QOS static routing / Dynamic Routing ..

- Okay eigrp bgp, vrf, spanning tree, trunking

port sharing VLAN Port Channel --> On going - LACP Port Mapping Port Security VRF Stacking Subnets VLAN Concepts BGP Static routes Eigrp STP STP multipath

1. Cisco switch Stack 3750 stack. 2. Port-channel. 3. Vlan & VTP modes. 4. STP. Routing - Static routes. ,BGP on MPLS.,EIGRP.,MPLS-VRF.,Sub netting.

Firewall- Nat & types of Nat.,Basic idea on ACL.

Port Mirroring – Port Mirroring is used on a network switch to send a copy of network packet seen one switch port to a network monitoring connection on another switch port. Generally referred as the SPAN ( Switch port Analyzer) Layer 3 Switch – High Performance devices. Layer 3 switch very little differ from routers. A layer 3 switch support the routing protocols Both inspect the incoming & outgoing packet and dest Layer 2 switch, frames are based on the MAC address information, Layer 3 switch frames are based on the network-layer information. Layer 2 switching does not look inside a packet for network-layer information. Layer 2 switching is performed by looking at destination MAC address within a frame. Layer 2 switch maintain the MAC address table. Layer 2 switch broadcast the frames and received the information. Layer 3 switching operates at the network layer. It examines packet information and forward packets based on their network- layer destination address. VRF : 1. Virtual Routing and forwarding is used on the MPLS network. 2. VRF is maintain the multiple routing table on the single router. 3. Virtual routing and forwarding is a technology included in IP ( Internet Protocol) network routers that allow multiple instances of the routing table to exist in a router and work simultaneously. 4. Increases functionally by allowing network paths to be segmented without using multiple devices. 5. VRF acts like a Logical router , but while a logical router may include many routing tables. 6. Virtual routing and forwarding is a technology implemented in the IP network routers that allow multiple instances of a routing table to exist on the same router in the same time 7. Multi protocol Label Switching ( MPLS) VPN technology. 8. Virtual Network enable administrator to split a physical link into multiple virtual link completely isolated one from the others. Virtual Link will be dedicated to traffic from a specific application or customer. MPLS functionally based on P ( Provider) router, PE ( Provider Edge) router and CE ( Customer edge) router. One PE router can hold and manage multiple virtual routing. If you are running in a private environment , you can use MPLS VPN to separate services.

2.Listening – Switch process BPDU and awaiting new possible information. 3.Disabled Spanning tree protocol is a link management protocol that provide path redundancy while prevening undesirable loops in the network. Basic functionally of the STP is prevent bridge loop and ensuring broadcast radiation. The removal of loops in the switched network BPDU – 1. . i. Learning . Multiple active paths between stations cause loops in the network. The Route target (RT) indicates the VPN membership of a route and allow VPN routes to be imported or exported into or out of your VRF Spanning Tree 1. Election of the Root Switch 1. The election of a unique root switch for the table 2. Bridge Protocol Data Unit ( BPDU ) – BPDU frame using the Bridge ID and MAC address of the port itself and Source and Destination address. Select Root Bridge – We need to select the root bridge with the smallest bridge ID. 2. the potential exists for duplication of message. If the loop exists in the network topology. STP is the link layer network protocols that ensure a loop free topology.Forwarding .. BPDU exchange regularly and enable switch keep track of network changes and start and stop forwarding at ports as required. Each bridge has a unique identifier and configure the selected ID . The Unique switch identifier ( MAC address) associated with each switch. Blocking . The path cost to the root 3.The Route distinguisher (RD ) is a number which help identify a VPN in a provider network and allow for overlapping IP space. The election of a designated switch for every switched LAN segment. Determine the least cost paths to the root bridgec. ii. The port identifier with each switch. Based on the priority value the bridge b. a. BPDU are exchanged regularly ( every 2 sec) 3.

Port security can do based on the MAC address 1. VLAN information distributed to all switches by VTP domain. Collectively use the Cisco switches. A switch stack always has one stack master. The stack member number (1 to 9 ) identifies each member in the switch stack. Stackable switch is always single management interface 2. The stack master and the other switches in the stack are stack members. The shortest destination to the root switch calculated for each switch. 3. 1. delete… 3. create. Learning. One of the switches controls the operation of the stack and is called the stack master. Forwarding. Disabled. MAC blocking 2. deletion and renaming of VLAN on a network wide basis. A VTP transparent switch will not advertise its VLAN configuration and does not synchronize. VTP sends message between trunked switches to maintain VLAN on these switch Port Security – 1. Transparent – The switch does not participate in VTP.BPDU One switch is elected as the root switch. VTP VTP ( VLAN Trunking Protocol) – Cisco proprietary Layer 2 messaging protocol that manage the addition. 4. A switch stack is a set of up to nine Catalyst 3750 switches connected through their StackWise ports. MAC learning Stacking … The term “ Stack “ refers to the group of switch that have been set up in the way. VTP Operation on three mode 1. Listening. Server – In the VTP mode . but not able to create . modify the VLANS 2. . Blocking. Switch stack has up to nine stack members connected through their stackwise port. Client – VTP client is works like Server. VTP reduce the administration in a switch network.

The ASA allow traffic pass from trusted to untrusted . Switch running the cryptographic version of the SMI or EMI (Standard multiplayer image) or EMI software. Three method of controlling the traffic. Firewall – A firewall is a program or hardware device that filters the inbound and outbound traffic. 3. PIX have very simple mechanisms to control traffic between interface. 4 or 8. 2. The switch with the high priority value become the stack master. router and servers. the traffic allowed thought.Packets are analyszed against a set of filters. the remaining stack members participate in electing a new stack master from among themselves. Manage the switch stack through a single IP address. Packets that make it through the filters are sent to the requesting systems and all others are discarded. but not the reverse.A switch member are eligible stack masters. If the comparison yeald the reasonable match. ASA block the lower level to high level. If the stack master becomes unavailable. A limitation of Etherchannel is that all the physical ports in the aggregation group must reside on the same switch. Port Channel Port channel support 2 . The traffic can pass from interface with high security levels to interfaces with lower security levels. Proxy Service – Information from the internet is retrieved by the firewall and then sent to the requesting system and vice versa. Inbound and outbound are monitored for specific characteristic. The load balancing is based on layer 2/3 or 4. Port channelling is make a communication between router & Switch. then incoming information is compared to these characteristic. State full Inspection – It does not examine the content of each packet but instead compares certain key parts of the packet to a database of trusted information. Packet Filtering . Etherchannel – EtherCannel is a port trunking technology used primarily on cisco switches. It allow grouping several physical Ethernet link to create one logical Ethernet link for the fault-tolerance and high-speed link between switchs. . 1. The best way to use 2. otherwise its discarded Security Level. max 8 interfaces.

On a three- pronged PIX firewall. • Security level 0—The lowest possible level. Dynamic routing is Dynamic routing protocols are software application that dynamically discover network. 2. It is link state routing protocol. the inside is typically 100. it's used by the outside interface by default. The router will then sort through its list of routes and select the best path. IGRP default administrative distance is 100 Static routing is manually entering the route based on the best path consideration.• Security level 100—The highest possible level. Static route is a route that is created manually by the network adminstrator.trainsignaltraining. Traffic can pass from this interface to other interfaces only if manually configured to do so. this level is considered the most trusted. Dynamic route are created by routing protocol. • Security levels 1–99— Can be assigned to any other interface on the PIX. EIGRP ( Enhanced Interior Gateway Routing Protocol)… 1. Using the trusted-untrusted terminology. and the third interface could be 50. Traffic from interfaces between 1 and 99 can pass through to the outside (0). Cisco Preparatory routing protocol & Distance vector routing protocol. making it the most untrusted interface. Routing optimisation is based on the Diffusing update algaritham (DUAL) . It will learn routes from other routers that run the same routing protocols. the outside is 0. 3. A router will learn “ routes” to all directly connected network. but it is prevented from passing to the inside (100). it is used by the inside interface by default. This is because the interface has a lower security level setting than the inside. http://www. Static routing is not really a protocol. Cisco 6500 Super Wiser Engineer 32 Static Routing Vs Dynamic Routing…. simply the process of manually entering routes into the routing table via a configuration file that is loaded when the routing devices starts up.com/free-video-training/free-ccna-training-videos-static-routing-andrip/ Static routing administrative distance is one.

EIGRP will learn the successor and feasible successor.EIGRP DUAL a.Update. Updates. EIGRP sessions establish and maintain neighbor relationships with neighboring routers.EIGRP administrative distance is 120 12. Tracks all routs advertised by neighbour. They work by exchanging a description of each node and its exact connections to its neighbours. EIGRP reduces bandwidth usage. 23. c. Select the loop free successor and select the feasible successor. ACK are – NON Acknowledgment oriented. query & replay packet . b.EIGRP Default hop count is 224 14.EIGRP maintain three database – Neigbor DB. replay – Acknowledgement oriented.Default hello interval is 5 second. toptoplogy DB. 8. 22.EIGRP use reduce the bandwidth 16. 24. Replies. 21.IGRP default hop count s 111 15.EIGRP default hold time is three times of Hello packets. If successor is fails . Link state routing protocols – Based on the algorithm find the shortest path. No future topology information exchange. The exchange a vector of distance to all destination. 10. Distance Vector Routing Protocol – Bellman Ford algorithm to find shortest paths. 5.Hello. EIGRP allows for equal cost load balancing. select the feasible successor.DUEL is used to select the best path OSPF . 6. Queries.4. IP routing table 18. Its updates only when topology changes occur.RTP ( Reliable Transport Protocol) is responsible for guarabteed 20. Request ) 11.EIGRP format packet ( hello / ACk. 13.EIGRP only send the updated information if any network changes. 19. Using Hello messages. incremental routing updates and formal neighbour relationship 7. 17. Support of Variable Length subnet Masks (VLSM) 9.

1. Send periodic update.. Localization impact of any topology changes. Neighbour Table. Its is link state routing protocol. 1. Link State Update (LSU) and ACK. Send triggered update when network changes occurs 3. 2. OSPF Area . 3. and such every 30 min 2. Digistra algoritham calculate the all possible routes.2 Ling Aggregation Control Protocol ( LACP ) and Port Aggregation Protocol ( PAgP) is a Cisco proprietary protocols that run on Cisco Switch. 1. 4. 2. 3.Characteristics 2. Link state Request( LSR). Require hierarchical network design. OSPF select the DR ( Designated Router) and BDR ( Backup Designated router) 8. OSPF protocol that builds three tables : Neigbour table. Hello – Builds adjucent between neighbours. IGRP. 6. Details LSA flooding stop at the area boundry. PAGP cannot be enabled on cross-Stack ether channels. Topology table. link-state refresh. 9. Catayst 3750 switch that run cisco IOS software relase 12. Area border router (ABR) 7. It is distance vector routing protocol. Response quickly as the network changes. database description. Minimizes routing table entry. OSPF protocol have five type of packet. LS topology table and routing table. – Generate routing update when any network changes. . 4. 5. 1. hello. Routing table – Link state data structure. Its use metric as a bandwith Cisco switch Stack 3750 stack. Database Description ( DBD) – check for database syncronization between router.

New method for collectively utilizing the capabilities of a stack of switch. Eight of the port are in active mode and other eight are in standby mode. Uptime 5. Bi-directional flow – To efficiently load balanced the traffic. Modification and deletion . It send periodic update to all subordinate switchs.LACP is supported on cross stack etherchannels from Cisco IOS. Physical sequential linkages – A break of the any one cable will result in the stack bandwidth being reduced to half of its full capability. Cisco stackwise technology units up to nine individual cisco 3750 switch into a single logical units. 2. 4. The single IP management applies to active fault detection. We can configure up to 16 ports form a channel.The master switch is responsible for collecting and maintaiing correct routing information. Security and QoS controls. MAC address Shared network Topology information . VLAN creation . Switch are united into a single logical units using special stack interconnected cables that create bidirectinoal closed –loop path. This single stack will allow share the same network topology. Layer 3 is done in a centralized manner. On line stack adds and remove. LACP packets only with partnet interfaces with the active or passive mode configuration. Default configuration. Layer 2 and Layer 3 forwarding – layer 2 forwarding is done with a distribution layer. Cisco Catalyst 3750 series switch has a single IP address and is managed as a single object. Subsecond Failover – within microsecond of a brakage of one part of the path Single Management IP address – Master Switch Election 1. Switch intelligently join to create a single switch unit with a 32 gbic Switch can be added to and deleted from a working stack without affecting performance. User Priority – network manager can select the which switch as a master. . MAC address and routing information. The master switch is responsible for routing control and processing. H/w and S/W priority – 3.

Administrative distance is used to select the best path when there are two or more different routes to the same distance from two different routing protocols. Route Source Connected interface Static route Enhanced Interior Gateway Routing Protocol (EIGRP) summary route External Border Gateway Protocol (BGP) Internal EIGRP IGRP OSPF Intermediate System-to-Intermediate System (IS-IS) Routing Information Protocol (RIP) Default Distance Values 0 1 5 20 90 100 110 115 120 . In Fastforward mode. latency is measured first bit received to first bit transmitted (FIFO) Fragment Free – Fregment free switching filters out collision fragments.Subordinate switch activity – Switching Mode … Fast forwards – Fast forwards offers the lowest level of latency by immediately forwarding a packet after receiving the destination address. In Sore and forward mode. .Complete packet are stored and checked for error prior to transmission. Latency is measured last bit received to first bit tranmitted or LIFO ( Last in Fast out) What is administrative distance ? Adminsitrative distance is the feature that routers use in order to select the best path when there are two or more different routes to the same distinaiton from two different routing protocol. the majority of packet errors before forwarding begins. Store – and – Forward. AD define the reliability of a routing protocol. The smallest administrative distance value is more reliable protocol. AD distance is the first criterion that a router used to determine which routing protocol to use if two protocols provide route information for the same destination.

the packet handled nodes or router are called Label switched router (LSR) Is the telecommunication network. or 224 to 239 decimal. or 128 to 191 decimal. Class C addresses begin with 110x. Class Address Class A addresses begin with 0xxx. MPLS is the standard technology for speeding up network traffic flow and make it easy to manage MPLS – VRF ( Virtual Routing and forwarding ) is a technology that allow multiple instances of a routing table VRF is the key element in the Cisco MPLS VPN technology. MPLS – Multiprotocol Label Switching is a mechanisam is high performance telecommunication network which directs and carries data from one network node to the next. MPLS is an efficient encapsulation mechanisam. Class D addresses begin with 1110. Protocol agnostic. MPLS is a highly scalable. or 1 to 126 decimal. MPLS terminology. MPLS was originally presented as a way of improving the forwarding speed of routers but is now emerging as a crucial standard technology that offers new capabilities for large scale IP network. Class B addresses begin with 10xx. Class E addresses begin with 1111. or 240 to 254 decimal. ACL… .Exterior Gateway Protocol (EGP) On Demand Routing (ODR) External EIGRP Internal BGP Unknown* 140 160 170 200 255 Clock rate – The clock rate interface command has been enhanced for the synchronous serial port Subnet – A subnet is a identifiable separate part of a organization network. or 192 to 223 decimal.

Content Filtering. IPSec VPN. Inside Global Address – A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP address to the outside world. Static NAT NAT – NAT is a way to map a range of global address to an inside or peimeter (DMZ) address. Numbers between 1 and 99. Inside Local Address – An IP address assigned to a host inside a network. URL filtering.. DHCP Server / Client. or any number between 1300 and 1999 can be used in a Standard ACL. CISCO PIX Firewall BASIC… PIX Device Manager ( PDM ) PIX firewall provide wide range of security… NAT . Overloading – is the form of dynamic NAT but maps multiple unregistered IP address to one single registered IP address. NAT Terms.1300 ?1999 Extended IP  100?199. Extended access control list have the ability to filter packet based on source and destination IP address.Empty ACL permit all traffic Standard IP  1?99 . Static NAT – One to one basis 2. This is know as PAT or single address NAT. 1. Outside Local Address – . Dynamci NAT – Nap a unregistered IP address to a pool of registered IP 3. 2000 ?2699 access-list acl_collector permit icmp any any access-list acl_collector permit ip any any Router( config) # access-list ACL# permit | deny conditions Standard Access Control list (ACL) are Cisco IOS based commands used to filter packets on cisco router based on the source IP address of the packet.

x .Outside Global Address .

• Best path is sent to external BGP neighbour. Load balancing . Classless Inter Domain routing ( CIDR) BGP Introduction Used for carrying routing informaton between AS's path vector Protocol Incremental Runs over TCP .ARP and RARP Address Translation ARP maps IP address into MAC address.BGP carries full internet routing table . the address they can reach and a cost metric associated with the path to each router. • Learns multiple paths via internal and external BGP speakers.Sortest algoritham path VLAN Creation … To define a VLAN on the cisco device.Create a vlan using VLAN X .Collection of network with same routing policy.BGP does NOT load balancing traffic. • Picks the best path and installs in the forwarding table. we need a VLAN ID. .IGP are used to carry next hop and interior network information. The routing table contains a list of known routers. a VLAN name.179 Conveys Informatoin about AS BGP. Autonomous System (AS) . where X is the ID Step 3 – Name the VLAN < VLAN Name> Step 4 – Create the VLAN with the network range Step 5 – End configuration mode by “ END” Step 5 : save conf by “ wr mem” .General Operation Learns multiple paths via internal and external BGP speakers Picks the best path and installs in the IP forwarding table. BGP is a protocol for exchanging routing information between gateway hosts in a network of autonomous systems. it choose & installs a "Best " route BGP Relationship with IGP .Do not consider path if not route to next hop. And ARP maps MAC address into IP address BGP…. Policy applied by influencing the best path selection.Single routing protocol BGP Path Selection Algoritham . Ports Step 1 – Get the current configuration Step 2 . .

1. flushed after 240. Global Config. 5.firewall. RIP V2  Subnet mask are included in the routing update. Privileged EXEC 3. VLANs are broadcast domains defined within switches to allow control of broadcast. Sending update every 30 seconds Invalid after 180 Sec. multicast. Set up RIP. After vlan has been created. network analysis. intrusion detection. but to acceptable from ver 1 and 2. port are assigned to the VLAN Router Configuration Tutorial 1. Cisco 6509 – Switch Details…. unicast and 2. PFC3A. by supporting centralized forwarding ( CEF) and distributed forwarding ( dCEF) There are three flavore. Supports all Catalyst 6500 modules. . VLAN are defined on the switch in an internal database know as the VTP database. RIP default behavior is send to ver 1 updateds. and SSL acceleration) The Cisco Supervisor engine 720 offer a strong set of security features. providing high performance multiplayer switching and routing intelligence. Interface Config.. 4. Hold down 180 . including all: • • • • • • • • • Supervisor engines Switch fabric modules Fast Ethernet modules Gigabit Ethernet modules 10 Gigabit Ethernet modules Voice modules Flex Wan Modules ATM modules Multi Gigabit services modules (content services . PFC3B. The supervisor engine 720 builds on the proven Cisco Express forwarding ( CEF) architecture. PFC3BXL MSFC3 The MSFC3 is an integral part of the supervisor engine 720. Difference between RIP V1 & V2 ? RIP V1  Classful routing protocol RIP V2  Classless routing protocol RIP V1  Subnet mask are NOT included in the routing update. IPSec/VPN. User EXEC 2.

What is the difference between router ACLs and Firewall ACLs? Router are designed to route traffic. The can filter packet at the application layer of the OSI model. This is useful for hiding information about protecting networks. What is IP Spoofing? Many firewall examine the source IP address of packet to dertmine if they are legitimate. http://www. Application level gateway also called proxies are similar to circuit level gateway expect that they are application specific. not stop Firewall are designed to examine and accept / reject traffic.com/knowledge/reference/firewalls1.What is the difference between gateway and firewall? A network gateway joins two network together through a combination of hardware and software. They filter packets at the network layer. 3.html#1 circuit level gateways work at the session layer of the OSI model. Stateful multiplayer inspection firewall. A router is a device that receives packets from one network and forwards them to another network. or the IP layer of TCP/IP. Depending upon our requirement we do our ACL configuration.vicomsoft. Packet filters Circuit level gateways Application level gateways Stateful multiplayer inspection firewalls Packet filtering firewalls work at the network level of the OSI model. 4. Network firewall may be hardware devices or software programs. A network firewall guards a computer network against unauthorized incoming or outgoing access. In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded. . Circuit level gateway are relatively inexpensive and have advantage of hiding information. Most routers support packet filtering. Can traceout command work across the firewall? If No then why? If Yes then why? Firewall A firewall filters both inbound and outbound traffic. 2. or the TCP layer of TCP / IP. What different types of firewall are there ? 1. Both ACL are do the same job.

30 minutes after the last update was received. RIPv2 Every 30 seconds for entire routing table. OSPF Incremental with only the network change. Distance vector. Protocol Update Timer Technology • • • RIPv1 Every 30 seconds for entire routing table. IGRP Updates every 90 seconds with incremental updates as needed. a compressed version of the table is propagated. However. It is responsible for forwarding the datagram. the router that originated the LSPmust periodically refresh its LSPs to prevent the remaining lifetime on the receiving routerfrom reaching 0. Link state. Distance vector. sometimes referred to as a type of distance vector routing protocol. sometimes called enhanced distance vector or a hybrid routing protocol. a compressed list of all the links the router has knowledge of is sent to all routers. • • • • . The refresh interval is 15 minutes. since many system define which packet may and which packets may not pass based on the sender IP address. However.IP spoofing – This is useful technique . Distance vector. Path vector. Advanced distance vector. IS-IS Incremental with only the network change. EIGRP Incremental updates with network change only. This means that approximately 15 minutes after the last update was received. BGP-4 Incremental with only the network change. Link state. Routing Funcion The routing function is responsible for learning the logical topology of the network and then make decision based on the knowledge Switching Function It is concerned with moving data across the router.

Typically involves updates sent using a broadcast address to everyone on the link.) Has knowledge of the network based on information learned from its neighbors. Uses the Dijkstra algorithm. OSPF will send summary information every 30 minutes. Uses many router resources. (IGRP does not conform to this as a proprietary solution. For effective use. Has a hierarchical design of areas that allow for summarization and growth. Link State Routing Protocols • • Sends incremental updates when a change is detected. Typically involves updates sent to those routers participating in the routing protocol domain. referred to by OSPF and IS-IS as cost. via a multicast address. this is based in seconds). Sends triggered updates to reflect changes in the network. Uses the Bellman Ford algorithm for calculating the best path. Includes a routing table that is a database viewed from the perspective of each router. Maintains one domain in which all the routes are known. • • • Has a topological database that is the same forevery router in the area. • • • . Is capable of using a complex metric. the addressing scheme should reflect the hierarchical design of the network. regardless of whether incremental updates have been sent in that time.Distance Vector Routing Protocols Versus Link-State Routing Protocols Distance Vector Link-State • • • • • • • • • • Sends its entire routing table at periodic intervals out of all interfaces (typically. Has knowledge of the network based on information learned from every router in the area. Uses a metric based on how distant the remote network is to the router. The routing table that is built from this database is unique to each router. but is relatively low in its demand for network resources. Is not restricted by addressing scheme. but is heavy in the use of network resources. Does not consume many router resources.

Does not require a hierarchical addressing scheme. Does not pass the subnet mask in the routing update and therefore is not capable of classless routing or VLSM. Is unlimited in the diameter of the network. Layer 3 Routing Versus Layer 3 Switching . These protocols alone add up to nine message types. If full benefits of the protocol are to be harnessed. just repeats them periodically (every 30 seconds). the number of routers to process the data. Carries the mask in the update and therefore can implement VLSM. Does not acknowledge routing updates. Is limited to a 15-hop diameter network. Involves updates sent as required (when changes are seen) and every 30 minutes after no change has been seen. RIP V1 • • • • • • • • OSPF Is a simple protocol to design. Acknowledges updates. • • • • • • • Is a complex protocol to design and. Cost is not stated in the RFCs. and maintain. configure. Each routing table on every intervening router must be updated before the changes reach the remote end of the network. in some instances. Has protocols for discovering neighbors and forming adjacencies. Has a routing table that is sent out of every interface every 30 seconds (by default). should use a hierarchical IP addressing scheme. summarization. although it is suggested that an area not exceed more than 50 networks. Uses hop count as a metric. but it has the capacity to be a complex calculation. to configure and maintain. as seen in Cisco’s implementation. Uses cost as a metric. Can transmit information about the network in two messages: the routing update and the triggered update.• Involves slower convergence because information of changes must come from the entire network (but indirectly). and classless routing. in addition to protocols for sending updates through the network.

Whereas the control plane defines where an IP packet should be routed to. . based upon information learned by the control plane. such as decrementing the time-to-live (TTL) field and recomputing the IP header checksum. Data plane—The data plane process is responsible for actually routing an IP packet. which defines where an IP packet should be routed to based upon the destination address of the packet. the distinction between both can perhaps be best explained by examining how an IP packet is routed. as well as other operations required on for IP routing. Layer 3 routing generally refers to control plane operations. Both terms are open to some interpretation. the data plane defines exactly how an IP packet should be routed. Layer 3 switching generally refers to data plane operations. which is defined in terms of a next hop IP address and the egress interface that the next hop is reachable from. however. The process of routing an IP packet can be divided into two distinct processes: • • Control plane—The control plane process is responsible for building and maintaining the IP routing table.It is important to understand the difference between Layer 3 routing and Layer 3 switching. This information includes the underlying Layer 2 addressing required for the IP packet so that it reaches the next hop destination.

Voice & Video Enabled IPSEC (V2PN) . It also handles both control and error messages. multicast and miltiprotcol traffic across the vpn.to – site VPN. Security feature on 7200 Router Control Plane Policing (CPP). site. Committed Access Rate (CAR) . Connected Engine – Network module (NM – CE) What is ICMP ? ICMP is Internet Control Message Protocol. the cisco 7301 and cisco 7200 series VPN routers deliver IPsec encryption scalability to 145 MBps for the most demanding head end . It will operate in the data link layer. "10base2" means: • 10 . What is a bandwidth? Every line has a upper limit and a lower limit on the frequency of signals it can carry.7200 Router 7200 enable an integrated solution for routing and security including Qos . transmission type. What are the 3 most common LAN architectures? The 3 most common types of LAN architectures* are: • • • Ethernet Token Ring ArcNet How does the nomenclature "10base2" describe Ethernet cable? An Ethernet LAN is often described in terms of three parameters: transmission rate. This limited range is called the bandwidth. and segment distance. a network layer protocol of the TCP/IP. What is the Frame Relay? Frame Relay is a packet switching technology. Utilizing the VPN acceleration module (VAM2) . It used the echo test / replay to test whether a destination is reached and responding.transmission rate or through put of 10Mbps .

What is a topology? A topology refers to the manner in which the cable is run to individual workstations on the network.transmission type is baseband rather than broadband network (i. A 10Base2 Ethernet LAN conforms generally to the IEEE 802. The dictionary defines topology as: the configurations formed by the connections between devices on a local area network (LAN) or between two or more LANs What is a HELLOW protocol used for? The HELLO protocol used time instead of distance to determine optimal routing. It is an alternative to the routing information protocol. in this case 200 meters (actually only 185 meters) What are the key characteristics of 10Base2 Ethernet. Token ring is normally implemented in a logical ring/physical star topology with a MAU (Multistation Access Unit) as the hub.• • base . What is difference between ARP and RARP ? . Also known as Thinnet Ethernet. Data transmission normally occurs at 4 or 16 Mbps depending on the cable. The maximum distance to the MAU from the workstation depends on the cable and varies from 45 meters for UTP to 100 meters for STP.e. it has the following key characteristics: • • • • • • • • • Transmits at 10 Mbps Uses Thinnet coaxial cable Supports a maximum of 30 nodes per segment Uses local bus topology Minimum distance between computers is 0.3 standard. It is very stable and can be expanded without a significant degradation in network performance. There can be up to 33 MAUs per ring. the signal is placed directly on the cable.. The maximum number of stations on one ring is 260 for shielded twisted pair and 72 for unshielded twisted pair (UTP).5m (not including drop cables) Maximum length of segment is 185m Up to 5 segments can be connected (but only 3 can accommodate nodes) Connected with BNC connectors (T-connectors) Used primarily for smaller workgroups or departments What is Token Ring? What IEEE standard does it conform to? Token ring is a relatively expensive LAN architecture that is strongly influenced by IBM. Token ring uses the token passing media access control.the maximum segment distance in meters times 100. Token Ring LANs normally use shielded twisted pair (STP) but may also use unshielded twisted pair (UTP) or fiber-optic cable. one signal at a time) 2 .

and its routing algorithm is called multicast routing.can route traffic along multiple paths. It uses the fundamental packet delivery services offered by UDP. THE RARP allows a host to discover its internet address when it knows only its physical address. although the table's contents can change without the administrator being aware of the change. The fixed central table reduces the need to update each machine's table. the TP Monitor may dynamically start new ones and this is called Load balancing. one for data transfer and another for control information. used by a host or a router to find the physical address. which is then read by other devices. and uses k What is Load balancing? If the number of incoming clients requests exceeds the number of processes in a server class. What does the Mount protocol do ? The Mount protocol returns a file handle and the name of the file system in which a requested file resides. as with the fixed table. The message is sent to the client from the server after reception of a client's request. What is Multicast routing ? Sending a message to a group is called multicasting. Usually a dynamic table causes the fewest problems for a network administrator.The ARP is used to associated the 32 bit ip addrss with the 48 bit physical address. What is IGP( Interior Gateway Protocl)? It is any routing protocol used within an autonomous system What is OSPF ? It in an internet routing protocol that scales well. reducing the amount of manual maintenance. . The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a file from one host to another. dynamic. A dynamic table changes its information based on network traffic. What is the difference between TFTP and FTP application layer protocols? The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from a remote host but does not provide reliability or security. and fixed central. What are the advantages and disadvantages of the three types of routing tables? The three types of routing tables are fixed. It uses the services offered by TCP and so is reliable and secure. A fixed central table lets a manager modify only one table. The fixed table must be manually modified every time there is a change. used by a host or a router to find the physical addrss of another host on its network by sendigna ARP query packet. It establishes two connections (virtual circuits) between the hosts.

used by a host or a router to find the physical address of another host on its network by sending a ARP query packet that includes the IP address of the receiver. What is terminal emulation. SSAP are addresses used by the LLC to identify the protocol stacks on the receiving and sending machines that are generating and using the data. What is MAC address? The address for a device as it is identified at the Media Access Control (MAC) layer in the network architecture.frame) or a unnumbered frame (U .frame). It belongs to application layer. The reverse address resolution protocol (RARP) allows a host to discover its Internet address when it knows only its physical address. What is difference between ARP and RARP? The address resolution protocol (ARP) is used to associate the 32 bit IP address with the 48 bit physical address. at the data link layer the datagram is encapsulated in to a frame and finally transmitted as signals along the transmission media. a source service access point (SSAP). at the network layer the data unit created is called the datagram. What are the types of Transmission media? Signals are usually transmitted over some transmission media that are broadly classified in to two categories:Guided Media: . What is the minimum and maximum length of the header in the TCP segment and IP datagram? The header should have a minimum length of 20 bytes and can have a maximum length of 60 bytes. DSAP. a control field and an information field. What are the data units at different layers of the TCP / IP protocol suite? The data unit created at the application layer is called a message. MAC address is usually stored in ROM on the network adapter card and is unique. The control field specifies whether the PDU frame is a information frame (I . at the transport layer the data unit created is called either a segment or an user datagram.What is the HELLO protocol used for? The HELLO protocol uses time instead of distance to determine optimal routing. It is an alternative to the Routing Information Protocol. What is Protocol Data Unit? The data unit in the LLC level is called the protocol data unit (PDU). in which layer it comes? Telnet is also called as terminal emulation. The PDU contains of four fields a destination service access point (DSAP).frame) or a supervisory frame (S .

These are those that provide a conduit from one device to another that include twisted-pair. They . Server-based networks provide centralized control of network resources and rely on server computers to provide security and network administration. Twisted-pair and coaxial cable use metallic that accept and transport signals in the form of electrical current. data link and network layers. Optical fiber is a glass or plastic cable that accepts and transports signals in the form of light. LANs of different type). it is an electronic device that operates only at physical layer. local networks and cannot be used with a router. It receives the signal in the network before it becomes weak. This is done through radio communication. computers can act as both servers sharing resources and as clients using the resources. coaxial cable and fiber-optic cable. Peer-to-peer network. What are the different type of networking / internetworking devices? Repeater: Also called a regenerator.e. What is the difference between routable and non. They contain software that enable them to determine which of the several possible paths is the best for a particular transmission.routable protocols? Routable protocols can work with a router and can be used to build large networks. They operate in the physical. between a LAN and a WAN). What are major types of networks and explain? Server-based network. Bridges: These operate both in the physical and data link layers of LANs of same type. They divide a larger network in to smaller segments. Non-Routable protocols are designed to work on small. Peer-to-peer network. Gateways: They relay packets among networks that have different protocols (e.g. and its routing algorithm is called multicast routing. satellite communication and cellular telephony. regenerates the original bit pattern and puts the refreshed copy back in to the link. Routers: They relay packets among multiple interconnected networks (i. Signals are broadcast either through air. A signal traveling along any of these media is directed and is contained by the physical limits of the medium. What is multicast routing? Sending a message to a group is called multicasting. Unguided Media: This is the wireless media that transport electromagnetic waves without using a physical conductor. They contain logic that allow them to keep the traffic for each segment separate and thus are repeaters that relay a frame only the side of the segment containing the intended recipent and control congestion.

This will be done when the originating host believes that a destination is local. congestion would be less common. This comes under presentation layer. Another open loop method to help manage congestion is forcing the packet to be transmitted at a more predictable rate. They operate in all seven layers of the OSI model. What is traffic shaping? One of the main causes of congestion is that traffic is often busy. What is packet filter? Packet filter is a standard router equipped with some extra functionality. A transport protocol designed by microsoft and IBM for the use on small subnets. Packets meeting some criterion are forwarded normally. Those that fail the test are dropped. This sublayer is responsible for maintaining the link between computers when they are sending data across the physical network connection. What is redirector? Redirector is software that intercepts file or prints I/O requests and translates them into network requests. when in fact is lies beyond router. as defined by the IEEE 802 standard. What is Proxy ARP? is using a router to answer ARP requests. What is NETBIOS and NETBEUI? NETBIOS is a programming interface that allows I/O requests to be sent to and received from a remote computer and it hides the networking hardware from applications. If hosts could be made to transmit at a uniform rate. This is called traffic shaping. Why should you care about the OSI Reference Model? It provides a framework for discussing network operations and design. The extra functionality allows every incoming or outgoing packet to be inspected. What is logical link control? One of two sublayers of the data link layer of OSI reference model. .accept a packet formatted for one protocol and convert it to a packet formatted for another protocol before forwarding it. NETBEUI is NetBIOS extended user interface. What is EGP (Exterior Gateway Protocol)? It is the protocol the routers in neighboring autonomous systems use to identify the set of networks that can be reached within or via each autonomous system.

What Is Switch? Today. This is a giant change from NT 4. Technology advances are producing faster and more intelligent desktop computers and workstations. and multimedia applications. What Is Dynamic DNS? A new feature is Dynamic DNS (DDNS) and as you begin to find out more about how name resolution and service location works. images. or bandwidth. network designers are moving away from using bridges and hubs and are primarily using switches and routers to build networks. clients were registered dynamically. can route traffic along multiple paths. it's a feature you'll be quite thankful for.0 when administrators had to enter in all DNS records manually. The combination of more powerful computers/workstations and network-intensive applications has created a need for network capacity.What is IGP (Interior Gateway Protocol)? It is any routing protocol used within an autonomous system. What is OSPF? It is an Internet routing protocol that scales well. Today's networks are experiencing an increase in the transmission of large graphics files. NO. if not all. that is much greater than the 10 Mbps that is available on shared Ethernet/802.3 LANS. DDNS works similarly to how WINS worked in NT 4. The basic premise behind DNS is that when a client starts it will register its name-to-IP address mapping with the DNS server that it's configured with. and uses knowledge of an Internet's topology to make accurate routing decisions. as well as an increase in the number of users on a network. NAME 7 6 5 4 Application Presentation Session Transport ENCAPS DEVICES / PDU Raw Data Segments .0 where most. full-motion video.

Switchs HUB. 10. it's important that you adequately secure data communications. .631 Mail – TCP 25 SMTP SQL – TCP -1433 DBS – 53 TACACS – 49 sftp – TCP 115 NTP – 123 NNTP . Port Details 1. 9. 12. Of course. 4. VPNs let you use an existing network—the Internet. 3.0. 6. How you secure data communications depends on the tunneling protocol you use. 515.Repeaters What Is Virtual Private Network? VPN connections are similar to dial-up connections in that they give remote users access to your network. 11. for example—as the connection medium. VPN users can realize significantly greater connection speeds than dial-up users). To use VPN. Shard Folder – 445 Terminal Server Access (RDP ) – 3389 Citrix – TCP 1494 Dyn >.3 2 1 Network Data Link Physical Packets Frame Bits Router Bridges. all you need at the client is a connection to the Internet (and with the proliferation of broadband Internet connections. VPN is especially beneficial in situations where users would otherwise incur long-distance charges when dialing in to your network.255. 8.0.1023 and UDP 1604 and Dyn >. 14. 13. But unlike dial-up connections. because you're communicating over a public network. 2.255.0 to 239.119 imap 143 Lotus Notes . VPNs wrap the Point-to-Point Protocol (PPP) packets used in dial-up connections with additional tunneling protocol headers that let the VPN packets travel securely over a shared network.255. 5.1352 tcp Multicast addresses are in the range 224. 15. 7.1023 Yahoo Messanger – TCP 5100 Printer Service port – TCP 9100 .

0.0.0.0.0 NO body 224. CRC .0.0. The FCS is the number arrived at after running the CRC and this number is placed into the field on the end of the frame.A mathematical computation to ensure the accuracy of frames transmitted between devices.1 EveryBody 224.9 RIP router Bridges       Switch Software-based L2 Device Learn MAC addresses Segment LANs Floods broadcasts Filters Frames Usually less than 16 ports       Hardware-based L2 device Learns MAC addresses Builds a CAM Table Single station or LAN segment on Floods broadcasts Can have 100 or more ports each port FCS ( Frame Check Sequence) Uses the standard 16-bit cyclic redundancy check (CRC) for checking frames.0.224. .

An L2 Frame Layer 2 Ethernet Frame 8 6 D MAC 6 S MAC 2 4 D IP 4 TCP S IP Wi nd D Po rt S Po L7 rt Hdr 46 1500 Data Segment 4 F C S L3 Info L2 Info L4 Info L7 Info L2 Info Address Learning – Bridges and Switches place the source MAC address of every frame received into a MAC address table in the switch’s memory Frame Forwarding/Filtering – The destination MAC address is looked up in the table and an exit port is located Loop Avoidance – When multiple connections between switches are created for redundancy. Spanning-Tree Protocol is used to stop loops while allowing redundancy Layer 2 Switching Logic A frame is received: • • • • Cut-through:   Copies only the destination address into its buffers Fast switching. but will pass corrupted frames Destination – Multicast or Broadcast Destination – Unknown Unicast Destination – Unicast in MAC Table Destination – Unicast – Same Port Flood Flood Forward Filter . network loops can occur.

Summary    Switches move frames throughout our networks by checking the DMAC address from the CAM Table and forwarding (or filtering if necessary) to the destination. L2 Address/Port Switches operate primarily at L2 of the OSI Model. associated with its port. . Never aged out of CAM table until an administrator makes a change. CAM Table Address Types Dynamic   Learned by looking at the SA (source address) of every incoming frame. The switch’s CAM Table is built by looking at the Source MAC address of every frame that enters the switch. Can more than one MAC can be associated with a single port? Subsequent frames with Destination Address found in CAM Table are directed to the proper port. Switch learns MAC address from Source Address field in Header. CAM Table entries are removed after 5 minutes of inactivity (by default). Later frames with DA not found in CAM Table are flooded to all ports. Aged out periodically – Default is 300 seconds Permanent/Static    Manually configured. Source Address is placed in CAM Table. Low latency because it begins to forward the frame as soon as it reads destination address the Store-and-Forward:   Copies the entire frame into its onboard buffers and computes the redundancy check (CRC) Latency varies depending on the frame length. cyclic Fragment Free (Modified):   Waits for the collision window (first 64 bytes) to pass before Forwarding Combines error checking with low latency Address Learning: Building the CAM Table • • • • • • CAM Table is empty at ‘power-on’. CAM entries do age out after a period of inactivity – 300 seconds (5 minutes).

. 4. you set up a set of rules that specify what types of packets (e. those to or from a particular IP address or port) are to be allowed and what types are to be blocked. Unlike static packet filtering. Stateful inspection is a firewall architecture that works at the network layer. A stateful inspection firewall has the ability to retrieve and manipulate information derived from all communication layers and from other applications. whether to accept/reject/authenticate/encrypt/log attempts) based on previous communication with the external host. or on an individual host . as well as other applications connected to it. Packet filtering may occur in a router. usually while routing them from one network to another (most often from the Internet to an internal network.k. Packet filters allow or block packets.a. which examines a packet based on the information in its header. stateful inspection examines not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination. stateful inspection allows for a more intelligent decision-making than simple port/packet-based access blocking. To accomplish packet filtering. dynamic packet filtering) in firewalls refers to the ability to track connection "state information" in addition to simple packet filtering for a more robust security. 2. What that means is.g. in a bridge. Packet Filtering Application Layer Gateways Stateful Inspection Content filtering Packet Filtering The action a device takes to selectively control the flow of data to and from a network. 3. the firewall has the ability to base control decisions (e. In other words.g. Firewall Technologies 1. and vice versa ).Firewall What is stateful inspection firewall Stateful inspection technology (a.

If the content contains a virus it will be discarded or disinfected. DHCP Dynamic Host Configuration Protocol. switches are producing collision domain breakup .. and harmful content is then disposed of. or explain broadcast domain and collision domain. it is related with Network layer (IIIrd layer of osi model) . TCP / UDP source and Destinition ports Application Level Security Content Filtering The Application data is handed over to a content filtering server that unpacks the dat to see what is inside. Destination IP address 3. because each port of swith is capable for collision domain breakup. Collision domain is can be in your same network . means from single point of network u can broadcast packets to many clients on another netwrok.A packet filtering router should be able to filter IP packets based on the following foure fields 1. Broadcast domain is related to communicate data in another network .g executables can be removed. according to the security policy. File types are identified and undesirable types. Source IP address 2. Different between broadcast domain and collision domain. For Example zipped files are unzipped first to see what is inside them. Routing protocol administrative Distance RIP --> 120 IGRP -. E.? 110 ospf --> 90 CONNECTED INTERFACE --> 0 STATIC ROUTE --> 1 IS-IS --> 115 . Provides a mechanism for allocating IP addresses dynamically so that addresses can be reused when hosts no longer need them.

IN EIGRP will not send and receive routing info. but not send. EIGRP • • • • • • • • It is cisco preparatory protocol. it is work based on min bw and net delay along with possible path.The rest of the time. but EIGRP more than makes up for this deficiency by being easy to configure. and only when there is a change to report .0. This helps routing tables throughout the network to reconverge quickly after a topology change such as a link or router failure. Passive Interface: In RIP interface pasive make it will receive routing info. The EIGRP topology database on each router keeps track of higher cost candidates for the same destinations. So EIGRP uses very little bandwidth Routers exchange routing information using multicast packets. The EIGRP metric is based on the minimum bandwidth and net delay along each possible path.0. .10.INTERNAL EIGRP --> 90 EXTERNAL EIGRP -->? 170 EXTERNAL BGP --> 20 INTERNAL BGP --> 200 • • • RIP V1 does not support VLSM EIGRP is based on distance vector algorithm. and reliable. In the EIGRP routing info will exchange when route have change. which helps to limit bandwidth usage on segments that hold many routers EIGRP uses multicast address 224. You can only use it in an all-Cisco network. fast. EIGRP only distributes information about routes that have changed. which means that EIGRP can accommodate larger networks than RIP EIGRP uses a more sophisticated algorithm called Diffusing Update Algorithm (DUAL). Normally HELLO packet only exchange. sending packets as raw IP packets using protocol number 88. The DUAL algorithm ensures that every router can individually make sure that its routing table is always free from loops. routers only exchange small "Hello" packets to verify that routing peers are still available.

If EIGRP cannot find an alternative route locally. eigrp 88 tcp 6 and upd 17 EIGRP supports multiaccess. This helps to give it a reliable and up-to-date image of all of the connections in the network that are currently in use. it queries its neighbours to discover a route. EIGRP uses multicast and unicast packets. EIGRP supports supernetting or the aggreation of blocks of address It also permits route redistribution between domains at the process level EIGRP and IGRP use the same algorithem to calculste a routing metirc EIGRP allows you to create summary routes at arbitrary network boundaries. rather than broadcasts for operational traffic When changes occur in a route. which enables better traffic flow distribution. point to point and non broadcast multiaccess (NBMA) topologies • • • • • • • • • • • • • • • • • • . EIGRP includes many of the features such as Classless Inter-Domain Routing (CIDR) and Variable Length Subnet Masks (VLSM) that are needed in larger networks. rahter than broadcast for operatonal traffic. EIGRP sends partial routing updates rather than complet routing table.• • • • • • • which is a central feature of the DUAL algorithm. EIGRP support route summarization at class full network boundaries by default. Router1(config)#router eigrp 55 The only restriction is that all of the routers that will be exchanging interior routing information via EIGRP must be configured with the same process number. which is the decision making process for all route compuations. it updates the topology table. A router running EIGRP stores all feasible routes (MAX 6) to a destination in its topology table. It is Cisco Proprietary Protocols and distace vector routing technology that incorporate the best feature of link state routing but remains fully compatible with IGRP EIGRP incoporates the Diffusing Update Algorithem (DUAL) . EIGRP is capable of load balancing traffic over routers that have different metric values. Every time a router receives a new piece of routing information from one of its neighbors. EIGRP operates at the Transport layer of the OSI reference model . router can learn of other routers on their directly attached networks EIGRP is a classless routing protocol that advertises a route mask for every destination network. The show ip route eigrp command lists the routes that have been learned through EIGRP EIGRP uses an RTP that guarantees delivery. This allows it to switch quckly to an alternative route whenever there is a networkchanges. EIGRP periodically sending small hello packets. EIGRP uses multicast and unicast packets. It uses Protocol dependent Modules (PDMs) as the mechanism for providing support for different routing protocol at the network layer.

The total cost is called the feasible distance (FD) EIGRP supports multiple sucessors to the same destinaiton provided they have the same FD use different next hop routers.0 Router2(config)#access-list 34 permit any Router2(config)#router eigrp 55 Router2(config-router)#distribute-list 34 in / OUT Serial0. EIGRP provides link to link protocol level security to avoid unauthorized access to routing table Eigrp have Neighbor table .• • • • • • • • • • • • • • • • • • • • • • EIGRP enables you to implement a hierarchical network design. Filtering Routes with EIGRP You can filter the routes that EIGRP receives on a particular interface (or subinterface) using the distribute-list in command Router2#configure terminal Enter configuration commands. Router2(config)#access-list 34 deny 192. DUAL maintains a separate table for each configured routing protocol. routing table and successor and feasible sucessor table An Eigrp topology table contains all router advertised by neighboring routers. replay and update packets – are transmitted reliably using RTP. update. EIGRP uses 32 bits DUAL determines the lowest cost route by adding the advertised distace (AD) between the next hope router and the destination to the cost between the local router an d the next hop router. EIGRP support five Generic packet types Hellow. RTP is responsible for ensuring the a router can still communicate with its established neighbors.1 Router2(config-router)#end Disabling EIGRP on an Interface • . K3 -> Delay k4 -> Reliablity and K5 -> MTU While IGRP uses 24 bit to represet the composite metrix. If no ack is recieved after the retry limit is reached. EIGRP use the Reliable Tranport Protocol (RTP) to guarantee ordered delivery of packets to all neighbors.30. Only those packets that require explicit ack . All secussors are stored in the routing table.Query. K2 ---> load. the neighbor relationship is reset. ack Smooth round trip timer (SRTT) The Retrasmit interval (RTO) is calculated on the basis of the SRTT value. queries. EIGRP select a max of 6 primary (Sucessor) and backup (Feasible sucessor) routes per destinaiton.168. one per line. topology table . RTP will retansmit an update query or replay packet up to 16 times in an attemnt to recive ack for the packet. replies. EIGRP metrix calculate is based on K values K1 -> Bandwidth. End with CNTL/Z. It is select best route The best route to a destination is known as the successor to the destination.

you can adjust the timers on one router on a link independently of what you have configured on other interfaces on this router. Router1(config)#interface Serial0. Enabling EIGRP Authentication You want to authenticate your EIGRP traffic to ensure that no unauthorized equipment can affect your routing tables.0 255.0. or on other routers on this link. Logging EIGRP Neighbor State Changes Router1(config)#router eigrp 55 Router1(config-router)#eigrp log-neighbor-changes Limiting EIGRP's Bandwidth Utilization You want to limit the fraction of an interface's bandwidth available to EIGRP for routing updates. The default timer values for most interface types are 5 seconds for hellos and a 15-second hold timer.1 Router1(config-subif)#ip bandwidth-percent eigrp 55 40 EIGRP Stub Routing . and one of the most frequently overlooked ways to improve network efficiency.25.Router1(config-router)#passive-interface Serial0/1 The passive-interface command in EIGRP prevents directly connected routers from establishing an EIGRP neighbor relationship EIGRP Route Summarization Router1(config-subif)#ip summary-address eigrp 55 172.0 Router1(config-router)#no auto-summary Summarization is one of the most powerful features of EIGRP. OSPF can only summarize at the ABR.0. Adjusting Timers Router1(config-subif)#ip hello-interval eigrp 55 3 Router1(config-subif)#ip hold-time eigrp 55 9 • • EIGRP.255. Router1(config-if)#ip authentication mode eigrp 55 md5 Router1(config-if)#ip authentication key-chain eigrp 55 ORA They just authenticate these packets using MD5.

EIGRP uses the BW which are directly added in the neighbor router. This function is enabled by default. Note that with this option you must also configure the redistribute static command. Principle of EIGRP • • • • • • • • • • • Advanced distanced vector Loop free classless routing protocol Incremental update Load balancing across equal and unequal cost pathways It is work on auto summarizations and manual summarizations Rapid convergence Manual summarization at any point in the internet work. or alternatively use the redistribute connected command. This router will not share its routing information with its neighbors. EIGRP (Transport Mechanism) • • • • EIGRRP transport mechanisam has window size of one. Retransmission happen 16 times Hello time is 5 sec . Note that you must configure the appropriate network statements for these connected networks. Static : The router will advertise static routes. Connected : This router will only advertise connected networks.You want to stabilize your network by sending smaller routing tables out to stub branches and reducing the scope of EIGRP queries Router1(config)#router eigrp 55 Router1(config-router)#eigrp stub It is most commonly used in hub-and-spoke network designs. It is work on Network layer It is use 50 % of BW by default. Each packet must be ack.LAN Environment Hold time 15 sec – LAN Environment . Automatically established neighbor relationship. Summary : The router will advertise summary routes. The eigrp stub command can take four different keywords: Receive-only : The router becomes a receive-only neighbor. for details on route summarization.

Hello: Messages used to find and maintain neigbours in the topology table. update and Replay are reliable packet. It is relable. A path is moved from topology table to the routing table when a feasible successor is identified. • converge Kind of Packet in EIGRP Hellow. It is send only when there is changes in the network to affected router.• • • Hello time is 60 Sec – WAN Environment.WAN Environment. EIGRP Terminology Neighbor : A router running EIGRP that is directly connected Route Table : The routing table or list of available network and the best path. Hold time 180 Sec . the feasible distance . Ack are unreliable Query . Update : An EIGRP packet containing changes information about the network. . This is list of all the successor . Hold time by default is three times the hello times EIGRP DUAL • Track all routing advertised by neigboures • Loop free path using a successor and remember any feasibility successor • DUAL is a formal that uses a discovery path of loop free calculation. Topology Table : A table that contains all the paths advertised by neighbours to all the know networks. feasible successor. the advertised distance and the outgoing interfaces.

the router examines The topology table to find the FS. it is placed on routing table. Reliable Transport Protocol (RTP ) : Mechanism used to determine requirements that the packets be delivered in sequence and guranteed. how far the Query is allowed to propagate in search of a feasible successor. that is . The router is active until all the ACK have Have been received. Smooth round – Trip Time ( SRTT) : The time that the router waits after sending a packet reliably to hear the acknowledge. Stuck in Active (SIA) : When a router has sent out network packets and is Waiting for ACK from all neighbors. It is relable. Retransmission Timeout (RTO) : RTO determine how long the router waits for the ACK before retransmitting the packet. If there is no alternate route (feasible successor) . The route is set to active mode Passive : An operational route is passive. If they do not appear after a certain time. This make the route state change to active.Query : Send from the router when it loses a path to a network. Successor : The next hop router that passes the FC. but after examining the Topology table. Active: Router state when there is a network changes. it will send out queries to neighbors inquiring whether they have any feasible successor. the route is SIA for router. If the path is lose. It is chosen from the FS as having the lowest metric to the remote network. no FS is found. If there is an FS. Advertised distance : The cost of the path to the remote network from the neighbor. This is necessary Prevent SIA. . the Query Scoping : Network design to limit of the query range. Feasible Distance : The lowest cost distance to a remote network.

Update .Other wise the route queries the neghbours and routes into active mode. query and replay packets are must be ack by the receving neighbor . Stub Router It is used on hub and spoke environment. Stub router in EIGRP network use EIGRP to send limited info between the stub router and the core router. This article discusses the known TCP/IP ports (TCP and/or UDP) that are used by Citrix services. Advertised distance : The EIGRP metric for an EIGRP neighbor to reach a priticula network RTP: EIGRP uses both multicast and unicast addressing . Information Function Ports ICA (Default) IMA CMC SSL STA (IIS) TCP: 1494 TCP: 2512 TCP: 2513 TCP: 443 TCP: 80 . Some of the packet are send relably. The stub router is EIGRP is similar to On Demand routing (ODR) • • No routing protocols are run on stub router. the packet are retransmitted up to 16 times.

TCP Browsing XML (Default) Citrix License Management Console Presentation Server Licensing ICA session w/ Session Reliability enabled UDP: 1604 TCP: 80 TCP: 8082 TCP: 27000 TCP: 2598 .

What protocol is used by DNS name servers DNS uses UDP for communication between servers. including name-to-address resolution information. Resource records are maintained as ASCII files. 10Base5—An Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses baseband signaling.What are 10Base2. . transmission reliability suffers with UDP. It is a better choice than TCP because of the improved speed a connectionless protocol offers. Explain the HELLO protocol used for The HELLO protocol uses time instead of distance to determine optimal routing. with 5 continuous segments not exceeding 100 meters per segment. The same message might contain the name of the machine that has the boot files on it. the workstation sends another UDP message to query the server. with a contiguous cable segment length of 100 meters and a maximum of 2 segments. Explain a DNS resource record A resource record is an entry in a name server's database. 10Base5 and 10BaseT Ethernet LANs 10Base2—An Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses baseband signaling. If the boot image location is not specified. There are several types of resource records used. 10BaseT—An Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses baseband signaling and twisted pair cabling. Explain the difference between interior and exterior neighbor gateways Interior gateways connect LANs of one organization. It is an alternative to the Routing Information Protocol. whereas exterior gateways connect the organization to the outside world. How does it get a message to the network looking for its IP address and the location of its operating system boot files BOOTP sends a UDP message with a subnetwork broadcast address and waits for a reply from a server that gives it the IP address. BOOTP helps a diskless workstation boot. Of course.

can route traffic along multiple paths. which is then read by other devices. dynamic. A dynamic table changes its information based on network traffic. as with the fixed table. This will be done when the originating host believes that a destination is local.What are the advantages and disadvantages of the three types of routing tables The three types of routing tables are fixed. Explain a Multi-homed Host It is a host that has a multiple network interfaces and that requires multiple IP addresses is called as a Multi-homed Host. when in fact is lies beyond router. although the table's contents can change without the administrator being aware of the change. reducing the amount of manual maintenance. A source route may optionally be included in an IP datagram header. Explain source route It is a sequence of IP addresses identifying the route a datagram must follow. Explain Kerberos It is an authentication service developed at the Massachusetts Institute of Technology. Explain Proxy ARP It is using a router to answer ARP requests. The fixed table must be manually modified every time there is a change. Explain RIP (Routing Information Protocol) It is a simple protocol used to exchange information between the routers. A fixed central table lets a manager modify only one table. Explain SLIP (Serial Line Interface Protocol) It is a very simple protocol used for transmission of IP datagrams across a serial line. . and fixed central. Usually a dynamic table causes the fewest problems for a network administrator. Explain OSPF It is an Internet routing protocol that scales well. and uses knowledge of an Internet's topology to make accurate routing decisions. Kerberos uses encryption to prevent intruders from discovering passwords and gaining unauthorized access to files. The fixed central table reduces the need to update each machine's table.

Explain Gateway-to-Gateway protocol It is a protocol formerly used to exchange routing information between Internet core routers. Explain multicast routing Sending a message to a group is called multicasting. Explain BGP (Border Gateway Protocol) It is a protocol used to advertise the set of networks that can be reached with in an autonomous system. Explain EGP (Exterior Gateway Protocol) It is the protocol the routers in neighboring autonomous systems use to identify the set of networks that can be reached within or via each autonomous system. The other name for virtual channel is virtual circuit . Explain packet filter Packet filter is a standard router equipped with some extra functionality. This is newer than EGP (Exterior Gateway Protocol). The extra functionality allows every incoming or outgoing packet to be inspected. Explain IGP (Interior Gateway Protocol) It is any routing protocol used within an autonomous system Explain Mail Gateway It is a system that performs a protocol translation between different electronic mail delivery protocols. BGP enables this information to be shared with the autonomous system. Explain virtual path Along any transmission path from a given source to a given destination. although multicast connections are also permitted. Explain virtual channel Virtual channel is normally a connection from one source to one destination.Explain NVT (Network Virtual Terminal) It is a set of rules defining a very simple virtual terminal interaction. Packets meeting some criterion are forwarded normally. a group of virtual circuits can be grouped together into what is called path. and its routing algorithm is called multicast routing. The NVT is used in the start of a Telnet session. Explain autonomous system It is a collection of routers under the control of a single administrative authority and that uses a common Interior Gateway Protocol. Those that fail the test are dropped.

This sublayer is responsible for maintaining the link between computers when they are sending data across the physical network connection.255 Class D 224.0 .0.239.191. between any two points on the network. Explain the difference between routable and non.255. Explain difference between ARP and RARP The address resolution protocol (ARP) is used to associate the 32 bit IP address with the 48 bit physical address.255.255 Class B 128.255 Explain the minimum and maximum length of the header in the TCP segment and IP datagram The header should have a minimum length of 20 bytes and can have a maximum length of 60 bytes. Explain 5-4-3 rule In a Ethernet network.0. hub is called Multistation Access Unit(MAU). The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a file from one host to another. Explain the difference between TFTP and FTP application layer protocols The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from a remote host but does not provide reliability or security. one for data transfer and another for control information. It uses the services offered by TCP and so is reliable and secure.255.0.0 . used by a host or a router to find the physical address of another host on its network by sending a ARP query packet that includes the IP address of the receiver.223.255.0.255. local networks and cannot be used with a router Explain MAU In token Ring .0. Explain the range of addresses in the classes of internet addresses Class A 0.255.0.0.255.255.255. The reverse address resolution protocol (RARP) allows a host to discover its Internet address when it knows only its .0.0.0 .255 Class C 192. there can be no more than five network segments or four repeaters. Why should you care about the OSI Reference Model It provides a framework for discussing network operations and design.127.Explain logical link control One of two sublayers of the data link layer of OSI reference model.255. as defined by the IEEE 802 standard. It establishes two connections (virtual circuits) between the hosts. and of those five segments only three of segments can be populated.0 .0 .255 Class E 240.0.247.routable protocols Routable protocols can work with a router and can be used to build large networks. Non-Routable protocols are designed to work on small. It uses the fundamental packet delivery services offered by UDP.

It also handles both control and error messages What are the data units at different layers of the TCP / IP protocol suite The data unit created at the application layer is called a message. Explain Project 802 It is a project started by IEEE to set standards that enable intercommunication between equipment from a variety of manufacturers. a network layer protocol of the TCP/IP suite used by hosts and gateways to send notification of datagram problems back to the sender. 802.physical address. Token ring LAN (802. Explain attenuation The degeneration of a signal over distance on a network cable is called attenuation.5). Difference between bit rate and baud rate.6 is distributed queue dual bus (DQDB) designed to be used in MANs. It is a way for specifying functions of the physical layer. Media access control (MAC) is the lower sublayer of the data link layer that contains some distinct modules each carrying proprietary information specific to the LAN product being used.2 Logical link control (LLC) is the upper sublayer of the data link layer which is nonarchitecture-specific. This limited range is called the bandwidth. MAC address is usually stored in ROM on the network adapter card and is unique. the data link layer and to some extent the network layer to allow for interconnectivity of major LAN protocols. at the transport layer the data unit created is called either a segment or an user datagram. It consists of the following: 802. 802. . The modules are Ethernet LAN (802. baud rate = bit rate / N where N is noof-bits represented by each signal shift. Explain ICMP ICMP is Internet Control Message Protocol. Token bus LAN (802. at the network layer the data unit created is called the datagram.1 is an internetworking standard for compatibility of different LANs and MANs across protocols.3). at the data link layer the datagram is encapsulated in to a frame and finally transmitted as signals along the transmission media. Explain Bandwidth Every line has an upper limit and a lower limit on the frequency of signals it can carry. Bit rate is the number of bits transmitted during one second whereas baud rate refers to the number of signal units per second that are required to represent those bits. It uses the echo test / reply to test whether a destination is reachable and responding. Explain MAC address The address for a device as it is identified at the Media Access Control (MAC) layer in the network architecture. that is remains the same for all IEEE-defined LANs.4).

Explain RAID A method for providing fault tolerance by using multiple hard disk drives. Explain redirector Redirector is software that intercepts file or prints I/O requests and translates them into network requests.3. Beaconing is used in Token ring and FDDI networks. Explain terminal emulation. The stations on the network notify the other stations on the ring when they are not receiving the transmissions.Explain cladding A layer of a glass surrounding the center fiber of glass inside a fiber-optic cable. Together. in which layer it comes Telnet is also called as terminal emulation. Explain subnet A generic term for section of a large networks usually separated by a bridge or router. called X. Explain NETBIOS and NETBEUI NETBIOS is a programming interface that allows I/O requests to be sent to and received from a remote computer and it hides the networking hardware from applications.28. Explain Brouter Hybrid devices that combine the features of both bridges and routers. It will operate in the data link layer. NETBEUI is NetBIOS extended user interface. It belongs to application layer. in which layer it comes Frame relay is a packet switching technology. Explain frame relay. another standard protocol exists between hte PAD and the network. The standard protocol has been defined between the terminal and the PAD. A transport protocol designed by microsoft and IBM for the use on small subnets. these three recommendations are often called "triple X" Explain SAP Series of interface points that allow other computers to communicate with the other layers of network protocol stack. This comes under presentation layer Explain Beaconing The process that allows a network to self-repair networks problems. called X. What do you meant by "triple X" in Networks The function of PAD (Packet Assembler Disassembler) is described in a document known as X. .29.

It receives the signal in the network before it becomes weak. simple to understand. they are referred to as passive because they don’t amplify the signal in any way. between a LAN and a WAN). They accept a packet formatted for one protocol and convert it to a packet formatted for another protocol before forwarding it. Advantages: Inexpensive. data link and network layers. They contain software that enable them to determine which of the several possible paths is the best for a particular transmission. STAR topology: In this all computers are connected using a central hub. What are the important topologies for networks BUS topology: In this each computer is directly connected to primary network cable in a single line.How Gateway is different from Routers A gateway operates at the upper levels of the OSI model and translates information between two completely different network architectures or data formats. easy to install. it is an electronic device that operates only at physical layer.g. Advantages: . regenerates the original bit pattern and puts the refreshed copy back in to the link. They operate in the physical. They divide a larger network in to smaller segments. easy to install and reconfigure and easy to trouble shoot physical problems. easy to extend. They contain logic that allow them to keep the traffic for each segment separate and thus are repeaters that relay a frame only the side of the segment containing the intended recipent and control congestion.e. LANs of different type). What are the different type of networking / internetworking devices Repeater: Also called a regenerator. Routers: They relay packets among multiple interconnected networks (i. They operate in all seven layers of the OSI model. Example for passive topology . Bridges: These operate both in the physical and data link layers of LANs of same type. Explain mesh network A network in which there are multiple network links between computers to provide multiple paths for data to travel Explain passive topology When the computers on the network simply listen and receive the signal.linear bus. RING topology: In this all computers are connected in loop. Advantages: Can be inexpensive. Gateways: They relay packets among networks that have different protocols (e.

Unguided Media: This is the wireless media that transport electromagnetic waves without using a physical conductor. Server-based networks provide centralized control of network resources and rely on server computers to provide security and network administration Explain difference between baseband and broadband transmission In a baseband transmission. What are the types of Transmission media Signals are usually transmitted over some transmission media that are broadly classified in to two categories. Optical fiber is a glass or plastic cable that accepts and transports signals in the form of light. In broadband transmission. A signal traveling along any of these media is directed and is contained by the physical limits of the medium. Guided Media: These are those that provide a conduit from one device to another that include twisted-pair. satellite communication and cellular telephony. Explain point-to-point protocol A communications protocol used to connect computers to remote networking services including Internet service providers. the entire bandwidth of the cable is consumed by a single signal. computers can act as both servers sharing resources and as clients using the resources. installation can be simple. What are the possible ways of data exchange (i) Simplex (ii) Half-duplex (iii) Full-duplex. and signal does not degrade as much as in other topologies because each computer regenerates it. What are the two types of transmission technology available (i) Broadcast and (ii) point-to-point . Twisted-pair and coaxial cable use metallic that accept and transport signals in the form of electrical current. This is done through radio communication. allowing multiple signals to be sent simultaneously.All computers have equal access to network media. Signals are broadcast either through air. coaxial cable and fiber-optic cable. signals are sent on multiple frequencies. What are major types of networks and explain Server-based network Peer-to-peer network Peer-to-peer network.

synchronization. Transmission is a physical movement of information and concern issues like bit polarity. clock etc. Communication means the meaning full exchange of information between two communication media .Difference between the communication and transmission.

the VLAN is distributed through all switches in the domain. but you cannot create. Client VTP clients behave the same way as VTP servers. Virtual Local Area Network (VLAN) Trunk Protocol (VTP) reduces administration in a switched network. and delete VLANs and specify other configuration parameters (such as VTP version and VTP pruning) for the entire VTP domain. When you configure a new VLAN on one VTP server. All Cisco Catalyst switches are configured to be VTP servers. you can create. modify. VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. and renaming of VLANs on a network-wide basis. This reduces the need to configure the same VLAN everywhere. . change. Upon receipt of an advertisement request. transparent switches do forward VTP advertisements that they receive out their trunk ports. VTP is a Cisco-proprietary protocol that is available on most of the Cisco Catalyst Family products. Transparent VTP transparent switches do not participate in VTP. a VTP device sends a summary advertisement. in VTP version 2. deletion. VTP server is the default mode. • • • Modes of Operation Server In VTP server mode.Cisco Switch VLAN Trunking Protocol • • VLAN Trunking Protocol (VTP) is a Cisco Layer 2 messaging protocol that manages the addition. or delete VLANs on a VTP client. VTP ensures that all switches in the VTP domain are aware of all VLANs. followed by one or more subset advertisements. However. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements.

and to combine them to accumulate bandwidth. What is PPP Multilink? PPP Multilink can give you aggregate bandwidth equal to the sum of the individual physical connections. Multiple bonded connections behave like a single connection. The component links are said to be bonded. Techniques that accomplish this task are collectively referred to in this document as "bandwidth aggregation". Two techniques will be examined in detail. c) Packets are delivered to web browser over bonded link. . If part of the route between the server and the browser were composed of bonded multiple links. To many Internet users.What is bandwidth aggregation? The use of multiple modems to achieve aggregate bandwidth equivalent to broadband solutions is both available and affordable to most users today. also known as Internet access bandwidth. Neither the web server nor the web browser would be aware of this. a) Web server sends image to web browser. Both of these alternatives can be very costly. What is bonding? Data is broken up into manageable packets for Internet delivery. If no low cost broadband alternative is available in your area. the only way forward from a 56Kbps modem is ISDN or leased line. This image would be broken up into several packets by the server operating system because a single packet would be much too large for routers and network components to handle. From a functional point of view there is only one link. Although bandwidth aggregation may occur in many different contexts. Often. Suppose for example that a web server sends an image to a web browser. The amount of time it takes to download web pages or other information from the Internet depends on a number of factors including Internet access bandwidth limitations. the packets that made up the image could alternately travel over one or the other of the component links. b) TCP stack on web server computer breaks data into packets for delivery. ISP performance restrictions. e) Web browser displays image. the scope of this document is limited to the aggregation of Internet access bandwidth. Multilink and Connection Teaming. sometimes at considerable expense. 3. It has the ability to bond two or more simultaneous parallel connections. general Internet congestion and remote host response time. The PPP Multilink Protocol (MP) is an extended version of PPP (Point to Point Protocol). The resulting virtual connection has bandwidth equal to the sum of the separate connections. PPP Packets contain information used to recombine and sequence them. the weakest link in this chain is the bandwidth between your computer and the Internet. d) TCP stack on web browser computer reassembles packets into image. It is possible however to have more than one connection between your computer and the Internet. increasing this bandwidth involves getting a broader bandwidth connection.

In plain terms. and therefore offers interoperability among vendors.90 modems as well. but these are not within the reach of most end users. for example an FTP download. this means that to use Mulitilink PPP. To the best of our knowledge at the time of this writing. all the bonded links must originate and terminate on the same pair of endpoints so that they can split and recombine the data streams. in theory at least. To accomplish this it is necessary to have an MP compliant hardware device or software program at either end of the link. If you download a . The functions performed by MP are as follows: • • • • • • • • • originating MP receives packets optionally fragments them determines which is the next available link adds a PPP Multilink header containing sequencing and other information forwards packet or packet fragments over available links receiving MP receives packets or packet fragment removes MP header reconstitutes fragments into whole packets forwards packets to IP address The result is a smooth distribution of traffic over available links even when they vary considerably in capacity or when available bandwidth fluctuates greatly. Many offer bonding of V. How does PPP Multilink work? PPP Multilink splits a single PPP connection into two separate physical links. What are the limitations of PPP Multilink? Because PPP Multilink uses bonding. MP transmits each individual packet or fragment along the first available link. and few ISPs support them.MP may fragment the packets if needed to meet the MTU (Maximum Transmit Unit) value. your ISP must have hardware or software that supports Multilink for the type of connection you are using and must offer this service to their subscribers. Both the endpoints must use PPP Multilink. or alternatively send whole packets over the available links. this can be done with very expensive hardware routing solutions. can take advantage of multiple links. If you wish to bond any other connection type such as DSL. Most ISDN enabled ISPs offer MP to bond the two B channels. It also has the benefit that even a single TCP/IP connection. What are the advantages of PPP Multilink? The major advantage of PPP Multilink is that it is a public standard. then recombines them in the correct sequence. You may be using MP over a particular type of modem but your ISP may not have the corresponding hardware. the majority of ISPs do not have any support for PPP Multilink with any type of connection other than ISDN. Not all connection types are supported. along with extra information to enable the receiving end to recombine the fragments into a single packet for onward routing.

The earliest firewalls were simply routers. Some teaming solutions do allow FTP delivery over multiple links. When a TCP session is opened. any protocol that requires a single connection between host and client. the file will download twice as fast. A firewall sits at the junction point or gateway between the two networks. such as terminal emulation. Connection Teaming links are not terminated on pairs of end points. A Connection Teaming server between the LAN and the Internet receives requests from LAN clients and forwards them along the next available connection.file over a PPP Multilink connection with two identical bonded links. will benefit from bandwidth aggregation offered by Multilink because of this transparency. What does a firewall do? . How does Connection Teaming work? A Connection Teaming server is situated on the user's LAN. It sets up and maintains individual TCP/IP sessions along multiple links using standard protocols. Each request must follow one of the available data paths. This would not apply however. The many HTTP. however. Neither the FTP client nor the server will be aware that there is a Multilink connection in the middle. as part of the routing software between the user and the Internet. It may be a hardware device running on a secure host computer. What is a firewall? A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. one for the network it is intended to protect. to a single large graphic delivered via HTTP. FTP or other TCP sessions that are opened by LAN computers are distributed to all of the available connections this way. In either case. A single user downloading a large file will not experience any improvement with Connection Teaming. The term firewall comes from the fact that by segmenting a network into different physical subnetworks. The result is a relatively even distribution of Internet traffic across the available links. LAN browsers and other clients do not need to know which connection is used to forward their requests to the Internet. Unlike bonded links. individual requests are not split across multiple links then recombined again. the server uses the link with the lowest amount of traffic. What are the limitations of Connection Teaming? The primary limitation of Connection Teaming comes from the fact that it does not split up individual requests. Similarly. it must have at least two network interfaces. and one for the network it is exposed to. usually a private network and a public network such as the Internet. Connection Teaming is a form of bandwidth aggregation that does not bond links. and a significant increase in effective throughput. they limited the damage that could spread from one subnet to another just like firedoors or firewalls. What is Connection Teaming? Unlike PPP Multilink.

. If it does. is just plain old looking through company trash. Social engineering involves skills not unlike those of a confidence trickster. ftp or telnet. Southwestern Bell. What can't a firewall do? A firewall cannot prevent individual users with modems from dialling into or out of the network. British Telecommunications Inc.. They used a combination of social engineering and dumpster diving. and Sprint Corp. anyone who connects so much as a single computer to the Internet via modem should have personal firewall software. It can also manage public access to private networked resources such as host applications. Policies involving the use and misuse of passwords and user accounts must be strictly enforced. Firewalls cannot be effective against either of these techniques.A firewall examines all traffic routed between the two networks to see if it meets certain criteria. perhaps having to reinstall their operating system. Dumpster diving or garbology. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. as the name suggests. They feel that no malicious intruder would be motivated to break into their computer. These are management issues that should be raised during the planning of any security policy but that cannot be solved with firewalls alone. The arrest of the Phonemasters cracker ring brought these security issues to light. Many dial-up Internet users believe that anonymity will protect them. A firewall filters both inbound and outbound traffic. Who needs a firewall? Anyone who is responsible for a private network that is connected to a public network needs firewall protection. Firewalls can also filter specific types of network traffic. MCI WorldCom. GTE Corp. know that this is not true. How does a firewall work? . Employee misconduct or carelessness cannot be controlled by firewalls. bypassing the firewall altogether. This is known as address filtering. Irresponsible pranksters can use automated robots to scan random IP addresses and attack whenever the opportunity presents itself. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used. Firewalls can also filter traffic by packet attribute or state. it is routed between the networks. People are tricked into revealing sensitive information. the group did not use any high tech methods such as IP spoofing (see question 10). Dial up users who have been victims of malicious attacks and who have lost entire days of work. for example HTTP. Although they were accused of breaking into information systems run by AT&T Corp.. Furthermore. Firewalls can filter packets based on their source and destination addresses and port numbers. otherwise it is stopped.

source and destination port number and protocol used. They can filter packets at the application layer of the OSI model. circuit level gateways. In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. the firewall can drop the packet. etc. an application level gateway that is configured to be a web proxy will not allow any ftp. Most routers support packet filtering. Application level gateways. or it may deny all traffic unless it meets certain criteria . implementing packet filtering at the router level affords an initial degree of security at a low network layer. or with source or destination addresses and ports. The advantage of packet filtering firewalls is their low cost and low impact on network performance. Even if other firewalls are used. How a firewall determines what traffic to let through depends on which network layer it operates at. This type of firewall only works at the network layer however and does not support sophisticated rule based models . A discussion on network layers and architecture follows. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. On the other hand. A firewall may allow all traffic through unless it meets certain criteria. application level gateways and stateful multilayer inspection firewalls. Because they examine packets at application layer. Packet filtering firewalls work at the network level of the OSI model. The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another. They may also use complex rule bases that analyse the application data to determine if the traffic should be allowed through. A router is a device that receives packets from one network and forwards them to another network. gopher. also called proxies.There are two access denial methodologies used by firewalls. Firewalls may be concerned with the type of traffic. This is useful for hiding information about protected networks. or the IP layer of TCP/IP. They are usually part of a router. or the TCP layer of TCP/IP. Network Address Translation (NAT) routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall. they can filter application specific commands such as http:post and get. and offer a level of circuit-based filtering. forward it or send a message to the originator. In plain terms. Incoming or outgoing packets cannot access services for which there is no proxy. Rules can include source and destination IP address. telnet or other traffic through. Depending on the packet and the criteria. Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. This cannot be accomplished with either packet filtering . are similar to circuit-level gateways except that they are application specific. they do not filter individual packets. Circuit level gateways work at the session layer of the OSI model. What different types of firewalls are there? Firewalls fall into four broad categories: packet filters.

Stateful multilayer inspection firewalls offer a high level of security. A malicious cracker would then try to gain entry by "spoofing" the source IP address of packets sent to the firewall. good performance and transparency to end users. but have a significant impact on network performance. An effective measure against IP spoofing is the use of a Virtual Private Network (VPN) protocol such as IPSec. They are expensive however. Without access to the encryption keys. Application level gateways can also be used to log user activity and logins. but no technical solutions to management problems". It reminds them that Bad Things can and do happen. alleviating the problem caused by the lack of transparency of application level gateways. This methodology involves encryption of the data in the packet as well as the source address. What is IP spoofing? Many firewalls examine the source IP addresses of packets to determine if they are legitimate. and users don't like this. and due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel. Information security involves constraints. Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls.firewalls or circuit level neither of which know anything about the application level information. A firewall may be instructed to allow traffic through if it comes from a specific trusted host. Of course the cracker would need to know a good deal about the firewall's rule base to exploit this kind of weakness. They filter packets at the network layer. Firewalls restrict access to certain services. a potential intruder would be unable to penetrate the firewall. If either the data or the source address have been tampered with. anywhere. Firewall related problems Firewalls introduce problems of their own. Responsible management of information is essential. determine whether session packets are legitimate and evaluate contents of packets at the application layer. One of Courtney's laws sums it up: "There are management solutions to technical problems. This reinforces the principle that technology alone will not solve all security problems. This is because of context switches that slow down network access dramatically. The VPN software or firmware decrypts the packet and the source address and performs a checksum. They allow direct connection between client and host. it may let them through unless other criteria failed to be met. They are not transparent to end users and require manual configuration of each client computer. They offer a high level of security. any . the packet will be dropped. The vendors of information technology are constantly telling us "anything. If the firewall thought that the packets originated from a trusted host. They rely on algorithms to recognize and process application layer data instead of running application specific proxies.

x2. Firewalls can also constitute a traffic bottleneck. x3 and x4 each describing one byte of the address.774.296.483. comprising some of the bits of the IP address. The impetus towards increasing use of NAT comes from a number of factors: • • • A world shortage of IP addresses Security needs Ease and flexibility of network administration IP Addresses In an IP network. aggravating the single point of failure phenomenon. Network Address Translation (NAT) is a method of connecting multiple computers to the Internet (or any other IP network) using one IP address. an IP address is 4 bytes. address 16843009 (hex 1010101) is written as 1.1. a whole class C . Because of routing requirements. IP version 4. They concentrate security in one spot. This allows home users and small businesses to connect their network to the Internet cheaply and efficiently. The number of unique Network Numbers that can be assigned in the Internet is therefore much smaller than 4 billion. and we believe them naively. In the current version of IP protocol. and is determined by address' network mask. This means that total number of available addresses on the Internet is 2. and it is very unlikely that all of the possible Host Numbers in each Network Number are fully assigned.294. the total number of available addresses is 2 to the power of 32 = 4. to memorize our 27 different passwords. leaving only class C available.time". the real limit is much smaller for several reasons.a bit like house numbers within a street.a bit like the street name. it is becoming a requirement for even the smallest businesses and homes to connect to the Internet. The idea is that all computers on one physical network will have the same network number .967. Each major world region has an authority which is given a share of the addresses and is responsible for allocating them to Internet Service Providers (ISPs) and other large customers. For example. As the amount of information and resources increases. with x1.1.1. This represents the TOTAL theoretical number of computers that can be directly connected to the Internet.x4. The network mask is a binary mask with 1s in the network part of the address. The alternatives however are either no Internet access. The addresses are usually written as x1. The size of the network and host parts depends on the class of the address.x3. What Is NAT? The Internet is expanding at an exponential rate. each computer is allocated a unique IP address. Each physical network has to have a unique Network Number. and 0 in the host part. Of course they forget to tell us we need to log in and out. or no security. neither of which are acceptable in most organizations. Most class A and B addresses have already been allocated. not to write them down on a sticky note on our computer screen and so on. The rest of the bits are used as a Host Number to uniquely identify each computer on that network. An address is divided into two parts: a network number and a host number. Since an address is 4 bytes. since each byte of this address has a value of 1. In practice.147.x2. the rest of the address defines an individual computer .

email. for example. Many times it is not even possible to detect that such applets are running. should confidential company information such as product plans or marketing strategies be stolen. many new software technologies such as Java or Active X have actually reduced security since it is now possible for a Java applet or Active X control to take control of a computer it is running on. for example. a number of firewall products are available. ISPs) are then responsible for distributing these addresses to their customers. Because such users are given only one IP address. it is only necessary to go to a Web site and the browser will automatically load and run any applets specified on that page. they forget that while their computer is connected to the Internet. the Internet is also connected to their computer.. it will take years before the existing network infrastructure migrates to the new protocol. Most personal computer operating systems are not designed with security in mind. it is possible to share that single address between multiple local computers and connect them all at the same time. This means. They are placed between the user and the Internet and verify all traffic before allowing it to pass through. the clients (e. company network etc). IP version 6. they can have only one computer connected to the Internet at one time. The security implications of this are very serious. Big companies can buy more addresses. To combat the security problem. but can cause the servers to crash. While the number of available addresses seems large. The problem with firewall solutions is that they are expensive and difficult to set up and maintain. These attacks do not compromise the security of the computer. It is still possible to make some internal servers available to the outside world via inbound mapping. NATs that do not use the host machine protocol stack but supply their own can provide protection from such attacks: Administrative Considerations . the Internet is growing at such a pace that it will soon be exhausted. That is because it only allows connections that are originated on the inside network.g. leaving them wide open to attacks from the Net. Such attacks can cause abnormal network events that can be used as a precursor or cloak for further security breaches. In majority of cases this address is assigned dynamically.g. thus making services such as FTP or Web available in a controlled way. that no unauthorised user would be allowed to access the company's file or email server. 21 for FTP) to specific internal addresses. To make matters worse. With an NAT gateway running on this single computer. resulting in potentially damaging "denials of service". Many TCP/IP stacks are susceptible to low-level protocol attacks such as the recently-publicised "SYN flood" or "Ping of Death". but an outside client will not be able to connect to an internal FTP server because it would have to originate the connection. such as emails.network (256 addresses) has to be assigned to a client at a time. and NAT will not allow that. putting them out of reach for home and small business users. this can lead to major financial losses or even cause the company to fold. allows for larger addresses. Because IP addresses are a scarce resource. most Internet Service Providers (ISPs) will only allocate one address to a single customer. which maps certain well know TCP ports (e. correspondence or financial details (such as credit card or cheque numbers) can be stolen. Security Considerations Many people view the Internet as a "one-way street". The outside world is unaware of this division and thinks that only one computer is connected. For business users the consequences can be disastrous. this means that sensitive personal information. That means that anybody with Net access can potentially access resources on their computers (such as files.. that an internal client can connect to an outside FTP server. so every time a client connects to the ISP a different address will be provided. NAT automatically provides firewall-style protection without any special set-up. This means. but for small businesses and home users the cost of doing so is prohibitive. While the next generation IP protocol. For home users.

the network connection will not function and there is usually no indication of what is wrong. all clients will automatically start using the new address the next time they contact the DHCP server. In bigger networks the task of co-ordinating the distribution of addresses and dividing the network into subnets is so complicated that it requires a dedicated network administrator. and a default router.IP networks are more difficult to set up than local desktop LANs. most of them have built-in internetwork routing capability. This file can be used to generate various traffic reports. Changes to network configuration are done centrally at the server and affect all the clients. when a computer is switched on. by network connection etc. without impacting external networks. if the DNS server address changes. NAT can help network administration in several ways: • It can divide a large network into several smaller ones. or their addresses changed. a NAT gateway can provide the following benefits: • • • • Firewall protection for the internal network. by site. Proxy technology is often seen as an alternative way to provide shared access to a single Internet connection. Another useful feature is traffic logging. each computer requires an IP address. such as traffic breakdown by user. it can serve them from its local files instead of having to download the data from a remote Web server. A Web proxy acts as a "half-way" Web server: network clients make requests to the proxy. if only one piece of information is wrong. With inbound mapping. Since NAT gateways operate on IP packet-level. The internetwork they are serving can be divided into several separate sub networks (either using different backbones or sharing the same backbone) which further simplifies network administration and allows more computers to be connected to the network: • • • • To summarise. Some modern NAT gateways contain a dynamic host configuration protocol (DHCP) server. This information has to be entered on every computer on the network. it is even possible to move services (such as Web servers) to a different computer without having to do any changes on external clients. The smaller parts expose only one IP address to the outside. Many NAT gateways provide for a way to restrict access to the Internet. For example. which then makes requests on their behalf to the appropriate Web server. only servers specifically designated with "inbound mapping" will be accessible from the Internet Protocol-level protection Automatic client computer configuration control Packet level filtering and routing NAT and Proxies A proxy is any device that acts on behalf of another. . The main benefits of Web proxying are: • Local caching: a proxy can store frequently-accessed pages on its local hard disk. DNS address. which means that computers can be added or removed. it can record all the traffic to a log file. it searches for a DHCP server and obtains TCP/IP setup information. a subnet mask. Proxies that perform caching are often called caching proxy servers. DHCP allows client computers to be configured automatically. The term is most often used to denote Web proxying. when these pages are requested. domain name. the administrator does not need to apply the change to every computer in the network. since all the traffic to and from the Internet has to pass through a NAT gateway.

Clients have to be explicitly set to use Web proxying. Both these benefits only become apparent in situations where multiple clients are very likely to access the same sites and so share the same data. and all reply packets from the remote server for this connection contain the same number as their destination port. It is this multiplexing facility that is the key to single address NAT. it is possible . A proxy server operates above the TCP level and uses the machine's built-in protocol stack. most browsers. Web proxying is not a transparent operation: it must be explicitly supported by its clients. have built-in support for proxies. This contrasts with a NAT which operates on packet level and requires much less processing for each connection. and another connection between the proxy machine and the remote Web server. and the two port numbers ensure that each connection between this pair of machines can be uniquely identified. In this way. Due to early adoption of Web proxying. This puts lot of strain on the proxy server machine. client computers label all packets with unique "port numbers". Unlike NAT. so that the client can relate them back to its correct connection. eliminating one of the main benefits of proxying.• Network bandwidth conservation: if more than one client requests the same page. To multiplex several connections to a single destination. Most of the new data formats are not cacheable.g. Web proxying has the following disadvantages: • • • Web content is becoming more and more dynamic. proxy is moved to a new IP address) each and every client has to be set up again. but this must normally be configured on each client machine. in fact. with new developments such as streaming video & audio being widely used. whenever there is a change (e. including Internet Explorer and Netscape Communicator. since Web pages are becoming more and more complicated the proxy itself may become bottleneck on the network. the proxy can make one request only to a remote server and distribute the received data to all waiting clients. Each separate connection is originated from a unique source port number in the client. For each Web request from a client. The TCP/IP protocols include a multiplexing facility so that any computer can maintain multiple simultaneous connections with a remote computer. NAT Operation The basic purpose of NAT is to multiplex traffic from the internal network and present it to the Internet as if it was coming from a single computer having only one IP address. and may be changed by the naive or malicious user. for example. a TCP connection has to be established between the client and the proxy machine. Each IP packet starts with a header containing the source and destination addresses and port numbers: Source address Source port Destination address Destination port This combination of numbers completely defines a single TCP/IP connection. The addresses specify the two machines at each end.

it is possible to validate any or all of this information before passing . Since this changes the length of the packet. If the entry is not found.source and destination address and port numbers . The port mapping table relates the client's real local IP address and source port plus its translated source port number to a destination address and port. [Or the NAT must be protocol-sensitive so that it can monitor or modify the embedded address or port data] Because the port mapping table relates complete connection information . a new one is created. incoming packets arriving at the NAT gateway will all have the same Destination address. The NAT gateway uses a port mapping table to remember how it renumbered the ports for each client's outgoing packets. This process is completely dynamic. Many higher-level TCP/IP protocols embed client addressing information in the packets. the TCP sequence/acknowledge numbers must be modified as well. however. during an "active" FTP transfer the client informs the server of its IP address & port number. A modern NAT gateway must change the Source address on every outgoing packet to be its single public address. This ensures that the table is kept to a reasonable size. and a new mapping port allocated to the client: • • • • • Incoming packet received on non-NAT port Look for source address. but taking into account traffic variations on the Internet should not go below 2-3 minutes. replace destination address and port with entries from the mapping table If not found. When the time-out expires. This is not possible for UDP traffic since it is not connection based. and then waits for the server to open a connection to that address. and replaces these numbers before passing the packet on to the local client. Most NAT implementations can also track TCP clients on a per-connection basis and remove them from the table as soon as the connection is closed. so that it can keep track of each client connection. some protocols. The NAT gateway can therefore reverse the process for returning packets and route them back to the correct clients. port in the mapping table If found. When any remote server responds to an NAT client. NAT looks for the matching source address and port in the port mapping table.for a web browser to ask a web server for several images at once and to know how to put all the parts of all the responses back together. Most protocols can be supported within the NAT. Whenever new traffic is received for a client. It therefore also renumbers the Source Ports to be unique. For example. When a packet is received from an internal client. the client is removed from the table. may require that the clients themselves are made aware of the NAT and that they participate in the address translation process. source port with mapping port Packets received on the NAT port undergo a reverse translation process: • • • • Incoming packet received on NAT port Look up destination port number in port mapping table If found. replace source port with previously allocated mapping port If not found. The NAT gateway looks in its port mapping table to determine which "real" client address and port number a packet is destined for. but the destination Port number will be the unique Source Port number that was assigned by the NAT. The length of the time-out varies. the packet is not for us and should be rejected Each client has an idle time-out associated with it. NAT has to monitor these packets and modify them on the fly to replace the client's IP address (which is on the internal network) with the NAT address. its time-out is reset. allocate a new mapping port Replace source address with NAT address.

incoming packets back to the client. What is a DSL modem? a DSL "modem" is a device that is placed at either end of the copper phone line to allow a computer (or LAN) to be connected to the Internet through a DSL connection. 'there is no such thing as a free lunch' and a Telco must make compromises between costs. Before doing so it must check for. etc when implementing or offering 'DSL' services. it usually does not require a dedicated phone line (a POTS splitter box enables the line to be shared simultaneously). equipment. any corrupt packets to avoid converting a bad packet into a good one. This checking helps to provide effective firewall protection against Internet-launched attacks on the private LAN. Each variation of 'DSL' reflects the different compromises made by Telco's when deciding how far and how fast data can flow on a particular kind of subscriber line. . Careful design in the NAT software can ensure that this extra processing has a minimal effect on the gateway's throughput. Unlike a dial up connection. They are recalculated and compared by the recipient to see if the packet has been corrupted in transit. speeds. it must also recalculate and replace the checksums. and discard. There are several variations of 'DSL' that include: ADSL Asymmetric Digital Subscriber Line R-ADSL Rate-Adaptive Digital Subscriber Line High Bit-Rate Digital Subscriber Line HDSL Very High Bit-Rate Digital Subscriber Line VDSL Symmetric Digital Subscriber Line SDSL As the saying goes. Although DSL modems resemble conventional analogue modems they provide much higher throughput. reliability. The checksums depend on the contents of the packet. DSL is considered to be the next generation of modem technology. DSL allows simultaneous voice and high-speed data services such as super fast Internet access over a single pair of copper telephone wires. distance. Each IP packet also contain checksums that are calculated by the originator. Since the NAT must modify the packet addresses and port numbers. What is DSL? DSL refers to a class of technology used to obtain more bandwidth over existing copper telephone cabling running between a customer's premises and a Telco's Central Office.

 BGP is connection oriented Advantage of 7200 Router.  Subnetmask : subnetmast extract the network portion of the address from the whole ip address is by using AND operation. The cisco 7301 and 7200 series vpn router deliver IP sec encryption scalability to 145 mbps for the most demanding head end .  The stub router is configured with default route and no routing protocol running.  Classfull routing protocol do not carry the subnet or routing mask in the update. firewall and IDS .     Quality of service feature Utilztion VPN accelarton module (VAM2). site to site vpn deployment It is integrated security solution ipsec .  A routing protocol is a set of rules that describe how layer -3 routing device send update between each other above the available network.General Networking. BGP Characterstic of BGP  It is path vector routing protocol  BGP support variable length subnet mask VLSM .  The adminstrave distance is used to select with protocol will update the routing table. triggered update send subsequently  It use TCP – 179  BGP works as an external routing protocol. class less interdomain routing (CIDR) and summarization  Full update are sent at the start of the session.

.

Neighbor: A router on the same link with whom routing information is exchanged. The table contains every link in the wider network. Fully adjacency: When the routing tables of the two neighbors are fully synchronized. If either the LSA is not present . Dijkstra Algorithm : A complex algorithm used by routers running link. Autonomous System: Router that share the same routing protocol within the organization.OSPF OSPF Fundamentals • It is using SPF algorithm. it wil reqest further info. it is send to every network device in the domain. OSPF Terminology Adjacency: Formed when two neighboring routers have exchanged information and have the same topology table.state routing protocols to find the shortest path to the destination. Topology Table : The same as a link state database. Designated Router (DR) : Router responsible for making adjacencies with all neighbors on the multi access network. Flood : When Network information is flooded. making it a link state routing protocol. Each router in the area has the same topology table. which is waiting for a replay to established two way communication. The database are synchronized. and they both see the same networks Area : A group of router that share the same area ID. Internal Router : A router that has all its interface in the same area. which is the algorithem used to find the shortest path. it compare the summarized info against the topological database. Link state Request (LSR) : When the router receives a DDP complete with a partial LSA. . Init State : State is which hello packet has been sent from router. Shortest Pat First (SPF) : The same as Dijkstra algorithem. Priority : A Cisco tool by which the DR can be manually elected. in case the DR fails. Backup Designated Router (BDR) : The backup to the designated router (DR) .

This is 4 times length of the hello timer. 5.5 The Init State : The new router waits for a replay. 3. 2. The stage of updating the router about the OSPF network 1.Dynamic election of DR : The Selection is made on the basic of the highest router ID or IP address present on the network segment. Fiding Neighbors with the Exchange Process. also called Link state database      Link state router keep track of following . 4. 6. Database Descriptor : Used to send summary info to neighbors to synchronize topology table. The Down State : The new router is in a down state. and a neighbor relashonship is established. Hello Protocol : used to find neighbors and to determine the designated and BDR.  LSA stored on topology table. 7. LSR : Works as a reqest for more detaile info. Down Init 2way Exstart Exchange Loading Full Page 250 OSPF Open standard Protocol It is link state routing protocol LSA propagate to all neighbors device using a special multicast address Each propagate to all neighbors device using a special multicast address Each router device takes a copy of the LSA. The two way state : The new router sees its own router ID in the list of neighbors. This is sent out as a hello to the multicase address 224.0.0. update at link database and forward LSA to all neighbor devices.

1. All router with in same area 3. Neigbour table 2. Topology table 3. Routing table . Best path towards designation Link state data structure 1. There neighbors 2.

Packet Switching Date Rate narrow Band Broad Band wan Connection type Dedicated Circuit switched on demand circuit switched packet switched virtual circuit broadband access .Switch • • • • • Packet are forward at layer -1 Packet are forward with security control and quality of service (QOS) using layer -3 address info Layer -3 switch are design and examin and forward packet in high speed lan environment Layer -4 switch LAN Expansion Module (LEM). WAN Connection type • • Dedicated on demand Switching 1. Circuit Switching 2.

Administrative distance is used by routers to select the best learning mechanism. There are two main types of access list for ip Standard and extanded.Access list can be applied to both inbound and outbound packets on an terface. 1. 2. Broadcast and multicast frames are flooded out to all ports 3. Standard Access list Standard access list are used to permits or denay packets by indentifying the source ip address of the packet Extended Access list Extended access list provede a higher degree of control by filtering traffic accroding to source address. Routing involves learning the network topology and maintain information on it.ROUTING FUNDAMENTALS.. A router is the device that forward a traffic acrross the network 3.The process is called Packet filering. Cisco IOS can configure a maximum of six equal metrix paths IP Access Lists 1. des addresss. 2. 5. Packet are forward between Network based on layer 3 address . STP can have a slow convergence time with the switch topology changes Layer 3 Switching 1. Switch must forward brad cast domain to all ports ( Draw back) 5. A table of MAC address and their associated bridges switch ports in build and maintained 2. Frame destination to unknown location are flooded out to all ports 4. IP standard Range 1 -99 IP extended range 100 -199 Layer 2 Switching 1. And Switching s the actual movement of traffic by the router 4. ip protocol. Routing is the process of transporting data traffic from one device to another across a network. Access list can be specified for particular protocols they can be standard or exextended 3. 1.. port info.

. Statefull inspection 2. Layer 3 Switching 1. layer -3 switch are design and examin and forward packet in high speed LAN environment Layer -4 switching 1. next hop route address and route own outbound interface 6. Traffic can be prioritized according to soruce and destenaion address and QoS also defiend in layers 5. Layer -4 must keep trace of application protocol. Rules -> based >Impleset rule / Expleset Rules 2. Pix -> Impleset allows . packet are forward with security control and quality of service (Qos) using layer -3 address info 3. UDP) in packet hedder are examined 3. VPN -> IP sec tunnel 5. Stealth rules ->Drop packet 4. VPN ip sec profile -1 / Profile -2 8. packet forward involves a table involves table lookup to the destination outward . load sharding command 7. Packet are forward using hardware baed on layer -3 addressing and layer -4 aapplicion info. Layer -4 protocol type (TCP. and it forward multicast packet. Route do now forward a packet . 4. Implsec denay rules 3. Packet are forward at layer -3 2.2. 3. 5. IBM interview Question 1. Layer -2 and layer -3 device have forward table based on MAC address 6. an optimal path has been take to next router An optimal path can eb chosed at any position A route must examine each packet layer -3 header before make a router destination. Lyaer -4 segment examined applion port no 4. 2. Leased line isdn 6. IP address 9.

and application layers. presentation. When the server receives this packet. the server will send back another packet with sequence "y". data link.NETWORKING What are the seven layers of the OSI model? A: The layers are physical. Q: How does Asynchronous Transfer Mode (ATM) work? . network. acknowledging the request of the client. Q: What is the purpose of exchanging beginning sequence numbers during the connection in the TCP client-server model? A: To ensure that any data lost during data transfer can be retransmitted. session. transport. When the client receives the acknowledgement from the server. Q: In the TCP client-servel model. the client will then send an acknowledge back to the server for acknowledging that sequence "y" has been received. how does the three-way handshake work in opening connection? A: The client first sends a packet with sequence "x" to the server.

Ethernet is similar to the IEEE 802.248.40. ATM provides Quality of Service and traffic shaping. delivery and duplicate protection are not guareented. Q: Given a Class B Network with subnet mask of 255. and vice versa. The answer is 130. Ethernet networks use CSMA/CD and run over a variety of cable types at 10 Mbps.32.A: ATM works by transmitting all traffic in small. UDP provides a connectionless service for application-level procedures. LAN switches. the network area within which frames that have collided are propagated.16. Intel.32. then AND them.0 and a packet addressed to 130. These small. fixed-sized cells. Broadcast Domain he set of all devices that will receive broadcast frames originating from any device within the set. and Digital Equipment Corporation. . Broadcast domains can be bounded by VLANs in a stand-alone environment. ATM fits into layer 2 of the OSI model and provides functions for framing and error correction. Thus. bridges and routers do not.3 series of standards. write them in binary form. fixed-size cells reduces queuing delay and can be switched quickly.255. CollisionIn Ethernet. The frames from each device impact and are damaged when they meet on the physical media.0 Question 4: What is the difference between TCP and UDP? TCP and UDP are both transport-level protocols. the result of two nodes that transmit simultaneously. Repeaters and hubs propagate collisions. In an internetworking environment. LAN & VLAN A Local Area Network (LAN) can generally be defined as a broadcast domain. what is the subnet address? A: Take the 2 addresses.40. VLAN Switches using VLANs create the same division of the network into separate broadcast domains There is an increased connection speed due to the elimination of latency from router connections Reducing the size of collision domains Ethernet Baseband LAN specification invented by Xerox Corporation and developed jointly by Xerox. UDP is basically an unreliable service. ATM switches convert cells into frames. At the port interface. TCP is designed to provide reliable communication across a variety of reliable and unreliable networks and internets. they are typically bounded by routers because routers do not forward broadcast frames Collision Domain In Ethernet.

 Two or more devices on a hub cannot transmit at the same time. regenerates it.  It receives a signal on one port. configure VLANS SwitchA# vlan database SwitchA(vlan)# vlan 2 name vlan2 SwitchA(vlan)# exit SwitchA# configure terminal SwitchA(config)# interface fastethernet 0/1 SwitchA(config-if)# switchport mode access SwitchA(config-if)# swichport access vlan 2 SwitchA(config-if)# end HUB (A Collision Domain)  A hub is a L1 (Physical Layer) multi port repeater. IP Address .  Hub operate only a half duplex. determined by the destination MAC address Switch can operate at full duplex .IP subnet Exp.Types of Virual LANs • • • Layer-1 VLAN – Group of physical ports Layer-2 VLAN – Group of MAC address Layer-3 VLAN . Multiple attached devices can transmit and receive at the same time.to – switch port mapping. A switch keeps tracks of which devices are connected to which ports by managing a table of the MAC address . Switch (A broadcast Domain) A switch is more than just a repeater. It is L2 (Data Link Layer) bridge. Attached devices cannot transmit and receive at the same time. and transmits it out all ports. Transmission on a switch are sent only to the intended recipients.

switch and router ? Hubs. For example. The net result of using a switch over a hub is that most of the network traffic only goes where it needs to. A hub is typically the least expensive. to the large industrial strength devices that drive the internet itself. What is difference between Hub. as well as the ability to communicate with other routers to describe or determine the best way to get network traffic from point A to point B. For example. By paying attention to the traffic that comes across it. It is burned in the network interface card or equivalent. which involves slightly modifying the packets of network traffic as they traverse the device.An IP addess is a 32 bit network layer address on the OSI model. if it sees traffic from machine A coming in on port 2. A simple way to think of a router is as a computer that can be programmed to understand. The really large routers include the equivalent of a full-blown programming language to describe how they should operate. it now knows that machine A is connected to that port. least intelligent. Every computer connected to the hub "sees" everything that every other computer on the hub sees. and least complicated of the three. into which you plug in the cables to make the connection. A switch does essentially what a hub does. The hub itself is blissfully ignorant of the data being transmitted. That's it. . and therein lies the difference. simple hubs have been quick and easy ways to connect computers in small networks. and most complicated of the bunch. so let's clarify what each one really means. called ports. For years. and route the data its being asked to handle. and is a combination of the manufacturer ID. very simple: anything that comes in one port is sent out to the others. Its job is very. Each has two or more connectors. On busy networks. networked devices or to other networks. but more efficiently. I often see the terms misused. Routers come in all shapes and sizes. this can make the network significantly faster. All routers include some kind of user interface for configuring how the router will treat traffic. MAC Address An MAC address is a 48 bit Data link layer address on the OSI model. and that traffic to machine A needs to only be sent to that port and not any of the others. possibly manipulate. rather than to every port. it can "learn" where particular addresses are. A router is the smartest. from the small four-port broadband routers that are very popular right now. broadband routers include the ability to "hide" computers behind a type of firewall. Varying degrees of magic happen inside the device. switches and routers are all devices which let you connect one or more computers to other computers.

DHCP server 68 11. Point to Point Tunneling Protocol  1723 5.11b or 802. per second) and 100mbs. and that's network speed.11g wireless transmitters that simply act like additional ports to the device. Wins Manager 135 . Layer two Tunneling Protocol  1701 4. Remote Procedure Call 135 15. Port Details. or million bits. HTTP  80 2. Most devices now are capable of both 10mps (10 mega-bits. and will automatically detect the speed. Similarly. IIS  80 13.A quick note on one other thing that you'll often see mentioned with these devices. 1. many devices now also include 802. Terminal Services  3389 8. or "gigabit" devices are starting to slowly become more common as well. SMTP 25 9. 1000mbs. If the device is labeled with only one speed. POP3 110 6. HTTP (Security Socket Layer)  443 3. then it will only be able to communicate with devices that also support that speed. IMAPI  143 14. Telnet 23 7. SNMP161 10. Client /Server Communication  135 12.

Central Office Prefix . Host Number. Data Switches and so on.three digits. .at least a couple of things must be present: • • Call Originator.whether they be Desktops.also requires a Call Originator and a Called Party before any information is passed between computers. Do you need to dial 1 for Long Distance or do you need to dial the Area Code? Depends. Station Number/Subscriber Number . Called Party. The same logic applies to internetworking of computers . Based on the above . This numbering schema is administered by the Internet Network Information Center (InterNIC).What is an IP (Internet Protocol/Internet Packeting) Address? An IP Address is akin to a phone number as far as break-out is concerned. for example.it contains components: • • Network Number. We know essentially that there are three components to every phone number in the North American Numbering Plan: • • • Area Code . This little miracle is achieved by using an IP Address. is available in several Metros.three digits.my phone number 423 267 6694 is in theory and hopefully in practice reachable by any Subscriber Station within the US numbering plan. So. there are wrinkles. Like a phone number . Internetworking or as it is more commonly referred to .four digits. Obviously. Servers. we have the idea that for a telephone conversation to take place . right? 10-Digit dialing.the Internet .

the technology requires a tremendous amount of numbers to function properly and just as with phone numbers . The Network Number contains the first 2 Octets while the Host Number contains the last 2 Octets.Here's how it works using the good old Binary Numbering System. Lets look at a DNS .are these resources are infinite? Let's look at the Class structure of the Internet Address to see how it is broken out: (Remember that it is a 32 Bit number.com (symbolic form) Behind this Domain is the IP Address assigned by InterNIC: • • Decimal Format: 127.) • Class A .3.joe-smith.2. An IP Address contains 4 x 8 Bit numbers (Octets) for a total of 32 Bits.9 Binary format: 01111111 00000011 00000010 00001001 Here's how you figure it out: (A x B = C) 128 0 +0 128 0 +0 128 0 +0 128 0 +0 64 1 32 1 16 1 8 1 4 1 +4 4 0 +0 4 0 +0 4 0 +0 2 1 +2 2 1 +2 2 1 +2 2 0 +0 1 1 +1 1 1 +1 1 0 +0 1 1 +1 A #X2 B 8-Bit # C TOTAL=127 A #X2 B 8-Bit # C TOTAL=3 A #X2 B 8-Bit # C TOTAL=2 A #X2 B 8-Bit # C TOTAL=9 +64 +32 +16 +8 64 0 +0 64 0 +0 64 0 +0 32 0 +0 32 0 +0 32 0 +0 16 0 +0 16 0 +0 16 0 +0 8 0 +0 8 0 +0 8 1 +8 As you might imagine .Domain Name System: www.

X. How do you set the proxy configuration in IE? Tools. What is CSMA/CD and with which technology is it associated? Carrier Sense Multiple Access with Collision Detection .168.0.282 Networks) 16 Bit Host Numbers (up to 65.16.0.0/30.534 Hosts for each Network) 3 Bit [110] Class Designation: 21 Bit Network Numbers (2. how many host IPs can be allocated? (2 valid node IPs can be configured) 6.LAN Settings – either detect automatically or provide the IP address and the Proxy port no. .Connections.Internet Options. Questions and Answers 1. Which Layer does MAC operate in the OSI model? (Data link Layer. For a class 10. 172.0/16 through 172. How many IPs and which are they? (254) (X.0.31. Which ring topology provides redundancy? (FDDI) 4.Ethernet 3.0.097.0/16 and 192.o o o • 1 Bit [0] Class Designation: 7 Bit Network Numbers (126 Networks) 24 Bit Host Numbers (16 million+ Hosts for each Network) 2 Bit [10] Class Designation: 14 Bit Network Numbers (16.0. What is the Private range of IP addresses? (10.X.0. A class A Network address with /24 masks.0/8.0/24) 7.L2) 2.150 Networks) 8 Bits (up to 254 Hosts for each Network) 4 Bit [1110] Class Designation: Class B o o o • Class C o o o • Class D o Multicasting is used to address groups in a limited area.1-254) 5.0.

Permanent TRAP are synonymous to which application? SNMP 15. The router with highest priority gets chosen as a DR. Sync. 17.Read. What is an MX record? MX – Mailing exchange record is used to configure your mail servers and IP addresses and advertise it to the external. VTP client. Standby IP is a terminology used in which technology HSRP 10. 12. What command is used in Solaris to see the total file size in Kbps df –k 16. 11. What are the types of packets exchanged in a 3 Way TCP / IP Handshake between two hosts. Write. Preference values may also be set for usage. What are the different states in which a switch may be configured in a VTP Domain? VTP Server. Which protocol is used for communication between SNA to Ethernet Networks? DLSW – Datalink Switching 13. Default is VTP Server. What is reverse proxy? 9. . Listening. Sync Ack and Ack are the three type of packets used in 3-way TCP/IP handshake. The default mechanism is that the router with the highest interface IP address is elected as the DR. VTP Transparent. What is DNS Zone transfer? 18. Learning and Forwarding. Use of router priority 1-255 is configured to achieve what purpose and in which protocol? It is used in OSPF to elect DR on broadcast medium.8. What are the different states through which a switch port is when powered on? Blocking. In order to manually force the router to be DR is done using the router ospf priority <value> 14.

such as credit card numbers. The connection is now "OPEN" and ongoing communication between the originator and the destination are permitted until one of them issues a "FIN" packet. a. The "three way handshake" establishes the communication. 23. What mapping will be there in the table? b. hopefully) sends an initial packet called a "SYN" to establish communication and "synchronize" sequence numbers in counting bytes of data which will be exchanged. What is Socks? SOCKSv5 is an IETF (Internet Engineering Task Force) approved standard (RFC 1928) generic. What happens to a frame it is detected to have CRC errors? (The destination system) will ensure that the source system resend the frame and the CRC 20. How many bits are there in MAC address? How does the MAC address split? c. the SOCKS server and the SOCKS client. without requiring direct IP-reachability. while the SOCKS client is implemented between the application and transport layers.Description on 3-way Handshake. . 22. or the connection times out. SOCKS include two components. 19. What is SSL? SSL – Stands for Secured Sockets Layer. Both Netscape Navigator and Internet Explorer support SSL.The "three-way handshake" happens thus. The SOCKS server is implemented at the application layer. proxy protocol for TCP/IP-based networking applications. or a "RST" packet. The originator then returns an "ACK" which acknowledges the packet the destination just sent him. What is ARP protocol? Explain its functionality. and many Web sites use the protocol to safely transmit confidential information. SSL works by using a public key to encrypt data that's transferred over the SSL connection. The basic purpose of the protocol is to enable hosts on one side of a SOCKS server to gain access to hosts on the other side of a SOCKS Server. What is OUI? Who assigns OUI number? 21. One to many host communication is an example of Broadcast communication. What is the difference between Unicast and Broadcast? One to one host Communication is an example of Unicast communication. The SOCKS protocol provides a flexible framework for developing secure communications by easily integrating other security technologies. The destination then sends a "SYN/ACK" which again "synchronizes" his byte count with the originator and acknowledges the initial packet. All the protocols of the Internet which need "connections" are built on the TCP protocol. The originator (you.

When an application client needs to connect to an application server, the client connects to a SOCKS proxy server. The proxy server connects to the application server on behalf of the client, and relays data between the client and the application server. For the application server, the proxy server is the client.

24. What is the Routing Algorithm used in OSPF, EIGRP, RIP? Dijakstra Alogrithm. Dual- EIGRP Bellman-ford – RIP

25. What is summarization? Summarization is process of aggregating network entries to a superset entry

26. What needs to be configured to have multiple VLAN information propagated to other switches? Trunk

27. What is the Bandwidth of a T1 and T3 links? How many channels are in each of these links? T1- 1.544 Mbps T3- 45 Mbps

28. What is the expansion for ATM Asynchronous Transfer mode. Asynchronous Transfer Mode (ATM) is an International Telecommunication UnionTelecommunications Standards Section (ITU-T) standard for cell relay wherein information for multiple service types, such as voice, video, or data, is conveyed in small, fixed-size cells. ATM networks are connection-oriented.

29. PNNI is a terminology used in which technology? ATM. PNNI is the ATM routing protocol that enables switches to automatically discover the topology and the characteristics of the links interconnecting the switches. A link-state protocol much like OSPF, PNNI tracks things such as bandwidth on links. When a significant event occurs that changes the characteristics of a link, PNNI announces the change to the other switches.

30. What is the size of Ethernet frame (1518 Bytes)

31. What is Split Horizon? Routes learnt via a particular interface are not advertised via the same interface. This is used to prevent routing loops in routing.

32. What is the expansion PING Packet Internet Groper

33. What is the size E1 and E3? E1- 2.048 Mbps E3- 34 Mbps

34. What is the difference between PAT and NAT? PAT is one to many Translations NAT is one to one Translation

35. How do you configure NAT for a dynamic pool of IP Addresses? ip nat pool (start ip and endip) ip nat inside/outside source/destination list pool name and apply this on the interface mode ip nat inside ip nat outside 36. In OSPF what is a DR (Designated Router) and how is it configured? DR is used to elect the preferred router on a broadcast medium and to avoid flooding of routing updates on broadcast medium. BDR will assume the role of a DR in the event of failure of DR. All BDRs accept the routing updates sent out by the DR. 37. What is NTP? NTP is a protocol designed to synchronize the clocks of computers over a network. 38. What type of routing protocol is BGP? BGP is a Path vector protocol. It uses attributes for path selection in the order of preference of Route selection criteria.

39. What command is used to advertise a default route in BGP? router BGP 100 default-information originate redistribute static Config# ip route null 0.0.0.0 mask 0.0.0.0

default-information originate . network command with the route 0.0.0.0 The default-information originate command requires an explicit redistribution of the route 0.0.0.0. The network command requires only that route 0.0.0.0 is specified in the Interior Gateway Protocol (IGP) routing table.

40. What is synchronization in BGP? If a route is learned via IBGP the route should also be relearned through IGP before it is added to the routing table.

41. What are the attributes of BGP route selection? Weight (if it is considered as attribute), AS_PATH, NEXT_HOP, LOCAL_PREF, ORIGIN, MED

42. What command is used to see the configuration of all the interfaces in (Solaris and NT) command? ipconfig /all in NT and ifconfig – a

43. What is the command to send a file to TFTP server and get it back? Copy running-config/startup-conf tftp Copy flash tftp Copy tftp running-config/startup-conf Copy tftp flash

0 netmask 255. reconfirm the answer) 45.10. (show rev –p) 49. This is used for having your server farms – network connected to the firewall.10.255.168. What is ‘Brute Force Attack’? 50.255. What vulnerability does code red exploit? 53.168. What is DOS? Making the service unavailable to legitimate user 51.d/S76static-routes route add net 192.route add Solaris .1 1 47. What is the latest version of Solaris OS? 48. What command is used to add a default route in NT and Solaris? NT . What is Trojan Horse and what does it do? 52.telnet (pls. What command is used to list all the packages installed in Solaris.route add 46.0 192. What is a DMZ? DMZ stands for Demilitarized zone. 55. What is command is used in Solaris to disconnect a Telnet Daemon in a UNIX server? Kill – process id. What is it known as when an external untrusted user pretends to be a trusted user? Spoofing 54. What is the difference between Firewall and IDS? Firewall is a device used as demarcation between the untrusted and trusted networks. .44.route followed with “–p” Solaris . It is configured to permit specific traffic across this demarcation. What command is used to add a permanent route in NT and Solaris? NT.vi /etc/rc2.

What is the difference between TACACS and TACACS Plus? 62. SMTP. How many bit is 3DES? 168 bit 58. 59. Given a choice of EIGRP and OSPF. Should NetBIOS traffic be permitted on a firewall? No. which is to be chosen and what are the advantages? EIGRP is a CISCO proprietary protocol and OSPF is a vendor interoperable. 57. HTTP. DNS. What is the port number for different protocols FTP. SSL) FTP – 20 & 21 TELNET – 23 SMTP – 25 DNS – 53 – TCP & UDP HTTP – 80 HTTPS – 443 SSL – 443 . only the changes in entries in the routing table are sent as updates in its routing update.56. HTTPS. Telnet. How many bits is a DES? 56 bit. 61. 60. Which algorithm facilitates its entire routing table as routing update? Belmanford Algorithm – rip and igrp (distance vector routing protocols) In link state routing protocols.

445/udp 389/tcp 389/udp 636/tcp 3268/tcp 3269/tcp 88/tcp. 53/udp 1512/tcp. 1512/udp 42/tcp. 135/udp 137/tcp. 42/udp .ADC to DC Replication Port details RPC endpoint mapper NetBIOS name service NetBIOS datagram service NetBIOS session service RPC static port for AD replication RPC static port for FRS SMB over IP (Microsoft-DS) LDAP LDAP ping LDAP over SSL Global catalog LDAP Global catalog LDAP over SSL Kerberos DNS WINS resolution (if required) WINS replication (if required) 135/tcp. 88/udp 53/tcp. 137/udp 138/udp 139/tcp <AD-fixed-port>/TCP <FRS-fixed-port>/TCP 445/tcp.

BPDU  Send confirmation messages using multicast frames. Learning address Forwarding  Frame forwarded. Forward delay  Time take for a switch to go from listening to learning ( 50 sec default) Blocked ports still receive BPDU Access Control Lists ( ACL) Priorities traffic Restrict or reduce updates Provide bacic security Block types of traffic ACL placement Standard ACLs  Place as close to destination as possible Extended ACLs  Place as close to source of traffic as possible . listening for frames Learning  No frame forwarded. BPDU heard Listening  No frame forwarded.The STP Prevents loops. Learning address Disabled  No frame forwarded. Blocking  No frame forwarded. Loops cause broadcast storms Allow redundant links Resilent to topology changes STA (Spanning tree algorithm) – Used to calculate loop free path BPDU are sending and receive by switches in the network every 2 second (Default) to dermine spanning tree topology. No BPDU heard Spanning tree algorithm is used to calculate a loop free path Port Fast Mode  Immediately brings a port from blocking to forwarding state by eliminating forward delays.

Protocol IP Range 1 to 99 Extended IP 100 to 199 VLAN tunking protocol… A layer 2 messaging protocol used to maintain a vlan configuring consistency by managing the addition . IEEE and LAN emulation link. This include inter switch link (ISL) . BGP-4. 16. More recent protocols (see VLSM) carry either a prefix length (number of contiguous bits in the address) or subnet mask . the distinction between network number. subnet number. Dual IS-IS. and host number being a matter of convention and not exchanged in the routing protocols. Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of the OSI reference model.2Q trunk link. Of the IP routing protocols supported by Cisco. OSPF. and actually exchanged network numbers (8. Frame Relay originally was designed for use across Integrated Services Digital Network (ISDN) interfaces. Historically. RIP and IGRP exchanged network and subnet numbers in 32 bit fields. a result of the fact that these protocols do not transmit subnet mask or network prefix information with their updates. A Variable Length Subnet Mask (VLSM) is a means of allocating IP addressing resources to subnets according to their individual need rather than some general network-wide rule. or 24 bit fields) rather than IP addresses (32 bit numbers).If a packet does not match the ACL statement then it will be implicitly denied. deletion and rename of vlans…VTP works on 802. Once a packet matches an ACL statement no other checks as made . and EIGRP support "classless" or VLSM routes. it is permitted. classful routing protocols must use the same subnet mask consistently throughout a network. EGP depended on the IP address class definitions.

VLSM can help optimize available address space. A packet sent to a unicast address is delivered to the interface identified by that address. In OSPF. unicast@An identifier for a single interface. route summarization@The consolidation of advertised addresses in OSPF and IS-IS. VLSM (variable-length subnet masking)@The ability to specify a different subnet mask for the same network number on different subnets. indicating what portion of the 32 bit field is the address being routed on.with each address. multicast@An identifier for a set of interfaces that typically belong to different nodes. A packet sent to a multicast address is delivered to all interfaces in the multicast group. . Site-Level Aggregation Identifier (SLA ID) field@The 16-bit SLA ID is used by an individual organization to create its own local addressing hierarchy and to identify subnets. this causes a single summary route to be advertised to other areas by an area border router.

UDP sends small packets.0 0. TCP provides a stream of unlimited length. the data can be sent in less time than it takes for TCP to establish a connection. What is EGP (Exterior Gateway Protocol)? It is the protocol the routers in neighboring autonomous systems use to identify the set of networks that can be reached within or via each autonomous system.x. UDP cannot. What is BGP (Border Gateway Protocol)? It is a protocol used to advertise the set of networks that can be reached with in an autonomous system. This will be done when the originating host believes that a destination is local.0. TCP can establish a Connection. 2. file System . What is a data source? A DataSource class brings another level of abstraction than directly using a connection object. BGP enables this information to be shared with the autonomous system. Normally a router is used for internal networks while a gateway acts a door for the packet to reach the ‘outside’ of the internal network What is autonomous system? It is a collection of routers under the control of a single administrative authority and that uses a common Interior Gateway Protocol. can route traffic along multiple paths. How Gateway is different from Routers? A geteway operates at the upper levels of the OSI model and translates information between two completely different network architectures or data formats What is a router? What is a gateway? Routers are machines that direct a packet through the maze of networks that stand between its source and destination. What is OSPF? It is an Internet routing protocol that scales well. Data Source may point to RDBMS. A source route may optionally be included in an IP datagram header. Data source can be referenced by JNDI.0. How do you set a default route on an IOS Cisco router? ip route 0. 3. UDP provides no guaranteed delivery.x. UDP is faster for sending small amounts of data since no connection setup is required.0. This is newer than EGP (Exterior Gateway Protocol). the routers are divided into what we will call regions.0. TCP guarantees that as long as you have a connection data sent will arrive at the destination. 4. when in fact is lies beyond router.0 x.x represents the destination address] What is region? When hierarchical routing is used.There are four major differences between UDP and TCP: 1. and uses knowledge of an Internet’s topology to make accurate routing decisions. What is source route? It is a sequence of IP addresses identifying the route a datagram must follow.x. often the router of the network.x [where x.x. any DBMS etc. What is NVT (Network Virtual Terminal)? . with each router knowing all the details about how to route packets to destinations within its own region. but knowing nothing about the internal structure of other regions What is Proxy ARP? It is using a router to answer ARP requests. What is a default gateway? The exit-point from one network and entry-way into another network.

Filters differ from Web components in that they usually do not themselves create responses but rather modify or adapt the requests for a resource. The other name for virtual channel is virtual circuit. Another open loop method to help manage congestion is forcing the packet to be transmitted at a more predictable rate. What is traffic shaping? One of the main causes of congestion is that traffic is often busy. If hosts could be made to transmit at a uniform rate. This is called traffic shaping. and modify or adapt responses from a resource.The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a file from one host to another. . local networks and cannot be used with a router What is the difference between TFTP and FTP application layer protocols? The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from a remote host but does not provide reliability or security. Those that fail the test are dropped. What is the difference between routable and non. Packets meeting some criterion are forwarded normally. The extra functionality allows every incoming or outgoing packet to be inspected. What is virtual channel? Virtual channel is normally a connection from one source to one destination. What is filter An object that can transform the header or content (or both) of a request or response.It is a set of rules defining a very simple virtual terminal interaction. and uses knowledge of an Internet’s topology to make accurate routing decisions. The NVT is used in the start of a Telnet session. What is OSPF? It is an Internet routing protocol that scales well.routable protocols? Routable protocols can work with a router and can be used to build large networks. It uses the services offer by TCP and so is reliable and secure. It establishes two connections (virtual circuits) between the hosts. although multicast connections are also permitted. can route traffic along multiple paths. congestion would be less common. What is packet filter? Packet filter is a standard router equipped with some extra functionality. Non-Routable protocols are designed to work on small. A filter should not have any dependencies on a Web resource for which it is acting as a filter so that it can be composable with more than one type of Web resource. one for data transfer and another for control information. It uses the fundamental packet delivery services offered by UDP.

The reverse address resolution protocol (RARP) allows a host to discover its Internet address when it knows only its physical address.255.3).255.255 Class E 240.1 is an internetworking standard for compatibility of different LANs and MANs across protocols.255 Class C 192.255.6 is distributed queue dual bus (DQDB) designed to be used in MANs.0.4). What are the data units at different layers of the TCP / IP protocol suite? The data unit created at the application layer is called a message.255. It also handles both control and error messages.255. It is a way for specifying functions of the physical layer. used by a host or a router to find the physical address of another host on its network by sending a ARP query packet that includes the IP address of the receiver.0. What is the range of addresses in the classes of internet addresses? Class A 0.0 . a network layer protocol of the TCP/IP suite used by hosts and gateways to send notification of datagram problems back to the sender.127.255. the data link layer and to some extent the network layer to allow for interconnectivity of major LAN protocols. at the data link layer the datagram is encapsulated in to a frame and finally transmitted as signals along the transmission media.0.255 Class B 128. that is remains the same for all IEEE-defined LANs.255 Class D 224. Token ring LAN (802.0.0 .255.255.0 .247.What is Project 802? It is a project started by IEEE to set standards to enable intercommunication between equipment from a variety of manufacturers. What is Protocol Data Unit? . What is ICMP? ICMP is Internet Control Message Protocol. 802.255 What is difference between ARP and RARP? The address resolution protocol (ARP) is used to associate the 32 bit IP address with the 48 bit physical address.191. Media access control (MAC) is the lower sublayer of the data link layer that contains some distinct modules each carrying proprietary information specific to the LAN product being used.0. It uses the echo test / reply to test whether a destination is reachable and responding.0.255. Token bus LAN (802. at the transport layer the data unit created is called either a segment or an user datagram.239.0.223. 802.0. The modules are Ethernet LAN (802.2 Logical link control (LLC) is the upper sublayer of the data link layer which is nonarchitecture-specific.0 .0 .0. at the network layer the data unit created is called the datagram.0.5).It consists of the following: 802.255.

with the password usually requesting the user’s ID for tracking purposes only. Parameters are passed like in any ordinary procedure. It belongs to application layer. is synchoronous. There are several types of resource records used. . a control field and an information field. anonymous FTP uses a login called anonymous or guest. What is a DNS resource record? A resource record is an entry in a name server’s database. What is Remote Procedure Call (RPC)? RPC hides the intricacies of the network by using the ordinary procedure call mechanism familiar to every programmer. Anonymous FTP is used to enable a large number of users to access files on the host without having to go to the trouble of setting up logins for them all.frame) or a supervisory frame (S . Example for passive topology . like an ordinary procedure. Resource records are maintained as ASCII files. Usually. What is NETBIOS and NETBEUI? NETBIOS is a programming interface that allows I/O requests to be sent to and received from a remote computer and it hides the networking hardware from applications. Anonymous FTP systems usually have strict controls over the areas an anonymous user can access. What is passive topology? When the computers on the network simply listen and receive the signal. The process that issues the call waits until it gets the results. What is anonymous FTP and why would you use it? Anonymous FTP enables users to connect to a host without using a valid login and password. The control field specifies whether the PDU frame is a information frame (I . including name-to-address resolution information. a source service access point (SSAP).linear bus.frame). The PDU contains of four fields a destination service access point (DSAP). A client process calls a function on a remote server and suspends itself until it gets back the results. NETBEUI is NetBIOS extended user interface. in which layer it comes? Telnet is also called as terminal emulation.The data unit in the LLC level is called the protocol data unit (PDU). The RPC.frame) or a unnumbered frame (U . they are referred to as passive because they don’t amplify the signal in any way. SSAP are addresses used by the LLC to identify the protocol stacks on the receiving and sending machines that are generating and using the data. A transport protocol designed by microsoft and IBM for the use on small subnets. What is terminal emulation. DSAP.

where N is no-of-bits represented by each signal shift What is subnet? A generic term for section of a large networks usually separated by a bridge or router. What is Bandwidth?Every line has an upper limit and a lower limit on the frequency of signals it can carry.Explain 5-4-3 rule. and of those five segments only three of segments can be populated. It is the network protocol which is used to send information from one computer to another over the network over the internet in the form of packets Forwarding of Broadcast Packets and Protocols ip helper-address address The ip helper-address interface subcommand tells the router to forward UDP broadcasts. received on this interface. and its routing algorithm is called multicast routing. there can be no more than five network segments or four repeaters. What is Brouter? Hybrid devices that combine the features of both bridges and routers. between any two points on the network. If hosts could be made to transmit at a uniform rate. . including BootP. What is SAP? Series of interface points that allow other computers to communicate with the other layers of network protocol stack. What is traffic shaping? One of the main causes of congestion is that traffic is often busy. What is multicast routing? Sending a message to a group is called multicasting. This is called traffic shaping. Bit rate is the number of bits transmitted during one second whereas baud rate refers to the number of signal units per second that are required to represent those bits. What is EGP (Exterior Gateway Protocol)? It is the protocol the routers in neighboring autonomous systems use to identify the set of networks that can be reached within or via each autonomous system. What is source route? It is a sequence of IP addresses identifying the route a datagram must follow. What is IGP (Interior Gateway Protocol)? It is any routing protocol used within an autonomous system. Another open loop method to help manage congestion is forcing the packet to be transmitted at a more predictable rate. What is IP? IP is Internet Protocol. baud rate = bit rate / N . What is SLIP (Serial Line Interface Protocol)? It is a very simple protocol used for transmission of IP datagrams across a serial line. congestion would be less common. This limited range is called the bandwidth Difference between bit rate and baud rate. In a Ethernet network. A source route may optionally be included in an IP datagram header.

ip forward-protocol {udp|nd|spanning-tree} [port] no ip forward-protocol {udp|nd|spanning-tree} [port] Layer 3 switch is a high-performance device for network routing. it can use ASICs to route traffic at the 100-Mbps speeds expected of the LAN network.g. which is defined in terms of a next hop IP address and the egress interface that the next hop is reachable from.. Layer 3 switches were conceived as a technology to improve on the performance of routers used in large local area networks (LANs) like corporate intranets. Both inspect incoming packets and make dynamic routing decisions based on the source and destination addresses inside. A Layer 3 switch can support the same routing protocols as network routers do. replacing some of a router's software logic with hardware to offer better performance in some situations. if a new VLAN was added to the network) is also high Layer 3 Routing Versus Layer 3 Switching • • Control plane—The control plane process is responsible for building and maintaining the IP routing table. as well as other operations required on for . The cost associated with adding more routed Ethernet ports to the router (e. Layer 3 switches actually differ very little from routers. Designed for use within local networks. Three user VLANs are present. however.The ip forward-protocol global configuration command allows you to specify which protocols and ports the router will forward. The router in the network is designed to handle the requirements of routing at T1 (1. Of course. The key difference between Layer 3 switches and routers lies in the hardware technology used to build the unit. Data plane—The data plane process is responsible for actually routing an IP packet. A traditional router is connected to the L3 switch and handles the routing of any traffic that needs to be sent across the WAN. Both types of boxes share a similar appearance. Its full syntax is listed next. Layer 3 routing generally refers to control plane operations. the data plane defines exactly how an IP packet should be routed.5 Mbps) speeds and would cause a bottleneck if it had to route between VLANs. you could purchase an expensive high-performance router with three Ethernet ports and a T1 interface. not hardware. Whereas the control plane defines where an IP packet should be routed to. based upon information learned by the control plane. The hardware inside a Layer 3 switch merges that of traditional switches and routers. This information includes the underlying Layer 2 addressing required for the IP packet so that it reaches the next hop destination. L3 switch provides switched LAN connections for each device in the network. Layer 3 switches often cost less than traditional routers. a Layer 3 switch will typically not possess the WAN ports and wide area network features a traditional router will always have. as routing is performed in software. Because the L3 switch does not need the flexibility required of the router to support different WAN protocols. the cost associated with this approach is much higher. and a routing engine on the L3 switch enables communications between each VLAN. The L3 switch possesses specialized hardware chips called application-specific integrated circuits (ASICs) that are preprogrammed and designed to route between Ethernet ports at high speed. which defines where an IP packet should be routed to based upon the destination address of the packet.

and is not a runt or a giant. or jumbo. as illustrated in Figure 6-7. based on the number of bits (1s) in the frame. which makes forwarding the frame through the switch faster than store-and-forward switches. table and determines the outgoing interface. or switching.IP routing. frames. the frame is discarded. It then forwards the frame toward its intended destination. or fragment-free switch. no error checking is performed against the frame. With the cut-through switching method. to determine whether the received frame is errored. Figure 6-7 Store-and-Forward Switch Discarding a Frame with a Bad CRC An Ethernet frame is discarded if it is smaller than 64 bytes in length. NOTE Some switches can be configured to carry giant. Layer 3 switching generally refers to data plane operations Layer 2 Switching Methods LAN switches are characterized by the forwarding method that they support. the LAN switch looks up the destination address in its forwarding. In the store-and-forward switching method. as illustrated in Figure 6-8. such as a store-andforward switch. error checking is performed against the frame. If the frame is error free. Store-and-Forward Switching Store-and-forward switching means that the LAN switch copies each complete frame into the switch memory buffers and computes a cyclic redundancy check (CRC) for errors. a giant. cut-through switch. such as decrementing the time-to-live (TTL) field and recomputing the IP header checksum. or if the frame is larger than 1518 bytes in length. a runt. the switch forwards the frame out the appropriate interface port. . If the frame does not contain any errors. If a CRC error is found. CRC is an error-checking method that uses a mathematical formula. and any frame with errors is discarded.

CPU) cycles to perform the detailed inspection of each frame than that of cut-through or fragment-free switching. determines the outgoing interface port. If a frame fails this inspection. The switch looks up the destination MAC address in its switching table. and the frame is thrown in to the proverbial bit bucket. and forwards the frame on to its destination through the designated switch port.Store-and-Forward Switching Operation Store-and-forward switches store the entire frame in internal memory and check the frame for errors before forwarding the frame to its destination. total network performance can suffer as a result. This error checking results in high switch latency (delay). If multiple switches are connected. The cut-through switch shown in Figure 6-10 inspects each received frame's header to determine the destination before forwarding on to the frame's destination network segment. because bad data frames are discarded rather than forwarded across the network. A drawback to the store-and-forward switching method is one of performance. which is located in the first 6 bytes of the frame following the preamble. because the switch has to store the entire data frame before checking for errors and forwarding. Figure 6-8 Runts and Giants in the Switch Figure 6-9 Store-and-Forward Switch Examining Each Frame for Errors Before Forwarding to Destination Network Segment The store-and-forward switch shown in Figure 6-9 inspects each received frame for errors before forwarding it on to the frame's destination network segment. Another drawback to store-and-forward switching is that the switch requires more memory and processor (central processing unit. Cut-Through Switching With cut-through switching. Store-and-forward switch operation ensures a high level of error-free network traffic. the LAN switch copies into its memory only the destination MAC address. Frames with and without errors are forwarded in cut-through switching operations. as illustrated in Figure 6-10. leaving the error detection of the frame to . with the data being checked at each switch point. as illustrated in Figure 6-9. A cut-through switch reduces delay because the switch begins to forward the frame as soon as it reads the destination MAC address and determines the outgoing switch port. the switch drops the frame from its buffers.

however. however. checks the frame's CRC. network users experience a significant slowdown on the network. Fragment-Free Switching Fragment-free switching is also known as runtless switching and is a hybrid of cut-through and storeand-forward switching. the likelihood of bad frames or collisions might be minimized. forcing the source to resend the frame. and discards it. as well as good frames. When the destination MAC address is determined by the switch. in turn making cut-through switching a good choice for your network. this might not sound bad because most network cards do their own frame checking by default to ensure good data is received. Cut-Through Switching Operation Cut-through switches do not perform any error checking of the frame because the switch looks only for the frame's destination MAC address and forwards the frame out the appropriate switch port. NOTE Today's switches don't suffer the network latency that older (legacy) switches labored under.the intended recipient. At first blush. The destination receives this bad frame. the switch forwards the frame out the correct interface port to the frame's intended destination. are sent to their destinations. Today's switches are better suited for a storeand-forward environment. This process wastes bandwidth and. Figure 6-10 Cut-Through Switch Examining Each Frame Header Before Forwarding to Destination Network Segment Cut-through switching was developed to reduce the delay in the switch processing frames as they arrive at the switch and are forwarded on to the destination switch port. If the frame was corrupted in transit. This minimizes the effect switch latency has on your traffic. the frame is thrown out to the bit bucket where the frame is subsequently discarded from the network. If the receiving switch determines the frame is errored. Fragment-free switching was developed to solve the late-collision problem. store-and-forward switching prevents errored frames from being forwarded across the network and provides for quality of service (QoS) managing network traffic flow. The drawback. the switch still forwards the bad frame. Cutthrough switching results in low switch latency. NOTE . You might find that if your network is broken down into workgroups. In contrast. Cut-through switching reduces latency inside the switch. is that bad data frames. if it occurs too often. The switch pulls the frame header into its port buffer.

Collisions are a part of Ethernet communications and do not imply any error condition. Routers provide functionality beyond that offered by bridges or switches. As a result. routers entail greater complexity. For example. as illustrated in Figure 6-11. Late collisions are often caused by an Ethernet LAN being too large and therefore needing to be segmented. A late collision is similar to an Ethernet collision. running on a special-purpose processing platform. such as a personal computer (PC) with two network interface cards (NICs) and software to route data between each NIC. cut-through switching is best for the network core where errors are fewer. Up to now. With improved technology. this discussion has concentrated on switching and bridging at the data link layer (Layer 2) of the Open System Interconnection (OSI) model. NOTE Different methods work better at different points in the network. half-duplex/full-duplex) mismatches between connected devices. routers work at the network layer (OSI Layer 3). Fragment-Free Switching Operation Fragment-free switching works like cut-through switching with the exception that a switch in fragment-free mode stores the first 64 bytes of the frame before forwarding. Layer 3 Switching Layer 3 switching is another example of fragment-free switching. increasing performance and enabling manufacturers to build reasonably priced wire-speed switches. The reason fragment-free switching stores only the first 64 bytes of the frame is that most network errors and collisions occur during the first 64 bytes of a frame. Late collisions can also be caused by faulty network devices on the segment and duplex (for example. Whereas bridges and switches work at the data link layer (OSI Layer 2). A late collision indicates that another system attempted to transmit after a host has transmitted at least the first 60 bytes of its frame. . routers were often implemented in software. Fragment-free switching can be viewed as a compromise between store-and-forward switching and cut-through switching. Store-andforward is best at the network access layer where most network problems and users are located. however. and speed is of utmost importance. many functions previously implemented in software were moved into the hardware. it was not practical to build wire-speed bridges with large numbers of high-speed ports because of the manufacturing cost involved. the result is a collision.Recall that when two systems' transmissions occur at the same time. When bridge technology was first developed. except that it occurs after all hosts on the network should have been able to notice that a host was already transmitting. Like early bridges.

NOTE In the same way that a Layer 2 switch is another name for a bridge. and the routing computer would receive it on one NIC. and then resend the traffic out this other NIC. port latency times can become high. If the CRC does not match the frame. whereas routers make decisions based on a map of the Layer 3 network (maintained in a routing table). . Because this type of switching waits for the entire frame to be received before forwarding. not unlike two people having a conversation. as illustrated in Figure 6-12. If the CRC calculated on the packet matches the CRC calculated by the switch. determine that the traffic would have to be sent out the other NIC. or delay. This is not to say that a Layer 3 switch and a router operate the same way. Layer 3 switches make decisions based on the port-level Internet Protocol (IP) addresses.Figure 6-11 PC Routing with Two NICs The early days of routing involved a computer and two NIC cards. Layer 3 switches make decisions regarding how to transmit traffic at Layer 3. Multilayer switching is a switching technique that switches at both the data link (OSI Layer 2) and network (OSI Layer 3) layers. It then determines whether the frame is good or bad. with multilayer switching the switch pulls the entire received frame into its memory and calculates its CRC. the destination address is read and the frame is forwarded out the correct switch port. just as a router does. To enable multilayer switching. but having to go through a third person to do so. of network traffic. However. "What's the difference between a Layer 3 switch and a router?" The fundamental difference between a Layer 3 switch and a router is that Layer 3 switches have optimized hardware passing data traffic as fast as Layer 2 switches. a Layer 3 switch is another name for a router. which can result in some latency. Layer 3 Switching Operation You might be asking yourself. the frame is discarded. The workstation would send its traffic across the wire. Figure 6-12 Layer 3 (Multilayer) Switch Examining Each Frame for Error Before Determining the Destination Network Segment (Based on the Network Address) Similar to a store-and-forward switch. LAN switches must use store-andforward techniques because the switch must receive the entire frame before it performs any protocol layer operations.

recall the following points: • • A switch is a Layer 2 (data link) device with physical ports and that the switch communicates via frames that are placed on to the wire at Layer 1 (physical). Routers have interfaces for connection into the network medium. A simple network made up of two network segments and an internetworking device (in this case. Interior Gateway Routing Protocol (IGRP). Before going forward with this discussion. which in turn are encapsulated inside frames. and a Token Ring interface is required for the router connecting to a Token Ring network. A router has three ways to learn about networks and make the determination regarding the best path: through locally connected ports. for instance. Some of the more common routing protocols used include Routing Information Protocol (RIP). Figure 6-13 Router Interfaces The router in Figure 6-14 has two Ethernet interfaces. the router requires an Ethernet interface. The primary function of the router is determining the best network path in a complex network. For a router to route data over the Ethernet. A serial interface is required for the router connecting to a wide-area network (WAN). Open Shortest Path First (OSPF). a router) is shown in Figure 6-14. such as the use of network address translation (NAT). A router is a Layer 3 (network) device that communicates with other routers with the use of packets. so do not discount the use of a router in your LAN without first examining your LAN requirements. as illustrated in Figure 6-13. a Layer 3 switch is usually faster than a router because it is built on switching hardware. labeled E0 and E1. and Border Gateway Protocol (BGP). Routers receive and use the routing protocol information from other routers to learn about the state of the network.NOTE Within the LAN environment. static route entries. and dynamic routing protocols. Figure 6-14 Two-Segment Network with a Layer 3 Router NOTE Routing protocols are used by routers to share information about the network. The router uses this learned information to make a determination by using routing protocols. Routers . Bear in mind that the Layer 3 switch is not as versatile as a router.

When the router has determined the destination network from the destination IP address. Routing Table Lookup Routers (and Layer 3 switches) perform table lookups determining the next hop (next router or Layer 3 switch) along the route. Host B is on a Token Ring network segment directly connected to the router. forwards the Layer 3 data packet. The Ethernet frame contains a source data link layer MAC address and a destination data link layer MAC address. The IP packet within the frame contains a source network layer IP address (TCP/IP network layer address) and a destination network layer IP address.can modify information received from one router by adding their own information along with the original information. and the router examines the network layer destination IP address of the packet. as illustrated in Figure 6-15. it is called Layer 3 switching or routing. This is called media transition and is one of the features of a network router. encapsulating an Internet Protocol (IP) packet. The router sends this frame out its Token Ring interface on to the segment where Host B will see a Token Ring frame containing its MAC address and process it. on to the wire for transmission across the network. Note the original frame was Ethernet. In the case illustrated in Figure 6-15. When the packet arrives on one interface and is forwarded to another. In this way. and Host B on a Token Ring segment. The router maintains a routing table of network paths it has learned. and the transport method of carrying these packets is called packet switching. each router can share its version of the network. the router examines the routing table and determines whether a path exists to that network. which in turn determines the output port over which to forward the packet or frame. and then forward that on to other routers. Host A is on an Ethernet segment. Host A places an Ethernet frame. The router or Layer 3 switch makes this decision based on the network portion of the destination address in the received packet. Packet Switching Layer 3 information is carried through the network in packets. The router peels off the Layer 2 Ethernet encapsulation. This lookup results in one of three actions: . Figure 6-15 Packet Switching Between Ethernet and Token Ring Network Segments Figure 6-15 shows how a packet is delivered across multiple networks. and the final frame is Token Ring encapsulating an IP packet. and then re-encapsulates the packet inside a new Token Ring frame.

as illustrated in Figure 6-16. the packet is discarded. as illustrated in Figure 6-17. but suffice to say you are concerned with the fact that each IP address has a network and host identifier. data-link address space is flat. you are assuming IP when stating that the router uses the ARP table. Additionally. For directly attached networks. Routing table lookup in an IP router might be considered more complex than a MAC address lookup for a bridge. scheme is beyond the scope of this book.• • • The destination network is not reachable—There is no path to the destination network and no default network. The destination network is reachable by forwarding the packet to another router— There is a match of the destination network against a known table entry. The first lookup can return multiple paths. and the port through which that router can be reached. or subnetting. The first lookup tells the next hop. Discussion of this hierarchical. whereas address lookup in a router looks for variable-length fields identifying the destination network. the lookup returns the network (Layer 3) address of the next-hop router. MAC address lookup in a bridge entails searching for an exact match on a fixed-length field. the router looks up the interface port to forward the packets across. depending on the hierarchical network address scheme used. The destination network is known to be directly attached to the router—The port is directly attached to the network and reachable. so the port is not known until after the determination of how to get there is made. IP addresses are 32 bits in length and are made up of two fields: the network identifier and the host identifier. It needs to use the MAC of the final end node so that the node picks up the frame from the medium. or to a default route if a method for reaching the destination network is unknown. After it determines the best match for the next hop. Both the network and host portions of the IP address can be of a variable or fixed length. The routing table lookup in an IP router determines the next hop by examining the network portion of the IP address. It does not map the destination network address to the router interface. because at the data link layer addresses are 48-bits in length. Also. In this case. Then a second lookup is performed to determine how to get to the next hop. with fixed-length fields— the OUI and ID. Figure 6-16 IP Address Space Figure 6-17 shows that the router receives the traffic from Serial Port 1 (S1) and performs a routing table lookup determining from which port to forward out the traffic. Other Layer 3 protocols. Then a final determination of the exit port is reached. meaning there is no hierarchy or dividing of addresses into smaller and distinct segments. the next step maps the host portion of the destination network address to the data link (MAC) address for the next hop or end node using the ARP table (for IP). do not use ARP to map their addresses to MAC addresses. such as Internetwork Packet Exchange (IPX). Traffic destined for Network 1 is . In either case.

Routing table entries can exist for network identifiers of various lengths. whereas the switch makes decisions based on the MAC address (00-0c-41-53-40-d3). The router makes decisions based on the IP address (68. from 0 bits in length. A network device looking to learn a MAC address broadcasts an ARP request onto the network.209). Not all vendors. Unlike data-link addresses. Figure 6-17 Routing Table Lookup Operation The host identifier portion of the network address is examined only if the network lookup indicates that the destination is on a locally attached network. a network host might have both the IP address of 68. Traffic destined for Network 2 is forwarded out the Token Ring 0 (T0) port. the dividing line between the network identifier and the host identifier is not in a fixed position throughout the network. and traffic destined for Network 3 is forwarded out Serial Port 0 (S0). the mapping of a Layer 3 (network) address to a Layer 2 (data link) address. specifying a default route. unlike a bridge. The host on the network that has the IP address in the request replies with its MAC (hardware) address. such as serial port 0 (S0). including Cisco.forwarded out the Ethernet 0 (E0) port.134. This is called ARP mapping. which might begin with zero or one. where the lookup is for an exact match against a fixed-length field.98. IP routing lookups imply a search for the longest match against a variable-length field. some use slots or modules. .98. NOTE In terms of the Cisco Internet Operating System (IOS) interface. NOTE Some Layer 3 addresses use the MAC address as part of their addressing scheme. to 32 bits in length for host-specific routes. Therefore. ARP Mapping Address Resolution Protocol (ARP) is a network layer protocol used in IP to convert IP addresses into MAC addresses. According to IP routing procedures. the lookup result returned should be the one corresponding to the entry that matches the maximum number of bits in the network identifier. use ports.134. Both addresses identify the same host on the network. such as IPX. For example.209 and a MAC address of 00-0c-41-53-40-d3. port numbers begin with zero (0). but are used by different network devices when forwarding traffic to this host.

Under steady-state conditions. The router then forwards the packet across the local network in a frame with the MAC address of the local host. The packet is destined for a known host on the directly attached network—This is the most common situation encountered by a network router. NOTE . The result of this final lookup falls into one of the three following categories: • • • The packet is destined for the router itself—The IP destination address (network and station portion combined) corresponds to one of the IP addresses of the router. The address discovery procedure is necessary when a previously unheard-from host establishes a new communication session. the router already has ARP mappings available for all communicating hosts.Because the network layer address structure in IP does not provide for a simple mapping to data-link addresses. the router performs a second lookup operation to find the destination address to use in the data-link header of the forwarded packet's frame. Recall that ARP enables the router to determine the corresponding MAC address when it knows the network (IP) address. the router determined that this packet is to be forwarded to another. the router looks up the destination MAC address in its ARP cache. Figure 6-18 Router ARP Cache Lookup NOTE Note in Figure 6-18 that Net 3. because during the routing table lookup. In this case. and data-link addresses use 48 bits. the router might drop the packet that resulted in the discovery procedure in the first place. remote (nonlocally attached) network. For packets destined for a host not on a locally attached network. the packet must be passed to the appropriate higher-layer entity within the router and not forwarded to any external port. the router performs a lookup for the next-hop router's MAC address. albeit measured in milliseconds. For packets destined for hosts on a locally attached network. It is not possible to determine the 48-bit data-link address for a host from the host portion of the IP address. The ARP mapping for the specified host is unknown—The router initiates a discovery procedure by sending an ARP request determining the mapping of network to hardware address. IP addresses use 32 bits. as illustrated in Figure 6-18. or next-hop router. Because this discovery procedure takes time. After determining for which directly attached network the packet is destined. The router determines the mapping from the ARP table and forwards the packet out the appropriate interface port to the local network. Host: 31 is not part of the ARP cache.

0) Software drops the first packet for a destination without an ARP entry. Fragmentation is similar to taking a picture and cutting it into pieces so that each piece will fit into differently sized envelopes for mailing. although it provides the means of communication across different link technologies. In other words. Chapter Summary One of three transmission methods is used to move frames from source to destination: unicast. such as Ethernet. which is capable of overcoming this limitation. Fragmentation is a mixed blessing. Unicast transmission occurs when there is a direct path from source to destination. instead of sending large packets requiring intermediate routers to perform fragmentation. Broadcast is a one- . Further. The IOS does this to handle denial of service (DoS) attacks against incomplete ARPs. The mechanism is at the network layer implementation. It is more efficient for the sending station to send packets not requiring fragmentation anywhere along the path to the destination. a "one-to-one" relationship. the frame is fragmented into smaller pieces for transmission on the particular network. or broadcast. it is best to avoid fragmentation in your network if at all possible. The MTU is often a function of the networking technology in use. Network layer packets can be broken down into smaller pieces if necessary so that these packets can travel across a link with a smaller MTU. Token Ring. MTU discovery is a process by which each device in a network path learns the MTU size that the network path can support. Multicast has a one-to-many relationship in which the frame is delivered to multiple destinations that are identified as part of a multicast group. it drops the frame immediately instead of awaiting a reply. Recall from earlier in this chapter that the MTU indicates the largest frame size (measured in bytes) that can be carried on the interface. pieces for reassembly can be received out of order and may be dropped by the switch or router. Bridges cannot fragment frames when forwarding between LANs of differing MTU sizes because data-link connections rarely have a mechanism for fragment reassembly at the receiver. such as with IP. or Point-to-Point Protocol (PPP). and it is up to the receiver to reassemble these pieces. as indicated by the MTU. PPP is used with Internet connections. As a rule. NOTE Hosts and routers can learn the maximum MTU available along a network path through the use of MTU discovery. Fragmentation Each output port on a network device has an associated maximum transmission unit (MTU). If the frame being forwarded is larger than the available space. It is up to the sender to determine the size of the largest piece that can be sent. multicast.The current version of Cisco IOS (12. the processing accomplishing the fragmentation is significant and could be a burden on each device having to fragment and reassemble the data.

Token Ring. Cut-through switching reads just the destination MAC address (the first 6 bytes of the frame following the preamble) to determine the switch port to forward the traffic. such as Ethernet. The maximum frame length supported by a technology is called the maximum transmission unit. Store-and-forward switching accepts the complete frame into the switch buffers for error checking before forwarding on to the network. A frame received by the switch that is less than the minimum frame length for that technology is called a runt. however. which accepts the first 64 bytes of the frame and checks for errors. they are detectable within the first 64 bytes of the frame. unlike cut-through switching. or with WAN technologies (such as Frame Relay or IP VPN).to-all relationship in which the frame is delivered to all the hosts on the network segment. There are two common categories of switches: store-and-forward switches and cut-through switches. Layer 3 switches tend to have better throughput because of the hardware processing of the address tables rather than the software. Layer 3 switches build a table of network addresses and switch ports. store-and-forward switching does not forward a frame with errors. A third switching category is fragment-free switching. Layer 2 switches make their forwarding decisions based on tables that store the mapping between MAC addresses and switch ports. making the forwarding decisions based on the network address information found in Layer 3. whether or not they want the traffic. The fundamental difference between Layer 2 and Layer 3 switch operation is the layer at which each forwarding decision is made. and is measured in bytes. Layer 3 switches function like routers because of the similar Layer 3 forwarding decision handling. However. Store-and-forward has an advantage over cut-through switching by virtue of its errorhandling mechanisms. Giant frames must be fragmented into smaller frames. rather than just the MAC address found in Layer 2. and a frame greater than the maximum frame length is called a giant. The delay added by store-and-forward switching is minimal and should not be a determining factor when deciding between using cut-through and store-and-forward switching. smaller than the acceptable MTU. Store-and-forward switching adds some delay to the time it takes for the frame to get from source to destination. or MTU. Wireless L ocal Area Networks (WLANs) . Frame size is measured in bytes and has a minimum and maximum length. depending on the implemented technology. before these frames can be forwarded across the switch's or router's network interface. Fragment-free switching works on the precept that if there are any errors on the line.

the standby router takes over once the holdtime expires. and through these. and support for large routing tables • Provides multimedia services such as CGMP. However. which possesses both Ethernet links and antennas to send signals. security services such as access lists and encryption. MSFC Key Features: • • • Delivers a broad array of Cisco IOS software services Provides intelligent services with Cisco IOS software Provides hardware based layer three switching for IP. This is seen as the router's own MAC address and it is filtered out if more than one router in a LAN becomes active. IGMP. via access points. In a wireless LAN. devices can move within and between coverage areas without experiencing disruption in connectivity as long as they stay within range of an access point or extension point (similar to an access point) at all. Infrastructure WLANs. . is more commonly deployed today. particularly spread-spectrum technology based on radio waves. Q. to transfer information between devices in a limited area. and CoS enablers such as RSVP and WFQ • Supports redundancy when redundant MSFC2 equipped supervisors are deployed Q. in which devices can communicate with the access points. There are two types of WLANs. By default. where the wireless network is linked to a wired network. The actual convergence time depends on the HSRP timers configured for the group and possibly on routing protocol convergence. These signals span microcells. If the same group number is assigned to multiple standby groups. IPX and IP Multicast. improved control plane performance. Yes. or circular coverage areas (depending on walls and other physical obstructions). infrastructure WLANs and independent WLANs. it creates a non-unique MAC address. with the wired network (see picture below). Can I configure more than one standby group with the same group number? A. Will the standby router take over if the active router LAN interface state is "interface up line protocol down"? A. In an infrastructure WLAN. and PIM. this equals to three hello packets from the active router having been missed. Yes. the wireless network is connected to a wired network such as Ethernet. The HSRP hellotime timer defaults to 3 and the holdtime timer defaults to 10.(WLANs) utilizes electromagnetic waves. This behavior may change in future releases of Cisco IOS®. Cisco does not recommend it on lower-end platforms such as the 4x00 series and earlier.

An HSRP-enabled router with preempt configured attempts to assume control as the active router when its Hot Standby priority is higher than the current active router. What are the limiting factors that determine how many standby groups can be assigned to a router? A. However. Q. Token Ring: 3 per router (uses reserved functional address). When a tracked interface's state changes to down. The standby router priority is now higher and it sees the state change in the hello packet priority field. and becomes active if this value is lower than its own priority and the standby preempt is configured. the second highest IP address determines the standby router and the other router/routers are in the listen state. Q. Furthermore. Is this true? A. refer to Load Sharing with HSRP for more information. The standby router reads this value from the hello packet priority field. For example. it decrements its priority by 10. If preempt is not configured. The standby preempt command is needed in situations when you want an occurring state change of a tracked interface to cause a standby router to take over from the active router. Yes. Ethernet: 256 per router. The priority field is used to elect the active router and the standby router for the specific group. the router with the highest IP address for the respective group is elected as active. an active router tracks another interface and decrements its priority when that interface goes down. the active router decrements its priority. Q. You can configure by how much the router should decrement the priority. the Cisco 2600 and Cisco 3600 do support multiple MAC addresses on all Ethernet and Fast Ethernet interfaces. . how does the standby router know to become active? A.Note: 4x00 series and earlier do not have the hardware required to support more than one MAC address at a time on Ethernet interfaces. When an active router tracks serial 0 and the serial line goes down. it cannot take over and failover does not occur. If there is no priority configured for a standby group. what determines which router is active? A. However. By default. Which HSRP router requires that I configure preempt? A. FDDI: 256 per router. Note: 4x00 series and earlier do not have the hardware required to support more than one MAC address at a time on Ethernet interfaces. In the case of an equal priority. the Cisco 2600 and Cisco 3600 do support multiple MAC addresses on all Ethernet and Fast Ethernet interfaces. if there are more than two routers in the group. Note: If no priority is configured it uses the default of 100. Q. Q. From reading the documentation it looks like I can use HSRP to achieve load-balancing across two serial links.

The RIF indicates the path and final ring used to reach the MAC address. Will this cause problems with HSRP or my applications? A. use the standby use-bia command. refer to Using HSRP for Fault-Tolerant IP Routing. FDDI. Q. use the standby use-bia command. a Routing Information Field (RIF) is stored with the virtual MAC address in the host's RIF cache. Q. In this way. What is the standby use-bia command and how does it work? A. instead of the default. No. Q. To configure HSRP to use the interface's burnt-in address as its virtual MAC address. You can change this by configuring a more desirable cost for the link you would like the distant router/routers to use.Q. By default. For more information. they send gratuitous Address Resolution Protocols (ARPs) in order to update the host's ARP table. I have noticed that the return traffic comes back through the standby router. or do I have to replace one of the routers so the platforms are identical? A. How does DECnet traffic fit into the HSRP scenario? A. The router now uses its burnt-in MAC address as the virtual MAC address. However. how will it know to dial? A. . you can determine what the switch perceives the HSRP status to be. HSRP uses the preassigned HSRP virtual MAC address on Ethernet and FDDI. DECnet and XNS are compatible with HSRP and multiple HSRP (MHSRP) over Ethernet. what do I see on the CAM tables for the HSRP? A. This situation can lead to packets being bridged to the ring for the previous active router. The command used to track the state of an interface is standby <group#> track <interface> . you can configure it to track a serial interface and swap from the active to the standby router in case of a WAN link failure. HSRP does not support Dial-on-Demand Routing (DDR) directly. or the functional address on Token Ring. but you are not able to support multiple HSRP (MHSRP) due to the hardware limitations of the lower-end platform. However. No. if Source Route Bridging is in use. this does not affect the RIF cache of the hosts that are on the bridged ring. For example. To avoid this situation. Q. Does HSRP support DDR. If I use a switch. As routers transition to the active state. You can mix the platforms with HSRP. Q. on Token Ring. Can a Cisco 2500 and Cisco 7500 router on the same LAN segment use HSRP. and Token Ring on the Cisco 7000 and Cisco 7500 routers only. and if so. The content-addressable memory (CAM) tables provide a map for the HSRP MAC address to the port on which the active router is located. normally this is transparent to all hosts and/or servers on the LAN and can be desirable if a router experiences high traffic. I am using HSRP and all hosts are using the active router to forward traffic to the rest of my network.

Note: Using the standby use-bia command has these disadvantages:
• •

When a router becomes active the virtual IP address is moved to a different MAC address. The newly active router sends a gratuitous ARP response, but not all host implementations handle the gratuitous ARP correctly. Proxy ARP breaks when use-bia is configured. A standby router cannot cover for the lost proxy ARP database of the failed router.

Q. Can I run NAT and HSRP together? A. You can configure network address translation (NAT) and HSRP on the same router. However, a router that runs NAT holds state information for traffic that is translated through it. If this is the active HSRP router and the HSRP standby takes over, the state information is lost. Note: Stateful NAT (SNAT) can make use of HSRP to fail over. For more information, refer to NAT Stateful Failover of Network Address Translation. Static NAT Mapping Support with HSRP for High Availability is another feature which makes NAT and HSRP interact. For more information refer to NAT—Static Mapping Support with HSRP for High Availability. Q. What are the IP source address and destination address of HSRP hello packets? A. The destination address of HSRP hello packets is the all routers multicast address (224.0.0.2). The source address is the router's primary IP address assigned to the interface. Q. Are HSRP messages TCP or UDP? A. UDP, since HSRP runs on UDP port 1985. Q. HSRP stops working when an Access Control List (ACL) is applied. How can I permit HSRP through an ACL? A. HSRP hello packets are sent to multicast address 224.0.0.2 using UDP port 1985. Whenever an ACL is applied to an HSRP interface, ensure that packets destined to 224.0.0.2 on UDP port 1985 are permitted. The Hot Standby Router Protocol (HSRP) provides network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop failures in network edge devices or access circuits. Understanding Spanning-Tree Protocol Spanning-Tree Protocol is a link management protocol that provides path redundancy while preventing undesirable loops in the network. For an Ethernet network to function properly, only one active path can exist between two stations. Multiple active paths between stations cause loops in the network. If a loop exists in the network topology, the potential exists for duplication of messages. When loops occur, some switches see

stations appear on both sides of the switch. This condition confuses the forwarding algorithm and allows duplicate frames to be forwarded. To provide path redundancy, Spanning-Tree Protocol defines a tree that spans all switches in an extended network. Spanning-Tree Protocol forces certain redundant data paths into a standby (blocked) state. If one network segment in the Spanning-Tree Protocol becomes unreachable, or if Spanning-Tree Protocol costs change, the spanning-tree algorithm reconfigures the spanning-tree topology and reestablishes the link by activating the standby path. Each port on a switch using Spanning-Tree Protocol exists in one of the following five states:
• • • • •

Blocking Listening Learning Forwarding Disabled

How the Router Uses the Boot Field The lowest four bits of the 16-bit configuration register (bits 3, 2, 1, and 0) form the boot field. The following boot field values determine if the router loads an operating system and where it obtains the system image: • When the entire boot field equals 0-0-0-0 (0x0), the router does not load a system image. Instead, it enters ROM monitor or "maintenance" mode from which you can enter ROM monitor commands to manually load a system image. Refer to the " Manually Loading a System Image from ROM Monitor" section for details on ROM monitor mode. • When the entire boot field equals 0-0-0-1 (0x1), the router loads the boot helper or rxboot image. • When the entire boot field equals a value between 0-0-1-0 (0x2) and 1-1-1-1 (0xF), the router loads the system image specified by boot system commands in the startup configuration file. When the startup configuration file does not contain boot system

0 to load the system image manually using the boot command in ROM monitor mode. • 1 to load the system image from boot ROMs. On the Cisco 7200 series and Cisco 7500 series, this setting configures the system to automatically load the system image from bootflash. • 2-F to load the system image from boot system commands in the startup configuration file or from a default system image stored on a network server.

Trunk – A trunk is a point to point link between one or more Ethernet switch port and another networking devices.

Sign up to vote on this title
UsefulNot useful