Notes 02‐1 - LPouliot/Junior-Spring-NET-330-01-Network-Design GitHub Wiki

Subnetting Resources

Correct-VLSM-Table

Subnetting-Table

Subnetting Walkthrough

Subnetting, VLANs, & Cisco Commands

IP Place Values

The highest value in an octet is 255

Looking at the place vaules, all 1’s in the 8 bits is 128+64+32+16+8+4+2+1 = 255

image

Subnetting

Organizations are "assigned" a network address to use on the Internet:

  • Champlain College: 216.93.144.0/20
  • All Champlain IPs starts with the same 20 bits
  • We can use the remaining 12 bits (host ID) in any way we want

image

But a /20 network can support 4094 hosts – do we want them all on the same network?:

  • Lots of broadcast packets congest the network
  • Machines are slowed by trying to process them
  • Anyone can contact anyone else on the network!

Our network ID can't change, but what if we took some host ID bits to create a subnet ID?:

  • These bits are then "added" to the network ID (i.e., the subnet mask now covers them)
  • For example, if we used 4 bits for the subnet ID…

image

How many Host IPs can be assigned:

image

Always start with the largest subnet first: Larger subnet boundaries are always valid for smaller ones, but smaller boundaries are not always valid for larger ones.

For example, consider arranging /22 and /24 subnets for 129.170.8.0/16:

image

image

All 0’s in the host ID refers to the Network itself – cannot be assigned to a host

All 1’s in the host ID is the broadcast – cannot be assigned to a host

So if we have n bits in our host ID, we can assign 2n – 2 IP addresses to hosts on our network.

Subnetting Example

image

image

So, Four Networks:

  • Wireless Network: 1,600 Hosts can use /21 (or 255.255.248.0)
  • Central Campus: 1,000 Hosts can use /22 (or 255.255.252.0)
  • West Campus: 500 Hosts can use /23 (or 255.255.254.0)
  • East Campus: 500 Hosts can use /23 (or 255.255.254.0)

image

Private and Reserved IP Ranges

Private Ranges not routable on Internet:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

Reserved Ranges:

  • 127.0.0.0/8 Loopback
  • 169.254.0.0/16 Link-Local Host Only
  • 224.0.0.0/4 Multicast

VLANs

A virtual LAN is a group of devices on one or more physical LANs that are configured to communicate as if they were on the same LAN.

VLANs define broadcast domains in a Layer 2 network:

  • Broadcast Domain: Set of all devices that will receive broadcast packets from any member of the set
  • These are typically bounded by routers, who do not forward broadcasts.

VLANs are extremely flexible!:

  • They can split a single switch into several separate networks.
  • They can merge machines on different switches into a single network.

image

Traffic cannot pass directly between different VLANs.

To send packets between VLANs, a router or Layer 3 switch is required.

VLANs are often associated with specific IP subnets.

How To Configure VLANs

Define the necessary VLANs on each switch:

  • Choose a unique VLAN ID for each VLAN
  • ID must be consistent across all switches involved

Configure the ports on each switch – 2 possible options:

  • Access Ports: Can only be assigned to/carry traffic from a single VLAN
    • Used to connect end devices to a switch
  • Trunk Ports: Carry traffic from multiple VLANs – used to connect switches
    • Will "tag" packets with the proper VLAN ID

Access and Trunk Ports

For Example – if we look at this picture, the ports with the Blue and Red computers would be Access Ports:

  • Those ports can only be in one VLAN
  • Either VLAN 10 (Blue) or VLAN 20 (Red)

The Ports connecting the two switches are Trunked:

  • Those ports can send packets on multiple VLANS (10 and 20)

image

LANS are an implementation of VLSM

Once you’ve subnetted your organization, the subnetting scheme has to be carried out on the physical infrastructure.

When subnets occupy the same physical space, we can use VLANS to keep devices on separate networks, even though they are next to each other physically.

VLANs and Switch Interfaces

When using VLANs, switchports need to be configured/defined for the appropriate VLAN

Two types of port configurations:

  • Access: An access port is for end-devices. Can only be assigned a single VLAN

  • Trunk: Trunk ports carry multiple VLANs and are used to connect switches. Allows for the VLANs to span across multiple switches.

    • Trunk ports “tag” the packets with the VLAN id #
    • The VLAN id #’s must be consistent across switches.

Cisco IOS

Cisco Internetworking Operating System

Not to be confused with Apple iOS

Now used on most Cisco switches and routers

Some security appliances use a Linux-derived OS instead of Cisco IOS

Cisco IOS Config File

CIOS configurations can be thought of as one big text file

When you enter a configuration command, you are really just adding, removing, or editing a line in that file

Essentially two versions of the file:

  • Startup-config: This is the last version that was saved. If the router/switch was restarted, this is the config that would load
  • Running-config: This is the version of the config currently running in memory. It has all of the config changes made at the command line since it was last saved.

To save running-config:

  • Command is: copy running-config startup-config (or abbreviated)
  • Copy run start

CIOS Command Modes

Command Modes: Different ”levels” of command and configuration options

User EXEC Mode: Basic monitoring and status commands

  • Prompt is: router>

Privileged EXEC Mode: Administrative Access (think root)

  • Prompt is: router>#

Global Config Mode: Device-wide configuration settings

  • Prompt is: router(config)#

Interface Config Mode: Configure interface settings

  • Prompt is: router(config-if)#
Mode Access Method Prompt About this Mode
User EXEC Begin a session with your router. Router> Use this mode to:•Change terminal settings.•Perform basic tests.•Display system information.
Privileged EXEC Enter the enable command from user EXEC mode. Router# Use this mode to:•Configure your router operating parameters.•To prevent unauthorized changes to your router configuration, access to this mode should be protected with a password
Global configuration Enter the configure  terminal command from privileged EXEC mode. Router(config)# Use this mode to configure parameters that apply to your router as a whole.Also, you can access the following modes, which are described later in this table:•Interface configuration•Router configuration•Line configuration
Interface configuration Enter the interface command (with a specific interface, such as interface ethernet 0) from global configuration mode. Router(config-if)# Use this mode to configure parameters for the router Ethernet and serial interfaces or subinterfaces.

Cisco IOS: Helpful Tips

Up Arrow: Displays last entered commands

The question mark ”?”

  • When in doubt, the ? Will show you all of the options you can type in the current mode or to complete an existing command

TAB

  • The tab key is a great time-saver as it auto-completes a command or word after typing a few letters

Configuring Switchports

Access Ports (for end-devices)

  • Config terminal
  • Config interface port_name-number
  • Switchport mode access
  • Switchport access vlan vlan_id

Trunk ports (to connect switches)

  • Config terminal
  • Config interface port_name-number
  • Switchport mode trunk
  • Switchport trunk allowed vlan vlan_range