CCNA Super Study Guide: Section 2

by C. Casquatch

Space to dump notes for CCNA

End goal is to obtain a CCNA certificate from Cisco and maybe learn networking

Utilities Used

• Neil Anderson (Gold CCNA Bootcamp)
• Jeremy’s IT Lab 200-301 Video Series on Youtube
• Packet Tracer

Environments Used

• Packet Tracer
• GitHub

CCNA 200-301 Exam Notes: 2.0 Network Access

2.1 Configure and Verify VLANs (Normal Range) Spanning Multiple Switches

2.1.a Access Ports (Data and Voice)

Overview

Access ports are switch interfaces configured to connect end hosts. Each access port is associated with a single VLAN, and end hosts connected to these ports are not VLAN-aware. Traffic is restricted to devices within the same VLAN.

Example Access Port Configuration

SW1(config)# vlan 10
SW1(config-vlan)# name Eng
SW1(config)# interface FastEthernet 0/1
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10

SW1(config)# interface range FastEthernet 0/3-5
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10

Verification Methods

1. Method 1:

   SW1# show vlan brief
   

2. Method 2:

   SW1# show interface FastEthernet 0/1 switchport
   

2.1.b Default VLAN

• All switch ports are assigned to VLAN 1 by default.

2.1.c Inter-VLAN Connectivity

Overview

In a typical LAN campus, VLANs are mapped to specific IP subnets. For example:

• Engineering hosts: VLAN 10, Subnet 10.10.10.0/24
• Sales hosts: VLAN 20, Subnet 10.10.20.0/24

Since VLANs separate hosts at Layer 2, communication between VLANs requires Layer 3 routing. Hosts in different VLANs must send traffic via a router or Layer 3 switch to communicate.

Configuration Options

Option 1: Router with Separate Interfaces

• Each VLAN is connected to a dedicated physical interface on the router.
• Advantages: Simple configuration.
• Disadvantages: Requires many physical interfaces, which limits scalability.

Option 2: Router on a Stick (ROAS)

• A single physical interface on the router is configured with sub-interfaces, each tagged with a VLAN ID.
• Advantages: Requires fewer physical interfaces.
• Disadvantages: All inter-VLAN traffic shares the same physical interface, leading to potential bandwidth contention.

Option 3: Layer 3 Switch

• The switch handles routing internally via its backplane, eliminating the need for external cabling to a router.
• Advantages: Efficient routing within the campus; no external cabling needed for VLAN communication.
• Disadvantages: External routers may still be needed for WAN connectivity or advanced services.

Example Configurations

Option 1: Router with Separate Interfaces

Router(config)# interface FastEthernet 0/1
Router(config-if)# ip address 10.10.10.1 255.255.255.0
Router(config-if)# no shutdown

Router(config)# interface FastEthernet 0/2
Router(config-if)# ip address 10.10.20.1 255.255.255.0
Router(config-if)# no shutdown

Option 2: Router on a Stick (ROAS)

Router(config)# interface FastEthernet 0/1
Router(config-if)# no shutdown

Router(config)# interface FastEthernet 0/1.10
Router(config-subif)# encapsulation dot1q 10
Router(config-subif)# ip address 10.10.10.1 255.255.255.0

Router(config)# interface FastEthernet 0/1.20
Router(config-subif)# encapsulation dot1q 20
Router(config-subif)# ip address 10.10.20.1 255.255.255.0

Option 3: Layer 3 Switch

Switch(config)# interface vlan 10
Switch(config-if)# ip address 10.10.10.1 255.255.255.0
Switch(config-if)# no shutdown

Switch(config)# interface vlan 20
Switch(config-if)# ip address 10.10.20.1 255.255.255.0
Switch(config-if)# no shutdown

Switch(config)# ip routing

Summary

• Access Ports: Simplify host connections to VLANs; configured per-port.
• Default VLAN: VLAN 1 is the default for all ports.
• Inter-VLAN Connectivity: Achieved via routers or Layer 3 switches, using one of three main methods:
  • Dedicated router interfaces
  • Router on a Stick (ROAS)
  • Layer 3 switching

Choose the configuration method based on scalability, performance needs, and available hardware.

2.2 Configure and Verify Interswitch Connectivity

2.2.a Trunk Ports

Overview

Trunk ports function as highways between switches, carrying traffic for multiple VLANs. Each VLAN can be thought of as a separate lane on the highway, enabling interswitch VLAN communication.

Example Trunk Port Configuration

SW1(config)# interface FastEthernet 0/24
SW1(config-if)# switchport mode trunk
SW1(config-if)# switchport trunk allowed vlan 10,20

2.2.b 802.1Q (dot1Q)

Overview

802.1Q, commonly referred to as dot1Q, is the industry-standard protocol for VLAN tagging. It is used to encapsulate VLAN information into Ethernet frames.

• Length of VLAN Tag: 4 bytes (32 bits)
• Purpose: Enables traffic from multiple VLANs to traverse the same trunk link.
• Compatibility: Cisco proprietary but also open-source, ensuring broad adoption.

Example 802.1Q Configuration

SW1(config)# interface FastEthernet 0/24
SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport mode trunk

2.2.c Native VLAN

Overview

The Native VLAN is used for untagged traffic on a trunk link. This provides a default lane for packets that do not belong to any VLAN.

• Key Requirement: Both sides of the trunk link must be configured with the same Native VLAN.

Example Native VLAN Configuration

SW1(config)# interface FastEthernet 0/24
SW1(config-if)# switchport trunk native vlan 99

Summary

• Trunk Ports: Enable VLAN traffic between switches.
• 802.1Q: Standard protocol for VLAN tagging, ensuring seamless VLAN communication.
• Native VLAN: Handles untagged traffic; must be consistently configured on both sides of a trunk link.

2.3.b Link Layer Discovery Protocol (LLDP)

Overview

Link Layer Discovery Protocol (LLDP) is an open-standard protocol similar to CDP. It provides the following advantages:

• Discovers information about directly connected devices.
• Compatible with non-Cisco devices, including Linux servers.

Key Differences from CDP

• Default State: May be disabled by default, depending on the switch and version.
• Interface Support: Only supported on physical interfaces.
• Discovery Scope: Limited to one device per port.

LLDP Configuration

• Enable LLDP Globally:

  switch(config)# lldp run
  

• Disable LLDP Globally:

  switch(config)# no lldp run
  

• Disable LLDP Transmit on an Interface:

  switch(config-if)# no lldp transmit
  

• Disable LLDP Receive on an Interface:

  switch(config-if)# no lldp receive
  

• Verification Commands:

  switch# show lldp
  switch# show lldp neighbors
  switch# show lldp neighbors detail
  

Summary

• CDP: Cisco proprietary protocol; enabled by default; facilitates Cisco device discovery.
• LLDP: Open standard protocol; disabled by default on some devices; supports multi-vendor environments.
• Use Cases: Both protocols aid in device discovery and network topology mapping.

2.4 Configure and Verify (Layer 2/Layer 3) EtherChannel (LACP)

To establish an EtherChannel, member interfaces on both sides must match in:

• Speed and duplex.
• Access or trunk mode.
• Native VLAN and allowed VLANs on trunks.
• Access VLAN on access ports.

LACP Configuration

• Interface States: Active or Passive.
  • Both sides must be set to Active or one side Active and the other Passive for the channel to form.
  • Recommendation: Configure both sides as Active.

Example Configuration

SW1 Configuration:

SW1(config)# interface range f0/23 - 24
SW1(config-if-range)# channel-group 1 mode active
SW1(config)# interface port-channel 1
SW1(config-if)# switchport mode trunk

SW2 Configuration:

SW2(config)# interface range f0/23 - 24
SW2(config-if-range)# channel-group 1 mode active
SW2(config)# interface port-channel 1
SW2(config-if)# switchport mode trunk

PAgP Configuration

• Interface States: Desirable or Auto.
  • Both sides must be set to Desirable, or one side Desirable and the other Auto, for the channel to form.
  • Recommendation: Configure both sides as Desirable.

Example Configuration

SW1 Configuration:

SW1(config)# interface range f0/23 - 24
SW1(config-if-range)# channel-group 1 mode desirable
SW1(config)# interface port-channel 1
SW1(config-if)# switchport mode trunk

Static Configuration

• Static EtherChannel requires matching settings on both sides.

Example Configuration

SW1 Configuration:

SW1(config)# interface range f0/23 - 24
SW1(config-if-range)# channel-group 1 mode on
SW1(config)# interface port-channel 1
SW1(config-if)# switchport mode trunk

Verification

To verify EtherChannel configuration:

SW# show etherchannel summary

OR

SW# show spanning-tree vlan 1

EtherChannel Across Redundant Switches

• Matching Settings: Required on both switches for successful EtherChannel.
• Spanning Tree: Sees each port channel as a separate interface. If a loop forms, one path will be blocked.

Multi-Chassis EtherChannel

• Supported by some Cisco technologies for full load balancing and redundancy.
• Examples:
  • StackWise: Catalyst 3750, 3850, 9000 families.
  • VSS (Virtual Switching System): Catalyst 4500, 6500 families.
  • vPC (Virtual Port Channel): Nexus switch family.

Layer 3 EtherChannel

Layer 3 EtherChannel allows routing across the aggregated links. Configuration steps for Layer 3 EtherChannel are specific to routing contexts and hardware platforms.

2.5 Interpret Basic Operations of Rapid PVST+ Spanning Tree Protocol

Terminology

• Switches provide performance and security improvements by forwarding traffic only to known unicast MAC addresses via relevant ports.
• Early switches were called bridges, segmented LANs built with hubs, and had few ports.
• Spanning Tree Protocol (STP) was invented during the bridge era, hence the use of terms like root bridge and bridge protocol data units (BPDUs).

How Spanning Tree Works

• STP is an industry-standard protocol, enabled by default on most switches.
• Switches send BPDUs out all ports when they come online to detect other switches and potential loops.
• A switch will not forward traffic until it ensures a loop-free network.

The Bridge ID

• Each BPDU contains the Bridge ID to uniquely identify the switch.
  • Bridge ID = Unique MAC address + Administrator-defined Bridge Priority.
  • Bridge Priority: Range is 0–65535, with a default of 32768.

Short-Mode vs Long-Mode Path Cost Calculation

• Short-Mode (default): 16-bit values, suitable for older networks (reference value: 20Gbps).
• Long-Mode: 32-bit values, providing granular cost calculations for high-bandwidth networks (reference value: 20 Tbps).

  Acc4# show spanning-tree pathcost method
  SW1(config)# spanning-tree pathcost method long
  

Spanning Tree Path Cost

• Root Bridge is the top of the Spanning Tree.
• Switches forward traffic on the lowest-cost path to the Root Bridge.
• Root Path Cost: The cumulative cost of links from a switch to the Root Bridge.
  • Root Bridge advertises a cost of 0 in its BPDUs.
  • Each switch adds the cost of the incoming link.
• If multiple equal-cost paths exist, the switch selects the path based on:
  1. Neighbor switch’s lowest Bridge ID.
  2. Lowest Port ID if paths go through the same neighbor switch.

Spanning Tree Versions

IEEE Open Standards

1. 802.1D STP: Original implementation; one tree for all VLANs.
2. 802.1w RSTP: Improved convergence time; one tree for all VLANs.
3. 802.1s MSTP: Groups VLANs into separate Spanning Tree instances for load balancing.

Cisco Enhancements

• PVST+: Separate tree per VLAN (based on 802.1D).
• RPVST+: Improved convergence and separate tree per VLAN (based on 802.1w).

Supported Versions

• Most modern Cisco switches support PVST+, RPVST+, and MSTP.
• Default: PVST+.

Manipulating the Root Bridge Election

• Root Bridge acts as the LAN’s center point.
• Set priorities to ensure high-end core switches are the primary and secondary Root Bridges.

  Core1(config)# spanning-tree vlan 1 root primary  # Sets priority to 24576
  Core2(config)# spanning-tree vlan 1 root secondary  # Sets priority to 28672
  

• Custom values must be in increments of 4096 (e.g., 0, 4096, 8192).

Spanning Tree and HSRP Relationship

• Align HSRP configuration with Spanning Tree paths for optimal operation.

Key Concepts and Port Roles

• Root Bridge: Elected based on the lowest Bridge Priority (or MAC address if tied).
• Root Port: Lowest-cost path from a switch to the Root Bridge (one per switch).
• Designated Ports: Ports pointing away from the Root Bridge (all Root Bridge ports are designated).
• Blocking Ports: Prevent loops by blocking unused paths.
  • Ports are selected based on higher cost paths or higher Bridge IDs.

Determining Port Roles

1. Identify the Root Bridge (lowest Bridge ID).
2. Designate all Root Bridge ports as Designated Ports.
3. Determine Root Ports on other switches.
4. Assign opposing ports as Designated Ports.
5. Block remaining ports based on cost or Bridge ID.

Port States

• Blocking: Default state; prevents loops.
• Forwarding: Transitions if no loop detected (can take up to 50 seconds).
• Verification:

  show spanning-tree vlan 1
  show mac address-table
  

PortFast

• Reduces the time for a port to transition to Forwarding state (useful for end hosts).
• Enable on access ports:

  SW1(config-if)# spanning-tree portfast
  

• Can also be applied to trunk ports connected to virtualized hosts or router-on-a-stick configurations:

  SW1(config-if)# spanning-tree portfast trunk
  

Spanning Tree Security Features

BPDU Guard

• Protects PortFast-enabled ports by disabling them if a BPDU is received.

  SW1(config)# interface f0/10
  SW1(config-if)# spanning-tree bpduguard enable
  

Root Guard

• Prevents undesired switches from becoming the Root Bridge.
  • Ports transition to root-inconsistent state if superior BPDUs are received.

Loop Guard

• Detects unidirectional link failures, placing ports into loop-inconsistent state until BPDUs resume.

BPDU Filter

• Stops sending/receiving BPDUs (not recommended except in legacy cases). ``` SW1(config-if)# spanning-tree bpdufilter enable

2.6 Describe Cisco Wireless Architectures and AP Modes

WLAN Modes of Operation

1. Ad-hoc Mode:
   • Devices communicate directly without an Access Point (AP).
2. Infrastructure Mode:
   • Devices connect to a wired LAN, which supports two sub-modes:
     • Basic Service Set (BSS): Utilizes a single AP to create a WLAN.
     • Extended Service Set (ESS): Employs multiple APs to create a WLAN with roaming capabilities.
       • Roaming requires overlapping areas (10% to 15%) between adjacent APs.
       • Non-overlapping channels (e.g., channels 1, 6, 11) are used to avoid interference.

Wireless Network Types

• WPAN: Wireless Personal Area Network (e.g., Bluetooth, range ~10m).
• WLAN: Wireless Local Area Network (e.g., campus network, range ~100m).
• WMAN: Wireless Metropolitan Area Network (e.g., city-wide coverage).

Ad-hoc and Infrastructure Networks

• Ad-Hoc Networks:
  • Two or more wireless stations communicate directly (IBSS: Independent Basic Service Set).
• Infrastructure Mode:
  • Stations communicate via an AP, which can also provide wired network access.

WiFi Direct

• Enables devices to be part of both an AP-connected network and a peer-to-peer wireless network.
• Operates as an extension of infrastructure mode (not IBSS).
• Includes predefined services such as:
  • Miracast: Wireless external monitor.
  • DLNA: Stream music and video.
  • Direct Print.
• WPS: WiFi Protected Setup allows easy network connection setup.

Wireless Bridges and Mesh Networks

• Wireless Bridges:
  • Connect areas without cabling to the network.
• Mesh Networks:
  • One AP serves clients, while another AP radio connects to the backhaul network.

Wireless Access Points (WAPs)

• Provide connectivity between wireless stations and between wireless and wired networks.
• Operate in half-duplex (one device communicates at a time).
• Example: Cisco Aironet Wireless Access Point.

Service Set Concepts

• BSS (Basic Service Set):
  • Centralized access via an AP; devices and their settings form a BSS.
• BSSID (Basic Service Set Identifier):
  • MAC address-based identifier for devices within a BSS.
• BSA (Basic Service Area):
  • Coverage area of an AP (wireless cell).
• SSID (Service Set Identifier):
  • Unique name for the WLAN (e.g., ‘Corporate’).
• Multiple SSIDs:
  • An AP can support multiple SSIDs with distinct settings mapped to different VLANs.
• Beacons:
  • WAPs broadcast WLAN information (SSID, authentication requirements) via beacon frames (can be disabled).
• ESS (Extended Service Set):
  • Single SSID across multiple APs for larger coverage.

Wireless LAN Controllers (WLCs)

• Used for centralized management of multiple APs in large environments.
• Autonomous vs. Lightweight APs:
  • Autonomous: Standalone APs.
  • Lightweight: Managed by a WLC.
• Zero Touch Provisioning:
  • Lightweight APs discover WLC using:
    1. DHCP (Option 43 for WLC IP address).
    2. DNS (Resolves ‘cisco-capwap-controller’).
    3. Local subnet broadcast.
• Configuration Management:
  • APs download settings from the WLC (WLANs, channels, power levels).

CAPWAP Protocol

• CAPWAP (Control And Provisioning of Wireless Access Points):
  • Standard protocol enabling WLC to manage APs.
  • Uses UDP ports 5246 and 5247; communications encrypted via DTLS tunnel.
• Split MAC:
  • Real-time traffic handled by AP; other tasks (e.g., authentication, RF management) handled by WLC.

Traffic Flow and Roaming

• Management traffic passes through the CAPWAP tunnel.
• Roaming:
  • Seamless roaming between APs configured with the same WLANs.

FlexConnect

• Traffic is forwarded locally when FlexConnect is configured.
• Suitable for small branch offices without a WLC.

2.7 Physical Infrastructure Connections of WLAN Components

Wireless Local Area Networks (WLANs) provide the convenience of wireless connectivity to devices within a certain range, enabling seamless communication without the need for physical cables. This guide delves into the physical infrastructure connections of WLAN components, including Access Points (APs), Wireless LAN Controllers (WLCs), and related configurations.

WLAN Overview

What is WLAN?

• WLAN (Wireless Local Area Network): Provides wireless access to a wired campus network.
  • Typical coverage: Within 100 meters of a Wireless Access Point (AP).
• Wireless Access Points (APs):
  • Facilitate connectivity between wireless stations and wired networks.
  • Operate in half-duplex mode, meaning only one device can communicate at a time.

Basic Service Set (BSS) and Identifiers

• Basic Service Set (BSS):
  • A group of wireless devices managed by a single AP.
• Basic Service Set Identifier (BSSID):
  • Uniquely identifies devices within a BSS based on their MAC address.
• Basic Service Area (BSA):
  • Refers to the wireless coverage area of an AP, also known as a wireless cell.
• Service Set Identifier (SSID):
  • Names the WLAN (e.g., Corporate).
  • A single AP can support multiple SSIDs, each potentially linked to different VLANs and security settings.

Distribution System (DS)

• Connects wireless APs to the wired network infrastructure.

Access Point and Wireless LAN Controller (WLC) Operations

Wireless LAN Controller (WLC)

• Purpose:
  • Centrally manages multiple APs in large networks.
  • Supports redundancy and virtual WLCs for enhanced reliability.
• Advantages:
  • Simplifies configuration and monitoring.
  • Enables features like seamless roaming and dynamic channel/power management.

Autonomous vs. Lightweight Access Points

• Autonomous APs:
  • Standalone devices requiring individual configuration.
• Lightweight APs:
  • Centrally managed by a WLC.
  • Configuration is downloaded from the WLC, including WLAN settings and power/channel adjustments.

Zero Touch Provisioning (ZTP)

• Lightweight APs automatically discover their WLC via:
  1. DHCP Option 43: Provides the WLC’s IP address.
  2. DNS: Resolves cisco-capwap-controller to the WLC’s IP address.
  3. Local Subnet Broadcast: Discovers the WLC on the same subnet.

CAPWAP Protocol

• Control And Provisioning of Wireless Access Points (CAPWAP):
  • Standard protocol enabling WLC-AP communication.
  • Encrypted communication within a DTLS CAPWAP tunnel.
  • Uses UDP ports 5246 (control) and 5247 (data).

Split MAC Architecture

• Split MAC Functionality:
  • AP Responsibilities: Handle real-time traffic like beacons, encryption, and client handshakes.
  • WLC Responsibilities: Manage authentication, roaming, and other non-real-time tasks.

Switch Configurations for WLAN

Autonomous AP Configuration

VLAN Setup:

switch(config)# vlan 21
switch(config-vlan)# name Corporate
switch(config)# vlan 22
switch(config-vlan)# name Guest

Trunk Port Configuration:

switch(config)# interface GigabitEthernet1/0/1
switch(config-if)# switchport trunk encap dot1q
switch(config-if)# switchport mode trunk
switch(config-if)# switchport trunk allowed vlan 21, 22

Lightweight AP Configuration

VLAN Setup for Management and WLANs:

switch(config)# vlan 10
switch(config-vlan)# name WLC-Management
switch(config)# vlan 11
switch(config-vlan)# name AP-Management

Trunk Port Configuration for WLC:

switch(config)# interface GigabitEthernet1/0/2
switch(config-if)# switchport trunk encap dot1q
switch(config-if)# switchport mode trunk
switch(config-if)# switchport trunk allowed vlan 10, 11, 21, 22

Access Port Configuration for APs:

switch(config)# interface GigabitEthernet1/0/1
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan 11

Key Technologies and Features

Link Aggregation (LAG)

• Aggregates multiple physical links into a single logical link for:
  • Increased bandwidth.
  • Enhanced redundancy.
• Commonly used between APs, WLCs, and switches to optimize performance.

Seamless Roaming

• Roaming:
  • Wireless clients can move across APs within the same WLAN without losing connectivity.
  • Infrastructure supports seamless handoff for a smooth user experience.

Conclusion

Understanding the physical infrastructure of WLAN components is critical for designing and managing scalable, efficient wireless networks. By leveraging technologies like WLCs, CAPWAP, and LAG, network administrators can ensure robust and seamless wireless connectivity.

2.8 Network Device Management Access: Methods and Protocols

Understanding network device management access methods is crucial for network administrators and CCNA candidates alike. These protocols and technologies facilitate secure and effective communication with network devices, enabling configuration, monitoring, and troubleshooting. Below is an in-depth exploration of various management access methods.

1. Telnet

Telnet is a remote login protocol that allows administrators to access and manage a network device. While functional, Telnet lacks encryption, making it insecure for use over untrusted networks. It should only be used in secure, internal environments where network traffic is not exposed to potential interception.

2. SSH (Secure Shell)

SSH is a secure alternative to Telnet, providing encrypted communication between a client and a server. Commonly used for accessing network devices like Access Points (APs) and Wireless LAN Controllers (WLCs), SSH ensures confidentiality and integrity, making it suitable for untrusted networks.

• Key Features:
  • Encrypted sessions for secure management.
  • Strong authentication mechanisms.
  • Widely supported on network devices.

3. HTTP

HTTP is a widely used protocol for accessing web-based interfaces, such as the GUI of APs and WLCs. However, HTTP transmits data in plaintext, leaving it vulnerable to eavesdropping. Its use is generally discouraged unless combined with encryption methods.

4. HTTPS

HTTPS is the secure version of HTTP, leveraging SSL/TLS encryption to protect data during transmission. It is the recommended protocol for accessing network device GUIs.

• Advantages of HTTPS:
  • Encrypted communication prevents data interception.
  • Ensures the authenticity of the web interface.
  • Suitable for managing devices in untrusted environments.

5. Console Access

A console connection provides direct access to a device’s command-line interface (CLI) using a serial cable and terminal software. This method is particularly useful for:

• Initial Configuration: When other access methods are unavailable.
• Troubleshooting: In scenarios where network connectivity is disrupted.
• Advantages: Does not rely on network availability.

6. TACACS+ and RADIUS

TACACS+ (Terminal Access Controller Access-Control System Plus)

TACACS+ is an Authentication, Authorization, and Accounting (AAA) protocol designed for secure management of network devices. It operates over TCP (port 49) and provides granular control over user roles and actions.

• Features:
  • Encrypts the entire payload for enhanced security.
  • Separates authentication, authorization, and accounting functions.
  • Comprehensive auditing and logging capabilities.
  • Commonly used in enterprise environments.

RADIUS (Remote Authentication Dial-In User Service)

RADIUS is another AAA protocol used for managing network access. Unlike TACACS+, RADIUS operates over UDP and is often implemented in scenarios like ISPs, Wi-Fi authentication, and remote access.

• Key Differences from TACACS+:
  • Only encrypts passwords; other data remains plaintext.
  • Lightweight and faster due to UDP.
  • Lacks detailed command-level logging.
  • Commonly used in remote access and Wi-Fi environments.

7. Cloud-Managed Access

Cloud-managed access shifts the management of network devices to a centralized cloud platform. Examples include AWS, Azure, or Meraki solutions, which provide administrators with a single interface for monitoring and configuring infrastructure.

Key Features:

• Centralized Management:
  • Unified interface for device configuration and monitoring.
  • Built-in auditing and access control features.
• Security:
  • Regular updates and maintenance managed by the provider.
  • Advanced built-in security protocols.
• Automation and Integration:
  • Seamless integration with other cloud services.
  • Automation options for network tasks using tools like AWS Lambda and Amazon CloudWatch.

Advantages:

• Reduces upfront costs for hardware and software maintenance.
• Enables remote management from anywhere with an internet connection.
• Scales effortlessly to accommodate growing infrastructure.

2.9 Interpret the Wireless LAN GUI Configuration for Client Connectivity

This section focuses on understanding how to configure and interpret the wireless LAN (WLAN) settings, particularly for client connectivity. Key aspects include WLAN creation, security settings, Quality of Service (QoS) profiles, and advanced settings.

Quality of Service (QoS)

Quality of Service (QoS) is a mechanism used to prioritize network traffic to ensure that critical data, such as voice and video, is transmitted with minimal delays and maximum reliability. It guarantees that time-sensitive applications receive preferential treatment over less critical traffic.

QoS for Voice and Video

Voice and video applications require specific quality thresholds to ensure a smooth user experience. These applications are sensitive to delay, jitter, and packet loss, which are defined as:

• Latency: The time it takes for a packet to travel from source to destination. For voice and video, latency should be less than 150 ms for a one-way transmission.
• Jitter: The variation in delay between packets. It should be less than 30 ms to prevent disruptions in media playback.
• Packet Loss: The percentage of lost packets. For real-time applications like voice and video, packet loss should be less than 1%.

These thresholds are one-way requirements, meaning that the latency and jitter must stay within the specified limits when a packet travels from the source to the destination. HD video and other high-quality media might have stricter requirements for latency and jitter.

Default Queuing Mechanism: FIFO

The default queuing mechanism used by most routers and switches is FIFO (First In, First Out). This means that when congestion occurs (i.e., the rate of incoming packets exceeds the rate of outgoing packets), the device will send out packets in the order they were received without any priority. This can lead to delays for time-sensitive traffic.

How FIFO Affects Network Traffic

• When a router or switch experiences congestion, packets are queued in the order they arrive and transmitted in the same order.
• For critical traffic like voice or video, this can cause high latency and jitter, which is problematic for real-time applications.

QoS Queuing to Manage Traffic

QoS queuing mechanisms prioritize specific traffic types to reduce latency and ensure that important data, such as voice and video, are transmitted smoothly. By assigning higher priority to critical traffic, QoS can significantly reduce delays for time-sensitive applications.

Go Back