Configuring Access Control Lists (ACL) | Cisco ASA Firewalls
Here is the live config and explanation of Access Control Lists (ACL) and Access Control Entries (ACE) on Cisco ASA. A follow up video will consider NAT.
We’re approaching this by using a lab, built in VIRL. There are three network areas; The inside, the DMZ, and the internet. If you’re a Patreon supporter you can download this lab in VIRL, GNS3, or just the config files (link below).
We’re focusing on the command line, as that’s what you appear to be interested in. But don’t be afraid of the ASDM. It is also a useful tool.
In addition, we’ll talk about the ACL types; Standard (for matching traffic), and Extended (to permit or deny traffic), as well as the more obscure EtherType and WebType.
Through this video, we’re going to enable ping everywhere, enable internal traceroute while blocking external traceroute, see rules with IP addresses and ports, see DNS lookups, configure FQDN ACL’s, and discuss timebomb rules.
We’ll also take a look at using Packet Tracer to simulate traffic through our rules.
I hope you enjoy the video!
Nexus vPC | Configuration on Real Cisco Nexus Switches
In this video, we configure vPC on real Cisco Nexus 9000 switches.
Starting with the basics, and moving through to a deep dive, this real lab shows how Network Engineers can configure peer-link, keep alive link, member ports, orphan ports, and peer gateway.
Useful for CCNA Data Center, CCNP Data Center, and CCIE Data Center.
the pitfall of routing over #vPC, and how to avoid it, using layer-3 peer-router
This video is particularly helpful to network engineers working with vPC in production.
lso useful for CCNP Data Center, and CCIE Data Center
How VRFs Work (VRF Lite) | VRFs Part 1
VRFs, or Virtual Routing and Forwarding, are virtual routing tables. They enable separation of one part of the network from another.
There could be many reasons to do this. It could be for security, to separate the inside network from the DMZ. Or, it could be to separate BU's, or separate customers from each other.
This video explains VRF basics, what they are used for, when they are used, and how they work.
This includes two labs you can follow along with.
The first lab starts at the beginning and shows basic VRF configuration to separate two customers.
The second lab shows how you can use VRFs to force traffic through a firewall for security purposes.
You can download the labs, and practice on your own if you want (Patreon).
https://networkdirection.net/VRF+Lab+1
Dynamic Routing with VRFs | BGP, OSPF, and EIGRP | VRFs Part 2
VRFs, or Virtual Routing and Forwarding, are virtual routing tables. They enable separation of one part of the network from another.
We follow on from where part 2 left off. Here, we look at using VRF's with IGPs to enable dynamic routing.
Join me to see how we can configure a network with VRF's, as well as EIGRP, OSPF, and BGP. You'll also get to see more on how address-families work.
This includes two configuration labs you can follow along with.
(0:14) The first lab will walk you through how OSPF and EIGRP are used when connecting customer routers.
(1:46) The second lab dives deeper by looking at how we can integrate BGP, such as when we connect a WAN router that we don't manage
You can download the labs, and practice on your own if you want (Patreon).
https://networkdirection.net/VRF+Lab+2
Route Target Import and Export | Extending VRF's Across the Core | VRFs Part 3
It's great that we can segregate our customers into virtual routing tables using VRF's. But how do we enable this across many routers?
It would be difficult to manually configure VRFs on each router. Imagine the time and effort spent on this task!
Instead, we can use MP-BGP (Multiprotocol BGP) to tag each route as they're shared. These tags are called route-targets. Now routes can be exported out of a VRF on one router, shared with another router through BGP, and then imported into the correct VRF.
While we're on the topic, how do routes stay unique in the BGP database? VRF's can also be given a tag, called a route-distinguisher, which accomplishes this task.
In this video, we'll see how to configure route distinguishers and route targets to keep customer routes unique. We'll also see how to share routes across a core network. Maybe we'll even see a little introduction to MPLS!
This includes a lab you can follow along with.
You can download the labs, and practice on your own if you want (Patreon).
https://networkdirection.net/VRF+Lab+3
Leak Routes Between We've been very successful in keeping customer routes separate with VRF's. We've even extended this across the core using route-targets, route-distinguishers, and MPLS.
What would happen now if we wanted to share some of our routes with our customers?
This is called route leaking, which we can achieve once again with MP-BGP.
There are a few challenges along the way. What if we want to share all routes in a VRF? What if we want to be selective? And how do we prevent customers from advertising rogue routes?
In this video, we'll see how to configure route leaking and export maps to to share routes between VRFs.
This includes a lab you can follow along with.
You can download the labs, and practice on your own if you want (Patreon).
6 Things You Need To Know About NXOS | Computer Networking
Here are six things that every network engineer should know when using a Cisco Nexus switch!
If you’re working in the data centre, there are a few ways for you to save some time, and a few interesting things you can do. These include:
0:19 Chaining CLI commands
0:52 Working in routing contexts
1:31 Using chaining to get timestamps
2:09 Watching for changes
2:46 Using Variables
3:46 Creating our own commands with command aliases
6 MORE Things You Need To Know About NXOS | Computer Networking
Here are six more things that every network engineer should know when using a Cisco Nexus switch!
If you’re working in the data centre, there are a few ways for you to save some time, and a few interesting things you can do. These include:
0:22 Highlighting CLI Syntax
1:10 Hex and Decimal Conversion
1:53 Creating Snapshots
2:35 Change Logging and Accounting
4:02 Using Grep
4:41 Using the BASH Shell
#VxLAN is a network overlay technology commonly used in the cloud. It is vendor independent so it can run on #Cisco#Nexus, NSX, Open vSwitch, and many more. It can even be used in virtual appliances like the CSR1000v.
VxLAN is a sophisticated way to manage layer-2 networks. It’s like VLAN, with some very special enhancements.
It has a different perspective on the network. There is the underlay fabric, which uses routing such as eigrp or ospf, and the overlay, where the virtual networks live.
LAN segments are called VNI’s. VNI’s keep traffic separate, Just like VLANs. This is part of how VxLAN is used for multitenancy.
Traffic within a VNI reaches a switch with a special interface called a VTEP. The traffic is encapsulated and forwarded over the routed network through a tunnel.
This training series is VxLAN fundamentals explained. Think of it as VxLAN for dummies!
Part 1: Fundamentals - An introduction or primer into the basic concepts and terminology. For example, VxLAN vs VLAN, and host vs gateway
Part 2: Header Format - Follow the packet flow to see the headers added to a frame
Part 3: Spine Leaf Topology - Looks at the hierarchical architecture, and compares it to the newer spine leaf topology
Part 4: Address Learning - BUM traffic, data plane or control plane learning, multicast, and ingress replication
Part 5: Bridging Configuration - A technical deep dive into flood-and-learn (bridging) and multicast configuration on Cisco Nexus 9000 switches
Part 6: BGP EVPN Configuration - A technical deep dive into control plane learning (BGP EVPN) and Ingress replication configuration on Cisco Nexus 9000 switches
These videos is also helpful in CCNA Data Center, CCNP Data Center, and CCIE Data Center.
200-155, DCICT
300-180, DCIT
300-160, DCID
300-165, DCII
There are many meanings of networking, depending upon its use, all are discussed below, but below videos, the compilation is a complete course on internet networking.
1-Networking, in general, is the exchange of information and ideas among people with a common profession or special interest, usually in an informal social setting. Networking often begins with a single point of common ground.
Networking is used by professionals to expand their circles of acquaintances, to find out about job opportunities in their fields, and to increase their awareness of news and trends in their fields or in the greater world. (The term computer networking refers to linking multiple devices so that they can readily share information and software resources.)
Networking often begins with a single point of common ground.
KEY TAKEAWAYS
Networking is used by professionals to widen their circles of acquaintances, find out about job opportunities, and to increase their awareness of news and trends in their fields.
Business owners may network to develop relationships with people and companies they may do business with in the future.
Professional networking platforms provide an online location for people to engage with other professionals, join groups, post blogs, and share information.
Understanding Networking
Networking often begins with a single point of common ground. The most obvious is a professional affiliation, such as stock brokers, but some people find effective networking opportunities in a college alumni group, a church or synagogue social group, or a private club.
For professionals, the best networking opportunities may occur at trade shows, seminars, and conferences, which are designed to attract a large crowd of like-minded individuals.
Networking helps a professional keep up with current events in the field, and develops relationships that may boost future business or employment prospects. Needless to say, it also provides opportunities to help other people find jobs, make connections and catch up on the news.
Business Networking
Small business owners network to develop relationships with people and companies they may do business with in the future. These connections help them establish rapport and trust among people in their own communities.
Successful business networking involves regularly following up with contacts to exchange valuable information that may not be readily available outside the network.
Online Networking
Professional networking platforms such as LinkedIn provide an online location for people to engage with other professionals, join groups, post blogs, and share information. And, of course, they provide a place to post a resume that can be seen by prospective employers, to search for jobs, or to identify job candidates.
These days, a business-to-business customer pipeline can be developed almost entirely through the use of a social networking site. Online networking forum allows professionals to demonstrate their knowledge and connect with like-minded people.
LinkedIn is the largest professional network, but there are many others. Some cater to particular subsets of people, such as Black Business Women Online. Others have a different focus, such as MeetUp, which encourages its members to meet in person off-site. Lunchmeet is just what it sounds like: It's a mobile app that identifies folks in your field who are available locally for a meet-up.
A social networking service (SNS) is an online vehicle for creating relationships with other people who share an interest, background, or real relationship.
Social capital is the practical outcome of informal interactions between people. In business, social capital is the contribution to success that can be attributed to networking, internal, or external.
UNIQUE VIEW;- ''Networking is about, working simultaneously for, in, on, a net as a network is like a fishing net which is crafted in a special pattern, having unlimited Pores & corners where something or some information can pass out and something or some information is blocked or trapped in, those corners and threads joining each other and separating one from another to create the difference, making Predictable and unpredictable possibilities''. VIDEO LECTURES, A NEW WAY OF EDUCATION AND LEARNING;- Networking on the Internet here are some great videos about internet networking.
WATCH VIDEOS TO LEARN
Introduction to Networking | Network Fundamentals Part 1
Interested in learning about networking? Let
Network Direction help you get started. This video is for people that are first
starting out in networking. All you need to bring is interest and enthusiasm.
My goal of the network Fundamental Series is to help anyone wanting to get into
the IT field learn more about Networking. We will introduce you to the
terminology used in the field and help you understand what it means. For
instance, have you heard of protocols? We’re going to see what these are, and
use the #Ethernet protocol as an example. In Part 1 we'll also look at what a network
actually is, and continue by seeing how devices are connected. Have you ever
connected a device over Wi-Fi or plugged in Network Cables to a computer? Delve
behind the scenes and find out how this works.
Now
Cabling Devices | Network Fundamentals Part 2
Now you know
what a network is, it's time to see how they're cabled, and how addresses are
used. This video is for people that are first starting out in networking. All
you need to bring is interest and enthusiasm. My goal of the network
Fundamental Series is to help anyone wanting to get into the IT field learn
more about Networking. Have a deeper look into the #Ethernet
protocol, as dive into cabling and WiFi. We investigate copper cables, and
fibre cables. Full duplex and half duplex. straigh-through and crossover
cables. Each section includes a quiz to get you thinking. The answers to the
quizzes in this video are found at: https://networkdirection.net/Connecti... If you're studying
for CCENT, CCNA, JNCIA, or Network+, this video can help you.
How the OSI Model Works | Network Fundamentals Part 3
The OSI Model Explained Surely you've heard
about the #OSI
model. That's why you're here right? Well, this is the right place for you! In
this video we discuss models, and why they're used. We look into the physical,
data link, network, transport, session, presentation, and application layers,
and how they relate to the real world. And finally, we look at an example. This
shows how a web request flows through each of the layers. For further study, I
recommend: CCENT/CCNA ICND1 100-105 Official Cert Guide (affiliate) https://click.linksynergy.com/link?id... https://networkdirection.net/OSI+Model The answers to the
quizzes in this video are found at: https://networkdirection.net/Understa... In part 4 we'll
Look at how IP addresses work Attribution How to write address on the envelope
correctly https://www.youtube.com/watch?v=HpBqa... The modern postage stamp https://www.youtube.com/watch?v=Fnm0U...
Disclaimer This video contains affiliate links. I receive a small commission at
no cost to you when you purchase using my link #NetworkDirection#CCNA#CCENT
How IP Addresses Work | Network Fundamentals Part 4
Welcome to the fourth part of the Network
Foundation series. This video looks at IP addressing, and how it works. This is
critical information for anyone new to networking or studying for CCNA or
CCENT exams. We start at the beginning, with what IP’s look like, and why Understanding binary is your friend here! (https://youtu.be/o9BIuMklUWA).
Did you know that IP addresses are two addresses in one? Yes, it’s true! An IP
includes the host address, as well as the address of the network it resides in.
Speaking of networks, we have changed how we address them over time. One of the
early methods was to use classes. Perhaps you’ve heard of class A, B, and C
networks? But this has its limitations. So, we also have classless networks, or
CIDR (Classless Inter-Domain Routing). This introduces a new concept: The
subnet mask. Now we can break up networks as we see fit! The next video will
take this further, as we look at IP Addresses in Depth. The CCENT/CCNA study
guide (affiliate): https://click.linksynergy.com/link?id...
IP Addressing in Depth | Network Fundamentals Part 5
You’ve found the fifth part of the Network
Foundation series. Time to dive deeper into IP addresses! This is critical
information for anyone new to networking, or studying for CCNA or CCENT exams
We spoke about CIDR in the last video. We can extend this by using different
subnet masks for different purposes. This is called Variable Length Subnet
Masks (VLSM), and is something you will use every day. Every network has a few
special addresses, like the network and broadcast address. It’s important to
know which addresses these are, so you don’t use them incorrectly. As the
internet has grown, we have used IP addresses faster than ever. There is a
limited pool of IP’s to use, and it is starting to run out! One of the methods
used to slow this down is private addressing (as defined in RFC1918). Do you
know how this conserves IP addresses? Every device needs an address. But how
does it get one? There are two main ways to address devices and one not so
usual one… Finally, we’ll look at the IP header that is applied to each packet.
See some of the more common fields, and how they’re used.
TCP/IP Model (Internet Protocol Suite) | Network Fundamentals Part 6
You’ve seen the OSI model, now see the TCP/IP
model! It started as a competitor but has grown into a suite of commonly used
protocols. It has gained popularity over OSI in a practical sense, as it was
quick to standardize. The OSI model was slower and missed out. We’re going to
look at the four (or is it five?) layers of the TCP/IP model, and see how they
contrast to OSI. The answers to the quiz questions, a must for CCENT and CCNA
candidates, can be found at:
Overview of this video:
4:31 Application layer
5:32 Transport layer
6:51 Network layer
8:08 Data Link layer
9:33 Physical layer
In the next video, we’re looking at the TCP and UDP protocols, what they’re for, and how they’re different.
How TCP and UDP Work | Network Fundamentals Part 7
TCP and UDP are the transport layer protocols
that are used to get data from one application to another. They have several
common features, like port numbers (the network address of the application),
headers, and multiplexing (allowing more than one application to access the
network at a time). But, they also have several differences. For example, TCP
is connection-oriented, while UDP is connectionless. TCP is ‘reliable’ while
UDP is ‘unreliable’. But if TCP has more features, why use UDP at all? The
answer may surprise you! The answers to the quiz questions, a must for CCENT
and CCNA candidates, can be found at: https://networkdirection.net/labsandq... The CCENT/CCNA
study guide (affiliate): https://click.linksynergy.com/link?id...
Overview of this video:
0:22 Ports
0:58 TCP and UDP headers
1:48 Selecting Port Numbers
2:58 Multiplexing
3:47 Sockets
5:04 Connections in Windows
6:06 Quiz 1 and 2
6:39 Comparing TCP and UDP
8:59 Why use UDP?
10:19 Quiz 3, 4, and 5
In the next video, we’re looking how TCP establishes connections, sometimes called the ‘three-way handshake’
Establishing Connections With TCP's Three-Way Handshake | Network Fundamentals Part 8
Establishing Connections With TCP's Three Way
Handshake | Network Fundamentals Part 8 TCP is connection-oriented, while UDP
is connectionless. TCP achieves this with a process called the three-way
handshake. This is three messages between the client and server, which use the
SYN and ACK flags in the TCP header. There is a corresponding process when
closing the connections. This time the FIN flag in the header comes into play.
And in other cases, the RST flag is used. This is in the case of an error,
which can help with troubleshooting. The answers to the quiz questions, a must
for CCENT and CCNA candidates can be found at: https://networkdirection.net/labsandq... The CCENT/CCNA
study guide (affiliate): https://click.linksynergy.com/link?id...
In the next video, we’re looking how TCP manages errors, and how it uses a process called ‘windowing’
How TCP Handles Errors And Uses Windows | Network Fundamentals Part 9
TCP doesn’t detect errors; That’s layer-2’s
job. But it does notice when data is missing, and it is able to retransmit
segments as needed. It does this by using the ACK flag in the TCP header. The
ACK flag acknowledges when segments arrive correctly. To improve efficiency, a
range of segments can be acknowledged at once. The amount of data that can be
acknowledged at a single time is called the window size. When a network link is
stable, the window size can increase, allowing more data to be sent per
acknowledgment. If the link is unstable, the window size shrinks, which lowers
the number of retransmissions. Windowing is TCP’s flow control.
Overview of this video:
0:19 Data Loss
0:50 Acknowledgements
2:52 Windowing
4:27 Quiz #1-2
4:44 Error Recovery
6:05 Dynamic Windows
8:51 Quiz #3-4
In the next video, we’re finally going to see the first steps in configuring a router or switch.
Cisco CLI for Beginners | Network Fundamentals Part 10
You’ve been following on for a while, and now
it’s time to get your keys dirty by starting Cisco router or switch
configuration! Routers and switches come in different sizes and shapes
depending on how they’re used. You might have a devices suited to SOHO,
enterprise, or service provider spaces. The thing that’s usually common to all
these, is that you can configure them using the CLI (Command Line Interface) In
this video we’ll start by looking at a router physically. You’ll see the
console ports (both USB and serial), the data ports, the AUX port, module
slots, and single/dual power supplies. Next, we’ll see how to use a terminal
emulator called Putty to connect to the router using a USB Serial Adapter. From
here you’ll see user exec mode, global exec mode (AKA privileged exec mode) and
configuration mode. While we’re here, we’ll configure an interface with an IP
address, and configure remote access to the router (using SSH). Finally, we’ll
talk about lab options, including physical equipment, GNS3, packet tracer, VIRL
and EVEng. Lab options: https://www.netacad.com/courses/packe...
Overview of this video:
0:52 Physical Overview
5:05 Connecting to the router
8:19 Getting used to the CLI
12:50 Configuring an Interface
17:15 Remote Access
25:11 Running Config and Filesystem
28:08 Lab Options
In the next video, we’re starting to get deeper, by starting switching!
How Switching Works | Network Fundamentals Part 11
Welcome to the start of switching!
Communication is not new, not even electronic communication. In the old days,
to make a telephone call, a switchboard operator needed to patch though your
call. This means that they had to manually create a path for your phone call to
take. Switching is a lot like this. Switching dynamically creates paths for
network traffic to flow through. But it doesn’t do this all on its own.
Ethernet, a protocol that operates at layer 2, is critical to how this works.
Each device that uses ethernet has a MAC address. Frames are sent from one MAC
address to another. Clever devices like bridges and hubs learn these addresses,
and can make better decisions about how traffic is handled because of this
knowledge. It wasn’t always this way though. In the early days we had bus and
ring networks, and eventually hubs. These did not have any intelligence, and
operated solely at layer 1. They were also only half-duplex, and had to handle
collisions. In this video, we walk through the past, and see how it affects the
switching networks that we have today. Finally we’ll go through a lab to see it
all in action.
In the next video, we’re taking it further with VLANs
How VLANs Work | Network Fundamentals Part 12
VLANs are one of the most common technologies
that you will see. Imagine that you have a LAN (a layer-2 broadcast domain),
but you need to separate the devices connected to it. You could buy different
switches for each group of devices, but a better option would be to use VLANs.
VLANs are a Virtual LAN. You have a physical switch, and the ports are assigned
to a VLAN. Devices in one VLAN cannot talk to devices in another VLAN. This is
like using different switches, without having to go out and buy different
switches! Each VLAN has an ID, which ranges from 1 to 4094. Each switch port is
assigned to one of these ports. Any ports with the same VLAN ID are in the same
VLAN, which means they are in the same network. As said before, devices in one
VLAN cannot communicate with devices in another VLAN. To allow communication,
we can use a router that is connected to both VLANs. The router receives
traffic on one VLAN, and passes it to the other VLAN. We will see how all of
this works, and how it’s configured!
Overview of this video:
0:40 Why we need VLANs
3:00 How VLANs Work
7:52 Routing between VLANs
10:32 Quiz Time
10:47 Lab
In the next video, we’re looking to extend our VLANs across several devices using trunking, or tagging.
VLAN Trunk Links | Network Fundamentals Part 13
We’ve seen that VLANs can divide up a switch
into separate logical networks. But what happens when we run out of ports? We
need to buy a new switch. But how do we connect the two switches in a
VLAN-aware network? Do we need a separate link for each VLAN? That could work,
but won’t scale well. What if we have 50 VLANs? Instead, we can use a trunk
link. This uses a process called tagging, where the VLAN ID is added to each
frame, in the form of a small tag in the ethernet header. Now a single link can
be used between the switches, and traffic from different VLANs can pass over
it, all while still keeping the traffic separate. There are a few special VLANs
which work with this. One of these is VLAN 1, which is used for
switch-to-switch control traffic (for example, CDP or LLDP). Another is the
native VLAN, which enables non-VLAN aware devices to connect. Trunking also enables
extra features, like Router On A Stick, or ROAS. This is where a router can
connect to the network using a single trunk link, and forward traffic between
VLANs.
Overview of this video:
0:33 Extending VLANs Across Switches
1:38 How Trunking Works
6:12 Voice VLANs
7:49 Lab (Part 1)
14:14 Quiz #1
14:25 VLAN 1
15:36 Native VLAN
16:30 Lab (Part 2)
21:39 Quiz #2
23:51 ROAS and Lab (Part 3)
In the next video, we’re investigating using a router to provide security using access-lists
Understanding Access Control Lists | Network Fundamentals Part 14
ACLs, or Access Control Lists, are one of the
fundamental ways to control or influence the traffic flowing through your
network. They can be used in several different ways, but in this video, we’ll
look at how to use ACLs as a packet filter. Packet filters use ACL’s to control
traffic that is and is not allowed through the network. An ACL is, as the name
suggests, a list containing Access Control Entries (or ACE). Each entry is a
rule, with ‘match’ conditions. If traffic matches these conditions, then an
action (permit or deny) is applied. Standard ACL’s are the original type, and
can only match based on source address. Extended ACLs are newer can match
on a variety of criteria. There are several ways that ACLs can be configured.
Numbered ACLs, is where each entry in the ACL is identified by a number. Named
ACLs are more advanced, and group the entries inside a container. This video
contains a lab, where you can see how to configure all these options.
Overview of this video:
0:28 What are ACL’s For?
1:00 Anatomy of an ACL
3:11 Wildcard Masks
5:45 Quiz Time
5:55 Types of ACLs
7:49 Applying ACLs
9:32 Quiz Time
9:42 Lab
20:48 Quiz Time
21:02 What about Firewalls?
In the next
few videos, we’re going to have a look at ARP, DHCP, and DNS.
What ARP does | Network Fundamentals Part 15
What ARP does | Network Fundamentals Part 15
ARP, or Address Resolution Protocol, provides IP to MAC address mapping
services. It works by using two messages, the request, and reply. When a host needs
to know the MAC that belongs to an IP, it will broadcast the request message.
The device that owns the IP will reply (unicast) with its MAC address. Any
other host that gets the message will discard it. Once the reply has been
received, the IP to MAC mapping will be stored in the ARP cache, to make the
process faster next time. But if the entry is not used, it will eventually be
removed from the cache. Also of use is GARP, which a host will use to
preemptively notify the local network of its IP and MAC address. This increases
efficiency.
Overview of this video:
0:26 What does ARP Do?
1:32 How Does ARP Work?
2:20 ARP Cache
3:40 RARP and GARP
In the next few videos, we’re going to have a look at DHCP and DNS.
What DHCP is all About | Network Fundamentals Part 16
DHCP, or Dynamic Host Control Protocol, is used
to dynamically assign IP addresses, and other information called options, to
network devices. As devices startup (and at some other times) they broadcast a
DISCOVER message, which is seen by the DHCP server. The DHCP server finds an
available IP address and sends it back in an OFFER message. The client will
see this, and maybe more OFFERs, and choose one. It will send a REQUEST message
to the server, which will confirm the IP allocation with an ACKNOWLEDGE
message. When IP’s are assigned to devices, they’re given a lease. This is the
time they’re valid for. When 50% of a lease expires, the client will try to
renew the lease. It will often get the same IP that it had, but there is no
guarantee and may get something else. As DISCOVER messages are broadcasted,
they only reach the local LAN segment. To extend DHCP services beyond the local
segment, we can configure a DHCP relay on a router or switch. This can intercept
the DISCOVER message and forward it to the server.
Overview of this video:
0:32 The DHCP Process
3:08 Leases
5:02 Options
6:09 Quiz 1
6:20 DHCP Relays
7:50 Lab
15:39 Quiz 2
In the next
video, we’re going to have a look at DNS.
Getting Started with Domain Name System (DNS) | Network Fundamentals Part 17
The Domain Name System (DNS) is the elegant
system used for, among other things, resolving a name to an IP address. Think
about when you put a web address into a web browser. That needs to be converted
to an IP address, so the client will send the DNS server a lookup message, and
the DNS server will send a response. DNS servers contain zones, which is a
container for all the information for a domain. If a DNS server has a zone for
a domain, it is authoritative for that domain. If it is non-authoritative, it
can make its own query, and send it to another DNS server. Inside the zone are
records. These contain the information such as name to IP mappings. This
particular type is called a host or ‘A’ record. Other types include a pointer
(PTR), which is the reverse of the host record, the canonical name (CNAME),
which is an alias, and the Mail Exchange (MX) record, which holds a list of
mail servers. When a server can’t answer a request on its own, it needs to ask
another DNS server for help. One option is to configure another server as a
forwarder. The server performs a recursive query, where it finds a record on
the client’s behalf. The alternative is to use root hints, where the server
asks other servers for hints about where the authoritative DNS server is
located. It does this using recursive queries
Overview of this video:
0:36 The Domain Name Space
2:10 Zones and Records
4:32 Record Types
6:10 A Simple Lookup Process
9:31 Using Forwarders
10:58 Using Root Hints
12:58 Quiz
Static route configuration | Network Fundamentals Part 18
Anyone who’s interested in networking should be
interested in routing. It’s one of the core functions that we need to work
with. ‘Routing’ is how a router (or multi-layer switch) will forward packets
through the network. The router will build a routing table, where it puts
routes. A route is a pointer to a network. It says ‘for this network, send
traffic this way…’ Each router has a routing table, and each router needs to
make its own decisions around how packets should be forwarded. These decisions
will depend on the contents of the routing table. One of the ways we can
‘populate’ the routing table is to configure static routes. These are
configured with the ‘ip route’ command. Another way is to use dynamic routing,
which is covered in the next video. Just like PC’s, routers can have a default
gateway, also known as a ‘gateway of last resort’. This is a ‘catch-all’ route
that is used to forward traffic that doesn’t match any other more specific
rule. Be sure to check out the labs (links below) if you want to try this out
yourself.
Routing Protocols and Traffic Forwarding | Network Fundamentals Part 19
Ready to continue your routing journey? Surely
you’ve noticed that it can be a pain to configure static routes all the time.
It takes forever, they’re difficult to troubleshoot, they don’t adapt to
network changes very well, and it’s easy to make a typo. The alternative is
dynamic routing. Dynamic routing protocols, such as RIP, EIGRP, OSPF, and BGP
help us as they’re more aware of what’s going on. For example, if there’s a
fault, they are able to route traffic along a different path. We’ll be diving
into RIP in the next video, but before we do that, you need to understand a few
rules that routers follow. The first is called Longest Prefix Match (LPM). This
states that if the destination IP address matches more than one route in the
routing table, the route with the longest subnet mask will be chosen. The
second is Administrative Distance (AD). Each source of routing information has
an AD value assigned to it. So, if a route is learned from more than one source
(for example, RIP and OSPF), the router will look at the administrative
distance of both protocols, then it will decide that it prefers OSPF more, and
put that route into the routing table. We can manipulate administrative
distance in some cases. We can create static routes with different AD’s, in
order for them to become floating static routes. If the primary route (wherever
it’s learned from) is lost, the floating static route can take its place.
Overview of this video:
0:32 Dynamic Routing Protocols
2:06 Longest Prefix Match (LPM)
4:43 Administrative Distance (AD)
6:30 Floating Static Routes
8:00 Labs
How RIP Works | Network Fundamentals Part 20
Time to see some dynamic routing in action!
We’re going to start with RIP, or Routing Information Protocol. It’s a simple
protocol that’s been around for a long time. RIP is a type of Distance Vector
Routing Protocol. This has a different approach to a Link State Protocol like
OSPF. While Link State protocols have each router build a full map of the
network, Distance Vector protocols are more concerned with just the next hop.
They have ‘sign posts’ pointing the way. To run RIP, the process must be
started with ‘router rip’. This is also where most RIP configuration goes. This
includes ‘version 2’, to limit the router to RIPv2 only, ‘no auto-summary’ to
prevent automatic summarization to classful boundaries, and network statements
to enable RIP on interfaces, and to advertise their connected routes. If we
don’t want RIP running on all interfaces, we can use ‘passive-interface’ or
‘passive-interface default’ to stop the updates being sent and received, while
still allowing connected routes to be advertised. Of course, we could also consider
authentication between neighbours. We can configure this using MD5, which uses
an encrypted password. Each dynamic routing protocol uses a metric. This is a
way to measure how good a link is. The routing protocol will use this metric to
decide which path is best. RIP uses hop count as its metric. It’s important to
prevent routing loops. Distance Vector protocols do this by using the ‘split
horizon’ rule. This prevents a router from sending an update for a network out
an interface that the network update was received on. If there are bad
networks, RIP can ‘poison’ the route by setting the metric to 16. 16 hops is
invalid in RIP terms. This causes other routers to know that this route is bad
and shouldn’t be used. If a router or a network fails, the network needs to
‘converge’. Convergence is the process that routers go through to find
alternative paths during a failure, or to add new paths when new networks come
online. We want convergence to be as quick as possible. And we shouldn’t forget
the default route. Rather than configure a static route everywhere, we can get
RIP to share the default route with the rest of the network. Be sure to try the
labs, they will be worth your time!
Overview of this video:
0:21 RIP Basics
1:19 Distance Vector and Link State
2:56 RIP Configuration
10:18 Passive Interfaces and Authentication
14:26 Metrics
17:12 Split Horizon and Route Poisoning
19:40 Convergence
22:36 Default Route Distribution
23:40 Labs
How to Use NAT | Network Fundamentals (Part 21)
We have a lot of private IP address in our
networks. But, we can only use public IP addresses on the internet. So how can
our privately-addressed devices access the publicly-addressed internet? With a
technology called Network Address Translation, or NAT. NAT has the ability to
rewrite the source and/or destination IP address in the IP header. A
complimentary technology called Port Address Translation (PAT) can change the
source and destination ports in a TCP or UDP header. A NAT can by static or
dynamic. A static NAT will match an original IP with the same translated IP
every time. Dynamic NAT on the other hand, will use a different mapping each
time. Sometimes we don’t have enough public IP’s to map to, so we will need to
use a different aspect of NAT, called port overloading. This is sometimes
called masquerading. Port overloading lets us assign a different port number to
each translation, so we can conserve the number of public IP’s that we’re
using. A key concept in NAT is understanding where the traffic starts from. Is
it starting within the network, and heading out? Or is is starting somewhere on
the internet, and heading into our network. This makes it easier to understand
bidirectional and unidirectional NAT. Be sure to check out the labs (links
below) if you want to try this out yourself.
Overview of this video:
0:27 What is NAT?
1:41 How NAT Works
5:07 Configuring Static NAT
9:24 Configuring Dynamic NAT
13:15 Port Address Translation
16:20 Port Overload
Does Network Time Really Matter? | Network Fundamentals Part 22
Does it matter if our routers, switches, and
other devices on the network have the correct time and date? Why, yes it does!
Think of logging and troubleshooting, which makes use of timestamps. Think of
security applications like Kerberos and certificates. And think of scheduling
events. We can configure time manually on each router or switch. Unfortunately
this is time consuming, and often inaccurate. So, we have an alternative,
called Network Time Protocol, or NTP. NTP servers provide the correct time to
NTP clients on request. NTP servers are organised into layers called stratum.
Each stratum of NTP servers acts as a client to synchronize their time and date
with a server in the stratum above. We can configure clients to use a local NTP
server in our network (perhaps a Domain Controller), or we can configure them
to use a server on the internet (perhaps from pool.ntp.org). We can even select
a preferred NTP server, and have others configured as backups. Synchronizing
can take a while on the first attempt (perhaps 10 minutes), so you will need to
be patient!
Overview of this video:
0:22 Why Does Time Matter?
1:32 Local Time Sources
3:07 How NTP Works
5:19 Configuring NTP
Sending Logs to a Syslog Server | Network Fundamentals Part 23
Your devices are constantly working, and
constantly generating events. These events are marked with logs. Where do these
logs go? Some of them will stay on the local device, but in a well maintained
network, we can also send out logs to a syslog server. Putting all our logs in
one place will help us to correlate problems across many devices. Syslog is a
well known format for logging. Lots of devices can use them. There are two
important aspects; Facilities and severity levels. A facility represents the
process that generates the log. The severity level refers to how important a
log is. There are eight levels, named emergency, alert, critical, error,
warning, notification, information, and debug. Debug logs are benign while
emergency logs are very important. To help remember the levels, think of the
mnemonic Every Awesome Cisco Engineer Will Need Icecream Daily.
Overview of this video:
0:14 Logging Overview
1:32 Syslog Levels and Facilities
4:09 A Simple Syslog Server
4:43 Syslog Configuration
How SNMP Works | Network Fundamentals Part 24
We can manage proactively, and we can manage
reactively. SNMP is a protocol that can help us with both. A management server
will use SNMP polling to collect information from devices on our network. This
builds charts and dashboards to help us evaluate the health of our network. If
a device has a problem, it may even send an SNMP trap to the management server.
The server can then take an appropriate action, like alert us. SNMP information
is stored in a hierarchical structure called a MIB (Management Information
Base). This is a collection of objects called OIDs (Object Identifiers). These
describe the information that can be collected from devices, and how to
interpret it. When a poll is sent, the server will also specify a community
string. This string is a simple form of authentication. Unfortunately, it is
stored in plan-text, both in the message and in the configuration. There are
three versions of SNMP. v1 came first, and v2 extended this by adding support
for 64-bit counters. v3 added real authentication and encryption. v3 is
recommended in most cases.
Overview of this video:
0:56 Polling and Traps
3:05 MIBs and OIDs
5:06 Community Strings
6:29 Versions
8:12 Configuration
Encryption Basics | Public Key Encryption | SSL
Learn how to keep your Network secure by
understanding the basics of Public Key Encryption, SSL and Cipher Suites. This
video is for you! There’s symmetric cryptography, and asymmetric cryptography
(Also called public key encryption). And they work in different ways. Symmetric
uses keys that are shared with all parties that need to encrypt and decrypt the
information. Sharing the keys among everyone can be tricky to do securely. On
the other hand, asymmetric encryption is completely different. This uses a pair
of keys, public and private, which are always used together. Either can
encrypt, but the other is used to decrypt. The problem is that this is a very
slow process. Good thing we can combine the two to get the best of both worlds.
We can use public key encryption to generate and share private keys (as well as
perform authentication), and then we can use these keys with a symmetric cipher
for the bulk of the secret information. These ciphers, along with a security
protocol (like SSL, TLS, Kerberos, IPSec), a mode of operation, and a hashing
algorithm, make up a cipher suite. But it’s probably easier to understand with
an example, such as an HTTPS connection between a client and a web server. The
client and server will send a ‘client hello’ and ‘server hello’ message, which
includes random numbers, suitable cipher suites, and the server’s certificate.
If they agree to proceed, the client can then generate the pre-master key,
encrypt it with the servers' public key, and send it. Both sides can then use
their three numbers to generate session keys, which are used with the symmetric
cipher for the bulk of encryption. But any of these ciphers can be found to be
insecure in the future. There are a few tricks to learn to keep your systems
secure...
Overview of this video:
0:26 Symmetric vs Asymmetric (public key encryption)
3:36 Security Protocols and Cipher Suites
6:23 An SSL Connection
9:07 Staying Secure
Encryption Basics | Cryptography
In modern cryptography, ciphers are algorithms
that explain the process to encrypt and decrypt our information. Learn more
about Cryptography and Encryption Basics in this video. There are many ciphers
out there, including AES, DES, 3DES, SSL, TLS, RC4, and more. When you’re
thinking about encryption, you’re likely thinking of symmetric encryption. This
is where a key is used to encrypt, and the same key is used for decryption. So,
as you can imagine, the larger the key, the harder it is to break encryption.
And some of they keys we use today are massive! These ciphers may be stream
ciphers, or block ciphers. Block ciphers are more common these days. While
stream ciphers create a large value called the One Time Pad, and encrypt the
entire piece of information at once, block ciphers first break the information
into fixed sized blocks. Once the data is broken into blocks, they are each encrypted
one at a time. The way this is done is called the mode of operation, and some
modes are more secure than others. These include ECB, CBC, GCM, and others. But
let’s not forget that there are other types of encryption. For example, hashing
algorithms work in one direction only (that is, they are non-reversible), and
they don’t require a key. What’s the point of that? They can be used to create
a unique value to represent a piece of information, which in itself has some
very interesting uses.
Overview of this video:
0:27 What are Ciphers?
1:30 Key Size
4:41 Stream Ciphers
7:18 Block Ciphers
9:52 Hashing
What Is Cryptography | Encryption Basics
We’re not all security experts, but we still
need to be aware of security itself, in order to protect ourselves in the
digital age. So, welcome to the Basics of Encryption (Part 1), where we get a
very gentle introduction into the world of cryptography. If you want to know
what is cryptography, then this video is for you! Cryptography / Encryption has
been around for years. Consider the Caesar Cipher and Enigma, both forms of
substitution cipher. These were used during wartime to convert plain text to
cipher text, without enemy forces understanding the original message. And
although old, both of these forms of encryption help us to gain an
understanding into modern encryption. These days encryption is more
complicated, using prime numbers to create keys that are near impossible to
guess, and too hard to compute. That is of course, if you use them correctly...
