Professional Documents
Culture Documents
2
Data Networks
Sharing data through the use of floppy disks is not an efficient
or cost-effective manner in which to operate businesses.
3
Networking Devices
Network devices include all the devices that connect the end-
user devices together to allow them to communicate.
4
Network Interface Card
A network interface card (NIC) is a printed circuit board
that provides network communication capabilities to and
from a personal computer. Also called a LAN adapter.
5
Networking Device Icons
6
Repeater
A repeater is a network device used to regenerate a signal.
Repeaters regenerate analog or digital signals distorted by
transmission loss due to attenuation. A repeater does not
perform intelligent routing.
7
Hub
Hubs concentrate
connections. In other words,
they take a group of hosts
and allow the network to see
them as a single unit.
9
Workgroup Switch
10
Router
Routers have all capabilities of the previous devices. Routers
can regenerate signals, concentrate multiple connections,
convert data transmission formats, and manage data
transfers.They can also connect to a WAN, which allows them
to connect LANs that are separated by great distances.
11
“The Cloud”
The cloud is used in diagrams to represent where the
connection to the internet is.
It also represents all of the devices on the internet.
12
Network Topologies
Network topology defines the structure of the network.
13
Physical Topologies
14
Bus Topology
A bus topology uses a single backbone cable that is
terminated at both ends.
15
Ring Topology
A ring topology connects one host to the next and the last host
to the first.
16
Star Topology
A star topology connects all cables to a central point of
concentration.
17
Extended Star Topology
An extended star topology links individual stars together by
connecting the hubs and/or switches.This topology can extend
the scope and coverage of the network.
18
Hierarchical Topology
19
Mesh Topology
A mesh topology is implemented to provide as much
protection as possible from interruption of service.
Each host has its own connections to all other hosts.
Although the Internet has multiple paths to any one
location, it does not adopt the full mesh topology.
20
LANs, MANs, & WANs
21
Examples of Data Networks
22
LANs
23
Wireless LAN Organizations
and Standards
In cabled networks, IEEE is the prime issuer of standards for
wireless networks. The standards have been created within the
framework of the regulations created by the Federal
Communications Commission (FCC).
24
Cellular Topology for Wireless
25
WANs
26
SANs
Because it is a separate,
dedicated network, it avoids
any traffic conflict between
clients and servers.
27
Virtual Private Network
A VPN is a private network that is constructed within a public network
infrastructure such as the global Internet. Using VPN, a telecommuter
can access the network of the company headquarters through the
Internet by building a secure tunnel between the telecommuter’s PC
and a VPN router in the headquarters.
28
Bandwidth
29
Measuring Bandwidth
30
31
Why do we need the OSI Model?
32
Don’t Get Confused.
34
Layer 7 - The Application Layer
7 Application This layer deal with
networking applications.
6 Presentation
5 Session Examples:
4 Transport • Email
• Web browsers
3 Network
2 Data Link PDU - User Data
1 Physical
35
Layer 6 - The Presentation Layer
7 Application This layer is responsible
for presenting the data in
6 Presentation
the required format which
5 Session may include:
4 Transport • Encryption
• Compression
3 Network
2 Data Link PDU - Formatted Data
1 Physical
36
Layer 5 - The Session Layer
7 Application This layer establishes,
manages, and terminates
6 Presentation
sessions between two
5 Session communicating hosts.
4 Transport
Example:
3 Network • Client Software
2 Data Link ( Used for logging in)
37
Layer 4 - The Transport Layer
7 Application This layer breaks up the data
from the sending host and
6 Presentation
then reassembles it in the
5 Session receiver.
4 Transport
It also is used to insure
3 Network reliable data transport
2 Data Link across the network.
1 Physical
PDU - Segments
38
Layer 3 - The Network Layer
7 Application Sometimes referred to as the
“Cisco Layer”.
6 Presentation
5 Session Makes “Best Path
4 Transport Determination” decisions
based on logical addresses
3 Network (usually IP addresses).
2 Data Link
PDU - Packets
1 Physical
39
Layer 2 - The Data Link Layer
7 Application This layer provides reliable
transit of data across a
6 Presentation
physical link.
5 Session
4 Transport Makes decisions based on
physical addresses (usually
3 Network MAC addresses).
2 Data Link
PDU - Frames
1 Physical
40
Layer 1 - The Physical Layer
This is the physical media
7 Application through which the data,
6 Presentation represented as electronic
signals, is sent from the
5 Session
source host to the
4 Transport destination host.
3 Network
Examples:
2 Data Link • CAT5 (what we have)
1 Physical • Coaxial (like cable TV)
• Fiber optic
PDU - Bits 41
OSI Model Analogy
Application Layer - Source Host
48
OSI Model Analogy
Data Link Layer - Destination
49
OSI Model Analogy
Network Layer - Destination
3 Network
2 Data Link
1 Physical
55
Media Layers
7 Application
6 Presentation
5 Session
4 Transport
These layers manage
3 Network
the information out in
2 Data Link the LAN or WAN
1 Physical between the source
and destination hosts.
56
57
58
Data Flow Through a Network
59
60
LAN Physical Layer
Various symbols are used to represent media types.
62
UTP Implementation
EIA/TIA specifies an RJ-45 connector for UTP cable.
The RJ-45 transparent end connector shows eight colored wires.
Four of the wires carry the voltage and are considered “tip” (T1 through T4).
The other four wires are grounded and are called “ring” (R1 through R4).
The wires in the first pair in a cable or a connector are designated as T1 & R1
63
Connection Media
The registered jack (RJ-45) connector and jack are the most
common.
65
Remember…
66
Straight-Thru or Crossover
69
Coaxial Cable
70
Fiber Optic Cable
71
Fiber Optic Connectors
Connectors are attached to the fiber ends so that the fibers can
be connected to the ports on the transmitter and receiver.
The type of connector most commonly used with multimode fiber
is the Subscriber Connector (SC connector).On single-mode
fiber, the Straight Tip (ST) connector is frequently used
72
Fiber Optic Patch Panels
Fiber patch panels similar to the patch panels used with copper
cable.
73
Cable Specifications
10BASE-T
The T stands for twisted pair.
10BASE5
The 5 represents the fact that a signal can travel for approximately
500 meters 10BASE5 is often referred to as Thicknet.
10BASE2
The 2 represents the fact that a signal can travel for approximately
200 meters 10BASE2 is often referred to as Thinnet.
75
LAN Physical Layer Implementation
76
Ethernet in the Campus
77
WAN Physical Layer
78
WAN Serial Connection Options
79
Serial Implementation of DTE & DCE
When connecting directly to a service provider, or to a
device such as a CSU/DSU that will perform signal clocking,
the router is a DTE and needs a DTE serial cable.
This is typically the case for routers.
80
Back-to-Back Serial Connection
When
performing a
back-to-back
router scenario
in a test
environment,
one of the
routers will be a
DTE and the
other will be a
DCE.
81
Repeater
A repeater is a network device used to regenerate a signal.
Repeaters regenerate analog or digital signals distorted by
transmission loss due to attenuation.Repeater is a Physical
Layer device
82
The 4 Repeater Rule
The Four Repeater Rule for 10-Mbps Ethernet should be
used as a standard when extending LAN segments.
83
Hub
Hubs concentrate
connections.In other words,
they take a group of hosts
and allow the network to see
them as a single unit.
Hub is a physical layer
device.
84
Network Interface Card
The function of a NIC is to connect a host device to the network medium.
A NIC is a printed circuit board that fits into the expansion slot on the motherboard or
peripheral device of a computer. The NIC is also referred to as a network adapter.
NICs are considered Data Link Layer devices because each NIC carries a
unique code called a MAC address.
85
MAC Address
MAC address is 48 bits in length and expressed as twelve hexadecimal
digits.MAC addresses are sometimes referred to as burned-in addresses
(BIA) because they are burned into read-only memory (ROM) and are
copied into random-access memory (RAM) when the NIC initializes.
86
Bridge
Bridges are Data Link layer devices.Connected host
addresses are learned and stored on a MAC address
table.Each bridge port has a unique MAC address
87
Bridges
88
Bridging Graphic
89
Switch
90
Switching Modes
cut-through
A switch starts to transfer the frame as soon as the destination MAC
address is received. No error checking is available.
Must use synchronous switching.
store-and-forward
At the other extreme, the switch can receive the entire frame before
sending it out the destination port. This gives the switch software an
opportunity to verify the Frame Check Sum (FCS) to ensure that the
frame was reliably received before sending it to the destination.
Must be used with asynchronous switching.
fragment-free
A compromise between the cut-through and store-and-forward modes.
Fragment-free reads the first 64 bytes, which includes the frame header,
and switching begins before the entire data field and checksum are read.
91
Full Duplex
Another capability emerges when only two nodes are connected. In a network that
uses twisted-pair cabling, one pair is used to carry the transmitted signal from one
node to the other node. A separate pair is used for the return or received signal. It is
possible for signals to pass through both pairs simultaneously. The capability of
communication in both directions at once is known as full duplex.
92
Switches – MAC Tables
93
Switches – Parallel Communication
94
Microsegmentation
A switch is simply a bridge with many ports. When only one node is connected to a
switch port, the collision domain on the shared media contains only two nodes.
The two nodes in this small segment, or collision domain, consist of the switch port
and the host connected to it. These small physical segments are called micro
segments.
95
Peer-to-Peer Network
In a peer-to-peer network, networked computers act as equal partners, or peers.
As peers, each computer can take on the client function or the server function.
At one time, computer A may make a request for a file from computer B, which
responds by serving the file to computer A. Computer A functions as client, while B
functions as the server. At a later time, computers A and B can reverse roles.
In a peer-to-peer network, individual users control their own resources. Peer-to-
peer networks are relatively easy to install and operate. As networks grow, peer-to-
peer relationships become increasingly difficult to coordinate.
96
Client/Server Network
In a client/server arrangement, network services are located on a dedicated
computer called a server.
97
98
Why Another Model?
Although the OSI reference model is universally
recognized, the historical and technical open standard
of the Internet is Transmission Control Protocol /
Internet Protocol (TCP/IP).
7 Application
6 Presentation Application
5 Session
4 Transport Transport
3 Network Internet
2 Data Link Network
1 Physical Access 100
2 Models
Side-By-Side
7 Application
6 Presentation Application
5 Session
4 Transport Transport
3 Network Internet
2 Data Link Network
1 Physical Access
101
The Application Layer
The application
layer of the
TCP/IP model
handles high-
level protocols,
issues of
representation,
encoding, and
dialog control.
102
The Transport Layer
104
The Network Access Layer
The network access layer is also called the host-to-
network layer. It the layer that is concerned with all of the
issues that an IP packet requires to actually make a
physical link to the network media. It includes LAN and
WAN details, and all the details contained in the OSI
physical and data-link layers. NOTE: ARP & RARP work
at both the Internet and Network Access Layers.
105
Comparing TCP/IP & OSI Models
NOTE: TCP/IP transport layer using UDP does not always guarantee
reliable delivery of packets as the transport layer in the OSI model does.
106
Introduction to the Transport Layer
107
More on The Transport Layer
Flow control avoids the problem of a transmitting host overflowing the buffers in
the receiving host.
109
3-Way Handshake
TCP requires connection establishment before data transfer begins.
For a connection to be established or initialized, the two hosts must
synchronize their Initial Sequence Numbers (ISNs).
110
Basic Windowing
Data packets must be
delivered to the
recipient in the same
order in which they
were transmitted to
have a reliable,
connection-oriented
data transfer.
The protocol fails if
any data packets are
lost, damaged,
duplicated, or
received in a different
order.
An easy solution is to
have a recipient
acknowledge the
receipt of each packet
before the next packet
is sent. 111
Sliding Window
112
Sliding Window
with Different Window Sizes
113
TCP Sequence & Acknowledgement
114
TCP
Transmission Control Protocol (TCP) is a connection-oriented Layer 4
protocol that provides reliable full-duplex data transmission.
116
UDP
User Datagram Protocol (UDP) is the connectionless transport protocol
in the TCP/IP protocol stack.
118
Well Known Port Numbers
The following port numbers should be memorized:
NOTE:
The curriculum forgot to mention one of the most important port numbers.
Port 80 is used for HTTP or WWW protocols. (Essentially access to the internet.)
119
URL
120
SNMP – Managed Network
121
122
Base 2 Number System
101102 = (1 x 24 = 16) + (0 x 23 = 0) + (1 x 22 = 4) +
(1 x 21 = 2) + (0 x 20 = 0) = 22
123
Converting Decimal to Binary
127
Internet Addresses
IP Addressing is a hierarchical structure.An IP address combines two
identifiers into one number. This number must be a unique number,
because duplicate addresses would make routing impossible.The
first part identifies the system's network address.The second part,
called the host part, identifies which particular machine it is on the
network.
128
IP Address Classes
129
Identifying Address Classes
130
Address Class Prefixes
To accommodate different size networks and aid in classifying these networks, IP
addresses are divided into groups called classes.This is classful addressing.
131
Network and Host Division
Each complete 32-bit IP address is broken down into a network part
and a host part. A bit or bit sequence at the start of each address
determines the class of the address. There are 5 IP address classes.
132
Class A Addresses
The Class A address was designed to support extremely large
networks, with more than 16 million host addresses available.
Class A IP addresses use only the first octet to indicate the
network address. The remaining three octets provide for host
addresses.
133
Class B Addresses
The Class B address was designed to support the needs of
moderate to large-sized networks.A Class B IP address uses
the first two of the four octets to indicate the network address.
The other two octets specify host addresses.
134
Class C Addresses
135
Class D Addresses
136
Class E Addresses
A Class E address has been defined. However, the Internet
Engineering Task Force (IETF) reserves these addresses for
its own research. Therefore, no Class E addresses have been
released for use in the Internet.
137
IP Address Ranges
The graphic below shows the IP address range of the first octet
both in decimal and binary for each IP address class.
138
IPv4
As early as 1992, the Internet Engineering
Task Force (IETF) identified two specific
concerns: Exhaustion of the remaining,
unassigned IPv4 network addresses and the
increase in the size of Internet routing tables.
139
Finding the Network Address with ANDing
By ANDing the Host address of 192.168.10.2 with 255.255.255.0
(its network mask) we obtain the network address of 192.168.10.0
140
Network Address
141
Broadcast Address
142
Network/Broadcast Addresses
at the Binary Level
An IP address that has binary 0s in all host bit positions is
reserved for the network address, which identifies the network.
An IP address that has binary 1s in all host bit positions is
reserved for the broadcast address, which is used to send data
to all hosts on the network. Here are some examples:
A 100.0.0.0 100.255.255.255
B 150.75.0.0 150.75.255.255
InterNIC no longer exists and has been succeeded by the Internet Assigned
Numbers Authority (IANA).
No two machines that connect to a public network can have the same IP
address because public IP addresses are global and standardized.
However, private networks that are not connected to the Internet may
use any host addresses, as long as each host within the private
network is unique.
145
Mixing Public and
Private IP Addresses
Private IP addresses can be intermixed, as shown in the graphic, with
public IP addresses.This will conserve the number of addresses used for
internal connections. Connecting a network using private addresses to
the Internet requires translation of the private addresses to public
addresses. This translation process is referred to as Network Address
Translation (NAT).
146
Introduction to Subnetting
Subnetting a network means to use the subnet mask to divide the
network and break a large network up into smaller, more efficient and
manageable segments, or subnets.
Subnet addresses include the network portion, plus a subnet field and
a host field.The ability to decide how to divide the original host portion
into the new subnet and host fields provides addressing flexibility for
the network administrator.
147
The 32-Bit
Binary IP Address
148
Numbers That Show Up In
Subnet Masks (Memorize Them!)
149
Addressing with Subnetworks
150
Obtaining an Internet Address
151
Static Assignment of an IP Address
Static assignment
works best on small
networks.
The administrator
manually assigns and
tracks IP addresses
for each computer,
printer, or server on
the intranet.
Network printers,
application servers,
and routers should be
assigned static IP
addresses. 152
ARP
(Address Resolution Protocol)
Host A
ARP Request - Broadcast to all hosts
SIEMENS
NIXDORF
„What is the hardware address for IP address 128.0.10.4?“
ARP Reply
SIEMENS
NIXDORF
SIEMENS
NIXDORF
Host B
IP Address: 128.0.10.4
HW Address: 080020021545
153
Fig. 32 How does ARP work? (TI1332EU02TI_0004 The Network Layer, 47)
154
Fig. 33 The ARP command (TI1332EU02TI_0004 The Network Layer, 47)
1 Network = 1 Broadcast Domain
155
Fig. 34 Proxy-ARP concept (TI1332EU02TI_0004 The Network Layer, 49)
A
A
B
Router R
156
RARP
A network device, such as a diskless workstation, might know its MAC address but not
its IP address. RARP allows the device to make a request to learn its IP address.
Devices using RARP require that a RARP server be present on the network to answer
RARP requests.
157
BootP
The bootstrap protocol (BOOTP) operates in a client-server environment and only
requires a single packet exchange to obtain IP information.
However, unlike RARP, BOOTP packets can include the IP address, as well as
the address of a router, the address of a server, and vendor-specific information.
One problem with BOOTP, however, is that it was not designed to provide
dynamic address assignment. With BOOTP, a network administrator creates a
configuration file that specifies the parameters for each device.The administrator
must add hosts and maintain the BOOTP database.
Even though the addresses are dynamically assigned, there is still a one to one
relationship between the number of IP addresses and the number of hosts.
This means that for every host on the network there must be a BOOTP profile
with an IP address assignment in it. No two profiles can have the same IP
address.
158
DHCP
Unlike BOOTP, DHCP allows a host to obtain an IP address dynamically without the
network administrator having to set up an individual profile for each device.
All that is required when using DHCP is a defined range of IP addresses on a DHCP
server.As hosts come online, they contact the DHCP server and request an address.
With DHCP, the entire network configuration of a computer can be obtained in one
message.
This includes all of the data supplied by the BOOTP message, plus a leased IP
address and a subnet mask.
The major advantage that DHCP has over BOOTP is that it allows users to be mobile.
159
160
Introduction to Routers
A router is a special type of computer. It has the same basic components as a
standard desktop PC. However, routers are designed to perform some very specific
functions. Just as computers need operating systems to run software applications,
routers need the Internetwork Operating System software (IOS) to run configuration
files. These configuration files contain the instructions and parameters that control the
flow of traffic in and out of the routers. The many parts of a router are shown below:
161
RAM
Random Access Memory, also called dynamic RAM (DRAM)
162
NVRAM
Non-Volatile RAM
163
Flash
Flash memory has the following characteristics and
functions:
165
Interfaces
Interfaces have the following characteristics and functions:
Types of interfaces:
• Ethernet
• Fast Ethernet
• Serial
• Token ring
• ISDN BRI
• Loopback
• Console
• Aux 166
Internal Components of a 2600 Router
167
External Components of a 2600 Router
168
External Connections
169
Fixed Interfaces
When cabling routers for serial connectivity, the routers will either have
fixed or modular ports. The type of port being used will affect the syntax
used later to configure each interface. Interfaces on routers with fixed
serial ports are labeled for port type and port number.
170
Modular Serial Port Interfaces
Interfaces on routers with modular serial ports are labeled for port type, slot, and port
number.The slot is the location of the module.To configure a port on a modular card, it is
necessary to specify the interface using the syntax “port type slot number/port number.” Use
the label “serial 0/1,” when the interface is serial, the slot number where the module is
installed is slot 0, and the port that is being referenced is port 1.
171
Routers & DSL Connections
The Cisco 827 ADSL router has one asymmetric digital
subscriber line (ADSL) interface. To connect a router for DSL
service, use a phone cable with RJ-11 connectors. DSL
works over standard telephone lines using pins 3 and 4 on a
standard RJ-11 connector.
172
Computer/Terminal Console Connection
173
Modem Connection to Console/Aux Port
174
HyperTerminal Session Properties
175
Establishing a
HyperTerminal Session
Take the following steps
to connect a terminal to
the console port on the
router:
177
The Purpose of Cisco IOS
As with a computer, a router or switch cannot function without
an operating system. Cisco calls its operating system the
Cisco Internetwork Operating System or Cisco IOS.
179
Setup Mode
Setup is not intended as the mode for entering complex protocol features in the
router. The purpose of the setup mode is to permit the administrator to install a
minimal configuration for a router, unable to locate a configuration from another
source.
In the setup mode, default answers appear in square brackets [ ] following the
question. Press the Enter key to use these defaults.
During the setup process, Ctrl-C can be pressed at any time to terminate the
process. When setup is terminated using Ctrl-C, all interfaces will be
administratively shutdown.
When the configuration process is completed in setup mode, the following options
will be displayed:
The startup process of the router normally loads into RAM and executes
one of these operating environments. The configuration register setting can
be used by the system administrator to control the default start up mode for
the router.
To see the IOS image and version that is running, use the show version
command, which also indicates the configuration register setting.
181
IOS File System Overview
182
Initial Startup of Cisco Routers
A router initializes by loading the bootstrap, the operating system, and a
configuration file.
Upon completion of the setup mode a backup copy of the configuration file
may be saved to nonvolatile RAM (NVRAM).
The goal of the startup routines for Cisco IOS software is to start the router
operations. To do this, the startup routines must accomplish the following:
• Make sure that the router hardware is tested and functional.
• Find and load the Cisco IOS software.
• Find and apply the startup configuration file or enter the setup
mode.
When a Cisco router powers up, it performs a power-on self test (POST).
During this self test, the router executes diagnostics from ROM on all
hardware modules. 183
After the Post…
After the POST, the following events occur as the router initializes:
Step 1
The generic bootstrap loader in ROM executes. A bootstrap is a simple set of
instructions that tests hardware and initializes the IOS for operation.
Step 2
The IOS can be found in several places. The boot field of the configuration register
determines the location to be used in loading the IOS. If the boot field indicates a
flash or network load, boot system commands in the configuration file indicate the
exact name and location of the image.
Step 3
The operating system image is loaded.
Step 4
The configuration file saved in NVRAM is loaded into main memory and executed
one line at a time. The configuration commands start routing processes, supply
addresses for interfaces, and define other operating characteristics of the router.
Step 5
If no valid configuration file exists in NVRAM, the operating system searches for an
184
available TFTP server. If no TFTP server is found, the setup dialog is initiated.
Step in Router Initialization
185
Router LED Indicators
Cisco routers use LED indicators to provide status information.
Depending upon the Cisco router model, the LED indicators will
vary. An interface LED indicates the activity of the corresponding
interface. If an LED is off when the interface is active and the
interface is correctly connected, a problem may be indicated. If an
interface is extremely busy, its LED will always be on. The green OK
LED to the right of the AUX port will be on after the system initializes
correctly.
186
Enhanced
Cisco IOS Commands
187
The show version Command
The show version command displays information about the Cisco IOS
software version that is currently running on the router. This includes the
configuration register and the boot field settings.
Use the show version command to identify router IOS image and boot
source. To find out the amount of flash memory, issue the show flash
command.
188
189
190
Router User Interface Modes
The Cisco command-line interface (CLI) uses a hierarchical structure. This
structure requires entry into different modes to accomplish particular tasks.
As a security feature the Cisco IOS software separates sessions into two
access levels, user EXEC mode and privileged EXEC mode. The privileged
EXEC mode is also known as enable mode.
191
Overview of Router Modes
192
Router Modes
193
User Mode Commands
194
Privileged Mode Commands
NOTE:
There are
many more
commands
available in
privileged
mode.
195
Specific Configuration Modes
196
CLI Command Modes
All command-line interface (CLI) configuration changes to a Cisco router
are made from the global configuration mode. Other more specific modes
are entered depending upon the configuration change that is required.
The following command moves the router into global configuration mode
When specific configuration modes are entered, the router prompt changes
to indicate the current configuration mode.
Typing exit from one of these specific configuration modes will return the
router to global configuration mode. Pressing Ctrl-Z returns the router to all
the way back privileged EXEC mode. 197
Configuring a Router’s Name
A router should be given a unique name as one of the
first configuration tasks.
Router(config)#hostname Tokyo
Tokyo(config)#
199
Message Of The Day (MOTD)
A message-of-the-day (MOTD) banner can be displayed on all
connected terminals.
200
Configuring a Console Password
Passwords restrict access to routers.
Passwords should always be configured for virtual terminal
lines and the console line.
Router(config)#line console 0
Router(config-line)#password <password>
Router(config-line)#login 201
Configuring a Modem Password
If configuring a router via a modem you are most likely
connected to the aux port.
Router(config)#line aux 0
Router(config-line)#password <password>
Router(config-line)#login
202
Configuring Interfaces
An interface needs an IP Address and a Subnet Mask to be configured.
All interfaces are “shutdown” by default.
The DCE end of a serial interface needs a clock rate.
Router#config t
Router(config)#interface serial 0/1
Router(config-if)#ip address 200.100.50.75 255.255.255.240
Router(config-if)#clock rate 56000 (required for serial DCE only)
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ip address 150.100.50.25 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#exit
Router#
On older routers, Serial 0/1 would be just Serial 1 and f0/0 would be e0.
s = serial e = Ethernet f = fast Ethernet 203
Configuring a Telnet Password
A password must be set on one or more of the virtual terminal
(VTY) lines for users to gain remote access to the router using
Telnet.
Router(config)#line vty 0 4
Router(config-line)#password <password>
Router(config-line)#login
204
Examining the show Commands
There are many show commands that can be used to examine the contents of files
in the router and for troubleshooting. In both privileged EXEC and user EXEC
modes, the command show ? provides a list of available show commands. The list
is considerably longer in privileged EXEC mode than it is in user EXEC mode.
show interfaces – Displays all the statistics for all the interfaces on the router.
show int s0/1 – Displays statistics for interface Serial 0/1
show controllers serial – Displays information-specific to the interface hardware
show clock – Shows the time set in the router
show hosts – Displays a cached list of host names and addresses
show users – Displays all users who are connected to the router
show history – Displays a history of commands that have been entered
show flash – Displays info about flash memory and what IOS files are stored there
show version – Displays info about the router and the IOS that is running in RAM
show ARP – Displays the ARP table of the router
show start – Displays the saved configuration located in NVRAM
show run – Displays the configuration currently running in RAM
show protocol – Displays the global and interface specific status of any configured
Layer 3 protocols
205
206
207
208
Ethernet Overview
Ethernet is now the dominant LAN technology in the world.
All LANs must deal with the basic issue of how individual
stations (nodes) are named, and Ethernet is no exception.
211
Layer 2 Framing
Framing is the Layer 2 encapsulation process.
212
Ethernet and IEEE Frame
Formats are Very Similar
213
3 Common Layer 2 Technologies
Ethernet
Uses CSMA/CD logical bus topology
(information flow is on a linear bus)
physical star or extended star (wired as a
star)
Token Ring
logical ring topology (information flow is
controlled in a ring) and a physical star
topology (in other words, it is wired as a
star)
FDDI
logical ring topology (information flow is
controlled in a ring) and physical dual-
ring topology(wired as a dual-ring)
214
Collision Domains
216
Backoff
217
218
Hierarchical Addressing Using
Variable-Length Subnet Masks
221
Range Of Addresses for
VLSM
222
Breakdown Address Space
for Largest Subnet
223
Breakdown Address Space
for Ethernets at Remote Sites
224
Address Space for Serial
Subnets
225
Calculating VLSM: Binary
226
Route Summarization and
Classless Interdomain Routing
228
Summarizing Within an Octet
229
Summarizing Addresses in a
VLSM-Designed Network
230
Classless Interdomain Routing
231
What Is CIDR?
• Addresses are the same as in the route summarization figure, except that
Class B network 172 has been replaced by Class C network 192. 232
CIDR Example
233
234
Anatomy of an IP Packet
IP packets consist of the data from upper layers plus an IP
header. The IP header consists of the following:
235
236
237
238
Administrative Distance
The administrative distance is an optional parameter that gives a measure
of the reliability of the route. The range of an AD is 0-255 where smaller
numbers are more desireable.
Sometimes static routes are used for backup purposes. A static route can
be configured on a router that will only be used when the dynamically
learned route has failed. To use a static route in this manner, simply set the
administrative distance higher than that of the dynamic routing protocol
being used. 239
Configuring Default Routes
Default routes are used to route packets with destinations that do
not match any of the other routes in the routing table.
A default route is actually a special static route that uses this format:
243
Routing Protocol
Router
Switch
Router Router
Router
Router
Switch
What is
an optimal
route ?
244
Routing Protocols
Routing protocols
includes the following:
Examples of routing
protocols that support
the IP routed protocol
are:
RIP, IGRP,
OSPF, BGP,
and EIGRP.
245
246
Routed Protocols
Protocols used at the network layer that transfer data from one host to another across
a router are called routed or routable protocols. The Internet Protocol (IP) and Novell's
Internetwork Packet Exchange (IPX) are examples of routed protocols. Routers use
routing protocols to exchange routing tables and share routing information. In other
words, routing protocols enable routers to route routed protocols.
247
248
Autonomous System An Autonomous System (AS) is a group of IP networks, which
has a single and clearly defined external routing policy.
EGP
Exterior Gateway
Protocols are used
for routing between
Autonomous Systems
AS 1000 AS 3000
IGP
Interior Gateway Protocols are
used for routing decisions
AS 2000 within an Autonomous System.
249
Fig. 48 IGP and EGP (TI1332EU02TI_0004 The Network Layer, 67)
Interior Gateway Protocol Exterior Gateway Interior Gateway Protocol
(IGP) Protocol (EGP) (IGP)
AS 1000 AS 3000
EGP
EGP IGP
EGP
AS 2000
250
Fig. 49 The use of IGP and EGP protocols (TI1332EU02TI_0004 The Network Layer, 67)
IGP and EGP
An autonomous system is a network or set of networks under
common administrative control, such as the cisco.com domain.
251
Categories of Routing
Protocols
Most routing algorithms can be classified into one of two
categories:
• distance vector
• link-state
253
Distance Vector Routing (DVR)
Routing table contains the addresses
Destination Distance
of destinations and the distance
192.16.1.0 1 of the way to this destination.
192.16.5.0 1
192.16.7.0 2
2 Hops
1 Hop 1 Hop
192.16.5.0
254
Routing Tables Graphic
255
Distance Vector
Topology Changes
256
Router Metric Components
257
Distance Vector Routing (DVR)
192.16.3.0
192.16.2.0 192.16.6.0
192.16.5.0
192.16.7.0 2 C 192.16.1.0 2 B
259
Fig. 53 Distribution of routing information with distance vector routing protocol (cont.) (TI1332EU02TI_0004 The Network Layer, 71)
RIPv1
Distance Vector Routing Protocol,
classful
261
RIP-1 permits only a Single Subnet Mask
Port 1
130.24.13.1/24
130.24.13.0/24
130.24.25.0/24 Router A
RIP-1: 130.24.0.0
Port 2 200.14.13.0/24
130.24.36.0/24 200.14.13.2/24
262
Fig. 60 RIP-1 permits only a single subnet mask (TI1332EU02TI_0004 The Network Layer, 83)
Router Configuration
The router command starts a routing process.
GAD(config)#router rip
GAD(config-router)#network 172.16.0.0
264
Verifying RIP Configuration
265
The debug ip rip Command
Most of the RIP
configuration
errors involve an
incorrect network
statement,
discontiguous
subnets, or split
horizons. One
highly effective
command for
finding RIP update
issues is the
debug ip rip
command. The
debug ip rip
command
displays RIP
routing updates as
they are sent and
received. 266
Routing loops
can occur Problem: Routing Loops
when
inconsistent
routing tables
are not
updated due
to slow
convergence
in a changing
network.
267
Problem: Counting to Infinity
268
Solution: Define a Maximum
269
Solution: Split Horizon
270
Route Poisoning
Route poisoning is used by various distance vector protocols in order to
overcome large routing loops and offer explicit information when a subnet
or network is not accessible. This is usually accomplished by setting the
hop count to one more than the maximum.
271
Triggered Updates
New routing tables are sent to neighboring routers on a regular basis.
When a route fails, an update is sent immediately rather than waiting on the
update timer to expire.
Triggered updates, used in conjunction with route poisoning, ensure that all
routers know of failed routes before any holddown timers can expire.
272
Triggered Updates Graphic
273
Solution: Holddown Timers
274
IGRP
Interior Gateway Routing Protocol (IGRP) is a proprietary
protocol developed by Cisco.
275
IGRP Stability Features
IGRP has a number of features that are designed to enhance its stability, such as:
• Holddowns
• Split horizons
• Poison reverse updates
Holddowns
Holddowns are used to prevent regular update messages from inappropriately
reinstating a route that may not be up.
Split horizons
Split horizons are derived from the premise that it is usually not useful to send
information about a route back in the direction from which it came.
Today, IGRP is showing its age, it lacks support for variable length subnet masks
(VLSM). Rather than develop an IGRP version 2 to correct this problem, Cisco has
built upon IGRP's legacy of success with Enhanced IGRP. 276
Configuring IGRP
277
Routing Metrics Graphics
278
Link State Concepts
279
Link State Topology Changes
280
Link State Routing (LSR)
LSP: LSP:
„My links to SPF „My links to R1 and R3 are
R2 and R4 are up“ up.
Routing My link to R2 is down.“
Table
Router 1 Router 4
Router 2 Router 3
282
Link State Routing (LSR)
1
Router A Router C 4
2 2 Router E
1
4
Router B Router D
A B C D
B C A D D A E C B
D C E E B A
283
E
Link State Routing Features
Link-state algorithms are also known as Dijkstras algorithm or as SPF (shortest path first)
algorithms.
The distance vector algorithm are also known as Bellman-Ford algorithms. They have
nonspecific information about distant networks and no knowledge of distant routers.
A link-state routing algorithm maintains full knowledge of distant routers and how they
interconnect. Link-state routing uses:
• Topological database
A topological database is a collection of information gathered from LSAs.
• SPF algorithm
The shortest path first (SPF) algorithm is a calculation performed on the
database resulting in the SPF tree.
284
• Routing tables – A list of the known paths and interfaces.
Link State Routing
285
Comparing Routing Methods
286
OSPF (Open Shortest Path First)
Protocol
288
Link-State Data Structures
– Neighbor table:
• Also known as the adjacency database
(list of recognized neighbors)
– Topology table:
• Typically referred to as LSDB
(routers and links in the area or network)
• All routers within an area have an identical LSDB
– Routing table:
• Commonly named a forwarding database
(list of best paths to destinations)
289
OSPF vs. RIP
RIP is limited to 15 hops, it converges slowly, and it sometimes chooses
slow routes because it ignores critical factors such as bandwidth in route
determination. OSPF overcomes these limitations and proves to be a
robust and scalable routing protocol suitable for the networks of today.
290
OSPF Terminology
The next several slides explain various OSPF terms
-one per slide.
291
OSPF Term: Link
292
OSPF Term: Link State
293
OSPF Term: Area
294
OSPF Term: Link Cost
295
OSPF Term: Forwarding Database
296
OSPF Term: Adjacencies Database
297
OSPF Terms: DR & BDR
298
Link-State Data Structure:
Network Hierarchy
299
OSPF Areas
300
Area Terminology
301
LS Data Structures: Adjacency
Database
302
OSPF Adjacencies
305
OSPF Packet Types
306
OSPF Packet Header Format
307
Neighborship
308
Establishing Bidirectional
Communication
309
Establishing Bidirectional
Communication (Cont.)
310
Establishing Bidirectional
Communication (Cont.)
311
Establishing Bidirectional
Communication
312
Discovering the Network Routes
313
Discovering the Network Routes
314
Adding the Link-State Entries
315
Adding the Link-State Entries
(Cont.)
316
Adding the Link-State Entries
317
Maintaining Routing Information
Router(config-router)#
network address inverse-mask area [area-id]
323
Verifying OSPF Operation
Router#
show ip protocols
Router#
show ip ospf
Router#
show ip ospf neighbor [detail]
326
The show ip ospf interface
Command
RouterA# show ip ospf interface e0
327
The show ip ospf neighbor
Command
RouterB# show ip ospf neighbor
328
show ip protocol
show ip route
329
show ip ospf neighbor detail
330
OSPF Network Types - 1
331
Point-to-Point Links
336
Creation of Adjacencies
RouterA# debug ip ospf adj
337
Creation of Adjacencies (Cont.)
RouterA# debug ip ospf adj
338
339
Overview
Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-
proprietary routing protocol based on Interior Gateway Routing Protocol
(IGRP).
342
Comparing EIGRP with IGRP
343
Comparing EIGRP with IGRP
344
EIGRP Concepts & Terminology
EIGRP routers keep route and topology information readily
available in RAM, so they can react quickly to changes.
When the hold time expires, the Diffusing Update Algorithm (DUAL),
which is the EIGRP distance vector algorithm, is informed of the
topology change and must recalculate the new topology.
346
Topology Table
The topology table is made up of all the EIGRP routing tables in the
autonomous system.
DUAL takes the information supplied in the neighbor table and the topology
table and calculates the lowest cost routes to each destination. By
tracking this information, EIGRP routers can identify and switch to alternate
routes quickly.
The information that the router learns from the DUAL is used to determine
the successor route, which is the term used to identify the primary or best
route.
A copy is also placed in the topology table.
Every EIGRP router maintains a topology table for each configured network
protocol. All learned routes to a destination are maintained in the topology
table.
347
Routing Table
The EIGRP routing table holds the best routes to a destination. This
information is retrieved from the topology table. Each EIGRP router
maintains a routing table for each network protocol.
There can be up to four successor routes for any particular route. These
can be of equal or unequal cost and are identified as the best loop-free
paths to a given destination.
EIGRP relies on hello packets to discover, verify, and rediscover neighbor routers.
Rediscovery occurs if EIGRP routers do not receive hellos from each other for a
hold time interval but then re-establish communication.
EIGRP routers send hellos at a fixed but configurable interval, called the hello
interval. The default hello interval depends on the bandwidth of the interface.
350
EIGRP Algorithm
The sophisticated DUAL algorithm results in the exceptionally fast
convergence of EIGRP.
Each router constructs a topology table that contains information about how
to route to a destination network.
The Topology heading identifies the preferred primary route, called the
successor route (Successor), and, where identified, the backup route,
called the feasible successor (FS). Note that it is not necessary to have an
identified feasible successor.
351
FS Route Selection Rules
352
DUAL Example
353
Configuring EIGRP
354
355
356
357
Verifying the EIGRP Configuration
358
359
show ip eigrp topology
360
show ip eigrp topology
all-links
361
Administrative Distances
362
Classful and Classless
Routing Protocols
363
364
What are ACLs?
ACLs are lists of conditions that are applied to traffic traveling
across a router's interface. These lists tell the router what types
of packets to accept or deny. Acceptance and denial can be
based on specified conditions.
367
How ACLs Filter Traffic
368
One List per Port, per
Destination, per Protocol...
369
How ACLs work.
370
Creating ACLs
ACLs are created in the global configuration mode. There are many
different types of ACLs including standard, extended, IPX,
AppleTalk, and others. When configuring ACLs on a router, each
ACL must be uniquely identified by assigning a number to it. This
number identifies the type of access list created and must fall within
the specific range of numbers that is valid for that type of list.
372
The ip access-group command
{ in | out }
373
ACL Example
374
Basic Rules for ACLs
These basic rules should be followed when creating and applying access lists:
While subnet masks start with binary 1s and end with binary 0s,
wildcard masks are the reverse meaning they typically start with
binary 0s and end with binary 1s.
In the examples that follow Cisco has chosen to represent the binary
1s in the wilcard masks with Xs to focus on the specific bits being
shown in each example.
You will see that while subnet masks were ANDed with ip
addresses, wildcard masks are ORed with IP addresses.
.
376
Wildcard Mask Example #1
377
Wildcard Mask Example #2
378
Wildcard Mask Example #3
379
Wildcard Mask Example #4 - Even IPs
380
Wildcard Mask Example #5 - Odd IP#s
381
The any and host Keywords
382
Verifying ACLs
There are many show commands that will verify the content
and placement of ACLs on the router.
The comparison will result in either permit or deny access for an entire protocol
suite, based on the network, subnet, and host addresses.
Router(config)#access-list access-list-number
{deny | permit} source [source-wildcard ] [log]
The no form of this command is used to remove a standard ACL. This is the syntax:
384
Router(config)#no access-list access-list-number
Extended ACLs
Extended ACLs are used more often than standard ACLs because they provide a
greater range of control. Extended ACLs check the source and destination packet
addresses as well as being able to check for protocols and port numbers.
The syntax for the extended ACL statement can get very long and often will wrap in
the terminal window.
The wildcards also have the option of using the host or any keywords in the
command.
At the end of the extended ACL statement, additional precision is gained from a field
that specifies the optional Transmission Control Protocol (TCP) or User Datagram
Protocol (UDP) port number.
Logical operations may be specified such as, equal (eq), not equal (neq), greater
than (gt), and less than (lt), that the extended ACL will perform on specific protocols.
Extended ACLs use an access-list-number in the range 100 to 199 (also from 2000
to 2699 in recent IOS). 385
Extended ACL Syntax
386
387
Extended ACL Example
This extended ACL will allow people in network 200.100.50.0
to surfing the internet, but not allow any other protocols like
email, ftp, etc.
NOTE: Just like all Standard ACLs end with an implicit "deny
any", all Extended ACLs end with an implicit "deny ip any any"
which means deny the entire internet from anywhere to
anywhere. 388
ip access-group
The ip access-group command links an existing standard or
extended ACL to an interface.
Remember that only one ACL per interface, per direction, per
protocol is allowed.
Router(config-if)#ip access-group
access-list-number {in | out}
389
Named ACLs
IP named ACLs were introduced in Cisco IOS Software Release 11.2,
allowing standard and extended ACLs to be given names instead of
numbers.
Named ACLs are not compatible with Cisco IOS releases prior to Release
11.2.
390
Named ACL Example
391
Placing ACLs
The general rule is to put the extended ACLs as close as possible to the
source of the traffic denied. Standard ACLs do not specify destination
addresses, so they should be placed as close to the destination as
possible. For example, in the graphic a standard ACL should be placed on
Fa0/0 of Router D to prevent traffic from Router A.
392
393
Permitting a Single Host
Router(config)# access-list 1 permit 200.100.50.23 0.0.0.0
or
Router(config)# access-list 1 permit host 200.100.50.23
or
Router(config)# access-list 1 permit 200.100.50.23
Router(config)# int e0
Router(config-if)# ip access-group 1 in
or
Router(config-if)# ip access-group 1 out
394
Denying a Single Host
Router(config)# access-list 1 deny 200.100.50.23 0.0.0.0
Router(config)# access-list 1 permit 0.0.0.0 255.255.255.255
or
Router(config)# access-list 1 deny host 200.100.50.23
Router(config)# access-list 1 permit any
Router(config)# int e0
Router(config-if)# ip access-group 1 in
or
Router(config-if)# ip access-group 1 out
395
Permitting a Single Network
Class C
Router(config)# access-list 1 permit 200.100.50.0 0.0.0.255
or
Class B
Router(config)# access-list 1 permit 150.75.0.0 0.0.255.255
or
Class A
Router(config)# access-list 1 permit 13.0.0.0 0.255.255.255
Router(config)# int e0
Router(config-if)# ip access-group 1 in
or
396
Router(config-if)# ip access-group 1 out
Denying a Single Network
Class C
Router(config)# access-list 1 deny 200.100.50.0 0.0.0.255
Router(config)# access-list 1 permit any
or
Class B
Router(config)# access-list 1 deny 150.75.0.0 0.0.255.255
Router(config)# access-list 1 permit any
or
Class A
Router(config)# access-list 1 deny 13.0.0.0 0.255.255.255
Router(config)# access-list 1 permit any
Process:
32-28=4 2^4 = 16
1st Usable Subnet address range it 200.100.50.16-31
2nd Usable Subnet address range it 200.100.50.32-47
3rd Usable Subnet address range it 200.100.50.48-63
Process:
32-27=5 2^5=32
1st Usable Subnet address range it 192.68.72.32-63
2nd Usable Subnet address range it 192.68.72.64-95
Process:
Since exactly 8 bits are borrowed the 3rd octet will denote the
subnet number.
129th Usable Subnet address range it 150.75.129.0-255
Process:
32-22=10 (more than 1 octet) 10-8=2 2^2=4
1st Usable Subnet address range it 160.88.4.0-160.88.7.255
2nd Usable Subnet address range it 160.88.8.0-160.88.11.255
Process:
32-12=20 20-16=4 2^4=16
1st Usable Subnet address range is 111.16.0.0-111.31.255.255
13*16=208
13th Usable Subnet address range is 111.208.0.0-111.223.255.255
402
(The implicit “deny any” ensures that everyone else is denied.)
Denying a Class A Subnet
Network Address/Subnet Mask: 40.0.0.0/24
Undesired Subnet: 500th
Process:
Since exactly 16 bits were borrowed the 2nd and 3rd octet will
denote the subnet.
406
Permit 200.100.50.16-127 Plan A
access-list 1 permit 200.100.50.16 0.0.0.15 (16-31)
407
Permit 200.100.50.16-127 Plan B
access-list 1 deny 200.100.50.0 0.0.0.15 (0-15)
411
Deny Source Network
access-list 101 deny ip 200.100.50.0 0.0.0.255
0.0.0.0 255.255.255.255
access-list 101 permit ip 0.0.0.0 255.255.255.255
0.0.0.0 255.255.255.255
or
413
Deny Destination Network
access-list 101 deny ip 0.0.0.0 255.255.255.255
200.100.50.0 0.0.0.255
access-list 101 permit ip 0.0.0.0 255.255.255.255
0.0.0.0 255.255.255.255
or
or
or
or
420
access-list 101 permit ip any any
Complicated Example #2
Suppose you are the admin of network 200.100.50.0. You want to permit
Email only between your network and network 150.75.0.0. You wish to place
no restriction on other protocols like web surfing, ftp, telnet, etc.
• Email server send/receive Protocol: SMTP, port 25
• User Check Email Protocol: POP3, port 110
This example assumes the your Email server is at addresses 200.100.50.25
422
Fig. 3 NAT (TI1332EU02TI_0003 New Address Concepts, 7)
New addressing concepts
423
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
NAT: Network Address Translator
NAT
Translates between local addresses and public ones
Many private hosts share few global addresses
translate reserve
To be pool
translated
map
NAT
exclude exclude
NAT Router
425
Fig. 5 Translation mechanism (TI1332EU02TI_0003 New Address Concepts, 9)
free
NAT
Pool
• Inside Global
– NAT uses an inside global address to represent the
inside host as the packet is sent through the outside
network, typically the Internet.
– A NAT router changes the source IP address of a packet
sent by an inside host from an inside local address to an
inside global address as the packet goes from the inside
to the outside network.
427
NAT Addressing Terms
• Outside Global
– The term “outside” refers to an address used for a
host outside an enterprise, the Internet.
– An outside global is the actual IP address assigned to
a host that resides in the outside network, typically the
Internet.
• Outside Local
– NAT uses an outside local address to represent the
outside host as the packet is sent through the private
enterprise network.
– A NAT router changes a packet’s destination IP
address, sent from an outside global address to an
inside host, as the packet goes from the outside to the
inside network.
428
WAN
Router
10.47.10.10 192.50.20.5
429
Fig. 7 An example for NAT (TI1332EU02TI_0003 New Address Concepts, 13)
WAN
NAT with Router
WAN interface:
138.76.28.4
138.76.29.7
Router
SA = 138.76.28.4 SA = 138.76.29.7
DA =138.76.29.7 DA = 138.76.28.4
Router
SA = 10.0.0.10 SA = 138.76.29.7
DA = 138.76.29.7 DA = 10.0.0.10
Net A
10.0.0.0/8
10.0.0.10
430
Fig. 11 An example for NAPT (TI1332EU02TI_0003 New Address Concepts, 21)
Types Of NAT
• There are different types of NAT that can
be used, which are
– Static NAT
– Dynamic NAT
– Overloading NAT with PAT (NAPT)
431
Static NAT
• With static NAT, the NAT router simply
configures a one-to-one mapping between
the private address and the registered
address that is used on its behalf.
432
433
Dynamic NAT
• Like static NAT, the NAT router creates a one-
to-one mapping between an inside local and
inside global address and changes the IP
addresses in packets as they exit and enter
the inside network.
434
Dynamic NAT
436
Fig. 9 NAPT (TI1332EU02TI_0003 New Address Concepts, 17)
WAN
NAPT with Router
WAN interface:
138.76.28.4
138.76.29.7
Router
Router
Net A
10.0.0.0/8
10.0.0.10
437
Fig. 11 An example for NAPT (TI1332EU02TI_0003 New Address Concepts, 21)
PATwith
PAT withe.g.
e.g.aasingle
singlepublic
publicIP
IPaddress
address
single public
IP address
private IP network
WAN
(e.g. SOHO)
local IP @,
registered IP @,
local TU port # mapping
assigned TU port #
438
TU....TCP/UDP
Fig. 10 NAPT (TI1332EU02TI_0003 New Address Concepts, 19)
NAT&PAT
Network Address Translation
&
Port Address Transation
439
Fig. 3 NAT (TI1332EU02TI_0003 New Address Concepts, 7)
New addressing concepts
440
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
NAT: Network Address Translator
NAT
Translates between local addresses and public ones
Many private hosts share few global addresses
translate reserve
To be pool
translated
map
NAT
exclude exclude
NAT Router
442
Fig. 5 Translation mechanism (TI1332EU02TI_0003 New Address Concepts, 9)
free
NAT
Pool
Router
10.47.10.10 192.50.20.5
445
Fig. 7 An example for NAT (TI1332EU02TI_0003 New Address Concepts, 13)
WAN
NAT with Router
WAN interface:
138.76.28.4
138.76.29.7
Router
SA = 138.76.28.4 SA = 138.76.29.7
DA =138.76.29.7 DA = 138.76.28.4
Router
SA = 10.0.0.10 SA = 138.76.29.7
DA = 138.76.29.7 DA = 10.0.0.10
Net A
10.0.0.0/8
10.0.0.10
446
Fig. 11 An example for NAPT (TI1332EU02TI_0003 New Address Concepts, 21)
Types Of NAT
• There are different types of NAT that can
be used, which are
– Static NAT
– Dynamic NAT
– Overloading NAT with PAT (NAT Over PAT)
447
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
Static NAT
• With static NAT, the NAT router simply
configures a one-to-one mapping between
the private address and the registered
address that is used on its behalf.
448
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
449
Static NAT Configuration
• See Example
450
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
Dynamic NAT
• Like static NAT, the NAT router creates a one-
to-one mapping between an inside local and
inside global address and changes the IP
addresses in packets as they exit and enter
the inside network.
451
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
Dynamic NAT
• See Example
453
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
PAT
Port Address Translator
454
Fig. 9 NAPT (TI1332EU02TI_0003 New Address Concepts, 17)
WAN
NAPT with Router
WAN interface:
138.76.28.4
138.76.29.7
Router
Router
Net A
10.0.0.0/8
10.0.0.10
455
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
PATwith
PAT withe.g.
e.g.aasingle
singlepublic
publicIP
IPaddress
address
single public
IP address
private IP network
WAN
(e.g. SOHO)
local IP @,
registered IP @,
local TU port # mapping
assigned TU port #
456
TU....TCP/UDP
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
PAT Configuration
• See Example
457
Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts, 5)
458
Ethernet Access with Hubs
459
Ethernet Access with Bridges
460
Ethernet Access with Switches
461
Today's LAN
462
Full Duplex Transmitting
Full-duplex Ethernet allows the transmission of a packet and the reception of a
different packet at the same time.
This simultaneous transmission and reception requires the use of two pairs of wires
in the cable and a switched connection between each node. This connection is
considered point-to-point and is collision free.
The full-duplex Ethernet switch takes advantage of the two pairs of wires in the
cable by creating a direct connection between the transmit (TX) at one end of the
circuit and the receive (RX) at the other end.
Ethernet usually can only use 50%-60% of the available 10 Mbps of bandwidth
because of collisions and latency. Full-duplex Ethernet offers 100% of the
bandwidth in both directions. This produces a potential 20 Mbps throughput.
463
464
Collision Domains
465
Segmentation with Bridges
466
Segmentation with Routers
467
Segmentation with Switches
468
Basic Operations of a Switch
Switching is a technology that decreases congestion in Ethernet, Token
Ring, and FDDI LANs. Switching accomplishes this by reducing traffic and
increasing bandwidth. LAN switches are often used to replace shared hubs
and are designed to work with existing cable infrastructures.
Switching equipment performs the following two basic operations:
• Switching data frames
• Maintaining switching operations
469
Switching Methods
1. Store-and-Forward
The entire frame is received before any forwarding takes place. Filters are
applied before the frame is forwarded. Most reliable and also most latency
especially when frames are large.
2. Cut-Through
The frame is forwarded through the switch before the entire frame is
received. At a minimum the frame destination address must be read before
the frame can be forwarded. This mode decreases the latency of the
transmission, but also reduces error detection.
3. Fragment-Free
Fragment-free switching filters out collision fragments before forwarding
begins. Collision fragments are the majority of packet errors. In a properly
functioning network, collision fragments must be smaller than 64 bytes.
Anything > 64 bytes is a valid packet and is usually received without error.
470
Frame Transmission Modes
471
Benefits of Switching
472
How Switches and Bridges
Learn Addresses
Bridges and switches learn in the following ways:
475
Microsegmentation of a Network
476
Microsegmentation
477
3 Methods of Communication
478
Switches & Broadcast Domains
When two switches are connected, the broadcast domain is increased.
The overall result is a reduction in available bandwidth. This happens because all
devices in the broadcast domain must receive and process the broadcast frame.
Routers are Layer 3 devices. Routers do not propagate broadcasts. Routers are
used to segment both collision and broadcast domains.
479
Broadcast Domain
480
481
Overview
To design reliable, manageable, and scalable networks, a network
designer must realize that each of the major components of a
network has distinct design requirements.
Good network design will improve performance and also reduce the
difficulties associated with network growth and evolution.
Each of these LAN design layers requires switches that are best
suited for specific tasks. 482
The Access Layer
The access layer is the entry point for user workstations and servers to
the network. In a campus LAN the device used at the access layer can
be a switch or a hub.
483
Access Layer Switches
Access layer switches operate at Layer 2 of the OSI model
The distribution layer isolates network problems to the workgroups in which they
occur. The distribution layer also prevents these problems from affecting the core
layer. Switches in this layer operate at Layer 2 and Layer 3.
485
Distribution Layer Switches
The distribution layer switch must have high performance.
The following Cisco switches are suitable for the distribution layer:
• Catalyst 2926G
• Catalyst 5000 family
• Catalyst 6000 family 486
The Core Layer
The core layer is a high-speed switching backbone.
This layer of the network design should not perform any packet manipulation.
Packet manipulation, such as access list filtering, would slow down the process.
Providing a core infrastructure with redundant alternate paths gives stability to the
network in the event of a single device failure.
487
Core Layer Switches
The switches in this layer can make use of a number of Layer 2
technologies. Provided that the distance between the core layer
switches is not too great, the switches can use Ethernet technology.
The following Cisco switches are suitable for the core layer:
• Catalyst 6500 series
• Catalyst 8500 series
• IGX 8400 series
• Lightstream 1010 488
489
Physical Startup of the Catalyst Switch
Switches are dedicated, specialized
computers, which contain a CPU, RAM, and
an operating system.
• System LED
• Remote Power Supply (RPS) LED
• Port Mode LED
• Port Status LEDs
The System LED shows whether the system is receiving power and
functioning correctly.
The RPS LED indicates whether or not the remote power supply is in use.
The Mode LEDs indicate the current state of the Mode button.
The Port Status LEDs have different meanings, depending on the current
value of the Mode LED. 491
Verifying Port LEDs During Switch POST
Once the power cable is connected, the switch initiates a
series of tests called the power-on self test (POST).
492
Connecting a Switch to a Computer
493
Examining Help in the Switch CLI
The command-line interface (CLI) for Cisco switches is very
similar to the CLI for Cisco routers.
496
Setting Switch Hostname
Setting Passwords on Lines
497
498
Overview
Redundancy in a network is extremely important because
redundancy allows networks to be fault tolerant.
500
Broadcast Storms
Broadcasts and multicasts can cause problems in a switched network.
Multicasts are treated as broadcasts by the switches.
Broadcasts and multicasts frames are flooded out all ports, except the one on
which the frame was received.
The switches continue to propagate broadcast traffic over and over. This is
called a broadcast storm. This will continue until one of the switches is
disconnected. The network will appear to be down or extremely slow.
501
Multiple Frame Transmissions
In a redundant switched network it is possible for an end device to receive
multiple frames. Assume that the MAC address of Router Y has been timed
out by both switches. Also assume that Host X still has the MAC address of
Router Y in its ARP cache and sends a unicast frame to Router Y. The router
receives the frame because it is on the same segment as Host X. Switch A
does not have the MAC address of the Router Y and will therefore flood the
frame out its ports. Switch B also does not know which port Router Y is on.
Switch B then floods the frame it received causing Router Y to receive
multiple copies of the same frame. This is a cause of unnecessary processing
in all devices.
502
MAC Database Instability
A switch can incorrectly learn that a MAC address is on one port, when it is
actually on a different port. In this example the MAC address of Router Y is
not in the MAC address table of either switch. Host X sends a frame directed
to Router Y. Switches A & B learn the MAC address of Host X on port 0. The
frame to Router Y is flooded on port 1 of both switches. Switches A and B see
this information on port 1 and incorrectly learn the MAC address of Host X on
port 1. When Router Y sends a frame to Host X, Switch A and Switch B will
also receive the frame and will send it out port 1. This is unnecessary, but the
switches have incorrectly learned that Host X is on port 1.
503
Using Bridging Loops
for Redundancy
504
Logical Loop Free Topology
Created with STP
505
NOTE:
Don’t confuse Spanning Tree Protocol
(STP) with Shielded Twisted Pair (STP).
506
Spanning Tree Protocol - 1
Ethernet bridges
and switches can
implement the
IEEE 802.1D
Spanning-Tree
Protocol and use
the spanning-tree
algorithm to
construct a loop
free shortest path
network.
Shortest path is
based on
cumulative link
costs.
Link costs are
based on the
speed of the link. 507
Spanning Tree Protocol - 2
The Spanning-Tree Protocol
establishes a root node, called the
root bridge/switch.
The BID consists of a bridge priority that defaults to 32768 and the
switch base MAC address.
When a switch first starts up, it assumes it is the root switch and
sends BPDUs. These BPDUs contain the switch MAC address in both
the root and sender BID. As a switch receives a BPDU with a lower
root BID it replaces that in the BPDUs that are sent out. All bridges
see these and decide that the bridge with the smallest BID value will
be the root bridge.
root switch.
• Select ports that are part of the spanning tree, the
designated ports. Non-designated ports are blocked.
510
Spanning Tree Operation
When the network has stabilized, it has converged and there is one spanning
tree per network. As a result, for every switched network the following
elements exist:
• One root bridge per network
• One root port per non root bridge
• One designated port per segment
• Unused, non-designated ports
Root ports and designated ports are used for forwarding (F) data traffic.
Non-designated ports discard data traffic.
Non-designated ports are called blocking (B) or discarding ports.
511
Spanning Tree Port States
512
Spanning Tree Recalculation
A switched internetwork has converged when all the switch and
bridge ports are in either the forwarding or blocked state.
514
515
VLANs
VLAN implementation combines Layer 2 switching and Layer 3 routing
technologies to limit both collision domains and broadcast domains.
This limits the size of the broadcast domains and uses the router to
determine whether one VLAN can talk to another VLAN.
NOTE: This is the only way a switch can break up a broadcast domain!
516
Setting up VLAN Implementation
517
VLAN Communication
518
VLAN Membership Modes
• All users attached to same switch port must be in the same VLAN.
520
Configuring VLANs in Global
Mode
Switch#configure terminal
Switch(config)#vlan 3
Switch(config-vlan)#name Vlan3
Switch(config-vlan)#exit
Switch(config)#end
521
Configuring VLANs
in VLAN Database Mode
Switch#vlan database
Switch(vlan)#vlan 3
VLAN 3 added:
Name: VLAN0003
Switch(vlan)#exit
APPLY completed.
Exiting....
522
Deleting VLANs in Global Mode
Switch#configure terminal
Switch(config)#no vlan 3
Switch(config)#end
523
Deleting VLANs
in VLAN Database Mode
Switch#vlan database
Switch(vlan)#no vlan 3
VLAN 3 deleted:
Name: VLAN0003
Switch(vlan)#exit
APPLY completed.
Exiting....
524
Assigning Access Ports to a
VLAN
Switch(config)#interface gigabitethernet 1/1
525
Verifying the VLAN
Configuration
Switch#show vlan [id | name] [vlan_num | vlan_name]
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
51 enet 100051 1500 - - - - - 0 0
52 enet 100052 1500 - - - - - 0 0
…
528
© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-528
VLAN Trunking
529
Importance of Native VLANs
530
ISL Encapsulation
531
ISL and Layer 2 Encapsulation
532
Configuring ISL Trunking
Switch(config)#interface fastethernet 2/1
533
Verifying ISL Trunking
Switch#show running-config interface {fastethernet |
gigabitethernet} slot/port
534
802.1Q Trunking
535
Configuring 802.1Q Trunking
536
Verifying 802.1Q Trunking
Switch#show running-config interface {fastethernet |
gigabitethernet} slot/port
. . .
537
Implementing VLAN Trunk Protocol
538
© 2003, Cisco Systems, Inc. All rights reserved. BCMSN 2.0—2-538
VTP Protocol Features
– Advertises VLAN configuration information
– Maintains VLAN configuration consistency throughout a
common administrative domain
– Sends advertisements on trunk ports only
539
VTP Modes
• Creates, modifies, and deletes
VLANs
• Sends and forwards
advertisements
• Synchronizes VLAN
configurations
• Saves configuration in NVRAM
• Cannot create,
change, or delete • Creates, modifies, and
VLANs deletes VLANs locally
• Forwards only
advertisements • Forwards
• Synchronizes advertisements
VLAN • Does not
configurations synchronize VLAN
• Does not save in configurations
NVRAM • Saves configuration in
NVRAM 540
VTP Operation
• VTP advertisements are sent as multicast frames.
• VTP servers and clients are synchronized to the latest update identified
revision number.
• VTP advertisements are sent every 5 minutes or when there is a change.
541
VTP Pruning
542
VTP Configuration Guidelines
– Configure the following:
• VTP domain name
• VTP mode (server mode is the default)
• VTP pruning
• VTP password
543
Configuring a VTP Server
Switch(config)#vtp server
Switch(config)#vtp pruning
Switch#configure terminal
Switch(config)#vtp server
545
Verifying the VTP Configuration
Switch#show vtp status
VTP Version : 2
Configuration Revision : 247
Maximum VLANs supported locally : 1005
Number of existing VLANs : 33
VTP Operating Mode : Client
VTP Domain Name : Lab_Network
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80
Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49
Switch#
546
Verifying the VTP Configuration
(Cont.)
Switch#show vtp counters
VTP statistics:
Summary advertisements received : 7
Subset advertisements received : 5
Request advertisements received : 0
Summary advertisements transmitted : 997
Subset advertisements transmitted : 13
Request advertisements transmitted : 3
Number of config revision errors : 0
Number of config digest errors : 0
Number of V1 summary errors : 0
551
WAN Connection Types
• Leased lines
– It is a pre-established WAN communications path
from the CPE, through the DCE switch, to the CPE
of the remote site, allowing DTE networks to
communicate at any time with no setup procedures
before transmitting data.
• Circuit switching
– Sets up line like a phone call. No data can transfer
before the end-to-end connection is established.
552
WAN Connection Types
• Packet switching
– WAN switching method that allows you to share
bandwidth with other companies to save money. As
long as you are not constantly transmitting data and
are instead using bursty data transfers, packet
switching can save you a lot of money.
555
Determining the WAN Type to
Use
• Availability
– Each type of service may be available in certain
geographical areas.
• Bandwidth
– Determining usage over the WAN is important to
evaluate the most cost-effective WAN service.
• Cost
– Making a compromise between the traffic you need to
transfer and the type of service with the available cost
that will suit you.
556
Determining the WAN Type to
Use
• Ease of Management
– Connection management includes both the initial
start-up configuration and the outgoing configuration
of the normal operation.
• Application Traffic
– Traffic may be as small as during a terminal session ,
or very large packets as during file transfer.
557
Max. WAN Speeds for WAN
Connections
WAN Type Maximum
Speed
Asynchronous Dial-Up 56-64 Kbps
ISDN – PRI E1 / T1
560
HDLC
• HDLC Frame Format
562
Point-to-Point Protocol (PPP)
• PPP discards frames that do not pass the
error check.
• PPP is a standard protocol, and so it can
be used with all types of routers (not Cisco
Proprietary).
563
PPP LCP Features
• Authentication
• Compression
• Multilink PPP
• Error Detection
• Looped Link Detection
564
565
566
Compression
• Compression enables higher data throughput
across the link.
• Different compression schemes are available:
– Predictor : checks if the data was already
compressed.
– Stacker : it looks at the data stream and only sends
each type of data once with information about where
the type occurs and then the receiving side uses this
information to reassemble the data stream.
– MPPC (Microsoft Point-to-Point Compression) :
allows Cisco routers to compress data with Microsoft
clients.
567
PPP Multilink
• PPP Multilink provides load balancing over
dialer interfaces-including ISDN,
synchronous, and asynchronous
interfaces.
569
Looped Link Detection
• PPP can detect looped links (that are
sometimes done by Teleco companies)
using what is called Magic Number.
• To configure Compression
– Router(Config-if)#compress [predictor|stack|mppc]
571
Frame Relay
572
© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-572
573
574
Frame Relay
• Frame Relay networks use permanent virtual circuits
(PVCs) or switched virtual circuits (SVCs) but most
nowadays Frame Relay networks use permanent virtual
circuits (PVCs).
• The logical path between each pair of routers is called a
Virtual Circuit (VC).
• VCs share the access link and the frame relay network.
• Each VC is committed to a CIR (Committed Information
Rate) which is a guarantee by the provider that a
particular VC gets at least this much of BW.
575
PVC
PC PVC
Port PVC
CPE
SVC
UNI
SVC
Controller
Router ISDN dial-up connection
or Switch
direct connection
(V.35, E1, RS232)
PBX
Video
576
LMI and Encapsulation Types
• The LMI is a definition of the messages used between
the DTE and the DCE.
• The switch and its connected router care about using the
same LMI; the switch does not care about the
encapsulation. The endpoint routers (DTEs) do care
about the encapsulation.
577
LMI
• The most important LMI message is the LMI status
inquiry message. Status messages perform two
key functions:
578
579
LAPF
• A Frame Relay-connected router encapsulates
each Layer 3 packet inside a Frame Relay header
and trailer before it is sent out an access link.
581
DLCI Addressing Details
• The logical path between a pair of DTEs is called a virtual
circuit (VC).
• The data-link connection identifier (DLCI) identifies each
individual PVC.
• When multiple VCs use the same access link, the Frame
Relay switches know how to forward the frames to the
correct remote sites.
582
DLCI=17 B
DLCI=32
DLCI=32
DLCI=16
FR-network
R
DLCI=17
DLCI=16 DLCI=16
DLCI=21 R
Virtual circuit
R Router
B Bridge
583
DLCI Addressing Details
• The difference between layer-2
addressing and DLCI addressing is mainly
because the fact that the header has a
single DLCI field, not both Source and
Destination DLCI fields.
584
Global DLCI Addressing
• Frame Relay DLCIs are locally significant; this
means that the addresses need to be unique
only on the local access link.
• Global addressing is simply a way of choosing
DLCI numbers when planning a Frame Relay
network so that working with DLCIs is much
easier.
• Because local addressing is a fact, global
addressing does not change these rules. Global
addressing just makes DLCI assignment more
obvious.
585
586
Global DLCI Addressing
• The final key to global addressing is that the
Frame Relay switches actually change the DLCI
value before delivering the frame.
• The sender treats the DLCI field as a destination
address, using the destination’s global DLCI in the
header.
• The receiver thinks of the DLCI field as the
source address, because it contains the global
DLCI of the frame’s sender.
587
Layer 3 Addressing
• Cisco’s Frame Relay implementation
defines three different options for
assigning subnets and IP addresses on
Frame Relay interfaces:
– One subnet containing all Frame Relay DTEs
– One subnet per VC
– A hybrid of the first two options
588
One Subnet Containing All Frame
Relay DTEs
• The single-subnet option is typically used
when a full mesh of VCs exists.
589
590
591
One Subnet Per VC
• The single-subnet-per-VC alternative, works better with a
partially meshed Frame Relay network.
592
593
Hybrid Terminology
• Point-to-point subinterfaces are used when a
single VC is considered to be all that is in the
group—for instance, between Routers A and D
and between Routers A and E.
594
595
596
Frame Relay Address Mapping
• Mapping creates a correlation between a Layer-
3 address (IP Address) and its corresponding
Layer-2 address (DLCI in Frame Relay).
597
Mapping Methods
• Mapping can be done either two ways:
• Dynamic Mapping
– Using the Inverse ARP that is enabled by default
on Cisco routers.
• Static Mapping
– Using the frame-relay map command but you
should first disable the inverse arp using the
command no frame-relay inverse-arp
598
599
600
601
Integrated Services Digital
Network (ISDN)
602
© 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0—2-602
603
604
605
LAPD & PPP on D and B
Channels
• LAPD is used as a data-link protocol across an
ISDN D channel.
607
LAPD & PPP on D and B
Channels
• An ISDN switch often requires some form of
authentication with the device connecting to it.
609
DDR (Dial On Demand Routing)
• You can configure DDR in several ways,
including Legacy DDR and DDR dialer profiles.
610
Legacy DDR Operation
1. Route packets out the interface to be dialed.
2. Determine the subset of the packets that
trigger the dialing process.
3. Dial (signal).
4. Determine when the connection is
terminated.
611
612
DDR Step 1: Routing Packets Out the
Interface to Be Dialed
• DDR does not dial until some traffic is directed (routed) out
the dial interface.
• The router needs to route packets so that they are queued
to go out the dial interface. Cisco’s design for DDR defines
that the router receives some user-generated traffic and,
through normal routing processes, decides to route the
traffic out the interface to be dialed.
• The router (SanFrancisco) can receive a packet that must
be routed out BRI0; routing the packet out BRI0 triggers
the Cisco IOS software, causing the dial to occur.
613
DDR Step 2:
Determining the Interesting Traffic
• Packets that are worthy of causing the device to
dial are called interesting packets.
614
DDR Step 3:
Dialing (Signaling)
• Defining the phone number to be dialed.
616
ISDN PRI Configuration
1. Configure the type of ISDN switch to which this
router is connected.
2. Configure the T1 or E1 encoding and framing
options (controller configuration mode).
3. Configure the T1 or E1 channel range for the
DS0 channels used on this PRI (controller
configuration mode).
4. Configure any interface settings (for example,
PPP encapsulation and IP address) on the
interface representing the D channel.
617
618
619
Configuring a T1 or E1 Controller
• Your service provider will tell you what
encoding and framing to configure on the
router. Also, in almost every case, you will
use all 24 DS0 channels in the PRI—23 B
channels and the D channel.
620
DDR With Dialer Profiles
• Dialer profiles pool the physical interfaces
so that the router uses any available B
channel on any of the BRIs or PRIs in the
pool.