CCNA Dis4 - Chapter 2 – Gathering Network Requirements_ppt [Compatibility Mode]
CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
-
Upload
httpheiserzcom -
Category
Documents
-
view
220 -
download
0
Transcript of CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
-
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
1/94
Chapter 1 Introducing network DesignConcepts
CCNA Discovery 4.0
-
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
2/94
Intruduction
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
3/94
Intruduction
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
4/94
Intruduction
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
5/94
Intruduction
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
6/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
Objectives
Review the benefits of a hierarchical network design. Explain the design methodology used by network
designers
Describe the various design considerations at each area of
the network:The core, Distribution and Access layer
The Network Enterprise Edge
The Data Center Server Farm
Remote Worker Support
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
7/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
DescribingNetwork Design
Basics
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
8/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
Network Design Overview
Network Requirements.Business networks must be available nearly 100
percent of the time.
Building a Good Network
Good networks do not happen by accident.They are the result of hard work by network designers
and technicians, who identify network requirementsand select the best solutions to meet the needs of abusiness.
To meet the daily requirements of businesses, networksthemselves are design follow this step:
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
9/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
Network Design Overview
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
10/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
Network Design Overview
Fundamental Design GoalsScalability: Scalable network designs are able to grow
to include new user groups and remote sites and cansupport new applications without impacting the level ofservice delivered to existing users.
Availability: A Network designed for availability is onethat delivers consistent, reliable performance, 24hours aday, 7 days a week. Additionally, the failure ofa single link or piece of equipment should not
significantly impact network.Security: Security is a feature that must be designed
into the network, not added on after the network iscomplete.
Manageability:
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
11/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
The benefits of a hirarchical NetworkDesgian
Hirarchical Network Design: In networking, a hierarchical design is used to group
devices into multiple networks.
The hierarchical design model has three basic layers:
Core Layer - Connects Distribution Layer devices Distribution Layer - Interconnects the smaller local
networks
Access Layer - Provides connectivity for networkhosts and end devices
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
12/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
The benefits of a hirarchical NetworkDesgian
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
13/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
The benefits of a hirarchical NetworkDesgian
Advantages Over Flat NetworksHierarchical networks have advantages over flat
network designs.
The benefit of dividing a flat network into smaller,
more manageable blocks is that local traffic remainslocal.
Only traffic that is destined for other networks ismoved to a higher layer.
Layer 2 devices in a flat network provide little
opportunity to control broadcasts or to filterundesirable traffic.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
14/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
The benefits of a hirarchical NetworkDesgian
The Cisco Enterprise Architectures can be used to further dividethe three-layer hierarchical design into modular areas.
The modules represent areas that have different physical or logicalconnectivity.
Three areas of focus in modular network design are:
Enterprise Campus - This area contains the network elementsrequired for independent operation within a single campus orbranch location.
Server Farm - A component of the enterprise campus, the datacenter server farm protects the server resources and providesredundant, reliable high-speed connectivity.
Enterprise Edge - As traffic comes into the campus network, thisarea filters traffic from the external resources and routes it intothe enterprise network. It contains all the elements required forefficient and secure communication between the enterprisecampus and remote locations, remote users, and the Internet.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
15/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
The benefits of a hirarchical NetworkDesgian
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
16/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
The benefits of a hirarchical NetworkDesgian
The topology
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
17/94
-
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
18/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 18
The benefits of a hirarchical NetworkDesgian
This module offers connectivity to voice, video, and data servicesoutside the enterprise.
This module enables the enterprise to use Internet, partner resources,and provide resources for its customers
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
19/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 19
The benefits of a hirarchical NetworkDesgian
This module allows businesses to extend the applications and servicesfound at the campus to thousands of remote locations and users or to asmall group of branches.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
20/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 20
The benefits of a hirarchical NetworkDesgian
Data centers are responsible for managing and maintaining the manydata systems that are vital to modern business operations. Employees,partners, and customers rely on data and resources in the data centerto effectively create, collaborate, and interact
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
21/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 21
The benefits of a hirarchical NetworkDesgian
Many businesses today offer a flexible work environment to theiremployees, allowing them to telecommute from home offices.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
22/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 22
The benefits of a hirarchical NetworkDesgian
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
23/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 23
The benefits of a hirarchical NetworkDesgian
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
24/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 24
Network Design methodologies
Large network design projects are normally divided into three distinctsteps:
Step 1: Identify the network requirements.
The network designer works closely with the customer todocument the goals of the project.
Goals are usually separated into two categories:Business goals - Focus on how the network can make the
business more successful
Technical requirements - Focus on how the technology isimplemented within the network.
Step 2: Characterize the existing network. Step 3: Design the network topology and solutions.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
25/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 25
Network Design methodologies
Step 2: Characterize the existing network. Information about the current network and services is gathered
and analyzed.
It is necessary to compare the functionality of the existingnetwork with the defined goals of the new project.
The designer determines whether any existing equipment,infrastructure, and protocols can be re-used, and what newequipment and protocols are needed to complete the design.
Step 3: Design the network topology and solutions
A common strategy for network design is to take a top-downapproach.
In this approach, the network applications and servicerequirements are identified, and then the network is designed tosupport them.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
26/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 26
Network Design methodologies
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
27/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 27
Network Design methodologies
Impacting the Entire Network Adding new network applications and making major changes to
existing applications, such as database or DNS structure changes
Improving the efficiency of network addressing or routing protocolchanges
Integrating new security measures Adding new network services, such as voice traffic, content
networking, and storage networking
Relocating servers to a data center server farm
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
28/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 28
Network Design methodologies
Impacting a Portion of the Network Improving Internet connectivity and adding bandwidth
Updating Access Layer LAN cabling
Providing redundancy for key services
Supporting wireless access in defined areas
Upgrading WAN bandwidth
These requirements may not affect many users or require manychanges to the installed equipment.
It is sometimes possible to integrate design changes into the existingnetwork without disrupting the normal network operations for the
majority of network users. This method reduces the costs associated with downtime and speeds
the implementation of the network upgrade.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
29/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 29
Network Design methodologies
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
30/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 30
What happens at the Core Layer?
The Core Layer is sometimes called the network backbone. Routers and switches at the Core Layer provide high-speed
connectivity.
In an enterprise LAN, the Core Layer may connect multiple buildings ormultiple sites, as well as provide connectivity to the server farm.
The Core Layer includes one or more links to the devices at theenterprise edge in order to support Internet, Virtual Private Networks(VPNs), extranet, and WAN access.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
31/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 31
What happens at the Core Layer?
Goals of the Core Layer Provide 100% uptime
Maximize throughput
Facilitate network growth
Core Layer Technologies
Routers or multilayer switches that combine routing and switchingin the same device
Redundancy and load balancing
High-speed and aggregate links
Routing protocols that scale well and converge quickly, such as
Enhanced Interior Gateway Routing Protocol (EIGRP) and OpenShortest Path First (OSPF) protocol
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
32/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 32
What happens at the Core Layer?
Redundant Links Implementing redundant links at the Core Layer ensures that
network devices can find alternate paths to send data in the eventof a failure.
When Layer 3 devices are placed at the Core Layer, theseredundant links can be used for load balancing in addition toproviding backup.
In a flat, Layer 2 network design, Spanning Tree Protocol (STP)disables redundant links unless a primary link fails.
This STP behavior prevents load balancing over the redundantlinks.
Mesh Topology Most Core Layers in a network are wired in either a full mesh or
partial mesh topology.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
33/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 33
What happens at the Core Layer?
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
34/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 34
Network Traffic Prioritization
Preventing Failures Dual power supplies and fans
A modular chassis-based design
Additional management modules
Core layer devices should have hot-swappable components
whenever possible. Hot-swappable components can be installed or removed without
first having to turn off the power to the device.
Reducing Human Error Human errors contribute to network failures.
Unfortunately, the addition of redundant links and equipmentcannot eliminate these factors
Many network failures are the result of poorly planned, untestedupdates or additions of new equipment.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
35/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 35
Network Traffic Prioritization
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
36/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 36
Network Convergence
Convergence Network convergence occurs when all routers have complete and
accurate information about the network.
Factors that affect convergence time include:
The speed at which the routing updates reach all of the routers
in the network The time that it takes each router to perform the calculation to
determine the best paths
Selecting a Routing Protocol Design Considerations
Most networks contain a combination of dynamic and static routes. Network designers need to consider the number of routes required
to ensure that all destinations in the network are reachable.
Large routing tables can take significant time to converge.
The design of network addressing and summarization strategies inall layers affects how well the routing protocol can react to a failure.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
37/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 37
Network Convergence
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
38/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 38
What happens at the Distribution Layer
Distribution Layer Routing The Distribution Layer is built using Layer 3 devices
Routers or multilayer switches, located at the Distribution Layer,provide many functions that are critical for meeting the goals of thenetwork design.
These goals include: Filtering and managing traffic flows
Enforcing access control policies
Summarizing routes before advertising the routes to the Core
Isolating the Core from Access Layer failures or disruptions
Routing between Access Layer VLANs Distribution Layer devices are also used to manage queues and
prioritize traffic before transmission through the campus core.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
39/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 39
What happens at the Distribution Layer
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
40/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 40
What happens at the Distribution Layer
Trunks Trunk links are often configured between Access and Distribution Layer
networking devices. T
Trunks are used to carry traffic that belongs to multiple VLANs betweendevices over the same link.
Redundant Links
When redundant links exist between devices in the Distribution Layer, thedevices can be configured to load balance the traffic across the links.
Load balancing increases the bandwidth available for applications.
Distribution Layer Topology Distribution Layer networks are usually wired in a partial mesh topology.
This topology provides enough redundant paths to ensure that the networkcan survive a link or device failure.
When the Distribution Layer devices are located in the same wiring closetor data center, they are interconnected using Gigabit links.
When the devices are separated by longer distances, fiber cable is used.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
41/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 41
What happens at the Distribution Layer
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
42/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 42
Limiting the Scope of Network Failure
Limiting the Size of Failure Domains Because failures at the Core Layer of a network have a large
impact, the network designer often concentrates on efforts toprevent failures.
These efforts can greatly increase the cost to implement thenetwork.
In the hierarchical design model, it is easiest and usually leastexpensive to control the size of a failure domain in the DistributionLayer.
In the Distribution Layer, network errors can be contained to asmaller area, thus affecting fewer users.
When using Layer 3 devices at the Distribution Layer, every routerfunctions as a gateway for a limited number of Access Layer users.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
43/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 43
Limiting the Scope of Network Failure
Switch Block Deployment Routers, or multilayer switches, are usually deployed in pairs, with
Access Layer switches evenly divided between them.
This configuration is referred to as a building or departmentalswitch block.
Each switch block acts independently of the others. Even the failure of an entire switch block does not impact a
significant number of end users.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
44/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 44
Building a Redundant Network
Redundancy at the Distribution Layer
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
45/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 45
Building a Redundant Network
Redundancy at the Distribution Layer
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
46/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 46
Building a Redundant Network
A high volume, enterprise server is connected to a switch port. If that port recalculates because of STP, the server is down for 50
seconds.
It would be difficult to imagine the number of transactions lost duringthat timeframe.
In a stable network, STP recalculations are infrequent. In an unstable network, it is important to check the switches forstability and configuration changes.
One of the most common causes of frequent STP recalculations is afaulty power supply or power feed to a switch.
A faulty power supply causes the device to reboot unexpectedly.
See Flash: 1.3.3
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
47/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 47
Traffic Filtering at the Distribution Layer
Access control lists (ACLs) are a tool that can be used at theDistribution Layer to limit access and to prevent unwanted traffic fromentering the Core network.
Filtering Network Traffic Standard ACLs filter traffic based on the source address.
Extended ACLs can filter based on multiple criteria including: Source address
Protocols
Destination address
Port numbers or applications
Whether the packet is part of an established TCP stream Both standard and extended ACLs can be configured as either
numbered or named access lists.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
48/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 48
Traffic Filtering at the Distribution Layer
Complex ACLs Dynamic ACL
requires a user to use Telnet to connect to the router andauthenticate.
Once authenticated, traffic from the user is permitted.
Dynamic ACLs are sometimes referred to as "lock and key"because the user is required to login in order to obtain access.
Reflexive ACL
allows outbound traffic and then limits inbound traffic to onlyresponses to those permitted requests.
This is similar to theestablished
keyword used in extendedACL statements, except that these ACLs can also inspect UDPand ICMP traffic, in addition to TCP.
Time-based ACL - permits and denies specified traffic based onthe time of day or day of the week.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
49/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 49
Traffic Filtering at the Distribution Layer
Placing ACLs Traffic that travels into an interface is filtered by the inbound ACL.
Traffic going out of an interface is filtered by the outbound accesscontrol list.
The network designer must decide where to place ACLs within the
network to achieve the desired results.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
50/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 50
Traffic Filtering at the Distribution Layer
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
51/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 51
Traffic Filtering at the Distribution Layer
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
52/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 52
Traffic Filtering at the Distribution Layer
Activity
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
53/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 53
Routing Protocols at the DistributionLayer
Route Summarization
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
54/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 54
Routing Protocols at the DistributionLayer
Route Summarization
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
55/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 55
Routing Protocols at the DistributionLayer
Activity
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
56/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
Investigating
Access Layer
DesignConsiderations
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
57/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 57
What happens at the Access Layer?
The Access Layer represents the edge of the network where enddevices connect. The Access Layer of the campus infrastructure uses Layer 2 switching
technology to provide access into the network.
The access can be either through a permanent wired infrastructure orthrough wireless Access Points.
Wiring closets can be actual closets or small telecommunication roomsthat act as the termination point for infrastructure cabling withinbuildings or within floors of a building.
Many Access Layer switches have Power-over-Ethernet (PoE)functionality.
Unlike a typical wiring closet, inside a server farm or data center theAccess Layer devices are typically redundant multilayer switches thatcombine the functionality of both routing and switching.
Multilayer switches can provide firewall and intrusion protectionfeatures, as well as Layer 3 functions.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
58/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 58
What happens at the Access Layer?
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
59/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 59
What happens at the Access Layer?
The Impact of Converged Networking Many different devices can connect
to an IP network, including:
IP telephones
Video cameras
Video conferencing systems All of these services can be
converged onto a single physicalAccess Layer infrastructure.
However, the logical network designto support them becomes morecomplex due to considerations suchas QoS, traffic segregation, andfiltering.
The Need for Availability
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
60/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 60
What happens at the Access Layer?
Access Layer Management:Access Layer management is crucial dueto: The increase in the number and types of devices connecting at the
Access Layer
The introduction of wireless access points into the LAN
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
61/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 61
What happens at the Access Layer?
Designing for Manageability:In addition to providing basicconnectivity at the Access Layer, the designer needs to consider: Naming structures
VLAN architecture
Traffic patterns
Prioritization strategies Following good design principles improves the manageability and on-
going support of the network by:
Ensuring that the network does not become too complex
Allowing easy troubleshooting when there is a problem
Making it easier to add new features and services in the future
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
62/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 62
Network topologies at the Access Layer
Star topology (Hub and Spoke): The advantages of a star topology include: Easy installation
Minimal configuration
The disadvantages of a star topology are significant:
The central device represents a single point of failure. The capabilities of the central device can limit overall performance
for access to the network.
The topology does not recover in the event of a failure when thereare no redundant links.
Ethernet star topologies usually have a combination of the followingwiring: Twisted pair wiring to connect to the individual end devices
Fiber to interconnect the access switches to the Distribution Layerdevices
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
63/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 63
Network topologies at the Access Layer
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
64/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 64
Network topologies at the Access Layer
How VLANs Segregate and Control
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
65/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 65
How VLANs Segregate and ControlNetwork Traffic
VLANs in the Past With the introduction of Layer 2 switching, VLANs were used tocreate end-to-end workgroup networks.
The networks connected across buildings or even across the entireinfrastructure.
End-to-end VLANs are no longer used in this way.
The increased number of users and the volume of network trafficthat these users generate is too high to be supported.
How VLANs Segregate and Control
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
66/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 66
How VLANs Segregate and ControlNetwork Traffic
VLANs Now Today VLANs are used to separate and classify traffic streams andto control broadcast traffic within a single wiring closet or building.
This approach increases the number of VLANs in a network, whichalso increases the number of individual IP subnets.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
67/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 67
Services at the Network Edge
Providing Quality of Service to Network Applications Networks must provide secure, predictable, measurable and, attimes, guaranteed services.
Networks also need mechanisms to control congestion when trafficincreases.
Congestion is caused when the demand on the network resourcesexceeds the available capacity.
All networks have limited resources. For this reason, networks needQoS mechanisms.
The ability to provide QoS depends on traffic classification and theassigned priority.
Classification Before designing QoS strategies, it is necessary to classify
applications based on specific delivery requirements.
Classifying data at or near the source enables the data to beassigned the appropriate priority as it moves through the entire
network.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
68/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 68
Services at the Network Edge
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
69/94
-
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
70/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 70
Security Measures
Providing Physical Security Physical security of anetwork is very important.Most network intruders gainphysical entry at the AccessLayer.
Obvious measures, likelocking wiring closets andrestricting access tonetworking devices, areoften the most effectiveways to prevent securitybreaches.
Some devices, such askeypad locks, can recordwhich codes are used toenter the secured areas.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
71/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 71
Security Measures
Securing Access layer networking Devices: The simple measuresbelow can provide additional security to networking devices at theAccess Layer:
Setting strong passwords
Using SSH to administer devices
Disabling unused ports
Recommended Practice on Security Security risks cannot be eliminated or prevented completely.
Effective risk management and assessment can significantlyminimize the existing security risks.
When considering security measures, it is important to understandthat no single product can make an organization secure.
True network security comes from a combination of products,services, and procedures as well as a thorough security policyand a commitment to adhere to that policy.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
72/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
Investigating
Server Farms and
Security
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
73/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 73
What is a Server Farm?
Server Farms Recommended practice centralizes servers in server farms. Server farms are typically located in computer rooms and data
centers.
Creating a server farm has the following benefits:
Network traffic enters and leaves the server farm at a definedpoint. This arrangement makes it easier to secure, filter, andprioritize traffic.
Redundant, high-capacity links can be installed to the serversas well as between the server farm network and the main LAN.This configuration is more cost-effective than attempting to
provide a similar level of connectivity to servers distributedthroughout the network.
Load balancing and failover can be provided between serversand between networking devices.
The number of high-capacity switches and security devices is
reduced, helping to lower the cost of providing services.
http://www.bkacad.com/http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
74/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 74
What is a Server Farm?
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
75/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 75
What is a Server Farm?
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
76/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 76
Security, firewalls and DMZs
Data center servers can be the target of malicious attacks and mustbe protected. Attacks against server farms can result in lost business for e-
commerce and business-to-business applications as well asinformation theft.
Both local area networks (LANs) and storage area networks (SANs)must be secured to reduce the chances of such attacks.
Hackers use a variety of tools to inspect networks and to launchintrusion and denial of service (DoS) attacks.
Protecting Server Farms Against Attack Firewalls
LAN switch security features
Host-based and network-based intrusion detection and preventionsystems
Load balancers
Network analysis and management devices
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
77/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 77
Security, firewalls and DMZs
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
78/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 78
Security, firewalls and DMZs
Demilitarized Zones In the traditional network firewall design, servers that needed tobe accessed from external networks were located on ademilitarized zone (DMZ).
Users accessing these servers from the Internet or other untrustedexternal networks were prevented from seeing resources located
on the internal LAN.
LAN users were treated as trusted users and usually had fewrestrictions imposed when they accessed servers on the DMZ.
Protecting Against Internal Attacks Attacks originating on the internal network are now more common
than attacks from external sources. As a result, the design of server farm security is different from the
older DMZ model.
A layer of firewall features and intrusion protection is requiredbetween the servers and the internal networks, as well as
between the servers and the external users.
http://www.bkacad.com/http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
79/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 79
Security, firewalls and DMZs
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
80/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 80
High Availibility
Providing High Availability Building in Redundancy Virtualization
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
81/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
Investigating
Wireless Network
Considerations
C id i U i WLAN
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
82/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 82
Considerations Unique to WLAN
Understanding Customer Requirements Before designing an indoor wireless LAN (WLAN) implementation,the network designer needs to fully understand how the customerintends to use the wireless network.
The designer learns about the network requirements by asking thecustomer questions.
Examples of some of these questions are:
C id i U i WLAN
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
83/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 83
Considerations Unique to WLAN
C id ti U i t WLAN
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
84/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 84
Considerations Unique to WLAN
Physical Network Design Logical Network Design
C id ti U i t WLAN
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
85/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 85
Considerations Unique to WLAN
Open Guest Access To help guest users connect to the network, the Access Pointservice set identifier (SSID) is broadcast.
C id ti U i t WLAN
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
86/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 86
Considerations Unique to WLAN
Secured Employee Access.
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
87/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
Supporting WANs
and remote
workers
Design Considerations at the Enterprise
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
88/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 88
es g Co s de at o s at t e te p seEdge
Cost of Bandwidth
QoS Security
Integrating Remote Sites into the Network
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
89/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 89
g gDesign
Integrating Remote Sites into the Network
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
90/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 90
g gDesign
Integrating Remote Sites into the Network
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
91/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 91
g gDesign
Redundancy and Backup Links
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
92/94
Hc vin mng Bach Khoa - Website: www.bkacad.com 92
Redundancy and Backup Links
1.7.3
Summary
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
93/94
Hc vin cng ngh thng tin Bach Khoa - Website: www.bkacad.com
Summary
Cisco Enterprise Architecture Layer 3 device Redundancy
Distribution Layer Access Layer
http://www.bkacad.com/http://www.bkacad.com/ -
8/3/2019 CCNA Dis4 - Chapter 1 - Introducing Network Design Concepts_ppt [Compatibility Mode]
94/94