STP

When the design requires some LAN switches, network engineer generally include a redundant LAN segment between these switches.

The goal is simple, the switches are likely to fail in operation, or there is the possibility of the cable was disconnected or unplug redundant so that the existence of this segment, the network service can still be running even though there are obstacles above.

LAN with redundant link that allows the frame looping endlessly in the network.

These looping frames that cause performance problems on the network.

STP is a protocol contained in the OSI layer 2 functions to ensure the absence of loops in the network topology LAN. STP allows a network to include links that are free (extra) to provide automatic backup if the primary link being active failed, without danger of the loop on the bridge, enable or disable this backup link manually. Bridge loops must be avoided. because it could create a network flooding occurs.
Excess Spanning Tree Protocol (STP)
1. Avoiding Traffic with mesegmentasi high bandwidth access through the switch
2. Provides Backup / stand-by path to avoid loops and switches the failed / failing
3. Prevent looping

Common problems can be alleviated by the Spanning Tree Protocol is a broadcast storm. Broadcast storm caused a lot of broadcast (or multicast or unicast-destination unknown) in the loop on the network continuously. This will create a link that is not useful (because of the dual link between the bridge / switch) and will significantly affect the performance of end-user's computer because of too many existing broadcast process.

Broadly speaking, Spanning Tree Protocol work this way:
Determine the root bridge.

Root bridge of the spanning tree bridge ID is a bridge with the smallest (lowest). Each bridge has a unique identifier (ID) and a priority number which can be configured. To compare two bridge ID, priority number than the first time. If the priority number between the two bridges are the same, then that will be compared next is the MAC addresses. For example, if switches A (MAC = 0000.0000.1111) and B (MAC = 0000.0000.2222) have the same priority number, say 10, then switch A which will be selected to be the root bridge. If the network admin to switch B is to become root bridge, then the priority number switch B must be smaller than 10.

Determine the least cost paths to the root bridge.

Spanning tree that has been calculated to have the property that is the message from all devices connected to root bridge with traverse with the lowest cost path, the path of the tool to the root has the lowest cost of all paths of the tool to root.Cost of traversing a path is number of cost-cost of the existing segments in the path. Different technologies possessed a different default cost for the network segments. Administrators can modify the cost to visitor network segment that feels important.

READ MORE - STP

READ MORE - STP

MikroTik Router

MikroTik RouterOS ™ is a linux operating system that can be used to
making the computer into a reliable network routers, includes various features
made for ip networks and wireless networks, suitable for use by ISPs and
hostspot provider.
There was also fitur2 follows:
* Firewall and NAT - stateful packet filtering; Peer-to-Peer protocol filtering; source and
destination NAT; classification by source MAC, IP addresses (networks or a list of
networks) and address types, port range, IP protocols, protocol options (ICMP type,
TCP flags and MSS), interfaces, internal packet and connection marks, ToS (DSCP)
byte, content, matching sequence / frequency, packet size, time and more ...
* Routing - Static routing; Equal cost multi-path routing; Policy based routing
(Classification done in firewall); RIP v1 / v2, OSPF v2, BGP v4
* Data Rate Management - Hierarchical HTB QoS system with bursts; per IP / protocol
/ Subnet / ports / firewall mark; PCQ, RED, SFQ, FIFO queue; CIR, MIR, contention
ratios, dynamic client rate equalizing (PCQ), bursts, Peer-to-Peer protocol Limitation
* HotSpot - HotSpot Gateway with RADIUS authentication and accounting; true plug-
and-Play access for network users; data rate of Limitation; differentiated firewall; traffic
quotas; real-time status information; walled-garden; customized HTML login pages;
iPass support; SSL secure authentication; advertisement support
* Point-to-Point tunneling protocols - PPTP, PPPoE and L2TP Access concentrators
and clients; PAP, CHAP, and MSCHAPv2 authentication protocols MSCHAPv1;
RADIUS authentication and accounting; MPPE encryption; compression for PPPoE;
Limitation of data rate; differentiated firewall; PPPoE dial on demand
* Simple tunnels - ipip tunnels, EoIP (Ethernet over IP)
* IPsec - IP security AH and ESP protocols; MODP Diffie-Hellman groups 1,2,5; MD5
and SHA1 hashing algorithms: DES, 3DES, AES-128, AES-192, AES-256 encryption
algorithms; Perfect Forwarding Secrecy (PFS) MODP groups 1,2,5
* Proxy - FTP and HTTP caching proxy server; HTTPS proxy; transparent DNS and
HTTP proxying; SOCKS protocol support; DNS static entries; support for caching on
a separate drive; access control lists; caching lists; parent proxy support
* DHCP - DHCP server per interface; DHCP relay; DHCP client; multiple DHCP
networks; static and dynamic DHCP leases; RADIUS support
* VRRP - VRRP protocol for high availability
* UPnP - Universal Plug-and-Play support
* NTP - Network Time Protocol server and client; synchronization with GPS system
* Monitoring / Accounting - IP traffic accounting, firewall actions logging, statistics
graphs accessible via HTTP
* SNMP - read-only access
* M3P - MikroTik Packet Packer Protocol for Wireless links and Ethernet
* MNDP - MikroTik Neighbor Discovery Protocol; also supports Cisco Discovery
Protocol (CDP)
* Tools - ping; traceroute; bandwidth test; ping flood; telnet; SSH; packet sniffer;
Dynamic DNS update tool
Layer 2 connectivity
* Wireless - IEEE802.11a/b/g wireless client and access point (AP) modes; Nstreme
and Nstreme2 proprietary protocols; Wireless Distribution System (WDS) support;
Virtual AP; 40 and 104 bit WEP: WPA pre-shared key authentication; access control
list; authentication with RADIUS server; roaming (for wireless client); AP bridging
* Bridge - spanning tree protocol; multiple bridge interfaces; bridge firewalling, MAC
* VLAN - Virtual LAN IEEE802.1q support on Ethernet and wireless links; multiple
VLANs: VLAN bridging
* Synchronous - V.35, V.24, E1/T1, X.21, DS3 (T3) media types; sync-PPP, Cisco
HDLC, Frame Relay line protocols; ANSI-617d (ANDI or annex D) and Q933a
(CCITT or annex A) Frame Relay LMI types
* Asynchronous - s * r * al PPP dial-in / dial-out; PAP, CHAP, MSCHAPv1 and
MSCHAPv2 authentication protocols; RADIUS authentication and accounting;
onboard s * r * al ports; modem pool with up to 128 ports; dial on demand
* ISDN - ISDN dial-in / dial-out; PAP, CHAP, and MSCHAPv2 MSCHAPv1
authentication protocols; RADIUS authentication and accounting; 128K bundle
support; Cisco HDLC, x75i, x75ui, x75bui line protocols; dial on demand
* SDSL - Single-line DSL support; line termination and network termination modes
Standard installation can be performed on a PC computer. PC that will be used as a router
mikrotikpun not require substantial resources for the use of standards,
for example, just as the gateway.
Following its minimum spec:
 CPU and motherboard - P1 pake ampe P4, AMD, Cyrix origin is not a multiprocessor
 RAM - minimum 32 MiB, maximum 1 GiB; 64 MiB or more highly recommended, if
would all be a proxy, it is recommended 1GB ... comparison, in memory 15MB
there is 1GB in proxy ..
 a minimum of 128MB HDD or Compact Flash ATA parallel, not recommended
using the UFD, SCSI, what else: D S-ATA
 NIC 10/100 or 100/1000
For the purposes of a large load (network of complex, complex routing, etc.)
advised to consider the selection of an adequate resource PC.
More complete can be found at www.mikrotik.com.
However Mikrotik is not free software, means we have to buy licenses
against any facility provided. Free trial is only for 24 hours.
We can buy software on CD mikrotik installed on a hard disk or
disk on module (DOM). If we buy the DOM does not need to install but stay
DOM plug on our PC IDE slot.
The following steps are the basics configured to setup mikrotik
network
simple as a gateway server.
1. The first step is to install RouterOS on a PC or connect the DOM.
2. Log In Mikrotik Routers via console:
MikroTik v2.9.7
Login: admin
Password: (blank)
Until this step we can get in on the machine Mikrotik. The default user is
admin
and without a password, just type admin and press the enter key.
3. To change the default password security
[Admin @ MikroTik]> password
old password: *****
new password: *****
Retype new password: *****
[Admin @ MikroTik]]>
4. Changing the name of the Mikrotik Router, in this step the server name will be changed into
"XAVIERO" (this name does bebas2 wrote mo replaced)
[Admin @ MikroTik]> system identity set name = XAVIERO
[Admin @ XAVIERO]>
5. See the interfaces on Mikrotik Router
[Admin @ XAVIERO]> interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500
[Admin @ XAVIERO]>
6. Provide the IP address on the interface Mikrotik. Suppose ether1 we will use
for connection to the Internet with IP 192.168.0.1 and ether2 we will use to
our local network with IP 172.16.0.1
[Admin @ XAVIERO]> ip address add address = 192.168.0.1
netmask = 255.255.255.0 interface = ether1
[Admin @ XAVIERO]> ip address add address = 172.16.0.1
netmask = 255.255.255.0 interface = ether2
7. Looking at the IP address configuration we have given
[Admin @ XAVIERO]> ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.1/24 192.168.0.0 192.168.0.63 ether1
1 172.16.0.1/24 172.16.0.0 172.16.0.255 ether2
[Admin @ XAVIERO]>
8. Provides default gateway, the gateway to the Internet connection is assumed is
192.168.0.254
[Admin @ XAVIERO]> / ip route add gateway = 192.168.0.254
9. Viewing the routing table on the Mikrotik Routers
[Admin @ XAVIERO]> ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE PREFSRC
0 ADC 172.16.0.0/24 172.16.0.1 ether2
1 ADC 192.168.0.0/26 192.168.0.1 ether1
2 A S 0.0.0.0 / 0 r 192.168.0.254 ether1
[Admin @ XAVIERO]>
10. Ping test to the Gateway to ensure the configuration is correct
[Admin @ XAVIERO]> ping 192.168.0.254
192.168.0.254 64 byte ping: ttl = 64 time <1 ms 192.168.0.254 64 byte ping: ttl = 64 time <1 ms 2 packets transmitted, 2 packets received, 0% packet loss round-trip min / avg / max = 0/0.0/0 ms [admin @ XAVIERO]>
11. DNS setup on Mikrotik Routers
[Admin @ XAVIERO]> ip dns set primary-dns = 192.168.0.10 = allowremoterequests
no
[Admin @ XAVIERO]> ip dns set secondary-dns = 192.168.0.11 = allowremoterequests
no
12. Viewing the configuration control
[Admin @ XAVIERO]> ip dns print
primary-dns: 192.168.0.10
secondary-dns: 192.168.0.11
allow-remote-requests: no
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 16KiB
[Admin @ XAVIERO]>
13. Tests for the access domain, for example with ping domain name
[Admin @ XAVIERO]> ping yahoo.com
216 109 112 135 64 byte ping: ttl = 48 time = 250 ms
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min / avg / max = 571/571.0/571 ms
[Admin @ XAVIERO]>
If you've managed to reply means DNS settings are correct.
14. Masquerading setup, if Mikrotik will we use as a gateway server
then to the client computer on the network can connect to the internet we need to
masquerading.
[Admin @ XAVIERO]> ip firewall nat add action = masquerade outinterface =
ether1 chain: srcnat
[Admin @ XAVIERO]>
15. Look at the configuration Masquerading
[Admin @ XAVIERO] ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain = srcnat out-interface = ether1 action = masquerade
[Admin @ XAVIERO]>
After this step can be done to check the connection of local networks. And
if successful means we've managed to install Mikrotik Router as
Gateway server. After connecting to the network can be managed Mikrotik
using Winbox
which can be downloaded from the server mikrotik Mikrotik.com or from us.
Eg Ip address server
mikrotik we 192.168.0.1, via a browser to open http://192.168.0.1 and download the Winbox from
there.
If we want the client to get an IP address automatically then we need
setup dhcp server on mikrotik. Here are the steps:
1.Buat IP address pool
/ Ip pool add name = dhcp-pool ranges = 172.16.0.10-172.16.0.20
2. Add a DHCP Network and gateway that will be distributed to the client in
This example is 172.16.0.0/24 and network gateway 172.16.0.1
/ Ip dhcp-server network add address = 172.16.0.0/24 gateway = 172.16.0.1
3. Add the DHCP server (in this example is applied to the interface dhcp ether2)
/ Ip dhcp-server add interface = ether2 address-pool = dhcp-pool
4. See the status of DHCP server
[Admin @ XAVIERO]> ip dhcp-server print
Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 X dhcp1 ether2
X stated that the DHCP server is not enabled so necessary enable
advance in step 5.
5. Do not Forget made enable dhcp server first
/ Ip dhcp-server enable 0
then check back to dhcp-server such as step 4, if an X is not there
is already active.
6. From the test client
c: \> ping www.google.com
for bandwidth controller, the system can or can simple queue with
mangle
[Admin @ XAVIERO] queue simple> add name = Komputer01
interfaces = ether2 target-address = 172.16.0.1/24 max-limit = 65536/131072
[Admin @ XAVIERO] queue simple> add name = Komputer02
interfaces = ether2 target-address = 172.16.0.2/24 max-limit = 65536/131072
and so on .

READ MORE - MikroTik Router

READ MORE - MikroTik Router

Open System Interconnection

Hierarchical models enable you to design internetworks in layers. To understand the importance of layering, consider the Open System Interconnection (OSI) reference model, which is a layered model for implementing computer communications. Using layers, the OSI model simplifies the tasks required for two computers to communicate. Hierarchical models for internetwork design also use layers to simplify the tasks required for internetworking. Each layer can be focused on specific functions, allowing you to choose the right systems and features for each layer. Hierarchical models apply to both LAN and WAN design.
Benefits of Hierarchical Models

The many benefits of using hierarchical models for your network design include the following:
Cost savings
Ease of understanding
Easy network growth
Improved fault isolation

After adopting hierarchical design models, many organizations report cost savings because they are no longer trying to do it all in one routing/switching platform. The modular nature of the model enables appropriate use of bandwidth within each layer of the hierarchy, reducing wasted capacity.

Keeping each design element simple and small facilitates ease of understanding, which helps control training and staff costs. Management responsibility and network management systems can be distributed to the different layers of modular network architectures, which also helps control management costs.

Hierarchical design facilitates changes. In a network design, modularity allows creating design elements that can be replicated as the network grows, facilitating easy network growth. As each element in the network design requires change, the cost and complexity of making the upgrade is contained to a small subset of the overall network. In large, flat, or meshed network architectures, changes tend to impact a large number of systems.

Improved fault isolation is facilitated by structuring the network into small, easy-to-understand elements. Network managers can easily understand the transition points in the network, which helps identify failure points.

Today's fast-converging protocols were designed for hierarchical topologies. To control the impact of routing overhead processing and bandwidth consumption, modular hierarchical topologies must be used with protocols designed with these controls in mind, such as EIGRP.

Route summarization is facilitated by hierarchical network design. Route summarization reduces the routing protocol overhead on links in the network and reduces routing protocol processing within the routers.

READ MORE - Open System Interconnection

READ MORE - Open System Interconnection

access point

As an access point, Level One WAP-6010 has a feature that is fairly simple. However, its performance is quite reliable for a small network, home, or even your office.

Forms of Level One WAP-6010 includes a compact and lightweight. All parts of the body Level One WAP-6010 is encased by a black plastic material so it will not attract too much attention.

Level One WAP-6010 has been using 802.11n wireless standard capable of providing a maximum speed of 300 Mbps hinggal. However, if the device is connected with the WAP-6010 is having problems of compatibility, WAP-6010 can also be used to customize standard 802.11b or 802.11g speed is lower.

In the face of the WAP-6010, there are buttons or indicator lights are not too many. Only there are three lights that indicate the activity of a LAN and WAN, and one button to activate the WPS feature. At the back, there is only one RJ45 port which doubles as a LAN port as well as WAN. Two existing antennas on the back is removable plug so that users can be more flexible when it wants to replace it with a more robust transmission power.

Setting the initial Level One WAP-6010 is quite easy. Even in his web interface, there is an option the Setup Wizard to configure easily with existing guidelines. But for users who are more proficient, you can make the necessary arrangements through the various features that exist beneath the menu.

Various features that exist on Level One WAP-6010 somewhat mediocre. There are a variety of standard features that are generally present in the wireless access point. Level One WAP-6010 can operate in various modes such as mode of AP, AP Client, Bridge, WDS (Wireless Distribution System), or even as a repeater. These functions also include safety standards, such as protection with WEP encryption, WPA, WPA2, WPA-PSK, and WPA2-PSK. In addition, Level One WAP-6010 can also perform filtering (filtering) of the MAC address that is banned or allowed to join the network. WPS function can also be activated if you use WPA or WPA2 encryption methods.

Performance Level One WAP-6010 including pretty good. Our test results with NetIQ Chariot test applications (connected to the wireless client adapter class N), showed a fairly good throughput. Average throughput of 67.10 Mbps produced with the highest achievement of 80.00 Mbps. WAP-6010 and the response is in receiving and forwarding data is also quite good. Value of the average response of 1.19 seconds, although some time had touched the figure 3.32 seconds.

READ MORE - access point

READ MORE - access point

Metropolitan Area Network (MAN)

A Metropolitan Area Network (MAN) is one of a number of types of networks (see also LAN and WAN). A MAN is a relatively new class of network, it serves a role similar to an ISP, but for corporate users with large LANs. There are three important features which discriminate MANs from LANs or WANs:
The network size falls intermediate between LANs and WANs. A MAN typically covers an area of between 5 and 50 km diameter. Many MANs cover an area the size of a city, although in some cases MANs may be as small as a group of buildings or as large as the North of Scotland.
A MAN (like a WAN) is not generally owned by a single organisation. The MAN, its communications links and equipment are generally owned by either a consortium of users or by a single network provider who sells the service to the users. This level of service provided to each user must therefore be negotiated with the MAN operator, and some performance guarantees are normally specified.
A MAN often acts as a high speed network to allow sharing of regional resources (similar to a large LAN). It is also frequently used to provide a shared connection to other networks using a link to a WAN.

Metropolitan Area Network - a network spanning a physical area larger than a LAN but smaller than a WAN, such as a city. A MAN is typically owned an operated by a single entity such as a government body or large corporation.

READ MORE - Metropolitan Area Network (MAN)

READ MORE - Metropolitan Area Network (MAN)

wide area network (WAN)

The electronic device modem is used computers establish communication over long distance through telephone line. A modem converts the digital signals into analog signals and vice versa. The modem enables the computer to send and to receive information over long distance through telephone line or microwave system.

A wide area network (WAN) is a geographically dispersed telecommunications network. The term distinguishes a broader telecommunication structure from a local area network (LAN). A wide area network may be privately owned or rented, but the term usually connotes the inclusion of public (shared user) networks. An intermediate form of network in terms of geography is a metropolitan area network (MAN).

Wide area network (WAN) technologies connect a smaller number of devices that can be many kilometers apart. For example, if two libraries at the opposite ends of a city wanted to share their book catalog information, they would most likely make use of a wide area network technology, which could be a dedicated line leased from the local telephone company, intended solely to carry their data.

READ MORE - wide area network (WAN)

READ MORE - wide area network (WAN)

Internet

The Internet is a network of computers that could be categorized as a WAN, connecting millions of computers around the world, without borders, where every person who has a computer can join the network by simply connecting to the internet service provider (internet service provider / ISP) such as Telkom Speedy , or Indosatnet. The Internet can be translated as an international networking (international network), for connecting computers internationally, or as internetworking (networking between networks) for network connecting millions around the world.

The Internet started when the U.S. Department of Defense (Department of Defense, USA) built a computer network in 1969, which was named ARPANET (Advanced Research Project Agency Network) in order to connect multiple computers within its universities doing military research, especially to build a network computer communication that is able to withstand nuclear attack. These networks continue to grow, more and more computers are involved, and the research side of software development is also growing. In May 1974, Vinton G. Cerf of Stanford University and Robert E. Kahn of the Department of Defense, USA, published a paper in IEEE Transaction on Communication entitled "A Protocol for Packet Network Intercommunication", the concept was later popular as a TCP / IP , when the ARPANET had adopted the protocol into standard protocols for ARPANET in 1983. The university, especially the University of California at Berkeley and then build the operating system of the Berkeley Software Distribution Unix) or BSD UNIX (known as Free BSD Unix) and the department of defense finance Bolt Baranek and Newman (BBN) for the implementation of the protocol to TCP / IP in BSD Unix to be implemented on the ARPANET, the forerunner of the Internet thus formed.

At the end of 1983, the ARPANET network divided into DARPANET (Defence ARPANET) and MILNET (Military Network). In 1985 the network was formed NFSNET (National Science Foundation Network) to connect the existing supercomputer in various universities in America and is connected to the ARPANET. NSFNET network developed by researchers continue to college. In 1988 the Internet backbone network is only a capacity of 56 Kbps. Although in 1990 the ARPANET officially closed, but the Internet network that has formed forwarded by the university in the United States and enter the university network in the Americas (Canada and South America) and networks in Europe to be part of the Internet. In 1992 the network backbone upgraded to T3 with a speed of 45 Mbps, and around 1995, increased again to OC-3 at a speed of 155 Mbps. Now the high-speed Internet backbone in order Gbps.

Internet topology is basically a mesh-topology, linking many types of networks via packet-switching systems, even if it can be said that the center of its are some of the NAP (Network Access Point) in San Francisco (Pacific Bell), Chicago (Ameritech) , New Jersey (Sprint), and Merit Access Exchange (MAE) in San Francisco (MAE West) and Washington, DC (MAE East) is handled by MFS Datanet.

Although no organization has the internet, but there are many organizations that maintain these networks through the establishment of standardization of protocols, rules, and access methods. Internet Engineering Task Force (IETF) to handle the technical problems that arise on the Internet, such as problems in the protocol, the architecture and operation of the Internet. Internet Research Task Force (IRTF) to handle the technical research, such as the addressing system and other engineering. Internet Assigned Numbers Authority (IANA) controls the distribution of IP address (IP #) to various countries and organizations. Internet Society (ISOC) to handle administrative and organizational structure of the Internet.

Commercial entity then provides access services to provide connections from the user's computer to the Internet, and the agency is called Internet access provider or ISP. Some well-known ISP in the world is America On Line (AOL), Australia OnLine, CompuServe, Genie, and Prodigy. In Indonesia there are TelkomNet, Indosatnet, Wasantara Net, InterNux, and so on. ISPs provide dial-up connection via a modem-telephone, wireless connection through WLAN antenna, or ADSL connection via the telephone. Connection protocol used is SLIP (Serial Line Interface Protocol) or PPP (Point-to-Point Protocol), where the SLIP connection is usually slower than the PPP.

READ MORE - Internet

READ MORE - Internet