Subnetting

An Analogy

Imagine you are a post man. You have a post round on a street with 100 houses, but only 2 of them houses are occupied. You have to walk around the estate to deliver mail to 2 houses. It takes you longer because one is at one house is at one side of the estate and one at the opposite side. Wouldn't it be more efficient if both those houses are next to each other? You also notice all the empty houses have their doors open and its costing a lot of money for the up keep of those empty houses. This is subnetting in a nutshell. On a typical home network you have a maximum of 256 addresses (254 are usable) but if your fortunate your house might only have 10 devices. That's 244 wasted addresses. Now you may get a new Xbox for your birthday or a new tablet so wouldn't it be more efficient to reduce that address space? The subnetting journey starts.....

IPv4 Classes

Before starting on this epic journey, you must understand IP version 4 classes. The first number in an Ip address or the first octet indicates the network class. For example 10.0.0.0 indicates it is a Class A IP address because it falls between 1 and 127.255.255.255. 172.16.0.0 is a class B address because the 172 falls between 128 and 191. 

Classes are important. The class range determines the default subnet mask and the default CIDR notation. 

Class	IP Range	Default Subnet Mask	Default CIDR notation
Class A	1-127.255.255.255	255.0.0.0	/8
Class B	128-191.255.255.255	255.255.0.0	/16
Class C	191-223.255.255.255	255.255.255.0	/24
Class D	224-239.255.255.255	N/A	N/A
Class E	240-255.255.255.255	N/A	N/A

CIDR notation 

A CIDR notation refers to the amount of bits that are assigned to the network. Subtracting the CIDR notation number from 32 will give you the number of bits that are assigned to hosts. For example;

In a class C IP address the default subnet mask is 255.255.255.0 and the default CIDR notation is /24. This means that 24 bits are being used by the network and the remaining 8 bits can be used for hosts. If you calculate 8 bits in binary you will get 128+64+32+16+8+4+2+1 = 255. This means that on a default class C address you have 256 addresses (0 is a number) and if you subtract the network address and a broadcast address (all addresses follow this rule -2) then you have 254 available/usable addresses for hosts. Another binary representation of this example is;

11111111.11111111.11111111.00000000

The highlighted peach are the network bits and the green the hosts bits. 

Subnetting

Now we have the foundations lets look at some scenarios.

Scenario 1

Lets say you purchase an IP address from an ISP 192.168.1.0. You have two offices each with 100 clients and you don't want to buy another IP address but split this network up into two and reduce the number of available hosts from the default. Lets work through this problem;

If you remember from previous we have 256 available addresses on a default class C address. But we only need 100. We also know that the default subnet of 255.255.255.0 carries a default CIDR notation of /24. Below is the subnet mask highlighted peach are the network bit and highlighted green are the host bits.

128+64+32+16+8+4+2+1 .128+64+32+16+8+4+2+1.128+64+32+16+8+4+2+1. 128+64+32+16+8+4+2+1

So, we need to reduce the number of hosts in this scenario and increase the number of networks. Remember that network bits run from left to right and hosts from right to left. So in this scenario lets take the first bit from the last octet (the green 128). This now means we are using 25 bits and our new CIDR notation is /25. If we add the bits together (the highlighted peach) we will get our new subnet mask of 255.255.255.128

128+64+32+16+8+4+2+1 .128+64+32+16+8+4+2+1.128+64+32+16+8+4+2+1. 128+64+32+16+8+4+2+1

To now work out the hosts we can simply add the green bits together.

So the IP address we bought was 192.168.1.0.

Our first network address is 192.168.1.0  , then adding the bits in green gives the last address on this network 192.168.1.127 (applying the -2 rule discussed previously 192.168.1.0 is the network address and 192.168.1.127 is the broadcast address therefore we have 126 usable addresses)

Then the second network address is 192.168.1.128 to 192.168.1.255 (as with network 1 we need to subtract 2 so our network address is 192.168.1.128 our broadcast address is 192.168.1.255 and the addresses in between are usable addresses)

Port security - Cisco switches

Switchport security associates specific MAC addresses of PCs with specific interfaces on a switch. It gives you the ability to restrict to a switch interface so that only authorised devices can use it. You can define the port action with three different modes : Protect(sends an alert), restrict(discards), shutdown(closes the port)

Implement Port security 

Build a simple topology and assign IP addresses to the PCs:

In the below command list I have:

-set the switchport as an access port 

-enabled port security

-defined which mac addresses are allowed through the interface (sticky dynamically learns of mac addresses currently connected to the host

Now we can define the action that the switch will take when it receives a frame from an unauthorised device. This is done using the switchport port-security violation (protect, or restrict or shutdown) 

Then define the maximum number of MAC addresses that can be received on the switch using the following command switchport port-security maximum 1 (1 is the number that can be changed)

That's the configuration done for fa0/1 we just need to repeat it for Fa0/2. Interface range fa0/1-2 would have done this together to avoid doing two separate configs.

Finally if we ping between the two pcs and run the show port-security interface fa0/1 command on the switch .You can now see the maximum allowed devices, port status and the mac address that has passed through.

AAA - Authentication, Authorisation, Accounting

802.1X authentication

802.1X authentication involves ensuring something is what its saying it is.

Features

Supplicant - (client-end user) - Devices that are trying to connect to an 802.1X need to have software installed on them and this is known as a supplicant. The supplicant initiates the connection by activating EAP (Extensible Authentication Protocol) between the device and switch

Authenticator - A device on a network that connects a client to a network. It blocks and allows traffic. A switch is an example of an authenticator.

Authentication Server - deals with requests for access to the network. The server tells the authenticator to allow or deny the traffic. Authentication servers usually run on the RADIUS protocol.

AAA

AAA is a requirement of network security. It is a process from start to finish of network access and monitoring

Authentication: uses challenge and response methodology for granting access. This identifies users by username and password

Authorisation: After initial authentication, authorisation uses the RADIUS protocol to allow access to resources based on permission levels

Accounting: After access users can be be monitoring for billing, reporting and auditing. You can observe what users do after they have been authenticated and authorised for example when they log in and when they log out.

The next steps are to look at a practical scenario using the AAA methodology.

Topology addressing:

Server: 192.168.2.2

G/0/0/1: 192.168.2.1

G/0/0/0: 192.168.1.1

PC0: 192.168.1.2 (Default Gateway 192.168.1.1)

Configure IP addressing on the router:

Assign a valid IP address to your Radius Server:

Turn on AAA on the services tab, add the the router details for the network the server is on ands specify a passkey - here I have used "hello"

Configuring AAA on the router, specify the server address and the passkey you used. (note the passkey I used is not very secure so something with multiple characters, number etc may be better)

Enable remote login:

Assign an IP address for your PC:

Test the telnet connection:

Note here: To use the more secure SSH connection you would need to add the ssh configurations into the router and it is also good practice to enable passwords on your router which was discussed in previous posts. 

Hyper - V - Virtualisation

What is Hyper - V?

Hyper - V is a virtualization technology. This allows you to run multiple operating system instances at any one time. You can run Linux, Microsoft, Server and desktop operating systems all together. This is a great solution for testing software on multiple platforms or just playing around with a different OS. 

Hyper V is specifically a hardware virtualisation technology. This means whatever you assign to your VMs you take that hardware away from your host. For example if your laptop or PC has 500GB of storage and 8GB Ram, you may want to tactically decide how you allocate the hardware to the VM. If you give the VM too much RAM for example it will severely impact the performance of the host. And the same with storage, VMs are usually assigned low storage, just enough for the Operating system and a few software installs (dependent on your requirements). If you have have spec tech, you can run many VMs much like a datacentre.

Enabling Hyper V in Windows 11

To enable hyper v;

1. Type Windows features into the start bar

2. Check both, Hyper V management tools and Hyper V platform

3. Restart your PC, it will install Hyper V much like a Windows update

Begin your lab journey....

Once you have Hyper V installed, embark on your lab journey. Below is a playlist for  creating a replica of a domain management structure, I will keep adding to it over time...

Playlist

Hot Standby Routing Protocol ( HSRP)

HSRP is a Cisco proprietary protocol that provides redundancy within a subnet. A virtual router is created which acts as the default gateway and a priority number is assigned to the physical routers to determine which is active and which is a standby router. 

Some key concepts with HSRP;

Priority

By default the priority number is 100. The highest priority number configured is assigned the active router if that fails then the next highest takes over which is the standby router. For example a priority number of 150 would be the active and 100 would be the standby router. 

Preempt

Is a state which activates the active router automatically

Hello messages

Are exchanged periodically to activate the standby router if it detects a failure on the network.

Virtual IP address 

A logical IP address that each host uses as the default gateway within a local subnet. 

Practical activity

In the below video, there is a full run through of HSRP in action. There is also the side effect concept of OSPF which is a routing protocol that dynamically routes traffic based on administrative distance. 

Technical timewasters

Below are a list of articles that made me lol...

Banking industry vs Security development

Here is a funny email exchange when the banking industry tried to influence the development of TLS - Link

MAC Address Basics

Each of a hosts network interfaces has a link layer MAC address that distinguishes it from other machines on the physical network. IP addresses are assigned to network interfaces and not machines. A mac address is made up of 48 bits or 6 bytes and is split into two parts. The first 3 bytes identify the manufacturer and the last 3 bytes are a unique serial number, so in this example the green sections are the vendor id and the black section is the interfaces unique number 32-03-C8-73-DC-A1. This is important for network engineers in spotting devices or vendors that are causing havoc on the network. 

Broadcasting

Broadcasting is a send once to all method of communication. A MAC address needs to be assigned to a broadcast frame. This address is made up of all binary 1s and when converted to hexadecimal gives you FF:FF:FF:FF:FF:FF

Multicasting

Multicasting works similar to broadcasting, but instead of sending data to all it sends it to a targeted group, often called one to many transmission. Common applications that use multicasting are streaming channels like Twitch and Youtube live. To avoid collisions when an ethernet switch receives a multicast frame it floods it out of all ports except the incoming port.

MAC address tabling

A switch stores mac addresses in a table. This table is called a mac address table or a content addressable memory (CAM table).  A switch stores information about other ethernet interfaces which are connected on the network. When a switch receives a frame it correlates the device sending with interface where it was received. 

A MAC address table maps each and every port to a MAC address and it does this in two ways;

Static - Have higher priority than dynamic as they can be added, removed or changed by an administrator

Dynamic - Added to the table automatically by a process called MAC learning. Once a switch receives a frame it automatically updates it mac address information. There is a brief video below showing how a mac address table works in practice. 

Network Ports and Protocols Cheat Sheet

Network communications are governed by a set of rules called protocols. Each protocol is assigned a port to allow applications to communicate. Below is a list of common protocols;

PORT NUMBER	SERVICE NAME	TRANSPORT PROTOCOL	DESCRIPTION
20	FTP-data	TCP, SCTP	File Transfer Protocol data transfer
21	FTP	TCP, UDP, SCTP	File Transfer Protocol command control
22	SSH/SCP/SFTP	TCP, UDP, SCTP	Secure Shell, secure logins, file transfers (scp,sftp), and port forwarding
23	Telnet	TCP	Telnet protocol, for unencrypted text communications
25	SMTP	TCP	Simple Mail Transfer Protocol, used for email routing between mail servers
42	WINS Replication	TCP, UDP	Microsoft Windows Internet Name Service, vulnerable to attacks on a local network
43	WHOIS	TCP, UDP	Whois service, provides domain-level information
49	TACACS	UDP; can also use TCP but not necessarily on port 49	Terminal Access Controller Access-Control System, provides remote authentication and related services for network access
53	DNS	TCP, UDP	Domain Name System name resolver
67	DHCP/BOOTP	UDP	Dynamic Host Configuration Protocol and its predecessor Bootstrap Protocol Server; server port
68	DHCP/BOOTP	UDP	Dynamic Host Configuration Protocol and its predecessor Bootstrap Protocol Server; client port
69	TFTP	UDP	Trivial File Transfer Protocol
80	HTTP	TCP, UDP, SCTP	Hypertext Transfer Protocol (HTTP) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP
88	Kerberos	TCP, UDP	Network authentication system
102	Microsoft Exchange ISO-TSAP	TCP	Microsoft Exchange ISO Transport Service Access Point (TSAP) Class 0 protocol
110	POP3	TCP	Post Office Protocol, version 3 (POP3)
113	Ident	TCP	Identification Protocol, for identifying the user of a particular TCP connection
123	NTP	UDP	Network Time Protocol
135	Microsoft RPC EPMAP	TCP, UDP	Microsoft Remote Procedure Call (RPC) Endpoint Mapper (EPMAP) service, for remote system access and management
137	NetBIOS-ns	TCP, UDP	NetBIOS Name Service, used for name registration and resolution
138	NetBIOS-dgm	TCP, UDP	NetBIOS Datagram Service, used for providing access to shared resources
139	NetBIOS-ssn	TCP, UDP	NetBIOS Session Service
143	IMAP	TCP, UDP	Internet Message Access Protocol (IMAP), management of electronic mail messages on a server
161	SNMP-agents (unencrypted)	UDP	Simple network management protocol; agents communicate on this port
162	SNMP-trap (unencrypted)	UDP	Simple network management protocol; listens for asynchronous traps
179	BGP	TCP	Border Gateway Protocol
194	IRC	UDP	Internet Relay Chat
264	BGMP	TCP, UDP	Border Gateway Multicast Protocol
318	TSP	TCP, UDP	Time Stamp Protocol
389	LDAP	TCP, UDP	Lightweight directory access protocol
427	SLP	TCP	Service Location Protocol
443	HTTPS (HTTP over SSL)	TCP, UDP, SCTP	Hypertext Transfer Protocol Secure (HTTPS) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP.
445	Microsoft DS SMB	TCP, UDP	Microsoft Directory Services: TCP for Active Directory, Windows shares; UDP for Server Message Block (SMB) file-sharing
464	Kerberos	TCP, UDP	For password settings on Kerberos
465	SMTP over TLS/SSL, SSM	TCP	Authenticated SMTP over TLS/SSL (SMTPS), URL Rendezvous Directory for Cisco’s Source Specific Multicast protocol (SSM)
497	Dantz Retrospect	TCP, UDP	A software suite for backing up operating systems
500	IPSec / ISAKMP / IKE	UDP	Internet Protocol Security / Internet Security Association and Key Management Protocol / Internet Key Exchange
513	rlogin	TCP	The Unix program rlogin allows users to log in on another host using a network.
514	syslog	UDP	Syslog Protocol, for collecting and organizing all of the log files sent from the various devices on a network
515	LPD/LPR	TCP	Line Printer Daemon protocol, or Line Printer Remote protocol
520	RIP	UDP	Routing Information Protocol, used to find the optimal path between source and destination networks
521	RIPng (IPv6)	UDP	Routing Information Protocol next generation, the IPv6 compatible version of RIP
554	RTSP	TCP, UDP	Real Time Streaming Protocol
546	DHCPv6	TCP, UDP	Dynamic Host Configuration Protocol version 6. DHCPv6 Clients listen for DHCPv6 messages on UDP port 546.
547	DHCPv6	TCP, UDP	DHCPv6 Servers and DHCPv6 Relay Agents listen for DHCPv6 messages on UDP port 547.
560	rmonitor	UDP	Remote Monitor
563	NNTP over TLS/SSL	TCP, UDP	Network News Transfer Protocol with encryption and verification
587	SMTP	TCP	For email message submission via SMTP
636	LDAP over TLS/SSL	TCP, UDP	Lightweight Directory Access Protocol over TLS/SSL
639	MSDP (PIM)	TCP	Multicast Source Discovery Protocol, which is part of the Protocol Independent Multicast (PIM) family
646	LDP (MPLS)	TCP, UDP	Label Distribution Protocol, applies to routers capable of Multiprotocol Label Switching (MPLS)
691	Microsoft Exchange	TCP	Microsoft Exchange Routing
860	iSCSI	TCP	Internet Small Computer Systems Interface
873	rsync	TCP	The rsync file synchronization protocol efficiently transfers and synchronizes files between devices and networked computers.
902	VMware Server	TCP, UDP	VMware ESXi, a hypervisor
989	FTPS	TCP	File Transfer Protocol (data) over TLS/SSL
990	FTPS	TCP	File Transfer Protocol (control) over TLS/SSL
993	IMAP over SSL (IMAPS)	TCP	Internet Message Access Protocol over TLS/SSL
995	POP3 over SSL (POP3S)	TCP, UDP	Post Office Protocol 3 over TLS/SSL