Module 1: Network Fundamentals

1. Network Components

• Devices

• Router: Connects different networks together. Works at Layer 3 (Network layer) of

the OSI model.

• Switch: Connects devices within a local network. Works at Layer 2 (Data Link layer).

• PC & Servers: End devices in a network.

• Access Point: Provides wireless connectivity.

• Network Topology Architectures

• Star: Central node (usually a switch or hub) to which all nodes are connected.

• Mesh: Devices are interconnected. Every device is connected to every other device.

• Hybrid: Combination of two or more topologies.

• OSI & TCP/IP models

• OSI: 7 layers - Physical, Data Link, Network, Transport, Session, Presentation, and
Application.

• TCP/IP: 4 layers - Network Access, Internet, Transport, and Application.

2. Network Topologies

• Physical vs. Logical Topology

• Physical: Actual layout of the network devices and cables.

• Logical: How devices appear connected from data flow perspective.

• Common Types

• Bus: Single central cable (the bus) to which all network devices are connected.

• Ring: Each device is connected to two other devices, forming a ring.

• Star: Most common; devices are connected to a central device.

• Mesh: Devices are interconnected; common in WANs.

3. Cabling & Interfaces

• Ethernet Cables

• UTP (Unshielded Twisted Pair): Commonly used; susceptible to electromagnetic

interference.

• STP (Shielded Twisted Pair): Has shielding to reduce interference.

• Crossover: Connects like devices without a switch or hub.

• Straight-through: Connects unlike devices (e.g., PC to switch).

 • Cable Types

• Cat5: Supports up to 100 Mbps.

• Cat5e: Supports up to 1 Gbps.

• Cat6: Supports up to 10 Gbps for shorter distances.

• Connector Types

• RJ-45: Commonly used for Ethernet connections.

• RJ-11: Commonly used for phone lines.

4. IPv4 & IPv6 Addresses

• Binary Conversion: IPs are binary numbers, but usually represented in decimal for IPv4 or
hexadecimal for IPv6 for readability.

• Subnetting Principles: Breaking a larger network into smaller sub-networks.

• Enhances performance and security.

• Address Types

• Unicast: One-to-one communication.

• Broadcast: One-to-all communication.

• Multicast: One-to-many communication.

Module 2: Network Access

1. VLANs & Interswitch Connectivity

• VLAN (Virtual Local Area Network)

• Definition: A logically segmented network within a physical network. Devices in the

same VLAN can communicate as if they're on the same physical network, even if
they're not.

• Benefits:

• Security: Limits broadcast domains and confines network issues.

• Cost savings: Reduces the need for physical networks.

• Performance: Lessens broadcast traffic within subnets.

• Configuration: Configured via switch management, using commands such as

switchport access vlan X where X is the VLAN number.

• Trunking

• Purpose: Allows multiple VLANs to travel over a single link, maintaining VLAN
information.
 • 802.1Q: Standard protocol for trunking. Inserts a tag into the frame header to
identify the VLAN.

• Native VLAN: The VLAN associated with all untagged traffic on a trunk. If a device
doesn't tag a frame, it belongs to the native VLAN. Important for security
considerations.

2. Spanning Tree Protocol (STP)

• Purpose: Prevents network loops in Ethernet networks.

• Operation:

• Root Bridge Election: The switch with the lowest bridge ID (Priority + MAC Address)
becomes the root.

• Path Selection: Switches determine the shortest path to the root bridge.

• Blocking: All non-shortest paths are placed in a blocking state to prevent loops.

• STP Types:

• PVST+ (Per VLAN Spanning Tree Plus): Cisco's version; runs an STP instance for each
VLAN.

• RSTP (Rapid Spanning Tree Protocol): Faster convergence than classic STP.

3. EtherChannel

• Definition: Combines multiple physical links between switches into a single logical link.

• Benefits:

• Redundancy: If one link fails, traffic is automatically moved to the remaining links.

• Increased Bandwidth: Allows combined bandwidth of the bundled links.

• Protocols:

• PAgP (Port Aggregation Protocol): Cisco proprietary.

• LACP (Link Aggregation Control Protocol): IEEE standard and can be used with non-
Cisco devices.

• Configuration: Commands such as channel-group 1 mode desirable (for PAgP) or channel-

group 1 mode active (for LACP) on interfaces intended for bundling.

Module 3: IP Connectivity
1. Introduction to Routers & Routing

• Router Functions:

• Determines the best path for data to travel.

• Directs packets between different networks.

• Operates at OSI Layer 3 (Network Layer).

 • Routing Table:

• Lists all known networks and how to reach them.

• Contains both directly connected and remote networks.

• Entries can be static (manually entered) or dynamic (learned through routing

protocols).

• Static vs. Dynamic Routing:

• Static: Manually defined routes, typically used for specific routing needs or smaller
networks.

• Dynamic: Uses protocols like OSPF, EIGRP, and BGP to automatically discover and
adapt to network changes.

2. OSPF (Open Shortest Path First)

• Type: Link-state routing protocol.

• Characteristics:

• Uses Dijkstra’s SPF algorithm to find the shortest path.

• Hierarchical design using areas, with Area 0 (zero) as the backbone.

• Sends "Hello" packets to discover neighbors and establish adjacencies.

• LSA (Link-State Advertisement):

• Various types, like Type 1 (Router LSA) describing interfaces and links.

• OSPF Versions:

• OSPFv2: IPv4.

• OSPFv3: IPv6.

3. IP Services

• DHCP (Dynamic Host Configuration Protocol):

• Assigns IP addresses dynamically to devices.

• Components include IP pool, lease time, and DHCP relay for crossing networks.

• Uses a 4-step process: Discover, Offer, Request, Acknowledge.

• NTP (Network Time Protocol):

• Keeps accurate time synchronization among devices.

• Uses a hierarchy of servers with stratum levels indicating the distance from the
reference clock source.
 Module 4: IP Services

1. Network Address Translation (NAT)

• Purpose: Allows private IP addresses to be translated to public IP addresses for Internet

routing.

• Types:

• Static NAT: A 1-to-1 mapping from a private IP address to a public IP address.

• Dynamic NAT: Uses a pool of public IP addresses and assigns them on a first-come,
first-served basis.

• PAT (Port Address Translation) / NAT Overload: Translates multiple private IP

addresses to a single public IP address using unique source port numbers.

• Benefits:

• Conserves global IP addresses.

• Increases flexibility when switching to a different ISP.

• Provides a type of security by hiding internal network structure.

2. Quality of Service (QoS)

• Definition: Mechanisms to prioritize traffic and ensure data flow for certain applications or
types of traffic.

• Components & Techniques:

• Classification: Identifying and marking traffic.

• Policing and Shaping: Managing traffic profiles.

• Congestion Management: Using queues to manage traffic during congestion.

• Congestion Avoidance: Dropping packets to avoid potential future congestion (e.g.,

using algorithms like Random Early Detection - RED).

3. SNMP (Simple Network Management Protocol) & Syslog

• SNMP:

• Purpose: To monitor and manage network devices, and to keep track of device
behaviors.

• Components: SNMP manager, agent, and MIB (Management Information Base).

• Operations: GET (retrieve value), SET (configure value), and TRAP (unsolicited alerts).

• Security Levels: v1 (no security), v2c (community string as a form of security), and v3
(authentication and encryption for security).
• Syslog:

• Purpose: A standardized message logging system. Network devices use Syslog to

send event notification messages.

• Levels: Ranges from 0 (Emergency) to 7 (Debugging).

• Components: Syslog server (where logs are sent) and clients (devices sending logs).

Module 5: Security Fundamentals

1. Security Policies & Procedures

• Importance:

• Establishes rules and guidelines for accessing and using IT resources.

• Offers a framework for securing data and infrastructure.

• Best Practices:

• Regularly Review and Update: Security threats evolve; so should policies.

• Train Employees: Everyone is a potential security risk; education reduces that risk.

• Enforce Policies: Having a policy is pointless if it's not enforced.

• Least Privilege Principle: Give only necessary access rights or permissions to perform
a function.

2. VPNs (Virtual Private Networks)

• Definition: Allows secure private network traffic over public networks like the internet.

• Types:

• Site-to-Site: Connects entire networks to each other (e.g., connecting two branch
offices).

• Remote Access: Connects individual users to a network.

• Protocols/Technologies:

• IPSec: Secures IP communications, can operate in transport mode or tunnel mode.

• SSL/TLS: Used primarily for web-based VPNs.

• L2TP (Layer 2 Tunneling Protocol) & PPTP (Point-to-Point Tunneling Protocol): Older
tunneling protocols, sometimes used in combination with IPSec.

3. Layer 2 Security Features

• Port Security:

• Restricts input on a switch port based on MAC addresses to secure network access.

• Limits the number of valid MAC addresses allowed on a port.

 • DHCP Snooping:

• Prevents malicious or misconfigured devices from acting as DHCP servers.

• Differentiates between trusted and untrusted sources.

• Dynamic ARP Inspection (DAI):

• Ensures ARP (Address Resolution Protocol) requests and replies are valid. It prevents
ARP spoofing attacks.

• VLAN Security:

• Use dedicated VLANs for special functions (e.g., a VLAN just for management).

• Avoid using VLAN 1.

• Use VLAN Access Control Lists to filter traffic within a VLAN.

Module 6: Automation & Programmability

1. Network Automation Benefits

• Efficiency: Reduces repetitive tasks, speeding up deployments.

• Scalability: Facilitates operations in large-scale environments.

• Accuracy: Minimizes human errors, ensuring consistent configurations.

• Rapid Response: Quicker changes and adjustments to network configurations or policies.

2. Controller-based Networking

• Software-Defined Networking (SDN):

• Centralized Control Plane: Provides a centralized view of the entire network,

decoupling it from the forwarding/data plane.

• Programmability: Facilitates automated network configurations and operations.

• Flexibility: Allows for quick adjustments to network conditions and requirements.

• Controllers: Central devices that have a complete view of the network and instruct network
devices on how to handle network traffic.

3. JSON (JavaScript Object Notation)

• Data Serialization Language: Used for configuration and data exchange between a server
and a client, or between network devices.

• Structure:

• Objects: Collections of key/value pairs, enclosed in curly braces {}.

• Arrays: Ordered lists of values, enclosed in square brackets [].

 • Benefits: Lightweight, easy-to-read, and is language agnostic.

4. REST-based APIs (Application Programming Interfaces)

• Definition: Allows different software applications to communicate with each other using
standard HTTP methods (GET, POST, PUT, DELETE).

• RESTful Principles:

• Stateless Operations: Each request from a client contains all the information needed
by the server.

• Client-Server Architecture: Ensures separation between user interface and data

storage.

• Cacheability: Responses can be cached to improve speed and reduce server load.

• Use in Networking: Allows for automated and programmable configurations, monitoring,

and operations on network devices.

5. Configuration Management Tools

• Ansible:

• Agentless: Doesn't require an agent on the managed node.

• Playbooks: Written in YAML, defines configurations and operations.

• Puppet & Chef:

• Agent-Based: Requires agent software on the managed nodes.

• Modules/Cookbooks: Pre-written configurations that can be used to ensure device

states.

• Version Control (e.g., Git):

• Allows tracking changes, reverting configurations, and collaborative work on network

configurations.