Contents at a Glance Introduction... 1 Book I: Overview... 5 Chapter 1: Looking at the Cisco Network World...7 Chapter 2: Exploring Cisco Network Design...23 Chapter 3: Knowing as Little as Possible about Math...47 Chapter 4: Testing Your Core Networking Knowledge...59 Chapter 5: Getting into the Cisco Internetwork Operating System...95 Book II: Internet Protocols... 131 Chapter 1: Making the Most of IPv4...133 Chapter 2: Choosing between Protocols: TCP and UDP...159 Chapter 3: Working with ARP, the IP Communication Model, and Data Link Layer Troubleshooting...177 Chapter 4: Preparing for the Advent of IPv6...203 Book III: Switching... 211 Chapter 1: Reviewing the Enterprise LAN...213 Chapter 2: Switching Basics...225 Chapter 3: Configuring Switches...237 Chapter 4: Easing Device Discovery with CDP...265 Chapter 5: Virtualizing Networks with VLANs and VTP...277 Chapter 6: Adding Fault Tolerance with STP...295 Chapter 7: Adding Fault Tolerance with EtherChannel...315 Chapter 8: Speeding Configuration with Smartport Macros...327 COPYRIGHTED MATERIAL Book IV: Routing... 337 Chapter 1: Making the Wide Area Network (WAN) Wide...339 Chapter 2: Cozying Up to Routing Basics...351 Chapter 3: Router Configuration...365 Chapter 4: Setting Up Static Routes...385 Chapter 5: Configuring Serial Connections and WAN Links...395 Chapter 6: Meeting the Routing Protocols...407 Chapter 7: Checking Out RIP and EIGRP Characteristics and Design...419 Chapter 8: Getting Comfortable with the OSPF and IS-IS Protocols...433 Chapter 9: Routing with BGP and IP Multicast...451
Book V: Wireless... 471 Chapter 1: Getting Wise to Wireless LANs...473 Chapter 2: Planning Your WLAN...491 Chapter 3: Securing Your WLAN...519 Chapter 4: Building a Cisco Wireless Network...535 Book VI: Security... 555 Chapter 1: Defending against Common Attacks with Basic Security Tools...557 Chapter 2: Securing Networks with Cisco s Adaptive Security Appliance...579 Chapter 3: Securing Networks with ACLs and NAT...611 Chapter 4: Cisco Security Best Practices...633 Index... 655
Table of Contents Introduction... 1 About This Book...1 Conventions Used in This Book...1 Foolish Assumptions...2 How This Book Is Organized...2 Book I: Overview...2 Book II: Internet Protocols...2 Book III: Switching...2 Book IV: Routing...3 Book V: Wireless...3 Book VI: Security...3 Icons Used in This Book...3 Where to Go from Here...4 Book I: Overview... 5 Chapter 1: Looking at the Cisco Network World...................7 Glazing Over the OSI Network Layer Model...8 Connecting with Switches...13 Moving On Up with Routers...14 Taking the Network Wireless...15 Securing Data with Firewalls...16 Adding a Network Voice (Over IP, That Is)...17 Focusing on Small Business Networks...19 Taking Cisco Products Home...20 Chapter 2: Exploring Cisco Network Design......................23 Embracing Methodologies...23 Intelligent Information Network (IIN)...24 Service-Oriented Network Architecture (SONA)...25 Prepare, Plan, Design, Implement, Operate, and Optimize (PPDIOO)...28 Examining the Layered Network Model...37 Core layer...39 Distribution layer...40 Access layer...42 Enterprise modules...44
xii Cisco Networking All-in-One For Dummies Chapter 3: Knowing as Little as Possible about Math..............47 Why These Number Systems Are Important...48 Working with Bits and Bytes...50 Pondering the Significance of the Significant Bit...52 Making Conversions...52 Converting Base 2 (binary) to Base 10 (decimal)...53 Converting binary to Base 8 (octal)...55 Converting binary to Base 16 (hexadecimal)...56 Chapter 4: Testing Your Core Networking Knowledge.............59 Layering the OSI Model...60 Layer 1: The physical layer...61 Layer 2: The data link layer...62 Layer 3: The network layer...63 Layer 4: The transport layer...65 Layer 5: The session layer...66 Layer 6: The presentation layer...68 Layer 7: The application layer...70 Troubleshooting by Layers...72 Troubleshooting the physical layer...72 Troubleshooting the data link layer...73 Troubleshooting network and transport layers...73 Troubleshooting the application layer...74 Framing Data...75 Figuring Out Packets...77 Looking at packets...78 Viewing packet structure...79 Getting the Lowdown on Low-Level and High-Level Addressing...80 Taking control of MAC addresses...80 Structuring the IP address...82 Reviewing Internetwork Packet Exchange...82 Getting the basics with NetBIOS Extended User Interface...83 Watching the Traffic Go By...83 CSMA/CD...83 CSMA/CA...84 Choosing CSMA/CD or CSMA/CA...86 Sharking the Network Data...87 Capture options...91 Filtering captured data...92 Chapter 5: Getting into the Cisco Internetwork Operating System...95 Working with the Internetwork Operating System...95 Checking out the show command...96 Understanding operating modes...101 Getting going with the command line...107
Table of Contents xiii Tinkering with Device Connections...110 Connecting directly via a Cisco rollover cable...111 Connecting remotely via Telnet or SSH...116 Graphical configuration interfaces...118 Upgrading Firmware and Booting an IOS Image...122 Upgrading the IOS image...122 Managing the boot process...124 Book II: Internet Protocols... 131 Chapter 1: Making the Most of IPv4............................133 Meeting TCP/IP, Belle of the Networking Ball...134 Comparing TCP/IP with the OSI Network Model...135 Comprehending the Structure of an IP Address...136 Knowing Your Network Classes...137 Class A...137 Class B...138 Class C...138 Class D...138 Class E...138 Public, private, and automatic IP addresses...140 Examining special IP addresses...141 Breaking Up Networks with Subnetting...143 Subnetting 101...144 Mulling the number of hosts...145 Modifying the subnet mask...146 Explaining Classless InterDomain Routing (CIDR)...150 CIDR notation...151 Variable Length Subnet Masks (VLSM)...153 Supernetting...154 11111111.11111111.1111110.00000000 (255.255.254.0) route summarization...155 Chapter 2: Choosing between Protocols: TCP and UDP...........159 Understanding the UDP and TCP Structure...159 Examining packet structure...160 TCP and UDP header structures...164 Sockets and ports...166 Checking out which services use which ports...169 Knowing When to Use TCP...169 Services that use TCP...170 Three-way handshaking...170 Sliding windows...172 Knowing When to Use UDP...175
xiv Cisco Networking All-in-One For Dummies Chapter 3: Working with ARP, the IP Communication Model, and Data Link Layer Troubleshooting....................177 Watching Address Resolution Protocol in Action...178 The logical AND...178 Using ARP...182 Troubleshooting with ARP...189 Checking out arp command options...190 Looking through your ARP cache with arp -a...190 Adding a static ARP entry...191 Seeing how ARP is useful...193 Using Other Troubleshooting Tools...194 ping...194 traceroute/tracert...199 PathPing...201 Chapter 4: Preparing for the Advent of IPv6.....................203 Reviewing Address Structure...204 Collapsing Addresses...205 Identifying Special Addresses...205 Assigning Addresses...207 Integration with IPv4...209 Book III: Switching... 211 Chapter 1: Reviewing the Enterprise LAN.......................213 Identifying Features of an Enterprise LAN...213 Working with Cisco Switching Technologies...215 Small-to-medium business products...216 Classical enterprise products...216 Reviewing Switching Standards...217 Purchasing Support...221 Chapter 2: Switching Basics..................................225 Switching and the OSI Model...225 Communicating with Duplex/Simplex...227 Colliding and Broadcasting...227 Powering Up Your Switch...230 Viewing status lights...230 Connecting the client cables...234 Chapter 3: Configuring Switches...............................237 Switching with the Internetwork Operating System (IOS)...237 Connecting to Your Switch...238
Table of Contents xv Revealing Basic Switch Configuration...240 Setting a hostname...240 Examining ports and speeds...240 Configuring interfaces...241 Configuring the management interface...243 Setting the default gateway...245 Setting passwords...246 Working with Users...252 Creating a user in the account database...253 Removing a user...253 Enable user-level protection...253 Running Setup Wizard...253 Working with Web Console...256 Dashboard...257 Configure...257 Monitor...262 Maintenance...263 Network Assistant...263 Chapter 4: Easing Device Discovery with CDP...................265 Discovering How CDP Operates...265 Working with CDP...267 Seeing whether CDP is operating on a device...267 Enabling CDP...268 Disabling CDP...268 Viewing information about devices...268 Checking traffic data...271 Ogling CDP s debug options...271 Overlooking CDP miscellany...272 Building Your Network Layout...273 Chapter 5: Virtualizing Networks with VLANs and VTP...........277 Implementing Virtual Local Area Networks (VLANs)...277 Understanding how VLANs work...279 Setting up VLANs...282 Configuring a range of interfaces...283 VLAN database...285 Getting Started with VLAN Trunking Protocol (VTP)...285 Learning how VTP works...286 Implementing VTP...287 Being leery of the VTP configuration revision number...287 Pruning in the VTP tree...288 Configuring VTP...289 Viewing your VTP settings...292
xvi Cisco Networking All-in-One For Dummies Chapter 6: Adding Fault Tolerance with STP....................295 Working with Spanning Tree Protocol (STP)...295 Building the initial topology...296 Dealing with network changes...299 Setting Up STP...303 STP and issues with VLANs...304 STP and PortFast...305 Troubleshooting STP...308 Debugging STP...311 Chapter 7: Adding Fault Tolerance with EtherChannel............315 Examining How EtherChannel Works...316 Checking Out EtherChannel Basic Guidelines...319 Setting Up EtherChannel...320 Stepping through EtherChannel configuration...320 Configuring EtherChannel load balancing...322 Getting at Diagnostic Information for EtherChannel...323 Debugging EtherChannel...324 Chapter 8: Speeding Configuration with Smartport Macros.......327 Viewing Existing Smartport Macros...328 Viewing macros using the brief option...328 Viewing macros without the brief option...328 Viewing details for a single macro...331 Working with Macros...332 Rules for creating your own Smartport macro...332 Smartport macros and parameters...332 Creating a sample macro...333 Applying a Smartport macro to an interface...333 Viewing ports that are using your macro...334 Removing a macro...335 Book IV: Routing... 337 Chapter 1: Making the Wide Area Network (WAN) Wide.........339 Identifying Features of a WAN...339 Sending data long distances...340 Implementing routing protocols...340 Using carrier equipment...340 Getting a handle on network size...341 Choosing Technologies...343 Getting the physical connection...343 Choosing a routing protocol...345
Table of Contents xvii Chapter 2: Cozying Up to Routing Basics........................351 Of Routers and Routing...351 Knowing why routers are useful...352 Knowing what routers do...353 Examining the routing process...353 Viewing your router s routing table...355 Enabling Routing...356 Working with DHCP...356 Setting up your DHCP server...359 Watching the DHCP traffic go by...361 Getting DHCP help from the IP Helper...363 Automatic Private IP Addressing (APIPA)...364 Chapter 3: Router Configuration................................365 Getting to Know the Internetwork Operating System (IOS) for Routers...365 Making Router Connections...366 Performing a Basic Configuration...366 Setting the hostname...366 Configuring standard router ports...367 Configuring interfaces...368 Configuring your router s IP settings...372 Enabling routing...372 Configuring passwords...373 Setting banners...379 Running Setup Wizard...380 Working with Users...382 Creating a user in the account database...382 Removing a user...382 Enable user-level protection...383 Showing connected users...383 Chapter 4: Setting Up Static Routes............................385 Knowing the Pros and Cons of Static Routing...385 Building a Small Network with Static Routing...386 Getting network info from your router...387 Configuring the second router...388 Adding a third router...392 Running around and around with routing loops...393 Chapter 5: Configuring Serial Connections and WAN Links.......395 Finding Out Where the Telephone Company Fits In...395 Circuit switching...396 Leased lines...397 Packet switching...397
xviii Cisco Networking All-in-One For Dummies Connecting Your Devices...398 Serial ports...399 Integrated CSU/DSU...399 ISDN ports...400 Setting Up Your Serial Connection...400 Configuring your serial connection...400 Configuring serial link protocols...401 Setting the clock rate...402 Troubleshooting Serial Connections...403 Showing...403 Debugging...404 Chapter 6: Meeting the Routing Protocols.......................407 Checking Out Criteria for Routing Protocol Selection...407 Classifying by where protocols are used...408 Classifying by how protocols calculate routing...408 Administrative distance...409 Introducing the Protocols...410 Distance-Vector Routing...411 Examining basic function of distance-vector routing...411 Count to infinity and routing loops...412 Preventing count to infinity issues...414 Link-State Routing...417 Understanding link-state protocol...417 Working with your strengths...418 Chapter 7: Checking Out RIP and EIGRP Characteristics and Design...................................419 Working with Routing Information Protocol (RIP)...419 Understanding the RIP commands...420 Troubleshooting RIP...422 Working with Enhanced Interior Gateway Routing Protocol (EIGRP)...425 Using the EIGRP commands...425 Troubleshooting EIGRP...428 Chapter 8: Getting Comfortable with the OSPF and IS-IS Protocols.....................................433 Open Shortest Path First (OSPF)...433 Getting comfortable with OSPF basics...433 Configuring OSPF...437 Working with wildcard masks...438 Keeping track of router IDs...440 Troubleshooting OSPF...441 Debugging OSPF...445 Intermediate System to Intermediate System (IS-IS)...446 Enabling IS-IS routing...447 Checking that IS-IS is running...448 Troubleshooting the IS-IS protocol...449
Table of Contents xix Chapter 9: Routing with BGP and IP Multicast...................451 Routing with Border Gateway Protocol (BGP)...451 Routing via weights...452 Understanding BGP commands...452 Viewing routes in your routing table...453 Viewing how the protocol is functioning...454 Troubleshooting BGP...454 Routing IP Multicast Traffic...458 Knowing when to use multicast routing...458 Getting to know the protocols...459 Configuring multicast routing...462 Troubleshooting multicast routing...465 Book V: Wireless... 471 Chapter 1: Getting Wise to Wireless LANs......................473 Understanding the Benefit of Wireless LANs...473 Learning the Wireless Technologies...474 Following the Standards...475 Licensed radio bands...475 Unlicensed radio bands...476 Sending Data Over the Airwaves...478 Understanding signals...478 Modulating signals...479 Introducing RF modulation techniques...480 Battle of the Bands...482 Checkin Out the 2.4-GHz band...483 Keep on Rockin with the 5-GHz band...488 Technologies that support the 2.4-GHz and 5-GHz bands...489 Chapter 2: Planning Your WLAN...............................491 Setting Your Operation Mode...491 Ad Hoc mode...492 Infrastructure mode...501 Grouping Your Clients with SSID...506 SSID basics...507 Using multiple SSIDs with a single AP...507 Basic service set (BSS)...509 Extended service set (ESS)...509 Planning Around Interference...509 RF signal factors...509 Conducting a site survey...510 Working with Multiple APs...514 Selecting channels...514 AP layout...514 Automatic tuning...518
xx Cisco Networking All-in-One For Dummies Chapter 3: Securing Your WLAN...............................519 Understanding the Benefits of a Secure WLAN...519 Finding balance between functionality and security...520 Recognizing security risks...520 Checking Out Security Risk Mitigation Methods...521 Authentication and data encryption...522 Filtering the MAC address...526 Hiding the service set identifier (SSID)...527 Intrusion detection and prevention...528 Isolating users with VLANs...528 Securing the Management Interface...531 Changing default passwords...531 Getting even more secure with SSH, SSL, TLS, HTTPS...532 Management access...533 Isolating the entire WLAN...533 Chapter 4: Building a Cisco Wireless Network..................535 Introducing the Cisco Unified Wireless Networks Architecture (CUWN)...535 Keeping it simple with Wireless LAN Controllers...536 Going mobile with Cisco WLAN access point (AP) devices...540 Cisco Wireless Control System (WCS)...541 Lightweight Access Point Protocol (LWAPP)...542 Setting Up Your Wireless LAN...543 Setting up and verifying the wired LAN to which the WLAN will connect...543 Setting up the Cisco Wireless LAN Controller(s)...544 Configuring WLAN security...546 Configuring WEP keys...547 Setting up Cisco access points...548 Configuring backup controllers...549 Web authentication process...550 Using the Cisco graphical user interface (GUI)...552 Book VI: Security... 555 Chapter 1: Defending against Common Attacks with Basic Security Tools.............................557 Knowing Your Enemy...558 Handling attacks from within...558 Dealing with external attacks...564 Implementing Firewalls...567 Types of firewalls...567 Ingress and egress filtering...568 Defending data with the DMZ...568
Table of Contents xxi Defending Your Network against Attacks...570 Perimeter defense...571 Active tools...571 Defense in depth...572 Security Tools...573 Personal firewalls...573 Antivirus software...573 Anti-malware...574 Spam filters...576 Intrusion detection...577 Vulnerability scanners...577 User common sense...577 Chapter 2: Securing Networks with Cisco s Adaptive Security Appliance..................................579 Locating Firewalls in the OSI Model...579 Getting to Know the Internetwork Operating System...580 Making Connections...580 Running the ASA Setup Wizard...581 Performing a Basic Configuration...594 Device name...594 Standard firewall ports...595 Interfaces...595 IP addresses...598 Security zones...598 Passwords...598 Banners...604 Setting Up User Accounts...606 Configuring Dynamic Host Configuration Protocol...607 Examining Your License...609 Chapter 3: Securing Networks with ACLs and NAT..............611 Securing Networks with ACLs...611 Creating ACLs...612 Standard ACLs...612 Extended ACLs...618 Applying an ACL...620 Using ACLs as a Virus Detection Tool...623 Where You Can Use ACLs...625 Setting up Network Address Translation...625 Requirements for NAT...626 Types of NAT...626 Setting up NAT...628 Viewing translations...631
xxii Cisco Networking All-in-One For Dummies Chapter 4: Cisco Security Best Practices.......................633 Management Areas...634 Finding Out About Known Issues with Cisco Devices...634 Leveraging Authentication, Authorization, and Accounting...635 Authentication fallback...635 Avoiding Type 7 passwords...635 Centralizing Log Collection and Monitoring...638 Collecting logs in one location...639 Choosing a logging level...639 Dealing with logging in the console, monitor, and buffer...640 Implementing Secure Protocols...642 Managing Configurations...642 Password management...643 Managing services...645 Setting up timeouts...645 Keeping alive TCP...646 Leaving room for management...647 Securing SNMP...647 Replacing and rolling back...648 Taking the talking stick with terminal lock...649 Using logs to tell you what is going on...650 Managing network features...651 Getting Physical with Security...652 Index... 655