports (linking two network segments), the switch can have multiple ports
depending on how many network segments are to be linked Like bridges, switches learn
certain information about the data packets that they receive from various computers
on the network They use this information to build forwarding tables to determine the
destination of data being sent by one computer to another computer on the network as
demonstrated in Figure 4-35
Figure 4-35 Switching Table
Although some similarities exist between the two, a switch is a more sophisticated
device than a bridge A bridge determines whether the frame is forwarded to the other
network segment based on the destination MAC address A switch has many ports
with many network segments connected to them A switch chooses the port to which
the destination device or workstation is connected Ethernet switches are becoming
popular connectivity solutions because, like bridges, they improve network performance
(speed and bandwidth)
Switching is a technology that alleviates congestion in Ethernet LANs by reducing
traf-fic and increasing bandwidth Switches often replace shared hubs because they work
with existing cable infrastructures, which improves performance with a minimum of
intrusion into an existing network
0260.8c01.1111
0260.8c01.2222
0260.8c01.1111
0260.8c01.2222
Interface E0 E0 E1 E1
MAC Address 0260.8c01.1111 0260.8c01.2222 0260.8c01.3333 0260.8c01.4444
Trang 4Today, in data communications, all switching equipment performs two basic operations:
■ Switching data frames—The process by which a frame is received on an input
medium and then transmitted to an output medium
■ Maintenance of switching operations—Switches build and maintain switching
tables and search for loops
Switches operate at much higher speeds than bridges and can support other functional-ity, such as virtual LANs
An Ethernet switch has many benefits, such as allowing many users to communicate in parallel through the use of virtual circuits and dedicated network segments in a virtually collision-free environment, as shown in Figure 4-36 This arrangement maximizes the bandwidth available on the shared medium Another benefit is that moving to a switched LAN environment is very cost effective because existing hardware and cabling can be reused
Figure 4-36 Microsegmentation of the Network via Switches
Wireless Networking Media
A wireless network is an alternative method for connecting a LAN You don’t need
to run any cables, and you can easily move computers Wireless networks use radio frequency (RF), laser, infrared (IR), or satellite/microwaves to carry signals from one
Lab Activity LAN Switches Purchase
In this lab, you are introduced to the variety and prices of network compo-nents out in the market This lab looks specifically at Ethernet switches and NICs
All Traffic Visible on Network Segment
Shared SegmentBefore LAN Switch
After
Multiple Traffic Paths Within Switch
Trang 5computer to another without a permanent cable connection Wireless signals are
elec-tromagnetic waves that travel through the air No physical medium is necessary for
wireless signals, making them a very versatile way to build a network
A common application of wireless data communication is for mobile use Some examples
of mobile use include commuters, airplanes, satellites, remote space probes, space
shuttles, and space stations
At the core of wireless communication are devices called transmitters and receivers
The source interacts with the transmitter that converts data to electromagnetic (EM)
waves that are then received by the receiver The receiver then converts these
electro-magnetic waves back into data for the destination For two-way communication, each
device requires a transmitter and a receiver Many networking device manufacturers
build the transmitter and receiver into a single unit called a transceiver or wireless
net-work card All devices in wireless LANs (WLANs) must have the appropriate wireless
network card installed
The two most common wireless technologies used for networking are infrared (IR)
and radio frequency (RF) IR technology has its weaknesses Workstations and digital
devices must be in the line of sight of the transmitter to operate An IR-based network
suits environments where all the digital devices that require network connectivity are
in one room IR networking technology can be installed quickly, but the data signals
can be weakened or obstructed by people walking across the room or by moisture in
the air However, new IR technologies that can work out of sight are being developed
RF technology allows devices to be in different rooms or even buildings The limited
range of the radio signals still restricts the use of this kind of network RF technology can
be on single or multiple frequencies A single radio frequency is subject to outside
inter-ference and geographic obstructions Furthermore, a single frequency is easily monitored
by others, which makes the transmissions of data insecure Spread spectrum avoids the
problem of insecure data transmission by using multiple frequencies to increase the
immunity to noise and to make it difficult for outsiders to intercept data transmissions
Security in the Wireless Environment
The exponential growth of networking, including wireless technologies, has led to
increased security risks Increasing the security means increasing the time spent
manag-ing the system
The first level of security in a wireless LAN consists of protecting the radio frequency
waveform itself Wireless access points radiate radio waves over a large area that
is not contained in a physical building, which makes the radio waves accessible to
eavesdroppers and thus increases vulnerability The radio waves of wireless bridges are
Trang 6concentrated in a beam An eavesdropper must get into the beam path to intercept the communication Therefore, wireless access points usually require better security than wireless bridges
If you think someone might eavesdrop on your LAN radio links, encryption is the key The following sections discuss two wireless security approaches: wired equivalent privacy (WEP) and IEEE 802.1X or Extensible Authentication Protocol (EAP)
WEP WEP is the first step in addressing customer security concerns WEP is a security mech-anism, defined within the 802.11 standard, that is designed to protect the over-the-air transmission between wireless LAN access points and NICs The IEEE 802.11b requires 40-bit encryption keys However, many vendors, such as Cisco, support the optional 128-bit standard
The main goals of WEP are
■ Deny access to the network by unauthorized users who do not possess the appro-priate WEP key
■ Prevent the decoding of captured WLAN traffic that is WEP-encrypted without the possession of the WEP key
WEP uses the RC4 stream cipher that was invented by Ron Rivest of RSA Data Secu-rity, Inc., (RSADSI) for encryption The RC4 encryption algorithm is a symmetric-stream cipher that supports a variable-length key A symmetric cipher uses the same key for both encryption and decryption The key is the one piece of information that must be shared by both the encrypting and decrypting endpoints
Recently, encryption analysts have reported weaknesses in the authentication and WEP encryption schemes in the IEEE 802.11 WLAN standard Improvements on WEP have been developed to address the weaknesses found by encryption analysts However, it is not recommended to use WEP as a sole security mechanism for a WLAN WEP should
be supplemented with additional higher-level security mechanisms such as Virtual Private Networks (VPNs) or firewalls
802.1X/EAP
IEEE 802.1X/Extensible Authentication Protocol (EAP)is an alternative WLAN security approach to WEP, as specified by IEEE 802.11 IEEE 802.1X/EAP focuses on developing
a framework for providing centralized authentication and dynamic key distribution IEEE 802.1X is a standard for port-based network access control EAP allows wireless client adapters that can support different authentication types to communicate with dif-ferent back-end servers, such as Remote Authentication Dial-In User Service (RADIUS)
Trang 7Cisco Systems has developed a derivation of EAP based on mutual authentication, called
Lightweight EAP (LEAP) Mutual authentication means that both the user and the access
point to which the user is attempting to connect must be authenticated before access
onto the corporate network is allowed Mutual authentication protects enterprises from
unauthorized access points serving as a potential entrance into the network
The Cisco LEAP authentication provides the following benefits:
■ Centralized authentication and key distribution
■ Large-scale enterprise WLAN deployment because of its broad operating system
support and dynamic key derivation
Host LAN Connectivity: NICs and Interfaces
In terms of appearance, a NIC, shown in Figure 4-37 and 4-38, is a printed circuit
board that fits into the expansion slot of a bus on a computer’s motherboard or
peripheral device It is also called a network adapter On laptop/notebook computers,
NICs are usually the size of a credit card Its function is to connect the host device to
the network medium
Figure 4-37 Network Interface Card (Circuit Board)
NICs operate at both Layer 1 and Layer 2 of the OSI model NICs are considered Layer 2
devices because each individual NIC throughout the world carries a unique code, called
a Media Access Control (MAC) address This address controls data communication for
the host on the network Layer 2 devices, such as a bridge or switch, use each individual
NIC’s MAC address This MAC address controls data communication for the host on
the network You learn more about the MAC address in later chapters As its name
implies, the NIC controls the host’s access to the medium For this reason, a NIC also
works at Layer 1 because it looks only at bits and not at any address information or
higher-level protocols NICs typically have the transceiver built-in
Trang 8Figure 4-38 Network Interface Card (Media Connection)
In some cases, the type of connector on the NIC does not match the type of media that needs to be connected to it A good example is a Cisco 2500 router On the router, the Ethernet interface is an AUI connector and that connector needs to connect to a UTP CAT 5 Ethernet cable To do this, a transceiver (transmitter/receiver) is used The Ethernet transceiver provides the transmit/receive function (because none is built into the Ethernet interface) and at the same time converts one type of signal or connector to another (for example, to connect a 15-pin AUI interface to an RJ-45 jack)
In diagrams, NICs have no standardized symbol It is implied that, when networking devices are attached to network media, a NIC or NIC-like is device present Wherever
a dot is seen on a topology map, it represents either a NIC or an interface (port), which acts like a NIC
Workstation and Server Relationships
By using LAN and WAN technologies, many computers are interconnected to provide services to their users To accomplish this, networked computers take on different roles
or functions in relation to each other Some types of applications require computers
to function as equal partners Other types of applications distribute their work so that one computer functions to serve a number of others in an unequal relationship In either case, two computers typically communicate with each other by using request/ response protocols One computer issues a request for a service, and a second computer receives and responds to that request The requestor takes on the role of a client, and the responder takes on the role of a server
Trang 9Peer-to-Peer Networks
In a peer-to-peer network, the networked computers act as equal partners, or peers, to
each other Peer-to-peer networks are also referred to as workgroups As peers, each
computer can take on the client function or the server function At one time, for example,
computer A might make a request for a file from computer B, which responds by
serv-ing the file to computer A Computer A functions as client, while B functions as the
server At a later time, computers A and B can reverse roles B, as client, makes a print
request of A, which has a shared printer attached, and A, as server, responds to the
request from B A and B stand in a reciprocal or peer relationship to each other
In a peer-to-peer network, individual users control their own resources They can
decide to share certain files with other users, as shown in Figure 4-39 and Figure 4-40
They might also require passwords before they allow others to access their resources
Because individual users make these decisions, no central point of control or
adminis-tration exists in the network In addition, individual users must back up their own
systems to be able to recover from data loss in case of failures When a computer acts
as a server, the user of that machine might experience reduced performance as the
machine serves the requests made by other systems
Figure 4-39 Sharing Files
Trang 10Figure 4-40 Shared File
Peer-to-peer networks are relatively easy to install and operate No additional equip-ment is necessary beyond a suitable operating system installed on each computer Most modern desktop operating systems provide support for peer-to-peer networking Because users control their own resources, no dedicated administrators are needed
A peer-to-peer network works well with a small number of computers, perhaps ten
or fewer As networks grow, peer-to-peer relationships become increasingly difficult to coordinate and manage Because they do not scale well, their efficiency decreases rapidly
as the number of computers on the network increases Also, individual users control access to the resources on their computers, which means security might be difficult to maintain The client/server model of network can be used to overcome the limitations
of the peer-to-peer network
Client/Server Networks
In a client-server arrangement, network services are located on a dedicated computer called a server, which responds to the requests of clients, as shown in Figure 4-41 The server is a central computer that is continuously available to respond to a client’s requests for file, print, application, and other services Most network operating systems (NOSs) adopt the form of client-server relationships Typically, desktop computers function as clients and one or more computers with additional processing power, memory, and specialized software function as servers
Lab Activity Building a Peer-to-Peer Network
In this lab, you create a simple peer-to-peer network between two PCs You identify and locate the proper cable, configure workstation IP addresses and
test connectivity using the ping command You also share a folder on one PC
and access it with the other