– Drop broadcast messages – Connects LAN’s to WAN’s Switches – Communicate over Layer 2 (MAC) – Distributes broadcast messages – creates multiple collision domains Hubs – Dumb devices with NO logic – data is sent to all connected device Bridge – Local solution connecting two local networks together. A switch maintains a separate bridging table for each VLAN. Switches have a higher number of ports than bridges Both Switches and Bridges flood layer 2 broadcasts Both bridges and switches make forwarding decisions on layer 2 Advantages Switches have over hubs – Filtering frames based on MAC – Allowing simultaneous frame transmission Straight Cables – Connect Switch to Router – Connect PC to Switch – Pins are identical both sides Crossover Cables – Connect PC to PC – Wire 1 needs to connect with wire 3 – Wire 2 needs to connect with wire 6 10BaseT, 100BaseT & 1000BaseT – Ethernet cables all have the same 100m restriction. Speed & Duplex – NICs are designed with AUTO detect. – 100mbps NIC – Hardcode – 1000mbps NIC – Auto – Speed 10/100mbps – Duplex Half/Full – Auto-negotiation = 802.3u OSI L7 Application – browsers L6 Presentation – html, encryption L5 Session – session id’s L4 Transport – Segment L3 Network – Packet L2 Data Link – Frame L1 Physical – Bit TCP/IP L4 Application L3 Transport L2 Internet L1 Network L1 – Cables broken? Correct Speed/Duplex? Port open? L2 – Correct protocol? Ethernet, HDLC, PPP? L3 – Correct IP/Subnet? L4 – Routing protocol used? is network advertised? Troubleshooting – Late Collisions indicate a duplex mismatch – CRC Errors indicate bad cable/EMI – Runts – packets that are smaller than the required 64bytes. – Giants – packet that is larger than the MTU. Same Layer Interaction – Header information added by a layer on the sending device is processed by the same layer on the receiving device. Adjacent Layer Interaction – A layer provides a service for a layer higher in the stack. A higher layer in the stack will request lower layers to perform functions required. – Cut-through switching is a method for packet switching systems, wherein the switch starts forwarding a frame (or packet) before the whole frame has been received, normally as soon as the destination address is processed. STP – Spanning-Tree Protocol – blocks some ports from forwarding frames so that only one active path exists between any pair of lan segments. – Caused by a flood when the MAC address table is full or the MAC address of a host is unknown. CSMA/CD – Carrier Sense Multiple Access/Collision Domain – CSMA/CD Is and indication that a half duplex is running. CRC/FCS – Cyclical Redundancy Check – Frame Check Sequence – FCS field resides in the Ethernet trailer. – FCS creates a hash using packet – Device receiving packets decodes hash – If hash doesn’t match then packet is dropped. DNS – Domain Name Server – Checks IP’s against domain names ARP – Address Resolution Protocol – used to identify hosts using IP and MAC addresses. – If host checks ARP cache and MAC is no there an ARP broadcast is generated. CAM Table – Also known as a MACADDRESS-TABLE, switching table or bridging table. – Shows ports with learnt MACs ICMP – Internet Control Message Protocol – reports issues with IP packets – If there is an issue and IP packet destroyed and an ICMP message is generated and sent to host of origin – PINGs have TTL so show latency IP – Internet Protocol – operates at the Network Layer – connection-less – looks at IP destination – determines best path TCP – Transmission Control Protocol – Reliable connection orientated – 3 way – SYN, SYN ACK, ACK – Windowing – FTP(21), SSH(22), Telnet(23), SMTP(25), DNS Server(53), HTTP(80), POP3(110), HTTPS(443) – TCP provides a sequencing of segments with a forward reference acknowledgement. UDP – User Datagram Protocol – Connection-less Protocol – no checks – sends data numbered – DNS client(53),TFTP(69) Sequence number, acknowledgement number and window size are all found in the TCP header and NOT the UDP. Unicast – One message to one device Multicast – One message to group Broadcast – One message to network IPv4 Addressing Classes of address Class A – 1 – 127 / 8 Class B – 128 – 191 / 16 Class C – 192 – 223 / 16 Class D – 224 – 239 – Multicast Class E – 240 – 254 – Experimental Private IP’s – A – 10.0.0.0 – 10.255.255.255 – B – 172.16.0.0 – 172.31.255.255 – C – 192.168.0.0 -192.168.255.255 Public IP’s – A – 1.0.0.0 – 126.255.255.255 – B – 128.0.0.0 – 191.255.255.255 – C – 192.0.0.0 – 223.255.255.255 – Automatic Addresses – 169.254.0.0 – 169.254.255.255 Loopback Addresses – 127.0.0.0 – 127.255.255.255 Running-Config is stored in RAM Startup-Config is stored in NVRAM VLAN – Layer 2 feature – Cannot speak directly without a layer 3 assistant (router) – Segments broadcast domains – Logically groups users – Subnet correlation – Access control – QoS – Native VLAN has to match across network. – VLAN Pruning, stops VLANs crossing switches where the VLAN doesn’t exist. Link Type – Grouping similar items Unified – Grouping by building Server Virtualisation – Hosting multiple servers/services on one server. Trunking Protocols (VTP & 802.1Q) – Layer 2 feature – 802.1Q = VLAN tagging – Defines a system of tagging Ethernet Frames – A frame without a VLAN tag is assumed part of the Native VLAN. – VTP – VLAN Trunking Protocol – Carries VLAN info to all switches that are part of a VTP domain. – VLAN consistency across network – VTP survives configuration resets – Higher revs will override lower revisons – VTP transparent mode CPD – Cisco Discovery Protocol – Cisco proprietary – Seeks surrounding devices and adds them to a CDP table. – Advertises every 60 seconds Routing – The process of moving packets between IP based networks – IOS powered, CEF enhanced Cisco Routers support two types of interfaces: – point-to-point – point-to-multipoint CEF – Cisco Express Forwarding – ADV Layer 3 switching technology – Layer 3 Switching & Routing is performed on hardware (ASIC). – Increases speed, reduces overhead and delays. IGRP – Advertising every 90 seconds – Dead timer of 270 seconds – LSA – Link State Advertise = Speed RIP (AD 120) – Advertising every 30 seconds – Shares entire routing table – 90 seconds to tell if neighbor is down. – LSA – Hop Count OSPF (AD 110) – Open Shortest Path First – Hello Timer = 10secs – LSA = Cost = Bandwidth – Timers (10 Hello 40 Dead) – OSPF must run in the same area – OSPF must run the same key (auth) – OSPF must run within the same subnet mask. Characteristics of OSPF – Uses cost to determine best route – OSPF routers discover neighbors before exchanging routing information – it converges quickly OSPF maintains topology database – Topology database is a routing table for which no path decisions have been made – The topology Database us updated by Link State Advertisements OSPF Hello packets perform: – Dynamic Neighbor Discovery – Maintains Neighbor Relationships OSPF hello packets use the multicast address 224.0.0.5 to detect and keep track of neighbors. The show ip OSPF interface command lists the area in which the interface belongs, the DR and the BDR, and neighbors adjacent on the interface. OSPF uses the cost to determine the metric for each route. The cost value can be set on an interface using the ip OSPF cost interface command. The OSPF cost can also be manipulated using the bandwidth interface command. The default cost of an OSPFenabled interface is found using the following formula: Cost = 10^8 / bandwidth Where bandwidth is the bandwidth of the interface in bps. For example, Cisco IOS defaults to a bandwidth of 10,000 kbps, which is 10 Mbps on Ethernet interfaces, so the cost of this is 10^8 / 10^7 =10. Serial interfaces default to a bandwidth of 1544 kbps, giving the OSPF-enabled interface a default cost of 64. In this example, the interface bandwidth was changed to 64. The bandwidth command units are in kbps, so 108 / 64000 is rounded down to 1562, the correct answerand the cost of the interface. EIRGP (AD 90) – Fastest protocol – Combo of RIP & OSPF features – Metric = k value – Only uses Bandwidth + Delay as standard BGP (AD 20) – Border Gateway Protocol – Used at ISP or Enterprise level Administrative Distance – Works above the metric – How ‘believable’ a route is – Each routing protocol has a number assigned – The lower the number the better – STATIC ROUTES = AD 1 RIPv2, EIGRP, OSPF, and BGP are all classless protocols. Classless protocols send a route’s subnet mask in its routing updates, thus supporting VLSM and CIDR. Before an AD is even considered priority to the route with the largest subnet is always given. Distance Vector Protocol – send periodical updates regardless of topology changes – updates the routing table based on update from neighbours. Access Control Lists (ACL) – Used for access control, NAT, QoS, Demand Dial Routing, Policy Routing and Route Filtering. – List is read from top to bottom – Ends with implicit deny – Applied in/outbound on an interface Standard ACLs – Matches based on source address – Lower processor utilisation – Effect depends on application Extended ACLs – Matches based on source/destination address, protocoland source/destination port. Static Routing – Stopping broadcasts – Finding the best path to destination – Moving unicast traffic between networks. – The more specific a route is the better, priority is worked out through the subnet mask. – NAT – Network Address Translation – Translates Private IPs to Public addresses. – Configured Statically/Dynamically – NAT Overload = PAT – Port Address Translation – 1 to 1 – one host assigned to the inside global address. – ‘Overloading’ – a single public IP assigned to the router can be used by multiple internal hosts. This is done by translating source UDP/TCP ports in the packets and keeping track of them within the translation table kept in the router. IPv6 – IHL, header checksum,and flags are all present in IPv4 that are not present in IPv4. – Benefits include IPSec, mobility and simpler header. – A 128 bit hexadecimal address – Tunnelling is a mechanism that encapsulates IPv6 packets in IPv4 packets for transportation over an IPv4 network. – Dual stack works by assigning both an IPv4 & IPv6 address to an interface. – Link-Local -L2 domain – Assigned automatically as in IPv6 host comes online. – Always begins with ‘FE80’ followed by 54 bits of zeros, – Last 64 bits is EUI 64. – Unique Local – Organisation – Global Scope – Internet – First High-level 3 bits set to 001 (2000::/3) – Routing prefix 48 bits or less IPv6 addressing short hand – Eliminate groups of consecutive 0’s – Drop leading zeros Examples of Valid IPv6 addresses – ::10.1.1.1 – 2003:1bcd:023::2a – 2003:abcd:cafe:4bad:45:12:aa:103 – :: EUI 64 – Using MAC address as host id. – A 64-bit interface identifier is derived from its 48-bit MAC address. A MAC address 00:0C:29:0C:47:D5 is turned into a 64-bit EUI-64 by inserting FF:FE in the middle: 00:0C:29:FF:FE:0C:47:D5. IP provides best-effort delivery of packets. Show process – shows CPU utilisation. Show access-list – shows what tips are allowed inside address. Trace-route relies on Time-to-live (TTL) packets not hops. The show ip interface interface-id command displays whether an access list is assigned to an interface. DHCP Address conflicts occur when the same IP address is used by two hosts. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. This address will not be used until the administrator resolves the conflict. An IPv6 header contains the next header field, and IPv6 routers send router advertisement (RA) messages. RA messages are part of IPv6 stateless auto-configuration. Switches will never learn broadcast addresses because they will never be the source address of a frame and cannot be stored in the mac-address-table. An Ethernet frame maximum transmission unit (MTU) is 1518 bytes. Any frame larger than the MTU is considered a giant/jumbo frame. Establishing VLANs increases the number of broadcast domains. Micro-segmentation decreases the number of collisions on the network. Hot Standby Router Protocol (HSRP) is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway. The protocol establishes a framework between network routers in order to achieve default gateway failover if the primary gateway becomes inaccessible, in close association with a rapid converging routing protocol like EIGRP or OSPF. HSRP routers send multicast Hello messages to other routers to notify them of their priorities (which router is preferred) and current status (Active or Standby). The primary router with the highest configured priority will act as a virtual router with a pre-defined gateway IP address and will respond to the ARP / ND request from machines connected to the LAN with a virtual MAC address. If the primary router should fail, the router with the next-highest priority would take over the gateway IP address and answer ARP requests with the same MAC address, thus achieving transparent default gateway failover. HSRP is not a routing protocol as it does not advertise IP routes or affect the routing table in any way. HSRP has the ability to trigger a failover if one or more interfaces on the router go down. This can be useful for dual branch routers each with a single serial link back to the head end. If the serial link of the primary router goes down, the backup router will take over the primary functionality and thus retain connectivity to the head end. Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols by adding basic load balancing functionality. In addition to being able to set priorities on different gateway routers, GLBP allows a weighting parameter to be set. Based on this weighting (compared to others in the same virtual router group), ARP requests will be answered with MAC addresses pointing to different routers. Thus,by default, load balancing is not based on traffic load, but rather on the number of hosts that will use each gateway router. By default GLBP load balances in round-robin fashion. GLBP elects one AVG (Active Virtual Gateway) for each group. Other group members act as backup in case of AVG failure. In case there are more than two members, the second best AVG is placed in the Standby state and all other members are placed in the Listening state. This is monitored using hello and holdtime timers, which are 3 and 10 seconds by default. The elected AVG then assigns a virtual MAC address to each member of the GLBP group, including itself, thus enabling AVFs (Active Virtual Forwarders). Each AVF assumes responsibility for forwarding packets sent to its virtual MAC address. There could be up to four AVFs at the same time. By default, GLBP routers use the local multicast address 224.0.0.102 to send hello packets to their peers every 3 seconds over UDP 3222 (source and destination). Cisco implemented IPv6 support for GLBP in IOS release 12.2(33)SXI.[1] Neighbor Discovery Protocol (NDP) acts as a replacement for several IPv4 protocols, including ARP, as well as providing several new functions for IPv6. ARP does not exist in IPv6. By default, two Cisco 2960 switches that have a crossover cable connected will not automatically form an 802.1Q trunk because of the default trunking setting of dynamic auto. To create a trunk, one of the two switches can be configured to trunk (switchport mode trunk) or to initiate the negotiation of trunking (switchport mode dynamic desirable).