Project WLANs

In this project we are to compare 3 wireless access points. Home and Business

The first one I researched is the Cisco Aironet 1242AG Access Point

This WAP is designed for a Business Environment. The Cisco Aironet 1232AG is an 802.11a/b/g Wireless Access Point that is versatile, secure, high capacity, and has many features that are in demand by Wireless Local Area Network (WLAN) consumers. It is designed for use in environments that are challenging for radio frequencies like warehouses, large buildings, metal enclosures, and a wide operating temperature. The Cisco ISO software provides flexibility that allows you to use both access point and bridge functionality because you can configure each radio point as an access point, repeater, root bridge, non-root bridge, or workgroup bridge. The price of this WAP starts around $450.00.

Next we have a WAP that is designed for gaming.

The Netgear WNHDEB111 HD is a 5GHz Wireless N Networking kit that is ideal for gaming. The 5GHz frequency provides fast file transfer at Wireless N speed. This not only makes it ideal for gaming but for streaming HD videos too. Compatible with Xbox, Playstation, Wii, TiVo HD, Slingbox and more. It offers automatic QoS which will prioritize voice, video, and gaming traffic. The WNHDEB111 kit includes two access point/bridges that are preconfigured to connect securely to each other. Easy setup allows you to connect one access point to a router/gateway and the other to the network ready device. Using the 5GHz frequency helps to eliminate a lot of interference usually caused by Bluetooth, microwaves, and baby monitors which operate on the old 2.4 GHz frequency. The price starts around $99.00.

The last WAP I researched is the D-Link Xtreme N DAP-1522 Duo Wireless Access Point. This WAP is dual mode. It is for the customer that is looking to create a wireless network or connect several wired devices to an existing wireless network. Duo Wireless Access Point means that it can work with 802.11n (2.4GHz or 5GHz) or with 802.11g devices. It has 4 RJ-45 10/100/1000Base-T connections. The price starts around $80.00.

Build a Routed Network

In this lab we used routers, switches and PC's to build a WAN.

On one side we had several PC's connected to a switch and on the other side the remaining PC's in the room were connected to the other switch. Both switches were connected to a bank of three routers to simulate a WAN (Wide Area Network). In order to build this network we will need four subnets. One between the switch and router on one side, then one between each router and then one between the last router and the other switch.

The IP address we were given was 140.20.0.0 and we were to configure four subnets. In order to create four subnets we would have to borrow 3 bits. This will make our subnet mask 255.255.224.0

The first subnet address is 140.20.0.0. The host range is 140.20.0.1 – 140.20.31.254 and the broadcast address is 140.20.31.255.

The second subnet address is 140.20.32.0. The host range is 140.20.32.1 – 140.20.63.254. The broadcast address is 140.20.63.255.

The third subnet address is 140.20.64.0. The host range is 140.20.64.1 – 140.20.95.254. The broadcast address is 140.20.95.255.

The fourth subnet address is 140.20.96.0. The host range is 140.20.96.1 – 140.20.127.254. The broadcast address is 140.20.128.255.

The subnet address for the switch on the South side of the room is 140.20.0.0. The subnet address for the switch on the North side of the room is 140.20.96.0. 140.20.32.0 and 140.20.64.0 were assigned to go between the routers. We were assigned to a host position and had to determine our IP address and configure our computer to it. I was given the second host address for our side. Our network IP address was 140.20.0.0. My IP address was 140.20.0.2. After everything was set up we then tried to ping each other. We could only ping the machines on the same side at first. Brad configured the routers while we watched. He had to use a console cable to access the Cisco ISO. This connected the router to computer so Brad could use a keyboard and monitor to enter the settings for the network. At first we could not ping the other side but Brad went back in and did some troubleshooting and found out that one router wasn't using the same encapsulation. Brad reconfigured this and then the network was operational. We could ping back and forth from either side of the network.

Build a Wireless Network

Wireless router lab

In this lab we set up a wireless network and connect two computers to it.

Key points we had to accomplish were:

-change the SSID
-use WPA-2
-manually code MAC addresses of the two computers into WAP
-set up a share folder and access it over the network

We were to also download Zone Alarm and set up the firewall to only allow the IP addresses we added.

There were several things we had to do before starting this lab. Using the command prompt, I located my MAC address. I also had to download and install Zone Alarm. In the process of doing this, Vista SP1 had to be installed on my computer. I downloaded and installed this as well. While doing this I ran across several fail attempts to install the service pack. I think this may be because I have not activated Vista with Microsoft. Tyler was able to successfully load and setup Zone Alarm so we used his machine to complete that part of the lab.

To set up the wireless network we used a Dlink DIR-615 router.

The D-Link Wireless N Router DIR-615 has speed capacity of 300Mbps. At $40, it is cheaper than some Wireless-G routers. The DIR-615 does not have Gigabit Ethernet or USB ports, but it does have decent wireless throughput speed and range. It comes with a user friendly Web interface and a fairly large set of networking features.

Set up of the router was very simple. Unpack it from the box and plug it in to the Ethernet connection and to the power supply. I then plugged my computer's Ethernet cable into the back of the router. Before installing the wireless adapter on my computer I did an Internet search on the DLink site for the default IP address of the DIR615 router. The address is 192.168.0.1. Entering this address in the address bar opened the routers setup wizard.

First I changed the SSID. From the DLink wizard click Setup / Wireless Setting / Wireless Network Setup Wizard - Changed the Network name to BackRow.

Then clicked Manual Assign Network Key, use WPA encryption. Next I entered NET125LABBACKROW as the Wireless Security Password.

I then loaded the driver CD that came with the wireless adapter. I plugged the adapter into a USB port and ran the install wizard. Nothing complicated about it. The wizard guided my through the steps without complicated or confusing questions. I restarted by computer and it connected to the internet without problem.

I pinged Ross just to make sure the network was working and the ping was successful.

We were supposed to download Zone Alarm and practice pinging each other and setting up a firewall. Zone Alarm downloaded ok but could not run it until I downloaded SP1 for Vista. I could not get SP1 to install, probably because the version of Vista I am running is not activated. Tyler was able to load Zone Alarm on his machine so we observed him and tried to ping his machine. With Zone Alarm off we could ping his machine. When he turned it on we could not. He could adjust the settings to allow us to access his machine by entering our IP address. He could also add an IP address range that would allow us to access his machine.

As part of our lab, we were to block access to our network by entering our MAC addresses into the access control panel of the router and block all others from access. This worked perfectly. I was able to add Ross' MAC address to the setup and he was able to access a share folder I put on my desktop and view a file I put in the folder. When I deleted his address he could not. He added me to his file sharing and I view a folder he set up that had a picture in it. There are a couple of options when it comes to file sharing. I can give the person wanting to share, access to just a particular folder, or I can activate the public sharing folder so anyone on the network can see it. I can adjust the settings from full access to read only also.

So that did it for this lab. We set up a wireless network, changed the SSID, used WPA-2 encryption, hard code the MAC addresses into WAP, Setup a share folder and access it. Download Zone Alarm and set up a firewall to block access to your computer. Ping each other to see if connections between computers were working.

Build a Switch Network Lab

In this lab we used switches and computers to build a LAN (Local Area Network)

We used two switches connected by a crossover cable. Half of the class connected their computers to one switch and the other half to the other switch.

We were given the IP address 160.20.0.0 and the subnet mask 255.255.240.0. The IP address is a class B and therefore the subnet mask is 255.255.0.0. The difference is 240 in the third octet. 240 means that there are 4 bits borrowed for the subnet. We were asked to use the fourth subnet for this lab. The first subnet was 160.20.0.0 (0000 0000.00000000). The second subnet was 160.20.16.0 (0001 0000.00000000). The third subnet was 160.20.32.0 (0010 0000.00000000). The fourth subnet was 160.20.48.0 (0011 0000.00000000). Now that we had our subnet address we had to configure our host address. I was assigned the third host address. This was pretty easy, 160.20.48.0 was the network address, 160.20.48.1 was the first host and that was assigned to Mike, 160.20.48.2 was Tony, I was assigned the third host address and that was 160.20.48.3. 160.20.48.4 was Ross, 160.20.48.5 was Tyler, 160.20.48.6 was Steve, 160.20.48.7 was Scott, 160.20.48.8 was James, 160.20.48.9 was Rich, and 160.20.48.11 was Jeremy.

Next we had to change our network settings on our computer to the addresses we configured. Click the Start button then right click Network, then click Properties, next click Manage Network Connections, then double-click Local Area Connection. This brings up the Local Area Connection Properties window. Highlight Internet Protocol Version 4 (TCP/IPv4), click on properties. This opens the Internet Protocol Version 4 (TCP/IPv4) window. Click Use the following IP address and enter the IP address that was configured along with the other information. (subnet mask, default gateway) Click OK to accept and make changes. Then close and exit all the windows.

Then we were to try to ping others on the network we created to see if it worked. I had to disable the windows firewall to allow other to ping me. I was able to pine everyone on first try except Mike, Scott, Doug, and Jeremy. Mike was having issues with Vista and had to reinstall. Jeremy had a firewall issue that was resolved and then I could ping him. Never was able to get Scott or Doug.

CCC Network Tour

This NET125 lab was actually a tour of the network at CCC. We traced the path data takes as it leaves our computer and enters the Internet. Ken Martin, Director Information Technology, was our tour guide.

We started on the third floor of the Wayne West Building in Room 326. Network access is provided there by RJ-45 jacks mounted in the floor. Cat5 cable is connected to the jacks. From there the Cat5 cable is routed to a utility room on the west wing of the 3^rd floor. There is another utility room on the east wing of the 3^rd floor that handled the computer labs on that end.

In the utility room there were two banks of switches. The CAT5 and CAT6 cables from all the rooms on the west wing are routed to this room through the drop ceiling in 3-4 inch conduit. The cables are run to patch panels. The two main cables used on campus are copper (CAT5 and CAT6) and fiber optic. From the patch panel a standard network cable runs to the switches. We noticed that most of the cable bundles were labeled with the room number . Mapping is key to setting up a large network to help with troubleshooting. Fluke makes products that help to find out what goes where.

The bank of access switches contained four Cisco switches 3548's and 3750's all were 10/100. The access switches were smart switches and from there they are VLANed off. Each room was physically connected to the switch but they were logically VLANed off into their own separate pool. This is to cut down on the amount of traffic and noise. Instead of one switch handing all the traffic from the entire floor it is broken down into manageable sections.

From the switch panel there were a couple of fiber ports used for fiber optic cables. The cable used was multimode fiber. This cable went down and connected to second floor and then the second floor connected to the first floor. Fiber optic cable is used because it is faster, noise resistant, and has longer runs. From the first floor the fiber cable runs to the LRC Center to Ken's office.

Also for each bank of switches there were UPS (uninterruptible power supply)units to provide backup power in case of an outage. This not only helps to protect data and keep the network running, it also provides power to keep the phone system operational.

In addition to the cables for the wired network, this room also houses the cables for the wireless network on campus for the Wayne West Building and the cables for the IP cameras. PoE is used to power the cameras and the phones. To run power to the camera and phones the switch has to be PoE capable.

From the access layer switches the information goes to the distribution layer switch which then runs to the second floor. The three types of access switches that are currently used on campus are 3548, 3524, and 3524 PoE. The fiber optic cable on campus is run in a ring to connect every building. The fiber optic cable run also includes; CMAST, Civic Center, Institute of Marine Science, BLET, MARTEC, and the buildings of campus. There is also another ring running in the opposite direction in redundancy.

In the LRC building is the nerve center for the network on campus. All connections are routed to main hub. The setup is similar to the utility room in Wayne West. Instead of CAT5 or 6 cables running in, all the FO cables are coming in and are run to a fiber optic patch panel. From the patch panel the cables are run to the core. There are two UPS systems set up in redundancy plus a generator to make sure the system retains power in case or outages. The network speed at CCC is a gigabit which is what most universities have. This is because of our relationship with NC State, UNC IMS, Duke Marine Lab, and NOAA. We have fiber optic connections to Greenville, Wilmington, We are a point of presence for NCREN North Carolina Research and Education Network.

The servers for Blackboard, VoIP, and email are also located in the same room. Virtualized servers are run from this room too. Instead of buying a new server, with a quad core processor and 16 gigs of RAM we can run 16 virtual servers on the one machine.

The tape backup system is an LTL3 does 400gigs uncompressed and 800 gigs compressed and it holds 8 tapes which gives us 3.2 terabytes and is very fast.

There are several virtualization projects in the planning stages, desktop virtualization, Blackboard virtualization. VMware is being used for server virtualization and Xen for desktop virtualization. The goal is to have most virtualization projects in place in the next few years.

Project - Switches

Network designers can use the hierarchical network model as a framework to design a network that is easy to set up and troubleshoot. Using this model make the network flexible too. The hierarchical network design consists of three layers; the access layer, the distribution layer, and the core layer.

The access layer provides access to the network for local and remote workgroup users while the distribution layer provides a separation between the access and the core layers and also provides a connection point between the two. The core layer provides fast and efficient transportation of data.

An access layer device controls traffic by localizing broadcast and service request to the access media. A distribution layer device perform two functions, control access to resources of the core layer and use bandwidth efficiently. Core devices implement protocols and provide load balancing.

The example of an access switch I researched was the Cisco Catalyst 3750. This switch is able to support applications like IP telephony, wireless, and video which will improve productivity. This switch is part of Cisco's stackable switches which provides flexibility in designing networks. It is available in 24 and 48 port configurations, 10/100/1000, PoE and non-PoE models. The PoE+ models have 30W power on all ports in 1 rack unit. There is also an optional four 1 Gb Ethernet SFP or two 10 Gb Ethernet SFP+ uplink network modules. The 3750 is also backward compatible, has an enhanced limited lifetime warranty and utilizes Cisco EnergyWise, which reduces energy usage. It also comes with dual redundant modular power supplies and fans. The prices start around $2700.00 for a 24 port switch. Most companies request you contact them for a quote.

The Cisco Catalyst 4500 series switches are a midrange switch capable of layer 2-4 switching. They are designed for several hardware applications including layer 3 distribution points. This switch provides QoS for Layer 2 class of service (CoS) and Layer 3 type of service (ToS). Provides scalability for layer 3 distribution points. Other options are similar to the 3750 switch. Pricing varies depending on how the switch is set up. Most prices start around $3200.00.

The Catalyst 6500 series addresses gigabit scalability and multilayer switching. It supports a wide range of interface densities and performance. Like the other Cisco switches it is scalable and can be customized to suit the client's needs. Prices start at $6500.00.

TCP/IP Utilities Lab

In this lab we used some tools by using the command prompt.

In the first exercise we used the Ipconfig command. This utility can be used alone to list information about the TCP/IP configuration. It also has several command switches to manage a computer's TCP/IP settings. Four of these switches are:

/? - This one displays a list of switches to use with the ipconfig command

/all - Displays the complete TCP/IP configuration information

/release - Releases DHCP-assigned IP address

/renew - Renews DHCP-assigned IP address

The Netstat utility displays details and statistics of the TCP/IP components and connections on a host. There are several switches available for this utility also. A few of them are:

-a - Lists all available TCP and UDP connections.

-e - List details about the packets sent over a network interface.

-n - List the current connected host by their port and IP address

-p - Lets you specify the type of protocol statistic to list, TCP or UDP

Nbtstat is a utility that works with networks running Windows and NetBIOS. Switches are also available for this utility.

-a - Display's a machine's name table given its NetBIOS name

-A - Displays a machine's name table given its IP address

-r- Lists statistics about names that have been resolved to IP addresses by broadcast and by WINS

-s - Displays a list of all the current NetBIOS sessions for a machine

Hostname utility is used to find the hostname the computer was assigned and if you have administrator privileges, you can change the hostname at the prompt


Nslookup is a utility that allows you to find the host name of any computer on the network by querying the DNS database by specifying its IP address or you can find the IP address by specifying its hostname.

Traceroute (tracert) is a utility that uses ICMP ECHO request to trace the path from one node on the network to another and identifies all the intermediate hops between the two nodes. Some of the popular switches for tracert are:

-d - tells the tracert command not to resolve IP addresses to host name

-h - lists the maximum number of hops the packets should take when attempting to reach a host

-w - Identifies a timeout period for responses

Host File Lab

In this lab we created a host file mapping Blackboard to the IP address 10.10.1.81.

To get to the mapping file you have to access the C:\ then the windows folder, then the system32 folder, then the drivers folder, then the etc folder. Open the host file in notepad. This will give you the following window

Go to the last line and type the address under to other addresses then tab over and enter the name you want to associate with the IP address. In our case we entered 10.10.1.81, which is Blackboards IP address, then I entered blackboard for the name. Now when I enter blackboard in the address bar is opens blackboard without having to remember the IP address. This is very useful in remembering websites. It is easier to associate a name with a site than to remember the IP address. Host file mapping can not only help you out when you have a lot of IP addresses to remember, but you can also limit the sites that can be accessed. Disable the DNS and then this will allow access only to the sites that are in the permit area. If you have sites that you access a lot. Enter there IP address in the host file and then when you access them it will save time because your browser will save the time it takes to look through the external DNS resolution and log directly on the site. You can also block junk sites by listing them in the host file and putting the local IP address in front of their address name. This was a short but very interesting lab, full of useful information.

DHCP Lab

In this lab we set up a Dlink router between two computers in a DHCP (Dynamic Host Configuration Protocol) pool. We changed the routers settings and changed the DHCP pool which included the default gateway and the range of IP addresses available for our computers to use. After doing this, we then used the command prompt to with the ipconfig /all command to view our current IP address. Then we released and renewed the IP address using the command prompt commands; ipconfig /release, and ipconfig /renew, to see if it would change to the new settings which it did. This was a fairly simple lab to perform and was educational as well.

Wireshark Lab

In this lab we used the software Wireshark to capture and examine packets being sent and recieved on our computers. http://www.wireshark.org/

The first packet we examined was a packet using TCP protocol

The source port for this packet was Port 80 which is used for http.

The destination port was 49340 which is a dynamic or private port number.

The flag being used was 0x18 (PSH, ACK). PSH bit is a push flag that tells the TCP to send any outstanding data. The ACK bit acknowledges the remote host's sequence numbers and validates the information in the acknowledgement.

The source IP address is 69.63.178.143 and the destination IP address is 10.40.1.107. My computer's IP address is 10.40.1.107 so this is an incoming packet to my computer.

The TTL (Time to Live) for this packet is 82. When this counts down to 0 the packet will be discarded.

Differentiated Services is a class-based mechanism for traffic control where the data packets are sorted by traffic classes instead of individual flow. The Differentiated Services Field for this packet was 0x00 (DSCP 0x00: Default; ECN: 0x00) I found a lot of references to this value but did not find out exactly what it stands for. The Differentiated Services Field has an eight bit number with bits 0-5 being for the value and bits 6 and 7 are reserved.

The protocol field is set to TCP which set the transmission layer protocol. The Header checksum was listed as correct. The framing type used was 22. The source MAC address was Cisco_ee:9b:ff (00:04:c0:ee:9b:ff) and the destination MAC address was Intel_31:68:a3 (00:19:d1:31:68:a3). The destination MAC address is my computer. The frame is incoming. There were 239 bytes on wire and 239 bytes captured.

Now we will look at a packet using UDP protocol

The source port is 58807 which is a dynamic or private port. The destination port is 53 which is the Domain Name System port. The Flag value is 0x00. The source IP address is 10.40.1.119 and the destination IP address is 10.40.1.6. This is an outgoing packet from my computer. The TTL for this packet is 128. If the packet is not delivered before the value counts to 0 then the packet will be discarded. The header checksum is correct. The framing type is 7 and the source MAC address is Intel_31:d4:bd (00:19:d1:31:d4:bd) and the Destination MAC address is DellPcba_d6:73:93 (00:0d:56:d6:73:93). This is an outgoing packet from my computer. This Frame contained 82 bytes on wire, and 82 bytes captured.

This is an example of a three-way handshake.

First there is an SYN segment send from 192.168.1.102 to 128.119.245.12. Then there is a

SYN ACK segment send from 128.119.245.12 to 192.162.1.102. Then the third handshake is an ACK segment sent from 192.168.1.102 to 128.116.245.12.

This is an example of an ARP packet interception

The destination MAC address is ff:ff:ff:ff:ff:ff. This is the broadcast address. The source MAC address is 00:d0:59:a9:3d:68. This is the address sending out the broadcast. The destination IP address is 192.168.1.1. This is the IP address the broadcast is looking for. The source IP address is 192.168.1.105. This is the IP address that is sending the request out.

I found this interesting that with ARP you can send out a broadcast to locate a MAC address from an IP address. In the example the host computer send out a request to locate the MAC for IP address 192.168.1.1. Then the answer was sent back that 192.167.1.1 was located at MAC address 00:06:25:da:af.

This lab was very informative and educational. It was great to be able to look at these packets and start to make sense of what we were looking at. The fog of understanding the workings of a computer are starting to thin a little. It is still fasinating to see what happens in computers and to understand as what speed it happens. I really enjoyed this lab and will continue to use wireshark on my own to explore and understand more from packets in the future.