Faculty of

Information Technology
Networks 511
Year 1 Semester 1
Registered with the Department of Higher Education as a Private Higher Education Institution
under the Higher Education Act, 1997. Registration Certificate No. 2000/HE07/008

FACULTY OF INFORMATION TECHNOLOGY

LEARNER GUIDE
MODULE: NETWORKS 511
(1ST SEMESTER)

PREPARED ON BEHALF OF
RGI (PTY) LTD

Copyright © 2021
RGI (Pty) Ltd
Registration Number: 2000/000757/07
All rights reserved; no part of this publication may be reproduced in any form or by any means,
including photocopying machines, without the written permission of the Institution.
Table of Contents
1.1. TYPES OF TOPOLOGIES AND THE OSI MODEL ............................................................................. 1
1.1.1 What is a network, or computer network?......................................................................... 1
1.1.2 MANs and WANs ................................................................................................................. 3
1.2 Selection of Network Architecture ............................................................................................. 3
1.2.1 Peer-to-Peer ........................................................................................................................... 3
1.2.2 Client/Server Networks ....................................................................................................... 5
1.2.3 NETWORK INFRASTRUCTURE IMPLEMENTATION ......................................................................... 7
1.2.4. Types of Network Topology .................................................................................................. 7
i. BUS Topology .......................................................................................................................... 7
Structures of Bus Topology ............................................................................................................ 8
ii. RING Topology ........................................................................................................................ 8
Structures of Ring Topology ........................................................................................................... 9
iii. STAR Topology ........................................................................................................................ 9
Structures of Star Topology ......................................................................................................... 10
iv. Mesh Topology...................................................................................................................... 10
Types of Mesh Topology .............................................................................................................. 11
Structures of Mesh Topology ....................................................................................................... 11
v. TREE Topology....................................................................................................................... 12
Structures of Tree Topology ......................................................................................................... 12
vi. Hybrid Topology .................................................................................................................... 12
Structures of Hybrid Topology ..................................................................................................... 13
vii. Point- to- Point Topology .................................................................................................. 13
viii. Point-To-Multipoint: ......................................................................................................... 13
1.3 Topology Selection, Backbones, and Segments .......................................................................... 14
Selection of Topology ................................................................................................................... 14
Network Backbone ........................................................................................................................ 15
1.4 Open Systems Interconnection ....................................................................................................... 15
1.4.1 OSI MODEL FEATURES: ................................................................................................................ 16
1.4.2 OSI LAYERS PROTOCOLS............................................................................................................... 18
Advantages of OSI reference model: ........................................................................................... 18
Drawbacks of OSI reference model: ............................................................................................ 18
1.5. ENCAPSULATION/DE-CAPSULATION .............................................................................................. 19

i|Page
1.5.1 Encapsulation ............................................................................................................................... 19
1.5.2 Decapsulation Process ................................................................................................................. 21
Key Terms ......................................................................................................................................... 21
Assessment Questions ..................................................................................................................... 22
Review Questions.................................................................................................................................. 39
Discussion Question .............................................................................................................................. 40
Activity 1: Case Study Problem ........................................................................................................ 40
Reference:......................................................................................................................................... 41
2.1 CURRENT ETHERNET STANDARDS .................................................................................................. 43
Introduction ...................................................................................................................................... 43
2.1.1 Future of Ethernet ................................................................................................................... 44
2.2 Ethernet Some Key Considerations ............................................................................................ 45
2.2.1 Collision Domain ................................................................................................................. 45
2.2.2 Broadcast Domain ................................................................................................................ 46
2.2.3 CSMA/CD .............................................................................................................................. 47
2.2.4 Broadband /Baseband ......................................................................................................... 48
2.2.5 Bit Rates vs Baud Rate ......................................................................................................... 49
2.2.6 Wavelength .......................................................................................................................... 50
2.3 Ethernet in the Datalink and Physical Layers .................................................................................. 50
2.3.1 Sampling sizes .......................................................................................................................... 50
2.3.2 Half and full duplex Ethernet ................................................................................................... 50
2.3.3 Full Duplex Ethernet Mode ...................................................................................................... 51
2.4 Ethernet at the Data Link Layer ...................................................................................................... 52
2.4.1 MAC...................................................................................................................................... 52
2.4.2 Binary to decimal and hexadecimal conversion .................................................................. 52
2.4.3 Binary to Octal...................................................................................................................... 53
2.4.4 Binary to Hexadecimal ......................................................................................................... 53
2.4.5 Binary to Decimal ................................................................................................................. 53
2.5 Ethernet Addressing........................................................................................................................ 55
2.5.1 How to find the MAC address in Windows .......................................................................... 56
2.5.2 How to find the MAC address in UNIX or Linux ................................................................... 56
2.5.3 How to find the MAC address in Mac OS ............................................................................. 56
2.6 Ethernet Frames.............................................................................................................................. 57
2.6.1 Ethertype.............................................................................................................................. 59

ii | P a g e
 2.6.2 Data (Payload) ...................................................................................................................... 59
2.6.3 PDU Encapsulation ............................................................................................................... 59
2.7 TROUBLESHOOTING TOOLS ............................................................................................................ 60
2.7.1 Troubleshooting Tools to consider .......................................................................................... 62
2.7.2 Protocol analyser ................................................................................................................. 63
2.7.3 Throughput Testers ................................................................................................................. 63
2.7.4 Connectivity Software .............................................................................................................. 64
Traceroute..................................................................................................................................... 65
ipconfig and ifconfig ..................................................................................................................... 67
Using ARP Utility........................................................................................................................... 70
Detecting Duplicate IP Addresses Using ARP ................................................................................ 71
Using nslookup utility................................................................................................................... 71
Resolving names with the host table .......................................................................................... 72
2.7.5 Domain Names ..................................................................................................................... 72
Using the Mtr command (pathping) ............................................................................................ 74
Using the route command ........................................................................................................... 75
Using the nbtstat command......................................................................................................... 76
Using the netstat utility ............................................................................................................... 77
Summary ....................................................................................................................................... 78
2.8 MODULATION TECHNIQUES ........................................................................................................... 78
2.8.1 A Modem.............................................................................................................................. 79
2.8.2 Modulation/Demodulation ...................................................................................................... 79
2.8.3 Analog Modulation Techniques ........................................................................................... 80
2.8.4 Digital Modulation Techniques .................................................................................................... 83
2.8.5 Frequency Division Multiplexing .............................................................................................. 85
Assessment questions ...................................................................................................................... 87
3.1 A Switch........................................................................................................................................... 92
3.1.1 Dedicated Access and Full Duplex........................................................................................ 92
3.1.2 Switches: Traffic Isolation .................................................................................................... 93
3.2 Multilayer switch ............................................................................................................................ 93
3.4 Router ............................................................................................................................................. 94
3.4.1 How Routers Work ............................................................................................................... 94
3.4.2 Routers for Business Networks and the Internet ................................................................ 94
3.4.3 Home Broadband Routers ................................................................................................... 95

iii | P a g e
 3.4.4 Switch versus a Router ......................................................................................................... 95
3.5 Firewall ............................................................................................................................................ 95
3.4.1 Proxy firewall ....................................................................................................................... 96
3.4.2 Stateful inspection firewall .................................................................................................. 96
3.4.3 Unified threat management (UTM) firewall ........................................................................ 96
3.4.4 Next-generation firewall (NGFW) ........................................................................................ 96
3.4.5 Threat-focused NGFW.......................................................................................................... 97
3.4.6 HIDS ...................................................................................................................................... 97
3.4.7 IDS/IPS .................................................................................................................................. 98
3.5 Hubs and Bridges ............................................................................................................................ 98
3.6 DHCP ....................................................................................................................................... 99
3.6.1 Applies To: Windows Server 2008 ........................................................................................... 99
3.6.2 Why use DHCP?...................................................................................................................... 100
3.6.3 Benefits of DHCP .................................................................................................................... 101
3.7 Proxy Reverse Proxy ...................................................................................................................... 101
3.7.1 Web acceleration ............................................................................................................... 101
3.7.2 HTTP Optimization ............................................................................................................. 101
3.7.3 Caching and Prefetching .................................................................................................... 102
Compression ............................................................................................................................... 102
3.7.4 SSL/TLS Processing ............................................................................................................. 102
3.8 VLANS ............................................................................................................................................ 102
3.9 PoE (Power over Ethernet) and STP (Spanning Tree Protocol) ..................................................... 104
Prerequisites................................................................................................................................... 104
3.9.2 Spanning Tree Protocol Failure .......................................................................................... 104
3.9.3 Spanning Tree Convergence .............................................................................................. 105
3.9.4 Duplex Mismatch ............................................................................................................... 105
4.1 Networks Cable type mastering .................................................................................................... 109
4.2 Implementing a Network Infrastructure ................................................................................... 109
4.3 Devices for Structured Cabling.................................................................................................. 110
1. Entrance Facility (EF): .......................................................................................................... 111
4.6 Enterprise Networks and SOHO (Small Office/Home Office) ....................................................... 114
4.7 Components of an Industrial Control System and SCADA Network ..................................... 114
4.8 Industrial Control System.............................................................................................................. 114
4.9 Components of an Industrial Control System and SCADA Network ......................................... 115

iv | P a g e
 4.10 Components of an Industrial Control System and SCADA Network ................................... 116
4.10.1 Securing an ICS/SCADA Network ..................................................................................... 116
4.10.2 Asset Management .............................................................................................................. 117
4.10.3 Business Documents ............................................................................................................ 117
4.10.4 Change Management ............................................................................................................... 117
4.10.5 Software and Hardware Changes ........................................................................................ 118
4.10.6 Change Management Documentation .................................................................................... 119
4.10.7 Physical Security Controls ........................................................................................................ 119
4.10.8 Physical Security Controls .................................................................................................... 120
4.10.9 Troubleshooting and Response Policies .................................................................................. 122
4.11 Disaster recovery ........................................................................................................................ 122
4.11.1 Disaster Recovery Planning ...................................................................................................... 123
4.11.2 Disaster Recovery Contingencies ............................................................................................. 123
i. Cold site............................................................................................................................... 123
ii. Warm site ............................................................................................................................ 123
iii. Hot site ................................................................................................................................ 124
4.11.3 Forensics .................................................................................................................................. 124
4.11.4 Summary .................................................................................................................................. 125
Review Questions................................................................................................................................ 126
Key terms used.................................................................................................................................... 134

v|Page
CHAPTER 1: NETWORK TOPOLOGIES AND OSI REFERENCE MODEL

1.1. TYPES OF TOPOLOGIES AND THE OSI MODEL

LEARNING OUTCOMES
After reading this Section of the guide, the learner should be able to:

Understand the Network Topologies and the Network infrastructure.

Know the Protocols and how they complement each other
Describe the seven layers of the OSI model

Master and analyse scenarios and refer the matching OSI layer
Identify types of applications and protocols used on a network
Distinguish between the client-server and peer-to-peer models used to control access
to a network
Describe various networking hardware devices and the most common physical
topologies
HOW Encapsulation/De-capsulation works
Explore best practices for safety when working with networks and computers
Describe the seven-step troubleshooting model for solving a networking
problem

1.1.1 What is a network, or computer network?

It is a group or system of interconnected people or things or a collection of computers and

other hardware interconnected by communication channels that allow sharing of
resources and information. Where at least one process in one device is able to
send/receive data to/from at least one process residing in a remote device, then the two
devices are said to be in a network. Simply, more than one computer interconnected
through a communication medium for information interchange is called a computer
network.

1|Page
Figure 1: Basic Network

For reference purpose: pp.44 Networks + Study Guide 3rd Edition by Todd Lammle.

Using networks offers advantages relative to using a stand-alone computer—that is, a

computer that is not connected to other computers and that uses software applications
and data stored on its local disks. Most importantly, networks enable multiple users to
share devices (e.g., printers, scanners, cameras etc.) and data (such as spread sheet and
other types of files), which are collectively known as the network’s resources. Sharing
devices saves money. For example, rather than buying 20 printers for 20 staff members,
a company can buy two printers, divide the 20 staff members into two groups and the
two groups will share the two printers [one printer for each group of ten] over a
network. Sharing devices also saves time.
For example, it’s faster for co-workers to share data over a network than to copy data to
a removable storage device and physically transport the storage device from one
computer to another— as in an outdated file sharing method commonly referred to as a
sneaker net (presumably because people wore sneakers when walking from computer
to computer). Before networks, transferring data via floppy disks was the only possible
way to share data.
Networks also allow you to manage, or administer, resources on multiple computers
from a central location.
Imagine you work in the Information Technology (IT) department of a multinational bank
and must verify that each of 5000 employees around the globe uses the same version of
a database program. Without a network, you would have to visit every employee’s
machine to check and install the proper software. With a network, however, you could
check the software installed on computers around the world from the computer on your
desk. Because they allow you to share devices and administer computers centrally,

2|Page
 networks increase productivity. It’s not surprising, then, that virtually all organizations
depend on their networks to stay competitive.

Computers talk to each other using binary code which comprises of 0s and 1s in a sequence
explaining what they want to do.

Discussion: Research on the History of Network and Internet and present it in class.

1.1.2 MANs and WANs

Metropolitan area network (MAN) - a group of connected LANs in the same geographical
area Also known as a Campus Area Network (CAN)
WAN (wide area network): a group of LANs that spread over a wide geographical area –
Internet is the largest and most varied WAN
MANs and WANs often use different transmission methods and media than LANs
PAN (personal area network): smallest network – A network of personal devices

MANs and WANs diagram below,

Figure 2: MANs & WANs

1.2 Selection of Network Architecture

1.2.1 Peer-to-Peer
A computer can be configured on a network in different ways relative to other computers.
Computers can have different levels of control over shared resources. They can also be made to

3|Page
communicate and share resources according to different hierarchical schemes. The following
sections describe two fundamental network models: peer-to-peer and client/server. The simplest
form of a network is a peer-to-peer network. In a peer-to-peer network, every computer can
communicate directly with every other computer. By default, no computer on a peer-to-peer
network has more authority than another. However, each computer can be configured to share only
some of its resources and prevent access to other resources. Traditional peer-to-peer networks
typically consist of two or more general-purpose personal computers, with modest processing
capabilities. Every computer is capable of sending and receiving information to and from every other
computer, as shown below;

Figure 3: Resource sharing on a simple peer-to-peer network

The following are advantages of using traditional peer-to-peer networks:

They are simple to configure. For this reason, they may be used in environments in which
time or technical expertise is scarce.
They are often less expensive to set up and maintain than other types of networks. This fact
makes them suitable for environments in which saving money is critical.
The following are disadvantages of using traditional peer-to-peer networks:
They are not very flexible. As a peer-to-peer network grows larger, adding or changing
significant elements of the network may be difficult.
They are also not necessarily secure—meaning that in simple installations, data and other
resources shared by network users can be easily discovered and used by unauthorized
people.
They are not practical for connecting more than a handful of computers, because they do
not always centralize resources.

4|Page
For example, if your computer is part of a peer-to-peer network that includes five other computers,
and each computer user stores her spread sheets and word-processing files on her own hard disk,
whenever your colleagues want to edit your files, they must access your machine on the network. If
one colleague saves a changed version of one of your spread sheets on her hard disk, you’ll find it
difficult to keep track of which version is the most current. As you can imagine, the more computers
you add to a peer-to-peer network, the more difficult it becomes to find and manage resources.

A common way to share resources on a peer-to-peer network is by modifying the file-sharing

controls via the computer’s operating system. For example, you could choose to create a directory
on your computer’s hard disk called “SharedDocs” and then configure the directory to allow all
networked computers to read its files. On a peer-to-peer network, each user is responsible for
configuring her computer to allow access to certain resources and prevent access to others. In other
words, resource sharing is not controlled by a central computer or authority. Because access
depends on many different users, it might not be uniform or secure.

Although traditional peer-to-peer networks are typically small and contained within a home or
office, examples of very large peer-to-peer networks have emerged to take advantage of the
Internet. These newer types of peer-to-peer networks (commonly abbreviated P2P networks) link
computers from around the world to share files between each other’s hard disks. Unlike the older
style of peer-to-peer networking, they require specialized software (besides the computer’s
operating system) to allow resource sharing. Examples of these networks include Gnutella, Freenet,
and the original Napster. In 2001, Napster, which allowed users around the globe to share music
files, was forced to cease operation due to charges of copyright infringement from musicians and
music producers. Later, the service was redesigned to provide legitimate music file-sharing services.
More recently, a company called BitTorrent has made a unique high-speed data transfer technology
(also called BitTorrent) the foundation of its business. The company specializes in allowing
companies and individuals to share video, audio, software, and games over the Internet.

1.2.2 Client/Server Networks

Another way of designing a network is to use a central computer, known as a server, to facilitate
communication and resource sharing between other computers known as clients on the network.
Clients usually take the form of personal computers, also known as workstations. A network that
uses a server to enable clients to share data, data storage space, and devices is known as a
client/server network. (The term client/server architecture is sometimes used to refer to the design
of a network in which clients rely on servers for resource sharing and processing.) In terms of
resource sharing and control, you can compare the client/server network to a public library. Just as a

5|Page
librarian manages the use of books and other media by patrons, a server manages the use of shared
resources by clients. For example, if a patron does not have the credentials to check out books, the
librarian prevents the patron from doing so. Similarly, a server allows only authorized clients to
access its resources.

Every computer on a client/server network acts as a client or a server. (It is possible, but uncommon,
for some computers to act as both.) Clients on a network can still run applications from and save
data to their local hard disk. But by connecting to a server, they also have the option of using shared
applications, data, and devices. Clients on a client/server network do not share their resources
directly with each other, but rather use the server as an intermediary. Clients and servers
communicate through connectivity devices such as switches and/or routers.

The below figure illustrates how resources are shared on a client/server network.

To function as a server, a computer must be running a Network Operating System [NOS].

A(n) NOS is a special type of software designed to do the following:

Manage data and other resources for a number of clients.

Ensure that only authorized users access the network.
Control which type of files a user can open and read.
Restrict when and from where users can access the network.
Dictate which rules computers will use to communicate.
Supply applications to clients.

Figure 4: Resource sharing on a client/server network

Examples of popular network operating systems include various forms of UNIX and Linux, Microsoft
Windows Server 2003 or Server 2008, and Mac OS X Server. (By contrast, a stand-alone computer, or

6|Page
a client computer, uses an operating system, such as Windows XP or Windows Vista, which has more
limited resource management capabilities.)

Usually, servers have more memory, processing power, and storage capacity than clients. They may
even be equipped with special hardware designed to provide network management functions
beyond that provided by the network operating system. For example, a server might contain an
extra hard disk and specialized software so that if the primary hard disk fails, the secondary hard disk
automatically takes its place.

Although client/server networks are typically more complex in their design, architecture and
maintenance than peer-to-peer networks, they offer many advantages over peer-to-peer networks,
such as:

User logon accounts and passwords for anyone on a server-based network Access to
multiple shared resources (such as data files or printers) can be centrally granted to a single
user or groups of users.
Problems on the network can be monitored, diagnosed, and often fixed from one location.
Servers are optimized to handle heavy processing loads and dedicated to handling requests
from clients, enabling faster response times.
Because of their efficient processing and larger disk storage, servers can connect more than
a handful of computers on a network.

Together, these advantages make client/server networks easier to manage, more secure, and
exceedingly more powerful than peer-to-peer networks. They are also more scalable—that is, they
can be more easily added onto and extended—than peer-to-peer networks.

1.2.3 NETWORK INFRASTRUCTURE IMPLEMENTATION

1.2.4. Types of Network Topology

Network Topology is the schematic description of a network arrangement, connecting
various nodes (sender and receiver) through lines of connection.

i. BUS Topology
Bus topology is a network type in which every computer and network device is connected to
single cable. When it has exactly two endpoints, then it is called Linear Bus topology.

7|Page
Figure 5: Bus Topology

Structures of Bus Topology

It uses one direction when transmitting data.
A single cable is used to connect every device.
Advantages of Bus Topology

It is cost effective.
Less Cabling compared to other network topology.
Normally it is used in small networks.
It is easy to understand.
Expansion is easy, join only two cables together.
Disadvantages of Bus Topology

Cable failure then the whole network fails.

If network traffic is heavy or nodes are more the performance of the network decreases.
Cable has a limited length.
It is slower than the ring topology.

ii. RING Topology

It is called ring topology because it forms a ring as each computer is connected to another
computer, with the last one connected to the first. There are exactly two neighbors for each
device.

8|Page
Figure 6: Ring Topology

Structures of Ring Topology

A number of repeaters are used for Ring topology with large number of nodes, because if
someone wants to send some data to the last node in the ring topology with 100 nodes,
then the data will have to pass through 99 nodes to reach the 100th node. Hence to prevent
data loss repeaters are used in the network.
The transmission is unidirectional, but it can be made bidirectional by having 2 connections
between each Network Node, it is called Dual Ring Topology.
In Dual Ring Topology, two ring networks are formed, and data flow is in opposite direction
in them. Also, if one ring fails, the second ring can act as a backup, to keep the network up.
Data is transferred in a sequential manner that is bit by bit. Data transmitted, has to pass
through each node of the network, till the destination node.
Advantages of Ring Topology

Transmitting network is not affected by high traffic or by adding more nodes, as only the
nodes having tokens can transmit data.
Cheap to install and expand
Disadvantages of Ring Topology
Troubleshooting is difficult in ring topology.
Adding or deleting the computers disturbs the network activity.
Failure of one computer disturbs the whole network.

iii. STAR Topology

In this type of topology all the computers are connected to a single hub through a cable. This
hub is the central node and all others nodes are connected to the central node.

9|Page
Figure 7: Star Topology

Structures of Star Topology

Every node has its own dedicated connection to the hub.
Hub acts as a repeater for data flow.
Can be used with twisted pair, Optical Fiber or coaxial cable.
Advantages of Star Topology

Fast performance with few nodes and low network traffic.

Hub can be upgraded easily.
Easy to troubleshoot.
Easy to setup and modify.
Only that node is affected which has failed, rest of the nodes can work smoothly.
Disadvantages of Star Topology

Cost of installation is high.

Expensive to use.
If the hub fails then the whole network is stopped because all the nodes depend on the hub.
Performance is based on the hub that is it depends on its capacity

iv. Mesh Topology

It is a point-to-point connection to other nodes or devices. All the network nodes are
connected to each other. Mesh has n (n-2)/2 physical channels to link n devices.
There are two techniques to transmit data over the Mesh topology, they are:
1. Routing
2. Flooding

1. Routing
In routing, the nodes have a routing logic, as per the network requirements. Like routing
logic to direct the data to reach the destination using the shortest distance. Or, routing logic

10 | P a g e
 which has information about the broken links, and it avoids those nodes etc. We can even
have routing logic, to re-configure the failed nodes.
2. Flooding
In flooding, the same data is transmitted to all the network nodes; hence no routing logic is
required. The network is robust, and it’s very unlikely to lose the data. But it leads to
unwanted load over the network.

Figure 8: Mesh Topology

Types of Mesh Topology

1. Partial Mesh Topology: In this topology some of the systems are connected in the same
fashion as mesh topology but some devices are only connected to two or three devices.
2. Full Mesh Topology: Each and every nodes or devices are connected to each other.
Structures of Mesh Topology
Fully connected.
Robust.
Not flexible.
Advantages of Mesh Topology

Each connection can carry its own data load.

It is robust.
Fault is diagnosed easily.
Provides security and privacy.
Disadvantages of Mesh Topology

Installation and configuration is difficult.

Cabling cost is more.
Bulk wiring is required.

11 | P a g e
 v. TREE Topology
It has a root node and all other nodes are connected to it forming a hierarchy. It is also
called hierarchical topology. It should at least have three levels to the hierarchy.

Figure 9: Tree Topology

Structures of Tree Topology

Ideal if workstations are located in groups.
Used in Wide Area Network.
Advantages of Tree Topology

Extension of bus and star topologies.

Expansion of nodes is possible and easy.
Easily managed and maintained.
Error detection is easily done.
Disadvantages of Tree Topology

Heavily cabled.
Costly.
If more nodes are added maintenance is difficult.
Central hub fails, network fails.

vi. Hybrid Topology

It is two different types of topologies which is a mixture of two or more topologies. For
example if in an office in one department ring topology is used and in another star topology
is used, connecting these topologies will result in Hybrid Topology (ring topology and star
topology).

12 | P a g e
Figure 10: Hybrid Topology

Structures of Hybrid Topology

It is a combination of two or topologies
Inherits the advantages and disadvantages of the topologies included
Advantages of Hybrid Topology

Reliable as Error detecting and troubleshooting is easy.

Effective.
Scalable as size can be increased easily.
Flexible.
Disadvantages of Hybrid Topology

Complex in design.
Costly.

vii. Point- to- Point Topology

Point-To-Point: A data transmission that involves one transmitter and one receiver.

Figure 11: Point to Point

viii. Point-To-Multipoint: A communications arrangement in which one transmitter issues

signals to multiple receivers. The receivers may be undefined, as in a broadcast transmission,
or defined, as in a non-broadcast transmission. RTT (Round Trip Time): The length of time it

13 | P a g e
 takes for a packet to go from sender to receiver, then back from receiver to sender. RTT is
usually measured in milliseconds. Simplex: A type of transmission in which signals may travel
in only one direction over a medium.

Figure 12: Point to Multipoint

1.3 Topology Selection, Backbones, and Segments

The introduction to networks has introduced you to all the types of network topologies and you can
now select the right type of network. But all you have to know is about backbones and segments.
Quality is the guide to your selection for network type also they do have their pros and cons to
consider
There some questions to consider;
What is the budget for the job?
How much fault tolerance and security do you need?
Is the network going to expand? And how often is it going to be configured?
Scalability of the network is needed because if it’s going grow and change over the years.
Selection of Topology
To design a nice and cost effective solution for few computers in a room getting a network cards and
use wireless that will be the best choice it’s easy to setup and no cabling.

Got the right topology for the right network;

Cost
Ease of installation
Ease of maintenance
Fault tolerance requirement
Security requirement

14 | P a g e
Network Backbone
To have a standard way of communicating with each other intelligibly and the type of network we
are referring to. This is why we divide in different parts called Backbones and Segments.

Let’s show the backbone and the segments on a network;

Figure 13:Backbone and Segments

Further reading on point to point and multipoint topology selecting Network topology:
Network Study Guide 3rd Edition, Todd Lammle, (pp.16-21).

Summary

There was a strong foundation built for you to understand networking with some
components mentioned in building one such as router, Switches and hubs. Good
understanding of various types of network connection methods (architecture) like Peer-to-
Peer and Client server. Added to what you learnt were the logical and physical network
topologies with their structures and Pros and Cons. This will equip you with the needed
knowledge on selecting the right network topology for your network.

1.4 Open Systems Interconnection (OSI) reference model – Is a seven-layer model

developed by ISO in the 1980s to categorize the layers of communication.

The OSI model is the seven layer architecture. It defines seven layers or levels in a complete
communication system.
Please refer to the below diagram starting from the sender down through to the first layer and gets
to the receiving end;

15 | P a g e
1.4.1 OSI MODEL FEATURES:
1. Big picture of communication over network is understandable through this OSI model.
2. We see how hardware and software work together.
3. We can understand new technologies as they are developed.
4. Troubleshooting is easier by separate networks.
5. Can be used to compare basic functional relationships on different networks.
I would like you to start by understanding the seven layers and their work before explaining the
layers protocols.

Figure 14: OSI Model

Layer 7: Application Layer

Describes the interface between two applications, on separate computers

Application layer protocols are used by programs that fall into two categories:
 Provide services to a user, such as a browser and Web server
 Utility programs that provide services to the system, such as SNMP that monitor
and gather information about network traffic. Payload - data that is passed
between applications or utility programs and the OS (Operating Systems)
Layer 6: Presentation Layer

16 | P a g e
 This layer helps to understand data representation in one form on a host to the other
host and data is reformatted, compressed, and/or encrypted in a way that the receiving
application can read.

Layer 5: Session layer

Manages and synchronize the conversation between two different applications.

Transfer of data from source to destination session layer streams of data are marked
and are resynchronized properly, so that the ends of the messages are not cut
prematurely and data loss is avoided.
Layer 5: Transport Layer

Responsible for transporting Application layer payloads from one application to another.

Functions such as Multiplexing, Segmenting or Splitting on the data are done by this layer

It receives messages from the Session layer above it, converts the message into smaller units

and passes it on to the Network layer.

Transport layer can be very complex, depending upon the network requirements.

Transport layer breaks the message (data) into small units so that they are handled more
efficiently by the network layer.
Layer 4: Transport Layer

This layer provides end to end data delivery among hosts.

This layer takes data from the above layer and breaks it into smaller units called
Segments and then gives it to the Network layer for transmission.
Layer 3: Network Layer

This layer helps to move messages from one node to another and defines the path
which the packets will follow or be routed to reach the destination.
Layer 2: Data Link Layer

This layer takes the raw transmission data (signal, pulses etc.) from the Physical Layer
and makes Data Frames, and sends that to the upper layer and vice versa.
This layer also checks any transmission errors and sorts it out accordingly.
Layer 1: Physical Layer

This layer deals with hardware technology and actual communication mechanism such

as signaling, voltage, and cable type and wave length.

It converts the digital/analog bits into electrical signal or optical signals.

17 | P a g e
 Data encoding is also done in this layer.

1.4.2 OSI LAYERS PROTOCOLS

There are some protocols that operate with these OSI model layers that we are going to discuss.

PACKETS

FRAMES

BITS

SEGMENT

Figure 15: OSI Protocol structure

Advantages of OSI reference model:

OSI model distinguishes well between the services, interfaces and protocols.
Protocols of OSI model are very well hidden.
Protocols can be replaced by new protocols as technology changes.
Supports connection oriented services as well as connectionless service.

Drawbacks of OSI reference model:

Model was devised before the invention of protocols.
Fitting of protocols is tedious task.
It is just used as a reference model.

18 | P a g e
1.5. ENCAPSULATION/DE-CAPSULATION
Encapsulation is a process to hide or protect a process from the possibility of outside interference or
misuse of the system while simplifying the use of the system itself, also makes one type of network
data packets to other data types. Encapsulation occurs when a protocol that is on the lower layer
receives data from the protocol that is at a higher layer and put the data into a data format that is
understood by the protocol. Access to the internal system so arranged through a set of interfaces.

Let’s use a letter example encapsulation process in the process of mail delivery, if a letter would be
sent but without the envelope, address and postage. The letter should have an identity in order to
get to the destination; if it does not have an identity then the letter will not be able to get to the
destination. Envelopes with address and stamp the same as the data encapsulation.

Figure 16: Encapsulation/ Decapsulation

1.5.1 Encapsulation process varies in each layer as follows:

1. Initially the data was made, when starting the process of sending, the data fell through the
application layer (layer 7) responsible for the exchange of information from the computer to the
network, and basically this is an interface layer between network applications used by users. This
layer serves to define the request of the user. Then the data passed to the Presentation layer (layer
6), which layer is responsible for determining whether he needs to do the encryption on this request
or to other forms of translational data.

Then forwarded to the session layer (layer 5) in which this layer will check whether an application
requesting the information and verify that the services requested on the server. Any information will

19 | P a g e
be passed down an added header of each layer. However, the processing layer 5, 6 and 7 sometimes
it is not necessary to the header.

2. Data arrived at the Transport layer (layer 4), ensuring that he already possessed a proper
connection with the server and start the process by converting the information into the form of
segments. Error checking and merging data coming from the same application done in this transport
layer and the wholeness data is guaranteed here as well. L4PDU formed from this process.

3. The next segment is forwarded to the Network layer (layer 3), here the segments received earlier
and added the network address for the station to request and network address for the requested
server. Segments will be converted into a packet-packet, then network layer makes

Network header, in which there are also addresses the network layer, and placed L4PDU behind it,
and formed L3PDU.

4. Then the packet-packet was passed to the Data Link layer (layer 2) and the packages were
arranged and then be wrapped again into the individual frames, one example of this process is to
provide the MAC address of destination and source MAC address which is then used that
information to make a trailer.

Because a packet can be delivered via many devices and routers, this is where the role of MAC
addresses in packets sent between a router and other routers. Then be transmitted to the media. All
the information added by each layer before (as an actual file requests) must fit into a size of 46-1500
bytes of data fields in the Ethernet frame. The data link layer is responsible for sending the frame
according to the topology used. L2PDU formed in this process.

5. Finally, the data arrived at the Physical layer (layer 1), information will be taken from the source to
the destination. Since the physical layer frame is not known, he would pass that information into the
form of bits. The addition of the header does not occur at this layer. The Physical layer is associated
with the hardware. Finally, the bits

They'll be synchronized and then converted into electrical signals in the form of high and low voltage
and then transmitted through the media. Example of the cable to the destination, it is in accordance
with the characteristics that determine the physical layer of a layer sequence of events in which the
bit stream moving through a physical medium.

At each layer there is LxPDU (Layer N Protocol Data Unit), which is a form of bytes in the header-
trailer on the data. PDU is the processes on each layer of the OSI model. At each layer is also formed
a new formation, the layer 2 PDU including the header and trailer is called the frame formation. In
the third layer is called packet (packet). While in layer 4 are called segments (segments).

20 | P a g e
After the encapsulation process, and then sent to the server and the server will perform this process
in reverse, i.e. from the physical layer to application layer, this process is called de-capsulation. If the
encapsulation performed packaging, then the de-capsulation will perform the opening of the
sheaths was through his layers.

1.5.2 Decapsulation Process

Decapsulation is the inverse of the encapsulation process. Encapsulation is the process of wrapping
the data while the de-capsulation process is a process of opening packs. The process was reversed
from the encapsulation process. Encapsulation the process starts from the uppermost layer
(Application Layer) to the lowest layer (Physical layer) whiles the de-capsulation process starts from
the lowest layer (Physical Layer) to the uppermost layer (Application Layer).

Figure 17: encapsulation / Decapsulation showing steps.

Further reading web link: http://www.firewall.cx/networking-topics/the-osi-model/179-osi-data-

encapsulation.html

Key Terms
Topology, Hybrid, Mesh, Star, Bus, and Tree, OSI, Framing Routing, compression, Encryption and end
to end connection.

21 | P a g e
Summary

Assessment Questions

1. What are the major roles of Data Link Layer (DLL) in an OSI model?

A. Detection & Correction of transmission errors

B. IP routing
C. Gateway Allocator
D. Making sure frames are not generated.

2. Which OSI layer allows the transmission and reception of data segments to a session layer
in addition to the provision of flow control, sequence numbering and message
acknowledgment?

a. Network Layer
b. Session Layer
c. Transport Layer
d. Application Layer
3.
Which network component/s is/are involved in the Presentation layer of an OSI model?

a. Gateway
b. Multiplexer & Oscilloscope
c. Amplifier & Hub
d. All of the above
4. Which is the only layer of OSI layer that prevents itself from adding its own header to the
data during the data transmission process?

a. Application layer
b. Network layer
c. Physical layer
d. None of the above

5. Which protocol/s is used in data link layer of an OSI model?

a. SMB

22 | P a g e
 b. NCP
c. LLC
d. ARFC

TCP is a .......... protocol.

a. stream-oriented

b. message-oriented

c. block-oriented

d. packet-oriented.

7. Which of the following is not the layer of TCP/IP protocol?

A. Physical layer

B. link layer

C. network layer

D. transport layer.

8. TCP groups a number of bytes together into a packet called a ....

A. user datagram

B. segment

C. datagram

D. packet

9. The .......... of TCP/IP protocol is responsible for figuring out how to get data to its destination.

A. application layer
B. link layer
C. network layer

D. transport layer.

10. TCP is a(n) ........... transport protocol.

A. protocol delivery
B. reliable
C. best-effort delivery
D. effortless delivery

23 | P a g e
11. ......... is the protocol that hides the underlying physical network by creating a virtual network
view.

A. Internet Protocol (IP)

B. Internet Control Message Protocol(ICMP)

C. Address Resolution Protocol(ARP)

D. Bootstrap Protocol(BOOTP)

12. To use the services of UDP, we need ......... socket addresses.

A. Four

B. two

C. three

D. four

13. Which of the following is not the name of Regional Internet Registries (RIR) to administer the
network number portion of IP address?

A. American Registry for Internet Numbers (ARIN)

B. Roseaux IP Europeans (RIPE)

C. Europeans Registry for Internet Numbers(ERIN)

D. Asia Pacific Network Information Center(APNIC)

14. UDP packets are called .......

A. user datagrams

B. segments

C. frames

D. packets

15. ............ addresses use 21 bits for the and 8 bits for the portion of the IP address for TCP/IP
network.

A. Class A

24 | P a g e
B. Class B

C. Class C

D. Class D

16. UDP packets have fixed-size header of .......... bytes.

A. 16

B. 8

C. 32

D. 64

17. .......... messages are never sent in response to datagrams with a broadcast or a multicast
destination address.

A. ICMP

B. ARP

C. IP

D. BOOTP

18. TCP assigns a sequence number to each segment that is being sent. The sequence number for
each segment is number of the ....... byte carried in that segment.

A. First

B. last

C. middle

D. zero

19. .......... is responsible for converting the higher level protocol address (IP addresses) to physical
network addresses.

A. Internet Protocol (IP)

B. Internet Control Message Protocol (ICMP)

C. Address Resolution Protocol (ARP)

25 | P a g e
D. Bootstrap Protocol (BOOTP)

20. UDP and TCP are both ......... layer protocols.

A. data link

B. network

C. transport

D. interface

21. ........... is a process-to-process protocol that adds only port addresses, checksum error control,
and length information to the data from upper layer.

A. TCP

B. UDP

C. IP

D. ARP

22. Which of the following functions does UDP perform?

A. Process-to-process communication

B. Host-to-host communication

C. End-to-end reliable data delivery

D. Interface-to-interface communication.

23. A port address in TCP/IP is .........bits long.

A. 32

B. 48

C. 16

D. 64

26 | P a g e
24. When the IP layer of a receiving host receives a datagram, .....

A. delivery is complete

B. a transport layer protocol takes over

C. a header is added

D. a session layer protocol takes over

25. TCP/IP is a .......... hierarchical protocol suite developed before the OSI model.

A. seven-layer

B. five-layer

C. six-layer

D. four-layer

26. In the client-server model, what is the primary protocol used for communication

between a browser and Web server?

A. FTP

B. TCP

C. HTTP

D. SSL

Answer: C. HTTP

27. Which two encryption protocols might be used to provide secure transmissions for

browser and Web server communications?

A. HTTP and HTTPS

B. SSL and TLS

C. SSL and HTTP

27 | P a g e
 D. TCP and UDP

Answer: B. SSL and TLS

28. Apache is a popular example of what type of networking software?

A. Web server

B. Browser

C. Email server

D. Email client

Answer: A. Web server

29. Which email protocol allows an email client to download email messages to the local

computer?

A. IMAP4

B. SMTP

C. TCP

D. POP3

Answer: D. POP3

30. Which email protocol allows an email client to read mail stored on the mail server?

A. IMAP4

B. SMTP

C. TCP

D. POP3

28 | P a g e
Answer: A. IMAP4

31. Which client-server application allows an administrator to control a remote

computer, but does not encrypt or secure the communication between client and

server?

A. Telnet

B. Remote Desktop

C. FTP

D. SSH

Answer: A. Telnet

32. Which application embedded in Windows operating systems allows remote control

of a computer and uses the RDP secure protocol for transmissions?

A. Telnet

B. Remote Desktop

C. FTP

D. SSH

Answer: B. Remote Desktop

33. What service provided by Windows Server 2012 R2 allows a computer to serve up

applications to other computers on the network?

A. Remote Desktop Services

B. Windows 8.1

C. File Transfer Protocol

29 | P a g e
 D. Active Directory

Answer: A. Remote Desktop Services

34. List three types of services a network might support that are considered part of unified

communications or convergence.

A. File transfers, print services, and conversational voice

B. User authentication, streaming live audio and video, and print services

C. Web services, email services, and file services

D. Conversational voice, streaming live audio and voice, and streaming stored audio

and voice

Answer: D. Conversational voice, streaming live audio and video, and streaming stored

audio and video

35. Which Session layer protocol is a streaming live video teleconference likely to use on

the network?

A. UDP

B. SMTP

C. RTP

D. TCP

Answer: C. RTP

36. A network consists of 10 computers, all running Windows 7 Professional. One computer

acts as a file server and serves up data to other computers on the network. Which

networking model does the network use?

30 | P a g e
Answer: Peer-to-peer model

37. In Question 36, suppose one computer is upgraded from Windows 7 Professional to

Windows Server 2012 R2. Which networking model can the network now support that

it could not support without the upgrade?

Answer: Client-server model

38. What is the name of the domain controller database that Windows Server 2012 R2 uses

to store data about user access and resources on the network?

Answer: Active Directory

39. A network consists of seven computers and a network printer all connected directly to

one switch. Which network topology does this network use?

Answer: Star topology

40. In Question 39 suppose a new switch is connected to the first switch by way of a

network cable and three computers are connected to the new switch. Which network

topology is now used?

Answer: Star-bus topology

41. What is the fundamental distinction between a Layer 2 switch and a router?

Answer: A Layer 2 switch belongs only to its local network, and a router belongs to two or

more networks.

42. What is the fundamental distinction between a node and a host?

Answer: A host is a computer that hosts a resource on the network, and a node is any

computer or device that can be addressed on the network.

31 | P a g e
43. What is the fundamental distinction between a MAN and a WAN?

Answer: A MAN covers a small geographical area, and a WAN covers a large geographical

area.

44. What is a message called that is delivered by TCP? What is a message called that is

delivered by UDP? At which layer do the two protocols work?

Answer: Segment

Answer: Datagram

Answer: Transport layer

45. Which type of address is used at the Transport layer to identify the receiving

application?

Answer: Port number

46. Is TCP or UDP normally used when streaming live video? Why?

Answer: UDP, because guaranteed delivery is not as important as fast transmissions.

47. At the Network layer, what is a message called?

Answer: A packet

48. What is the primary protocol used at the Network layer?

Answer: IP (Internet Protocol)

49. At the Network layer, what type of address is used to identify the receiving host?

Answer: IP address

50. What is a PDU called at the Link layer?

32 | P a g e
Answer: A frame

51. At the Link layer, which type of network address is used to identify the receiving node?

Answer: Physical address, MAC address, hardware address, or Data Link layer address

52. Why is it important to wear an ESD strap when installing a server in a rack?

Answer: To protect the server against static electricity, or ESD

53. A computer is unable to access the network. When you check the LED lights near the

computer’s network port, you discover the lights are not lit. Which layer of the OSI

model are you using to troubleshoot this problem? At which two layers does the

network adapter work?

Answer: Physical layer

Answer: Link layer and Physical layer

54. A user complains that he cannot access a particular Web site, although he is able to

access other Web sites. At which layer of the OSI model should you begin

troubleshooting the problem?

Answer: Application layer

55. A user complains that Skype drops her videoconference calls and she must reconnect.

At which layer of the OSI model should you begin troubleshooting? Which OSI layer is

responsible for not dropping the Skype connection?

Answer: Application layer, Session layer

52. Which of the following best describes a network’s physical topology?

a. The method by which multiple nodes transmit signals over a shared communications channel

33 | P a g e
 b. The physical layout of a network

c. The distance spanned by a network’s cable and wireless infrastructure

d. The software used to ensure reliable connections between nodes on a network

53. Which of the following is the most popular type of modern network architecture for business?

a. Client-server

b. Terminal/mainframe

c. Peer-to-peer

d. Mainframe/dial-up

54. Which of the following elements is not required for a client to connect to a server on a client-
server LAN?

a. Protocols

b. Media

c. Email account

d. Client software

55.Which of the following are capable of acting as a network server? (Choose all that apply.)

a. Windows XP

b. Windows Server 2012 R2

c. Windows 7

d. Linux/UNIX

56. Network protocols are used to do which of the following? (Choose all that apply.)

a. To ensure reliable delivery of data

b. To determine the nearest printer for a print job

c. To interpret keyboard commands

d. To indicate the source and destination addresses for data packets

57.True or False? On a client-server network, clients may have only one protocol installed at any

34 | P a g e
 time.

58 A significant difference between the peer-to-peer and client-server network types is that a
peer-to-peer network:
a. Is more difficult to set up

b. Does not allow for resource sharing between workstations

c. Does not usually provide centralized management for shared resources

d. Is more secure

59 Why is it necessary for each client on a client-server network to have a unique address?

Answer: Otherwise, the device on the network won’t know where to send packets.

60. Which of the following is not a network type option for virtual computers in VMware
Workstation 10?

a. Bridged

b. NAT

c. Structured

d. Host-only

61. Which virtual disk types are available in VMware Workstation 10? (Choose all that apply.)

a. MFM

b. IDE

c. SCSI

d. SATA

62. One disk file is created for every _____ of virtual disk capacity.

a. 2 MB

b. 2 GB

c. 20 MB

d. 20 GB

35 | P a g e
63. What is the primary difference between bridged and NAT as a network type?
Answer: Bridged network gives the virtual computer direct access to the external network,
whereas NAT grants access through the host’s IP address.

64. True or False? Three 2-GB virtual machines could all run simultaneously on a physical machine
with 4 GB of RAM.
65. What physical topology would you use to create your peer-to-peer network where all the
workstations are connected to a single switch?

a. Bus

b. Tree

c. Star

d. Cube

66. Which of the following operating systems will allow you to create a peer-to-peer network from
a group of workstations? (Choose all that apply.)

a. MS-DOS

b. Windows 8.1

c. Linux

d. Windows 7

67. Which of the following components are not necessary to create a peer-to-peer network from a
group of workstations? (Choose all that apply.)

a. Client operating system

b. NIC or motherboard with onboard NIC

c. Web browser

d. Network operating system

68. Multipoint topology is

A. Bus
B. Star
C. Mesh
D. Ring

36 | P a g e
68. In mesh topology, every device has a dedicated topology of
A. Multipoint linking
B. Point to point linking
C. None of Above
D. Both a and b

69. Bus, ring and star topologies are mostly used in the
A. LAN
B. MAN
C. WAN
D. Internetwork

70. Combination of two or more topologies are called

A. Star
B. Bus
C. Ring
D. Hybrid
71. During Encapsulation/De-encapsulation, at which layer of the hybrid TCP/IP-OSI model a
trailer is usually added to the message?

a. Physical

b. Transport

c. Data Link

d. Application

e. Internet

72. What is called the message created at the Internet layer?

a. frame

b. IP packet

c. TCP segment

d. datagram

73. What is called the message created at the Data-Link layer?

37 | P a g e
a. a frame

b. an IP packet

c. a TCP segment

d. a datagram

74. Which of the following statement(s) is/are true regarding Encapsulation/De-encapsulation?

a. No message is created at the Physical layer

b. As soon as a message is created at a layer, it is passed down to the next lower-layer.

c. During De-encapsulation process, protocol-related information are removed from the received
message and passed down to the next lower-layer.

d. None of the above.

75. In which of these Network configurations the File Server system can be implemented:

(Select all correct answers)

a. Microcomputer-to-Mainframe

b. Terminal-to-Mainframe

c. Microcomputer-to-LAN

d. All of the above

76. Client/Server systems are found in: (Circle all correct answers)

a. Microcomputer-to-LAN configurations

b. Microcomputer-to-Mainframe configurations

c. Terminal-to-Mainframe configurations

d. Terminal-to-Microcomputer configurations

In Client/Server system, the Client could be a terminal and the

server could be a Mainframe. T F

77. Inquiry/Response applications are typical applications used with

Terminal-to-Mainframe configuration T F

78. Which of the following are true regarding Client/Server System?

a) It is platform independent

b) Heavier processing is done by the client computer

38 | P a g e
c) The client and the server should have some processing capabilities

d) No processing done by the server

e) All the processing is done by user PC

79. Which of the following are true regarding File Server System

a) It is platform independent

b) The client and the server should have some processing capabilities

c) No processing done by the server

d) All the processing is done by user PC

80. Which of the following configuration is used for the Internet web service, i.e. for access
websites?

a) File Server System access

b) Client/server system

c) Internet access system

d) All of the above

Review Questions
1. What are the three basic LAN topologies?
2. What common WAN topology often results in multiple connections to a single site (leading to a
high degree of fault tolerance) and has one-to-many connections?
3. What is the term for a device that shares its resources with other network devices?
4. What network model draws a clear distinction between devices that share their resources and
devices that do not?
5. Which network topology or connection type can be implemented with only two endpoints?
6. What device is generally implemented as a star topology?
7. What does MPLS stand for?
8. What does WAN stand for?
9. Will a computer that shares no resources most likely be connected to the backbone or to a
segment?
10. Which LAN topology is characterized by all devices being daisy-chained together with the devices
at each end being connected to only one other device?
11. What is the primary difference between peer-to-peer and client-server architectures?

39 | P a g e
On a peer-to-peer network consisting of four Windows 7 or 8.1 workstations, each user can
individually control which of her local data files she wants to share with other users.
a. True
b. False

Discussion Question
Activity 1: Case Study Problem
RGI is an independent, business for distance, and contact learning consisting of an Owner, a
CAO, an administrator, and five Deans and they are deciding to implement a network. The
company occupies half of a small building in an office park. The volume of business had
been stable for the past three years, but recently it has been increasing. To handle the
increased business volume, two new agents will be hired.

Illustration of the current business network arrangement

Figure 18: Case study model

Everyone in RGI Company has a computer, but the business manager has the only printer. These
computers are not connected by any form of networking. When agents need to print a document,
they must first copy the file to a floppy disk, and then carry it to the business manager's computer,
where they are finally able to print it. Similarly, when staff members want to share data, the only
means available is to copy the data on one computer to a floppy disk and insert the disk in another
computer.
Recently, problems have arisen. The business manager is spending too much time printing other
people's documents; and it is frequently unclear which copy of a given document is the current and
authoritative version.

40 | P a g e
Your task is to design a network for this company.
To clarify the task of choosing a solution, you ask some questions.
Circle the most appropriate answers to the following questions:

1. Which type of network would you suggest for this company?

 Peer-to-peer
 Server-based
2. Which network topology would be most appropriate in this situation?
 Bus
 Ring
 Star
 Mesh
 Star bus
 Star ring

3. In groups of four or five discuss names and describe network topologies? Be aware of the
difference between physical networks (what humans see) and logical networks (what the
equipment can “see”).
4. To show your understanding of LAN and WAN. Explain where to apply each and give
example of the real world.
5. Which LAN topology is characterized by all devices being daisy-chained together with the
devices at each end being connected to only one other device?

Reference:

Recommended books

i. CompTIA Network + Study guide by Todd Lammle (pages 2-21 and 27- 53)
ii. CompTIA Network + Guide to Networks by Tamara Dean (pages 1-25)
iii. Networks+ Study Guide 3rd Edition, Chapter 2 by Todd Lammle pp. 29-48

WEB:

i. https://www.tutorialspoint.com//ipv4/ipv4_osi_model.htm
ii. http://www.learn44.com/introduction-to-the-osi-reference-model-layered-approach/
iii. https://www.tutorialspoint.com/ipv4/ipv4_osi_model.htm
iv. http://www.gocomputertraining.com/network-fundamentals.html
v. http://www.studytonight.com/computer-networks/network-topology-types
vi. http://www.webopedia.com/quick_ref/OSI_Layers.asp

41 | P a g e
 vii. http://www.omnisecu.com/tcpip/osi-model.php

Facebook:

i. https://www.facebook.com/search/top/?q=network%20topologies
ii. https://www.facebook.com/pages/Networktopology/109488015737624?fref=ts&rf=115047
478510671
iii. https://www.facebook.com/search/top/?q=osi%20model

42 | P a g e
CHAPTER 2 ETHERNET

LEARNING OUTCOME
Understanding Ethernet Standards
Know the type of cables available for networks
Be able to configure and understand addressing schema
After reading this section, learners will be able to demonstrate the ability to distinguish between
different forms of signalling.
Understand types of layers and their work with Ethernet
Understand Ethernet frames
Good knowledge on how Half and Full Duplex work
Know how to work with Binaries and MAC addresses

2.1 CURRENT ETHERNET STANDARDS

Introduction
Ethernet is a type of network cabling and signaling specifications developed by Xerox in the late
1970.
The 10BASE-T Ethernet standard in 1990, a lot has changed. Twisted-pair cabling went from 10BASE-
T with a data rate of 10 Mb/s over category 3 cabling in 1990, to 100BASE-TX at 100 Mb/s over
category 5 in 1995, to 1000BASE-T at 1 Gb/s over category 5e or higher in 1999, to 10GBASE-T at 10
Gb/s over category 6A in 2006. The future will be from 40GBASE-T at 40 GB/s over future category 8
cabling. Fiber is another story—moving from 1 GB/s over multimode and single mode fiber in 1998
to 10 GB/s in 2003 to 100 GB/s in 2010. That’s speed increased by a factor of 100 in just 12 years!

43 | P a g e
Figure 19: Types of UTP and STP

The cabling standards were developed in 1989 by TIA-568 standard the same time that the IEEE
10BASE-T standard was published. The TIA-568 established the framework for structured cabling still
exists today, including the hierarchical star topology for horizontal and backbone cabling, the
standardization of 100 Ohm balanced twisted-pair cabling in the horizontal with a maximum channel
distance of 100 meters, and the standardization of the venerable 8-position modular (RJ45)
connector termination in the work area.

A lot of changes since then, but certain principles remain the same. One such principle is the
principle of “backwards compatibility” with previous generations of cabling. For example, category
6A cabling, which is designed to support 10GBASE-T (10 Gigabit) applications up to 100 meters is
also fully backwards compatible with all lower categories of cabling and will support 1000BASE-T,
100BASE-TX and 10BASE-T applications. Higher category components (cables, cords and connectors)
can be substituted for lower category components in a channel and provide full functionality with
equal to or better performance.
For example when planning a new data center, it is therefore sensible to install a cabling system that
can support at least two generations of Ethernet over a 10 year lifespan.
For copper switch-to-server connections that means category 6A (for now) and for fiber backbone
switch-to-switch connections that means either 0M4 laser-optimized multimode or single mode
optical fiber. But watch out—category 8 has just started to be used.

2.1.1 Future of Ethernet

Each and every person talk of the need for higher speed switch-to-server connections in today’s
virtualized data centers, the IEEE 802.3bq 40GBASE-T task force is well on their way to defining the
topology, reach objectives, cabling requirements and the power consumption of the next generation
physical layer interface (PHY) to transmit at speeds of 40 Gb/s. There is TIA 42.7 subcommittee
developing the category 8 cabling standards to support the future 40GBASE-T standard.

44 | P a g e
Figure 20: Ethernet Standard

It (40GBASE-T) is intended to be used for switch-to-server connections in the data center; the ability
to interoperate with legacy slower-speed Ethernet technologies through auto negotiation is a goal
that is here to stay. This is facilitated by the use of the 8-pin modular (RJ-45) connector, and TIA is
therefore developing the category 8 cabling standard to include this recognized de facto interface.
Category 8 cabling is specified to 2 GHz, or four times the bandwidth specified for Category 6A
cabling and twice the bandwidth specified for Category 7A cabling.

2.2 Ethernet Some Key Considerations

Category 8 on the horizon might be a reason for data center managers to hold off on a cabling
upgrade to a lesser performing category 7 or 7A shielded cabling. One drawback of Category 7 and
7A is that it uses a different IEC (International Electro technical Commission) connector design that is
not backwards compatible with the 8-pin modular (RJ-45) connector, and therefore would require an
adapter patch cord to interface with legacy equipment. And just to make it more interesting, there is
a version of Category 8 cabling called Class II that is based on improved Category 7A components.

To understand the crucial part of networks ahead you have to get to the bottom of this.

Ethernet operate on the data link layer and physical layer specifications. Go through the
terms used in the Ethernet technology below;

2.2.1 Collision Domain

A collision domain is, as the name implies, a part of a network where packet collisions can
occur. A collision occurs when two devices send a packet at the same time on the shared

45 | P a g e
network segment. The packets collide and both devices must send the packets again, which
reduces network efficiency. Collisions are often in a hub environment, because each port on
a hub is in the same collision domain. By contrast, each port on a bridge, a switch or a router
is in a separate collision domain. The following example illustrates collision domains.

Figure 21: Bridges breaks up collision domain

Figure 22: Collision Domain

As you can see, we have 6 collision domains.

Note: remember, each port on a hub is in the same collision domain. Each port on a bridge,
a switch or router is in a separate collision domain.

2.2.2 Broadcast Domain

A broadcast domain is a domain in which a broadcast is forwarded. A broadcast domain
contains all devices that can reach each other at the data link layer (OSI layer 2) by using
broadcast. All ports on a hub or a switch are by default in the same broadcast domain. All

46 | P a g e
ports on a router are in the different broadcast domains and routers don’t forward
broadcasts from one broadcast domain to another.

The following example clarifies the concept.

Figure 23: Three Broadcast Domain

From the above diagram we have three broadcast domains, since all ports on a hub or a
switch are in the same broadcast domain, and all ports on a router are in a different
broadcast domain.

2.2.3 CSMA/CD
CSMA/CD (Carrier sense multiple access with collision detection) acts as decision maker to
hosts when to send packets on a shared network segment and to detect collisions. For
example, in a hub network, if the two devices can send packets at the same time can cause
a collision. CSMA/CD enables devices to “sense” the wire to ensure that no other device is
currently transmitting packets. Also, if two devices “sense” that the wire is clear and send
packets at the same time, a collision can occur. If the collision occurs, packets have to be
resend after a random period of time. This is what will happen if there happen to have a
collision.

47 | P a g e
Figure 24: Collision

From the diagram above we have a hub network. Host A is trying to communicate with host B. Host A
“senses” the wire and decides to send packets. But, in the same time, host C sends its packets to host D
and the collision occurs. The sending devices (host A and host C) detect the collision and resend the
packet after a random period of time for 15 tries and time out.
When a collision happens on Ethernet LAN;
A Jam signal will inform all the devices to stop sending because there is a collision.
By default the collision invokes a random back off algorithm
All the devices on that network segment will wait for the timer to lapse and start sending again
All hosts have the same priority to transmit after the expiry of the timer
These are the effects of having a CSMA/CD network that has sustained a substantial collision;
Delay
Low throughput
Congestion

2.2.4 Broadband /Baseband

We can send signals in two ways for Analog and digital by Broadband and Baseband.
Broadband is commonly used in homes using same medium and for all our analog voice and digital
data using same cable.
Baseband is used by LANs. This is where Ethernet uses one digital signal at a time also requiring the
available bandwidth. There is a possibility of collisions if all hosts send multiple signals at a time even
on wireless, except of those using analog signaling.
 Baseband transmission

o Digital signals that are carried on a single channel

o Requires exclusive use of wire’s capacity

48 | P a g e
 o Example: Ethernet

 Broadband transmission

o Multiple transmissions share a single media

o Transmission sharing the same media rely on multiplexing to manage multiple

signals

o Example: Cable TV and cable Internet

2.2.5 Bit Rates vs Baud Rate

Both are commonly expressed as bits transmitted per second, called bit rate. A Baud rate was used
in 1970 and 1980s measuring the speed of telegraph transmissions and named after a French
Engineer Jean-Maurice-Emile-Baudot by bps.

 Throughput

o Amount of data transmitted during given time period

o Also called payload rate or effective data rate

o Expressed as bits transmitted per second

 Bandwidth (strict definition)

o Difference between highest and lowest frequencies medium can transmit

o Range of frequencies

Figure 25: Throughput and bandwidth measure

So one Baud is one electronic state change per second, 0.2 volts to 3 volts or from binary 0 to 1.
However, since a single state change can involve more than a single bit of data, the bps unit of
measurement has replacement has substituted it as a more accurate meaning of how much data
you’re transmitting or receiving.

49 | P a g e
2.2.6 Wavelength
Have you ever heard of someone saying “You are not in the same wavelength with me” meaning you
are not thinking the same. Just like electromagnetic radiation, radio waves, light waves, or infrared
(heat) waves have got characteristic patterns as they move around the space. These patterns are not
the same in shape and length. Refer to the diagram below,

Figure 26: Short & Long Wavelength

The distance between the peaks (high point) is wavelength. So when the two wavelengths are
different they are not in the same wavelength and that’s how we can tell the different kind of
electromagnetic energy apart. That’s our advantage in electronics to send traffic on different
wavelengths at the same simultaneously.

2.3 Ethernet in the Datalink and Physical Layers

2.3.1 Sampling sizes
Computers use 0s or 1s, on and off of switches at very fast speed working on one step at a time.
Using succession of discrete amplitude values, computers can convert analog audio signals to digital
signals using a discrete step the analog waveform mathematically. The computer captures a series of
samples in specified sizes called sampling sizes when converting to analog. Check above on the Bit
rate and Baud rate subtitle.

2.3.2 Half and full duplex Ethernet

Ethernet IEEE 802.3 standard defines the half duplex; Cisco describes, it uses a digital signal on a
wire pair flowing in both tracks on the wire. Half Duplex always employs the Carrier Sense Multiple
Access with Collision Domain (CSMA/CD), so that it can retransmit the transmission if collision
occurs. It is a one way side talk at a time. Once one side has finished transmitting its data, the other
side can respond. Only one node can talk at a time. As you can recognize, this method of
communication is not very efficient and requires more time to send/receive larger amounts of data.

50 | P a g e
The older networks used to work with half duplex mode, because of the constraints of the network
medium (coax cable) and hardware equipment (hubs). It has a limit of up to 10BaseT, as Cisco
describes 10BaseT is not more than 3 to 4Mbps.

Figure 27: Half Duplex Sending Information and Full Duplex Receiving information

2.3.3 Full Duplex Ethernet Mode

On the other hand, full-duplex is used to describe communication where both sides are able to send
and receive data at the same time. In these cases, there is no danger of a collision “auto detect
mechanism” and therefore the transfer of data is completed much faster (it can run at 10Mpbs or
100Mbps).

These days, all networks make use of switches (rather than hubs) and UTP Ethernet cabling, which
allow full-duplex communication between all connected hosts.

Full duplex Ethernet mode can be deployed in the following conditions:

Switch to host connection

Switch to a switch connection
Host to host connection by using crossover cable

A few points to remember for deploying full duplex Ethernet mode:

No collisions in full duplex.

A dedicated port is necessary for each full duplex device.
Host’ network identification card and switch port have to able to operate in full duplex
mode.

51 | P a g e
2.4 Ethernet at the Data Link Layer
2.4.1 MAC
How Ethernet is used these days? What are MAC addresses and how are they used in networking.
This is going to cover the Datalink layer where the Ethernet protocol is found.

In short a media access control address (MAC address) or Hardware address of a computer is a
unique identifier assigned to network interfaces for communications at the data link layer of a
network segment. MAC addresses are used as a network address for most IEEE 802 network
technologies, including Ethernet and Wi-Fi.

It is used for data sharing, printers and videoconferencing. For example there are two computers
(Diana and Vicky) personalized connected to the same hub how they communicate. It is responsible
for framing packets received from the network layer and preparing them for transmission on the
local network through the Ethernet contention media-access method (CSMA/CD as discussed
previously.

The Ethernet MAC addresses are made up of Hexadecimal addresses first things first let’s start by
discussing binary, decimal, and followed by Hexadecimal addresses and how to convert one another.

2.4.2 Binary to decimal and hexadecimal conversion

In networking it is important to follow steps before we talk about TCP/IP protocol stack and IP
addressing we must know the difference between binary, decimal, and hexadecimal numbers and
how we convert from one format to the other.
Let’s start with binary numbering each digit is limited to either a 1 (one) or a 0 (zero) each digit is
called 1 bit (short for binary digit). When counting either 4 or 8 bits together and are called nibble
and a byte respectively. Interestingly binary numbering is the value represented in a decimal format-
the typical decimal format being the base-10 number scheme. Binary numbers are from right moving
left with each spot having double the value of the previous spot.
Below is a decimal value of each bit location in a nibble or a byte. Nibble is four bits and a byte is an
eight bits. However in network addressing we refer a byte as an octet or octal addressing. In
Mathematics octal addressing refers to base 8, not the same as base 10.

Nibble values Byte values

8421 128 64 32 16 8 4 2 1
Figure 28: Binary Values

Step by step on binary

52 | P a g e
2.4.3 Binary to Octal

An easy way to convert from binary to octal is to group binary digits into sets of three,
starting with the least significant (rightmost) digits.

Then, look up each group in a table:

Binary: 000 001 010 011 100 101 110 111

Octal: 0 1 2 3 4 5 6 7

Binary = 011 100 101

Octal = 3 4 5 = 345 oct

2.4.4 Binary to Hexadecimal
An equally easy way to convert from binary to hexadecimal is to group binary digits into sets of four,
starting with the least significant (rightmost) digits.
Binary: 11100101 = 1110 0101
Then, look up each group in a table:
Binary: 0000 0001 0010 0011 0100 0101 0110 0111

Hexadecimal: 0 1 2 3 4 5 6 7

Binary: 1000 1001 1010 1011 1100 1101 1110 1111

Hexadecimal: 8 9 A B C D E F

2.4.5 Binary to Decimal

They say there are only 10 people in this world: those that understand binary and those that
don’t.

If you don’t get that joke, you'll need a method to convert from binary to decimal. One
method involves addition and multiplication.

1. Start the decimal result at 0.

2. Remove the most significant binary digit (leftmost) and add it to the result.
3. If all binary digits have been removed, you’re done. Stop.
4. Otherwise, multiply the result by 2.
5. Go to step 2.

53 | P a g e
Here is an example of converting 11100000000 binary to decimal:
Decimal Decimal
Binary Digits Operation Operation
Result Result

11100000000 +1 1 ×2 2

1100000000 +1 3 ×2 6

100000000 +1 7 ×2 14

00000000 +0 14 ×2 28

0000000 +0 28 ×2 56

000000 +0 56 ×2 112

00000 +0 112 ×2 224

0000 +0 224 ×2 448

000 +0 448 ×2 896

00 +0 896 ×2 1792

0 +0 1792 Done.

Figure 29: Binary Conversion

Memories the below binary to decimal chat,

Binary value Decimal value
10000000 128
11000000 192
11100000 224
11110000 240
11111000 248
11111100 252
11111110 254
11111111 255

Hexadecimal Binary value Decimal value

54 | P a g e
0 0000 0
1 0001 1
2 0010 2
3 0011 3
4 0100 4
5 0101 5
6 0110 6
7 0111 7
8 1000 8
9 1001 9
A 1010 10
B 1011 11
C 1100 12
D 1101 13
E 1110 14
F 1111 15
Figure 30: Memorization of Binary to decimal chart

Figure 31: Hex-to-binary-to-decimal chart

Hexadecimal addressing is completely different than binary or decimal by reading nibbles not bytes.
If we use nibble we can convert bits to hex. On step 1 know that the hexadecimal addressing scheme
uses number 0 through 9. (we can’t use 10, 11, 12 and so forth because they are two digits) so
letters A, B, C, D, E and F are used to represent 10, 11, 12, 13, 14, and 15 as follows;

Further reading: network+ Study Guide, 3rd Edition by Todd Lammle. (Page 104- 22)

2.5 Ethernet Addressing

What is a MAC address? What is OUI?
A MAC address is a unique identifier for network interfaces. It is a 48-bit number (12 hexadecimal
characters). They can either be written in either of these formats:

 MM:MM:MM:SS:SS:SS
 MM-MM-MM-SS-SS-SS

55 | P a g e
Figure 32: MAC Address and OUI

An OUI {Organizationally Unique Identifier} is a 24-bit number that uniquely identifies a vendor or
manufacturer. They are purchased and assigned by the IEEE. The OUI is basically the first three
octets of a MAC address. For example, these are examples of OUI:

 00:00:0A -- this is owned by Omron

 00-0D-4B -- this is owned by Roku, LLC

How to find the MAC address

2.5.1 How to find the MAC address in Windows

 Go to the DOS prompt

o Click on Start button, select Run
o Type cmd and press ENTER
 In the DOS prompt, type ipconfig /all and press ENTER
You should see the MAC address in this format 00:00:00:00:00:00

2.5.2 How to find the MAC address in UNIX or Linux

 Go to a terminal
 In the terminal, type ifconfig and press ENTER
You should see the MAC address in this format 00:00:00:00:00:00 following HWaddr

2.5.3 How to find the MAC address in Mac OS

 Go to Utilities (Finder > Utilities OR command + shift + u) and start the Terminal app.
 Type this in the Terminal:

 networksetup -listallhardwareports

 You will be a list of all the network interfaces with their MAC addresses (Ethernet Address).
An example output is this:

 $ networksetup -listallhardwareports

56 | P a g e
 
 Hardware Port: Bluetooth DUN
 Device: Bluetooth-Modem
 Ethernet Address: N/A

 Hardware Port: Ethernet
 Device: en0
 Ethernet Address: 10:dd:b1:xx:xx:xx

 Hardware Port: FireWire
 Device: fw0
 Ethernet Address: 10:dd:b1:ff:fe:xx:xx:xx

 Hardware Port: Wi-Fi
 Device: en1
 Ethernet Address: 4c:8d:79:xx:xx:xx

 Hardware Port: Bluetooth PAN
 Device: en3
 Ethernet Address: N/A

 VLAN Configurations
 ===================

2.6 Ethernet Frames

Ethernet Frame DEST MAC SOURCE MAC ET PAYLOAD 46-1500 BYTES Ethernet Frame consists of: 6
Byte: Destination MAC address 6 Byte: Source MAC addresses 2 Byte: Ethertype 46 - 1500 Bytes
Payload. There are other Ethernet frame formats but they are the minority.

MAC Addresses MAC address (also known as hardware address or physical address) is a 6 byte
address assigned by the IEEE Standards Association and is unique for every Ethernet device ever
manufactured. The first three bytes are the OUI (Organizationally Unique Identifier) the second
three bytes is a unique identifier assigned by the vendor. Thus OUI Card Specific ID.

MAC Address MAC Address of Ethernet NIC

57 | P a g e
Figure 33: Identifying the MAC address

Class activity: Identify the MAC address and show it to your Lecturer
Source: http://standards-oui.ieee.org/oui.txt

Figure 34: OUI

The above diagram shows the OUI of a few companies but the above.

Below is a NIC card showing the MAC address on the white strap of paper.

58 | P a g e
Figure 35: NIC Card

There are other ethernet over other standards like IEEE 1905.1-2013.

Further reading: Network+ Study Guide by Todd Lammle 3rd Edition on, pp. 105- 116.

Special MAC Addresses Broadcast: A MAC with all bits set FF FF FF FF FF FF is a BROADCAST. It is
received by all devices on the Ethernet segment Multicast: A MAC address with the least significant
bit of the most significant byte set is a MULTICAST address. 01 00 00 00 00 00 00 Note: Ethernet
frames are always displayed from most significant to least significant. In actual transmission, each
byte is transmitted from least significant bit to most significant bit. Some RFCs reference this as “first
bit transmitted”.

2.6.1 Ethertype: The two bytes after the source MAC in Ethernet II are the Ethertype Identifies the
type of frame: 0800 is IP 0806 is ARP 8137 is Novell IPX 8100 is VLAN 802.3 Ethernet uses these two
bytes as a length field How does a device know which field is referred to?

2.6.2 Data (Payload): Following the 14 bytes of Ethernet header will be between 46 and 1500
bytes of payload. This will give a minimum Ethernet frame of 60 bytes and a maximum of 1514 bytes
14 bytes header + 46 bytes payload = 60 14 bytes header + 1500 bytes payload = 1514

2.6.3 PDU Encapsulation

The “payload” portion of the Ethernet frame usually contains the protocol information from higher
layer PDUs such as IP and TCP. Details are in Topic two, Semester 1 Learner guide.

Basic Concepts: To address a particular network node you must have the hardware MAC address If
the destination MAC isn't right, it doesn't get there All higher level protocols sent over Ethernet are
encapsulated in an Ethernet frame.

59 | P a g e
Summary

This topic was about Ethernet Networking basics on how work stations can communicate or
share data and CSMA/CD how Ethernet half-dupllex network. Don’t forget the diference
between half and full duplex modes. Revisit this topic to grasp it properly.

EXTRA GROUP READING EXERCISE:

These computers are all connected to the Hub (Repeater) but how are they communicating? They
use a MAC address also known as the hardware address that is burned in the Network card of all the
computers. To talk to each other they use Name Resolution (Hostname to IP resolution) done by
(DNS) Domain Name service is the task of converting domain names to their corresponding IP
address. If the two computers (Hosts) are in the same LAN Vicky can just do Broadcasting to Diana
without the use of a DNS that’s Microsoft Windows.

An example of a Name resolution process for the Vicky and Diana Hosts output are as follows:

Time Source Destination Protocol Infor

53.892794 192.168.0.1 192.168.0.255 NBNS Name query NB Vicky<00>

The way the operating system resolves the domain name is based upon its configuration.

2.7 TROUBLESHOOTING TOOLS

Transmission Control Protocol/ Internet Protocol (TCP/IP) version 4 is mostly used in networks so to
test IP connectivity and verify IPv6 networks and TCP/IP utilities for windows.

In the Network+ troubleshooting model, there are eight steps you must follow:
1. Establish symptoms.

60 | P a g e
2. Identify the affected area.

3. Establish what has changed.

4. Select the most probable cause.

5. Implement a solution.

6. Test the result.

7. Recognize the potential effects of the solution.

8. Document the solution.

Step 1: Establish Symptoms

Obviously, if you can’t identify a problem, you can’t begin to solve it. Typically, you need to ask some
questions to begin to clarify exactly what is happening. In our example, we should ask the user the
following:
Which part of the Internet can’t you access?
A particular website?
A particular address?
Any website?
Can you use your web browser?
The user cannot access the corporate intranet or get to any sites on the Internet. User can use web
browser to access the corporate FTP site, which he has bookmarked (by IP address 10.0.0.2). We
can, therefore, rule out the web browser as the source of the problem.

Step 2: Identify the Affected Area

Computers and networks are fickle; they can work fine for months, suddenly malfunction horribly,
and then continue to work fine for several more months, never again exhibiting that particular
problem. And that’s why it’s important to be able to reproduce the problem and identify the
affected area. Identifying the affected area narrows down what you have to troubleshoot. One of
your goals is to make problems easier to troubleshoot and, thus, get users working again as soon as
possible.

Step 3: Establish What Has Changed

If you can reproduce the problem, your next step is to attempt to determine what has changed.
Drawing on your knowledge of networking, you might ask yourself and your user questions such as
the following:
Were you ever able to do this?

61 | P a g e
If not, then maybe this is not an operation the hardware or software is designed to do. You can
inform the user that the system won’t do the operation (or that they may need additional hardware
or software to do it).
If so, when did you become unable to do it?
If the computer was able to do the operation and then suddenly could not, the conditions that
surround this change become extremely important. You may be able to discover the cause of the
problem if you know what happened immediately before the change. It is likely that the cause of the
problem is related to the conditions surrounding the change.

Has anything changed since you were last able to do this?

Most often, the thing that changed before the problem started is the source of the problem. When
you ask this question of a user, the answer is typically that nothing has changed, so you might need
to rephrase it. For example, you can try asking, “Did anyone add anything to your computer?” or
“Are you doing anything that’s different from the way you normally precede?”
Were any error messages displayed?

Are other people experiencing this problem?

For further reading: http://www.spiceworks.com/free-network-troubleshooting-tool/

After reading the above please read the below to be fully equipped with the troubleshooting tools

2.7.1 Troubleshooting Tools to consider

Both using GUI and Command line to verify TCP/IP function on windows workstations. Check listed
which are the common ones to be used:

.Traceroute (tracert in Microsoft)

.ipconfig/winipcfg (ifconfig in UNIX)

.ping

.arp

.nslookup (dig in UNIX)

.Mtr (pathping)

.route

.nbtstat

.netstat

.ftp

.telnet

62 | P a g e
For the last two .ftp and .telnet has been explained under the Server Application subtopic.

2.7.2 Protocol analyser

Sometimes called Network Monitors or Sniffers used to capture packets as they cross the network.

There are commercial Sniffers like Wireshark and OmniPeek that can capture any packet because of
its NIC configuration that can capture any packet that it sees.

Protocol Analysers are used to determine the type of traffic in a network and depending on the
product and the bells and whistles contained therein, through using the port numbers, protocols etc.

DHCP has its packets as follows;

DHCP Discover

DHCP Offer

DHCP Request

DHCP ACK

Through executing ipconfig/release and ipconfig/renew commands when the analyser is on the
client four packets below will be seen in the analyser’s capture file. See the example of a DHCP
process in the below capture;

Figure 36: DHCP Capture

Examining clearly the capture were the DHCP DISCOVER packets with no DHCPOFFER packets, it
shows the DHCP server is not receiving the DHCPDISCOVER packets On the DHCPOFFER packets
shows the DHCP server is out of addresses. The point will be the tool is used to troubleshoot the
issue.

2.7.3 Throughput Testers

People complain about the speed of the network and some don’t complain but to check whether the
slowdown is real as opposed to perceived you need to measure throughput with the tester.

Check the diagram below showing results of a throughput tester:

63 | P a g e
Figure 37: Throughput software by TamoSoft

Remember, When installing it should be installed on both the client and the server to measure the
traffic between the client and a server. It shows throughput for traffic in real time and in this short is
breaking that traffic up by unicast (TCP) and broadcast (UDP) types and by direction.

2.7.4 Connectivity Software

Remote desktop (Windows Products) can let you access your machine to perform troubleshooting
this is an example of connectivity software. There are other commercial tools like LogMeIn.com,
GoToMyPC, and TeamViewer, etc. The figure below shows the session window for LogMeIn.com.

There are advantages of this software obviously you can do whatever you want to do when they are
doing it wrongly.

64 | P a g e
Figure 38: LogMeIn.com

Traceroute
Latency is the delay a message takes to travel form the source to destination. It travels
faster but it uses time let’s see how distance affects the RTT (Round Trip Time).

Open a command prompt and run tracert on a web site whose server is on a different
continent from you. E.g. tracert www.mediacollege.com
When running on Ubuntu Platform install traceroute utility and use it. Installing use
this command: sudo apt-get install traceroute

Traceroute is a command which can show you the path a packet of information taken from your
computer to one you specify. It will list all the routers it passes through until it reaches its
destination, or fails to and is discarded. In addition to this, it will tell you how long each 'hop' from
router to router takes.

In Windows, select Start > Programs > Accessories > Command Prompt. This will give you a window
like the one below.

Enter the word tracert, followed by a space, then the domain name.

The following is a successful traceroute from your computer in New Zealand to mediacollege.com:

65 | P a g e
Figure 39: Latency test

Firstly it tells you that it's tracing the route to mediacollege.com, tells you the IP address of that
domain, and what the maximum number of hops will be before it times out.
Examine the output and find at what point in the route messages started jumping across the ocean.

Next it gives information about each router it passes through on the way to its destination.

1 is the internet gateway on the network this traceroute was done from (an ADSL modem in this
case)
2 is the ISP the origin computer is connected to (xtra.co.nz)
3 is also in the xtra network
4 timed out
5 - 9 are all routers on the global-gateway.net.nz network (the domain that is the internet gateway
out of New Zealand)
10 - 14 are all gnaps.net in the USA (a telecom supplier in the USA)
15 - 17 are on the nac network (Net Access Corporation, an ISP in the New York area)
18 is a router on the network mediacollege.com is hosted on
and finally, line

19 is the computer mediacollege.com is hosted on (sol.yourhost.co.nz)

Each of the 3 columns are a response from that router, and how long it took (each hop is tested 3
times). For example, in line 2, the first try took 240ms (240 milliseconds), the second took 421 ms,

66 | P a g e
and the third took 70ms.
You will notice that line 4 'timed out', that is, there was no response from the router, so another one
was tried (202.50.245.197) which was successful.
You will also notice that the time it took quadrupled while passing through the global-gateway
network.

This is extremely useful when trying to find out why a website is unreachable, as you will be able to
see where the connection fails. If you have a website hosted somewhere, it would be a good idea to
do a traceroute to it when it is working, so that when it fails, you can do another traceroute to it
(which will probably time out if the website is unreachable) and compare them. Be aware though,
that it will probably take a different route each time, but the networks it passes through will
generally be very similar.
If the example above had continued to time out after line 9, you could suspect that global-
gateway.co.nz was the problem, and not mediacollege.com.
If it timed out after line 1, you would know there was a problem connecting to your ISP (in this case
you would not be able to access anything on the internet).

It is generally recommended that if you have a website that is unreachable, you should use both the
traceroute and ping commands before you contact your ISP to complain. More often than not, there
will be nothing to your ISP or hosting company can do about it.

ipconfig and ifconfig

Windows uses ipconfig and UNIX/LINUX/Mac uses ifconfig to display the current configuration of
TCP/IP on a given workstation including the current IP address, DNS configuration, Windows Internet
Naming Services (WINS) configuration, and default gateway.

Ipconfig utility

All new operating systems such as Mac, Windows Vista, Windows 7, 8 and 10 and Windows server
2008/ 2012 IPv6 configuration is available by default. The output if the command ipconfig is
executed you see something like this because I am not connected to the internet:

67 | P a g e
But when connected to the internet you will see something like this:

Note: Your lecturer will demonstrate ipconfig for you or try it yourself.

Using ifconfig

68 | P a g e
Normally for Mac, Linux and UNIX uses this utility and gives you the similar information to the
ipconfig. Interface configuration(ifconfig) there are major differences ipconfig is used to view
TCPP/IP configuration for a computer where as ifconfig do the same with extra as configuring
protocol or a particular network interface. The command is as follows:

ifconfig interface [address [parameters] ]

the interface parameter euqals the unix name of the interface, such as eth0. If the optional address
parameter is specified, the ifconfig command sets the IP address for the interface to the address
you’ve specified. When the ifconfig command is used by itself with no parameters, all configured
interfaces will be reported on. But if only the interface name is specified, you will get output that
looks like this:

The eth0 interface is a 10Mbps Ethernet interface. The MAC and IP address information is displayed
in this output as well. The result above didn’t show the output for DNS information but this ifconfig
for the tool can.

Ping Utility

The most commonly used network tool is the ping utility. This utility is used to provide a basic
connectivity test between the requesting host and a destination host. This is done by using the Internet
Control Message Protocol (ICMP) which has the ability to send an echo packet to a destination host and a
mechanism to listen for a response from this host. Simply stated, if the requesting host receives a
response from the destination host, this host is reachable. This utility is commonly used to provide a basic
picture of where a specific networking problem may exist. For example, if an Internet connection is down
at an office, the ping utility can be used to figure out whether the problem exists within the office or
within the network of the Internet provider. Below shows an example of the ping utility to select;

69 | P a g e
Below shows an example of the ping utility is used to obtain the reachability status of the locally
connected router.

Figure 40:Pimg Utility

Using ARP Utility

Windows 2000 TCP/IP allows an application to communicate over a network with another computer
by using either an IP address, a host name, or a NetBIOS name. However, regardless of which
naming convention is used, the destination must ultimately be resolved to a hardware address
(media access control (MAC) address) for shared access media such as Ethernet and Token Ring.
The Address Resolution Protocol (ARP) allows a host to find the MAC address of a node with an IP
address on the same physical network, when given the node's IP address. To make ARP efficient,
each computer caches IP-to-MAC address mappings to eliminate repetitive ARP broadcast requests.
The Arp tool allows a user to view and modify ARP table entries on the local computer.
The arp command is useful for viewing the ARP cache and resolving address resolution problems.

70 | P a g e
A static entry can be added to an ARP file by issuing the arp -s < IP address > < MAC address >
command. However, adding such static ARP cache entries must be used with caution as it is easy to
enter the wrong MAC address for an IP address.
Detecting Duplicate IP Addresses Using ARP
When starting up, Windows performs a gratuitous ARP to detect any duplication with its own IP
address. While this detects most cases of duplicate IP addresses, in a few situations two TCP/IP hosts
(either Microsoft or non-Microsoft) on the same network can be configured for the same IP address.
The MAC and IP address mapping is done by the ARP module, which uses the first ARP response it
receives. Therefore, the impostor computer's reply sometimes comes back before the intended
computer's reply.
These problems are difficult to isolate and track down. Use the arp -a command to display the
mappings in the ARP cache. If you know the Ethernet address for the remote computer you wish to
use, you can easily determine whether the two match. If not, use the arp -d command to delete the
entry, then use Ping with the same address (forcing an ARP), and check the Ethernet address in the
cache again by using arp -a.
If both computers are on the same network, you will eventually get a response from the imposter
computer. If not, you might have to capture the traffic from the impostor host with Network
Monitor to determine the owner or location of the system. For more information about Network
Monitor, see "Monitoring Network Performance" in the Server Operations Guide.

Using nslookup utility

Some of the most common networking issues revolve around issues with Dynamic Name System
(DNS) address resolution issues. DNS is used by everyone using the Internet to resolve commonly
known domain names (i.e. google.com) to commonly unknown IP addresses (i.e. 74.125.115.147).
When this system does not work, most of the functionality that people are used to goes away, as
there is no way to resolve this information. The nslookup utility can be used to lookup the specific IP
address(es) associated with a domain name. If this utility is unable to resolve this information, there
is a DNS issue. Along with simple lookup, the nslookup utility is able to query specific DNS servers to
determine an issue with the default DNS servers configured on a host. Figure below shows an
example of how the nslookup utility can be used to query the associated IP address information.

71 | P a g e
Figure 41: nslookup utility

Resolving names with the host table

A host name is an alias assigned to an IP node to identify it as a TCP/IP host. The host name can be
up to 255 characters long and can contain alphabetic and numeric characters and the "-" and "."
characters. Multiple host names can be assigned to the same host. For Windows 2000–based
computers, the host name does not have to match the Windows 2000 computer name.
Windows Sockets applications, such as Microsoft® Internet Explorer and the FTP utility, can use one
of two values for the destination to be connected: the IP address or a host name. When the IP
address is specified, name resolution is not needed. When a host name is specified, the host name
must be resolved to an IP address before IP-based communication with the desired resource can
begin.
Host names can take various forms. The two most common forms are a nickname and a domain
name. A nickname is an alias to an IP address that individual people can assign and use. A domain
name is a structured name that follows Internet conventions.

2.7.5 Domain Names

To facilitate different organizations and their desires to have scalable, customizable naming scheme
in which to operate, the InterNIC has created and maintains a hierarchical namespace called
the Domain Name System (DNS). DNS is a naming scheme that looks similar to the directory
structure for files on a disk. However, instead of tracing a file from the root directory through
subdirectories to its final location and its file name, a host name is traced from its final location
through its parent domains back up to the root. The unique name of the host, representing its
position in the hierarchy, is called its Fully Qualified Domain Name (FQDN). The top-level domain
namespace is shown in Figure 1.11 with example second-level and subdomains.

72 | P a g e
Figure 42: Domain Name System

The domain namespace consists of:

The root domain, representing the root of the namespace and indicated with a "" (null).
Top-level domains, those directly below the root, indicating a type of organization. On the
Internet, the InterNIC is responsible for the maintenance of top-level domain names. Table
below has a partial list of the Internet's top-level domain names.

Domain Name Meaning

COM Commercial organization

EDU Educational institution

GOV Government institution

MIL Military group

NET Major network support center

ORG Organization other than those above

INT International organization

< country/ region Each country/region (geographic

code > scheme)
Figure 43: Internet Top-Level Domain Names

Second-level domains, below the top level domains, identifying a specific organization within
its top-level domain. On the Internet, the InterNIC is responsible for the maintenance of
second-level domain names and ensuring their uniqueness.

73 | P a g e
 Subdomains of the organization, below the second-level domain. The individual organization
is responsible for the creation and maintenance of subdomains.
For example, for the FQDN ftpsrv.wcoast.reskit.com:
The trailing period ( . ) denotes that this is an FQDN with the name relative to the root of the
domain namespace. The trailing period is usually not required for FQDNs and if it is missing it
is assumed to be present.
com is the top-level domain, indicating a commercial organization.
reskit is the second-level domain, indicating the Windows 2000 Resource Kit organization.
wcoast is a subdomain of reskit.com indicating the West Coast division of the
Windows 2000 Resource Kit organization.
ftpsrv is the name of the FTP server in the West Coast division.
Domain names are not case sensitive.
Organizations not connected to the Internet can implement whatever top and second-level domain
names they want. However, typical implementations do adhere to the InterNIC specification so that
eventual participation in the Internet will not require a renaming process.

Using the Mtr command (pathping)

In an effort to take advantage of the benefits of both the ping and tracert/traceroute commands, the
pathping and mtr utilities were developed. Both of these tools take the functionality and information that
can be obtained from these types of tools and provide a more detailed single picture of the path
characteristics from a specific host to a specific destination. Figure 11 and 12 below show examples of
these two tools and what information they provide.

74 | P a g e
Figure 44: Path Ping

Figure 45: Mtr

Using the route command

The last of the tools covered in this article is the route utility. This utility is used to display the current
status of the routing table on a host. While the use of the route utility is limited in common situations
where the host only has a single IP address with a single gateway, it is vital in other situations where

75 | P a g e
multiple IP address and multiple gateways are available. Figure below shows an example of the route
utility being used on a Windows machine.

Using the nbtstat command

Displays NetBIOS over TCP/IP (NetBT) configuration and allows management of the NetBIOS name
cache.

Nbtstat is designed to help troubleshoot NetBIOS name resolution problems. When a network is
functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses. It does
this through several options for NetBIOS name resolution, including local cache lookup, WINS server
query, broadcast, LMHOSTS lookup, Hosts lookup, and DNS server query.
The nbtstat command removes and corrects preloaded entries using a number of case-sensitive
switches. The nbtstat - a < name > command performs a NetBIOS adapter status command on the
computer name specified by < name> . The adapter status command returns the local NetBIOS name
table for that computer as well as the MAC address of the adapter card. The nbtstat -A < IP
address > command performs the same function using a target IP address rather than a name.
The nbtstat - c option shows the contents of the NetBIOS name cache, which contains NetBIOS
name-to-IP address mappings.
nbtstat -n displays the names that have been registered locally on the system by NetBIOS
applications such as the server and redirector.
The nbtstat -r command displays the count of all NetBIOS names resolved by broadcast and by
querying a WINS server. The nbtstat -R command purges the name cache and reloads all #PRE
entries from the LMHOSTS file. #PRE entries are the LMHOSTS name entries that are preloaded into
the cache.
Nbtstat -RR sends name release packets to the WINS server and starts a refresh, thus re-registering
all names with the name server without having to reboot. This is a new option in Windows NT 4.0
with Service Pack 4 as well as in Windows 2000.
You can use nbtstat -S to list the current NetBIOS sessions and their status, including statistics.
Sample output looks like this:
C:\>nbtstat -S
Local Area Connection:
Node IpAddress: [172.16.0.142] Scope Id: []
NetBIOS Connection Table
Local Name State In/Out Remote Host Input Output
------------------------------------------------------------------
TESTPC1 <00> Connected Out 172.16.210.25 6MB 5MB
TESTPC1 <00> Connected Out 172.16.3.1 108KB 116KB
TESTPC1 <00> Connected Out 172.16.3.20 299KB 19KB
TESTPC1 <00> Connected Out 172.16.3.4 324KB 19KB
TESTPC1 <03> Listening

76 | P a g e
Finally, nbtstat -s provides a similar set of session listings, but provides the remote computer names,
rather than their IP addresses.
Note
The options for the Nbtstat command are case sensitive.
The Nbtstat switches are listed in Table below;
Nbtstat Switches

Switch Name Function

-a < name > adapter status Returns the NetBIOS name table and MAC address of the
address card for the computer name specified.

-A < IP Adapter status Lists the same information as -a when given the target's
address > IP address.

-c cache Lists the contents of the NetBIOS name cache.

[ Number ] Interval Typing a numerical value tells Nbtstat to redisplay

selected statistics each interval seconds, pausing between
each display. Press Ctrl+C to stop redisplaying statistics.

-n names Displays the names registered locally by NetBIOS

applications such as the server and redirector.

-r resolved Displays a count of all names resolved by broadcast or

WINS server.

-R Reload Purges the name cache and reloads all #PRE entries from
LMHOSTS.

-RR ReleaseRefresh Releases and reregisters all names with the name server.

-s sessions Lists the NetBIOS sessions table converting destination IP

addresses to computer NetBIOS names.

-S Sessions Lists the current NetBIOS sessions and their status, with
the IP address.

/? Help Displays this list.

Using the netstat utility

Often, one of the things that are required to be figured out is the current state of the active network
connections on a host. This is very important information to find for a variety of reasons. For
example, when verifying the status of a listening port on a host or to check and see what remote
hosts are connected to a local host on a specific port? It is also possible to use the netstat utility to

77 | P a g e
 determine which services on a host that is associated with specific active ports. Figure below shows
an example of the netstat utility being used to display the currently active ports on a Linux machine.

Figure 46: netsat utility

Summary
A lot has been talked about troubleshooting TCP/IP tools they include GUI tools like protocol
analysers, throughput testers , and connectivity software like Remote Desktop, and they include
command-line utilities like tracert, ping, arp, netstat, nbtstat, ipconfig, ifconfig and nslookup.

Also these utilities how they work and various options and switches and how they all affect the use
of the utilities. Lastly how the utilities work within the TCP/IP suite.

2.8 MODULATION TECHNIQUES

Data relies on digital transmission

Network connection may handle only analog signals

Modem

RESOURCE

Further reading: Network+ study guide, 3rd Edition by Todd Lammle. Chapter 17. pages 485-517.
Web link: https://technet.microsoft.com/en-us/library
Videos: https://www.youtube.com/watch?v=BVBm-mO6cyQ

 Accomplishes this translation

78 | P a g e
  Modulator/demodulator

Data modulation

 Technology modifying analog signals into digital signals and vice versa

 Make analog signals suitable for carrying data over a communication path

2.8.1 A Modem
When in the communications environment a modem is a combination of two networking
devices: a modulator and a demodulator (modem for short). These devices perform
modulation and demodulation algorithms concurrently, to convert a signal from analog-to-
digital and digital-to-analog, enabling data transmission to and from various computing
resources. Below is a modem picture.

Figure 47: Modem

2.8.2 Modulation/Demodulation
Modulation is a carrier signal that varies in accordance with the message signal. The technique used
to change the signal characteristics. Basically, the modulation is of following two types: Digital and
Analog modulation.

Using the telephone example on how typical data flow using the illustration below as a reference.
When making a call we speak into a microphone, sound waves from our voice are transmitted by the
telephone in the form of radio waves thus analog signals, which usually vary in signal strength or
frequency. The analog signals travel from the telephone into the modem. It is the modem's job to
demodulate, which is transforming analog signals into digital signals for computer processing, and
then eventually modulate the signal, backsliding the digital signals back into analog signals.

A transmitter is a group of electronic circuits designed to convert the information into a signal for
transmission over a given communication medium.

A receiver is a group of electronic circuits designed to convert the signal back to the original
information.

79 | P a g e
The communication channel is the medium which is designed to transmit the electronic signal from
one place to another.

Classification of Modulation Techniques: There are high-frequency sinusoidal waveforms used as

carrier signal. For this purpose ,if the variation in the parameter of the carrier is continuous in
accordance to the input analog signal the modulation technique is termed as analog modulation
scheme if the variation is discrete then it is termed as Digital Modulation Technique.

Type of Modulation Techniques

2.8.3 Analog Modulation Techniques

(i) Amplitude Modulation
(ii) Frequency Modulation
(iii) Phase Modulation A.M. F.M. P.M. 02
Analog
One important characteristic of data transmission is the type of signalling involved. On a data
network, information can be transmitted via one of two signalling methods: Analog or Digital.
Computers generate and interpret digital signals as electrical current, the pressure of which is
measured in volts. The strength of an electrical signal is directly proportional to its voltage. Thus,
when network engineers talk about the strength of a signal, they often refer to the signal’s
voltage. After being generated, signals travel over copper cabling as electrical current. Over
fiber-optic cable, they travel as light pulses. And through the atmosphere, they travel as
electromagnetic waves.
Analog data signals are also generated as voltage. However, in analog signals, voltage varies
continuously and appears as a wavy line when graphed over time, as shown in Figure 2-1.
An analog signal, like other waveforms, is characterized by four fundamental properties:
amplitude, frequency, wavelength, and phase. A wave’s amplitude is a measure of its strength
at any given point in time. On a wave graph, the amplitude is the height of the wave at any point
in time. In Figure below, for example, the wave has amplitude of 5 volts at .25 seconds,
amplitude of 0 volts at .5 seconds, and amplitude of −5 volts at .75 seconds.

80 | P a g e
Figure 48: Analog

Whereas amplitude indicates an analog wave’s strength, frequency is the number of times that
a wave’s amplitude cycles from its starting point, through its highest amplitude and its lowest
amplitude, and back to its starting point over a fixed period of time. Frequency is expressed in
cycles per second, or hertz (Hz), named after German physicist Heinrich Hertz, who
experimented with electromagnetic waves in the late nineteenth century. For example, in Figure
48 above the wave cycles to its highest then lowest amplitude and returns to its starting point
once in 1 second. Thus, the frequency of that wave would be 1 cycle per second, or 1 Hz—
which, as it turns out, is an extremely low frequency.

Frequencies used to convey speech over telephone wires fall in the 300 to 3300 Hz range.
Humans can hear frequencies between 20 and 20,000 Hz. An FM radio station may use a
frequency between 850,000 Hz (or 850 kHz) and 108,000,000 Hz (or 108 MHz) to transmit its
signal through the air.
The distance between corresponding points on a wave’s cycle—for example, between one peak
and the next—is called its wavelength. Wavelengths can be expressed in meters or feet. A
wave’s wavelength is inversely proportional to its frequency. In other words the higher the
frequency, the shorter the wavelength. For example, a radio wave with a frequency of 1,000,000
cycles per second (1 MHz) has a wavelength of 300 meters, while a wave with a frequency of
2,000,000 Hz (2 MHz) has a wavelength of 150 meters.
The term phase refers to the progress of a wave over time in relationship to a fixed point.
Suppose two separate waves have identical amplitudes and frequencies. If one wave starts at its
lowest amplitude at the same time the second wave starts at its highest amplitude, these waves

81 | P a g e
will have different phases. More precisely, they will be 180 degrees out of phase (using the
standard assignment of 360 degrees to one complete wave). Had the second wave also started
at its lowest amplitude, the two waves would be in phase. Figure 2-2 illustrates waves with
identical amplitudes and frequencies whose phases are 90 degrees apart.

Figure 49: Waves with a 90-degree phase difference

One benefit to analog signals is that, because they are more variable than digital signals, they can
convey greater subtleties with less energy. For example, think of the difference between your voice
and a digital voice, such as the automated service that some libraries use to notify you when a book
you have requested is available. The digital voice has a poorer quality than your own voice—that is,
it sounds like a machine. It can’t convey the subtle changes in inflection that you expect in a human
voice. Only very high-quality digital signals—for example, those used to record music on compact
discs—can achieve such accuracy.
One drawback to analog signals is that their voltage is varied and imprecise. Thus, analog
transmission is more susceptible to transmission flaws such as noise, or any type of interference that
may degrade a signal, than digital signals. If you have tried to listen to AM radio on a stormy night,
you have probably heard the crackle and static of noise affecting the signal. Now contrast the analog
signals pictured in Figures 48 and 49 to a digital signal, as shown in Figure 50.

82 | P a g e
Figure 50: Digital signal

2.8.4 Digital Modulation Techniques

(i) Amplitude Shift Keying
(ii) Frequency Shift Keying
(iii) Phase Shift Keying A.S.K. F.S.K. P.S.K.

Digital signals
Are composed of pulses of precise, positive voltages and zero voltages. A pulse of positive
voltage represents a 1. A pulse of zero voltage (in other words, the lack of any voltage)
represents a 0. The use of 1s and 0s to represent information is characteristic of a binary
system. Every pulse in the digital signal is called a binary digit, or bit.
Figure 50 an example of a digital signal
A bit can have only one of two possible values: 1 or 0. Eight bits together form a byte. In broad
terms, one byte carries one piece of information. For example, the byte 01111001 means 121
on a digital network.
Computers read and write information—for example, program instructions, routing information,
and network addresses—in bits and bytes. When a number is represented in binary form (for
example, 01111001), each bit position, or placeholder, in the number represents a specific
multiple of 2. Because a byte contains eight bits, it has eight placeholders. When counting
placeholders in a byte, you move from right to left. The placeholder farthest to the right is
known as the zero position; the one to its left is in the first position, and so on. The placeholder
farthest to the left is in the seventh position, as shown in Figure 51.

Figure 51: seventh position

83 | P a g e
To find the decimal value of a bit, you multiply the 1 or 0 (whichever the bit is set to) by 2 x,
where x equals the bit’s position. For example, the 1 or 0 in the zero position must be multiplied
by 2 to the 0 power, or 20, to determine its value. Any number (other than zero) raised to the
power of 0 has a value of 1. Thus, if the zero-position bit is 1, it represents a value of 1 × 20, or 1
× 1, which equals 1. If a 0 is in the zero position, its value equals 0 × 2 0, or 0 × 1, which equals 0.
In every position, if a bit is 0, that position represents a decimal number of 0.
To convert a byte to a decimal number, determine the value represented by each bit, and then
add those values together. If a bit in the byte is 1 (in other words, if it’s “on”), the bit’s
numerical equivalent in the coding scheme is added to the total. If a bit is 0, which position has
no value and nothing is added to the total. For example, the byte 11111111 equals: 1 × 2 7 + 1 ×
26 + 1 × 25 + 1 × 24 + 1 × 23 + 1 × 22 + 1 × 21 + 1 × 20, or 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1. Its
decimal equivalent, then, is 255. In another example, the byte 00100100 equals: 0 × 2 7 + 0 × 26 +
1 × 25 + 0 × 24 + 0 × 23 + 1 × 22 + 0 × 21 + 0 × 20, or 0 + 0 + 32 + 0 + 0 + 4 + 0 + 0. Its decimal
equivalent, then, is 36.
Figure 51 illustrates placeholders in a byte, the exponential multiplier for each position, and the
different decimal that are represented by a 1 in each position.

To convert a decimal number to a byte, you reverse this process. For example, the decimal number 8
equals 23, which mean a single “on” bit would be indicated in the fourth bit position as follows:
00001000. In another example, the decimal number 9 equals 8 + 1, or 23 + 20, and would be
represented by the binary number 00001001.
The binary numbering scheme may be used with more than eight positions. However, in the digital
world, bytes form the building blocks for messages, and bytes always include eight positions. In a
data signal, multiple bytes are combined to form a message. If you were to peek at the 1s and 0s
used to transmit an entire email message, for example, you might see millions of zeros and ones
passing by. A JPEG, that expresses letters, numbers, and pictures.

84 | P a g e
 THINK POINT
Discussion Question

Research Study and further reading:

Statistical Multiplexing, Wavelength Division Multiplexing, Dense Wavelength Division

Multiplexing and CWDM (Coarse Wave length Division Multiplexing)

Figure 52: TDM Concept

Source: http://www.slideshare.net/nimay1/multiplexing-fdmatdmacdma

2.8.5 Frequency Division Multiplexing is a networking method in which multiple data

signals are joint for concurrent transmission via a shared communication medium. FDM uses a
carrier signal at a discrete frequency for each data stream and then combines many modulated
signals. Below blue waves: A circuit switch put together the Multiplexes multiple voice calls on a
high- bandwidth link.

Each circuit receives a fixed bandwidth the frequency of each call is shifted, to avoid interference.

85 | P a g e
Figure 53: FDM

Source: http://www.slideshare.net/AmarPanchal1/complete-computer-network

There are other Multiplexing techniques that were left out of this guide for the purpose of research
listed below;

Note: For further reading use recommended text book: Networking

th
Network+
Web link guide to Networks 7 Edition (Tamara Dean) pp 211-218.

1. https://www.edgefx.in/types-of-modulation-techniques-with-applications/
2. https://www.edgefx.in/types-of-modulation-techniques-with-applications/

Recommended books
CompTIA Network + Study guide by Todd Lammle (page 27- 53)
CompTIA Network + Guide to Networks by Tamara Dean (pages 18-25)
WEB:

86 | P a g e
 Review Questions

Answers are available on Network+ study guide, 3rd Edition by Todd Lammle. Chapter 17. pages 636
Appendix A

1. What command can you type from a command prompt to see the hopes a packet takes to
get to a destination host?

2. What tool would you use to verify a complaint about a slow network?

3. You need your IP address, subnet mask, default gateway and DNS information. What
command will you type from a windows command prompt?

4. You need to login as a dumb terminal to a server or UNIX host and run programs. What
application will you use?

5. What command will you use to add a route on a windows server routing table?

6. What application will you use to log in to a server and transfer files?

7. You are asked to check your name resolution information on your host. What command will
you type from the command prompt?

8. You want to use netstat, but you want to see only the IP address, not the names of the
hosts. Which modifier will you use?

9. You want the IP configuration on a UNIX host. What command will you type at the command
prompt?

10. Which windows command will show you the routing table of your host or server?

Assessment questions
Answers are available on Network+ study guide, 3rd Edition by Todd Lammle. Chapter 17. pages 637
Appendix B

1. Which TCP/IP utility is most often used to test whether an IP host is up and functional?

a. ftp

b. telnet

c. ping

d. netstat

2. Which TCP/IP utility will produce the following result?

87 | P a g e
 a. Arp

b. netstat

c. tracert

d. nbtstat

3. Which windows utility can you use to connect to a machine 50 miles away to troubleshoot?

a. Remote Desktop

b. netstat

c. arp

d. Wireshark

4. Which TCP/IP utility might produce the following output

a. tracert

b. ping

c. wins

d. ipconfig

5. Which utility can you use to find the MAC and TCP/IP addresses of your Windows
workstation?

a. ping

b. ipconfig

c. ipconfig /all

d. tracert

e. telnet

6. which ping commands will verify that your local TCP/IP interface is working (choose all that
apply)

a. ping 204.153.163.2

b. ping 127.0.0.1

c. ping localif

d. ping localhost

e. ping impost

7. Which switch for the windows nbtstat utility will display all NetBIOS name resolution
statics?

88 | P a g e
 a. –r

b. /r

c. –R

d. –R

8. You need to find a NICs specific MAC address. Which command-line tool can you use to find
this information without physically going to the computer?

a. ping

b. nbtstat

c. netstat

d. ftp

9. Which nbtstat utility switch will purge and reload the remote NetBIOS name table cache?

a. –r

b. –R

c. /r

d. /R

10. Wireshark is an example of a___________________?

a. Throughput

b. Protocol analyser

c. Remote connection tool

11. Which utility products output similar to the following?

a. Arp

b. Tracert

c. Nbtstat

d. Netstat

89 | P a g e
 12. You are the network administrator. A user calls you, complaining that the performance of
the intranet web server is slugging. When you try to ping the server, it takes several seconds
for the server to respond. You suspect that the problem is realistic to a router that is
seriously overloaded. Which workstation utility could you use to find out which router is
causing this problem?

a. Netstat

b. Nbtstat

c. Tracert

d. Ping

e. Arp

13. Which ipconfig switch will display the most complete listing of IP configuration information
for a station?

a. /all

b. /renew

c. /release

d. /?

14. Which utility will display a list of all the routers that a packet passes though on the way to an
IP destination?

a. netstat

b. nbtstat

c. tracert

d. ping

e. arp

15. Which Windows TCP/IP utility could you use to find out whether a server is responding on
TCP port 21?

a. tcp

b. Port

c. Ping

d. Nbtstat

e. telnet

16. Which arp command can you use to display the currently cached ARP entries?

a. arp

90 | P a g e
 b. arp-all

c. arp/a

d. ipconfig/arp

e. arp/ipconfig

17. Which command-line tool would best be used to verify DN5 functionality?

a. netstat

b. nbtstat

c. dig

d. icmp

e. arp

18. Which of the following arp utility switches perform the same function?(choose all that apply)

a. –g

b. –A

c. –d

d. –a

19. Which command would you use at a workstation prompt to see the DNS servers that are
configured to use?(choose three)

a. arp

b. nslookup

c. netstat

d. nbtstat

e. ipconfig/all

f. ifconfig

20. Which nbtstat switch displays a list of all the NetBIOS sessions currently active on the local
workstation?

a. –a

b. –r

c. –s

d. -i

91 | P a g e
CHAPTER 3: NETWORK CONNECTIVITY DEVICES

Learning outcomes
Understand switches, hubs, routers and bridges
Know how to configure network connectivity devices
Understand and implement and configure a firewall
Understand a DHCP
Understand a Proxy and reverse proxy how they work and types
Be able to understand VLANS

3.1 A Switch
Typically connects individual computers
 A switch is essentially the same as a bridge
 though typically used to connect hosts, not LANs
 Like bridges, support concurrent communication
 Host A can talk to C, while B talks to D

Figure 54: Switch

3.1.1 Dedicated Access and Full Duplex

• Dedicated access
– Host has direct connection to the switch rather than a shared LAN connection
• Full duplex
– Each connection can send in both directions
– Host sending to switch, and host receiving from switch
– E.g., in 10BaseT and 100Base T
• Completely supports concurrent transmissions

92 | P a g e
– Each connection is a bidirectional point-to-point link

3.1.2 Switches: Traffic Isolation

• Switch breaks subnet into LAN segments
• Switch filters packets
– Frame only forwarded to the necessary segments
– Segments can support separate transmissions

Figure 55: Switch and Bridge

3.2 Multilayer switch

Traditionally, switches are the network devices that forward data packets based on the Layer 2
information like media access control (MAC) addresses. Routers forward packets based on IP
addresses. The router strips off the old Layer 2 header, slaps on the new one and queues the packet
for transmission.
As multilayer switching technology developed, higher level functions were also added such as the
ability to look deep inside packets for information that could aid in the packet-forwarding process.
Thus, multilayer switches became devices that examine Layer 2 through Layer 7.

Figure 56: Multi-layer switch

93 | P a g e
3.4 Router

Figure 57: Cisco Router

Routers are small electronic devices that join multiple computer networks together via either wired
or wireless connections.

3.4.1 How Routers Work

In technical terms, a router is a Layer 3 network gateway device, meaning that it connects two or
more networks and that the router operates at the network layer of the OSI model.

Routers contain a processor (CPU), several kinds of digital memory, and input-output (I/O)
interfaces.

They function as special-purpose computers, one that does not require a keyboard or display.

The router's memory stores an embedded operating system (O/S). Compared to general-purpose OS
products like Microsoft Windows or Apple Mac OS, router operating systems limit what kind of
applications can be run on them and also need much smaller amounts of storage space. Examples of
popular router operating systems include Cisco Internetwork Operating System (IOS) and DD-WRT.
These operating systems are manufactured into a binary firmware image and are commonly
called router firmware. By maintaining configuration information in a part of memory called
the routing table, routers also can filter both incoming and outgoing traffic based on the addresses
of senders and receivers.

3.4.2 Routers for Business Networks and the Internet

Before home networking became popular, routers could be found only the closets of businesses
and schools. Each cost thousands of dollars and required special technical training to set up and
manage. The largest and most powerful network routers form the Internet backbone. These routers
must manage many terabits of data flowing through and between Internet Service Provider (ISP)
networks

94 | P a g e
3.4.3 Home Broadband Routers

Routers became mainstream consumer devices when households began to accumulate multiple
computers and wanted to share the home Internet connection

Home networks use Internet Protocol (IP) routers to connect computers to each other and to the
Internet. Early generations of home routers supported wired networking with Ethernet cables while
newer wireless routers supported Wi-Fi together with Ethernet. The term broadband router applies
to any home wired or wireless router being used for sharing a broadband Internet connection.

Home routers often cost USD $100 or less. They are manufactured to be much more affordable than
business routers in part because they offer fewer features. Still, home routers provide many
essential home networking functions:

sharing of home Internet connections for dozens of devices

basic home network firewall and other security support
ability to change router configuration settings from a Web browsers

3.4.4 Switch versus a Router

Switches create a network. Routers connect networks. A router links computers to the Internet, so
users can share the connection. A router acts as a dispatcher, choosing the best path for information
to travel so it's received quickly.

3.5 Firewall

A gateway that selectively blocks or filters traffic between networks. As with any other type of
gateway, firewalls may be devices optimized for performing their tasks or computers installed with
software necessary to accomplish those tasks.

95 | P a g e
Figure 58: Firewall

Types firewall

3.4.1 Proxy firewall

An early type of firewall device, a proxy firewall serves as the gateway from one network to
another for a specific application. Proxy servers can provide additional functionality such as
content caching and security by preventing direct connections from outside the network.
However, this also may impact throughput capabilities and the applications they can support.

3.4.2 Stateful inspection firewall

Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic
based on state, port, and protocol. It monitors all activity from the opening of a connection until
it is closed. Filtering decisions are made based on both administrator-defined rules as well as
context, which refer to using information from previous connections and packets belonging to
the same connection.

3.4.3 Unified threat management (UTM) firewall

A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection
firewall with intrusion prevention and antivirus. It may also include additional services and often
cloud management. UTMs focus on simplicity and ease of use.

3.4.4 Next-generation firewall (NGFW)

Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies
are deploying next-generation firewalls to block modern threats such as advanced malware and
application-layer attacks.

96 | P a g e
According to Gartner, Inc.’s definition, a next-generation firewall must include:
Standard firewall capabilities like stateful inspection
Integrated intrusion prevention
Application awareness and control to see and block risky apps
Upgrade paths to include future information feeds
Techniques to address evolving security threats
While these capabilities are increasingly becoming the standard for most companies, NGFWs
can do more.

3.4.5 Threat-focused NGFW

These firewalls include all the capabilities of a traditional NGFW and also provide advanced
threat detection and remediation. With a threat-focused NGFW you can:
Know which assets are most at risk with complete context awareness
Quickly react to attacks with intelligent security automation that sets policies and
hardens your defences dynamically
Better detect evasive or suspicious activity with network and endpoint event correlation
Greatly decrease the time from detection to clean-up with retrospective security that
continuously monitors for suspicious activity and behaviour even after initial inspection
 Ease administration and reduce complexity with unified policies that protect across the
entire attack continuum
Further reading: http://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-
firewall.html
Video: http://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html

3.4.6 HIDS
Host based intrusion detection (HIDS) refers to intrusion detection that takes place on a single host
system. Currently, HIDS involves installing an agent on the local host that monitors and reports on
the system configuration and application activity. Some common abilities of HIDS systems include
log analysis, event correlation, integrity checking, policy enforcement, rootkit detection, and
alerting. They often also have the ability to baseline a host system to detect variations in system
configuration. In specific vendor implementations these HIDS agents also allow connectivity to other
security systems. For example, Cisco CSA has the ability to send host data upstream to Cisco network
IPS devices, Checkpoint Integrity can be integrated with Checkpoint Secure Client (Client VPN), and
IBM Proventia Desktop is Cisco NAC certified.

97 | P a g e
HIDS Intrusion Prevention

Most HIDS packages now have the ability to actively prevent malicious or anomalous activity on the
host system. Due to the potential impact this can have on the end user, HIDS is frequently deployed
in "monitor only" mode initially. This enables the administrator to create a baseline of the system
configuration and activity. Active blocking of applications, system changes, and network activity is
limited to only the most egregious activities. Administrators can then tune the system policy based
on what is considered "normal activity".

3.4.7 IDS/IPS
 Intrusion Detection System - A device or application that analyzes whole packets, both header

and payload, looking for known events. When a known event is detected a log message is
generated detailing the event.
 Intrusion Prevention System - A device or application that analyzes whole packets, both header
and payload, looking for known events. When a known event is detected the packet is rejected.
The functional difference between an IDS and an IPS is a fairly subtle one and is often nothing more
than a configuration setting change. For example, in a Juniper IDP module, changing from Detection
to Prevention is as easy as changing a drop-down selection from LOG to LOG/DROP. At a technical
level it can sometimes require redesign of your monitoring architecture.

Given the similarity between all three systems there has been some convergence over time. The
Juniper IDP module mentioned above, for example, is effectively an add-on component to a firewall.
From a network flow and administrative perspective the firewall and IDP are functionally
indistinguishable even if they are technically two separate devices.

There is also much market discussion of something called a Next Generation Firewall (NGFW). The
concept is still new enough that each vendor has their own definition as to what constitutes a NGFW
but for the most part all agree that it is a device that enforces policy unilaterally across more than
just network packet header information. This can make a single device act as both a traditional
Firewall and IPS. Occasionally additional information is gathered, such as from which user the traffic
originated, allowing even more comprehensive policy enforcement.

3.5 Hubs and Bridges

Physical Layer devices: essentially repeaters operating at bit levels: repeat received bits on
one interface to all other interfaces

Hubs can be arranged in a hierarchy (or multi-tier design), with backbone hub at its top

98 | P a g e
 Example of a Hub below:

Each connected LAN referred to as LAN segment. Hubs do not isolate collision domains: node may
collide with any node residing at any segment in LAN

Hub Advantages:

 simple, inexpensive device

 Multi-tier provides graceful degradation: portions of the LAN continue to operate if

one hub malfunctions

 extends maximum distance between node pairs (100m per Hub)

Hub limitations

single collision domain results in no increase in max throughput

 multi-tier throughput same as single segment throughput

individual LAN restrictions pose limits on number of nodes in same collision domain and on
total allowed geographical coverage

Cannot connect different Ethernet types (e.g., 10BaseT and 100baseT) why?

3.6 DHCP
What Is DHCP?

3.6.1 Applies To: Windows Server 2008

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides
an Internet Protocol (IP) host with its IP address and other related configuration information such as
the subnet mask and default gateway. RFCs 2131 and 2132 define DHCP as an Internet Engineering

99 | P a g e
Task Force (IETF) standard based on Bootstrap Protocol (BOOTP), a protocol with which DHCP shares
many implementation details. DHCP allows hosts to obtain required TCP/IP configuration
information from a DHCP server.

Windows Server® 2008 includes the DHCP Server service, which is an optional networking
component. All Windows-based clients include the DHCP client as part of TCP/IP, including
Windows Vista®, the Windows Server®°2003 operating system, the Windows® XP Professional
operating system, Microsoft Windows®°2000 Professional operating system, Microsoft
Windows°NT® Workstation°4.0 operating system, Microsoft Windows® Millennium Edition operating
system, and the Microsoft Windows®°98 operating system.

3.6.2 Why use DHCP?

Every device on a TCP/IP-based network must have a unique unicast IP address to access the
network and its resources. Without DHCP, IP addresses for new computers or computers that are
moved from one subnet to another must be configured manually; IP addresses for computers that
are removed from the network must be manually reclaimed.

With DHCP, this entire process is automated and managed centrally. The DHCP server maintains a
pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on the
network. Because the IP addresses are dynamic (leased) rather than static (permanently assigned),
addresses no longer in use are automatically returned to the pool for reallocation.

The network administrator establishes DHCP servers that maintain TCP/IP configuration information
and provide address configuration to DHCP-enabled clients in the form of a lease offer. The DHCP
server stores the configuration information in a database that includes:

 Valid TCP/IP configuration parameters for all clients on the network.

 Valid IP addresses, maintained in a pool for assignment to clients, as well as excluded

addresses.

 Reserved IP addresses associated with particular DHCP clients. This allows consistent
assignment of a single IP address to a single DHCP client.

 The lease duration, or the length of time for which the IP address can be used before a lease
renewal is required.

A DHCP-enabled client, upon accepting a lease offer, receives:

 A valid IP address for the subnet to which it is connecting.

100 | P a g e
  Requested DHCP options, which are additional parameters that a DHCP server is configured

to assign to clients. Some examples of DHCP options are Router (default gateway), DNS
Servers, and DNS Domain Name. For a full list of DHCP options, see DHCP Tools and Options.

3.6.3 Benefits of DHCP

In Windows Server 2008, the DHCP Server service provides the following benefits:

Reliable IP address configuration. DHCP minimizes configuration errors caused by manual IP

address configuration, such as typographical errors, or address conflicts caused by the
assignment of an IP address to more than one computer at the same time.

Reduced network administration. DHCP includes the following features to reduce network
administration:

 Centralized and automated TCP/IP configuration.

 The ability to define TCP/IP configurations from a central location.

 The ability to assign a full range of additional TCP/IP configuration values by means
of DHCP options.

 The efficient handling of IP address changes for clients that must be updated
frequently, such as those for portable computers that move to different locations on
a wireless network.

 The forwarding of initial DHCP messages by using a DHCP relay agent, which
eliminates the need for a DHCP server on every subnet.

3.7 Proxy Reverse Proxy

3.7.1 Web acceleration refers to speeding up the transfer of content between web servers and
client browsers by using a variety of techniques such as caching and compression.
High-traffic websites must support hundreds of thousands, if not millions, of users in a fast, reliable
manner. To scale to meet such high volumes, modern computing best practice usually calls for
adding more server hardware, which can become expensive. Web acceleration instead employs
other methods to speed delivery of both static and dynamic content, enabling your web servers to
handle more client requests without the need for more hardware.

3.7.2 HTTP Optimization

One of the primary ways to accelerate web traffic is by using a load balancer or reverse proxy
server to optimize HTTP traffic as it flows between clients and backend servers. Users access the
web from a variety of devices – laptops, mobile phones, smart TVs, and cameras – over connections
that vary widely in bandwidth. Content acceleration is important because the web server can have

101 | P a g e
its resources tied up as the client is accepting and processing the data it has just received. This can
create inefficiencies in server utilization and lead to poor performance for other users as well.
Through HTTP optimization techniques, the load balancer sits in between clients and servers,
forwarding requests for content to backend servers in a streamlined and efficient manner that
maximizes speed and server utilization.

3.7.3 Caching and Prefetching

Web acceleration servers can cache, or locally store, commonly requested information rather than
fetching it over and over from backend servers, which wastes server resources and slows down
content delivery. The web accelerator can refresh cached content at a specified interval to avoid
serving content that is out of date.
The web accelerator can also pre-fetch and cache content that the user is likely to ask for, such as
the next page of a document, making it ready for delivery as soon as the user requests it.

Compression
A web accelerator can compress large files, such as image or video files, to reduce transfer times.

3.7.4 SSL/TLS Processing

Some advanced web accelerators can offload computationally intensive processing from backend
servers, freeing them to serve content faster. A common example is encryption and decryption of
documents during transmissions secured with Secure Sockets Layer (SSL) or Transport Layer Security
(TLS).

3.8 VLANS
A VLAN is a group of devices on one or more LANs that are configured to communicate as if they
were attached to the same wire, when in fact they are located on a number of different LAN
segments. Because VLANs are based on logical instead of physical connections, they are extremely
flexible.

VLANs define broadcast domains in a Layer 2 network. A broadcast domain is the set of all devices
that will receive broadcast frames originating from any device within the set. Broadcast domains are
typically bounded by routers because routers do not forward broadcast frames. Layer 2 switches
create broadcast domains based on the configuration of the switch. Switches are multiport bridges
that allow you to create multiple broadcast domains. Each broadcast domain is like a distinct virtual
bridge within a switch.

102 | P a g e
You can define one or many virtual bridges within a switch. Each virtual bridge you create in the
switch defines a new broadcast domain (VLAN). Traffic cannot pass directly to another VLAN
(between broadcast domains) within the switch or between two switches. To interconnect two
different VLANs, you must use routers or Layer 3 switches. See the "Overview of Layer 3 Interfaces"
section for information on inter-VLAN routing on Catalyst 4500 series switches. Figure below shows
an example of three VLANs that create logically defined networks.

Figure 59: Sample VLANs

VLANs are often associated with IP subnetworks. For example, all of the end stations in a particular
IP subnet belong to the same VLAN. Traffic between VLANs must be routed. You must assign LAN
interface VLAN membership on an interface-by-interface basis (this is known as interface-based or
static VLAN membership).

You can set the following parameters when you create a VLAN in the management domain:

VLAN number

VLAN name

VLAN type

VLAN state (active or suspended)

Maximum transmission unit (MTU) for the VLAN

Security Association Identifier (SAID)

VLAN number to use when translating from one VLAN type to another

103 | P a g e
3.9 PoE (Power over Ethernet) and STP (Spanning Tree Protocol)

Introduction
This document presents a list of recommendations that help to implement a safe network with
regard to bridging for Cisco Catalyst switches that run Catalyst OS (CatOS) and Cisco IOS® Software.
This document discusses some of the common reasons that Spanning Tree Protocol (STP) can fail
and the information for which to look to identify the source of the problem. The document also
shows the kind of design that minimizes spanning tree-related issues and is easy to troubleshoot.

Prerequisites
There are no specific requirements for this document.

Components Used
This document is not restricted to specific software and hardware versions.
Background Information
This document does not discuss the basic operation of STP. To learn how STP works, refer to this
document:
3.9.1 Understanding and Configuring Spanning Tree Protocol (STP) on Catalyst Switches
This document does not discuss Rapid STP (RSTP), defined in IEEE 802.1w. Also, this document does
not discuss Multiple Spanning Tree (MST) protocol, defined in IEEE 802.1s. For more information on
RSTP and MST, refer to these documents:
Understanding Multiple Spanning Tree Protocol (802.1s)
Understanding Rapid Spanning Tree Protocol (802.1w)
For a more specific STP troubleshooting document for Catalyst switches that run Cisco IOS Software,
refer to the document Troubleshooting STP on Catalyst Switch Running Cisco Integrated IOS (Native
Mode).

3.9.2 Spanning Tree Protocol Failure

The primary function of the spanning-tree algorithm (STA) is to cut loops that redundant links create
in bridge networks. The STP operates at Layer 2 of the Open System Interconnection (OSI) model. By
means of bridge protocol data units (BPDUs) that exchange between bridges, the STP elects the
ports that eventually forward or block traffic. This protocol can fail in some specific cases, and
troubleshooting the resulting situation can be very difficult, which depends on the design of the

104 | P a g e
network. In this particular area, you perform the most important part of the troubleshooting before
the problem occurs.

A failure in the STA generally leads to a bridging loop. Most customers that call Cisco Technical
Support for spanning tree problems suspect a bug, but a bug is seldom the cause. Even if the
software is the problem, a bridging loop in an STP environment still comes from a port that should
block, but instead forwards traffic.

3.9.3 Spanning Tree Convergence

Refer to the Spanning Tree Flash animation to see an example that explains how the Spanning Tree
initially converges. The example also explains why a blocked port goes into the forwarding mode
because of an excessive loss of BPDUs, resulting in STA failure.

The rest of this document lists the different situations that can cause the STA to fail. Most of these
failures relate to a massive loss of BPDUs. The loss causes blocked ports to transition to forwarding
mode.

3.9.4 Duplex Mismatch

Duplex mismatch on a point-to-point link is a very common configuration error. If you manually set
the duplex mode to full on one side of the link and leave the other side in auto negotiation mode,
the link ends up in half-duplex. (A port with duplex mode set to full no longer negotiates.)

Figure 60: carrier sense and collision

105 | P a g e
The worst-case scenario is when a bridge that sends BPDUs has the duplex mode set to half-duplex
on a port, but the peer port on other end of link has the duplex mode set to full-duplex. In the above
example, the duplex mismatch on the link between bridge A and B can easily lead to a bridging loop.
Because bridge B has configuration for full-duplex, it does not perform carrier sense before link
access. Bridge B starts to send frames even if bridge A is already using the link. This situation is a
problem for A; bridge A detects a collision and runs the back off algorithm before the bridge
attempts another transmission of the frame. If there is enough traffic from B to A, every packet that
A sends, which includes the BPDUs, undergoes deferment or collision and eventually gets dropped.
From an STP point of view, because bridge B does not receive BPDUs from A anymore, bridge B has
lost the root bridge. This leads B to unblock the port connected to bridge C, which creates the loop.

Further reading: Chapter 5, Network+, Study guide, 3 rd Edition, page 126-43, by Todd
Lammle.

Weblink: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-
protocol/10556-16.html

Video: https://www.youtube.com/watch?v=u4E_mG0pe00

https://www.youtube.com/watch?v=w6TTDEyRI1o

Review questions
What is the purpose of Spanning Tree Protocol in a switched LAN?
A. To provide a mechanism for network monitoring in switched environments
B. To prevent routing loops in networks with redundant paths
C. To prevent switching loops in networks with redundant switched paths
D. To manage the VLAN database across multiple switches
Answer: Option C
Which statement describes a spanning-tree network that has converged?
A. All switch and bridge ports are in the forwarding state.
B. All switch and bridge ports are assigned as either root or designated ports.
C. All switch and bridge ports are in either the forwarding or blocking state.
D. All switch and bridge ports are either blocking or looping.
Answer: Option C
What does a switch do when a frame is received on an interface and the destination hardware
address is unknown or not in the filter table?

106 | P a g e
A. Forwards the switch to the first available link
B. Drops the frame
C. Floods the network with the frame looking for the device
D. Sends back a message to the originating station asking for a name resolution
Answer: Option C
In which circumstance are multiple copies of the same unicast frame likely to be transmitted in
a switched LAN?
A. During high-traffic periods
B. After broken links are re-established
C. When upper-layer protocols require high reliability
D. In an improperly implemented redundant topology
Answer: Option D
If you want to disable STP on a port connected to a server, which command would you use?
A. disable spanning-tree
B. spanning-tree off
C. spanning-tree security
D. spanning-tree portfast
Answer: Option D

Which of the following statement is true?

A. A switch creates a single collision domain and a single broadcast domain. A router
creates a single collision domain.
B. A switch creates separate collision domains but one broadcast domain. A router
provides a separate broadcast domain.
C. A switch creates a single collision domain and separate broadcast domains. A router
provides a separate broadcast domain as well.
D. A switch creates separate collision domains and separate broadcast domains. A router
provides separate collision domains.
Answer: Option B

You have two switches connected together with two crossover cables for redundancy, and STP
is disabled. Which of the following will happen between the switches?
A. The routing tables on the switches will not update.
B. The MAC forward/filter table will not update on the switch.
C. Broadcast storms will occur on the switched network.
D. The switches will automatically load-balance between the two links.
Answer: Option C

Layer 2 switching provides which of the following?

Hardware-based bridging (ASIC)
Wire speed
Low latency

107 | P a g e
Low cost
A. 1 and 3
B. 2 and 4
C. 1, 2 and 4
D. All of the above
Answer: Option D

Your switch has a port status LED that is alternating between green and amber. What could this
indicate?
A. The port is experiencing errors.
B. The port is shut down.
C. The port is in STP blocking mode.
D. Nothing; this is normal.
Answer: Option A

You want to run the new 802.1w on your switches. Which of the following would enable this
protocol?
A. Switch(config)# spanning-tree mode rapid-pvst
B. Switch# spanning-tree mode rapid-pvst
C. Switch(config)# spanning-tree mode 802.1w
D. Switch# spanning-tree mode 802.1w
Answer: Option A

108 | P a g e
CHAPTER 4: NETWORK DESIGN

Learning outcome
Network Structure and equipment in commercial buildings and work areas
Identify significant components of an industrial control system or SCADA system
Inventory and manage network assets and identify significant business documents
Create and follow appropriate change management procedures for major and minor
network changes
Identify significant physical security controls to limit or monitor access to secure areas
Describe the components of a reliable disaster recovery plan and a defensible incident
response plan

4.1 Networks Cable type mastering

INTRODUCTION
In this topic we are discovering the basic essentials required to build a network. It is not an easy job
to know where to place walls, doors where to install electrical and plumbing systems management
of traffic patterns through rooms to make the building liveable. As a network architect you must
consider hardware and software factors when designing a network.
We are going to discuss the hardware used in the network architecture; location of the devices
their environment and the equipment limitations and its attentions. Interestingly you will be able
to see how Ethernet make it easier to move data across the physical network and how to trace the
failure of the devices to play its role. As you continue with your studies you will learn deeper on
various layers of network components cable details and wireless networking (802.1) will be
explained in due course.

4.2 Implementing a Network Infrastructure

The setup and cabling of most of the big organisations are the same due to the TIA
(Telecommunication Industrial Association) standards and its former mother company EAI
(Electronic Industries Alliance).
The architecture for commercial buildings is called structured Cabling from the TIA/EIA-568
Commercial Building Wiring Standard it doesn’t care where the cable is from. This structured
principle applies from the cabling media, transmission technology or networking speed. It
starts from the Demarc and ends at the user’s work station. Demarc (Short for
Demarcation) is the device at the point where a telecommunications service providers
network ends (public switched telephone network) and the organisational network starts.

109 | P a g e
 It is only describing the good way of the network cable installation maximising performance
and minimising maintenance.
However the structured cabling is based on a hierarchical design and assumes a network is
based on the star topology.
Below is the type of a Demarc;

Figure 61: example of a Demarc

Source: Networking: Guide to Networks 7th Edition by Tamara Dean et al (pp. 158-9)

4.3 Devices for Structured Cabling

The benefits of these standards include:
Consistency of design and installation;
Conformance to physical and transmission line requirements;
A basis for examining a proposed system expansion and other changes; and
Uniform documentation.

110 | P a g e
 Figure 62: TIA/EIA Structured Cabling in a Multistory Building

Source: http://www.elvtek.com/Solution.aspx?catelist=0,5,36,19&cateid=19&parentid=36&itemid=7

Structured cabling design and installation is governed by TIA/EIA as said above, that specify wiring
data centers, offices, and apartments building for data or voice communication using various kind of
cable, most commonly used category 5e (CAT5e), (CAT6) or (CAT7) and fibre optic cabling and
modular connector.
There are components like;
1. Entrance Facility (EF): This is the main incoming entrance for the network interface
connecting to the building backbone cabling. It is composed of cables, network demarcation

point(s), connecting hardware, protection devices and other equipment that connect to
the access provider (AP) or private network cabling. It includes connections between
outside plant and inside building cabling.
2. Equipment Room (ER)
The environmentally well-ordered centralized space for telecommunications equipment
is usually more complex than a telecommunications room (TR) or telecommunications
enclosure (TE). This is where you find the main cross-connect (MC) {Distributor C} and
may also contain the intermediate cross-connects (ICs) {Distributor B}, horizontal cross-
connects (HCs) {Distributor A}, or both.

111 | P a g e
 3. Backbone Cabling
The backbone cabling provides interconnection between telecommunications rooms,
equipment rooms, access provider (AP) spaces and entrance facilities. There are two
subsystems defined for backbone cabling:
Cabling Subsystem 2 – Backbone cabling between the horizontal cross-connect (HC)
{Distributor A (DA)} and the intermediate cross-connect (IC) {Distributor B (DB)}
Cabling Subsystem 3 – Backbone cabling between an intermediate cross-connect
(IC) {Distributor B (DB)} and the main cross-connect (MC) {Distributor C (DC)}
Recognized cabling:
100-ohm twisted-pair cabling: Category 3, Category 5e, Category 6 or Category 6A
and Category 7.
Multimode optical fiber cabling: 850 nm laser-optimized 50/125 μm is
recommended.
50/125 μm refer to the diameters of the glass or plastic core, the part of the fiber
that carries the light which encodes your data. See below diagram depicting the
structure,
Single-mode optical fiber cabling

Figure 63: Cross section of Multimode fiber optic cables

4. Telecommunications Room (TR) or Telecommunications Enclosure (TE)

A TR or TE houses the terminations of horizontal and backbone cables to connecting

hardware including any jumpers or patch cords ( is a length of fiber cabling fitted with

LC, SC, MTRJ or ST connectors at each end. It may also contain the IC (Intermediate
Crossconnect) or MC (Main Crossconnect) for different portions of the backbone cabling
system.
5. Horizontal Cabling (Cabling Subsystem 1)
The horizontal cabling system extends from the work area’s
telecommunications information outlet to the telecommunications room (TR)

112 | P a g e
 or telecommunications enclosure (TE). It includes horizontal cable, mechanical
terminations, jumpers and patch cords located in the TR or TE and may incorporate Multi-
User Telecommunications Outlet Assemblies (MUTOAs) and consolidation points (CPs). The
maximum horizontal cable length shall be not more than 90 m (295 ft.), independent of
media type. If a MUTOA is deployed, the maximum horizontal balanced twisted-pair copper
cable length shall be reduced.
Recognized and recommended cabling (to be discussed in the next Chapters):
4-pair 100-ohm unshielded or shielded twisted-pair cabling:
Category 5e, Category 6, Category 6A or Category 7
Multimode optical fiber cabling, 2-fiber (or higher fiber count)
Single-mode optical fiber cabling, 2-fiber (or higher fiber count)

Figure 64; MUTOAs

6. Work Area
Work area (WA) components extend from the telecommunications outlet/connector end of
the horizontal cabling system to the WA equipment.
A minimum of two telecommunications outlets (permanent links) should be provided for
each work area. Multi-user telecommunications outlet assemblies (MUTOAs), if used, are
part of the WA.

Further reading:

Networking: Guide to Networks 7th Edition by Tamara Dean et al (pp. 160-2)

113 | P a g e
 Network+ study Guide, 3th Edition by Todd Lammle (pp. 116-122)

4.6 Enterprise Networks and SOHO (Small Office/Home Office)

Identify significant components of an industrial control system or SCADA system

Inventory and manage network assets and identify significant business documents

Create and follow appropriate change management procedures for major and minor
network changes

Identify significant physical security controls to limit or monitor access to secure areas

Describe the components of a reliable disaster recovery plan and a defensible incident
response plan

4.7 Components of an Industrial Control System and SCADA Network

Industrial control system (ICS)

 Group of network computers used to manage a physical system of industrial

processes

Basic components specific to an ICS:

 Supervisory control and data acquisition (SCADA)

 Remote terminal units (RTU)

 Programmable logic controller (PLC)

 Communications channels

 Human-machine interfaces (HMIs)

Basic components specific to an ICS (cont’d):

 Software and ICS servers

 Acquisitions server (I/O server)

 Control server, MTU (master terminal unit), or SCADA server

 Historian

4.8 Industrial Control System

Industrial system

 A system of machines, such as an assembly line

 Computers interact with machinery and physical components that are not digital or
technical in nature

114 | P a g e
  Could be spread over a wide geographical area

• Such as a public transportation system or a gas pipeline

Internet of Things (IOT)

 Consider by some to be the next generation of the Internet

 Connects objects that are not used as computers

4.9 Components of an Industrial Control System and SCADA Network

Figure 65: Basic ICS and SCADA Network

Figure 66: Programmable logic controller is programmed to affect a physical system

115 | P a g e
4.10 Components of an Industrial Control System and SCADA Network
Two methods that an ICS might use to control the physical system:
 Open loop system
 Makes decisions based on predetermined expectations, events, and past history
Closed loop system
 Makes decisions based on real-time data
 Requires field devices distributed throughout they physical system to monitor aspects
of the system (called a distributed control system or DCS)

4.10.1 Securing an ICS/SCADA Network

Recommended best practices:

 Inventory all connections to your ICS/SCADA network

 Segment your ICS/SCADA network from the corporate network

 Isolate your ICS/SCADA network by deploying a DMZ between the corporate

network and the ICS network

 Completely disconnect the ICS/SCADA network from the Internet

 Secure or harden the ICS/SCADA network by implementing strict firewall rules, IDS,
and physical security controls

 For fault tolerance, deploy redundancy as appropriate

 Harden the ICS/SCADA network by strictly controlling access to the network with
encrypted authentication
 Protect the historian
 Make sure vendors responsible for supporting hardware and software on your
network fully disclose any backdoor entrance into your network
 If the ICS network provides W-Fi, consider installing Faraday cages around the Wi-Fi
hot spots
 Keep current all documentation needed for configuration management
 Keep well-documented and well-maintained backups of the system and its data
 Clearly define risk management practices and establish risk management teams
 Implement role-based access control (RBAC) to the system

 Asset Management and Business Documents

Asset management documentation

 Important when managing large numbers of devices

116 | P a g e
  Essential in an enterprise environment

4.10.2 Asset Management

 Refers to monitoring and maintaining all assets that make up a network
 First step is to inventory all network components:
 Nodes or hardware devices
 Software
 Organization needs determine appropriate asset management tool
 Benefits
 Simplifies maintaining and upgrading network
 Provides information about hardware and software costs and benefits

4.10.3 Business Documents

Standard business documents you may encounter:
 RFP (request for proposal)
 Request to vendors to submit a proposal for a product or service your company wants to
purchase
 MOU (memorandum of understanding)
 Documents the intentions of two or more parties to enter into a binding agreement, or
contract
 SOW (statement of work)
 Documents in detail the work that must be completed for a particular project
 Standard business documents you may encounter (cont’d):
 SLA (service-level agreement)
 A legally binding contract or part of a contract that defines the aspects of a service provided
to a customer
 Example: the service provided by an ISP
 MLA (master license agreement)
 Grants a license from a creator, developer, or producer to a third party for the purposes of
marketing or sublicensing, or distributing the product to consumers

4.10.4 Change Management

 Managing change while maintaining network’s efficiency and availability:
 Requires good planning
 Common software and hardware changes
 Range from installing patches to replacing network backbone
 Several ways to approach changes

117 | P a g e
4.10.5 Software and Hardware Changes
Three types of changes to existing software:
 Patch
 A correction, improvement, or enhancement
 Upgrade
 A major change to a software package that enhances the functionality and features
of the software
 Rollback
 Also called back leveling or downgrading
 Process of reverting to a previous version after attempting to patch or upgrade it
General steps to change software or hardware
 Don’t allow patches to be automatically installed
 Determine whether patch or upgrade is necessary
 Research change purpose, compatibility, and effects
 Test the patch or upgrade in a testing lab to make sure it acts as expected
 Determine whether changes should apply to all users, network segments, or devices
 Schedule change for completion during off-hours
 Called the maintenance window
 Notify appropriate personnel of intent to change
 Back up current system
 Prevent users from accessing system during change
 Keep instructions handy as you install revision
 Implement the change and test system fully
 Re-enable access to the system
 Or revert to previous version
 Inform personnel that change is complete
 Record change in the change management system
Reversing a software upgrade
 Software change may create unexpected problems
 Be prepared to reverse an upgrade
Backleveling
 Reverting to previous version of software after attempting upgrade
 No hard-and-fast rules for Backleveling
 Always refer to software vendor’s documentation to reverse an upgrade
 For NOS: consult other professionals as well

118 | P a g e
Figure 67: Reversing a software upgrade

4.10.6 Change Management Documentation

Generally, the larger an organization, the more documentation required when making changes.
Required process will vary but expect the following:
 Submit a change request document
 Understand and follow the approval process
 The change is project managed (change coordinator)
 Provide additional documentation
 Close the change

4.10.7 Physical Security Controls

Restrict physical access to critical components
 Only trusted networking staff should have access
 A security policy should define who has access
Sophisticated door access controls:
 Keypad or cipher locks
 Cipher locks are physical or electronic locks requiring a code to open the
door
 Access badges
 Proximity cards, passive cards, and active cards

119 | P a g e
Figure 68: cipher lock can document who enters an area and when he was out

Figure 69: Badges access security system

4.10.8 Physical Security Controls

Sophisticated door access controls (cont’d):
 Biometrics
 Scans an individual’s unique physical characteristics
 Mantraps
 Consists of two doors on either end of a small entryway
 First door must close before the second door can open
AIT (advanced imaging technology) machines

120 | P a g e
  Use millimeter-wave scanners to indicate on cartoonlike images any areas of
concern to security personnel

Figure 70: finger Print Scanner

Figure 71: Result of an AIT Scan

121 | P a g e
 Many IT departments use video surveillance systems (closed-circuit TV) to monitor activity in
secured rooms
IP cameras can be placed in data centers
A central security office might display several camera views at once
 Or it might switch from camera to camera
 Important questions to ask when planning for physical security:
 Which rooms contain critical systems or data and must be secured?
 Through what means might intruders gain access to the facility, computer room, data
room, network closet, or data storage areas?
 How and to what extent authorized personnel are granted entry?
 Are employees instructed to ensure security after entering or leaving secured areas?
Important questions to ask when planning for physical security (cont’d):
 Are authentication methods difficult to forge or circumvent?
 Do supervisors or security personnel make periodic physical security checks?
 Are all combinations, codes, or other access means to computer facilities protected at
all times, and are those combinations changed frequently?
 Do you have a plan for documenting and responding to physical security breaches?

 To guard against information being stolen from a decommissioned hard drive

 Run a specialized drive sanitizer program to make file recovery impossible

 Degausser

 A magnetic hard drive eraser

4.10.9 Troubleshooting and Response Policies

 Disasters and security breaches to happen
 Training and preparation can make all the difference in your company’s ability to respond
and adapt to these situations

4.11 Disaster recovery

 Restoring critical functionality, data
 After enterprise-wide outage
 Affecting more than single system, limited group
Consider possible extremes

122 | P a g e
  Enterprise-wide outage
 Failures
 Security breaches
 Data corruption

4.11.1 Disaster Recovery Planning

 Account for worst-case scenarios
 Identify disaster recovery team (red team)
 Provide contingency plans for restoring and replacing:
 Computer systems
 Power
 Telephony systems
 Paper-based files
 Goal is to ensure business continuity
 Ability to continue to do business
Sections of the plan related to computer systems should include the following:
Contact information for emergency coordinators
Details on which data and servers are being backed up, how frequently backups occur,
where backups are kept, and how backed-up data can be recovered
Details on network topology, redundancy, and agreements with national service carriers
Regular strategies for testing the disaster recovery plan
A plan for managing the crisis, including regular communications with employees and
customers
Having a comprehensive disaster recovery plan
Lessens the risk of losing critical data
Makes potential customers and insurance providers look more favorably on your
organization

4.11.2 Disaster Recovery Contingencies

i. Cold site
 Components necessary to rebuild network exist
 Not appropriately configured, updated, or connected

ii. Warm site

 Components necessary to rebuild network exist

123 | P a g e
  Some appropriately configured, updated, and connected

iii. Hot site

 Components exist and match network’s current state
 All appropriately configured, updated, and connected

4.11.3 Forensics
Every security policy should include a response policy
 Defines the characteristics of an event that qualifies as a formal incident and steps
that should be followed
Qualifying incidents might include a:
 Break-in
 Fire
 Weather-related emergency
 Hacking attack or malware outbreak
 Discovery of illegal content or activity
Data collected might be presented in a court of law
 Data must be carefully collected so that it will stand up to the scrutiny of the court
First responders may take charge
 People with training and/or certifications that prepare them to handle evidence
Every IT technician should know how to safeguard sensitive information, logged data, and
other legal evidence until first responder can take over
A response policy should detail the following steps:
 Determine if escalation is necessary
 Secure the area
 Document the scene
 Monitor evidence and data collection
 Protect the chain of custody
 Monitor transport of data and equipment
 Create a report
A response policy should identify members of a response team:
 Dispatcher
 The person to call who first notices the problem
 Manager
 Coordinates the resources necessary to solve the problem

124 | P a g e
  Technical support specialist
 Focuses on solving the problem quickly
 Public relations specialist
 Acts as official spokesperson for the organization

4.11.4 Summary
An industrial system is a system of machines, such as an assembly line at a tire
manufacturing plant
An industrial control system (ICS) is a group of networked computers used to manage a
physical system of industrial processes
Isolate an ICS/SCADA network by deploying a DMZ between the corporate network and the
ICS network
First step in managing assets is to inventory all the components on the network
Be familiar with the following business documents: RFP, MOU, SOW, SLA, and MLA
Managing change while maintaining your network’s efficiency and availability requires good
planning
Three types of changes to existing software include patches, upgrades or updates, and
rollbacks
The complexity of a change approval process is usually determined by the cost and time
involved in making the change, the number of users affected, potential risk to work
productivity, and difficulty of rolling back the change
A security policy defines who has access to the computer room
A disaster recovery plan should identify a disaster recovery team, sometimes called the red
team, with an appointed coordinator
Every contingency plan necessitates a site other than the building where the network’s main
components normally reside
Some forensic data available for analysis can be damaged or destroyed if improperly
handled
Further Reading:

i. Networks + Guide to Networks, 7th Edition by Tamara Dean, Chapter 12, page 603-628.
ii. Networks Study guide, 3rd edition, by Todd Lammle, Chapter 20 page 755-793

125 | P a g e
Review Questions
1. You are a network administrator managing a network backbone upgrade. Your supervisor
has scheduled a meeting to discuss the project’s status with you. What is the advantage of
taking a Gantt chart to the meeting?

a. A Gantt chart will help the supervisor better understand the project’s costs.

b. A Gantt chart will determine the maximum possible amount of each employee’s time to be
spent on each task.

c. A Gantt chart will allow the supervisor to see timelines of each task in addition to the project
as a whole.

d. A Gantt chart will demonstrate why some tasks have taken longer to complete than first
anticipated.

2. The task that must be completed before another task is begun is called a(n) ___ .

a. Successor

b. Predecessor

c. Antecedent

d. Dependent

3. In a significant network upgrade project, which of the following tasks takes place first?

a. Identify which tasks are dependent on other tasks.

b. Complete a needs assessment survey.

c. Test the proposed solution on a pilot network.

d. Assign tasks to the most qualified or appropriate people on the project team.

4. Which of the following best describes contingency planning?

a. Obtaining support from high-level project sponsors before committing resources to the
project

b. Installing identical software and hardware, on a smaller scale, as the project’s proposed
solution will require, testing the feasibility of the solution

126 | P a g e
 c. Identifying a team and assigning roles to that team in case of disaster

d. Identifying steps that will minimize the impact of unforeseen obstacles

5. True or False? One way of predicting how long a task might take is by examining the time
taken to complete previous similar tasks.

Which of the following tools might you use to assess the success of a project whose purpose is to
upgrade an entire network from 100 Mbps to 1000 Mbps?

a. Network Monitor

b. Sniffer or packet analyzer

c. Microsoft SQL Server

d. System Monitor

6. What is the purpose of identifying milestones in a project plan?

a. They indicate when project staff changes must occur.

b. They mark significant events of the project’s progress.

c. They offer a quick assessment of how successfully the project is staying within budget.

d. They help predict the result of a project.

7. Which of the following are examples of resources related to a project plan that proposes to
upgrade the network cards inside each workstation on a network from 100 Mbps to 1000
Mbps? (Choose all that apply.)

a. NIC device drivers

b. A team member’s time

c. IP addresses

d. NICs

e. Switches

8. Which of the following are examples of stakeholders of a project whose purpose is to

upgrade an entire network from 100 Mbps to 1000 Mbps? (Choose all that apply.)

127 | P a g e
 a. Network users

b. Software vendors of applications running on the client machines

c. High-level managers who approved the project

d. IT staff who helped implements the change

e. Network cabling vendors

9. Which of the following obstacles could halt or seriously impair the progress of a project whose
purpose is to upgrade the NICs in all workstations on a network from 100 Mbps to 1000 Mbps?

a. The use of two different NIC models

b. The use of different installation personnel on different shifts

c. Management’s requirement that the cost of each NIC remain under $75

d. A large group of defective NICs

10. In a very large company (for example, one with over 10,000 employees), which of the following
staff is most likely to decide whether a project such as an entire network upgrade will be
funded?

a. Network administrator

b. Personnel director

c. Chief information officer

d. Accountant

11. Which of the following best describes project management?

a. Recording and analyzing the time and resources required for each task in a project

b. Assessing network statistics before and after a project is completed

c. Monitoring the needs of users prior to the beginning of a project, then later assessing how the
project’s completion met their needs

d. Planning for and handling the steps required to accomplish a goal in a systematic way

12. Which of the following projects is most likely to be driven by a company’s security needs?

128 | P a g e
 a. Doubling the RAM in a key file server

b. Installing a firewall on a connection to the Internet

c. Upgrading the version of client software on each workstation

d. Changing from the use of static IP addressing to DHCP on an entire network

13. What is one good technique for assessing the feasibility of a suggested project deadline
before the project begins?

a. Begin calculating task timelines from the deadline, working back to the start of a project.

b. Issue a survey to key staff asking their opinion of the suggested deadline.

c. Use the Web to research similar projects completed by other companies.

d. Calculate the ratio of the number of project milestones to the proposed project duration, in
months, to check that it does not exceed 2:1.

14. Which of the following situations might necessitate changing all the IP addresses on a
company’s networked workstations?

a. The company has divided its network into several smaller subnets.

b. The company has hired 50 new employees.

c. The company has decided to use Network Address Translation (NAT) for all connections to
public networks.

d. The company has decided to establish a Web server with e-commerce capability.

15. In Microsoft terminology, what is a hot fix?

a. A patch that replaces all or a portion of the NOS

b. A patch that requires that the server be connected to the Microsoft Web site as it is installed

c. A patch that updates a specific type of software, often the operating system

d. A patch that can be installed while users are logged on without causing adverse effects

16. In which of the following situations would it be wise to backlevel?

129 | P a g e
 a. You have just performed a complete backup of your server’s data directories, and you cannot
confirm that the backup was successful.

b. You have just applied a fix to your network operating system (NOS) and have discovered that
the fix resulted in a lack of network access for half of your users.

c. You have just installed a database program on one of your servers and have discovered that
you neglected to install an optional component that your users will need.

d. You have just installed Windows Server 2012 R2 on a new computer and you cannot get the
operating system to recognize the NIC.

17. Which two of the following can typically be accomplished by applying a patch to an NOS?

a. Replacing all the NOS’s program files

b. Modifying an existing feature

c. Removing an old feature

d. Fixing a known bug

18. Before installing a major NOS patch, you should ____________ .

a. Remove all protocols installed on the server.

b. Prevent users from logging on.

c. Disable Internet services.

d. Disable network connectivity.

19. What is the primary difference between a software upgrade and a patch?

a. The software manufacturer issues a patch, whereas an upgrade may be issued by any
organization that has the software’s source code.

b. A patch fixes a specific part of a software program, whereas an upgrade typically replaces
much or all of a software program.

c. A patch typically does not require that the network administrator test its changes before
applying it to a server; an upgrade does.

d. A patch typically is not supported by the software manufacturer; an upgrade is.

130 | P a g e
 20. You work for the Best Roast Coffee Company, which has 100 employees in nine retail stores.
You are looking at case studies for a product you are researching. Which of the following
case studies is most likely to be helpful?

a. A case study for an automobile manufacturer with hundreds of thousands of employees

b. A candy maker with 200 employees that sells candy in 13 malls across the country

c. An insurance company with thousands of employees in three locations, plus hundreds of

agents all over the country

d. A small school district with 300 employees and 10,000 students

21. You are trying to decide whether to purchase a software package from a vendor. Who
among the following is most likely to provide objective information about the software
package?

a. The vendor’s sales staff

b. A business partner of the vendor

c. A current customer of the vendor

d. A vendor who makes a competing product

22. You are researching a new Internet access router for your company’s network. You have also
noticed a trend toward greater use of your company’s network resources from home. Given
this, which of the following features would you expect to be most valuable in a new Internet
access router?

a. Support for additional routing protocols

b. Support for virtual private networks

c. Support for additional security features

d. Support for multiple protocols

23. When implementing a network solution, why is it important to anticipate future trends as
much as possible?

a. So that the solutions you implement meet the future needs of your users

131 | P a g e
 b. So that the solutions you implement meet the current needs of your users

c. So that the solutions you implement are more scalable

d. So that you can justify the purchase of the solution to management

24. When investigating a network solution, which two of the following should you do?

a. Get information about possible solutions from only one source.

b. Get information about possible solutions from multiple sources.

c. Look at the product lines from only one vendor.

d. Talk to someone who has implemented a similar solution.

25. The hardware devices attached to a network such as computers and printers are also called
______.

a. Communication endpoints

b. Nodes

c. Connection points

d. Contacts

26. Asset management records should be available to ______.

a. All personnel involved in maintaining the network

b. Only the system administrator

c. Everyone in the organization

d. Anyone

27. Who is protected by documenting hardware and software changes?

a. Users

b. Managers

c. The organization

d. All of the above

132 | P a g e
 28. When should changes be made to the asset management database?

a. Monthly

b. Weekly

c. Daily

d. As changes to hardware and software occur

29. True or False? Network asset management can include device locations, serial numbers, and
technical support contact information.

133 | P a g e
Key terms used

802.2: The IEEE standard for error and flow control in data frames.
802.3: The IEEE standard for Ethernet networking devices and data handling (using the
CSMA/CD access method).
802.5: The IEEE standard for token ring networking devices and data handling.
802.11: The IEEE standard for wireless networking.
802.16: The IEEE standard for broadband wireless metropolitan area networking (also known as
WiMAX).
ACK (acknowledgment): A response generated at the Transport layer of the OSI model that
confirms to a sender that its frame was received. The ACK packet is the third of three in the
three-step process of establishing a connection.
Acknowledgment: See ACK.
American National Standards Institute: See ANSI.
ANSI (American National Standards Institute): An organization composed of more than 1000
representatives from industry and government who together determine standards for the
electronics industry in addition to other fields, such as chemical and nuclear engineering, health
and safety, and construction.
API (Application Program Interface): A set of routines that make up part of a software
application.
Application Layer: The seventh layer of the OSI model. Application Layer protocols enable
software programs to negotiate formatting, procedural, security, synchronization, and other
requirements with the network.
Application Programming Interface: See API.
Block ID: The first set of six characters that make up the MAC address and that are unique to a
particular manufacturer.
Checksum: A method of error checking that determines if the contents of an arriving data unit
match the contents of the data unit sent by the source. Connection Oriented: A type of
Transport layer protocol that requires the establishment of a connection between
communicating nodes before it will transmit data.

134 | P a g e
Connectionless: A type of Transport layer protocol that services a request without requiring a
verified session and without guaranteeing delivery of data. CRC (cyclic redundancy check): An
algorithm (or mathematical routine) used to verify the accuracy of data contained in a data
frame.
Cyclic Redundancy Check: See CRC.
Data Link Layer: The second layer in the OSI model. The Data Link Layer bridges the networking
media with the Network Layer. Its primary function is to divide the data it receives from the
Network Layer into frames that can then be transmitted by the Physical Layer.
Data Link Layer address: See MAC address. Device ID: The second set of six characters that
make up a network device’s MAC address. The device ID, which is added at the factory, is based
on the device’s model and manufacture date.
EIA (Electronic Industries Alliance): A trade organization composed of representatives from
electronics manufacturing firms across the United States that sets standards for electronic
equipment and lobbies for legislation favourable to the growth of the computer and electronics
industries.
Encapsulate: The process of wrapping one layer’s PDU with protocol information so that it can
be interpreted by a lower layer. For example, Data Link Layer protocols encapsulate Network
Layer packets in frames.
Ethernet: A networking technology originally developed at Xerox in the 1970s and improved by
Digital Equipment Corporation, Intel, and Xerox. Ethernet, which is the most common form of
network transmission technology, follows the IEEE 802.3 standard.
FCS (frame check sequence): The field in a frame responsible for ensuring that data carried by
the frame arrives intact. It uses an algorithm, such as CRC, to accomplish this verification.
Flow Control: A method of gauging the appropriate rate of data transmission based on how fast
the recipient can accept data.
Fragmentation: A Network Layer service that subdivides segments it receives from the
Transport layer into smaller packets.
Frame: A package for data that includes not only the raw data, or “payload,” but also the
sender’s and recipient’s addressing and control information. Frames are generated at the Data
Link Layer of the OSI model and are issued to the network at the Physical Layer. Frame Check
Sequence: See FCS. Hardware Address: See MAC address.
HTTP (Hypertext Transfer Protocol): An Application Layer protocol that formulates and
interprets requests between Web clients and servers.

135 | P a g e
Hypertext Transfer Protocol: See HTTP.
IAB (Internet Architecture Board): A technical advisory group of researchers and technical
professionals responsible for Internet growth and management strategy, resolution of technical
disputes, and standards oversight.
IANA (Internet Assigned Numbers Authority): A non-profit, United States government funded
group that was established at the University of Southern California and charged with managing
IP address allocation and the domain name system. The oversight for many of IANA’s functions
was given to ICANN in 1998; however, IANA continues to perform Internet addressing and
domain name system administration.
ICANN (Internet Corporation for Assigned Names and Numbers): The non-profit corporation
currently designated by the United States government to maintain and assign IP addresses.
IEEE (Institute of Electrical and Electronics Engineers): An international society composed of
engineering professionals. Its goals are to promote development and education in the electrical
engineering and computer science fields. IETF (Internet Engineering Task Force): An
organization that sets standards for how systems communicate over the Internet (for example,
how protocols operate and interact).
Institute of Electrical and Electronics Engineers: See IEEE.
International Organization for Standardization: See ISO.
International Telecommunication Union: See ITU.
Internet Architecture Board: See IAB.
Internet Assigned Numbers Authority: See IANA.
Internet Corporation for Assigned Names and Numbers: See ICANN.
Internet Engineering Task Force: See IETF. Internet Protocol: See IP.
Internet Protocol address: See IP address.
Internet service provider: See ISP.
Internet Society: See ISOC.
IP (Internet Protocol): A core protocol in the TCP/IP suite that operates in the Network Layer of
the OSI model and provides information about how and where data should be delivered. IP is
the sub-protocol that enables TCP/IP to internetwork.
IP address (Internet Protocol address): The Network Layer address assigned to nodes to
uniquely identify them on a TCP/IP network. IP addresses consist of 32 bits divided into four
octets, or bytes.

136 | P a g e
ISO (International Organization for Standardization): A collection of standards organizations
representing 157 countries with headquarters located in Geneva, Switzerland. Its goal is to
establish international technological standards to facilitate the global exchange of information
and barrier-free trade.
ISOC (Internet Society): A professional organization with members from 90 sections around the
world that helps to establish technical standards for the Internet.
ISP (Internet service provider): A business that provides organizations and individuals with
Internet access and often, other services, such as e-mail and Web hosting.
ITU (International Telecommunication Union): A United Nations agency that regulates
international telecommunications and provides developing countries with technical expertise
and equipment to advance their technological bases.
LLC (Logical Link Control) sub-layer: The upper sub-layer in the Data Link Layer. The LLC
provides a common interface and supplies reliability and flow control services.
Logical Address: See network address.
Logical Link Control sub-layer: See LLC (Logical Link Control) sub-layer. MAC address: A 12-
character string that uniquely identifies a network node. The manufacturer hard codes the MAC
address into the NIC. This address is composed of the block ID and device ID.
MAC (Media Access Control) sub-layer: The lower sub-layer of the Data Link Layer. The MAC
appends the physical address of the destination computer onto the frame. Maximum
Transmission Unit: See MTU.
Media Access Control sub-layer: See MAC (Media Access Control) sub-layer.
MTU (maximum transmission unit): The largest data unit a network (for example, Ethernet or
token ring) will accept for transmission.

137 | P a g e
Network Address: A unique identifying number for a network node that follows a hierarchical
addressing scheme and can be assigned through operating system software. Network addresses
are added to data packets and interpreted by protocols at the Network Layer of the OSI model.
Network Layer: The third layer in the OSI model. Protocols in the Network Layer translate
network addresses into their physical counterparts and decide how to route data from the
sender to the receiver.
Network Layer address: See network address.
Open Systems Interconnection model: See OSI (Open Systems Interconnection) Model.
OSI (Open Systems Interconnection) model: A model for understanding and developing
computer-to computer communication developed in the 1980s by ISO. It divides networking
functions among seven layers: Physical, Data Link, Network, Transport, Session, Presentation,
and Application.
PDU (Protocol Data Unit): A unit of data at any layer of the OSI model.
Physical Address: See MAC address.
Physical Layer: The lowest, or first, layer of the OSI model. Protocols in the Physical Layer
generate and detect signals so as to transmit and receive data over a network medium. These
protocols also set the data transmission rate and monitor data error rates, but do not provide
error correction.
Presentation Layer: The sixth layer of the OSI model. Protocols in the Presentation Layer
translate between the application and the network. Here, data are formatted in a schema that
the network can understand, with the format varying according to the type of network used.
The Presentation Layer also manages data encryption and decryption, such as the scrambling of
system passwords.
Protocol Data Unit: See PDU.
Reassembly: The process of reconstructing data units that have been segmented.
Regional Internet Registry: See RIR.
RIR (Regional Internet Registry): A not-for-profit agency that manages the distribution of IP
addresses to private and public entities. ARIN is the RIR for North, Central, and South America
and sub-Saharan Africa. APNIC is the RIR for Asia and the Pacific region. RIPE is the RIR for
Europe and North Africa. Route: To intelligently direct data between networks based on
addressing, patterns of usage, and availability of network segments.
Router: A device that connects network segments and directs data based on information
contained in the data packet.

138 | P a g e
Segment: A unit of data that results from subdividing a larger protocol data unit.
Segmentation: The process of decreasing the size of data units when moving data from a
network that can handle larger data units to a network that can handle only smaller data units.
Sequencing: The process of assigning a placeholder to each piece of a data block to allow the
receiving node’s Transport layer to reassemble the data in the correct order.
Session: A connection for data exchange between two parties. The term session may be used in
the context of Web, remote access, or terminal and mainframe communications, for example.
Session Layer: The fifth layer in the OSI model. The Session Layer establishes and maintains
communication between two nodes on the network. It can be considered the “traffic cop” for
network communications.
Standard: A documented agreement containing technical specifications or other precise criteria
that are used as guidelines to ensure that materials, products, processes, and services suit their
intended purpose.
SYN (synchronization): The packet one node sends to request a connection with another node
on the network. The SYN packet is the first of three in the three-step process of establishing a
connection.
SYN-ACK (synchronization-acknowledgment): The packet a node sends to acknowledge to
another node that it has received a SYN request for connection. The SYN-ACK packet is the
second of three in the three-step process of establishing a connection.
Synchronization: See SYN.
Synchronization-acknowledgment: See SYN-ACK.
Telecommunications Industry Association: See TIA.
Terminal: A device with little (if any) of its own processing or disk capacity that depends on a
host to supply it with applications and data-processing services.
TIA (Telecommunications Industry Association): A subgroup of the EIA that focuses on
standards for information technology, wireless, satellite, fiber optics, and telephone equipment.
Probably the best known standards to come from the TIA/EIA alliance are its guidelines for how
network cable should be installed in commercial buildings, known as the “TIA/EIA 568-B Series.”
Token: A special control frame that indicates to the rest of the network that a particular node
has the right to transmit data.
Token ring: A networking technology developed by IBM in the 1980s. It relies upon direct links
between nodes and a ring topology, using tokens to allow nodes to transmit data.

139 | P a g e
Transport Layer: The fourth layer of the OSI model. In the Transport layer protocols ensure that data
are transferred from point A to point B reliably and without errors. Transport layer services include
flow control, acknowledgment, error correction, segmentation, reassembly, and sequencing. Virtual
Address: See network address.

140 | P a g e