Networking And Security Technologies Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

A local area network (LAN) was first defined as a group of computers connected within the same area. Local area networks (LANs) are today defined as broadcast domains. This means that if a user broadcasts information on the LAN, everyone on LAN would receive it. Layer 3 devices e.g. a router prevent broadcasts from leaving a LAN. The disadvantage of using routers is they usually take more time to process incoming data compared to layer 2 devices e.g. a switch. Also Layer 3 devices are more expensive than layer 2 devices.

A good example of a network topology with the above type of LAN is Global Phoenix Distributions Ltd network topology (see fig 1).

Fig 1: Global Phoenix Distributions Ltd. - Network Topology

Virtual Local Area Networks (VLANs) are an alternative solution to routers for containing broadcast traffic.

Why use VLAN's on a network?

A VLAN is a logical local area network with its own logically separate internet protocol (IP) subnetwork (broadcast domain). It is wholly created and configured in software and lets a network administrator create independent networks with their own groups of logically networked devices even if they share the same infrastructure with other VLAN's

VLAN's allow a network manager to logically segment a LAN into different broadcast domains. Since this is a logical segmentation and not a physical one, workstations do not have to be physically located together. Users/devices in different physical locations can belong to the same VLAN.

In order for communication to occur between computers on the same VLAN each must have the same network address and subnet mask. The VLAN must be configured on a switch with ports assigned to it.

VLANs permit several networks or broadcast domains to coexist on the same switched network. Devices on separate VLANs attached to the same switched network cannot communicate with each other unless a router or a layer 3 device is used.

A good example of the above is illustrated by the diagram below depicting a college network with VLANs (See fig 2).

Fig 2: College network with VLANs:

VLANs offer a number of advantages over traditional LANs and Global Phoenix Distributions Ltd (GPD) network topology would most likely benefit from it through:-

Reduced network cost:

VLANs can be used to create broadcast domains which eliminate the need for expensive routers. This could potentially reduce the cost of separating the different traffic, i.e. stock information and CCTV footage, on GPD's Ltd network significantly.

Enhanced network Performance:

In a network with high traffic, VLAN's can trim down traffic to unnecessary destinations by separating different types of traffic. E.g. in a broadcast domain consisting of 8 devices with different traffic requirements, if video traffic is intended for only 4 devices, then putting those devices on a separate VLAN will reduce traffic. This helps reduce unnecessary network traffic and boosts performance.

Routers use more processing power than switches and as the traffic passing through the router increases, so does its latency resulting in reduced performance. By using VLAN's the number of routers needed reduces, as they use switches to create broadcast domains

Simplified network administration:

VLAN's simplify administrative work as reconfiguration of routers is not necessary when a device is moved or added within it. This saves both time and money

Mitigation of broadcast storms:

VLAN's divide a network into smaller broadcast domains thereby, preventing a broadcast storm from spreading across the whole network by localising it to one area.

Simplified application management:

A VLAN helps to support the geographical and business need of a user. For example, creating a VLAN specifically to cater for the application software that manages GPD's Ltd CCTV's that monitors security on each of the warehouses.

Improved IT staff efficiency:

Once a port is assigned to a VLAN on a preconfigured switch, managing the users / devices on that VLAN is easy because they share common network requirements set in the VLAN's policies and procedures

Enhanced network security:

As Sensitive data may be broadcast on a network, placing only users / devices that have access to it on a VLAN can reduce the chances of an outsider gaining access. Therefore by separating them from the rest of the network, the chances of confidential information breaches are reduced. This would enhance security at each of GPD's Ltd the warehouses (LANs) by having all stock traffic separated from CCTV traffic. Using port sticky would also prevent an unauthorised PC from joining a VLAN.

Security can be further enhanced by using traffic and protocol Access Control Lists (ACLs) or filters, Virtual private networks (VPNs), firewalls, encryption and authentication to restrict and secure traffic across GPD's Ltd entire network topology.

Using a combination of the above security features would ensure that only the necessary users have access to their respective resource i.e. in each of the warehouses only the stock control staff would have access to their respective stock VLAN and the security staff access to their respective CCTV VLAN. The headquarters' management staff would have access to the Management VLAN and both the stock VLAN and CCTV VLAN on all the warehouses while the admin staff would only have access to the admin VLAN (see appendix 1.1).

Task 2: VLAN Trunking Protocol (VTP)

VTP is a Cisco-proprietary protocol (with an Inter-Switch Link or 802.1Q Frame format), layer 2 feature that allows a network manager to configure a Cisco switch so that it will propagate VLAN configurations across the trunks links to other Cisco switches in the network. The switch can be configured as a VTP server or VTP client. The VTP server minimizes the problems caused by incorrect manual configurations and configuration inconsistencies by distributing and synchronizing VLAN information to VTP-enabled switches throughout the switched network. VTP stores VLAN configurations in the VLAN database called vlan.dat. VTP only supports normal-range VLANs (VLAN IDs 1 to 1005). Extended-range VLANs (IDs greater than 1005) are not supported.

VTP has three versions, 1, 2, and 3. Only one VTP version is allowed in a VTP domain. The default is VTP version 1.

VTP uses advertisements to distribute and synchronize information about domains and VLAN configurations. There are three main VTP advertisements i.e. Summary, Subset and Request.

Why use VTP:

VLAN's are a more affordable, efficient and secure alternative to creating and managing broadcast domains on modern day Cisco switched networks. The main challenge to administering VLANs is keeping the switches up to date with the most current VLAN information. This is achieved either manually by configuring VLANs on all the participating switches or using VLAN Trunking protocol (VTP). Manual configuration works well on small networks with very few participating switches but as the number of switches increases, the overall VLAN administrative requirements on a network becomes a challenge and in turn the management involved in maintaining the network grows as the network increases in size. VLAN Trunking Protocol (VTP) helps simplify management of the VLAN database across multiple switches. A VLAN is distributed through all switches in a broadcast domain when a new VLAN is configured on a VTP server. This automates the VLAN distribution process thus removing or reducing the manual VLAN administrative process.

VTP therefore enables individual Cisco catalyst switches in a VTP management domain to be managed as a group for VLAN configuration purposes. E.g. the creation of a new VLAN on one switch makes that VLAN available on all switches within the same VTP management domain when VTP is enabled on all Cisco switches.

A group of switches that participate in sharing VTP information is known as a VTP management domain. A switch does not belong to any VTP management domain by default and can be only be part of one VTP management domain at any given time. Each domain's boundary is defined by a layer 3 device e.g. a router (see fig 3).

Fig 3: VTP domains separated by router

To recognize how VTP works on a VTP domain, it is important to know the different VTP modes a Cisco catalyst switch can be configured into, to become part of a VTP management domain. The three VTP modes are server mode, client mode, and transparent mode. Take the example of 8 Cisco switches that share the same VTP management domain. For VTP to work effectively one of the switches should be left in the default server mode while the rest need to be configured for client mode. This enables any VLAN changes on the VTP Server Mode switch to be propagated automatically to all client mode switches. If a stand alone switch is required on the VTP domain or you do not want a switch to propagate its VLAN information, set the VTP mode to transparent. The VTP mode switch roles are explained below:

1. Server Mode: - There has to be at least one switch in server mode in any given VTP domain. Server mode is the default VTP mode. It is possible for a switch in server mode to have its VLAN information changed and then automatically passed on to all other switches in the VTP management domain.

2. Client mode: - This type of switch can only receive VLAN information changes from a switch in server mode within the same VTP management domain. It cannot change VLAN information.

3. Transparent Mode: - This type of switch only passes on VTP updates received from a server mode switch within the same VTP domain without processing the contents of the message. Any VLAN changes made on this switch is confined to it only.

VTP pruning is used to prevent unnecessary VLAN broadcast flooding across all trunks in a VTP domain. It prunes the VLANs that are not assigned to ports on the remote switch by permitting switches to negotiate which VLANs are assigned to ports at the other end of a trunk. VTP Pruning restricts flooding traffic to only those trunk links that the traffic must use to reach the destination devices thus increasing network available bandwidth. Therefore VTP pruning enhances network performance by preventing flooding of broadcasts, multicasts and unknown unicast traffic across all trunk links in a VTP domain (see fig 4).

Fig 4: VTP pruning.


This figure above shows how VTP pruning works in a switched network with broadcast traffic. Switch A's traffic is not passed to Switches C, E, and F because traffic has been pruned on the links Port 5 and Port 4.

To further understand the use of VTP, imagine a Cisco switched network with 15 or more switches without VTP enabled. When a new VLAN is created a switch the network administrator would be force to manually configure the same on each of the other switches. This is a time consuming process prone to mistakes. VTP allows for this process to be automated by having the administrator configure the switch on server mode with the new VLAN information and letting VTP propagate it to all the other switches in the same VTP domain.

VTP provides a large Cisco switched network with efficiency when dealing with VLAN configurations. It also enhances network performance by reducing the amount of configuration errors that could arise from manual configuration or not having the current configuration on all the participating switches, thus reducing network downtime.

VTP reduce VLAN management by dividing a switched network into smaller and manageable VTP domains. It also limits the propagation of VLAN configuration error changes to the affected VTP domain. Switches in different VTP domains do not get affected.

Task 3: Classful and Classless subnetting

Classful subnets:

There are 5 different classes of classful networks i.e. A, B, C, D, and E. Classes A, B and C are the most common. D and E are hardly ever used. Each of the classes has its own unique default subnet mask. Each class has its own IP address range and this can be used to identify the class of an IP address. The following are the default classes A, B and C IP address ranges and subnet masks:

Class A subnets: - Subnet mask is IP address range starts with 0-127 as the first octet. For example is class 'A'. Its first octet is 10, which is within the specified range

Class B subnets: - Subnet mask is IP address range starts with 128-191 as the first octet. For example is class B. Its first octet is 172, which is within the specified range.

Class C subnets: - Subnet mask is IP address range starts with 192-223 as the first octet. For example is class C address. Its first octet is 192, which is within the specified range.

Classful addresses stick to the strict adherence of the A, B, C class boundaries and their respective subnet masks. Classful routing protocols (e.g. RIPv1 and IGRP) do not send subnet mask information with their routing updates. This makes them unsuitable for hierarchical addressing that require Variable Length Subnet Mask (VLSM) and discontiguous network. Classful subnets can be created as long as they stay within their respective classful network boundaries. As a result of this classless inter-domain routing (CIDR) is not supported by classful routing protocols which make it impossible to summarize a because of the boundary requirements.

Originally, all IP addresses were classful. The fixed boundaries of classful addressing greatly limited the flexibility and number of addresses that could be assigned to a network which resulted in the rapid depletion of IP version 4 network addresses because of the unnecessary wastage of IP addresses and also the exponential growth of the internet. (See appendix 1.2 and 2.1- example of classful subnetting)

Note: Private addresses are reserved for internal networks only (e.g. small to medium business internal IP addresses) and are therefore not used on the internet. They are grouped into 3 main classes i.e. class A: IP range - to, class B: IP range - to and class C: - to

Classless subnets:

Classless addressing means that the routing protocol used makes no assumptions about class. It does not look at the first octet and then applies a subnet mask. Instead, the classless routing protocol will pass that information along with the IP address during routing table updates. Examples of classless routing protocols are: RIPv2, EIGRP and OSPF.

The combination of Variable length subnet masks (VLSM), discontiguous networks, classless routing protocols and Classless Inter-domain Routing (CIDR) allow the IP address boundaries to be more fluid by making it possible for a classless address to take any number of bits in the 32 bit address space, allowing for the division of a network into smaller sub-networks or subnets, thus reducing the depletion of available IPv4 addresses.

The process of dividing a network into sub-networks or subnets is also known as classless subnetting. This enables an organisation to customise its network based on the number of hosts or networks it has. It does this by selecting a suitable subnet mask(s) that fits its needs. In contrast, to a classful subnet mask only allows a network to fit within its subnet mask restrictions. For example, you have three networks with 50 hosts each and the networks are connected by routers. The network address with an address range of to has been allocated to be shared amongst the networks 150 hosts. In order to use this block of addresses on the three physical networks, the network has to be divided further in to sub-networks. Using a subnet mask makes the range of host addresses smaller and network address larger. This divides the network into four subnets, giving four networks with 62 hosts each therefore saving IP addresses by taking some of the bits used for host addressing, and using them in the network portion of the address.

To conclude, the main difference between classful and classless IP addressing is the number of network bits used. The network ID portion in classful IP addressing can only take the predefined number of 8, 16, or 24 bits; but any number of bits can be assigned to the network ID portion for classless addressing. Therefore classless subnetting is the best choice as it is the more efficient of the two (See appendix 1.3 and 2.2 - example of classless subnetting).