PPT

thoughtlessskytopNetworking and Communications

Oct 29, 2013 (4 years and 9 days ago)

71 views

Lecture 5

Configuration of Infrastructure
Components


Outline of this lecture


Hubs


Switches


VLAN


Routers


Routing Information Protocol(RIP)


Open Shortest Path First Routing Protocol(OSPF)


Border Gateway Routing Protocol (BGP)


VPN


Probes


SNMP Management Agents for all devices

Introduction of Infrastructure components


Hubs, Switches, Routers, Probes.


What are differences between a hub and a switch?

Ethernet hubs and repeaters operate at the Physical Layer. A very important fact about hubs and repeaters is
that they allow users to
share

an Ethernet LAN.

An Ethernet switch automatically divides the network into multiple segments, acts as a high
-
speed, selective
bridge between the segments, and supports simultaneous connections of multiple pairs of computers
which don't compete with other pairs of computers for network bandwidth. An switch can operate at any
layer, most switch is working at layer 2, which is also called layer 2 switch.


Hub can be used to replace coaxial cable.

IP addresses for devices

Each device has also a MAC address (Ethernet address)

Subnet calculater: http://www.subnet
-
calculator.com/



192.192.192.235

192.192.192.236

192.192.192.242

192.192.192.241

192.192.192.246

192.192.192.234

192.192.192.233

192.192.192.244

192.192.192.245

192.192.192.243

Subnet Mask = 255.255.255.248

DEVICE

IP ADDRESS

ETHERNET ADDRESS

SUBNET ADDRESS

SUBNET 1

192.192.192.232

Probe 1

192.192.192.235

00
-
80
-
52
-
E0
-
18
-
3C

Switch 1

192.192.192.236

00
-
E0
-
1E
-
74
-
5B
-
40

WS 1

192.192.192.233

10
-
00
-
5A
-
D4
-
5C
-
E9

Router

192.192.192.234

00
-
00
-
0C
-
06
-
16
-
95

SUBNET 2

192.192.192.240

Router

192.192.192.243

00
-
00
-
0C
-
06
-
16
-
96

WS 2

192.192.192.241

00
-
40
-
05
-
44
-
A7
-
DC

Server

192.192.192.242

00
-
20
-
35
-
E4
-
1D
-
2B

Switch 2

192.192.192.244

00
-
50
-
50
-
E0
-
F5
-
40

Hub

192.192.192.245

08
-
00
-
4E
-
07
-
B7
-
E6

Probe 2

192.192.192.246

00
-
00
-
A3
-
E0
-
18
-
82

TABLE : NETWORK DEVICE CONFIGURATIONS(Subnet Mask = 255.255.255.248)


Three ways to configure network devices

1.
RS 232 Serial Connector (out
-
of
-
band management)

1)
Connect computer’s serial connector to the RS
-
232 port in the network device.

2)
Use terminal emulator program (e.g. Win HyperTerminal) to access the menus of the
management program on devices.

3)
Use telephone line and modem to connect PC to remote device that is connected to the
modem and telephone line.

2.
Connect management module over the network using Telnet (in
-
band)

1)
Use method 1. to connect a PC to device and use the menu to set up IP, and subnet
mask and default router IP.

2)
Open Telnet application on PC (e.g. Win Telnet)

3)
Connect the PC to the device’s IP, and then set up the device.

3.
Connect management module over network using SNMP (in
-
band)

1)
Use method 1. to connect a PC to the device and use the menu to set up IP, and subnet
mask and default router IP. Disconnect PC and reset device.

2)
Open the NMS on the management station.

3)
Select the device from the network display.

4)
Apply the management tool to set up the device.


Back of Cisco AGS Router

Back of 3COM Hub

Front of 3COM Hub

RS 232 Serial Connector (out
-
of
-
band management)

Set up COM 1. Use the Hyper Terminal to operate the device. For example, use the menu to set IP address for
the device.

RS
-
232

Com 1/2

Connect management module over the network using Telnet (in
-
band)

Use Win Telnet to connect the IP for the hub. A
starting menu is displayed. Click OK to log on
windows.

Input the user name and
password.

Enter main menu.


Submenu

Functions

Repeater Management


Management of a stack of hubs consisting of 1 to 8 units (hubs)
connected together. Three management activities, Statistics, Setup and
Resilience, are available for all security access levels


Management of one unit in the stack


Management of one port of a unit

User Access Levels


Local Security: configure what rights the user has for each type of
access level assigned.


Create User


Delete Users


Edit User

Status

Management module information such as hardware and software versions
and the fault log

Management Setup

IP addresses, subnet masks and default routers for TCP/IP and SPX/IPX
can be configured here

Software Upgrade

This screen can be used to download newer versions of the Management
Module software

Initialize

Can be used to return the non
-
volatile RAM to its initial values. Should be
used as a troubleshooting tool with great care because the system will be
changed considerably from its current state.

Reset

Resets the entire stack of units. Removes configuration data but not
management setup data. Equivalent to depressing the reset button on the
back of the unit.

Remote Poll

If there is a management module on a remote device, poll the remote device
to see if it is connected

TABLE : Submenus of the 3Com Hub Management Module


Go in to ‘User access level’.



Users of the hub can be
created, edited and deleted.


Define user ID and password, and the Community string for the access level.

Set Access level matrix

Repeater
-
level
management Options

1.
Statistics


cumulative
statistics for all ports.

2.
Setup


how many units
the stack can support.

3.
Resilience


a port can
be configured to have a
backup port.

Hub status

Hub ports statistics

Port Resilience configuration

Unit Management and Port Management Options

Unit Hardware Characteristics

Port Management for Unit 1

Port setup

Choose Unit number.


Choose Port ID number


Setup the port.

Switch Configuration Example

Type

Number of Ports

Description

10BASET

24 ports

(on front)


10 MBPS bandwidth in half duplex mode


Connect to workstations, servers, hubs and routers.


Rule of Thumb.


Use a straight
-
through cable if only one device being connected is marked with an
X
.
(In the device marked with an
X
,
crossover

takes place in the device)


Use a crossover cable if both devices are marked with Xs


Maximum of 100 meters between switch and attached device

AUI

1 port

(on back)


10 MBPS bandwidth in half
-
duplex mode


Connect to Ethernet transceiver that connects to thick or thin coaxial cable, fiber
optic cable or UTP cable.


Use
crossover cable
if the transceiver is used to convert to a 10BASET RJ
-
45
connection


Maximum of 100 meters between switch and attached device

100BASET

1 port


(on front)


100 MBPS bandwidth in half
-
duplex mode


Connect to workstations, servers, hubs and routers with compatible bandwidth and to
other switches to form a backbone


Rule of Thumb is same as for 10BASET type

100BaseFX

1 port

(on front)


100 MBPS bandwidth.


Uses multimode optical fiber cable to connect devices


Maximum of 2 kilometers between switch and attached device

Console

1 port

(on back)


Serial port used for device configuration


Can be connected to a modem for remote configuration


Requires a crossover cable between the console connector and the serial connector
on a PC serial port

RPS

1 (on back)


Connector for Redundant Power Supply

Characteristics of Ports on CISCO Catalyst 1900 Switch 2 in our example network

Crossover Cable

Type

Color (Status)

Function

System

Off

System not powered up

Green

Normal operation

Amber

Some Power on Self Test(s) (POST) failed

RPS

Off

Redundant Power Supply (RPS) is not being used. Standard
(Internal) Power Supply is being used. The RPS is not
supplied with the switch. It is an option

Green

RPS is being used

Amber

RPS is not operational or not being used correctly

Flashing
Amber

Both RPS and the Standard power supply are powered up and
power is being supplied by the standard supply

System LEDs on Switch 2

Switch Configuration Example


Consol Port for configuration


Connect the switch consol port to
COM2 on a computer installed with
Win XP/Win Server.


Use Virtual Terminal Emulation mode.


New Hyper Terminal and setup the
parameters. And connect to the switch.


Telnet or web server can be used to
configuration

Naming the Hyper Terminal connection

Configure COM 2

Catalyst 1900 Management Consol Instruction Screen

Switch Configuration

Main tasks:

1.
IP Configuration

2.
SNMP Management

Agent, Read/write community string

3.
Port configuration

Port Addressing, static, dynamic

4.
Monitoring

5.
Port Statistics

From the main menu, select ‘N’ to
enter the network management


Main menu of Catalyst 1900 Management Consol

Network Management Screen

IP configuration

SNMP Management

SNMP Agent Configuration

Main tasks:

1.
SNMP Agent Configuration

2.
READ community String

3.
WRITE community String


Setting the WRITE community String

Setting the READ community String

Port Configuration

Selecting a port to configure

Port 3 configuration

Port 3 addressing

Menu Item

Description

Address Table Size

The upper limit of the number of addresses that a secured port can
have. There is no limit on unsecured ports

Addressing Security

Reduces usage of a port to a specified list of static addresses.
Violations may cause port disablement.

Flood Unknown
Unicasts


A Unicast is a frame destined for one device


If enabled, any frame that has an Ethernet destination that is
not in the address table, will be transmitted out of all ports.

Flood Unregistered
Multicasts


A Multicast is a frame that is destined for a set of devices


If enabled, a frame received for a multicast address that has
not been registered with the switch, will transmitted out of all
ports


This menu item can be used to control which ports will allow
this.

Port Addressing

Dynamic addressing

Dynamic address

The switch can learn that any frame that has Ethernet destination address should
be transmitted out of the out port.

The switch can store dynamic addresses in the address table. The switch
assumes that if it has not seen the address in the time limit, the source is inactive
or turn off and there is no sense wasting good memory space on it. The limit time,
which is called Address aging time, can be set on the system menu.

List of Accepted Source Ports for Destination Port 3

Port AUI addressing

Monitoring


Type ‘X’ in Main menu and type ‘M’ to
enter Monitoring configuration screen.


All frames entering or leaving any or all
ports can be captured by Fastmater on the
Mirror ports. Any port can be selected to
be the monitor port.


Typing ‘D’ on main menu and then typing
a port number, the port statistics detail
can be obtained.


Monitoring configuration screen

Port 3 Statistics detail

Monitor Port Selection

Configuration of Routers

Router global commands using dialog

Commands for configuration

1.
Global commands: apply to the router as a whole, e.g. giving hostname to a router.

2.
Interface commands: apply to configure interfaces, e.g. Ethernet interface.

3.
Line commands: apply to serial ports.

4.
Router commands: apply to configure routing protocols e.g. the Routing Information
Protocol (RIP) and the Open Shortest Path First protocol(OSPF)

Hostname> //the first level prompt

Hostname# //the second level provides access to all router configuration commands and
requires a password.

Interface Commands

1.
Interface Ethernet0:
in the example network, is the router interface on Subnet 1.
IP:192.192.192.234.

2.
Interface Serial0:
is the WAN interface. Not be used this case. Don’t configure it.

3.
Interface Ethernet1
: is interface on Subnet 2. IP:192.192.192.243.

4.
Interface Serial1:
is the console interface that can be configured from the Main Router
Menu.


The setting can be written to memory using the commands introduced later.

Global and Interface commands using dialog

11111111.11111111.11111111.11111000

IP addresses for devices

Each device has also a MAC address (Ethernet address)

Subnet calculater:http://www.subnet
-
calculator.com/



192.192.192.235

192.192.192.236

192.192.192.242

192.192.192.241

192.192.192.246

192.192.192.234

192.192.192.233

192.192.192.244

192.192.192.245

192.192.192.243

Subnet Mask = 255.255.255.248

Command
-
line configuration of Commands and
Subcommands

1.
Press entre key to get prompt ‘Router 1>’
. Type ‘enable’ and press Enter key, and
then input password to get prompt ‘Router 1#’. Type ‘write erase’ to clean old
configuration to start a new configuration.

2.
Type ‘configure’ to start command
-
line


Interface Ethernet0


Interface Ethernet1


Commands

Subcommands

Parameters

Functions

enable

Generates the # prompt at which all subcommands can be executed

password

xxxxxxxxx

If set, is required to use the configure command

configure

Command that starts the configuration program

ip domain
-
name

name


"name" specifies the name of the Internet domain to which the router belongs

ip name
-
server

ip address


"ip address" sets the IP address of the computer that is hosting the DNS for the network

interface

ethernet no.

serial no.

"ethernet no." specifies the Ethernet to be configured


"serial no." specifies the serial line to be configured

ip address

address

subnet mask


"address" sets the IP address for the router interface

"subnet mask" sets the subnet mask for the router

encapsulation

arpa

iso


"arpa" configures the router to us the Ethernet II frame


"iso1" configures the router to use the IEEE 802.3 frame

arp timeout

seconds

"seconds" specifies the time that the router will keep and IP Ethernet address mapping in
the ARP cache. The default is 240 seconds

access
-
list

list

permit

deny

source

source mask

"list" specifies which IP addresses will be accepted/rejected at this router interface

Used before "list" to "permit" only those IP addresses specified in "list"

Used before "list" to "deny" the IP addresses specified in "list"

Specific IP source address permitted or denied by "permit" or "deny," respectively

Range of IP source addresses that can be permitted or denied with "permit" or "deny"

no access
-
list

Deletes the entire list specified in "list"

router

rip

network

Specifies the RIP routing protocol will be configured on the router

Specifies the directly connected networks that will receive RIP routing protocols from
"router"

router

ospf

network

#

Specifies the OSPF routing protocol will be configured on "router"

Specifies a range of addresses that OSPF will advertise to neighboring routers reachable
from "router"

router

bgp

network

neighbor

Specifies the BGP routing protocol will be configured on "router"

Specifies the IP addresses on a network that the BGP will advertise to routers outside the
autonomous system it borders

Specifies

the

IP

address

and

the

Autonomous

System

number

of

a

router

to

which

BGP

will

advertise

the

network

it

borders

Router Configuration Commands. Subcommands, Parameters and Functions

Routing Information Protocols

‘RIP’ is the command/subcommand combination. ‘network’ specifies
the attached networks to which RIP will send the routing table of
router. Network 192.192.192.0 is our C class network. Network
128128.0.0 is a hypothetical Class B network that makes a Point
-
to
-
Point Protocol(PPP) connection. If our router did not receive a RIP
message from another router in 240 s, it would delete the routes
provided by that router as being unreliable.


‘ospf 1’ is the command, subcommand/parameter combination that
enable Open Shortest Path First(OSPF) configuration. An OSPF
router sends its routing table changes when they occur.


Areas are connected by Areas Border Routers via Border Gateway
Protocol (BGP). In our case, subcommand is ‘network
192.192.192.232 0.0.0.7 area 192.192.192.232’ …


0.0.0.7 is called
wildcard mask
.


Wildcard Mask Represents A Range of Addresses


If

we

want

to

start

at

192
.
192
.
192
.
232

and

include

8

addresses

from

the

address
.

The

wildcard

mask

specifies

the

bits

that

the

router

should

consider

when

attempting

to

determine

which

hosts

to

be

included
.

In

this

case,

the

mask

is

0
.
0
.
0
.
7
,

which

is

the

equivalent

to

the

following

in

binary
:




00000000 00000000 00000000 00000111


Note that only the last three bits are set to 1. What this
means is “start at 192.192.192.232, and include any values for
those last three bits”. i.e. from 192.192.192.232 to
192.192.192.239.

192.192.192.240 0.0.0.7 => 192.192.192.240
-

192.192.192.247

192.192.192.240 0.0.0.3 => 192.192.192.232
-

192.192.192.235


Routing Protocols

Interface serial0 is connected to network 128.128.0.0 255.255.0.0 with PPP via
PSTN.

SNMP configuration


Set the router just allows NMS station
192.192.192.233 to access using access
-
list 1
permit 192.192.192.233 0.0.0.0


Use snmp
-
server access
-
list 1 to configure
community string,


Set trap community name as ‘rmon_admin’,
and allow NMS access the message.

Probes (
Monitoring devices)

Probe supports
R
emote Network

MON
itoring (RMON/RMON2)
variables. In our example, Probe 2 can capture frames that appear on
the network segment


subnet 2.


Configure the probe using console main menu and configuration menu
are shown as follows.

Fastmeter

Interface Configuration

ifIndex.1

identifies the probe
management interface which is
connected to the network by a
10mbps port on Switch 1.

ifIndex.2
is connected to a 100mbps
port on Switch 1. This is the interface
of Fastmeter, which capture all traffic
from the switch 1 mirror port.

ifIndex.3
is connected to a 100mbps
port on Switch 2. This is the interface
of Fastmeter, which capture all traffic
from the switch 2 mirror port.


IP configuration of Index.1
is
shown in the screen.

Security Configuration

From the configuration menu
we can enter the Trusted
Community Names Menu.
Four levels of the Trusted
community names can be
defined.

Level

Community Name

Rights

1

public

Read
-
only access, no rmon access.

2

rmon

Read
-
only access including rmon, no capture buffer access

3

rmon_admin

Read
-
only access, read
-
write access to rmon

4

hp_admin

Read
-
write access to all MIBs

4

tei_admin

Read
-
write access to all MIBs

Fastmeter Levels of Trusted Community Names

Trusted IP


From the configuration
menu we can enter the
Trusted Client IP
Addresses Menu. For
example, we could
insert the IP address,
192.192.192.233 levels
of WS1 to enable
Meterware/Analyer to
have the highest level
of access to
Fastermeter.


Trap Configuration


Use Trap configuration menu to configure destination
community name, IP, delivery type, ifIndex.


VLAN (Virtual LAN)


While a switched network provides a number
of great features including better
performance, it also provides a greater degree
of flexibility, scalability, and
security
. This is
mainly accomplished through the use of
Virtual Local Area Networks (
VLANs
)


A VLAN is actually a broadcast domain
configured on switches on a port
-
by
-
port
basis.

Concepts of VLAN


imagine a switch that has 10 ports,
like the one shown below. I could
take the first 5 ports and make
them part of one VLAN, and then
take the next 5 and make them part
of a different VLAN.


It is also possible for VLAN
configurations to go beyond a single
switch
-

VLAN Trunking Protocol
(VTP)


VLAN
Trunking

Protocol (VTP)


VLAN Trunking Protocol

(
VTP
) is a
Cisco proprietary Layer 2 messaging
protocol that manages the addition,
deletion, and renaming of Virtual
Local Area Networks (VLAN) on a
network
-
wide basis. Cisco's VLAN
Trunk Protocol reduces
administration in a switched
network. When a new VLAN is
configured on one VTP server, the
VLAN is distributed through all
switches in the domain.


VLAN Pruning:
VTP can prune
unneeded VLANs from trunk links.
VTP maintains a map of VLANs and
switches, enabling traffic to be
directed only to those switches
known to have ports on the intended
VLAN. This enables more efficient
use of trunk bandwidth.

VLAN Configuration


VLANs

are broadcast domains defined within switches to allow control of
broadcast, multicast, unicast, and unknown unicast within a Layer 2
device.


VLANs are defined on a switch in an internal database known as the
VLAN
Trunking Protocol
(VTP)

database
. After a VLAN has been created, ports
are assigned to the VLAN.


VLANs are assigned numbers for identification within and between
switches. Cisco switches have two ranges of VLANs, the
normal range

and
extended range
.


VLANs have a variety of configurable parameters, including name, type,
and state.


Several VLANs are reserved, and some can be used for internal purposes
within the switch.

VLAN Port Assignments


VLANs are assigned to individual switch ports.


Ports can be statically assigned to a single VLAN or dynamically assigned to
a single VLAN.


All ports are assigned to VLAN 1 by default


Ports are active only if they are assigned to VLANs that exist on the switch.


Static port assignments are performed by the administrator and do not
change unless modified by the administrator, whether the VLAN exists on
the switch or not.


Dynamic VLANs are assigned to a port based on the MAC address of the
device plugged into a port.


Dynamic VLAN configuration requires a
VLAN Membership Policy Server

(VMPS) client, server, and database to operate properly.


Configuring IPSec VPN on Cisco IOS


Learn how to configure a secure IPSec VPN
tunnel on a Cisco Internetwork Operating
System (IOS) router. This approach is typically
used for site
-
to
-
site VPN tunnels that appear
as virtual wide area network connections that
replace more expensive frame relay or
Multiprotocol Label Switching (MPLS) circuits.
The companion template will help you rapidly
configure IPSec tunnels on Cisco IOS devices


How IPSec works on a Cisco router


Two routers set up a virtual IPSec
tunnel between each other using
common algorithms and
parameters.


Red traffic is traffic
flowing through the router that's
meant to go to the Internet and
not through the VPN
tunnel.


Green traffic is meant to
go from one site to the other
through the IPSec VPN tunnel.


Once that data hits the external
interface, it checks the source,
destination, and service of that
traffic to determine whether it
needs to go into the crypto
map.


The crypto map shown in
Right Figure uses an Extended ACL
(access control list) called "Crypto
-
list".

Using a Cisco IOS router as a VPN server


Configuring the router (e.g.
Cisco 2610) All you will have to
do is add a new connection, provide the name (or IP address)
of the VPN server, and your username/password. See as
follows.


enable VPDN (virtual private dial
-
up networking)


Router(config)# vpdn enable


Create a VPDN group configured to PPTP, just like the
Microsoft VPN client will use, by default:


Router(config)# vpdn
-
group TEST
-
VPN


Router(config
-
vpdn)# accept
-
dialin


Router(config
-
vpdn)# protocol pptp


Router(config
-
vpdn)# virtual
-
template 1


Router(config
-
vpdn)# exit


Here, we will configure our interfaces to match the diagram.
Naturally, your IP address configuration will vary:


Router(config)# interface ethernet0/0


Router(config
-
if)# ip address 10.253.15.19 255.255.0.0


Router(config
-
if)# no shutdown


Router(config)# interface ethernet0/1


Router(config
-
if)# ip address 10.123.123.123 255.255.255.0


Router(config
-
if)# no shutdown


Using a Cisco IOS router as a VPN server


Next, create your virtual
-
template that will apply to the
inbound VPN connections. This template references the e0/1
interface for its IP address. It also references a pool of IP
addresses that will be handed out to VPN clients. Finally, it
configures the PPP encryption and authentication
mechanisms to match what the Microsoft VPN client defaults
to:


Router(config)# interface Virtual
-
Template1


Router(config
-
if)# ip unnumbered Ethernet0/1


Router(config
-
if)# peer default ip address pool defaultpool


Router(config
-
if)# ppp encrypt mppe auto required


Router(config
-
if)# ppp authentication ms
-
chap ms
-
chap
-
v2


Now, create the pool of IP addresses. This pool should not
already be in use on the internal network you are connecting
to:


Router(config)# ip local pool defaultpool 10.123.123.1
10.123.123.10


After that, create a test user:


Router(config)# username test password 0 test


Finally, configure authentication for PPP to use the local
database. If you had a RADIUS server, this where you would
point to the RADIUS server instead of the local database:


Router(config)# aaa new
-
model


Router(config)# aaa authentication ppp default local


Using a Cisco IOS router as a VPN server


The complete configuration looks like this:


username test password 0 test


aaa new
-
model


aaa authentication ppp default local


vpdn enable


vpdn
-
group TEST
-
VPN


! Default PPTP VPDN group


accept
-
dialing


protocol pptp


virtual
-
template 1


interface Ethernet0/0


ip address 10.253.15.19 255.255.0.0


no shutdown


interface Ethernet0/1


ip address 10.123.123.123 255.255.255.0


no shutdown


interface Virtual
-
Template1


ip unnumbered Ethernet0/1


peer default ip address pool defaultpool


ppp encrypt mppe auto required


ppp authentication ms
-
chap ms
-
chap
-
v2


!


ip local pool defaultpool 10.123.123.1 10.123.123.10


Configuration of Windows client


To connect to the new PPTP VPN
server from a Windows
workstation, click Start | Control
Panel | Network Connections.
Click on New Connection Wizard.
Click Next on the welcome
screen. Select Connect to a
network at my workplace as
shown in Figure B.


Next, select Virtual Private
Network Connection as shown in
Figure C.


You'll then see the Connection
Name screen. Type in a name for
the VPN Connection in the
Company Name field as shown in
Figure D. Click Next to continue.

B

C

Configuration of Windows client


Next, the VPN Server Selection
screen appears. Type in the IP
address or hostname for the VPN
server (your IOS router's
interface) into the Host name
field. In our case, this is
10.253.15.19 as you can see in
Figure E.


Take the default on the next
screen (that this is for anyone's
use) and click Next. Click Finish
on the next screen. When done,
you will see the screen shown in
Figure F below. Type in your test
username (test) and test
password (test).

D

E

Configuration of Windows client


Next, the VPN Server Selection
screen appears. Type in the IP
address or hostname for the VPN
server (your IOS router's interface)
into the Host name field. In our
case, this is 10.253.15.19 as you can
see in Figure E.


Click Connect.


Once connected, you should see the
VPN icon in your Windows tray, at
the bottom right of your screen. If
you open the VPN connection and
click on details, you should see that
you received an IP address from the
pool, as seen in Figure G.


You should be able to ping the LAN
side of the router (the inside,
private network) and any host on
that network.

F

G

Summary


Three ways to configure network devices


Configure Hubs.


Configure switches.


Configure routers.


Configure probes.


VLAN, VPN configurations.