WiFi

802.11a

5 GHz

54 Mbit/s max

OFDM

35 m

Channels (nonoverlapped) 23(12)

max speed distance 65-75 ft

max distance 190 ft

802.11b

2.4 GHz

11 Mbit/s Max

DSSS

38 m

Channels (nonoverlapped) 11(3)

max speed distance 150 ft

max distance 350 ft

802.11g

2,4 GHz

54 Mbit/s max

OFDM, DSSS(11 Mbit/s)

38 m

Channels (nonoverlapped) 11(3)

max speed distance 90 ft

max distance 300 ft

802.11h - Extension of the 802.11a

23 non-overlapping channels

5 GHz

54 Mbit/s max

OFDM

35 m.

Two extensions: Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS).

DFS – monitors operating channel, if it discovers signal, than it abandon this range.

TPC – regulates transmit power.

Security standards

WEP (Wired Equivalent Privacy)

It uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity.

Two methods of authentication can be used with WEP: Open System authentication and Shared Key authentication.

Static Preshared Keys (PSK), than nobody changes

Easily cracked keys: only 64 bits and only 40 from them are unique.

Remedies: SSID Cloaking and MAC Filtering.

WPA (Wi-Fi Protected Access)

It includes the option to use dynamic key exchange, using the Temporal Key Integrity Protocol (TKIP) and Message Integrity Check (MIC) algorithm.

WPA (Wi-Fi Protected Access)2(802.11i):

Dynamic key exchange

802.1x authentication

AES encryption

Classes of encoding

Frequency Hopping Spread Spectrum (FHSS) - not in use now days.

Direct Sequence Spread Spectrum (DSSS) This band has a bandwidth of 82 MHz, with a range from 2.402 GHz to 2.483 GHz. This band can have 11 different overlapping DSSS channels. 1,6 and 11 channels are nonoverlapping. Designed for 2,4 Ghz.

Orthogonal Frequency Division Multiplexing (OFDM)

Modes of operating

Ad-hoc. It uses Independent Basic Service Set (IBSS).

Infrastructure. Devices in an infrastructure WLAN cannot send frames directly to each other; instead, they send frames to the AP, which can then in turn forward the frames to another WLAN device.Infrastructure mode supports two sets of services, called service sets. The first, called a Basic Service Set (BSS), uses a single AP to create the wireless LAN. The other, called Extended Service Set (ESS), uses more than one AP, often with overlapping cells to allow roaming in a larger area.

Possible reasons of bad signals

Cordless phones

metal file cabinets

antenna type or direction

Other

Adaptive Wireless Path Protocol (AWPP) is a Cisco's proprietary protocol for wireless mesh networks. It dynamically discovers neighboring radios and calculates the quality of all possible paths to a wired network. An optimal path is established through a mesh of wireless nodes to a wired gateway and these calculations are continuously updated, allowing paths to change and optimize as traffic patterns on wireless links change. Furthermore, a self-configuring and self-healing wireless mesh backhaul is created.

Lightweight Access Point Protocol or LWAPP is the name of a protocol that can control multiple Wi-Fi wireless access points at once. This can reduce the amount of time spent on configuring, monitoring or troubleshooting a large network. The system will also allow network administrators to closely analyze the network. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode discovery request messages. If the attempt fails, the LAP will try Layer 3 LWAPP WLC discovery

One key measurement for interference is the Signal-to-Noise Ratio (SNR). This calculation measures the WLAN signal as compared to the other undesired signals (noise) in the same space. The higher the SNR, the better the WLAN devices can send data successfully.

A WLAN client that is operating in half-duplex mode will delay all clients in that WLAN.

Process order that the client and access point goes through to create a connection: probe request/response, authentication request/response, association request/response

STP & RSTP

STP - 802.1d

RSTP - 802.1w

Problems without STP:

• Broadcast storms


• MAC table instability


• Multiple frame transmission

The most important Fields in the STP Hello BPDU:

• Root switch id


• Sender switch id


• Path cost to root switch from sender

Port states of STP

• Blocked


• Listening - during this state root switch, root ports and designated ports are elected.


• Learning - STP leaves the interface in each interim state(listen and learn) for a time equal to the forward delay(15 seconds by default) timer.


• Forwarding


• Disabled

Costs

The less cost is the best path is.

• 10 mbit – 100


• 100 mbit – 19


• 1Gbit – 4


• 10Gbit – 2

Stages in building spanning tree

• Select a root bridge. The default priority of Cisco switches is 32768. After power on all switches in network start to send BPDUs.If switch recieves BPDU with id less then his own id, then it stops sending it's own BPDU and starts to forward BPDU from switch with less id. It forwards them as Hello timer configured on root switch.


• Determine the least cost paths to the root bridge


• Designated ports are choose using bridged ID or port number if many ports of one switch are connected to 1 segment. Segment – part of lan divided by router, switch or bridge. All access ports – designated ports.


• Disable all other root paths. Any active port that is not a root port or a designated port is a blocked port.

STP requires a waiting period of MaxAge (default 20 seconds) before reacting to some events, whereas RSTP only has to wait 3*Hello (default 6 seconds). Additionally, RSTP eliminates the forward delay (default 15 seconds) time in both Listening and Learning States. Traditional STP convergence has essentially three time periods, each of which RSTP improves upon. These three waiting periods of (by default) 20, 15, and 15 seconds create 802.1d STP’s relatively slow convergence, and the reduction or elimination of these waiting periods makes RSTP convergence occur quickly. RSTP convergence times are typically less than 10 seconds. In some cases, they can be as low as 1 to 2 seconds.

STP features

• Portfast - switch port immediatly from blocking state to forwarding state.

switchx(config-if)#spanning-tree portfast

switchx(config)#spanning-tree portfast default

switchx# show running-config interface

• BPDUGuard – turns port to error state if this port with portfast enabled receives BPDU packet.

switchx(config-if)#spanning-tree bpduguard enable

• BPDUfilter – filtering will immediately take a port out of PortFast if it receives a BPDU and force the port to be part of the STP topology again.


• Root Guard - when the switch interface with Root Guard enabled receives a superior BPDU from the neighboing switch — a BPDU that has a lower/better bridge ID—the switch with Root Guard reacts. It disables the interface.


• UplinkFast - allows a switch to find alternate paths to the root bridge before the primary link fails. This means that if the primary link fails, the secondary link would come up more quickly: the port wouldn’t wait for the normal STP convergence time of 50 seconds.

S1(config)#spanning-tree uplinkfast

• EtherChannel misconfig guard


• Loopguard Default


• BackboneFast

S1(config)#spanning-tree backbonefast

Configuration

• Set priority:

spanning-tree vlan vlan-id priority priority

• Set switch as root. This command changes the base priority to 24,576:

spanning-tree vlan vlan-id root {primary | secondary}

• This command sets the switch’s base priority to 28,672 regardless of the current root’s current priority value.

spanning-tree vlan vlan-id root secondary

• Set cost for vlan interfaces:

spanning-tree vlan vlan-id cost cost

Summary

• One root bridge per broadcast domain


• One root port per non root bridge


• One designated port per segment


• Nondesignated ports are unused

Some facts about RSTP

• RSTP calls the Blocking State the Discarding State.


• RSTP only has to wait 3*Hello (default 6 seconds).


• RSTP convergence times are typically less than 10 seconds. In some cases, they can be as low as 1 to 2 seconds.


• Uses special RSTP messages.

RSTP characterizes the types of physical connectivity in a campus LAN into three different types:

• Link-type point-to-point – switch to switch


• Link-type shared – switch to hub


• Edge-type – switch to PC

Port states:

• Discarding


• Learning


• Forwarding

Port roles:

• Root port


• Designated port


• Alternate port - identifies a switch’s best alternative to its current RP


• Backup port - applies only when a single switch has two links to the same segment (collision domain - hub).

Switch forwards BPDUs out the port in Forwarding State and gets the same BPDU back on the port that is in Discarding State. So SW2 knows it has an extra connection to that segment, called a backup port.

Process of changing root port:

• Switch recieves BPDU with better root path


• Switch blocks all other link-type ports - this process is called synchronization.


• Switch negotiates with other switch, what sends the better BPDU.


• As a result of negotiation they start forwarding data

Multiple instances of STP and RSTP

• Per-VLAN Spanning Tree Plus (PVST+) – Cisco proprietary feature for using STP in VLANS. It is possible to use it as load balancing tool, configuring traffic for one VLAN through one trunk and other VLAN for another trunk.


• Rapid Per-VLAN Spanning Tree (RPVST) or Per-VLAN Rapid Spanning Tree (PVRST). This is cisco feature for using RSTP in vlans. 802.1w


• The IEEE standard (802.1s) is often called either Multiple Spanning Trees (MST) or Multiple Instances of Spanning Trees (MIST). MIST allows the definition of multiple instances of RSTP, with each VLAN being associated with a particular instance.

(config)#spanning-tree mode {mst | rapid-pvst | pvst}

Etherchannel

Two versions: Cisco’s proprietary Port Aggregation Protocol (PAgP) and IEEE standard Link Aggregation Protocol (LACP).

16 ports max, 1600 Mbps or 16oo Gbps.

All interfaces in each EtherChannel must be the same speed and duplex, and both ends of the channel must be configured as either a Layer 2 or Layer 3 interface.

It is possible to aggregate ports from different switches using Split Multi-Link Trunking (SMLT) or Cisco Virtual Switching System or combine two cisco switches into stack.

The “no switchport” command is required to change interface from layer2 to layer3 mode.

SW1(config)#int fa 0/17

SW1(config-if)#channel-group 1 mode on

SW1#show etherchannel 1 summary

Troubleshooting

show spanning-tree active|interfaces|detail|summary|vlan

debug spanning-tree events

Switching

Layer 2 switching provides the following:

• Hardware-based bridging (ASIC)


• Wire speed


• Low latency


• Low cost

Switch functions at layer 2:

• Address learning


• Forward/filter decision


• Loop avoidance

Internal processing variations:

• Store and forward - the switch must recieve the entire frame before forwarding the first bit of the frame.


• Cut through - switch starts sending frame as soon as possible. It may cause errors, because frame check sequence(FCS) is in the Ethernet trailer.


• Fragment free (Adaptive cut-through) - works the same as cut through, but it waits to recieve the first 64 bytes of frame. 64 because collision in CSMA/CD should be detected during first 64 bytes.

VPN

3 types of VPN:

• Remote access - allow remote users like telecommuters to securely access the corporate network wherever and whenever they need to.


• Site to site - or intranet VPNs, allow a company to connect its remote sites to the corporate backbone securely over a public medium like the Internet instead of requiring more expensive WAN connections like Frame Relay.


• Extranet - allow an organization’s suppliers, partners, and customers to be connected to the corporate network in a limited way for business-to-business (B2B) communications.

PPP

Features:

• Synchronous and asynchronous links.


• Consist of 3 protocols: HDLC, LCP, NCP


• A protocol type in the header


• Built-in authentication CHAP, PAP(controlled by LCP - Link Control Protocol).


• Control protocols for each higher level protocols.


• It uses Control Protocol (CP) for controlling Layer 3 protocols and LCP for link configuration.

LCP features:

• Magic number for looped link detection. The link may be looped, this means, that router receives back info, that it sent. Router detects loop by using magic number in LCP message. Every router has it's own magic number.


• Link Quality Monitoring (LQM) for error detection


• Multilink PPP for multilink support


• Multilink Starting with IOS version 11.1, multilink is supported on PPP links with Cisco routers. This option makes several separate physical paths appear to be one logical path at layer 3. For example, two T1s running multilink PPP would show up as a single 3Mbps path to a layer 3 routing protocol.

PAP and CHAP for authentication

Configure PPP:

hostname R1

interface s0/0

encapsulation ppp

ppp authentication chap

username remote_hostname password 0 share_password

Troubleshoot ppp:

debug ppp authentication

Very detailed explonation of how chap authentication works on Cisco routers:

http://www.ciscosystems.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800b4131.shtml

Configure PPPoE:

R1(config)#int f0/0

R1(config-if)#pppoe enable group global

R1(config-if)#pppoe-client dial-pool-number 1

interface Dialer0

ip address negotiated

ip mtu 1452

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname host

ppp chap password 0 pass