BlogHardware

Network Foundations: From Layer Theory to Real Subnetting

2026-01-20 | Hardware | Print e-mail MD file
font size - +
Network Foundations: From Layer Theory to Real Subnetting

If the Operating Systems course was intense, Network Fundamentals has been the real puzzle of the ASIX program. Here, it’s not about whether the button works, but how data travels thousands of kilometers in milliseconds. I want to explain how this experience has been, following the official Cisco CCNA course notes, from understanding the encapsulation of the OSI model to mastering the logic of complex subnetting.

1. Network Architecture: The OSI Model in Action

Detailed diagram of the OSI model and the data encapsulation process

The first big challenge is understanding how current networks have moved from being islands to being convergent networks. We no longer separate voice from data; everything flows through the same infrastructure thanks to QoS (Quality of Service) protocols and logical segmentation.

We delved into the concept of data encapsulation. Every time we send a WhatsApp or call an API, the information moves down the OSI stack, adding headers:

  • Layer 2 (Data Link): Where the frame encapsulates the packet and handles getting to the next physical hop (MAC).
  • Layer 3 (Network): Where the IP protocol decides the best route through routing.
  • Layer 4 (Transport): Where TCP guarantees that if a segment is lost, it is retransmitted, ensuring a reliable session.

Download: Network Architecture and OSI Model (AA2)

2. The Physical Medium and the Ethernet Standard

Not everything is wireless magic. We analyzed why the IEEE 802.3 (Ethernet) standard remains the king of the LAN. An interesting detail we saw in the labs is the sensitivity of the copper medium. A Cat6a S/FTP cable is not just "faster"; its shielding is vital to avoid signal distortion from induction in environments with heavy electrical wiring.

Different types of network cables and S/FTP shielding to avoid interference

We also studied optical fiber and the phenomenon of attenuation. While on the LAN copper limits us to 100 meters, multi-mode or single-mode fiber allows us to connect entire buildings kilometers away without losing a single bit, because it transmits pulses of light instead of electrical impulses.

Download: Transmission Media and Technical Cabling (AA3)

3. Cisco Administration: Switching and VLANs

With Packet Tracer, we simulated enterprise-level infrastructures. The most rewarding part was learning to "tame" a switch from scratch using the CLI (Command Line Interface).

A security technique that I found key is Port Security. It allows blocking any malicious user from connecting a hub or another computer to the wall network point without authorization.


# Generic configuration and initial security
Switch> enable
Switch# configure terminal
Switch(config)# hostname swPlanta1
Switch(config)# enable secret class
Switch(config)# banner motd # Restricted Access: ReparamiPC ASIX #
Switch(config)# username david secret password123
# Line configuration (Console and VTY)
Switch(config)# line console 0
Switch(config-line)# password cisco
Switch(config-line)# login local
Switch(config-line)# logging synchronous
Switch(config-line)# exec-timeout 5 0
Switch(config-line)# transport input telnet ssh
# VLAN Management and Port Assignment
Switch(config)# vlan 10
Switch(config-vlan)# name Formacio
Switch(config-vlan)# exit
# Interface configuration and Port Security
Switch(config)# interface range fa0/6-14, gi0/1
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10
Switch(config-if-range)# switchport port-security
Switch(config-if-range)# no shutdown
# Switch Virtual Interface (SVI) configuration
Switch(config)# interface vlan 1
Switch(config-if)# ip address 192.168.2.1 255.255.255.0
Switch(config-if)# no shutdown

Diagnostic Commands (Troubleshooting)


# Essential verification commands
show ip interface brief         # Quick summary of the status of all interfaces
show vlan brief                 # Check if VLANs are active and ports assigned
show interfaces trunk           # See if 802.1Q protocol is working between switches
show mac address-table          # See devices connected to each port
show port-security interface    # Debug MAC security lockouts

Cisco command line interface for switch and router administration

Integration of VLANs and Routing

In the final school network, we used RoAS (Router on a Stick) to allow the rtEscuela router to manage traffic between the different VLANs (Training, Administration, Management). This is done by creating logical subinterfaces on the router's FastEthernet interface, encapsulating them with the IEEE 802.1Q protocol.

Download: Exercise with network IPs (AA4)

Download: VLANs config (AA5)

4. Routing: Static Routes and RIP Protocol

Within the same Cisco ecosystem, we worked on configuring network interfaces on a router (rtISP2) to manage routing towards the Internet and between different segments of the school network. This is where the network really takes a global shape.


Router>enable
Router#configure terminal
Router(config)#hostname rtISP2
rtISP2(config)#enable password class
rtISP2(config)#banner motd #Restricted Access to router rtISP2#
rtISP2(config)#ip host rtEscuela 90.90.182.42
rtISP2(config)#ip host rtISP1 87.87.87.37
rtISP2(config)#ip host Internet 65.65.65.49
rtISP2(config)#interface s1/0
rtISP2(config-if)#description Link to Internet
rtISP2(config-if)#ip address 65.65.65.50 255.255.255.252
rtISP2(config-if)#no shutdown
rtISP2(config-if)#exit
rtISP2(config)#no ip domain-lookup
rtISP2(config)#interface s0/1
rtISP2(config-if)#description Link to rtEscuela
rtISP2(config-if)#ip address 90.90.182.41 255.255.255.252
rtISP2(config-if)#clock rate 128000
rtISP2(config-if)#no shutdown
rtISP2(config-if)#exit
rtISP2(config)#interface s0/0
rtISP2(config-if)#description Link to rtISP1
rtISP2(config-if)#ip address 87.87.87.33 255.255.255.252
rtISP2(config-if)#no shutdown
rtISP2(config-if)#exit
rtISP2(config)#line vty 0 4
rtISP2(config)#login local
rtISP2(config-line)#logging synchronous
rtISP2(config-line)#exec-timeout 5 0
rtISP2(config-line)#transport input telnet
rtISP2(config-line)#exit
rtISP2(config)#username admin password dit
rtISP2(config)#username operador password dit
rtISP2(config)#line console 0 
rtISP2(config-line)#password cisco
rtISP2(config-line)#login
rtISP2(config-line)#exec-timeout 5 0
rtISP2(config-line)#exit
rtISP2(config)#router rip
rtISP2(config-router)#version 2
rtISP2(config-router)#no auto-summary
rtISP2(config-router)#network 87.87.87.32
rtISP2(config-router)#network 90.90.182.40
rtISP2(config-router)#exit
# Static routes and default route
rtISP2(config)#ip route 0.0.0.0 0.0.0.0 Serial1/0
rtISP2(config)#ip route 10.182.192.0 255.255.240.0 90.90.182.42
rtISP2(config)#ip route 192.168.182.160 255.255.255.224 90.90.182.42
rtISP2(config)#ip route 44.44.182.0 255.255.255.0 87.87.87.34
rtISP2(config)#ip route 87.87.87.36 255.255.255.252 90.90.182.42

5. The Wireless World and Mikrotik

Finally, we took all the learning to a real environment with Mikrotik RouterOS. It is a system much more "raw" than Cisco, but extremely flexible.

We learned to configure secure wireless networks. A very common error we debugged is WPS. Many users think it's a convenience, but for a systems administrator, it's a security nightmare. We also configured the DHCP Pool and saw how critical it is to have good Forwarding in the Firewall to avoid external attacks.

WinBox interface for advanced Mikrotik router management and Wireless security
Technical Reminder: In Mikrotik, always use Safe Mode (button at the top left of WinBox). If you make a change that cuts your connection, the router will undo it automatically when it detects you've disconnected. It's saved my life more than once!

Download: Mikrotik Configuration and Wireless Security (AA6)

6. The Final Ecosystem: VLSM and Resilience

The project culminates with the integration of all elements into a hierarchical network topology. It's not enough for each device to be configured; the entire ecosystem needs to speak the same "language" and be secure.

The VLSM Challenge

If you want to be a top-to-bottom network administrator, you have to master VLSM (Variable Length Subnet Masking). We are no longer satisfied with standard class A, B, or C networks. Now we cut the network to size to optimize every IP address.

We performed the design for an entire school with these parameters:

  • School: 4000 hosts · Prefix `/20` · Network `172.16.0.0` · Range `172.16.0.1 - 172.16.15.254`
  • Management: 500 hosts · Prefix `/23` · Network `172.16.16.0` · Range `172.16.16.1 - 172.16.17.254`
  • Faculty: 25 hosts · Prefix `/27` · Network `172.16.18.0` · Range `172.16.18.1 - 172.16.18.30`
  • ISP Link: 2 hosts · Prefix `/30` · Network `172.16.18.32` · Range `172.16.18.33 - 172.16.18.34`

Here's a brief explanation on how to calculate subnetting without dying in the process:


The first step is to convert the prefix to binary. A /20 prefix (172.16.0.0/20) would be represented as 11111111 11111111 11110000 00000000, which is equivalent to the subnet mask 255.255.240.0 (128+64+32+16+0+0+0+0 - binary to decimal conversion). Now, if we subtract 256-240, we get 16, which is what Cisco refers to as the "Magic number". With this, we can calculate the network address. Keep in mind that the first and second octets are all 1s, so the network will be located at the third octet: 172.16.X.0, in this case 172.16.0.0. The maximum number of possible networks would be: (0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240) — 16 networks. The maximum number of hosts would be: from 172.16.0.1 to 172.16.15.254 in each network, and the broadcast address would be 172.16.15.255. Finally, the next network would be 172.16.16.0, with hosts in the range from 172.16.16.1 to 172.16.31.254. And so on.
Hierarchical network topology diagram with VLSM subnetting design

Download: Complex network design with VLSM (AA6.3)

Maintenance and Backups (TFTP)

A good administrator never trusts only the device's NVRAM memory. We implemented an external backup system using a TFTP server.


# Backup current configuration to server
rtISP2# copy running-config startup-config   # Save to local NVRAM
rtISP2# copy startup-config tftp              # Send to backup server
Address or name of remote host []? 192.168.1.10
Destination filename [rtISP2-confg]? backup-2026-01-20
!!
[OK - 1024 bytes]

Advanced Security and Synchronism

We configured the exec-timeout and the logging synchronous on all lines. This prevents system messages from interrupting what you're writing and closes inactive sessions for security. With Port Security and the MAC Sticky policy, the switch "learns" and remembers which devices are authorized automatically.

Conclusion and Final Reflections

This journey through the course has taught me that the heart of any company is not its software, but the network that supports it. If the network is not solid, scalable, and secure, everything else fails. I've gone from seeing cables to seeing data paths, from seeing IP addresses to seeing optimized logical structures.

It has been a demanding course, with many nights calculating binary and testing routes in Packet Tracer, but now I have the confidence of knowing how to build a network infrastructure from scratch to a professional level.

If you've made it this far, I really mean it: you deserve a prize! 🏆 Since I love sharing knowledge, I've left all my lab reports (the PDFs) right here, including a Cisco quick command guide that you'll find very useful.

🎁 Download your prize: Cisco Quick Command Guide

Any questions about how to balance your subnets or how to configure a VLAN? Leave a comment and let's "debug" together!

Tags: ASIRNETWORKSCISCO

Comments