LAN Connection Devices 219 the geographical area past what a single LAN can support, as shown in Figure 4-32. The devices that are used to connect network segments together include bridges, switches, routers, and gateways. Switches and bridges operate at the data link layer of the OSI model. The function of the bridge is to make intelligent decisions about whether or not to pass signals on to the next segment of a network. Bridges can also be used to connect dissimilar protocols and media as with wireless bridges interconnecting Ethernet LANs in a metropolitan area. Figure 4-32 Bridges Segmenting a Network When a bridge receives a frame on the network, the destination MAC address is looked up in the bridge table to determine whether to filter, flood, or copy the frame onto another segment. This decision process occurs as follows: ■ If the destination device is on the same segment as the frame, the bridge blocks the frame from going on to other segments, as shown in Figure 4-33. This pro- cess is known as filtering. ■ If the destination device is on a different segment, the bridge forwards the frame to the appropriate segment, as shown in Figure 4-34. chpt_04.fm Page 219 Tuesday, May 27, 2003 9:01 AM 220 Chapter 4: Cable Testing and Cabling LANs and WANs Figure 4-33 Bridges Segmenting a Network: Filtering Figure 4-34 Bridges Segmenting a Network: Forwarding B XX Hh O U A Rk F L Ct Q V Bh Xc FO L B Ct XX Hh OU B A XX Rk Hh FQ L V Ct Bh Xc In this example, a data packet originates from Computer V and its destination is Computer Xc. The packet reaches its final destination and is not broadcast to other segments of the network. B XX Hh O U A Rk F L Ct Q V Bh Xc FO L B Ct XX Hh OU B A XX Rk Hh FQ L V Ct Bh Xc In this example, a data packet originates from Computer V and its destination is Computer Hh. The bridge checks its table to determine whether or not to allow the signal to continue to other segments of the network. chpt_04.fm Page 220 Tuesday, May 27, 2003 9:01 AM LAN Connection Devices 221 ■ If the destination address is unknown to the bridge, the bridge forwards the frame to all segments except the one on which it was received. This process is known as flooding. If placed strategically, a bridge greatly improves network performance. Switches A switch is sometimes described as a multiport bridge. While a typical bridge might have just two ports (linking two network segments), the switch can have multiple ports depending on how many network segments are to be linked. Like bridges, switches learn certain information about the data packets that they receive from various computers on the network. They use this information to build forwarding tables to determine the destination of data being sent by one computer to another computer on the network as demonstrated in Figure 4-35. Figure 4-35 Switching Table Although some similarities exist between the two, a switch is a more sophisticated device than a bridge. A bridge determines whether the frame is forwarded to the other network segment based on the destination MAC address. A switch has many ports with many network segments connected to them. A switch chooses the port to which the destination device or workstation is connected. Ethernet switches are becoming popular connectivity solutions because, like bridges, they improve network performance (speed and bandwidth). Switching is a technology that alleviates congestion in Ethernet LANs by reducing traf- fic and increasing bandwidth. Switches often replace shared hubs because they work with existing cable infrastructures, which improves performance with a minimum of intrusion into an existing network. chpt_04.fm Page 221 Tuesday, May 27, 2003 9:01 AM 222 Chapter 4: Cable Testing and Cabling LANs and WANs Today, in data communications, all switching equipment performs two basic operations: ■ Switching data frames—The process by which a frame is received on an input medium and then transmitted to an output medium. ■ Maintenance of switching operations—Switches build and maintain switching tables and search for loops. Switches operate at much higher speeds than bridges and can support other functional- ity, such as virtual LANs. An Ethernet switch has many benefits, such as allowing many users to communicate in parallel through the use of virtual circuits and dedicated network segments in a virtually collision-free environment, as shown in Figure 4-36. This arrangement maximizes the bandwidth available on the shared medium. Another benefit is that moving to a switched LAN environment is very cost effective because existing hardware and cabling can be reused. Figure 4-36 Microsegmentation of the Network via Switches Wireless Networking Media A wireless network is an alternative method for connecting a LAN. You don’t need to run any cables, and you can easily move computers. Wireless networks use radio frequency (RF), laser, infrared (IR), or satellite/microwaves to carry signals from one Lab Activity LAN Switches Purchase In this lab, you are introduced to the variety and prices of network compo- nents out in the market. This lab looks specifically at Ethernet switches and NICs. chpt_04.fm Page 222 Tuesday, May 27, 2003 9:01 AM LAN Connection Devices 223 computer to another without a permanent cable connection. Wireless signals are elec- tromagnetic waves that travel through the air. No physical medium is necessary for wireless signals, making them a very versatile way to build a network. A common application of wireless data communication is for mobile use. Some examples of mobile use include commuters, airplanes, satellites, remote space probes, space shuttles, and space stations. At the core of wireless communication are devices called transmitters and receivers. The source interacts with the transmitter that converts data to electromagnetic (EM) waves that are then received by the receiver. The receiver then converts these electro- magnetic waves back into data for the destination. For two-way communication, each device requires a transmitter and a receiver. Many networking device manufacturers build the transmitter and receiver into a single unit called a transceiver or wireless net- work card. All devices in wireless LANs (WLANs) must have the appropriate wireless network card installed. The two most common wireless technologies used for networking are infrared (IR) and radio frequency (RF). IR technology has its weaknesses. Workstations and digital devices must be in the line of sight of the transmitter to operate. An IR-based network suits environments where all the digital devices that require network connectivity are in one room. IR networking technology can be installed quickly, but the data signals can be weakened or obstructed by people walking across the room or by moisture in the air. However, new IR technologies that can work out of sight are being developed. RF technology allows devices to be in different rooms or even buildings. The limited range of the radio signals still restricts the use of this kind of network. RF technology can be on single or multiple frequencies. A single radio frequency is subject to outside inter- ference and geographic obstructions. Furthermore, a single frequency is easily monitored by others, which makes the transmissions of data insecure. Spread spectrum avoids the problem of insecure data transmission by using multiple frequencies to increase the immunity to noise and to make it difficult for outsiders to intercept data transmissions. Security in the Wireless Environment The exponential growth of networking, including wireless technologies, has led to increased security risks. Increasing the security means increasing the time spent manag- ing the system. The first level of security in a wireless LAN consists of protecting the radio frequency waveform itself. Wireless access points radiate radio waves over a large area that is not contained in a physical building, which makes the radio waves accessible to eavesdroppers and thus increases vulnerability. The radio waves of wireless bridges are chpt_04.fm Page 223 Tuesday, May 27, 2003 9:01 AM 224 Chapter 4: Cable Testing and Cabling LANs and WANs concentrated in a beam. An eavesdropper must get into the beam path to intercept the communication. Therefore, wireless access points usually require better security than wireless bridges. If you think someone might eavesdrop on your LAN radio links, encryption is the key. The following sections discuss two wireless security approaches: wired equivalent privacy (WEP) and IEEE 802.1X or Extensible Authentication Protocol (EAP). WEP WEP is the first step in addressing customer security concerns. WEP is a security mech- anism, defined within the 802.11 standard, that is designed to protect the over-the-air transmission between wireless LAN access points and NICs. The IEEE 802.11b requires 40-bit encryption keys. However, many vendors, such as Cisco, support the optional 128-bit standard. The main goals of WEP are ■ Deny access to the network by unauthorized users who do not possess the appro- priate WEP key ■ Prevent the decoding of captured WLAN traffic that is WEP-encrypted without the possession of the WEP key WEP uses the RC4 stream cipher that was invented by Ron Rivest of RSA Data Secu- rity, Inc., (RSADSI) for encryption. The RC4 encryption algorithm is a symmetric-stream cipher that supports a variable-length key. A symmetric cipher uses the same key for both encryption and decryption. The key is the one piece of information that must be shared by both the encrypting and decrypting endpoints. Recently, encryption analysts have reported weaknesses in the authentication and WEP encryption schemes in the IEEE 802.11 WLAN standard. Improvements on WEP have been developed to address the weaknesses found by encryption analysts. However, it is not recommended to use WEP as a sole security mechanism for a WLAN. WEP should be supplemented with additional higher-level security mechanisms such as Virtual Private Networks (VPNs) or firewalls. 802.1X/EAP IEEE 802.1X/Extensible Authentication Protocol (EAP) is an alternative WLAN security approach to WEP, as specified by IEEE 802.11. IEEE 802.1X/EAP focuses on developing a framework for providing centralized authentication and dynamic key distribution. IEEE 802.1X is a standard for port-based network access control. EAP allows wireless client adapters that can support different authentication types to communicate with dif- ferent back-end servers, such as Remote Authentication Dial-In User Service (RADIUS). chpt_04.fm Page 224 Tuesday, May 27, 2003 9:01 AM LAN Connection Devices 225 Cisco Systems has developed a derivation of EAP based on mutual authentication, called Lightweight EAP (LEAP). Mutual authentication means that both the user and the access point to which the user is attempting to connect must be authenticated before access onto the corporate network is allowed. Mutual authentication protects enterprises from unauthorized access points serving as a potential entrance into the network. The Cisco LEAP authentication provides the following benefits: ■ Centralized authentication and key distribution ■ Large-scale enterprise WLAN deployment because of its broad operating system support and dynamic key derivation Host LAN Connectivity: NICs and Interfaces In terms of appearance, a NIC, shown in Figure 4-37 and 4-38, is a printed circuit board that fits into the expansion slot of a bus on a computer’s motherboard or peripheral device. It is also called a network adapter. On laptop/notebook computers, NICs are usually the size of a credit card. Its function is to connect the host device to the network medium. Figure 4-37 Network Interface Card (Circuit Board) NICs operate at both Layer 1 and Layer 2 of the OSI model. NICs are considered Layer 2 devices because each individual NIC throughout the world carries a unique code, called a Media Access Control (MAC) address. This address controls data communication for the host on the network. Layer 2 devices, such as a bridge or switch, use each individual NIC’s MAC address. This MAC address controls data communication for the host on the network. You learn more about the MAC address in later chapters. As its name implies, the NIC controls the host’s access to the medium. For this reason, a NIC also works at Layer 1 because it looks only at bits and not at any address information or higher-level protocols. NICs typically have the transceiver built-in. chpt_04.fm Page 225 Tuesday, May 27, 2003 9:01 AM 226 Chapter 4: Cable Testing and Cabling LANs and WANs Figure 4-38 Network Interface Card (Media Connection) In some cases, the type of connector on the NIC does not match the type of media that needs to be connected to it. A good example is a Cisco 2500 router. On the router, the Ethernet interface is an AUI connector and that connector needs to connect to a UTP CAT 5 Ethernet cable. To do this, a transceiver (transmitter/receiver) is used. The Ethernet transceiver provides the transmit/receive function (because none is built into the Ethernet interface) and at the same time converts one type of signal or connector to another (for example, to connect a 15-pin AUI interface to an RJ-45 jack). In diagrams, NICs have no standardized symbol. It is implied that, when networking devices are attached to network media, a NIC or NIC-like is device present. Wherever a dot is seen on a topology map, it represents either a NIC or an interface (port), which acts like a NIC. Workstation and Server Relationships By using LAN and WAN technologies, many computers are interconnected to provide services to their users. To accomplish this, networked computers take on different roles or functions in relation to each other. Some types of applications require computers to function as equal partners. Other types of applications distribute their work so that one computer functions to serve a number of others in an unequal relationship. In either case, two computers typically communicate with each other by using request/ response protocols. One computer issues a request for a service, and a second computer receives and responds to that request. The requestor takes on the role of a client, and the responder takes on the role of a server. chpt_04.fm Page 226 Tuesday, May 27, 2003 9:01 AM Workstation and Server Relationships 227 Peer-to-Peer Networks In a peer-to-peer network, the networked computers act as equal partners, or peers, to each other. Peer-to-peer networks are also referred to as workgroups. As peers, each computer can take on the client function or the server function. At one time, for example, computer A might make a request for a file from computer B, which responds by serv- ing the file to computer A. Computer A functions as client, while B functions as the server. At a later time, computers A and B can reverse roles. B, as client, makes a print request of A, which has a shared printer attached, and A, as server, responds to the request from B. A and B stand in a reciprocal or peer relationship to each other. In a peer-to-peer network, individual users control their own resources. They can decide to share certain files with other users, as shown in Figure 4-39 and Figure 4-40. They might also require passwords before they allow others to access their resources. Because individual users make these decisions, no central point of control or adminis- tration exists in the network. In addition, individual users must back up their own systems to be able to recover from data loss in case of failures. When a computer acts as a server, the user of that machine might experience reduced performance as the machine serves the requests made by other systems. Figure 4-39 Sharing Files chpt_04.fm Page 227 Tuesday, May 27, 2003 9:01 AM 228 Chapter 4: Cable Testing and Cabling LANs and WANs Figure 4-40 Shared File Peer-to-peer networks are relatively easy to install and operate. No additional equip- ment is necessary beyond a suitable operating system installed on each computer. Most modern desktop operating systems provide support for peer-to-peer networking. Because users control their own resources, no dedicated administrators are needed. A peer-to-peer network works well with a small number of computers, perhaps ten or fewer. As networks grow, peer-to-peer relationships become increasingly difficult to coordinate and manage. Because they do not scale well, their efficiency decreases rapidly as the number of computers on the network increases. Also, individual users control access to the resources on their computers, which means security might be difficult to maintain. The client/server model of network can be used to overcome the limitations of the peer-to-peer network. Client/Server Networks In a client-server arrangement, network services are located on a dedicated computer called a server, which responds to the requests of clients, as shown in Figure 4-41. The server is a central computer that is continuously available to respond to a client’s requests for file, print, application, and other services. Most network operating systems (NOSs) adopt the form of client-server relationships. Typically, desktop computers function as clients and one or more computers with additional processing power, memory, and specialized software function as servers. Lab Activity Building a Peer-to-Peer Network In this lab, you create a simple peer-to-peer network between two PCs. You identify and locate the proper cable, configure workstation IP addresses and test connectivity using the ping command. You also share a folder on one PC and access it with the other. chpt_04.fm Page 228 Tuesday, May 27, 2003 9:01 AM . of intrusion into an existing network. chpt_04.fm Page 2 21 Tuesday, May 27 , 20 03 9: 01 AM 22 2 Chapter 4: Cable Testing and Cabling LANs and WANs Today, in data communications, all switching equipment. variety and prices of network compo- nents out in the market. This lab looks specifically at Ethernet switches and NICs. chpt_04.fm Page 22 2 Tuesday, May 27 , 20 03 9: 01 AM LAN Connection Devices 22 3 computer. eavesdroppers and thus increases vulnerability. The radio waves of wireless bridges are chpt_04.fm Page 22 3 Tuesday, May 27 , 20 03 9: 01 AM 22 4 Chapter 4: Cable Testing and Cabling LANs and WANs concentrated