Need some advice on learning networking

[BillyCarpenter]

It should also be noted that there's a big difference between a production and SOHO network. I mean, if you only have a couple of routers, switches and servers, you need not concern yourself with optimizing spanning tree. But if you're running a lot of virtual servers in a Data Center, that's a different story.

It used to be that in a basic college campus network that 70% of traffic flowed north and south. In other words: From the server to client.

That's not the case these days. It's just the opposite with 70% of traffic flowing from east to west. In other words: From one virtual server to another. The data flow must be super fast and needs to take the best path. Hence: Optimal Spanning Tree.

[BillyCarpenter]

I'm starting to notice a pattern. THE SHORTEST PATH.


The shortest path in OSPF (routing table) and the shortest Spanning Tree (Layer 2).

It makes sense if you think about it. I mean, when we get in our car, we don't take the longest route to our destination do we? Of course not.


When it comes to networking, everything goes back to Math. But this type of math is way over my head. We're talking about algorithms.

[BillyCarpenter]

Here's a question. Let's see if anyone has the answer?


By default, Spanning Tree runs on every port. But if we have a single computer on port 5, it's impossible for a loop to exist. So, why have spanning tree running on that part?

[BillyCarpenter]

I'm gong over port security and it suddenly hit me that there's a lot of networks out there that are highly vulnerable.

When the ports are left open and unprotected, someone could introduce a mac address flooding attack. The switch only has so much memory and it will crash when flooded. There's a couple of different ways of dealing with this but I'm still going over it.

I'm done with port security. It's cool stuff but very easy to configure.

I've heard some of you talk about this. You go to network jack that's working and you plug in your device and it doesn't work. Why? Because the jack (switchport) is configured to work with only one specific mac-address. Actually, we can allow more than 1 mac-address but you get the point. If anyone plugs in a device with an unknown mac address, the port automatically shuts down. We can configure it to cut back on in a certain time or we can configure it so that we manaully have to bring it back up.

There's also Port Filters. I'll save that for now.

[slimslob]

I'm done with port security. It's cool stuff but very easy to configure.

I've heard some of you talk about this. You go to network jack that's working and you plug in your device and it doesn't work. Why? Because the jack (switchport) is configured to work with only one specific mac-address. Actually, we can allow more than 1 mac-address but you get the point. If anyone plugs in a device with an unknown mac address, the port automatically shuts down. We can configure it to cut back on in a certain time or we can configure it so that we manaully have to bring it back up.

There's also Port Filters. I'll save that for now.

The ports can be configured for specific types of devices like say printers. If a printer is connected to a port that is configured for use by a computer, it won't work.

[BillyCarpenter]

The ports can be configured for specific types of devices like say printers. If a printer is connected to a port that is configured for use by a computer, it won't work.

I'm pretty sure that is achieved by using an ACL (Access Control List).

Cisco provides basic traffic filtering capabilities with access control lists (also referred to as access lists). You can configure access control lists (ACLs) for all routed network protocols (IP, AppleTalk, and so on) to filter protocol packets when these packets pass through a device. You can configure access lists on your device to control access to a network; access lists can prevent certain traffic from entering or exiting a network. This module provides an overview of access lists.

You can get very specific with an ACL. You can grant or block by protocol, also.

[slimslob]

Sorry I didn't find this earelier bur here is a White Paper Ricoh put out in 2010 on using Wireshark. rfg042515.pdf

[BillyCarpenter]

I have a client (school) that is in a rather large building and their wireless network leaves something to be desired. There are several dead spots and other areas where the the signal is weak.


There's a patchwork system of wireless routers in various classrooms with different names and passwords.

They are wanting a better more efficient solution and I have my own ideas but I'd like to get some advice before making a decision.


Here's what I want to achieve for this customer:


I want them to be able to walk anywhere in the building and never lose connection. I want it to be seamless in that it needs to be able to switch from one wireless access point to another without them even knowing it.

Thoughts?

PS - Does anyone have experience with a Wireless Access Controller?

[rthonpm]

What type of authentication are they using for the network?

Mesh networks have become popular of late but in a larger building it would make more sense to set up an access point and multiple repeaters that, ideally, are wired together so that there's less risk of the concrete, asbestos, and anything else rummaging around in old buildings can eat the signal. Any enterprise style wireless setup will do what they want. Trying to mash something together with SOHO or consumer grade kit won't likely give them the management they need.

Sent from my BlackBerry using Tapatalk

[BillyCarpenter]

What type of authentication are they using for the network?

Mesh networks have become popular of late but in a larger building it would make more sense to set up an access point and multiple repeaters that, ideally, are wired together so that there's less risk of the concrete, asbestos, and anything else rummaging around in old buildings can eat the signal. Any enterprise style wireless setup will do what they want. Trying to mash something together with SOHO or consumer grade kit won't likely give them the management they need.

Sent from my BlackBerry using Tapatalk

Here's the deal. I don't know what authentication they're using and wireless technology is an area where I have plead ignorance. That is one of the last modules in the CCNA course that I'm taking. I wasn't planning on taking any wireless jobs but this came up. I'm gonna have to take a crash course to get this job done.

I have installed a couple of wireless access points here in my office. I believe they are Aruba.

I have a quick question: If I daisy chain several access points together, I'm assuming POE will transfer to all of 'em?