Explain OSI Layers and their functionalities?

OSI LAYERS

1) PHYSICAL LAYER: This layer provides the electrical, mechanical, procedural and
functional requirements for activating, maintaining and deactivating a physical link between the end systems. Data is travelled as stream of bits in the physical medium. Devices used in this layer are cables, hubs etc. 2) DATALINK LAYER: Provides the physical transmission of the data and handles error notification, networking topology and flow control. Messages are delivered on LAN using proper MAC address. It translates frames into bits for physical layer to transmit. It has 2 sub layers a) MAC Layer b) LLC Layer Media Access Control: Defines how packets are placed on the media. Contention media access is first come/first served access where everyone shares the same bandwidth.

Logical Link Layer: Responsible for identifying network layer protocols and then encapsulating them. An LLC header tells the Data Link layer what to do with a packet once a frame is received. It works like this: A host will receive a frame and look in the LLC header to find out where the packet is destined- say, the IP protocol at the network layer. The LLC can also provide flow control and sequencing of control bits. 3) NETWORK LAYER: The Network layer manages device addressing, tracks the location of devices on the network, and determines the best way to move data, which means that the network layer must transport traffic between devices that arent locally attached. Routers are specified at the network layer and provide the routing services within an internetwork. 4) Transport Layer: It segments and reassembles data into data stream. They provide end to end data transport services and can establish a logical connection between he sending host and receiving host. This layer has two protocols a)TCP b)UDP a) TCP is a connection oriented protocol; it provides flow control, acknowledgements and sequencing. TCP is a reliable protocol. Flow control: Segments delivered are acknowledged. Any segment not acknowledged is retransmitted. Segments are sequenced back into their proper order upon arrival of destination. A manageable data flow is maintained in order to avoid congestion, overloading and data loss. Windowing: The quantity of data segments that the transmitting machine is allowed to send without receiving an acknowledgement for them is called a window. Size of window controls how much information is needs to be transferred. b) UDP is a connection less protocol; it provides an unreliable connectionless delivery service using IP to transport messages between machines. It uses IP to carry messages, but adds the ability to distinguish among multiple destinations within a given host computer. UDP messages can be lost, duplicated, delayed, or delivered out of order; many programs that use UDP do not work correctly across the internet because they fail to accommodate these conditions. 5) Session Layer: It is responsible for setting up, managing and then tearing down the sessions between presentation layer entities. It provides dialog control between devices or nodes.

It coordinates communication between the systems and servers to organize their communication by offering 3 different modes: simplex, half duplex and full duplex. Session layer keeps different application data separate from other applications data. 6) Presentation layer: It presents data to the application layer and is responsible for data translation and code formatting. It provides coding and conversion functions. It ensures that data transferred from the application layer of one system can be read by the application layer of another system. Tasks like data compression, decompression, encryption and decryption are associated with this layer. 7) Application layer: It acts as a user interface. This layer is needed when we want to access the network. It is also responsible for identifying and establishing the availability of intended communication partner and determining whether sufficient resources for the intended communication exist.

Difference between Routed and Routing Protocols? Routed Protocol: Routed protocols (such as IP and IPX) are used to transmit user data through
an internetwork, By contrast, routing protocols (such as RIP, IGRP, and OSPF) are used to update routing tables between routers

Routing Protocol: Any protocol that defines algorithms to be used for updating routing tables
between routers (IGRP, RIP and OSPF)

Explain different classes of routing protocols?

There are three classes of routing protocols:

Distance vector: The distance-vector protocols find the best path to a remote network by
judging distance. Each time a packet goes through a router, thats called a hop. The route with the least number of hops to the network is determined to be the best route. The vector indicates the direction to the remote network. Both RIP and IGRP are distance-vector routing protocols. They send the entire routing table to directly connected neighbors.

Link state: In link state protocols, also called shortest-path-first protocols, the routers each
create three separate tables. One of these tables keeps track of directly attached neighbors, one

determines the topology of the entire internetwork, and one is used as the routing table. Link state routers know more about the internetwork than any other distance vector protocol. They send updates containing the state of their own links to all other routers on the network.

Hybrid: Hybrid protocols use aspects of both distance vector and link state for example,
EIGRP.

Explain three-way handshake in TCP?

Three Way Handshake: The first segment of a handshake can be identified because it has the SYN bit set in the code field. The second message has the SYN and ACK bits set, indicating that it acknowledges the first SYN segment as well as continuing the handshake. The final handshake message is only an acknowledgement and is merely used to inform the destination that both sides that the connection has been established.

What is DHCP?
DHCP means Dynamic Host Configuration Protocol. DHCP listens for incoming on UDP 67 and send out on UDP 68 . It works on layer 7. The Dynamic Host Configuration Protocol allows a computer to obtain information at startup, including the address of a default router, the address of a domain name server, and an IP address. DHCP permits a server to allocate IP addresses automatically or dynamically. Dynamic allocation is necessary for environments such as a wireless network where computers can attach and detach quickly. To use DHCP, a computer becomes a client. The computer broadcasts a request for DHCP servers, selects one of the offers it receives, and exchanges messages with the server to obtain a lease on the advertised IP address. A relay agent can forward DHCP requests on behalf of the client, which means a site can have a single DHCP server handle address assignment for multiple subnets. When a client obtains an IP address, the client starts three timers. After the first timer expires, the client attempts to renew its lease. If a second timer expires before renewal completes, the client attempts to rebind its address from any server. If the final timer expires before a lease has been renewed, the client stops using the IP address and returns to the initial state to acquire a new address. A finite state machine explains lease acquisition and renewal.

Explain DNS?
DNS- Domain Name System It operates at layer 7 It uses port 53 It considers a scheme for assigning meaningful high-level names to a large set of machines, and discusses a mechanism that maps between high-level machine names and IP addresses. It considers both the translation from high-level names to IP addresses and the translation from high-level machine names. The naming scheme is interesting for two reasons. First, it has been used to assign machine names throughout the internet. Second, because it uses a geographically distributes set of servers to map names to addresses.

What is ARP?
Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses during internetwork transmissions. This function is critical in multiple-access networks for determining link layer addresses when relaying network layer transmissions. ARP is a request and reply protocol that runs encapsulated by the line protocol just like the internetwork protocol it backs. As such, it is communicated within boundaries of a single network, never crossing internetwork nodes, i.e. it is a non-routable protocol. Placement of ARP within OSI and TCP/IP network models is inconsistent. Strictly speaking, it belongs to the network layer since it is encapsulated by the link layer protocol, and is required only for the network layer protocol to operate, but not the link layer protocol. However, some sources attribute ARP to the link layer, which is technically incorrect because ARP does not operate the line, nor is it part of line protocol suite.

Explain PPP?
Point to Point Protocol (PPP) It belongs to data link layer, commonly used in establishing a direct connection between two networking nodes. It can provide connection authentication, transmission encryption privacy, and compression. PPP is used over many types of physical networks including serial cable, hone line, trunk line, cell phones, specialized radio links and fiber optic links such as SONET.

Two encapsulated forms of PPP, Point-to-Point Protocol over Ethernet (PPPoE) and Point-toPoint Protocol over ATM (PPPoA), are used most commonly by Internet Service Providers (ISPs) to establish a Digital Subscriber Line (DSL) Internet service connection with customers. Link Control Protocol (LCP) is an integral part of PPP, and is defined in the same standard specification. LCP provides automatic configuration of the interfaces at each end (such as setting datagram size, escaped characters, and magic numbers) and for selecting optional authentication. The LCP protocol runs on top of PPP (with PPP protocol number 0xC021) and therefore a basic PPP connection has to be established before LCP is able to configure it. In setting up PPP communications, both the sending and receiving devices send out LCP packets to determine the standards of the ensuing data transmission. y y y y Checks the identity of the linked device and either accepts or rejects the peer device. Determines the acceptable packet size for transmission. Searches for errors in configuration Can terminate the link if requirement exceed the parameters.

Devices cannot use PPP to transmit data transmit data over a network until the LCP packets determine the acceptability of the link, but LCP packets are embedded into PPP packets and therefore a basic PPP connection has to be established before LCP can reconfigure it. LCP packet has four fields (Code, ID, Length and Data)
y y

Code: Operation requested: configure link, terminate, link ... and acknowledge and deny codes. Data: Parameters for the operation

Challenge-handshake authentication protocol (CHAP), which is preferred for establishing dialup connections with ISPs. Although deprecated, Password authentication protocol (PAP) is still sometimes used. Another option for authentication over PPP is Extensible Authentication Protocol (EAP). PPP may include the following LCP options:
y

Authentication - Peer routers exchange authentication messages. Two authentication choices are Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). Authentication is explained in the next section. Compression - Increases the effective throughput on PPP connections by reducing the amount of data in the frame that must travel across the link. The protocol decompresses the frame at its destination. Error detection - Identifies fault conditions. The Quality and Magic Number options help ensure a reliable, loop-free data link. The Magic Number field helps in detecting links that are in a looped-back condition. Until the Magic-Number Configuration Option has been successfully negotiated, the Magic-Number must be transmitted as zero. Magic numbers are generated randomly at each end of the connection.

Multilink - Cisco IOS Release 11.1 and later supports multilink PPP. This alternative provides load balancing over the router interfaces that PPP uses. Multilink PPP (also referred to as MLPPP, MP, MPPP, MLP, or Multilink) provides a method for spreading traffic across multiple distinct PPP connections.

Explain SNMP?
Simple Network Management Protocol (SNMP): It is an application layer protocol. It is developed to manage nodes on a network. It is encapsulated or encased in the UDP. SNMP enables network administrators to manage network performances find and solve network problems and plan for network growth. It consists of three components: a) Managed device (routers, switches, access servers, bridges, hubs) b) Agents c) Network managed systems (NMS) An agent is a network management software module that resides in a managed device. An NMS executes application that monitor and control managed device. Four protocol operations Get, Get Next, Set and Trap.

Explain FTP and TFTP?

File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to another over a TCP-based network, such as the Internet. FTP is built on client-server architecture and utilizes separate control and data connections between the client and server. FTP operates on the application layer of the OSI model, and is used to transfer files using TCP/IP. In order to do this a FTP server needs to be running and waiting for incoming requests. The client computer is then able to communicate with the server on port 21. This connection, called the control connection, remains open for the duration of the session, with a second connection, called the data connection, either opened by the server from its port 20 to a negotiated client port (active mode) or opened by the client from an arbitrary port to a negotiated server port (passive mode) as required to transfer file data. The control connection is used for session administration (i.e., commands, identification, passwords) exchanged between the client and server using a telnet-like protocol.

Active FTP
In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20. From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:
y y y y

FTP server's port 21 from anywhere (Client initiates connection) FTP server's port 21 to ports > 1023 (Server responds to client's control port) FTP server's port 20 to ports > 1023 (Server initiates data connection to client's data port) FTP server's port 20 from ports > 1023 (Client sends ACKs to server's data port)

When drawn out, the connection appears as follows:

In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4. The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client-something that is usually blocked.

Passive FTP
In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode. In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data. From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:
y y y y

FTP server's port 21 from anywhere (Client initiates connection) FTP server's port 21 to ports > 1023 (Server responds to client's control port) FTP server's ports > 1023 from anywhere (Client initiates data connection to random port specified by server) FTP server's ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client's data port)

When drawn, a passive mode FTP connection looks like this:

In step 1, the client contacts the server on the command port and issues the PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the

specified server data port. Finally, the server sends back an ACK in step 4 to the client's data port. Trivial File Transfer Protocol (TFTP) is a file transfer protocol known for its simplicity. It is generally used for automated transfer of configuration or boot files between machines in a local environment. Compared to FTP, TFTP is extremely limited, providing no authentication, and is rarely used interactively by a user. Due to its simple design, TFTP could be implemented using a very small amount of memory. It is therefore useful for booting computers such as routers which may not have any data storage devices.

FTP vs. TFTP

FTP and Trivial FTP are very similar protocols. FTP is the more complex version of the two. It provides more features and is session-oriented. FTP is also more commonly used and is typically simpler to use. TFTP is essentially a "stripped down" version, with fewer commands and capabilities. It is designed to be used for cases where simplicity and small file-size is important. Another significant difference between the two is that FTP relies on TCP, whereas TFTP instead uses UDP, rendering it connectionless and therefore less reliable.

Explain SMTP?
Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks. SMTP is specified for outgoing mail transport and uses TCP port 25. The protocol for new submissions is effectively the same as SMTP, but it uses port 587 instead. SMTP connections secured by SSL are known by the shorthand SMTPS, though SMTPS is not a protocol in its own right. While electronic mail servers and other mail transfer agents use SMTP to send and receive mail messages, user-level client mail applications typically only use SMTP for sending messages to a mail server for relaying. For receiving messages, client applications usually use either the Post Office Protocol (POP) or the Internet Message Access Protocol (IMAP) or a proprietary system (such as Microsoft Exchange or Lotus Notes/Domino) to access their mail box accounts on a mail server.

Explain TELNET?
It is a layer 7 protocol It uses TCP connection Its port number is 23 To telnet means to establish a connection with the Telnet protocol, either with command line client or with a programmatic interface Telnet is a client-server protocol, based on a reliable connection-oriented transport. Typically this protocol is used to establish a connection to Transmission Control Protocol (TCP) port number 23, where a Telnet server application (telnet) is listening. Telnet, however, predates TCP/IP and was originally run over Network Control Program (NCP) protocols. REMOTE LOGIN Until recently, Virtual Private Network (VPN) was the only way to remotely access work files from home. But VPN access isn't the same as accessing the hard drive of your work computer. VPN gives you access to the local area network (LAN) at your office. With VPN, you're only able to access your PowerPoint presentation files if you've saved them on the network, not just on your computer's hard drive. Remote login, however, uses simple desktop sharing software to give you a "remote control" for accessing your computer -- and all of its software and hard drive files -- from any Internetconnected device anywhere in the world. Remote login works exactly the same way as desktop sharing. In desktop sharing, there are two separate parties: the host computer and the remote user. To share a desktop, the host computer allows a remote user to view the contents of the host computer's desktop over the Internet. The host computer can also hand over keyboard and mouse controls to the remote user. With remote log-in, your home or work computer is the host and you (in this case) are the remote user. Remote login requires three basic components: 1. Software download 2. Internet connection 3. Secure desktop sharing network For remote login to work, both the host computer and all remote users have to download and install the same desktop sharing software. Desktop sharing software typically includes two distinct programs: 1. The desktop sharing client that runs on the host computer

2. A viewer program that allows the remote user to view the contents of the host computer's desktop in a resizable window Remote login will only work if the host computer is powered on, connected to the Internet and running the desktop sharing software. Each time you open and run the desktop sharing software on the host computer, the software starts a new session. Each session has a particular ID and/or password that's required to remotely log in to the host computer. Once the session has been established, most desktop sharing software quietly runs in the background of the host computer until a remote login request is made. To log in to the host computer from home (or while traveling), you'll need to run your version of the same desktop sharing software and enter in the correct session ID or password. Or some services allow you to log in through a Web site. Once you're logged in, both computers will communicate with each other over a secure desktop sharing network. Access to this network can be free or subscription-based, depending on the service. While connected, you'll have access to keyboard controls, mouse controls, all software and all files on the host machine. For security purposes, all packets of information that are sent over the network are typically encrypted on each end with secure shell (SSH) or 128-bit advanced encryption standard (AES) encoding. For added security, no session IDs or passwords are stored on desktop sharing servers; they're automatically generated by the host machine.

Explain Internet Protocol?

The Internet Protocol (IP) is the principal communications protocol used for relaying datagrams (packets) across an internetwork using the Internet Protocol Suite. Responsible for routing packets across network boundaries, it is the primary protocol that establishes the Internet. IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering datagrams from the source host to the destination host solely based on their addresses. For this purpose, IP defines addressing methods and structures for datagram encapsulation. The Internet Protocol is responsible for addressing hosts and routing datagrams (packets) from a source host to the destination host across one or more IP networks. For this purpose the Internet Protocol defines an addressing system that has two functions. Addresses identify hosts and provide a logical location service. Each packet is tagged with a header that contains the metadata for the purpose of delivery. This process of tagging is also called encapsulation.

The below structure shows the IP header format

Explain Spanning Tree Protocol?

STP is a layer 2 protocol; it is an open standard protocol and standardized as IEEE 802.1D. The main function of STP is to stop network loops from occurring on layer2 network (bridges or switches). Root Bridge: The root bridge is the bridge with the best (lowest) bridge ID. All switches in the network elect a root bridge that becomes the focal point in the network. Decisions such as which port is to be blocked and which port is to be in forwarding mode are made from the perspective of this root bridge. It also sends the updates to the non root bridges if there are any changes in the network topology. To compare two bridge IDs, the priority is compared first. If two bridges have equal priority, then the MAC addresses are compared. The bridge with the lowest MAC address will be elected as the root bridge. Root Port: The root port is always the link directly connected to the root bridge, or the shortest path to the root bridge.

Designated Port: It is the one that has been determined as having the best (lowest) cost. A designated port will be marked as forwarding ports. Blocked Port: The port that do not forward frames and always listens to frames BDPUs: All switches exchange information in order to select the root switch. Each switch compares the parameters in the Bridge Protocol Data Unit (BDPU) that it sends to one neighbor with the one that it receives from another neighbor. Types/States of BDPUs: a) Blocking: A blocked port wont forward frames; it just listens to BPDUs. The purpose of the blocking state is to prevent the use of looped paths. All ports are in blocking state by default when the switch is powered up. b) Listening: The port listens to BPDUs to make sure no loops occur on the network before passing data frames. A port in listening state prepares to forward data frames without populating the MAC address table. c) Learning: The switch port listens to BPDUs and learns all the paths in the switched network. A port in learning state populates the MAC address table but doesnt forward data frames. Forward delay means the time it takes to transition a port from listening to learning mode, which is set to 15 seconds by default and can be seen in the show spanning-tree output. d) Forwarding: The port sends and receives all data frames on the bridged port. If the port is still a designated or root port at the end of the learning state, it enters the forwarding state. e) Disabled: A port in the disabled state (administratively) does not participate in the frame forwarding or STP. A port in the disabled state is virtually nonoperational. Convergence is truly important because it ensures that all devices have the same database. By default all ports on switch are in blocking mode. It usually takes 50 seconds to go from blocking to forwarding mode. Rapid Spanning Tree Protocol (RSTP) 802.1w Spanning Tree Protocol (RSTP), which provides for faster spanning tree convergence after a topology change, while STP can take 30 to 50 seconds to respond to a topology change, RSTP is typically able to respond to changes within 3*Hello times (default: 6 seconds) or within a few milliseconds of a physical link failure. The so-called Hello time is an important and configurable time interval that is used by RSTP for several purposes; its default value is 2 seconds. RSTP bridge port roles:
y y

Root - A forwarding port that is the best port from Non root-bridge to Root bridge Designated - A forwarding port for every LAN segment

y y y

Alternate - An alternate path to the root bridge. This path is different than using the root port. Backup - A backup/redundant path to a segment where another bridge port already connects. Disabled - Not strictly part of STP, a network administrator can manually disable a port

Per VLAN Spanning Tree (PVST) In Ethernet switched environments where multiple virtual LANs exist, spanning tree can be deployed per Virtual LAN. Cisco's name for this is per VLAN spanning tree Both PVST and PVST+ protocols are Cisco proprietary protocols and they cannot be used on 3rd party switches, although Force10 Networks, Extreme Networks and Blade Network Technologies support PVST+. PVST works only with ISL (Cisco's proprietary protocol for VLAN encapsulation) due to its embedded Spanning tree ID. Due to high penetration of the IEEE 802.1q VLAN trunking standard and PVST's dependence on ISL, Cisco defined a different PVST+ standard for 802.1Q encapsulation.

Multiple Spanning Tree Protocol (MSTP)

The Multiple Spanning Tree Protocol (MSTP), originally defined in IEEE 802.1s and later merged into IEEE 802.1q, defines an extension to RSTP to further develop the usefulness of virtual LANs (VLANs). This "Per-VLAN" Multiple Spanning Tree Protocol configures a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each Spanning Tree. If there is only one Virtual LAN (VLAN) in the network, single (traditional) STP works appropriately. If the network contains more than one VLAN, the logical network configured by single STP would work, but it is possible to make better use of the alternate paths available by using an alternate spanning tree for different VLANs or groups of VLANs. Unlike some proprietary per-VLAN spanning tree implementations, MSTP includes all of its spanning tree information in a single BPDU format. Not only does this reduce the number of BPDUs required on a LAN to communicate spanning tree information for each VLAN, but it also ensures backward compatibility with RSTP (and in effect, classic STP too). Rapid Per-VLAN Spanning Tree (R-PVST) Cisco's proprietary protocol that combines the functionalities of RSTP and PVST, It is based on a per VLAN instance that creates a tree for each VLAN.

Explain Sliding Window concept in TCP?

A sliding window protocol is a feature of packet-based data transmission protocols. Sliding window protocols are used where reliable in-order delivery of packets is required, such as in the Data Link Layer (OSI model) as well as in the Transmission Control Protocol (TCP). Conceptually, each portion of the transmission (packets in most data link layers, but bytes in TCP) is assigned a unique consecutive sequence number, and the receiver uses the numbers to place received packets in the correct order, discarding duplicate packets and identifying missing ones. The problem with this is that there is no limit of the size of the sequence numbers that can be required. By placing limits on the number of packets that can be transmitted or received at any given time, a sliding window protocol allows an unlimited number of packets to be communicated using fixed-size sequence numbers. For the highest possible throughput, it is important that the transmitter is not forced to stop sending by the sliding window protocol earlier than one round-trip delay time (RTT). The limit on the amount of data that it can send before stopping to wait for an acknowledgment should be larger than the bandwidth-delay product of the communications link. If it is not, the protocol will limit the effective bandwidth of the link.

Explain OSPF and RIP? OSPF (Open Shortest Path First): It is an open standard routing protocol thats been
implemented by a wide a variety of network vendors. It works by Dijkstra algorithm. OSPF is the first link-state routing protocol. It is a hierarchical routing algorithm derived from an earlier version of the IS-IS protocol, whose features include multipath routing, load balancing, and least-cost routing. OSPF is the suggested successor to RIP in the Internet environment.

OSPF provides the following features: y y y y y Consists of areas and autonomous systems Minimizes routing update traffic Allows scalability Supports VLSM/CIDR Has unlimited hop count

Allows multi-vendor deployment (open standard)

OSPF is supposed to be designed in a hierarchical fashion, which basically means that you can separate the larger internetwork into smaller internetwork called areas. This is the best design for OSPF. The following are reasons for creating OSPF in a hierarchical design: y y y To decrease routing overhead To speed up convergence To confine network instability to single areas of the networks

RIP (Routing Information Protocol): It is a true distance-vector routing protocol. RIP sends
the complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count to determine the best way to a remote network, but it has a maximum allowable hop count of 15 by default, meaning that 16 is deemed unreachable. RIP works well in small networks, but its inefficient on large networks with slow WAN links or on networks with a large number of routers installed. RIP version 1 uses only classful routing, which means that all devices in the network must use the same subnet mask. This is because RIP version 1 doesnt send updates with subnet mask information in tow. RIP v2 uses classless routing.

AAA Technology:
AAA network security services provide the primary frame work through which you setup access control. AAA provides a modular way of performing authentication, authorization and accounting services. Authentication: Method used to identify a user prior to them gaining access to the network and network services. Authorization: It provides the method for remote access control, including one-time authorization or authorization for each service. Set of attributes that describe what the user is authorized to perform. Attributes are actually checked with the database. Accounting: Provides a method for collecting and sending security server information used for billing, auditing and reporting purposes. Enables you to track the services users are accessing as well as the amount.

What is RADIUS? Remote Authentication Dial In User Service (RADIUS) is a networking protocol that
provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network Server, the Network Switch, with portbased authentication, and the Network Access Server (NAS), are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine. RADIUS serves three functions: 1. to authenticate users or devices before granting them access to a network, 2. to authorize those users or devices for certain network services and 3. to account for usage of those services RADIUS has been officially assigned UDP ports 1812 for RADIUS Authentication and 1813 for RADIUS Accounting However, prior to IANA allocation of ports 1812 and 1813, ports 1645 and 1646 (authentication and accounting, respectively) were used unofficially and became the default ports assigned by many RADIUS Client/Server implementations of the time. The tradition of using 1645 and 1646 for backwards compatibility continues to this day. For this reason many RADIUS Server implementations monitor both sets of UDP ports for RADIUS requests. Microsoft RADIUS servers default to 1812 and 1813 but Cisco devices default to the traditional 1645 and 1646 ports.

Compare TACACS+ and RADIUS

These sections compare several features of TACACS+ and RADIUS.

UDP and TCP

RADIUS uses UDP while TACACS+ uses TCP. TCP offers several advantages over UDP. TCP offers a connection-oriented transport, while UDP offers best-effort delivery. RADIUS requires additional programmable variables such as re-transmit attempts and time-outs to compensate for best-effort transport, but it lacks the level of built-in support that a TCP transport offers:
y

TCP usage provides a separate acknowledgment that a request has been received, within (approximately) a network round-trip time (RTT), regardless of how loaded and slow the backend authentication mechanism (a TCP acknowledgment) might be. TCP provides immediate indication of a crashed, or not running, server by a reset (RST). You can determine when a server crashes and returns to service if you use long-lived

TCP connections. UDP cannot tell the difference between a server that is down, a slow server, and a non-existent server. Using TCP keepalives, server crashes can be detected out-of-band with actual requests. Connections to multiple servers can be maintained simultaneously, and you only need to send messages to the ones that are known to be up and running. TCP is more scalable and adapts to growing, as well as congested, networks.

Packet Encryption
RADIUS encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can be captured by a third party. TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header. Within the header is a field that indicates whether the body is encrypted or not. For debugging purposes, it is useful to have the body of the packets unencrypted. However, during normal operation, the body of the packet is fully encrypted for more secure communications.

Authentication and Authorization

RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization. TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting.

Router Management
RADIUS does not allow users to control which commands can be executed on a router and which cannot. Therefore, RADIUS is not as useful for router management or as flexible for terminal services. TACACS+ provides two methods to control the authorization of router commands on a per-user or per-group basis. The first method is to assign privilege levels to commands and have the router verify with the TACACS+ server whether or not the user is authorized at the specified privilege level. The second method is to explicitly specify in the TACACS+ server, on a per-user or per-group basis, the commands that are allowed.

Radius flow when radius client is trying to communicate with radius server?
RADIUS is a client/server protocol. The RADIUS client is typically a NAS and the RADIUS server is usually a daemon process running on a UNIX or Windows NT machine. The client passes user information to designated RADIUS servers and acts on the response that is returned. RADIUS servers receive user connection requests, authenticate the user, and then return the configuration information necessary for the client to deliver service to the user. A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers. This figure shows the interaction between a dial-in user and the RADIUS client and server.

1. User initiates PPP authentication to the NAS. 2. NAS prompts for username and password (if Password Authentication Protocol [PAP]) or challenge (if Challenge Handshake Authentication Protocol [CHAP]). 3. User replies. 4. RADIUS client sends username and encrypted password to the RADIUS server. 5. RADIUS server responds with Accept, Reject, or Challenge. 6. The RADIUS client acts upon services and services parameters bundled with Accept or Reject.

What is VLAN?
A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together even if they are not located on the same network switch. LAN membership can be configured through software instead of physically relocating devices or connections. Using VLAN we can create smaller broadcast domains by assigning different ports on switch to different sub networks. A VLAN is treated like its own subnet or broadcast domain.

Network adds, moves, and changes are achieved with ease by just configuring a ort into the appropriate VLAN. VLANs greatly enhance network security. VLANs increase the number of broadcast simians while decreasing their size. A witch port can belong to only one VLAN if it is an access port or all VLANs if it is a trunk port. You can manually configure a port as an access or trunk port, or you can let the Dynamic Trunking Protocol (DTP) operate on a per port basis to set the switch port mode. Access ports: An access port belongs to and carries the traffic of only one VLAN. Traffic is both received and sent in native formats with no VLAN tagging whatsoever. Anything arriving on an access port is simply assumed to belong to the VLAN assigned to the port. Trunk port: The term trunk port was inspired by the telephone system trunks that carry multiple telephone conversations at a time. So it follows that trunk ports can similarly carry multiple VLANs at a time. Frame Tagging: To keep track of all the users and frames as they travel the switch fabric we use the method called frame tagging. This frame identification method uniquely assigns a userdefined ID to each frame. Sometimes people refer to it as VLAN ID or even color. Each switch that the frame reaches must identify the VLAN ID from the frame tag. It then finds out what do with the frame by looking at the information in whats known as the filter table. If the frame reaches a switch that has another trunked link, the frame will be forwarded out the trunk-link port. The basic purpose of ISL and 802.1Q frame tagging method is to provide inter-switch VLAN communication. VLAN Identification methods Inter-Switch Link (ISL): It is a way of explicitly tagging a VLAN information onto an Ethernet frame. By running ISL, you can interconnect multiple switches and still maintain VLAN information as traffic travels between switches on trunk links. ISL functions at layer 2 by encapsulating a data frame with a new header and cyclic redundancy check (CRC). This is proprietary to Cisco switches. IEEE 82.1Q: Created by the IEEE standard method of frame tagging, IEEE 802.1Q actually inserts a field into the frame to identify the VLAN. If youre trunking between Cisco switched link and a different brand of witch, youve got to use 802.1Q for the trunk to work.