Eri valmistajien tietoverkkokytkimien yhteensopivuus Savonia-ammattikorkeakoulun verkossa

Opinnäytetyön tavoitteena oli testata ja arvioida toisen tason Dell Networking N2048P -kytkimen yhteensopivuutta ja toimivuutta Savonia-ammattikorkeakoulun tietoverkossa. Kytkintä arvioitiin tutustumalla kytkimen teknisiin ominaisuuksiin ja yhteensopivuuteen Ciscon Inc:n valmistamien tietoverkkolaitteiden kanssa, joista Savonian-ammattikorkeakoulun tietoverkko koostuu. Työn avulla selvitettiin, tulisiko Savonian-ammattikorkeakoulun käyttää Dell N2048P -tietoverkkokytkimiä tietoverkossaan. Opinnäytetyössä keskityttiin tietoverkkokytkimiin ja niiden ominaisuuksiin. Tietoverkkokytkimet jakautuivat toisen tason ja kolmannen tason kytkimiin. Opinnäytetyössä tutustuttiin muutamiin kytkimien käyttämiin standardeihin, joita ovat VLAN, Trunking, Spanning-Tree, EtherChannel ja DHCP. Kytkimien pinottavuus ja PoE-porttien ominaisuudet olivat tärkeitä teknisiä ominaisuuksia. Dell ja Cisco -tietoverkkokytkimien välillä testattiin kytkimien yhteensopivuutta testaavia kytkentöjä, kuten VLAN, Trunking, Spanning-Tree, EtherChannel ja DHCP -kytkentöjä. Kytkentöjä tuloksia tarkastelemalla arvioitiin kytkimen yhteensopivuutta Savonia-ammattikorkeakoulun tietoverkkoon. Kytkentöjä testattiin kytkemällä Dell N2048P -kytkin Savonia-ammattikorkeakoulun Cisco-laboratoriossa käytettäviin tietoverkkokytkimiin. Opinnäytetyö oli onnistunut ja testatusta kytkimestä saaduilla tuloksilla pystyttiin arvioimaan kytkimen toimivuutta Savonia-ammattikorkeakoulun tietoverkossa. Kytkennät olivat onnistuneita ja Dell N2048P -kytkintä pystyttiin käyttämään yhdessä Ciscon tietoverkkolaitteiden kanssa, mutta pinottavuudessa laitteiden välillä olevien yhteensopivuusongelmien vuoksi Dell N2048P -kytkintä ei voida käyttää tehokkaasti tietoverkossa. Mittaustulosten mukaan Dell N2048P ei ole kannattava investointi Savonia-ammattikorkeakoululle.The aim of the thesis was to test and create an estimate of the compatibility and functionality of Dell Networking N2048P Layer 2 switches in Savonia University of Applied Sciences network. A review was conducted of the tech-nical characteristics and compatibility with Cisco Inc manufactured network devices, which are used in the Savonia University of Applied Sciences network. The thesis was done to estimate if Savonia University of Applied Sciences should use Dell N2048P network switches on their network. The thesis focused on the network switches and their features. The data network switches are divided into layer 2 and Layer 3 switches. Few standards of the switches were inspected in the thesis, such as VLAN, Trunking, Span-ning-Tree, Etherchannel and DHCP. Stacking of the switches and PoE-port capabilities were important technical fea-tures. The compatibility of switches between Dell and Cisco Networking switches was tested using configurations, such as VLAN, Trunking, Spanning-Tree, Etherchannel and DHCP. The review of the compatibility in the Savonia University of Applied Sciences network was created by surveying the configurations between devices. Configurations were carried out by connecting the Dell N2048P switch with the network devices used in the Savonia University of Applied Sciences Cisco laboratory. The thesis was successful and the results of the tested switch were used to create a summary of the switch. Con-nections were successful and the Dell N2048P switch could be used with the Cisco network device, but due to com-patibility issues with stacking between devices, the Dell N2048P switch cannot be used effectively in the network. The result of the summary is that Dell N2048P is not a worthwhile investment for the Savonia University of Applied Sciences

A Model for User Based IP Traffic Accounting

Nowadays, accounting, charging and billing users' network resource consumption are commonly used for the purpose of facilitating reasonable network usage, controlling congestion, allocating cost, gaining revenue, etc. In traditional IP traffic accounting systems, IP addresses are used to identify the corresponding consumers of the network resources. However, there are some situations in which IP addresses cannot be used to identify users uniquely, for example, in multi-user systems. In these cases, network resource consumption can only be ascribed to the owners of these hosts instead of corresponding real users who have consumed the network resources. Therefore, accurate accountability in these systems is practically impossible. This is a flaw of the traditional IP address based IP traffic accounting technique. This dissertation proposes a user based IP traffic accounting model which can facilitate collecting network resource usage information on the basis of users. With user based IP traffic accounting, IP traffic can be distinguished not only by IP addresses but also by users. In this dissertation, three different schemes, which can achieve the user based IP traffic accounting mechanism, are discussed in detail. The inband scheme utilizes the IP header to convey the user information of the corresponding IP packet. The Accounting Agent residing in the measured host intercepts IP packets passing through it. Then it identifies the users of these IP packets and inserts user information into the IP packets. With this mechanism, a meter located in a key position of the network can intercept the IP packets tagged with user information, extract not only statistic information, but also IP addresses and user information from the IP packets to generate accounting records with user information. The out-of-band scheme is a contrast scheme to the in-band scheme. It also uses an Accounting Agent to intercept IP packets and identify the users of IP traffic. However, the user information is transferred through a separated channel, which is different from the corresponding IP packets' transmission. The Multi-IP scheme provides a different solution for identifying users of IP traffic. It assigns each user in a measured host a unique IP address. Through that, an IP address can be used to identify a user uniquely without ambiguity. This way, traditional IP address based accounting techniques can be applied to achieve the goal of user based IP traffic accounting. In this dissertation, a user based IP traffic accounting prototype system developed according to the out-of-band scheme is also introduced. The application of user based IP traffic accounting model in the distributed computing environment is also discussed.Ein Modell für Nutzerbasiertes IP-Verkehr Accountin

Estudio de la movilidad en redes de siguiente generación

El continuo avance de las redes de telecomunicaciones nos proporciona cada vez más facilidades en todos los ámbitos de nuestra vida. En este caso, nos hemos centrado en el estudio de la movilidad en Redes de Siguiente Generación. Una parte del presente proyecto se ha realizado en colaboración con Deutsche Telekom AG, durante una estancia de seis meses trabajando como colaboradora en sus laboratorios con emplazamiento en Berlín. El principal objetivo de este proyecto ha sido realizar un estudio sobre los diferentes estándares y tecnologías que facilitan la movilidad en Redes de Siguiente Generación. Por ello, en la primera parte se han estudiado los diferentes grupos de trabajo centrados en este aspecto, así como se ha recabado información sobre productos y soluciones disponibles en el mercado, para obtener una visión global de la situación actual. Como se puede comprobar más adelante, esta primera parte es la más extensa de todo el documento. Esto se debe a que es, probablemente, la parte más importante del trabajo, ya que contiene el estudio de los mecanismos que más tarde nos servirán para dar una solución teórica a los distintos escenarios que se plantean. En la segunda parte del proyecto, nos hemos centrado en desarrollar varios escenarios de interés en sistemas de Redes de Siguiente Generación y aportar, de forma posterior, posibles soluciones teóricas. Para finalizar, se han expuesto las conclusiones extraídas como resultado del trabajo y los aspectos que se podrán tratar sobre el mismo en un futuro próximo.Ingeniería de Telecomunicació

IPv6: a new security challenge

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks

Secure Network Access via LDAP

Networks need the ability to be access by secure accounts and users. The goal of this project is to configure and expand on LDAP configurations with considerations for AAA via TACACS+ and Radius for network equipment. This will provide adequate security for any given network in terms of access and prevent lose of access to devices which happens all to often with locally configured accounts on devices

Diplomado de profundización CISCO CCNP

El documento constituye la evidencia del desarrollo total de las actividades colaborativas propuestas para la Unidad 4 del Diplomado de Profundización CISCO CCNP 208014A ofrecido como opción de grado en la Universidad Nacional Abierta y a Distancia – UNAD.The document constitutes the evidence of the total development of the collaborative activities proposed for Unit 4 of the CISCO CCNP 208014A In-Depth Diploma course offered as an option of degree at the National Open and Distance University - UNAD

Instalación de Cableado Estructurado en el Palacio de Lila

El proyecto consiste en el diseño del cableado estructurado para el edificio Casa Palacio de los Lilas, situado en la calle Sopranis número 13 en la ciudad de Cádiz. El edificio consta de 5 plantas y 60 trabajadores con necesidades de conectividad. Una vez obtenidos los requisitos por parte del cliente, se procederá con los siguientes pasos: realizar un estudio del tráfico de red con el que averiguaremos la tecnología a emplear para poder realizar el diseño lo más óptimo posible; después, realizaremos un estudio y comparativa para los dispositivos correspondientes a la electrónica de red para poder elegir los más convenientes para dicho proyecto. Una vez tengamos todo lo necesario le daremos al cliente una solución con el diseño, los planos, el pliego y por último el presupuesto de todo el proyect

Propuesta De Diseño De Red De Datos Para La Empresa Bata En El Distrito De Miraflores

El proyecto tiene como objetivo diseñar un “Modelo de Red de Datos” como apoyo a las dependencias administrativas de la Empresa BATA, y la necesidad de aplicar políticas de seguridad y administración a todos los usuarios de la red LAN, lo cual resulta una tarea compleja en la tecnología actual pero se puede resolver aplicando diversas tecnologías y equipos de red ideales para el diseño que se quiere lograr, el presente modelo de red se propone para cumplir con los requerimientos de la Empresa en cuanto a Costo y Fidelidad. En la actualidad la necesidad de las empresas de contar con un diseño de Red confiable, seguro y eficiente para la transmisión de datos es un tema de mucha importancia debido a que las empresas requieren la interconectividad de todos sus dispositivos de red dentro de un determinado lugar y también al exterior a través de Internet, teniendo más facilidades y beneficios para la empresa. La estructura que hemos seguido en este proyecto se compone de 3 capítulos. El Primer Capítulo comprende el Planteamiento del Problema, el Segundo Capítulo el Desarrollo del marco teórico y el tercer capítulo corresponde al desarrollo del Proyecto.Trabajo de suficiencia profesiona

Tietoverkkojen valvonnan yhdenmukaistaminen

As the modern society is increasingly dependant on computer networks especially as the Internet of Things gaining popularity, a need to monitor computer networks along with associated devices increases. Additionally, the amount of cyber attacks is increasing and certain malware such as Mirai target especially network devices. In order to effectively monitor computer networks and devices, effective solutions are required for collecting and storing the information. This thesis designs and implements a novel network monitoring system. The presented system is capable of utilizing state-of-the-art network monitoring protocols and harmonizing the collected information using a common data model. This design allows effective queries and further processing on the collected information. The presented system is evaluated by comparing the system against the requirements imposed on the system, by assessing the amount of harmonized information using several protocols and by assessing the suitability of the chosen data model. Additionally, the protocol overheads of the used network monitoring protocols are evaluated. The presented system was found to fulfil the imposed requirements. Approximately 21% of the information provided by the chosen network monitoring protocols could be harmonized into the chosen data model format. The result is sufficient for effective querying and combining the information, as well as for processing the information further. The result can be improved by extending the data model and improving the information processing. Additionally, the chosen data model was shown to be suitable for the use case presented in this thesis.Yhteiskunnan ollessa jatkuvasti verkottuneempi erityisesti Esineiden Internetin kasvattaessa suosiotaan, tarve seurata sekä verkon että siihen liitettyjen laitteiden tilaa ja mahdollisia poikkeustilanteita kasvaa. Lisäksi tietoverkkohyökkäysten määrä on kasvamassa ja erinäiset haittaohjelmat kuten Mirai, ovat suunnattu erityisesti verkkolaitteita kohtaan. Jotta verkkoa ja sen laitteiden tilaa voidaan seurata, tarvitaan tehokkaita ratkaisuja tiedon keräämiseen sekä säilöntään. Tässä diplomityössä suunnitellaan ja toteutetaan verkonvalvontajärjestelmä, joka mahdollistaa moninaisten verkonvalvontaprotokollien hyödyntämisen tiedonkeräykseen. Lisäksi järjestelmä säilöö kerätyn tiedon käyttäen yhtenäistä tietomallia. Yhtenäisen tietomallin käyttö mahdollistaa tiedon tehokkaan jatkojalostamisen sekä haut tietosisältöihin. Diplomityössä esiteltävän järjestelmän ominaisuuksia arvioidaan tarkastelemalla, minkälaisia osuuksia eri verkonvalvontaprotokollien tarjoamasta informaatiosta voidaan yhdenmukaistaa tietomalliin, onko valittu tietomalli soveltuva verkonvalvontaan sekä varmistetaan esiteltävän järjestelmän täyttävän sille asetetut vaatimukset. Lisäksi työssä arvioidaan käytettävien verkonvalvontaprotokollien siirtämisen kiinteitä kustannuksia kuten otsakkeita. Työssä esitellyn järjestelmän todettiin täyttävän sille asetetut vaatimukset. Eri verkonvalvontaprotokollien tarjoamasta informaatiosta keskimäärin 21% voitiin harmonisoida tietomalliin. Saavutettu osuus on riittävä, jotta eri laitteista saatavaa informaatiota voidaan yhdistellä ja hakea tehokkaasti. Lukemaa voidaan jatkossa parantaa laajentamalla tietomallia sekä kehittämällä kerätyn informaation prosessointia. Lisäksi valittu tietomalli todettiin soveltuvaksi tämän diplomityön käyttötarkoitukseen

Data Communications and Network Technologies

This open access book is written according to the examination outline for Huawei HCIA-Routing Switching V2.5 certification, aiming to help readers master the basics of network communications and use Huawei network devices to set up enterprise LANs and WANs, wired networks, and wireless networks, ensure network security for enterprises, and grasp cutting-edge computer network technologies. The content of this book includes: network communication fundamentals, TCP/IP protocol, Huawei VRP operating system, IP addresses and subnetting, static and dynamic routing, Ethernet networking technology, ACL and AAA, network address translation, DHCP server, WLAN, IPv6, WAN PPP and PPPoE protocol, typical networking architecture and design cases of campus networks, SNMP protocol used by network management, operation and maintenance, network time protocol NTP, SND and NFV, programming, and automation. As the world’s leading provider of ICT (information and communication technology) infrastructure and smart terminals, Huawei’s products range from digital data communication, cyber security, wireless technology, data storage, cloud-computing, and smart computing to artificial intelligence