00 2548 Objectives Matrix 5/16/05 12:26 PM Page i
Page Unit/Objective/Sub-objective
1.1 Recognize the following logical or physical network topologies given a diagram, schematic, or description: Star, Bus, Mesh, Ring, Wireless
1.2 Specify the main features of 802.2 (Logical Link Control), 802.3
(Ethernet), 802.5 (token ring), 802.11(wireless), and FDDI (Fiber Distributed
Data Interface) networking technologies, including Speed, Access method,
Topology, Media
1.3 Specify the characteristics (for example, speed, length, topology, and cable type) of the following cable standards: 10BASE-T, 10BASE-FL,
100BASE-TX, 100BASE-FX, 1000BASE-TX, 1000BASE-CX, 1000BASE-SX,
1000BASE-LX, 10GBASE-SR, 10GBASE-LR, 10GBASE-ER
1.4 Recognize the following media connectors and describe their uses:
RJ-11, RJ-45, F-Type, ST, SC, IEEE1394 (FireWire), LC, MTRJ, USB
1.5 Recognize the following media types and describe their uses:
Category 3, 5, 5e, and 6, UTP, STP, Coaxial cable, SMF (Single Mode Fiber) optic cable, MMF(Multimode Fiber) optic cable
1.6 Identify the purposes, features and functions of the following network components: hubs, switches, bridges, routers, gateways, CSU/DSU
(Channel Service Unit/Data Service Unit), NICs (Network Interface Card),
ISDN (Integrated Services Digital Network) adapters, WAPs (Wireless
Access Point), modems, transceivers (media converters), firewalls
1.7 Specify the general characteristics (for example, carrier speed, frequency, transmission type, and topology) of the following wireless technologies: 802.11 (frequency hopping spread spectrum), 802.11
x
(direct sequence spread spectrum), infrared, Bluetooth
1.8 Identify factors that affect the range and speed of wireless service (for example, interference, antenna type and environmental factors)
1
1
33
33
33
59
1
1
2.1 Identify a MAC (Media Access Control) address and its parts
2.2 Identify the seven layers of the OSI (Open Systems Interconnect) model and their functions
2.3 Identify the OSI (Open Systems Interconnect) layers at which the following network components operate: hubs, switches, bridges, routers,
NICs (Network Interface Card), WAPs (Wireless Access Point)
59
87
87
(continues)
00 2548 Objectives Matrix 5/16/05 12:26 PM Page ii
Network+ Exam Cram Objectives Quick Reference
(continued)
Unit/Objective/Sub-objective
2.4 Differentiate between the following network protocols in terms of routing, addressing schemes, interoperability, and naming conventions:
IPX/SPX (Internetwork Packet Exchange/Sequence Packet Exchange),
NetBEUI (Network Basic Input/Output System Extended User Interface),
AppleTalk/AppleTalk over IP (Internet Protocol), TCP/IP (Transmission
Control Protocol/Internet Protocol)
2.5 Identify the components and structure of IP (Internet Protocol) addresses
(IPv4, IPv6) and the required setting for connections across the Internet
2.6 Identify classful IP (Internet Protocol) ranges and their subnet masks
(for example, Class A, B, and C)
2.7 Identify the purpose of subnetting
2.8 Identify the differences between private and public network addressing schemes
2.9 Identify and differentiate between the following IP (Internet Protocol) addressing methods: static, dynamic, self-assigned (APIPA (Automatic
Private Internet Protocol Addressing))
2.10 Define the purpose, function and use of the following protocols used in the TCP/IP suite: TCP, UDP, FTP, SFTP, TFTP, SMTP, HTTP, HTTPS, POP3/
IMAP4, Telnet, SSH, ICMP, ARP/RARP, NTP, NNTP, SCP, LDAP, IGMP, LPR
2.11 Define the function of TCP/UDP (Transmission Control Protocol/User
Datagram Protocol) ports
2.12 Identify the well-known ports associated with the following commonly used services and protocols: 20 FTP, 21 FTP, 22 SSH, 23 Telnet, 25 SMTP,
53 DNS, 69 TFTP, 80 HTTP, 110 POP3, 119 NNTP, 123 NTP, 143 IMAP4,
443 HTTPS
2.13 Identify the purposes of network services and protocols (for example,
DNS (Domain Name Service), NAT (Network Address Translation), ICS
(Internet Connection Sharing), WINS (Windows Internet Name Service),
SNMP (Simple Network Management Protocol), NFS (Network File System),
Zeroconf (Zero configuration), SMB (Server Message Block), AFP (Apple File
Protocol), and LPD (Line Printer Daemon))
2.14 Identify the basic characteristics (for example, speed, capacity, and media) of the following WAN technologies: Packet switching, circuit switching, ISDN (Integrated Services Digital Network), FDDI (Fiber
Distributed Data Interface), T1 (T Carrier level 1)/E1/J1, T3 (T Carrier level 3)/
E3/J3, OCx (Optical Carrier), X.25
Page
87
111
111
111
111
111
111
112
112
112
143
(continues)
00 2548 Objectives Matrix 5/16/05 12:26 PM Page iii
Network+ Exam Cram Objectives Quick Reference
(continued)
Unit/Objective/Sub-objective
2.15 Identify the basic characteristics of the following Internet access technologies: xDSL (Digital Subscriber Line), Broadband Cable (Cable modem), POTS/PSTN (Plain Old Telephone Service/Public Switched
Telephone Network), Satellite, Wireless
2.16 Define the functions of the following remote access protocols and services: RAS, PPP, SLIP, PPPoE PPTP, VPN, RDP
2.17 Identify the following security protocols and describe their purposes and functions: IPSec, L2TP, SSL, WEP, WPA, 802.1x
2.18 Identify authentication protocols (for example, CHAP, MS-CHAP, PAP,
RADIUS, Kerberos and EAP)
3.1 Identify the basic capabilities (for example, client support, interoperability, authentication, file and print services, application support and security) of the following server operating systems to access network resources: UNIX/
Linux/Mac OS X Server, NetWare, Windows, Appleshare IP (Internet Protocol)
3.2 Identify the basic capabilities needed for client workstations to connect to and use network resources (for example, media, network protocols, and peer and server services)
3.3 Identify the appropriate tool for a given wiring task (for example, wire crimper, media tester/certifier, punch down tool, or tone generator)
3.4 Given a remote connectivity scenario comprised of a protocol, an authentication scheme, and physical connectivity, configure the connection— includes connection to the following servers: UNIX/Linux/Mac OS X Server,
NetWare, Windows, Appleshare IP (Internet Protocol)
3.5 Identify the purpose, benefits, and characteristics of using a firewall
3.6 Identify the purpose, benefits, and characteristics of using a proxy service
3.7 Given a connectivity scenario, determine the impact on network functionality of a particular security implementation (for example, port blocking/filtering, authentication and encryption)
3.8 Identify the main characteristics of VLANs (Virtual Local Area Networks)
3.9 Identify the main characteristics and purpose of extranets and intranets
3.10 Identify the purpose, benefits, and characteristics of using antivirus software
3.11 Identify the purpose and characteristics of fault tolerance: power, link redundancy, storage services
3.12 Identify the purpose and characteristics of disaster recovery: backup/ restore, offsite storage, hot and cold spares, Hot, warm and cold sites
Page
143
143
143
143
177
177
177
177
217
217
217
241
217
241
241
241
(continues)
00 2548 Objectives Matrix 5/16/05 12:26 PM Page iv
Network+ Exam Cram Objectives Quick Reference
(continued)
Unit/Objective/Sub-objective
4.1 Given a troubleshooting scenario, select the appropriate network utility from the following:
tracert/traceroute
,
ping
,
arp
,
netstat
,
nbtstat
,
ipconfig/ ifconfig
,
winipcfg
,
nslookup/dig
4.2 Given output from a network diagnostic utility (for example, those utilities listed in objective 4.1), identify the utility and interpret the output
4.3 Given a network scenario, interpret visual indicators (for example, link
LEDs (Light Emitting Diode) and collision LEDs (Light Emitting Diode)) to determine the nature of a stated problem
4.4 Given a troubleshooting scenario involving a client accessing remote network services, identify the cause of the problem (for example, file services, print services, authentication failure, protocol configuration, physical connectivity, and SOHO (Small Office/Home Office) router)
4.5 Given a troubleshooting scenario between a client and the following server environments, identify the cause of a stated problem: UNIX/Linux/
Mac OS X Server, NetWare, Windows, Appleshare IP Problems
4.6 Given a scenario, determine the impact of modifying, adding or removing network services (for example, DHCP (Dynamic Host Configuration
Protocol), DNS (Domain Name Service), and WINS (Windows Internet Name
Server)) for network resources and users
4.7 Given a troubleshooting scenario involving a network with a particular physical topology (for example, bus, star, mesh, or ring) and including a network diagram, identify the network area affected and the cause of the stated failure
4.8 Given a network troubleshooting scenario involving an infrastructure
(for example, wired or wireless) problem, identify the cause of a stated problem (for example, bad media, interference, network hardware, or environment)
4.9 Given a network problem scenario, select an appropriate course of action based on a logical troubleshooting strategy. This strategy can include the following steps:
1. Identify the symptoms and potential causes
2. Identify the affected area
3. Establish what has changed
4. Select the most probable cause
5. Implement an action plan and solution including potential effects
6. Test the result
7. Identify the results and effects of the solution
8. Document the solution and process
Page
271
271
271
271
271
317
317
317
317
01 2548 fm 5/16/05 12:26 PM Page v
01 2548 fm 5/16/05 12:26 PM Page vi
Network+ Exam Cram 2
Copyright
©
2005 by Que Publishing
All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.
International Standard Book Number: 0-7897-3254-8
Library of Congress Catalog Card Number: 2004118400
Printed in the United States of America
First Printing: June 2005
08 07 06 05 4 3 2 1
Trademarks
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Que Publishing cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
Publisher
Paul Boger
Executive Editor
Jeff Riley
Acquisitions Editor
Jeff Riley
Development Editor
Steve Rowe
Managing Editor
Charlotte Clapp
Project Editor
Mandie Frank
Copy Editor
Rhonda Tinch-Mize
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The author(s) and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the CD or programs accompanying it.
Bulk Sales
Que Publishing offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact
U.S. Corporate and Government Sales
1-800-382-3419 [email protected]
For sales outside the U.S., please contact
International Sales [email protected]
Indexer
Ken Johnson
Proofreader
Tracy Donhardt
Technical Editor
David Prowse
Publishing Coordinator
Pamalee Nelson
Multimedia Developer
Dan Scherf
Page Layout
Kelly Maish
01 2548 fm 5/16/05 12:26 PM Page vii
Que Certification • 800 East 96th Street • Indianapolis, Indiana 46240
You know better than to trust your certification preparation to just anybody. That’s why you, and more than 2 million others, have purchased an
Exam Cram book. As Series Editor for the new and improved Exam
Cram 2 Series, I have worked with the staff at Que Certification to ensure you won’t be disappointed. That’s why we’ve taken the world’s best-selling certification product—a two-time finalist for “Best Study Guide” in CertCities’ reader polls—and made it even better.
As a two-time finalist for the “Favorite Study Guide Author” award as selected by CertCities readers, I know the value of good books.
You’ll be impressed with Que Certification’s stringent review process, which ensures the books are high quality, relevant, and technically accurate. Rest assured that several industry experts have reviewed this material, helping us deliver an excellent solution to your exam preparation needs.
Exam Cram 2 books also feature a preview edition of MeasureUp’s powerful, full-featured test engine, which is trusted by certification students throughout the world.
As a 20-year-plus veteran of the computing industry and the original creator and editor of the Exam Cram Series, I’ve brought my IT experience to bear on these books. During my tenure at Novell from 1989 to 1994, I worked with and around its excellent education and certification department. At Novell, I witnessed the growth and development of the first really big, successful IT certification program—one that was to shape the industry forever afterward. This experience helped push my writing and teaching activities heavily in the certification direction. Since then, I’ve worked on nearly 100 certification related books, and I write about certification topics for numerous Web sites and for
Certification
magazine.
In 1996, while studying for various MCP exams, I became frustrated with the huge, unwieldy study guides that were the only preparation tools available. As an experienced IT professional and former instructor, I wanted “nothing but the facts” necessary to prepare for the exams. From this impetus, Exam Cram emerged: short, focused books that explain exam topics, detail exam skills and activities, and get IT professionals ready to take and pass their exams.
In 1997 when Exam Cram debuted, it quickly became the best-selling computer book series since “...
For Dummies
,” and the best-selling certification book series ever. By maintaining an intense focus on subject matter, tracking errata and updates quickly, and following the certification market closely, Exam Cram established the dominant position in cert prep books.
You will not be disappointed in your decision to purchase this book. If you are, please contact me at [email protected] All suggestions, ideas, input, or constructive criticism are welcome!
01 2548 fm 5/16/05 12:26 PM Page viii
❧
01 2548 fm 5/16/05 12:26 PM Page ix
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(MCSE, A+, Network+, Server+, Linux+) has held a number of roles in the computer field including PC repair, network management, consulting, and technical writing. Mike is also the coauthor of numerous computer books, including the
Network+ Exam Prep
from Que Publishing. He is also a courseware developer, and a regular technology presenter for
CBC Radio. When not working, Mike stays as far away from keyboards as possible.
(MCSE, MCNE, Network+, Linux+, Server+) has been in the IT industry since 1988. Over the years he has designed, implemented, and administered networks of all shapes and sizes. In addition to technical training and consulting assignments, Drew has authored a number of technical articles and is a frequent contributor to technology websites. Away from work, Drew enjoys most outdoor activities but is especially keen on mountain biking, kayaking, and skiing.
01 2548 fm 5/16/05 12:26 PM Page x
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
is owner of TSR Data, a technology solutions company focusing on security and data communications. He is also the creator of
TechnicalBlog.Com, an IT support site.
David has more than a dozen IT certifications, including the CompTIA
Network+, which he has beta tested twice since its inception. He has also taught the Net+ course to the FAA, CompUSA, Sungard, and many other companies. His vision is of a world where he can sleep more than a few hours a day.
.
01 2548 fm 5/16/05 12:26 PM Page xi
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The creation of a book is not a simple process and requires the talents and dedication from many people to make it happen. With this in mind, we would like to thank the folks at Que for their commitment to this project.
Specifically, we would like to say thanks to Steve Rowe, Rhonda Tinch-Mize, and Mandie Frank for keeping the ball rolling, the sentences legible, and of course spotting our mistakes. And finally, thanks to Jeff Riley for overseeing the project with enthusiasm and a sense of humour. We only wish we understood it. Let’s not forget the technical editor—David Prowse—who checked and rechecked to ensure that the project stayed on target technically, which was a difficult task considering the number of facts presented and the conflicting information that seems to be part of the networking world. Thanks also to Nathan Cable for jumping in on short notice and providing contributions for the Macintosh and AppleShare sections.
Finally, we are very thankful to our family and friends who once again had to put up with us while we worked our way through this project. And as we said last time (but this time we mean it), “we’ll make it up to you.”
01 2548 fm 5/16/05 12:26 PM Page xii
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
As the reader of this book,
you
are our most important critic and commentator. We value your opinion and want to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way.
As an executive editor for Que Publishing, I welcome your comments. You can email or write me directly to let me know what you did or didn’t like about this book—as well as what we can do to make our books better.
Please note that I cannot help you with technical problems related to the topic of this book. We do have a User Services group, however, where I will forward specific technical questions related to the book.
When you write, please be sure to include this book’s title and author as well as your name, email address, and phone number. I will carefully review your comments and share them with the author and editors who worked on the book.
Email: [email protected]
Mail: Jeff Riley
Executive Editor
Que Publishing
800 East 96th Street
Indianapolis, IN 46240 USA
For more information about this book or another Que Certification title, visit our website at www.examcram2.com. Type the ISBN (excluding hyphens) or the title of a book in the Search field to find the page you’re looking for.
.
01 2548 fm 5/16/05 12:26 PM Page xiii
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
01 2548 fm 5/16/05 12:26 PM Page xiv
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introduction 2
LANs, WANs, and PANs
LANs
WANs
2
3
2
PANs 3
Network Models 4
Peer-to-peer Networking 4
Client/Server Networking Model
Centralized and Distributed Computing
Network Topologies 6
Bus Topology
Ring Topology
6
7
Star Topology
Mesh Topology
8
9
Wireless Topology 10
IEEE and Networking Standards 12
4
5
802.2 IEEE Standard
802.3 IEEE Standard
FDDI
802.5 IEEE Standard
15
13
13
14
802.11 IEEE Standards
Infrared Wireless Networking
Bluetooth 19
Spread Spectrum Technology
16
18
19
FHSS, DSSS, and 802.11 Standards 20
Establishing Communications Between Wireless Devices 22
01 2548 fm 5/16/05 12:26 PM Page xv
Factors Affecting Wireless Signals
Interference Types
Wireless Antennas
23
24
Antenna Coverage
Review and Test Yourself
The Facts
Key terms
26
28
25
26
23
Exam Prep Questions 29
Answers to Exam Prep Questions
Need to Know More?
32
30
Introduction 34
General Media Considerations
Media Interference
Attenuation 35
34
Broadband Versus Baseband 34
Simplex, Half Duplex, and Full Duplex
35
36 Data Transmission Rates
Network Media 36
Twisted-pair Cabling
Coaxial 39
37
40 Fiber-optic Cable
Media Connectors 42
BNC Connectors
RJ-11 Connectors
RJ-45 Connectors
F-Type 44
Fiber Connectors
IEEE1394 46
42
43
43
45
Universal Serial Bus (USB)
IEEE 802.3 Standards 47
46
10 Mbps Networking Standards
Fast Ethernet 49
Gigabit Ethernet
10 Gigabit Ethernet
50
52
52 Review and Test Yourself
The Facts 53
Key Terms 54
47
34
xv
01 2548 fm 5/16/05 12:26 PM Page xvi
xvi
Exam Prep Questions 55
Answers to Exam Prep Questions
Need to Know More?
58
56
Introduction
Hubs
MSAU
60
60
60
Switches 61
Hub and Switch Cabling
Types of Bridges
Routers 66
62
Bridges 64
Bridge Placement and Bridging Loops
65
Static Routing 66
Dynamic Routing
Gateways
CSU/DSU
69
70
Network Cards 70
ISDN Adapters
Wireless Access Points
Modems 72
67
71
71
Transceivers (Media Converters)
Firewalls 75
MAC Addresses 77
Review and Test Yourself 78
74
The Facts
Key Terms
79
81
Exam Prep Questions 82
Answers to Exam Prep Questions
Need to Know More?
85
84
65
Introduction 88
OSI Seven Layer Model 88
Physical Layer (Layer 1)
Data-link Layer (Layer 2)
Network Layer (Layer 3)
Transport Layer (Layer 4)
89
89
89
90
01 2548 fm 5/16/05 12:26 PM Page xvii
Session Layer (Layer 5) 91
Presentation Layer (Layer 6)
Application Layer (Layer 7)
91
92
OSI Model Summary 92
Identifying the OSI Layers at Which Various Network Components
Operate 93
Differentiating Among Protocols 94
Connectionless and Connection-oriented Protocols
Internetwork Packet Exchange/Sequenced Packet
94
Exchange 95
NetBEUI Protocol 97
AppleTalk 97
The TCP/IP Protocol Suite
Protocol Summary
Review and Test Yourself
The Facts
Key Terms
103
104
102
103
100
Exam Prep Questions 106
Answers to Exam Prep Questions
Need to Know More?
109
107
Introduction 113
IP Addressing 113
IPv4 113
IP Address Classes
IPv6 Addressing
Subnetting 117
114
Subnet Mask Assignment
Default Gateways 115
116
115
Identifying the Differences Between Public and Private
Networks 117
Private Address Ranges
Assigning IP Addresses 119
118
Static Addressing 119
Dynamic Addressing 119
APIPA 120
TCP/IP Protocols
TCP/UDP Port Functions
121
130
xvii
01 2548 fm 5/16/05 12:26 PM Page xviii
xviii
Network Services 131
Domain Name Service (DNS) 132
Network Address Translation (NAT) and Internet Connection
Sharing (ICS) 133
Windows Internet Name Service (WINS) 134
Simple Network Management Protocol (SNMP)
Network File System (NFS) 135
134
Zero Configuration (Zeroconf)
Server Message Block (SMB)
135
136
Apple File Protocol (AFP)
Line Printer Daemon (LPD)
136
137
TCP/IP Service Summary
Review and Test Yourself 138
137
The Facts 138
Exam Prep Questions 139
Answers to Exam Prep Questions
Need to Know More?
142
140
Introduction 144
WAN Technologies 144
Switching Methods
Fiber Distributed Data Interface (FDDI)
T-carrier Lines 149
144
Circuit Switching 146
Integrated Services Digital Network (ISDN)
148
146
SONET/OC-x Levels
X.25
151
Internet Access Technologies xDSL Internet Access
150
152
153
Cable Internet Access 154
POTS/PSTN (Plain Old Telephone Service/Public Switched
Telephone Network)
Satellite Internet Access
156
157
Wireless Internet Access 158
Remote Access Protocols and Services
Remote Access Service (RAS)
SLIP 160
159
159
PPP
PPTP
161
162
Virtual Private Networks
Remote Desktop Protocol
163
164
01 2548 fm 5/16/05 12:26 PM Page xix
Security Protocols
Secure Sockets Layer (SSL)
WEP 167
164
IP Security (IPSec) 165
Layer 2 Tunneling Protocol (L2TP)
166
166
WPA
802.1x
168
168
Authentication Protocols 169
Remote Authentication Dial-In User Service (RADIUS)
Kerberos 170
Review and Test Yourself
The Facts
Key Terms
171
173
171
Exam Prep Questions 174
Answers to Exam Prep Questions
Need to Know More?
176
175
170
Introduction 178
Network Operating Systems
Linux/UNIX 179
Mac OS X Server 182
178
Novell NetWare 186
Windows 2000 and Windows Server 2003
AppleShare IP 196
Operating System Interoperability 197
190
Using Windows with NetWare 198
Using Windows and Linux Servers 199
Using NetWare and Linux Servers
Operating System Client Support 199
199
Windows Server Client Support
NetWare Server Client Support
199
200
Linux Server Client Support 200
Configuring a Client to Access and Use Network Resources
Choosing a NIC
Using Network Tools
201
205
Wire Crimpers
Punchdown Tools
205
206
Tone Generators (and Tone Locators)
Media Testers 207
Hardware Loopback Connectors 208
206
201
xix
01 2548 fm 5/16/05 12:26 PM Page xx
xx
Configuring Remote Connectivity
Physical Connections
Protocols 210
209
Review and Test Yourself
The Facts 211
Key Terms 212
Exam Prep Questions
211
213
208
Answers to Exam Prep Questions
Need to Know More?
216
215
Introduction 218
Firewalls 218
Packet-filtering Firewalls 219
Circuit-level Firewalls 220
Application Gateway Firewalls 220
Proxy Servers 221
Caching Proxy Servers 223
Using a Proxy Server 224
Understanding How Security Affects a Network
Blocking Port Numbers 225
Port Blocking and Network Users
Authentication
Encryption 229
226
Extranets and Intranet
Intranets 231
231
Extranets 233
Review and Test Yourself
The Facts
Key Terms
234
235
234
Exam Prep Questions 236
Answers to Exam Prep Questions
Need to Know More?
239
226
238
225
Introduction
Virtual LANs
242
242
VLAN Membership 243
Viruses, Virus Solutions, and Malicious Software
Trojans, Worms, Spyware, and Hoaxes
Protecting Computers from Viruses 247
246
245
01 2548 fm 5/16/05 12:26 PM Page xxi
Fault Tolerance 249
Disk-level Fault Tolerance 249
Server and Services Fault Tolerance
Link Redundancy 255
Using Uninterruptible Power Supplies
254
256
Disaster Recovery
Full Backup
257
258
Differential Backup
Incremental Backup
258
259
Tape Rotations 260
Backup Best Practices
Review and Test Yourself
The Facts 264
261
Hot and Cold Spares 261
Hot, Warm, and Cold Sites
264
263
Key Terms 265
Exam Prep Questions 266
Answers to Exam Prep Questions
Need to Know More?
269
268
Introduction 272
Troubleshooting with Diagnostic Utilities 272
The Trace Route Utility ( tracert/traceroute
) ping
ARP
276
280
The netstat
Command nbt stat 286
281
273
The ipconfig
Command ifconfig
289
The winipcfg
Command nslookup
291
287
290
Interpreting Visual Indicators 293
LEDs on Networking Devices 293
LEDs on NICs and Other Devices
Troubleshooting Remote Connectivity
295
296
Troubleshooting Physical Connectivity
Troubleshooting Authentication Failure
296
299
Troubleshooting Protocol Configuration Problems
Troubleshooting Small Office/Home Office Router
300
301
xxi
01 2548 fm 5/16/05 12:26 PM Page xxii
xxii
Identifying and Troubleshooting Client Connectivity Problems
Protocol Errors
Authentication
302
303
Permissions Errors 304
Physical Connectivity Errors 305
Troubleshooting Checklists 305
Troubleshooting Cabling Problems
Troubleshooting Data Access
Troubleshooting NICs 308
305
Troubleshooting Operating System Connectivity
Troubleshooting Network Printing 306
307
306
Review and Test Yourself
The Facts 308
Key Terms 310
Exam Prep Questions
308
311
Answers to Exam Prep Questions
Need to Know More?
315
313
302
Introduction 318
Predicting the Impact of Modifying, Adding, or Removing Network
Services 318
Adding, Modifying, or Removing DHCP
Adding, Modifying, or Removing WINS
318
319
Adding, Modifying, or Removing DNS 320
Identify and Troubleshoot Errors with a Particular Physical
Topology 320
Star Topology 321
Ring Topology 321
Bus Network Errors 323
Mesh Network Errors
Infrastructure Troubleshooting
324
325
Troubleshooting Network Media 325
Troubleshooting Infrastructure Hardware
Troubleshooting a Wireless Infrastructure
Troubleshooting Steps and Procedures 333
327
328
Identify the Symptoms and Potential Causes
Identifying the Affected Area 334
334
Establishing What Has Changed 335
Selecting the Most Probable Cause of the Problem 335
Implement an Action Plan and Solution Including Potential
Effects 335
01 2548 fm 5/16/05 12:26 PM Page xxiii
Testing the Results
Review and Test Yourself
The Facts 338
336
Identify the Results and Effects of the Solution
Documenting the Solution 337
338
Key Terms 339
Exam Prep Questions 340
Answers to Exam Prep Questions
Need to Know More?
343
342
336
Answers to Exam Questions 361
Answers and Explanations to Practice Exam I 362
Answers to Exam Questions 389
Answers and Explanations to Exam Questions 390
Multiple Test Modes 401
Study Mode 401
Certification Mode 401
Custom Mode 402
Missed Question Mode 402
Non-Duplicate Mode 402
Random Questions and Order of Answers 402
Detailed Explanations of Correct and Incorrect Answers
Attention to Exam Objectives 402
Installing the CD 403
Creating a Shortcut to the MeasureUp Practice Tests
Technical Support 405
402
404
xxiii
01 2548 fm 5/16/05 12:26 PM Page xxiv
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Welcome to the
Network+ Exam Cram
. This book is designed to prepare you to take—and pass—the CompTIA Network+ exam. The Network+ exam has become the leading introductory-level network certification available today.
It is recognized by both employers and industry giants (such as Microsoft and Novell) as providing candidates with a solid foundation of networking concepts, terminology, and skills. The Network+ exam covers a broad range of networking concepts to prepare candidates for those technologies they are likely to be working with in today’s network environments.
Exam Crams
are specifically designed to give you the “what-you-need-toknow” information to prepare for the Network+ exam. They cut through the extra information, focusing on the areas you need to get through the exam.
With this in mind, the elements within the
Exam Cram
titles are aimed directly at providing the exam information you need in the most succinct and accessible manner.
In this light, this book is organized to closely follow the actual CompTIA objectives. As such, it is easy to find the information required for each of the specified CompTIA Network+ objectives. The objective focus design used by this Exam Cram is an important feature because the information you need to know is easily identifiable and accessible. To see what we mean, compare the CompTIA objectives to the book’s layout, and you will see that the facts are right where you would expect them to be.
Within the chapters themselves, potential exam hotspots are clearly highlighted with
Exam Alerts
. Exam Alerts have been carefully placed to let you know that the surrounding discussion is an important area for the exam. To further help you prepare for the exam, a Cram Sheet is included that can be used in the final stages of test preparation. Be sure to pay close attention to the bulleted points provided in the Cram Sheet, as they pinpoint the technologies and facts you are likely going to encounter on the test.
01 2548 fm 5/16/05 12:26 PM Page xxv
Finally, great effort has gone into the end-of-chapter questions and practice tests to ensure that they accurately represent the look and feel of the ones you will have on the real Network+ exam. Be sure, before taking the exam, that you are comfortable with both the format and content of the questions provided in this book.
The Network+ N10-003 exam is a revised version of the original exam. The new Network+ objectives are aimed toward those who have nine months experience in network support and administration. CompTIA believes that new Network+ candidates will require more hands-on experience in network administration and troubleshooting, but this should not discourage those who do not. Quite simply, the nature of the questions on the new exam is not dissimilar to the old, and you can get by without the actual hands-on experience. Still, a little hands-on experience never hurt anyone and will certainly add to your confidence going into the exam.
You will have a maximum of 90 minutes to answer the 72 questions on the exam. The allotted time is quite generous, and, by the time you are finished, you are likely going to have time to double-check a few of the answers you are unsure of. By the time the dust settles, you will need a minimum score of
646 to pass the Network+ exam. This is on a scale of 100 to 900.
One of the best things about the Network+ certification is that after you pass the exam, you are certified for life. There is no need to ever recertify. This fact can make the cost of taking the Network+ exam a little easier to swallow.
For more information on the specifics of the Network+ exam, refer to
CompTIA’s main website at http://www.comptia.org/certification/.
Unfortunately, testing is not free. You’ll be charged $207 for each test you take, whether you pass or fail. In the United States and Canada, tests are administered by Sylvan Prometric or VUE testing services. To book a test with Prometric or locate a Prometric testing center near you, refer to the website at www.2test.com or call directly at 1-800-776-4276. To access the
VUE contact information and book an exam, refer to the website at www.vue.com or call directly at 1-877-551-7587. When booking an exam, you will need to identify the following information:
xxv
01 2548 fm 5/16/05 12:26 PM Page xxvi
xxvi
➤
Your name as you would like to have it appear on your certificate.
➤
Your Social Security or Social Insurance number.
➤
Contact phone numbers (to be called in case of a problem).
➤
Mailing address, which identifies the address at which you would like your certificate to be mailed.
➤
Exam number and title.
➤
Email address, once again for contact purposes. This often is the fastest and most effective means of contacting you. Many clients require it for registration.
➤
Credit-card payment to pay online. Vouchers can be redeemed by calling the respective testing center.
For those who have not taken a certification test, the process can be a little unnerving. For those who have taken numerous tests, it is not much better.
Mastering the inner mental game often can be as much of the battle as knowing the material itself. Knowing what to expect before heading in can make the process a little more comfortable.
Certification tests are administered on a computer system at a Prometric or
VUE authorized testing center. The format of the exams is straightforward:
Each question has several possible answers to choose from. In fact, the questions in this book provide a very good example of the types of questions you can expect on the actual exam. If you are comfortable with them, the test should hold few surprises. Many of the questions vary in terms of length; some of them are longer scenario questions, whereas others are short and right to the point. Read the questions carefully; the longer questions often have a key point in them that will lead you to the correct answer.
Most of the questions on the Network+ exam require you to choose a single correct answer, but a few will require multiple answers. When there are multiple correct answers, a message at the bottom of the screen prompts you to
“choose all that apply.” Be sure to read the messages.
It is recommended to get to the examination room at least 15 minutes early, although a few minutes earlier certainly would not hurt. This is good strategy used to prepare yourself and to allow the test administrator time to answer
01 2548 fm 5/16/05 12:26 PM Page xxvii any questions you might have before the test begins. Many people suggest that you review the most critical information about the test you’re taking just before the test. (
Exam Cram
books provide a reference—the Cram Sheet, located inside the front of this book—that lists the essential information from the book in distilled form.) Arriving a few minutes early will give you some time to compose yourself and to mentally review this critical information.
You will be asked to provide two forms of ID, with one of those being photo
ID. Both of the identifications you choose should have a signature. You also might need to sign in when you arrive and sign out when you leave.
Be warned: The rules are very clear about what you can and cannot take into the examination room. Books, laptops, note sheets, and so on, are not allowed in the examination room with you. The test administrator will hold these items, to be returned after you complete the exam. You might receive either a wipe board or a pen and a single piece of paper for making notes during the exam. The test administrator will ensure that no paper is removed from the examination room.
Whether you want it or not, as soon as you finish your test, your score is displayed on the computer screen. In addition to the results appearing on the computer screen, a hard copy of the report is printed for you. Like the onscreen report, the hard copy displays the results of your exam and provides a summary of how you did on each section of the exam and on each technology. If you were unsuccessful, this summary can help you determine the areas that you need to brush up on.
When you pass the Network+ exam, you will have earned the Network+ certification and your certificate will be mailed to you within a few weeks.
Should you not receive your certificate and information packet within five weeks of passing your exam, please contact CompTIA at [email protected] or call 1-630-268-1818 and ask for the fulfillment department.
Studying for a certification exam really is no different from studying for any other exam, but a few hints and tips can give you the edge come exam day:
➤
—CompTIA has been known to include material not expressly specified in the objectives. This book has included additional information not reflected in the objectives in an effort to give you the best possible preparation for the examination.
xxvii
01 2548 fm 5/16/05 12:26 PM Page xxviii
xxviii
➤
Watch for the Exam Tips and Notes
—The Network+ objectives include a wide range of technologies. Exam Tips and Notes found throughout each chapter are designed to pull out exam-related hotspots.
These can be your best friends when preparing for the exam.
➤
Use the questions to assess your knowledge
—Don’t just read the chapter content; use the exam questions to find out what you know and what you don’t. If you are struggling, study some more, review, and then assess your knowledge again.
➤
Review the exam objectives
—Develop your own questions and examples for each topic listed. If you can develop and answer several questions for each topic, you should not find it difficult to pass the exam.
Remember, at the end of the day, the primary object is not just to pass the exam—it is to understand the material. After you understand the material, passing the exam should be simple. Knowledge is a pyramid; to build upward, you need a solid foundation. This book and the Network+ certification are designed to ensure that you have that solid foundation.
Good luck!
.
01 2548 fm 5/16/05 12:26 PM Page xxix
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
We included a self-assessment in this
Exam Cram
to help you evaluate your readiness to tackle the Network+ certification. It is also designed to assist you in understanding the skills and experience needed to successfully pass the
CompTIA Network+ certification exam.
The next section describes an ideal Network+ candidate, although we know full well that not all candidates will meet this ideal. In fact, the description of that ideal candidate might seem downright scary. But take heart: Increasing numbers of people are attaining CompTIA certifications, so the goal is within reach. You can get all the real-world motivation you need from knowing that many others have gone before you, so you will be able to follow in their footsteps. If you’re willing to tackle the process seriously and do what it takes to obtain the necessary experience and knowledge, you can take—and pass— the certification test involved in obtaining a Network+ certification. In fact, we’ve designed this
Exam Cram
to make it as easy on you as possible to prepare for the exam. But prepare you must!
The same, of course, is true for other CompTIA certifications, including
➤
—A testing program that certifies the competency of entry-level service technicians in the computer industry. It consists of a core exam and a DOS/Windows exam. It is targeted at computer technicians with six months of experience.
➤
—Linux continues to develop and expand and today is a common sight in networks of all sizes. The Linux+ certification introduces students to this open source operating system and provides a solid background in Linux including installation, file systems, OS navigation, troubleshooting, managing services, and so on.
01 2548 fm 5/16/05 12:26 PM Page xxx
xxx
➤
Server+
—The Server+ certification is designed to test a candidate’s knowledge of server hardware, server best practices, and server maintenance. Some of the technologies covered include upgrading and repairing server hardware and software, troubleshooting hardware configurations, and best practices when working in the server room.
The following list describes some relevant statistics about the background and experience an ideal individual might have. Don’t worry if you don’t meet these qualifications or don’t come that close—this is a far from ideal world, and where you fall short is simply where you’ll have more work to do.
➤
Academic or professional training in network theory, concepts, and operations. This includes everything from networking media and transmission techniques to network operating systems, services, and applications.
➤
Between 9 and 24 months of networking experience, including experience with Ethernet, routers, and modems, with particular emphasis on the
TCP/IP suite. This must include installation, configuration, upgrading, and troubleshooting experience.
➤
Two-plus years in an internetwork environment that includes hands-on experience with Web servers, email servers, database servers, and DHCP and DNS servers. A solid understanding of each system’s architecture, installation, configuration, maintenance, and troubleshooting is also essential.
➤
Experience with the Internet, intranets, and extranets.
➤
Familiarity with client and network operating systems.
➤
Experience working with networking protocols, specifically TCP/IP.
If you were to review all the criteria that go into making an ideal Network+ candidate, you will find that it boils down to practical experience in a technical position involving installation, configuration, and maintenance of networks. We believe that well under half of all certification candidates meet these requirements, and that, in fact, most meet fewer than half of these requirements—at least, when they begin the certification process. But because others who already have been certified have survived this ordeal, you can survive it too—especially if you heed what our self-assessment can tell you about what you already know and what you need to learn.
01 2548 fm 5/16/05 12:26 PM Page xxxi
The following series of questions and observations is designed to help you determine how much work you must do to pursue CompTIA Network+ certification and what kinds of resources you may consult on your quest. Be absolutely honest in your answers, or you’ll end up wasting money on an exam you’re not yet ready to take. There are no right or wrong answers, only steps along the path to certification. Only you can decide where you really belong in the broad spectrum of aspiring candidates.
Two things should be clear from the outset, however:
➤
Even a modest background in computer science will be helpful.
➤
Hands-on experience using network technologies is an important ingredient to certification success—but not mandatory.
1.
Have you ever taken any networking concepts or technologies classes?
[Yes or No]
If Yes, proceed to question 2; if No, you might want to augment the material in the
Exam Cram
with a book that approaches the topic of network from an independent point of view and not from a certification point of view. When looking for a suitable title, look for those that explain technologies such as TCP/IP, routing, network design, and others in a clear and concise manner.
2.
Do you have experience using and working with a network? [Yes or No]
If Yes, you will probably be able to better understand CompTIA’s
Network+ objectives. Even being around networks as a user makes you familiar with how they are designed to function. If you’re rusty, brush up on basic networking concepts and terminology—especially networking media as it relates to the TCP/IP suite, network security, dial-up fundamentals, and remote connectivity. Then, proceed to question 3.
If No, you might need to delve a little deeper into networking concepts.
This is as simple as taking a trip to the local bookstore and getting an easy-to-read, up-to-date networking basics title.
3.
Do you have experience working with network and client operating systems? [Yes or No]
If Yes, you are on the right track. Network+ requires knowledge of working with both client-side operating systems such as Windows 98/Me and
xxxi
01 2548 fm 5/16/05 12:26 PM Page xxxii
xxxii
network-operating systems such as Windows 2000. Knowing how to navigate such OSs can be a benefit when configuring and troubleshooting network connectivity from within an operating system.
If No, crank up a computer with an OS on it and start going through it.
Look for the network configuration screens. Look to the help file within the OS for quick tutorials and for help in configuring the client system for network connectivity.
If this sounds like a lot, it isn’t. Perhaps the single most important element for the successful completion is a desire to learn all about networking. It is, after all, really quite interesting. Once the desire to learn kicks in, the test becomes that much easier.
CompTIA cites hands-on experience as a key to success on the CompTIA
Network+ test. This is true because hands-on experience reinforces what is written in the book. However, Network+ covers a broad range of networking technologies—some of which you might never see in your networking career. In such a case, all you can do is rely on the book knowledge. So can you pass the exam without reinforcing knowledge with practical hands-on experience? Yes. Is it advised? No. Bottom line—the more experience, the better. If we leave you with only one realization after taking this self-assessment, it should be that there’s no substitute for time spent installing, configuring, and using the various networking products upon which you’ll be tested repeatedly and in depth. If you have never worked with any of the networking products or operating systems mentioned earlier, you would be well advised to review this work at least three or four times.
Whether you attend a formal class on a specific topic to get ready for an exam or use written materials to study on your own, some preparation for the
Network+ certification exam is essential. At $207 a try ($155 for CompTIA members), pass or fail, you want to do everything you can to pass on your first try. That’s where studying comes in.
For any given subject, consider taking a class if you’ve tackled self-study materials, taken the test, and failed anyway. The opportunity to interact with an instructor and fellow students can make all the difference in the world, if you can afford that privilege.
If you can’t afford to take a class, try the Training Resources link at www.comptia.com for any pointers to free practice exams. And even if you
01 2548 fm 5/16/05 12:26 PM Page xxxiii can’t afford to spend much at all, you should still invest in some low-cost practice exams from commercial vendors because they can help you assess your readiness to pass a test better than any other tool.
We have included practice questions at the end of each chapter, plus two practice exams at the end of the book. If you don’t do that well on the questions at the end of the chapters, you can study more and then tackle the practice exams. From there, feel free to surf the Web and do a little research on the Network+ exam. Newsgroups are a good place to look because there are a number of people willing to chat about their experiences studying and taking the Network+ exam.
If you take the practice tests and score 85 percent or better, you’re probably ready to tackle the real thing. If your score isn’t above that crucial threshold, obtain all the free and low-budget practice tests you can find and get to work.
Keep at it until you can break the passing threshold comfortably.
When it comes to assessing your test readiness, there is no better way than to take a good-quality practice exam and pass with a score of 85 percent or better. When we’re preparing ourselves, we shoot for 90-plus percent, just to leave room for the
“weirdness factor” that sometimes shows up on CompTIA exams.
xxxiii
Because the Internet is the most rapidly changing segment of Information
Technology (IT), the test might change, but this book’s material is sufficiently comprehensive that it will be a good preparation tool regardless.
Also, you should be aware that CompTIA and other certifications reserve the right to a function known as
slipstreaming
, in which questions are removed and new ones are added without announcement. We scoured the latest trends and interviewed many industry veterans in an attempt to prepare you for the inevitable changes that will occur.
Once you’ve assessed your readiness, undertaken the right background studies, obtained the hands-on experience that will help you understand the technologies at work, and reviewed the many sources of information to help you prepare for a test, you’ll be ready to take a round of practice tests. When your scores come back positive enough to get you through the exam, you’re ready to go after the real thing. If you follow our assessment regime, you’ll not only know what you need to study, but also when you’re ready to make a test date at Prometric or VUE.
Good luck!
01 2548 fm 5/16/05 12:26 PM Page xxxiv
02 2548 ch01 5/16/05 12:27 PM Page 1
1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
1.1 Recognize the following logical or physical network topologies given a diagram, schematic, or description:
✓
✓
✓
✓
✓
Star
Bus
Mesh
Ring
Wireless
1.2 Specify the main features of 802.2 (Logical Link Control), 802.3 (Ethernet), 802.5
(token ring), 802.11 (wireless), and FDDI (Fiber Distributed Data Interface) networking technologies, including
✓
✓
✓
✓
Speed
Access method (CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) and
CSMA/CD(Carrier Sense Multiple Access/Collision Detection))
Topology
Media
1.7 Specify the general characteristics (for example, carrier speed, frequency, transmission type, and topology) of the following wireless technologies:
✓
✓
✓
✓
802.11 (Frequency hopping spread spectrum)
802.11
x
(Direct sequence spread spectrum)
Infrared
Bluetooth
1.8 Identify factors that affect the range and speed of wireless service (for example, interference, antenna type, and environmental factors)
What you need to know
✓
✓
✓
✓
✓
✓
Understand the differences between local area networks (LANs), wide area networks (WANs), and personal area networks (PANs)
Identify the characteristics between peer-to-peer and client/server networking
Identify the characteristics of various network topologies
Understand the characteristics of the following IEEE standards: 802.2, 802.3, 802.5, and 802.11
Identify the characteristics of Fiber Distributed Data Interface (FDDI)
Understand the impact of interference on Wireless communications
02 2548 ch01 5/16/05 12:27 PM Page 2
2
There are a variety of physical and logical network layouts in use today. As a network administrator, you might find yourself working on these different network layouts or topologies and, as such, will require knowledge of how they are designed to function.
This chapter reviews general network considerations such as the various topologies used on today’s networks, LANs, PANs, and WANs, and the
IEEE standards.
Networks are classified according to their geographical coverage and size.
The two most common network classifications are local area networks
(LANs) and wide area networks (WANs).
A
LAN
is a data network that is restricted to a single geographical location and typically encompasses a relatively small area such as an office building or school. The function of the LAN is to interconnect workstation computers for the purposes of sharing files and resources. Because of its localized nature, the LAN is typically high speed and cheaper to set up than a WAN.
Figure 1.1 shows an example of a LAN.
PC PC PC
Network attached printer
Ethernet Switches
Server
Figure 1.1
Local area network.
PC PC PC
02 2548 ch01 5/16/05 12:27 PM Page 3
A
WAN
is a network that spans more than one geographical location often connecting separated LANs. WANs are slower than LANs and often require additional and costly hardware such as routers, dedicated leased lines, and complicated implementation procedures. Figure 1.2 shows an example of a
WAN.
Toronto
Seattle
Server
PC
Ethernet Switch
Router
WAN
PC PC
Router
Ethernet Switch
Server
New York
3
PC PC
Router
PC PC
Ethernet Switch
Server
Figure 1.2
Wide area network.
Wireless technologies have introduced a new term—Wireless Personal Area
Networks (WPAN). WPAN refers to the technologies involved in connecting devices in very close proximity to exchange data or resources. An example of this can be seen through connecting a laptop with a PDA to synchronize an address book. Because of their small size and the nature of the data exchange, WPAN devices lend themselves well to ad hoc networking. Ad hoc networks are those that have devices connect directly to each other and not through a wireless access point. Ad hoc wireless networks are discussed later in this chapter.
Because of the close proximity of WPAN networking, short-range wireless technologies are typically used. This includes Bluetooth and Infrared. The key WPAN technology supported in Windows XP Professional, for example, is Infrared Data Association (IrDA). In addition, the IEEE wireless standards, including 802.11b/g, can be used to create a WPAN.
02 2548 ch01 5/16/05 12:27 PM Page 4
4
There are two basic wired network models from which to choose—the peerto-peer network model and the client/server model. The model used for a network is determined by several factors, including how the network will be used, how many users will be on the network, and budgetary considerations.
A
peer-to-peer network
is a decentralized network model offering no centralized storage of data or centralized control over the sharing of files or resources. All systems on a peer-to-peer network can share the resources on their local computer as well as use resources of other systems.
Peer-to-peer networks are cheaper and easier to implement than client/server networks, making them an ideal solution for environments in which budgets are a concern. The peer-to-peer model does not work well with large numbers of computer systems. As a peer-to-peer network grows, it becomes increasingly complicated to navigate and access files and resources connected to each computer because they are distributed throughout the network.
Further, the lack of centralized data storage makes it difficult to locate and back up key files.
Peer-to-peer networks are typically found in small offices or in residential settings where only a limited number of computers will be attached and only a few files and resources shared. A general rule of thumb is to have no more than 10 computers connected to a peer-to-peer network.
The client/server networking model is, without question, the most widely implemented model and the one you are most likely to encounter when working in real-world environments. The advantages of the client/server system stem from the fact that it is a centralized model. It allows for centralized network management of all network services, including user management, security, and backup procedures.
A client/server network often requires technically skilled personnel to implement and manage the network. This and the cost of a dedicated server hardware and software increase the cost of the client/server model. Despite this, the advantages of the centralized management, data storage, administration, and security make it the network model of choice. Table 1.1 summarizes the characteristics of the peer-to-peer and client/server network models.
02 2548 ch01 5/16/05 12:27 PM Page 5
The role of the client computer in the client/server model is to request the data from the server and present that data to the users.
5
Table 1.1
Comparison of Networking Models
Attribute
Size
Administration
Security
Cost
Implementation
Peer-to-Peer Network
Restricted to a maximum of
10 computers.
Each individual is responsible for the administration of his or her own system. A administrator is not needed.
Each individual is responsible for maintaining security for shared files or resources connected to the system.
Minimal startup and implementation cost.
Easy to configure and set up.
Client/Server Network
The size of the network is limited only by server size and network hardware, and it can have thousands of connected systems.
A skilled network administrator is often required to maintain and manage the network.
Security is managed from a central location but often requires a skilled administrator to correctly configure.
Requires dedicated equipment and specialized hardware and administration, increasing the cost of the network.
Often requires complex setup procedures and skilled staff to set up.
The terms centralized and distributed computing are used to describe where the network processing takes place. In a
centralized computing model
, one system provides both the data storage and the processing power for client systems. This networking model is most often associated with computer mainframes and dumb terminals, where no processing or storage capability exists at the workstation. These network environments are rare, but they do still exist.
A distributed network model has the processing power distributed between the client systems and the server. Most modern networks use the distributed
02 2548 ch01 5/16/05 12:27 PM Page 6
6
network model, where client workstations share in the processing responsibilities.
A
topology
refers to both the physical and logical layout of a network. The
physical
topology of a network refers to the actual layout of the computer cables and other network devices. The
logical
topology of a network, on the other hand, refers to the way in which the network appears to the devices that use it.
Several topologies are in use for networks today. Some of the more common include the bus, ring, star, mesh, and wireless topologies. The following sections provide an overview of each.
A
bus network
uses a trunk or backbone to which all of the computers on the network connect. Systems connect to this backbone using
T connectors
or taps. To avoid signal reflection, a physical bus topology requires that each end of the physical bus be terminated. Figure 1.3 shows an example of a physical bus topology.
Loose or missing terminators from a bus network will disrupt data transmissions.
Figure 1.3
Physical bus topology.
The most common implementation of a linear bus is the IEEE 802.3 standard. Table 1.2 summarizes the advantages and disadvantages of the bus topology.
02 2548 ch01 5/16/05 12:27 PM Page 7
Table 1.2
Advantages
Advantages and Disadvantages of the Bus Topology
Disadvantages
Compared to other topologies, a bus is cheap and easy to implement.
Requires less cable than other topologies.
Does not use any specialized network equipment.
There might be network disruption when computers are added or removed.
Because all systems on the network connect to a single backbone, a break in the cable will prevent all systems from accessing the network.
Difficult to troubleshoot.
The
ring topology
is actually a logical ring, meaning that the data travels in circular fashion from one computer to another on the network. It is not a physical ring topology. Figure 1.4 shows the logical layout of a ring network.
7
Figure 1.4
Logical design of the ring network.
In a true ring topology, if a single computer or section of cable fails, there is an interruption in the signal. The entire network becomes inaccessible.
Network disruption can also occur when computers are added or removed from the network, making it an impractical network design in environments where there is constant change to the network.
Ring networks are most commonly wired in a star configuration. In a Token
Ring network, a multistation access unit (MSAU) is equivalent to a hub or switch on an Ethernet network. The MSAU performs the token circulation
02 2548 ch01 5/16/05 12:27 PM Page 8
8
internally. To create the complete ring, the ring in (RI) port on each MSAU is connected to the ring out (RO) port on another MSAU. The last MSAU in the ring is then connected to the first, to complete the ring. Table 1.3 summarizes the advantages and disadvantages of the ring topology.
Table 1.3
Advantages and Disadvantages of the Ring Topology
Advantages
Cable faults are easily located, making troubleshooting easier.
Ring networks are moderately easy to install.
Disadvantages
Expansion to the network can cause network disruption.
A single break in the cable can disrupt the entire network.
In the
star topology
, all computers and other network devices connect to a central device called a
hub
or
switch
. Each connected device requires a single cable to be connected to the hub, creating a point-to-point connection between the device and the hub.
Using a separate cable to connect to the hub allows the network to be expanded without disruption to the network. A break in any single cable will not cause the entire network to fail. Figure 1.5 provides an example of a star topology.
Among the network topologies discussed in this chapter, the star topology is the easiest to expand in terms of the number of devices connected to the network.
Figure 1.5
Star topology.
02 2548 ch01 5/16/05 12:27 PM Page 9
The star topology is the most widely implemented network design in use today, but it is not without its shortcomings. Because all devices connect to a centralized hub, this creates a single point of failure for the network. If the hub fails, any device connected to it will not be able to access the network.
Because of the number of cables required and the need for network devices, the cost of a star network is often higher than other topologies. Table 1.4
summarizes the advantages and disadvantages of the star topology.
Table 1.4
Advantages
Advantages and Disadvantages of the Star Topology
Disadvantages
Star networks are easily expanded without disruption to the network.
Cable failure affects only a single user.
Easy to troubleshoot and isolate problems.
Requires more cable than most of the other topologies.
A central connecting device allows for a single point of failure.
More difficult than other topologies to implement.
The
mesh topology
incorporates a unique network design in which each computer on the network connects to every other, creating a point-to-point connection between every device on the network. The purpose of the mesh design is to provide a high level of
redundancy
. If one network cable fails, the data always has an alternative path to get to its destination. Figure 1.6 shows the mesh topology.
9
Figure 1.6
Mesh topology.
02 2548 ch01 5/16/05 12:27 PM Page 10
10
As you can see from Figure 1.6, the wiring for a mesh network can be very complicated. Further, the cabling costs associated with the mesh topology can be high, and troubleshooting a failed cable can be tricky. Because of this, the mesh topology is rarely used. A variation on a true mesh topology is the hybrid mesh. It creates a redundant point-to-point network connection between only specific network devices. The hybrid mesh is most often seen in WAN implementations. Table 1.5 summarizes the advantages and disadvantages of the mesh topology.
Because of the redundant connections, the mesh topology offers better fault tolerance than other topologies.
Table 1.5
Advantages and Disadvantages of the Mesh Topology
Advantages
Provides redundant paths between devices.
The network can be expanded without disruption to current users.
Disadvantages
Requires more cable than the other
LAN topologies.
Complicated implementation.
Wireless networks are typically implemented using one of two wireless topologies: the
infrastructure
, or managed, wireless topology and the
ad-hoc
, or unmanaged, wireless topology.
The infrastructure wireless topology is commonly used to extend a wired
LAN to include wireless devices. Wireless devices communicate with the wired LAN through a base station known as an
access point (AP)
or
wireless access point (WAP)
. The AP forms a bridge between a wireless and wired
LAN, and all transmissions between wireless stations, or between a system and a wired network client, go through the AP. APs are not mobile and have to stay connected to the wired network; therefore, they become part of the wired network infrastructure—thus the name. In infrastructure wireless networks, there might be several access points providing wireless coverage for a large area or only a single access point for a small area such as a single home or small building.
02 2548 ch01 5/16/05 12:27 PM Page 11
In a wireless ad hoc topology, devices communicate directly between themselves without using an access point. This peer-to-peer network design is commonly used to connect a small number of computers or wireless devices.
As an example, an ad hoc wireless network may be set up temporarily between laptops in a boardroom or to connect to systems in a home instead of a wired solution. The ad-hoc wireless design provides a quick method to share files and resources between a small number of systems. Figure 1.7 compares the ad hoc and infrastructure wireless network designs.
clients network segment
11
Wireless clients
Figure 1.7
Comparing wireless topologies.
02 2548 ch01 5/16/05 12:27 PM Page 12
12
Ad hoc Wireless Topology
The ad hoc, or unmanaged, network design does not use an AP. All wireless devices connect directly to each other.
In an infrastructure Wireless network, devices use a wireless access point (WAP) to connect to the network.
The Institute of Electrical and Electronic Engineers (IEEE) developed a series of networking standards to ensure that networking technologies developed by respective manufacturers are compatible. This means that the cabling, networking devices, and protocols are all interchangeable when designed under the banner of a specific IEEE standard. Table 1.6 summarizes the IEEE 802 networking standards.
802.4
802.5
802.6
802.7
802.8
802.9
802.10
Table 1.6
IEEE 802 Networking Standards
Specification
802.1
802.2
802.3
802.11
802.12
Name
Internetworking
The LLC (Logical Link Control) sublayer
CSMA/CD (Carrier Sense Multiple Access with Collision Detection) for Ethernet networks
A token passing bus
Token Ring networks
Metropolitan Area Network (MAN)
Broadband Technical Advisory Group
Fiber-Optic Technical Advisory Group
Integrated Voice and Data Networks
Standards for Interoperable LAN/MAN Security (SILS) (Network
Security)
Wireless networks
100Mbps technologies, including 100BASEVG-AnyLAN
Only a few of the standards listed in Table 1.6 are tested on the CompTIA exam. The standards that are specifically included in the CompTIA objectives are 802.2, 802.3, 802.5, and 802.11. Each of these IEEE specifications
02 2548 ch01 5/16/05 12:27 PM Page 13 outlines specific characteristics for LAN networking, including the speed, topology, cabling, and access method. The following sections outline the key features of these IEEE specifications and the specific characteristics of each.
The 802.2 standard, referred to as the Logical Link Control (LLC), manages data flow control and error control for the other IEEE LAN standards. Data flow control regulates how much data can be transmitted in a certain amount of time. Error control refers to the recognition and notification of damaged signals. The LLC layer is discussed more in Chapter 4, “OSI Model and
Network Protocols.”
The IEEE 802.3 standard defines the characteristics for Ethernet networks.
Ethernet networking is by far the most widely implemented form of local area networking. Several Ethernet LAN characteristics are identified in the
802.3 standard.
Since the development of the original 802.3 standards, there have also been several additions that have been assigned new designators. These standards are often referred to as the 802.3x standards. Some of the newer standards include 802.3u for Fast Ethernet, 802.3z for Gigabit Ethernet, and 802.3ae
for 10-Gigabit Ethernet. The features for 802.3 are listed here:
➤
—The original IEEE 802.3 standard specified a network transfer rate of 10Mbps. There have been modifications to the standard, the result being Fast Ethernet (802.3u), which can transmit network data up to 100Mbps and higher, as well as Gigabit Ethernet (802.3z), which can transmit at speeds up to 1000Mbps. 802.3ae is a very fast 803.3 standard.
Known as 10-Gigabit Ethernet, it offers speeds 10 times that of Gigabit
Ethernet.
➤
—The original Ethernet networks used a bus or star topology because the original 802.3 standard included specifications for both twisted pair and coaxial cabling. The IEEE 802.3u and 802.3z specify twisted pair cabling and use a star topology. Remember that even when
Ethernet uses a physical star topology, it uses a logical bus topology.
➤
—The media refers to the physical cabling used to transmit the signal around the network. The original 802.3 specifications identified coaxial and twisted pair cabling to be used. The more modern standards specify twisted pair and fiber-optic cable. 802.3ae currently only supports fiber media.
13
02 2548 ch01 5/16/05 12:27 PM Page 14
14
➤
Access method
—The access method refers to the way that the network media is accessed. Ethernet networks use a system called
Carrier Sense
Multiple Access with Collision Detection (CSMA/CD).
CSMA/CD works by monitoring the computers that are sending data on the network. If two computers transmit data at the same time, a data collision will occur. To prevent collisions, the systems sending the data will be required to wait a period of time and then retransmit the data to avoid the collision. 10-
Gigbit Ethernet only operates in full-duplex mode and, as such, does not need to use the traditional Ethernet CSMA/CD access method.
One of the shortcomings of CSMA/CD is that as more systems are added to the network, the likelihood of collisions increases and the network becomes slower.
The IEEE 802.5 standard specifies the characteristics for Token Ring networks. Token Ring was introduced by IBM in the mid-1980s and quickly became the network topology of choice until the rise in popularity of
Ethernet. It is unlikely that you will encounter a ring network in your travels and even more unlikely that you will be implementing a ring network as a new installation. For what it’s worth, Token Ring is a solid network system, but Ethernet has all but eliminated it.
The following is a list of the specific characteristics specified in the 802.5
standard:
➤
Speed
—The 802.5 Token Ring specifies network speeds of 4 and
16Mbps.
➤
Topology
—Token Ring networks use a logical ring topology and most often a physical star. The logical ring is often created in the multistation access unit (MSAU).
➤
Media
—Token Ring networks use unshielded twisted pair cabling or shielded twisted pair. More information on the specific characteristics of twisted pair cabling is covered in Chapter 2, “Cabling and Connectors.”
➤
Access method
—802.5 specifies an access method known as
token passing
. On a Token Ring network, only one computer at a time can transmit data. When a computer has data to send, it must use a special type of packet known as a
token
. The token travels around the network looking for computers with data to send. The computer’s data is passed along
02 2548 ch01 5/16/05 12:27 PM Page 15 with the token until it gets to the destination computer—at which point, the data is removed from the token and the empty token placed back on the ring.
All network cards on a Token Ring network must operate at the same speed.
15
The American National Standards Institute (ANSI) developed the
Distributed Data Interface (FDDI)
Fiber
standard in the mid-1980s to meet the growing need for a reliable and fast networking system to accommodate distributed applications. FDDI uses a ring network design, but, unlike the traditional 802.5 standard, FDDI uses a dual ring technology for fault tolerance. Because of the dual ring design, FDDI is not susceptible to a single cable failure like the regular 802.5 IEEE standard. Figure 1.8 shows an
FDDI network with a dual ring configuration.
Wireless
Access
Point
Wireless
Access
Point
Figure 1.8
FDDI network.
Computer
02 2548 ch01 5/16/05 12:27 PM Page 16
16
As with any of the other standards, FDDI has specific characteristics:
➤
Speed
—FDDI transmits data at 100Mbps and higher.
➤
Topology
—FDDI uses a dual ring topology for fault-tolerant reasons.
➤
Media
—FDDI uses fiber-optic cable that enables data transmissions that exceed two kilometers. Additionally, it is possible to use FDDI protocols over copper wire known as the Copper Distributed Data Interface
(CDDI).
➤
Access method
—Similar to 802.5, FDDI uses a token-passing access method.
Table 1.7 summarizes each of the wired standards discussed in the previous sections.
Table 1.7
Standard
802.3
IEEE 802 Network Standards
Speed
10Mbps
Physical
Topology
802.3u
Logical
Topology
Bus and Star
Bus
Media
Coaxial and twisted pair
Twisted pair
802.3z
802.3ae
802.5
100Mbps
(Fast Ethernet)
1000Mbps
10-Gigabit
Star
Star
Star
Bus
Backbone connections
Ring
Twisted pair
N/A
Twisted pair
FDDI
4Mbps and
16Mbps
100Mbps Dual ring Ring Fiber-optic
Twisted pair
(CDDI) .
Access
Method
CSMA/CD
CSMA/CD
CSMA/CD
Fiber/Not
Required
Token passing
Token passing
Pay close attention to the information provided in Table 1.7. You can expect questions on the Network+ exam based on the details provided in the table.
The 802.11 standards specify the characteristics of wireless LAN Ethernet networks. Under the banner of 802.11, there are four common wireless standards. These include 802.11, 802.11a, 802.11b and 802.11g. Each of these
02 2548 ch01 5/16/05 12:27 PM Page 17 wireless standards identifies several characteristics. Here is a review of the
802.11 wireless standards and characteristics:
➤
—802.11 standards are measured in Mbps and vary between network standards.
➤
—The 802.11 standards use radio frequency (RF) as a transmission media. Depending on the standard, radio frequencies include
2.4GHz and 5GHz.
➤
—802.11 wireless standards can be implemented in an ad-hoc or infrastructure topology.
➤
—802.11 uses Carrier Sense Multiple Access/Collision
Avoidance (CSMA/CA). CSMA/CA is a variation on the CSMA/CD access method. CSMA/CA access method uses a “listen before talking” strategy. Any system wanting to transmit data must first verify that the channel is clear before transmitting, thereby avoiding potential collisions.
➤
—Spread spectrum refers to the manner in which data signals travel through a radio frequency. Spread spectrum requires that data signals either alternate between carrier frequencies or constantly change their data pattern. Spread spectrum is designed to trade off bandwidth efficiency for reliability, integrity, and security.
➤
—802.11 wireless standards each specify a transmission range.
The range is influenced by many factors such as obstacles or weather.
The following is a look at the various 802.11 standards and their characteristics.
—There were actually two variations on the initial 802.11
standard. Both offered 1 or 2Mbps transmission speeds and the same
Radio Frequency (RF) of 2.4GHz. The difference between the two was in the way in which data traveled through the RF media. One used frequency hopping spread spectrum (FHSS), and the other, direct sequence spread spectrum (DSSS).
—In terms of speed, the 802.11a standard was far ahead of the original standards. 802.11a specified speeds of up to 54Mbps in the
5GHz band; but most commonly, communications takes place at 6Mbps,
12Mbps, or 24Mbps. 802.11a is not compatible with other wireless standards 802.11b and 802.11g. These standards are heavily favored to the
802.11a standard.
—The 802.11b standard provides for a maximum transmission speed of 11Mbps. However, devices are designed to be backward
17
02 2548 ch01 5/16/05 12:27 PM Page 18
18
compatible with previous standards that provided for speeds of 1-, 2-, and
5.5Mbps. 802.11b uses a 2.4GHz RF range and is compatible with
802.11g.
IEEE 802.11g
—802.11g is a popular wireless standard today. 802.11g
offers wireless transmission over distances of 150 feet and speeds up to
54Mbps compared with the 11 megabits per second of the 802.11b standard. Like 802.11b, 802.11g operates in the 2.4GHz range, and is thus compatible with it.
Each wireless standard has an associated speed. For instance, 802.11g lists a speed of up to 54Mbps. This number represents the pure data rate. However, in network data transmissions, many factors prevent the actual speeds from reaching this rate including data packet information, number of systems, and collisions on the network and interference. Once these are applied to the data rate, the actual speed is often less than half the data rate. Throughput represents the actual speed to expect from wireless transmissions.
Infrared has been around for a long time; perhaps our first experience with it was the TV remote. The command entered onto the remote control travels over an infrared light wave to the receiver on the TV. Infrared technology has progressed, and today infrared development in networking is managed by the Infrared Data Association (IrDA).
IrDA wireless networking uses infrared beams to send data transmissions between devices. Infrared wireless networking offers higher transmission rates reaching 10Mbps to 16Mbps.
Infrared provides a secure, low-cost, convenient cable replacement technology. It is well suited for many specific applications and environments. Some of the key infrared points are included here:
➤
Infrared provides adequate speeds, up to 16Mbps.
➤
A directed infrared system provides a very limited range of approximately 3 feet and typically is used for a PAN.
➤
Infrared devices use less power and a decreased drain on batteries.
➤
Infrared is a secure medium. Infrared signals typically travel short range between devices, which eliminates the problem of eavesdropping or signal tampering.
➤
Infrared is a proven technology. Infrared devices have been available for quite some time and, as such, are a proven, non-proprietary technology with an established user and support base.
02 2548 ch01 5/16/05 12:27 PM Page 19
➤
Infrared has no radio frequency interference issues or signal conflicts.
➤
Infrared replaces cables for many devices such as keyboards, mice, and other peripherals.
➤
Infrared uses a dispersed mode or a direct line of sight transmission.
Infrared is designed for point-to-point cable replacement.
19
Bluetooth is a wireless standard used for many purposes including connecting peripheral devices to a system. Bluetooth uses a low-cost, short-range radio link to create a link to replace many of the cords that used to connect devices.
Bluetooth-enabled devices support transmissions distances of up to 10 or so meters using an ad-hoc network design. Bluetooth establishes the link using an RF-based media and does not require a direct line of sight to make a connection. The Bluetooth Standard defines a short RF link capable of voice or data transmission up to a maximum capacity of 720Kb/s per channel.
Bluetooth operates at 2.4 to 2.48GHz and uses a spread spectrum, frequency-hopping technology. The signal hops can hop between 79 frequencies at
1MHz intervals to give a high degree of interference immunity.
For implementation purposes, Bluetooth provides solutions for three primary areas— cable replacement, ad-hoc networking, and data and access points.
As an established technology, Bluetooth has many advantages, but the speed of 720Kbps is limiting. The newest version of Bluetooth, Bluetooth 2.0, will increase overall speed to a data rate of 3Mbps. This speed might still be significantly slower than 802.11b or g, but for an easily configured, cable replacement technology, it is an attractive option.
Spread spectrum refers to the manner in which data signals travel through a radio frequency. Spread spectrum requires that data signals either alternate
02 2548 ch01 5/16/05 12:27 PM Page 20
20
between carrier frequencies or constantly change their data pattern.
Although the shortest distance between two points is a straight line (narrowband), spread spectrum is designed to trade-off bandwidth efficiency for reliability, integrity, and security. There are two types of spread spectrum radio: frequency hopping and direct sequence.
FHSS requires the use of narrowband signals that change frequencies in a predictable pattern. The term
frequency hopping
refers to hopping of data signals between narrow channels. Somewhere between 20 and several hundred milliseconds, the signal hops to a new channel following a predetermined cyclic pattern.
Because data signals using FHSS switch between RF bands, they have a strong resistance to interference and environmental factors. The constant hopping between channels also increases security as signals are harder to eavesdrop on.
DSSS transmissions spread the signal over a full transmission frequency spectrum. For every bit of data that is sent, a redundant bit pattern is also sent. This 32-bit pattern is called a
chip
. These redundant bits of data provide for both security and delivery assurance. Transmissions are so safe and reliable simply because the system sends so many redundant copies of the data and only a single copy is required to have complete transmission of the data or information. DSSS can minimize the effects of interference and background noise.
Lesser known than DSSS and FHSS RF technologies is OFDM. OFDM is associated with 802.11a wireless networks and is a method of modulation in which a signal is split into several narrowband channels at different frequencies.
The original 802.11 standard had two variations—both offering the same speeds but differing in the RF spread spectrum used. One of the 802.11 used
FHSS. This 802.11 variant used the 2.4GHz radio frequency band and operated with a 1 or 2Mbps data rate. Since this original standard, wireless implementations have favored DSSS.
The second 802.11 variation used DSSS and specified a 2Mbps-peak data rate with optional fallback to 1Mbps in very noisy environments. 802.11,
802.11b, and 802.11g use the DSSS spread spectrum. This means that the underlying modulation scheme is very similar between each standard, enabling all DSSS systems to coexist with 2, 11, and 54Mbps 802.11
02 2548 ch01 5/16/05 12:27 PM Page 21 standards. Because of the underlying differences between 802.11a and the
802.11b/g, they are not compatible.
Table 1.8 summarizes each of the wired standards discussed in the previous sections.
Table 1.8
IEEE 802 Wireless Network Standards
IEEE
Standard
802.11
802.11
802.11a
Frequency/
Media
2.4GHz RF
2.4GHz RF
5GHz
Speed
1 to
2Mbps
1 to
2Mbps
Up to
54Mbps
Topology
Ad-hoc/ infrastructure
Ad-hoc/ infrastructure
Ad-hoc/ infrastructure
Transmission Access
Range Method
CSMA/CA
CSMA/CA
CSMA/CA
802.11b
802.11g
IrDA
2.4GHz
2.4GHz
Up to
11Mbps
Up to
54Mbps
Ad-hoc/ infrastructure
Ad-hoc/ infrastructure
Ad-hoc
25 to 75 feet indoors range can be affected by building materials
Up to 150 feet indoors; range can be affected by building materials
Up to 150 feet indoors; range can be affected by building materials
1 meter
CSMA/CA
CSMA/CA
N/A
Bluetooth
Infrared light beam
2.4GHz RF
Up to
16Mbps
720Kbps Ad-hoc 10 meters N/A
Spread
Spectrum
DSSS
FHSS
OFDM
DSSS
DSSS
N/A
FHSS
Pay close attention to the information provided in Table 1.8. You can expect questions on the Network+ exam based on the details provided in the table.
21
02 2548 ch01 5/16/05 12:27 PM Page 22
22
Infrastructure Wireless communication involves the use of two major components—the client device and an access point, or AP. The AP acts as a bridge between the client or station and the wired network.
As with other forms of network communication, before transmissions between devices can occur, the wireless access point and the client must first begin to talk to each other. In the wireless world, this is a two-step process involving association and authentication.
The association process occurs when a wireless adapter is first turned on.
The client adapter will immediately begin to scan across the wireless frequencies for wireless APs or if using ad hoc mode, other wireless devices.
When the wireless client is configured to operate in infrastructure mode, the user can choose a wireless AP with which to connect. The wireless adapter switches to the assigned channel of the selected wireless AP and negotiates the use of a port.
The authentication process requires that a keyed security measure be negotiated between the AP and the client. The keyed authentication setting can be set to either shared key authentication or open authentication. On many wireless devices, the default setting is set to open authentication. Open authentication requires identity verification between the wireless client and the AP. When set to shared key mode, the client must meet security requirements before communication with the AP can occur.
The 802.11 standard allows a wireless client to roam between multiple APs. An AP will transmit a beacon signal every so many milliseconds and includes a time stamp for client synchronization and an indication of supported data rates. A client system will use the beacon message to identify the strength of the existing connection to an
AP. If the connection is too weak, the roaming client will attempt to associate itself with a new AP. This allows the client system to roam between distances and APs.
Several components combine to enable wireless communications between devices. Each of these must be configured on both the client and the AP.
➤
The Service Set Identifier (SSID)
—Whether your wireless network is using infrastructure mode or ad-hoc mode, an SSID is required. The
SSID is a configurable client identification that allows clients to communicate to a particular base station. Only clients systems that are configured with the same SSID as the AP can communicate with it. SSIDs provide a simple password arrangement between base stations and clients.
02 2548 ch01 5/16/05 12:27 PM Page 23
➤
—RF channels are important parts of wireless communications. A channel refers to the band of frequency used for the wireless communication. Each standard specifies the channels that can be used. The 802.11a standard specifies radio frequencies ranges between 5.15 and 5.875GHz. In contrast, 802.11b and 802.11g standards operate between the 2.4 to 2.497GHz ranges. Fourteen channels are defined in the IEEE 802.11b/g channel set; 11 of which are available in North America.
➤
—IEEE 802.11 provides for security using two methods, authentication and encryption. Authentication refers to the verification of client system. In the infrastructure mode, authentication is established between an AP and each station. Wireless encryption services must be the same on the client and the AP for communication to occur.
Wireless devices ship with default SSIDs, security settings, channels, passwords, and usernames. To protect yourself, it is strongly recommended to change these default settings. Today, many Internet sites list the default settings used by manufacturers with their wireless devices. This information is used by people who want to gain unauthorized access to your wireless devices.
Because wireless signals travel through the atmosphere, they are susceptible to different types of interference than with standard wires networks.
Interference weakens wireless signals and is therefore an important consideration when working with wireless networking.
Wireless interference is an important consideration when planning a wireless network. Interference is unfortunately inevitable, but the trick is to minimize the levels of interference. Wireless LAN communications are typically based on radio frequency signals that require a clear and unobstructed transmission path.
What are some of the factors that cause interference?
➤
Physical objects
—Trees, masonry, buildings, and other physical structures are some of the most common sources of interference. The density of the materials used in a building’s construction determines the number of walls the RF signal can pass through and still maintain adequate coverage. Concrete and steel walls are particularly difficult for a signal to pass through. These structures will weaken or, at times, completely prevent wireless signals.
23
02 2548 ch01 5/16/05 12:27 PM Page 24
24
➤
Radio frequency interference
—Wireless technologies such as
802.11b/g use RF range of 2.4GHz, and so do many other devices such as cordless phones, microwaves, and so on. Devices that share the channel can cause noise and weaken the signals.
➤
Electrical interference
—Electrical interference comes from devices such as computers, fridges, fans, lighting fixtures, or any other motorized devices. The impact that electrical interference has on the signal depends on the proximity of the electrical device to the wireless access point. Advances in wireless technologies and in electrical devices have reduced the impact these types of devices have on wireless transmissions.
➤
Environmental factors
—Weather conditions can have a huge impact on wireless signal integrity. Lighting, for instance, can cause electrical interference, and fog can weaken signals as they pass through.
Some of the equipment and materials that can interfere with wireless LAN transmissions include
Equipment such as cordless phones or microwaves that produce radio waves in the 2.4 or 5.2GHz range
RF noise caused by two wireless LANs operating in close proximity
Outdoor broadcast television used by mobile television cameras
Uninterruptible power supply (UPS) devices
Large objects such as pine trees
Fluorescent lights
Heavy machinery
Heavy-duty motors found in elevators or other large devices
Plants and trees
Close proximity to smaller electric devices such as computers or air conditioners
Transformers
This is not an exhaustive list, but it shows how wireless signals can be influenced by many different factors.
A wireless antenna is an integral part of the overall wireless communication.
Antennas come in many different shapes and sizes with each one designed for a specific purpose. Selecting the right antenna for a particular network implementation is a critical consideration and one that could ultimately
02 2548 ch01 5/16/05 12:27 PM Page 25 decide how successful a wireless implementation will be. In addition, using the right antennas can save money as networking costs because you’ll need fewer antennas and access points.
When a wireless signal is low and being influenced by heavy interference, it might be possible to upgrade the antennas to create a more solid wireless connection. To determine the strength of an antenna, we refer to its gain value.
An antenna’s
gain
is a measure of how well the antenna will send or pick up a radio signal. The gain value is measured in decibels-isotropic, or dBi. The gain value of an antenna is a unit of comparison to a reference—that reference being an isotropic antenna. An
isotropic
antenna is an antenna that sends signals equally in all directions (including up and down). An antenna that does this has a 0dBi gain.
An antenna’s rating (gain) is the difference between the 0db isotropic antenna and the actual antenna rating. As an example, a wireless antenna advertised as a 15-dBi antenna is 15 times stronger than the hypothetical isotropic antenna.
The initials “dB” reference decibels, and the “i” references the isotropic antenna. dBi is a unit measuring how much better the antenna is compared to isotropic signals.
When looking at wireless antennas, remember that a higher gain rating means stronger sent and received signals. In terms of performance, the rule of thumb is that every 3dBi of gain added doubles the effective power output of an antenna.
When selecting an antenna for a particular wireless implementation, it is necessary to determine the type of coverage used by an antenna. In a typical configuration, a wireless antenna can be either omni directional or directional.
An omni directional antenna is designed to provide a 360-degree dispersed wave pattern. This type of antenna is used when coverage in all directions from the antenna is required. Omni directional antennas are good to use when a broad-based signal is required. Because of the dispersed nature of omni directional antennas, the signal is weaker overall and therefore accommodates shorter signal distances. Omni directional antennas are great in an environment in which there is a clear line of path between the senders and receivers. The power is evenly spread to all points, making omni directional antennas well suited for linking several home and small office users.
25
02 2548 ch01 5/16/05 12:27 PM Page 26
26
Omni directional antennas provide a wide coverage but weaker signal strength in any one direction than a directional antenna.
Directional antennas are designed to focus the signal in a particular direction. This focused signal allows for greater distances and a stronger signal between two points. The greater distances enabled by directional antennas allow a viable alternative for connecting locations, such as two offices, in a point-to-point configuration.
Directional antennas are also used when you need to tunnel or thread a signal through a series of obstacles. This concentrates the signal power in a specific direction and allows you to use less power for a greater distance than an omni directional antenna.
In the wireless world, polarization refers to the direction that the antenna radiates wavelengths. This direction can either be vertical, horizontal, or circular. Today, vertical antennas are perhaps the most common type. As far as configuration is concerned, both the sending and receiving antennas should be set to the same polarization.
The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.
For the exam, don’t forget these important key concepts:
➤
In a star topology, each device on the network connects to a centralized device via a single cable.
➤
Computers in a star network can be connected and disconnected from the network without affecting any other systems.
➤
In a star configuration, all devices on the network connect to devices that act as connectivity points for the network, and these devices create a single point of failure on the network.
➤
The most common implementation of the physical star topology is the
Ethernet 10BaseT standard, although most new installations are
100BaseT, at a minimum.
02 2548 ch01 5/16/05 12:27 PM Page 27
➤
In the ring topology, the network layout forms a complete ring.
Computers connect to the network cable directly or, far more commonly, through a specialized network device.
➤
Breaking the loop of a ring network disrupts the entire network. Even if network devices are used to create the ring, the ring must still be broken if a fault occurs or the network needs to be expanded.
➤
The mesh topology requires each computer on the network be connected to each device. This configuration provides maximum reliability and redundancy for the network.
➤
802.3 defines the Carrier Sense Multiple Access with Collision
Avoidance Detection (CSMA/CA) media access method used in
Ethernet networks. This is the most popular networking standard used today.
➤
802.5 defines Token Ring networking.
➤
All cards in a Token Ring network must operate at the same speed.
➤
Ring networks are most commonly wired in a star configuration. In a
Token Ring network, a multistation access unit (MSAU) is equivalent to a hub or switch on an Ethernet network.
➤
To connect MSAUs, the ring in and ring out configuration must be properly set.
➤
FDDI uses a dual-ring configuration for fault tolerance.
➤
Four wireless standards are found under the IEEE 802.11 designation; these include 802.11, 802.11a, 802.11b, and 802.11g.
➤
Wireless standards use radio frequency as the transmission media, and they all use the CSMA/CA access method.
➤
Wireless antennas are typically measured in dBi and are either omnidirectional or directional. Wireless antennas boost the range and compensate for interference affecting a wireless signal.
➤
Infrastructure wireless topology uses an access point to extend the standard wired LAN. Wireless clients communicate with the AP to access the wires LAN. Ad-hoc networking is the connecting of wireless devices together without using a wireless access point.
➤
Communication between a client and the AP requires both to use a common SSID, wireless channel, and security channel.
27
02 2548 ch01 5/16/05 12:27 PM Page 28
28
➤
LANs, WANs, and PANs
➤
Peer-to-peer and client/server networking models
➤
Physical topology
➤
Logical topology
➤
Bus
➤
Ring
➤
Star
➤
Mesh
➤
Wireless
➤
IEEE 802.2, 802.3, 802.5, and
802.11
➤
FDDI
➤
Infrastructure topology
➤
Ad hoc topology
➤
802.11, 802.11a, 802.11b,
802.11g
➤
Wireless antenna
➤
SSID
➤
Wireless channel
02 2548 ch01 5/16/05 12:27 PM Page 29
1. Which of the following standards uses a dual ring configuration for fault tolerance?
❑
❑
❑
❑
A. 802.3
B. FDDI
C. 802.5
D. 802.2
2. Which of the following access methods is associated with Ethernet networks?
❑
❑
❑
❑
A. CSMA/CD
B. CSMA/CA
C. Token Passing
D. Demand Polling
3. You have been asked to install a network that will provide the network users with the greatest amount of fault tolerance. Which of the following network topologies would you choose?
❑
❑
❑
❑
A. Star
B. Ring
C. Mesh
D. Bus
4. Which of the following access methods is associated with the 802.11b
standard?
❑
❑
❑
❑
A. CSMA/CD
B. CSMA/CA
C. Token Passing
D. Radio Waves
5. Which of the following topologies allow for network expansion with the least amount of disruption for the current network users?
❑
❑
❑
❑
❑
A. Bus
B. Ring
C. 802.5
D. 802.4
E. Star
6. Which of the following are functions of the LLC? (Choose all that apply.)
❑
❑
❑
❑
A. Data flow control
B. Data fault tolerance
C. Error control
D. Token passing
29
02 2548 ch01 5/16/05 12:27 PM Page 30
30
7. Which of the following statements are associated with a bus LAN network? (Choose all correct answers.)
❑
❑
❑
❑
A. A single cable break can cause complete network disruption.
B. All devices connect to a central device.
C. Uses a single backbone to connect all network devices.
D. Uses a dual ring configuration.
8. Which of the following is associated with 802.3u?
❑
❑
❑
❑
A. Gigabit Ethernet
B. Fast Ethernet
C. FDDI
D. 802.2
9. What is the maximum speed for the 802.11b IEEE standard?
❑
❑
❑
❑
A. 100Mbps
B. 40Mbps
C. 11Mbps
D. 32Mbps
10. As a network administrator, you are called in to troubleshoot a problem on a token ring network. The network uses two MSAUs connected using the ring in ports on both devices. All network cards are set at the same speed. What is the likely cause of the problem?
❑
❑
❑
❑
A. Bad network card
B. Faulty cabling
C. MSAU configuration
D. Network card configuration
1. The correct answer is B. FDDI uses a ring network design but uses dual rings for fault tolerance. If there is disruption in one of the rings, network traffic can use the other ring. Answer A is incorrect, as the
802.3 specifies Ethernet networks and does not use a ring design.
Answer C is incorrect, as 802.5 only defines a single ring. Answer D is incorrect, as 802.2 is the IEEE standard for the Logical Link Layer.
2. The correct answer is A. CSMA/CD works by monitoring the computers that are sending data on the network. If two computers transmit data at the same time onto the network, a data collision will occur.
Answer B is incorrect; CSMA/CA uses collision avoidance as an access method. Answer C is incorrect; token passing is associated with ring networks. Demand polling is an access method based on priority and is not used on Ethernet networks; therefore, answer D is incorrect.
02 2548 ch01 5/16/05 12:27 PM Page 31
3. The correct answer is C. A mesh network uses a point-to-point connection to every device on the network. This creates multiple points for the data to be transmitted around the network and therefore creates a high degree of redundancy. The star, ring, and bus topologies do not offer fault tolerance.
4. The correct answer is B. 802.11b specifies CSMA/CA as the access method for wireless networks. CSMA/CD is the access method associated with the IEEE 802.3 standards and is therefore incorrect. Token passing is an access method but is not used for wireless networks, making answer C incorrect. Answer D is incorrect, as radio waves represent the media used by wireless, not the access method.
5. The correct answer is E. On a star network, each network device uses a separate cable to make a point-to-point connection to a centralized device such as a hub. With such a configuration, a new device can be added to the network by attaching the new device to the hub with its own cable. This process does not disrupt the users who are currently on the network. Answers A, B, C, and D are incorrect because the addition of new network devices on a ring or bus network can cause a disruption in the network and cause network services to be unavailable during the installation of a new device. 802.5 is the IEEE specification for a ring network, and 802.4 is the IEEE specification for a token bus.
6. The correct answers are A and C. The LLC manages both the data flow control and error control for LAN networking standards such as
802.3, 802.5, and 802.11b. The function of the LLC is not to provide fault tolerance; therefore, answer B is incorrect. Similarly, the function of LLC is not associated with token passing.
7. The correct answers are A and C. In a bus network, a single break in the network cable can disrupt all the devices on that segment of the network, a significant shortcoming. A bus network also uses a single cable as a backbone to which all networking devices attach. A star network requires networked devices to connect to a centralized device such as a hub or MSAU. Therefore, answer B is incorrect. A dual ring topology is associated with FDDI, not a bus network.
8. The correct answer is B. 802.3u is the specification for Fast Ethernet under the original 802.3 IEEE standard. 802.3z is the specification for
Gigabit Ethernet; therefore, answer A is incorrect. FDDI is not associated with 802.3u; FDDI uses a dual ring network design. 802.2 is the
IEEE standard for the LLC sublayer.
9. The correct answer is C. 802.11b allows for a transfer rate of 11Mbps.
None of the other answers represent wireless speeds.
31
02 2548 ch01 5/16/05 12:27 PM Page 32
32
10. The correct answer is C. To create the complete ring, the ring in (RI) port on each MSAU is connected to the ring out (RO) port on another
MSAU. The last MSAU in the ring is then connected to the first, to complete the ring.
Bird, Drew and Harwood, Mike.
Network+ Exam Prep
, Que
Publishing, 2004.
Habraken, Joe.
Absolute Beginner’s Guide to Networking, Fourth
Edition
. Que Publishing, 2003.
Davis, Harold.
Absolute Beginner’s Guide to Wi-Fi Wireless
Networking
. Que Publishing, 2004.
03 2548 ch02 5/16/05 12:28 PM Page 33
2
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
1.3 Specify the characteristics (for example, speed, length, topology, and cable type) of the following cable standards:
✓
✓
✓
✓
10BaseT and 10BaseFL
100BaseTX and 100BaseFX
1000BaseTX, 1000BaseCX, 1000BaseSX, and 1000BaseLX
10GBaseSR, 10GBaseLR, and 10GBaseER
1.4 Recognize the following media connectors and describe their uses:
✓
✓
✓
✓
✓
✓
✓
✓
✓
RJ-11 (Registered Jack)
RJ-45 (Registered Jack)
F-Type
ST (Straight Tip)
SC (Standard Connector)
IEEE1394 (FireWire)
LC (Local Connector)
MTRJ (Mechanical Transfer Registered Jack)
USB (Universal Serial Bus)
1.5 Recognize the following media types and describe their uses:
✓
✓
✓
✓
✓
✓
Category 3, 5, 5e, and 6
UTP (Unshielded Twisted Pair)
STP (Shielded Twisted Pair)
Coaxial cable
SMF (Single Mode Fiber) optic cable
MMF (Multimode Fiber) optic cable
What you need to know
✓
✓
✓
✓
✓
✓
✓
Identify common media considerations
Understand the relationship between media and bandwidth
Identify the two signaling methods used on networks
Understand the three media dialog methods
Identify the characteristics of IEEE standards including 802.3, 802.3u, 802.3z, and 802.3ae
Identify the commonly implemented network media
Identify the various connectors used with network media
03 2548 ch02 5/16/05 12:28 PM Page 34
34
When it comes to working with an existing network or implementing a new network, you need to be able to identify the characteristics of network media and their associated cabling. This chapter focuses on the media and connectors used in today’s networks.
In addition to media and connectors, this chapter identifies the characteristics of the IEEE 802.3 standard and its variants.
In addition to identifying the characteristics of network media and their associated cabling, the Network+ exam requires knowledge of some general terms and concepts that are associated with network media. Before looking at the individual media types, it is a good idea to first have an understanding of some general media considerations.
Networks employ two types of signaling methods: baseband and broadband.
Baseband transmissions
use digital signaling over a single wire.
Communication on baseband transmissions is bidirectional, allowing signals to be sent and received but not at the same time. To send multiple signals on a single cable, baseband uses something called
Time Division Multiplexing
(TDM)
. TDM divides a single channel into time slots.
In terms of LAN network standards, broadband transmissions, on the other hand, use analog transmissions. For broadband transmissions to be sent and received, the media has to be split into two channels. Multiple channels are created using Frequency Division-Multiplexing (FDM).
Simplex, half duplex, and full duplex are referred to as dialog modes, and they determine the direction in which data can flow through the network media.
Simplex
allows for one-way communication of data through the network, with the full bandwidth of the cable being used for the transmitting signal. Oneway communication is of little use on LANs, making it unusual at best for network implementations. Far more common is the
half-duplex
mode, which
03 2548 ch02 5/16/05 12:28 PM Page 35 accommodates transmitting and receiving on the network but not at the same time. Many networks are configured for half-duplex communication.
The preferred dialog mode for network communication is the
full-duplex
mode. To use full duplex, both the network card and the hub or switch must support full duplexing. Devices configured for full duplexing are capable of transmitting and receiving simultaneously. This means that 100Mbps network cards are capable of transmitting at 200Mbps using full-duplex mode.
Depending on where network cabling (commonly referred to as media) is installed,
interference
can be a major consideration. Two types of media interference can adversely affect data transmissions over network media: electromagnetic interference (EMI) and crosstalk.
EMI is a problem when cables are installed near electrical devices, such as air conditioners or fluorescent light fixtures. If a network media is placed close enough to such a device, the signal within the cable might become corrupt.
Network media vary in their resistance to the effects of EMI. Standard UTP cable is susceptible to EMI, whereas fiber cable with its light transmissions is resistant to EMI. When deciding on a particular media, consider where it will run and the impact EMI can have on the installation.
A second type of interference is
crosstalk
. Crosstalk refers to how the data signals on two separate media interfere with each other. The result is that the signal on both cables can become corrupt. As with EMI, media varies in its resistance to crosstalk, with fiber-optic cable being the most resistant.
For the Network+ exam, remember that fiber-optic cable offers the greatest resistance to EMI and crosstalk.
35
Attenuation
refers to the weakening of data signals as they travel through a respective media. Network media varies in its resistance to attenuation.
Coaxial cable is generally more resistant than UTP, STP is slightly more resistant than UTP, and fiber-optic cable does not suffer from attenuation at all. That’s not to say that a signal does not weaken as it travels over fiberoptic cable, but the correct term for this weakening is ‘chromatic dispersion,’ rather than attenuation.
03 2548 ch02 5/16/05 12:28 PM Page 36
36
It’s important to understand attenuation or chromatic dispersion and the maximum distances specified for network media. Exceeding a media’s distance without using repeaters can cause hard-to-troubleshoot network problems. Most attenuation or chromatic dispersion related difficulties on a network require using a network analyzer to detect them.
One of the more important media considerations is the supported data transmission rate or speed. Different media types are rated to certain maximum speeds, but whether or not they are used to this maximum depends on the networking standard being used and the network devices connected to the network.
The transmission rate of media is sometimes referred to incorrectly as the
bandwidth.
In truth, the term bandwidth refers to the width of the range of electrical frequencies or amount of channels that the media can support.
Transmission rates are normally measured by the number of data bits that can traverse the media in a single second. In the early days of data communications, this measurement was expressed as bits per second (bps), but today’s networks are measured in Mbps (megabits per second) and Gbps
(gigabits per second).
The different network media vary greatly in the transmission speeds they support. Many of today’s application-intensive networks require more than the 10Mbps offered by the older networking standards. In some cases, even
100Mbps, which is found in many modern LANs, is simply not enough to meet current network needs. For this reason, many organizations deploy
1Gbps networks, and some now even go for 10Gbps implementations.
Whatever type of network is used, some type of network media is needed to carry signals between computers. Two types of media are used in networks: cable-based media, such as twisted pair, and the media types associated with wireless networking, such as radio waves.
03 2548 ch02 5/16/05 12:28 PM Page 37
In networks using cable-based media, there are three basic choices:
➤
Twisted pair
➤
Coaxial
➤
Fiber-optic
Twisted-pair and coaxial cables both use copper wire to conduct the signals electronically; fiber-optic cable uses a glass or plastic conductor and transmits the signals as light.
For many years, coaxial was the cable of choice for most LANs. Today, however (and for the past 10 years), twisted pair has proved to be far and away the cable media of choice, thus retiring coax to the confines of storage closets. Fiber-optic cable has also seen its popularity rise but—because of cost— has been primarily restricted to use as a network backbone where segment length and higher speeds are needed. That said, fiber is now increasingly common in server room environments as a server to switch connection method, and in building to building connections in what are termed as metropolitan area networks (MANs).
The following sections summarize the characteristics of each of these cable types.
Twisted-pair cabling has been around a very long time. It was originally created for voice transmissions and has been widely used for telephone communication. Today, in addition to telephone communication, twisted pair is the most widely used media for networking.
The popularity of twisted pair can be attributed to the fact that it is lighter, more flexible, and easier to install than coaxial or fiber-optic cable. It is also cheaper than other media alternatives and can achieve greater speeds than its coaxial competition. These factors make twisted pair the ideal solution for most network environments.
Two main types of twisted-pair cabling are in use today:
Unshielded Twisted
Pair (UTP)
and
Shielded Twisted Pair (STP)
. UTP is significantly more commonplace than STP and is used for most networks. Shielded twisted pair is used in environments in which greater resistance to EMI and attenuation is required. The greater resistance comes at a price, however. The additional shielding, plus the need to ground that shield (which requires special connectors), can significantly add to the cost of a cable installation of STP.
37
03 2548 ch02 5/16/05 12:28 PM Page 38
38
A third type of twisted pair cable, called Screened Twisted Pair (ScTP) , is available, though not widely deployed. ScTP encases all of the wires in the cable within a single shield. This is in contrast to standard STP cable, which uses the same shield, but also encases each individual wire with shielding. ScTP is cheaper than STP, but it is still more expensive than UTP.
STP provides the extra shielding by using an insulating material that is wrapped around the wires within the cable. This extra protection increases the distances that data signals can travel over STP but also increases the cost of the cabling. Figure 2.1 shows STP and UTP cabling.
STP shield
UTP
Figure 2.1
STP and UTP cabling. (Reproduced with permission from Computer Desktop
Encyclopedia.
©
1981-2005 The Computer Language Company Inc. All rights reserved.)
There are several categories of twisted-pair cabling, with the early categories most commonly associated with voice transmissions. The categories are specified by the Electronics Industries Association/Telecommunications
Industries Association (EIA/TIA). Table 2.1 shows the categories along with the speeds that they are used to support in common network implementations.
Table 2.1
UTP Cable Categories
Category
1
2
Common Application
Analog voice applications
1Mbps
(continued)
03 2548 ch02 5/16/05 12:28 PM Page 39
Table 2.1
Category
3
4
5
5e
6
UTP Cable Categories
(continued)
Common Application
16Mbps
20Mbps
100Mbps
1000Mbps
1000Mbps +
It should be noted that the figures provided in Table 2.1 refer to speeds that these cables are commonly used to support. Ratified standards for these cabling categories might actually specify lower speeds than those listed, but cable and network component manufacturers are always pushing the performance envelope in the quest for greater speeds. The ratified standards define minimum specifications. For more information on cabling standards, visit the TIA website at http://www.tiaonline.org/.
Coaxial cable, or
coax
as it is commonly referred to, has been around for a long time. Coax found success in both TV signal transmission as well as in network implementations. Coax is constructed with a copper core at the center that carries the signal, plastic insulation, braided metal shielding, and an outer plastic covering. Coaxial cable is constructed in this way to add resistance to
attenuation
(the loss of signal strength as it travels over distance),
crosstalk
(the degradation of a signal caused by signals from other cables running close to it), and EMI (electromagnetic interference). Figure 2.2 shows the construction of coaxial cabling.
Insulation
Ground
Insulation
Main wire
Figure 2.2
Coaxial cabling.
Networks can use two types of coaxial cabling: thin coaxial and thick coaxial. Both have fallen out of favor, but you might still encounter thin coax in your travels.
Thin coax is much more likely to be seen than thick coax in today’s networks, but it isn’t common, either. Thin coax is only .25 inches in diameter, making
39
03 2548 ch02 5/16/05 12:28 PM Page 40
40
it fairly easy to install. Unfortunately, one of the disadvantages of all thin coax types are that they are prone to cable breaks, which increase the difficulty when installing and troubleshooting coaxial-based networks.
There are several types of thin coax cable, each of which has a specific use.
Table 2.2 summarizes the categories of thin coax.
Table 2.2
Cable
RG-58 /U
RG-58 A/U
RG-58 C/U
RG-6
Thin Coax Categories
Type
Solid copper core
Stranded wire core
Military specification
Used for cable TV and cable modems
In many ways, fiber-optic media addresses the shortcomings associated with copper-based media. Because fiber-based media use light transmissions instead of electronic pulses, threats such as EMI, crosstalk, and attenuation become a nonissue. Fiber is well suited for the transfer of data, video, and voice transmissions. In addition, fiber-optic is the most secure of all cable media. Anyone trying to access data signals on a fiber-optic cable must physically tap into the media. Given the composition of the cable, this is a particularly difficult task.
Unfortunately, despite the advantages of fiber-based media over copper, it still does not enjoy the popularity of twisted-pair cabling. The moderately difficult installation and maintenance procedures of fiber often require skilled technicians with specialized tools. Furthermore, the cost of a fiberbased solution limits the number of organizations that can afford to implement it. Another sometimes hidden drawback of implementing a fiber solution is the cost of retrofitting existing network equipment. Fiber is incompatible with most electronic network equipment. This means that you have to purchase fiber-compatible network hardware.
Fiber-optic cable, although still more expensive than other types of cable, is well suited for high-speed data communications. It eliminates the problems associated with copper-based media, such as near-end crosstalk, electromagnetic interference
(EMI), and signal tampering.
03 2548 ch02 5/16/05 12:28 PM Page 41
Fiber-optic cable itself is composed of a core glass fiber surrounded by
cladding
. An insulated covering then surrounds both of these within an outer protective sheath. Figure 2.3 shows the composition of a fiber-optic cable.
Black polyurethane outer jacket
Strength members
41
Core (silica)
Buffer jacket
Silicone coating
Cladding (silica)
Figure 2.3
Fiber-optic cable.
Two types of fiber-optic cable are available: single and multimode fiber. In multimode fiber, many beams of light travel through the cable bouncing off of the cable walls. This strategy actually weakens the signal, reducing the length and speed the data signal can travel. Single-mode fiber uses a single direct beam of light, thus allowing for greater distances and increased transfer speeds. Some of the common types of fiber-optic cable include the following:
➤
62.5 micron core/125 micron cladding multimode
➤
50 micron core/125 micron cladding multimode
➤
8.3 micron core/125 micron cladding single mode
In the ever-increasing search for bandwidth that will keep pace with the demands of modern applications, fiber-optic cables are sure to play a key role.
03 2548 ch02 5/16/05 12:28 PM Page 42
42
Understanding the types of fiber optics available, as well as their advantages and their limitations, is important for real-world application, as well as the Network+ exam.
A variety of connectors are used with the associated network media. Media connectors attach to the transmission media and allow the physical connection into the computing device. For the Network+ exam, it is necessary to identify the connectors associated with the specific media. The following sections identify the connectors and associated media.
BNC connectors are associated with coaxial media and 10Base2 networks.
BNC connectors are not as common as they once were, but still are used on some networks, older network cards, and older hubs. Common BNC connectors include a barrel connector, T-connector, and terminators. Figure 2.4
shows two terminators (top and bottom) and two T-connectors (left and right).
Figure 2.4
BNC connectors.
03 2548 ch02 5/16/05 12:28 PM Page 43
Although CompTIA does not include BNC connectors in the updated Network+ objectives, we have included them in this chapter to provide complete coverage of the commonly used connectors. In addition, CompTIA has been known to include questions in the exam that are not included in the objectives, and we think it wise to prepare for any eventuality.
RJ (Registered Jack) -11 connectors are small plastic connectors used on telephone cables. They have capacity for six small pins. However, in many cases, not all the pins are used. For example, a standard telephone connection only uses two pins, while a cable used for a DSL modem connection uses four.
RJ-11 connectors are somewhat similar to RJ-45 connectors, which are discussed next, though they are a little smaller. Both RJ-11 and RJ-45 connectors have small plastic flange on top of the connector to ensure a secure connection. Figure 2.5 shows two views of an RJ-11 connector.
43
Figure 2.5
RJ-11 connectors.
RJ-45 connectors are the ones you are most likely going to encounter in your network travels. RJ-45 connectors are used with twisted-pair cabling, the most prevalent network cable in use today. RJ-45 connectors resemble the aforementioned RJ-11 phone jacks, but support up to eight wires instead of the six supported by RJ-11 connectors. RJ-45 connectors are also larger.
Figure 2.6 shows the RJ-45 connectors.
03 2548 ch02 5/16/05 12:28 PM Page 44
44
Figure 2.6
RJ-45 connectors.
F-Type connectors are screw on connections used for attaching coaxial cable to devices. In the world of modern networking, F-Type connectors are most commonly associated with connecting Internet modems to cable or satellite
Internet provider’s equipment. However, they are also used for connecting to some proprietary peripherals.
F-Type connectors have a ‘nut’ on the connection that provides something to grip as the connection is tightened by hand. If necessary, this nut can be also be lightly gripped with pliers to aid disconnection. Figure 2.7 shows an example of an F-Type connector.
Figure 2.7
F-Type connector.
For the Network+ exam, you are expected to identify the connectors discussed in this chapter by their appearance.
03 2548 ch02 5/16/05 12:28 PM Page 45
A variety of connectors are associated with fiber cabling, and there are several ways of connecting these connectors. These include bayonet, snap-lock, and push-pull connectors. Figure 2.8 shows the fiber connectors identified in the CompTIA Network+ objectives.
The ST connector uses a half-twist bayonet type of lock.
45
ST
SC
The SC uses a push-pull connector similiar to common audio and video plugs and sockets.
LC connectors have a flange on top, similar to an RJ-45 connector, that aids secure connection.
LC
MT-RJ is a popular connector for two fibers in a very small form factor.
MT-RJ
Figure 2.8
Fiber connectors. (Reproduced with permission from Computer Desktop Encyclopedia.
©
1981-2005 The Computer Language Company Inc. All rights reserved.)
As with the other connectors discussed in this section, be prepared to identify fiber connectors by their appearance and by how they are physically connected.
03 2548 ch02 5/16/05 12:28 PM Page 46
46
The IEEE1394 interface, also known as FireWire, is more commonly associated with the attachment of peripheral devices, such as digital cameras or printers, than network connections. However, it is possible to create small networks with IEEE1394 cables. The IEEE1394 interface comes in a 4- or
6-pin version, both of which are shown in Figure 2.9
Figure 2.9
4-pin (left) and 6-pin (right) IEEE1394 (FireWire) connectors.
Universal Serial Bus (USB) ports are now an extremely common sight on both desktop and laptop computer systems. Like IEEE1394, USB is associated more with connecting consumer peripherals such as MP3 players and digital cameras than networking. However, many manufacturers now make wireless network cards that plug directly in to a USB port. Most desktop and laptop computers have between two and four USB ports, but USB hubs are available that provide additional ports if required.
There are a number of connectors associated with USB ports, but the two most popular are Type A and Type B. Type A connectors are the more common of the two and are the type used on PCs. Although many peripheral devices also use a Type A connector, an increasing number now use a Type
B. Figure 2.10 shows a Type A connector (left) and a Type B connector
(right) .
03 2548 ch02 5/16/05 12:28 PM Page 47
Type
B
Type
A
Figure 2.10
Type A (left) and Type B (right) USB connectors.
The IEEE 802.3 standards define a range of networking systems that are based on the original Ethernet standard. The variations include speed, physical topology, and implementation considerations. The following sections describe these standards.
There is no specific designation called ‘standard Ethernet,’ but if there were, it would be assigned to the 10Mbps variants of the IEEE 802.3 standards.
Although 10Mbps is now considered too slow for most new networks, there are a large number of existing networks operating at 10Mbps. A number of
10Mbps standards exist, with 10BaseT now being the most common. In the following sections, we discuss a number of the 10Mbps standards.
Even though it is not specifically stated in the CompTIA Network+ objectives, we have included coverage on 10Base2 because there is still a chance that you will encounter it in the real world.
10Base2, which is defined as part of the IEEE 802.3a standard, specifies data transmission speeds of 10Mbps and a total segment length of 185 meters using RG-58 coaxial cable. The 10Base2 standard specifies a physical bus topology and uses BNC connectors with 50-ohm terminators at each end of the cable. One of the physical ends of each segment must be grounded.
47
03 2548 ch02 5/16/05 12:28 PM Page 48
48
When discussing network standards, the word ‘base,’ as in 10Base2, defines that the media can only carry one data signal per wire, or channel, at one time.
10Base2 networks allow a maximum of five segments with only three of those segments populated. Each of the three populated segments can have a maximum of 30 nodes attached. 10Base2 requires that there is a minimum of .5
meters between nodes. For the network to function properly, the segment must be complete. With this in mind, the addition or removal of systems might make the network unusable.
The coax cable used in 10Base2 networks is prone to cable breaks. A break anywhere in the cable will make the entire network inaccessible.
When working with Ethernet networks that use coaxial media, the 5-4-3 rule applies. The rule specifies that the network is limited to a total of five cable segments. These five segments can be connected using no more than four repeaters, and only three segments on the network can be populated.
The 10BaseT standard is another 10Mbps standard using UTP cabling.
10BaseT networks have a maximum segment length of 100 meters, and up to a total of five physical segments per network.
10BaseT networks use a star topology with a point-to-point connection between the computer and the hub or switch. 10BaseT can use different categories of UTP cabling, including 3, 4, 5. It can also be used with category
5e and category 6 cabling, but that is a little like renting the Daytona speedway for the day and then cycling around it.
As with coaxial implementations, there are rules governing UTP networks. UTP Ethernet networks use the 5-4-3 rule, but in a slightly modified form. As with coaxial, a total of five physical segments can be used on the network and these five physical segments can be connected using four repeaters, but all five physical segments can be populated.
03 2548 ch02 5/16/05 12:28 PM Page 49
10BaseFL is an implementation of 10Mbps Ethernet over fiber-optic cabling. Its primary benefit, over 10BaseT, is that it can be used in distances up to 2km. However, given the availability of other faster networking standards, such as 100BaseFX (discussed next), you are unlikely to encounter a large number of 10BaseFL implementations.
Table 2.3 summarizes the characteristics of the 10Mbps networking standards discussed in this section.
Table 2.3
Standard
10Base2
10BaseT
10BaseFL
10Mbps Network Comparison
Cable Type
Segment
Length
Thin coaxial
Category 3, 4, 5 twisted pair
Fiber Optic
185 meters
100 meters
2000 Meters
Connector
BNC
RJ-45
Topology
Physical bus
Physical star
SC/ST Physical star
Ensure that you understand the information provided in Table 2.3; there will certainly be questions on the exam that come directly from this information.
49
Many of the applications used on modern networks demand more bandwidth than what’s provided by the 10Mbps network standards. To address this need for faster networks, the IEEE has developed the IEEE 802.3u specifications, of which there are three variations:
➤
100BaseTX
➤
100BaseT4
➤
100BaseFX
Of the three, 100BaseT4 is not listed in the latest version of the CompTIA
Network+ objectives. However, we have chosen to include information on it in this section to provide rounded coverage of this topic.
100BaseTX is the most widely implemented of the Fast Ethernet standards.
100BaseTX uses two pairs of wire in Category 5 UTP cabling and can also
03 2548 ch02 5/16/05 12:28 PM Page 50
50
use STP cable when a more resistant cable is required. 100BaseTX uses
100Mbps transmission and a total segment length of 100 meters.
The advantage to 100BaseT4 is its capability to use older categories of UTP cable to perform 100Mbps transfer. In environments already wired with
Category 3 or 4 cable, 100BaseT4 can be used instead of replacing the existing cable.
100BaseT4 uses all four pairs of wire of Category 3, 4, and 5 twisted pair and, as such, is prevented from using full-duplex transmissions. The other characteristics of standard 100BaseTX are in effect with 100BaseT4.
The IEEE 100BaseFX standard specifies 100Mbps transmissions speeds over fiber-optic cable. 100BaseFX can use both multimode and single mode fiber.
It has a maximum segment length of 412 meters when used over multimode fiber and 10,000 meters when used over single-mode fiber. Table 2.4 summarizes the characteristics of Fast Ethernet.
Table 2.4
Fast Ethernet
Standard
100BaseTX
100BaseT4
100BaseFX
Cable Type
Category 5
UTP
Category 3,
4, 5 UTP
Multimode/ single-mode fiber-optic cable
Segment
Length
100 meters
100 meters
412/multimode fiber-optic
10,000/ single-mode fiber-optic
Connector
RJ-45
Topology
Physical star
RJ-45
SC, ST
Physical star
Physical star
Be sure that you understand the information provided in Table 2.4, as there will be questions on the exam that are derived from this information.
Gigabit Ethernet networking, which is becoming increasingly common as a backbone connection method and for a server to switch connectivity, is
03 2548 ch02 5/16/05 12:28 PM Page 51 achieved using either copper-based media or fiber optic cabling. The two
IEEE standards that specify Gigabit transfer are 802.3z and 802.3ab.
Three distinct standards are specified under the 802.3z standard; they are referred to collectively as 1000BaseX.
The three standards are 1000BaseLX, 1000BaseSX, and 1000BaseCX.
1000BaseLX and 1000BaseSX use long wavelength laser and short wavelength laser, respectively. Both 1000BaseSX and 1000BaseLX can be supported over two types of multimode fiber—62.5 and 50 micron-diameter fibers. Only long wave lasers support the use of single-mode fiber.
The 1000BaseCX standard specifies Gigabit Ethernet over STP cabling.
Segment length of 1000BaseCX is extremely limited, reaching a maximum of 25 meters. 1000BaseCX is not widely implemented.
The 802.3ab standard specifies Gigabit Ethernet transfer over Category 5
UTP cable. To achieve the 1000Mbps speeds, each of the four pairs of wires in a twisted-pair cable can transmit 250Mbps. Table 2.5 summarizes the characteristics of the Gigabit standards.
Table 2.5
Gigabit Ethernet
Standard
1000BaseLX
1000BaseSX
Cable Type
Multimode/singlemode fiber
Multimode fiber
1000BaseCX STP
Segment Length
550/multimode 5000/ single-mode
550 meters using 50
Micron multimode fiber
25 meters
1000BaseT UTP 75 meters
Connector
Fiber connectors
Fiber connectors
9-pin shielded connector, 8-pin fiber channel type
2 connector
RJ-45
Ensure that you understand the information provided in Table 2.5; there will be questions on the exam that are derived from this information.
51
03 2548 ch02 5/16/05 12:28 PM Page 52
52
As the name suggests, 10 Gigabit Ethernet, which is referred to as 10GbE, has the capability to provide data transmission rates of up to 10 Gigabits per second. 10 Gigabit Ethernet is defined in the IEEE 802.3ae standard.
There are a number of 10GbE implementations, though CompTIA chooses to focus on 10GBaseSR, 10GBaseLR, and 10GBaseER in the objectives for the Network+ exam. Of these standards, 10BaseSR is designed for LAN or
MAN implementations, with a maximum distance of 300 meters using 50 micron multimode fiber-optic cabling. 10BaseSR can also be implemented with 62.5 micron multimode fiber, but is limited to 33 meters in this configuration.
10GBaseLR and 10GBaseER are designed for use in MAN and WAN implementations, and are implemented using single mode fiber-optic cabling.
10GBaseLR has a maximum distance of 10km, whereas 10GBaseER has a maximum distance of 40km. Table 2.6 summarizes the characteristics of 10
Gigabit Ethernet standards relevant to the Network+ exam.
Table 2.6
Summary of IEEE 802.3ae 10 Gigabit Ethernet Characteristics
10GBaseSR 10GBaseLR 10GBaseER
Transmission Method
Speed
Distance Cable Type
Connector Type
Baseband
10000Mbps
33m/300m
50 or 62.5 micron multimode
Fibre/50 Micron
Multimode fiber
Fiber connectors
Baseband
10000Mbps
10,000m
Single Mode fiber
Fiber connectors
Baseband
10000Mbps
40,000m
Single Mode fiber
Fiber connectors
The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.
03 2548 ch02 5/16/05 12:28 PM Page 53
For the exam, don’t forget these key concepts:
➤
RJ-11 connectors are used with standard phone lines and are similar in appearance to RJ-45 connectors. However, RJ-11 connectors are smaller.
➤
RJ-45 connectors are used with UTP cabling.
➤
F-type connectors are used to connect coaxial cable to devices such as
Internet modems.
➤
Fiber-optic cabling uses a variety of connectors, but SC and ST are more commonly used than others.
➤
SC and ST connectors are associated with fiber cabling. ST connectors offer a twist type attachment, whereas SCs have a push-on connector.
➤
LC and MTRJ are other types of fiber-optic connectors.
➤
UTP cabling is the most common type used on today’s networks. For greater speeds, distances, and resistance to interference, fiber-optic cable provides an increasingly affordable alternative.
➤
10Base2, sometimes called Thinnet or Thin Ethernet, is the 802.3 specification for a network that uses thin coaxial cable (that is, RG-58 cable).
➤
10BaseT networks use UTP cable and RJ-45 connectors to transfer data at up to 10Mbps.
➤
10BaseFL networks use fiber-optic cabling and can span distances of up to 2km.
➤
100BaseTX networks use RJ-45 connectors and use Category 5 STP or
UTP cable.
➤
100BaseT4 networks use Category 3, 4, and 5 cable with RJ-45 connectors.
➤
100BaseFX uses fiber-optic cable and often uses SC or ST connectors
➤
1000BaseSX and 1000BaseLX offer 1000Mbps transfer speed using fiber-optic cable.
➤
1000BaseCX offers 1000Mbps transfer speed over shielded copper cable.
Distances are restricted to 25 meters.
53
03 2548 ch02 5/16/05 12:28 PM Page 54
54
➤
1000BaseTX offers 1000Mbps transfer speed over UTP cable up to a maximum of 100 meters.
➤
10Gbps networks are defined by the IEEE 802.3ae standard.
➤
10GBaseSR is designed for use over short distances up to 300 meters with 50 micron multimode fiber.
➤
10GBaseLR uses single mode fiber-optic cable and can be used up to
10km.
➤
10GBaseER uses single mode fiber-optic cable and can be used up to
40km.
➤
Media
➤
Bandwidth
➤
Baseband/broadband
➤
Duplexing
➤
Thin coax/Twisted pair/Fiber-optic cable
➤
10BaseT/10Base2/100BaseTX/100BaseFX/Gigabit
Ethernet/10Gb Ethernet (10GbE)
➤
RJ-11/RJ-45/F-type/ST/SC/LC/MTRJ/BNC connectors
➤
Crosstalk
➤
Attenuation
➤
EMI
03 2548 ch02 5/16/05 12:28 PM Page 55
1. You are troubleshooting a network using 1000BaseCX cable and suspect that the maximum length has been exceeded. What is the maximum length of 1000BaseCX cable?
❑
❑
❑
❑
A. 1,000 meters
B. 100 meters
C. 25 meters
D. 10,000 meters
2. As system administrator, you find yourself working on a legacy 10Base2 network. Which of the following technologies would you be working with? (Choose three.)
❑
❑
❑
❑
❑
A. UTP
B. RG-58
C. BNC connectors
D. Terminators
E. RJ-45 connectors
3. Your manager has asked you to specify a high speed 10GbE link to provide connectivity between two buildings 3km from each other.
Which of the following IEEE standards are you likely to recommend?
❑
❑
❑
❑
A. 10GBaseLR
B. 10GBaseSR
C. 10GBaseT4
D. 10GBaseFL
4. Which of following connectors are commonly used with fiber cabling?
❑
❑
❑
❑
A. RJ-45
B. BNC
C. SC
D. RJ-11
5. Which of the following definitions describe the loss of signal strength as a signal travels through a particular media?
❑
❑
❑
❑
A. Attenuation
B. Crosstalk
C. EMI
D. Chatter
6. What kind of cable would you associate with an F-type connector?
❑
❑
❑
❑
A. Fiber optic
B. UTP
C. Coaxial
D. STP
55
03 2548 ch02 5/16/05 12:28 PM Page 56
56
7. In a 100BaseT network environment, what is the maximum distance between the device and the networking equipment, assuming that no repeaters are used?
❑
❑
❑
❑
A. 1,000 meters
B. 100 meters
C. 500 meters
D. 185 meters
8. A user calls to report that he is experiencing periodic problems connecting to the network. Upon investigation, you find that the cable connecting the user’s PC to the switch is close to a fluorescent light fitting. What condition is most likely causing the problem?
❑
❑
❑
❑
A. Crosstalk
B. EMI
C. Attenuation
D. Faulty cable
9. Which of the following is NOT a type of fiber-optic connector used in network implementations?
❑
❑
❑
❑
A. MTRJ
B. SC
C. BNC
D. LC
10. Which of the following fiber connectors uses a twist-type connection method?
❑
❑
❑
❑
A. ST
B. SC
C. BNC
D. SA
1. The correct answer is C. The 1000BaseCX standard specifies Gigabit
Ethernet transfer over Category 5 UTP cable. It uses STP twisted-pair cable and has a 25-meter length restriction. All of the other answers are incorrect.
2. The correct answers are B, C, and D. 10Base2 networks use thin coax
(RG-58) media, BNC connectors, and a terminator at each end of the bus to dampen the signal reflection. Answers A and E are incorrect, as they are used by other network standards such as 10BaseT and
100BaseTX.
03 2548 ch02 5/16/05 12:28 PM Page 57
3. The correct answer is A. 10GBaseLR can be used over distances up to
10km. 10GBaseSR can only be used up to a maximum distance of 300 meters. 10GBaseT4 and 10GBaseFL are not recognized 10 Gigabit
Ethernet standards.
4. The correct answer is C. SC connectors are used with fiber-optic cable. RJ-45 connectors are used with UTP cable, BNC is used for thin coax cable, and RJ-11 is used for regular phone connectors.
5. The correct answer is A. The term used to describe the loss of signal strength for media is attenuation. Crosstalk refers to the interference between two cables, EMI is electromagnetic interference, and chatter is not a valid media interference concern.
6. The correct answer is C. F-type connectors are used with coaxial cables. They are not used with fiber-optic, Unshielded Twisted Pair
(UTP) or Shielded Twisted Pair (STP) cabling.
7. The correct answer is B. 100BaseT networks use UTP cabling, which has a maximum cable length of 100 meters. Answer A is incorrect. This distance could only be achieved with UTP cabling by using repeaters.
Answer C specifies the maximum cable length for 10Base5 networks; and answer D specifies the maximum cable length for 10Base2 networks.
8. The correct answer is B. EMI is a type of interference that is often seen when cables run too closely to electrical devices. Answer A is incorrect; crosstalk describes the interference whereby two cables interfere with each other. Attenuation identifies the loss of signal strength. Answer D is incorrect also. It may be that a faulty cable is causing the problem; however, the question asks for the most likely cause and because the cable is running near the fluorescent lights, the problem is more likely associated with EMI.
9. The correct answer is C. BNC is a connector type used with coaxial cabling. It is not used as a connector for fiber-optic cabling. MTRJ,
SC, and LC are all recognized types of fiber-optic connectors.
10. The correct answer is A. ST fiber connectors use a twist-type connection method. Answer B is incorrect as SC connectors use a push-type connection method. The other choices are not valid fiber connectors.
57
03 2548 ch02 5/16/05 12:28 PM Page 58
58
Bird, Drew and Harwood, Mike.
Network+ Exam Prep 2
, Que
Publishing, 2005.
Comer, Douglas I.
Computer Networks and Internets,
Prentice Hall,
1999.
Tulloch, Mitch and Tulloch, Ingrid.
Microsoft Encyclopedia of
Networking, Second Edition
. Microsoft Press. 2002.
04 2548 ch03 5/16/05 12:28 PM Page 59
3
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
1.6 Identify the purposes, features, and functions of the following network components:
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
Hubs
Switches
Bridges
Routers
Gateways
CSU/DSU (Channel Service Unit/Data Service Unit)
NICs (Network Interface Card)
ISDN (Integrated Services Digital Network) adapters
WAPs (Wireless Access Point)
Modems
Transceivers (media converters)
Firewalls
2.1 Identify a MAC (Media Access Control) address and its parts
What you need to know
✓
✓
✓
✓
✓
✓
✓
✓
✓
Describe how hubs and switches work
Explain how hubs and switches can be connected to create larger networks
Describe how bridges, routers, and gateways work
Describe how routing protocols are used for dynamic routing
Explain the purpose of other networking components such as Channel Service Unit/Digital
Service Unit (CSU/DSU) and gateways
Describe the purpose and function of network cards
Describe how to identify a MAC address
Understand the function of a transceiver
Describe the purpose of a firewall
04 2548 ch03 5/16/05 12:28 PM Page 60
60
All but the most basic of networks require devices to provide connectivity and functionality. Understanding how these networking devices operate and identifying the functions they perform are essential skills for any network administrator and requirements for a Network+ candidate.
This chapter introduces commonly used networking devices, and, although it is true that you are not likely to encounter all of the devices mentioned in this chapter on the exam, you can be assured of working with at least some of them.
At the bottom of the networking food chain, so to speak, are hubs. Hubs are used in networks that use twisted-pair cabling to connect devices. Hubs can also be joined together to create larger networks.
Hubs
are simple devices that direct data packets to all devices connected to the hub, regardless of whether the data package is destined for the device. This makes them inefficient devices and can create a performance bottleneck on busy networks.
In its most basic form, a hub does nothing except provide a pathway for the electrical signals to travel along. Such a device is called a
passive
more common nowadays is an
active
hub. Far hub, which, as well as providing a path for the data signals, regenerates the signal before it forwards it to all of the connected devices. A hub does not perform any processing on the data that it forwards, nor does it perform any error checking.
Hubs come in a variety of shapes and sizes. Small hubs with five or eight connection ports are commonly referred to as
workgroup hubs
. Others can accommodate larger numbers of devices (normally up to 32). These are referred to as
high-density devices
. Because hubs don’t perform any processing, they do little except enable communication between connected devices. For today’s high-demand network applications, something with a little more intelligence is required. That’s where switches come in.
In a Token Ring network, a multistation access unit (MSAU) is used in place of the hub that is used on an Ethernet network. The MSAU performs the token circulation inside the device, giving the network a physical star appearance. Each MSAU has a Ring In (RI) port on the device, which is connected
04 2548 ch03 5/16/05 12:28 PM Page 61 to the Ring Out (RO) port on another MSAU. The last MSAU in the ring is then connected to the first to complete the ring. Because Token Ring networks are few and far between nowadays, it is far more likely that you will find yourself working with Ethernet hubs and switches.
Multistation access unit is sometimes written as MSAU however, it is commonly referred to as an MAU. Both are acceptable acronyms.
61
Even though MSAU and Token Ring networks are not common, you can expect a few questions on them on the exam.
Like hubs,
switches
are the connectivity points of an Ethernet network.
Devices connect to switches via twisted-pair cabling, one cable for each device. The difference between hubs and switches is in how the devices deal with the data that they receive. Whereas a hub forwards the data it receives to all of the ports on the device, a switch forwards it only to the port that connects to the destination device. It does this by
learning
the MAC address of the devices attached to it, and then by matching the destination MAC address in the data it receives. Figure 3.1 shows how a switch works.
y
Data sent b one node
Switch
Data is f only to the arded
Figure 3.1
How a switch works.
By forwarding data only to the connection that should receive it, the switch can improve network performance in two ways. First, by creating a direct path between two devices and controlling their communication, it can greatly reduce the number of collisions on the network. As you might recall, collisions occur on Ethernet networks when two devices attempt to transmit at exactly the same time. In addition, the lack of collisions enables switches to
04 2548 ch03 5/16/05 12:28 PM Page 62
62
communicate with devices in full-duplex mode. In a full-duplex configuration, devices can send and receive data from the switch at the same time.
Contrast this with half-duplex communication, in which communication can occur in only one direction at a time. Full-duplex transmission speeds are double that of a standard, half-duplex, connection. So, a 10Mbps connection becomes 20Mbps, and a 100Mbps connection becomes 200Mbps.
The net result of these measures is that switches can offer significant performance improvements over hub-based networks, particularly when network use is high.
Irrespective of whether a connection is at full or half duplex, the method of switching dictates how the switch deals with the data it receives. The following is a brief explanation of each method:
➤
Cut-through
—In a cut-through switching environment, the packet begins to be forwarded as soon as it is received. This method is very fast, but creates the possibility of errors being propagated through the network, as there is no error checking.
➤
Store-and-forward
—Unlike cut-through, in a store-and-forward switching environment, the entire packet is received and error checked before being forwarded. The upside of this method is that errors are not propagated through the network. The downside is that the error checking process takes a relatively long time, and store-and-forward switching is considerably slower as a result.
➤
FragmentFree
—To take advantage of the error checking of store-andforward switching, but still offer performance levels nearing that of cutthrough switching, FragmentFree switching can be used. In a
FragmentFree-switching environment, enough of the packet is read so that the switch can determine whether the packet has been involved in a collision. As soon as the collision status has been determined, the packet is forwarded.
In addition to acting as a connection point for network devices, hubs and switches can also be connected to create larger networks. This connection can be achieved through standard ports with a special cable or by using special ports with a standard cable.
04 2548 ch03 5/16/05 12:28 PM Page 63
The ports on a hub to which computer systems are attached are called
Medium Dependent Interface-Crossed (MDI-X).
The crossed designation is derived from the fact that two of the wires within the connection are crossed so that the send signal wire on one device becomes the receive signal of the other. Because the ports are crossed internally, a standard or
straight-through
cable can be used to connect devices.
Another type of port, called a
Medium Dependent Interface (MDI)
port, is often included on a hub or switch to facilitate the connection of two switches or hubs. Because the hubs or switches are designed to see each other as simply an extension of the network, there is no need for the signal to be crossed. If a hub or switch does not have an MDI port, hubs or switches can be connected by using a
crossover
cable between two MDI-X ports. The crossover cable serves to uncross the internal crossing. You can see diagrams of the cable pinouts for both a straight-through and crossover cable in
Figures 3.2 and 3.3, respectively.
63
6
7
3
4
1
2
5
8
6
7
3
4
1
2
5
8
Figure 3.2
The pinouts for a straight-through cable.
In a crossover cable, wires 1 and 3 and wires 2 and 6 are crossed.
04 2548 ch03 5/16/05 12:28 PM Page 64
64
A B
6
7
8
1
2
3
4
5
Figure 3.3
The pinouts for a crossover cable.
6
7
8
1
2
3
4
5
Bridges
are used to divide larger networks into smaller sections. They do this by sitting between two physical network segments and managing the flow of data between the two. By looking at the MAC address of the devices connected to each segment, bridges can elect to forward the data (if they believe that the destination address is on another interface), or block it from crossing (if they can verify that it is on the interface from which it came). Figure
3.4 shows how a bridge can be used to segregate a network.
Bridges can also be used to connect two physical LANs into a larger logical LAN.
When bridges were introduced, the MAC addresses of the devices on the connected networks had to be entered manually, a time-consuming process that had plenty of opportunity for error. Today, almost all bridges can build a list of the MAC addresses on an interface by watching the traffic on the network.
Such devices are called
learning bridges
because of this functionality.
04 2548 ch03 5/16/05 12:28 PM Page 65
Data not destined for a device on the other network is prevented from passing over the bridge
Bridge
Figure 3.4
How a bridge is used to segregate networks.
There are two issues that you must consider when using bridges. The first is the bridge placement, and the other is the elimination of bridging loops:
➤
—Bridges should be positioned in the network using the
80/20 rule. This rule dictates that 80% of the data should be local and that the other 20% should be destined for devices on the other side of the bridge.
➤
—Bridging loops can occur when more than one bridge is implemented on the network. In this scenario, the bridges can confuse each other by leading one another to believe that a device is located on a certain segment when it is not. To combat the bridging loop problem, the IEEE 802.1d Spanning Tree protocol enables bridge interfaces to be assigned a value that is then used to control the bridge-learning process.
Three types of bridges are used in networks:
➤
—Derives its name from the fact that the devices on the network are unaware of its existence. A transparent bridge does nothing except block or forward data based on the MAC address.
➤
—Used in Token Ring networks. The source route bridge derives its name from the fact that the entire path that the packet is to take through the network is embedded within the packet.
➤
—Used to convert one networking data format to another; for example, from Token Ring to Ethernet and vice versa.
65
04 2548 ch03 5/16/05 12:28 PM Page 66
66
Today, bridges are slowly but surely falling out of favor. Ethernet switches offer similar functionality; they can provide logical divisions, or segments, in the network. In fact, switches are sometimes referred to as multiport bridges because of the way they operate.
In a common configuration, routers are used to create larger networks by joining two network segments. Such as a SOHO router used to connect a user to the Internet. A router can be a dedicated hardware device or a computer system with more than one network interface and the appropriate routing software. All modern network operating systems include the functionality to act as a router.
Routers will normally create, add, or divide on the Network Layer as they are normally IP-based devices.
A router derives its name from the fact that it can route data it receives from one network onto another. When a router receives a packet of data, it reads the header of the packet to determine the destination address. Once it has determined the address, it looks in its routing table to determine whether it knows how to reach the destination and, if it does, it forwards the packet to the next hop on the route. The next hop might be the final destination, or it might be another router. Figure 3.5 shows, in basic terms, how a router works.
As you can see from this example, routing tables play a very important role in the routing process. They are the means by which the router makes its decisions. For this reason, a routing table needs to be two things. It must be up-to-date, and it must be complete. There are two ways that the router can get the information for the routing table—through static routing or dynamic routing.
In environments that use
static routing
, routes and route information are entered into the routing tables manually. Not only can this be a time-consuming task, but also errors are more common. Additionally, when there is a
04 2548 ch03 5/16/05 12:28 PM Page 67 change in the layout, or topology, of the network, statically configured routers must be manually updated with the changes. Again, this is a timeconsuming and potentially error-laden task. For these reasons, static routing is suited to only the smallest environments with perhaps just one or two routers. A far more practical solution, particularly in larger environments, is to use dynamic routing.
67
Workstation
1
Server
Workstation
Router
2
3
2
Router
Router
1 Data is sent to the router
2 The router determines the destination address and forwards it to the next step in the journey
3 The data reaches its destination
Figure 3.5
How a router works.
In a
dynamic routing
environment, routers use special routing protocols to communicate. The purpose of these protocols is simple; they enable routers to pass on information about themselves to other routers so that other routers can build routing tables. There are two types of routing protocols used—the older distance vector protocols and the newer link state protocols.
04 2548 ch03 5/16/05 12:28 PM Page 68
68
The two most commonly used distance vector routing protocols are both called Routing Information Protocol (RIP). One version is used on networks running TCP/IP. The other, sometimes referred to as IPX RIP, is designed for use on networks running the IPX/SPX protocol.
RIP works on the basis of
hop counts
. A hop is defined as one step on the journey to the data’s destination. Each router that the data has to cross to reach its destination constitutes a hop. The maximum number of hops that RIP can accommodate is 15. That is to say that in a network that uses RIP, all routers must be within 15 hops of each other to communicate. Any hop count that is in excess of 15 is considered unreachable.
Distance vector routing protocols operate by having each router send updates about all the other routers it knows about to the routers directly connected to it. These updates are used by the routers to compile their routing tables. The updates are sent out automatically every 30 or 60 seconds.
The actual interval depends on the routing protocol being used. Apart from the periodic updates, routers can also be configured to send a
triggered update
if a change in the network topology is detected. The process by which routers learn of a change in the network topology is known as
convergence.
Although distance vector protocols are capable of maintaining routing tables, they have three problems. The first is that the periodic update system can make the update process very slow. The second problem is that the periodic updates can create large amounts of network traffic—much of the time unnecessarily as the topology of the network should rarely change. The last, and perhaps more significant, problem is that because the routers only know about the next hop in the journey, incorrect information can be propagated between routers, creating routing loops.
Two strategies are used to combat this last problem. One,
split horizon
, works by preventing the router from advertising a route back to the other router from which it was learned. The other,
poison reverse
(also called split horizon with poison reverse), dictates that the route
is
advertised back on the interface from which it was learned, but that it has a metric of 16. Recall that a metric of 16 is considered an unreachable destination.
Link state routing works quite differently from distance vector-based routing. Rather than each router telling each other connected router about the routes it is aware of, routers in a link state environment send out special packets, called
link state advertisements (LSA)
, which contain information only about that router. These LSAs are forwarded to all the routers on the
04 2548 ch03 5/16/05 12:28 PM Page 69 network, which enables them to build a map of the entire network. The advertisements are sent when the router is first brought onto the network and when a change in the topology is detected.
Of the two (distance vector and link state), distance vector routing is better suited to small networks and link state routing to larger ones. Link state protocols do not suffer from the constant updates and limited hop count, and they are also quicker to correct themselves (to converge) when the network topology changes.
On TCP/IP networks, the most commonly used link state routing protocol is the Open Shortest Path First (OSPF). On IPX networks, the NetWare
Link State Protocol (NLSP) is used. Table 3.1 summarizes the distance vector and link state protocols used with each network protocol.
It is necessary to know which distance vector and link state routing protocols are associated with which network protocols.
69
Table 3.1
Routing Protocols
Network Protocol Distance Vector
TCP/IP
IPX/SPX
RIP
RIP*
Link State
OSPF
NLSP
Sometimes, to distinguish between the versions of RIP for IP and IPX, the version for IPX is referred to as IPX RIP.
Any device that translates one data format to another is called a
gateway
.
Some examples of gateways include a router that translates data from one network protocol to another, a bridge that converts between two networking systems, and a software application that converts between two dissimilar formats. The key point about a gateway is that only the data format is translated, not the data itself. In many cases, the gateway functionality is incorporated into another device.
04 2548 ch03 5/16/05 12:28 PM Page 70
70
Don’t confuse a gateway with the term
default gateway
, which is discussed in Chapter 6, “WAN
Technologies, Remote Access, and Security Protocols.” The term default gateway refers to a router to which all network transmissions not destined for the local network are sent.
A Channel Service Unit/Digital Service Unit (CSU/DSU), sometimes called
Data Service Unit, is a device that converts the digital signal format used on
LANs into one used on WANs. Such translation is necessary because the networking technologies used on WANs are different from those used on
LANs.
The CSU/DSU sits between the LAN and the access point provided by the telecommunications company. Many router manufacturers are now incorporating CSU/DSU functionality into their products.
Network cards, also called Network Interface Cards, are devices that enable computers to connect to the network.
When specifying or installing a NIC, you must consider the following issues:
➤
System bus compatibility
—If the network interface you are installing is an internal device, bus compatibility must be verified. The most common bus system in use is the Peripheral Component Interconnect (PCI) bus, but some older systems might still use Industry Standard
Architecture (ISA) expansion cards.
➤
System resources
—Network cards, like other devices, need IRQ and memory I/O addresses. If the network card does not operate correctly after installation, there might be a device conflict.
➤
Media compatibility
—Today, the assumption is that networks use twisted-pair cabling, so if you need a card for coaxial or fiber-optic connections, you must specify this. Wireless network cards are also available.
Even more than the assumption you are using twisted-pair cabling is that the networking system being used is Ethernet. If you require a card for another networking system such as Token Ring, this must be specified when you order.
04 2548 ch03 5/16/05 12:28 PM Page 71
When working on a Token Ring network, you have to ensure that all network cards are set to transmit at the same speeds. NICs on an Ethernet network can operate at different speeds.
To install or configure a network interface, you will need drivers of the device, and might need to configure it, although many devices are now plug and play. Most network cards are now software configured. Many of these software configuration utilities also include testing capabilities. The drivers and software configuration utilities supplied with the cards are often not the latest available, so it is best practice to log on to the Internet and download the latest drivers and associated software.
Integrated Services Digital Network (ISDN)
is a remote access and WAN technology that can be used in place of a Plain Old Telephone Service (POTS) dial-up link if it is available. The availability of ISDN depends on whether your local telecommunications service provider offers the service, the quality of the line to your premises, and your proximity to the provider’s location.
ISDN offers greater speeds than a modem and can also pick up and drop the line considerably faster.
If ISDN is available and you do elect to use it, a special device called an
ISDN terminal adapter
is needed to connect to the line. ISDN terminal adapters can be add-in expansion cards, external devices that connect to the serial port of the system, or specialized interfaces built in to routers or other networking equipment. The ISDN terminal adapter is necessary because, although it uses digital signals, the signals are formatted differently from those used on a LAN. In addition, ISDN can create multiple communication channels on a single line. Today, ISDN is not widely deployed and has been replaced by faster and often cheaper technologies.
Wireless access points (APs) are a transmitter and receiver (transceiver) device used to create a wireless LAN (WLAN). APs are typically a separate network device with a built-in antenna, transmitter, and adapter. APs use the wireless infrastructure network mode to provide a connection point between
WLANs and a wired Ethernet LAN. APs also typically have several ports allowing a way to expand the network to support additional clients.
71
04 2548 ch03 5/16/05 12:28 PM Page 72
72
Depending on the size of the network, one or more APs might be required.
Additional APs are used to allow access to more wireless clients and to expand the range of the wireless network. Each AP is limited by a transmissions range—the distance a client can be from a AP and still get a useable signal. The actual distance depends on the wireless standard being used and the obstructions and environmental conditions between the client and the AP.
A WAP can operate as a bridge connecting a standard wired network to wireless devices or as a router passing data transmissions from one access point to another.
Saying that an AP is used to extend a wired LAN to wireless clients doesn’t give you the complete picture. A wireless AP today can provide different services in addition to just an access point. Today, the APs might provide many ports that can be used to easily increase the size of the network.
Systems can be added and removed from the network with no affect on other systems on the network. Also, many APs provide firewall capabilities and
DHCP service. When they are hooked up, they will provide client systems with a private IP address and then prevent Internet traffic from accessing client systems. So in effect, the AP is a switch, a DHCP Server, router, and a firewall.
APs come in all different shapes and sizes. Many are cheaper and designed strictly for home or small office use. Such APs have low powered antennas and limited expansion ports. Higher end APs used for commercial purposes have very high powered antennas enabling them to extend the range that the wireless signal can travel.
APs are used to create a wireless LAN and to extend a wired network. APs are used in the infrastructure wireless topology.
A
modem
, short for modulator/demodulator, is a device that converts the digital signals generated by a computer into analog signals that can travel over conventional phone lines. The modem at the receiving end converts the signal back into a format the computer can understand. Modems can be used as a means to connect to an ISP or as a mechanism for dialing up to a LAN.
04 2548 ch03 5/16/05 12:28 PM Page 73
Modems can be internal add-in expansion cards, external devices that connect to the serial or USB port of a system, PCMCIA cards designed for use in laptops, or proprietary devices designed for use on other devices such as portables and handhelds.
The configuration of a modem depends on whether it is an internal or external device. For internal devices, the modem must be configured with an interrupt request (IRQ) and a memory I/O address. It is common practice, when installing an internal modem, to disable the built-in serial interfaces and assign the modem the resources of one of those (typically COM2). Table
3.2 shows the resources associated with serial (COM) port assignments.
Table 3.2
Common Serial (COM) Port Resource Assignments
Port ID
COM1
COM2
COM3
COM4
IRQ
4
3
4
3
I/O Address
03F8
02F8
03E8
02E8
Associated Serial I/F Number
1
2
1
2
For external modems, you need not concern yourself directly with these port assignments, as the modem connects to the serial port and uses the resources assigned to it. This is a much more straightforward approach and one favored by those who work with modems on a regular basis. For PCMCIA and USB modems, the plug-and-play nature of these devices makes them simple to configure, and no manual resource assignment is required. Once the modem is installed and recognized by the system, drivers must be configured to enable use of the device.
Two factors directly affect the speed of the modem connection—the speed of the modem itself and the speed of the Universal Asynchronous
Receiver/Transmitter (UART) chip in the computer that is connected to the modem. The UART chip controls the serial communication of a computer, and although modern systems have UART chips that can accommodate far greater speeds than the modem is capable of, older systems should be checked to make sure that the UART chip is of sufficient speed to support the modem speed. The UART chip installed in the system can normally be determined by looking at the documentation that comes with the system.
Table 3.3 shows the maximum speed of the commonly used UART chip types.
73
04 2548 ch03 5/16/05 12:28 PM Page 74
74
Table 3.3
UART Chip
UART Chip Speeds
Speed (Kbps)
8250
16450
16550
16650
16750
16950
9600
9600
115,200
430,800
921,600
921,600
Keep in mind that Internal modems have their own UARTs, but External modems use the UART that works with the Com Port.
If you have installed an internal modem and are experiencing problems with other devices such as a mouse, there might be a resource conflict between the mouse and the modem. Also, legacy ISA NICs often use IRQ3 and might conflict with the modems.
The term transceiver does describe a separate network device, but it can also be technology built and embedded in devices such as network cards and modems. In a network environment, a transceiver gets its name from being both a transmitter and a receiver of signals—thus the name transceivers.
Technically, on a LAN, the transceiver is responsible for placing signals onto the network media and also detecting incoming signals traveling through the same wire. Given the description of the function of a transceiver, it makes sense that that technology would be found with network cards.
Although transceivers are found in network cards, they can be external devices as well. As far as networking is concerned, transceivers can ship as a module or chip type. Chip transceivers are small and are inserted into a system board or wired directly on a circuit board. Module transceivers are external to the network and are installed and function similarly to other computer peripherals, or they can function as standalone devices.
There are many types of transceivers—RF transceivers, fiber optic transceivers, Ethernet transceivers, wireless (WAP) transceivers, and more.
Though each of these media types are different, the function of the
04 2548 ch03 5/16/05 12:28 PM Page 75 transceiver remains the same. Each type of the transceiver used has different characteristics, such as the number of ports available to connect to the network and whether full-duplex communication is supported.
Listed with transceivers in the CompTIA objectives are media converters.
Media converters are a technology that allows administrators to interconnect different media types—for example, twisted pair, fiber, and Thin or thick coax—within an existing network. Using a media converter, it is possible to connect newer 100Mbps, Gigabit Ethernet, or ATM equipment to existing networks such as 10BASE-T or 100BASE-T. They can also be used in pairs to insert a fiber segment into copper networks to increase cabling distances and enhance immunity to electromagnetic interference (EMI).
A
firewall
is a networking device, either hardware or software based, that controls access to your organization’s network. This controlled access is designed to protect data and resources from an outside threat. To do this, firewalls are typically placed at entry/exit points of a network—for example, placing a firewall between an internal network and the Internet. Once there, it can control access in and out of that point.
Although firewalls typically protect internal networks from public networks, they are also used to control access between specific network segments within a network—for example, placing a firewall between the Accounts and the
Sales departments.
As mentioned, firewalls can be implemented through software or through a dedicated hardware device. Organizations implement software firewalls through network operating systems (NOS) such as Linux/UNIX, Windows servers, and Mac OS servers. The firewall is configured on the server to allow or permit certain types of network traffic. In small offices and for regular home use, a firewall is commonly installed on the local system and configured to control traffic. Many third-party firewalls are available.
Hardware firewalls are used in networks of all sizes today. Hardware firewalls are often dedicated network devices that can be implemented with very little configuration and protect all systems behind the firewall from outside sources. Hardware firewalls are readily available and often combined with other devices today. For example, many broadband routers and wireless access points have firewall functionality built in. In such case, the router or
WAP might have a number of ports available to plug systems in to.
75
04 2548 ch03 5/16/05 12:28 PM Page 76
76
Firewalls are discussed in greater detail in Chapter 8, “Configuring Network Security.”
Table 3.4 provides a summary of the networking devices identified in this chapter.
Table 3.4
Device
Hub
Switch
Bridge
Router
Gateway
CSU/DSU
ISDN terminal adapter
WAP
Network Devices Summary
Network card
Function/Purpose
Connects devices on a twisted-pair network.
Connects devices on a twisted-pair network.
Divides networks to reduce overall network traffic.
Connects networks together.
Translates from one data format to another.
Translates digital signals used on a LAN to those used on a WAN.
Enables systems to connect to the network.
Connects devices to ISDN lines.
Provides network capabilities to wireless network devices.
Key Points
A hub does not perform any tasks besides signal regeneration.
A switch forwards data to its destination by using the MAC address embedded in each packet.
A bridge allows or prevents data from passing through it by reading the MAC address.
A router uses the software-configured network address to make forwarding decisions.
Gateways can be hardware or software based. Any device that translates data formats is called agateway.
CSU/DSU functionality is sometimes incorporated into other devices, such as a router with a WAN connection.
Network interfaces can be add-in expansion cards, PCMCIA cards, or built-in interfaces.
ISDN is a digital WAN technology often used in place of slower modem links. ISDN terminal adapters are required to reformat the data format for transmission on ISDN links.
A WAP is often used to connect to a wired network, thereby acting as a link between wired and wireless portions of the network.
(continued)
04 2548 ch03 5/16/05 12:28 PM Page 77
Table 3.4
Device
Network Devices Summary
(continued)
Function/Purpose Key Points
Modem
Transceiver
Firewall
Provides serial communication capabilities across phone lines.
Coverts one media type to another, such as UTP to fiber.
Provides controlled data access between networks.
Modems modulate the digital signal into analog at the sending end and perform the reverse function at the receiving end.
A device that functions as a transmitter and a receiver of signals such as analog or digital.
Firewalls can be hardware or software based and are an essential part of a networks security strategy.
A
MAC address
is a unique 6-byte address that is burned into each network interface or more specifically, directly into the PROM chip on the NIC. The number must be unique, as the MAC address is the basis by which almost all network communication takes place. No matter which networking protocol is being used, the MAC address is still the means by which the network interface is identified on the network. Notice that I say network interface. That’s very important, as a system that has more than one network card in it will have more than one MAC address.
MAC addresses are expressed in six hexadecimal values. In some instances, the six values are separated by colons (:); in others, hyphens (-) are used; and in still others, a space is simply inserted between the values. In any case, because the six values are hexadecimal, they can only be numbers 0–9 and the letters A–F. So, a valid MAC address might be
00-D0-56-F2-B5-12 or
00-26-DD-
14-C4-EE
. There is a way of finding out whether a MAC address exists through the IEEE, which is responsible for managing MAC address assignment. The IEEE has a system in place that lets you identify the manufacturer of the network interface by looking at the MAC address.
For example, in the MAC address
00-80-C8-E3-4C-BD
, the
00-80-C8 identifies the manufacturer and the
E3-4C-BD portion portion is assigned by the manufacturer to make the address unique. The IEEE is the body that assigns manufacturers their IDs, called Organizationally Unique Identifiers, and the manufacturer then assigns the second half, called the Universal LAN MAC address. From the IEEE’s perspective, leaving the actual assignment of
77
04 2548 ch03 5/16/05 12:28 PM Page 78
78
addresses to the manufacturers significantly reduces the administrative overhead for the IEEE.
As discussed, MAC addresses are expressed in hexadecimal format. For that reason, they can only use the numbers 0–9 and the letters A–F. There are only six bytes, so a MAC address should be six groups of two characters. Any other number of characters or any answer that contains a letter other than those described can be immediately discounted as an answer.
The method by which you can discover the MAC address of the network interfaces in your equipment depends on which operating system is being used. Table 3.5 shows you how to obtain the MAC address on some of the more common platforms.
Be prepared to identify the commands used to view a MAC address as shown in Table
3.5. You might be asked to identify these commands on the Network+ exam.
Table 3.5
Platform
Commands to Obtain MAC Addresses
Windows 95/98/Me
Windows NT/2000
Linux/Some UNIX
Novell NetWare
Cisco Router
Method
Run the
winipcfg
Run
ipconfig /all
Run the
ifconfig -a
Run the
Run the
config sh int <
utility.
from a command prompt.
command.
command.
interface name
>
command.
As you work with network interfaces more, you might start to become familiar with which ID is associated with which manufacturer. Although this is a skill that might astound your friends and impress your colleagues, it won’t help you with the Network+ exam. Just knowing what does, and doesn’t, represent a valid MAC address will be sufficient on the exam.
The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.
04 2548 ch03 5/16/05 12:28 PM Page 79
➤
Both hubs and switches are used in Ethernet networks. Token Ring networks, which are few and far between, use special devices called multistation access units (MSAUs) to create the network.
➤
The function of a hub is to take data from one of the connected devices and forward it to all the other ports on the hub.
➤
Most hubs are considered
active
because they regenerate a signal before forwarding it to all the ports on the device. In order to do this, the hub needs a power supply.
➤
Rather than forwarding data to all the connected ports, a switch forwards data only to the port on which the destination system is connected.
➤
Switches make forwarding decisions based on the Media Access Control
(MAC) addresses of the devices connected to them to determine the correct port.
➤
In cut-through switching, the switch begins to forward the packet as soon as it is received.
➤
In a store-and-forward configuration, the switch waits to receive the entire packet before beginning to forward it.
➤
FragmentFree switching works by reading only the part of the packet that enables it to identify fragments of a transmission.
➤
Hubs and switches have two types of ports: Medium Dependent
Interface (MDI) and Medium Dependent Interface-Crossed (MDI-X).
➤
A straight-through cable is used to connect systems to the switch or hub using the MDI-X ports.
➤
In a crossover cable, wires 1 and 3 and wires 2 and 6 are crossed.
➤
Both hubs and switches come in managed and unmanaged versions. A managed device has an interface through which it can be configured to perform certain special functions.
➤
Bridges are used to divide up networks and thus reduce the amount of traffic on each network.
➤
Unlike bridges and switches, which use the hardware-configured MAC address to determine the destination of the data, routers use the software-configured network address to make decisions.
79
04 2548 ch03 5/16/05 12:28 PM Page 80
80
➤
With distance-vector routing protocols, each router communicates all the routes it knows about to all other routers to which it is directly attached.
➤
RIP is a distance routing protocol for both TCP and IPX.
➤
Link state protocols communicate with all other devices on the network to build complete maps of the network. They generate less network traffic than distance vector routing protocols but require more powerful network hardware.
➤
Open Shortest Path First (OSPF) and NetWare Link State Protocol
(NLSP) are the most commonly used link state routing protocols used on IP and IPX networks respectively.
➤
The term
gateway
is applied to any device, system, or software application that can perform the function of translating data from one format to another.
➤
A CSU/DSU acts as a translator between the LAN and the WAN data formats.
➤
Wireless network devices gain access to the network via Wireless Access
Points.
➤
Wireless Access Points provide additional functionality such as DHCP, router, firewall, and hub/switch.
➤
Modems translate digital signals from a computer into analog signals that can travel across conventional phone lines.
➤
Transceivers are devices on the network that both transmit and receive data signals.
➤
Media converters are used to convert between one media type and another.
04 2548 ch03 5/16/05 12:28 PM Page 81
➤
Hub
➤
Bridge
➤
Gateway
➤
Network Interface Cards
➤
ISDN adapters
➤
Switch
➤
Router
➤
CSU/DSU
➤
System area network cards
➤
Wireless Access Points (WAPs)
➤
Modems
➤
MAC addresses
➤
Distance vector
➤
Link state
➤
Dynamic routing
➤
Static routing
➤
NLSP
➤
OSPF
➤
RIP
➤
Convergence
➤
Bridging loops
➤
Transceivers
➤
Media converters
81
04 2548 ch03 5/16/05 12:28 PM Page 82
82
1. Users are complaining that the performance of the network is not satisfactory. It takes a long time to pull files from the server, and, under heavy loads, workstations can become disconnected from the server.
The network is heavily used, and a new video conferencing application is about to be installed. The network is a 100BaseT system created with Ethernet hubs. Which of the following devices are you most likely to install to alleviate the performance problems?
❑
❑
❑
❑
A. Switch
B. Router
C. Bridge
D. Gateway
2. Which of the following devices forwards data packets to all connected ports?
❑
❑
❑
❑
A. Router
B. Switch
C. Bridge
D. Hub
3. Of the following routing methods, which is likely to take the most amount of administration time in the long term?
❑
❑
❑
❑
A. Static
B. Link state
C. Distance vector
D. Dynamic
4. Your manager asks you to look into some upgrades for your network.
The current network is a 10Base2 system, and you have been experiencing numerous hard-to-track-down cable problems. As a result, you have decided to upgrade to a 10BaseT system. On the networking vendor’s price list are both active and passive hubs. The passive hubs are considerably cheaper than the active ones, and you are tempted to opt for them so that you come in under budget. A colleague advises you against the purchase of passive hubs. What is the primary difference between an active and a passive hub?
❑
❑
❑
❑
A. Passive hubs do not offer any management capabilities.
B. Passive hubs cannot be used in full-duplex mode.
C. Passive hubs do not regenerate the data signal.
D. Passive hubs forward data to all ports on the hub, not just the one for which they are intended.
04 2548 ch03 5/16/05 12:28 PM Page 83
5. Which of the following statements best describes a gateway?
❑
❑
❑
❑
A. It is a device that enables data to be routed from one network to another.
B. It is a term used to refer to any device that resides at the entrance of a network.
C. It is a device, system, or application that translates data from one format to another.
D. It is a network device that can forward or block data based on the
MAC address embedded within the packet.
6. You have a thin coaxial-based Ethernet network and are experiencing performance problems on the network. By using a network performance-monitoring tool, you determine that there are a large number of collisions on the network. In an effort to reduce the collisions, you decide to install a network bridge. What kind of bridge are you most likely to implement?
❑
❑
❑
❑
A. Collision bridge
B. Transparent bridge
C. Visible bridge
D. Translational bridge
7. Which of the following represents a valid MAC address?
❑
❑
❑
❑
A.
B.
C.
D.
00-D0-56-F2-B5-12
00-63-T6-4H-7U-78
00-62-DE-6F-D2
000-622-DE5-75E-EA6
8. Which of the following devices passes data based on the MAC address?
❑
❑
❑
❑
A. Hub
B. Switch
C. MSAU
D. Router
9. What is the speed of the 16550 UART chip?
❑
❑
❑
❑
A. 921,600
B. 430,800
C. 115,200
D. 9,600
10. Which of the following devices would you find only on a Token Ring network?
❑
❑
❑
❑
A. Hub
B. Switch
C. MSAU
D. Router
83
04 2548 ch03 5/16/05 12:28 PM Page 84
84
1. The correct answer is A. Replacing Ethernet hubs with switches can yield significant performance improvements. Of the devices listed, they are also the only one that can be substituted for hubs. Answer B, router, is incorrect as a router is used to separate networks, not as a connectivity point for workstations. A bridge could be used to segregate the network and so improve performance, but a switch is a more obvious choice in this example. Therefore, answer C is incorrect.
Answer D, gateway, is incorrect. A gateway is a device, system, or application that translates data from one format to another.
2. The correct answer is D. Hubs are inefficient devices that send data packets to all connected devices. Many of today’s networks are upgrading to switches that pass data packets to the specific destination device.
This method significantly increases network performance.
3. The correct answer is A. Static routing will take more time to administer in the long term, as any changes to the network routing table must be entered manually. Answers B and C are incorrect. Distance vector and link state are both dynamic routing methods. Answer D is also incorrect. Dynamic routing might take more time to configure initially; but in the long term, it will require less administration time. It can adapt to changes in the network layout automatically.
4. The correct answer is C. An active hub regenerates the data signal before forwarding, it a passive hub does not. Answer A is incorrect.
The management capabilities of a hub have nothing to do with the active/passive aspect of the device. Answer B is incorrect. Hubs are not capable of operating in full-duplex mode. Only network switches are capable of performing this function in this context. Answer D describes the function of a switch, not a hub.
5. The correct answer is C. A gateway can be a device, system, or application that translates data from one format to another. Answers B and D are more likely to describe a router than a gateway. Answer D describes a bridge. A bridge is a device that is used to segregate a network. It makes forwarding or blocking decisions based on the MAC address embedded within the packet.
6. The correct answer is B. A transparent bridge can be used to segment a network, which reduces the amount of collisions and the overall network traffic. It is called transparent because the other devices on the network do not need to be aware of the device and will, in fact, operate as if it wasn’t there. Answer D is incorrect as a translational bridge is
04 2548 ch03 5/16/05 12:28 PM Page 85 used in environments where it is necessary to translate from one data format to another. Such a conversion is not necessary in this scenario.
Answers A and C are invalid. There is no such thing as a collision bridge or a visible bridge.
7. The correct answer is A. A MAC address is a 6-byte address that is expressed in hexadecimal format. Answer B contains the letters T and
U, which are not valid. Hexadecimal format uses only numbers and the letters A through F. For this reason, answer B is incorrect. Answer C is only five bytes, so it is incorrect. Answer D is incorrect because a byte in hexadecimal is expressed in two characters and the answer uses three.
8. The correct answer is B. When determining the destination for a data packet, the switch learns the MAC address of all devices attached to it and then matches the destination MAC address in the data it receives.
None of the other devices pass data based solely on the MAC address.
9. The correct answer is C. 115,200 is the speed of the 16550 UART chip. Answer A is incorrect as 921,600 is the speed of the 16750 and
16950 UART chips. Answer B is incorrect as 430,800 is the speed of the 16650 UART chip and 9600 is the speed of the 8250 UART chip.
10. The correct answer is C. A Multistation Access Unit (MSAU) is used as the connectivity point on a Token Ring network. Answers A and B are incorrect. Switches and hubs are associated with Ethernet networks. Answer D is incorrect. Routers can be found on both Token
Ring and Ethernet networks.
Olexa, Ron.
Implementing 802.11, 802.16, and 802.20 Wireless
Networks: Planning, Troubleshooting, and Operations
.
Communications Engineering. Newnes Publishing, 2004.
Computer networking products and information—www.
alliedtelesyn.com.
Computer networking device information—www.3com.com.
“Computer Networking Tutorials and Advice”—compnetworking.
about.com.
85
04 2548 ch03 5/16/05 12:28 PM Page 86
05 2548 ch04 5/16/05 12:29 PM Page 87
4
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
2.2 Identify the seven layers of the OSI (Open Systems Interconnect) model and their functions
✓
✓
✓
✓
✓
✓
2.3 Identify the OSI (Open Systems Interconnect) layers at which the following network components operate:
Hubs
Switches
Bridges
Routers
NICs (Network Interface Card)
WAPs (wireless access point)
✓
✓
✓
✓
2.4 Differentiate between the following network protocols in terms of routing, addressing schemes, interoperability, and naming conventions:
IPX/SPX (Internetwork Packet Exchange/Sequence Packet Exchange)
NetBEUI (Network Basic Input/Output System Extended User Interface)
AppleTalk/AppleTalk over IP (Internet Protocol)
TCP/IP (Transmission Control Protocol/Internet Protocol)
What you need to know
✓
✓
✓
✓
✓
Identify the seven layers of the OSI model
Identify the function of each of the layers in the OSI model
Identify the layer at which networking devices function
Identify the various common protocol suites used with networks
Understand the basic characteristics of common protocol suites
05 2548 ch04 5/16/05 12:29 PM Page 88
88
One of the most important networking concepts to understand is the
Open
Systems Interconnect
(
OSI
) reference model. This conceptual model, created by the
International Organization for Standardization
(
ISO
) in 1978 and revised in 1984, describes a network architecture that allows data to be passed between computer systems.
This chapter looks at the OSI model and describes how it relates to realworld networking. It also examines how common network devices relate to the OSI model. Even though the OSI model is conceptual, an appreciation of its purpose and function can help you better understand how protocol suites and network architectures work in practical applications.
As shown in Figure 4.1, the OSI reference model is built, bottom to top, in the following order: physical, data-link, network, transport, session, presentation, and application. The physical layer is classified as layer 1 and the top layer of the model, the application layer, as layer 7.
On the Network+ exam, you may either see an OSI layer referenced by its name, such as data-link, or by its layer number. For instance, you might find that a router is referred to as a layer 3 device.
7 - Application
6 - Presentation
5 - Session
4 - Transport
3 - Network
2 - Data-link
1 - Physical
Figure 4.1
The OSI seven layer model.
05 2548 ch04 5/16/05 12:29 PM Page 89
Each layer of the OSI model has a specific function. The following sections describe the function of each layer, starting with the physical layer and working up the model.
The physical layer of the OSI model identifies the physical characteristics of the network, including the following specifications:
➤
—The type of media used on the network such as type of cable, type of connector, and pinout format for cables.
➤
—The physical layer identifies the topology to be used in the network. Common topologies include ring, mesh, star, and bus.
In addition to these, the physical layer also defines the voltage used on a given media and the frequency at which the signals that carry the data move from one state to another. These characteristics dictate the speed and bandwidth of a given media as well as the maximum distance over which a certain media type can be used.
The data-link layer is responsible for getting data to the physical layer so that it can be transmitted over the network. The data-link layer is also responsible for error detection, error correction, and hardware addressing. The term
frame
is used to describe the logical grouping of data at the data-link layer.
The data-link layer has two distinct sublayers—the
Media Access Control
(
MAC
) sublayer and the
Logical Link Control
(
LLC
) sublayer.
➤
—The MAC address is defined at this layer. The MAC address is the physical or hardware address burned into each NIC. The
MAC sublayer also controls access to network media. The MAC layer specification is included in the IEEE802.1 standard.
➤
—The LLC layer is responsible for the error and flowcontrol mechanisms of the data-link layer. The LLC layer is specified in the 802.2 standard.
The primary responsibility of the network layer is
routing
—providing mechanisms by which data can be passed from one network system to another. It
89
05 2548 ch04 5/16/05 12:29 PM Page 90
90
does not specify how the data is passed, but rather provides the mechanisms to do so. Functionality at the network layer is provided through protocols, which are software components.
Protocols at the network layer are also responsible for
route selection
, which refers to determining the best path for the data to take throughout the network. In contrast to the data-link layer, which uses MAC addresses to communicate on the LAN, network protocols use software configured addresses and special routing protocols to communicate on the network. The term
packet
is used to describe the logical grouping of data at the data-link layer.
When working with networks, there are two ways in which routes can be configured:
statically
or
dynamically
. In a static routing environment, routes are added manually to the routing tables. In a dynamic routing environment, routing protocols such as
Routing Information Protocol
(
RIP
) and
Open Shortest Path First
(
OSPF
) are used.
These protocols communicate routing information between networked devices on the network.
The basic function of the transport layer is to provide mechanisms to transport data between network devices. Primarily it does this in three ways:
➤
Error checking
—Protocols at the transport layer ensure that data is sent or received correctly.
➤
Service addressing
—Protocols such as TCP/IP support many network services. The transport layer makes sure that data is passed to the right service at the upper layers of the OSI model.
➤
Segmentation
—To traverse the network, blocks of data need to be broken down into packets that are of a manageable size for the lower layers to handle. This process, called
segmentation
, is the responsibility of the transport layer.
Protocols that operate at the transport layer can either be connectionless, such as the User Datagram Protocol (UDP) , or connection oriented, such as
Transmission Control Protocol
(
TCP
). For a further discussion of these protocols, and of the difference between connection oriented and connectionless protocols, refer to the information on network protocols later in this chapter.
05 2548 ch04 5/16/05 12:29 PM Page 91
The transport layer is also responsible for
data flow control
, which refers to the way in which the receiving device can accept data transmissions. There are two common methods of flow control used,
buffering
and
windowing
:
➤
—When buffering flow control is used, data is temporarily stored and waits for the destination device to become available.
Buffering can cause a problem if the sending device transmits data much faster than the receiving device is able to manage it.
➤
—In a windowing environment, data is sent in groups of segments that require only one acknowledgment. The size of the window (that is, how many segments fit into one acknowledgment) is defined at the time the session between the two devices is established. As you can imagine, the need to have only one acknowledgment for every, say, five segments can greatly reduce overhead.
The session layer is responsible for managing and controlling the synchronization of data between applications on two devices. It does this by establishing, maintaining, and breaking sessions. Whereas the transport layer is responsible for setting up and maintaining the connection between the two nodes, the session layer performs the same function on behalf of the application.
The presentation layer’s basic function is to convert the data intended for or received from the application layer into another format. Such conversion is necessary because of the way in which data is formatted, so it can be transported across the network. This conversion is not necessarily readable by applications. Some common data formats handled by the presentation layer include the following:
➤
—JPEG, TIFF, GIF, and so on are graphics file formats that require the data to be formatted in a certain way.
➤
—The presentation layer can translate data into different formats such as American Standard Code for Information Interchange
(ASCII) and the Extended Binary Coded Decimal Interchange Code
(EBCDIC).
91
05 2548 ch04 5/16/05 12:29 PM Page 92
92
➤
Sound/video
—MPEGs, QuickTime video, and MIDI files all have their own data formats to and from which data must be converted.
Another very important function of the presentation layer is
encryption
, which is the scrambling of data so that it can’t be read by anyone other than the intended recipient. Given the basic role of the presentation layer—that of data-format translator—it is the obvious place for encryption and decryption to take place.
In simple terms, the function of the application layer is to take requests and data from the users and pass them to the lower layers of the OSI model.
Incoming information is passed to the application layer, which then displays the information to the users. Some of the most basic application-layer services include file and print capabilities.
The most common misconception about the application layer is that it represents applications that are used on a system such as a Web browser, word processor, or a spreadsheet. Instead, the application layer defines the processes that enable applications to use network services. For example, if an application needs to open a file from a network drive, the functionality is provided by components that reside at the application layer.
In summary, Table 4.1 lists the seven layers of the OSI model and describes some of the most significant points of each layer.
Table 4.1
OSI Model Summary
OSI Layer
Physical (Layer 1)
Data-link (Layer 2)
Network (Layer 3)
Major Functions
Defines thephysical structure of the network and the topology.
Provides error detection and correction. Uses two distinct sublayers: the Media Access Control (MAC) and Logical Link
Control (LLC) layers. Identifies the method by which media is accessed. Defines hardware addressing through the MAC sublayer.
Handles the discovery of destination systems and addressing.
Provides the mechanism by which data can be passed from one network system to another.
(continued)
05 2548 ch04 5/16/05 12:29 PM Page 93
Table 4.1
OSI Layer
OSI Model Summary
(continued)
Major Functions
Transport (Layer 4)
Session (Layer 5)
Provides connection services between the sending and receiving devices and ensures reliable data delivery. Manages flow control through buffering or windowing. Provides segmentation, error checking, and service identification.
Synchronizes the data exchange between applications on separate devices.
Presentation (Layer 6) Translates data from the format used by applications into one that can be transmitted across the network. Handles encryption and decryption of data. Provides compression and decompression functionality. Formats data from the application layer into a format that can be sent over the network.
Application (Layer 7) Provides access to the network for applications.
When you have an understanding of the OSI model, it is possible to relate network connectivity devices discussed in Chapter 3, “Networking Devices,” to the appropriate layer of the OSI model. Knowing at which OSI level a device operates allows you to better understand how it functions on the network.
Table 4.2 identifies various network devices and maps them to the OSI model.
For the Network+ exam, you are expected to be able to identify at which layer of the
OSI model certain network devices operate.
93
Table 4.2
Device
Hub
Switch
Bridge
Router
NIC
WAP
Mapping Network Devices to the OSI Model
OSI Layer
Physical (Layer 1)
Data-link (Layer 2)
Data-link (Layer 2)
Network (Layer 3)
Data-link (Layer 2)
Data-link (Layer 2)
05 2548 ch04 5/16/05 12:29 PM Page 94
94
You might find yourself working with a number of protocols in today’s networked environments. The primary function of these protocols is to facilitate communication between network devices. This section reviews the main characteristics of the most widely used protocols.
Before getting into the characteristics of the various network protocols and protocol suites, it’s important to first identify the difference between connection-oriented and connectionless protocols.
In a
connection-oriented
communication, there is guaranteed delivery of the data. Any packet that is not received by the destination system is resent by the sending device. Communication between the sending and receiving devices continues until the transmission has been verified. Because of this, connection-oriented protocols have a higher overhead and place greater demands on bandwidth.
Connection-oriented protocols such as TCP (Transmission Control Protocol) are capable of accommodating lost or dropped packets by asking the sending device to retransmit them. They are capable of doing this because they wait for all the packets in an entire message to be received before considering the transmission complete.
On the sending end, connection-oriented protocols also assume that a lack of acknowledgment is sufficient reason to retransmit.
In contrast to connection-oriented communication,
connectionless
offer only a
best-effort
protocols delivery mechanism. Basically, the information is sent—there is no confirmation that the data has been received. If there is an error in the transmission, there is no mechanism to resend the data, so transmissions made with connectionless protocols are not guaranteed.
Connectionless communication requires far less overhead than connectionoriented communication, so it is popular in applications such as streaming audio and video where a small number of dropped packets might not represent a significant problem.
As you work through the various protocols, keep an eye out for the protocols that are connectionless and those that are connection-oriented.
05 2548 ch04 5/16/05 12:29 PM Page 95
Like TCP/IP and AppleTalk that are also discussed in this chapter, IPX/SPX is not a single protocol but rather a protocol suite. IPX/SPX was created by
Novell for use on Novell networks. When Novell had a larger presence in the network arena, so too did the IPX/SPX protocol suite. Today, the popularity of IPX/SPX has yielded to TCP/IP although it is still used in some network environments—enough at least to include it in the CompTIA exam objectives. TCP/IP’s suitability for large multisite networks and its general acceptance has now even led Novell to adopt TCP/IP as the protocol of choice. Table 4.3 shows some of the protocols that comprise the IPX/SPX suite and their functions.
Table 4.3
IPX/SPX Protocols and Their Functions
Protocol
Internetwork Packet
Exchange (IPX)
NetWare Link State
Protocol (NLSP)
Function
A connectionless transport protocol that is primarily responsible for logical network addressing, route selections, and connection services.
NLSP uses a link-state route discovery method to build routing tables.
Related OSI
Layer(s)
Network,
Transport
Network
NetWare Core
Protocol (NCP)
Routing Information
Protocol (RIP)
Service Advertising
Protocol (SAP)
Sequenced Packet
Exchange (SPX)
NCP is a connection-oriented protocol that provides the connection between clients and services.
Similar to the routing protocol used with
TCP/IP, RIP is responsible for the routing of packets on an IPX/SPX network.
SAP allows systems providing services to the network, such as file and print services, to announce their services and addresses to the network.
SPX is a connection-based protocol used when guaranteed message delivery is required on the network.
Application,
Presentation,
Session
Network
Application,
Presentation,
Session
Transport
95
05 2548 ch04 5/16/05 12:29 PM Page 96
96
An example of an IPX address is
0BAD33CE:0003FE7C06EC
. The
0BAD33CE portion represents the IPX address for the network, which is also sometimes referred to as the network number. The part
0003FE7C06EC is the MAC address of the node, which is used for the second part of the address. The node MAC address is derived directly from the MAC address burned on to each network card, but in IPX addressing, it is expressed without the colons (:). In addition to this format, IPX addresses can also be written with each group of four hexadecimal characters separated by colons—for example,
0000:0007:003C:7F53:04CF
. In some cases, any leading 0s on the network address portion are dropped. For example,
00000007 can be expressed simply as
7
. The address would then be
7:003C:7F53:04CF
.
Because IPX addresses are expressed in hexadecimal, they can only contain the letters A through F and the numbers 0 through 9. There can be a maximum of 8 characters in the segment portion and 12 characters in the MAC address portion. You should be prepared to identify how IPX addressing works for the Network+ exam.
As you might expect, the IPX/SPX protocol suite is fully supported by
Novell NetWare, but it can also be used in a Microsoft Windows environment. Microsoft includes its own version of the IPX/SPX protocol,
NWLink, which provides this interoperability. Using the NWLink protocol and the Microsoft Client for NetWare, Windows systems can connect to a
NetWare server using IPX/SPX.
Because of the prevalence of TCP/IP, interoperability with the IPX/SPX protocol has become less important. For some time now, TCP/IP has been used as the default protocol on Novell networks. As far as Linux is concerned, there is a way to use the IPX/SPX protocol on a Linux system, but
TCP/IP is the protocol of choice there too.
Unlike TCP/IP, which is discussed later, there are few issues with IPX/SPX naming because servers are normally the only parts of a network that are assigned names. These names, which are sometimes referred to as addresses, can be up to 47 characters (in current versions of NetWare). Workstations do not need such names and instead just use IPX addresses.
05 2548 ch04 5/16/05 12:29 PM Page 97
NetBEUI was once a popular protocol for smaller networks. It is fast and easy to configure but has one significant drawback in that it is not routable.
This one fact limits NetBEUI to a single network segment far too restrictive for the majority of today’s networking environments.
In terms of addressing, NetBEUI is perhaps the simplest of all the protocols discussed here. For this reason, it is still sometimes used on very small simple networks such as those found in a home or on very small business networks. Computers on a NetBEUI network are identified by NetBIOS names. The NetBIOS name can be no longer than 15 characters and must be unique to the network. Using the 15 characters, you can assign the computers descriptive names such as
workstation
,
student1,
or
secretary2
.
The discussion on interoperability with NetBEUI is a short one; it is used on Windows platforms exclusively.
AppleTalk is a protocol associated with Apple networks. The AppleTalk protocol is an established protocol, having been introduced in the early 1980s, and continued development toward the end of the 1980s enabled it to become a viable internet-working protocol.
Like the IPX/SPX and TCP/IP protocol suites, the AppleTalk protocol suite is composed of several protocols. Table 4.4 lists the protocols within the
AppleTalk protocol suite and their functions.
Table 4.4
Protocol
AppleShare
AppleTalk Protocols and Their Functions
Function
AppleTalk Address
Resolution Protocol
(AARP)
AppleShare provides application layer services, including file and print sharing.
AARP is used to map AppleTalk addresses to Ethernet and Token Ring physical addresses.
OSI Layer
Application
(Layer 7)
Network
(Layer 3)
(continued)
97
05 2548 ch04 5/16/05 12:29 PM Page 98
98
Table 4.4
Protocol
AppleTalk Protocols and Their Functions
AppleTalk Data
Stream Protocol
(ADSP)
AppleTalk Filing
Protocol (AFP)
Function
(continued)
ADSP is a session layer protocol used to establish connections between network devices. It also functions at the transport layer and manages flow control.
The AFP protocol manages file sharing for the network.
AppleTalk Session
Protocol (ASP)
AppleTalk
Transaction
Protocol (ATP)
Datagram Delivery
Protocol (DDP)
EtherTalk Link
Access Protocol
(ELAP)
Name Binding
Protocol (NBP)
Printer Access
Protocol (PAP)
Routing Table
Maintenance
Protocol (RTMP)
TokenTalk
Link Access
Protocol (TLAP)
Zone Information
Protocol (ZIP)
OSI Layer
Session
(Layer 5)
Similar to the ADSP protocol, ASP works at the session layer of the OSI model and establishes and releases connections between networked devices.
ATP establishes a connectionless session between networked systems. ATP functions at the transport layer.
Performs datagram delivery and also handles routing functions.
ELAP is a variation of the AppleTalk protocol that is compatible with the
Ethernet protocol.
The NBP protocol is used to map computer hostnames to network layer addresses.
PAP is a session layer protocol used to provide printing services on an AppleTalk network.
RTMP is the protocol on AppleTalk networks that maintains the routing tables for the network.
TLAP is a variation on the AppleTalk protocol that is compatible with the Token
Ring protocol.
ZIP is used to divide network devices into logical groups called
zones
.
Presentation
(Layer6)/
Application
(Layer 7)
Session
(Layer 5)
Transport
(Layer 4)
Network
(Layer 3)
Data-Link
(Layer 2)
Transport
(Layer 4)
Session
(Layer 5)
Transport
(Layer 4)
Data-Link
(Layer 2)
Session
(Layer 5)
Be prepared to identify the protocols found within the AppleTalk protocols suite for the Network+ exam.
05 2548 ch04 5/16/05 12:29 PM Page 99
The CompTIA objective for this topic cites AppleTalk over IP under the same heading as AppleTalk. In reality, AppleTalk over IP is just the use of the AppleTalk Filing
Protocol (AFP) over a TCP/IP connection.
99
Like the other protocols discussed, the AppleTalk protocol uses a two-part addressing scheme—a node and a network section. The node portion of the address is assigned automatically when the system is first brought up onto the network. It is a randomly generated number and then broadcast to the entire network. If a duplicate node address is assigned, another will be assigned and rebroadcast to the network. The network portion of the address is assigned by the network administrator.
The actual AppleTalk address is 24 bits long with 16 bits used for the network address and 8 bits for the node address. AppleTalk addresses are expressed in decimal format, with the network and node addresses separated by a period. An example of an AppleTalk address might be 4.67. The 4 represents the network number, and 67 is the node number.
When working with AppleTalk networks, you will work with
zones
. Zones are a method used to group devices and systems together into logical units. Zones are similar in function to workgroups on Windows systems, and make it easier for users and administrators alike to locate resources.
AppleTalk was designed for the purpose of being used on Apple networks and, as such, is not natively supported by most of the other major operating systems. Because of this, today, other protocols such as TCP/IP are a more common choice, even for Apple-based networks. In fact, Macintosh systems themselves support the use of TCP/IP. AppleTalk can be configured to work with other platforms, but, given the proliferation of TCP/IP, this is not widely done.
The earliest implementations of AppleTalk were not routable, but later versions were. Routing functionality for AppleTalk is provided by the RTMP protocol. RTMP provides similar functionality to the RIP protocol used with
IPX/SPX and TCP/IP networks.
05 2548 ch04 5/16/05 12:29 PM Page 100
100
AppleTalk networks use logical hostnames, making systems readily recognizable on the network. The network address-to-hostname resolution is handled by the NBP protocol in the AppleTalk protocol suite. It performs a similar function to that provided by DNS on a TCP/IP network.
Quite often, TCP/IP is referred to as a network protocol, although that’s not entirely accurate. Like IPX/SPX and AppleTalk, TCP/IP is actually a protocol suite comprised of many separate protocols—each of which has its own purpose and function. Combined, they all provide the TCP/IP functionality. The following list contains some of the more well-known protocols found within the TCP/IP protocol suite:
➤
Address Resolution Protocol (ARP)
➤
File Transfer Protocol (FTP)
➤
Internet Control Message Protocol (ICMP)
➤
Internet Protocol (IP)
➤
Reverse Address Resolution Protocol (RARP)
➤
Simple Mail Transfer Protocol (SMTP)
➤
Transmission Control Protocol (TCP)
This is just an introduction to the protocols found within the TCP/IP protocol suite. Chapter 5, “TCP/IP (Transmission Control Protocol/Internet
Protocol),” as well as objectives 2.5 through 2.12, discuss TCP/IP in much more detail.
One of the strengths of the TCP/IP protocol suite is that it is not owned by any one party and is not licensed. This is in contrast to protocols such as
AppleTalk and IPX/SPX, which are owned by Apple and Novell, respectively. Because of its non-proprietary nature, TCP/IP has an
open development model
with its standards published in documents known as
Requests for
Comments
(
RFCs
). RFCs are maintained by the
Internet Engineering Task Force
(
IETF
). You can find RFCs pertaining to TCP/IP on IETF’s website at www.ietf.org.
05 2548 ch04 5/16/05 12:29 PM Page 101
Anyone who has worked with TCP/IP knows that TCP/IP addressing can be a complex topic. This section provides an overview of TCP/IP addressing to compare how other protocols handle addressing. However, Chapter 5 provides a detailed look at the TCP/IP protocol including addressing.
In the most commonly deployed version of TCP/IP, version 4, (IPv4) addresses are composed of four sets of 8 bits referred to as
octets
. These are expressed in numbers and separated by periods. An example of a TCP/IP address is
192.168.3.2
. This format is often referred to as a 32-bit dotted decimal.
A single TCP/IP address represents both the IP address of an individual system and the network to which the system is attached. Determining which part of the IP address belongs to the network and which belongs to the node is the responsibility of the
subnet mask
. If part of the address refers to the network, it is assigned a binary value of
1 within the subnet mask. If it is the node address, it’s assigned a binary value of
0 within the subnet mask.
For example, if you had a subnet mask of
255.255.255.0
, the first two octets refer to the network and the second refer to the node address. So using the previous IP address as an example, the
192.168.3
portion of the address represents the network ID, and the
.2
portion of the address represents the node
ID. Table 4.5 shows default subnet masks and addressing examples.
You can expect to have to identify the parts of an IP address for the exam.
101
Table 4.5
Determining Network and Node Addresses
Subnet Mask IP Address Network Address
255.0.0.0
255.255.0.0
255.255.255.0
192.168.10.100
192.168.10.100
192.168.10.100
192
192.168
192.168.10
Node Address
168.10.100
10.100
100
As previously mentioned, more information on TCP/IP addressing is provided in Chapter 5.
Of all the protocols used on today’s networks, TCP/IP is by far the most versatile and interoperable. All of the popular operating systems today not only
05 2548 ch04 5/16/05 12:29 PM Page 102
102
support TCP/IP, but the vast majority also use it as the default protocol. This means that in any network environment, you can have Linux, Windows, and
NetWare servers and clients all communicating using TCP/IP.
Systems on a TCP/IP network can be accessed from the network either by their IP address or by a hostname. Hostnames are the names assigned to the system to make them easier to remember. For instance, the secretary’s computer might have the address of
192.168.4.23
, but you can access it using its hostname of
secretary1
or whatever name you assign it.
The name-resolution process from IP address to hostname is often performed dynamically through a
Domain Name Server
(
DNS
). It can also be done statically using a text file called ‘Hosts,’ which is stored on each system.
More information on name resolution is provided in Chapter 5.
TCP/IP is a fully routable protocol, making it a natural choice for large networks and those that span multiple locations. As mentioned previously,
TCP/IP is a protocol suite; there are two primary protocols within TCP/IP that provide the routing functionality—
Routing Information Protocol
Open Shortest Path First
(
OSPF
) .
(
RIP
) and
To help you in your exam preparations, the most pertinent information from this section is listed in Table 4.6.
Table 4.6
Protocol
IPX/SPX
NetBEUI
Comparison of the Various Protocols Discussed in This Chapter
Overview Routable Addressing
Used to be the default protocol for NetWare, but now TCP/IP is preferred.
Still supported by
Netware, Windows, and
Linux. Simplest addressing scheme of routable protocols discussed here.
Used by Windows.
Yes
No
Uses the MAC address to identify the node, and an eightcharacter (4-byte) hexadecimal address to identify the network.
Uses NetBIOS names to identify systems on the network.
(continued)
05 2548 ch04 5/16/05 12:29 PM Page 103
Table 4.6
Protocol
AppleTalk
TCP/IP
Comparison of the Various Protocols Discussed in This Chapter
(continued)
Overview Routable Addressing
Used by Macintosh with some support on other platforms.
Used by default with
UNIX, Linux, NetWare and
Windows systems. Also supported by Macintosh systems and practically every other computing platform. The most inter- operable of all protocols.
Yes
Yes
Uses a two-part addressing scheme. The first is a randomly generated number for the node address, and the second an administrator assigned number for the network address.
Uses four sets of 8 bits referred to as
octets
. A subnet mask is used to define what parts of the address refer to the network, and what parts refer to the node.
The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.
➤
The application layer provides access to the network for applications and certain user functions. Displays incoming information and prepares outgoing information for network access.
➤
The presentation layer converts data from the application layer into a format that can be sent over the network. Converts data from the session layer into a format that can be understood by the application layer.
Handles encryption and decryption of data. Provides compression and decompression functionality.
➤
The session layer synchronizes the data exchange between applications on separate devices. Handles error detection and notification to the peer layer on the other device.
➤
The transport layer establishes, maintains, and breaks connections between two devices. Determines the ordering and priorities of data.
Performs error checking and verification and handles retransmissions, if necessary.
103
05 2548 ch04 5/16/05 12:29 PM Page 104
104
➤
The network layer provides mechanisms for the routing of data between devices across single or multiple network segments. Handles the discovery of destination systems and addressing.
➤
The data-link layer has two distinct sublayers: LLC and MAC. It performs error detection and handling for the transmitted signals and defines the method by which the medium is accessed. Finally, it defines hardware addressing through the MAC sublayer.
➤
The physical layer defines the physical structure of the network. It defines voltage/signal rates and the physical connection methods as well as the physical topology.
➤
Application protocols map to the application, presentation, and session layers of the OSI model. These include AFP, FTP, TFTP, NCP, SMTP,
HTTP and SNMP.
➤
Transport protocols map to the transport layer of the OSI model and are responsible for the transporting of data across the network. These include ATP, NetBEUI, SPX, TCP, and UDP.
➤
The NetBEUI protocol uses names as addresses and is not routable.
➤
Network protocols are responsible for providing the addressing and routing information. These include IP, IPX, and DDP.
➤
RIP is routing protocol. There are versions of RIP for both IPX/SPX and TCP/IP networks.
➤
OSI
➤
Physical layer
➤
Data-link layer
➤
Network layer
➤
Transport layer
➤
Session layer
➤
Presentation layer
➤
Application layer
➤
LLC
➤
MAC
➤
Static routing
➤
Dynamic routing
➤
TCP
➤
UDP
➤
SPX
➤
Connectionless protocols
➤
Connection-oriented protocols
➤
NetBEUI
➤
AppleTalk
➤
Protocol suite
05 2548 ch04 5/16/05 12:29 PM Page 105
➤
Application protocol
➤
Transport protocol
➤
Network protocol
➤
Packet
➤
ATP
➤
FTP
➤
SNMP
➤
SMTP
➤
TCP
➤
UDP
➤
SPX
➤
IPX
➤
IP
➤
TCP/IP addressing
➤
Routing protocols
➤
OSPF
➤
RIP
105
05 2548 ch04 5/16/05 12:29 PM Page 106
106
1. Which of the following protocols provide network routing functionality? (Choose two.)
❑
❑
❑
❑
A. NBP
B. RIP
C. RTMP
D. NCP
2. Which of the following protocols uses the MAC address as part of the addressing scheme?
❑
❑
❑
❑
A. IPX/SPX
B. TCP/IP
C. AppleTalk
D. NetBEUI
3. At which OSI layer does a WAP operate?
❑
❑
❑
❑
A. Network
B. Physical
C. Data-link
D. Session
4. Which of the following are sublayers of the data-link layer?
(Choose two.)
❑
❑
❑
❑
A. MAC
B. LCL
C. Session
D. LLC
5. Which of the following protocols uses names as network addresses?
❑
❑
❑
❑
A. NetBEUI
B. TCP/IP
C. IPX/SPX
D. AppleTalk
6. Which of the following characteristics best describe the SPX protocol?
(Choose two.)
❑
❑
❑
❑
A. Provides a connectionless communication between network devices.
B. Provides connection-oriented communication between network devices.
C. Functions at the network layer of the OSI model.
D. Functions at the transport layer of the OSI model.
05 2548 ch04 5/16/05 12:29 PM Page 107
7. Which of the following OSI layers is responsible for establishing connections between two devices?
❑
❑
❑
❑
A. Network
B. Transport
C. Session
D. Data-link
8. Which of the following protocol suites uses ZIP?
❑
❑
❑
❑
A. TCP/IP
B. IPX/SPX
C. NetBEUI
D. AppleTalk
9. Which of the following protocols offer guaranteed delivery?
(Choose two.)
❑
❑
❑
❑
A. SPX
B. IPX
C. IP
D. TCP
10. At which OSI layer does a switch operate?
❑
❑
❑
❑
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
1. The correct answers are B and C. RIP is a distance-vector routing protocol used on TCP/IP and IPX/SPX networks. RTMP is a routing protocol used on AppleTalk networks. Answer A, NBP, is incorrect.
The NBP protocol is used to map computer hostnames to network layer addresses on AppleTalk networks. Answer D is incorrect—NCP is a part of the IPX/SPX protocol suite that makes network services available to clients.
2. The correct answer is A. IPX/SPX uses the MAC address to identify the node and network addresses. TCP/IP, answer B, uses a four octet address to identify the node and network. AppleTalk uses a 24-bit address—part of which is randomly generated and part of which is manually assigned. NetBEUI uses alphanumeric names to refer to devices.
107
05 2548 ch04 5/16/05 12:29 PM Page 108
108
3. The correct answer is C. A wireless access point (WAP) operates at the data-link layer of the OSI model. An example of a network layer device is a router. An example of a physical layer device is a hub. Session layer components are normally software, not hardware.
4. The correct answers are A and D. The data-link layer is broken into two distinct sublayers, the Media Access Control (MAC) and the
Logical Link Control (LLC). LCL is not a valid term, and session is another of the OSI model layers.
5. The correct answer is A. NetBEUI uses names as network addresses.
All the other network protocols listed use numbered addressing schemes at the network layer to identify systems.
6. The correct answers are B and D. SPX is a connection-oriented protocol that operates at the transport layer of the OSI model. IPX is an example of a connectionless protocol. Network layer protocols are most commonly associated with route discovery and datagram delivery.
7. The correct answer is B. The transport layer is responsible for establishing a connection between networked devices. The Network layer is most commonly associated with route discovery and datagram delivery.
Protocols at the Session layer synchronize the data exchange between applications on separate devices. Protocols at the Data-link layer perform error detection and handling for the transmitted signals and define the method by which the medium is accessed.
8. The correct answer is D. The Zone Information Protocol (ZIP) is used to divide AppleTalk network devices into logical groups called
zones
.
None of the other protocol suites listed use ZIP or zones. TCP/IP uses network numbers to define logical areas of a network, as does
IPX/SPX. NetBEUI uses workgroup names, which are similar to zones, but it does not use ZIP.
9. The correct answers are A and D. Both SPX and TCP are connectionoriented protocols, which guarantee delivery of data. IPX is a connectionless transport protocol, and IP is a network layer protocol that’s responsible for tasks such as addressing and route discovery.
10. The correct answer is B. A switch uses the MAC addresses of connected devices to make its forwarding decisions. Therefore, it is referred to as a data-link, or Layer 2, network device. Devices or components that operate at Layer 1 are typically media based, such as cables or connectors. An example of a Layer 3 device would be a router. Layer 4 components are typically software based, not hardware.
05 2548 ch04 5/16/05 12:29 PM Page 109
Bird, Drew and Harwood, Mike.
Network+ Exam Prep 2
. Que
Publishing, 2005.
Ogletree, Terry William.
Upgrading and Repairing Networks, Fourth
Edition
. Que Publishing, 2003.
Tulloch, Mitch, Ingrid Tulloch.
Microsoft Encyclopedia of
Networking, Second Edition
. Microsoft Press. 2002.
109
05 2548 ch04 5/16/05 12:29 PM Page 110
06 2548 ch05 5/16/05 12:29 PM Page 111
5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
2.5 Identify the components and structure of IP (Internet Protocol) addresses (IPv4,
IPv6), and the required setting for connections across the Internet
2.6 Identify classful IP (Internet Protocol) ranges and their subnet masks (for example,
Class A, B, and C)
2.7 Identify the purpose of subnetting
2.8 Identify the differences between private and public network addressing schemes
2.9 Identify and differentiate between the following IP (Internet Protocol) addressing methods:
✓
✓
✓
Static
Dynamic
Self-assigned (APIPA [Automatic Private Internet Protocol Addressing])
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
2.10 Define the purpose, function, and use of the following protocols used in the TCP/IP
(Transmission Control Protocol/Internet Protocol) suite:
TCP (Transmission Control Protocol)
UDP (User Datagram Protocol)
FTP (File Transfer Protocol)
SFTP (Secure File Transfer Protocol)
TFTP (Trivial File Transfer Protocol)
SMTP (Simple Mail Transfer Protocol)
HTTP (Hypertext Transfer Protocol)
HTTPS (Hypertext Transfer Protocol Secure)
POP3/IMAP4 (Post Office Protocol version 3/Internet Message Access Protocol version 4)
Telnet
06 2548 ch05 5/16/05 12:29 PM Page 112
112
✓
✓
✓
✓
✓
✓
✓
✓
✓
SSH (Secure Shell)
ICMP (Internet Control Message Protocol)
ARP/RARP (Address Resolution Protocol/Reverse Address Resolution Protocol)
NTP (Network Time Protocol)
NNTP (Network News Transport Protocol)
SCP (Secure Copy Protocol)
LDAP (Lightweight Directory Access Protocol)
IGMP (Internet Group Multicast Protocol)
LPR (Line Printer Remote)
2.11 Define the function of TCP/UDP (Transmission Control Protocol/User Datagram
Protocol) ports
2.12 Identify the well-known ports associated with the following commonly used services and protocols:
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
20 FTP (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH (Secure Shell)
23 Telnet
25 SMTP (Simple Mail Transfer Protocol)
53 DNS (Domain Name Server)
69 TFTP (Trivial File Transfer Protocol)
80 HTTP (Hypertext Transfer Protocol)
110 POP3 (Post Office Protocol version 3)
119 NNTP (Network News Transport Protocol)
123 NTP (Network Time Protocol)
143 IMAP4 (Internet Message Access Protocol version 4)
443 HTTPS (Hypertext Transfer Protocol Secure)
2.13 Identify the purpose of network services and protocols (for example, DNS (Domain
Name Service), NAT (Network Address Translation), ICS (Internet Connection Sharing),
WINS (Windows Internet Name Service), SNMP (Simple Network Management Protocol),
NFS (Network File System), Zeroconf (Zero configuration), SMB (Server Message Block),
AFP (Apple File Protocol) and LPD (Line Printer Daemon))
What you need to know
✓
✓
✓
✓
✓
✓
✓
Understand IPv4 and IPv6 addressing
Understand the function of default gateways
Identify the function and purpose of subnetting
Identify the differences between public and private networks
Identify the function of protocols within the TCP/IP protocol suite
Identify the ports associated with common network services
Understand the function of various network services
06 2548 ch05 5/16/05 12:29 PM Page 113
Without question, the TCP/IP protocol suite is the most widely implemented protocol on networks today. As such, it is a focus on the Network+ exam.
To pass the exam, you will definitely need to understand the material presented in this chapter.
This chapter deals with the individual protocols within the protocol suite.
The chapter looks at the function of the individual protocols and their purposes. It starts by discussing one of the more complex facets of TCP/IP— addressing.
IP addressing is one of the most challenging aspects of TCP/IP and one that can leave even the most seasoned network administrators scratching their heads. Fortunately, the Network+ exam requires only a fundamental knowledge of IP addressing. The following sections look at how IP addressing works for both IPv4 and the newest version of the IP, IPV6.
To communicate on a network using the TCP/IP protocol, each system has to be assigned a unique address. The address defines both the number of the network to which the device is attached and the number of the node on that network. In other words, the IP address provides two pieces of information.
It’s a bit like a street name and a house number of a person’s home address.
Each device on a logical network segment must have the same network address as all the other devices on the segment. All the devices on that network segment must then have different node addresses.
In IP addressing, another set of numbers, called a subnet mask, is used to define which portion of the IP address refers to the network address and which refers to the node address.
IP addressing is different in IPv4 and IPv6. We’ll begin our discussion by looking at IPv4, as IPv6 networks are still few and far between.
An IPv4 address is composed of four sets of 8 binary bits, which are referred to as
octets
. The result is that IP addresses are 32 bits in length. Each bit in each octet is assigned a decimal value. The leftmost bit has a value of 128, followed by 64, 32, 16, 8, 4, 2, and 1, left to right.
113
06 2548 ch05 5/16/05 12:29 PM Page 114
114
Each bit in the octet can be either a 1 or a 0. If the value is 1, it is counted as its decimal value, and if it is 0, it is ignored. If all the bits are 0, the value of the octet is 0. If all the bits in the octet are 1, the value is 255, which is
128+64+32+16+8+4+2+1.
By using the set of 8 bits and manipulating the 1s and 0s, you can obtain any value between 0 and 255 for each octet.
Table 5.1 shows some examples of decimal-to-binary value conversions.
Table 5.1
Decimal-to-Binary Value Conversions
Decimal Value Binary Value Decimal Calculation
10
192
205
223
00001010
11000000
11001101
11011111
8+2=10
128+64=192
128+64+8+4+1=205
128+64+16+8+4+2+1=223
IP addresses are grouped into logical divisions called
classes.
In the IPv4 address space, there are five address classes (A through E), although only three (A, B, C) are used for assigning addresses to clients. Class D is reserved for multicast addressing, and Class E is reserved for future development.
Of the three classes available for address assignments, each uses a fixedlength subnet mask to define the separation between the network and the node address. A Class A address uses only the first octet to represent the network portion, a Class B address uses two octets, and a Class C address uses the first three octets. The upshot of this system is that Class A has a small number of network addresses, but each class A address has a very large number of possible host addresses. Class B has a larger number of networks, but each class B address has a smaller number of hosts. Class C has an even larger number of networks, but each Class C address has an even smaller number of hosts. The exact numbers are provided in Table 5.2.
(continued)
06 2548 ch05 5/16/05 12:29 PM Page 115
Range
192–223
224–239
240–255
Number of
Networks
2,097,152
NA
NA
Binary
Value of
First Octet
110xxxxx
1110xxxx
1111xxxx
Notice in Table 5.2 that the network number 127 is not included in any of the ranges.
The 127 network ID is reserved for the local loopback. The local loopback is a function of the protocol suite used in the troubleshooting process.
For the Network+ exam, you should be prepared to identify into which class a given address falls. You should also be prepared to identify the loopback address.
Like an IP address, a
subnet mask
is most commonly expressed in a 32-bit dotted-decimal format. Unlike an IP address, though, a subnet mask performs just one function: It defines which parts of the IP address refer to the network address and which refer to the node address. Each of the classes of IP address used for address assignment has a standard subnet mask associated with it. The default subnet masks are listed in Table 5.3.
Table 5.3
Default Subnet Masks Associated with IP Address Classes
Address Class
A
B
C
Default Subnet Mask
255.0.0.0
255.255.0.0
255.255.255.0
Default gateways
are the means by which a device can access hosts on other networks for which it does not have a specifically configured route. Most workstation configurations actually just use a default gateway rather than having any static routes configured. Such a configuration is practical because
115
06 2548 ch05 5/16/05 12:29 PM Page 116
116
workstations are typically only connected to one network, and thus have only one way off that network.
When a system wants to communicate with another device, it first determines whether the host is on the local network or a remote network. If the host is on a remote network, the system looks in the routing table to determine whether it has an entry for the network that the remote host is on. If it does, it uses that route. If it does not, the data is sent to the default gateway.
In essence, the default gateway is simply the path out of the network for a given device.
If a system is not configured with any static routes or a default gateway, it is limited to operating on its own network segment.
Although IPv4 has served us well for a number of years, it is finally starting to reach its end. The main problem with IPv4 is simply that the demand for
IP addresses outweighs what IPv4 is capable of providing. That is where
IPv6 comes in.
By far, the most significant aspect of IPv6 is its addressing capability. The address range of IPv4 is nearly depleted, and it is widely acknowledged that we are just at the beginning of the digital era. Therefore, we need an addressing scheme that offers more addresses than can possibly be used in the foreseeable future. IPv6 delivers exactly that. Whereas IPv4 uses a 32-bit address, IPv6 uses a 128-bit address that yields a staggering
340,282,366,920,938,463,463,374,607,431,768,211,456 possible addresses!
IPv6 addresses are expressed in a different format from those used in IPv4.
An IPv6 address is composed of eight octet pairs expressed in hexadecimal, separated by colons. The following is an example of an IPv6 address:
42DE:7E55:63F2:21AA:CBD4:D773:CC21:554F
Be ready to identify both a valid IPv4 and IPv6 address for the Network+ exam.
06 2548 ch05 5/16/05 12:29 PM Page 117
Now that you have looked at how IP addresses are used, you can learn the process of subnetting.
Subnetting
is a process by which the node portions of an IP address are used to create more networks than you would have if you used the default subnet mask.
To illustrate subnetting, let’s use an example. Suppose that you have been assigned the Class B address
150.150.0.0
. Using this address and the default subnet mask, you could have a single network (
150.150
) and use the rest of the address as node addresses. This would give you a large number of possible node addresses, which in reality is probably not very useful. With subnetting, you use bits from the node portion of the address to create more network addresses. This reduces the number of nodes per network, but chances are, you will still have more than enough.
There are two main reasons for subnetting. First, it allows you to use IP address ranges more effectively. Second, it provides increased security and manageability to IP networking by providing a mechanism to create multiple networks rather than having just one. Using multiple networks confines traffic to only the network that it needs to be on, which reduces overall network traffic levels. Multiple subnets also create more broadcast domains, which in turn reduces network wide broadcast traffic.
Subnetting does not increase the number of IP addresses available. It increases the number of network IDs and, as a result, decreases the number of node IDs per network. It also creates more broadcast domains—broadcasts are not forwarded by routers, so they are limited to just the network on which they originate.
IP addressing involves many considerations, not least important of which are public and private networks. A
public network
is a network to which anyone can connect. The best, and perhaps only pure, example of such a network is the Internet. A
private network
is any network to which access is restricted. A corporate network or a network in a school are examples of private networks.
117
06 2548 ch05 5/16/05 12:29 PM Page 118
118
The Internet Assigned Numbers Authority (IANA) is responsible for assigning IP addresses to public networks, however, because of the workload involved in maintaining the systems and processes to do this, they have delegated the assignment process to a number of regional authorities. For more information, visit http://www.iana.org/ipaddress/ip-addresses.htm.
The main difference between public and private networks, apart from the fact that access to a private network is tightly controlled and access to a public network is not, is that the addressing of devices on a public network must be considered carefully, whereas addressing on a private network has a little more latitude.
As already discussed, in order for hosts on a network to communicate by using TCP/IP, they must have unique addresses. This number defines the logical network each host belongs to and the host’s address on that network.
On a private network with, say, three logical networks and 100 nodes on each network, addressing is not a particularly complex task. On a network on the scale of the Internet, however, addressing is very complex.
If you are connecting a system to the Internet, you need to get a valid registered IP address. Most commonly, you would obtain this address from your
ISP. Alternatively, for example, if you wanted a large number of addresses, you could contact the organization responsible for address assignment in your geographical area. You can determine who the regional numbers authority for your area is by visiting the IANA website.
Because of the nature of their business, ISPs have large blocks of IP addresses that they can assign to their clients. If you need a registered IP address, getting one from an ISP will almost certainly be a simpler process than going through a regional numbers authority. Some ISPs’ plans actually include blocks of registered IP addresses, working on the principle that businesses are going to want some kind of permanent presence on the Internet. Of course, if you discontinue your service with the ISP, you will no longer be able to use the IP address they provided.
To provide flexibility in addressing and to prevent an incorrectly configured network from polluting the Internet, certain address ranges are set aside for private use. These address ranges are called
private ranges
because they are designated for use only on private networks. These addresses are special because Internet routers are configured to ignore any packets they see that use these addresses. This means that if a private network “leaks” onto the
Internet, it won’t make it any farther than the first router it encounters.
06 2548 ch05 5/16/05 12:29 PM Page 119
Three ranges are defined in RFC 1918—one each from Classes A, B, and C.
You can use whichever range you want, although the Class A and Class B address ranges offer more addressing options than does Class C. The address ranges are defined in Table 5.4.
Table 5.4
Private Address Ranges
Class
A
B
C
Address Range
10.0.0.0
–
10.255.255.255
172.16.0.0
–
172.31.255.255
192.168.0.0
–
192.168.255.255
Default Subnet Mask
255.0.0.0
255.255.0.0
255.255.255.0
119
Having established the need for each system on a TCP/IP based network to have a unique address, we can now go on to look at how those systems receive their addresses.
Static addressing
refers to the manual assignment of IP addresses to a system.
There are two main problems with this approach. Statically configuring one system with the correct address is simple, but in the course of configuring, say, a few hundred systems, mistakes are likely to be made. If the IP addresses are entered incorrectly, the system will most likely not be capable of connecting to other systems on the network. Another drawback of static addressing is reconfiguration. If the IP addressing scheme for the organization changes, each system must again be manually reconfigured. In a large organization with hundreds or thousands of systems, such a reconfiguration could take a considerable amount of time. These drawbacks to static addressing are so significant that nearly all networks use dynamic IP addressing.
Dynamic addressing
refers to the assignment of IP addresses automatically. On modern networks the mechanism used to do this is the Dynamic Host
Configuration Protocol (DHCP). DHCP is a protocol, part of the TCP/IP protocol suite, which enables a central system to provide client systems with
IP addresses. Assigning addresses automatically with DHCP alleviates the burden of address configuration and reconfiguration that occurs with static
IP addressing.
06 2548 ch05 5/16/05 12:29 PM Page 120
120
The basic function of the DHCP service is to automatically assign IP addresses to client systems. To do this, ranges of IP addresses, known as
scopes
, are defined on a system that is running a DHCP server application.
When another system configured as a DHCP client is initialized, it asks the server for an address. If all things are as they should be, the server assigns an address to the client for a predetermined amount of time, which is known as the
lease,
from the scope.
A DHCP server can typically be configured to assign more than just IP addresses; they are often used to assign the subnet mask, the default gateway, and Domain Name Service (DNS) information.
Using DHCP means that administrators do not have to manually configure each client system with a TCP/IP address. This removes the common problems associated with statically assigned addresses such as human error. The potential problem of assigning duplicate IP addresses is also eliminated.
DHCP also removes the need to reconfigure systems if they move from one subnet to another, or if you decide to make a wholesale change of the IP addressing structure.
DHCP is a protocol-dependant service, not a platform dependent service. This means that you can use, for example, a Linux DHCP server for a network with Windows clients or a Novell
DHCP server with Linux clients.
Like DHCP, BOOTP is a broadcast-based system. Therefore, routers must be configured to forward BOOTP broadcasts. Today, it is far more likely that
DHCP, rather than BOOTP, is used.
Automatic Private IP addressing (APIPA) is a feature introduced with
Windows 98, and has been included in all subsequent Windows versions.
The function of APIPA is that a system is capable of providing itself with an
IP address in the event that it is incapable of receiving an address dynamically from a DHCP server. In such an event, APIPA assigns the system an address from the
169.254.0.0
address range and configures an appropriate subnet mask (
255.255.0.0
). However, it doesn’t configure the system with a default gateway address. As a result, communication is limited to the local network.
06 2548 ch05 5/16/05 12:30 PM Page 121
If a system that does not support APIPA is unable to get an address from a DHCP server, it will typically assign itself an IP address of
0.0.0.0
. Keep this in mind when troubleshooting IP addressing problems on non-APIPA platforms.
121
The idea behind APIPA is that systems on a segment can communicate with each other in the event of DHCP server failure. In reality, the limited usability of APIPA makes it little more than a last resort measure. For example, imagine that a system is powered on while the DHCP server is operational and receives an IP address of
192.168.100.2
. Then the DHCP server fails.
Now, if the other systems on the segment are powered on and are unable to get an address from the DHCP server because it is down, they would selfassign addresses in the
169.254.0.0
address range via APIPA. The systems with APIPA addresses would be able to talk to each other, but they couldn’t talk to a system that received an address from the DHCP server. Likewise, any system that received an IP address via DHCP would be unable to talk to systems with APIPA assigned addresses. This, and the absence of a default gateway, is why APIPA is of limited use in real-world environments.
The TCP/IP protocol suite is made up of many different protocols, each of which performs a specific task or function. CompTIA identifies a number of these protocols in the objectives for the Network+ exam. The following sections look at the functions of these protocols and their purposes.
The IP protocol is a network layer protocol responsible for transporting data between network devices and for handling IP addressing. IP is a connectionless protocol, meaning that data delivery is not guaranteed; it takes the besteffort approach.
TCP functions at the transport layer of the OSI model and is a connectionoriented protocol that uses IP as its network protocol. Being connection-oriented means that TCP establishes a mutually acknowledged session between two hosts before communication takes place. TCP provides reliability to IP communications. Specifically, TCP adds features such as flow control, sequencing, and error detection and correction. For this reason, higher-level applications that need guaranteed delivery use TCP rather than its lightweight and connectionless brethren, the User Datagram Protocol (UDP).
06 2548 ch05 5/16/05 12:30 PM Page 122
122
UDP operates at the transport layer of the OSI model and performs functions similar to that of TCP, with one notable difference; UDP is a connectionless protocol and does not guarantee data delivery. Both TCP and UDP use IP as its transport protocol.
Because UDP does not need to guarantee data delivery it is much more efficient than TCP, so for applications that don’t need the added features of
TCP, UDP is much more economical in terms of bandwidth and processing effort. A good example of UDP is an online radio station that sends data but does not confirm data delivery.
The FTP protocol is an application layer protocol that provides a method for uploading and downloading files from a remote system running FTP server software. FTP uses the TCP transport protocol to guarantee the delivery of data packets.
FTP has some basic security capabilities, such as a capability to authenticate users. However, rather than create a user account for every user, you can configure FTP server software to accept anonymous logons. When you do this, the username is anonymous, and the password is normally the user’s email address. Most FTP servers that offer files to the general public operate in this way.
FTP is popular for distributing files over the Internet but is also used within organizations that need to frequently exchange large files with other people or organizations that find it impractical to use regular email.
One significant issue with FTP is that usernames and passwords are communicated between client and host in clear text. This is a potential security concern. For this reason, secure methods of copying files such as SFTP, discussed later, are becoming more commonly used.
FTP is platform independent, meaning that all the common network operating systems offer FTP server capabilities. In addition, all commonly used client operating systems offer FTP client functionality. Alternatively, thirdparty utilities such as SmartFTP and CuteFTP are often used.
There are several commands that can be used with FTP; you are expected to understand these commands for the Network+ exam. Table 5.5 lists the commands that are used with the FTP protocol.
06 2548 ch05 5/16/05 12:30 PM Page 123
Table 5.5
Command
FTP Commands
Purpose ls cd lcd put get mput mget binary ascii
Lists the files in the current directory on the remote system.
Changes the working directory on the remote host.
Changes the working directory on the local host.
Uploads a single file to the remote host.
Downloads a single file from the remote host.
Uploads multiple files to the remote host.
Downloads multiple files from the remote host.
Switches transfers into binary mode.
Switches transfers into ASCII mode (the default).
One of the big problems associated with FTP is that it transmits data between sender and receiver in an unencrypted format. The solution is the
Secure File Transfer Protocol, which is based on Secure Shell (SSH) technology. SSH provides robust authentication between sender and receiver, in addition to encryption capabilities.
SFTP is implemented through client and server software that is available for all commonly used computing platforms.
A variation on FTP is TFTP, which is also a file transfer mechanism. FTP and TFTP are both application layer protocols; however, TFTP does not have the rudimentary security capability or the level of functionality that
FTP has. TFTP uses only UDP as a transport protocol, making it a
connectionless
protocol. As such, it has a lower overhead than FTP.
The biggest difference between TFTP and FTP is that TFTP is a connectionless protocol, using only the UDP transport protocol.
123
Another feature that TFTP does not offer is directory navigation. In FTP, commands can be executed to navigate around and manage the file system;
TFTP offers no such capability. TFTP requires that you request not only exactly what you want, but also from what specific location.
06 2548 ch05 5/16/05 12:30 PM Page 124
124
The SMTP protocol defines how mail messages are sent between hosts.
SMTP is a connection-oriented protocol; it uses TCP connections to guarantee error-free delivery of messages. SMTP is not overly sophisticated and requires that the destination host always be available. For this reason, mail systems spool incoming mail so that users can read it at a later time. How the user then reads the mail depends on how the client accesses the SMTP server. SMTP is an application layer protocol. Today, SMTP is often used to send email between servers, whereas another protocol such as POP3 or
IMAP4 is used to download the email from the server to a client system.
In practical uses, HTTP is the protocol that allows text, graphics, multimedia, and other material to be downloaded from an HTTP server (commonly called a Web server). HTTP defines which actions clients can request and how servers should answer those requests. HTTP uses TCP as a transport protocol, making it a connection-oriented protocol. However, it can also use
UDP for certain functions.
HTTP uses a uniform resource locator (URL) to determine which page should be downloaded from the remote server. The URL contains the type of request (for example, http://), the name of the server being contacted (for example, www.novell.com), and optionally the page being requested (for example, /support). The result is the syntax that Internet-savvy people are familiar with: http://www.novell.com/support. HTTP functions at the application layer of the OSI model.
Normal HTTP requests are sent in clear text, and for some Internet transactions such as online banking or e-commerce, this poses a significant security problem. The solution for such applications is to use the HTTPS protocol. HTTPS uses a security technology known as
Secure Sockets Layer
(SSL)
, which encrypts the information sent between the client and the host.
You can tell when you are accessing a page with HTTPS because the URL will have an HTTPS:// address as opposed to ‘plain’ HTTP, which uses an address of HTTP://. An example of an HTTPS URL address is https://www.nationalonlinebank.com.
Like HTTP, HTTPS uses the TCP transport protocol and operates at the application layer of the OSI model.
06 2548 ch05 5/16/05 12:30 PM Page 125
Both POP3 and IMAP4 are mechanisms for downloading, or pulling, email from a mail server. They are necessary because, although the mail is transported around the network via SMTP, users cannot always read it immediately so it must be stored in a central location. From this location, it must then be downloaded, which is what POP3 and IMAP4 allow you to do.
One of the problems with POP3 is that the password used to access a mailbox is transmitted across the network in clear text. That means if someone wanted to, he could determine your POP3 password with relative ease. This is an area in which IMAP4 offers an advantage over POP3. It uses a more sophisticated authentication system, which makes it harder for someone to determine a password.
The function of Telnet is to allow the establishment of sessions on a remote host. A user can then execute commands on that remote host as if he were physically sitting at the system. Telnet is widely used to access UNIX and
Linux systems, as well as to administer some managed networking equipment such as switches or routers. Telnet uses TCP as a transport layer protocol and functions at the application layer of the OSI model.
One of the problems with Telnet is that it is not secure. As a result, remote session functionality is now almost always achieved by using alternatives such as Secure
Shell (SSH) .
125
Secure Shell (SSH) is a secure alternative to Telnet. SSH provides security by encrypting data as it travels between systems. It also provides more robust authentication systems than Telnet.
Although SSH, like Telnet, is primarily associated with UNIX and Linux systems, implementations of SSH are available for all commonly used computing platforms including Windows and Macintosh. As discussed earlier, SSH is the foundational technology for the Secure File Transfer Protocol (SFTP).
ICMP is a protocol that works with IP to provide error checking and reporting functionality. In effect, ICMP is a tool that IP uses in its quest to provide best-effort delivery. ICMP functions at the network layer of the OSI model.
06 2548 ch05 5/16/05 12:30 PM Page 126
126
ICMP can be used for a number of functions. Its most common is probably the widely used and incredibly useful ping utility. ping sends a stream of
ICMP echo requests to a remote host. If the host is able to respond, it does so by sending echo reply messages back to the sending host. In that one simple process, ICMP enables the verification of the protocol suite configuration of both the sending and receiving nodes and any intermediate networking devices.
The basic function of the ARP protocol is to resolve IP addresses to Media
Access Control (MAC) addresses. When a system attempts to contact another host, IP first determines whether the other host is on the same network it is on by looking at the IP address. If IP determines that the destination is on the local network, it consults the ARP cache to determine whether it has a corresponding entry.
The function of ARP is to resolve IP addresses to MAC addresses or layer 2 addresses.
If there is not an entry for the host in the ARP cache, IP sends a broadcast on the local network, asking the host with the target IP address to send back its MAC address. The communication is sent as a broadcast because without the target system’s MAC address, the source system is unable to communicate directly with the target system.
The Reverse Address Resolution Protocol (RARP) performs the same function as ARP, but in reverse. In other words, it resolves MAC addresses to IP addresses. RARP makes it possible for applications or systems to learn their own IP address from a router or DNS server. Such a resolution comes in handy for tasks such as performing reverse lookups in DNS.
NTP uses the TCP transport protocol and is the protocol that facilitates the communication of time information between systems. The idea is that one system configured as a time provider transmits time information to other systems that can be both the time receivers and the time providers to other systems.
06 2548 ch05 5/16/05 12:30 PM Page 127
The Network News Transfer Protocol (NNTP) is a protocol associated with posting and retrieving messages from newsgroups. A newsgroup is the name given to a discussion forum that is hosted on a remote system. By using
NNTP client software, similar to that included with many common email clients, users can post, reply, and retrieve messages.
NNTP is an application layer protocol that uses TCP as its transport mechanism.
The Secure Copy Protocol (SCP) is another protocol based on Secure Shell
(SSH) technology. SCP provides a secure means to copy files between systems on a network. By using SSH technology, it encrypts data as it travels across the network, thereby securing it from eavesdropping. It is intended as a more secure substitute for the Remote Copy Protocol (RCP). SCP is most commonly associated with UNIX or Linux platforms, though it is available as a command-line utility or as part of application software for most commonly used computing platforms. SCP operates at the application layer of the OSI model.
The Lightweight Directory Access Protocol (LDAP) is a protocol that provides a mechanism to access and query directory services systems. In the context of the Network+ exam, these directory services systems are most likely to be Novell Directory Services (NDS) and Microsoft’s Active Directory.
Although LDAP supports command-line queries that are executed directly against the directory database, most LDAP interactions will be via utilities such as an authentication program (network logon) or locating a resource in the directory through a search utility. LDAP operates at the application layer of the OSI model.
The Internet Group Management Protocol (IGMP) protocol is associated with the process of multicasting. Multicasting is a mechanism by which groups of network devices can send and receive data between the members of the group at one time, rather than separately sending messages to each device in the group.
The IGMP protocol is used to register devices into a multicast group, as well as to discover what other devices on the network are members of the same multicast group. Common applications for multicasting include groups of
127
06 2548 ch05 5/16/05 12:30 PM Page 128
128
routers on an internetwork and videoconferencing clients. IGMP operates at the network layer of the OSI model.
The Line Printer Remote (LPR) protocol provides a means to connect to print servers on a network. It is a generic printing protocol supported by all commonly used operating systems including UNIX, Windows, and Linux.
To make use of LPR, client software is installed on a system. When a file is sent to print, it is channeled over the network by LPR to a print server or printer. That server or printer runs a print server program, normally the
Line Printer Daemon (LPD), which accepts the LPR information and adds that job to the print queue. LPR operates at the application layer of the OSI model.
The details of each of the protocols discussed in the preceding sections are summarized in Table 5.6. You can use this table for review before you take the Network+ exam.
Table 5.6
TCP/IP Protocol Suite Summary
Protocol
IP
TCP
UDP
FTP
SFTP
Full Name
Internet
Protocol
Transmission
Control
Protocol
User
Datagram
Protocol
File Transfer
Protocol
Secure File
Transfer
Protocol
Description
Connectionless protocol used for moving data around a network.
Connection-oriented protocol that offers flow control, sequencing, and retransmission of dropped packets.
Connectionless alternative to TCP that is used for applications that do not require the functions offered by TCP.
Protocol for uploading and downloading files to and from a remote host; also accommodates basic file-management tasks.
Protocol that performs a similar function to FTP, but provides more secure authentication and encryption mechanisms.
OSI Layer
Network
Transport
Transport
Application
Application
(continued)
06 2548 ch05 5/16/05 12:30 PM Page 129
Table 5.6
Protocol
TFTP
SMTP
HTTP
HTTPS
ICMP
TCP/IP Protocol Suite Summary
(continued)
Full Name Description
Trivial File
Transfer
Protocol
File transfer protocol that does not have the security or error-checking capabilities of FTP; uses UDP as a transport protocol and is therefore connectionless.
Mechanism for transporting email across networks.
POP3/IMAP4
Telnet
SSH
Simple Mail
Transfer
Protocol
Hypertext
Transfer
Protocol
Hypertext
Transfer
Protocol
Secure
Post Office
Protocol version 3/
Internet
Message
Access
Protocol version 4
Telnet
Secure Shell
Protocol for retrieving files from a
Web server.
Secure protocol for retrieving files from a Web server.
Used for retrieving email from a server on which the mail is stored.
Allows sessions to be opened on a remote host.
Like Telnet, allows sessions to be opened on a remote host, but provides authentication and encryption capabilities.
Used for error reporting, flow control, and route testing.
ARP
Internet
Control
Message
Protocol
Address
Resolution
Protocol
Resolves IP addresses to MAC addresses, to enable communication between devices.
OSI Layer
Application
Application
Application
Application
Application
Application
Application
Network
Network
(continued)
129
06 2548 ch05 5/16/05 12:30 PM Page 130
130
Table 5.6
Protocol
RARP
NTP
NNTP
SCP
LDAP
IGMP
LPR
TCP/IP Protocol Suite Summary
(continued)
Full Name Description
Reverse
Address
Resolution
Protocol
Network
Time Protocol
Resolves MAC addresses to IP addresses.
Network News
Transport
Protocol
Secure Copy
Protocol
Used to communicate time synchronization information between devices.
Protocol used for accessing and downloading messages from Internetbased newsgroups.
Protocol that uses Secure Shell
(SSH) technology to provide a safe way to copy files between systems.
Provides a mechanism to access directory services systems.
Lightweight
Directory
Access
Protocol
Internet Group
Management
Protocol
Line Printer
Remote
Protocol used for communication between devices in a multicast group.
Provides a mechanism to send printing tasks to a print server.
OSI Layer
Network
Application
Application
Application
Application
Network
Application
Each TCP/IP protocol or application has a port associated with it. When a communication is received, the target port number is checked to determine which protocol or service it is destined for. The request is then forwarded to that protocol or service. Take, for example, HTTP, whose assigned port number is
80
. When a Web browser forms a request for a web page, the request is sent to port
80 on the target system. When the target system receives the request, it examines the port number and when it sees that the port is
80
, it forwards the request to the Web server application.
TCP/IP has 65,535 ports available with
0 to
1023 being labeled as the wellknown ports. Although a detailed understanding of the 65,535 ports is not necessary for the Network+ exam, it is important to understand the numbers of some of the well-known ports, as administration often requires you to
06 2548 ch05 5/16/05 12:30 PM Page 131 specify port assignments when working with applications and configuring services. Table 5.7 shows some of the most common port assignments.
For the Network+ exam, you should concentrate on the information provided in this table, and you should be able to answer any port-related questions you might receive.
131
Table 5.7
Protocol
FTP
FTP
SSH
Telnet
SMTP
DNS
TFTP
HTTP
POP3
NNTP
NTP
IMAP4
HTTPS
TCP/IP Port Assignments for Commonly Used Protocols
Port Assignment
25
53
69
80
20
21
22
23
110
119
123
143
443
The term
well-known ports
identifies the ports ranging from
0
to
1023
. When
CompTIA states “identify the well-known ports,” this is what it is referring to.
You might have noticed in Table 5.7 that two ports are associated with FTP. Port
20
is considered the data port, whereas Port
21
is considered the control port. In practical use, FTP connections use port
21
. Port
20
is rarely used in modern implementations.
Network services provide the ability to manage and administer TCP/IPbased networks. Today, it is quite likely that a network of any size will use a number of network services, making them an important component of
06 2548 ch05 5/16/05 12:30 PM Page 132
132
network administration. The following sections discuss each of the network services covered on the CompTIA exam.
For the Network+ exam, be prepared to identify the function of the network services discussed in this chapter.
The function of the DNS service is to resolve hostnames, such as server1.examcram.com, to IP addresses. Such a resolution system makes it possible for people to remember the names of, and refer to frequently used hosts, using the easy-to-remember hostnames rather than the hard-toremember IP addresses.
When hostnames are expressed with the domain they belong to, and with any other domain identifiers, they are referred to as Fully Qualified Domain Names (FQDN). For example, if the hostname is
server1
and it resides in the domain
examcram.com
, the
FQDN for the host would be
Server1.examcram.com
.
Similar to other TCP/IP-based services, DNS is a platform-independent protocol. Therefore, it can be used on Linux, UNIX, Windows, NetWare, and almost every other platform.
On networks where there is no DNS server, it is possible to resolve hostnames to IP address using the
HOSTS
file; however, such environments are becoming increasingly rare. All common network operating systems now include DNS server application software.
The HOSTS file is a text file, found on almost all PC operating systems, in which you can place hostname-to-IP-address resolution information. When
HOSTS files are used, it’s up to the administrator to manually make changes to the file if needed.
This factor alone is sufficient to make the installation of a DNS server an obvious choice.
On the Network+ exam, you might be asked to identify the purpose and function of a HOSTS file and a DNS server. Both are responsible for resolving hostnames to IP addresses.
06 2548 ch05 5/16/05 12:30 PM Page 133
NAT and ICS are two strategies that enable networks to access the Internet through a single connection. Having a single access point for the network enables an organization to have Internet access with a single IP address.
The basic principle of NAT is that many computers can “hide” behind a single registered IP address or a group of registered IP addresses. Using NAT means that, in its most basic implementation, only one registered IP address is needed on the external interface of the system that is acting as the gateway between an internal private network and an external public network such as the Internet.
A system performing the NAT service funnels the requests that are given to it to the external network. For instance, a client requests a website, and the request goes through the NAT server to the Internet. To the remote system, the request looks like it is originating from a single address, that of the NAT server, and not the individual client systems making the request. The system that is performing the NAT function keeps track of who asked for what and makes sure that when the data is returned, it is directed to the correct system.
Servers that provide NAT functionality do so in different ways. For example, it is possible to statically map a single internal IP address to a single external one so that outgoing requests are always tagged with the same IP address.
Alternatively, if you have a group of public IP addresses, you can have the
NAT system assign addresses to devices on a first-come, first-serve basis.
Either way, the basic function of NAT is the same.
Although ICS is discussed separately from NAT, it is nothing more than an implementation of NAT on Windows platforms since Windows Me. ICS makes it very simple to share an Internet connection with multiple systems on the network.
Because ICS was intended as a simple mechanism for a small office network or a home network to share a single Internet connection, configuration is simple. However, simplicity is also the potential downfall of ICS. ICS provides no security, and the system providing the shared connection is not secure against outside attacks. For that reason, ICS should be used only when no other facilities are available or in conjunction with a firewall application, which later versions of Microsoft Windows, such as XP, now include.
133
06 2548 ch05 5/16/05 12:30 PM Page 134
134
On Windows networks, a system called WINS enables Network Basic
Input/Output System (NetBIOS) names to be resolved to IP addresses.
NetBIOS name resolution is necessary on Windows networks so that systems can locate and access each other by using the NetBIOS computer name rather than the IP address. It’s a lot easier for a person to remember a computer called
secretary
than to remember its IP address,
192.168.2.34
. The
NetBIOS name needs to be resolved to an IP address and subsequently to a
MAC address (by ARP).
NetBIOS name resolution can be performed three ways on a network. The simplest way is to use a WINS server on the network that will automatically perform the NetBIOS name resolution. If a WINS server is not available, the NetBIOS name resolution can be performed statically using a
LMHOSTS file. Using a LMHOSTS file requires that you manually configure at least one text file with the entries. As you can imagine, this can be a time-consuming process, particularly if the systems on the network change frequently. The third method, and the default, is that systems will resolve
NetBIOS names using broadcasts. There are two problems with this approach. First, the broadcasts create additional network traffic, and second, the broadcasts cannot traverse routers unless the router is configured to forward them. This means that resolutions between network segments are not possible.
SNMP is a management protocol that enables network devices to communicate information about their state to a central system. It also enables the central system to pass configuration parameters to the devices.
In an SNMP configuration, a system known as a
manager
acts as the central communication point for all the SNMP-enabled devices on the network. On each device that is to be managed and monitored via SNMP, software called an
SNMP agent
is set up and configured with the IP address of the manager.
Depending on the configuration, the SNMP manager is then capable of communicating with and retrieving information from the devices running the SNMP agent software. In addition, the agent is able to communicate the occurrence of certain events to the SNMP manager as they happen. These messages are known as
traps
.
06 2548 ch05 5/16/05 12:30 PM Page 135
The messages sent by SNMP agents to an SNMP management system are called
‘trap’ messages.
135
An important part of SNMP is an
SNMP management system,
which is a computer running a special piece of software called a
Network Management System
(NMS)
. These software applications can be free, or they can cost thousands of dollars. The difference between the free applications and those that cost a great deal of money normally boils down to functionality and support. All
NMS systems, regardless of cost, offer the same basic functionality. Today, most NMS applications use graphical maps of the network to locate a device and then query it. The queries are built in to the application and are triggered by a point and click. You can actually issue SNMP requests from a command-line utility, but with so many tools available, it is simply not necessary.
An SNMP agent can be any device capable of running a small software component that facilitates communication with an SNMP manager. SNMP agent functionality is supported by almost any device designed to be connected to a network.
The Network File System (NFS) is a protocol and network service that allows you to access file systems on remote computers across the network.
NFS is most commonly associated with UNIX and Linux operating system platforms, but versions of NFS are available for a wide range of server operating systems including Microsoft Windows. From a client perspective,
UNIX and Linux implementations use NFS as the default file system access mechanism. However, versions of NFS client software are also available for most commonly deployed workstation operating systems.
NFS is the default file access and sharing protocol used on Linux and UNIX systems.
Zero Configuration (Zeroconf) provides a means of networking computer systems together without requiring specific network configuration. This
06 2548 ch05 5/16/05 12:30 PM Page 136
136
approach is becoming increasingly necessary as we use a larger number and wider variety of computing devices in a networked scenario.
There are three basic requirements for a system to support Zeroconf. First, the system must be capable of assigning itself an IP address without the need for a DHCP server. Second, the system must be capable of resolving the hostname of another system to an IP address without the use of a DNS server. Finally, a system must be capable of locating or advertising services on the network without a directory services system such as Microsoft’s Active
Directory or Novell Directory Services. Currently, Zero Configuration is supported, with additional software, by Mac and Windows operating systems, as well as by Linux and UNIX.
For the exam, remember that the three requirements of Zeroconf are a capability to self-assign an IP address, a capability to independently resolve hostnames, and a mechanism for independently locating services on the network.
Server Message Block (SMB) is an application and presentation layer protocol that provides a mechanism to access shared network resources such as files or printers on network servers. SMB is the default file access method used on Windows networks. Today, SMB is more commonly referred to as the Common Internet File System (CIFS), though the functionality remains the same. On a network that uses Windows servers and clients, administrators access the functionality of SMB through Windows Explorer and the command line NET utility.
Samba enables UNIX and Linux servers to provide file and print services to Windows clients. No additional client configuration or software is required.
SMB is the default file access and sharing protocol for Windows-based systems.
The Apple File Protocol (AFP), more correctly called the AppleTalk Filing
Protocol, is to Apple systems what NFS is to Linux/UNIX systems, and
06 2548 ch05 5/16/05 12:30 PM Page 137
SMB or CIFS is to Windows Systems. It is a protocol through which the file system on remote computers can be accessed. AFP is not widely used outside of Apple networks, and unless you are working on networks that use Apple
Macintosh systems, you are unlikely to encounter AFP.
AFP is the default file access and sharing protocol for Apple Macintosh systems.
137
The Line Printer Daemon (LPD) protocol provides print services on both client and server systems. The most common use of LPD is as a print server and client on UNIX and Linux systems. As well as providing the basic print mechanisms, LPD supports a set of commands that enable the print queue to be controlled. It also provides commands for controlling print jobs once they have been placed in the print queue.
Table 5.8 helps you quickly identify the purpose and function of each of the
TCP/IP services covered in the previous sections.
Table 5.8
Summary of TCP/IP Services
Service
DNS
NAT
ICS
WINS
SNMP
NFS
Zeroconf
SMB
AFP
LPD
Purpose/Function
Resolves hostnames to IP addresses.
Translates private network addresses into public network addresses.
Enables a single Internet connection to be shared among multiple systems on the network.
Resolves NetBIOS names to IP addresses.
Provides network management facilities on TCP/IP-based networks.
Service that provides file sharing between server and client. Typically associated with UNIX and Linux operating systems, but versions are available for most commonly deployed operating systems.
Provides a system by which devices can communicate with no network configuration or setup.
Application and presentation layer protocol that provides access to file and print services on server platforms that provide SMB access.
Provides remote file system access on Apple networks.
Printing service that provides both server and client printing functions.
06 2548 ch05 5/16/05 12:30 PM Page 138
138
The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.
For the exam, don’t forget these important concepts:
➤
A Class A address uses only the first octet to represent the network portion, a Class B address uses two octets, and a Class C address uses three octets.
➤
Class A addresses span from 1 to 126 with a default subnet mask of
255.0.0.0
.
➤
Class B addresses span from 128 to 191 with a default subnet mask of
255.255.0.0
.
➤
Class C addresses span from 192 to 223 with a default subnet mask of
255.255.255.0
.
➤
The 127 network ID is reserved for the local loopback.
➤
A valid IPv6 address is
42DE:7E55:63F2:21AA:CBD4:D773:CC21:554F
.
➤
A public network is a network to which anyone can connect, such as the
Internet.
➤
Subnetting enables bits from the node portion of an IP address to be used to create more network addresses.
➤
A private network is any network to which access is restricted. Reserved
IP addresses are
10.0.0.0
,
172.16.0.0 – 172.31.0.0
, and
192.168.0.0
.
➤
Without a default gateway, connectivity is limited to just the local network segment.
➤
IP addresses can be assigned dynamically, via DHCP, or statically. In addition, some platforms such as Windows support APIPA addressing.
➤
On a Windows platform, APIPA assigns addresses from the 169.254.x.x
address range.
➤
DNS resolves hostnames to IP addresses.
➤
NAT/ICS translates private network addresses into public ones.
➤
WINS resolves NetBIOS names to IP addresses.
➤
SNMP provides network-management facilities on TCP/IP-based networks.
➤
SMB, NFS, and AFP are file access/sharing mechanisms used on
Windows, UNIX/Linux and Apple Macintosh, respectively.
06 2548 ch05 5/16/05 12:30 PM Page 139
1. What is the function of ARP?
❑
❑
❑
❑
A. It resolves IP addresses to MAC addresses.
B. It resolves NetBIOS names to IP addresses.
C. It resolves MAC addresses to IP addresses.
D. It resolves hostnames to IP addresses.
2. As the network administrator, you decide to block port
80
. Which of the following services will be unavailable for network users?
❑
❑
❑
❑
A. DNS
B. POP3
C. FTP
D. HTTP
3. Which of the following addresses is a Class B address?
❑
❑
❑
❑
A.
B.
C.
D.
129.16.12.200
126.15.16.122
211.244.212.5
193.17.101.27
4. You are the administrator for a network with 2 Windows Server 2003 systems and 65 Windows XP Professional systems. At 10 a.m., three users call to report that they are experiencing network connectivity problems. Upon investigation, you determine that the DHCP server has failed. How can you tell that the DHCP server failure is the cause of the connectivity problems experienced by the three users?
❑
❑
❑
❑
A. When you check their systems, they have an IP address of
0.0.0.0
.
B. When you check their systems, they have an IP address in the
192.168.x.x
address range.
C. When you check their systems, they have a default gateway value of
255.255.255.255
.
D. When you check their systems, they have an IP address from the
169.254.x.x
range.
5. You want to provide a mechanism by which users can securely copy files to and from a remote server. Which of the following are you most likely to use for this purpose? (Choose two.)
❑
❑
❑
❑
A. SCP
B. RCP
C. TFTP
D. SFTP
139
06 2548 ch05 5/16/05 12:30 PM Page 140
140
6. Which of the following IP addresses is not from a private address range?
❑
❑
❑
❑
A.
B.
C.
D.
192.168.200.117
172.16.3.204
127.45.112.16
10.27.100.143
7. You have been tasked with temporarily disabling Telnet access for external users. Which is the best way to accomplish this?
❑
❑
❑
❑
A. Block port 53 on the corporate firewall.
B. Block port 23 on the corporate firewall.
C. Uninstall the Telnet service.
D. Configure ICS to ignore client-initiated Telnet requests.
8. Which of the following layer 4 protocols is used to provide connectionless service?
❑
❑
❑
❑
A. UDP
B. TCP
C. IP
D. FTP
9. Which of the following protocols provides the security for HTTPS?
❑
❑
❑
❑
A. HTTP
B. SSL
C. Telnet
D. TCP
10. Which of the following best describes the function of the default gateway?
❑
❑
❑
❑
A. Provides the route for destinations outside of the local network.
B. Enables a single Internet connection to be used by several users.
C. Identifies the local subnet and formulates a routing table.
D. Used to communicate in a multiple-platform environment.
1. The correct answer is A. The function of ARP is to resolve IP addresses to MAC addresses. Answer B is incorrect; the responsibility for resolving NetBIOS names to IP addresses is a function of WINS or it can be achieved via broadcasts. Answer C describes the function of the
RARP protocol. Resolving hostnames to IP addresses is a function of
DNS; thus, answer D is incorrect.
2. The correct answer is D. This is correct because the HTTP service uses port
80
, so blocking port
80 will prevent users from using the
06 2548 ch05 5/16/05 12:30 PM Page 141
HTTP service. Answer A is incorrect as DNS uses port
53
; answer B is also incorrect, as POP3 uses port
110
; and finally FTP (answer C) is incorrect, as it uses port
21
.
3. The correct answer is A. Class B addresses fall into the range 128 to
191. Therefore, answer A is the only one of the addresses listed that falls into that range. Answer B is a Class A address, and answers C and
D are both Class C IP addresses.
4. The correct answer is D. When a Windows XP Professional system that is configured to obtain an IP address via DHCP fails to obtain an address, it uses APIPA to assign itself an address from the
169.254.x.x
address range. An address of
0.0.0.0
normally results from a system that does not support APIPA failing to get an address via DHCP. The
192.168.x.x
address range is not used by APIPA. The IP address
255.255.255.255
is the broadcast address. A DHCP failure would not lead to a system assigning itself this address.
5. The correct answers are A and D. The Secure Copy Protocol (SCP) uses SSH technology to ensure that authentication information and data are kept secure. The Secure File Transfer Protocol (SFTP) can also be used for that purpose. The Remote Copy Protocol (RCP) and the Trivial File Transfer Protocol (TFTP) are both considered insecure, as they do not encrypt information as it travels across the network.
6. The correct answer is C. The 127.x.x.x network range is reserved for the loopback function. It is not one of the recognized private address ranges. The private address ranges as defined in RFC 1918 are 10.x.x.x,
172.16.x.x–172.31.x.x, and 192.168.x.x.
7. The correct answer is B. By blocking port
23
, you can disable the
Telnet service. Answer A is incorrect, as port
53 is used by DNS.
Uninstalling the Telnet service (answer C) is not a practical solution, and D is an invalid answer.
8. The correct answer is A. UDP provides connectionless service and operates at layer 4 or the transport layer of the OSI model. TCP also operates at layer 4 but provides connection-oriented service. None of the other options function at the transport layer.
9. The correct answer is B. The Secure Socket Layer protocol is used to provide security for HTTPS. HTTP is a insecure version of HTTPS.
Telnet is a protocol used to send or receive files from a remote system.
It is not a security mechanism. TCP is a connection oriented transport protocol. It does not provide security for other protocols.
141
06 2548 ch05 5/16/05 12:30 PM Page 142
142
10. The correct answer is A. The default gateway enables systems on one local subnet to access those on another. Answer B describes Internet
Connection Sharing (ICS). None of the other answers best describe the main function of a default gateway.
Bird, Drew and Harwood, Mike.
Network+ Exam Prep 2
. Que
Publishing, 2005.
Habraken, Joe.
Absolute Beginner’s Guide to Networking,
Fourth
Edition. Que Publishing, 2003.
Sportack, Mark.
TCP/IP First-Step
. Cisco Press, 2004.
Mitch Tulloch, Ingrid Tulloch.
Microsoft Encyclopedia of Networking,
Second Edition
. Microsoft Press. 2002.
Subnetting information—www.howtosubnet.com.
07 2548 ch06 5/16/05 12:30 PM Page 143
6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
2.14 Identify the basic characteristics (for example, speed, capacity, and media) of the following WAN (wide area network) technologies:
✓
✓
✓
✓
Packet switching
Circuit switching
ISDN (Integrated Services Digital Network)
FDDI (Fiber Distributed Data Interface)
✓
✓
✓
✓
T1 (T Carrier level 1)/E1/J1
T3 (T Carrier level 3)/E3/J3
OCx (Optical Carrier)
X.25
2.15 Identify the basic characteristics of the following Internet access technologies:
✓
✓
✓ xDSL (Digital Subscriber Line)
Broadband Cable (Cable modem)
POTS/PSTN (Plain Old Telephone
✓
✓
Service/Public Switched Telephone Network)
Satellite
Wireless
2.16 Define the function of the following remote access protocols and services:
✓
✓
✓
✓
RAS (Remote Access Service)
PPP (Point-to-Point Protocol)
SLIP (Serial Line Internet Protocol)
PPPoE (Point-to-Point Protocol over Ethernet)
✓
✓
✓
PPTP (Point-to-Point Tunneling Protocol)
VPN (Virtual Private Network)
RDP (Remote Desktop Protocol)
2.17 Identify the following security protocols and describe their purpose and function:
✓
✓
✓
IPSec (Internet Protocol Security)
L2TP (Layer 2 Tunneling Protocol)
SSL (Secure Sockets Layer)
✓
✓
✓
WEP (Wired Equivalent Privacy)
WPA (Wi-Fi Protected Access)
802.1x
2.18 Identify authentication protocols (for example, CHAP (Challenge Handshake
Authentication Protocol), MS-CHAP (Microsoft Challenge Handshake Authentication
Protocol), PAP (Password Authentication Protocol), RADIUS (Remote Authentication Dial-
In User Service), Kerberos and EAP (Extensible Authentication Protocol)).
07 2548 ch06 5/16/05 12:30 PM Page 144
144
What you need to know
✓
✓
✓
✓
Identify the various characteristics of WAN technologies.
Identify the functions and characteristics of various remote access protocols.
Identify the functions and characteristics of various security protocols.
Identify the technologies needed to establish remote connectivity.
Many technologies are used to create today’s wide area networks (WANs).
Each of these technologies has advantages and disadvantages, making some of them well suited for certain environments and completely impractical in others. Each of the technologies varies in terms of media, speed, availability, and cost. This chapter examines various WAN technologies and the protocols used to secure and establish the connections.
Many of today’s network environments are not restricted to a single location or LAN. Instead, many of these networks span great distances, becoming wide area networks (WANs). When they do, hardware and software are needed to connect these networks. This section reviews the characteristics of various WAN technologies. Before we go on to discuss the specific WAN technologies, we must first look at an important element of the WAN technologies—switching methods.
In order for systems to communicate on a network, there has to be a communication path or multiple paths between which the data can travel. To communicate with another entity, these paths move the information from one location to another and back. This is the function of
switching
. Switching provides communication pathways between two endpoints and manages how data is to flow between these endpoints. Two of the more common switching methods used today include:
➤
Packet switching
➤
Circuit switching
For the Network+ exam, you will be expected to identify the differences between switching methods.
07 2548 ch06 5/16/05 12:30 PM Page 145
In packet switching, messages are broken down into smaller pieces called
packets
. Each packet is assigned source, destination, and intermediate node addresses. Packets are required to have this information because they do not always use the same path or route to get to their intended destination.
Referred to as
independent routing
, this is one of the advantages of packet switching. Independent routing allows for a better use of available bandwidth by letting packets travel different routes to avoid high-traffic areas.
Independent routing also allows packets to take an alternate route if a particular route is unavailable for some reason.
Packet switching is the most popular switching method for networks and is used on most LANs.
145
In a packet-switching system, when packets are sent onto the network, the sending device is responsible for choosing the best path for the packet. This path might change in transit, and it is possible for the receiving device to receive the packets in a random or nonsequential order. When this happens, the receiving device waits until all the data packets are received, and then it reconstructs them according to their built-in sequence numbers.
Two types of packet-switching methods are used on networks:
virtual-circuit packet switching
and
datagram packet switching
.
➤
Virtual-Circuit Packet Switching
—When virtual-circuit switching is used, a logical connection is established between the source and the destination device. This logical connection is established when the sending device initiates a conversation with the receiving device. The logical communication path between the two devices can remain active for as long as the two devices are available or can be used to send packets once.
After the sending process has completed, the line can be closed.
➤
Datagram Packet Switching
—Unlike virtual-circuit packet switching, datagram packet switching does not establish a logical connection between the sending and transmitting devices. The packets in datagram packet switching are independently sent, meaning that they can take different paths through the network to reach their intended destination. To do this, each packet must be individually addressed to determine where its source and destination are. This method ensures that packets take the easiest possible routes to their destination and avoid high-traffic areas.
07 2548 ch06 5/16/05 12:30 PM Page 146
146
In contrast to the packet-switching method,
circuit switching
requires a dedicated physical connection between the sending and receiving devices. The most commonly used analogy to represent circuit switching is a telephone conversation in which the parties involved have a dedicated link between them for the duration of the conversation. When either party disconnects, the circuit is broken and the data path is lost. This is an accurate representation of how circuit switching works with network and data transmissions.
The sending system establishes a physical connection, the data is transmitted between the two, and when the transmission is complete, the channel is closed.
Some clear advantages to the circuit-switching technology make it well suited for certain applications. The primary advantage is that after a connection is established, there is a consistent and reliable connection between the sending and receiving device. This allows for transmissions at a guaranteed rate of transfer.
Like all technologies, circuit switching has downsides. As you might imagine, a dedicated communication line can be very inefficient. After the physical connection is established, it is unavailable to any other sessions until the transmission is complete. Again, using the phone call analogy, this would be like a caller trying to reach another caller and getting a busy signal. Circuit switching can therefore be fraught with long connection delays.
ISDN has long been an alternative to the slower modem WAN connections but at a higher cost. ISDN allows the transmission of voice and data over the same physical connection.
ISDN connections are considerably faster than regular modem connections.
To access ISDN, a special phone line is required, and this line is usually paid for through a monthly subscription. You can expect these monthly costs to be significantly higher than those for traditional dial-up modem connections.
To establish an ISDN connection, you dial the number associated with the receiving computer, much as you do with a conventional phone call or modem dial-up connection. A conversation between the sending and receiving devices is then established. The connection is dropped when one end disconnects or hangs up. The line pickup of ISDN is very fast, allowing a connection to be established, or brought up, much more quickly than a conventional phone line.
07 2548 ch06 5/16/05 12:30 PM Page 147
ISDN has two defined interface standards—Basic Rate Interface (BRI) and
Primary Rate Interface (PRI).
BRI ISDN
uses three separate channels—two bearer (B) channels of 64Kbps each and a delta (D) channel of 16Kbps. B channels can be divided into 4 D channels, which allows businesses to have 8 simultaneous Internet connections. The B channels carry the voice or data, and the D channels are used for signaling.
The two B channels can be used independently as 64Kbps carriers, or they can be combined to provide 128Kbps transfer speeds.
BRI ISDN channels can be used separately using 64Kbps transfer or combined to provide 128Kbps transfer rates.
147
PRI is a form of ISDN that is generally carried over a T1 line and can provide transmission rates of up to 1.544Mbps. PRI is composed of 23 B channels, each providing 64Kbps for data/voice capacity, and one 64Kbps D channel, which is used for signaling. Table 6.1 compares BRI and PRI ISDN.
ISDN is considered a
leased line
because access to ISDN is leased from a service provider.
Table 6.1
BRI and PRI ISDN Comparison
Characteristic
Speed
Channels
Transmission carrier
PRI
1.544Mbps
23B+D
T1
BRI
128Kbps
2B+D
ISDN
Be ready to answer questions about the characteristics of both BRI and PRI for the
Network+ exam.
07 2548 ch06 5/16/05 12:30 PM Page 148
148
FDDI is an American National Standards Institute (ANSI) topology standard that uses fiber-optic cable and token-passing media access.
FDDI is implemented using both multimode and single-mode fiber cable and can reach transmissions speeds of up to 100Mbps at distances of more than 2 kilometers. FDDI combines the strengths of Token Ring, the speed of Fast Ethernet, and the security of fiber-optic cable. Such advantages make
FDDI a strong candidate for creating network backbones and connecting private LANs to create MANs and WANs.
The Copper Distributed Data Interface (CDDI) standard defines FDDI over copper cable rather than fiber-optic cable. However, the limitations of copper cable—such as increased EMI risk and attenuation—are in effect.
Unlike the regular 802.5 network standard, FDDI uses a dual-ring configuration. The first, or primary, ring is used to transfer the data around the network, and the secondary ring is used for redundancy and fault tolerance; the secondary ring waits to take over if the primary ring fails. If the primary ring fails, the secondary ring kicks in automatically, with no disruption to network users.
Even though the second ring sits dormant, you can connect network devices to both rings. Network devices that attach to both rings are referred to as
Class A stations
, or dual attached stations (DASs). Network devices that connect to a single ring are called
Class B stations
, or single attached stations (SASs).
FDDI has a few significant advantages—some of which stem directly from the fact that it uses fiber-optic cable as its transmission media. These include a resistance to EMI, the security offered by fiber, and the longer distances available with fiber cable. In addition to the advantages provided by the fiber-optic cable, FDDI itself has a few strong points, including
➤
Fault-tolerant design
—By using a dual-ring configuration, FDDI provides some fault tolerance. If one cable fails, the other can be used to transmit the data throughout the network.
➤
Speed because of the use of multiple tokens
—Unlike the IEEE
802.5 standard, FDDI uses multiple tokens, which increase the overall network speed.
➤
Beaconing
—FDDI uses beaconing as a built-in error-detection method, making finding faults, such as cable breaks, a lot easier.
07 2548 ch06 5/16/05 12:30 PM Page 149
Like every technology, there are always a few caveats:
➤
—The costs associated with FDDI and the devices and cable needed to implement an FDDI solution are very costly; too costly for many small organizations.
➤
—FDDI setup and management can be very complex, requiring trained professionals with significant experience to manage and maintain the cable and infrastructure.
T-carrier lines
are high-speed dedicated digital lines that can be leased from telephone companies. This creates an always open, always available line between you and whomever you choose to connect to when you establish the service. T-carrier lines can support both voice and data transmissions and are often used to create point-to-point private networks. Because they are a dedicated link, they can be a costly WAN option. Four types of T-carrier lines are available:
➤
—T1 lines offer transmission speeds of 1.544Mbps, and they can create point-to-point dedicated digital communication paths. T1 lines have commonly been used for connecting LANs.
➤
—T2 leased lines offer transmission speeds of 6.312Mbps. They accomplish this by using 96 64Kbps B channels.
➤
—T3 lines offer transmission speeds of up to 44.736Mbps, using 672
64Kbps B channels.
➤
—T4 lines offer impressive transmission speeds of up to
274.176Mbps by using 4,032 64Kbps B channels
Of these T-carrier lines, the ones commonly associated with networks and the ones most likely to appear on the Network+ exam are the T1 and T3 lines.
Because of the cost of a T-carrier solution, it is possible to lease portions of a T-carrier service. Known as
fractional T
, you can subscribe and pay for service based on
64Kbps channels.
149
It is important to point out that T-carrier is the designation to the technology used in the United States and Canada. In Europe, they are referred to as
E-carriers and in Japan, J-carriers. Table 6.2 shows the T/E/J carriers.
07 2548 ch06 5/16/05 12:30 PM Page 150
150
Table 6.2
Name
Comparing T/E/J Carriers
Transmission Speed
T-1
T-1C
T-2
T-3
1.544Mbps
3.152Mbps
6.312Mbps
44.736Mbps
T-4
J-0
274.176Mbps
64Kbps
J-1 1.544Mbps
J-1C 3.152Mbps
E-0
E-1
E-2
E-3
J-2 6.312Mbps
J-3 32.064Mbps
J-3C 97.728Mbps
J-4 397.200Mbps
E-4
E-5
64Kbps
2.048Mbps
8.448Mbps
34.368Mbps
139.264Mbps
565.148Mbps
Ensure that you review the speeds of the various T-carriers for the Network+ exam.
x
Bell Communications Research developed SONET, a fiber-optic WAN technology that delivers voice, data, and video at speeds in multiples of
51.84Mbps. Bell’s main goals in creating SONET were to create a standardized access method for all carriers and to unify different standards around the world. SONET is capable of transmission speeds between 51.84Mbps and
2.488Gbps.
One of Bell’s biggest accomplishments with SONET was to create a new system that defined data rates in terms of Optical Carrier (OC) levels, as shown in Table 6.3.
07 2548 ch06 5/16/05 12:30 PM Page 151
Table 6.3
OC Level
OC-1
OC-3
OC-12
OC-24
OC-48
OC-192
OC Levels and Transmission Rates
Transmission Rate
51.84Mbps
155.52Mbps
622.08Mbps
1.244Gbps
2.488Gbps
9.953Gbps
Synchronous Digital Hierarchy (SDH) is the International counterpart to SONET.
151
One of the older WAN technologies is X.25, which is a packet-switching technology. Today, X.25 is not as widely implemented as it once was. X.25’s veteran status is both its greatest advantage and its greatest disadvantage. On the upside, X.25 is a global standard that can be found in many places. X.25
had an original maximum transfer speed of 56Kbps, which, when compared to other technologies in the mid-1970s, was fast but almost unusable for most applications on today’s networks. In the 1980s a digital version of X.25
was released increasing throughput to a maximum 64kbps. This too is slow by today’s standards.
Because X.25 is a packet-switching technology, it uses different routes to get the best possible connection between the sending and receiving device at a given time. As conditions on the network change, such as increased network traffic, so do the routes that the packets take. Consequently, each packet is likely to take a different route to reach its destination during a single communication session. The devices that make it possible to use X.25 service are called
packet assemblers/disassemblers
(PADs). A PAD is required at each end of the X.25 connection. Table 6.4 compares the various WAN technologies reviewed in this Chapter.
07 2548 ch06 5/16/05 12:30 PM Page 152
152
Table 6.4
WAN
Technology
ISDN
Comparing WAN Technologies
Speed
BRI:
64Kbps to
128Kbps
Supported
Media
Copper/ fiber-optic
PRI:
64Kbps to
1.5Mbps
Switching
Method Used
Can be used for circuitswitching or packetswitching connections
T-carrier
(T1, T3)
FDDI
X.25
SONET/Ocx
T1:
1.544Mbps
44.736Mbps
100Mbps
56Kbps/
64Kbps
51.8Mbps
Copper/ fiber-optic
Fiber-optic
Copper/ fiber-optic
Fiber-optic to 2.4Gbps
Circuit switching
N/A
Packet switching
N/A
Key
Characteristics
ISDN can be used to transmit all types of traffic, including voice, video, and data. BRI uses 2B+D channels,
PRI uses 23B+D channels. B channels are 64Kbps. ISDN uses the public network and requires dial-in access.
T-carrier is used to create point-to-point for private networks.
Uses a dual-ring configuration for fault tolerance.
Uses a token-passing media-access method.
Uses beaconing for error detection.
X.25 is limited to
56Kbps. X.25 provides a packet-switching network over standard phone lines.
SONET defines synchronous data transfer over optical cable.
Internet access has become an integral part of modern business. There are several ways to obtain Internet access. The type chosen will often depend on the cost as well as what technologies are available in the area you are located. This section explores some of the more common methods of obtaining
Internet access.
07 2548 ch06 5/16/05 12:30 PM Page 153
The term
broadband
is often used to refer to high-speed Internet access. Both DSL and cable modem are common broadband Internet technologies. Broadband routers and broadband modems are network devices that support both DSL and cable.
153
DSL is an Internet access method that uses a standard phone line to provide high-speed Internet access. DSL is most commonly associated with highspeed Internet access; because it is less expensive than technologies such as
ISDN, it is often used in homes and small businesses. With DSL, a different frequency can be used for digital and analog signals, which means that you can talk on the phone while you’re uploading data.
DSL arrived on the scene in the late 1990s, and it brought with it a staggering number of flavors. Together, all these variations are known as xDSL:
➤
—Probably the most common of the DSL varieties is ADSL. ADSL uses different channels on the line: One channel is used for POTS and is responsible for analog traffic, the second channel is used to provide upload access, and the third channel is used for downloads. With ADSL, downloads are faster than uploads.
➤
—SDSL offers the same speeds for uploads and for downloads, making it most suitable for business applications such as Web hosting, intranets, and e-commerce. It is not widely implemented in the home/small business environment and cannot share a phone line.
➤
—ISDN DSL is a symmetric type of DSL that is commonly used in environments where SDSL and ADSL are unavailable. IDSL does not support analog phones.
➤
—RADSL is a variation on ADSL that can modify its transmission speeds based on the signal quality. RADSL supports line sharing.
➤
—VHDSL is an asymmetric version of DSL and, as such, can share a telephone line.
➤
—HDSL is a symmetric technology that offers identical transmission rates in both directions. HDSL does not allow line sharing with analog phones.
Why are there are so many DSL variations? The answer is quite simply that each flavor of DSL is aimed at a different user, business, or application.
07 2548 ch06 5/16/05 12:30 PM Page 154
154
Businesses with high bandwidth needs are more likely to choose a symmetric form of DSL, whereas budget-conscious environments such as home offices are likely to opt for an option that allows phone line sharing at the expense of bandwidth. In addition, some of the DSL variants are simply older technologies. While the name persists, they have been replaced with newer DSL implementations. When you’re working in a home/small office environment, you should expect to work with an ADSL system.
Table 6.5 summarizes the maximum speeds of the various DSL options.
Keep in mind that maximum speeds are rarely obtained.
Table 6.5
DSL Speeds
DSL Variation Upload Speed
ADSL
SDSL
IDSL
RADSL
VHDSL
HDSL
1Mbps
1.5Mbps
144Kbps
1Mbps
1.6Mbps
768Kbps
Download Speed
8Mbps
1.5Mbps
144Kbps
7Mbps
13Mbps
768Kbps
Cable Internet access is an always on Internet access method that is available in areas that have digital cable television. Cable Internet access is attractive to many small businesses and home office users because it is both inexpensive and reliable. Most cable providers do not restrict how much use is made of the access. Connectivity is achieved by using a device called a
cable modem
; it has a coaxial connection for connecting to the provider’s outlet and an
Unshielded Twisted Pair (UTP) connection for connecting directly to a system or to a hub or switch.
Cable providers often supply a cable modem free of charge, although of course you are paying for the rental of the modem in a monthly service fee.
Many cable providers offer free or low-cost installation of cable Internet service, which includes installing a network card in a PC. Some providers also do not charge for the network card. Cable Internet costs are comparable to DSL subscription.
Most cable modems supply a 10Mbps Ethernet connection for the home
LAN, although you wouldn’t expect the actual Internet connection to reach
07 2548 ch06 5/16/05 12:30 PM Page 155 these speeds. The actual speed of the connection can vary somewhat depending on the utilization of the shared cable line in your area. In day-to-day application, data rates range from 1.5Mbps to 3Mbps.
A cable modem is generally equipped with a medium-dependent interface crossed
(MDI-X) port, so a straight through UTP cable can be used to connect the modem to a system.
155
One of the biggest disadvantages of cable access is cited (by DSL providers at least) as the fact that you share the available bandwidth with everyone else in your cable area. As a result, during peak times, performance of a cable link might be poorer than in low-use periods. In residential areas, busy times are evenings and weekends, and particularly right after school. In general, though, performance with cable systems is good, and in low-usage periods, it can be very fast.
Although the debate between cable and DSL goes on, for us regular users, it really won’t make that much difference which one we choose. Although cable modem technology delivers
shared bandwidth
within the local neighborhood, its speeds are marginally higher but influenced by this shared bandwidth. DSL delivers
dedicated local bandwidth
but is sensitive to distance that impacts overall performance. With the monthly costs about the same, it really is too close to call.
Whether using DSL or cable Internet access, there are a few things to keep in mind. Each of these technologies offers always on service. This means that even when you are away from your computer, it is still on the Internet. As you can imagine, this creates a security risk. The longer you are online, the more chance someone has of remotely accessing your system.
The operating systems we use today all have some security holes through which some people are waiting to exploit. These attacks often focus on technologies such as email or open TCP/UDP ports. Combining OS security holes with an always on Internet technology is certainly a dangerous mix.
Today, DSL and cable Internet connections have to be protected by mechanisms such as firewalls to protect the system. The firewall system will offer features such as packet filtering and network address translation (NAT). The firewall can be a third-party software application installed on the system, or it can be a hardware device.
In addition to a firewall, it is equally important to ensure that the operating system you are using is completely up-to-date in terms of service packs and
07 2548 ch06 5/16/05 12:30 PM Page 156
156
security updates. Today’s client systems typically offer automatic update features that will alert you when a new security update is available.
Following a few safety rules, both DSL and cable Internet can provide safe
Internet access. We just have to be security diligent.
The most popular means of connecting to the Internet or a remote network might still be the good old telephone line and modem.
Internet access through a phone system requires two things: a modem and a dial-up access account through an ISP.
Modems
are devices that convert the digital signals generated by a computer system into analog signals that can travel across a phone line. A computer can have either an internal or external modem. External modems tend to be less problematic to install and troubleshoot because they don’t require reconfiguration of the host system.
Internal modems use one of the serial port assignments (that is, a COM port) and must therefore be configured not to conflict with other devices.
The second piece of the puzzle, the dial-up ISP account, can easily be obtained by contacting one of the many local, regional, or national ISPs.
Most ISPs offer a range of plans that are normally priced based on the amount of time the user is allowed to spend online. Almost without exception, ISPs offer 56Kbps access, the maximum possible under current standards. Most ISPs also provide email accounts, access to newsgroup servers, and often small amounts of Web space.
It is a good idea to research an ISP choice carefully. Free services exist, but they generally restrict users to a certain number of online hours per month or use extensive banner advertising to pay for the services. Normally, you pay a monthly service fee for an ISP; doing so provides a degree of reassurance because the ISP can be held accountable. Paid-for service also tends to provide a higher level of support.
Another big consideration for dial-up Internet access is how many lines the
ISP has. ISPs never have the same number of lines as subscribers; instead, they work on a first-come, first-serve basis for dial-up clients. This means that on occasion, users get busy signals when they try to connect. Before signing up for a dial-up Internet access account, you should ask the company what its ratio of lines to subscribers is and use that figure as part of your comparison criteria.
07 2548 ch06 5/16/05 12:30 PM Page 157
Many of us take DSL and cable Internet access for granted, but these technologies are not offered everywhere. For areas where cheaper broadband options are not available, there are a limited number Internet options. One of the primary ones is Internet via satellite.
Satellite access provides a viable Internet access solution for those who cannot get other methods of broadband. Satellite Internet offers an always on connection with theoretical speeds advertised anywhere from 512Kbps upload speeds to 2048Kbps download speeds, considerably faster than a 56k dial-up connection. One of the primary drawbacks to satellite Internet is the cost, and even with the high price tag, it is not as fast as DSL or cable modem.
Although satellite Internet is slower and more costly than DSL or cable, it offers some very attractive features—first of which has to be its portability.
Quite literally, wherever you go, you can have Internet access. For business with remote users and clients, the benefit to this is clear. But the technology has far reaching impact; it is not uncommon to see RVs with a satellite dish on the roof. They have 24/7 unlimited access to the Internet as they travel.
There are many companies offering satellite Internet services, and a quick
Internet search will reveal many. These Internet providers offer different
Internet packages that vary greatly in terms of price, access speeds, and service. Some target business, whereas others are aiming for the private market.
Two different types of broadband Internet satellite services are deployed: one-way and two-way systems. A
one-way satellite system
requires a satellite card and a satellite dish installed at the end user’s site; this system works by sending outgoing requests on one link using a phone line, with inbound traffic returning on the satellite link. A
two-way satellite system,
on the other hand, provides data paths for both upstream and downstream data. Like a one-way system, a two-way system also uses a satellite card and a satellite dish installed at the end user’s site; bidirectional communication occurs directly between the end user’s node and the satellite.
Home satellite systems are asymmetric; that is, download speeds are faster than upload speeds. In fact, a home satellite system is likely to use a modem for the upline traffic, with downloads coming over the satellite link. The exact speeds you can expect with satellite Internet depend on many factors. As with other wireless technologies, atmospheric conditions can significantly affect the performance of satellite Internet access. One additional consideration for satellite Internet is increased
propagation time
—the time it takes for the signal to travel back and forth from the satellite. In networking terms, this time is very high and an important consideration for business applications.
157
07 2548 ch06 5/16/05 12:30 PM Page 158
158
Not too long ago, it would have been inconceivable to walk into your local coffee shop with your laptop under your arm and surf the Web while drinking a latte. Putting aside the fact that beverages and laptops don’t mix, wireless Internet access is everywhere and increasing.
Wireless Internet access is provided by a Wireless Internet Service Provider
(WISP). The WISP provides public wireless Internet access known as
hotspots
. Hotspots provide Internet access for mobile network devices such as laptops, handheld computers, and cell phones in airports, coffee shops, conference rooms, and so on. A hotspot is created using one or many wireless access points near the hotspot location.
Client systems might need to install special application software for billing and security purposes; others require no configuration other than obtaining the network name (SSID). Hotspots do not always require a fee for service as companies use them as a marketing tool to lure Internet users to their businesses.
As of today, hotspots are not everywhere, but finding them is not difficult.
Typically, airports, hotels, and coffee shops will advertise that they offer
Internet access for customers or clients. In addition, WISP providers list their hotspot sites online so that they are easily found.
Establishing a connection to a wireless hotspot is a straightforward process.
If not equipped with built-in wireless capability, laptops will require an external wireless adapter card. With the physical requirements of the wireless card taken care of, connect as follows:
1.
When you arrive at the hotspot site, power up your laptop. In some instances, you might need to reboot your system if it was on standby to clear out old configuration settings.
2.
The card might detect the network automatically. If this is the case, configuration settings, such as the SSID, will be automatically detected, and the wireless Internet will be available. If Internet access is free, there is little else to do; if it is a paid-for service, you will need to enter a method of payment. One thing to remember is to verify that you are using encryption for secure data transfer.
3.
If for some reason the wireless settings are not automatically detected, you will need to open up your wireless NICs configuration utility and manually set the configurations. These settings can include setting the mode to infrastructure, inputting the correct SSID, and setting the level of encryption used.
07 2548 ch06 5/16/05 12:30 PM Page 159
In addition to using a WISP, some companies such as hotels and cafes will provide wireless Internet access by connecting a wireless router to a DSL or cable Internet connection. The router becomes the wireless access point to which the users connect, and it allows clients to connect to the Internet through the broadband connection. The technology is based on the 802.11
standards, typically 802.11b/g, and client systems require only an internal or external wireless adapter.
Today, there are many ways to establish remote access into networks. Some of these include such things as virtual private networks (VPNs) or plain old modem dial-up access. Regardless of the technique used for remote access or the speed at which access is achieved, certain technologies need to be in place in order for the magic to happen. These technologies include the protocols to allow the access to the server and to secure the data transfer after the connection is established. Also necessary are methods of access control that make sure only authorized users are using the remote access features.
All the major operating systems include built-in support for remote access.
They provide both the access methods and security protocols necessary to secure the connection and data transfers.
RAS
is a remote access solution included with Windows Server products.
RAS is a feature-rich, easy-to-configure, and easy-to-use method of configuring remote access.
In Windows 2000, Microsoft renamed the RAS service Routing and Remote Access
Service (RRAS). The basic RAS functionality, however, is the same as in previous versions of Windows.
159
Any system that supports the appropriate dial-in protocols, such as PPP, can connect to a RAS server. Most commonly, the clients are Windows systems that use the dial-up networking feature; but any operating system that supports dial-up client software will work. Connection to a RAS server can be made over a standard phone line, using a modem, over a network, or via an
ISDN connection.
07 2548 ch06 5/16/05 12:30 PM Page 160
160
RAS supports remote connectivity from all the major client operating systems available today, including all newer Windows OSs:
➤
Windows 2000 Professional–based clients
➤
Windows XP Home–based clients
➤
Windows XP Professional–based clients
➤
UNIX-based\Linux clients
➤
Macintosh-based clients
Although the system is called RAS, the underlying technologies that enable the RAS process are dial-up protocols such as Serial Line Internet Protocol
(SLIP) and Point-to-Point Protocol (PPP).
SLIP was designed to allow data to be transmitted via Transmission Control
Protocol/Internet Protocol (TCP/IP) over serial connections in a UNIX environment. SLIP did an excellent job, but time proved to be its enemy.
SLIP was developed in an atmosphere in which security was not an overriding concern; consequently, SLIP does not support encryption or authentication. It transmits all the data used to establish a connection (username and password) in clear text, which is, of course, dangerous in today’s insecure world.
Clear text
simply means that the information is sent unencrypted, and anyone can intercept with a packet capture program and read the data with his or her favorite word processor.
In addition to its inadequate security, SLIP also does not provide error checking or packet addressing, so it can be used only in serial communications. It supports only TCP/IP, and log in is accomplished through a terminal window.
Many operating systems still provide at least minimal SLIP support for backward capability to older environments, but SLIP has been replaced by a newer and more secure alternative: PPP. SLIP is still used by some government agencies and large corporations in UNIX remote access applications, so you might come across it from time to time.
07 2548 ch06 5/16/05 12:30 PM Page 161
PPP is the standard remote access protocol in use today. PPP is actually a family of protocols that work together to provide connection services.
Because PPP is an industry standard, it offers interoperability between different software vendors in various remote access implementations. PPP provides a number of security enhancements compared to regular SLIP—the most important being the encryption of usernames and passwords during the authentication process. PPP allows remote clients and servers to negotiate data encryption methods and authentication methods and support new technologies. PPP even gives administrators the ability to choose which particular local area network (LAN) protocol to use over a remote link. For example, administrators can choose among NetBIOS Extended User Interface
(NetBEUI), NWLink (Internetwork Packet Exchange/Sequenced Packet
Exchange (IPX/SPX)), AppleTalk, or TCP/IP.
PPP can use a variety of LAN protocols to establish a remote link.
161
During the establishment of a PPP connection between the remote system and the server, the remote server needs to authenticate the remote user and does so by using the PPP authentication protocols. PPP accommodates a number of authentication protocols, and it’s possible on many systems to configure more than one authentication protocol. The protocol used in the authentication process depends on the security configurations established between the remote user and the server. PPP authentication protocols include CHAP, MS-CHAP (2), EAP, SPAP, and PAP. Each of these authentication methods is discussed later in this chapter in the section on authentication protocols.
Macintosh users can dial in to a Windows 2000 server by using PPP over AppleTalk
Control Protocol (ATCP). ATCP is installed when the AppleTalk protocol is installed, or it can be installed separately.
If you are working on a network that uses SLIP and run into connectivity problems, try upgrading to PPP, as it is more flexible and secure.
07 2548 ch06 5/16/05 12:30 PM Page 162
162
PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used for connecting multiple network users on an Ethernet local area network to a remote site through a common device. For example, using PPPoE it is possible to have all users on a network share the same link such as a DSL, cable modem, or a wireless connection to the Internet. PPPoE is a combination of
PPP and the Ethernet protocol, which supports multiple users in a local area network. Hence the name. The PPP protocol information is encapsulated within an Ethernet frame.
With PPPoE, a number of different users can share the same physical connection to the Internet, and in the process, PPPoE provides a way to keep track of individual user Internet access times. Because PPPoE allows for individual authenticated access to high-speed data networks, it is an efficient way to create a separate connection to a remote server for each user. This strategy allows Internet access and billing on a per-user basis rather than a per-site basis.
Users accessing PPPoE connections require the same information as required with standard dial-up phone accounts, including a username and password combination. As with a dial-up PPP service, an Internet service provider (ISP) will most likely automatically assign configuration information such as the IP address, subnet mask, default gateway, and DNS server.
There are two distinct stages in the PPPoE communication process—the discover stage and the PPP session stage. The discovery stage has four steps to complete to establish the PPPoE connection: initiation, offer, request, and session confirmation. These steps represent back and forth communication between the client and the PPPoE server. Once these steps have been negotiated, the PPP session can be established using familiar PPP authentication protocols.
The function of the Point-to-Point Tunneling Protocol (PPTP) is to create a secure transmission
tunnel
between two points on a network. The tunneling functionality that PPTP provides forms the basis for creating multi-protocol virtual private networks (VPNs), which allow users to access remote networks through a secure connection. PPTP works in conjunction with
PPP and, as such, uses PPP authentication methods including PAP, CHAP, and MS-CHAP.
07 2548 ch06 5/16/05 12:30 PM Page 163
PPTP uses tunneling to provide secure data transmissions over a public network. In many cases, PPTP is used to create a VPN across the Internet.
163
To establish a PPTP session between a client and server, a TCP connection known as a
PPTP control connection
is required to create and maintain the communication tunnel. The PPTP control connection exists between the IP address of the PPTP client and the IP address of the PPTP server, using
TCP port 1723 on the server and a dynamically assigned port on the client.
It is the function of the PPTP control connection to pass the PPTP control and management messages used to maintain the PPTP communication tunnel between the remote system and the server. Once the PPTP connection is made, it provides a secure channel, or tunnel, using the original PPP connection between the devices.
VPNs are one of the most popular methods of remote access. Essentially, a
VPN extends a LAN by establishing a remote connection, using a public network such as the Internet. A VPN provides a point-to-point dedicated link between two points over a public IP network.
VPN encapsulates encrypted data inside another datagram that contains routing information. The connection between two computers establishes a switched connection that is dedicated to the two computers. The encrypted data is encapsulated inside the PPP or IPSec protocols and that connection is used to deliver the data.
A VPN allows anyone with an Internet connection to use the infrastructure of the public network to dial in to the main network and access resources as if he or she were logged on to the network locally. It also allows two networks to be connected to each other securely. Once connected, data can be exchanged between networks. In this way, VPNs create a WAN.
Many elements are involved in establishing a VPN connection, including the following:
➤
—The VPN client is the computer that initiates the connection to the VPN server.
➤
—The VPN server authenticates connections from VPN clients.
07 2548 ch06 5/16/05 12:30 PM Page 164
164
➤
An access method
—As mentioned, a VPN is most often established over a public network such as the Internet; however, some VPN implementations use a private intranet. The network that is used must be IP based.
➤
VPN protocols
—Protocols are required to establish, manage, and secure the data over the VPN connection. PPTP and L2TP are commonly associated with VPN connections.
VPNs have become very popular because they allow the public Internet to be safely used as a wide area network (WAN) connectivity solution.
VPNs support analog modems and ISDN, as well as dedicated broadband connections such as cable and DSL. You should remember this for the exam.
In a Windows environment, Terminal Services provides a way for a client system to connect to a server, such as Windows server 2000/2003, and by using the Remote Desktop Protocol (RDP) run programs on the server as if they were local client applications. Such a configuration is known as
thin client computing,
whereby client systems use the resources of the server instead of their local processing power.
Originally, Terminal Services was available in remote administration mode or application server mode. Today, in Windows Server 2003, Terminal
Services remote administration mode is no more as it has been replaced with the Remote Desktop feature.
Windows Server 2003 and XP Professional have built-in support for Remote
Desktop Connections. The underlying protocol used to manage the connection is RDP. RDP is a low bandwidth protocol used to send mouse movements, keystrokes, and bitmap images of the screen on the server to the client computer. RDP does not actually send data over the connection—only screenshots and client keystrokes.
Any discussion of remote access is sure to include security, and for a good reason: Remote access opens your network to remote users. Although you’d
07 2548 ch06 5/16/05 12:30 PM Page 165 like to think that only authorized users would try to connect from remote locations, the reality is that an equal number of illegitimate users will probably attempt to connect. Because many of the methods used to establish remote access are over public networks, securing the data you send and the points at which you connect at an important consideration. A significant element of this security is encryption.
Encryption
is the process of encoding data so that it can be securely sent over remote connections. As well as encrypting the data itself, the usernames and passwords used to gain access to the remote network are also typically encrypted. In practical terms,
encryption
is the process of encoding data using a mathematical algorithm that makes it difficult for unauthorized users to read the data if they are able to intercept it. The algorithm used in the encryption is actually a mathematical value known as a
key
. The key is required in order to read the encrypted data. Encryption techniques use public and private keys; public keys can be shared, and private keys cannot.
IPSec was created by the Internet Engineering Task Force (IETF) and can be used on both IPv4 and IPv6 networks. It is designed to encrypt data and authenticate users. IPSec encryption ensures that data on a network cannot be viewed, accessed, or modified by those who should not have access to it.
IPSec provides security for both internal and external networks. It might seem that protection on an internal network is less necessary than on an external network; however, much of the data you send across networks has little or no protection, allowing unwanted eyes to access it.
IPSec provides several key security services:
➤
—It verifies that the data received is from the intended source.
➤
—It ensures that the data has not been tampered with and changed between the sending and receiving devices.
➤
—It ensures that the data sent between the sending and receiving devices is unreadable by any other devices.
IPSec operates at the network layer of the Open Systems Interconnect (OSI) model and provides security for protocols that operate at higher layers of the
OSI model. Thus, by using IPSec, you can secure practically all TCP/IPrelated communications.
165
07 2548 ch06 5/16/05 12:30 PM Page 166
166
The
Layer 2 Tunneling Protocol (L2TP)
is a combination of PPTP and Cisco’s
L2F technology. L2TP utilizes tunneling to deliver data. It authenticates the client in a two-phase process: It first authenticates the computer and then the user. By authenticating the computer, it prevents the data from being intercepted, changed, and returned to the user in what is known as a
man-in-themiddle attack
. L2TP assures both parties that the data they are receiving is the data sent by the originator.
L2TP operates at the data-link layer, making it protocol independent. This means that an L2TP connection can support protocols such as IPX and
AppleTalk.
L2TP and PPTP are both tunneling protocols, so you might be wondering which you should use. Here is a quick list of some of the advantages of each, starting with PPTP:
➤
PPTP has been around the longest; it offers more interoperability than
L2TP.
➤
PPTP is easier to configure than L2TP because L2TP uses digital certificates.
➤
PPTP has less overhead than L2TP.
The following are some of the advantages of L2TP:
➤
L2TP offers greater security than PPTP.
➤
L2TP supports common public key infrastructure technology.
➤
L2TP provides support for header compression.
SSL is a security protocol that is used on the Internet. Originally developed by Netscape for use with its Navigator browser, SSL uses public key encryption to establish secure connections over the Internet. SSL provides three key services:
➤
Server authentication
—SSL allows a user to confirm a server’s identity.
For example, you can use this ability when you are purchasing something online with a credit card but first want to verify the server’s identity.
07 2548 ch06 5/16/05 12:30 PM Page 167
➤
—SSL allows a server to confirm a user’s identity.
This functionality is often used when a server is sending sensitive information—such as banking information or sensitive documents—to a client system and wants to verify the client’s identity.
➤
—It is possible to configure SSL to require all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software. Doing this establishes private and secure communication between two devices. In addition, SSL has a mechanism to determine whether the data sent has been tampered with or altered in transit.
You can see SSL security on the Web when you access a secure universal resource locator (URL). Secure websites begin with https:// instead of the http://
. Hypertext Transfer Protocol over SSL (HTTPS) connections require a browser with built-in security features to establish a secure connection.
WEP was the first attempt to keep wireless networks safe. WEP was designed to be easy to configure and implement. Originally, it was hoped that
WEP would provide the same level of security to wireless networks as was available to wired. It was soon discovered that WEP had significant shortcomings.
WEP is an IEEE standard, introduced in 1997, designed for securing 802.11
networks. With WEP enabled, each data packet transmitted over the wireless connection would be encrypted. Originally, the data packet was combined with a secret 40-bit number key as it passed through an encryption algorithm known as RC4. The packet was scrambled and sent across the airwaves. On the receiving end, the data packet passed through the RC4 backward, and the host received the data as it was intended. WEP originally used a 40-bit number key, but later specified 128-bit encryption, making WEP that much more robust.
WEP was designed to provide security by encrypting data from the sending and receiving devices. In a short period of time, however, it was discovered that WEP encryption was not nearly as secure as hoped. Part of the problem was that when the 802.11 standards were being written, security was not the major concern it is today. As a result, WEP security was easy to crack with freely available hacking tools. From this point, wireless communication was regarded as a potentially insecure transmission media.
167
07 2548 ch06 5/16/05 12:30 PM Page 168
168
Security weaknesses associated with WEP provided administrators with a very valid reason to be concerned with wireless security. The need for increased wireless security was important for wireless networking to reach its potential and to bring a sense of confidence for those with sensitive data to use wireless communications. In response, the Wi-Fi Protected Access
(WPA) was created. WPA was designed to improve on the security weaknesses of WEP and to be backward compatible with older devices using the
WEP standard. WPA addressed two main security concerns:
➤
Enhanced data encryption
—WPA uses a Temporal Key Integrity
Protocol (TKIP), which scrambles encryption keys using a hashing algorithm. Then the keys are issued an integrity check to verify that they have not been modified or tampered with during transit.
➤
Authentication
—WPA uses the Extensible Authentication Protocol
(EAP). WEP regulates access to a wireless network based on a computer’s hardware-specific MAC address, which is relatively simple to be sniffed out and stolen. EAP is built on a more secure public-key encryption system to ensure that only authorized network users can access the network.
802.1x is an IEEE standard specifying port-based network access control.
802.1x was not specifically designed for wireless networks—rather, it provides authenticated access for both wired and wireless networks. Port-based network access control uses the physical characteristics of a switched local area network (LAN) infrastructure to authenticate devices that are attached to a LAN port and to prevent access to that port in cases in which the authentication process fails.
During a port-based network access control interaction, a LAN port adopts one of two roles: authenticator or supplicant. In the role of authenticator, a
LAN port enforces authentication before it allows user access to the services that can be accessed through that port. In the role of supplicant, a LAN port requests access to the services that can be accessed through the authenticator’s port. An authentication server, which can either be a separate entity or co-located with the authenticator, checks the supplicant’s credentials on behalf of the authenticator. The authentication server then responds to the authenticator, indicating whether the supplicant is authorized to access the authenticator’s services.
07 2548 ch06 5/16/05 12:30 PM Page 169
The authenticator’s port-based network access control defines two logical access points to the LAN through one physical LAN port. The first logical access point, the uncontrolled port, allows data exchange between the authenticator and other computers on the LAN, regardless of the computer’s authorization state. The second logical access point, the controlled port, allows data exchange between an authenticated LAN user and the authenticator.
Two primary technologies are required for securing data transmissions: encryption and authentication. Encryption was discussed earlier; in this section, authentication protocols are reviewed.
When designing a remote connection strategy, it is critical to consider how remote users will be authenticated. Authentication defines the way in which a remote client and server will negotiate on a user’s credentials when the user is trying to gain access to the network. Depending on the operating system used and the type of remote access involved, several different protocols are used to authenticate a user. The following authentication protocols are used with various technologies, including PPP:
➤
—CHAP is an authentication system that uses the MD5 encryption scheme to secure authentication responses. CHAP is a commonly used protocol, and as the name suggests, anyone trying to connect is challenged for authentication information. When the correct information is supplied, the systems “shake hands,” and the connection is established.
➤
—MS-CHAP, based on CHAP, was developed to authenticate remote Windows-based workstations. There are two versions of MS-
CHAP; the main difference between the two is that MS-CHAP version
2 offers mutual authentication. This means that both the client and the server must prove their identities in the authentication process. Doing so ensures that the client is connecting to the expected server.
➤
—PAP is the least secure of the authentication methods because it uses unencrypted passwords. PAP is often not the first choice of protocols used; rather, it is used when more sophisticated types of authentication fail between a server and a workstation.
169
07 2548 ch06 5/16/05 12:30 PM Page 170
170
➤
Extensible Authentication Protocol (EAP)
—EAP is an extension made to standard PPP. EAP has additional support for a variety of authentication schemes including smart cards. It is often used with
VPNs to add security against brute-force or dictionary attacks.
➤
Shiva Password Authentication Protocol (SPAP)
—SPAP is an encrypting authentication protocol used by Shiva remote access servers.
SPAP offers a higher level of security than other authentication protocols such as PAP, but it is not as secure as CHAP.
Among the potential issues network administrators face when implementing remote access are utilization and the load on the remote access server. As a network’s remote access implementation grows, reliance on a single remote access server might be impossible, and additional servers might be required.
RADIUS can help in this scenario.
RADIUS is a protocol that enables a single server to become responsible for all remote access authentication, authorization, and auditing (or accounting) services. The RADIUS protocol can be implemented as a vendor-specific product such as Microsoft’s Internet Authentication Server (IAS).
RADIUS functions as a client/server system. The remote user dials in to the remote access server, which acts as a RADIUS client, or network access server (NAS), and connects to a RADIUS server. The RADIUS server performs authentication, authorization, and auditing (or accounting) functions and returns the information to the RADIUS client (which is a remote access server running RADIUS client software); the connection is either established or rejected based on the information received.
Seasoned administrators can tell you about the risks of sending clear-text, unencrypted passwords across any network. The Kerberos network authentication protocol is designed to ensure that the data sent across networks is safe from attack. Its purpose is to provide authentication for client/server applications.
Kerberos authentication works by assigning a unique key (called a
ticket
), to each client that successfully authenticates to a server. The ticket is encrypted and contains the password of the user, which is used to verify the user’s identity when a particular network service is requested.
07 2548 ch06 5/16/05 12:30 PM Page 171
Kerberos was created at Massachusetts Institute of Technology to provide a solution to network security issues. With Kerberos, the client must prove its identity to the server, and the server must also prove its identity to the client.
Kerberos provides a method to verify the identity of a computer system over an insecure network connection.
For the exam, you should know that the security tokens used in Kerberos are known as
tickets
.
171
Kerberos is distributed freely, as is its source code, allowing anyone interested to view the source code directly. Kerberos is also available from many different vendors that provide additional support for its use.
The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.
For the exam, don’t forget these important concepts:
➤
BRI ISDN uses 2 B channels of 64Kbps each.
➤
PRI ISDN uses 23 B channels offering up to 1.5Mbps transfer rates.
➤
T1 lines offer transmission speeds of up to 1.544Mbps, but are more costly than an ISDN solution.
➤
T3 lines offer transmission speeds of 44.736Mbps.
➤
T-carrier lines are used to create point-to-point network connections for private networks.
➤
FDDI can use a dual-ring configuration for fault tolerance.
➤
FDDI uses a token-passing media-access method.
➤
X-25 is restricted to transmission rates of 56Kbps or 64Kbps with digital implementations.
➤
SONET can transfer speeds of 51.8Mbps to 2.4Gbps.
➤
When a connection is made to the RAS server, the client is authenticated and the system that is dialing in becomes a part of the network.
07 2548 ch06 5/16/05 12:30 PM Page 172
172
➤
RAS supports remote connectivity from all the major client operating systems.
➤
Although the system is called RAS, the underlying technologies that enable the RAS process are dial-up protocols such as PPP and SLIP.
➤
SLIP also does not provide error checking or packet addressing, so it can be used only in serial communications.
➤
PPP provides a number of security enhancements compared to SLIP— the most important being the encryption of usernames and passwords during the authentication process.
➤
Windows 2000/XP clients natively support SLIP and PPP.
➤
The RDP protocol allows client systems to access and run applications on a server, using the resources of the server, with only the user interface, keystrokes, and mouse movement being transferred between the client and server computers.
➤
IPSec is designed to encrypt data during communication between two computers.
➤
IPSec operates at the network layer of the OSI model and provides security for protocols that operate at higher layers of the OSI model.
➤
L2TP operates at the data-link layer, making it protocol independent.
➤
SSL is a security protocol that is used on the Internet.
➤
Secure websites begin with https:// instead of the http://
. Hypertext
Transfer Protocol over SSL (HTTPS) connections require a browser to establish a secure connection.
➤
Secure SSL connections for web pages are made through port
443 by default.
➤
WEP was the original wireless security standard. WEP encryption techniques were found to be weak, and commonly found utilities were capable of cracking the encryption.
➤
WPA was introduced to address the shortcomings of WEP and offered increased encryption strength and authentication.
➤
802.1x is used by wireless networks to increase security using port controlled access.
➤
Kerberos provides a method to verify the identity of a computer system over an insecure network connection.
➤
The security tokens used in Kerberos are known as
tickets
.
07 2548 ch06 5/16/05 12:30 PM Page 173
➤
PSTN
➤
Modem
➤
ISDN
➤
BRI
➤
PRI
➤
T-carrier
➤
T1/E1
➤
T3/E3
➤
FDDI
➤
X.25
➤
SONET/OC-
x
➤
RAS
➤
SLIP
➤
PPP
➤
CHAP
➤
MS-CHAP
➤
PAP
➤
EAP
➤
SPAP
➤
PPTP
➤
RDP
➤
Security protocol
➤
Encryption
➤
IPSec
➤
L2TP
➤
SSL
➤
Kerberos
➤
VPN
➤
Tickets
173
07 2548 ch06 5/16/05 12:30 PM Page 174
174
1. Which of the following dial-up protocols can use multiple LAN protocols over a link?
❑
❑
❑
❑
A. PPP
B. SLIP
C. IPX/SPX
D. UDP/TCP
2. Which of the following protocols is used with HTTPS?
❑
❑
❑
❑
A. SSH
B. SSL
C. Proxy
D. IPSec
3. What is the total bandwidth available when combining all BRI ISDN communication channels?
❑
❑
❑
❑
A. 128Kbps
B. 64Kbps
C. 96Kbps
D. 1,544Kbps
4. As a remote user, you need to access your company’s private network through the Internet. Which of the following protocols can you use to establish a secure connection?
❑
❑
❑
❑
A. IPX/SPX
B. TCP/IP
C. PPP
D. PPTP
5. Which of the following is an advantage of ISDN over PSTN?
❑
❑
❑
❑
A. ISDN is more reliable.
B. ISDN is cheaper.
C. ISDN is faster.
D. ISDN uses fixed-length packets called cells.
6. Which of the following technologies is associated with dial-up access type?
❑
❑
❑
❑
A. FDDI
B. ISDN
C. Packet switching
D. OCx
07 2548 ch06 5/16/05 12:30 PM Page 175
7. Your company wants to create a secure tunnel between two networks over the Internet. Which of the following protocols would you use to do this?
❑
❑
❑
❑
A. IPX
B. CHAP
C. PPTP
D. SLIP
8. Which of the following protocols is used in thin-client computing?
❑
❑
❑
❑
A. RDP
B. PPP
C. PPTP
D. RAS
9. Which of the following URLs is using SSL?
❑
❑
❑
❑
A. http:ssl//www.comptia.org
B. http://www.comptia.org
C. httpssl://www.comptia.org
D. https://www.comptia.org
10. Which of the following statements best describes the function of a
PPP?
❑
❑
❑
❑
A. It is a secure technology that allows information to be securely downloaded from a website.
B. It is a dial-up protocol used over serial links.
C. It is a technology that allows a secure tunnel to be created through a public network.
D. It provides a public key/private key exchange mechanism.
1. The correct answer is A. The PPP protocol can use multiple LAN protocols such as IPX/SPX, TCP/IP, or NetBEUI.
2. The correct answer is B. HTTPS uses SSL to create secure connections over the Internet. Answer A is incorrect as SSH provides a secure multiplatform replacement for Telnet. Answer C is not valid, and IPSec is designed to encrypt data during communication between two computers.
3. The correct answer is A. BRI ISDN uses two 64Kbps channels that, when combined, offer 128Mbps transfer speeds. None of the other options are valid.
175
07 2548 ch06 5/16/05 12:30 PM Page 176
176
4. The correct answer is D. PPTP is used to establish a secure transmission tunnel over an insecure public network such as the Internet. The other protocols mentioned do not provide secure transmissions over a public network.
5. The correct answer is C. One clear advantage that ISDN has over the
PSTN is its speed. ISDN can combine 64Kbps channels for faster transmission speeds than the PSTN can provide. ISDN is no more or less reliable than the PSTN. ISDN is more expensive than the PSTN.
Answer D describes ATM, not ISDN, thus it is not a valid answer.
6. The correct answer is B. ISDN establishes dial-up connections to initiate the communication session. The other answers are not valid.
7. The correct answer is C. To establish the VPN connection between the two networks, you can use PPTP. IPX is a part of the IPX/SPX protocol suite and associated with NetWare networks. CHAP is not used to create a point-to-point tunnel; it is a authentication protocol.
SLIP is not a secure dial-up protocol.
8. The correct answer is A. The RDP protocol is used in thin-client networking, where only screen, keyboard, and mouse inputs are sent across the line. PPP is a dial-up protocol used over serial links. PPTP is a technology used in VPNs, and RAS is a remote access service.
9. The correct answer is D. You can identify when SSL is used by the s in the URL (in this case, https://www.comptia.org). Answer B is a valid
HTTP URL, but it is not secure. None of the other answers are correct.
10. The correct answer is B. PPP is a protocol that can be used for dial-up connections over serial links. Answer A describes SSL; answer C describes a VPN, and answer D describes PKI.
Bird, Drew and Harwood, Mike.
Network+ Exam Prep
. Que
Publishing, 2004.
Habraken, Joe.
Absolute Beginner’s Guide to Networking,
Edition. Que Publishing, 2003.
Fourth
Davis, Harold.
Absolute Beginner’s Guide to Wi-Fi Wireless
Networking
. Que Publishing, 2004.
08 2548 ch07 5/16/05 12:31 PM Page 177
7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
✓
✓
3.1 Identify the basic capabilities (for example, client support, interoperability, authentication, file and print services, application support, and security) of the following server operating systems to access network resources:
UNIX/Linux/Mac OS X Server
NetWare
✓
✓
Windows
Appleshare IP (Internet Protocol)
3.2 Identify the basic capabilities needed for client workstations to connect to and use network resources (for example, media, network protocols, and peer and server services)
3.3 Identify the appropriate tool for a given wiring task (for example, wire crimper, media tester/certifier, punch down tool, or tone generator)
✓
✓
3.4 Given a remote connectivity scenario composed of a protocol, an authentication scheme, and physical connectivity, configure the connection. Includes connection to the following servers:
UNIX/Linux/MAC OS X Server
NetWare
✓
✓
Windows
Appleshare IP (Internet Protocol)
What you need to know
✓
✓
✓
✓
✓
Identify the main features and characteristics of network operating systems
Understand operating system interoperability and client support
Configure client systems to access network resources
Understand common wiring tools and what tasks can be achieved using them
Configure remote connectivity to a network
08 2548 ch07 5/16/05 12:31 PM Page 178
178
Network operating systems (NOS) are some of the most powerful and complex software products available today. This chapter looks at a number of operating systems that are widely used in today’s network environments.
Even though the Network+ exam does not require that you be an expert in the operating systems discussed in this chapter, a basic knowledge of each is required.
In this chapter, we will also look at the interoperability capabilities of each network operating system and at the range of client support it provides.
However, the information described in this chapter is not intended to provide a complete tutorial in any of the operating systems discussed. Rather, this chapter provides an overview of each operating system, highlighting the areas you can expect to know for the Network+ exam.
Part of the job of a network administrator is to manage the network media.
This chapter reviews some of the common tools used to manage network media.
Finally, configuring client systems to access a network is a common task for administrators. There are several steps that must be completed including establishing the physical connections and protocols. Similarly, this chapter explores the requirements to connect client systems outside the local network. Again, establishing the physical connections and configuring protocols is required.
Early network operating systems provided just the basics in terms of network services, such as file and printer sharing. Today’s network operating systems offer a far broader range of network services; some of these services are used in almost every network environment, and others are used in only a few.
Despite the complexity of operating systems, the basic function and purpose of a network operating system is straightforward: to provide services to the network. The following are some of the most common of these services:
➤
Authentication services
➤
File and print services
➤
Web server services
➤
Firewall and proxy services
08 2548 ch07 5/16/05 12:31 PM Page 179
➤
Dynamic Host Configuration Protocol (DHCP) and Domain Name
System (DNS) services
These are just a few of a large number of services that a network operating system can provide.
The following sections discuss the major operating systems currently in use and how each of them deals with basic services such as authentication, security, and file and print services.
Providing a summary of Linux in a few paragraphs is a difficult task. Unlike other operating systems, each of which has only a single variation, Linux is a freely distributable open source operating system that has many variants called distributions. Each of these distributions offers a slightly different approach to certain aspects of the operating system, such as installation and management utilities. Some of the most common Linux distributions include
Red Hat, SuSE, Debian, and Caldera. In light of the many versions of Linux, if a command or an approach is listed in this section and is not available in the version of Linux you are using, you can look for an equivalent command or approach in your version, and you will very likely find one.
People who are used to working on a Windows-based system will no doubt discover that administration on a Linux system is very different. For instance, authentication information such as a list of users is kept in a text file. This file,
/etc/passwd
, controls who can and cannot log on to the system.
For a user to log on to the system, a valid username and password combination must be supplied. Both of these pieces of information are case sensitive.
Although it is not the most obvious choice for a file and print server platform, Linux can perform the role of a file and print server admirably. In a base configuration, the volumes on a Linux server are not available to network clients. To make them available, one of two file sharing services is commonly used:
➤
—NFS is the original file-sharing system used with Linux. NFS makes it possible for areas of the hard disk on a Linux system to be shared with other clients on the network. Once the share has been established from the client side, the fact that the drive is on another system is transparent to the user.
179
08 2548 ch07 5/16/05 12:31 PM Page 180
180
➤
Samba
—Samba provides Server Message Block functionality so that areas of the Linux server disks can be made available to Windows clients. In much the same way as on Windows servers, Samba facilitates the sharing of folders that can then be accessed by Windows client computers. Samba also makes it possible for Linux printer resources to be shared with Windows clients.
As with the other NOS discussed in this chapter, Linux has a file system permission structure that makes it possible to restrict access to files or directories.
In Linux, each file or directory can be assigned a very basic set of file rights that dictates the actions that can be performed on the file. The basic rights are Read,
Write, and Execute. The rights can be expressed in an alphabetic format (that is, RWX) or a numeric format (777). The rights to a file can be derived from the file ownership, from a group object, or from an “everyone” designator, which covers all users who are authenticated on the server. The Linux file permission structure might not be as sophisticated as those found in other network operating systems, but it is still more than sufficient in many environments.
Printing on a Linux system occurs through a service called the
Line Printer daemon
. The Line Printer functionality can be accessed by any user on the network who is properly authorized and connected. In later versions of
Linux, some distributions have started to provide a more enhanced printing system called the
Common UNIX Printing System
(
CUPS
). Many people, however, still prefer to use the traditional Line Printer system because of its simplicity and efficiency.
If you can think of an application that you might need, chances are that it is available for Linux in some form. As well as highly sophisticated commercial applications produced by large software companies, you can find software for the Linux platform that is written by an equally enthusiastic army of small software development companies and individuals. This means that application support for Linux is on par with, if not greater than, that in other network operating systems, such as NetWare, even if it has not yet reached the levels achieved by Windows server platforms.
In a sense, all applications created for Linux are third-party applications in that Linux itself is only an operating system kernel. The applications that run on this kernel provide Linux with its functionality.
On the assumption that a network server will have a number of requirements, it is common practice for the Linux kernel to be bundled with various applications and provided to customers as a package, which, as discussed earlier, is called a
distribution
.
08 2548 ch07 5/16/05 12:31 PM Page 181
One aspect in which Linux certainly has the edge over other operating systems is that many Linux applications are free. Developed in the same spirit as Linux itself, and in many cases governed by the same licensing types, these free applications can seriously reduce the cost of maintaining a network server. Although it can be said that there are also free server-type applications for
Windows and NetWare, there are certainly not as many of them as there are for Linux. (Note that we are referring to server applications, not applications targeted at workstation or end-user applications.)
Considerable effort has been put into making Linux a very secure network operating system, and those efforts are evident. When it is configured correctly, Linux is a very secure operating system; therefore, it is often used as a company’s firewall server. The following are a few highlights of Linux security:
➤
—As in the other network operating systems, access to resources on a Linux network is controlled through permissions. Access control lists identifying systems and who can access what resources are held in text files such as hosts.deny
and hosts.allow
. Permissions for network resources and services can be assigned to an individual user or to a group of users.
➤
—To access the local system resources or any network resources, user authentication, in the form of a username and a password, is required. The user account information is kept in a text file known as the
/etc/passwd file in the Linux system.
To log on to a Linux server, the user must supply a valid username and password.
Both of these values are case sensitive.
181
➤
File and directory security
—The default file system used by Linux is the EXT2 file system. Like NTFS, which is used with Windows servers,
EXT2 allows administrators to assign permissions to individual files and folders. These permissions are used to control who is allowed access to specific data on the server. A secure server should have permissions set on the important data in the system.
As Linux continues to grow in popularity, it will become an increasingly common sight in server rooms of organizations of all sizes. As a network administrator, you should prepare yourself for
when
you encounter a Linux system—not
if
.
08 2548 ch07 5/16/05 12:31 PM Page 182
182
Of the platforms discussed in this chapter, UNIX and Linux have the most simplistic approach to file system security, although for most environments, this approach is more than sufficient. File permissions can be assigned to either the creator of a file or directory, a group, or the entity “everyone,” which includes any authenticated user.
UNIX and Linux have only three rights that can be assigned. These rights are listed in Table 7.1.
Table 7.1
Right
Read
Write
Execute
File Permissions on UNIX/Linux
Description
Allows files to be listed, opened, and read
Allows files to be created, written to, or modified
Allows files to be executed (that is, run)
The file permissions are listed to the right of the file. The first value specifies whether the file is a file (
-
) or a directory ( d
). The next three values specify the file rights for the user, the next three for the group, and the next three for the “everyone” assignment.
Mac OS is the operating system created for Apple Computer’s line of personal computers. Mac OS has a long history, with the original version being released in 1984 to run on the original Macintosh computer. In 1999, Apple released its last major revision to its aging ‘Classic’ operating system, Mac
OS 9.
The successor to the Classic Mac OS was Mac OS X, a UNIX-like operating system with a friendly and familiar user interface. Successive versions of
Mac OS X have a decimal numeral—for example, Mac OS X.1, X.2, and so on.
Because Mac OS X uses Linux/UNIX technology, most of the previous section on Linux applies to a Mac OS X server.
To identify a version of an operating system installed on any Macintosh computer, click on the Apple menu, and choose About This Mac, or About This Computer. You will see a screen listing the version number of the operating system as well as the amount of RAM installed.
08 2548 ch07 5/16/05 12:31 PM Page 183
As you might expect, the file systems used on Windows-based PCs is different from those used in an Apple system. Instead of the FAT or FAT32 file system, the original Mac file system was Apple’s Macintosh File System
(MFS). MFS was used with earlier Mac versions including Mac OS 1–3.
Mac OS 4 introduced Apple’s Hierarchical File System (HFS). HFS was the primary file system format used on the Macintosh Plus and later models, until Mac OS 8.1, when HFS was replaced by HFS Plus.
HFS+ is the file system most commonly associated with Mac OS X. Like
NTFS, HFS+ includes many enhanced features. HFS+ supports disk quotas, byte-range locking, finder information in metadata, support for hiding file extensions on a per-file basis, and more. One of the more publicized features of HFS+ is journaling. In a journaled file system, the system keeps a log of the hard disk’s main data activity. In case of a crash or other system failure, the file system can retrieve lost data by consulting the “journal” log, restoring the system to its previous state instead of having to go through the lengthy process of rebuilding the data.
When installing the Mac OS on a computer, always choose an HFS+ or HFS+ (journaled) file system type. Other file systems do not properly support metadata and permissions used by the OS.
183
The following is a list of other file systems supported by Mac OS X:
➤
ISO9660
—Mac supports the
ISO9660 file system standard. This is a system-independent file system for read-only data CDs.
➤
MS-DOS
—Mac OS X includes support for MS-DOS file system
(FAT12, FAT16, and FAT32).
➤
NTFS
—Mac OS X includes read-only support for NTFS.
➤
UDF
—UDF (Universal Disk Format) is the filesystem used by DVD-
ROM (including DVD-video and DVD-audio) discs and by many CD-
R/RW packet-writing programs.
When working in a heterogeneous network environment (one that uses different OS platforms), Mac OS X offers a wide-range of support for network file and print services supporting various file sharing protocols. A file sharing protocol is a high-level network protocol that provides the structure and language for file requests between clients and servers. It provides the commands for opening, reading, writing, and closing files across the network.
Each OS has a different protocol used as the file sharing protocol.
08 2548 ch07 5/16/05 12:31 PM Page 184
184
In order for a client to have access to multiple servers running different operating systems, either the client supports the file sharing protocol of each operating system or the server supports the file sharing protocol of each client. Software that adds this capability is very common and enables interoperability between Windows, Macintosh, NetWare, and UNIX platforms.
The following is a list of file sharing protocols supported by Mac OS X:
➤
Apple Filing Protocol (AFP)
—The Apple Filing Protocol (AFP) is an
Apple proprietary protocol for file sharing over the network using
TCP/IP. If you have a Windows NT or Windows 2000\2003 server, you can turn on Apple File Protocol (AFP). AFP is the native Macintosh file sharing protocol and when enabled, Macs will be able to see the server.
➤
Server Message Blocks/ Common Internet File System
(SMB/CIFS)
—Mac OS X includes cross-platform support for
SMB/CFS, the protocols that enable file sharing between network nodes in a Windows environment. Using Mac OS X, Macintosh clients can connect directly to Windows servers thanks to the SMB client built in to the Mac OS. Support for SMB/CFS is supplied by the Samba software package, and installed on all versions of Mac OS X by default. Samba is a networking tool originally designed to integrate Windows file sharing protocol (SMB/CIFS) and UNIX systems on a network. Running on a
UNIX system, it allows Windows to share files and printers on the
UNIX host, and it also allows UNIX users to access resources shared by
Windows systems. Whenever possible, use Mac OS X v10.2 or greater to ensure the best compatibility with Windows file servers. When using the SMB protocol to connect to a Windows 2000 or 2003 file server, make sure that SMB signing (packet signing) is disabled on that server.
➤
Network Filing System (NFS)
—NFS is a file sharing protocol associated with UNIX/Linux systems. Clients using Mac OS X are able to connect to Linux/UNIX servers using NFS, just like the other UNIX stations on the network. NFS can be problematic because file permissions are applied to newly created files and folders on the server based on the user ID and group ID from the client computer, unless otherwise specified by the server administrator.
As with any other OS, Mac OS X has been designed to meet the security needs of today’s businesses. This includes security measures in the local network and security protocols to be used on remote networks.
The most fundamental level of security lies within the operating system itself. Any interaction with the system requires some form of authentication.
08 2548 ch07 5/16/05 12:31 PM Page 185
The first level is
user authentication
Mac OS X implements role-based user accounts. Three account types are available on Mac OS X client machines
(machines not a part of a Windows domain or Mac OS X Server infrastructure), whose options can be configured in the Accounts area in the System
Preferences application.
➤
—The most restricted type of account, limited users might only be able to see certain parts of the file system, and only run applications approved by an administrative user. As of Mac OS X v10.4, system administrators can also restrict network access to lists of approved websites and email addresses.
➤
—Most users on a machine will fall into this category.
Standard users are allowed to run any applications that are installed in directories they have access to, but can only write to their home directories and directories that have been set up for them by a system administrator. Standard users are also restricted from making any configuration changes that affect anything beyond their user account (such as network settings).
➤
—This account type allows the user to make systemwide changes to the machine, change permissions of files and directories they do not directly own, and manage accounts. Every Mac OS X computer must have at least one administrative account.
Being a UNIX-like operating system, Mac OS X naturally inherits a UNIXstyle file system permission system. Every file and folder on the machine has three levels of access with three possible settings each. Persons familiar with
UNIX, Linux, and BSD systems will feel right at home with this environment. Refer to Table 7.1 for details on Mac OS X permissions. Fortunately for those not familiar with the chmod and chown
GNU commands, the MAC
Finder provides an interface for managing permissions in the Get Info window. In the info window for any file or folder on the computer, there is an
Ownership & Permissions area listing all possible permissions variables for the given object. The three levels of access for each file and folder are
Owner, Group, and Everyone (or Other). The owner is usually the user who created the object on the system. Groups are logical collections of users on a machine. On Mac OS X Client machines, groups cannot be created or modified; however, two key groups are automatically created and maintained to assist with machine administration:
➤
All administrator level users automatically belong to the Admin group.
➤
All other users belong to the Staff group.
185
08 2548 ch07 5/16/05 12:31 PM Page 186
186
Once the network operating system of choice for all but a few networks,
NetWare’s popularity has declined significantly over recent years. However,
NetWare is still widely used in many environments, including government and education. The latest version of NetWare, version 6.5, continues
Novell’s tradition of providing feature rich enterprise class network operating systems.
The information this chapter provides on Novell NetWare is intended to apply to
NetWare 6 and 6.5. If you find yourself working on an older version of NetWare, you might find that some of the commands and utilities are different from those discussed here.
One of the features that really put NetWare on the networking map was
Novell Directory Services (NDS). Like Microsoft’s Active Directory, NDS
(which has been around since 1994) is a directory services system that enables network objects to be stored in a database. This database can then be divided and distributed among different servers on the network. These processes are known as
partitioning
(the dividing) and
replication
(the distribution among servers on the network). Although introduced as NDS with NetWare
4.x, Novell has now renamed the product eDirectory and made it platform independent.
Although a detailed understanding of eDirectory is not required for the Network+ exam, working with a NetWare server will most certainly require a thorough knowledge of this product.
Like the other network operating systems, NetWare is a full-featured operating system that offers all the functions required by an organization, including file and print services, DNS and DHCP servers, and FTP and Web servers. NetWare also supports a wide range of third-party hardware and software.
As with all the other network operating systems discussed in this chapter, by default NetWare authentication is performed by using a username and password combination. As well as supplying this information, users also need to tell client software which NDS tree to authenticate to and the location of the user object in the NDS tree. NetWare also supports numerous other authentication mechanisms such as smartcards and biometrics.
08 2548 ch07 5/16/05 12:31 PM Page 187
By default, passwords in NetWare are not case sensitive.
After a user has been validated to the eDirectory tree, an assortment of restrictions is evaluated, including allowed logon times and station restrictions. These prevent users from logging on during restricted times and from certain workstations.
In versions of NetWare up to and including 3.x, NetWare used a system called the
Bindery
to store user, group, and printing information. NDS was introduced with
NetWare 4 to replace the Bindery and has been used on every NetWare version since then, though as mentioned, the product is now called eDirectory.
Information about the user account and what the user can and can’t access is stored in the NDS. For this reason, a copy of the NDS must be available in order for the user to be able to log on. Also, each time a user attempts to access a resource, their authentication status is checked in the NDS to make sure that they are who they say they are, and that they are allowed to access the resource. One benefit of this system is that a user need only log on once in order to be permitted resources anywhere on the network.
For many years, NetWare was considered
the
operating system of choice for providing file and print services. Although that might no longer be the case, many people in the IT industry still see NetWare as primarily a file and print server platform.
NetWare uses a file sharing system in which all areas of the disk are available to all users who have permissions. There is no concept of share points as with
Windows server operating systems, although it is possible for a user to connect to a specific folder on the server if necessary. Instead, users can map a drive to an area of a disk called a
volume
. Only the areas of the volume to which the user has been assigned permissions are available to that user.
In versions of NetWare since 5.1, Novell has offered a service called Novell Storage
Services (NSS). NSS allows for larger volume sizes and improves the performance of file serving.
187
08 2548 ch07 5/16/05 12:31 PM Page 188
188
Novell offers compatibility with various client operating systems by using special software drivers known as
name spaces
to make drives available to clients. Most commonly, the driver that mimics the file properties of
Windows clients, which is called “long,” is used, though NFS is also enabled by default in NetWare 6.x.
File system security on NetWare is the most sophisticated of any of the popular network operating systems. In addition to a full set of file permissions,
NetWare also accommodates file permission inheritance and filters to cancel out that inheritance. For those who are unfamiliar with the various features of NetWare file system security, it can all seem a bit bewildering. When you are used to it, though, you realize that it allows an extremely high level of control over files and directories.
The term
inheritance
is used to describe the process of rights flowing down the folder structure. For example, rights are assigned at the top of the folder structure, and unless they are blocked at a lower level, they flow to the bottom of the structure. All common network operating systems employ file inheritance in one way or another.
At the core of NetWare file system security are the basic permissions. These permissions can be assigned to individual files or, where appropriate, folders.
The file system rights available on a NetWare server are listed in Table 7.2.
Table 7.2
Right
File Permissions on a NetWare Server
Supervisor
Read
Write
Create
Erase
Modify
Filescan
Access Control
Description
Supervisory—implies all rights
Allows the file to be read
Allows the file to be written to
Allows new files to be created
Allows files to be deleted
Allows the attributes of the file to be changed
Allows the file to be viewed
Allows the file permissions to be manipulated
In addition to file permission rights, on a NetWare server, files can also be assigned a range of attributes. These attributes include options such as
Rename Inhibit and Delete Inhibit.
Printing with NetWare can be implemented in a variety of ways.
Traditionally, printers were defined on the server, and print queues were
08 2548 ch07 5/16/05 12:31 PM Page 189 associated with those printers. In NetWare 6, a feature called Novell
Distributed Print Services was introduced, which enables a more dynamic printing environment to be created. NetWare 6 also introduced a new feature called iPrint, which allows users to see graphical maps of the network and point and click to access network devices.
To access a printer on NetWare, clients capture the output that would normally be directed to a local printer port and send it to the network printer.
In early versions of NetWare, this was a process performed by using a command-line utility, called capture
. Today, the process has been hidden behind the graphical interface of the client software and is largely unnoticed.
Although application support will always be a topic of much debate, the reality is that third-party application support for NetWare is not nearly at the same level as it is for the Windows server platforms. NetWare would even have a hard time competing against Linux in this respect. However, many applications are available for NetWare, and you are likely to have a choice of applications for any given purpose.
On a NetWare server, console utilities and drivers are implemented through pieces of software called NetWare Loadable Modules (NLMs). Most NLMs can be loaded and unloaded as needed.
189
Even though third-party support might be lacking, the applications included with the NetWare package provide many of the commonly desired network services. This includes a DHCP server, a DNS server, and a Web server application, as well as a range of other services.
Similar to the other network operating systems, NetWare has many security features to help secure the server and the network. The key areas of
NetWare security include the following:
➤
Resource access
—Resource access in NetWare is controlled, as is everything else related to security, through directory services. For a user to gain access to a network resource—whether it be a file, directory, printer, or server—the appropriate permissions must be applied through the directory. Permissions can be granted to the user, to a group to which the user belongs, or to an eDirectory container object in which the user resides. Rights to objects can be inherited or gained from other user IDs through a process called
security equivalence
.
08 2548 ch07 5/16/05 12:31 PM Page 190
190
➤
User authentication
—As with the other network operating systems, accessing a NetWare server and network resources requires a username and password combination. To log on to a NetWare server, the context of the user must also be specified and, in some instances, the name of the eDirectory or NDS tree must also be provided.
Context
is a term used to refer to the location of an object, in this case the user object, in the eDirectory tree. Without the correct context, the security subsystem is unable to identify the correct user ID and does not grant access to the server. Because the context can be quite complex and the tree name is generally not used except at the point of login, it’s common practice to configure users’ workstations to default to a certain tree and context rather than requiring them to provide this information. This way, a user needs to provide only a username and password.
To gain access to a NetWare server, or more accurately eDirectory or NDS, four pieces of information are normally required: a username, a password, a directory context, and the name of the tree to which the user wants to log in. In addition, you can specify a server name, although this is not required.
➤
File and directory security
—NetWare provides a very comprehensive file and directory permissions system, which allows rights to be assigned to users, groups, and other directory services objects. Rights are inheritable, which means that rights assigned at one file system level flow down through the structure until they reach the end of the file system tree, unless they are countered by an inherited rights mask or by an explicit trustee assignment. Much the same process is used to manage and assign rights within the eDirectory tree, although the actual set of rights that can be assigned is different.
The NetWare console can and should be locked for security purposes. You can lock the NetWare console by using a utility called scrsaver
, which you run from the server command line.
With the proliferation of Microsoft Windows server platforms, you might not actually get to work with a NetWare server. But if you do, you’ll find that there is good reason why NetWare was king of the network operating system hill for so long.
Windows 2000 was the follow-up to the popular Windows NT 4 network operating system, and it quickly established itself as a reliable and robust
08 2548 ch07 5/16/05 12:31 PM Page 191 operating system. Windows 2000 built on the success of its predecessor and offered many improvements and advancements. In 2003, Microsoft released the latest version of its Windows server family of products—the aptly named
Windows Server 2003. Microsoft still currently supports Windows 2000, and many organizations still have Windows 2000 Server systems deployed.
Three different versions of Windows 2000 are available for server platforms:
Windows 2000 Server, Advanced Server, and Datacenter Server. Windows
2000 is also available as a workstation operating system: Windows 2000
Professional. Windows 2000 Professional has the majority of features, capabilities, and strengths of Windows 2000 Server products but omits the server-type network services and capabilities.
Like Windows 2000, there are also a number of versions of Windows Server
2003; Windows Server 2003 Standard Edition, Windows Server 2003
Enterprise Edition, and Windows Server 2003 Datacenter Edition.
Additionally, Windows Server 2003 Web Edition is designed as a platform for Web-based applications and services. Microsoft fully expects that you will mix and match editions of Windows Server 2003 on a network, so interoperability between the editions is seamless.
To make things easier, from this point on, we’ll refer to both Windows 2000 Server and Windows Server 2003 simply as Windows servers, unless there is a need to identify differences between the two.
191
Active Directory is a directory services system, similar in nature to Novell’s eDirectory, which allows network objects such as users and groups to be placed into logical areas of a database. This database can then be distributed among various servers—all of which participate in the Active Directory structure. Because all the network object information is placed in a single database, albeit a distributed one, it can be used by any network application or subsystem, eliminating the need for duplicate information to be held on each server of the network. In the case of Microsoft server operating systems,
Windows 2000 was the first network operating system to take this approach.
Previous to this, user accounts on Windows servers were stored on each server, and special relationships called
trusts
had to be set up in order to allow users on one server to access resources in another. In Active Directory, trusts still exist, though their role is somewhat different.
Windows servers on a network can either be domain controllers or member servers. Domain controllers are servers that have Active Directory installed
08 2548 ch07 5/16/05 12:31 PM Page 192
192
and hold a copy of the Active Directory database. The term
domain
is used to describe a logical section of the Active Directory database. Domain controllers store user account information, so they can provide network authentication. An Active Directory domain can have several domain controllers, with each one having a read/write copy of the Active Directory database. In fact, for fault-tolerant reasons, this is a good strategy to employ.
Active Directory is a complex subject, and much of the information in this section is not needed for the Network+ exam. For further information on Active Directory, refer to Microsoft’s website (www.microsoft.com).
Member servers are not involved in the authentication of network users and do not take part in the Active Directory replication process. Member servers are commonly employed as file and print servers, or with additional software, as database servers, Web servers, firewalls, or servers for other important network services such as DHCP and DNS.
The authentication process facilitated by a Windows server allows users logging on to the network to identify themselves to the Active Directory, and subsequently to access all the network resources to which they have permissions. This means that it is necessary to log on only once to access all the resources on the network. The nature of directory services means that other applications, such as a Web server, can interface with the directory and use the same authentication information.
Microsoft Active Directory uses Kerberos as its native authentication protocol. For more information on Kerberos, refer to Chapter 6, “WAN Technologies, Remote
Access, and Security Protocols.”
Passwords on Windows server operating systems are case sensitive.
In addition to the standard authentication mechanism of usernames and passwords, Windows server platforms also support other authentication systems such as smartcards and biometrics. Implementation of these methods requires additional hardware and software.
08 2548 ch07 5/16/05 12:31 PM Page 193
The provision of file and print sharing services is a mainstay of any network operating systems, and Windows servers are no exception. Windows server systems use a principle called
shares
to make areas of a disk available to users.
These shares can be secured by share permissions that can be used on any file system, along with file and folder permissions if they are resident on New
Technology File System (NTFS) partitions.
In order to use file or folder level permissions on a Windows server system, the disk must be formatted with the NTFS file system. FAT or FAT32 partitions do not support file level permissions, and must rely solely on share permissions to provide security.
193
Both Windows 2000 Server and Windows Server 2003 use the same mechanisms to provide file system security. Rights can be assigned to users, groups, and some special entities, which include the “everyone” assignment. Table
7.3 describes the basic file permissions that can be used with NTFS on
Windows Server platforms.
Table 7.3
Right
Basic File Permissions with NTFS on Windows and Windows Server 2003
Full Control
Modify
Read & Execute
List Folder Contents
Read
Write
Description
Provides all rights
Allows files to be modified
Allows files to be read and executed (that is, run)
Allows the files in a folder to be listed
Allows a file to be read
Allows a file to be written to
An added complexity to file system security on Windows platforms is that the shares created to allow users to access folders across the network can also be assigned a set of permissions. Although these permissions are quite basic
(Full Control, Change, and Read), they must be considered because, when assigned, they are combined with NTFS permissions. The rule in this situation is that the most restrictive permissions assignment applies. For example, if a user connects through a share with Read permission and then tries to access a file to which he has the NTFS Full Control right, the actual permissions would be Read. The most restrictive right (in this case, the Share
Read permission) overrides the other permissions assignment.
08 2548 ch07 5/16/05 12:31 PM Page 194
194
In addition to the basic file sharing and permission systems, Windows server systems also include some advanced features to further enhance the file and server capabilities. These features include the following:
➤
Disk quotas
—The amount of disk space available to a user can be restricted and managed through disk quotas. This is a useful element of control over disk usage.
➤
Encrypting File System (EFS)
—EFS allows files to be encrypted while on the disk, preventing unauthorized access. The main advantage of
EFS is that it keeps the files encrypted even if the user or organization loses physical control of the drives, such as with a laptop computer.
➤
Distributed File System (DFS)
—DFS allows multiple directories on distributed servers to be represented through a single share point, simplifying access for users and administration.
Windows server systems support the FAT, FAT32, and NTFS file systems.
However, if you are configuring a server, you are unlikely to use FAT or
FAT32 as they do not offer any file level security. Also, you need NTFS if you want to take advantage of features such as disk quotas, DFS, EFS, file compression, or auditing. You also need NTFS to support Active Directory.
Client operating systems such as Windows 95, 98, and Me do not support NTFS. You can only create NTFS partitions on Windows XP, Windows NT 4, Windows 2000, and
Windows Server 2003.
Windows client systems often use the FAT32 file system, but on a server, you should always use NTFS unless you have a very good reason not to. With FAT or FAT32, you can only use share level permissions; you cannot protect files or folders directly as you can with NTFS.
Although it is possible to convert a partition formatted with FAT or FAT32, it is recommended that you format a drive as NTFS when you are creating partitions rather than converting at a later date. Drives originally formatted with NTFS have less fragmentation and better performance than those converted from FAT. If you do need to convert a partition, you can use the
CONVERT utility, but the process is one way. Once you have converted from FAT, you can never go back.
08 2548 ch07 5/16/05 12:31 PM Page 195
You can use the
Convert.exe
utility to convert from FAT or FAT32 to NTFS. The syntax is
Convert c:/fs:ntfs /v
.
195
It is recommended that, whenever possible, you format a drive as NTFS when you are creating partitions rather than convert from FAT to NTFS at a later date. Drives originally formatted with NTFS have less fragmentation and better performance than those converted from FAT.
Windows server provides comprehensive print server functionality. Clients are able to connect to printers across the network without the need for locally installed printer drivers. The drivers are stored on the server and downloaded when the user connects to the printer, making it easy to ensure that users are using the latest version of the correct driver.
Printing on a Windows server can be controlled through a permission mechanism similar to that used in file system security, though it is less complex.
Preconfigured groups also allow you to delegate the management of printing functions, which can be a good idea in large environments.
All these features combine to make Windows a very solid choice as a file and print server.
Of all the network operating systems discussed in this chapter, Windows server platforms have the best overall level of support by third-party applications. In addition to having superb third-party application support,
Windows server operating systems come with a complete set of tools and services that satisfy almost every need a company could have from a network operating system. These applications include DNS and DHCP server services, performance-monitoring tools, Web server applications, remote access capabilities, and network monitoring tools.
Windows server operating systems provide a full range of security features that make for very secure network operating systems. Windows Server 2003 is considered more secure than Windows 2000, as it employs a “secure by default” strategy through which unnecessary applications, services, and security configurations are disabled by default. Administrators can then enable applications and services on an as needed basis.
08 2548 ch07 5/16/05 12:31 PM Page 196
196
Watch the Caps Lock
To log on to a Windows server system, a valid username and password are required. The password is case sensitive, but the username is not.
As with any other network operating system, you should make sure that Windows servers are updated with the latest operating systems service packs, patches, and security updates. Without them, your systems might be vulnerable to a range of threats and attacks that might compromise your network.
Authentication security is provided on Windows servers through Kerberos version 5. File system security and encryption are provided through NTFS permissions and EFS. Network communication can be protected by a range of security and authentication protocols, though IPSec (which is discussed in
Chapter 6) is most commonly used on Windows server networks to provide both encryption and authentication for network data.
Mac OS–based computers usually can be counted on to rely on the
AppleShare IP protocol (although, this is very much at the whim of a network administrator with a modern network, as both Mac OS clients and Mac
OS servers support so many other protocols). When connecting Macintosh clients to a server of a different platform, it is often necessary to enable
AppleShare services to provide backward compatibility to older workstations, or to provide effective security.
In the classic versions of the Mac OS, AppleShare functionality was provided by a suite of extensions and control panels providing configuration and core services for this networking protocol. As always, when integrating computers using older software onto a newer network, download and install the latest versions of the AppleShare software from Apple Computer’s website, and make sure that the operating system is up-to-date. Download the latest version of AppleShare from Apple’s support website at http://www.apple.com/support/. Mac OS X computers should be kept up-todate with the Software Update utility accessible via System Preferences.
Although AppleShare IP provides a secure way for a user and server to exchange names and passwords, it is not an encrypted protocol. It is theoretically possible for an IP packet to be intercepted and its contents read by a third party. Therefore, care should be taken when exchanging sensitive data.
Fortunately, AppleShare IP is a pure TCP/IP protocol, so it may be
08 2548 ch07 5/16/05 12:31 PM Page 197
“tunneled” using any variety of encryption methods. The Mac OS itself supports L2TP over IPSec and PPTP, which are capable of encrypting network packets to prevent anyone from reading intercepted packets.
The most important task to be accomplished between the client and server using the AppleShare protocol is authentication. How is the server to know that the user can be trusted to perform operations on files and folders? What if the user is attempting to connect to a non-Apple file server that supports a unique authentication standard?
On connecting to any AppleShare service on any server, the first thing the client does is try to determine what method of authentication the server supports. Can an Apple protocol be used? What about Kerberos, or the
Microsoft authentication protocol? If the server supports more than one authentication method, the user is asked to choose one. The exception is the plain-text method. If the server and client don’t have compatible authentication software installed, a username and password can be exchanged via plain text, if the server has been allowed to support it. However, if any more secure method is available, the plain-text option won’t be given.
Because various software vendors sell servers that support AppleShare IP, clients need to be able to add authentication methods. Recent versions of
AppleShare support user authentication modules, which are simple plug-ins that add authentication methods to a client.
The most common plug-in is the Microsoft UAM, required to connect to
Windows 2000 and 2003 servers. This software comes with the server and is also available for download from Microsoft’s support website. This module allows AppleShare IP clients to use Microsoft’s native Windows authentication protocol, allowing administrators to provide enhanced security by using
SMB services with packet signing turned on, as well as providing secure access to Macintosh clients.
Rather than use the same network operating system on all servers, modern networks often work in multivendor environments, meaning that you might encounter more than one of the major network operating systems functioning on the same network. Although it is completely possible to use a single operating system for all the common network server tasks, in some situations, a more flexible approach is required.
197
08 2548 ch07 5/16/05 12:31 PM Page 198
198
To facilitate such environments, network operating system manufacturers build in features and services that enable their operating systems to coexist on networks with other vendors’ operating systems.
The following sections take a brief look at how well some of the major network operating systems “play” with each other.
In some environments, you might find that both Windows and NetWare servers are deployed. Unfortunately for Novell, an increasing number of these environments are in place to facilitate migration to a completely
Windows-based network.
In some other environments, organizations leverage the power of eDirectory and NetWare for file and print services and use a Windows server product for application hosting. Because it realizes that there will be such environments, Microsoft supplies a range of tools, including the following, to help in the communication between Windows server products and NetWare:
➤
Client Services for NetWare (CSNW)
—CSNW is designed to enable
Windows client systems to access file and print services on a NetWare server. CSNW is installed on a client system and enables only that client to connect to the NetWare server. In effect, CSNW is a Microsoft-provided client for NetWare.
➤
Gateway Services for NetWare (GSNW)
—GSNW is used on
Windows 2000 systems to enable Windows client systems to access resources on a NetWare server. GSNW is installed on the Windows server and enables clients to connect to the NetWare server through it.
As the name suggests, the service enables a Windows server to act as a gateway to the NetWare server. GSNW is not included with Windows
Server 2003. Clients do not need to authenticate against the Novell server directly. Authentication is performed on behalf of all users through the GSNW software.
For Windows Server 2003, Microsoft provides Windows Services for NetWare. This free download is geared more toward facilitating the migration from a
NetWare/eDirectory environment to Active Directory than as a tool for providing longterm integration.
You should understand the functions of CSNW and GSNW for the Network+ exam.
You should also understand where they are installed.
08 2548 ch07 5/16/05 12:31 PM Page 199
In today’s environments, Linux and Windows servers are commonly used together, and therefore, the servers themselves must be capable of communicating. That said, most of that communication is likely to take place with industry standard protocols such as FTP and HTTP, so no additional client software is necessary to communicate between servers under these conditions.
Microsoft provides some degree of integration for UNIX systems via a special add-on pack called Windows Services for UNIX. This add-on pack provides compatibility with the UNIX NFS and a variety of UNIX utilities. The add-on pack can also be used on Linux servers. However, Microsoft states clearly that Windows Services for UNIX has only been tested on a limited number of versions of UNIX and only one version of Linux—Red Hat 8.
NetWare and Linux servers are fully interoperable and are often found together in network environments. For instance, a NetWare file and print server might coexist with a Linux firewall and proxy server. In addition, it is possible, by using eDirectory, to integrate the management of Linux servers into the directory services system in order to streamline administration.
To make these scenarios possible, Linux supports both IPX/SPX, which is required for NetWare 3.x and 4.x, and TCP/IP, which is used in the later
NetWare versions. However, many of the Linux distributions do not natively support IPX/SPX. If you use one of those distributions, you need to download extra software and perform additional configuration.
Because many different client operating systems—including Linux,
Windows, and Macintosh—are used in today’s networks, network operating systems need to provide support for these clients to connect to the network.
Of the three client systems mentioned, Microsoft Windows is by far the most popular. However, in recent years, other platforms have experienced a surge in popularity.
Windows-based servers support all the client software that is used on networks today. Microsoft provides client software for all previous versions of
199
08 2548 ch07 5/16/05 12:31 PM Page 200
200
Windows, allowing for easy client connectivity. In the latest client operating systems such as Windows 2000 Professional and Windows XP Professional, network functionality is tightly integrated into the operating system. On older versions of Windows, additional software might have to be installed to gain the full benefits of network connectivity.
Although you can use a system running Windows XP Home Edition to connect to network resources, you cannot join a domain or log on to Active Directory.
To support Macintosh clients, Windows server platforms include a File
Services for Macintosh service, as well as a Print Services for Macintosh service. These allow Macintosh clients to access shared resources on a Windows server. The aforementioned Windows Services for UNIX provides some client functionality for UNIX and Linux clients connecting to Windows client platforms.
To connect a Windows client system to a Novell network, you can use
Novell-supplied client software or Microsoft’s own client—CSNW. Novell makes its client software available for download from the company’s website.
The client software for current versions of Windows operating systems is called Novell Client for Windows XP/2000.
To connect Windows desktop systems to a NetWare 3.x or 4.x network,
Microsoft NWLink is required on the workstation, as is CSNW or the
Novell client software. NetWare 5.x does not specifically require that clients use NWLink as it also supports TCP/IP. NetWare 6 does not necessarily require client-side software.
Because a Linux workstation uses the same operating system that is running on the server, client support is both integrated and seamless. Linux client systems can access all the resources offered by a Linux server with ease. The most common resources are file sharing, which is normally facilitated through NFS, and printing, which is made available through the Line
Printer daemon (LPD).
08 2548 ch07 5/16/05 12:31 PM Page 201
One of the programs used to increase interoperability between Linux and
Windows clients is Samba. Samba is a software application that enables
Linux servers to easily share resources with Windows workstations. Samba is available free of charge and is commonly installed by default during a Linux installation. Connection to a Samba server requires the use of the Microsoft network client, which is installed by default with most Windows client operating systems.
You might be asked about Samba on the Network+ exam. As discussed in Chapter 5,
TCP/IP, Samba is an implementation of the Server Message Block (SMB)/Common
Internet File System (CIFS) file sharing and access protocols.
201
Part of the role of the network administrator is to expand the network to include new client systems. Many factors are required to connect a client to the network including media, protocols, and services. This section explores the requirements to connect a client system to an existing network.
A client system cannot access the network if it does not have a network card installed. There are several factors to consider when selecting a network card:
➤
Bus compatibility
—Some older systems have only Industry Standard
Architecture (ISA) slots, but most modern systems have either
Peripheral Component Interconnect (PCI) slots or both PCI and ISA slots. Either way, you should verify that there is an expansion slot of the correct type available. Wireless NICs can be installed using a USB adapter.
➤
Type of network
—As mentioned in the discussion on NICs in Chapter
3, “Networking Devices,” unless you are using a networking system other than Ethernet, you should not need to specify another type of
NIC. The exception here is if the client system is being attached using a wireless connection. A Wireless NIC would then be required.
➤
Media compatibility
—Modern LANs use NICs that support UTP cable. There are some out there, however, that still require coaxial connectors and more modern ones might have fiber connectors.
08 2548 ch07 5/16/05 12:31 PM Page 202
202
Besides these criteria, which dictate to a certain extent which NICs you can use, the choice then depends on manufacturer, cost, and requirements. The
NIC might come preinstalled in the system or, as in an increasing number of cases, the NIC might be built on to the system board. In either of these situations, you do not have to install a NIC.
With the NIC installed and functioning, the next step is to connect the PC to the network via network media. This can be simple or complicated, depending on the type of network you are using. The following are some of the factors you should consider when connecting a new system to an existing network:
➤
Connecting to a coaxial network
—The biggest considerationwhen connecting to a coaxial network is that it might be necessary to break the coaxial segment to insert a
Bayonet Neill Concelman (BNC)
T-connector to physically connect the PC. Unfortunately, breaking a coaxial cable segment prevents any device connected to it from working.
This means that if you are adding a computer to a coaxial segment and you need to add a length of cable and a connector, you need to either arrange with network users for a few minutes when the network will be unavailable or add the cable and connector before or after working hours. The good news is that you can leave spare BNC T-connectors in the coaxial cable segment as a just-in-case precaution. Doing so can mean that you can add a system to the coaxial segment without affecting users other than the one whose system you are connecting.
➤
Connecting to a twisted-pair network
—Twisted pair is the easiest of all the network types to connect to. All you need to connect is a cable
(referred to as a
patch cable
) that connects the system to a hub or switch.
In environments that use a structured cable system, the cable can be connected to a wall jack or a jack in a floor box. In a less structured environment, the cable can be run directly between the system and the hub or switch. One item worthy of note is that if you are using a Token
Ring network, you must configure the NIC to work at the correct speed.
Twisted-pair Ethernet networks can accommodate different speeds if the networking hardware supports a speed higher than the base 10Mbps.
Token Ring networks do not offer this function; all devices on the ring must operate at the same speed (4Mbps or 16Mbps). Connecting a system to the network with a NIC configured for the wrong speed prevents the system from communicating on the network, and it might even cause problems with other devices on the segment.
08 2548 ch07 5/16/05 12:31 PM Page 203
➤
—Wireless network connections use radio frequency instead of traditional wire. Connecting a wireless client requires a wireless access point, which provides a bridge between a wired network and the wireless network segment. Wireless standards use RF frequencies of 2.4GHz for 802.11b/g and 5GHz for 802.11a. The wireless client also requires the SSID of the wireless access point and the security settings to connect. Once connected, the wireless client can access the wired network through the AP.
After the physical connection to the network has been established, you need to consider the network protocols to use.
Choosing the correct protocol is an important consideration when configuring a network or adding systems to an existing network. The client and the server must use the same protocol in order for communication to take place.
This section provides a brief summary of the commonly used protocols. For a complete description of the various protocols, refer to Chapter 4, “OSI
Model and Network Protocols.”
➤
—By far the most prevalent of network protocol suites, TCP/IP is available for almost every computing platform and has widespread industry support. The majority of LANs now use TCP/IP as the default protocol. Configuring TCP/IP connectivity requires the use of an IP address, a subnet mask, a default gateway, and possibly Domain Name
Service (DNS) server information and Windows Internet Naming
System (WINS) information.
➤
—Novell invented and implemented IPX/SPX when it introduced NetWare in the 1980s. At that time, TCP/IP was for the most part an academic/military/government protocol, and Novell realized the need for a robust, routable protocol. IPX/SPX is one of the main reasons that Novell owned the networking market through the 1980s and most of the 1990s. IPX/SPX was also easy to install and configure.
Today, TCP/IP has largely displaced IPX. One of the advantages of IPX is that workstation configuration is very simple. Generally speaking, the only item that might need to be configured is the frame type, which determines the format in which data is grouped into the frames that are placed on the network. Older versions of NetWare use a frame type called 802.3, whereas newer versions use a frame type called 802.2.
Fortunately, most client software is capable of detecting the frame type automatically.
203
08 2548 ch07 5/16/05 12:31 PM Page 204
204
➤
AppleTalk
—AppleTalk is aprotocol associated with Apple networks.
The AppleTalk protocol is an established protocol suite having been introduced in the early 1980s, it soon became a viable internetworking protocol. Similar to the IPX/SPX and TCP/IP protocol suites, the
AppleTalk protocol suite is composed of several protocols.
➤
NWLink
—When Microsoft began working on adding support for interoperability with NetWare, it opted to develop its own fully compatible version of Novell’s proprietary IPX/SPX. This development was necessary because earlier versions of NetWare did not support authentication over TCP/IP.
On the Network+ exam, be careful when determining whether connectivity to a
NetWare server is required from a Microsoft client. NWLink is the required protocol because Microsoft does not directly support IPX/SPX. Watch for this same situation in reverse as well: NetWare uses IPX/SPX to communicate with a Windows Server running NWLink.
➤
NetBEUI
—Microsoft chose IBM’s NetBEUI as the protocol for its first networking implementation in the mid-1980s. One of the reasons
Microsoft chose to base its early networking efforts on NetBEUI was the protocol’s simplicity and speed. Microsoft wanted to offer a very simple, easy workgroup configuration. Name resolutions and network addressing, or more accurately naming, are both handled automatically with NetBEUI. There are no configuration issues, other than setting up the NIC and installing NetBEUI as the protocol. Because of NetBEUI’s simplicity, administrators sometimes use it to troubleshoot hard-to-find communication problems between two machines. The simplicity of
NetBEUI also created problems for Microsoft as the 1980s progressed.
NetBEUI is a non-routable protocol, and as networks began to interconnect, Microsoft found its clients stranded within the confines of small LANs.
As mentioned earlier, TCP/IP is by far the most common of the networking protocols in use today. For that reason, the next section takes a more indepth look at configuring client systems to use TCP/IP.
In a TCP/IP network, there are several settings to configure to enable a client system to access peer and server services. Configuring a client system for TCP/IP can be a relatively complex task, or it can be simple. Any complexity involved is related to the possible need to configure TCP/IP manually. The simplicity is related to the fact that TCP/IP configuration can
08 2548 ch07 5/16/05 12:31 PM Page 205 occur automatically via DHCP. Brief explanations of the IP related settings used to connect to a TCP/IP network follow:
➤
—Each system must be assigned a unique IP address so that it can communicate on the network.
➤
—The subnet mask enables the system to determine which portion of the IP address represents the network address and which portion represents the node address.
➤
—The default gateway enables the system to communicate with systems on a remote network, without the need for explicit routes to be defined.
➤
—DNS servers enable dynamic hostname resolution to be performed. It is common practice to have two DNS server addresses defined so that if one server becomes unavailable, the other can be used.
➤
—A WINS server enables Network Basic
Input/Output System (NetBIOS) names to be resolved to IP addresses.
As with DNS servers, it is common practice to enter two WINS server addresses to provide a degree of fault tolerance.
At the very minimum, an IP address and a subnet mask are required to connect to a
TCP/IP network. With just this minimum configuration, connectivity is limited to the local segment, and DNS and WINS resolution are not be possible.
205
There are a number of tools a network administrator might be required to use. Some of these tools (such as the tone generator and locator) can be used for troubleshooting media connections, and others (such as
wire crimpers
and
punchdown
tools) are used to create network cables and connections. In either case, for the Network+ exam, you will be expected to identify the function of various networking tools.
Wire crimpers
are tools that most network administrators will find themselves using at some point. Basically, a wire crimper is a tool that you use to attach media connectors to the ends of cables. For instance, you use one type of wire crimper to attach RJ-45 connectors on Unshielded Twisted Pair (UTP)
08 2548 ch07 5/16/05 12:31 PM Page 206
206
cable, and you use a different type of wire crimper to attach
Bayonet Neill
Concelman
(
BNCs
) to coaxial cabling.
In a sense, you can think of a wire crimper as a pair of special pliers. You insert the cable and connector separately into the crimper, making sure that the wires in the cable align with the appropriate connectors. Then, by squeezing the crimper’s handles, you force metal connectors through the wires of the cable, making the connection between the wire and the connector.
If you do need to make your own cables instead of buying them, it is a good idea to test them before putting them on the network. It only takes a momentary lapse to make a mistake when creating a cable, and you can waste time later trying to isolate a problem in a faulty cable. If you do choose to make your own cables, you should test them with an electronic ‘patch tester’ before installing them on your network.
If you have ever looked in a network closet, you have probably seen a distribution block, more commonly called a patch panel. A
patch panel
is a freestanding or wall-mounted unit with a number of port connections on the front. In a way, it looks like a wall-mounted hub without the light-emitting diodes (LEDs). The patch panel provides a connection point between network equipment such as hubs and switches and the ports to which PCs are connected, which are normally distributed throughout a building.
Behind each of the individual RJ-45 jacks on the patch panel are connectors to which are attached the eight wires from a piece of twisted-pair cable.
These wires are commonly attached to the patch panel by using a tool called a
punchdown tool
. To use the punchdown tool, you place the wires from the cable into the appropriate slots in the back of the patch panel, and then use the tool push the wires firmly down into the slots. The insulation is stripped, and the wire becomes firmly embedded into the connector. Because the connector strips the insulation on the wire, it is known rather grandiosely as an insulation displacement connector (IDC).
A
tone generator
is a device that can save a network installer many hours of frustration. Strangely, the tone generator has a partner that goes wherever it goes but is seldom mentioned: the tone locator. You might hear the tone generator and the tone locator referred to as the
fox and hound
.
08 2548 ch07 5/16/05 12:31 PM Page 207
As you might expect, the purpose of the tone generator is to generate a signal that is transmitted on the wire you are attempting to locate. At the other end, you press the tone locator against individual wires. When it makes contact with the wire that has the signal on it, the locator emits an audible signal or tone.
The tone locator is a useful device, but it does have some drawbacks. First, it often takes two people to operate—one at each end of the cable. Of course, one person could just keep running back and forth; but if the cable is run over great distances, this could be a problem. Second, using the tone generator is a time-consuming process because it must be attached to each cable independently.
A
media tester
, also called a cable tester, is used to test whether a cable is working properly. Any tool that facilitates the testing of a cable can be deemed a cable tester. One of the simplest cable-testing devices is a
multimeter
. By using the continuity setting, you can test for shorts in a length of coaxial cable; or, if you know the correct cable pinouts and have needlepoint probes, you can test twisted-pair cable. Various other single-purpose and multipurpose devices allow you to test cables. Some of these devices tell you if the cable is working correctly and, if it’s not, give you some idea why it’s not.
Because the majority of network cabling is copper based, most of the tools designed to test cabling are designed for copper-based cabling. However, when you test fiber-optic cable, you need an optical tester.
An
optical cable tester
performs the same basic function as a wire media tester, but on optical media. Unlike wire cables, the most common problem with an optical cable is a break in the cable that prevents the signal from reaching the other end. Because of the extended distances that can be covered with fiberoptic cables, degradation is rarely an issue in a fiber-optic LAN environment.
Ascertaining whether a signal reaches the other end of a fiber-optic cable is a relatively easy task, but when you determine that there is a break, the problem becomes locating the break. That’s when you need a tool called an
optical time-domain reflectometer
(
OTDR
). By using an OTDR, you can locate how far along in the cable the break occurs. The connection on the other end of the cable might be the source of the problem, or perhaps there is a break halfway along the cable. Either way, an OTDR can pinpoint the problem.
Unless you work extensively with fiber-optic cable, you’re unlikely to have an
OTDR or even a fiber-optic cable tester in your toolbox. Specialized cabling contractors will have them, though, so knowing that they exist is important.
207
08 2548 ch07 5/16/05 12:31 PM Page 208
208
Hardware loopback connectors
are simple devices that redirect outgoing transmissions from a system directly back into it. Hardware loopback connectors are used in conjunction with diagnostic software for diagnosing transmission problems. Loopback connectors are available for a number of ports, including RJ-45, serial, and parallel ports.
Specifically, a hardware loopback connector loops the outgoing data signal wires back into the system on the incoming data signal line. In effect, it tricks the system into thinking that the PC is sending and receiving data on the network, when in fact the data being sent is just being rerouted back in. Note that in some cases, a hardware loopback connector is referred to as an adapter or a plug.
The hardware loopback adapter checks the electrical signals sent out from the NIC.
The capability to remotely access networks has become an important part of the modern IT infrastructure. All organizations, from the smallest business to the largest corporation, are taking advantage of the potential that remote network access provides. Therefore, today’s network administrators are as likely to be responsible for managing remote network access as they are for
LAN access. Configuring and managing remote access requires knowledge of the protocols and procedures involved in establishing a remote connection.
The following sections explore some of the common considerations in configuring a remote connection, including a discussion of physical connections, protocols (which facilitate the connection), software (which establishes the connection), the dial-up connection method, and security issues.
Despite the network operating system used, they all have remote connection technologies in common. Authentication protocols, physical connections, and such are common to popular OSs.
08 2548 ch07 5/16/05 12:31 PM Page 209
There are many ways to connect to a remote network. Some, such as the Plain
Old Telephone Service (POTS), offer a direct connection between you and the remote host. Others, such as cable and Digital Subscriber Lines (DSL), allow you to connect, but the connection occurs over a public network (the
Internet), which can bring additional considerations such as authentication and security problems. The methods that can be used to establish a remote connection are discussed in Chapter 6. A summary is provided here:
➤
—The PSTN offers by far the most popular method of remote connectivity. A modem and a
POTS line allow for inexpensive and somewhat reliable, if not fast, remote access.
➤
—ISDN is a dial-up technology that works much like the PSTN, but instead of using analog signals to carry the data, ISDN uses digital signals. This makes it faster than the PSTN.
➤
—In an effort to take advantage of the increasing demand for high-speed Internet access, cable TV providers now offer broadband
Internet access over the same connection that is used to carry cable TV signals.
➤
—DSL services are the telecom companies’ broadband offering.
x
DSL (that is, the family of DSL services) comes in many varieties, and as with cable, you need a special modem in order to use it.
➤
—Perhaps the least popular of the connection methods discussed here, satellite provides wireless Internet access; although in some scenarios, a PSTN connection is also required for upstream access. Of the technologies discussed in this section, satellite is the least suitable for remote access.
➤
—Wireless Internet access is provided by a Wireless
Internet Service Provider (WISP). The WISP provides public wireless
Internet access known as hotspots. Hotspots provide Internet access for mobile network devices such as laptops, handheld computers, and cell phones in airports, coffee shops, conference rooms, and so on. A hotspot is created using one or many wireless access points near the hotspot location. A hotspot typically requires a WAP at each location connected to a high speed broadband connection such as DSL, cable Internet, or even T1 connections. The technology is based on the 802.11 standards; typically, 802.11b/g and client systems require only an internal or external wireless adapter.
209
08 2548 ch07 5/16/05 12:31 PM Page 210
210
More information on remote access technologies and Internet technologies can be found in Chapter 6.
When you have decided on the physical aspect of the connection, the next consideration is the protocols that allow you to make a connection to the remote server.
To facilitate a connection between a remote system and a remote access server, common protocols must be used between the systems. Two types of protocols are required to establish a remote connection. You first need to have the protocols that communicate at the data-link layer, including the following:
➤
Point-to-Point Protocol (PPP)
—PPP is actually a family of protocols that work together to provide connection services. PPP enables remote clients and servers to negotiate authentication between devices. PPP can employ a variety of encryption methods to secure transmissions.
➤
Serial Line Internet Protocol (SLIP)
—SLIP is an older connection protocol than PPP, and it was originally designed to enable data to be transmitted via Transmission Control Protocol/Internet Protocol
(TCP/IP) over serial connections in a UNIX environment.
Unfortunately, SLIP does not support encryption or authentication and therefore has largely fallen out of favor. If you have users that employ
SLIP to connect from remote systems, you should move them to PPP connections as soon as possible.
➤
Point-to-Point Protocol over Ethernet (PPPoE)
—PPPoE is a method of using PPP connections over Ethernet. Using PPPoE and a broadband connection such as xDSL or cable Internet access, it is possible for individual users to have authenticated access to high-speed data networks, which provides an efficient way to create a separate connection to a remote server for each user. This strategy allows Internet access and billing on a per-user basis rather than a per-site basis. Users accessing PPPoE connections require the same information as required with standard dial-up phone accounts, including a username and password combination. As with a dial-up PPP service, an Internet service provider (ISP) will most likely automatically assign configuration information such as the IP address, subnet mask, default gateway, and DNS server information.
08 2548 ch07 5/16/05 12:31 PM Page 211
After a data link has established the connection between the devices, LAN protocols are used. This includes TCP/IP, AppleTalk, and IPX/SPX.
Each of these remote access protocols require authentication protocols to complete the connection. Common authentication protocols include MS-CHAP, MS-CHAP v2,
CHAP, PAP, or EAP. Each of these protocols is discussed in Chapter 6.
211
Many remote access products are available; however, Windows RAS is the most likely of these products to appear on the Network+ exam. RAS is reviewed in Chapter 6.
The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.
For the exam, don’t forget these important concepts:
➤
To log on to a Netware server, you might need a username, password, tree, and context.
➤
The following list summarizes the file permissions on Windows server platforms that use the NTFS file system:
Right Description
Full Control
Modify
Read & Execute
List Folder Contents
Read
Write
Provides all rights
Allows files to be modified
Allows files to be read and executed (that is, run)
Allows the files in a folder to be listed
Allows a file to be read
Allows a file to be written to
➤
Valid file permissions on a UNIX/Linux system include Read, Write, and Execute.
➤
On Windows server platforms, you can convert from FAT partitions to
NTFS partitions with the convert command.
08 2548 ch07 5/16/05 12:31 PM Page 212
212
➤
Valid permissions for NetWare systems include Supervisor, Read, Write,
Create, Erase, Modify, Filescan, and Access Control.
➤
The usernames and passwords are case sensitive when logging on to a
Linux system.
➤
CSNW enables Windows-based clients to access file and print services on a NetWare server.
➤
GSNW enables Windows client systems to access resources on a
NetWare server through a Windows server that is acting as a gateway.
➤
Samba enables Linux servers to share resources with Windows workstations.
➤
Authentication
➤
File and print services
➤
Web server services
➤
Novell NetWare
➤
UNIX
➤
Linux
➤
Macintosh
➤
Active Directory
➤
FAT
➤
FAT32
➤
NTFS
➤
NDS
➤
NLMs
➤
NFS
➤
Samba
➤
CSNW
➤
GSNW
08 2548 ch07 5/16/05 12:31 PM Page 213
1. You have been instructed to install a Novell NetWare server on your network. All the other servers are Windows 2000 systems. You want
Windows XP Professional clients to be able to access both the
Windows 2000 servers and the NetWare server. Which of the following strategies could you adopt? (Choose the two best answers.)
❑
❑
❑
❑
A. Install the Novell Client for Windows XP/2000 on each workstation.
B. Install GSNW on the NetWare server.
C. Install GSNW on the Windows XP Professional clients.
D. Install GSNW on one of the Windows 2000 servers.
2. Which of the following is NOT a valid file permission on a UNIX or
Linux system?
❑
❑
❑
❑
A. Read
B. Change
C. Write
D. Execute
3. A user calls to report that he is having problems saving changes to a file held on an NTFS partition of a Windows Server 2003 system. The user is accessing the file through a share called NEWDATA. He has accessed the file before, but has never made any changes to it. Which of the following is NOT a valid reason for the issue the user is experiencing?
❑
❑
❑
❑
A. An inheritance filter is blocking permissions.
B. The user might not have the necessary permissions, but doesn’t realize that.
C. The share permissions might be overriding the NTFS permissions.
D. The NTFS permissions might be overriding the share permissions.
4. Which of the following versions of NetWare use eDirectory or NDS for storing and managing network objects such as user accounts?
(Choose two.)
❑
❑
❑
❑
A. NetWare 3.11
B. NetWare 3.12
C. NetWare 4.11
D. NetWare 6.5
213
08 2548 ch07 5/16/05 12:31 PM Page 214
214
5. A tone generator and locator are commonly referred to as what?
❑
❑
❑
❑
A. Fox and rabbit
B. Fox and hare
C. Fox and hound
D. Fox and dog
6. Which of the following services is required to make the file and print resources of a Linux server available to Windows clients?
❑
❑
❑
❑
A. Squid
B. GSFL
C. FP4Linux
D. Samba
7. Which of the following represent the minimum requirement to access a TCP/IP network? (Choose two.)
❑
❑
❑
❑
❑
A. WINS information
B. Subnet mask
C. DNS information
D. IP address
E. Default gateway
8. What tool would you use when working with an IDC?
❑
❑
❑
❑
A. Wire crimper
B. Media tester
C. OTDR
D. Punchdown tool
9. Which of the following technologies enable individual files on a
Windows server system to be secured against unauthorized access or viewing? (Choose two.)
❑
❑
❑
❑
A. EFS
B. HPFS
C. WINS
D. NTFS
10. As a network administrator, you find yourself working in a wiring closet in which none of the cables have been labeled. Which of the following tools are you most likely to use to locate the physical ends of the cable?
❑
❑
❑
❑
A. Tone generator
B. Wire crimper
C. Punchdown tool
D.
ping
08 2548 ch07 5/16/05 12:31 PM Page 215
1. The correct answers are A and D. To facilitate connection to a
NetWare server from Windows clients, you can install the Novell
Client for Windows XP/2000 on each workstation or install Gateway
Services for NetWare on a Windows 2000 server. Alternatively,
Microsoft supplies a client for NetWare that can be used in place of the Novell provided client. GSNW is a server-based service and would not be installed on the client. Answer B is not valid. GSNW is a
Windows server-based service. You cannot run it on a NetWare server.
For more information, see the section “Operating System
Interoperability,” in this chapter.
2. The correct answer is B. Change is not a permission used on UNIX or
Linux. Read, Write, and Execute are supported.
3. The correct answer is A. NTFS does not provide an inheritance filter system. Therefore, an inheritance filter cannot be the issue. It might be that the user does not have the necessary permissions to edit the file, or it could be that the NTFS or share permissions are preventing the user from accessing the file. When a user accesses a file with NTFS permission on it through a share, the more restrictive of the two permission sets applies. Therefore, either one can override the other.
4. The correct answers are C and D. NDS was introduced with Netware
4.x and has been used on all subsequent versions, although it has since been renamed eDirectory. NetWare 3.x and prior versions of NetWare used a system called the Bindery to store user and account information.
5. The correct answer is C. A tone generator and locator are commonly referred to the fox and hound. None of the other answers are valid.
6. The correct answer is D. Samba is used to provide Windows clients with file and print services from a Linux server. None of the other options are valid.
7. The correct answers are B and D. To log on to a TCP/IP network, you need both the subnet mask and the IP address. Without entering the
DNS and WINS configurations, these services will be unavailable, but you would still be able to log on to the network. Without the gateway configured, the client system would be restricted to the local segment.
8. The correct answer is D. You use a punchdown tool when working with an IDC. All the other tools are associated with making and troubleshooting cables, but they are not associated with IDCs.
215
08 2548 ch07 5/16/05 12:31 PM Page 216
216
9. The correct answers are A and D. Both EFS and NTFS are mechanisms that are used to secure individual files or folders from unauthorized viewing or access. HPFS is the High Performance File System used with the OS/2 operating system. WINS resolves NetBIOS names to the IP address.
10. The correct answer is A. The tone generator tool, along with the tone locator, can be used to trace cables. Crimpers and punchdown tools are not used for locating a cable. The ping utility would be of no help in this situation.
Bird, Drew and Harwood, Mike.
Network+ Exam Prep 2
. Que
Publishing, 2005.
Nemeth, Evi, Garth Snyder, Trent Hein.
Linux Administration
Handbook
. Prentice Hall, 2002.
Williams, G Robert, Mark Walla
. The Ultimate Windows 2000
Systems Administrators Guide.
Addison-Wesley, 2000.
Morimoto, Rand, et al.
Microsoft Windows Server 2003 Unleashed,
Second Edition
. Sams Publishing, 2004.
Frisch, Aleen.
Essential System Administration, Third Edition
.
O’Reilly & Associates, 2002.
Ness, Robyn, Ray, John.
Sams Teach Yourself Mac OS X Panther All
In One
. Sams Publishing, 2004.
Harris, Jeffrey.
Novell NetWare 6.5 Administrator’s Guide
. Novell
Press, 2003.
09 2548 ch08 5/16/05 1:21 PM Page 217
8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
3.5 Identify the purpose, benefits, and characteristics of using a firewall
3.6 Identify the purpose, benefits, and characteristics of using a proxy service
3.7 Given a connectivity scenario, determine the impact on network functionality of a particular security implementation (for example, port blocking/filtering, authentication, and encryption)
3.9 Identify the main characteristics and purpose of extranets and intranets
What you need to know
✓
✓
✓
✓
✓
✓
Understand the function of a firewall in a networked environment
Understand the function of a proxy server in a networked environment
Identify the effects of port blocking
Identify encryption methods
Understand how to create a secure password policy
Identify the purpose of extranets and intranets
09 2548 ch08 5/16/05 1:21 PM Page 218
218
Two important elements of a network security strategy are the use of proxy servers and firewall systems. A firewall system acts as a protective layer to network access by controlling the traffic that passes between the interfaces on a system. Proxy servers allow you to centralize access to the Internet and therefore provide a way to control and monitor network access.
In this chapter, we will also examine how other security measures—such as port blocking, password policies, and encryption—fit into network security strategy. We also take a quick look at the purpose and characteristics of extranets and intranets.
The topics in this chapter focus on some of the logical aspects of network security, in contrast to the physical aspects. Although CompTIA does not specifically mention physical security in the Network+ objectives, you should still be aware of basic physical security measures such as controlling access to equipment and safeguarding backup tapes. You might not get asked directly about these things in the exam, but knowing the difference between physical and logical security measures might help you to better answer or interpret a question.
In today’s network environments, firewalls are being used to protect systems from external as well as internal threats. Although firewalls initially became popular in corporate environments, many home networks with a broadband
Internet connection now also implement a firewall to protect against
Internet borne threats.
Essentially, a firewall is an application, device, system, or group of systems that controls the flow of traffic between two networks. The most common use of a firewall is to protect a private network from a public network such as the Internet. However, firewalls are also increasingly being used as a means to separate a sensitive area of a private network from less-sensitive areas.
At its most basic, a
firewall
is a device (it could be a computer system or a dedicated hardware device) that has more than one network interface and manages the flow of network traffic between those interfaces. How it manages the flow and what it does with certain types of traffic depends on its configuration. Figure 8.1 shows the most basic firewall configuration.
Strictly speaking, a firewall performs no action on the packets it receives besides the basic functions just described. However, in a real-world implementation, a firewall is likely to offer other functionality, such as
Network
Address Translation
(
NAT
) and proxy server services. Without NAT, any host
09 2548 ch08 5/16/05 1:21 PM Page 219 on the internal network that needs to send or receive data through the firewall needs a registered IP address. Although there are such environments, most people have to settle for using a private address range on the internal network and therefore rely on the firewall system to translate the outgoing request into an acceptable public network address.
Unauthorized traffic is blocked
Internet
Firewall
Authorized traffic is allowed through
Figure 8.1
A basic firewall implementation.
Although the fundamental purpose of a firewall is to protect one network from another, you need to configure the firewall to allow some traffic through. If you don’t need to allow traffic to pass through a firewall, you can dispense with it entirely and completely separate your network from others.
A firewall can employ a variety of methods to ensure security. A firewall can use just one of these methods, or it can combine different methods to produce the most appropriate and robust configuration. The following sections discuss the various firewall methods that are commonly used: packet-filtering firewalls, circuit-level firewalls, and application gateway firewalls.
Of the firewall methods discussed in this chapter,
packet filtering
is the most commonly implemented. Packet filtering enables the firewall to examine each packet that passes through it and determine what to do with it, based on the configuration. A packet-filtering firewall deals with packets at the datalink and network layers of the
Open Systems Interconnect
(
OSI
) model. The following are some of the criteria by which packet filtering can be implemented:
➤
IP address
—By using the IP address as a parameter, the firewall can allow or deny traffic, based on the source or destination IP address. For example, you can configure the firewall so that only certain hosts on the internal network are able to access hosts on the Internet. Alternatively, you can configure it so that only certain hosts on the Internet are able to gain access to a system on the internal network.
219
09 2548 ch08 5/16/05 1:21 PM Page 220
220
➤
Port number
—As discussed in Chapter 5, “TCP/IP (Transmission
Control Protocol/Internet Protocol),” the TCP/IP suite uses port numbers to identify which service a certain packet is destined for. By configuring the firewall to allow certain types of traffic, you can control the flow. You might, for example, open port
80 on the firewall to allow
Hypertext Transfer Protocol (HTTP) requests from users on the
Internet to reach the corporate Web server. You might also, depending on the application, open the HTTP Secure (HTTPS) port, port
443
, to allow access to a secure Web server application.
➤
Protocol ID
—Because each packet transmitted with IP has a protocol identifier in it, a firewall can read this value and then determine what kind of packet it is. If you are filtering based on protocol ID, you specify which protocols you will and will not allow to pass through the firewall.
➤
MAC address
—This is perhaps the least used of the packet-filtering methods discussed, but it is possible to configure a firewall to use the hardware-configured MAC address as the determining factor in whether access to the network is granted. This is not a particularly flexible method, and it is therefore suitable only in environments in which you can closely control who uses which MAC address. The Internet is not such an environment.
Circuit-level firewalls
are similar in operation to packet-filtering firewalls, but they operate at the transport and session layers of the OSI model. The biggest difference between a packet-filtering firewall and a circuit-level firewall is that a circuit-level firewall validates TCP and UDP sessions before opening a connection, or circuit, through the firewall. When the session is established, the firewall maintains a table of valid connections and lets data pass through when session information matches an entry in the table. The table entry is removed, and the circuit is closed when the session is terminated.
The
application gateway firewall
is the most functional of all the firewall types.
As its name suggests, the application gateway firewall functionality is implemented through an application. Application gateway firewall systems can implement sophisticated rules and closely control traffic that passes through.
Features of these firewalls can include user authentication systems and the capability to control which systems an outside user can access on the
09 2548 ch08 5/16/05 1:21 PM Page 221 internal network. Some also provide bandwidth control mechanisms.
Because application gateway firewalls operate above the Session layer of the
OSI model, they can provide protection against any software-based network traffic that attempts to pass through them.
The three firewall methods described in this chapter are often combined into a single firewall application. Packet filtering is the basic firewall function. Circuit-level functionality provides NAT, and an application gateway firewall provides proxy functionality. This is a good point to remember for the Network+ exam.
Firewalls are now a common sight in businesses and homes alike. As the
Internet becomes an ever more hostile place, firewalls and the individuals who understand them are likely to become an essential part of the IT landscape.
A proxy service provides management and control over what is now an essential feature of any modern network—Internet access. A
proxy server,
which can be a computer or a dedicated hardware device running proxy service software, acts as an intermediary between a user on the internal network and a service on the external network (normally the Internet). The proxy server takes requests from a user and then performs those requests on behalf of the user. To the external system, the request looks as if it originated from the proxy server, not from the user on the internal network. Figure 8.2 shows how a proxy server fits into a network configuration.
External Interface with registered IP address:
24.67.233.7
Systems on the internal network use a private address range
Reply is forwarded by the proxy server to the requesting client.
192.168.2.3
192.168.2.4
192.168.2.5
221
Internet
Request for a Web page
Firewall
Request is forwarded by the proxy server
Figure 8.2
A proxy server in a typical network configuration.
09 2548 ch08 5/16/05 1:21 PM Page 222
222
A proxy server enables a network to appear to external networks as a single IP address—that of the external network interface of the proxy server.
There are a couple of excellent reasons to implement a proxy server:
➤
To perform NAT functions
—A proxy server can process and execute commands on behalf of clients that have
private
IP addresses. This enables an organization with only one registered IP address to provide
Internet access to a large number of computers. This process is known as IP proxy.
➤
To allow Internet access to be controlled
—Having a centralized point of access allows for a great deal of control over the use of the
Internet. By using the functionality of a proxy server application or by using an add-on feature, proxy servers can filter requests made by clients and either allow or disallow them. You can, for example, implement
uniform resource locator
(
URL
) filtering, which allows or denies users access to certain sites. More sophisticated products can also perform tests on retrieved material, to see if it fits acceptable criteria. Such measures are intended to prevent users from accessing inappropriate Internet web pages. As an “after the event” feature, proxy server applications also normally provide logging capabilities so that Internet usage can be monitored.
The function of a proxy server should not be confused with the function of a firewall, even though some applications integrate the functionality of both. In basic terms, a proxy server is a centralized point of access to the Internet. It also, generally, provides caching capabilities. It does not directly protect the network from attack, though there is some degree of protection from the NAT function that proxy servers typically provide.
Although the most common function of a proxy server is to provide access to the Web for internal clients, that is not its only function. A proxy server, by definition, can be used as an intermediary for anything, not just HTTP requests. Other services can be supported by a proxy server, depending on the proxy server application being used and its configuration. For example, you might configure a proxy server to service HTTP requests (TCP port
80
),
Post Office Protocol 3 (POP3) email retrieval (TCP port
110
), Simple Mail
Transfer Protocol (SMTP) mail sending (TCP port
25
), and HTTPS requests (TCP port
443
). With an understanding of what a proxy server is designed to do, you can look at one additional feature built in to proxy server functionality,
caching
.
09 2548 ch08 5/16/05 1:21 PM Page 223
An additional feature offered by many proxy server applications is caching; such a server is known as a
caching proxy server
. Caching enables the proxy server to store pages that it retrieves as files on disk. Consequently, if the same pages are requested again, they can be provided more quickly from the cache than if the proxy server had to continue going back to the Web server from which the pages were originally retrieved. This approach has two benefits:
Proxy servers are sometimes referred to as
HTTP proxies
or
HTTP proxy servers
. In reality, most proxy servers provide proxy services for multiple protocols, not just
HTTP.
223
➤
Significantly improves performance
—Performance is improved particularly in environments such as a school, where there is a great likelihood that more than one user might retrieve the same page.
➤
Reduces demands on Internet connections
—Because there are fewer requests to the Internet when a caching proxy server is in use, there is a reduced demand on the Internet connection. In some cases, this results in a general speed improvement. In extreme cases, it might even be possible to adopt a less expensive Internet connectivity method because of the lower level of demand.
As with any technology, with caching proxy servers, there are issues to be considered. Sometimes a sizable amount of hard disk space is required to store the cached pages. With the significant decline in the cost of hard disk space over recent years, this is not likely to be much of a problem, but it still needs to be considered.
Another factor is that it’s possible for pages held in the cache to become stale.
As a result, a user might retrieve a page and believe that it is the latest version when, in fact, it has since changed, but the new page has not been updated in the proxy server cache. To prevent this problem, caching proxy servers can implement measures such as aging of cached information so that it is removed from the cache after a certain amount of time. Some proxy applications can also make sure that the page stored in the cache is the same as the page currently available on the Internet. If the page in the cache is the same as the one on the Internet, it is served to the client from the cache. If the page is not the same, the newer page is retrieved, cached, and supplied to the client.
09 2548 ch08 5/16/05 1:21 PM Page 224
224
Before clients can use a proxy server, it is sometimes necessary to configure the client applications to use it, and in other cases, additional client software is needed. In the case of Web browsers, it is sometimes necessary to manually tell the application that it needs to use a proxy server. Figure 8.3 shows
Proxy Settings configuration screen in Microsoft Internet Explorer.
Figure 8.3
The Proxy Settings configuration screen in Internet Explorer.
Other applications besides Web browsers might need to use the proxy server functionality. In some cases, you might need to actually load client software. In essence, this client software modifies elements of the TCP/IP software on the system, to either make it aware of or enable it to cope with the existence of a proxy server. The good news is that the use of proxy servers is now so widespread that applications requiring special client software are becoming increasingly rare.
By now, you might have realized that both firewalls and proxy servers play an important part in the network infrastructure. For that reason, many applications are now available that combine the functionality of both roles. These
firewalling proxy servers
provide a convenient means for an organization to control and secure the access of its network, and at the same time provide the benefits of Internet access to users.
09 2548 ch08 5/16/05 1:21 PM Page 225
Implementing security measures can have a significant impact on the network. How much of an impact it has depends on which security measures are implemented and the habits of the network users. Several security measures are used on networks including port blocking, authentication schemes, encryption, and so on. While in today’s world we may have no choice but to implement these measures, as a network administrator, you’ll need to be aware how they impact the overall network. The following sections help you prepare for this part of the exam.
Port blocking
is one of the most widely used security methods on networks.
Port blocking is associated with firewalls and proxy servers, although it can be implemented on any system that provides a means to manage network data flow, according to data type.
Essentially, when you block a port, you disable the ability for traffic to pass through that port, thereby filtering the traffic. Port blocking is typically implemented to prevent users on a public network from accessing systems on a private network, although it is equally possible to block internal users from external services, and internal users from other internal users, by using the same procedure.
Depending on the type of firewall system in use on a network, you might find that all the ports are disabled (blocked) and that the ones you need traffic to flow through must be opened. The benefit of this strategy is that it forces the administrator to choose the ports that should be unblocked rather than specify those that need to be blocked. This ensures that you allow only those services that are absolutely necessary into the network.
What ports remain open largely depends on the needs of the organization.
For example, the ports associated with the services listed in Table 8.1 are commonly left open.
Table 8.1
Commonly Opened Port Numbers and Their Associated Uses
Port Number Protocol Purpose
21
22
FTP
SSH
File transfers
Secure remote sessions
(continued)
225
09 2548 ch08 5/16/05 1:21 PM Page 226
226
Table 8.1
Commonly Opened Port Numbers and Their Associated Uses
Port Number Protocol Purpose
(continued)
25
53
80
110
123
161
443
3389
SMTP
DNS
HTTP
POP3
NTP
SNMP
HTTPS
RDP
Email sending
Hostname resolution
Web browsing
Email retrieval
Time information
Network Management
Secure Web transactions
Windows Terminal Services or Windows
Remote Desktop
These are, of course, only a few of the services you might need on a network, and allowing traffic from other services to traverse a firewall is as easy as opening the port. Keep in mind, though, that the more ports that are open, the more vulnerable you become to outside attacks. You should never open a port on a firewall unless you are absolutely sure that you need to.
You can obtain a complete list of port numbers and their associated protocols from the Internet Assigned Numbers Authority (IANA), at www.iana.org/assignments/portnumbers.
Before you implement port blocking, you should have a very good idea of what the port is used for. Although it is true that blocking unused ports does not have any impact on internal network users, if the wrong port is blocked, you can create connectivity issues for users on the network.
For instance, imagine that a network administrator was given the task of reducing the amount of spam emails received by his company. He decided to block port
25
, the port used by the Simple Mail Transfer Protocol (SMTP).
He may have succeeded in blocking the spam email, but in the process, he also prevented users from sending email.
As a security mechanism, authentication is provided by every major network operating system and is implemented in all but the most insecure networks.
Its ‘impact on network functionality,’ as stated in item 3.7 of the Network+
09 2548 ch08 5/16/05 1:21 PM Page 227 objectives, is that it will require users to identify themselves to the network.
This process provides two benefits. It secures the network from unauthorized access and provides a degree of accountability for users once they are logged on.
There are three basic categories of authentication used on modern networks:
➤
—The ‘traditional’ authentication method, passwords do a good job of providing security, but users who choose passwords that are too simple to guess can negate their effectiveness. Additionally, passwords can be passed from one person to another, diminishing their role as an accountability mechanism. Although network users will likely be very comfortable with using passwords, you should make them aware of the rules governing password use in your organization. You should also ensure that they understand the electronic policies that will dictate conditions such as password length and expiration times.
➤
—Smartcards, which are normally used in conjunction with a password or personal identification number (PIN), provide a higher level of accountability and access control than passwords. This is because the user has to be in possession of a physical item (the smartcard), as well as information (the password or PIN) in order to gain access.
➤
—Biometrics, which can mean the scanning or verification of some part of your person, is the ultimate ‘proof of person’ authentication technique. As it is almost impossible to fake biometric mediums such as fingerprints or retinal patterns, you can be very sure that someone gaining access to the system biometrically is who they say they are.
Even so, biometric systems typically also use passwords or PIN numbers as an additional measure of security.
Although biometrics and smartcards are becoming more common, they still have a very long way to go before they attain the level of popularity that username and password combinations enjoy. Apart from the fact that usernames and passwords do not require any additional equipment, which practically every other method of authentication does, the username and password process is familiar to users, easy to implement, and relatively secure. For that reason, they are worthy of more detailed coverage than the other authentication systems already discussed.
Passwords are a relatively simple form of authentication in that only a string of characters can be used to authenticate the user. However, how the string of characters is used and which policies you can put in place to govern them make usernames and passwords an excellent form of authentication.
227
09 2548 ch08 5/16/05 1:21 PM Page 228
228
All popular network operating systems include password policy systems that allow the network administrator to control how passwords are used on the system. The exact capabilities vary between network operating systems.
However, generally they allow the following:
➤
Minimum length of password
—Shorter passwords are easier to guess than longer ones. Setting a minimum password length does not prevent a user from creating a longer password than the minimum, although each network operating system has a limit on how long a password can be.
➤
Password expiration
—Also known as the
maximum password age
, password expiration defines how long the user can use the same password before having to change it. A general practice is that a password is changed every month or every 30 days. In high-security environments, you might want to make this value shorter, but you should generally not make it any longer. Having passwords expire periodically is an important feature because it means that if a password is compromised, the unauthorized user will not have access indefinitely.
➤
Prevention of password reuse
—Although a system might be able to cause a password to expire and prompt the user to change it, many users are tempted to simply use the same password again. A process by which the system remembers the last, say, 10 passwords is most secure because it forces the user to create completely new passwords. This feature is sometimes called
enforcing password history
.
➤
Prevention of easy-to-guess passwords
—Some systems have the capability to evaluate the password provided by a user to determine whether it meets a required level of complexity. This prevents users from having passwords such as
password
or
12345678
.
On the Network+ exam, you will need to identify an effective password policy. For example, a robust password policy would include forcing users to change their passwords on a regular basis.
No matter how good a company’s password policy, it is only as effective as the passwords that are created within it. A password that is hard to guess, or
strong
, is more likely to protect the data on a system than one that is easy to guess, or
weak
.
09 2548 ch08 5/16/05 1:21 PM Page 229
To understand the difference between a strong password and a weak one, consider this: A password of six characters that uses only numbers and letters and is not case sensitive has 10,314,424,798,490,535,546,171,949,056 possible combinations. That might seem like a lot, but to a password-cracking program, it’s really not much security. A password that uses eight case-sensitive characters, with letters, numbers, and special characters has so many possible combinations that a standard calculator is not capable of displaying the actual number.
There has always been debate over how long a password should be. It should be sufficiently long that it is hard to break but sufficiently short that the user is able to easily remember it (and type it). In a normal working environment, passwords of 8 characters are sufficient. Certainly, they should be no fewer than 6 characters. In environments where security is a concern, passwords should be 10 characters or more.
Users should be encouraged to use a password that is considered strong
.
A strong password has at least eight characters; has a combination of letters, numbers, and special characters; uses mixed case; and does not form a proper word. Examples might include
3Ecc5T0h and e1oXPn3r
. Such passwords might be secure, but users are likely to have problems remembering them.
For that reason, a popular strategy is to use a combination of letters and numbers to form phrases or long words. Examples include d1eTc0La and tAb1eT0p
. These passwords might not be quite as secure as the preceding examples, but they are still very strong and a whole lot better than the name of the user’s household pet.
One last password-related topic is worth mentioning. A password is effective only if just the intended users have it. As soon as a password is given to someone else, its effectiveness as an authentication mechanism is diminished. As a tool for accountability, the password is almost useless. Passwords are a means of accessing a system and the data on it. Passwords that are known by anyone other than the intended user(s) might as well not be set at all.
229
Encryption
is the process of encoding data so that, without the appropriate unlocking code, the encrypted data can’t be read. Encryption is used as a means of protecting data from being viewed by unauthorized users. If you have ever used a secure website, you have used encryption.
09 2548 ch08 5/16/05 1:21 PM Page 230
230
On private networks, encryption is generally not a very big issue. Modern network operating systems often invisibly implement encryption so that passwords are not transmitted openly throughout the network. On the other hand, normal network transmissions are not usually encrypted, although they can be if the need arises. A far more common use for encryption is for data that is sent across a public network such as the Internet or across wireless networks where outside users might be able to gain access to the data. In both of these cases, there is plenty of opportunity for someone to take the data from the network and then read the contents of the packets. This process is often referred to as
packet sniffing.
By sniffing packets from the network and reading their contents, unauthorized users can gain access to private information. They can also alter the information in the packet. Therefore, the stronger the encryption method that is used, the better protected the data is.
A number of encryption methods are commonly used, including
➤
IP Security (IPSec)
➤
Secure Sockets Layer (SSL)
➤
Triple Data Encryption Standard (3DES)
➤
Pretty Good Privacy (PGP)
For more information on the characteristics of common encryption protocols, refer to Chapter 6, “WAN Technologies, Internet Access, and Security
Protocols.”
Irrespective of which encryption method or protocol is used, network administrators must be aware that providing encryption for network traffic is not without its considerations. These include
➤
Network traffic overhead
—Encrypting data on a network increases the volume of traffic. Even if, as it is with some encryption methods, the size of the data packets that traverse the network do not increase in size, there is often traffic associated with the setup and breakdown of encrypted communication sessions.
➤
Processor Overhead
—While modern encryption protocols are designed to be as lightweight as possible, there is still always an overhead associated with encrypting or decrypting data. In a small environment with just a few computers, this overhead might be negligible, and
09 2548 ch08 5/16/05 1:21 PM Page 231 server or workstation performance might not be affected. In larger environments, however, or with servers that handle very large amounts of network traffic, the overhead associated with encryption must be considered more carefully.
➤
—Not all operating systems support all encryption mechanisms. For example, Microsoft Windows Server 2003 relies on IPSec as the primary means of encryption, and Windows XP
Professional Edition also supports IPSec, as does Windows 2000
Professional. Earlier versions of Windows, such as Windows 98 and
Windows Me, however, do not support IPSec without additional client software.
Another key consideration when using encryption, particularly from a connectivity perspective, is that some operating systems can be configured to deny requests from clients that are not using encryption. This configuration should be implemented only after it has been confirmed that all the client systems can also use encryption. Otherwise, they will not be able to connect to the server.
Public Key Infrastructure (PKI)
—No discussion of encryption would be complete without the inclusion of Public Key Infrastructure, or PKI. PKI provides a mutually accessible certification authority from which encryption protocols such as IPSec and
SSL can obtain, exchange, and transmit keys, in the form of certificates. These certificates then provide a common mechanism by which data can be encrypted and decrypted.
Over recent years, the terms intranet and extranet have established themselves firmly in the IT vocabulary. Even so, many people are still unsure about what exactly defines, or is defined by, either an intranet or an extranet.
The term intranet is commonly used to describe a web-based application or system that provides tools for groups of people to work together collaboratively. The key element of an intranet is that only people within an organization can access it. Intranets are typically hosted, maintained, and operated completely independently from an organization’s external Web presence, even though some of the information provided through both mechanisms might be the same. An example of an intranet is shown in Figure 8.4
231
09 2548 ch08 5/16/05 1:21 PM Page 232
232
Intranet
—Technically speaking, any privately operated network to which external access is restricted could be considered an intranet. In common use terms, though, the description provided in this section is the most common interpretation of the term intranet.
Sales
Department
Marketing
Department
Corporate File Print Server
Sales Intranet
Server
Marketing Intranet
Server
Corporate Email Server
Users access intranet applications from dedicated departmental server
Corporate Database Server
Figure 8.4
An example of an intranet.
Because they are typically accessed using Web browsers, and hosted by Web server applications, intranets rely on protocols such as the Hypertext Transfer Protocol
(HTTP) and File Transfer Protocol (FTP).
Intranets are commonly identified by the following characteristics:
➤
Limited access
—Access to an intranet is normally limited to users, or a sub-group of users, within the organization.
09 2548 ch08 5/16/05 1:21 PM Page 233
➤
—Most intranets operate as Web server–based applications, and so are accessed through a Web browser.
➤
—Although no specific rules define what applications an intranet can host, the most common are collaborative, ‘groupware’ applications.
Any network or application that is accessible from outside the physical and logical boundaries of an organization can be called an
extranet
. This means that any network on which remote access services are provided could, technically, be considered an extranet. Commonly, though, the term extranet is used to describe a system or application, hosted within an organization, which is securely made available to selected individuals or entire organizations outside of the hosting organization.
The key consideration to this model is that the company providing the system controls access to the extranet. In other words, only selected clients and associates are provided with access, and they might even be required to access the extranet over secure virtual private networking (VPN) links.
Contrast this with the model used by, for example, online bookstores, where anyone can access the site, even though a username and password is subsequently required to place or track orders. Although the bookstore could decide to prevent a certain user from accessing the site, they are unlikely to do so. Figure 8.5 shows an example of an extranet.
233
Widget Manufacturing
Internal LAN
ABC Company
Internet
Firewall Firewall
Server
Figure 8.5
An example of an extranet.
Extranet Server
Customers access extranet server over the
Internet
XYZ Company
09 2548 ch08 5/16/05 1:21 PM Page 234
234
Extranets are commonly identified by the following characteristics:
➤
Users are outside of the hosting organization
—Access to the extranet system is made available to individuals and organizations that are not directly affiliated with the host organization.
➤
Only the owner of the system grants access
—Access to the extranet is normally granted and controlled by the operating organization.
➤
Secure
—Extranets are typically secure, and connection to the extranet might require the use of secure communication channels such as a VPN.
Typically, though not exclusively, extranet applications, like intranet applications, are hosted on a Web server and accessed through a Web browser.
The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.
For the exam, don’t forget these important concepts:
➤
Common password policies typically include a minimum length of password, password expiration, prevention of password reuse, and prevention of easy-to-guess passwords.
➤
A password that uses eight case-sensitive characters, with letters, numbers, and special characters, is considered hard to crack, or
strong
.
➤
A firewall is a system or group of systems that controls the flow of traffic between two networks.
➤
A firewall often provides such services as NAT, proxy, and packet filtering.
➤
TCP/IP protocol suite uses port numbers to identify which service a certain packet is destined for. By configuring the firewall to allow certain types of traffic, you can control the flow.
➤
A proxy server acts as an intermediary between a user on the internal network and a service on the external network such as the Internet.
➤
A proxy server enables a network to appear to external networks as a single IP address—that of the external network interface of the proxy server.
09 2548 ch08 5/16/05 1:21 PM Page 235
➤
A proxy server allows Internet access to be controlled; having a centralized point of access allows for a great deal of control over the use of the
Internet.
➤
Port blocking is one of the most widely used security methods on networks. Port blocking is associated with firewalls and proxy servers, although in fact it can be implemented on any system that provides a means to manage network data flow, according to data type.
➤
An intranet is a web-based application that is commonly used to provide groupware and collaboration applications to users within an organization.
➤
An application, normally Web server based, that is made available to external users is classed as an extranet. Because extranets very often use the Internet as an access mechanism, security is of a major concern.
➤
Authentication
➤
Password policy
➤
Firewalls
➤
Packet filtering
➤
Port number
➤
MAC address
➤
Circuit-level firewall
➤
Application gateway firewall
➤
Personal firewalls
➤
Proxy server
➤
NAT
➤
Caching proxy server
➤
Encryption
➤
IPSec
➤
SSL
➤
3DES
➤
PGP
➤
Intranet
➤
Extranet
235
09 2548 ch08 5/16/05 1:21 PM Page 236
236
1. After noticing that there have been several attempts to access your network from the Internet, you decide to block port
53
. Which of the following services is associated with port
53
?
❑
❑
❑
❑
A. WINS
B. DNS
C. SMTP
D. POP3
2. Which of the following statements would you associate with an extranet? (Choose the two best answers.)
❑
❑
❑
❑
A. It is typically hosted by a Web server application and accessed through a Web browser.
B. It is only available to users within an organization.
C. It is used to provide application access to users outside of an organization.
D. Security is generally not a priority.
3. What is the basic reason for implementing a firewall?
❑
❑
❑
❑
A. It reduces the costs associated with Internet access.
B. It provides NAT functionality.
C. It provides a mechanism to protect one network from another.
D. It allows Internet access to be centralized.
4. Which of the following are benefits of using a proxy server? (Choose the three best answers.)
❑
❑
❑
❑
A. It allows costs associated with Internet access to be reduced.
B. It provides a central point of Internet access.
C. It allows Internet access to be controlled.
D. It allows hostnames to be resolved to IP addresses.
5. While on vacation, another system administrator decides to use the firewall to filter out all ports between
50 and
100
. Which of the following services will now be unavailable to network users?
❑
❑
❑
❑
A. HTTP
B. HTTPS
C. POP3
D. DNS
09 2548 ch08 5/16/05 1:21 PM Page 237
6. You are the network administrator for a large company. You have recently been tasked with supplying Internet access to all network users. Which of the following could you do to accomplish this?
❑
❑
❑
❑
A. Implement a firewall
B. Implement a proxy server
C. Enable port
80 on all workstations
D. Disable port
80 on all workstations
7. Which of the following is the strongest password?
❑
❑
❑
❑
A.
B.
C.
D.
password
WE300GO l00Ka1ivE lovethemusic
8. As system administrator, you have been asked to prevent users from using Web-based email during work. Which of the following might you do to accomplish this?
❑
❑
❑
❑
A. Set a password policy on the Web-based email
B. Block port
123
C. Block port
80
D. Configure the proxy server to filter out Web-based email requests
9. Your manager has asked you to look at the feasibility of implementing encryption on your network. Which of the following factors will you
NOT consider as part of your evaluation?
❑
❑
❑
❑
A. Whether to use password or smartcard authentication
B. Network traffic overhead
C. Processor overhead
D. Operating system support
10. You have installed a proxy server on your network and have configured it to allow all the hosts on your internal network to access the Internet through it. None of the users on the internal network can access the
Internet, although they could before. What is the most likely cause of the problem?
❑
❑
❑
❑
A. The proxy server is not configured correctly.
B. The Internet connection is not working.
C. The Web browser on the client system needs to be reconfigured to use a proxy server.
D. The HTTP proxy service is not enabled on the system.
237
09 2548 ch08 5/16/05 1:21 PM Page 238
238
1. The correct answer is B. DNS uses port
53
. WINS uses TCP/IP port
42
. SMTP uses TCP/IP port
25
. POP3 uses TCP/IP port
110
.
2. The correct answers are A and C. Extranets are typically Web server–based applications that are accessed through a Web browser.
Applications on an extranet are made available to users outside the organization. Because they are accessed by outside users, security is a major concern.
3. The correct answer is C. Implementing a firewall allows you to have protection between networks, typically from the Internet to a private network. All the other answers describe functions offered by a proxy server. Note that some firewall systems do offer NAT functionality, but
NAT is not a firewall feature; it is an added benefit of these systems.
4. The correct answers are A, B, and C. A proxy server enables the costs associated with Internet access to be reduced, provides a central point of Internet access, and allows Internet access to be controlled. Answer
D describes the function of a DNS server.
5. The correct answers are A and D. HTTP uses port
80
, and DNS uses port
53
; both of these services would be affected by the filtering.
HTTPS uses port
443
, and POP3 uses port
110
; therefore, these services would be unaffected.
6. The correct answer is B. A proxy server allows a central point through which all network users can access the Internet. A firewall typically does not provide this functionality. Enabling or disabling port
80 on the workstations is not a valid answer.
7. The correct answer is C. Strong passwords include a combination of letters and numbers and upper- and lowercase letters. In this question, answer C is by far the strongest password. Answer A is not a strong password because it is a standard word, contains no numbers, and is all in lowercase. Answer B mixes letters and numbers, and it is not a recognized word, so it is a strong password, although it is not as strong as answer C. Answer D is too easy to guess and contains no numbers.
8. The correct answer is C. Blocking port
80 would prevent users from accessing Web-based email; it would however also block Web access altogether. Setting a password policy would have little effect. TCP/IP port
123 is associated with the Network Time Protocol (NTP).
Blocking port
123 would likely have no effect on a user’s ability to access Web-based email. A proxy server is not used to filter Web-based
09 2548 ch08 5/16/05 1:21 PM Page 239 email. Filtering of this nature would be performed by a firewall.
9. The correct answer is A. The authentication mechanism used on a network does not affect the implementation of encryption. Network traffic overhead, processor overhead, and operating system support are all considerations when implementing encryption.
10. The correct answer is C. In order for Web browsers to access the
Internet through a Web browser, they must often be configured to do so. The Web browsers on client systems must be configured to use the proxy server.
Bird, Drew and Harwood, Mike.
Network+ Exam Prep
. Que
Publishing, 2005.
Habraken, Joe.
Absolute Beginner’s Guide to Networking, Fourth
Edition
. Que Publishing, 2003.
Maiwald, Eric.
Network Security: A Beginner’s Guide, Second Edition
.
McGraw-Hill Osborne Media, 2003.
239
09 2548 ch08 5/16/05 1:21 PM Page 240
10 2548 ch09 5/16/05 12:32 PM Page 241
9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
3.8 Identify the main characteristics of VLANs (virtual local area networks)
3.10 Identify the purpose, benefits, and characteristics of using antivirus software
3.11 Identify the purpose and characteristics of fault tolerance:
✓
✓
✓
✓
Power
Link redundancy
Storage
Services
3.12 Identify the purpose and characteristics of disaster recovery:
✓
✓
✓
✓
Backup/restore
Offsite storage
Hot and cold spares
Hot, warm, and cold sites
What you need to know
✓
✓
✓
✓
✓
✓
✓
Understand the importance of data redundancy
Explain how the various RAID levels function
Understand the difference between fault tolerance and disaster recovery
Understand the various backup strategies
Identify tape rotation strategies
Understand the function of VLANs
Review the function of using antivirus software
10 2548 ch09 5/16/05 12:32 PM Page 242
242
As far as network administration goes, nothing is more important than
fault tolerance
and
disaster recovery
. First and foremost, it is the responsibility of the network administrator to safeguard the data held on the servers and to ensure that when requested, this data is ready to go.
Because both fault tolerance and disaster recovery are such an important part of network administration, they are well represented in the CompTIA
Network+ exam. In that light, this chapter is important both in terms of realworld application as well as the exam itself.
Before diving into the fault tolerant and disaster recovery objectives, we will start this chapter by reviewing the function of virtual LANs (VLANS).
To understand VLANs, it is first necessary to have a basic understanding of how a traditional LAN operates. A standard local area network (LAN) uses hardware such as hubs, bridges, and switches in the same physical segment to provide a connection point for all end node devices. All network nodes are capable of communicating with each other without the need for a router; however, communications with devices on other LAN segments does require the use of a router.
As a network grows, routers are used to expand the network. The routers provide the capability to connect separate LANs and to isolate users into broadcast and collision domains. Using routers to route data around the network and between segments increases
latency
. Latency refers to delays in transmission caused by the routing process.
Virtual LANs (VLANs)
provide an alternate method to segment a network and in the process, significantly increase the performance capability of the network, and remove potential performance bottlenecks. A VLAN is a group of computers that are connected and act as if they are on their own physical network segments, even though they might not be. For instance, suppose that you work in a three-story building in which the advertising employees are spread over all three floors. A VLAN can let all the advertising personnel use the network resources as if they were connected on the same segment. This virtual segment can be isolated from other network segments. In effect, it would appear to the advertising group that they were on a network by themselves.
10 2548 ch09 5/16/05 12:32 PM Page 243
VLANs allow you to create multiple broadcast domains on a single switch. In essence, this is the same as creating separate networks for each VLAN.
243
VLANs offer some clear advantages. Being able to create logical segmentation of a network gives administrators flexibility beyond the restrictions of the physical network design and cable infrastructure. VLANs allow for easier administration because the network can be divided into well-organized sections. Further, you can increase security by isolating certain network segments from others. For instance, you can segment the marketing personnel from finance or the administrators from the students. VLANs can ease the burden on overworked routers and reduce broadcast storms. Table 9.1 summarizes the benefits of VLANs.
802.1q is the Institute of Electrical and Electronics Engineers (IEEE) specification developed to ensure interoperability of VLAN technologies from the various vendors.
Table 9.1
Advantages
Benefits of VLANs
Description
Increased security
Increased performance
Organization
Simplified administration
By creating logical (virtual) boundaries, network segments can be isolated.
By reducing broadcast traffic throughout the network,
VLANs free up bandwidth.
Network users and resources that are linked and communicate frequently can be grouped together in a VLAN.
With a VLAN, the network administrator’s job is easier when moving users between LAN segments, recabling, addressing new stations, and reconfiguring hubs and routers.
You can use several methods to determine VLAN membership or how devices are assigned to a specific VLAN. The following sections describe the common methods of determining how VLAN membership is assigned.
10 2548 ch09 5/16/05 12:32 PM Page 244
244
With
protocol-based VLAN
membership, computers are assigned to VLANs by using the protocol that is in use and the Layer 3 address. For example, this method enables an Internetwork Packet Exchange (IPX) network or a particular Internet Protocol (IP) subnet to have its own VLAN.
It is important to note that although VLAN membership might be based on
Layer 3 information, this has nothing to do with routing or routing functions. The IP numbers are used only to determine the membership in a particular VLAN—not to determine routing.
Port-based VLANs
require that specific ports on a network switch be assigned to a VLAN. For example, ports 1 through 8 might be assigned to marketing, ports 9 through 18 might be assigned to sales, and so on. Using this method, a switch determines VLAN membership by taking note of the port used by a particular packet. Figure 9.1 shows an example of a port-based VLAN.
Ethernet Switch
VLAN 1 (Ports 1-4) VLAN 2 (Ports 5-7)
Figure 9.1
Port-based VLAN configuration.
VLAN 3 (Ports 8-10)
As you might have guessed, the
Media Access Control
(
MAC
) address type of
VLAN assigns membership according to the MAC address of the workstation. To do this, the switch must keep track of the MAC addresses that belong to each VLAN. The advantage of this method is that a workstation computer can be moved anywhere in an office without needing to be reconfigured; because the MAC address does not change, the workstation remains a member of a particular VLAN. Table 9.2 provides examples of MAC address–based VLANs.
10 2548 ch09 5/16/05 12:32 PM Page 245
Table 9.2
MAC Address–based VLANs
MAC Address VLAN
44-45-53-54-00-00
44-45-53-54-13-12
44-45-53-54-D3-01
44-45-53-54-F5-17
3
1
1
2
Description
Sales
Marketing
Administration
Sales
Although the acceptance and implementation of VLANs has been slow, the ability to logically segment a LAN provides a new level of administrative flexibility, organization, and security.
Viruses, spyware, worms, and other malicious code are an unfortunate part of modern computing. In today’s world, an unprotected computer is at high risk of having some form of malicious software installed on the system: A protected system is still at risk; the risk is just lower.
By definition, a
virus
is a program that is self-replicating and operates on a computer system without the user’s knowledge. These viruses will either attach to or replace system files, system executables, and data files. Once in, the virus can perform many different functions. It might completely consume system resources making the system basically too slow to use, it might completely corrupt and down a computer, or it might compromise data integrity and availability.
In order to be considered a virus, the malicious code must meet two criteria:
It must be self-replicating, and it must be capable of executing itself. Three common virus types are listed below:
➤
Boot sector virus
—Boot sector viruses target the boot record of hard disks or floppy disks. In order to boot, floppy disks or hard drives contain an initial set of instructions that start the boot process. Boot sector viruses infect this program and activate when the system boots. This enables the virus to stay hidden in memory and operate in the background.
245
10 2548 ch09 5/16/05 12:32 PM Page 246
246
➤
File viruses
—Very common are the file viruses. File viruses attack applications and program files. This type of virus often targets the .exe,
.com, and .bat by either destroying them, preventing applications to run, or by modifying them and using them to propagate the virus.
Viruses are not necessarily a file virus or a boot sector virus; they can be both. One virus can be designed to both attack the boot sector and the applications.
➤
Macro viruses
—The actual data—such as documents, spreadsheets, and so on—represents the most important and irreplaceable elements on a computer system. Macro viruses are designed to attack documents and files and therefore are particularly nasty.
There are other forms of malicious programs, which by definition are not a virus but still threaten our computer systems.
Trojan horse is a program that appears harmless or even helpful, but after being executed performs an undesirable and malicious action. For instance, a Trojan horse can be a program advertised to be a patch, harmless application such as a calculator or a product upgrade or enhancement. The trick is to fool the user to download and install the program. Once executed, the
Trojan horse can perform the function it was actually designed to do. This might include crashing a system, stealing data, and corrupting data.
Trojan horses are not viruses, as they do not replicate; they are installed by the user mistakenly. Trojan horses are often delivered through email or by downloading applications from the Internet.
Worms are similar to viruses in that they replicate, but they do not require a host file to spread from system to system. The difference between viruses and worms is that a worm does not attach itself to an executable program as do viruses: A worm is self-contained and does not need to be part of another program to propagate itself. This makes a worm capable of replicating at incredible speeds. This can cause significant network slowdowns as the worm spreads.
A worm can do any number of malicious actions, including deleting files and sending documents via email without the user knowing. A worm can also
10 2548 ch09 5/16/05 12:32 PM Page 247 carry another program designed to open a backdoor in the system used by spam senders to send junk mail and notices to a computer. Once this backdoor access is open to the computer, your system, it is vulnerable and open to data theft, modification, or worse.
Spyware is a new threat that can be very hidden and easy to get. Spyware is designed to monitor activity on a computer, such as Web surfing activity, and send that information to a remote source. It is commonly installed along with a free program that might have been downloaded.
Spyware detection software is becoming increasingly popular and given the information that can be stolen, should be considered an important part of a secure system.
One final consideration is that of virus hoaxes. The threat of virus activity is very real, and, as such, we are alerted to it. Some take advantage of this to create elaborate virus hoaxes. Hoaxes will often pop up on the computer screen or arrive in the email warning of a virus or claiming that your system has contracted a virus. These are more annoying than dangerous but serve to confuse and complicate the virus issue.
Malicious code varies by the type of virus and also how they operate. For instance, polymorphic viruses change themselves each time they infect a system. This makes them very difficult to scan for as they are always changing their look. Stealth viruses become part of a program and make it appear as if the program is operating normally when in fact there is a virus at work. This too makes them difficult to scan for.
The threat from malicious code is a very real concern. We need to take the steps to protect our systems, and although it might not be possible to eliminate the threat, it is possible to significantly reduce the threat.
One of the primary tools used in the fight against malicious software is antivirus software. Antivirus software is available from a number of companies, and each offers similar features and capabilities. The following is a list of the common features and characteristics of antivirus software.
➤
Real-time protection
—An installed antivirus program should continuously monitor the system looking for viruses. If a program is downloaded, an application opened, or a suspicious email received, the realtime virus monitor will detect and remove the threat. The virus application will sit in the background and will be largely unnoticed by the user.
➤
Virus scanning
—An antivirus program must be capable of scanning selected drives and disk either locally or remotely. Scans can either be run manually, or they can be scheduled to run at a particular time.
247
10 2548 ch09 5/16/05 12:32 PM Page 248
248
➤
Scheduling
—It is a best practice to schedule virus scanning to occur automatically at a predetermined time. In a network environment, this would typically occur off hours when the overhead of the scanning process won’t impact users.
➤
Live updates
—New viruses and malicious software are released with alarming frequency. It is recommended that the antivirus software be configured to receive virus updates regularly.
➤
Email vetting
—Emails represent one of the primary sources for virus delivery. It is essential to use antivirus software that provides email scanning for both inbound and outbound email.
➤
Centralized management
—If used in a network environment, it is a good idea to use software that supports centralized management of the virus program from the server. Virus updates and configurations only need to be made on the server and not on each individual client station.
Software is only part of the solution in a proactive virus solution. A complete virus protection strategy requires many aspects to help limit the risk of viruses and includes the following:
➤
Develop in-house policies and rules
—In a corporate environment or even a small office, it is important to establish what information can be placed onto a system. For example, should users be able to download programs from the Internet? Can users bring in their own floppy disks or other storage media?
➤
Monitoring virus threats
—With new viruses coming out all the time, it is important to check to see if new viruses have been released and what they are designed to do.
➤
Educate users
—One of the keys to a complete antivirus solution is to train users in virus prevention and recognition techniques. If users know what they are looking for, it can prevent a virus from entering the system or the network.
➤
Back up copies of important documents
—It should be mentioned that no solution is absolute and care should be taken to ensure that the data is backed up. In the event of a malicious attack, redundant information is available in a secure location.
➤
Automate virus scanning and updates
—Today’s antivirus software can be configured to scan and update itself automatically. Because such tasks can be forgotten and overlooked, it is recommended to have these processes scheduled to run at predetermined times.
10 2548 ch09 5/16/05 12:32 PM Page 249
➤
—Email is one of the commonly used virus delivery mechanisms. Antivirus software can be used to check inbound and outbound emails for virus activity.
As far as computers are concerned,
fault tolerance
refers to the capability of the computer system or network to provide continued data availability in the event of hardware failure. Every component within a server, from CPU fan to power supply, has a chance of failure. Some components such as processors rarely fail, whereas hard disk failures are well documented.
Almost every component has fault-tolerant measures. These measures typically require redundant hardware components that can easily or automatically take over when there is a hardware failure.
Of all the components inside computer systems, the one that requires the most redundancy are the hard disks. Not only are hard disk failures more common than any other component but they also maintain the data, without which there would be little need for a network.
In fact, according to recent research, hard disks are responsible for one of every two server hardware failures. This is an interesting statistic to think about.
Making the decision to have
hard disk fault tolerance
on the server is the first step; the second is deciding which fault-tolerant strategy to use. Hard disk fault tolerance is implemented according to different
RAID
(redundant array of inexpensive disks) levels. Each RAID level offers differing amounts of data protection and performance. The RAID level appropriate for a given situation depends on the importance placed on the data, the difficulty of replacing that data, and the associated costs of a respective RAID implementation.
Oftentimes, the cost of data loss and replacement outweigh the costs associated with implementing a strong RAID fault-tolerant solution.
Although it’s given RAID status,
RAID 0
does not actually provide any fault tolerance; in fact, using RAID 0 might even be less fault tolerant than storing all of your data on a single hard disk.
249
10 2548 ch09 5/16/05 12:32 PM Page 250
250
RAID 0 combines unused disk space on two or more hard drives into a single logical volume with data being written to equally sized stripes across all the disks. By using multiple disks, reads and writes are performed simultaneously across all drives. This means that disk access is faster, making the performance of RAID 0 better than other RAID solutions and significantly better than a single hard disk. The downside of RAID 0 is that if any disk in the array fails, the data is lost and must be restored from backup.
Because of its lack of fault tolerance, RAID 0 is rarely implemented. Figure
9.2 shows an example of RAID 0 striping across three hard disks.
Disk 0 Disk 1 Disk 2
ABC
JKL
STU
DEF
MNO
VWX
Figure 9.2
RAID 0 striping without parity.
GHI
PQR
YZ
One of the more common RAID implementations is
RAID 1
. RAID 1 requires two hard disks and uses
disk mirroring
to provide fault tolerance.
When information is written to the hard disk, it is automatically and simultaneously written to the second hard disk. Both of the hard disks in the mirrored configuration use the same hard disk controller; the partitions used on the hard disk need to be approximately the same size to establish the mirror.
In the mirrored configuration, if the primary disk were to fail, the second mirrored disk would contain all the required information and there would be little disruption to data availability. RAID 1 ensures that the server will continue operating in the case of the primary disk failure.
There are some key advantages to a RAID 1 solution. First, it is cheap, as only two hard disks are required to provide fault tolerance. Second, no additional software is required for establishing RAID 1, as modern network operating systems have built-in support for it. RAID levels using striping are often incapable of including a boot or system partition in fault-tolerant solutions. Finally, RAID 1 offers load balancing over multiple disks, which increases read performance over that of a single disk. Write performance however is not improved.
Because of its advantages, RAID 1 is well suited as an entry-level RAID solution, but it has a few significant shortcomings that exclude its use in many
10 2548 ch09 5/16/05 12:32 PM Page 251 environments. It has limited storage capacity—two 100GB hard drives only provide 100GB of storage space. Organizations with large data storage needs can exceed a mirrored solutions capacity in very short order. RAID 1 also has a single point of failure, the hard disk controller. If it were to fail, the data would be inaccessible on either drive. Figure 9.3 shows an example of RAID
1 disk mirroring.
251
Disk 0
ABC
Disk 1
ABC
Figure 9.3
RAID 1 disk mirroring.
An extension of RAID 1 is
disk duplexing
. Disk duplexing is the same as mirroring with the exception of one key detail: It places the hard disks on separate hard disk controllers, eliminating the single point of failure.
Be aware of the differences between disk duplexing and mirroring for the exam.
RAID 5, also known as
disk striping with parity
, uses
distributed parity
to write information across all disks in the array. Unlike the striping used in RAID 0,
RAID 5 includes parity information in the striping, which provides fault tolerance. This parity information is used to re-create the data in the event of a failure. RAID 5 requires a minimum of three disks with the equivalent of a single disk being used for the parity information. This means that if you have three 40GB hard disks, you have 80GB of storage space with the other 40GB used for parity. To increase storage space in a RAID 5 array, you need only add another disk to the array. Depending on the sophistication of the RAID setup you are using, the RAID controller will be able to incorporate the new drive into the array automatically, or you will need to rebuild the array and restore the data from backup.
Many factors have made RAID 5 a very popular fault-tolerant design. RAID
5 can continue to function in the event of a single drive failure. If a hard disk were to fail in the array, the parity would re-create the missing data and
10 2548 ch09 5/16/05 12:32 PM Page 252
252
continue to function with the remaining drives. The read performance of
RAID 5 is improved over a single disk.
There are only a few drawbacks for the RAID 5 solution. These are as follows:
➤
The costs of implementing RAID 5 are initially higher than other faulttolerant measures requiring a minimum of three hard disks. Given the costs of hard disks today, this is a minor concern.
➤
RAID 5 suffers from poor write performance because the parity has to be calculated and then written across several disks. The performance lag is minimal and won’t have a noticeable difference on the network.
➤
When a new disk is placed in a failed RAID 5 array, there is a regeneration time when the data is being rebuilt on the new drive. This process requires extensive resources from the server.
Figure 9.4 shows an example of RAID 5 striping with parity.
Disk 0 Disk 1 Disk 2
3
4
P=(5+3=8)
2
P=(4+3=7)
5
Figure 9.4
RAID 5 striping with parity.
P=(3+2=5)
3
3
Sometimes RAID levels are combined to take advantage of the best of each.
One such strategy is
RAID 10,
which combines RAID levels 1 and 0. In this configuration, four disks are required. As you might expect, the configuration consists of a
mirrored stripe set
. To some extent, RAID 10 takes advantage of the performance capability of a stripe set while offering the fault tolerance of a mirrored solution. As well as having the benefits of each though,
RAID 10 also inherits the shortcomings of each strategy. In this case, the high overhead and the decreased write performance are the disadvantages.
Figure 9.5 shows an example of a RAID 10 configuration. Table 9.3 provides a summary of the various RAID levels.
10 2548 ch09 5/16/05 12:32 PM Page 253
RAID levels 2, 3, and 4 are omitted from this discussion as they are infrequently used and will rarely, if at all, be seen in modern network environments.
253
Disk 0
ABC
GHI
MNO
Disk 1
DEF
JKL
PQR
Data is striped (RAID 0)
ABC DEF
GHI JKL
Data from stripe set is mirrored (RAID 1)
MNO PQR
Disk 2 Disk 3
Figure 9.5
Disks in a RAID 10 configuration.
Table 9.3
RAID
Level
RAID 0
RAID 1
Summary of RAID Levels
Description
Disk striping
Disk mirroring
Advantages
Increased read and write performance.
RAID 0 can be implemented with only two disks.
Provides fault tolerance. Can also be used with separate disk controllers, reducing the single point of failure (called
disk duplexing
).
Disadvantages
Does not offer any fault tolerance.
Required
Disks
Two or more
RAID 1 has a 50% overhead and suffers from poor write performance.
Two
(continued)
10 2548 ch09 5/16/05 12:32 PM Page 254
254
Table 9.3
RAID
Level
RAID 5
RAID 10
Summary of RAID Levels
Description
Disk striping with distributed parity
Striping with mirrored volumes striping;
(continued)
Advantages
Can recover from a single disk failure; increased read performance over a poor write single disk. Disks can be added to the array to increase storage capacity.
Increased performance with striping; offers mirrored fault tolerance.
Disadvantages
May slow down network during regeneration time, and may suffer from performance
High overhead as with mirroring.
Required
Disks
Minimum of three
Four
In addition to providing fault tolerance for individual hardware components, some organizations go the extra mile to include the entire server in the faulttolerant design. Such a design keeps servers and the services they provide up and running. When it comes to server fault tolerance, two key strategies are commonly employed: stand-by servers and server clustering.
Stand-by servers
are a fault-tolerant measure in which a second server is configured identically to the first one. The second server can be stored remotely or locally and set up in a
failover configuration
. In a failover configuration, the secondary server is connected to the primary and ready to take over the server functions at a heartbeat’s notice. If the secondary server detects that the primary has failed, it will automatically cut in. Network users will not notice the transition, as there will be little or no disruption in data availability.
The primary server communicates with the secondary server by issuing special notification notices referred to as
heartbeats
. If the secondary server stops receiving the heartbeat messages, it assume that the primary has died and so assumes the
primary server configuration
.
10 2548 ch09 5/16/05 12:32 PM Page 255
Those companies wanting maximum data availability that have the funds to pay for it can choose to use
server clustering
. As the name suggests, server clustering involves grouping servers together for the purposes of fault tolerance and load balancing. In this configuration, other servers in the cluster can compensate for the failure of a single server. The failed server will have no impact on the network, and the end users will have no idea that a server has failed.
The clear advantage of server clusters is that they offer the highest level of fault tolerance and data availability. The disadvantages are equally clear— cost. The cost of buying a single server can be a huge investment for many organizations; having to buy duplicate servers is far too costly.
Although a failed network card might not actually stop the server or a system, it might as well. A network server that cannot be used on the network makes for server downtime. Although the chances of a failed network card are relatively low, our attempts to reduce the occurrence of downtime have led to the development of a strategy that provides fault tolerance for network connections.
Through a process called
adapter teaming
, groups of network cards are configured to act as a single unit. The teaming capability is achieved through software, either as a function of the network card driver or through specific application software. The process of adapter teaming is not widely implemented; though the benefits it offers are many, so it’s likely to become a more common sight. The result of adapter teaming is increased bandwidth, fault tolerance, and the ability to manage network traffic more effectively. These features are broken down into three sections:
➤
—The basic configuration enables one network card to be configured as the primary device and others as secondary. If the primary adapter fails, one of the other cards can take its place without the need for intervention. When the original card is replaced, it resumes the role of primary controller.
➤
—Because software controls the network adapters, workloads can be distributed evenly among the cards so that each link is used to a similar degree. This distribution allows for a more responsive server because one card is not overworked while another is under worked.
255
10 2548 ch09 5/16/05 12:32 PM Page 256
256
➤
Link aggregation
—This provides vastly improved performance by allowing more than one network card’s bandwidth to be
aggregated
— combined into a single connection. For example, through link aggregation, four 100MBps network cards can provide a total of 400MBps bandwidth. Link aggregation requires that both the network adapters and the switch being used support it. In 1999, the IEEE ratified the
802.3ad standard for link aggregation, allowing compatible products to be produced.
No discussion of fault tolerance can be complete without a look at powerrelated issues and the mechanisms used to combat them. When you’re designing a fault-tolerant system, your planning should definitely include
UPSs (Uninterruptible Power Supplies). A
UPS
serves many functions and is a major part of server consideration and implementation.
On a basic level, a UPS is a box that holds a battery and a built-in charging circuit. During times of good power, the battery is recharged; when the UPS is needed, it’s ready to provide power to the server. Most often, the UPS is required to provide enough power to give the administrator time to shut down the server in an orderly fashion, preventing any potential data loss from a dirty shutdown.
Organizations of all shapes and sizes need UPSs as part of their fault-tolerance strategies. A UPS is as important as any other fault-tolerance measure.
Three key reasons make a UPS necessary:
➤
Data availability
—The goal of any fault-tolerance measure is data availability. A UPS ensures access to the server in the event of a power failure—or at least as long as it takes to save a file.
➤
Protection from data loss
—Fluctuations in power or a sudden power down can damage the data on the server system. In addition, many servers take full advantage of caching, and a sudden loss of power could cause the loss of all information held in cache.
➤
Protection from hardware damage
—Constant power fluctuations or sudden power downs can damage hardware components within a computer. Damaged hardware can lead to reduced data availability while the hardware is being repaired.
10 2548 ch09 5/16/05 12:32 PM Page 257
In addition to keeping a server functioning long enough to safely shut it down, a UPS also safeguards a server from inconsistent power. This inconsistent power can take many forms. A UPS protects a system from the following power-related threats:
➤
—A total failure of the power supplied to the server.
➤
—A spike is a very short (usually less than a second) but very intense increase in voltage. Spikes can do irreparable damage to any kind of equipment, especially computers.
➤
—Compared to a spike, a surge is a considerably longer (sometimes many seconds) but usually less intense increase in power. Surges can also damage your computer equipment.
➤
—A sag is a short-term voltage drop (the opposite of a spike). This type of voltage drop can cause a server to reboot.
➤
—A brownout is a drop in voltage that usually lasts more than a few minutes.
Many of these power-related threats can occur without your knowledge; if you don’t have a UPS, you cannot prepare for them. For the cost, it is worth buying a UPS, if for no other reason than to sleep better at night.
Even the most fault-tolerant networks will fail, which is an unfortunate fact.
When those costly and carefully implemented fault-tolerant strategies do fail, you are left with
disaster recovery
.
Disaster recovery can take on many forms. In addition to real disaster, fire, flood, theft, and the like, many other potential business disruptions can fall under the banner of disaster recovery. For example, the failure of the electrical supply to your city block might interrupt the business function. Such an event, although not a disaster per se, might invoke the disaster recovery methods.
The cornerstone of every disaster recovery strategy is the preservation and recoverability of data. When talking about preservation and recoverability, we are talking about backups. When we are talking about backups, we are likely talking about tape backups. Implementing a regular backup schedule can save you a lot of grief when fault tolerance fails or when you need to recover a file that has been accidentally deleted. When it comes time to
257
10 2548 ch09 5/16/05 12:32 PM Page 258
258
design a backup schedule, there are three key types of backups that are used—full, differential, and incremental.
The preferred method of backup is the
full backup
method, which copies all files and directories from the hard disk to the backup media. There are a few reasons why doing a full backup is not always possible. First among them is likely the time involved in performing a full backup.
A full backup is the fastest way to restore all of the methods discussed here because only one tape, or set of tapes, is required for a full restore.
Depending on the amount of data to be backed up, full backups can take an extremely long time and can use extensive system resources. Depending on the configuration of the backup hardware, this can slow down the network considerably. In addition, some environments have more data than can fit on a single tape. This makes taking a full backup awkward, as someone may need to be there to manually change the tapes.
The main advantage of full backups is that a single tape or tape set holds all the data you need backed up. In the event of a failure, a single tape might be all that is needed to get all data and system information back. The upshot of all this is that any disruption to the network is greatly reduced.
Unfortunately, its strength can also be its weakness. A single tape holding an organization’s data can be a security risk. If the tape were to fall into the wrong hands, all the data can be restored on another computer. Using passwords on tape backups and using a secure offsite and onsite location can minimize the security risk.
For those companies that just don’t quite have enough time to complete a full backup daily, there is the
differential backup
. Differential backups are faster than a full backup, as they back up only the data that has changed since the last full backup. This means that if you do a full backup on a Saturday and a differential backup on the following Wednesday, only the data that has changed since Saturday is backed up. Restoring the differential backup will require the last full backup and the latest differential backup.
10 2548 ch09 5/16/05 12:32 PM Page 259
Differential backups know what files have changed since the last full backup by using a setting known as the
archive bit
. The archive bit flags files that have changed or been created and identifies them as ones that need to be backed up. Full backups do not concern themselves with the archive bit, as all files are backed up regardless of date. A full backup, however, will clear the archive bit after data has been backed up to avoid future confusion.
Differential backups take notice of the archive bit and use it to determine which files have changed. The differential backup does not reset the archive bit information.
If you experience trouble with any type of backup, you should clean the tape drive and then try the backup again. Also visually inspect the tape for physical damage.
259
Some companies have a very finite amount of time they can allocate to backup procedures. Such organizations are likely to use
incremental backups
in their backup strategy. Incremental backups save only the files that have changed since the last full or incremental backup. Like differential backups, incremental backups use the archive bit to determine the files that have changed since the last full or incremental backup. Unlike differentials, however, incremental backups clear the archive bit, so files that have not changed are not backed up.
Full and incremental backups clear the archive bit after files have been backed up.
The faster backup times of incremental backups comes at a price—the amount of time required to restore. Recovering from a failure with incremental backups requires numerous tapes—all the incremental tapes and the most recent full backup. For example, if you had a full backup from Sunday and an incremental for Monday, Tuesday, and Wednesday, you would need four tapes to restore the data. Keep in mind: Each tape in the rotation is an additional step in the restore process and an additional failure point. One damaged incremental tape and you will be unable to restore the data. Table
9.4 summarizes the various backup strategies.
10 2548 ch09 5/16/05 12:32 PM Page 260
260
Table 9.4
Backup Strategies
Backup Type
Full
Differential
Incremental
Advantages
Backs up all data on a single tape or tape set.
Restoring data requires the least amount of tapes.
Faster backups than a full.
Faster backup times.
Disadvantages
Depending on the amount of data, full backups can take a long time.
Data
Backed Up
All files and directories are backed up.
Archive
Bit
Does not use the archive bit, but resets it after data has been backed up.
Uses more tapes than a full backup. Restore process takes longer than a full backup.
Requires multiple disks; restoring data takes more time than the other backup methods.
All files and directories that have changed since the last full or differential backup.
The files and directories that have changed since the last full or incremental backup.
Uses the archive bit to determine the files that have changed, but does not reset the archive bit.
Uses the archive bit to determine the files that have changed, and resets the archive bit.
After you have decided on the backup type you will use, you are ready to choose a
backup rotation
. Several backup rotation strategies are in use—some good, some bad, and some really bad. The most common, and perhaps the best, rotation strategy is the Grandfather, Father, Son rotation (GFS).
The
GFS
backup rotation is the most widely used and for good reason. An example GFS rotation may require 12 tapes: four tapes for daily backups
(son), five tapes for weekly backups (father), and three tapes for monthly backups (grandfather).
Using this rotation schedule, it is possible to recover data from days, weeks, or months previous. Some network administrators choose to add tapes to the monthly rotation to be able to retrieve data even further back, sometimes up to a year. In most organizations, however, data that is a week old is out of date, let alone six months or a year.
10 2548 ch09 5/16/05 12:32 PM Page 261
Many details go into making a backup strategy a success. The following list contains issues to consider as part of your backup plan.
➤
—Consider having backup tapes stored offsite so that in the event of a disaster in a building, a current set of tapes is still available offsite. The offsite tapes should be as current as any onsite and should be secure.
➤
—The goal is to restore the data as quickly as possible, and trying to find the tape you need can be difficult if not marked. Further, it can prevent you from recording over a tape you need.
➤
—Like old cassette tapes, the tape cartridges used for the backups wear out over time. One strategy used to prevent this from becoming a problem is to introduce new tapes periodically into the rotation schedule.
➤
—Never assume that the backup was successful.
Seasoned administrators know that checking backup logs and performing periodic test restores are parts of the backup process.
➤
—From time to time, it is necessary to clean the tape drive. If the inside gets dirty, backups can fail.
A backup strategy must include offsite storage to account for theft, fire, flood, or other disasters.
261
The impact that a failed component has on a system or network depends largely on the pre-disaster preparation and on the recovery strategies used.
Hot and cold spares represent a strategy for recovering from failed components.
Hot spares gives system administrators the ability to quickly recover from component failure—another mechanism to deal with component failure. In a common use, a hot spare enables a RAID system to automatically failover to a spare hard drive should one of the other drives in the RAID array fail. A hot spare does not require any manual intervention—rather, a redundant drive resides in the system at all times, just waiting to take over if another
10 2548 ch09 5/16/05 12:32 PM Page 262
262
drive fails. The hot spare drive will take over automatically, leaving the failed drive to be removed at a later time. Even though hot-spare technology adds an extra level of protection to your system, after a drive has failed and the hot spare has been used, the situation should be remedied as soon as possible.
Hot swapping is the ability to replace a failed component while the system is running. Perhaps the most commonly identified hot-swap component is the hard drive. In certain RAID configurations, when a hard drive crashes, hot swapping allows you simply to take the failed drive out of the server and install a new one.
The benefits of hot swapping are very clear in that it allows a failed component to be recognized and replaced without compromising system availability. Depending on the system’s configuration, the new hardware will normally be recognized automatically by both the current hardware and the operating system. Nowadays, most internal and external RAID subsystems support the hot-swapping feature. Some hot-swappable components include power supplies and hard disks.
The term
cold spare
refers to a component, such as a hard disk, that resides within a computer system but requires manual intervention in case of component failure. A hot spare will engage automatically, but a cold spare might require configuration settings or some other action to engage it. A cold spare configuration will typically require a reboot of the system.
The term cold spare has also been used to refer to a redundant component that is stored outside the actual system but is kept in case of component failure. To replace the failed component with a cold spare, the system would need to be powered down.
Cold swapping refers to replacing components only after the system is completely powered off. This strategy is by far the least attractive for servers because the services provided by the server will be unavailable for the duration of the cold-swap procedure. Modern systems have come a long way to ensure that cold swapping is a rare occurrence. For some situations and for some components, however, cold swapping is the only method to replace a failed component. The only real defense against having to shut down the server is to have redundant components residing in the system.
The term “warm swap” is applied to a device that can be replaced while the system is still running but that requires some kind of manual intervention to disable the device before it can be removed. Using a PCI hot plug is technically a warm-swap strategy because it requires that the individual PCI slot be powered down before the PCI card is replaced. Of course, a warm swap is not as efficient as a hot swap, but it is far and away better than a cold swap.
10 2548 ch09 5/16/05 12:32 PM Page 263
A disaster recovery plan might include the provision for a recovery site that can be brought quickly into play. These sites fall into three categories: hot, warm, and cold. The need for each of these types of sites depends largely on the business you are in and the funds available. Disaster recovery sites represent the ultimate in precautions for organizations that really need it. As a result, they don’t come cheap.
The basic concept of a disaster recovery site is that it can provide a base from which the company can be operated during a disaster. The disaster recovery site is not normally intended to provide a desk for every employee, but is intended more as a means to allow key personnel to continue the core business function.
In general, a cold recovery site is a site that can be up and operational in a relatively short time span, such as a day or two. Provision of services, such as telephone lines and power, is taken care of, and the basic office furniture might be in place, but there is unlikely to be any computer equipment, even though the building might well have a network infrastructure and a room ready to act as a server room. In most cases, cold sites provide the physical location and basic services.
Cold sites are useful if there is some forewarning of a potential problem.
Generally speaking, cold sites are used by organizations that can weather the storm for a day or two before they get back up and running. If you are the regional office of a major company, it might be possible to have one of the other divisions take care of business until you are ready to go; but if you are the one and only office in the company, you might need something a little hotter.
For organizations with the dollars and the desire, hot recovery sites represent the ultimate in fault-tolerance strategies. Like cold recovery sites, hot sites are designed to provide only enough facilities to continue the core business function, but hot recovery sites are set up to be ready to go at a moment’s notice.
A hot recovery site will include phone systems with the phone lines already connected. Data networks will also be in place, with any necessary routers and switches plugged in and turned on. Desks will have desktop PCs installed and waiting, and server areas will be replete with the necessary hardware to support business-critical functions. In other words, within a few hours, the hot site can become a fully functioning element of an organization.
The issue that confronts potential hot-recovery site users is simply that of cost. Office space is expensive at the best of times, but having space sitting
263
10 2548 ch09 5/16/05 12:32 PM Page 264
264
idle 99.9 percent of the time can seem like a tremendously poor use of money. A very popular strategy to get around this problem is to use space provided in a disaster recovery facility, which is basically a building, maintained by a third-party company, in which various businesses rent space.
Space is apportioned, usually, on how much each company pays.
Sitting in between the hot and cold recovery sites is the warm site. A warm site will typically have computers but not configured ready to go. This means that data might need to be upgraded or other manual interventions might need to be performed before the network is again operational. The time it takes to get a warm site operational lands right in the middle of the other two options, as does the cost.
A hot site that mirrors the organization’s production network will be capable of assuming network operations in a moment’s notice. Warm sites have the equipment needed to bring the network to an operational state but require configuration and potential database updates. A cold site has the space available with basic service but typically requires equipment delivery.
The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.
For the exam, don’t forget these important concepts:
➤
RAID 0 uses disk striping over two or more disks but offers no fault tolerance.
➤
RAID 1 uses two disks in a mirrored configuration.
➤
Disk duplexing is a RAID 1 implementation using separate hard disk controllers.
➤
RAID 5 is disk striping with parity, requiring three disks at a minimum.
➤
With a full backup, all data is backed up and data can be restored from a single tape set. Full backups do not use the archive bit but clear it after files have been copied to tape.
➤
With incremental backups, all data changed since the last full or incremental is backed up. The restore procedure requires several tapes: the latest full backup and all incremental tapes since the last full backup.
Incremental uses the archive bit and clears it after a file is saved to disk.
10 2548 ch09 5/16/05 12:32 PM Page 265
➤
With a differential backup, all data changed since the last full backup is backed up. The restore procedure requires the latest full backup tape and the latest differential backup tape. Differential uses the archive bit to determine which files need to be backed up, but does not clear it.
➤
You should use an offsite tape rotation scheme to store current copies of backups in a secure offsite location. A commonly used rotation is the
Grandfather, Father, Son (GFS) rotation.
➤
You should periodically introduce new tapes into the tape rotation and destroy the old tapes.
➤
Two key strategies are commonly employed for server fault tolerance: stand-by servers and server clustering.
➤
VLANs are used to segment networks.
➤
Antivirus software is an essential component in an overall virus prevention strategy.
➤
Hot, warm, and cold spares are designed to replace failed system components.
➤
Hot, warm, and cold sites are designed to provide alternate locations for network operations in the event of a disaster.
➤
RAID
➤
Disk mirroring
➤
Disk duplexing
➤
Disk striping
➤
Full backup
➤
Incremental backup
➤
Differential backup
➤
VLANs
➤
Antivirus
➤
Hot site
➤
Cold site
➤
Warm site
➤
Hot Spare
➤
Cold spare
265
10 2548 ch09 5/16/05 12:32 PM Page 266
266
1. During your lunch break, you rummage around the company’s storage closet and discover two 20GB IDE hard disks and two hard disk controllers. You decide to use the equipment to provide a fault-tolerant solution in one of your company’s existing servers. Which of the following fault-tolerant RAID levels could you implement using this equipment. (Choose two answers.)
❑
❑
❑
❑
A. RAID 0
B. RAID 1
C. Disk duplexing
D. RAID 5
2. Which two types of tape backup methods clear the archive bit after the backup has been completed?
❑
❑
❑
❑
A. Full
B. Differential
C. Incremental
D. GFS
3. You come in to work on Thursday morning to find that the server has failed and you need to restore the data from backup. You had finished a full backup on Sunday and incremental backups on Monday, Tuesday, and Wednesday. How many tapes are required to restore the backup?
❑
❑
❑
❑
A. 4
B. 2
C. 3
D. 5
4. In the server room you find a box with five 15GB hard disks. If you were to implement a RAID 5 solution using all five disks, how much storage space would you have for the actual data?
❑
❑
❑
❑
A. 75GB
B. 60GB
C. 30GB
D. 45GB
5. Which of the following RAID levels offers the greatest read and write performance?
❑
❑
❑
❑
❑
A. RAID 0
B. RAID 1
C. Disk duplexing
D. RAID 5
E. RAID 10
10 2548 ch09 5/16/05 12:32 PM Page 267
6. Which of the following recovery sites might require the delivery of computer equipment and an update of all network data?
❑
❑
❑
❑
A. Cold site
B. Warm site
C. Hot site
D. None of the above
7. As part of your network administrative responsibilities, you have completed your monthly backups. As part of backup best practices, where should the tapes be stored?
❑
❑
❑
❑
A. In a secure location in the server room
B. In a secure onsite location in the building
C. In an offsite location
D. In a secure offsite location
8. As network administrator, you have been tasked with designing a disaster recovery plan for your network. Which of the following might you include in a disaster recovery plan?
❑
❑
❑
❑
A. RAID 5
B. Offsite tape backup
C. Mirrored hard disks
D. UPS
9. Which of the following power-related problems is associated with a short-term voltage drop?
❑
❑
❑
❑
A. Surge
B. Brownout
C. Sag
D. Spike
10. As a network administrator, you have been asked to implement a RAID solution that offers high performance. Fault tolerance is not a concern.
Which RAID level are you likely to use?
❑
❑
❑
❑
❑
A. RAID 0
B. RAID 1
C. RAID 2
D. RAID 5
E. RAID 10
267
10 2548 ch09 5/16/05 12:32 PM Page 268
268
1. The correct answers are B and C. Using the equipment that you found, it would be possible to implement RAID 1, as there are two hard disks for the mirror configuration. You could also implement disk duplexing, as there was an additional hard disk controller. Answer A is incorrect as RAID 0 is not a fault-tolerant RAID level. Answer D is incorrect because RAID 5 requires a minimum of three disks.
2. The correct answers are A and C. The archive bit is reset after a full backup and an incremental backup. Answer B is incorrect as the differential backup does not reset the archive bit and answer D is wrong because GFS is a rotation strategy, not a backup method.
3. The correct answer is A. Incremental backups save all files and directories that have changed since the last full or incremental backup. To restore, you need the latest full backup and all incremental tapes. In this case, you need four tapes to complete the restore process.
4. The correct answer is B. RAID 5 uses distributed parity. The parity information is spread across all disks and requires the equivalent space of a single hard disk. In this example, there are five 15GB disks, giving a total of 75GB of storage. 15GB is required for the parity information, leaving 60GB for saving actual data.
5. The correct answer is A. Although not a fault-tolerant RAID level,
RAID 0 offers the best performance of any RAID level. Other RAID levels do offer some performance improvements over a single disk; their fault-tolerant considerations inhibit the write operations.
6. The correct answer is A. A cold site provides an alternate location but typically not much more. A cold site will often require the delivery of computer equipment and other services.
7. The correct answer is D. Although not always done, it is a best practice to store tape backups in a secure offsite location in case of fire or theft.
Answer A is incorrect because if the server room is damaged by fire or flood, the tapes and the data on the server can be compromised by the same disaster. Similarly, answer B is incorrect because storing the backups onsite does not eliminate the threat of a single disaster destroying the data on the server and tapes. Answer C is incorrect for security reasons. The offsite tapes must be secured.
8. The correct answer is B. Offsite tape storage is part of a disaster recovery plan. The other answers listed are considered fault tolerance measures as they are implemented to ensure data availability.
10 2548 ch09 5/16/05 12:32 PM Page 269
9. The correct answer is C. A sag is a short-term voltage drop. A brownout is also a voltage drop, but it lasts longer than a sag. A surge is an increase in power that lasts a few seconds. A spike is a power increase that lasts a few milliseconds.
10. The correct answer is A. RAID 0 offers the highest level of performance but does not offer any fault tolerance. If the performance of
RAID 0 is required and so is fault tolerance, RAID 10 is a better choice. RAID 1 offers fault tolerance but no increase in performance.
Bird, Drew and Harwood, Mike.
Network+ Prep
. Que Publishing,
2004.
Habraken, Joe.
Absolute Beginner’s Guide to Networking, Fourth
Edition
. Que Publishing, 2003.
269
10 2548 ch09 5/16/05 12:32 PM Page 270
11 2548 ch10 5/16/05 12:33 PM Page 271
10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
4.1 Given a troubleshooting scenario, select the appropriate network utility from the following:
✓
✓
✓
✓
tracert/traceroute ping arp netstat
✓
✓
✓
✓
nbtstat ipconfig/ifconfig winipcfg nslookup/dig
4.2 Given output from a network diagnostic utility (for example, those utilities listed in objective 4.1), identify the utility and interpret the output
4.3 Given a network scenario, interpret visual indicators (for example, link LEDs [Light
Emitting Diode] and collision LEDs [Light Emitting Diode]) to determine the nature of a stated problem
4.4 Given a troubleshooting scenario involving a client accessing remote network services, identify the cause of the problem (for example, file services, print services, authentication failure, protocol configuration, physical connectivity, and SOHO [Small Office/Home
Office] router)
4.5 Given a troubleshooting scenario between a client and the following server environments, identify the cause of a stated problem:
✓
✓
UNIX/Linux/Mac OS X Server
Netware
✓
✓
Windows
Appleshare IP (Internet Protocol)
What you need to know
✓
✓
✓
✓
Use various TCP/IP troubleshooting tools including
ping
,
tracert
,
traceroute
,
arp
,
netstat
,
nbtstat
,
ipconfig
,
ifconfig
,
winipcfg
,
nslookup
, and
dig
. Interpret the output from these tools.
Interpret visual indicators such as LEDs on network devices to help troubleshoot connectivity problems.
Understand the most common causes of remote connectivity issues, including troubleshooting of Internet access mechanisms such as Cable, DSL, and Dial-Up.
Identify the cause and remedy for common network client connectivity issues such as authentication failure, permissions issues, and incorrect protocol configurations.
11 2548 ch10 5/16/05 12:33 PM Page 272
272
For anyone working with TCP/IP networks, troubleshooting connectivity is something that is simply going to have to be done. This chapter identifies the tools that are used in the troubleshooting process and identifies scenarios in which these tools can be used.
In addition, the chapter covers troubleshooting in remote connectivity scenarios and troubleshooting client connectivity on networks.
Many utilities can be used when troubleshooting TCP/IP. Although the actual utilities available vary from platform to platform, the functionality between platforms is quite similar. Table 10.1 lists the TCP/IP troubleshooting tools covered in the Network+ exam along with their purpose.
Table 10.1
Common TCP/IP Troubleshooting Tools and Their Purpose
Tool tracert/ traceroute ping arp netstat nbtstat ipconfig ifconfig winipcfg nslookup
/
dig
Purpose
Used to track the path a packet takes as it travels across a network.
tracert
is used on Windows systems,
traceroute
is used on
UNIX, Linux, and Macintosh systems.
Used to test connectivity between two devices on a network.
Used to view and work with the IP address to MAC address resolution cache.
Used to view the current TCP/IP connections on a system.
Used to view statistics related to NetBIOS name resolutions, and to see information about current NetBIOS over TCP/IP connections.
Used to view and renew TCP/IP configuration on a Windows system.
Used to view TCP/IP configuration on a UNIX, Linux or Macintosh system.
Graphical tool used to view TCP/IP configuration on Windows 95,
98, and Me.
Used to perform manual DNS lookups.
nslookup
can be used on
Windows, UNIX, Macintosh, and Linux systems.
dig
can only be used on UNIX, Linux, and Macintosh systems.
11 2548 ch10 5/16/05 12:33 PM Page 273
The following sections look in more detail at these utilities and the output they produce.
Many of the utilities discussed in this chapter have a help facility that can be accessed by typing the command followed by a
/?
or a
-?
. On a Windows system, for example, you can get help on the
netstat
utility by typing the command
netstat /?
Sometimes, using a utility with an invalid switch will also bring up the help screen.
For the exam, be prepared to identify what tool to use in a given scenario. Remember, there might be more than one tool that could be used—you will be expected to pick the best one for the situation described.
273
On the Network+ exam, you will be asked to identify the output from a command, and you should be able to interpret the information provided by the command.
The trace route utility does exactly what its name implies—it traces the route between two hosts. It does this by using Internet Control Message Protocol
(ICMP) echo packets to report information back at every step in the journey.
Each of the common network operating systems provides a trace route utility, but the name of the command and the output vary slightly on each.
However, for the purposes of the NetWork+ exam, you should not concern yourself with the minor differences in the output format. Table 10.2 shows the trace route command syntax used in various operating systems
The phrase trace route utility is used in this section to refer generically to the various route tracing applications available on common operating systems. In a live environment, you should make yourself familiar with the version of the tool used on the operating systems you are working with.
Table 10.2
Trace Route Utility Commands
Operating System
Windows Server 2000/2003
Novell NetWare
Linux/UNIX
Macintosh
Trace Route Command Syntax tracert <
IP address
> iptrace traceroute <
IP address
> traceroute <
IP address
>
11 2548 ch10 5/16/05 12:33 PM Page 274
274
Trace route provides a lot of useful information, including the IP address of every router connection it passes through and, in many cases, the name of the router (although this depends on the router’s configuration). Trace route also reports the length, in milliseconds, of the round-trip the packet made from the source location to the router and back. This information can help identify where network bottlenecks or breakdowns might be. The following is an example of a successful tracert command on a Windows 2000 system:
C:\>tracert 24.7.70.37
Tracing route to c1-p4.sttlwa1.home.net [24.7.70.37]
➥ over a maximum of 30 hops:
1 30 ms 20 ms 20 ms 24.67.184.1
2 20 ms 20 ms 30 ms rd1ht-ge3-0.ok.shawcable.net [24.67.224.7]
3 50 ms 30 ms 30 ms rc1wh-atm0-2-1.vc.shawcable.net
➥
[204.209.214.193]
4 50 ms 30 ms 30 ms rc2wh-pos15-0.vc.shawcable.net
➥
[204.209.214.90]
5 30 ms 40 ms 30 ms rc2wt-pos2-0.wa.shawcable.net [66.163.76.37]
6 30 ms 40 ms 30 ms c1-pos6-3.sttlwa1.home.net [24.7.70.37]
Trace complete.
Similar to the other common operating systems covered by the Network+ exam, the tracert display on a Windows-based system includes several columns of information. The first column represents the hop number. You may recall that ‘hop’ is the term used to describe a step in the path a packet takes as it crosses the network. The next three columns indicate the round-trip time, in milliseconds, that a packet takes in its attempts to reach the destination. The last column is the hostname and the IP address of the responding device.
Of course, not all trace route attempts are successful. The following is the output from a tracert command on a Windows Server 2003 system that doesn’t manage to get to the remote host:
C:\>tracert comptia.org
Tracing route to comptia.org [216.119.103.72] over a maximum of 30 hops:
1 27 ms 28 ms 14 ms 24.67.179.1
2 55 ms 13 ms 14 ms rd1ht-ge3-0.ok.shawcable.net [24.67.224.7]
➥
3 27 ms 27 ms 28 ms rc1wh-atm0-2-1.shawcable.net
[204.209.214.19]
4 28 ms 41 ms 27 ms rc1wt-pos2-0.wa.shawcable.net
➥
[66.163.76.65]
5 28 ms 41 ms 27 ms rc2wt-pos1-0.wa.shawcable.net [66.163.68.2]
6 41 ms 55 ms 41 ms c1-pos6-3.sttlwa1.home.net [24.7.70.37]
7 54 ms 42 ms 27 ms home-gw.st6wa.ip.att.net [192.205.32.249]
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
11 2548 ch10 5/16/05 12:33 PM Page 275
In this example, the trace route request only gets to the seventh hop, at which point it fails; this failure indicates that the problem lies on the far side of the device in step 7 or on the near side of the device in step 8. In other words, the device at step 7 is functioning but might not be able to make the next hop. The cause of the problem could be a range of things, such as an error in the routing table or a faulty connection. Alternatively, the seventh device might be operating 100%, but device 8 might not be functioning at all. In any case, you can isolate the problem to just one or two devices.
It should be noted that in some cases the owner of a router may configure it to not return ICMP traffic like that generated by ping or trace route. If this is the case, the ping or trace route will fail just as if the router did not exist or was not operating.
275
Although we have used the Windows
tracert
command to provide sample output in these sections, the output from
traceroute
on a UNIX, Linux, or Macintosh system is extremely similar.
The trace route utility can also help you isolate a heavily congested network.
In the following example, the trace route packets fail in the midst of the tracert from a Windows Server 2003 system, but subsequently are able to continue. This behavior can be an indicator of network congestion:
C:\>tracert comptia.org
Tracing route to comptia.org [216.119.103.72]over a maximum of 30 hops:
1 96 ms 96 ms 55 ms 24.67.179.1
2 14 ms 13 ms 28 ms rd1ht-ge3-0.ok.shawcable.net [24.67.224.7]
3 28 ms 27 ms 41 ms rc1wh-atm0-2-1.shawcable.net
➥
[204.209.214.19]
4 28 ms 41 ms 27 ms rc1wt-pos2-0.wa.shawcable.net
➥
[66.163.76.65]
5 41 ms 27 ms 27 ms rc2wt-pos1-0.wa.shawcable.net [66.163.68.2]
6 55 ms 41 ms 27 ms c1-pos6-3.sttlwa1.home.net [24.7.70.37]
7 54 ms 42 ms 27 ms home-gw.st6wa.ip.att.net [192.205.32.249]
8 55 ms 41 ms 28 ms gbr3-p40.st6wa.ip.att.net [12.123.44.130]
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 69 ms 68 ms 69 ms gbr2-p20.sd2ca.ip.att.net [12.122.11.254]
14 55 ms 68 ms 69 ms gbr1-p60.sd2ca.ip.att.net [12.122.1.109]
15 82 ms 69 ms 82 ms gbr1-p30.phmaz.ip.att.net [12.122.2.142]
16 68 ms 69 ms 82 ms gar2-p360.phmaz.ip.att.net [12.123.142.45]
17 110 ms 96 ms 96 ms 12.125.99.70
18 124 ms 96 ms 96 ms light.crystaltech.com [216.119.107.1]
19 82 ms 96 ms 96 ms 216.119.103.72
Trace complete.
11 2548 ch10 5/16/05 12:33 PM Page 276
276
Generally speaking, trace route utilities allow you to identify the location of a problem in the connectivity between two devices. After you have determined this location, you might need to use a utility such as ping to continue troubleshooting. In many cases, as in the examples provided in this chapter, the routers might be on a network such as the Internet and therefore not within your control. In that case, there is little you can do except inform your
ISP of the problem.
Most network administrators are very familiar with the ping utility and are likely to use it on an almost daily basis. The basic function of the ping command is to test the connectivity between the two devices on a network. All the command is designed to do is determine whether the two computers can see each other and to notify you of how long the round-trip takes to complete.
Although ping is most often used on its own, a number of switches can be used to assist in the troubleshooting process. Table 10.3 shows some of the commonly used switches with ping on a Windows system.
Table 10.3
ping Command Switches
Option ping -t ping -a ping -n count ping -r count ping -s count ping -w timeout
Description
Pings a device on the network until stopped
Resolves addresses to hostnames
Specifies the number of echo requests to send
Records route for count hops
Timestamp for count hops
Timeout in milliseconds to wait for each reply ping works by sending ICMP echo request messages to another device on the network. If the other device on the network hears the ping request, it automatically responds with an ICMP echo reply. By default, the ping command on a Windows-based system sends four data packets; however, using the
-t switch, a continuous stream of ping requests can be sent.
ping is perhaps the most widely used of all network tools; it is primarily used to verify connectivity between two network devices. On a good day, the results from the ping command will be successful, and the sending device will receive a reply from the remote device. Not all ping results are that successful, and to be able to effectively use ping
, you must be able to interpret the results of a failed ping command.
11 2548 ch10 5/16/05 12:33 PM Page 277
The
Destination Host Unreachable
error message means that a route to the destination computer system cannot be found. To remedy this problem, you might need to examine the routing information on the local host to confirm that the local host is correctly configured, or you might need to make sure that the default gateway information is correct. The following is an example of a ping failure that gives the
Destination host unreachable message:
Pinging 24.67.54.233 with 32 bytes of data:
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Ping statistics for 24.67.54.233:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The
Request Timed Out
error message is very common when you use the ping command. Essentially, this error message indicates that your host did not receive the ping message back from the destination device within the designated time period. Assuming that the network connectivity is okay on your system, this is typically an indicator that the destination device is not connected to the network, is powered off, or is not configured correctly. It could also mean that some intermediate device is not operating correctly. In some rare cases, it can also indicate that there is so much congestion on the network that timely delivery of the ping might also mean that the ping message could not be completed. It is being sent to an invalid IP address or that the system is not on the same network as the remote host, and an intermediary device is not configured correctly. In any of these cases, the failed ping should initiate a troubleshooting process that might involve other tools, manual inspection, and possibly reconfiguration. The following example shows the output from a ping to an invalid IP address:
C:\>ping 169.76.54.3
Pinging 169.76.54.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 169.76.54.3:
Packets: Sent = 4, Received = 0, Lost = 4 (100%
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
277
11 2548 ch10 5/16/05 12:33 PM Page 278
278
During the ping request, you might receive some replies from the remote host that are intermixed with
Request timed out errors. This is often a result of a congested network. An example follows; notice that this example, which was run on a Windows Me system, uses the
-t switch to generate continuous ping s:
C:\>ping -t 24.67.184.65
Pinging 24.67.184.65 with 32 bytes of data:
Reply from 24.67.184.65: bytes=32 time=55ms TTL=127
Reply from 24.67.184.65: bytes=32 time=54ms TTL=127
Reply from 24.67.184.65: bytes=32 time=27ms TTL=127
Request timed out.
Request timed out.
Request timed out.
Reply from 24.67.184.65: bytes=32 time=69ms TTL=127
Reply from 24.67.184.65: bytes=32 time=28ms TTL=127
Reply from 24.67.184.65: bytes=32 time=28ms TTL=127
Reply from 24.67.184.65: bytes=32 time=68ms TTL=127
Reply from 24.67.184.65: bytes=32 time=41ms TTL=127
Ping statistics for 24.67.184.65:
Packets: Sent = 11, Received = 8, Lost = 3 (27% loss),
Approximate round trip times in milli-seconds:
Minimum = 27ms, Maximum = 69ms, Average = 33ms
In this example, three packets were lost. If this continued on your network, you would need to troubleshoot to find out why packets were being dropped.
The
Unknown Host
error message is generated when the hostname of the destination computer cannot be resolved. This error usually occurs when you ping an incorrect hostname, as shown in the following example, or try to use ping with a hostname when hostname resolution (via DNS or a
HOSTS text file) is not configured:
C:\>ping www.comptia.ca
Unknown host www.comptia.ca
If the ping fails, you need to verify that the ping is being sent to the correct remote host. If it is, and if name resolution is configured, you have to dig a little more to find the problem. This error might indicate a problem with the name resolution process, and you might need to verify that the DNS or
WINS server is available. Other commands, such as nslookup or dig
, can help in this process.
The
Time to Live
ping
(
TTL
) is an important consideration in understanding the command. The function of the TTL is to prevent circular routing, which occurs when a ping request keeps looping through a series of hosts.
11 2548 ch10 5/16/05 12:33 PM Page 279
The TTL counts each hop along the way toward its destination device. Each time it counts one hop, the hop is subtracted from the TTL. If the TTL reaches 0, the TTL has expired, and you get a message like the following:
Reply from 24.67.180.1: TTL expired in transit
If the TTL is exceeded with ping
, you might have a routing problem on the network. You can modify the TTL for the ping -i command.
ping on a Windows system by using
Although ping does not completely isolate problems, you can use it to help identify where a problem lies. When troubleshooting with ping
, take the following steps:
1.
ping the IP address of your local loopback, using the command ping
127.0.0.1
. If this command is successful, you know that the TCP/IP protocol suite is installed correctly on your system and functioning. If you are unable to ping the local loopback adapter, TCP/IP might need to be reloaded or reconfigured on the machine you are using.
The
loopback
is a special function within the protocol stack that is supplied for troubleshooting purposes. The Class A IP address 127.X.X.X
is reserved for the loopback; although convention dictates that you use 127.0.0.1
, you can use any address in the 127.X.X.X
range, except for the network number itself ( 127.0.0.0
) and the broadcast address
( 127.255.255.255
). You can also ping by using the default hostname for the local system, which is called localhost (for example, ping localhost ).
2.
ping the assigned IP address of your local network interface card
(NIC). If the ping is successful, you know that your NIC is functioning on the network and has TCP/IP correctly installed. If you are unable to ping the local NIC, TCP/IP might not be bound correctly to the
NIC or the NIC drivers might be improperly installed.
3.
ping the IP address of another known good system on your local network. By doing so, you can determine whether the computer you are using can see other computers on the network. If you can ping devices on your local network, you have network connectivity.
other
If you cannot ping other devices on your local network and you were able to ping the IP address of your system, you might not be connected to the network correctly.
279
11 2548 ch10 5/16/05 12:33 PM Page 280
280
4.
After you’ve confirmed that you have network connectivity for the local network, you can verify connectivity to a remote network by sending a ping to the IP address of the default gateway.
5.
If you are able to ping the default gateway, you can verify remote connectivity by sending a ping to the IP address of a system on a remote network.
On the Network+ exam, you might be asked to relate the correct procedure for using
ping
for a connectivity problem.
Using just the ping command in these steps, you can confirm network connectivity on not only the local network, but also on a remote network. The whole process requires as much time as it takes to type in the command, and you can do it all from a single location.
If you are an optimistic person, you can perform step 5 first. If that works, all the other steps will also work, saving you the need to test them. If your step 5 trial fails, you can go back to step 1 and start the troubleshooting process from the beginning.
All but one of the
ping
examples used in this section show the
ping
command using the IP address of the remote host. It is also possible to
ping
the Domain Name Service
(DNS) name of the remote host (for example,
ping www.comptia.org
,
ping server1
); this, of course, can be done only if your network uses a DNS server. On a Windowsbased network, you can also
ping
by using the Network Basic Input/Output System
(NetBIOS) computer name.
The
Address Resolution Protocol
(
ARP
) is used to resolve IP addresses to MAC addresses. This is important because on a network, devices find each other using the IP address, but communication between devices requires the MAC address.
For the Network+ exam, remember that the function of the ARP command is to resolve IP addresses to Layer 2 or MAC addresses.
When a computer wants to send data to another computer on the network, it must know the MAC address of the destination system. To discover this
11 2548 ch10 5/16/05 12:33 PM Page 281 information, ARP sends out a discovery packet to obtain the MAC address.
When the destination computer is found, it sends its MAC address to the sending computer. The ARP-resolved MAC addresses are stored temporarily on a computer system in the ARP cache. Inside this ARP cache is a list of matching MAC and IP addresses. This ARP cache is checked before a discovery packet is sent on to the network to determine if there is an existing entry.
Entries in the ARP cache are periodically flushed so that the cache doesn’t fill up with unused entries. The following code shows an example of the ARP command with the output from a Windows 2000 system:
C:\>arp -a
Interface: 24.67.179.22 on Interface 0x3
Internet Address Physical Address Type
24.67.179.1 00-00-77-93-d8-3d dynamic
As you might notice in the previous code, the type is listed as dynamic.
Entries in the ARP cache can be added statically or dynamically. Static entries are added manually and do not expire. The dynamic entries are added automatically when the system accesses another on the network.
As with other command-line utilities, there are several switches available for the arp command. Table 10.4 shows the available switches for Windowsbased systems.
Table 10.4
Switch
-a
or
-g inet_addr
-N if_addr eth_addr if_addr
-d
-s
ARP Switches
Description
Displays both the IP and MAC addresses and whether they are dynamic or static entries
Specifies a specific internet address
Displays the ARP entries for a specified network interface
Specifies a MAC address
Specifies an Internet address
Deletes an entry from the ARP cache
Adds a static permanent address to the ARP cache
The netstat command displays the protocol statistics and current TCP/IP connections on the local system. Used without any switches, the netstat command shows the active connections for all outbound TCP/IP connections. In addition, several switches are available that change the type of
281
11 2548 ch10 5/16/05 12:33 PM Page 282
282
information netstat displays. Table 10.5 shows the various switches available for the netstat utility.
Table 10.5
netstat Switches
Switch
-a
-e
-n
-p
-r
-s interval
Description
Displays the current connections and listening ports
Displays Ethernet statistics
Lists addresses and port numbers in numerical form
Shows connections for the specified protocol
Shows the routing table
Lists per-protocol statistics
Specifies the length of time to wait before redisplaying statistics
The
netstat
and the
route print
commands can be used to show the routing table.
The netstat utility is used to show the port activity for both TCP and UDP connections, showing the inbound and outbound connections. When used without switches, the netstat utility has four information headings.
➤
Proto
—Lists the protocol being used, either UDP or TCP.
➤
Local address
—Specifies the local address and port being used.
➤
Foreign address
—Identifies the destination address and the port being used.
➤
State
—Specifies whether the connection is established.
In its default usage, the netstat command shows outbound connections that have been established by TCP. The following shows a sample output from a netstat command without using any switches:
C:\>netstat
Active Connections
Proto Local Address Foreign Address State
TCP laptop:2848 MEDIASERVICES1:1755 ESTABLISHED
TCP laptop:1833 www.dollarhost.com:80 ESTABLISHED
TCP laptop:2858 194.70.58.241:80 ESTABLISHED
TCP laptop:2860 194.70.58.241:80 ESTABLISHED
TCP laptop:2354 www.dollarhost.com:80 ESTABLISHED
TCP laptop:2361 www.dollarhost.com:80 ESTABLISHED
TCP laptop:1114 www.dollarhost.com:80 ESTABLISHED
11 2548 ch10 5/16/05 12:33 PM Page 283
TCP laptop:1959 www.dollarhost.com:80 ESTABLISHED
TCP laptop:1960 www.dollarhost.com:80 ESTABLISHED
TCP laptop:1963 www.dollarhost.com:80 ESTABLISHED
TCP laptop:2870 localhost:8431 TIME_WAIT
TCP laptop:8431 localhost:2862 TIME_WAIT
TCP laptop:8431 localhost:2863 TIME_WAIT
TCP laptop:8431 localhost:2867 TIME_WAIT
TCP laptop:8431 localhost:2872 TIME_WAIT
Like any other command-line utility, they are often used with switches. The following sections provide a brief explanation of the switches and a sample output from each.
The
netstat -e
command shows the activity for the NIC and displays the number of packets that have been both sent and received. An example of the netstat -e command is shown here:
C:\WINDOWS\Desktop>netstat -e
Interface Statistics
Received Sent
Bytes 17412385 40237510
Unicast packets 79129 85055
Non-unicast packets 693 254
Discards 0 0
Errors 0 0
Unknown protocols 306
As you can see, the netstat -e command shows more than just the packets that have been sent and received:
➤
—The number of bytes that have been sent or received by the
NIC since the computer was turned on.
➤
—Packets sent and received directly to this interface.
➤
—Broadcast or multicast packets that were picked up by the NIC.
➤
—The number of packets rejected by the NIC, perhaps because they were damaged.
➤
—The errors that occurred during either the sending or receiving process. As you would expect, this column should be a low number. If it is not, it could indicate a problem with the NIC.
➤
—The number of packets that were not recognizable by the system.
283
11 2548 ch10 5/16/05 12:33 PM Page 284
284
The netstat -a command displays statistics for both TCP and User
Datagram Protocol (UDP). Here is an example of the netstat -a command:
C:\WINDOWS\Desktop>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP laptop:1027 LAPTOP:0 LISTENING
TCP laptop:1030 LAPTOP:0 LISTENING
TCP laptop:1035 LAPTOP:0 LISTENING
TCP laptop:50000 LAPTOP:0 LISTENING
TCP laptop:5000 LAPTOP:0 LISTENING
TCP laptop:1035 msgr-ns41.msgr.hotmail.com:1863 ESTABLISHED
TCP laptop:nbsession LAPTOP:0 LISTENING
TCP laptop:1027 localhost:50000 ESTABLISHED
TCP laptop:50000 localhost:1027 ESTABLISHED
UDP laptop:1900 *:*
UDP laptop:nbname *:*
UDP laptop:nbdatagram *:*
UDP laptop:1547 *:*
UDP laptop:1038 *:*
UDP laptop:1828 *:*
UDP laptop:3366 *:*
As you can see, the output includes four columns, which show the protocol, the local address, the foreign address, and the state of the port. The
TCP
connections show the local and foreign destination addresses and the current state of the connection.
UDP
, however, is a little different; it does not list a state status because as mentioned throughout this book, UDP is a connectionless protocol and does not establish connections. The following list briefly explains the information provided by the netstat -a command:
➤
Proto
—The protocol used by the connection.
➤
Local Address
—The IP address of the local computer system and the port number it is using. If the entry in the local address field is an asterisk (
*
), it indicates that the port has not yet been established.
➤
Foreign Address
—The IP address of a remote computer system and the associated port. When a port has not been established, as with the
UDP connections,
*:* appears in the column.
➤
State
—The current state of the TCP connection. Possible states include established, listening, closed, and waiting.
The netstat -r command is often used to view the routing table for a system.
A system uses a routing table to determine routing information for TCP/IP
11 2548 ch10 5/16/05 12:33 PM Page 285 traffic. The following is an example of the netstat -r
Windows Me system: command from a
The
netstat -r
command output shows the same information as the output from the
route print
command.
285
C:\WINDOWS\Desktop>netstat –r
Route table
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 24.67.179.1 24.67.179.22 1
24.67.179.0 255.255.255.0 24.67.179.22 24.67.179.22 1
24.67.179.22 255.255.255.255 127.0.0.1 127.0.0.1 1
24.255.255.255 255.255.255.255 24.67.179.22 24.67.179.22 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 224.0.0.0 24.67.179.22 24.67.179.22 1
255.255.255.255 255.255.255.255 24.67.179.22 2 1
Default Gateway: 24.67.179.1
===========================================================================
Persistent Routes:
None
The netstat -s command displays a number of statistics related to the
TCP/IP protocol suite. Understanding the purpose of every field in the output is beyond the scope of the Network+ exam, but for your reference, sample output from the netstat -s command is shown here:
C:\>netstat -s
IP Statistics
Packets Received
Received Header Errors
Received Address Errors
Datagrams Forwarded
Unknown Protocols Received
Received Packets Discarded
Received Packets Delivered
Output Requests
Routing Discards
Discarded Output Packets
Output Packet No Route
Reassembly Required
Reassembly Successful
Reassembly Failures
Datagrams Successfully Fragmented
Datagrams Failing Fragmentation
Fragments Created
= 389938
= 0
= 1876
= 498
= 0
= 0
= 387566
= 397334
= 0
= 0
= 916
= 0
= 0
= 0
= 0
= 0
= 0
11 2548 ch10 5/16/05 12:33 PM Page 286
286
ICMP Statistics
Messages
Errors
Destination Unreachable
Time Exceeded
Parameter Problems
Source Quenches
Redirects
Echos
Echo Replies
Timestamps
Timestamp Replies
Address Masks
Address Mask Replies
TCP Statistics
Active Opens
Passive Opens
Failed Connection Attempts
Reset Connections
Current Connections
Segments Received
Segments Sent
Segments Retransmitted
UDP Statistics
Datagrams Received
No Ports
Receive Errors
Datagrams Sent
Received
40641
0
0
0
223
24
0
0
0
0
20245
20149
0
= 20402
= 20594
= 0
= 10217
= 13538
= 23132
= 9259
= 254
= 15
= 330242
= 326935
= 18851
Sent
41111
0
0
0
680
0
0
0
0
38
20148
20245
0
The nbtstat utility is used to view protocol statistics and information for
NetBIOS over TCP/IP connections. nbtstat is commonly used to troubleshoot NetBIOS name resolution problems. Because nbtstat provides the resolution of NetBIOS names, it’s available only on Windows systems.
A number of case-sensitive switches are available for the nbtstat
Table 10.6 summarizes these switches.
command.
Table 10.6
nbtstat Switches
Switch nbtstat -a nbtstat -A
(IP address)
Description
(Adapter status) Outputs the NetBIOS name table and
MAC addresses of the card for the specified computer
(Adapter status) Lists the remote machine’s name table given its IP address
(continued)
11 2548 ch10 5/16/05 12:33 PM Page 287
Table 10.6
Switch nbtstat nbtstat -c
(cache)
Switches
(continued)
Description nbtstat -n nbtstat -r nbtstat -R nbtstat -S nbtstat -s
(names)
(resolved)
(Reload)
(Sessions)
(sessions)
nbtstat -RR
(ReleaseRefresh)
nbtstat RemoteName nbtstat IP address nbtstat interval
Provides a list of the contents of the NetBIOS name cache
Lists local NetBIOS names
Lists names resolved by broadcast or WINS
Purges and reloads the remote cache name table
Summarizes the current NetBIOS sessions and their status
Lists sessions table converting destination IP addresses to computer NetBIOS names
Sends Name Release packets to WINS, and then starts
Refresh
Remote host machine name
Dotted decimal representation of the IP address
Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics
As an example, the following is the output from the nbtstat -n command:
C:\>nbtstat -n
Lana # 0:
Node IpAddress: [169.254.196.192] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
LAPTOP <00> UNIQUE Registered
KCS <00> GROUP Registered
LAPTOP <03> UNIQUE Registered
The ipconfig command is a technician’s best friend when it comes to viewing the TCP/IP configuration of a Windows system. Used on its own, the ipconfig command shows basic information such as the name of the network interface, the IP address, the subnet mask, and the default gateway.
Combined with the
/all switch, it shows a detailed set of information, as you can see in the following example:
C:\>ipconfig /all
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : server
287
11 2548 ch10 5/16/05 12:33 PM Page 288
288
Primary DNS Suffix . . . . . . . : write
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : write
Ethernet adapter Local Area Connection: ok.anyotherhost.net
Connection-specific DNS Suffix . : ok.anyotherhost.net
Description . . . . . . . . . . . : D-Link DFE-530TX PCI Fast Ethernet
Physical Address. . . . . . . . . : 00-80-C8-E3-4C-BD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 24.67.184.65
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 24.67.184.1
DHCP Server . . . . . . . . . . . : 24.67.253.195
DNS Servers . . . . . . . . . . . : 24.67.253.195
24.67.253.212
Lease Obtained.. . . . : Thursday, February 07, 2002 3:42:00 AM
Lease Expires .. . . . : Saturday, February 09, 2002 3:42:00 AM
As you can imagine, you can use the output from an ipconfig /all command in a massive range of troubleshooting scenarios. Table 10.7 lists some of the most common troubleshooting symptoms, along with where to look for clues about solving them in the ipconfig /all output.
When looking at
ipconfig
information, you should be sure that all information is present and correct. For example, a missing or incorrect default gateway parameter limits communication to the local segment.
Table 10.7
Common Troubleshooting Symptoms That ipconfig
Can Help Solve
Symptom
User is unable to connect to any other system.
User is able to connect to another system on the same subnet but is not not able to connect to a remote system.
User is unable to browse the Internet.
Field to Check in ipconfig
Output
Make sure the TCP/IP address and subnet mask are correct. If the network uses DHCP, make sure DHCP is enabled.
Make sure the default gateway is correctly configured.
User is unable to browse across remote subnets.
Make sure the DNS server parameters are configured correctly.
Make sure the WINS or DNS server parameters are configured correctly, if applicable.
11 2548 ch10 5/16/05 12:33 PM Page 289
You should be prepared to identify the output from an
ipconfig
command in relationship to a troubleshooting scenario for the Network+ exam.
289
Using the
/all switch might be far and away the most popular, but there are a few others. These include the switches listed in Table 10.8.
The
ipconfig
and its associated switches are widely used by network administrators and therefore should be expected to make an appearance on the exam.
Table 10.8
ipconfig Switches
Switch
?
/all
/release
/renew
Description
Displays the
ipconfig
help screen
Displays additional IP configuration information
Releases the IP address of the specified adapter
Renews the IP address of a specified adapter
The
ipconfig /renew
and
ipconfig /release
commands work only when your system is using DHCP.
The
ipconfig
command on Windows 2000, Windows XP and Windows Server 2003 provides additional switches and functionality geared toward Active Directory and
Dynamic DNS. You do not need to be concerned with these switches for the
Network+ exam, but you can view information on them by using the
ipconfig /?
command.
ifconfig performs the same function as ipconfig
, but on a Linux, UNIX, or
Macintosh system. Because Linux relies more heavily on command-line utilities than Windows, the Linux and UNIX version of ifconfig provides much more functionality than ipconfig
. On a Linux or UNIX system, you can get information about the usage of the ifconfig command by using ifconfig -help
. The following output provides an example of the basic ifconfig mand run on a Linux system: com-
11 2548 ch10 5/16/05 12:33 PM Page 290
290
eth0 Link encap:Ethernet HWaddr 00:60:08:17:63:A0
➥ inet addr:192.168.1.101 Bcast:192.168.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:911 errors:0 dropped:0 overruns:0 frame:0
TX packets:804 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100
Interrupt:5 Base address:0xe400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0
Although the ifconfig command displays the IP address, subnet mask and default gateway information for both the installed network adapter and the local loopback adapter, it does not report DCHP lease information. Instead, you can use the pump –s command to view detailed information on the DHCP lease including the assigned IP address, the address of the DHCP server, and the time remaining on the lease. The pump command can also be used to release and renew IP addresses assigned via DHCP and to view DNS server information.
On a Windows 98 Second Edition and Windows Me systems, the winipcfg command is used in addition to the ipconfig command. The difference between the two utilities is that winipcfg is a graphical utility.
In basic mode, winipcfg shows information including the Media Access
Control (MAC) address and IP address of the interface, the subnet mask, and the default gateway. For detailed information, similar to that produced with ipconfig /all
, a More Info button allows you to switch into a much more detailed screen.
The same troubleshooting scenarios, with the same solutions, apply to winipcfg as to ipconfig
. Table 10.9 lists some solutions to common problems.
Table 10.9
Symptom
Common Troubleshooting Problems That
User is unable to connect to any other system.
winipcfg
Check that the TCP/IP address and subnet mask are correct. If using DHCP, make sure
DHCP is enabled.
Can Help Solve
Field to Check in winipcfg Output
(continued)
11 2548 ch10 5/16/05 12:33 PM Page 291
Table 10.9 Common Troubleshooting Problems That winipcfg
Can Help Solve
(continued)
Symptom Field to Check in winipcfg Output
User is able to connect to other system on the same subnet, but is not able to connect to a remote system.
User is unable to browse the
Internet.
User is unable to browse across remote subnets.
Check that the default gateway is correctly configured.
Make sure the DNS server paramenters are configured correctly.
Make sure the WINS or DNS server parameters are configured correctly (if applicable).
nslookup is a utility used to troubleshoot DNS-related problems. Using nslookup
, you can, for example, run manual name resolution queries against
DNS servers, get information about the DNS configuration of your system or specify what kind of DNS record should be resolved.
When nslookup is started, it displays the current hostname and the IP address of the locally configured DNS server. You will then see a command prompt which allows you to specify further queries. This is known as ‘interactive’ mode. The commands you can enter in interactive mode are listed in Table
10.10.
Table 10.10
nslookup
Switches
Switch all
[no]debug
[no]d2
[no]defname
[no]recurse
[no]search
[no]vc domain=NAME srchlist=N1[/N2/.../N6] root=NAME retry=X timeout=X
Description
Prints options, as well as current server and host information
Prints debugging information
Prints exhaustive debugging information
Appends the domain name to each query
Asks for recursive answer to query
Uses domain search list
Always uses a virtual circuit
Sets default domain name to
NAME
Sets domain to N1 and search list to N1, N2, and so on
Sets root server to
NAME
Sets number of retries to
X
Sets initial timeout interval to
X
seconds
(continued)
291
11 2548 ch10 5/16/05 12:33 PM Page 292
292
Table 10.10
Switch type=X querytype=X class=X
[no]msxfr ixfrver=X server NAME exit nslookup
Switches
(continued)
Description
Sets query type (for example, A, ANY, CNAME, MX, NS, PTR,
SOA, or SRV)
Same as type
Sets query class (for example,
IN
[Internet],
ANY
)
Uses MS fast zone transfer
Current version to use in IXFR transfer request
Sets default server to
NAME
, using current default server
Exits the program
Instead of using interactive mode, you can also execute nslookup requests directly at the command prompt. The following listing shows the output from nslookup when a domain name is specified to be resolved.
C:\>nslookup comptia.org
Server: nsc1.ht.ok.shawcable.net
Address: 64.59.168.13
Non-authoritative answer:
Name: comptia.org
Address: 208.252.144.4
As you can see from the output, nslookup shows the hostname and IP address of the DNS server against which the resolution was performed, along with the hostname and IP address of the resolved host.
dig is used on Linux, UNIX or Macintosh system to perform manual DNS lookups. dig performs the same basic task as nslookup
, but with one major distinction: The dig command does not have an interactive mode and instead uses only command-line switches to customize results.
dig is generally considered a more powerful tool than nslookup
, but in the course of a typical network administrator’s day, the minor limitations of nslookup are unlikely to be too much of a factor. Instead, dig is often simply the tool of choice for DNS information and troubleshooting on UNIX,
Linux, or Macintosh systems. Like nslookup
, dig can be used to perform simple name resolution requests. The output from this process can be seen in the following listing:
; <<>> DiG 8.2 <<>> examcram.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
11 2548 ch10 5/16/05 12:33 PM Page 293
;; QUERY SECTION:
;; examcram.com, type = A, class = IN
;; ANSWER SECTION: examcram.com. 7h33m IN A 63.240.93.157
;; AUTHORITY SECTION: examcram.com. 7h33m IN NS usrxdns1.pearsontc.com.
examcram.com. 7h33m IN NS oldtxdns2.pearsontc.com.
;; Total query time: 78 msec
;; FROM: localhost.localdomain to SERVER: default -- 209.53.4.130
;; WHEN: Sat Oct 16 20:21:24 2004
;; MSG SIZE sent: 30 rcvd: 103
As you can see, dig provides a number of pieces of information in the basic output—more so than nslookup
. There are three key areas of the output from which network administrators can gain information. These are the ‘Answer
Section,’ the ‘Authority Section,’ and the last four lines of the output.
The Answer Section of the output provides the name of the domain or host being resolved, along with its IP address. The
A in the results line indicates the record type that is being resolved.
The Authority Section provides information on the authoritative DNS servers for the domain against which the resolution request was performed.
This information can be useful in determining whether the correct DNS servers are considered authoritative for a domain.
The last four lines of the output show how long the name resolution request took to process and the IP address of the DNS server that performed the resolution. It also shows the date and time of the request, as well as the size of the packets sent and received.
One of the easiest ways to spot signs of trouble on a network or with a network component is to look at the devices’ LEDs. Many of the devices used in modern networks—such as hubs, routers, switches, and even NICs—have these small indicator lights that let you know what, if anything, is going wrong. The following sections examine some of the common networking devices and what you can learn from their LEDs.
If you have seen a hub or a switch, you have no doubt noticed the LEDs on the front of the device. Each RJ-45 connector has one or two dedicated
293
11 2548 ch10 5/16/05 12:33 PM Page 294
294
LEDs. These LEDs are designed to provide the network administrator with a quick idea of the status of a connection or a potential problem. Table 10.11
provides some examples of link-light indicators functioning on a typical hub or switch.
Note that the LEDs’ sequencing and meanings vary among the different hub manufacturers and therefore might be different from those listed in Table
10.11.
Table 10.11
LED State
Solid green
Blinking green
No LED lit
Example Link-Light Indicator LED States for a Network Hub or Switch
Meaning
Fast continuous blinking for extended periods
Blinking amber
A device is connected to the port, but there is no activity on the device.
There is activity on the port. The connected system is sending or receiving data.
There is no detectable link. Either there’s a problem with the connection between the device and the hub (such as an unplugged cable), or the remote system is powered down.
This often indicates a fault with the connection, which can commonly be attributed to a faulty NIC.
There are collisions on the network. A few orange LEDs flashing intermittently are okay, but continuously blinking amber
LEDs indicate a problem.
In addition to link-light indicators, some hubs and switches have port-speed
LEDs that, when lit, indicate the speed at which the connected device is functioning. Some also have LEDs that indicate whether the link is operating in full-duplex mode.
If a connection LED on a hub is not lit, all the physical connections are correct, and the connected system is powered on, you might have a faulty patch cable.
By understanding the function of the lights on networking devices, you can tell at a glance the status of a device and the systems connected to it. You should take the time to familiarize yourself with the indicator lights on the network devices you work with and with their various states.
11 2548 ch10 5/16/05 12:33 PM Page 295
In addition to hubs and switches, most other networking devices have LEDs that provide a variety of information. Most NICs have at least one LED that indicates whether there is a link between the system and the network into which it is plugged. The link light operates at a physical level; in other words, it should be lit when the PC is on, regardless of whether the networking software is loaded, the network configuration is correct, or the user is logged on to the network. In addition to the link light LED, many NICs have additional lights to indicate the speed at which the network connection is established and/or when there is network activity on the link.
LEDs are also included on cable modems and DSL modems, which are commonly used in small or home office implementations for Internet connectivity. The number of LEDs and their functionality depends on the device. For example, one cable modem might have four LEDs: one indicating that the modem is online, a Send indicator, a Receive indicator, and one labeled
Message. In contrast, a DSL modem might have six LEDs. One shows that the device is powered, and one flashes to indicate that the device is operating normally. Then there is a link light for both the local network and the
DSL connection, and another LED for each interface that flashes to indicate activity on those links.
The usefulness of LEDs in troubleshooting scenarios cannot be overstated.
LEDs provide an instant, visual indicator about the state of a network link.
In some cases, as with collision lights, they can even alert you to problems on the network. Understanding how to interpret information provided by
LEDs is important for the real world and for the Network+ exam.
Imagine a scenario in which a user who is working at workstation A calls and tells you she is unable to access the Internet. The Internet connection could be down, but by connecting to the Internet yourself, you determine that it is working correctly; therefore, it is safe to assume that the problem is at the user’s end rather than with the Internet connectivity. Next, you decide to visit the user’s workstation to see whether you can ping the Internet router. Before you begin the ping test, you look at the back of the system and see that the link LED on the NIC is not lit. At this point, you can be fairly sure that the ping test will not work because without the link light, there is no connectivity between the NIC and the switch.
Now you have narrowed the problem to one of a few sources. Either the
NIC or the cable is faulty, the switch to which the user is connected is not functioning, or the port on the switch to which the user is connected is faulty.
295
11 2548 ch10 5/16/05 12:33 PM Page 296
296
The easiest way to test whether the cable is the problem is to borrow a known working cable from workstation B or C and swap it with the cable connecting workstation A to the hub, switch, or wall port. When you try this, if the link light does not come on, you can deduce that the NIC is faulty. If the light does come on, you can deduce that either the port on the switch or a cable is faulty. The next step is to swap the cable out or try the original cable in another switch port.
Expect to be asked to identify the purposes of link lights on the Network+ exam. You might be presented with diagrams and asked how you would use LEDs in the troubleshooting process.
Whatever the actual problem, link lights play an important role in the troubleshooting process. They give you an easy method of seeing what steps do and don’t work.
Remote connectivity errors are bugs that prevent you from connecting to the office network, from remotely dialing in to your home computer, or from logging on to your ISP and subsequently the Internet.
Although many means and methods are available for establishing remote connectivity, network administrators can focus their attention on some common hot spots when troubleshooting errors, including authentication failure, protocol configuration problems, and physical connectivity.
When you’re troubleshooting remote connectivity errors, it is often easy to forget the most basic troubleshooting practices. By this, we mean ensuring that all the physical connections are in place. When you suspect a physical connectivity problem, here are a few key places to look:
➤
Faulty cable
➤
Improperly connected cable
➤
Incorrect cable
11 2548 ch10 5/16/05 12:33 PM Page 297
➤
Faulty interface
➤
Faulty networking devices
Now that we have looked at some of the more generalized considerations of remote connectivity troubleshooting from a physical perspective, we’ll focus specifically on some of the commonly used remote access technologies.
Troubleshooting DSL is similar to troubleshooting any other Internet connection. The following are a few things to check when users are experiencing problems with a DSL connection:
➤
Physical connections
➤
The NIC installed in the computer system
➤
Network card drivers
➤
Protocol configuration
➤
LEDs on the DSL modem
When troubleshooting remote connectivity on a cable or DSL modem, use the LEDs that are always present on these devices to aid in your troubleshooting process.
297
In general, cable Internet access is a low-maintenance system with very few problems. When problems do occur, you can try various troubleshooting measures:
➤
Check the physical connections.
➤
Ensure that the protocol configuration on the system is valid.
➤
Check the indicator lights on the cable modem.
➤
Cycle the power on the cable modem, and on the system.
If you are sure that the connectors are all in place and the configuration of the system is correct, the next step is to call the technical support line of the cable provider.
11 2548 ch10 5/16/05 12:33 PM Page 298
298
Your ability to troubleshoot satellite Internet connections might be very limited. The hardware associated with home satellite remote access installations are very specialized, and equipment providers often prefer that you let them do the hardware troubleshooting. Given this limitation, calls to technical support occur very early in the troubleshooting process.
Troubleshooting wireless access is normally confined to ensuring that the adapter is functioning correctly and configured properly.
The main factors that can affect wireless access are environmental conditions and outside interference. Many people who live in areas that often have fog or other damp conditions experience poor performance (or none at all) from wireless Internet service.
Here are some specific things you should check when troubleshooting a wireless connection:
➤
Check the configuration of the wireless interface.
➤
Move the computer around to find out if it’s in a dead spot.
➤
Check with other people to see if there is a problem with the service, rather than just your system.
If you are sure that everything is configured correctly, you might have to contact the wireless provider to see if anything is amiss.
Troubleshooting a dial-up connection problem can be tricky and time-consuming because you must consider many variables. In fact, of the remote connectivity mechanisms discussed in this chapter, you are far more likely to have problems with a POTS connection than any of the others. The following are some places to start your troubleshooting under various conditions.
If the user is unable to dial out, try the following:
➤
Check physical connections.
➤
Check that there is a dial tone on the line.
If the user can dial out but can’t get a connection, try the following:
➤
Make sure that the user is dialing the correct number.
➤
Call the ISP to determine whether it is having problems.
11 2548 ch10 5/16/05 12:33 PM Page 299
➤
Determine if Call Waiting is enabled on the line, or there is some other telephone provider service interfering with communications.
If the user can dial out and can get a connection but is then disconnected, try the following:
➤
Ensure that the modem connection is configured correctly.
➤
Check that the username and password are correct.
➤
Verify that the connection settings are correct.
If you are confident that a modem is installed and configured correctly, but it’s still not working properly, you can test and configure it by using special commands from the
AT command set
. Table 10.12 lists some of the most commonly used AT commands.
Table 10.12
AT Command
Commonly Used AT Commands
Result
ATA
ATH
ATD
ATZ
ATI3
Sets the modem to auto-answer
Hangs up an active connection
Dials a number
Resets the modem
Displays the name and model of the modem
In general, getting the modem to respond to an ATZ command is a good enough indicator that the modem is functioning.
You should be prepared to identify the function of basic AT commands for the
Network+ exam.
299
All forms of remote connectivity should require some form of authentication to confirm that those trying to access the remote resources have permission to do so. As a network administrator, you can expect to become very familiar with authentication troubleshooting. Quite often, authentication errors result from users incorrectly entering usernames and/or passwords.
11 2548 ch10 5/16/05 12:33 PM Page 300
300
If you’re troubleshooting authentication failure, you should ensure that Caps Lock is turned off on the keyboard.
Authentication issues can also arise as a result of permissions changes in users’ accounts. If you’re troubleshooting remote connectivity and you have confirmed that the correct username and password are used, you should confirm that the user has the appropriate permissions to access the network.
The third and perhaps least likely cause for authentication failure is a downed authentication server. In such a circumstance, you are likely to receive numerous calls regarding authentication difficulty—not just one or two.
Many, but not all, of the problems you encounter with remote connectivity can be addressed with the measures listed previously. However, you might encounter a problem when you have confirmed that the network user is using the correct username and password combination, that no changes have been made to the user’s account information, that all physical connections are in place, and that the user still cannot establish a remote connection.
The next most likely cause of a client connectivity problem is protocol configuration. Protocol configuration issues are usually on the client side of the network. On a TCP/IP network, each client computer must have a unique address in order to participate on the network. Failure to obtain addressing information automatically could indicate a problem with a DHCP server.
You should check the DHCP server to make sure that it is functioning and that addresses are available for assignment.
Beyond basic protocol issues such as addressing, remote connectivity troubleshooting also brings with it the additional considerations of authentication protocols. There is one basic rule that applies to all such issues. If a client in a remote connectivity solution is configured to use one type of authentication protocol, and the server to which he is connecting does not support that protocol, the connection will be refused.
11 2548 ch10 5/16/05 12:33 PM Page 301
If a client is attempting to connect to a remote system using one authentication protocol, and the remote access server does not support that protocol, the connection will be refused.
301
As more people choose to use broadband Internet connectivity methods such as cable and DSL, the use of compact hub/router and switch/router combinations has become commonplace.
Most SOHO routers are, in fact, more than routers. Most are also Ethernet hubs or switches, making it possible to share an Internet connection with other systems on the network. They also typically provide basic firewalling capabilities and, in many cases, DHCP server functionality.
The most common configuration method for SOHO routers is through a browser interface, though some models also use a custom application for this purpose. Configuration is generally straightforward, as SOHO routers are designed to be home user friendly.
Because a SOHO router is a network device, the rules and procedures that apply to other troubleshooting scenarios are valid. If you are experiencing
Internet connectivity issues on a network with a SOHO router, the first step is to ensure that the SOHO router is powered on and that all the network connections are complete and secure. Also, familiarize yourself with the diagnostic LEDs on your SOHO router so that you can interpret the information they provide accordingly.
SOHO routers typically function for long periods of time without a problem. If your
SOHO router
hangs
, try powering it down, waiting a few moments, and then powering it back up again.
One of the easiest ways to test whether the SOHO router is the cause of a problem is to remove it from the communications chain and plug a PC directly in to the broadband interface (be that cable or DSL). If the PC is
11 2548 ch10 5/16/05 12:33 PM Page 302
302
configured to obtain an IP address automatically, it should be able to get an
IP address from the ISP just as easily as it would from the SOHO router. If the system subsequently works fine and can access the Internet, you know that the problem lies with the SOHO router and not the configuration of the system.
When you remove a SOHO router from the communications chain, you need to be very aware that unless the PC itself is running a firewall, it is very exposed to Internet borne threats. You should install a software firewall on the system before you connect directly to the Internet.
Client connectivity errors are one of the most common sources of networkrelated problems. Issues range from plain old user error to more complex protocol and cabling issues. Sometimes, even administrators make mistakes that can impact users! With so many possibilities, it is no wonder that client connectivity persists as one of the biggest network troubleshooting hotspots.
The client system must have a protocol assigned or bound to its NIC in order to access resources. You can use various tools to verify that a protocol is being used by the system—for example, on Windows 2000/XP/2003 systems, you use the ipconfig command; on older Windows client systems, you use the winipcfg you can use the command; and on Linux, UNIX, and Macintosh systems, ifconfig command.
You need to consider a number of factors related to network protocols when you troubleshoot a client connectivity. The following list describes some of the protocol-specific issues you should consider in such a situation:
➤
Transmission Control Protocol/Internet Protocol (TCP/IP)
—For a system to operate on a TCP/IP-based network, it must have at the very least a unique IP address, the correct subnet mask for the network to which it is connected, and (for cross-network connectivity) a default gateway entry. In addition, Domain Name Service (DNS) server addresses might be required.
11 2548 ch10 5/16/05 12:33 PM Page 303
➤
—Each system on an IPX/SPX network must have a unique address, although the addresses are generated and assigned automatically. On older networks, care must be taken to ensure that the correct frame type is being used, although systems are usually able to autodetect the frame type that is in use.
➤
—Each system on a network that uses NetBEUI must have a unique name to identify the computer on the network. For name resolution between network segments, a network needs either a Windows Internet Naming System
(WINS) server or manual name resolution through an
LMHOSTS file.
➤
—Each system on an AppleTalk network must have a unique address. If AppleTalk over TCP/IP is being used, ensure that the system is configured with a valid IP address, subnet mask, and (if needed) a default gateway.
Remember that Windows systems use APIPA. If they are configured to use DHCP but cannot obtain an address from a server, they will self-assign an IP address from the
169.254.x.x
range. Non-APIPA systems that cannot obtain an IP address from a
DHCP server will typically self assign an IP address of
0.0.0.0
.
When protocol settings are correctly configured, protocol problems are infrequent. Unless settings are manually changed, very little can go wrong.
Before users can log on to any system, their identities must be verified. By far the most common type of authentication used is the standard username and password combination. When a user account is created, it is good practice for the administrator to set a password. The user should change that password immediately so that the administrator no longer knows it.
With the exception of Novell NetWare, all the operating systems covered in the
Network+ exam use case-sensitive passwords.
303
Most user password problems can be traced to users entering an incorrect password or entering the correct password incorrectly. All common operating systems offer the ability for the administrator to change a user’s password, but none offer the capability to determine the user’s existing password.
11 2548 ch10 5/16/05 12:33 PM Page 304
304
Therefore, if a user does forget his or her password, a new one has to be created and issued.
Access to applications and data across the network is controlled by permissions. Permissions are responsible for protecting the data on the network and ensuring that only those who should have access to it do.
The first rule of permissions troubleshooting is to remember that permissions do not change themselves. If a user cannot access a file, the first question to the user should always be, “Could you ever access the file?” If the user says, “Yes, but now I can’t access the file,” you should check server change logs or documentation to see if any changes have been made in the permissions structure.
If no changes have been made, you should verify that the user is in fact allowed access to that file or directory. In large environments, trying to keep track of who should have access to what can be a tricky business—one that is best left to defined policies and documentation.
The following are some other items you should consider when troubleshooting permissions problems:
➤
On some operating systems, rights and permissions can be inherited from parent directories or other directories that are higher in the directory structure. A change in the permissions assignments at one level might have an effect on a lower level in the directory tree.
➤
File permissions can be gained from objects other than the user’s account. Depending on the operating system being used, rights can also be gained from group membership, other network objects, or security equivalence. When you are troubleshooting a permissions problem, be sure that you understand where rights are supposed to originate.
➤
File attributes can override file permissions, and they can prevent actions from being performed on certain files. To the uninitiated, this might seem like a file permissions problem, but in fact it is correct operation.
As with many other IT troubleshooting scenarios, you can solve most permissions problems effectively if you fully understand what you are troubleshooting and the factors that affect the situation. Also in common with other troubleshooting scenarios, you need to approach the problem methodically.
11 2548 ch10 5/16/05 12:33 PM Page 305
Although many of the problems associated with client connectivity can be traced to software-based problems such as configuration, authentication, and permissions issues, physical connectivity is often the root of the problem.
When you are troubleshooting physical connectivity errors, the first place to look is at the network cables. Although it is rare, cables can become loose or disconnected from NICs or from the ports on a hub or switch. Oftentimes, this is the result of other cables being plugged in or unplugged, or of other activity on the connections around the one that is having the problem. Other cable considerations include exceeded maximum lengths, cable breaks, and improperly terminated or made cables, although these are only a consideration in exceptional cases.
Physical connectivity errors also involve the devices used to establish the physical client/server connectivity. This can include hubs, switches, MSAUs,
NICs, routers, and connectivity hardware. Although it is possible to have a problem with a single port on one of the aforementioned devices, it is more likely that the entire unit will malfunction. Thankfully, networking devices are very resilient devices that provide many years of service with few or no problems.
In a real-world networking environment, you will be expected to be able to troubleshoot client connectivity in many different areas. As a result, you can expect to be tested on them on the CompTIA exam. The following sections provide some troubleshooting checklists that can help you review some of the various troubleshooting areas in preparation for the exam.
Cable accounts for a great many of the problems on a network. There are many places to look when you suspect a cable-related problem. If you suspect that cable is at the bottom of your network troubles, consider the following areas:
➤
—You need to verify that cables are securely attached and that they are attached to the correct ports.
➤
—Sometimes a chair running over a cable or a cable that has a poor crimp can cause problems.
305
11 2548 ch10 5/16/05 12:33 PM Page 306
306
➤
Incorrect cable length
—Recall from Chapter 2, “Cabling and
Connectors,” that cables cannot exceed a specified maximum length.
➤
Cable placement
—Care must be taken when cables are run too closely to strong electrical devices. If cables are run too closely to electrical devices, you need to ensure that they are designed for the task.
If you are struggling with operating system connectivity issues, consider the following:
➤
Username/password
—Make sure that users are logging on to the network with the correct username/password combination.
➤
Configuration
—It might be necessary to confirm that the network settings on the client computer have not changed.
➤
Account activity
—You need to verify that the user has an active account on the network and that it has the correct permissions set. Log on with a known working account from the client’s system, which will allow you to isolate the problem to the computer or the user account.
➤
Physical connections
—You should check to see if a cable has come unplugged from the client’s system.
➤
NIC
—To confirm that a card is working, you might need to swap out the card with one that is known to be working.
Printing is one of the services that network users expect to be working, and it is the administrator’s job to make sure that it is available. When trying to get printing back up and running on the network, confirm the following:
➤
Printer online status
—You should confirm that the printer is online and ready to go. If there is a problem with the printer itself, the printer might display error messages on an LCD panel or use LEDs to indicate a problem.
➤
Printer functioning
—Nearly all printers have a test print feature. You can use it to make sure that the printer itself is functioning correctly.
11 2548 ch10 5/16/05 12:33 PM Page 307
➤
—Verify that the printer is visible to the network.
If the printer is connected directly to the network using TCP/IP, for instance, you can ping the printer to test for connectivity.
➤
—Ensure that the computers that are trying to access the printer are configured correctly to use that printer.
➤
—On many operating systems, it is possible to set permissions to allow or deny users access to a printer. You need to verify that the correct permissions have been set.
➤
—Network operating systems log printer activity.
Monitoring printer logs can often provide clues as to the source of a problem.
➤
—If you are having problems isolating a printing issue, consider reinstalling or replacing the printer driver.
The inability to access data is not always a result of connectivity errors. If a user is unable to access data, there are a few key areas to verify:
➤
—Sometimes people use a shortcut or try to access data without being properly logged on to the network. You should verify that users are correctly logged on to the network and that any necessary network drives are connected.
➤
—When you are troubleshooting data access, ensure that the permissions are set correctly.
➤
—You need to verify that the system that maintains the data is available. You need to confirm that the server is available. What can seem like a problem accessing a file can mask a potentially larger problem such as a disk or server failure.
➤
—Sometimes data itself can be corrupt. This is the worst-case scenario, and the robust nature of today’s file systems ensures that it occurs rarely. This is when you need backups.
➤
—In some cases, viruses might be your problem. You can use a virus-checking program to determine if indeed this is the problem.
307
11 2548 ch10 5/16/05 12:33 PM Page 308
308
When NICs are configured correctly and verified to be working, very little goes wrong with them. When you are troubleshooting a NIC, you should consider the following:
➤
Resource settings
—NICs require specific computer resources in order to operate. After you install a card or add new devices, you should check for device conflicts.
➤
Speed settings
—If you are not getting the expected speed from the
NIC, you should confirm the speed settings and, if applicable, the duplex settings.
➤
Protocols
—In order for the NIC to work on the network, it must have a valid protocol assigned to it, and all addressing information needs to be in place.
➤
Faulty card
—Some NICs are faulty when they ship from the manufacturer, and some are damaged through poor handling. To test for this, you can swap the card with one that is known to be working.
The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.
For the exam, don’t forget these important concepts:
➤ ping is a command-line utility designed to test connectivity between systems on a TCP/IP-based network.
➤ ping the IP address of your local loopback, using the command ping
127.0.0.1
. If this command is successful, you know that the TCP/IP protocol suite is installed correctly on your system and functioning.
➤
If you cannot ping other devices on your local network and you were able to ping your local NIC, you might not be connected to the network correctly, or there might be a cable problem on the computer.
➤
Trace route is a TCP/IP utility that is used to track the path a packet takes to reach a remote host and isolate where network problems may be. Trace route functionality can be used on Windows platforms with
11 2548 ch10 5/16/05 12:33 PM Page 309 the tracert command, and on Linux, UNIX, and Macintosh platforms with the traceroute command.
➤
Trace route reports the amount of time it takes to reach each host in the path. It is a useful tool for isolating bottlenecks in a network.
➤ arp is the part of the TCP/IP suite whose function is to resolve IP addresses to MAC addresses.
➤ arp operates at the Network layer of the Open Systems Interconnect
(OSI) model.
➤ netstat is used to view both inbound and outbound TCP/IP network connections.
➤
The netstat -r command can be used to display the routing table of the system.
➤ nbtstat is used to display protocol and statistical information for
NetBIOS over TCP/IP connections.
➤
The ipconfig command shows the IP configuration information for all
NICs installed within a system.
➤
The ipconfig/all command is used to display detailed TCP/IP configuration information.
➤
The ipconfig /renew command is used to renew DHCP assigned IP address configurations.
➤
When looking for client connectivity problems using ipconfig
, ensure that the gateway is correctly set.
➤
The ifconfig command is the Linux, Mac and UNIX equivalent of the ipconfig command.
➤ winipcfg is the Windows 95, Windows 98, and Windows Me equivalent of the ipconfig command.
➤
The nslookup command is a TCP/IP diagnostic tool that is used to troubleshoot DNS problems. On Linux, UNIX, and Macintosh systems, you can also use the dig command for the same purpose.
➤
Visual indicators such as link lights are often the first sign that something is not functioning correctly.
➤
By interpreting the LEDs on network devices, you can isolate and identify a range of connectivity issues.
➤
Troubleshooting remote connectivity involves a range of authentication, protocol configuration, and physical connectivity considerations.
309
11 2548 ch10 5/16/05 12:33 PM Page 310
310
➤
Most client connectivity issues can be solved by a methodical approach to troubleshooting and using commonly available tools and indicators.
➤
Client systems on a network can experience many problems including authentication issues, permission problems, and physical connectivity.
➤ tracert
➤ ping
➤ arp
➤ netstat
➤ nbtstat
➤ ipconfig
➤ ifconfig
➤ winipcfg
➤ nslookup
➤ dig
➤
POTS
➤
DSL
➤
Cable
➤
Wireless
➤
Troubleshooting
➤
Protocols
➤
Authentication
➤
Permissions
11 2548 ch10 5/16/05 12:33 PM Page 311
1. Which of these commands would produce the following output?
0 Ethernet adapter :
IP Address. . . . . . . . . : 169.254.196.192
Subnet Mask . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . :
1 Ethernet adapter :
IP Address. . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . :
❑
❑
❑
❑
A.
B.
C.
D.
ping tracert ipconfig /all ipconfig
2. You are working as a network administrator for a small organization.
You receive a call from one of the company’s remote users complaining that he is unable to log on to the network. You decide that you would like him to try and renew the IP configuration information. Which of the following commands would you ask him to use?
❑
❑
❑
❑
A.
B.
C.
D.
nbtstat -renew nbtstat /renew ipconfig -renew ipconfig /renew
3. Which of the following ping ping
?
switches is used to perform a continuous
❑
❑
❑
❑
A.
B.
C.
D.
-c
-t
-o
-w
4. Which of the following commands can be used to show the systems routing table on a Windows Server 2003 system?
❑
❑
❑
❑
A.
B.
C.
D.
ping -R nbtstat -r netstat -r tracert -R
311
11 2548 ch10 5/16/05 12:33 PM Page 312
312
5. You are working to provide telephone support for a local ISP. One of the residential users calls you complaining that he is no longer able to access the Internet. Upon further questioning, you determine that he recently moved the computer within his house. Which of the following connectivity problems might you suspect first?
❑
❑
❑
❑
A. Protocol configuration
B. DNS settings
C. Gateway settings
D. Physical cabling
6. When troubleshooting a network connectivity problem, you are able to ping your local loopback, the IP address of your system, and the IP address of another system on your network. However, you cannot ping the default gateway. Which of the following is
not
a valid reason for this problem?
❑
❑
❑
❑
A. The default gateway is not operational.
B. The IP address of the default gateway is not configured correctly.
C. Routing is disabled on your workstation.
D. There is no default gateway present.
7. Which of the following commands can be used to purge and reload the remote cache name table on a Windows 2000 Server system?
❑
❑
❑
❑
A.
B.
C.
D.
nbtstat -R nbtstat -n nbtstat -r nbtstat -S
8. Which utility would produce the following output?
6 55 ms 27 ms 42 ms so-1-0-0.XL1.VAN1.NET [152.63.137.130]
7 55 ms 41 ms 28 ms 0.so-7-0-0.TL1.VAN1.NET [152.63.138.74]
8 55 ms 55 ms 55 ms 0.so-2-0-0.TL1.SAC1.NET [152.63.8.1]
9 83 ms 55 ms 55 ms 0.so-7-0-0.XL1.SAC1.NET [152.63.53.249]
10 82 ms 41 ms 55 ms POS6-0.BR5.SAC1.NET [152.63.52.225]
11 55 ms 68 ms 55 ms uu-gw.ip.att.net [192.205.32.125]
12 55 ms 68 ms 69 ms tbr2-p013802.ip.att.net [12.122.11.229]
13 96 ms 69 ms 82 ms tbr1-p012801.ip.att.net [12.122.11.225]
14 82 ms 82 ms 69 ms tbr2-p012402.ip.att.net [12.122.11.221]
❑
❑
❑
❑
A.
B.
C.
D.
nbtstat -R netstat -R arp -s tracert
11 2548 ch10 5/16/05 12:33 PM Page 313
9. You are trying to access a workstation located on another LAN. The
LANs are connected via a router. You are able to access other computers on your own LAN. Which of the following would best help you isolate where the failure is located?
❑
❑
❑
❑
A.
B.
C.
D.
ping the far side of the router ping the near side of the router tracert to the workstation on the other side of the router tracert to a workstation on your local LAN
10. Which of the following utilities might you use on a Linux system to troubleshoot a name resolution problem? (Choose two.)
❑
❑
❑
❑
A.
B.
C.
D.
dig arp traceroute ipconfig
1.
The correct answer is D. Without using any switches, the ipconfig command shows the IP address, subnet mask, and default gateway for available adapters. Answer A is incorrect; ping is used to test the connectivity between devices and does not produce this output. Answer B is incorrect; tracert displays routing information. Answer C is incorrect; the ipconfig /all command shows much more of the IP configuration information than the output listed in the question.
2.
The correct answer is D. In addition to viewing IP configuration information, ipconfig allows you to release and renew the IP configuration.
The correct syntax for renewing IP configuration is ipconfig /renew
.
Answers A and B are incorrect. The nbtstat command cannot be used to renew the IP configuration from a DHCP server.
3.
The correct answer is B. The ping will send out continuous ping command used with the
-t switch requests. This is used when troubleshooting and the default four pings are not enough. Answer A and
C are incorrect. These switches are not valid for pinging on a
Windows system. Answer D is incorrect. The
-w switch allows you to specify, in milliseconds, the amount of time the system should wait for a reply from the remote host.
313
11 2548 ch10 5/16/05 12:33 PM Page 314
314
4.
The correct answer is C. The netstat -r command is commonly used by network administrators to show the system’s routing table. The route print command can also be used to see the current routing table.
Answer A is incorrect; the ping command is used to test network connectivity, not view TCP/IP configuration information. Answer B is incorrect; the nbtstat command displays NetBIOS over TCP/IP-related information. Answer D is incorrect because the tracert command is used to track the path between two devices on the network.
5.
The correct answer is D. It is not unusual to get support calls after users have attempted to move their systems. When hearing that a system has recently been moved, one of the first places to explore is the physical cabling, verifying that all cables have been securely and correctly attached. Although it might be necessary to confirm settings, such as protocol information, you will likely start with the cabling moving to settings only after verifying correct cabling.
6.
The correct answer is C. The routing functionality of the workstation is irrelevant in this scenario. All the other answers are valid reasons for the problem.
7.
The correct answer is A. The nbtstat -R command purges and reloads the remote cache name table. The
-n switch displays the local name table,
-r provides resolution information, and
-S shows the NetBIOS session table.
8.
The correct answer is D. The output is from the Windows 2000 tracert command. All the other utilities listed provide different output.
9.
The correct answer is C. The tracert command is used to trace how far a data packet travels before it cannot go further. By running a tracert to a workstation on the other side, you will be able to tell from the output where the transmission failed. Pinging is not as useful in determining where the failure occurred as its output only identifies whether the packet delivery was successful but does not indicate where the failure occurred. Using the tracert command on a workstation on the local LAN would not help isolate the problem on the far side of the router.
10.
The correct answers are A and C. The dig command can be used on a
Linux server to perform manual DNS lookups. The traceroute command can be used to test connectivity between the client and the DNS server. The arp command is used to view the IP address to MAC address resolutions performed by a system. It would not likely be used to troubleshoot a name resolution issue. ipconfig is a command associated with Windows operating systems.
11 2548 ch10 5/16/05 12:33 PM Page 315
Bird, Drew and Harwood, Mike.
Network+ Exam Prep 2
. Que
Publishing, 2005.
Sloan, Joseph D.
Network Troubleshooting Tools
. O’Reilly System
Administration. O’Reilly & Associates, 2001.
Sugano, Alan.
The Real-world Network Troubleshooting Manual: Tools,
Techniques, and Scenarios
. Administrator’s Advantage Series. Charles
River Media, 2004.
Hunt, Craig.
TCP/IP Network Administration
,
Third Edition
.
O’Reilly & Associates, 2002.
315
11 2548 ch10 5/16/05 12:33 PM Page 316
12 2548 ch11 5/16/05 12:34 PM Page 317
11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Objectives
4.6 Given a scenario, determine the impact of modifying, adding, or removing network services, for example, DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name
Service), and WINS (Windows Internet Name Server) for network resources and users
4.7 Given a troubleshooting scenario involving a network with a particular physical topology (for example, bus, star, mesh, or ring) and including a network diagram, identify the network area affected and the cause of the stated failure
4.8 Given a network troubleshooting scenario involving an infrastructure (for example, wired or wireless) problem, identify the cause of a stated problem (for example, bad media, interference, network hardware, or environment)
✓
✓
✓
✓
✓
✓
✓
✓
4.9 Given a network problem scenario, select an appropriate course of action based on a logical troubleshooting strategy. This strategy can include the following steps:
1. Identify the symptoms and potential causes.
2. Identify the affected area.
3. Establish what has changed.
4. Select the most probable cause.
5. Implement an action plan and solution including potential effects.
6. Test the result.
7. Identify the results and effects of the solution.
8. Document the solution and process.
What you need to know
✓
✓
✓
✓
✓
Use troubleshooting steps to isolate and correct a problem
Identify and troubleshoot topology-specific errors
Use troubleshooting techniques to identify and isolate client connectivity errors
Use troubleshooting techniques to identify and isolate network wiring/infrastructure problems
Identify the impact on the network of adding or removing network services
12 2548 ch11 5/16/05 12:34 PM Page 318
318
Many duties and responsibilities fall under the umbrella of network administration. Of all these, one of the most practiced is that of troubleshooting.
No matter how well a network is designed and how many preventative maintenance schedules are in place, troubleshooting will always be necessary.
Because of this, network administrators have to develop those troubleshooting skills.
This chapter focuses on all areas of troubleshooting, including troubleshooting best practices and some of the tools and utilities you’ll use to assist in the troubleshooting process. To start, we’ll look at the impact of modifying network services.
All network services require a certain amount of network resources in order to function. The amount of resources required depends on the exact service being used. Before implementing or removing any service on a network, it is very important to understand the impact that these services can have on the entire network. To provide some idea of the demands various services place on the network, this section outlines some of the most common network services and the impact their addition, modification, or removal might have on the network and clients.
DHCP automatically assigns TCP/IP addressing to computers when they join the network and automatically renews the addresses before they expire.
The advantage of using DHCP is the reduced number of addressing errors, which makes network maintenance much easier.
One of the biggest benefits of using DHCP is that the reconfiguration of IP addressing can be performed from a central location, with little or no effect on the clients. In fact, you can reconfigure an entire IP addressing system without the users noticing. As always, a cost is associated with everything good, and with DHCP, the cost is increased network traffic.
12 2548 ch11 5/16/05 12:34 PM Page 319
You know what the function of DHCP is and the service it provides to the network, but what impact does the DHCP service have on the network itself? Some network services can consume huge amounts of network bandwidth, but DHCP is not one of them. The traffic generated between the
DHCP server and the DHCP client is minimal during normal usage periods.
The bulk of the network traffic generated by DHCP occurs during two phases of the DHCP communication process: when the lease of the IP address is initially granted to the client system and when that lease is renewed. The entire DHCP communication process takes less than a second, but if there are a very large number of client systems, the communication process can slow down the network.
For most network environments, the traffic generated by the DHCP service is negligible. For environments in which DHCP traffic is a concern, you can reduce this traffic by increasing the lease duration for the client systems, thereby reducing communication between the DHCP client and the server.
If the DHCP service has to be removed, it can have a significant impact on network users. All client systems require a valid IP address to get onto the network. If DHCP is unavailable, each client system would need to be configured with a static IP address. Because DHCP IP addressing is automatic and does not assign duplicate IP addresses, as sometimes happens with manual entries, DHCP is the preferred method of network IP assignment.
If DHCP is added to a network, all client systems will need to be configured to use DHCP. In a Windows environment, this is as easy as selecting a radio button to use DHCP. If client systems are not configured to use the DHCP server, they will not be able to access the network.
WINS is used on Microsoft networks to facilitate communications between computers by resolving NetBIOS names to IP addresses. Each time a computer starts, it registers itself with a WINS server by contacting that server over the network. If that system then needs to contact another device on the network, it can contact the WINS server to get the NetBIOS name resolved to an IP address. If you are thinking about not using WINS, you should know that the alternative is for computers to identify themselves and resolve
NetBIOS names to IP addresses via broadcasts. Broadcasts are inefficient because all data is transmitted to every device on the network segment.
Broadcasts can be a significant problem for large network segments. Also, if a network has more than one segment, you cannot browse to remote segments because broadcasts are not typically forwarded by routers, which will eliminate this method of resolution.
319
12 2548 ch11 5/16/05 12:34 PM Page 320
320
Because WINS actually replaces the broadcast communication on a network, it has a positive impact on network resources and bandwidth usage. This does not mean that WINS does not generate any network traffic—just that the traffic is more organized and efficient. The amount of network traffic generated by WINS clients to a WINS server is minimal and should not have a negative impact in most network environments.
WINS server information can be entered manually into the TCP/IP configuration on a system, or it can be supplied via DHCP. If the WINS server addresses change and the client configuration is being performed manually, each system needs to be reconfigured with the new WINS server addresses.
If you are using DHCP, you need to update only the DHCP scope with the new information.
Removing WINS from a network increases the amount of broadcast traffic and can potentially limit browsing to a single segment unless another method of resolution (such as the use of the statically maintained
LMHOSTS file) is in place.
The function of DNS is to resolve hostnames to IP addresses. Without such a service, network users would have to identify a remote system by its IP address rather than by its easy-to-remember hostname.
Name resolution can be provided dynamically by a DNS server, or it can be accomplished statically, using the
HOSTS file on the client system. If you are using a DNS server, the IP address of the DNS server is required. DNS server addresses can be entered manually, or they can be supplied through a
DHCP server.
Each of the physical network topologies requires its own troubleshooting strategies and methods. When troubleshooting a network, it is important to know which topology is used as it can greatly impact the procedures used to resolve any problems. This section lists each of the respective physical network topologies and some common troubleshooting strategies.
12 2548 ch11 5/16/05 12:34 PM Page 321
In one form or another, you can expect to be asked questions regarding troubleshooting the different topologies.
321
The most common topology used today is the
star topology
. The star topology uses a central connection point such as a hub in which all devices on the network connect. Each device on the network uses its own length of cable, thus allowing devices to be added or removed from the network without disruption to current network users. When troubleshooting a physical star network, consider the following:
➤
The central device, hubs or switches, provides a single point of failure.
When troubleshooting a loss of connectivity for several users, it might be a faulty hub. Try placing the cables in a known working hub to confirm.
➤
Hubs and switches provide
light-emitting diodes (LEDs)
that provide information regarding the port status. For instance, by using the LEDs, you can determine whether there is a jabbering network card, whether there is a proper connection to the network device, and whether there are too many collisions on the network.
➤
Each device, printer, or computer connects to a central device using its own length of cable. When troubleshooting a connectivity error in a star network, it might be necessary to verify that the cable works. This can be done by swapping the cable with a known working one or using a cable tester.
➤
Ensure that the patch cables and cables have the correct specifications.
Figure 11.1 shows how a single cable break would affect other client systems on the network.
Although not as commonly used as it once was, you might find yourself troubleshooting a
ring network
. Most ring networks are
logical rings,
meaning that each computer is logically connected to each other. A
physical ring topology
is a rare find but a
Fiber Distributed Data Interface (FDDI)
is often configured in a physical ring topology. A logical ring topology uses a central connecting device as with a star network called a m
ultistation access unit (MSAU)
. When
12 2548 ch11 5/16/05 12:34 PM Page 322
322
troubleshooting either a logical or physical ring topology, consider the following:
➤
A physical ring topology uses a single length of cable interconnecting all computers and forming a loop. If there is a break in the cable, all systems on the network will be unable to access the network.
➤
The MSAU on a logical ring topology represents a single point of failure. If all devices are unable to access the network, it might be that the
MSAU is faulty.
➤
Verify that the cabling and connectors have the correct specifications.
➤
All Network Interface Cards (NICs) on the ring network must operate at the same speed.
➤
When connecting MSAUs in a ring network, ensure that the ring in and ring out configuration is properly set.
Offline
Computer
Computer Computer
Hub
Computer Computer
Computer
Figure 11.1
Identifying cable breaks in a star network.
Figure 11.2 shows how a single cable break would affect other client systems on a physical ring network.
12 2548 ch11 5/16/05 12:34 PM Page 323
Offline
Computer
Offline
Computer
Cable Break
Offline
Computer
Offline
Computer
Offline
Computer
Figure 11.2
Identifying cable breaks in a physical ring network.
Although the bus topology is rarely implemented anymore, enough of them are out there for it to be included in the CompTIA Network+ exam objectives. So if you do not encounter a bus network in the real world, you will most certainly be faced with one on the exam.
Troubleshooting a bus network can be a difficult and frustrating task. The following list contains a few hotspots to be aware of when troubleshooting a bus network:
➤
A bus topology must be continuous. A break in the cable at any point will render the entire segment unusable. If the location of the break in the cable is not apparent, you can check each length of cable systematically from one end to the other to identify the location of the break, or you can use a tool such as a time domain reflectometer, which can be used to locate a break in a cable.
➤
The cable used on a bus network has two distinct physical endpoints.
Each of these cable ends requires a
terminator
. Terminators are used to absorb electronic signals so that they are not reflected back on the
323
12 2548 ch11 5/16/05 12:34 PM Page 324
324
media, compromising data integrity. A failed or missing terminator will render the entire network segment unusable.
➤
The addition, removal, or failure of a device on the network might prevent the entire network from functioning. Also, the coaxial cable used in a bus network can be damaged very easily. Moving cables in order to add or remove devices can cause cable problems. The T connectors used on bus networks do allow devices to be added and removed without necessarily affecting the network, but care must be taken when doing this.
➤
One end of the bus network should be grounded. Intermittent problems or a high occurrence of errors can indicate poor or insufficient grounding.
Figure 11.3 shows how a single cable break would affect other client systems on a bus network.
Cable Break
Figure 11.3
Identifying cable breaks in a bus network.
A
mesh topology
offers high redundancy by providing several paths for data to reach its destination. In a true mesh network, each device on the network is connected to every other device, and if one cable fails, there is another to provide an alternative data path. Although a mesh topology is resilient to failure, the number of connections involved can make a mesh network somewhat tricky to troubleshoot.
When troubleshooting a mesh network, consider the following points:
➤
A mesh topology interconnects all devices on the network, offering the highest level of redundancy of all the topologies. In a pure mesh environment, all devices are directly connected to all other devices. In a hybrid mesh environment, some devices are connected only to certain others in the topology.
12 2548 ch11 5/16/05 12:34 PM Page 325
➤
Although a mesh topology can accommodate failed links, mechanisms should still be in place so that failed links are detected and reported.
➤
Design and implementation of a true mesh network can be complex and often requires specialized hardware devices.
Mesh networks are so rare that it’s unlikely you will be faced with troubleshooting one, but there will likely be questions on the Network+ Exam that focus on mesh networks.
Most mesh networks are used to connect multiple networks, such as in a WAN scenario, rather than to connect computers in a LAN.
325
No doubt, you will find yourself troubleshooting wiring and infrastructure problems less frequently than you’ll troubleshoot client connectivity problems—and thankfully so. Wiring- and infrastructure-related problems can be very difficult to trace, and sometimes a very costly solution is needed to remedy the situation. When troubleshooting these problems, a methodical approach is likely to pay off.
A network infrastructure refers to the physical components that are used to create the network. This includes the media used, switches, routers, bridges, patch panels, hubs and so on.
When troubleshooting the infrastructure it is important to know where these devices are on the network and what they are designed to do. In this section we explore two essential infrastructure components, media and hardware components.
The physical connections used to create the networks are sometimes at the root of a network connectivity error. Troubleshooting wiring involves knowing what wiring your network uses and where it is being used. When troubleshooting network media consider:
Media range (attenuation)
—All cables used in networking have certain limitations, in terms of distance. It might be that the network problems are a result of trying to use a cable in an environment or a way for which it was not designed. For example, you might find that a network is connecting two
12 2548 ch11 5/16/05 12:34 PM Page 326
326
workstations that are 130 meters apart with Category 5 UTP cabling.
Category 5 UTP is specified for distances up to 100 meters, so exceeding the maximum cable length can be a potential cause of the problem. The first step in determining the allowable cable distance is to identify the type of cable used. Determining the cable type is often as easy as reading the cable. The cable should be stamped with its type—whether it is, for example, UTP
Category 5, RG-58, or something else. Refer to Chapter 2 for more information on network media characteristics.
EMI and crosstalk interference
—Copper-based media is subject to the effects of EMI and crosstalk interference. UTP cables are particularly susceptible to EMI caused by devices such as power lines, electric motors, fluorescent lighting and so on. Consider using plenum rated cable in environments where cables are run through areas where EMI may occur. This includes heating ducts, elevator shafts and through ceilings around lighting fixtures. Crosstalk occurs when cables are run in close proximity and the signals from one interfere with the signals on the other. This can be hard to troubleshoot and isolate, so when designing a network ensure that crosstalk preventative measures are taken.
Throughout limitations
—A problem with a particular media may be simply that it cannot accommodate the throughout required by the network.
This would create network-wide bottlenecks. It may be necessary to update the network media to correct the problem, for instance, upgrading the network backbone to fiber optic media.
Media connectors
—Troubleshooting media requires verifying that the connectors are correctly attached. In the case of UTP or coaxial, sometimes it may be necessary to swap out a cable with a known working one to test.
For fiber, different types of connectors are used in fiber optic cabling. Before implementing a fiber solution, ensure that the switches and routers used match with the connectors used with the fiber optic cable.
For more information on cabling characteristics and connectors, refer to
Chapter 2 “Cabling and Connectors.”
Before running a particular type of media, place identification tags at both ends of each cable, which will be helpful while troubleshooting a failed cable.
12 2548 ch11 5/16/05 12:34 PM Page 327
If you are looking for a challenge, troubleshooting hardware infrastructure problems is for you. It is often not an easy task and usually involves many processes, including baselining and performance monitoring. One of the keys to identifying the failure of a hardware network device is to know what devices are used on a particular network and what each device is designed to do. Some of the common hardware components used in a network infrastructure are shown in Table 11.1.
Table 11.1
Common network hardware components, their function and troubleshooting strategies.
Networking
Device Signs
Hubs
Switches
Function
Hubs are used with a star network topology and UTP cable to connect multiple systems to a centralized physical device.
Like hubs, switches are used with a star topology to create a central connectivity device.
Troubleshooting and Failure
Because hubs connect multiple network devices, if many devices are unable to access the network, the hub may have failed. When a hub fails,all devices connected to it will be unavailable to access the network.
Additionally, hubs use broadcasts and forward data to all the connected ports increasing network traffic.
When network traffic is high and the network is operating slowly, it may be necessary to replace slow hubs.
The inability of several network devices to access the network may indicate a failed switch. If the switch fails, all devices connected to the switch will be unable to access the network.
Switches forward data only to the intended recipient allowing them to better manage data than hubs.
(continued)
327
12 2548 ch11 5/16/05 12:34 PM Page 328
328
Table 11.1
Common network hardware components, their function and troubleshooting strategies.
(continued)
Networking
Device Signs
Routers
Bridges
Wireless Access
Points
Function
Routers are used to separate broadcast domains and to connect different networks.
Bridges are commonly used to connect network segments within the same network.
Bridges manage the flow of traffect between these network segments.
Wireless access points provide the bridge between the wired and wireless network.
Troubleshooting and Failure
If a router fails, network clients will be unable to access remote networks connected by the router. For example, if clients access a remote office through a network router and the router fails, the remote office would be unavailable.
Testing router connectivity can be done using utilities such as ping and tracert.
A failed bridge would prevent the flow of traffic between network segments.
If communication between network segments has failed, it may be due to a failed bridge.
If wireless clients are unable to access the wired network, the WAP may have failed.
However, there are many configuration settings to verify first.
For more information on network hardware devices and their function, refer to Chapter 3 “Network Devices.”
Wireless networks do not require physical cable to connect computers; rather, they use wireless media. The benefits of such a configuration are clear—users have remote access to files and resources without the need for physical connections. Wireless networking eliminates cable faults and cable breaks. It does, however, introduce its own considerations such as signal interference and security.
12 2548 ch11 5/16/05 12:34 PM Page 329
Because wireless signals travel through the atmosphere, they are subjected to environmental factors that can weaken data signals. Everything from electrical devices, storms, RF interference, and obstacles such as trees can weaken wireless data signals. Just how weakened the signal becomes depends on many factors; however, all of these elements serve to decrease the power of the wireless signal.
Wireless signals degrade depending on the construction material used. Signals passing through concrete and steel are particularly weakened.
329
If you are troubleshooting a wireless connection that has a particularly weak signal, there are a few infrastructure changes that can be done to help increase the power of a signal.
➤
Antenna
—Perhaps the first and most obvious thing to check is to ensure that the antenna on the wireless access point is positioned for best reception; this will often take a little trial and error to get the placement right. Today’s wireless access cards commonly ship with diagnostic software that displays signal strength.
➤
Device Placement
—One of the factors that can degrade wireless signals is RF interference. Because of this, it is important to try and keep wireless devices away from appliances that output RF noise. This includes devices such as microwaves, certain cordless devices using the same frequency, and electrical devices.
➤
Network Location
—Although there might be limited choice, as much as possible, it is important to try to reduce the number of obstructions that the signal must pass through. Every obstacle strips a little more power from the signal. The type of material a signal must pass through also can have a significant impact on the signal integrity.
➤
Boost Signal
—If all else fails, it is possible to purchase devices such as wireless repeaters that can amplify the wireless signal. The device takes the signal and amplifies it so that the signal has greater strength. This will also increase the distance that the client system can be placed from the WAP.
In order to successfully manage the wireless signals, you will need to know the wireless standard that you are using. The standards that are used today
12 2548 ch11 5/16/05 12:34 PM Page 330
330
specify range distances, RF ranges, and speeds. It might be that the wireless standard is not capable of doing what you need. Table 11.2 highlights the characteristics of common wireless standards.
Table 11.2
Standard
802.11a
Comparing Wireless Standards
Speed Range
Up to 54Mbps 25–75 feet
802.11b
802.11g
Bluetooth
Up to 11Mbps
Up to 54Mbps
720Kbps
Up to
150 feet
Up to
150 feet
33 feet
Frequency
5GHz
2.4GHz
2.4GHz
2.4GHz
Concerns
Not compatible with 802.11g
or 802.11b
Might conflict with other devices using the 2.4GHz range
Might conflict with other devices using the 2.4GHz range
Might conflict with other devices using the 2.4GHz range
As you can see in Table 11.2, the speeds are listed with the “Up to” disclaimer. This is because each standard will decrease the data rate if there is interference. 802.11b wireless link offers speeds up to 11Mbps, but it will automatically back down from 11Mbps to 5.5, 2, and 1Mbps when the radio signal is weak or when interference is detected. 802.11g auto sensing rates are 1, 2, 5.5, 6, 9, 12, 18, 24, 36, 48, and 54 Mbps. Finally, 802.11a provides rates up to 54Mbps, but will automatically back down to rates 48, 36, 24, 18,
12, 9, and 6Mbps.
Be prepared to answer questions on the specific characteristics of wireless standards on the Network+ exam.
RF channels are important parts of wireless communications. A channel is the frequency band used for the wireless communication. Each standard specifies the channels that can be used. The 802.11a standards specifies radio frequencies ranging between 5.15 and 5.875GHz. In contrast, 802.11b and
802.11g standards operate between the 2.4 to 2.497GHz range. As far as channels are concerned, 802.11a has a wider frequency band, allowing more channels and therefore more data throughput. As a result of the wider band,
12 2548 ch11 5/16/05 12:34 PM Page 331
802.11a supports up to eight nonoverlapping channels. 802.11b/g standards use the smaller band and support only up to three nonoverlapping channels.
It is recommended that the nonoverlapping channels be used for communication. In the United States, 802.11b/g uses 11 channels for data communication as mentioned—three of these, channels 1, 6, and 11, are nonoverlapping channels. Most manufacturers set their default channel to one of the nonoverlapping channels to avoid transmission conflicts. With wireless devices, you have the option of selecting which channel your WLAN operates on in order to avoid interference from other wireless devices that operate in the 2.4GHz frequency range.
When troubleshooting a wireless network, be aware that overlapping channels can disrupt the wireless communications. For example, in many environments, APs are inadvertently placed closely together. Perhaps two access points in separate offices are located next door to each other or between floors. Signal disruption will result if there is channel overlap between the access points. The solution here is to try and move the access point to avoid the problem with the overlap or change channels to one of the other nonoverlapping channels. For example, switch from channel 6 to channel 11.
As far as troubleshooting is concerned, you would typically only change the channel of a wireless device if there is a channel overlap with another device.
If a channel must be changed, it must be changed to another nonoverlapping channel.
The Service Set Identifier (SSID) is a configurable client identification that allows clients to communicate to a particular base station. In application, only clients that are configured with the same SSID can communicate with base stations having the same SSID. SSID provides a simple password arrangement between base stations and clients.
As far as troubleshooting is concerned, if a client is not able to access a base station, ensure that both are using the same SSID. Incompatible SSIDs are sometimes found when clients move computers, such as laptops, between different wireless networks. They obtain an SSID from one network and then if the system is not rebooted, the old SSID won’t allow communication to a different base station.
The Wired Equivalent Privacy (WEP) is a security protocol for wireless networks that encrypts transmitted data . WEP is easy to configure with only three possible security options—Off (no security), 64-bit (basic security), and
331
12 2548 ch11 5/16/05 12:34 PM Page 332
332
128-bit (stronger security). WEP is not difficult to crack, and using it reduces performance slightly.
If your network operates with WEP turned off, your system is very open for someone to access your data. Depending on the sensitivity of your data, you can choose between the 64-bit and 128-bit encryption. Although the 128-bit
WEP encryption provides greater security, it does so at a performance cost.
64-bit offers less impact on system performance and less security.
As far as troubleshooting is concerned, in order for wireless communication to take place, wireless devices must all use the same WEP setting. Most devices are set to Off by default; if changed, all clients must use the same settings.
Like any other network media, APs have a limited transmission distance.
This limitation is an important consideration when deciding where an AP should be placed on the network. When troubleshooting a wireless network, pay close attention to the distance that client systems are away from the AP.
When faced with a problem in which client systems cannot consistently access the AP, you could try moving the AP to better cover the area, but then you might disrupt access for users in other areas. So what can be done to troubleshoot AP coverage?
Depending on the network environment, the quick solution might be to throw money at the solution and purchase another access point, cabling, and other hardware, and expand the transmission area through increased hardware. However, there are a few things to try before installing another wireless access point. The following list starts with the least expensive solution to the most expensive.
➤
Increase transmission power
—Some access points have a setting to adjust the transmission power output. By default, most of these settings will be set to the maximum output; however, it is worth verifying just in case. As a side note, the transmission power can be decreased if trying to reduce the dispersion of radio waves beyond the immediate network.
Increasing the power would provide clients stronger data signals and greater transmission distances.
➤
Relocate the AP
—When wireless client systems suffer from connectivity problems, the solution might be as simple as relocating the WAP to another location. It might be that it is relocated across the room, a few feet, or across the hall. Finding the right location will likely take a little trial and error.
12 2548 ch11 5/16/05 12:34 PM Page 333
➤
—If the access point distance is not sufficient for some network clients, it might be necessary to replace the default antenna used with both the AP and the client with higher end antennas. Upgrading an antenna can make a big difference in terms of transmission range. Unfortunately, not all WAPs have replaceable antennas.
➤
—RF amplifiers add significant distance to wireless signals. An RF amplifier increases the strength and readability of the data transmission. The amplifier provides improvement of both the received and transmitted signals, resulting in an increase in wireless network performance.
➤
—Before installing a new AP, you might want to first think about a wireless repeater. When set to the same channel as the AP, the repeater will take the transmission and repeat it. So, the WAP transmission gets to the repeater, and then the repeater duplicates the signal and passes it forward. It is an effective strategy to increase wireless transmission distances.
333
Regardless of the problem, effective network troubleshooting follows some specific troubleshooting steps. These steps provide a framework in which to perform the troubleshooting process and, when followed, can reduce the time it takes to isolate and fix a problem. The following sections discuss the common troubleshooting steps and procedures as identified by the
CompTIA Network+ objectives. CompTIA lists the troubleshooting steps as follows:
1.
Identify the symptoms and potential causes.
2.
Identify the affected area.
3.
Establish what has changed.
4.
Select the most probable cause.
5.
Implement an action plan and solution including potential effects.
6.
Test the result.
7.
Identify the results and effects of the solution.
8.
Document the solution and process.
12 2548 ch11 5/16/05 12:34 PM Page 334
334
The first step in the troubleshooting process is to establish exactly what the symptoms of the problem are. This stage of the troubleshooting process is all about information gathering. To get this information, we need a knowledge of the operating system used, good communication skills, and a little patience. It is very important to get as much information as possible about the problem. You can glean information from three key sources: the computer (in the form of logs and error messages), the computer user experiencing the problem, and your own observation.
Once you have identified the symptoms, you can begin to formulate some of the potential causes of those symptoms.
For the Network+ exam, you do not need to know where error messages are stored on the respective operating systems; you only need to know that the troubleshooting process requires you to read system-generated log errors.
Some computer problems are isolated to a single user in a single location; others affect several thousand users spanning multiple locations. Establishing the affected area is an important part of the troubleshooting process, and it will often dictate the strategies you use in resolving the problem.
On the Network+ exam, you might be provided with either a description of a scenario or a description augmented by a network diagram. In either case, you should read the description of the problem carefully, step by step. In most cases, the correct answer is fairly logical and the wrong answers can be identified easily.
Problems that affect many users are often connectivity issues that disable access for many users. Such problems can often be isolated to wiring closets, network devices, and server rooms. The troubleshooting process for problems that are isolated to a single user will often begin and end at that user’s workstation. The trail might indeed lead you to the wiring closet or server, but that is not likely where the troubleshooting process would begin.
Understanding who is affected by a problem can provide you with the first clues about where the problem exists.
12 2548 ch11 5/16/05 12:34 PM Page 335
Whether there is a problem with a workstation’s access to a database or an entire network, keep in mind that they were working at some point.
Although many claim that the “computer just stopped working,” it is unlikely. Far more likely is that there have been changes to the system or the network that caused the problem. Look for newly installed applications, applied patches or updates, new hardware, a physical move of the computer, or a new username and password. Establishing any recent changes to a system will often lead you in the right direction to isolate and troubleshoot a problem.
In the Network+ exam, avoid discounting a possible answer because it seems too easy. Many of the troubleshooting questions are based on possible real-world scenarios; some of which do have very easy or obvious solutions.
335
There can be many different causes for a single problem on a network, but with appropriate information gathering, it is possible to eliminate many of them. When looking for a probable cause, it is often best to look at the easiest solution first and then work from there. Even in the most complex of network designs, the easiest solution is often the right one. For instance, if a single user cannot log on to a network, it is best to confirm network settings before replacing the NIC. Remember, though, that at this point, you are only trying to determine the most probable cause, and your first guess might, in fact, be incorrect. It might take a few tries to determine the correct cause of the problem.
After identifying a cause, but before implementing a solution, you should develop a plan for the solution. This is particularly a concern for server systems in which taking the server offline is a difficult and undesirable prospect.
After identifying the cause of a problem on the server, it is absolutely necessary to plan for the solution. The plan must include details around when the server or network should be taken offline and for how long, what support services are in place, and who will be involved in correcting the problem.
12 2548 ch11 5/16/05 12:34 PM Page 336
336
Planning is a very important part of the whole troubleshooting process and can involve formal or informal written procedures. Those who do not have experience troubleshooting servers might be wondering about all the formality, but this attention to detail ensures the least amount of network or server downtime and the maximum data availability.
With the plan in place, you should be ready to implement a solution—that is, apply the patch, replace the hardware, plug in a cable, or implement some other solution. In an ideal world, your first solution would fix the problem, although unfortunately this is not always the case. If your first solution does not fix the problem, you will need to retrace your steps and start again.
It is important that you attempt only one solution at a time. Trying several solutions at once can make it very unclear which one actually corrected the problem.
You are likely to have questions on the Network+ exam that require you to identify the order in which the troubleshooting steps should be performed.
After the corrective change has been made to the server, network, or workstation, it is necessary to test the results—never assume. This is when you find out if you were right and the remedy you applied actually worked. Don’t forget that first impressions can be deceiving, and a fix that
seems
to work on first inspection might not actually have corrected the problem.
The testing process is not always as easy as it sounds. If you are testing a connectivity problem, it is not difficult to ascertain whether your solution was successful. However, changes made to an application or to databases you are unfamiliar with are much more difficult to test. It might be necessary to have people who are familiar with the database or application run the tests with you in attendance.
Sometimes, you will apply a fix that corrects one problem but creates another problem. Many such circumstances are hard to predict—but not always.
For instance, you might add a new network application, but the application
12 2548 ch11 5/16/05 12:34 PM Page 337 requires more bandwidth than your current network infrastructure can support. The result would be that overall network performance would be compromised.
Everything done to a network can have a ripple effect and negatively affect another area of the network. Actions such as adding clients, replacing hubs, and adding applications can all have unforeseen results. It is very difficult to always know how the changes you make to a network are going to affect the network’s functioning. The safest thing to do is assume that the changes you make are going to affect the network in some way and realize that you just have to figure out how. This is when you might need to think outside the box and try to predict possible outcomes.
Although it is often neglected in the troubleshooting process, documentation is as important as any of the other troubleshooting procedures.
Documenting a solution involves keeping a record of all the steps taken during the fix—not necessarily just the solution.
For the documentation to be of use to other network administrators in the future, it must include several key pieces of information. When documenting a procedure, you should include the following information:
➤
—When was the solution implemented? It is important to know the date because if problems occur after your changes, knowing the date of your fix makes it easier to determine whether your changes caused the problems.
➤
—Although it is obvious when a problem is being fixed why it is being done, a few weeks later, it might become less clear why that solution was needed. Documenting why the fix was made is important because if the same problem appears on another system, you can use this information to reduce time finding the solution.
➤
—The successful fix should be detailed, along with information about any changes to the configuration of the system or network that were made to achieve the fix. Additional information should include version numbers for software patches or firmware, as appropriate.
➤
—Many administrators choose to include information on both successes and failures. The documentation of failures might prevent you from going down the same road twice, and the documentation of successful solutions can reduce the time it takes to get a system or network up and running.
337
12 2548 ch11 5/16/05 12:34 PM Page 338
338
➤
Who
—It might be that information is left out of the documentation or someone simply wants to ask a few questions about a solution. In both cases, if the name of the person who made a fix is in the documentation, he or she can easily be tracked down. Of course, this is more of a concern in environments in which there are a number of IT staff or if system repairs are performed by contractors instead of actual company employees.
The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.
For the exam, don’t forget these important concepts:
➤
When presented with a troubleshooting scenario, consider the following procedure:
1.
Identify the symptoms and potential causes.
2.
Identify the affected area.
3.
Establish what has changed.
4.
Select the most probable cause.
5.
Implement an action plan and solution including potential effects.
6.
Test the result.
7.
Identify the results and effects of the solution.
8.
Document the solution and process.
➤
The central device, hubs or switches, provides a single point of failure.
➤
Hubs and switches provide LEDs that provide information regarding the port status.
➤
A physical ring topology uses a single length of cable interconnecting all computers and forming a loop. If there is a break in the cable, all systems on the network will be unable to access the network.
➤
The MSAU on a logical ring topology represents a single point of failure. If all devices are unable to access the network, it might be that the
MSAU is faulty.
12 2548 ch11 5/16/05 12:34 PM Page 339
➤
Verify that the cabling and connectors meet the correct specifications.
➤
All NICs on the ring network must operate at the same speed.
➤
When connecting MSAUs in a ring network, ensure that the ring in and ring out configuration is properly set.
➤
A bus topology must be continuous. A break in the cable at any point will render the entire segment unusable.
➤
The cable used on a bus network has two distinct physical endpoints.
➤
The addition, removal, or failure of a device on the network might prevent the entire network from functioning.
➤
Some types of wireless communications require a point-to-point direct line-of-sight connection. If something is blocking this line of sight such as a building, the transmissions might fail.
➤
Topology
➤
Bus
➤
Star
➤
Ring
➤
Mesh
➤
Wireless
➤
Protocol
➤
Authentication
➤
Media
➤
Interference
➤
Attenuation
➤
EMI
➤
Segment
➤
NetBEUI
➤
Hub
➤
Switch
➤
MSAU
➤
Termination
➤
SSID
➤
WEP
➤
AP
339
12 2548 ch11 5/16/05 12:34 PM Page 340
340
1. Which of the following should you consider when troubleshooting wiring problems? (Choose the three best answers.)
❑
❑
❑
❑
A. The distance between devices
B. Interference
C. Atmospheric conditions
D. Connectors
2. A user calls you complaining that he is unable to access an application that he uses for accounting. The application runs on the local computer, but the data files are stored on a remote Windows 2000 file server.
The network uses TCP/IP and a DHCP server. What is your next step in the troubleshooting process?
❑
❑
❑
❑
A. Check the server logs.
B. Verify that the user is logged on correctly.
C. Log on to the system using the administration account.
D. Gather more information from the user.
3. You have just configured a wireless connection using the Bluetooth standard. At what speed does Bluetooth operate?
❑
❑
❑
❑
A. 350Mbps
B. 720Kbps
C. 200Kbps
D. 11Mbps
4. You are troubleshooting a problem with a bus topology network. Users are reporting that they are sometimes unable to access the network, but it is fine at other times. Which of the following might you consider? (Choose the two best answers.)
❑
❑
❑
❑
A. Faulty hubs or switch
B. Improper or faulty termination
C. Improper grounding
D. Cable lengths in excess of 100 meters
5. Which of the following technologies provides simple password arrangement between wireless base stations and clients.
❑
❑
❑
❑
A. WEP
B. SSID
C. PPP
D. PPTP
12 2548 ch11 5/16/05 12:34 PM Page 341
6. You have just purchased a new wireless access point that uses no WEP security by default. You change the security settings to use 128-bit encryption. How must the client systems be configured?
❑
❑
❑
❑
A. All client systems must be set to 128-bit encryption.
B. The client system will inherit security settings from the WEP.
C. WEP does not support 128-bit encryption.
D. The client WEP settings have to be set to ‘auto detect.’
7. You are troubleshooting a network problem. The network is a star topology. There are four segments on the network: sales
, marketing
, admin
, and research
. Several users from the admin department call you reporting problems accessing the server. Where are you most likely to look for the source of the problem?
❑
❑
❑
❑
A. The users’ workstations
B. The server
C. The switch that services the admin segment
D. The switch that services the sales segment
8. You are adding a new system to a network that uses a physical ring topology. Which of the following statements is true?
❑
❑
❑
❑
A. All network users will not be affected by the addition of the new system.
B. The network will be unavailable while the new system is added.
C. As long as there is a port available in the MSAU, network users will not be disrupted.
D. The MSAU will need to be powered down during the installation, affecting only the users connected to that particular MSAU.
9. A user calls to inform you that she is unable to print. Upon questioning her, you determine that the user has just been moved from the second floor to the third floor. The user connects to the printer via a wireless router on the first floor. You need to allow the user to print but do not want to purchase another WAP or disrupt other wireless users. Which of the following might you do?
❑
❑
❑
❑
A. Move the WAP to allow the client system to access the network and therefore the printer.
B. Search for RF interference on the 2.4GHz range.
C. Change the channel.
D. Configure an RF repeater to forward the wireless communications.
10. Which of the following wireless standards specifies an RF of 5Ghz?
❑
❑
❑
❑
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11t
341
12 2548 ch11 5/16/05 12:34 PM Page 342
342
1. The correct answers are A, B, and D. When you’re troubleshooting a wiring problem, you should consider the distance between devices, interference such as crosstalk and EMI, and the connection points.
Answer C is not correct because bound media (that is, cables) are not affected by atmospheric conditions.
2. The correct answer is D. Before implementing a solution to a problem, it is a troubleshooting best practice to first identify what has changed.
In this scenario, the administrator would need to gather more information from the user to help isolate the problem and determine why he cannot access the accounting program. Although all of the answers provided can also be performed, they would typically be done after gathering more information from the user.
3. The correct answer is B. Bluetooth is a wireless standard commonly used to interconnect peripheral devices to the computer system.
Bluetooth operates at 720Kbps.
4. The correct answers are B and C. A bus network must have a terminator at each physical end of the bus. It must also be grounded at one end. Improper grounding or faulty termination can lead to random network problems such as those described. Answer A is not correct because 10BASE-2 networks do not use hubs or switches. 10BASE-2 has a maximum cable length of 185 meters; therefore, answer D is not valid either.
5. The correct answer is B. The Service Set Identifier is a name assigned to a wireless Wi-Fi network. All devices connected to an AP must use the same SSID name, which is a text string up to 32 bytes long, in order to communicate.
6. The correct answer is A. On a wireless connection between an access point and the client, they must be configured to use the same WEP security settings. In this case, they must both be configured to use 128bit encryption.
7. The correct answer is C. In this scenario, the common denominator is that all of the users reporting a problem are connected to the same network switch. Therefore, this would be the first place to look for a problem. Because there is more than one user with a problem, looking at their workstations is not the best troubleshooting step. Because you have not received any other calls from other departments, it is unlikely
12 2548 ch11 5/16/05 12:34 PM Page 343 that there is a problem with the server. Because no users from the sales dept. have reported a problem, there is unlikely to be a problem with the sales section of the network.
8. The correct answer is B. A physical ring topology uses a length of cable to form the ring function. A single break in this cable will take the entire network offline. To add a new system to a physical ring network, the ring must be broken. Therefore, the addition of the new client system will affect all network users.
9. The correct answer is D. By the description, it sounds like the client has moved beyond the reach of the WAP. To try to accommodate the client, an RF repeater could be used to duplicate and forward the wireless signal. It would not be wise to move the wireless access point, as the move might put it out of reach for other network users.
10. The correct answer is A. The 802.11a wireless standard uses the 5GHz frequency range. 802.11b/g uses the 2.4GHz range.
Bird, Drew and Harwood, Mike.
Network+ Prep
. Que Publishing,
2004.
Habraken, Joe.
Absolute Beginner’s Guide to Networking, Fourth
Edition
. Que Publishing, 2003.
Davis, Harold.
Absolute Beginner’s Guide to Wi-Fi Wireless
Networking
. Que Publishing, 2004.
343
12 2548 ch11 5/16/05 12:34 PM Page 344
13 2548 ch12 5/16/05 12:34 PM Page 345
12
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This exam consists of 72 questions that reflect the material covered in this book. The questions are representative of the types of questions you should expect to see on the Network+ exam; however, they are not intended to match exactly what is on the exam.
Some of the questions require that you deduce the best possible answer.
Often, you are asked to identify the best course of action to take in a given situation. You must read the questions carefully and thoroughly before you attempt to answer them. It is strongly recommended that you treat this exam as if it were the actual exam. When you take it, time yourself, read carefully, and answer all the questions to the best of your ability.
The answers to all the questions appear in Chapter 13, “Answers to Practice
Exam 1.” Check your letter answers against those in Chapter 13, and then read the explanations provided. You might also want to return to the chapters in the book to review the material associated with any incorrect answers.
13 2548 ch12 5/16/05 12:34 PM Page 346
346
1. Which of the following devices operates at the Network layer of the
OSI model?
❍
❍
❍
❍
A. WAP
B. Switch
C. Hub
D. Router
2. A client on your network has had no problem accessing the wireless network, but recently the client moved to a new office. Since the move, she has only intermittent network access. Which of the following is most likely the cause of the problem?
❍
❍
❍
❍
A. SSID on the client is misconfigured.
B. The client system has moved too far from the AP.
C. WEP settings are incorrect.
D. The AP is using an omni-directional antenna.
3. You are a network administrator managing a midsized network that uses a NetWare print server, a Windows application server, and a
Linux firewall server. One of your servers loses network connectivity; you type ifconfig at the command line to determine whether the server has a valid IP address. Which server has lost connectivity?
❍
❍
❍
❍
A. The firewall server.
B. The print server.
C. The application server.
D.
ifconfig is not a valid command on any of these platforms.
4. You are managing a network that uses both a UNIX server and a
Windows 2000 server. Which of the following protocols can you use to transfer files between the two servers?
❍
❍
❍
❍
A. Telnet
B. PPP
C. FTP
D. PPTP
5. You have been called by a user who complains that access to a web page is very slow. What utility can you use to find the bottleneck?
❍
❍
❍
❍
A.
ping
B. Telnet
C.
D.
tracert nbtstat
13 2548 ch12 5/16/05 12:34 PM Page 347
6. During a busy administrative week, you install a new virus suite in your network of 55 computers, a new RAID array in one of the servers, and a new office suite on 25 of the computer systems. After all the updates, you are experiencing system errors throughout the entire network.
Which of the following would you do to help isolate the problem?
❍
❍
❍
❍
A. Disable the RAID array
B. Uninstall the office suite
C. Check the virus suite vendor’s website for system patches or service packs
D. Reinstall the virus software
7. What utility would you use to check the IP configuration on a
Windows XP system?
❍
❍
❍
❍
A.
B.
C.
D.
netstat winipcfg ping ipconfig
8. Which of the following services or protocols use SSH technology to provide additional security to communications? (Choose two).
❍
❍
❍
❍
A. SCP
B. SFTP
C. SNMP
D. SMTP
9. Which of the following backup methods clear the archive bit? (Choose the two best answers.)
❍
❍
❍
❍
A. Differential
B. Sequential
C. Full
D. Incremental
10. You are troubleshooting a server connectivity problem on your network—a Windows XP Professional system is having trouble connecting to a Windows 2000 Server. Which of the following commands would you use to display per-protocol statistics on the workstation system?
❍
❍
❍
❍
❍
A.
B.
C.
D.
E.
arp -a arp -A nbtstat -s nbtstat -S netstat -s
347
13 2548 ch12 5/16/05 12:34 PM Page 348
348
11. You are working as a network administrator on a UNIX system. The system uses dynamic name resolution. What is used to dynamically resolve a hostname on a UNIX server?
❍
❍
❍
❍
A. IPX
B. ARP
C. DNS
D. LMHOSTS
12. During the night, one of your servers powers down. Upon reboot, print services do not load. Which of the following would be the first step in the troubleshooting process?
❍
❍
❍
❍
A. Examine the server log files
B. Reboot the server
C. Reinstall the printer
D. Reinstall the printer software
13. Which of the following standards uses UTP cable?
❍
❍
❍
❍
A. 100BaseTX
B. 10BaseFL
C. 100BaseUX
D. 10Base2
14. Which of the following utilities can be used to view the current protocol connections on a Windows system?
❍
❍
❍
❍
A.
D.
ping
B.
netstat
C. Telnet tracert
15. Which of the following statements about the 10Mbps 802.3 network standards is incorrect?
❍
❍
❍
❍
A. There are 10Mbps networking standards for both UTP and fiber-optic cable.
B. The 802.3 10Mbps network standards use a logical bus topology.
C. Irrespective of the type of cable, the maximum length of a 10Mbps network segment is 185 meters.
D. 10Mbps networking standards use a CSMA/CD media access method.
16. Which of the following are connectionless protocols? (Choose the two best answers.)
❍
❍
❍
❍
A. TCP
B. SPX
C. IPX
D. UDP
13 2548 ch12 5/16/05 12:34 PM Page 349
17. Which of the following networking standards specifies a maximum segment length of 100 meters?
❍
❍
❍
❍
A. 10Base2
B. 10BaseFL
C. 10BaseYX
D. 10BaseT
18. After several passwords have been compromised in your organization, you have been asked to implement a network-wide password policy.
Which of the following represents the most practical and secure password policy?
❍
❍
❍
❍
A. Daily password changes
B. Weekly password changes
C. Monthly password changes
D. Password changes only after an account has been compromised
19. You are experiencing a problem with a workstation and want to ping the local loopback. Which of the following are valid ways to check your local TCP/IP configuration? (Choose the two best answers.)
❍
❍
❍
❍
A.
B.
C.
D.
ping host ping localhost ping 127.0.0.1
ping 127.0.0.0
20. Which of the following network devices operates at the physical layer of the OSI model?
❍
❍
❍
❍
A. Router
B. Hub
C. Bridge
D. NIC
21. You have been asked to implement a RAID solution on one of your company’s servers. You have two hard disks and two hard disk controllers. Which of the following RAID levels could you implement?
(Choose the three best answers.)
❍
❍
❍
❍
❍
A. RAID 0
B. RAID 1
C. Disk duplexing
D. RAID 10
E. RAID 5
22. Which of the following represents a Class B IP address?
❍
❍
❍
❍
A.
B.
C.
D.
191.23.21.54
125.123.123.2
24.67.118.67
255.255.255.0
349
13 2548 ch12 5/16/05 12:34 PM Page 350
350
23. What utility would produce the following output?
Proto Local Address Foreign Address State
TCP laptop:1028 LAPTOP:0 LISTENING
TCP laptop:1031 LAPTOP:0 LISTENING
TCP laptop:1093 LAPTOP:0 LISTENING
TCP laptop:50000 LAPTOP:0 LISTENING
TCP laptop:5000 LAPTOP:0 LISTENING
TCP laptop:1031 n218.audiogalaxy.com:ftp ESTABLISHED
TCP laptop:1319 h24-67-184-65.ok.shawcable.net:nbsess
❍
❍
❍
❍
A.
B.
C.
D.
netstat nbtstat ping tracert -R
24. You have been called in to troubleshoot a problem with a newly installed email application. Internal users are able to communicate with each other via email, but neither incoming nor outgoing Internet email is working. You suspect a problem with the port-blocking configuration of the firewall system that protects the Internet connection.
Which of the following ports would you allow to cure the problems with the email? (Choose the two best answers.)
❍
❍
❍
❍
❍
A. 20
B. 25
C. 80
D. 110
E. 443
25. What is the default subnet mask for a Class B network?
❍
❍
❍
❍
A.
B.
C.
D.
255.255.255.224
255.255.255.0
127.0.0.1
255.255.0.0
26. At which OSI layer does TCP operate?
❍
❍
❍
❍
A. Network
B. Transport
C. Session
D. Presentation
27. What is the basic purpose of a firewall system?
❍
❍
❍
❍
A. It provides a single point of access to the Internet.
B. It caches commonly used web pages, thereby reducing the bandwidth demands on an Internet connection.
C. It allows hostnames to be resolved to IP addresses.
D. It protects one network from another by acting as an intermediary system.
13 2548 ch12 5/16/05 12:34 PM Page 351
28. Email and FTP work at which layer of the OSI model?
❍
❍
❍
❍
A. Application
B. Session
C. Presentation
D. User
29. You are the administrator for a small network with a single server. A user calls to report that he is experiencing problems logging on to the network. He is sure that the tree name and context are correct, but is not sure that he has the correct password. Which of the following operating systems could the server on your network be running?
(Choose all that apply.)
❍
❍
❍
❍
A. Novell Netware 5
B. Novell Netware 3.11
C. Novell Netware 6
D. Novell Netware 4.1
30. While reviewing the security logs for your server, you notice that a user on the Internet has attempted to access your internal mail server.
Although it appears that the user’s attempts were unsuccessful, you are very concerned about the possibility that your systems might be compromised. Which of the following solutions are you most likely to implement?
❍
❍
❍
❍
A. A more secure password policy
B. A firewall system at the connection point to the Internet
C. File-level encryption
D. Kerberos authentication
31. Which of the following pieces of information is not likely to be supplied via DHCP?
❍
❍
❍
❍
A. IP address
B. NetBIOS computer name
C. Subnet mask
D. Default gateway
32. While troubleshooting a network connectivity problem, you notice that the network card in your system is operating at 10Mbps in halfduplex mode. At what speed is the network link operating?
❍
❍
❍
❍
A. 2.5Mbps
B. 5Mbps
C. 10Mbps
D. 11Mbps
351
13 2548 ch12 5/16/05 12:34 PM Page 352
352
33. Which of the following is a valid IPv6 address?
❍
❍
❍
❍
A.
B.
C.
D.
42DE:7E55:63F2:21AA:CBD4:D773
42CD:7E55:63F2:21GA:CBD4:D773:CC21:554F
42DE:7E55:63F2:21AA
42DE:7E55:63F2:21AA:CBD4:D773:CC21:554F
34. While troubleshooting a network connectivity problem on a Windows
Server 2003 system, you need to view a list of the IP addresses that have been resolved to MAC addresses. Which of the following commands would you use to do this?
❍
❍
❍
❍
A.
B.
C.
D.
arp -a nbtstat -a arp -d arp -s
35. Which of the following statements best describes RAID 5?
❍
❍
❍
❍
A. A RAID 5 array consists of at least two drives. Parity information is written across both drives to provide fault tolerance.
B. A RAID 5 array consists of at least three drives and distributes parity information across all the drives in the array.
C. A RAID 5 array consists of at least three drives and stores the parity information on a single drive.
D. A RAID 5 array consists of at least four drives. The first and last drives in the array are used to store parity information.
36. Which of the following IEEE specifications does CSMA/CD relate to?
❍
❍
❍
❍
A. 802.11b
B. 802.2
C. 802.5
D. 802.3
37. While you are troubleshooting a sporadic network connectivity problem on a Windows XP Professional system, a fellow technician suggests that you run the command?
ping -t command. What is the purpose of this
❍
❍
❍
❍
A. It shows the route taken by a packet to reach the destination host.
B. It shows the time, in seconds, that the packet takes to reach the destination.
C. It allows the number of ping messages to be specific.
D. It ping s the remote host continually until it is stopped.
38. Which of the following IEEE wireless standards uses the 5GHz RF range?
❍
❍
❍
❍
A. 802.11g
B. Infrared
C. 802.11a
D. 802.11b
13 2548 ch12 5/16/05 12:34 PM Page 353
39. What type of physical topology is shown in the following diagram?
353
❍
❍
❍
❍
A. Star
B. Ring
C. Bus
D. Mesh
40. A remote user calls you to report a problem she is having connecting to the corporate network over her DSL connection. The user is able to connect to the Internet and browse web pages, but she can’t connect to the corporate remote access gateway. Which of the following troubleshooting steps would you perform first?
❍
❍
❍
❍
A. Check the corporate remote access gateway to see if it is running and operating correctly
B. Have the user reboot her system
C. Have the user reconfigure the IP address on her system to one of the address ranges used on the internal corporate network, and then try again
D. Have the user power cycle the DSL modem and try again
41. You have installed a Web-based database system on your PC so that you can enter troubleshooting information and retrieve it from any location on the network. The IP address of your system is
192.168.1.164
. You are not overly concerned about security, but as a basic measure, you allocate the Web server application a port number of
9191 rather than the default port of
80
. Assuming that you are working from another system on the network, what would you type into the address bar of a Web browser to access the database?
❍
❍
❍
❍
A. http://192.168.1.164.9191
B. http://192.168.1.164/9191
C. http://192.168.1.164//9191
D. http://192.168.1.164:9191
13 2548 ch12 5/16/05 12:34 PM Page 354
354
42. Which of the following IEEE standards has the highest maximum transmissions speeds?
❍
❍
❍
❍
A. 802.3ae
B. 802.3xr
C. 802.3z
D. 802.3u
43. Your manager has asked you to implement security on your peer-topeer network. Which of the following security models offers the highest level of security for this type of network?
❍
❍
❍
❍
A. Share level
B. User level
C. Password level
D. Layered
44. You are working on a Linux system and are having problems ping ing a remote system by its hostname. DNS resolution is not configured for the system. What file might you look in to begin troubleshooting the resolution problem?
❍
❍
❍
❍
A.
B.
C.
D.
RESOLV
STATICDNS
PASSWD
HOSTS
45. You are tasked with specifying a way to connect two buildings across a parking lot. The distance between the two buildings is 78 meters. An underground wiring duct exists between the two buildings, although there are concerns about using it because it also houses high-voltage electrical cables. The budget for the project is very tight, but your manager still wants you to specify the most suitable solution. Which of the following cable types would you recommend?
❍
❍
❍
❍
A. Fiber-optic
B. UTP
C. Thin coax
D. STP
46. While installing a new Windows XP Professional system, you are offered a choice of file system with which to format the disk. If you want to use both file and share level permissions for data security, which of the file systems should you choose?
❍
❍
❍
❍
A. FAT
B. FAT32
C. NTFS
D. EXT2
13 2548 ch12 5/16/05 12:34 PM Page 355
47. A user calls to inform you that she can’t access the Internet from her system. When you visit the user, you run the ipconfig /all utility and see the following information. What is the most likely reason the user is having problems accessing the Internet?
C:\>ipconfig /all
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : LAPTOP
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Ethernet
Description . . . . . . . . . . . : Intel 8255x-based PCI
Physical Address. . . . . . . . . : 00-D0-59-09-07-51
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.2.10
192.168.2.20
❍
❍
❍
❍
A. The system is on a different subnet from the DNS servers.
B. DHCP is not enabled.
C. The subnet mask is incorrect.
D. The default gateway setting is not configured.
48. Your ISP account manager suggests that it might be appropriate for you to install a DNS server internally. Which of the following functions does the DNS server provide?
❍
❍
❍
❍
A. It performs network address translation services.
B. It streamlines the resolution of NetBIOS names to IP addresses.
C. It allows some hostname-to-IP address resolutions to occur internally.
D. It allows users to retrieve Internet web pages more quickly.
49. Which of the following is not one of the private address ranges?
❍
❍
❍
❍
A.
B.
C.
D.
192.168.x.x
10.x.x.x
172.16.x.x
224.181.x.x
355
13 2548 ch12 5/16/05 12:34 PM Page 356
356
50. You are the administrator for a network with two Windows Server
2003 systems, one Linux server, and 245 Windows XP Professional systems. Under what circumstances are you most likely to install
Samba on the Linux server?
❍
❍
❍
❍
A. If one or two users with Windows XP Professional systems want to copy files to and from the Linux server
B. If a large number of users with Windows XP Professional systems want to use the Linux server as a file or print server
C. If you want to implement a network management system that will allow the Linux server to receive trap messages from the Windows servers
D. If you want to automate the allocation of IP addresses to all of the
Windows XP Professional systems on the network
51. If you contacted IANA, what would you most likely be trying to do?
❍
❍
❍
❍
A. Get a new telephone number
B. Get an IP address to connect a system to a public network
C. Get an Internet domain name reassigned
D. Get an IP address to connect a system to a private network
52. Which of the following technologies can be implemented on a switch to create multiple separate logical networks?
❍
❍
❍
❍
A. Proxy
B. Subnet masking
C. NAS
D. VLAN
53. Which of the following protocols are responsible for network addressing? (Choose the two best answers.)
❍
❍
❍
❍
A. IP
B. SPX
C. IPX
D. TCP
54. You are upgrading the antenna on your wireless network. You need to purchase an antenna that provides a 360-degree dispersed wave pattern. Which of the following antenna types would you select?
❍
❍
❍
❍
A. Omni-dispersed antenna
B. Directional-dispersed antenna
C. Directional antenna
D. Omni-directional antenna
13 2548 ch12 5/16/05 12:34 PM Page 357
55. What protocol is used by systems within a multicast group to communicate registration information with each other?
❍
❍
❍
❍
A. ICMP
B. IGMP
C. NNTP
D. LDAP
56. Which of the following connectors would you use when working with fiber-optic cable? (Choose the two best answers.)
❍
❍
❍
❍
❍
A. RJ-11
B. SC
C. RJ-45
D. ST
E. BNC
57. You are instructed by your manager to procure a cable with a Type A connector on one end, and a Type B connector on the other. What kind of interface are you most likely to be dealing with?
❍
❍
❍
❍
A. FireWire
B. USB
C. RJ-11
D. Fiber Optic
58. You are the network administrator for a Token Ring network. A NIC in a system fails, and you replace it with a new one. However, the system is still unable to connect to the network. What is the most likely cause of the problem?
❍
❍
❍
❍
A. The NIC is set to the wrong ring speed.
B. The NIC is a 100Mbps card, and the ring is configured for only
10Mbps.
C. The NIC is set to full-duplex, and the ring is running at only halfduplex.
D. The NIC is faulty.
59. You have enabled HTTPS because of concerns about the security of your Web server application, which runs on a Web server system in the
DMZ of your corporate network. However, remote users are now unable to connect to the application. Which of the following is the most likely reason for the problem?
❍
❍
❍
❍
A. Port 80 is being blocked on the corporate firewall.
B. Port 443 is being blocked on the corporate firewall.
C. Remote users need to enable HTTPS support in their Web browsers.
D. Port 110 is being blocked on the corporate firewall.
357
13 2548 ch12 5/16/05 12:34 PM Page 358
358
60. Which of the following is a valid Class A IP address?
❍
❍
❍
❍
A.
B.
C.
D.
124.254.254.254
127.0.0.1
128.16.200.12
131.17.25.200
61. Which of the following wireless technologies provides limited transmission distance and is used primarily for personal area networking and cable replacement? (Select two.)
❍
❍
❍
❍
A. IrDA
B. 802.11a
C. Bluetooth
D. Ethernet wireless
62. You are the administrator for a network with two Windows 2000 server systems and 40 Windows XP Professional systems. One morning, three users call to report that they are having problems accessing either of the Windows servers. Upon investigation, you determine that the
DHCP server application running on one of the servers has crashed and that the three systems are using addresses assigned via APIPA. All other systems, which were started before the DHCP server application crashed, are functioning correctly. Which of the following statements about the situation is correct? (Choose two.)
❍
❍
❍
❍
A. Systems with an APIPA assigned address will be able to communicate with each other.
B. Systems with an APIPA assigned address will be able to talk to other systems that have an IP address from the DHCP server.
C. Systems with an APIPA assigned address will not be able to access the
Internet.
D. Each system with an APIPA assigned address will not be able to communicate with any other systems on the network.
63. Which of the following protocols are parts of the TCP/IP protocol suite? (Choose the three best answers.)
❍
❍
❍
❍
❍
A. AFP
B. FTP
C. DHCP
D. HTTP
E. NCP
13 2548 ch12 5/16/05 12:34 PM Page 359
64. You are attempting to configure a client’s email program. The user can receive mail but is unable to send any. In the mail server configuration screen of the mail application, you notice that the Type of Outgoing
Mail Server field is blank. This explains why the client is unable to send mail. Which of the following protocols are you most likely to enter as a value in the Type of Outgoing Mail Server field?
❍
❍
❍
❍
A. NMP
B. POP3
C. SMTP
D. IMAP
65. Which of the following is a configurable client identification setting used to differentiate one WLAN from another?
❍
❍
❍
❍
A. SID
B. WEP
C. SSID
D. Wireless channel
66. Which of the following is a valid MAC address?
❍
❍
❍
❍
❍
A.
B.
C.
D.
E.
00:D0:59:09:07:51
00:D0:59
192.168.2.1
00FE:56FE:230F:CDA2:00EB:32EC
00:DG:59:09:07:51
67. Which of the following protocols allows you to execute queries against a directory services database such as Microsoft Active Directory or
Novell Directory Services?
❍
❍
❍
❍
A. NNTP
B. ICMP
C. LDAP
D. SFTP
68. Which of the following is not a commonly implemented feature of a firewall system?
❍
❍
❍
❍
A. NAT
B. Packet filtering
C. Proxy
D. NAS
359
13 2548 ch12 5/16/05 12:34 PM Page 360
360
69. Which command produced the following output?
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17273
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;examcram.com. IN ANY
;; ANSWER SECTION: examcram.com. 86191 IN A 63.240.93.157
examcram.com. 86191 IN NS oldtxdns2.pearsontc.com.
examcram.com. 86191 IN NS usrxdns1.pearsontc.com.
;; AUTHORITY SECTION: examcram.com. 86191 IN NS oldtxdns2.pearsontc.com.
examcram.com. 86191 IN NS usrxdns1.pearsontc.com.
;; Query time: 24 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 18 09:07:29 2004
;; MSG SIZE rcvd: 131
❍
❍
❍
❍
A.
B.
C.
D.
nslookup nbtstat dig netstat
70. When a system running TCP/IP receives a data packet, which of the following does it use to determine which service to forward the packet to?
❍
❍
❍
❍
A. Port number
B. Packet ID number
C. Data IP number
D. IP protocol service type
71. What command would generate the following output?
7 60 ms 30 ms 40 ms home-gw.st6wa.ip.att.net [192.205.32.249]
8 30 ms 40 ms 30 ms gbr3-p40.st6wa.ip.att.net [12.123.44.130]
9 50 ms 50 ms 60 ms gbr4-p10.sffca.ip.att.net [12.122.2.61]
10 60 ms 60 ms 60 ms gbr3-p10.la2ca.ip.att.net [12.122.2.169]
11 90 ms 60 ms 70 ms gbr6-p60.la2ca.ip.att.net [12.122.5.97]
❍
❍
❍
❍
A.
B.
C.
D.
ipconfig netstat ping tracert
72. Which layer of the OSI model is responsible for placing the signal on the network media?
❍
❍
❍
❍
A. Physical
B. Data-link
C. MAC
D. LLC
14 2548 ch13 5/16/05 12:35 PM Page 361
13
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.
D
16.
C, D
31.
B
46.
C
2.
B
17.
D
32.
C
47.
D
7.
D
8.
A, B
9.
C, D
10.
E
11.
C
12.
A
13.
A
14.
B
15.
C
3.
A
4.
C
5.
C
6.
C
18.
C
19.
B, C
20.
B
21.
A, B, C
22.
A
23.
A
24.
B, D
25.
D
26.
B
27.
D
28.
A
29.
A, C, D
30.
B
33.
D
34.
A
35.
B
36.
D
37.
D
38.
C
39.
A
40.
A
41.
D
42.
A
43.
B
44.
D
45.
A
48.
C
49.
D
50.
B
51.
B
52.
D
53.
A, C
54.
D
55.
B
56.
B, D
57.
B
58.
A
59.
B
60.
A
61.
A, C
62.
A, C
63.
B, C, D
64.
C
65.
C
66.
A
67.
C
68.
D
69.
C
70.
A
71.
D
72.
A
14 2548 ch13 5/16/05 12:35 PM Page 362
362
1.
D.
Of the devices listed, only a router operates at the Network layer of the OSI model. A WAP and a switch are both considered data-link layer devices. A hub is considered a physical layer device.
2.
B.
A wireless AP has a limited range of which it can send and receive data signals. Once a client system moves out of this range, client network access will either fail completely or be inconsistent. An incorrect
SSID or incompatible WEP settings would completely prevent communication between the wireless AP and client.
3.
A.
The ifconfig command is used on a Linux system to determine the
IP configuration of the system. With NetWare, you use the config command to obtain information about network addresses. On a
Windows 2000 system, the ipconfig command is used to view the networking configuration including the IP address. ifconfig can be used on UNIX/Linux platforms to view the networking configuration.
4.
C.
FTP can be used to transfer files between Windows and UNIX systems. FTP is part of the TCP/IP protocol suite and is platform independent. The telnet utility is used to open a virtual terminal session on a remote host (answer A). PPP is used to establish communications over a serial link; thus, answer B is incorrect. PPTP is used to establish a secure link over a public network such as the Internet (answer D).
5.
C.
tracert is a Windows command that can be used to display the full path between two systems, including the number of hops between the systems. The ping utility (answer A) can be used to test connectivity between two devices, but it only reports the time taken for the roundtrip; it does not give information about the time it takes to complete each hop in the route. The telnet utility (answer B) is used to open a virtual terminal session on a remote host. The nbtstat command
(answer D) is used to view statistical information about the NetBIOS status of a system.
6.
C.
Because the system errors are over the entire network, it is likely that the cause of the problem in this scenario lies with the virus suite because it is installed on all computers. To troubleshoot such a problem, it would be a good idea to check for patches or updates on the vendor’s website. A problem with a RAID array (answer A) would affect only the server in which it is installed, not the entire network.
14 2548 ch13 5/16/05 12:35 PM Page 363
Since the office suite (answer B) was installed on only some of the systems, it can be eliminated as a problem because all the systems are affected. The virus software (answer D) appears to be the cause of the problem, but reinstalling it is unlikely to help.
7.
The ipconfig utility can be used to view the TCP/IP configuration on a Windows 2000, Windows XP, or Windows Server 2003 system.
None of these operating systems support the graphical winipcfg utility
(answer B). The netstat utility (answer A) is used to view protocol statistics information. The ping utility (answer C) is used to test the connectivity between two systems on a TCP/IP network.
8.
and
Secure Shell (SSH) technology is used by both the Secure
Copy Protocol (SCP) and the Secure File Transfer Protocol (SFTP).
The Simple Network Management Protocol (SNMP), and the Simple
Mail Transfer Protocol (SMTP) do not use SSH technology for additional security.
9.
and
Both the full and incremental backup methods clear the archive bit to indicate which data does and does not need to be backed up. In a differential backup (answer A), the archive bit is not cleared.
Sequential (answer B) is not a type of backup.
10.
The netstat -s command can be used to display per-protocol statistics. The arp command (answers A and B) is used to view a list of the
IP address-to-MAC address resolutions performed by the system. The nbtstat utility (answers C and D) is used to view protocol statistics for the NetBIOS protocol.
11.
DNS is used on UNIX-based systems to resolve hostnames. IPX
(answer A) is a network-layer connectionless protocol. ARP (answer B) resolves IP addresses to MAC addresses. The
LMHOSTS file (answer D) is used on Windows systems to resolve NetBIOS names to IP addresses.
12.
In this scenario, your first step is to gather information by examining the server log files. When you have that information, you can proceed with the rest of the troubleshooting process. Rebooting the server
(answer B) is unlikely to cure the problem. Before you reinstall the printer (answer C) or printer software (answer D), you should examine the log files to see if any problems are reported in the server log files.
13.
100BaseTX uses Category 5 cable. 10BaseFL uses fiber-optic cable.
There is no standard called 100BaseUX 10Base2 is an Ethernet networking standard that uses thin coaxial cable.
363
14 2548 ch13 5/16/05 12:35 PM Page 364
364
14.
B.
The netstat -a command can be used to display the current connections and listening ports. The ping utility (answer A) is used to test connectivity between two devices on a TCP/IP network. Telnet
(answer C) is an application-level protocol that allows a virtual terminal session on a remote host. The tracert utility (answer D) allows a path to be traced between two hosts.
15.
C
. The various 10Mbps 802.3 networking standards have different maximum cable lengths. With 10Base-FL, a segment can be up to
2,000 meters. Using thin coaxial cabling, the 10Base2 standard specifies a maximum segment length of 185 meters. 10Mbps implementations of Ethernet on UTP are limited to 100 meters. All Ethernet standards use a Collision Sense Multiple Access/Collision detect media access method. The 10Mbps 802.3 standards use a logical bus topology, though they can use physical star or physical bus topology.
16.
C
and
D.
UDP and IPXareboth connectionless protocols. SPX and
TCP (answers A and B) are connection-oriented protocols.
17.
D.
10BASET has a maximum segment length of 100 meters. The maximum length of a 10BASE2 segment is 185 meters. The maximum length of a 10BASEFL segment (answer B) is 2,000 meters. Answer C is not a valid networking standard.
18.
C.
Changing passwords too frequently is not practical, and changing them too infrequently represents a security risk. Monthly password changing is adequate for most environments. Changing passwords too frequently (answers A and B) can cause problems because users might have problems remembering passwords, so they use passwords that are too similar to one another. Although passwords should be changed if they are compromised, they should also be changed periodically, making answer D incorrect.
19.
B
and
C.
To verify the local IP configurationyou can either ping the
‘localhost’ or use the IP address
127.0.0.1
. The default hostname for a system is localhost
, not host
, which means that answer A is incorrect.
Answer D is not correct as this is the network address for the Class A loopback address, not a valid node loopback address.
20.
B.
A network hub operates at the physical layer of the OSI model. A router (answer A) operates at the network layer of the OSI model. A bridge (answer C) operates at the data-link layer of the OSI model. An
NIC (answer D) operates at the data-link layer of the OSI model.
14 2548 ch13 5/16/05 12:35 PM Page 365
21.
and
With two hard disks and two controllers, you can implement RAID 0, RAID 1, and disk duplexing. RAID 5 (disk striping with parity; answer E) requires a minimum of three disks to be implemented. RAID 10 (answer D) is a combination of RAID 1 (disk mirroring) and RAID 0 (disk striping). RAID 10 requires a minimum of four disks.
22.
The first octet of a Class B address must be in the range 128 to 191.
Answers A and B represent Class A addresses. Class A addresses run from 1 to 126. Answer D is not a valid IP address.
23.
The netstat utility can be used to display protocol statistics and
TCP/IP network connections. The nbtstat utility (answer B) shows statistical information about the NetBIOS over TCP/IP connections.
The ping utility (answer C) is used to test the connectivity between two devices on a TCP/IP network. The tracert utility (answer D) traces the path between two hosts on a TCP/IP network.
24.
and
TCP/IP port
25 is used by SMTP. TCP/IP port
110 is used by POP3. Because SMTP is used to send mail and POP3 is used to retrieve mail, port
25 and port
110 are the two ports that would need to be allowed for incoming and outgoing Internet email. TCP/IP port
21
(answer A) is used by FTP. TCP/IP port
80
(answer C) is used by
HTTP. TCP/IP port
443
(answer E) is used by HTTPS.
25.
The default subnet mask for a Class B network is
255.255.0.0
.
Answer A is incorrect because it is not the default subnet mask for a
Class B network. Answer B is not the default subnet mask for a Class B network. Answer C is the local loopback address.
26.
TCP operates at the transport layer of the OSI model. Answers A,
C, and D are all incorrect; TCP does not operate at the network layer.
27.
The purpose of the firewall system is to protect one network from another. One of the most common places to use a firewall is to protect a private network from a public one such as the Internet. Answer A is incorrect because although a firewall can provide a single point of access, that is not its primary purpose. Answer B more accurately describes the function of a proxy server. Answer C describes the function of a DNS server.
28.
Both email and FTP work at the application layer of the OSI model. Email and FTP are application-layer protocols, not sessionlayer protocols. User (answer D) is not a layer of the OSI model.
365
14 2548 ch13 5/16/05 12:35 PM Page 366
366
29.
A, C
and
D.
Since Netware 4, Novell has included a directory services system with NetWare that provides a centralized repository for network information including users, groups, printers and servers. Before
NetWare 4, Novell used a system called Bindery, which worked on a single server, single database principle
.
30.
B.
To prevent unauthorized access to a private network from the
Internet, you can use a firewall server to restrict outside access.
Implementing a more secure password policy (answer A) is a good idea, but it is not the best choice of those available. Implementing a filelevel encryption system (answer C) is a good idea, but it is not the best choice of those available. Kerberos (answer D) is an authentication system, not a method to prevent unauthorized access to the system.
31.
B.
The NetBIOS computer name is not supplied to client systems by a
DHCP server. The IP address (answer A) is one of the pieces of information provided by DHCP. The subnet mask (answer C) is one of the pieces of information provided by DHCP. The default gateway (answer
D) is one of the pieces of information supplied by DHCP.
32.
C.
Because the NIC is functioning at half-duplex 10Mbps, the transfer rate is 10Mbps. None of the other answers are correct.
33.
D.
IPv6 uses a 128-bit address, which is expressed as eight octet pairs in hexadecimal format, separated by colons. Because it is hexadecimal, only numbers and the letters A through F can be used. An IPv6 address is composed of eight hexadecimal octets. Only numbers and the letters
A through F can be used.
34.
A.
The arp -a command is used to display the IP addresses that have been resolved to MAC addresses. The nbtstat command (answer B) is used to view protocol statistics for NetBIOS connections. arp -d
(answer C) is not a valid command. The arp -s command (answer D) allows you to add static entries to the ARP cache.
35.
B.
A RAID 5 array consists of at least three hard disks and stripes parity information across all disks in the array. RAID 5 (disk striping with parity; answer A) requires at least three drives. The parity information is stored in a stripe across all three drives in the array (answer B).
RAID 5 requires only three drives, which makes answer D incorrect.
36.
D.
CSMA/CD relates to the IEEE specification 802.3. The 802.11b
(answer A) standard describes wireless LAN networking. The 802.2
(answer B) standard defines the media access methods for various networking standards. The 802.5 (answer C) standard defines Token Ring networking.
14 2548 ch13 5/16/05 12:35 PM Page 367
37.
The ping -t command is used to send continuous ping requests to a remote system. The ping request will continue until it is manually stopped. The traceroute utility (answer A) performs this task. The ping command (answer B) shows the amount of time a packet takes to complete the round-trip from the host to the destination. Answer C is incorrect because the ping command with the
-n switch performs this task.
38.
The IEEE 802.11a wireless standard specifies 5GHz as the RF transmissions range. IEEE wireless standards 802.11b/g both use the
2.4GHz RF range. Infrared wireless transmissions use the 2.4GHz RF.
39.
The diagram in the question shows a star topology. Answers B, C, and D are all incorrect. The figure does not represent any of these network types.
40.
In this scenario, you would first check the remote access gateway to see if it is running and operating correctly. Because the user can browse web pages, this is not a connectivity problem. Answer B is incorrect because although rebooting the system might help, the system appears to be working correctly, and rebooting it is unlikely to cure the problem. The IP address configuration appears to be working because the user is able to access web pages, so answer C is incorrect.
The Internet connection appears to be working, so cycling the power on the DSL modem, as described in answer D, is unlikely to help.
41.
. To specify a TCP/IP port other than the default of
80
, simply append the port number to the end of the address, using a colon (
:
) to separate the two. All of the other answers are incorrect.
42.
The IEEE 802.3ae standard defines 10Gbps networking standards such as 10Gbase-LR and 10Gbase-SR. There is no IEEE 802.3xr standard. 802.3z defines gigabit Ethernet standards such as 1000Base-LX and 1000Base-SX. 802.3u defines fast Ethernet standards such as
100Base-TX and 100Base-FX.
43.
User-level security is more secure than share-level security and requires a user to provide a login ID, usually a username and password combination to access network resources. Answer A is incorrect because share-level security is not as secure as user-level security. Answers C and
D are not accepted terms for describing levels of security.
44.
The
HOSTS file is used to manually configure hostname resolution, and if there is a problem with hostname resolution, entries in this file must be checked. Answers A and B are incorrect because files are not used on a Linux system. Answer C is incorrect because the
PASSWD file is used to store user account information.
367
14 2548 ch13 5/16/05 12:35 PM Page 368
368
45.
A.
Fiber-optic cable provides the most resistance to EMI and therefore is often used in environments in which there is a risk of interference.
Although it is inexpensive, UTP (answer B) cable has very low resistance to EMI; therefore, it should not be run near high-voltage electric cables. Thin coax (answer C) has low resistance to EMI; therefore, it should not be run near high-voltage electric cables. STP (answer D) has a good level of resistance to EMI, but it is still not as resistant as fiber-optic. Not factoring in the cost, fiber-optic is the most suitable solution.
46.
C.
The New Technology File System (NTFS) provides both file and share-level security. FAT and FAT32 can be used with Windows to provide share-level security, but they do not provide file-level security.
EXT2 is a file system associated with Linux. It cannot be used with
Windows XP Professional.
47.
D.
The most likely cause of the problem is that the default gateway is not configured. Answer A is incorrect because from the output it appears that the DNS servers are on the same subnet as this system.
Answer B does not apply because addressing is configured statically, so there is no DHCP service. This is not a problem, however. Answer C is incorrect because the subnet mask is the correct default subnet mask for a Class C network.
48.
C.
DNS allows hostname resolutions to occur internally. In most cases, companies use a DNS server provided by the ISP. In some cases, however, it might be appropriate to have a DNS server on the internal network. Answer A is incorrect as NAT is normally a function of firewall or proxy servers. Answer B describes the purpose of a WINS server.
Answer D describes the function of a proxy server.
49.
D.
Private address ranges are designed for use on private networks.
The ranges are
192.168.X.X
,
10.X.X.X
, and
172.16.X.X
–
172.32.X.X
.
Answers A, B, and C are all valid private IP address ranges.
50.
B
. Samba is an application that can be run on a Linux server that enables Windows clients to use the server as a file and print server without any additional client software. If there were a large number of users who required this functionality, installing Samba would be a suitable solution. If only one or two users required access, you would be more likely to use FTP, or install a Network File System (NFS) client on the Windows XP Professional systems. Either of these options would allow the client systems to copy files to or from the Linux server. The most commonly used network management systems are those that rely on the Simple Network Management Protocol (SNMP).
14 2548 ch13 5/16/05 12:35 PM Page 369
Installing Samba on the Linux server is unlikely to be part of a network management system installation. If you want to automate the allocation of IP addresses to client systems, you would install a DHCP server.
You would not install Samba.
51.
IANA is responsible for assigning IP addresses for systems on public networks—specifically, the Internet. Answer A is incorrect. IANA is responsible for assigning IP addresses for use on public networks (such as the Internet). Answer C is incorrect because domain names are administered by domain registry organizations. Answer D is incorrect because you don’t need to apply for a network address for use on a private network.
52.
A VLAN is implemented on a switch to create multiple separate networks. A proxy server (answer A) is used to control access to the
Internet. Subnet masking (answer B) is not a valid method of creating separate networks. NAS (answer C) describes storage devices that are attached directly to the network media.
53.
and
IP and IPX are responsible for network addressing. Answers
B and D are incorrect because SPX and TCP are transport-layer protocols and are not responsible for network addressing.
54.
. In a typical configuration, a wireless antenna can be either omni directional or directional. An omni-directional antenna provides a 360degree dispersed wave pattern. This provides an even signal in all directions. Directional antennas are designed to focus the signal in a particular direction. Omni dispersed and directional dispersed are not valid types of antennas.
55.
The Internet Group Multicast Protocol (IGMP) is used by systems within the same multicast group to communicate registration information. The Internet Control Message Protocol (ICMP) works with IP to provide error checking and reporting functionality on a network. The
Network News Transfer Protocol (NNTP) is used to access Internet newsgroups. The Lightweight Directory Access Protocol (LDAP) is a protocol used to access directory services systems.
56.
and
Fiber-optic cable can use either SC or ST type connectors.
RJ-11 connectors (answer A) are associated with telephone cable, RJ-
45 (answer C) connectors are associated with UTP cable, and BNC connectors (answer E) are associated with thin coaxial cable.
57.
.USB interfaces have a number of connectors associated with them, but the most common are called Type A and Type B. FireWire interfaces use either a 4-pin or a 6-pin connector, neither are referred to as
369
14 2548 ch13 5/16/05 12:35 PM Page 370
370
Type A or Type B. RJ-11 is a type of connector associated with phone system wiring. Fiber optic interfaces use a wide range of connectors, but none are called Type A or Type B.
58.
A.
When a new NIC is installed on a Token Ring network, the speed of the card has to be set to match the speed used by the network.
Answer B is incorrect because Token Ring networks operate at either
4Mbps or 16Mbps. Answer C is incorrect because full-duplex connections are not used on Token Ring networks. Answer D is incorrect because, although it is possible, a faulty card is not the most likely answer
59.
B.
The most likely explanation is that port
443
, the HTTPS default port, is being blocked by a corporate firewall. Port
80
(answer A) is used by HTTP. All modern Web browsers support HTTPS automatically; therefore, answer C is incorrect. Port
110
POP3.
(answer D) is used by
60.
A.
Class A subnets use the range 1 to 126 for the value of the first octet. Answer B is the loopback address, which allows the IP stack functionality to be tested. Answers C and D are both addresses in the
Class B range (128–191).
61.
A
and
C.
Infrared and Bluetooth are wireless technologies commonly used to create personal area networks. They replace the need for peripheral cables. 802.11a is a wireless standard used for LAN-based networking and not designed for attaching peripheral devices. Ethernet wireless is not a wireless standard.
62.
A
and
C.
Systems that have APIPA assigned addresses will be able to talk to each other, but not with any other systems (answer B). Systems with APIPA assigned addresses will not be able to access the Internet, as the APIPA assigned information does not include default gateway information. Therefore, communication is limited to the local network.
Answer D is incorrect because the systems with APIPA addresses will be able to talk to each other, even though they will not be able to communicate with any other systems.
63.
B, C,
and
D.
FTP, DHCP, and HTTP are all protocols in the
TCP/IP protocol suite. AFP (answer A) is part of the AppleTalk protocol suite. NCP (answer E) is part of the IPX/SPX protocol suite.
64.
C.
SMTP is used for sending email. Answer A is not a valid answer.
Answers B and D are incorrect because POP3 and IMAP are email retrieval protocols, not protocols for sending email.
14 2548 ch13 5/16/05 12:35 PM Page 371
65.
The Service Set Identifier (SSID) is a unique identifier sent over the WLAN that acts as a simple password used when a client attempts to access an access point. The SSID is used to differentiate between networks; therefore, the client system and the AP must use the same
SSID. WEP represents a form of wireless security, and the wireless channel is the band of frequency used for the wireless communication.
66.
The MAC address is a 6-byte address expressed in six pairs of hexadecimal values. Because it is hexadecimal, only the letters A through F and numbers can be used. Answer B is incorrect because MAC addresses are expressed as six hexadecimal pairs. Answer C shows an example of an IPv4 address. Answer D shows an example of an IPv6 address.
Answer E is incorrect because MAC addresses are expressed in hexadecimal; therefore, only the letters A through F and numbers can be used.
67.
. The Lightweight Directory Access Protocol (LDAP) is an application layer protocol that can be used to execute commands such as queries against LDAP compliant directory service systems such as
Microsoft Active Directory or Novell Directory Services. NNTP is a protocol used to access Internet newsgroups. ICMP is a protocol that works with IP to provide error checking and reporting functionality on a network. SFTP is a secure implementation of the File Transfer
Protocol (FTP).
68.
A firewall can provide several services to the network, including
NAT, proxy services, and packet filtering. NAS is not a function of a firewall server. Answers A, B, and C are all incorrect because NAT, packet filtering, and proxy functionality are all commonly implemented on firewall systems.
69.
The output shown is from the dig command. dig is used on UNIX and Linux systems to run manual DNS lookups. The nslookup command also performs this function, but it produces different output. The nbtstat command provides information on NetBIOS name resolutions, and the netstat command shows what TCP/IP protocol connections have been established on a system. Both of these commands produce different output from dig
.
70.
The service to which a data packet is destined is determined by the port number to which it is sent. Answers B, C, and D are not valid.
71.
The output displayed in this question is from the Windows tracert utility. Answers A, B, and C are all incorrect. These utilities produce output that is different from the output shown.
371
14 2548 ch13 5/16/05 12:35 PM Page 372
372
72.
A.
The physical layer of the OSI seven-layer model is responsible for placing the signal on the network media. The data-link layer (answer
B) is responsible for physical addressing and media access. MAC and
LLC (answers C and D) are sublayers of the data-link layer.
15 2548 ch14 5/16/05 12:35 PM Page 373
14
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
This exam consists of 72 questions that reflect the material covered in this book. The questions are representative of the types of questions you should expect to see on the Network+ exam; however, they are not intended to match exactly what is on the exam.
Some of the questions require that you deduce the best possible answer.
Often, you are asked to identify the best course of action to take in a given situation. You must read the questions carefully and thoroughly before you attempt to answer them. It is strongly recommended that you treat this as if it were the actual exam. When you take it, time yourself, read carefully, and answer all the questions to the best of your ability.
The answers to all the questions appear in the section following the exam.
Check your letter answers against those in the answers section, and then read the explanations provided. You might also want to return to the chapters in the book to review the material associated with any incorrect answers.
15 2548 ch14 5/16/05 12:35 PM Page 374
374
1. As system administrator, you have been asked to implement name resolution on your network. The network uses both Windows and UNIX systems. Which of the following are you most likely to use?
❍
❍
❍
❍
A. LMHOSTS
B. DNS
C. WINS
D. DHCP
2. You are attempting to connect an Apple workstation to an existing
TCP/IP network. The Apple system was previously used on a peer-topeer network using the AppleTalk protocol. When the system is connected to your network, it cannot connect to the server. Which of the following could you do to connect the Apple workstation? (Select two.)
❍
❍
❍
❍
A. Install the AppleTalk protocol on the server
B. Install the TCP/IP protocol on the workstation
C. Install NetBEUI on the workstation
D. Install TCP/IP on the server
3. You have been employed by a small company to implement a fault-tolerant hard disk configuration. You have purchased four 40GB hard disks and intend on installing RAID 5 on the server. What is the storage capacity of the RAID solution?
❍
❍
❍
❍
A. 120GB
B. 40GB
C. 80GB
D. 160GB
4. You have been called in to troubleshoot a small network. The network uses TCP/IP and statically assigned IP information. You add a new workstation to the network, which can connect to the local network but not to a server on a remote network. Which of the following is most likely the cause of the problem?
❍
❍
❍
❍
A. Incorrect IP address.
B. Incorrect default gateway.
C. DHCP server is unavailable.
D. Duplicate IP addresses are being used.
5. You have been employed to configure a 10Base2 network. Which of the following technologies would you use? (Choose two.)
❍
❍
❍
❍
❍
A. UTP
B. STP
C. T-connectors
D. RJ-11 connectors
E. RG-58 cable
15 2548 ch14 5/16/05 12:35 PM Page 375
6. You are working as an administrator in a network using NetWare,
Windows, and UNIX servers. You need to assign user permissions on the UNIX and Windows systems. Which of the following permissions are available on the Windows server but not on the UNIX server?
❍
❍
❍
❍
A. Read
B. Write
C. Execute
D. Change
7. You have just installed a new Windows 2000 server on your network.
When first logging on to the system, which of the following is required to log on?
❍
❍
❍
❍
A. Username
B. Password
C. Context
D. Administrator’s username
8. Which of the following topology types offers the greatest amount of redundancy?
❍
❍
❍
❍
A. Star
B. Bus
C. Ring
D. Mesh
9. You need to install a network printer and require the printer’s MAC address to finish the installation. Which of the following represents a valid MAC address?
❍
❍
❍
❍
A.
B.
C.
D.
192.168.2.13
0x00007856
00:04:e2:1c:7b:5a
56g78:00h6:1415
10. You have been called in to replace a faulty ST connector. Which of the following media types are you working with?
❍
❍
❍
❍
A. RG-58
B. RG-62
C. Single mode fiber
D. SCSI
375
15 2548 ch14 5/16/05 12:35 PM Page 376
376
11. Your manager has asked you to recommend a secure way to copy files between a server on your network and a remote server in another location. Which of the following solutions are you most likely to recommend?
❍
❍
❍
❍
A. TFTP
B. FTP
C. SFTP
D. IGMP
12. You are setting up a wide area network between two school campuses and decide to use BRI ISDN. What is the maximum throughput of your connection?
❍
❍
❍
❍
A. 64Kbps
B. 128Kbps
C. 128Mbps
D. 64Mbps
13. You are troubleshooting a 10Base2 network and suspect that the maximum cable length has been exceeded. What is the maximum length of a 10BASE-2 network segment?
❍
❍
❍
❍
A. 25 meters
B. 100 meters
C. 185 meters
D. 500 meters
14. You have been given the task of installing Samba on a Linux server.
What services does this product provide?
❍
❍
❍
❍
A. Web server services
B. Thin client services
C. File and print services
D. Proxy server services
15. What is the maximum cable length of a 10BaseT network?
❍
❍
❍
❍
A. 185 meters
B. 500 meters
C. 100 meters
D. 50 meters
16. While troubleshooting a DNS issue from a UNIX server, you suspect that the DNS record for one of your other servers is incorrect. Which of the following utilities are you most likely to use to troubleshoot this problem?
❍
❍
❍
❍
A.
B.
C.
D.
ipconfig dig netstat nbtstat
15 2548 ch14 5/16/05 12:35 PM Page 377
17. A number of users have called to report printing problems. Upon investigation, you trace the problem to a network printer connected to a server system. You arrive at the printer to find that it is connected online and appears to perform a test print without any problems. You check the network connectivity, and that seems to be okay as well.
Which of the following troubleshooting steps would you perform next?
❍
❍
❍
❍
A. Examine the log files on the server to determine whether there are any printing-related events.
B. Reboot the server that acts as the print server.
C. Remove and reinstall the printer drivers.
D. Change the network cable that connects the printer to the network.
18. You are experiencing problems with the network connectivity of a
Windows 2000 system, and you suspect that there might be a problem with an incorrect route in the routing table. Which of the following
TCP/IP utilities can you use to view the routing table? (Select two.)
❍
❍
❍
❍
❍
A.
B.
C.
D.
E.
tracert nbstat route netstat ping
19. Because of a promotion, you are moving one of the administrators to a new corner office. The administrator has a wireless connection to the network that has continued to operate consistently. After the move to the new office, the administrator can still access the network, but speeds are slower and periodically the connection fails altogether.
What is the likely cause of the problem?
❍
❍
❍
❍
A. The SSID on the client system is incorrectly set.
B. IPSec has been configured to use high-level encryption
C. The administrators system has been moved too far from the AP.
D. The wireless channel is incorrectly set on the client station.
20. Which of the following services provides name resolution services for
FQDNs?
❍
❍
❍
❍
❍
A. DNS
B. DHCP
C. WINS
D. ARP
E. NTP
377
15 2548 ch14 5/16/05 12:35 PM Page 378
378
21. You are installing a 100BaseFX network and need to purchase connectors. Which of the following might you purchase? (Choose two.)
❍
❍
❍
❍
A. RJ-45
B. ST
C. BNC
D. SC
22. Which of the following network services or protocols is not associated with file sharing?
❍
❍
❍
❍
A. NFS
B. SMB
C. LPD
D. AFP
23. When designing a network, you have been asked to select a cable that offers the most resistance to crosstalk. Which of the following are you likely to choose?
❍
❍
❍
❍
A. Multimode fiber-optic
B. Shielded twisted pair
C. UTP
D. Shielded mesh
24. Which of the following are considered disaster recovery measures?
(Select two.)
❍
❍
❍
❍
A. Backups
B. UPS
C. RAID 5
D. Off-site data storage
25. Which command produces the following output?
Interface: 24.77.218.58 --- 0x2
Internet Address Physical Address Type
24.77.216.1 00-00-77-99-a4-4c dynamic
❍
❍
❍
❍
A.
B.
C.
D.
arp tracert ipconfig netinf
26. A user with a newly created user account cannot access an application on the network, yet other users can. Which of the following troubleshooting steps are you likely to perform first?
❍
❍
❍
❍
A. Delete the application and reinstall it.
B. Delete the user account and re-create it.
C. Change the password of the new user account.
D. Check the file permissions for the new user account.
15 2548 ch14 5/16/05 12:35 PM Page 379
27. Because of a recent security breach, you have been asked to design a security strategy that will allow data to travel encrypted through both the Internet and intranet. Which of the following protocols would you use?
❍
❍
❍
❍
A. IPSec
B. SST
C. CHAP
D. FTP
28. As part of a network upgrade, you have installed a router on your network creating two networks. Now, workstations on one side of the router cannot access workstations on the other side of the router.
Which of the following configuration changes would you need to make to the workstations to enable them to see devices on the other network? (Choose two.)
❍
❍
❍
❍
A. Change the IP address assignments on one side of the router so that the router is on a different IP network from the other one.
B. Update the default gateway information on all systems so that they use the newly installed router as the gateway.
C. Update the default gateway information on all systems so that they use a workstation on the other network as the default gateway.
D. Make sure that the IP address assignments on all network workstations are the same.
29. Which type of cable should be used in a 100BaseT network?
❍
❍
❍
❍
A. RG-58
B. Category 4 UTP
C. Category 5 UTP
D. Multimode fiber
30. Which of the following network types is easiest to add new nodes to?
❍
❍
❍
❍
A. Bus
B. Ring
C. Star
D. Mesh
31. Which of the following connectors is used with fiber-optic cable?
(Choose three.)
❍
❍
❍
❍
A. SC
B. F-type
C. MTRJ
D. LC
379
15 2548 ch14 5/16/05 12:35 PM Page 380
380
32. You have recently installed a DHCP server to replace static IP addressing. You configure all client systems to use DHCP and then reboot each system. Once rebooted, they all have an IP address in the
169.254.0.0
range. Which of the following statements is true?
❍
❍
❍
❍
A. The DHCP server has been configured to assign addresses in the
169.254.0.0
IP range.
B. The DHCP must be rebooted.
C. Client systems are unable to access the new DHCP server.
D. Client systems are getting IP address information from the
LMHOSTS file.
33. Placing a node on which of the following types of networks would require that you obtained an address from IANA?
❍
❍
❍
❍
A. Private network
B. Public network
C. Ethernet network
D. WAN
34. You are implementing a new network. From the network specifications, you learn that you will be using the 1000BaseCX standard. What type of cable will you be using?
❍
❍
❍
❍
A. Multimode fiber
B. STP
C. Single mode fiber
D. CoreXtended fiber
35. Which of the following network protocols can recover from lost or corrupted packets in a network transmission?
❍
❍
❍
❍
A. L2TP
B. TCP
C. IPX
D. ARP
36. A colleague decided to close all unused ports on the corporate firewall to further secure the network from intruders. The ports that were open were
25
,
80
,
110 and
53
. Your colleague knew that
25 and
110 required for email and that
80 are is used for nonsecure Web browsing, so he decided to close
53
, as he didn’t think it was necessary. Which network service is now unavailable?
❍
❍
❍
❍
A. Secure HTTP
B. FTP
C. Telnet
D. DNS
15 2548 ch14 5/16/05 12:35 PM Page 381
37. You are working on a Linux system, and you suspect that there might be a problem with the TCP/IP configuration. Which of the following commands would you use to view the network card configuration of the system?
❍
❍
❍
❍
A.
B.
C.
D.
config ipconfig winipcfg ifconfig
38. You have configured network clients to obtain IP addresses using
APIPA. Which of the following IP ranges would be assigned to client systems?
❍
❍
❍
❍
A.
B.
C.
D.
10.10.0.0
–
10.254.254.0
169.168.0.0
–
169.168.255.255
192.168.0.0
–
192.168.254.254
169.254.0.1
–
169.254.255.254
39. Your manager has asked you to implement a fault-tolerant disk solution on your server. You have two 30GB hard disks and two controllers, so you decide to implement RAID 1. After the installation, your manager asks you how much storage space is now available for storing data.
What do you tell her?
❍
❍
❍
❍
A. 30GB
B. 40GB
C. 60GB
D. 120GB
40. Which of the following statements best describes PRI ISDN?
❍
❍
❍
❍
A. PRI ISDN uses 128 B channels and two D channels.
B. PRI ISDN uses 23 B channels and one D channel.
C. PRI ISDN uses two B and one D channel.
D. PRI ISDN uses 23 D channels and one B channel.
41. Which of the following media types is used with the 802.3 1000BaseSX standard?
❍
❍
❍
❍
A. Coaxial
B. UTP
C. Single mode fiber-optic
D. Multimode fiber-optic
381
15 2548 ch14 5/16/05 12:35 PM Page 382
382
42. Which of the following user security models would you use if you were looking for the highest levels of security on your network? (Choose two.)
❍
❍
❍
❍
A. User-administered security
B. User-level security
C. Share-level security
D. Centrally administered security
43. A remote user calls you because he cannot dial in to the remote server.
He says that the modem dials the number and negotiates the connection, but then the line is dropped. Which of the following two troubleshooting steps are you likely to try first? (Choose two.)
❍
❍
❍
❍
A. Change the modem IRQ assignments.
B. Run a remote diagnostic on the remote access server’s modem.
C. Ask the user to verify that the username and password are correct.
D. Ask the user to verify that he is dialing the correct system.
44. At which layer of the OSI model does a NIC operate?
❍
❍
❍
❍
A. Physical
B. Network
C. Data-link
D. Transport
45. You are working with a Macintosh network. Which of the following
AppleTalk protocols provides file sharing for the network?
❍
❍
❍
❍
A. SMB
B. Samba
C. NFS
D. AFP
46. You are implementing a 100BaseT network. Which logical topology does the network use?
❍
❍
❍
❍
A. Ring
B. Star
C. Mesh
D. Bus
47. Consider the following output:
Proto Local AddressForeign Address State
TCP laptop:2848 MEDIASERVICES1:1755 ESTABLISHED
TCP laptop:1833 www.dollarhost.com:80 ESTABLISHED
TCP laptop:2858 194.70.58.241:80 ESTABLISHED
TCP laptop:2860 194.70.58.241:80 ESTABLISHED
TCP laptop:2354 www.dollarhost.com:80 ESTABLISHED
TCP laptop:2361 www.dollarhost.com:80 ESTABLISHED
TCP laptop:1114 www.dollarhost.com:80 ESTABLISHED
TCP laptop:1959 www.dollarhost.com:80 ESTABLISHED
15 2548 ch14 5/16/05 12:35 PM Page 383
TCP laptop:1960 www.dollarhost.com:80 ESTABLISHED
TCP laptop:1963 www.dollarhost.com:80 ESTABLISHED
TCP laptop:2870 localhost:8431 TIME_WAIT
TCP laptop:8431 localhost:2862 TIME_WAIT
TCP laptop:8431 localhost:2863 TIME_WAIT
TCP laptop:8431 localhost:2867 TIME_WAIT
TCP laptop:8431 localhost:2872 TIME_WAIT
Which of the following commands produces this output?
❍
❍
❍
❍
A.
B.
C.
D.
arp netstat nbtstat tracert
48. Which of the following protocols or services enables Windows-based clients to access resources on a Linux server?
❍
❍
❍
❍
A. IPSec
B. Samba
C. AFP
D. NFS
49. You are attempting to troubleshoot a remote connectivity problem for a user. Although the modem seems to be working properly within the computer, you cannot get the modem to dial a number. Working within a terminal software application, you attempt to communicate directly with the modem. From within the terminal application, which command would you issue to reset the modem?
❍
❍
❍
❍
A. ATD
B. ATI3
C. ATZ
D. ATH
50. Which of the following protocols maps Layer 2 addresses to Layer 3 addresses on a TCP/IP network?
❍
❍
❍
❍
A. ARPA
B. ARP
C. AARP
D. RARP
51. You have been asked to implement a server clustering strategy. Which of the following is a reason to use server clustering? (Select two.)
❍
❍
❍
❍
A. Increase data transmissions security over the LAN
B. Increase data transmission security over the WAN
C. Increase server service fault tolerance
D. Reduce network downtime
383
15 2548 ch14 5/16/05 12:35 PM Page 384
384
52. Which of the following is not a type of Digital Subscriber Line (DSL) technology?
❍
❍
❍
❍
A. VHDSL
B. RADSL
C. ADSL
D. XTDSL
53. You come into work on Monday to find that the DHCP server has failed over the weekend. Before you can fix it, client systems boot up and are able to communicate with each other. However, they are not able to directly access the Internet or a remote network segment.
Given that the DHCP server has failed, how are systems able to communicate?
❍
❍
❍
❍
A. The DHCP service was recovered automatically using the Windows
XP automatic restoration utility.
B. The DHCP addressing information was obtained from the client cache.
C. The client systems are assigned an IP address using APIPA.
D. The client systems are using static IP addressing.
54. Which of the following is a reason to implement a proxy server?
(Select two.)
❍
❍
❍
❍
A. To centrally control Internet access
B. To protect the internal network from intruders
C. To provide NAT services
D. To provide automatic IP addressing on the network
55. Consider the following output:
Name Type Status
---------------------------------------------
LAPTOP <00> UNIQUE Registered
KCS <00> GROUP Registered
LAPTOP <03> UNIQUE Registered
Which of the following commands would produce this output?
❍
❍
❍
❍
A.
B.
C.
D.
nbtstat netstat ifconfig arp
56. Which of the following wireless technologies are typically used to create a wireless personal area network?
❍
❍
❍
❍
A. Infrared
B. 802.11g
C. Bluetooth
D. 802.11c
15 2548 ch14 5/16/05 12:35 PM Page 385
57. Which of the following is a valid Class C address that could be assigned to a workstation on the network?
❍
❍
❍
❍
A.
B.
C.
D.
200.200.200.200
200.200.200.255
143.67.151.17
203.16.42.0
58. At which layer of the OSI model is flow control performed?
❍
❍
❍
❍
A. Network
B. Transport
C. Session
D. Data-link
59. Which of the following statements is true of IMAP?
❍
❍
❍
❍
A. IMAP leaves messages on the mail server, so they can be viewed and accessed from various locations.
B. IMAP is used for sending as well as receiving email.
C. IMAP can only be used for sending mail.
D. IMAP uses port
110
.
60. You are implementing a new network that will use 100BaseT with switches configured for full duplex. What is the maximum throughput that will be possible between two devices on the network?
❍
❍
❍
❍
A. 10Mbps
B. 20Mbps
C. 200Mbps
D. 100Mbps
61. Your manager has asked you to implement a RAID 5 fault-tolerant disk solution using four 40GB disks. He now wants to know how much data storage capacity will be lost by the implementation. What do you tell him?
❍
❍
❍
❍
A. 10GB
B. 20GB
C. 40GB
D. 120GB
62. A user calls you from a conference room. He needs to connect to the corporate RAS server, but the modem in his system is reporting a “no dial tone” error. When he plugs the telephone back in to the phone socket, he gets a dial tone and is able to dial out successfully. What is the most likely cause of the problem?
❍
❍
❍
❍
A. The phone line in the room is analog.
B. The phone line in the room is faulty.
C. The modem is faulty.
D. The phone line in the room is digital.
385
15 2548 ch14 5/16/05 12:35 PM Page 386
386
63. Which of the following is not a valid file permission on a Windows
2000 system?
❍
❍
❍
❍
A. Read
B. Attribute
C. Execute
D. Write
64. Which of the following utilities would you use to view the TCP connections that have been established between two systems?
❍
❍
❍
❍
A.
B.
C.
D.
netstat nbtstat tracert ipconfig
65. Which of the following authentication systems uses tickets as part of its authentication process?
❍
❍
❍
❍
A. HTTPS
B. POP3
C. Kerberos
D. SSL
66. On an AppleTalk network, what is the function of AARP?
❍
❍
❍
❍
A. It is a distance-vector routing protocol.
B. It allows the resolution of AppleTalk addresses to MAC addresses.
C. It allows the resolution of MAC addresses to AppleTalk addresses.
D. It is a link-state routing protocol.
67. Which term describes the process of using parts of the node address range of an IP address as the network ID?
❍
❍
❍
❍
A. Subnetting
B. Supernetting
C. Subnet masking
D. Super routing
68. One of the network devices used on your network forwards packets only to an intended port. Which of the following devices does this describe?
❍
❍
❍
❍
A. Hub
B. Switch
C. Gateway
D. PPP
15 2548 ch14 5/16/05 12:35 PM Page 387
69. A user on your network can send data packets within the local subnet but cannot send packets beyond the local subnet. Which of the following is likely the problem?
❍
❍
❍
❍
A. Invalid permissions
B. Incorrect gateway information
C. No DNS server installed
D. No WINS server installed
70. You are the administrator for a network that uses TCP/IP. You are using a single registered Class C network address. You want to continue to use it because many of your systems are accessed from outside sources, but you also want to create more networks so that you can manage traffic and security more effectively. Which of the following strategies would help you achieve this?
❍
❍
❍
❍
A. Implement a
127.x.x.x
addressing system throughout the network.
B. Use reverse proxy.
C. Use subnetting.
E. Use private addressing.
71. In a hardware loopback plug, which wire numbers are connected?
(Choose the two best answers.)
❍
❍
❍
❍
❍
A. 3 and 5
B. 1 and 3
C. 1 and 2
D. 3 and 4
E. 2 and 6
72. Which of the following wireless technologies operates at a 5GHz RF range?
❍
❍
❍
❍
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11
387
15 2548 ch14 5/16/05 12:35 PM Page 388
16 2548 ch15 5/16/05 12:35 PM Page 389
15
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.
B
16.
B
31.
A, C, and D
45.
D
2.
A and B
17.
A
46.
D
32.
C
3.
A
18.
C and D
47.
B
33.
B
4.
B
19.
C
48.
B
34.
B
5.
C and E
20.
A
49.
C
35.
B
6.
D
21.
B and D
50.
D
36.
D
7.
A and B
22.
C
51.
C and D
37.
D
8.
D
23.
A
52.
D
38.
D
9.
C
24.
A and D
53.
C
39.
A
10.
C
25.
A
54.
A and C
40.
B
11.
C
26.
D
55.
A
41.
D
12.
B
27.
A
56.
A and C
42.
B and D
13.
C
28.
A and B
57.
A
43.
C and D
14.
C
29.
C
58.
B
44.
C
15.
C
30.
C
59.
A
60.
C
61.
C
62.
D
63.
B
64.
A
65.
C
66.
B
67.
A
68.
B
69.
B
70.
C
71.
B and E
72.
A
16 2548 ch15 5/16/05 12:35 PM Page 390
390
1.
B
. DNS is used to provide hostname to IP address resolution on
Windows and UNIX systems. A is wrong because the
LMHOSTS file is used to resolve NetBIOS names to IP address. Answer C is wrong because WINS resolves NetBIOS names to IP addresses. D is wrong because DHCP is used to automatically assign IP information to clients’ systems.
2.
A
and
B.
To communicate on a network, the server and the client must use the same protocol. In this scenario, installing AppleTalk on the server or TCP/IP on the client would allow the client to access the server. C is wrong because Apple systems do not use the NetBEUI protocol. D is wrong because TCP/IP is already installed on the server; to communicate on the network, the client must also have TCP/IP installed.
3.
A.
RAID 5 reserves the equivalent space of one partition in the array for parity information. In this scenario, there are four 40GB hard disks.
With one reserved for parity, you have 160GB total space; and with
40GB removed for parity, there is 120GB of actual data storage.
4.
B.
To connect to systems on a remote network, the default gateway has to be correctly assigned. If this address is entered manually, the number might have been incorrectly entered. Answer A is incorrect.
Because the system is able to connect to the local network, the actual address is correctly assigned. Answer C is incorrect because IP addresses are statically assigned. Answer D is incorrect because duplicate addresses will prevent the system from being able to log onto the network.
5.
C
and
E.
10Base2 networks use BNC connectors including T-connectors and RG-58 cable (Thinnet coaxial cable). None of the other technologies are used in 10Base2 networks.
6.
D.
The change permission is available on Windows-based server systems but not on UNIX systems. All the other permissions are available on both platforms.
7.
A
and
B.
When logging on to a Windows server, all that is required is a valid username and password. C is incorrect because a context is associated with logging on to a NetWare network. D is wrong because you can log on using the administrator’s username, but this is not required.
16 2548 ch15 5/16/05 12:35 PM Page 391
8.
. In a mesh topology, each device is connected directly to every other device on the network. Such a structure requires that each device have at least two network connections. All other network configurations do not offer the same level of redundancy as a true mesh network.
9.
A MAC address contains six hexadecimal number sets. The first three sets represent the manufacturer’s code, whereas the last three identify the unique station ID. A is wrong because the number represents a valid internal IP address. Neither C nor D are valid numbers.
10.
ST connectors are a twist-type connector used with fiber-optic media. A is wrong because RG-58 (thin coax) uses BNC type connectors. B is incorrect because RG-62 (thick coax) uses vampire type AUI connectors. D is wrong because SCSI cables use a variety of connector types—none of which include ST connectors.
11.
. The Secure File Transfer Protocol (SFTP) allows you to copy files from one location to another. SFTP provides authentication and encryption capabilities to safeguard data. TFTP is a mechanism that provides file transfer capabilities, but it does not provide security. FTP provides basic authentication mechanisms, but it does not provide encryption. IGMP is a protocol associated with multicast group communications. It is not a file transfer protocol.
12.
BRI ISDN uses two 64Kbps data channels. Combined, BRI ISDN offers a total of 128Mbps transfer rate. All of the other answers are invalid.
13.
10Base2 is an Ethernet network standard implemented using thin coaxial cable. The maximum length of a segment is 185 meters. A is incorrect. B describes 10BaseT. D describes 10Base5.
14.
Samba is a product that provides file and print services to
Windows-based clients. A is wrong because Web server services are offered through a variety of products; Samba is not one of them. B is incorrect because Samba does not offer thin client services. D is incorrect because proxy server services are offered through a variety of products; Samba is not one of them.
15.
10BaseT networks use UTP media, which have a maximum distance of 100 meters. A is not correct because 185 meters is the distance limitation of thin coax media used on 10Base2 networks. B is wrong because 500 meters is the distance limitation of thick coaxial media used with 10Base5 networks. D is wrong because 50 meters is not a valid cable distance.
391
16 2548 ch15 5/16/05 12:35 PM Page 392
392
16.
B.
The Dig command is used on UNIX and Linux systems to perform manual name resolutions against a DNS server. This can be useful in troubleshooting DNS related issues. The ipconfig, netstat, and nbtstat commands are all Windows-based commands, so they would not be used in this scenario.
17.
A
. Log files often record information about errors that can be vital to the troubleshooting process. It is also a step that has little or no impact on network services. B is wrong because rebooting the server is a lastresort troubleshooting step. C is incorrect because removing and reinstalling the printer drivers might be a valid step, but it would not be the first choice of those listed. D is wrong because changing the network cable might be a valid troubleshooting step, but because it has been verified that the network connectivity is working, this should not be necessary.
18.
C
and
D
. Both the route and the netstat commands can be used to view the routing table on a Windows 2000 system. A is wrong because the tracert utility is used to track the route a packet takes between two destinations. B is incorrect because the nbtstat command is used to view statistical information for NetBIOS connections. E isn’t correct because the ping utility is used to test network connectivity.
19.
C
. Wireless APs have a limited distance that they can send and receive data signals. Because the wireless client was recently relocated, the most likely explanation is that the system has moved too far away from the AP. SSIDs would not likely be the problem, as the configuration was correct before the move; and incorrect SSIDs would prevent network access, not cause intermittent access. Also, both the client and the
AP need to use the same wireless channel for communication to take place. The IPSec protocol secures data transmissions over the network and would not cause intermittent connectivity problems.
20.
A.
The Domain Name Service system (DNS) resolves Fully Qualified
Domain Names (FQDNs) to IP addresses. B is wrong because the
Dynamic Host Configuration Protocol (DHCP) provides automatic IP address assignment. C is wrong because the Windows Internet Naming
Service (WINS) provides NetBIOS computer name to IP address resolution. D is wrong because the Address Resolution Protocol (ARP) resolves IP addresses to MAC addresses. E is wrong because the
Network Time Protocol (NTP) facilitates the communication of time information between systems.
16 2548 ch15 5/16/05 12:35 PM Page 393
21.
and
. 100BaseFX networks use fiber media, which can use either
SC or ST connectors. A is wrong because RJ-45 connectors are used with UTP media. C is incorrect because BNC connectors are used with thin coax media on 10Base2 networks.
22.
LPD, or Line Printer Daemon, is a network service associated with print serving. It is not associated with file sharing. LPD is typically associated with UNIX or Linux systems, but versions of LPD are available for all commonly used operating systems.
23.
Unlike copper-based media, fiber-optic media is resistant to crosstalk, as it uses light transmissions. B is wrong because STP offers greater resistance to crosstalk than regular UTP, but is not as resistant as fiber-optic cable. C is incorrect because UTP cable is more susceptible to crosstalk than either STP or fiber-optic. D is wrong because shielded mesh is not a type of cable.
24.
and
Both backups and offsite data storage are considered disaster recovery measures. B is wrong because a UPS is considered a fault-tolerant measure, not a disaster recovery measure. C is wrong because
RAID 5 is considered a fault-tolerant measure, not a disaster recovery measure.
25.
The output is from the arp
-a command, which shows information related to IP address to MAC address resolutions. B is wrong because the tracert command displays the route a packet takes between two points. The output from the command is different from that shown in the example. C is incorrect because the ipconfig command displays the network configuration of a system. The output from the command is different from that shown in the example. D is wrong because there is no such command as netinf
.
26.
The problem is most likely related to incorrectly set file permissions, so this is the best course of action. A is wrong because this is unlikely to be the problem, as other users are able to access the application without a problem. B is incorrect because although this might be a solution to the problem, this would not be the first thing to try. C is wrong because if the user is able to log on, changing the password is unlikely to have any effect.
27.
. IPSec is a non-proprietary security standard used to secure transmissions both on the internal network and when data is sent outside the local LAN. IPSec provides encryption and authentication services for data communications.
393
16 2548 ch15 5/16/05 12:35 PM Page 394
394
28.
A
and
B.
The devices on one side of the router need to be configured with a different IP network address than when the network was a single segment. Also, the default gateway information on all systems will need to be updated to use the newly installed router as the default gateway.
C is wrong because the default gateway address should be the address of the router, not another workstation on the network. D is incorrect because for systems to communicate on an IP network, all devices must be assigned a unique IP address. Assigning systems the same address will cause address conflicts, thus resulting in none of the systems being able to communicate.
29.
C.
100BaseT is implemented using a minimum of category 5 UTP cable. A is wrong because RG-58 is a type of coaxial cable with a maximum speed of 10Mbps. B is incorrect because category 4 UTP cable is not intended for use on a 100BaseT network. D is wrong because multimode fiber is used in fiber-optic networks. The 100BaseT standard defines 100Mbps networking using UTP cable.
30.
C.
Each node on a star network uses its own cable, which makes it easy to add users without disrupting current ones. Adding a node to a bus network can sometimes involve breaking the segment, which makes it inaccessible to all other nodes on the network. This makes answer A incorrect. Answer B is incorrect because a true ring network model would require that the ring be broken to add a new device. Answer D is incorrect because a mesh topology requires that every device be connected to every other device on the network. It is, therefore, quite difficult to expand a mesh network.
31.
A
,
C
, and
D.
A number of connector types are associated with fiberoptic cabling, including LC, SC, and MTRJ. F-Type is a connector associated with coaxial cabling.
32.
C.
When a client system first boots up, it will look for a DHCP server.
If the server cannot be found, Automatic Private IP Addressing
(APIPA) automatically assigns IP addresses to the client systems. The addresses are not routable and cannot be used to access remote segments. The addresses assigned are in the
169.254.0.0
address range. All clients configured with the valid APIPA address will be able to communicate between each other.
33.
B.
The Internet Assigned Numbers Authority (IANA) manages the address assignments for public networks such as the Internet. A is wrong because on a private network, you can use any addressing scheme that is compatible with your network. C is incorrect because an
Ethernet network can be either private or public. It does not directly
16 2548 ch15 5/16/05 12:35 PM Page 395 need an IANA assigned addressing scheme. D is wrong because a
WAN can be either private or public. It does not directly need an
IANA assigned addressing scheme.
34.
The 1000BaseCX standard specifies Gigabit Ethernet over STP cabling. A is wrong because 1000BaseSX and 1000BaseLX specifies
Gigabit Ethernet over two types of multimode fiber. C is incorrect because single mode fiber-optic cable is used with the 100BaseFX standard. D is wrong because there is no such thing as CoreXtended fiberoptic cable.
35.
TCP is a connection-oriented protocol, so it can recover from failed transmissions. A is wrong because L2TP is used in remote access connections. C is incorrect because IPX is a connectionless transport protocol and cannot recover from lost packets. D is incorrect because ARP is part of the TCP/IP protocol suite that resolves IP addresses to MAC addresses.
36.
The DNS service uses port
53
. A is wrong because secure HTTP uses port
443
. B is incorrect because FTP uses port
21
. C is wrong because Telnet uses port
23
.
37.
On a Linux system, the ifconfig command shows the network card configuration. A is wrong because the config command shows the network configuration on a NetWare server. B is incorrect because the ipconfig command shows the network configuration information on a
Windows system. C is wrong because the winipcfg command shows the network configuration information on a certain Windows systems such as Windows 95/98.
38.
The Internet Assigned Numbers Authority (IANA) has reserved
169.254.0.1
–
169.254.255.254
for Automatic Private IP Addressing.
APIPA uses a Class B address with a subnet mask of
255.255.0.0
.
39.
In a RAID 1 scenario (disk mirroring), one disk carries an exact copy of the other. Therefore, the total volume of one disk will be lost to redundancy. All the other answers are incorrect.
40.
Primary Rate ISDN (PRI) uses 23 B channels for carrying data, and one D channel for carrying signaling information. C is incorrect because this statement describes Basic Rate ISDN (BR). D is wrong because PRI uses 23 B channels and one D channel.
41.
The gigabit Ethernet standard, 1000BaseSX, specifies a multimode fiber optic cable. 1000BaseSX can be used up to 550 meters. Other gigabit Ethernet standards use single mode fiber-optic cable or UTP cabling.
There are no gigabit Ethernet standards that use coaxial cabling.
395
16 2548 ch15 5/16/05 12:35 PM Page 396
396
42.
B
and
D.
The most secure security model commonly implemented on networks is user-level security that is administered centrally. A is wrong because user administered security is normally associated with peer-topeer networks and is not robust, as there is more than one person administering security. C is wrong because share-level security is not as secure as user-level security.
43.
C
and
D.
In most cases, you should try the simplest solutions first.
Information such as the username and password should be verified before any reconfiguration is attempted. A is wrong because if the modem is dialing the remote system and getting a response, it is most likely working correctly. B is incorrect because running a remote diagnostic on the modem is a valid troubleshooting step, but you should first verify that the correct connection information is being used.
44.
C.
Although it provides the physical connection to the network, a NIC is considered a data-link device. A, B, and D are wrong because a NIC is not said to operate at any of these layers.
45.
D.
The Apple Filing Protocol (AFP) allows clients using the AppleTalk protocol to share files across a network. SMB is a file sharing protocol used on Windows networks. Samba is a protocol that provides interoperability between Windows and Linux/UNIX systems. NFS is the file sharing protocol associated with Linux/UNIX networks.
46.
D.
The 100BaseT standard defines an Ethernet network using twisted pair cable, which would be configured in a physical star configuration.
However, even in a star configuration, an Ethernet network still uses a logical bus topology.
47.
B.
The output shown is from the netstat command from a Windowsbased system. A, C, and D are wrong because all of these commands produce a different output from that shown.
48.
B.
Running on a Linux/UNIX system, Samba allows Windows clients access to shared files and printers on a Linux/UNIX host. Samba also allows UNIX users to access resources shared by Windows systems.
49.
C.
The Hayes AT command set provides commands that allow you to communicate directly with the modem. The
ATZ command is used to reset the modem. A is wrong because the
ATD command is used to dial a number. B is incorrect because the
ATI command is used to retrieve information from the modem. The
ATI3 command shows the manufacturer and model of the modem. D is wrong because the
ATH command is used to hang up a connection.
16 2548 ch15 5/16/05 12:35 PM Page 397
50.
A layer 2 address is a MAC address. A Layer 3 address is a softwareconfigured protocol address. Because a normal resolution is considered to be a Layer-3–to–Layer-2 resolution, the resolution the other way is considered a reverse resolution. On a TCP/IP network, such a resolution is performed by the Reverse Address Resolution Protocol (RARP).
A is wrong because ARPA is not an address resolution protocol. B is incorrect because the address resolution protocol (ARP) resolves Layer
3 addresses to Layer 2 addresses. C is wrong because the AppleTalk address resolution protocol is used, on AppleTalk networks, to resolve
AppleTalk addresses to MAC addresses.
51.
and
. Server clustering is a strategy using a grouping of servers to provide fault tolerance and failover service solutions for a network. In a clustered configuration servers constantly communicate with each other. If one should fail, the other will know and take over the functions of that server including the services that the failed server delivered. This provides fault tolerance for network services. Because the network can function in the event of a failed server, network downtime is reduced. Server clustering is not used to create data transmission security.
52.
XTDSL is not a recognized form of DSL. A is wrong because Very
High Bit Rate DSL (VHDSL) is a recognized version of DSL. B is wrong because Rate Adaptive DSL (RADSL) is a recognized version of
DSL. C is wrong because Asymmetric DSL (ADSL) is a recognized, and arguably the most popular, version of DSL.
53.
If a Windows client system cannot locate and obtain an IP address from a DHCP server, it will be assigned an address automatically using
APIPA. Once assigned, all client stations with an APIPA address will be able to communicate with each other. However, APIPA addresses are meant for internal communication and cannot be used to access remote networks.
54.
and
A proxy server acts as a centralized point for Internet access, thus making it easy to control a user’s Internet use. Also, the proxy server provides network address translation services as requests are sent out to the Internet using the address of the external interface of the proxy server, not the system that sent it. B is wrong because this statement describes the function of a firewall. Although some proxy servers also offer firewalling functionality, they are separate operations. D is incorrect because this statement describes the function of DHCP.
397
16 2548 ch15 5/16/05 12:35 PM Page 398
398
55.
A.
The output shown is from an nbtstat command running on a
Windows system. B, C, and D are wrong because all of these commands produce different output from that shown.
56.
A
and
C
. Infrared and Bluetooth are short range wireless technologies used to connect personal devices such as PDAs, printers, and other resources to a computer. These are called a Personal Area Network
(PAN) because it is a small network designed for personal use. PANs are often seen in coffee shops, libraries, or other areas where users work remotely. The 802.11 wireless standards, including 802.11g, are used to create wireless LANs, which include more devices, users, and resources.
57.
A.
Although it looks odd, this is a valid Class C address that could be assigned to a system on the network. B is the broadcast address of the network
200.200.200.0
. C is incorrect because it represents a valid Class
B address. D is wrong because it is the network address for the network
203.16.42
.
58.
B.
Flow control occurs at the Transport layer of the OSI model. A, C, and D are wrong because flow control does not occur at any of these layers.
59.
A.
Unlike POP3, IMAP does not directly download and then remove messages from the mail server. Instead, IMAP leaves the email on the server so that messages can be retrieved from various locations. B and
C are wrong because IMAP is used only for retrieving email. D is wrong because IMAP uses port
143
. POP uses port
110
.
60.
C.
100BaseT is a network standard that runs at 100Mbps. A fullduplex configuration in a switched environment gives a maximum throughput between two devices of 200Mbps. A is wrong because this would be the maximum speed of a 10BaseT network in half-duplex mode. B is incorrect because this would be the maximum speed of a
10BaseT network in full-duplex mode. D is wrong because this would be the maximum speed of a 100BaseT network in half-duplex mode.
61.
C.
In a RAID 5 implementation, the space equal to the size of one disk in the array is lost to the storage of parity information. D describes the amount of space available for the storage of data, not the amount of space lost to the storage of parity information.
16 2548 ch15 5/16/05 12:35 PM Page 399
62.
Most modern phone systems are digital, and therefore, regular analog modems that require analog lines will not work. A is incorrect because if the phone line in the room were analog, the modem would probably work. B is incorrect because the phone line in the room is not faulty because the user can call you to report the problem. C is incorrect because if the modem can report a “no dial tone” error, it is most likely working correctly.
63.
The attribute file permission is not a valid NTFS file permission. A,
C, and D are all valid file permissions on a Windows 2000 system.
64.
The netstat utility allows you to view the TCP/IP connections between two systems. The nbtstat utility (answer B) is used to see the status of NetBIOS over TCP/IP connections. The tracert utility
(answer C) is used to track the path that a packet of data takes between two hosts. The ipconfig utility (answer D) is used to view the IP addressing configuration information on a system.
65.
The Kerberos authentication system uses tickets as part of the authentication process. HTTPS (answer A) is an implementation of
SSL. It does not use tickets. POP3 (answer B) is an email retrieval protocol. SSL (answer D) does not use tickets.
66.
AARP is used to map the AppleTalk addresses to both Ethernet and
Token Ring physical addresses. The distance-vector routing protocol used on AppleTalk networks is RMTP, which makes answer A incorrect. C is incorrect because AARP resolves AppleTalk addresses to
MAC addresses—not the other way around. AARP is not a link-state routing protocol.
67.
The term
subnetting
refers to the process of using parts of the node address range for network addressing purposes.
Supernetting
(answer B) refers to the process of borrowing parts of the network address portion of an assigned address to be used for node addressing.
Subnet masking
(answer C) describes the process of applying a subnet mask to an address. Answer D is not a valid term.
68.
A switch is more efficient than a hub, as it forwards data only to intended ports. A is incorrect because a hub directs data packets to all devices connected to the hub. C and D are wrong because these are not network devices.
69.
If the gateway information is not correctly set, the data packets cannot get beyond the local subnet. The other options are not going to prevent the user from transmitting data to remote hosts.
399
16 2548 ch15 5/16/05 12:35 PM Page 400
400
70.
C.
Subnetting allows you to create more than one network from a single network address by manipulating the subnet mask to create more network addresses. A is wrong because the
127.x.x.x
address range is reserved for TCP/IP loopback functionality and cannot be used as an addressing scheme. B is incorrect because reverse proxy is used when a proxy server protects another server (normally a Web server), which responds to requests from users on the other side of the proxy server.
D is wrong because private addressing might well solve the issues of security and traffic management, but without also using reverse proxy, systems on the internal network aren’t available to outside users.
71.
B
and
E.
A hardware loopback plug connects the 2 and 6 wires and 1 and 3 wires to simulate a live network connection. Answers A, C, and
D are not correct for the cable in a hardware loopback adapter.
72.
A
. Each of the 802.11 wireless standards specify radio waves as the media to transport data signals. 802.11a uses the 5GHz RF range for data transmissions. 802.11, 802.11b, and 802.11g all use the 2.4GHz
RF range.
17 2548 AppA 5/16/05 12:36 PM Page 401
A
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The CD features an innovative practice test engine powered by
MeasureUp
™
, giving you yet another effective tool to assess your readiness for the exam.
MeasureUp practice tests are available in Study, Certification, Custom,
Adaptive, Missed Question, and Non-Duplicate question modes.
Tests administered in Study Mode allow you to request the correct answer(s) and explanation to each question during the test. These tests are not timed.
You can modify the testing environment
Options button.
during
the test by selecting the
Tests administered in Certification Mode closely simulate the actual testing environment you will encounter when taking a certification exam. These tests do not allow you to request the answer(s) and/or explanation to each question until after the exam.
17 2548 AppA 5/16/05 12:36 PM Page 402
402
Custom Mode allows you to specify your preferred testing environment. Use this mode to specify the objectives you want to include in your test, the timer length, and other test properties. You can also modify the testing environment
during
the test by selecting the Options button.
Missed Question Mode allows you to take a test containing only the questions you have missed previously.
Non-Duplicate Mode allows you to take a test containing only questions not displayed previously.
This feature helps you learn the material without memorizing questions and answers. Each time you take a practice test, the questions and answers appear in a different randomized order.
In this mode, you’ll receive automatic feedback on all correct and incorrect answers. The detailed answer explanations are a superb learning tool in their own right.
MeasureUp practice tests are designed to appropriately balance the questions over each technical area covered by a specific exam.
17 2548 AppA 5/16/05 12:36 PM Page 403
The minimum system requirements for the CD-ROM are
➤
Windows 95, 98, Me, NT4, 2000, or XP
➤
7Mb disk space for testing engine
➤
An average of 1Mb disk space for each test
To install the CD-ROM, follow these instructions:
If you need technical support, please contact MeasureUp at 678-356-5050 or email [email protected] Additionally, you’ll find Frequently Asked Questions (FAQ) at www.measureup.com.
403
1.
Close all applications before beginning this installation.
2.
Insert the CD into your CD-ROM drive. If the setup starts automatically, go to step 6. If the setup does not start automatically, continue with step 3.
3.
From the Start menu, select Run.
4.
Click Browse to locate the MeasureUp CD. In the Browse dialog box, from the Look In drop-down list, select the CD-ROM drive.
5.
In the Browse dialog box, double-click on Setup.exe. In the Run dialog box, click OK to begin the installation.
6.
On the Welcome Screen, click MeasureUp Practice Questions to begin installation.
7.
Follow the Certification Prep Wizard by clicking Next.
8.
To agree to the Software License Agreement, click Yes.
9.
On the Choose Destination Location screen, click Next to install the software to C:\Program Files\Certification Preparation.
If you cannot locate MeasureUp Practice Tests through the Start menu, see the section later in this appendix titled, “Creating a Shortcut to the MeasureUp Practice
Tests.”
17 2548 AppA 5/16/05 12:36 PM Page 404
404
10.
On the Setup Type screen, select Typical Setup. Click Next to continue.
11.
In the Select Program Folder screen, you can name the program folder your tests will be in. To select the default, simply click Next and the installation will continue.
12.
After the installation is complete, verify that Yes, I Want to Restart My
Computer Now is selected. If you select No, I Will Restart My
Computer Later, you will not be able to use the program until you restart your computer.
13.
Click Finish.
14.
After restarting your computer, choose Start, Programs, MeasureUp,
MeasureUp Practice Tests.
15.
On the MeasureUp Welcome Screen, click Create User Profile.
16.
In the User Profile dialog box, complete the mandatory fields and click
Create Profile.
17.
Select the practice test you want to access and click Start Test.
To create a shortcut to the MeasureUp Practice Tests, follow these steps.
1.
Right-click on your Desktop.
2.
From the shortcut menu select New, Shortcut.
3.
Browse to C:\Program Files\MeasureUp Practice Tests and select the
MeasureUpCertification.exe or Localware.exe file.
4.
Click OK.
5.
Click Next.
6.
Rename the shortcut
MeasureUp
.
7.
Click Finish.
After you have completed step 7, use the MeasureUp shortcut on your
Desktop to access the MeasureUp products you ordered.
17 2548 AppA 5/16/05 12:36 PM Page 405
If you encounter problems with the MeasureUp test engine on the CD-
ROM, please contact MeasureUp at 1-678-356-5050 or email [email protected] measureup.com. Technical support hours are from 8 a.m. to 5 p.m. EST
Monday through Friday. Additionally, you’ll find Frequently Asked
Questions (FAQ) at www.measureup.com.
If you’d like to purchase additional MeasureUp products, telephone 1-678-
356-5050 or 1-800-649-1MUP (1687) or visit www.measureup.com.
405
17 2548 AppA 5/16/05 12:36 PM Page 406
18 2548 Glossary 5/16/05 12:36 PM Page 407
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
An IEEE 802.3 specification for
Ethernet at 10Mbps over thin coaxial cable. The maximum length of a 10Base2 segment is 185 meters
(that is, 607 feet). 10Base2 operates at 10Mbps and uses a baseband transmission method.
The IEEE 802.3 specification for
10Mbps Ethernet using thick coaxial cable. The maximum length of a
10Base5 segment is 500 meters
(that is, 1,640 feet).
The IEEE 802.3 specification for running Ethernet at 10Mbps over fiber optic cable. The maximum length of a 10BaseFL segment is
2,000 meters (6,561 feet).
The IEEE 802.3i specification for running Ethernet at 10Mbps over twisted-pair cabling. The maximum length of a 10BaseT segment is 100 meters (that is, 330 feet).
The IEEE 802.3 specification for running Fast Ethernet at 100Mbps over fiber-optic cable. The maximum length of a 100BaseFX segment is 2,000 meters (6,561 feet), in full duplex mode.
The IEEE 802.3 specification for running Ethernet at 100Mbps over twisted-pair cabling. The maximum length of a 100BaseT segment is 100 meters (that is, 330 feet).
18 2548 Glossary 5/16/05 12:36 PM Page 408
408
The IEEE specification that allows the use of Fast Ethernet (100Mbps) technology over existing Category
3 and Category 4 wiring, using all four pairs of wires. The maximum length of a 100BaseT4 segment is
100 meters (that is, 330 feet).
An IEEE 802.3u specification, also known as Fast Ethernet, for running Ethernet at 100Mbps over
STP or UTP. The maximum length of a 100BaseTX segment is
100 meters (that is, 330 feet).
The IEEE 802.12 specification that allows data transmissions of
100Mbps over Category 3 cable, using all sets of wires.
VG
in
100BaseVG-AnyLAN stands for
voice grade
because of its capability to be used over voice-grade cable.
The maximum length of a
100BaseVG-AnyLAN segment is
100 meters (330 feet) on Category
3 cable, 150 meters (492 feet) on
Category 5 cable, and 2,000 meters
(6,561 feet) on fiber-optic cable.
IEEE 802.3ab standard that specifies Gigabit Ethernet over
Category 5 UTP cable. The standard allows for full-duplex transmission using the four pairs of twisted cable
The IEEE 802.3z specification, also known as Gigabit Ethernet, that defines standards for data transmissions of 1000Mbps
(1Gbps). 1000Basex is most often associated with fiber or STP cable.
1000BaseX refers collectively to three distinct standards:
1000BaseLX, 1000BaseSX, and
1000BaseCX.
IEEE802.3ab standard that uses a special shielded copper cable.
1000BaseCX can be used up to a maximum distance of 25 meters.
IEEE 802.3z standard that specifies
Gigabit Ethernet over fiber-optic cable. 1000BaseLX can be used up to 5,000 meters.
IEEE 802.3z standard that specifies
Gigabit Ethernet over fiber-optic cable.
Term commonly used to refer to the 10Gbps Ethernet networking standards such as 10GBaseER,
10GBaseLR, and 10GBaseSR. 10
Gigabit Ethernet is defined in the
IEEE 802.3ae standard
10Gbps Ethernet networking standard that can be used up to 40,000 meters.
18 2548 Glossary 5/16/05 12:36 PM Page 409
10Gbps Ethernet networking standard that can be used up to 10,000 meters. 10GBaseLR uses singlemode fiber-optic cabling.
10Gbps Ethernet networking standard that can be used over relatively short distances, up to 300 meters.
A transmitter and receiver (transceiver) device commonly used to facilitate communication between a wireless client and a wired network. Wireless APs are use with the wireless infrastructure network topology to provide a connection point between WLANs and a wired Ethernet LAN.
The acknowledgment message sent between two hosts during a TCP session.
The list of trustees assigned to a file or directory. A trustee can be any object available to the security subsystem. The term ACL is also used with routers and firewall systems to refer to the list of permitted computers or users.
An X.500-compliant directory service used on Windows networks.
A hub that has power supplied to it for the purposes of regenerating the signals that pass through it.
A termination system used on a
SCSI bus. Unlike passive termination, which uses voltage resistors, active termination uses voltage regulators to create the termination voltage.
A set of numbers, used to identify and locate a resource or device on a network. An example may be an
IP address such as 192.168.2.1.
Defines a wireless network layout whereby devices communicate directly between themselves without using an access point.
Sometimes called an unmanaged or peer-to-peer wireless topology.
A person who is responsible for the control and security of the user accounts, resources, and data on a network.
On a Windows system, the default account that has rights to access everything and to assign rights to other users on the network. Unlike other user accounts, the
Administrator account cannot be deleted.
409
18 2548 Glossary 5/16/05 12:36 PM Page 410
410
A service that transmits digital voice and data over existing (analog) phone lines.
File sharing and access protocol implemented in Apple networks.
AFP can be implemented over
TCP/IP (AppleTalk over IP)
An organization that publishes standards for communications, programming languages, and networking.
A software application that detects and removes virus programs.
Technology implemented on certain Windows platforms through which a system will assign itself an
IP address in the absence of a
DHCP server. Addresses are assigned from the 169.254.x.x
address range.
Layer 7 of the OSI model, which provides support for end users and for application programs that are using network resources.
A log file on a Windows system that provides information on events that occur within an application.
A flag that is set on a file after it has been created or altered. Some backup methods reset the flag to indicate that it has been backed up.
A protocol in the TCP/IP protocol suite that is used to resolve IP addresses to MAC addresses.
Specifically, the ARP command returns a layer 2 address for a layer
3 address.
A table of entries used by ARP to store resolved ARP requests.
Entries can also be stored manually.
A group of devices arranged in a fault-tolerant configuration.
See also
RAID.
The loss of signal strength that is experienced as data is transmitted over distance and across the network media.
The process by which a user’s identity is validated on a network. The most common authentication method is a username and password combination.
18 2548 Glossary 5/16/05 12:36 PM Page 411
In ISDN, a 64Kbps channel that carries data.
See also
D channel.
A network segment that acts as a trunk between other network segments. Backbones are typically high-bandwidth implementations such as fiber-optic cable.
A document or plan that defines what type of backups are made, when, and what data is backed up.
The width of the range of electrical frequencies, or amount of channels that the media can support.
Bandwidth correlates to the amount of data that can traverse the media at one time, but other factors determine what the maximum speed supported by a cable will be.
A term applied to any media capable of carrying only a single data signal at a time.
Compare with
broadband.
A measurement of performance of a device or system for the purposes of future comparison. Baselining is a common server administration task.
The speed or rate of signal transfer. Baud rate bandwidth is measured in cycles per second, or hertz
(Hz). The word
baud
is derived from the name of French telegraphy expert J. M. Baudot.
A base 2 numbering system that is used in digital signaling. It uses only the numbers 1 and 0.
The name of the user account information database on NetWare servers up to and including
NetWare 3.x.
The process of associating a protocol with a NIC.
The science and technology of measuring and analyzing biological data. Biometrics is used for security purposes to analyze and compare characteristics such as voice patterns, retina patterns, and hand measurements.
A basic set of instructions that a device needs to operate.
An electronic digit used in the binary numbering system. Bit is a contraction of the terms
binary digit
.
and
A total loss of electrical power.
411
18 2548 Glossary 5/16/05 12:36 PM Page 412
412
The term for the blue-screen
STOP errors that occur on and halt a Windows systems.
A low-cost, short-range RF technology designed to replace many of the cords that are used to connect devices. Bluetooth uses 2.4Ghz RF and provides transmission speeds up to 16Mbps.
A family of connectors typically associated with thin coaxial cabling and 10Base2 networks. BNC connectors use a twist and lock mechanism to connect devices to the network.
A term used to describe any media that have physical constraints, such as coaxial, fiber-optic, and twisted pair.
Compare with
unbound media.
See
unbound media.
An ISDN digital communications line that consists of three independent channels: two B channels, each at 64Kbps, and one D channel, at 16Kbps. ISDN BRI is often referred to as 2B+D.
See also
ISDN, PRI.
A device that connects and passes traffic between two network segments that use the same communications protocol. Bridges operate at the data-link layer of the OSI model. A bridge filters, forwards, or floods an incoming frame based on the MAC address of that frame.
A list of MAC addresses that a bridge keeps and uses when it receives packets. The bridge uses the bridging address table to determine which segment the destination address is on before it sends the packet to the next interface or drops the packet (if it is on the same segment as the sending node).
A communications strategy that uses analog or digital signaling over multiple communications channels.
A packet delivery system in which a copy of a packet is given to all hosts attached to the network.
An undesirable condition in which broadcasts become so numerous as to bog down the flow of data across the network.
18 2548 Glossary 5/16/05 12:36 PM Page 413
A device that can be used to combine the benefits of both routers and bridges. Its common usage is to route routable protocols at the network layer of the OSI model and to bridge nonroutable protocols at the data-link layer.
A short-term decrease in the voltage level, usually caused by the startup demands of other electrical devices.
An area of memory in a device that is used to store data before it is forwarded to another device or location.
A linear LAN architecture in which all devices are connected to a common cable, referred to as a bus or backbone.
A set of bits (usually 8 bits) that operates as a unit to signify a character.
A device that provides Internet access over cable television lines.
A device that is used to check for electrical continuity along a length of cable.
Cable tester
is a generic term that can be applied to devices such as volt/ohm meters and
TDRs.
A type of DNS server that operates the same way as secondary servers except that a zone transfer does not take place when the caching-only server is started.
A signal that carries data. The carrier signal is modulated to create peaks and troughs, which represent binary bits.
An implementation of the FDDI standard that uses copper cable rather than optical cable.
A connector that uses clips that snap into place to secure the connector. Used with external SCSI devices and some printer connections.
A process in which a detailed record of every change made to the network is documented.
A communications path used for data transmission.
413
18 2548 Glossary 5/16/05 12:36 PM Page 414
414
A basic method of error checking that involves calculating the sum of bytes in a section of data and then embedding the result in the packet.
When the packet reaches the destination, the calculation is performed again to make sure that the value is still the same.
An IP addressing scheme that allows a single IP address to designate many unique IP addresses.
CIDR addressing uses an IP address followed by a ‘/’ and the IP network prefix. An example CIDR address would be
192.168.100.0/16. CIDR is sometimes referred to as Supernetting.
A method of sending data between two parties in which a dedicated circuit is created at the beginning of the conversation and broken at the end. All data transported during the session travels over the same path, or circuit.
A TCP/IP network that uses addresses from 1 to 126 and supports up to 126 subnets with
16,777,214 unique hosts each.
A TCP/IP network that uses addresses from 128 to 191 and supports up to 16,384 subnets with
65,534 unique hosts each.
A TCP/IP network that uses addresses from 192 to 223 and supports up to 2,097,152 subnets with
254 unique hosts each.
A node that uses the services from another node on a network.
A networking architecture in which front-end, or client, nodes request and process data stored by the back-end, or server, node.
A technology that allows two or more computers to act as a single system to provide improved fault tolerance, load balancing and failover capability.
A data cable, commonly referred to as
coax
, that is made of a solid copper core that is insulated and surrounded by braided metal and covered with a thick plastic or rubber covering. Coax is the standard cable used in cable television and in older bus topology networks.
A command that is used on a
NetWare server to see basic information such as the server name,
NDS information, and the details of network interface configurations.
18 2548 Glossary 5/16/05 12:36 PM Page 415
The result of two frames transmitting simultaneously on an Ethernet network and colliding, thereby damaging both frames.
A segment of an Ethernet network that is between managing nodes, where only one packet can be transmitted at any given time.
Switches, bridges, and routers can be used to segment a network into separate collision domains.
An LED on networking equipment that flashes to indicate a collision on the network. A collision light can be used to determine whether the network is experiencing a large number of collisions.
A connection through which serial devices and a computer’s motherboard can communicate. A COM port requires standard configuration information, such as an IRQ, an I/O address, and a COM port number.
The transfer of information between nodes on a network.
A device that combines several communications channels into one.
It is often used to tie multiple terminals together into one line.
Packet transfer in which delivery is not guaranteed.
Packet transfer in which delivery is guaranteed.
The linking of nodes on a network in order for communication to take place.
Normally, a backup of the entire hard drive. A copy backup is similar to a full backup, except that the copy backup does not alter the state of the archive bits on files.
A value that is used to encourage or discourage the use of a certain route through a network. Routes that are to be discouraged are assigned a higher cost, and those that are to be encouraged are assigned a lower cost.
See also
metric.
A person who attempts to break software code or gain access to a system to which he or she is not authorized.
See also
hacker.
The process of attempting to break software code, normally to defeat copyright protection or alter the software’s functioning. Also the process of attempting to gain unauthorized access to a computer system.
See also
hacking.
415
18 2548 Glossary 5/16/05 12:36 PM Page 416
416
A method used to check for errors in packets that have been transferred across a network. A computation bit is added to the packet and recalculated at the destination to determine whether the entire content of the packet has been transferred correctly.
A tool that is used to join connectors to the ends of network cables.
A UTP cable in which the 1 and 3 wires and the 2 and 6 wires are crossed for the purposes of placing the transmit line of one device on the receive line of the other.
Crossover cables can be used to directly connect two like devices— for example, two computer systems—or as a means to expand networks that use devices such as hubs or switches.
Electronic interference that is caused when two wires are too close to each other.
A contention media access method that uses collision-avoidance techniques.
A contention media access method that uses collision-detection and retransmission techniques.
A switching method that does not copy the entire packet into the switch buffers. Instead, the destination address is captured into the switch, the route to the destination node is determined, and the packet is quickly sent out the corresponding port. Cut-through packet switching maintains a low latency.
The channel used on ISDN to communicate signaling and other related information. Use of the D channel leaves the B channels free for data communication.
See also
B channel.
A connector that is shaped like a letter D and uses pins and sockets to establish connections between peripheral devices, using serial or parallel ports. The number that follows
DB
in the name of a D connector is the number of pins used for connectivity; for example, a DB-9 connector has 9 pins, and a
DB-25 connector has 25 pins.
A service or process that runs on a
UNIX or Linux server.
A device on an FDDI network that is connected to both rings.
Compare with
SAS.
18 2548 Glossary 5/16/05 12:36 PM Page 417
A tape recording technology that uses the helical scan recording method. This technology has been used in videotape recorders and
VCRs since the 1950s.
In a frame, the field or section that contains the data.
An information grouping that is transmitted as a unit at the network layer.
See also
packet.
Layer 2 of the OSI model, which is above the physical layer. Data comes off the cable and goes into the data-link layer. The data-link layer has two distinct sublayers:
MAC and LLC.
A 9-pin connector that is used for serial port or parallel port connection between PCs and peripheral devices.
A 25-pin connector that is used for serial port or parallel port connection between PCs and peripheral devices.
A form of DNS that allows systems to be registered and deregistered with the DNS system dynamically.
DDNS is facilitated by DHCP, which passes IP address assignments to the DNS server for entry into the DNS server records. This is in contrast with the conventional
DNS system, in which entries must be made manually.
A format for storing computer data on a DAT. DDS-formatted tapes can be read by either a DDS or
DAT drive. The original DDS standard specified a 4mm tape cartridge with a capacity of 1.3GB.
Subsequent implementations of
DDS have taken the capacity to
40GB with compression.
A dedicated circuit that is used in
WANs to provide a constant connection between two points.
Normally a router or a multihomed computer to which packets are sent when they are destined for a host on a different network.
A right that is given to users, which allows them to delete a file or files in a directory or to delete a directory.
417
18 2548 Glossary 5/16/05 12:36 PM Page 418
418
The point at which communication lines enter a customer’s premises.
Sometimes shortened to simply
“demarc.”
The network address to which the frame is being sent.
A protocol that provides dynamic
IP addressing to workstations on the network.
Refers to the connection of a remote node to a network using
POTS.
A backup of only the data that has been created or changed since the previous full backup. In a differential backup, the state of the archive bits is not altered.
A system that allows network resources to be viewed as objects which are stored in a database.
This database can then be divided up and distributed among different servers on the network.Examples of directory services systems include
Novell Directory Services and
Microsoft Active Directory.
A plan for implementing duplicate computer services in the event of a natural disaster, a human-made disaster, or another catastrophe. A disaster recovery plan includes offsite backups and procedures to activate information systems in alternative locations.
A fault-tolerant standard that is based on RAID 1 that uses disk mirroring with dual disk controllers.
A fault-tolerant standard that is defined as RAID 1 and mirrors data between two disks to create an exact copy.
An implementation of RAID in which data is distributed across multiple disks in a stripe. Some striping implementations provide performance improvements (RAID
0), whereas others provide fault tolerance (RAID 5).
A type of routing in which a router uses broadcasts to inform neighboring routers on the network of the routes it knows about.
Compare with
link-state routing.
A high-performance and highcapacity tape backup system that offers capacities up to 220GB with compression.
18 2548 Glossary 5/16/05 12:36 PM Page 419
The process of transferring data directly into memory at high speeds, bypassing the CPU and incurring no processor overhead.
A system that is used to translate domain names, such as www.quepublishing.com, into IP addresses, such as
165.193.123.44
.
DNS uses a hierarchical namespace that enables the database of hostname-to-IP address mappings to be distributed across multiple servers.
A logical group of computers in a
Windows NT/2000 network. Also, a section of the DNS namespace.
A server that runs application software that enables the server to perform a role associated with the
DNS service.
A type of hacking attack in which the target system is overwhelmed with requests for service, resulting in it not being capable of servicing any requests—legitimate or otherwise.
A period of time during which a computer system or network is unavailable. This may be because of scheduled maintenance or due to hardware or software failure.
A process through which an alias makes a network path appear as if it were a local drive.
A public network technology that delivers high bandwidth over conventional copper wiring over limited distances.
A network communications device that formats and controls data for transmission over digital lines. A
DSU is used in conjunction with a
CSU.
A device used at the user end of a user network interface that serves as a data source, a destination, or both. DTE devices include computers, protocol translators, and multiplexers.
A keyboard/monitor combination that allows access to a multiuser system but provides no processing or storage at the local level.
In RAID, a RAID 1 mirror set in which each drive is connected to a separate controller to eliminate the single point of failure that the controller created.
419
18 2548 Glossary 5/16/05 12:36 PM Page 420
420
A routing system that enables routing information to be communicated between devices automatically and can recognize changes in the network topology and update routing tables accordingly.
Compare with
static routing.
A flow control mechanism that prevents the sender of data from overwhelming the receiver. The amount of data that can be buffered in a dynamic window varies in size, hence its name.
An extension of the PPP protocol that supports authentication methods more secure than a standard username and password combination. EAP is commonly used as an authentication protocol for token cards, smart cards, and digital certificates.
External interference of electromagnetic signals that causes a reduction of data integrity and increased error rates in a transmission medium.
A technique used by protocols in which header and/or trailer information is added to the protocol data unit as it is passed down through the protocol stack on a sending system. The reverse process, called decapsulation, is performed at the receiving system as the packet travels up through the protocol suite.
The modification of data for security purposes prior to transmission so that it is not comprehendible without the decoding method.
A condition that is created when two objects of dissimilar electrical charge come into contact with each other. The result is that a charge from the object with the higher electrical charge discharges itself into the object with the lower-level charge. This discharge can be extremely harmful to computer components and circuit boards.
The most common LAN technology. Ethernet can be implemented using coaxial, twisted-pair, or fiberoptic cable. Ethernet typically uses the CSMA/CD media access method and has various implementation standards.
A utility that facilitates the viewing of log files on Windows server operating systems.
18 2548 Glossary 5/16/05 12:36 PM Page 421
The default file system used in
Linux systems.
Screw type connector used with coaxial cable. In computing environments, it is most commonly used to connect cable modems to
ISP equipment or incoming cable feeds.
The automatic switching from one device or system to another.
Servers can be configured in a failover configuration so that if the primary server fails, the secondary server takes over automatically.
The IEEE 802.3u specification for data transfers of up to 100Mbps over twisted-pair cable.
See also
100BaseFX, 100BaseTX,
100BaseT, and 100BaseT4.
The capability of a component, system or network to endure a failure.
A field of a packet that holds a
CRC value to ensure that all of the frame’s data arrives intact.
A high-speed data transfer technology that is designed to extend the capabilities of existing LANs by using a dual-ring topology and a token-passing access method.
A technology that divides the output channel into multiple smallerbandwidth channels, each of which uses a different frequency range.
Also known as fiber optics or optical fiber, a physical medium that is capable of conducting modulated light transmissions. Compared with other transmission media, fiberoptic cable is more expensive, but it is not susceptible to EMI or crosstalk, is capable of very high data rates, and can be used over greater distances than copper-based media.
A technology that defines full gigabit-per-second data transfer over fiber-optic cable. Commonly used with storage area network (SAN) implementations.
A program, system, device, or group of devices that acts as a barrier between one network and another. Firewalls are configured to allow certain types of traffic to pass while blocking others.
421
18 2548 Glossary 5/16/05 12:36 PM Page 422
422
A high-speed serial bus technology that allows up to 63 devices to be connected to a system. FireWire provides sufficient bandwidth for multimedia operations and supports hot swapping and multiple speeds on the same bus.
A technology that provides data communication capabilities between two fixed locations. Fixed wireless can be used as a private networking method but is also becoming increasingly common as an Internet access method.
A method of controlling the amount of data that is transmitted within a given period of time.
There are different types of flow control.
See also
dynamic window, static window.
The entire domain name that specifies the name of the computer as well as the domain in which it resides and the top-level DNS domain (for example, marketing.quepublishing.com).
A switching method that uses the first 64 bytes of a frame to determine whether the frame is corrupted. If this first part is intact, the frame is forwarded.
A grouping of information that is transmitted as a unit across the network at the data-link layer of the OSI model.
In a data frame, the field that specifies the length of a frame.
In a data frame, the field that names the protocol that is being sent in the frame.
The number of cycles of an alternating current signal over a unit of time. Frequency is expressed in hertz.
A protocol that provides for the transfer of files between two systems. FTP is part of the TCP/IP protocol suite and operates at layer
7 of the OSI model.
A backup in which files, regardless of whether they have been changed, are copied to the backup media. In a full backup, the archive bits of the files are reset.
A system in which data is transmitted in two directions simultaneously.
Compare with
half-duplex.
18 2548 Glossary 5/16/05 12:36 PM Page 423
A hardware or software solution that enables communications between two dissimilar networking systems or protocols. A gateway can operate at any layer of the OSI model but is commonly associated with the application layer.
1 billion bits or 1,000Mb.
The throughput of a given network medium in terms of 1 billion bps.
A backup strategy of maintaining backups on a daily, weekly, and monthly schedule. Backups are made on a five-day or seven-day schedule. A full backup is performed at least once a week. On all other days full, incremental, or differential backups (or no backups at all) are performed. The daily incremental, or differential, backups are known as the
son
. The
father
is the last full backup in the week (the weekly backup). The
grandfather
is the last full backup of the month
(the monthly backup).
The IEEE 802.3z and
IEEE802.3ab specifications that defines standards for data transmissions of 1Gbps.
See also
1000BaseX.
A method of flow control in which the sending and receiving hosts agree on a rate of data transmission. After the rate is determined, the communication takes place at the guaranteed rate until the sender is finished. No buffering takes place at the receiver.
A person who carries out hacking on a computer software program.
See also
cracker.
The process of deconstructing computer software in an effort to understand how it works and to improve it.
See also
cracking.
A connection in which data is transmitted in both directions, but not simultaneously.
Compare with
full-duplex.
The initial communication between two data communication devices, during which they agree on protocol and transfer rules for the session.
The hardware-encoded MAC address that is burned into every
NIC.
423
18 2548 Glossary 5/16/05 12:36 PM Page 424
424
A device that is plugged into an interface for the purposes of simulating a network connection and thus enabling the interface to be tested as if it is operating while connected.
A version of Token Ring that has a maximum speed of 100Mbps. This is in contrast with other Token
Ring standards, which have maximum speeds of 4Mbps or 16Mbps.
The means by which routing protocols determine the shortest way to reach a given destination. Each router constitutes one hop; so if a router is four hops away from another router, there are three routers, or hops, between itself and the destination. In some cases, the final step is also counted as a hop.
Any computer system on a network. In the UNIX world, any device that is assigned an IP address.
An identifier used to uniquely identify a client or resource on a network.
A name that is assigned to a system for the purposes of identifying it on the network in a more userfriendly manner than by the network address.
A text file that contains hostnameto-IP address mappings. All commonly used platforms accommodate static name resolution using the
HOSTS file.
A disaster recovery term used to describe an alternate network site that can be immediately functional in the event of a disaster at the primary site.
In a RAID configuration, a drive that sits idle until another drive in the RAID array fails; at which point, the hot spare takes over the role of the failed drive.
An area in which an access point provides public wireless broadband network services to mobile visitors through a WLAN. Hotspots are often located in heavily populated places such as airports, hotels, and coffee shops.
The removal and replacement of a component in a system while the power is still on and the system is functioning.
The network standard for highspeed serial communications over
WAN links. Includes various Tcarrier technologies.
18 2548 Glossary 5/16/05 12:36 PM Page 425
An application layer protocol used by Web browsers to transfer pages, links, and graphics from the remote node to the user’s computer.
A protocol that performs the same function as HTTP but does so over an encrypted link, ensuring the confidentiality of any data that is uploaded or downloaded. Also referred to as S-HTTP.
A hardware device that acts as a connection point on a network that uses twisted-pair cable. Also known as a concentrator or a multiport repeater.
A Windows-based communications program that allows users to establish host/shell access to a remote system.
An organization that is responsible for IP addresses, domain names, and protocol parameters. Some functions of IANA, such as domain name assignment, have been devolved into other organizations.
A network-layer Internet protocol documented in RFC 792 that reports errors and provides other information relevant to IP packet processing. Utilities such as ping and tracert use functionality provided by ICMP.
The most common type of disk drive used in PCs today. In these devices, the controller is integrated into the device.
A professional organization that among other things, develops standards for networking and communications.
A standard that defines the OSI model’s physical and data-link layers. This standard enables two
IEEE LAN stations to communicate over a LAN or WAN and is often referred to as the internetworking standard.
An IEEE security standard designed for authenticating wireless devices. This standard uses the
Extensible Authentication Protocol
(EAP) to provide a central authentication server to authenticate each user on the network.
425
18 2548 Glossary 5/16/05 12:36 PM Page 426
426
A standard that defines the LLC sublayer of the data-link layer for the entire series of protocols covered by the 802.x standards. This standard specifies the adding of header fields, which tell the receiving host which upper layer sent the information.
A standard that specifies physicallayer attributes, such as signaling types, data rates, and topologies, as well as the media access method used. It also defines specifications for the implementation of the physical layer and the MAC sublayer of the data-link layer, using
CSMA/CD. This standard also includes the original specifications for Fast Ethernet.
A standard that defines how production machines should communicate and establishes a common protocol for use in connecting these machines together. It also defines specifications for the implementation of the physical layer and the MAC sublayer of the data-link layer, using Token Ring access over a bus topology.
A standard that is used to define
Token Ring. However, it does not specify a particular topology or transmission medium. It provides specifications for the implementation of the physical layer and the
MAC sublayer of the data-link layer, using a token-passing, mediaaccess method on a ring topology.
A standard that defines the distributed queue dual bus technology to transfer high-speed data between nodes. It provides specifications for the implementation of MANs.
A standard that defines the design, installation, and testing of broadband-based communications and related physical media connectivity.
A standard that defines a group, called the Fiber Optic Technical
Advisory Group, that advises the other 802 standard committees on various fiber-optic technologies and standards.
A standard that defines the integration of voice and data transmissions using isochronous Ethernet.
A standard that focuses on security issues by defining a standard method for protocols and services to exchange data securely using encryption mechanisms.
The original IEEE wireless standard defines standards for wireless
LAN communication. It also specifies the original 802.11 wireless standard and offers speeds of 1 to
2Mbps using the CSMA/CA access method.
18 2548 Glossary 5/16/05 12:36 PM Page 427
A wireless networking standard operating in the 5GHz band.
802.11a supports a maximum theoretical data rate of 54Mbps.
Depending upon interference,
802.11a could have a range of 150 feet at the lowest speed setting.
Higher speed transmissions would see a lower range. 802.11a uses
CSMA/CA media access method and is not compatible with 802.11b
and 802.11g.
A commonly deployed IEEE wireless standard that uses the 2.4GHz
RF range and offers speeds up to
11Mbps. Under ideal conditions, the transmission range can be as far as 75 meters.
An IEEE wireless standard that is backward compatible with 802.11b.
802.11g offers a data rate of
54Mbps. Like 802.11b, 802.11g
uses the 2.GHz RF range of
802.11b.
A standard that defines
100BaseVG-AnyLAN, which uses a 1Gbps signaling rate and a special media access method that allows 100Mbps data traffic over voice-grade cable.
A standard that defines a system for connecting up to 63 devices on an external bus. IEEE1394 is commonly used with consumer electronic devices such as video cameras and MP3 players. IEEE 1394 is based on a technology developed by Apple Computers called
FireWire.
A group of research volunteers responsible for specifying the protocols used on the Internet and for specifying the architecture of the
Internet.
A command used on Linux, UNIX, and OS/2 systems to obtain configuration for network interfaces.
Protocol used for communication between devices within the same multicast group. IGMP provides a mechanism for systems to detect and make themselves aware of other systems in the same group.
A protocol that allows email to be retrieved from a remote server. It is part of the TCP/IP protocol suite, and is similar in operation to POP but offers more functionality.
427
18 2548 Glossary 5/16/05 12:36 PM Page 428
428
A backup of only files that have been created or changed since the last backup. In an incremental backup, the archive bit is cleared to indicate that a file has been backed up.
A wireless data communication method that uses light pulses in the infrared range as a carrier signal.
Wireless topology that defines a wireless network composed of an access point connected to a wired
LAN. Wireless devices communicate with the wired LAN through the access point (AP).
The file system or directory access rights that are valid at a given point as a result of those rights being assigned at a higher level in the directory structure.
A hub or switch that contains some management or monitoring capability.
A UPS that has associated software for monitoring and managing the power that is provided to the system. In order for information to be passed between the UPS and the system, the UPS and system must be connected, which is normally achieved through a serial or USB connection.
A device, such as a card or a plug, that connects pieces of hardware with a computer so that information can be moved from place to place (for example, between computers and printers, hard disks, and other devices, or between two or more nodes on a network). Also, the part of an application or operating system that the user sees.
Anything that can compromise the quality of a signal. On bound media, crosstalk, and EMI are examples of interference. In wireless environments, atmospheric conditions that degrade the quality of a signal would be considered interference.
A unique eight-digit hexadecimal number that is used to identify a server running IPX/SPX. It is usually generated at random when the server is installed.
Functionality built in to the
TCP/IP protocol stack that allows one to verify the correct functioning of the stack by ping ing any address in the
127.x.x.x
range, except the network address
(
127.0.0.0
) or the broadcast address
(
127.255.255.255
). The address
127.0.0.1
is most commonly used.
18 2548 Glossary 5/16/05 12:36 PM Page 429
The name of an area of the DNS namespace. The Internet domain name is normally expressed along with the top-level domain to which it belongs (for example, comptia.org).
In the TCP/IP architectural model, the layer that is responsible for addressing, packaging, and routing functions. Protocols that operate at this layer are responsible for encapsulating packets into
Internet datagrams. All necessary routing algorithms are run here.
A group of networks connected by routers or other connectivity devices so that the networks function as one network.
The process or procedures that provide a warning of successful or failed unauthorized access to a system.
An operation in which data is either entered into or taken out of a computer.
A network-layer protocol, documented in RFC 791, that offers a connectionless internetwork service. IP provides features for addressing, packet fragmentation and reassembly, type-of-service specification, and security.
The unique address used to identify the network number and node address of a device connected to a
TCP/IP network. IP addresses are typically expressed in dotted decimal format, for example
192.168.1.1
A Windows NT/2000 command that provides information about the configuration of the TCP/IP parameters, including the IP address.
A protocol used to provide strong security standards for encryption and authentication on VPNs.
The new version of IP, which has a larger range of usable addresses than the current version of IP,
IPv4, and enhanced security.
A network-layer protocol normally used by Novell’s NetWare. IPX provides connectionless communication, supporting packet sizes up to 64KB.
The default protocol used in
NetWare networks. It is a combination of IPX, to provide addressing, and SPX, to provide guaranteed delivery for IPX. IPX/SPX is similar in nature to its counterpart,
TCP/IP
.
429
18 2548 Glossary 5/16/05 12:36 PM Page 430
430
The unique address used to identify a node in a network.
Wireless networking technology that uses infrared beams to send data transmissions between devices.
A number assigned to a device in a computer that determines the priority and path in communications between a device and the CPU.
The research arm of the Internet
Architecture Board that performs research in the areas of Internet protocols, applications, architecture, and technology.
The standard of the older, more common, 8-bit and 16-bit bus and card architectures.
An internationally adopted standard for providing end-to-end digital communications between two points. ISDN is a dial-up technology allowing data, voice, and other source traffic to be transmitted over a dedicated link.
A device that enables communication over an ISDN link.
A voluntary organization founded in 1946 that is responsible for creating international standards in many areas, including communications and computers. This also includes the development of the
OSI model.
A company or an organization that provides facilities for clients to access the Internet.
Refers to the physical placement of shorting connectors on a board or card.
A term used to describe devices that are configured via a software utility rather than by physical jumpers on the circuit board.
1,000 bits.
1,000 bytes.
18 2548 Glossary 5/16/05 12:36 PM Page 431
Network authentication protocol designed to ensure that the data sent across networks is encrypted and safe from attack. Its primary purpose is to provide authentication for client/server applications.
The core of an operating system.
The kernel provides basic functions and services for all other parts of the operating system, including the interface with which the user interacts.
A VPN protocol designed to work in conjunction with PPP to support authentication standards, such as Terminal Access Controller
Access Control System
(TACACS+) and Remote
Authentication Dial-In User
Service (RADIUS), for secure transmissions over the Internet.
A dial-up VPN protocol that defines its own tunneling protocol and works with the advanced security methods of IPSec. L2TP enables PPP sessions to be tunneled across an arbitrary medium to a home gateway at an ISP or a corporation.
A group of connected computers located in a single geographic area—usually a building or office that share data and services.
A type of printer that uses electrophotography as the means of printing images on paper.
The delay induced by a piece of equipment or device used to transfer data.
Media connector used with fiberoptic cabling.
Protocol used to access and query compliant directory services systems such as Microsoft Active
Directory or Novell Directory services.
A bridge that builds its own bridging address table rather than requiring someone to enter information manually. Most modern bridges are learning bridges. Also called a smart bridge.
An older computer system or technology.
A device used to stabilize the flow of power to the connected component. Also known as a power conditioner or voltage regulator.
431
18 2548 Glossary 5/16/05 12:36 PM Page 432
432
An LED on a networking device such as a hub, switch, or NIC. The illumination of the link light indicates that, at a hardware level, the connection is complete and functioning.
A dynamic routing method in which routers tell neighboring routers of their existence through packets called link-state advertisements (LSAs). By interpreting the information in these packets, routers can create maps of the entire network.
Compare with
distance-vector routing.
A UNIX-like operating system kernel created by Linus Torvalds.
Linux is distributed under an opensource license agreement, as are many of the applications and services that run on it.
A sublayer of the data-link layer of the OSI model. The LLC layer provides an interface for the network-layer protocols and the MAC sublayer.
A text file used in a Windows network environment that contains a list of NetBIOS hostname-to-IP address mappings used in TCP/IP name resolution.
The addressing method used in providing manually assigned node addressing.
The appearance of the network to the devices that use it, even if in physical terms the layout of the network is different.
See also
cal topology.
physi-
A continuous circle that a packet takes through a series of nodes in a network until it eventually times out.
A device used for loopback testing.
A troubleshooting method in which the output and input wires are crossed or shorted in a manner that allows all outgoing data to be routed back into the card.
Service on a system (normally
UNIX or Linux) that acts as a print server. Print jobs are submitted to the LPD application using a protocol such as LPR.
Network service that allows printing jobs to be sent to a remote print service such as LPD.
An open standard that allows both high storage capacity and fast data access in tape backup systems.
18 2548 Glossary 5/16/05 12:36 PM Page 433
A six-octet number, described in hexadecimal, that uniquely identifies a host on a network. It is a unique number that is burned into the network interface.
In the OSI model, the lower of the two sublayers of the data-link layer.
It is defined by the IEEE as being responsible for interaction with the physical layer.
Version 10 of an operating system designed for Macintosh computer systems. Mac OS X represents a complete shift in Apple operating systems, as it is based on UNIX code and, as such, can be managed using UNIX utilities and procedures.
A network that spans a defined geographical location such as a city or suburb.
The supplying name server that has authority in a DNS zone.
A transceiver that is specified in
IEEE 802.3. Not to be confused with a Token Ring multistation access unit, which is abbreviated
MSAU.
1 million bits. Used to rate transmission transfer speeds.
1 million bytes. Usually refers to file size.
The number of millions of bits that can travel across a given medium in a second.
A type of port found on Ethernet networking devices such as hubs and switches in which the wiring is straight through. MDI ports are sometimes referred to as uplink ports and are intended for use as connectivity points to other hubs and switches.
A type of port found on Ethernet networking devices in which the wiring is crossed so that the transmit line of one device becomes the receive line of the other. MDI-X is used to connect hubs and switches to client computers.
The label assigned to define the location in memory where information is stored.
A value that can be assigned to a route to encourage or discourage the use of the route.
See also
cost.
433
18 2548 Glossary 5/16/05 12:36 PM Page 434
434
A data set that defines the criteria that can be retrieved and set on a device using SNMP.
The process of using switches to divide a network into smaller segments.
A wireless technology sometimes used to transmit data between buildings and across vast distances.
A fault-tolerant technique in which an exact duplicate of data on one volume is created on another.
Mirroring is defined as RAID 1.
See
RAID.
A device used to modulate and demodulate the signals that pass through it. It converts the direct current pulses of the serial digital code from the controller into the analog signals that are compatible with the telephone network.
A device that is used in an IBM
Token Ring network. It organizes the connected nodes into an internal ring and uses the RI and RO connectors to expand to other
MSAUs on the network.
Sometimes referred to as MAU.
The amount of time, normally expressed in hours, that represents the average amount of time a component will function before it fails.
Media connector used with fiberoptic cabling.
The amount of time it normally takes to fix a problem or swap out a component.
A single-packet transmission from one sender to a specific group of destination nodes.
A term used to refer to a device that has more than one network interface.
A term used to refer to a programming language, technology, application or protocol that runs on different types of CPUs or operating systems.
Multiplexing is a technique of combining multiple channels over a transmission path and then recovering or de-multiplexing the separate channels at the receiving end. Examples include FDM,
TDM,CDM, and WDM.
18 2548 Glossary 5/16/05 12:36 PM Page 435
A term that refers to the use of multiple processors in a single system.
The running of several programs simultaneously. In actuality, during multitasking the processor is sharing its time between the programs, and it only appears as if they are running concurrently.
A server that contains a databases of name resolution information used to resolve network names to network addresses.
A standard that enables the translation of IP addresses used on one network to a different IP address that is acceptable for use on another network. This translation enables multiple systems to access an external network, such as the
Internet, through a single IP address.
A central server that provides name resolution for NetBIOS names to
IP addresses. Commonly referred to as a WINS server.
A Windows operating system command-line utility that displays protocol statistics and current TCP/IP connections using NetBIOS over
TCP/IP (NBT).
A protocol that provides a method for hosts to make calls to a
NetWare server for services and network resources. NCP is part of the IPX/SPX protocol suite.
A standards-compliant directory services system introduced by
Novell with NetWare 4.x.
Subsequently renamed eDirectory.
A nonroutable, Microsoft-proprietary networking protocol designed for use in small networks.
A software application that enables different applications to communicate between computers on a LAN.
A Windows operating system command-line utility that displays protocol statistics and current TCP/IP network connections.
A service or process that runs on a
NetWare server.
435
18 2548 Glossary 5/16/05 12:36 PM Page 436
436
A link-state routing protocol used on networks that use Novell’s
IPX/SPX protocol suite.
See
NIC.
The part of a TCP/IP address that specifies the network portion of the
IP address. The network ID is determined by the class of the address, which in turn is determined by the subnet mask used.
The bottom layer of the TCP/IP architectural model, which is responsible for sending and receiving frames.
Layer 3 of the OSI model, which is where routing based on node addresses (that is, IP or IPX addresses) occurs.
An operating system that runs on the servers on a network. Network operating systems include
NetWare, UNIX, Windows NT
Server, and Windows Server 2003.
A discussion group that focuses on a specific topic and is made up of a collection of messages posted to an
Internet site. Newsgroups are useful resources for support personnel.
File sharing and access protocol most commonly associated with
UNIX and Linux systems.
A hardware component that serves as the interface, or connecting component, between a network and the node. It has a transceiver, a
MAC address, and a physical connector for the network cable. Also known as a network adapter or a network card.
The user, group, and security information database used in a
UNIX internetwork.
An application that acts as a central management point for network management. Most NMS systems use SNMP in order to communicate with network devices.
An Internet protocol that controls how news articles are to be queried, distributed, and posted.
NNTP uses port
119
.
Another name for EMI.
See
EMI.
A protocol that is used to communicate time synchronization information between devices on the network. NTP is part of the TCP/IP protocol suite. NTP uses port
123
.
18 2548 Glossary 5/16/05 12:36 PM Page 437
The main computer program that manages and integrates all the applications running on a computer. The OS handles all disk interactions with the processor.
A seven-layer model created by the
ISO to standardize and explain the interactions of networking protocols.
A link-state routing protocol used on TCP/IP networks.
Compare with
distance-vector routing.
A firewall method in which each packet that attempts to pass through the firewall is examined to determine its contents. The packet is then allowed to pass or it is blocked, as appropriate.
A device or an application that allows data to be copied from the network and analyzed. In legitimate applications, it is a useful network troubleshooting tool.
A network layout whereby devices work together in close proximity to share information and services, commonly using technologies such as Bluetooth or infrared.
A hub that has no power and therefore does not regenerate the signals it receives.
Compare with
active hub.
A SCSI bus terminator that uses a terminating resistor pack placed at the end of the bus. This resistor relies on the interface card to provide it with a consistent level of power.
A set of characters used with a username to authenticate a user on a network and to provide the user with rights and permissions to files and resources.
A fix for a bug in a software application. Patches can be downloaded from the Internet to correct errors or security problems in software applications.
A cable, normally twisted-pair, used to connect two devices together. Strictly speaking, a patch cable is the cable that connects a port on a hub or switch to the patch panel, but today, people commonly use the term to refer to any cable connection.
437
18 2548 Glossary 5/16/05 12:36 PM Page 438
438
A device in which the cables used in coaxial or twisted-pair networks converge and are connected. The patch panel is usually in a central location.
A software program that allows users to gain control of a computer remotely.
A relatively new high-speed bus designed for Pentium systems.
An industry group organized in
1989 to promote standards for credit card–sized devices such as memory cards, modems, and network cards. Almost all laptop computers today have multiple PCM-
CIA slots. PCMCIA cards are now generally referred to simply as PC cards.
A network environment that does not have dedicated servers, where communication occurs between similarly capable network nodes that act as both clients and servers.
Authorization provided to users that allows them to access objects on a network. The network administrators generally assign permissions.
Permissions
is slightly different from but often used with
rights.
The MAC address on every NIC.
The physical address is applied to a
NIC by the manufacturer and except for very rare occurrences, is never changed.
Layer 1 of the OSI model, where all physical connectivity is defined.
The actual physical layout of the network. Common physical topologies include star, bus, and ring.
Compare with
logical topology.
A TCP/IP protocol stack utility that works with ICMP and uses echo requests and replies to test connectivity to other systems.
The space between the structural ceiling and a drop-down ceiling that is commonly used for heating, ventilation, and air-conditioning systems as well as for running network cables.
An architecture designed to enable hardware devices to be detected by the operating system and for the driver to be automatically loaded.
The media-access method for transmitting data in which a controlling device is used to contact each node to determine whether it has data to send.
18 2548 Glossary 5/16/05 12:36 PM Page 439
The physical location where a long-distance carrier or a cellular provider interfaces with the network of the local exchange carrier or local telephone company.
A protocol that is part of the
TCP/IP protocol suite and is used for retrieving mail stored on a remote server. The most commonly used version of POP is POP3.
POP is an application layer protocol.
In physical networking terms, a pathway on a networking device that allows other devices to be connected. In software terms, a port is the entry point into an application, system, or protocol stack.
A process by which two ports on a device, such as a switch, are configured to receive the same information. Port mirroring is useful in troubleshooting scenarios.
The current analog public telephone system.
See also
PSTN.
A common dial-up networking protocol that includes provisions for security and protocol negotiation and provides host-to-network and switch-to-switch connections for one or more user sessions.
Internet connection authentication protocol that uses two separate