WEBVTT 1 00:00:00.160 --> 00:00:02.600 Welcome to the deep dive. We're the show that cuts 2 00:00:02.600 --> 00:00:05.719 through the noise, you know, wading through dense material, technical 3 00:00:05.759 --> 00:00:08.279 work books, all that stuff to pull out the insights 4 00:00:08.320 --> 00:00:13.720 that really matter. And today, Wow, we are diving deep 5 00:00:13.759 --> 00:00:18.600 into something fundamental. Network engineering, the absolute bedrock of our 6 00:00:18.679 --> 00:00:21.800 digital world. If you've ever wondered how all those clicks 7 00:00:21.800 --> 00:00:24.760 and connections actually happen, you know, the invisible highways behind 8 00:00:24.760 --> 00:00:27.960 the scenes will stick around. This is your shortcut to 9 00:00:28.039 --> 00:00:31.039 really getting it, maybe with a few surprising facts thrown in. 10 00:00:31.199 --> 00:00:34.359 That's the plan, our mission today to sort of demystify 11 00:00:34.439 --> 00:00:37.719 how these modern networks get built, how they run so precisely, 12 00:00:37.759 --> 00:00:40.759 and maybe most importantly, how we secure them because the 13 00:00:40.799 --> 00:00:43.240 threats are always changing. Right, We're leaning heavily on a 14 00:00:44.240 --> 00:00:46.920 really comprehensive CCNA two hundred and three to zero one 15 00:00:47.039 --> 00:00:49.520 technology workbook today. It's pretty much the gold standard for 16 00:00:49.520 --> 00:00:51.159 anyone starting out in IT networking. 17 00:00:51.439 --> 00:00:53.479 Oh absolutely, if you're looking for a job at IT 18 00:00:54.119 --> 00:00:57.200 that CCNA is often like the first thing employers check for. 19 00:00:57.280 --> 00:01:00.600 It validates those core skills and the material we're using. 20 00:01:00.679 --> 00:01:03.320 It comes from IP specialists. They do a fantastic job 21 00:01:03.359 --> 00:01:07.719 accelerating careers, self paced learning, case studies, virtual labs. 22 00:01:07.840 --> 00:01:10.560 Yeah, they really cover the exam blueprint exactly. 23 00:01:10.719 --> 00:01:14.560 Yeah, and they even offer free stuff like over two 24 00:01:14.640 --> 00:01:17.760 hundred and fifty practice questions and a career report. It 25 00:01:17.840 --> 00:01:19.920 shows they're serious about practical knowledge. 26 00:01:19.959 --> 00:01:23.000 It really does. It underlines how important structured hands on 27 00:01:23.159 --> 00:01:25.599 learning is in this field. It just never stops changing. 28 00:01:25.680 --> 00:01:27.719 Okay, let's jump in. Let's start right at the beginning. 29 00:01:28.000 --> 00:01:30.680 When we talk about a computer network, what are we 30 00:01:30.840 --> 00:01:33.079 actually fundamentally talking about. 31 00:01:33.400 --> 00:01:35.959 Well, at its core, it's actually pretty simple. It's just 32 00:01:36.040 --> 00:01:40.640 a group of devices connected together. I think computers, servers, routers, 33 00:01:41.079 --> 00:01:42.439 even your smart fridge. 34 00:01:42.120 --> 00:01:44.680 These days, all those IoT things exactly. 35 00:01:44.719 --> 00:01:48.079 They're all nodes in this interconnected community, and the whole 36 00:01:48.079 --> 00:01:50.719 point is letting them share information and offer services to 37 00:01:50.760 --> 00:01:53.959 each other. It's the backbone of pretty much all digital communication. 38 00:01:54.280 --> 00:01:56.840 Okay, so that's the community. What about the key players, 39 00:01:57.000 --> 00:02:00.840 the essential components. Let's kick off with routers. We see 40 00:02:00.840 --> 00:02:03.760 the box at home, but what's their real job in 41 00:02:03.799 --> 00:02:04.519 the bigger picture. 42 00:02:04.840 --> 00:02:06.640 Yeah, they do much more than just connect us to 43 00:02:06.680 --> 00:02:09.840 the internet. Routers are basically the traffic directors of the 44 00:02:09.879 --> 00:02:14.159 network world. They operate at layer three of the OSI model. 45 00:02:14.199 --> 00:02:16.439 That's the network layer. Now we don't need to get 46 00:02:16.479 --> 00:02:19.400 totally lost in the OSI model, but layer three means 47 00:02:19.759 --> 00:02:22.639 they use IP addresses to figure out the best path 48 00:02:22.800 --> 00:02:25.159 to send data packets between different networks. 49 00:02:25.240 --> 00:02:28.560 Oh, okay, between networks. So my home network talking to 50 00:02:29.039 --> 00:02:30.360 like a website server. 51 00:02:30.240 --> 00:02:32.639 Somewhere else, precisely a router figures out that route. 52 00:02:32.680 --> 00:02:34.840 Got it. Then we have switches, and this is where 53 00:02:34.840 --> 00:02:37.800 I think people get confused sometimes routers versus switches. What's 54 00:02:37.800 --> 00:02:40.599 the difference, especially between layer two and layer three switches. 55 00:02:40.960 --> 00:02:45.400 Yeah, that's a super common question, and it's important. So 56 00:02:45.719 --> 00:02:48.719 a layer two switch works within a single network, a 57 00:02:48.759 --> 00:02:53.080 local area network or land. Think of it like internal 58 00:02:53.120 --> 00:02:57.199 mail sorting and one office building. It learns the MS addresses, 59 00:02:57.240 --> 00:03:00.439 the physical addresses of devices plugged into it, and sends 60 00:03:00.520 --> 00:03:03.639 data directly to the right port within that building. Doesn't 61 00:03:03.639 --> 00:03:05.280 really care about IP addresses. 62 00:03:05.400 --> 00:03:07.080 Okay, local traffic cop pretty much. 63 00:03:07.319 --> 00:03:10.159 Now, a layer three switch, that's where it gets interesting. 64 00:03:10.240 --> 00:03:13.280 It does everything a layer two switch does, has addresses 65 00:03:13.280 --> 00:03:16.159 and all that, but it also understands IP addresses and 66 00:03:16.199 --> 00:03:17.240 can perform routing. 67 00:03:17.800 --> 00:03:21.680 Ah, so it can route between different internal networks like 68 00:03:21.719 --> 00:03:23.280 different departments exactly. 69 00:03:23.319 --> 00:03:26.560 It can route traffic between different vlands or subnets without 70 00:03:26.599 --> 00:03:28.520 needing to send it up to a dedicated router and 71 00:03:28.599 --> 00:03:31.319 back down. It's much faster. Happens at wire speed right 72 00:03:31.319 --> 00:03:31.960 there on the switch. 73 00:03:32.000 --> 00:03:34.400 Okay, that makes a huge difference in network design, right, 74 00:03:34.840 --> 00:03:38.439 especially for larger places like a campus, you avoid a bottlenecks. 75 00:03:38.759 --> 00:03:40.759 That feels like a real aha moment. 76 00:03:41.120 --> 00:03:44.039 It absolutely is. It gives you way more flexibility and 77 00:03:44.080 --> 00:03:49.159 performance for segmenting your network. And speaking of performance and security, 78 00:03:49.680 --> 00:03:53.080 let's talk firewalls. We're not just talking traditional ones anymore, right, 79 00:03:53.159 --> 00:03:56.479 next generation firewalls and gfw's what's the big leap? 80 00:03:56.759 --> 00:04:00.280 Right? Traditional firewalls were kind of like bouncers checking idsse 81 00:04:00.400 --> 00:04:05.000 ip addresses, port numbers, basic stuff. But ngfw's they're more 82 00:04:05.039 --> 00:04:09.039 like detectives. They look deeper. They understand the applications generating 83 00:04:09.039 --> 00:04:12.759 the traffic. They can spot advanced malware hidden inside normal 84 00:04:12.800 --> 00:04:16.600 looking traffic or attax happening at the application layer itself. 85 00:04:16.279 --> 00:04:17.959 So they know what the traffic is doing, not just 86 00:04:18.000 --> 00:04:19.319 where it's going exactly. 87 00:04:19.519 --> 00:04:23.240 Plus they usually have built in intrusion prevention, application whitelisting 88 00:04:23.720 --> 00:04:26.079 much smarter security makes sense. 89 00:04:26.319 --> 00:04:29.720 And of course networks need servers, the workhorses providing the 90 00:04:29.759 --> 00:04:30.639 actual services. 91 00:04:30.720 --> 00:04:34.000 YEP. Servers are the specialists. They manage network resources. You've 92 00:04:34.040 --> 00:04:38.120 got web servers, email servers, file servers, maybe policy servers 93 00:04:38.120 --> 00:04:40.759 for authentication. They could be dedicated to one job or 94 00:04:40.759 --> 00:04:43.240 handle multiple roles, depending on how big the network is. 95 00:04:43.600 --> 00:04:47.519 Okay, components down, Now how do we arrange them? Let's 96 00:04:47.519 --> 00:04:50.959 talk topology, the network's blueprint, what's the basic idea and 97 00:04:51.000 --> 00:04:53.079 what's this physical versus logical thing? 98 00:04:53.240 --> 00:04:57.040 Right? Topology is just how everything's connected. The layout, Yeah, nodes, 99 00:04:57.079 --> 00:05:00.759 that's your devices and links, the connections physical to as well, 100 00:05:01.639 --> 00:05:04.800 the physical layout where the cables actually run, how things 101 00:05:04.839 --> 00:05:08.680 are plugged in tangible stuff. Logical topology is about how 102 00:05:08.720 --> 00:05:11.519 the data actually flows, which might be different from the 103 00:05:11.560 --> 00:05:13.959 physical paths. It's the data's perspective. 104 00:05:13.560 --> 00:05:18.519 Catcha And historically there were some basic layouts right Bus ring, Yeah. 105 00:05:18.360 --> 00:05:22.079 The classics Bus topology had everyone sharing one cable problem 106 00:05:22.240 --> 00:05:26.240 cable breaks whole network. Down Ring topology connected devices in 107 00:05:26.279 --> 00:05:28.920 a loop, but data had to pass through others, causing 108 00:05:28.920 --> 00:05:29.920 delays or failures. 109 00:05:30.040 --> 00:05:32.319 In star that sounds familiar, that's. 110 00:05:32.199 --> 00:05:34.879 Your typical home network setup, everything connects to a central 111 00:05:34.920 --> 00:05:38.240 hubb switch like your Wi Fi router. Easy to manage. 112 00:05:38.480 --> 00:05:41.360 But if that central point fails, came over. Yeah, right, 113 00:05:41.639 --> 00:05:44.319 and then there's mesh where everything connects to everything else. 114 00:05:44.519 --> 00:05:48.399 Super redundant loads of paths, but imagine the cabling, ninemer 115 00:05:48.439 --> 00:05:48.839 and cost. 116 00:05:49.079 --> 00:05:52.480 Yeah, not practical for most. So for bigger networks we 117 00:05:52.519 --> 00:05:56.079 move to hierarchical designs like two tier and three tiers exactly. 118 00:05:56.160 --> 00:05:58.079 Think of it like organizing a city. A three tier 119 00:05:58.120 --> 00:06:02.360 design common in big camp networks has layers. You've got 120 00:06:02.360 --> 00:06:06.240 the access layer where users connect, the distribution layer bundles 121 00:06:06.240 --> 00:06:10.600 that up, handles routing between departments, applies policies. And the 122 00:06:10.600 --> 00:06:14.439 core layer the super fast backbone connecting major areas. 123 00:06:14.519 --> 00:06:16.240 So it breaks down complexity, it makes it. 124 00:06:16.199 --> 00:06:20.160 Manageable, precisely, easier to scale, troubleshoot, the whole deal. Yeah, 125 00:06:20.240 --> 00:06:24.319 but modern data centers have like insane traffic demands. That's 126 00:06:24.319 --> 00:06:26.319 where spine leaf comes in, right and evolution. 127 00:06:26.600 --> 00:06:29.600 Absolutely, spine Leaf is built for speed and scale, especially 128 00:06:29.600 --> 00:06:31.879 in data centers. It's simpler, just two layers. You have 129 00:06:32.000 --> 00:06:35.560 leaf switches where servers and devices connect, and spine switches 130 00:06:35.600 --> 00:06:38.240 which act as a core backbone. The key thing is 131 00:06:38.319 --> 00:06:40.279 every leaf switch connects to every. 132 00:06:40.079 --> 00:06:41.920 Spine swech, every single one. Wow. 133 00:06:42.480 --> 00:06:45.079 This means data always travels the same number of hops, 134 00:06:45.120 --> 00:06:48.360 usually just two leaf to spine to leaf. Super predictable, 135 00:06:48.600 --> 00:06:52.199 low latency, perfect for high frequency trading or big data stuff. 136 00:06:52.560 --> 00:06:56.680 Very efficient. Okay, Now expanding beyond one location, wide area 137 00:06:56.759 --> 00:07:02.040 networks wanes connecting geographically separate sites. What are the common 138 00:07:02.040 --> 00:07:03.759 ways to set those up? For? 139 00:07:03.879 --> 00:07:07.519 Want apologies? You've got options. Point to point is a direct, 140 00:07:07.759 --> 00:07:12.120 dedicated link between two sites, like a private highway, high quality, 141 00:07:12.240 --> 00:07:15.439 often pricey. Hub and spoke is more common, maybe more 142 00:07:15.480 --> 00:07:19.079 cost effective. Remote sites connect back to a central hub. 143 00:07:19.399 --> 00:07:22.199 Downside that hub is a single point. 144 00:07:21.959 --> 00:07:24.199 Of failure, right and full mesh. 145 00:07:24.160 --> 00:07:27.360 Maximum redundancy, like the land version, every site connected to 146 00:07:27.399 --> 00:07:30.000 every other site, but again very complex and expensive to 147 00:07:30.040 --> 00:07:32.680 set up all those connections, even virtual ones. And for 148 00:07:32.720 --> 00:07:35.839 actually getting that connectivity, you can use dedicated least lines, 149 00:07:35.959 --> 00:07:38.920 circuit switch connections kind of like old phone calls, paper use, 150 00:07:39.040 --> 00:07:42.160 or packet switched networks where you share bandwidth, often more. 151 00:07:42.040 --> 00:07:45.600 Flexible, get blueprints covered. How do we actually connect these 152 00:07:45.600 --> 00:07:49.600 things physically? Let's talk cables and interfaces. Copper versus fiber. 153 00:07:49.680 --> 00:07:50.680 What's the lowdown, all right? 154 00:07:50.839 --> 00:07:54.759 Copper first, mostly we use UTP unshielded twisted pair. That's 155 00:07:54.759 --> 00:07:58.000 your standard Ethernet cable Cat five E Cat six, cheap, 156 00:07:58.079 --> 00:08:00.560 easy to work with. Uses those RJ forty five connectors 157 00:08:00.600 --> 00:08:03.079 we all know, good for up to maybe ten gigabits 158 00:08:03.079 --> 00:08:07.319 per second over shorter distances. There's also STP shielded twisted 159 00:08:07.360 --> 00:08:11.759 pair better for electrically noisy places and older cokex cable. 160 00:08:11.959 --> 00:08:15.120 Copper's main limits are distance and interference, and. 161 00:08:15.040 --> 00:08:17.759 Then fiber optic the speed demon exactly. 162 00:08:18.120 --> 00:08:22.439 Fiber uses light pulses through glass strands immune to electrical noise, 163 00:08:22.519 --> 00:08:26.360 goes way further, much faster speeds ideal for connecting buildings, 164 00:08:26.439 --> 00:08:29.240 data centers, the network backbone. You have single mode for 165 00:08:29.279 --> 00:08:32.440 super long distances and high rates, and multimode for medium distances. 166 00:08:32.639 --> 00:08:35.919 Different connectors too, Like st or SC the choice really 167 00:08:35.919 --> 00:08:39.039 depends on speed, distance, budget, and the environment. 168 00:08:39.200 --> 00:08:42.720 Makes sense now that old chestnut stretch re versus crossover cables. 169 00:08:42.720 --> 00:08:44.480 I always had to look that up. Can you simplify it? 170 00:08:44.720 --> 00:08:47.600 Hah? Yeah, everyone struggles with that at first. Think of 171 00:08:47.639 --> 00:08:51.559 it like this. Devices are either speakers or listeners on 172 00:08:51.600 --> 00:08:55.080 certain pins. If you connect two similar devices like two 173 00:08:55.120 --> 00:08:57.440 switches or two PC, they're both trying to speak on 174 00:08:57.480 --> 00:09:00.200 the same line and listen on the same line. To 175 00:09:00.200 --> 00:09:03.360 crossover cable to swap the transmit and receive wires so 176 00:09:03.399 --> 00:09:04.639 they can actually communicate. 177 00:09:04.799 --> 00:09:07.399 Ah similar devices crossover right. 178 00:09:07.440 --> 00:09:10.159 If you connect dissimilar devices like a PC to a 179 00:09:10.200 --> 00:09:12.919 switch or a switch to a router, one's speaking where 180 00:09:12.960 --> 00:09:15.799 the others listening already. So you use a straight through cable, 181 00:09:15.919 --> 00:09:16.799 no swap needed. 182 00:09:16.879 --> 00:09:20.399 Okay, that actually clicks dissimilar straight through? Got it? What 183 00:09:20.519 --> 00:09:24.320 about power over Ethernet? POE sounds convenient. 184 00:09:24.360 --> 00:09:27.879 It's incredibly convenient. POE lets you send electrical power over 185 00:09:27.919 --> 00:09:31.519 the same Ethernet data cable. Think Wi Fi access points, 186 00:09:31.519 --> 00:09:35.080 on the ceiling, security cameras, VoIP phones, places where running 187 00:09:35.080 --> 00:09:37.879 a separate power cord would be a real pain. POE 188 00:09:37.960 --> 00:09:39.919 simplifies installation massively. 189 00:09:40.080 --> 00:09:43.840 Yeah, definitely cleaner. So when these physical connections go wrong, 190 00:09:43.840 --> 00:09:45.159 what kind of problems do you see? 191 00:09:45.279 --> 00:09:48.399 Oh, physical layer issues can be frustrating. You might see 192 00:09:48.440 --> 00:09:53.559 things like collisions, interface errors, duplex mismatches, speed mismatches. Collisions 193 00:09:53.559 --> 00:09:56.799 were a bigger deal with older half duplex ethernet where 194 00:09:56.799 --> 00:09:59.759 only one device could talk at a time. Modern switch 195 00:09:59.799 --> 00:10:02.360 netw works are full duplex, so collisions aren't really a 196 00:10:02.360 --> 00:10:02.960 thing anymore. 197 00:10:03.039 --> 00:10:05.720 But due place mismatch, that still sounds like it could 198 00:10:05.720 --> 00:10:06.360 cause trouble. 199 00:10:06.440 --> 00:10:09.039 Oh yeah, big trouble. If one end of a link 200 00:10:09.159 --> 00:10:12.639 is set to full duplex send and receive simultaneously and 201 00:10:12.679 --> 00:10:16.440 the other is half duplex send O, R receive, it's chaos. 202 00:10:16.559 --> 00:10:20.480 They can't communicate properly. You get tons of errors, drop packets, 203 00:10:20.559 --> 00:10:23.759 really slow performance. It's a classic troubleshooting check, even with 204 00:10:23.799 --> 00:10:25.519 auto negotiation trying to sort it out. 205 00:10:25.600 --> 00:10:30.559 Okay, physical air sorted. Moving up, how do devices actually talk? 206 00:10:30.679 --> 00:10:33.960 One's connected protocols. The big one seems to be TCP 207 00:10:34.159 --> 00:10:36.039 versus UDP. What's the core difference? 208 00:10:36.120 --> 00:10:40.799 This is fundamental. TCP transmission control protocol is all about reliability. 209 00:10:41.120 --> 00:10:44.879 It's connection oriented. Think of it like sending a tracked package. 210 00:10:45.159 --> 00:10:48.679 It sets up a connection first that famous three way handshake, 211 00:10:49.039 --> 00:10:52.200 then guarantees your data arrives all of it in the 212 00:10:52.279 --> 00:10:55.679 right order. If packets get lost, it retransmits them. 213 00:10:55.720 --> 00:10:57.919 Okay, so dependable, but maybe slower. 214 00:10:58.080 --> 00:11:01.240 Exactly has more overhead, a bigger head better. It's essential 215 00:11:01.279 --> 00:11:05.799 for web browsing, HGTP, email file transfers, FTP, things where 216 00:11:05.799 --> 00:11:06.840 you need every bit. 217 00:11:06.679 --> 00:11:10.639 Perfect and UNIP user datagram protocol less reliable YEP. 218 00:11:10.840 --> 00:11:14.399 UDP is connectionless. It's like shouting a message across the room. 219 00:11:14.440 --> 00:11:17.240 You just send it, no connection setup, no guarantee it arrives, 220 00:11:17.240 --> 00:11:20.360 no guarantee of order, but it's fast, much smaller, header 221 00:11:20.519 --> 00:11:23.759 less overhead, perfect for real time stuff like online gaming, 222 00:11:23.919 --> 00:11:27.240 video streaming DNS lookup. Speed matters more than catching every 223 00:11:27.279 --> 00:11:28.159 single packet. 224 00:11:27.919 --> 00:11:30.559 So it's a trade off guaranteed delivery with TCP versus 225 00:11:30.600 --> 00:11:33.879 street with UDP. Need it perfect versus need it now. 226 00:11:33.879 --> 00:11:35.720 That's a great way to put it. You choose based 227 00:11:35.720 --> 00:11:39.559 on the applications needs. Another huge piece is addressing IP addresses, 228 00:11:39.840 --> 00:11:44.320 the unique identifiers. How does IPv four addressing and subnetting 229 00:11:44.360 --> 00:11:45.639 help manage networks? 230 00:11:45.879 --> 00:11:48.679 Right? IPv four addresses are those thirty two bit numbers 231 00:11:48.720 --> 00:11:50.679 like one nine to two point one sixty eight point 232 00:11:50.679 --> 00:11:54.399 one point one. Your device is street address. Subnetting is 233 00:11:54.440 --> 00:11:57.120 like dividing a big city into smaller neighborhoods. You take 234 00:11:57.159 --> 00:11:59.440 a large block of addresses and break it into smaller 235 00:11:59.519 --> 00:12:03.360 mandibles sub networks, better organization, more efficient use of addresses, 236 00:12:03.399 --> 00:12:06.879 and it helps with security by segmenting traffic. That CIDR 237 00:12:06.960 --> 00:12:09.360 notation like twenty four or twenty seven just tells you 238 00:12:09.360 --> 00:12:12.559 how many bits define the network part versus the host part. 239 00:12:12.440 --> 00:12:14.600 The twenty seven gives you eight smaller subnets from a 240 00:12:14.600 --> 00:12:15.840 twenty four block for instance. 241 00:12:16.039 --> 00:12:18.639 And the driving force behind IPv six. We just ran 242 00:12:18.679 --> 00:12:21.320 out of IPv four addresses, plain and simple. 243 00:12:21.039 --> 00:12:24.120 Pretty much. Yeah, the Internet grew faster than anyone imagined. 244 00:12:23.879 --> 00:12:26.559 So IPv six comes along with this massive one hundred 245 00:12:26.600 --> 00:12:30.559 and twenty eight bit address space. Uses hexadecimal enough addresses 246 00:12:30.600 --> 00:12:33.600 for well basically everything forever you can shorten them. Use 247 00:12:33.600 --> 00:12:36.639 that double colondt for blocks of zeros. Big difference from 248 00:12:36.639 --> 00:12:40.720 IPv four no broadcast addresses. IPv six uses multicast, which 249 00:12:40.759 --> 00:12:43.799 is way more efficient. You'll see the global unicast addresses 250 00:12:43.879 --> 00:12:46.639 like public ips and link local addresses for just the 251 00:12:46.639 --> 00:12:47.360 local segment. 252 00:12:47.600 --> 00:12:49.879 Mind boggling scale. Okay, quick hits before we move on 253 00:12:50.240 --> 00:12:53.200 core wireless ideas and virtualization. 254 00:12:53.480 --> 00:12:57.000 Wireless basics. SSID is the network name you connect to. 255 00:12:57.240 --> 00:13:00.919 RF radio frequency is the invisible medium, trylevels on and 256 00:13:01.120 --> 00:13:04.679 encryption WPA two or WPA three is absolutely vital to 257 00:13:04.759 --> 00:13:09.120 keep it secure. Vitualization. That's running multiple virtual thing servers 258 00:13:09.159 --> 00:13:12.679 OS's network devices on one piece of physical hardware. Huge 259 00:13:12.679 --> 00:13:16.399 benefits in using resources, better flexibility and cost savings doing 260 00:13:16.399 --> 00:13:17.399 more with less hardware. 261 00:13:17.480 --> 00:13:20.240 Got it? Okay, foundations laid. Now let's talk about actually 262 00:13:20.240 --> 00:13:22.840 connecting and managing these networks. Starting it layer two, how 263 00:13:22.879 --> 00:13:25.240 do VLANs let us chop up in network? Logically? 264 00:13:25.440 --> 00:13:29.559 Vland's virtual lands are super powerful for segmentation. They let 265 00:13:29.639 --> 00:13:34.000 you create multiple separate broadcast domains, multiple virtual networks, all 266 00:13:34.120 --> 00:13:37.000 running on the same physical switch hardware. Think of it 267 00:13:37.080 --> 00:13:40.279 like virtual partitions in an office. Different departments can be 268 00:13:40.320 --> 00:13:44.080 on different vlands, keeping their traffic separate for security and efficiency, 269 00:13:44.320 --> 00:13:46.000 even if they're plugged into the same switch. 270 00:13:46.240 --> 00:13:50.159 So how does traffic for say VLAN ten get from 271 00:13:50.159 --> 00:13:52.600 one switch to another if they're both carrying traffic for 272 00:13:52.679 --> 00:13:53.720 VLAN twenty as well. 273 00:13:53.879 --> 00:13:56.440 AH That's where trunk ports come in. You can figure 274 00:13:56.480 --> 00:13:59.000 the link between the switches as a trunk. When a 275 00:13:59.000 --> 00:14:01.600 frame from VLAND ten goes across that trunk, the switch 276 00:14:01.600 --> 00:14:03.960 adds a tag using the AH two point one Q 277 00:14:04.120 --> 00:14:07.200 standard that says this belongs to your intent. The receiving 278 00:14:07.240 --> 00:14:09.159 switch reads the tag and knows where to send it. 279 00:14:09.320 --> 00:14:13.279 Clever tagging system. Okay, what about protocols like CDP and LLDP. 280 00:14:13.440 --> 00:14:14.559 What problem are they solving? 281 00:14:14.799 --> 00:14:17.799 They're like meet and greet protocols for network devices. They 282 00:14:17.840 --> 00:14:21.080 allowed directly connected devices to automatically learn about each other. 283 00:14:21.639 --> 00:14:26.600 CDP Cisco Discovery Protocol is Cisco's own version. LDP Link 284 00:14:26.679 --> 00:14:29.600 Layer Discovery Protocol is the industry standard, so it works 285 00:14:29.600 --> 00:14:34.120 between different vendors. Gear devices advertise their identity capabilities IP 286 00:14:34.279 --> 00:14:37.480 address really useful for mapping up the network or troubleshooting, 287 00:14:37.559 --> 00:14:38.840 just seeing what's plugged in next. 288 00:14:38.720 --> 00:14:41.679 Door, like a quick nighbor check Yeah, handy and ether 289 00:14:41.799 --> 00:14:44.759 channel or LACP Bundling links yeah. 290 00:14:44.600 --> 00:14:47.679 Ether channel, often using LACP to negotiate. It is like 291 00:14:47.919 --> 00:14:51.159 taking several small lanes and making them one big highway lane. 292 00:14:51.200 --> 00:14:54.360 You bundle multiple physical ethernet links together into a single 293 00:14:54.399 --> 00:14:59.200 logical channel. Two big benefits more bandwidth combined and redundancy. 294 00:14:59.360 --> 00:15:01.919 If one physical link in the bundle fails, traffic keeps 295 00:15:01.919 --> 00:15:02.919 flowing over the others. 296 00:15:03.159 --> 00:15:06.480 Nice boost for speed and reliability. Okay, the big one 297 00:15:06.519 --> 00:15:11.279 for layer two loops spanning tree protocol, specifically rapid PVST 298 00:15:11.360 --> 00:15:14.399 plus astat How does it stop those network killing loops? 299 00:15:14.639 --> 00:15:18.120 Right loops are poisonous. Layer two data just circles endlessly, 300 00:15:18.279 --> 00:15:22.240 crashing the network. Rapid PVST plus prevents this by intelligently 301 00:15:22.279 --> 00:15:25.840 blocking redundant paths. It figures out a loop free tree structure. 302 00:15:26.320 --> 00:15:29.120 Every switch figures out the best path to the root bridge. 303 00:15:29.159 --> 00:15:32.759 The central switch ports get assigned, rolls root port path 304 00:15:32.799 --> 00:15:35.679 towards the route designated port path away from the root 305 00:15:35.759 --> 00:15:38.720 onto a segment and alternate port blocked back up. 306 00:15:38.639 --> 00:15:41.879 Path, so it logically prunes the network to avoid cycles. 307 00:15:42.559 --> 00:15:44.559 What was the deal with port fast? Why is that 308 00:15:44.600 --> 00:15:46.360 important for things like PCs connecting? 309 00:15:46.600 --> 00:15:50.879 Okay, port fast is key for user experience and stability. Normally, 310 00:15:50.879 --> 00:15:53.480 when you plug something into a switch port, spanning tree 311 00:15:53.480 --> 00:15:56.720 takes time like thirty to fifty seconds going through listening 312 00:15:56.759 --> 00:16:00.759 and learning states before it starts forwarding traffic annoying to us. 313 00:16:01.080 --> 00:16:03.679 Port fast tells the switch, Hey, this port connects to 314 00:16:03.759 --> 00:16:06.200 an end device, not another switch. Just put it straight 315 00:16:06.200 --> 00:16:10.399 into forwarding mode. So instant connection for PCs, printers, phones, 316 00:16:10.879 --> 00:16:13.039 The really big win, though, is it stops those ports 317 00:16:13.080 --> 00:16:16.960 from triggering topology change notifications TCNs every time a device 318 00:16:17.000 --> 00:16:20.919 connects or disconnects. TCNs can cause switches network wide to 319 00:16:20.919 --> 00:16:24.919 flush their MC tables, causing temporary instability. Port fast avoids 320 00:16:24.960 --> 00:16:25.720 that sharing. 321 00:16:25.840 --> 00:16:29.039 So faster connections and a more stable network overall makes sense. 322 00:16:29.320 --> 00:16:33.519 Let's shift to wireless. Cisco's Unified Wireless Network CUWN. What 323 00:16:33.559 --> 00:16:34.360 are the main pieces? 324 00:16:34.639 --> 00:16:37.919 CUWN integrates a few key things For enterprise wireless. You 325 00:16:38.000 --> 00:16:41.399 get the client devices obviously, then the access points APS, 326 00:16:41.519 --> 00:16:45.200 the radios connecting users to the wired network. Wireless land 327 00:16:45.200 --> 00:16:49.279 controllers wlcs or central plus management systems like Cisco Prime 328 00:16:49.320 --> 00:16:52.879 Infrastructure and maybe mobility services engines for advanced stuff. 329 00:16:53.200 --> 00:16:55.799 And the wlcs the controllers, what's their main job? 330 00:16:56.279 --> 00:16:59.159 They're the brains of the operation for larger wireless deployments. 331 00:16:59.360 --> 00:17:02.600 Instead of figuring each AP individually, you manage them centrally 332 00:17:02.600 --> 00:17:07.599 from the WLC configuration policies, security software updates, handling client 333 00:17:07.680 --> 00:17:11.839 roaming between AP smoothly. It's all centralized, much more scalable 334 00:17:11.880 --> 00:17:15.559 and manageable than standalone aps. Think Cisco twenty five oh 335 00:17:15.599 --> 00:17:17.799 four five five oh eight eighty five to forty models. 336 00:17:18.119 --> 00:17:20.960 The aps just handle the radio communication. 337 00:17:20.599 --> 00:17:23.680 Central command for Wi Fi. Got it? Now? How do 338 00:17:23.799 --> 00:17:28.200 admins actually manage all this gear? Routers, switches, wlcs. What 339 00:17:28.240 --> 00:17:29.279 are the access methods? 340 00:17:29.440 --> 00:17:31.960 Several ways? You've got the direct console port usually for 341 00:17:32.000 --> 00:17:35.000 initial setup. For remote access, Telnet and SSH are common 342 00:17:35.039 --> 00:17:38.880 command line methods. Many devices also have web interfaces using 343 00:17:39.000 --> 00:17:42.279 HTTP or HTTPS, and for larger setups you use Triple 344 00:17:42.319 --> 00:17:45.799 A protocols RADIUS or TAPCASS plus for centralized authentication. 345 00:17:45.960 --> 00:17:48.680 And the security rule number one for remote management. 346 00:17:48.359 --> 00:17:53.200 Always always use the secure version SSH over tilnet, HTTPS 347 00:17:53.359 --> 00:17:58.640 over HDTP, telnt HDP sent everything including passwords in plaintext. 348 00:17:58.720 --> 00:18:02.200 Anybody listening can grab them. SSH and h GTPs encrypt 349 00:18:02.240 --> 00:18:06.000 the entire session. It's a basic, non negotiable security practice. 350 00:18:06.079 --> 00:18:10.839 Absolutely. And you mentioned triple A, authentication, authorization, accounting. Can 351 00:18:10.880 --> 00:18:13.559 you break those down? Why is that framework so vital? Yeah? 352 00:18:13.559 --> 00:18:16.480 Triple A is fundamental for controlling access. Think of it 353 00:18:16.519 --> 00:18:20.640 in three steps. Authentication Who are you prove it? Usually 354 00:18:20.880 --> 00:18:24.440 use your name, password, maybe MFA authorization. Okay, you are 355 00:18:24.480 --> 00:18:26.559 who you say you are? Now what are you allowed 356 00:18:26.559 --> 00:18:29.680 to do? Which commands? Which resources? Accounting what did you 357 00:18:29.759 --> 00:18:33.200 actually do? Logging commands, tracking resource usage for auditing. 358 00:18:33.400 --> 00:18:35.039 So why should listeners care about. 359 00:18:34.799 --> 00:18:37.079 Triple A Because it's how you ensure only the right 360 00:18:37.119 --> 00:18:39.319 people get access. They only do what they're supposed to do, 361 00:18:39.400 --> 00:18:41.359 and you have a record if something goes wrong. It's 362 00:18:41.480 --> 00:18:45.000 essential for security compliance and just knowing what's happening on your. 363 00:18:44.880 --> 00:18:47.359 Network makes sense. If we were setting up a new 364 00:18:47.359 --> 00:18:50.279 wireless network for clients using a GUI, what would be 365 00:18:50.319 --> 00:18:51.000 the main steps. 366 00:18:51.279 --> 00:18:54.720 Typically you'd start by configuring your authentication server like Radius 367 00:18:54.720 --> 00:18:58.680 if you're using enterprise security. Then on the WLC you 368 00:18:58.759 --> 00:19:02.119 create a dynamic interface basically the virtual connection point for 369 00:19:02.160 --> 00:19:06.240 that wireless network. Finally, you set up the wland profile itself, 370 00:19:06.759 --> 00:19:10.240 give it an SSID the name user C, choose security 371 00:19:10.279 --> 00:19:14.680 settings like WPA two, PSK or enterprise. Maybe adjust radio 372 00:19:14.720 --> 00:19:18.799 policies and make sure broadcast SSID is enable so people 373 00:19:18.839 --> 00:19:19.680 can find it easily. 374 00:19:20.039 --> 00:19:24.519 Okay, let's switch gears to routing and IP services. Static 375 00:19:24.640 --> 00:19:27.400 routing manually configuring paths. Where does that fit in? 376 00:19:27.680 --> 00:19:30.759 Static routes are like hard coded directions in the router's map, 377 00:19:30.880 --> 00:19:33.359 and admin puts them in manually. They don't change unless 378 00:19:33.359 --> 00:19:36.160 the admin changes them, you use them for specific situations. 379 00:19:36.519 --> 00:19:39.200 A default route is the route of last resort where 380 00:19:39.200 --> 00:19:42.000 to send traffic if there's no specific match. A network 381 00:19:42.079 --> 00:19:44.759 route points to a whole subnet, a host route points 382 00:19:44.759 --> 00:19:47.519 to a single device, and floating static routes are cool. 383 00:19:47.559 --> 00:19:50.319 Their backup routes with a higher administrative distance, meaning they 384 00:19:50.359 --> 00:19:54.880 only get used if the primary route maybe learn dynamically disappears. 385 00:19:54.559 --> 00:19:58.599 Precise but manual, so for bigger networks, dynamic routing like 386 00:19:58.640 --> 00:20:02.559 OSPFv two is common. How does OSPF work and how 387 00:20:02.599 --> 00:20:04.359 do routers become neighbors? 388 00:20:04.440 --> 00:20:08.240 Right? OSPF open shortest path first lets routers figure out 389 00:20:08.279 --> 00:20:10.640 the network map themselves. They talk to each other and 390 00:20:10.680 --> 00:20:14.000 calculate the best paths to become neighbors and share info. 391 00:20:14.160 --> 00:20:17.000 Two OSPF routers on the same link need to agree 392 00:20:17.000 --> 00:20:19.839 on some basic settings, like their hello and dead timers, 393 00:20:19.880 --> 00:20:23.319 the area they're in authentication. Maybe if those match, they 394 00:20:23.319 --> 00:20:25.440 form an adjacency like becoming friends. 395 00:20:25.559 --> 00:20:28.839 And what's this DRBDR election thing in OSBR. 396 00:20:28.720 --> 00:20:32.000 On networks where multiple routers connect like Ethernet, having every 397 00:20:32.039 --> 00:20:35.160 router talk to every other router gets messy. So OSPF 398 00:20:35.160 --> 00:20:39.319 alects a designated rauper DR and a backup designated router BDR. 399 00:20:39.680 --> 00:20:42.720 All other routers on that segment only form full friendships 400 00:20:42.799 --> 00:20:46.599 adjacencies with the DR and BDR. The DRBDR then relay information. 401 00:20:46.680 --> 00:20:49.920