Mike Meyers’

CompTIA Network+® Guide to Managing and

Troubleshooting Networks

Third Edition

(Exam N10-005)

This page intentionally left blank

Mike Meyers’

CompTIA Network+® Guide to Managing and

Troubleshooting Networks

Third Edition

(Exam N10-005)

Mike Meyers

New York Chicago San Francisco Lisbon London Madrid Mexico City Milan

New Delhi San Juan Seoul Singapore Sydney Toronto

BaseTech

Copyright © 2012 by the McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

ISBN: 978-0-07-179981-2

MHID: 0-07-179981-8

The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-178911-0, MHID: 0-07-178911-1.

All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefi t of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps.

McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative please e-mail us at [email protected].

McGraw-Hill is an independent entity from CompTIA®. This publication and digital content may be used in assisting students to prepare for the CompTIA Network+ exam. Neither CompTIA nor McGraw-Hill warrants that use of this publication and digital content will ensure passing any exam. CompTIA and CompTIA Network+ are trademarks or registered trademarks of CompTIA in the United States and/or other countries. All other trademarks are trademarks of their respective owners.

Fluke images printed with permission of Fluke Corporation, ©Fluke Corp. Intel image printed with permission of Intel Corporation, ©Intel Corp. TRENDnet images printed with permission of Trendnet Media, ©TRENDnet. Equalizer E650GX image printed by permission of Coyote Point Systems, ©Coyote Point Systems, Inc. www.coyotepoint.com. NetGear image printed with permission of NetGear, ©NETGEAR, Inc. Hewlett-Packard images printed with permission of HP, ©Hewlett-Packard CLEAR image printed with permission of CLEAR, ©CLEAR

TERMS OF USE

This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGrawHill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms.

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/ or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise.

E-book conversion by codeMantra

Version 2.0

About the Author■■ Michael Meyers is the industry’s leading authority on CompTIA Network+ certifica- tion. He is the president and founder of Total Seminars, LLC, a major provider of PC and network repair seminars for thousands of organizations throughout the world, and a member of CompTIA.

Mike has written numerous popular textbooks, including the best-selling Mike Meyers’ CompTIA A+® Guide to Managing & Troubleshooting PCs, Mike Meyers’ CompTIA A+® Guide to Essentials, and Mike Meyers’ CompTIA A+® Guide to Operating Systems.

About the Contributor Scott Jernigan wields a mighty red pen as Editor in Chief for Total Seminars. With a Master of Arts degree in Medieval History, Scott feels as much at home in the musty archives of London as he does in the warm CRT glow of Total Seminars’ Houston head- quarters. After fleeing a purely academic life, he dove headfirst into IT, working as an instructor, editor, and writer.

Scott has written, edited, and contributed to dozens of books on computer liter- acy, hardware, operating systems, networking, and certification, including Computer Literacy—Your Ticket to IC3 Certification, and co-authoring with Mike Meyers the All-in- One CompTIA Strata® IT Fundamentals Exam Guide.

Scott has taught computer classes all over the United States, including stints at the United Nations in New York and the FBI Academy in Quantico. Practicing what he preaches, Scott is a CompTIA A+ and CompTIA Network+ certified technician, a Microsoft Certified Professional, a Microsoft Office User Specialist, and Certiport Inter- net and Computing Core Certified.

About the Technical Editor Jonathan S. Weissman earned his master’s degree in Computer and Information Science from Brooklyn College (CUNY), and holds nineteen industry certifications, including Cisco CCNA, CompTIA Security+, CompTIA i-Net+, CompTIA Network+, CompTIA A+, CompTIA Linux+, Novell CNE, Novell CNA, Microsoft Office Master, Microsoft MCAS Word, Microsoft MCAS PowerPoint, Microsoft MCAS Excel, Microsoft MCAS Access, Microsoft MCAS Outlook, and Microsoft MCAS Vista.

Jonathan is a tenured Assistant Professor of Computing Sciences at Finger Lakes Community College, in Canandaigua, NY, and also teaches graduate and under- graduate computer science courses at nearby Rochester Institute of Technology. In addi- tion, Jonathan does computer, network, and security consulting for area businesses and individuals.

Between FLCC and RIT, Jonathan has taught nearly two dozen different computer science courses, including networking, security, administration, forensics, program- ming, operating systems, hardware, and software.

Students evaluating his teaching emphasize that he simplifies their understanding of difficult topics, while at the same time makes the class interesting and entertaining.

Jonathan completely designed and configured FLCC’s newest Networking & Secu- rity Lab. Serving as IT Program Coordinator, he rewrote FLCC’s Information Technol- ogy course requirements for the degree, keeping it current with the changes in industry over the years.

This textbook is just one of the many that Jonathan has edited for thoroughness and accuracy.

BaseTech

This page intentionally left blank

vii

Acknowledgments■■ I’d like to acknowledge the many people who contributed their talents to make this book possible:

To Tim Green, my acquisitions editor at McGraw-Hill: Didn’t think I’d get the book out this quickly, did you? Thanks for your superb support and encouragement, as always.

To my in-house Editor-in-Chief, Scott Jernigan: Didn’t think we’d get the book out that fast, did you? How many 85s do you have now? Pelape still smokes them all in DPS.

To Jonathan Weissman, technical editor: Holy crap, you kicked my butt. Thanks for making my book dramatically better than it has ever been.

To LeeAnn Pickrell, copy editor: u made me write good, thx. To Michael Smyer, Total Seminars’ resident tech guru and photogra-

pher: Glad to see you staying focused. And your photos rocked as always! To Ford Pierson, graphics maven and editor: Superb conceptual art?

Check! Great editing? Check! Beating the boss in Unreal Tournament over and over again? Check, unfortunately.

To Aaron Verber, editor extraordinaire: Your quiet toils in the dark cor- ner of the office have once again paid outstanding dividends!

To Dudley Lehmer, my partner at Total Seminars: As always, thanks for keeping the ship afloat while I got to play on this book!

To Stephanie Evans, acquisitions coordinator at McGraw-Hill: You are my favorite South African ambassador since the Springboks. Thanks for keeping track of everything and (gently) smacking Scott when he forgot things.

To Molly Sharp and Jody McKenzie, project editors: It was a joy to work with you, Molly, and again with you, Jody. I couldn’t have asked for a better team! (Didn’t think I could resist making the pun, did you?)

To Andrea Fox, proofreader: You did a super job, thank you To Tom and Molly Sharp, compositors: The layout was excellent,

thanks!

To Staci Lynne ■■ Davis, vegan chef and

punk rocker: Thanks for showing me your world

and, in the process, expanding mine.

BaseTech

Key Terms, identified in red, point out important vocabulary and definitions that you need to know.

Tech Tip sidebars provide inside information from experienced IT professionals.

Cross Check questions develop reasoning skills: ask, compare, contrast, and explain.

Engaging and Motivational— Using a conversational style and proven instructional approach, the author explains technical concepts in a clear, interesting way using real-world examples.

Makes Learning Fun!— Rich, colorful text and enhanced illustrations bring technical subjects to life.

10BaseT also introduced the networking world to the RJ-45 connector (Figure 4.9). Each pin on the RJ-45 connects to a single wire inside the cable; this enables de- vices to put voltage on the indi- vidual wires within the cable. The pins on the RJ-45 are numbered from 1 to 8, as shown in Figure 4.10.

The 10BaseT standard designates some of these numbered wires for specific purposes. As mentioned earlier, although the cable has four pairs, 10BaseT uses only two of the pairs. 10BaseT devices use pins 1 and 2 to send data, and pins 3 and 6 to receive data. Even though one pair of wires sends data and another receives data, a 10BaseT device cannot send and receive simul- taneously. The rules of CSMA/CD still apply: only one device can use the segment contained in the hub without causing a collision. Later versions of Ethernet will change this rule.

An RJ-45 connector is usually called a crimp, and the act (some folks call it an art) of installing a crimp onto the end of a piece of UTP cable is called crimping. The tool used to secure a crimp onto the end of a cable is a crimper. Each wire inside a UTP cable must connect to the proper pin inside the crimp. Manufacturers color-code each wire within a piece of four-pair UTP to assist in properly matching the ends. Each pair of wires consists of a solid- colored wire and a striped wire: blue/blue-white, orange/orange-white, brown/brown-white, and green/green-white (Figure 4.11).

The Telecommunications Industry Association/Electronics Industries Alliance (TIA/EIA) defines the industry standard for correct crimping of four-pair UTP for 10BaseT networks. Two standards currently exist: TIA/ EIA 568A and TIA/EIA 568B. Figure 4.12 shows the TIA/EIA 568A and TIA/ EIA 568B color-code standards. Note that the wire pairs used by 10BaseT (1 and 2; 3 and 6) come from the same color pairs (green/green-white and orange/orange-white). Following an established color-code scheme, such as TIA/EIA 568A, ensures that the wires match up correctly at each end of the cable.

66 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

Cross Check Check Your CATs!

You’ve already seen CAT levels in Chapter 3, “Cabling and Topology,” so check your memory and review the different speeds of the various CAT levels. Could 10BaseT use CAT 2? Could it use CAT 6? What types of devices can use CAT 1?

• Figure 4.9 Two views of an RJ-45 connector

• Figure 4.10 The pins on an RJ-45 connector are numbered 1 through 8.

• Figure 4.11 Color-coded pairs

The real name for RJ-45 is “8 Position 8 Contact (8P8C) modular plug.” The name RJ-45 is so dominant, however, that nobody but the nerdiest of nerds calls it by its real name. Stick to RJ-45.

AbouT ThIs book

Proven Learning Method Keeps You on Track Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks is structured to give you comprehensive knowledge of computer skills and technologies. The textbook’s active learning methodology guides you beyond mere recall and—through thought-provoking activities, labs, and sidebars—helps you develop critical-thinking, diagnostic, and communication skills.

Information technology (IT) offers many career paths, leading to occupations in such fields as PC repair, network administration, telecommunications, Web development, graphic design, and desktop support. To become competent in any IT field, however, you need

certain basic computer skills. Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks builds a foundation for success in the IT field by introducing you to fundamental technology concepts and giving you essential computer skills.

Important Technology skills ■

10BaseT also introduced the networking world to the RJ-45 connector (Figure 4.9). Each pin on the RJ-45 connects to a single wire inside the cable; this enables de- vices to put voltage on the indi- vidual wires within the cable. The pins on the RJ-45 are numbered from 1 to 8, as shown in Figure 4.10.

The 10BaseT standard designates some of these numbered wires for specific purposes. As mentioned earlier, although the cable has four pairs, 10BaseT uses only two of the pairs. 10BaseT devices use pins 1 and 2 to send data, and pins 3 and 6 to receive data. Even though one pair of wires sends data and another receives data, a 10BaseT device cannot send and receive simul- taneously. The rules of CSMA/CD still apply: only one device can use the segment contained in the hub without causing a collision. Later versions of Ethernet will change this rule.

An RJ-45 connector is usually called a crimp, and the act (some folks call it an art) of installing a crimp onto the end of a piece of UTP cable is called crimping. The tool used to secure a crimp onto the end of a cable is a crimper. Each wire inside a UTP cable must connect to the proper pin inside the crimp. Manufacturers color-code each wire within a piece of four-pair UTP to assist in properly matching the ends. Each pair of wires consists of a solid- colored wire and a striped wire: blue/blue-white, orange/orange-white, brown/brown-white, and green/green-white (Figure 4.11).

The Telecommunications Industry Association/Electronics Industries Alliance (TIA/EIA) defines the industry standard for correct crimping of four-pair UTP for 10BaseT networks. Two standards currently exist: TIA/ EIA 568A and TIA/EIA 568B. Figure 4.12 shows the TIA/EIA 568A and TIA/ EIA 568B color-code standards. Note that the wire pairs used by 10BaseT (1 and 2; 3 and 6) come from the same color pairs (green/green-white and orange/orange-white). Following an established color-code scheme, such as TIA/EIA 568A, ensures that the wires match up correctly at each end of the cable.

66 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

Cross Check Check Your CATs!

You’ve already seen CAT levels in Chapter 3, “Cabling and Topology,” so check your memory and review the different speeds of the various CAT levels. Could 10BaseT use CAT 2? Could it use CAT 6? What types of devices can use CAT 1?

• Figure 4.9 Two views of an RJ-45 connector

• Figure 4.10 The pins on an RJ-45 connector are numbered 1 through 8.

• Figure 4.11 Color-coded pairs

The real name for RJ-45 is “8 Position 8 Contact (8P8C) modular plug.” The name RJ-45 is so dominant, however, that nobody but the nerdiest of nerds calls it by its real name. Stick to RJ-45.

10BaseT also introduced the networking world to the RJ-45 connector (Figure 4.9). Each pin on the RJ-45 connects to a single wire inside the cable; this enables de- vices to put voltage on the indi- vidual wires within the cable. The pins on the RJ-45 are numbered from 1 to 8, as shown in Figure 4.10.

The 10BaseT standard designates some of these numbered wires for specific purposes. As mentioned earlier, although the cable has four pairs, 10BaseT uses only two of the pairs. 10BaseT devices use pins 1 and 2 to send data, and pins 3 and 6 to receive data. Even though one pair of wires sends data and another receives data, a 10BaseT device cannot send and receive simul- taneously. The rules of CSMA/CD still apply: only one device can use the segment contained in the hub without causing a collision. Later versions of Ethernet will change this rule.

An RJ-45 connector is usually called a crimp, and the act (some folks call it an art) of installing a crimp onto the end of a piece of UTP cable is called crimping. The tool used to secure a crimp onto the end of a cable is a crimper. Each wire inside a UTP cable must connect to the proper pin inside the crimp. Manufacturers color-code each wire within a piece of four-pair UTP to assist in properly matching the ends. Each pair of wires consists of a solid- colored wire and a striped wire: blue/blue-white, orange/orange-white, brown/brown-white, and green/green-white (Figure 4.11).

The Telecommunications Industry Association/Electronics Industries Alliance (TIA/EIA) defines the industry standard for correct crimping of four-pair UTP for 10BaseT networks. Two standards currently exist: TIA/ EIA 568A and TIA/EIA 568B. Figure 4.12 shows the TIA/EIA 568A and TIA/ EIA 568B color-code standards. Note that the wire pairs used by 10BaseT (1 and 2; 3 and 6) come from the same color pairs (green/green-white and orange/orange-white). Following an established color-code scheme, such as TIA/EIA 568A, ensures that the wires match up correctly at each end of the cable.

66 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

Cross Check Check Your CATs!

You’ve already seen CAT levels in Chapter 3, “Cabling and Topology,” so check your memory and review the different speeds of the various CAT levels. Could 10BaseT use CAT 2? Could it use CAT 6? What types of devices can use CAT 1?

• Figure 4.9 Two views of an RJ-45 connector

• Figure 4.10 The pins on an RJ-45 connector are numbered 1 through 8.

• Figure 4.11 Color-coded pairs

The real name for RJ-45 is “8 Position 8 Contact (8P8C) modular plug.” The name RJ-45 is so dominant, however, that nobody but the nerdiest of nerds calls it by its real name. Stick to RJ-45.

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / fm blind folio ix

consider that type of NIC. The spe- cific process by which a NIC uses electricity to send and receive data is exceedingly complicated, but luck- ily for you, not necessary to under- stand. Instead, just think of a charge on the wire as a one, and no charge as a zero. A chunk of data moving in pulses across a wire might look something like Figure 2.13.

If you put an oscilloscope on the wire to measure voltage, you’d see something like Figure 2.14. An oscilloscope is a powerful micro- scope that enables you to see elec- trical pulses.

Now, remembering that the pulses represent bi- nary data, visualize instead a string of ones and zeroes moving across the wire (Figure 2.15).

Once you understand how data moves along the wire, the next question becomes this: how does the net- work get the right data to the right system? All networks transmit data by breaking whatever is moving across the physical layer (files, print jobs, Web pages, and so forth) into discrete chunks called frames. A frame is basically a container for a chunk of data moving across a network. The NIC creates and sends, as well as receives and reads, these frames.

I like to visualize an imaginary table inside every NIC that acts as a frame creation and reading station. I see frames as those pneumatic canis- ters you see when you go to a drive-in teller at a bank. A little guy inside the network card—named Nick, naturally!—builds these pneumatic canisters (the frames) on the table, and then shoots them out on the wire to the hub (Figure 2.16).

Chapter 2: Building a Network with the OSI Model 15

Try This! What’s Your MAC Address?

You can readily determine your MAC address on a Windows computer from the command line. This works in all modern versions of Windows.

1. In Windows 2000/XP, click Start | Run. Enter the command CMD and press the ENTER key to get to a command prompt.

2. In Windows Vista, click Start, enter CMD in the Start Search text box, and press the ENTER key to get to a command prompt.

3. At the command prompt, type the command IPCONFIG /ALL and press the ENTER key.

• Figure 2.13 Data moving along a wire

• Figure 2.14 Oscilloscope of data

• Figure 2.15 Data as ones and zeroes

• Figure 2.16 Inside the NIC

A number of different frame types are used in different net- works. All NICs on the same net- work must use the same frame type or they will not be able to communicate with other NICs.

Each chapter includes Learning Objectives ■ that set measurable goals for chapter-by-chapter progress

Illustrations ■ that give you a clear picture of the technologies

Tutorials ■ that teach you to perform essential tasks and procedures hands-on

Try This!, Cross Check ■ , and Tech Tip sidebars that encourage you to practice and apply concepts in real-world settings

Notes, Tips ■ , and Warnings that guide you through difficult areas

Chapter Summaries ■ and Key Terms Lists that provide you with an easy way to review important concepts and vocabulary

Challenging End-of-Chapter Tests ■ that include vocabulary-building exercises, multiple-choice questions, essay questions, and on-the-job lab projects

This pedagogically rich book is designed to make learning easy and enjoyable and to help you develop the skills and critical-thinking abilities that will enable you to adapt to different job situations and troubleshoot problems.

Mike Meyers’ proven ability to explain concepts in a clear, direct, even humorous way makes this book interesting, motivational, and fun.

Effective Learning Tools ■

Proven Learning Method Keeps You on Track Mike Meyers’ CompTIA Network+® Guide to Managing and Troubleshooting Networks is structured to give you comprehensive knowledge of computer skills and technologies. The textbook’s active learning methodology guides you beyond mere recall and—through thought-provoking activities, labs, and sidebars—helps you develop critical-thinking, diagnostic, and communication skills.

Try This! exercises apply core skills in a new setting.

Chapter Review sections provide concept summaries, key terms lists, and lots of questions and projects.

Key Terms Lists presents the important terms identified in the chapter.

Offers Practical Experience— Tutorials and lab assignments develop essential hands-on skills and put concepts in real-world contexts.

Robust Learning Tools— Summaries, key terms lists, quizzes, essay questions, and lab projects help you practice skills and measure progress.

Notes,Tips, and Warnings create a road map for success.

consider that type of NIC. The spe- cific process by which a NIC uses electricity to send and receive data is exceedingly complicated, but luck- ily for you, not necessary to under- stand. Instead, just think of a charge on the wire as a one, and no charge as a zero. A chunk of data moving in pulses across a wire might look something like Figure 2.13.

If you put an oscilloscope on the wire to measure voltage, you’d see something like Figure 2.14. An oscilloscope is a powerful micro- scope that enables you to see elec- trical pulses.

Now, remembering that the pulses represent bi- nary data, visualize instead a string of ones and zeroes moving across the wire (Figure 2.15).

Once you understand how data moves along the wire, the next question becomes this: how does the net- work get the right data to the right system? All networks transmit data by breaking whatever is moving across the physical layer (files, print jobs, Web pages, and so forth) into discrete chunks called frames. A frame is basically a container for a chunk of data moving across a network. The NIC creates and sends, as well as receives and reads, these frames.

I like to visualize an imaginary table inside every NIC that acts as a frame creation and reading station. I see frames as those pneumatic canis- ters you see when you go to a drive-in teller at a bank. A little guy inside the network card—named Nick, naturally!—builds these pneumatic canisters (the frames) on the table, and then shoots them out on the wire to the hub (Figure 2.16).

Chapter 2: Building a Network with the OSI Model 15

Try This! What’s Your MAC Address?

You can readily determine your MAC address on a Windows computer from the command line. This works in all modern versions of Windows.

1. In Windows 2000/XP, click Start | Run. Enter the command CMD and press the ENTER key to get to a command prompt.

2. In Windows Vista, click Start, enter CMD in the Start Search text box, and press the ENTER key to get to a command prompt.

3. At the command prompt, type the command IPCONFIG /ALL and press the ENTER key.

• Figure 2.13 Data moving along a wire

• Figure 2.14 Oscilloscope of data

• Figure 2.15 Data as ones and zeroes

• Figure 2.16 Inside the NIC

A number of different frame types are used in different net- works. All NICs on the same net- work must use the same frame type or they will not be able to communicate with other NICs.

consider that type of NIC. The spe- cific process by which a NIC uses electricity to send and receive data is exceedingly complicated, but luck- ily for you, not necessary to under- stand. Instead, just think of a charge on the wire as a one, and no charge as a zero. A chunk of data moving in pulses across a wire might look something like Figure 2.13.

If you put an oscilloscope on the wire to measure voltage, you’d see something like Figure 2.14. An oscilloscope is a powerful micro- scope that enables you to see elec- trical pulses.

Now, remembering that the pulses represent bi- nary data, visualize instead a string of ones and zeroes moving across the wire (Figure 2.15).

Once you understand how data moves along the wire, the next question becomes this: how does the net- work get the right data to the right system? All networks transmit data by breaking whatever is moving across the physical layer (files, print jobs, Web pages, and so forth) into discrete chunks called frames. A frame is basically a container for a chunk of data moving across a network. The NIC creates and sends, as well as receives and reads, these frames.

I like to visualize an imaginary table inside every NIC that acts as a frame creation and reading station. I see frames as those pneumatic canis- ters you see when you go to a drive-in teller at a bank. A little guy inside the network card—named Nick, naturally!—builds these pneumatic canisters (the frames) on the table, and then shoots them out on the wire to the hub (Figure 2.16).

Chapter 2: Building a Network with the OSI Model 15

Try This! What’s Your MAC Address?

You can readily determine your MAC address on a Windows computer from the command line. This works in all modern versions of Windows.

1. In Windows 2000/XP, click Start | Run. Enter the command CMD and press the ENTER key to get to a command prompt.

2. In Windows Vista, click Start, enter CMD in the Start Search text box, and press the ENTER key to get to a command prompt.

3. At the command prompt, type the command IPCONFIG /ALL and press the ENTER key.

• Figure 2.13 Data moving along a wire

• Figure 2.14 Oscilloscope of data

• Figure 2.15 Data as ones and zeroes

• Figure 2.16 Inside the NIC

A number of different frame types are used in different net- works. All NICs on the same net- work must use the same frame type or they will not be able to communicate with other NICs.

BaseTech

x

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter

Contents at a Glance

CoNTENTs AT A GLANCE

Chapter 1 ■ CompTIA Network+ in a Nutshell 1

Chapter 2 ■ Network Models 8

Chapter 3 ■ Cabling and Topology 44

Chapter 4 ■ Ethernet Basics 66

Chapter 5 ■ Modern Ethernet 90

Chapter 6 ■ Installing a Physical Network 106

Chapter 7 ■ TCP/IP Basics 144

Chapter 8 ■ The Wonderful World of Routing 182

Chapter 9 ■ TCP/IP Applications 224

Chapter 10 ■ Network Naming 258

Chapter 11 ■ Securing TCP/IP 294

Chapter 12 ■ Advanced Networking Devices 330

Chapter 13 ■ IPv6 356

Chapter 14 ■ Remote Connectivity 380

Chapter 15 ■ Wireless Networking 424

BaseTech

xi Contents at a Glance

Chapter 16 ■ Protecting Your Network 458

Chapter 17 ■ Virtualization 484

Chapter 18 ■ Network Management 504

Chapter 19 ■ Building a SOHO Network 534

Chapter 20 ■ Network Troubleshooting 554

Appendix A ■ Objectives Map: CompTIA Network+ 580

Appendix b ■ About the Download 592

■ Glossary 596

■ Index 632

xii

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter

Contents

About the Author . . . . . . . . . . . . . . . . . . v Acknowledgments . . . . . . . . . . . . . . . . . .vii Preface. . . . . . . . . . . . . . . . . . . . . . . . xvii CompTIA Approved Quality Curriculum. . . . xix Instructor and Student Website. . . . . . . . . . xxv

Chapter 1 ■■CompTIA Network+ in a Nutshell 1 Who Needs CompTIA Network+?

I Just Want to Learn about Networks! . . . . . 1 What Is CompTIA Network+ Certification? . . . 1

What Is CompTIA? . . . . . . . . . . . . . . . 2 The Current CompTIA Network+

Certification Exam Release. . . . . . . . . . 2 How Do I Become CompTIA

Network+ Certified? . . . . . . . . . . . . . 2 What Is the Exam Like? . . . . . . . . . . . . . . . 3

How Do I Take the Test?. . . . . . . . . . . . . 4 How Much Does the Test Cost? . . . . . . . . . 4

How to Pass the CompTIA Network+ Exam . . . 5 Obligate Yourself . . . . . . . . . . . . . . . . 5 Set Aside the Right Amount of Study Time . . 5 Study for the Test . . . . . . . . . . . . . . . . 6

Chapter 2 ■■Network Models 8 Historical/Conceptual . . . . . . . . . . . . . . . 10 Working with Models . . . . . . . . . . . . . . . . 10

Biography of a Model . . . . . . . . . . . . . . 10 Network Models . . . . . . . . . . . . . . . . . 11

The OSI Seven-Layer Model in Action. . . . . . . 11 Welcome to MHTechEd!. . . . . . . . . . . . . 12

Test Specific. . . . . . . . . . . . . . . . . . . . . . 13 Let’s Get Physical—Network Hardware

and Layers 1–2 . . . . . . . . . . . . . . . . . . 13 The NIC . . . . . . . . . . . . . . . . . . . . . 15 The Two Aspects of NICs . . . . . . . . . . . . 21

Beyond the Single Wire—Network Software and Layers 3–7 . . . . . . . . . . . . . . . . . . 22

IP—Playing on Layer 3, the Network Layer . . . 24 Packets Within Frames . . . . . . . . . . . . . 25 Assembly and Disassembly—Layer 4,

the Transport Layer . . . . . . . . . . . . . 27

Talking on a Network—Layer 5, the Session Layer . . . . . . . . . . . . . . . 28

Standardized Formats, or Why Layer 6, Presentation, Has No Friends . . . . . . . . 30

Network Applications—Layer 7, the Application Layer . . . . . . . . . . . . . . 31

The TCP/IP Model. . . . . . . . . . . . . . . . . . 32 The Link Layer . . . . . . . . . . . . . . . . . 33 The Internet Layer. . . . . . . . . . . . . . . . 34 The Transport Layer . . . . . . . . . . . . . . . 34 The Application Layer . . . . . . . . . . . . . . 36 Frames, Packets, and Segments, Oh My! . . . . 37 The Tech’s Troubleshooting Tool . . . . . . . . . 38

Chapter 2 Review . . . . . . . . . . . . . . . . . . 39

Chapter 3 ■■Cabling and Topology 44 Test Specific. . . . . . . . . . . . . . . . . . . . . . 45 Topology . . . . . . . . . . . . . . . . . . . . . . . 45

Bus and Ring . . . . . . . . . . . . . . . . . . 45 Star . . . . . . . . . . . . . . . . . . . . . . . 46 Hybrids . . . . . . . . . . . . . . . . . . . . . 47 Mesh and Point-to-Multipoint . . . . . . . . . 47 Point-to-Point . . . . . . . . . . . . . . . . . . 50 Parameters of a Topology . . . . . . . . . . . . 50

Cabling . . . . . . . . . . . . . . . . . . . . . . . . 50 Coaxial Cable . . . . . . . . . . . . . . . . . . 50 Twisted Pair . . . . . . . . . . . . . . . . . . . 53 Fiber-Optic . . . . . . . . . . . . . . . . . . . 55 Other Cables . . . . . . . . . . . . . . . . . . . 56 Fire Ratings . . . . . . . . . . . . . . . . . . . 58

Networking Industry Standards—IEEE . . . . . . 58 Chapter 3 Review . . . . . . . . . . . . . . . . . . 60

Chapter 4 ■■Ethernet Basics 66 Historical/Conceptual . . . . . . . . . . . . . . . 67 Ethernet . . . . . . . . . . . . . . . . . . . . . . . . 67

Topology . . . . . . . . . . . . . . . . . . . . . 67 Test Specific. . . . . . . . . . . . . . . . . . . . . . 68 Organizing the Data: Ethernet Frames . . . . . . 68

CSMA/CD . . . . . . . . . . . . . . . . . . . 71

CoNTENTs

BaseTech

xiii Contents

Early Ethernet Networks . . . . . . . . . . . . . . 73 10BaseT . . . . . . . . . . . . . . . . . . . . . 73 10BaseFL . . . . . . . . . . . . . . . . . . . . 76

Extending and Enhancing Ethernet Networks . . 78 Connecting Ethernet Segments . . . . . . . . . 78 Switched Ethernet . . . . . . . . . . . . . . . . 80 Troubleshooting Hubs and Switches . . . . . . 84

Chapter 4 Review . . . . . . . . . . . . . . . . . . 85

Chapter 5 ■■Modern Ethernet 90 Test Specific. . . . . . . . . . . . . . . . . . . . . . 91 100-Megabit Ethernet . . . . . . . . . . . . . . . . 91

100BaseT . . . . . . . . . . . . . . . . . . . . 91 100BaseFX . . . . . . . . . . . . . . . . . . . 93

Gigabit Ethernet . . . . . . . . . . . . . . . . . . . 94 1000BaseCX . . . . . . . . . . . . . . . . . . . 95 1000BaseSX . . . . . . . . . . . . . . . . . . . 95 1000BaseLX . . . . . . . . . . . . . . . . . . . 95 New Fiber Connectors. . . . . . . . . . . . . . 95 Implementing Multiple Types of Gigabit

Ethernet . . . . . . . . . . . . . . . . . . . 96 10 Gigabit Ethernet . . . . . . . . . . . . . . . . . 97

Fiber-based 10 GbE . . . . . . . . . . . . . . . 97 Copper-based 10 GbE . . . . . . . . . . . . . . 98 10 GbE Physical Connections . . . . . . . . . . 99 Backbones . . . . . . . . . . . . . . . . . . . . 99 Know Your Ethernets!. . . . . . . . . . . . . 100

Chapter 5 Review . . . . . . . . . . . . . . . . . 101

Chapter 6 ■■Installing a Physical Network 106 Historical/Conceptual . . . . . . . . . . . . . . 107 Understanding Structured Cabling . . . . . . . 107

Cable Basics—A Star Is Born . . . . . . . . . 108 Test Specific. . . . . . . . . . . . . . . . . . . . . 109

Structured Cable Network Components . . . 109 Structured Cable—Beyond the Star. . . . . . 116

Installing Structured Cabling . . . . . . . . . . . 119 Getting a Floor Plan. . . . . . . . . . . . . . 119 Mapping the Runs . . . . . . . . . . . . . . 119 Determining the Location of the

Telecommunications Room . . . . . . . . . 120 Pulling Cable . . . . . . . . . . . . . . . . . 121 Making Connections . . . . . . . . . . . . . 123 Testing the Cable Runs . . . . . . . . . . . . 126

NICs . . . . . . . . . . . . . . . . . . . . . . . . . 130 Buying NICs . . . . . . . . . . . . . . . . . 131 Link Lights . . . . . . . . . . . . . . . . . . 133

Diagnostics and Repair of Physical Cabling . . 134 Diagnosing Physical Problems . . . . . . . . 134 Check Your Lights . . . . . . . . . . . . . . . 135 Check the NIC . . . . . . . . . . . . . . . . . 135 Cable Testing . . . . . . . . . . . . . . . . . 136 Problems in the Telecommunications Room . . 136 Toners . . . . . . . . . . . . . . . . . . . . . 137

Chapter 6 Review . . . . . . . . . . . . . . . . . 139

Chapter 7 ■■TCP/IP Basics 144 Historical/Conceptual . . . . . . . . . . . . . . 145 Standardizing Networking Technology . . . . . 145 Test Specific. . . . . . . . . . . . . . . . . . . . . 146 The TCP/IP Protocol Suite . . . . . . . . . . . . 146

Internet Layer Protocols. . . . . . . . . . . . 146 Transport Layer Protocols . . . . . . . . . . . 147 Application Layer Protocols . . . . . . . . . . 149

IP in Depth . . . . . . . . . . . . . . . . . . . . . 150 IP Addresses . . . . . . . . . . . . . . . . . . 151 IP Addresses in Action . . . . . . . . . . . . 155 Class IDs . . . . . . . . . . . . . . . . . . . 162

CIDR and Subnetting . . . . . . . . . . . . . . . 163 Subnetting . . . . . . . . . . . . . . . . . . . 164 CIDR: Subnetting in the Real World . . . . . 169

Using IP Addresses . . . . . . . . . . . . . . . . 170 Static IP Addressing . . . . . . . . . . . . . 170 Dynamic IP Addressing. . . . . . . . . . . . 173 Special IP Addresses. . . . . . . . . . . . . . 176

Chapter 7 Review . . . . . . . . . . . . . . . . . 177

Chapter 8 ■■The Wonderful World of Routing 182 Historical/Conceptual . . . . . . . . . . . . . . 183 How Routers Work . . . . . . . . . . . . . . . . 183 Test Specific. . . . . . . . . . . . . . . . . . . . . 184

Routing Tables. . . . . . . . . . . . . . . . . 184 Freedom from Layer 2 . . . . . . . . . . . . . 191 Network Address Translation . . . . . . . . . 191

Dynamic Routing . . . . . . . . . . . . . . . . . 196 Routing Metrics . . . . . . . . . . . . . . . . 198 Distance Vector . . . . . . . . . . . . . . . . 199 Link State . . . . . . . . . . . . . . . . . . . 204 EIGRP—the Lone Hybrid . . . . . . . . . . . 208 Dynamic Routing Makes the Internet . . . . 209

Working with Routers . . . . . . . . . . . . . . . 209 Connecting to Routers . . . . . . . . . . . . 210 Basic Router Configuration . . . . . . . . . . 215 Router Problems . . . . . . . . . . . . . . . . 216

Chapter 8 Review . . . . . . . . . . . . . . . . . 219

xiv

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter

Contents

Chapter 9 ■■TCP/IP Applications 224 Historical/Conceptual . . . . . . . . . . . . . . 225 Transport Layer and Network Layer

Protocols . . . . . . . . . . . . . . . . . . . . . 225 How People Communicate . . . . . . . . . . 225

Test Specific. . . . . . . . . . . . . . . . . . . . . 225 TCP . . . . . . . . . . . . . . . . . . . . . . 225 UDP . . . . . . . . . . . . . . . . . . . . . . 226 ICMP . . . . . . . . . . . . . . . . . . . . . 227 IGMP . . . . . . . . . . . . . . . . . . . . . 227

The Power of Port Numbers . . . . . . . . . . . 228 Registered Ports . . . . . . . . . . . . . . . . 230 Connection Status . . . . . . . . . . . . . . . 232 Rules for Determining Good vs.

Bad Communications . . . . . . . . . . . 236 Common TCP/IP Applications. . . . . . . . . . 236

The World Wide Web . . . . . . . . . . . . . 236 Telnet . . . . . . . . . . . . . . . . . . . . . 242 E-mail . . . . . . . . . . . . . . . . . . . . . 246 FTP . . . . . . . . . . . . . . . . . . . . . . 249 Internet Applications . . . . . . . . . . . . . 252

Chapter 9 Review . . . . . . . . . . . . . . . . . 253

Chapter 10 ■■Network Naming 258 Historical/Conceptual . . . . . . . . . . . . . . 259 DNS . . . . . . . . . . . . . . . . . . . . . . . . . 259 Test Specific. . . . . . . . . . . . . . . . . . . . . 260

How DNS Works . . . . . . . . . . . . . . . 260 Name Spaces. . . . . . . . . . . . . . . . . . 262 DNS Servers . . . . . . . . . . . . . . . . . 272 Troubleshooting DNS . . . . . . . . . . . . . 279

WINS . . . . . . . . . . . . . . . . . . . . . . . . 282 Configuring WINS Clients . . . . . . . . . . 283 Troubleshooting WINS . . . . . . . . . . . . 284

Diagnosing TCP/IP Networks . . . . . . . . . . 284 Chapter 10 Review. . . . . . . . . . . . . . . . . 288

Chapter 11 ■■Securing TCP/IP 294 Test Specific. . . . . . . . . . . . . . . . . . . . . 295 Making TCP/IP Secure . . . . . . . . . . . . . . 295

Encryption. . . . . . . . . . . . . . . . . . . 295 Nonrepudiation . . . . . . . . . . . . . . . . 302 Authentication . . . . . . . . . . . . . . . . 307 Authorization . . . . . . . . . . . . . . . . . 307

TCP/IP Security Standards . . . . . . . . . . . . 308 Authentication Standards . . . . . . . . . . . 308 Encryption Standards . . . . . . . . . . . . . 316 Combining Authentication and Encryption . . 319

Secure TCP/IP Applications . . . . . . . . . . . 320 HTTPS . . . . . . . . . . . . . . . . . . . . 321 SCP . . . . . . . . . . . . . . . . . . . . . . 321 SFTP. . . . . . . . . . . . . . . . . . . . . . 322 SNMP . . . . . . . . . . . . . . . . . . . . . 322 LDAP . . . . . . . . . . . . . . . . . . . . . 323 NTP . . . . . . . . . . . . . . . . . . . . . . 323

Chapter 11 Review . . . . . . . . . . . . . . . . . 324

Chapter 12 ■■Advanced Networking Devices 330 Client/Server and Peer-to-Peer Topologies . . . 331 Historical/Conceptual . . . . . . . . . . . . . . 331

Client/Server . . . . . . . . . . . . . . . . . 331 Peer-to-Peer . . . . . . . . . . . . . . . . . . 332

Test Specific. . . . . . . . . . . . . . . . . . . . . 333 Client/Server and Peer-to-Peer Today. . . . . 333

Virtual Private Networks . . . . . . . . . . . . . 334 PPTP VPNs . . . . . . . . . . . . . . . . . . 335 L2TP VPNs . . . . . . . . . . . . . . . . . . 336 SSL VPNs . . . . . . . . . . . . . . . . . . . 337

Virtual LANs . . . . . . . . . . . . . . . . . . . . 337 Trunking. . . . . . . . . . . . . . . . . . . . 338 Configuring a VLAN-capable Switch. . . . . 339 Virtual Trunk Protocol . . . . . . . . . . . . 341 InterVLAN Routing . . . . . . . . . . . . . 341

Multilayer Switches . . . . . . . . . . . . . . . . 342 Load Balancing . . . . . . . . . . . . . . . . 343 QoS and Traffic Shaping . . . . . . . . . . . 345 Network Protection . . . . . . . . . . . . . . 346

Chapter 12 Review. . . . . . . . . . . . . . . . . 351

Chapter 13 ■■IPv6 356 Test Specific. . . . . . . . . . . . . . . . . . . . . 357 IPv6 Basics . . . . . . . . . . . . . . . . . . . . . 357

IPv6 Address Notation . . . . . . . . . . . . 357 Link-Local Address . . . . . . . . . . . . . . 359 IPv6 Subnet Masks . . . . . . . . . . . . . . 360 The End of Broadcast . . . . . . . . . . . . . 361 Global Address . . . . . . . . . . . . . . . . 363 Aggregation . . . . . . . . . . . . . . . . . . 364

Using IPv6 . . . . . . . . . . . . . . . . . . . . . 366 Enabling IPv6 . . . . . . . . . . . . . . . . . 367 NAT in IPv6. . . . . . . . . . . . . . . . . . 368 DHCP in IPv6 . . . . . . . . . . . . . . . . 369 DNS in IPv6 . . . . . . . . . . . . . . . . . 370

Moving to IPv6 . . . . . . . . . . . . . . . . . . . 371 IPv4 and IPv6 . . . . . . . . . . . . . . . . . 372 Tunnels . . . . . . . . . . . . . . . . . . . . 372 IPv6 Is Here, Really! . . . . . . . . . . . . . 375

Chapter 13 Review. . . . . . . . . . . . . . . . . 376

BaseTech

xv Contents

Chapter 14 ■■Remote Connectivity 380 Historical/Conceptual . . . . . . . . . . . . . . 381 Telephony and Beyond . . . . . . . . . . . . . . 381

The Dawn of Long Distance. . . . . . . . . . 382 Test Specific. . . . . . . . . . . . . . . . . . . . . 386

Digital Telephony . . . . . . . . . . . . . . . 386 Copper Carriers: T1 and T3 . . . . . . . . . . 387 Fiber Carriers: SONET/SDH and OC . . . . 391 Packet Switching . . . . . . . . . . . . . . . 392 Real-World WAN . . . . . . . . . . . . . . . 395 Alternative to Telephony WAN . . . . . . . . 396

The Last Mile . . . . . . . . . . . . . . . . . . . . 397 Dial-Up . . . . . . . . . . . . . . . . . . . . 397 DSL . . . . . . . . . . . . . . . . . . . . . . 401 Cable Modems . . . . . . . . . . . . . . . . . 404 Satellite . . . . . . . . . . . . . . . . . . . . 406 Cellular WAN . . . . . . . . . . . . . . . . . 406 Fiber . . . . . . . . . . . . . . . . . . . . . . 407 BPL . . . . . . . . . . . . . . . . . . . . . . 407 Which Connection? . . . . . . . . . . . . . . 408

Using Remote Access . . . . . . . . . . . . . . . 408 Dial-Up to the Internet . . . . . . . . . . . . 409 Private Dial-Up . . . . . . . . . . . . . . . . 410 VPNs . . . . . . . . . . . . . . . . . . . . . 411 Dedicated Connection . . . . . . . . . . . . . 411 Remote Terminal . . . . . . . . . . . . . . . 413

Chapter 14 Review. . . . . . . . . . . . . . . . . 417

Chapter 15 ■■Wireless Networking 424 Historical/Conceptual . . . . . . . . . . . . . . 425 Test Specific. . . . . . . . . . . . . . . . . . . . . 425 Wi-Fi Standards . . . . . . . . . . . . . . . . . . 425

802.11 . . . . . . . . . . . . . . . . . . . . . 425 802.11b . . . . . . . . . . . . . . . . . . . . 432 802.11a . . . . . . . . . . . . . . . . . . . . 432 802.11g . . . . . . . . . . . . . . . . . . . . 433 802.11n . . . . . . . . . . . . . . . . . . . . 433 Wireless Networking Security . . . . . . . . 434 Power over Ethernet. . . . . . . . . . . . . . 437

Implementing Wi-Fi . . . . . . . . . . . . . . . . 437 Performing a Site Survey . . . . . . . . . . . 438 Installing the Client . . . . . . . . . . . . . . 439 Setting Up an Ad Hoc Network. . . . . . . . 439 Setting Up an Infrastructure Network . . . . 439 Extending the Network . . . . . . . . . . . . 446 Verify the Installation . . . . . . . . . . . . . 448

Troubleshooting Wi-Fi . . . . . . . . . . . . . . . 448 Hardware Troubleshooting . . . . . . . . . . 448 Software Troubleshooting . . . . . . . . . . . 449

Connectivity Troubleshooting . . . . . . . . . 449 Configuration Troubleshooting . . . . . . . . 450

Chapter 15 Review. . . . . . . . . . . . . . . . . 452

Chapter 16 ■■Protecting Your Network 458 Test Specific. . . . . . . . . . . . . . . . . . . . . 459 Common Threats. . . . . . . . . . . . . . . . . . 459

System Crash/Hardware Failure . . . . . . . 459 Administrative Access Control . . . . . . . . 459 Malware . . . . . . . . . . . . . . . . . . . . 460 Social Engineering . . . . . . . . . . . . . . 462 Man in the Middle . . . . . . . . . . . . . . 463 Denial of Service. . . . . . . . . . . . . . . . 463 Physical Intrusion . . . . . . . . . . . . . . . 464 Attacks on Wireless Connections . . . . . . . 465

Securing User Accounts . . . . . . . . . . . . . . 466 Authentication . . . . . . . . . . . . . . . . 466 Passwords . . . . . . . . . . . . . . . . . . . 467 Controlling User Accounts . . . . . . . . . . 468

Firewalls . . . . . . . . . . . . . . . . . . . . . . 470 Hiding the IPs . . . . . . . . . . . . . . . . . 471 Port Filtering . . . . . . . . . . . . . . . . . 471 Packet Filtering . . . . . . . . . . . . . . . . 473 MAC Filtering . . . . . . . . . . . . . . . . 474 Personal Firewalls . . . . . . . . . . . . . . . 474 Network Zones . . . . . . . . . . . . . . . . 476 Vulnerability Scanners . . . . . . . . . . . . 477

Chapter 16 Review. . . . . . . . . . . . . . . . . 478

Chapter 17 ■■Virtualization 484 Historical/Conceptual . . . . . . . . . . . . . . 485 What Is Virtualization? . . . . . . . . . . . . . . 485

Meet the Hypervisor. . . . . . . . . . . . . . 486 Emulation vs. Virtualization . . . . . . . . . 486 Sample Virtualization . . . . . . . . . . . . . 488

Test Specific. . . . . . . . . . . . . . . . . . . . . 492 Why Do We Virtualize? . . . . . . . . . . . . . . 492

Power Saving . . . . . . . . . . . . . . . . . 492 Hardware Consolidation . . . . . . . . . . . 493 System Recovery . . . . . . . . . . . . . . . 493 System Duplication . . . . . . . . . . . . . . 494 Research . . . . . . . . . . . . . . . . . . . . 494

Virtualization in Modern Networks . . . . . . . 494 Virtual Machine Managers . . . . . . . . . . 496 Hypervisors . . . . . . . . . . . . . . . . . . 497 Virtual Switches . . . . . . . . . . . . . . . 498 Virtual PBX . . . . . . . . . . . . . . . . . . 499 Network as a Service . . . . . . . . . . . . . 499

Chapter 17 Review. . . . . . . . . . . . . . . . . 500

xvi

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter

Contents

Chapter 18 ■■Network Management 504 Test Specific. . . . . . . . . . . . . . . . . . . . . 505 Network Configuration Management . . . . . . 505

Configuration Management Documentation . . 505 Change Management Documentation . . . . 511

Monitoring Performance and Connectivity . . . 512 Performance Monitor . . . . . . . . . . . . . 512 Logs and Network Traffic . . . . . . . . . . . 518

Network Performance Optimization . . . . . . 519 Caching . . . . . . . . . . . . . . . . . . . . 520 Controlling Data Throughput. . . . . . . . . 520 Keeping Resources Available . . . . . . . . . 522

Chapter 18 Review. . . . . . . . . . . . . . . . . 528

Chapter 19 ■■Building a SOHO Network 534 Historical/Conceptual . . . . . . . . . . . . . . 535 Test Specific. . . . . . . . . . . . . . . . . . . . . 535 Designing a SOHO Network . . . . . . . . . . . 535 Building the Network . . . . . . . . . . . . . . . 536

Define the Network Needs. . . . . . . . . . . 536 Network Design . . . . . . . . . . . . . . . . 537 Compatibility Issues . . . . . . . . . . . . . . 539 Internal Connections . . . . . . . . . . . . . 540 External Connections . . . . . . . . . . . . . 544 ISPs and MTUs . . . . . . . . . . . . . . . . 546 Peripherals. . . . . . . . . . . . . . . . . . . 548

Security . . . . . . . . . . . . . . . . . . . . . . . 549 Chapter 19 Review. . . . . . . . . . . . . . . . . 550

Chapter 20 ■■Network Troubleshooting 554 Test Specific. . . . . . . . . . . . . . . . . . . . . 555 Troubleshooting Tools . . . . . . . . . . . . . . . 555

Hardware Tools . . . . . . . . . . . . . . . . 555 Software Tools . . . . . . . . . . . . . . . . . 558

The Troubleshooting Process . . . . . . . . . . . 564 Identify the Problem . . . . . . . . . . . . . . 565 Establish a Theory of Probable Cause . . . . . 567

Test the Theory to Determine Cause . . . . . 567 Establish a Plan of Action and Identify

Potential Effects . . . . . . . . . . . . . . 568 Implement and Test the Solution or

Escalate as Necessary . . . . . . . . . . . 568 Verify Full System Functionality and

Implement Preventative Measures . . . . . 569 Document Findings, Actions, and

Outcomes . . . . . . . . . . . . . . . . . . 569 Troubleshooting Scenarios . . . . . . . . . . . . 569

“I Can’t Log In!” . . . . . . . . . . . . . . . 570 “I Can’t Get to This Web Site!” . . . . . . . . 570 “Our Web Server Is Sluggish!” . . . . . . . . 571 “I Can’t See Anything on the Network!” . . . 571 “It’s Time to Escalate!” . . . . . . . . . . . . 572 Troubleshooting Is Fun! . . . . . . . . . . . . 574

Chapter 20 Review. . . . . . . . . . . . . . . . . 575

Appendix A ■■Objectives Map: CompTIA

Network+ 580

Appendix B ■■About the Download 592

System Requirements . . . . . . . . . . . . . . . 592 Installing and Running Total Tester . . . . . . . 592 About Total Tester 593

Mike Meyers' Video Training 593 Mike’s Cool Tools . . . . . . . . . . . . . . . . . 594

Boson’s NetSim Network Simulator . . . . . . . 594 Technical Support . . . . . . . . . . . . . . . . . 595

Boson Technical Support . . . . . . . . . . . 595

■■Glossary 596

■■Index 632

. . . . . . . . . . . . . . . . . Playing Mike Meyers' Videos 593 . . . . . . . . . .

. . . . . . . . . .

BaseTech

xvii Preface

I was a teacher long before I was ever an author. I started writing computer books for the simple reason that no one wrote the kind of books I wanted to read. The books were either too simple (Chapter 1, “Using Your Mouse”) or too complex (Chapter 1, “TTL Logic and Transistors”) and none of them provided a motivation for me to learn the information. I guessed that there were geeky readers just like me who wanted to know why they needed to know the information in a computer book.

Good books motivate the reader to learn what he or she is reading. If a book discusses binary arithmetic but doesn’t explain why I need to learn it, for example, that’s not a good book. Tell me that understanding binary makes it easier to understand how an IP address works or why we’re about to run out of IP addresses and how IPv6 can help, then I get excited, no mat- ter how geeky the topic. If I don’t have a good reason, a good motivation to do something, then I’m simply not going to do it (which explains why I haven’t jumped out of an airplane!).

In this book, I teach you why you need to understand the wide world of networking. You’ll learn everything you need to start building, configuring, and supporting networks. In the process, you’ll gain the knowledge you need to pass the CompTIA Network+ certification exam.

Enjoy, my fellow geek.

PrEfACE

This page intentionally left blank

xix CompTIA Approved Quality Curriculum

CompTIA APProvEd QuALITy CurrICuLuM

CompTIA Network+■■ The CompTIA Network+ certification ensures that the successful candidate has the important knowledge and skills necessary to manage, maintain, troubleshoot, install, operate, and configure basic network infrastructure; describe networking technologies; basic design principles; and adhere to wiring standards and use testing tools.

It Pays to Get Certified■■ In a digital world, digital literacy is an essential survival skill. Certification proves you have the knowledge and skill to solve business problems in virtually any business environment. Certifications are highly valued cre- dentials that qualify you for jobs, increased compensation, and promotion.

CompTIA Network+ certification is held by many IT staffers across many organizations. 21% of IT staff within a random sampling of U.S. orga- nizations within a cross section of industry verticals hold CompTIA Net- work+ certification.

The CompTIA Network+ credential—proves knowledge of ■ networking features and functions and is the leading vendor-neutral certification for networking professionals.

Starting salary—the average starting salary of network engineers can ■ be up to $70,000.

Career pathway—CompTIA Network+ is the first step in starting a ■ networking career, and is recognized by Microsoft as part of their MS program. Other corporations, such as Novell, Cisco, and HP also recognize CompTIA Network+ as part of their certification tracks.

More than 325,000 individuals worldwide are CompTIA Network+ ■ certified.

Mandated/recommended by organizations worldwide—Apple, ■ Cisco, HP, Ricoh, the U.S. State Department, and U.S. government contractors such as EDS, General Dynamics, and Northrop Grumman recommend or mandate CompTIA Network+.

BaseTech

xx

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter

CompTIA Approved Quality Curriculum

How Certification Helps Your Career

CompTIA Career Pathway CompTIA offers a number of credentials that form a foundation for your career in technology and that allow you to pursue specific areas of concentration. Depend- ing on the path you choose, CompTIA certifications help you build upon your skills and knowledge, supporting learning throughout your career.

BaseTech

xxi CompTIA Approved Quality Curriculum

Steps to Getting Certified and ■■ Staying Certified

Review exam objectives.1. Review the certification objectives to make sure you know what is covered in the exam: www.comptia.org/certifications/testprep/examobjectives.aspx

Practice for the exam.2. After you have studied for the certification, take a free assessment and sample test to get an idea what type of questions might be on the exam: www.comptia.org/certifications/testprep/practicetests.aspx

Purchase an exam voucher.3. Purchase exam vouchers on the CompTIA Marketplace, which is located at: www.comptiastore.com

Take the test!4. Select a certification exam provider, and schedule a time to take your exam. You can find exam providers at the following link: www.comptia.org/certifications/testprep/testingcenters.aspx

Stay certified!5. Continuing education is required. Effective January 1, 2011, CompTIA Network+ certifications are valid for three years from the date of certification. There are a number of ways the certification can be renewed. For more information go to: http:// certification.comptia.org/getCertified/steps_to_certification/ stayCertified.aspx

Join the Professional Community■■ The free online IT Pro Community provides valuable content to students and professionals. Join the IT Pro Community:

http://itpro.comptia.org

Career IT job resources include:

Where to start in IT ■

Career assessments ■

Salary trends ■

U.S. job board ■

Join the IT Pro Community and get access to:

Forums on networking, security, computing, and cutting-edge ■ technologies

Access to blogs written by industry experts ■

xxii

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Front Matter

CompTIA Approved Quality Curriculum

Current information on cutting edge technologies ■

Access to various industry resource links and articles related to IT ■ and IT careers

APPRO V E D Q U A L I T Y C O

N T EN

T Content Seal of Quality■■

This courseware bears the seal of CompTIA Approved Quality Content. This seal signifies this content covers 100 percent of the exam objectives and implements important instructional design principles. CompTIA rec- ommends multiple learning tools to help increase coverage of the learning objectives.

Why CompTIA?■■ Global recognition ■ CompTIA is recognized globally as the leading IT nonprofit trade association and has enormous credibility. Plus, CompTIA’s certifications are vendor-neutral and offer proof of foundational knowledge that translates across technologies.

Valued by hiring managers ■ Hiring managers value CompTIA certification because it is vendor- and technology-independent validation of your technical skills.

Recommended or required by government and businesses ■ Many government organizations and corporations (for example, Dell, Sharp, Ricoh, the U.S. Department of Defense, and many more) either recommend or require technical staff to be CompTIA certified.

Three CompTIA certifications ranked in the top 10 ■ In a study by DICE of 17,000 technology professionals, certifications helped command higher salaries at all experience levels.

BaseTech

CompTIA Approved Quality Curriculum

How to Obtain More Information■■ Visit CompTIA online ■ Go to www.comptia.org to learn more about getting CompTIA certified.

Contact CompTIA ■ Please call 866-835-8020, ext. 5 or e-mail [email protected].

Join the IT Pro Community ■ Go to http://itpro.comptia.org to join the IT community to get relevant career information.

Connect with CompTIA ■ Find us on Facebook, LinkedIn, Twitter, and YouTube.

CAQC Disclaimer■■ The logo of the CompTIA Approved Quality Curriculum (CAQC) program and the status of this or other training material as “Approved” under the CompTIA Approved Quality Curriculum program signifies that, in Comp- TIA’s opinion, such training material covers the content of CompTIA’s related certification exam.

The contents of this training material were created for the CompTIA Network+ exam covering CompTIA certification objectives that were cur- rent as of the date of publication.

CompTIA has not reviewed or approved the accuracy of the contents of this training material and specifically disclaims any warranties of mer- chantability or fitness for a particular purpose. CompTIA makes no guaran- tee concerning the success of persons using any such “Approved” or other training material in order to prepare for any CompTIA certification exam.

xxiii

This page intentionally left blank

Instructor and Student Web Site

INsTruCTor ANd sTudENT WEb sITE

For instructor and student resources, please visit:

www.meyersnetplus.com

Students will find chapter quizzes that will help them learn more about troubleshooting and fixing networks, and teachers can access the support materials outlined below.

Additional Resources for Teachers■■ McGraw-Hill Connect, a Web-based learning platform, connects instructors with their support materials and students with chapter assessments. The Connect Online Learning Center provides resources for teachers in a format that follows the organization of the textbook.

This site includes the following:

Answer keys to the end-of-chapter activities in the textbook ■

Instructor’s Manual that contains learning objectives, classroom ■ preparation notes, instructor tips, and a lecture outline for each chapter

Answer keys to the Mike Meyers’ Lab Manual activities (available ■ separately)

Access to test bank files and software that allow you to generate ■ a wide array of paper- or network-based tests, and that feature automatic grading. The test bank includes:

Hundreds of practice questions and a wide variety of question ■ types categorized by exam objective, enabling you to customize each test to maximize student progress

Test bank files available on EZ Test Online and as downloads ■ from the Online Learning Center in these formats: Blackboard, Web CT, EZ Test, and Word

Engaging PowerPoint slides on the lecture topics that include full- ■ color artwork from the book

Please contact your McGraw-Hill sales representative for details.

xxv

BaseTech

1 chapter

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1

“Networking is an essential part

of building wealth.”

—Armstrong WilliAms

CompTIA Network+ in a Nutshell

In this chapter, you will learn how to

Describe the importance of ■■ CompTIA Network+ certification

Illustrate the structure and ■■ contents of the CompTIA Network+ certification exam

Plan a strategy to prepare for ■■ the exam

By picking up this book, you’ve shown an interest in learning about networking. But be forewarned. The term networking describes a vast field of study, far too large for any single certification, book, or training course to

cover. Do you want to configure routers and switches for a living? Do you want

to administer a large Windows network at a company? Do you want to install

wide area network connections? Do you want to set up Web servers? Do you

want to secure networks against attacks?

If you’re considering a CompTIA Network+ certification, you probably don’t

yet know exactly what aspect of networking you want to pursue, and that’s

okay! You’re going to love preparing for the CompTIA Network+ certification.

Attaining CompTIA Network+ certification provides you with three

fantastic benefits. First, you get a superb overview of networking that helps

you decide what part of the industry you’d like to pursue. Second, it acts as

a prerequisite toward other, more advanced certifications. Third, the amount

of eye-opening information you’ll gain just makes getting CompTIA Network+

certified plain old fun.

1 chapter

BaseTech / Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1

Chapter 1: CompTIA Network+ in a Nutshell 1

CompTIA Network+ in a Nutshell

Nothing comes close to providing a better overview of networking than CompTIA Network+. The certification covers local area networks (LANs), wide area networks (WANs), the Internet, security, cabling, and applica- tions in a wide-but-not-too-deep fashion that showcases the many different parts of a network and hopefully tempts you to investigate the aspects that intrigue you by looking into follow-up certifications.

The process of attaining CompTIA Network+ certification will give you a solid foundation in the whole field of networking. Mastering the compe- tencies will help fill in gaps in your knowledge and provide an ongoing series of “a-ha!” moments of grasping the big picture that make being a tech so much fun.

Ready to learn a lot, grab a great certification, and have fun doing it? Then welcome to CompTIA Network+ certification!

Who Needs CompTIA Network+? ■■ I Just Want to Learn about Networks!

Whoa up there, amigo! Are you one of those folks who either has never heard of the CompTIA Network+ exam or just doesn’t have any real inter- est in certification? Is your goal only to get a solid handle on the idea of networking and a jump start on the basics? Are you looking for that “magic bullet” book that you can read from beginning to end and then start install- ing and troubleshooting a network? Do you want to know what’s involved with running network cabling in your walls or getting your new wireless network working? Are you tired of not knowing enough about what TCP/ IP is and how it works? If these types of questions are running through your mind, then rest easy—you have the right book. Like every book with the Mike Meyers name, you’ll get solid concepts without pedantic details or broad, meaningless overviews. You’ll look at real-world networking as performed by real techs. This is a book that understands your needs and goes well beyond the scope of a single certification.

If the CompTIA Network+ exam isn’t for you, you can skip the rest of this chapter, shift your brain into learn mode, and dive into Chapter 2. But then, if you’re going to have the knowledge, why not get the certification?

What Is CompTIA Network+ ■■ Certification?

CompTIA Network+ certification is an industry-wide, vendor-neutral certi- fication program developed and sponsored by the Computing Technology Industry Association (CompTIA). The CompTIA Network+ certification shows that you have a basic competency in the physical support of net- working systems and knowledge of the conceptual aspects of networking.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 2

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1

To date, many hundreds of thousands of technicians have become CompTIA Network+ certified.

CompTIA Network+ certification enjoys wide recognition throughout the IT industry. At first, it rode in on the coattails of the successful CompTIA A+ certification program, but it now stands on its own in the network- ing industry and is considered the obvious next step after CompTIA A+ certification.

What Is CompTIA? CompTIA is a nonprofit, industry trade association based in Oakbrook Ter- race, Illinois, on the outskirts of Chicago. Tens of thousands of computer resellers, value-added resellers, distributors, manufacturers, and training companies from all over the world are members of CompTIA.

CompTIA was founded in 1982. The following year, CompTIA began offering the CompTIA A+ certification exam. CompTIA A+ certification is now widely recognized as a de facto requirement for entrance into the PC industry. Because the CompTIA A+ exam covers networking only lightly, CompTIA decided to establish a vendor-neutral test covering basic net- working skills. So, in April 1999, CompTIA unveiled the CompTIA Net- work+ certification exam.

CompTIA provides certifications for a variety of areas in the computer industry, offers opportunities for its members to interact, and represents its members’ interests to government bodies. CompTIA certifications include CompTIA A+, CompTIA Network+, and CompTIA Security+, to name a few. Check out the CompTIA Web site at www.comptia.org for details on other certifications.

CompTIA is huge. Virtually every company of consequence in the IT industry is a member of CompTIA: Microsoft, Dell, Cisco… Name an IT company and it’s probably a member of CompTIA.

The Current CompTIA Network+ Certification Exam Release CompTIA constantly works to provide exams that cover the latest technolo- gies and, as part of that effort, periodically updates its certification objec- tives, domains, and exam questions. This book covers all you need to know to pass the N10-005 CompTIA Network+ exam released in 2011.

How Do I Become CompTIA Network+ Certified? To become CompTIA Network+ certified, you simply pass one computer- based, multiple-choice exam. There are no prerequisites for taking the CompTIA Network+ exam, and no networking experience is needed. You’re not required to take a training course or buy any training materials. The only requirements are that you pay a testing fee to an authorized test- ing facility and then sit for the exam. Upon completion of the exam, you will immediately know whether you passed or failed.

BaseTech / Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1

Chapter 1: CompTIA Network+ in a Nutshell 3

Once you pass, you become CompTIA Network+ certified for three years. After three years, you’ll need to renew your certification by retaking the current exam or completing approved Continuing Education activities. By completing these activities, you earn credits that (along with an annual fee) allow you to keep your CompTIA Network+ certification. For a full list of approved activities, check out CompTIA’s Web site (www.comptia.org) and search for CompTIA Continuing Education Program.

Now for the details: CompTIA recommends that you have at least nine to twelve months of networking experience and CompTIA A+ knowl- edge, but this is not a requirement. Note the word “recommend.” You may not need experience or CompTIA A+ knowledge, but they help! The CompTIA A+ certification competencies have a degree of overlap with the CompTIA Network+ competencies, such as types of connectors and how networks work.

As for experience, keep in mind that CompTIA Network+ is mostly a practical exam. Those who have been out there supporting real networks will find many of the questions reminiscent of the types of problems they have seen on LANs. The bottom line is that you’ll probably have a much easier time on the CompTIA Network+ exam if you have some CompTIA A+ experience under your belt.

What Is the Exam Like?■■ The CompTIA Network+ exam contains 100 questions, and you have 90 minutes to complete the exam. To pass, you must score at least 720 on a scale of 100–900, at the time of this writing. Check the CompTIA Web site when you get close to testing to determine the current scale: http://certification.comptia.org/getCertified/certifications/network.aspx

The exam questions are divided into five areas that CompTIA calls domains. This table lists the CompTIA Network+ domains and the percent- age of the exam that each represents.

CompTIA Network+ Domain Percentage

1.0 Network Technologies 21%

2.0 Network Installation and Configuration 23%

3.0 Network Media and Topologies 17%

4.0 Network Management 20%

5.0 Network Security 19%

The CompTIA Network+ exam is extremely practical. Questions often present real-life scenarios and ask you to determine the best solution. The CompTIA Network+ exam loves troubleshooting. Let me repeat: many of the test objectives deal with direct, real-world troubleshooting. Be prepared to troubleshoot both hardware and software failures and to answer both “What do you do next?” and “What is most likely the problem?” types of questions.

A qualified CompTIA Network+ certification candidate can install and configure a PC to connect to a network. This includes installing and

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 4

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1

testing a network card, configuring drivers, and loading all network soft- ware. The exam will test you on the different topologies, standards, and cabling.

Expect conceptual questions about the Open Systems Interconnec- tion (OSI) seven-layer model. If you’ve never heard of the OSI seven-layer model, don’t worry! This book will teach you all you need to know. While this model rarely comes into play during the daily grind of supporting a network, you need to know the functions and protocols for each layer to pass the CompTIA Network+ exam. You can also expect questions on most of the protocol suites, with heavy emphasis on the TCP/IP suite.

How Do I Take the Test? To take the test, you must go to an authorized testing center. You cannot take the test over the Internet. Prometric and Pearson VUE administer the actual CompTIA Network+ exam. You’ll find thousands of Prometric and Pearson VUE testing centers scattered across the United States and Canada, as well as in over 75 other countries around the world. You may take the exam at any testing center. To locate a testing center and schedule an exam, call Prometric at 888-895-6116 or Pearson VUE at 877-551-7587. You can also visit their Web sites at www.prometric.com and www.vue.com.

How Much Does the Test Cost? CompTIA fixes the price, no matter what testing center you use. The cost of the exam depends on whether you work for a CompTIA member. At press time, the cost for non-CompTIA members is US$246.

If your employer is a CompTIA member, you can save money by obtain- ing an exam voucher. In fact, even if you don’t work for a CompTIA member, you can purchase a voucher from member companies and take advantage of significant member savings. You simply buy the voucher and then use the voucher to pay for the exam. Vouchers are delivered to you on paper and electronically via e-mail. The voucher number is the important thing. That number is your exam payment, so protect it from fellow students until you’re ready to schedule your exam.

If you’re in the United States or Canada, you can visit www.totalsem .com or call 800-446-6004 to purchase vouchers. As I always say, “You don’t have to buy your voucher from us, but for goodness’ sake, get one from somebody!” Why pay full price when you have a discount alternative?

You must pay for the exam when you schedule, whether online or by phone. If you’re scheduling by phone, be prepared to hold for a while. Have your Social Security number (or the international equivalent) ready and either a credit card or a voucher number when you call or begin the online scheduling process. If you require any special accommodations, both Pro- metric and Pearson VUE will be able to assist you, although your selection of testing locations may be a bit more limited.

International prices vary; see the CompTIA Web site for international pricing. Of course, prices are subject to change without notice, so always check the CompTIA Web site for current pricing!

CompTIA occasionally makes changes to the content of the exam, as well as the score necessary to pass it. Always check the Web site of my company, Total Seminars (www.totalsem.com), before scheduling your exam.

Although you can’t take the exam over the Internet, both Prometric and Pearson VUE provide easy online registration. Go to www.prometric.com or www.vue.com to register online.

BaseTech / Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1

Chapter 1: CompTIA Network+ in a Nutshell 5

How to Pass the CompTIA ■■ Network+ Exam

The single most important thing to remember about the CompTIA Net- work+ certification exam is that CompTIA designed it to test the knowl- edge of a technician with as little as nine months of experience—so keep it simple! Think in terms of practical knowledge. Read this book, answer the questions at the end of each chapter, take the practice exams on the media accompanying this book, review any topics you missed, and you’ll pass with flying colors.

Is it safe to assume that it’s probably been a while since you’ve taken an exam? Consequently, has it been a while since you’ve had to study for an exam? If you’re nodding your head yes, you’ll probably want to read the next sections. They lay out a proven strategy to help you study for the CompTIA Network+ exam and pass it. Try it. It works.

Obligate Yourself The first step you should take is to schedule the exam. Ever heard the old adage that heat and pressure make diamonds? Well, if you don’t give your- self a little “heat,” you might procrastinate and unnecessarily delay taking the exam. Even worse, you may end up not taking the exam at all. Do your- self a favor. Determine how much time you need to study (see the next sec- tion), and then call Prometric or Pearson VUE and schedule the exam, giving yourself the time you need to study—and adding a few extra days for safety. Afterward, sit back and let your anxieties wash over you. Suddenly, turning off the television and cracking open the book will become a lot easier! Keep in mind that Prometric and Pearson VUE let you schedule an exam only a few weeks in advance, at most. If you schedule an exam and can’t make it, you must reschedule at least a day in advance or lose your money.

Set Aside the Right Amount of Study Time After helping thousands of techs get their CompTIA Network+ certifica- tion, we at Total Seminars have developed a pretty good feel for the amount of study time needed to pass the CompTIA Network+ exam. Table 1.1 will help you plan how much study time you must devote to the exam. Keep in mind that these are averages. If you’re not a great student or if you’re a little on the nervous side, add another 10 percent. Equally, if you’re the type who can learn an entire semester of geometry in one night, reduce the numbers by 10 percent. To use this table, just circle the values that are most accurate for you and add them up to get the number of study hours.

A complete neophyte will need at least 120 hours of study time. An experienced network technician already CompTIA A+ certified should only need about 24 hours.

Study habits also come into play here. A person with solid study habits (you know who you are) can reduce the number by 15 percent. People with poor study habits should increase that number by 20 percent.

The total hours of study time you need is __________________.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 6

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1

Table 1.1 Determining How Much Study Time You Need Amount of Experience

Type of Experience None Once or Twice

On Occasion

Quite a Bit

Installing a SOHO wireless network 4 2 1 1

Installing an advanced wireless network (802.1X, RADIUS, etc.) 2 2 1 1

Installing structured cabling 3 2 1 1

Configuring a home router 5 3 2 1

Configuring a Cisco router 4 2 1 1

Configuring a software firewall 3 2 1 1

Configuring a hardware firewall 2 2 1 1

Configuring an IPv4 client 8 4 2 1

Configuring an IPv6 client 3 3 2 1

Working with a SOHO WAN connection (DSL, cable) 2 2 1 0

Working with an advanced WAN connection (Tx, OCx, ATM) 3 3 2 2

Configuring a DNS server 2 2 2 1

Configuring a DHCP server 2 1 1 0

Configuring a Web application server (HTTP, FTP, SSH, etc.) 4 4 2 1

Configuring a VLAN 3 3 2 1

Configuring a VPN 3 3 2 1 Configuring a dynamic routing protocol (RIP, EIGRP, OSPF) 2 2 1 1

Study for the Test Now that you have a feel for how long it’s going to take to study for the exam, you need a strategy for studying. The following has proven to be an excellent game plan for cramming the knowledge from the study materials into your head.

This strategy has two alternate paths. The first path is designed for highly experienced technicians who have a strong knowledge of PCs and networking and want to concentrate on just what’s on the exam. Let’s call this group the Fast Track group. The second path, and the one I’d strongly recommend, is geared toward people like me: the ones who want to know why things work, those who want to wrap their arms completely around a concept, as opposed to regurgitating answers just to pass the CompTIA Network+ exam. Let’s call this group the Brainiacs.

To provide for both types of learners, I have broken down most of the chapters into two parts:

Historical/Conceptual ■ Although not on the CompTIA Network+ exam, this knowledge will help you understand more clearly what is on the CompTIA Network+ exam.

Test Specific ■ These topics clearly fit under the CompTIA Network+ certification domains.

The beginning of each of these areas is clearly marked with a large ban- ner that looks like the following.

BaseTech / Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 1

Chapter 1: CompTIA Network+ in a Nutshell 7

Historical/Conceptual If you consider yourself a Fast Tracker, skip everything but the Test Spe- cific section in each chapter. After reading the Test Specific sections, jump immediately to the Chapter Review questions, which concentrate on infor- mation in the Test Specific sections. If you run into problems, review the Historical/Conceptual sections in that chapter. After going through every chapter as described, take the free practice exams on the media that accom- panies the book. First, take them in practice mode, and then switch to final mode. Once you start scoring in the 80–85 percent range, go take the test!

Brainiacs should first read the book—the whole book. Read it as though you’re reading a novel, starting on Page 1 and going all the way through. Don’t skip around on the first read-through, even if you are a highly expe- rienced tech. Because there are terms and concepts that build on each other, skipping around might confuse you, and you’ll just end up closing the book and firing up your favorite PC game. Your goal on this first read is to under- stand concepts—to understand the whys, not just the hows.

Having a network available while you read through the book helps a lot. This gives you a chance to see various concepts, hardware, and configu- ration screens in action as you read about them in the book. Nothing beats doing it yourself to reinforce a concept or piece of knowledge!

You will notice a lot of historical information—the Historical/ Conceptual sections—that you may be tempted to skip. Don’t! Understanding how some of the older stuff worked or how something works conceptually will help you appreciate the reason behind current networking features and equipment, as well as how they function.

After you have completed the first read-through, cozy up for a second. This time, try to knock out one chapter per sitting. Concentrate on the Test Specific sections. Get a highlighter and mark the phrases and sentences that make major points. Take a hard look at the pictures and tables, noting how they illustrate the concepts. Then, answer the end of chapter questions. Repeat this process until you not only get all the questions right, but also understand why they are correct!

Once you have read and studied the material in the book, check your knowledge by taking the practice exams included on the media accompa- nying the book. The exams can be taken in practice mode or final mode. In practice mode, you are allowed to check references in the book (if you want) before you answer each question, and each question is graded immediately. In final mode, you must answer all the questions before you are given a test score. In each case, you can review a results summary that tells you which questions you missed, what the right answer is, and where to study further.

Use the results of the exams to see where you need to bone up, and then study some more and try them again. Continue retaking the exams and reviewing the topics you missed until you are consistently scoring in the 80–85 percent range. When you’ve reached that point, you are ready to pass the CompTIA Network+ exam!

If you have any problems or questions, or if you just want to argue about something, feel free to send an e-mail to me at [email protected] or to my editor, Scott Jernigan, at [email protected].

For additional information about the CompTIA Network+ exam, con- tact CompTIA directly at its Web site: www.comptia.org.

Good luck! —Mike Meyers

We have active and helpful discussion groups at www .totalsem.com/forums. You need to register to participate (though not to read posts), but that’s only to keep the spammers at bay. The forums provide an excellent resource for answers, suggestions, and just socializing with other folks studying for the exam.

Be aware that you may need to return to previous chapters to get the Historical/Conceptual information you need for a later chapter.

2 chapter

8

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

Network Models

“First we thought the PC was a

calculator. Then we found out how

to turn numbers into letters with

ASCII—and we thought it was

a typewriter. Then we discovered

graphics, and we thought it was

a television. With the World

Wide Web, we’ve realized it’s a

brochure.”

—Douglas aDams

In this chapter, you will learn how to

Describe how models such as the ■■ OSI seven-layer model and the TCP/IP model help technicians understand and troubleshoot networks

Explain the major functions of ■■ networks with the OSI seven-layer model

Describe the major functions of ■■ networks with the TCP/IP model

The CompTIA Network+ certification challenges you to understand virtually every aspect of networking—not a small task. Luckily for you, we use two methods to conceptualize the many parts of a network: the Open Systems

Interconnection (OSI) seven-layer model and the Transmission Control

Protocol/Internet Protocol (TCP/IP) model.

These models act as guidelines and break down how a network functions

into discrete parts called layers. If you want to get into networking—and

if you want to pass the CompTIA Network+ certification exam—you must

understand both the OSI seven-layer model and the TCP/IP model in great

detail.

BaseTech

Chapter 2: Network Models 9

These models provide two tools that make them critical for networking techs. First, the OSI and TCP/IP models provide powerful mental tools for diag- nosing problems. Understand- ing the models enables a tech to determine quickly at what layer a problem can occur and helps him or her zero in on a solution with- out wasting a lot of time on false leads. Second, these models also provide a common language to describe networks—a way for us to communicate with each other about the functions of a network. Figure 2.1 shows a sample Cisco Systems Web page about configuring routing—a topic this book covers in detail later. A router operates at Layer 3 of the OSI seven-layer model, for example, so you’ll hear techs (and Web sites) refer to it as a “Layer 3 switch.”

This chapter looks first at models in general and how models help conceptualize and troubleshoot networks. We’ll then go into both the OSI seven-layer model and the TCP/IP model to see how they help clarify net- work architecture for techs.

Figure 2.1 • Using the OSI terminology—Layer 3—in a typical setup screen

The term “Layer 3 switch” has evolved over time and refers today to a variety of complex network boxes that I’ll cover later in the book.

Cross Check Cisco and Certifications

Cisco Systems, Inc. is famous for making many of the “boxes” that interconnect networks all over the world. It’s not too far of a stretch to say that Cisco helps power a huge portion of the Internet. These boxes are complicated to configure, requiring a high degree of techni- cal knowledge.

To address this need, Cisco offers a series of certifications. One of the entry-level certifications, for example, is the Cisco Certified Net- work Associate (CCNA). Go to Cisco’s certification Web site and com- pare their objectives with what you learned about CompTIA Network+ in Chapter 1. Ask yourself this question: could you study for CCNA and CompTIA Network+ simultaneously?

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 10

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

Historical/Conceptual

Working with Models■■ Networking is hard. It takes a lot of pieces, both hardware and software, to get anything done. Just making Google appear in your Web browser requires millions of hours in research, development, and manufacturing. Whenever we encounter highly complex technologies, we need to sim- plify the overall process (making Google show up in your browser) by breaking it into discrete, simple, individual processes. We do this using models.

Modeling is critical to the networking world. We use models to under- stand and communicate with other techs about networks. Most beginning network techs, however, might have a very different idea of what model- ing means.

Biography of a Model What does the word “model” mean to you? Does the word make you think of a beautiful woman walking down a catwalk at a fashion show or

some hunky guy showing off the latest style of blue jeans on a huge billboard? Maybe it makes you think of a plastic model airplane? What about those com- puter models that try to predict weather? We use the term “model” in a number of ways, but each use shares certain common themes.

All models are a sim- plified representation of the real thing. The human

model ignores the many different types of body shapes, using only a single “optimal” figure. The model airplane lacks functional engines or the internal framework, and the computerized weather model might disregard subtle differences in wind temperatures or geology (Figure 2.2).

Additionally, a model must have at least all the major functions of the real item, but what constitutes a major rather than a minor function is open to opinion. Figure 2.3 shows a different level of detail for a model. Does it contain all the major components of an airplane? There’s room for argument that perhaps the model should have landing gear to go along with the propeller, wings, and tail.

Figure 2.2 • Types of models (images from left to right courtesy of NOAA, Mike Schinkel, and Michael Smyer)

Figure 2.3 • Simple model airplane

BaseTech

Chapter 2: Network Models 11

Network Models Network models face similar challenges. What functions define all net- works? What details can you omit without rendering the model inaccurate? Does the model retain its usefulness when describing a network that does not employ all the layers?

In the early days of networking, different manufacturers made unique types of networks that functioned fairly well. But each network had its own cabling, hardware, drivers, naming conventions, applications, and many other unique features. Back then, a single manufacturer provided every- thing for a customer whenever you purchased a network solution: cabling, NICs, hubs, drivers, and all the software in one complete and expensive package. Although these networks worked fine as stand-alone networks, the proprietary nature of the hardware and software made it difficult—to put it mildly—to connect networks of multiple manufacturers. To intercon- nect networks and improve networking as a whole, someone needed to create a guide, a model that described the functions of a network, so that people who made hardware and software could work together to make networks that worked together well.

The granddaddy of network models came from the International Orga- nization for Standardization, known as ISO. Their model, known as the OSI seven-layer model, works for almost every type of network, even extremely old and long-obsolete ones. On the other hand, the TCP/IP model only works for networks that use the now-dominant TCP/IP protocol suite. (Don’t worry about what TCP/IP means yet—most of this book’s job is to explain that in great detail.) Since most of the world uses TCP/IP, the TCP/ IP model supplanted the OSI model in many cases, though most discussion that involves the word “Layers” refers to the OSI model. A good tech can talk the talk of both models, and they are objectives on the CompTIA Net- work+ exam, so let’s learn both.

The best way to learn the OSI and TCP/IP models is to see them in action. For this reason, I’ll introduce you to a small network that needs to copy a file from one computer to another. This example goes through each of the OSI and TCP/IP layers needed to copy that file, and I explain each step and why it is necessary. By the end of the chapter, you should have a definite handle on using either of these models as a tool to conceptualize networks. You’ll continue to build on this knowledge throughout the book and turn your OSI and TCP/IP model knowledge into a powerful troubleshooting tool.

I'll begin by discussing the OSI seven-layer model. After seeing this small network through the lens of the OSI seven-layer model, we'll repeat the process with the TCP/IP model.

The OSI Seven-Layer Model ■■ in Action

Each layer in the OSI seven-layer model defines an important function in computer networking, and the protocols that operate at that layer offer solutions to those functions. Protocols are sets of clearly defined rules,

ISO may look like a misspelled acronym, but it’s actually a word, derived from the Greek word isos, which means “equal.” The International Organization for Standardization sets standards that promote equality among network designers and manufacturers, thus ISO.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 12

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

regulations, standards, and procedures that enable hardware and software developers to make devices and applications that function properly at a particular level. The OSI seven-layer model encourages modular design in networking, meaning that each layer has as little to do with the opera- tion of other layers as possible. Think of it as an automobile assembly line. The guy painting the car doesn’t care about the gal putting doors on the car—he expects the assembly line process to make sure the cars he paints have doors. Each layer on the model trusts that the other layers on the model do their jobs.

The OSI seven layers are:

Layer 7 ■ Application

Layer 6 ■ Presentation

Layer 5 ■ Session

Layer 4 ■ Transport

Layer 3 ■ Network

Layer 2 ■ Data Link

Layer 1 ■ Physical

The OSI seven layers are not laws of physics—anybody who wants to design a network can do it any way he or she wants. Although many protocols fit neatly into one of the seven layers, others do not.

Now that you know the names of the layers, let’s see what each layer does. The best way to understand the OSI layers is to see them in action. Let’s see them at work at the fictional company of MHTechEd, Inc.

Welcome to MHTechEd! Mike’s High-Tech Educational Supply Store and Post Office, or MHTechEd for short, has a small network of PCs running Windows, a situation typi- cal of many small businesses today. Windows runs just fine on a PC uncon- nected to a network, but it also comes with all the network software it needs to connect to a network. All the computers in the MHTechEd net- work are connected by special network cabling.

As in most offices, virtually everyone at MHTechEd has his or her own PC. Figure 2.4 shows two workers, Janelle and Dana, who han- dle all the administrative functions at MHTechEd. Because of the kinds of work they do, these two often need to exchange data between their two PCs. At the moment, Janelle has just completed a new employee handbook in Microsoft Word, and she wants Dana to check it for accuracy. Janelle could transfer a copy of the file to Dana’s com- puter by the tried-and-true Sneakernet method— saving the file on a thumb drive and walking it over to her—but thanks to the wonders of com- puter networking, she doesn’t even have to turn around in her chair. Let’s watch in detail each

Be sure to memorize both the name and the number of each OSI layer. Network techs use OSI terms such as “Layer 4” and “Transport layer” synonymously. Students have long used mnemonics for memorizing such lists. One of my favorites for the OSI seven-layer model is “Please Do Not Throw Sausage Pizza Away.” Yum!

This section is a conceptual overview of the hardware and software functions of a network. Your network may have different hardware or software, but it will share the same functions!

Figure 2.4 • Janelle and Dana, hard at work

BaseTech

Chapter 2: Network Models 13

piece of the process that gives Dana direct access to Janelle’s computer, so she can copy the Word document from Janelle’s system to her own.

Long before Janelle ever saved the Word document on her system— when the systems were first installed—someone who knew what they were doing set up and configured all the systems at MHTechEd to be part of a common network. All this setup activity resulted in multiple layers of hardware and software that can work together behind the scenes to get that Word document from Janelle’s system to Dana’s. Let’s examine the differ- ent pieces of the network, and then return to the process of Dana grabbing that Word document.

Test Specific

Let’s Get Physical—Network ■■ Hardware and Layers 1–2

Clearly the network needs a physical channel through which it can move bits of data between systems. Most networks use a cable like the one shown in Figure 2.5. This cable, known in the networking industry as unshielded twisted pair (UTP), usually contains four pairs of wires that can transmit and receive data.

Another key piece of hardware the network uses is a special box-like device called a hub (Figure 2.6), often tucked away in a closet or an equip- ment room. Each system on the network has its own cable that runs to the hub. Think of the hub as being like one of those old-time telephone switch- boards, where operators created connections between persons who called in wanting to reach other telephone users.

Readers with some networking experience know that hubs don’t exist in modern networks, having been replaced with much better devices called switches. But the CompTIA Network+ exam expects you to know what hubs are; plus hubs make this modeling discussion simpler. I’ll get to switches soon enough.

Figure 2.6 • Typical hubFigure 2.5 • UTP cabling

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 14

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

Layer 1 of the OSI model defines the method of moving data between computers, so the cabling and hubs are part of the Physical layer (Layer 1). Anything that moves data from one system to another, such as copper cabling, fiber optics, even radio waves, is part of the OSI Physical layer. Layer 1 doesn’t care what data goes through; it just moves the data from one system to another sys- tem. Figure 2.7 shows the MHTechEd network in the OSI seven-layer model thus far. Note that each system has the full range of layers, so data from Janelle’s computer can flow to Dana’s computer.

The real magic of a network starts with the net- work interface card, or NIC (pronounced “nick”), which serves as the interface between the PC and the network. While NICs come in a wide array of shapes and sizes, the ones at MHTechEd look like Figure 2.8.

On older systems, a NIC truly was a separate card that snapped into a handy expansion slot, which is why they were called network interface cards. Even though they’re now built into the motherboard, they are still called NICs.

When installed in a PC, the NIC looks like Figure 2.9. Note the cable running from the back of the NIC into the wall; inside that wall is another cable running all the way back to the hub.

Cabling and hubs define the Physical layer of the network, and NICs provide the interface to the PC. Figure 2.10 shows a diagram of the network cabling system. I’ll build on this diagram as I delve deeper into the network process.

You might be tempted to categorize the NIC as part of the Physical layer at this point, and you’d have a valid argument. The NIC clearly is necessary for the physical connection to take place. The CompTIA Network+ exam and many authors put the NIC in OSI Layer 2, the Data Link layer, though, so clearly something else is happening inside the NIC. Let’s take a closer look.

Figure 2.8 • Typical NIC

Figure 2.9 • NIC with cable connecting the PC to the wall jack Figure 2.10 • The MHTechEd network

Dana

Figure 2.7 • The network so far, with the Physical layer hardware installed

BaseTech

Chapter 2: Network Models 15

The NIC To understand networks, you must understand how NICs work. The net- work must provide a mechanism that gives each system a unique identi- fier—like a telephone number—so data is delivered to the right system. That’s one of the NIC’s most important jobs. Inside every NIC, burned onto some type of ROM chip, is special firmware containing a unique identifier with a 48-bit value called the media access control address, or MAC address.

No two NICs ever share the same MAC address—ever. Any com- pany that makes NICs must contact the Institute of Electrical and Electronics Engineers (IEEE) and request a block of MAC addresses, which the company then burns into the ROMs on its NICs. Many NIC makers also print the MAC address on the surface of each NIC, as shown in Figure 2.11. Note that the NIC shown here displays the MAC address in hexadecimal notation. Count the number of hex characters—because each hex character represents 4 bits, it takes 12 hex characters to represent 48 bits.

The MAC address in Figure 2.11 is 004005-607D49, although in print, we represent the MAC address as 00–40–05–60–7D–49. The first six digits, in this example 00–40–05, represent the number of the NIC manufacturer. Once the IEEE issues those six hex digits to a manu- facturer—often referred to as the organizationally unique identifier (OUI)—no other manufacturer may use them. The last six digits, in this example 60–7D–49, are the manufacturer’s unique serial number for that NIC; this portion of the MAC is often referred to as the device ID.

Would you like to see the MAC address for your NIC? If you have a Windows system, type ipconfig /all from a command prompt to display the MAC address (Figure 2.12). Note that ipconfig calls the MAC address the physical address, which is an important distinction, as you’ll see a bit later in the chapter.

Figure 2.12 • Output from ipconfig /all

Figure 2.11 • MAC address

MAC-48 and EUI-48 The Institute of Electrical and Electronics Engineers (IEEE) forms MAC addresses from a numbering name space originally called MAC-48, which simply means that the MAC address will be 48 bits, with the first 24 bits defining the OUI, just as described here. The current term for this numbering name space is EUI-48. EUI stands for Extended Unique Identifier. (IEEE apparently went with the new term because they could trademark it.)

Most techs just call them MAC addresses, as you should, but you might see MAC-48 or EUI-48 on the CompTIA Network+ exam.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 16

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

Okay, so every NIC in the world has a unique MAC address, but how is it used? Ah, that’s where the fun begins! Recall that computer data is binary, which means it’s made up of streams of ones and zeroes. NICs send and receive this binary data as pulses of electricity, light, or radio waves. The NICs that use electricity to send and receive data are the most common, so let’s consider that type of NIC. The specific process by which a NIC uses electricity to send and receive data is exceedingly complicated but, luckily for you, not necessary to understand. Instead, just think of a charge on the wire as a one and no charge as a zero. A chunk of data moving in pulses across a wire might look something like Figure 2.13.

If you put an oscilloscope on the wire to measure voltage, you’d see something like Figure 2.14. An oscilloscope is a powerful tool that enables you to see electrical pulses.

Now, remembering that the pulses represent binary data, visualize instead a string of ones and zeroes moving across the wire (Figure 2.15).

Once you understand how data moves along the wire, the next question is how does the network get the right data to the right system? All networks transmit data by breaking whatever is moving across

the Physical layer (files, print jobs, Web pages, and so forth) into discrete chunks called frames. A frame is basically a container for a chunk of data moving across a network. The NIC creates and sends, as well as receives and reads, these frames.

I like to visualize an imaginary table inside every NIC that acts as a frame creation and reading station. I see frames as those pneumatic canis- ters you see when you go to a drive-in teller at a bank. A little guy inside the network card—named Nic, naturally!—builds these pneumatic canis- ters (the frames) on the table and then shoots them out on the wire to the hub (Figure 2.16).

Figure 2.16 • Inside the NIC

Figure 2.13 • Data moving along a wire

Figure 2.14 • Oscilloscope of data

Figure 2.15 • Data as ones and zeroes

A number of different frame types are used in different networks. All NICs on the same network must use the same frame type, or they will not be able to communicate with other NICs.

Try This! What’s Your MAC Address?

You can readily determine your MAC address on a Windows computer from the command line. This works in all modern versions of Windows.

In Windows 2000/XP, click Start | Run. Enter 1. the command cmd and press the enter key to get to a command prompt.

In Windows Vista/7, click Start, enter2. cmd in the Start Search text box, and press the enter key to get to a command prompt.

At the command prompt, type the command3. ipconfig /all and press the enter key.

BaseTech

Chapter 2: Network Models 17

Here’s where the MAC address becomes important. Figure 2.17 shows a representation of a generic frame. Even though a frame is a string of ones and zeroes, we often draw frames as a series of rectangles, each rectangle representing a part of the string of ones and zeroes. You will see this type of frame repre- sentation used quite often, so you should become comfortable with it (even though I still prefer to see frames as pneumatic canisters). Note that the frame begins with the MAC address of the NIC to which the data is to be sent, followed by the MAC address of the sending NIC. Then comes the data, fol- lowed by a special bit of checking information called the frame check sequence (FCS). The FCS uses a type of binary math called a cyclic redundancy check (CRC) that the receiving NIC uses to verify that the data arrived intact.

So, what’s inside the data part of the frame? You neither know nor care. The data may be a part of a file, a piece of a print job, or part of a Web page. NICs aren’t concerned with content! The NIC simply takes whatever data is passed to it via its device driver and addresses it for the correct system. Special software will take care of what data gets sent and what happens to that data when it arrives. This is the beauty of imagining frames as little pneumatic canisters (Figure 2.18). A canister can carry anything from dirt to diamonds—the NIC doesn’t care one bit (pardon the pun).

Like a canister, a frame can hold only a certain amount of data. Different networks use different sizes of frames, but a single frame holds about 1500 bytes of data.

This raises a new question: what happens when the data to be sent is larger than the frame size? Well, the sending system’s software must chop the data up into nice, frame-sized chunks, which it then hands to the NIC for sending. As the receiving system begins to accept the incoming frames, the receiving system’s software recombines the data chunks as they come in from the network. I’ll show how this disassembling and reassembling is done in a moment—first, let’s see how the frames get to the right system!

When a system sends a frame out on the network, the frame goes into the hub. The hub, in turn, makes an exact copy of that frame, sending a copy of the original frame to every other system on the network. The inter- esting part of this process is when the copy of the frame comes into all the other systems. I like to visualize a frame sliding onto the receiving NIC’s “frame assembly table,” where the electronics of the NIC inspect it. Here’s where the magic takes place: only the NIC to which the frame is addressed will process that frame—the other NICs sim- ply erase it when they see that it is not addressed to their MAC address. This is important to appreciate: every frame sent on a network is received by every NIC, but only the NIC with the match- ing MAC address will process that particular frame (Figure 2.19).

Figure 2.18 • Frame as a canister

Tech Tip

FCS in Depth Most FCSs are only 4 bytes long, yet the average frame carries around 1500 bytes of data. How can 4 bytes tell you if all 1500 bytes in the data are correct? That’s the magic of the math of the CRC. Without going into the grinding details, think of the CRC as just the remainder of a division problem. (Remember learning remainders from division back in elementary school?) The NIC sending the frame does a little math to make the CRC. Using binary arithmetic, it works a division problem on the data using a divisor called a key. The result of this division is the CRC. When the frame gets to the receiving NIC, it divides the data by the same key. If the receiving NIC’s answer is the same as the CRC, it knows the data is good.

Data Sender’s

MAC address Recipient’s

MAC address FCS

Figure 2.17 • Generic frame

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 18

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

Figure 2.19 • Incoming frame!

Getting the Data on the Line The process of getting data onto the wire and then picking that data off the wire is amazingly complicated. For instance, what happens to keep two NICs from speaking at the same time? Because all the data sent by one NIC is read by every other NIC on the network, only one system may speak at a time. Networks use frames to restrict the amount of data a NIC can send at once, giving all NICs a chance to send data over the network in a reasonable span of time. Dealing with this and many other issues requires sophisti- cated electronics, but the NICs handle these issues completely on their own without our help. Thankfully, the folks who design NICs worry about all these details, so we don’t have to!

Getting to Know You Using the MAC address is a great way to move data around, but this pro- cess raises an important question. How does a sending NIC know the MAC address of the NIC to which it’s sending the data? In most cases, the send- ing system already knows the destination MAC address because the NICs had probably communicated earlier, and each system stores that data. If it doesn’t already know the MAC address, a NIC may send a broadcast onto the network to ask for it. The MAC address of FF-FF-FF-FF-FF-FF is the broadcast address—if a NIC sends a frame using the broadcast address, every single NIC on the network will process that frame. That broadcast frame’s data will contain a request for a system’s MAC address. Without knowing the MAC address to begin with, the requesting computer will use an IP address or host name to pick the target computer out of the crowd. The system with the MAC address your system is seeking will read the request in the broadcast packet and respond with its MAC address.

BaseTech

Chapter 2: Network Models 19

The Complete Frame Movement Now that you’ve seen all the pieces used to send and receive frames, let’s put these pieces together and see how a frame gets from one system to another. The basic send/receive process is as follows.

First, the sending system’s network operating system (NOS) software— such as Windows 7—hands some data to its NIC. The NIC builds a frame to transport that data to the receiving NIC (Figure 2.20).

Figure 2.20 • Building the frame

After the NIC creates the frame, it adds the FCS, and then dumps it and the data into the frame (Figure 2.21).

FC S

Figure 2.21 • Adding the data and FCS to the frame

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 20

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

Next, the NIC puts both the destination MAC address and its own MAC address onto the frame. It waits until no other NIC is using the cable, and then sends the frame through the cable to the network (Figure 2.22).

Figure 2.22 • Sending the frame

The frame propagates down the wire into the hub, which creates copies of the frame and sends it to every other system on the network. Every NIC receives the frame and checks the MAC address. If a NIC finds that a frame is addressed to it, it processes the frame (Figure 2.23); if the frame is not addressed to it, the NIC erases it.

Figure 2.23 • Reading an incoming frame

So, what happens to the data when it gets to the correct NIC? First, the receiving NIC uses the FCS to verify that the data is valid. If it is, the

BaseTech

Chapter 2: Network Models 21

receiving NIC strips off all the framing information and sends the data to the software—the network operating system—for processing. The receiv- ing NIC doesn’t care what the software does with the data; its job stops the moment it passes on the data to the software.

Any device that deals with a MAC address is part of the OSI Data Link layer, or Layer 2 of the OSI model. Let’s update the OSI model to include details about the Data Link layer (Figure 2.24).

Figure 2.24 • Layer 1 and Layer 2 are now properly applied to the network.

Note that the cabling and the hub are located in the Physical layer. The NIC is in the Data Link layer, but spans two sublayers.

The Two Aspects of NICs Consider how data moves in and out of a NIC. On one end, frames move into and out of the NIC’s network cable connection. On the other end, data moves back and forth between the NIC and the network operating system software. The many steps a NIC performs to keep this data moving—send- ing and receiving frames over the wire, creating outgoing frames, reading incoming frames, and attaching MAC addresses—are classically broken down into two distinct jobs.

The first job is called the Logical Link Control (LLC). The LLC is the aspect of the NIC that talks to the operating system, places data coming from the software into frames, and creates the CRC on each frame. The LLC is also responsible for dealing with incoming frames: processing those that are addressed to this NIC and erasing frames addressed to other machines on the network.

The second job is called the Media Access Control (MAC), and I bet you can guess what it does! That’s right—it remembers the NIC’s own MAC address and attaches MAC addresses to the frames. Recall that each frame the LLC creates must include both the sender’s and recipient’s MAC addresses. The MAC also ensures that the frames, now complete with their MAC addresses, are then sent along the network cabling. Figure 2.25 shows the Data Link layer in detail.

The CompTIA Network+ exam tests you on the details of the OSI seven-layer model, so remember that the Data Link layer is the only layer that has any sublayers.

The Data Link layer provides a service called Data Link Control (DLC). The only reason to mention this is there’s an ancient printing protocol with the same name. DLC might show up as an incorrect answer on the exam.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 22

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

Figure 2.25 • LLC and MAC, the two parts of the Data Link layer

Tech Tip

NIC and Layers Most networking materials that describe the OSI seven-layer model put NICs squarely into the Data Link layer of the model. It’s at the MAC sublayer, after all, that data gets encapsulated into a frame, destination and source MAC addresses get added to that frame, and error checking occurs. What bothers most students with placing NICs solely in the Data Link layer is the obvious other duty of the NIC—putting the ones and zeroes on the network cable. How much more physical can you get?

Many teachers will finesse this issue by defining the Physical layer in its logical sense—that it defines the rules for the ones and zeroes—and then ignore the fact that the data sent on the cable has to come from something. The first question when you hear a statement like that—at least to me—is, “What component does the sending?” It’s the NIC, of course, the only device capable of sending and receiving the physical signal.

Network cards, therefore, operate at both Layer 2 and Layer 1 of the OSI seven-layer model. If cornered to answer one or the other, however, go with the more common answer, Layer 2.

Beyond the Single Wire—Network ■■ Software and Layers 3–7

Getting data from one system to another in a simple network (defined as one in which all the computers connect to one hub) takes relatively little effort on the part of the NICs. But one problem with simple networks is that computers need to broadcast to get MAC addresses. It works for small networks, but what happens when the network gets big, like the size of the

BaseTech

Chapter 2: Network Models 23

entire Internet? Can you imagine millions of computers all broadcasting? No data could get through.

Equally important, data flows over the Internet using many technolo- gies, not just Ethernet. These technologies, such as SONET, ATM, and oth- ers, don’t know what to do with Ethernet MAC addresses. When networks get large, you can’t use the MAC addresses anymore.

Large networks need a logical addressing method, like a postal code or telephone numbering scheme, that ignores the hardware and enables you to break up the entire large network into smaller networks called subnets. Figure 2.26 shows two ways to set up a network. On the left, all the com- puters connect to a single hub. On the right, however, the LAN is separated into two five-computer subnets.

Figure 2.26 • Large LAN complete (left) and broken up into two subnets (right)

To move past the physical MAC addresses and start using logical addressing requires some special software called a network protocol. Net- work protocols exist in every operating system. A network protocol not only has to create unique identifiers for each system, but also must create a set of communication rules for issues like how to handle data chopped up into multiple packets and how to ensure those packets get from one subnet to another. Let’s take a moment to learn a bit about the most famous network protocol—TCP/IP—and its unique universal addressing system.

To be accurate, TCP/IP is really several network protocols designed to work together—but two protocols, TCP and IP, do so much work that the folks who invented all these protocols named the whole thing TCP/IP. TCP stands for Transmission Control Protocol, and IP stands for Internet Protocol. IP is the network protocol I need to discuss first; rest assured, however, I’ll cover TCP in plenty of detail later.

MAC addresses are also known as physical addresses.

TCP/IP dominates the networking universe. Almost every network in existence uses TCP/IP. Because it is more specific, a simpler model called the TCP/IP model was created to describe it. You’ll learn all about this model later in the chapter.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 24

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

IP—Playing on Layer 3, the Network Layer At the Network layer, Layer 3, packets get created and addressed so they can go from one network to another. The Internet Protocol is the primary logical addressing protocol for TCP/IP. IP makes sure that a piece of data gets to where it needs to go on the network. It does this by giving each device on the network a unique numeric identifier called an IP address. An IP address is known as a logical address to distinguish it from the physical address, the MAC address of the NIC.

Every network protocol uses some type of naming convention, but no two protocols use the same convention. IP uses a rather unique dotted decimal notation (sometimes referred to as a dotted-octet numbering sys- tem) based on four 8-bit numbers. Each 8-bit number ranges from 0 to 255, and the four numbers are separated by periods. (If you don’t see how 8-bit numbers can range from 0 to 255, don’t worry—by the end of this book, you’ll understand these naming conventions in more detail than you ever believed possible!) A typical IP address might look like this:

192.168.4.232

No two systems on the same network share the same IP address; if two machines accidentally receive the same address, they won’t be able to send or receive data. These IP addresses don’t just magically appear—they must be configured by the end user (or the network administrator).

Take a look at Figure 2.26. What makes logical addressing powerful is the magic box—called a router—that connects each of the subnets. Routers use the IP address, not the MAC address, to forward data. This enables networks to connect across data lines that don’t use Ethernet, like the tele- phone network. Each network type (such as Ethernet, SONET, ATM, and others that we’ll discuss later in the book) uses a unique frame. Figure 2.27 shows a typical router.

Figure 2.27 • Typical small router

Try to avoid using redundant expressions. Even though many techs will say “IP protocol,” for example, you know that “IP” stands for “Internet Protocol.” It wouldn’t be right to say “Internet Protocol protocol” in English, so it doesn’t work in network speak either.

BaseTech

Chapter 2: Network Models 25

What’s important here is for you to appreciate that in a TCP/IP net- work, each system has two unique identifiers: the MAC address and the IP address. The MAC address (the physical address) is literally burned into the chips on the NIC, whereas the IP address (the logical address) is simply stored in the system’s software. MAC addresses come with the NIC, so you don’t configure MAC addresses, whereas you must configure IP addresses using software. Figure 2.28 shows the MHTechEd network diagram again; this time with the MAC and IP addresses displayed for each system.

Figure 2.28 • MHTechEd addressing

Packets Within Frames For a TCP/IP network to send data successfully, the data must be wrapped up in two distinct containers. A frame of some type enables the data to move from one device to another. Inside that frame is both an IP-specific container that enables routers to determine where to send data—regardless of the physical connection type—and the data itself. In TCP/IP, that inner container is called a packet.

Figure 2.29 shows a typical IP packet; notice the similarity to the frames you saw earlier.

Destination IP address

Source IP address

Data

Figure 2.29 • IP packet

This is a highly simplified IP packet. I am not including lots of little parts of the IP packet in this diagram because they are not important to what you need to understand right now—but don’t worry, you’ll see them later in the book!

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 26

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

But IP packets don’t leave their PC home without any clothes on! Each IP packet is handed to the NIC, which then encloses the IP packet in a regular frame, creating, in essence, a packet within a frame. I like to visualize the packet as an envelope, with the envelope in the pneu- matic canister frame (Figure 2.30). A more conventional drawing would look like Figure 2.31.

When you send data from one com- puter to another on a TCP/IP network such as the Internet, that data can go through many routers before it reaches its destination. Each router strips off the incoming frame, determines where to send the data according to the IP address in the packet, creates a new frame, and then sends the packet within a frame on its merry way. The new frame type will be the appropriate technology for what- ever connection technology connects to the next router. That could be a cable or DSL network connection, for example (Figure 2.32). The IP packet, on the other hand, remains unchanged.

Once the packet reaches the destination subnet’s router, that router will strip off the incoming frame—no matter what type—look at the destination IP address, and then add a frame with the appropriate destination MAC address that matches the destination IP address.

Frame Header

Packet Header FCS

Data

Packet

Frame

Figure 2.31 • IP packet in a frame

Keep in mind that not all networks are Ethernet networks. Ethernet may dominate, but IP packets fit in all sorts of other connectivity options. For example, cable modems use a type of frame called DOCSIS. T1 lines use a frame called DS1. The beauty of IP packets is that they can travel unchanged in each of these and many others. For more about these technologies, check out Chapter 14.

Figure 2.30 • IP packet in a frame (as a canister)

Frame stripped

Incoming frame

New frame added

New frame out

Figure 2.32 • Router removing network frame and adding one for the outgoing connection

BaseTech

Chapter 2: Network Models 27

The receiving NIC strips away the Ethernet frame and passes the remaining packet off to the software. The networking software built into your operating system handles all the rest of the work. The NIC’s driver software is the interconnection between the hardware and the software. The NIC driver knows how to communicate with the NIC to send and receive frames, but it can’t do anything with the packet. Instead, the NIC driver hands the packet off to other programs that know how to deal with all the separate packets and turn them into Web pages, e-mail messages, files, and so forth.

The Network layer (Layer 3) is the last layer that deals directly with hardware. All the other layers of the OSI seven-layer model work strictly within software.

Assembly and Disassembly—Layer 4, the Transport Layer Because most chunks of data are much larger than a single packet, they must be chopped up before they can be sent across a network. When a serv- ing computer receives a request for some data, it must be able to chop the requested data into chunks that will fit into a packet (and eventually into the NIC’s frame), organize the packets for the benefit of the receiving sys- tem, and hand them to the NIC for sending. The receiving system must be able to recognize a series of incoming packets as one data transmission, reassemble the packets correctly based on information included in the packets by the sending system, and verify that all the packets for that piece of data arrived in good shape.

This part is relatively simple—the transport protocol breaks up the data into packets and gives each packet some type of sequence number. I like to compare this process to the one that my favorite international shipping company uses. I receive boxes from UPS almost every day; in fact, some days I receive many, many boxes from UPS. To make sure I get all the boxes for one shipment, UPS puts a numbering system, like the one shown in Figure 2.33, on the label of each box. A computer sending data on a network does the same thing. Embedded into the data of each packet is a sequencing number. By reading the sequencing numbers, the receiving system knows both the total number of packets and how to put them back together.

Figure 2.33 • Labeling the boxes

I’m using the term “packets” here to refer to a generic container. Because the OSI model can be applied to many different network protocols, the terminology for this container changes. Almost all protocols split up data at the Transport layer and add sequencing numbers so the receiving computer can put them together in logical order. What happens at that point depends on the protocol suite. In TCP/IP, for example, the precisely named IP packet is created at the Network layer and other container types are created at the Transport layer.

I’ll go into a lot more detail on this in the TCP/IP model section later in this book. That model, rather than the OSI model, makes more sense for TCP/IP network descriptions.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 28

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

The MHTechEd network just keeps getting more and more complex, doesn’t it? And the Word document still hasn’t been copied, has it? Don’t worry; you’re almost there—just a few more pieces to go!

Layer 4, the Transport layer of the OSI seven-layer model, has a big job: it’s the assembler/disassembler software. As part of its job, the Transport layer also initializes requests for packets that weren’t received in good order (Figure 2.34).

Figure 2.34 • OSI updated

Talking on a Network—Layer 5, the Session Layer

Now that you understand that the system uses software to assemble and disassemble data packets, what’s next? In a network, any one system may be talking to many other systems at any given moment. For example, Janelle’s PC has a printer used by all the MHTechEd systems, so there’s a better than average chance that, as Dana tries to access the Word document, another sys- tem will be sending a print job to Janelle’s PC (Figure 2.35).

Janelle’s system must direct these incoming files, print jobs, Web pages, and so on, to the right pro- grams (Figure 2.36). Additionally, the operating system must enable one system to make a connection to another system to verify that the other system can handle whatever

A lot of things happen on a TCP/IP network at the Transport layer. I’m simplifying here because the TCP/IP model does a way better job explaining each thing than does the OSI model.

Figure 2.35 • Handling multiple inputs

BaseTech

Chapter 2: Network Models 29

operation the initiating system wants to perform. If Bill’s system wants to send a print job to Janelle’s printer, it first contacts Janelle’s system to ensure that it is ready to handle the print job. The session software handles this part of networking, connecting applications to applications.

Figure 2.36 • Each request becomes a session.

Layer 5, the Session layer of the OSI seven-layer model, handles all the sessions for a system (Figure 2.37). The Session layer initiates sessions, accepts incoming sessions, and opens and closes existing sessions. The Session layer also keeps track of computer naming conventions, such as calling your computer SYSTEM01 or some other type of name that makes more sense than an IP or MAC address.

Figure 2.37 • OSI updated

Try This! See Your Sessions

How many sessions does a typical system have run- ning at one time? Well, if you have a TCP/IP network (and who doesn’t these days), you can run the netstat program from a command prompt to see all of them. Open a com- mand prompt and type the following:

netstat -a

Then press the enter key to see your sessions. Don’t worry about trying to inter- pret what you see—Chapter 9 covers netstat in detail. For now, simply appreciate that each line in the netstat output is a session. Count them!

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 30

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

Standardized Formats, or Why Layer 6, Presentation, Has No Friends One of the most powerful aspects of a network lies in the fact that it works with (almost) any operating system. Today’s networks easily connect, for

example, a Macintosh system to a Windows PC, despite the fact that these different operating sys- tems use different formats for many types of data. Different data formats used to drive us crazy back in the days before word processors (like Micro- soft Word) could import or export a thousand other word processor formats (Figure 2.38).

This issue motivated folks to create stan- dardized formats that anyone—at least with the right program—could read from any type of computer. Specialized file formats, such as Adobe’s popular Portable Document Format (PDF) for documents and PostScript for print- ing, provide standard formats that any system, regardless of operating system, can read, write, and edit ( Figure 2.39).

Figure 2.39 • Everyone recognizes PDF files!

Layer 6, the Presentation layer of the OSI seven-layer model, handles the conversion of data into formats that are readable by the system. Of all the OSI layers, the high level of file format standardization has made the Presentation layer the least important and least used (Figure 2.40).

Figure 2.38 • Different data formats were often unreadable between systems.

Tech Tip

Acrobat as Open Standard Adobe released the PDF standard to ISO in 2007 and PDF became the ISO 32000 open standard. Adobe Reader remains the premier application for reading PDF documents. Note that Adobe seems to be phasing out the Acrobat branding of PDF documents, but many techs still call PDF “Adobe Acrobat format.”

BaseTech

Chapter 2: Network Models 31

Figure 2.40 • OSI updated

Network Applications—Layer 7, the Application Layer The last and most visible part of any network is the software applications that use it. If you want to copy a file residing on another system in your net- work, you need an application like Network in Windows 7 (or My Network Places in earlier versions of Windows) that enables you to access files on remote systems. If you want to view Web pages, you need a Web browser like Internet Explorer or Mozilla Firefox. The people who use a network experience it through an application. A user who knows nothing about all the other parts of a network may still know how to open an e-mail applica- tion to retrieve mail (Figure 2.41).

Figure 2.41 • Network applications at work

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 32

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

Applications may include a number of additional functions, such as encryption, user authentication, and tools to control the look of the data. But these functions are specific to the given applications. In other words, if you want to put a password on your Word document, you must use the password functions in Word to do so.

The Application layer is Layer 7 in the OSI seven-layer model. Keep in mind that the Application layer doesn’t refer to the applications themselves. It refers to the code built into all operating systems that enables network- aware applications. All operating systems have Application Programming Interfaces (APIs) that programmers can use to make their programs network aware (Figure 2.42). An API, in general, provides a standard way for pro- grammers to enhance or extend an application’s capabilities.

Figure 2.42 • OSI updated

The TCP/IP Model■■ The OSI model was developed as a reaction to a world of hundreds, if not thousands, of different protocols made by different manufacturers that needed to play together. The ISO declared the OSI seven-layer model as the tool for manufacturers of networking equipment to find common ground between multiple protocols, enabling them to create standards for interop- erability of networking software and hardware.

The OSI model is extremely popular and very well-known to all net- working techs. Today’s world, however, is a TCP/IP world. The complexity of the OSI model doesn’t make sense in a world with one protocol suite. Given its dominance, the aptly named TCP/IP model shares equal popular- ity with the venerable OSI model.

The TCP/IP model consists of four layers:

Application ■

Transport ■

BaseTech

Chapter 2: Network Models 33

Internet ■

Link/Network Interface ■

It’s important to appreciate that the TCP/IP model doesn’t have a standards body to define the layers. Because of this, there are a surprising number of variations on the TCP/IP model.

A great example of this lack of standardization is the Link layer. Without a standardizing body, we can’t even agree on the name. While “Link layer” is extremely common, the term “Network Interface layer” is equally popular. A good tech knows both of these terms and understands that they are interchangeable. Notice also that, unlike the OSI model, the TCP/IP model does not identify each layer with a number.

CompTIA has chosen one popular version of the TCP/IP model for the CompTIA Network+ competencies and exam. That’s the version you’ll learn right here. It’s concise, having only four layers, and many important companies, like Cisco and Microsoft, use it, although with a few varia- tions in names as just described. The TCP/IP model gives each protocol in the TCP/IP protocol suite a clear home in one of the four layers.

The clarity of the TCP/IP model shows the flaws in the OSI model. The OSI model couldn’t perfectly describe all the TCP/IP protocols. In fact, the OSI model couldn’t perfectly describe any of the now defunct alternative protocols, such as IPX/SPX and NetBIOS/NetBEUI. Network nerds have gotten into fistfights over a particular protocol’s exact location in the OSI model.

The TCP/IP model fixes this ambiguity, at least for TCP/IP. Because of its tight protocol-to-layer integration, the TCP/IP model is a descriptive model, whereas the OSI seven-layer model is a prescriptive model.

The Link Layer The TCP/IP model lumps together the OSI model’s Layer 1 and Layer 2 into a single layer called the Link layer (or Network Interface layer), as seen in Figure 2.43. It’s not that the Physical and Data Link layers are unimportant to TCP/IP, but the TCP/ IP protocol suite really begins at Layer 3 of the OSI model. In essence, TCP/IP techs count on other techs to handle the physical connections in their networks. All of the pieces that you learned in the OSI model (cabling, hubs, physical addresses, and NICs) sit squarely in the Link layer.

A nice way to separate layers in the TCP/IP model is to think about packets and frames. Any part of the network that deals with complete frames is in the Link layer. The moment the frame information is stripped away from an IP packet, we move out of the Link layer and into the Internet layer.

Transport

Internet

Link

Transport

Session

Presentation Application

Application

Network

Data Link

Physical

Figure 2.43 • TCP/IP Link layer compared to OSI Layers 1 and 2

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 34

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

The Internet Layer The Internet layer should really be called the “IP packet” layer (Figure 2.44). Any device or protocol that deals with pure IP packets—getting an IP packet to its destination—sits in the Internet layer. IP addressing itself is also part of the Internet layer, as are routers and the magic they perform to get IP packets to the next router. IP packets are created at this layer.

The Internet layer doesn’t care about the type of data an IP packet carries, nor does it care whether the data gets there in good order or not. Those jobs are for the next layer: the Transport layer.

The Transport Layer The Transport layer combines features of the OSI Transport and Session layers with a dash of Appli- cation layer just for flavor (Figure 2.45). While the TCP/IP model is certainly involved with the assem- bly and disassembly of data, it also defines other functions, such as connection-oriented and connec- tionless communication.

Connection-Oriented vs. Connectionless Communication Some protocols, like the popular Post Office Protocol (POP) used for sending e-mail messages, require that the e-mail client and server verify that they have a good connection before a message is sent (Figure 2.46). This makes sense because you don’t want your e-mail message to be a corrupted mess when it arrives.

Figure 2.46 • Connection between e-mail client and server

Application

Transport

Link

Internet

Session

Transport

Application

Presentation

Data Link

Physical

Network

Figure 2.44 • TCP/IP Internet layer compared to OSI Layer 3

Transport

Session

Application

Link

Transport

Application

Presentation

Data Link

Physical

Network Internet

Figure 2.45 • TCP/IP Transport layer compared to OSI Layers 4, 5, and part of 7

BaseTech

Chapter 2: Network Models 35

Alternatively, a number of TCP/IP protocols simply send data without first waiting to verify that the receiving system is ready (Figure 2.47). When using Voice over IP (VoIP), for example, the call is made without verifying first whether another device is there.

Figure 2.47 • Connectionless communication

The connection-oriented protocol is called Transmission Control Protocol (TCP). The connectionless protocol is called User Datagram Protocol (UDP).

Everything you can do on the Internet, from Web browsing to Skype phone calls to playing World of Warcraft, is predetermined to be either connection-oriented or connectionless. It’s simply a matter of knowing your applications.

Segments Within Packets To see the Transport layer in action, strip away the IP addresses from an IP packet. What’s left is a chunk of data in yet another container called a TCP segment. TCP segments have many other fields that ensure the data gets to its destination in good order. These fields have names such as Checksum, Flags, and Acknowledgement. Chapter 7 goes into more detail on TCP seg- ments, but, for now, just know that TCP segments have fields that ensure the connection-oriented communication works properly. Figure 2.48 shows a typical (although simplified) TCP segment.

Destination port

Source port

Sequence number

Checksum Flags Acknowledgement Data

Figure 2.48 • TCP segment

Data comes from the Application layer applications. The Transport layer breaks that data into chunks, adding port numbers and sequence numbers, creating the TCP segment. The Transport layer then hands the TCP segment to the Internet layer that, in turn, creates the IP packet.

Most traffic on a TCP/IP network uses TCP at the Transport layer, but like Yoda said, “There is another,” and that’s UDP. UDP also gets data from

Chapter 7 covers TCP, UDP, and all sorts of other protocols in detail.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 36

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

the Application layer programs and adds port and sequencing numbers to create a container called a UDP datagram. A UDP datagram lacks most of the extra fields found in TCP segments, simply because UDP doesn’t care if the receiving computer gets its data. Figure 2.49 shows a UDP datagram.

Destination port

Source port

Sequence number

Checksum Data

Figure 2.49 • UDP datagram

The Application Layer The TCP/IP Application layer combines features of the top three layers of the OSI model (Figure 2.50). Every application, especially connection- oriented applications, must know how to initiate, control, and disconnect from a remote system. No single method exists for doing this. Each TCP/IP application uses its own method.

Transport

Internet

Link

Transport

Session

Presentation Application

Application

Network

Data Link

Physical

Figure 2.50 • TCP/IP Application layer compared to OSI layers 5–7

TCP/IP uses a unique port numbering system that gives each applica- tion a unique number between 1 and 65535. Some of these port numbers are very famous. The protocol that makes Web pages work, HTTP, uses port 80, for example.

Although we can say that the OSI model’s Presentation layer fits inside the TCP/IP model’s Application layer, no application requires any particu- lar form of presentation as seen in the OSI model. Standard formats are part and parcel with TCP/IP protocols. For example, all e-mail messages use an extremely strict format called MIME. All e-mail servers and clients read MIME without exception.

BaseTech

Chapter 2: Network Models 37

In the OSI model, we describe the API—the smarts that make applica- tions network-aware—as being part of the Application layer. While this is still true for the TCP/IP model, all applications designed for TCP/IP are, by definition, network-aware. There is no such thing as a “TCP/IP word pro- cessor” or a “TCP/IP image editor” that requires the added ability to know how to talk to a network—all TCP/IP applications can talk to the network, as long as they are part of a network. And every TCP/IP application must be a part of a network to function: Web browsers, e-mail clients, multiplayer games, and so on.

Don’t think that the TCP/IP model is any simpler than the OSI model just because it only uses four layers. With the arguable exception of the Pre- sentation layer, everything you saw in the OSI model is also found in the TCP/IP model (Figure 2.51).

Transport

Internet

Link

Transport

Session

Presentation Application

Application

Network

Data Link

Physical

I work at the Application layer.

And, not surprisingly, the other Application

layer.

I work on both of the Transport layers.

Figure 2.51 • OSI model and TCP/IP model side by side

Frames, Packets, and Segments, Oh My! The TCP/IP model shows its power in its ability to describe what happens at each layer to the data that goes from one computer to another. The Application layer programs create the data. The Transport layer breaks the data into chunks, putting those chunks into TCP segments or UDP datagrams. The Internet layer adds the IP addressing and creates the IP packets. The Link layer wraps the IP packet into a frame, with the MAC address information and a frame check sequence (FCS). Now the data is ready to hit the wire (or airwaves, if you’re in a café). Figure 2-52 shows all this encapsulating goodness relative to the TCP/IP model.

Application data

Segment/ datagram

Packet

FrameIP Packet

Segment

Header Data

Data

Header

Header

Figure 2.52 • Data encapsulation in TCP/IP

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 38

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

For the exam, remember at what layer each encapsulation happens. Table 2.1 shows the layers and the corresponding data structure.

Table 2.1 TCP/IP Model Layers and Corresponding Data Structures TCP/IP Model Layer Data Structure

Link Frame

Internet IP packet

Transport TCP segment/UDP datagram Application (The data starts and ends here)

The Tech’s Troubleshooting Tool The OSI seven-layer model and TCP/IP model provide you with a way to conceptualize a network to determine what could cause a specific prob- lem when the inevitable problems occur. Good techs always use a model to troubleshoot their networks.

If Jane can’t print to the networked printer, for example, a model can help solve the problem. If her NIC shows activity, then, using the OSI model, you can set aside both the Physical layer (Layer 1) and Data Link layer (Layer 2). If you’re a TCP/IP model tech, you can look at the same symptoms and eliminate the Link layer. In either case, you’ll find yourself moving up the layer ladder to the OSI model’s Network layer (Layer 3) or the TCP/IP model’s Internet layer. If her computer has a proper IP address, then you can set that layer aside too, and you can move on up to check other layers to solve the problem.

Understanding both the OSI and TCP/IP models is important. Sure, they’re on the CompTIA Network+ exam, but more importantly, they are your primary diagnostic tool for troubleshooting networks and a commu- nication tool for talking to your fellow techs.

BaseTech

39 Chapter 2: Network Models

Chapter 2 Review■■

Chapter Summary ■

After reading this chapter and completing the exercises, you should understand the following about networking.

Describe how models such as the OSI seven-layer model and the TCP/IP model help technicians understand and troubleshoot networks

Modeling is critical to the networking world. You ■ use models to understand and communicate with other techs about networks.

All models are a simplified representation of the ■ real thing. The human model ignores the many different types of body shapes, using only a single “optimal” figure. The model airplane lacks functional engines or the internal framework, and the computerized weather model might disregard subtle differences in wind temperatures or geology.

In the early days of networking, different ■ manufacturers made unique types of networks that functioned fairly well. But each network had its own cabling, hardware, drivers, naming conventions, applications, and many other unique features. To interconnect networks and improve networking as a whole, someone needed to create a guide—a model that described the functions of a network—so people who made hardware and software could work together to make networks that worked together well.

The OSI seven-layer model defines the role played ■ by each protocol. The OSI model also provides a common jargon that network techs can use to describe the function of any network protocol.

The TCP/IP four-layer model applies only to ■ networks that use the TCP/IP protocol suite, such as the Internet.

Explain the major functions of networks with the OSI seven-layer model.

OSI Layer 1, the Physical layer, includes anything ■ that moves data from one system to another, such as cabling or radio waves.

OSI Layer 2, the Data Link layer, defines the rules ■ for accessing and using the Physical layer. The

Data Link layer is divided into two sublayers: Media Access Control (MAC) and Logical Link Control (LLC).

The MAC sublayer controls access to the Physical ■ layer, or shared media. It encapsulates (creates the frames for) data sent from the system, adding source and destination MAC addresses and error-checking information; it also decapsulates (removes the MAC addresses and CRC from) data received by the system.

The LLC sublayer provides an interface with ■ the Network layer protocols. It is responsible for the ordered delivery of frames, including retransmission of missing or corrupt packets, and for flow control (moderating data flow so one system doesn’t overwhelm the other). Any device that deals with a MAC address is part of the Data Link layer.

OSI Layer 3, the Network layer, is the last layer to ■ work directly with hardware. It adds the unique identifiers (such as IP addresses) to the packets that enable routers to make sure the packets get to the correct system without worrying about the type of hardware used for transmission. Anything having to do with logical addressing works at the Network layer.

A network protocol creates unique identifiers ■ for each system and also creates a set of communication rules for issues such as how to handle data chopped up into multiple packets and how to make sure those packets get from one subnet to another.

OSI Layer 4, the Transport layer, breaks up data ■ received from the upper layers into smaller pieces for transport and adds sequencing numbers to make sure the receiving computer can reassemble the data properly.

Session software at OSI Layer 5 handles the ■ process of differentiating between various types of connections on a PC. The Session layer initiates sessions, accepts incoming sessions, and opens and closes existing sessions. You can use the netstat program to view existing sessions.

40 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 2

OSI Layer 6, the Presentation layer, presents ■ data from the sending system in a form that the applications on the receiving system can understand. Standardized data formats, such as PDF, enable computers running on different platforms to share data across a network; the result is that the Presentation layer is the least important and least used of the seven layers.

OSI Layer 7, the Application layer, defines a set of ■ tools that programs can use to access the network. Application layer programs provide services to the programs that the users see.

Describe the major functions of networks with the TCP/IP model

The TCP/IP Link layer (or Network Interface ■ layer) covers the first two layers of the OSI model—the physical components like hubs and cables as well as network frames.

The TCP/IP Internet layer works just like the OSI ■ model’s Network layer. Anything involved with IP, including packets, addressing, and routing, happens at this layer.

The TCP/IP Transport layer is similar to the OSI ■ model’s Transport layer, except that the TCP/ IP version differentiates between connection- oriented communication and connectionless communication.

In TCP/IP, the Transport layer takes data from ■ the applications, splits the data into chunks called TCP segments or UDP datagrams, depending on the protocol used, and adds port and sequence numbers. The segments and datagrams get handed down to the Internet layer for IP to further encapsulate the data.

The TCP/IP Application layer combines the top ■ three layers of the OSI model into one super layer. The session component works similarly to the OSI model’s Session layer. There is no presentation component that compares to the OSI model’s Presentation layer, however. The TCP/IP Application layer is like the OSI model’s version, except that TCP/IP connectivity is implied and not a separate program or function.

Key Terms ■

Application layer (32) broadcast address (18) cyclic redundancy check (CRC) (17) Data Link layer (21) device ID (15) frame (16) frame check sequence (FCS) (17) hub (13) Internet layer (34) Internet Protocol (23, 24) IP address (24) Link layer (33) logical address (24) Logical Link Control (LLC) (21) MAC address (15) Media Access Control (MAC) (21) network interface card (14) Network Interface layer (33) Network layer, Layer 3 (24) network protocol (23)

NIC (14) Open Systems Interconnection (OSI) seven-layer

model (8) organizationally unique identifier (OUI) (15) packet (25) physical address (15) Physical layer (14) Presentation layer (30) protocols (11) router (24) Session layer (29) session software (29) subnets (23) TCP segment (35) Transmission Control Protocol (TCP) (23) Transmission Control Protocol/Internet Protocol

(TCP/IP) model (8) Transport layer (28) UDP datagram (36) unshielded twisted pair (UTP) (13) User Datagram Protocol (UDP) (35)

BaseTech

41 Chapter 2: Network Models

Key Term Quiz ■

Use the Key Terms list to complete the sentences that follow. Not all terms will be used.

The _______________ is an example of software 1. that creates packets for moving data across networks.

Most often, the _______________ provides the 2. physical connection between the PC and the network.

Using the _______________ enables a computer 3. to send a packet that every other PC on the network will process.

You can connect two very different networks by 4. using a(n) _______________.

Every NIC has a hard-coded identifier called a(n) 5. _______________.

The _______________ provides an excellent tool 6. for conceptualizing how a TCP/IP network works. (Select the best answer.)

On a sending machine, data gets broken up 7. at the _______________ of the OSI seven-layer model.

NICs encapsulate data into a(n) _______________ 8. for sending that data over a network.

A(n) _______________ enables multiple machines 9. to connect over a network.

The _______________ provides the key interface 10. between the Physical and Network layers.

Multiple-Choice Quiz ■

Which of the following OSI layers converts the 1. ones and zeroes to electrical signals and places these signals on the cable?

Physical layerA.

Transport layerB.

Network layerC.

Data Link layerD.

The term “unshielded twisted pair” describes 2. which of the following network components?

CableA.

HubB.

RouterC.

NICD.

From the options that follow, select the one 3. that best describes the contents of a typical (simplified) network frame.

Sender’s MAC address, recipient’s MAC A. address, data, FCS

Recipient’s MAC address, sender’s MAC B. address, data, FCS

Recipient’s IP address, sender’s IP address, C. data, FCS

Recipient’s e-mail address, sender’s e-mail D. address, data, FCS

Which of the following is most likely to be a 4. MAC address assigned to a NIC?

192.168.1.121A.

24.17.232.7BB.

23.4F.17.8A.4C.10C.

713.555.1212D.

Which layer of the TCP/IP model involves 5. routing?

Link layerA.

Transport layerB.

Internet layerC.

Application layerD.

How much data can a typical frame contain?6.

500 bytesA.

1500 bytesB.

1500 kilobytesC.

1 megabyteD.

42 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 2

Which of the following best describes an IP 7. address?

A unique dotted decimal notation burned A. into every NIC

A unique 48-bit identifying number burned B. into every NIC

A dotted decimal notation assigned to a NIC C. by software

A 48-bit identifying number assigned to a D. NIC by software

Which layer of the OSI model makes sure the 8. data is in a readable format for the Application layer?

Application layerA.

Presentation layerB.

Session layerC.

Transport layerD.

At which layer of the TCP/IP model are UDP 9. datagrams created?

Link/Network InterfaceA.

InternetB.

TransportC.

ApplicationD.

Which protocol creates the final IP packet?10.

NICA.

IPB.

TCPC.

UDPD.

Which TCP/IP layer includes Layers 5–7 from 11. the OSI seven-layer model?

Application layerA.

Transport layerB.

Internet layerC.

Link layerD.

What component of Layer 2 of the OSI seven-12. layer model is responsible for the ordered delivery of frames, including retransmission of missing or corrupt packets?

MAC sublayerA.

LLC sublayerB.

CRC sublayerC.

Data Link sublayerD.

Which components work at Layer 1 of the OSI 13. seven-layer model? (Select two.)

CablesA.

HubB.

Network protocolC.

Session softwareD.

Andalyn says complete 48-bit MAC addresses 14. are allocated to NIC manufacturers from the IEEE. Buster says the IEEE only assigns the first 24 bits to manufacturers. Carlos says the IEEE assigns only the last 24 bits to manufacturers. Who is correct?

Only Andalyn is correct.A.

Only Buster is correct.B.

Only Carlos is correct.C.

No one is correct.D.

If a sending system does not know the MAC 15. address of the intended recipient system, it sends a broadcast frame with what MAC address?

192.168.0.0A.

FF-FF-FF-FF-FF-FFB.

11-11-11-11-11-11C.

00-00-00-00-00-00D.

Essay Quiz ■ Some new techs at your office are confused by 1. the differences between a NIC’s frame and an IP packet. Write a short essay describing the two encapsulations, including the components that do the encapsulating.

Your boss has received a set of files with the file 2. extension .WP and is worried because he’s never seen that extension before. He wants people to have access to the information in those files from anywhere in the network. Write a short memo describing how Microsoft Word can handle these files, including a discussion of how that fits with the OSI seven-layer model.

BaseTech

43 Chapter 2: Network Models

Lab Projects

Lab Project 2.1 •

Examine your classroom network. What components does it have? How would you classify those components according to the OSI seven-layer model?

Lab Projects

Lab Project 2.2 •

Create a mnemonic phrase to help you remember the OSI seven-layer model. With two layers beginning with the letter P, how will you differentiate in your mnemonic between Presentation and Physical? How will you incorporate the two sublayers of the Data Link layer?

44

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3

3 chapter Cabling and Topology

“It’s from someone who says

she’s a fan of my work on low-

dimensional topology. And she’s

a fan of my . . . hair.”

—Charlie eppes, Numb3rs

In this chapter, you will learn how to

Explain the different types of ■■ network topologies

Describe the different types of ■■ network cabling

Describe the IEEE networking ■■ standards

Every network must provide some method to get data from one system to another. In most cases, this method consists of some type of cabling (usually copper or fiber-optic) running between systems, although many

networks skip wires and use wireless methods to move data. Stringing those

cables brings up a number of critical issues you need to understand to work on a

network. How do all these cables connect the computers? Does every computer

on the network run a cable to a central point? Does a single cable snake through

the ceiling, with all the computers on the network connected to it? These

questions need answering! Furthermore, manufacturers need standards so they

can make networking equipment that works well together. While we’re talking

about standards, what about the cabling itself? What type of cable? What

quality of copper? How thick should it be? Who defines the standards for cables

so they all work in the network?

This chapter answers these questions in three parts. First, you will learn

about network topology—the way that cables and other pieces of hardware

connect to one another. Second, you will tour the most common standardized

cable types used in networking. Third, you will discover the IEEE committees

that create network technology standards.

BaseTech

Chapter 3: Cabling and Topology 45

Test Specific

Topology■■ Computer networks employ many different topologies, or ways of connect- ing computers together. This section looks at both the historical topologies— bus, ring, and star—and the modern topologies—hybrid, mesh, point-to- multipoint, and point-to-point.

Bus and Ring The first generation of wired networks used one of two topologies, both shown in Figure 3.1. A bus topology uses a single cable that con- nects all of the computers in a line. A ring topology connects all computers on the network with a ring of cable.

Note that topologies are diagrams, much like an electrical circuit diagram. Real network cabling doesn’t go in perfect circles or perfect straight lines. Figure 3.2 shows a bus topology network that illustrates how the cable might appear in the real world.

Data flows differently between bus and ring networks, creating different problems and solutions. In bus topol- ogy networks, data from each computer simply goes out on the whole bus. A network using a bus topology needs termination at each end of the cable to prevent a signal sent from one com- puter from reflecting at the ends of the cable, quickly bringing the network down (Figure 3.3).

Figure 3.1 • Bus and ring topologies

Figure 3.2 • Real-world bus topology

Figure 3.3 • Terminated bus topology

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 46

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3

In a ring topology network, in contrast, data traffic moves in a circle from one computer to the next in the same direction (Figure 3.4). With no end to the cable, ring networks require no termination.

Bus and ring topology networks work well but suffer from the same problem: the entire network stops working if the cable breaks at any point. The broken ends on a bus topology network aren’t terminated, causing reflection between computers that are still connected. A break in a ring topology network simply breaks the circuit, stopping the data flow ( Figure 3.5).

Figure 3.4 • Ring topology moving in a certain direction Figure 3.5 • Nobody is talking!

Star The star topology uses a central connection box for all the computers on the network (Figure 3.6). Star topol- ogy has a huge benefit over ring and bus topologies by offering fault tolerance—if one of the cables breaks, all of the other computers can still communicate. Bus and ring topology networks were popular and inex- pensive to implement, however, so the old-style star topology networks weren’t very successful. Network hardware designers couldn’t easily redesign their existing networks to use a star topology.

Figure 3.6 • Star topology

BaseTech

Chapter 3: Cabling and Topology 47

Hybrids Even though network designers couldn’t easily use a star topology, the benefits of star topologies were overwhelming, motivating smart people to come up with a way to use star topologies without requiring a major redesign—and the way they did so was ingenious. The ring topology net- work designers struck first by taking the entire ring and shrinking it into a small box, as shown in Figure 3.7.

This was quickly followed by the bus topology folks who, in turn, shrunk their bus (better known as the segment) into their own box ( Figure 3.8).

Figure 3.7 • Shrinking the ring

The most successful of the star ring topology networks was called Token Ring, manufactured by IBM.

Figure 3.8 • Shrinking the segment

Physically, they looked like a star, but if you examined it as an electronic schematic, the signals acted like a ring or a bus. Clearly the old definition of topology needed a little clarification. When we talk about topology today, we separate how the cables physically look (the physical topology) from how the signals travel electronically (the signaling topology or logical topology).

Any form of networking technology that combines a physical topology with a signaling topology is called a hybrid topology. Hybrid topologies have come and gone since the earliest days of networking. Only two hybrid topologies, star-ring topology and star-bus topology, ever saw any amount of popularity. Eventually star-ring lost market share, and star-bus reigned as the undisputed king of topologies.

Mesh and Point-to-Multipoint Topologies aren’t just for wired networks. Wireless networks also need topologies to get data from one machine to another, but using radio waves instead of cables involves somewhat different topologies. Almost all wire- less networks use one of two different topologies: a mesh topology or a point-to-multipoint topology (Figure 3.9).

Most techs refer to the signaling topology as the logical topology today. That’s how you’ll see it on the CompTIA Network+ exam as well.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 48

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 3

Figure 3.9 • Mesh and point-to-multipoint topologies

Mesh In a mesh topology network, every computer connects to every other com- puter via two or more routes. Some of the routes between two computers may require traversing through another member of the mesh network.

There are two types of meshed topologies: partially meshed and fully meshed (Figure 3.10). In a partially meshed topology network, at least two machines have redundant connections. Every machine doesn’t have to con- nect to every other machine. In a fully meshed topology network, every com- puter connects directly to every other computer.

Figure 3.10 • Partially and fully meshed topologies

If you’re looking at Figure 3.10 and thinking that a mesh topology looks amazingly resilient and robust, it is—at least on paper. Because every

BaseTech

Chapter 3: Cabling and Topology 49

computer connects to every other computer on the fully meshed network, even if half the PCs crash, the network still functions as well as ever (for the survivors). In a practical sense, however, implementing a fully meshed topology for a wired network would be an expensive mess. Even a tiny fully meshed network with 10 PCs, for example, would need 45 separate and distinct pieces of cable to connect every PC to every other PC. What a mesh mess! Because of this, mesh topologies have never been practical for a wired network.

Make sure you know the formula to calculate the number of connec- tions needed to create a fully meshed network, given a certain number of computers. Here’s the formula:

y = number of computers

Number of connections = y(y – 1)/2

So, if you have six computers, you need 6(6 – 1)/2 = 30/2 = 15 connections to create a fully meshed network.

Point-to-Multipoint In a point-to-multipoint topology, a single system acts as a common source through which all members of the point-to-multipoint network converse. If you compare a star topology to a slightly rearranged point-to-multipoint topology, you might be tempted to say they’re the same thing. Granted, they’re similar, but look at Figure 3.11. See what’s in the middle? The subtle but important difference is that a point-to-multipoint topology requires an intelligent device in the center, whereas the device in the center of a star topology has little more to do than send or provide a path for a signal down all the connections.

Figure 3.11 • Comparing star and point-to-multipoint topologies

You’ll sometimes find mesh or point-to-multipoint topology used in wired networks, but they’re rare. These two topologies are far more com- monly seen in wireless networks.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 50

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 3

Point-to-Point In a point-to-point topology network, two computers connect directly together with no need for a central device of any kind. You’ll find point-to-point topologies implemented in both wired and wireless networks (Figure 3.12).

Parameters of a Topology Although a topology describes the method by which systems in a network connect, the topology alone doesn’t describe all of the features necessary to enable those networks. The term bus topology, for example, describes a net- work that consists of some number of machines connected to the network via a single linear piece of cable. Notice that this definition leaves a lot of questions unanswered. What is the cable made of? How long can it be? How do the machines decide which machine should send data at a specific moment? A network based on a bus topology can answer these questions in a number of different ways—but it’s not the job of the topology to define issues like these. A functioning network needs a more detailed standard.

Over the years, particular manufacturers and standards bodies have created several specific network technologies based on different topologies. A network technology is a practical application of a topology and other criti- cal technologies that provides a method to get data from one computer to another on a network. These network technologies have names like 10BaseT, 1000BaseF, and 10GBaseLX. You will learn all about these in the next two chapters.

Cabling■■ The majority of networked systems link together using some type of cabling. Different types of networks over the years have used a number of different types of cables—and you need to learn about all these cables to succeed on the CompTIA Network+ exam! This section explores both the cabling types used in older networks and those found in today’s networks.

All cables used in the networking industry can be categorized in three distinct groups: coaxial (coax), twisted pair, and fiber-optic. Let’s look at all three.

Coaxial Cable Coaxial cable contains a central conductor wire surrounded by an insulating material, which, in turn, is surrounded by a braided metal shield. The cable is referred to as coaxial (coax for short) because the center wire and the braided metal shield share a common axis or centerline (Figure 3.13).

Coaxial cable shields data transmissions from electromag- netic interference (EMI). Many devices in the typical office environment generate magnetic fields, including lights, fans,

Figure 3.12 • Point-to-point topology

Make sure you know all your topologies: bus, ring, star, hybrid, mesh, point-to- multipoint, and point-to-point.

Figure 3.13 • Cutaway view of coaxial cable

BaseTech

Chapter 3: Cabling and Topology 51

copy machines, and refrigerators. When a metal wire encounters these magnetic fields, electrical current is generated along the wire. This extra current—EMI—can shut down a network because it is easily misinterpreted as a signal by devices like NICs. To prevent EMI from affecting the network, the outer mesh layer of a coaxial cable shields the center wire (on which the data is transmitted) from interference (Figure 3.14).

Early bus topology networks used coaxial cable to connect computers together. Back in the day, the most popular cable used special bayonet-style connectors called BNC connectors (Figure 3.15). Even earlier bus networks used thick cable that required vampire connections—sometimes called vampire taps—that literally pierced the cable.

Figure 3.14 • Coaxial cable showing braided metal shielding

Figure 3.15 • BNC connector on coaxial cable

You’ll find coaxial cable used today primarily to enable a cable modem to connect to an Internet service provider (ISP). Connecting a computer to the cable modem enables that computer to access the Internet. This cable is the same type used to connect televisions to cable boxes or to satellite receivers. These cables use an F-connector that screws on, making for a secure connec- tion (Figure 3.16).

Figure 3.16 • F-type connector on coaxial cable

Coaxial cabling is also very popular with satellite, over-the- air antennas, and even some home video devices. This book covers cable and other Internet connectivity options in great detail in Chapter 14.

Tech Tip

What’s in a Name? Techs all around the globe argue over the meaning of BNC. A solid percentage says with authority that it stands for “British Naval Connector.” An opposing percentage says with equal authority that it stands for “Bayonet Neill-Concelman,” after the stick-and-twist style of connecting and the purported inventors of the connector. The jury is still out, though this week I’m leaning toward Neill and Concelman and their bayonet- style connector.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 52

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3

Cable modems connect using either RG-6 or, rarely, RG-59. RG-59 was used primarily for cable television rather than networking. Its thinness and the introduction of digital cable motivated the move to the more robust RG-6, the predominant cabling used today (Figure 3.17).

All coax cables have a Radio Grade (RG) rating. The U.S. military devel- oped these ratings to provide a quick reference for the different types of coax. The only important measure of coax cabling is its Ohm rating, a relative measure of the resistance (or more precisely, characteristic impedance) on the cable. You may run across other coax cables that don’t have acceptable Ohm ratings, although they look just like network-rated coax. Fortunately, most coax cable types display their Ohm ratings on the cables themselves (see Figure 3.18). Both RG-6 and RG-59 cables are rated at 75 Ohms.

The Ohm rating of a particular piece of cable describes the impedance of that cable. Impedance describes a set of characteristics that define how much a cable resists the flow of electricity. This isn’t simple resistance, though. Impedance also factors in things like how long it takes the wire to get a full charge—the wire’s capacitance—and more.

Figure 3.17 • RG-6 cable Figure 3.18 • Ohm rating (on an older, RG-58 cable used for networking)

Given the popularity of cable for television and Internet in homes today, you’ll run into situations where people need to take a single coaxial cable and split it. Coaxial handles this quite nicely with coaxial splitters like the one shown in Figure 3.19. You can also connect two coaxial cables together easily using a barrel connector when you need to add some distance to a connection (Figure 3.20).

Figure 3.19 • Coaxial splitter Figure 3.20 • Barrel connector

BaseTech

Chapter 3: Cabling and Topology 53

Twisted Pair The most common type of cabling used in networks consists of twisted pairs of cables, bundled together into a common jacket. Twisted-pair cabling for networks is composed of multiple pairs of wires, twisted around each other at specific intervals. The twists reduce interference, called crosstalk: the more twists, the less crosstalk. Networks use two types of twisted-pair cabling: shielded twisted pair and unshielded twisted pair.

Shielded Twisted Pair Shielded twisted pair (STP), as its name implies, consists of twisted pairs of wires surrounded by shielding to protect them from EMI. STP is pretty rare, primarily because there’s so little need for STP’s shielding. The shielding only really matters in locations with excessive electronic noise, such as a shop floor with lots of lights, electric motors, or other machin- ery that could cause problems for other cables. Figure 3.21 shows the most common STP type: the venerable IBM Type 1 cable used in Token Ring network technology.

Unshielded Twisted Pair Unshielded twisted pair (UTP) is by far the most common type of network cabling used today. UTP consists of twisted pairs of wires surrounded by a plastic jacket (Figure 3.22). This jacket does not provide any protection from EMI, so when install- ing UTP cabling, you must be careful to avoid interference from fluorescent lights, motors, and so forth. UTP costs much less than STP but, in most cases, performs just as well.

Although more sensitive to interference than coaxial or STP cable, UTP cabling provides an inexpensive and flexible means to cable networks. UTP cable isn’t exclusive to networks. Many other technologies (such as telephone systems) employ the same cabling. This makes working with UTP a bit of a challenge. Imagine going up into a ceil- ing and seeing two sets of UTP cables: how would you determine which is for the telephones and which is for the network? Not to worry—a number of installation standards and tools exist to help those who work with UTP answer these types of questions.

Have you ever picked up a telephone and heard a distinct crackling noise? That’s an example of crosstalk.

Figure 3.21 • Shielded twisted pair

Figure 3.22 • Unshielded twisted pair

Cross Check OSI Seven-Layer and TCP/IP Model

You’ve seen UTP cabling before when Dana accessed documents on Janelle’s PC at MHTechEd. Refer to Chapter 2, and cross-check your memory. At what layer of the OSI seven-layer model would you put UTP cabling? For that matter, at what layer would you put network topology? How about on the TCP/IP model?

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 54

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 3

Not all UTP cables are the same! UTP cabling has a number of varia- tions, such as the number of twists per foot. To help network installers get the right cable for the right network technology, the cabling industry has developed a variety of grades called category (CAT) ratings. CAT ratings are officially rated in megahertz (MHz), indicating the highest frequency the cable can handle. Table 3.1 shows the most common categories along with their status with the TIA/EIA (see the Tech Tip for more information).

Table 3.1 CAT Ratings for UTP CAT Rating Max Frequency Max Bandwidth Status with TIA/EIA

CAT 1 < 1 MHz Analog phone lines only

No longer recognized

CAT 2 4 MHz 4 Mbps No longer recognized

CAT 3 16 MHz 16 Mbps Recognized

CAT 4 20 MHz 20 Mbps No longer recognized

CAT 5 100 MHz 100 Mbps No longer recognized

CAT 5e 100 MHz 1000 Mbps Recognized CAT 6 250 MHz 10000 Mbps Recognized

UTP cables are rated to handle a certain frequency or cycles per second, such as 100 MHz or 1000 MHz. You could take the frequency number in the early days of networking and translate that into the maximum throughput for a cable. Each cycle per second (or hertz) basically accounted for one bit of data per second. A 10 million cycle per second (10 MHz) cable, for example, could handle 10 million bits per second (10 Mbps). The maximum amount of data that goes through the cable per second is called the bandwidth.

For current networks, developers have implemented bandwidth-efficient encoding schemes, which means they can squeeze more bits into the same signal as long as the cable can handle it. Thus, the CAT 5e cable can handle a throughput of up to 1000 Mbps, even though it’s rated to handle a fre- quency of only up to 100 MHz.

Because most networks can run at speeds of up to 1000 MHz, most new cabling installations use Category 5e (CAT 5e) cabling, although a large number of installations use CAT 6 to future-proof the network. CAT 5e cabling currently costs much less than CAT 6, although as CAT 6 gains

in popularity, it’s slowly drop- ping in price.

Make sure you can look at UTP and know its CAT rating. There are two places to look. First, UTP is typically sold in boxed reels, and the manufacturer will clearly mark the CAT level on the box (Figure 3.23). Second, look on the cable itself. The category level of a piece of cable is usually printed on the cable (Figure 3.24).

The CompTIA Network+ exam is only interested in CAT 3, CAT 5, CAT 5e, and CAT 6 cables.

Tech Tip

Industry Standards Bodies Several international groups set the standards for cabling and networking in general. Ready for alphabet soup? At or near the top is the International Organization for Standardization (ISO). The American National Standards Institute (ANSI) is both the official U.S. representative to the ISO and a major international player. ANSI checks the standards and accredits other groups, such as the Telecommunications Industry Association (TIA) and the Electronic Industries Alliance (EIA). The TIA and EIA together set the standards for UTP cabling, among many other things.

Try This! Shopping Spree!

Just how common has CAT 6 become in your neighborhood? Take a run down to your local hardware store or office supply store and shop for UTP cabling. Do they carry CAT 6? CAT 5? CAT 7? What’s the dif- ference in price? If it’s not much more expensive to go with the better cable, the expected shift in networking standards has occurred and you might want to upgrade your network.

BaseTech

Chapter 3: Cabling and Topology 55

Anyone who’s plugged in a telephone has probably already dealt with the registered jack (RJ) connectors used with UTP cable. Telephones use RJ-11 connectors, designed to support up to two pairs of wires. Networks use the four-pair RJ-45 connectors (Figure 3.25).

Fiber-Optic Fiber-optic cable transmits light rather than electricity, making it attractive for both high-EMI areas and long-distance transmissions. Whereas a sin- gle copper cable cannot carry data more than a few hundred meters at best, a single piece of fiber-optic cabling will operate, depending on the implementation, for distances of up to tens of kilometers. A fiber-optic cable has four components: the glass fiber itself (the core); the cladding, which is the part that makes the light reflect down the fiber; buffer material to give strength, and the insulating jacket (Figure 3.26).

Fiber-optic cabling is manufactured with many different diameters of core and cladding. In a convenient bit of standardization, cable manufacturers use a two- number designator to define fiber-optic cables according to their core and cladding measurements. The most common fiber-optic cable size is 62.5/125 µm. Almost all network technologies that use fiber-optic cable require

Figure 3.23 • CAT level marked on box of UTP

Figure 3.24 • CAT level on UTP

Figure 3.25 • RJ-11 (left) and RJ-45 (right) connectors

Figure 3.26 • Cross section of fiber-optic cabling

Tech Tip

CAT 6a If you have a need for speed, the latest finalized update to the venerable UTP cable is Category 6a. This update doubles the bandwidth of CAT 6 to 500 MHz to accommodate 10-Gbps speeds up to 100 meters. Take that, fiber! (The 100-meter limitation, by the way, refers to the Ethernet standard, the major implementation of UTP in the networking world. Chapter 4 covers Ethernet in great detail.)

Other standards are in the works, however, so by the time you read this paragraph, CAT 6a might be old news. CAT 7 (600 MHz), CAT 7a (1000 MHz), and CAT 8 (1200 MHz) are just around the corner.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 56

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 3

pairs of fibers. One fiber is used for sending, the other for receiving. In response to the demand for two-pair cabling, manufacturers often con- nect two fibers together like a lamp cord to create the popular duplex fiber-optic cabling (Figure 3.27).

Fiber cables are pretty tiny! Light can be sent down a fiber-optic cable as regular light or as laser light. The two types of light require totally different fiber-optic cables. Most network technologies that use fiber optics use LEDs (light emitting diodes) to send light signals. A fiber-optic cable that uses LEDs is known as multimode fiber (MMF).

A fiber-optic cable that uses lasers is known as single- mode fiber (SMF). Using laser light and single-mode fiber- optic cables prevents a problem unique to multimode fiber optics called modal distortion (signals sent at the same time don’t arrive at the same time because the paths differ slightly in length) and enables a network to achieve phenomenally high transfer rates over incredibly long distances.

Fiber optics also define the wavelength of light used, measured in nanometers (nm). Almost all multimode cables transmit 850-nm wavelengths, whereas single-mode trans- mits either 1310 or 1550 nm, depending on the laser.

Fiber-optic cables come in a broad choice of connector types. There are over one hundred different connectors, but the three you need to know for the CompTIA Net- work+ exam are ST, SC, and LC (Figure 3.28). LC is unique because it is a duplex connector, designed to accept two fiber cables.

Figure 3.28 • From left to right: ST, SC, and LC fiber-optic connectors

Other Cables Fiber-optic and UTP make up almost all network cabling, but a few other types of cabling may serve from time to time as alternatives to these two: the ancient serial and parallel cables from the earliest days of PCs and the modern high-speed serial connection, better known as FireWire. These cables are only used with quick-and-dirty temporary connections, but they do work, so they bear at least a quick mention.

For those of you unfamiliar with it, the odd little u-shaped symbol describing fiber cable size (µ) stands for micro, or 1/1,000,000.

Figure 3.27 • Duplex fiber-optic cable

Tech Tip

What’s in a Name? Most technicians call common fiber-optic connectors by their initials—such as ST, SC, or LC—perhaps because there’s no consensus about what words go with those initials. ST probably stands for straight tip, although some call it snap twist. But SC and LC? How about subscriber connector, standard connector, or Siemon connector for the former, and local connector or Lucent connector for the latter?

If you want to remember the connectors for the exam, try these: stick and twist for the bayonet- style ST connectors; stick and click for the straight push-in SC connectors; and little connector for the . . . little . . . LC connector.

BaseTech

Chapter 3: Cabling and Topology 57

Classic Serial Serial cabling predates both networking and the personal com- puter. RS-232, the recommended standard (RS) upon which all serial communication takes place on your PC, dates from 1969 and hasn’t substantially changed in around 40 years. When IBM invented the PC way back in 1980, serial connections were just about the only standard input/output technology available, so IBM included two serial ports on every PC. The most common serial port is a 9-pin, male D-subminiature (or DB-9) connector, as shown in Figure 3.29.

Serial ports offer a poor option for networking, with very slow data rates—only about 56,000 bps—and only point-to-point con- nections. In all probability, copying something on a flash drive and just walking over to the other system is faster, but serial network- ing does work if needed. Serial ports are quickly fading away, however, and you no longer see them on new PCs.

Parallel Parallel connections are as ancient as serial ports. Parallel can run up to around 2 Mbps, although when used for networking, they tend to be much slower. Parallel is also limited to point-to-point topology but uses a 25-pin female—rather than male—DB type connector (Figure 3.30). The IEEE 1284 committee sets the standards for parallel communication. (See the section “Networking Industry Standards—IEEE,” later in this chapter.)

FireWire FireWire (based on the IEEE 1394 standard) is the only viable alternative cabling option to fiber-optic or UTP. FireWire is also restricted to point-to- point connections, but it’s very fast (currently the standard is up to 800 Mbps). FireWire has its own unique connector (Figure 3.31).

Figure 3.31 • FireWire connector

Figure 3.29 • Serial port

Figure 3.30 • Parallel connector

Concentrate on UTP—that’s where the hardest CompTIA Network+ exam questions come into play. Don’t forget to give coax, STP, and fiber-optic a quick pass, and make sure you understand the reasons for picking one type of cabling over another. Even though the CompTIA Network+ exam does not test too hard on cabling, this is important information that you will use in the real networking world.

You cannot network computers using FireWire in Windows Vista or Windows 7.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 58

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3

Fire Ratings Did you ever see the movie The Towering Inferno? Don’t worry if you missed it—The Towering Inferno was one of the better disaster movies of the 1970s, although it was no Airplane! Anyway, Steve McQueen stars as the fireman who saves the day when a skyscraper goes up in flames because of poor-quality electrical cabling. The burning insulation on the wires ultimately spreads the fire to every part of the building. Although no cables made today contain truly flammable insulation, the insulation is made from plastic, and if you get any plastic hot enough, it will create smoke and noxious fumes. The risk of burning insulation isn’t fire—it’s smoke and fumes.

To reduce the risk of your network cables burning and creating nox- ious fumes and smoke, Underwriters Laboratories and the National Elec- trical Code (NEC) joined forces to develop cabling fire ratings. The two most common fire ratings are PVC and plenum. Cable with a polyvinyl chloride (PVC) rating has no significant fire protection. If you burn a PVC cable, it creates lots of smoke and noxious fumes. Burning plenum-rated cable creates much less smoke and fumes, but plenum-rated cable—often referred to simply as “plenum”—costs about three to five times as much as PVC-rated cable. Most city ordinances require the use of plenum cable for network installations. The bottom line? Get plenum!

The space between the acoustical tile ceiling in an office building and the actual concrete ceiling above is called the plenum—hence the name for the proper fire rating of cabling to use in that space. A third type of fire rating, known as riser, designates the proper cabling to use for vertical runs between floors of a building. Riser-rated cable provides less protec- tion than plenum cable, though, so most installations today use plenum for runs between floors.

Networking Industry ■■ Standards—IEEE

The Institute of Electrical and Electronics Engineers (IEEE) defines industry- wide standards that promote the use and implementation of technol- ogy. In February 1980, a new committee called the 802 Working Group took over from the private sector the job of defining network standards. The IEEE 802 committee defines frames, speeds, distances, and types of cabling to use in a network environment. Concentrating on cables, the IEEE recognizes that no single cabling solution can work in all situations and, therefore, provides a variety of cabling standards.

IEEE committees define standards for a wide variety of electronics. The names of these committees are often used to refer to the standards they publish. The IEEE 1284 committee, for example, sets standards for parallel communication. Have you ever seen a printer cable marked “IEEE

BaseTech

Chapter 3: Cabling and Topology 59

1284–compliant,” as in Figure 3.32? This means the manufacturer followed the rules set by the IEEE 1284 committee. Another committee you may have heard of is the IEEE 1394 committee, which controls the FireWire standard.

The IEEE 802 committee sets the standards for net- working. Although the original plan was to define a single, universal standard for networking, it quickly became apparent that no single solution would work for all needs. The 802 committee split into smaller subcommittees, with names such as IEEE 802.3 and IEEE 802.5. Table 3.2 shows the currently recog- nized IEEE 802 subcommittees and their areas of jurisdiction. I’ve included the inactive subcommittees for reference. The missing numbers, such as 802.4 and 802.12, were used for committees long-ago disbanded. Each sub- committee is officially called a Working Group, except the few listed as a Technical Advisory Group (TAG) in the table.

Some of these committees deal with technologies that didn’t quite make it, and the committees associated with those standards, such as IEEE 802.4, Token Bus, have become dormant. When preparing for the CompTIA Network+ exam, concentrate on the IEEE 802.3 and 802.11 stan- dards. You will see these again in later chapters.

Table 3.2 IEEE 802 Subcommittees IEEE 802 LAN/MAN Overview & Architecture

IEEE 802.1 Higher Layer LAN Protocols

802.1s Multiple Spanning Trees

802.1 Rapid Reconfiguration of Spanning Tree

802.1x Port Based Network Access Control

IEEE 802.2 Logical Link Control (LLC); now inactive

IEEE 802.3 Ethernet

802.3ae 10 Gigabit Ethernet

IEEE 802.5 Token Ring; now inactive

IEEE 802.11 Wireless LAN (WLAN); specifications, such as Wi-Fi

IEEE 802.15 Wireless Personal Area Network (WPAN)

IEEE 802.16 Broadband Wireless Access (BWA); specifications for implementing Wireless Metropolitan Area Networks (Wireless MANs); referred to also as WiMAX

IEEE 802.17 Resilient Packet Ring (RPR)

IEEE 802.18 Radio Regulatory Technical Advisory Group

IEEE 802.19 Coexistence Technical Advisory Group

IEEE 802.20 Mobile Broadband Wireless Access (MBWA)

IEEE 802.21 Media Independent Handover IEEE 802.22 Wireless Regional Area Networks

Memorize the 802.3 and 802.11 standards. Ignore the rest.

Fire Ratings Did you ever see the movie The Towering Inferno? Don’t worry if you missed it—The Towering Inferno was one of the better disaster movies of the 1970s, although it was no Airplane! Anyway, Steve McQueen stars as the fireman who saves the day when a skyscraper goes up in flames because of poor-quality electrical cabling. The burning insulation on the wires ultimately spreads the fire to every part of the building. Although no cables made today contain truly flammable insulation, the insulation is made from plastic, and if you get any plastic hot enough, it will create smoke and noxious fumes. The risk of burning insulation isn’t fire—it’s smoke and fumes.

To reduce the risk of your network cables burning and creating nox- ious fumes and smoke, Underwriters Laboratories and the National Elec- trical Code (NEC) joined forces to develop cabling fire ratings. The two most common fire ratings are PVC and plenum. Cable with a polyvinyl chloride (PVC) rating has no significant fire protection. If you burn a PVC cable, it creates lots of smoke and noxious fumes. Burning plenum-rated cable creates much less smoke and fumes, but plenum-rated cable—often referred to simply as “plenum”—costs about three to five times as much as PVC-rated cable. Most city ordinances require the use of plenum cable for network installations. The bottom line? Get plenum!

The space between the acoustical tile ceiling in an office building and the actual concrete ceiling above is called the plenum—hence the name for the proper fire rating of cabling to use in that space. A third type of fire rating, known as riser, designates the proper cabling to use for vertical runs between floors of a building. Riser-rated cable provides less protec- tion than plenum cable, though, so most installations today use plenum for runs between floors.

Networking Industry ■■ Standards—IEEE

The Institute of Electrical and Electronics Engineers (IEEE) defines industry- wide standards that promote the use and implementation of technol- ogy. In February 1980, a new committee called the 802 Working Group took over from the private sector the job of defining network standards. The IEEE 802 committee defines frames, speeds, distances, and types of cabling to use in a network environment. Concentrating on cables, the IEEE recognizes that no single cabling solution can work in all situations and, therefore, provides a variety of cabling standards.

IEEE committees define standards for a wide variety of electronics. The names of these committees are often used to refer to the standards they publish. The IEEE 1284 committee, for example, sets standards for parallel communication. Have you ever seen a printer cable marked “IEEE

Figure 3.32 • Parallel cable marked IEEE 1284–compliant

60 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3

Chapter 3 Review■■

Chapter Summary ■

After reading this chapter and completing the exer- cises, you should understand the following about cabling and topology.

Explain the different types of network topologies

A network’s ■ topology describes how computers connect to each other in that network. The most common network topologies are called bus, ring, star, and mesh.

In a bus topology, all computers connect to ■ the network via a main line. The cable must be terminated at both ends to prevent signal reflections.

In a ring topology, all computers on the network ■ attach to a ring of cable. A single break in the cable stops the flow of data through the entire network.

In a star topology, the computers on the network ■ connect to a central wiring point, which provides fault tolerance.

Modern networks use one of two hybrid ■ topologies: star-bus or star-ring. Star-bus is overwhelmingly the most common topology used today.

In a mesh topology, each computer has a ■ dedicated line to every other computer. Mesh networks can be further categorized as partially meshed or fully meshed, both of which require a significant amount of physical cable. Network techs are able to determine the amount of cable segments needed with a mathematical formula.

In a point-to-multipoint topology, a single ■ system acts as a common source through which all members of the network converse.

Mesh and point-to-multipoint topologies are ■ common among wireless networks.

In a point-to-point topology, two computers ■ connect directly together.

Describe the different types of network cabling

Coaxial cable, or coax, shields data transmissions ■ from EMI. Coax was widely used in early bus networks and used BNC connectors. Today, coax is used mainly to connect a cable modem to an ISP.

Coax cables have an RG rating, with RG-6 being ■ the predominant coax today.

Twisted pair, which comes shielded or ■ unshielded, is the most common type of networking cable today. UTP is less expensive and more popular than STP, though it doesn’t offer any protection from EMI.

UTP is categorized by its CAT rating, with ■ CAT 5, CAT 5e, and CAT 6 being the most commonly used today.

Telephones use RJ-11 connectors, whereas UTP ■ uses RJ-45 connectors.

Fiber-optic cabling transmits light instead of the ■ electricity used in CAT cable or coax. It is thin and more expensive, yet less flexible and more delicate, than other types of network cabling.

There are two types of fiber-optic cable based ■ on what type of light is used. LEDs require multimode cable, whereas lasers generally require single-mode cable.

All fiber-optic cable has three parts: the fiber ■ itself; the cladding, which covers the fiber and helps it reflect down the fiber; and the outer insulating jacket. Additionally, there are over one hundred types of connectors for fiber-optic cable, but ST, SC, and LC are the most common for computer networking.

Plenum-rated UTP is required by most cities for ■ network installations.

Serial cables adhering to the RS-232 standard ■ and parallel cables adhering to the IEEE-1284 standard may be used to network two computers

BaseTech

61 Chapter 3: Cabling and Topology

directly together. You can also use IEEE 1394 (FireWire) connections for direct connection, although not with Windows Vista or Windows 7.

Describe the IEEE networking standards

Networking standards are established and ■ promoted by the Institute of Electrical and Electronics Engineers (IEEE).

The IEEE 802 committee defines frames, ■ speeds, distances, and types of cabling to use in networks. IEEE 802 is split into several subcommittees, including IEEE 802.3 and IEEE 802.11.

The IEEE 1284 committee defines the standards ■ for parallel communications, whereas the IEEE 1394 committee defines the standards for FireWire High-Performance Serial Bus.

Key Terms ■

bandwidth (54) BNC connectors (51) bus topology (45) category (CAT) ratings (54) cladding (55) coaxial cable (50) core (55) crosstalk (53) electromagnetic interference (EMI) (50) fault tolerance (46) fiber-optic cable (55) fully meshed topology (48) hybrid topology (47) IEEE 1284 (57) IEEE 1394 (57) Institute of Electrical and Electronics Engineers

(IEEE) (58) insulating jacket (55) logical topology (47) mesh topology (48) modal distortion (56) multimode fiber (MMF) (56)

network topology (44) Ohm rating (52) partially meshed topology (48) physical topology (47) plenum (58) point-to-multipoint topology (49) point-to-point topology (50) polyvinyl chloride (PVC) (58) Radio Grade (RG) rating (52) ring topology (45) riser (58) RJ-11 (55) RJ-45 (55) RS-232 (57) segment (47) shielded twisted pair (STP) (53) signaling topology (47) single-mode fiber (SMF) (56) star-bus topology (47) star-ring topology (47) star topology (46) unshielded twisted pair (UTP) (53)

Key Term Quiz ■ Use the Key Terms list to complete the sentences that follow. Not all terms will be used.

The _______________ is a network topology that 1. relies on a main line of network coaxial cabling.

The _______________ of a cable will determine 2. its speed.

A(n) _______________ provides more fault 3. tolerance than any other basic network topology.

When your network has all computers connected 4. to a centrally located wiring closet, you have a physical _______________ network.

62 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3

_______________ networks use more than one 5. type of basic network topology.

CAT 5e cable is a type of _______________ 6. wiring.

Coaxial cable uses a braided metal shield to 7. protect data from _______________.

Network cabling can use either light or electricity 8. to transmit data. The faster of these types uses light along _______________.

_______________-grade UTP must be installed 9. in ceilings, whereas _______________-grade UTP is often used to connect one floor to another vertically in a building.

The twisting of the cables in UTP and STP 10. reduces _______________.

Multiple-Choice Quiz ■

Which of the following are standard network 1. topologies? (Select three.)

BusA.

StarB.

RingC.

Dual-ringD.

John was carrying on at the water cooler the 2. other day, trying to show off his knowledge of networking. He claimed that the company had installed special cabling to handle the problems of crosstalk on the network. What kind of cabling did the company install?

CoaxialA.

Shielded coaxialB.

Unshielded twisted pairC.

Fiber-opticD.

Jill needs to run some UTP cable from one 3. office to another. She found a box of cable in the closet and wants to make sure it’s CAT 5 or better. How can she tell the CAT level of the cable? (Select two.)

Check the box.A.

Scan for markings on the cable.B.

Check the color of the cable—gray means C. CAT 5, yellow means CAT 6e, and so on.

Check the ends of the cable.D.

What topology provides the most fault 4. tolerance?

BusA.

RingB.

Star-busC.

MeshD.

What organization is responsible for 5. establishing and promoting networking standards?

Institute of Electrical and Electronics A. Engineers (IEEE)

International Networking Standards B. Organization (INSO)

Federal Communications Commission C. (FCC)

International Telecommunications D. Association (ITA)

What aspects of network cabling do the IEEE 6. committees establish? (Select three.)

Frame sizeA.

SpeedB.

Color of sheathingC.

Cable typesD.

BaseTech

63 Chapter 3: Cabling and Topology

What types of coax cabling have been used in 7. computer networking? (Select three.)

RG-8A.

RG-45B.

RG-58C.

RG-62D.

What applications are best suited for fiber-8. optic cabling? (Select two.)

Short distancesA.

Wireless networksB.

High-EMI areasC.

Long distancesD.

What are the main components of fiber-optic 9. cabling? (Select three.)

CladdingA.

Insulating jacketB.

Copper coreC.

FiberD.

What is the most popular size fiber-optic 10. cabling?

62.5/125 µmA.

125/62.5 µmB.

50/125 µmC.

125/50 µmD.

Most fiber-optic installations use LEDs to send 11. light signals and are known as what?

Single-modeA.

MultimodeB.

Complex modeC.

Duplex modeD.

Why must the main cable in a bus topology be 12. terminated at both ends?

To allow the signal to be amplified so it can A. reach both ends of the network

To prevent the signal from dropping off the B. network before reaching all computers

To prevent the signal from bouncing back C. and forth

To convert the signal to the proper format D. for a bus network

Where are you most likely to encounter a mesh 13. network?

On any network using fiber-optic cableA.

On any network using plenum cableB.

On wireless networksC.

On wired networksD.

You are asked by your boss to research 14. upgrading all the network cable in your office building. The building manager requires the safest possible cabling type in case of fire, and your boss wants to future- proof the network so cabling doesn’t need to be replaced when network technologies faster than 1 Gbps are available. You decide to use CAT 5e plenum cabling throughout the building. Which objective have you satisfied?

Neither the building manager’s nor your A. boss’s requirements have been met.

Only the building manager’s requirement B. has been met.

Only your boss’s requirement has C. been met.

Both the building manager’s and your D. boss’s requirements have been met.

Which committee is responsible for wireless 15. networking standards?

IEEE 802.2A.

IEEE 802.3B.

IEEE 802.5C.

IEEE 802.11D.

64 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 3

Lab Project 3.1 •

Lab ProjectsLab Projects

This lab project requires you to demonstrate knowledge of the four basic network topologies. Obtain four blank pieces of paper. Proceed to draw six boxes on each page to represent six computers—neatness counts!

At the top of each sheet, write one of the following: bus topology, mesh topology, ring topology, or star topology. Then draw lines to represent the physical network cabling required by each network topology.

Lab Project 3.2 •

In your studies of network cabling for the CompTIA Network+ certification exam, you realize you could use a simplified chart to study from and memorize. Build a reference study chart that describes the features of

network cabling. Create your completed chart using a spreadsheet program, or simply a sheet of paper, with the column headings and names shown in the following table. If you wish, you can start by writing your notes here.

Essay Quiz ■ You work in the computer training department 1. at your company. A newly developed mobile training program is being planned. The plan requires setting up five training computers in a particular department you use to train on weekly. Write a short essay that describes which network topology would be quickest to set up and tear down for this type of onsite training.

Your boss has decided to have cable run to 2. every computer in the office, but doesn’t know which type to use. In an effort to help bring the company into the 21st century, write a short

essay comparing the merits of UTP and fiber- optic cabling.

The NICs on your company’s computers all 3. have dual 10-Mbps and 100-Mbps capability, yet users complain that the network is slow. Write a brief essay that explains what could be the cause of the problem.

Your company has hired a group of new 4. network techs, and you’ve been tasked to do their training session on networking standards organizations. Write a brief essay detailing the IEEE and its various committees.

BaseTech

65 Chapter 3: Cabling and Topology

Cable Type Description Benefits Drawbacks

CAT 5

CAT 5e

CAT 6

Fiber-optic

Lab Project 3.3 •

In this lab project, you will demonstrate knowledge of the different IEEE committees that are most prevalent today. Use the Internet to research each of these subcommittees:

IEEE 802.3, IEEE 802.5, and IEEE 802.11. Give an example of where each type of technology might best be used.

4 chapter

66

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

Ethernet Basics

“In theory there is no difference

between theory and practice. In

practice there is.”

—Yogi Berra

In this chapter, you will learn how to

Define and describe Ethernet■■

Explain early Ethernet ■■ implementations

Describe ways to extend and ■■ enhance Ethernet networks

In the beginning, there were no networks. Computers were isolated, solitary islands of information in a teeming sea of proto-geeks who used clubs and wore fur pocket protectors. Okay, maybe it wasn’t that bad, but if you wanted to

move a file from one machine to another—and proto-geeks were as much into

that as modern geeks—you had to use Sneakernet, which meant you saved the

file on a disk, laced up your tennis shoes, and hiked over to the other system.

All that walking no doubt produced lots of health benefits, but frankly, proto-

geeks weren’t all that into health benefits—they were into speed, power, and

technological coolness in general. (Sound familiar?) It’s no wonder, then, that

geeks everywhere agreed on the need to replace Sneakernet with a faster and

more efficient method of sharing data. The method they came up with is the

subject of this chapter.

BaseTech

Chapter 4: Ethernet Basics 67

Historical/Conceptual

Ethernet■■ In 1973, Xerox answered the challenge of moving data without sneakers by developing Ethernet, a networking technology standard based on a bus topology. The Ethernet standard dominates today’s networks and defines all of the issues involved in transferring data between computer systems. The original Ethernet used a single piece of coaxial cable in a bus topology to connect several computers, enabling them to transfer data at a rate of up to 3 Mbps. Although slow by today’s standards, this early version of Ether- net was a huge improvement over Sneakernet methods and served as the foundation for all later versions of Ethernet.

Ethernet remained a largely in-house technology within Xerox until 1979, when Xerox decided to look for partners to help promote Ethernet as an industry standard. Xerox worked with Digital Equipment Corporation (DEC) and Intel to publish what became known as the Digital-Intel-Xerox (DIX) standard. Running on coaxial cable, the DIX standard enabled mul- tiple computers to communicate with each other at a screaming 10 Mbps. Although 10 Mbps represents the low end of standard network speeds today, at the time it was revolutionary. These companies then transferred control of the Ethernet standard to the IEEE, which, in turn, created the 802.3 (Ethernet) committee that continues to control the Ethernet standard to this day.

Given that Ethernet’s been around for so long, we need to start at a common point. I’ve chosen to use 10BaseT, the earliest version of Ether- net designed to use UTP cabling. At this point, don’t worry what 10BaseT

Tech Tip

IEEE The source for all things Ethernet is but a short click away on the Internet. For starters, check out www.ieee802.org.

Tech Tip

Defining Ethernet Providing a clear and concise definition of Ethernet has long been one of the major challenges in teaching networking. This difficulty stems from the fact that Ethernet has changed over the years to incorporate new and improved technology. Most folks won’t even try to define Ethernet, but here’s my best attempt at a current definition.

Ethernet is a standard for a family of network technologies that share the same basic bus topology, frame type, and network access method. Because the technologies share these essential components, you can communicate between them just fine. The implementation of the network might be different, but the frames remain the same. This is true for Ethernet running on a physical bus topology—the ancient 10Base5 and 10Base2—and a logical bus topology—10BaseT and later.

means—this chapter will cover the definition. For right now, just get into the idea of how Ethernet works.

Ethernet’s designers faced the same challenges as the design- ers of any network: how to send data across the wire, how to iden- tify the sending and receiving computers, and how to determine which computer should use the shared cable at what time. The engineers resolved these issues by using data frames that con- tain MAC addresses to identify computers on the network and by using a process called CSMA/CD (discussed shortly) to deter- mine which machine should access the wire at any given time. You saw some of this in action in Chapter 2, but now I need to introduce you to a bunch of new terms, so let’s look at each of these solutions.

Topology Every version of Ethernet invented since the early 1990s uses a hybrid star-bus topology. At the center of these early networks was a hub. A hub is nothing more than an electronic repeater— it interprets the ones and zeroes coming in from one port and repeats the same signal out to the other connected ports. Hubs do not send the same signal back down the port that originally sent

There have been many versions of Ethernet over the years. The earliest versions, named 10Base5 and 10Base2, are long obsolete. As of 2009, CompTIA finally dropped these ancient technologies from the CompTIA Network+ exam. Rest in peace, 10Base5 and 10Base2!

Oddly, though, the official Network+ Acronym List refers to two analog technologies used in networks circa 1980s, amplitude modulation (AM) and frequency modulation (FM). These were used to transmit multiple signals at the same time over cable. For the exam, note that these are not used in networks today.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 68

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

it (Figure 4.1). Repeaters are not amplifiers! They read the incoming signal and send new copies of that signal out to every connected port on the hub.

Figure 4.1 • Ethernet hub

Test Specific

Organizing the Data: ■■ Ethernet Frames

All network technologies break data transmitted between computers into smaller pieces called frames, as you’ll recall from Chapter 2. Using frames addresses two networking issues. First, frames prevent any single machine from monopolizing the shared bus cable. Second, they make the process of retransmitting lost data more efficient.

The process you saw in Chapter 2 of transferring a word processing document between two computers illustrates these two issues. First, if the sending computer sends the document as a single huge frame, the frame will monopolize the cable and prevent other machines from using the cable until the entire file gets to the receiving system. Using relatively small frames enables computers to share the cable easily—each computer listens on the segment, sending a few frames of data whenever it detects that no other computer is transmitting. Second, in the real world, bad things can happen to good data. When errors occur during transmission, the sending system must retransmit the frames that failed to get to the receiving system in good shape. If a word processing document were transmitted as a single massive frame, the sending system would have to retransmit the entire

frame—in this case, the entire document. Breaking the file up into smaller frames enables the sending computer to retransmit only the damaged frames. Because of these benefits—shared access and more efficient retrans- mission—all networking technolo- gies use frames, and Ethernet is no exception to that rule.

In Chapter 2, you saw a generic frame. Let’s take what you know of frames and expand on that knowl- edge by inspecting the details of an Ethernet frame. A basic Ether- net frame contains seven pieces of information: the preamble, the MAC address of the frame’s recipient, the MAC address of the sending system, the type of the data, the data itself, a pad (if needed), and a frame check sequence, generically called a cyclic redundancy check (CRC). Figure 4.2 shows these components.

Preamble All Ethernet frames begin with a preamble, a 64-bit series of alternating ones and zeroes that ends with 11. The preamble gives a receiving NIC time to realize a frame is coming and to know exactly where the frame starts. The preamble is added by the sending NIC.

MAC Addresses Each NIC, more commonly called a node, on an Ethernet network must have a unique identifying address. Ethernet identifies the NICs on a network using special 48-bit (6-byte) binary addresses known as MAC addresses.

MAC addresses give each NIC a unique address. When a computer sends out a data frame, it goes into the hub that repeats an exact copy of that frame to every connected port, as shown in Figure 4.3. All the other computers on the network listen to the wire and examine the frame to see if it contains their MAC address. If it does not, they ignore the frame. If a machine sees a frame with its MAC address, it opens the frame and begins processing the data.

The terms frame and packet are often used interchangeably, especially on exams! This book uses the terms more strictly. You’ll recall from Chapter 2 that frames are based on MAC addresses; packets are generally associated with data assembled by the IP protocol at Layer 3 of the OSI seven-layer model.

BaseTech

Chapter 4: Ethernet Basics 69

it (Figure 4.1). Repeaters are not amplifiers! They read the incoming signal and send new copies of that signal out to every connected port on the hub.

Test Specific

Organizing the Data: ■■ Ethernet Frames

All network technologies break data transmitted between computers into smaller pieces called frames, as you’ll recall from Chapter 2. Using frames addresses two networking issues. First, frames prevent any single machine from monopolizing the shared bus cable. Second, they make the process of retransmitting lost data more efficient.

The process you saw in Chapter 2 of transferring a word processing document between two computers illustrates these two issues. First, if the sending computer sends the document as a single huge frame, the frame will monopolize the cable and prevent other machines from using the cable until the entire file gets to the receiving system. Using relatively small frames enables computers to share the cable easily—each computer listens on the segment, sending a few frames of data whenever it detects that no other computer is transmitting. Second, in the real world, bad things can happen to good data. When errors occur during transmission, the sending system must retransmit the frames that failed to get to the receiving system in good shape. If a word processing document were transmitted as a single massive frame, the sending system would have to retransmit the entire

The CompTIA Network+ exam might describe MAC addresses as 48-bit binary addresses or 6-byte binary addresses.

Figure 4.2 • Ethernet frame

frame—in this case, the entire document. Breaking the file up into smaller frames enables the sending computer to retransmit only the damaged frames. Because of these benefits—shared access and more efficient retrans- mission—all networking technolo- gies use frames, and Ethernet is no exception to that rule.

In Chapter 2, you saw a generic frame. Let’s take what you know of frames and expand on that knowl- edge by inspecting the details of an Ethernet frame. A basic Ether- net frame contains seven pieces of information: the preamble, the MAC address of the frame’s recipient, the MAC address of the sending system, the type of the data, the data itself, a pad (if needed), and a frame check sequence, generically called a cyclic redundancy check (CRC). Figure 4.2 shows these components.

Preamble All Ethernet frames begin with a preamble, a 64-bit series of alternating ones and zeroes that ends with 11. The preamble gives a receiving NIC time to realize a frame is coming and to know exactly where the frame starts. The preamble is added by the sending NIC.

MAC Addresses Each NIC, more commonly called a node, on an Ethernet network must have a unique identifying address. Ethernet identifies the NICs on a network using special 48-bit (6-byte) binary addresses known as MAC addresses.

MAC addresses give each NIC a unique address. When a computer sends out a data frame, it goes into the hub that repeats an exact copy of that frame to every connected port, as shown in Figure 4.3. All the other computers on the network listen to the wire and examine the frame to see if it contains their MAC address. If it does not, they ignore the frame. If a machine sees a frame with its MAC address, it opens the frame and begins processing the data.

Cross Check NICs and OSI

You learned about NICs and MAC addresses in Chapter 2, so check your memory with these questions. Where does the NIC get its MAC address? How does the MAC address manifest on the card? At what layer or layers of the OSI seven-layer model does the NIC operate?

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 70

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

Figure 4.3 • Frames propagating on a network

This system of allowing each machine to decide which frames it will process may be efficient, but because any device connected to the network cable can potentially capture any data frame transmitted across the wire, Ethernet networks carry a significant security vulnerability. Network diag- nostic programs, commonly called sniffers, can order a NIC to run in pro- miscuous mode. When running in promiscuous mode, the NIC processes all the frames it sees on the cable, regardless of their MAC addresses. Sniffers are valuable troubleshooting tools in the right hands, but Ethernet provides no protections against their unscrupulous use.

Type An Ethernet frame may carry one of several types of data. The Type field helps the receiving computer interpret the frame contents at a very basic level. This way the receiving computer can tell if the frame contains IPv4 data, for example, or IPv6 data. (See Chapter 7 for more details on IPv4; I cover IPv6 in Chapter 13.)

The Type field does not tell you if the frame carries higher-level data, such as an e-mail message or Web page. You have to dig deeper into the data section of the frame to find that information.

Data The data part of the frame contains whatever payload the frame carries. If the frame carries an IP packet, that packet will include extra information, such as the IP addresses of both systems, sequencing numbers, and other information.

Pad The minimum Ethernet frame is 64 bytes in size, but not all of that has to be actual data. If an Ethernet frame has fewer than 64 bytes of data to haul, the

There are many situations in which one computer might have two or more NICs, so one physical system might represent more than one node.

BaseTech

Chapter 4: Ethernet Basics 71

sending NIC will automatically add extra data—a pad—to bring the data up to the minimum 64 bytes.

Frame Check Sequence The frame check sequence (FCS)—Ethernet’s term for the cyclic redundancy check—enables Ethernet nodes to recognize when bad things happen to good data. Machines on a network must be able to detect when data has been damaged in transit. To detect errors, the computers on an Ethernet network attach a special code to each frame. When creating an Ethernet frame, the sending machine runs the data through a special mathematical formula and attaches the result, the frame check sequence, to the frame. The receiving machine opens the frame, performs the same calculation, and compares its answer with the one included with the frame. If the answers do not match, the receiving machine asks the sending machine to retrans- mit that frame.

At this point, those crafty network engineers have solved two of the problems facing them: they’ve created frames to organize the data to be sent and put in place MAC addresses to identify machines on the network. But the challenge of determining which machine should send data at which time requires another solution: CSMA/CD.

CSMA/CD Ethernet networks use a system called carrier sense multiple access/collision detection (CSMA/CD) to determine which computer should use a shared cable at a given moment. Carrier sense means that each node using the net- work examines the cable before sending a data frame (Figure 4.4). If another machine is using the network, the node detects traffic on the segment, waits a few milliseconds, and then rechecks. If it detects no traffic—the more common term is to say the cable is “free”—the node sends out its frame.

Multiple access means that all machines have equal access to the wire. If the line is free, any Ethernet node may begin sending a frame. From Ethernet’s point of view, it doesn’t matter what function the node is performing: it could be a desktop system running Windows XP or a high-end file server running Windows Server 2008 or Linux. As far as Ethernet is concerned, a node is a node is a node and access to the cable is assigned strictly on a first-come, first-served basis.

CSMA/CD is a network access method that maps to the IEEE 802.3 standard for Ethernet networks.

Figure 4.4 • No one else is talking—send the frame!

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 72

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

So what happens if two machines, both listening to the cable, simultane- ously decide that it is free and try to send a frame? A collision occurs, and

both of the transmissions are lost (Figure 4.5). A collision resembles the effect of two people talking at the same time: the listener hears a mixture of two voices and can’t understand either one.

It’s easy for NICs to notice a col- lision. When two NICs send at the same time, the hub sends out the overlapping signals, and the NICs immediately know that a collision has occurred. When they detect a collision, both nodes immediately stop transmitting.

They then each generate a ran- dom number to determine how long to wait before trying again. If

you imagine that each machine rolls its magic electronic dice and waits for that number of seconds, you wouldn’t be too far from the truth, except that the amount of time an Ethernet node waits to retransmit is much shorter than one second (Figure 4.6). Whichever node generates the lowest random number begins its retransmission first, winning the competition to use the wire. The losing node then sees traffic on the wire and waits for the wire to be free again before attempting to retransmit its data.

Collisions are a normal part of the operation of an Ethernet network. Every Ethernet network wastes some amount of its available bandwidth dealing with these collisions. A properly running average Ethernet network has a maximum of 10 percent collisions. For every 20 frames sent, approxi- mately 2 frames will collide and require a resend. Collision rates greater than 10 percent often point to damaged NICs or out-of-control software.

In an Ethernet network, a collision domain is a group of nodes that have the capability of sending frames at the same time as each other, resulting in collisions. A segment is certainly a collision domain, but there are ways to

Figure 4.5 • Collision!

Figure 4.6 • Rolling for timing

BaseTech

Chapter 4: Ethernet Basics 73

connect segments to create larger collision domains. If the collision domain gets too large, you’ll start running into traffic problems that manifest as general network sluggishness. That’s one of the reasons to break up net- works into smaller groupings.

Early Ethernet Networks■■ Now we have the answers to many of the questions that faced those early Ethernet designers. MAC addresses identify each machine on the network. CSMA/CD determines when each machine should have access to the cable. But all this remains in the realm of theory—you still need to build the thing! Contemplating the physical network brings up numerous questions. What kind of cables should you use? What should they be made of? How long can they be? For these answers, turn to the IEEE 802.3 standard and two early implementations of Ethernet: 10BaseT and 10BaseFL.

10BaseT In 1990, the IEEE 802.3 committee created a new version of Ethernet called 10BaseT to modernize the first generations of Ethernet. Very quickly 10BaseT became the most popular network technology in the world, replacing com- peting and now long-gone competitors with names like Token Ring and AppleTalk. Over 99 percent of all networks use 10BaseT or one of its faster, newer, but very similar versions. The classic 10BaseT network consists of two or more computers connected to a central hub. The NICs connect with wires as specified by the 802.3 committee.

10BaseT hubs come in a variety of shapes and sizes to support different sizes of networks. The biggest differentiator between hubs is the number of ports (connections) that a single hub provides. A small hub might have only 4 ports, whereas a hub for a large network might have 48 ports. As you can imagine, the more ports on a hub, the more expensive the hub. Figure 4.7 shows two hubs. On the top is a small, 8-port hub for small offices or the home. It rests on a 12-port rack-mount hub for larger networks. Figure 4.7 • Two 10BaseT hubs

Cross Check Physical vs. Logical

You might be tempted at this moment to define 10BaseT in terms of physical topology versus logical topology—after all, 10BaseT uses a physical star, but a logical bus. Refer to Chapter 3, however, and cross-check your memory. What’s a physical topology? And a logical topology? What would you say if you walked into an office building that implemented a 10BaseT network? Yes, if you actually walked into it, you’d probably say “Ouch!” But beyond that, think about how you would describe the wires and connectors you would see in terms of physical or logical topology.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 74

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

Regardless of size, all 10BaseT hubs need electrical power. Larger hubs will take power directly from a power outlet, whereas smaller hubs often come with an AC adapter. In either case, if the hub loses power, the entire segment will stop working.

The name 10BaseT follows roughly the same naming convention used for earlier Ethernet cabling systems. The number 10 refers to the speed: 10 Mbps. The word Base refers to the signaling type: baseband. (Baseband means that the cable only carries one type of signal. Contrast this with broadband—as in cable television—where the cable carries multiple signals or channels.) The letter T refers to the type of cable used: twisted-pair.

UTP Officially, 10BaseT requires the use of CAT 3 (or higher), two-pair, unshielded twisted-pair (UTP) cable. One pair of wires sends data to the hub while the other pair receives data from the hub. Even though 10BaseT only requires two-pair cabling, everyone installs four-pair cabling to connect devices to the hub as insurance against the possible requirements of newer types of networking (Figure 4.8). Most UTP cables come with stranded Kevlar fibers to give the cable added strength, which, in turn, enables installers to pull on the cable without excessive risk of literally ripping it apart.

Figure 4.8 • A typical four-pair CAT 5e unshielded twisted-pair cable

10BaseT also introduced the networking world to the RJ-45 connector (Figure 4.9). Each pin on the RJ-45 connects to a single wire inside the cable; this enables devices to put voltage on the individual wires within the cable. The pins on the RJ-45 are numbered from 1 to 8, as shown in Figure 4.10.

If you ever run into a situation on a 10BaseT or later network in which none of the computers can get on the network, always check the hub first!

The names of two earlier physical bus versions of Ethernet, 10Base5 and 10Base2, gave the maximum length of the bus. 10Base5 networks could be up to 500 meters long, for example, whereas 10Base2 could be almost 200 meters (though in practice, they topped out at 185 meters).

Cross Check Check Your CATs!

You’ve already seen CAT levels in Chapter 3, so check your memory and review the different speeds of the various CAT levels. Could 10BaseT use CAT 2? Could it use CAT 6? What types of devices can use CAT 1?

BaseTech

Chapter 4: Ethernet Basics 75

The 10BaseT standard designates some of these numbered wires for specific purposes. As mentioned earlier, although the cable has four pairs, 10BaseT uses only two of the pairs. 10BaseT devices use pins 1 and 2 to send data, and pins 3 and 6 to receive data. Even though one pair of wires sends data and another receives data, a 10BaseT device connected to a hub cannot send and receive simultaneously. The rules of CSMA/CD still apply: only one device can use the segment contained in the hub without causing a collision.

NICs that can communicate in only one direction at a time run in half-duplex mode. Later advances (as you’ll see shortly) enabled NICs to send and receive at the same time, thus running in full-duplex mode.

An RJ-45 connector is usually called a crimp, and the act (some folks call it an art) of installing a crimp onto the end of a piece of UTP cable is called crimping. The tool used to secure a crimp onto the end of a cable is a crimper. Each wire inside a UTP cable must connect to the proper pin inside the crimp. Manufacturers color- code each wire within a piece of four-pair UTP to assist in properly matching the ends. Each pair of wires consists of a solid-colored wire and a striped wire: blue/blue-white, orange/orange-white, brown/brown-white, and green/ green-white (Figure 4.11).

The Telecommunications Industry Association/ Electronics Industries Alliance (TIA/EIA) defines the industry standard for correct crimping of four-pair UTP for 10BaseT networks. Two standards currently exist: TIA/EIA 568A and TIA/EIA 568B. Figure 4.12 shows the TIA/EIA 568A and TIA/EIA 568B color-code standards. Note that the wire pairs used by 10BaseT (1 and 2, 3 and 6) come from the same color pairs (green/green-white and orange/ orange-white). Following an established color-code scheme, such as TIA/EIA 568A, ensures that the wires match up correctly at each end of the cable.

Figure 4.11 • Color-coded pairs

Figure 4.10 • The pins on an RJ-45 connector are numbered 1 through 8.

The real name for RJ-45 is “8 Position 8 Contact (8P8C) modular plug.” The name RJ-45 is so dominant, however, that nobody but the nerdiest of nerds calls it by its real name. Stick to RJ-45.

TIA/EIA 568C, the newest standard, includes the same wiring standards as TIA/EIA 568A and TIA/EIA 568B. It’s all just wrapped up in a new name.

Figure 4.9 • Two views of an RJ-45 connector

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 76

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

The ability to make your own Ethernet cables is a real plus for a net- work tech. With a reel of CAT 5e, a bag of RJ-45 connectors, a moderate investment in a crimping tool, and a little practice, you can kiss those mass- produced cables goodbye! You can make cables to your own length speci- fications, replace broken RJ-45 connectors that would otherwise mean toss- ing an entire cable—and, in the process, save your company or clients time and money.

10BaseT Limits and Specifications Like any other Ethernet cabling system, 10BaseT has limitations, both on cable distance and on the number of computers. The key distance limitation for 10BaseT is the distance between the hub and the computer. The twisted- pair cable connecting a computer to the hub may not exceed 100 meters in length. A 10BaseT hub can connect no more than 1024 computers, although that limitation rarely comes into play. It makes no sense for vendors to build hubs that large—or more to the point, that expensive—because excessive collisions can easily bog down Ethernet performance with far fewer than 1024 computers.

10BaseT Summary

Speed ■ 10 Mbps

Signal type ■ Baseband

Distance ■ 100 meters between the hub and the node

Node limit ■ No more than 1024 nodes per hub

Topology ■ Star-bus topology: physical star, logical bus

Cable type ■ CAT 3 or better UTP cabling with RJ-45 connectors

10BaseFL Just a few years after the introduction of 10BaseT, a fiber-optic version, called 10BaseFL, appeared. As you know from the previous chapter, fiber- optic cabling transmits data packets using pulses of light instead of using electrical current. Using light instead of electricity addresses the three key

For the CompTIA Network+ exam, you won’t be tested on the TIA/EIA 568A or 568B color codes. Just know that they are industry-standard color codes for UTP cabling.

Tech Tip

568A and 568B An easy trick to remembering the difference between 568A and 568B is the word “GO.” The green and orange pairs are swapped between 568A and 568B, whereas the blue and brown pairs stay in the same place!

Figure 4.12 • The TIA/EIA 568A and 568B standards

BaseTech

Chapter 4: Ethernet Basics 77

weaknesses of copper cabling. First, optical signals can travel much farther. The maximum length for a 10BaseFL cable is up to 2 kilometers, depending on how you configure it. Second, fiber-optic cable is immune to electrical interference, making it an ideal choice for high-interference environments. Third, the cable is much more difficult to tap into, making it a good choice for environments with security concerns. 10BaseFL uses multimode fiber- optic and employs either an SC or an ST connector.

Figure 4.13 shows a typical 10BaseFL card. Note that it uses two fiber connectors—one to send and one to receive. All fiber-optic networks use at least two fiber-optic cables. Although 10BaseFL enjoyed some popularity for a number of years, most networks today are using the same fiber-optic cabling to run far faster network technologies.

10BaseFL Summary

Speed ■ 10 Mbps

Signal type ■ Baseband

Distance ■ 2000 meters between the hub and the node

Node limit ■ No more than 1024 nodes per hub

Topology ■ Star-bus topology: physical star, logical bus

Cable type ■ Multimode fiber-optic cabling with ST or SC connectors

So far you’ve seen two different flavors of Ethernet, 10BaseT and 10BaseFL. Even though these use different cabling and hubs, the actual packets are still Ethernet frames. As a result, interconnecting flavors of Ethernet is common. Because 10BaseT and 10BaseFL use different types of cable, you can use a media converter (Figure 4.14) to interconnect different Ethernet types.

10BaseFL is often simply called “10BaseF.”

Figure 4.13 • Typical 10BaseFL card Figure 4.14 • Typical copper-to-fiber Ethernet media converter (photo courtesy of TRENDnet)

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 78

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

Extending and Enhancing ■■ Ethernet Networks

Once you have an Ethernet network in place, you can extend or enhance that network in several ways. You can install additional hubs to connect multiple local area networks, for example. A network bridge can connect two Ethernet segments, effectively doubling the size of a collision domain. You can also replace the hubs with better devices to reduce collisions.

Connecting Ethernet Segments Sometimes, one hub is just not enough. Once an organization uses every port on its existing hub, adding more nodes requires adding hubs or a device called a bridge. Even fault tolerance can motivate an organization to add more hubs. If every node on the network connects to the same hub, that hub becomes a single point of failure—if it fails, everybody drops off the network. You can connect hubs in two ways: via an uplink port or a cross- over cable. You can also connect Ethernet segments using a bridge.

Uplink Ports Uplink ports enable you to connect two hubs using a straight-through cable. They’re always clearly marked on the hub, as shown in Figure 4.15. To con- nect two hubs, insert one end of a cable to the uplink and the other cable to any one of the regular ports. To connect more than two hubs, you must daisy-chain your hubs by using one uplink port and one regular port. Fig- ure 4.16 shows properly daisy-chained hubs. As a rule, you cannot daisy- chain more than four hubs together.

You also cannot use a sin- gle central hub and connect multiple hubs to that single hub, as shown in Figure 4.17. It simply won’t work.

Figure 4.15 • Typical uplink port

Figure 4.16 • Daisy-chained hubs

Figure 4.17 • A hierarchical hub configuration will not work!

BaseTech

Chapter 4: Ethernet Basics 79

Working with uplink ports is sometimes tricky, so you need to take your time. Messing up and using a central hub is easy. Hub makers give their uplink ports many different names, such as crossover, MDI-X, and OUT. There are also tricks to using uplink ports. Refer to Fig- ure 4.15 again. See the line connecting the uplink port and the port labeled 2X? You may use only one of those two ports, not both at the same time. Additionally, some hubs place a button for one of the ports; you press this button to make it either a regular port or an uplink port (Figure 4.18). Pressing the button electronically reverses the wires inside the hub.

When connecting hubs, remember the following:

You can only daisy-chain hubs. ■

Take time to figure out the uplink ports. ■

If you plug hubs in incorrectly, no damage will occur—they just ■ won’t work.

Crossover Cables Hubs can also connect to each other via special twisted-pair cables called crossover cables. A standard cable cannot be used to connect two hubs without using an uplink port because both hubs will attempt to send data on the second pair of wires (3 and 6) and will listen for data on the first pair (1 and 2). A crossover cable reverses the sending and receiving pairs on one end of the cable. One end of the cable is wired according to the TIA/EIA 568A standard, whereas the other end is wired according to the TIA/EIA 568B standard (Figure 4.19). With the sending and receiving pairs reversed, the hubs can hear each other; hence the need for two standards for connecting RJ-45 jacks to UTP cables.

A crossover cable connects to a regular port on each hub. Keep in mind that you can still daisy-chain even when you use crossover cables. Interest- ingly, many hubs, especially higher-end hubs, do not come with any uplink ports at all. In these cases, your only option is to use a crossover cable.

Figure 4.18 • Press-button port

Two terms you might see on hubs and switches and, consequently, on the exam: MDI and MDIX (or MDI-X). A media dependent interface (MDI) is a regular port on a hub or switch. A media dependent interface crossover (MDIX) is an uplink port.

Figure 4.19 • A crossover cable reverses the sending and receiving pairs.

Try This! Examine Your Uplink Ports

Although most hubs come with uplink ports, they all seem to have dif- ferent ways to use them. Some hubs have dedicated uplink ports, and some have uplink ports that convert to regular ports at the press of a button. Take a look at some hubs and try to figure out how you would use an uplink port to connect it to another hub.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 80

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

In a pinch, you can use a crossover cable to connect two computers together using 10BaseT NICs with no hub between them at all. This is handy for quickie connections, such as for a nice little home network or when you absolutely, positively must chase down a friend in a computer game!

Be careful about confusing crossover cables with uplink ports. First, never connect two hubs by their uplink ports with a straight-through cable. Take a straight-through cable; connect one end to the uplink port on one hub and the other end to any regular port on the other hub. Second, if you use a crossover cable, just plug each end into any handy regular port on each hub.

Bridges The popularity and rapid implementation of Ethernet networks demanded solutions or workarounds for the limitations inherent in the technology. An Ethernet segment could only be so long and connect a certain number of computers. What if your network went beyond those limitations?

A bridge acts like a repeater or hub to connect two Ethernet segments, but it goes one step beyond—filtering and forwarding traffic between those segments based on the MAC addresses of the computers on those segments. This preserves precious bandwidth and makes a larger Ethernet network possible. To filter traffic means to stop it from crossing from one network to the next; to forward traffic means to pass traffic originating on one side of the bridge to the other.

A newly installed Ethernet bridge initially behaves exactly like a repeater, passing frames from one segment to another. Unlike a repeater, however, a bridge monitors and records the network traffic, eventually reaching a point where it can begin to filter and forward. This capability makes the bridge more “intelligent” than a repeater. A new bridge usually requires only a few seconds to gather enough information to start filtering and forwarding.

Although bridges offer a good solution for connecting two segments and reducing bandwidth usage, these days you’ll mainly find bridges used in wireless, rather than wired, networks. (I cover those kinds of bridges in Chapter 15.) Most networks have now turned to a different magic box—a switch—to extend and enhance an Ethernet network.

Switched Ethernet As any fighter pilot will tell you, sometimes you just feel the need—the need for speed. While plain-vanilla 10BaseT Ethernet performed well enough for first-generation networks (which did little more than basic file and print sharing), by the early 1990s networks used more-demanding applications, such as Lotus Notes, SAP business management software, and Microsoft Exchange, which quickly saturated a 10BaseT network. Fortunately, those crazy kids over at the IEEE kept expanding the standard, giving the net- work tech in the trenches a new tool that provided additional bandwidth— the switch.

The Trouble with Hubs A classic 10BaseT network with a hub can only have one message on the wire at any time. When two computers send at the same time, the hub dutifully

Because bridges work with MAC addresses, they operate at Layer 2, the Data Link layer, of the OSI networking model. They function in the Link/Network Interface layer of the TCP/IP model.

SAP originally stood for Systems Applications and Products when the company formed in the early 1970s. Like IBM, SAP is now just referred to by the letters.

Tech Tip

Crossing Crossovers If you mess up your crossover connections, you won’t cause any damage, but the connection will not work. Think about it. If you take a straight-through cable (that is, not a crossover cable) and try to connect two PCs directly, it won’t work. Both PCs will try to use the same send and receive wires. When you plug the two PCs into a hub, the hub electronically crosses the data wires, so one NIC sends and the other can receive. If you plug a second hub to the first hub using regular ports, you essentially cross the cross and create a straight connection again between the two PCs! That won’t work. Luckily, nothing gets hurt—except your reputation if one of your colleagues notes your mistake!

BaseTech

Chapter 4: Ethernet Basics 81

repeats both signals. The nodes recognize the collision and, following the rules of CSMA/CD, attempt to resend. Add in enough computers and the number of collisions increases, lowering the effective transmission speed for the whole network. A busy network becomes a slow network because all the computers share the same collision domain.

Switches to the Rescue An Ethernet switch looks like a hub, because all nodes plug into it (Fig- ure 4.20). But switches don’t function like hubs inside. Switches come with extra smarts that enable them to take advantage of MAC addresses, effec- tively creating point-to-point connections between two conversing comput- ers. This gives every conversation between two computers the full band- width of the network.

To see a switch in action, check out Figure 4.21. When you first turn on a switch, it acts exactly as though it were a hub, passing all incoming frames

Figure 4.20 • Hub (top) and switch (bottom) comparison

One classic difference between a hub and a switch is in the repeating of frames during normal use. Although it’s true that switches initially forward all frames, they filter by MAC address in regular use. Hubs never learn and always forward all frames.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 82

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

right back out to all the other ports. As it forwards all frames, however, the switch copies the source MAC addresses and quickly creates an electronic table of the MAC addresses of each connected computer. The table is called a Source Address Table (SAT).

As soon as this table is created, the switch begins to do something amazing. When a computer sends a frame into the switch destined for another computer on the same switch, the switch acts like a telephone operator, creating an on-the-fly connection between the two devices. While these two devices communicate, it’s as though they are the only two computers on the network. Figure 4.22 shows this in action. Because the switch handles each conversation individually, each conversation runs at 10 Mbps.

Each port on a switch is in its own collision domain, plus the switch can buffer incoming frames. That means that two nodes connected to the switch can send data at the same time and the switch will handle it without any collision.

With half-duplex switches, collisions can occur and the rules of CSMA/ CD apply. These collisions can only happen between the switch and a node, not between two nodes, if the switch tries to send a frame to a node at the same time as the node tries to send a frame to the switch.

Network developers eventually figured out how to make switches and NICs run in full-duplex mode, so they could send and receive data at the same time. With full-duplex Ethernet, CSMA/CD is disabled and no collisions can occur. Each node will always get the full bandwidth of the network.

With full-duplex switched Ethernet, you can ignore the old rules about daisy-chaining that applied to hubs. Feel free to connect your switches pretty much any way you wish (Figure 4.23).

Figure 4.22 • A switch making two separate connections

Because a switch filters traffic on MAC addresses (and MAC addresses run at Layer 2 of the OSI seven-layer model), they are sometimes called Layer 2 switches.

BaseTech

Chapter 4: Ethernet Basics 83

Figure 4.23 • Switches are very commonly connected in a tree organization.

Unicast messages always go only to the intended recipient when you use a switch. The switch will send all broadcast messages to all the ports. You’ll commonly hear a switched network called a broadcast domain to con- trast it to a hub-based network with its collision domain.

Spanning Tree Protocol Because you can connect switches together in any fashion, you can create redundant connections in a network. These are called bridge loops (Fig- ure 4.24).

Figure 4.24 • A bridge loop

In the early days of switches, making a bridge loop in a network setup would bring the network crashing down. A frame could get caught in the loop, so to speak, and not reach its destination.

The Ethernet standards body adopted the Spanning Tree Protocol (STP) to eliminate the problem of accidental bridge loops. Switches with STP enabled can detect loops, communicate with other switches, and set the looped port’s state to blocking.

STP-enabled switches use a frame called a Bridge Protocol Data Unit (BPDU) to communicate with each other to determine things like the dis- tances between them and to keep track of changes on the network.

The CompTIA Network+ exam refers to bridge loops as switching loops. The terms mean the same thing, but bridge loop is more common. Be prepared for either term on the exam.

Switches today all have STP enabled and network designers create bridge loops in their networks to provide fault tolerance. Ports set as blocking still listen to the traffic on the network. If a link fails, the blocking port can become a forwarding port, thus enabling traffic to flow properly.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 84

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

Troubleshooting Hubs and Switches The hubs and simple switches described in this chapter generally function flawlessly for years without any need for a tech to do more than wipe dust off the top. Very occasionally you’ll run into a hub or switch that has prob- lems. These problems fall into three categories:

Obvious physical damage ■

Dead ports ■

General flakiness ■

Diagnosing any of these problems follows a similar pattern. First, you’ll recognize that a hub or switch might have problems because you’ve plugged a device in and the device can’t connect to the network. Second, you should examine the switch for obvious damage. Third, look for link lights. If they’re not flashing, try a different port. Fourth, don’t forget to look at your cables. If anything looks bent, broken, or stepped on, you should replace it. A bad cable or improper cable type can lead to problems that point to a “failed” hub or switch when the true culprit is really the cable. Finally, use the tried and true method of replacing the hub or switch or the cable with a known good device.

When we get to modern higher-end switches in Chapter 12, you’ll need to follow other procedures to do proper diagnostic work. We’ll get there soon enough!

BaseTech

85 Chapter 4: Ethernet Basics

Chapter 4 Review■■

Chapter Summary ■ After reading this chapter and completing the exercises, you should understand the following about Ethernet.

Define and describe Ethernet

Ethernet is based on a family of network ■ technologies from a bus topology. Ethernet enables computers to send data across a network, identify sending and receiving computers, and determine which computer should use the cable at which time. Early Ethernet networks originally used a single coax cable as a physical bus.

The IEEE 802.3 committee controls the Ethernet ■ standard.

Ethernet networks use a hybrid star-bus topology ■ with a hub at the center. Hubs repeat the incoming signal to every connected port.

Ethernet frames prevent any single computer ■ from monopolizing the cable while making the retransmission of lost data efficient.

Ethernet frames contain seven basic parts: the ■ preamble, the MAC address of the destination computer, the MAC address of the sender, the type of data, the data itself, a pad, and a frame check sequence.

CSMA/CD stands for carrier sense multiple ■ access/collision detection. Carrier sense means that the node checks the network cable before sending to see if anyone else is transmitting. Multiple access means all computers have equal access to the network cable. Collision detection is when nodes detect that a transmission did not complete.

Explain early Ethernet implementations

Modern Ethernet networks use 10BaseT cabling. ■

The physical topology of 10BaseT is a physical star; ■ however, the data uses a logical bus topology with a central hub. Therefore, 10BaseT actually uses a hybrid star-bus topology to accomplish moving data frames through the network.

10BaseT supports speeds up to 10 Mbps over ■ baseband.

10BaseT requires the use of CAT 3 or higher, two- ■ pair, unshielded twisted-pair cable. These cables utilize RJ-45 connectors, which are crimped to the cable.

Correct crimping follows either the TIA/EIA 568A ■ or the TIA/EIA 568B color-code standard.

A good network technician knows the limits and ■ specifications of 10BaseT, such as the maximum speed and distance, maximum nodes per hub, and supported cabling types.

10BaseFL is a fiber-optic version of 10BaseT that ■ uses multimode fiber-optic cable and SC or ST connectors. One major advantage of 10BaseFL is its increased maximum distance between hub and node.

Describe ways to extend and enhance Ethernet networks

Because hubs act as repeaters, hubs can be used ■ to connect multiple segments together. Most hubs also have a crossover port, sometimes labeled uplink, crossover, MDI-X, OUT, or other another creative name.

A crossover cable may be used to connect two hubs ■ without an uplink port.

A bridge filters and forwards traffic between ■ Ethernet segments based on the MAC addresses of the computers on those segments. A bridge monitors and records the network traffic, eventually forwarding only the traffic that needs to go from one side of the bridge to the other. This helps reduce network bandwidth usage.

Busy networks may suffer decreased bandwidth ■ when using hubs. A switch solves this problem by managing the connection, based on MAC addresses, between the sending and receiving nodes.

86 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

Switches break up collision domains. If full-duplex ■ is used, collisions are eliminated and CSMA/CD is disabled.

Connecting switches can lead to bridge loops, ■ which caused early switched networks trouble. Switches that support the Spanning Tree Protocol

are immune to bridge loops, even if wired in a physical loop.

Hubs and switches fail from physical abuse or ■ from electrical surges. Troubleshoot by checking link lights, trying different ports, or swapping out the hub, switch, or cable for a known-good replacement.

10BaseFL (76) 10BaseT (73) 802.3 (Ethernet) (67) bridge (80) bridge loop (83) broadcast domain (83) carrier sense multiple access/collision detection

(CSMA/CD) (71) collision domain (72) crimper (75) crossover cable (79) Ethernet (67) frame (68) frame check sequence (FCS) (71) full-duplex (75) half-duplex (75) hub (67) MAC addresses (69) media converter (77)

multimode (77) node (69) pad (71) port (73) preamble (69) promiscuous mode (70) repeater (67) RJ-45 connector (74) segment (68) Sneakernet (66) sniffer (70) Source Address Table (SAT) (82) Spanning Tree Protocol (STP) (83) straight-through (78) switch (81) TIA/EIA 568A (75) TIA/EIA 568B (75) uplink port (78)

Key Term Quiz ■

Use the Key Terms list to complete the sentences that follow. Not all terms will be used.

The _______________ is unique to each 1. individual NIC.

When extra “filler” data is needed in a packet, 2. a(n) _______________ is added.

A network connection that can send or receive, 3. but not send and receive, a signal is called a(n) _______________ connection.

A NIC that is listening for all packets sent along 4. the wire is said to be in _______________.

The first item in a data packet is the 5. _______________.

A hub acts as a(n) _______________ in 6. that it copies all incoming signals to every connected port.

Connecting switches incorrectly can create a(n) 7. _______________, which can make the whole network stop working.

Key Terms ■

BaseTech

87 Chapter 4: Ethernet Basics

Multiple-Choice Quiz ■ How are the connectors wired on a crossover 1. cable?

One end is TIA/EIA 568A; the other end is A. TIA/EIA 568B.

Both ends are TIA/EIA 568A.B.

Both ends are TIA/EIA 568B.C.

One end is an RJ-45; the other end is D. an RG-6.

What items make up the CSMA/CD system 2. used in Ethernet networks? (Select three.)

Collision avoidanceA.

Carrier senseB.

Multiple accessC.

Collision detectionD.

What happens when two computers transmit 3. through a hub simultaneously?

Nothing happens.A.

The terminators prevent any transmission B. problems.

Their signals are reflected back down the C. cable to their points of origin.

A collision occurs.D.

What is a group of nodes that can at any point 4. send messages at the same time, causing a collision?

Collision domainA.

EthernetB.

Fast EthernetC.

SneakernetD.

Which committee is responsible for Ethernet 5. standards?

IEEE 803.2A.

IEEE 803.3B.

IEEE 802.2C.

IEEE 802.3D.

What type of cabling did the first star-bus 6. topology Ethernet networks use?

10Base2A.

10Base5B.

10BaseTC.

10Base-Cat5D.

What is the purpose of a preamble in an Ethernet 7. frame?

It gives the receiving NIC time to realize A. a frame is coming and to know when the frame starts.

It provides the receiving NIC with B. the sending NIC’s MAC address so communication can continue.

It provides error-checking to ensure data C. integrity.

It contains a description of the data that is to D. follow so the receiving NIC knows how to reassemble it.

What valuable network tool can you use to 8. examine all frames on the network, regardless of their intended recipient?

RepeaterA.

Media converterB.

STPC.

SnifferD.

Hubs can be daisy-chained through 8. their _______________ or the use of a(n) _______________.

_______________ has a maximum distance 9. between node and hub of 100 meters, whereas

_______________ has a maximum distance of 2000 meters.

A(n) _______________ can be used to 10. interconnect different Ethernet types.

88 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 4

For what purpose is a crimping tool used?9.

To splice a 10BaseT cable with a 10BaseFL A. cable.

To attach an RJ-45 connector to a UTP cable.B.

To attach a 10BaseT cable to a media C. converter.

To connect two hubs together.D.

Which of the following is not a limitation on 10. 10BaseT cable?

Maximum speed of 10 MbpsA.

Maximum distance between hub and node of B. 100 feet

Maximum of 1024 nodes per hubC.

Minimum CAT 3 or better UTP with RJ-45 D. connectors

Which of the following is not a limitation on 11. 10BaseFL cable?

Maximum speed of 10 MbpsA.

Maximum distance between hub and node of B. 2000 meters

Maximum of 1024 nodes per hubC.

Minimum CAT 3 or better UTP with RJ-45 D. connectors

Upon looking at the front of a hub, you notice 12. something labeled as MDI-X. What is this for?

It is a special receptacle for the power cable.A.

It is a regular port used to connect B. computers.

It is an uplink port used to connect the hub C. to another hub.

It is the brand name of the hub.D.

In a full-duplex switched network, when can 13. collisions occur?

A collision will occur when two nodes A. connected to the switch send frames at the same time.

A collision will occur when a node tries B. to send to the switch at the same time the switch tries to send to the node.

A collision will occur when two nodes send C. broadcast frames at the same time.

A collision will never occur.D.

What feature of switches prevents the problem of 14. bridging loops?

STPA.

TCP/IPB.

IEEE 802.3C.

UTPD.

What feature of switches keeps track of which 15. MAC address goes to each port?

FCSA.

SATB.

STPC.

UTPD.

Essay Quiz ■ Describe two ways that using frames helps move 1. data along a network.

Define the term2. CSMA/CD, using simple descriptions to explain each of the three parts: CS, MA, and CD.

Describe what a hub does and some of its 3. limitations. Then explain how a switch works to overcome the problems of a hub.

BaseTech

89 Chapter 4: Ethernet Basics

Lab Project 4.2 •

In this chapter, you learned about the basic functionality of switches. Use the Internet to delve deeper and research the difference among a managed switch, an unmanaged switch, and a smart switch. Create a chart to compare their similarities and differences. In addition

to the differences in features and functionality, research and report on the pricing differences for similarly sized switches. For example, what is more expensive, a 24-port managed, unmanaged, or smart switch? What do you get for the extra money? Is it worth it?

Lab Project 4.1 •

Lab ProjectsLab Projects

On a blank sheet of paper, use one side to list the basic facts you must know about 10BaseT for the CompTIA Network+ certification exam. Use the other side to list the essential facts you must know about 10BaseFL. Double-check your work,

either by yourself or with a classmate, to ensure its accuracy. Save this sheet to use as a quick- reference study aid when you’re preparing to sit for your exam—it will help!

Lab Project 4.3 •

Use the Internet to research freeware or shareware programs that will “sniff” the data on your network. With your instructor’s permission, download a program that you find, and then

install it on your classroom lab network. Try to sniff data going to and from your machine, as well as other traffic. Have fun, and document your findings.

5 chapter

90

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5

Modern Ethernet

“To expect the unexpected shows a

thoroughly modern intellect.”

—Oscar Wilde

In this chapter, you will learn how to

Describe the varieties of ■■ 100-megabit Ethernet

Discuss copper- and fiber-based ■■ Gigabit Ethernet

Compare the competing varieties of ■■ 10 Gigabit Ethernet

Within a few years of its introduction, 10BaseT proved inadequate to meet the growing networking demand for speed. As with all things in the computing world, bandwidth is the key. Even with switching, the 10-Mbps

speed of 10BaseT, seemingly so fast when first developed, quickly found a market

clamoring for even faster speeds. This chapter looks at the improvements in

Ethernet since 10BaseT. You’ll read about 100-megabit standards and the several

standards in Gigabit Ethernet. The chapter wraps up with the newest speed

standards, 10 Gigabit Ethernet.

BaseTech

Chapter 5: Modern Ethernet 91

Test Specific

100-Megabit Ethernet■■ The quest to break 10-Mbps network speeds in Ethernet started in the early 1990s. By then, 10BaseT Ethernet had established itself as the most popu- lar networking technology (although other standards, such as IBM’s Token Ring, still had some market share). The goal was to create a new speed standard that made no changes to the actual Ethernet frames themselves. By doing this, the 802.3 committee ensured that different speeds of Ether- net could interconnect, assuming you had something that could handle the speed differences and a media converter if the connections were different.

100BaseT If you want to make a lot of money in the technology world, create a stan- dard and then get everyone else to buy into it. For that matter, you can even give the standard away and still make tons of cash if you have the inside line on making the hardware that supports the standard.

When it came time to come up with a new standard to replace 10BaseT, network hardware makers forwarded a large number of potential stan- dards, all focused on the prize of leading the new Ethernet standard. As a result, two twisted-pair Ethernet standards appeared, 100BaseT4 and 100BaseTX. 100BaseT4 used CAT 3 cable whereas 100BaseTX used CAT 5. By the late 1990s, 100BaseTX became the dominant 100-megabit Ethernet standard. 100BaseT4 disappeared from the market and today has been for- gotten. As a result, we almost never say 100BaseTX, simply choosing to use the term 100BaseT.

100BaseTX (100BaseT) Summary

Speed ■ 100 Mbps

Signal type ■ Baseband

Distance ■ 100 meters between the hub and the node

Node limit ■ No more than 1024 nodes per hub

Topology ■ Star-bus topology: physical star, logical bus

Cable type ■ CAT 5e or better UTP or STP cabling with RJ-45 connectors

100BaseT was at one time called Fast Ethernet. The term still sticks to the 100- Mbps standards—including 100BaseFX, which you’ll read about in an upcoming section—even though there are now much faster versions of Ethernet.

Cross Check Interconnecting Ethernet Networks

You learned about the devices used to connect different types of Ether- net networks—hubs and switches—in Chapter 3. Check your memory now. What’s the difference between the two devices? Which would you prefer for connections and why?

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 92

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5

Upgrading a 10BaseT network to 100BaseT is not a small process. First, you need to make sure you have CAT 5 cable or better. This part isn’t a big deal because almost all network cables installed in the past decade are at least CAT 5. Second, you must replace all the old 10BaseT NICs with 100BaseT NICs. Third, you need to replace the 10BaseT hub or switch with a 100BaseT hub or switch. Making this upgrade cost a lot in the early days of 100BaseT, so people clamored for a way to make the upgrade a little easier. This was accomplished via multispeed, auto-sensing NICs and hubs/switches.

Figure 5.1 shows a typical multispeed, auto-sensing 100BaseT NIC from the late 1990s. When this NIC first con- nects to a network, it starts to negotiate automatically with the hub or switch to determine the other device’s highest speed. If they both do 100BaseT, then you get 100BaseT. If the hub or switch only does 10BaseT, then the NIC does 10BaseT. All of this happens automatically (Figure 5.2).

Distinguishing a 10BaseT NIC from a 100BaseT NIC without close inspection is impossible. Look for something on the card to tell you its speed. Some NICs may have extra link lights to show the speed (see Chapter 6 for the scoop on link lights). Of course, you can always simply install the card, as shown in Figure 5.3, and see what the operating sys- tem says it sees!

Figure 5.2 • Auto-negotiation in action

Figure 5.3 • Typical 100BaseT NIC in Windows Vista

Tech Tip

Lingo If you want to sound like a proper tech, you need to use the right words. Techs don’t actually say, “multispeed, auto-sensing,” but rather “10/100.” As in, “Hey, is that a 10/100 NIC you got there?” Now you’re talking the talk!

You’ll also have trouble finding a true 10BaseT or 100BaseT NIC because multispeed NICs have been around long enough to have replaced any single-speed NIC. All modern NICs are multispeed and auto-sensing.

Figure 5.1 • Typical 100BaseT NIC

BaseTech

Chapter 5: Modern Ethernet 93

100BaseFX Most Ethernet networks use UTP cabling, but quite a few use fiber-based networks instead. In some networks, using fiber simply makes more sense.

UTP cabling cannot meet the needs of every organization for three key reasons. First, the 100-meter distance limitation of UTP-based networks is inadequate for networks covering large buildings or campuses. Second, UTP’s lack of electrical shielding makes it a poor choice for networks func- tioning in locations with high levels of electrical interference. Finally, the Maxwell Smarts and James Bonds of the world find UTP cabling (and cop- per cabling in general) easy to tap, making it an inappropriate choice for high-security environments. To address these issues, the IEEE 802.3 stan- dard provides for a flavor of 100-megabit Ethernet using fiber-optic cable, called 100BaseFX.

The 100BaseFX standard saw quite a bit of interest for years, as it com- bined the high speed of 100-megabit Ethernet with the reliability of fiber optics. Outwardly, 100BaseFX looks exactly like 10BaseFL. Both use the same multimode fiber-optic cabling, and both use SC or ST connectors. 100BaseFX offers improved data speeds over 10BaseFL and equally long cable runs, supporting a maximum cable length of two kilometers.

100BaseFX Summary

Speed ■ 100 Mbps

Signal type ■ Baseband

Distance ■ Two kilometers between the hub and the node

Node limit ■ No more than 1024 nodes per hub

Topology ■ Star-bus topology: physical star, logical bus

Cable type ■ Multimode fiber-optic cabling with ST or SC connectors

Full-Duplex Ethernet Early 100BaseT NICs, just like 10BaseT NICs, could send and receive data, but not at the same time—a feature called half-duplex (Figure 5.4). The IEEE addressed this characteristic shortly after adopting 100BaseT as a standard.

Just as the old 10BaseFL was often called 10BaseF, 100BaseFX is sometimes called simply 100BaseF.

Tech Tip

Shielded Twisted Pair Installing networks in areas of high electrical interference used to require the use of shielded twisted-pair (STP) cabling rather than UTP. Even though you can still get STP cabling, its use is rare today. Most installations use fiber-optic cable in situations where UTP won’t cut it. The exception to this rule is with relatively short cable runs through high-noise areas, like in a workshop. Swapping out a UTP cable with an STP cable is simpler and much less expensive than running fiber and changing NICs as well.

Try This! Hub Search

At this point, you’ve seen various implementations of Ethernet, from 10BaseT (which you read about in Chapter 4) to 100BaseTX and 100BaseFX. If you planned a network today, what kind of equipment could you buy? Don’t look at me for the answer—instead, try this!

Go to your local computer store with pen and paper ready, and jot down the variations you find. Does the store carry any hubs? What about a hub that supports both fiber and UTP, so you can connect 100BaseFX and 100BaseTX networks? Finally, how much do these things cost?

The Fiber Distributed Data Interface (FDDI) flourished on college campuses during the 1990s because it could cover long distances and transfer data at the (then) blazing speed of 100 Mbps. FDDI used fiber-optic cables with a token bus network protocol over a ring topology. Fast Ethernet over UTP offered a much cheaper alternative when it became available, plus it was completely compatible with 10BaseT, so FDDI faded away.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 94

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5

By the late 1990s, most 100BaseT cards could auto-negotiate for full-duplex. With full-duplex, a NIC can send and receive at the same time, as shown in Figure 5.5.

Figure 5.4 • Half-duplex: sending at the top, receiving at the bottom

Almost all NICs today can go full-duplex. The NIC and the attached hub/switch determine full- or half-duplex dur- ing the auto-negotiation process. The vast majority of the time you simply let the NIC do its negotiation. Every operating system has some method to force the NIC to a certain speed/ duplex, as shown in Figure 5.6.

Gigabit Ethernet■■ By the end of the 1990s, the true speed junkie needed an even more powerful version of Ethernet. In response, the IEEE cre- ated Gigabit Ethernet, which today is the most common type of Ethernet found on new NICs.

The IEEE approved two different versions of Gigabit Ether- net. The most widely implemented solution, published under the IEEE 802.3ab standard, is called 1000BaseT. The other version, published under the 802.3z standard and known as 1000BaseX, is divided into a series of standards, with names such as 1000BaseCX, 1000BaseSX, and 1000BaseLX.

1000BaseT uses four-pair UTP or STP cabling to achieve gigabit performance. Like 10BaseT and 100BaseT, 1000BaseT has a maxi- mum cable length of 100 meters on a segment. 1000BaseT connections and ports look exactly like the ones on a 10BaseT or 100BaseT network. 1000BaseT is the dominant Gigabit Ethernet standard.

Full-duplex doesn’t increase network speed, but it doubles network bandwidth. Imagine a one-lane road expanded to two lanes while keeping the speed limit the same. And if you recall from the previous chapter, going full-duplex disables CSMA/CD and eliminates collisions.

Figure 5.5 • Full-duplex

Figure 5.6 • Forcing speed and duplex in Windows 7

The term Gigabit Ethernet is more commonly used than 1000BaseT.

BaseTech

Chapter 5: Modern Ethernet 95

The 802.3z standards require a bit more discussion. Let’s look at each of these solutions in detail to see how they work.

1000BaseCX 1000BaseCX uses a unique cable known as twinaxial cable (Figure 5.7). Most techs shorten the cable name to twinax. Twinaxial cables are special shielded 150-Ohm cables with a length limit of only 25 meters. 1000BaseCX has made little progress in the Gigabit Ethernet market.

1000BaseSX Many networks upgrading to Gigabit Ethernet use the 1000BaseSX standard. 1000BaseSX uses multimode fiber-optic cabling to connect systems, with a generous maximum cable length of 220 to 500 meters; the exact length is left up to the various manufacturers. 1000BaseSX uses an 850-nm (nanome- ter) wavelength LED to transmit light on the fiber-optic cable. 1000BaseSX devices look similar to 100BaseFX devices, and although both standards can use several types of connectors, 1000BaseSX devices commonly use LC, while 100BaseFX devices frequently use SC. (See “New Fiber Connectors” later in the chapter for the scoop on LC connectors.)

1000BaseLX 1000BaseLX is the long-distance carrier for Gigabit Ethernet. 1000BaseLX uses single-mode (laser) cables to shoot data at distances up to 5 kilometers—and some manufacturers use special repeaters to increase that to distances as great as 70 kilometers! The Ethernet folks are trying to position this as the Ethernet backbone of the future, and already some large carriers are begin- ning to adopt 1000BaseLX. You may live your whole life and never see a 1000BaseLX device, but odds are good that you will encounter connections that use such devices in the near future. 1000BaseLX connectors look like 1000BaseSX connectors.

New Fiber Connectors Around the time that Gigabit Ethernet first started to appear, two prob- lems began to surface with ST and SC connectors. First, ST connectors are relatively large, twist-on connectors, requiring the installer to twist the cable when inserting or removing it. Twisting is not a popular action with

Figure 5.7 • Twinaxial cable

Cross Check SC and ST

You learned about the common fiber-optic cable SC and ST connectors way back in Chapter 3, so cross-check your knowledge here. What dis- tinguishes the two connectors? Can 100BaseFX NICs use either one? Which do you need to twist like a bayonet?

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 96

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5

fiber-optic cables, as the delicate fibers may fracture. Also, big-fingered techs have a problem with ST connectors if the connectors are too closely packed: they can’t get their fingers around them. SC connectors snap in and out, making them much more popular than STs. SC connectors are also large, however, and the folks who make fiber networking equip- ment wanted to pack more connectors onto their boxes. This brought about two new types of fiber connectors, known generically as Small Form Factor (SFF) connectors. The first SFF connector—the Mechanical Transfer Registered Jack (MT- RJ), shown in Figure 5.8—gained popularity with important

companies like Cisco and is still quite common. You read about the second type of popular SFF connector, the Local Con-

necter (LC), back in Chapter 3—it’s shown in Figure 5.9. LC-type connectors are very popular, particularly in the United States, and many fiber experts consider the LC-type connector to be the predominant fiber connector.

LC and MT-RJ are the most popular types of SFF fiber connectors, but many others exist, as outlined in Table 5.1. The fiber industry has no stan- dard beyond ST and SC connectors, which means that different makers of fiber equipment may have different connections.

Table 5.1 Gigabit Ethernet Summary Standard Cabling Cable Details Connectors Length

1000BaseCX Copper Twinax Twinax 25 m

1000BaseSX Multimode fiber

850 nm Variable, commonly LC

220–500 m

1000BaseLX Single-mode fiber

1300 nm Variable, commonly LC and SC

5 km

1000BaseT CAT 5e/6 UTP

Four-pair/ full-duplex

RJ-45 100 m

Implementing Multiple Types of Gigabit Ethernet Because Ethernet packets don’t vary among the many flavors of Ethernet, network hardware manufacturers have long built devices capable of sup- porting more than one flavor right out of the box. Ancient hubs supported 10Base2 and 10BaseT at the same time, for example.

You can also use dedicated media converters to connect any type of Eth- ernet cabling together. Most media converters are plain-looking boxes with a port or dongle on either side. They come in all flavors:

Single-mode fiber (SMF) to UTP/STP ■

Multimode fiber (MMF) to UTP/STP ■

Fiber to coaxial ■

SMF to MMF ■

The CompTIA Network+ exam competencies erroneously describe some media converters as single-mode fiber to Ethernet and multimode fiber to Ethernet. It’s all Ethernet! Don’t be surprised if you get one of those terms on the exam, however. Now you’ll know what they mean.

Figure 5.8 • MT-RJ connector

Figure 5.9 • LC-type connector

BaseTech

Chapter 5: Modern Ethernet 97

Finally, the Gigabit Ethernet folks created a standard for modular ports called a gigabit interface converter (GBIC). With many Gigabit Ether- net switches and other hardware, you can simply pull out a GBIC mod- ule that supports one flavor of Gigabit Ethernet and plug in another. You can replace an RJ-45 port GBIC, for example, with an SC GBIC, and it’ll work just fine. Electronically, the switch or other gigabit device is just that—Gigabit Ethernet—so the physical connections don’t matter. Ingenious!

10 Gigabit Ethernet■■ The ongoing demand for bandwidth on the Internet means that the net- working industry is continually reaching for faster LAN speeds. 10 Gigabit Ethernet (10 GbE) is showing up in high-level LANs, with the anticipation that it will trickle-down to desktops in the near future.

Because 10 GbE is still a new technology, there are a large number of stan- dards in existence. Over time some of these standards will certainly grow in popularity, but most will disappear. For now, though, the landscape is in flux. 10 GbE has a number of fiber standards and two copper standards. 10 GbE was first and foremost designed with fiber optics in mind. As a result, 10 GbE copper products have only been for sale since 2008.

Fiber-based 10 GbE When the IEEE members sat down to formalize specifications on Ether- net running at 10 Gbps, they faced several challenges. First, they had to maintain the integrity of the Ethernet frame. Data is king, after all, and the goal was to create a network that could interoperate with any other Ethernet network. Second, they had to figure out how to transfer those frames at such blazing speeds. This second challenge had some inter- esting ramifications because of two factors. They could use the tradi- tional Physical layer mechanisms defined by the Ethernet standard. But a perfectly usable ~10-Gbps fiber network, called SONET, was already in place and being used for wide area networking (WAN) transmissions. What to do?

The IEEE created a whole set of 10 GbE standards that could use traditional LAN Physical layer mechanisms, plus a set of standards that could take advantage of the SONET infrastructure and run over the WAN fiber. To make the 10-Gbps jump as easy as possible, the IEEE also recognized the need for different networking situations. Some implementations require data transfers that can run long distances over single-mode fiber, for example, whereas others can make do with short- distance transfers over multimode fiber. This led to a lot of standards for 10 GbE.

The 10 GbE standards are defined by several factors: the type of fiber used, the wavelength of the laser or lasers, and the Physical layer signal- ing type. These factors also define the maximum signal distance.

There are proposed Ethernet standards that go way beyond 10-Gbps speeds, including a 100 GbE proposal, but nothing is fully standardized as of this writing. Today, 10 GbE is the reigning king of network speeds.

Chapter 14 covers SONET in great detail. For now, think of it as a data transmission standard that’s different from the LAN Ethernet standard.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 98

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5

The IEEE uses specific letter codes with the standards to help sort out the differences so you know what you’re imple- menting or supporting. All the standards have names in the following format: “10GBase” followed by two other charac- ters, what I’ll call xy. The x stands for the type of fiber (usu- ally, though not officially) and the wavelength of the laser signal; the y stands for the Physical layer signaling standard. The y code is always either R for LAN-based signaling or W for SONET/WAN-based signaling. The x differs a little more, so let’s take a look.

10GBaseSy uses a short-wavelength (850 nm) signal over multimode fiber. The maximum fiber length is 300 meters, although this length will vary depending on the type of multi- mode fiber used. 10GBaseSR (Figure 5.10) is used for Ethernet LANs, and 10GBaseSW is used to connect to SONET devices.

Standard Fiber Type Wavelength Physical Layer Signaling

Maximum Signal Length

10GBaseSR Multimode 850 nm LAN 26–300 m

10GBaseSW Multimode 850 nm SONET/WAN 26–300 m

10GBaseLy uses a long-wavelength (1310 nm) signal over single-mode fiber. The maximum fiber length is 10 kilometers, although this length will vary depending on the type of single-mode fiber used. 10GBaseLR con- nects to Ethernet LANs and 10GBaseLW connects to SONET equipment. 10GBaseLR is the most popular and least expensive 10 GbE media type.

Standard Fiber Type Wavelength Physical Layer Signaling

Maximum Signal Length

10GBaseLR Single-mode 1310 nm LAN 10 km

10GBaseLW Single-mode 1310 nm SONET/WAN 10 km

10GBaseEy uses an extra-long-wavelength (1550 nm) signal over single- mode fiber. The maximum fiber length is 40 kilometers, although this length will vary depending on the type of single-mode fiber used. 10GBaseER works with Ethernet LANs and 10GBaseEW connects to SONET equipment.

Standard Fiber Type Wavelength Physical Layer Signaling

Maximum Signal Length

10GBaseER Single-mode 1550 nm LAN 40 km

10GBaseEW Single-mode 1550 nm SONET/WAN 40 km

The 10 GbE fiber standards do not define the type of connector to use and instead leave that to manufacturers (see the upcoming section “10 GbE Physical Connections”).

Copper-based 10 GbE It took until 2006 for the IEEE to come up with a standard for 10 GbE run- ning on twisted-pair cabling—called, predictably, 10GBaseT. 10GBaseT

Figure 5.10 • A 10GBaseSR NIC (photo courtesy of Intel Corporation)

BaseTech

Chapter 5: Modern Ethernet 99

looks and works exactly like the slower versions of UTP Ethernet. The only downside is that 10GBaseT running on CAT 6 has a maximum cable length of only 55 meters. The updated CAT 6a standard enables 10GBaseT to run at the standard distance of 100 meters. Table 5.2 summarizes the 10 GbE standards.

Table 5.2 10 GbE Summary Standard Cabling Wavelength/

Cable Details Connectors Length

10GBaseSR/SW Multimode fiber

850 nm Not defined 26–300 m

10GBaseLR/LW Single-mode fiber

1310 nm Variable, commonly LC

10 km

10GBaseER/EW Single-mode fiber

1550 nm Variable, commonly LC and SC

40 km

10GBaseT CAT 6/6a UTP

Four-pair/ full-duplex

RJ-45 55/100 m

10 GbE Physical Connections This hodgepodge of 10 GbE types might have been the ultimate disaster for hardware manufacturers. All types of 10 GbE send and receive the same sig- nal; only the physical medium is different. Imagine a single router that had to come out in seven different versions to match all these types! Instead, the 10 GbE industry simply chose not to define the connector types and devised a very clever, very simple concept called multisource agreements (MSAs). An MSA transceiver plugs into your 10 GbE equipment, enabling you to convert from one media type to another by inserting the right transceiver. Unfortu- nately, there have been as many as four different competing MSA types in the past few years. Figure 5.11 shows a typical MSA called XENPAK.

For now, 10 GbE equipment is the exclusive domain of high-bandwidth LANs and WANs, including parts of the big-pipe Internet connections.

Backbones The beauty and the challenge of the vast selection of Ethernet flavors is deciding which one to use in your network. The goal is to give your users as fast a network response time as possible, combined with keeping costs at a

Not all 10 GbE manufacturers use MSAs in their equipment.

Figure 5.11 • XENPAK MSA

Tech Tip

The Other 10 Gigabit Ethernet Fiber Standards Manufacturers have shown, in these early days of 10 GbE implementation, both creativity and innovation in taking advantage of both existing fiber and the most cost-effective equipment. This has led to a variety of standards that are not covered by the CompTIA Network+ competencies, but that you should know about nevertheless. The top three as of this writing are 10GBaseL4, 10GBaseLRM, and 10GBaseZR.

The 10GBaseL4 standard uses four lasers at a 1300-nanometer wavelength over legacy fiber. On FDDI-grade multimode cable, 10GBaseL4 can support up to 300-meter transmissions. The range increases to 10 kilometers over single-mode fiber.

The 10GBaseLRM standard uses the long wavelength signal of 10GBaseLR but over legacy multimode fiber. The standard can achieve a range of up to 220 meters, depending on the grade of fiber cable.

Finally, some manufacturers have adopted the 10GBaseZR “standard,” which isn’t part of the IEEE standards at all (unlike 10GBaseL4 and 10GBaseLRM). Instead, the manufacturers have created their own set of specifications. 10GBaseZR networks use a 1550-nanometer wavelength over single-mode fiber to achieve a range of a whopping 80 kilometers. The standard can work with both Ethernet LAN and SONET/WAN infrastructure.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 100

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5

reasonable level. To combine these two issues, most network administrators find that a multi- speed Ethernet network works best. In a multispeed network, a series of high-speed (relative to the rest of the network) switches maintain a backbone network. No computers, other than pos- sibly servers, attach directly to this backbone. Figure 5.12 shows a typical backbone net- work. Each floor has its own switch that connects to every node on the floor. In turn, each of these switches also has a sep- arate high-speed connection to a main switch that resides in the office’s computer room.

To make this work, you need switches with separate, dedicated, high-speed ports

like the ones shown in Figure 5.13. The add-on ports on the switches run straight to the high-speed backbone switch.

Know Your Ethernets! This single chapter is little more than a breakdown of the evolution of Ethernet since the old 10BaseT standard. Make sure you know the details of these Ethernet versions and take advantage of the summaries and tables to recognize the important points of each type.

Additionally, keep in mind that you’ve only just begun to delve into the world of switching. The book has covered thus far only the functions of a basic switch. There is a lot more to know in terms of the capabilities of these powerful devices, but first you need to understand networking at a deeper level.

Figure 5.13 • Switches with dedicated, high-speed add-on ports

Try This! Shopping for Switches

Cisco, one of the industry leaders for Ethernet switches, has a great Web site for its products. Imagine that you are setting up a network for your school or business (keep it simple and pick a single building if you’re in a large organization). Decide what type of switches you’d like to use, including both the backbone and local switches. If you’re really motivated, decide where to locate the switches physically. Don’t be afraid to try a fiber backbone—almost every Cisco switch comes with special ports to enable you to pick the type of Ethernet you want to use for your backbone.

Figure 5.12 • Typical network configuration showing backbone

BaseTech

101 Chapter 5: Modern Ethernet

Chapter 5 Review■■

Chapter Summary ■

After reading this chapter and completing the exercises, you should understand the following about Ethernet.

Describe the varieties of 100-megabit Ethernet

Fast Ethernet includes two UTP/STP variations, ■ both arranged in a physical star, but operating in a logical bus—100BaseTX and 100BaseT4.

In 100BaseTX Ethernet cabling systems, speeds are ■ 100 Mbps, wires are twisted copper pairs, signals are baseband, and distance is limited to 100 meters from the node to the hub, with a limit of 1024 ports per hub. The cabling used must be CAT 5e or better UTP/STP crimped with RJ-45 connectors.

In 100BaseT4 Ethernet cabling systems, speeds are ■ 100 Mbps, wires are twisted copper pairs, signals are baseband, and distance is limited to 100 meters from the node to the hub, with a limit of 1024 ports per hub. The cabling used is CAT 3 UTP with RJ-45 connectors. The main difference from 100BaseTX is that all four pairs of wires are used in data transmission.

Limitations of Fast Ethernet over UTP include ■ distance (only 100 meters), inadequate shielding for some installations, and relative ease of intruder break-ins on the physical cable.

The fiber-optic variation of Fast Ethernet, ■ 100BaseFX, overcomes these limitations, offering immunity to electrical interference and a range of up to two kilometers from node to hub.

A half-duplex NIC can only send or receive at any ■ one time. Full-duplex NICs can send and receive at the same time, thereby doubling the bandwidth (but not the speed).

Discuss copper- and fiber-based Gigabit Ethernet

Two Gigabit Ethernet standards have been ■ approved by the IEEE: 802.3z (1000BaseX) and 802.3ab (1000BaseT).

1000BaseT uses four-pair UTP/STP cabling and ■ has a maximum length of 100 meters.

1000BaseX is divided into a number of standards: ■ 1000BaseCX, 1000BaseSX, and 1000BaseLX.

1000BaseCX uses twinaxial cable with a maximum ■ length of 25 meters.

1000BaseSX uses multimode fiber-optic cable with ■ a maximum length between 220 and 500 meters, depending on the manufacturer.

1000BaseLX uses single-mode fiber-optic cable ■ with a maximum length of 5 kilometers. Some manufacturers use repeaters to extend the maximum length to 70 kilometers.

The Small Form Factor (SFF) fiber connector ■ includes the Mechanical Transfer Registered Jack (MT-RJ) and the Local Connector (LC), both of which were created to overcome problems with the ST and SC connectors.

Compare the competing varieties of 10 Gigabit Ethernet

10 Gigabit Ethernet (10 GbE) has several fiber ■ standards and two copper standards. Copper products have only recently become available.

SONET is the networking standard for long- ■ distance optical connections that serve as the main backbone for the Internet.

10 GbE is organized into six different standards: ■ 10GBaseSR, 10GBaseSW, 10GBaseLR, 10GBaseLW, 10GBaseER, and 10GBaseEW.

10GBaseS ■ y uses multimode fiber with a maximum length of 300 meters. 10GBaseSR is used for Ethernet LANs, whereas 10GBaseSW is used to connect to SONET devices.

10GBaseL ■ y uses single-mode fiber with a maximum length of 10 kilometers. 10GBaseLR is for Ethernet LANs, whereas 10GBaseLW is used to connect to SONET devices. 10GBaseLR is the most popular and least expensive 10 GbE media type.

10GBaseE ■ y uses single-mode fiber with a maximum length of 40 kilometers. 10GBaseER is used for Ethernet LANs, whereas 10GBaseEW is used to connect to SONET devices.

102 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5

10GBaseT defines 10 Gigabit Ethernet over UTP/ ■ STP cable. It is capable of a maximum distance of 55 meters with CAT 6; however, using CAT 6a, it can achieve 100 meters.

All types of 10 GbE send and receive the exact ■ same signal. Network devices, such as routers, that need to support different 10 GbE cable types use multisource agreements to enable the various cable types to connect.

Key Terms ■ 10GBaseER (98) 10GBaseEW (98) 10GBaseLR (98) 10GBaseLW (98) 10GBaseSR (98) 10GBaseSW (98) 10GBaseT (98) 10 Gigabit Ethernet (10 GbE) (97) 100BaseFX (93) 100BaseT (91) 100BaseT4 (91) 100BaseTX (91) 1000BaseCX (95) 1000BaseLX (95)

1000BaseSX (95) 1000BaseT (94) 1000BaseX (94) 802.3ab (94) 802.3z (94) Fast Ethernet (91) full-duplex (94) Gigabit Ethernet (94) half-duplex (93) Local Connecter (LC) (96) Mechanical Transfer Registered Jack (MT-RJ) (96) multisource agreement (MSA) (99) Small Form Factor (SFF) (96) SONET (97)

Key Term Quiz ■

Use the Key Terms list to complete the sentences that follow. Not all terms will be used.

When a network device can both send and 1. receive data at the same time, it is said to be _______________.

_______________ has a maximum cable length of 2. two kilometers and uses multimode fiber with ST or SC connectors.

100BaseT is also known as _______________.3.

_______________ can use CAT, 3 but 4. _______________ must use CAT 5 or better.

802.3z and 802.3ab are both _______________ 5. standards.

_______________ supports the longest maximum 6. distance for Gigabit Ethernet.

The _______________ and _______________ 7. IEEE standards support the longest maximum distance for 10 Gigabit Ethernet.

Many fiber experts consider the _______________ 8. connector to be the predominant fiber connector.

_______________ is the least expensive and most 9. popular 10 GbE media type.

Routers with _______________ can accept a 10. variety of 10 GbE media types.

BaseTech

103 Chapter 5: Modern Ethernet

Multiple-Choice Quiz ■ Which of the following are 100BaseT cable types? 1. (Select three.)

CAT 3A.

CAT 5B.

CAT 5eC.

10BaseFLD.

What is the physical limit for the number of 2. ports on an Ethernet hub?

24A.

256B.

512C.

1024D.

When a network device can only send data or 3. receive data, but not both at the same time, it is operating in what mode?

DuplexA.

Full-duplexB.

Half-duplexC.

HalfplexD.

What important backbone technology is also 4. known as Gigabit Ethernet?

100BaseTA.

100BaseFLB.

100BaseFXC.

1000BaseTD.

What are the two major UTP variations of Fast 5. Ethernet? (Select two.)

100BaseTLA.

100BaseTXB.

100BaseFLC.

100BaseT4D.

What are three limitations of Fast Ethernet over 6. UTP? (Select three.)

Distance is restricted to 100 meters from A. node to hub.

Shielding may be inadequate for some B. installations.

Intrusion from outsiders may be possible C. without detection.

The obsolete technology is insufficient for D. most networks.

Which standard defines Fast Ethernet using fiber 7. cabling?

10BaseFLA.

100BaseFXB.

100BaseT4C.

100BaseTXD.

Which of the following are fiber connector types? 8. (Select three.)

LCA.

LSB.

MT-RJC.

STD.

What do you need to connect varying 10 GbE 9. cable types to the same router?

SFF connectors on all cablesA.

SC connectors on all cablesB.

Multisource agreements on the routerC.

This is not possible.D.

Which standard defines Gigabit Ethernet over 10. twisted-pair copper wire?

802.3abA.

802.3eB.

802.3GbUTPC.

802.3zD.

You’ve lost the manual to your router. How can 11. you tell the difference between a 1000BaseT port and a 100BaseT port on a router just by looking?

The 1000BaseT ports are noticeably larger.A.

The 100BaseT ports are green, whereas the B. 1000BaseT ports are gray.

1000BaseT ports are reversed with the clip on C. the top.

You can’t tell the difference by looking. They D. look exactly the same.

104 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 5

Which statement about Ethernet is correct?12.

Only 10- and 100-megabit Ethernet may use A. a hub. Gigabit Ethernet must use a switch.

10- and 100-megabit Ethernet has a limit of B. 1024 nodes. Gigabit Ethernet has no limit.

Gigabit Ethernet that uses UTP cabling has C. a maximum distance between the node and switch of 250–400 meters, depending on the manufacturer.

All versions of 10 Gigabit Ethernet use the D. same cabling.

What will happen if you connect a 10BaseT NIC 13. to an auto-sensing switch?

The switch will operate in hub mode.A.

The entire switch will operate at 10 megabits, B. even if 100-megabit devices are attached.

The 10BaseT NIC will operate at 10 megabits C. while connected 100-megabit devices will operate at their full speed of 100 megabits.

The 10BaseT NIC will overclock to run at 100 D. megabits.

What benefit does full-duplex offer?14.

It allows all NICs on a hub to send signals at A. the same time without collisions.

It doubles the bandwidth of the network.B.

It doubles the speed of the network.C.

It doubles both the bandwidth and the speed D. of the network.

What is the difference between the15. R and W designations in 10GBase standards, such as 10GBaseLR and 10GBaseLW, or 10GBaseER and 10GBaseEW?

TheA. R indicates “regular,” or half-duplex. The W indicates “wide mode,” which is the 10 Gigabit Ethernet version of full-duplex.

TheB. R indicates “read,” or the ability to receive signals; the W indicates “write,” or the ability to send signals.

TheC. R and W indicate differences in the circuitry, with the W versions used to connect to SONET equipment.

TheD. R indicates the use of UTP, whereas the W indicates the use of fiber optics.

Essay Quiz ■

Which types of computer network cable 1. connections are you familiar with already? Write a short paragraph describing your experience.

Your manager has just informed you that 2. several departments at your company will be switching over to fiber-optic NICs. How many and what type of connectors will be needed for each node on the new segment? Document your recommendations.

Compose a letter to the network administrator 3. of a nearby telecommunications company or ISP (Internet service provider). Introduce yourself in the top part of the letter as a networking student. Then ask if the company ever gives tours or holds open houses for the public. Close the letter by thanking the person reading it for his or her time. Spell-check and have others proofread

your letter. Consider mailing the letter if you are serious about your visit and your instructor approves your final copy.

Prepare a list of questions you would ask a large 4. organization’s network administrator regarding cabling, connections, hubs, switches, and even routers. Use the situation described in Essay 3 to help you create your list of questions.

Prepare a thank-you note in advance for 5. having been allowed to participate in a tour, as described in Essay 3. Mention some of the items you observed during the visit. If you would be interested in seeking employment at their facility, consider mentioning that and asking about the steps you would need to take to prepare for such a position. Sometimes a simple thank-you note can help land a job!

BaseTech

105 Chapter 5: Modern Ethernet

Lab Project 5.1 •

Lab ProjectsLab Projects

Find a hub or switch at your school or company. Examine the wiring closely to determine what cable connections it uses. Try to determine whether the cabling was placed neatly and in an

organized manner, whether the ports are clearly labeled, and whether all the ends were crimped well. Be prepared to discuss your findings with the rest of the class.

Lab Project 5.2 •

Use the Internet to research prices to order 100 each of the connectors from the following list. Don’t forget to include basic shipping and handling to your organization’s location, as these are a price factor in real life.

RJ-45 connectors ■

SC connectors ■

ST connectors ■

MT-RJ connectors ■

LC connectors ■

From your research, which connectors would be the least costly?

Lab Project 5.3 •

All these standards! How can you remember them? Make a chart that compares the features

(cabling, connectors, data throughput, and so on) of the following Ethernet technologies:

10BaseT ■

10BaseFL ■

100BaseTX ■

100BaseFX ■

1000BaseT ■

1000BaseCX ■

1000BaseLX ■

1000BaseSX ■

10GBaseSR/10GBaseSW ■

10GBaseLR/10GBaseLW ■

10GBaseER/10GBaseEW ■

6 chapter

106

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

Installing a Physical Network

“I am rarely happier than

when spending an entire day

programming my computer to

perform automatically a task

that it would otherwise take me a

good ten seconds to do by hand.”

—Douglas aDams

In this chapter, you will learn how to

Recognize and describe the ■■ functions of basic components in a structured cabling system

Explain the process of installing ■■ structured cable

Install a network interface card■■

Perform basic troubleshooting on ■■ a structured cable network

Armed with the knowledge of previous chapters, it’s time to start going about the business of actually constructing a physical network. This might seem easy; after all, the most basic network is nothing more than a switch with a

number of cables snaking out to all of the PCs on the network (Figure 6.1).

On the surface, such a network setup is absolutely correct, but if you tried

to run a network using only a switch and cables running to each system, you’d

have some serious practical issues. In the real world, you need to deal with

physical obstacles like walls and ceilings. You also need to deal with those

annoying things called people. People are incredibly adept at destroying physical

networks. They unplug switches, trip over cables, and rip connectors out of

NICs with incredible consistency unless you protect the network from their

destructive ways. Although the simplified switch-and-a-bunch-of-cables type of

network can function in the real world, the network clearly has some problems

that need addressing before it can work safely and efficiently (Figure 6.2).

BaseTech

Chapter 6: Installing a Physical Network 107

This chapter takes the abstract dis- cussion of network technologies from previous chapters into the concrete reality of real networks. To achieve this goal, it marches you through the process of installing an entire net- work system from the beginning. The chapter starts by introducing you to structured cabling, the critical set of standards used all over the world to install physical cabling in a safe and orderly fashion. It then delves into the world of larger networks—those with more than a single switch—and shows you some typical methods used to organize them for peak effi- ciency and reliability. Next, you’ll take a quick tour of the most com- mon NICs used in PCs, and see what it takes to install them. Finally, you’ll look at how to troubleshoot cabling and other network devices, including an introduction to some fun diagnostic tools.

Historical/Conceptual

Understanding Structured Cabling■■ If you want a functioning, dependable, real-world network, you need a solid understanding of a set of standards, collectively called structured cabling. These standards, defined by the Telecommunications Industry Association/ Electronic Industries Alliance (TIA/EIA)—yup, the same folks who tell you how to crimp an RJ-45 onto the end of a UTP cable—give professional cable installers detailed standards on every aspect of a cabled network, from the type of cabling to use to the position of wall outlets.

Figure 6.1 • What an orderly looking network!

Figure 6.2 • A real-world network

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 108

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

The CompTIA Network+ exam requires you to understand the basic concepts involved in designing a network and installing network cabling and to recognize the components used in a real network. The CompTIA Network+ exam does not, however, expect you to be as knowledgeable as a professional network designer or cable installer. Your goal is to understand enough about real-world cabling systems to communicate knowledgeably with cable installers and to perform basic troubleshooting. Granted, by the end of this chapter, you’ll have enough of an understanding to try running your own cable (I certainly run my own cable), but consider that knowl- edge a handy bit of extra credit.

The idea of structured cabling is to create a safe, reliable cabling infra- structure for all of the devices that may need interconnection. Certainly this applies to computer networks, but also to telephone, video—anything that might need low-power, distributed cabling.

You should understand three issues with structured cabling. Cable basics start the picture, with switches, cabling, and PCs. You’ll then look at the components of a network, such as how the cable runs through the walls and where it ends up. This section wraps up with an assessment of connec- tions leading outside your network.

Cable Basics—A Star Is Born This exploration of the world of connectivity hardware starts with the most basic of all networks: a switch, some UTP cable, and a few PCs—in other words, a typical physical star network (Figure 6.3).

Figure 6.3 • A switch connected by UTP cable to two PCs

No law of physics prevents you from installing a switch in the middle of your office and running cables on the floor to all the computers in your network. This setup works, but it falls apart spectacularly when applied to a real-world environment. Three problems present themselves to the net- work tech. First, the exposed cables running along the floor are just wait- ing for someone to trip over them, damaging the network and giving that person a wonderful lawsuit opportunity. Possible accidents aside, simply moving and stepping on the cabling will, over time, cause a cable to fail due to wires breaking or RJ-45 connectors ripping off cable ends. Second, the presence of other electrical devices close to the cable can create interfer- ence that confuses the signals going through the wire. Third, this type of setup limits your ability to make any changes to the network. Before you can change anything, you have to figure out which cables in the huge rat’s nest of cables connected to the switch go to which machines. Imagine that troubleshooting nightmare!

A structured cabling system is useful for more than just computer networks. You’ll find structured cabling defining telephone networks and video conferencing setups, for example.

Tech Tip

The Big Wireless Lie Anyone who makes a trip to a local computer store sees plenty of devices that adhere to the 802.11 (wireless networking) standard. There’s little doubt about the popularity of wireless. This popularity, however, gives people the impression that 802.11 is pushing wired networks into oblivion. While this may take place one day in the future, a wireless network’s unreliability and relatively slow speed (as compared to Gigabit Ethernet) make it challenging to use in a network that requires high reliability and speed. Wireless makes great sense in homes, your local coffeehouse, and offices that don’t need high speed or reliability, but any network that can’t afford downtime or slow speeds still uses wires.

BaseTech

Chapter 6: Installing a Physical Network 109

“Gosh,” you’re thinking (okay, I’m thinking it, but you should be, too), “there must be a better way to install a physical network.” A better instal- lation would provide safety, protecting the star from vacuum cleaners, clumsy coworkers, and electrical interference. It would have extra hard- ware to organize and protect the cabling. Finally, the new and improved star network installation would feature a cabling standard with the flex- ibility to enable the network to grow according to its needs and then to upgrade when the next great network technology comes along.

As you have no doubt guessed, I’m not just theorizing here. In the real world, the people who most wanted improved installation standards were the ones who installed cable for a living. In response to this demand, the TIA/EIA developed standards for cable installation. The TIA/EIA 568 stan- dards you learned about in earlier chapters are only part of a larger set of TIA/EIA standards all lumped together under the umbrella of structured cabling.

Test Specific

Structured Cable Network Components Successful implementation of a basic structured cabling network requires three essential ingre- dients: a telecommunications room, horizontal cabling, and a work area. Let’s zero in on one floor of Figure 5.12 from the previous chapter. All the cabling runs from individual PCs to a central location, the telecommunications room (Figure 6.4). What equipment goes in there—a switch or a telephone system—is not the impor- tant thing. What matters is that all the cables concentrate in this one area.

All cables run horizontally (for the most part) from the telecommunications room to the PCs. This cabling is called, appropriately, horizontal cabling. A single piece of installed horizontal cabling is called a run. At the opposite end of the horizontal cabling from the telecommunica- tions room is the work area. The work area is often simply an office or cubicle that potentially

Cross Check TIA/EIA Standards

You should remember the TIA/EIA 568 standards from Chapter 4, but do you remember how to tell the difference between 568A and 568B? Why were the standards considered necessary?

Tech Tip

Professional Cabling Certifications with BICSI Installing structured cabling properly takes a startlingly high degree of skill. Thousands of pitfalls await inexperienced network people who think they can install their own network cabling. Pulling cable requires expensive equipment, a lot of hands, and the ability to react to problems quickly. Network techs can cost employers a lot of money—not to mention losing their good jobs—by imagining they can do it themselves without the proper knowledge. If you are interested in learning more details about structured cabling, an organization called BICSI (www.bicsi.org) provides a series of widely recognized certifications for the cabling industry.

Figure 6.4 • Telecommunications room

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 110

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

contains a PC and a telephone. Figure 6.5 shows both the horizontal cabling and work areas.

Figure 6.5 • Horizontal cabling and work area

Each of the three parts of a basic star network—the telecommunications room, the horizontal cabling, and the work area(s)—must follow a series of strict standards designed to ensure that the cabling system is reliable and easy to manage. The cabling standards set by TIA/EIA enable techs to make sensible decisions on equipment installed in the telecommunications room, so let’s tackle horizontal cabling first, and then return to the telecommuni- cations room. We’ll finish up with the work area.

Horizontal Cabling A horizontal cabling run is the cabling that goes more or less horizontally from a work area to the telecommunications room. In most networks, this cable is a CAT 5e or better UTP, but when you move into structured cabling, the TIA/EIA standards define a number of other aspects of the cable, such as the type of wires, number of pairs of wires, and fire ratings.

Solid Core vs. Stranded Core All UTP cables come in one of two types: solid core or stranded core. Each wire in solid core UTP uses a single solid wire. With stranded core, each wire is actually a bundle of tiny wire strands. Each of these cable types has its benefits and downsides. Solid core is a better conductor, but it is stiff and will break if handled too often or too roughly. Stranded core is not quite as good a conductor, but it will stand up to sub- stantial handling without breaking. Figure 6.6 shows a close-up of solid and stranded core UTP.

A single piece of cable that runs from a work area to a telecommunications room is called a run.

BaseTech

Chapter 6: Installing a Physical Network 111

contains a PC and a telephone. Figure 6.5 shows both the horizontal cabling and work areas.

Each of the three parts of a basic star network—the telecommunications room, the horizontal cabling, and the work area(s)—must follow a series of strict standards designed to ensure that the cabling system is reliable and easy to manage. The cabling standards set by TIA/EIA enable techs to make sensible decisions on equipment installed in the telecommunications room, so let’s tackle horizontal cabling first, and then return to the telecommuni- cations room. We’ll finish up with the work area.

Horizontal Cabling A horizontal cabling run is the cabling that goes more or less horizontally from a work area to the telecommunications room. In most networks, this cable is a CAT 5e or better UTP, but when you move into structured cabling, the TIA/EIA standards define a number of other aspects of the cable, such as the type of wires, number of pairs of wires, and fire ratings.

Solid Core vs. Stranded Core All UTP cables come in one of two types: solid core or stranded core. Each wire in solid core UTP uses a single solid wire. With stranded core, each wire is actually a bundle of tiny wire strands. Each of these cable types has its benefits and downsides. Solid core is a better conductor, but it is stiff and will break if handled too often or too roughly. Stranded core is not quite as good a conductor, but it will stand up to sub- stantial handling without breaking. Figure 6.6 shows a close-up of solid and stranded core UTP.

Figure 6.6 • Solid and stranded core UTP

TIA/EIA specifies that horizontal cabling should always be solid core. Remember, this cabling is going into your walls and ceilings, safe from the harmful effects of shoes and vacuum cleaners. The ceilings and walls enable you to take advantage of the better conductivity of solid core without the risk of cable damage. Stranded cable also has an impor- tant function in a structured cabling network, but I need to discuss a few more parts of the network before I talk about where to use stranded UTP cable.

Number of Pairs Pulling horizontal cables into your walls and ceilings is a time-consuming and messy business, and not a process you want to repeat, if at all possible. For this reason, most cable installers recommend using the high- est CAT rating you can afford. Many years ago, I would also mention that you should use four-pair UTP, but today, four-pair is assumed. Four-pair UTP is so common that it’s difficult, if not impossible, to find two-pair UTP.

You’ll find larger bundled UTP cables in higher-end telephone setups. These cables hold 25 or even 100 pairs of wires (Figure 6.7).

Choosing Your Horizontal Cabling In the real world, network people only install CAT 5e or CAT 6 UTP, although CAT 6a is also starting to show up as 10GBaseT begins to see acceptance. Installing higher-rated cabling is done primarily as a hedge against new network technologies that may require a more advanced cable. Networking caveat emptor (buyer beware): many net- work installers take advantage of the fact that a lower CAT level will work on most networks and bid a network installation using the lowest-grade cable possible.

The Telecommunications Room The telecommunications room is the heart of the basic star. This room— technically called the intermediate distribution frame (IDF)—is where all the horizontal runs from all the work areas come together. The concentration of all this gear in one place makes the telecommunications room potentially one of the messiest parts of the basic star. Even if you do a nice, neat job of organizing the cables when they are first installed, networks change over time. People move computers, new work areas are added, network topolo- gies are added or improved, and so on. Unless you impose some type of organization, this conglomeration of equipment and cables decays into a nightmarish mess.

Unlike previous CAT standards, TIA/EIA defines CAT 5e and later as four-pair-only cables.

Figure 6.7 • 25-pair UTP

The telecommunications room is also known as an intermediate distribution frame (IDF), as opposed to the main distribution frame (MDF), which we will discuss later in the chapter.

Cross Check Fire Ratings

You saw another aspect of cabling way back in Chapter 3, so check your memory here. What are fire ratings? When should you use plenum- grade cabling and when should you use riser-grade cabling? What about PVC? What are the differences?

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 112

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

Fortunately, the TIA/EIA struc- tured cabling standards define the use of specialized components in the telecommunications room that make organizing a snap. In fact, it might be fair to say that there are too many options! To keep it simple, we’re going to stay with the most common tele- communications room setup and then take a short peek at some other fairly common options.

Equipment Racks The central compo- nent of every telecommunications room is one or more equipment racks. An equipment rack provides a safe, stable platform for all the different hardware components. All equipment racks are 19 inches wide, but they vary in height from two- to three-foot-high models that bolt onto a wall (Fig-

ure 6.8) to the more popular floor-to-ceiling models (Figure 6.9). You can mount almost any network hardware component into a rack.

All manufacturers make rack-mounted switches that mount into a rack with a few screws. These switches are available with a wide assortment of ports and capabilities. There are even rack-mounted servers, complete with slide-out keyboards, and rack-mounted uninterruptible power supplies (UPSs) to power the equipment (Figure 6.10).

All rack-mounted equipment uses a height measurement known sim- ply as a U. A U is 1.75 inches. A device that fits in a 1.75-inch space is called a 1U; a device designed for a 3.5-inch space is a 2U; and a device that goes into a 7-inch space is called a 4U. Most rack-mounted devices are 1U, 2U, or 4U. The rack in Figure 6.9 is called a 42U rack to reflect the total number of Us it can hold.

Patch Panels and Cables Ideally, once you install horizontal cabling, you should never move it. As you know, UTP horizontal cabling has a solid core, making it pretty stiff. Solid core cables can handle some rearranging, but if you insert a wad of solid core cables directly into your switches, every time you move a cable to a different port on the switch, or move the switch itself, you will jostle the cable. You don’t have to move a solid core cable many times before one of the solid copper wires breaks, and there goes a network connection!

Figure 6.8 • A short equipment rack

Figure 6.10 • A rack-mounted UPS

Figure 6.9 • A floor-to-ceiling rack

Equipment racks evolved out of the railroad signaling racks from the 19th century. The components in a rack today obviously differ a lot from railroad signaling, but the 19” width has remained the standard for well over a 100 years.

BaseTech

Chapter 6: Installing a Physical Network 113

Luckily for you, you can easily avoid this problem by using a patch panel. A patch panel is simply a box with a row of female connectors (ports) in the front and permanent connections in the back, to which you connect the horizontal cables (Figure 6.11).

The most common type of patch panel today uses a special type of con- necter called a 110 block, or sometimes a 110-punchdown block. UTP cables connect to a 110 block using a punchdown tool. Figure 6.12 shows a typical punchdown tool, and Figure 6.13 shows the punchdown tool punching down individual strands.

The punchdown block has small metal-lined grooves for the individ- ual wires. The punchdown tool has a blunt end that forces the wire into the groove. The metal in the groove slices the cladding enough to make contact.

At one time, the older 66-punchdown block patch panel, found in just about every commercial telephone installation (Figure 6.14), saw some use in PC networks. The 110 block introduces less crosstalk than 66 blocks, so most high-speed network installations use the former for both telephone

Figure 6.11 • Typical patch panels

Figure 6.13 • Punching down a 110 block

Make sure you insert the wires according to the same standard (TIA/EIA 568A or TIA/EIA 568B) on both ends of the cable. If you don’t, you might swap the sending and receiving wires (known as TX/ RX reversed) and inadvertently create a crossover cable.

Figure 6.14 • 66-block patch panels

Figure 6.12 • Punchdown tool

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 114

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

service and PC LANs. Given their large installed base, it’s still common to find a group of 66-block patch panels in a telecommunications room sepa- rate from the PC network’s 110-block patch panels.

Not only do patch panels prevent the horizontal cabling from being moved, but they are also your first line of defense in organizing the cables. All patch panels have space in the front for labels, and these labels are the network tech’s best friend! Simply place a tiny label on the patch panel to identify each cable, and you will never have to experience that sinking feel- ing of standing in the telecommunications room of your nonfunctioning network, wondering which cable is which. If you want to be a purist, there is an official, and rather confusing, TIA/EIA labeling methodology called TIA/EIA 606, but a number of real-world network techs simply use their own internal codes (Figure 6.15).

Figure 6.15 • Typical patch panels with labels

Patch panels are available in a wide variety of configurations that include different types of ports and numbers of ports. You can get UTP, STP, or fiber ports, and some manufacturers combine several different types on the same patch panel. Panels are available with 8, 12, 24, 48, or even more ports.

UTP patch panels, like UTP cables, come with CAT ratings, which you should be sure to check. Don’t blow a good CAT 6 cable installation by buying a cheap patch panel—get a CAT 6 patch panel! A CAT 6 panel can handle the 250-MHz frequency used by CAT 6 and offers lower crosstalk and network interference. A higher-rated panel supports earlier standards, so you can use a CAT 6 or even CAT 6a rack with CAT 5e cabling. Most manufacturers proudly display the CAT level right on the patch panel (Figure 6.16).

Once you have installed the patch panel, you need to connect the ports to the switch through patch cables. Patch cables are short (typically two- to five-foot) UTP cables. Patch cables use stranded rather than solid cable, so they can tolerate much more handling. Even though you can make your

The CompTIA Network+ exam uses the terms 110 block and 66 block exclusively to describe the punchdown blocks common in telecommunication. In the field, in contrast, and in manuals and other literature, you’ll see the punchdown blocks referred to as 110-punchdown blocks and 66-punchdown blocks as well. Some manufacturers even split punchdown into two words, i.e., punch down. Be prepared to be nimble in the field, but expect 110 block and 66 block on the exam.

Figure 6.16 • CAT level on patch panel

Tech Tip

Serious Labeling The TIA/EIA 606 standard covers proper labeling and documentation of cabling, patch panels, and wall outlets. If you want to know how the pros label and document a structured cabling system (and you’ve got US$360 to blow), check out the TIA/EIA 606 standard hardcopy from TIA.

BaseTech

Chapter 6: Installing a Physical Network 115

own patch cables, most people buy premade ones. Buying patch cables enables you to use different-colored cables to facilitate orga- nization (yellow for accounting, blue for sales, or whatever scheme works for you). Most prefabricated patch cables also come with a reinforced (booted) connector specially designed to handle multiple insertions and removals (Figure 6.17).

A telecommunications room doesn’t have to be a special room dedicated to computer equipment. You can use specially made cabi- nets with their own little built-in equipment racks that sit on the floor or attach to a wall, or you can use a storage room as long as the equipment can be protected from the other items stored there. Fortunately, the demand for telecommunications rooms has been around for so long that most office spaces have premade telecom- munications rooms, even if they are no more than closets in smaller offices.

At this point, the network is taking shape (Figure 6.18). The TIA/EIA horizontal cabling is installed and the telecommunications room is configured. Now it’s time to address the last part of the structured cabling system: the work area.

Cable runs

Figure 6.18 • Network taking shape, with racks installed and horizontal cabling run

The Work Area From a cabling standpoint, a work area is nothing more than a wall outlet that serves as the termination point for horizontal network cables: a con- venient insertion point for a PC and a telephone. (In practice, of course,

Figure 6.17 • Typical patch cable

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 116

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

the term “work area” includes the office or cubicle.) A wall outlet itself consists of one or two female jacks to accept the cable, a mounting bracket, and a face-plate. You connect the PC to the wall outlet with a patch cable (Figure 6.19).

The female RJ-45 jacks in these wall outlets also have CAT ratings. You must buy CAT-rated jacks for wall outlets to go along with the CAT rating of the cabling in your network. In fact, many network connector manufac- turers use the same connectors in the wall outlets that they use on the patch panels. These modular outlets significantly increase ease of installa- tion. Make sure you label the outlet to show the job of each connector (Figure 6.20). A good outlet will also have some form of label that identi- fies its position on the patch panel. Proper documentation of your outlets will save you an incredible amount of work later.

The last step is connecting the PC to the wall outlet. Here again, most folks use a patch cable. Its stranded cabling stands up to the abuse caused by moving PCs, not to mention the occasional kick.

You’ll recall from Chapter 5 that 10/100/1000BaseT networks specify a limit of 100 meters between a hub or switch and a node. Interestingly, though, the TIA/EIA 568 specification allows only UTP cable lengths of 90 meters. What’s with the missing 10 meters? Have you figured it out? Hint: the answer lies in the discussion we’ve just been having. Ding! Time’s up! The answer is … the patch cables! Patch cables add extra dis- tance between the switch and the PC, so TIA/EIA compensates by reduc- ing the horizontal cabling length.

The work area may be the simplest part of the structured cabling sys- tem, but it is also the source of most network failures. When a user can’t access the network and you suspect a broken cable, the first place to look is the work area.

Structured Cable—Beyond the Star Thus far you’ve seen structured cabling as a single star topology on a single floor of a building. Let’s now expand that concept to an entire building and learn the terms used by the structured cabling folks, such as the demarc and NIU, to describe this much more complex setup.

You can hardly find a building today that isn’t connected to both the Internet and the telephone company. In many cases, this is a single con- nection, but for now, let’s treat them as separate connections.

As you saw in the previous chapter, a typical building-wide network consists of a high-speed backbone that runs vertically through the build- ing and connects to multispeed switches on each floor that, in turn, ser- vice the individual PCs on that floor. A dedicated telephone cabling back- bone that enables the distribution of phone calls to individual telephones runs alongside the network cabling. While every telephone installation varies, most commonly you’ll see one or more strands of 25-pair UTP cables running to the 66 block in the telecommunications room on each floor (Figure 6.21).

Demarc Connections from the outside world—whether network or telephone— come into a building at a location called a demarc, short for demarcation

Figure 6.19 • Typical work area outlet

Figure 6.20 • Properly labeled outlet

Structured cabling goes beyond a single building and even describes methods for interconnecting multiple buildings. The CompTIA Network+ certification exam does not cover interbuilding connections.

BaseTech

Chapter 6: Installing a Physical Network 117

the term “work area” includes the office or cubicle.) A wall outlet itself consists of one or two female jacks to accept the cable, a mounting bracket, and a face-plate. You connect the PC to the wall outlet with a patch cable (Figure 6.19).

The female RJ-45 jacks in these wall outlets also have CAT ratings. You must buy CAT-rated jacks for wall outlets to go along with the CAT rating of the cabling in your network. In fact, many network connector manufac- turers use the same connectors in the wall outlets that they use on the patch panels. These modular outlets significantly increase ease of installa- tion. Make sure you label the outlet to show the job of each connector (Figure 6.20). A good outlet will also have some form of label that identi- fies its position on the patch panel. Proper documentation of your outlets will save you an incredible amount of work later.

The last step is connecting the PC to the wall outlet. Here again, most folks use a patch cable. Its stranded cabling stands up to the abuse caused by moving PCs, not to mention the occasional kick.

You’ll recall from Chapter 5 that 10/100/1000BaseT networks specify a limit of 100 meters between a hub or switch and a node. Interestingly, though, the TIA/EIA 568 specification allows only UTP cable lengths of 90 meters. What’s with the missing 10 meters? Have you figured it out? Hint: the answer lies in the discussion we’ve just been having. Ding! Time’s up! The answer is … the patch cables! Patch cables add extra dis- tance between the switch and the PC, so TIA/EIA compensates by reduc- ing the horizontal cabling length.

The work area may be the simplest part of the structured cabling sys- tem, but it is also the source of most network failures. When a user can’t access the network and you suspect a broken cable, the first place to look is the work area.

Structured Cable—Beyond the Star Thus far you’ve seen structured cabling as a single star topology on a single floor of a building. Let’s now expand that concept to an entire building and learn the terms used by the structured cabling folks, such as the demarc and NIU, to describe this much more complex setup.

You can hardly find a building today that isn’t connected to both the Internet and the telephone company. In many cases, this is a single con- nection, but for now, let’s treat them as separate connections.

As you saw in the previous chapter, a typical building-wide network consists of a high-speed backbone that runs vertically through the build- ing and connects to multispeed switches on each floor that, in turn, ser- vice the individual PCs on that floor. A dedicated telephone cabling back- bone that enables the distribution of phone calls to individual telephones runs alongside the network cabling. While every telephone installation varies, most commonly you’ll see one or more strands of 25-pair UTP cables running to the 66 block in the telecommunications room on each floor (Figure 6.21).

Demarc Connections from the outside world—whether network or telephone— come into a building at a location called a demarc, short for demarcation

Figure 6.21 • 25-pair running to local 66-block

Figure 6.22 • Typical home network interface box

point. The term “demarc” refers to the physical location of the connection and marks the dividing line of responsibil- ity for the functioning of the network. You take care of the internal functioning; the person or company that supplies the upstream service to you must support connectivity and func- tion on the far side of the demarc.

In a private home, the DSL or cable modem supplied by your ISP is a network interface unit (NIU) that serves as a demarc between your home network and your ISP, and most homes have a network interface box, like the one shown in Figure 6.22, that provides the connection for your telephone.

In an office environment, the demarc is usually more complex, given that a typical building simply has to serve a much larger number of telephones and computers. Fig- ure 6.23 shows the demarc for a midsized building, showing both Internet and telephone connections coming in from the outside.

One challenge to companies that supply ISP/telephone services is the need to diagnose faults in the system. Most of today’s NIUs come with extra “smarts” that enable the ISP or telephone company to determine if the customer has disconnected from the NIU. These special (and very common) NIUs are known as smart jacks. Smart jacks also have the very handy capability to set up a remote loopback— critical for loopback testing when you’re at one end of the connection and the other connection is blocks or even miles away.

Tech Tip

NIU=NIB=NID: Huh? The terms used to describe the devices that often mark the demarcation point in a home or office get tossed about with wild abandon. Various manufacturers and technicians call them network interface units, network interface boxes, or network interface devices. (Some techs call them demarcs, just to muddy the waters further, but we won’t go there.) By name or by initial—NIU, NIB, or NID—it’s all the same thing, the box that marks the point where your responsibility begins on the inside.

The best way to think of a demarc is in terms of responsibility. If something breaks on one side of the demarc, it’s your problem; on the other side, it’s the ISP/phone company’s problem.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 118

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

Connections Inside the Demarc After the demarc, network and telephone cables connect to some type of box, owned by the customer, that acts as the primary distribution tool for the building. Any cabling that runs from the NIU to whatever box is used by the customer is the demarc extension. For telephones, the cabling might connect to a special box called a multiplexer and, on the LAN side, almost certainly to a powerful switch. This switch usually connects to a patch panel. This patch panel, in turn, leads to every telecommunica- tions room in the building. This main patch panel is called a vertical cross-connect. Figure 6.24 shows an example of a fiber patch panel acting as a vertical cross-connect for a building.

Telephone systems also use vertical cross-connects. Figure 6.25 shows a vertical cross-connect for a telephone system. Note the large number of 25-pair UTP cables feed- ing out of this box. Each 25-pair cable leads to a telecom- munications room on a floor of the building.

The combination of demarc, telephone cross-connects, and LAN cross-connects needs a place to live in a build- ing. The room that stores all of this equipment is known as a main distribution frame (MDF) to distinguish it from the multiple IDF rooms (a.k.a. telecommunications rooms) that serve individual floors.

The ideal that every building should have a single demarc, a single MDF, and multiple IDFs is only that— an ideal. Every structured cabling installation is unique

and must adapt to the physical constraints of the building provided. One building may serve multiple customers, creating the need for multiple NIUs each serving a different customer. A smaller building may combine a demarc, MDF, and IDF into a single room. With structured cabling, the idea is to appreciate the terms while, at the same time, appreciate that it’s the actual building and the needs of the customers that determine the actual design of a structured cabling system.

Figure 6.24 • LAN vertical cross-connect Figure 6.25 • Telephone vertical cross-connect

Figure 6.23 • Typical office demarc

BaseTech

Chapter 6: Installing a Physical Network 119

Installing Structured Cabling■■ A professional installer always begins a structured cabling installation by first assessing your site and planning the installation in detail before pulling a single piece of cable. As the customer, your job is to work closely with the installer. That means locating floor plans, providing access, and even putting on old clothes and crawling along with the installer as he or she combs through your ceilings, walls, and closets. Even though you’re not the actual installer, you must understand the installation process, so you can help the installer make the right decisions for your network.

Structured cabling requires a lot of planning. You need to know if the cables from the work areas can reach the telecommunications room— is the distance less than the 90-meter limit dictated by the TIA/EIA standard?

How will you route the cable? What path should each run take to get to the wall outlets? Don’t forget that just because a cable looks like it will reach, there’s no guarantee that it will. Ceilings and walls often include hidden surprises like firewalls—big, thick, concrete walls designed into buildings that require a masonry drill or a jackhammer to punch through. Let’s look at the steps that go into proper planning.

Getting a Floor Plan First, you need a blueprint of the area. If you ever contact an installer and he or she doesn’t start by asking for a floor plan, fire them immediately and get one who does. The floor plan is the key to proper planning; a good floor plan shows you the location of closets that could serve as telecommunica- tions rooms, alerts you to any firewalls in your way, and gives you a good overall feel for the scope of the job ahead.

If you don’t have a floor plan—and this is often the case with homes or older build- ings—you’ll need to create your own. Go get a ladder and a flashlight—you’ll need them to poke around in ceilings, closets, and crawl spaces as you map out the location of rooms, walls, and anything else of interest to the installation. Figure 6.26 shows a typical do-it- yourself floor plan, drawn out by hand.

Mapping the Runs Now that you have your floor plan, you need to map the cable runs. Here’s where you run around the work areas, noting the locations of existing or planned systems to determine where to place each cable drop. A cable drop is the location where the cable comes out of the wall in the workstation. You should also talk to users, management, and other interested parties

Figure 6.26 • Hand-drawn network floor plan

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 120

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

to try to understand their plans for the future. Installing a few extra drops now is much easier than installing them a year from now when those two unused offices suddenly find themselves with users who immediately need networked computers!

At this point, cost first raises its ugly head. Face it: cables, drops, and the people who install them cost money! The typical price for a network instal- lation is around US $150 per drop. Find out how much you want to spend and make some calls. Most network installers price their network jobs by quoting a per-drop cost.

While you’re mapping your runs, you have to make another big decision: Do you want to run the cables in the walls or outside them? Many companies sell wonderful external raceway products that adhere to your walls, making for a much simpler, though less neat, installation than running cables in the walls (Fig- ure 6.27). Raceways make good sense in older buildings or when you don’t have the guts—or the rights—to go into the walls.

Determining the Location of the Telecommunications Room

While mapping the runs, you should decide on the location of your tele- communications room. When deciding on this location, keep five issues in mind:

Distance ■ The telecommunications room must be located in a spot that won’t require cable runs longer than 90 meters. In most locations, keeping runs under 90 meters requires little effort, as long as the telecommunications room is placed in a central location.

Power ■ Many of the components in your telecommunications room need power. Make sure you provide enough! If possible, put the telecommunications room on its own dedicated circuit; that way, when someone blows a circuit in the kitchen, it doesn’t take out the entire network.

Humidity ■ Electrical components and water don’t mix well. (Remind me to tell you about the time I installed a rack in an abandoned bathroom and the toilet that later exploded.) Remember that dryness also means low humidity. Avoid areas with the potential for high humidity, such as a closet near a pool or the room where the cleaning people leave mop buckets full of water. Of course, any well air-conditioned room should be fine—which leads to the next big issue…

Cooling ■ Telecommunications rooms tend to get warm, especially if you add a couple of server systems and a UPS. Make sure your telecommunications room has an air-conditioning outlet or some other method of keeping the room cool. Figure 6.28 shows how I installed an air-conditioning duct in my small equipment closet. Of course, I did this only after I discovered that the server was repeatedly rebooting due to overheating!

Watch out for the word drop, as it has more than one meaning. A single run of cable from the telecommunications room to a wall outlet is often referred to as a “drop.” The word “drop” is also used to define a new run coming through a wall outlet that does not yet have a jack installed.

Figure 6.27 • A typical raceway

BaseTech

Chapter 6: Installing a Physical Network 121

to try to understand their plans for the future. Installing a few extra drops now is much easier than installing them a year from now when those two unused offices suddenly find themselves with users who immediately need networked computers!

At this point, cost first raises its ugly head. Face it: cables, drops, and the people who install them cost money! The typical price for a network instal- lation is around US $150 per drop. Find out how much you want to spend and make some calls. Most network installers price their network jobs by quoting a per-drop cost.

While you’re mapping your runs, you have to make another big decision: Do you want to run the cables in the walls or outside them? Many companies sell wonderful external raceway products that adhere to your walls, making for a much simpler, though less neat, installation than running cables in the walls (Fig- ure 6.27). Raceways make good sense in older buildings or when you don’t have the guts—or the rights—to go into the walls.

Determining the Location of the Telecommunications Room

While mapping the runs, you should decide on the location of your tele- communications room. When deciding on this location, keep five issues in mind:

Distance ■ The telecommunications room must be located in a spot that won’t require cable runs longer than 90 meters. In most locations, keeping runs under 90 meters requires little effort, as long as the telecommunications room is placed in a central location.

Power ■ Many of the components in your telecommunications room need power. Make sure you provide enough! If possible, put the telecommunications room on its own dedicated circuit; that way, when someone blows a circuit in the kitchen, it doesn’t take out the entire network.

Humidity ■ Electrical components and water don’t mix well. (Remind me to tell you about the time I installed a rack in an abandoned bathroom and the toilet that later exploded.) Remember that dryness also means low humidity. Avoid areas with the potential for high humidity, such as a closet near a pool or the room where the cleaning people leave mop buckets full of water. Of course, any well air-conditioned room should be fine—which leads to the next big issue…

Cooling ■ Telecommunications rooms tend to get warm, especially if you add a couple of server systems and a UPS. Make sure your telecommunications room has an air-conditioning outlet or some other method of keeping the room cool. Figure 6.28 shows how I installed an air-conditioning duct in my small equipment closet. Of course, I did this only after I discovered that the server was repeatedly rebooting due to overheating!

Figure 6.28 • An A/C duct cooling a telecommunications room

Access ■ Access involves two different issues. First, it means preventing unauthorized access. Think about the people you want and don’t want messing around with your network, and act accordingly. In my small office, the equipment closet literally sits eight feet from me, so I don’t concern myself too much with unauthorized access. You, on the other hand, may want to consider placing a lock on the door of your telecommunications room if you’re concerned that unscrupulous or unqualified people might try to access it.

One other issue to keep in mind when choosing your telecommunications room is expandability. Will this tele- communications room be able to grow with your net- work? Is it close enough to be able to service any addi- tional office space your company may acquire nearby? If your company decides to take over the floor above you, can you eas- ily run vertical cabling to another telecommunications room on that floor from this room? While the specific issues will be unique to each installa- tion, keep thinking “expansion” as you design—your network will grow, whether or not you think so now!

So, you’ve mapped your cable runs and established your telecommuni- cations room—now you’re ready to start pulling cable!

Pulling Cable Pulling cable is easily one of the most thankless and unpleasant jobs in the entire networking world. It may not look that hard from a distance, but the devil is in the details. First of all, pulling cable requires two peo- ple if you want to get the job done quickly; having three people is even better. Most pullers like to start from the telecommunications room and pull toward the drops. In an office area with a drop ceiling, pullers will often feed the cabling along the run by opening ceiling tiles and stringing the cable via hooks or cable trays that travel above the ceiling (Figure 6.29). Profes- sional cable pullers have an arsenal of interesting tools to help them move the cable horizontally, including telescoping poles, special nylon pull ropes, and even nifty little crossbows and pistols that can fire a pull rope long distances!

Cable trays are standard today, but a previous lack of codes or standards for handling cables led to a nightmare of disorganized cables in drop ceilings all over the world. Any cable puller will tell you that the hardest part of installing cables is the need to work around all the old cable installations in the ceiling (Figure 6.30).

Figure 6.29 • Cable trays over a drop ceiling

Figure 6.30 • Messy cabling nightmare

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 122

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

Local codes, TIA/EIA, and the National Electrical Code (NEC) all have strict rules about how you pull cable in a ceiling. A good installer uses either hooks or trays, which provide better cable management, safety, and protection from electrical interference (Figure 6.31). The faster the network, the more critical good cable management becomes. You probably won’t have a problem lay- ing UTP directly on top of a drop ceiling if you just want a 10BaseT network, and you might even get away with this for 100BaseT—but forget about doing this with Gigabit or beyond. Cable installation com-

panies are making a mint from all the CAT 5 and earlier network cabling installations that need to be redone to support Gigabit Ethernet.

Running cable horizontally requires relatively little effort, compared to running the cable down from the ceiling to a pretty faceplate at the work area, which often takes a lot of skill. In a typical office area with sheetrock walls, the installer first decides on the position for the outlet, generally using a stud finder to avoid cutting on top of a stud. Once the worker cuts the hole (Figure 6.32), most installers drop a line to the hole using a weight tied to the end of a nylon pull rope (Figure 6.33). They can then attach the network cable to the pull rope and pull it down to the hole. Once the cable is pulled through the new hole, the installer puts in an outlet box or a low- voltage mounting bracket (Figure 6.34). This bracket acts as a holder for the faceplate.

Back in the telecommunications room, the many cables leading to each work area are consolidated and organized in preparation for the next

Figure 6.31 • Nicely run cables

Figure 6.33 • Locating a dropped pull rope Figure 6.34 • Installing a mounting bracket

Figure 6.32 • Cutting a hole

BaseTech

Chapter 6: Installing a Physical Network 123

stage: making connections. A truly professional installer takes great care in organizing the equipment closet. Fig- ure 6.35 shows a typical installation using special cable guides to bring the cables down to the equipment rack.

Making Connections Making connections consists of connecting both ends of each cable to the proper jacks. This step also includes the most important step in the entire process: testing each cable run to ensure that every connection meets the requirements of the network that will use it. Install- ers also use this step to document and label each cable run—a critical step too often forgotten by inexperienced installers, and one you need to verify takes place!

Connecting the Work Areas Let’s begin by watching an installer connect a cable run. In the work area, that means the cable installer will now crimp a jack onto the end of the wire and mount the face- plate to complete the installation (Figure 6.36).

Note the back of the jack shown in Figure 6.36. This jack uses the popular 110-punchdown connection just like the one shown earlier in the chapter for patch pan- els. All 110 connections have a color code that tells you which wire to punch into which connection on the back of the jack.

Rolling Your Own Patch Cables Although most people prefer simply to purchase pre- made patch cables, making your own is fairly easy. To make your own, use stranded UTP cable that matches the CAT level of your horizontal cabling. Stranded cable also requires specific crimps, so don’t use crimps designed for solid cable. Crimping is simple enough, although getting it right takes some practice.

Figure 6.37 shows the two main tools of the crimping trade: an RJ-45 crimper with built-in stripper and a pair of wire snips. Professional cable installers naturally have a wide variety of other tools as well.

Here are the steps for properly crimping an RJ-45 onto a UTP cable. If you have some crimps, cable, and a crimping tool handy, follow along!

Cut the cable square using RJ-45 crimpers or 1. scissors.

Strip off ½ inch of plastic jacket from the end of 2. the cable (Figure 6.38).

Figure 6.35 • End of cables guided to rack

Figure 6.36 • Crimping a jack

Figure 6.37 • Crimper and snips

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 124

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

Slowly and carefully insert each individual wire 3. into the correct location according to either TIA/ EIA 568A or B (Figure 6.39). Unravel as little as possible.

Insert the crimp into the crimper and press 4. (Figure 6.40). Don’t worry about pressing too hard; the crimper has a stop to prevent you from using too much pressure.

Figure 6.41 shows a nicely crimped cable. Note how the plastic jacket goes into the crimp.

A good patch cable should include a boot. Figure 6.42 shows a boot being slid onto a newly crimped cable. Don’t forget to slide each boot onto the patch cable before you crimp both ends!

After making a cable, you need to test it to make sure it’s properly crimped. Read the section on testing cable runs later in this chapter to see how to test them.

Connecting the Patch Panels Connecting the cables to patch panels requires you to deal with three issues. The first issue is patch cable management. Figure 6.43 shows the front of a small net- work’s equipment rack—note the complete lack of cable management!

Managing patch cables means using the proper cable management hardware. Plastic D-rings guide the patch cables neatly along the sides and front of the patch panel. Finger boxes are rectangular cylinders with slots in the front; the patch cables run into the open ends of

the box, and individual cables are threaded through the fingers on their way to the patch panel, keeping them neatly organized.

Creativity and variety abound in the world of cable-management hardware—there are as many different solutions to cable management as

Figure 6.38 • Properly stripped cable

Figure 6.39 • Inserting the individual strands

Figure 6.40 • Crimping the cable Figure 6.41 • Properly crimped cable

BaseTech

Chapter 6: Installing a Physical Network 125

Slowly and carefully insert each individual wire 3. into the correct location according to either TIA/ EIA 568A or B (Figure 6.39). Unravel as little as possible.

Insert the crimp into the crimper and press 4. (Figure 6.40). Don’t worry about pressing too hard; the crimper has a stop to prevent you from using too much pressure.

Figure 6.41 shows a nicely crimped cable. Note how the plastic jacket goes into the crimp.

A good patch cable should include a boot. Figure 6.42 shows a boot being slid onto a newly crimped cable. Don’t forget to slide each boot onto the patch cable before you crimp both ends!

After making a cable, you need to test it to make sure it’s properly crimped. Read the section on testing cable runs later in this chapter to see how to test them.

Connecting the Patch Panels Connecting the cables to patch panels requires you to deal with three issues. The first issue is patch cable management. Figure 6.43 shows the front of a small net- work’s equipment rack—note the complete lack of cable management!

Managing patch cables means using the proper cable management hardware. Plastic D-rings guide the patch cables neatly along the sides and front of the patch panel. Finger boxes are rectangular cylinders with slots in the front; the patch cables run into the open ends of

the box, and individual cables are threaded through the fingers on their way to the patch panel, keeping them neatly organized.

Creativity and variety abound in the world of cable-management hardware—there are as many different solutions to cable management as

Figure 6.42 • Adding a boot

there are ways to screw it up. Figure 6.44 shows a rack using good cable management—these patch cables are well secured using cable-management hardware, making them much less susceptible to damage from mishandling. Plus, it looks much nicer!

The second issue to consider when connecting cables is the overall organization of the patch panel as it relates to the orga- nization of your network. Organize your patch panel so it mir- rors the layout of your network. You can organize according to the physical layout, so the different parts of the patch panel correspond to different parts of your office space—for example, the north and south sides of the hallway. Another popular way to organize patch panels is to make sure they match the logical layout of the network, so the different user groups or company organizations have their own sections of the patch panel.

Try This! Crimping Your Own Cable

If you’ve got some spare CAT 5 lying around (and what tech enthusiast doesn’t?) as well as a cable crimper and some crimps, go ahead and use the previous section as a guide and crimp your own cable. This skill is essential for any network technician. Remember, practice makes perfect!

Figure 6.43 • Bad cable management Figure 6.44 • Good cable management

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 126

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

Finally, proper patch panel cable management means documenting everything clearly and carefully. This way, any competent technician can follow behind you and troubleshoot connectivity problems. Good techs draw diagrams!

Testing the Cable Runs Well, in theory, your horizontal cabling system is now installed and ready for a switch and some systems. Before you do this, though, you must test each cable run. Someone new to testing cable might think that all you need to do is verify that each jack has been properly connected. Although this is an important and necessary step, the interesting problem comes after that: verifying that your cable run can handle the speed of your network.

Before I go further, let me be clear: a typical network admin/tech can- not properly test a new cable run. TIA/EIA provides a series of incredibly complex and important standards for testing cable, requiring a professional cable installer. The testing equipment alone totally surpasses the cost of most smaller network installations. Advanced network testing tools easily cost over US$5,000, and some are well over US$10,000! Never fear, though— a number of lower-end tools work just fine for basic network testing.

Most network admin types staring at a potentially bad cable want to know the following:

How long is this cable? If it’s too long, the signal will degrade to the ■ point that it’s no longer detectable on the other end.

Are any of the wires broken or not connected in the crimp? If a ■ wire is broken, it no longer has continuity (a complete, functioning connection).

If there is a break, where is it? It’s much easier to fix if the location is ■ detectable.

Are all of the wires terminated in the right place in the plug or jack? ■

Is there electrical or radio interference from outside sources? UTP is ■ susceptible to electromagnetic interference.

Is the signal from any of the pairs in the same cable interfering with ■ another pair?

To answer these questions you must verify that both the cable and the terminated ends are correct. Making these verifications requires a cable tester. Various models of cable testers can answer some or all of these questions, depend- ing on the amount of money you are willing to pay. At the low end of the cable tester market are devices that only test for continuity. These inexpensive (under US$100) testers are often called continuity testers (Figure 6.45). Many of these testers require you to insert both ends of the cable into the tester. Of course, this can be a bit of a problem if the cable is already installed in the wall!

Better testers can run a wiremap test that goes beyond mere continuity, testing that all the wires on both ends of the cable connect to the right spot. A wiremap test will pick up shorts, crossed wires, and more.

The test tools described here also enable you to diagnose network problems.

Figure 6.45 • Continuity tester

BaseTech

Chapter 6: Installing a Physical Network 127

Finally, proper patch panel cable management means documenting everything clearly and carefully. This way, any competent technician can follow behind you and troubleshoot connectivity problems. Good techs draw diagrams!

Testing the Cable Runs Well, in theory, your horizontal cabling system is now installed and ready for a switch and some systems. Before you do this, though, you must test each cable run. Someone new to testing cable might think that all you need to do is verify that each jack has been properly connected. Although this is an important and necessary step, the interesting problem comes after that: verifying that your cable run can handle the speed of your network.

Before I go further, let me be clear: a typical network admin/tech can- not properly test a new cable run. TIA/EIA provides a series of incredibly complex and important standards for testing cable, requiring a professional cable installer. The testing equipment alone totally surpasses the cost of most smaller network installations. Advanced network testing tools easily cost over US$5,000, and some are well over US$10,000! Never fear, though— a number of lower-end tools work just fine for basic network testing.

Most network admin types staring at a potentially bad cable want to know the following:

How long is this cable? If it’s too long, the signal will degrade to the ■ point that it’s no longer detectable on the other end.

Are any of the wires broken or not connected in the crimp? If a ■ wire is broken, it no longer has continuity (a complete, functioning connection).

If there is a break, where is it? It’s much easier to fix if the location is ■ detectable.

Are all of the wires terminated in the right place in the plug or jack? ■

Is there electrical or radio interference from outside sources? UTP is ■ susceptible to electromagnetic interference.

Is the signal from any of the pairs in the same cable interfering with ■ another pair?

To answer these questions you must verify that both the cable and the terminated ends are correct. Making these verifications requires a cable tester. Various models of cable testers can answer some or all of these questions, depend- ing on the amount of money you are willing to pay. At the low end of the cable tester market are devices that only test for continuity. These inexpensive (under US$100) testers are often called continuity testers (Figure 6.45). Many of these testers require you to insert both ends of the cable into the tester. Of course, this can be a bit of a problem if the cable is already installed in the wall!

Better testers can run a wiremap test that goes beyond mere continuity, testing that all the wires on both ends of the cable connect to the right spot. A wiremap test will pick up shorts, crossed wires, and more.

Many techs and network testing folks use the term wiremap to refer to the proper connectivity for wires, as in, “Hey Joe, check the wiremap!”

A multimeter works perfectly well to test for continuity, assuming you can place its probes on each end of the cable. Set the multimeter to its conti- nuity setting if it has one (Figure 6.46) or to Ohms. With the latter setting, if you have a connection, you get zero Ohms, and if you don’t have a connec- tion, you get infinite Ohms.

Medium-priced testers (~US$400) certainly test continuity and wiremap and include the additional capability to determine the length of a cable; they can even tell you where a break is located on any of the individual wire strands. This type of cable tester (Figure 6.47) is generically called a time domain reflectometer (TDR). Most medium-priced testers come with a small loopback device to insert into the far end of the cable, enabling the tester to work with installed cables. This is the type of tester you want to have around!

Figure 6.46 • Multimeter Figure 6.47 • A typical medium-priced TDR called a Microscanner

Tech Tip

Fat Probes If you have a multimeter with probes too large to connect to individual contacts on an RJ-45, you can use an old tech trick to finesse the problem. Take a patch cable and cut off about two feet, so you have a short cable with one end bare. Strip an inch of the cladding away from the bare end to expose the wires. Strip a little of the sheath off each wire and plug the cable into the jack. Now you can test continuity by putting the probes directly onto the wire!

If you want a device that fully tests a cable run to the very complex TIA/EIA standards, the price shoots up fast. These higher-end testers can detect things the lesser testers cannot, such as crosstalk and attenuation.

Crosstalk poses a threat to properly functioning cable runs. Today’s UTP cables consist of four pairs of wires, all squished together inside a plastic tube. When you send a signal down one of these pairs, the other pairs pick up some of the signal, as shown in Figure 6.48. This is called crosstalk.

Every piece of UTP in existence generates crosstalk. Worse, when you crimp the end of a UTP cable to a jack or plugs, crosstalk increases. A poor-quality crimp creates so much crosstalk that a cable run won’t oper- ate at its designed speed. To detect crosstalk, a normal-strength signal is sent down one pair of wires in a cable. An electronic detector, connected on the same end of the cable as the end emanating the signal, listens on the other three pairs and measures the amount of interference, as shown in Figure 6.49. This is called near-end crosstalk (NEXT).

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 128

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

If you repeat this test, sending the signal down one pair of wires, but this time listening on the other pairs on the far end of the connection, you test for far-end crosstalk (FEXT), as shown in Figure 6.50.

As if that’s not bad enough, as a signal progresses down a piece of wire, it becomes steadily weaker: this is called atten- uation. As a cable run gets longer, the attenuation increases, and the signal becomes more susceptible to crosstalk. A tes- ter must send a signal down one end of a wire, test for NEXT and FEXT on the ends of every other pair, and then repeat this process for every pair in the UTP cable.

This process of verifying that every cable run meets the exacting TIA/EIA standards requires very powerful testing tools, generally known as cable certifiers or just certifiers. Cable certifiers can both do the high-end testing and gener- ate a report that a cable installer can print out and hand to a customer to prove that the installed cable runs pass TIA/ EIA standards. Figure 6.51 shows an example of this type of

Both NEXT and FEXT are measured in decibels (db).

Figure 6.49 • Near-end crosstalk

Listening on wire pair 3 and 6

Figure 6.50 • Far-end crosstalk

Figure 6.48 • Crosstalk

BaseTech

Chapter 6: Installing a Physical Network 129

If you repeat this test, sending the signal down one pair of wires, but this time listening on the other pairs on the far end of the connection, you test for far-end crosstalk (FEXT), as shown in Figure 6.50.

As if that’s not bad enough, as a signal progresses down a piece of wire, it becomes steadily weaker: this is called atten- uation. As a cable run gets longer, the attenuation increases, and the signal becomes more susceptible to crosstalk. A tes- ter must send a signal down one end of a wire, test for NEXT and FEXT on the ends of every other pair, and then repeat this process for every pair in the UTP cable.

This process of verifying that every cable run meets the exacting TIA/EIA standards requires very powerful testing tools, generally known as cable certifiers or just certifiers. Cable certifiers can both do the high-end testing and gener- ate a report that a cable installer can print out and hand to a customer to prove that the installed cable runs pass TIA/ EIA standards. Figure 6.51 shows an example of this type of

Figure 6.51 • A typical cable certifier—a Microtest OMNI- Scanner (photo courtesy of Fluke Networks)

scanner made by Fluke (www.fluke.com) in its Microtest line. Most network techs don’t need these advanced tes- ters, so unless you have some deep pockets or find your- self doing serious cable testing, stick to the medium-priced testers.

Testing Fiber Fiber-optic cabling is an entirely different beast in terms of termination and testing. The classic termination method requires very precise stripping, polishing the end of the tiny fiber cable, adding epoxy glue, and inserting the con- nector. A fiber technician uses a large number of tools (Fig- ure 6.52) and an almost artistic amount of skill. Over the years, easier terminations have been developed, but put- ting an ST, SC, LC, or other connector on the end of a piece of fiber is still very challenging.

Figure 6.52 • Older fiber termination kit

A fiber-optic run has problems that are both similar to and different from those of a UTP run. Fiber-optic runs don’t experience crosstalk or interference (as we usually think of it) because they use light instead of an electrical current.

Fiber-optic cables still break, however, so a good tech always keeps an optical time domain reflectometer (OTDR) handy (Figure 6.53). OTDRs determine continuity and, if there’s a break, tell you exactly how far down the cable to look for the break.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 130

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

TIA/EIA has very complex requirements for testing fiber runs, and the cabling industry sells fiber certifiers to make sure a fiber will carry its designed signal speed.

The three big issues with fiber are attenuation, light leakage, and modal distortion. The amount of light propagating down the fiber cable diffuses over distance, which causes attenuation or dispersion (when the light signal spreads). If you bend a fiber- optic cable too much you get light leakage, as shown in Figure 6.54. Every type of fiber cabling has a very specific maximum bend radius. Modal distortion is unique to multimode fiber-optic cable. As the light source illuminates, it sends out light in differ- ent modes. Think of a mode as a slightly different direction. Some light shoots straight down the fiber; other modes bounce back and forth at a sharp angle.

The process of installing a structured cabling system is rather involved, requires a great degree of skill, and should be left to professionals. By understanding the process, however, you can tackle most of the problems that come up in an installed structured cabling system. Most importantly, you’ll understand the lingo used by the structured cabling installers so you can work with them more efficiently.

NICs■■ Now that the network is completely in place, it’s time to turn to the final part of any physical network: the NICs. A good network tech must recog- nize different types of NICs by sight and know how to install and trou- bleshoot them. Let’s begin by reviewing the differences between UTP and fiber-optic NICs.

Figure 6.54 • Light leakage—note the colored glow at the bends but the dark cable at the straight.

Attenuation is the weakening of a signal as it travels long distances. Dispersion is when a signal spreads out over long distances. Both attenuation and dispersion are caused when wave signals travel too far without help over fiber- optic media. The confusing part is that dispersion can cause attenuation and vice versa.

Figure 6.53 • An optical time domain reflectometer (photo courtesy of Fluke Networks)

BaseTech

Chapter 6: Installing a Physical Network 131

All UTP Ethernet NICs use the RJ-45 connector. The cable runs from the NIC to a hub or a switch (Figure 6.55). It is impossible to tell one from the other simply by looking at the connection.

Fiber-optic NICs come in a wide variety; worse, manufacturers use the same connector types for mul- tiple standards. You’ll find a 100BaseFX card designed for multimode cable with an SC connector, for exam- ple, and an identical card designed for single-mode cable, also with an SC connector. You simply must see the documentation that comes with the two cards to tell them apart. Figure 6.56 shows a typical fiber-optic net- work card.

Figure 6.56 • Typical fiber NIC (photo courtesy of 3Com Corp.)

Buying NICs Some folks may disagree with me, but I always purchase name-brand NICs. For NICs, I recommend sticking with big names, such as 3Com or Intel. The NICs are better made, have extra features, and are easy to return if they turn out to be defective.

Plus, replacing a missing driver on a name-brand NIC is easy, and you can be confident the drivers work well. The type of NIC you purchase depends on your network. Try to think about the future and go for multi- speed cards if your wallet can handle the extra cost. Also, where possible, try to stick with the same model of NIC. Every different model you buy means another set of driver discs you need to haul around in your tech bag. Using the same model of NIC makes driver updates easier, too.

Physical Connections I’ll state the obvious here: If you don’t plug the NIC into the computer, the NIC won’t work! Many users happily assume some sort of quantum magic when it comes to computer communications, but as a tech, you know better. Fortunately, most PCs come with built-in NICs, making physical installation

Many people order desktop PCs with NICs simply because they don’t take the time to ask if the system has a built-in NIC. Take a moment and ask about this!

Tech Tip

Onboard NICs It’s a rare motherboard these days that doesn’t include an onboard NIC. This, of course, completely destroys the use of the acronym “NIC” for network interface card because no card is actually involved. But heck, we’re nerds and, just as we’ll probably never stop using the term “RJ-45” when the correct term is “8P8C,” we’ll keep using the term “NIC.” I know! Let’s just pretend it stands for network interface connection!

Figure 6.55 • Typical UTP NIC

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 132

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

a nonissue. If you’re buying a NIC, physically inserting the NIC into one of the PC’s expansion slots is the easi- est part of the job. Most PCs today have two types of expansion slots. The older, but still common, expansion slot is the Peripheral Component Interconnect (PCI) type (Figure 6.57).

The newer PCI Express (PCIe) expansion slots are now more widely adopted by NIC suppliers. PCIe NICs usually come in either one-lane (×1) or two-lane (×2) varieties (Figure 6.58).

If you’re not willing to open a PC case, you can get NICs with USB or PC Card connections. While conve- nient, USB 2.0 (the most common version available) has a maximum speed of 480 Mbps—slower than Gigabit Ethernet, and PC Card is only a laptop solution (Figure 6.59). If, however, you manage to find a USB 3.0 NIC, which can handle speeds up to 5 Gbps, you shouldn’t have a problem. USB NICs are handy to keep in your toolkit. If you walk up to a machine that might have a bad NIC, test your suspicions by inserting a USB NIC and moving the network cable from the potentially bad NIC to the USB one. (Don’t forget to bring your driver disc along!)

Drivers Installing a NIC’s driver into a Windows, Mac, or Linux system is easy: just insert the driver CD when prompted by the system. Unless you have a very offbeat NIC, the operating system will probably already have the driver preinstalled, but there are benefits to using the driver on the manufacturer’s CD. The CDs that comes with many NICs, especially the higher-end, brand-name ones, include extra goodies such as enhanced drivers and handy utilities, but you’ll only be able to access them if you install the driver that comes with the NIC.

Every operating system has some method to verify that the computer recognizes the NIC and is ready to use it. Windows systems have the Device Manager, Ubuntu Linux users have the Network applet under the Admin- istration menu, and your Macintosh has the Network utility in System Preferences. Actually, most operating systems have multiple methods to show that the NIC is in good working order. Learn the various ways to verify the NIC for your OS as this is the ultimate test of a good NIC installation.

Bonding Most switches enable you to use multiple NICs for a single machine, a pro- cess called bonding or link aggregation. Bonding effectively doubles (or more) the speed between a machine and a switch. In preparing for this book, for example, I found that the connection between my graphics development

Figure 6.58 • PCIe NIC

Figure 6.59 • USB NIC

computer and my file server was getting pounded by my constant sending and receiving of massive image files, slowing down everyone else’s file access. Rather than upgrading the switches and NICs from Gigabit to 10-Gigabit Ethernet—still fairly expensive at this writing—I found that simply doubling the connections among those three machines—graphics computer, switch, and file server—increased performance all around. If you want to add link aggregation to your network to increase performance, use identical NICs and switches from the same companies to avoid the hint of incompatibility.

Link Lights All UTP NICs made today have some type of light-emitting diodes (LEDs) that give information about the state of the NIC’s link to whatever’s on the other end of the connection. Even though you know the lights are actually LEDs, get used to calling them link lights, as that’s the term all network techs use. NICs can have between one and four different link lights, and the LEDs can be any color. These lights give you clues about what’s happening with the link and are one of the first items to check whenever you think a system is disconnected from the network (Figure 6.60).

A link light tells you that the NIC is connected to a hub or switch. Hubs and switches also have link lights, enabling you to check the connectivity at both ends of the cable. If a PC can’t access a network and is acting disconnected, always check the link lights first. Multispeed devices usually have a link light that tells you the speed of the connection. In Figure 6.61, the light for port 2 in the top photo is orange, signifying that the other end of the cable is plugged into either a 10BaseT or 100BaseT NIC. The same port connected to a Gigabit NIC— that’s the lower picture—displays a green LED.

A properly functioning link light is on and steady when the NIC is con- nected to another device. No flickering, no on and off, just on. A link light that is off or flickering indicates a connection problem.

Another light is the activity light. This little guy turns on when the card detects network traffic, so it intermittently flickers when operating

The Link Aggregation Control Protocol (LACP) controls how multiple network devices send and receive data as a single connection.

Figure 6.57 • PCI NIC

BaseTech

Chapter 6: Installing a Physical Network 133

computer and my file server was getting pounded by my constant sending and receiving of massive image files, slowing down everyone else’s file access. Rather than upgrading the switches and NICs from Gigabit to 10-Gigabit Ethernet—still fairly expensive at this writing—I found that simply doubling the connections among those three machines—graphics computer, switch, and file server—increased performance all around. If you want to add link aggregation to your network to increase performance, use identical NICs and switches from the same companies to avoid the hint of incompatibility.

Link Lights All UTP NICs made today have some type of light-emitting diodes (LEDs) that give information about the state of the NIC’s link to whatever’s on the other end of the connection. Even though you know the lights are actually LEDs, get used to calling them link lights, as that’s the term all network techs use. NICs can have between one and four different link lights, and the LEDs can be any color. These lights give you clues about what’s happening with the link and are one of the first items to check whenever you think a system is disconnected from the network (Figure 6.60).

A link light tells you that the NIC is connected to a hub or switch. Hubs and switches also have link lights, enabling you to check the connectivity at both ends of the cable. If a PC can’t access a network and is acting disconnected, always check the link lights first. Multispeed devices usually have a link light that tells you the speed of the connection. In Figure 6.61, the light for port 2 in the top photo is orange, signifying that the other end of the cable is plugged into either a 10BaseT or 100BaseT NIC. The same port connected to a Gigabit NIC— that’s the lower picture—displays a green LED.

Figure 6.61 • Multispeed lights

A properly functioning link light is on and steady when the NIC is con- nected to another device. No flickering, no on and off, just on. A link light that is off or flickering indicates a connection problem.

Another light is the activity light. This little guy turns on when the card detects network traffic, so it intermittently flickers when operating

Figure 6.60 • Mmmm, pretty lights!

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 134

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

properly. The activity light is a lifesaver for detecting problems, because in the real world, the connection light will sometimes lie to you. If the connec- tion light says the connection is good, the next step is to try to copy a file or do something else to create network traffic. If the activity light does not flicker, there’s a problem.

You might run into yet another light on some much older NICs, called a collision light. As you might suspect from the name, the collision light flickers when it detects collisions on the network. Modern NICs don’t have

these, but you might run into this phrase on the CompTIA Network+ certification exam.

Keep in mind that the device on the other end of the NIC’s connection has link lights, too! Figure 6.62 shows the link lights on a modern switch. Most switches have a single LED per port to display connectivity and activity.

No standard governs how NIC manufacturers use their lights, and, as a result, they come in an amazing array of colors and layouts. When you encounter a NIC with a num- ber of LEDs, take a moment to try to figure out what each one means. Although different NICs have various ways of arranging and using their LEDs, the functions are always the same: link, activity, and speed.

Many fiber-optic NICs don’t have lights, making diagno- sis of problems a bit more challenging. Nevertheless, most physical connection issues for fiber can be traced to the con- nection on the NIC itself. Fiber-optic cabling is incredibly delicate; the connectors that go into NICs are among the few places that anyone can touch fiber optics, so the connectors are the first thing to check when problems arise. Those who work with fiber always keep around a handy optical tester to enable them to inspect the quality of the connections. Only a trained eye can use such a device to judge a good fiber con- nection from a bad one—but once you learn how to use it, this kind of tester is extremely handy (Figure 6.63).

Diagnostics and Repair ■■ of Physical Cabling

“The network’s down!” is easily the most terrifying phrase a network tech will ever hear. Networks fail for many reasons, and the first thing to know is that good-quality, professionally installed cabling rarely goes bad. Chap- ter 20 covers principles of network diagnostics and support that apply to all networking situations, but let’s take a moment now to discuss what to do when you think you’ve got a problem with your physical network.

Diagnosing Physical Problems Look for errors that point to physical disconnection. A key clue that you may have a physical problem is that a user gets a “No server is found” error,

Figure 6.62 • Link lights on a switch

Figure 6.63 • Optical connection tester

BaseTech

Chapter 6: Installing a Physical Network 135

or tries to use the operating system’s network explorer utility (like Network in Windows 7) and doesn’t see any systems besides his or her own. First, try to eliminate software errors: if one particular application fails, try another. If the user can browse the Internet, but can’t get e-mail, odds are good that the problem is with software, not hardware—unless someone unplugged the e-mail server!

Multiple systems failing to access the network often points to hardware problems. This is where knowledge of your network cabling helps. If all the systems connected to one switch suddenly no longer see the network, but all the other systems in your network still function, you not only have a probable hardware problem, but also you have a suspect—the switch.

Check Your Lights If you suspect a hardware problem, first check the link lights on the NIC and switch. If they’re not lit, you know the cable isn’t connected some- where. If you’re not physically at the system in question (if you’re on a tech call, for example), you can have the user check his or her connection status through the link lights or through software. Every operating system has some way to tell you on the screen if it detects the NIC is disconnected. The network status icon in the Notification Area in Windows 7, for example, will display a little red × when a NIC is disconnected (Figure 6.64). A user who’s unfamiliar with link lights (or who may not want to crawl under his or her desk) will have no problem telling you if the icon says “Not Connected.”

If your problem system is clearly not connecting, eliminate the possi- bility of a failed switch or other larger problem by checking to make sure other people can access the network, and that other systems can access the shared resource (server) that the problem system can’t see. Make a quick visual inspection of the cable running from the back of the PC to the outlet. Finally, if you can, plug the system into a known good outlet and see if it works. A good network tech always keeps a long patch cable for just this purpose. If you get connectivity with the second outlet, you should begin to suspect the structured cable running from the first outlet to the switch. Assuming the cable is installed properly and has been working correctly before this event, a simple continuity test will confirm your suspicion in most cases.

Check the NIC Be warned that a bad NIC can also generate this “can’t see the network” problem. Use the utility provided by your OS to verify that the NIC works. If you’ve got a NIC with diagnostic software, run it—this software will check the NIC’s circuitry. The NIC’s female connector is a common failure point, so NICs that come with diagnostic software often include a special test called a loopback test. A loopback test sends data out of the NIC and checks to see if it comes back. Some NICs perform only an internal loop- back, which tests the circuitry that sends and receives, but not the actual connecting pins. A true external loopback requires a loopback plug inserted into the NIC’s port (Figure 6.65). If a NIC is bad, replace it—preferably with an identical NIC so you don’t have to reinstall drivers!

Figure 6.64 • Disconnected NIC in Windows 7

Onboard NICs on laptops are especially notorious for breaking due to constant plugging and unplugging. On some laptops, the NICs are easy to replace; others require a motherboard replacement.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 136

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

Cable Testing The vast majority of network disconnect problems occur at the work area. If you’ve tested those connections, though, and the work area seems fine, it’s time to consider deeper issues.

With the right equipment, diagnosing a bad horizontal cabling run is easy. Anyone with a network should own a midrange tester with TDR such as the Fluke MicroScanner.

With a little practice, you can easily determine not only whether a cable is disconnected but also where the disconnection takes place. Sometimes patience is required, especially if you’ve failed to label your cable runs, but you will find the problem.

When you’re testing a cable run, always include the patch cables as you test. This means unplugging the patch cable from the PC, attaching a tester, and then going to the telecommunica- tions room. Here you’ll want to unplug the patch cable from the

switch and plug the tester into that patch cable, making a complete test, as shown in Figure 6.66.

Testing in this manner gives you a complete test from the switch to the system. In general, a broken cable must be replaced. A bad patch cable is easy, but what happens if the horizontal cable is to blame? In these cases, I get on the phone and call my local installer. If a cable’s bad in one spot, the risk of it being bad in another is simply too great to try anything other than total replacement.

Problems in the Telecommunications Room Even a well-organized telecommunications room is a complex maze of equipment racks, switches, and patch panels. The most important issue to remember as you work is to keep your diagnostic process organized and

Figure 6.65 • Loopback plug

Figure 6.66 • Loopback plug in action

BaseTech

Chapter 6: Installing a Physical Network 137

documented. For example, if you’re testing a series of cable runs along a patch panel, start at one end and don’t skip connections. Place a sticker as you work to keep track of where you are on the panel.

Your biggest concerns in the telecommunications room are power and environmental issues.

All those boxes in the rack need good-quality power. Even the smallest rack should run off of a good uninterruptible power supply (UPS), a battery backup that plugs into the wall. Make sure you get one that can handle the amount of wattage used by all the equipment in the rack.

But what if the UPS reports lots of times when it’s kicking on? Don’t assume the power coming from your physical plant (or power company) is okay. If your UPS comes on too often, it might be time to install a voltage event recorder (Figure 6.67). As its name implies, a voltage event recorder plugs into your power outlet and tracks the voltage over time. These devices often reveal interesting issues. For example, a small network was having trouble sending an overnight report to a main branch—the upload- ing servers reported that they were not able to connect to the Internet. Yet, in the morning, the report could be run manually with no problems. After placing a voltage event recorder in the telecommunications room, we dis- covered that the building management was turning off the power as a power-saving measure. This would have been hard to determine without the proper tool.

The temperature in the telecommunications room should be maintained and monitored properly. If you lose the air conditioning, for example, and leave sys- tems running, the equipment will overheat and shut down—sometimes with serious damage. To prevent this, all serious telecommunications rooms should have temperature monitors.

Likewise, you need to control the level of humidity in a telecommunications room. You can install environ- mental monitors that keep a constant watch on humidity, temperature, and more, for just a few hundred dollars. The devices cost little in comparison to the equipment in the telecommunications room that you’re protecting.

Toners It would be nice to say that all cable installations are per- fect and that over the years they won’t tend to grow into horrific piles of spaghetti-like, unlabeled cables. In the real world, though, you might eventually find yourself having to locate or trace cables. Even in the best-planned networks, labels fall off ports and outlets, mystery cables appear behind walls, new cable runs are added, and mistakes are made counting rows and columns on patch panels. Sooner or later, most network techs will have to be able to pick out one particular cable or port from a stack.

Figure 6.67 • An excellent voltage event recorder (photo courtesy of Fluke Networks)

Tech Tip

Online vs. Standby Power Supplies You can purchase two different types of UPSs—online and standby. An online UPS continuously charges a battery that, in turn, powers the computer components. If the telecommunications room loses power, the computers stay powered up without missing a beat, at least until the battery runs out.

A standby power supply (SPS) also has a big battery but doesn’t power the computer unless the power goes out. Circuitry detects the power outage and immediately kicks on the battery.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 138

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

When the time comes to trace cables, network techs turn to a device called a toner for help. Toner is the generic term for two separate devices that are used together: a tone generator and a tone probe. The tone generator connects to the cable using alligator clips, tiny hooks, or a network jack, and it sends an electrical signal along the wire at a certain frequency. The tone probe emits a sound when it is placed near a cable connected to the tone generator (Figure 6.68). These two devices are often referred to by the brand- name Fox and Hound, a popular model of toner made by the Triplett Cor- poration.

To trace a cable, connect the tone generator to the known end of the cable in question, and then position the tone probe next to the other end of each of the cables that might be the right one. The tone probe makes a sound when it’s placed next to the right cable. Some toners have one tone probe that works with multiple tone generators. Each generator emits a separate frequency, and the probe sounds a different tone for each one. Even good toners are relatively inexpensive (US$75); although inexpensive toners can cost less than US$25, they don’t tend to work well, so spending a little more is worthwhile. Just keep in mind that if you have to support a network, you’d do best to own a decent toner.

More advanced toners include phone jacks, enabling the person manip- ulating the tone generator to communicate with the person manipulating the tone probe: “Jim, move the tone generator to the next port!” These either come with their own headset or work with a butt set, the classic tool used by telephone repair technicians for years (Figure 6.69).

A good, medium-priced cable tester and a good toner are the most important tools for folks who must support, but not install, networks. A final tip: be sure to bring along a few extra batteries—there’s nothing worse than sitting on the top of a ladder holding a cable tester or toner that has just run out of juice!

Figure 6.69 • Technician with a butt set

You’ll see a tone probe referred to on the CompTIA Network+ exam as a toner probe.

Figure 6.68 • Fox and Hound

BaseTech

139 Chapter 6: Installing a Physical Network

Chapter 6 Review■■

Chapter Summary ■ After reading this chapter and completing the exercises, you should understand the following about installing a physical network.

Recognize and describe the functions of basic components in a structured cabling system

Structured cabling refers to a set of standards ■ established by the TIA/EIA regarding network cabling. The three basic structured cabling network components are the telecommunications room (a.k.a. server room), the horizontal cabling, and the work area (or the actual workers’ office space).

Although wireless networks are popular, they lack ■ the reliability and speed of wired networks.

All cabling should run from individual PCs to a ■ telecommunications room.

A telecommunications room should have one ■ or more sturdy equipment racks, used to hold mountable network devices (hubs, switches, and routers); this space also houses server PCs, patch panels, UPSs, monitors, keyboards, mice, tape backup drives, and more.

Horizontal cabling usually refers to the cabling ■ that runs from the telecommunications room out to the work areas of a single office building floor.

The work area is where PCs and printers connect ■ to the ends of the horizontal cabling. In other words, the work area is the actual office space where the jacks should be located for connecting to the network.

UTP cable comes in one of two types: solid core ■ and stranded core. Horizontal cabling should always be solid core.

Solid core UTP is a better conductor than stranded ■ core but breaks easily if handled roughly. Stranded core holds up better to substantial handling.

Equipment racks are 19 inches wide and come in ■ a variety of heights. Rack-mounted equipment is manufactured to fit in the 19-inch width, but they too vary by height.

Rack-mounted equipment heights are measured in ■ Us, each U being equal to just under 1.75 inches.

UTP cables can be connected to a 110 block in a ■ patch panel by using a punchdown tool.

The TIA/EIA 606 labeling standard can help a ■ technician keep track of cables.

Patch cables are used to connect the ports on ■ a patch panel to a switch. Although solid core horizontal runs typically connect to the 110 block, patch cables are usually stranded core.

Patch cables are also used in the work area to ■ connect a PC to the RJ-45 wall jack.

TIA/EIA 568 limits horizontal runs to 90 meters, ■ allowing 10 meters for patch cables before the 100- meter UTP cable limit is reached.

The demarc location is where the connection is ■ made from the outside world to a private network. An Internet service provider or telephone company provides service through its demarc.

A network interface unit, such as a cable modem, ■ may sit between the demarc and local network.

Demarcs and cross-connects typically reside in a ■ room called the main distribution frame.

Explain the process of installing structured cable

A good installation entails planning the cabling ■ runs with an actual floor plan, as well as poking around in walls and ceilings.

Raceway products may be used to run cable ■ externally rather than inside walls.

When planning cable runs, keep five things in ■ mind: distance, power, dryness, temperature, and access.

Cable trays may be used to aid in pulling cable ■ within a drop ceiling.

If you make your own patch cables, be sure to use ■ the correct crimp, as they differ for solid core and stranded core UTP.

A variety of cable testers, including time ■ domain reflectometers and optical time domain reflectometers, can be used to test for continuity, attenuation, and crosstalk.

Big issues with fiber include attenuation, light ■ leakage, and modal distortion.

140 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

Install a network interface card

All UTP Ethernet NICs use an RJ-45 connector. ■ Fiber-optic NICs use a variety of connectors, depending on the manufacturer.

Most motherboards now include an onboard NIC. ■

Using the same model of NIC for all the PCs on ■ your network makes installing and updating drivers much easier.

The most common type of expansion card for NICs is ■ PCI, but there are also PCIe × 1 and PCIe × 2 options.

USB NICs are convenient and you don’t have ■ to open the computer case to install one. The maximum speed of USB 2.0 is 480 Mbps, which is slower than Gigabit Ethernet, but you might be able to find USB 3.0 NICs; USB 3.0 is capable of speeds up to 5 Gbps, which is plenty of bandwidth for a Gigabit Ethernet connection.

The link lights on a NIC indicate the status of the ■ NIC, such as if it’s connected to a network and if there is any network activity. Link lights may include the activity light and collision light.

Perform basic troubleshooting on a structured cable network

A “no server found” error is likely caused by a ■ physical connection problem. If one program (such as a Web browser) works but another (such as e-mail) does not, the problem is likely software related.

If you suspect a hardware problem, check the link ■ lights on the NIC and the switch. If the lights are not on, the cable is probably disconnected or the port may be faulty.

A loopback test can check a NIC’s circuitry, but not ■ the actual connecting pins.

When testing cables, be sure to test the entire run, ■ including the patch cable in the work area, the cable leading from the work area wall back to the telecommunications room, and the patch cable from the patch panel to the switch.

Tools that are helpful for troubleshooting a ■ structured cable network include a voltage event recorder and a toner.

Key Terms ■ 110 block (113) activity light (133) attenuation (128) bonding (132) cable certifier (128) cable drop (119) cable tester (126) cable tray (121) collision light (134) continuity (126) continuity tester (126) crosstalk (127) demarc (116) demarc extension (118) dispersion (130) environmental monitor (137) equipment rack (112) far-end crosstalk (FEXT) (128) horizontal cabling (109)

intermediate distribution frame (IDF) (111)

light leakage (130) link light (133) loopback plug (135) loopback test (135) main distribution frame

(MDF) (118) mounting bracket (122) multiplexer (118) near-end crosstalk (NEXT) (127) network interface unit (NIU) (117) optical time domain reflectometer

(OTDR) (129) patch cable (114) patch panel (113) punchdown tool (113) raceway (120) run (109)

smart jack (117) solid core (110) stranded core (110) structured cabling (107) telecommunications room (109) temperature monitor (137) TIA/EIA 606 (114) time domain reflectometer

(TDR) (127) tone generator (138) tone probe (138) toner (138) U (112) uninterruptible power supply

(UPS) (137) vertical cross-connect (118) voltage event recorder (137) wiremap (126) work area (109)

BaseTech

141 Chapter 6: Installing a Physical Network

Key Term Quiz ■ Use the Key Terms list to complete the sentences that follow. Not all terms will be used.

All the cabling from individual work areas runs 1. via _______________ to a central location.

The central location that all cabling runs to is 2. called the _______________.

A single piece of installed horizontal cabling is 3. called a(n) _______________.

The set of standards established by the TIA/4. EIA regarding network cabling is called _______________.

You use a(n) _______________ to connect a 5. strand of UTP to a 110 block or 66 block.

A short UTP cable that uses stranded, rather than 6. solid, cable is called a(n) _______________ and can tolerate much more handling near a patch panel.

The type of network interface unit (NIU) 7. that enables an ISP or telephone company to determine if a home DSL box or cable router has been disconnected is called a(n) _______________.

The spot where a cable comes out of the wall at 8. the workstation is called a(n) _______________.

The height measurement known as U is used for 9. devices that fit into a(n) _______________.

The term _______________ describes the process 10. of a signal weakening as it progresses down a piece of wire.

Multiple-Choice Quiz ■ Which item describes the length of cable 1. installed within walls from a telecommunications room out to a jack?

Cable dropA.

Cable runB.

Cable testerC.

Cable trayD.

What is the term used to describe where the 2. network hardware and patch panels are kept?

Drop roomA.

Telecommunications roomB.

Routing roomC.

Telecloset roomD.

Aside from outright breakage, what’s the 3. primary worry with bending a fiber-optic cable too much?

AttenuationA.

BondingB.

Light leakageC.

Near-end crosstalkD.

When connecting a cable run onto a patch panel, 4. which tool should you use?

110-punchdown toolA.

CrimperB.

TDRC.

Tone generatorD.

Which of the following NIC types offers the most 5. versatility?

10A.

10/100B.

10/100/1000C.

Only a nonmultispeed NICD.

What is the structured cabling name for the end 6. user’s office space where network computers are set up?

BackboneA.

Building entranceB.

Cable dropC.

Work areaD.

What type of twisted-pair cabling would work 7. best within ceilings near lighting?

Solid core plenumA.

Solid core PVCB.

Stranded core plenumC.

Stranded core PVCD.

142 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 6

Why would network techs use stranded core 8. cabling from a patch panel’s ports to a switch?

CostA.

Fire ratingB.

FlexibilityC.

SafetyD.

What is the first thing a professional cable 9. installer should do when providing an estimate at a site?

Power on additional lighting.A.

Put on a grounding wrist strap.B.

Request a floor plan.C.

Set up ladders.D.

What component best enables you to install 10. more servers in the limited space of a telecommunications room?

Cable trayA.

Outlet boxB.

Patch panelC.

Equipment rackD.

How tall is a network router that is 8U?11.

8 inchesA.

8 centimetersB.

14 inchesC.

14 centimetersD.

Your first day on the job, you get a call from the 12. owner complaining that her network connection is down. A quick check of the central switch verifies that it’s in good working order, as is the boss’s PC. As luck would have it, your supervisor calls at just that time and tells you not to worry; she’ll be by in a jiffy with her TDR to help root out the problem. What is she talking about?

Tune domain resonator, her network tone A. generator

Time detuning resonator, her network testerB.

Time domain reflectometer, her network testerC.

Time detail resource, her network schematicD.

Jenny’s office building recently had sections 13. renovated, and now some users are complaining that they can’t see the network. She suspects that the workers might have inadvertently broken wires when they did ceiling work. George suggests she use a toner to figure out which wires go to the complaining users. Erin disagrees, saying that Jenny should use a Fox and Hound. Who’s right?

Only George is right.A.

Only Erin is right.B.

Both George and Erin are right.C.

Neither George nor Erin is right.D.

What is generated by every piece of UTP cable in 14. existence?

Modal distortionA.

CrosstalkB.

EMIC.

ESDD.

Which statement about structured cable is correct?15.

The term “demarc” refers to a physical A. location, whereas the phrase “network interface unit” refers to a piece of equipment provided by an ISP.

The term “demarc” refers to a piece of B. equipment provided by an ISP, whereas the phrase “network interface unit” refers to a piece of equipment provided by the customer.

The terms “demarc” and “network interface C. unit” refer to pieces of equipment provided by an ISP.

A demarc is used for fiber cabling, whereas a D. network interface unit is used for UTP.

Essay Quiz ■ Sketch a rough draft of your classroom, office, 1. or the room you are in right now. Indicate any doors, windows, closets, lights, plumbing fixtures, desks or tables, and even any visible electrical wall outlets. Then indicate with a large letter X where you would place a new cable

drop. Jot down some notes explaining why you would choose the location you did.

Your CompTIA A+ Certified coworker is listening 2. in on a conversation you are having with your boss, and he thinks he knows what a “demarc” is. Write a quick note to him describing the true meaning of

BaseTech

143 Chapter 6: Installing a Physical Network

a structured cabling building entrance, so you can put it on his desk before you leave for the day.

The management team at your company wants to 3. network five offices with low-cost PVC stranded core cabling throughout the dropped ceiling in your offices. Compose a memo that justifies the cost of using more expensive cabling. Use any standard memo format that you are already familiar with.

The youth group at a local community 4. organization has received funding to help

with creating a computer network. They have already purchased the required number of PCI 10/100/1000 NICs. You have been asked by one of the group’s leaders to assist with installing the NICs. You want to help, but time doesn’t permit you to volunteer any more hours in a week than you already do. It makes better sense to organize a step-by-step fact sheet that describes installing a NIC into an open slot on a computer. When you have finished, e-mail the fact sheet you created to your instructor (or a friend) for comments.

Lab Project 6.1 •

You are a recently hired network technician at a local business. During the interview phase with the company, some questions were raised about installing cable. You made it clear that professional cable installation was the way to go. You justified your statements and impressed the interviewers with your knowledge and honesty, so they hired you.

Now you need to research the company names and “per drop” prices of professional cable installers in your area. Use the Internet to gather research from at least two companies. Prepare a PowerPoint presentation to present your findings to management. Be sure to use color, graphics, and slide transitions (as time permits) to further impress your new bosses!

Lab Project 6.2 •

You have become the de facto network administrator for your employer at a nearby tax preparation company. The owner of this small business stays close to all expenses. She realizes that you could use additional tools to help with installing cable for her soon-to-be-expanded office network. You see this as the opportunity to purchase a cable tester and a tone generator.

Your boss casually says to check out some prices. You know that well-laid-out numbers could mean approval on the toys you’d like!

Prepare a spreadsheet that shows three levels, including prices, for each of these items. Arrange your spreadsheet in a “good/better/best” layout, with “best” listed on top for the most attention. Use the following chart as a guide:

“BEST” Brand/Model Price

Cable Tester A $ .

Tone Generator A $ .

Total for A Items $ .

“BETTER” Brand/Model Price

Cable Tester B $ .

Tone Generator B $ .

Total for B Items $ .

“GOOD” Brand/Model Price

Cable Tester C $ .

Tone Generator C $ .

Total for C Items $ .

Lab ProjectsLab Projects

7 chapter

144

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

TCP/IP Basics

“If it’s sent by ship then it’s a

cargo, if it’s sent by road then it’s

a shipment.”

—Dave allen

In this chapter, you will learn how to

Describe how the TCP/IP protocol ■■ suite works

Explain CIDR and subnetting■■

Describe the functions of static ■■ and dynamic IP addresses

The mythical MHTechEd network (remember that from Chapter 2?) provided an overview of how networks work. At the bottom of every network, at OSI Layers 1 and 2 (the Link/Network Interface layer of the TCP/IP model), resides

the network hardware: the wires, network cards, switches, and more that enable

data to move physically from one computer to another. Above the Physical

and Data Link layers, the “higher” layers of the model—such as Network and

Transport—work with the hardware to make the network magic happen.

Chapters 3 through 6 provided details of the hardware at the Physical and

Data Link layers of the OSI model and the Link/Network Interface layer of the

TCP/IP model. You learned about the network protocols, such as Ethernet, that

create uniformity within networks so that the data frame created by one NIC can

be read properly by another NIC.

BaseTech

Chapter 7: TCP/IP Basics 145

This chapter begins a fun journey into the software side of networking. You’ll learn the details about the IP addressing scheme that enables com- puters on one network to communicate with each other and computers on other networks. You’ll get the full story on how TCP/IP networks divide into smaller units—subnets—to make management of a large TCP/IP net- work easier. And you won’t just get it from a conceptual standpoint. This chapter provides the details you’ve undoubtedly been craving—it teaches you how to set up a network properly. The chapter finishes with an in- depth discussion on implementing IP addresses.

Historical/Conceptual

Standardizing Networking ■■ Technology

The early days of networking software saw several competing standards that did not work well together. Novell NetWare, Microsoft Windows, and Apple Macintosh ran networking software to share folders and printers, while the UNIX/Linux world did crazy things like sharing terminals— handy for the UNIX/Linux users, but it made no sense to the Windows folks—and then there was this new thing called e-mail (like that was ever going to go anywhere). The Internet had just been opened to the public. The World Wide Web was merely a plaything for programmers and scientists. All of these folks made their own software, interpreting (or totally ignoring) the OSI model in various ways, and all trying (arguably) to become the way the whole world networked computers. It was an unpleasant, ugly world for guys like me who had the audacity to try to make, for example, a UNIX box work with a Windows computer.

The problem was that no one agreed on how a network should run. Everyone’s software had its own set of Rules of What a Network Should Do and How to Do It. These sets of rules—and the software written to follow these rules—were broken down into individual rules called protocols. Each set of rules had many protocols lumped together under the term protocol suite. Novell NetWare called its protocol suite IPX/SPX; Microsoft’s was called NetBIOS/NetBEUI; Apple used AppleTalk; and the UNIX folks used this wacky protocol suite called TCP/IP.

Well, TCP/IP won. Sure, you may find the occasional network still run- ning one of these other protocol suites, but they’re rare these days. To get ahead in today’s world, to get on the Internet, and to pass the CompTIA Network+ exam, you only need to worry about TCP/IP. Novell, Microsoft, and Apple no longer actively support anything but TCP/IP. You live in a one-protocol-suite world, the old stuff is forgotten, and you kids don’t know how good you got it!

Even in the old days companies created methods to connect different operating systems together. Microsoft created software to enable a Windows client to connect to a NetWare server, for example. This software, called the Microsoft IPX/SPX Protocol or NWLINK, shows up as a possible answer on the CompTIA Network+ exam. Because NWLINK is long gone, don’t assume it’s going to be the correct answer!

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 146

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Test Specific

The TCP/IP Protocol Suite■■ Chapter 2 introduced you to the TCP/IP model. Let’s take a second look and examine some of the more critical protocols that reside at each layer. I’ll also explore and develop the IP packet in more detail to show you how it organizes all of these protocols. Remember, TCP/IP is so powerful because IP packets can exist in almost any type of network technology. The Link

layer, therefore, counts on technologies outside the TCP/IP protocol suite (like Ethernet, cable modem, or DSL) to get the IP packets from one system to the next (Figure 7.1).

When discussing the software layers of the TCP/IP protocol suite, let’s focus on only the three top layers in the TCP/IP model: Internet, Transport, and Application (Figure 7.2). I’ll revisit each of these layers and add representative protocols from the protocol suite so you gain a better understanding of “who’s who” in TCP/IP.

If you look at an IP packet, certain parts of that packet fit per- fectly into layers of the TCP/IP model. The parts consist of a series of nested headers with data. The header for a higher layer is part of the data for a lower layer. The packet’s payload, for example, can be a TCP segment that consists of data from layers above and a sequence number (Figure 7.3). The higher you go up the model, more headers are stripped away until all you have left is the data delivered to the application that needs it.

Internet Layer Protocols The Internet Protocol (IP) works at the Internet layer, taking data chunks from the Transport layer, adding addressing, and creating the final IP packet. The Internet Protocol software then hands the IP packet to Layer 2 for encapsulation into a frame. Let’s look at the addressing in more depth.

I think it’s safe to assume that most folks have seen IP addresses before. Here’s a typical example:

192.168.1.115

This type of address—four values ranging from 0 to 255, separated by three periods—is known officially as an Internet Protocol version four (IPv4) address.

This chapter introduces you to IPv4 addresses. You should understand the correct name for this older type of address because the world is moving to a newer, longer type of IP address called IPv6. Here’s an example of an IPv6 address:

2001:0:4137:9e76:43e:2599:3f57:fe9a

IPv4 and IPv6 addresses aren’t the only protocols that work at the Internet layer. A number of applications test basic issues at this layer, such as “Is there a computer with the IP address of 192.168.1.115?” These applications use the Internet Control

The TCP/IP protocol suite consists of thousands of different protocols doing thousands of different things. For the most part, the rest of this book discusses TCP/IP protocols. Right now, my goal is to give you an idea of which protocols go where in the TCP/IP protocol suite.

Segment

IP Packet

IP Header

Figure 7.3 • IP packet showing headers

Transport

Internet

Link

Application

Figure 7.2 • The TCP/IP model redux

I feel so left out.

Figure 7.1 • The Link layer is important, but it’s not part of the TCP/IP protocol suite.

BaseTech

Chapter 7: TCP/IP Basics 147

Message Protocol (ICMP). TCP/IP users rarely start a program that uses ICMP. For the most part, ICMP features are called automatically by appli- cations as needed without your ever knowing. There is one very famous program that runs under ICMP, however: the venerable ping utility. Run ping from a command prompt to query if a host is reachable. Ping will show the round trip time (RTT)—some call this the real transfer time—for the ICMP packet, usually in seconds. If ping can’t find the host, the packet will time out and ping will show you that information too.

When thinking about the Internet layer, remember the following three protocols:

IPv4 (sometimes you just say IP) ■

IPv6 ■

ICMP ■

Figure 7.4 shows a highly simplified IP header. The full IP packet header has 14 different fields. As you

would expect, the destination and source IP addresses are part of the Network/Internet layer. Other fields include ver- sion, header length, and more. Dissecting the entire set of fields isn’t important, but here are a few descriptions just to whet your appetite:

Version ■ The version (Ver) field defines the IP address type: 4 for IPv4, 6 for IPv6.

Header Length ■ The total size of the IP portion of the packet in words (32-bits) is displayed in the header length field.

Differentiated Services Code Point (DSCP) ■ The DSCP field contains data used by bandwidth-sensitive applications like Voice over IP. (Network techs with long memories will note that this field used to be called the Type of Service field.)

Time to Live ■ Routers on the Internet are not perfect and sometimes create loops. The Time to Live (TTL) field prevents an IP packet from indefinitely spinning through the Internet by using a counter that decrements by one every time a packet goes through a router. This number cannot start higher than 255; many applications start at 128.

Protocol ■ In the vast majority of cases, the protocol field is either TCP or UDP. See the next section for more information.

Transport Layer Protocols When moving data from one system to another, the TCP/IP protocol suite needs to know if the communication is connection-oriented or connec- tionless. When you want to be positive that the data moving between two systems gets there in good order, use a connection-oriented application. If it’s not a big deal for data to miss a bit or two, then connectionless is the way to go. The connection-oriented protocol used with TCP/IP is called the Transmission Control Protocol (TCP). The connectionless one is called the User Datagram Protocol (UDP).

Let me be clear: you don’t choose TCP or UDP. The people who devel- oped the applications decide which protocol to use. When you fire up your

The TCP/IP model’s Internet layer corresponds roughly to the OSI model’s Network layer.

32-bits DSCP TTL TCPVer

Figure 7.4 • Simplified IP header

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 148

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Web browser, for example, you’re using TCP because Web browsers use an Application layer protocol called HTTP. HTTP is built on TCP.

TCP Over 95 percent of all TCP/IP applications use TCP—that’s why we call the protocol suite “TCP/IP” and not “UDP/IP.” TCP gets an application’s data from one machine to another reliably and completely. As a result, TCP

comes with communication rules that require both the sending and receiving machines to acknowl- edge the other’s presence and readiness to send and receive data. We call this process ACK/NACK or just ACK (Figure 7.5). TCP also chops up data into seg- ments, gives the segments a sequencing number, and then verifies that all sent segments were received. If a segment goes missing, the receiving system must request the missing segments.

Figure 7.6 shows a simplified TCP header. Notice the source port and the destination port. Port num- bers are values ranging from 1 to 65535 and are used by systems to determine what application needs the received data. Each application is assigned a specific

port number. Web servers use port 80 (HTTP), for example, whereas port 110 is used to receive e-mail messages from e-mail servers (POP3). The client uses the source port number to remember which client application requested the data. The rest of this book dives much deeper into ports. For now, know that the TCP or UDP headers of an IP packet store these values.

Figure 7.6 • TCP header

Ports aren’t the only items of interest in the TCP header. The header also contains these fields:

Sequence number ■ This value is used to assemble/disassemble data.

ACK number ■ This value tracks the readiness of the two communicating systems to send/receive data.

Flags ■ These individual bits give both sides detailed information about the state of the connection.

Checksum ■ The checksum checks the TCP header for errors.

UDP is the “fire and forget” missile of the TCP/IP protocol suite. As you can see in Figure 7.7, a UDP datagram doesn’t possess any of the extras you see in TCP to make sure the data is received intact. UDP works best when you have a lot of data that doesn’t need to be perfect or when the systems are so close to each other that the chances of a problem occurring are too small to bother worrying about. A few dropped frames on a Voice over IP call, for example, won’t make much difference in the communication

Figure 7.5 • ACK in action

between two people. So there’s a good reason to use UDP: it’s smoking fast compared to TCP.

Application Layer Protocols TCP/IP applications use TCP/IP protocols to move data back and forth between servers and clients. Because every application has different needs, I can’t show you a generic application header. Instead, we’ll look at one sample header from one function of possibly the most popular application protocol of all: HTTP.

As mentioned previously, Web servers and Web browsers use HTTP to communicate. Figure 7.8 shows a sample header for HTTP. Specifically, this header is a response segment from the Web server telling the remote system that the last set of data transfers is complete. This header begins with the value “HTTP/1.1” and the number “200” followed by “OK\r\n,” which means “OK, go to the next line.” The data (the contents of the Web page) begins below the header.

You saw this back in Chapter 2, but I’ll mention it again here. Data gets chopped up into chunks at the Transport layer. The chunks are called segments with TCP and datagrams with UDP.

BaseTech

Chapter 7: TCP/IP Basics 149

between two people. So there’s a good reason to use UDP: it’s smoking fast compared to TCP.

Figure 7.7 • UDP header

Application Layer Protocols TCP/IP applications use TCP/IP protocols to move data back and forth between servers and clients. Because every application has different needs, I can’t show you a generic application header. Instead, we’ll look at one sample header from one function of possibly the most popular application protocol of all: HTTP.

As mentioned previously, Web servers and Web browsers use HTTP to communicate. Figure 7.8 shows a sample header for HTTP. Specifically, this header is a response segment from the Web server telling the remote system that the last set of data transfers is complete. This header begins with the value “HTTP/1.1” and the number “200” followed by “OK\r\n,” which means “OK, go to the next line.” The data (the contents of the Web page) begins below the header.

Figure 7.8 • HTTP header

I’m simplifying the call and response interaction between a Web server and a Web client. The explanation here is only the first part of the process in accessing a Web page.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 150

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Super! Now that you’re comfortable with how the TCP/IP protocols fit into clear points on the TCP/IP model, let’s head back to the Internet layer and explore IP addressing.

IP in Depth■■ TCP/IP supports simple networks and complex networks. You can use the protocol suite to connect a handful of computers to a switch and create a local area network (LAN). TCP/IP also enables you to interconnect mul- tiple LANs into a wide area network (WAN).

At the LAN level, all the computers use Ethernet, and this creates a hurdle for WAN-wide communication. For one computer to send a frame to another computer, the sending computer must know the MAC address of the destination computer. This begs the question: How does the sender get the recipient’s MAC address?

In a small network, this is easy. The sending computer simply broad- casts by sending a frame to MAC address FF-FF-FF-FF-FF-FF, the universal MAC address for broadcast. Figure 7.9 shows a computer broadcasting for another computer’s MAC address.

Cross Check Broadcasting

You first ran into broadcasting in Chapter 2, so check your memory now. What happens to the broadcast frame? Does it reach all the com- puters on a LAN? How many computers actually process that broad- cast frame?

Figure 7.9 • PC broadcasting for a MAC address

Broadcasting takes up some of the network bandwidth, but in a small network, the amount is acceptably small. But what would happen if the

BaseTech

Chapter 7: TCP/IP Basics 151

entire Internet used broadcasting (Figure 7.10)? In this case, the whole Inter- net would come to a grinding halt.

Figure 7.10 • Broadcasting won’t work for the entire Internet!

TCP/IP networks use IP addressing to overcome the limitations inher- ent in Ethernet networks. IP addresses provide several things. First, every machine on a TCP/IP network—small or large—gets a unique IP address that identifies the machine on that network. Second, IP addresses group together sets of computers into logical networks, so you can, for exam- ple, distinguish one LAN from another. Finally, because TCP/IP network equipment understands the IP addressing scheme, computers can com- municate with each other between LANs, in a WAN, and without broad- casting for MAC addresses (other than for the default gateway). Chapter 2 touched on IP addresses briefly, but network techs need to understand them intimately. Let’s look at the structure and function of the IP address- ing scheme.

IP Addresses The most common type of IP address (officially called IPv4, but usually simplified to just “IP”) consists of a 32-bit value. Here’s an example of an IP address:

11000000101010000000010000000010

Whoa! IP addresses are just strings of 32 binary digits? Yes, they are, but to make IP addresses easier for humans to use, the 32-bit binary value is broken down into four groups of eight, separated by periods or dots like this:

11000000.10101000.00000100.00000010

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 152

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Each of these 8-bit values is, in turn, converted into a decimal number between 0 and 255. If you took every possible combination of eight binary values and placed them in a spreadsheet, it would look something like the list in the left column. The right column shows the same list with a decimal value assigned to each.

00000000 00000000 = 0

00000001 00000001 = 1

00000010 00000010 = 2

00000011 00000011 = 3

00000100 00000100 = 4

00000101 00000101 = 5

00000110 00000110 = 6

00000111 00000111 = 7

00001000 00001000 = 8

(skip a bunch in the middle) (skip a bunch in the middle)

11111000 11111000 = 248

11111001 11111001 = 249

11111010 11111010 = 250

11111011 11111011 = 251

11111100 11111100 = 252

11111101 11111101 = 253

11111110 11111110 = 254

11111111 11111111 = 255

Converted, the original value of 11000000.10101000.00000100.00000010 is displayed as 192.168.4.2 in IPv4’s dotted decimal notation (also referred to as the dotted-octet numbering system). Note that dotted decimal is sim- ply a shorthand way for people to discuss and configure the binary IP addresses computers use.

People who work on TCP/IP networks must know how to convert dotted decimal to binary and back. You can convert easily using any oper- ating system’s calculator. Every OS has a calculator (UNIX/Linux systems have about 100 different ones to choose from) that has a scientific or pro- grammer mode like the one shown in Figure 7.11.

To convert from decimal to binary, just go to decimal view, type in the value, and then switch to binary view to get the result. To convert to deci- mal, just go into binary view, enter the binary value, and switch to deci- mal view to get the result. Figure 7.12 shows the result of Windows 7’s Calculator converting the decimal value 47 into binary. Notice the result is 101111—the leading two zeroes do not appear. When you work with IP addresses you must always have eight digits, so just add two more to the left to get 00101111.

Just as every MAC address must be unique on a network, every IP address must be unique as well. For logical addressing to work, no two computers on the same network may have the same IP address. In a small network running TCP/IP, every computer has both an IP address and a MAC address (Figure 7.13).

When you type an IP address into a computer, the computer ignores the periods and immediately converts the decimal numbers into binary. People need dotted decimal notation, but computers do not.

Using a calculator utility to convert to and from binary/ decimal is a critical skill for a network tech. Later on you’ll do this again, but by hand!

BaseTech

Chapter 7: TCP/IP Basics 153

Figure 7.13 • A small network with both IP and MAC addresses

Every operating system comes with a utility (usually more than one utility) to display a system’s IP address and MAC address. Figure 7.14 shows a Mac OS X system’s Network utility. Note the MAC address (00:14:51:65:84:a1) and the IP address (192.168.4.57).

Every operating system also has a command-line utility that gives you this information. In Windows, for example, you can use ipconfig to display the IP and MAC addresses. Run ipconfig /all to see the results shown in Figure 7.15.

Figure 7.12 • Converting decimal to binary with Windows 7’s CalculatorFigure 7.11 • Mac OS X Calculator in Programmer mode

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 154

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Figure 7.14 • Macintosh OS X Network utility

Figure 7.15 • Results from running ipconfig /all in Windows

BaseTech

Chapter 7: TCP/IP Basics 155

In the UNIX/Linux/Mac OS X world, you can run the very similar ifconfig command. Figure 7.16, for example, shows the result of an ifconfig (“eth0” is the NIC) in Ubuntu.

Figure 7.16 • Results from running ifconfig in Ubuntu

IP Addresses in Action IP addresses support both LANs and WANs. This can create problems in some circumstances, such as when a computer needs to send data both to computers in its own network and to computers in other networks. How can this be accomplished?

To make all this work, IP must do three things:

Create some way to use IP addresses so that each LAN has its own ■ identification.

Interconnect all of the LANs using routers and give those routers ■ some way to use the network identification to send packets to the right network.

Give each computer on the network some way to recognize if a ■ packet is for the LAN or for a computer on the WAN so it knows how to handle the packet.

Network IDs To differentiate LANs from one another, each computer on a single LAN must share a very similar IP address. Some parts of the IP address will match all the others on the LAN. Figure 7.17 shows a LAN where all of the computers share the first three numbers of the IP address, with only the last number being unique on each system.

Make sure you know that ipconfig and ifconfig provide a tremendous amount of information regarding a system’s TCP/IP settings.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 156

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Figure 7.17 • IP addresses for a LAN

In this example, every computer has an IP address of 202.120.10.x. That means the network ID is 202.120.10.0. The x part of the IP address is the host ID. Combine the network ID (after dropping the ending 0) with the host ID to get an individual system’s IP address. No individual com- puter can have an IP address that ends with 0 because that is reserved for network IDs.

Interconnecting To organize all those individual LANs into a larger network, every TCP/IP LAN that wants to connect to another TCP/IP LAN must have a router connection. There is no exception to this critical rule. A router, therefore, needs an IP address on the LANs that it serves (Figure 7.18), so it can correctly route packets.

That router is known as the default gateway. When config- uring a client to access the network beyond the router, you use the IP address for the default gateway.

Most network administrators give the LAN-side NIC on the default gateway the lowest host address in the network, usu- ally the host ID of 1.

Routers use network IDs to determine network traffic. Figure 7.19 shows a diagram for a small, two-NIC router simi-

lar to the ones you see in many homes. Note that one port (202.120.10.1) connects to the LAN and the other port connects to the Internet service pro- vider’s network (14.23.54.223). Built into this router is a routing table, the

The network ID and the host ID are combined to make a system’s IP address.

actual instructions that tell the router what to do with incoming packets and where to send them.

Now let’s add in the LAN and the Internet (Figure 7.20). When discussing networks in terms of network IDs, by the way, especially with illustrations in books, the common practice is to draw circles around stylized networks. Here, you should con- centrate on the IDs—not the specifics of the networks.

Network IDs are very flexible, as long as no two intercon- nected networks share the same network ID. If you wished, you could change the network ID of the 202.120.10.0 network to 202.155.5.0, or 202.21.8.0, just as long as you can guarantee no other LAN on the WAN shares the same network ID. On the Internet, powerful governing bodies carefully allocate network IDs to ensure no two LANs share the same network ID. I’ll talk more about how this works later in the chapter.

So far you’ve only seen exam- ples of network IDs where the last value is zero. This is common for small networks, but it creates a limitation. With a network ID of 202.120.10.0, for example, a net- work is limited to IP addresses from 202.120.10.1 to 202.120.10.254. (202.120.10.255 is a broadcast address used to talk to every computer on the LAN.) This provides only 254 IP addresses: enough for a small network, but many organizations need many more IP addresses. No worries! You can simply use a network ID with more zeroes, such as 170.45.0.0 (for a total of 65,534 hosts) or even 12.0.0.0 (for around 16.7 million hosts).

Network IDs enable you to connect multiple LANs into a WAN. Rout- ers then connect everything together, using routing tables to keep track of which packets go where. So that takes care of the second task: intercon- necting the LANs using routers and giving those routers a way to send packets to the right network.

Now that you know how IP addressing works with LANs and WANs, let’s turn to how IP enables each computer on a network to recognize if a packet is going to a computer on the LAN or to a computer on the WAN. The secret to this is something called the subnet mask.

Subnet Mask Picture this scenario. Three friends sit at their computers—Computers A, B, and C—and want to communicate with each other. Figure 7.21 illus- trates the situation. You can tell from the drawing that Computers A and B are in the same LAN, whereas Computer C is on a completely different LAN. The IP addressing scheme can handle this communication, so let’s see how it works.

Routing tables are covered in more detail in Chapter 8.

Figure 7.18 • LAN with router

BaseTech

Chapter 7: TCP/IP Basics 157

actual instructions that tell the router what to do with incoming packets and where to send them.

Now let’s add in the LAN and the Internet (Figure 7.20). When discussing networks in terms of network IDs, by the way, especially with illustrations in books, the common practice is to draw circles around stylized networks. Here, you should con- centrate on the IDs—not the specifics of the networks.

Network IDs are very flexible, as long as no two intercon- nected networks share the same network ID. If you wished, you could change the network ID of the 202.120.10.0 network to 202.155.5.0, or 202.21.8.0, just as long as you can guarantee no other LAN on the WAN shares the same network ID. On the Internet, powerful governing bodies carefully allocate network IDs to ensure no two LANs share the same network ID. I’ll talk more about how this works later in the chapter.

So far you’ve only seen exam- ples of network IDs where the last value is zero. This is common for small networks, but it creates a limitation. With a network ID of 202.120.10.0, for example, a net- work is limited to IP addresses from 202.120.10.1 to 202.120.10.254. (202.120.10.255 is a broadcast address used to talk to every computer on the LAN.) This provides only 254 IP addresses: enough for a small network, but many organizations need many more IP addresses. No worries! You can simply use a network ID with more zeroes, such as 170.45.0.0 (for a total of 65,534 hosts) or even 12.0.0.0 (for around 16.7 million hosts).

Network IDs enable you to connect multiple LANs into a WAN. Rout- ers then connect everything together, using routing tables to keep track of which packets go where. So that takes care of the second task: intercon- necting the LANs using routers and giving those routers a way to send packets to the right network.

Now that you know how IP addressing works with LANs and WANs, let’s turn to how IP enables each computer on a network to recognize if a packet is going to a computer on the LAN or to a computer on the WAN. The secret to this is something called the subnet mask.

Subnet Mask Picture this scenario. Three friends sit at their computers—Computers A, B, and C—and want to communicate with each other. Figure 7.21 illus- trates the situation. You can tell from the drawing that Computers A and B are in the same LAN, whereas Computer C is on a completely different LAN. The IP addressing scheme can handle this communication, so let’s see how it works.

Figure 7.19 • Router diagram

Figure 7.20 • LAN, router, and the Internet

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 158

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Figure 7.21 • The three amigos, separated by walls or miles

The process to get a packet to a local computer is very different from the process to get a packet to a faraway computer. If one computer wants to send a packet to a local computer, it must send a broadcast to get the other computer’s MAC address, as you’ll recall from earlier in the chapter and Figure 7.9. (It’s easy to forget about the MAC address, but remember that the network uses Ethernet and must have the MAC address to get the packet to the other computer.) If the packet is for some computer on a far- away network, the sending computer must send the packet to the default gateway (Figure 7.22).

Figure 7.22 • Sending a packet remotely

In the scenario illustrated in Figure 7.21, Computer A wants to send a packet to Computer B. Computer B is on the same LAN as Computer A, but that begs a question: How does Computer A know this? Every TCP/IP computer needs a tool to tell the sending computer whether the destination IP address is local or long distance. This tool is the subnet mask.

BaseTech

Chapter 7: TCP/IP Basics 159

A subnet mask is nothing more than a string of ones followed by some number of zeroes, always totaling exactly 32 bits, typed into every TCP/IP host. Here’s an example of a typical subnet mask:

11111111111111111111111100000000

For the courtesy of the humans reading this (if any computers are read- ing this book, please call me—I’d love to meet you!), let’s convert this to dotted decimal. First, add some periods:

11111111.11111111.11111111.00000000

Then convert each octet into decimal (use a calculator):

255.255.255.0

When you line up an IP address with a corresponding subnet mask in binary, the portion of the IP address that aligns with the ones of the subnet mask is the network ID portion of the IP address. The portion that aligns with the zeroes is the host ID. With simple IP addresses, you can see this with dotted decimal, but you’ll want to see this in binary for a true under- standing of how the computers work.

The IP address 192.168.5.23 has a subnet mask of 255.255.255.0. Convert both numbers to binary and then compare the full IP address to the ones and zeroes of the subnet mask:

Dotted Decimal Binary

IP address 192.168.5.23 11000000.10101000.00000101.00010111

Subnet mask

255.255.255.0 11111111.11111111.11111111.00000000

Network ID 192.168.5.0 11000000.10101000.00000101.x

Host ID x.x.x.23 x.x.x.00010111

Before a computer sends out any data, it first compares the destination IP address to its own IP address using the subnet mask. If the destination IP address matches the computer’s IP wherever there’s a 1 in the subnet mask, then the sending computer knows the destination is local. The network IDs match. If even one bit of the destination IP address where the 1s are on the subnet mask is different, then the sending computer knows it’s a long- distance call. The network IDs do not match.

Let’s head over to Computer A and see how the subnet mask works. Computer A’s IP address is 192.168.5.23. Convert that into binary:

11000000.10101000.00000101.00010111

Now drop the periods because they mean nothing to the computer:

11000000101010000000010100010111

Let’s say Computer A wants to send a packet to Computer B. Computer A’s subnet mask is 255.255.255.0. Computer B’s IP address is 192.168.5.45. Convert this address to binary:

11000000101010000000010100101101

At this point, you should memorize that 0 = 00000000 and 255 = 11111111. You’ll find knowing this very helpful throughout the rest of the book.

The explanation about comparing an IP address to a subnet mask simplifies the process, leaving out how the computer uses its routing table to accomplish the goal. We’ll get to routing and routing tables in Chapter 8. For now, stick with the concept of the node using the subnet mask to determine the network ID.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 160

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Computer A compares its IP address to Computer B’s IP address using the subnet mask, as shown in Figure 7.23. For clarity, I’ve added a line to show you where the ones end and the zeroes begin in the sub- net mask. Computers certainly don’t need the pretty red line!

A-ha! Computer A’s and Computer B’s network IDs match! It’s a local call. Knowing this, Computer A

can now send out an ARP request, which is a broadcast, as shown in Fig- ure 7.24, to determine Computer B’s MAC address. The Address Resolution Protocol (ARP) is how a TCP/IP network figures out the MAC address based on the destination IP address.

The addressing for the ARP frame looks like Figure 7.25. Note that Computer A’s IP address and MAC address are included.

Computer B responds to the ARP request by sending Computer A an ARP response (Figure 7.26). Once Computer A has Computer B’s MAC address, it starts sending packets.

But what happens when Computer A wants to send a packet to Com- puter C? First, Computer A compares Computer C’s IP address to its own using the subnet mask (Figure 7.27). It sees that the IP addresses do not match in the 1s part of the subnet mask—meaning the network IDs don’t match; therefore, this is a long-distance call.

Header ARP Frame

Broadcast MAC

Source MAC

Source MAC

Source IP

Target IP

?

Figure 7.25 • Simplified ARP frame

Figure 7.23 • Comparing addresses

Figure 7.24 • Sending an ARP request

The long-dead Reverse Address Resolution Protocol (RARP) was used to get a Layer 3 address when the computer’s MAC address was known, thus, the reverse of an ARP. You’ll see this sometimes as an incorrect answer on the CompTIA Network+ exam.

Cross Check ARP and the OSI Model

Remember the OSI model from way back in Chapter 2? Which layer does IP work on? How about MAC addresses? Where do you think ARP fits into the OSI model?

BaseTech

Chapter 7: TCP/IP Basics 161

Figure 7.27 • Comparing addresses again

Try This! ARP in Windows

To show Windows’ current ARP table, open a command line and type:

arp –a

You should see results similar to this:

Interface: 192.168.4.71 --- 0x4 Internet Address Physical Address Type 192.168.4.76 00-1d-e0-78-9c-d5 dynamic 192.168.4.81 00-1b-77-3f-85-b4 dynamic

Now delete one of the entries in the ARP table with this command:

arp –d [ip address from the previous results]

Run the arp –a command again. The line for the address you speci- fied should be gone. Now ping the address you deleted and check the ARP table again. Did the deleted address return?

Figure 7.28 • Sending an ARP request to the gateway

Figure 7.26 • Computer B responds.

Whenever a computer wants to send to an IP address on another LAN, it knows to send the packet to the default gateway. It still sends out an ARP request, but this time to the default gateway (Figure 7.28). Once Computer A gets the default gateway’s MAC address, it then begins to send packets.

Subnet masks are represented in dotted decimal like IP addresses—just remember that both are really 32-bit binary numbers. All of the following (shown in both binary and dotted decimal formats) can be subnet masks:

11111111111111111111111100000000 = 255.255.255.0 11111111111111110000000000000000 = 255.255.0.0 11111111000000000000000000000000 = 255.0.0.0

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 162

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Most network folks represent subnet masks using special shorthand: a / character followed by a number equal to the number of ones in the subnet mask. Here are a few examples:

11111111111111111111111100000000 = /24 (24 ones) 11111111111111110000000000000000 = /16 (16 ones) 11111111000000000000000000000000 = /8 (8 ones)

An IP address followed by the / and number tells you the IP address and the subnet mask in one statement. For example, 201.23.45.123/24 is an IP address of 201.23.45.123 with a subnet mask of 255.255.255.0. Simi- larly, 184.222.4.36/16 is an IP address of 184.222.4.36 with a subnet mask of 255.255.0.0.

Fortunately, computers do all of this subnet filtering automatically. Net- work administrators need only to enter the correct IP address and subnet mask when they first set up their systems, and the rest happens without any human intervention.

If you want a computer to work in a routed internetwork (like the Inter- net), you absolutely must have an IP address that’s part of its network ID, a subnet mask, and a default gateway. No exceptions!

Class IDs The Internet is by far the biggest and the most complex TCP/IP internet- work. Numbering over half a billion computers way back in 2009, it has grown so quickly that now it’s nearly impossible to find an accurate num- ber. The single biggest challenge for the Internet is to make sure no two devices share the same public IP address. To support the dispersion of IP addresses, an organization called the Internet Assigned Numbers Author- ity (IANA) was formed to track and disperse IP addresses to those who need them. Initially handled by a single person (the famous Jon Postel) until 1998, the IANA has grown dramatically and now oversees a num- ber of Regional Internet Registries (RIRs) that parcel out IP addresses to large ISPs and major corporations. The RIR for North America is called the American Registry for Internet Numbers (ARIN). The vast majority of end users get their IP addresses from their respective ISPs. IANA passes out IP addresses in contiguous chunks called class licenses, which are out- lined in the following table:

First Decimal Value Addresses

Hosts per Network ID

Class A 1–126 1.0.0.0–126.255.255.255 16,277,214

Class B 128–191 128.0.0.0–191.255.255.255 65,534

Class C 192–223 192.0.0.0–223.255.255.255 254

Class D 224–239 224.0.0.0–239.255.255.255 Multicast

Class E 240–254 240.0.0.0–254.255.255.255 Experimental

A typical Class A license, for example, has a network ID that starts between 1 and 126; hosts on that network have only the first octet in

By definition, all computers on the same network have the same subnet mask and network ID.

BaseTech

Chapter 7: TCP/IP Basics 163

common, with any numbers for the other three octets. Having three octets to use for hosts means you have an enormous number of possible hosts, over 16 million different number combinations. The subnet mask for Class A licenses is 255.0.0.0, which means you have 24 bits for host IDs.

Do you remember binary math? 224 = 16,277,216. Because the host can’t use all zeroes or all ones (those are reserved for the network ID and broad- cast IP, respectively), you subtract two from the final number to get the available host IDs.

A Class B license, with a subnet mask of 255.255.0.0, uses the first two octets to define the network ID. This leaves two octets to define host IDs, which means each Class B network ID can have up to 65,534 different hosts.

A Class C license uses the first three octets to define only the network ID. All hosts in network 192.168.35.0, for example, would have all three first numbers in common. Only the last octet defines the host IDs, which leaves only 254 possible unique addresses. The subnet mask for Class C licenses is 255.255.255.0.

Multicast class licenses are used for one-to-many communication, such as in streaming video conferencing. There are three ways to send a packet: a broadcast, which is where every computer on the LAN hears the message; a unicast, where one computer sends a message directly to another user; and a multicast, where a single computer sends a packet to a group of interested computers. Multicast is often used when routers talk to each other.

Experimental addresses are reserved and never used except for occasional experimental reasons. These were originally called reserved addresses.

IP class licenses worked well for the first few years of the Internet but quickly ran into trouble due to the fact that they didn’t quite fit for every- one. Early on, IANA gave away IP class licenses rather generously, per- haps too generously. Over time, unallocated IP addresses became scarce. Additionally, the IP class licenses concept didn’t scale well. If an organiza- tion needed 2,000 IP addresses, for example, it either had to take a single Class B license (wasting 63,000 addresses) or eight Class C licenses. As a result, a new method of generating blocks of IP addresses, called Classless Inter-Domain Routing (CIDR), was developed.

CIDR and Subnetting■■ CIDR is based on a concept called subnetting: taking a single class of IP addresses and chopping it up into multiple smaller groups. CIDR and subnetting are virtually the same thing. Subnetting is done by an organi- zation—it is given a block of addresses and then breaks the single block of addresses into multiple subnets. CIDR is done by an ISP—it is given a block of addresses, subnets the block into multiple subnets, and then passes out the smaller individual subnets to customers. Subnetting and CIDR have been around for quite a long time now and are a critical part of all but the smallest TCP/IP networks. Let’s first discuss subnetting and then visit CIDR.

The Internet Corporation for Assigned Names and Numbers (ICANN) manages the IANA.

Make sure you memorize the IP class licenses! You should be able to look at any IP address and know its class license. Here’s a trick to help: The first binary octet of a Class A address always begins with a 0 (0xxxxxxx); for Class B, it begins with a 10 (10xxxxxx); for Class C, with 110 (110xxxxx); for Class D, with 1110 (1110xxxx); and for Class E, it begins with 1111 (1111xxxx).

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 164

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Subnetting Subnetting enables a much more efficient use of IP addresses compared to class licenses. It also enables you to separate a network for security (sepa- rating a bank of public access computers from your more private comput- ers) and for bandwidth control (separating a heavily used LAN from one that’s not so heavily used).

The cornerstone to subnetting lies in the subnet mask. You take an exist- ing /8, /16, or /24 subnet and extend the subnet mask by adding more ones (and taking away the corresponding number of zeroes). For example, let’s say you have an Internet café with about 50 computers, 40 of which are for public use and 10 of which are used in the back office for accounting and such (Figure 7.29). Your network ID is 192.168.4.0/24. You want to prevent people using the public systems from accessing your private machines, so you decide to create subnets. You also have wireless Internet and want to separate wireless clients (never more than 10) on their own subnet.

Figure 7.29 • Layout of the network

You need to keep two things in mind about subnetting. First, start with the given subnet mask and move it to the right until you have the number of subnets you need. Second, forget the dots. They no longer define the subnets.

You need to know how to subnet to pass the CompTIA Network+ exam.

BaseTech

Chapter 7: TCP/IP Basics 165

Never try to subnet without first converting to binary. Too many techs are what I call “victims of the dots.” They are so used to working only with class licenses that they forget there’s more to subnets than just /8, /16, and /24 networks. There is no reason network IDs must end on the dots. The computers, at least, think it’s perfectly fine to have subnets that end at points between the periods, such as /26, /27, or even /22. The trick here is to stop thinking about network IDs and subnet masks just in their dotted decimal format and instead return to thinking of them as binary numbers.

Let’s begin subnetting the café’s network of 192.168.4/24. Start by chang- ing a zero to a one on the subnet mask so the /24 becomes a /25 subnet:

11111111111111111111111110000000

Calculating Hosts Before going even one step further, you need to answer this question: On a /24 network, how many hosts can you have? Well, if you used dotted deci- mal notation you might say

192.168.4.1 to 192.168.4.254 = 254 hosts

But do this from the binary instead. In a /24 network, you have eight zeroes that can be the host ID:

00000001 to 11111110 = 254

There’s a simple piece of math here: 2x – 2, where x represents the number of zeroes in the subnet mask.

28 – 2 = 254

If you remember this simple formula, you can always determine the num- ber of hosts for a given subnet. This is critical! Memorize this!

If you have a /16 subnet mask on your network, what is the maximum number of hosts you can have on that network?

Because a subnet mask always has 32 digits, a /16 subnet means you 1. have 16 zeroes left after the 16 ones.

22. 16 – 2 = 65,534 total hosts.

If you have a /26 subnet mask on your network, what is the maximum number of hosts you can have on that network?

Because a subnet mask always has 32 digits, a /26 subnet means you 1. have 6 zeroes left after the 26 ones.

22. 6 – 2 = 62 total hosts.

Excellent! Knowing how to determine the number of hosts for a particu- lar subnet mask will help you tremendously in a moment.

Your First Subnet Let’s now make a subnet. All subnetting begins with a single network ID. In this scenario, you need to convert the 192.168.4/24 network ID for the café into three network IDs: one for the public computers, one for the private computers, and one for the wireless clients.

Many authors will drop the trailing zeroes when using CIDR notation. I always do this when teaching because it’s faster to write. So you might see a network ID like 192.168.4/24. The last octet of zero is implied by the /24. Either way works.

You cannot subnet without using binary!

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 166

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

The primary tool for subnetting is the existing subnet mask. Write it out in binary. Place a line at the end of the ones, as shown in Figure 7.30.

Now draw a second line one digit to the right, as shown in Figure 7.31. You’ve now separated the subnet mask into three areas that I call (from left to right) the default subnet mask (DSM), the network ID extension (NE), and the hosts (H). These are not industry terms so you won’t see them on the CompTIA Network+ exam, but they’re a handy Mike Trick that makes the process of subnetting a lot easier.

You now have a /25 subnet mask. At this point, most people first learning how to subnet start to freak out. They’re challenged by the idea that a subnet mask of /25 isn’t going to fit into one of the three pretty subnets of 255.0.0.0, 255.255.0.0, or 255.255.255.0. They think, “That can’t be right! Subnet masks are made out of only 255s

and 0s.” That’s not correct. A subnet mask is a string of ones followed by a string of zeroes. People only convert it into dotted decimal to enter things into computers. So convert /25 into dotted decimal. First write out 25 ones, followed by seven zeroes. (Remember, subnet masks are always 32 binary digits long.)

11111111111111111111111110000000

Insert the periods in between every eight digits:

11111111.11111111.11111111.10000000

Then convert them to dotted decimal:

255.255.255.128

Get used to the idea of subnet masks that use more than 255s and 0s. Here are some examples of perfectly legitimate subnet masks. Try convert- ing these to binary to see for yourself.

255.255.255.224 255.255.128.0 255.248.0.0

Calculating Subnets When you subnet a network ID, you need to follow the rules and conven- tions dictated by the good folks who developed TCP/IP to ensure that your

new subnets can interact properly with each other and with larger networks. All you need to remember for subnetting is this: start with a beginning subnet mask and extend the subnet extension until you have the number of subnets you need. The formula for determining how many subnets you create is 2y, where y is the number of bits you add to the subnet mask.

Let’s practice this a few times. Figure 7.32 shows a starting subnet of 255.255.255.0. If you move the network ID extension over one, it’s only a single digit, 21.

Figure 7.30 • Step 1 in subnetting

Figure 7.31 • Organizing the subnet mask

Figure 7.32 • Organizing the subnet mask

BaseTech

Chapter 7: TCP/IP Basics 167

That single digit is only a zero or a one, which gives you two subnets. You have only one problem—the café needs three subnets, not just two! So let’s take /24 and subnet it down to /26. Extending the network ID by two digits creates four new network IDs, 22 = 4. To see each of these network IDs, first convert the original network ID—192.168.4.0—into binary. Then add the four different network ID extensions to the end, as shown in Figure 7.33.

Figure 7.34 shows a sample of the IP addresses for each of the four new network IDs.

Now convert these four network IDs back to dotted decimal:

Network ID Host Range

192.168.4.0/26 (192.168.4.1 – 192.168.4.62)

192.168.4.64/26 (192.168.4.65 – 192.168.4.126)

192.168.4.128/26 (192.168.4.129 – 192.168.4.190)

192.168.4.192/26 (192.168.4.193 – 192.168.4.254)

Congratulations! You’ve just taken a single network ID, 192.168.4.0/24, and subnetted it into four new network IDs! Figure 7.35 shows how you can use these new network IDs in a network.

Figure 7.35 • Three networks using the new network IDs

You may notice that the café only needs three subnets, but you created four—you’re wasting one. Because subnets are created by powers of two, you will often create more subnets than you need—welcome to subnetting.

If wasting subnets seems contrary to the goal of efficient use, keep in mind that subnetting has two goals: efficiency and making multiple network IDs from a single network ID. This example is geared more toward the latter goal.

Original network ID: 192.168.4.0 /24 Translates to this in binary: 11000000.10101000.00000100.00000000

Figure 7.33 • Creating the new network IDs

Figure 7.34 • New network ID address ranges

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 168

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

For a little more subnetting practice, let’s create eight subnets on a /27 network. First, move the NE over three digits (Figure 7.36).

To help you visualize the address range, I’ll calculate the two of the subnets—using 001 and 011 (Figure 7.37). Please do the other six for practice.

Note that in this case you only get 25 – 2 = 30 hosts per network ID! These better be small networks!

Converting these to dotted decimal, you get:

192.168.4.0/27 (192.168.4.1 – 192.168.4.30) 192.168.4.32/27 (192.168.4.33 – 192.168.4.62) 192.168.4.64/27 (192.168.4.65 – 192.168.4.94) 192.168.4.96/27 (192.168.4.97 – 192.168.4.126) 192.168.4.128/27 (192.168.4.129 – 192.168.4.158) 192.168.4.160/27 (192.168.4.161 – 192.168.4.190) 192.168.4.192/27 (192.168.4.193 – 192.168.4.222) 192.168.4.224/27 (192.168.4.225 – 192.168.4.254)

These two examples began with a Class C address. However, you can begin with any starting network ID. Nothing changes about the process you just learned.

Manual Dotted Decimal to Binary Conversion The best way to convert from dotted decimal to binary and back is to use a calculator. It’s easy, fast, and accu- rate. There’s always a chance, however, that you may find yourself in a situation where you need to convert without a calculator. Fortunately, manual conversion,

although a bit tedious, is also fairly easy. You just have to remember a single number: 128.

Take a piece of paper and write the number 128 in the top-left corner. Now, what is half of 128? That’s right, 64. Write 64 next to 128. Now keep dividing the previous number in half until you get to the number 1. The result will look like this:

128 64 32 16 8 4 2 1

Notice that you have eight numbers. Each of these numbers corresponds to a position of one of the eight binary digits. To convert an 8-bit value to dotted decimal, just take the binary value and put the numbers under the corresponding eight digits. Wherever there’s a 1, add that decimal value.

Let’s take the binary value 10010110 into decimal. Write down the num- bers as shown, and then write the binary values underneath each corre- sponding decimal number:

128 64 32 16 8 4 2 1 1 0 0 1 0 1 1 0

Add the decimal values that have a 1 underneath:

128 + 16 + 4 + 2 = 150

Figure 7.36 • Moving the network ID extension three digits

11000000101010000000010000100000 11000000101010000000010000100001 11000000101010000000010000100010

11000000101010000000010000111101 11000000101010000000010000111110 11000000101010000000010000111111

11000000101010000000010001100000 11000000101010000000010001100001 11000000101010000000010001100010

11000000101010000000010001111101 11000000101010000000010001111110 11000000101010000000010001111111

Figure 7.37 • Two of the eight network ID address ranges

Tech Tip

ISPs and Classless Addresses If you order real, unique, ready- for-the-Internet IP addresses from your local ISP, you’ll invariably get a classless set of IP addresses. More importantly, when you order them for clients, you need to be able to explain why their subnet mask is 255.255.255.192, when all the books they read tell them it should be 255.255.255.0!

All this assumes you can get an IPv4 address by the time you’re reading this book. See Chapter 13 for the scoop on IPv6, the addressing scheme of the future.

BaseTech

Chapter 7: TCP/IP Basics 169

Converting from decimal to binary is a bit more of a challenge. You still start with a line of decimal numbers starting with 128, but this time, you place the decimal value above. If the number you’re trying to convert is greater than or equal to the number underneath, subtract it and place a 1 underneath that value. If not, then place a 0 under it and move the number to the next position to the right. Let’s give this a try by converting 221 to binary. Begin by placing 221 over the 128:

221 128 64 32 16 8 4 2 1 93 1

Now place the remainder, 93, over the 64:

93 128 64 32 16 8 4 2 1 29 1 1

Place the remainder, 29, over the 32. The number 29 is less than 32, so place a 0 underneath the 32 and move to 16:

29 128 64 32 16 8 4 2 1 13 1 1 0 1

Then move to the 8:

13 128 64 32 16 8 4 2 1 5 1 1 0 1 1

Then the 4:

5 128 64 32 16 8 4 2 1 1 1 1 0 1 1 1

Then the 2. The number 1 is less than 2, so drop a 0 underneath and move to 1:

1 128 64 32 16 8 4 2 1 1 1 0 1 1 1 0 1

Finally, the 1; 1 is equal to 1, so put a 1 underneath and you’re done. The number 221 in decimal is equal to 11011101 in binary.

CIDR: Subnetting in the Real World I need to let you in on a secret—there’s a better than average chance that you’ll never have to do subnetting in the real world. That’s not to say that

Make sure you can manually convert decimal to binary and binary to decimal.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 170

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

subnetting isn’t important. It’s a critical part of the Internet’s structure. Sub- netting most commonly takes place in two situations: ISPs that receive class licenses from IANA and then subnet those class licenses for customers, and very large customers that take subnets (sometimes already subnetted class licenses from ISPs) and make their own subnets. Even if you’ll never make a working subnet in the real world, there are a number of reasons to learn subnetting.

First and most obvious, the CompTIA Network+ exam expects you to know subnetting. For the exam, you need to be able to take any existing network ID and break it down into a given number of subnets. You need to know how many hosts the resulting network IDs possess. You need to be able to calculate the IP addresses and the new subnet masks for each of the new network IDs.

Second, even if you never do your own subnetting, you will most likely contact an ISP and get CIDR addresses. You can’t think about subnet masks in terms of dotted decimal. You need to think of subnets in terms of CIDR values like /8, /22, /26, and so on.

Third, there’s a better than average chance you’ll look to more advanced IT certifications. Most Cisco, many Microsoft, and a large number of other certifications assume you understand subnetting. Subnetting is a compe- tency standard that everyone who’s serious about networking understands in detail—it’s a clear separation between those who know networks and those who do not.

You’ve done well, my little padawan. Subnetting takes a little getting used to. Go take a break. Take a walk. Play some World of Warcraft. Or fire up your Steam client and see if I’m playing Counter-Strike or Left 4 Dead (player name “desweds”). After a good mental break, dive back into sub- netting and practice. Take any old network ID and practice making multiple subnets—lots of subnets!

Using IP Addresses■■ Whew! After all that subnetting, you’ve reached the point where it’s time to start actually using some IP addresses. That is, after all, the goal of going through all that pain. There are two ways to give a computer an IP address, subnet mask, and default gateway: either by typing in all the information (called static addressing) or by having a server program running on a sys- tem that automatically passes out all the IP information to systems as they boot up on or connect to a network (called dynamic addressing). Addition- ally, you must learn about a number of specialty IP addresses that have unique meanings in the IP world to make this all work.

Static IP Addressing Static addressing means typing all of the IP information into each of your clients. But before you type in anything, you have to answer two questions: What are you typing in and where do you type it? Let’s visualize a four- node network like the one shown in Figure 7.38.

BaseTech

Chapter 7: TCP/IP Basics 171

subnetting isn’t important. It’s a critical part of the Internet’s structure. Sub- netting most commonly takes place in two situations: ISPs that receive class licenses from IANA and then subnet those class licenses for customers, and very large customers that take subnets (sometimes already subnetted class licenses from ISPs) and make their own subnets. Even if you’ll never make a working subnet in the real world, there are a number of reasons to learn subnetting.

First and most obvious, the CompTIA Network+ exam expects you to know subnetting. For the exam, you need to be able to take any existing network ID and break it down into a given number of subnets. You need to know how many hosts the resulting network IDs possess. You need to be able to calculate the IP addresses and the new subnet masks for each of the new network IDs.

Second, even if you never do your own subnetting, you will most likely contact an ISP and get CIDR addresses. You can’t think about subnet masks in terms of dotted decimal. You need to think of subnets in terms of CIDR values like /8, /22, /26, and so on.

Third, there’s a better than average chance you’ll look to more advanced IT certifications. Most Cisco, many Microsoft, and a large number of other certifications assume you understand subnetting. Subnetting is a compe- tency standard that everyone who’s serious about networking understands in detail—it’s a clear separation between those who know networks and those who do not.

You’ve done well, my little padawan. Subnetting takes a little getting used to. Go take a break. Take a walk. Play some World of Warcraft. Or fire up your Steam client and see if I’m playing Counter-Strike or Left 4 Dead (player name “desweds”). After a good mental break, dive back into sub- netting and practice. Take any old network ID and practice making multiple subnets—lots of subnets!

Using IP Addresses■■ Whew! After all that subnetting, you’ve reached the point where it’s time to start actually using some IP addresses. That is, after all, the goal of going through all that pain. There are two ways to give a computer an IP address, subnet mask, and default gateway: either by typing in all the information (called static addressing) or by having a server program running on a sys- tem that automatically passes out all the IP information to systems as they boot up on or connect to a network (called dynamic addressing). Addition- ally, you must learn about a number of specialty IP addresses that have unique meanings in the IP world to make this all work.

Static IP Addressing Static addressing means typing all of the IP information into each of your clients. But before you type in anything, you have to answer two questions: What are you typing in and where do you type it? Let’s visualize a four- node network like the one shown in Figure 7.38.

Figure 7.38 • A small network

To make this network function, each com- puter must have an IP address, a subnet mask, and a default gateway. First, decide what net- work ID to use. In the old days, your ISP gave you a block of IP addresses to use. Assume that’s still the method and you’ve been allo- cated a Class C license for 197.156.4/24. The first rule of Internet addressing is ... no one talks about Internet addressing. Actually, we can maul the Fight Club reference and instead say, “The first rule of Internet addressing is that you can do whatever you want with your own network ID.” There are no rules other than to make sure every computer gets a legit IP address and subnet mask for your network ID and make sure every IP address is unique. You don’t have to use the numbers in order, you don’t have to give the default gateway the 192.156.4.1 address—you can do it any way you want. That said, most net- works follow a common set of principles:

Give the default gateway the first IP 1. address in the network ID.

Try to use the IP addresses in some 2. kind of sequential order.

Try to separate servers from clients. 3. For example, servers could have the IP addresses 197.156.4.10 to 197.156.4.19, whereas the clients range from 197.156.4.200 to 197.156.4.254.

Write down whatever you choose to 4. do so the person who comes after you understands.

These principles have become unofficial stan- dards for network techs, and following them will make you very popular with whoever has to manage your network in the future.

Now you can give each of the comput- ers an IP address, subnet mask, and default gateway.

Every operating system has some method for you to enter in the static IP information. In Windows, you use the Internet Protocol Version 4 (TCP/IPv4) Properties dialog, as shown in Figure 7.39.

In Mac OS X, run the Network utility in System Preferences to enter in the IP information (Figure 7.40).

Figure 7.39 • Entering static IP information in Windows Internet Protocol Version 4 (TCP/IPv4) Properties

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 172

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

The only universal tool for entering IP information on UNIX/ Linux systems is the command-line ifconfig command, as shown in Fig- ure 7.41. A warning about setting static IP addresses with ifconfig: any address entered will not be perma- nent and will be lost on reboot. To make the new IP permanent, you need to find and edit your network configuration files. Fortunately, modern distributions (distros) make your life a bit easier. Almost every flavor of UNIX/Linux comes with some handy graphical program, such as Network Configuration in the popular Ubuntu Linux distro (Figure 7.42).

Once you’ve added the IP infor- mation for at least two systems, you should always verify using the ping command, as shown in Figure 7.43.

If you’ve entered an IP address and your ping is not successful, first check your IP settings. Odds are good you made a typo. Otherwise, check your connections, driver, and so forth. Static addressing has been around for a long time and is still heavily used for more critical systems on your network. Static addressing poses one big problem, however: making any changes to the network is a serious pain. Most systems today use a far easier and more flexible method to get their IP information: dynamic IP addressing.

Always verify with ping—it’s too easy to make a typo when you enter static IP addresses.

Figure 7.40 • Entering static IP information in the OS X Network utility

Figure 7.41 • Using the ifconfig command to set static IP addresses

Figure 7.42 • Ubuntu’s Network Configuration utility

BaseTech

Chapter 7: TCP/IP Basics 173

Dynamic IP Addressing Dynamic IP addressing, better known as Dynamic Host Configuration Pro- tocol (DHCP) or the older (and long vanished) Bootstrap Protocol (BOOTP), automatically assigns an IP address whenever a computer connects to the network. DHCP (and BOOTP, though for simplicity I’ll just say DHCP) works very simply. First, configure a computer to use DHCP. Every OS has some method to tell the computer to use DHCP, as in the Windows example shown in Figure 7.44.

How DHCP Works Once a computer is configured to use DHCP, we call it a DHCP client. When a DHCP client boots up, it automatically sends out a special DHCP Discover packet using the broadcast address. This DHCP Discover mes- sage asks “Are there any DHCP servers out there?” (See Figure 7.45.)

For DHCP to work, one system on the LAN must be running special DHCP server software. This server is designed to respond to DHCP Discover requests with a DHCP Offer. The DHCP server is configured to pass out IP addresses from a range (called a DHCP scope) and a subnet mask (Figure 7.46).

Figure 7.43 • Two pings (successful ping on top, unsuccessful ping on bottom)

Figure 7.44 • Setting up for DHCP

Figure 7.45 • Computer sending out a DHCP Discover message Figure 7.46 • DHCP server main screen

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 174

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

It also passes out other information, known generically as options, that cover an outrageously large number of choices, such as your default gateway, DNS server, Network Time server, and so on.

Figure 7.47 shows the configuration screen from the popular DHCP Server that comes with Windows Server 2008. Note the single scope. Fig- ure 7.48 shows the same DHCP Server tool, in this case, detailing the options screen. At this point, you’re probably not sure what any of these options are for. Don’t worry. I’ll return to these topics in later chapters.

The DHCP client sends out a DHCP Request—a poor name choice as it is really accepting the offer. The DHCP server then sends a DHCP Acknowl- edge and lists the MAC address as well as the IP information given to the DHCP client in a database (Figure 7.49).

The acceptance from the DHCP client of the DHCP server’s data is called a DHCP lease. A DHCP lease is set for a fixed amount of time, gen- erally five to eight days. Near the end of the lease time, the DHCP client simply makes another DHCP Discover message. The DHCP server looks at the MAC address information and, unless another computer has taken the lease, always gives the DHCP client the same IP information, including the same IP address.

DHCP servers can be set up to reserve addresses for specific machines through what’s called, appropriately, DHCP reservations. You use these for servers inside your network, for example, so if you had to change their IP addresses for some reason, you could do it from a central location. The other option is to use static IPs, but then you’d need to log in to each server to change the IP addresses.

Figure 7.47 • DHCP Server configuration screen

Figure 7.48 • DHCP Server options screen

BaseTech

Chapter 7: TCP/IP Basics 175

Living with DHCP DHCP is very convenient and, as such, very popular. It’s so popular that you’ll very rarely see a user’s computer on any network using static addressing.

You should know how to deal with DHCP problems. The single biggest issue is when a DHCP client tries to get a DHCP address and fails. You’ll know when this happens because the operating system will post some form of error telling you there’s a problem (Figure 7.50) and the DHCP client will have a rather strange address in the 169.254/16 network ID.

This special IP address is generated by Automatic Private IP Addressing (APIPA). All DHCP clients are designed to generate an APIPA address automatically if they do not receive a response to a DHCP Discover message. The client only generates the last two octets of an APIPA address. This enables the dynamic cli- ents on a single network to continue to communicate with each other because they are on the same network ID.

Unfortunately, APIPA cannot issue a default gateway, so you’ll never get on the Internet using APIPA. That provides a huge clue to a DHCP problem: you can communicate with other computers on your network, but you can’t get to the Internet.

If you can’t get to the Internet, use whatever tool your OS provides to check your IP address. If it’s an APIPA address, you know instantly that you have a DHCP problem. First of all, try to reestablish the lease manually. Every OS has some way to do this. In Windows, you can type the following command:

ipconfig /renew

On a Mac, go to System Preferences and use the Network utility (Figure 7.51).

Systems that use static IP addressing can never have DHCP problems.

Figure 7.49 • DHCP Request and DHCP Acknowledge

Figure 7.51 • Network utility in System Preferences

Figure 7.50 • DHCP error in Windows 7

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 176

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Sometimes you might find yourself in a situation where your computer gets confused and won’t grab an IP address no matter what you try. In these cases, you should first force the computer to release its lease. In Windows, get to a command prompt and type these two commands; follow each by pressing enter:

ipconfig /release ipconfig /renew

In UNIX/Linux and Mac OS X, use the ifconfig command to release and renew a DHCP address. Here’s the syntax to release:

sudo ifconfig eth0 down

And here’s the syntax to renew:

sudo ifconfig eth0 up

Depending on your distribution, you may not need to type sudo first, but you will need to have root privileges to use ifconfig. Root privileges are Linux’s version of administrative privileges in Windows.

Special IP Addresses The folks who invented TCP/IP created a number of special IP addresses you need to know about. The first special address is 127.0.0.1—the loopback address. When you tell a device to send data to 127.0.0.1, you’re telling that device to send the packets to itself. The loopback address has a number of uses. One of the most common is to use it with the ping command. I use the command ping 127.0.0.1 to test a NIC’s capability to send and receive packets.

Lots of folks use TCP/IP in networks that either aren’t connected to the Internet or want to hide their computers from the rest of Internet. Certain groups of IP addresses, known as private IP addresses, are available to help in these situations. All routers destroy private IP addresses. Those addresses can never be used on the Internet, making them a handy way to hide sys- tems. Anyone can use these private IP addresses, but they’re useless for systems that need to access the Internet—unless you use the mysterious and powerful NAT, which I’ll discuss in the next chapter. (Bet you’re dying to learn about NAT now!) For the moment, however, let’s just look at the ranges of addresses that are designated as private IP addresses:

10.0.0.0 through 10.255.255.255 (1 Class A license) ■

172.16.0.0 through 172.31.255.255 (16 Class B licenses) ■

192.168.0.0 through 192.168.255.255 (256 Class C licenses) ■

All other IP addresses are public IP addresses.

CompTIA loves TCP and UDP port numbers, so make sure you know that DHCP and BOOTP servers use UDP ports 67 and 68. You’ll also see the term BOOTPS on the exam, which simply refers to a BOOTP server (as opposed to BOOTPC for a BOOTP client).

Make sure you know how to configure your computers to use static IP addressing and know that you use ping to ensure they can communicate. For dynamic IP addressing, make sure you know the common protocol— DHCP—and the much older protocol—BOOTP. Understand that each client must have some way to “turn on” DHCP. Also understand the concept of a DHCP client and a DHCP server. Last but not least, be comfortable with APIPA and releasing and renewing a lease on a client.

Even though, by convention, you use 127.0.0.1 as the loopback address, the entire 127.0.0.0/8 subnet is reserved for loopback addresses. You can use any address in the 127.0.0.0/8 subnet as a loopback address.

Make sure you can quickly tell the difference between a private and a public IP address for the CompTIA Network+ exam.

Tech Tip

Case Matters With UNIX, Linux, and Mac OS X command-line commands, case matters. If you run sudo ifconfig eth0 down all in lowercase, for example, your Ethernet connection will drop as the DHCP or BOOTP lease is released. If you try running the same command in uppercase, on the other hand, the Linux et al. command prompt will look at you quizzically and then snort with derision. “What’s this SUDO of which you speak?” And then give you a prompt for a “real” command. Watch your case with UNIX/Linux/OS X!

BaseTech

177 Chapter 7: TCP/IP Basics

Chapter 7 Review■■

Chapter Summary ■ After reading this chapter and completing the exercises, you should understand the following about TCP/IP.

Describe how the TCP/IP protocol suite works

Whereas MAC addresses are physical addresses ■ burned into the NIC, IP addresses are logical and are assigned via software.

An IP address consists of 32 binary digits, often ■ written in dotted decimal notation to make it easier for humans to read.

Every IP address must be unique on its network. ■

The utilities ipconfig (Windows) and ifconfig ■ (UNIX/Linux/Mac OS X) can be used to view IP address information.

Every IP address contains both a network ID and ■ a host ID. Computers on the same network will have the same network ID portion of an IP address whereas the host ID portion will be unique.

The network’s router’s interface is called the ■ default gateway. Its IP address is used by hosts to communicate off the network. The router uses an internal routing table and network IDs to determine where to send network packets.

A subnet mask helps to define the network ID of ■ an IP address. All computers on a specific network share the same subnet mask.

An Address Resolution Protocol (ARP) broadcast ■ is used to determine the MAC address of the destination computer based on its IP address.

Subnet masks are often written with the IP ■ address in slash notation, such as 201.23.45.123/24. In this example, the IP address is 201.23.45.123 and the subnet mask consists of 24 ones, or 11111111.11111111.11111111.00000000 (255.255.255.0).

The Internet Assigned Numbers Authority (IANA) ■ is the organization responsible for tracking and dispersing IP addresses to Internet service providers.

A broadcast is sent to every computer on the ■ network. A unicast is sent from one node to one

other node. A multicast is sent from one computer to multiple nodes.

Explain CIDR and subnetting

Subnet masks enable network adapters to ■ determine whether incoming packets are being sent to a local network address or a remote network.

A subnet mask is similar in form to an IP address. ■ Subnet masks consist of some number of ones, followed by zeroes, for a total of 32 bits.

Subnetting is done by organizations when they ■ need to create multiple networks.

Classless Inter-Domain Routing (CIDR) is when an ■ ISP subnets a block of addresses and passes them out to smaller customers.

Computers use subnet masks to distinguish (sub) ■ network IDs from host IDs. Any bit on the full IP address that corresponds to a 1 on the subnet mask is part of the network ID. Any uncovered (turned off or = “0”) bits show the host ID of an IP address.

Assignable IP addresses come in three basic classful ■ address types: Class A, Class B, and Class C.

The Class A range of addresses has its first octet ■ anywhere from 1 through 126. The default Class A subnet mask is 255.0.0.0.

A Class B address has its first octet anywhere from ■ 128 through 191. Class B subnets use a mask of 255.255.0.0.

Class C addresses range from 192 through 223, ■ with the standard Class C subnet mask set to 255.255.255.0.

Classless subnets do away with neat subnet ■ masks. These subnet masks employ other binary representations in the masking process. For example, 255.255.255.0 is a standard Class C subnet mask, allowing for one subnet of 254 systems. Contrast that example with using subnet mask 255.255.255.240, which would allow for 14 subnets with 14 systems each.

178 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

Describe the functions of static and dynamic IP addresses

Static addressing requires the IP address, subnet ■ mask, and default gateway to be entered manually.

Dynamic addressing uses the Dynamic Host ■ Configuration Protocol (DHCP) to assign an IP address, subnet mask, and default gateway to a network client.

A network client is assigned an IP address from ■ a DHCP server by exchanging the following packets: DHCP Discover, DHCP Offer, DHCP Request, and DHCP Acknowledge.

The data accepted by the DHCP client is called ■ the DHCP lease, which is good for a fixed period

of time. The time varies based on how the DHCP server was configured.

A DHCP client that fails to acquire a DHCP ■ lease from a DHCP server self-generates an IP address and subnet mask via Automatic Private IP Addressing (APIPA). This address falls in the Class B range of 169.254.x.x /16.

The 127.0.0.1 loopback address used in testing is a ■ reserved IP address.

Private IP addresses include the following ranges: ■ 10.0.0.0–10.255.255.255 (Class A) 172.16.0.0–172.31.255.255 (Class B) 192.168.0.0–192.168.255.255 (Class C)

Key Terms ■ Address Resolution Protocol (ARP) (160) Automatic Private IP Addressing (APIPA) (175) Bootstrap Protocol (BOOTP) (173) broadcast (163) Classless Inter-Domain Routing (CIDR) (163) class license (162) datagram (148) default gateway (156) DHCP lease (174) dotted decimal notation (152) dynamic addressing (170) Dynamic Host Configuration Protocol (DHCP) (173) host ID (156) ifconfig (155) Internet Assigned Numbers Authority (IANA) (162) Internet Control Message Protocol (ICMP) (146) Internet Protocol (IP) (146)

Internet Protocol version four (IPv4) (146) IP addressing (151) ipconfig (153) loopback address (176) multicast (163) network ID (156) protocol (145) protocol suite (145) routing table (156) segment (148) static addressing (170) subnet mask (159) subnetting (163) Transmission Control Protocol (TCP) (147) unicast (163) User Datagram Protocol (UDP) (147)

Key Term Quiz ■

Use the Key Terms list to complete the sentences that follow. Not all terms will be used.

The _______________ portion of an IP address 1. resembles 192.168.17.0.

The _______________ portion of an IP address 2. assigned to a host computer consists of from one

to three octets, with the final octet between 1 and 254.

The single organization that distributes IP 3. addresses is called _______________.

The IP address 10.11.12.13 is a valid 4. _______________ address.

BaseTech

179 Chapter 7: TCP/IP Basics

The command _______________ is a utility that 5. comes with Microsoft Windows to show TCP/IP settings.

The command _______________ is a utility for 6. UNIX/Linux/Mac OS X used to show TCP/IP settings.

The _______________ is used to translate IP 7. addresses to MAC addresses.

Computers set for dynamic addressing 8. that cannot locate a DHCP server use _______________ to assign themselves an IP address.

The router interface is commonly known as the 9. _______________.

The _______________ is a 32-bit binary number 10. common to all computers on a network that is used to determine to which network a computer belongs.

Multiple-Choice Quiz ■ What is the result of converting 1. 11110000.10111001.00001000.01100111 to dotted decimal notation?

4.5.1.5A.

240.185.8.103B.

15.157.16.230C.

103.8.185.240D.

What does IANA stand for?2.

International Association Numbers AuthorityA.

International Association Numbering B. Authority

Internet Assigned Numbering AuthorityC.

Internet Assigned Numbers AuthorityD.

Which of the following describe IPv4? 3. (Select three.)

Uses decimal, not hexadecimal numbersA.

Uses periods, not colons, as separatorsB.

Uses four octetsC.

Uses eight sets of charactersD.

What is the result of converting 192.168.0.1 to 4. binary?

11000000.10101000.00000000.00000001A.

11000000.10101000.00000000.10000000B.

11000000.10101000.00000000.1C.

11.10101.0.1D.

Which of the following are not valid IP 5. addresses to assign to a Windows-based system? (Select two.)

1.1.1.1/24A.

127.0.0.1/24B.

250.250.250.255/24C.

192.168.0.1/24D.

Which of the following is a valid assignable 6. Class A IP address?

22.33.44.55A.

127.0.0.1B.

250.250.250.250C.

192.168.0.1D.

Which of the following is a valid Class B IP 7. address?

10.10.10.253A.

191.254.254.254B.

192.168.1.1C.

223.250.250.1D.

Which of the following is a valid Class C IP 8. address?

50.50.50.50A.

100.100.100.100B.

192.168.0.254C.

250.250.250.250D.

Which method sends a packet from a single 9. computer to a group of interested computers? Select the best answer.

BroadcastA.

UnicastB.

MulticastC.

OmnicastD.

180 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 7

What processes are used to take a single class of 10. IP addresses and chop it up into multiple smaller groups? (Select two.)

CIDRA.

pingB.

SubnettingC.

SubnittingD.

Which statements about subnet masks are true? 11. (Select two.)

Every network client has a unique subnet A. mask.

Every client on a network shares the same B. subnet mask.

A subnet mask consists of a string of zeroes C. followed by a string of ones.

A subnet mask consists of a string of ones D. followed by a string of zeroes.

In which order are packets created and sent 12. when a client requests an IP address from a DHCP server?

DHCP Discover, DHCP Offer, DHCP A. Request, DHCP Acknowledge

DHCP Discover, DHCP Request, DHCP B. Offer, DHCP Acknowledge

DHCP Request, DHCP Offer, DHCP C. Discover, DHCP Acknowledge

DHCP Request, DHCP Offer, DHCP D. Acknowledge, DHCP Discover

Which of the following is13. not a valid classful subnet mask?

255.0.0.0A.

255.255.0.0B.

255.255.255.0C.

255.255.255.255D.

Which command would you use to force a 14. DHCP request on a Windows computer?

ifconfig /allA.

ifconfig /renewB.

ipconfig /releaseC.

ipconfig /renewD.

Which of the following IP addresses indicates 15. a computer configured for dynamic addressing was unable to locate a DHCP server?

255.255.255.255A.

192.168.1.1B.

127.0.0.1C.

169.254.1.30D.

Essay Quiz ■ Use your Web browser to go to the following 1. Web site: www.webopedia.com. Search for the full term TCP/IP. Write down its definition on a piece of paper, being sure to cite the exact Web site link to give credit to where you obtained the information.

You and a classmate are trying to calculate the 2. number of possible IPv4 addresses versus IPv6 addresses. (The TCP/IP powers that be created the IPv6 addressing system to replace the IPv4 system discussed in this chapter. Because I feel IPv6 is going to be extremely important

for all techs to understand in the future, this book devotes a full chapter to the subject— Chapter 13.) Research the Internet to discover exactly how many addresses are available for each of these numbering schemes. Document your findings in a short essay.

A new intern is confused about the CIDR 3. notation for subnets, such as 192.168.1/24. In your own words, explain to him why the part in front of the slash represents only three of the four octets in an IP address and what the number after the slash is.

BaseTech

181 Chapter 7: TCP/IP Basics

Lab Project 7.1 •

Lab ProjectsLab Projects

Use the Internet to research the components of what an individual TCP packet and an IP packet might look like. You can search on keywords such as “sample,” “TCP,” “IP,” “session,” and “packet.” Create a reference document that has

links to five sites with appropriate information. Save the document, so the links contain hyperlinks that you can click. Then write an additional paragraph describing your overall findings. Print one copy as well.

Lab Project 7.2 •

Starting with the IP address 192.42.53.12, create a list of IP address ranges for six subnets.

Lab Project 7.3 • Log in to any available networked Windows computer. Select Start | Run or just Start, type cmd, and press enter to open a command prompt; from the command prompt, type

ipconfig /all, and then press enter. Fill in as much information as you can from your screen onto a sheet like the following (or create one as directed by your instructor):

Host Name:

Primary DNS Suffix:

Node Type:

IP Routing Enabled:

WINS Proxy Enabled:

DNS Suffix Search List:

Connection-specific DNS Suffix:

Description: Physical Address:

DHCP Enabled:

Autoconfiguration Enabled:

IP Address:

Subnet Mask:

Default Gateway:

DHCP Server:

DNS Servers:

Primary WINS Server:

Lease Obtained:

Lease Expires:

8 chapter

182

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

The Wonderful World of Routing

“Youngsters read it, grown men

understand it, and old people

applaud it.”

—Miguel de Cervantes

In this chapter, you will learn how to

Explain how routers work■■

Describe dynamic routing ■■ technologies

Install and configure a router ■■ successfully

The true beauty and amazing power of TCP/IP lies in one word: routing. Routing enables us to interconnect individual LANs into WANs. Routers, the magic boxes that act as the interconnection points, have all the built-in

smarts to inspect incoming packets and forward them toward their eventual LAN

destination. Routers are, for the most part, automatic. They require very little in

terms of maintenance once their initial configuration is complete because they can

talk to each other to determine the best way to send IP packets. The goal of this

chapter is to take you into the world of routers and show you how they do this.

The chapter discusses how routers work, including an in-depth look at

different types of Network Address Translation (NAT), and then dives into an

examination of various dynamic routing protocols. You’ll learn about distance

vector protocols, including Routing Information Protocol (RIP) and Border

Gateway Protocol (BGP), among others. The chapter finishes with the nitty-

gritty details of installing and configuring a router successfully. Not only will

you understand how routers work, you should be able to set up a basic home

router and diagnose common router issues by the end of this chapter.

BaseTech

Chapter 8: The Wonderful World of Routing 183

Historical/Conceptual

How Routers Work■■ A router is any piece of hardware that forwards packets based on their des- tination IP address. Routers work, therefore, at the Network layer of the OSI model and at the Internet layer of the TCP/IP model.

Classically, routers are dedicated boxes that contain at least two con- nections, although many routers contain many more connections. In a business setting, for example, you might see a Cisco 2600 Series device, one of the most popular routers ever made. These routers are a bit on the older side, but Cisco builds their rout- ers to last. With occasional software upgrades, a typical router will last for many years. The 2611 router shown in Figure 8.1 has two connections (the other connections are used for maintenance and configuration). The two “working” connections are circled. One port leads to one network; the other leads to another network. The router reads the IP addresses of the packets to determine where to send the packets. (I’ll elaborate on how that works in a moment.)

Most techs today get their first exposure to rout- ers with the ubiquitous home routers that enable PCs to connect to a DSL modem or a cable modem (Fig- ure 8.2). The typical home router, however, serves multiple functions, often combining a router, a switch, and other features like a firewall (for protecting your network from intrud- ers), a DHCP server, and much more into a single box.

Figure 8.3 shows the electronic diagram for a two-port Cisco router, whereas Figure 8.4 shows the diagram for a Linksys home router.

Note that both boxes connect two networks. The big difference is that the LAN side of the Linksys home router connects immedi- ately to the built-in switch. That’s convenient! You don’t have to

Figure 8.1 • Cisco 2611 router

See Chapter 16 for an in- depth look at firewalls and other security options.

Figure 8.2 • Business end of a typical home router

Figure 8.4 • Linksys home router diagramFigure 8.3 • Cisco router diagram

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 184

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

buy a separate switch to connect multiple computers to the cable modem or DSL receiver. Many users and even some new techs look at that router, though, and say, “It has five ports so it’ll connect to five different networks,” when in reality it can connect only two networks. The extra physical ports belong to the built-in switch.

All routers—big and small, plain or bundled with a switch—examine packets and then send the packets to the proper destination. Let’s take a look at that process in more detail now.

Test Specific

Routing Tables Routing begins as packets come into the router for handling (Figure 8.5). The router immediately strips off any of the Layer 2 information and drops the resulting IP packet into a queue (Figure 8.6). The important point to make here is that the router doesn’t care where the packet originated. Every- thing is dropped into the same queue based on the time it arrived.

The router inspects each packet’s destination IP address and then sends the IP packet out the correct port. To perform this inspection, each router comes with a routing table that tells the router exactly where to send the packets. Fig- ure 8.7 shows the simple routing table for a typi- cal home router. This router has only two ports

Figure 8.6 • All incoming packets stripped of Layer 2 data and dropped into a common queue

Figure 8.5 • Incoming packets

BaseTech

Chapter 8: The Wonderful World of Routing 185

internally: one that connects to whichever type of service provider you use to bring the Internet into your home (cable/DSL/fiber or whatever)— labeled as WAN in the Interface column of the table—and another one that connects to a built-in four-port switch—labeled LAN in the table. Fig- ure 8.8 is a diagram for the router. Let’s inspect this router’s routing table; this table is the key to understanding and controlling the process of for- warding packets to their proper destination.

Each row in this little router’s simple routing table defines a single route. Each column identifies specific criteria. Reading Figure 8.7 from left to right shows the following:

Destination LAN IP ■ A defined network ID. Every network ID directly connected to one of the router’s ports is always listed here.

Subnet Mask ■ To define a network ID, you need a subnet mask (described in Chapter 7).

Your router uses the combination of the destination LAN IP and subnet mask to see if a packet matches that route. For example, if you had a packet with the destina- tion 10.12.14.26 coming into the router, the router would check the network ID and subnet mask. It would quickly determine that the packet matches the first route shown in Figure 8.7. The other two columns in the routing table then tell the router what to do with the packet:

Gateway ■ The IP address for the next hop router; in other words, where the packet should go. If the outgoing packet is for a network ID that’s not directly connected to the router, the Gateway column tells the router the IP address of a router to which to send this packet. That router then handles the packet and your router is done (you count on well-configured routers to make sure your packet will get to where it needs to go!). If the network ID is directly connected, then you don’t need a gateway. Based on what’s needed, this is set to 0.0.0.0 or to the IP address of the directly connected port.

Interface ■ Tells the router which of its ports to use. On this router, it uses the terms “LAN” and “WAN.” Other routing tables use the port’s IP address or some other type of abbreviation. Cisco routers, for example, use f0/0, f0/1, and so on.

Figure 8.7 • Routing table from a home router

Destination LAN IP

Routing Table Entry List

Subnet mask Gateway Interface

10.12.14.0 255.255.255.0 0.0.0.0 LAN

76.30.4.0 255.255.254.0 0.0.0.0 WAN

0.0.0.0 0.0.0.0 76.30.4.1 WAN

Refresh

Close

Figure 8.8 • Electronic diagram of the router

Cross Check What’s Up with Layer 2?

You first read about routers stripping packets of all their Layer 2 (OSI)/ Link layer (TCP/IP) information way back in Chapter 2, so check your memory now. What defines the Layer 2 information? How is it assigned? How does it interact with Layer 1? Are there any differences between the TCP/IP model’s Link layer and the OSI’s Data Link layer?

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 186

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

The router compares the destination IP address on a packet to every list- ing in the routing table and then sends the packet out.

The router reads every line and then decides what to do. Some routers compare a packet to the routing table by starting from the top down and other routers read from the bottom up. The direction the router chooses to read the routing table isn’t important because the router must compare the destination IP address to every route in the routing table. The most impor- tant trick to reading a routing table is to remember that a zero (0) means “anything.” For example, in Figure 8.7, the first route’s destination LAN IP is 10.12.14.0. You can compare that to the subnet mask (255.255.255.0) to confirm that this is a /24 network. This tells you that any value (between 1 and 254) is acceptable for the last value in the 10.12.14/24 network ID.

Routing tables tell you a lot about the network connections. From just this single routing table, for example, the diagram in Figure 8.9 can be drawn.

So how do I know the 76.30.4.1 port connects to another network? The third line of the routing table shows the default route for this router, and every router has one. (There’s one exception to this. See the Tech Tip “Top o’ the Internet.”) This line says

(Any destination address) (with any subnet mask) (forward it to 76.30.4.1) (using my WAN port)

Destination LAN IP Subnet Mask Gateway Interface 0.0.0.0 0.0.0.0 76.30.4.1 WAN

The default route is very important because this tells the router exactly what to do with every incoming packet unless another line in the routing table gives another route. Excellent! Interpret the other two lines of the rout- ing table in Figure 8.7 in the same fashion:

(Any packet for the 10.12.14.0) (/24 network ID) (don’t use a gateway) (just ARP on the LAN interface to get the MAC address and send it directly to the recipient)

Figure 8.9 • The network based on the routing table in Figure 8.7

Tech Tip

Top o’ the Internet There are two places where you’ll find routers that do not have default routes: private (as in not on the Internet) internetworks, where every router knows about every single network, and the monstrous “Tier One” backbone, where you’ll find the routers that make the main connections of the Internet. Every other router has a default route.

BaseTech

Chapter 8: The Wonderful World of Routing 187

Destination LAN IP Subnet Mask Gateway Interface 10.12.14.0 255.255.255.0 0.0.0.0 LAN

(Any packet for the 76.30.4.0) (/23 network ID) (don’t use a gateway) (just ARP on the WAN interface to get the MAC address and send it directly to the recipient)

Destination LAN IP Subnet Mask Gateway Interface 76.30.4.0 255.255.254.0 0.0.0.0 WAN

I’ll let you in on a little secret. Routers aren’t the only devices that use routing tables. In fact, every node (computer, printer, TCP/IP-capable soda dispenser, whatever) on the network also has a routing table.

At first, this may seem silly—doesn’t every computer only have a sin- gle Ethernet connection and, therefore, all data traffic has to go out that port? First of all, many computers have more than one NIC. (These are called multihomed computers. See the Tech Tip “Multihoming” for more details.) But even if your computer has only a single NIC, how does it know what to do with an IP address like 127.0.01? Second, every packet sent out of your computer uses the routing table to figure out where the packet should go, whether directly to a node on your network or to your gateway. Here’s an example of a routing table in Windows. This machine connects to the home router described earlier, so you’ll recognize the IP addresses it uses.

Tech Tip

Multihoming Multihoming is using more than one NIC in a system, either as a backup or to speed up a connection. Systems that can’t afford to go down (like Web servers) often have two NICs that share the same IP address. If one NIC goes down, the other kicks in automatically.

C:\>route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 11 d8 30 16 c0 ...... NVIDIA nForce Networking Controller =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.12.14.1 10.12.14.201 1 10.12.14.0 255.255.255.0 10.12.14.201 10.12.14.201 1 10.12.14.201 255.255.255.255 127.0.0.1 127.0.0.1 1 10.12.14.255 255.255.255.255 10.12.14.201 10.12.14.201 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 10.12.14.201 10.12.14.201 20 224.0.0.0 240.0.0.0 10.12.14.201 10.12.14.201 1 255.255.255.255 255.255.255.255 10.12.14.201 10.12.14.201 1 Default Gateway: 10.12.14.1 =========================================================================== Persistent Routes: None C:\>

Unlike the routing table for the typical home router you saw in Fig- ure 8.7, this one seems a bit more complicated, if for no other reason than it has a lot more routes. My PC has only a single NIC, though, so it’s not quite as complicated as it might seem at first glance. Take a look at the details. First note that my computer has an IP address of 10.12.14.201/24 and 10.12.14.1 as the default gateway.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 188

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

You should note two differences in the columns from what you saw in the previous routing table. First, the interface has an actual IP address—10.12.14.201, plus the loopback of 127.0.0.1—instead of the word “LAN.” Second—and this is part of the magic of routing—is something called the metric.

A metric is just a relative value that defines the “cost” of using this route. The power of TCP/IP is that a packet can take more than one route to get to the same place. Figure 8.10 shows a networked router with two routes to the same place. The router has a route to Network B with a metric of 1 using Route 1, and a second route to Network B using Route 2 with a metric of 10.

Figure 8.10 • Two routes to the same network

Lowest routes always win. In this case, the router will always use the route with the metric of 1, unless that route suddenly stopped working. In that case, the router would automatically switch to the route with the 10 metric (Figure 8.11). This is the cornerstone of how the Internet works! The entire Internet is nothing more than a whole bunch of big, powerful routers connected to lots of other big, powerful routers. Connections go up and down all the time, and routers (with multiple routes) constantly talk to each other, detecting when a connection goes down and automatically switching to alternate routes.

I’ll go through this routing table one line at a time. Remember, every address is compared to every line in the routing table before it goes out, so it’s no big deal if the default route is at the beginning or the end. Windows machines read from bottom up, going through all local addresses before going out to the router, so that’s how I’ll go through it here.

The bottom line defines the default IP broadcast. If you send out an IP broad- cast (255.255.255.255), your NIC knows to send it out to the local network.

When a router has more than one route to the same network, it’s up to the person in charge of that router to assign a different metric for each route. With dynamic routing protocols (discussed in detail later in the chapter in “Dynamic Routing”), the routers determine the proper metric for each route.

Figure 8.11 • When a route no longer works, the router automatically switches.

Tech Tip

Viewing Routing Tables in Linux and OS X Every modern operating system gives you tools to view a computer’s routing table. Most techs use the command line or terminal window interface—often called simply terminal—because it’s fast. To see your routing table in Windows, Linux, or in Mac OS X, for example, type this command at a terminal:

netstat –r

In Windows, try this command as an alternative:

route print

Network Destination Netmask Gateway Interface Metric 255.255.255.255 255.255.255.255 10.12.14.201 10.12.14.201 1

BaseTech

Chapter 8: The Wonderful World of Routing 189

The next line up is the multicast address range. Odds are good you’ll never need it, but most operating systems put it in automatically.

Network Destination Netmask Gateway Interface Metric 224.0.0.0 240.0.0.0 10.12.14.201 10.12.14.201 1

The next route says that any addresses in the 169.254/16 network ID are part of the LAN (remember, whenever the gateway and interface are the same, the connection is local). If your computer uses Dynamic Host Con- figuration Protocol (DHCP) and can’t get an IP address, this route would enable you to communicate with other computers on the network that are also having the same DHCP problem. Note the high metric.

Network Destination Netmask Gateway Interface Metric 169.254.0.0 255.255.0.0 10.12.14.201 10.12.14.201 20

This next line is another loopback, but examine it carefully. Earlier you learned that only 127.0.0.1 is the loopback, but according to this route, any 127/8 address is the loopback.

Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

The next line up is the directed broadcast. Occasionally your computer needs to send a broadcast to the other computers on the same network ID. That’s what this row signifies. This difference between a directed broadcast and a full broadcast is the former goes only to the targeted subnet, not the full broadcast domain.

Network Destination Netmask Gateway Interface Metric 10.12.14.255 255.255.255.255 0.12.14.201 10.12.14.201 1

Okay, on to the next line. This one’s easy. Anything addressed to this machine should go right back to it through the loopback (127.0.0.1).

Network Destination Netmask Gateway Interface Metric 10.12.14.201 255.255.255.255 127.0.0.1 127.0.0.1 1

The next line defines the local connection: (Any packet for the 10.12.14.0) (/24 network ID) (don’t use a gateway) (just ARP on the LAN interface to get the MAC address and send it directly to the recipient) (Cost of 1 to use this route).

Network Destination Netmask Gateway Interface Metric 10.12.14.0 255.255.255.0 10.12.14.201 10.12.14.201 1

So, if a gateway of 10.12.14.201 here means “don’t use a gateway,” why put a number in at all? Local connections don’t use the default gateway, although every routing table has a gateway column. The Microsoft folks had to put something there, thus they put the IP address of the NIC. That’s

Try This! Getting Looped

Try pinging any 127/8 address to see if it loops back like 127.0.0.1. What happens?

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 190

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

why the gateway address is the same as the interface address. The NIC is the gateway between the local PC and the destination. Just pass it out the NIC and the destination will get it.

This is how Windows XP displays the gateway on this line. In Windows Vista and Windows 7, the gateway value for local connections just says “on- link”—a clear description! Part of the joy of learning routing tables is get- ting used to how different operating systems deal with issues like these.

The top line defines the default route: (Any destination address) (with any subnet mask) (forward it to my default gateway) (using my NIC) (Cost of 1 to use this route). Anything that’s not local goes to the router and from there out to the destination (with the help of other routers).

Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.12.14.1 10.12.14.201 1

Just for fun, let’s add one more routing table; this time from my old Cisco 2811, which is still connecting me to the Internet after all these years! I access the Cisco router remotely from my Windows 7 system using a tool called PuTTY (you’ll see more of PuTTY throughout this book), log in, and then run this command:

show ip route

Don’t let all the text confuse you. The first part, labeled Codes, is just a help screen to let you know what the letters at the beginning of each row mean:

Gateway#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 208.190.121.38 to network 0.0.0.0 C 208.190.121.0/24 is directly connected, FastEthernet0/1 C 192.168.4.0/24 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 208.190.121.38

These last three lines are the routing table. The router has two Ethernet interfaces called FastEthernet0/1 and FastEthernet0/0. This is how Cisco names router interfaces.

Reading from the top, you see that FastEthernet 0/1 is directly con- nected (the C at the beginning of the line) to the network 208.190.121.0/24. Any packets that match 208.190.121.0/24 go out on FastEthernet0/1. Equally, any packets for the connected 192.168.4.0/24 network go out on FastEthernet0/0. The last route gets an S for static because I entered it in manually. The asterisk (*) shows that this is the default route.

In this section, you’ve seen three different types of routing tables from three different types of devices. Even though these routing tables have

BaseTech

Chapter 8: The Wonderful World of Routing 191

different ways to list the routes and different ways to show the categories, they all perform the same job: moving IP packets to the correct interface to ensure they get to where they need to go.

Freedom from Layer 2 Routers enable you to connect different types of network technologies. You now know that routers strip off all of the Layer 2 data from the incoming packets, but thus far you’ve only seen routers that connect to different Eth- ernet networks—and that’s just fine with routers. But routers can connect to almost anything that stores IP packets. Not to take away from some very exciting upcoming chapters, but Ethernet is not the only network- ing technology out there. Once you want to start making long-distance connections, Eth- ernet disappears, and technologies with names like Data-Over-Cable Service Interface Specification (DOCSIS) (cable modems), Frame Relay, and Asynchronous Transfer Mode (ATM) take over. These technologies are not Ethernet, and they all work very dif- ferently than Ethernet. The only common fea- ture of these technologies is they all carry IP packets inside their Layer 2 encapsulations.

Most serious (that is, not home) routers enable you to add interfaces. You buy the router and then snap in different types of interfaces depending on your needs. Note the Cisco router in Figure 8.12. Like most Cisco rout- ers, it comes with removable modules.

If you’re connecting Ethernet to ATM, you buy an Ethernet module and an ATM module. If you’re connecting Ethernet to a DOCSIS (cable modem) network, you buy an Ethernet module and a DOCSIS module.

Network Address Translation The ease of connecting computers together using TCP/IP and routers cre- ates a rather glaring security risk. If every computer on a network must have a unique IP address, and TCP/IP applications enable you to do some- thing on a remote computer, what’s to stop a malicious programmer from writing a program that does things on your computer that you don’t want done? All he or she would need is the IP address for your computer and the attacker could target you from anywhere on the network. Now expand this concept to the Internet. A computer sitting in Peoria can be attacked by a program run from Bangkok as long as both computers connect directly to the Internet. And this happens all the time.

Security is one problem. The other is a deal breaker—the IANA assigned the last of the IPv4 addresses as of February 2011. Although you can still get an IP address from an ISP, the days of easy availability are over. Rout- ers running some form of Network Address Translation (NAT) hide the IP addresses of computers on the LAN but still enable those computers to

Figure 8.12 • Modular Cisco router

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 192

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

communicate with the broader Internet. NAT extended the useful life of IPv4 addressing on the Internet for many years. NAT is extremely common and heavily in use, so learning how it works is important. Note that many routers offer NAT as a feature in addition to the core capability of routing. NAT is not routing, but a separate technology. With that said, you are ready to dive into how NAT works to protect computers connected by router tech- nology and conserve IP addresses as well.

The Setup Here’s the situation. You have a LAN with eight computers that need access to the Internet. With classic TCP/IP and routing, several things have to happen. First, you need to get a block of legitimate, unique, expensive IP addresses from an Internet service provider (ISP). You could call up an ISP and purchase a network ID, say 1.2.3.136/29. Second, you assign an IP address to each computer and to the LAN connection on the router. Third, you assign the IP address for the ISP’s router to the WAN connection on the local router, such as 1.2.4.1. After everything is config- ured, the network looks like Figure 8.13. All of the clients on the network have the same default gateway (1.2.3.137). This router, called a gateway router (or simply a gateway), acts as the default gateway for a number of client computers.

Figure 8.13 • Network setup

BaseTech

Chapter 8: The Wonderful World of Routing 193

This style of network mirrors how computers in LANs throughout the world connected to the Internet for the first 20 years, but the major prob- lems of security and a finite number of IP addresses worsened as more and more computers connected.

NAT solved both of these issues for many years. NAT is a simple con- cept: The router replaces the source IP address of a computer with its out- side interface address on outgoing packets. The simplest NAT, called basic NAT, does exactly that, translating the private or internal IP address to a global IP address on a one-to-one basis.

Port Address Translation Most internal networks today don’t have one machine, of course. Instead, they use a block of private IP addresses for the hosts inside the network. They connect to the Internet through one or more public IP addresses.

The most common form of NAT that handles this one-to-many connection—called Port Address Trans- lation (PAT)—uses port numbers to map traffic from specific machines in the network. Let’s use a simple example to make the process clear. John has a net- work at his office that uses the private IP address- ing space of 192.168.1.0/24. All the computers in the private network connect to the Internet through a single PAT router with the global IP address of 208.190.121.12/24. See Figure 8.14.

When an internal machine initiates a session with an external machine, such as a Web browser accessing a Web site, the source and destination IP addresses and port numbers for the TCP segment or UDP datagram are recorded in the PAT’s transla- tion table, and the private IP address is swapped for the public IP address on each packet. Plus, the port number used by the internal computer for the session is also translated into a unique port number and the router records this as well. See Figure 8.15.

Figure 8.15 • PAT in action—changing the source IP address and port number to something usable on the Internet

NAT replaces the source IP address of a computer with the source IP address from the outside router interface on outgoing packets. NAT is performed by NAT-capable routers.

Figure 8.14 • John’s network setup

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 194

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

Table 8.1 shows a sample of the translation table inside the PAT router. Note that more than one computer translation has been recorded.

Table 8.1 Sample NAT Translation Table Source Translated Source Destination

192.168.1.12:7000 208.190.121.12:7500 192.168.1.24:13245 208.190.121.12:15000 17.5.85.11:80

When the receiving system sends the packet back, it reverses the IP addresses and ports. The PAT router compares the incoming destination port and source IP address to the entry in the NAT translation table to deter- mine which IP address to put back on the packet. It then sends the packet to the correct computer on the network.

This mapping of internal IP address and port number to a translated IP address and port number enables perfect tracking of packets out and in. PAT can handle many internal computers with a single public IP address because the TCP/IP port number space is big, as you’ll recall from Chap- ter 7, with values ranging from 1 to 65535. Some of those port numbers are used for common protocols, but many thousands are available for PAT to work its magic.

PAT takes care of all of the problems facing a network exposed to the Internet. You don’t have to use legitimate Internet IP addresses on the LAN and the IP addresses of the computers behind the routers are invisible and protected from the outside world.

Since the router is revising the packets and recording the IP address and port information already, why not enable it to handle ports more aggres- sively? Enter port forwarding, stage left.

Port Forwarding The obvious drawback to relying exclusively on PAT for network address translation is that it only works for outgoing communication, not incoming communication. For traffic originating outside the network to access an internal machine, such as a Web server hosted inside your network, you need to use other technologies.

Static NAT (SNAT) maps a single routable (that is, not private) IP address to a single machine, enabling you to access that machine from outside the network. The NAT keeps track of the IP address or addresses and applies them permanently on a one-to-one basis with computers on the network.

With port forwarding, you can designate a specific local address for various network services. Computers outside the network can request a service using the public IP address of the router and the port number of the desired service. The port-forwarding router would examine the packet, look at the list of services mapped to local addresses, and then send that packet along to the proper recipient.

Chapter 9 goes into port numbers in great detail.

Despite the many uses in the industry of the acronym SNAT, the CompTIA Network+ exam uses SNAT for Static NAT exclusively.

Tech Tip

Dynamic NAT With dynamic NAT, many computers can share a pool of routable IP addresses that number fewer than the computers. The NAT might have 10 routable IP addresses, for example, to serve 40 computers on the LAN. LAN traffic uses the internal, private IP addresses. When a computer requests information beyond the network, the NAT doles out a routable IP address from its pool for that communication. Dynamic NAT is also called Pooled NAT. This works well enough—unless you’re the unlucky 11th person to try to access the Internet from behind the company NAT—but has the obvious limitation of still needing many true, expensive, routable IP addresses.

BaseTech

Chapter 8: The Wonderful World of Routing 195

You can use port forwarding to hide a service hosted inside your network by changing the default port number for that service. To hide an internal Web server, for example, you could change the request port number to something other than port 80, the default for HTTP traffic. The router in Figure 8.16, for example, is configured to forward all port 8080 packets to the internal Web server at port 80.

Figure 8.16 • Setting up port forwarding on a home router

To access that internal Web site from outside your local network, you would have to change the URL in the Web browser by specifying the port request number. Figure 8.17 shows a browser that has :8080 appended to the URL, which tells the browser to make the HTTP request to port 8080 rather than port 80.

Most browsers require you to write out the full URL, including HTTP://, when using a nondefault port number.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 196

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

Configuring NAT Configuring NAT on home routers is a no-brainer as these boxes invari- ably have NAT turned on automatically. Figure 8.18 shows the screen on my home router for NAT. Note the radio buttons that say Gateway and Router.

By default, the router is set to Gateway, which is Linksys-speak for “NAT is turned on.” If I wanted to turn off NAT, I would set the radio button to Router.

Figure 8.19 shows a router configuration screen on a Cisco router. Commercial routers enable you to do a lot more with NAT.

Dynamic Routing■■ Based on what you’ve read up to this point, it would seem that routes in your routing tables come from two sources: either they are manually entered or they are detected at setup by the router. In either case, a route seems to be a static beast, just sitting there and never changing. And based on what you’ve seen so far, that is absolutely true. Routers have static routes. But most routers also have the capability to update their routes dynamically, assuming they’re provided with the extra smarts in the form of dynamic routing protocols.

Figure 8.17 • Changing the URL to access a Web site using a nondefault port number

Figure 8.18 • NAT setup on home router

BaseTech

Chapter 8: The Wonderful World of Routing 197

If you’ve been reading carefully, you might be tempted at this point to say, “Why do I need this dynamic routing stuff? Don’t routers use metrics so I can add two or more routes to another network ID in case I lose one of my routes?” Yes, but metrics really only help when you have direct connec- tions to other network IDs. What if your routers look like Figure 8.20?

Figure 8.20 • Lots of routers

Figure 8.19 • Configuring NAT on a commercial-grade router

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 198

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

Do you really want to try to set up all these routes statically? What hap- pens when something changes? Can you imagine the administrative night- mare? Why not just give routers the brainpower to talk to each other so they know what’s happening not only to the other directly connected routers but also to routers two or more routers away? A hop is defined as each time a packet goes through a router. Let’s talk about hops for a moment. Fig- ure 8.21 shows a series of routers. If you’re on a computer in Network ID X and you ping a computer in Network ID Y, you go one hop. If you ping a computer in Network ID Z, you go two hops.

Figure 8.21 • Hopping through a WAN

Routing protocols have been around for a long time, and, like any tech- nology, there have been a number of different choices and variants over those years. CompTIA Network+ competencies break these many types of routing protocols into three distinct groups: distance vector, link state, and hybrid. CompTIA obsesses over these different types of routing protocols, so this chapter does too!

Routing Metrics Earlier in the chapter, you learned that routing tables contain a factor called a metric. A metric is a relative value that routers use when they have more than one route to get to another network. Unlike the gateway routers in our homes, a more serious router will often have multiple connections to get to a particular network. This is the beauty of routers combined with dynamic protocols. If a router suddenly loses a connection, it has alternative routes to the same network. It’s the role of the metric setting for the router to decide which route to use.

There is no single rule to set the metric value in a routing table. The various types of dynamic protocols use different criteria. Here are the most common criteria for determining a metric.

Maximum Transmission Unit ■ Better known by the abbreviation MTU, this determines the largest frame a particular technology can handle. Ethernet likes to use 1,500-byte frames. Other technologies use smaller or larger frames. If an IP packet is too big for a particular technology, that packet is broken into pieces to fit into the network

If a routing table has two or more valid routes for a particular IP address destination, it always chooses the route with the lowest value.

BaseTech

Chapter 8: The Wonderful World of Routing 199

protocol in what is called fragmentation. Fragmentation is bad because it slows down the movement of IP packets (see “Latency”). By setting the optimal MTU size before IP packets are sent, you avoid or at least reduce fragmentation.

Costs ■ Connecting to the Internet isn’t free. Some connections cost more than others, and some incur costs based on usage.

Bandwidth ■ Some connections handle more data than others. An old dial-up connection moves at best 64 Kbps. A cable modem easily handles many millions of bits per second.

Latency ■ Say you have a race car that has a top speed of 200 miles per hour, but it takes 25 minutes to start the car. If you press the gas pedal, it takes 15 seconds to start accelerating. If the engine runs for more than 20 minutes, the car won’t go faster than 50 miles per hour. These issues prevent the car from doing what it should be able to do: go 200 miles per hour. Latency is like that. Hundreds of issues occur that slow down network connections between routers. These issues are known collectively as latency. A great example is a satellite connection. The distance between the satellite and the antenna causes a delay that has nothing to do with the speed of the connection.

Different dynamic routing protocols use one or more of these routing metrics to calculate their own routing metric. As you learn about these protocols, you will see how each of these calculates their own metrics differently.

Distance Vector Distance vector routing protocols were the first to appear in the TCP/IP routing world. The cornerstone of all distance vector routing protocols is some form of total cost. The simplest total cost sums the hops (the hop count) between a router and a network, so if you had a router one hop away from a network, the cost for that route would be 1; if it were two hops away, the cost would be 2.

All network connections are not equal. A router might have two one- hop routes to a network—one using a fast connection and the other using a slow connection. Administrators set the metric of the routes in the routing table to reflect the speed. The slow single-hop route, for example, might be given the metric of 10 rather than the default of 1 to reflect the fact that it’s slow. The total cost for this one-hop route is 10, even though it’s only one hop. Don’t assume a one-hop route always has a cost of 1.

Distance vector routing protocols calculate the total cost to get to a par- ticular network ID and compare that cost to the total cost of all the other routes to get to that same network ID. The router then chooses the route with the lowest cost.

For this to work, routers using a distance vector routing protocol trans- fer their entire routing table to other routers in the WAN. Each distance vector routing protocol has a maximum number of hops that a router will send its routing table to keep traffic down.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 200

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

Assume you have four routers connected as shown in Figure 8.22. All of the routers have static routes set up between each other with the metrics shown. You add two new networks, one that connects to Router A and the other to Router D. For simplicity, call them Network ID X and Network ID Y. A computer on one network wants to send packets to a computer on the other network, but the routers in between Routers A and D don’t yet know the two new network IDs. That’s when distance vector routing protocols work their magic.

Because all of the routers use a distance vector routing protocol, the problem gets solved quickly. At a certain defined time interval (usually 30 seconds or less), the routers begin sending each other their routing tables (the routers each send their entire routing table, but for simplicity just con- centrate on the two network IDs in question). On the first iteration, Router A sends its route to Net- work ID X to Routers B and C. Router D sends its route to Net- work ID Y to Router C (Fig- ure 8.23).

This is great—Routers B and C now know how to get to Net- work ID X, and Router C can get to Network ID Y. There’s still no complete path, however, between Network ID X and Network ID Y. That’s going to take another inter- val. After another set amount of time, the routers again send their now updated routing tables to each other, as shown in Figure 8.24.

Router A knows a path now to Network ID Y, and Router D knows a path to Network ID X. As a side effect, Router B and Router C have two routes to Network ID X. Router B can get to Network ID X through Router A and through Router C. Similarly, Router C can get to Network ID X through Router A and through Router B. What to do? In cases where the router discovers multiple routes to the same network ID, the dis- tance vector routing protocol deletes all but the route with the lowest total cost (Figure 8.25).

Figure 8.22 • Getting a packet from Network ID X to Network ID Y? No clue!

Figure 8.23 • Routes updated

Figure 8.24 • Updated routing tables

BaseTech

Chapter 8: The Wonderful World of Routing 201

Assume you have four routers connected as shown in Figure 8.22. All of the routers have static routes set up between each other with the metrics shown. You add two new networks, one that connects to Router A and the other to Router D. For simplicity, call them Network ID X and Network ID Y. A computer on one network wants to send packets to a computer on the other network, but the routers in between Routers A and D don’t yet know the two new network IDs. That’s when distance vector routing protocols work their magic.

Because all of the routers use a distance vector routing protocol, the problem gets solved quickly. At a certain defined time interval (usually 30 seconds or less), the routers begin sending each other their routing tables (the routers each send their entire routing table, but for simplicity just con- centrate on the two network IDs in question). On the first iteration, Router A sends its route to Net- work ID X to Routers B and C. Router D sends its route to Net- work ID Y to Router C (Fig- ure 8.23).

This is great—Routers B and C now know how to get to Net- work ID X, and Router C can get to Network ID Y. There’s still no complete path, however, between Network ID X and Network ID Y. That’s going to take another inter- val. After another set amount of time, the routers again send their now updated routing tables to each other, as shown in Figure 8.24.

Router A knows a path now to Network ID Y, and Router D knows a path to Network ID X. As a side effect, Router B and Router C have two routes to Network ID X. Router B can get to Network ID X through Router A and through Router C. Similarly, Router C can get to Network ID X through Router A and through Router B. What to do? In cases where the router discovers multiple routes to the same network ID, the dis- tance vector routing protocol deletes all but the route with the lowest total cost (Figure 8.25).

Figure 8.25 • Deleting higher-cost routes

On the next iteration, Routers A and D get updated information about the lower total-cost hops to connect to Network IDs X and Y (Figure 8.26).

Just as Routers B and C only kept the routes with the lowest costs, Routers A and D keep only the lowest-cost routes to the net- works (Figure 8.27).

Now Routers A and D have a lower-cost route to Network IDs X and Y. They’ve removed the higher-cost routes and begin sending data.

At this point, if routers were human they’d realize that each router has all the information about the network and stop send- ing each other routing tables. Routers using distance vector routing protocols, however, aren’t that smart. The routers continue to send their complete routing tables to each other, but because the information is the same, the routing tables don’t change.

At this point, the routers are in convergence (also called steady state), meaning the updating of the routing tables for all the routers has completed. Assuming nothing changes in terms of connections, the routing tables will not change. In this example, it takes three iter- ations to reach convergence.

So what happens if the route between Routers B and C breaks? The routers have deleted the higher-cost routes, only keeping the lower-cost route that goes between Routers B and C. Does this mean Router A can no lon- ger connect to Network ID Y and Router D can no longer connect to Network ID X? Yikes! Yes, it does. At least for a while.

Routers that use distance vec- tor routing protocols continue to send to each other their entire

Figure 8.26 • Argh! Multiple routes!

Figure 8.27 • Last iteration

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 202

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

routing table at regular intervals. After a few iterations, Routers A and D will once again know how to reach each other, although they will connect through the once-rejected slower connection.

Distance vector routing protocols work fine in a scenario such as the previous one that has only four routers. Even if you lose a router, a few minutes later the network returns to convergence. But imagine if you had tens of thousands of routers (the Internet). Convergence could take a very long time indeed. As a result, a pure distance vector routing protocol works fine for a network with a few (less than 10) routers, but it isn’t good for large networks.

Routers can use one of three distance vector routing protocols: RIPv1, RIPv2, or BGP.

RIPv1 The granddaddy of all distance vector routing protocols is the Routing Information Protocol (RIP). The first version of RIP—called RIPv1—dates from the 1980s, although its predecessors go back all the way to the begin- nings of the Internet in the 1960s. RIP has a maximum hop count of 15 so your router will not talk to another router more than 15 routers away. This ended up being a problem because a routing table request could literally loop all the way around back to the initial router.

RIPv1 sent out an update every 30 seconds. This also turned into a big problem because every router on the network would send its routing table at the same time, causing huge network overloads.

As if these issues weren’t bad enough, RIPv1 didn’t know how to use variable-length subnet masking (VLSM), where networks connected through the router used different subnet masks. Plus RIPv1 routers had no authen- tication, leaving them open to hackers sending false routing table informa- tion. RIP needed an update.

RIPv2 RIPv2, adopted in 1994, is the current version of RIP. It works the same way as RIPv1, but fixes many of the problems. VLSM has been added, and authentication is built into the protocol. (The maximum hop count of 15 continues to apply to RIPv2.)

Most routers still support RIPv2, but RIP’s many problems, especially the time to convergence for large WANs, makes it obsolete for all but small,

private WANs that consist of a few routers. The growth of the Internet demanded a far more robust dynamic routing protocol. That doesn’t mean RIP rests in peace! RIP is both easy to use and simple for manufacturers to implement in their routers, so most routers, even home routers, have the ability to use RIP (Figure 8.28). If your network consists of only two, three, or four routers, RIP’s easy configuration often makes it worth putting up with slower convergence.

BGP The explosive growth of the Internet in the 1980s required a fundamental reorganization in the structure of the Internet itself and one big part of this reorganization was the call to make the “big” routers use a standardized dynamic routing protocol. Implementing this was much harder than you

Figure 8.28 • Setting RIP in a home router

BaseTech

Chapter 8: The Wonderful World of Routing 203

might think because the entities that govern how the Internet works do so in a highly decentralized fashion. Even the organized groups, such as the Internet Society (ISOC), the Internet Assigned Numbers Authority (IANA), and the Internet Engineering Task Force (IETF), are made up of many indi- viduals, companies, and government organizations from across the globe. This decentralization made the reorganization process take time and many meetings.

What came out of the reorganization eventually was a multitiered structure. At the top of the structure sit many Autonomous Systems. An Autonomous System (AS) is one or more networks that are governed by a single dynamic routing protocol within that AS. Figure 8.29 illustrates the central structure of the Internet.

Figure 8.29 • The Internet

Autonomous Systems do not use IP addresses, but rather use a special globally unique Autonomous System Number (ASN) assigned by the IANA. Originally a 16-bit number, the current ASNs are 32 bits, displayed as two 16-bit numbers separated by a dot. So, 1.33457 would be a typical ASN. Just as you would assign an IP address to a router, you would configure the router to use or be the ASN assigned by the IANA. See Figure 8.30.

Autonomous Systems communicate with each other using a protocol, called generically an Exterior Gateway Protocol (EGP). The network or networks within an AS communicate with pro- tocols as well; these are called generically Interior Gateway Protocols (IGPs).

Let me repeat this to make sure you understand the difference between EGP and IGP. Neither EGP nor IGP are dynamic routing protocols; rather these are terms used by the large Internet service providers to separate their interconnected routers using ASNs from other interconnected net- works that are not part of this special group of companies. The easy way to keep these terms separate is to appreciate that although many protocols are used within Autonomous Systems, such as RIP, the Internet has settled on

Figure 8.30 • Configuring a Cisco router to use an ASN

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 204

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

one protocol for communication between each AS: the Border Gate- way Protocol (BGP-4). BGP is the glue of the Internet, connecting all of the Autonomous Systems. Other dynamic routing protocols such as RIP are, by definition, IGP. The cur- rent version of BGP is BGP-4.

The CompTIA Network+ exam objectives list BGP as a distance

vector routing protocol, but it’s really somewhat different. BGP doesn’t have the same type of routing table as you’ve seen so far. Instead, BGP rout- ers are manually configured (these types of connections aren’t the type that go down very often!) and advertise information passed to them from differ- ent Autonomous Systems’ edge routers—that’s what the AS-to-AS routers are called. BGP forwards these advertisements that include the ASN and other very non-IP items.

BGP also knows how to handle a number of situations unique to the Internet. If a router advertises a new route that isn’t reliable, most BGP rout- ers will ignore it. BGP also supports policies for limiting which and how other routers may access an ISP.

BGP is an amazing and powerful dynamic routing protocol, but unless you’re working deep in the router room of an AS, odds are good you’ll never see it in action. Those who need to connect a few routers together usually turn to a family of dynamic routing protocols that work very differ- ently from distance vector routing protocols.

Link State The limitations of RIP motivated the demand for a faster protocol that took up less bandwidth on a WAN. The basic idea was to come up with a dynamic routing protocol that was more efficient than routers that sim- ply sent out their entire routing table at regular intervals. Why not instead simply announce and forward individual route changes as they appeared? That is the basic idea of a link state dynamic routing protocol. There are only two link state dynamic routing protocols: OSPF and IS-IS.

OSPF Open Shortest Path First (OSPF) is the most commonly used IGP on the Internet. Most large Internet users (as opposed to ISPs) use OSPF on their internal networks. Even an AS, while still using BGP on its edge routers, will use OSPF internally because OSPF was designed from the ground up to work within a single AS. OSPF converges dramatically faster and is much more efficient than RIP. Odds are good that if you are using dynamic rout- ing protocols, you’re using OSPF.

Before you see OSPF in action, I need to warn you that OSPF is a com- plex protocol for routers. You won’t find OSPF on inexpensive home rout- ers because making it work takes a lot of computational firepower. But OSPF’s popularity and CompTIA’s coverage make this an important area for you to understand. The description here, although more than enough to

You can use BGP within an AS to connect networks, so you can and do run into situations where BGP is both the interior and exterior protocol for an AS. To distinguish between the two uses of the protocol, network folks refer to the BGP on the interior as the internal BGP (iBGP); the exterior connection then becomes the exterior BGP (eBGP).

Please remember that in the earlier general distance vector routing example, I chose not to show that every update was an entire routing table! I only showed the changes, but trust me, the entire routing table is transmitted roughly every 30 seconds (with some randomization).

Try This! Discovering the Autonomous System Numbers

You can see the AS for most Web sites by using this handy little Firefox add-on:

www.asnumber.networx.ch

It doesn’t work for every Web site, but it’s still interesting.

BaseTech

Chapter 8: The Wonderful World of Routing 205

get you through the CompTIA Network+ exam successfully, is still only a light touch on the fascinating world of OSPF.

Let’s head back to the four-router setup used to explain RIP, but this time replace RIP with OSPF. Because OSPF is designed to work with the Internet, let’s give Router B an upstream connection to the organization’s ISP. When you first launch OSPF-capable routers, they send out link state advertisements (LSAs), called Hello packets, looking for other OSPF routers (Figure 8.31).

Figure 8.31 • Hello!

A new router sends a lot of LSAs when it first starts. This is called flooding.

One of the big differences between OSPF and RIP is the hop cost. Whereas single hops in RIP have a cost of 1 unless manually changed, the cost in OSPF is based on the speed of the link. The formula is

100,000,000/bandwidth in bps

A 10BaseT link’s OSPF cost is 100,000,000/10,000,000 = 10. The faster the bandwidth, the lower the cost. You can override this manually if you wish.

To appreciate the power of OSPF, look at Figure 8.32. When OSPF rout- ers send LSA Hellos, they exchange this information and update their link state databases.

Figure 8.32 • Link states

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 206

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

These LSA Hellos are forwarded to every OSPF router in the network. Every router knows the link state for every other router. This happens in a few seconds.

You don’t want the routers to flood anywhere beyond your own rout- ers, so every router is assigned an Area ID. Area IDs (unfortunately, in my opinion) look exactly like IP addresses. Every OSPF router is designed to accept an Area ID that you enter in the routers. In this case, all of the routers are given the Area ID of 0.0.0.0. This is commonly called Area 0.

Area 0 is rather important in the world of OSPF. If your network gets more complex, you can make multiple areas. Area 0 is the most important area, however, and, therefore, is called the backbone. In this example, all of the routers are part of Area 0 (Figure 8.33).

Figure 8.33 • Area defined

Areas are very important for OSPF. To minimize router traffic, every area has one “El Supremo” router that relays information to all of the other routers in the area. This router is called the designated router (DR). A second router is called the backup designated router (BDR) in case the DR isn’t available. As the routers first begin to communicate, a DR and BDR election automatically begins. The router with the lowest total pri- ority wins. In this case, Router B becomes the DR and Router A becomes the BDR. This election actually takes place during the initial Hello packet exchange (Figure 8.34). In most cases, you simply let the routers decide, but you can manually set a router as the DR and BDR if you desire (which is rare).

Once the elections take place, it’s finally time to distribute some routes across the area. Routers A and B send a separate LSA telling all routers in the area that they are connected to Network IDs X and Y, respec- tively. These are not the entire routing tables, but rather only a single route that is almost instantly dispersed across the routers in the OSPF area (Figure 8.35).

As you can see, OSPF areas almost instantly gain convergence compared to RIP. Once convergence is reached, all of the routers in the area send each other Hello LSAs every 30 minutes or so unless they detect a break in the

Even though OSPF Area IDs look like IP addresses, they have nothing to do with IP!

BaseTech

Chapter 8: The Wonderful World of Routing 207

link state. Also notice that OSPF routers keep alternate routes to the same network ID.

So what happens when something changes? For example, what if the connection between Routers A and B were to disconnect? In that case, both Routers A and B would almost instantly detect the break (as traffic between the two would suddenly stop). Each router would first attempt to recon- nect. If reconnecting was unsuccessful (over a few seconds), the routers would then send out an LSA announcing the connection between the two was broken (Figure 8.36). Again, we’re talking about a single route, not the entire routing table. Each router updates its routing table to remove the route that no longer works.

Figure 8.34 • DR and BDR

Figure 8.35 • All routers updated

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 208

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

Figure 8.36 • Announcing a disconnect

OSPF isn’t popular by accident. It scales to large networks quite well and is supported by all but the most basic routers. By the way, did I forget to mention that OSPF also supports authentication and that the shortest-path- first method, by definition, prevents loops?

Why would anyone use anything else? Well, OSPF had one problem that wasn’t repaired until fairly recently: support for something called IPv6 (see Chapter 13 for details on IPv6). Not to preempt Chapter 13, but IPv6 is a new addressing system for IP that dumps the old 32-bit address, replacing it with a 128-bit address. IPv6 is quickly gaining popularity and will one day replace 32-bit IP addressing. Just for the record, I’ve been predicting the end of 32-bit IP addressing for so long I’m now afraid to predict anymore when it’s going to happen—but it will eventually.

IS-IS If you want to use a link state dynamic routing protocol and you don’t want to use OSPF, your only other option is Intermediate System to Intermediate System (IS-IS). IS-IS is extremely similar to OSPF. It uses the concept of areas and send-only updates to routing tables. IS-IS was developed at roughly the same time as OSPF and had the one major advantage of working with IPv6 from the start. IS-IS has some adoption with ISPs, but, for the most part, plays a distant second to the popularity of OSPF. Make sure you know that IS-IS is a link state dynamic routing protocol, and if you ever see two routers using it, call me as I’ve never seen IS-IS in action.

EIGRP—the Lone Hybrid There is exactly one protocol that doesn’t really fit into either the distance vector or link state camp: Cisco’s proprietary Enhanced Interior Gateway Routing Protocol (EIGRP). Back in the days when RIP was dominant, there

OSPF corrects link failures and creates convergence almost immediately, making it the routing protocol of choice in most large enterprise networks. OSPF Version 2 is used for IPv4 networks, and OSPF Version 3 includes updates to support IPv6.

BaseTech

Chapter 8: The Wonderful World of Routing 209

was a huge outcry for an improved RIP, but OSPF wasn’t yet out. Cisco, being the dominant router company in the world (a crown it still wears to this day), came out with the Interior Gateway Routing Protocol (IGRP), which was quickly replaced with EIGRP.

EIGRP has aspects of both distance vector and link state protocols, plac- ing it uniquely into its own “hybrid” category. EIGRP is (arguably) fading away in the face of nonproprietary IGP protocols, especially OSPF.

Dynamic Routing Makes the Internet Without dynamic routing, the complex, self-healing Internet we all enjoy today couldn’t exist. So many routes come and go so often that manually updating static routes would be impossible. Review Table 8.2 to familiarize yourself with the differences among the different types of dynamic routing protocols.

Table 8.2 Dynamic Routing Protocols

Protocol Type IGP or BGP? Notes

RIPv1 Distance vector IGP Old; only used variable subnets within an AS

RIPv2 Distance vector IGP Supports VLSM and discontiguous subnets

BGP-4 Distance vector BGP Used on the Internet, connects Autonomous Systems

OSPF Link state IGP Fast, popular, uses Area IDs (Area 0/backbone)

IS-IS Link state IGP Alternative to OSPF EIGRP Hybrid IGP Cisco proprietary

Working with Routers■■ Understanding the different ways routers work is one thing. Actually walk- ing up to a router and making it work is a different animal altogether. This section examines practical router installation. Physical installation isn’t very complicated. With a home router, you give it power and then plug in connections. With a business-class router, you insert it into a rack, give it power, and plug in connections.

The complex part of installation comes with the specialized equipment and steps to connect to the router and configure it for your network needs. This section, therefore, focuses on the many methods and procedures used to access and configure a router.

The single biggest item to keep in mind here is that although there are many different methods for connecting, hundreds of interfaces, and prob- ably millions of different configurations for different routers, the functions are still the same. Whether you’re using an inexpensive home router or a hyper-powerful Internet backbone router, you are always working to do one main job: connect different networks.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 210

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

Also keep in mind that routers, especially gateway routers, often have a large number of other features that have nothing to do with routing. Because gateway routers act as a separator between the computers and “The Big Scary Rest of the Network,” they are a convenient place for all kinds of handy features like DHCP, protecting the network from intrusion (better known as firewalls), and NAT.

Connecting to Routers When you take a new router out of the box, it’s not good for very much. You need to somehow plug into that shiny new router and start telling it what you want to do. There are a number of different methods, but one of the oldest (yet still very common) methods is using a special serial con- nection. This type of connection is almost completely unique to Cisco-

brand routers, but Cisco’s massive market share makes understanding this type of connection a requirement for anyone who wants to know how to configure routers. Figure 8.37 shows the classic Cisco console cable, more commonly called a roll- over or Yost cable.

At this time, I need to make an important point: switches as well as routers often have some form of configuration interface. Granted, you have nothing to configure on a basic switch, but in later chapters, you’ll discover a number of network features that you’ll want to configure more advanced switches to use. Both routers and these advanced switches are called managed devices. In this section, I use the term router, but it’s important for you to appreciate that all routers and many better switches are all managed devices. The techniques shown here work for both!

When you first unwrap a new Cisco router, you plug the rollover cable into the console port on the router (Figure 8.38) and a serial port on a PC. If you don’t have a serial port, then buy a USB-to-serial adapter.

Once you’ve made this connection, you need to use a terminal emulation program to talk to the router. The two most popular programs are PuTTY (www.chiark.greenend.org.uk/~sgtatham/ putty) and HyperTerminal (www.hilgraeve.com/ hyperterminal-trial). Using these programs requires

that you to know a little about serial ports, but these basic settings should get you connected:

9600 baud ■

8 data bits ■

1 stop bit ■

No parity ■

Figure 8.37 • Cisco console cable

The term Yost cable comes from its creator’s name, Dave Yost. For more information visit http://yost.com/computers/RJ45- serial.

Figure 8.38 • Console port

BaseTech

Chapter 8: The Wonderful World of Routing 211

Every terminal emulator has some way for you to configure these settings. Figure 8.39 shows these set- tings using PuTTY.

Now it’s time to connect. Most Cisco products run Cisco IOS, Cisco’s proprietary operating system. If you want to configure Cisco routers, you must learn IOS. Learning IOS in detail is a massive job and out- side the scope of this book. No worries, Cisco pro- vides a series of certifications to support those who wish to become “Cisco People.” Although the Comp- TIA Network+ exam won’t challenge you in terms of IOS, it’s important to get a taste of how this amazing operating system works.

Once you’ve connected to the router and started a terminal emulator, you should see the initial router prompt, as shown in Figure 8.40. (If you plugged in and then started the router, you can actually watch the router boot up first.)

Figure 8.40 • Initial router prompt

This is the IOS user mode prompt—you can’t do too much here. To get to the fun, you need to enter privileged exec mode. Type enable, press enter, and the prompt changes to

Router#

From here, IOS gets very complex. For example, the commands to set the IP address for one of the router’s ports look like this:

Router#configure terminal Router(config)#interface Ethernet 0/0 Router(config-if)#ip address 192.168.4.10 255.255.255.0 Router(config-if)#^Z Router#copy run start

IOS used to stand for Internetwork Operating System, but it’s just IOS now with a little trademark symbol.

A new Cisco router often won’t have a password, but all good admins know to add one.

Figure 8.39 • Configuring PuTTY

Tech Tip

Terminals and Consoles Much initial router configuration harkens back to the methods used in the early days of networking when massive mainframe computers were the computing platform available. Researchers used dumb terminals— machines that were little more than a keyboard, monitor, and network connection—to connect to the mainframe and interact. You connect to and configure many modern routers using software that enables your PC to pretend to be a dumb terminal. These programs are called terminal emulators; the screen you type into is called a console.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 212

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

Cisco has long appreciated that initial setup is a bit of a challenge, so a brand-new router will show you the following prompt:

Would you like to enter the initial configuration dialog? [yes/no]?

Simply follow the prompts and the most basic setup is handled for you. You will run into Cisco equipment as a network tech, and you will

need to know how to use the console from time to time. For the most part, though, you’ll access a router—especially one that’s already configured— through Web access or network management software.

Web Access Most routers come with a built-in Web interface that enables you to do everything you need on your router and is much easier to use than Cisco’s command-line IOS. For a Web interface to work, how- ever, the router must have a built-in IP address from the factory, or you have to enable the Web interface after you’ve given the router an IP address. Bottom line? If you want to use a Web interface, you have to know the router’s IP address. If a router has a default IP address, you will find it in the documentation, as shown in Figure 8.41.

Never plug a new router into an existing network! There’s no telling what that router might start doing. Does it have DHCP? You might

now have a rogue DHCP server. Are there routes on that router that match up to your network addresses? Then you see packets disappearing into the great bit bucket in the sky. Always fully configure your router before you place it online.

Most router people use a laptop and a crossover cable to connect to the new router. To get to the Web interface, first set a static address for your computer that will place your PC on the same network ID as the router. If, for example, the router is set to 192.168.1.1/24 from the factory, set your computer’s IP address to 192.168.1.2/24. Then connect to the router (some routers tell you exactly where to connect, so read the docu- mentation first), and check the link lights to verify you’re properly con- nected. Open up your Web browser and type in the IP address, as shown in Figure 8.42.

Assuming you’ve done everything correctly, you almost always need to enter a default user name and password, as shown in Figure 8.43.

The default user name and password come with the router’s docu- mentation. If you don’t have that information, plenty of Web sites list this data. Do a Web search on “default user name password” to find one.

Many routers are also DHCP servers, making the initial connection much easier. Check the documentation to see if you can just plug in without setting an IP address on your PC.

Figure 8.42 • Entering the IP address

Figure 8.41 • Default IP address

BaseTech

Chapter 8: The Wonderful World of Routing 213

Cisco has long appreciated that initial setup is a bit of a challenge, so a brand-new router will show you the following prompt:

Would you like to enter the initial configuration dialog? [yes/no]?

Simply follow the prompts and the most basic setup is handled for you. You will run into Cisco equipment as a network tech, and you will

need to know how to use the console from time to time. For the most part, though, you’ll access a router—especially one that’s already configured— through Web access or network management software.

Web Access Most routers come with a built-in Web interface that enables you to do everything you need on your router and is much easier to use than Cisco’s command-line IOS. For a Web interface to work, how- ever, the router must have a built-in IP address from the factory, or you have to enable the Web interface after you’ve given the router an IP address. Bottom line? If you want to use a Web interface, you have to know the router’s IP address. If a router has a default IP address, you will find it in the documentation, as shown in Figure 8.41.

Never plug a new router into an existing network! There’s no telling what that router might start doing. Does it have DHCP? You might

now have a rogue DHCP server. Are there routes on that router that match up to your network addresses? Then you see packets disappearing into the great bit bucket in the sky. Always fully configure your router before you place it online.

Most router people use a laptop and a crossover cable to connect to the new router. To get to the Web interface, first set a static address for your computer that will place your PC on the same network ID as the router. If, for example, the router is set to 192.168.1.1/24 from the factory, set your computer’s IP address to 192.168.1.2/24. Then connect to the router (some routers tell you exactly where to connect, so read the docu- mentation first), and check the link lights to verify you’re properly con- nected. Open up your Web browser and type in the IP address, as shown in Figure 8.42.

Assuming you’ve done everything correctly, you almost always need to enter a default user name and password, as shown in Figure 8.43.

The default user name and password come with the router’s docu- mentation. If you don’t have that information, plenty of Web sites list this data. Do a Web search on “default user name password” to find one.

Figure 8.43 • User name and password

Once you’ve accessed the Web inter- face, you’re on your own to poke around to find the settings you need. There’s no standard interface—even between differ- ent versions of the same router make and model. When you encounter a new inter- face, take some time and inspect every tab and menu to learn about the router’s capabilities. You’ll almost always find some really cool features!

Network Management Software The idea of a “Web-server-in-a-router” works well for single routers, but as a network grows into lots of routers, administrators need more advanced tools that describe, visualize, and configure their entire network. These tools, known as Network Management Software (NMS), know how to talk to your routers, switches, and even your computers to give you an overall view of your network. In most cases, NMS manifests as a Web site where administrators may inspect the status of the network and make adjustments as needed.

I divide NMS into two camps: proprietary tools made by the folks who make managed devices (OEM) and third-party tools. OEM tools are gener- ally very powerful and easy to use, but only work on that OEM’s devices. Figure 8.44 shows an example of Cisco Network Assistant, one of Cisco’s NMS applications. Others include the Security Device Manager and Cisco- Works, their enterprise-level tool.

Figure 8.44 • Cisco Network Assistant

Tech Tip

Default Names and Passwords Every brand of router tends to use the same default user name and password. Just about every Linksys router, for example, uses a blank user name and the password “admin.” An admin who fails to change the default password is asking to get hacked!

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 214

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

A number of third-party NMS tools are out there as well; you can even find some pretty good freeware NMS options. These tools are invariably harder to configure and must constantly be updated to try to work with as many devices as possible.

They usually lack the amount of detail you see with OEM NMS and lack interactive graphical user interfaces. For example, CiscoWorks enables you to change the IP address of a port, whereas third-party tools will only let you see the current IP settings for that port. Figure 8.45 shows OpenNMS, a popular open source NMS.

Unfortunately, no single NMS tool works perfectly. Network adminis- trators are constantly playing with this or that NMS tool in an attempt to give themselves some kind of overall picture of their networks.

Other Connection Methods Be aware that most routers have even more ways to connect. Many home routers come with USB ports and configuration software. More powerful routers may enable you to connect using the ancient Telnet protocol or its newer and safer equivalent Secure Shell (SSH). These are terminal emula- tion protocols that look exactly like the terminal emulators seen earlier in this chapter but use the network instead of a serial cable to connect (see Chapter 9 for details on these protocols).

Figure 8.45 • OpenNMS

The PuTTY utility works with the old-style terminal emulation as well as Telnet and SSH.

BaseTech

Chapter 8: The Wonderful World of Routing 215

Basic Router Configuration A router, by definition, must have at least two con- nections. When you set up a router, you must con- figure every port on the router properly to talk to its connected network IDs, and you must make sure the routing table sends packets to where you want them to go. As a demonstration, Figure 8.46 uses an incred- ibly common setup: a single gateway router used in a home or small office that’s connected to an ISP.

Step 1: Set Up the WAN Side To start, you need to know the network IDs for each side of your router. The WAN side invariably connects to an ISP, so you need to know what the ISP wants you to do. If you bought a static IP address, type it in now. However—brace yourself for a crazy fact—most home Internet connections use DHCP! That’s right, DHCP isn’t just for your PC. You can set up your router’s WAN connection to use it too. DHCP is by far the most common connection to use for home routers. Access your router and locate the WAN connection setup. Figure 8.47 shows the setup for my home router set to DHCP.

But what if I called my ISP and bought a single static IP address? This is rarely done anymore, but virtually every ISP will gladly sell you one (although you will pay three to four times as much for the con- nection). If you use a static IP, your ISP will tell you what to enter, usually in the form of an e-mail mes- sage like the following:

Dear Mr. Meyers, Thank you for requesting a static IP address from totalsem.com! Here’s your new static IP information: IP address: 1.151.35.55 Default Gateway: 1.151.32.132 Subnet Mask: 255.255.128.0 Installation instructions can be found at: http://totalsem.com/setup/ Support is available at: http://helpdesk.totalsem.com or by calling (281)922-4166.

In such a case, I would need to change the router setting to Static IP (Figure 8.48). Note how changing the drop-down menu to Static IP enables me to enter the information needed.

Once you’ve set up the WAN side, it’s time to head over to set up the LAN side of the router.

Figure 8.46 • The setup

Figure 8.47 • WAN router setup

I’m ignoring a number of other settings here for the moment. I’ll revisit most of these in later chapters.

Figure 8.48 • Entering a static IP

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 216

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

Step 2: Set Up the LAN Unlike the WAN side, you usually have total control on the LAN side of the router. You need to choose a network ID, almost always some arbitrarily chosen private range unless you do not want to use NAT. This is why so many home networks have net- work IDs of 192.168.1/24, 192.168.0/24, and so forth. Once you decide on your LAN-side network ID, you need to assign the correct IP information to the LAN-side NIC. Figure 8.49 shows the configuration for a LAN NIC on my home router.

Step 3: Establish Routes Most routers are pretty smart and use the information you provided for the two interfaces to build a routing table automatically. If you need to add more routes, every router provides some method to add routes. The follow- ing shows the command line entered on a Cisco router to add a router to one of its NICs. The term “fa0/0” is used here to describe Ethernet NICs in its device software. It is short for FastEthernet, which you may remember as being the common name for 100BaseTX. Can you guess what Cisco calls gigabit ports or even ancient 10BaseT ports?

ip route 192.168.100.0 255.255.255.0 fa0/0 192.168.1.10

Step 4 (Optional): Configure a Dynamic Protocol The rules to using any dynamic routing protocol are fairly straightforward. First, dynamic routing protocols are tied to individual NICs, not the entire router. Second, when you connect two routers together, make sure those two NICs are configured to use the same dynamic routing protocol. Third, unless you’re in charge of two or more routers, you’re probably not going to use any dynamic routing protocol.

The amazing part of a dynamic routing protocol is how easy it is to set up. In most cases you just figure out how to turn it on and that’s about it. It just starts working.

Document and Back Up Once you’ve configured your routes, take some time to document what you’ve done. A good router works for years without interaction, so by that time in the future when it goes down, odds are good you’ve forgotten why you added the routes. Last, take some time to back up the configuration. If a router goes down, it will most likely forget everything and you’ll need to set it up all over again. Every router has some method to back up the con- figuration, however, so you can restore it later.

Router Problems The CompTIA Network+ exam will challenge you on some basic router problems. All of these questions should be straightforward for you as long as you do the following:

Consider other issues first because routers don’t fail very often. ■

Keep in mind what your router is supposed to do. ■

Know how to use a few basic tools that can help you check the router. ■

Figure 8.49 • Setting up an IP address for the LAN side

BaseTech

Chapter 8: The Wonderful World of Routing 217

Any router problem starts with someone not connecting to someone else. Even a small network has a number of NICs, computers, switches, and routers between you and whatever it is you’re not connecting to. Com- pared to most of these, a router is a pretty robust device and shouldn’t be considered as the problem until you’ve checked out just about everything else first.

In their most basic forms, routers route traffic. Yet you’ve seen in this chapter that routers can do more than just plain routing—for example, NAT. As this book progresses, you’ll find that the typical router often han- dles a large number of duties beyond just routing. Know what your router is doing and appreciate that you may find yourself checking a router for problems that don’t really have anything to do with routing at all.

Be aware that routers have some serious but rare potential problems. One place to watch is your routing table. For the most part, today’s rout- ers automatically generate directly connected routes, and dynamic routing takes care of itself leaving one type of route as a possible suspect: the static routes. This is the place to look when packets aren’t getting to the places you expect them to go. Look at the following sample static route:

Net Destination Netmask Gateway Interface Metric 22.46.132.0 255.255.255.255 22.46.132.1 22.46.132.11 1

No incoming packets for network ID are getting out on interface 22.46.132.11. Can you see why? Yup, the Netmask is set to 255.255.255.255, and there are no computers that have exactly the address 22.46.132.0. Enter- ing the wrong network destination, subnet mask, gateway, and so on, is very easy. If a new static route isn’t getting the packets moved, first assume you made a typo.

Make sure to watch out for missing routes. These usually take place due to you forgetting to add them (if you’re entering static routes) or, more com- monly, there is a convergence problem in the dynamic routing protocols. For the CompTIA Network+ exam, be ready to inspect a routing table to recognize these problems.

When it comes to tools, the networking world comes with so many utili- ties and magic devices that it staggers the imagination. Some, like good old ping and route, you’ve already seen, but let’s add two more tools: trace- route and MTR.

The traceroute tool, as its name implies, records the route between any two hosts on a network. On the surface, traceroute is something like ping in that it sends a single packet to another host, but as it progresses, it returns information about every router between them.

Every operating system comes with traceroute, but the actual com- mand varies among them. In Windows, the command is tracert and looks like this (I’m running a traceroute to the router connected to my router—a short trip):

C:\>tracert 96.165.24.1 Tracing route to 96.165.24.1 over a maximum of 30 hops: 1 1 ms 1 ms 1 ms 10.12.14.1 2 10 ms 10 ms 8 ms 96.165.24.1 Trace complete.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 218

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

The UNIX/Linux command is traceroute and looks like this:

michaelm@ubuntu:~$ traceroute 96.165.24.1 traceroute to 96.165.24.1 (96.165.24.1), 30 hops max, 40 byte packets 1 10.12.14.1 (10.12.14.1) 0.763 ms 0.432 ms 0.233 ms 2 96.165.24.1 (96.165.24.1) 12.233 ms 11.255 ms 14.112 ms michaelm@ubuntu:~$

The traceroute tool is handy, not so much for what it tells you when everything’s working well, but for what it tells you when things are not working. Take a look at the following:

:\>tracert 96.165.24.1 Tracing route to 96.165.24.1 over a maximum of 30 hops 1 1 ms 1 ms 1 ms 10.12.14.1 2 * * * Request timed out 3 96.165.24.1 reports: Destination host unreachable.

If this traceroute worked in the past but now no longer works, you know that something is wrong between your router and the next router upstream. You don’t know what’s wrong exactly. The connection may be down; the router may not be working; but at least traceroute gives you an idea where to look for the problem and where not to look.

My traceroute (mtr) is very similar to traceroute, but it’s dynamic, con- tinually updating the route that you’ve selected (Figure 8.50). You won’t find mtr in Windows; mtr is a Linux tool. Instead, Windows users can use pathping. This utility will ping each node on the route just like mtr, but instead of showing the results of each ping in real time, the pathping utility computes the performance over a set time and then shows you the sum- mary after it has finished.

Figure 8.50 • mtr in action

BaseTech

219 Chapter 8: The Wonderful World of Routing

Chapter 8 Review■■

Chapter Summary ■ After reading this chapter and completing the exercises, you should understand the following about routing.

Explain how routers work

A router is any piece of hardware that forwards ■ network packets based on their destination IP addresses.

A routing table is the chart of information kept ■ on a router to aid in directing the flow of packets through computer networks.

Some routers have only two ports—one to connect ■ to the Internet and another to connect to a LAN switch. Some routers, however, have an integrated switch and thus have more than two ports.

Routers learn new routes as they go, interacting ■ with each other by exchanging routing table information. The routing tables are checked and can be updated dynamically as data flows across a network, with routers chatting with each other for the latest network and IP address information periodically.

Routers can connect dissimilar networks, such as ■ Ethernet, Frame Relay, ATM, and DOCSIS.

NAT saves a table of information, so it knows ■ which system is communicating with which external site. NAT solutions can be software based or included as part of a hardware device such as a router.

Static NAT maps a single IP address to a single ■ machine, enabling you to access that machine from outside the network.

PAT is the most common form of NAT that handles ■ a one-to-many connection, using port numbers to map traffic from specific machines in the network.

Dynamic NAT can share a pool of routable IP ■ addresses with multiple computers.

Port forwarding hides port numbers from the ■ public side of a network. The router simply forwards packets from one port number to another as the packet passes from the public to the private side of the router.

Describe dynamic routing technologies

Routing table entries are entered manually on ■ static routers and do not change. Dynamic routers, in contrast, automatically update their routing table. This is accomplished by using special routing protocols.

There are three distinct groups of routing ■ protocols: distance vector, link state, and hybrid.

Routing tables are shared with other routers, ■ and the complete route with the lowest cost is automatically chosen.

Distance vector routing protocols are not ■ recommended for networks with more than 10 routers because of the time it takes for the routers to reach convergence.

Distance vector routing protocols include RIPv1, ■ RIPv2, and BGP.

RIPv1 has a maximum hop count of 15, with ■ routing table updates sent every 30 seconds. Because RIPv1 lacked authentication and experienced network overloads as every router sent its routing table at the same time, the RIPv2 update was developed.

RIPv2 supports VLSM and discontiguous subnets ■ and provides authentication to prevent hackers from sending false routing table information. RIPv2’s lengthy time to convergence for large networks led to the development of better routing protocols such as OSPF.

An Autonomous System (AS) consists of one ■ or more networks that are governed by a single protocol. Autonomous Systems do not use IP addresses, but instead use a special globally unique Autonomous System Number assigned by IANA.

The protocol used by Autonomous Systems to ■ communicate with each other is generically called an Exterior Gateway Protocol (EGP). Networks within an Autonomous System use an Interior Gateway Protocol (IGP). Edge routers connect an AS network to another AS network.

220 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

Interior Gateway Protocols include RIP or other ■ protocols. At this time, the Border Gateway Protocol (BGP) is the only Exterior Gateway Protocol used on the Internet. It connects all of the Autonomous Systems.

Link state protocols include OSPF and IS-IS. ■ Link state protocols overcome the relatively slow and bandwidth-heavy usage of distance vector protocols.

OSPF stands for the Open Shortest Path First ■ routing protocol. It is the most commonly used Interior Gateway Protocol on the Internet. It is more efficient than RIP, converges dramatically faster than RIP, and supports IPv6 as of OSPF Version 3.

OSPF broadcasts link state advertisements (Hello ■ packets) when an OSPF-enabled router first boots up. Routers are assigned an Area ID to prevent LSAs from flooding routers on other networks. An Area ID looks like an IP address but has nothing to do with IP.

The most important area is called Area 0, or the ■ backbone, and has an Area ID of 0.0.0.0.

The designated router (DR) relays information ■ to all other routers in the area whereas the backup designated router (BDR) takes over if the designated router is unavailable.

Intermediate System to Intermediate System (IS- ■ IS) is another link state dynamic routing protocol, similar to OSPF. It has supported IPv6 from the start, but is far behind OSPF in popularity and usage.

Enhanced Interior Gateway Routing Protocol ■ (EIGRP) is a hybrid protocol, proprietary to Cisco, that has aspects of both distance vector and link state protocols.

Install and configure a router successfully

A Yost cable (rollover cable) is a special serial ■ cable used to connect directly to a Cisco router for configuration purposes.

Once a direct connection has been made to a ■ router, use a terminal emulation program such as PuTTY or HyperTerminal to communicate.

Most Cisco products run Cisco’s proprietary ■ operating system, Cisco IOS. Although not covered on the CompTIA Network+ certification exam, understanding IOS is a must for anyone who wants to become Cisco Certified.

Most routers include a built-in Web interface for ■ configuration. You must know the router’s IP address to make this type of connection.

Many techs use a laptop and a crossover cable to ■ connect to a Web server–enabled router for the initial configuration. This method also requires setting a static IP address on the connected laptop, unless the router includes a DHCP server.

Network Management Software (NMS) is used ■ to describe, visualize, and configure an entire network. NMS is made both by the companies that make managed devices and by third-party companies.

In general, NMS made by the companies that make ■ managed devices is easy to use but only works on specific hardware. Much third-party NMS is available as freeware, but is typically harder to use and must be constantly updated to work with as many devices as possible.

Some routers may be connected to via USB, Telnet, ■ or SSH.

When you set up a router, you must configure ■ every port on the router properly to talk to its connected network IDs and to make sure the routing table sends packets to where you want them to go.

Setting up a router can be broken down into ■ five steps: set up the WAN side, set up the LAN, establish routes, optionally configure a dynamic routing protocol, and finally document and back up your settings.

The traceroute utility records the route between ■ any two hosts on a network and can be used to troubleshoot routing problems.

BaseTech

221 Chapter 8: The Wonderful World of Routing

Key Terms ■ Area ID (206) Autonomous System (AS) (203) backup designated router (BDR) (206) basic NAT (193) Border Gateway Protocol (BGP-4) (204) Cisco IOS (211) convergence (201) cost (199) designated router (DR) (206) distance vector (199) dynamic NAT (194) dynamic routing (196) edge routers (204) Enhanced Interior Gateway Routing Protocol

(EIGRP) (208) gateway router (192) hop (198) Intermediate System to Intermediate System

(IS-IS) (208) link state (204)

managed device (210) metric (188) My traceroute (mtr) (218) NAT translation table (194) Network Address Translation (NAT) (191) Network Management Software (NMS) (213) next hop (185) Open Shortest Path First (OSPF) (204) Port Address Translation (PAT) (193) port forwarding (194) RIPv1 (202) RIPv2 (202) router (183) Routing Information Protocol (RIP) (202) routing table (184) Static NAT (SNAT) (194) static route (196) traceroute (217) Yost cable (210)

Key Term Quiz ■ Use the Key Terms list to complete the sentences that follow. Not all the terms will be used.

A device called a(n) _______________ is also 1. called a Layer 3 switch.

The external routing protocol used on the 2. Internet is _______________.

The variety of _______________ methods would 3. include RIP, OSPF, BGP, and IGRP.

A(n) _______________ is normally entered 4. manually into a router.

A(n) _______________ connects one Autonomous 5. System to another Autonomous System.

_______________ is a routing protocol that 6. updates routing tables about every 30 seconds, resulting in overloaded network traffic.

When all routers can communicate with each 7. other efficiently, they are said to have reached _______________.

Multiple networks that do not use IP addresses 8. and are governed by a single protocol are known as _______________.

You can use the _______________ utility to 9. troubleshoot routing problems.

__________________ uses IP addresses and port 10. numbers to enable many internal computers to share a single public IP address.

222 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 8

Multiple-Choice Quiz ■ How many IP addresses should a router have?1.

OneA.

One or moreB.

TwoC.

Two or moreD.

Choose the Cisco Systems proprietary routing 2. protocols from the following items. (Select two.)

BGP-4A.

EIGRPB.

IGRPC.

OSPFD.

If specialty accounting software being used at 3. your company requires that packet headers remain unchanged, which item cannot be used on your network?

RIPA.

NATB.

OSPFC.

tracerouteD.

How does a router use a routing table to 4. determine over which path to send a packet?

The first line in the routing table is used if the A. path is available; otherwise, the router tries the next line down, and so on.

The last line in the routing table is used if the B. path is available; otherwise, the router tries the next line up, and so on.

After examining all rows in the routing table, C. the router sends the packet along the path with the highest metric.

After examining all rows in the routing table, D. the router sends the packet along the path with the lowest metric.

Which version of NAT maps a single routable IP 5. address to a single network node?

Static NATA.

Dynamic NATB.

Pooled NATC.

SecureNATD.

What technology enables you to designate a 6. specific local address for various network services?

Dynamic NATA.

Port Address TranslationB.

Port forwardingC.

Port filteringD.

How is the distance between routers measured?7.

In metersA.

In hopsB.

In routesC.

In segmentsD.

Distance vector routing protocols include which 8. of the following? (Select two.)

RIPA.

OSPFB.

BGPC.

ASND.

Which of the following are benefits of RIPv2 over 9. RIPv1? (Select two.)

Longer convergence timesA.

Support for authenticationB.

Support for VLSMC.

Support for metricsD.

What is one way in which Autonomous Systems 10. differ from typical Ethernet networks?

They require a minimum of 10 nodes.A.

They cannot exceed a maximum of 255 B. nodes.

They are not able to interact with the C. Internet.

They do not use IP addresses.D.

Why are link state protocols more efficient than RIP?11.

Entire routing tables are updated on a stricter A. schedule.

They forward only changes to individual B. routes instead of forwarding entire routing tables.

Packets can be sent along multiple routes at C. the same time.

Link state can send larger packets.D.

BaseTech

223 Chapter 8: The Wonderful World of Routing

What happens when you first connect and turn 12. on an OSPF router?

It floods the network with Hello packets as it A. looks for other OSPF routers.

It floods the network by requesting routing B. tables from every computer on the network.

It is unavailable for several hours as it builds C. its default routing table.

It runs a self-test to determine if it should D. run in hybrid mode (RIP and OSPF) or native mode (OSPF only).

Which of the following is a valid Area ID for an 13. Area 0 backbone?

0A.

0.0.0.0B.

1.0C.

255D.

How can you connect directly to a router for 14. configuration purposes? (Select three.)

Parallel cableA.

USB cableB.

Crossover cableC.

Rollover cableD.

Once you have made a physical direct 15. connection to a router, what utility/program can you use to issue commands and instructions? (Select three.)

PuTTYA.

HyperTerminalB.

IOSC.

Internet ExplorerD.

Essay Quiz ■

You have been introduced to a lot more 1. “alphabet soup” in this chapter. Quickly jot down what each of the following stands for: BGP-4, NAT, RIP, OSPF, NMS, PAT, EIGRP, IS-IS, AS, ASN, EGP, IGP, DR, and BDR.

Explain why a router is sometimes called a 2. Layer 3 switch.

Write a short essay about OSPF and its uses, as 3. well as its benefits over using RIPv2.

Lab Project 8.1 •

Lab ProjectsLab Projects

A classmate of yours is all excited about some upcoming classes available at your school that will cover Cisco routing. He keeps talking about EIGRP and its importance in the workplace, as well as how much cash can be earned if you know EIGRP. Use the Internet to research EIGRP—its history, its uses, what devices run using EIGRP, and what salaries Cisco

Certified professionals earn (possibly your next certification after passing the CompTIA Network+ exam). Then share this information with your instructor and your classmate to compare your findings. What does EIGRP do for corporate networks? What salaries are realistically possible? What were your sources?

Lab Project 8.2 • Start a command prompt at your computer and enter netstat –nr to view its routing table. Create a screenshot of the output and paste it into a word processing document. Under the pasted

screenshot, briefly explain what each column is for. Compare your routing table to your classmates’ routing tables and explain to each other what the differences are and why differences occur.

9 chapter

224

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

TCP/IP Applications

“The World Wide Web is the only

thing I know of whose shortened

form—www—takes three times

longer to say than what it’s

short for.”

—Douglas aDams

In this chapter, you will learn how to

Describe common Transport and ■■ Network layer protocols

Explain the power of port numbers■■

Define common TCP/IP ■■ applications such as HTTP, HTTPS, Telnet, e-mail (SMTP, POP3, and IMAP4), and FTP

We network to get work done. Okay, sometimes that “work” involves a mad gaming session in which I lay some smack down on my editors, but you know what I mean. Thus far in the book, everything you’ve read about

networking involves connecting computers together. This chapter moves further

up the OSI seven-layer model and the TCP/IP model to look at applications such

as Web browsers, e-mail messaging, and more.

To understand the applications that use TCP/IP networks, a tech needs

to know the structures below those applications that make them work. Have

you ever opened multiple Web pages on a single computer? Have you ever run

multiple Internet programs, such as a Web browser, an e-mail client, and a chat

program, all at the same time? Clearly, a lot of data is moving back and forth

between your computer and many other computers. With packets coming in

from two, three, or more computers, there has to be a mechanism or process

that knows where to send and receive that data.

In this chapter, you’ll discover the process used by TCP/IP networks to

ensure the right data gets to the right applications on your computer. This

process uses very important Transport and Network layer protocols—TCP, UDP,

and ICMP—and port numbering. When used together, TCP and UDP along with

port numbers enable you to get work done on a network.

BaseTech

Chapter 9: TCP/IP Applications 225

Historical/Conceptual

Transport Layer and Network ■■ Layer Protocols

I hate to tell you this, but you’ve been lied to. Not by me. Even though I’ve gone along with this Big Lie, I need to tell you the truth.

There is no such thing as TCP/IP. TCP over IP is really many other things, such as HTTP, DHCP, POP, and about 500 more terms over TCP, plus UDP and ICMP over IP. Given that this overly complex but much more cor- rect term is too hard to use, the people who invented this network protocol stack decided to call it TCP/IP, even though that term is way too simplistic to cover all the functionality involved.

So you can appreciate how TCP/IP applications work, this chapter breaks down the many unmentioned protocols and shows how they help make applications work. To start this process, let’s consider how human beings communicate; you’ll see some very interesting commonalities between computers and people.

How People Communicate Imagine you walk into a school cafeteria to get some lunch. You first walk up to the guy making custom deli sandwiches (this is a great cafeteria!) and say, “Hello!” He says, “How may I help you?” You say, “I’d like a sandwich please.” He says, “What kind of sandwich would you like?” and you order your sandwich. After you get your sandwich, you say, “Thanks!” and he says, “You’re welcome.” What a nice guy! In the networking world, we would call this a connection-oriented communication. Both you and the lunch guy first acknowledge each other. You then conduct your communi- cation; finally, you close the communication.

While you’re in line, you see your friend Janet sitting at your usual table. The line is moving fast so you yell out, “Janet, save me a seat!” before you rush along in the line. In this case, you’re not waiting for her to answer; you just yell to her and hope she hears you. We call this a connectionless com- munication. There is no acknowledgment or any closing. You just yell out your communication and hope she hears it.

In the networking world, any single communication between a com- puter and another computer is called a session. When you open a Web page, you make a session. When you text chat with your buddy, you create a ses- sion. All sessions must begin and eventually end.

Test Specific

TCP The Transmission Control Protocol (TCP) enables connection-oriented com- munication in networks that use the TCP/IP protocol suite. TCP is by far

There is a strong movement toward using the term Internet Protocol instead of the term TCP/IP. This movement has not yet reached the CompTIA Network+ certification.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 226

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

the most common type of session on a typical TCP/IP network. Figure 9.1 shows two computers. One computer (Server) runs a Web server and the other (Client) runs a Web browser. When you enter a computer’s address in the browser running on Client, it sends a single SYN (synchronize) packet to the Web server. If Server gets that packet, it returns a single SYN, ACK (synchronize, acknowledge) packet. Client then sends Server a single ACK packet and immediately requests that Server begin sending the Web page. This process is called the TCP three-way handshake.

Once Server finishes sending the Web page, it sends a FIN, ACK (finished, acknowledge) packet. Client responds with an ACK (acknowledge) packet and then sends its own FIN, ACK packet. The server then responds with an ACK; now both par- ties consider the session closed (Figure 9.2).

Most TCP/IP applications use TCP because connection- oriented sessions are designed to check for errors. If a receiving computer detects a missing packet, it just asks for a repeat as needed.

UDP User Datagram Protocol (UDP) runs a distant second place to TCP in terms of the number of applications that use it, but that doesn’t mean UDP is not important. UDP is perfect for the types of sessions that don’t require the overhead of all that connection-oriented stuff.

DHCP Probably the best example of an application that uses UDP is the Dynamic Host Configuration Protocol (DHCP). DHCP can’t assume another computer is ready on either side of the session, so each step of a DHCP session just sends the information for that step without any confirmation (Figure 9.3). As you learned in Chapter 7, DHCP uses two port numbers. DHCP clients use port 67 for sending data to the DHCP server and DHCP servers use port 68 for sending data to DHCP clients.

NTP/SNTP Two popular applications that use UDP are Network Time Pro- tocol (NTP) and his lightweight little brother, Simple Network Time Protocol (SNTP). These protocols synchronize the clocks of devices on a network. Computers need to use the same time so things like Kerberos authentication work properly. If a device requires NTP/SNTP, you will be able to enter the IP address for an NTP/SNTP server. NTP/SNTP uses port 123.

TFTP You might also be tempted to think that UDP wouldn’t work for any situation in which a critical data transfer takes

Figure 9.2 • A connection-oriented session ending

Figure 9.1 • A connection-oriented session starting

Figure 9.3 • DHCP steps

BaseTech

Chapter 9: TCP/IP Applications 227

place—untrue! Trivial File Transfer Protocol (TFTP) enables you to transfer files from one machine to another. TFTP, using UDP, doesn’t have any data protection, so you would never use TFTP between computers across the Internet. TFTP is popular for moving files between computers on the same LAN, where the chances of losing packets is very small. TFTP uses port 69.

ICMP While TCP and UDP differ dramatically—the former connection-oriented and the latter connectionless—both manage and modify packets in the clas- sic sense with a destination IP address, source IP address, destination port numbers, and source port numbers. A single session might be one packet or a series of packets.

On the other hand, sometimes applications are so simple that they’re always connectionless and never need more than a single packet. The Internet Control Message Protocol (ICMP) works at Layer 3 to deliver con- nectionless packets. ICMP handles mundane issues such as disconnect messages (host unreachable) that applications use to let the other side of a session know what’s happening.

Good old ping is one place where you’ll see ICMP in action. Ping is an ICMP application that works by sending a single ICMP packet called an echo request to an IP address you specify. All computers running TCP/IP (assuming no firewall is involved) respond to echo requests with an echo reply, as shown in Figure 9.4.

Figure 9.4 • Ping in action

IGMP Do you remember the idea of IP multicast addresses, described in Chap- ter 7? The challenge of multicasting is determining who wants to receive the multicast and who does not. The Internet Group Management Protocol (IGMP) enables routers to communicate with hosts to determine a “group”

A firewall is a device or software that filters all the packets between two computers (or groups of computers) and acts like a club bouncer deciding who gets in and who gets blocked. Firewalls are vital for securing modern networks and will be discussed in Chapter 16.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 228

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

membership. As you might remember from Chapter 7, multicast is in the Class D range (224/4). Multicast addresses only use a small subnet of the Class D range; specifically, they are assigned the network ID of 224.0.0.0/4. Multicast doesn’t, however, assign IP addresses to individual hosts in the same manner as you’ve seen thus far. Instead, a particular multicast (called an IGMP group) is assigned to a 224.0.0.0/4 address, and those who wish to receive this multicast must tell their upstream router or switch (which must be configured to handle multicasts) that they wish to receive it. To do so, they join the IGMP group (Figure 9.5).

The Power of Port Numbers■■ If you want to understand the power of TCP/IP, you have to get seriously into port numbers. If you want to pass the CompTIA Network+ exam, you need to know how TCP/IP uses port numbers and you have to memorize a substantial number of common port numbers. As you saw in the previous chapter, port numbers make NAT work. As you progress through this book, you’ll see a number of places where knowledge of port numbers is critical to protect your network, make routers work better, and address a zillion other issues. There is no such thing as a network administrator who isn’t deeply into the magic of port numbers and who cannot manipulate them for his or her network’s needs.

Let’s review and expand on what you learned about port numbers in the previous chapter. Thus far, you know that every TCP/IP application requires a server and a client. Clearly defined port numbers exist for every popular or well-known TCP/IP application. A port number is a 16-bit value between 0 and 65535. Web servers, for example, use port number 80. Port numbers from 0 to 1023 are called well-known port numbers and are reserved for specific TCP/IP applications.

Figure 9.5 • IGMP in action

TCP/IP port numbers between 0 and 1023 are the well- known port numbers. You’ll find them at every party.

Cross Check Multicast

You first saw multicast in Chapter 7 when you learned about classful IP addressing. Refer to that chapter and see if you can answer these ques- tions. What IP numbers are reserved for multicast? What Class is that? What is the difference between unicast and multicast?

BaseTech

Chapter 9: TCP/IP Applications 229

When a Web client (let’s say your computer running Firefox) sends an HTTP ACK to a Web server to request the Web page, your comput- er’s IP packet looks like Figure 9.6.

As you can see, the destination port number is 80. The computer running the Web server reads the destination port number, telling it to send the incoming packet to the Web server program (Figure 9.7).

Figure 9.7 • Dealing with the incoming packet

The Web client’s source port number is generated pseudo- randomly by the Web client computer. This value varies by operat- ing system, but generally falls within the values 1024–5000—the port numbers classically assigned as ephemeral port numbers—and 49152– 65535—the dynamic or private port numbers.

In the early days of the Internet, only ports 1024–5000 were used, but modern computers can use up all of those. More port numbers were added later. The Internet Assigned Numbers Authority (IANA) today rec- ommends using only ports 49152–65535 as ephemeral port numbers. That’s what current versions of Windows use as well. Let’s redraw Figure 9.6 to show the more complete packet (Figure 9.8).

When the serving system responds to the Web client, it uses the ephemeral port number as the destination port to get the information back to the Web cli- ent running on the client computer (Fig- ure 9.9).

A C K

Figure 9.6 • HTTP ACK packet

A C K

Figure 9.8 • A more complete IP packet

Figure 9.9 • Returning the packet

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 230

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

Registered Ports The port numbers from 1024 to 49151 are called registered ports. Less- common TCP/ IP applications can register their ports with the IANA. Unlike well-known ports, anyone can use these port numbers for their servers or for ephemeral numbers on clients. Most operating systems steer away (or are in the process of steering away) from using these port numbers for ephemeral ports, opting instead for the dynamic/private port numbers. Here’s the full list of ports:

0–1023 Well-known port numbers 1024–49151 Registered ports 49152–65535 Dynamic or private ports

Each computer on each side of a session must keep track of the status of the communication. In the TCP/IP world, the session information (a combi- nation of the IP address and port number) stored in RAM is called a socket or endpoint. When discussing the data each computer stores about the con- nection between two computers’ TCP/IP applications, the term to use is socket pairs or endpoints. A session or connection refers to the connection in general, rather than anything specific to TCP/IP. Many people still use the term session, however. Here’s a summary of the terms used:

Terms for the connection data stored on a single computer— ■ socket or endpoint

Terms for the connection data stored on two computers about the ■ same connection—socket pairs or endpoints

Terms for the whole interconnection— ■ connection or session

As two computers begin to communicate, they store the information about the session—the endpoints—so they know where to send and receive data. At any given point in time, your computer probably has a large number of communications going on. If you want to know who your computer is com- municating with, you need to see this list of endpoints. As you’ll recall from Chapter 8, Windows, Linux, and Mac OS X come with netstat, the universal “show me the endpoint” utility. The netstat utility works at the command line, so open one up and type netstat –n to see something like this:

C:\>netstat –n Active Connections Proto Local Address Foreign Address State TCP 192.168.4.27:57913 209.29.33.25:80 ESTABLISHED TCP 192.168.4.27:61707 192.168.4.10:445 ESTABLISHED C:\>

When you run netstat –n on a typical computer, you’ll see many more than just two connections! The preceding example is simplified for purposes of discussing the details. It shows two connections: My comput- er’s IP address is 192.168.4.27. The top connection is an open Web page (port 80) to a server at 209.29.33.25. The second connection is an open Win- dows Network browser (port 445) to my file server (192.168.4.10). Looking on my Windows Desktop, you would certainly see at least these two win- dows open (Figure 9.10).

Even though almost all operating systems use netstat, there are subtle differences in options and output among the different versions.

BaseTech

Chapter 9: TCP/IP Applications 231

Figure 9.10 • Two open windows

Don’t think that a single open application always means a single con- nection. The following example shows what netstat –n looks like when I open the well-known www.microsoft.com Web site (I took out the con- nections that were not involved with the Web browser’s connections to www.microsoft.com):

C:\>netstat -n Active Connections Proto Local Address Foreign Address State TCP 192.168.4.27:50015 80.12.192.40:80 ESTABLISHED TCP 192.168.4.27:50016 80.12.192.40:80 ESTABLISHED TCP 192.168.4.27:50017 80.12.192.40:80 ESTABLISHED TCP 192.168.4.27:50018 80.12.192.40:80 ESTABLISHED TCP 192.168.4.27:50019 80.12.192.40:80 ESTABLISHED TCP 192.168.4.27:50020 80.12.192.51:80 ESTABLISHED TCP 192.168.4.27:50021 80.12.192.40:80 ESTABLISHED TCP 192.168.4.27:50022 80.12.192.40:80 ESTABLISHED TCP 192.168.4.27:50023 80.12.192.40:80 ESTABLISHED TCP 192.168.4.27:50024 80.12.192.40:80 ESTABLISHED TCP 192.168.4.27:50025 80.12.192.51:80 ESTABLISHED TCP 192.168.4.27:50027 80.12.192.40:80 ESTABLISHED TCP 192.168.4.27:50028 80.12.192.40:80 ESTABLISHED TCP 192.168.4.27:50036 80.12.192.75:80 ESTABLISHED

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 232

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

A single simple Web page needs only a single connection, but this Web page is very complex. Different elements in the Web page, such as adver- tisements, each have their own connection.

You will see the powerful netstat tool used throughout this book. The CompTIA Network+ exam also tests your netstat skills. On the other hand, connections come and go constantly on your computer and netstat, being a command-line utility, can’t update to reflect changes automatically. All of the cool, hip, network techs use graphical endpoint tools. Take a moment right now and download the popular, powerful, and completely free TCPView, written by Mark Russinovich, the Guru of Windows utilities. Just type TCPView into your search engine to find it or try going here:

http://technet.microsoft.com/en-us/sysinternals/default.aspx

Click the Networking Utilities icon to get the latest copy. Figure 9.11 shows TCPView in action. Note the red and green bars: red is for clos- ing connections and green shows new connections as they appear.

TCPView won’t work on any- thing but Windows, but other operating systems have equivalent programs. Linux folks often use the popular Net Activity Viewer (Fig- ure 9.12). You can grab a copy of this program here:

http://netactview.sourceforge.net

Connection Status Connection states change continu- ally and it’s helpful when using tools such as netstat or TCPView to understand their status at any given moment. Let’s look at the status of connections so you under- stand what each means—this infor- mation is useful for determining what’s happening on networked computers.

A socket that is prepared to respond to any IP packets destined for that socket’s port number is called an open port or listening port. Every serving application has an open port. If you’re running a Web server on a computer, for example, it will have an open port 80. That’s easy enough to appreciate, but you’ll be amazed at the number of open ports on just about any com- puter. Fire up a copy of netstat and type netstat –an to see all of your

The netstat utility enables you to see active TCP/IP connections at a glance.

Figure 9.11 • TCPView in action

listening ports. Running netstat –an gives a lot of information, so let’s just look at a small amount:

The –a switch tells netstat to show all used ports. The –n instructs netstat to show raw port numbers and IP addresses.

BaseTech

Chapter 9: TCP/IP Applications 233

listening ports. Running netstat –an gives a lot of information, so let’s just look at a small amount:

Figure 9.12 • Net Activity Viewer in action

C:\>netstat –an Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:7 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:912 0.0.0.0:0 LISTENING TCP 0.0.0.0:990 0.0.0.0:0 LISTENING TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING TCP 127.0.0.1:52144 127.0.0.1:52145 ESTABLISHED TCP 127.0.0.1:52145 127.0.0.1:52144 ESTABLISHED TCP 127.0.0.1:52146 127.0.0.1:52147 ESTABLISHED TCP 127.0.0.1:52147 127.0.0.1:52146 ESTABLISHED TCP 192.168.4.27:139 0.0.0.0:0 LISTENING TCP 192.168.4.27:52312 74.125.47.108:80 TIME_WAIT TCP 192.168.4.27:57913 63.246.140.18:80 CLOSE_WAIT TCP 192.168.4.27:61707 192.168.4.10:445 ESTABLISHED

First, look at this line:

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

This line shows a listening port ready for incoming packets that have a destination port number of 445. Notice the local address is 0.0.0.0. This is how Windows tells you that the open port works on all NICs on this PC.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 234

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

In this case, my PC has only one NIC (192.168.4.27), but even if you have only one NIC, netstat still shows it this way. This computer is sharing some folders on the network. At this moment, no one is connected, so netstat shows the Foreign Address as 0.0.0.0. Incoming requests use port number 445 to connect to those shared folders. If another computer on my network (192.168.4.83) was accessing the shared folders, this line would look like

TCP 192.168.4.27:445 192.168.4.83:1073 ESTABLISHED

Established ports are active, working endpoint pairs. Over time all connections eventually close like this one:

TCP 192.168.4.27:57913 63.246.140.18:80 CLOSE_WAIT

This line shows a Web browser making a graceful closure, meaning each side of the conversation sees the session closing normally.

Not all connections close gracefully. The following line shows a Web browser that has lost the connection to the other side and is waiting a defined amount of time:

TCP 192.168.4.27:52312 74.125.47.108:80 TIME_WAIT

This is called a timeout period. Most Web browsers time out in approxi- mately two minutes.

If data’s going to move back and forth between computers, some pro- gram must always be doing the sending and/or receiving. Take a look at this line from netstat –an:

TCP 192.168.4.27:52312 74.125.47.108:80 ESTABLISHED

You see the 80 and might assume the connection is going out to a Web server. But what program on the computer is sending it? Enter the com- mand netstat –ano (the –o switch tells netstat to show the process ID). Although you’ll see many lines, the one for this connection looks like this:

Proto Local Address Foreign Address State PID TCP 192.168.4.27:52312 74.125.47.108:80 ESTABLISHED 112092

Every running program on your computer gets a process ID (PID), a number used by the operating system to track all the running programs. Numbers aren’t very helpful to you, though, because you want to know the name of the running program. In most operating systems, finding this out is fairly easy to do. In Windows, type netstat –b:

Proto Local Address Foreign Address State TCP 127.0.0.1:43543 Sabertooth:43544 ESTABLISHED [firefox.exe]

In Linux, you can use the ps command:

michaelm@ubuntu:~$ ps PID TTY TIME CMD 3225 pts/1 00:00:00 bash 3227 pts/1 00:00:00 ps

If you want to find out the PID of a process, you can use the trusty Task Manager. The PIDs are hidden, by default, in modern versions of Windows, but they are easy to enable. Simply fire up Task Manager, select the Pro- cesses tab, select the View menu, and click the Select Columns... option.

BaseTech

Chapter 9: TCP/IP Applications 235

The first option in the list will be PID (Process Identifier). Check the box and then click OK. Task Manager will now show you the PID for all run- ning programs.

Another great tool for discovering a process PID (and a whole lot more) is Mark Russinovich’s Process Explorer; it is a perfect tool for this (Fig- ure 9.13). The figure shows Process Explorer scrolled down to the bottom so you can see the program using PID 112092—good old Firefox!

Figure 9.13 • Process Explorer

You might be tempted to say “Big whoop, Mike—what else would use port 80?” Then consider the possibility that you run netstat and see a line like the one just shown, but you don’t have a browser open! You determine the PID and discover the name of the process is “Evil_Overlord.exe.” Some- thing is running on your computer that should not be there.

To get Process Explorer, enter Process Explorer in your search engine to find it or try going here: http://technet.microsoft.com/ en-us/sysinternals/default.aspx Click the Process Utilities icon to get the latest copy.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 236

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

Understanding how TCP/IP uses ports is a base skill for any network tech. To pass the CompTIA Network+ exam, you need to memorize a num- ber of different well-known ports and even a few of the more popular regis- tered ports. You must appreciate how the ports fit into the process of TCP/ IP communications and know how to use netstat and other tools to see what’s going on inside your computer.

The biggest challenge is learning what’s supposed to be running and what’s not. No one on Earth can run a netstat command and instantly recog- nize every connection and why it’s running, but a good network tech should know most of them. For those connections that a tech doesn’t recognize, he or she should know how to research them to determine what they are.

Rules for Determining Good vs. Bad Communications Here is the general list of rules I follow for determining good versus bad communications (as far as networking goes, at least!):

Memorize a bunch of known ports for common TCP/IP 1. applications. The next section in this chapter will get you started.

Learn how to use netstat to see what’s happening on your computer. 2. Learn to use switches such as –a, –n, –o, and –b to help you define what you’re looking for.

Take the time to learn the ports that normally run on your operating 3. system. When you see a connection using ports you don’t recognize, figure out the process running the connection using a utility such as Linux’s ps or Process Explorer for Windows.

Take the time to learn the processes that normally run on your 4. operating system. Most operating systems have their own internal programs (such as Windows’ SVCHOST.EXE) that are normal and important processes.

When you see a process you don’t recognize, just enter the filename of 5. the process in a Web search. Hundreds of Web sites are dedicated to researching mystery processes that will tell you what the process does.

Get rid of bad processes.6.

Common TCP/IP Applications■■ Finally! You now know enough about the Transport layer, port numbering, and sockets to get into some of the gritty details of common TCP/IP appli- cations. There’s no pretty way to do this, so let’s start with the big daddy of them all, the Web.

The World Wide Web Where would we be without the World Wide Web? If you go up to a non- nerd and say “Get on the Internet,” most of them will automatically open a Web browser, because to them the Web is the Internet. The Internet is the

BaseTech

Chapter 9: TCP/IP Applications 237

infrastructure that enables the Web to function, but it’s certainly more than just the Web. I think it’s safe to assume you’ve used the Web, firing up your Web browser to surf to one cool site after another, learning new things, clicking links, often ending up somewhere completely unexpected . . . it’s all fun! This section looks at the Web and the tools that make it func- tion, specifically the protocols that enable communication over the Internet.

The Web is composed of serv- ers that store specially format- ted documents using a language called Hypertext Markup Lan- guage (HTML). Figure 9.14 shows the Web interface built into my router.

HTML has been around for a long time and, as a result, has gone through many versions. Today many pages are being written in an updated HTML version called HTML 5, though the specification has not been finalized as of this writing. See Figure 9.15.

Figure 9.15 • HTML 5 source code

HTML is the most well- known markup language, but many others roam the Web today. Expect to see the Extensible Markup Language (XML) on the exam as well. XML provides the basic format or language for everything from application programming interfaces (APIs) to Microsoft Office documents.

Figure 9.14 • My router’s Web page

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 238

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

Web browsers are designed to request HTML pages from Web servers and then open them. To access a Web page, you enter http:// plus the IP address of the Web server. When you type the address of a Web server, such as http://192.168.4.1, you tell the browser to go to 192.168.4.1 and ask for a Web page. All Web servers have a default Web page that they open unless you enter something more complex like http://192.168.4.1/status.

Granted, most people don’t enter IP addresses into browsers, but rather enter text like www.totalsem.com or www.google.com. Memoriz- ing text addresses is much easier than memorizing IP addresses. Web site text addresses use a naming protocol called Domain Name System (DNS), which you will learn about in the next chapter. For now, just enter the IP address as shown.

HTTP The Hypertext Transfer Protocol (HTTP) is the underlying protocol used by the Web, and it runs, by default, on TCP port 80. When you enter http:// at the beginning of a Web server’s IP address, you are identifying how mes- sages are formatted and transmitted, requesting and responding to the transfer of HTML-formatted files. HTTP defines what actions Web servers and browsers should take in response to various commands.

HTTP has a general weakness in its handling of Web pages: it relays commands executed by users without reference to any commands pre- viously executed. The problem with this is that Web designers continue to design more complex and truly interactive Web pages. HTTP is pretty dumb when it comes to remembering what people have done on a Web site. Luckily for Web designers everywhere, other technologies exist to help HTTP relay commands and thus support more-interactive, intelligent Web sites. These technologies include JavaScript/AJAX, server-side scripting, Adobe Flash, and cookies.

Publishing Web Pages Once you’ve designed and created an HTML document, you can share it with the rest of the world. To do so, you find a Web server that will “host” the page. You most certainly can install a Web server on a computer, acquire a public IP address for that computer, and host the Web site yourself. Self- hosting is a time-consuming and challenging project, though, so most peo- ple use other methods. Most Internet service providers (ISPs) provide Web servers of their own, or you can find relatively inexpensive Web hosting service companies. The price of Web hosting usually depends on the ser- vices and drive space offered. Web hosts typically charge around US$10 a month for simple Web sites.

One option that has been available for a while is free Web hosting. Usu- ally the services are not too bad, but free Web hosts have limitations. Nearly all free Web hosts insist on the right to place ads on your Web page. Third- party ads are not as much of an issue if you are posting a basic blog or fan Web page, but if you do any sort of business with your Web site, ads can be most annoying to your customers. The worst sort of free Web host services place pop-up ads over your Web page. Beyond annoying!

Once you have uploaded your HTML pages to your Web host, the Web server takes over. What’s a Web server? I’m glad you asked!

Most Web browsers are pretty forgiving. If you only type in 192.168.4.1, forgetting the “http://” part, they just add it for you.

Before connections to the Web became fast, many people used a completely different Internet service for swapping information, ideas, and files. USENET enjoyed great popularity for some years, though it barely survives today. Clients used the Network News Transfer Protocol (NNTP) to access USENET over TCP port 119. It might show up as an incorrect answer on the exam.

BaseTech

Chapter 9: TCP/IP Applications 239

Web Servers and Web Clients A Web server is a computer that delivers (or serves up) Web pages. Web servers listen on port 80, fetching requested HTML pages and sending them to browsers. You can turn any computer into a Web server by installing server software and connecting the machine to the Internet, but you need to consider the operating system and Web server program you’ll use to serve your Web site. Microsoft pushes Internet Information Services (IIS), shown in Figure 9.16.

Figure 9.16 • IIS in action

IIS enables you to set a maximum connection limit on your Web server based on available bandwidth and memory. This enables you to protect your network against an overwhelming number of requests due to a partic- ularly popular page or a type of malicious attack called a denial of service (DoS) attack. (More on the latter in Chapter 16.)

Microsoft builds an artificial 20-connection limit into Windows XP, Win- dows Vista, and Windows 7 so you should only run IIS on Server versions of Windows (unless you don’t expect too many people to visit your Web site at one time).

UNIX/Linux-based operating systems run Apache HTTP Server. As of this writing, Apache serves over 50 percent of the Web sites on the Inter- net. Apache is incredibly popular, runs on multiple operating systems (including Windows), and, best of all, is free! In comparison, even with the weight of Microsoft behind it, IIS still only commands about 25 percent market share.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 240

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

Apache is nothing more than an executable program and a bunch of text files, so it isn’t much to look at. To ease configuration, most Web adminis- trators use add-on graphical user interfaces (GUIs) such as Webmin that make administering Apache a breeze. Figure 9.17 illustrates the wonderful simplicity that is Webmin.

IIS and Apache are by far the most common Web servers on the Internet. In third place is Google Web Server (GWS). GWS, used only by Google’s servers, has about 5 percent of the total Web server market! After those three, there are literally hundreds of other Web servers, but you’ll rarely see them outside of small personal Web sites.

Web clients are the programs used to surf the Web. A client program (a Web browser) reads Web pages supplied by the Web server. To access a server, type either an IP address or, more commonly, the complete name of the Web server in the address bar. The complete name is often referred to as the uniform resource locator (URL).

Most browsers handle multiple functions, from reading HTML docu- ments to offering FTP services, and even serving as e-mail or newsgroup readers. (You’ll learn all about these functions later in the chapter.) The most popular Web browsers are Microsoft Internet Explorer, Mozilla Fire- fox, Apple Safari, Opera, and Google Chrome.

Figure 9.17 • Webmin Apache module

In early 2009, China released numbers for a Chinese-only Web server called QZHTTP server and, as with anything to do with China and population, the numbers for hosted sites are staggeringly large. If accurate and sustained, QZHTTP would supplant GWS as the third most popular Web server software.

Most Windows users just use Internet Explorer since it comes with Windows by default.

BaseTech

Chapter 9: TCP/IP Applications 241

Secure Sockets Layer and HTTPS HTTP is not a secure protocol. Any nosy person who can plug into a net- work can see and read the HTTP packets moving between a Web server and a Web client. Less than nice people can easily create a fake Web site to trick people into thinking it’s a legitimate Web site and then steal their user names and passwords. For an Internet application to be secure, it must have

Authentication ■ user names and passwords

Encryption ■ stirring up the data so others can’t read it

Nonrepudiation ■ source not able to deny a sent message

While all of Chapter 11 is dedicated to these concepts, I can’t mention HTTP without at least touching on its secure counterpart, HTTPS. The Web has blossomed into a major economic player, requiring serious security for those who wish to do online transactions (e-commerce). In the early days of e-commerce, people feared that a simple credit card transaction on a less-than-secure Web site could transform their dreams of easy online buying into a nightmare of being robbed blind and ending up living in a refrigerator box. I can safely say that it was never as bad as all that. And nowadays, many safeguards exist that can pro- tect your purchases and your anonymity. One such safe- guard is called Secure Sockets Layer (SSL). SSL is a protocol developed by Netscape for transmitting private docu- ments over the Internet. SSL works by using a public key to encrypt communication. This encrypted communica- tion is sent over an SSL con- nection and then decrypted at the receiving end using a private key. All the popular Web browsers and Web serv- ers support SSL, and many Web sites use the protocol to obtain confidential user infor- mation, such as credit card numbers. One way to tell if a site is using SSL is by looking at the Web page address. By convention, Web pages that use an SSL connection start with https instead of http.

HTTPS stands for Hypertext Transfer Protocol over SSL. HTTPS uses TCP port 443. You can also look for a small lock icon in the lower-right corner of your browser window. Figure 9.18 shows a typical secure Web page. The https: in the address and the lock icon are circled.

Many techs refer to HTTPS as Hypertext Transfer Protocol Secure, probably because it’s easier to explain to non-techs that way. Don’t be surprised to see it listed this way on the CompTIA Network+ exam.

Figure 9.18 • Secure Web page

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 242

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

The last few years have seen SSL replaced with the more powerful Trans- port Layer Security (TLS). Your secure Web page still looks the same as with SSL, so only the folks setting this up really care. Just make sure you know that SSL and TLS are functionally the same with Web pages. Read Chapter 11 for more details on SSL and TLS.

Telnet Roughly one billion years ago, there was no such thing as the Internet or even networks… Well, maybe it was only about 40 years ago, but as far as nerds like me are concerned, a world before the Internet was filled with brontosauruses and palm fronds. The only computers were huge monsters called mainframes and to access them required a dumb terminal like the one shown in Figure 9.19.

Operating systems didn’t have windows and pretty icons. The interface to the mainframe was a command line, but it worked just fine for the time. Then the cavemen who first lifted their heads up from the computer ooze known as mainframes said to themselves, “Wouldn’t it be great if we could access each other’s computers from the comfort of our own caves?” That was what started the entire concept of a network. Back then, the idea of sharing folders or printers or Web pages hadn’t been considered yet. The entire motivation for networking was so people could sit at their dumb termi- nals and, instead of accessing only their local mainframes, access totally different mainframes. The protocol to do this was called the Telnet Protocol or simply Telnet.

Even though PCs have replaced mainframes for the most part, Telnet still exists as the way to connect remotely to another computer via the command line (Figure 9.20). Tel- net runs on TCP port 23, enabling you to connect to a Telnet server and run commands on that server as if you were sit- ting right in front of it.

HTTP enables you to access the Web, but HTTPS gets you there securely. HTTPS uses TLS to provide the security.

Figure 9.19 • Dumb terminal (photo courtesy of DVQ)

Figure 9.20 • Telnet client

BaseTech

Chapter 9: TCP/IP Applications 243

This way, you can remotely administer a server and communicate with other servers on your network. As you can imagine, this is sort of risky. If you can remotely control a computer, what is to stop others from doing the same? Thankfully, Telnet does not allow just anyone to log on and wreak havoc with your network. You must enter a user name and password to access a Telnet server. Unfortunately, Telnet does not have any form of encryption. If someone intercepted the conversation between a Telnet client and Telnet server, he or she would see all of the commands you type as well as the results from the Telnet server. As a result, Telnet is rarely used on the Internet and has been replaced with Secure Shell (SSH), a terminal emulation program that looks exactly like Telnet but encrypts the data.

Even though Telnet is less common than SSH, Telnet is a popular sec- ond option to connect to almost anything on a trusted TCP/IP network. Most routers have Telnet access capability (although many router admins turn it off for security). Almost every operating system has a built-in Tel- net client and most operating systems—though not all Windows oper- ating systems—come with built-in Telnet servers. Almost every type of server application has some way for you to access it with Telnet. It was once quite common, for example, to administer Apache-based Web serv- ers through Telnet.

Telnet Servers and Clients The oldest Telnet server, found on UNIX and Linux systems, is the venerable telnetd. Like most UNIX/Linux servers, telnetd isn’t much to look at, so let’s move over to the Windows world. Since the halcyon days of Windows NT, Windows has come with a basic Telnet server. It is disabled, by default, in modern Windows systems, and for good reason: Telnet is a gaping security hole. The built-in server is very limited and Microsoft discourages its use. I prefer to use this great little third-party server called freeSSHd (Fig- ure 9.21). Note the name—freeSSHd, not “freeTelnet.” As Telnet fades away and SSH becomes more dominant, finding a Telnet- only server these days is hard. All of the popular Telnet servers are also SSH servers.

A Telnet client is the computer from which you log onto the remote server. Most operating systems have a built-in Telnet cli- ent that you run from a command prompt. Figure 9.22 shows the Telnet client built into Ubuntu Linux. Just open a terminal window and type telnet and the IP address of the Telnet server.

Telnet only enables command-line remote access; it does not enable GUI access. If you want to access another computer’s desktop remotely, you need another type of program.

Some versions of Windows Server came with a rather poor Telnet server that only allowed a maximum of two client connections.

Figure 9.21 • freeSSHd

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 244

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

Figure 9.22 • Ubuntu Telnet

Command-prompt Telnet clients lack a number of handy features. They can’t, for example, remember the IP addresses, user names, or passwords for Telnet servers, so every time you use Telnet, you have to enter all that information again. Third-party Telnet clients, such as the very popular PuTTY, which you saw in Chapter 8, store all this information and much more (Figure 9.23).

Figure 9.23 • PuTTY

BaseTech

Chapter 9: TCP/IP Applications 245

Configuring a Telnet Client When you configure a Telnet client, you must provide the host name, your user login name, and the password. As I mentioned previously, you must have permission to access the server to use Telnet. A host name is the name or IP address of the computer to which you want to connect. For instance, you might connect to a Web server with the host name websrv.mhteched. com. The user login name you give Telnet should be the same login name you’d use if you logged into the server at its location. Some computers, usually university libraries with online catalogs, have open systems that enable you to log in with Telnet. These sites either display a banner before the login prompt that tells you what login name to use, or they require no login name at all. As with the login name, you use the same password for a Telnet login that you’d use to log into the server directly. It’s that simple. Computers with open access either tell you what password to use when they tell you what login name to use, or they require no login name/ password at all.

Rlogin, RSH, and RCP The CompTIA Network+ exam tests you on rlogin, RSH, and RCP. These are three old-school programs in the UNIX world. The R stands for remote, and, like Telnet and SSH, these programs provide remote access and control of servers. Also like Telnet, they do not encrypt data and thus should not be used across the Internet. Here is a quick breakdown of the suite:

■ Remote Login (rlogin) works very similarly to Telnet. You simply run the program with the host name of the server, and you can connect and run commands just like with Telnet. Rlogin has one very nice advantage over Telnet in that you can configure it to log in automatically without needing to enter a user name and password. It only connects to UNIX hosts, unlike Telnet. Rlogin works over TCP port 513.

■ Remote Shell (RSH) enables you to send single commands to the remote server. Whereas rlogin is designed to be used interactively, RSH can be easily integrated into a script. RSH runs over TCP port 514 by default.

■ Remote Copy Protocol (RCP) provides the capability to copy files to and from the remote server without needing to resort to FTP or NFS (Network File System, the UNIX form of folder sharing). RCP can also be used in scripts and shares TCP port 514 with RSH.

SSH and the Death of Telnet From the earliest days of the Internet, Telnet has seen long and heavy use in the TCP world, but it suffers from lack of any security. Telnet passwords as well as data are transmitted in cleartext and are thus easily hacked. To that end, SSH has now replaced Telnet for any serious terminal emulation. In terms of what it does, SSH is extremely similar to Telnet in that it creates a terminal connection to a remote host. Every aspect of SSH, however, includ- ing both login and data transmittal, is encrypted. SSH also uses TCP port 22 instead of Telnet’s port 23.

Telnet enables you to control a remote computer from a local computer over a network.

SSH enables you to control a remote computer from a local computer over a network, just like Telnet. Unlike Telnet, SSH enables you to do it securely!

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 246

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

E-mail Electronic mail (e-mail) has been a major part of the Internet revolution and not just because it has streamlined the junk mail industry. E-mail provides an extremely quick way for people to communicate with one another, letting you send messages and attachments (like documents and pictures) over the Internet. It’s normally offered as a free service by ISPs. Most e-mail client programs provide a rudimentary text editor for composing messages, but many can be configured to let you edit your messages using more sophis- ticated editors.

E-mail consists of e-mail clients and e-mail servers. When a message is sent to your e-mail address, it is normally stored in an electronic mailbox on your e-mail server until you tell the e-mail client to download the message. Most e-mail client programs can be configured to signal you in some way when a new message has arrived or to download e-mails automatically as they come to you. Once you read an e-mail message, you can archive it, for- ward it, print it, or delete it. Most e-mail programs are configured to delete messages from the e-mail server automatically when you download them to your local machine, but you can usually change this configuration option to suit your circumstances.

E-mail programs use a number of application-level protocols to send and receive information. Specifically, the e-mail you find on the Internet uses SMTP to send e-mail, and either POP3 or IMAP4 to receive e-mail.

SMTP, POP3, and IMAP4, Oh My! The following is a list of the different protocols that the Internet uses to transfer and receive mail:

SMTP The Simple Mail Transfer Protocol (SMTP) is used to send e-mail. SMTP travels over TCP port 25 and is used by clients to send messages.

POP3 Post Office Protocol version 3 (POP3) is one of the two protocols that receive e-mail from SMTP servers. POP3 uses TCP port 110. Most e-mail clients use this protocol, although some use IMAP4.

IMAP4 Internet Message Access Protocol version 4 (IMAP4) is an alternative to POP3. Like POP3, IMAP4 retrieves e-mail from an e-mail server. IMAP4 uses TCP port 143 and supports some features that are not supported in POP3. For example, IMAP4 enables you to search through messages on the mail server to find specific keywords and select the messages you want to download onto your machine. IMAP4 also supports the concept of fold- ers that you can place on the IMAP4 server to organize your e-mail. Some POP3 e-mail clients have folders, but that’s not a part of POP3, just a nice feature added to the client.

Alternatives to SMTP, POP3, and IMAP4 Although SMTP, POP3, and IMAP4 are by far the most common and most traditional tools for sending and receiving e-mail, two other options are widely popular: Web-based e-mail and proprietary solutions. Web-based mail, as the name implies, requires a Web interface. From a Web browser,

BaseTech

Chapter 9: TCP/IP Applications 247

you simply surf to the Web- mail server, log in, and access your e-mail. The cool part is that you can do it from any- where in the world where you find a Web browser and an Internet hookup! You get the benefit of e-mail with- out even needing to own a computer. Some of the more popular Web-based services are Google’s Gmail (Figure 9.24), Microsoft’s Windows Live Hotmail, and Yahoo!’s Yahoo! Mail.

The key benefits of Web- based e-mail services are as follows:

You can access your ■ e-mail from anywhere.

They’re free. ■

They’re handy for throw-away accounts (like when you’re required ■ to give an e-mail address to download something, but you know you’re going to get spammed if you do).

E-mail Servers The e-mail server world is much more fragmented than the Web server world. The current leader is sendmail used on Linux and UNIX operating systems. Like Apache, sendmail doesn’t really have an interface, but many different third-party interfaces are available to help configure sendmail, such as Webmin shown in Figure 9.25.

Sendmail controls about 20 percent of all e-mail serv- ers but only uses SMTP. You must run a POP3 or IMAP4 server program to support e-mail clients. Programs like Eudora’s Qpopper handle sending mail to POP3 e-mail

Figure 9.24 • Gmail in action

Figure 9.25 • Webmin with the sendmail module

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 248

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

clients. Microsoft, of course, has its own e-mail server, Microsoft Exchange Server, and like IIS, it only runs on Windows (Figure 9.26). Exchange Server is both an SMTP and a POP3 server in one package.

E-mail servers accept incoming mail and sort out the mail for recipients into individual storage area mailboxes. These mailboxes are special separate holding areas for each user’s e-mail. An e-mail server works much like a post office, sort- ing and arranging incoming messages, and kicking back those messages that have no known recipient.

E-mail servers are difficult to manage. E-mail servers store user lists, user rights, and messages, and are constantly involved in Internet traffic and resources. Setting up and administering an e-mail server takes a lot of planning, although it’s getting easier. Most e-mail server software runs in a GUI, but even the command-line-based interface of e-mail servers is becoming more intuitive.

E-mail Client An e-mail client is a program that runs on a computer and enables you to send, receive, and organize e-mail. The e-mail client program communi- cates with the SMTP e-mail server to send mail and com- municates with the IMAP or POP e-mail server to down- load the messages from the e-mail server to the client computer. There are hun- dreds of e-mail programs, some of the most popu- lar of which are Microsoft Outlook, Microsoft’s Win- dows Mail (Figure 9.27), Mozilla Thunderbird, and Qualcomm’s Eudora.

Configuring an E-mail Client Configuring a cli- ent is an easy matter. Your

Figure 9.26 • Microsoft Exchange Server

Figure 9.27 • Windows Mail

BaseTech

Chapter 9: TCP/IP Applications 249

mail administrator will give you the server’s domain name and your mailbox’s user name and password. You need to enter the POP3 or IMAP4 server’s domain name and the SMTP server’s domain name to the e-mail client (Figure 9.28). Every e-mail client has a different way to add the server domain names or IP addresses, so you may have to poke around, but you’ll find the option there somewhere! In many cases, this may be the same name or address for both the incoming and outgoing serv- ers—the folks administering the mail servers will tell you. Besides the e-mail server domain names or addresses, you must also enter the user name and password of the e-mail account the client will be managing.

FTP File Transfer Protocol (FTP) is the original protocol used on the Internet for transferring files. Although HTTP can be used to transfer files as well, the transfer is often not as reliable or as fast as with FTP. In addition, FTP can do the transfer with security and data integrity. FTP uses TCP ports 21 and 20 by default, although passive FTP only uses port 21 for a default. See the discussion on active versus passive FTP later in this chapter.

FTP sites are either anonymous sites, meaning that anyone can log on, or secured sites, meaning that you must have a user name and password to access the site and transfer files. A single FTP site can offer both anonymous access and protected access, but you’ll see different resources depending on which way you log in.

FTP Servers and FTP Clients The FTP server does all the real work of storing the files, accepting incom- ing connections and verifying user names and passwords, and transferring the files. The client logs onto the FTP server (either from a Web site, a com- mand line, or a special FTP application) and downloads the requested files onto the local hard drive.

FTP Servers We don’t set up servers for Internet applications nearly as often as we set up clients. I’ve set up only a few Web servers over the years whereas I’ve set up thousands of Web browsers. FTP servers are the one exception, as we nerds like to exchange files. If you have a file you wish to share with a lot of people (but not the entire Internet), there are few options

Figure 9.28 • Entering server information in Windows Mail

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 250

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

better than whipping up a quick FTP server. Most versions of Linux/UNIX have built-in FTP servers, but many third-party applications offer better solutions. One of the best, especially for those “let me put up an FTP server so you guys can get a copy” type of situations, is Mozilla’s FileZilla Server (Figure 9.29).

FTP is not very secure because data transfers are not encrypted, so you don’t want to use FTP for sensi- tive data. But you can add user names and passwords to prevent all but the most serious hackers from access- ing your FTP server. I avoid using the anonymous login because unscrupulous peo- ple could use the server for exchanging illegal software.

Another thing to check when deciding on an FTP server setup is the number of clients you want to support. Most anonymous FTP sites limit the number of users who may download at any one time to around 500. This protects you from a sudden influx of users flooding your server and eating up all your Internet bandwidth.

Most Web servers are also FTP servers. These bundled versions of FTP servers are robust but do not provide all the options one might want.

Figure 9.29 • FileZilla Server

Try This! Doing FTP

Never done FTP? Do a Web search for “Public FTP servers” and try accessing them from your Web browser. Then download a dedicated FTP client and try again! There are thousands of public FTP servers out there.

FTP Clients FTP clients, as noted before, can access an FTP server through a Web site, a command line, or a special FTP application. Usually special FTP applications offer the most choices for accessing and using an FTP site.

You have many choices when it comes to FTP clients. For starters, some Web browsers handle FTP as well as HTTP, although they lack a few fea- tures. For example, Firefox only supports an anonymous login. To use your Web browser as an FTP client, type ftp:// followed by the IP address or domain name of the FTP server (Figure 9.30).

Every operating system has a command-line FTP client. I avoid using them unless I have no other choice because they lack important features like the ability to save FTP connections to use again later.

BaseTech

Chapter 9: TCP/IP Applications 251

The best way to use FTP is to use a dedicated FTP client. So many good ones are available that I find myself using a differ- ent one all the time. FileZilla comes in a client version, but these days, I’m using an add-on to Firefox called FireFTP (Fig- ure 9.31).

Passive vs. Active FTP FTP has two ways to transfer data: active and passive FTP. Tra- ditionally, FTP uses the active process—let’s see how this works. Remember that FTP uses TCP ports 20 and 21? Well, when your client sends an FTP request, it goes out on port 21. When your FTP server responds, however, it sends the data back using an ephemeral destination port and port 20 as a source port.

Active FTP works great unless your client uses NAT. Since your client didn’t initiate the incoming port 20, your NAT router has no idea where to send this incoming packet. Additionally, any good firewall sees this incom- ing connection as something evil because it doesn’t have anything inside the network that started the link on port 20. No problem! Good FTP clients

Figure 9.31 • FireFTP hard at work

FTP Clients FTP clients, as noted before, can access an FTP server through a Web site, a command line, or a special FTP application. Usually special FTP applications offer the most choices for accessing and using an FTP site.

You have many choices when it comes to FTP clients. For starters, some Web browsers handle FTP as well as HTTP, although they lack a few fea- tures. For example, Firefox only supports an anonymous login. To use your Web browser as an FTP client, type ftp:// followed by the IP address or domain name of the FTP server (Figure 9.30).

Figure 9.30 • FTP in a Web browser

Tech Tip

Firefox Add-Ons Firefox enables programmers to create add-ons, small programs that extend the capabilities of the browser with some pretty impressive results. Are you unfamiliar with Firefox add-ons? Start Firefox. Click Firefox/Add- ons (or Tools/Add-ons in older versions), and a whole new world will open for you. A couple of my favorites are Mouse Gestures— where you can flick the mouse left or right to navigate through windows and Web sites you’ve visited—and Speed Dial—quick access to your favorite sites.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 252

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

all support passive FTP. With passive FTP, the server doesn’t use port 20. Instead, the client sends an FTP request on port 21, just like active FTP. But then the server sends back a random port number, telling the client which port it’s listening on for data requests. The client, in turn, sends data to the port specified by the FTP server. Because the client initiates all conversa- tions, the NAT router knows where to send the packet.

The only trick to passive FTP is that the client needs to expect this other incoming data. When you configure an FTP client for passive, you’re telling it to expect these packets.

Internet Applications Use this table as a review tool to help you remember each Internet application:

Application TCP/UDP Port Notes

HTTP TCP 80 The Web

HTTPS TCP 443 The Web, securely

Telnet TCP 23 Terminal emulation

SSH TCP 22 Secure terminal emulation

SMTP TCP 25 Sending e-mail

POP3 TCP 110 E-mail delivery

IMAP4 TCP 143 E-mail delivery

FTP TCP 20/21 (active) 21 (passive)

File transfer

TFTP UDP 69 File transfer

Trivial File Transfer Protocol (TFTP) is used for transferring files and has a similar-sounding name to FTP, but beyond that it is very different. TFTP uses UDP port 69 and does not use user names and passwords, although you can usually set some restrictions based on the client’s IP address. TFTP is not at all secure, so never use it on any network that’s less than trustworthy.

BaseTech

253 Chapter 9: TCP/IP Applications

Chapter 9 Review■■

Chapter Summary ■

After reading this chapter and completing the exercises, you should understand the following about the basics of TCP/IP.

Describe common Transport and Network layer protocols

TCP/IP involves many more protocols other ■ than just TCP over IP. HTTP, DHCP, POP, UDP, and ICMP are just a few of the hundreds of other protocols that operate over IP.

Connections between computers are called ■ sessions. If every communication requires an acknowledgment from the receiving computer, the session is said to be connection-oriented. Otherwise, the session is connectionless.

TCP is a connection-oriented protocol whereas ■ UDP is connectionless. Most TCP/IP applications use TCP because connection-oriented sessions are designed to check for errors. If a receiving computer detects a missing packet, it just asks for a repeat as needed.

ICMP works at Layer 3 to deliver connectionless ■ packets. ICMP handles mundane issues such as disconnect messages (host unreachable) that applications use to let the other side of a session know what’s happening.

IGMP enables routers to forward multicast IP ■ packets to IGMP groups.

Explain the power of port numbers

Well-known port numbers fall within the range ■ 0–1023. Web servers use port 80.

Ephemeral port numbers fall within the range ■ 1024–5000—the classic ephemeral ports—and 49152–65535—the dynamic or private ports. Most current operating systems use ports 49152–65535 for the ephemeral ports.

Registered ports are those that have been ■ registered with the Internet Assigned Numbers Authority and fall within the range 1024–49151.

Information about a session is stored in RAM ■ and is called a socket. The sockets stored by two

computers in a session with each other are called socket pairs or endpoints.

The netstat command-line utility, with the ■ –n switch, is used to view a list of endpoints. It can’t automatically update to display real-time information, however.

An open port, or listening port, is a socket ■ prepared to respond to incoming IP packets. You can type netstat –an to see all of your listening ports.

You can use the ■ netstat –ano command to identify which application is using a specific port, allowing you to identify malicious software.

The netstat switches ■ –a, –n, -b, and –o are important for any tech to know.

Define common TCP/IP applications, such as HTTP, HTTPS, Telnet, e-mail (SMTP, POP3, and IMAP4), and FTP

HTTP stands for the Hypertext Transfer Protocol. ■ HTTP uses port 80 to transmit the common data used in Web pages.

To make Web pages available to the public, the ■ Web pages must reside on a computer with Web server software installed and configured. Microsoft’s Internet Information Services and Apache HTTP Server are the most common Web server software.

A Web client is a program, such as a Web browser, ■ that displays or reads Web pages.

HTTPS stands for Hypertext Transfer Protocol ■ over Secure Sockets Layer (SSL), which uses port 443. HTTPS protects sensitive data, like credit card numbers and personal information, by encrypting it.

Telnet is a protocol that enables a user with the ■ proper permissions to log onto a host computer, acting as a Telnet client. The user can then perform tasks on a remote computer, called a Telnet server, as if he or she were sitting at the remote computer itself.

254 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

Telnet sends passwords and data in easily detected ■ cleartext or plaintext, so most servers use Secure Shell (SSH) now.

The UNIX utilities rlogin, RSH, and RCP enable a ■ user to issue commands to a server remotely. They should not be used across the Internet because none of them encrypt data.

The term e-mail stands for electronic mail. E-mail ■ is sent using the SMTP protocol on port 25 and is received using either POP3 (on port 110) or IMAP4 (on port 143).

E-mail servers are needed to help forward, store, ■ and retrieve e-mail messages for end users, who need a valid user name and password to gain access. E-mail can also contain attachments like pictures or small programs or data files.

Sendmail is the leading e-mail server for Linux and ■ UNIX, but it only supports SMTP. Exchange Server is the e-mail server software from Microsoft, and it supports both SMTP and POP.

A mailbox is a storage area with an e-mail server ■ that holds all the e-mail for a specific user.

An e-mail client allows you to send, receive, and ■ organize e-mail. Popular e-mail clients include Microsoft Outlook, Windows Mail, Mozilla Thunderbird, and Qualcomm’s Eudora.

FTP stands for File Transfer Protocol, which uses ■ ports 20 and 21, and efficiently transmits large files. Many FTP sites allow anonymous access to avoid end users sending their passwords in cleartext format.

Active FTP uses both ports 20 and 21 and can be ■ problematic if you are using NAT. The incoming connection from the server can appear to be unsolicited. These make firewalls unhappy.

Passive FTP uses only port 21 and works fine ■ with NAT.

Trivial FTP (TFTP) uses UDP port 69 and does ■ not use user names or passwords, making it very insecure.

A good network tech knows the port numbers for ■ popular Internet applications and protocols such as HTTP, Telnet, SSH, SMTP, POP3, IMAP4, FTP, and TFTP.

Key Terms ■ Apache HTTP Server (239) connection (230) connectionless (225) connection-oriented (225) dynamic port number (229) electronic mail (e-mail) (246) e-mail client (248) endpoint (230) endpoints (230) ephemeral port number (229) File Transfer Protocol (FTP) (249) Hypertext Transfer Protocol (HTTP) (238) Hypertext Transfer Protocol over SSL (HTTPS) (241) Internet Control Message Protocol (ICMP) (227) Internet Group Management Protocol (IGMP) (227) Internet Information Services (IIS) (239) Internet Message Access Protocol version 4

(IMAP4) (246) listening port (232) mailbox (248) netstat (230)

open port (232) Post Office Protocol version 3 (POP3) (246) private port number (229) registered port (230) Remote Copy Protocol (RCP) (245) Remote Login (rlogin) (245) Remote Shell (RSH) (245) Secure Shell (SSH) (243) Secure Sockets Layer (SSL) (241) sendmail (247) session (225) Simple Mail Transfer Protocol (SMTP) (246) socket (230) socket pairs (230) TCP three-way handshake (226) Telnet (242) Transmission Control Protocol (TCP) (225) Trivial File Transfer Protocol (TFTP) (227) User Datagram Protocol (UDP) (226) well-known port number (228)

BaseTech

255 Chapter 9: TCP/IP Applications

Key Term Quiz ■

Use the Key Terms list to complete the sentences that follow. Not all terms will be used.

The TCP port numbers ranging from 0–1023 are 1. called _______________.

The TCP port numbers ranging from 1024–49151 2. are called _______________.

The protocol used to transmit large files over 3. the Web using both ports 20 and 21 is called _______________.

The protocol that is not as popular as POP3 for 4. receiving e-mail is _______________.

Port 23 is used by _______________ to emulate 5. terminals on TCP/IP networks.

When you send out an e-mail message it uses 6. _______________.

The quickest way to send information about an 7. upcoming meeting to a few co-workers would be to send a(n) _______________.

The _______________ utility can be used to view 8. the endpoints of your computer’s sessions.

Telnet has largely been replaced by 9. _______________, which provides better security through data encryption.

TCP is _______________ in that it requires 10. computers to acknowledge each other, whereas UDP is _______________ in that it provides no guarantee packets were successfully received.

Multiple-Choice Quiz ■ What port number is the well-known port used 1. by Web servers to distribute Web pages to Web browsers?

Port 20A.

Port 21B.

Port 25C.

Port 80D.

What protocol handles large file transfers 2. between Internet users?

FTPA.

IMAPB.

POP3C.

SMTPD.

How can you tell that a secure Web page 3. transaction is taking place?

The URL in the address bar starts with https.A.

The URL in the address bar starts with B. http/ssl.

The URL in the address bar starts with ssl.C.

The URL in the address bar starts with tls.D.

Jane has been tasked to find and implement 4. an application that will enable her boss to log into and control a server remotely and securely. Which of the following applications would work best?

E-mailA.

FTPB.

TelnetC.

SSHD.

How do Web pages get created on the Internet?5.

By ICANNA.

By InterNICB.

By publishing themC.

By the FCCD.

Which of the following Microsoft operating 6. systems limit Web site access from other systems when using Internet Information Services software? (Select three.)

Windows XPA.

Windows VistaB.

Windows 7C.

Windows 2003 ServerD.

256 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 9

Which of the following are names of Web server 7. software? (Select two.)

ApacheA.

ExchangeB.

IISC.

Proxy serverD.

Which of the following are names of Internet 8. browser software? (Select two.)

Internet SurfwareA.

Internet ExplorerB.

FirefoxC.

WS_FTPD.

Which of the following items does the9. S in HTTPS represent?

Proxy serverA.

Secure Sockets LayerB.

Subnet maskC.

SwitchD.

When using Windows, which command will 10. show all used ports and the IP addresses using them?

telnet localhost 25A.

telnet –anoB.

netstat –anC.

netstat –aoD.

What is the main difference between TCP 11. and UDP?

TCP is connection-oriented, whereas UDP A. is connectionless.

TCP supports HTTPS, whereas UDP B. supports SSL.

TCP sessions can be encrypted, whereas UDP C. sessions cannot.

TCP is used on Windows, whereas UDP is D. used on Linux/UNIX/Mac OS X.

Which connectionless protocol handles mundane 12. chores like disconnect messages?

TCPA.

UDPB.

ICMPC.

IGMPD.

Which of the following provide Web services? 13. (Select three.)

ApacheA.

IISB.

GWSC.

ExchangeD.

Which Linux/UNIX utility enables you to 14. connect to a server automatically and run commands without entering a user name and password every time?

TelnetA.

rloginB.

RSHC.

RCPD.

What should you do if you are having difficulty 15. transferring files with your FTP client when your router supports NAT?

Configure your FTP client to use active FTP.A.

Configure your FTP client to use passive FTP.B.

Use SSH to transfer your files instead.C.

Use Telnet to connect to the server and then D. use netstat to transfer the files.

BaseTech

257 Chapter 9: TCP/IP Applications

Essay Quiz ■

Your company is interested in setting up secure 1. Web pages for credit card transactions. The company currently does have a Web presence. Write two short paragraphs describing the two different port numbers that would be used on the company’s improved Web site.

After checking various e-mail settings, a 2. colleague of yours mentions port numbers. Write down some quick notes about which TCP ports would handle e-mail.

Write down a few notes explaining why some 3. Web pages have an extra s after the http in their Web addresses. Be prepared to discuss your findings in class.

Write a paragraph that describes what a Web 4. server does. Write a second paragraph that describes what an e-mail server does.

Lab Project 9.1 •

Start some Internet programs, like a Web browser, an e-mail or FTP client, or an instant messenger. Open a command prompt and type netstat –ano or netstat -b. Make a list of the well-known ports in use and the process ID

using the port. Then write the actual name of the application identified by the process ID. Linux users can type ps to learn the application name of a process ID, but Windows users have to use a third-party tool like Process Explorer.

Lab Project 9.2 •

Using a word processing program or a spreadsheet program, create a chart that lists all the port numbers mentioned in this chapter, similar to the following list. Use the Internet to look up other commonly used port numbers as

well. Fill in the Abbreviation column, the Full Name column, and the Brief Description column. Repeat this lab exercise several times until you have memorized it fully. This activity will help you pass the CompTIA Network+ exam!

Port # Abbreviation Full Name Brief Description of What This Port Does…

20

21

22

23

25

80

110

143

443

Lab ProjectsLab Projects

chapter

258

10

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

Network Naming

What’s in a name? That which

we call a rose

By any other name would smell

as sweet.

—William ShakeSpeare

In this chapter, you will learn how to

Describe the function and ■■ capabilities of DNS

Configure and troubleshoot WINS■■

Use common TCP/IP utilities to ■■ diagnose problems with DNS and WINS

Did the last chapter seem a bit IP address-heavy to you? When you open a Web page, for example, do you normally type something like http://192.168.4.1, or do you usually type something like www.totalsem.com?

Odds are good you normally do the latter and only rarely the former. Why?

People are terrible at memorizing numbers, but are pretty good at memorizing

words. This creates an interesting dilemma.

Although computers use IP addresses to communicate with each other over

a TCP/IP network, people prefer easy-to-remember names over IP addresses. To

solve this problem, TCP/IP developers created a process called name resolution

to convert names to IP addresses (and vice versa) to make it easier for people to

communicate with computers (Figure 10.1).

Like any process that’s been around for a long time, name resolution has

gone through a number of evolutions over the years: some dramatic and some

subtle. Entire TCP/IP applications have been written, only to be supplanted (but

never totally abandoned) by newer name resolution protocols.

BaseTech

Chapter 10: Network Naming 259

Today, we use a single major name resolution proto- col called Domain Name System (DNS), but your brand- new system running the latest version of whatever oper- ating system you prefer still fully supports a number of much older name resolution protocols! Name resolution in today’s networking world is like a well-run home that’s also full of ghosts that can do very strange things if you don’t understand how those ghosts think.

In this chapter, you’ll take an in-depth tour of name resolution, starting with a discussion of DNS. After DNS, the chapter looks at one of the scariest ghosts running around inside your computer: an ancient and theoretically abandoned name resolution pro- tocol invented by Microsoft called Windows Internet Name Service (WINS). Despite what Microsoft claims, the ghost of WINS still lingers, not only on Windows computers but also on Linux and Mac OS X systems; as these folks discovered, if you don’t respect these ghosts, you won’t be able to do name resolution when you connect to a Windows computer.

Odds are good you have a system that is connected—or at least can connect—to the Internet. If I were you, I’d fire up that system because the vast majority of the programs you’re going to learn about here come free with every operating system. Finding them may be a challenge on some systems, but don’t worry—I’ll show you where they all hang out.

Historical/Conceptual

DNS■■ When the Internet was very young and populated with only a few hun- dred computers, name resolution was pretty simple. The original TCP/IP specification implemented name resolution using a special text file called HOSTS. A copy of this file was stored on every computer system on the Internet. The HOSTS file contained a list of IP addresses for every computer on the Internet, matched to the corresponding system names. Remember, not only was the Internet a lot smaller then, but also there weren’t yet rules about how to compose Internet names, such as that they must end in .com or .org, or start with www or ftp. Anyone could name their computer pretty much anything they wanted (there were a few restrictions on length and allowable characters) as long as nobody else had snagged the name first. Part of an old HOSTS file might look something like this:

192.168.2.1 fred 201.32.16.4 school2 123.21.44.16 server

Figure 10.1 • Turning names into numbers

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 260

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

If your system wanted to access the system called fred, it looked up the name fred in its HOSTS file and then used the corresponding IP address to contact fred. Every HOSTS file on every system on the Internet was updated every morning at 2 a.m. This worked fine when the Internet was still the province of a few university geeks and some military guys, but when the Internet grew to about 5000 systems, it became impractical to make every system use and update a HOSTS file. This created the motivation for a more scalable name resolution process, but the HOSTS file did not go away.

Believe it or not, the HOSTS file is still alive and well in every computer. You can find the HOSTS file in the \WinNT\System32\Drivers\Etc folder in Windows 2000, and in \Windows\System32\Drivers\Etc in Windows XP/2003/Vista/7. On OS X and Linux systems, you usually find it in the /etc/ folder. The HOSTS file is just a text file that you can open with any text editor. Here are a few lines from the default HOSTS file that comes with Windows.

# Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost

See the # signs? Those are remark symbols that designate lines as comments (for humans to read) rather than code. Windows ignores any line that begins with #. Remove the # and Windows will read the line and try to act on it. Although all operating systems continue to support the HOSTS file, it is rarely used in the day-to-day workings of most TCP/IP systems.

Even though the HOSTS file is rarely used, every operating system always looks first in the HOSTS file before anything else when attempting to resolve a name. To see the power of the HOSTS file, do the first Try This! sidebar in this chapter.

The Try This! sidebar example uses a Web browser, but keep in mind that a name in a HOSTS file resolves names for every TCP/IP application on that system. Go to a command prompt and type ping timmy. It works for ping too.

HOSTS files still have their place in today’s world. Many people place shortcut names in a HOSTS file to avoid typing long names in some TCP/IP applications. Yet even though HOSTS still has some use, for the most part, you use the vastly more powerful DNS.

Test Specific

How DNS Works The Internet folks, faced with the task of replacing HOSTS, first came up with the idea of creating one supercomputer that did nothing but resolve names for all the other computers on the Internet. There was one problem with that idea: even now, no computer is big enough or powerful enough to handle the job alone. So they fell back on that time-tested bureaucratic solution: delega- tion! The top-dog DNS system would delegate parts of the job to subsidiary

BaseTech

Chapter 10: Network Naming 261

DNS systems that, in turn, would delegate part of their work to other sys- tems, and so on, potentially without end. These systems run a special DNS server program and are called, amazingly enough, DNS servers.

This is all peachy, but it raises another issue: they needed some way to decide how to divvy up the work. Toward this end, the Internet folks cre- ated a naming system designed to facilitate delegation. The top-dog DNS server is actually a bunch of powerful computers dispersed around the world. They work as a team and are known collectively as the DNS root servers (or simply as the DNS root). The Internet name of this computer team is “.”—that’s right, just “dot.” Sure, it’s weird, but it’s quick to type, and they had to start somewhere.

DNS root has the complete definitive name resolution table, but most name resolution work is delegated to other DNS servers. Just below the DNS root in the hierarchy is a set of DNS servers—called the top-level domain servers—that handle what are known as the top-level domain (TLD) names. These are the famous com, org, net, edu, gov, mil, and int names (although many TLDs have been added since 2001). The top-level DNS servers del- egate to thousands of second-level DNS servers; these servers handle the millions of names like totalsem.com and whitehouse.gov that have been created within each of the top-level domains. Second-level DNS servers support individual computers. For example, stored on the DNS server con- trolling the totalsem.com domain is a listing that looks like this:

www 209.29.33.25

Try This! Editing the HOSTS File

Every Windows computer has a HOSTS file that you can edit, so try this!

Go to a command prompt and type 1. ping www.totalsem.com. You may or may not be successful with the ping utility, but you will get the IP address for my Web site. (You may get a different IP address from the one shown in this example.)

C:\>ping www.totalsem.com Pinging www.totalsem.com [209.29.33.25] with 32 bytes of data: Reply from 209.29.33.25: bytes=32 time=60ms TTL=51 Reply from 209.29.33.25: bytes=32 time=60ms TTL=51 Reply from 209.29.33.25: bytes=32 time=60ms TTL=51 Reply from 209.29.33.25: bytes=32 time=60ms TTL=51 Ping statistics for 209.29.33.25: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 60ms, Maximum = 60ms, Average = 60ms

Open your HOSTS file using any text editor and add this line 2. (keep in mind you may have a different IP address from the one shown in this example). Just press the Spacebar a few times to separate the IP address from the word “timmy.”

209.29.33.25 timmy

Save the HOSTS file and close the text editor.3.

Open your Web browser and type4. timmy. You can also type http://timmy if you’d like. What happens?

DNS servers primarily use UDP port 53 and sometimes TCP port 53.

The DNS root for the entire Internet consists of 13 powerful DNS server clusters scattered all over the world. Go to http://www.root-servers.org to see exactly where all the root servers are located.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 262

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

This means the totalsem.com domain has a computer called www with the IP address of 209.29.33.25. Only the DNS server controlling the totalsem.com domain stores the actual IP address for www.totalsem.com. The DNS servers above this one have a hierarchical system that enables any other computer to find the DNS server that controls the totalsem.com domain.

Name Spaces What does hierarchical mean in terms of DNS? Well, the DNS hierarchical name space is an imaginary tree structure of all possible names that could be used within a single system. By contrast, a HOSTS file uses a flat name space—basically just one big undivided list containing all names, with no grouping whatsoever. In a flat name space, all names must be absolutely unique—no two machines can ever share the same name under any cir- cumstances. A flat name space works fine on a small, isolated network, but not so well for a large organization with many interconnected networks. To avoid naming conflicts, all its administrators would need to keep track of all the names used throughout the entire corporate network.

A hierarchical name space offers a better solution, permitting a great deal more flexibility by enabling administrators to give networked sys- tems longer, more fully descriptive names. The personal names people use every day are an example of a hierarchical name space. Most people address our town postman, Ron Samuels, simply as Ron. When his name comes up in conversation, people usually refer to him as Ron. The town troublemaker, Ron Falwell, and Mayor Jones’s son, Ron, who went off to Toledo, obviously share first names with the postman. In some conversa- tions, people need to distinguish between the good Ron, the bad Ron, and the Ron in Toledo (who may or may not be the ugly Ron). They could use a medieval style of address and refer to the Rons as Ron the Postman, Ron the Blackguard, and Ron of Toledo, or they could use the modern West- ern style of address and add their surnames: “That Ron Samuels—he is such a card!” “That Ron Falwell is one bad apple.” “That Ron Jones was

the homeliest child I ever saw.” You might visualize this as the People name space, illustrated in Figure 10.2. Adding the surname creates what you might fancifully call a Fully Qualified Person Name— enough information to prevent confusion among the various peo- ple named Ron.

A name space most of you are already familiar with is the hier- archical file name space used by hard drive volumes. Hard drives formatted using one of the popular file formats, like Window’s NTFS or Linux’s ext3, use a hierarchical name space; you can create as many

The Internet Corporation for Assigned Names and Numbers (ICANN) has the authority to create new TLDs. Since 2001, they’ve added many TLDs, such as .biz for businesses, .info for informational sites, and .pro for accountants, engineers, lawyers, and physicians in several Western countries.

Tech Tip

Going Beyond Three- Tier Names The Internet DNS names are usually consistent with this three- tier system, but if you want to add your own DNS server(s), you can add more levels, allowing you to name a computer www. houston.totalsem.com if you wish. The only limit is that a DNS name can have a maximum of only 255 characters.

People of the World

Samuels

Ron Jim

Bob

Falwell

Ron Jim

Bob

Jones

Ron Jim

Bob

Figure 10.2 • Our People name space

The original top-level domain names were com, org, net, edu, gov, mil, and int.

BaseTech

Chapter 10: Network Naming 263

files named Data.txt as you want, as long as you store them in different parts of the file tree. In the example shown in Figure 10.3, two different files named Data.txt can exist simultaneously on the same system, but only if they are placed in different directories, such as C:\Program1\ Current\Data.txt and C:\Program1\Backup\ Data.txt. Although both files have the same basic filename—Data.txt—their fully qualified names are different: C:\Program1\ Current\ Data.txt and C:\Program1\Backup\Data.txt. Additionally, multiple subfolders can use the same name. Having two subfolders that use the name Data is no problem, as long as they reside in different folders. Any Windows file system will happily let you create both C:\Program1\ Data and C:\Program2\Data folders. Folks like this because they often want to give the same name to multiple folders doing the same job for different applications.

In contrast, imagine what would happen if your computer’s file sys- tem didn’t support folders/directories. Windows would have to store all the files on your hard drive in the root directory! This is a classic example of a flat name space. Because all your files would be living together in one directory, each one would have to have a unique name. Naming files would be a nightmare! Software vendors would have to avoid sensible descriptive names like Readme.txt because they would almost certainly have been used already. You’d probably have to do what the Internet does for IP addresses: An organization of some sort would assign names out of the limited pool of possible filenames. With a hierarchical name space, on the other hand, which is what all file systems use (thank goodness!), nam- ing is much simpler. Lots of programs can have files called Readme.txt because each program can have its own folder and subfolders.

The DNS name space works in a manner extremely similar to how your computer’s file system works. The DNS name space is a hierarchy of DNS domains and individual computer names organized into a tree-like structure that is called, rather appropriately, a tree. Each domain is like a folder—a domain is not a single computer, but rather a holding space into which you can add computer names. At the top of a DNS tree is the root. The root is the holding area to which all domains connect, just as the root direc- tory in your file system is the holding area for all your folders. Individual computer names—more commonly called host names in the DNS naming convention—fit into domains. On a PC, you can place files directly into the root directory. The DNS world also enables us to add computer names to the root, but with the exception of a few special computers (described in a moment), this is rarely done. Each domain can have subdomains, just as the folders on your PC’s file system can have subfolders. You separate each domain from its subdomains with a period. Characters for DNS domain names and host names are limited to uppercase and lowercase letters

As hard as this may be to believe, some early file systems used a flat name space. Back in the late 1970s and early 1980s, operating systems such as CP/M and the early versions of DOS did not have the capability to use directories, creating a flat name space where all files resided on a single drive.

C:

Windows Program1

Current

Data.txt Data.xls Data.txt Data.xls

Backup

x x

Figure 10.3 • Two Data.txt files in different directories on the same system

Even though you may use uppercase or lowercase, DNS does not differentiate between them.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 264

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

(A–Z, a–z), numbers (0–9), and the hyphen (-). No other characters may be used.

Don’t think DNS is only for computers on the Inter- net. If you want to make your own little TCP/IP net- work using DNS, that’s fine, although you will have to set up at least one DNS server as the root server for your little private intranet. Every DNS server program can be configured as a root server; just don’t connect that DNS server to the Internet because it won’t work outside your little network. Figure 10.4 shows a sample DNS tree for a small TCP/IP network that is not attached to the Inter- net. In this case, there is only one domain: ABCDEF. Each computer on the network has a host name, as shown in the figure.

When you write out the complete path to a file stored on your PC, the naming convention starts with the root

directory on the left, followed by the first folder, then any subfolders (in order), and finally the name of the file—for example, C:\Sounds\Thun- der\mynewcobra.wav.

The DNS naming convention is exactly the opposite. A complete DNS name, including the host name and all of its domains (in order), is called a fully qualified domain name (FQDN), and it’s written with the root on the far right, followed by the names of the domains (in order) added to the left of the root, and the host name on the far left. Figure 10.4 shows the FQDNs for two systems in the ABCDEF domain. Note the period for the root is on the far right of each FQDN!

Mikes-PC.ABCDEF. Janelle.ABCDEF.

Given that every FQDN will always have a period on the end to sig- nify the root, it is commonplace to drop the final period when writing out FQDNs. To make the two example FQDNs fit into common parlance, there- fore, you’d skip the last period:

Mikes-PC.ABCDEF Janelle.ABCDEF

If you’re used to seeing DNS names on the Internet, you’re probably wondering about the lack of “.com,” “.net,” or other common DNS domain names. Those conventions are needed for computers that are visible on the

Internet, such as Web servers, but they’re not required on a private TCP/IP network. As long as you make a point never to make these computers visible on the Internet, you can use any naming convention you want!

Let’s look at another DNS name space example, but make it a bit more complex. This network is not on the Internet, so I can use any domain I want. The network has two domains, Houston and Dallas, as shown in Fig- ure 10.5. Note that each domain has a computer called Server1.

The “root”

domain

PrinterServer1

Host names

JanelleMikes-PC

ABCDEF

“.”

Figure 10.4 • Private DNS network

Tech Tip

It’s Not Always .com Don’t get locked into thinking FQDNs always end with names like “.com” or “.net.” True, DNS names on the Internet must always end with them, but private TCP/IP networks can (and often do) ignore this and use whatever naming scheme they want with their DNS names.

“ .”

Houston Dallas

DNS1Server1DNS1Server1 SalesSupport

Figure 10.5 • Two DNS domains

BaseTech

Chapter 10: Network Naming 265

Because the network has two different domains, it can have two systems (one on each domain) with the same host name, just as you can have two files with the same name in different folders on your PC. Now, let’s add some subdomains to the DNS tree, so that it looks like Figure 10.6.

You write out the FQDN from left to right, starting with the host name and moving up to the top of the DNS tree, adding all domains until you get to the top of the DNS tree:

Mikes-PC.Support.Houston Tom.Server1.Houston Janelle.Sales.Dallas Server1.Dallas

Name Servers So where does this naming convention reside and how does it work? The power of DNS comes from its incredible flexibility. DNS works as well on a small, private network as it does on the biggest network of all time—the Internet. Let’s start with three key players:

DNS server ■ A DNS server is a computer running DNS server software.

Zone ■ A zone is a container for a single domain that gets filled with records.

Record ■ A record is a line in the zone data that maps an FQDN to an IP address.

Systems running DNS server software store the DNS information. When a system needs to know the IP address for a specific FQDN, it queries the DNS server listed in its TCP/IP configuration. Assuming the DNS server stores the zone for that particular FQDN, it replies with the computer’s IP address.

A simple network usually has one DNS server for the entire net- work. This DNS server has a single zone that lists all the host names on the domain and their corresponding IP addresses. It’s known as the authoritative DNS server for the domain (also called Start of Authority, or SOA).

If you’ve got a powerful computer, you can put lots of zones on a single DNS server and let that server support them all without a prob- lem. A single DNS server, therefore, can act as the authoritative DNS server for one domain or many domains (Figure 10.7).

Equally, a single DNS domain may have a sin- gle authoritative DNS server but a number of other DNS servers, known simply as name servers (folks use the abbreviation “NS”), that are subordinate to the authoritative DNS server but all support the same domain, as shown in Figure 10.8. The SOA is a name server as well.

The DNS naming convention allows for DNS names up to 255 characters, including the separating periods.

Figure 10.7 • A single SOA can support one or more domains.

“ .”

Houston Dallas

DNS1Server1DNS1Server1 SalesSupport

Mikes-PC

Tom Rita Janelle Dana

Figure 10.6 • Subdomains added

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 266

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

Note that every DNS server, whether it’s the SOA or just an NS, knows the name and address of the SOA as well as every other NS server in the domain. The SOA’s job is to make sure that all the other name servers are updated for changes. Let’s say you add to the totalsem.com domain a new computer called ftp.totalsem.com with the IP address 192.168.4.22. As an administrator, you typically add this data to the SOA DNS server. The SOA then automatically distributes this information to the other name servers in the domain (Figure 10.9). This DNS feature is critical—you’ll see more of this in detail later on in the “DNS Servers” section in this chapter. For now, appreciate that you can have multiple DNS servers for a single domain.

Now let’s see how root servers work in DNS. What if Mikes-PC.Support. Houston needs the IP address of Server1.Dallas? Refer to Figure 10.10 for the answer. The network has two DNS servers: DNS1.Houston and DNS1. Dallas. DNS1.Dallas is the authoritative DNS server for all of the Dallas domains and DNS1.Houston is in charge of all the Houston domains. DNS1. Houston is also the root server for the entire network. (DNS servers may act as both a root server and an SOA at the same time—a very common practice in private networks.) As a root server, the Houston server has a listing for the SOA in the Dallas domain. This does not mean it knows the IP address for every system in the Dallas network. As a root server, it only knows that if any system asks for an IP address from the Dallas side, it will tell that

Figure 10.8 • DNS flexibility

Figure 10.9 • New information passed out

In the early days of DNS, you had to enter manually into your DNS server the host name and IP address of every system on the network. See “Dynamic DNS,” later in this chapter, for the way it’s done today.

BaseTech

Chapter 10: Network Naming 267

system the IP address of the Dallas server. The requesting sys- tem will then ask the Dallas DNS server (DNS1.Dallas) for the IP address of the system it needs. That’s the beauty of DNS root servers—they don’t know the IP addresses for all of the computers, but they know where to send the requests!

The hierarchical aspect of DNS has a number of bene- fits. For example, the vast majority of Web servers are called www. If DNS used a flat name space, only the first orga- nization that created a server with the name www could use it. Because DNS naming appends domain names to the server names, however, the servers www.totalsem.com and www.microsoft.com can both exist simultaneously. DNS names like www.microsoft.com must fit within a worldwide hierarchical name space, meaning that no two machines should ever have the same FQDN.

Figure 10.11 shows the host named accounting with an FQDN of accounting.texas.totalsem.com.

“ .”

The “root”

Top-Level Domains (TLDs)

Subdomains

mil

totalsem

www

totalsem

www

www

texasaccounting

accounting

accounting.texas.totalsem.com

Computer names

Computer names

net com org edu gov

Figure 10.11 • DNS domain

These domain names must be registered for Internet use with ICANN (www.icann.org). They are arranged in the familiar “second level.top level” domain name format, where the top level is com, org, net, and so on, and the second level is the name of the individual entity registering the domain name.

Name Resolution You don’t have to use DNS to access the Internet, but it sure makes life easier! Browsers like Internet Explorer accept names such as www.google.com as a convenience to the end user, but they use the IP address that corresponds to

Technically, the texas.totalsem.com domain shown in Figure 10.11 is a subdomain of totalsem.com. Don’t be surprised to see the terms “domain” and “subdomain” used interchangeably, as it’s a common practice.

Figure 10.10 • Root server in action

Just because most Web servers are named www doesn’t mean they must be named www! Naming a Web server www is etiquette, not a requirement.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 268

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

that name to create a connection. If you know the IP address of the system you want to talk to, you don’t need DNS at all. Figure 10.12 shows Internet Explorer displaying the same Web page when given the straight IP address as it does when given the DNS name www.microsoft.com. In theory, if you knew the IP addresses of all the systems you wanted to access, you could avoid DNS completely. I guess you could also start a fire using a bow and drill too, but most people wouldn’t make a habit of it if there were a more efficient alternative. In this case, DNS is much more efficient! I have no trouble keeping hundreds of DNS names in my head, but IP addresses? Forget it! Without DNS, I might as well not even try to use the Internet, and I’d wager that’s true of most people.

When you type in a Web address, your browser must resolve that name to the Web server’s IP address to make a connection to that Web server. It can resolve the name in three ways: by broadcasting, by consulting the locally stored HOSTS text file, or by contacting a DNS server.

To broadcast for name resolution, the host sends a message to all the machines on the network, saying something like, “Hey! If your name is JOESCOMPUTER, please respond with your IP address.” All the net- worked hosts receive that packet, but only JOESCOMPUTER responds with an IP address. Broadcasting works fine for small networks, but it is limited because it cannot provide name resolution across routers. Routers do not forward broadcast messages to other networks, as illustrated in Fig- ure 10.13.

Figure 10.12 • Any TCP/IP-savvy program accepts either an IP address or an FQDN.

BaseTech

Chapter 10: Network Naming 269

Figure 10.13 • Routers don’t forward broadcasts!

As discussed earlier, a HOSTS file functions like a little black book, list- ing the names and addresses of machines on a network, just like a little black book lists the names and phone numbers of people. A typical HOSTS file would look like this:

109.54.94.197 stephen.totalsem.com 138.125.163.17 roger.totalsem.com 127.0.0.1 localhost

The final way to resolve a name to an IP address is to use DNS. Let’s say you type www.microsoft.com in your Web browser. To resolve the name www.microsoft.com, the host contacts its DNS server and requests the IP address, as shown in Figure 10.14.

To request the IP address of www.microsoft.com, your PC needs the IP address of its DNS server. You must enter DNS information into your system. DNS server data is part of the critical basic IP information such as your IP address, subnet mask, and default gateway, so you usually enter it at the same time as the other IP information. You configure DNS in Win- dows Vista/7 using the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box. Figure 10.15 shows the DNS settings for my system. Note that I have more than one DNS server setting; the second one is a backup in case the first one isn’t working. Two DNS settings is not a rule, however, so don’t worry if your system shows only one DNS server setting, or perhaps more than two.

Notice that the name localhost appears in the HOSTS file as an alias for the loopback address, 127.0.0.1.

Figure 10.14 • A host contacts its local DNS server.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 270

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

Every operating system has a way for you to enter DNS server information. In Linux, you can directly edit the /etc/resolv.conf file using a text editor. Just about every version of Linux has some form of graphical editor as well to make this an easy process. Figure 10.16 shows Ubuntu’s Network Configuration utility.

Every operating system also comes with a utility you can use to verify the DNS server settings. The tool in Win- dows, for example, is called ipconfig. You can see your cur- rent DNS server settings in Windows by typing ipconfig /all at the command prompt (Figure 10.17). In UNIX/ Linux, type the following: cat /etc/ resolv.conf.

Now that you understand how your system knows the DNS server’s IP address, let’s return to the DNS process.

The DNS server receives the request for the IP address of www.microsoft.com from your client computer. At this point, your DNS server checks a cache of previously resolved FQDNs to see if www.microsoft.com is there (Figure 10.18). In this case, www.microsoft.com is not in the cache.

Figure 10.15 • DNS information in Windows

Figure 10.16 • Entering DNS information in Ubuntu

Remember, the ipconfig command gives you a ton of useful IP information.

Figure 10.17 • The ipconfig /all command showing DNS information in Windows

Figure 10.18 • Checking the DNS cache

BaseTech

Chapter 10: Network Naming 271

Now your DNS server needs to get to work. The local DNS server may not know the address for www.microsoft.com, but it does know the addresses of the DNS root servers. The root servers, maintained by 12 root name server operators, know all the addresses of the top-level domain DNS servers. The root servers don’t know the address of www.microsoft. com, but they do know the address of the DNS servers in charge of all .com addresses. The root servers send your DNS server an IP address for a .com server (Figure 10.19).

The .com DNS server also doesn’t know the address of www.microsoft.com, but it knows the IP address of the microsoft.com DNS server. It sends that IP address to your root server (Figure 10.20).

The microsoft.com server does know the IP address of www.microsoft.com and can send that information back to the local DNS server. Figure 10.21 shows the pro- cess of resolving an FQDN into an IP address.

Now that your DNS server has the IP address for www.microsoft.com, it stores a copy in its cache and sends the IP information to your PC. Your Web browser then begins the HTTP request to get the Web page.

Your computer also keeps a cache of recently resolved FQDNs. In Windows, for example, open a command prompt and type ipconfig /displaydns to see them. Here’s a small part of the results of typing ipconfig /displaydns:

gizmodo.com ———————————————————— Record Name . . . . . : gizmodo.com Record Type . . . . . : 1 Time To Live . . . . : 70639 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 69.60.7.199 ftp.totalsem.com ———————————————————— Record Name . . . . . : ftp.totalsem.com Record Type . . . . . : 1 Time To Live . . . . : 83733 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 209.29.33.25 C:\>

Yes, the 13 root name servers are maintained by 12 root name server operators. VeriSign, the company that handles security for a lot of the e-commerce on the Internet, maintains two root name server clusters.

Figure 10.19 • Talking to a root server

Figure 10.20 • Talking to the .com server

Figure 10.21 • Talking to the microsoft.com DNS server

Cross Check HTTP Process

You learned the specifics of HTTP in Chapter 9, so check your memory now. Is the HTTP process connectionless or connection-oriented? At what OSI layers does the process happen?

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 272

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

DNS Servers I’ve been talking about DNS servers for so long, I feel I’d be untrue to my vision of a complete book unless I gave you at least a quick peek at a DNS server in action. Lots of operating systems come with built- in DNS server software, including Windows Server 2008 and just about every version of UNIX/Linux. A number of third-party DNS server pro- grams are also available for virtually any operating system. I’m going to use the DNS server program that comes with Microsoft Windows Server 2008, primarily because (1) it takes the prettiest screen snapshots and (2) it’s the one I use here at the office. You access the Windows DNS server by selecting Start | Administrative Tools | DNS. When you first open the DNS server, you won’t see much other than the name of the server itself. In this case, Figure 10.22 shows a server, imaginatively named TOTALHOMEDC1.

The DNS server has (at least) three folder icons visible: Cached Look- ups, Forward Lookup Zones, and Reverse Lookup Zones. Depending on the version of Windows Server you’re running and the level of customiza- tion, your server might have more than three folder icons. Let’s look at the three that are important for this discussion.

When you open the tree on a Windows DNS server, the first folder you see is called Cached Lookups. Every DNS server keeps a list of cached lookups—that is, all the IP addresses it has already resolved—so it won’t have to re-resolve an FQDN it has already checked. The cache has a size limit, of course, and you can also set a limit on how long the DNS server

Figure 10.22 • DNS server main screen

The most popular DNS server tool used in UNIX/Linux systems is called BIND.

BaseTech

Chapter 10: Network Naming 273

holds cache entries. Windows does a nice job of separating these cached addresses by placing all cached lookups in little folders that share the first name of the top-level domain with subfolders that use the second-level domain (Figure 10.23). This sure makes it easy to see where folks have been Web browsing!

Figure 10.23 • Inspecting the DNS cache

Now let’s watch an actual DNS server at work. Basically, you choose to configure a DNS server to work in one of two ways: as an authoritative DNS server or as a cache- only DNS server. Authoritative DNS servers store IP addresses and FQDNs of systems for a particular domain or domains. Cache- only DNS servers are never the authoritative server for a domain. They are only used to talk to other DNS servers to resolve IP addresses for DNS clients. Then they cache the FQDN to speed up future lookups (Fig- ure 10.24).

The IP addresses and FQDNs for the computers in a domain are stored in special storage areas called forward lookup zones. Forward lookup zones are the most important part of any DNS server. Fig- ure 10.25 shows the DNS server for my small corporate network. My domain is called “totalhome.” I can get away with a domain name that’s not Internet legal because none of these computers are visible on the Internet. The totalhome domain only works on my local network for local computers to find each other. I have created a forward lookup zone called totalhome.

Microsoft DNS servers use a folder analogy to show lookup zones even though they are not true folders.

Figure 10.24 • Authoritative vs. cache-only DNS server

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 274

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

Let’s look at the contents of the totalhome domain. First, notice a num- ber of folders: _msdcs, _sites, _tcp, and _udp. These folders are unique to Microsoft DNS servers, and you’ll see what they do in a moment. For now, ignore them and concentrate on the individual computer listings. Every forward lookup zone requires a Start of Authority (SOA), the single DNS server in charge. The record called SOA in the folder totalhome indicates that my server is the authoritative DNS server for a domain called total- home. You can even see a few of the systems in that domain (note to hack- ers: these are fake, so don’t bother). A tech looking at this would know that totalhomedc1.totalhome is the authoritative DNS server for the totalhome domain. The NS records are all of the DNS servers for totalhome. Note that totalhome has two DNS servers: totalhomedc1.totalhome and tera. The DNS server named tera is not a member of the totalhome domain. In fact, tera isn’t a member of any domain. A DNS server does not have to be a member of a domain to be a name server for that domain.

Having two DNS servers ensures that if one fails, the totalhome domain will continue to have a DNS server. The A records in the folder are the IP addresses and names of all the systems on the totalhome domain.

Every DNS forward lookup zone will have one SOA and at least one NS record. In the vast majority of cases, a forward lookup zone will have some number of A records. But you may or may not see a number of other records in your standard DNS server. Look at Figure 10.26 for these less common types of DNS records: CNAME, MX, and AAAA.

A canonical name (CNAME) record acts like an alias. My computer’s name is mikespc.totalhome, but you can also now use mike.totalhome to reference that computer. A ping of mike.totalhome returns the following:

C:\>ping mike.totalhome Pinging mikespc.totalhome [192.168.4.27] with 32 bytes of data: Reply from 192.168.4.27: bytes=32 time=2ms TTL=128 Reply from 192.168.4.27: bytes=32 time<1ms TTL=128

(rest of ping results deleted)

Figure 10.25 • Forward lookup zone totalhome

BaseTech

Chapter 10: Network Naming 275

If your computer is a member of a domain and you are trying to access another computer in that domain, you can even skip the domain name, because your PC will simply add it back:

C:\>ping mike Pinging mikespc.totalhome [192.168.4.27] with 32 bytes of data: Reply from 192.168.4.27: bytes=32 time<1ms TTL=128 Reply from 192.168.4.27: bytes=32 time<1ms TTL=128

(rest of ping results deleted)

MX records are used exclusively by SMTP servers to determine where to send mail. I have an in-house SMTP server on a computer I cleverly called mail. If other SMTP servers wanted to send mail to mail.totalhome (although they can’t because the SMTP server isn’t connected to the Internet and lacks a legal FQDN), they would use DNS to locate the mail server.

AAAA records are for a newer type of IP addressing called IPv6. You’ll learn a lot more about IPv6 in Chapter 13.

There are two common types of forward lookup zones: a primary zone and a secondary zone. Primary zones are created on the DNS server that will act as the SOA for that zone. Secondary zones are created on other DNS servers to act as backups to the primary zone. It’s standard practice to have at least two DNS servers for any forward lookup zone: one primary and one secondary. Even in my small network, I have two DNS servers: TOTALDNS1, which runs the primary zone, and TOTALDNS2, which runs a secondary zone (Figure 10.27). Any time a change is placed on TOTALDNS1, TOTALDNS2 is quickly updated.

A reverse lookup zone (Figure 10.28) enables a system to determine an FQDN by knowing the IP address; that is, it does the exact reverse of what DNS normally does! Reverse lookup zones take a network ID, reverse it, and add the term

MX stands for Mail eXchanger.

If you’re looking at a Windows server and adding a new forward lookup zone, you’ll see a third type called an Active Directory–integrated forward lookup zone. I’ll cover those in just a moment.

Figure 10.26 • Less common DNS record types

Figure 10.27 • Two DNS servers with updating taking place

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 276

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

“in-addr-arpa” to create the zone. The record created is called a pointer record (PTR); PTRs point to canonical names.

A few low-level functions (like mail) and some security programs use reverse lookup zones, so DNS servers provide them. In most cases, the DNS server asks you if you want to make a reverse lookup zone when you make a new forward lookup zone. When in doubt, make one. If you don’t need it, it won’t cause any trouble.

Microsoft added some wrinkles to DNS servers with the introduction of Windows 2000 Server, and each subsequent version of Windows Server retains the wrinkles. Windows Server can do cached lookups, primary and secondary forward

lookup zones, and reverse lookup zones, just like UNIX/Linux DNS serv- ers. But Windows Server also has a Windows-only type of forward lookup zone called an Active Directory–integrated zone.

Enter Windows DNS works beautifully for any TCP/IP application that needs an IP address for another computer, but it has one glaring weakness: you need to add A records to the DNS server manually. Adding these can be a problem, espe- cially in a world where you have many DHCP clients whose IP addresses may change from time to time. Interestingly, it was a throwback to an old Microsoft Windows protocol that fixed this and a few other problems all at the same time.

Even though TCP/IP was available back in the 1980s, Microsoft pop- ularized another networking protocol called NetBIOS/NetBEUI. NetBIOS/ NetBEUI was pretty simplistic compared to TCP/IP. It had a very simple naming convention (the NetBIOS part) that used broadcasts. When a computer booted up, it just told the world its name (Figure 10.29). NetBIOS/NetBEUI was suitable only for small networks. It provided no logical addressing like IP addresses; you had to remember the NetBIOS name and the MAC address. NetBIOS/NetBEUI was almost exclusively used to share folders and printers. There was no such thing as Telnet or the Web with NetBIOS/NetBEUI, but it worked well for what it did at the time.

By the mid-1990s, Microsoft realized that the world was going to TCP/IP, and it needed to switch too. Instead of dumping NetBIOS/ NetBEUI entirely, Microsoft designed a new TCP/IP protocol that enabled it to keep using the NetBIOS names but dump the ancient NetBEUI proto- col and instead run NetBIOS on top of TCP/IP with a protocol called NetBT ( NetBIOS over TCP/IP). In essence, Microsoft created its own name resolu- tion protocol that had nothing to do with DNS!

Microsoft managed to crowbar the NetBIOS naming system into DNS basically by making the NetBIOS name the DNS name. Technically, NetBIOS no longer exists, but the overlying protocol that used it to share folders and printers is still very much alive. This protocol was originally called Server Message Block (SMB), but the current version is called Common Internet File System (CIFS).

Microsoft has used DNS names with the SMB/CIFS protocol to pro- vide folder and printer sharing in small TCP/IP networks. SMB/CIFS is so popular that other operating systems have adopted support for SMB/CIFS.

Figure 10.29 • NetBIOS broadcast

Figure 10.28 • Reverse lookup zone

BaseTech

Chapter 10: Network Naming 277

UNIX/Linux systems (including Mac OS X) come with the very popular Samba, the most popular tool for making non-Windows systems act like Windows computers (Figure 10.30).

Living with the Legacy of CIFS CIFS makes most small networks live in a two-world name resolution system. When your computer wants to access another computer’s folders or files, it uses a simple CIFS broadcast to get the name. If that same computer wants to do anything “Inter- nety,” it uses its DNS server. Both CIFS and DNS live together perfectly well and, although many alternatives are available for this dual name res- olution world, the vast majority of us are happy with this relationship.

Well, except for one little item, we’re almost happy: CIFS organizes your computers into groups. There are three types of groups: workgroup, Windows domain, and Active Directory. A workgroup is just a name that organizes a group of computers. A computer running Windows (or another operating sys- tem running Samba) joins a workgroup, as shown in Figure 10.31. When a computer joins a workgroup, all the computers in the Network/My Network Places folder are organized, as shown in Figure 10.32.

A Windows domain is a group of computers controlled by a com- puter running Windows Server. This Windows Server computer is con- figured as a domain controller. You then have your computers join the domain.

All the computers within a domain authenticate to the domain controller when they log in. Windows gives you very powerful control over who can access what on your network (Figure 10.33).

Figure 10.31 • Joining a workgroup

Figure 10.30 • Samba on Ubuntu (it’s so common that the OS doesn’t even use the term in the dialog)

Figure 10.32 • Two workgroups in the Network folder

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 278

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

Note that a Windows domain is not the same as a DNS domain. In the early days, a Windows domain didn’t even have a naming structure that resembled the DNS hierarchi- cally organized structure. Microsoft eventually revamped its domain controllers to work as part of DNS, however, and Windows domains now use DNS for their names. A Windows domain must have a true DNS name. DNS domains that are not on the Internet should use the top-level name .local (although you can cheat, as I do on my totalhome network, and not use it).

On a bigger scale, a Windows network can get compli- cated, with multiple domains connecting over long distances. To help organize this, Windows uses a type of super domain

called Active Directory. An Active Directory is an organization of related computers that shares one or more Windows domains. Windows domain controllers are also DNS servers.

The beauty of Active Directory is that it has no single domain controller: all of the domain controllers are equal partners, and any domain controller can take over if one domain controller fails (Figure 10.34).

Active Directory–Integrated Zones Now that you have an understanding of Windows domains and Active Directory, let’s return to forward lookup zones and DNS. A standard pri- mary zone stores the DNS information in text files on the DNS server. You then use secondary zones on other DNS servers to back up that server. If the primary DNS server goes down, the secondary servers can resolve FQDNs, but you can’t add any new records. Nothing can be updated until the primary DNS server comes back up.

In an Active Directory–integrated zone, all of the domain controllers (which are all also DNS servers) are equal and the whole DNS system is not reliant on a single DNS server. The DNS servers store their DNS information in a data structure

called the Active Directory. The Active Directory is stored across the serv- ers in the domain. All Active Directory–enabled DNS servers automatically send DNS information to each other, updating every machine’s DNS infor- mation to match the others.

Dynamic DNS In the early days of TCP/IP networks, DNS servers required manual updates of their records. This was not a big deal until the numbers of com- puters using TCP/IP exploded in the 1990s. Then every office had a net- work and every network had a DNS server to update. DHCP helped to some extent. You could add a special option to the DHCP server, which is generally called the DNS suffix. This way the DHCP clients would know the name of the DNS domain to which they belonged. It didn’t help the manual updating of DNS records, but clients don’t need records. No one accesses the clients! The DNS suffix helps the clients access network resources more efficiently.

Today, manual updating of DNS records is still the norm for most Inter- net serving systems like Web servers and e-mail servers. DNS has moved

Figure 10.34 • If one domain controller goes down, another automatically takes over.

All DHCP servers provide an option called DNS server that tells clients the IP address of the DNS server or servers.

Figure 10.33 • Logging into the domain

BaseTech

Chapter 10: Network Naming 279

beyond Internet servers; even the smallest Windows networks that run Active Directory use it. Whereas a popular Web server might have a pha- lanx of techs to adjust DNS settings, small networks in which most of the computers run DHCP need an alternative to old-school DNS. Luckily, the solution was worked out over a decade ago.

The TCP/IP folks came up with a new protocol called Dynamic DNS (DDNS) in 1997 that enabled DNS servers to get automatic updates of IP addresses of computers in their forward lookup zones, mainly by talking to the local DHCP server. All modern DNS servers support DDNS, and all but the most primitive DHCP servers support Dynamic DNS as well.

Windows leans heavily on DDNS. For years, Windows networks used DDNS for the DHCP server to talk to the DNS server. Although all Windows DHCP servers offer this function, all current (Vista, Windows 7, and later) Windows client machines report to the DNS server as soon as they receive a new or changed IP address. The server then updates its A records accord- ingly. DDNS simplifies setting up and maintaining a LAN tremendously. If you need to force a DNS server to update its records, use the ipconfig /registerdns command from the command prompt.

DNS Security Extensions If you think about what DNS does, you can appreciate that it can be a big security issue. Simply querying a DNS server gives you a list of every com- puter name and IP address that it serves. This isn’t the kind of information we want bad guys to have. It’s easy to tell a DNS server not to respond to queries such as nslookup or dig, but DNS by definition is a public protocol that requires one DNS server to respond to another DNS server.

The big fix is called DNS Security Extensions (DNSSEC). DNSSEC is a set of authentication and authorization specifications designed to prevent bad guys from impersonating legitimate DNS servers. It’s implemented through extension mechanisms for DNS (EDNS), a specification that expands several parameter sizes, but maintains backward compatibility with DNS servers that don’t use it.

Troubleshooting DNS As I mentioned earlier, most DNS problems result from a problem with the client systems. This is because DNS servers rarely go down, and if they do, most clients have a secondary DNS server setting that enables them to continue to resolve DNS names. DNS servers have been known to fail, however, so knowing when the problem is the client system, and when you can complain to the person in charge of your DNS server, is important. All of the tools you’re about to see come with every operating system that supports TCP/IP, with the exception of the ipconfig commands, which I’ll mention when I get to them.

So how do you know when to suspect DNS is causing the problem on your network? Well, just about everything you do on an IP network depends on DNS to find the right system to talk to for whatever job the application does. E-mail clients use DNS to find their e-mail servers; FTP clients use DNS for their servers; Web browsers use DNS to find Web servers; and so on. The first clue something is wrong is generally when a user calls, saying

Tech Tip

Dynamic DNS on the Web The proliferation of dedicated high- speed Internet connections to homes and business has led many people to use those connections for more than surfing the Web from inside the local network. Why not have a Web server in your network, for example, that you can access from anywhere on the Web? You could use Windows Remote Desktop to take control of your home machine. (See Chapter 14 for more details on Remote Desktop.)

The typical high-speed Internet connection presents a problem in making this work. Most folks have a cable or DSL modem connected to a router. The router has a DHCP server inside and that’s what dishes out private IP addresses to computers on the LAN. The router also has an external IP address that it gets from the ISP, usually via DHCP. That external address can change unless you pay extra for a static IP address. Most people don’t.

Several companies promote a service called dynamic DNS that maps a home or office router to a domain name. Each time the router’s external address changes, the router contacts the dynamic DNS service and reports the change. The service updates its records. When you want to access your desktop remotely, you would type in the domain name rather than an IP address that might have changed. The domain name can be one you’ve purchased through GoDaddy or Joker.com, for example, or one obtained from the dynamic DNS service provider.

The most widely used provider of this service is TZO, formerly dynamicdns.org. Its current Web site is www.tzo.com.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 280

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

he’s getting a “server not found” error. Server not found errors look differ- ent depending on the application, but you can count on something being there that says in effect “server not found.” Figure 10.35 shows how this error appears in an FTP client.

Before you start testing, you need to eliminate any DNS caches on the local sys- tem. If you’re running Windows, run the ipconfig /flushdns command now. In addition, most Web browsers also have caches, so you can’t use a Web browser for any testing. In such cases, it’s time to turn to the ping command.

Your best friend when testing DNS is ping. Run ping from a command prompt, followed by the name of a well-known Web site, such as ping www.microsoft.com. Watch the output carefully to see if you get an IP address. You may get a “request timed out” message, but that’s fine; you just want to see if DNS is resolving FQDNs into IP addresses (Figure 10.36).

If you get a “server not found” error, you need to ping again using just an IP address. Most network techs keep the IP address of a known server in their heads. If you don’t have one memorized, try 74.125.95.99 (Google). If ping works with the IP address but not with the Web site name, you know you have a DNS problem.

Once you’ve determined that DNS is the problem, check to make sure your system has the correct DNS server entry. Again, this information is something you should keep around. I can tell you the DNS server IP address for every Internet link I own—two in the office, one at the house, plus two dial-ups I use on the road. You don’t have to memorize the IP addresses,

but you should have all the critical IP information written down. If that isn’t the problem, run ipconfig /all to see if those DNS settings are the same as the ones in the server; if they aren’t, you may need to refresh your DHCP settings. I’ll show you how to do that next.

If you have the correct DNS settings for your DNS server and the DNS settings in ipconfig /all match those settings, you can assume the problem is with the DNS server itself. The nslookup (name server lookup) command enables DNS server queries. All operating systems have a ver- sion of nslookup.

You run nslookup from a command prompt. With nslookup, you can (assuming you have the permission) query all types of information from a DNS server and change how your system uses DNS. Although most of these commands are far outside the scope of the CompTIA Network+

Figure 10.35 • DNS error

Figure 10.36 • Using ping to check DNS

When troubleshooting, ping is your friend. If you can ping an IP address but not the name associated with that address, check DNS.

BaseTech

Chapter 10: Network Naming 281

exam, you should definitely know nslookup. For instance, just running nslookup alone from a command prompt shows you some output similar to the following:

C:\>nslookup Default Server: totalhomedc2.totalhome Address: 192.168.4.155 >

Running nslookup gives me the IP address and the name of my default DNS server. If I got an error at this point, perhaps a “server not found” error, I would know that either my primary DNS server is down or I might not have the correct DNS server information in my DNS settings. I can attach to any DNS server by typing server, followed by the IP address or the domain name of the DNS server:

> server totalhomedc1 Default Server: totalhomedc1.totalhome Addresses: 192.168.4.157, 192.168.4.156

This new server has two IP addresses; it has two multihomed NICs to ensure there’s a backup in case one NIC fails. If I get an error on one DNS server, I use nslookup to check for another DNS server. I can then switch to that server in my TCP/IP settings as a temporary fix until my DNS server is working again.

Those using UNIX/Linux have an extra DNS tool called domain information groper (dig). The dig tool is very similar to nslookup, but it runs noninteractively. In nslookup, you’re in the command until you type exit; nslookup even has its own prompt. The dig tool, on the other hand, is not interactive—you ask it a question, it answers the question, and it puts you back at a regular command prompt. When you run dig, you tend to get a large amount of information. The following is a sample of a dig command run from a Linux prompt:

[mike@localhost]$dig -x 13.65.14.4 ; <<>> DiG 8.2 <<>> -x ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUERY SECTION: ;; 4.14.65.13.in-addr.arpa, type = ANY, class = IN ;; ANSWER SECTION: 4.14.65.13.in-addr.arpa. 4H IN PTR server3.houston.totalsem.com. ;; AUTHORITY SECTION: 65.14.4.in-addr.arpa. 4H IN NS kernel.risc.uni-linz.ac.at. 65.14.4.in-addr.arpa. 4H IN NS kludge.risc.uni-linz.ac.at. ;; ADDITIONAL SECTION: kernel.risc.uni-linz.ac.at. 4H IN A 193.170.37.225 kludge.risc.uni-linz.ac.at. 4H IN A 193.170.37.224 ;; Total query time: 1 msec ;; FROM: kernel to SERVER: default — 127.0.0.1 ;; WHEN: Thu Feb 10 18:03:41 2000 ;; MSG SIZE sent: 44 rcvd: 180 [mike@localhost]$

Make sure you know how to use nslookup to determine if a DNS server is active!

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 282

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

WINS■■ Even though current versions of Windows use either DNS or CIFS names, NetBIOS names can still appear in older versions of Windows like Win- dows 9x or some versions of Windows 2000. A Windows NetBIOS system claims a NetBIOS name for itself simply by broadcasting out to the rest of the network. As long as no other system is already using that name, it works just fine. Of course, broadcasting can be a bit of a problem for routers and such, but this example presumes a single network on the same wire, so it’s okay in this context.

NetBIOS was invented way back in the early 1980s. Microsoft had a big investment in NetBIOS and had to support a large installed base of systems, so even after NetBEUI began to lose market share to TCP/IP, Microsoft had to continue to support NetBIOS or incur the wrath of millions of customers. What happened next seems, in retrospect, more a comedy than the machi- nations of the most powerful software company in the world. Microsoft did something that should not have been possible: it redesigned NetBIOS to work with TCP/IP. Eventually, Microsoft came up with CIFS, as you know from earlier in the chapter, and made NetBIOS DNS-compatible. But Microsoft tried a couple of things first. Let’s look at some of the strategies and techniques Microsoft used to make NetBIOS and TCP/IP coexist on the same network.

One early strategy Microsoft came up with to reduce the overhead from NetBIOS broadcasts was to use a special text file called LMHOSTS. LMHOSTS contains a list of the NetBIOS names and corresponding IP addresses of the host systems on the network. Sound familiar? Well, it should—the LMHOSTS file works exactly the same way as the DNS HOSTS file. Although Microsoft still supports LMHOSTS file usage, and every Win- dows system has an LMHOSTS file for backward compatibility, networks that still need NetBIOS support will usually run Windows Internet Name Service (WINS) servers for name resolution. WINS servers let NetBIOS hosts register their names with just the one server, eliminating the need for broadcasting and thereby reducing NetBIOS overhead substantially. Figure 10.37 shows the copy of the WINS server that comes with Windows 2000 Server. Note that some of the PCs on this network have registered their names with the WINS server.

You can find an LMHOSTS.SAM file on your Windows system. Use Notepad to open the file and inspect its contents.

Figure 10.37 • WINS server

BaseTech

Chapter 10: Network Naming 283

There are only two good reasons to use a WINS server: (1) to reduce overhead from broadcasts and (2) to enable NetBIOS name resolution across routers. What does a WINS server have to do with routers, you ask? Just this: the WINS server enables NetBIOS to function in a routed network. IP routers are programmed to kill all broadcasts, remember? While newer Windows clients will simply register directly with the WINS server, older (pre-Win95) Windows systems will still try to broadcast. To get around this problem, you can configure a system to act as a WINS proxy agent, for- warding WINS broadcasts to a WINS server on the other side of the router (Figure 10.38).

Figure 10.38 • Proxy agent

The bottom line with WINS servers is this: larger or routed networks that run NetBIOS still need them. As long as Windows NT and Windows 9x systems are out there running NetBIOS, don’t be surprised to find that some system somewhere is running a WINS server.

Configuring WINS Clients You don’t need to do much to get a Windows client to use WINS. In fact, you only need to configure the IP address of a WINS server in its WINS set- tings under Network Properties. From then on, the Windows system will look for a WINS server to register its NetBIOS name. If it finds a WINS

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 284

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

server, it will register its NetBIOS name to the WINS server; if it doesn’t, it will automatically start broadcasting its NetBIOS name. You can add WINS information to DHCP if necessary, so unless you’re running static IP addresses, you may never have to enter anything into your Windows clients to get WINS to work.

Troubleshooting WINS Most WINS problems are not WINS problems at all. They are NetBIOS problems. By far, the most common problem is having two systems share the same name. In that case, you get a pretty clear error. It looks different in the various versions of Windows, but it usually says about the same thing: another system has this name. How do you fix it? Change the name of the system!

You can use the nbtstat program to help deal with NetBIOS problems. The nbtstat program will do a number of jobs, depending on the switches you add to the end of the command. The –c switch, for example, tells nbtstat to check the current NetBIOS name cache (yup, NetBIOS caches names just like some systems cache DNS names). The NetBIOS name cache contains the NetBIOS names and corresponding IP addresses that have been resolved by a particular host. You can use nbtstat to see if the WINS server has supplied inaccurate addresses to a WINS client. Here’s an example of the nbtstat -c command and its results:

C:\ >nbtstat -c Node IpAddress: [192.168.43.5] Scope Id: [] NetBIOS Remote Cache Name Table Name Type Host Address Life [sec] —————————————————————————————— WRITERS <1B> UNIQUE 192.168.43.13 420 SCOTT <20> UNIQUE 192.168.43.3 420 VENUSPDC <00> UNIQUE 192.168.43.13 120 MIKE <20> UNIQUE 192.168.43.2 420 NOTES01 <20> UNIQUE 192.168.43.4 420

Diagnosing TCP/IP Networks■■ I’ve dedicated all of Chapter 20 to network diagnostic procedures, but TCP/IP has a few little extras that I want to talk about here. TCP/IP is a pretty tough protocol, and in good networks, it runs like a top for years without problems. Most of the TCP/IP problems you’ll see come from improper configuration, so I’m going to assume you’ve run into problems with a new TCP/IP install, and I’ll show you some classic screw-ups com- mon in this situation. I want to concentrate on making sure you can ping anyone you want to ping.

I’ve done thousands of IP installations over the years, and I’m proud to say that, in most cases, they worked right the first time. My users jumped on the newly configured systems, fired up their My Network Places/

Think WINS is dead? Open Manage network connections in your Network and Sharing Center. Drill down through the Local Area Connection properties | IPv4 properties | Advanced button to open the Advanced TCP/ IP Settings dialog box. You’ll see a WINS tab for backward compatibility with older computers on the network.

BaseTech

Chapter 10: Network Naming 285

Network, e-mail software, and Web browsers, and were last seen typing away, smiling from ear to ear. But I’d be a liar if I didn’t also admit that plenty of setups didn’t work so well. Let’s start with the hypothetical case of a user who can’t see something on the network. You get a call: “Help!” he cries. The first troubleshooting point to remember here: it doesn’t mat- ter what he can’t see. It doesn’t matter if he can’t see other systems in his network or can’t see the home page on his browser—you go through the same steps in any event.

Remember to use common sense wherever possible. If the problem system can’t ping by DNS name, but all the other systems can, is the DNS server down? Of course not! If something—anything—doesn’t work on one system, always try it on another one to determine whether the prob- lem is specific to one system or affects the entire network.

One thing I always do is check the network connections and protocols. I’m going to cover those topics in greater detail later in the book, so, for now, assume the problem systems are properly connected and have good protocols installed. Here are some steps to take:

Diagnose the NIC. 1. First, use ping with the loopback address to determine if the system can send and receive packets. Specifically, type ping 127.0.0.1 or ping localhost (remember the HOSTS file?). If you’re not getting a good response, your NIC has a problem! Check your NIC’s driver and replace it if necessary.

Diagnose locally. 2. If the NIC’s okay, diagnose locally by pinging a few neighboring systems, both by IP address and DNS name. If you’re using NetBIOS, use the net view command to see if the other local systems are visible (Figure 10.39). If you can’t ping by DNS, check your DNS settings. If you can’t see the network using net view, you may have a problem with your NetBIOS settings.

Figure 10.39 • The net view command in action

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 286

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

Check IP address and subnet mask.3. If you’re having a problem pinging locally, make sure you have the right IP address and subnet mask. Oh, if I had a nickel for every time I entered those incorrectly! If you’re on DHCP, try renewing the lease—sometimes that does the trick. If DHCP fails, call the person in charge of the server.

Run netstat.4. At this point, another little handy program comes into play called netstat. The netstat program offers a number of options. The two handiest ways to run netstat are with no options at all and with the –s option. Running netstat with no options shows you all the current connections to your system. Look for a connection here that isn’t working with an application—that’s often a clue to an application problem, such as a broken application or a sneaky application running in the background. Figure 10.40 shows a netstat program running.

Run netstat –s.5. Running netstat with the –s option displays several statistics that can help you diagnose problems. For example, if the display shows you are sending but not receiving, you almost certainly have a bad cable with a broken receive wire.

Diagnose to the gateway. 6. If you can’t get on the Internet, check to see if you can ping the router. Remember, the router has two interfaces, so try both: first the local interface (the one on your subnet) and then the one to the Internet. You do have both of those IP addresses memorized, don’t you? You should! If you can’t ping the router, either it’s down or you’re not connected to it. If you can only ping the near side, something in the router itself is messed up, like the routing table.

A good testing trick is to use the net send command to try sending messages to other systems. Not all versions of Windows support net send.

Figure 10.40 • The netstat program in action

BaseTech

Chapter 10: Network Naming 287

Diagnose to the Internet. 7. If you can ping the router, try to ping something on the Internet. If you can’t ping one address, try another—it’s always possible that the first place you try to ping is down. If you still can’t get through, you can try to locate the problem using the tracert (trace route) command. Run tracert to mark out the entire route the ping packet traveled between you and whatever you were trying to ping. It may even tell you where the problem lies (see Figure 10.41).

Figure 10.41 • Using tracert

288 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

Chapter 10 Review■■

Chapter Summary ■

After reading this chapter and completing the exercises, you should able to do the following.

Describe the function and capabilities of DNS

A HOSTS file maps a computer name to an IP ■ address. When the Internet was in its infancy, every Internet-connected computer had a copy of the same HOSTS file. Today, computers have their own unique HOSTS file, which is always checked before a computer tries to resolve a name using another method.

DNS is vital to IP networking, whether on the ■ Internet or within the smallest of networks. DNS stands for Domain Name System, which functions as a hierarchical naming system for computers on a network. A DNS server resolves FQDNs (fully qualified domain names) to IP addresses.

The 13 DNS root servers for the Internet are logical ■ servers composed of many DNS servers acting as a single monstrous server.

If one DNS domain name space cannot find out ■ (resolve) the IP address of a computer, the request gets passed along to another DNS server. The process continues until the request reaches the destination computer.

Note that because not all computers are ■ connected to the Internet, computer networks are not required to belong to a DNS domain. Administrators can set up their own DNS domain name spaces, however, without ever connecting to the Internet. These isolated internal intranets can be given elaborate naming structures of their own as well.

DNS is a convenience, not a requirement. You ■ can connect to a Web site by typing the correct IP address, bypassing the need to resolve an FQDN.

Name resolution can be accomplished through ■ broadcasting by consulting the local HOSTS file or by contacting a DNS server.

Run ■ ipconfig /all to view your DNS server settings. Run ipconfig /displaydns to display a cache of recently resolved FQDNs.

DNS servers store a list of cached lookups—all IP ■ addresses the server has already resolved.

An authoritative DNS server stores IP addresses ■ and FQDNs of all systems for a particular domain whereas a cache-only DNS server is used to communicate with other DNS servers.

Forward lookup zones are the most important part ■ of any DNS server because they contain the IP addresses and FQDNs.

Of the two types of forward lookup zones, primary ■ zones are created on authoritative DNS servers while secondary zones are created on other DNS servers to act as a backup to the primary zone.

A records, CNAME records, and MX records must ■ be properly configured on any DNS server.

Reverse lookup zones resolve an IP address to an ■ FQDN using PTRs.

Microsoft’s Common Internet File System (CIFS), ■ which began as a Server Message Block (SMB), originated when NetBIOS/NetBEUI dropped NetBEUI in favor of IP and used the NetBIOS name as the DNS name. It was used primarily to share files and printers in small TCP/IP networks.

CIFS organizes computers into one of three types ■ of groups: workgroup, Windows domain, or Active Directory.

A Windows domain provides centralized ■ management and user authentication via a computer acting as a domain controller.

An Active Directory is an organization of related ■ computers that shares one or more Windows domains. There is no single domain controller in Active Directory because all domain controllers operate equally.

BaseTech

289 Chapter 10: Network Naming

Under Active Directory, all domain controllers ■ are also DNS servers. Because Active Directory domain controllers operate equally, there is no single point of failure throughout Active Directory’s DNS system. All domain controllers hold primary zones.

The Dynamic DNS (DDNS) protocol enables DNS ■ servers to update their records automatically when they receive changed IP address information from a DHCP server or clients on the network.

The command ipconfig is useful for ■ troubleshooting TCP/IP settings. Running ipconfig /flushdns will clear the local cache of DNS entries.

The ping command is essential in establishing ■ connectivity to a destination PC. If you can ping a host computer by IP address (for example, ping 192.168.4.55), but not by name (ping acctngpc2), then you have a DNS resolution issue. Check cables, check the DNS servers listed under each network adapter card’s settings, and finally, check to see that the DNS server is truly up and operational.

The nslookup command enables you to research ■ what name servers are being used by a particular computer. Advanced variations of the nslookup command can query information from a DNS server and even change how your system uses DNS.

UNIX/Linux users have an additional DNS tool ■ called dig, which is different from nslookup in that dig runs noninteractively.

Configure and troubleshoot WINS

An LMHOSTS file works almost the same as a ■ HOSTS file, except it correlates NetBIOS names to IP addresses.

WINS stands for Windows Internet Name Service, ■ which is an older name resolution method. WINS servers help Windows systems (in place of the even older LMHOSTS files) with resolving NetBIOS computer names (like SALESPC7) to IP addresses (like 192.168.10.7) on a Windows network.

WINS clients virtually configure themselves ■ by using broadcasts to find WINS servers. A WINS proxy agent forwards WINS broadcasts across routers that would normally block such broadcasts.

WINS problems relate directly to NetBIOS ■ problems. The most common problem by far is having two systems share the same name. The resulting error message clearly indicates that another system is trying to use the same name. Simply change the computer’s system name to fix this common problem.

Using the ■ nbtstat –c command will check the current NetBIOS name cache. This NetBIOS name cache contains the NetBIOS names (along with their corresponding IP addresses) that have been resolved already by a particular host.

Use the nbtstat command alone to see whether the ■ WINS server has supplied inaccurate addresses to a particular WINS client.

Use common TCP/IP utilities to diagnose problems with DNS and WINS

Always try to connect from another system to ■ determine the extent of the problem. You can then begin the steps to diagnose TCP/IP errors on a single system.

Remember to work “from the inside out”—that ■ is, check for connectivity problems on the local system before moving on to check the larger network structure. First, type ping 127.0.0.1 (or ping localhost) to ensure that the local NIC is seated properly and TCP/IP is installed.

On Windows systems, the net view command is ■ worth trying. If you can’t see the network using net view, you may have a problem with your NetBIOS settings.

Running netstat shows all the current connections ■ on your system. Running netstat –s displays useful statistical information.

The tracert command allows you to mark the entire ■ route a ping packet travels, telling you exactly where a problem lies.

290 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

Key Terms ■ A records (274) Active Directory (278) authoritative DNS server (265) cached lookup (272) cache-only DNS server (273) canonical name (CNAME) (274) Common Internet File System (CIFS) (276) DNS root server (261) DNS server (261) DNS tree (263) domain information groper (dig) (281) Domain Name System (DNS) (259) Dynamic DNS (DDNS) (279) flat name space (262) forward lookup zone (273) fully qualified domain name (FQDN) (264) hierarchical name space (262) host name (263) HOSTS file (259) ipconfig (270)

lmhosts (282) MX record (275) name resolution (258) name server (265) nbtstat (284) NetBIOS/NetBEUI (276) netstat (286) nslookup (280) NS record (274) ping (280) pointer record (PTR) (276) primary zone (275) reverse lookup zone (275) secondary zone (275) top-level domain server (261) tracert (287) Windows domain (277) Windows Internet Name Service (WINS) (259) WINS proxy agent (283) workgroup (277)

Key Term Quiz ■ Use the Key Terms list to complete the sentences that follow. Not all the terms will be used.

The _______________ command is used to 1. establish connectivity.

Using _______________ alone can help determine 2. whether a WINS server has supplied inaccurate addresses to a particular WINS client.

The term _______________ refers to networks 3. that use DNS belonging to the same DNS system.

A helpful command that displays TCP/IP 4. naming information is _______________.

_______________ is responsible for 5. resolving NetBIOS names to IP addresses on predominately Windows networks.

To connect to systems on the Internet using 6. domain names, your network needs the name of at least one _______________.

To forward WINS broadcasts to a WINS server 7. on the other side of the router, you need to set up a(n) _______________.

You can use the diagnostic utility called 8. _______________ to trace the progress of an ICMP packet between your system and a remote computer.

To avoid having to re-resolve an FQDN that it 9. has already checked, a Windows DNS server keeps a list of IP addresses it has already resolved, called _______________.

The single DNS server that has a list of 10. all the host names on the domain and their corresponding IP addresses is the _______________.

BaseTech

291 Chapter 10: Network Naming

Multiple-Choice Quiz ■ Which of the following are needed for e-mail 1. clients to find their e-mail servers, FTP clients to find their file servers, and Web browsers to find Web servers?

DHCP serversA.

DNS serversB.

E-mail serversC.

WINS serversD.

What do DNS servers use to help resolve IP 2. addresses to DNS names?

AuthenticationA.

AuthorizationB.

Backward lookup zonesC.

Reverse lookup zonesD.

What do DNS servers use to help resolve DNS 3. names to IP addresses?

AccountingA.

AdministrationB.

Backward lookup zonesC.

Forward lookup zonesD.

What type of DNS servers do not have any 4. forward lookup zones and will resolve names of systems on the Internet for a network but are not responsible for telling other DNS servers the names of any clients?

Cache-only serversA.

Primary serversB.

Secondary serversC.

WINS serversD.

What command gives you the IP address and the 5. name of your system’s default DNS server?

nbtstatA.

nslookupB.

pingC.

winwordD.

What file can be replaced when a network has a 6. WINS server?

HOSTSA.

LMHOSTSB.

SAMC.

WINSD.

What file can be replaced when a network has a 7. DNS server?

HOSTSA.

LMHOSTSB.

SAMC.

WINSD.

What does adding a WINS proxy agent enable 8. you to accomplish on your network?

Cross a hubA.

Cross a serverB.

Cross a switchC.

Cross a routerD.

Folders with subfolders on a system, like domain 9. names with subdomains, are said to have a structure resembling what?

BranchA.

ForestB.

RootC.

TreeD.

Which of the following commands clears the 10. local cache of DNS entries?

ipconfig /clearA.

ipconfig /clsB.

ipconfig /flushdnsC.

ipconfig /renewD.

Which variation of the nbtstat command checks 11. the current NetBIOS name cache?

nbtstatA.

nbtstat –cB.

nbtstat /checkupgradeonlyC.

nbtstat /statusD.

Which of these terms are frequently used 12. interchangeably? (Select two.)

DomainA.

FolderB.

SubdomainC.

ZoneD.

292 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 10

Which of the following are valid DNS record 13. entry types? (Select three.)

AA.

MB.

NSC.

SOAD.

Which of the following is an example of a top-14. level domain?

.comA.

totalsem.comB.

support.totalsem.comC.

houston.support.totalsem.comD.

How do authoritative DNS servers and cache-15. only DNS servers differ?

Authoritative DNS servers contain forward A. lookup zones whereas cache-only DNS servers contain only reverse lookup zones.

Authoritative DNS servers store IP addresses B. and FQDNs of systems for a particular domain or domains whereas cache-only DNS servers do not store any FQDNs because they are only used to talk to other DNS servers to resolve IP addresses.

Authoritative DNS servers service requests C. for top-level domains whereas cache-only DNS servers service requests for down-level domains.

Authoritative DNS servers are found only D. in Windows Active Directory networks whereas cache-only DNS servers are found universally throughout the Internet.

Essay Quiz ■

Some classmates at school have been playing 1. with (and giggling over) the net send command during class time. The instructor notices what’s going on, and hoping to turn the experience into something useful, asks each student to write down a valid use of the net send command. Write down your answer.

Your boss comes into your office in a panic. He 2. can’t reach the company’s internal Web server from his office. It worked yesterday. Write an essay describing what you’d do to troubleshoot the situation. Which tool or tools would you use? Why?

After discussing flat versus hierarchical 3. naming schemes in class, a feisty classmate proclaims that flat names should be used on individual systems as well as on the Internet for simplification. Write a brief reason or two why he is wrong in his oversimplification.

Jot down some brief notes about how you would 4. troubleshoot and diagnose a TCP/IP issue on one of the systems on your network. You can list the actual commands if you like, too. Choose an interesting Web site that you would ping on the Internet as your final step.

BaseTech

293 Chapter 10: Network Naming

Lab Project 10.1 •

Lab ProjectsLab Projects

This chapter has presented many variations of common network troubleshooting commands. You have decided it would be beneficial to create an alphabetized chart of these commands, including their variations and what they do. Using either a word processing program or spreadsheet program, create a chart like the following—you fill in the rightmost column:

Command Switch or Second-level Command What It Does . . .

ipconfig (blank)

ipconfig /all

ipconfig /release

ipconfig /renew

ipconfig /flushdns

nbtstat (blank)

nbtstat –c

net send

net view

ping 127.0.0.1

ping disney.com

ping localhost

Lab Project 10.2 •

A request must potentially make many trips when trying to resolve a fully qualified domain name to an IP address. Aside from the hosts file, you have primary DNS servers, secondary DNS servers, authoritative DNS servers, cache- only DNS servers, DNS root servers, top-level

DNS servers, and second-level domain servers.

On a piece of paper, sketch a diagram/flowchart showing how a request for www.example.com gets resolved to an IP address.

chapter

294

11

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 11

Securing TCP/IP

“Better to be despised for too

anxious apprehensions than

ruined by too confident a

security.”

—Edmund BurkE

In this chapter, you will learn how to

Discuss the standard methods for ■■ securing TCP/IP networks

Compare TCP/IP security ■■ standards

Implement secure TCP/IP ■■ applications

If you want to enter the minds of the folks who invented TCP/IP, Vint Cerf and Bob Kahn, look at TCP/IP from a security perspective. No part of TCP/IP has any real security. Oh sure, you can put user names and passwords on FTP,

Telnet, and other TCP/IP applications, but everything else is wide open. Cerf and

Kahn must have thought that the intent of the Internet was openness.

Sadly, today’s world reveals a totally different perspective. Every device

with a public IP address on the Internet is constantly bombarded with malicious

code trying to gain some level of access to our precious data. Even data moving

between two hosts is relatively easily intercepted and read. Bad guys make

millions by stealing our data in any of a thousand different ways, and TCP/IP in

its original form is all but powerless to stop them.

This chapter takes you on a tour of the many ways smart people have

improved TCP/IP to protect our data from those who wish to do evil things to it.

It’s an interesting story of good intentions, knee-jerk reactions, dead ends, and

failed attempts that luckily ends with a promise of easy-to-use protocols that

protect our data.

BaseTech

Chapter 11: Securing TCP/IP 295

This chapter examines the ways to make TCP/IP data and networks secure. I’ll first give you a look at security concepts and then turn to specific standards and protocols used to implement security. The chapter wraps with a discussion on secure TCP/IP applications and their methods.

Test Specific

Making TCP/IP Secure■■ I break down TCP/IP security into four areas: encryption, nonrepudia- tion, authentication, and authorization. Encryption means to scramble, mix up, or change the data in such a way that bad guys can’t read it. Of course, this scrambled-up data must also be descrambled by the person receiving the data.

Nonrepudiation is the process that guarantees that the data is the same as originally sent and that it came from the source you think it should have come from. Nonrepudiation is designed to cover situations in which some- one intercepts your data on-the-fly and makes changes, or someone pre- tends to be someone they are not.

Authentication means to verify that whoever accesses the data is the person you want accessing that data. The most classic form of authentica- tion is the user name and password combination, but there are plenty more ways to authenticate.

Authorization defines what a person accessing the data can do with that data. Different operating systems provide different schemes for authori- zation, but the classic scheme for Windows is to assign permissions to a user account. An administrator, for example, can do a lot more after being authenticated than a limited user can do.

Encryption, nonrepudiation, authentication, and authorization may be separate issues, but in the real world of TCP/IP security, they overlap a lot. If you send a user name and password over the Internet, wouldn’t it be a good idea to encrypt the user name and password so others can’t read it? Equally, if you send someone a “secret decoder ring” over the Internet so he or she can unscramble the encryption, wouldn’t it be a good idea for the recipient to know that the decoder ring actually came from you? In TCP/ IP security, you have protocols that combine encryption, nonrepudiation (sometimes), authentication, and authorization to create complete security solutions for one TCP/IP application or another.

Encryption All data on your network is nothing more than ones and zeroes. Identify- ing what type of data the strings of ones and zeroes in a packet represent usually is easy. A packet of data on the Internet always comes with a port number, for example, so a bad guy quickly knows what type of data he’s reading.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 296

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

All data starts as plaintext, a somewhat misleading term that simply means the data is in an easily read or viewed industry-wide standard for- mat. Plaintext, often also referred to as cleartext, implies that all data starts off as text—untrue! Data often is text, but it also might be a binary file such as a photograph or an executable program. Regardless of the type of data, it all starts as plaintext. I’ll use the image in Figure 11.1 as a universal figure for a piece of plaintext.

If you want to take some data and make figuring out what it means difficult for other people, you need a cipher. A cipher is a series of com- plex and hard-to-reverse mathematics—called an algorithm—you run on a string of ones and zeroes to make a new set of seemingly meaningless ones and zeroes. A cipher and the method used to implement that cipher is commonly called the complete algorithm. (I know that’s a mouthful of new terms— check the sidebar for details.)

Let’s say you have a string of ones and zeroes that looks like this:

01001101010010010100101101000101

This string may not mean much to you, but if it was part of an HTTP segment, your Web browser would instantly know that this is Unicode— that is, numbers representing letters and other characters—and convert it into text:

01001101 01001001 01001011 01000101 M I K E

So let’s create a cipher to encrypt this cleartext. All binary encryption requires some interesting binary math. You could do something really sim- ple such as add 1 to every value (and ignore carrying the 1):

0 + 1 = 1 and 1 + 1 = 0 10110010101101101011010010111010

No big deal; that just reversed the values. Any decent hacker would see the pattern and break this code in about three seconds. Let’s try some- thing harder to break by bringing in a second value (a key) of any eight binary numbers (let’s use 10101010 for this example) and doing some math to every eight binary values using this algorithm:

If cleartext is… And key value is… Then the result is…

0 0 0

0 1 1

1 0 1

1 1 0

This is known as a binary XOR (eXclusive OR). Line up the key against the first eight values in the cleartext:

10101010 01001101010010010100101101000101 11100111

Then do the next eight binary values:

1010101010101010 01001101010010010100101101000101 1110011111100011

Figure 11.1 • Plaintext

Tech Tip

Sorting Out the Security Terms The terms cipher, algorithm, and complete algorithm lend themselves to a lot of confusion, especially because most people in the IT industry use them interchangeably. Here’s the scoop: A cipher is a general term for a way to encrypt data. The algorithm is the mathematical formula that underlies the cipher. The complete algorithm is both the cipher and the implementation of that cipher. The problem with the terms is compounded by the lack of a third, distinct term. Most people drop the word “complete” from “complete algorithm,” for example, thus the meanings of the three terms become muddied.

BaseTech

Chapter 11: Securing TCP/IP 297

Then the next eight:

101010101010101010101010 01001101010010010100101101000101 111001111110001111100001

Then the final eight:

10101010101010101010101010101010 01001101010010010100101101000101 11100111111000111110000111101111

If you want to decrypt the data, you need to know the algorithm and the key. This is a very simple example of how to encrypt binary data. At first glance, you might say this is good encryption, but the math is simple, and a simple XOR is easy for someone to decrypt.

An XOR works with letters as well as numbers. See if you can crack the following code:

WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ

This is a classic example of the Caesar cipher. You just take the letters of the alphabet and transpose them:

Real Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ Code letter: DEFGHIJKLMNOPQRSTUVWXYZABC

Caesar ciphers are very easy to crack by using word patterns, frequency analysis, or brute force. The code “WKH” shows up twice, which means it’s the same word (word patterns). The letters W and H show up fairly often too. Certain letters of the alphabet are used more than others, so a code-breaker can use that to help decrypt the code (frequency analysis). Assuming that you know this is a Caesar cipher, a computer can quickly go through every different code possibility and determine the answer (brute force). Incredibly, even though it’s not as obvious, binary code also suffers from the same problem.

In computing, you need to make a cipher hard for anyone to break except the people you want to read the data. Luckily, computers do more complex algorithms very quickly (it’s just math), and you can use longer keys to make the code much harder to crack.

Okay, let’s take the information above and generate some more symbols to show this process. When you run cleartext through a cipher algorithm using a key, you get what’s called ciphertext (Figure 11.2).

Over the years, computing people have developed hundreds of different complete algorithms for use in encrypting binary data. Of these, only a few were or still are commonly used in the TCP/IP world. The math behind all of these complete algorithms is incredibly complex and way beyond the scope of the CompTIA Network+ exam, but all of them have two items in common: a complex algorithm under- lying the cipher and a key or keys used to encrypt and decrypt the text.

Any encryption that uses the same key for both encryption and decryption is called symmetric-key encryption or a symmetric-key algorithm. If you want

Cleartext Gobbledegook

Figure 11.2 • Encryption process

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 298

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

someone to decrypt what you encrypt, you have to make sure they have some tool that can handle the algorithm and you have to give them the key. This is a potential problem I will address later in this chapter. Any encryp- tion that uses different keys for encryption and decryption is called asym- metric-key encryption or an asymmetric-key algorithm. Let’s look at sym- metric-key encryption first, and then turn to asymmetric-key encryption.

Symmetric-Key Algorithm Standards There is one difference among symmetric-key algorithms. Most algorithms are called block ciphers because they encrypt data in single “chunks” of a certain length at a time. Let’s say you have a 100,000-byte Microsoft Word document you want to encrypt. One type of encryption will take 128-bit chunks and encrypt each one separately (Figure 11.3). Block ciphers work well when data comes in clearly discrete chunks. Most data crossing wired networks comes in IP packets, for example, so block ciphers are very popu- lar with these sorts of packets.

The alternative is a stream cipher, which takes a single bit at a time and encrypts on-the-fly (Figure 11.4). Stream ciphers are very popular when- ever your data comes in long streams (such as with older wireless networks or cell phones).

The granddaddy of all TCP/IP symmetric-key algorithms is the Data Encryption Standard (DES). DES was developed by the United States gov- ernment in the late 1970s and was in widespread use in a variety of TCP/ IP applications. DES used a 64-bit block and a 56-bit key. Over time, the 56-bit key made DES susceptible to brute-force attacks. The computing world came up with a number of derivatives of DES to try to address this

Figure 11.3 • Block cipher

Figure 11.4 • Stream cipher

BaseTech

Chapter 11: Securing TCP/IP 299

issue, with names such as 3DES, International Data Encryption Algorithm (IDEA), and Blowfish.

On the streaming side, the only symmetric-key algorithm you’ll prob- ably ever see is Rivest Cipher 4 (RC4) stream cipher. RC4 was invented in the late 1980s by Ron Rivest, cryptographer and arguably the most famous of all inventors of TCP/IP security algorithms. RC4 is used in a number of TCP/IP applications. Over the years improvements in com- puting power made both DES and RC4 vulnerable to attacks in certain circumstances. As a result, almost all TCP/IP applications have moved to Advanced Encryption Standard (AES). AES is a block cipher created in the late 1990s. It uses a 128-bit block size and 128-, 192-, or 256-bit key size. AES is incredibly secure, practically uncrackable (for now at least), and is so fast that even applications that traditionally used stream ciphers are switching to AES.

Not at all limited to TCP/IP, you’ll find AES used for many applications from file encryption to wireless networking to some Web sites. Given that AES is still somewhat new, many TCP/IP applications are still in the pro- cess of moving toward adoption.

Asymmetric-Key Algorithm Standards Symmetric-key encryption has one serious weakness: anyone who gets a hold of the key can encrypt or decrypt data with it. The nature of symmetric- key encryption forces us to send the key to the other person in one way or another, making it a challenge to use symmetric-key encryption safely. As a result, folks have been strongly motived to create a methodology that allows the encrypter to send a key to the decrypter without fear of interception (Figure 11.5).

The answer to the problem of key sharing came in the form of using two different keys—one to encrypt and one to decrypt, thus, an asymmetric-key algorithm. Three men in the late 1970s—Whitfield Diffie, Martin Hellman, and Ralph Merkle—introduced what became known as public-key cryptog- raphy, with which keys could be exchanged securely.

Ron Rivest (along with Adi Shamir and Leonard Adleman) came up with some improvements to the Diffie-Hellman method of public-key cryp- tography by introducing a fully functional algorithm called Rivest Shamir Adleman (RSA) that enabled secure digital signatures. Here’s how public- key cryptography works.

When in doubt on a question about encryption algorithms, always pick AES. You’ll be right most of the time.

Figure 11.5 • How do we safely deliver the key?

The public-key cryptography introduced by Diffie, Hellman, and Merkle became known as the Diffie-Hellman key exchange. Hellman, on the other hand, has insisted that if the scheme needs a name, it should be called the Diffie-Hellman-Merkle key exchange.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 300

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

Imagine two people, Mike and Melissa, who wish to send each other encrypted e-mail messages (Figure 11.6). SMTP doesn’t have any (popular) form of encryption, so Mike and Melissa must come up with some program that encrypts their messages. They will then send the encrypted messages as regular e-mail.

Figure 11.6 • Mike and Melissa, wanting to send encrypted e-mail messages

Before Melissa can send an encrypted e-mail to Mike, he first generates two keys. One of these keys is kept on his computer (the private key), and the other key is sent to anyone from whom he wants to receive encrypted e-mail (the public key). These two keys—called a key pair—are generated at the same time and are designed to work together. He sends a copy of the public key to Melissa (Figure 11.7).

Figure 11.7 • Sending a public key

A public-key cryptography algorithm works by encrypting data with a public key and then decrypting data with a private key. The public key of the key pair encrypts the data, and only the associated private key of the key pair can decrypt the data. Since Melissa has Mike’s public key, Melissa

Public-key cryptography is the most popular form of e-mail encryption.

BaseTech

Chapter 11: Securing TCP/IP 301

can encrypt and send a message to Mike that only Mike’s private key can decrypt. Mike can then decrypt the message (Figure 11.8).

Figure 11.8 • Decrypting a message

If Melissa wants Mike to send encrypted e-mail to her, she must gen- erate her own key pair and send Mike the public key. In a typical public- key cryptography setup, everyone has their own private key plus a copy of the public keys for anyone with whom they wish to communicate securely (Figure 11.9).

Figure 11.9 • Lots of keys

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 302

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

The only problem with all these keys is the chance that someone pre- tending to be someone else might pass out a public key. Therefore, the recipients have a strong desire to know who is passing out a key. This issue falls under the banner of nonrepudiation.

Encryption and the OSI Model The process of encryption varies dramatically depending on what you want to encrypt. To make life a bit easier, let’s look at how you encrypt using the OSI seven-layer model:

Layer 1 ■ No common encryption done at this layer.

Layer 2 ■ A common place for encryption using proprietary encryption devices. These boxes scramble all of the data in an Ethernet frame except the MAC address information. Devices or programs encode and decode the information on-the-fly at each end.

Layer 3 ■ Only one common protocol encrypts at Layer 3: IPsec. IPsec is typically done via software that takes the IP packet and encrypts everything inside the packet, leaving only the IP addresses and a few other fields unencrypted.

Layer 4 ■ Neither TCP nor UDP offers any encryption methods, so little happens security-wise at Layer 4.

Layers 5 and 6 ■ Not common layers for encryption.

Layer 7 ■ Many applications use their own encryption, placing them squarely in Layer 7. There are Layer 7 standards, with SSL/TLS being very common.

Nonrepudiation Within networking, nonrepudiation simply means that the receiver of infor- mation has a very high degree of confidence that the sender of a piece of information truly is who the receiver thinks he or she or it should be. Non- repudiation takes place all over a network. Is this truly the person who sent in the user name and password to log into my Windows domain? Is this really the eBay.com Web site I’m entering my credit card number into? Did this public key really come from Mike Meyers? As a result, nonrepudiation comes in a number of forms, but most of them use a very clever little bit of mathematical magic called a hash.

Hash In computer security, a hash (or more accurately, a cryptographic hash func- tion) is a mathematical function that you run on a string of binary digits of

any length that results in a value of some fixed length (often called a checksum or a digest). A cryptographic hash function is a one-way function. One-way means the hash is practically irreversible. You should not be able to re-create the data, even if you know the hashing algorithm and the checksum. A crypto- graphic hash function should also have a unique checksum for any two different input streams (Figure 11.10).

Cleartext

Hash

Gobbledegook

Checksum

Figure 11.10 • A hash at work

BaseTech

Chapter 11: Securing TCP/IP 303

Cryptographic hash functions have a huge number of uses, but one of the most common is for files. Let’s say I’m sharing a file on my Web site. I’m worried an evil hacker might alter that file, so I run a hash on the file and supply you with both the file and the checksum. Message-Digest Algorithm version 5—everybody just calls it MD5—is arguably the most popular hashing function for this type of work. Figure 11.11 shows an example of this, a program called Net.MD5.

MD5 is a very popular cryptographic hash, but it’s not the only one. The other hash you’ll see from time to time is called Secure Hash Algorithm (SHA). There are two ver- sions of SHA: SHA-1 and SHA-2.

Many encryption and authentication schemes also use hashes. Granted, you won’t actually see the hashes as they’re used, but trust me: hashes are everywhere. For example, some SMTP servers use a special form of MD5, called Challenge-Response Authentication Mechanism- Message Digest 5 (CRAM-MD5), as a tool for server authentication. (See the discussion of CHAP later in the “Authentication Standards” section for details on how challenge-response works.) Now that you understand hashes, let’s return to public-key cryptography and see how digital signa- tures make public-key cryptography even more secure.

Look for CRAM-MD5 to show up on the CompTIA Network+ exam as a tool for server authentication.

Try This! Doing the MD5 Thang!

Net.MD5 is a Windows program. Every operating system has lots of MD5 digest creators and checkers. If you use Linux, try the popular MD5Sum utility. The following instructions are for Net.MD5:

Download the program from the Web site http://sourceforge 1. .net/project/platformdownload.php?group_id= 190760 and install it.

Download the setup_netmd5.exe.md5 file and open it in 2. Notepad to see the MD5 digest. Copy it to the clipboard.

Start the Net.MD5 program.3.

Next to the 4. Source Data field, browse to the Download_setup_ netmd5.exe file and click OK.

Paste in the MD5 digest under the 5. Original Key field.

Click the 6. Make Key button.

Are the MD5 digests the same? Then you know you have a legit copy of Net.MD5!

Figure 11.11 • File and MD5

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 304

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

Digital Signatures As mentioned earlier, public-key cryptography suffers from the risk that you might be getting a message or a public key from someone who isn’t who they say they are. To avoid this problem, you add a digital signature. A digital signature is another string of ones and zeroes that can only be gener- ated by the sender, usually by doing something mathematically complex (part of the algorithms always includes some hashing) to the message and the private key. The person with the matching public key does something to the digital signature using the public key to verify it came from the intended sender. Digital signatures are very popular with e-mail users. Figure 11.12 shows an e-mail message being both encrypted and digitally signed in Mozilla Thunderbird using a special Thunderbird add-on called OpenPGP. You’ll read more about the PGP family of authentication/encryption tools later in this chapter.

Figure 11.12 • Digitally signed

PKI Digital signatures are great, but what happens when you want to do busi- ness with someone you do not know? Before you enter a credit card num- ber to buy that new USB 3.0 Blu-ray Disc player, wouldn’t you like to know that the Web site you are doing business with truly is eBay? To address that need the industry came up with the idea of certificates. A certificate is a standardized type of digital signature that includes the digital signature of a third party, a person or a company that guarantees that who is passing out this certificate truly is who they say they are. As you might imagine, certificates are incredibly common with secure Web pages. When you go to eBay to sign in, your browser redirects to a secure Web page. These are easy to identify by the lock icon at the bottom of the screen or in the

address bar (Figure 11.13) or the https:// used (instead of http://) in the address bar.

In the background, several actions take place (all before the secure Web page loads). First, the Web server automatically sends a copy of its certificate. Built into that certificate is the Web server’s public key and a signature from the third party that guarantees this is really eBay. Go to your national version of eBay (I’m in the United States, so I’ll use eBay.com) and click Sign In (you don’t even need an eBay account to do this). Now look at the certificate for the cur- rent session. Depending on the Web browser you use, you’ll see it in dif- ferent ways. Try clicking the little lock icon at the bottom of the page or in the address bar as this usually works. Figure 11.14 shows the certificate for this session.

If you see https:// or a small lock icon, you are most likely on a secure Web site.

BaseTech

Chapter 11: Securing TCP/IP 305

address bar (Figure 11.13) or the https:// used (instead of http://) in the address bar.

In the background, several actions take place (all before the secure Web page loads). First, the Web server automatically sends a copy of its certificate. Built into that certificate is the Web server’s public key and a signature from the third party that guarantees this is really eBay. Go to your national version of eBay (I’m in the United States, so I’ll use eBay.com) and click Sign In (you don’t even need an eBay account to do this). Now look at the certificate for the cur- rent session. Depending on the Web browser you use, you’ll see it in dif- ferent ways. Try clicking the little lock icon at the bottom of the page or in the address bar as this usually works. Figure 11.14 shows the certificate for this session.

Figure 11.14 • eBay sign-in certificate

Figure 11.13 • Secure Web page

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 306

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

So a company called VeriSign issued this certificate. That’s great, but how does your computer check all this? VeriSign is a certificate authority. Every Web browser keeps a list of certificate authority certificates that it checks against when it receives a digital certificate. Figure 11.15 shows the certificate authority certificates stored on my system.

Figure 11.15 • Certificate authority certificates on a system

When someone wants to create a secure Web site, he or she buys a cer- tificate signed by a certificate authority, such as VeriSign (the biggest player in the market and the one I’ll use for this example). VeriSign acts as the root, and the new Web site’s certificate contains VeriSign’s signature. For more advanced situations, VeriSign includes an intermediate certificate authority between VeriSign’s root certificate authority and the user’s certificate. This creates a tree of certificate authorization, with the root authorities at the top and issued certificates at the bottom. You can also have intermediate authorities although these are not as heavily used. Together, this organiza- tion is called a public-key infrastructure (PKI) (Figure 11.16).

You don’t have to use PKI to use certificates. First, you can create your own unsigned certificates. These are perfectly fine for lower-security situ- ations (e-mail among friends, personal Web page, and so forth), but don’t expect anyone to buy products on a Web site or send highly sensitive e-mail without a signed certificate from a well-known certificate authority like VeriSign, Thawte, or GoDaddy.

Finally, many certificate providers offer a Web-of-trust option, primarily for e-mail. In this case, someone else who is already part of a trust group signs your certificate. There is no certificate authority, simply a group of peers who trust each other. The popular Pretty Good Privacy (PGP) encryp- tion program, among many others, uses such a trust model.

Becoming a root certificate authority with enough respect to have Web browsers install your certificate is very difficult!

BaseTech

Chapter 11: Securing TCP/IP 307

Digital certificates and asymmetric cryptography are closely linked because digital certificates are almost always used to verify the exchange of public keys. In many cases, this exchange takes place behind the scenes of e-mail, Web pages, and even in some very secure wireless networks. Though you may not see certificates in action very often, you now know that they are there.

Authentication You most likely have dealt with authentication at some level. Odds are good you’ve at least had to type in a user name and password on a Web site. Maybe your computer at work or school requires you to log on to the network. Whatever the case, the first exposure to authentication for most users is a request to enter a user name and password. A network technician should understand not only how different authentication methods control user names and passwords, but also some of the authentication standards used in today’s TCP/IP networks.

Passwords offer significant security challenges. What happens after you type in a user name and password? How is this data transferred? Who or what reads this? What is the data compared to? A series of TCP/IP security standards that use combinations of user names, passwords, and sometimes certificates, all handled in a usually secure manner, address these issues, as described in the upcoming section “TCP/IP Security Standards.”

Authorization A large part of the entire networking process involves one computer request- ing something from another computer. A Web client might ask for a Web page, for example, or a Common Internet File System (CIFS) client might ask a file server for access to a folder. A computer far away might ask another computer for access to a private network. Whatever the case, you should carefully assign levels of access to your resources. This is authorization. To help define how to assign levels of access, you use an access control list.

Fans of software licensed under the GNU public license can try GNU Privacy Guard (GPG), an alternative to the PGP suite. Check it out here: www.gnupg.org.

The “Network+ Acronym List” includes a term called Network Access Control (NAC). NAC defines a newer series of protection applications that combine the features of what traditionally was done by separate applications. There is no perfect single definition for NAC. There are, however, certain functions that a NAC often does. A NAC usually prevents computers lacking antimalware and patches from accessing the network. NACs also create policies (their own policies, not Windows policies) that define what individual systems can do on the network, including network access, segregation of portions of the network, etc.

Figure 11.16 • VeriSign’s PKI tree

Tech Tip

Get in the Game Almost all e-mail clients support encryption—you just need to get a certificate. If you want to start playing with e-mail encryption and signing, grab a free personal e-mail certificate from a number of different providers. Check out Secorio at www.secorio.com/ index.php?S_MIME_Email_ Certificates, or Comodo at www .instantssl.com/ssl-certificate- products/free-email-certificate .html. Instructions for certificate generation and installation are on the respective Web sites.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 308

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

An access control list (ACL) is nothing more than a clearly defined list of permissions that specify what an authenticated user may perform on a shared resource. Over the years the way to assign access to resources has changed dramatically. To help you to understand these changes, the secu- rity industry likes to use the idea of ACL access models. There are three types of ACL access models: mandatory, discretionary, and role based.

In a mandatory access control (MAC) security model, every resource is assigned a label that defines its security level. If the user lacks that security level, he or she does not get access. MAC is used in many operating systems to define what privileges programs have to other programs stored in RAM. The MAC security model is the oldest and least common of the three.

Discretionary access control (DAC) is based on the idea that a resource has an owner who may at his or her discretion assign access to that resource. DAC is considered much more flexible than MAC.

Role-based access control (RBAC) is the most popular model used in file sharing. RBAC defines a user’s access to a resource based on the roles the user plays in the network environment. This leads to the idea of creating groups. A group in most networks is nothing more than a name that has clearly defined accesses to different resources. User accounts are placed into various groups. A network might have a group called “Sales” on a Web server that gives any user account that is a member of the Sales group access to a special Web page that no other groups can see.

Keep in mind that these three types of access control are models. Every TCP/IP application and operating system has its own set of rules that sometimes follows one of these models, but in many cases does not. But do make sure you understand these three models for the CompTIA Network+ exam!

TCP/IP Security Standards■■ Now that you have a conceptual understanding of encryption, nonrepu- diation, authentication, and authorization, it’s time to see how the TCP/IP folks have put it all together to create standards so you can secure just about anything in TCP/IP networks.

TCP/IP security standards are a rather strange mess. Some are authen- tication standards, some are encryption standards, and some are so unique to a single application that I’m not even going to talk about them in this sec- tion and instead will wait until the “Secure TCP/IP Applications” discus- sion at the end of this chapter. There’s a reason for all this confusion: TCP/ IP was never really designed for security. As you read through this section, you’ll discover that almost all of these standards either predate the whole Internet, are slapped-together standards that have some serious issues, or, in the case of the most recent standards, are designed to combine a bunch of old, confusing standards. So hang tight—it’s going to be a bumpy ride!

Authentication Standards Authentication standards are some of the oldest standards used in TCP/IP. Many are so old they predate the Internet itself. Once upon a time, nobody

BaseTech

Chapter 11: Securing TCP/IP 309

had fiber-optic, cable, or DSL connections to their ISPs. For the most part, if you wanted to connect to the Internet you had a choice: go to the computer center or use dial-up.

Dial-up, using telephone lines for the most part, predates the Inter- net, but the nerds of their day didn’t want just anybody dialing into their computers. To prevent unauthorized access, they developed some excel- lent authentication methods that TCP/IP adopted for itself. A number of authentication methods were used back in these early days, but, for the most part, TCP/IP authentication started with something called the Point- to-Point Protocol.

PPP The Point-to-Point Protocol (PPP) enables two point-to-point devices to connect, authenticate with a user name and password, and negotiate the network protocol the two devices will use. Today that network protocol is almost always TCP/IP.

Note that point-to-point and dial-up are not Ethernet, but still can sup- port TCP/IP. Many network technologies don’t need Ethernet, such as telephone, cable modem, microwave, and wireless (plus a bunch more you won’t even see until Chapter 14). In fact, once you leave a LAN, most of the Internet is just a series of point-to-point connections.

If you’re nerdy enough to pull up RFC (Request for Comment) 1661, the RFC that defines how PPP works, you’ll see there are five distinct phases to a PPP connection.

Link dead1. This is a nice way to say there isn’t a link yet. The modem is turned off; no one is talking. This phase is when all PPP conversations begin. The main player at this (and later phases) is the Link Control Protocol (LCP). The LCP’s job is to get the connection going. As he starts up, we move into the…

Link establishment2. The LCP communicates with the LCP on the other side of the PPP link, determining a good link, which, in turn, opens the…

Authentication3. Here is where the authentication takes place. In most cases, authentication is performed by entering a simple user name/password. I’ll go into more detail in the next section. For now, once the authentication is complete and successful, the PPP connection goes into…

Network layer protocol4. PPP works with a number of OSI Layer 3 network protocols. Today everyone uses TCP/IP, but PPP still supports long-dead protocols such as NetWare IPX/SPX and Microsoft NetBEUI. The LCP uses yet another protocol called Network Control Protocol (NCP) to make the proper connections for that protocol. You now have a good connection. To shut down, the LCP initiates a…

Termination5. When done nicely, the two ends of the PPP connection send each other a few termination packets and the link is closed. If one person is cut off, the LCP will wait for a certain timeout and then terminate on its own side.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 310

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

PPP provided the first common method to get a server to request a user name and password. In such a point-to-point con- nection, the side asking for the connec- tion is called the initiator, whereas the other side, which has a list of user names and passwords, is called the authenticator (Figure 11.17).

PPP came with two methods to authen- ticate a user name and password. The orig- inal way—called Password Authentication Protocol (PAP)—simply transmits the user name and password over the connection in plaintext. Unfortunately, that means anyone who can tap the connection can learn the user name and password (Figure 11.18).

Fortunately, PPP also includes the safer Challenge Handshake Authentication Protocol (CHAP) to provide a more secure authentication routine. CHAP relies on hashes based on a shared secret, usually a password that both ends of the connection know. When the initiator of the connection makes the initial connection request, the authenticator creates some form of chal- lenge message. The initiator then makes a hash using the password and sends that to the authenticator. The authenticator, in turn, compares that value to its own hash calculation based on the password. If they match, the initiator is authenticated (Figure 11.19).

Once the connection is up and run- ning, CHAP keeps working by periodically repeating the entire authentication process. This prevents man-in-the-middle attacks, where a third party inserts an independent connection, intercepts traffic, reads or alters it, and then forwards it on without either the sender or recipient being aware of the intrusion.

CHAP works nicely because it never sends the actual password over the link. The CHAP standard leaves a number of issues undefined, however, like “If the hash doesn’t match, what do I do?” The boom in dial-up connections to the Internet in the 1990s led Microsoft to invent a more detailed version of CHAP called MS-CHAP. The current version of MS-CHAP is called MS-CHAPv2. MS-CHAPv2 is still the most com- mon authentication method for the few of us using dial-up connections. Believe it or not, dial-up is still being used, and even the latest operating systems support it. Figure 11.20 shows the dial-up connection options for Vista.

Yes, I still have a dial-up connection account that I use when nothing else is available.

If you get a question on PAP, CHAP, and MS-CHAP on the CompTIA Network+ exam, remember that MS-CHAP offers the most security.

Figure 11.17 • A point-to-point connection

Figure 11.18 • PAP in action

Figure 11.19 • CHAP in action

BaseTech

Chapter 11: Securing TCP/IP 311

AAA PPP does a great job of handling authentication for point-to- point connections, but it has some limitations. The biggest problem is that, in many cases, a network might have more than one point for an initiator to enter. PPP assumes that the authenticator at the endpoint has all the user name and pass- word information, but that’s not necessarily true. In traditional modem communication, for example, an Internet service pro- vider (ISP) has a large bank of modems to support any num- ber of users. When a user dials in, the modem bank provides the first available connection, but that means that any modem in the bank has to support any of the users. You can’t put the database containing all user names and passwords on every modem (Figure 11.21).

In this case, you need a central database of user names and passwords. That’s simple enough, but it creates another problem—anyone accessing the network can see the pass- words unless the data is somehow protected and encrypted. (Figure 11.22). PPP is good at the endpoints, but once the data gets on the network, it’s unencrypted.

Thus, the folks overseeing central databases full of user names and passwords needed to come up with standards to follow to protect that data. They first agreed upon a philosophy called Authentica- tion, Authorization, and Accounting (AAA). AAA is designed for the idea of port authentication—the concept of allowing remote users authentication to a particular point-of-entry (a port) to another network.

Figure 11.20 • MS-CHAP is alive and well.

Figure 11.21 • Where do you put the user names and passwords?

Figure 11.22 • Central servers are prone to attack.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 312

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

Authentication ■ A computer that is trying to connect to the network must present some form of credential for access to the network. This credential is most commonly a user name and password, but it might also be a security token such as a smart card, retinal scan, or digital certificate. It might even be a combination of some of these. The authentication gives the computer the right to access the network.

Authorization ■ Once authenticated, the computer determines what it can or cannot do on the network. It might only be allowed to use a certain amount of bandwidth. It might be limited to working only certain times of day or might be limited to using only a certain set of applications.

Accounting ■ The authenticating server should do some form of accounting such as recording the number of times a user logs on and logs off. It might track unsuccessful logon attempts. It may track what services or resources the client system accessed. The number of items to be accounted is massive.

Once the idea of AAA took shape, those smart Internet folks developed two standards: RADIUS and TACACS+. Both standards offer authentica- tion, authorization, and accounting.

RADIUS Remote Authentication Dial-In User Ser- vice (RADIUS) is the better known of the two AAA standards and, as its name implies, was created to support ISPs with hundreds if not thousands of modems in hundreds of computers to connect to a single central database. RADIUS consists of three devices: the RADIUS server that has access to a database of user names and passwords, a number of Network Access Servers (NASs) that control the modems, and a group of systems that dial into the network (Figure 11.23).

To use RADIUS, you need a RADIUS server. The most popular choice for Microsoft environ- ments is Internet Authentication Service (IAS).

IAS comes built in with most versions of Microsoft Windows Server operat- ing systems. For the UNIX/Linux crowd, the popular (yet, in my opinion, hard to set up) FreeRADIUS is the best choice. If you prefer a more prepack- aged server, you might look at Juniper Network’s Steel-Belted RADIUS—a very powerful and somewhat easy-to-set-up option that many people feel is well worth the roughly $3,000 price tag.

A single RADIUS server can support multiple NASs and provide a com- plete PPP connection from the requesting system, through the NAS, all the way to the RADIUS server. Like any PPP connection, the RADIUS server supports PAP, CHAP, and MS-CHAP. Even if you use PAP, RADIUS hashes the password so at no time is the user name/password exposed. Newer versions of RADIUS support even more authentication methods, as you will soon see. RADIUS performs this authentication on either UDP ports 1812 and 1813 or UDP ports 1645 and 1646.

NAS stands for either Network Access Server or Network Attached Storage. The latter is a type of dedicated file server used in many networks. Make sure you read the question to see which NAS it’s looking for!

Figure 11.23 • RADIUS setup

BaseTech

Chapter 11: Securing TCP/IP 313

TACACS+ Routers and switches need administration. In a simple net- work, you can access the administration screen for each router and switch by entering a user name and password for each device. When a network becomes complex, with many routers and switches, logging into each device separately starts to become administratively messy. The answer is to make a single server store the ACL for all the devices in the network. To make this secure, you need to follow the AAA principles.

Terminal Access Controller Access Control System Plus (TACACS+) is a proprietary protocol developed by Cisco to support AAA in a network with many routers and switches. TACACS+ is very similar to RADIUS in func- tion, but uses TCP port 49 by default and separates authorization, authen- tication, and accounting into different parts. TACACS+ uses PAP, CHAP, and MD5 hashes, but can also use something called Kerberos as part of the authentication scheme.

Kerberos Up to this point almost all the authentication schemes I’ve discussed either are based on PPP or at least take the idea of PPP and expand upon it. Of course, every rule needs an exception and Kerberos is the exception here.

Kerberos is an authentication protocol that has no connection to PPP. Twenty years ago, some Internet folks began to appreciate that TCP/IP was not secure and thus designed Kerberos. Kerberos is an authentication protocol for TCP/IP networks with many clients all connected to a single authenticating server—no point-to-point here! Kerberos works nicely in a network, so nicely that Microsoft adopted it as the authentication protocol for all Windows networks using a domain controller.

The cornerstone of Kerberos is the Key Distribution Center (KDC), which has two processes: the Authen- tication Server (AS) and the Ticket-Granting Service (TGS). In Windows server environments, the KDC is installed on the domain controller (Figure 11.24).

When your client logs onto the domain, it sends a request that includes a hash of the user name and password to the AS. The AS compares the results of that hash to its own hash (as it also stores the user name and password) and, if they match, sends a Ticket-Granting Ticket (TGT) and a timestamp (Figure 11.25). The ticket has a default lifespan in Windows of ten hours. The client is now authenticated but not yet authorized.

The client then sends the timestamped TGT to the TGS for authoriza- tion. The TGS sends a timestamped service ticket (also called a token or access token) back to the client (Figure 11.26).

Kerberos uses UDP or TCP port 88 by default

The TGT is sometimes referred to as Ticket to Get Ticket.

Figure 11.25 • AS sending a TGT back to client Figure 11.26 • TGS sending token to client

Figure 11.24 • Windows Kerberos setup

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 314

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

This token is the key that the client uses to access any single resource on the entire domain. This is where authorization takes place. The token authorizes the user to access resources without reauthenticating. Any time the client attempts to access a folder, printer, or service anywhere in the domain, the server sharing that resource uses the token to see exactly what access the client may have to that resource. If you try to access some other feature under Windows, for example, retrieving your e-mail via Microsoft Exchange Server, you won’t need to log in again.

Timestamping is important for Kerberos because it forces the client to request a new token every eight hours. This prevents third parties from intercepting the tokens and attempting to crack them. Kerberos tokens can be cracked, but it’s doubtful this can be done in under eight hours.

Kerberos is very popular, but has some serious weaknesses. First, if the KDC goes down, no one has access. That’s why Microsoft and other operat- ing systems that use Kerberos always stress the importance of maintaining a backup KDC. In Windows, it is standard practice to have at least two domain controllers. Second, timestamping requires that all the clients and servers synchronize their clocks. This is fairly easy to do in a wired network (such as a Windows domain or even a bunch of connected routers using TACACS+), but it adds an extra level of challenge in dispersed networks (such as those connected across the country).

EAP One of the great challenges to authentication is getting the two ends of the authentication process to handle the many different types of authentication

options. Even though PPP pretty much owned the user name/ password authentication business, proprietary forms of authen- tication using smart cards/tokens, certificates, and so on, began to show up on the market, threatening to drop the entire world of authentication into a huge mess of competing standards.

The Extensible Authentication Protocol (EAP) was developed to create a single standard to allow two devices to authenticate. Despite the name, EAP is not a protocol in the classic sense, but rather it is a PPP wrapper that EAP-compliant applications can use to accept one of many types of authentication. Although EAP is a general-purpose authentication wrapper, its only substantial use is in wireless networks. (See Chapter 15 to see where EAP is

used.) EAP comes in various types, but currently only six types are in com- mon use:

EAP-PSK ■ Easily the most popular form of authentication used in wireless networks today, EAP-PSK (Personal Shared Key) is nothing more than a shared secret code that’s stored on both the wireless access point and the wireless client, encrypted using the powerful AES encryption (Figure 11.27). See Chapter 15 for the scoop on wireless access points and EAP.

EAP-TLS ■ EAP with Transport Layer Security (TLS) defines the use of a RADIUS server as well as mutual authentication, requiring certificates on both the server and every client. On the client side, a smart card may be used in lieu of a certificate. EAP-TLS is very robust, but the client-side certificate requirement is an administrative

In Windows, the security token is called a Security Identifier (SID).

Figure 11.27 • EAP-PSK in action

BaseTech

Chapter 11: Securing TCP/IP 315

challenge. Even though it’s a challenge, the most secure wireless networks all use EAP-TLS. EAP-TLS is only used on wireless networks, but TLS is used heavily on secure Web sites (see the section “SSL/TLS” later in this chapter). Figure 11.28 shows a typical EAP-TLS setup for a wireless network.

EAP-TTLS ■ EAP-TTLS (Tunneled TLS) is similar to EAP-TLS but only uses a single server-side certificate. EAP-TTLS is very common for more secure wireless networks (Figure 11.29).

EAP-MS-CHAPv2 ■ More commonly known as Protected Extensible Authentication Protocol (PEAP), EAP-MS-CHAPv2 uses a password function based on MS-CHAPv2 with the addition of an encrypted TLS tunnel similar to EAP-TLS.

EAP-MD5 ■ This is a very simple version of EAP that uses only MD5 hashes for transfer of authentication credentials. EAP-MD5 is weak and the least used of all the versions of EAP described.

LEAP ■ Lightweight Extensible Authentication Protocol (LEAP) is a proprietary EAP authentication used almost exclusively by Cisco wireless products. LEAP is an interesting combination of MS-CHAP authentication between a wireless client and a RADIUS server.

802.1X EAP was a huge success and almost overnight gave those who needed point-to-point authentication a one-stop-shop methodology to do so. EAP was so successful that there was a cry to develop an EAP solution for Eth- ernet networks. This solution is called 802.1X. Whereas traditional EAP is nothing more than an authentication method wrapped in PPP, 802.1X gets rid of the PPP (Ethernet is not a point-to-point protocol!) and instead puts the EAP information inside an Ethernet frame.

802.1X is a port-authentication network access control mechanism for networks. In other words, it’s a complete authentication standard designed to force devices to go through a full AAA process to get anywhere past the interface on a gateway system. Before 802.1X, a system on a wired network could always access another system’s port. Granted, an attacker wouldn’t be able to do much until he gave a user name/password or certificate, but he could still send packets to any computer on the network. This wasn’t good because it enabled attackers to get to the systems to try to do evil things. 802.1X prevented them from even getting in the door until they were authenticated and authorized.

Figure 11.29 • EAP-TTLS

Figure 11.28 • EAP-TLS

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 316

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

The interesting part is that you already know about most of the parts of 802.1X because the standard worked hard to use existing technologies. From a distance, 802.1X looks a lot like a RADIUS AAA setup. 802.1X changes the names of some of the components, as shown in Figure 11.30. Compare this to Figure 11.23 to get the new names (the jobs don’t change).

Figure 11.30 • 802.1X components

802.1X combines the RADIUS-style AAA with EAP versions to make a complete authentication solution. The folks who developed 802.1X saw it as a total replacement for every other form of authentication (even Kerberos), but the reality is that most people don’t like changing some- thing that already works. To that end, only wireless networking broadly adopted 802.1X.

I’m not done with authentication and authorization, but at least you now understand the basics of the popular authentication and authoriza- tion protocols and standards. You have more protocols to learn, but all of them are rather specialized for specific uses and thus are covered at various places throughout the book.

Encryption Standards The Internet had authentication long before it had encryption. As a result, almost all encryption came out as a knee-jerk reaction to somebody realiz- ing that his or her TCP/IP application wasn’t secure. For years, there were new secure versions of just about every protocol in existence. New ver- sions of all the classics started to appear, almost all starting with the word “Secure”: Secure FTP, Secure SMTP, and even Secure POP were developed. They worked, but there were still hundreds of not-yet-secured protocols and the specter of redoing all of them was daunting. Fortunately, some new, all-purpose encryption protocols were developed that enabled a client to connect to a server in a secure way while still using their older, unsecure protocols—and it all started because of Telnet.

Technically, wireless networks don’t use EAP. They use 802.1X, which, in turn, uses EAP.

BaseTech

Chapter 11: Securing TCP/IP 317

SSH The broad adoption of the Internet by the early 1990s motivated program- mers to start securing their applications. Telnet had a big problem. It was incredibly useful and popular, but it was completely insecure. It clearly needed to be fixed. As the story goes, Tatu Ylonen of the Helsinki Univer- sity of Technology, reacting to an attack that intercepted Telnet user names and passwords on his network, invented a new secure replacement for Tel- net called Secure Shell (SSH). You’ve already seen SSH in action (in Chapter 9) as a secure version of Telnet, but now that you know more about security, let’s look at SSH in detail.

SSH servers use PKI in the form of an RSA key. The first time a client tries to log into an SSH server, the server sends its public key to the client (Figure 11.31).

Figure 11.31 • PuTTY getting an RSA key

After the client receives this key, it creates a session ID, encrypts it using the public key, and sends it back to the server. The server decrypts this ses- sion ID and uses it in all data transfers going forward. Only the client and the server know this session ID. Next, the client and server negotiate the type of encryption to use for the session. These days, AES is popular, but older symmetric-key ciphers such as 3DES may still be used. The negotiation for the cipher is automatic and invisible to the user.

Using RSA and a cipher makes a very safe con- nection, but the combination doesn’t tell the server who is using the client. All SSH servers, therefore, add user names and passwords to authenticate the client (Figure 11.32). Once a user logs in with a user name and password, he or she has access to the system.

SSH servers listen on TCP port 22.

Figure 11.32 • Users on an SSH server

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 318

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

In addition to using a password for authentication, SSH also can use public keys to identify clients. This opens up some inter- esting possibilities such as noninteractive log- ins. You can also turn off password login alto- gether, hardening your server even further. To use public/private keys for authentica- tion, you must first generate a pair of RSA or Digital Signature Algorithm (DSA) keys with a tool such as PuTTYgen (Figure 11.33). The public key is then copied to the server, and the private key is kept safe on the client.

When you connect to the server, your cli- ent generates a signature using its private key and sends it to the server. The server then checks the signature with its copy of the public key, and if everything checks out, you will be authenticated with the server.

If SSH stopped here as a secure replacement for Telnet, that would be fantastic, but SSH has another trick up its sleeve: the capability to act as a tunnel for any TCP/IP application. Let’s see what tunnels are and how they work.

Tunneling Simply, a tunnel is an encrypted link between two programs on two sepa- rate computers. Let’s take a look at an SSH link between a server and a cli-

ent. Once established, anything you enter into the client application is encrypted, sent to the server, decrypted, and then acted upon (Figure 11.34).

The nature of SSH is such that it took very little to extend the idea of SSH to accept input from any source, even another pro- gram (Figure 11.35). As long as the program can redirect to the SSH client and then the SSH server redirect to the server application, anything can go through an SSH connection encrypted. This is an SSH tunnel.

SSH tunnels are wildly popular and fairly easy to set up. Equally, all of the popular SSH clients and servers are designed to go into tunnel mode, usually with no more than a simple click of a check box (Figure 11.36).

Many tunneling protocols and stan- dards are used in TCP/IP. SSH is one of the simplest types of tunnels so it’s a great first exposure to tunneling. As the book progresses, you’ll see more tunneling proto- cols, and you’ll get the basics of tunneling. For now, make sure you understand that a

Figure 11.33 • Generated keys in PuTTYgen

Figure 11.34 • SSH in action

Figure 11.35 • Encrypting a Web client

BaseTech

Chapter 11: Securing TCP/IP 319

tunnel is an encrypted connection between two endpoints. Any packet that enters the encrypted tunnel, including a packet with unencrypted data, is automatically encrypted, goes through the tunnel, and is decrypted on the other endpoint.

SSH may be popular, but it’s not the only option for encryption. All of the other encryp- tion standards are built into combined authen- tication/encryption standards, as covered in the next section.

Combining Authentication and Encryption The rest of the popular authentication and encryption standards are combined to include both authentication and encryption in a single standard. Lumping together authentication and encryption into the same standard does not make it weaker than the standards already discussed. These are some of the most popular standards on the Internet today, because they offer excellent security.

SSL/TLS The introduction and rapid growth of e-commerce on the World Wide Web in the mid-1990s made it painfully obvious that some form of authentica- tion and encryption was needed. Netscape Corporation took the first shot at a new standard. At the time, the dominant Web browser was Netscape Navigator. Netscape created a standard called Secure Sockets Layer (SSL). SSL requires a server with a certificate. When a client requests access to an SSL-secured server, the server sends to the client a copy of the certificate. The SSL client checks this certificate (all Web browsers come with an exhaus- tive list of CA root certificates preloaded), and if the certificate checks out, the server is authenticated and the client negotiates a symmetric-key cipher for use in the session (Figure 11.37). The session is now in a very secure encrypted tunnel between the SSL server and the SSL client.

The Transport Layer Security (TLS) protocol was designed as an upgrade to SSL. TLS is very similar to SSL, working in almost the same way. TLS is more robust and flexible and works with just about any TCP application.

Figure 11.36 • Turning on tunneling in freeSSHd server

SSL/TLS also supports mutual authentication, but this is relatively rare.

Developers have continued to refine TLS since the release of TLS 1.0 (SSL 3.1) in 1999. Each of the TLS versions is considered an upgrade from SSL 3.0, so you’ll see both numbers listed. TLS 1.1 (SSL 3.2) was released in 2006. The most recent version is TLS 1.2 (SSL 3.3), released in 2008 and modified in 2011.

Figure 11.37 • SSL at work

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 320

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

SSL is limited to HTML, FTP, SMTP, and a few older TCP applications. TLS has no such restrictions and is used in securing Voice over IP (VoIP) and virtual private networks (VPNs), but it is still most heavily used in securing Web pages. Every Web browser today uses TLS for HTTPS-secured Web sites, and EAP-TLS is common for more-secure wireless networks.

IPsec Every authentication and encryption protocol and standard you’ve learned about so far works above the Network layer of the OSI seven-layer model. Internet Protocol Security (IPsec) is an authentication and encryption pro- tocol suite that works at the Internet/Network layer and should become the dominant authentication and encryption protocol suite as IPv6 contin- ues to roll out and replace IPv4. (See Chapter 13 for details on IPv6.)

IPsec works in two different modes: Transport mode and Tunnel mode. In Transport mode, only the actual payload of the IP packet is encrypted: the destination and source IP addresses and other IP header information are still readable. In Tunnel mode, the entire IP packet is encrypted and then placed into an IPsec endpoint where it is encapsulated inside another IP packet. The mode you use depends on the application (Figure 11.38). IPv6 will use the IPsec Transport mode by default.

The IPsec protocol suite uses many open source protocols to provide both tight authentication and robust encryption. You do not need to know how each of the protocols works for the CompTIA Network+ exam, but you should rec- ognize which protocols function within IPsec. Here are the main protocols:

Authentication Header (AH) ■ for authentication

Encapsulating Security Payload (ESP) ■ for implementing authentication and encryption

Internet Security Association and Key Management ■ Protocol (ISAKMP) for establishing security associations (SAs) that define things like the protocol used for exchanging keys

Internet Key Exchange (IKE and IKEv2) ■ and Kerberized Internet Negotiation of Keys (KINK), two widely used key exchanging protocols

Plus, IPsec can encrypt data using any number of encryption algorithms, such as MD5 and SHA that you read about earlier in this chapter.

IPsec is an incredibly powerful authentication/ encryption protocol suite, but until IPv6 is widely imple- mented, its only common current use is creating secure

tunnels between two computers: a job it performs very well. Keep an eye out for IPsec!

Secure TCP/IP Applications■■ I’ve covered quite a few TCP/IP security standards and protocols thus far in the chapter, but I really haven’t put anything to work yet. Now is the time to talk about actual applications that use these tools to make secure

The Internet Engineering Task Force (IETF) specifies the IPsec protocol suite, managing updates and revisions. One of those specifications regards the acronym for the protocol suite, calling it IPsec with a lowercase “s” rather than IPS or IPSec, which you might imagine to be the initials or acronym. Go figure.

Figure 11.38 • IPsec’s two modes

BaseTech

Chapter 11: Securing TCP/IP 321

connections. As mentioned earlier, this is in no way a complete list, as there are thousands of secure TCP applications; I’ll stick to ones you will see on the CompTIA Network+ exam. Even within that group, I’ve saved discus- sion of some of the applications for other chapters that deal more directly with certain security aspects (such as remote connections).

HTTPS You’ve already seen HTTPS back in Chapter 9, so let’s do a quick review and then take the coverage a bit deeper. You know that HTTPS documents are unique pages that traditionally start with https:// and that most browsers also show a small lock icon in the lower-right corner or in the address bar. You also know that HTTPS uses SSL/TLS for the actual authentication and encryption process. In most cases, all of this works very well, but what do you do when HTTPS has trouble?

Since you won’t get an HTTPS connection without a good certificate exchange, the most common problems are caused by bad certificates. When a certificate comes in from an HTTPS Web site, your computer checks the expiration date to verify the certificate is still valid and checks the Web site’s URL to make sure it’s the same as the site you are on. If either of these is not correct, you get an error such as the one shown in Figure 11.39.

If you get one of these errors, you need to decide what to do. Good cer- tificates do go bad (this even hap- pened on my own Web site once) and sometimes the URLs on the certificates are not exactly the same as the site using them. When in doubt, stop. On the other hand, if the risk is low (for example, you’re not entering a credit card number or other sensitive information) and you know and trust the site, proceeding is safe in most cases. A courtesy e-mail or phone call to the Web site administrator notifying him or her about the invalid certificate is usually greatly appreciated.

Invalid certificates aren’t the only potential problems. After this basic check, the browser checks to see if the certificate has been revoked. Root authorities, like VeriSign, generate Certificate Revocation Lists (CRLs) that a Web browser can check against. Certificates are revoked for a number of reasons, but most of the time the reasons are serious, such as a hacked certificate. If you get a revoked certificate error, it’s better to stay away from the site until they fix the problem.

SCP One of the first SSH-enabled programs to appear after the introduction of SSH was Secure Copy Protocol (SCP). SCP was one of the first protocols used

Figure 11.39 • Certificate problem

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 322

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

to transfer data securely between two hosts and thus might have replaced FTP. SCP works well but lacks features such as a directory listing. SCP still exists, especially with the well-known UNIX scp command-line utility, but it has, for the most part, been replaced by the more powerful SFTP.

SFTP Secure FTP (SFTP), also called SSH FTP, was designed as a replacement for FTP after many of the inadequacies of SCP (such as the inability to see the files on the other computer) were discovered. Although SFTP and FTP have similar names and perform the same job of transferring files, the way in which they do that job differs greatly.

The introduction of SSH made it easy to secure most TCP applications just by running them in an SSH tunnel. But FTP was a different case. FTP, at least active FTP, uses two ports, 20 and 21, creating a two-session com- munication. This makes FTP a challenge to run in its original form over SSH because SSH can only handle one session per tunnel. To fix this, a group of programmers from the OpenBSD organization developed a series of secure programs known collectively as OpenSSH. SFTP was one of those programs. SFTP looks like FTP, with servers and clients, but relies on an SSH tunnel. If you are on Windows and would like to connect with an SFTP server, Win- SCP and FileZilla are two great client options.

SNMP Simple Network Management Protocol (SNMP) is a very popular method for querying the state of SNMP-capable devices. SNMP can tell you a number of settings like CPU usage, network utilization, and detailed firewall hits. SNMP uses agents (special client programs) to collect network information from a Management Information Base (MIB), SNMP’s version of a server. To use SNMP, you need SNMP-capable devices and some tool to query them. One tool is Cacti (www.cacti.net), shown in Figure 11.40. Cacti, like most good SNMP tools, enables you to query an SNMP-capable device for hun- dreds of different types of information.

SNMP is a useful tool for network administrators, but the first ver- sion, SNMPv1, sent all data, including the passwords, unencrypted over the network. SNMPv2 had good encryption but was rather challenging to use. SNMPv3 is the standard version used today and combines solid, fairly easy-to-use authentication and encryption.

SNMP runs on UDP port 161.

Cross Check FTP and TFTP

You saw FTP and TFTP back in Chapter 9, so check your memory now. How do they differ from SFTP? Do they use the same ports? Would you use FTP and TFTP in the same circumstances? Finally, what’s the differ- ence between active and passive FTP?

BaseTech

Chapter 11: Securing TCP/IP 323

LDAP The Lightweight Directory Access Protocol (LDAP) is the tool that programs use to query and change a database used by the network. The network world is full of many different databases that are used in many different ways. I’m not talking about databases used by normal people to enter sales calls or to inventory trucks! These are databases used to track who is logged into the network, how many DHCP clients are currently DHCP active, or the location of all the printers in the local network.

One of the most complex and also most used databases is Win- dows Active Directory. Active Directory is the power behind sin- gle sign-on and network informa- tion (where’s the closest printer to me?) and is the cornerstone of Windows’ DNS implementation. Every Windows domain controller stores a copy of the Active Directory.

If a domain controller fails, another domain controller can and must instantly take over. To do this, every domain controller must have an iden- tical copy of the Active Directory. That means if a single domain controller makes a change to the Active Directory, it must quickly send that change to other domain controllers.

Enter LDAP. LDAP is the tool used in virtually every situation where one computer needs to access another computer’s database for information or to make an update. You will probably never use LDAP manually. Your domain controllers will use it automatically and transparently in the back- ground to keep your databases in good order. LDAP uses TCP port 389 by default.

NTP The Network Time Protocol (NTP) does one thing: it gives you the current time. NTP is an old protocol and isn’t in and of itself much of a security risk unless you’re using some timestamping protocol like Kerberos. Windows is by far the most common Kerberos user, so just make sure all of your com- puters have access to an NTP server so users don’t run into problems when logging in. NTP uses UDP port 123.

Figure 11.40 • Cacti at work

324 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

Chapter 11 Review■■

Chapter Summary ■

After reading this chapter and completing the exercises, you should understand the following about securing TCP/IP.

Discuss the standard methods for securing TCP/IP networks

TCP/IP security can be broken down into four ■ areas: encryption, nonrepudiation, authentication, and authorization.

Encryption means to scramble, mix up, or ■ change the data in such a way that bad guys can’t read the data.

Nonrepudiation is the process that guarantees that ■ the data is as originally sent and that it came from the source you think it should have come from.

Authentication means to verify that whoever ■ accesses the data is the person you want accessing that data.

Authorization defines what a person accessing the ■ data can do with that data.

All data starts as plaintext (also called cleartext), ■ meaning the data is in an easily read or viewed industry-wide standard format.

A cipher is a series of complex and hard-to-reverse ■ mathematics—called an algorithm—you run on a string of ones and zeroes to make a new set of seemingly meaningless ones and zeroes. More specifically, a cipher is a general way to encrypt data, and an algorithm is the cipher’s underlying mathematical formula.

A symmetric-key algorithm is any encryption ■ algorithm that uses the same key for both encryption and decryption. There are two types of symmetric-key algorithms: block ciphers and stream ciphers.

Block ciphers encrypt data in single chunks of a ■ certain length. Stream ciphers encrypt a single bit at a time.

Data Encryption Standard (DES) is the oldest TCP/ ■ IP symmetric-key algorithm and uses a 64-bit block with a 56-bit key. DES is susceptible to brute-force attacks.

Advanced Encryption Standard (AES) is the most ■ secure TCP/IP symmetric-key algorithm and uses a 128-bit block with a 128-, 192-, or 256-bit key. AES is practically uncrackable.

Symmetric-key encryption has one serious ■ weakness: anyone who gets a hold of the key can encrypt or decrypt.

Public-key cryptography is an implementation of ■ asymmetric-key encryption, which uses one key to encrypt and a different key to decrypt.

A key pair consists of a public key, which is shared ■ and distributed to senders to use to encrypt data, and a private key, which is kept only by the recipient and used to decrypt data.

A hash is a mathematical function that you run on ■ a string of binary digits of any length that results in a value of some fixed length, often called a checksum or a digest.

A cryptographic hash function is a one-way ■ function that produces a unique checksum that can be used to verify nonrepudiation. MD5 and SHA-2 are popular hashes for this type of work.

A digital signature is a string of ones and zeroes ■ that can only be generated by the sender and is another form of nonrepudiation.

A certificate is a standardized type of digital ■ signature used to verify the identity of someone (or something) you do not know, like a Web site. A certificate usually includes the digital signature of a third party, a person, or a company that guarantees that who is passing out this certificate truly is who they say they are. VeriSign and Thawte are popular certificate authorities.

An access control list (ACL) is used to control ■ authorization, or what a user is allowed to do once they have been authenticated. There are three types of ACL access modes: MAC, DAC, and RBAC.

In a mandatory access control (MAC) security ■ model, every resource is assigned a label that defines its security level. If the user lacks that security level, he or she does not get access.

BaseTech

325 Chapter 11: Securing TCP/IP

Discretionary access control (DAC) is based on the ■ idea that a resource has an owner who may, at his or her discretion, assign access to that resource.

Role-based access control (RBAC) is the most ■ popular model used in file sharing and defines a user’s access to a resource based on the user’s group membership.

Compare TCP/IP security standards

The Point-to-Point Protocol (PPP) enables two ■ point-to-point devices to connect, authenticate with a user name and password, and negotiate the network protocol the two devices will use.

PPP includes two methods to authenticate a user ■ name and password: PAP and CHAP.

Password Authentication Protocol (PAP) transmits ■ the user name and password over the connection in plaintext, which is not secure.

Challenge Handshake Authentication Protocol ■ (CHAP) provides a more secure authentication routine because it relies on hashes based on a shared secret, usually a password that both ends of the connection know. Microsoft created its own version called MS-CHAP.

Authentication, Authorization, and Accounting ■ (AAA) is a philosophy applied to computer security. RADIUS and TACACS+ are standard implementations of AAA.

Remote Authentication Dial-In User Service ■ (RADIUS) is the better known of the two AAA standards and was created to support ISPs with hundreds if not thousands of modems in hundreds of computers to connect to a single central database.

Microsoft’s RADIUS server is called Internet ■ Authentication Service (IAS) and comes built in with most versions of Microsoft Windows Server. FreeRADIUS is a popular RADIUS server for UNIX/Linux.

Terminal Access Controller Access Control ■ System Plus (TACACS+) is a proprietary protocol developed by Cisco to support AAA in a network with many routers and switches.

Kerberos, unlike PPP, is an authentication protocol ■ for TCP/IP networks with many clients all connected to a single authenticating server.

Kerberos, which is the authentication protocol for ■ all Windows networks using a domain controller, uses a Key Distribution Center (KDC) that has two

processes: the Authentication Server (AS) and the Ticket-Granting Service (TGS).

The Authentication Server authenticates users at ■ login and, if successful, sends a Ticket-Granting Ticket (TGT) (good for ten hours by default) allowing the user to access network resources without having to reauthenticate.

The timestamped TGT is sent to the TGS, which ■ returns an access token used by the client for authorization to a network resource.

The Extensible Authentication Protocol (EAP) ■ was developed to help two devices negotiate the authentication process. It is used primarily in wireless networks. There are six commonly used types of EAP: EAP-PSK, EAP-TLS, EAP-TTLS, EAP-MS-CHAPv2 (PEAP), EAP-MD5, and LEAP.

EAP Personal Shared Key (EAP-PSK) is the most ■ popular form of authentication used in wireless networks today.

Early wireless networks lacked any form of ■ authentication, so the wireless community grabbed a preexisting authentication standard called 802.1X to use in their wireless networks. 802.1X combines the RADIUS-style AAA with EAP versions to make a complete authentication solution.

Secure Shell (SSH) is a secure replacement for ■ Telnet. SSH uses PKI in the form of an RSA key. At login, the SSH server sends its public key to the client. The client then encrypts data using the public key and transmits the data, which is subsequently decrypted on the server with the private key.

Netscape created the Secure Sockets Layer (SSL) ■ standard, which requires a server with a certificate. SSL has been updated to the Transport Layer Security (TLS) standard and is used for secure Web transactions, such as online credit card purchases.

SSL is limited to HTML, FTP, SMTP, and a few ■ older TCP applications whereas TLS is less restrictive and is used for everything SSL does in addition to VoIP and VPNs.

IPsec is an encryption protocol and is destined ■ to become the dominant encryption protocol under IPv6. IPsec works in two different modes: Transport mode and Tunnel mode. IPv6 uses the IPsec Transport mode by default.

In Transport mode, only the actual payload of the ■ IP packet is encrypted; the destination and source IP addresses and other IP header information is still readable.

326 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

In Tunnel mode, the entire IP packet is encrypted ■ and then placed into an IPsec endpoint where it is encapsulated inside another IP packet.

Implement secure TCP/IP applications

HTTPS uses SSL/TLS for the actual authentication ■ and encryption process. Most browsers show a small lock icon in the lower-right corner or in the address bar when an HTTPS connection is established.

The most common problems with HTTPS ■ connections are caused by bad or outdated certificates.

Secure Copy Protocol (SCP) is an SSH-enabled ■ program or protocol used to copy files securely between a client and a server. It has been replaced by Secure FTP (SFTP).

Simple Network Management Protocol (SNMP) is ■ a method for querying the state of SNMP-capable devices. SNMP can tell you a number of settings like CPU usage, network utilization, and detailed firewall hits. SNMP uses agents and MIBs to capture and monitor network usage.

SNMPv1 sent all data, including the passwords, ■ unencrypted over the network. SNMPv2 had good encryption but was rather challenging to use. SNMPv3 is the standard version used today and combines solid, fairly easy-to-use authentication and encryption.

Active Directory servers and other servers use the ■ Lightweight Directory Access Protocol (LDAP) to keep important databases updated.

Network Time Protocol (NTP) gives you the ■ current time. It isn’t much of a security risk unless you’re using some timestamping protocol like Kerberos.

Key Terms ■ 802.1X (315) access control list (ACL) (308) Advanced Encryption Standard (AES) (299) algorithm (296) asymmetric-key algorithm (298) authentication (295) Authentication, Authorization, and Accounting

(AAA) (311) Authentication Server (AS) (313) authorization (295) block cipher (298) certificate (304) Challenge Handshake Authentication Protocol

(CHAP) (310) cipher (296) ciphertext (297) cleartext (296) complete algorithm (296) Data Encryption Standard (DES) (298) digital signature (304) discretionary access control (DAC) (308) encryption (295) Extensible Authentication Protocol (EAP) (314) FreeRADIUS (312)

hash (302) Internet Authentication Service (IAS) (312) Internet Protocol Security (IPsec) (320) Kerberos (313) Key Distribution Center (KDC) (313) key pair (300) Lightweight Directory Access Protocol (LDAP) (323) Lightweight Extensible Authentication Protocol

(LEAP) (315) Management Information Base (MIB) (322) mandatory access control (MAC) (308) MD5 (303) MS-CHAP (310) Network Access Server (NAS) (312) Network Control Protocol (NCP) (309) Network Time Protocol (NTP) (323) nonrepudiation (295) OpenSSH (322) Password Authentication Protocol (PAP) (310) plaintext (296) Point-to-Point Protocol (PPP) (309) Protected Extensible Authentication Protocol

(PEAP) (315) public-key cryptography (299)

BaseTech

327 Chapter 11: Securing TCP/IP

public-key infrastructure (PKI) (306) Remote Authentication Dial-In User Service

(RADIUS) (312) Rivest Cipher 4 (RC4) (299) Rivest Shamir Adleman (RSA) (299) role-based access control (RBAC) (308) Secure Copy Protocol (SCP) (321) Secure FTP (SFTP) (322) Secure Hash Algorithm (SHA) (303) Secure Shell (SSH) (317)

Secure Sockets Layer (SSL) (319) Simple Network Management Protocol (SNMP) (322) stream cipher (298) symmetric-key algorithm (297) Terminal Access Controller Access Control System

Plus (TACACS+) (313) Ticket-Granting Ticket (TGT) (313) Transport Layer Security (TLS) (319) tunnel (318)

Key Term Quiz ■

Use the Key Terms list to complete the sentences that follow. Not all the terms will be used.

_______________ defines what a person 1. accessing data can do with that data.

_______________ is the act of verifying you are 2. who you say you are.

_______________ is the process of guaranteeing 3. that data is as originally sent and that it came from the source from which you think it should have come.

A(n) _______________ encrypts data in fixed-4. length chunks at a time.

_______________ is a secure replacement for 5. Telnet.

A(n) _______________ uses one key to encrypt 6. data and a different key to decrypt the same data.

SSL has been replaced by the more robust 7. _______________.

SCP has been replaced by _______________, a 8. secure protocol for copying files to a server.

_______________ is the default authentication 9. protocol for Windows domains and is extremely time sensitive.

_______________ uses a 128-bit block, up to 10. a 256-bit key, and is a virtually uncrackable encryption algorithm.

Multiple-Choice Quiz ■ Justin wants his team to be able to send him 1. encrypted e-mails. What should he do?

Send each team member his private key.A.

Send each team member his public key.B.

Ask each team member for his or her C. private key.

Ask each team member for his or her D. public key.

Which of the following are popular 2. cryptographic hashing functions? (Select two.)

MD5A.

SHA-2B.

RADIUSC.

TACACS+D.

A public and private key pair is an example 3. of what?

Symmetric-key algorithmA.

Asymmetric-key algorithmB.

CertificateC.

RADIUSD.

Which authentication protocol is time sensitive 4. and is the default authentication protocol on Windows domains?

PPPA.

MS-CHAPB.

IPsecC.

KerberosD.

328 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 11

What helps to protect credit card numbers 5. during online purchases? (Select two.)

CertificatesA.

TLSB.

SCPC.

NTPD.

Emily wants to remotely and securely enter 6. commands to be run at a remote server. What application should she use?

TelnetA.

SSHB.

SFTPC.

RSAD.

A hash function is by definition7.

A complex functionA.

A PKI functionB.

A one-way functionC.

A systematic functionD.

In order to have a PKI infrastructure you must 8. have a(n)

Web serverA.

Web of trustB.

Root authorityC.

Unsigned certificateD.

Which term describes the process of 9. guaranteeing that data that is received is, in fact, the data that was sent—and that it came from the presumed source?

AuthenticationA.

AuthorizationB.

EncryptionC.

NonrepudiationD.

If you saw some traffic running on TCP port 49, 10. what AAA standard would you know was running?

PPPA.

RADIUSB.

MS-CHAPC.

TACACS+D.

What is the difference between RADIUS and 11. TACACS+?

RADIUS is the authentication control for A. Windows networks whereas TACACS+ is the authentication control for UNIX/Linux networks.

RADIUS is an implementation of an B. authentication control whereas TACACS+ is an implementation of authorization control.

RADIUS is a generic name for authentication C. control, and there are implementations for Windows, UNIX, and Linux servers. TACACS+ is authentication control for Cisco routers and switches.

RADIUS supports encryption; TACACS+ D. does not and is, therefore, less desirable in a network.

AES is a(n) __________ cipher.12.

BlockA.

ForwardingB.

StreamC.

AsymmetricD.

Which authentication protocol is broadly used 13. on wireless networks?

802.1XA.

PPPB.

PAPC.

MS-CHAPD.

Digital signatures and certificates help which 14. aspect of computer security?

AccountingA.

AuthenticationB.

AuthorizationC.

NonrepudiationD.

Which authorization model grants privileges 15. based on the group membership of network users?

MACA.

DACB.

RBACC.

GACD.

BaseTech

329 Chapter 11: Securing TCP/IP

Essay Quiz ■

Explain the difference between symmetric-1. key and asymmetric-key algorithms and give examples of each. Which is more secure? Why?

Access control lists help to control the 2. authorization of network resources. Explain the differences among the three ACL access models.

You receive a call from a distressed user telling 3. you she was in the middle of an online purchase (just entering her credit card number) when she noticed a certificate warning on the screen saying the Web site’s certificate has expired. What advice would you give the user?

Lab Project 11.1 •

Download a copy of GnuPG from www.gnupg.org and one of the frontends from www.gnupg.org/related_software/frontends .en.html. Generate a key pair and share your

public key with a classmate. Have your classmate encrypt a file using your public key and e-mail it to you. Decrypt your file with your private key.

Lab ProjectsLab Projects

Lab Project 11.2 •

You have learned many acronyms in this chapter! Make a list of the following acronyms, state what they stand for, and briefly describe them. Use this as a study sheet for the CompTIA Network+ certification exam: DES, AES, RSA, MD5, SHA, PKI, CRAM-MD5, ACL, MAC,

DAC, RBAC, PPP, PAP, CHAP, MS-CHAP, AAA, RADIUS, TACACS+, KDC, AS, TGT, SID, EAP, EAP-TLS, EAP-PSK, EAP-TTLS, EAP-MS- CHAPv2, PEAP, EAP-MD5, LEAP, SSH, SSL, TLS, HTTPS, SCP, SFTP, SNMP, and NTP.

chapter

330

12

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks,Third Edition / Meyers / 911-1 / Chapter 12

Advanced Networking Devices

“It followed from the special

theory of relativity that mass

and energy are both but

different manifestations of

the same thing. A somewhat

unfamiliar conception for the

average mind.”

—Albert einstein

In this chapter, you will learn how to

Discuss client/server and peer-to-■■ peer topologies

Describe the features and ■■ functions of VPNs

Configure and deploy VLANs■■

Implement advanced switch ■■ features

So far in this book we’ve looked at simple network topologies and single-function devices. Ethernet networks employ a hybrid star-bus topology, for example, with a physical star and a logical bus. You have hubs humming along

at Layer 1, switches at Layer 2, and routers at Layer 3, each performing heroic

service. You have protocols functioning at the upper layers, enabling things like

the Web and FTP.

When you zoom out from the network to the 30,000-foot view, network

components take on one of several aspects. You have servers that dish out data

and clients that access those servers. You have computers on networks that

both serve and access data; these are called peer-to-peer networks. You have

connections between networks and connections from outside to inside a network.

This chapter starts with connection concepts, looking at classic and current

uses of terms like client, server, and peer. The chapter then turns to virtual

private networks, how businesses handle telecommuting, traveling employees,

and multiple locations. The third part examines switches that can segment a

network into multiple virtual networks. The chapter finishes with a discussion

about multilayer switches—the boxes that do it all.

BaseTech

Chapter 12: Advanced Networking Devices 331

Client/Server and Peer-to-Peer ■■ Topologies

To share data and services, networks place computers or services into the category of server, the provider of such things. Other computers act as cli- ents, the users of services. Many networks today blend the two roles, mean- ing each computer can both serve and request. Let’s look at classic usage of client/server and peer-to-peer topologies, and then examine how the terms have changed in modern networking.

Historical/Conceptual

Client/Server The earliest networks used a client/server model. In that model, certain systems acted as dedicated servers. Dedicated servers were called “ded- icated” because that’s all they did. You couldn’t go up to a dedicated server and run Word or Solitaire. Dedicated servers ran powerful server network operating systems that offered up files, folders, Web pages, and so on to the network’s client systems. Client systems on a client/server network never functioned as servers. One client system couldn’t access shared resources on another client system. Servers served and clients accessed, and never the twain . . . crossed over . . . in the old days of client/server!

Figure 12.1 shows a typical client/ server network. As far as the clients are concerned, the only system on the net- work is the server system. The clients can neither see each other, nor share data with each other directly. They must save the data on the server, so that other systems can access it.

Back in the old days there was an operating system called Novell NetWare. Novell NetWare servers were true dedi- cated servers. You couldn’t go up to a Novell NetWare server and write yourself a resume. There were no Windows or even user applications. The only thing Novell NetWare servers knew how to do was share their own resources, but they shared those resources extremely well! The Novell NetWare operating system was unique. It wasn’t any- thing like Windows, Macintosh, or Linux. It required you to learn an entirely different set of installation, configuration, and administration commands. Figure 12.2 shows a screen from Novell NetWare. Don’t let the passing resemblance to Windows fool you—it was a completely dif- ferent operating system!

Figure 12.1 • A simple client/server network

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 332

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

Dedicated servers enabled Novell to create an entire fea- ture set not seen before on per- sonal computers. Each dedicated server had its own database of user names and passwords. You couldn’t access any of the resources on the server without logging in. The server’s administrator would assign “permissions” to a specific user account, such as Write (add files to a directory), File Scan (see the contents of a directory), and Erase (delete files).

By keeping the server func- tionality separate from the client systems, the Novell folks made very powerful, dedicated servers without overwhelming the client computers with tons of software. This was, after all, in the early days of personal computers and they

didn’t have anything near the power of a modern PC. NetWare servers had tremendous power and great security because

the only thing they did was run server software. In the early days of net- working, client/server was king!

Peer-to-Peer Novell NetWare was the first popular way to network PCs, but it wasn’t too many years later that Microsoft introduced the first versions of network-

capable Windows. The way in which these versions of Windows looked at networking, called peer-to-peer, was completely different from the client/server view of networking. In a peer-to-peer net- work, any system can act as a server, a client, or both, depending on how you configure that system. PCs on peer-to-peer networks frequently act as both clients and servers. One of the most common examples of a peer-to-peer network is the venerable Windows 9x series of operating systems. Figure 12.3 shows the sharing options for the ancient Windows 98 operating system, providing options to share a folder and thus turn that computer into a server.

At first glance, it would seem that peer-to-peer is the way to go—why create a network that doesn’t allow the clients to see each other? Wouldn’t it make more sense to give users the freedom to allow their systems both to share and access any resource? The problem was a lack of security.

The early Windows systems did not have user accounts and the only permissions were Read Only and Full Control. So they made it easy to share but hard to control access to the shared resources. People wanted the freedom of peer-to-peer with the security of cli- ent/server.

Novell NetWare as marketed today is a form of SUSE Linux. It is no longer a unique server-only operating system.

Figure 12.2 • Novell NetWare in action

Figure 12.3 • Sharing options in Windows 98

BaseTech

Chapter 12: Advanced Networking Devices 333

Dedicated servers enabled Novell to create an entire fea- ture set not seen before on per- sonal computers. Each dedicated server had its own database of user names and passwords. You couldn’t access any of the resources on the server without logging in. The server’s administrator would assign “permissions” to a specific user account, such as Write (add files to a directory), File Scan (see the contents of a directory), and Erase (delete files).

By keeping the server func- tionality separate from the client systems, the Novell folks made very powerful, dedicated servers without overwhelming the client computers with tons of software. This was, after all, in the early days of personal computers and they

didn’t have anything near the power of a modern PC. NetWare servers had tremendous power and great security because

the only thing they did was run server software. In the early days of net- working, client/server was king!

Peer-to-Peer Novell NetWare was the first popular way to network PCs, but it wasn’t too many years later that Microsoft introduced the first versions of network-

capable Windows. The way in which these versions of Windows looked at networking, called peer-to-peer, was completely different from the client/server view of networking. In a peer-to-peer net- work, any system can act as a server, a client, or both, depending on how you configure that system. PCs on peer-to-peer networks frequently act as both clients and servers. One of the most common examples of a peer-to-peer network is the venerable Windows 9x series of operating systems. Figure 12.3 shows the sharing options for the ancient Windows 98 operating system, providing options to share a folder and thus turn that computer into a server.

At first glance, it would seem that peer-to-peer is the way to go—why create a network that doesn’t allow the clients to see each other? Wouldn’t it make more sense to give users the freedom to allow their systems both to share and access any resource? The problem was a lack of security.

The early Windows systems did not have user accounts and the only permissions were Read Only and Full Control. So they made it easy to share but hard to control access to the shared resources. People wanted the freedom of peer-to-peer with the security of cli- ent/server.

The “old school” client/ server model means dedicated servers with strong security. Clients see only the server. In the peer-to-peer model, any system is a client, server, or both, but at the cost of lower security and additional demands on the system resources of each peer.

Test Specific

Client/Server and Peer-to-Peer Today In response to demand, every modern operating system has dumped the classic client/server or peer-to-peer label. Windows, Linux, and OS X all have the capability to act as a server or a client while also providing robust security through user accounts, permissions, and the like.

Since the widespread adoption of TCP/IP and the Internet, client/ server and peer-to-peer have taken on new or updated definitions and refer more to applications than to network operating systems. Consider e-mail for a moment. For traditional e-mail to work, you need an e-mail client like Microsoft Outlook. But you also need an e-mail server program like Microsoft Exchange to handle the e-mail requests from your e-mail client. Outlook is a dedicated client—you cannot use the Outlook client as a mail- serving program. Likewise, you cannot use Microsoft Exchange as an e-mail client. Exchange is a dedicated server program.

Peer-to-peer applications, often referred to simply as P2P, act as both client and server. The best examples of these applications are the now infamous file-sharing applications based on special TCP/IP protocols. The applica- tions, with names like BitTorrent, LimeWire, and DC++, act as both clients and servers, enabling a user to share files and access shared files. BitTor- rent is actually an entire protocol, not just a particular application. Many different applications use the BitTorrent standard. Figure 12.4 shows one such program, μTorrent, in the process of simultaneously uploading and downloading files.

The terms server, client, and peer manifest in another way when discuss- ing connecting to a local network from a remote site or connecting two

Figure 12.4 • μTorrent downloading

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 334

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

networks together so they function as if they’re one network. Let’s turn now to a technology that makes these connection types possible: virtual pri- vate networks.

Virtual Private Networks■■ Remote connections have been around for a long time, even before the Internet existed. The biggest drawback to remote connections was the cost to connect. If you were on one side of the continent and had to connect to your LAN on the other side of the continent, the only connection option was a telephone. Or if you needed to connect two LANs across the conti- nent, you ended up paying outrageous monthly charges for a private con- nection. The introduction of the Internet gave people wishing to connect to their home networks a very inexpensive connection option, but there was one problem—the whole Internet was (and is) open to the public. People wanted to stop using dial-up and expensive private connections and use the Internet instead, but they wanted to be able to do it securely.

If you read the previous chapter, you might think you could use some of the tools for securing TCP/IP to help and you would be correct. Several standards use encrypted tunnels between a computer or a remote network and a private network through the Internet (Figure 12.5), resulting in what is called a virtual private network (VPN).

As you saw in the previous chapter, an encrypted tunnel requires endpoints—the ends of the tunnel where the data is encrypted and decrypted. In the tunnels you’ve seen thus far, the client for the application sits on one end and the server sits on the other. VPNs do exactly the same thing. Either some software running on a computer or, in some cases, a dedicated box must act as an end- point for a VPN (Figure 12.6).

The key with the VPN is that all of the computers should be on the same network— and that means they must all have the same network ID. For example, you would want

the laptop that you are using in an airport lounge to have the same network ID as all of the comput- ers in your LAN back at the office. But there’s no simple way to do this. If it’s a single client trying to access a network, that client is going to take on the IP address from its local DHCP server. In the case of your laptop in the airport, your network ID and IP address come from the DHCP server in the airport, not the DHCP server back at the office.Figure 12.6 • Typical tunnel

Figure 12.5 • VPN connecting computers across the United States

BaseTech

Chapter 12: Advanced Networking Devices 335

To make the VPN work, you need a VPN client program protocol that uses one of the many tunneling protocols available. This remote client connects to the local LAN via its Internet connec- tion, querying for an IP address from the local DHCP server. In this way, the VPN client will be on the same network ID as the local LAN. The remote com- puter now has two IP addresses. First, it has its Internet connection’s IP address, obtained from the remote computer’s ISP. Second, the VPN client creates a tunnel endpoint that acts like a NIC (Figure 12.7). This virtual NIC has an IP address that connects it to the local LAN.

Clever network engineers have come up with many ways to make this work, and those implementations function at different layers of the TCP/ IP model. PPTP and L2TP, for example, work at the Link layer. Many VPNs use IPsec at the Internet layer to handle encryption needs. SSL VPNs work at the Application layer.

PPTP VPNs So how do you make IP addresses appear out of thin air? What tunneling protocol have you learned about that has the smarts to query for an IP address? That’s right! Good old PPP! Microsoft got the ball rolling with the Point- to-Point Tunneling Protocol (PPTP), an advanced version of PPP that handles this right out of the box. The only trick is the endpoints. In Micro- soft’s view, a VPN is intended for individual clients to con- nect to a private network, so Microsoft places the PPTP endpoints on the client and the server. The server end- point is a special remote access server program, origi- nally only available on Windows Server, called Routing and Remote Access Service (RRAS) on the server—see Figure 12.8.

On the Windows client side, you run Create a New Connection. This creates a virtual NIC that, like any other NIC, does a DHCP query and gets an IP address from the DHCP server on the private network (Fig- ure 12.9).

When your computer connects to the RRAS server on the private net- work, PPTP creates a secure tunnel through the Internet back to the private

A system connected to a VPN looks as though it’s on the local network, but performs much slower than if the system was connected directly back at the office because it’s not local at all.

Figure 12.7 • Endpoints must have their own IP addresses.

Figure 12.8 • RRAS in action

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 336

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

LAN. Your client takes on an IP address of that network, as if your computer is directly connected to the LAN back at the office, even down to the default gateway. If you open your Web browser, your client will go across the Internet to the local LAN and then use the LAN’s default gateway to get to the Internet! Using a Web browser will be much slower when you are on a VPN. Every operating system comes with some type of built-in VPN client that supports PPTP (among others). Figure 12.10 shows Network, the Mac OS X VPN connection tool.

This type of VPN connection, where a single computer logs into a remote network and becomes, for all intents and purposes, a member of that network, is commonly called a client-to-site connection.

L2TP VPNs Microsoft pushed the idea of a single client tunneling into a private LAN using software. Cisco, being the router king that it is, came up with its own VPN protocol called Layer 2 Tunneling Protocol (L2TP). L2TP took all the good features of PPTP and L2F and added support to run on almost any type of connection possible, from telephones to Ethernet to ultra-high- speed optical connections. Cisco also moved the endpoint on the local LAN from a server program to a VPN-capable router, called a VPN concentrator, such as the Cisco 2811 Integrated Services Router shown in Figure 12.11.

Figure 12.10 • VPN on a Macintosh OS X system

Cisco made hardware that supported PPP traffic using a proprietary protocol called Layer 2 Forwarding (L2F). L2F did not come with encryption capabilities, so it was replaced by L2TP a long time ago. You’ll sometimes see the term on the CompTIA Network+ exam as an incorrect answer.

Figure 12.9 • VPN connection in Windows

BaseTech

Chapter 12: Advanced Networking Devices 337

Cisco provides free client software to connect a single faraway PC to a Cisco VPN. This creates a typ- ical client-to-site connection. Network people often directly connect two Cisco VPN concentrators to con- nect two separate LANs permanently. It’s slow, but inexpensive, compared to a dedicated high-speed connection between two faraway LANs. This kind of connection enables two separate LANs to function as a single network, sharing files and services as if in the same building. This is called a site-to- site VPN connection.

L2TP differs from PPTP in that it has no authentication or encryption. L2TP generally uses IPsec for all security needs. Technically, you should call an L2TP VPN an “L2TP/IPsec” VPN. L2TP works perfectly well in the single-client-connecting-to-a-LAN world, too. Every operating system’s VPN client fully supports L2TP/IPsec VPNs.

SSL VPNs Cisco has made a big push for companies to adopt VPN hardware that enables VPNs using Secure Sockets Layer (SSL). These types of VPN work at the Application layer and offer an advantage over Link- or Internet- based VPNs because they don’t require any special client software. Clients connect to the VPN server using a standard Web browser, with the traffic secured using SSL. The two most common types of SSL VPNs are SSL portal VPNs and SSL tunnel VPNs.

With SSL portal VPNs, a client accesses the VPN and is presented with a secure Web page. The client gains access to anything linked on that page, be it e-mail, data, links to other pages, and so on.

With tunnel VPNs, in contrast, the client Web browser runs some kind of active control, such as Java or Flash, and gains much greater access to the VPN-connected network. SSL tunnel VPNs create a more typical client- to-site connection than SSL portal VPNs, but the user must have sufficient permissions to run the active browser controls.

Virtual LANs ■■ Today’s LANs are complex places. It’s rare to see any serious network that doesn’t have remote incoming connections, public Web or e-mail servers, wireless networks, as well as the basic string of connected switches. Leav- ing all of these different features on a single broadcast domain creates a tremendous amount of broadcast traffic and creates a security nightmare. You could separate the networks with multiple switches and put routers in between, but that’s very inflexible and hard to manage. What if you could segment the network using the switches you already own? You can, and that’s what a virtual local area network (VLAN) enables you to do.

To create a VLAN, you take a single physical broadcast domain and chop it up into multiple virtual broadcast domains. VLANs require special switches loaded with extra programming to create the virtual networks. Imagine a single switch with a number of computers connected to it. Up to

The years have seen plenty of crossover between Microsoft and Cisco. Microsoft RRAS supports L2TP, and Cisco routers support PPTP.

Many VPN connections use the terms client and server to denote the functions of the devices that make the connection. You’ll also see the terms host and gateway to refer to the connections, such as a host-to-gateway tunnel.

Figure 12.11 • Cisco 2811 Integrated Services Router

Tech Tip

Alternatives to PPTP, L2TP, and SSL There are other VPN options to PPTP, L2TP, and SSL, and some of them are quite popular. First is OpenVPN, which, like the rest of what I call “OpenXXX” applications, uses Secure Shell (SSH) for the VPN tunnel. Second is IPsec. The tech world is now seeing some pure (no L2TP) IPsec solutions that use IPsec tunneling for VPNs, such as Cisco Easy VPN.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 338

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

this point, a single switch is always a single broadcast domain, but that’s about to change. You’ve decided to take this single switch and turn it into two VLANs. VLANs typically get the name “VLAN” plus a number, like VLAN1 or VLAN275. The devices usually start at 1 although there’s no law or rules on the numbering. In this example, I’ll configure the ports on my single switch to be in one of two VLANs—VLAN1 or VLAN2 (Figure 12.12). I promise to show you how to configure ports for different VLANs shortly, but I’ve got a couple of other concepts to hit first.

Figure 12.12 shows a switch configured to assign individual ports to VLANs. But there’s another way to use VLANs that’s supported by most VLAN-capable switches. Instead of assigning ports to a VLAN, you can assign MAC addresses to determine VLAN mem- bership. A computer in this type of VLAN is always a member of the same VLAN no matter which port you plug the computer into on the switch.

A single switch configured into two VLANs is the simplest form of VLAN possible. More serious net- works usually have more than one switch. Let’s say you

added a switch to a simple network. You’d like to keep VLAN1 and VLAN2 but use both switches. You can configure the new switch to use VLAN1 and VLAN2, but you’ve got to enable data to flow between the two switches, regardless of VLAN. That’s where trunking comes into play.

Trunking Trunking is the process of transferring VLAN traffic between two or more switches. Imagine two switches, each configured with a VLAN1 and a VLAN2, as shown in Figure 12.13.

You want all of the computers connected to VLAN1 on one switch to talk to all of the computers connected to VLAN1 on the other switch. Of course, you want to do this with VLAN2 also. To do this, you configure a port on each switch as a trunk port. A trunk port is a port on a switch config- ured to carry all traffic, regardless of VLAN number, between all switches in a LAN (Figure 12.14).

There is a VLAN0. This is the default VLAN. When you buy a new VLAN-capable switch and plug it in, every port on that switch is preset to VLAN0.

Figure 12.12 • Switch with two VLANs

Figure 12.13 • Two switches, each with a VLAN1 and a VLAN2 Figure 12.14 • Trunk ports

BaseTech

Chapter 12: Advanced Networking Devices 339

In the early days of VLANs, every switch manufacturer had its own way to make VLANs work. Cisco, for example, had a proprietary form of trunk- ing called Inter-Switch Link (ISL), which most Cisco switches still support. Today, every Ethernet switch prefers the IEEE 802.1Q trunk standard that enables you to connect switches from different manufacturers.

Configuring a VLAN-capable Switch If you want to configure a VLAN-capable switch, you need a method to perform that configuration. One method uses a serial (console) port like the one described in Chapter 3, but the most common method is to access the switch with a Web browser interface, like the one shown in Figure 12.15. Catalyst is a model name for a series of popular Cisco routers with advanced switching features. Any switch that you can access and configure is called a managed switch.

So if you’re giving the switch a Web interface, that means the switch needs an IP address—but don’t switches use MAC addresses? They do, but managed switches also come with an IP address for configuration. A brand- new managed switch out of the box invariably has a preset IP address simi- lar to the preset, private IP addresses you see on routers. This IP address isn’t for any of the individual ports, but rather is for the whole switch. That means no matter where you physically connect to the switch, the IP address to get to the configuration screen is the same.

Every switch manufacturer has its own interface for configuring VLANs, but the interface shown in Figure 12.16 is a classic example. This is Cisco Network Assistant, a very popular tool that enables you to configure

The simple switches you’ve seen prior to this haven’t had any configuration capability (aside from giving you a button to enable or disable an uplink port). These simple switches are called unmanaged switches.

Figure 12.15 • Catalyst 2950 Series Device Manager

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 340

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

multiple devices through the same interface. Note that you first must define your VLANs.

After you create the VLANs, you usually either assign computers’ MAC addresses to VLANs or assign ports to VLANs. Assigning MAC addresses means that no matter where you plug in a computer, it is always part of the same VLAN—a very handy feature for mobile users! Assigning each port to a VLAN means that whatever computer plugs into that port, it will always be a member of that port’s VLAN. Figure 12.17 shows a port being assigned to a particular VLAN.

Figure 12.16 • Defining VLANs in Cisco Network Assistant

VLANs based on ports are the most common type of VLAN and are commonly known as static VLANs. VLANs based on MAC addresses are called dynamic VLANs.

Figure 12.17 • Assigning a port to a VLAN

BaseTech

Chapter 12: Advanced Networking Devices 341

Virtual Trunk Protocol A busy network with many VLAN switches can require periods of intensive work to update. Imagine the work required to redo all the VLAN switches if you changed the VLAN configuration by adding or removing a VLAN. You’d have to access every switch individually, changing the port configu- ration to alter the VLAN assignment, and so on. The potential for errors is staggering. What if you missed updating one switch? Joe in Sales might wrongly have access to a sensitive accounting server or Phyllis in account- ing might not be able to get her job done on time.

Cisco uses a proprietary protocol called Virtual Trunk Protocol (VTP) to automate the updating of multiple VLAN switches. With VTP, you put each switch into one of three states: server, client, or transparent. When you make changes to the VLAN configuration of the server switch, all the con- nected client switches update their configurations within minutes. The big job of changing every switch manually just went away.

When you set a VLAN switch to transparent, you tell it not to update but to hold onto its manual settings. You would use a transparent mode VLAN switch in circumstances where the overall VLAN configuration assignments did not apply.

InterVLAN Routing Once you’ve configured a switch to support multiple VLANs, each VLAN is its own broadcast domain, just as if the two VLANs were on two completely separate switches and networks. There is no way for data to get from one VLAN to another unless you use a router. The process of making a router work between two VLANs is called interVLAN routing. In the early days of inter VLAN routing, you commonly used a router with multiple ports as a backbone for the network. Figure 12.18 shows one possible way to connect two VLANs with a single router. Note that the router has one port connected to VLAN 100 and another con- nected to VLAN 200. Devices on VLAN 100 may now communicate with devices on VLAN 200.

Adding a physical router like this isn’t a very ele- gant way to connect VLANs. This forces almost all traf- fic to go through the router, and it’s not a very flexible solution if you want to add more VLANs in the future. As a result, all but the simplest VLANs have at least one very special switch that has the ability to make virtual routers. Figure 12.19 shows an older but very popular interVLAN routing–capable switch, the Cisco 3550.

Figure 12.19 • Cisco 3550

Figure 12.18 • One router connecting multiple VLANs

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 342

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

From the outside, the Cisco 3550 looks like any other switch. On the inside, it’s an incredibly powerful and flexible device that not only sup- ports VLANs, but also enables you to create virtual routers to interconnect these VLANs. Figure 12.20 shows the configuration screen for the 3550’s inter VLAN routing between two VLANs.

If the Cisco 3550 is a switch but also has built-in routers, on what layer of the OSI seven-layer model does it operate? If it’s a switch, then it works at Layer 2. But it also has the capability to create virtual routers, and routers work at Layer 3. This isn’t an ordinary switch. The Cisco 3550 works at both Layers 2 and 3 at the same time.

Multilayer Switches■■ The Cisco 3550 is an amazing box in that it seems to defy the entire con- cept of a switch because of its support of interVLAN routing. Up to this point, I’ve said a switch works at Layer 2 of the OSI model, but now you’ve just seen a very powerful (and expensive) switch that clearly also works at Layer 3. The Cisco 3550 is one example of what we call a multilayer switch.

At this point you must stop thinking that a switch always works at Layer 2. Instead, think of the idea that any device that forwards traffic based on anything inside a given packet is a switch. A Layer 2 switch forwards traffic based on MAC addresses, whereas a Layer 3 switch (also called a router) forwards traffic based on IP addresses. From here on out, I will carefully address at what layer of the OSI seven-layer model a switch operates.

Figure 12.20 • Setting up interVLAN routing

BaseTech

Chapter 12: Advanced Networking Devices 343

The challenge to multilayer switches comes with the ports. On a clas- sic Layer 2–only switch, individual ports don’t have IP addresses. They don’t need them. On a router, however, every port must have an IP address because the routing table uses the IP address to determine where to send packets.

A multilayer switch needs some option or feature for configuring ports to work at Layer 2 or Layer 3. Cisco uses the terms switchport and router port to differentiate between the two types of port. You can configure any port on a multilayer switch to act as a switchport or a router port, depend- ing on your needs. Multilayer switches are incredibly common and sup- port a number of interesting features, clearly making them part of what I call “advanced networking devices” and what CompTIA calls “special- ized network devices.” I’m going to show you three areas where multilayer switches are very helpful: load balancing, quality of service, and network protection (each term is defined in its respective section). These three areas aren’t the only places where multilayer switches solve problems, but they are the most popular and the ones that the CompTIA Network+ exam cov- ers. Let’s look at these areas that are common to more advanced networks and see how more advanced network devices help in these situations.

Load Balancing Popular Internet servers are exactly that—popular. So popular that a single system cannot possibly support the thousands, if not millions, of requests per day that bombard them. But from what you’ve learned thus far about servers, you know that a single server has a single IP address. Put this to the test. Go to a command prompt and type ping www.google.com.

C:\>ping www.google.com Pinging www.l.google.com [74.125.95.147] with 32 bytes of data: Reply from 74.125.95.147: bytes=32 time=71ms TTL=242 Reply from 74.125.95.147: bytes=32 time=71ms TTL=242 Reply from 74.125.95.147: bytes=32 time=70ms TTL=242 Reply from 74.125.95.147: bytes=32 time=70ms TTL=242

Getting a definite number is somewhat difficult, but by poking around on a few online analysis Web sites like Alexa (www.alexa.com), it seems that www.google.com receives around 130 to 140 million requests per day; that’s about 1600 requests per second. Each request might require the Web server to deliver thousands of HTTP segments. A single, powerful, dedi- cated Web server (arguably) handles at best 2000 requests/second. A busy Web site often needs more than one Web server to handle all the requests. Let’s say a Web site needs three servers to handle the traffic. How does that one Web site, using three different servers, use a single IP address? The answer is found in something called load balancing.

Load balancing means making a bunch of servers look like a single server, creating a server cluster. Not only do you need to make them look like one server, you need to make sure that requests to these servers are distributed evenly so no one server is bogged down while another is idle. There are a few ways to do this, as you are about to see. Be warned, not all of these methods require an advanced network device called a load balancer, but it’s common to use one. Employing a device designed to do one thing

Any device that works at multiple layers of the OSI seven- layer model, providing more than a single service, is called a multifunction network device.

Coming to a consensus on statistics like the number of requests/day or how many requests a single server can handle is difficult. Just concentrate on the concept. If some nerdy type says your numbers are way off, nicely agree and walk away. Just don’t invite them to any parties.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 344

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

really well is always much faster than using a general-purpose computer and slapping on software.

DNS Load Balancing Using DNS for load balancing is one of the oldest and still very common ways to support multiple Web servers. In this case, each Web server gets its own (usually) public IP address. Each DNS server for the domain has multiple “A” DNS records, each with the same fully qualified domain name

(FQDN). The DNS server then cycles around these records so the same domain name resolves to different IP addresses. Fig- ure 12.21 shows a Windows DNS server with multiple A records for the same FQDN.

Now that the A records have been added, you need to tell the DNS server to cycle around these names. With Windows DNS Server, you’ll select a check box to do this, as shown in Figure 12.22.

When a computer comes to the DNS server for resolution, the server cycles through the DNS A records, giving out first one and then the next in a cyclic (round robin) fashion.

The popular BIND DNS server has a very similar process but adds even more power and features such as weighting one or more servers more than others or randomizing the DNS response.

Using a Multilayer or Content Switch DNS is an easy way to load balance, but it still relies on multiple DNS servers, each with its own IP address. As Web clients access one DNS server or another, they cache that DNS server’s IP address. The next time they access the server, they go directly to the cached DNS server and skip the round robin, reducing its effectiveness.

Figure 12.21 • Multiple IP addresses, same name

Figure 12.22 • Enabling round robin

BaseTech

Chapter 12: Advanced Networking Devices 345

To hide all of your Web servers behind a single IP, you have two popular choices. First is to use a special multilayer switch that works at Layers 3 and 4. This switch is really just a router that performs NAT and port forwarding, but also has the capability to query the hidden Web servers continually and send HTTP requests to a server that has a lighter workload than the other servers.

The second option is to use a content switch. Content switches always work at Layer 7 (Application layer). Content switches designed to work with Web servers, therefore, are able to read the incom- ing HTTP and HTTPS requests. With this, you can per- form very advanced actions, such as handling SSL cer- tificates and cookies, on the content switch, removing the workload from the Web servers. Not only can these devices load balance in the ways previously described, but their HTTP savvy can actually pass a cookie to HTTP requesters—Web browsers—so the next time that client returns, it is sent to the same server (Figure 12.23).

QoS and Traffic Shaping Just about any router you buy today has the capability to block packets based on port number or IP address, but these are simple mechanisms mainly designed to protect an internal network. What if you need to control how much of your bandwidth is used for certain devices or applications? In that case, you need quality of service (QoS) policies to prioritize traffic based on certain rules. These rules control how much bandwidth a proto- col, PC, user, VLAN, or IP address may use (Figure 12.24).

Figure 12.23 • Layer 7 content switch

The CompTIA Network+ exam refers to a content switch as a content filter network appliance.

Figure 12.24 • QoS configuration on a router

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 346

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

On many advanced routers and switches, you can implement QoS through bandwidth management, such as traffic shaping where you con- trol the flow of packets into or out of the network according to the type of packet or other rules.

Traffic shaping is very important when you must guarantee a device or application a certain amount of bandwidth and/or latency, such as with VoIP or video. Traffic shaping is also very popular in places such as schools, where IT professionals need to control user activities, such as lim- iting HTTP usage or blocking certain risky applications such as peer-to- peer file sharing.

Network Protection The last area where you’re likely to encounter advanced networking devices is network protection. Network protection is my term to describe four differ- ent areas that CompTIA feels fit under the term specialized network devices:

Intrusion protection/intrusion detection ■

Port mirroring ■

Proxy serving ■

Port authentication ■

Intrusion Detection/Intrusion Prevention Intrusion detection and intrusion prevention are very similar to the pro- cesses used to protect networks from intrusion and to detect that something has intruded into a network. Odds are good you’ve heard the term firewall. Firewalls are hardware or software tools that block traffic based on port number or IP address. A traditional firewall is a static tool: it cannot actually detect an attack. An intrusion detection system (IDS) is an application (often running on a dedicated IDS box) that inspects incoming packets, looking for active intrusions. A good IDS knows how to find attacks that no firewall can find, such as viruses, illegal logon attempts, and other well-known attacks.

An IDS always has some way to let the network administrators know if an attack is taking place: at the very least the attack is logged, but some IDSs offer a pop-up message, an e-mail, or even a text message to your phone.

Third-party IDS tools, on the other hand, tend to act in a much more complex and powerful way. You have two choices with a real IDS: network based or host based. A network-based IDS (NIDS) con- sists of multiple sensors placed around the network, often on one or both sides of the gateway router. These sensors report to a central application that, in turn, reads a signature file to detect anything out of the ordinary (Figure 12.25).

A host-based IDS (HIDS) is software running on individual sys- tems that monitors for events such as system file modification or reg- istry changes (Figure 12.26). More expensive third-party system IDSs do all this and add the ability to provide a single reporting source— very handy when one person is in charge of anything that goes on throughout a network.

The CompTIA Network+ exam uses the generic term traffic filtering, which means traffic shaping—the filtering of traffic based on type of packet or other rules.

The term bandwidth shaping is synonymous with traffic shaping. The routers and switches that can implement traffic shaping are commonly referred to as shapers. The CompTIA Network+ exam refers to such devices as bandwidth shapers.

Figure 12.25 • Diagram of network-based IDS

BaseTech

Chapter 12: Advanced Networking Devices 347

Figure 12.26 • OSSEC HIDS

A well-protected network uses both a NIDS and a HIDS. A NIDS moni- tors the incoming and outgoing traffic from the Internet whereas the HIDS monitors the individual computers.

An intrusion prevention system (IPS) is very similar to an IDS, but an IPS adds the capability to react to an attack. Depending on what IPS prod- uct you choose, an IPS can block incoming packets on-the-fly based on IP address, port number, or application type. An IPS might go even further, literally fixing certain packets on-the-fly. As you might suspect, you can roll out an IPS on a network and it gets a new name: a network intrusion preven- tion system (NIPS).

Port Mirroring Hubs may be obsolete, but they had one aspect that made them awfully handy: you could plug into a hub and see everybody’s traffic. With switches now the way to connect, you no longer have a way to see any traffic other than traffic directed at the NIC and broadcasts. But if you have the right switch, you can get this capability back.

IDS/IPS often takes advantage of something called port mirroring. Many advanced switches have the capability to mirror data from any or all physi- cal ports on a switch to a single physical port. It’s as though you make a customized, fully configurable promiscuous port. Port mirroring is incred- ibly useful for any type of situation where an administrator needs to inspect packets coming to or from certain computers.

The CompTIA Network+ exam can refer to an IDS system by either its location on the network—thus NIDS or HIDS— or by what the IDS system does in each location. The network- based IDS scans using signature files, thus it is a signature-based IDS. A host-based IDS watches for suspicious behavior on systems, thus it is a behavior- based IDS.

The CompTIA Network+ exam refers to intrusion detection and prevention systems collectively by their initials, IDS/IPS.

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 348

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

Proxy Serving A proxy server sits in between clients and external servers, essentially pocketing the requests from the clients for server resources and mak-

ing those requests itself. The client comput- ers never touch the outside servers and thus stay protected from any unwanted activity. A proxy server usually does something to those requests as well. Let’s see how proxy servers work using HTTP, one of the oldest uses of proxy servers.

Since proxy serving works by redirecting client requests to a proxy server, you first must tell the Web client not to use the usual DNS resolution to determine the Web server and instead to use a proxy. Every Web client comes with a program that enables you to set the IP address of the proxy server, as shown in the example in Figure 12.27.

Once the proxy server is configured, HTTP requests move from the client directly to the proxy server. Built into every HTTP request is the URL of the target Web server, so the Web proxy knows where to get the requested data once it gets the request. In the simplest format, the proxy server simply forwards the requests using its own IP address and then forwards the returning packets to the client (Figure 12.28).

This simple version of using a proxy server prevents the Web server from knowing where the client is located—a handy trick for those who wish to keep people from knowing where they are coming from, assum- ing you can find a public proxy server that accepts your HTTP requests (there are plenty!). There are many other good reasons to use a proxy server. One big benefit is caching. A proxy server keeps a copy of the served resource, giving clients a much faster response.

Tech Tip

Proxy Caching If a proxy server caches a Web page, how does it know if the cache accurately reflects the real page? What if the real Web page was updated? In this case, a good proxy server uses querying tools to check the real Web page to update the cache.

Figure 12.27 • Setting a proxy server in Mozilla Firefox

Figure 12.28 • Web proxy at work

BaseTech

Chapter 12: Advanced Networking Devices 349

A proxy server might inspect the contents of the resource, looking for inappropriate content, viruses/malware, or just about anything else the creators of the proxy might desire it to identify.

HTTP proxy servers are the most common type of proxy server, but any TCP application can take advantage of proxy servers. Numerous proxy serving programs are available, such as Squid, shown in Figure 12.29. Proxy serving takes some substantial processing, so many vendors sell proxy serv- ers in a box, such as the Blue Coat ProxySG 510.

Figure 12.29 • Squid Proxy Server software

Port Authentication The last place where you see advanced networking devices is in port authentication. We’ve already covered the concept in the previous chap- ter: port authentication is a critical component for any AAA authentication method, in particular RADIUS, TACACS+, and 802.1X. When you make a connection, you must have something at the point of connection to make the authentication, and that’s where advanced networking devices come into play. Many switches, and almost every wireless access point, come with feature sets to support port authentication. A superb example is my

Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks 350

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

own Cisco 2811 router. It supports RADIUS and 802.1X port authentication, as shown in Figure 12.30.

Figure 12.30 • 802.1X configuration on a Cisco 2811

Try This! Exploring Switch Capabilities

If you have access to a managed switch of any kind, now would be a great time to explore its capabilities. Use a Web browser of choice and navigate to the switch. What can you configure? Do you see any options for proxy serving, load balancing, or other fancy capability? How could you opti- mize your network by using some of these more advanced capabilities?

BaseTech

351 Chapter 12: Advanced Networking Devices

Chapter 12 Review■■

Chapter Summary ■

After reading this chapter and completing the exercises, you should understand the following about network- ing devices.

Discuss client/server and peer-to-peer logical topologies

In a client/server model, certain systems act as ■ dedicated servers. A client never acts as a server, so one client can never access shared resources on another client.

In a peer-to-peer network, any system can act as ■ a client, server, or both. This model first became popular in the 1990s with Microsoft Windows.

Today, the terms client/server and peer-to- ■ peer refer more to applications than to network operating systems.

Describe the features and functions of VPNs

A VPN creates a tunnel that enables users to ■ connect to remote LANs across the Internet.

RRAS, a program available only on Windows ■ servers, allows VPN connections using PPTP. PPTP creates the secure tunnel through the Internet to your private LAN.

L2TP is a Cisco VPN protocol that was built on ■ the best features of Microsoft’s PPTP and Cisco’s L2F. Rather than requiring special server software (such as Microsoft’s RRAS), L2TP places a tunnel endpoint directly on a VPN-capable router.

L2TP provides no authentication or encryption. It ■ usually relies on IPsec for this.

SSL VPNs come in two flavors: portal and tunnel. ■ Both provide connectivity to the internal network through a standard Web browser and do not need special client software. SSL enables security.

Configure and deploy VLANs

A VLAN takes a single physical broadcast domain ■ and splits it into multiple virtual broadcast domains, thereby reducing broadcast traffic.

Trunking enables VLANs to work across multiple ■ switches, so that multiple computers on the same

LAN, but connected to different physical switches, can be members of the same VLAN.

A trunk port carries all traffic, regardless of VLAN ■ number, between all switches on a LAN. Today, every Ethernet switch prefers the IEEE 802.1Q trunk standard, enabling you to connect switches from different manufacturers.

Many switches can be configured for VLANs via ■ a serial port connection, but the most common method is via a Web server built into the switch.

Once the VLANs have been created on the ■ switches, the next steps include assigning computers’ MAC addresses to VLANs (dynamic VLANs) or assigning switch ports to VLANs (static VLANs).

Switches running Cisco VTP can be set in client ■ mode to update automatically when a switch set to server mode is updated.

A multilayer switch that has the ability to do ■ interVLAN routing can act as a virtual router, connecting different VLANs.

Implement advanced switch features

A multilayer switch is one that operates at multiple ■ levels of the OSI model, such as the Cisco 3550 switch that functions at both Layer 2 and Layer 3.

Layer 2 switches forward frames based on MAC ■ addresses whereas Layer 3 switches (also called routers) forward packets based on IP addresses.

Load balancing involves configuring multiple ■ servers to look like a single server, allowing multiple servers to handle requests sent to a single IP address. Additionally, load balancing spreads the requests evenly across all the servers so no one system is bogged down.

With DNS load balancing, each Web server receives ■ a unique IP address because the DNS servers hold multiple A records, each with the same domain name, for each Web server. The DNS server then cycles around these records so the same domain name resolves to different IP addresses.

352 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

DNS load balancing loses effectiveness when ■ client computers cache the resolved IP address, bypassing the DNS server when connecting to a Web server.

A content switch provides load balancing by ■ reading the HTTP and HTTPS requests and acting upon them, taking the workload off the Web servers.

Quality of service (QoS) sets priorities for how ■ much bandwidth is used for certain protocols, PCs, users, VLANs, IP addresses, or other devices or applications. This is often implemented through traffic shaping.

An intrusion detection system (IDS) inspects ■ incoming packets and actively monitors for attacks. A network-based IDS (NIDS) typically consists of sensors on one or both sides of the gateway

router whereas a host-based IDS (HIDS) consists of monitoring software installed on individual computers.

An intrusion prevention systems (IPS) can react ■ to attacks. An IPS proactively monitors for attacks and then reacts if an attack is identified.

Port mirroring mirrors data from any or all ■ physical ports on a switch to a single physical port, making it easy for administrators to inspect packets to or from certain computers.

A proxy server intercepts client requests and acts ■ upon them, usually by blocking the request or forwarding the request to other servers.

Many switches support port authentication, ■ a feature that requires network devices to authenticate themselves, protecting your network from rogue devices.

Key Terms ■ client/server (331) client-to-site (336) content switch (345) interVLAN routing (341) intrusion detection system (IDS) (346) intrusion prevention system (IPS) (347) Layer 2 Tunneling Protocol (L2TP) (336) Load balancing (343) managed switch (339) multilayer switch (342) peer-to-peer (332) Point-to-Point Tunneling Protocol (PPTP) (335) port authentication (349)

port mirroring (347) proxy server (348) quality of service (QoS) (345) Routing and Remote Access Service (RRAS) (335) site-to-site (337) SSL VPN (337) traffic shaping (346) trunk port (338) trunking (338) virtual local area network (VLAN) (337) virtual private network (VPN) (334) Virtual Trunk Protocol (VTP) (341) VPN concentrator (336)

Key Term Quiz ■ Use the Key Terms list to complete the sentences that follow. Not all terms will be used.

_______________ is Cisco’s VPN protocol that 1. relies on IPsec for all its security needs.

In a(n) _______________ network, all computers 2. can act in dual roles as clients or servers.

A(n) _______________ services client requests 3. and forwards them to the appropriate server.

In a(n) _______________ network, client 4. computers cannot share resources with each other or see each other. They can only connect to a server.

BaseTech

353 Chapter 12: Advanced Networking Devices

_______________ allows multiple VLANs to 5. work across multiple switches.

Routers that enable you to set QoS often 6. use _______________ to limit the amount of bandwidth used by certain devices or applications.

Creating a(n) _______________ helps to reduce 7. broadcast traffic on any one network by separating the one large network into smaller ones, but it requires the use of a special switch.

A(n) _______________ is a network created by 8. a secure tunnel from one network to another remote network.

_______________ is a special program running 9. on Microsoft servers that enables remote users to connect to a local Microsoft network.

Microsoft’s _______________ enables computers 10. on one end of a VPN to receive an IP address on the subnet of the remote network.

Multiple-Choice Quiz ■

Which network model uses only truly dedicated 1. servers?

Client/serverA.

Peer-to-peerB.

Virtual private networkC.

Virtual local area networkD.

Marcy is home sick, but she uses a VPN to connect 2. to her network at work and is able to access files stored on the remote network just as if she were physically in the office. Which protocols make it possible for Marcy to receive an IP address from the DHCP server at work? (Select two.)

PPTPA.

IDSB.

L2TPC.

IPSD.

What is one benefit of a VLAN?3.

It allows remote users to connect to a local A. network via the Internet.

It reduces broadcast traffic on a LAN.B.

It can create a WAN from multiple disjointed C. LANs.

It provides encryption services on networks D. that have no default encryption protocol.

Rashan’s company has multiple FTP servers, 4. allowing remote users to download files. What should Rashan implement on his FTP servers so they appear as a single server with a guarantee

that no single FTP server is receiving more requests than any other?

Load balancingA.

Port authenticationB.

Port mirroringC.

TrunkingD.

Raul sits down at his computer, checks his 5. e-mail, edits a document on the server, and shares a folder with other users on the network. What kind of network is Raul on?

Client/serverA.

Peer-to-peerB.

PPTPC.

TrunkedD.

Which of the following describes a VPN?6.

A remote connection using a secure tunnel A. across the Internet

Segmenting a local network into smaller B. networks without subnetting

A network that is protected from virusesC.

A protocol used to encrypt L2TP trafficD.

To enable computers connected to different 7. switches to be members of the same VLAN, what do the switches have to support?

Content switchingA.

Port authenticationB.

Port mirroringC.

TrunkingD.

354 Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks

/ Mike Meyers’ CompTIA Network+ Guide to Managing and Troubleshooting Networks, Third Edition / Meyers / 911-1 / Chapter 12

What is true of a multilayer switch?8.

It can work at multiple OSI layers at the A. same time.

It can work with one of several OSI layers at B. a time, depending on its configuration mode. Working at a different layer requires making a configuration change and resetting the switch.

It can communicate with other switches that C. work at different OSI layers.

It has twice the ports of a standard switch D. because it contains two regular switches, one stacked on top of the other.

Which statement about L2TP is true?9.

It is more secure than PPTP.A.

It was developed by Microsoft and is B. available by default on all Microsoft servers.

It lacks security features and, therefore, relies C. on other protocols or services to handle authentication and encryption.

It ensures router tables are kept synchronized D. across VLANs.

What are the benefits of caching on a Web proxy? 10. (Select two.)

Response timeA.

Virus detectionB.

TrackingC.

AuthenticationD.

Which are effective methods of implementing 11. load balancing? (Select two.)

Content switchingA.

DNS round robinB.

Traffic shapingC.

Proxy servingD.

Employees in the sales department complain 12. that the network runs slowly when employees in the art department copy large graphics files across the network. What solution might increase network speed for the sales department?

DNS load balancingA.

Content switchingB.

Traffic shapingC.

802.1zD.

How does an IPS compare to an IDS?13.

An IPS is more secure because it uses IPsec.A.

An IDS is more secure because it uses L2TP.B.

An IPS is more robust because it can react to C. attacks.

An IDS is more robust because it can react to D. attacks.

A dynamic VLAN assigns VLANs to14.

IP addressesA.

MAC addressesB.

PortsC.

TrunksD.

Novell NetWare was an example of what?15.

A dedicated clientA.

A dedicated serverB.

A multilayer VLAN switchC.

Intrusion detection system softwareD.

Essay Quiz ■

Your boss is becoming increasingly worried 1. about hacking attempts on the company Web server. Write a letter explaining the various options for protecting against, and reacting to, attacks.

A coworker is constantly talking about VLANs 2. and VPNs but rarely uses the terms correctly. Educate your coworker as to what VPNs and VLANs are, what they are for, and how they differ.

BaseTech

355 Chapter 12: Advanced Networking Devices

Lab Project 12.1 •

Lab ProjectsLab Projects

You have read quite a bit in this chapter about securing networks against attacks. Research at least three intrusion prevention systems and create a matrix comparing them. Include comparisons of features, cost, reliability, network/operating system support, and general user reviews.

Lab Project 12.2 •

Your boss wants to reduce broadcast traffic and asks you to segment the network into multiple VLANs. Use your favorite e-commerce Web site for purchasing computer and networking devices and find at least three switches that support VLANs. Create a matrix comparing features and cost. Based on your research, which VLAN switch would you recommend to your employer and why?

Lab 2:

Examining Contents of Ethernet Packet

Done by

{Your Name here}

Date Report Due: Feb 27, 2013

Report Submitted:

Table of Contents

3 Abstract

3 Introduction

3 Lab Write up

5 Conclusion

5 References

5 Glossary

Abstract

See Sample abstract in lab template located in ‘Important Documents for the Course’ folder under the Course Content icon in Blackboard

Introduction

Purpose of the lab is to continue to develop your understanding of network communications by looking deeper into the network packets used to connect to a distant server. The primary activities of the lab focus on the capture and examination of the network protocols in layer 3 & 4 of the OSI reference model. That is the Internet Protocol and Transmission Control Protocol sections shown in Figure 1.

As in other labs you should set up the lab by explain how this lab fits into the reading and with other labs. Provide a brief overview of each of the main sections of the lab. As before, provide a complete list of hardware and software used in this lab.

Overall Objectives for this Lab

1. Get an overview of how layers 2 & 3 of the OSI protocol stack interact to facilitate communications between endpoints of a conversation.

2. Identify the specific role of the IP protocol in end-to-end communications

3. Examine how layers 3 & 4 interact in your communication with the web server.

4. Identify the call setup, transmission and the call termination accomplished in layer 4 protocols. Specifically we are interested in TCP as a layer 4 protocol in this lab

5. Explore the HTTP protocol conversation between your PC and a Web site with the view of seeing how TCP/IP facilitates that communication

Lab Write up

( Part A: Internet Protocol

In this section of the lab you are going to explore a little deeper into the Ethernet packet. You may recall that the IP Protocol is a layer 3 protocol, and that it is used to guide packets between networks. Your write-up of this section should explain how the IP protocol is employed within the packet to help guide it between networks. In particular, the questions below are focusing on packets sent across the Internet to a server in some other location.

Explain in some detail how the IP protocol assists in the packet navigation across the Internet. You will want to reference the idea of the datagram service of the IP protocol. You will need to reference instructor slides and tutorials from this section and other resources to support your analysis. To help you get started with this analysis I have included some questions below to help you think about the role of the IP Header of the packet (See Figure 2). Your narrative about what you learn could include answers to some of these topics

· The IP header has multiple information fields. What are they used for?

· How do these header attributes insure packets are sent and received successfully?

· How does the definition of a datagram help explain the function of the IP header?

( Part B: TCP Protocol

Transmission Control Protocol is one of the Layer 4 protocols used to communicate across the network. TCP is used to establish a reliable connection to a host on the far end of the conversation. The reliable connection creates addition traffic when sending acknowledgements of received packets. It makes sense that we would want to have a reliable connection, but there are times when this extra overview is not helpful. For example, when sending voice over IP we can’t resend packets that may have been lost because of the timing and the need to get all packets in order make resending lost packets impractical. For these types of applications we use UDP , rather than TCP as the Layer 4 protocol.

In this section of the lab you will explore information found in layer 4 of the packets you captured to learn something about how the layer 4 protocols provide for a reliable end-to-end communication service. To help direct your efforts the questions below might be helpful.

· Review the reading on TCP & UDP in your book and perhaps look at other resources to help you explain the differences between TCP & UDP. They are both layer protocols, but they serve different purposes. What are the differences? ( Hint: Use UDP as your packet filter value to see what you get. The information at http://en.wikipedia.org/wiki/User_Datagram_Protocol might prove useful in this discussion.

· What are the field in the TCP header used for, and how do they help in setting up a reliable end-to-end communication (aka connection-oriented connection)?

· Explain the use of port numbers in layer protocols. How are this port numbers used with the IP address to establish the right connection between programs on both ends of the ‘conversation’? What are well-known port numbers? What about the other port numbers not listed there?

· Define any new words or acronyms and highlight them to your running glossary

Conclusion

Address the following topics from your experience in the lab…..

1) What were the most important concepts you learned in this lab?

2) What did you discover in the process of exploring the contents of a packet?

3) As a network administrator, how might this information be useful to you?

4) How does this lab relate to the reading?

References

APA Format

Glossary

(start with previous lab Glossary entries)

Figure 1: Wireshark Protocol Capture Window

IP Packet Header Section

Figure 2: IP Header

Figure 3: TCP Header