Sebuah jaringan fault tolerant artinya sebuah jaringan yang

mampu meminimalkan akibat dari kegagalan hardware dan

software, serta dapat beroperasi lagi dengan cepat jika
kegagalan itu terjadi.

Protokol adalah aturan yang digunakan oleh perangkat jaringan
untuk berkomunikasi satu sama lain. protokol dapat berlapis,
dimana protokol yang satu berfungsi diatas protokol yang lain
Protokol tersebut akan mengatur format, pengalamatan dan
mekanisme routing yang menjamin pesan dikirim pada penerima
yang tepat

QOS, Sebuah jaringan terkonvergensi, harus mampu mengatur
prioritas dari service service yang menggunakannya. Sehingga
dicapat standar kualitas yang memenuhi harapan user

Cisco Borderless Network is a network architecture that allow
organizations to connect anyone, anywhere, anytime, and on any
device securely, reliably, and seamlessly
It is designed to address IT and business challenges, such as
supporting the converged network and changing work patterns
Borderless switched network design guidelines are built upon the
following principles:
Hierarchical, rule of each devices
Modularity, easily expanded
Resiliency, always on
Flexibility, intelliggent load sharing

Form Factor Switch
Fixed = tetap, tak modular
Modular = ada modul yang dapat ditambah/ diganti
Stackable = dapat di tumpuk dan dipandang sebagai
tunggal

Mengurangi Kemacetan Jaringan
facilitating the segmentation of a LAN into separate
collision domains = memecah collision domain
menyediakan komunikasi full-duplex antara perangkat
taking advantage of their high port density
buffering large frames
employing high speed ports
taking advantage of their fast internal switching process
having a low per-port cost

Secure Shell (SSH) is a protocol that provides a secure
(encrypted) command-line based connection to a remote device
SSH is commonly used in UNIX-based systems
Cisco IOS also supports SSH
A version of the IOS software including cryptographic
(encrypted) features and capabilities is required in order
to enable SSH on Catalyst 2960 switches
Because its strong encryption features, SSH should
replace Telnet for management connections
SSH uses TCP port 22 by default. Telnet uses TCP port 23


MAC Address Flooding
Switches automatically populate their CAM tables by
watching traffic entering their ports
Switches will forward traffic trough all ports if it cant
find the destination MAC in its CAM table
Under such circumstances, the switch acts as a hub.
Unicast traffic can be seen by all devices connected to
the switch
An attacker could exploit this behavior to gain access to
traffic normally controlled by the switch by using a PC to
run a MAC flooding tool.
Such tool is a program created to generate and send out
frames with bogus source MAC addresses to the switch
port
As these frames reach the switch, it adds the bogus
MAC address to its CAM table, taking note of the port
the frames arrived
Eventually the CAM table fills out with bogus MAC
addresses
The CAM table now has no room for legit devices
present in the network and therefore will never find
their MAC addresses in the CAM table.
All frames are now forwarded to all ports, allowing the
attacker to access traffic to other hosts

Network Time Protocol
NTP is a protocol used to synchronize the clocks of
computer systems data networks
NTP can get the correct time from an internal or
external time source
Time sources can be:
o Local master clock
o Master clock on the Internet
o GPS or atomic clock
A network device can be configured as either an NTP
server or an NTP client

VLAN Definitions
VLAN (virtual LAN) is a logical partition of a layer 2
network
Multiple partition can be created, allowing for multiple
VLANs to co-exist
Each VLAN is a broadcast domain, usually with its own
IP network
VLANS are mutually isolated and packets can only pass
between them through a router
The partitioning of the layer 2 network takes inside a
layer 2 device, usually a switch.

VLAN Trunks
A VLAN trunk carries more than one VLAN
Usually established between switches so same-VLAN
devices can communicate even if physically connected
to different switches
A VLAN trunk is not associated to any VLANs. Neither is
the trunk ports used to establish the trunk link

Introduction to DTP
Switch ports can be manually configured to form trunks
Switch ports can also be configured to negotiate and
establish a trunk link with a connected peer
Dynamic Trunking Protocol (DTP) is a protocol to
manage trunk negotiation
DTP is a Cisco proprietary protocol and is enabled by
default in Cisco Catalyst 2960 and 3560 switches

Switch spoofing Attack
There are a number of different types of VLAN attacks in
modern switched networks. VLAN hopping is one them.
The default configuration of the switch port is dynamic
auto
By configuring a host to act as a switch and form a
trunk, an attacker could gain access to any VLAN in the
network.
Because the attacker is now able to access other VLANs,
this is called a VLAN hopping attack
To prevent a basic switch spoofing attack, turn off
trunking on all ports, except the ones that specifically
require trunking

VLAN Design Guideline
Move all ports from VLAN1 and assign them to a not-in-
use VLAN
Shut down all unused switch ports
Separate management and user data traffic
Change the management VLAN to a VLAN other than
VLAN1. The same goes to the native VLAN
Make sure that only devices in the management VLAN
can connect to the switches
The switch should only accept SSH connections
Disable autonegotiation on trunk ports
Do not use the auto or desirable switch port modes

Router Memory










Packet Forwarding Methods
Process switching An older packet forwarding
mechanism still available for Cisco routers.
Fast switching A common packet forwarding
mechanism which uses a fast-switching cache to store
next hop information.
Cisco Express Forwarding (CEF) The most recent,
fastest, and preferred Cisco IOS packet-forwarding
mechanism. Table entries are not packet-triggered like
fast switching but change-triggered.

Best Path
Best path is selected by a routing protocol based on the
value or metric it uses to determine the distance to
reach a network.
A metric is the value used to measure the distance to a
given network.
Best path to a network is the path with the lowest
metric.
Dynamic routing protocols use their own rules and
metrics to build and update routing tables for example:

Routing Information Protocol (RIP) - Hop
count
Open Shortest Path First (OSPF) - Cost based
on cumulative bandwidth from source to
destination
Enhanced Interior Gateway Routing Protocol
(EIGRP) - Bandwidth, delay, load, reliability