Unicast: unicast packets are sent from host to host.

The communication is from a single host to another single host. There Is one device transmitting a message destined for one receiver. Broadcast: Broadcast is when a single device is transmitting a message to all other devices in a given address range. This broadcast could reach all hosts on the subnet, all subnets, or all hosts on all subnets Broadcast packets have the host (and/or subnet) portion of the address set to all ones. By design, most modern routers will block IP broadcast traffic and restrict it to the local subnet. Multicast: Multicast is a special protocol for use with IP. Multicast enables a single device to communicate with a specific set of hosts, not defined by any standard IP address and mask combination. This allows for communication that resembles a conference call. Anyone from anywhere can join the conference, and everyone at the conference hears what the speaker has to say. The speakers message isnt broadcasted everywhere, but only to those in the conference hall itself. A special ser of addresses is used for multicast communication.

Website: http://www.linfo.org/time-to-live.html

Time-to-live Definition

The time-to-live (TTL) is the number of hops that a packet is permitted to travel before being discarded by a router. A packet is the fundamental unit of information transport in all modern computer networks, and increasingly in other communications networks as well. A router is a network layer electronic device and/or software that connects at least two networks, such as twoLANs (local area networks) or WANs (wide area networks), and forwards packets between them. A hop is the trip that a packet takes from one router to another as it traverses a network on the way to its destination. The TTL is set in an eight binary digit field in the packet header by the sending host and is used to prevent packets from endlessly circulating on the Internet or other network. When forwarding an IP packet, routers are required to decrease the TTL by at least one. If a packet's TTL field reached zero, the router detecting it discards the packet and sends an ICMP (Internet

control message protocol) message back to the originating host. The ping and the traceroute utilities both make use of the TTL. The latter intentionally sends packets with low TTL values so that they will be discarded by each successive router in the destination path. The time between sending a packet and receiving the ICMP message that it was discarded is used to calculate the travel time for each successive hop. A specific TTL number can indicate the maximum range for a packet. For example, zero restricts it to the same host, one to the same subnet, 32 to the same site, 64 to the same region and 128 to the same continent; 255 is unrestricted.

Website: https://learningnetwork.cisco.com/thread/34420#178065

Classful vs Classless network

Classful is based on the default Class A, B or C networks. - Class A: 0 - 127 with a mask of 255.0.0.0 (/8) - Class B: 128 - 191 with a mask of 255.255.0.0 (/16) - Class C: 192 - 223 with a mask of 255.255.255.0 (/24) All devices in the same routing domain must use the same subnet mask. Since routers running a classful routing protocol do not include subnet mask information with routing updates, the router assumes either its own subnet mask, or defaults to the classful subnet mask. Classless on the other hand, allows the use of variable length subnet masks, or VLSM, because subnet mask information is included with routing updates. You can have a mixture of different subnet masks in the same routing domain: - 10.1.0.0/19 - 10.2.0.0/20 - 172.16.8.0/21 - 172.16.16.0/24

Website:

http://www.cs.rutgers.edu/~pxk/352/notes/autonomous_systems.html

Autonomous Systems
An Autonomous System (AS) is a collection of routers whose prefixes and routing policies are under common administrative control. This could be a network service provider, a large company, a university, a division of a company, or a group of companies. The AS represents a connected group of one or more blocks of IP addresses (called IP prefixes) that have been assigned to that organization and provides a single routing policy to systems outside the AS. Autonomous Systems create a two-level hierarchy for routing in the Internet. Routing between Autonomous Systems (inter-AS routing) is external to the AS allows one AS to send traffic to another AS. An IP prefix is a group of IP addresses expressed in CIDR form (i.e., address/bits, such as 128.6.0.0/16). Note that most organizations do not interconect via autonomous systems but simply connect via a single ISP.

Routers within an AS use an Interior Gateway Protocol (IGP), which handles routing between nodes inside the AS. Common interior gateway protocols include RIP, OSPF, IS-IS, EIGRP, as well as some proprietary protocols such as IGRP. Routing within an Autonomous System (intra-AS routing) is internal to that AS and invisible to those outside it. The AS administrator decides what routing algorithm should run within it.

To get traffic from a host in one AS to a host in another AS, the autonomous systems need to be connected. Most ASes do not share a direct link with each other, in which case data traffic may be routed through the networks of other ASes that agree to carry the traffic. An Exterior Gateway Protocol (EGP) is a routing protocol that handles routing between Autonomous Systems (inter-AS routing). BGP version 4, the Border Gateway Protocol, is the de facto standard EGP for inter-AS routing. At some point in the future, the Internet is expected to adopt IDRP, the OSI Inter-Domain Routing protocol.

Inter-AS Routing

Figure 1. Inter-AS routing

A routing policy defines how routing information is exchanged between the ASes. For example, suppose two ASes, ASx and ASy, are connected to each other via a link between two gateway routers. Suppose that ASx knows how to reach some network, NET1, that is defined by an IP prefix. This network may be within ASx or may be external to it. Suppose that ASy knows how to reach some other network, NET2.

For systems on NET1 to be able to send messages to systems on NET2, and vice versa, traffic will need to flow between ASx and ASy. This means that ASx needs to announce to ASy that it has a route to NET1 and ASy needs to announce to ASx that it has a route to NET2. The exterior gateway protocol is used to do this. ASx and ASy can then decide whether to accept this information or discard it (if, for example, they have better routes to those networks).

Website: http://packetlife.net/blog/2008/jun/19/ospf-network-types/

OSPF network types

By stretch | Thursday, June 19, 2008 at 3:38 a.m. UTC

Having worked almost exclusively with Ethernet transport my whole career, it took me a while to really grasp the concept of non-broadcast networks. Dynamic routing protocols, particularly OSPF, demand familiarity with all sorts of layer two topologies, so I knew I had to better educate myself on the matter. Fortunately, working with Dynamips and virtual frame relay networks provided the experience I needed to feel comfortable implementing all the different OSPF network types. OSPF addresses three classes of network (as listed in section 1.2 of RFC 2328): point-to-point, broadcast, and non-broadcast.

Point-to-Point

This is by far the simplest network type, and serves as a convenient anchor from which to advance the discussion. A point-to-point network is, as its name aptly describes, a link between exactly two points (or routers). A packet sent from on of the routers will always have exactly one recipient on the local link.

Broadcast
Obviously, point-to-point links don't scale well. A much more efficient manner of connecting a large number of devices is to implement a multiaccess segment; that is, a segment which can be accessed by multiple end points. An Ethernet segment is an example of such a network.

Ethernet networks support broadcasts; a single packet transmitted by a device can be multiplied by the medium (in this case an Ethernet switch) so that every other end point receives a copy. This is advantageous not only in bandwidth savings, but also in facilitating automatic neighbor discovery. In the example pictured above, R1 can multicast (a broadcast intended only for certain recipients) an OSPF hello message to the link, knowing that all other OSPF routers connected to the link will receive it and reply with their own multicast message. Consequently, neighbors can quickly identify each other and form adjacencies without knowing addresses beforehand. Isn't that convenient?

OSPF routers on a multiaccess segment will elect a designated router (DR) and backup designated router (BDR) with which all non-designated routers will form an adjacency. This is to ensure that the number of adjacencies maintained does not grow too large; a segment containing ten routers would require 45 adjacencies to form a mesh, but only 17 when a DR and BDR are in place.

Non-Broadcast
Unfortunately, not all multiaccess technologies support broadcast transmissions. Frame relay and ATM are probably the most common examples of non-broadcast transport, requiring individual permanent virtual circuits (PVCs) to be configured between end points.

Notice in the frame relay topology pictured above, R1 must craft and transmit an individual packet for every destination he wants to reach. Aside from being horribly inefficient with regard to bandwidth, this limitation requires the router to know the addresses of his neighbors before he can communicate to them. OSPF can operate in one of two modes across a non-broadcast network: non-broadcast multi-access (NBMA) or point-to-multipoint. Each of these topologies tackles the absence of broadcast capability from a different direction. Non-Broadcast Multi-Access (NBMA) An NBMA segment emulates the function of a broadcast network. Every router on the segment must be configured with the IP address of each of its neighbors. OSPF hello packets are then individually transmitted as unicast packets to each adjacent neighbor. As in a true broadcast network, a DR and BDR are elected to limit the number of adjacencies formed. Point-to-Multipoint A point-to-multipoint configuration approaches the non-broadcast limitation in a different manner. Rather than trying to emulate broadcast capability, it seeks to organize the PVCs into a collection of point-topoint networks. Hello packets must still be replicated and transmitted individually to each neighbor, but the multipoint approach offers two distinct advantages: no DR/BDR is needed, and the emulated point-topoint links can occupy a common subnet. All routers attached to a non-broadcast network must be manually configured to recognize it as a point-tomultipoint segment:

Router(config-if)# ip ospf network point-to-multipoint [non-broadcast]

The non-broadcast parameter can be appended to the OSPF network type to force unicasting of packets rather than relying on multicast. This might be necessary when dynamic circuits are in use.

Website: http://www.omnisecu.com/cisco-certified-network-associate-ccna/functions-of-a-networkswitch.htm

Functions of a Network Switch

Three basic functions of a switch are Learning, Forwarding and Preventing Layer 2 Loops.

Learning
Learning is the process of obtaining the MAC address of connected devices. When a frame reaches into the port of a switch, the switch reads the MAC address of the source device from frame and compares it to its MAC address table (also known as CAM (Content Addressable Memory) table). If the switch cannot find a corresponding entry in MAC address table, the switch will add the address to the table with the port number via the frame arrived. If the MAC address is already available in the MAC address table, the switch compares the incoming port with the port already available in the MAC table. If the port numbers are different, the switch updates the MAC address table new port number. This will normally happen when network administrators remove the cable from one port and attach it to another port. Whenever switch updates an entry in the MAC address table, the switch resets the timer for that entry. Timers are used in aging process of old entries. Aging helps to remove old entries and free memory of MAC address table to add new entries.

Forwarding
Forwarding is the process of passing network traffic a device connected to one port of a Network Switch to another device connected to another port on the switch. When a Layer 2 frame reaches a port on the Network Switch the switch reads the source MAC address of the frame as a part of learning function, and it also reads the destination MAC address also as a part of forwarding function. The destination MAC address is important to determine the port number which the destination device is connected. If the destination MAC address is found on the MAC address table, the switch forwards the frame via the corresponding port of the MAC address. If the destination MAC address is not found on the MAC address table, the switch forwards the frame through all its ports except the source port. This is known as flooding. Normally flooding happens when the network switch is starting up. Flooding prevents loss of traffic when the switch is learning. When the destination device receives the frame and sends a reply frame to the source device, the switch reads the MAC address of the destination device and adds it to the MAC address table, which is the function of learning process.

If the source MAC address is same as the destination MAC address, the switch will drop the frame. This is known as filtering. This will normally happen if there is a hub connected to a port of the switch, and both the source device and destination device are connected to the hub.

Preventing Layer 2 Switching Loops

In practical Local Area Networking, redundant links are created to avoid complete network failure in an event of failure in one link. Redundant links can cause layer 2 switching loops and broadcast storms. It is the function of a network switch to prevent layer 2 switching loops and broadcast storms.

Website: http://www.dummies.com/how-to/content/spanning-tree-protocol-stp-and-portfast.html

Spanning Tree Protocol (STP) and PortFast

By Edward Tetz from Cisco Networking All-in-One For Dummies The time Spanning Tree Protocol (STP) takes to transition ports over to the Forwarding state can cause problems. PortFast is a Cisco network function which can be configured to resolve this problem. This factor of time is not an issue for many people, but it can cause problems for some. For example, if you power up my computer in the morning, power goes to the network card immediately, and the port on the switch enters the Listening state. By the time the OS wants to start up the network card drivers and get an address from DHCP, the port on the switch is in Forwarding state, which works well most of the time. If, however, you had unplugged the NIC on the laptop to move it to another desk, Windows will tell you that it has a problem communicating on the network. Why? The NIC connected to the port changed the link state of the port to Up, Windows immediately tried to get a DHCP address, but the port is not yet in a Forwarding state. This is a common problem when using STP on your network. In a few more seconds, Windows will attempt to get an IP address again, and it will succeed. The other time you may see this issue is with Pre-Boot Execution (PXE) devices, such as Windows Deployment Services. The following figure shows a typical PXE implementation. Here is what happens with PXE: You apply power to your computer, which activates the NIC, but less than five seconds later, the computers POST finishes and the NIC attempts to get an IP address from DHCP so that it can load a boot image directly from the PXE server, which fails. The computer attempts to get an IP address from a DHCP server several times within approximately 10 seconds, after which it gives up and moves onto another boot device, such as the hard drive. The unfortunate part of this process is that because it fails to get an IP address or connect with the PXE server, you are not able to install your new operating system image on that computer. The problem with this scenario is that because STP makes the computer wait 45 seconds prior to forwarding traffic on the port, the PXE network boot has timed out.

PortFast is the solution to this problem of delays when client computers are connecting to switches. PortFast is not enabled by default. With PortFast enabled on a port, you effectively take the port and tell spanning tree not to implement STP on that port. This solution is not a bad one if only one computer is plugged into the port so that people will not be creating accidental loops on the network, which can be frighteningly easy to do.

Setting PortFast on all ports

While there may be some ports you want to exclude from the PortFast configuration, if you want most ports to use PortFast you make that default setting. To set PortFast on all ports from Global Configuration mode, use the command spanning-tree portfast default: Switch2> enable Switch2# configure terminal Switch2(config)#spanning-tree portfast ? bpdufilter bpduguard default Enable portfast bdpu filter on this switch Enable portfast bpdu guard on this switch Enable portfast by default on all access ports

Setting PortFast on specific ports

You can also implement PortFast on specific ports, as illustrated here, where the following command enables PortFast for FastEthernet ports 1 through 10. Notice the big warning about the dangers of PortFast. Switch2#configure terminal Enter configuration commands, one per line. Switch2(config)#interface range Switch2(config)#interface range fastEthernet 0/1 -10 End with CNTL/Z.

Switch2(config-if-range)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast will be configured in 10 interfaces due to the range command but will only have effect when the interfaces are in a non-trunking mode. Switch2(config-if-range)#end The BPDU Guard option removes the danger expressed in the warning. In this case, I incorrectly selected my ports, and ports 1 and 2 should have spanning tree enabled normally on them. BPDU Guard throws up warnings right away to prevent the loop that has been created from causing a problem on my network. When a PortFast port with BPDU Guard on it sees a BPDU frame, the action causes the switch to say, Hey, this port is configured incorrectly! and immediately the switch puts that port in an error state. Switch2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch2(config)#interface range fastEthernet 0/1 -10 Switch2(config-if-range)#spanning-tree bpduguard enable Switch2(config-if-range)# 3d14h: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/2 with BPDU Guard enabled. Disabling port. 3d14h: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/2, putting Fa0/2 in errdisable state 3d14h: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/1 with BPDU Guard enabled. Disabling port. 3d14h: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/1, putting Fa0/1 in errdisable state 3d14h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down 3d14h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down 3d14h: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down 3d14h: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down Switch2(config-if-range)#end To correct the error state on the port, connect to that port in Interface Configuration mode and then shut down and reenable those ports as shown here: Switch2#configure terminal Enter configuration commands, one per line. Switch2(config)#interface range Switch2(config)#interface range fastEthernet 0/1 -10 Switch2(config-if-range)#shutdown Switch2(config-if-range)#no shutdown End with CNTL/Z.

Website: http://www.webopedia.com/TERM/S/static_NAT.html

Static NAT
A type of NAT in which a private IP address is mapped to a public IP address, where the public address is always the same IP address (i.e., it has a static address). This allows an internal host, such as a Web server, to have an unregistered (private) IP address and still be reachable over the Internet.

Dynamic NAT
A type of NAT in which a private IP address is mapped to a public IP address drawing from a pool of registered (public) IP addresses. Typically, the NAT router in a network will keep a table of registered IP addresses, and when a private IP address requests access to the Internet, the router chooses an IP address from the table that is not at the time being used by another private IP address. Dynamic NAT helps to secure a network as it masks the internal configuration of a private network and makes it difficult for someone outside the network to monitor individual usage patterns. Another advantage of dynamic NAT is that it allows a private network to use private IP addresses that are invalid on the Internet but useful as internal addresses.

Port address translation

Short for port address translation, a type of network address translation. During PAT, each computer on LAN is translated to the same IP address, but with a different port number assignment. PAT is also referred to as overloading, port-level multiplexed NAT or single address NAT.

Website:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml

Inside local addressThe IP address assigned to a host on the inside network. This is the address configured as a parameter of the computer OS or received via dynamic address allocation protocols such as DHCP. The address is likely not a legitimate IP address assigned by the Network Information Center (NIC) or service provider. Inside global addressA legitimate IP address assigned by the NIC or service provider (ISP) that represents one or more inside local IP addresses to the outside world. Outside local addressThe IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside. Outside global addressThe IP address assigned to a host on the outside network by the host owner. The address is allocated from a globally routable address or network space. Local addressA local address is any address that appears on the inside portion of the network. Global addressA global address is any address that appears on the outside portion of the network.

The Outside Local and Outside Global entries will have the same IP address of the Outside host, which is 171.16.68.1.

Website:

http://en.wikipedia.org/wiki/CSU/DSU

CSU/DSU
From Wikipedia, the free encyclopedia

A CSU/DSU (Channel Service Unit/Data Service Unit) is a digital-interface device used to connect a Data Terminal Equipment device or DTE, such as a router, to a digital circuit, such as a T1line. The CSU/DSU implements two different functions. The CSU is responsible for the connection to the telecom network while the DSU is responsible for handling the interface with the DTE. A CSU/DSU is the equivalent of the modem for an entire

Channel Service Unit/Data Service Unit

A CSU/DSU (Channel Service Unit/Data Service Unit) is a hardware device about the size of an external modem that converts digital data frames from the communications technology used on a local area network (LAN) into frames appropriate to a wide-area network (WAN) and vice versa. For example, if you have a Web

business from your own home and have leased a digital line (perhaps a T-1 or fractional T-1 line) to a phone company or a gateway at an Internet service provider, you have a CSU/DSU at your end and the phone company or gateway host has a CSU/DSU at its end. The Channel Service Unit (CSU) receives and transmits signals from and to the WAN line and provides a barrier for electrical interference from either side of the unit. The CSU can also echo loopback signals from the phone company for testing purposes. The Data Service Unit (DSU) manages line control, and converts input and output between RS-232C, RS-449, or V.35 frames from the LAN and the time-division multiplexed (TDM) DSX frames on the T-1 line. The DSU manages timing errors and signal regeneration. The DSU provides a modem-like interface between the computer as Data Terminal Equipment (DTE) and the CSU. A CSU/DSU operates at the physical layer (layer 1) of the OSI model. CSU/DSUs are also made as separate physical products; CSUs and DSUs. The DSU or both functions may be included as part of an interface card inserted into a DTE. If the CSU/DSU is external, the DTE interface is usually compatible with the V.xx or RS232C or similar serial interface.

WIC (WAN Interface Card

The WIC (WAN Interface Card) may contain an integrated CSU/DSU that can be inserted into a router slot. An example of a WIC is the 1-port 56/64-kbit/s DSU/CSU WIC (WIC-1DSU-56K4) from Cisco Systems.

Website: https://learningnetwork.cisco.com/thread/40838 DTE (Data Terminal Equipment) name indicates this is a piece of device that ends a communication line, whereas the DCE (Data COmmunication Equipment) provides a path for communication. in other words DTE is the device that receives clocking while DCE is the device that provides clocking. Let's say we have a computer on which wants to communicate with the Internet through a modem and a dial-up connection. To get to the Internet you tell your modem to dial the number of your provider. After your modems has dialed the number, the modem of the provider will answer your call and your will hear a lot of noise. Then it becomes quiet and you see your login prompt or your dialing program tells you the connection is established. Now you have a connection with the server from your provider and you can wander the Internet. In this example you PC is a Data Terminal (DTE). The two modems (yours and that one of your provider) are DCEs, they make the communication between you and your provider possible. But now we have to look at the server of your provider. Is that a DTE or DCE? The answer is a DTE. It ends the communication line between you and the server.

25 pin DTE devices transmit on pin 2 and receive on pin 3. 25 pin DCE devices transmit on pin 3 and receive on pin 2. 9 pin DTE devices transmit on pin 3 and receive on pin 2. 9 pin DCE devices transmit on pin 2 and receive on pin 3. A CSU/DSU is a device used to connect a device or DTE, such as a router, to a digital circuit, such as a T1 line. The CSU/DSU implements two different functions. The CSU is responsible for the connection to the telecom network while the DSU is responsible for handling the interface with the DTE. A CSU/DSU is the equivalent of the modem

Refering to CCNA exploration v4 [Accessing the WAN] from Cisco Academy, Cisco mentions that a DCE device is commonly a modem or CSU/DSU. Then at Frame Relay section ,cisco mentions that the CO switch is a DCE device. Furthermore in my LAB I have a Router marked as DCE device ! Who can explain this, svp ? I've attached some figures from Cisco material

Finally I got it !!! I made it as a table. WAN connection

Leased Line PSTN (analog) ISDN (digital) X.25 ATM Frame Relay DSL Cable HFC

DTE
CSU/DSU

DCE

DCE Location Customer Customer Customer Customer Service Provider Service Provider Customer Customer

Dial up modem TA /NT1 CSU/DSU ATM switch Frame Relay modem DSL modem Cable modem

DCE

Therefore ,we conclude that there are two different definitions of Local Loops 1- between the Demarc and the CO switch OR 2- between DTE (router) and DCE (switch)
DCE devices might be: CS/DSUs, Modems, WAN switches, Access Servers or Routers

Website: http://www.tldp.org/LDP/nag/node120.html CHAP versus PAP

With PPP, each system may require its peer to authenticate itself using one of two authentication protocols. These are the Password Authentication Protocol (PAP), and the Challenge Handshake Authentication Protocol (CHAP). When a connection is established, each end can request the other to authenticate itself, regardless of whether it is the caller or the callee. Below I will loosely talk of `client' and `server' when I want to distinguish between the authenticating system and the authenticator. A PPP daemon can ask its peer for authentication by sending yet another LCP configuration request identifying the desired authentication protocol. PAP works basically the same way as the normal login procedure. The client authenticates itself by sending a user name and an (optionally encrypted) password to the server, which the server compares to its secrets database. This technique is vulnerable to eavesdroppers who may try to obtain the password by listening in on the serial line, and to repeated trial and error attacks.

CHAP does not have these deficiencies. With CHAP, the authenticator (i.e. the server) sends a randomly generated ``challenge'' string to the client, along with its hostname. The client uses the hostname to look up the appropriate secret, combines it with the challenge, and encrypts the string using a one-way hashing function. The result is returned to the server along with the client's hostname. The server now performs the same computation, and acknowledges the client if it arrives at the same result. Another feature of CHAP is that it doesn't only require the client to authenticate itself at startup time, but sends challenges at regular intervals to make sure the client hasn't been replaced by an intruder, for instance by just switching phone lines.
PAP and CHAP: Website: http://www.modemhelp.net/faqs/auth.shtml What is PAP? What is CHAP? What is realm authentication?

Once the username and password are checked and cleared, the modem card takes an IP from its available pool, packages it with other info like the modem card's IP (for the gateway) and the DNS servers, and sends it down the line to the user's computer to establish a PPP connection. The exchange of data in manual logins is plain text. For a faster, more secure authentication, most ISP's use Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). PAP works as follows: 1. After the link is established, the client sends a password and username to the server bundled as one LCP packet. 2. The server (the modem card in the modem racks) recognizes the packet as a PAP authentication request, and sends the data to the RADIUS server (the database of usernames and passwords). 3. RADIUS either validates the request and sends back an acknowledgement to the modem card, terminates the connection, or offers the client another chance. Passwords are sent as plain text. The difference between PAP authentication and a manual or scripted login, is that PAP is not interactive. The username and password are entered in the client's dialing software and sent as one data package as soon as the modems have established a connection, rather than the server sending a login prompt and waiting for a response. CHAP is a more secure procedure for connecting to a system than PAP. Here's how

CHAP works: 1. After the link is made, the server sends a challenge message to the client. The client responds with a value obtained by using a one-way hash function. 2. The server checks the response by comparing it its own calculation of the expected hash value. 3. If the values match, the authentication is acknowledged; otherwise the connection is terminated. At any time, the server can request the connected party to send a new challenge message. Because CHAP identifiers are changed frequently and because authentication can be requested by the server at any time, CHAP provides more security than PAP. Some ISP's only recognize PAP authentication attempts. Actually, they recognize CHAP attempts, but choose to ignore them. The user chooses to attempt PAP or CHAP by selecting (or not selecting) "Require encrypted password." If this box is checked, they will not be able to authenticate on our servers. Realm authentication is just a PAP attempt with the email address for the user id: user@domain. It's the many ISP's can tell which RADIUS server to send it to when they use 3rd party networks (like UUNet, Genuity's Dial-linx service, PSInet and others). Without realm, the 3rd party network would use it's own RADIUS because it assume's that you are their customer not the ISP leasing access to that 3rd party network. In the past, this was a source of much hardship. With Realm, the 3rd party networks can send the auth info directly to the ISP's RADIUS, or to any auth server that any other ISP that uses that network Application Layer: Website: https://learningnetwork.cisco.com/thread/58757
No application reside at application layer, whenever an application needs to interact with a person over a network/internet, it uses application layer for that reason. An example can also be given for the web pages which are stored on a computer can be viewed by IE without using internet so if the request is to go through a network or internet then Application layer protocols are used. The application layer is not the application itself that is doing the communication. Itis a service layer that provides these services.

Website: http://www.9tut.com/osi-model-tutorial OSI Layer Model:

Lets take an example in our real life to demonstrate the OSI model. Maybe you have ever sent a mail to your friend, right? To do it, you have to follow these steps: 1. Write your letter 2. Insert it into an envelope 3. Write information about sender and receiver on that envelope 4. Stamp it 5. Go to the post office and drop it into a mail inbox From the example above, I want to imply we have to go through some steps in a specific order to complete a task. It is also applied for two PCs to communicate with each other. They have to use a predefined model, named OSI, to complete each step. There are 7 steps in this model as listed below:

This is also the well-known table of the OSI model so you must take time to learn by heart. A popular way to remember this table is to create a fun sentence with the first letters of each layer. For example: All People Seem To Need Data Processing or a more funny sentence sorted from layer 1 to layer 7: PleaseDo Not Throw Sausage Pizza Away. There are two notices about this table: 1. First, the table is arranged from top to bottom (numbering from 7 to 1). Each step is called a layer so we have 7 layers (maybe we usually call them layers to make them more technical ^^). When a device wants to send information to another one, its data must go from top to bottom layer. But when a device receives this information, it must go from bottom to top to decapsulate it. In fact, the reverse action at the other end is very natural in our life. It is very similar when two people communicate via mail. First, the writer must write the letter, insert it into an envelope while the receiver must first open the envelope and then read the mail. The picture below shows the whole process of sending and receiving information.

Note: The OSI model layers are often referred to by number than by name (for example, we refer saying layer 3 to network layer) so you should learn the number of each layer as well. 2. When the information goes down through layers (from top to bottom), a header is added to it. This is called encapsulation because it is like wrapping an object in a capsule. Each header can be understood only by the corresponding layer at the receiving side. Other layers only see that layers header as a part of data.

At the receiving side, corresponding header is stripped off in the same layer it was attached. Understand each layer Layer 7 Application layer This is the closest layer to the end user. It provides the interface between the applications we use and the underlying layers. But notice that the programs you are using (like a web browser IE, Firefox or Opera) do not belong to Application layer. Telnet, FTP, email client (SMTP), HyperText Transfer Protocol (HTTP) are examples of Application layer. Layer 6 Presentation layer This layer ensures the presentation of data, that the communications passing through are in the appropriate form for the recipient. In general, it acts as a translator of the network. For example, you want to send an email and the Presentation will format your data into email format. Or you want to send photos to your friend, the Presentation layer will format your data into GIF, JPG or PNG format. Layer 5 Session layer Layer 5 establishes, maintains and ends communication with the receiving device. Layer 4 Transport layer This layer maintains flow control of data and provides for error checking and recovery of data between the devices. The most common example of Transport layer is Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

Layer 3 Network layer This layer provides logical addresses which routers will use to determine the path to the destination. In most cases, the logic addresses here means the IP addresses (including source & destination IP addresses). Layer 2 Data Link Layer The Data Link layer formats the message into a data frame, and adds a header containing the hardware destination and source address to it. This header is responsible for finding the next destination device on a local network. Notice that layer 3 is responsible for finding the path to the last destination (network) but it doesnt care about who will be the next receiver. It is the Layer 2 that helps data to reach the next destination. This layer is subdivide into 2 sub-layers: logical link control (LLC) and media access control (MAC). The LLC functions include: + Managing frames to upper and lower layers + Error Control + Flow control The MAC sublayer carries the physical address of each device on the network. This address is more commonly called a devices MAC address. MAC address is a 48 bits address which is burned into the NIC card on the device by its manufacturer. Layer 1 Physical layer The Physical Layer defines the physical characteristics of the network such as connections, voltage levels and timing. To help you remember the functions of each layer more easily, I created a fun story in which Henry (English) wants to send a document to Charles (French) to demonstrate how the OSI model works.

Lastly, I summarize all the important functions of each layer in the table below (please remember them, they are very important knowledge you need to know about OSI model):
Layer Description Popular Protocols Protocol Data Unit Devices operate in this layer

Application

+ User interface

HTTP, FTP, TFTP, Telnet, SNMP, DNS

Data

Presentation

+ Data representation, encryption & decryption

+ Video (WMV, AVI) + Bitmap (JPG, BMP, PNG) + Audio (WAV, MP3, WMA) .
+ SQL, RPC, NETBIOS names

Data

Session

+ Set up, monitor & terminate the connection session + Flow control (Buffering, Windowing, Congestion Avoidance) helps prevent the loss of segments on the network and the need for retransmission + Path determination + Source & Destination logical addresses

Data

Transport

+ TCP (ConnectionOriented, reliable) + UDP (Connectionless, unreliable) + IP + IPX + AppleTalk + LAN + WAN (HDLC, PPP, Frame Relay)

Segment

Network

Packet/Datagram

Router

Data Link

+ Physical addresses Includes 2 layers: + Upper layer: Logical Link Control (LLC) + Lower layer: Media Access Control (MAC)

Frame

Switch, Bridge

Physical

Encodes and transmits data bits + Electric signals + Radio signals

+ FDDI, Ethernet

Bit (0, 1)

Hub, Repeater

Note: In fact, OSI is just is a theoretical model of networking. The practical model used in modern networks is the TCP/IP model. You may think Hm, its just theoretic and has no use in real life! I dont care! but believe me, you will use this model more often than the TCP/IP model so take time to grasp it, you will not regret I promise :)

Website: http://help.slamdot.com/idx/0/057/What-are-the-types-of-DNS-records

What are the types of DNS records?

There are 5 types of DNS records:
A, CNAME, NS, MX, and PTR

A records Address (A) records direct a hostname to a numerical IP address. For example, if you want mycomputer.yourdomain.com to point to your home computer (which is, for example, 192.168.0.3), you would enter a record that looks like:

mycomputer.yourdomain.com. A 192.168.0.3

Important: You must put a period after the hostname. Do not put periods after IP addresses. CNAME records CNAME allows a machine to be known by one or more hostnames. There must always be an A record first, and this is known as the canonical or official name. For example:

yourdomain.com. A 192.168.0.1

Using CNAME, you can point other hostnames to the canonical (A record) address. For example:

ftp.yourdoman.com. CNAME yourdomain.com. mail.yourdomain.com. CNAME yourdomain.com.

ssh.yourdomin.com. CNAME yourdomain.com.

CNAME records make it possible to access your domain through ftp.yourdomain.com, mail.yourdomain.com, etc. Without a proper CNAME record, you will not be able to connect to your server using such addresses. Entering a CNAME record If you wanted home.yourdomain.com to point to yourdomain.com, we could enter the record in two ways: home CNAME yourdomain.com
The first method allows you to simply enter the subdomain. Do not put a period after the subdomain name. - OR -

home.yourdomain.com. CNAME yourdomain.com

The second method requires you to enter the entire hostname, followed by a period.

NAMESERVER (NS) records NS records specify the authoritative nameservers for the domain. Important: Changing NS records may cause your site to stop working. There is generally no need to change NS records. Entering an NS record The first step is to delete the old NS records from the table above. Then, enter two new nameservers records. Be sure that the nameserver hostname is followed by a period, as in this example:
yourdomain.com NS ns1.slamdot.com.

Be sure to put a period after the nameserver hostname in an NS record (ns1.slamdot.com. and not ns1.slamdot.com ). MX records Free e-mail services such as everyone.net require that MX changes be made in order for their software to work. This change allows mail destined for your domain to be directed to their

server. Please note that changing MX records will prevent your current POP3 accounts, forwarders, autoresponders, and mailing lists from functioning. First, delete the old MX record by clicking the Delete icon under "Actions." There should now be no MX records listed. Next, click Create DNS Record and enter a name for your MX record. Select MX for the type, and type in the hostname in the value field, followed by a period, given to you by the e-mail provider. Then select the priority level (usually 10) from the dropdown box. The priority level will also be given to you by the e-mail provider. Click Create Record. Note: Be sure to put a period at the end of the hostname. To restore the original MX settings, enter yourdomain.com. and priority 0 after deleting the other MX record. PTR records Pointer records (PTR) are used for reverse lookups. For example, to make 192.168.0.1 resolve to www.yourdomain.com, the record would look like:
1.0.168.192.in-addr.arpa PTR www.yourdomain.com.

Note: The IP address is reversed in the first field. Please use a period after your hostname (second field). The in-addr-arpa method is the most frequently used. Important: PTR records are effective only if your site has its own IP address. Important: PTR records are only effective if named.conf is manually edited and the proper zone information is added. This can only be done by a root user (the server Admin).