You're reading from Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide

Product type Book

Published in Nov 2020

Publisher Packt

ISBN-13 9781800208094

Pages 764 pages

Edition 1st Edition

Languages

Concepts

Network Security

Author (1):

Glen D. Singh

Table of Contents (26) Chapters

Preface

1. Section 1: Network Fundamentals

2. Chapter 1: Introduction to Networking

3. Chapter 2: Getting Started with Cisco IOS Devices

4. Chapter 3: IP Addressing and Subnetting

5. Chapter 4: Detecting Physical Issues, Wireless Architectures, and Virtualization

6. Section 2: Network Access

7. Chapter 5: Implementing VLANs, Layer 2 Discovery Protocols, and EtherChannels

8. Chapter 6: Understanding and Configuring Spanning-Tree

9. Section 3: IP Connectivity

10. Chapter 7: Interpreting Routing Components

11. Chapter 8: Understanding First Hop Redundancy, Static and Dynamic Routing

12. Section 4: IP Services

13. Chapter 9: Configuring Network Address Translation (NAT)

14. Chapter 10: Implementing Network Services and IP Operations

15. Section 5: Security Fundamentals

16. Chapter 11: Exploring Network Security

17. Chapter 12: Configuring Device Access Control and VPNs

18. Chapter 13: Implementing Access Control Lists

19. Chapter 14: Implementing Layer 2 and Wireless Security

20. Section 6: Automation and Programmability

21. Chapter 15: Network Automation and Programmability Techniques

22. Chapter 16: Mock Exam 1

23. Chapter 17: Mock Exam 2

24. Assessments

25. Other Books You May Enjoy

Leave a review - let other readers know what you think

Network topology architectures

One of the tasks you may have to perform as a network engineer is to design an optimal network for a customer. How do we get started with planning and designing a network? To get started with such a task, you need to determine some important key details about the customer's needs. The following are some key guidelines to help you plan your network:

Meet with the customer to determine their needs and expectations.
Understand the budget the customer has planned for the solution.
Ensure your team has the right skillset and certified professionals to work on the project.
Determine the type and quantity of the networking devices required for the implementation.
Important note
Please note that these are just a few typical questions; your planning phase should not be limited to the points mentioned here.

The first point is very important. As a professional in the field, you do not want to assume anything about the customer's needs. Ensure you have a proper discussion and take note of exactly what the customer needs and their expectations. If you think the service or solution should be added on to what the customer needs, suggest it to the customer, providing its pros and cons, and gather their feedback.

Ensure you understand the budget for the project before choosing the type or quantity of network equipment to purchase. To determine the right device(s) to purchase, use the following steps as a guide:

Go to Cisco's website at www.cisco.com.
Navigate to Products | Networking. Here, you will see subcategories such as Switches, Wireless, Routers, and so on.
Select Switches. Under Products, you will see that Cisco has made it simple for us to determine the type of network switch based on its purpose on a network. You'll see that there are network switches for LAN Access, Distribution and Core switches, Data Center, and even Small-business switches.
Click on Catalyst 1000 Series. When the new page loads up, click on Models. Here, you will see an overall description of each model belonging to the Catalyst 1000 line of products. However, your research does not stop here.
Scroll down until you see the Resource section. You will see the Data Sheet for the models; click on it. The Data Sheet provides the exact specifications for a variety of devices within the product family. It provides the type and number of physical interfaces, unlink capacity, bandwidth capacity, and the physical dimensions and weight of the device.

Using the same concept, other devices such as wireless, routers, and firewalls will be very useful as you determine the right model of device(s) needed for the deployment of a project.

You may be wondering, what about the actual network design? Do we design all networks from the ground up? What makes our network design optimal? To answer all these questions, the experts at Cisco Systems have created a Design Zone containing tons of Design Guides. These are known as Cisco Validated Design (CVD) guides.

Important note

Cisco Validated Design can be found at https://www.cisco.com/c/en/us/solutions/design-zone.html.

Keep in mind that there is a CVD for almost every type of network and deployment for various type of industries. These design guides will provide you with guidance, recommended devices, design models, and full descriptions of their solutions. Such design guides eliminate the need to reinvent the wheel when there are experts who have already created both approved and accredited designs.

Cisco has created both a 2 Tier and 3 Tier network architecture, which is recommended for enterprise networks. In the following sections, we will discuss each of these architectures in greater detail.

2 Tier

When designing a LAN for a building or an organization that has multiple buildings near each other, we are indeed designing a campus LAN. Within a campus LAN, there are multiple network switches that are all interconnected. Sometimes, in the industry, you may see network switches interconnected in a fashion of chaining one switch to another. This is referred to as daisy chain or daisy chaining.

The following diagram shows multiple switches in a daisy chain model:

Figure 1.33 – Daisy chaining

For IT professionals, this may be a workable approach to extend their local area networks within a building. However, a major disadvantage to using such a design is that there is no redundancy in the event a cable or device fails. A fault cable or switch within the daisy chain can cause a disruption in network operations, which will affect all the devices that are connected to the faulty segment. Hence, such practices are not recommended when designing a campus LAN.

When designing a network, ensure it is hierarchical when creating various tiers to help you understand the roles of each device in the network. Ensure that the design is modular and improves the network's scalability, allowing you to expand the network and its services easily. Consider implementing resiliency and flexibility to ensure the user has a great experience while they execute their daily tasks in the organization. In other words, you don't want your users to experience a network failure that will disrupt daily transactions. Lastly, flexibility will ensure traffic is distributed between paths and devices efficiently.

Important note

In Section 5, Security Fundamentals, we will cover various security topics and techniques we can use to improve the security posture of a Cisco network.

This is where the Cisco 2 Tier architecture comes in to save the day when designing a LAN for a building – a campus LAN. This design creates two layers of switches: the distribution layer and the access layer.

The access layer provides a means of connecting end devices (computers, servers, printers, and so on) to the network. At the access layer, there is no form of redundancy between the end device and the access layer switch; this is due to most end devices usually having only a single NIC for LAN connectivity. However, each access layer switch is connected to two or more distribution layer switches, thus providing redundancy to the remainder of the network.

Tip

To see the Cisco Access layer switches, please visit the following URL: https://www.cisco.com/c/en/us/products/switches/campus-lan-switches-access/index.html.

The following diagram shows the Cisco 2 Tier architecture within a building (campus LAN):

Figure 1.34 – Cisco 2 Tier architecture

In a Cisco 2 Tier architecture, the distribution layer is known as the Collapsed Core. The distribution layer is responsible for the following roles and functions on a campus LAN:

Providing Quality of Service (QoS) to prioritize network traffic
Access Control Lists (ACLs) to filter network traffic
Basic routing functions

The distribution layer also provides redundancy for interconnecting multiple access layer switches to expand the campus LAN.

Tip

To find out more about the Cisco distribution layer switch, please visit the following URL: https://www.cisco.com/c/en/us/products/switches/campus-lan-switches-core-distribution/index.html.

Keep in mind that the Cisco 2 Tier architecture is typically used within a building. This brings about the question, how do we interconnect multiple buildings that each have a Cisco 2 Tier architecture? One method is to simply interconnect the distribution switches of one building with another.

The following diagram shows multiple branches interconnected using the 2 Tier model:

Figure 1.35 – Multiple campus LANs

As you may have noticed, each distribution layer switch is connected to each other distribution layer switch in each of the campus LANs. As the network grows and more branch offices (campus LANs) are created, there will be too many inter-branch connections and the design will not be efficient.

To solve this issue, Cisco have designed a 3 Tier hierarchical model.

3 Tier

In the Cisco 3 Tier architecture, there are three layers. There is now a core layer. The core layer is defined as the high-speed backbone of the network. These core layer switches are used to forward traffic as quickly as possible between networks, which are geographically separated. To put this simply, the core layer switches are used to interconnect each campus LAN to the others in a more efficient way.

The following diagram shows a simplified version the Cisco 3 Tier model:

Figure 1.36 – Cisco 3 Tier architecture

The core layer plays a vital role in an enterprise network. To get a better idea of how the connections are made in a real-world scenario, let's take a look at the following diagram:

Figure 1.37 – Cisco 3 Tier architecture interconnecting multiple branches

As you can see, there are three campus LANs (branches). Each campus LAN has its own access layer switches that allows end devices to access the network. There is the distribution layer, which provides redundancy to the access layer, via multiple paths to each end device.

Important note

In the 2 Tier architecture, the collapsed core plays the role of both the distribution and core layers as one.

The core layer ensures each campus LAN (branch) is interconnected. If a branch has to send network traffic to another branch office, the traffic goes up to the distribution layer and then to the core layer for forwarding. Additionally, the core layer connects to the routers of the enterprise network. These routers provide internet and WAN connectivity.

The Cisco 3 Tier hierarchy has the following benefits:

Improves network performance
Improves the scalability of the network
Creates better redundancy between paths
Improves network management

The following is a summary of the functions and characteristics of each layer of the Cisco 3 Tier model:

The core layer is the high-speed backbone of the network. These switches are used to forward traffic as quickly as possible between networks, which are geographically separated.
The distribution layer is responsible for providing a boundary by implementing access control lists and other types of application filters and policies. The distribution layer is made up of Layer 3 switches.
The access layer is used to interconnect end devices such as computers, printers, and servers.

Having completed this section, you are now able to identify the functions and purposes of each layer of both the Cisco 2 Tier (collapsed core) and 3 Tier architectures.