You are on page 1of 144

Asian Institute of Computer Studies

CHAPTER 1
INTRODUCTION

Changes occur everywhere. As we all know, changes is the only constant


thing in this world especially when it comes to technology. It triggers our mind to
do or to find something that makes our life easier. Technology is the most
significant way of living. Like millions of people depend on the computers by
means of internet connections. More people attracted to the outburst of new
and advance devices which absolutely make our work easier and more
convenient, and one of those are the presence of computers in our life with the
use of internet access to them. Internet is one of the most important things in the
lives of people all over the world. Even in remote corners of the world where you
wouldnt imagine people to own computers, still the need of internet access is still
huge. The foremost target of internet has always been the communication, and
internet has excelled beyond the expectations.
In part of this, one of the trend strategies that many businesses had is the
use of Computers and Internet, as great feedbacks their transactions and
operations will be grow easily and really help to their business. In a partial
fulfillment, we create this project entitled NIDEC Precision Philippines LAN
Design Proposal which specifically aims is to build a network into a large area
and to know the purposes of different departments of this company. It also
includes the computations of VLSM and the VLAN. We came into this proposal
for us to be aware and to know the network requirements of different
LAN DESIGN PROPOSAL

Page 1

Asian Institute of Computer Studies


departments in the company. Like for example, the VLAN it separates the
different departments although they have the same infrastructure.
As part of this study, we learned and noticed that making a LAN design is
really needs a deeper study about a certain company and must be aware in the
field of networking. Having computed the VLSM and the other part of this really
needs lot of time.
NIDEC Precision Philippines
Address: 119 East Main Avenue, Laguna Technopark, Special Economic Zone,
Bian, Laguna
Number of employees: approximately 9000
The number of PCs and their department:

DEPARTMENTS:
Incoming Quality Assurance
Human Resources
Accounting
Engineering
Quality Assurance
Sales
Production
Production Control
Suppliers Quality Engineering
Customer Quality Assurance
Process Quality Assurance

NUMBER OF PCs
27
22
22
21
21
21
20
20
15
12
12

Incoming Quality Assurance Department


Functions:

LAN DESIGN PROPOSAL

Page 2

NUMBER OF
VLAN
10
20
30
40
50
60
70
80
85
90
95

Asian Institute of Computer Studies

Lot sampling and accurate inspection of material received from suppliers.


First article inspection of new or revised product/raw material.
Maintaining inspection records, procedures, packaging, and equipment in

compliance with the companys.


Record and publish inspection results and take action on material
disposition per the company process.

Human Resources Department


Functions:
Recruitment
The success of recruiters and employment specialists generally is measured by
the number of positions they fill and the time it takes to fill those positions.
Recruiters who work in-house -- as opposed to companies that provide recruiting
and staffing services -- play a key role in developing the employer's workforce.
They advertise job postings, source candidates, screen applicants, conduct
preliminary interviews and coordinate hiring efforts with managers responsible for
making the final selection of candidates.
Safety
Workplace safety is an important factor. Under the Occupational Safety and
Health Act of 1970, employers have an obligation to provide a safe working
environment for employees. One of the main functions of HR is to support
workplace safety training and maintain federally mandated logs for workplace
injury and fatality reporting. In addition, HR safety and risk specialists often work
closely with HR benefits specialists to manage the company's workers
compensation issues.

Employee Relations

LAN DESIGN PROPOSAL

Page 3

Asian Institute of Computer Studies


In a unionized work environment, the employee and labor relations functions of
HR may be combined and handled by one specialist or be entirely separate
functions managed by two HR specialists with specific expertise in each area. An
employee relation is the HR discipline concerned with strengthening the
employer-employee relationship through measuring job satisfaction, employee
engagement and resolving workplace conflict. Labor relations functions may
include developing management response to union organizing campaigns,
negotiating collective bargaining agreements and rendering interpretations of
labor union contract issues.
Compensation and Benefits
Like employee and labor relations, the compensation and benefits functions of
HR often can be handled by one HR specialist with dual expertise. On the
compensation side, the HR functions include setting compensation structures
and evaluating competitive pay practices. A comp and benefits specialist also
may negotiate group health coverage rates with insurers and coordinate activities
with the retirement savings fund administrator. Payroll can be a component of the
compensation and benefits section of HR; however, in many cases, employers
outsource such administrative functions as payroll.
Compliance
Compliance with labor and employment laws is a critical HR function.
Noncompliance can result in workplace complaints based on unfair employment
practices, unsafe working conditions and general dissatisfaction with working
conditions that can affect productivity and ultimately, profitability. HR staff must
be aware of federal and state employment laws such as Title VII of the Civil
Rights Act, the Fair Labor Standards Act, the National Labor Relations Act and
many other rules and regulations.

Training and Development


LAN DESIGN PROPOSAL

Page 4

Asian Institute of Computer Studies


Employers must provide employees with the tools necessary for their success
which, in many cases, means giving new employees extensive orientation
training to help them transition into a new organizational culture. Many HR
departments also provide leadership training and professional development.
Leadership training may be required of newly hired and promoted supervisors
and managers on topics such as performance management and how to handle
employee relations matters at the department level. Professional development
opportunities are for employees looking for promotional opportunities or
employees who want to achieve personal goals such as finishing a college
degree. Programs such as tuition assistance and tuition reimbursement
programs often are within the purview of the HR training and development area.
Accounting Department
Functions:
While opinions vary and specific details of each position can be all over the
board, the essential roles and duties of virtually any accounting department
should include the following:

Money out making payments and keeping the bills paid


Money in processing incoming payments
Payroll make sure everyone gets paid (including the government)
Reporting preparing financial reports, e.g. P&L, Balance sheets and

budgets
Financial Controls to avoid errors, fraud and theft

Engineering Department
Function:
The Engineering Department is responsible for planning, analyzing and
implementing system extension projects; planning, designing, and construction of
major

facility

replacements;

capital

improvement

projects;

continuing

improvements to system standards; and technical assistance to other


departments.
LAN DESIGN PROPOSAL

Page 5

Asian Institute of Computer Studies


Quality Assurance Department
Function:
The mission of a quality assurance department is o provide an effective and
effectively quality review. It also provides efficient quality assurance system and
counsel for the operational units. Quality Assurance department must be manned
by an adequate number of dedicated, qualified and trained personnel.
Sales Department
Function:
The main function of a sales department is to effect sales. It is concerned with
the transfer of ownership or merchandize on terms satisfactory to both the buyer
and seller.
Production Department
Functions:
The Production Department is responsible for converting inputs into outputs
through the stages of production processes. The production manager is
responsible for making sure that raw materials are provided and made into
finished goods effectively.
There are five production sub-functions:
1. Production and planning
2. Purchasing department
3. The store department
4. The design and technical support department
5. The works department
Production Control Department
LAN DESIGN PROPOSAL

Page 6

Asian Institute of Computer Studies


Functions:

Utilize resources effectively.

Makes flow of production steady.

Estimates production resources.

Maintains necessary stock levels.

Coordinates departmental activities.

Minimizes wastage of resources.

Improves labor efficiency.

Suppliers Quality Engineering Department


Functions:
Take full responsibility for the audit, control and measurement of the companies
material suppliers. The role will ensure that the company receive top quality
product and service at all times and will investigate root cause and make
recommendations on how to proceed with suppliers who do not meet that
requirement.
Customer Quality Assurance Department
Function:
To deliver products and services that offer reliability and peace of mind to
customers.
Process Quality Assurance Department
Functions:

LAN DESIGN PROPOSAL

Page 7

Asian Institute of Computer Studies

Identify issues in process compliance and collaborate to resolve

issues.
Provide insight to process improvement team members on potential

process improvement.
Perform formal test of products to ensure systems meet quality
standards.

CHAPTER 2
CONCEPTUAL FRAMEWORK
LAN DESIGN PROPOSAL

Page 8

Asian Institute of Computer Studies

CONFIGURING A NETWORK OPERATING SYSTEM


Introduction to Cisco IOS
Home networks typically interconnect a wide variety of end devices including
PCs, laptops, tablets, smartphones, smart TVs, Digital Living Network Alliance
(DLNA) compliant network media players, such as the Xbox 360 or PlayStation 3,
and more.
All of these end devices are usually connected to a home router. Home routers
are actually four devices in one:
Router - Forwards data packets to and receives data packets from the Internet
Switch - Connects end devices using network cables
Wireless access point - Consists of a radio transmitter capable of connecting
end devices wirelessly
Firewall appliance - Secures outgoing traffic and restricts incoming traffic in
larger, business networks with significantly more devices and traffic, these
devices are often incorporated as independent, stand-alone devices, providing
dedicated service. End-devices, such as PCs and laptops, are connected to
network switches using wired connections. To send packets beyond the local
network, network switches connect to network routers. Other infrastructure
devices on a network include wireless access points and dedicated security
devices, such as firewalls.

Console Access Method

LAN DESIGN PROPOSAL

Page 9

Asian Institute of Computer Studies


There are several ways to access the CLI environment. The most common
methods are:

Console
Telnet or SSH
AUX port

Console
The console port is a management port that provides out-of-band access to
Cisco device. Out-of-band access refers to access via a dedicated management
channel that is used for device maintenance purposes only. The advantage of
using a console port is that the device is accessible even if no networking
services have been configured, such as when performing an initial configuration
of the networking device.
Telnet, SSH, and AUX Access Methods
Telnet
Telnet is a method for remotely establishing a CLI session of a device, through a
virtual interface, over a network. Unlike the console connection, Telnet sessions
require active networking services on the device.
SSH
The Secure Shell (SSH) protocol provides a remote login similar to Telnet, except
that it uses more secure network services. SSH provides stronger password
authentication than Telnet and uses encryption when transporting session data.
AUX
The AUX port can also be used locally, like the console port, with a direct
connection to a computer running a terminal emulation program. However, the
console port is preferred over the AUX port for troubleshooting because it
displays startup, debugging, and error messages by default.
Cisco IOS Modes of Operation
LAN DESIGN PROPOSAL

Page 10

Asian Institute of Computer Studies


In hierarchical order from most basic to most specialized, the major modes are:

User executive (User EXEC) mode


Privileged executive (Privileged EXEC) mode
Global configuration mode
Other specific configuration modes, such as interface configuration mode

Primary Modes
The two primary modes of operation are user EXEC mode and privileged EXEC
mode. As a security feature, the Cisco IOS software separates the EXEC
sessions into two levels of access.
Specific Configuration Modes
From the global configuration mode, the user can enter different subconfiguration modes. Each of these modes allows the configuration of a
particular part or function of the IOS device. The list below shows a few of them:

Interface mode - to configure one of the network interfaces (Fa0/0,

S0/0/0)
Line mode - to configure one of the physical or virtual lines (console,
AUX, VTY)

Securing Device Access


The passwords introduced here are:

Enable password - Limits access to the privileged EXEC mode


Enable secret - Encrypted, limits access to the privileged EXEC mode
Console password - Limits device access using the console connection
VTY password - Limits device access over Telnet

IP Addressing of Devices
The use of IP addresses, whether IPv4 or IPv6, is the primary means of enabling
devices to locate one another and establish end-to-end communication on the
Internet.
LAN DESIGN PROPOSAL

Page 11

Asian Institute of Computer Studies


Each end device on a network must be configured with IP addresses. Some
examples of end devices are:

Computers (work stations, laptops, file servers, web servers)


Network printers
VoIP phones
Security cameras
Smart phones
Mobile handheld devices (such as wireless barcode scanners)

Configuring a Switch Virtual Interface


To access the switch remotely, an IP address and a subnet mask must be
configured on the SVI:

IP address - Together with subnet mask, uniquely identifies end device on

the internetwork
Subnet mask - Determines which part of a larger network is used by an
IP address

NETWORK PROTOCOLS AND COMMUNICATIONS


Interaction of Protocols
An example of using the protocol suite in network communications is the
interaction between a web server and a web client.
. Examples of these protocols are:

Application Protocol - Hypertext Transfer Protocol (HTTP) is a protocol

that governs the way a web server and a web client interact.
Transport Protocol - Transmission Control Protocol (TCP) is the
transport protocol that manages the individual conversations between web
servers and web clients. TCP divides the HTTP messages into smaller
pieces, called segments.

LAN DESIGN PROPOSAL

Page 12

Asian Institute of Computer Studies

Internet Protocol - IP is responsible for taking the formatted segments


from TCP, encapsulating them into packets, assigning them the
appropriate addresses, and delivering them across the best path to the

destination host.
Network Access Protocols - Network access protocols describe two
primary functions, communication over a data link and the physical
transmission of data on the network media.

Standards Organizations
Standards organizations are usually vendor-neutral, non-profit organizations
established to develop and promote the concept of open standards.
Standards organizations include:

The Internet Society (ISOC)


The Internet Architecture Board (IAB)
The Internet Engineering Task Force (IETF)
The Institute of Electrical and Electronics Engineers (IEEE)
The International Organization for Standardization (ISO)

Protocol Data Units (PDUs)


A better approach is to divide the data into smaller, more manageable pieces to
send over the network.
The PDUs are named according to the protocols of the TCP/IP suite:

Data - The general term for the PDU used at the application layer
Segment - Transport layer PDU
Packet - Internet layer PDU
Frame - Network access layer PDU
Bits - A PDU used when physically transmitting data over the medium

Encapsulation

LAN DESIGN PROPOSAL

Page 13

Asian Institute of Computer Studies


Data encapsulation is the process that adds additional protocol header
information to the data before transmission. In most forms of data
communications, the original data is encapsulated or wrapped in several
protocols before being transmitted.
De-encapsulation
This process is reversed at the receiving host, and is known as de-encapsulation.
De-encapsulation is the process used by a receiving device to remove one or
more of the protocol headers.
Network Address
The network layer, or Layer 3, logical address contains information required to
deliver the IP packet from the source device to the destination device. A Layer 3
IP address has two parts, the network prefix and the host part. The network prefix
is used by routers to forward the packet to the proper network.
An IP packet contains two IP addresses:

Source IP address - The IP address of the sending device.

Destination IP address - The IP address of the receiving device. The


destination IP address is used by routers to forward a packet to its
destination.

Data Link Address


The data link, or Layer 2, physical address has a different role. The purpose of
the data link address is to deliver the data link frame from one network interface
to another network interface on the same network.

LAN DESIGN PROPOSAL

Page 14

Asian Institute of Computer Studies


The IP packet is encapsulated into a data link frame to be delivered to the
destination network. The source and destination data link addresses are added:

Source data link address - The physical address of the device that is
sending the packet. Initially this is the NIC that is the source of the IP packet.

Destination data link address - The physical address of the network


interface of either the next hop router or the network interface of the
destination device.

NETWORK ACCESS
Physical Layer Media
There are three basic forms of network media. The physical layer produces the
representation and groupings of bits for each type of media as:

Copper cable: The signals are patterns of electrical pulses.


Fiber-optic cable: The signals are patterns of light.
Wireless: The signals are patterns of microwave transmissions.

Encoding
Encoding or line encoding is a method of converting a stream of data bits into a
predefined "code. Codes are groupings of bits used to provide a predictable
pattern that can be recognized by both the sender and the received.
Common network encoding methods include:

Manchester encoding: A 0 is represented by a high to low voltage


transition and a 1 is represented as a low to high voltage transition. This
type of encoding is used in older versions of Ethernet, RFID and Near

Field Communication.
Non-Return to Zero (NRZ): This is a common means of encoding data
that has two states termed zero and one and no neutral or rest position.

LAN DESIGN PROPOSAL

Page 15

Asian Institute of Computer Studies


A 0 may be represented by one voltage level on the media and a 1 might
be represented by a different voltage on the media.
Bandwidth
Bandwidth is the capacity of a medium to carry data. Digital bandwidth measures
the amount of data that can flow from one place to another in a given amount of
time.
The practical bandwidth of a network is determined by a combination of factors:

The properties of the physical media


The technologies chosen for signaling and detecting network signals

Throughput
Throughput is the measure of the transfer of bits across the media over a given
period of time.
Many factors influence throughput including:

The amount of traffic


The type of traffic
The latency created by the number of network devices encountered
between source and destination

Types of Physical Media


The physical layer produces the representation and groupings of bits as voltages,
radio frequencies, or light pulses.
Standards for copper media are defined for the:

Type of copper cabling used


Bandwidth of the communication
Type of connectors used

LAN DESIGN PROPOSAL

Page 16

Asian Institute of Computer Studies

Pinout and color codes of connections to the media


Maximum distance of the media

Copper Media
There are three main types of copper media used in networking:

Unshielded Twisted-Pair (UTP)


Shielded Twisted-Pair (STP)
Coaxial

Properties of UTP Cabling


UTP cable does not use shielding to counter the effects of EMI and RFI. Instead,
cable designers have discovered that they can limit the negative effect of
crosstalk by:

Cancellation: Designers now pair wires in a circuit. When two wires in an


electrical circuit are placed close together, their magnetic fields are the
exact opposite of each other. Therefore, the two magnetic fields cancel

each other out and also cancel out any outside EMI and RFI signals.
Varying the number of twists per wire pair: To further enhance the
cancellation effect of paired circuit wires designers vary the number of
twists of each wire pair in a cable. UTP cable must follow precise
specifications governing how many twists or braids are permitted per
meter (3.28 feet) of cable.

Types of UTP Cable


The following are main cable types that are obtained by using specific wiring
conventions:

Ethernet Straight-through: The most common type of networking cable.


It is commonly used to interconnect a host to a switch and a switch to a
router.

LAN DESIGN PROPOSAL

Page 17

Asian Institute of Computer Studies

Ethernet Crossover: An uncommon cable used to interconnect similar


devices together. For example to connect a switch to a switch, a host to a
host, or a router to a router.

Rollover: A Cisco proprietary cable used to connect to a router or switch


console port.

Media Access Control


The actual media access control method used depends on:

Topology: How the connection between the nodes appears to the data
link layer.

Media sharing: How the nodes share the media. The media sharing can
be point-to-point such as in WAN connections or shared such as in LAN
networks.

Physical and Logical Topologies


LAN and WAN topologies can be viewed in two ways:

Physical topology: Refers to the physical connections and identifies how


end devices and infrastructure devices such as routers, switches, and
wireless access points are interconnected. Physical topologies are usually
point-to-point or star.

Logical topology: Refers to the way a network transfers frames from one
node to the next. This arrangement consists of virtual connections
between the nodes of a network. These logical signal paths are defined by
data link layer protocols.

Common Physical WAN Topologies

LAN DESIGN PROPOSAL

Page 18

Asian Institute of Computer Studies


WANs are commonly interconnected using the following physical topologies:

Point-to-Point: This is the simplest topology which consists of a


permanent link between two endpoints. For this reason, this is a very
popular WAN topology.

Hub and Spoke: A WAN version of the star topology in which a central
site interconnects branch sites using point-to-point links.

Mesh: This topology provides high availability, but requires that every end
system be interconnected to every other system. Therefore the
administrative and physical costs can be significant.

Half and Full Duplex


Data can flow in one of two ways:

Half-duplex communication: Both devices can both transmit and receive


on the media but cannot do so simultaneously.

Full-duplex communication: Both devices can transmit and receive on


the media at the same time.

Physical LAN Topologies

Star
Extended star or hybrid
Bus
Ring

Logical Topology for Shared Media


There are two basic media access control methods for shared media:

LAN DESIGN PROPOSAL

Page 19

Asian Institute of Computer Studies

Contention-based access: All nodes compete for the use of the medium
but have a plan if there are collisions.

Controlled access: Each node has its own time to use the medium.
Figure 2 shows controlled access.

Contention-Based Access
The two commonly used methods are:

Carrier sense multiple access with collision detection (CSMA/CD):


The end device monitors the media for the presence of a data signal.

Carrier sense multiple access with collision avoidance (CSMA/CA):


The end device examines the media for the presence of a data signal.

The Frame
Each frame type has three basic parts:

Header

Data

Trailer

The Header
The frame header contains the control information specified by the data link layer
protocol for the specific logical topology and media used.
The figure displays the Ethernet frame header fields:

Start Frame field: Indicates the beginning of the frame.

LAN DESIGN PROPOSAL

Page 20

Asian Institute of Computer Studies

Source and Destination Address fields: Indicates the source and

destination nodes on the media.


Type field: Indicates the upper layer service contained in the frame.

LAN and WAN Frames


Difference in bandwidth normally results in the use of different protocols for LANs
and WANs.
Common data link layer protocols include:

Ethernet
Point-to-Point Protocol (PPP)
802.11 Wireless

Ethernet Frame
Ethernet is the dominant LAN technology. It is a family of networking
technologies that are defined in the IEEE 802.2 and 802.3 standards.
Ethernet standards define both the Layer 2 protocols and the Layer 1
technologies. Ethernet is the most widely used LAN technology and supports
data bandwidths of 10 Mbps, 100 Mbps, 1 Gbps (1,000 Mbps), or 10 Gbps
(10,000 Mbps).
Wireless Frame
802.11 Wireless
The IEEE 802.11 standard uses the same 802.2 LLC and 48-bit addressing
scheme as other 802 LANs. However, there are many differences at the MAC
sublayer and physical layer. In a wireless environment, the environment requires
special considerations. There is no definable physical connectivity; therefore,
external factors may interfere with data transfer and it is difficult to control
access.
LAN DESIGN PROPOSAL

Page 21

Asian Institute of Computer Studies


ETHERNET
Ethernet is now the predominant LAN technology in the world. Ethernet operates
in the data link layer and the physical layer. The Ethernet protocol standards
define many aspects of network communication including frame format, frame
size, timing, and encoding.
LLC and MAC Sublayers
Ethernet operates in the data link layer and the physical layer. It is a family of
networking technologies that are defined in the IEEE 802.2 and 802.3 standards.
Ethernet supports data bandwidths of:

10 Mb/s

100 Mb/s
1000 Mb/s (1 Gb/s)
10,000 Mb/s (10 Gb/s)
40,000 Mb/s (40 Gb/s)
100,000 Mb/s (100 Gb/s)

LLC sublayer

The Ethernet LLC sublayer handles the communication between the upper

layers and the lower layers. This is typically between the networking software
and the device hardware. LLC is implemented in software, and its
implementation is independent of the hardware. In a computer, the LLC can
be considered the driver software for the NIC.

MAC sublayer

LAN DESIGN PROPOSAL

Page 22

Asian Institute of Computer Studies

MAC constitutes the lower sublayer of the data link layer. MAC is

implemented by hardware, typically in the computer NIC. The specifics are


specified in the IEEE 802.3 standards.

The Ethernet MAC sublayer has two primary responsibilities:

Data encapsulation
Media access control

Data encapsulation

The data encapsulation process includes frame assembly before


transmission, and frame disassembly upon reception of a frame.

Data encapsulation provides three primary functions:

Frame delimiting: The framing process provides important delimiters that


are used to identify a group of bits that make up a frame. This process

provides synchronization between the transmitting and receiving nodes.


Addressing: The encapsulation process also provides for data link layer
addressing. Each Ethernet header added in the frame contains the
physical address (MAC address) that enables a frame to be delivered to a

destination node.
Error detection: Each Ethernet frame contains a trailer with a cyclic
redundancy check (CRC) of the frame contents. After reception of a frame,
the receiving node creates a CRC to compare to the one in the frame. If
these two CRC calculations match, the frame can be trusted to have been
received without error.

Media Access Control

LAN DESIGN PROPOSAL

Page 23

Asian Institute of Computer Studies

Media access control is responsible for the placement of frames on the


media and the removal of frames from the media.

Ethernet Encapsulation

There are two styles of Ethernet framing:

IEEE 802.3 Ethernet standard which has been updated several times to

include new technologies


The DIX Ethernet standard which is now referred to Ethernet II

Introduction to the Ethernet Frame

The primary fields in the Ethernet frame are:

Preamble and Start Frame Delimiter Fields.

Destination MAC Address Field


Source MAC Address Field
Length Field
Data Field
Frame

Check Sequence Field

MAC Addresses and Hexadecimal

Hexadecimal is a word that is used both as a noun and as an adjective.


When used by itself (as a noun) it means the hexadecimal number
system. Hexadecimal provides a convenient way to represent binary
values. Just as decimal is a base ten number system and binary is a base
two number system, hexadecimal is a base sixteen system.

LAN DESIGN PROPOSAL

Page 24

Unicast MAC Address

A unicast MAC address is the unique address used when a frame is sent
from a single transmitting device to a single destination device.

Broadcast MAC Address

A broadcast packet contains a destination IP address that has all ones


(1s) in the host portion. This numbering in the address means that all
hosts on that local network (broadcast domain) will receive and process
the packet.

Multicast MAC Address

Multicast addresses allow a source device to send a packet to a group of


devices. Devices that belong to a multicast group are assigned a multicast
group IP address..

MAC and IP

There are two primary addresses assigned to a host device:

Physical address (the MAC address)

Logical address (the IP address)

Half Duplex

Half-duplex communication relies on unidirectional data flow where


sending and receiving data are not performed at the same time. This is
similar to how walkie-talkies or two-way radios function in that only one
person can talk at any one time.

Full Duplex

In full-duplex communication, data flow is bidirectional, so data can be


sent and received at the same time. The bidirectional support enhances
performance by reducing the wait time between transmissions.

A Cisco Catalyst switch supports three duplex settings:

The full option sets full-duplex mode.


The half option sets half-duplex mode.
The auto option sets autonegotiation of duplex mode. With autonegotiation
enabled, the two ports communicate to decide the best mode of operation.

Types of Layer 3 Interfaces

The major types of Layer 3 interfaces are:

Switch Virtual Interface (SVI) - Logical interface on a switch associated


with a virtual local area network (VLAN).

Routed Port - Physical port on a Layer 3 switch configured to act as a


router port.

Layer 3 EtherChannel - Logical interface on a Cisco device associated


with a bundle of routed ports.

NETWORK LAYER

Network applications and services on one end device can communicate


with applications and services running on another end device.

The network layer uses four basic processes:

Addressing end devices

Encapsulation

Routing

De-encapsulation

Network Layer Protocols

There are several network layer protocols in existence; however, only the
following two are commonly implemented as show in the figure:

Internet Protocol version 4 (IPv4)

Internet Protocol version 6 (IPv6)

Other legacy network layer protocols that are not widely used include:

Novell Internetwork Packet Exchange (IPX)

AppleTalk

Connectionless Network Service (CLNS/DECNet)

Host Forwarding Decision

A host can send a packet to:

Itself - This is a special IP address of 127.0.0.1 which is referred to as the


loopback interface. This loopback address is automatically assigned to a
host when TCP/IP is running. The ability for a host to send a packet to
itself using network functionality is useful for testing purposes.

Local host - This is a host on the same network as the sending host. The
hosts share the same network address.

Remote host - This is a host on a remote network. The hosts do not share
the same network address.

Default Gateway

The local table of the host typically contains:

Direct connection - This is a route to the loopback interface (127.0.0.1).

Local network route - The network which the host is connected to is


automatically populated in the host routing table.

Local default route - The default route represents the route that packets
must take to reach all remote network addresses. The default route is
created when a default gateway address is present on the host.

Remote Network Routing Table Entries

The figure displays a routing table entry on R1 for the route to remote
network 10.1.1.0. The entry identifies the following information:

Route source - Identifies how the route was learned.

Destination network - Identifies the address of the remote network.

Administrative distance - Identifies the trustworthiness of the route


source.

Metric - Identifies the value assigned to reach the remote network. Lower
values indicate preferred routes.

Next-hop - Identifies the IP address of the next router to forward the


packet.

Route timestamp - Identifies when the route was last heard from.

Outgoing interface - Identifies the exit interface to use to forward a


packet toward the final destination.

Router Memory

A router has access to four types of memory: RAM, ROM, NVRAM, and
Flash.

RAM

RAM is used to store various applications and processes including:

Cisco IOS - The IOS is copied into RAM during bootup.

Running configuration file - This is the configuration file that stores the
configuration commands that the router IOS is currently using. It is also
known as the running-config.

IP routing table - This file stores information about directly-connected and


remote networks. It is used to determine the best path to use to forward
packets.

ARP cache - This cache contains the IPv4 address to MAC address
mappings, similar to the Address Resolution Protocol (ARP) cache on a
PC. The ARP cache is used on routers that have LAN interfaces, such as
Ethernet interfaces.

Packet buffer - Packets are temporarily stored in a buffer when received


on an interface or before they exit an interface.

ROM

Cisco routers use ROM to store:

Bootup instructions - Provides the startup instructions.

Basic diagnostic software -Performs the power-on self-test (POST) of all


components.

Limited IOS - Provides a limited backup version of the OS, in case the
router cannot load the full featured IOS.

ROM is firmware embedded on an integrated circuit inside the router and


does not lose its contents when the router loses power or is restarted.

NVRAM

NVRAM is used by the Cisco IOS as permanent storage for the startup
configuration file (startup-config). Like ROM, NVRAM does not lose its
contents when power is turned off.

Flash Memory

Flash memory is non-volatile computer memory used as permanent


storage for the IOS and other system related files. The IOS is copied from
flash into RAM during the bootup process.

LAN and WAN Interfaces

Router interfaces can be grouped into two categories:

Ethernet LAN interfaces - Used for connecting cables that terminate with
LAN devices, such as computers and switches. This interface can also be
used to connect routers to each other.

Serial WAN interfaces - Used for connecting routers to external


networks, usually over a larger geographical distance. Similar to LAN
interfaces, each serial WAN interface has its own IP address and subnet
mask, which identifies it as a member of a specific network.

Bootset Files

A router loads the following two files into RAM when it is booted:

IOS image file - The IOS facilitates the basic operation of the devices
hardware components. The IOS image file is stored in flash memory.

Startup configuration file - The startup configuration file contains


commands that are used to initially configure a router and create the
running configuration file stored in in RAM. The startup configuration file is
stored in NVRAM.

Router Bootup Process

There are three major phases to the bootup process that is shown in
Figure 1:

1. Perform the POST and load the bootstrap program.


2. Locate and load the Cisco IOS software.
3. Locate and load the startup configuration file or enter setup mode.

Configure LAN Interfaces

The interfaces are named as follows:

Gigabit Ethernet 0/0 (G0/0)

Gigabit Ethernet 0/1 (G0/1)

Serial 0/0/0 (S0/0/0)

Serial 0/0/1 (S0/0/1)

To enable a router interface, configure the following:

IPv4 address and subnet mask -Configures the IP address and subnet
mask

using

the ip

address

subnet-mask interface

configuration

command.

Activate the interface - By default, LAN and WAN interfaces are not
activated. The interface must be activated using the no shutdown
command. This is similar to powering on the interface.

Verify Interface Configuration

Other interface verification commands include:

show ip route - Displays the contents of the IPv4 routing table stored in
RAM.

show interfaces - Displays statistics for all interfaces on the device.

show ip interface - Displays the IPv4 statistics for all interfaces on a


router.

TRANSPORT LAYER

Role of the Transport Layer

Tracking Individual Conversations


Segmenting Data and Reassembling Segments
Identifying the Applications

Transmission Control Protocol (TCP)

TCP was initially described in RFC 793. In addition to supporting the basic
functions of data segmentation and reassembly, TCP, as shown in the
figure, also provides:

Connection-oriented conversations by establishing sessions

Reliable delivery

Ordered data reconstruction

Flow control

TCP and UDP Port Addressing

Destination Port

The client places a destination port number in the segment to tell the
destination server what service is being requested.

Source Port

The source port number is randomly generated by the sending device to


identify a conversation between two devices. This allows multiple
conversations to occur simultaneously.

UDP Low Overhead versus Reliability

UDP is a simple protocol that provides the basic transport layer functions.
It has much lower overhead than TCP, because it is not connectionoriented and does not offer the sophisticated retransmission, sequencing,
and flow control mechanisms that provide reliability.

Key application layer protocols that use UDP include:

Domain Name System (DNS)

Simple Network Management Protocol (SNMP)

Dynamic Host Configuration Protocol (DHCP)

Routing Information Protocol (RIP)

Trivial File Transfer Protocol (TFTP)

IP telephony or Voice over IP (VoIP)

Online games

IP ADDRESSING

IPv4 Network, Host and Broadcast Addresses

There are three types of addresses within the address range of each IPv4
network:

Network address

Host addresses

Broadcast address

Unicast Transmission

In an IPv4 network, the hosts can communicate one of three ways:

Unicast - The process of sending a packet from one host to an individual


host

Broadcast - The process of sending a packet from one host to all hosts in
the network

Multicast - The process of sending a packet from one host to a selected


group of hosts, possibly in different networks

Public and Private IPv4 Addresses

Private Addresses

The private address blocks are:

10.0.0.0 to 10.255.255.255 (10.0.0.0/8)

172.16.0.0 to 172.31.255.255 (172.16.0.0/12)

192.168.0.0 to 192.168.255.255 (192.168.0.0/16)

Public Addresses

The vast majority of the addresses in the IPv4 unicast host range are
public addresses. These addresses are designed to be used in the hosts
that are publicly accessible from the Internet. Even within these IPv4
address blocks, there are many addresses that are designated for other
special purposes.

IPv6 Address Types

There are three types of IPv6 addresses:

Unicast - An IPv6 unicast address uniquely identifies an interface on an


IPv6-enabled device. As shown in the figure, a source IPv6 address must
be a unicast address.

Multicast - An IPv6 multicast address is used to send a single IPv6 packet


to multiple destinations.

Anycast - An IPv6 anycast address is any IPv6 unicast address that can
be assigned to multiple devices. A packet sent to an anycast address is
routed to the nearest device having that address.

IPv6 Unicast Addresses

There are six types of IPv6 unicast addresses.

Global unicast
Link-local
Loopback
Unspecified address
Unique local
IPv4 embedded

Structure of an IPv6 Global Unicast Address

A global unicast address has three parts:

Global routing prefix

Subnet ID

Interface ID

Host Configuration

Manually configuring the IPv6 address on a host is similar to configuring


an IPv4 address.

The default gateway address configured for PC1 is 2001:DB8:ACAD:1::1,


the global unicast address of the R1 GigabitEthernet interface on the
same network.

There are two ways in which a device can obtain an IPv6 global unicast
address automatically:

Stateless Address Autoconfiguration (SLAAC)

DHCPv6

EUI-64 Process or Randomly Generated

Ethernet MAC addresses are usually represented in hexadecimal and are


made up of two parts:

Organizationally Unique Identifier (OUI) The OUI is a 24-bit (6


hexadecimal digits) vendor code assigned by IEEE.

Device Identifier The device identifier is a unique 24-bit (6 hexadecimal


digits) value within a common OUI.

Subnets in Use

The following are guidelines for each of the subnets:

Network address - All 0 bits in the host portion of the address.

First host address - All 0 bits plus a right-most 1 bit in the host portion of
the address.

Last host address - All 1 bits plus a right-most 0 bit in the host portion of
the address.

Broadcast address - All 1 bits in the host portion of the address.

Subnetting Formula

Calculating Subnets

Use this formula to calculate the number of subnets:

2^n (where n = the number of bits borrowed)

Calculating Hosts

Use this formula to calculate the number of hosts per network:

2^n (where n = the number of bits remaining in the host field)

VLSM in Practice

Using the VLSM subnets, the LAN and WAN segments can be addressed
without unnecessary waste.

Assigning Addresses within a Network

Within a network, there are different types of devices, including:

End user clients

Servers and peripherals

Hosts that are accessible from the Internet

Intermediary devices

Gateway

APPLICATION LAYER

The application layer is closest to the end user. It is the layer that provides
the interface between the applications we use to communicate and the
underlying network over which our messages are transmitted. Application
layer protocols are used to exchange data between programs running on
the source and destination hosts.

Presentation and Session Layers

The Presentation Layer

The presentation layer has three primary functions:

Formats, or presents, data from the source device into a compatible form
for receipt by the destination device.

Compression of the data in a way that can be decompressed by the


destination device.

Encryption of the data for transmission and the decryption of data upon
receipt by the destination.

The Session Layer

As the name implies, functions at the session layer create and maintain
dialogs between source and destination applications. The session layer
handles the exchange of information to initiate dialogs, keep them active,
and to restart sessions that are disrupted or idle for a long period of time.

TCP/IP Application Layer Protocols

The TCP/IP application protocols specify the format and control


information necessary for many common Internet communication
functions. Among these TCP/IP protocols are:

Domain Name System (DNS) - This protocol resolves Internet names to


IP addresses.

Telnet - This is used to provide remote access to servers and networking


devices.

Simple Mail Transfer Protocol (SMTP) - This protocol transfers mail


messages and attachments.

Dynamic Host Configuration Protocol (DHCP) - A protocol used to


assign an IP address, subnet mask, default gateway, and DNS server
addresses to a host.

Hypertext Transfer Protocol (HTTP)- This protocol transfers files that


make up the web pages of the World Wide Web.

File Transfer Protocol (FTP) - A protocol used for interactive file transfer
between systems.

Trivial File Transfer Protocol (TFTP)- This protocol is used for


connectionless active file transfer.

Bootstrap Protocol (BOOTP) - This protocol is a precursor to the DHCP


protocol. BOOTP is a network protocol used to obtain IP address
information during bootup.

Post Office Protocol (POP) - A protocol used by email clients to retrieve


email from a remote server.

Internet Message Access Protocol (IMAP) - This is another protocol for


email retrieval.

Peer-to-Peer Networks

P2P Networks

In a P2P network, two or more computers are connected via a network


and can share resources (such as printers and files) without having a
dedicated server. Every connected end device (known as a peer) can
function as both a server and a client. One computer might assume the
role of server for one transaction while simultaneously serving as a client
for another.

Application Layer Protocols Revisited

There are dozens of application layer protocols, but on a typical day you
probably use only five or six. Three application layer protocols that are
involved in everyday work or play are:

Hypertext Transfer Protocol (HTTP)

Simple Mail Transfer Protocol (SMTP)

Post Office Protocol (POP)

HTTP and HTTPS

HTTP is used across the World Wide Web for data transfer and is one of
the most used application protocols today.

The HTTP Secure (HTTPS) protocol is used for accessing or posting web
server information.

DNS Message Format

A DNS server provides the name resolution using the Berkeley Internet
Name Domain (BIND), or the name daemon, which is often called named
(pronounced name-dee).

DNS Hierarchy

The DNS protocol uses a hierarchical system to create a database to


provide name resolution. The hierarchy looks like an inverted tree with the
root at the top and branches below. DNS uses domain names to form the
hierarchy.

Dynamic Host Configuration Protocol

The Dynamic Host Configuration Protocol (DHCP) service enables


devices on a network to obtain IP addresses and other information from a
DHCP server.

File Transfer Protocol

FTP requires two connections between the client and the server, one for
commands and replies, the other for the actual file transfer:

The client establishes the first connection to the server for control traffic,
consisting of client commands and server replies.

The client establishes the second connection to the server for the actual
data transfer. This connection is created every time there is data to be
transferred.

INTRODUCTION TO SWITCHED NETWORKS

Elements of a Converged Network

To support collaboration, business networks employ converged solutions


using voice systems, IP phones, voice gateways, video support, and video
conferencing (Figure 1). Including data services, a converged network with
collaboration support may include features such as the following:

Call control - Telephone call processing, caller ID, call transfer, hold, and
conference

Voice messaging - Voicemail

Mobility - Receive important calls wherever you are

Automated attendant - Serve customers faster by routing calls directly to


the right department or individual

Hierarchical Network Layer

Access Layer

The access layer represents the network edge, where traffic enters or
exits the campus network. Traditionally, the primary function of an access
layer switch is to provide network access to the user. Access layer
switches connect to distribution layer switches, which implement network
foundation technologies such as routing, quality of service, and security.

Distribution Layer

The distribution layer interfaces between the access layer and the core
layer to provide many important functions, including:

Aggregating large-scale wiring closet networks

Aggregating Layer 2 broadcast domains and Layer 3 routing boundaries

Providing intelligent switching, routing, and network access policy


functions to access the rest of the network

Providing high availability through redundant distribution layer switches to


the end-user and equal cost paths to the core

Providing differentiated services to various classes of service applications


at the edge of network

Core Layer

The core layer is the network backbone. It connects several layers of the
campus network. The core layer serves as the aggregator for all of the
other campus blocks and ties the campus together with the rest of the
network. The primary purpose of the core layer is to provide fault isolation
and high-speed backbone connectivity.

BASIC SWITCHING CONCEPTS AND CONFIGURATION

Input errors is the sum of all errors in datagrams that were received on
the interface being examined. This includes runts, giants, CRC, no buffer,
frame, overrun, and ignored counts. The reported input errors from
the show interface command include the following:

Runt Frames - Ethernet frames that are shorter than the 64-byte
minimum allowed length are called runts. Malfunctioning NICs are the usual
cause of excessive runt frames, but they can be caused by the same issues
as excessive collisions.

Giants - Ethernet frames that are longer than the maximum allowed
length are called giants. Giants are caused by the same issues as those that
cause runts.

CRC errors - On Ethernet and serial interfaces, CRC errors usually


indicate a media or cable error. Common causes include electrical
interference, loose or damaged connections, or using the incorrect cabling
type. If you see many CRC errors, there is too much noise on the link and
you should inspect the cable for damage and length. You should also search
for and eliminate noise sources, if possible.

The reported output errors from the show interface command include the
following:

Collisions - Collisions in half-duplex operations are completely normal


and you should not worry about them, as long as you are pleased with halfduplex operations. However, you should never see collisions in a properly
designed and configured network that uses full-duplex communication.

Late collisions - A late collision refers to a collision that occurs after 512
bits of the frame (the preamble) have been transmitted. Excessive cable

lengths are the most common cause of late collisions. Another common
cause is duplex misconfiguration.

Network Security Tools and Testing

Network security testing techniques may be manually initiated by the


administrator. Other tests are highly automated. Regardless of the type of
testing, the staff that sets up and conducts the security testing should
have extensive security and networking knowledge. This includes
expertise in the following areas:

Network security

Firewalls

Intrusion prevention systems

Operating systems

Programming

Networking protocols (such as TCP/IP)

Port Security: Violation Modes

It is a security violation when either of these situations occurs:


The maximum number of secure MAC addresses have been added to the
address table for that interface, and a station whose MAC address is not in
the address table attempts to access the interface.

An address learned or configured on one secure interface is seen on


another secure interface in the same VLAN.

VLANS

Vacation Station

According to the local Internet service provider, only three stations may be
offered within a television package. It is your job to decide which television
packages you offer your guests.

Divide the class into groups of three students per group.

Choose three different stations to make one subscription package for each
floor of your rental home.

Complete the PDF for this activity.

Share your completed group-reflection answers with the class

Benefits of VLANs

User productivity and network adaptability are important for business


growth and success. VLANs make it easier to design a network to support
the goals of an organization. The primary benefits of using VLANs are as
follows:

Security - Groups that have sensitive data are separated from the rest of
the network, decreasing the chances of confidential information breaches.

Cost reduction - Cost savings result from reduced need for expensive
network upgrades and more efficient use of existing bandwidth and
uplinks.

Better performance - Dividing flat Layer 2 networks into multiple logical


workgroups (broadcast domains) reduces unnecessary traffic on the
network and boosts performance.

Shrink broadcast domains - Dividing a network into VLANs reduces the


number of devices in the broadcast domain.

Improved IT staff efficiency - VLANs make it easier to manage the


network because users with similar network requirements share the same
VLAN.

Simpler project and application management - VLANs aggregate users


and network devices to support business or geographic requirements.

Voice VLANs

A separate VLAN is needed to support Voice over IP (VoIP). VoIP traffic


requires:

Assured bandwidth to ensure voice quality

Transmission priority over other types of network traffic

Ability to be routed around congested areas on the network

Delay of less than 150 ms across the network

Voice VLAN Tagging

The Cisco IP Phone contains an integrated three-port 10/100 switch. The


ports provide dedicated connections to these devices:

Port 1 connects to the switch or other VoIP device.

Port 2 is an internal 10/100 interface that carries the IP phone traffic.

Port 3 (access port) connects to a PC or other device.

Common Problems with Trunks

Trunking issues are usually associated with incorrect configurations. When


configuring VLANs and trunks on a switched infrastructure, the following
types of configuration errors are the most common:

Native VLAN mismatches - Trunk ports are configured with different


native VLANs. This configuration error generates console notifications,
and causes control and management traffic to be misdirected. This poses
a security risk.

Trunk mode mismatches - One trunk port is configured with trunk mode
off and the other with trunk mode on. This configuration error causes the
trunk link to stop working.

Allowed VLANs on trunks - The list of allowed VLANs on a trunk has not
been updated with the current VLAN trunking requirements. In this
situation, unexpected traffic or no traffic is being sent over the trunk.

VLAN Plan

You are designing a VLAN switched network for your small- to mediumsized business.

Your business owns space on two floors of a high-rise building. The


following elements need VLAN consideration and access for planning
purposes:

Management

Finance

Sales

Human Resources

Network administrator

General visitors to your business location

ROUTING CONCEPTS

Characteristics of a Network

There are many key structures and performance-related characteristics


referred to when discussing networks:

Topology - There are physical and logical topologies. The physical


topology is the arrangement of the cables, network devices, and end
systems. It describes how the network devices are actually
interconnected with wires and cables. The logical topology is the path
over which the data is transferred in a network. It describes how the
network devices appear connected to network users.

Speed - Speed is a measure of the data rate in bits per second (b/s) of a
given link in the network.

Cost - Cost indicates the general expense for purchasing of network


components, and installation and maintenance of the network.

Security - Security indicates how protected the network is, including the
information that is transmitted over the network. The subject of security is

important, and techniques and practices are constantly evolving.


Consider security whenever actions are taken that affect the network.

Availability - Availability is a measure of the probability that the network


is available for use when it is required.

Scalability - Scalability indicates how easily the network can


accommodate more users and data transmission requirements. If a
network design is optimized to only meet current requirements, it can be
very difficult and expensive to meet new needs when the network grows.

Reliability - Reliability indicates the dependability of the components that


make up the network, such as the routers, switches, PCs, and servers.
Reliability is often measured as a probability of failure or as the mean
time between failures (MTBF).

Routers Are Computers

Most network capable devices (i.e., computers, tablets, and smartphones)


require the following components to operate:

Central processing unit (CPU)

Operating system (OS)

Memory and storage (RAM, ROM, NVRAM, Flash, hard drive)


A router is essentially a specialized computer. It requires a CPU and
memory to temporarily and permanently store data to execute operating
system instructions, such as system initialization, routing functions, and
switching functions.

Routers store data using:

Random Access Memory (RAM) - Provides temporary storage for


various applications and processes including the running IOS, the
running configuration file, various tables (i.e., IP routing table, Ethernet
ARP table) and buffers for packet processing. RAM is referred to as
volatile because it loses its contents when power is turned off.

Read-Only Memory (ROM) - Provides permanent storage for bootup


instructions, basic diagnostic software and a limited IOS in case the
router cannot load the full featured IOS. ROM is firmware and referred to
as non-volatile because it does not lose its contents when power is
turned off.

Non-Volatile Random Access Memory (NVRAM) - Provides permanent


storage for the startup configuration file (startup-config). NVRAM is nonvolatile and does not lose its contents when power is turned off.

Flash - Provides permanent storage for the IOS and other systemrelated files. The IOS is copied from flash into RAM during the bootup
process. Flash is non-volatile and does not lose its contents when power
is turned off.

Default Gateways

To enable network access, devices must be configured with IP address


information to identify the appropriate:

IP address - Identifies a unique host on a local network.

Subnet mask - Identifies with which network subnet the host can
communicate.

Default gateway - Identifies the router to send a packet to when the


destination is not on the same local network subnet.

Document Network Addressing

When designing a new network or mapping an existing network, document


the network. At a minimum, the documentation should identify:

Device names

Interfaces used in the design

IP addresses and subnet masks

Default gateway addresses

As the figure shows, this information is captured by creating two useful


network documents:

Topology diagram - Provides a visual reference that indicates the


physical connectivity and logical Layer 3 addressing. Often created using
software, such as Microsoft Visio.

An addressing table - A table that captures device names, interfaces,


IPv4 addresses, subnet masks, and default gateway addresses.

Enable IP on a Host

A host can be assigned IP address information either:

Statically - The host is manually assigned the correct IP address, subnet


mask, and default gateway. The DNS server IP address can also be
configured.

Dynamically - IP address information is provided by a server using the


Dynamic Host Configuration Protocol (DHCP). The DHCP server

provides a valid IP address, subnet mask, and default gateway for end
devices.

Configure Basic Router Settings

When configuring a Cisco switch or router, the following basic tasks


should be performed first:

Name the device - Distinguishes it from other routers.

Secure management access - Secures privileged EXEC, user EXEC,


and Telnet access, and encrypts passwords to their highest level.

Configure a banner - Provides legal notification of unauthorized access.

Routing Decisions

The routing table search results in one of three path determinations:

Directly connected network - If the destination IP address of the packet


belongs to a device on a network that is directly connected to one of the
interfaces of the router, that packet is forwarded directly to the destination
device.

Remote network - If the destination IP address of the packet belongs to a


remote network, then the packet is forwarded to another router. Remote
networks can only be reached by forwarding packets to another router.

No route determined - If the destination IP address of the packet does


not belong to either a connected or remote network, the router determines if
there is a Gateway of Last Resort available.

The Routing Table

Directly connected routes - These routes come from the active router
interfaces. Routers add a directly connected route when an interface is
configured with an IP address and is activated.

Remote routes - These are remote networks connected to other routers.


Routes to these networks can either be statically configured or
dynamically configured using dynamic routing protocols.

Directly connected routes - These routes come from the active router
interfaces. Routers add a directly connected route when an interface is
configured with an IP address and is activated.

Remote routes - These are remote networks connected to other routers.


Routes to these networks can either be statically configured or
dynamically configured using dynamic routing protocols.

Routing Table Sources

On a Cisco IOS router, the show ip route command can be used to


display the IPv4 routing table of a router. A router provides additional route
information, including how the route was learned, how long the route has
been in the table, and which specific interface to use to get to a predefined
destination.

Entries in the routing table can be added as:

Local Route interfaces - Added when an interface is configured and


active. This entry is only displayed in IOS 15 or newer for IPv4 routes and
all IOS releases for IPv6 routes.

Directly connected interfaces - Added to the routing table when an


interface is configured and active.

Static routes - Added when a route is manually configured and the exit
interface is active.

Dynamic routing protocol - Added when routing protocols that


dynamically learn about the network, such as EIGRP or OSPF, are
implemented and networks are identified.

The sources of the routing table entries are identified by a code. The code
identifies how the route was learned. For instance, common codes
include:

L - Identifies the address assigned to a routers interface. This allows the


router to efficiently determine when it receives a packet for the interface
instead of being forwarded.

C - Identifies a directly connected network.

S - Identifies a static route created to reach a specific network.

D - Identifies a dynamically learned network from another router using


EIGRP.

O - Identifies a dynamically learned network from another router using


the OSPF routing protocol.

Remote Network Routing Entries

As a network administrator, it is imperative to know how to interpret the


content of an IPv4 and IPv6 routing table. The figure displays an IPv4
routing table entry on R1 for the route to remote network 10.1.1.0.

The entry identifies the following information:

Route source - Identifies how the route was learned.

Destination network - Identifies the address of the remote network.

Administrative distance - Identifies the trustworthiness of the route


source. Lower values indicate preferred route source.

Metric - Identifies the value assigned to reach the remote network. Lower
values indicate preferred routes.

Next-hop - Identifies the IPv4 address of the next router to forward the
packet to.

Route timestamp - Identifies how much time has passed since the route
was learned.

Outgoing interface - Identifies the exit interface to use to forward a


packet toward the final destination.

IPv4 Routing Protocols

Cisco ISR routers can support a variety of dynamic IPv4 routing protocols
including:

EIGRP - Enhanced Interior Gateway Routing Protocol

OSPF - Open Shortest Path First

IS-IS - Intermediate System-to-Intermediate System

RIP - Routing Information Protocol

INTER-VLAN ROUTING

All Catalyst multilayer switches support the following types of Layer 3


interfaces:

Routed port - A pure Layer 3 interface similar to a physical interface on a


Cisco IOS router.

Switch virtual interface (SVI) - A virtual VLAN interface for inter-VLAN


routing. In other words, SVIs are the virtual-routed VLAN interfaces.

Ping Test- The ping command sends an ICMP echo request to the
destination address. When a host receives an ICMP echo request, it
responds with an ICMP echo reply to confirm that it received the ICMP
echo request.

Tracer Test- Tracer is a useful utility for confirming the routed path taken
between two devices. On UNIX systems, the utility is specified by tracer
route.

To troubleshoot Layer 3 switching issues, the following items should be


checked for accuracy:

VLANs - VLANs must be defined across all the switches. VLANs must be
enabled on the trunk ports. Ports must be in the right VLANs.

SVIs - SVI must have the correct IP address or subnet mask. SVI must
be up. SVI must match with the VLAN number.

Routing - Routing must be enabled. Each interface or network should be


added to the routing protocol.

Hosts - Hosts must have the correct IP address or subnet mask.

STATIC ROUTING

Routing is at the core of every data network, moving information across an

internetwork from source to destination. Routers are the devices


responsible for the transfer of packets from one network to the next.

There are two routes you can take to drive to the event:

Highway route - It is easy to follow and fast driving speeds are allowed.

Alternative, direct route - You found this route using a city map.
Depending on conditions, such as the amount of traffic or congestion,
this just may be the way to get to the arena on time!

A router can learn about remote networks in one of two ways:

Manually - Remote networks are manually entered into the route table
using static routes.

Dynamically - Remote routes are automatically learned using a dynamic


routing protocol.

The following parameters are required to configure static routing:

network-address - Destination network address of the remote network


to be added to the routing table, often this is referred to as the prefix.

subnet-mask - Subnet mask, or just mask, of the remote network to


be added to the routing table. The subnet mask can be modified to
summarize a group of networks.

One or both of the following parameters must also be used:

ip-address - The IP address of the connecting router to use to forward


the packet to the remote destination network. Commonly referred to as
the next hop.

VLSM- VLSM allows the use of different masks for each subnet. After
a network address is subnetted, those subnets can be further
subnetted. VLSM is simply subnetting a subnet. VLSM can be thought
of as sub-subnetting.

ROUTING DYNAMICALLY

The Internet is based on the AS concept; therefore, two types of routing


protocols are required:

Interior Gateway Protocols (IGP) - Used for routing within an AS. It is


also referred to as intra-AS routing. Companies, organizations, and even
service providers use an IGP on their internal networks. IGPs include RIP,
EIGRP, OSPF, and IS-IS.

Exterior Gateway Protocols (EGP) - Used for routing between AS. It is


also referred to as inter-AS routing. Service providers and large companies
may interconnect using an EGP. The Border Gateway Protocol (BGP) is the
only currently-viable EGP and is the official routing protocol.

Distance vector means that routes are advertised by providing two


characteristics:

Distance - Identifies how far it is to the destination network and is based


on a metric such as the hop count, cost, bandwidth, delay, and more.

Vector - Specifies the direction of the next-hop router or exit interface to


reach the destination.

There are two link-state IPv4 IGPs:

OSPF - Popular standards based routing protocol

IS-IS - Popular in provider networks

A level 1 route is a route with a subnet mask equal to or less than the
classful mask of the network address. Therefore, a level 1 route can be a:

Network route - A network route that has a subnet mask equal to that
of the classful mask.

Supernet route - A supernet route is a network address with a mask


less than the classful mask, for example, a summary address.

Default route - A default route is a static route with the address


0.0.0.0/0.

The entry identifies the following information:

Route source - Identifies how the route was learned. Common codes
include O (OSPF), D (EIGRP), R (RIP), and S (Static route).

Destination network - Identifies the address of the remote IPv6


network.

Administrative distance - Identifies how trustworthiness of the route


source. IPv6 uses the same distances as IPv4.

Metric - Identifies the value assigned to reach the remote network.


Lower values indicate preferred routes.

SINGLE AREA OSPF

Open Shortest Path First (OSPF) is a link-state routing protocol that was
developed as a replacement for the distance vector routing protocol, RIP.
RIP was an acceptable routing protocol in the early days of networking
and the Internet. However, RIP's reliance on hop count as the only metric
for determining best route quickly became problematic. Using hop count
does not scale well in larger networks with multiple paths of varying
speeds. OSPF has significant advantages over RIP in that it offers faster
convergence and scales to much larger network implementations.

OSPF features, as shown in Figure 1, include:


Classless - It is classless by design; therefore, it supports VLSM and
CIDR.

Efficient - Routing changes trigger routing updates (no periodic updates).


It uses the SPF algorithm to choose the best path.

Fast convergence - It quickly propagates network changes.

Scalable - It works well in small and large network sizes. Routers can be
grouped into areas to support a hierarchical system.

Secure - It supports Message Digest 5 (MD5) authentication. When


enabled, OSPF routers only accept encrypted routing updates from peers
with the same pre-shared password.

OSPF creates and maintains three databases:


Adjacency database - Creates the neighbor table

Link-state database (LSDB) - Creates the topology table

Forwarding database - Creates the routing table

ACCESS CONTROL LISTS

An ACL is a sequential list of permit or deny statements that apply to


addresses or upper-layer protocols. ACLs provide a powerful way to
control traffic into and out of a network. ACLs can be configured for all
routed network protocols.

The most important reason to configure ACLs is to provide security for a


network. This chapter explains how to use standard and extended ACLs
on a Cisco router as part of a security solution. Included are tips,
considerations, recommendations, and general guidelines on how to use
ACLs.

Configuring Standard ACLs

To use numbered standard ACLs on a Cisco router, you must first create
the standard ACL and then activate the ACL on an interface.

The access-list global configuration command defines a standard ACL


with a number in the range of 1 through 99. Cisco IOS Software Release
12.0.1 extended these numbers by allowing 1300 to 1999 to be used for
standard ACLs. This allows for a maximum of 798 possible standard
ACLs. These additional numbers are referred to as expanded IP ACLs.

Every ACL should be placed where it has the greatest impact on


efficiency. As shown in the figure, the basic rules are:

Extended ACLs - Locate extended ACLs as close as possible to the


source of the traffic to be filtered. This way, undesirable traffic is denied
close to the source network without crossing the network infrastructure.

Standard ACLs - Because standard ACLs do not specify destination


addresses, place them as close to the destination as possible. Placing a
standard ACL at the source of the traffic will effectively prevent that traffic
from reaching any other networks through the interface where the ACL is
applied.

DHCP

Stateful DHCPv6

A router configured for stateful DHCPv6 services have the address


prefixcommand to provide addressing information.
For stateful DHCPv6 services the ipv6 and managed-config-

flag interface configuration mode command is used. In this instance, the


client ignores the addressing information in the RA message and
communicates with a DHCPv6 server for both addressing and other
information.

DHCPv4 includes three different address allocation mechanisms to


provide flexibility when assigning IP addresses:

Manual Allocation - The administrator assigns a pre-allocated IPv4


address to the client, and DHCPv4 communicates only the IPv4 address
to the device.

Automatic Allocation - DHCPv4 automatically assigns a static IPv4


address permanently to a device, selecting it from a pool of available

addresses. There is no lease and the address is permanently assigned to


the device.

Dynamic Allocation - DHCPv4 dynamically assigns, or leases, an IPv4


address from a pool of addresses for a limited period of time as
configured on the server, or until the client no longer needs the address.

Stateless DHCPv6 client - The client sends a DHCPv6 INFORMATIONREQUEST message to the DHCPv6 server requesting only configuration
parameters, such as DNS server address. The client generated its own IPv6
address using the prefix from the RA message and a self-generated
Interface ID.

Stateful DHCPv6 client - The client sends a DHCPv6 REQUEST


message to the server to obtain an IPv6 address and all other configuration
parameters from the server.

NETWORK ADDRESS TRANSLATION FOR IPV4

All public IPv4 addresses that transverse the Internet must be registered
with a Regional Internet Registry (RIR). Organizations can lease public
addresses from an SP, but only the registered holder of a public Internet
address can assign that address to a network device. However, with a
theoretical maximum of 4.3 billion addresses, IPv4 address space is
severely limited.

NAT includes four types of addresses:

Inside local address

Inside global address

Outside local address

Outside global address

When determining which type of address is used, it is important to


remember that NAT terminology is always applied from the perspective of
the device with the translated address:

Inside address - The address of the device which is being translated by


NAT.

Outside address - The address of the destination device.

NAT also uses the concept of local or global with respect to addresses:
Local address - A local address is any address that appears on the inside
portion of the network.

Global address - A global address is any address that appears on the


outside portion of the network.

Inside local address - The address of the source as seen from inside the
network. In the figure, the IPv4 address 192.168.10.10 is assigned to PC1.
This is the inside local address of PC1.

Inside global address - The address of source as seen from the outside
network. In the figure, when traffic from PC1 is sent to the web server at
209.165.201.1, R2 translates the inside local address to an inside global
address. In this case, R2 changes the IPv4 source address from
192.168.10.10 to 209.165.200.226. In NAT terminology, the inside local
address of 192.168.10.10 is translated to the inside global address of
209.165.200.226.

Outside global address - The address of the destination as seen from


the outside network. It is a globally routable IPv4 address assigned to a host
on the Internet.

There are three types of NAT translation:

Static address translation (static NAT) - One-to-one address mapping


between local and global addresses.

Dynamic address translation (dynamic NAT) - Many-to-many address


mapping between local and global addresses.

Port Address Translation (PAT) - Many-to-one address mapping


between local and global addresses. This method is also known as
overloading (NAT overloading).

IMPLEMENTING A NETWORK DESIGN

Hierarchical Network Design


This model divides the network functionality into three distinct layers:

Access layer

Distribution layer

Core layer

Each layer is designed to meet specific functions.

The access layer provides connectivity for the users. The distribution layer
is used to forward traffic from one local network to another. Finally, the
core layer represents a high-speed backbone layer between dispersed

networks. User traffic is initiated at the access layer and passes through
the other layers if the functionality of those layers is required.

Port Density

The port density of a switch refers to the number of ports available on a


single switch. Fixed configuration switches typically support up to 48 ports
on a single device. They have options for up to four additional ports for
small form-factor pluggable (SFP) devices. High-port densities allow for
better use of limited space and power.

Forwarding Rates

Forwarding rates define the processing capabilities of a switch by rating


how much data the switch can process per second. Switch product lines
are classified by forwarding rates, as shown in the figure. Entry-level
switches have lower forwarding rates than enterprise-level switches.
Forwarding rates are important to consider when selecting a switch.

Power over Ethernet

PoE allows the switch to deliver power to a device over the existing
Ethernet cabling. This feature can be used by IP phones and some
wireless access points.

PoE allows more flexibility when installing wireless access points and IP
phones, allowing them to be installed anywhere that there is an Ethernet
cable. A network administrator should ensure that the PoE features are
required, because switches that support PoE are expensive.

Multilayer Switching

Multilayer switches are typically deployed in the core and distribution

layers of an organization's switched network. Multilayer switches are


characterized by their ability to build a routing table, support a few routing
protocols, and forward IP packets at a rate close to that of Layer 2
forwarding.

LAN REDUNDANCY

Link Types

The link type provides a categorization for each port participating in RSTP
by using the duplex mode on the port. Depending on what is attached to
each port, two different link types can be identified:

Point-to-Point - A port operating in full-duplex mode typically connects a


switch to a switch and is a candidate for rapid transition to forwarding
state.

Shared - A port operating in half-duplex mode connects a switch to a hub


that attaches multiple devices.

The link type can determine whether the port can immediately transition to
forwarding state, assuming certain conditions are met. These conditions
are different for edge ports and non-edge ports. Non-edge ports are
categorized into two link types, point-to-point and shared. The link type is
automatically determined, but can be overridden with an explicit port
configuration using the spanning-tree link-type parameter command.

Spanning Tree Mode

Rapid PVST+ is the Cisco implementation of RSTP. It supports RSTP on a


per-VLAN basis.

Rapid PVST+ commands control the configuration of VLAN spanning tree


instances. A spanning tree instance is created when an interface is
assigned to a VLAN and is removed when the last interface is moved to
another VLAN.

The spanning-tree

mode

rapid-pvst global

configuration

mode

command is the one required command for the Rapid PVST+


configuration. When specifying an interface to configure, valid interfaces
include physical ports, VLANs, and port channels. The VLAN ID range is 1
to 4094 when the enhanced software image (EI) is installed and 1 to 1005
when the standard software image (SI) is installed. The port-channel
range is 1 to 6.

LINK AGGREGATION

Port Aggregation Protocol

PAgP is a Cisco-proprietary protocol that aids in the automatic creation of


EtherChannel links. When an EtherChannel link is configured using PAgP,
PAgP packets are sent between EtherChannel-capable ports to negotiate
the forming of a channel.

Link Aggregation Control Protocol

LACP is part of an IEEE specification (802.3ad) that allows several


physical ports to be bundled to form a single logical channel. LACP allows
a switch to negotiate an automatic bundle by sending LACP packets to the
peer.

Link Aggregation Configuration

The following guidelines and restrictions are useful for configuring


EtherChannel:

EtherChannel support - All Ethernet interfaces on all modules must


support EtherChannel with no requirement that interfaces be physically
contiguous, or on the same module.

Speed and duplex - Configure all interfaces in an EtherChannel to


operate at the same speed and in the same duplex mode.

VLAN match - All interfaces in the EtherChannel bundle must be


assigned to the same VLAN, or be configured as a trunk.

Range of VLAN - An EtherChannel supports the same allowed range of


VLANs on all the interfaces in a trunking EtherChannel. If the allowed
range of VLANs is not the same, the interfaces do not form an
EtherChannel, even when set to autoor desirable mode.

WIRELESS LANS

Wireless Technologies

Wireless communications are used in a variety of professions.

Although the mix of wireless technologies is continually expanding, the


focus of this discussion is on wireless networks that allow users to be
mobile. Wireless networks can be classified broadly as:

Wireless Personal-Area Networks (WPAN) - Operates in the range of a


few feet. Bluetooth or Wi-Fi Direct-enabled devices are used in WPANs.

Wireless LANs (WLANs) - Operates in the range of a few hundred feet


such as in a room, home, office, and even campus environment.

Wireless Wide-Area Networks (WWANs) - Operates in the range of


miles such as a metropolitan area, cellular hierarchy, or even on intercity
links through microwave relays.

Radio Frequencies

All wireless devices operate in the radio waves range of the


electromagnetic spectrum. It is the responsibility of the International
Telecommunication Union Radio communication Sector (ITU-R) to
regulate the allocation of the radio frequency (RF) spectrum. Ranges of
frequencies, called bands, are allocated for various purposes.

Wireless LAN devices have transmitters and receivers tuned to specific


frequencies of the radio waves range. Specifically, the following frequency
bands are allocated to 802.11 wireless LANs:

2.4 GHz (UHF) - 802.11b/g/n/ad

5 GHz (SHF) - 802.11a/n/ac/ad

60 GHz (EHF) - 802.11ad

802.11 Standards

The IEEE 802.11 WLAN standard defines how RF in the unlicensed ISM
frequency bands is used for the physical layer and the MAC sublayer of
wireless links.

Various implementation of the IEEE 802.11 standard have been developed


over the years. The following highlights these standards:

802.11 - Released in 1997 and now obsolete, this is the original WLAN
specification that operated in the 2.4 GHz band and offered speeds of up
to 2 Mb/s. When it was released, wired LANs were operating at 10 Mb/s
so the new wireless technology was not enthusiastically adopted.

IEEE 802.11a - Released in 1999, it operates in the less crowded 5 GHz


frequency band and offers speeds of up to 54 Mb/s. Because this

standard operates at higher frequencies, it has a smaller coverage area


and is less effective at penetrating building structures.

IEEE 802.11b - Released in 1999, it operates in the 2.4 GHz frequency


band and offers speeds of up to 11 Mb/s. Devices implementing this
standard have a longer range and are better able to penetrate building
structures than devices based on 802.11a.

IEEE 802.11g - Released in 2003, it operates in the 2.4 GHz frequency


band and offers speeds of up to 54 Mb/s. Devices implementing this
standard; therefore, operate at the same radio frequency and range as
802.11b, but with the bandwidth of 802.11a.

IEEE 802.11n - Released in 2009, it operates in the 2.4 GHz and 5 GHz
frequency bands and is referred to as a dual-band device. Typical data
rates range from 150 Mb/s to 600 Mb/s with a distance range of up to 70
m (.5 mile).

IEEE 802.11ac - Released in 2013, operates in the 5 GHz frequency


band and provides data rates ranging from 450 Mb/s to 1.3 Gb/s (1300
Mb/s).

IEEE 802.11ad - Scheduled for release in 2014 and also known as


WiGig, it uses a tri-band Wi-Fi solution using 2.4 GHz, 5 GHz, and 60
GHz, and offers theoretical speeds of up to 7 Gb/s.

Wi-Fi Certification

Standards ensure interoperability between devices made by different


manufacturers. Internationally, the three organizations influencing WLAN
standards are:

ITU-R - Regulates the allocation of the RF spectrum and satellite orbits.

IEEE - Specifies how RF is modulated to carry information. It maintains


the standards for local and metropolitan area networks (MAN) with the
IEEE 802 LAN/MAN family of standards. The dominant standards in the
IEEE 802 family are 802.3 Ethernet and 802.11 WLAN.

Wi-Fi Alliance - The Wi-Fi Alliance (http://www.wi-fi.org) is a global,


non-profit, industry trade association devoted to promoting the growth
and acceptance of WLANs.

Wireless Home Router

The type of infrastructure device that an end device associates and


authenticates with varies on the size and requirement of the WLAN.

For instance, a home user typically interconnects wireless devices using a


small, integrated wireless router. These smaller, integrated routers serve
as:

Access point - Provides 802.11a/b/g/n/ac wireless access

Switch - Provides a four-port, full-duplex, 10/100/1000 Ethernet switch to


connect wired devices

Router - Provides a default gateway for connecting to other network


infrastructures

Autonomous APs

Autonomous APs, sometimes referred to as heavy APs, are standalone


devices configured using the Cisco CLI or a GUI. Autonomous APs are
useful in situations where only a couple of APs are required in the
network.

Controller-Based APs

Controller-based APs are server-dependent devices that require no initial

configuration. Cisco offers two controller-based solutions. Controllerbased APs are useful in situations where many APs are required in the
network.

802.11 Wireless Topology Modes

Wireless LANs can accommodate various network topologies. The 802.11


standard identifies two main wireless topology modes:

Ad hoc mode - When two devices connect wirelessly without the aid of
an infrastructure device, such as a wireless router or AP. Examples
include Bluetooth and Wi-Fi Direct.

Infrastructure mode - When wireless clients interconnect via a wireless


router or AP, such as in WLANs. APs connect to the network
infrastructure using the wired distribution system (DS), such as Ethernet.

Frame Control Field

The Frame Control field contains the following subfields:

Protocol Version - Provides the current version of the 802.11 protocol


used. Receiving devices use this value to determine if the version of the
protocol of the received frame is supported.

Frame Type and Frame Subtype - Determines the function of the frame.
A wireless frame can either be a control frame, data frame, or a
management frame. There are multiple subtype fields for each frame
type.

ToDS and FromDS - Indicates whether the frame is going to or exiting


from the DS, and is only used in data frames of wireless clients
associated with an AP.

More Fragments - Indicates whether more fragments of the frame, either


data or management type, are to follow.

Retry - Indicates whether or not the frame, for either data or


management frame types, is being retransmitted.

Power Management - Indicates whether the sending device is in active


mode or power-save mode.

More Data - Indicates to a device in power-save mode that the AP has


more frames to send. It is also used for APs to indicate that additional
broadcast/multicast frames are to follow.

Security - Indicates whether encryption and authentication are used in


the frame. It can be set for all data frames and management frames,
which have the subtype set to authentication.

Reserved - Can indicate that all received data frames must be


processed in order.

Wireless Frame Type

A wireless frame can be one of three frame types:

Management Frame - Used in the maintenance of communication, such


as finding, authenticating, and associating with an AP.

Control Frame - Used to facilitate in the exchange of data frames


between wireless clients.

Data Frame - Used to carry the payload information such as web pages
and files.

Control Frames

Control frames are used to manage the information exchange between a


wireless client and an AP. They help prevent collisions from occurring on
the wireless medium.

The field value of common control frames including:

Request to Send (RTS) frame - The RTS and CTS frames provide an
optional collision reduction scheme for APs with hidden wireless clients.

Clear to Send (CTS) frame - A wireless AP responds to an RTS frame


with a CTS frame. It provides clearance for the requesting wireless client
to send a data frame.

Acknowledgment (ACK) frame - After receiving a data frame, the


receiving wireless client sends an ACK frame to the sending client if no
errors are found.

Discovering APs:

Passive mode - The AP openly advertises its service by periodically


sending broadcast beacon frames containing the SSID, supported
standards, and security settings.

Active mode - Wireless clients must know the name of the SSID. The
wireless client initiates the process by broadcasting a probe request
frame on multiple channels.

Authentication

The 802.11 standard was originally developed with two authentication


mechanisms:

Open authentication - Fundamentally a NULL authentication where the


wireless client says authenticate me and the AP responds with yes.
Open authentication provides wireless connectivity to any wireless device
and should only be used in situations where security is of no concern.

Shared key authentication - Technique is based on a key that is preshared between the client and the AP.

ADJUST AND TROUBLESHOOT SINGLE-AREA OSPF

Routing versus Switching

A scalable network requires a hierarchical network design. The focus of


the preceding chapters was on the access and distribution layers. Layer 2
switches, link aggregation, LAN redundancy, and wireless LANs are all
technologies that provide or enhance user access to network resources.

Scalable networks also require optimal reachability between sites. Remote


network reachability is provided by routers and Layer 3 switches which
operate in the distribution and core layers and Layer 3 switches learn
about remote networks in one of two ways:

Manually - Remote networks are manually entered into the route table
using static routes.

Dynamically - Remote routes are automatically learned using a dynamic


routing protocol such as Enhanced Interior Gateway Routing Protocol
(EIGRP) or Open Shortest Path First (OSPF).

Static Routing

The example in the figure provides a sample scenario of static routing. A


network administrator can manually configure a static route to reach a
specific network. Unlike a dynamic routing protocol, static routes are not
automatically updated and must be manually reconfigured any time the
network topology changes.

Static routing has three primary uses:

Providing ease of routing table maintenance in smaller networks that are


not expected to grow significantly.

Routing to and from stub networks. A stub network is a network accessed


by a single route, and the router has only one neighbor.

Using a single default route to represent a path to any network that does
not have a more specific match with another route in the routing table.
Default routes are used to send traffic to any destination beyond the next
upstream router.

Dynamic Routing

Routing protocols allow routers to dynamically share information about

remote networks as shown in the figure. Routers receiving the update


automatically add this information to their own routing tables. A primary benefit of
dynamic routing protocols is that routers exchange routing information when
there is a topology change. T

The two most common dynamic routing protocols are EIGRP and OSPF.

The focus of this chapter is on OSPF.

Open Shortest Path First

OSPF is a commonly implemented link-state routing protocol. It was


developed as a replacement for the distance vector routing protocol, RIP.
However, OSPF has significant advantages over RIP in that it offers faster
convergence and scales to much larger network implementations.

OSPF features, as shown in the figure, include:

Classless - It is classless by design; therefore, it supports VLSM and


CIDR.

Efficient - Routing changes trigger routing updates (no periodic


updates). It uses the SPF algorithm to choose the best path.

Fast convergence - It quickly propagates network changes.

Scalable - It works well in small and large network sizes. Routers can be
grouped into areas to support a hierarchical system.

Secure - It supports Message Digest 5 (MD5) authentication. When


enabled, OSPF routers only accept encrypted routing updates from peers
with the same pre-shared password.

Verifying Single-Area OSPFv3

Useful commands to verify OSPFv3 include the following:

show ipv6 ospf neighbor - Command to verify that the router has
formed an adjacency with its neighboring routers.

show ipv6 protocols - Command provides a quick way to verify vital


OSPFv3 configuration information, including the OSPF process ID, the
router ID, and the interfaces enabled for OSPFv3.

show ipv6 route ospf - Command provides specifics about OSPFv3


routes in the routing table.

show ipv6 ospf interface brief - Command is useful to display a


summary and status of OSPFv3 enabled interfaces.

OSPF Network Types

OSPF defines five network types, as shown in Figures 1 to 5:

Point-to-point - Two routers interconnected over a common link. No


other routers are on the link. This is often the configuration in WAN links.

Broadcast multiaccess - Multiple routers interconnected over an


Ethernet network.

Nonbroadcast multiaccess (NBMA) - Multiple routers interconnected in


a network that does not allow broadcasts, such as Frame Relay.

Point-to-multipoint - Multiple routers interconnected in a hub-and-spoke


topology over an NBMA network. Often used to connect branch sites
(spokes) to a central site (hub).

Virtual links - Special OSPF network used to interconnect distant OSPF


areas to the backbone area.

OSPF Designated Router

The solution to managing the number of adjacencies and the flooding of


LSAs on a multiaccess network is the DR. On multiaccess networks,
OSPF elects a DR to be the collection and distribution point for LSAs sent
and received. A BDR is also elected in case the DR fails. The BDR listens
passively to this exchange and maintains a relationship with all the

routers. If the DR stops producing Hello packets, the BDR promotes itself
and assumes the role of DR.
All other non-DR or BDR routers become DROTHER (a router that is

neither the DR nor the BDR).

Verifying DR/BDR Adjacencies

To

verify

the

OSPF

adjacencies,

use

the

show

ip

ospf

neighbor command.

Unlike serial links that only display a state of FULL/-, the state of
neighbors in multiaccess networks can be:

FULL/DROTHER - This is a DR or BDR router that is fully adjacent with a


non-DR or BDR router. These two neighbors can exchange Hello
packets, updates, queries, replies, and acknowledgments.

FULL/DR - The router is fully adjacent with the indicated DR neighbor.


These two neighbors can exchange Hello packets, updates, queries,
replies, and acknowledgments.

FULL/BDR - The router is fully adjacent with the indicated BDR neighbor.
These two neighbors can exchange Hello packets, updates, queries,
replies, and acknowledgments.

2-WAY/DROTHER - The non-DR or BDR router has a neighbor


relationship with another non-DR or BDR router. These two neighbors
exchange Hello packets.

DR/BDR Election Process

OSPF DR and BDR elections are not preemptive. If a new router with a
higher priority or higher router ID is added to the network after the DR and
BDR election, the newly added router does not take over the DR or the
BDR role. This is because those roles have already been assigned. The
addition of a new router does not initiate a new election process.

After the DR is elected, it remains the DR until one of the following events
occurs:

The DR fails

The OSPF process on the DR fails or is stopped

The multiaccess interface on the DR fails or is shutdown

If the DR fails, the BDR is automatically promoted to DR. This is the case
even if another DROTHER with a higher priority or router ID is added to
the network after the initial DR/BDR election. However, after a BDR is
promoted to DR, a new BDR election occurs and the DROTHER with the
higher priority or router ID is elected as the new BDR.

The OSPF Priority

The DR becomes the focal point for the collection and distribution of LSAs;
therefore, this router must have sufficient CPU and memory capacity to
handle the workload. It is possible to influence the DR/BDR election
process through configurations.

To set the priority of an interface, use the following commands:

ip ospf priority value - OSPFv2 interface command

ipv6 ospf priority value - OSPFv3 interface command

The value can be:

0 - Does not become a DR or BDR.

1 255 - The higher the priority value, the more likely the router
becomes the DR or BDR on the interface.

Propagating a Default Static Route in OSPFv2

To propagate a default route, the edge router (R2) must be configured


with:

A default static route using the ip route 0.0.0.0 0.0.0.0 {ip-address | exitintf} command.

The default-information originate router configuration mode command.


This instructs R2 to be the source of the default route information and
propagate the default static route in OSPF updates.

OSPF Hello and Dead Interval

The OSPF Hello and Dead intervals are configurable on a per-interface


basis. The OSPF intervals must match or a neighbor adjacency does not
occur.

To verify the currently configured interface intervals, use the show ip ospf
interface command. The Serial 0/0/0 Hello and Dead intervals are set to
the default 10 seconds and 40 seconds respectively.

Modifying OSPFv2 Intervals

OSPF Hello and Dead intervals can be modified manually using the
following interface configuration mode commands:

ip ospf hello-interval seconds

ip ospf dead-interval seconds

Use the no ip ospf hello-interval and no ip ospf dead-interval


commands to reset the intervals to their default.

Modifying OSPFv3 Intervals

Like OSPFv2, OSPFv3 intervals can also be adjusted.

OSPFv3 Hello and Dead intervals can be modified manually using the
following interface configuration mode commands:

ipv6 ospf hello-interval seconds

ipv6 ospf dead-interval seconds

Secure Routing Updates

When neighbor authentication has been configured on a router, the router


authenticates the source of each routing update packet that it receives.
This is accomplished by the exchange of an authenticating key
(sometimes referred to as a password) that is known to both the sending
and the receiving router.

OSPF supports 3 types of authentication:

Null - This is the default method and means that no authentication is


used for OSPF.

Simple password authentication - This is also referred to as plaintext


authentication because the password in the update is sent in plaintext

over the network. This is considered to be a legacy method of OSPF


authentication.

MD5 authentication - This is the most secure and recommended


method of authentication. MD5 authentication provides higher security
because the password is never exchanged between peers.

Configuring OSPF MD5 Authentication

OSPF supports routing protocol authentication using MD5. MD5


authentication can be enabled globally for all interfaces or on a perinterface basis.

To enable OSPF MD5 authentication globally, configure:

ip ospf message-digest-key key md5 password interface configuration


mode command.

area area-id authentication message-digest router configuration mode


command.

This method forces authentication on all OSPF enabled interfaces. If an


interface

is

not

configured

with

the ip

ospf

message-digest-

key command, it will not be able to form adjacencies with other OSPF
neighbors.

MULTIAREA OSPF

Single-Area OSPF

Single-area OSPF is useful in smaller networks where the web of router


links is not complex, and paths to individual destinations are easily
deduced.

However, if an area becomes too big, the following issues must be


addressed (see the figure for illustration):

Large routing table - OSPF does not perform route summarization by


default. If the routes are not summarized, the routing table can become
very large, depending on the size of the network.

Large link-state database (LSDB) -Because the LSDB covers the


topology of the entire network, each router must maintain an entry for
every network in the area, even if not every route is selected for the
routing table.

Frequent SPF algorithm calculations - In a large network, changes are


inevitable, so the routers spend many CPU cycles recalculating the SPF
algorithm and updating the routing table.

Multiarea OSPF

Multiarea OSPF requires a hierarchical network design. The main area is


called the backbone area (area 0) and all other areas must connect to the
backbone area.

The hierarchical-topology possibilities of multiarea OSPF have these


advantages:

Smaller routing tables - There are fewer routing table entries as


network addresses can be summarized between areas. For example, R1
summarizes the routes from area 1 to area 0 and R2 summarizes the
routes from area 51 to area 0. R1 and R2 also propagate a default static
route to area 1 and area 51.

Reduced link-state update overhead- Minimizes processing and


memory requirements, because there are fewer routers exchanging
LSAs.

Reduced frequency of SPF calculations - Localizes impact of a


topology change within an area. For instance, it minimizes routing update
impact, because LSA flooding stops at the area boundary.

OSPF Two-Layer Area Hierarchy

Multiarea OSPF is implemented in a two-layer area hierarchy:

Backbone (Transit) area - An OSPF area whose primary function is the


fast and efficient movement of IP packets. Backbone areas interconnect
with other OSPF area types. Generally, end users are not found within a
backbone area. The backbone area is also called OSPF area 0.

Regular (Non-backbone) area -Connects users and resources. Regular


areas are usually set up along functional or geographical groupings. By
default, a regular area does not allow traffic from another area to use its
links to reach other areas. All traffic from other areas must cross a transit
area.

Types of OSPF Routers

There are four different types of OSPF routers:

Internal router This is a router that has all of its interfaces in the same
area. All internal routers in an area have identical LSDBs.

Backbone router This is a router in the backbone area. Generally, the


backbone area is set to area 0.

Area Border Router (ABR) This is a router that has interfaces


attached to multiple areas. It must maintain separate LSDBs for each
area it is connected to, and can route between areas.

Autonomous System Boundary Router (ASBR) This is a router that


has at least one interface attached to an external internetwork (another
autonomous system), such as a non-OSPF network.

EIGRP
EIGRP is an advanced distance vector routing protocol that includes

features not found in other distance vector routing protocols like RIP and
IGRP.

Protocol Dependent Modules

PDMs are responsible for network layer protocol-specific tasks. An


example is the EIGRP module that is responsible for sending and
receiving EIGRP packets that are encapsulated in IPv4. This module is
also responsible for parsing EIGRP packets and informing DUAL of the
new information that is received. EIGRP asks DUAL to make routing
decisions, but the results are stored in the IPv4 routing table.

Reliable Transport Protocol

EIGRP uses Reliable Transport Protocol (RTP) for the delivery and
reception of EIGRP packets. EIGRP was designed as a network layer
independent routing protocol; because of this design EIGRP cannot use
the services of UDP or TCP.

RTP can send EIGRP packets as unicast or multicast.

Multicast EIGRP packets for IPv4 use the reserved IPv4 multicast
address 224.0.0.10.

Multicast EIGRP packets for IPv6 are sent to the reserved IPv6 multicast
address FF02::A.

EIGRP Packet Types

EIGRP uses five different packet types, some in pairs. EIGRP packets are
sent using either RTP reliable or unreliable delivery and can be sent as a
unicast, multicast, or sometimes both. EIGRP packet types are also called
EIGRP packet formats or EIGRP messages.

The five EIGRP packet types include:

Hello packets - Used for neighbor discovery and to maintain neighbor


adjacencies.

Sent with unreliable delivery

Multicast (on most network types)

Update packets - Propagates routing information to EIGRP neighbors.

Sent with reliable delivery

Unicast or multicast

Acknowledgment packets - Used to acknowledge the receipt of an


EIGRP message that was sent using reliable delivery.

Sent with unreliable delivery

Unicast
Query packets - Used to query routes from neighbors.

Sent with reliable delivery

Unicast or multicast

Reply packets - Sent in response to an EIGRP query.

Sent with unreliable delivery

Unicast

EIGRP Hello Packets

EIGRP Hello packets are sent as IPv4 or IPv6 multicasts, and use RTP
unreliable delivery. This means that the receiver does not reply with an
acknowledgment packet.

The reserved EIGRP multicast address for IPv4 is 224.0.0.10.

The reserved EIGRP multicast address for IPv6 is FF02::A.

EIGRP Query Packets

DUAL uses query and reply packets when searching for networks and
other tasks. Queries and replies use reliable delivery. Queries can use
multicast or unicast, whereas replies are always sent as unicast.

EIGRP Reply Packets

All neighbors must send a reply, regardless of whether or not they have a
route to the downed network. Because replies also use reliable delivery,
routers such as R2, must send an acknowledgment.

EIGRP Packet Header and TLV

Important fields include the Opcode field and the Autonomous System
Number field. Opcode specifies the EIGRP packet type as follows:

Update

Query

Reply

Hello
The Hold Time is the amount of time the EIGRP neighbor receiving this

message should wait before considering the advertising router to be down.


Delay is calculated as the sum of delays from source to destination in

units of 10 microseconds. Bandwidth is the lowest configured bandwidth of


any interface along the route.

Autonomous System Numbers

The autonomous system number used for EIGRP configuration is only


significant to the EIGRP routing domain. It functions as a process ID to
help routers keep track of multiple, running instances of EIGRP.

Passive Interface

The passive-interface command can be used to prevent the neighbor


adjacencies. There are two primary reasons for enabling the passiveinterface command:

To suppress unnecessary update traffic, such as when an interface is a


LAN interface, with no other routers connected

To increase security controls, such as preventing unknown rogue routing


devices from receiving EIGRP updates

The passive-interface router configuration mode command disables the


transmission and receipt of EIGRP Hello packets on these interfaces.

Router(config)# router eigrp as-number

Router(config-router)# passive-interface interface-type interface-number

Verifying EIGRP: Examining Neighbors

Use the show ip eigrp neighbors command to view the neighbor table
and verify that EIGRP has established an adjacency with its neighbors.

The show ip eigrp neighbors command output includes:

H column - Lists the neighbors in the order that they were learned.

Address - IPv4 address of the neighbor.

Interface - Local interface on which this Hello packet was received.

Hold - Current hold time. When a Hello packet is received, this value is
reset to the maximum hold time for that interface, and then counts down
to zero. If zero is reached, the neighbor is considered down.

Uptime - Amount of time since this neighbor was added to the neighbor
table.

Smooth

Round

Trip

Timer

(SRTT)

and Retransmission

Timeout (RTO) - Used by RTP to manage reliable EIGRP packets.

Queue Count - Should always be zero. If more than zero, then EIGRP
packets wait to be sent.

Sequence Number - Used to track updates, queries, and reply packets.

EIGRP Composite Metric

EIGRP uses the following values in its composite metric to calculate the
preferred path to a network:

Bandwidth - The slowest bandwidth among all of the outgoing


interfaces, along the path from source to destination.

Delay - The cumulative (sum) of all interface delay along the path (in
tens of microseconds).

The following values can be used, but are not recommended, because
they typically result in frequent recalculation of the topology table:

Reliability - Represents the worst reliability between the source and


destination, which is based on keep a lives.

Load - Represents the worst load on a link between the source and
destination, which is computed based on the packet rate and the
configured bandwidth of the interface.

The Composite Metric

The metric calculation method (k values) and the EIGRP autonomous


system number must match between EIGRP neighbors. If they do not
match, the routers do not form an adjacency.

The default k values can be changed with the metric weights router
configuration mode command:

Router(config-router)# metric weights tos k1 k2 k3 k4 k5

Examining Interface Values

The show interfaces command displays interface information, including


the parameters used to compute the EIGRP metric. The figure shows
the show interfaces command for the Serial 0/0/0 interface on R1.

BW - Bandwidth of the interface (in kilobits per second).

DLY - Delay of the interface (in microseconds).

Reliability - Reliability of the interface as a fraction of 255 (255/255 is


100% reliability), calculated as an exponential average over five minutes.
By default, EIGRP does not include its value in computing its metric.

Txload, Rxload - Transmit and receive load on the interface as a fraction


of 255 (255/255 is completely saturated), calculated as an exponential
average over five minutes. By default, EIGRP does not include its value in
computing its metric.

Bandwidth Metric

The bandwidth metric is a static value used by some routing protocols,


such as EIGRP and OSPF, to calculate their routing metric. The bandwidth
is displayed in kilobits per second (kb/s). Most serial interfaces use the
default bandwidth value of 1544 kb/s or 1,544,000 b/s (1.544 Mb/s). This
is the bandwidth of a T1 connection. However, some serial interfaces use
a different default bandwidth value. Always verify bandwidth with the show
interfaces command.

Delay Metric

Delay is the measure of the time it takes for a packet to traverse a route.
The delay (DLY) metric is a static value based on the type of link to which
the interface is connected and is expressed in microseconds.

DUAL Concepts

EIGRP uses the Diffusing Update Algorithm (DUAL) to provide the best
loop-free path and loop-free backup paths.

DUAL uses several terms, which are discussed in more detail throughout
this section:

Successor

Feasible Distance (FD)

Feasible Successor (FS)

Reported Distance (RD) or Advertised Distance (AD)

Feasible Condition or Feasibility Condition (FC)

The DUAL algorithm is used to obtain loop-freedom at every instance


throughout a route computation. This allows all routers involved in a
topology change to synchronize at the same time.

The decision process for all route computations is done by the DUAL
Finite State Machine (FSM). An FSM is a workflow model, similar to a flow
chart that is composed of the following:

A finite number of stages (states)

Transitions between those stages

Operations

Successor and Feasible Distance

FD is the lowest calculated metric to reach the destination network. FD is


the metric listed in the routing table entry as the second number inside the
brackets. As with other routing protocols, this is also known as the metric
for the route.

Feasible Successors, Feasibility Condition, and Reported Distance

An FS is a neighbor that has a loop-free backup path to the same network


as the successor, and it satisfies the Feasibility Condition (FC). The FC is
met when a neighbors Reported Distance (RD) to a network is less than
the local routers feasible distance to the same destination network.

DUAL Finite State Machine (FSM)

An FSM is an abstract machine, not a mechanical device with moving


parts. FSMs define a set of possible states that something can go through,
what events cause those states, and what events result from those states.
Designers use FSMs to describe how a device, computer program, or
routing algorithm reacts to a set of input events.

FSMs are beyond the scope of this course. However, the concept is used
to examine some of the output from EIGRPs FSM using the debug eigrp
fsm command. Use this command to examine what DUAL does when a
route is removed from the routing table

EIGRP for IPv6

EIGRP for IPv6 also uses DUAL as the computation engine to guarantee
loop-free paths and backup paths throughout the routing domain.

The EIGRP for IPv6 configuration and verification commands are very
similar to those used in EIGRP for IPv4. These commands are described
later in this section.

Comparing EIGRP for IPv4 and IPv6

The following is a comparison of the main features of EIGRP for IPv4 and
EIGRP for IPv6:

Advertised routes - EIGRP for IPv4 advertises IPv4 networks; whereas,


EIGRP for IPv6 advertises IPv6 prefixes.

Distance vector - Both EIGRP for IPv4 and IPv6 are advanced distance
vector routing protocols. Both protocols use the same administrative
distances.

Convergence technology - EIGRP for IPv4 and IPv6 both use the DUAL
algorithm. Both protocols use the same DUAL techniques and processes,
including successor, FS, FD, and RD.

Metric - Both EIGRP for IPv4 and IPv6 use bandwidth, delay, reliability,
and load for their composite metric. Both routing protocols use the same
composite metric and use only bandwidth and delay, by default.

Transport

protocol -

The

Reliable

Transport

Protocol

(RTP)

is

responsible for guaranteed delivery of EIGRP packets to all neighbors for


both protocols, EIGRP for IPv4 and IPv6.

Update messages - Both EIGRP for IPv4 and IPv6 send incremental
updates when the state of a destination changes. The terms, partial and
bounded, are used when referring to updates for both protocols.

Neighbor discovery mechanism - EIGRP for IPv4 and EIGRP for IPv6
use a simple Hello mechanism to learn about neighboring routers and
form adjacencies.

Source and destination addresses - EIGRP for IPv4 sends messages to


the multicast address 224.0.0.10. These messages use the source IPv4
address of the outbound interface.

Authentication - EIGRP for IPv4 can use either plaintext authentication or


Message Digest 5 (MD5) authentication. EIGRP for IPv6 uses MD5.

Router ID - Both EIGRP for IPv4 and EIGRP for IPv6 use a 32-bit number
for the EIGRP router ID. The 32-bit router ID is represented in dotteddecimal notation and is commonly referred to as an IPv4 address. If the
EIGRP for IPv6 router has not been configured with an IPv4 address, the
eigrp router-id command must be used to configure a 32-bit router ID.
The process for determining the router ID is the same for both EIGRP for
IPv4 and IPv6.

EIGRP ADVANCED CONFIGURATIONS AND


TROUBLESHOOTING

EIGRP Automatic summarization

Summarization decreases the number of entries in routing updates and


lowers the number of entries in local routing tables. It also reduces
bandwidth utilization for routing updates and results in faster routing table
lookups.

Configuring EIGRP Automatic summarization

EIGRP for IPv4 automatic summarization is disabled by default beginning


with Cisco IOS Release 15.0(1)M and 12.2(33). Prior to this, automatic
summarization was enabled by default. This meant that EIGRP performed

automatic summarization each time the EIGRP topology crossed a border


between two different major class networks.

To enable automatic summarization for EIGRP, use the auto-summary


command in router configuration mode, as shown in Figure 3:

R1(config)# router eigrp as-number

R1(config-router)# auto-summary

The no form of this command is used to disable automatic summarization.

Manual Summary Routes

EIGRP can be configured to summarize routes, whether or not automatic


summarization (auto-summary) is enabled. Because EIGRP is a
classless routing protocol and includes the subnet mask in the routing
updates, manual summarization can include supernet routes.

Configure EIGRP Manual Summarization

To establish EIGRP manual summarization on a specific EIGRP interface,


use the following interface configuration mode command:

Router(config-if)# ip

summary-address

eigrp as-number

network-

address subnet-mask

EIGRP for IPv6: Manual Summary Routes

To configure EIGRP for IPv6 manual summarization on a specific EIGRP


interface, use the following interface configuration mode command:

Router(config-if)# ipv6 summary-address eigrp as-number prefix/prefixlength

Propagating a Default Static Route

Using a static route to 0.0.0.0/0 as a default route is not routing protocoldependent. The "quad zero" static default route can be used with any
currently supported routing protocols. The static default route is usually
configured on the router that has a connection to a network outside the
EIGRP routing domain; for example, to an ISP.

One method of propagating a static default route within the EIGRP routing
domain is by using the redistribute static command. The redistribute
static command tells EIGRP to include static routes in its EIGRP updates
to other routers.

EIGRP Bandwidth for IPv4

By default, EIGRP uses only up to 50 percent of an interfaces bandwidth


for EIGRP information. This prevents the EIGRP process from overutilizing a link and not allowing enough bandwidth for the routing of normal
traffic.

Use

the ip

bandwidth-percent

eigrp command

to

configure

the

percentage of bandwidth that can be used by EIGRP on an interface.

Router(config-if)# ip bandwidth-percent eigrp as-number percent

EIGRP Bandwidth for IPv6

To configure the percentage of bandwidth that can be used by EIGRP for


IPv6 on an interface, use the ipv6 bandwidth-percent eigrp command in
interface configuration mode. To restore the default value, use the no form
of this command.

Router(config-if)# ipv6 bandwidth-percent eigrp as-number percent

Hello Intervals and Hold Times with EIGRP for IPv4

EIGRP uses a lightweight Hello protocol to establish and monitor the


connection status of its neighbor. The Hold time tells the router the
maximum time that the router should wait to receive the next Hello before
declaring that neighbor as unreachable.

Hello intervals and Hold times are configurable on a per-interface basis


and do not have to match with other EIGRP routers to establish or
maintain adjacencies. The command to configure a different Hello interval
is:

Router(config-if)# ip hello-interval eigrp as-number seconds

If the Hello interval is changed, ensure that the Hold time value is equal to,
or greater than, the Hello interval. Otherwise, neighbor adjacency goes
down after the Hold time expires and before the next Hello interval. Use
the following command to configure a different Hold time:

Router(config-if)# ip hold-time eigrp as-number seconds

The seconds value for both Hello and Hold time intervals can range from
1 to 65,535.

Hello Intervals and Hold Times with EIGRP for IPv6

EIGRP for IPv6 uses the same Hello interval and Hold times as EIGRP for
IPv4. The interface configuration mode commands are similar to those for
IPv4:

Router(config-if)# ipv6 hello-interval eigrp as-number seconds

Router(config-if)# ipv6 hold-time eigrp as-number seconds

IOS IMAGES AND LICENSING

Cisco IOS Software Release Families and Trains

Cisco IOS Software has evolved from a single platform operating system
for routing, to a sophisticated operating system that supports a large array
of features and technologies such as VoIP, NetFlow, and IPsec. To better
meet the requirements of the different market segments, the software is
organized into software release families and software trains.

A software release family is comprised of multiple IOS software release


versions that:

Share a code base

Apply to related hardware platforms

Overlap in support coverage (as one OS comes to end-of-life, another OS


is introduced and supported)

Cisco IOS 12.4 Mainline and T Trains

A mainline train is always associated with a technology train (T train). A T


train, such as 12.4T, receives the same software bug fixes as the mainline
train. The T train also receives new software and hardware support
features. Releases in the Cisco IOS Software 12.4T train are considered
Early Deployment (ED) releases.

All child trains of the mainline train (T, S, etc.) typically contain an
uppercase letter designating the train type.

Mainline train = 12.4

T train = 12.4T (12.4 + new software and hardware support features)

Cisco IOS 12.4 System Image Packaging

The image packaging consists of eight IOS images, three of which are
considered premium packages.

The five non-premium packages are:

IP Base - IP Base is the entry level Cisco IOS Software Image

IP Voice - Converged voice and data, VoIP, VoFR, and IP Telephony

Advanced Security - Security and VPN features including Cisco IOS


Firewall, IDS/IPS, IPsec, 3DES, and VPN

SP (Service Provider) Services - Adds SSH/SSL, ATM, VoATM, and


MPLS to IP Voice

Enterprise Base - Enterprise protocols: Appletalk, IPX, and IBM Support

Three other premium packages offer additional IOS software feature


combinations that address more complex network requirements. All
features merge in the Advanced Enterprise Services package. This
package integrates support for all routing protocols with Voice, Security,
and VPN capabilities:

Advanced Enterprise Services - Full Cisco IOS Software features

Enterprise Services - Enterprise Base and Service Provider Services

Advanced IP Services - Advanced Security, Service Provider Services,


and support for IPv6

CHAPTER 3
DESIGN GOALS

Fault Tolerance

You will sure that in NIDEC Precision Philippines, you will free from any

failures that can possible to encounter. This proposal gives you a sure feeling that can
handle several failures. Every guest is our main concern.

Scalability

You will surely that in NIDEC Precision Philippines has an ability of a

computer application or product (Hardware or Software) to continue to function well or


the context even if the size or volume changes to meet the users demand or needs in
every departments. It is also has the ability not only to function well in the rescaled
situation, but to actually take full advantage of it.

Security

You will secure that the computers in NIDEC Precision Philippines has a
password for security of the user and it secured all the information about the
users. We impose password to secure all the identity of the users and when the
computer is not in use the password protect are updates. All the store in the
computer or network device in secure area is can be locked.

Quality of Service

Real time applications and communications like chat, video call and LAN

games are given with priority to provide our customers the best of their computer
experience.

Functionality

NIDEC Precision Philippines PC has functionality because it can function

perfectly and effectively. And the design will provide a reliable Local Area Network (LAN)
as well as Wide Area Network link for data communication with other school sites and
have Internet connectivity.

Manageability

We have a primarily about providing an information infrastructure so that

the application and all of its important supporting services and devices can be monitored
for possible corrective and preventive action

Adaptability

The PCs in NIDEC Precision Philippines, in every department, can adapt

in all viruses because it is always updated all anti-viruses. It is also can adapt in all the
program or application.

CHAPTER 4
Overall Network Requirements

Necessary Hardware

Computers
Network Interface Card / Ethernet Card
RJ-45 (Registered Jack)
Switch
UTP (Unshielded Twisted Pair) Cable (e.g. Crossover, Straight-Through,

Console): Cat5, Cat5E, or Cat6


Router

Network Architecture

Hierarchical topology is advisable

Power

Adequate power for a LAN party

Software

Operating system
Firewall
Anti-virus

WAN Requirements

Wide - Area Network Requirements

Minimize bandwidth costs - Maximize efficiency


Maximize performance
Support new/emerging applications
Maximize availability
Minimize management and maintenance

LAN Requirements

Router or Hub

The router or hub is two types of hardware components in which the traffic
is merged and computers are connected. A hub is just a central device,
and the data is not filtered. Data is broadcast with no controls. However, a
router is a more intelligent machine that routes data packets and sends
them to the right section of the network. Routers can also be used as
firewall protection from the Internet. Because routers have become
relatively inexpensive, they are preferred over hubs.

Connection Method

The two most popular connection methods are hard wiring using Ethernet
cables or using wireless technologies. Most desktop networks use
Ethernet cables. These are inexpensive products that directly connect the
network card of the computer to the router. Wireless technologies are
used most often for laptops. However, to use a wireless network, the
administrator needs to set up a wireless router.

Network Cards

Network cards are hardware components added to machines that allow


them to communicate. Network cards are used in any type of network.
Wireless network cards are usually installed with any laptop purchase.
However, hard wire network cards are also available for these machines.
Network cards are inserted into a slot on a desktop that connects to the
computer's motherboard. These are connected to the rest of the network
using Ethernet cables that attach to the back of the card.

Operating System Setup

The hardest part of a network design is setting up the software and


operating system. The operating system needs to recognize the network
card in the machine. It needs to have a protocol configured. The typical
protocol on a network is TCP/IP. TCP/IP creates a unique address for the
machine. The operating system retrieves an IP address from a server, or it
can be defined in the network settings.

Security

Security is a major concern for any network administrator. The


administrator of a small home network does not need to implement much
security on the network. Most home networks are peer-to-peer, allowing
users to share files without permissions. Larger networks require security.
This is done by creating a domain and forcing users to login to a server
before accessing networking resources.

This network is designed to cater the needs of the customers by creating a


network of PCs so they could monitor and share files.
Physical Topology
Cabling

comply with TIA/EIA 568-A & 569


Horizontal Cabling

CAT5 UTP tested with 100 Mbps


Vertical or Backbone Cabling

CAT5 UTP or multi-mode fiber optic

CHAPTER 5
LAN DESIGN: CABLING AND PLANNING

Overall Floor Plan

NIDEC BUILDING

FIRST FLOOR

SECOND FLOOR

THIRD FLOOR

Logical Diagram

Addressing Table

DEVIC

Router

Router

Switch

1
Switch

2
Switch

3
Switch

4
Switch

INTE

RFA

ADDRE

CE

SS

Se0/

1/0

Fa0/

0
Se/0

Fa0/

0
VLA

192.16

192.16

192.16

N99
VLA

N99
VLA

N99
VLA

N99
VLA

5
Switch

6
Switch

7
Switch

DEFA
ULT
GATE

255.255.25

WAY
N/A

5.252

8.1.2

SUBNET
MASK

8.1.1

/1/1

IP

255.255.25

N/A

5.252

255.255.25

N/A

8.99.1
192.16

5.248
255.255.25

N/A

8.99.9
192.16

5.248
255.255.25

N/A

8.99.3
192.16

5.248
255.255.25

N/A

8.99.4
192.16

5.248
255.255.25

N/A

N99
VLA

8.99.5
192.16

5.248
255.255.25

N/A

N99
VLA

8.99.10
192.16

5.248
255.255.25

N/A

N99
VLA

8.99.11
192.16

5.248
255.255.25

N/A

8
Switch

N99
VLA

8.99.12
192.16

5.248
255.255.25

N/A

9
Switch

N10
VLA

8.10.1
192.16

5.224
255.255.25

N/A

10
Switch

N20
VLA

8.20.1
192.16

5.224
255.255.25

N/A

11
Switch

N30
VLA

8.30.1
192.16

5.224
255.255.25

N/A

12
Switch

N40
VLA

8.40.1
192.16

5.224
255.255.25

N/A

13
Switch

N50
VLA

8.50.1
192.16

5.224
255.255.25

N/A

14
Switch

N60
VLA

8.60.1
192.16

5.224
255.255.25

N/A

15
Switch

N70
VLA

8.70.1
192.16

5.224
255.255.25

N/A

16
Switch

N80
VLA

8.80.1
192.16

5.224
255.255.25

N/A

17
Switch

N85
VLA

8.85.1
192.16

5.224
255.255.25

N/A

18
Switch

N90
VLA

8.90.1
192.16

5.240
255.255.25

N/A

19
Switch

N95
VLA

8.95.1
192.16

5.240
255.255.25

N/A

20
Server

N10
NIC

5.224
255.255.25

8.10.22
192.16

Server

8.99.2

NIC

192.16

192.1

5.248

68.99.

255.255.25

1
192.1

8.99.3

5.248

68.99.

DEVIC
E

INTE

RFA

ADDRE

CE

IP

SUBNET
MASK

DEFA
ULT

SS

Server

NIC

Printer

Printer

NIC

Printer

NIC

Printer

NIC

Printer

NIC

Printer

NIC

Printer

NIC

Printer

NIC

Printer

NIC

Printer
10

192.16

192.16

192.16

192.16

NIC

192.16

8.85.17

NIC

192.16
8.90.14

255.255.25

68.99.

255.255.25

9
192.1

5.224

68.10.

255.255.25

1
192.1

5.248

68.20.

255.255.25

1
192.1

5.224

68.30.

255.255.25

1
192.1

255.255.25

68.40.

1
192.1

5.224

68.50.

255.255.25

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

68.80.

255.255.25

1
192.1

5.224

WAY
192.1

5.248

5.224

8.80.22

192.16

8.70.22

8.60.23

192.16

8.50.23

8.40.23

192.16

8.30.24

8.20.24

192.16
8.10.30

8.99.10

192.16

GATE

255.255.25
5.240

68.85.

1
192.1
68.90.

Printer

NIC

11

Recept

PC1

8.95.14

NIC

ion PC

192.16

192.16

8.99.6

NIC

192.16

8.10.2

PC2

NIC

192.16

PC3

NIC

192.16

8.10.4

PC4

NIC

192.16

8.10.5

PC5

NIC

192.16

8.10.6

PC6

NIC

192.16

8.10.7

PC7

NIC

192.16

PC8

NIC

192.16

8.10.9

PC9

NIC

192.16
8.10.10

5.240

68.95.

255.255.25

1
192.1

5.252

68.99.

255.255.25

1
192.1

255.255.25

68.10.

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

8.10.8

5.224

8.10.3

255.255.25

1
192.1

255.255.25

68.10.

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.
1

PC10

NIC

192.16

8.10.11

PC11

NIC

192.16

8.10.12

PC12

NIC

192.16

PC13

NIC

192.16

8.10.14

PC14

NIC

192.16

192.1

5.224

68.10.

255.255.25

1
192.1

5.224

8.10.13

255.255.25

255.255.25

68.10.

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

8.10.15

5.224

68.10.

DEVIC

PC15

INTE

RFA

ADDRE

CE

SS

NIC

IP

192.16

PC16

NIC

192.16

PC17

NIC

192.16

8.10.18

PC18

NIC

192.16

8.10.19

PC19

NIC

192.16

DEFA
ULT
GATE

8.10.17

MASK

8.10.16

SUBNET

255.255.25

WAY
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

8.10.20

PC20

NIC

192.16

5.224

8.10.21

PC21

NIC

192.16

8.10.23

PC22

NIC

192.16

8.10.24

PC23

NIC

192.16

8.10.25

PC24

NIC

192.16

8.10.26

PC25

NIC

192.16

PC26

NIC

192.16

8.10.28

PC27

NIC

192.16

8.10.29

PC28

NIC

192.16

8.20.2

PC29

NIC

192.16

8.20.3

PC30

NIC

192.16
8.20.4

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

255.255.25

68.10.

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.10.

255.255.25

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

1
192.1

5.224

5.224

8.10.27

255.255.25

68.10.

255.255.25
5.224

68.20.

1
192.1
68.20.

PC31

NIC

192.16

8.20.5

PC32

NIC

192.16

8.20.6

PC33

NIC

192.16

8.20.7

PC34

NIC

192.16

PC35

NIC

192.16

8.20.9

PC36

NIC

192.16

8.20.10

PC37

NIC

192.16

8.20.11

PC38

NIC

192.16

8.20.12

PC39

NIC

192.16

PC40

NIC

192.16

8.20.14

PC41

NIC

192.16
8.20.15

5.224

68.20.

255.255.25

1
192.1

5.224

68.20.

255.255.25

1
192.1

255.255.25

68.20.

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

8.20.13

5.224

8.20.8

255.255.25

1
192.1

255.255.25

68.20.

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

68.20.
1

DEVIC

PC42

INTE

RFA

ADDRE

CE

SS

GATE

192.16

WAY
192.1

NIC

IP

PC43

NIC

192.16

8.20.17

PC44

NIC

192.16

8.20.18

PC45

NIC

192.16

8.20.19

PC46

NIC

192.16

8.20.20

PC47

NIC

192.16

PC48

NIC

192.16

8.20.22

PC49

NIC

192.16

8.20.23

PC50

NIC

192.16

8.30.2

PC51

NIC

192.16

255.255.25

DEFA
ULT

5.224

68.20.

255.255.25

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

8.20.21

SUBNET
MASK

8.20.16

255.255.25

68.20.

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

68.20.

255.255.25

1
192.1

5.224

68.30.

255.255.25

1
192.1

8.30.3

PC52

NIC

192.16

5.224

8.30.4

PC53

NIC

192.16

8.30.5

PC54

NIC

192.16

8.30.6

PC55

NIC

192.16

8.30.7

PC56

NIC

192.16

8.30.8

PC57

NIC

192.16

PC58

NIC

192.16

8.30.10

PC59

NIC

192.16

8.30.11

PC60

NIC

192.16

8.30.12

PC61

NIC

192.16

8.30.13

PC62

NIC

192.16
8.30.14

68.30.

255.255.25

1
192.1

5.224

68.30.

255.255.25

1
192.1

5.224

68.30.

255.255.25

1
192.1

5.224

68.30.

255.255.25

1
192.1

255.255.25

68.30.

1
192.1

5.224

68.30.

255.255.25

1
192.1

5.224

68.30.

255.255.25

1
192.1

5.224

68.30.

255.255.25

1
192.1

5.224

68.30.

255.255.25

1
192.1

5.224

1
192.1

5.224

5.224

8.30.9

255.255.25

68.30.

255.255.25
5.224

68.30.

1
192.1
68.30.

PC63

NIC

192.16

8.30.15

PC64

NIC

192.16

8.30.16

PC65

NIC

192.16

8.30.17

PC66

NIC

192.16

PC67

NIC

192.16

8.30.19

PC68

NIC

192.16

5.224

68.30.

255.255.25

1
192.1

5.224

68.30.

255.255.25

1
192.1

5.224

8.30.18

255.255.25

1
192.1

255.255.25

68.30.

1
192.1

5.224

68.30.

255.255.25

1
192.1

5.224

68.30.

255.255.25

1
192.1

8.30.20

5.224

68.30.

DEVIC

PC69

INTE

RFA

ADDRE

CE

SS

NIC

IP

192.16

PC70

NIC

192.16

PC71

NIC

192.16
8.30.23

DEFA
ULT
GATE

8.30.22

MASK

8.30.21

SUBNET

255.255.25

WAY
192.1

5.224

68.30.

255.255.25

1
192.1

5.224

68.30.

255.255.25

1
192.1

5.224

68.30.
1

PC72

NIC

192.16

8.40.2

PC73

NIC

192.16

8.40.3

PC74

NIC

192.16

PC75

NIC

192.16

8.40.5

PC76

NIC

192.16

8.40.6

PC77

NIC

192.16

8.40.7

PC78

NIC

192.16

8.40.8

PC79

NIC

192.16

PC80

NIC

192.16

8.40.10

PC81

NIC

192.16

8.40.11

PC82

NIC

192.16
8.40.12

192.1

5.224

68.40.

255.255.25

1
192.1

255.255.25

68.40.

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

8.40.9

5.224

8.40.4

255.255.25

255.255.25

68.40.

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.40.
1

PC83

NIC

192.16

8.40.13

PC84

NIC

192.16

8.40.14

PC85

NIC

192.16

PC86

NIC

192.16

8.40.16

PC87

NIC

192.16

8.40.17

PC88

NIC

192.16

8.40.18

PC89

NIC

192.16

8.40.19

PC90

NIC

192.16

PC91

NIC

192.16

8.40.21

PC92

NIC

192.16

8.40.22

PC93

NIC

192.16
8.50.2

192.1

5.224

68.40.

255.255.25

1
192.1

255.255.25

68.40.

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

8.40.20

5.224

8.40.15

255.255.25

255.255.25

68.40.

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.40.

255.255.25

1
192.1

5.224

68.50.
1

PC94

NIC

192.16

8.50.3

PC95

NIC

192.16

255.255.25

192.1

5.224

68.50.

255.255.25

1
192.1

8.50.4

5.224

68.50.

DEVIC

PC96

INTE

RFA

ADDRE

CE

SS

GATE

192.16

WAY
192.1

NIC

IP

PC97

NIC

192.16

8.50.6

PC98

NIC

192.16

8.50.7

PC99

NIC

192.16

PC100

NIC

192.16

8.50.9

PC101

NIC

192.16

8.50.10

PC102

NIC

192.16

8.50.11

PC103

NIC

192.16

255.255.25

DEFA
ULT

5.224

68.50.

255.255.25

1
192.1

5.224

68.50.

255.255.25

1
192.1

5.224

8.50.8

MASK

8.50.5

SUBNET

255.255.25

68.50.

1
192.1

5.224

68.50.

255.255.25

1
192.1

5.224

68.50.

255.255.25

1
192.1

5.224

68.50.

255.255.25

1
192.1

5.224

68.50.

255.255.25

1
192.1

8.50.12

PC104

NIC

192.16

5.224

8.50.13

PC105

NIC

192.16

8.50.14

PC106

NIC

192.16

8.50.15

PC107

NIC

192.16

8.50.16

PC108

NIC

192.16

8.50.17

PC109

NIC

192.16

PC110

NIC

192.16

8.50.19

PC111

NIC

192.16

8.50.20

PC112

NIC

192.16

8.50.21

PC113

NIC

192.16

8.50.22

PC114

NIC

192.16
8.60.2

68.50.

255.255.25

1
192.1

5.224

68.50.

255.255.25

1
192.1

5.224

68.50.

255.255.25

1
192.1

5.224

68.50.

255.255.25

1
192.1

255.255.25

68.50.

1
192.1

5.224

68.50.

255.255.25

1
192.1

5.224

68.50.

255.255.25

1
192.1

5.224

68.50.

255.255.25

1
192.1

5.224

68.50.

255.255.25

1
192.1

5.224

1
192.1

5.224

5.224

8.50.18

255.255.25

68.50.

255.255.25
5.224

68.50.

1
192.1
68.60.

PC115

NIC

192.16

8.60.3

PC116

NIC

192.16

8.60.4

PC117

NIC

192.16

8.60.5

PC118

NIC

192.16

PC119

NIC

192.16

8.60.7

PC120

NIC

192.16

8.60.8

PC121

NIC

192.16

8.60.9

PC122

NIC

192.16

5.224

68.60.

255.255.25

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

8.60.6

255.255.25

1
192.1

255.255.25

68.60.

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

68.60.

255.255.25

1
192.1

8.60.10

5.224

68.60.

DEVIC

PC123

INTE

RFA

ADDRE

CE

SS

GATE

192.16

WAY
192.1

NIC

IP

8.60.11

SUBNET

MASK

255.255.25
5.224

DEFA
ULT

68.60.
1

PC124

NIC

192.16

8.60.12

PC125

NIC

192.16

8.60.13

PC126

NIC

192.16

PC127

NIC

192.16

8.60.15

PC128

NIC

192.16

8.60.16

PC129

NIC

192.16

8.60.17

PC130

NIC

192.16

8.60.18

PC131

NIC

192.16

PC132

NIC

192.16

8.60.20

PC133

NIC

192.16

8.60.21

PC134

NIC

192.16
8.60.22

192.1

5.224

68.60.

255.255.25

1
192.1

255.255.25

68.60.

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

8.60.19

5.224

8.60.14

255.255.25

255.255.25

68.60.

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

68.60.

255.255.25

1
192.1

5.224

68.60.
1

PC135

NIC

192.16

8.70.2

PC136

NIC

192.16

8.70.3

PC137

NIC

192.16

PC138

NIC

192.16

8.70.5

PC139

NIC

192.16

8.70.6

PC140

NIC

192.16

8.70.7

PC141

NIC

192.16

8.70.8

PC142

NIC

192.16

PC143

NIC

192.16

8.70.10

PC144

NIC

192.16

8.70.11

PC145

NIC

192.16
8.70.12

192.1

5.224

68.70.

255.255.25

1
192.1

255.255.25

68.70.

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

8.70.9

5.224

8.70.4

255.255.25

255.255.25

68.70.

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

68.70.
1

PC146

NIC

192.16

8.70.13

PC147

NIC

192.16

8.70.14

PC148

NIC

192.16

PC149

NIC

192.16

8.70.16

192.1

5.224

68.70.

255.255.25

1
192.1

5.224

8.70.15

255.255.25

255.255.25

68.70.

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

68.70.
1

DEVIC

PC150

INTE

RFA

ADDRE

CE

SS

GATE

192.16

WAY
192.1

NIC

IP

PC151

NIC

192.16

PC152

NIC

192.16

8.70.19

PC153

NIC

192.16

8.70.20

PC154

NIC

192.16

8.70.21

PC155

NIC

192.16

255.255.25

255.255.25

DEFA
ULT

5.224

8.70.18

SUBNET
MASK

8.70.17

68.70.

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

68.70.

255.255.25

1
192.1

5.224

68.70.

255.255.25

1
192.1

8.80.2

PC156

NIC

192.16

5.224

8.80.3

PC157

NIC

192.16

8.80.4

PC158

NIC

192.16

8.80.5

PC159

NIC

192.16

8.80.6

PC160

NIC

192.16

8.80.7

PC161

NIC

192.16

PC162

NIC

192.16

8.80.9

PC163

NIC

192.16

8.80.10

PC164

NIC

192.16

8.80.11

PC165

NIC

192.16

8.80.12

PC166

NIC

192.16
8.80.13

68.80.

255.255.25

1
192.1

5.224

68.80.

255.255.25

1
192.1

5.224

68.80.

255.255.25

1
192.1

5.224

68.80.

255.255.25

1
192.1

255.255.25

68.80.

1
192.1

5.224

68.80.

255.255.25

1
192.1

5.224

68.80.

255.255.25

1
192.1

5.224

68.80.

255.255.25

1
192.1

5.224

68.80.

255.255.25

1
192.1

5.224

1
192.1

5.224

5.224

8.80.8

255.255.25

68.80.

255.255.25
5.224

68.80.

1
192.1
68.80.

PC167

NIC

192.16

8.80.14

PC168

NIC

192.16

8.80.15

PC169

NIC

192.16

8.80.16

PC170

NIC

192.16

PC171

NIC

192.16

8.80.18

PC172

NIC

192.16

8.80.19

PC173

NIC

192.16

8.80.20

PC174

NIC

192.16

8.80.21

PC175

NIC

192.16

PC176

NIC

192.16

5.224

68.80.

255.255.25

1
192.1

5.224

68.80.

255.255.25

1
192.1

255.255.25

68.80.

8.85.3

1
192.1

5.224

68.80.

255.255.25

1
192.1

5.224

68.80.

255.255.25

1
192.1

5.224

68.80.

255.255.25

1
192.1

5.224

68.80.

255.255.25

1
192.1

5.224

8.85.2

5.224

8.80.17

255.255.25

1
192.1

255.255.25

68.80.

1
192.1

5.224

68.85.

255.255.25

1
192.1

5.224

68.85.
1

DEVIC

INTE
RFA

IP

SUBNET

DEFA

CE

ADDRE

PC177

NIC

MASK

SS

GATE

192.16

WAY
192.1

8.85.4

PC178

NIC

192.16

8.85.5

PC179

NIC

192.16

PC180

NIC

192.16

8.85.7

PC181

NIC

192.16

8.85.8

PC182

NIC

192.16

8.85.9

PC183

NIC

192.16

8.85.10

PC184

NIC

192.16

PC185

NIC

192.16

8.85.12

PC186

NIC

192.16

8.85.13

PC187

NIC

192.16

5.224

68.85.

255.255.25

1
192.1

255.255.25

68.85.

68.85.

255.255.25

1
192.1

5.224

68.85.

255.255.25

1
192.1

5.224

68.85.

255.255.25

1
192.1

5.224

68.85.

255.255.25

1
192.1

255.255.25

68.85.

1
192.1

5.224

68.85.

255.255.25

1
192.1

5.224

68.85.

255.255.25

1
192.1

5.224

1
192.1

5.224

5.224

8.85.11

255.255.25

5.224

8.85.6

ULT

255.255.25

68.85.

1
192.1

8.85.14

PC188

NIC

192.16

5.224

8.85.15

PC189

NIC

192.16

8.85.16

PC190

NIC

192.16

8.90.2

PC191

NIC

192.16

8.90.3

PC192

NIC

192.16

8.90.4

PC193

NIC

192.16

PC194

NIC

192.16

8.90.6

PC195

NIC

192.16

8.90.7

PC196

NIC

192.16

8.90.8

PC197

NIC

192.16

8.90.9

PC198

NIC

192.16
8.90.10

68.85.

255.255.25

1
192.1

5.224

68.85.

255.255.25

1
192.1

5.240

68.90.

255.255.25

1
192.1

5.240

68.90.

255.255.25

1
192.1

255.255.25

68.90.

1
192.1

5.240

68.90.

255.255.25

1
192.1

5.240

68.90.

255.255.25

1
192.1

5.240

68.90.

255.255.25

1
192.1

5.240

68.90.

255.255.25

1
192.1

5.240

1
192.1

5.224

5.240

8.90.5

255.255.25

68.85.

255.255.25
5.240

68.90.

1
192.1
68.90.

PC199

NIC

192.16

8.90.11

PC200

NIC

192.16

8.90.12

PC201

NIC

192.16

8.90.13

PC202

NIC

192.16

PC203

NIC

192.16

5.240

68.90.

255.255.25

1
192.1

5.240

68.90.

255.255.25

1
192.1

5.240

8.95.2

255.255.25

8.95.3

1
192.1

255.255.25

68.90.

1
192.1

5.240

68.95.

255.255.25

1
192.1

5.240

68.95.
1

DEVIC

PC204

INTE

RFA

ADDRE

CE

SS

GATE

192.16

WAY
192.1

NIC

IP

PC205

NIC

192.16

PC206

NIC

192.16

8.95.6

PC207

NIC

192.16
8.95.7

255.255.25

255.255.25

DEFA
ULT

5.240

8.95.5

SUBNET
MASK

8.95.4

68.95.

1
192.1

5.240

68.95.

255.255.25

1
192.1

5.240

68.95.

255.255.25

1
192.1

5.240

68.95.
1

PC208

NIC

192.16

8.95.8

PC209

NIC

192.16

8.95.9

PC210

NIC

192.16

PC211

NIC

192.16

8.95.11

PC212

NIC

192.16

8.95.12

PC213

NIC

192.16
8.95.13

192.1

5.240

68.95.

255.255.25

1
192.1

5.240

8.95.10

255.255.25

255.255.25

68.95.

1
192.1

5.240

68.95.

255.255.25

1
192.1

5.240

68.95.

255.255.25

1
192.1

5.240

68.95.

255.255.25

1
192.1

5.240

68.95.
1

Equipment List and Budget Estimation

This is the list of equipments and their amounts that use in NIDEC
Precision Philippines:

List of
Hardware

Brand
Name

Description

Amount

Package
PCs

Dual core

214 units of
PC with
complete
accessories

Php.
14,900.00 *
214

Printer

Samsung
SCX-4200

10 pcs. 3-in1; Laser


Printer,
Scanner,
Copier

Php.
4,999.00 * 10

Switch

CISCO
Switch

20 pcs.
(24ports)

Php.
4,650.00 * 20

Router

Linksys
Router

2 pcs.
EA2700

Php. 4,450 *
2

Computer
Application
Software

MS Office
2007

Php.
2,499.00

Anti-virus
and Anti spy
ware

Freeware

Total
Machinery
and
Equipment
Cost

Php.
3,342,989.00

CHAPTER 6
CONCLUSION

Everything in this world needs to be understood for us to know their

purposes, why theyre exist in this unpredictable world. Weve been proved it as
the end of this study continues. In making our LAN design, we must know the
purposes and the information of a particular company. How that company
revolves and how they are able to overcome their work and task every day.

We came to the point that we need to know every detail of a certain

company for us to be able to distinguish what are the proper way of enhancing
their work. Weve been noticed that we must be aware to their departments, the
flow of their work every day and the process itself. After doing that, we decided to
make a plan with regards to their company ,the LAN design of their company.
Were able to make a miniature of their company for us to know the exact looks
of their building and of course the different departments under it.

In doing that, were able to make a LAN design of this company as

well as the computations of their VLSM and the VLAN. We learned the different
requirements that a company should have. Aside from that we also knew that

every detail counts. It really matters in order for you to make a successful one.
Be knowledgeable enough especially with regards to networking because it plays
a significant role in the flow of your LAN design to that particular company.