CHAPTER Three

Designing remote Connectivity

Outline
Introduction
Remote environment
WAN Interconnections
Traditional WAN Technologies
WAN transport technology
 Introduction
Connectivity to remote locations such as the Internet, branches, offices,
and teleworkers is provided through enterprise edge technologies and the
enterprise WAN architecture

To connect to remote locations, WAN technologies and WAN transport

media must be utilized when considering ownership, reliability, and
backup issues

In addition, WAN remote access choices include cable and DSL
technologies that are used with Virtual Private Networks (VPN).
 Remote connectivity

Remote LAN access generally refers to accessing a network device using

external line which is most commonly a switched telephone line

There are four main environment in remote LAN access

Remote to Remote
Remote to LAN
LAN to Remote
LAN to LAN
 Remote to remote
A remote to remote environment consists of a direct physical connection
established between two or more remote workstation

The most common example of remote to remote is implementation of

remote LAN access would be a remote user using the telephone line to run
application and direct connected LAN server
 Remote to LAN
Sometimes called dial-in
It occurs when a remote workstation initiate a connection to LAN
workstation via some form of WAN/LAN communication server
The most common application in this environment server is E-mail access
LAN to Remote
Sometimes called dial-out
It occurs when a LAN attached workstation initiate a connection to a remote
workstation via a WAN/ LAN communication server
 LAN to LAN
It occurs when a LAN attached workstation connects to another LAN
attached workstation via two(WAN/LAN) communication server

 dial up networking: It give internet service to the end user by giving

number to connect with the ISP

 Remote access server is a software and it is a type server that provide a

suite of service to remotely connected user over a network or the internet

 Remote access protocol it is a protocol that are used to connect computer

resources on LAN from outside of LAN
 Con…

The medium for these connection are

PSTN
DSL
Cable
Broud band
SLIP it is the first developed protocol for the purpose of computer
communication but it is not secure protocol no error checking mechanism
built in
  Point to point protocol(PPP)
oIt is the second invented protocol
oIs developed to address the problem of SLIP
oIs a secure and error checking mechanism
oMost of the time used for pair to pair or point to point connection
oReplace SLIP and give correct service
oFor giving authentication, configuration etc
PPPOE is popular because it uses over the internet
It use cable modem
 CON..
Point to point Tunneling protocol(PPTP) Used to create a secure tunnel
between two point
Remote desktop protocol(RDP) is used to for searching of the dektop
 WAN Interconnections

 the three ways that WAN technologies connect the Enterprise Edge
modules with the outside world
 Con..

Connectivity between the Enterprise Edge modules and the Internet Service
Provider (ISP) Edge module

Connectivity between Enterprise sites across the ISP network

Connectivity between Enterprise sites across the SP or public switched

telephone network (PSTN) carrier network
 Traditional WAN Technologies

1. Leased lines: Point-to-point connections indefinitely reserved for

transmissions, rather than used only when transmission is required.

 The carrier establishes the connection either by dedicating a physical wire

or by delegating a channel using frequency division multiplexing or time-
division multiplexing (TDM).

Leased-line connections usually use synchronous transmission.

 Con..
2. Circuit-switched networks: A type of network that, for the duration of
the connection, obtains and dedicates a physical path for a single connection
between two network endpoints.

During that time, no one else can use the physical lines involved

Example PSTN , asynchronous serial transmission and ISDN

3. Packet-switched and cell-switched networks: A carrier creates

permanent virtual circuits (PVC) or switched virtual circuits (SVC) that
deliver packets of data among customer sites.
 Con….
Users share common carrier resources and can use different paths through
the WAN (for example, when congestion or delay is encountered).

This allows the carrier to use its infrastructure more efficiently than it can
with leased point-to-point links.

Examples of packet-switched networks include X.25, Frame Relay, and

Switched Multimegabit Data Service.

Leased lines and circuit-switched networks offer users dedicated bandwidth

that other users cannot take.
 Con..

packet-switched networks have traditionally offered more flexibility and

used network bandwidth more efficiently than circuit-switched networks

Cell switching combines some aspects of circuit switching and packet

switching to produce networks with low latency and high throughput.
 WAN transport technology
Note: Some WAN technology characteristics differ between service
providers
Technology bandwidth Latency and Jitter Connect Time traffic Initial Cost reliability

TDM (leased line) M L L M M M

ISDN L M/H M M L M
Frame Relay L L L M M M
ATM M/H L L M M H
MPLS M/H L L M M H
Metro Ethernet M/H L L M M H
DSL L/M M/H L L L M
Cable modem L/M M/H L L M L
Wireless L/M M/H L L M L
SONET/SDH H L L M H H
DWDM H L L M H H
L = low, M = medium, H = high
 con
TDM (Leased Lines):is a type of digital multiplexing in which pulses
representing bits from two or more channels are interleaved, on a time basis.
Rather than using bandwidth only as required, TDM indefinitely reserves point-
to-point connection bandwidth for transmissions.
ISDN : is a system of digital phone connections that has been available as a
communications standard since 1984.
This system allows voice and data to be transmitted simultaneously across the
world using end-to-end digital connectivity.
 Con..

ISDN connectivity offers increased bandwidth, reduced call setup time,

reduced latency, and lower signal-to-noise ratios, compared to analog
dialup

However, because the industry is moving toward using broadband

technologies—such as Digital Subscriber Line (DSL), cable, and public
wireless—to IP security (IPsec) VPNs, ISDN presents an effective solution
only for remote-user applications where broadband technologies are not
available
 Con..

Frame Relay: an example of a packet-switched technology for connecting

devices on a WAN that has been deployed since the late 1980s.

Frame Relay is an industry-standard networking protocol that handles

multiple virtual circuits (VC) using a derivation of High-Level Data Link
Control (HDLC) encapsulation between connected devices.

Asynchronous Transfer Mode: ATM uses cell-switching technology to

transmit fixed-sized (53-byte) cells.
 Con..

Each ATM cell can be processed asynchronously , queued, and multiplexed

over the transmission path.

ATM provides support for multiple Quality of Service (QoS) classes to

meet delay and loss requirements

Internet Engineering Task Force (MPLS): MPLS is an Internet

Engineering Task Force (IETF) standard architecture that combines the
advantages of Layer 3 routing with the benefits of Layer 2 switching.
 Con..

MPLS is a connection-oriented technology whose operation is based on a

label attached to each packet as it enters the MPLS network

MPLS enables scalable VPNs, end-to-end QoS, and other IP services that
allow efficient utilization of existing networks with simpler configuration
and management and quicker fault correction

Metro Ethernet: uses Ethernet technology to deliver cost-effective, high-

speed connectivity for MAN and WAN applications.
 Con…
Service providers offer Metro Ethernet services to deliver converged voice,
video, and data networking.

Metro Ethernet provides a data-optimized connectivity solution for the

MAN and WAN based on Ethernet technology widely deployed within the
enterprise LAN.

It also supports high-performance networks in the metropolitan area,

meeting the increasing need for faster data speeds and more stringent QoS
requirements.
 Con..

DSL Technologies: delivers high bandwidth over traditional telephone

copper lines

It works by way of two modems at either end of the wire. Like dialup,
cable, wireless, and T1, DSL is a transmission technology that enables SPs
to deliver a wide variety of services to their customers.

 These can include premium, high-speed Internet and intranet access,

voice, VPNs, videoconferencing, and video on demand.
 Con…

Cable modem Technology: The cable technology for data transport uses
coaxial cable media over cable distribution systems.

The cable network is a high-speed copper platform that supports analog

and digital video services over coaxial cables.

This technology is a good option for environments where cable television

is widely deployed. Cable service providers support both residential and
commercial customers
 Con..

Wireless Technologies: With wireless technologies, networks do not have

the limitations of wires or cables; instead, electromagnetic waves carry the
signals

Synchronous Optical Network and Synchronous Digital Hierarchy:is a

circuit-based bandwidth-efficient technology.

 SONET/SDH establishes high-speed circuits using TDM frames in ring

topologies over an optical infrastructure
 Con…

Dense Wavelength Division Multiplexing (DWDM): , increases bandwidth

on an optical medium.

DWDM is a crucial component of optical networks. It maximizes the use of

installed fiber cable and allows new services to be provisioned efficiently
over existing infrastructure
 Chapter 4
Designing IP Addressing and Selecting Routing
Protocols

28
 CLASSFUL IP ADDRESSING
• Systems that have interfaces to more than one network
require a unique IP address for each network interface.
• IP addresses have two parts, and the first part identifies the
network on which the host resides (aka Network Prefix),
while the second part identifies the particular host on the
given network. This creates two-level addressing hierarchy

29
 CONT..
 An IP address is a 32 bit value that contains both network
identifier and host identifier
 Can be assigned by static or dynamic
Static ip address
Address information doesn't change
Needs to be configure manually
Can’t be used by any other device “sharing is not allowed”
Easy to make a mistake when entry
Labor intensive to change or to update

30
Dynamic IP address
Address information can change dynamically
Not configure manually
Ip address can be share
Easy to make change or updates
IP address have two parts
1) Network identifier
2) Host identifier
IP address classes
IP address divided in to five classes each of which is designate
with the alphabetic letter A to E
 Class D address are used for multicasting
 Class E address are reserved for testing and some feature use
 Using the range you can determine the class of an address from
its octet value
 The 32 bit of IP address are divided in to network and host
portion with the octet assigned as a part of one or the other
 The special address are reserved for special purpose
 Class A address
Its IP address use first 8 bits or first octet to desinate the
network address
The first bit which is always a zero which is used to indicate the
address as a class A address and the remining 7 bits are used to
designate the network
The other 3 octets contain the hos address
There are 128 class A network address but address with all zeros
are not used and address 127 is special purpose address so 126
class A network are available
There are 16.777.214 host address are in class A
 Class B Ip address
It use the first two octet for network address and the last two
octet used for host address
The one and two bit which are always 10 designate
The address as the class B address and 14 bits are used to
designate the network the last 16 bits ( two octets ) to designate
the host
 Class C IP address it use the three octets for network address
and only one octet (the last octet ) used to host address
Special address is an address that is used for other special
purpose
a few address are set for spacilal purpose
subnet mask
if you know the address class it is easy to separate the two
portion ( the host and the network) address
The standard address class structure has been expanded by
borrowing bits from host portion to all for more networks under
this address schema called subnetting
Separating the network and host required a special process called
subnet masking
The subnet masking process was developed to identify an extract
the network part of the address for example 193.168.100.97
give this IP address
It is a class C by default its subnet mask is 255.255.255.0 then
change the subnet mask and the IP address in to binary form
(bits)then by using and (AND/OR) gets we can calculate
Cont..
Subnet mask used to determine whether the address is on the
local network or not
It is applied to a message destination address to extract the
network address
The process used to appley the subnet mask involves Boolean
algebra to filter out non-maching bits to identify the network
address
Subnetting is the process of dividing network and its IP address
in to segments each of which is called subnet work or subnet
The subnet mask is 32 bit number that the router uses for couver
up the network address to show which bits are being used to
identify subnet or which bis used to network address
Cont..
Subnet mask used to determine whether the address is on the
local network or not
It is applied to a message destination address to extract the
network address
The process used to appley the subnet mask involves Boolean
algebra to filter out non-maching bits to identify the network
address
Subnetting is the process of dividing network and its IP address
in to segments each of which is called subnet work or subnet
The subnet mask is 32 bit number that the router uses for couver
up the network address to show which bits are being used to
identify subnet or which bis used to network address
Cont..
The two primary benefit of subnetting are
Fewer IP address often as few as one are needed to provide
addressing to a network and subnetting
Subnetting usually results in smaller routing tables in routers
beyond the local internet work
Boolean algebra
It is the processed that applies binary logic to yield binary result
By using AND you can get the net work address
Four basic principle of Boolean algebra by using AND
1 AND 0 = 0 0 AND 1 =0
1 AND 1= 1 0 AND 0 =0
 SUBNETTING
• The basic idea of subnetting is to divide standard classful
host number field into two parts-the subnet number and the
host number on that subnet.

•.

39
CONT…
The deployment of subnetting within the private network
provides several benefits:
Size of Internet routing table does not, because all subnets
are combined into a single routing table entry.
Local administrator has flexibility to deploy additional
subnets without obtaining a new network number from the
Internet.
Route flapping (that is, the rapid changing of routes) within
the private network does not affect the Internet routing
table since Internet routers do not know about the
reachability of the individual subnets.

40
Subnet Design Considerations
1) The deployment of an addressing plan requires careful
thought. Four key questions that must be answered before
any design should be undertaken are:
2) How many total subnets does the organization need
today?
3) How many total subnets will the organization need in the
future?
4) How many hosts are on the organization’s largest subnet
today?
5) How many hosts will there be on the organization’s largest
subnet in the future?

41
CONT..
Subnet Example #1
1. Given: An organization is assigned the network number
193.1.1.0/24 and it needs to define six subnets. The largest
subnet is required to support 25 hosts.
Solution:
Defining the Subnet Mask / Extended Prefix Length:
o to determine the number of bits required to define 6 subnets.
o subnets must be created in blocks of powers of two [2 (21), 4 (22),
8 (23) and so on].. Since 8 = 23, 3 bits are required to enumerate
the eight subnets in the block. In this example, the organization is
subnetting a /24 so it will need 3 more bits, or a /27, as the
extended network prefix.
o A 27-bit extended network prefix can be expressed in dotted-
decimal notation as 255.255.255.224,
CONT..
CONT..
Defining the Subnet Numbers: to define Subnet #N, the
network administrator places the binary representation of N
into the bits of the subnet number field.
• For example, to define Subnet #6, the network administrator
simply places the binary representation of 6 (110) into the 3
bits of the subnet number field.
• Base Net 11000001.00000001.00000001.00000000 = 193.1.1.0/24
• Subnet #0: 11000001.00000001.00000001.000 00000 = 193.1.1.0/27
• Subnet #1: 11000001.00000001.00000001.001 00000 = 193.1.1.32/27
• Subnet #2: 11000001.00000001.00000001.010 00000 = 193.1.1.64/27
• Subnet #3: 11000001.00000001.00000001.011 00000 = 193.1.1.96/27
• Subnet #4: 11000001.00000001.00000001.100 00000 = 193.1.1.128/27
• Subnet #5: 11000001.00000001.00000001.101 00000 = 193.1.1.160/27
• Subnet #6: 11000001.00000001.00000001.110 00000 = 193.1.1.192/27
• Subnet #7: 11000001.00000001.00000001.111 00000 = 193.1.1.224/27
CONT..
Defining Host Addresses for Each Subnet:
• In our current example, there are 5 bits in the host number field
of each subnet address. This means that each subnet represents
a block of 30 host addresses (25 -2 = 30,).
• In general, to define the address assigned to Host #N of a
particular subnet, the network administrator places the binary
representation of N into the subnet’s host number field.
• For example, to define the address assigned to Host #15 on
Subnet #2, the network administrator simply places the binary
representation of 15 (011112 ) into the 5-bits of Subnet #2’s
host number field.
CONT..
 Subnet #2: 11000001.00000001.00000001.010 00000 = 193.1.1.64/27
 Host #1: 11000001.00000001.00000001.010 00001 = 193.1.1.65/27
 Host #2: 11000001.00000001.00000001.010 00010 = 193.1.1.66/27
 Host #3: 11000001.00000001.00000001.010 00011 = 193.1.1.67/27
 Host #4: 11000001.00000001.00000001.010 00100 = 193.1.1.68/27
 Host #5: 11000001.00000001.00000001.010 00101 = 193.1.1.69/27
 Host #15: 11000001.00000001.00000001.010 01111 = 193.1.1.79/27
 Host #16: 11000001.00000001.00000001.010 10000 = 193.1.1.80/27
 .Host #27: 11000001.00000001.00000001.010 11011 = 193.1.1.91/27
 Host #28: 11000001.00000001.00000001.010 11100 = 193.1.1.92/27
 Host #29: 11000001.00000001.00000001.010 11101 = 193.1.1.93/27
 Host #30: 11000001.00000001.00000001.010 11110 = 193.1.1.94/27
CONT..
 The valid host addresses for Subnet #6 are listed in the following sample code. The underlined
portion of each address identifies the extended network prefix, while the bold digits identify the 5-bit
host number field:
o Subnet #6: 11000001.00000001.00000001.110 00000 = 193.1.1.192/27
o Host #1: 11000001.00000001.00000001.110 00001 = 193.1.1.193/27
o Host #2: 11000001.00000001.00000001.110 00010 = 193.1.1.194/27
o Host #3: 11000001.00000001.00000001.110 00011 = 193.1.1.195/27
o Host #4: 11000001.00000001.00000001.110 00100 = 193.1.1.196/27
o Host #5: 11000001.00000001.00000001.110 00101 = 193.1.1.197/27
o .
o .
o Host #15: 11000001.00000001.00000001.110 01111 = 193.1.1.207/27
o Host #16: 11000001.00000001.00000001.110 10000 = 193.1.1.208/27
o .
o .
o Host #27: 11000001.00000001.00000001.110 11011 = 193.1.1.219/27
o Host #28: 11000001.00000001.00000001.110 11100 = 193.1.1.220/27
o Host #29: 11000001.00000001.00000001.110 11101 = 193.1.1.221/27
o Host #30: 11000001.00000001.00000001.110 11110 = 193.1.1.222/27
CONT..
 Defining the Broadcast Address for Each Subnet:
 The broadcast address for Subnet #2 is the all-1s host address or:
 11000001.00000001.00000001.010 11111 = 193.1.1.95
 Note that the broadcast address for Subnet #2 is exactly one less than the base address for Subnet #3
(193.1.1.96). This is always the case-the broadcast address for Subnet #n is one less than the base address for
Subnet #(n+1).
 The broadcast address for Subnet #6 is simply the all-1s host address or:
 11000001.00000001.00000001.110 11111 = 193.1.1.223
 Again, the broadcast address for Subnet #6 is exactly one less than the base address for Subnet #7
(193.1.1.224).
CONT..
 In general In subnetting we find the answer of following
questions.
1. What is subnet mask for given address?
2. How many subnets does given subnet mask provide?
3. What is block size for given subnet mask?
4. What are the valid subnets?
5. What are the total hosts?
6. How many valid hosts per subnet?
7. What is network address of each subnet?
8. What is broadcast address of each subnet?
Example 188.25.45.48/20
CONT..
EX 1. What is subnet mask for given
address? 188.25.45.48/20
 This address belong to class B (255.255.0.0) with /16 in CIDR . Let us
borrowed 4 bits from hosts portion. So this subnet mask in binary would be
11111111.11111111.11110000.00000000.
 Our answer subnet mask would be 255.255.240.0

EX 2. How many subnets does given

subnet mask provide?
in 192.168.1.0/27, N(borrowed bit) is 3. By looking at address we can
determined that this address is belong to class C and class C has default
subnet mask 255.255.255.0 [/24 in CIDR]. In given address we borrowed 27 -
24 = 3 host bits to create subnets. Now 23 = 8, so our answer is 8.
CONT..
EX 3. What is
block size for given
subnet mask?
• It is used to calculate the valid subnets
• To figure out the block size, use this formula
256 - Subnet mask = block size.
For example block size for subnet mask
255.255.255.240 is 256 - 240 = 16.
EX 4. What are the valid subnets?
CONT..
 1st calculate total subnet by using formula 2N
 2nd find the block size and count from zero in block until
you reach the subnet mask value incrementing with block
size. Ex. the valid subnets for 192.168.1.0/26.
 N=2 [26-24],Total subnets are 22 = 4.
 Subnet mask would be 255.255.255.192.
 Block size would be 256-192 = 64.
 Start counting from zero at blocks of 64, so our valid subnets
would be 0,64,128,192.
CONT..

EX 5. What are the total hosts?

 Totalhosts per subnet =2H = Total hosts. H is the number
of host bits. For example in address 192.168.1.0/26 we
have 32 – 26 = 6. Total hosts per subnet would be 26 =
64.
CONT..

EX 6. How many valid hosts are available

per subnet?
As we know, we need to reduce two address per subnet,
one for network ID and another for broadcast ID.
 So our formula, to calculate valid hosts would be Total
hosts -2 = Valid hosts. In above example we have 64
hosts per subnet, so valid hosts in each subnet would be
64 - 2 = 62.
CONT..

EX 7. What is broadcast address of each

subnet?
Broadcast address is the last address of subnet and cannot
be assigned to any host. In above example
 0 Subnet has broadcast address 63
 64 Subnet has broadcast address 127
 128 Subnet has broadcast address 191
 192 Subnet has broadcast address 255
CONT..

EX 8. What is the network address of

each subnet?
Network address is the first address of subnet. This
address is used to locate the network, and cannot be
assigned to any host. In above example address
0,64,128,192 are the network address.
o192.168.4.0/24
o Create 3 separate networks or subnets? Network id? SM?
Valid host?
o Host id range ?
o Broad cast id ?
VARIABLE LENGTH SUBNET MASKS (VLSM)

• When an IP network is assigned more than one subnet

mask, it is considered a network with (VLSM) since the
extended network prefixes have different lengths.
• RIP-1 Permits Only a Single Subnet Mask
• When using RIP-1, subnet masks have to be uniform across
the entire network prefix.
• RIP-1 allows only a single subnet mask to be used within
each network number because it does not provide subnet
mask information as part of its routing table update
messages.

57
VLSM Design Considerations..
• When developing a VLSM design, the network designer
must recursively ask the same set of questions as for a
traditional subnet design. The same set of design decisions
must be made at each level of the hierarchy:
• How many total subnets does this level need today?
• How many total subnets will this level need in the future?
• How many hosts are on this level’s largest subnet today?
• How many hosts will be on this level’s largest subnet be in
the future?

58
 Requirements for Deploying VLSM

The successful deployment of VLSM has three

prerequisites:
1) The routing protocols must carry extended network
prefix information with each route advertisement.
2) All routers must implement a consistent forwarding
algorithm based on the “longest match.”
3) For route aggregation to occur, addresses must be
assigned so that they have topological significance.

59
 VLSM Example

• Given: An organization has been assigned the network

number 140.25.0.0/16 and it plans to deploy VLSM. Figure
6-19 provides a graphic display of the VLSM design for the
organization

60
 VLSM Example

Define the 16 Subnets of 140.25.0.0/16:

The first step in the subnetting process divides the base
network address into 16 equally sized address blocks
• Since 16 = 24, four bits are required to identify each of the
16 subnets.
• This means that the organization needs four more bits, or
a /20, in the extended network prefix to define the 16
subnets of 140.25.0.0/16.

61
VLSM Example
• Base Network: 10001100.00011001 .00000000.00000000 =
140.25.0.0/16
Subnet #0: 10001100.00011001.0000 0000.00000000 =
140.25.0.0/20
Subnet #1: 10001100.00011001.0001 0000.00000000 =
140.25.16.0/20
Subnet #2: 10001100.00011001.0010 0000.00000000 =
140.25.32.0/20
Subnet #3: 10001100.00011001.0011 0000.00000000 =
140.25.48.0/20
Subnet #4: 10001100.00011001.0100 0000.00000000 =
140.25.64.0/20
• :
Subnet #13: 10001100.00011001.1101 0000.00000000 =
140.25.208.0/20
Subnet #14: 10001100.00011001.1110 0000.00000000 =
140.25.224.0/20
Subnet #15: 10001100.00011001.1111 0000.00000000 =
140.25.240.0/20

62
VLSM Example
• Define the Host Addresses for Subnet #3 (140.25.48.0/20): Figure 6-21
shows the host addresses that can be assigned to Subnet #3 (140.25.48.0/20).

• Since the host number field of Subnet #3 contains 12 bits,

there are 4,094 valid host addresses (212 -2) in the address
block. The hosts are numbered 1 through 4,094. The valid
host addresses for Subnet #3 are listed in the following
sample code. The underlined portion of each address
identifies the extended network prefix, while the bold digits
identify the 12-bit host number field:

63
VLSM Example
• Subnet #3: 10001100.00011001.0011 0000.00000000 =
140.25.48.0/20
• Host #1: 10001100.00011001.0011 0000.00000001 =
140.25.48.1/20
• Host #2: 10001100.00011001.0011 0000.00000010 =
140.25.48.2/20
• Host #3: 10001100.00011001.0011 0000.00000011 =
140.25.48.3/20
• :
• Host #4093: 10001100.00011001.0011 1111.11111101 =
140.25.63.253/20
• Host #4094: 10001100.00011001.0011 1111.11111110 =
140.25.63.254/20
• The broadcast address for Subnet #3 is the all-1s host address or:
• 10001100.00011001.0011 1111.11111111 = 140.25.63.255
• The broadcast address for Subnet #3 is exactly one less than the base address for
Subnet #4 (140.25.64.0). 64
VLSM Example

 Define the Sub-Subnets for Subnet #14

(140.25.224.0/20): After the base network address is
divided into 16 subnets, Subnet #14 is subdivided into 16
equally sized address blocks.
Since 16 = 24, four more bits are required to identify each
of the 16 subnets. This means that the organization will
need to use a /24 as the extended network prefix length.

65
VLSM Example
• Subnet #14: 10001100.00011001.1110 0000.00000000 = 140.25.224.0/20
• Subnet #14-0: 10001100.00011001.1110 0000 .00000000 = 140.25.224.0/24
• Subnet #14-1: 10001100.00011001.1110 0001 .00000000 = 140.25.225.0/24
• Subnet #14-2: 10001100.00011001.1110 0010 .00000000 = 140.25.226.0/24
• Subnet #14-3: 10001100.00011001.1110 0011 .00000000 = 140.25.227.0/24
• Subnet #14-4: 10001100.00011001.1110 0100 .00000000 = 140.25.228.0/24
• .
• Subnet #14-14: 10001100.00011001.1110 1110 .00000000 = 140.25.238.0/24
• Subnet #14-15: 10001100.00011001.1110 1111 .00000000 = 140.25.239.0/24

66
VLSM Example

Define Host Addresses for Subnet #14-3 (140.25.227.0/24)

• Each of the subnets of Subnet #14-3 has 8 bits in the host
number field. This means that each subnet represents a
block of 254 valid host addresses (28 -2). The hosts are
numbered 1 through 254.
• The valid host addresses for Subnet #14-3 are listed in the
following sample code. The underlined portion of each
address identifies the extended network prefix, while the
bold digits identify the 8-bit host number field:

67
VLSM Example
• Subnet #14 3: 10001100.00011001.11100011 .00000000 = 140.25.227.0/24
• Host #1: 10001100.00011001.11100011 .00000001 = 140.25.227.1/24
• Host #2: 10001100.00011001.11100011 .00000010 = 140.25.227.2/24
• Host #3: 10001100.00011001.11100011 .00000011 = 140.25.227.3/24
• Host #4: 10001100.00011001.11100011 .00000100 = 140.25.227.4/24
• Host #5: 10001100.00011001.11100011 .00000101 = 140.25.227.5/24
• .
• .
• Host #253: 10001100.00011001.11100011 .11111101 = 140.25.227.253/24
• Host #254: 10001100.00011001.11100011 .11111110 = 140.25.227.254/24
• The broadcast address for Subnet #14-3 is the all-1s host address or:
• 10001100.00011001.11100011. 11111111 = 140.25.227.255
• The broadcast address for Subnet #14-3 is exactly one less than the base address for
Subnet #14-4 (140.25.228.0).

68
VLSM Example

Define the Sub-Subnets for Subnet #14-14 (140.25.238.0/24):

After Subnet #14 is divided into 16 subnets, Subnet #14-14 is
subdivided into eight equally sized address blocks
• Since 8 = 23, three more bits are required to identify each
of the eight subnets. This means that the organization will
need to use a /27 as the extended network prefix length.
• The eight subnets of the 140.25.238.0/24 address block
are listed in the following sample code. The subnets are
numbered 0 through 7. The underlined portion of each
sub-subnet address identifies the extended network
prefix, while the bold digits identify the 3 bits representing
the subnet-number field

69
VLSM Example
• Subnet #14-14: 10001100.00011001.11101110 .00000000 = 140.25.238.0/24
• Subnet#14-14-0: 10001100.00011001.11101110.000 00000 = 140.25.238.0/27
• Subnet#14-14-1: 10001100.00011001.11101110.001 00000 = 140.25.238.32/27
• Subnet#14-14-2: 10001100.00011001.11101110.010 00000 = 140.25.238.64/27
• Subnet#14-14-3: 10001100.00011001.11101110.011 00000 = 140.25.238.96/27
• Subnet#14-14-4: 10001100.00011001.11101110.100 00000 = 140.25.238.128/27
• Subnet#14-14-5: 10001100.00011001.11101110.101 00000 = 140.25.238.160/27
• Subnet#14-14-6: 10001100.00011001.11101110.110 00000 = 140.25.238.192/27
• Subnet#14-14-7: 10001100.00011001.11101110.111 00000 = 140.25.238.224/27

70
VLSM Example
Define Host Addresses for Subnet #14-14-2 (140.25.238.64/27):
Figure 6-25 shows the host addresses that can be assigned to
Subnet #14-14-2 (140.25.238.64/27).
• Each of the subnets of Subnet #14-14 has 5 bits in the host
number field. This means that each subnet represents a
block of 30 valid host addresses (25 -2). The hosts will be
numbered 1 through 30.
• The valid host addresses for Subnet #14-14-2 are listed in
the following sample code. The underlined portion of each
address identifies the extended network prefix, while the
bold digits identify the 5-bit host number field

71
VLSM Example
• Subnet#14-14-2: 10001100.00011001.11101110.010 00000 = 140.25.238.64/27
• Host #1 10001100.00011001.11101110.010 00001 = 140.25.238.65/27
• Host #2 10001100.00011001.11101110.010 00010 = 140.25.238.66/27
• Host #3 10001100.00011001.11101110.010 00011 = 140.25.238.67/27
• Host #4 10001100.00011001.11101110.010 00100 = 140.25.238.68/27
• Host #5 10001100.00011001.11101110.010 00101 = 140.25.238.69/27
• .
• .
• Host #29 10001100.00011001.11101110.010 11101 = 140.25.238.93/27
• Host #30 10001100.00011001.11101110.010 11110 = 140.25.238.94/27
• The broadcast address for Subnet #14-14-2 is the all-1s host address or:
• 10001100.00011001.11011100.010 11111 = 140.25.238.95
• The broadcast address for Subnet #6-14-2 is exactly one less than the base address for
Subnet #14-14-3 (140.25.238.96).

72
 Chapter 5

Evaluating Security solution for the

Network

1
 Security Services in a Modular Network Design
• Developing security strategy that can protect all part of a
complicated network while having limited effect on easy of use and
performance is one of the most important and difficult task related
to network design
• Security is an infrastructure service that increases the network’s
integrity by protecting network resources and users from internal
and external threats.
• Security policy establish by senior managers communicate with
network administrator

1
 Network security design
• Breaking down the process of security design into the following steps will help
effectively plan and execute a security strategy
1. Identify network assets
2. Analysis security risks
3. Analysis security requirement and thread of
4. Develop security plan
5. Develop security policy
6. Develop procedure for applying security policy
7. Develop a technical implementation strategy
8. Achieve users, managers and technical staff
9. Train user, manager, and technical staff
10. Implement the technical strategy and security procedure
11. Test the security and update it if any problem is found
12. Maintain security

1
 CONT…
• Internal Security
• The following are some recommended security practices in each
module:
• At the Building Access layer access is controlled at the port level
using the data link layer information.
• At the Building Distribution layer performs filtering to keep
unnecessary traffic from the Campus Core.
• At the Campus Core layer is a high-speed switching backbone and
should be designed to switch packets as quickly as possible

1
 Developing security policy
• Security policy is the formal statement of the rules by which people
who are given access to an organization technology and information
asset must tolerate
• Developing a security policy is the job of senior management with
help of security and network administrator

1
 Component of security policy
• Access policy:- that define access right and privilege
• An accountability policy:- that define responsibility of user,
operational staff and management
• authentication policy:- that established trust through an effective
password policy and setup guidelines for remote location
authentication
• Privacy policy:- that define reasonable expectation of privacy
regarding monitoring of email, login of key stokers and access to
user fail
• Computer technology purchasing guidelines that specify the
requirement of all the computer configuration as well as network
installation and computer specification also its security specification

1
 Physical security
• It refers to the limiting access key network resources by keeping
resources behind a locked door and protect from natural and human made
disaster
• It also protect a network from in adverting mis uses of network
equipment by untrained employee and contractors
• It can also network protect from hacker, compotators, terrorist waking
• It protect form biohazard
• Radio active spills
• it protect from natural disaster
• Flood ,fire, earthquake

1
Authentication, Authorization, and Accounting (AAA)
• AAA is a crucial aspect of network security that should be
considered during the network design.
• An AAA server handles the following:
• Authentication—Who? Authentication checks the user’s identity,
typically through a username and password combination.
• Authorization—What? After the user is authenticated, the AAA
server dictates what activity the user is allowed to perform on the
network.
• Accounting—When? The AAA server can record the length of the
session, the services accessed during the session, and so forth.

1
 Cont.…
• The principles of strong authentication should be included in the user
authentication.
• Strong authentication refers to the two-factor authentication method
in which users are authenticated using two of the following factors:
• Something you know: Such as a password or personal identification
number (PIN)
• Something you have: Such as an access card, bank card, or token
• Something you are: For example, some biometrics, such as a retina
print or fingerprint
• Something you do: Such as your handwriting, including the style,
pressure applied, and so on
1
 Data encryption
• Encryption is the process that scramble(hide) data to protect it
from being read by any one but that intended receiver
• An encryption device is encrypt data or scramble data
• Decryption device is decrypt data (not encrypt)
• Data that encrypted is called cypher data
• Data that is not encrypted is called plain text
• Decryption device used to cypher text plain text
• encryption device used to convert plain text to cipher text

1
 Data encryption cont’d……
• Encryption has two parts
1. Encryption algorithm
An Encryption algorithm is the set of instruction to scramble
data that is an unscramble data
2. An encryption key
 it is the code used by an algorithm to scramble and
unscramble data
The goal of an encryption is to use and algorithm to scramble
the data
1
 Data encryption cont’d……
• When both the sender and receiver use the same secrete key
it is called symmetric key
• Example DES(data encryption standard) is the best known
example of symmetric key system
• Asymmetric use two key called public-private key

1
 External threats
 The enterprise edge is the first line of defense at which potential
out side attacks can be stopped
 The following four attach method are commonly used in attempts
to compromise the integrity of enterprise network farm
 Ip spoofing
 Password attack
 DOS attack
 Application layer attack