Certified Cisco Network Association (CCNA)

What is CCNA?

CCNA is a popular certification among computer network engineers. Full Form of CCNA is Cisco Certified Network Associate. It is a certification program valid for all type of engineers. It includes entry-level network engineers, Network Administrators, Network Support Engineers and Network Specialists.

It is estimated that more than 1 million CCNA certificates have been awarded since it was first launched in 1998.

The CCNA certificate covers a broad range of networking concepts. It helps candidates to prepare for the latest network technologies they are likely to work on.

Some of the common topics covered under CCNA certification include:

• OSI models
• IP addressing
• WLAN and VLAN
• Network security and management (ACL included)
• Routers / routing protocols ( EIGRP, OSPF, and RIP)
• IP Routing
• Network Device Security
• Troubleshooting

Note: Cisco certification is valid only for 3 years. Once the certification expires the certificate holder has to take CCNA certification exam again.

Why to acquire a CCNA certification?

• The certificate validates a professional's ability to understand, operate, configure and troubleshoot medium-level switched and routed networks. It also includes the verification and implementation of connections via remote sites using WAN.
• It teaches the candidate how to create point-to-point network
• It teaches about how to meet users requirement by determining the network topology
• It imparts on how to route protocols in order to connect networks
• It explains about how to construct network addresses
• It explains on how to establish a connection with remote networks.
• The certificate holder can install, configure and operate LAN and WAN services for small networks
• CCNA certificate is a pre-requisite for many other Cisco certification like CCNA Security, CCNA Wireless, CCNA Voice, etc.
• Easy to follow study material available.

Types of CCNA certification

To secure CCNA. There are basically two approaches as shown below.

1. ICND1 Exam and ICND2
2. Combined CCNA Exam

As we discussed earlier the validity for any CCNA certificate last for three years.

Exam Code	Designed for	Duration and number of questions in exam	Exam Fees
100-101 ICND1	Entry-level Network Technician	90 mins exam duration 50-60 questions	$150 ( for different country price may vary)
200-101 ICND2	Experienced Network Technician	75 mins exam duration 50-60 questions	$150 ( for different country price may vary)
200-120 CCNA	Experienced Network Technician	90 mins exam duration 50-60 questions	$295 ( for different country price may vary)

Beside this certification, new certification course enrolled by CCNA include

• CCNA Cloud
• CCNA Collaboration
• CCNA Switching and Routing
• CCNA Security
• CCNA service provider
• CCNA DataCenter
• CCNA Industrial
• CCNA Voice
• CCNA Wireless

For more detail on these exams, visit the link = https://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list.html

The candidate to a CCNA certification can also prepare for the exam with the help of the CCNA boot camp.

To complete CCNA exam successfully. These are the topics one must be thorough of TCP/IP and the OSI model, subnetting, IPv6, NAT (Network Address Translation) and wireless access.

What does the CCNA course consist of

• The ICND1 encompasses of topics like IP routing technologies, IP services (NAT, ACLS, DHCP), network device security, IPv6, LAN switching technologies, etc.
• The ICND2 encompasses of topics like IP routing technologies, IP services (FHRP, syslog, SNMP v2 and v3), LAN switching technologies and WAN technologies.
• The CCNA combined exam covers all the topics in ICND1 and ICND2. It covers topics on installation, operation and trouble shoot.

New changes in the current CCNA exam includes,

• Deep understanding of IPv6
• CCNP level subjects as HSRP, DTP, EtherChannel
• Advanced troubleshooting techniques
• Network design with supernetting and subnetting

Eligibility Criteria for Certification

• For certification, no degree is required. However, preferred by some employers.

Internet local area networks

An internet local area network consists of a Computer Network that interconnects computers within a limited area like office, residence, laboratory, etc. This area network includes WAN, WLAN, LAN, SAN, etc.

Among these WAN, LAN and WLAN are most popular ones. In this study guide, you will learn how the local area networks can be established using these network system.

Understanding the Need for Networking

What is a Network?

A network is defined as a two or more independent devices or computers that are linked to share resources (such as printers and CDs), exchange files, or allow electronic communications.

For example, the computers on a network may be linked through telephone lines, cables, satellites, radio waves, or infrared light beams.

The two very common types of network include:

• Local Area Network (LAN)
• Wide Area Network (WAN)

From OSI reference model, the layer 3, i.e., Network layer is involved in networking. This layer is responsible for packet forwarding, routing through intermediate routers, recognizing and forwarding local host domain messages to transport layer (layer 4), etc.

The network operates by connecting computers and peripherals using two pieces of equipment include routing and switches. If two devices or computers are connected on the same link, then there is no need for a network layer.

Internetworking Devices used on a network

For connecting internet, we require various internetworking devices. Some of the common devices used in building up Internet are.

• NIC: Network Interface Card or NIC are printed circuit boards that are installed in workstations. It represents the physical connection between the workstation and network cable. Although NIC operates at the physical layer of the OSI model, it is also considered as a data link layer device. Part of the NIC's is to facilitate information between the workstation and the network. It also controls the transmission of data onto the wire
• Hubs: A hub helps to extend the length of a network cabling system by amplifying the signal and then re-transmitting it. They are basically multiport repeaters and not concerned about the data at all. The hub connects workstations and sends a transmission to all the connected workstations.

• Bridges: As network grow larger, they often get difficult to handle. To manage these growing network, they are often divided into smaller LANs. These smaller LANS are connected to each other through bridges. This helps not only to reduce traffic drain on the network but also monitors packets as they move between segments. It keeps the track of the MAC address that is associated with various ports.

• Switches: Switches are used in the option to bridges. It is becoming the more common way to connect network as they are simply faster and more intelligent than bridges. It is capable of transmitting information to specific workstations. Switches enable each workstation to transmit information over the network independent of the other workstations. It is like a modern phone line, where several private conversation takes place at one time.

• Routers: The aim of using a router is to direct data along the most efficient and economical route to the destination device. They operate at Network layer 3, which means they communicate through IP address and not physical (MAC) address. Routers connect two or more different networks together, such as an Internet Protocol network. Routers can link different network types such as Ethernet, FDDI, and Token Ring.

• Brouters: It is a combination of both routers and bridge. Brouter act as a filter that enables some data into the local network and redirects unknown data to the other network.
• Modems: It is a device that converts the computer-generated digital signals of a computer into analog signals, traveling via phone lines.

Understanding TCP/ IP layers

TCP/IP stands for Transmission Control Protocol/ Internet Protocol. It determines how a computer should be connected to the Internet and how data should be transmitted between them.

• TCP: It is responsible for breaking data down into small packets before they can be sent on the network. Also, for assembling the packets again when they arrive.
• IP (Internet Protocol): It is responsible for addressing, sending and receiving the data packets over the internet.

Below image shows TCP/IP model connected to OSI Layers..

Understanding TCP/IP Internet Layer

To understand TCP/IP internet layer we take a simple example. When we type something in an address bar, our request will be processed to the server. The server will respond back to us with the request. This communication on the internet is possible due to the TCP/IP protocol. The messages are sent and received in small packages.

The Internet layer in the TCP/IP reference model is responsible for transferring data between the source and destination computers. This layer includes two activities

• Transmitting data to the Network Interface layers
• Routing the data to the correct destinations

So how this happen?

Internet layer packs data into data packets referred as IP datagrams. It consists of source and destination IP address. Beside this, IP datagram header field consists of information like version, header length, type of service, datagram length, time to live, and so on.

In network layer, you can observe network protocols like ARP, IP, ICMP, IGMP, etc. The datagram are transported through network using these protocols. They each resemble some function like.

• The Internet Protocol (IP) is responsible for IP addressing, routing, the fragmentation and reassembly of packets. It determines how to route message on the network.
• Likewise, you will have ICMP protocol. It is responsible for diagnostic functions and reporting errors due to the unsuccessful delivery of IP packets.
• For the management of IP multicast groups, IGMP protocol is responsible.
• The ARP or Address Resolution Protocol is responsible for the resolution of the Internet layer address to the Network Interface layer address such as a hardware address.
• RARP is used for disk less computers to determine their IP address using the network.

The image below shows the format of an IP address.

Understanding TCP/IP Transport Layer

The transport layer also referred as Host-to-Host Transport layer. It is responsible for providing the Application layer with session and datagram communication services.

The main protocols of the Transport layer are User Datagram Protocol (UDP) and the Transmission Control Protocol (TCP).

• TCP is responsible for the sequencing, and acknowledgment of a packet sent. It also does the recovery of packet lost during transmission. Packet delivery through TCP is more safe and guaranteed. Other protocols that falls in the same category are FTP, HTTP, SMTP, POP, IMAP, etc.
• UDP is used when the amount of data to be transferred is small. It does not guarantee packet delivery. UDP is used in VoIP, Videoconferencing, Pings, etc.

Network Segmentation

Network segmentation implicates splitting the network into smaller networks. It helps to split the traffic loads and improve the speed of the Internet.

Network Segmentation can be achieved by following ways,

• By implementing DMZ (demilitarised zones) and gateways between networks or system with different security requirements.
• By implementing server and domain isolation using Internet Protocol Security (IPsec).
• By implementing storage based segmentation and filtering using techniques like LUN (Logical Unit Number) masking and Encryption.
• By implementing DSD evaluated cross-domain solutions where necessary

Why Network Segmentation is important

Network Segmentation is important for following reasons,

• Improve Security- To protect against malicious cyber attacks that can compromise your network usability. To detect and respond to an unknown intrusion in the network
• Isolate network problem- Provide a quick way to isolate a compromised device from the rest of your network in case of intrusion.
• Reduce Congestion- By segmenting the LAN, the number of hosts per network can be reduced
• Extended Network- Routers can be added to extend the network, allowing additional hosts onto the LAN.

VLAN Segmentation:

VLANs enables an administrator to segment networks. Segmentation is done based on the factors such as project team, function or application, irrespective of the physical location of the user or device. A group of devices connected in a VLAN act as if they are on their own independent network, even if they share a common infrastructure with other VLANs. VLAN is used for data-link or internet layer while subnet is used for Network/IP layer. Devices within a VLAN can talk to each other without a Layer-3 switch or router.

The popular device used for segmenting are a switch, router, bridge, etc.

Subnetting

Subnets are more concerned about IP addresses. Subnetting is primarily a hardware-based, unlike VLAN, which is software based. A subnet is a group of IP address. It can reach any address without using any routing device if they belong to the same subnet.

Few things to consider while doing network segmentation

• Proper user authentication to access the secure network segment
• ACL or Access lists should be properly configured
• Access audit logs
• Anything that compromises the secure network segment should be checked- packets, devices, users, application, and protocols
• Keep watch on incoming and outgoing traffic
• Security policies based on user identity or application to ascertain who has access to what data, and not based on ports, IP addresses, and protocols
• Do not allow the exit of cardholder data to another network segment outside of PCI DSS scope.

Packet Delivery Process

So far we have seen different protocols, segmentation, various communication layers, etc. Now we are going to see how the packet is delivered across the network. The process of delivering data from one host to another depends on whether or not the sending and receiving hosts are in the same domain.

A packet can be delivered in two ways,

• A packet destined for a remote system on a different network
• A packet destined for a system on the same local network

If the receiving and sending devices are connected to the same broadcast domain, data can be exchanged using a switch and MAC addresses. But if the sending and receiving devices are connected to a different broadcast domain, then the use of IP addresses and the router is required.

Layer 2 packet delivery

Delivering an IP packet within a single LAN segment is simple. Suppose host A wants to send a packet to host B. It first needs to have an IP address to MAC address mapping for host B. Since at layer 2 packets are sent with MAC address as the source and destination addresses. If a mapping does not exist, host A will send an ARP Request (broadcast on the LAN segment) for the MAC address for IP address. Host B will receive the request and respond with an ARP reply indicating the MAC address.

Intrasegment packet routing

If a packet is destined for a system on the same local network, which means if the destination node are on the same network segment of the sending node. The sending node addresses the packet in the following way.

• The node number of the destination node is placed in the MAC header destination address field.
• The node number of the sending node is placed in the MAC header source address field
• The full IPX address of the destination node is placed in the IPX header destination address fields.
• The full IPX address of the sending node is placed in the IPX header destination address fields.

Layer 3 Packet delivery

To deliver an IP packet across a routed network, it requires several steps.

For instance, if host A wants to send a packet to host B it will send the packet in this ways

• Host A sends a packet to its "default gateway" (default gateway router).
• To send a packet to the router, host A requires to know the Mac address of the router
• For that Host A sends an ARP request asking for the Mac address of the Router

• This packet is then broadcast on the local network. The default gateway router receives the ARP request for MAC address. It responds back with the Mac address of the default router to Host A.
• Now Host A knows the MAC address of the router. It can send an IP packet with a destination address of Host B.
• The packet destined for Host B sent by Host A to the default router will have the following information,
  • Information of a source IP
  • Information of a destination IP
  • Information of a source Mac address
  • Information of a destination Mac address
• When the router receives the packet, it will end an ARP request from host A
• Now Host B will receive the ARP request from the default gateway router for the host B mac address. Host B responds back with ARP reply indicating the MAC address associated with it.
• Now, default router will send a packet to Host B

Intersegment packet routing

In the case where two nodes residing on different network segments, packet routing will take place in the following ways.