Remote-Access VPNs

Posted: 28th June 2020 by ccna7guru in ITN

In the previous topic you learned about the basics of a VPN. Here you will learn about the types of VPNs.

VPNs have become the logical solution for remote-access connectivity for many reasons. As shown in the figure, remote-access VPNs let remote and mobile users securely connect to the enterprise by creating an encrypted tunnel. Remote users can securely replicate their enterprise security access including email and network applications. Remote-access VPNs also allow contractors and partners to have limited access to the specific servers, web pages, or files as required. This means that these users can contribute to business productivity without compromising network security.

Remote-access VPNs are typically enabled dynamically by the user when required. Remote access VPNs can be created using either IPsec or SSL. As shown in the figure, a remote user must initiate a remote access VPN connection.

The figure displays two ways that a remote user can initiate a remote access VPN connection: clientless VPN and client-based VPN.

Remote-Access VPNs
Remote-Access VPNs
  • Clientless VPN connection -The connection is secured using a web browser SSL connection. SSL is mostly used to protect HTTP traffic (HTTPS), and email protocols such as IMAP and POP3. For example, HTTPS is actually HTTP using an SSL tunnel. The SSL connection is first established, and then HTTP data is exchanged over the connection.
  • Client-based VPN connection – VPN client software such as Cisco AnyConnect Secure Mobility Client must be installed on the remote user’s end device. Users must initiate the VPN connection using the VPN client and then authenticate to the destination VPN gateway. When remote users are authenticated, they have access to corporate files and applications. The VPN client software encrypts the traffic using IPsec or SSL and forwards it over the internet to the destination VPN gateway.

Enterprise Networking, Security, and Automation (ENSA)

Posted: 28th June 2020 by ccna7guru in ENSA

These course materials will assist you in developing the skills necessary to do the following:

  • Explain how single-area OSPF operates in both point-to-point and broadcast multiaccess networks.
  • Verify single-area OSPFv2 in both point-to-point and broadcast multiaccess networks.
  • Explain how vulnerabilities, threats, and exploits can be mitigated to enhance network security.
  • Explain how ACLs are used as part of a network security policy.
  • Implement standard IPv4 ACLs to filter traffic and secure administrative access.
  • Configure NAT services on the edge router to provide IPv4 address scalability.
  • Explain how WAN access technologies can be used to satisfy business requirements.
  • Explain how VPNs secure site-to-site and remote access connectivity.
  • Explain how networking devices implement QoS.
  • Implement protocols to manage the network.
  • Explain the characteristics of scalable network architectures.
  • Troubleshoot enterprise networks.
  • Explain the purpose and characteristics of network virtualization.
  • Explain how network automation is enabled through RESTful APIs and configuration management tools.

OSPFv3

Posted: 21st June 2020 by ccna7guru in ENSA

OSPFv3 is the OSPFv2 equivalent for exchanging IPv6 prefixes. Recall that in IPv6, the network address is referred to as the prefix and the subnet mask is called the prefix-length.

Similar to its IPv4 counterpart, OSPFv3 exchanges routing information to populate the IPv6 routing table with remote prefixes.

Note: With the OSPFv3 Address Families feature, OSPFv3 includes support for both IPv4 and IPv6. OSPF Address Families is beyond the scope of this curriculum.

OSPFv2 runs over the IPv4 network layer, communicating with other OSPF IPv4 peers, and advertising only IPv4 routes.

OSPFv3 has the same functionality as OSPFv2, but uses IPv6 as the network layer transport, communicating with OSPFv3 peers and advertising IPv6 routes. OSPFv3 also uses the SPF algorithm as the computation engine to determine the best paths throughout the routing domain.

OSPFv3 has separate processes from its IPv4 counterpart. The processes and operations are basically the same as in the IPv4 routing protocol, but run independently. OSPFv2 and OSPFv3 each have separate adjacency tables, OSPF topology tables, and IP routing tables, as shown in the figure.

The OSPFv3 configuration and verification commands are similar to those used in OSPFv2.

OSPFv2 and OSPFv3 Data Structures
OSPFv2 and OSPFv3 Data Structures

Link-State Operation of OSPF

Posted: 21st June 2020 by ccna7guru in ENSA

To maintain routing information, OSPF routers complete a generic link-state routing process to reach a state of convergence. The figure shows a five router topology. Each link between routers is labeled with a cost value. In OSPF, cost is used to determine the best path to the destination. The following are the link-state routing steps that are completed by a router:

  1. Establish Neighbor Adjacencies
  2. Exchange Link-State Advertisements
  3. Build the Link State Database
  4. Execute the SPF Algorithm
  5. Choose the Best Route
 Establish Neighbor Adjacencies
Exchange Link-State Advertisements
Build the Link State Database
Execute the SPF Algorithm
Choose the Best Route

Basic Router Configuration Review

Posted: 21st June 2020 by ccna7guru in SRWE

Verification Commands

Common verification commands include the following:

show ip interface brief

show running-config interfaceinterface-type number

show interfaces

show ip interface

show ip route

ping

In each case, replace ip with ipv6 for the IPv6 version of the command.

Build the Routing Table

Posted: 21st June 2020 by ccna7guru in SRWE

Directly Connected Networks: Added to the routing table when a local interface is configured with an IP address and subnet mask (prefix length) and is active (up and up).

Remote Networks: Networks that are not directly connected to the router. Routers learn about remote networks in two ways:

Static routes – Added to the routing table when a route is manually configured.

Dynamic routing protocols – Added to the routing table when routing protocols dynamically learn about the remote network.

Default Route: Specifies a next-hop router to use when the routing table does not contain a specific route that matches the destination IP address. The default route can be entered manually as a static route, or learned automatically from a dynamic routing protocol. •A default route has a /0 prefix length. This means that no bits need to match the destination IP address for this route entry to be used. If there are no routes with a match longer than 0 bits, the default route is used to forward the packet. The default route is sometimes referred to as a gateway of last resort.

Passive and Active Discover Mode

Posted: 20th June 2020 by ccna7guru in SRWE
WLAN Operation Passive and Active Discover Mode

Control Plane and Data Plane

Posted: 14th June 2020 by ccna7guru in ENSA

The previous topic explained virtual network infrastructure. This topic will cover Software- Defined Networking (SDN). SDN was explained in the previous video. We will cover more details here.

A network device contains the following planes:

  • Control plane – This is typically regarded as the brains of a device. It is used to make forwarding decisions. The control plane contains Layer 2 and Layer 3 route forwarding mechanisms, such as routing protocol neighbor tables and topology tables, IPv4 and IPv6 routing tables, STP, and the ARP table. Information sent to the control plane is processed by the CPU.
  • Data plane – Also called the forwarding plane, this plane is typically the switch fabric connecting the various network ports on a device. The data plane of each device is used to forward traffic flows. Routers and switches use information from the control plane to forward incoming traffic out the appropriate egress interface. Information in the data plane is typically processed by a special data plane processor without the CPU getting involved.
The figure illustrates how Cisco Express Forwarding (CEF) uses the control plane and data plane to process packets.
CEF is an advanced, Layer 3 IP switching technology that enables forwarding of packets to occur at the data plane without consulting the control plane. In CEF, the control plane’s routing table pre-populates the CEF Forwarding Information Base (FIB) table in the data plane. The control plane’s ARP table pre-populates the adjacency table. Packets are then forwarded directly by the data plane based on the information contained in the FIB and adjacency table, without needing to consult the information in the control plane

Hello Packet in OSPFv2

Posted: 6th June 2020 by ccna7guru in ITN

The OSPF Type 1 packet is the Hello packet. Hello packets are used to do the following:

  • Discover OSPF neighbors and establish neighbor adjacencies.
  • Advertise parameters on which two routers must agree to become neighbors.
  • Elect the Designated Router (DR) and Backup Designated Router (BDR) on multiaccess networks like Ethernet. Point-to-point links do not require DR or BDR.

The figure displays the fields contained in the OSPFv2 Type 1 Hello packet.

OSPF Hello Packet Content

OSPF Hello Packet Content
OSPF Hello Packet Content

Important fields shown in the figure include the following:

  • Type – This identifies the type of packet. A value 1 indicates a Hello packet. A value 2 identifies a DBD packet, 3 an LSR packet, 4 an LSU packet, and 5 an LSAck packet.
  • Router ID – A 32-bit value expressed in dotted decimal notation (like an IPv4 address) is used to uniquely identify the originating router.
  • Area ID – This is the number of the area from which the packet originated.
  • Network Mask – This is the subnet mask associated with the sending interface.
  • Hello Interval – This specifies the frequency, in seconds, at which a router sends Hello packets. The default Hello interval on multiaccess networks is 10 seconds. This timer must be the same on neighboring routers; otherwise, an adjacency is not established.
  • Router Priority – This is used in a DR/BDR election. The default priority for all OSPF routers is 1, but can be manually altered from 0 to 255. The higher the value, the more likely the router becomes the DR on the link.
  • Dead Interval – This is the time, in seconds, that a router waits to hear from a neighbor before declaring the neighboring router out of service. By default, the router Dead Interval is four times the Hello interval. This timer must be the same on neighboring routers; otherwise, an adjacency is not established.
  • Designated Router (DR) – This is the router ID of the DR.
  • Backup Designated Router (BDR) – This is the router ID of the BDR.
  • List of Neighbors – This list identifies the router IDs of all adjacent routers.

Types of OSPF Packets

Posted: 5th June 2020 by ccna7guru in SRWE

Link-state packets are the tools used by OSPF to help determine the fastest available route for a packet. OSPF uses the following link-state packets (LSPs) to establish and maintain neighbor adjacencies and exchange routing updates. Each packet serves a specific purpose in the OSPF routing process, as follows:

  • Type 1: Hello packet – This is used to establish and maintain adjacency with other OSPF routers.
  • Type 2: Database Description (DBD) packet – This contains an abbreviated list of the LSDB of the sending router and is used by receiving routers to check against the local LSDB. The LSDB must be identical on all link-state routers within an area to construct an accurate SPF tree.
  • Type 3: Link-State Request (LSR) packet – Receiving routers can then request more information about any entry in the DBD by sending an LSR.
  • Type 4: Link-State Update (LSU) packet – This is used to reply to LSRs and to announce new information. LSUs contain several different types of LSAs.
  • Type 5: Link-State Acknowledgment (LSAck) packet – When an LSU is received, the router sends an LSAck to confirm receipt of the LSU. The LSAck data field is empty.

The table summarizes the five different types of LSPs used by OSPFv2. OSPFv3 has similar packet types.

TypePacket NameDescription
1HelloDiscovers neighbors and builds adjacencies between them
2Database Description (DBD)Checks for database synchronization between routers
3Link-State Request (LSR)Requests specific link-state records from router to router
4Link-State Update (LSU)Sends specifically requested link-state records
5Link-State Acknowledgment (LSAck)Acknowledges the other packet types
Packet Types in OSPFv2
CCNA Guru – OSPFv2 Packet Types