Transport Network Design

Table of Contents
1.1 Introduction to Cisco Packet Tracer Network Simulator.....................................................2
1. Advantages of Cisco Packet Tracer................................................................................2
2. Disadvantages of Cisco Packet Tracer............................................................................2
3. Packet Tracer features.....................................................................................................2
1.2 What Is Modular Network Design.......................................................................................4
1.3 LAN Network Redundancy..................................................................................................5
1.4 Link Aggregation.................................................................................................................6
1.5 How link Aggregation supporting to Load Balancing.........................................................7
1.5.1 EtherChannel.................................................................................................................7
2.1 Introduction..........................................................................................................................8
2.2 Screenshot and Configuration..............................................................................................8
2.3 Explain Different Types of Switch Redundancy Protocols...............................................19
2.4 Introduction of Spanning Tree Protocols...........................................................................21
2.4.1 Difference between RSTP and PVST.........................................................................21
2.5 Redundant layer 3 switches................................................................................................23
3.1 Installation and Configuration of pf Sense Firewall..........................................................27
3.1.1 Installation of pf Sense..........................................................................................28
3.1.2 pfSense Configuration...........................................................................................31
3.2 Discuss the differences between a public and a private WAN..........................................40
3.3 Hamachi configuration Screenshots..............................................................................42
4.1 Introduction of network monitoring...................................................................................47
4.1.1 What is network monitoring?......................................................................................47
4.1.2 Important is network monitoring................................................................................47
4.1.3 What kind of networks can they monitor?..................................................................47
4.2 What is Nessus?................................................................................................................47
4.2.1 Screenshot Configuring the Policy:.........................................................................48
4.3 Layer by Layer Troubleshooting with a Cisco Router.......................................................56
4.3.1 Router Troubleshooting at OSI Layer 3......................................................................56
4.3.2 Router Troubleshooting at OSI Layer 1 & 2 – Physical & Data link.........................58
4.3.2 Router Troubleshooting at OSI Layers 4 – 7..............................................................59
Harvard Reference...................................................................................................................60

1|Page
 Transport Network Design

PART 01

1.1 Introduction to Cisco Packet Tracer Network Simulator

Packet Tracer is a powerful network simulator that can be utilized in training for Network
certifications by allowing students to create networks with an almost unlimited number of
devices and to experience troubleshooting without having to buy real Cisco routers or
switches. Cisco Systems create the tool. The purpose of Packet Tracer is to offer students a
tool to learn the principles of networking as well as develop Cisco technology specific skills.
However, it is not be used as a replacement for Routers or Switches.
It can be downloaded for free if you have a Netacad account. As Cisco says, the best way to
learn about networking is to do it. Hands-on equipment gets students started, but is limited to
the number of devices in the lab. Furthermore, Educators use Packet Tracer to demonstrate
complex technical concepts and networking systems. Students use Packet Tracer to complete
assignments, working on their own or in teams.
As a network engineer, I used to simulate complex scenarios first on packet tracer and then
deploy them on the real equipment. Please notice though, this course will not teach you
networking, but rather let teach you how to simulate and apply your networking related
knowledge.

1. Advantages of Cisco Packet Tracer

 It is easy to use and can be used on the any place you want.
 One of the best advantage of it is the Sim mode which otherwise do not available in
the real gear thing.
 It enables it’s users to simulate the configuration relating to the Cisco routers

2. Disadvantages of Cisco Packet Tracer

 It may cause the loops by affecting the STP.

 It do not support the ether channel regarding the access layer switches.
 With regard to “Switching”, It does accept “Etherchannel” on the layers of the
switches

3. Packet Tracer features

 Cisco network feature devices

1. Cisco IE2000 industrial switch

2. Cisco 819IOX router with applications hosting (virtual machines) capabilities
3. Cisco 829 Industrial integrated service (ISR) router
4. Cisco 1240 Connected Grid Router

2|Page
 Transport Network Design

5. IOT home gateway

 Other devices

1. Server device : New "Internet of Everything" and "VM Management"

2. Registration server for IOT devices
3. Single board Computer (SBC)
4. Microcontroller Unit (MCU)
5. IOE devices and sensors in a new IoE devices category: solar panel, power meter,
car, wireless home gateway, power meter, weight sensor, motion detector,
temperature sensor, conveyor sensor
6. Programming languages (java, python, blocky visual programming editor...).
Provides the capability to program IOT devices custom behavior.
7. Fully customizable IOE "Thing" with wireless or wired network capacibilites.
Provides the capability to build an unlimited set of simulated items with IOE
capabilities.
8. Programming tab added in the IoE device configuration box
9. Wireless IOE RFID sensor and Wireless IOE RFID items.

 New network features & protocols

1. LLDP
2. SPAN/RPAN
3. Precision Time Protocol (PTP)
4. Resilient Ethernet Protocol (REP)
5. Improved POE support
6. IOT switch protocol support

3|Page
 Transport Network Design

1.2 What Is Modular Network Design

A module is a component of a composite structure. Modular network design involves creating

modules that can then be put together to meet the requirements of the entire network.
Modules are analogous to building blocks of different shapes and sizes; when creating a
building, each block has different functions. Designing one of these blocks is a much easier
task than designing the entire building. Each block might be used in multiple places, saving
time and effort in the overall design and building process. The blocks have standard
interfaces to each other so that they fit together easily. If the requirements for a block change,
only that block needs to change other blocks are not affected. Similarly, a specific block can
be removed or added without affecting other blocks.
As when used for a building, a modular design for a network has many benefits,
including the following:
 It is easier to understand and design smaller, simpler modules rather than an entire
network.
 It is easier to troubleshoot smaller elements compared to the entire network.
 The reuse of blocks saves design time and effort, as well as implementation time and
effort.
 The reuse of blocks allows the network to grow more easily, providing network
scalability.
 It is easier to change modules rather than the entire network, providing flexibility of
design.

Hierarchical design models

The Hierarchical internetworking model is a three-layer model for network design first
proposed by Cisco. .It divides enterprise networks into three layers: core, distribution, and
access layer.

4|Page
 Transport Network Design

1. Core layer: Provides optimal transport between sites and high-performance routing. Due
the criticality of the core layer, the design principles of the core should provide an
appropriate level of resilience that offers the ability to recover quickly and smoothly after
any network failure event with the core block.

2. Distribution layer: Provides policy-based connectivity and boundary control between

the access and core layers.

3. Access layer: Provides workgroup/user access to the network. The two primary and
common hierarchical design architectures of enterprise campus networks are the three-tier
and two-tier layers models.

1.3 LAN Network Redundancy

The server is down! The Internet is down! Systems administrators and network administrators
would prefer never to hear these words—and after all, the words are seldom literally accurate.
How often is an entire server destroyed? How often does the Internet suffer a global failure?
Most system failures are the result of a single component failure. Your job is to find that
component, fix it, and return the system to normal operation.
For crucial systems, you're always looking for ways to predict and reduce downtime. One
approach is to analyze the system's communication path from servers to users and look for
potential single points of failure that is, individual system components that, when broken, can
cause the unavailability of the entire system. After you identify potential single points of
failure, your next challenge is to decide what to do about them. Because money is often a
consideration, you undertake risk analysis—either formally or informally. A considered
response often includes one or more of the following strategies:
 Do nothing. Either the risk is low or the cost of a fix is too high.
 Acquire cold spare parts. Cold spare parts are components that you can use to replace
broken parts quickly. This strategy comes with moderate cost and risk and is appropriate
when some downtime is acceptable.
 Acquire hot spare parts. Hot spare parts are redundant components that are running all the
time, ready to take over for broken components in the system. Clustering, load balancing,
and hot sites are all forms of such redundancy, depending on the part of a system that
needs repair.
As a network administrator, you need to ensure that packets continue to flow. Often,
redundant network connections are your best bet. In a network setting, you can use
redundancy to provide fault tolerance and to increase communications capacity. To build
reliable network communications paths, you need to understand how to implement redundant
LAN and WAN connections.

5|Page
 Transport Network Design

1.4 Link Aggregation

Link aggregation is a technique used in a high-speed-backbone network to enable the fast and
inexpensive transmission of bulk data. The best feature of link aggregation is its ability to
enhance or increase the network capacity while maintaining a fast transmission speed and not
changing any hardware devices, thus reducing cost.
Cost Effectiveness
LAG is a very common technique for establishing a new network infrastructure using extra
cabling above the current requirements. Labor cost is much more than the cost of cabling.
Thus, when a network extension is required, the extra cables are used without incurring any
additional labor. However, this can be done only when extra ports are available.
Higher-Link Availability
This is the best feature of LAG. A communication system keeps working even when a link
fails. In such situations, link capacity is reduced but data flow is not interrupted.
Network Backbone
Formerly, there were many techniques used for networking, but IEEE standards are always
preferred. LAG supports network load balancing. Different load balancing algorithms are set
by network engineers or administrators. Furthermore, network speed is increased by small
increments, saving both resources and cost.
Limitations
With all kinds of implementations, each link and piece of hardware is standardized and
engineered to not affect the network efficiency or link speed. Additionally, with single
switching all kind of ports (802.3ad, broadcast, etc.) must reside on a single switch or the
same logical switch.

6|Page
 Transport Network Design

1.5 How link Aggregation supporting to Load Balancing

Link Aggregation is a nebulous term used to describe various implementations and
underlying technologies. In general, link aggregation looks to combine (aggregate) multiple
network connections in parallel to increase throughput and provide redundancy. While there
are many approaches, this article aims to highlight the differences in terminology.
Load Balancing
Load balancing can also be used to describe link bonding. Load balancing is a term reserved
for Layer 3+ operations. While application load balancers can be used to distribute load
across across an array of devices for a particular application or purpose, this article will
concentrate on Layer 3. In that sense, load balancing is commonly defined as a (mostly) even
distribution of IP traffic across 2 or more links. This can be done by providing a device
multiple equal cost routes to the same destination over equal sized links. See Figure 2 below.

1.5.1 EtherChannel

You can create a link aggregation group (LAG) for a group of Ethernet ports. Layer 2
bridging traffic is load balanced across the member links of this group, making the
configuration attractive for congestion concerns as well as for redundancy. You can configure
up to 128 LAG bundles on M Series, and T Series routers, and 480 LAG bundles on MX
Series routers and EX9200 switches. Each LAG bundle contains up to 16 links. (Platform
support depends on the Junos OS release in your installation.)
By default, the hash key mechanism to load-balance frames across LAG interfaces is based
on Layer 2 fields (such as frame source and destination address) as well as the input logical
interface (unit). The default LAG algorithm is optimized for Layer 2 switching. Starting with
Junos OS Release 10.1, you can also configure the load balancing hash key for Layer 2 traffic
to use fields in the Layer 3 and Layer 4 headers using the payload statement. For more
information, see Configuring Load Balancing on a LAG Link. IN a Layer 2 switch, one link
is over utilized and other links are underutilized.

7|Page
 Transport Network Design

PART 02

2.1 Introduction

According to the scenario I need to build and explain about the design a LAN diagram for an
organization consisting for three stories building with a proper structural platform. Through
the stimulator cisco packet tracer. So I build the structures and configuration for three stories
building. In below I will explain one by one steps. These building has three floors. Here I am
going to explain about the first floor. This floor using from employees. In this floor most of
employees use for the data entries.

2.2 Screenshot and Configuration

First floor
In first floor should consist around 12 working machines and server with only single
range. This particular floor should only function with one department.
Needed devices (requirements)
 Router
 Cable type - Copper straight through cable
 Switch - 24 port Cisco switch
 12 PC
First of all, I selected a router (2620XM) through the ISP. Next I selected a 24 port cisco
switch (2950-24) and chose the generic pcs and one server. For connect the nodes. I should
have select 12 nodes to build this network. And the next step is select a proper cable
connection. In this step according to the network rule when we connect the cables router to
switch we need to choose copper straight through cable. This type of situation we do not
choose copper cross over cable. Because in this process only we have to use copper straight
through cable. If we use copper cross over cable, the whole network doesn’t work. We can’t
send the data packets through the network.
For an example, assume you had a small network. if you connect switch and PCs through the
copper cross over cable. Assume all the configurations are completely done. Now you are
ready to send data packets through the network. Before, you have to check the connection
between sender and receiver. So type “ping” command in to command prompt.

8|Page
 Transport Network Design

Step 01
In this exercise, we wanted to create a simple network with 1 router, 1 switches, and 12 pcs
and Server. Then the router should be configured in the Command Line (CLI), with some
commands or steps to follow

Operating elements used:

1. 1 Router
2. 1 Switch
3. 1 Server
4. 12 PCs
5. Connections: Copper straight through

Step 02
Configuration of the router to start the configuration, the router must be clicked.

9|Page
 Transport Network Design

Step 03

Next procedure the 12 PCs Gateway and IP address assigned.

Step 04

Next procedure the Server Gateway and IP address assigned.

10 | P a g e
 Transport Network Design

Step 05

The most important steps have been completed and ping commands, etc. can now be
performed in the Command Prompt. The components can also be viewed in a physical view.
(Network cabinet)
Ping PC to PC

Ping Router to PC

Second floor

11 | P a g e
 Transport Network Design

In first floor should consist around 15 working machines and 2 server with only Two
range. This particular floor should only function with one department.
Needed devices (requirements)
 Router
 Cable type - Copper straight through cable
 2 Switch - 24 port Cisco switch
 15 PC
 2 Server
First of all, I selected a router (2620XM) through the ISP. Next I selected a 24 port cisco
switch (2950-24) and chose the generic pcs and one server. For connect the nodes. I should
have select 12 nodes to build this network. And the next step is select a proper cable
connection. In this step according to the network rule when we connect the cables router to
switch we need to choose copper straight through cable. This type of situation we do not
choose copper cross over cable. Because in this process only we have to use copper straight
through cable. If we use copper cross over cable, the whole network doesn’t work. We can’t
send the data packets through the network. For an example, assume you had a small network.
if you connect switch and PCs through the copper cross over cable. Assume all the
configurations are completely done. Now you are ready to send data packets through the
network. Before, you have to check the connection between sender and receiver. So type
“ping” command in to command prompt.
Step 01
In this exercise, we wanted to create a simple network with 1 router, 2 switches, and 15 pcs
and 2 Server. Then the router should be configured in the Command Line (CLI), with some
commands or steps to follow

Operating elements used:

1. 1 Router
2. 2 Switch
3. 2 Server
4. Connections: Copper straight through

12 | P a g e
 Transport Network Design

Step 02
Configuration of the router to start the configuration, the router must be clicked

13 | P a g e
 Transport Network Design

Step 03

Next procedure the 15 PCs Gateway and IP address assigned.

Step 04

Next procedure the Server Gateway and IP address assigned.

14 | P a g e
 Transport Network Design

Step 05

The most important steps have been completed and ping commands, etc. can now be
performed in the Command Prompt. The components can also be viewed in a physical view.
(Network cabinet)
Ping PC to PC

Ping Router to PC

15 | P a g e
 Transport Network Design

Second floor
In first floor should consist around 22 working machines and one normal router one
backup router with only Two range. This particular floor should only function with one
department.
Needed devices (requirements)
 2 Router
 Cable type - Copper straight through cable
 2 Switch - 24 port Cisco switch
 22 PC
First of all, I selected a router (2620XM) through the ISP. Next I selected a 24 port cisco
switch (2950-24) and chose the generic pcs and one server. For connect the nodes. I should
have select 12 nodes to build this network. And the next step is select a proper cable
connection. In this step according to the network rule when we connect the cables router to
switch we need to choose copper straight through cable. This type of situation we do not
choose copper cross over cable. Because in this process only we have to use copper straight
through cable. If we use copper cross over cable, the whole network doesn’t work. We can’t
send the data packets through the network. For an example, assume you had a small network.
if you connect switch and PCs through the copper cross over cable. Assume all the
configurations are completely done. Now you are ready to send data packets through the
network. Before, you have to check the connection between sender and receiver. So type
“ping” command in to command prompt.
Step 01
In this exercise, we wanted to create a simple network with 1 router, 2 switches, and 15 pcs
and 2 Server. Then the router should be configured in the Command Line (CLI), with some
commands or steps to follow

Operating elements used:

5. 2 Router
6. 2 Switch
7. 22 PCs
8. Connections: Copper straight through

16 | P a g e
 Transport Network Design

Step 02

Configuration of the router to start the configuration, the router must be clicked

17 | P a g e
 Transport Network Design

Step 03

Next procedure the 22 PCs Gateway and IP address assigned.

Step 04
The most important steps have been completed and ping commands, etc. can now be
performed in the Command Prompt. The components can also be viewed in a physical view.
(Network cabinet)
Ping

PC to PC

18 | P a g e
 Transport Network Design

Ping Router to PC

2.3 Explain Different Types of Switch Redundancy Protocols

Ethernet Switches are broadly categorized into two main categories – Modular and Fixed
Configuration.
Modular switches, as the name implies, allows you to add expansion modules into the
switches as needed, thereby delivering the best flexibility to address changing networks.
Examples of expansion modules are application-specific (such as Firewall, Wireless, or
Network Analysis), modules for additional interfaces, power supplies, or cooling fans. Cisco
Catalyst 4K and 6K are good examples of Modular switches.
Fixed Configuration switches are switches with a fixed number of ports and are typically not
expandable. This category is discussed in further detail below. Cisco Catalyst 2K, 3K and the
Cisco 300/500 series are good examples of Fixed Configuration switches.
Let me say up front that there are variations to the categories below as switch makers are
constantly adding capabilities and evolving the categories, but the broad essence remains the
same. The Fixed configuration switch category is further broken down into:
 Unmanaged Switches
 Smart Switches
 Managed L2 and L3 Switches

Unmanaged Switches

19 | P a g e
 Transport Network Design

This category of switch is the most cost effective for deployment scenarios that require only
basic layer 2 switching and connectivity. As such, they fit best when you need a few extra
ports on your desk, in a lab, in a conference room, or even at home.
With some unmanaged switches in the market, you can even get capabilities such as cable
diagnostics, prioritization of traffic using default QoS settings, Energy savings capabilities
using EEE (Energy Efficient Ethernet) and even PoE (Power over Ethernet). However, as the
name implies, these switches generally cannot be modified/managed. You simply plug them
in and they require no configuration at all.
Cisco 100 Series switches are good examples of this category.

Smart switches (also known as Lightly Managed Switches)

This category of switches is the most blurred and fastest changing. The general rule here is
that these switches offer certain levels of Management, QoS, Security, etc. but is “lighter” in
capabilities and less scalable than the Managed switches. It therefore makes them a cost-
effective alternative to Managed switches. As such, Smart switches fit best at the edge of a
large network (with Managed Switches being used in the core), as the infrastructure for
smaller deployments, or for low complexity networks in general.
Cisco 200 Series switches are good examples of this category.

Fully Managed L2 and L3 switches

Managed Switches are designed to deliver the most comprehensive set of features to provide
the best application experience, the highest levels of security, the most precise control and
management of the network, and offer the greatest scalability in the Fixed Configuration
category of Switches. As a result, they are usually deployed as aggregation/access switches in
very large networks or as core switches in relatively smaller networks. Managed switches
should support both L2 switching and L3 IP routing though you’ll find some with only L2
switching support.
Cisco Catalyst and Cisco 300 Series and 500 Series switches are good examples of this
category of products. Managed Switches can go even further than what I’ve highlighted. For
example, there’s even richer support for Dynamic Unicast and Multicast Routing protocols,
deeper flow intelligence or macro flow statistics with Netflow/SFlow, non-Stop Forwarding
capabilities, MPLS/VRF support, Policy enforcement, and many others.
Now, to take a deeper dive into these switch categories and talk about various options, you
can select the switches based on:
Speed, Number of ports, POE versus non-POE and Stackable versus Standalone

20 | P a g e
 Transport Network Design

2.4 Introduction of Spanning Tree Protocols

Network redundancy is a key to maintaining network reliability. Multiple physical links
between devices provide redundant paths. The network can then continue to operate when a
single link or port has failed. Redundant links can also share the traffic load and increase
capacity. Multiple paths need to be managed so that Layer 2 loops are not created. The best
paths are chosen, and an alternate path is immediately available in case a primary path fails.
Spanning Tree Protocol (STP) is used to create one path through a Layer 2 network. This
chapter focuses on the protocols used to manage these forms of redundancy. It also covers
some of the potential redundancy problems and their symptoms.

Types of Spanning Tree Protocols (3.2.1.1)

Several varieties of spanning-tree protocols have emerged since the original IEEE 802.1D.
The varieties of spanning-tree protocols include the following:
 STP—Defined in IEEE 802.1D, this is the original standard that provided a loop-free
topology in a network with redundant links. Also called Common Spanning Tree (CST),
it assumed one spanning-tree instance for the entire bridged network, regardless of the
number of VLANs.
 Per-VLAN Spanning Tree (PVST+)—PVST+ is a Cisco enhancement of STP that
provides a separate 802.1D spanning-tree instance for each VLAN configured in the
network.
 Rapid Spanning Tree Protocol (RSTP)—RSTP is defined in IEEE 802.1w. It is an
evolution of STP that provides faster convergence than STP.
 Rapid Per-VLAN Spanning Tree (Rapid PVST+)—Rapid PVST+ is a Cisco enhancement
of RSTP that uses PVST+ and provides a separate instance of 802.1w for each VLAN.
 Multiple Spanning Tree Protocol (MSTP)—MSTP, defined in IEEE 802.1s, maps
multiple VLANs into the same spanning-tree instance. The Cisco implementation of
MSTP is often referred to as Multiple Spanning Tree (MST).

2.4.1 Difference between RSTP and PVST

The Rapid Spanning Tree Protocol (RSTP) provides a significantly faster spanning tree
convergence after a topology change as compared to the original STP. In order to do this,
RSTP provides new introduces new convergence behaviors and bridge port roles. PVST
stands for Per-VLAN Spanning Tree. It is Cisco's proprietary version of the Spanning Tree
Protocol. PVST allows for the creation of a spanning tree for each VLAN.

21 | P a g e
 Transport Network Design

RSTP and PVST are types of the spanning tree

protocol. The Spanning Tree Protocol (STP) is
a network protocol is essentially used for any
bridged Ethernet local area network (LAN). The
STP ensures a loop-free topology in the
Ethernet LAN. It does so by preventing bridge
loops and broadcasting the radiation that results
from them.

He STP is standardized as IEEE 802.1D. STP

creates a spanning tree within a mesh network of connected layer-2 bridges. Typically, the
layer-2 bridges are Ethernet switches. The STP disables those links that are not part of the
spanning tree and leaves a single active path between any two-network nodes.
The STP also allows a network design to include spare and/or redundant links. These provide
automatic backup paths in case an active link fails. These spare links are included without the
danger of bridge loops, or the need for manual enabling/disabling of the backup links.
The IEEE introduced the Rapid Spanning Tree Protocol (RSTP) in 2001 as 802.1w. RSTP
provides a significantly faster spanning tree convergence after a topology change as
compared to the original STP. STP can take 30 to 50 seconds to respond to a topology
change, however, RSTP can do this is 3 times 2 seconds default or within a few milliseconds
of a physical link failure.
In order to do this, RSTP provides new introduces new convergence behaviors and bridge
port roles. STP's original number of states a port can be was five, however, RSTP reduces
this to three.
RSTP was designed to be backwards compatible with standard STP. However, the Standard
IEEE 802.1D-2004 incorporates RSTP and obsoletes the original STP standard.

PVST stands for Per-VLAN Spanning Tree. It is

Cisco's proprietary version of the Spanning Tree
Protocol. In an Ethernet switched environment there
are multiple Virtual LANs. Hence, it is often necessary
to create multiple spanning trees. This is done so that
the traffic from different VLANs uses different links.
PVST does that. It allows for the creation of a spanning
tree for each VLAN.

22 | P a g e
 Transport Network Design

As Cisco's proprietary version of the Spanning Tree Protocol, they cannot be used on most
third-party switches. Another such Cisco's protocol is the PVST+ (Per-VLAN Spanning Tree
Plus). PVST works only with ISL, which is Cisco's proprietary protocol for VLAN
encapsulation. This is due to the ISL’s embedded Spanning tree ID, which is the default
protocol on Cisco switches that support ISL.
Due to the high penetration of the IEEE 802.1Q VLAN turning standard and PVST's
dependence on ISL, Cisco defined a different PVST+ standard. The PVST+ standard is
compatible with 802.1Q encapsulation. This eventually became the default protocol for Cisco
switches when Cisco discontinued and removed ISL support from its switches.

2.5 Redundant layer 3 switches

It think it’s a fairly typical design. like I said i already have tried to experiment with the
design in packet tracer. I used OSPF to route al the networks and used trunks and
etherchannels for the vlans. I know a 3560 doesn’t support stacking, but I didn’t know as
much of HSRP thanks for clearing that up.
In this scenario i want the 2 routers too function as 1 gateway for all traffic but i still want
them to be redundant, this is achieved by HSRP right?
the redundant links between the routers and switches are just normal layer 3 links with IP
addresses assigned to them. The links between the layer 2 and layer 3 switches are trunks and
etherchannels. (Correct me if this is not the right way to go) As routing protocol I am using
OSPF, I have OSPF configured on both routers and switches.
Until this far all went well.
How do i create redundancy the correct way from to layer 2 to layer 3 switches, I probably
have to make ether channels with trunks between them? And what are the correct
configurations of the layer 3 switches? Do I have to give the vlans on both switches an IP so
that if on goes down all traffic is routed to the other IP of the same vlan on the layer 3
switch? What I mean by this is to create two gateways per vlan.

23 | P a g e
 Transport Network Design

2.6 First hop redundancy protocols will work for IPv4 and IPv6

If a router or router interface (that serves as a default gateway) fails, the hosts configured
with that default gateway are isolated from outside networks. IN practice, it is common for a
multilayer switch to act as the default gateway for each VLAN in a switched network. This
discussion focuses on the functionality of routing, regardless of the physical device used. End
devices are typically configured with a single IP address for a default gateway. This address
does not change when the network topology changes.

Figure -router redundancy

To implement this type of router redundancy, multiple routers are configured to work
together to present the illusion of a single router to the hosts on the LAN, as shown in the
figure. By sharing an IP address and a MAC address, two or more routers can act as a single
virtual router.
The IP address of the virtual router is configured as the default gateway for the workstations
on a specific IP segment.

24 | P a g e
 Transport Network Design

1. Virtual router: a set of routers working together to present the illusion of a single router
to the hosts on a LAN segment.
Forwarding router: a device that is part of a virtual router group assigned to the role of default
gateway.
2. Standby router: a device that is part of a virtual router group assigned the role of
alternate default gateway.
3. Virtual MAC address: the layer 2 address returned by ARP for an FHRP gateway.
There are two version of HSRP.
 With HSRP version 1, the virtual router’s MAC address is 0000.0c07.ACxx , in which xx
is the HSRP group.
 With HSRP version 2, the virtual MAC address if 0000.0C9F.Fxxx, in which xxx is the
HSRP group.
Note: Another case is HSRP for IPv6, in which the MAC address range from
0005.73A0.0000 through 0005.73A0.0FFF.

How it works
Normal working:
1.  When frames are sent from host devices to the default gateway, the hosts use ARP to
resolve the MAC address that is associated with the IP address of the default gateway. The
ARP resolution returns the MAC address of the virtual router, which is the Active Virtual
Gateway (AVG).
2. Frames that are sent to the MAC address of the virtual router can then be physically
processed by the currently active router within the virtual router group. A protocol is used to
identify two or more routers as the devices that are responsible for processing frames that are
sent to the MAC or IP address of a single virtual router.
3. Host devices send traffic to the address of the virtual router. The physical router that
forwards this traffic is transparent to the host devices.

25 | P a g e
 Transport Network Design

1. The standby router stops seeing Hello messages from the forwarding router.
2. The standby router assumes the role of the forwarding router.
3. Because the new forwarding router assumes both the IP and MAC addresses of the virtual
router, the host devices see no disruption in service.
Redundancy protocols
A redundancy protocol provides the mechanism for determining which router should take the
active role in forwarding traffic. It also determines when the forwarding role must be taken
over by a standby router. The transition from one forwarding router to another is transparent
to the end devices.
The ability of a network to dynamically recover from the failure of a device acting as a
default gateway is known as first-hop redundancy.
Hot standby Router Protocol (HSRP): Cisco-proprietary FHRP. HSRP is used in a group
of routers for selecting an active device and a standby device. In a group of device
interfaces, the active device is the device that is used for routing packets; the standby device
is the device that takes over when the active device fails, or when pre-set conditions are met.
An HSRP active router has the following characteristics:
 Responds to default gateway’s ARP requests with the virtual router’s MAC.
 Assumes active forwarding of packets for the virtual router.
 Sends Hello messages (every 3 second, dead timer is 10 seconds).
 Knows the virtual router IP address.
An HSRP standby router has the following characteristics:
 Listens for periodic Hello messages.
 Assumes active forwarding of packets if it does not hear from the active router.
Verify show standby
 HSRP is Cisco proprietary which allows several routers or multilayer switches to
appear as a single gateway IP address.
 HSRP has 5 states: Initial, listen, speak, standby and active.
 HSRP allows multiple routers to share a virtual IP and MAC address so that the end-
user hosts do not realize when a failure occurs.
 The active (or Master) router uses the virtual IP and MAC addresses.
 Standby routers listen for Hellos from the Active router. A hello packet is sent every 3
seconds by default. The hold time (dead interval) is 10 seconds.
 Virtual MAC of 0000.0C07.ACxx , where xx is the hexadecimal number of HSRP
group.
 The group numbers of HSRP version 1 range from 0 to 255. HSRP does support
group number of 0 (we do check it and in fact, it is the default group number if you
don’t enter group number in the configuration) so
HSRP version 1 supports up to 256 group numbers.
HSRP version 2 supports 4096 group numbers.

26 | P a g e
 Transport Network Design

PART 03

3.1 Installation and Configuration of pf Sense Firewall

The Lab Setup
Pf Sense is often frustrating for users new to firewalls. The default behavior for many
firewalls is to block everything, good or bad. This is great from a security standpoint but not
from a usability standpoint. Before starting into the installation, it is important to
conceptualize the end goal before beginning the configurations.

Figure pfSense Network Diagram

3.1.1 Installation of pf Sense

Once ‘dd’ has finished writing to the USB drive or the CD has been burnt, place the media
into the computer that will be setup as the pfSense firewall. Boot that computer to that media
and the following screen will be presented.

27 | P a g e
 Transport Network Design

At this screen, either allow the timer to run out or select 1 to proceed booting into the installer
environment. Once the installer finishes booting, the system will prompt for any changes
desired in the keyboard layout. If everything shows in a native language, simply click on
‘Accept these Settings’.

The next screen will provide the user with the option of a ‘Install pfSense’ or more advanced
install options. For the purposes of this guide, it is suggested to simply use the ‘Install
pfSense’ option.

28 | P a g e
 Transport Network Design

The next screen will simply confirm that the user desires to use the ‘Quick/Easy Install’
method which won’t ask as many questions during the installation.
The first question that is likely to be presented will ask about which kernel to install. Again, it
is suggested that the ‘Standard Kernel’ be installed for most users.

When the installer has finished this stage, it will prompt for a reboot. Be sure to remove the
installation media as well so the machine doesn’t boot back into the installer.

29 | P a g e
 Transport Network Design

30 | P a g e
 Transport Network Design

3.1.2 Pf sence Configuration

After the reboot, and the removal of the CD/USB media, pfSense will reboot into the newly
installed operating system. By default, pfSense will pick an interface to set-up as the WAN
interface with DHCP and leave the LAN interface unconfigured.

While pfSense does have a web based graphical configuration system, it is only running on
the LAN side of the firewall but at the moment, the LAN side will be unconfigured. The first
thing to do would be to set an IP address on the LAN interface.
To do this follow these steps:
 Take note of which interface name is the WAN interface (em0 above).
 Enter ‘1’ and press the ‘Enter’ key.
 Type ‘n’ and press the ‘Enter’ key when asked about VLANs.
 Type in the interface name recorded in step one when prompted for the WAN interface or
change to the proper interface now. Again this example, ‘em0’ is the WAN interface as it
will be the interface facing the Internet.
 The next prompt will ask for the LAN interface, again type the proper interface name and
hit the ‘Enter’ key. In this install, ‘em1’ is the LAN interface.
 pfSense will continue to ask for more interfaces if they are available but if all interfaces
have been assigned, simply hit the ‘Enter’ key again.
 pfSense will now prompt to ensure that the interfaces are assigned properly.

31 | P a g e
 Transport Network Design

 If the interfaces are correct, type ‘y’ and hit the ‘Enter’ key.

The next step will be to assign the interfaces the proper IP configuration. After pfSense
returns to the main screen, type ‘2’ and hit the ‘Enter’ key. (Be sure to keep track of the
interface names assigned to the WAN and LAN interfaces).
NOTE-for this install the WAN interface can use DHCP without any problems but there may
be instances where a static address would be required. The process for configuring a static
interface on the WAN would be the same as the LAN interface that is about to be configured.
Type ‘2’ again when prompted for which interface to set IP information. Again 2 is the LAN
interface in this walk through.

When prompted, type the IPv4 address desired for this interface and hit the ‘Enter’ key. This
address should not be in use anywhere else on the network and will likely become the default
gateway for the hosts that will be plugged into this interface.

The next prompt will ask for the subnet mask in what is known as prefix mask format. For
this example network a simple /24 or 255.255.255.0 will be used. Hit the ‘Enter’ key when

done.
The next question will ask about an ‘Upstream IPv4 Gateway’. Since the LAN interface is
currently be configured, simply hit the ‘Enter’ key.

32 | P a g e
 Transport Network Design

The next prompt will ask to configure IPv6 on the LAN interface. This guide is simply using
IPv4 but should the environment require IPv6, it can be configured now. Otherwise, simply
hitting the ‘Enter’ key will continue.

The next question will ask about starting the DHCP server on the LAN interface. Most home
users will need to enable this feature. Again this may need to be adjusted depending on the
environment.
This guide assumes that the user will want the firewall to provide DHCP services and will
allocate 51 addresses for other computers to obtain an IP address from the pfSense device.

The next question will ask to revert pfSense’s web tool to the HTTP protocol. It is strongly
encouraged NOT to do this as the HTTPS protocol will provide some level of security to
prevent disclosure of the admin password for the web configuration tool.

33 | P a g e
 Transport Network Design

Once the user hits ‘Enter’, pfSense will save the interface changes and start the DHCP
services on the LAN interface.

Notice that pfSense will provide the web address to access the web configuration tool via a
computer plugged in on the LAN side of the firewall device. This concludes the basic
configuration steps to make the firewall device ready for more configurations and rules.
The web interface is accessed through a web browser by navigating to the LAN interface’s IP
address.

The default information for pf Sense at the time of this writing is as follows:
Username: admin
Password: pfsense
After a successful login through the web interface for the first time, pfSense will run through
an initial setup to reset the admin password.

34 | P a g e
 Transport Network Design

The first prompt is for a registration to pfSense Gold Subscription which has benefits such as
automatic configuration backup, access to the pfSense training materials, and periodic virtual
meetings with pfSense developers. Purchasing of a Gold subscription isn’t required and the
step can be skipped if desired.
The following step will prompt the user for more configuration information for the firewall
such as hostname, domain name (if applicable), and DNS servers.

The next prompt will be to configured Network Time Protocol, NTP. The default options can
be left unless different time servers are desired.

35 | P a g e
 Transport Network Design

After setting up NTP, the pfSense installation wizard will prompt the user to configure the
WAN interface. pfSense supports multiple methods for configuring the WAN interface.
The default for most home users is to use DHCP. DHCP from the user’s internet service
provider is the most common method for obtaining the necessary IP configuration.

The next step will prompt for configuration of the LAN interface. If the user is connected to
the web interface, the LAN interface has likely already been configured.
However, if the LAN interface needs to be changed, this step would allow for changes to be
made. Make sure to remember what the LAN IP address is set to as this is how the
administrator will access the web interface!

36 | P a g e
 Transport Network Design

As with all things in the security world, default passwords represent an extreme security risk.
The next page will prompt the administrator to change the default password for the ‘admin’
user to the pfSense web interface.

The final step involves restarting pfSense with the new configurations. Simply click the
‘Reload’ button.

37 | P a g e
 Transport Network Design

After pfSense reloads, it will present the user with a final screen before logging into the full
web interface. Simply click the second ‘Click Here’ to log into the full web interface.

At last pfSense is up and ready to have rules configured!

38 | P a g e
 Transport Network Design

Now that pfSense is up and running, the administrator will need to go through and create
rules to allow the appropriate traffic through the firewall. It should be noted that pfSense has
a default allow all rule. For security sake, this should be changed but this is again an
administrator’s decision.

39 | P a g e
 Transport Network Design

3.2 Discuss the differences between a public and a private WAN

For implementing a Wide Area Network, connection has to be made between two areas,
which are geographically apart. A dedicated link or the internet can be used to establish a link
between networks. The most important consideration to be addressed at the very first stage of
implementing a WAN is, whether a public or a private network is to be used. Analyzing
private and public WAN's

1. Public Networks: Money is an important consideration when it comes to the decision of

choosing between networking methods. A WAN can be set up using an existing
transmission infrastructure. A public network can be established in two ways:
By using the Public Switched Telephone Network (PSTN): The PSTN is the complete
collection of all the interconnected telephone wires throughout the world. The elements of
this system are all the equipment that is utilized while combining two points. The modern day
PSTN's are digital in nature and use analog connections. The digital signals are converted to
the analog mode by Modems. The shortcoming of using PSTN is: The transfer speed is
restricted to 56 Mbps. This speed is unsuitable for managing features like videoconferencing,
VoIP etc. The advantage of this is that it is inexpensive.

40 | P a g e
 Transport Network Design

Advantages of Public Networks:

The advantages of using public networks are:
 Accessibility: It is available everywhere;
 It is inexpensive;
 The technologies required to configure public networks are easy to manage and be
implemented;
 Most of the client operating systems support software necessary to create a VPN.

Disadvantages of Public Networks:

The disadvantages of using Public Networks are:
 Security is a compromised issue on a Public Network;
 Disconnection occur often hampering the transmission;
 Internet failures are commonly experienced hence affecting the reliability of a public
network.

2. Private Networks: Private Networks are on of the best ways to make connection
between two LAN's, but it presupposes that there are no budget limitations. Private
Networks can be created using many technologies. A private network is built keeping the
needs of the organization in mind. The resultant network can be simple, complex,
expensive or inexpensive, secure or insecure. Fiber based networks are considered better
on the consideration of security over networks using a copper base or even wireless
networks.
Advantages of Private Networks:
The advantages of using Public Networks are:
 Security is never an issue with these systems;
 It offers a complete managed solution to the communication needs of a company.
Disadvantages of Private Networks:
The disadvantages of using Private Networks are:
 It is a costly affair as compared to the PSTN, which is made available at a very nominal
rate.
 Requires more administrative control than the public networks.
 Specialized staff is required to manage the network, which further adds to the costs.
 As the network grows so does the complexity of the same.

41 | P a g e
 Transport Network Design

3.3 Hamachi configuration Screenshots

Step 01
Hamachi pages are very slow at times so it is possible that your download hasn’t completed
yet, so grab a coffee and wait if download isn’t complete, but when it finishes -> start
hamachi.msi.

Step 02
Click the power button to get started, and enter a name for your client.

42 | P a g e
 Transport Network Design

Step 03
This is the point where you need that Network ID and password what you created earlier in
LogMeIn website. After you have write them, click Create.

Step 04
Log in with same account that you used in LogMeIn website.

43 | P a g e
 Transport Network Design

Step 04
Go to My Networks and click Add Clients

Step 05
Click Continue and your Hamachi download should start.

44 | P a g e
 Transport Network Design

Step 06
Go to My Networks and click Create Networks.

Step 07
Select Accept automatically and A password is required. At this time when i’m writing this,
there is still option for Free subscription.

45 | P a g e
 Transport Network Design

Step 08
Try to ping from one machine to the other and hope it works

46 | P a g e
 Transport Network Design

PART 04

4.1 Introduction of network monitoring

4.1.1 What is network monitoring?
Network monitoring is a frequently used IT term. Network monitoring refers to the practice
of overseeing the operation of a computer network using specialized management software
tools. Network monitoring systems are used to ensure availability and overall performance of
computers (hosts) and network services. They let admins monitor access, routers, slow or
failing components, firewalls, core switches, client systems and server performance among
other network data. Network monitoring systems are typically employed on large scale
corporate and university IT networks.

4.1.2 Important is network monitoring

You might think that if the network is up and running, there is no reason to mess with it. Why
should you care about adding another project for your network managers to scribble across
their whiteboards, already crammed floor-to-ceiling? The reasons to insist on network
monitoring can be summarized on a high level into maintaining the network's current health,
ensuring availability and improving performance. An NMS also can help you build a
database of critical information that you can use to plan for future growth.

4.1.3 What kind of networks can they monitor?

By the same token large networks often are networks of disparate networks. Segments can
differ by vendor, generation, mission and other factors. Here, too, monitoring tools can make
sense of the complexity.
Some common network types are:
• Wireless or wired
• A corporate local-area network (LAN)
• A virtual private network (VPN)
• A service provider's wide-area network (WAN)
If not all those variables were enough, business markets are always demanding new site
functions for internal and external use Performance-sensitive functions (otherwise known as
bandwidth hogs) include voice over IP (VoIP), Internet Protocol TV (IPTV) and video on
demand (VOD). Monitoring enables managers to allocate resources to maintain system
integrity

4.2 What is Nessus?

Nessus is an open-source network vulnerability scanner that uses the Common
Vulnerabilities and Exposures architecture for easy cross-linking between compliant security
tools. Nessus employs the Nessus Attack Scripting Language (NASL), a simple language that
describes individual threats and potential attacks.

47 | P a g e
 Transport Network Design

Nessus has a modular architecture consisting of centralized servers that conduct scanning,
and remote clients that allow for administrator interaction. Administrators can include NASL
descriptions of all suspected vulnerabilities to develop customized scans. Significant
capabilities of Nessus include:
 Compatibility with computers and servers of all sizes.
 Detection of security holes in local or remote hosts.
 Detection of missing security updates and patches.
 Simulated attacks to pinpoint vulnerabilities.
 Execution of security tests in a contained environment.
 Scheduled security audits.
The Nessus server is currently available for UNIX, Linux and FreeBSD. The client is
available for UNIX- or Windows-based operating systems.

4.2.1 Screenshot Configuring the Policy:

 Click on the policies tab on the top of the screen
 Click on the New Policy button to create a new policy

Under the General settings tab select the “setting type” based on scan requirement, like Port
Scanning, Performance scanning etc… Based on the type Nessus prompts different options
that has to be filled. For example, ‘Port Scanning’ has the following options

48 | P a g e
 Transport Network Design

Config 01

Above figure shows configuring options of Port Scanning.

Enter the port scan range. By default, Nessus scans all the TCP ports in /etc/services file. You
can limit the ports by specifying it manually (like 20-30). You have different scanners like
Nessus SNMP scanner, SSH scanner, ping remote host, TCP Scanner, SYN scanner, etc….
Enable by selecting the check box as per the scan requirement.
 Enter the credentials for scan to use. You can use single set of credentials or
multiple set of credentials if you have. You can also work it out without entering
the credentials.
 The plugins tab has number of plugins. By default, Nessus will have all the
plugins enabled. You can enable or disable all the plugins at a time or enable few
from the plug-in family as per the scan you would like to perform. You can also
disable some unwanted plugins from the plug-in family by clicking on particular
plug-in.

49 | P a g e
 Transport Network Design

Config 02

The above figure shows the sub-plugins for the plugin Backdoors.
In the above Figure the green one shows the parent plugin and the blue once shows the sub-
plugins or the plugins under the plugin (backdoor). You can enable or disable by simply
clicking on the enabled button.
 In the Preferences, you are provided with a drop down box to select different
types of plugins. Select the plugin based on the scan requirement and specify the
settings as per the plugins requirement. Click finish once completed. For
example: configure the database.

Config 03
50 | P a g e
 Transport Network Design

The above figure shows the configuration of Database settings plugin.

SCANS:
Once you are done with configuring the policies as per your scan requirement, you need to
configure the scan details properly. You can do it under Scan tab.
Under the Scan tab, you can create a new scan by clicking New Scan on the top right.  Then a
pop up appears where you need to enter the details like Scan Name,  Scan Type, Scan Policy
& Target.
 Scan Name: The name that you are willing to give to the scan.
 Scan Type:  You have options to RUN the scan instantly by selecting RUN NOW.
Or you can make a template which you can launch later when you are willing to
run. All the templates are moved under the TEMPLATE tab beside the SCAN
tab.
 Scan Policy: Select the policy that you have configured previous in the policies
section.
 Select Target: Enter the target machine, which you are planning to test.
Depending upon the targets Nessus takes time to scan the targets.

Results:
51 | P a g e
 Transport Network Design

Once the scanning process has been completed successfully, results can be analyzed from
RESULTS menu.
 Once the scan has been completed, you can see the name of the scan under the results
section. Click on the name to see the report.
 Hosts: Specifies all the target systems that you have scanned.
 Vulnerabilities: Displays all the vulnerabilities on the target machine that has been
tested.
 Export Results: You can export the results into difference formats like html, pdf,
etc…  You can also select an individual section or complete result to export based on
your requirement.

Let us try out an example now

I have configured a policy named Basic Scan. We have many options while configuring or
building the policy like port scanners, performance of the tool, Advanced etc.

Config 04

The above figure shows configuration settings of Port Scanning for the policy Basic Scan.
You do not need credentials now, so skip the credentials tab and move to Plugins tab. You
need to configure the specific plug-in as per the scan requirement that you are willing to
perform on remote machine.

52 | P a g e
 Transport Network Design

Config 05

The above figure shows the plugins that I have enabled for the policy Basic Scan. I have
enabled few plugins for windows machine scan.
Config 06

The above figure shows the configuration of the Scan.

I have configured the scan to run instantly with the policy that I have created earlier. And the
scan target specify the IP address I am willing to scan.

53 | P a g e
 Transport Network Design

Once all the details has been entered click on Create Scan which shows the Scan is running as
shown in the below Figure.
Config 07

Once the scanning has been completed then you can see the results in Results tab. Below
Figure shows the same.
Config 08

Double clicking on the title displays the scan results.

54 | P a g e
 Transport Network Design

Config 09

The above figure shows the Hosts details. It includes all the targets that you have scanned
during the test. Double clicking on the host address displays the vulnerabilities Nessus have
identified during the test. You can also click on Vulnerabilities tab to check out the
vulnerabilities.
Config 10

The above figure shows the Vulnerabilities that Nessus found during its scan. Based on the
Risk Nessus marks it as high, medium, info etc… Clicking on the Vulnerability gives you
brief description of it.
For example let us go with Netstat ports canner, displays you the following information

55 | P a g e
 Transport Network Design

Config 11

The above figure shows the ports opened in the target machine.
In the same manner, you can analyze complete details by clicking on the vulnerabilities.
Nessus also suggests the solutions or remedies for the vulnerabilities with few references.

4.3 Layer by Layer Troubleshooting with a Cisco Router

Every network admin is going to have trouble with network links on a Cisco router, at one
point or another. The best way to troubleshoot any networking issues is to use the OSI model
and go layer by layer. In my article How to use the OSI Model to Troubleshoot Networks, we
talked about the different troubleshooting approaches and how to use them to troubleshoot
your network, in general. In this article, you will find out how to use the OSI model to
troubleshoot, bottom up, using a Cisco router.

4.3.1 Router Troubleshooting at OSI Layer 3

Once you have Layers 1 & 2 working, (your show interface command shows the line is “UP
& UP”, it is time to move on to layer 3 – the OSI Network layer. The easiest thing to do here
to see if layer 3 is working is to ping the remote side of the LAN or WAN link from this
router. Make sure you ping as close as possible to the router you are trying to communication
with – from one side across to the other side.

Here are examples of successful & failed pings:

56 | P a g e
 Transport Network Design

The easiest way to check the status of Layer 3 – the network layer – is to do a show ip
interface brief, as I did above. Here is an example

For troubleshooting layers 3, all the way up, look at the output of this command:

4.3.2 Router Troubleshooting at OSI Layer 1 & 2 – Physical & Data link
Remember, if Layer 1 isn’t up, nothing else will work so make sure you start here. Examples
of layer 1 are your T1 circuit or your Ethernet cable – physical connectivity. I usually

57 | P a g e
 Transport Network Design

troubleshoot layer 1 and layer 2 in union because they are so closely paired. Examples of
layer 2 – data link – are your line protocol (such as Ethernet, ATM, 802.11, PPP, frame-relay,
HDLC, or PPP).
To troubleshoot at these layers, the first thing I would do on your router is a show interface.
Here is an example of a LAN Gigabit Ethernet circuit:

Here is what a WAN T1or T3 circuit might look like

4.3.2 Router Troubleshooting at OSI Layers 4 – 7

Now, let’s say that you have made it to the point where you can ping from LAN to LAN,
through your WAN. Congratulations – that is a very good sign. If you are still having trouble,

58 | P a g e
 Transport Network Design

it must be in OSI Layers4-7. Here are those layers listed out and possible issues you might
experience in each layer:
1. Layer 4 – Transport – in the transport layer are TCP and UDP – you could be have an
ACL or QoS feature blocking or slowing this traffic. Your TCP traffic could also be
fragmented to the point that it could not be reassembled. Another option is that you
may not be receiving an ACK back from your traffic that was successfully sent.
2. Layer 5 – Session – in the session layer are protocols like SQL, NFS, SMB, or RPC –
you could be taking errors on any one of these session protocols. I would recommend
using a protocol analyzer like Wireshark to analyze your session data.
3. Layer 6 – Presentation – in the Presentation layer are data encryption, compression,
and formatting – your VPN tunnel could be failing or perhaps you are sending one
type of data (like a MPEG) and the receiver is trying to view it as a WMV file.
4. Layer 7 – Application – in the Application layer are, of course, your applications like
FTP, HTTP, SCP, TFTP, TELNET, SSH, and more – you could be trying to connect
to a telnet server with the SSH protocol, for example.
5. Layer 8 – End User – the standing joke is that “Layer 8” is the user – the user could
be just mistyping their username or password or you, the network admin, could have
been troubleshooting the wrong IP address all along.
Summary
In summary, using the OSI model to troubleshoot connectivity issues is the fastest and most
efficient way to troubleshoot any network issue. Even if someone calls you to work on a
Windows share problem, all of the same principles in this article apply to that troubleshooting
process. So remember, the next time you work on a network issue – remember the OSI model
and how to use the bottom-up approach to troubleshooting! It could same you a while lot of
time!

59 | P a g e
 Transport Network Design

Harvard Reference
https://www.petri.com/layer-by-layer-troubleshooting-ciscohttps://www.cio.com/article/
2438133/networking/network-monitoring-definition-and-solutions.html#whatishttps://
www.wikihow.it/Scaricare-Hamachi
https://topnetworkguide.com/pfsense-installation-and-configuration-step-by-step/
https://frankfu.click/cisco.html
https://www.researchgate.net/publication/
277332036_First_Hop_Redundancy_Protocols_in_IPv6_network_assessment_using_Cisco_
http://www.differencebetween.info/difference-between-rstp-and-pvstinternetworking_devices
http://www.ciscopress.com/articles/article.asp?p=2832407&seqNum=3
https://networklessons.com/spanning-tree/per-vlan-spanning-tree-pvst/
https://blogs.cisco.com/smallbusiness/understanding-the-different-types-of-ethernet-switches
https://community.cisco.com/t5/switching/redundant-layer-3-switches/td-p/2013652
https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/
Link_Aggregation_and_Load_Balancing
https://en.wikibooks.org/wiki/Local_Area_Network_design/
Redundancy_and_load_balancing_at_layer_3_in_LANs
https://www.packettracernetwork.com/labs/lab12-ppp.html
https://translate.google.lk/?hl=en#en/ta/Core%20layer%3A%20Provides%20optimal
%20transport%20between%20sites%20and%20high-performance%20routing.%20Due
%20the%20criticality%20of%20the%20core%20layer%2C%20the%20design%20principles
%20of%20the%20core%20should%20provide%20an%20appropriate%20level%20of
%20resilience%20that%20offers%20the%20ability%20to%20recover%20quickly%20and
%20smoothly%20after%20any%20network%20failure%20event%20with%20the%20core
%20block.
https://en.wikibooks.org/wiki/Local_Area_Network_design/
Advanced_features_on_Ethernet_networks
https://flylib.com/books/en/3.293.1.14/1/
https://brainly.in/qu https://www.packettracernetwork.com/features/packettracer-vs-
gns3.html estion/1782890
https://www.slideshare.net/AliUsman10/cisco-packet-tracer-overview
https://slideplayer.com/user/slides/#login

60 | P a g e