DEVASC – Describe MAC Usage / VLANs / IP Addressing / Routes / Subnet Masks (Prefixes) / Gateways reviewed!

DEVASCnetworkitemsTwo knock two more Network related Topics off the DEVASC, quick review!

Unfortunately some of these concepts are either below the CCNP Level, and some of them are maybe more geared towards DEVASC like 6.9, so I will take the time to cover these topics from the Cisco Guided Study Group Material to ensure its Network Info aimed at this particular exam and not in General.

6.1 Describe the purpose and usage of MAC addresses and VLANs

MAC Addresses

MAC Addresses are the Machines Hardware Address that allows it to “ARP” out to the network, which would be to the Access Switch that is connected to, when the frame arrives at the Switch it has 3 options based on the lookup of the SRC MAC first (as Switches forward traffic first by SRC then DST):

  1. If no Source Address for the Host is found in the MAC Table, an entry is made mapping that Host to the Port the Frame was received on, and this frame is then flooded out all ports except the one it was received on – This will be a Broadcast sent to Mac Broadcast address to FF:FF:FF:FF until it gets a response back from the DST Host in the form of a Unicast response then Unicast FWD can occur between the two hosts going forward as long as they don’t age out)
  2. If there is a matching Entry for the Source MAC Addy, it forwards based on which port the destination Addy is off of
  3. If there is a SRC Address and DST Address both off the same port the packet will be dropped, as switches will not send packets back out the interface they were rx on

MAC’s allow for ARP to send out DHCP to get a Dynamic IP Address / DNS Server / other configurable options (like option 150 for TFTP Server if a phone device is connected), which can be memorized by the Mnemonic DORA (Discover, Offer, Request, Ack) which goes Host / Server / Host / Server in order of responses.

Speaking of switches, in Cisco DEVASC docs the official ways a switch forwards frame is “Cut Through” and Store and Forward – Remember this on exam day!

VLANs

VLANs are used to mitigate Broadcast Traffic by logically separating hosts into Broadcast Domains as needed per network design, some networks have a single Subnet (called Flat Networks), which are one entire Broadcast Domain up to the Inside Interface of the Router as Routers do not forward Broadcast traffic (unless it is an ARP Broadcast in which case it acts as a Proxy Server to send the request on to a remote network with its own MAC in the SRC MAC Field as a Unicast Packet rather than Broadcast as routers NEVER forward Broadcasts!)

They are also considered a Security Feature as well because they can prevent Hosts that do not need to see one departments traffic from being able to reach those hosts due to the VLANs being in different SubNetworks (no two vlans can be in the same subnet).

6.2 Describe the purpose and usage of IP addresses, routes, subnet mask / prefix, and gateways

IP Addressing provides a Layer 3 Logical Grouping of devices using the 3 RFC 1918 Address spacing for LANs:

  • Class A – 10.0.0.0/8 = 10.0.0. – 10.255.255.255
  • Class B – 172.16.0.0/12 = 172.16.0.0 – 172.31.255.255
  • Class C 192.168.0.0/24 = 192.168.0.0 – 192.168.255.255

Sub-Networks are assigned to the LAN possibly in different VLAN Segments which separates IP Networks on the same LAN from communication without a L3 Device performing routing between the two.

Routes are either default, connected, static, or dynamically learned via routing protocol.

What determines if a Route is injected into the IP Route Table is its AD, so even if there is a longer prefix match but Higher Administrative Distance, it is not used because AD is what determines which route goes into the IP Route Table – Only then does the longest Prefix Match to choose a route come into play.

Routes / Routing allows networks to either be statically configured, or dynamically discovered via Routing Protocols, routes allow for the forwarding of traffic at the IP Layer, and their Subnet Mask or Prefix length describes what the network # is and how any host bits are available – The Network + Subnet mask create the subnet.

Gateways provide an IP Address for Layer 3 Packets to be sent to for Routing / Route Selection, though they can also be configured on L3 Switches as SVI’s to allow “Inter-VLAN Routing” so that the Router does not need to be involved in traffic forwarding between subnets on the same LAN.

So at its base, routers and routing are for Path Determination and Packet Forwarding.

6.4 Interpret a basic network topology diagram with elements such as switches, routers, firewalls, load balancers, and port values

labbers_delight_rev3_vpn

This does not include Load Balances, which would be generally placed being the Firewall or Router as it will likely be load balancing between servers, here it can be seen there is a Site-to-Site IPSec VPN TUnnel which means these two devices will need ports 500 and 4500 to allow for the IPSec Tunnel traffic to succeed.

Given there are Route Tags defined, I assume this Topology I defined at random from my CCNP Studies was doing Redistribution across the NBMA / Frame-Relay Network.

I guess I am not really sure what is meant by interpreting a network diagram, however its pretty straight forward, there is maybe one other thing here if a Network had a Proxy Server sitting in front of it, it would cause all connections to appear like its coming from a single Public IP Address, whereas a Reverse Proxy server would do the same in Reverse shown connection requests all coming back from the same IP Address to multiple hosts.

For Port numbers when going outbound it will need to be allowed on the ACL if one is configured at all, for examples an Exchange Email Server would need Port 25 open for mail flow, Voicemail to Email server would require port 587, etc.

6.8 Identify cause of application connectivity issues (NAT problem, Transport Port blocked, proxy, and VPN)

This where an OSI Model troubleshooting model would come in handy, though I really do well with Divide and conquer TSHOOT Method where I ping the target host and this determine whether I go up to Layer 4 (transport) to test if the Port is open via “telnet (dest) #” will will identify if it is a NAT issue.

A VPN can be determined by some commands like “sh cry isa sa” to see if the tunnel is up, you can also try pinging the Public IP of the remote router vs the Inside Interface of the same router that should have a VPN – If public works but Private doesn’t you likely have a VPN issue.

If pings don’t work we might go down a layer to troubleshoot the if the host is down / has a bad cable / bad interface / Etc – Or I would maybe try pinging out to 8.8.8.8 (Google Public DNS) which would indicate it is a NAT issue not allowing Overload to work properly via misconfiguration or exhausted translation pool.

6.9 Explain the impacts of network constraints on applications

I am not sure what is meant by this, however a network might be for example already allowed Port 443 to their WebServer, so the Application being introduced into the network will need to use a Unique Port, also competing Hardware and Bandwidth resources might become an issue.

Based on the Load Balancing Method, the Servers Available, the Network speed both on the LAN and to the WAN there could be issued on the Server side. On the end user side that is using the App they might be working on a Wifi network that is slow, it may have mission Critical FTP Transfers mid day of like Architectural AutoCAD files that are sent to a centralized server.

If a Load Balanced is not available and you have a couple of L3 switches, you could configure them to perform similar load balancing methods such as round robin / least connections or least busy, however the Network might not have had this built into its design to host Application Hosting at which time it would be good to consider possibly offloading the server to a Private or Public Cloud to free up your network resources.

That is all for now, I will update if I get any better resources on this info

Most of this is actually being verified on the Cisco Study Groups official Cisco training content which does not mention 6.9 at all, so this may be a situational question that you just need to be able to look at a network diagram and identify bottlenecks or single points of failure within the network due to lack of redundancy to the servers / Resource.

Will update if anything changes, otherwise, until next time šŸ™‚

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s