Networking Models 89 Figure 2-32 Optical Platform—The Cisco ONS 15454 DWDM Optical Network System Security Devices Because of increased Internet and extranet connections, as well as more telecommuters and mobile users accessing enterprise networks from remote sites, the importance of network security increases. Firewalls, AAA servers, and VPN concentrators are com- ponents or devices related to network security. Firewalls The term firewall refers to either a firewall program running on a router or server or a special standalone hardware component of a network. A firewall protects a private network’s resources from users in other networks. Working closely with a router program, a firewall examines each network packet to determine whether to forward it to its destination. Using a firewall is like using a traffic officer to ensure that only valid traffic can enter or leave certain networks. Figure 2-33 shows a Cisco PIX Firewall 535 series, which is a dedicated network device. 1102.book Page 89 Tuesday, May 20, 2003 2:53 PM 90 Chapter 2: Networking Fundamentals Figure 2-33 Cisco PIX Firewall AAA Servers An AAA server is a server program that handles user requests for access to computer and network resources. An AAA server provides authentication, authorization, and accounting services for an enterprise. The AAA server ensures that only authentic users can get into the network (authentication), that the users are allowed access only to the resources they need (authorization), and that records are kept of everything they do after they are allowed entry (accounting). An AAA server is like the credit card system. To put charges on a credit card, the mer- chant must verify that the credit card actually belongs to the person using it (authenti- cation). The merchant must also check that the credit card has enough credit left for the requested charge amount (authorization), and then the merchant must record the charge to the user’s account (accounting). Figure 2-34 shows an example of where an AAA server is used. Figure 2-34 AAA Server Massachusetts California New Hampshire Vermont Corporate Headquarters AAA Server No Access to HQ Allow Access to HQ Allow Access to HQ • Permit Access from MA • Permit Packets from NH • Permit Packets from VT • Deny All Other Packets 1102.book Page 90 Tuesday, May 20, 2003 2:53 PM Networking Models 91 VPN Concentrators A VPN concentrator offers powerful remote access and site-to-site VPN capability, an easy-to-use management interface, and a VPN client. The Cisco VPN 3000 Concentra- tor Series is a family of purpose-built, remote-access VPN platforms and client soft- ware that incorporates high availability, high performance, and scalability with the most advanced encryption and authentication techniques available today. Figure 2-35 shows a VPN 3000 Concentrator. Figure 2-35 Cisco VPN 3000 Concentrator Wireless Devices A wireless LAN (WLAN) provides all the features and benefits of traditional LAN technologies, such as Ethernet, without the limitations of wire or cables. Some com- mon wireless networking devices include wireless NICs, wireless access points, and wireless bridges. The following sections briefly describe these wireless networking devices. Wireless NICs Each wireless client requires a wireless NIC or client adapter. These are available as PCMCIA and PCI cards to provide wireless connectivity for both laptop and desktop workstations. Laptops or notebook PCs, with wireless NICs, can move freely through- out a campus environment while maintaining connectivity to the network. Wireless PCI and ISA adapters (for desktop workstations) allow end stations to be added to the LAN quickly, easily, and inexpensively without the need for additional cabling. All adapters feature antennas—the PCMCIA card with a built-in antenna and the PCI card with an external antenna. The antennas provide the range required for data trans- mission and reception. Figure 2-36 shows wireless adapters. 1102.book Page 91 Tuesday, May 20, 2003 2:53 PM 92 Chapter 2: Networking Fundamentals Figure 2-36 Wireless Adapters Wireless Access Points The access point (AP) or base station (see Figure 2-37) is a wireless LAN transceiver that can act as a hub—the center point of a standalone wireless network—or as a bridge—the connection point between wireless and wired networks. Multiple APs can provide roaming functionality, allowing wireless users freedom to roam throughout a facility while maintaining uninterrupted connectivity to the network. Figure 2-37 Wireless Access Point 1102.book Page 92 Tuesday, May 20, 2003 2:53 PM Network Topologies 93 Wireless Bridges A wireless bridge, shown in Figure 2-38, provides high-speed (11 Mbps), long-range (up to 25 miles), line-of-sight wireless connectivity between Ethernet networks. Any Cisco AP can be used as a repeater (extension point) for the wireless network. Figure 2-38 Wireless Bridge Network Topologies A network topology defines how computers, printers, network devices, and other devices are connected. In other words, a network topology describes the layout of the wire and devices as well as the paths used by data transmissions. The topology greatly influences how the network works. Networks can have both a physical and a logical topology. Physical topology refers to the physical layout of the devices and media. Physical topologies that are commonly used are ■ Bus ■ Ring ■ Star ■ Extended star Lab Activity OSI Model Encapsulation and Devices In this lab, you describe layers and characteristics of the OSI model. You also identify the encapsulation units and devices that operate at each layer. 1102.book Page 93 Tuesday, May 20, 2003 2:53 PM 94 Chapter 2: Networking Fundamentals ■ Hierarchical ■ Mesh Figure 2-39 illustrates the different physical topologies. Figure 2-39 Physical Topologies Logical topology defines how the medium is accessed by the hosts for sending data. The following sections describe different types of physical and logical topologies. Figure 2-40 shows many different topologies connected by networking devices. It shows a network of moderate complexity that is typical of a school or small business. Figure 2-40 Networking Topologies Bus Topology Ring Topology Star Topology Extended Star Topology Hierarchical Topology Mesh Topology G 1 Internet Main Server Main Switch Workgroup Switch Repeater Bridge Hub E0 F0 E1 T0 D E F 2 A B C L K N M P O H J I FDDI Token Ring 1 1102.book Page 94 Tuesday, May 20, 2003 2:53 PM Network Topologies 95 The following sections describe the different networking topologies in more detail. Bus Topology Commonly called a linear bus, a bus topology connects all the devices using a single cable (see Figure 2-41). This cable proceeds from one computer to the next like a bus line going through a city. Figure 2-41 Bus Topology With a physical bus topology, the main cable segment must end with a terminator that absorbs the signal when it reaches the end of the line or wire. If there is no terminator, the electrical signal representing the data bounces back at the end of the wire, causing errors in the network. Star and Extended-Star Topologies The star topology, shown in Figure 2-42, is the most commonly used physical topology in Ethernet LANs. When installed, the star topology resembles spokes in a bicycle wheel. The star topology is made up of a central connection point that is a device such as a hub, switch, or router, where all the cabling segments meet. Each host in the network is connected to the central device with its own cable. Although a physical star topology costs more to implement than the physical bus topology, the advantages of a star topology make it worth the additional cost. Because each host is connected to the central device with its own cable, when that cable has a problem, only that host is affected; the rest of the network remains operational. This benefit is extremely important and is why virtually every newly designed Ethernet LAN has a physical star topology. A central connection point might be desirable for security or restricted access, but this is also a main disadvantage of a star topology. If the central device fails, the whole net- work becomes disconnected. 1102.book Page 95 Tuesday, May 20, 2003 2:53 PM 96 Chapter 2: Networking Fundamentals Figure 2-42 Star Topology When a star network is expanded to include an additional networking device that is connected to the main networking device, it is called an extended-star topology, as shown in Figure 2-43. Figure 2-43 Extended-Star Topology 1102.book Page 96 Tuesday, May 20, 2003 2:53 PM Network Topologies 97 Ring Topology The logical ring topology is another important topology in LAN connectivity. As the name implies, hosts are connected in the form of a ring or circle. Unlike the physical bus topology, the ring topology has no beginning or end that needs to be terminated. Data is transmitted in a way unlike the logical bus topology. A frame travels around the ring, stopping at each node. If a node wants to transmit data, it is permitted to add that data as well as the destination address to the frame. The frame then continues around the ring until it finds the destination node, which takes the data out of the frame. The advantage of using this type of method is that there are no collisions of data packets. Two types of rings exist: ■ Single ring ■ Dual ring In a single ring, as shown in Figure 2-44, all the devices on the network share a single cable, and the data travels in one direction only. Each device waits its turn to send data over the network. Most single-ring topologies are actually wired as a star. Figure 2-44 Ring Topology In a dual ring, two rings allow data to be sent in both directions, as shown in Figure 2-45. This setup creates redundancy (fault tolerance), meaning that if one ring fails, data can be transmitted on the other ring. Also, if both rings fail, a “wrap” at the fault can heal the topology back into a ring. 1102.book Page 97 Tuesday, May 20, 2003 2:53 PM 98 Chapter 2: Networking Fundamentals Figure 2-45 Dual-Ring Topology Hierarchical Topology A hierarchical topology is created similar to an extended-star topology. The primary difference is that it does not use a central node. Instead, it uses a trunk node from which it branches to other nodes, as shown in Figure 2-46. Two types of tree topolo- gies exist: the binary tree (each node splits into two links) and the backbone tree (a backbone trunk has branch nodes with links hanging from it). Full-Mesh and Partial-Mesh Topologies The full-mesh topology connects all devices (nodes) to each other for redundancy and fault tolerance, as shown in Figure 2-47. The wiring in a full-mesh topology has very distinct advantages and disadvantages. The advantage is that every node is connected physically to every other node, which creates a redundant connection. If any link fails, information can flow through many other links to reach its destination. The primary disadvantage is that for anything more than a small number of nodes, the amount of media for the links and the number of the connections on the lines becomes over- whelming. Implementing a full-mesh topology is expensive and difficult. The full-mesh topology is usually implemented in WANs between routers. Two Links Connected to the Same Networking Device 1102.book Page 98 Tuesday, May 20, 2003 2:53 PM . disconnected. 11 02. book Page 95 Tuesday, May 20 , 20 03 2: 53 PM 96 Chapter 2: Networking Fundamentals Figure 2- 42 Star Topology When a star network is expanded to include an additional networking. network. Figure 2- 37 Wireless Access Point 11 02. book Page 92 Tuesday, May 20 , 20 03 2: 53 PM Network Topologies 93 Wireless Bridges A wireless bridge, shown in Figure 2- 38, provides high-speed (11 Mbps),. Star Topology Hierarchical Topology Mesh Topology G 1 Internet Main Server Main Switch Workgroup Switch Repeater Bridge Hub E0 F0 E1 T0 D E F 2 A B C L K N M P O H J I FDDI Token Ring 1 110 2. book Page 94 Tuesday, May 20 , 20 03 2: 53 PM Network Topologies 95 The following sections describe the different networking