INLS 184: Protocols and Network Management
February 8, 2005 / due February 17, 2005
Instructor: Jim Gogan
Assignment #2 --
You, as proud manager of a workgroup network in the UNC-CH Department of Anarchy and Chaos, have just purchased a used bridge (cheap! only one previous owner!) to isolate your local traffic from the rest of the network traffic in your department. Since no two bridge manufacturers implement applying filters the same way, you will need to review the section of the bridge manual that deals with the FILTERS command for this particular bridge. (HERE IS THAT SECTION OF THE APPROPRIATE BRIDGE MANUAL!!!)
Once you've read through the attached "manual" and have an understanding of what's going on in the examples, your assignment is to write the appropriate ADD FILTERS filter (or filters) to handle each of the following situations. Assume that you are starting with a "clean bridge" (i.e. no existing filters) in each problem. You will need to use your notes from previous classes regarding Ethernet protocol types and manufacturer codes and you will need to refer to the readings concerning differentiating among the various Ethernet frame types (i.e., Type II, "NetWare 802.3"/raw, 802.2, and 802.2 with SNAP). (Note: remembering some of the things you found in the first homework assignment would help also.)
And yes, I realize that most of these things would be easier to do with a Layer 3 device like a router, but I'm not going to let you install one of those right now, so, as far as you’re concerned, it’s a Layer 2 world after all.
THIS IS A REAL-LIFE SITUATION WITH REAL-LIFE PROBLEMS. These are the sort of typical problems that you would have to deal with as a network manager; not only in trying to address the problems below, but in trying to make sense out of hardware vendor documentation!!!
1. You're fed up with AppleTalk and NetWare broadcasts and multicasts running throughout the rest of your department. In fact, you're not even running any AppleTalk or NetWare devices in your workgroup. In fact, you're not running ANYTHING in your department except TCP/IP, like any good system administrator. So, you want to keep out ALL broadcast packets EXCEPT for Internet Protocol (IP) and something called Address Resolution Protocol (ARP) packets. (We'll talk about these soon.) Note that although ARP is used only by the IP protocol, ARP actually has its own separate type field value (different from IP) - look for it on the Ethernet Type codes.
2. You have learned that somewhere on campus is a defective network adapter that seems to be putting a flood of packets onto your network. Furthermore, you have learned that its hardware address is 080020933610. You don't know if that device is in your local workgroup or somewhere else on campus, but to be safe, you want to keep out any packets to or from that card. ALSO, what can you tell me about that particular device?
3. OK, so now you've gotten a better job offer in another department (the Department of Social Policy and Silly Walks) and you're managing a workgroup that DOES use a Novell NetWare server. You have learned that Novell has now decided that the 802.2 (LLC) frame type is the default frame type for NetWare, but you and the rest of the campus are only running Ethernet Type II frames. Somebody has brought up a NetWare server that's using the 802.2 frame type and that's creating havoc on existing network devices in your new department. You want to keep off of your network any NetWare IPX 802.2 packets. (Again, you may need to go back to your first homework assignment on some of these problems.)
4. You will be learning more about AppleTalk later this semester. In the meantime, you have JUST learned that there is a Phase 1 and a Phase 2 AppleTalk, and only Phase 2 AppleTalk traffic should be running on campus. You have been told by the ITS Networking folks that there is a Phase 1 AppleTalk device on YOUR network and you'd better find a way to keep it quiet. All they can tell you is that Phase 1 AppleTalk used Ethernet II frames and type field values rather than the 802.2 SNAP that Phase 2 AppleTalk now uses. They also told you that, when dealing with AppleTalk, you need to deal with both the "EtherTalk (AppleTalk over Ethernet)" protocol type AND the "AARP (AppleTalk Address Resolution Protocol)" protocol type. The ITS folks said it would be sufficient for you to put a filter on your bridge for Phase 1 AppleTalk.
5. You've found the offending Phase 1 AppleTalk device, shut it off, and excommunicated the user. Your campus reputation has grown so immensely that you've now gotten an ever better offer in yet another department. This department (the Department of Redundancy Department) has NO AppleTalk devices, has no intention of getting any, and has no desire to see any AppleTalk packets from elsewhere on campus. You can assume that all the Phase 1 AppleTalk is GONE from throughout the campus, and the only AppleTalk packets on campus are the 802.2 SNAP (Phase 2) kind. Note, however, that even with the 802.2 SNAP, you have to deal with both the "EtherTalk" and the "AARP" as above. (CLUE: note the similarity between the values of the 2-byte "type field" of Ethernet II and the values of the last 2-bytes in the 5-byte SNAP.)
6. You've gotten tired of putting in filters for DECnet, AppleTalk, RoboNet, PowerPuffNet, etc., and realize that you only are running TCP/IP (which has to include ARP, a separate "protocol") and NetWare (with Type II frames only). The only stuff that you want going through your bridge is IP (and ARP) AND NetWare (Ethernet Type II version).