Cisco - What is it, how to use what program and does it mean for IT?
Posted On 14.03.2021
Cisco ("Tsco" or "Tsiska") - This is a well-known brand of Cisco Systems IT Corporation from the United States (in 1984, the name is educated from San Francisco Reduction), under which network routers, switches, wireless devices, video surveillance systems are produced throughout the world.
Does it mean Cisco for the world of information technology? Yes, this is a generally recognized king of network equipment.
The company's activities are constantly expanding and covers more and more new areas of the IT industry. Cisco. It offers security systems, telephony based on the Internet, cloud systems and many other collaboration solutions and corporate networks. Participates in the development of Internet of things (IOT), conducts educational programs and offers one of the most popular multi-level and thorough certification systems of communication technologies.
What is Cisco Program?
Under the "Cisco program" usually understand the educational program or authentication protocols.
The first is Educational program of the Cisco Network Academy (Network Professional Program, CNPP) To prepare for professional certification in the Association (Certified Network Associate, CCNA), which helps build a career in the IT industry commutation link.
The second one that many computer users often ask is Cisco Module program - It is found in the operating system under the EAP-Fast Module, Leap Module or Peap Module protocols. Let us dwell on such "modules" more below.
Cisco Module - What is it?
У Cisco. There are three programs that are installed in the OS when using corporate equipment. It requires the formation of a network technologies engineer or at least a general understanding of their work. If we talk simple words, then programs Cisco Module. Created for protected user authentication when using TVCo devices.
Cisco EAP Fast Module
Module Extensible Authentication Protocol Flexible Authentication Via Secure Tunneling - Protected protocol with extension capabilities for authentication using safe tunneling.
Cisco Leap Module.
LightWeight Extensible Authentication Protocol - Lightweight authentication protocol with the possibility of expansion.
Cisco Peap Module.
PROTECTED EXTENSILE AUTHENTICATION PROTOCOL - Protected Authentication Protocol with the possibility of expansion.
Modules are distinguished The user authorization method, but have a common goal - Protect the system from network attacks When connected to the global network.
Ordinary authorization Requires login and password. Authentication - also the checksum amount of the file, or a digital signature, or input biometric data (from the fingerprint scanner or the retinal retinal sensor). A similar scheme is used in electronic wallets, such as.
Cisco has high authentication requirements of engineers who serve the equipment of the company.
What is Cisco Packet Tracer?
This software for Networking simulations on equipment Cisco. . Is part of the educational program Network Academy of Cisco. and accessible to students for free. Allows you to create copies of complex switching systems, but all the equipment features does not transmit.
If you need to know How to configure Cisco Packet Tracer , Take advantage of the latest issues of professional literature from the company or sign up for courses "Cisco".
How to run Cisco and start using?
Usually under Starting Cisco. Understand the connection of the router and its setting, or the installation of the simulator Packet Tracer. . In all other cases Run Cisco. - it means start using network equipment Companies. You will need the basic knowledge of the engineer of switching networks and the basics of work with the devices "CISCOM". To do this, use training techniques or professional literature.
How to remove Cisco?
Under Removing Cisco. Users understand the uninstallation of authentication modules EAP-FAST, LEAP и PEAP. In Windows. Attention! This can be done only on those systems in which the equipment is completely absent. Cisco. Otherwise, his work will be broken, and it will be difficult to restore the modules.
- Go to "Start" and select "Control Panel" (in Old Windows) or "Parameters" (Windows 10).
- Select "Delete Program" (in Old Windows) or "Programs and Components" (Windows 10).
- Find Cisco EAP-Fast Module and delete it.
- Then remove the two remaining LEAP and PEAP module, if they were installed and is in the list.
- If the removal process hangs, then cancel the procedure and update the driver to the network card.
- Repeat the removal procedure.
If you do not want to understand the intricacies of the equipment Cisco. , Contact IT outsourcing for further expert support and advice on this topic and any other technical issues.
What is Cisco?
Since you are on this site and read these lines, it will not be difficult for you to answer, what is Cisco?
That's right, Cisco is a company producing network equipment. And she is one of the largest companies. The tsiska itself considers himself an "world leader in the field of network technologies." Why not.
Under the term "Network Equipment" We will understand the devices and products such as: routers, switches, firewalls, Wi-Fi access points, various modems, comprehensive solutions for IP telephony and video conferencing, DSL, servers, video surveillance systems, software, etc. d. etc.
As in Greece, everything is)))
And how are you connected with tsisk? Or still stand before choosing a connection with it?
I will try to answer this question about it is intelligible and clearly.
Network Academy Cisco.
Cisco Network Academy is a global educational program, studying students to design, create, debug and protect computer networks. The Network Academy provides on-Line courses, interactive tools and laboratory practice to help people prepare for exams and enhance the "network" career in almost any type of industry.
Exams at the Academy are rented to obtain a Cisco certificate. Cisco Certificate is a measureful tool for knowledge obtained in the learning process.
All Cisco Certificates are divided into three levels (some allocate the fourth, the most important):
- Specialist (Associate): CCNA certificates, CCDA
- Professional (Professional): CCNP, CCDP certificates
- Expert (Expert): CCIE certificates
- (As I mentioned above, there is still an initial (Entry-Level): CCENT certificates)
If you decide to get a Cisco certificate, then start with CCNA. Cisco Certified Network Associate (CCNA) confirms the ability to install, settings, operation and troubleshooting. The CCNA curriculum includes a decrease in safety risks, introducing in the concept and terminology of wireless systems, and skills with practical training. CCNA includes using protocols: IP, Enhanced Interior Gateway Routing Protocol (EIGRP), Serial Line Interface Protocol Frame Relay, Routing Information Protocol Version 2 (RIPV2), OSPF, VLANS, Ethernet, Access Control Lists (ACLS), and much Other.
CCNA, it is actually an interesting program, and if you want to learn more details or get an answer to your question, stay on the site and write me letters;)
After receiving the CCNA certificate, you will have all the roads to interesting work or to continue learning, followed by obtaining a certificate of the next step, which means increasing your level from a specialist to professional. With such pace and before the expert not far.
You may have already familiarized yourself with learning, and it seemed to you enough, but For this site and was created To help all those who have not learned all the material with the help of official textbooks, did not have time to "desemble" the features of some protocol, did not understand the laboratory, interactive work, did not understand which one to choose the answer when testing. There are still many possible problems in the process of any training, but I am sure with the help of this site you will be able to fill your knowledge, remember forgotten, peep in response and make sure your choice is correct.
Together with you, we will not miss any little things that could affect us, as well as we will analyze all the necessary aspects and comments on testing in Russian.
Cisco Russia is the official representative of the transnational company for the production and sale of Cisco network equipment. With the development of IT technologies, business requires reliable solutions and products that will provide high-quality data transfer, storage, as well as complete secure and confidentiality.
People who do not have a direct connection with the digital world believe that Cisco company is engaged in the production of routers, routers and modems. But in fact, the list of products produced is much wider, and the performance and potential of network equipment makes it possible to provide all the most large-scale Internet companies that are actually the clients of this manufacturer, including the well-known Google. The company originated in the 90s, Cisco has passed a huge way to leadership in the market for the production of network equipment and software, and today adequately holds this position, I propose all new features features that simply affect the minds of standard users.
Orientation on all consumers
There is an opinion that all Cisco products are designed for large businesses, but it is mistaken, since the manufacturer, as well as the range of our official website Cisco Russia, offers affordable solutions for small businesses, as well as for private home users. Depending on the needs, the cost of network equipment will be determined, so you can get a complete consultation of the managers of our site Cisco Russia, which is the official representative of Cisco in Russia.
In the development of IT technologies, it will not be possible to bypass the part of all innovations that entail not only new business opportunities, but also danger. The transnational company Sisco Systems is engaged in the development and sale of network equipment, which allows not only to develop a business, overcoming huge distances for the share of seconds, providing control at each stage of production, but also to protect important and secret corporate information and data.
Sisco Systems is the leader of this product market, the achievement of this status is holding it for many years, and the company was created in 1984 almost simultaneously with the development of the most Internet networks, including wireless. The name of the company received from the state of California USA - San Francisco, the last five letters and became defining the name of the future global corporation, which today has all hearing. For 35 years, Sisco Systems survived a lot of mergers and acquisitions, but did not waste the potential, and even on the contrary, it broke into the leaders.
Today, Sisco Systems is engaged in the production of not only usual modems, routers, Wi-Fi routers or video surveillance systems, but also produces a number of other network devices:
- Ethernet switches;
- Equipment for IP telephony;
- ATM switches;
- Network security products;
- Optical switching platforms;
- DSL equipment;
- Software management software;
- Universal gateways and remote access gateways;
Thousands of the best minds of the world work on the development of products and innovation on Sisco Systems, and our country a transnational company also did not bypass the official center of Sisco Systems in Skolkovo.
Ask a Question?
You have a question: "Cisco - What is it?" This is a company that manufactures such network equipment such as communicators, routers, screens, modems, routers, servers and more. It is also the main manufacturer and leader in computer and network technologies.
This is an American company that develops and sells network equipment. Company main motto: Provide the opportunity to purchase all network equipment only in Cisco Systems.
In addition to manufacturing equipment, the company is the world's largest enterprise in the field of high technology. You are still asking: "Cisco - what is it?" The company at the beginning of its activities produced only routers. Now this is the largest leader in technology development for the Internet. Created a multi-profile system of certification of specialists on networks. Professional Cisco Certificates are very valuable at the expert level (CCIE) are very respected in the computer world.
The name of Cisco itself went from the city of San Francisco in California. The logo is a copy of the Golden Gate Bridge. In Russia, in Ukraine and in Kazakhstan, the company has existed since 1995. In 2007, the increased volume of sales in the field of information security amounted to about 80 million dollars. And since 2009, in Russia there is a research and development center.
It is this company that is the advanced in building branching and very reliable networks in the premises. AIRONET Series uses security, high-precision handling, security when building a Wi-Fi network. This series has five access points, as a result it helps in solving many tasks. Such a network supports three standard: a, b, g, as well as 802.11n, in order to maximize the bandwidth.
Change the rights, add and delete users when network from two-three access points can be manually. But if more, then you need to use such an appliance as a controller. This intelligent mechanism not only controls the operation of the network, but also by analyzing the operation of access points, it is equally loaded on the network access point. There are two models of controllers: 2100 and 4400.
Cisco Academy Program
In the conditions of the progressive technology economy, knowledge in the field of networks and the Internet gives the network program of the Cisco Academy.
Of course, you want to learn: Cisco - what is it? It includes materials from the Internet, practical classes, assessing students' knowledge. This program was founded in 1997 in 64 educational institutions. And spread to 150 countries. Specialists of the program prepare future teachers in training centers (SATS). Then the teachers teach regional teachers, and they are local, and local teach the knowledge gained students. Students at the end of training receive certificates "Network Specialist" (CCNA) and "Network Professional" (CCNP). At this time, besides these certificates, cadets can also be held courses in different directions. Over time, the program is constantly adapted to high standards.
Cisco Unified Computing System (UCS)
Currently, business requires rapid response, so increasingly pay attention to the Cisco Unified Computing System (UCS) calculation system. So, Cisco - what is it?
The first platform in the world where you can create data outline centers. It provides an intelligent infrastructure that can be programmed, simplifies and makes the appropriate class faster and services in the necessary cloud technologies. This system unifies model-based management, highlights the relevant resources, and in order for the applications to be accelerated and easier to unwound, supports migration. And all this, thereby increases the level of reliability and safety. What does this platform do in the end:
- combines different network resources and Cisco servers;
- Increases the degree of availability and performance of applications;
- Minimizes services for operational work;
- Optimally distributes the capabilities of the data processing center to reduce the cost of ownership.
Record performance of applications is achieved using Cisco Unified Computing System.
Everyone wants to know: Cisco EAP - what is it? For example, the protocol of extended authentication. Wireless information packages are transferred to packets that are transmitted by wires and are sent to the authentication server and back. If necessary, such a system is used when the passive role of the access point. There are methods of EAP:
- EAP (PEAP) -MS- (CHAP) version 2;
- PEAP GENERIC TOKEN (GTC);
- EAP through the painted tunnel (Fast);
- EAP-tunnel carelessness (TLS);
- EAP-TUNNELED TLS (TTLS).
EAP is running iOS. He especially feels verbal attacks, not new types of attacks. We must only develop a resistant password and periodically change it. Now consider Cisco EAP Fast - what is it?
EAP-FAST is a program developed by Cisco Systems. Such an EAP method as LEAP, normally proven itself among IP phones and is supported by Freeradius. Ask: Cisco LEAP Module -
what is it? it
Program for authorization of Wi-Fi users. Vulnerable when calculating MD5 lists of passwords.
Cisco Peap Module.
We are interested in: Cisco Peap Module - what is it? Very simple, at first glance, a program for timely cleaning Windows from a different outdated and unnecessary registry. Such cleaning increases the speed of the system. Supported by different operating systems as Windows Vista / 7/8 / Server 2012.
Any organization conducts the main traffic volumes through the devices of two types: switches and routers. Cisco is the most popular brand that produces reliable switches and routers, so many companies have accepted it as a standard for such devices. For other network equipment, such as firewall or wireless access points, someone prefers Cisco, someone chooses something else or uses brands together. But if the network is built using Cisco routers and switches, then this is a Cisco network.
There are no mandatory requirements to use this brand exclusively. You can use Cisco switches with Juniper routers, and they will work perfectly together. You can use the Cisco Router with the Juniper Switch, and they also have a great stay. But there is a couple of objections against such tandems.
First, the Cisco Device Configuration Sequence is fundamentally different from the Juniper equipment setting. The syntax of commands and terminology is completely different. Administration of mixed networks requires knowledge of both platforms and the principles of their interaction, and this book is devoted only to Cisco equipment.
Secondly, if you have problems and you are not sure, they are connected with a router or switch, you will have to seek technical support directly to both companies. In the worst case, each company will poke a finger on a competitor. At best, it is fraught with delays until they come to the agreement.
Use in one network of switches and routers of different brands is a bad idea. That is why most companies use both routers and switches only by Cisco. It's easier. And even if you have a mixed network environment, this book will still be useful to you to learn to administer switches and Cisco routers. Just remind you that the Cisco network is described in this book, and this is always Cisco routers and switches.
In fig. 1 shows how my computer is sent to the "envelope" containing some data to the database server. In this article, you will learn how switches and routers define the best path for data transmission.
Fig. one. Switches and routers
True on switches and routers
Newbies often ask two questions:
- What do switches and routers actually do?
- Why are these devices and MAC and IP addresses?
These seemingly simple questions do not have simple answers. I have repeatedly observed attempts to answer these questions in several sentences, but all these attempts made only more than the best task and even more confused.
The truth is that the switches and routers are a generation of a specific technological necessity, and not any general practical need. In principle, none of these devices are endowed with some special intellectuality, although Cisco and supplies them with a certain number of "brains" to improve their functionality. Like most technologies, switches and routers appeared as a result of dubious decisions taken decades ago.
New technologies are usually built on earlier. For example, e-books borrowed concepts Pages и Bookmarks In traditional printed books. Try to explain what a page is, someone who is familiar with the scrolling, but never seen traditional printed books. How do you do it? Before explaining what a page is, it is necessary to explain why they exist.
Therefore, before you explain what a router or switch is, I must briefly explain, to solve what problems they serve. After you understand this, everything will fall into place, and you will immediately be able to administer your own Cisco network.
Many years ago, someone decided that all network devices should have a specific identifier to identify each other in the network space, and called this identifier MAC address (from the English Media Access Control - control access to the medium). The MAC address is a line of 48 bits, containing a hexadecimal number, something like this: 0800.2700.ec26. You probably have already met with something like that.
What is interesting: manufacturers of network devices are assigned to them MAC addresses at the stage of manufacture. The feasibility of this is that you can simply turn on the devices to the network and switch them between themselves without having any configuration manual. It sounds worthy, but there is one problem: the manufacturer assigns the MAC address in the absence of communications with where the device will be placed in the end. That is, it is not exactly the address, since it does not help in determining the location of the device.
Run the Windows command line shell and enter the command.
IPConfig / All. .
In the list of the MAC address of the network card of your computer will be listed in the line Physical adress (Physical Address). If several are set
Network cards, you will see several MAC addresses.
Mac address is akin to the full name of the person. It is assigned at birth to simple identification to highlight a person from the crowd or send a message to his name. If we are in the crowd of people and you want to send me a message, but you have no idea where I, you can, gaining more air, shout: "Ben Piper, where are you?" And if I'm in that crowd, I'll get your message.
Network devices communicate with each other in the same way, but instead of the full name MAC addresses are used. Suppose my computer has an O8OO.2700.ec26 MAC address, and it must be printed on the network printer named Monoprint and MAC address 002O.350 ° CO26. My computer is physically connected to the printer through a device called the switch, as shown in Fig. 2. More precisely, my computer and printer physically Connected to the individual Ethernet ports of the switch. Note that, in contrast to the wireless access point, connect to the switch is always It is performed using a cable. Thus, the switch is the place of collecting all network devices. Just as I am with you and with others I can get together on the crowded market, network devices are collected together in the switch. This set of interconnected devices is called a local computing network (LAN, from English. Local Area Network, LAN).
Fig. 2. Two printers are connected to a computer via switch
But there is a problem here: My computer does not know where the Monoprint printer is located, does not even know whether it is part of a local network - part of the "crowd" connected to the switch. MAC -press, like the full name, can serve as a good Identifier, but it cannot specify the accurate location of the device. That is why my computer is forced to simply "shout in the mouthpiece", calling Monoprint to its MAC address.
Each device during the manufacturing process receives a factory unique identifier (ORGANIZATILY UNIQUE Identifier, OUI) as a string containing a hexadecimal number. The OUI identifier forms the left part of the MAC address assigned to the manufacture. It can be viewed as "surname" of the device. Although they are assigned to "birth", the device of one series have an identical QUI number. The rest of the MAC address is just the next member of the increasing sequence. Thus, the manufacturer has reached It is unique MAC -press each device.
Ethernet frame: big envelope
My computer creates Ethernet -frame, Containing the source specification is its own MAC address - and the final addressee - the MAC address of the printer. Figure 3 demonstrates an Ethernet frame as a large envelope with the addresses of the sender and the recipient.
Fig. 3. Ethernet Frame Contains the MAC addresses of the sender and recipient
My computer collects data that wants to process on the printer, places them in the "big envelope" and sends to the switch. The switch receives a frame and refers to the MAC address of the remote printer. Initially, the switch does not know whether the printer is connected to it or not, so it sends the frame to all other connected network devices to determine if there is a printer among them. It is called avalanche transmission .
In step 1, in fig. 4, my computer sends an Ethernet frame addressed to the Monoprint printer, with its MAC address (0020.35O0.ce26). In step 2, the switch sends this frame to all connected devices.
Fig. four Avalanche ethernet frame
When everyone says, no one listens
Anvalistic transmission has the same effect as a cry in the mouthpiece in a large crowd. Everyone hears you, but at the same time in the crowd, people can not hear each other. To increase efficiency, you temporarily stop their communication. But even after you shouted in the mouthpiece, it will take some time after people get your message and understand that it is not addressed to them. The same thing happens when the switch sends a message to all devices. All of them are not able to hear each other while there is avalanche transmission. And then they must process a message to understand - whether they should do something in accordance with it. This phenomenon is called Interrupt .
Although several personnel of frames and interrupts and does not seem to be considerable, imagine what will happen in the crowd, say a person for 1000, in which everyone has a mouthpiece. Just at the moment, as you gathered to send me a message through your mouthpiece, someone straight next to you shouts anything else through your own. After you calm down the ears, you raise your rugers only in order to be interrupted by someone else. So far, finally, there will be no pause, sufficient to send a message. Yes, this is a problem. You act with all the others in the same environment - in the air. With this method of communication "one - many" it is difficult to expect that a specific person will receive a message on time. And the more crowd, the more problems.
In a network with multiple devices, avalanche transmission does not represent problems. And if there are hundreds or thousands of devices on the local network, it is problematic. And it generates another problem. Network that cannot link thousands of devices is almost useless.
Suppose that you added another switch to the topology network, called its switch 2 and attached a database server to it, as shown in Fig. 5. When my computer sends a frame on the server's MAC address, switch 1 starts avalanche (and interrupt) to all devices attached to its ports, including switch 2! Switch 2, in turn, also transmits the frame to all devices. In this case, the database server is only an ordinary device connected to the switch 2.
In step 1, my computer sent a frame on the MAC address of the database server (00db.dbdb.5010). In step 2 Switch 1 sends the frame to all devices. Finally, in step 3, Switch 2 transmits a frame to the database server.
All these devices that have received a frame, - members of one broadcast domain . The broadcast domain is not a device and not even a configurable parameter, but rather an integral network attribute. For a better understanding, I will present the following analogy.
When you stand alone in the center of the street, you are not a crowd. But if a few people are going around you, you become part of the crowd. And you become part of an even greater crowd when there are more people around you. You do not change, but your virtual property changes - part of the crowd, - depending on how many people have gathered around you. Similarly, the device becomes part of the broadcast domain of those devices that received a frame at avalanche transmission.
Getting rid of avalanche transfer: Table of MAC addresses
Avalanche transmission - an inevitable operation when using MAC addresses. Fortunately, the switches use a clever trick to reduce the need for avalanche. Each time the switch receives a frame, it studies the source MAC address and the port to which the source of the frame is attached. This information is used to build Tables MAC -press.
In the Cisco documentation, the MAC address table is sometimes called associative Memory (Content Addressable Memory, Cam), but this is the same.
When the switch 1 receives a frame from my computer, it writes its MAC address 0800.2700.ac26, as well as the port to which the computer is connected - FasteThernet0 / 1. This information is added to the MAC address table, as shown in Table. one.
Table 1. Table of Switch MAC addresses 1
MAC -the address
Port of Switch
Fastethernet0 / 1.
Now suppose the database server sends a frame with the MAC address of my computer. The frame falls on the switch 2, which sends it straight to the switch 1. But instead of blind throwing the frame of all devices, the switch 1 checks the table of MAC addresses.
He sees that the MAC address of 0800.2700.ec26 corresponds to the device connected to the FasteTherNet0 / 1 port and sends the frame only On this port, as shown in Fig. 6. It works on the principle of an old telephone switch, from where and the term switch .
. As a table of MAC addresses allows you to get rid of avalanche transfer
In step 1, the database server sends a frame to the MAC address of my computer (0800.2700.ec26). In step 2, the switch 2 (avalanche) sends a frame to a switch 1. In step 3, the switch 1 is checked with the MAC address table and find the port of the requested address. In step 4, the switch 1 sends the frame only to the port of my computer, and does not avalanche transfers the frame to all other devices.
Separation of the broadcast domain
With an increase in the size of the broadcast domain of communication are becoming increasingly difficult. And as a result, a broadcast domain consisting of hundreds of devices begins to work unsatisfactory. But the modern company requires a network connecting thousands of devices. And just the availability of communication is not enough. The network must be quick and reliable.
The decision is to limit the size of the broadcast domain. This means that it must be divided into parts in such a way that individual parts have a connection with each other.
Returning to our example, we see that the simplest way to smash the broadcast domain is to turn off the Ethernet cable connecting the switches 1 and 2, as shown in Fig. 7. I note that the switches are not connected in any other way. This is a simple part. And now complicated: My computer and the database server are placed on different broadcast domains. There are no paths for their connection with each other. What did you do? You cannot simply re-connect switches, because you will recreate what was - a single broadcast domain.
Fig. 7. . Two broadcast domains
Compound of broadcast domains
To connect two broadcast domains without repeating this terrible problem of avalanche, you need to make two things.
First, since two broadcast domains have no connection, you need a special device that is physically connecting them, but in such a way that the personnel of the frames do not go beyond the border of the broadcast domain. Since the frame contains the MAC addresses and the sender, and the addressee, this device will effectively hide the MAC addresses of one broadcast domain from the other.
Secondly, since the MAC addresses of one broadcast domain are hidden from another, you need another diagram of addressing devices for accessing equipment in separated domains. The new address scheme, in contrast to MAC addresses, should not only identify the device, but also to provide some instructions on what domain is placed. Let's start with the last.
Addressing devices from different broadcast domains
The addressing scheme must meet the following requirements:
- First, the address must be unique to all broadcast domains. Two devices from one domain cannot have the same address;
- Secondly, the address must report what domain it belongs. The address should be not only a unique identifier of the device, but also to report other devices to which domain it belongs. All this in order to avoid these terrible problems of avalanche;
- Thirdly, the addresses cannot be assigned "at birth", like the MAC address. They must be configured by you as a network administrator.
Fortunately, you do not need to break your head over this. Such an address scheme exists, and you have already enjoyed it.
Internet protocol addresses
You already know what the IP addresses look like. One of the most common IP addresses is 192.168.1.1. This is the sequence of four octal numbers ( Ocetov ), separated by a point, each number can be located in the range from 0 to 255.
You probably saw the addresses of type 192.168. x.xthat pop up in various places. This is due to the fact that the addresses 192.168. x. xReserved for use in private networks used at home or at work. They are not globally unique, as not available in the overall space of the Internet. But you can use them to address devices in your own internal network.
Unlike MAC addresses, you can assign an IP address to any device, which wise. You can create your own addressing scheme based on the location of the device, and not just on what they are. Let's consider an example.
Where are you?
The devices attached to the switch 1 form domain 1, and the devices attached to the switch 2 are included in the domain 2. You can assign addresses 192.168.1. xDevices in the domain 1, and addresses 192.168.2. x- Domain members 2. Even without looking at Fig. 2.8, just knowing IP addresses, it is clearly defined to determine which domain it belongs to the device.
Fig. 8 . Each device has an IP address that corresponds to its domain.
Note: If you want to add a third broadcast domain, you can assign addresses 192.168.3. X devices in this domain. Ease of using IP addresses is that there is no practical restriction on the number of individual broadcast domains that you can control.
But we still have no connection between broadcast domains, devices can communicate only inside the domain. But the question arises: now each device has two addresses, MAC and IP- which one to use for communications inside domain?
Dilemma: IP or MAC address
"Why don't we just use IP addresses instead of MAC addresses?" - A common question among IT professionals trying to study the networks. That's a good question.
Among other things, MAC addresses are not very convenient. They are severe for memorization, meaningless, they are difficult (or impossible) to change. The IP address, on the contrary, is easily remembered, easily changes and may contain many useful information regarding location and functionality. The winner is obvious.
So, why can't we just use IP addresses and forget all the mac addresses together? The answer is simple, but a little disturbed.
Network devices inside the broadcast domain must still interact with MAC addresses. This is the requirement of the Ethernet standard that has existed for decades. The assignment of IP addresses does not change. Of course, someone can create a new standard, which will make MAC addresses absolutely not necessary, but it will require a replacement All devices on your network.
In short, MAC addresses are still used. This is bad news. And the good news is that you do not need to worry about them, well, or at least not very often.
ARP: Address Definition Protocol
Let me remind you that the sharing of MAC and IP addresses is inefficient and wasteful. That is why almost all applications use IP addresses and completely ignore the MAC addresses. Address Definition Protocol (Address Resolution Protocol , ARP ) Makes it possible.
The ARP protocol provides the ability to simply replace MAC addresses IP addresses. The advantage of the ARP protocol is that it allows the use of friendly IP addresses, without paying attention to the MAC address. All network devices manufactured from the mid-1980s use the default ARP protocol, so there is no need to configure it.
Suppose my computer sends some print job on the printer. Both devices in one domain, therefore, continue to interact using MAC addresses. But you as a network administrator may even remember them. And my computer refers to the monoprint printer by IP address: 192.168.1.20.
Figure 9 illustrates ARP operation. My computer sends ARP - inquiry, which is converted to the MAC address of the Monoprint printer. This request says: "This is 192.168.1.10, and my MAC address is 0800.2700.ec26. Who has 192.168.1.20? " My computer places such an ARP request to an Ethernet frame and sends it to a special broadcast MAC -press Ffff.ffff.ffff, as shown in Fig. 9.
Fig. 9. Inquiries and Answers in ARP Protocol
Let me remind you that all network devices should Use MAC addresses for communication. To the ARP request of my computer received all devices on the network, he must send it to Some MAC address. He can not send it to an empty address. Therefore, he sends an ARP request to the broadcast MAC address. Each device hears the broadcast address in addition to its own MAC address. This ensures that each device on the network will pay attention to any ARP request.
In step 1, my computer sends an ARP request to a broadcast MAC address (fff.fff.fff). In step 2 monoprint returns ARP, replacing the IP address contained in it at 192.168.1.20. Finally, in step 3, my computer refers to print on the MAC address of the Monoprint printer.
The switch sends this frame over all ports, including the port to which the Monoprint printer is connected. The Monoprint printer receives a frame, considers it and sees an ARP request. Monoprint printer sees the question: "Who is 192.168.1.20?" - And thinks: "Oh, this is my IP address!" Then the Monoprint printer sends the ARP response to my computer: "This is 192.168.20. My MAC address is 0020.3500.ce26. " Bingo. Now my computer knows the MAC address and can use it for communication.
ARP protocol is a secret "sauce" that saves from the need to think about MAC addresses too often. And your work comes down to using friendly, meaningful IP addresses most of the time.
Communication of broadcast domains using a router
Now that you can use IP addresses, it's time to learn how devices can use them for communication between broadcast domains.
At the moment you have two separate, non-interconnected domains. To connect them without forming a single broadcast domain, you need a special device called router . The router physically associates domains in such a way that the frames cannot leave their borders. Since the frame contains MAC addresses and the sender, and the addressee, the router effectively hides the MAC addresses of one broadcast domain from another.
In fig. 10 The router is physically connected to both domains. It has at least two ports or interfaces, one for each associated domain. Each network interface of the router has a unique MAC address. Just remember that each router interface has a unique MAC address for compatibility with Ethernet standards of all other network devices. Just as the e-book continues to use "Pages", the router uses MAC addresses for compatibility. The router has not only two MAC addresses, but also two IP addresses. The router interface connected to the switch 1 has an IP address 192.168.1.254. The router interface connected to the switch 2 has an IP address 192.168.2.254. These are unique IP addresses, and the third octet indicates the domain.
Where are you? And where am I?
My computer has an IP address 192.168.1.10 and belongs to the domain 1. The IP address of the database server 192.168.2.70, and it is placed in the domain 2. The value of these addresses is obvious to everyone. The device with address 192.168.1.x belongs to the domain 1, and the address 192.168.2.x belongs to Domain 2.
But my computer does not know that. Computer - First of all, it is a stupid car, which makes only what he is told. Therefore, the computer must be somehow explained which domain. When he understands it, he will be able to figure it out if any device belongs to his own domain or some other.
In fact, the broadcast domains of the numbers are not assigned, as this is not some kind of real, physically existing thing. But the association of a set of IP addresses with the abstract concept of a broadcast domain simplifies the understanding of the principles of its work. A set of addresses tied to a specific domain called Subnet .
Fig. ten. The router is connected to two broadcast domains.
For each domain, the router is assigned unique IP and MAC addresses. Please note that the Ethernet frame does not leave the domain limits.
For example, consider subnet 192.168.1. x. There is nothing in this set of addresses that would say: "All addresses from 192.168.1.1 to 192.168.1.255 belong to one domain!" If you have already thought about it, it is likely that this idea came to you on the basis of read in this chapter, and not from what you reviewed the address. But my computer cannot read and understand as a person, so it needs explicit instructions on the address of the address to a specific domain.
For this, used Subnet mask . Subnet mask is four octal numbers generated as an IP address, and it is it that indicates the range of addresses that belong to one domain.
In fig. 11 It is shown that my computer has an IP address 192.168.1.10, and the subnet mask is 255.255.255.0. In the first and second lines of table. 2 shows a comparison of each octet. The value 255 in the subnet mask means that the IP address in which the value of the appropriate octet is equal to this value belongs to this subnet. The value of 0 means that the value of the corresponding octet in the IP address does not matter for this subnet.
Fig. eleven. The IPConfig command displays information about the IP protocol settings on my computer
table 2 . Definition of a domain by IP address and subnet mask
IP address of my computer
The IP address of my computer and the subnet mask themselves are completely useless. Question on the backup: Does IP address of 192.168.2.70 of the same domain, what and my computer? Let's take this IP address and analyze it, as shown in Table. 3.
Table 3. . The IP address of the database server differs from the IP address of my computer
IP address of my computer
IP address of the database server
The first two octets coincide, but the third octets are different. And due to the fact that the corresponding octet of the subnet mask is 255, my computer already knows that the database server is in another domain. Therefore, to access the database server, you need to use a router. But before using the router, he should know that it exists and how to contact him.
Run the Windows command line envelope and enter the ipconfig command. You will see an IP address and subnet mask. Analyze the IP addresses known to you that your company uses. Determine if they belong to the same Domain as your computer.
Shipment between domains
Using the default gateway
Now that my computer has determined that the database server belongs to another domain, he needs to know which router to use to connect to this server. To do this, he checks the address of its default gateway.
The default gateway address of my computer is 192.168.1.254. It corresponds to the IP address of the router interface, which is connected to its domain. Based on the default gateway address, my computer knows that when he needs to send anything to the IP address outside its own broadcast domain, it must pass this message through the router.
I will note that my computer's IP address is 192.168.1.10, and the IP address of the default gateway belongs to one subnet. It is really important. If the device does not belong to the same subnet as the router, it cannot apply To whom outside of your domain.
My computer sends an ARP request to 192.168.1.254, and the router in response reports that its own MAC address is 0073.37C1.5C01. My computer collects an Ethernet frame and sends it to the MAC address of the router. But at the same time, he collects a smaller "envelope", called IP Package. If an Ethernet frame is a big envelope with MAC addresses, then the IP packet is a smaller envelope containing only the IP addresses of the sender and the recipient.
The IP Package contains the IP address of my computer 192.168.1.10 (sender) and IP address 192.168.2.70 database server (recipient). In fig. 12 It is shown how my computer places this small envelope - an IP packet - inside a large envelope - an Ethernet frame, in which the router's MAC address is specified as the address of the recipient. This process "Filling Ethernet-Envelope" is called encapsulation .
My computer sends an Ethernet frame to the Router, which contains an IP packet. The router, receiving an Ethernet frame, retrieves the IP package and sees the recipient's IP address. The router determines that 192.168.2.70 is an address belonging to the domain 2, which is connected to one of its interfaces.
Then he sends an ARP request to the server using its IP address 192.168.2.70. ARP request says: "This is 192.168.2.254. Who has 192.168.2.70? " The server responds by specifying its MAC address, and the router takes the IP packet and puts it in a new Ethernet frame, which contains the MAC address of the server as a recipient. All this is reflected in fig. thirteen.
. IP package encapsulated in Ethernet-frame
Fig. thirteen. Router re-encapsulates the IP packet transmitted by my computer
In step 1, the router removes (decapsulating) an IP packet from the primary frame. In step 2, the router re-encapsulates the package to a new frame addressed to the database server.
I note that myself IP - Package never changes in the forwarding process. The router saves both IP addresses as the sender and the recipient, and replaces only MAC addresses in the Ethernet frame. Next, he sends a new Ethernet frame server. The server, receiving it, retrieves the IP package and says: "Hey! I am 192.168.2.70! This package is intended for me. "
Figure 14 illustrates how the router forwards a package beyond the domain, hiding the MAC addresses of one domain from the other devices. This process is called IP -Marshrutization.
Fig. 14 . Using a router to forward information between domains
In step 1, my computer sends an ARP request to get the MAC address. In step 2, the router sends an ARP response containing its IP address. In step 3, my computer sent a frame addressed to the router, by its MAC address (0073.37C1.5CO1). The frame contains an IP packet addressed to the database server (192.168.2.70). In step 4, the router sends an ARP request to receive the MAC address of the server. In step 5, the server sends an ARP response. Finally, in step 6, the router sends a frame addressed to the database server, by its MAC address (O0DB.DBDB.5O1O); The forwarding frame contains the original IP packet.
It's time to summarize. In fig. 15 shows how the IP packet passes all the way from my computer to the database server without avalanche transmission to all devices.
Fig. 15. Using routing and communication to forward an IP package between domains without avalanche transmission
In step 1, my computer encapsulates the IP package in the frame addressed to the router. The frame is sent to the switch 1, which sends it to the switch 2. In step 2, the router deletes the IP packet, sees the IP address of the recipient and encapsulates it into a new frame addressed to the database server. In step 3, the router forwards a new frame on a switch 2, which sends it to the server.
Management of routers and switches
Now you have a basic understanding of the role of routers and switches. Perhaps you have already been browned with your hands in your finger and try to configure them. But before you try it, you need to get real access to them.
Routers and switches have their own IP addresses. To assign to each router and switch, the IP address usually use a special IP address manager. This manager allows you to administer devices remotely, without having physical access to them. The routers and the switches of your company are almost certainly closed on the key, somewhere in the Camorla of the data center, and even if you get access to them, configure them directly in manual mode is quite difficult. So why you need to have an IP address manager and a password providing administrator powers to configure all devices. Make sure you can do it to tomorrow's lesson.
Download the inventory worksheet.xlsx file. Open IP Address Manager and rewrite the IP addresses of all routers and switches of your company (or your test network). You will also receive authorization data (username (login) and password) that provide administrator powers for each network device.
On your computer, run the command line shell. Learn the MAC address, IP address and the default gateway address by executing the command.
IPConfig / All. . Enter the command
ARP -A. And find out the MAC address of the default gateway. Make the received information to the file Inventory. Works. Heet. .XLSX .
You will be interested in / intresting for you: