P. 1
CCNA Presentation

CCNA Presentation

|Views: 504|Likes:
Published by Amandeep Singh

More info:

Published by: Amandeep Singh on Apr 11, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PPT, PDF, TXT or read online from Scribd
See more
See less

12/12/2012

pdf

text

original

Sections

  • Data Networks
  • Networking Devices
  • Repeater
  • Hub
  • Bridge
  • Workgroup Switch
  • Router
  • LANs, MANs, & WANs
  • Examples of Data Networks
  • Don’t Confuse the Models
  • The Application Layer
  • The Internet Layer
  • The Network Access Layer
  • More on The Transport Layer
  • Flow Control
  • TCP
  • TCP Segment Format
  • UDP
  • UDP Segment Format
  • Well Known Port Numbers
  • Network and Host Addressing
  • Identifying Address Classes
  • Address Class Prefixes
  • Network and Host Division
  • Class A Addresses
  • Class B Addresses
  • Class C Addresses
  • Class D Addresses
  • Class E Addresses
  • IP Address Ranges
  • IPv4
  • Network Address
  • Broadcast Address
  • Network/Broadcast Addresses at the Binary Level
  • Public IP Addresses
  • Private IP Addresses
  • Introduction to Subnetting
  • RARP
  • RAM
  • NVRAM
  • Flash
  • ROM
  • Interfaces
  • Cisco IOS
  • The Purpose of Cisco IOS
  • Router Command Line Interface
  • Setup Mode
  • Step in Router Initialization
  • Router User Interface Modes
  • Overview of Router Modes
  • Router Modes
  • User Mode Commands
  • Privileged Mode Commands
  • CLI Command Modes
  • Configuring a Router’s Name
  • Setting the Clock with Help
  • Message Of The Day (MOTD)
  • The copy run tftp Command
  • The copy tftp run Command
  • Anatomy of an IP Packet
  • Introducing Routing
  • Administrative Distance
  • Configuring Default Routes
  • Verifying Static Route Configuration
  • Trouble Shooting Static Route Configuration
  • Routing Protocols
  • Routed Protocols
  • Categories of Routing Protocols
  • Distance Vector Routing Concepts
  • RIP Characteristics
  • Router Configuration
  • Configuring RIP Example
  • Problem: Counting to Infinity
  • Solution: Define a Maximum
  • Solution: Split Horizon
  • Overview
  • Neighbor Table
  • Topology Table
  • Routing Table
  • EIGRP Data Structure
  • Configuring EIGRP
  • show ip eigrp neighbors
  • show ip eigrp interfaces
  • show ip eigrp topology
  • show ip eigrp topology [active | pending | successors]
  • show ip eigrp topology all-links
  • show ip eigrp traffic
  • What are ACLs?
  • Reasons to Create ACLs
  • Creating ACLs
  • The access-list command
  • ACL Example
  • Basic Rules for ACLs
  • Wildcard Mask Examples
  • The any and host Keywords
  • Verifying ACLs
  • Standard ACLs
  • Extended ACLs
  • Extended ACL Example
  • ip access-group
  • Full Duplex Transmitting
  • Why Segment LANs?
  • Collision Domains
  • Segmentation with Bridges
  • Segmentation with Routers
  • Segmentation with Switches
  • Basic Operations of a Switch
  • Switching Methods
  • Frame Transmission Modes
  • Benefits of Switching
  • How Switches and Bridges Learn Addresses
  • CAM Content Addressable Memory
  • Broadcast Domain
  • The Access Layer
  • Access Layer Switches
  • The Distribution Layer
  • Distribution Layer Switches
  • The Core Layer
  • Core Layer Switches
  • Switch LED Indicators
  • Using Bridging Loops for Redundancy
  • Logical Loop Free Topology Created with STP
  • VLANs
  • VLAN Communication

Data Networks

Sharing data through the use of floppy disks is not an efficient or cost-effective manner in which to operate businesses. Businesses needed a solution that would successfully address the following three problems: • How to avoid duplication of equipment and resources • How to communicate efficiently • How to set up and manage a network Businesses realized that networking technology could increase productivity while saving money.
1

Networking Devices
Equipment that connects directly to a network segment is referred to as a device. These devices are broken up into two classifications. • end-user devices • network devices End-user devices include computers, printers, scanners, and other devices that provide services directly to the user. Network devices include all the devices that connect the enduser devices together to allow them to communicate.
2

Network Interface Card
A network interface card (NIC) is a printed circuit board that provides network communication capabilities to and from a personal computer. Also called a LAN adapter.

3

Repeater
A repeater is a network device used to regenerate a signal. Repeaters regenerate analog or digital signals distorted by transmission loss due to attenuation. A repeater does not perform intelligent routing.

4

Hub
Hubs concentrate connections. In other words, they take a group of hosts and allow the network to see them as a single unit. This is done passively, without any other effect on the data transmission. Active hubs not only concentrate hosts, but they also regenerate signals.

5

Bridge
Bridges convert network transmission data formats as well as perform basic data transmission management. Bridges, as the name implies, provide connections between LANs. Not only do bridges connect LANs, but they also perform a check on the data to determine whether it should cross the bridge or not. This makes each part of the network more efficient.

6

Workgroup Switch
Workgroup switches add more intelligence to data transfer management. Switches can determine whether data should remain on a LAN or not, and they can transfer the data to the connection that needs that data.
7

convert data transmission formats.Router Routers have all capabilities of the previous devices. concentrate multiple connections. Routers can regenerate signals. which allows them to connect LANs that are separated by great distances. 8 . and manage data transfers.They can also connect to a WAN.

9 . The solution was the creation of metropolitan-area networks (MANs) and wide-area networks (WANs). not only within a company. making equipment from different companies compatible. but also from one business to another.LANs. What was needed was a way for information to move efficiently and quickly. MANs. & WANs One early solution was the creation of local-area network (LAN) standards which provided an open set of guidelines for creating network hardware and software.

Examples of Data Networks 10 .

LANs 11 .

12 . IEEE is the prime issuer of standards for wireless networks.Wireless LAN Organizations and Standards In cabled networks.11 standard is Direct Sequence Spread Spectrum (DSSS). A key technology contained within the 802. The standards have been created within the framework of the regulations created by the Federal Communications Commission (FCC).

WANs 13 .

Using VPN. 14 .Virtual Private Network A VPN is a private network that is constructed within a public network infrastructure such as the global Internet. a telecommuter can access the network of the company headquarters through the Internet by building a secure tunnel between the telecommuter’s PC and a VPN router in the headquarters.

15 .

released the OSI reference model in 1984. 16 .Why do we need the OSI Model? To address the problem of networks increasing in size and in number. the International Organization for Standardization (ISO) researched many network schemes and recognized that there was a need to create a network model that would help network builders implement networks that could communicate and work together and therefore.

ISO . The “ISO” acronym is correct as shown.Internetwork Operating System The ISO created the OSI to make the IOS more efficient.International Organization for Standardization OSI . To avoid confusion. some people say “International Standard Organization.Open System Interconnection IOS .Don’t Get Confused.” 17 .

The OSI Reference Model 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical 18 .

Layer 7 .User Data .The Application Layer 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical 19 This layer deal with networking applications. Examples: • Email • Web browsers PDU .

Formatted Data .The Presentation Layer 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical 20 This layer is responsible for presenting the data in the required format which may include: • Encryption • Compression PDU .Layer 6 .

Layer 5 . and terminates sessions between two communicating hosts.Formatted Data 21 .The Session Layer 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical This layer establishes. manages. Example: • Client Software ( Used for logging in) PDU .

Segments 22 . It also is used to insure reliable data transport across the network.The Transport Layer 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical This layer breaks up the data from the sending host and then reassembles it in the receiver. PDU .Layer 4 .

Layer 3 .Packets 23 . Makes “Best Path Determination” decisions based on logical addresses (usually IP addresses). PDU .The Network Layer 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical Sometimes referred to as the “Cisco Layer”.

Layer 2 .The Data Link Layer 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical This layer provides reliable transit of data across a physical link.Frames 24 . PDU . Makes decisions based on physical addresses (usually MAC addresses).

represented as electronic signals. Examples: • CAT5 (what we have) • Coaxial (like cable TV) • Fiber optic PDU .The Physical Layer 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical This is the physical media through which the data.Layer 1 .Bits 25 . is sent from the source host to the destination host.

26 .

S. The U. the historical and technical open standard of the Internet is Transmission Control Protocol / Internet Protocol (TCP/IP).Why Another Model? Although the OSI reference model is universally recognized. even a27 nuclear war. The TCP/IP reference model and the TCP/IP protocol stack make data communication possible between any two computers. at nearly the speed of light. . anywhere in the world. Department of Defense (DoD) created the TCP/IP reference model because it wanted a network that could survive any conditions.

Don’t Confuse the Models 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical Transport Internet Network Access 28 Application .

2 Models Side-By-Side 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical Transport Internet Network Access 29 Application .

issues of representation. 30 .The Application Layer The application layer of the TCP/IP model handles highlevel protocols. encoding. and dialog control.

The Transport Layer The transport layer provides transport services from the source host to the destination host. It constitutes a logical connection between these endpoints of the network. The transport layer data stream provides end-to-end 31 transport services. . Transport protocols segment and reassemble upper-layer applications into the same data stream between endpoints.

32 . Best path determination and packet switching occur at this layer.The Internet Layer The purpose of the Internet layer is to select the best path through the network for packets to travel. The main protocol that functions at this layer is the Internet Protocol (IP).

It the layer that is concerned with all of the issues that an IP packet requires to actually make a physical link to the network media.The Network Access Layer The network access layer is also called the host-tonetwork layer. 33 . and all the details contained in the OSI physical and data-link layers. It includes LAN and WAN details. NOTE: ARP & RARP work at both the Internet and Network Access Layers.

34 .Comparing TCP/IP & OSI Models NOTE: TCP/IP transport layer using UDP does not always guarantee reliable delivery of packets as the transport layer in the OSI model does.

are to transport and regulate the flow of information from the source to the destination. sequencing numbers. End-to-end control and reliability are provided by sliding windows. 35 . Layer 4 of the OSI model. reliably and accurately.Introduction to the Transport Layer The primary duties of the transport layer. and acknowledgments.

It establishes a logical connection between the endpoints of the network. • Transport services include the following basic services: • Segmentation of upper-layer application data • Establishment of end-to-end operations • Transport of segments from one end host to another end host • Flow control provided by sliding windows • Reliability provided by sequence numbers and acknowledgments 36 .More on The Transport Layer The transport layer provides transport services from the source host to the destination host.

A receiving host that is unable to process data as quickly as it arrives could be a cause of data loss. 37 . it tries to ensure that data is not lost.Flow Control As the transport layer sends data segments. Flow control avoids the problem of a transmitting host overflowing the buffers in the receiving host.

resending anything that is not received. The protocols that use TCP include: • FTP (File Transfer Protocol) • HTTP (Hypertext Transfer Protocol) • SMTP (Simple Mail Transfer Protocol) • Telnet 38 .TCP supplies a virtual circuit between end-user applications. TCP is responsible for breaking messages into segments. In a connection-oriented environment. and reassembling messages from the segments. TCP is part of the TCP/IP protocol stack. reassembling them at the destination station. a connection is established between both ends before the transfer of information can begin.TCP Transmission Control Protocol (TCP) is a connection-oriented Layer 4 protocol that provides reliable full-duplex data transmission.

TCP Segment Format 39 .

if needed. Error processing and retransmission must be handled by higher layer protocols. UDP uses no windowing or acknowledgments so reliability. UDP is a simple protocol that exchanges datagrams. The protocols that use UDP include: • TFTP (Trivial File Transfer Protocol) • SNMP (Simple Network Management Protocol) • DHCP (Dynamic Host Control Protocol) • DNS (Domain Name System) 40 . UDP is designed for applications that do not need to put sequences of segments together. is provided by application layer protocols. without acknowledgments or guaranteed delivery.UDP User Datagram Protocol (UDP) is the connectionless transport protocol in the TCP/IP protocol stack.

UDP Segment Format 41 .

Port 80 is used for HTTP or WWW protocols. (Essentially access to the internet.Well Known Port Numbers The following port numbers should be memorized: NOTE: The curriculum forgot to mention one of the most important port numbers.) 42 .

43 .

Accordingly.Network and Host Addressing Using the IP address of the destination network. When the packet arrives at a router connected to the destination network. 44 . a router can deliver a packet to the correct network. every IP address has two parts. the router uses the IP address to locate the particular computer connected to that network.

Identifying Address Classes 45 .

Address Class Prefixes To accommodate different size networks and aid in classifying these networks. IP addresses are divided into groups called classes.This is classful addressing. 46 .

Network and Host Division Each complete 32-bit IP address is broken down into a network part and a host part. 47 . There are 5 IP address classes. A bit or bit sequence at the start of each address determines the class of the address.

Class A IP addresses use only the first octet to indicate the network address.Class A Addresses The Class A address was designed to support extremely large networks. with more than 16 million host addresses available. 48 . The remaining three octets provide for host addresses.

The other two octets specify host addresses.Class B Addresses The Class B address was designed to support the needs of moderate to large-sized networks.A Class B IP address uses the first two of the four octets to indicate the network address. 49 .

This address space was intended to support small networks with a maximum of 254 hosts.Class C Addresses The Class C address space is the most commonly used of the original address classes. 50 .

51 . a single station can simultaneously transmit a single stream of data to multiple recipients. A multicast address is a unique network address that directs packets with that destination address to predefined groups of IP addresses.Class D Addresses The Class D address class was created to enable multicasting in an IP address. Therefore.

no Class E addresses have been released for use in the Internet.Class E Addresses A Class E address has been defined. Therefore. However. the Internet Engineering Task Force (IETF) reserves these addresses for its own research. 52 .

IP Address Ranges The graphic below shows the IP address range of the first octet both in decimal and binary for each IP address class. 53 .

Over the past two decades. unassigned IPv4 network addresses and the increase in the size of Internet routing tables.IPv4 As early as 1992. 54 . the Internet Engineering Task Force (IETF) identified two specific concerns: Exhaustion of the remaining. Two of the more important of these are subnet masks and classless interdomain routing (CIDR). numerous extensions to IPv4 have been developed.

Network Address 55 .

Broadcast Address 56 .

0.255.Network/Broadcast Addresses at the Binary Level An IP address that has binary 0s in all host bit positions is reserved for the network address.255 57 . which identifies the network.75.0.255 150.50.50.0 200.100.75. An IP address that has binary 1s in all host bit positions is reserved for the broadcast address.100. Here are some examples: Class A B C Network Address 100.255 200.0.0 Broadcast Address 100.255.255.0 150. which is used to send data to all hosts on the network.

Originally. 58 . No two machines that connect to a public network can have the same IP address because public IP addresses are global and standardized. All machines connected to the Internet agree to conform to the system.Public IP Addresses Unique addresses are required for each device on a network. Public IP addresses must be obtained from an Internet service provider (ISP) or a registry at some expense. an organization known as the Internet Network Information Center (InterNIC) handled this procedure. InterNIC no longer exists and has been succeeded by the Internet Assigned Numbers Authority (IANA).

As mentioned.Private IP Addresses Private IP addresses are another solution to the problem of the impending exhaustion of public IP addresses. as long as each host within the private network is unique. 59 . public networks require hosts to have unique IP addresses. However. private networks that are not connected to the Internet may use any host addresses.

more efficient and manageable segments. 60 .The ability to decide how to divide the original host portion into the new subnet and host fields provides addressing flexibility for the network administrator.Introduction to Subnetting Subnetting a network means to use the subnet mask to divide the network and break a large network up into smaller. Subnet addresses include the network portion. B. plus a subnet field and a host field. or subnets. or C network masks and there is more flexibility in the network design. the network is not limited to the default Class A. With subnetting.

The 32-Bit Binary IP Address 61 .

Numbers That Show Up In Subnet Masks (Memorize Them!) 62 .

Addressing with Subnetworks 63 .

The administrator manually assigns and tracks IP addresses for each computer. application servers. or server on the intranet. and routers should be assigned static IP addresses. printer.Static Assignment of an IP Address Static assignment works best on small networks. Network printers. 64 .

ARP (Address Resolution Protocol) Host A SIEM ENS NIXDORF ARP Request . 47) .0.Broadcast to all hosts „What is the hardware address for IP address 128.0. 32 How does ARP work? (TI1332EU02TI_0004 The Network Layer.4?“ ARP Reply SIEMENS NIXD F OR SIEM ENS NIXDORF Host B IP Address: 128.10.4 HW Address: 080020021545 65 Fig.10.

47) . 33 The ARP command (TI1332EU02TI_0004 The Network Layer.66 Fig.

67 .RARP Reverse Address Resolution Protocol (RARP) associates a known MAC addresses with an IP addresses. RARP allows the device to make a request to learn its IP address. Devices using RARP require that a RARP server be present on the network to answer RARP requests. A network device. such as a diskless workstation. might know its MAC address but not its IP address.

68 .

The many parts of a router are shown below: 69 . routers need the Internetwork Operating System software (IOS) to run configuration files. Just as computers need operating systems to run software applications. It has the same basic components as a standard desktop PC. routers are designed to perform some very specific functions. However. These configuration files contain the instructions and parameters that control the flow of traffic in and out of the routers.Introduction to Routers A router is a special type of computer.

also called dynamic RAM (DRAM) RAM has the following characteristics and functions: • Stores routing tables • Holds ARP cache • Holds fast-switching cache • Performs packet buffering (shared RAM) • Maintains packet-hold queues • Provides temporary memory for the configuration file of the router while the router is powered on • Loses content when router is powered down or restarted 70 .RAM Random Access Memory.

NVRAM Non-Volatile RAM NVRAM has the following characteristics and functions: • Provides storage for the startup configuration file • Retains content when router is powered down or restarted 71 .

programmable ROM (EEPROM) 72 .Flash Flash memory has the following characteristics and functions: • Holds the operating system image (IOS) • Allows software to be updated without removing and replacing chips on the processor • Retains content when router is powered down or restarted • Can store multiple versions of IOS software Is a type of electronically erasable.

ROM Read-Only Memory ROM has the following characteristics and functions: • Maintains instructions for power-on self test (POST) diagnostics • Stores bootstrap program and basic operating system software • Requires replacing pluggable chips on the motherboard for software upgrades 73 .

Interfaces Interfaces have the following characteristics and functions: • • Connect router to network for frame entry and exit Can be on the motherboard or on a separate module Types of interfaces: • • • • • • • • Ethernet Fast Ethernet Serial Token ring ISDN BRI Loopback Console Aux 74 .

Internal Components of a 2600 Router 75 .

which is the software that controls the routing and switching functions of internetworking devices. 76 .Cisco IOS Cisco technology is built around the Cisco Internetwork Operating System (IOS). A solid understanding of the IOS is essential for a network administrator.

Without an operating system.The Purpose of Cisco IOS As with a computer. a router or switch cannot function without an operating system. It is the embedded software architecture in all of the Cisco routers and is also the operating system of the Catalyst switches. the hardware does not have any capabilities. Cisco calls its operating system the Cisco Internetwork Operating System or Cisco IOS. The Cisco IOS provides the following network services: • Basic routing and switching functions • Reliable and secure access to networked resources 77 • Network scalability .

Router Command Line Interface 78 .

default answers appear in square brackets [ ] following the question. the following options will be displayed: [0] Go to the IOS command prompt without saving this config. 79 Enter your selection [2]: . [2] Save this configuration to nvram and exit. unable to locate a configuration from another source. In the setup mode. When setup is terminated using Ctrl-C. Ctrl-C can be pressed at any time to terminate the process. During the setup process. all interfaces will be administratively shutdown. The purpose of the setup mode is to permit the administrator to install a minimal configuration for a router.Setup Mode Setup is not intended as the mode for entering complex protocol features in the router. Press the Enter key to use these defaults. [1] Return back to the setup without saving this config. When the configuration process is completed in setup mode.

which also indicates the configuration register setting. use the show version command. To see the IOS image and version that is running.Operation of Cisco IOS Software The Cisco IOS devices have three distinct operating environments or modes: • ROM monitor • Boot ROM • Cisco IOS The startup process of the router normally loads into RAM and executes one of these operating environments. The configuration register setting can be used by the system administrator to control the default start up mode for the router. 80 .

Step in Router Initialization 81 .

82 .

The privileged EXEC mode is also known as enable mode. user EXEC mode and privileged EXEC mode.Router User Interface Modes The Cisco command-line interface (CLI) uses a hierarchical structure. As a security feature the Cisco IOS software separates sessions into two access levels. Each configuration mode is indicated with a distinctive prompt and allows only commands that are appropriate for that mode. 83 . This structure requires entry into different modes to accomplish particular tasks.

Overview of Router Modes 84 .

Router Modes 85 .

User Mode Commands 86 .

87 .Privileged Mode Commands NOTE: There are many more commands available in privileged mode.

Global configuration mode commands are used in a router to apply configuration statements that affect the system as a whole. Pressing Ctrl-Z returns the router to all 88 the way back privileged EXEC mode. Other more specific modes are entered depending upon the configuration change that is required.CLI Command Modes All command-line interface (CLI) configuration changes to a Cisco router are made from the global configuration mode. . The following command moves the router into global configuration mode Router#configure terminal Router(config)# (or config t) When specific configuration modes are entered. Typing exit from one of these specific configuration modes will return the router to global configuration mode. the router prompt changes to indicate the current configuration mode.

This task is accomplished in global configuration mode using the following commands: Router(config)#hostname Aman Tokyo(config)# As soon as the Enter key is pressed. the prompt changes from the default host name (Router) to the newly configured host name (which is Tokyo in the 89 example above).Configuring a Router’s Name A router should be given a unique name as one of the first configuration tasks. .

Setting the Clock with Help 90 .

Save changes by issuing the command copy run start 91 . Enter global configuration mode by using the command config t Enter the command banner motd # The message of the day goes here #.Message Of The Day (MOTD) A message-of-the-day (MOTD) banner can be displayed on all connected terminals.

Passwords should always be configured for virtual terminal lines and the console line. The following commands are used to set an optional but recommended password on the console line: Router(config)#line console 0 Router(config-line)#password <password> Router(config-line)#login 92 . Passwords are also used to control access to privileged EXEC mode so that only authorized users may make changes to the configuration file.Configuring a Console Password Passwords restrict access to routers.

Router(config)#line aux 0 Router(config-line)#password <password> Router(config-line)#login 93 .Configuring a Modem Password If configuring a router via a modem you are most likely connected to the aux port. The method for configuring the aux port is very similar to configuring the console port.

75 255.50. Serial 0/1 would be just Serial 1 and f0/0 would be e0.Configuring Interfaces An interface needs an IP Address and a Subnet Mask to be configured. All interfaces are “shutdown” by default.100.100.50.255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#exit Router# On older routers. 94 s = serial e = Ethernet f = fast Ethernet .255.240 Router(config-if)#clock rate 56000 (required for serial DCE only) Router(config-if)#no shutdown Router(config-if)#exit Router(config)#int f0/0 Router(config-if)#ip address 150.25 255. Router#config t Router(config)#interface serial 0/1 Router(config-if)#ip address 200. The DCE end of a serial interface needs a clock rate.

Configuring a Telnet Password A password must be set on one or more of the virtual terminal (VTY) lines for users to gain remote access to the router using Telnet. The following commands are used to set the same password on all of the VTY lines: Router(config)#line vty 0 4 Router(config-line)#password <password> Router(config-line)#login 95 . Typically Cisco routers support five VTY lines numbered 0 through 4.

show int s0/1 – Displays statistics for interface Serial 0/1 show controllers serial – Displays information-specific to the interface hardware show clock – Shows the time set in the router show hosts – Displays a cached list of host names and addresses show users – Displays all users who are connected to the router show history – Displays a history of commands that have been entered show flash – Displays info about flash memory and what IOS files are stored there show version – Displays info about the router and the IOS that is running in RAM show ARP – Displays the ARP table of the router show start – Displays the saved configuration located in NVRAM show run – Displays the configuration currently running in RAM show protocol – Displays the global and interface specific status of any configured 96 Layer 3 protocols .Examining the show Commands There are many show commands that can be used to examine the contents of files in the router and for troubleshooting. The list is considerably longer in privileged EXEC mode than it is in user EXEC mode. In both privileged EXEC and user EXEC modes. the command show ? provides a list of available show commands. show interfaces – Displays all the statistics for all the interfaces on the router.

The copy run tftp Command 97 .

The copy tftp run Command 98 .

99 .

Anatomy of an IP Packet IP packets consist of the data from upper layers plus an IP header. The IP header consists of the following: 100 .

101 .Introducing Routing Routing is the process that a router uses to forward packets toward the destination network. A router makes decisions based upon the destination IP address of a packet. routers must learn the direction to remote networks. In order to make the correct decisions. All devices along the way use the destination IP address to point the packet in the correct direction so that the packet eventually arrives at its destination.

Configuring Static Routes by Specifying Outgoing Interfaces 102 .

Configuring Static Routes by Specifying Next-Hop Addresses 103 .

The range of an AD is 0-255 where smaller numbers are more desireable. A static route can be configured on a router that will only be used when the dynamically learned route has failed.0 172.16.3. simply set the administrative distance higher than that of the dynamic routing protocol being used. The default administrative distance when using next-hop address is 1. while the default administrative distance when using the outgoing interface is 0.4. To use a static route in this manner. 104 .0 255.Administrative Distance The administrative distance is an optional parameter that gives a measure of the reliability of the route.255.1 130 Sometimes static routes are used for backup purposes.255.16. You can statically assign an AD as follows: Router(config)#ip route 172.

0.1 Example using the exit interface: Router(config)#ip route 0.0 0. A default route is actually a special static route that uses this format: ip route 0.0.0.16.0 0.0 0. Example using next hop address: Router(config)#ip route 0.0.4.0 172.0.0.0.0 s0/0 105 .0.0.0.0.0 [next-hop-address | outgoing interface] This is sometimes referred to as a “Quad-Zero” route.0.Configuring Default Routes Default routes are used to route packets with destinations that do not match any of the other routes in the routing table.

106 .Verifying Static Route Configuration After static routes are configured it is important to verify that they are present in the routing table and that routing is working as expected. The show ip route command is used to make sure that the static route is present in the routing table. The command show running-config is used to view the active configuration in RAM to verify that the static route was entered correctly.

Trouble Shooting Static Route Configuration 107 .

Routing Protocols 108 .

Routed Protocols

109

Categories of Routing Protocols
Most routing algorithms can be classified into one of two categories:

• distance vector • link-state
The distance vector routing approach determines the direction (vector) and distance to any link in the internetwork. The link-state approach, also called shortest path first, recreates the exact topology of the entire internetwork.
110

Distance Vector Routing Concepts

111

RIPv1
Distance Vector Routing Protocol, classful Distribution of Routing Tables via broadcast to adjacent routers
Fig. 59 Properties of RIPv1 (TI1332EU02TI_0004 The Network Layer, 81)

Only one kind of metric: Number of Hops Connections with different bandwidth can not be weighted Routing loops can occur -> bad convergence in case of a failure Count to infinity problem (infinity = 16) Maximum network size is limited by the number of hops

112

RIP Characteristics

113

Router Configuration
The router command starts a routing process. The network command is required because it enables the routing process to determine which interfaces participate in the sending and receiving of routing updates. An example of a routing configuration is:

GAD(config)#router rip GAD(config-router)#network 172.16.0.0
The network numbers are based on the network class addresses, not subnet addresses or individual host addresses.
114

Configuring RIP Example

115

Verifying RIP Configuration 116 .

One highly effective command for finding RIP update issues is the debug ip rip command. or split horizons. discontiguous subnets. 117 .The debug ip rip Command Most of the RIP configuration errors involve an incorrect network statement. The debug ip rip command displays RIP routing updates as they are sent and received.

Routing loops can occur when inconsistent routing tables are not updated due to slow convergence in a changing network. Problem: Routing Loops 118 .

Problem: Counting to Infinity 119 .

Solution: Define a Maximum 120 .

Solution: Split Horizon 121 .

This is usually accomplished by setting the hop count to one more than the maximum. 122 .Route Poisoning Route poisoning is used by various distance vector protocols in order to overcome large routing loops and offer explicit information when a subnet or network is not accessible.

All rights reserved. Inc. Cisco Systems.OSPF (Open Shortest Path First) Protocol © 2003. 123 .

– Link-state routers keep track of the following: • Their neighbours • All routers within the same area • Best paths toward a destination 124 .OSPF is a Link-State Routing Protocols – Link-state (LS) routers recognize much more information about the network than their distance-vector counterparts.Consequently LS routers tend to make more accurate decisions.

Link-State Data Structures – Neighbor table: • Also known as the adjacency database (list of recognized neighbors) – Topology table: • Typically referred to as LSDB (routers and links in the area or network) • All routers within an area have an identical LSDB – Routing table: • Commonly named a forwarding database (list of best paths to destinations) 125 .

OSPF overcomes these limitations and proves to be a robust and scalable routing protocol suitable for the networks of today. 126 .OSPF vs. it converges slowly. and it sometimes chooses slow routes because it ignores critical factors such as bandwidth in route determination. RIP RIP is limited to 15 hops.

OSPF Areas 127 .

Area Terminology 128 .

– Routers declare neighbors to be up after checking certain parameters or options in the hello packet. • Maintain two-way state with the other routers (DROTHERs). – Point-to-point WAN links: • Both neighbors become fully adjacent. – LAN links: • Neighbors form an adjacency with the DR and BDR. 129 . – Routing updates and topology information are only passed between adjacent routers.LS Data Structures: Adjacency Database – Routers discover neighbors by exchanging hello packets.

• LSAs are flooded reliably throughout the area or network 130 . using these adjacencies. Once an adjacency is formed: • LS database packets are exchanged to synchronize each other’s LS databases.OSPF Adjacencies Routers build logical adjacencies between each other using the Hello Protocol.

– Best routes are put into the forwarding database. 131 . – Each router in the area places itself into the root of the tree that is built.Open Shortest Path First Calculation •Routers find the best paths to destinations by applying Dijkstra’s SPF algorithm to the link-state database as follows: – Every router in an area has the identical link-state database. – The best path is calculated with respect to the lowest total cost of links to a specific destination.

show ip protocol show ip route 132 .

show ip ospf neighbor detail show ip ospf database 133 .

134 .

EIGRP is often described as a hybrid routing protocol. which is a classful routing protocol. 135 . EIGRP supports CIDR and VLSM. Furthermore. EIGRP can replace Novell Routing Information Protocol (RIP) and AppleTalk Routing Table Maintenance Protocol (RTMP).Overview Enhanced Interior Gateway Routing Protocol (EIGRP) is a Ciscoproprietary routing protocol based on Interior Gateway Routing Protocol (IGRP). improved scalability. offering the best of distance vector and link-state algorithms. EIGRP boasts faster convergence times. Unlike IGRP. serving both IPX and AppleTalk networks with powerful efficiency. Compared to IGRP. and superior handling of routing loops.

EIGRP saves routes that are learned in specific ways. so they can react quickly to changes.EIGRP Concepts & Terminology EIGRP routers keep route and topology information readily available in RAM. EIGRP saves this information in several tables and databases. EIGRP maintains three tables: • Neighbor table • Topology table • Routing table 136 . Like OSPF. Routes are given a particular status and can be tagged to provide additional useful information.

When a neighbor sends a hello packet. it advertises a hold time. There is a neighbor table for each protocol that EIGRP supports. In other words. The hold time is the amount of time a router treats a neighbor as reachable and operational. Each EIGRP router maintains a neighbor table that lists adjacent routers. . if a hello packet is not heard within the hold time.Neighbor Table The neighbor table is the most important table in EIGRP. is informed of the 137 topology change and must recalculate the new topology. which is the EIGRP distance vector algorithm. This table is comparable to the adjacency database used by OSPF. then the hold time expires. When the hold time expires. the Diffusing Update Algorithm (DUAL).

A copy is also placed in the topology table. The information that the router learns from the DUAL is used to determine the successor route. DUAL takes the information supplied in the neighbor table and the topology table and calculates the lowest cost routes to each destination.Topology Table The topology table is made up of all the EIGRP routing tables in the autonomous system. 138 . which is the term used to identify the primary or best route. EIGRP routers can identify and switch to alternate routes quickly. All learned routes to a destination are maintained in the topology table. Every EIGRP router maintains a topology table for each configured network protocol. By tracking this information.

. This information is retrieved from the topology table. There can be up to four successor routes for any particular route. A copy of the successor routes is also placed in the topology table.These routes are identified at the same time the successors are identified.DUAL identifies this route from the information contained in the neighbor and topology tables and places it in the routing table. Multiple feasible successors for a destination can be 139 retained in the topology table although it is not mandatory. Each EIGRP router maintains a routing table for each network protocol. but they are only kept in the topology table.Routing Table The EIGRP routing table holds the best routes to a destination. These can be of equal or unequal cost and are identified as the best loop-free paths to a given destination. A feasible successor (FS) is a backup route. A successor is a route selected as the primary route to use to reach a destination.

Rediscovery occurs if EIGRP routers do not receive hellos from each other for a hold time interval but then re-establish communication. The default hello interval depends on the bandwidth of the interface.EIGRP Data Structure Like OSPF. EIGRP relies on different types of packets to maintain its various tables and establish complex relationships with neighbor routers. called the hello interval. EIGRP routers send hellos to the multicast IP address 224.0.10. and rediscover neighbor routers. On IP networks. verify. The five EIGRP packet types are: • Hello • Acknowledgment • Update • Query • Reply EIGRP relies on hello packets to discover. EIGRP routers send hellos at a fixed but configurable interval. 140 .0.

Configuring EIGRP 141 .

0.Configuring EIGRP Summarization EIGRP automatically summarizes routes at the classful boundary.1. In most cases auto summarization is beneficial because it keeps routing tables as compact as possible. This means that even though RTC is connected only to the subnet 2.0. This is the boundary where the network address ends.0.1. it will advertise that it is connected to the entire Class A network. 142 . as defined by classbased addressing. 2.0.

use the following command: router(config-router)#no auto-summary 143 .Configuring EIGRP no-summary However. To turn off auto-summarization. automatic summarization may not be the preferred option in certain instances.

show ip eigrp neighbors show ip eigrp interfaces 144 .

show ip eigrp topology show ip eigrp topology [active | pending | successors] 145 .

show ip eigrp topology all-links show ip eigrp traffic 146 .

147 .

Some ACL decision points are source and destination addresses. . and upper-layer port numbers. per direction. such as Internet Protocol (IP) and Internetwork Packet Exchange (IPX).What are ACLs? ACLs are lists of conditions that are applied to traffic traveling across a router's interface. or per port 148 basis. Acceptance and denial can be based on specified conditions. ACLs can be configured at the router to control access to a network or subnet. These lists tell the router what types of packets to accept or deny. protocols. ACLs must be defined on a per-protocol. ACLs can be created for all routed network protocols.

but block all telnet traffic. Decide which types of traffic are forwarded or blocked at the router interfaces. 149 . Provide traffic flow control.Reasons to Create ACLs The following are some of the primary reasons to create ACLs: • • • • Limit network traffic and increase network performance. Allow an administrator to control what areas a client can access on a network. Provide a basic level of security for network access. For example: Permit e-mail traffic to be routed. If ACLs are not configured on the router. all packets passing through the router will be allowed onto all parts of the network.

This number identifies the type of access list created and must fall within the specific range of numbers that is valid for that type of list. extended. IPX. When configuring ACLs on a router. and others. Standard IP: 1300-1999 Extended IP: 2000-2699 150 .Creating ACLs ACLs are created in the global configuration mode. There are many different types of ACLs including standard. AppleTalk. each ACL must be uniquely identified by assigning a number to it. Since IP is by far the most popular routed protocol. addition ACL numbers have been added to newer router IOSs.

The access-list command 151 .

The ip access-group command { in | out } 152 .

ACL Example 153 .

• Outbound filters do not affect traffic originating from the local router. if no match is found then the packet is denied. • Access list entries should filter in the order from specific to general. • Extended IP access lists should be applied closest to the source. • Standard IP access lists should be applied closest to the destination. • Statements are processed sequentially from the top of list to the bottom until a match is found. • Never work with an access list that is actively applied. It is not possible to selectively add and remove lines with numbered ACLs. • There is an implicit deny at the end of all access lists. and groups or general filters should come last.Basic Rules for ACLs These basic rules should be followed when creating and applying access lists: • One access list per protocol per direction. • Use the inbound or outbound interface reference as if looking at the port from inside the router. • A no access-list x command will remove the whole list. 154 . • New lines are always added to the end of the access list. This will not appear in the configuration listing. Specific hosts should be denied first.

wildcard masks are ORed with IP addresses. You will see that while subnet masks were ANDed with ip addresses. In the examples that follow Cisco has chosen to represent the binary 1s in the wilcard masks with Xs to focus on the specific bits being shown in each example. While subnet masks start with binary 1s and end with binary 0s. 155 . or IP address ranges. .Wildcard Mask Examples 5 Examples follow that demonstrate how a wildcard mask can be used to permit or deny certain IP addresses. wildcard masks are the reverse meaning they typically start with binary 0s and end with binary 1s.

The any and host Keywords 156 .

show access-list 1 shows just access-list 1. 157 .Verifying ACLs There are many show commands that will verify the content and placement of ACLs on the router. The show access-lists command displays the contents of all ACLs on the router. The show running-config command will also reveal the access lists on a router and the interface assignment information. The show ip interface command displays IP interface information and indicates whether any ACLs are set.

The standard version of the access-list global configuration command is used to define a standard ACL with a number in the range of 1 to 99 (also from 1300 to 1999 in recent IOS). based on the network. (This only works with Standard ACLs and is the same thing as using host.0. the default mask is used.0. If there is no wildcard mask. The comparison will result in either permit or deny access for an entire protocol suite.0. subnet. which is 0. and host addresses.) The full syntax of the standard ACL command is: Router(config)#access-list access-list-number {deny | permit} source [source-wildcard ] [log] The no form of this command is used to remove a standard ACL. This is the syntax: 158 Router(config)#no access-list access-list-number .Standard ACLs Standard ACLs check the source address of IP packets that are routed.

The syntax for the extended ACL statement can get very long and often will wrap in the terminal window. Extended ACLs use an access-list-number in the range 100 to 199 (also from 2000 to 2699 in recent IOS). greater than (gt).Extended ACLs Extended ACLs are used more often than standard ACLs because they provide a greater range of control. not equal (neq). and less than (lt). At the end of the extended ACL statement. equal (eq). that the extended ACL will perform on specific protocols. The wildcards also have the option of using the host or any keywords in the command. additional precision is gained from a field that specifies the optional Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port number. 159 . Logical operations may be specified such as. Extended ACLs check the source and destination packet addresses as well as being able to check for protocols and port numbers.

Well Known Port Numbers Don’t forget that WWW or HTTP is 80 160 .

255 any eq http 161 .50. etc.0 0.255 any eq 80 or access-list 101 permit tcp 200.255 any eq www or access-list 101 permit tcp 200. ftp. but not allow any other protocols like email.100.0 0.0.0.0.0.100.Extended ACL Example This extended ACL will allow people in network 200.50.0.0 0.0.50.50. access-list 101 permit tcp 200.100.0 to surfing the internet.100.

ip access-group The ip access-group command links an existing standard or extended ACL to an interface. Remember that only one ACL per interface. per protocol is allowed. per direction. The format of the command is: Router(config-if)#ip access-group access-list-number {in | out} 162 .

50.) Router(config)# int e0 Router(config-if)# ip access-group 1 in or Router(config-if)# ip access-group 1 out 163 .0 or Router(config)# access-list 1 permit host 200.50.23 (The implicit “deny any” ensures that everyone else is denied.0.100.100.50.23 0.Permitting a Single Host Router(config)# access-list 1 permit 200.100.23 or Router(config)# access-list 1 permit 200.0.

but totally irrelevant.) Router(config)# int e0 Router(config-if)# ip access-group 1 in or Router(config-if)# ip access-group 1 out 164 .50.Denying a Single Host Router(config)# access-list 1 deny 200.255.100.0 Router(config)# access-list 1 permit 0.0.100.23 0.50.255.0.0.0 255.23 Router(config)# access-list 1 permit any (The implicit “deny any” is still present.0.255 or Router(config)# access-list 1 deny host 200.

) Router(config)# int e0 Router(config-if)# ip access-group 1 in or Router(config-if)# ip access-group 1 out 165 .0.0 0.0.0.0.0 0.75.Permitting a Single Network Class C Router(config)# access-list 1 permit 200.0.50.255.0.255 (The implicit “deny any” ensures that everyone else is denied.255 or Class B Router(config)# access-list 1 permit 150.255.100.255 or Class A Router(config)# access-list 1 permit 13.0 0.255.

0 0.0.255.0.255.) 166 . but totally irrelevant.0.50.255 Router(config)# access-list 1 permit any or Class B Router(config)# access-list 1 deny 150.0 0.255 Router(config)# access-list 1 permit any (The implicit “deny any” is still present.75.0.255.100.255 Router(config)# access-list 1 permit any or Class A Router(config)# access-list 1 deny 13.0.0 0.Denying a Single Network Class C Router(config)# access-list 1 deny 200.0.

15 Router(config)# access-list 1 permit 200.0.0.0.100.100.50.255.100.50.0.50.0/28 Desired Subnet: 3rd Process: 32-28=4 2^4 = 16 1st Usable Subnet address range it 200.240 Inverse Mask is 0.100.255.0.16-31 2nd Usable Subnet address range it 200.Permitting a Class C Subnet Network Address/Subnet Mask: 200.48-63 Subnet Mask is 255.48 0.15 (The implicit “deny any” ensures that everyone 167 is denied.50.50.32-47 3rd Usable Subnet address range it 200.63 to get 0.50.15 or subtract 200.48 from 200.0.) else .50.100.100.100.

224 Inverse Mask is 0.68.32-63 2nd Usable Subnet address range it 192.68.0.31 or subtract 192.255.Denying a Class C Subnet Network Address/Subnet Mask: 192.31 Router(config)# access-list 1 permit any (The implicit “deny any” is still present.68.0. but totally irrelevant.0.95 to get 0.72.72.72.64 0.72.72.68.) 168 .0.68.0.255.64-95 Subnet Mask is 255.68.0/27 Undesired Subnet: 2nd Process: 32-27=5 2^5=32 1st Usable Subnet address range it 192.31 Router(config)# access-list 1 deny 192.0.64 from 192.72.

255.129.0.75.75.75.0.75.129.Permitting a Class B Subnet Network Address/Subnet Mask: 150.0.129.255.0.) else .255 Router(config)# access-list 1 permit 150.0.0 Inverse Mask is 0.255 to get 0. 129th Usable Subnet address range it 150.75.0.255 (The implicit “deny any” ensures that everyone 169 is denied.0 0.0.0-255 Subnet Mask is 255.129.255 or subtract 150.0/24 Desired Subnet: 129th Process: Since exactly 8 bits are borrowed the 3rd octet will denote the subnet number.0 from 150.

0 0.88.255 2nd Usable Subnet address range it 160.88.88.88.0/22 Undesired Subnet: 50th Process: 32-22=10 (more than 1 octet) 10-8=2 2^2=4 1st Usable Subnet address range it 160.203.88.88.203.255.7.4.0-160.255 170 Router(config)# access-list 1 permit any .200.0.3.88.200.252.3.255 50 * 4 = 200 50th subnet is 160.255 Subnet Mask is 255.88.255 to get 0.200.Denying a Class B Subnet Network Address/Subnet Mask: 160.0.0 from 160.0 Inverse Mask is 0.0.0-160.8.0.11.255 or subtract 160.0-160.88.255 Router(config)# access-list 1 deny 160.3.88.

0 0.255.0.255 171 (The implicit “deny any” ensures that everyone else is denied.208.) .255 or subtract 111.0-111.255 Subnet Mask is 255.240.255.0/12 Desired Subnet: 13th Process: 32-12=20 20-16=4 2^4=16 1st Usable Subnet address range is 111.0 from 111.0.255.16.15.0.15.255.255.223.0-111.0 Inverse Mask is 0.0.0.208.0.208.255 to get 0.15.31.255 13*16=208 13th Usable Subnet address range is 111.0.255.223.255 Router(config)# access-list 1 permit 111.Permitting a Class A Subnet Network Address/Subnet Mask: 111.

1.255 300th Usable Subnet address range is 40.1.255 255th Usable Subnet address range is 40.244.1.0-40.0-40.0.0-40.1.1.0.255.0.0.0 0 0.Denying a Class A Subnet Network Address/Subnet Mask: 40.44.44.0-40.244.0/24 Undesired Subnet: 500th Process: Since exactly 16 bits were borrowed the 2nd and 3rd octet will denote the subnet.255 Router(config)# access-list 1 deny 40.0.1. 1st Usable Subnet address range is 40.255.255 256th Usable Subnet address range is 40.1.0-40.0.1.0.244.0.1.0.255 172 Router(config)# access-list 1 permit any .0.255 500th Usable Subnet address range is 40.

0.100.50.255 0.50.0.255.0.0 0.255 or access-list 101 permit ip 200.Permit Source Network access-list 101 permit ip 200.100.0.255 any Implicit deny ip any any 173 .0.0.255.0 255.0 0.

255.255 0.0 0.255 access-list 101 permit ip 0.0.255.0 255.50.0.0.Deny Source Network access-list 101 deny ip 200.0.255.255.0.255 0.0 255.255 any access-list 101 permit ip any any Implicit deny ip any any is present but irrelevant.0.0.0 255.100.50.0.255.0 0.255 or access-list 101 deny ip 200.100.0.0. 174 .255.

255 Implicit deny ip any any 175 .0 255.0.Permit Destination Network access-list 101 permit ip 0.255 or access-list 101 permit ip any 200.0.0 0.50.50.255 200.0 0.100.0.0.100.255.0.255.0.

0 255.Deny Destination Network access-list 101 deny ip 0.0 0.255 access-list 101 permit ip 0.255.255.0 255.100.0.255 0.255.255.100.0.0.0.0.50.255 or access-list 101 deny ip any 200.0 255. 176 .50.0.0 0.255 200.255.255 access-list 101 permit ip any any Implicit deny ip any any is present but irrelevant.0.0.0.0.255.

100.255.255 200.0.0.100.255 Implicit deny ip any any To allow 2 way traffic between the networks add this statement: access-list 101 permit ip 150.75.50.0.75.50.0 0.Permit one Source Network to another Destination Network Assume the only traffic you want is traffic from network 200.0 to network 150.0.255 150.255.75.0.0 0.0.0 access-list 101 permit ip 200.50.0.0 0.0 0.100.0.0.255 177 .

0 access-list 101 deny ip 200.0 0.0.255 178 .50.75.0.0 0.255 access-list 101 permit ip any any To deny 2 way traffic between the networks add this statement: access-list 101 deny ip 150.50.0.255 150.255.255.0.Deny one Source Network to another Destination Network Assume you want to allow all traffic EXCEPT from network 200.0.100.0 0.0.75.0.0.255 200.0.0 0.75.0 to network 150.50.100.100.

access-list 101 deny tcp any any eq 21 access-list 101 permit ip any any or access-list 101 deny tcp any any eq ftp access-list 101 permit ip any any 179 .Deny FTP Assume you do not want anyone FTPing on the network.

Deny Telnet Assume you do not want anyone telnetting on the network. access-list 101 deny tcp any any eq 23 access-list 101 permit ip any any or access-list 101 deny tcp any any eq telnet access-list 101 permit ip any any 180 .

. access-list 101 deny tcp any any eq 80 access-list 101 permit ip any any or access-list 101 deny tcp any any eq www access-list 101 permit ip any any 181 You can also use http instead of www.Deny Web Surfing Assume you do not want anyone surfing the internet.

0.0 0.255.0.0 • Subnetwork 100.100.100.0 0.0.100.100.75.0.255 50.0.0/24 is not allowed to surf the internet access-list 101 deny tcp 200.100.0.75.255 eq 23 access-list 101 deny tcp any any eq 23 access-list 101 deny tcp 100.0 0.100.0.0.0 0.255.0 may telnet to network 50.255 any eq 21 access-list 101 permit tcp 150.50.0 is allowed to FTP anywhere • Only hosts from network 150.255.0.255 any eq 80 182 access-list 101 permit ip any any .0.0.Complicated Example #1 Suppose you have the following conditions: • No one from Network 200.50.

255 150.0.100.0 0.255.50.0.0.0.255.100.50.0.255 eq 25 access-list 101 permit tcp 200.100.50.50.0.0.0 0.50.0.255 eq 110 access-list 101 deny tcp any any smtp access-list 101 deny tcp any any pop3 183 access-list 101 permit ip any any .0.25 access-list 101 permit tcp 200.0.100.255 200.100.255 eq 25 access-list 101 permit tcp 150.0. • Email server send/receive Protocol: SMTP.0.0. port 110 This example assumes the your Email server is at addresses 200.75.0. ftp. You wish to place no restriction on other protocols like web surfing.Complicated Example #2 Suppose you are the admin of network 200.0 0. port 25 • User Check Email Protocol: POP3.0 0.50. telnet.100.0.255 200.75.0 0. You want to permit Email only between your network and network 150. etc.75.0 0.

NAT Network Address Translator 184 Fig. 3 NAT (TI1332EU02TI_0003 New Address Concepts. 7) .

2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts.New addressing concepts Problems with IPv4 Shortage of IPv4 addresses Allocation of the last IPv4 addresses is forecasted for the year 2005 Address classes were replaced by usage of CIDR. but this is not sufficient Short term solution NAT: Network Address Translator Long term solution IPv6 = IPng (IP next generation) Provides an extended address range 185 Fig. 5) .

4 How does NAT work? (TI1332EU02TI_0003 New Address Concepts. 9) .NAT: Network Address Translator NAT Translates between local addresses and public ones Many private hosts share few global addresses Private Network Uses private address range (local addresses) Local addresses may not be used externally Public Network Uses public addresses Public addresses are globally unique 186 Fig.

5 Translation mechanism (TI1332EU02TI_0003 New Address Concepts. 9) .realm with private addresses translate reserve pool map realm with public addresses To be translated NAT exclude exclude NAT Router 187 Fig.

188 Fig.free NAT Pool A timeout value (default 15 min) instructs NAT how long to keep an association in an idle state before returning the external IP address to the free NAT pool. 8 How does NAT know when to return the public IP address to the pool? (TI1332EU02TI_0003 New Address Concepts. 15) .

typically the Internet.NAT Addressing Terms • Inside Local – The term “inside” refers to an address used for a host inside an enterprise. 189 . • Inside Global – NAT uses an inside global address to represent the inside host as the packet is sent through the outside network. It is the actual IP address assigned to a host in the private enterprise network. – A NAT router changes the source IP address of a packet sent by an inside host from an inside local address to an inside global address as the packet goes from the inside to the outside network.

NAT Addressing Terms • Outside Global – The term “outside” refers to an address used for a host outside an enterprise. – A NAT router changes a packet’s destination IP address. – An outside global is the actual IP address assigned to a host that resides in the outside network. sent from an outside global address to an inside host. typically the Internet. • Outside Local – NAT uses an outside local address to represent the outside host as the packet is sent through the private enterprise network. as the packet goes from the outside to the inside network. the Internet. 190 .

50.30.0 LAN Net A 10.5 191 Fig.20.5 Router Router B Router Router LAN Net B 192.50.0 10.WAN Router Router A with NAT Router SA = 193.50.0.50.20.10 DA = 192.0.10.50.4 DA = 192.20.47.5 SA = 10.10 192. 7 An example for NAT (TI1332EU02TI_0003 New Address Concepts.10. 13) .47.20.

76.10 DA = 138.29.4 DA =138.76.76.0.0.4 Router SA = 138. 21) .29.7 SA = 138.76.28.0/8 10. 11 An example for NAPT (TI1332EU02TI_0003 New Address Concepts.28.0.0.29.28.76.0.WAN NAT with WAN interface: 138.4 Router 138.76.7 DA = 10.0.10 SA = 138.29.0.76.76.0.29.7 Net A 10.7 DA = 138.7 Router SA = 10.10 192 Fig.

which are – Static NAT – Dynamic NAT – Overloading NAT with PAT (NAPT) 193 .Types Of NAT • There are different types of NAT that can be used.

Static NAT • With static NAT. the NAT router simply configures a one-to-one mapping between the private address and the registered address that is used on its behalf. 194 .

Static NAT 195 .

the NAT router creates a one-to-one mapping between an inside local and inside global address and changes the IP addresses in packets as they exit and enter the inside network. the mapping of an inside local address to an inside global address happens dynamically.Dynamic NAT • Like static NAT. • However. 196 .

the router simply discards the packet. 197 . • The dynamic entry in the NAT table stays in there as long as traffic flows occasionally. but all the pooled IP addresses are in use. • If a new packet arrives. and it needs a NAT entry.Dynamic NAT • Dynamic NAT sets up a pool of possible inside global addresses and defines criteria for the set of inside local IP addresses whose traffic should be translated with NAT.

Static NAT 198 Fig. 5) . 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts.

Static NAT Configuration • To form NAT table Router(config)#IP Nat inside source static [inside local source IP address] [inside global source IP address] • Assign NAT to an Interface Router(config)#Interface [Serial x/y] Router(config-if)#IP NAT [Inside] • See Example 199 Fig. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts. 5) .

200 Fig. the NAT router creates a one-to-one mapping between an inside local and inside global address and changes the IP addresses in packets as they exit and enter the inside network. 5) . the mapping of an inside local address to an inside global address happens dynamically. • However.Dynamic NAT • Like static NAT. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts.

the router simply discards the packet. and it needs a NAT entry. 2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts. but all the pooled IP addresses are in use. 201 Fig. • The dynamic entry in the NAT table stays in there as long as traffic flows occasionally.Dynamic NAT • Dynamic NAT sets up a pool of possible inside global addresses and defines criteria for the set of inside local IP addresses whose traffic should be translated with NAT. • If a new packet arrives. 5) .

2 Address shortage and possible solutions (TI1332EU02TI_0003 New Address Concepts. 5) .Dynamic NAT Configuration • Specify inside addresses to be translated Router(config)#IP Nat inside source list [standard Access List number] pool [NAT Pool Name] • Specify NAT pool Router(config)#IP Nat pool [NAT Pool Name] [First inside global address] [Last inside global address] netmask [subnet mask] • Assign NAT to an Interface Router(config)#Interface [Serial x/y] Router(config-if)#IP NAT [Inside] • See Example 202 Fig.

203 .

Ethernet Access with Hubs 204 .

Ethernet Access with Bridges 205 .

Ethernet Access with Switches 206 .

Today's LAN 207 .

Full Duplex Transmitting Full-duplex Ethernet allows the transmission of a packet and the reception of a different packet at the same time. 208 . This produces a potential 20 Mbps throughput. The full-duplex Ethernet switch takes advantage of the two pairs of wires in the cable by creating a direct connection between the transmit (TX) at one end of the circuit and the receive (RX) at the other end. Full-duplex Ethernet offers 100% of the bandwidth in both directions. Ethernet usually can only use 50%-60% of the available 10 Mbps of bandwidth because of collisions and latency. This connection is considered point-to-point and is collision free. This simultaneous transmission and reception requires the use of two pairs of wires in the cable and a switched connection between each node.

Why Segment LANs? 209 .

Collision Domains 210 .

Segmentation with Bridges 211 .

Segmentation with Routers 212 .

Segmentation with Switches 213 .

Switching accomplishes this by reducing traffic and increasing bandwidth. and FDDI LANs. Token Ring. Switching equipment performs the following two basic operations: • Switching data frames • Maintaining switching operations 214 .Basic Operations of a Switch Switching is a technology that decreases congestion in Ethernet. LAN switches are often used to replace shared hubs and are designed to work with existing cable infrastructures.

3. In a properly functioning network. Fragment-Free Fragment-free switching filters out collision fragments before forwarding begins. 2. Filters are applied before the frame is forwarded. This mode decreases the latency of the transmission. Most reliable and also most latency especially when frames are large. Cut-Through The frame is forwarded through the switch before the entire frame is received. but also reduces error detection. At a minimum the frame destination address must be read before the frame can be forwarded. 215 .Switching Methods 1. Store-and-Forward The entire frame is received before any forwarding takes place. collision fragments must be smaller than 64 bytes. Anything > 64 bytes is a valid packet and is usually received without error. Collision fragments are the majority of packet errors.

Frame Transmission Modes 216 .

Benefits of Switching 217 .

the bridge or switch learns which addresses belong to the devices connected to each port.How Switches and Bridges Learn Addresses Bridges and switches learn in the following ways: • Reading the source MAC address of each received frame or datagram • Recording the port on which the MAC address received. was In this way. 218 .

. If the comparison yields a match. the port is provided.CAM Content Addressable Memory CAM is used in switch applications: • To take out and process the address information from incoming data packets • To compare the destination address with a table of addresses stored within it The CAM stores host MAC addresses and associated port numbers. The CAM compares the received destination MAC address against the CAM table contents. and switching control 219 forwards the packet to the correct port and address.

Shared vs. Dedicates Bandwidth If a hub is used. If a hub is connected to a switch port. If a workstation or server is directly connected to a switch port. then bandwidth is dedicated. bandwidth is shared between all devices connected to the hub. 220 . then the full bandwidth of the connection to the switch is available to the connected computer. If a switch is used. bandwidth is shared.

Microsegmentation of a Network 221 .

Microsegmentation 222 .

3 Methods of Communication 223 .

Routers are Layer 3 devices. Routers do not propagate broadcasts. the broadcast domain is increased. Routers are used to segment both collision and broadcast domains. 224 . This happens because all devices in the broadcast domain must receive and process the broadcast frame.Switches & Broadcast Domains When two switches are connected. The overall result is a reduction in available bandwidth.

Broadcast Domain

225

226

Overview
To design reliable, manageable, and scalable networks, a network designer must realize that each of the major components of a network has distinct design requirements. Good network design will improve performance and also reduce the difficulties associated with network growth and evolution. The design of larger LANs includes identifying the following: • An access layer that connects end users into the LAN • A distribution layer that provides policy-based connectivity between end-user LANs • A core layer that provides the fastest connection between the distribution points Each of these LAN design layers requires switches that are best suited for specific tasks. 227

The Access Layer
The access layer is the entry point for user workstations and servers to the network. In a campus LAN the device used at the access layer can be a switch or a hub. Access layer functions also include MAC layer filtering and microsegmentation. Layer 2 switches are used in the access layer.

228

Access Layer Switches
Access layer switches operate at Layer 2 of the OSI model The main purpose of an access layer switch is to allow end users into the network. An access layer switch should provide this functionality with low cost and high port density. The following Cisco switches are commonly used at the access layer: • Catalyst 1900 series • Catalyst 2820 series • Catalyst 2950 series • Catalyst 4000 series • Catalyst 5000 series
229

The Distribution Layer
The distribution layer of the network is between the access and core layers. Networks are segmented into broadcast domains by this layer. Policies can be applied and access control lists can filter packets. The distribution layer isolates network problems to the workgroups in which they occur. The distribution layer also prevents these problems from affecting the core layer. Switches in this layer operate at Layer 2 and Layer 3.

230

Distribution Layer Switches
The distribution layer switch must have high performance. The distribution layer switch is a point at which a broadcast domain is delineated. It combines VLAN traffic and is a focal point for policy decisions about traffic flow. For these reasons distribution layer switches operate at both Layer 2 and Layer 3 of the OSI model. Switches in this layer are referred to as multilayer switches. These multilayer switches combine the functions of a router and a switch in one device. The following Cisco switches are suitable for the distribution layer: • Catalyst 2926G • Catalyst 5000 family • Catalyst 6000 family 231

232 . The core can be designed to use Layer 2 or Layer 3 switching. Providing a core infrastructure with redundant alternate paths gives stability to the network in the event of a single device failure. This layer of the network design should not perform any packet manipulation. Asynchronous Transfer Mode (ATM) or Ethernet switches can be used. Packet manipulation. such as access list filtering. would slow down the process.The Core Layer The core layer is a high-speed switching backbone.

cost. In a network design. Provided that the distance between the core layer switches is not too great. core. Core layer switches are designed to provide efficient Layer 3 functionality when needed. the core layer can be a routed. the switches can use Ethernet technology.Core Layer Switches The switches in this layer can make use of a number of Layer 2 technologies. Factors such as need. and performance should be considered before a choice is made. or Layer 3. The following Cisco switches are suitable for the core layer: • Catalyst 6500 series • Catalyst 8500 series • IGX 8400 series • Lightstream 1010 233 .

234 .

as well as specialized ports for the purpose of management. Several switches from the Cisco Catalyst 2950 series are shown in graphic to the right. They simply connect or disconnect from a power source. A switch can be managed by connecting to the console port to view and make changes to the configuration. Switches typically have no power switch to turn them on and off.Physical Startup of the Catalyst Switch Switches are dedicated. Switches usually have several ports for the purpose of connecting hosts. which contain a CPU. 235 . RAM. specialized computers. and an operating system.

The Port Status LEDs have different meanings. The switch has the following LEDs: • • • • System LED Remote Power Supply (RPS) LED Port Mode LED Port Status LEDs The System LED shows whether the system is receiving power and functioning correctly. These lights are called light-emitting diodes (LEDs). The Mode LEDs indicate the current state of the Mode button. .Switch LED Indicators The front panel of a switch has several lights to help monitor system activity and performance. depending on the current 236 value of the Mode LED. The RPS LED indicates whether or not the remote power supply is in use.

Verifying Port LEDs During Switch POST Once the power cable is connected. the switch initiates a series of tests called the power-on self test (POST). POST runs automatically to verify that the switch functions correctly. The System LED indicates the success or failure of POST. 237 .

Connecting a Switch to a Computer 238 .

. When this command is entered at the system prompt.Examining Help in the Switch CLI The command-line interface (CLI) for Cisco switches is very similar to the CLI for Cisco routers. This form of help is called command syntax help. a list of commands available for the current command mode is displayed. The help command is very flexible and essentially functions the same way it does in a router CLI. because it provides applicable keywords or arguments based on a partial 239 command. The help command is issued by entering a question mark (?).

The default mode is User EXEC mode. which ends in a pound-sign character (#). perform basic tests. The enable command is used to change from User EXEC mode to Privileged EXEC mode.Switch Command Modes Switches have several command modes. . The configure command allows other command modes to be 240 accessed. and display system information. The commands available in User EXEC mode are limited to those that change terminal settings. which ends in a greater-than character (>).

Show Commands in User-Exec Mode 241 .

Setting Switch Hostname Setting Passwords on Lines 242 .

243 .

multiple frame transmissions. The Spanning-Tree Protocol is used in switched networks to create a loop free logical topology from a physical topology that has loops. and MAC address database instability. Therefore network redundancy requires careful planning and monitoring to function properly. Redundant topologies based on switches and bridges are susceptible to broadcast storms. 244 .Overview Redundancy in a network is extremely important because redundancy allows networks to be fault tolerant.

multiple frame copies. Switches will flood frames for unknown destinations until they learn the MAC addresses of the devices. A redundant switched topology may cause broadcast storms. Switches learn the MAC addresses of devices on their ports so that data can be properly forwarded to the destination. If port 1 fails on Switch A then traffic can still flow through port 1 on Switch B. traffic can still flow from Segment 2 to Segment 1 and to the router through Switch B. In the graphic. 245 .Redundant Switched Topologies Networks with redundant paths and devices allow for more network uptime. and MAC address table instability problems. if Switch A fails.

Broadcasts and multicasts frames are flooded out all ports. This is called a broadcast storm. Multicasts are treated as broadcasts by the switches. The network will appear to be down or extremely slow. The switches continue to propagate broadcast traffic over and over. except the one on which the frame was received. This will continue until one of the switches is disconnected. 246 .Broadcast Storms Broadcasts and multicasts can cause problems in a switched network.

Also assume that Host X still has the MAC address of Router Y in its ARP cache and sends a unicast frame to Router Y. 247 . The router receives the frame because it is on the same segment as Host X. Assume that the MAC address of Router Y has been timed out by both switches. Switch A does not have the MAC address of the Router Y and will therefore flood the frame out its ports. This is a cause of unnecessary processing in all devices. Switch B then floods the frame it received causing Router Y to receive multiple copies of the same frame. Switch B also does not know which port Router Y is on.Multiple Frame Transmissions In a redundant switched network it is possible for an end device to receive multiple frames.

when it is actually on a different port. Switch A and Switch B will also receive the frame and will send it out port 1. The frame to Router Y is flooded on port 1 of both switches. Switches A & B learn the MAC address of Host X on port 0. When Router Y sends a frame to Host X. but the switches have incorrectly learned that Host X is on port 1. Host X sends a frame directed to Router Y. This is unnecessary.MAC Database Instability A switch can incorrectly learn that a MAC address is on one port. In this example the MAC address of Router Y is not in the MAC address table of either switch. 248 . Switches A and B see this information on port 1 and incorrectly learn the MAC address of Host X on port 1.

Using Bridging Loops for Redundancy 249 .

Logical Loop Free Topology Created with STP 250 .

Shortest path is based on cumulative link costs.1 Ethernet bridges and switches can implement the IEEE 802.Spanning Tree Protocol . 251 .1D Spanning-Tree Protocol and use the spanning-tree algorithm to construct a loop free shortest path network. Link costs are based on the speed of the link.

called the root bridge/switch. The Spanning-Tree Protocol requires network devices to exchange messages to detect bridging loops. is called a Bridge Protocol Data Unit (BPDU). 252 . The message that a switch sends. The resulting tree originates from the root bridge/switch. The Spanning-Tree Protocol constructs a topology that has one path for reaching every network node.Spanning Tree Protocol .2 The Spanning-Tree Protocol establishes a root node. allowing the formation of a loop free logical topology. Links that will cause a loop are put into a blocking state.

it assumes it is the root switch and sends BPDUs. These BPDUs contain the switch MAC address in both the root and sender BID. the spanning-tree algorithm is used to identify the root bridge. BPDUs are sent out with the Bridge ID (BID). The BID consists of a bridge priority that defaults to 32768 and the switch base MAC address. is to identify the root bridge. . As a switch receives a BPDU with a lower root BID it replaces that in the BPDUs that are sent out. All bridges see these and decide that the bridge with the smallest BID value will be the root bridge.Selecting the Root Bridge The first decision that all switches in the network make. A network administrator may want to influence the decision by setting 253 the switch priority to a smaller value than the default. When a switch is turned on. The position of the root bridge in a network will affect the traffic flow. When a switch first starts up.

This bridge is called the “designated switch”. Non-designated ports are blocked. for each LAN segment. 254 . the designated ports. The designated switch handles all communication from that LAN towards the root bridge. this is the interface that gives the best path to the root switch.BDPUs BPDUs contain enough information so that all switches can do the following: • Select a single switch that will act as the root of the spanning tree • Calculate the shortest path from itself to the root switch • Designate one of the switches as the closest one to the root. • Select ports that are part of the spanning tree. • Each non-root switch choose one of its ports as its root port.

for every switched network the following elements exist: • One root bridge per network • One root port per non root bridge • One designated port per segment • Unused. non-designated ports Root ports and designated ports are used for forwarding (F) data traffic. 255 . it has converged and there is one spanning tree per network.Spanning Tree Operation When the network has stabilized. Non-designated ports discard data traffic. As a result. Non-designated ports are called blocking (B) or discarding ports.

Spanning Tree Port States 256 .

Blocked ports will only receive BPDUs. Forwarding ports send and receive data traffic and BPDUs. plus the listening forward delay of 15 seconds. This convergence is made up of the max-age of 20 seconds. When the network topology changes. .Spanning Tree Recalculation A switched internetwork has converged when all the switch and bridge ports are in either the forwarding or blocked state. and the learning forward 257 delay of 15 seconds. switches and bridges recompute the Spanning Tree and cause a disruption of user traffic.1D standard can take up to 50 seconds. Convergence on a new spanning-tree topology using the IEEE 802.

Rapid STP Designations 258 .

259 .

This limits the size of the broadcast domains and uses the router to determine whether one VLAN can talk to another VLAN. NOTE: This is the only way a switch can break up a broadcast domain! 260 .VLANs VLAN implementation combines Layer 2 switching and Layer 3 routing technologies to limit both collision domains and broadcast domains. Communication between VLANs can occur only through the router. A physical port association is used to implement VLAN assignment. VLANs can also be used to provide security by creating the VLAN groups according to function and by using routers to communicate between VLANs.

Setting up VLAN Implementation 261 .

VLAN Communication 262 .

VLAN Membership Modes • VLAN membership can either be static or dynamic. 263 .

Static VLANs • All users attached to same switch port must be in the same VLAN. 264 .

Configuring VLANs in Global Mode Switch#configure terminal Switch(config)#vlan 3 Switch(config-vlan)#name Vlan3 Switch(config-vlan)#exit Switch(config)#end 265 .

. Exiting.Configuring VLANs in VLAN Database Mode Switch#vlan database Switch(vlan)#vlan 3 VLAN 3 added: Name: VLAN0003 Switch(vlan)#exit APPLY completed. 266 ...

Deleting VLANs in Global Mode Switch#configure terminal Switch(config)#no vlan 3 Switch(config)#end 267 .

Exiting....Deleting VLANs in VLAN Database Mode Switch#vlan database Switch(vlan)#no vlan 3 VLAN 3 deleted: Name: VLAN0003 Switch(vlan)#exit APPLY completed. 268 .

Assigning Access Ports to a VLAN Switch(config)#interface gigabitethernet 1/1 • Enters interface configuration mode Switch(config-if)#switchport mode access • Configures the interface as an access port Switch(config-if)#switchport access vlan 3 • Assigns the access port to a VLAN 269 .

Gi0/2 2 VLAN0002 active 51 VLAN0051 active 52 VLAN0052 active … VLAN ---1 2 51 52 … Type ----enet enet enet enet SAID ---------100001 100002 100051 100052 MTU ----1500 1500 1500 1500 Parent -----RingNo -----BridgeNo -------Stp ---BrdgMode -------Trans1 -----1002 0 0 0 Trans2 -----1003 0 0 0 Remote SPAN VLANs -----------------------------------------------------------------------------Primary Secondary Type Ports 270 ------. Fa0/2. Fa0/5.-------------------------------.----------------. Fa0/9.--------.------------------------------1 default active Fa0/1.------------------------------------------ .Verifying the VLAN Configuration Switch#show vlan [id | name] [vlan_num | vlan_name] VLAN Name Status Ports ---. Fa0/7 Fa0/8. Fa0/11. Fa0/12 Gi0/1.--------.

Verifying the VLAN Port Configuration Switch#show running-config interface {fastethernet | gigabitethernet} slot/port • Displays the running configuration of the interface Switch#show interfaces [{fastethernet | gigabitethernet} slot/port] switchport • Displays the switch port configuration of the interface Switch#show mac-address-table interface interface-id [vlan vlan-id] [ | {begin | exclude | include} expression] • Displays the MAC address table information for the specified interface in the specified VLAN 271 .

0—2-272 .Implementing VLAN Trunks 272 © 2003. BCMSN v2. Inc. Cisco Systems. All rights reserved.

VLAN Trunking 273 .

Importance of Native VLANs 274 .

client does not see the header – Effective between switches.ISL Encapsulation – Performed with ASIC – Not intrusive to client stations. and between routers and switches 275 .

ISL and Layer 2 Encapsulation 276 .

Configuring ISL Trunking Switch(config)#interface fastethernet 2/1 • Enters interface configuration mode Switch(config-if)#switchport mode trunk • Configures the interface as a Layer 2 trunk Switch(config-if)#switchport trunk encapsulation [isl|dot1q] • Selects the encapsulation 277 .

1002-1005 VLANs in spanning tree forwarding state and not pruned 1-2.1002-1005 278 .Verifying ISL Trunking Switch#show running-config interface {fastethernet | gigabitethernet} slot/port Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ] Switch#show interfaces fastethernet 2/1 trunk Port Fa2/1 Port Fa2/1 Port Fa2/1 Port Fa2/1 Mode desirable Encapsulation isl Status trunking Native VLAN 1 VLANs allowed on trunk 1-1005 VLANs allowed and active in management domain 1-2.

1Q Trunking 279 .802.

15.11.1Q Trunking Switch(config)#interface fastethernet 5/8 Switch(config-if)#shutdown Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk allowed vlan 1.Configuring 802.1002-1005 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport nonegotiate Switch(config-if)#no shutdown 280 .

1Q Trunking Switch#show running-config interface {fastethernet | gigabitethernet} slot/port Switch#show interfaces [fastethernet | gigabitethernet] slot/port [ switchport | trunk ] Switch#show interfaces gigabitEthernet 0/1 switchport Name: Gi0/1 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 . .Verifying 802. . 281 .

Cisco Systems.0—2-282 . Inc.Implementing VLAN Trunk Protocol 282 © 2003. All rights reserved. BCMSN 2.

VTP Protocol Features – Advertises VLAN configuration information – Maintains VLAN configuration consistency throughout a common administrative domain – Sends advertisements on trunk ports only 283 .

change. and deletes VLANs locally only • Forwards advertisements • Does not synchronize VLAN configurations • Saves configuration in NVRAM 284 . modifies. and deletes VLANs • Sends and forwards advertisements • Synchronizes VLAN configurations • Saves configuration in NVRAM • Cannot create.VTP Modes • Creates. or delete VLANs • Forwards advertisements • Synchronizes VLAN configurations • Does not save in NVRAM • Creates. modifies.

285 . • VTP advertisements are sent every 5 minutes or when there is a change.VTP Operation • VTP advertisements are sent as multicast frames. • VTP servers and clients are synchronized to the latest update identified revision number.

286 . and broadcast is flooded only toward any switch with ports assigned to the red VLAN.VTP Pruning • Increases available bandwidth by reducing unnecessary flooded traffic • Example: Station A sends broadcast.

– Add all new configurations to switch in transparent mode and check your configuration well then convert it to Server mode to prevent the switch from propagating incorrect VLAN information.VTP Configuration Guidelines – Configure the following: • • • • VTP domain name VTP mode (server mode is the default) VTP pruning VTP password – Be cautious when adding a new switch into an existing domain. – Add a new switch in a Client mode to get the last up-to-date information from the network then convert it to Server mode. 287 .

Configuring a VTP Server Switch(config)#vtp server • Configures VTP server mode Switch(config)#vtp domain domain-name • Specifies a domain name Switch(config)#vtp password password • Sets a VTP password Switch(config)#vtp pruning • Enables VTP pruning in the domain 288 .

Switch(config)#vtp domain Lab_Network Setting VTP domain name to Lab_Network Switch(config)#end 289 .) Switch#configure terminal Switch(config)#vtp server Setting device to VTP SERVER mode.Configuring a VTP Server (Cont.

0.Verifying the VTP Configuration Switch#show vtp status Switch#show vtp status VTP Version : 2 Configuration Revision : 247 Maximum VLANs supported locally : 1005 Number of existing VLANs : 33 VTP Operating Mode : Client VTP Domain Name : Lab_Network VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by 0.0 at 8-12-99 15:04:49 Switch# 290 .0.

--------------------------Fa5/8 43071 42766 5 291 .---------------.) Switch#show vtp counters Switch#show vtp counters VTP statistics: Summary advertisements received Subset advertisements received Request advertisements received Summary advertisements transmitted Subset advertisements transmitted Request advertisements transmitted Number of config revision errors Number of config digest errors Number of V1 summary errors : : : : : : : : : 7 5 0 997 13 3 0 0 0 VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------.Verifying the VTP Configuration (Cont.---------------.

292 .

Contents • • • • • Remote access overview WAN Connection Types Defining WAN Encapsulation Protocols Determining the WAN Type to Use OSI Layer-2 Point-to-Point WANs – PPP – HDLC – Frame Relay 293 .

294 .Remote Access Overview • A WAN is a data communications network covering a relatively broad geographical area. • A network administrator designing a remote network must weight issues concerning users needs such as bandwidth and cost of the variable available technologies.

WAN Connection Types 295 .

through the DCE switch. allowing DTE networks to communicate at any time with no setup procedures before transmitting data. No data can transfer before the end-to-end connection is established.WAN Connection Types • Leased lines – It is a pre-established WAN communications path from the CPE. to the CPE of the remote site. 296 . • Circuit switching – Sets up line like a phone call.

then you will need to get a leased line.25 are packet switching technologies.WAN Connection Types • Packet switching – WAN switching method that allows you to share bandwidth with other companies to save money. if you have constant data transfers. – However. As long as you are not constantly transmitting data and are instead using bursty data transfers. – Frame Relay and X. 297 . packet switching can save you a lot of money.

Defining WAN Encapsulation Protocols
• Each WAN connection uses an encapsulation protocol to encapsulate traffic while it crossing the WAN link. • The choice of the encapsulation protocol depends on the underlying WAN technology and the communicating equipment.
298

Defining WAN Encapsulation Protocols
• Typical WAN encapsulation types include the following:
– – – – – – Point-to-Point Protocol (PPP) Serial Line Internet Protocol (SLIP) High-Level Data Link Control Protocol (HDLC) X.25 / Link Access Procedure Balanced (LAPB) Frame Relay Asynchronous Transfer Mode (ATM)
299

Determining the WAN Type to Use
• Availability
– Each type of service may be available in certain geographical areas.

• Bandwidth
– Determining usage over the WAN is important to evaluate the most cost-effective WAN service.

• Cost
– Making a compromise between the traffic you need to transfer and the type of service with the available cost that will suit you.
300

Determining the WAN Type to Use
• Ease of Management
– Connection management includes both the initial start-up configuration and the outgoing configuration of the normal operation.

• Application Traffic
– Traffic may be as small as during a terminal session , or very large packets as during file transfer.

301

Max. WAN Speeds for WAN Connections
WAN Type Asynchronous Dial-Up X.25, ISDN – BRI ISDN – PRI Leased Line / Frame Relay Maximum Speed 56-64 Kbps 128 Kbps E1 / T1 E3 / T3
302

OSI Layer-2 Point-to-Point WANs
• WAN protocols used on Point-to-Point serial links provide the basic function of data delivery across that one link. • The two most popular data link protocols used today are Point-to-Point Protocol (PPP) and High-Level Data Link Control (HDLC).
303

HDLC
• HDLC performs OSI Layer-2 functions. • It determines when it is appropriate to use the physical medium. • Ensures that the correct recipient receives and processes the data that is sent. • Determines whether the sent data was received correctly or not (error detection).
304

305 .HDLC • HDLC Frame Format • The original HDLC didn’t include any Protocol Type field. every company (including Cisco) added its own field. so it became a proprietary protocol that can be used between only Cisco routers.

and tests the data link connection. – Network Control Protocols (NCPs) that establishes and configure different network layer protocols.Point-to-Point Protocol (PPP) • PPP is a standard encapsulation protocol for the transport of different Network Layer protocols (including. 306 . • It has the following main functional components – Link Control Protocol (LCP) that establishes. authenticates. but not limited to. IP).

• PPP is a standard protocol. and so it can be used with all types of routers (not Cisco Proprietary).Point-to-Point Protocol (PPP) • PPP discards frames that do not pass the error check. 307 .

PPP LCP Features • • • • • Authentication Compression Multilink PPP Error Detection Looped Link Detection 308 .

PAP Authentication 309 .

CHAP Authentication 310 .

Compression • Compression enables higher data throughput across the link. 311 . – MPPC (Microsoft Point-to-Point Compression) : allows Cisco routers to compress data with Microsoft clients. – Stacker : it looks at the data stream and only sends each type of data once with information about where the type occurs and then the receiving side uses this information to reassemble the data stream. • Different compression schemes are available: – Predictor : checks if the data was already compressed.

synchronous. and asynchronous interfaces. • This can improve throughput and reduce latency between systems by splitting packets and sending fragments over parallel circuits.PPP Multilink • PPP Multilink provides load balancing over dialer interfaces-including ISDN. 312 .

313 . and according to a predetermined value. the link can be brought down if it is thought that its performance is beyond limits accepted.Error Detection • PPP can take down a link based on the value of what is called LQM (Link Quality Monitor) as it gets the ratio of corrupted packets to the total number of sent packets.

Looped Link Detection • PPP can detect looped links (that are sometimes done by Teleco companies) using what is called Magic Number. then the link is looped. and if packets were received having the same router’s magic number. • Every router will have a magic number. 314 .

password . • To configure Compression – Router(Config-if)#compress [predictor|stack|mppc] 315 ..PPP Configuration Commands • To enable PPP – Router(config-if)#encapsulation ppp • To configure PAP authentication – Router(Config-if)#ppp authentication pap – Router(Config-if)#ppp pap username ..

Cisco Systems. BCMSN v2. Inc. All rights reserved.Frame Relay 316 © 2003.0—2-316 .

Frame Relay Components 317 .

Frame Relay • The switch examines the frame sent by the router that has a header containing an address called DLCI (Data Link Control Identifier) and then switches the frame based on the DLCI till it reaches the router on the other side of the network. 318 .

• The logical path between each pair of routers is called a Virtual Circuit (VC). 319 .Frame Relay • Frame Relay networks use permanent virtual circuits (PVCs) or switched virtual circuits (SVCs) but most nowadays Frame Relay networks use permanent virtual circuits (PVCs). • Each VC is committed to a CIR (Committed Information Rate) which is a guarantee by the provider that a particular VC gets at least this much of BW. • VCs share the access link and the frame relay network.

RS232) Switch Port UNI PVC PVC SVC SVC PBX Video Desktop & LAN Formats packets in frames Network access Frame Relay Network 320 .35.PVC PC CPE Controller Router ISDN dial-up connection or direct connection (V. E1.

The endpoint routers (DTEs) do care about the encapsulation. • The encapsulation defines the headers used by a DTE to communicate some information to the DTE on the other end of a VC. the switch does not care about the encapsulation. 321 . • The switch and its connected router care about using the same LMI.LMI and Encapsulation Types • The LMI is a definition of the messages used between the DTE and the DCE.

If the access link has a problem. Status messages perform two key functions: – Perform a keepalive function between the DTE and DCE. 322 . the absence of keepalive messages implies that the link is down.LMI • The most important LMI message is the LMI status inquiry message. Even though each PVC is predefined. its status can change. – Signal whether a PVC is active or inactive.

ITU. and ANSI. • Each LMI option is slightly different and therefore is incompatible with the other two.LMI • Three LMI protocol options are available in Cisco IOS software: Cisco. 323 .

DE. FECN. 324 . as well as the DLCI.LAPF • A Frame Relay-connected router encapsulates each Layer 3 packet inside a Frame Relay header and trailer before it is sent out an access link. • The LAPF framing provides error detection with an FCS in the trailer. and BECN fields in the header. • The header and trailer are defined by the Link Access Procedure Frame Bearer Services (LAPF) specification.

In the configuration. the encapsulation created by Cisco is called cisco. both DTEs must agree to the encapsulation used.LAPF • DTEs use and react to the fields specified by these two types of encapsulation. Because the frames flow from DTE to DTE. but Frame Relay switches ignore these fields. each VC can use a different encapsulation. 325 . • However. and the other one is called ietf.

the Frame Relay switches know how to forward the frames to the correct remote sites.DLCI Addressing Details • The logical path between a pair of DTEs is called a virtual circuit (VC). • When multiple VCs use the same access link. • The data-link connection identifier (DLCI) identifies each individual PVC. The DLCI is the Frame Relay address describing a Virtual Circuit 326 .

DLCI=32 DLCI=16 R DLCI=17 DLCI=32 DLCI=17 B FR-network DLCI=16 DLCI=16 DLCI=21 R Virtual circuit R B Router Bridge Frame Relay switch 327 .

DLCI Addressing Details
• The difference between layer-2 addressing and DLCI addressing is mainly because the fact that the header has a single DLCI field, not both Source and Destination DLCI fields.

328

Global DLCI Addressing
• Frame Relay DLCIs are locally significant; this means that the addresses need to be unique only on the local access link. • Global addressing is simply a way of choosing DLCI numbers when planning a Frame Relay network so that working with DLCIs is much easier. • Because local addressing is a fact, global addressing does not change these rules. Global addressing just makes DLCI assignment more obvious.
329

Global DLCI Addressing

330

Global DLCI Addressing
• The final key to global addressing is that the Frame Relay switches actually change the DLCI value before delivering the frame. • The sender treats the DLCI field as a destination address, using the destination’s global DLCI in the header. • The receiver thinks of the DLCI field as the source address, because it contains the global DLCI of the frame’s sender.
331

Layer 3 Addressing
• Cisco’s Frame Relay implementation defines three different options for assigning subnets and IP addresses on Frame Relay interfaces:
– One subnet containing all Frame Relay DTEs – One subnet per VC – A hybrid of the first two options

332

One Subnet Containing All Frame Relay DTEs
• The single-subnet option is typically used when a full mesh of VCs exists. • In a full mesh, each router has a VC to every other router, meaning that each router can send frames directly to every other router

333

One Subnet Containing All Frame Relay DTEs

334

One Subnet Containing All Frame Relay DTEs 335 .

336 .One Subnet Per VC • The single-subnet-per-VC alternative. works better with a partially meshed Frame Relay network.

One Subnet Per VC 337 .

338 .Hybrid Terminology • Point-to-point subinterfaces are used when a single VC is considered to be all that is in the group—for instance. B. with Routers A. between Routers A and D and between Routers A and E. and C. • Multipoint subinterfaces are used when more than two routers are considered to be in the same group— for instance.

Hybrid Terminology 339 .

Hybrid Terminology 340 .

• It is used so that after the router receives the packet with the intended IP address could be able to handle it to the right Frame Relay switch (with the appropriate DLCI) 341 .Frame Relay Address Mapping • Mapping creates a correlation between a Layer3 address (IP Address) and its corresponding Layer-2 address (DLCI in Frame Relay).

• Static Mapping – Using the frame-relay map command but you should first disable the inverse arp using the command no frame-relay inverse-arp 342 .Mapping Methods • Mapping can be done either two ways: • Dynamic Mapping – Using the Inverse ARP that is enabled by default on Cisco routers.

Inverse ARP Process 343 .

Frame Relay Configuration 344 .

Frame Relay Verification 345 .

Cisco Systems.0—2-346 .Integrated Services Digital Network (ISDN) 346 © 2003. All rights reserved. BCMSN v2. Inc.

ISDN Protocols 347 .

BRI & PRI B and D Channels 348 .

LAPD & PPP on D and B Channels 349 .

• LAPD provides the data-link protocol that allows delivery of messages across that D channel to the local switch. • Essentially.LAPD & PPP on D and B Channels • LAPD is used as a data-link protocol across an ISDN D channel. 350 . a router with an ISDN interface needs to send and receive signaling messages to and from the local ISDN switch to which it is connected.

and it should react to that Q. the local switch can receive a Q.931 protocol.931 message by setting up a circuit over the public network. So.931 call setup request from a router over the LAPD-controlled D channel. 351 .LAPD & PPP on D and B Channels • The call setup and teardown messages themselves are defined by the Q.

352 . call the service profile identifier (SPID). • Switches use a free-form decimal value.931 call setup messages are accepted. to perform authentication. call setup flows are accepted. before any Q.LAPD & PPP on D and B Channels • An ISDN switch often requires some form of authentication with the device connecting to it. • In short. the switch asks for the configured SPID values. If the values match what is configured in the switch.

PRI Encoding and Framing • ISDN PRI in North America is based on a digital T1 circuit. T1 circuits use two different encoding schemes—Alternate Mark Inversion (AMI) and Binary 8 with Zero Substitution (B8ZS). 353 . In most cases today. • The two options for framing on T1s are to use either Extended Super Frame (ESF) or the older option—Super Frame (SF). new T1s use ESF.

354 . allowing a great deal of flexibility.DDR (Dial On Demand Routing) • You can configure DDR in several ways. including Legacy DDR and DDR dialer profiles. • The main difference between the two is that Legacy DDR associates dial details with a physical interface. whereas DDR dialer profiles disassociate the dial configuration from a physical interface.

Legacy DDR Operation • Route packets out the interface to be dialed. • Determine when the connection is terminated. • Determine the subset of the packets that trigger the dialing process. 355 . • Dial (signal).

Legacy DDR Operation 356 .

decides to route the traffic out the interface to be dialed. causing the dial to occur. routing the packet out BRI0 triggers the Cisco IOS software. • The router (SanFrancisco) can receive a packet that must be routed out BRI0. • The router needs to route packets so that they are queued to go out the dial interface. Cisco’s design for DDR defines that the router receives some user-generated traffic and. 357 . through normal routing processes.DDR Step 1: Routing Packets Out the Interface to Be Dialed • DDR does not dial until some traffic is directed (routed) out the dial interface.

• Two different methods can be used to define interesting packets.DDR Step 2: Determining the Interesting Traffic • Packets that are worthy of causing the device to dial are called interesting packets. interesting is defined as all packets of one or more Layer 3 protocols. 358 . – In the first method. – The second method allows you to define packets as interesting if they are permitted by an access list.

• The dialer map command maps the different dialer numbers to the equivalent IP addresses of the routers to be dialed. 359 . • The command is dialer string . where string is the phone number (used when dialing only one site).DDR Step 3: Dialing (Signaling) • Defining the phone number to be dialed.

when used. provide a basic authentication feature. • When the telco switch has configured SPIDs. it might not allow the BRI line to work unless the router announces the correct SPID values to the switch.Configuring SPIDs • You might need to configure the Service Profile Identifier (SPID) for one or both B channels. SPIDs. 360 . depending on the switch’s expectations.

PPP encapsulation and IP address) on the interface representing the D channel. • Configure any interface settings (for example.ISDN PRI Configuration • Configure the type of ISDN switch to which this router is connected. • Configure the T1 or E1 encoding and framing options (controller configuration mode). 361 . • Configure the T1 or E1 channel range for the DS0 channels used on this PRI (controller configuration mode).

PRI Configuration Commands 362 .

ISDN Switch Types 363 .

364 . you will use all 24 DS0 channels in the PRI—23 B channels and the D channel.Configuring a T1 or E1 Controller • Your service provider will tell you what encoding and framing to configure on the router. Also. in almost every case.

365 .DDR With Dialer Profiles • Dialer profiles pool the physical interfaces so that the router uses any available B channel on any of the BRIs or PRIs in the pool. • Dialer profiles configuration moves most of the DDR interface configuration to a virtual interface called a dialer interface.

Dialer Profiles Configuration 366 .

Dialer Profiles Configuration 367 .

With all my best wishes for you to succeed and distinguish in the CCNA International Exam. Inc. Cisco Systems. Keep In touch © 2003. 368 . All rights reserved.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->