Need some advice on learning networking

[BillyCarpenter]

Remember the school that needed wireless?

Well, after talking it over with the powers that be, I decided to go ahead and do the job. They don't need uninterrupted wifi coverage. They aren't gonna be making wifi phone calls so wifi roaming in the halls isn't necessary. What is important to them is coverage in the classrooms and offices.

For that, I decided against installing a WLAN controller and instead installed a mesh wireless network. It took a total of 10 Aruba AP's. Not much to it. It's pretty much plug and play...for the most part. I did have to do a little configuring for the guest network and initial discovery.


A Quick Note: I'm a huge fan of Cisco's WLAN controller and Lightweight Access Points, but that would have been overkill here.

[rthonpm]

For that, I decided against installing a WLAN controller and instead installed a mesh wireless network. It took a total of 10 Aruba AP's. Not much to it. It's pretty much plug and play...for the most part. I did have to do a little configuring for the guest network and initial discovery.

You'll also be charging for the occasional visit for any firmware or patches for the equipment as well, right?

Half of the job is always getting it up and running, the rest is keeping it up and running.

Sent from my BlackBerry using Tapatalk

[BillyCarpenter]

You'll also be charging for the occasional visit for any firmware or patches for the equipment as well, right?

Half of the job is always getting it up and running, the rest is keeping it up and running.

Sent from my BlackBerry using Tapatalk

This is a non-profit school for troubled kids. I charge them a discounted rate and I volunteer some of my time on occasion. They've given me complete access and let me do what I want and it's been a great place for me to learn.

[BillyCarpenter]

I'm 60% done with the CCNA online course. It's hard to grasp how much information is covered in the CCNA unless you've done it. It's almost overwhelming.


I've learned the hard way that I need to go back and review stuff I've already learned or I will forget. I've designated Saturday as Review Day.


One of the things that I'm reviewing today, is HSRP - Hot Standby Routing Protocol. This is one of the more cool topics that I've learned.

I'm wondering if anyone has any experience with this or have seen it?


Here's the gist of it.

A large company can't afford to not be able to get on the internet so they have 2 internet service providers and ISP routers. If one goes down, all the computers atomically switch over to the other ISP router. I covered how to do this in this thread.

Anyone ever seen it?

[BillyCarpenter]

The last thing that I reviewed over the weekend was DHCP. A simple way to remember the process by which DHCP works is D.O.R.A.


D.iscover
O.ffer
R.equest
A.cknowledge

I learned something new that I missed the first time around. What is that, you ask?


In the DHCP "offer", it has the IP address, mask and default gateway. I thought all of that was replicated in the "acknowledgement", but it also includes the lease time and renew period...which wasn't included in the offer.


Now we know.

[BillyCarpenter]

Who wants to talk NAT? More importantly, who understands NAT? I image quite a few of you understand it. I'm just now learning how it works. Full disclosure, I've been studying this for a few days now as part of CCNA.

In CCNA it takes everything to the extreme...or to a production network level.


With that being said, here's what I've covered.


1. Static NAT - This is used mostly for a server that that has incoming traffic from the internet. It's pretty straight forward. The outside (public) IP address is matched up to the inside (local) IP address.

I can address this further if anyone is interested. No? lol


2. Dynamic NAT - Okay. This used when a company purchases a pool of public IP addresses from the ISP. These are expensive so you'll only have a limited number of public IP addresses. Each PC will be assigned a public IP address to get out to the internet. The problem is that you're most likely gonna have more PC's than you do public IP addresses and when that happens, the remaining PC's won't be able to get internet access. This isn't used much in the real world.


3. PAT - Public Address Translation: This allows an unlimited number of PC's to reach the internet with only one public IP address. It does this by using the private IP address of the PC AND the port number. There's a NAT table that helps keep everything in order so that traffic is routed to the correct PC.


I have a Cisco Router here and I've already set up an edge router that uses PAT and it can be complicated if you don't understand the theory behind the steps involved.

[BillyCarpenter]

I'm on something now that has me really excited. What am I talking about ? ACL or Access Control List.

I first used an ACL in the real world when I configured a Cisco edge router to do NAT. Or in this particular case, PAT. It's all the same principle and that's translating a private IP address to go across the internet.

So, where did the Access Control List come into play?

First we need to understand what an ACL is.


Imagine that we're throwing a big party at the club and we give the bouncer, who's standing at the front door, a list of everyone that is allowed in. If they're not on the list, they don't get in. Period.

Well, that's how a ACL works.

There are different types of ACL's. Let's start with the "standard" access list.

It can only "allow in" according the source IP address. It can be one single source ip address or a range of IP addresses. But that's all it can do.


Now replace the bouncer with a router and replace the names on the list with ip addresses.

If the IP address isn't on the list, it doesn't get in.


More to come...

[BillyCarpenter]

PS - The next type of list is the Extended Access List.

It can block/allow on the source and destination IP address. But wait, it can also allow/block on Layer 4 protocols and even port numbers.


There's many practical applications for this...I just need to learn what they are.

[BillyCarpenter]

As I continue to learn how to properly configure an ACL, I'm reminded of something. And that something is how important it is to master Subnetting. If you want a job working with routers and switches, it is a must to master subnetting. If you don't, you will be fired in short order. There's simply no way to avoid it. And a subnet calculator isn't gonna let you off the hook. You still must master subnetting, wildcard masks, and supernetting.

I'm not gonna lie, I struggled with it for a while. I stuck with it. The minutes turned into hours. The hours into days and the days into weeks. And just when you think you have it, they throw you a curve ball. It seems simple now but everything seems simple after you learn it.

[BillyCarpenter]

PS - Here's an example of what I'm talking about:



10.16.2.0/24

10.16.4.0/24

10.16.6.0/24


That's 3 different subnets and they're all 24 bit. If we wanted to use an ACL to block all 3, how would we write it?

It would be written like this: deny 10.16.0.0 0.0.7.255

The red portion of our network statement is the wildcard mask and I won't go into great detail, but the point is, if you can't subnet and supernet, you can't use an access list. And that's just one example.