HPE6-A72 Identify, describe, and apply foundational networking architectures and technologies

Identify, describe, and apply foundational networking architectures and technologies Detailed Explanation

I. Networking Models and Architectures

1. OSI Model (Open Systems Interconnection Model)

The OSI model is a framework that helps people understand how different parts of a computer network work together. It divides the networking process into 7 layers, and each layer has its own job.

Think of it like mailing a letter:

• You write the letter (Layer 7),

• Put it in an envelope (Layer 6),

• Choose a language or code for it (Layer 5),

• Send it through different services (Layers 4–1).

Let’s go through each layer:

Layer 1 – Physical Layer

• This is the hardware part of networking.

• It includes:

  • Cables (Ethernet cables, fiber optics),

  • Connectors (RJ-45),

  • Electrical signals (voltage or light signals).

• Devices: Network Interface Cards (NICs), cables, hubs.

Example: If a cable is unplugged, the issue is at Layer 1.

Layer 2 – Data Link Layer

• Handles local communication (within the same LAN or switch).

• Uses MAC addresses (a physical address burned into a network card).

• Responsible for:

  • Switching,

  • VLANs (Virtual LANs),

  • Detecting and handling errors in data.

Example: When a switch decides where to send a message based on a MAC address.

Layer 3 – Network Layer

• Manages IP addresses and routing between different networks.

• Devices like routers work here.

• Responsible for finding the best path to send data from one network to another.

Example: When you visit a website in another country, routers at Layer 3 decide how to reach it.

Layer 4 – Transport Layer

• Controls how data is sent and received.

• Two key protocols:

  • TCP (Transmission Control Protocol): Reliable, checks if data was delivered.

  • UDP (User Datagram Protocol): Faster but doesn’t check for delivery.

• Adds port numbers to help deliver data to the right program (like a web browser).

Layer 5 – Session Layer

• Manages sessions (communication between devices).

• Starts, manages, and ends the connection.

Example: Logging into a website and staying logged in.

Layer 6 – Presentation Layer

• Prepares data to be understood by the application layer.

• Handles:

  • Data formatting (e.g., converting images, encrypting data),

  • Encryption/decryption (like HTTPS).

Layer 7 – Application Layer

• What users see and interact with.

• Examples: web browsers, email apps, file transfer programs.

Important Note for Aruba Networking:

Aruba switches mostly deal with:

• Layer 2 (MAC, VLAN),

• Layer 3 (IP, routing),

• Some aspects of Layer 4 (for traffic filtering and QoS).

2. TCP/IP Model

The TCP/IP model is like a simplified, practical version of the OSI model. It has 4 layers, and it’s the model that the real Internet uses.

OSI Layer	TCP/IP Layer	Role
5–7	Application	User programs (HTTP, DNS)
4	Transport	TCP/UDP
3	Internet	IP addresses, routing
1–2	Network Interface	Hardware, MAC, switching

Key idea: Most network engineers use TCP/IP in practice but use OSI as a reference model to understand problems.

3. Network Types

LAN (Local Area Network)

• A small network, like your home or office.

• Connects computers and printers.

WLAN (Wireless LAN)

• Like LAN, but uses Wi-Fi instead of cables.

WAN (Wide Area Network)

• Covers large areas (cities or countries).

• The Internet is the biggest WAN.

CAN (Campus Area Network)

• Connects buildings in a university or large company.

MAN (Metropolitan Area Network)

• Bigger than a LAN but smaller than a WAN.

• Covers a whole city.

4. Enterprise Network Design (Three-Tier Architecture)

This is a design used in large organizations to manage networks better.

a. Core Layer

• The high-speed backbone of the network.

• Connects distribution layers together.

• Very fast but doesn’t apply much filtering or policy.

b. Distribution Layer

• Connects the access layer to the core.

• Applies routing, filtering, access policies, etc.

c. Access Layer

• Where users and devices (laptops, printers) connect.

• Uses switches to link end-user devices to the network.

Aruba switches often live in the access and distribution layers, and in some designs, in the core layer (CX 8400 series).

II. Addressing and Subnetting

Understanding how devices identify and communicate with each other in a network is essential. This section focuses on IP addresses, subnetting, and a basic introduction to IPv6.

1. IPv4 Addressing

What is an IP Address?

An IP address (Internet Protocol address) is a unique identifier given to each device on a network. It helps computers send and receive data over a network.

IPv4 addresses are written in dotted decimal format like:

192.168.1.1

This address consists of four numbers (called octets), each between 0 and 255. Each number represents 8 bits, and the total IP address is 32 bits long.

IP Address Classes (A to E)

Historically, IP addresses were divided into five "classes":

Class	Start Address	End Address	Default Subnet Mask	Usage
A	1.0.0.0	126.255.255.255	255.0.0.0 (/8)	Very large networks
B	128.0.0.0	191.255.255.255	255.255.0.0 (/16)	Medium networks
C	192.0.0.0	223.255.255.255	255.255.255.0 (/24)	Small networks
D	224.0.0.0	239.255.255.255	—	Multicast (not normal IPs)
E	240.0.0.0	255.255.255.255	—	Experimental

Most enterprise networks today use Class A, B, or C addresses within private ranges.

Private IP Address Ranges

These are IP ranges you can use within your own network. They are not routable on the public Internet.

Class	Private IP Range
A	10.0.0.0 – 10.255.255.255
B	172.16.0.0 – 172.31.255.255
C	192.168.0.0 – 192.168.255.255

Example: Your home Wi-Fi router likely gives you an IP like 192.168.1.5.

2. Subnetting

Subnetting is the process of dividing a large network into smaller logical networks (subnets). This improves organization, performance, and security.

a. Subnet Masks

A subnet mask defines which part of the IP address is the network and which part is the host.

Example:

• IP: 192.168.1.1

• Subnet Mask: 255.255.255.0

This means:

• First 3 octets = Network (192.168.1)

• Last octet = Host (1)

b. CIDR Notation

CIDR (Classless Inter-Domain Routing) is a shorthand version of subnetting.

Example:
192.168.1.0/24
The "/24" means 24 bits are for the network part, same as a mask of 255.255.255.0.

Common CIDR values:

CIDR	Subnet Mask	Number of Hosts
/8	255.0.0.0	16,777,214
/16	255.255.0.0	65,534
/24	255.255.255.0	254
/30	255.255.255.252	2

The number of usable hosts is always 2 less than the total, because the first address is for the network ID, and the last is the broadcast address.

c. Wildcard Masks (for ACLs)

Used in access control lists to match IP ranges.

Wildcard masks are the opposite of subnet masks.

Example:

• Subnet Mask: 255.255.255.0

• Wildcard Mask: 0.0.0.255

This tells the system to match any IP from x.x.x.0 to x.x.x.255.

3. IPv6 (Basic Awareness)

IPv6 is the newer version of IP addressing. It was created because IPv4 addresses are running out.

Key Features

• IPv6 addresses are 128 bits long (IPv4 is 32 bits).

• Written in hexadecimal:

  • Example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

• Shortened form: 2001:db8:85a3::8a2e:370:7334

Address Types

• Link-local: Starts with fe80::. Used for communication within the same local network.

• Global unicast: Routable over the Internet.

• Multicast: Starts with ff00::. Used to send to a group of devices.

III. Switching and Layer 2 Concepts

This section is all about how devices communicate within the same local network. These technologies mostly work at OSI Layer 2, and they are key to understanding how Aruba switches operate.

1. MAC Addressing

What is a MAC Address?

• A MAC (Media Access Control) address is a unique hardware identifier for a network interface card (NIC).

• It's assigned by the manufacturer and “burned into” the network card.

• Format: 6 pairs of hexadecimal numbers, like 00:1A:2B:3C:4D:5E.

Why is MAC important?

• Switches use MAC addresses to decide where to forward traffic.

• Every time a switch receives a frame, it learns the MAC address and the port it came from and builds a MAC address table (or CAM table).

MAC Table Example:

MAC Address	Port
00:11:22:33:44:55	1/1
AA:BB:CC:DD:EE:FF	1/2

This table helps the switch send data only to the correct device, not to everyone.

2. VLANs (Virtual Local Area Networks)

What is a VLAN?

• A VLAN logically divides a single physical network into multiple smaller networks.

• Even if devices are connected to the same switch, VLANs keep them separate — like having walls in an open office.

Benefits of VLANs:

• Better security: Sensitive devices don’t share a broadcast domain.

• Easier management: Group devices by department or function.

• Improves performance: Reduces unnecessary traffic.

VLAN Configuration Terms:

Term	Description
Tagged Port	Carries traffic from multiple VLANs (used in trunks between switches).
Untagged Port	Belongs to one VLAN. Usually connects to end devices like PCs.
Native VLAN	The default VLAN for untagged traffic on a trunk port.

Example:

If a port is untagged VLAN 10, it means:

• All traffic on that port is part of VLAN 10.
  If a port is tagged VLAN 10, 20, it means:

• The port can carry traffic for both VLANs (used between switches).

Inter-VLAN Routing

• Devices in different VLANs cannot talk to each other unless you configure routing (Layer 3).

• On Aruba switches, you do this with SVIs (Switch Virtual Interfaces).

3. Spanning Tree Protocol (STP)

What is STP?

• Spanning Tree Protocol prevents loops in a Layer 2 network.

• Loops are dangerous: if switches loop traffic endlessly, it can crash your network.

How STP Works:

• Elects a Root Bridge.

• Switches decide which ports are:

  • Root Ports (best path to Root Bridge),

  • Designated Ports (forwarding),

  • Blocking Ports (disabled to prevent loops).

RSTP (Rapid STP)

• ArubaOS-CX uses RSTP by default.

• It converges faster than classic STP — usually in a few seconds instead of 30+ seconds.

Useful STP Commands:

• show spanning-tree

• spanning-tree priority 4096 → set a switch to be the Root Bridge

4. Link Aggregation (LAG)

What is Link Aggregation?

• Combines two or more physical links into one logical link.

• Also called Port Trunking, EtherChannel, or LAG (Link Aggregation Group).

Benefits:

• Increased bandwidth: Multiple links used together.

• Redundancy: If one link fails, others stay active.

What is LACP?

• LACP (Link Aggregation Control Protocol) is an open standard (IEEE 802.3ad).

• It lets switches automatically detect and manage LAGs.

LAG Example:

Let’s say you connect two switches using two cables:

• Without LAG → it causes a loop (bad).

• With LAG → the switch treats both cables as one safe, fast link.

LAG Setup Basics (ArubaOS-CX):

interface 1/1/1
  lag 1
  mode active

interface 1/1/2
  lag 1
  mode active

This config creates a LAG using ports 1/1/1 and 1/1/2.

IV. Routing and Layer 3 Concepts

Layer 3 deals with routing — the process of sending data from one network to another. While Layer 2 switches can only forward traffic within the same VLAN (or subnet), Layer 3 switches can route traffic between VLANs or remote networks.

1. Routing Fundamentals

What is Routing?

Routing is the process of choosing the best path for data to travel from one network to another. It’s done by devices like routers and Layer 3 switches (like ArubaOS-CX switches).

Default Gateway

• A default gateway is the IP address of the router/switch that knows how to get out of the local network.

• Every device in a subnet uses the gateway IP to send data outside its subnet.

Example:

• PC: 192.168.10.100

• Gateway: 192.168.10.1

• If PC wants to reach Google (8.8.8.8), it sends the traffic to the gateway first.

Types of Routing

Type	Description
Static	Manually configured by the admin. Easy to set up, but doesn’t adjust to changes.
Dynamic	Routes are learned automatically using routing protocols (e.g., OSPF).

2. Static Routing

Static routing is used to manually define which path to use for specific destinations. It's simple and reliable for small networks.

Static Route Example:

ip route 0.0.0.0/0 192.168.1.1

This says:

• “To reach any destination (0.0.0.0/0), send the traffic to 192.168.1.1.”

Command Breakdown:

• 0.0.0.0/0: Matches all destinations.

• 192.168.1.1: The next-hop IP (usually a router).

When to Use Static Routes:

• Connecting to a single default gateway.

• Small branch offices.

• When the network topology doesn’t change often.

3. Dynamic Routing (Introductory)

Dynamic routing is better for larger or changing networks. Instead of manually entering routes, devices learn routes from each other using protocols.

OSPF (Open Shortest Path First)

• A link-state protocol that shares information about the network.

• Devices build a map of the network and choose the shortest path.

OSPF Concepts:

Term	Meaning
Router ID	A unique ID for the router (often its highest IP address).
Area	OSPF networks are divided into areas (most commonly, area 0).
Hello Timer	How often OSPF routers send “Hello” packets to check neighbors.
LSA (Link-State Advertisement)	Info packets about routes and connections.

ArubaOS-CX OSPF Setup Example (Simplified):

router ospf 1
 router-id 1.1.1.1

interface vlan 10
 ip ospf 1 area 0.0.0.0

This enables OSPF on VLAN 10.

When to Use OSPF:

• In multi-site networks

• When there are redundant paths

• When manual routes are too many to manage

4. ARP (Address Resolution Protocol)

What is ARP?

• ARP is used to find the MAC address of a device when you only know its IP.

• It works at Layer 3 (IP) to Layer 2 (MAC).

How ARP Works:

1. Device A wants to talk to 192.168.1.5.

2. It sends an ARP request: "Who has 192.168.1.5?"

3. Device B replies with: "I do! My MAC is AA:BB:CC:DD:EE:FF"

4. Device A stores this info in its ARP table and sends the frame.

Why ARP Matters:

• Without ARP, devices can’t communicate on the same subnet.

• Switches need ARP to build MAC tables for IP-based communication.

• Problems like IP conflicts or ARP spoofing can break communication or compromise security.

Summary of Key Commands

Function	Example Command
Show IP routes	show ip route
Add static route	ip route 10.1.1.0/24 192.168.1.1
Enable routing	ip routing
Show ARP table	show arp
Start OSPF	router ospf 1 + interface commands

V. Transport Layer Concepts

The transport layer (Layer 4 in the OSI model) is responsible for moving data between devices reliably or efficiently. This includes controlling:

• How data is sent,

• How much data can be sent,

• Whether the data was received,

• And which application or service the data is intended for.

There are two main transport protocols you need to understand:

1. TCP vs. UDP

a. TCP (Transmission Control Protocol)

Key Features:

• Connection-oriented: Devices must "handshake" before exchanging data.

• Reliable: Ensures all packets are delivered.

• Ordered: Maintains the correct order of packets.

• Error-checked: Retransmits lost packets.

3-Way Handshake Process:

1. SYN – Client asks to start communication.

2. SYN-ACK – Server agrees and replies.

3. ACK – Client confirms and starts data exchange.

Use Cases:

• Web browsing (HTTP/HTTPS),

• Email (SMTP, IMAP),

• File transfer (FTP),

• Remote login (SSH).

Pros:

• Very reliable.

• Guaranteed delivery.

Cons:

• Slower due to connection setup and checks.

b. UDP (User Datagram Protocol)

Key Features:

• Connectionless: No handshake; just sends data.

• Unreliable: No confirmation that data arrived.

• No order or error correction.

• Much faster than TCP.

Use Cases:

• Streaming video/audio (YouTube, Skype),

• Online games (low latency),

• DNS (fast lookup),

• VoIP (Voice over IP).

Pros:

• Very fast, low overhead.

Cons:

• Can lose packets.

• No error checking or order enforcement.

Summary Table:

Feature	TCP	UDP
Connection	Yes (Handshake)	No
Reliable	Yes	No
Packet Order	Guaranteed	Not guaranteed
Speed	Slower	Faster
Use Case	Web, Email, FTP	Video, Voice, DNS, Gaming

2. Port Numbers

Every network service or application uses a port number so your device knows which program should receive incoming data.

You can think of port numbers like apartment numbers in a building — the IP address brings the data to the building, and the port number delivers it to the right room.

Well-Known Port Numbers (0–1023)

Service	Protocol	Port
HTTP	TCP	80
HTTPS	TCP	443
FTP (File Transfer)	TCP	21
SSH (Remote login)	TCP	22
DNS (Name service)	UDP	53
DHCP (IP assignment)	UDP	67/68
SMTP (Email sending)	TCP	25
Telnet (Not secure)	TCP	23

Note: Aruba switches often block Telnet and recommend SSH for security.

How Ports Work

Imagine you go to a website:

1. Your browser connects to the IP address of the web server.

2. It sends a request to port 80 (HTTP) or 443 (HTTPS).

3. The server replies back using a random port on your device (like 56324).

So, your device may have multiple connections open, each using a different source port but going to the same destination port.

VI. Multicast and Broadcast

These two terms describe how network traffic is sent from one device to others. Unlike unicast (one-to-one communication), broadcast and multicast are one-to-many communication methods — but they work in different ways.

1. Broadcast Traffic

What is Broadcast?

Broadcast means sending a message to all devices in a local network segment (VLAN).

Think of it like a loudspeaker announcement in a building — everyone hears it, even if it’s not relevant to them.

How Broadcast Works:

• The sender uses a special destination address:
  IPv4 Broadcast IP: 255.255.255.255
  Ethernet Broadcast MAC: FF:FF:FF:FF:FF:FF

• All devices in the subnet receive and process the message.

Examples of Broadcast Protocols:

• ARP – Asking: “Who has IP 192.168.1.10?”

• DHCP Discover – When a new device tries to get an IP address.

Why Broadcast Can Be a Problem:

• Creates unnecessary traffic for all devices.

• If too many broadcasts occur, it causes a broadcast storm, slowing down or crashing the network.

How Aruba Switches Handle Broadcasts:

• Broadcasts stay within the same VLAN.

• You can use VLANs and storm control to limit broadcast traffic.

2. Multicast Traffic

What is Multicast?

Multicast sends a message to only a group of interested devices, not to everyone.

Think of it like a group chat — only group members get the message, not the entire contact list.

How Multicast Works:

• Uses special multicast IP addresses (Class D: 224.0.0.0 to 239.255.255.255).

• Devices join multicast groups to indicate interest.

• The sender sends one copy, and the network duplicates it only for group members.

Example Use Cases:

• Streaming video in classrooms

• Live webinars

• Online games using group updates

Multicast vs Broadcast Summary:

Feature	Broadcast	Multicast
Destination	All devices in VLAN	Only devices that join the group
Network Load	Higher	Lower (more efficient)
Use Cases	ARP, DHCP	IPTV, video conferencing
IP Range	255.255.255.255	224.0.0.0 – 239.255.255.255

IGMP (Internet Group Management Protocol)

What is IGMP?

IGMP is the protocol that helps switches know which devices want to receive multicast traffic.

How IGMP Works:

1. A PC wants to receive a multicast stream.

2. It sends an IGMP Join message.

3. The switch adds that PC to the multicast group.

4. Only that PC gets the stream — others are left alone.

IGMP Snooping (on Aruba Switches):

• Monitors IGMP messages.

• Prevents multicast flooding by only sending traffic to interested ports.

• Enabled by default on many Aruba switches.

Common IGMP Groups:

IP Address	Purpose
224.0.0.1	All hosts on the local network
224.0.0.2	All routers
239.x.x.x	Organization-defined groups

VII. Common Network Protocols

These are the essential network communication protocols that help devices perform important tasks such as getting an IP address, translating names to IPs, monitoring devices, and more. These protocols work across various layers (usually Layer 3 and above) and are critical for network functionality and troubleshooting.

1. DHCP (Dynamic Host Configuration Protocol)

What it does:

• Automatically assigns IP addresses to devices on a network.

• Without DHCP, you’d have to manually configure each IP address.

How DHCP Works (DORA process):

Step	Description
Discover	Client sends a broadcast to find a DHCP server
Offer	DHCP server offers an available IP address
Request	Client requests the offered address
Ack	DHCP server confirms the assignment

Common Use Cases:

• Automatically configure computers, phones, printers, and IP cameras.

Aruba Use:

• Aruba switches can be DHCP clients, relays, or even servers (in simple networks).

2. DNS (Domain Name System)

What it does:

• Converts domain names (like www.google.com) into IP addresses (like 142.250.190.68).

Why it's important:

• Humans remember names.

• Computers need IP addresses.

DNS Query Example:

• You type www.arubanetworks.com

• Your computer asks the DNS server: “What is the IP for this site?”

• DNS server responds: 34.236.4.84

Common DNS Ports:

• UDP 53 (most queries)

• TCP 53 (for large responses)

3. ICMP (Internet Control Message Protocol)

What it does:

• Sends control and error messages between devices.

• It’s the protocol used by tools like ping and traceroute.

Use Cases:

• Ping checks if a device is online.

• Traceroute shows the path traffic takes across the network.

Not for actual data transfer, but essential for testing and diagnostics.

4. SNMP (Simple Network Management Protocol)

What it does:

• Allows centralized systems to monitor and manage network devices.

Aruba Uses:

• Aruba switches can send performance data (CPU, memory, interface stats) to:

  • Aruba Central

  • Aruba AirWave

  • Third-party SNMP servers (e.g., SolarWinds)

SNMP Versions:

Version	Description
v1	Basic, no encryption
v2c	Adds bulk transfers, still no encryption
v3	Secure (authentication + encryption)

SNMP Community Strings:

• Like a password.

• Example:

  snmp-server community public ro
  

5. NTP (Network Time Protocol)

What it does:

• Synchronizes the time on all network devices.

• Important for:

  • Accurate logs

  • Security certificates

  • Coordinating time-sensitive tasks

Typical Configuration:

ntp server 192.168.1.100

Check time:

show time

6. SSH (Secure Shell)

What it does:

• Provides secure remote access to network devices over an encrypted connection.

Used Instead of Telnet:

• Telnet sends everything in plain text (not safe).

• SSH encrypts the connection (safe).

Aruba SSH Setup Example:

crypto key generate ssh
ip ssh

Then you can connect securely using:

ssh [email protected]

Common SSH Port:

• TCP 22

Summary Table of Common Protocols:

Protocol	Purpose	Port	Notes
DHCP	Auto-assign IP addresses	UDP 67/68	Broadcast-based
DNS	Resolve names to IPs	UDP/TCP 53	Critical for internet access
ICMP	Connectivity testing (ping, traceroute)	—	Used for troubleshooting
SNMP	Network monitoring	UDP 161/162	Can be insecure unless using v3
NTP	Time synchronization	UDP 123	Keeps logs and events aligned
SSH	Secure device access	TCP 22	Replaces insecure Telnet

VIII. Network Topologies

A network topology refers to the physical or logical layout of how devices (like switches, routers, computers) are connected in a network. Understanding these patterns is important for design, troubleshooting, and scalability.

We’ll look at the four most common topologies, focusing on those most relevant to enterprise environments like those using Aruba switches.

1. Star Topology (Most Common in Enterprises)

What it looks like:

• One central switch or hub is connected to all other devices.

• Think of it like a wheel with spokes — the switch is the center.

Pros:

• Easy to add/remove devices.

• Easy to isolate and troubleshoot problems.

• One device failure doesn’t affect the whole network.

Cons:

• If the central switch fails, the whole network goes down.

Where Aruba Uses It:

• Access layer switches often form a star topology by connecting PCs, printers, APs, etc.

2. Mesh Topology

What it looks like:

• Devices are interconnected, often with multiple paths between them.

• There are two types:

  • Full Mesh: Every device connects to every other.

  • Partial Mesh: Only some devices are interconnected.

Pros:

• High availability – if one link fails, traffic can use another path.

• Redundancy improves reliability.

Cons:

• More complex.

• Requires more cabling and configuration.

• Costlier.

Where Aruba Uses It:

• Core or distribution layers may use mesh topologies with VSX or LAGs for redundancy.

3. Ring Topology (Older Technology)

What it looks like:

• Devices form a closed loop — each device connects to two others.

Pros:

• Can offer redundancy if supported by protocol (e.g., Token Ring, or Spanning Tree blocks loops).

Cons:

• A break in the ring can affect communication.

• Not scalable or flexible.

Modern Usage:

• Rare in enterprise LANs.

• Spanning Tree Protocol (STP) can "simulate" ring protections in switch networks.

4. Bus Topology (Very Rare Today)

What it looks like:

• All devices share a single communication line (like a road with many buildings connected to it).

Pros:

• Easy to set up for small networks.

Cons:

• Only one device can send at a time.

• A break in the line affects the whole network.

• Difficult to troubleshoot.

Modern Usage:

• Obsolete in wired networks, but some concepts apply to wireless channels (shared medium).

Quick Comparison Table:

Topology	Pros	Cons	Used Today?
Star	Easy to manage, isolate issues	Central point of failure	Very common
Mesh	High redundancy and availability	Complex and expensive	Core/Backbone
Ring	Predictable path	Breaks can disrupt the whole ring	Rare
Bus	Simple for small setups	Break = full network down	Obsolete

IX. Cabling and Media Types

Choosing the correct cable or media type is essential for building a reliable, high-speed, and long-distance network. This section introduces the physical materials used to connect Aruba switches to devices or to each other.

1. Copper Cabling (Twisted Pair)

Copper cables use electrical signals to transmit data. They are common for short-distance connections, like between a computer and a switch.

a. UTP vs STP

Type	Meaning	Shielding	Use Case
UTP	Unshielded Twisted Pair	No shielding	General-purpose office use
STP	Shielded Twisted Pair	Has shielding	High-interference environments

b. Cable Categories (Cat)

Category	Speed Supported	Max Distance	Use Case
Cat5e	1 Gbps	100 meters	Standard Ethernet
Cat6	1–10 Gbps	55–100 m	High-speed access, less noise
Cat6a	10 Gbps	100 meters	Data centers or core uplinks

Aruba switches support auto-negotiation, but using a high-quality cable (Cat6 or Cat6a) is recommended for reliable Gigabit or 10G links.

c. RJ-45 Connectors

• Standard connectors for Ethernet.

• Used with Cat5e/6/6a cables.

• Plug into ports on Aruba switches for copper interfaces.

2. Fiber Optic Cabling

Fiber optics use light signals to send data — ideal for long distances and high speeds.

a. Types of Fiber

Type	Core Size	Distance	Use Case
Single-Mode	Small (8–10 µm)	Up to 40+ km	Long-distance backbone links
Multi-Mode	Larger (50–62.5 µm)	Up to 300–500 m	Shorter links in buildings

b. Advantages of Fiber:

• Immune to electromagnetic interference

• Can transmit data over much longer distances than copper

• Supports very high speeds (up to 100 Gbps and more)

c. Connector Types

Connector	Description	Use With
LC	Most common, small	Aruba SFPs
SC	Older, larger	Legacy systems

3. SFP and SFP+ Modules

What are SFPs?

SFP = Small Form-factor Pluggable
SFP+ = Enhanced version for 10 Gbps

These are modular transceivers used in Aruba switches to connect fiber or copper links.

Use Cases:

• Uplink between switches

• Long-distance links between buildings

• Connecting to service provider equipment

Common SFP Types:

Module	Speed	Media	Max Distance
SFP-1G-SX	1 Gbps	Multi-mode	~550 meters
SFP-1G-LX	1 Gbps	Single-mode	~10 kilometers
SFP-10G-SR	10 Gbps	Multi-mode	~300 meters
SFP-10G-LR	10 Gbps	Single-mode	~10–20 kilometers
SFP-T	1 Gbps	Copper (RJ45)	100 meters (Cat6)

Aruba switches auto-detect SFPs and configure ports accordingly.

4. DAC (Direct Attach Cables)

• DACs are pre-made cables with SFP ends used to connect two switches directly (no transceiver needed).

• Common in data centers for short links (≤7m).

Summary Table:

Media Type	Max Speed	Max Distance	Common Aruba Use
Cat5e	1 Gbps	100m	PC/printer access
Cat6a	10 Gbps	100m	Short server/switch links
Fiber (SM)	10–100+ Gbps	40+ km	Long-distance uplinks
Fiber (MM)	10 Gbps	300–500m	Building-to-building
SFP/SFP+	1G/10G	—	Uplink modularity

X. Foundational Security Concepts (Networking Level)

Network security starts at the switch level, especially in enterprise networks. Aruba switches include a variety of Layer 2 and Layer 3 security features to protect the network from unauthorized access, attacks, and misconfigurations.

We’ll focus on three fundamental tools:

• ACLs (Access Control Lists)

• Port Security

• DHCP Snooping

1. Access Control Lists (ACLs)

What is an ACL?

An ACL is a list of rules that filters network traffic. Each rule defines what traffic is allowed or denied, based on things like:

• IP address

• Port number

• Protocol type

ACLs operate at:

• Layer 2 (MAC ACLs) – less common

• Layer 3 (IP ACLs) – very common

• Layer 4 (TCP/UDP ports) – for advanced control

Where ACLs Are Applied:

• Inbound or outbound on:

  • VLAN interfaces

  • Physical ports

• On routing interfaces for inter-VLAN or internet traffic

ACL Example (IPv4):

ip access-list "BLOCK_HTTP"
  10 deny tcp 192.168.1.0 0.0.0.255 any eq 80
  20 permit ip any any

Explanation:

• Rule 10: Denies HTTP (TCP port 80) from 192.168.1.0/24 to anywhere.

• Rule 20: Allows everything else (important – ACLs are implicit deny by default).

Applying the ACL:

interface vlan 10
  ip access-group BLOCK_HTTP in

Tips:

• ACLs are processed top-down; first match wins.

• Be careful with the order of rules.

• Always add a "permit all" at the end if you don’t want to block everything.

2. Port Security

What is Port Security?

Port security limits the number and identity of devices that can connect to a switch port.

Use Cases:

• Prevent unauthorized devices (e.g., rogue laptops) from connecting.

• Lock a port to only one known MAC address.

• Disable a port if a new MAC address appears.

Basic Port Security Configuration:

interface 1/1/1
  port-security
  port-security max 1
  port-security mac-address sticky

Explanation:

• Enables port security.

• Allows only 1 device on the port.

• Learns the first MAC and “sticks” it (saves it automatically).

Violation Actions:

You can set what happens when an unauthorized MAC appears:

• Protect – drops unknown frames silently.

• Restrict – drops and logs the event.

• Shutdown – disables the port completely.

3. DHCP Snooping

What is DHCP Snooping?

DHCP Snooping protects the network from rogue DHCP servers (which can cause IP conflicts, DoS attacks, or misrouting).

How it works:

• The switch watches all DHCP messages.

• Only trusted ports (like uplinks to a known DHCP server) can offer IP addresses.

• Untrusted ports (like user ports) are blocked if they try to act as DHCP servers.

Basic Configuration:

dhcp-snooping
dhcp-snooping vlan 10
interface 1/1/1
  dhcp-snooping trust

Explanation:

• Enables DHCP snooping globally.

• Applies it to VLAN 10.

• Marks port 1/1/1 as a trusted uplink.

DHCP Snooping Table:

The switch keeps a table of:

• MAC addresses

• IP addresses

• Port numbers

• Lease times

This table can also be used by:

• Dynamic ARP Inspection

• IP Source Guard

Identify, describe, and apply foundational networking architectures and technologies (Additional Content)

1. OSPF Neighbor States (for Convergence Troubleshooting)

Understanding OSPF (Open Shortest Path First) neighbor states is crucial for diagnosing routing issues, especially in convergence problems or when links don’t come up as expected.

Key OSPF Neighbor States:

• DOWN: No Hello packets received; neighbor is not detected.

• INIT: Hello received, but the neighbor’s ID is not listed in the Hello packet — unidirectional communication.

• 2-WAY: Bidirectional Hello packets confirmed; adjacency will form only on multi-access links like Ethernet.

• EXSTART: Routers negotiate who is the master/slave for DBD (Database Description) exchange.

• EXCHANGE: Routers exchange DBD packets with LSAs summaries.

• LOADING: Routers request any missing LSAs.

• FULL: All LSAs exchanged, full adjacency established — required for proper routing.

Why it Matters:

• If a neighbor is stuck in EXSTART or EXCHANGE, there may be:

  • MTU mismatch

  • Authentication mismatch

  • Unidirectional link issues

• Only FULL state allows full OSPF route exchange and convergence.

Command to Check State:

show ospf neighbor

2. IPv6 Subnetting and NDP (Neighbor Discovery Protocol)

As more enterprises deploy dual-stack or IPv6-only networks, candidates should understand IPv6 address planning and device discovery protocols.

IPv6 Subnetting Overview:

• IPv6 addresses use 128-bit structure.

• Common subnet sizes: /64 (default for LANs), /48 (site allocation).

• Subnetting is done by borrowing bits beyond the prefix length (e.g., from /48 to /64 gives 65,536 subnets).

Example:

Given:

2001:db8:1000::/48

You can create:

2001:db8:1000:0001::/64
2001:db8:1000:0002::/64
...

Neighbor Discovery Protocol (NDP):

NDP replaces ARP in IPv6 and provides the following:

• Router Discovery – Hosts find routers automatically.

• Prefix Discovery – Determines on-link prefixes.

• Address Autoconfiguration – SLAAC.

• Neighbor Unreachability Detection

• Duplicate Address Detection

NDP-Related Commands:

show ipv6 neighbors

3. Troubleshooting Module (Ping/Traceroute Failures, MAC Table)

To align with “troubleshoot” exam objectives, build a standalone diagnostic module focusing on common tools and output interpretation.

1. Diagnosing Ping/Traceroute Failures

• Ping fails: Check for:

  • IP reachability

  • Gateway issues

  • ACLs blocking ICMP

  • DNS misresolution (if pinging hostname)

ping 192.168.1.1
ping 8.8.8.8 source vlan 10

• Traceroute reveals:

  • Routing loops

  • Blackhole hops (no response)

  • Asymmetric routing

traceroute 8.8.8.8

2. MAC Address Table Inspection

Used to confirm whether a switch has learned the correct MAC on the correct port.

show mac-address-table

Key output fields:

• MAC Address

• VLAN

• Port

• Type (dynamic/static)

Why it Matters:

• Useful when devices can't reach each other on L2.

• Helps detect:

  • Wrong VLAN membership

  • Loop or duplicate MAC

  • Broken links not forwarding traffic