Professional Documents
Culture Documents
12/15/2010 Created by R.D.Ray 1
12/15/2010 Created by R.D.Ray 1
Created by R.D.Ray
CCNA CCDA
CCENT
12/15/2010
Created by R.D.Ray
12/15/2010
Created by R.D.Ray
CCNA EXAM
12/15/2010
Created by R.D.Ray
CCNA TOPICS
NETWORK FUNDAMENTALS
OSI LAYERS
TCP / IP LAYER
DATA ENCAPSULATION
IP ADDRESSING & SUBNETTING
ROUTER CONFIGURATION & USER-INTERFACE
MANAGING A CISCO INTERNETWORK
ROUTING PROTOCOLS
12/15/2010
Created by R.D.Ray
CCNA TOPICS
Contd..
12/15/2010
Created by R.D.Ray
CCNA TOPICS
Contd..
WAN
TYPES OF CONNECTION
IPV6
SDM /SSH
WIRELESS
12/15/2010
Created by R.D.Ray
12/15/2010
Created by R.D.Ray
About Network:A network is a connection between more than one device over
dedicated connections.
For configuring a network certain network
components are required. The network components are :-
1.
2.
3.
Network Model
Design and Topology
Devices
Network Model:Network Model tells about the distance and the structure of a
network. There are 3 core network models
Created by R.D.Ray
Local Area Network (LAN):As the name suggest Local means it is confined to a small area ..
For example a office, home , building, etc. The maximum distance it can
cover is 200 meter . In LAN you can not have more than one type of cable
media. Either co-axial or twisted pair. Other wise speed mismatch will
happen.
Metropolitan Area Network (MAN):As the name suggest Metropolitan .. It operates within a city limit
and can have different types of cable media. The maximum distance it can
cover is 100 km.
Wide Area Network (WAN):-
Created by R.D.Ray
10
Design:tells about the structure of the network. There are 2 designs --1.
Server Client
2.
Peet-to-Peer
12/15/2010
Created by R.D.Ray
11
Server Client
1.
2.
3.
4.
5.
Centralized administration
Highly secured
Authentication, password permission, user creation are all done on the
Server
Client request for the services from the server
Found in organizations
SWITCH/HUB
12/15/2010
Created by R.D.Ray
12
Peer-to-Peer
1.
2.
3.
4.
5.
12/15/2010
Created by R.D.Ray
13
Topology
Tells about the physical placement of the devices in a network.
There are 5 types of topologies available :1.
BUS
2.
STAR
3.
RING
4.
MESH
5.
CELLULAR/WIRELESS
12/15/2010
Created by R.D.Ray
14
BUS Topology
Trunk Link
T Connector
Terminator
12/15/2010
Created by R.D.Ray
15
In a bus topology all the devices are connected to single line of cable called as
backbone or a trunk
This link is called as back bone as all the devices depend on this link. If this link fails
entire network goes down
Devices are attached to this link through T connectors or drop cables
Both the ends of this link are closed down with Terminators
Terminators are used to remove unwanted data from the link
12/15/2010
Created by R.D.Ray
16
Star Topology
Switch
12/15/2010
17
RING TOPOLOGY
1. In this topology all the devices
are connected to a single loop of
cable
2. Data
passes
unidirectional
passing through all the devices
3. The device that wants to send
data has to acquire a token
4. Therefore, it is called as token
passing mechanism
5. This topology is called as active
topology as the devices used to
regenerate the data passing
through them
6. Adding and removing of device
makes the entire network fail
DATA
12/15/2010
Created by R.D.Ray
18
MESH TOPOLOGY
12/15/2010
Created by R.D.Ray
19
Advantages
Provides redundant paths between devices
Disadvantages
Requires more cable than the other LAN topologies.
implementation.
12/15/2010
Created by R.D.Ray
Complicated
20
12/15/2010
Created by R.D.Ray
21
3. Internetwork devices
: ROUTER
12/15/2010
Created by R.D.Ray
22
Communication Devices
These devices are used to communicate with pc over the network through
telephone line.
MODEM :- ( Modulation/Demodulation)
It is used to convert the digital signal in to analog signal at the source
end (modulation) and again convert the analog signal to digital signal at the
receiving end (demodulation).
Digital SIGNAL
analog signal
Digital SIGNAL
ISP
demodulation
modulation
12/15/2010
Created by R.D.Ray
23
CSU/DSU
A CSU/DSU (Channel Service Unit/Data Service Unit) is a digital-interface device
used to connect a Data Terminal Equipment device or DTE, such as a router, to a
digital circuit (for example a T1 or T3 line).
The CSU provides termination for the digital signal and ensures connection
integrity through error correction and line monitoring. The DSU converts the data
encoded in the digital circuit into synchronous serial data for connection to a DTE
device.
12/15/2010
Created by R.D.Ray
24
Multiplexer
a multiplexer is a device that combines several input information signals into one output
signal, which carries several communication channels, by means of some multiplex
technique.
12/15/2010
Created by R.D.Ray
25
Network devices
12/15/2010
Created by R.D.Ray
26
Hub
A common connection point for devices in a network. Hubs are commonly used
to connect end devices. A hub contains multiple ports. When a packet arrives at
one port, it is copied to the other ports so that all segments of the LAN can see
all packets
12/15/2010
Created by R.D.Ray
27
Switch
A common connection point for devices in a network. Switch are commonly
used to connect end devices. A switch contains multiple ports. When a packet
arrives at one port it determines the out going interface to forward it, it
forwards the frame to that particular destination port.
12/15/2010
Created by R.D.Ray
28
Repeater
A repeater is a device that receives a digital signal on an electromagnetic or
optical transmission medium and regenerates the signal along the next leg of
the medium. Repeaters overcome the attenuation caused by free-space
electromagnetic-field divergence or cable loss. A series of repeaters make
possible the extension of a signal over a distance. Repeaters remove the
unwanted noise in an incoming signal. Unlike an analog signal, the original
digital signal, even if weak or distorted, can be clearly perceived and restored.
12/15/2010
Created by R.D.Ray
29
INTERNETWORK DEVICES
ROUTER
Path Selection
Switching
Segmenting networks into subnets to reduce
broadcast
Interconnecting WAN links
Interconnecting different types of networks.
Filtering traffic
12/15/2010
Created by R.D.Ray
30
Network Media
Coaxial Cables
Twisted pair
Shielded Twisted Pair
Unshielded Twisted Pair
Fiber optic
12/15/2010
Created by R.D.Ray
31
Coaxial Cable
12/15/2010
Created by R.D.Ray
32
Advantages:
Requires fewer repeaters than twisted pair
Less expensive than fiber
It has been used for many years for many types of data communication,
including cable television
Disadvantages:
More expensive and more difficult to install than twisted pair
Needs more room in wiring ducts than twisted pair
12/15/2010
Created by R.D.Ray
33
12/15/2010
Created by R.D.Ray
34
Greater protection from all types of external and internal interference than
UTP.
Reduces electrical noise within the cable such as pair to pair coupling and
crosstalk.
Reduces electronic noise from outside the cable, for example
electromagnetic interference (EMI) and radio frequency interference
(RFI).
More expensive and difficult to install than UTP.
Needs to be grounded at both ends
12/15/2010
Created by R.D.Ray
35
Created by R.D.Ray
36
Fiber optic
An optical fiber (or fibre) is a glass or plastic fiber that carries light along its length.
Optical fibers are widely used in fiber-optic communications, which permits transmission
over longer distances and at higher bandwidths (data rates) than other forms of
communications. Fibers are used instead of metal wires because signals travel along them
with less loss, and they are also immune to electromagnetic interference.
SPEED: Fiber optic networks operate at high speeds - up into the gigabits
BANDWIDTH: large carrying capacity
DISTANCE: Signals can be transmitted further without needing to be "refreshed" or
strengthened.
RESISTANCE: Greater resistance to electromagnetic noise such as radios, motors or
other nearby cables.
MAINTENANCE: Fiber optic cables costs much less to maintain.
12/15/2010
Created by R.D.Ray
37
12/15/2010
Created by R.D.Ray
38
The core is the light transmission element at the center of the optical fiber.
All the light signals travel through the core.
Cladding is also made of silica but with a lower index of refraction than the
core. Light rays traveling through the fiber core reflect off this core-tocladding interface as they move through the fiber by total internal reflection.
Surrounding the cladding is a buffer material that is usually plastic. The
buffer material helps shield the core and cladding from damage.
The strength material surrounds the buffer, preventing the fiber cable from
being stretched when installers pull it. The material used is often Kevlar, the
same material used to produce bulletproof vests.
The outer jacket surrounds the cable to protect the fiber against abrasion,
solvents, and other contaminants.
12/15/2010
Created by R.D.Ray
39
12/15/2010
Created by R.D.Ray
40
Advantages: it divides the network communication process into smaller and simpler
components
it allows multiple-vendor development through standardization of network
components
it allows various types of network hardware and software to communicate
it prevents changes in one layer from affecting other layers, so it does not
hamper development
12/15/2010
Created by R.D.Ray
41
Upper Layer
Bottom Layer
12/15/2010
Created by R.D.Ray
42
12/15/2010
Created by R.D.Ray
43
These functions ensure that data sent from a sending application on one
system is readable by the application layer on another system.
This layer provides the conversion of character representation formats, data
12/15/2010
Created by R.D.Ray
44
ASCII
EBCDIC
Motion Picture Experts Group (MPEG)
Graphics Interchange Format (GIF)
Joint Photographic Experts Group (JPEG)
Tagged Image File Format (TIFF)
Created by R.D.Ray
45
sessions.
Communication sessions consist of service requests and responses that occur
between applications on different devices.
12/15/2010
Created by R.D.Ray
46
acknowledged.
Examples of transport layer specifications are the following:
Transmission Control Protocol (TCP) Real-Time Transport Protocol (RTP)
Sequenced Packet Exchange (SPX) AppleTalks Transaction Protocol (ATP)
User Datagram Protocol (UDP) (provides unreliable transport at this layer with less
overhead than TCP)
12/15/2010
Created by R.D.Ray
47
12/15/2010
Created by R.D.Ray
48
12/15/2010
Created by R.D.Ray
49
12/15/2010
Created by R.D.Ray
50
12/15/2010
Created by R.D.Ray
51
Data Encapsulation
12/15/2010
Created by R.D.Ray
52
12/15/2010
Created by R.D.Ray
53
TCP/IP Model
The TCP/IP suite was created by the Department of Defense (DoD) to ensure
and preserve data integrity, as well as maintain communications in the event of
catastrophic war.
It has 4 layers
It is a condensed format of OSI layer
12/15/2010
Created by R.D.Ray
54
12/15/2010
Created by R.D.Ray
55
12/15/2010
Created by R.D.Ray
56
Used to transfer file between any two machines. It also allows for access to both
directories and files and can accomplish certain types of directory operations
such as relocating into different ones.
Can be used only to send and receive files. It doesnt have any directory browsing
capabilities.
12/15/2010
Created by R.D.Ray
57
Used for printer sharing. It along with the Line Printer program allows print jobs
to be spooled and sent to the networks printer using TCP/IP.
Created by R.D.Ray
58
12/15/2010
Created by R.D.Ray
59
Host B
Send SYN
SYN Received
2
SYN Received
12/15/2010
Established
Created by R.D.Ray
60
RELIABLE SERVICE
Sender
Receiver
Send 1
Receive 1
Send ACK 2
Receive ACK 2
Send 2
Receive 2
Send ACK 3
Receive ACK 3
Send 3
Receive 3
Receive ACK 4
12/15/2010
Created by R.D.Ray
61
When the Internet layer receives the data stream, it routes the segment as
packets through an internetwork. The segments are handed to the receiving
hosts Host-to-Host layer protocol, which rebuilds the data stream to hand to
the upper-layer applications or protocols.
12/15/2010
Created by R.D.Ray
62
Header Length :The number of 32-bit words in the TCP header. This indicated where the
data begins. The TCP header(even one including options) is an integral number of
32 bits in length.
12/15/2010
Created by R.D.Ray
63
Urgent :a valid field only if the Urgent pointer in the code bits is set. If so, this
value indicates the offset from the current sequence number, in octets, where
the first segment of non-urgent data begins.
12/15/2010
Created by R.D.Ray
64
12/15/2010
Created by R.D.Ray
65
12/15/2010
Created by R.D.Ray
66
UDP
Connection Less
Un-Reliable
Faster than TCP
12/15/2010
Created by R.D.Ray
67
12/15/2010
Created by R.D.Ray
68
12/15/2010
Created by R.D.Ray
69
TCP and UDP must use port numbers to communicate with the upper
layers because theyre what keep track of different conversations crossing the
network simultaneously. Originating source port numbers are dynamically
assigned by the source host and will equal some number starting at 1024, 1023
and below defined port numbers (well-known port numbers).
Virtual circuits that dont use an application with a well-known port
number are assigned port numbers randomly from a specific range instead.
These port numbers identify the source and destination application or process
in the TCP segment.
12/15/2010
Created by R.D.Ray
70
12/15/2010
Created by R.D.Ray
71
12/15/2010
Created by R.D.Ray
72
Created by R.D.Ray
73
Time to Live:TTL is set into a packet when it is originally generated. If it doesnt get
to where it wants to go before the TTL expires--- its gone. This stops IP packets
from continuously circling the network looking for a home.
Protocol :Port of upper-layer protocol. Also supports Network layer protocols,
like ARP and ICMP. Can be called Type field in some analyzers.
Created by R.D.Ray
74
12/15/2010
Created by R.D.Ray
75
12/15/2010
Created by R.D.Ray
76
12/15/2010
Created by R.D.Ray
77
Buffer full:if a routers memory buffer for receiving incoming datagrams is full, it
will use ICMP to send out this message until the congestion abates.
Hops :Each IP datagram is allotted a certain number of routers, called hops,
to pass through. If it reaches its limit of hops before arriving at its destination,
the last router to receive that datagram deletes it. The executioner router then
uses ICMP to send obituary message, informing the sending machine of the
demise of its datagram.
Ping :-
Packet Internet Groper uses ICMP echo request and reply message to
check the physical and logical connectivity of machines on an internetwork.
Traceroute :using ICMP time-outs, Traceroute is used to discover the path a packet
takes as it traverses an internetwork.
12/15/2010
Created by R.D.Ray
78
Address Resolution Protocol (ARP):Finds the hardware address of a host from a known IP address.
12/15/2010
Created by R.D.Ray
79
answer.
RARP uses the information it does know about the machines MAC
address to learn its IP address and complete the machines ID portrait.
12/15/2010
Created by R.D.Ray
80
12/15/2010
Created by R.D.Ray
81
12/15/2010
Created by R.D.Ray
82
IP addressing
An IP address is a numeric identifier assigned to each machine on an IP network. It designates the
specific location of a device on the network.
An IP address is a software address, not a hardware address
IP addressing was designed to allow hosts on one network to communicate with a host on a
different network.
IANA is one of the Internet's oldest institutions, with its activities dating back to the 1970s.
Today it is operated by the Internet Corporation for Assigned Names and Numbers, an
internationally-organised non-profit organisation set up by the Internet community to help
coordinate IANA's areas of responsibilities.
Bit :-
Created by R.D.Ray
83
Classes of IP address
12/15/2010
Created by R.D.Ray
84
00000000=0
If it is
1 1 1 1 1 1 1 1 = 255
128
64
32
16
2^7
2^6
2^5
2^4
2^3
2^2
2^1
2^0
12/15/2010
Created by R.D.Ray
85
Class A Addressing
IANA specifies that in Class A addressing the 1st bit should start with 0 . So
based on that the range for class A address is : 0 -127
00000000=01111111
0
64
32
16
2^7
2^6
2^5
2^4
2^3
2^2
2^1
2^0
= 127
0 is reserved for default routing and 127 is reserved for loop back testing .
Therefore, the range is 1 126.
12/15/2010
Created by R.D.Ray
86
Class B Addressing
IANA specifies that in Class B addressing the 1st 2 bits should start with 1 & 0 .
So based on that the range for class B address is : 128 -191
10000000=10111111
128
2^7
2^6
2^5
2^4
2^3
2^2
2^1
2^0
128
32
16
2^7
2^6
2^5
2^4
2^3
2^2
2^1
2^0
12/15/2010
Created by R.D.Ray
= 128
= 191
87
Class C Addressing
IANA specifies that in Class C addressing the 1st 3 bits should start with 1, 1 & 0 .
So based on that the range for class C address is : 192 - 223
11000000=11011111
128
64
2^7
2^6
2^5
2^4
2^3
2^2
2^1
2^0
128
64
16
2^7
2^6
2^5
2^4
2^3
2^2
2^1
2^0
12/15/2010
Created by R.D.Ray
= 192
= 223
88
Class D Addressing
IANA specifies that in Class D addressing the 1st 4 bits should start with 1, 1, 1 &
0 . So based on that the range for class D address is : 224 - 239
11100000=11101111
128
64
32
2^7
2^6
2^5
2^4
2^3
2^2
2^1
2^0
128
64
32
2^7
2^6
2^5
2^4
2^3
2^2
2^1
2^0
12/15/2010
Created by R.D.Ray
= 224
= 239
89
Class E Addressing
IANA specifies that in Class E addressing the 1st 4 bits should start with 1, 1, 1, 1
& 0 . So based on that the range for class D address is : 240 - 247
11110000=11110111
128
64
32
16
2^7
2^6
2^5
2^4
2^3
2^2
2^1
2^0
128
64
32
16
2^7
2^6
2^5
2^4
2^3
2^2
2^1
2^0
12/15/2010
Created by R.D.Ray
= 240
= 247
90
12/15/2010
Created by R.D.Ray
91
Subnetting
Subnetting is the process of breaking down an IP network into smaller subnetworks called "subnets." Each subnet is a non-physical description (or ID) for a
physical sub-network (usually a switched network of host containing a single
router in a multi-router network).
Subnet
A subnet is a logical organization of network address ranges used to separate
hosts and network devices from each other to serve a design purpose.
Subnetmask
It is a 32 bit value that allows the recipient of IP packets to distinguish the
network ID portion of the IP address from the host ID portion of the IP address.
12/15/2010
Created by R.D.Ray
92
12/15/2010
Created by R.D.Ray
93
12/15/2010
Created by R.D.Ray
94
12/15/2010
Created by R.D.Ray
95
Subnet mask
Block size
No.of
networks
No. of
hosts
/25
255.255.255.128
128
126
/26
255.255.255.192
64
62
/27
255.255.255.224
32
30
/28
255.255.255.240
16
16
14
/29
255.255.255.248
32
/30
255.255.255.252
64
Created by R.D.Ray
96
CIDR
/25 = To make /25 borrow a bit from the host bit.
SUBNETMASK
192 . 168 . 10 . 0
255 . 255 .255 .128 = the value of the borrowed bit
Block Size
256 128 = 128
12/15/2010
Created by R.D.Ray
97
12/15/2010
Created by R.D.Ray
98
Subnet mask
Block size
No.of
networks
No. of
hosts
/17
255.255.128.0
128
32,766
/18
255.255.192.0
64
16,382
/19
255.255.224.0
32
8,192
/20
255.255.240.0
16
16
4,096
/21
255.255.248.0
32
2,048
/22
255.255.252.0
64
1,024
/23
255.255.254.0
128
510
12/15/2010
Created by R.D.Ray
99
CIDR
/17 = To make /17 borrow a bit from the host bit.
SUBNETMASK
172.16. 0 . 0
255 . 255 . 128.0 = the value of the borrowed bit
Block Size
256 128 = 128
12/15/2010
Created by R.D.Ray
100
12/15/2010
Created by R.D.Ray
101
CIDR
/17 = To make /17 borrow a bit from the host bit.
SUBNETMASK
172.16. 0 . 0
255 . 255 . 128.0 = the value of the borrowed bit
Block Size
256 128 = 128
12/15/2010
Created by R.D.Ray
102
12/15/2010
Created by R.D.Ray
103
Created by R.D.Ray
104
12/15/2010
Created by R.D.Ray
105
Created by R.D.Ray
106
12/15/2010
Created by R.D.Ray
107
12/15/2010
Created by R.D.Ray
108
12/15/2010
Created by R.D.Ray
109
12/15/2010
Created by R.D.Ray
110
Network C
20 hosts
r1
r4
192.168.10.0/24
r2
Network A
6 hosts
12/15/2010
Configure
the
given
address accordingly so that
all the new networks will
have desired hosts
r3
Network B
14 hosts
Created by R.D.Ray
111
192.168.10. 0 0 0 0 0 0 0 0
Make the rest of the 0 bits as 1
192.168.10. 1 1 1 1 1 0 0 0 == /29 === 8 + 8 + 8 + 5
Subnet mask ==255.255.255.248 = adding the 1 bits value
Block size == 256 248 = 8
12/15/2010
Created by R.D.Ray
112
12/15/2010
Created by R.D.Ray
113
12/15/2010
Created by R.D.Ray
114
12/15/2010
Created by R.D.Ray
115
Cisco Router
As per the manufacturing cisco routers can be divided into two parts :1.
2.
12/15/2010
Created by R.D.Ray
116
12/15/2010
Created by R.D.Ray
117
12/15/2010
Created by R.D.Ray
118
Terminal Settings
the settings that you should configure to have your PC connect to a router or switch.
1.
2.
3.
4.
5.
Start
Program
Accessories
Communication
HyperTerminal
12/15/2010
Created by R.D.Ray
119
LAN Connections
12/15/2010
Created by R.D.Ray
120
12/15/2010
Created by R.D.Ray
121
12/15/2010
Created by R.D.Ray
122
12/15/2010
Created by R.D.Ray
123
12/15/2010
Created by R.D.Ray
124
12/15/2010
Created by R.D.Ray
125
12/15/2010
Created by R.D.Ray
126
12/15/2010
Created by R.D.Ray
127
When first powered up, a router will carry out a power-on self-test (POST). Recall
that the POST is used to check whether the CPU and router interfaces are capable of
functioning correctly.
Execute bootstrap to load IOS. After a successful POST, the router will execute the
Bootstrap program from ROM. The bootstrap is used to search Flash memory for a valid
Cisco IOS image. If one is present, the image is loaded. If an image cannot be found, the
router will boot the RxBoot limited IOS version found in ROM.
IOS loads configuration file. Once the IOS image is loaded, it will search for a valid
startup configuration in NVRAM. If a valid startup configuration file cannot be found, the
router will load the System Configuration Dialog, or what is sometimes called setup mode.
This mode allows you to perform the initial configuration of the router.
12/15/2010
Created by R.D.Ray
128
12/15/2010
Created by R.D.Ray
129
12/15/2010
Created by R.D.Ray
130
enable Command
exit Command
12/15/2010
Created by R.D.Ray
131
12/15/2010
Created by R.D.Ray
132
12/15/2010
Created by R.D.Ray
133
12/15/2010
Created by R.D.Ray
134
History Commands
12/15/2010
Created by R.D.Ray
135
show Commands
12/15/2010
Created by R.D.Ray
136
r1
12/15/2010
r2
Created by R.D.Ray
r3
137
Router> en
Router# conf t
Router()# hostname r1 or host r1 to change the router name
Protecting Router through Password
R1()#enable password cisco set enable password (unencrypted)
R1()#enable secret cisco1 set the secret password (it overrides the enable
password command and also provides security by encrypting the password)
Created by R.D.Ray
138
Password Encryption
R1()# service-password-encryption applies a weak encryption to
passwords like enable password , line console password, etc.
Configuring Interfaces
R1()#
interface s0/0
Ip address 200.200.200.1 255.255.255.0
Clock rate 64000
No shut
12/15/2010
Created by R.D.Ray
139
R1()#
interface fa0/0
Ip address 192.168.10.100 255.255.255.0
No shut
R2()#
Interface s0/0
Ip add 200.200.200.2 255.255.255.0
Cl ra 64000
No sh
Int fa0/0
Ip add 200.200.201.2 255.255.255.0
No sh
Int fa0/1
ip add 192.168.20.100 255.255.255.0
No sh
12/15/2010
Created by R.D.Ray
140
R3()#
Int fa0/0
Ip add 200.200.201.3 255.255.255.0
No sh
Int fa0/1
ip add 192.168.30.100 255.255.255.0
No sh
On R1, R2, R3
# show ip route === used to show the routing table
12/15/2010
Created by R.D.Ray
141
Creating Banner
Banner is used to display the information. There are different types of
banners available :-
Created by R.D.Ray
142
Router(config)#
banner login # Authorized Personnel Only! Please enter your username and password.
#
TIP: The login banner displays before the username and password login prompts. Use
the no banner login command to disable the login banner. The MOTD banner displays
before the login banner.
Saving Configurations
Router#copy running-config startup-config
Router#copy running-config tftp
Erasing Configurations
Router#erase startup-config
12/15/2010
Created by R.D.Ray
143
12/15/2010
Created by R.D.Ray
144
The term routing is used for taking a packet from one device and sending
it through the network to another device on a different network.
Routing Protocol
It is a set of rules that describe how routing devices send updates
between each other about the available network. If more than one path
exists to the remote network, the protocol also determines how the best
path or route is selected.
Routed Protocol
It is the layer 3 protocol used to transfer data from one end device to
another across the network. It carries the application data as well as the
upper layer information. The protocols are IP, IPXVINES, DECNET TV, etc.
12/15/2010
Created by R.D.Ray
145
Routing
Routing can be done in 3 ways :1.
2.
3.
Default routing
Static routing
Dynamic routing
Default Routing
When the administrator doesnt have any knowledge about the other
networks at that time default routing can be used.
Configuring Default Routing
Syntax:Router()# ip route 0.0.0.0 0.0.0.0 <next-hop address> or <exit interface name>
12/15/2010
Created by R.D.Ray
146
r1
r2
r3
Created by R.D.Ray
147
Static routing:when the administrator manually adds the destination networks into
the routing table.
Benefits of Static Routing:There is no overhead on the router CPU
There is no bandwidth usage between routers
It adds security as the administrator can choose to allow routing access to
certain networks only
Disadvantages of Static Routing:The administrator must really understand the internetwork and how each
router is connected in order to configure routes correctly
If a network is added to the internetwork, the administrator has to add a
route to it on all routers --- by hand
12/15/2010
Created by R.D.Ray
148
Syntax:
Router()# ip route <dest.nw.add> <sm> <next-hop add> or <exit int. name>
Loop back 0
192.168.10.0
Loop back 0
192.168.20.0
r1
r2
Loop back 0
192.168.30.0
r3
R1()#
Ip route 192.168.20.0 255.255.255.0 s0/0
Ip route 192.168.30.0 255.255.255.0 s0/0
Ip route 200.200.201.0 255.255.255.0 s0/0
R2()#
Ip route 192.168.10.0 255.255.255.0 s0/0
Ip route 192.168.30.0 255.255.255.0 fa0/0
R3()#
Ip route 192.168.20.0 255.255.255.0 fa0/0
Ip route 192.168.10.0 255.255.255.0 fa0/0
Ip route 200.200.200.0 255.255.255.0 fa0/0
12/15/2010
Created by R.D.Ray
149
When a static route is added or deleted, this route, along with all other
static routes, is processed in one second. Before Cisco IOS Software Release
12.0, this processing time was five seconds.
The routing table processes static routes every minute to install or remove
static routes according to the changing routing table.
12/15/2010
Created by R.D.Ray
150
To specify that the route will not be removed, even if the interface shuts down,
enter the following command, for example:
R1()#
Ip route 192.168.20.0 255.255.255.0 s0/0 permanent
R1()#
Ip route 192.168.20.0 255.255.255.0 200.200.200.2 200 --- AD value
12/15/2010
Created by R.D.Ray
151
Dynamic Routing
When the router learns about the other networks from its neighbor.
Dynamic routing has 2 different types of protocol:1.
2.
Created by R.D.Ray
152
Connected interface
Static route
20
Internal EIGRP
90
IGRP
100
OSPF
110
115
120
140
160
External EIGRP
170
Internal BGP
200
Unknown
255
Routing Protocols
There are 3 classes of routing protocols
1.
2.
3.
Distance vector
Hybrid
Link state
12/15/2010
Created by R.D.Ray
153
Created by R.D.Ray
154
Has a topological database that is same for every router in the area
The routing table built from this database is unique to each other
12/15/2010
Created by R.D.Ray
155
Distance Vector
Rip
Rip Version 2
IGRP
Metric
Hop Count
Hop Count
Bandwidth
Hop Count
15
15
255
Periodic Updates
30 sec
30 sec
120 sec
180 sec
180 sec
280 sec
240 sec
240 sec
630 sec
Administrative
Distance
120
120
100
Class
Full
Less
Full
VLSM
No
Yes
No
Convergence
Slow
Slow
Slow
12/15/2010
Created by R.D.Ray
156
Routing Loop
Distance-vector routing protocols keep track of any changes to the
internetwork by broadcasting periodic routing updates out all active interfaces.
This broadcast includes the complete routing table. This works just fine, but its
expensive in terms of CPU process and link bandwidth. And if a network outage
happens, real problems can occur. Plus, the slow convergence of distancevector routing protocols can result in inconsistent routing tables and routing
loops. Routing loops can occur because every router isnt updated
simultaneously, or even close to it.
12/15/2010
Created by R.D.Ray
157
12/15/2010
Created by R.D.Ray
158
12/15/2010
Created by R.D.Ray
159
Route Poisoning
Another way to avoid problems caused by inconsistent updates and stop
network loops is route poisoning. For example, when Network 5 goes down,
RouterE initiates route poisoning by advertising Network 5 as 16, or unreachable
(sometimes referred to as infinite).
This poisoning of the route to Network 5 keeps RouterC from being
susceptible to incorrect updates about the route to Network 5. When RouterC
receives a route poisoning from RouterE, it sends an update, called a poison
reverse, back to RouterE. This ensures that all routes on the segment have
received the poisoned route information.
Holddowns
A holddown prevents regular update messages from reinstating a route
that is going up and down (called flapping). Typically, this happens on a serial
link thats losing connectivity and then coming back up. Holddowns prevent
routes from changing too rapidly by allowing time for either the downed route to
come back up or the network to stabilize somewhat before changing to the next
best route. These also tell routers to restrict, for a specific time period, changes
that might affect recently removed routes. This prevents inoperative routes from
being prematurely restored to other routers tables.
12/15/2010
Created by R.D.Ray
160
Created by R.D.Ray
161
Created by R.D.Ray
162
RIP Timers
Route update timer Sets the interval (typically 30 seconds) between periodic
routing updates in which the router sends a complete copy of its routing table out to
all neighbors.
Route invalid timer Determines the length of time that must elapse (180 seconds)
before a router determines that a route has become invalid. It will come to this
conclusion if it hasnt heard any updates about a particular route for that period.
When that happens, the router will send out updates to all its neighbors letting
them know that the route is invalid.
Holddown timer This sets the amount of time during which routing information is
suppressed. Routes will enter into the holddown state when an update packet is
received that indicated the route is unreachable. This continues either until an
update packet is received with a better metric or until the holddown timer expires.
The default is 180 seconds.
Route flush timer Sets the time between a route becoming invalid and its removal
from the routing table (240 seconds). Before its removed from the table, the router
notifies its neighbors of that routes impending demise. The value of the route
invalid timer must be less than that of the route flush timer. This gives the router
enough time to tell its neighbors about the invalid route before the local routing
table is updated.
12/15/2010
Created by R.D.Ray
163
12/15/2010
Created by R.D.Ray
164
RIP version 2
R2
Router rip
Ver 2
no auto-summary
net 200.200.200.0
net 200.200.201.0
net 172.168.20.0
RIP default
R3
Router rip
net 200.200.201.0
net 152.168.30.0
R1
Int s0/0
Ip rip receive version 2
Int s0/1
Ip rip receive version 1
12/15/2010
Created by R.D.Ray
165
12/15/2010
15 30
Created by R.D.Ray
166
12/15/2010
Created by R.D.Ray
167
12/15/2010
Created by R.D.Ray
168
. Easy configuration
. Incremental updates
. Load balancing across equal and unequal-cost pathways
. Flexible network design
. Multicast and unicast instead of broadcast address
12/15/2010
Created by R.D.Ray
169
Created by R.D.Ray
170
Created by R.D.Ray
171
Created by R.D.Ray
172
EIGRP Terminology
Neighbor Table:lists adjacent routers. EIGRP keeps a neighbor table for each network
protocol supported such as IP, IPX & AppleTalk. When newly discovered neighbors are
learned the address and the interface of the neighbor is recorded. This information is
stored in the neighbor data structure.
The neighbor table includes the following information:
The Layer 3 address of the neighbor.
Created by R.D.Ray
173
Retransmission timeout (RTO), which is the time the router will wait on a
connection-oriented protocol without an acknowledgment before retransmitting
the packet.
Smooth Round Trip Time (SRTT), which calculates the RTO. SRTT is the
time (in milliseconds) that it takes a packet to be sent to a neighbor and a reply
to be received.
The number of packets in a queue, which is a means by which administrators
can monitor congestion on the network
Topology Table:is populated by the PDMs and acted upon by DUAL. It contains all
destinations advertised by neighboring routers. Associated with each entry is
the destination address and a list of neighbors that have advertised the
destination. For each neighbor the advertised metric is recorded.
The topology table includes the following information:
Whether the route is passive or active.
12/15/2010
Created by R.D.Ray
174
Whether a query packet has been sent to the neighbor. If this field is positive, at
least one route will be marked as active.
Whether a query packet has been sent; if so, another field will track whether
any replies have been received from the neighbor.
That a reply packet has been sent in response to a query packet received from
a neighbor.
Prefixes, masks, interface, next-hop, and feasible and advertised distances for
remote networks.
Routing Table:
contains the best route to reach the destination.
12/15/2010
Created by R.D.Ray
175
EIGRP uses Diffusing Update Algorithm (DUAL) for selecting and maintaining the
best path to each remote network. This algorithm allows for the following:
Backup route determination if one is available
Support of VLSMs
Dynamic route recoveries
Created by R.D.Ray
176
12/15/2010
Created by R.D.Ray
177
Configuring Eigrp
R1
Router eigrp 100
No auto-summary
Net 200.200.200.0
Net 200.200.201.0
Net 200.200.202.0
12/15/2010
Created by R.D.Ray
178
12/15/2010
Created by R.D.Ray
179
Equal Cost Load balancing :If multiple paths have same cost to reach the destination then EIGRP uses all the
available paths for sending packets.
Un-Equal cost load balancing :EIGRP can use paths whose cost are different from each other to reach the
destination.
NOTE:-
By default EIGRP supports equal cost load balancing and by using VARIANCE it
uses unequal cost load balancing.
VARIANCE:command controls the load balancing over multiple EIGRP paths. This command
allows the administrator to load balance across multiple paths even if the metrics of the pats
are different.
R1()# router eigrp 10
# variance 2
12/15/2010
Created by R.D.Ray
180
R1()#int s0/0
#ip authentication mode eigrp 100 md5
# ip authentication key-chain 100 cisco
**** do the same int r2s link to r1
12/15/2010
Created by R.D.Ray
181
12/15/2010
Created by R.D.Ray
182
12/15/2010
Created by R.D.Ray
183
OSPF Terminology
Link
A link is a network or router interface assigned to any given network.
When an interface is added to the OSPF process, its considered by OSPF to be a
link. This link, or interface, will have state information associated with it (up or
down) as well as one or more IP addresses.
Router ID
The Router ID (RID) is an IP address used to identify the router. Cisco
chooses the Router ID by using the highest IP address of all configured loopback
interfaces. If no loopback interfaces are configured with addresses, OSPF will
choose the highest IP address of all active physical interfaces.
Neighbor
Neighbors are two or more routers that have an interface on a common
network, such as two routers connected on a point-to-point serial link.
Adjacency
An adjacency is a relationship between two OSPF routers that permits the
direct exchange of route updates. OSPF is really picky about sharing routing
informationunlike EIGRP, which directly shares routes with all of its neighbors.
Instead, OSPF directly shares routes only with neighbors that have also
established adjacencies. And not all neighbors will become adjacent this
depends upon both the type of network and the configuration of the routers.
12/15/2010
Created by R.D.Ray
184
Hello protocol
The OSPF Hello protocol provides dynamic neighbor discovery and
maintains neighbor relationships. Hello packets and Link State Advertisements
(LSAs) build and maintain the topological database. Hello packets are addressed
to 224.0.0.5.
Neighborship database
The neighbor ship database is a list of all OSPF routers for which Hello
packets have been seen. A variety of details, including the Router ID and state,
are maintained on each router in the neighborship database.
Topological database
The topological database contains information from all of the Link State
Advertisement packets that have been received for an area. The router uses the
information from the topology database as input into the Dijkstra algorithm that
computes the shortest path to every network.
12/15/2010
Created by R.D.Ray
185
12/15/2010
Created by R.D.Ray
186
12/15/2010
Created by R.D.Ray
187
R1
Router ospf 10 ---- process-id
Netw 200.200.200.0 0.0.0.255 area 0
Net 192.168.10.0 0.0.0.255 area 0
Net 192.168.11.0 0.0.0.255 area 0
Configure other routers accordingly
12/15/2010
Created by R.D.Ray
188
12/15/2010
Created by R.D.Ray
189
12/15/2010
Created by R.D.Ray
190
12/15/2010
Created by R.D.Ray
191
12/15/2010
Created by R.D.Ray
192
The boot field, which consists of bits 03 in the configuration register, controls the router boot
sequence.
12/15/2010
Created by R.D.Ray
193
12/15/2010
Created by R.D.Ray
194
Recovering Passwords
The default configuration register value is 0x2102, meaning that bit 6 is off. With the default setting,
the router will look for and load a router configuration stored in NVRAM (startup-config). To
recover a password, you need to turn on bit 6. Doing this will tell the router to ignore the NVRAM
contents. The configuration register value to turn on bit 6 is 0x2142. Here are the main steps to
password recovery:
1. Boot the router and interrupt the boot sequence by performing a break,
which will take the router into ROM monitor mode.
2. Change the configuration register to turn on bit 6 (with the value 0x2142).
3. Reload the router.
4. Enter privileged mode.
5. Copy the startup-config file to running-config.
12/15/2010
Created by R.D.Ray
195
12/15/2010
Created by R.D.Ray
196
The Cisco IFS minimizes the required prompting for many commands. Instead of
entering in an EXEC-level copy command and then having the system prompt you for more
information, you can enter a single command on one line with all necessary information.
12/15/2010
Created by R.D.Ray
197
dir
Same as with Windows, this command lets you view files in a directory. Type dir,
hit Enter, and by default you get the contents of the flash:/ directory output.
copy
This is one popular command, often used to upgrade, restore, or back up an IOS.
more
Same as with Unix, this will give you a text file and let you look at it on a card. You
can use it to check out your configuration file or your backup configuration file.
show file
This command will give you the skinny on a specified file or file system, but its
kind of obscure because people dont use it a lot.
delete
it deletes stuff. But with some types of routers, not as well as youd think. Thats
because even though it whacks the file, it doesnt always free up the space it was
using. To actually get the space back, you have to use something called the
squeeze command too.
12/15/2010
Created by R.D.Ray
198
erase/format
Use these with caremake sure that when youre copying files, you say no to the
dialog that asks you if you want to erase the file system! The type of memory
youre using determines if you can nix the flash drive or not.
cd/pwd
Same as with Unix and DOS, cd is the command you use to change directories.
Use the pwd command to print (show) the working directory.
mkdir/rmdir
Use these commands on certain routers and switches to create and delete
directoriesthe mkdir command for creation and the rmdir command for deletion.
Use the cd and pwd commands to change into these directories.
12/15/2010
Created by R.D.Ray
199
12/15/2010
Created by R.D.Ray
200
flash:c1841-ipbase-mz.124-1c.bin:
type is image (elf) []
file size is 13937472 bytes, run size is 14103140 bytes
Runnable image, entry point 0x8000F000, run from ram
R1#delete flash:c1841-ipbase-mz.124-1c.bin
R1#copy tftp://1.1.1.2//c1841-advipservicesk9-mz.124-12.bin/ flash:/
c1841-advipservicesk9-mz.124-12.bin
12/15/2010
Created by R.D.Ray
201
12/15/2010
Created by R.D.Ray
202
Created by R.D.Ray
203
CDP timer is how often CDP packets are transmitted out all active interfaces.
CDP holdtime is the amount of time that the device will hold packets received
from neighbor devices.
12/15/2010
Created by R.D.Ray
204
12/15/2010
Created by R.D.Ray
205
12/15/2010
Created by R.D.Ray
206
Using Telnet
Telnet, part of the TCP/IP protocol suite, is a virtual terminal protocol that
allows you to make connections to remote devices, gather information, and run
programs. TELecommunication NETwork is a network protocol which is mostly used
to connect to remote machines over a local area network or the internet.
Configuring TELNET
R1()
Line vty 0 4
Password telnet ---- it will ask for the pass word
Login
Do the same in rest of the routers
R1# telnet 200.200.200.2
12/15/2010
Created by R.D.Ray
207
R1()
Line vty 0 4
No login ---- no password required direct access
Do the same in rest of the routers
See that asterisk (*) next to connection 2? It means that session 2 was your last session. You can return to
your last session by pressing Enter twice.
Created by R.D.Ray
208
R1()#
Ip host r2 200.200.200.2
Ip host r3 200.200.201.3
#ping r2
#ping r3
# telnet r2
# telnet r3
12/15/2010
Created by R.D.Ray
209
12/15/2010
Created by R.D.Ray
210
Restoring the Cisco IOS Software from ROM Monitor Mode Using
Xmodem
12/15/2010
Created by R.D.Ray
211
12/15/2010
Created by R.D.Ray
212
12/15/2010
Created by R.D.Ray
213
12/15/2010
Created by R.D.Ray
214
12/15/2010
Created by R.D.Ray
215
12/15/2010
Created by R.D.Ray
216
12/15/2010
Created by R.D.Ray
217
12/15/2010
Created by R.D.Ray
218
12/15/2010
Created by R.D.Ray
219
Configuring SNMP
NOTE: A community string is like a password. In the case of the first command, the community
string grants you access to SNMP.
12/15/2010
Created by R.D.Ray
220
Configuring Syslog
12/15/2010
Created by R.D.Ray
221
Setting a level means you will get that level and everything below it. Level 6
means you will receive level 6 and 7 messages. Level 4 means you will get
levels 4 through 7.
12/15/2010
Created by R.D.Ray
222
12/15/2010
Created by R.D.Ray
223
Its compared with lines of the access list only until a match is made.
Once the packet matches the condition on a line of the access list, the
packet is acted upon and no further comparisons take place.
There is an implicit deny at the end of each access listthis means
that if a packet doesnt match the condition on any of the lines in the
access list, the packet will be discarded.
12/15/2010
Created by R.D.Ray
224
12/15/2010
Created by R.D.Ray
225
ACL Keywords
any
Used in place of 0.0.0.0 255.255.255.255, will match any address that it is compared against
host
Used in place of 0.0.0.0 in the wildcard mask, will match only one specific address
12/15/2010
Created by R.D.Ray
226
12/15/2010
Created by R.D.Ray
227
12/15/2010
Created by R.D.Ray
228
12/15/2010
Created by R.D.Ray
229
12/15/2010
Created by R.D.Ray
230
12/15/2010
Created by R.D.Ray
231
12/15/2010
Created by R.D.Ray
232
12/15/2010
Created by R.D.Ray
233
12/15/2010
Created by R.D.Ray
234
12/15/2010
Created by R.D.Ray
235
12/15/2010
Created by R.D.Ray
236
12/15/2010
Created by R.D.Ray
237
You change to a new ISP that requires you to renumber your network.
You need to merge two intranets with duplicate addresses.
12/15/2010
Created by R.D.Ray
238
Static NAT
This type of NAT is designed to allow one-to-one mapping between local and global
addresses. Keep in mind that the static version requires you to have one real
Internet IP address for every host on your network.
Dynamic NAT
This version gives you the ability to map an unregistered IP address to a
registered IP address from out of a pool of registered IP addresses. You dont
have to statically configure your router to map an inside to an outside address as
you would using static NAT, but you do have to have enough real, bona-fide IP
addresses for everyone whos going to be sending packets to and receiving them
from the Internet.
Overloading
This is the most popular type of NAT configuration. Understand that overloading
really is a form of dynamic NAT that maps multiple unregistered IP addresses to a
single registered IP addressmany-to-oneby using different ports.
12/15/2010
Created by R.D.Ray
239
NAT Names
Created by R.D.Ray
240
12/15/2010
Created by R.D.Ray
241
PAT allows us to use the Transport layer to identify the hosts, which in turn allows us
to use (theoretically) up to 65,000 hosts with one real IP address.
12/15/2010
Created by R.D.Ray
242
12/15/2010
Created by R.D.Ray
243
12/15/2010
Created by R.D.Ray
244
12/15/2010
Created by R.D.Ray
245
Configuring DHCP
r1
r2
200.200.200.0/24
R1()#
Ip dhcp pool dev
Network 192.168.10.0 255.255.255.0
Default router 192.168.10.100
Netbios-name-server 192.168.10.1
Dns-server 192.168.10.2
Lease 12 14 30 or infinite
12/15/2010
R1()#
Ip dhcp excluded-address
192.168.10.1 192.168.10.5
Copy
Created
rightbyProtected
R.D.Ray
246
12/15/2010
Created by R.D.Ray
247
Parts of IPV4 address scheme like class D and class E are reserved for special use
IPV4 has a limitation upto 4 billion users
Explosion of new IP enabled devices, growth of undeveloped region, etc.
IPV6 Features
IPV6 addresses are 128 bits. The usable address is 5 * (10 ^ 28) per user
The total number of IPv4 addresses is 232 (or 4 * 109); when reserved
addresses are considered, approximately two billion (2 * 109) usable addresses
remain.
IPv6 also includes a simplified packet header which provides better routing
efficiency for performance and forwarding rate scalability.
Provides support for mobility and security by the use of IPSEC which is by
default present in IPV6 addressing
12/15/2010
Created by R.D.Ray
248
words, IPv6 addresses are 296 times more numerous than IPv4 addresses.
IPv6 addresses are represented in hexadecimal rather than decimal and use
colon-separated fields of 16 bits each, rather than decimal points between 8-bit
fields, as in IPv4.
12/15/2010
Created by R.D.Ray
249
Example:2035:0001:0000:0000:0000:2bc5:000a:bc0f
Compressing Zeros
leading zeros in each 16-bit field may be omitted
once, and only once, in an address, sequential zeros can be replaced with a pair
of colons (::)
only one pair of colons can be used within an IPv6 address. This is because the
number of missing 0s is calculated by separating the two parts of the address and
filling in 0s, until there are a total of 128 bits.
2035:1::2bc5:a:bc0f
Created by R.D.Ray
250
Anycast
for sending to the nearest interface in a group. An IPv6 anycast address also
identifies a set of interfaces on different devices; however, a packet sent to an anycast
address goes only to the nearest interface, as determined by the routing protocol in use.
Therefore, all nodes with the same anycast address should provide the same service.
The seventh bit in the first byte of the resulting interface ID, corresponding to
the Universal/Local (U/L) bit, is set to binary 1.
12/15/2010
Created by R.D.Ray
251
The U/L bit indicates whether the interface ID is locally unique (on the link
only) or universally (globally) unique; IDs derived from universally unique MAC
addresses are assumed to be globally unique.
The eighth bit in the first byte of the interface ID is the individual/group (I/G)
bit for managing multicast groups; it is not changed. note
12/15/2010
Created by R.D.Ray
252
/64 Interface ID
The first 48 bits of the IPv6 global unicast address are used for global routing at the Internet
service provider (ISP) level
The next 16 bits are the subnet ID, allowing an enterprise to subdivide their network.
The final 64 bits are the interface ID, typically in EUI-64 format
The Internet Assigned Numbers Authority (IANA) is currently assigning addresses that start with
the binary value 001, which is 2000::/3, for IPv6 global unicast addresses. This is one-eighth of
the total IPv6 address space.
The IANA is currently allocating address space in the 2001::/16 ranges to the registries.
Registries typically have a /23 range, and allocate /32 ranges to ISPs.
12/15/2010
Created by R.D.Ray
253
Created by R.D.Ray
254
12/15/2010
Created by R.D.Ray
255
An EIGRP for IPv6 protocol instance requires a router ID before it can start running.
EIGRP for IPv6 has a shutdown feature. The routing process should be in "no
shutdown" mode in order to start running.
When a user uses passive-interface configuration, EIGRP for IPv6 does not need to
be configured on the interface that is made passive.
EIGRP for IPv6 provides route filtering using the distribute-list prefix-list command.
Use of the route-map command is not supported for route filtering with a distribute
list.
12/15/2010
Created by R.D.Ray
256
12/15/2010
Created by R.D.Ray
257
Created by R.D.Ray
258
12/15/2010
Created by R.D.Ray
259
Migrating to IPv6
The transition from IPV4 to IPV6 does not require upgrades. The Methods that are
used are:
1.
2.
DUAL STACK
TUNNELLING
DUAL STACK
It is an integration method where a router has connectivity to both IPV4 and IPV6.
12/15/2010
Created by R.D.Ray
260
TUNNELING
It is an integration method in which an IPV6 packet is encapsulated within another
protocol, such as IPV4. tunneling IPV6 inside of IPV4 uses IPV4 protocol 41.
While tunneling an IPV6 packet over an IPV4 network, one edge router encapsulates
the IPV6 packet inside an IPV4 packet and the router at the other end and the router at the other
end de-capsulates it.
IPV6 TUNNELLING
12/15/2010
Created by R.D.Ray
261
R3()#
Int tunnel 0
Ipv6 add 2001:0:0:2::2/64
Tunnel source s0/1
Tunnel destination
200.200.200.1
Tunnel mode ipv6ip
Ipv6 rip ccnp enable
Sh int tunnel
Clear counters tunnel
The command IPV6IP specifies that manual IPV6 tunnel has IPV6 as the
passenger protocol and IPV4 as both the encapsulation & transparent protocol
12/15/2010
Created by R.D.Ray
262
12/15/2010
Created by R.D.Ray
263
CSU/DSU
12/15/2010
CSU/DSU
Created by R.D.Ray
264
WAN Terms
Customer premises equipment (CPE)
Is the equipment thats owned by the subscriber and located on the
subscribers premises.
Demarcation point
is the precise spot where the service providers responsibility ends and
the CPE begins. Its generally a device in a telecommunications closet owned and
installed by the telecommunications company (telco). Its your responsibility to
cable (extended demarc) from this box to the CPE, which is usually a connection
to a CSU/DSU or ISDN interface.
Local loop
connects the demarc to the closest switching office, which is called a
central office.
12/15/2010
Created by R.D.Ray
265
12/15/2010
Created by R.D.Ray
266
Leased lines
These are usually referred to as a point-to-point or dedicated connection.
A leased line is a pre-established WAN communications path that goes from
the CPE through the DCE switch, then over to the CPE of the remote site.
The CPE enables DTE networks to communicate at any time with no
cumbersome setup procedures to muddle through before transmitting data.
12/15/2010
Created by R.D.Ray
267
Circuit switching
When you hear the term circuit switching , think phone call. The big advantage is
costyou only pay for the time you actually use. No data can transfer before an
end-to-end connection is established. Circuit switching uses dial-up modems or
ISDN and is used for low-bandwidth data transfers.
some people do have ISDN and it still is viable (and I do suppose someone does
use a modem now and then), but circuit switching can be used in some of the
newer WAN technologies as well.
Packet switching
This is a WAN switching method that allows you to share bandwidth with other
companies to save money. Packet switching can be thought of as a network thats
designed to look like a leased line yet charges you more like circuit switching. But
less cost isnt always better theres definitely a downside: If you need to
transfer data constantly, just forget about this option. Instead, get yourself a
leased line. Packet switching will only work for you if your data transfers are the
bursty typenot continuous. Frame Relay and X.25 are packet-switching
technologies with speeds that can range from 56Kbps up to T3 (45Mbps).
12/15/2010
Created by R.D.Ray
268
WAN protocols
Frame Relay
A packet-switched technology that made its debut in the early 1990s,
Frame Relay is a high-performance Data Link and Physical layer specification. Its
pretty much a successor to X.25, except that much of the technology in X.25 used
to compensate for physical errors (noisy lines) has been eliminated. An upside to
Frame Relay is that it can be more cost effective than point-to-point links, plus it
typically runs at speeds of 64Kbps up to 45Mbps (T3). Another Frame Relay
benefit is that it provides features for dynamic bandwidth allocation and congestion
control.
ISDN
Integrated Services Digital Network (ISDN) is a set of digital services that
transmit voice and data over existing phone lines. ISDN offers a cost-effective
solution for remote users who need a higher-speed connection than analog dial-up
links can give them, and its also a good choice to use as a backup link for other
types of links like Frame Relay or T1 connections.
12/15/2010
Created by R.D.Ray
269
LAPB
Created by R.D.Ray
270
It wasnt intended to encapsulate multiple Network layer protocols across the same
linkthe HDLC header doesnt contain any identification about the type of protocol
being carried inside the HDLC encapsulation. Because of this, each vendor that
uses HDLC has its own way of identifying the Network layer protocol, meaning
each vendors HDLC is proprietary with regard to its specific equipment.
PPP
12/15/2010
Created by R.D.Ray
271
The High-Level Data-Link Control (HDLC) protocol is a popular ISOstandard, bit-oriented, Data Link layer protocol. It specifies an encapsulation
method for data on synchronous serial data links using frame characters and
checksums. HDLC is a point-to-point protocol used on leased lines. No
authentication can be used with HDLC.
In byte-oriented protocols, control information is encoded using entire
bytes. On the other hand, bit-oriented protocols use single bits to represent the
control information. Some common bit-oriented protocols include SDLC, LLC,
HDLC, TCP, and IP.
HDLC is the default encapsulation used by Cisco routers over
synchronous serial links. And Ciscos HDLC is proprietaryit wont communicate
with any other vendors HDLC implementation.
12/15/2010
Created by R.D.Ray
272
12/15/2010
Created by R.D.Ray
273
LCP
A method of establishing, configuring, maintaining, and terminating the point-topoint connection.
NCP
A method of establishing and configuring different Network layer protocols. NCP
is designed to allow the simultaneous use of multiple Network layer protocols.
12/15/2010
Created by R.D.Ray
274
12/15/2010
Created by R.D.Ray
275
Created by R.D.Ray
276
PPP callback
PPP can be configured to call back after successful authentication. PPP callback
can be a good thing for you because you can keep track of usage based upon
access charges, for accounting records, and a bunch of other reasons. With
callback enabled, a calling router (client) will contact a remote router (server) and
authenticate as I described earlier. (Know that both routers have to be configured
for the callback feature for this to work.) Once authentication is completed, the
remote router will terminate the connection and then re-initiate a connection to the
calling router from the remote router.
PPP Session Establishment
When PPP connections are started, the links go through three phases of session
establishment
12/15/2010
Created by R.D.Ray
277
Link-establishment phase
LCP packets are sent by each PPP device to configure and test the link.
These packets contain a field called the Configuration Option that allows each
device to see the size of the data, compression, and authentication. If no
Configuration Option field is present, then the default configurations will be used.
Authentication phase
If required, either CHAP or PAP can be used to authenticate a link.
Authentication takes place before Network layer protocol information is read. And
its possible that link-quality determination will occur simultaneously.
12/15/2010
Created by R.D.Ray
278
There are two methods of authentication that can be used with PPP links:
Password Authentication Protocol (PAP)
The Password Authentication Protocol (PAP) is the less secure of the two
methods. Passwords are sent in clear text, and PAP is only performed upon the
initial link establishment. When the PPP link is first established, the remote node
sends the username and password back to the originating router until
authentication is acknowledged. Not exactly Fort Knox!
Challenge Handshake Authentication Protocol (CHAP)
The Challenge Handshake Authentication Protocol (CHAP) is used at the
initial startup of a link and at periodic checkups on the link to make sure the router
is still communicating with the same host. After PPP finishes its initial linkestablishment phase, the local router sends a challenge request to the remote
device. The remote device sends a value calculated using a one-way hash function
called MD5. The local router checks this hash value to make sure it matches. If the
values dont match, the link is immediately terminated.
12/15/2010
Created by R.D.Ray
279
Configuring PPP
12/15/2010
Created by R.D.Ray
280
r1()#int s0/0
ppp authentication chap pap
r2()#int s0/0
ppp authentication chap pap
12/15/2010
Created by R.D.Ray
281
Frame Relay
A packet switching technology
Derived from the earlier deployment of x.25 technology
Operates on a single subnet
By default frame-relay is Non-broadcast-Multiaccess (NBMA)
Works on Serial link
12/15/2010
Created by R.D.Ray
282
Virtual Circuits
Frame Relay operates using virtual circuits as opposed to the actual
circuits that leased lines use. These virtual circuits are what link together the
thousands of devices connected to the providers cloud. Frame Relay provides a
virtual circuit between your two DTE devices, making them appear to be
connected via a circuit when in reality, theyre dumping their frames into a large,
shared infrastructure.
There are 2 types of VCs used by Frame-relay
1. Permanent VC
works like a leased line which is always up.
2. Switched VC
works like a dial-up connection. When data passes at that time it is up
else it is down.
Data Link Connection Identifiers (DLCIs)
Frame Relay PVCs are identified to DTE end devices by Data Link
Connection Identifiers (DLCIs). A Frame Relay service provider typically assigns
DLCI values, which are used on Frame Relay interfaces to distinguish between
different virtual circuits.
12/15/2010
Created by R.D.Ray
283
12/15/2010
Created by R.D.Ray
284
12/15/2010
Created by R.D.Ray
285
Configuring Frame-Relay
Rip v2
12/15/2010
()#
int s0/1
Encapsulation frame-relay
Frame-relay intf-type dce
Clock rate 64000
Frame-relay route 201 int s0/0 102
No sh
Created by R.D.Ray
286
HQ()#
int s0/0
Ip add 200.200.200.1 255.255.255.0
Encapsulation frame-relay
Frame-relay intf-type dte
bandwidth 64
Frame-relay interface-dlci 102
No sh
()#
Router rip
Ver 2
No auto
Net 200.200.200.0
Net 192.168.10.0
BR1()#
int s0/0
Ip add 200.200.200.2 255.255.255.0
Encapsulation frame-relay
Frame-relay intf-type dte
bandwidth 64
Frame-relay interface-dlci 102
No sh
()#
Router rip
Ver 2
No auto
Net 200.200.200.0
Net 192.168.20.0
On FRSW
#show frame-relay route
12/15/2010
Created by R.D.Ray
287
12/15/2010
Created by R.D.Ray
288
Switch Operation
When you power on the switch it does 3 things :Address learning
Layer 2 switches and bridges remember the source hardware address of each frame
received on an interface, and they enter this information into a MAC database called a
forward/filter table.
Forwarding and Filtering
When a frame is received on an interface, the switch looks at the destination hardware
address and finds the exit interface in the MAC database. The frame is only forwarded out
the specified destination port.
Loop avoidance
If multiple connections between switches are created for redundancy purposes, network
loops can occur. Spanning Tree Protocol (STP) is used to stop network loops while still
permitting redundancy.
If no loop avoidance schemes are put in place, the switches will flood broadcasts endlessly
throughout the internetwork. This is sometimes referred to as a broadcast storm.
A device can receive multiple copies of the same frame since that frame can arrive from
different segments at the same time.
12/15/2010
Created by R.D.Ray
289
The MAC address filter table could be totally confused about the devices location because the
switch can receive the frame from more than one link. And whats more, the bewildered switch
could get so caught up in constantly updating the MAC filter table with source hardware
address locations that it will fail to forward a frame! This is called thrashing the MAC table.
12/15/2010
Created by R.D.Ray
290
By default, BPDUs are sent out all switch ports every 2 seconds so that current topology
information is exchanged and loops are identified quickly. It contains:Protocol ID
Version
Message Type
Flags
Root Bridge ID
Root Path Cost
Sender Bridge ID
Port ID
Message Age (in 256ths of a second)
Maximum Age (in 256ths of a second)
Hello Time (in 256ths of a second)
Forward Delay (in 256ths of a second)
Bridge ID
The bridge ID is how STP keeps track of all the switches in the network. It is determined by a
combination of the bridge priority (32,768 by default on all Cisco switches) and the base MAC
address. The bridge with the lowest bridge ID becomes the root bridge in the network.
Bridge Priority (2 bytes)The priority or weight of a switch in relation to all other switches.
The priority field can have a value of 0 to 65,535 and defaults to 32,768 (or 0x8000) on every
Catalyst switch.
MAC Address (6 bytes)The MAC address used by a switch can come from the Supervisor
module, the backplane, or a pool of 1,024 addresses that are assigned to every Supervisor or
backplane, depending on the switch model. In any event, this address is hardcoded and unique,
and the user cannot change it.
12/15/2010
Created by R.D.Ray
291
Root Bridge
For all switches in a network to agree on a loop-free topology, a common frame of
reference must exist to use as a guide. This reference point is called the Root
Bridge.
Created by R.D.Ray
292
Root Ports
On a Non-Root Bridge the port which is either directly
connected to the RB or has the lowest path cost to reach the RB is
called as Root Port.
12/15/2010
Created by R.D.Ray
293
1.If a switch has multiple ports connected to reach the RB then the port with
the lowest path cost becomes the RP.
2. If a switch has multiple ports with same cost to reach the RB then the
port with the lowest port number becomes the RP.
12/15/2010
Created by R.D.Ray
294
12/15/2010
Created by R.D.Ray
295
Listening The port listens to BPDUs to make sure no loops occur on the network
before passing data frames. A port in listening state prepares to forward data frames
without populating the MAC address table.
Learning The switch port listens to BPDUs and learns all the paths in the switched
network. A port in learning state populates the MAC address table but doesnt
forward data frames. Forward delay means the time it takes to transition a port from
listening to learning mode, which is set to 15 seconds by default and can be seen in
the show spanning-tree output.
Forwarding The port sends and receives all data frames on the bridged port. If the
port is still a designated or root port at the end of the learning state, it enters the
forwarding state.
Disabled A port in the disabled state (administratively) does not participate in the
frame forwarding or STP. A port in the disabled state is virtually nonoperational.
A port takes about 50 seconds to be fully active.
12/15/2010
Created by R.D.Ray
296
Benefits of VLAN
1.
2.
3.
12/15/2010
Created by R.D.Ray
297
Created by R.D.Ray
298
Inter Switch Link:Its a cisco proprietary protocol that supports multiprotocol like
ethernet token ring , FDDI. It supports 1000 vlans and PVST. It performs
frame identification in layer 2 by encapsulating each frame between a
header and trailer. When a frame is sent out to another switch ISL adds a
26 byte header and a 4 byte trailer to the fame. The trailer contains a CRC
value to ensure the data integrity of the frame.
12/15/2010
Created by R.D.Ray
299
IEEE802.1Q :An IEEE standard method for identifying vlans by inserting a vlan
identifier into the frame header. This process is called frame tagging. It supports
ethernet and token ring and upto 4096 vlans. It also supports enhanced stp like
PVST, MST, RSTP.
Dynamic Trunking Protocol (DTP):It is a cisco proprietary point-to-point protocol that negotiates a common
trunking mode between two switches. The negotiation covers the encapsulation
(ISL or DOT1Q) and whether the link becomes a trunk at all.
VLAN Trunking Protocol (VTP)
its a protocol used to distribute and synchronize information about vlans
configured throughout a switched network. It maintains consistency by managing
addition, deletion and name changes of vlans within a vtp domain.
A vtp domain is one switch or several interconnected switches sharing the same
vtp environment.
12/15/2010
Created by R.D.Ray
300
VTP modes
VTP operates in one of the three modes :1.
Server
2.Client 3. Transparent
12/15/2010
Created by R.D.Ray
301
VTP Operation
Vtp switches use an index called the vtp configuration revision number to
keep track of the most recent information
The vtp advertisement process always starts with configuration revision
number 0
VTP Prunning
Uses vlan advertisements to determine when a trunk connection is flooding
traffic needlessly. It increases the available bandwidth by restricting
flooded traffic to those trunk links that the traffic must use to access the
appropriate network devices. By default, vtp pruning is disabled.
Switch ()# vtp prunning
12/15/2010
Created by R.D.Ray
302
192.168.10.0
Dg - 192.168.10.100
192.168.20.0
Dg - 192.168.20.100
Configuring VLAN
SW()# VLAN 2
# NAME HR
SW()# VLAN 3
# NAME SALE
Sw # show vlan
12/15/2010
Created by R.D.Ray
303
12/15/2010
Created by R.D.Ray
304
Created by R.D.Ray
305
Router()#
int fa0/0.1
Encapsulation dot1q 2 vlan 2
ip address 192.168.10.100 255.255.255.0
Router()#
int fa0/0.2
Encapsulation dot1q 3 vlan 3
ip address 192.168.20.100 255.255.255.0
Pc1:\>ping 192.168.20.1
Pc2:\>ping 192.168.10.1
12/15/2010
Created by R.D.Ray
306
12/15/2010
4096
8192
12288
16384
20480
25576
28672
32768
36864
40960
45056
49152
53248
57344
61440
Created by R.D.Ray
307
Created by R.D.Ray
308
12/15/2010
Created by R.D.Ray
309
A switch detects an indirect link failure when it receives inferior BPDUs from its
designated bridge on either its Root Port or a blocked port. (Inferior BPDUs are
sent from a designated bridge that has lost its connection to the Root Bridge,
making it announce itself as the new Root.)
Normally, a switch must wait for the Max Age timer to expire before responding
to the inferior BPDUs. However, BackboneFast begins to determine whether
other alternative paths to the Root Bridge exist according to the following port
types that received the inferior BPDU:
If the inferior BPDU arrives on a port in the Blocking state, the switch considers
the Root Port and all other blocked ports to be alternate paths to the Root
Bridge.
If the inferior BPDU arrives on the Root Port itself, the switch considers all
blocked ports to be alternate paths to the Root Bridge.
If the inferior BPDU arrives on the Root Port and no ports are blocked,
however, the switch assumes that it has lost connectivity with the Root Bridge. In
this case, the switch assumes that it has become the Root Bridge, and
BackboneFast allows it to do so before the Max Age timer expires.
12/15/2010
Created by R.D.Ray
310
Troubleshooting STP
Because the STP running in a network uses several timers, costs, and
dynamic calculations, predicting the current state is difficult. You can use
a network diagram and work out the STP topology by hand, but any
change on the network could produce an entirely different outcome.
12/15/2010
Created by R.D.Ray
311
12/15/2010
Created by R.D.Ray
312
12/15/2010
Created by R.D.Ray
313
12/15/2010
Created by R.D.Ray
314
BPDU Guard
The BPDU guard feature was developed to further protect the integrity of switch
ports that have PortFast enabled. If any BPDU (whether superior to the current
root or not) is received on a port where BPDU guard is enabled, that port
immediately is put into the errdisable state. The port is shut down in an error
condition and must be either manually re-enabled or automatically recovered
through the errdisable timeout function. By default, BPDU guard is disabled on all
switch ports.
Portfast enabled
RB
switch
client
switch
New
switch
hub
12/15/2010
Created by R.D.Ray
315
BPDU Filtering
Is another way of preventing Root Bridge placement in the network. It can
be configured globally and also on interface.
In global mode if a portfast interface receives any BPDUs it is taken out
of Portfast status.
12/15/2010
Created by R.D.Ray
316
RSTP (802.1w)
12/15/2010
Created by R.D.Ray
317
PAGP
Its a cisco proprietary protocol that learns the capabilities of
interface groups dynamically and informs other interfaces. After identifying
correctly matched ethernet links it groups the links into an ether channel.
12/15/2010
Created by R.D.Ray
318
PAGP has two modes auto and desirable which are grouped as :Desirable-desirable
auto desirable
By default, PAGP operates in silent sub-mode with the desirable
and auto mode and allows ports to be added to an ether channel even if
the other end of the link is silent and never transmit PAGP packets.
LACP
Its an open standard IEEE protocol. In LACP the switch with the
lowest system priority is allowed to make decisions about what ports are
actively participating in the ether channel at a given time. To create a
channel in lacp the links must be set to :Active active
Active passive
12/15/2010
Created by R.D.Ray
319
Mode
ON
Protocol
---
AUTO
PAgP
Desirable
PAgP
12/15/2010
Description
Created by R.D.Ray
320
Mode
Protocol
Description
Active
LACP
Passive
LACP
12/15/2010
Created by R.D.Ray
321
If the EtherChannel will be a trunk link, all ports should have the same trunk
mode and should carry the same VLANs over the trunk.
All ports should be configured for the same speed and duplex mode.
Do not configure the ports as dynamic VLAN ports.
All ports should be enabled; a disabled port will be seen as a failed link, forcing
its traffic to be moved to the next available link in the bundle.
Configuring Etherchannel
4
5
6
12/15/2010
sw2
1
2
3
Created by R.D.Ray
1
2
3
4
5
6
322
sw2
1
2
3
1
2
3
4
5
6
12/15/2010
Created by R.D.Ray
323
12/15/2010
Created by R.D.Ray
324