Section 6: Ethernet Fundamentals Flashcards
Hub
▪ Layer 1 device used to connect multiple network devices/workstations
(Multiport repeater)
Three basic types:
▪ Passive hub - Repeats signal with no amplification
▪ Active hub - Repeats signal with amplification
▪ Smart hub - Active hub with enhanced features like SNMP
Bridge
A device that aggregates multiple commnication networks.
(Analyzes source MAC addresses entering the bridge and populates an internal MAC address table.)
Switch
▪ Layer 2 device used to connect multiple network segments. (Essentially a multiport bridge)
▪ Switches analyze source MAC addresses, populate an internal MAC address table and make forwarding decisions
▪ Each port represents an individual collision domain
▪ All ports belong to the same broadcast domain
Router
▪ Layer 3 device used to connect multiple networks together
▪ Make forwarding decisions based on logical network address (IP addresses (IPv4 or IPv6))
▪ Routers are typically more feature rich and support a broader range of interface types than multilayer switches
▪ Each port is a separate collision domain
▪ Each port is a separate broadcast domain
Layer 3 Switch
▪ Layer 3 device used to connect multiple network segments together
▪ Can make Layer 3 routing decisions and interconnect entire networks (like a router), not just network segments (like a switch)
Link Aggregation (IEEE Specification)
Link Aggregation (802.3ad)
▪ Combination of multiple physical connections into a single logical connection
▪ Available bandwidth is increased. Congestion is minimized/prevented
Power Over Ethernet (PoE)
802.3af
▪ Requires CAT 5 or higher copper cable
▪ Provides up to 15.4 watts of power to device
Power Over Ethernet Plus (PoE+)
802.3at
▪ Provides up to 25.5 watts of power to device
Port Monitoring or Mirroring
▪ Port mirroring makes a copy of all traffic destined for a port and sends it to another port
User Authentication
802.1x
▪ Switches can require users to authenticate themselves before gaining access to the network
▪ Once authenticated, a key is generated and shared between the supplicant (device wanting access) and the switch (authenticator)
▪ Authentication server checks the supplicant’s credentials and creates the key
▪ Key is used to encrypt the traffic coming from and being sent to the client
Management Access and Authentication (Switches)
▪ SSH - Remote administration program that allows you to connect to the switch over the network
▪ Console Port - Local administration/management of the switch via a computer and rollover (null-modem) cable. (DB-9 to RJ-45)
Out of Band Management
OOB Management -
▪ A network separate from the data network for managing network devices.
First-Hop Redundancy Protocol (FHRP)
Designed to protect the default gateway by providing transparent fail-over at the first-hop router.
Layer 3 Switches (Multilayer Switches) and Routers -
▪ Uses Hot-Standby Router Protocol (HSRP) to create virtual IP and MAC addresses to provide active standby routers.
GLBP (Other First-Hop Redundancy Protocol)
Gateway Load Balancing Protocol - (Cisco Proprietary)
▪ For Exam just need to know they are another First-Hop Redundancy Protocol but HSRP is most popular/common used in most networks.
VRRP (Other First-Hop Redundancy Protocol)
Virtual Router Redundancy Protocol - (Open Source)
▪ For Exam just need to know they are another First-Hop Redundancy Protocol but HSRP is most popular/common used in most networks.
CARP (Other First-Hop Redundancy Protocol)
Common Address Redundancy Protocol - (Open Source)
▪ For Exam just need to know they are another First-Hop Redundancy Protocol but HSRP is most popular/common used in most networks.
MAC Filtering
Layer 2 -
▪ Permits or denies traffic based on MAC Address
Traffic Filtering
▪ Multilayer switches may permit or deny traffic at logical layer using IP addresses (Layer 3) or ports (Layer 4)
QoS
Quality of Service -
▪ Forwards traffic based on quality markers.
HSRP
Hot-Standby Router Protocol - (Cisco Proprietary Protocol)
▪ Uses virtual IP and MAC addresses to provide an “active router” and a “standby router”
STP
Spanning Tree Protocol (STP): A Layer 2 link management protocol (Part of 802.1d standard).
▪ Permits redundant links between switches and prevents bridge (traffic) loops
VLAN
Virtual Local Area Network :
A logical grouping of switch ports with its own subnet or broadcast domain. (At the Data Link (layer 2) layer.)
VLAN Trunking
Virtual Local Area Network Trunking - A point-to-point link between two network devices that carry more than one VLAN (Part of 802.1q standard)
▪ Multiple VLANs transmitted over the same physical cable
▪ VLANs are each tagged with 4-byte identifier
- Tag Protocol Identifier (TPI)
- Tag Control Identifier (TCI)
VPN
Virtual Private Network (VPN)
▪ Creates a secure, virtual tunnel over an untrusted network, like the Internet.
VPN Concentrator
▪ A specialized high-performance device that provides multiple secure VPN connections.
(A firewall can also perform this function.)
VPN Headend
▪ A specific type of VPN concentrator used to terminate IPSec VPN tunnels within a router or other device.
Firewall
(Works at Layers 3 and 4 of the OSI Model)
▪ Network security appliance at the network boundary
▪ Can be software or hardware
NGFW
Next-Generation Firewall (NGFW)
▪ Conducts deep packet inspection at Layer 7
▪ Much more powerful than basic stateless or stateful firewalls
▪ Continually connects to cloud resources for latest information on threats
IDS / IPS
Intrusion Detection or Prevention System (IDS/IPS)
▪ IDS recognizes attacks through signatures and anomalies
▪ IPS recognizes and responds
▪ Host or network-based devices
Proxy Server
▪ A specialized device that makes requests to an external network on behalf of a client
Content Engine/Caching Engine
▪ Dedicated appliance that performs the caching functions of a proxy server
Content Switch or Load Balancer
▪ Distributes incoming requests across various servers in a server farm
