AVAILABLE COMMANDS

USER/PRIVILEGED EXEC COMMANDS
• • • • • • • • • • • • • • • • • • • • • • • • • • •

clear frame-relay-inarp configure terminal copy running-config startup-config copy startup-config running-config disable disconnect enable exit help ping <ip address> show cdp show cdp interface show cdp interface <all supported interfaces> show cdp neighbors show cdp neighbors <all supported interfaces> show configuration show controllers show frame-relay lmi show frame-relay map show frame-relay pvc show frame-relay route show history show interfaces show interfaces <all supported interfaces> (including bri0:1, bri0:2) show ip access-lists show ip interface show ip interface <all supported interfaces>
1

• • • • • • • • • • • • • • •

show ip route show ipx route show ipx servers show isdn active show isdn history show isdn status show running-config show startup-config show version terminal editing terminal history terminal history size <size> terminal no editing terminal no history traceroute <ip address>

GLOBAL CONFIGURATION COMMANDS
• • • • • • • • • • • • • • • •

access-list <1-99> deny/permit access-list <1-99> deny/permit <wildcard mask> access-list <1-99> deny/permit <address> banner <banner text> banner exec <banner text> banner incoming <banner text> banner login <banner text> banner motd <banner text> cdp holdtime <time> cdp timer <time> cdp run dialer-list <1-10> protocol ip enable password <password> enable secret <password> end exit

<address> <address> host

deny/permit

2

• • • • • • • • • • • • • • • •

help hostname <name> interface bri <number> interface ethernet <number> (with subinterfaces) interface serial <number> (with subinterfaces) ip route <address> <mask> <interface> <next hop address> ip routing ipx routing isdn switch-type <type> line console 0 line vty <number> line vty <number> <number> router rip router igrp <AS number> router eigrp <AS number> router ospf <process id>

ETHERNET INTERFACE COMMANDS
• • • • • • • • • •

cdp enable description <LINE> exit help ip access-group <number> in/out ip address <address> <mask> ipx network <address> ipx network <address> encapsulation <type> ipx network <address> encapsulation <type> secondary shutdown

SERIAL INTERFACE COMMANDS

cdp enable
3

• • • • • • • • • • • • • • • • clock rate <number> description <LINE> encapsulation frame-relay encapsulation hdlc encapsulation ppp exit frame-relay interface-dlci <number> frame-relay inverse-arp frame-relay map ip <address> <dlci> help ip access-group <1-99> ip address <address> <mask> ipx network <address> ipx network <address> encapsulation <type> ipx network <address> encapsulation <type> secondary shutdown BRI COMMANDS • • • • • • • • • • • • • description <LINE> dialer fast-idle dialer idle-timeout dialer map ip <address> <string> dialer string <string> dialer-group <number> exit help ip address <address> <mask> isdn spid1 <string> <string> isdn spid2 <string> <string> isdn switch-type <type> shutdown LINE/CONSOLE COMMANDS 4 .

• • • • exit help login password <password> ROUTER COMMANDS • network SWITCH USER/PRIVILEGED MODE COMMANDS • • • • • • • • • • • • • • • • • • • • • • • configure configure terminal disable enable exit help ping <ip address> show cdp show cdp interface show cdp interface <ethernet/fast ethernet ports> show cdp neighbors show cdp neighbors <ethernet/fast ethernet ports> show history show interfaces show interfaces <ethernet/fast ethernet ports> show ip show running-config show spanning-tree show spanning-tree <number> show version show vlan show vlan <number> show vlan-membership 5 .

• show vtp SWITCH GLOBAL COMMANDS • • • • • • • • • • • • • • • cdp holdtime <number> cdp timer <number> enable password level 15 <password> end exit help hostname <name> interface <ethernet/fastethernet port> ip address <address> <mask> ip default-gateway <address> spanning-tree <number> ... switchport access vlan <number> vlan <number> vlan <number> name <name> vtp client/server/transparent SWITCH ETHERNET/FAST ETHERNET COMMANDS • • • • • • cdp enable description <WORD> exit help shutdown vlan-membership static <number> 6 .

and error correction. They identify and retransmit lost packets. A connection-oriented protocol is a good choice where reliable. You should also know the following facts about connectionless communication: • • • • Connectionless services assume an existing link between devices and allow transmission without extensive session establishment. or acknowledgements. Connectionless communications include no error checking or acknowledgement mechanisms. The three phases of connection-oriented communication are: 1. efficient communication. USES OF THE OSI MODEL You should be familiar with the OSI model. Connectionless protocols allow quick. error detection. Connectionless communications use no error checking. 2. Using the OSI model to discuss networking concepts has the following advantages: • • • Provides a common language or reference point between network professionals Divides networking tasks into logical layers for easier comprehension Allows specialization of features at different levels 7 . Session termination (connection release). However. They perform session initiation. and 3. data errors and packet loss might occur. session establishment. remember that it is only a theoretical model that defines standards for programmers and network administrators. Session initialization (connection establishment). because it is the most widely used method for talking about network communications. error-free communications are more important than speed. However. CONNECTIONLESS • • • Connection-oriented protocols are reliable. not a model of actual physical layers.CONNECTION-ORIENTED VS. Session maintenance (data transfer).

WMV. maintain. EBCDIC MIDI. • • • OSI layers are theoretical and do not actually perform real functions. WAV SQL NFS ASP RPC X window TCP (connection- • • • • • • • • S • Packets T • Segments . Packets AVI ASCII. Industry implementations rarely have a layer-to-layer correspondence with the OSI layers. PICT MPEG. Different protocols within the stack perform different functions that help send or receive the overall message. translation. TIFF. OSI MODEL LAYERS L Description and keywords • Protocols • • • • • • Encapsul ation Messages and Packets User interface Communication partner identification A • HTTP Telnet FTP TFTP • P • Data format (file formats) Encryption. BMP. 8 .• • • Aids in troubleshooting Promotes standards interoperability between networks and devices Provides modularity in networking features (developers can change features without changing the entire approach) However. and compression Data format and exchange Keeps data streams separate (session identification) Set up. you must remember the following limitations of the OSI model. and tear down communication sessions Reliable (connection-oriented) and unreliable (connectionless) • • • SNMP JPEG.

hardware address Logical network topology Media access Flow control o Acknowledgements o Buffering o Windowing Parity and CRC Move bits across media Cables. 802. connectors.3 (Ethernet). bit synchronization) Physical topology (network layout) Datagram s. 802. a. ATM EIA/TIA 232 (serial signaling) V.11 Frames (Wireless) WAN protocols: HDLC. 802.35 (modem Bits signaling) Cat5 RJ45 • • • • • • • • • P • 9 . PPP. and UDP (connectionless) Packets IP IPX AppleTalk Packets and Datagram s • • • • • • • • • D • • DECNET LAN protocols: 802. ISDN. Frame Relay.a.• • • communications End-to-end flow control Port and socket numbers • oriented) • N • Segmentation. burned in address (BIA).2 (LLC).5 (Token Ring).k. pin positions Electrical signals (voltage. sequencing. and combination Logical addresses Path determination (identification and selection) Routing packets Convert bits into bytes and bytes into frames MAC address.

255 224.0.0 C 255.255.0.255.0.0. The address class identifies the range of IP addresses and a default subnet mask used for the range.0.255.0 D n/a E n/a 10 .255 First Octet Range 1-126 (00000001--01111111 binary) 128-191 (10000000--10111111 binary) 192-223 (11000000--11011111 binary) 224-239 (11100000--11101111 binary) 240-255 (11110000--11111111 binary) Default Subnet Mask 255.0 to 191.255.0 to 223.255.255. Class Address Range A 1.255.255.0 B 255.255.255 240.0.255 192.0 to 255.0.0.255.0. IP addresses have a default class.255.0.255. The subnet mask is used to separate the network and host addresses.255 128.0.0.0.0 to 239. The following table shows the default address class for each IP address range.IP ADDRESS CLASSES A single IP address identifies both the network address and the host address.0 to 126.255.

0 • 154. (Some older routers use this address as a broadcast address.77.168.0.When using the default subnet mask for an IP address.255. Examples: to 1 • 115.) An address with all bits of the network portion of an address set to 0 refers to a host on "this" network.0 All bits of the network portion of an address set to 0 0.255.255.255. Class B addresses give you 65.0.255--Broadcast to all hosts on Class B network 11 .534 hosts per network.0 to 192.255.52--Specific host on a Class B network 0.0 All bits of the host An address with all bits of the host portion of an address set to 1 is a portion of an address set broadcast message for all hosts on the network.214 hosts per network. Class C addresses give you 254 hosts per network. SPECIAL ADDRESSES The following address ranges have been reserved for private use.0.0.0.0 Class C network address: 221.0 Class B network address: 154.233--Specific host on a Class A network 0.65. Examples: • • • IP Address 0.69--Specific host on a Class C network An address with all bits of the host portion of an address set to 0 refers to the network itself.0.255 192.255 Use This network address is used by routers to specify the "default" route.168.0.77. Using a generic value reduces the number of routing table entries.65. • • • 10.777.255.0.0.0.31.90.255--Broadcast to all hosts on Class A network 115.255.0. you have the following number of available host addresses: • • • Class A addresses give you 16.255 172. Examples: All bits of the host portion of an address set to 0 • • • Class A network address: 115.0 to 172.244.0.90.0.0 to 10.16.0.

255. 3.1 refers to the local host. 5. 4. and transmitting the message through the transmission media.244.0. (Note: This address is not included in the range of Class A or Class B addresses. The Data Link layer converts the packets into frames. 2. You need to know the following five-step data encapsulation process: 1.0. The following short descriptions can help you remember the steps of the data encapsulation process: 1. The Transport layer breaks the data into pieces called segments.255--Broadcast to all hosts on Class C network 221. Devices needed to be able to detect and recover from collisions. 5. • 127. The Physical layer converts the frames into bits for transmission across the transmission media.0.0 This network address is reserved for the loopback address. 2.90.AND FULL-DUPLEX With the original Ethernet standards.65. 12 . The Network layer converts the segments into packets.65. 3.) The address 127. adding logical network and device addresses. 4. adding physical device addressing information. adding sequencing and control information.0.0 222.244.0. adding control and other information.255.154. This address is used to indicate a broadcast message intended for all hosts on this network.255 SERVICE DATA UNITS AND ENCAPSULATION Encapsulation is the process of breaking a message into packets. Upper layers prepare the data to be sent through the network.0 255. Upper layers--data Transport layer--segments Network layer--packets containing logical addresses Data Link layer--framing that adds physical addresses Physical layer--bits HALF. all devices shared the same cable. This caused two problems: • Collisions occur when two devices transmit at the same time.

etc.) • Requires switches with dedicated switch ports (a single device per port) Halfduplex Fullduplex BRIDGE FACTS You should understand the following concepts relating to the operation of bridges.• Each device could either transmit or receive data at any given time. Devices with collision detection turned on operate in half-duplex mode. • • • • Bridges connect two media segments that use the same protocol. With a single device connected to a switch port. These two problems were solved in the following ways: • • Using twisted pair cable. devices with collision detection turned off operate in full-duplex mode. This meant that the device was either receiving data or listening for incoming data. With these problems solved. collisions are eliminated. Devices can transmit and receive data simultaneously. Devices were not able to both send and receive at the same time (much like using a one-lane road for traffic in two different directions). 100 Mbps for 100BaseT. etc. Using switches. Devices can use different wires to send and receive data (allowing them to do both simultaneously). 200 Mbps for 100BaseT. Bridges examine the source address to determine the media segment of network devices. and can begin transmitting data as soon as they have data to send. Bridges maintain a table of device addresses and their corresponding segments. you can turn off collision detection.) • Devices connected to a hub must use half-duplex communication • Collision detection is turned off • The device can send and receive at the same time Double the rated bandwidth (20 Mbps • Requires full-duplex capable NICs for 10BaseT. multiple strands of wires are combined into a single cable. Bridges operate at the Data Link layer of the OSI model. 13 . Mode Description Bandwidth • Collision detection is turned on • The device can only send or receive at any given time Up to the rated bandwidth (10 Mbps for 10BaseT. devices are given a dedicated communication path.

• • At least 80% of network traffic should stay within a segment. SWITCH FACTS Switches provide functionality similar to bridges. Bridges can link segments with dissimilar transmission media and media access methods. Messages within a media segment are prevented from crossing over to another segment. Bridges forward packets for multiple upper-layer protocols. or to prevent unwanted traffic from crossing over to other segments. Switches examine the source and destination Data Link (MAC) address in each packet to build the database and make forwarding decisions. Switches build a forwarding database in a manner similar to bridges. When designing the placement of bridges on the network. Switches offer the following advantages over a non-switched network. No more than 20% of network traffic should pass through the bridge to another segment. Use bridges to isolate traffic to a segment. Switches provide guaranteed bandwidth between devices (if dedicated ports are used). or to slow WAN links. but typically on a larger scale and with higher performance. • • • • Switches are associated with the Data Link layer of the OSI Model. • • Switches create separate collision domains. You can connect a single device to a switch port or multiple devices to a switch port by using a hub. 14 . follow the 80/20 rule. Bridges offer the following advantages: • • • • Bridges prevent wasted bandwidth by eliminating unnecessary traffic between segments. Bridges do not filter broadcast packets. Bridges increase the maximum network length. Bridges cannot translate upper-layer protocols. Bridges cannot forward packets to different networks based on the network address.• • Each segment connected by a bridge can have the same network address. Switches connect multiple segments or devices and forward packets to only one specific port. Bridges have the following limitations: • • • • Bridges cannot link multiple architectures because different frame types are used.

The following table compares the different methods the switch uses to forward packets (Cisco switches support all three methods). BRIDGE AND SWITCH FORWARDING FACTS Both bridges and switches build a forwarding database. The frame's integrity has been verified (a valid CRC). Method Store-andforward Characteristics Store-and-forward switches: • • Receive the entire frame. Switches induce less latency than other segmentation solutions. Transparent bridges forward packets only if the following conditions are met. How switches forward packets depends on the switch type. Bridges and switches can automatically learn about devices to build the forwarding database. o If the destination address is not in the database. If the source address is not in the forwarding database. Ethernet switches can be implemented without re-cabling. The port it came in on is also recorded. Switches can simultaneously switch multiple messages.e. an entry for the address is made in the database. The database is a list of Data Link (MAC) addresses and the port used to reach the device.• • • • • • Switches can be used to provide collision-free networking (i. the packet is forwarded to the appropriate port if the port is different than the one on which it was received. The frame is not addressed to the bridge. • • • The frame contains upper-layer data (data from the LLC sublayer on up). Switches enable full-duplex communication. if only one device is connected to each switch port). the packet is sent out all ports except for the one on which it was received.and 100 Mbps-capable devices (if the switch is a 100 Mbps switch). The destination address is then examined. Switches can mix 10 Mbps. o If the destination address is in the database. o Broadcast packets are forwarded to all ports except the one on which they were received. Bridges and switches use the following process to dynamically build the forwarding database: • • The process begins by examining the source address of an incoming packet. Frames with errors are 15 . A network administrator can also program the device database manually. Verify the frame's integrity (check the CRC).

The routing protocol determines: • • • The information contained in the routing table How messages are routed from one network to another How topology changes (i. Cut-through switches: Cut-through • • • Read the destination device address. The exact format of these exchanges is based on the routing protocol.e. The routing table typically contains the address of all known networks and routing information about that network such as: • • • • • Interface Routing Path Next Hop Route Metric (Cost) Route Timeout Routers build and maintain their routing database by periodically sharing information with other routers. Newer switches can monitor each port and determine which method to use. They can automatically switch to store-and-forward if the number of errors on a port exceeds a configurable threshold. Introduce more latency (delay) than cut-through switches. Forward the frame to the destination device. Forward the packet without verifying frame integrity. Fragment-free switches: • • • • Fragment-free Read the first 64 bytes of a frame. Verify that the packet is not a fragment. ROUTING FACTS Routers can forward packets through an internetwork by maintaining routing information in a database called a routing table.• • not forwarded. Forward non-fragmented frames. but not as great as store-and-forward switching. updates to the routing table) are communicated between routers 16 . Are faster than store-and-forward switches (less latency). Introduce some latency.

The Data Link destination address indicates the physical address of the next hop on the route. the Data Link layer address is the MAC address. broadcast traffic. the IP address is the Network layer address. 17 . you can increase network performance. IP (Network) addresses are contained in the IP header. The Network address contains both a logical network address and a logical device address. As you segment the network. Network addresses remain constant as the packet is delivered from hop to hop. MAC (Data Link) addresses are contained in the Ethernet frame header. A router uses the logical network address specified at the Network layer to forward messages to the appropriate LAN segment. MESSAGE ROUTING FACTS Keep in mind the following points about how a packet is addressed as it travels through an internetwork. The term convergence is used to describe the condition when all routers have the same (or correct) routing information. Both the source and destination Network and Data Link addresses are typically contained in the packet. On an IP network. • • • • • • • • • On an Ethernet network.Regardless of the method used. and reduce congestion. or heavy network traffic. Data Link addresses in the packet change as the packet is delivered from hop to hop. you will need to consider the collision and broadcast domains on the network. By segmenting a LAN. Both Data Link physical addresses and Network logical addresses are used. The Network destination addresses indicate the address of the final destination device. SEGMENTATION FACTS LAN segmentation is the process of dividing the network to overcome problems such as excessive collisions. changes in routing information take some time to be propagated to all routers on the network. maximize bandwidth.

• • A collision domain is any network or subnetwork where devices share the same transmission medium and where packets can collide. A broadcast domain is any network or subnetwork where computers can receive frame-level broadcasts from their neighbors. Device Collision Domain All devices connected to the hub are in the Hub same collision domain All devices connected to a single port are in Bridge or the same collision domain (each port is its Switch own collision domain) Router All devices connected to a single interface are in the same collision domain Broadcast Domain All devices are in the same broadcast domain All devices connected to the bridge or the switch are in the same broadcast domain All devices accessible through an interface (network) are in the same broadcast domain In considering a network expansion solution. switches. In this condition. Device Characteristics Router Routers perform the following functions that are not performed by bridges or switches. and responded to. As you add devices to a network segment. Membership within collision or broadcast domains differs depending on the connection device used. and then identify the device that is best suited for that situation. Collisions naturally increase as the number of devices in a collision domain increase. the amount of broadcast traffic on a segment also increases. the amount of broadcast traffic consumes network bandwidth and prevents normal communications. regenerated. The main differences between routers. Faulty devices or improper configuration conditions can lead to a broadcast storm. Note: A special condition called a broadcast storm happens when broadcast traffic is sent. and bridges is the range of services each performs and the OSI layer at which they operate. • • • Route packets between separate networks Modify packet size through fragmentation and combination Route packets based on service address Choose a router if you need to: • • • • • Connect your network to a WAN (such as the Internet) Filter broadcast traffic (prevent broadcast storms) Connect two separate networks that use the same protocol Improve performance in the event of a topology change (routers recover faster than bridges or switches) Reduce the number of devices within a domain (increase the number of broadcast domains) 18 . it is important to identify the connectivity problems you need to resolve. Segmentation may increase the number of both the collision and broadcast domains.

g. • • • Use a bridge to segment the network (divide network traffic) and to provide fault tolerance. implement security. follow these guidelines to make decisions about the appropriate connectivity device. Ethernet to token ring) Choose a switch if you need to: • • Switch • • • • Provide guaranteed bandwidth between devices Reduce collisions by decreasing the number of devices in a collision domain (i.g.• • • Enforce network security Dynamically select the best route through an internetwork Connect two networks of different architectures (e. Use a router to filter broadcast messages. In general. 19 .e. create multiple collision domains) Implement full-duplex communication Connect two network segments or devices using the same protocol Provide improved performance over a current bridged network Switch traffic without the cost or administration involved with routers Choose a bridge if you need to: • • • • • Bridge Isolate data traffic to one network segment Route traffic from one segment to another (with the same network ID) Link unlike physical media (e. STARTUP FACTS The following graphic details the process used to boot the router. choose a switch instead. twisted pair and coaxial Ethernet) of the same architecture type Link segments that use the same protocol Create segments without the expense and administration of routers In most cases where you might use a bridge. Use a switch to reduce collisions and offer guaranteed bandwidth between devices. or connect between different networks.

it runs through the following boot process. 1. NVRAM (startup-configuration file) 2. when it boots. The router can load a configuration file from: 1. This happens when you erase the current startup-config file. A setting of 0x2102 means that the router will use information in the startup-config file to locate the IOS image. The router checks the configuration register to identify where to load the IOS image from. TFTP server 3. it immediately enters Setup mode. The router loads the configuration file into RAM (which configures the router). Therefore. Setup mode is a special. ROM (used if no other source is found) 3. guided routine that asks you a series of questions and uses your responses to make basic configuration entries. it will check the following locations for the IOS image: 1. the router starts in setup mode. Flash (the default location) 2. If a configuration file is not found. it has no startup-config file. 2. TFTP server 3.When you turn the router on. There are two ways to enter setup mode: • • Boot the router without the startup-config file. the System OK LED indicator comes on. When the POST completes successfully. 20 . The Power-On Self Test (POST) checks the router's hardware. If the startupconfig file is missing or does not specify a location. SETUP MODE FACTS If the router is brand new. Use the setup command from privileged mode. or when you boot a new router.

The following lists summarize the router advanced editing features.. To.. so the information you see depends on what you are doing. Show list of all commands available in the current ? mode Show commands that begin with specific letter(s) xx? (no space between the letter and ?) Show keywords for a command Get the full command from a partial command command ? (space between command and ?) partial command + <tab> (no space) Note: Typing ? acts as a return. Use. 21 .. new Cisco routers have no passwords set.D Identifies a specific keyword that must be typed as shown Enter a number within the range in brackets Enter a hexadecimal number within the range in brackets The command is complete as typed. you will see the following types of items. When you use Help to display the possible keywords for a command...C. press Enter to execute the command Enter an IP address EDITING FEATURES FACTS This feature uses the same keystrokes as UNIX emacs editing. Supply.. To . Cisco bases this on the mode you are in and the words or partial words you type with the ?.B.. When you see. Use this ...You can exit setup mode without answering all the questions by pressing <Ctrl> + C. The information you've entered to that point will not be saved. You do not need to retype the command after you ask for help on it. Note: By default... It is context sensitive. COMMAND HELP FACTS Help is available in all router modes. and all interfaces are in shutdown mode until they're enabled.. WORD (in caps) Type a one-word response LINE (in caps) Type a multiple-word response keyword <0-4567> <0-FFFFFF> <cr> A. and repeats the last command you entered after the Help information displays.

. To . As you type. Use . and the Power-on Self-Test (POST) program 22 . Memory Type Characteristics Preprogrammed.<Ctrl> + A <Ctrl> + E <Ctrl> + B Left arrow <Ctrl> + F Right arrow <Esc> + B <Esc> + F terminal editing terminal no editing Move to the beginning of the line Move to the end of the line Go back one character Go forward one character Go back one word Move forward one word Turn advanced editing on Turn advanced editing off When you are in advanced editing mode. smaller-scale version of the operating system (IOS) memory) software. <Ctrl> + A Move cursor to beginning of line <Ctrl> + E Move cursor to the end of line <Ctrl> + Z Quit a configuration mode <Ctrl> + B Move cursor back one character <Esc> + B Move cursor back one word <Esc> + F Move the cursor ahead one word <Ctrl> + P or Up arrow Show the previous command <Ctrl> + N or Down arrow Show the next command terminal history Turn the command history on terminal no history Turn the command history off terminal history size <number> Set the size of the history buffer show history Show all the commands in the history buffer ROUTER MEMORY Be sure you understand the difference between the following types of router storage. the IOS automatically saves the last 10 commands in the command history buffer. . the $ indicator appears after the prompt. commands longer than the command line appear to scroll under the prompt. . COMMAND HISTORY COMMAND LIST By default. non-writable memory containing the bootstrap startup ROM (read-only program. . The command history is specific to the configuration mode you are in. an older.

. use the copy command in privileged EXEC mode. and NVRAM) remain when the router is powered off (however. you must modify the configuration registry and NVRAM during password recovery). and to load different versions of the configuration files from various locations. . To save your configuration changes permanently. You can also use the erase command to delete the configuration files--but be very careful not to erase files you need! 23 . To . The contents of volatile memory (RAM) are lost when the router is powered down. you must specific the location (flash or flash <filename> rom) of the IOS image file as well as the IOS image file name.Non-volatile but persistent memory that contains the backup copy of the volatile RAM) startup configuration (startup-config) file and virtual configuration register Flash The contents of non-volatile memory (such as ROM. Save the contents of the running-config file to Router#copy run start NVRAM Router#copy start run Copy the startup-config file into RAM Save the contents of the running-config file to a TFTP Router#copy run tftp server Save the contents of the startup-config file to a TFTP Router#copy start tftp server Copy a configuration file from the TFTP server into Router#copy tftp start NVRAM Copy a configuration file from the TFTP server into Router#copy tftp run RAM Configure a Cisco router as a TFTP server. Use . . When using Router(config)#tftp-server this command. flash. .Non-volatile but programmable memory containing the proprietary Cisco operating system (IOS) images RAM (random Volatile memory containing the running operating system and current access memory) (unsaved) configuration information NVRAM (non. COPY COMMAND LIST The router can load a configuration file from: • • NVRAM (startup-configuration file by default value 0x2102) TFTP server Changes to the configuration are stored in RAM in the running-config file.

Identify an IOS image file in flash to use at boot. . Router(config)#boot system rom (IOS versions Specify to use the limited IOS 11. . show version configure memory or copy startup-config running-config configure terminal To . Display information about hardware and firmware including the configuration register value Copy configuration information from another source (like NVRAM) Configure information into the RAM of a router IOS BOOT AND UPGRADE LOCATION COMMAND LIST The router can load an IOS image from the following locations: • • • Flash TFTP server ROM (limited version of the IOS software) Use the boot system command in global configuration mode to identify alternate locations for the IOS image. . Delete the contents of Flash memory (deletes the IOS image) Erase the contents of the startup-config file Delete the contents of NVRAM (which also erases startup-config) Restarts the router You can also use the following commands to manage system files: Use . . Use . .Use . . Identify an IOS image file on a TFTP server to use at boot. .0 and above Router#copy flash tftp Router#copy tftp flash Back up (copy) the IOS image from Flash to the TFTP server. Restore the IOS image from backup on the TFTP server to Flash. Router(config)#boot system flash <IOSfilename> Router(config)#boot system tftp <IOSfilename> <tftp_address> To . or replace an IOS image. Use the copy command to archive. . Router#erase flash Router#erase start Router#erase nvram Router#reload To . . . bootflash: (IOS versions 12. . .2 and below) Router(config)#boot system flash version stored in ROM at boot. 24 . upgrade.

However. It tries each location in turn. If one is not found. and RAM and processor information show runningView the currently running configuration file config show startupconfig View the startup configuration file stored in NVRAM (the saved copy or of the configuration file) show config show flash* View the size of the configuration files and the available flash memory View information for all IOS image files stored on the router View the commands in the command history list show history show protocols or show interfaces View the IP addresses assigned to a specific interface or show ip interfaces show protocols or View the status of all interfaces show interfaces *The show flash command is not enabled in the simulations. ROUTER AND INTERFACE IDENTIFICATION COMMAND LIST During initial setup.. it returns to the default load sequence. . . you can configure a host name for your router. Unlike the router itself. You are directing the router where to look for the IOS image on boot-up. . Router(config)#hostname <name> Change the host name of the router Router(config)#int serial 0 Go to interface configuration mode for the first 25 . ROM bootstrap show version version. This is the name that appears in the EXEC prompt.. To . nor are you replacing the default IOS search order. Use . To. the router interfaces do not have specific names that change the prompt. you can add a description to the configuration file that helps you identify the interface. .. Use this command.Note: When you use the boot system command. you are not making backup copies of the IOS image.. SHOW COMMAND LIST (BASIC) The following list summarizes common information you can display using common show commands. until it finds a valid IOS image. running IOS version. View hardware configuration.

The router always uses the enable secret password if it exists. ROUTER PASSWORD FACTS The following table list three of the most common passwords that you can configure on your router: Password Type Console Line Description Controls the ability to log on to the router through a console connection Controls the ability to log on to the router using a virtual terminal (VTY) or Telnet connection Controls the ability to switch to configuration modes. to remove a description from an interface. The enable secret password is stored encrypted in the configuration file.Router(config)#int ser 0 Router(config)#int ser0 Router(config)#int s0 Router(config-if)#description <description text> serial interface. Use the Ethernet (e. use the following command: Router(config-if)#no description Notice that in many cases you can leave off additional parameters when using the no command. There are two different passwords that might be used: • • EXEC mode The enable password is stored in clear text in the configuration file. Set a description for a specific interface Examples The following set of commands sets the hostname of the router to ATL1: Router#config t Router(config)#hostname ATL1 ATL1(config)# The following set of commands adds a description of "ATL to NYC" for the first serial interface on the router: Router(config)#int ser 0 Router(config-if)#description ATL to NYC Note: To undo any configuration change. eth) keywords to switch to Ethernet interface mode. use the same command preceded by the no keyword followed by the command. For example. 26 .

This password <password> password is used if the enable secret is not set. there are other passwords that you cannot set in setup mode.Be aware of the following recommendations for configuring router passwords: • • • • Passwords are case-sensitive. . . even though one is set. You can set the enable. PASSWORD COMMAND LIST Use . Router(config)#line con 0 Router(config)#line vty <0-197> <1-197> Router(configline)#password Router(configline)#login Router(config)#no enable secret Router(config)#no enable password Router(config-line)#no login Router(config-line)#no password Router(config)#service password-encryption Switch to the line configuration mode for the console. Access is allowed based on the following conditions: • no login. Encrypt all passwords. and line passwords in setup mode. For security reasons. Router(config)#enable Set the encrypted password used for privileged mode access. a password will not be required for access. there must be a login entry without a password set. To . However. Access to the router console through a telnet session is controlled by the login and the password entries. Set the line password (for either console or VTY access). you should not use the same password for both your enable and enable secret passwords. Router(config)#enable Set the unencrypted password for privileged mode access. To prevent VTY access. The no login command disables password checking. Switch to the line configuration mode for the virtual terminal. The secret <password> enable secret is always used if it exists. Cisco routers support Terminal Access Controller Access Control System (TACACS) and Remote Authentication Dial-In User Service (RADIUS) to centrally validate users attempting to gain access to the router. no password = access is allowed without a password 27 . enable secret. . Note: If you do not use the login command in line mode. Require the password for line access. Specify one line number or a range of line numbers (line vty 0 4). Remove the password. .

login. The exec banner displays after a successful login. Example The following commands set the MOTD.• • • login. Set the Message-of-the-day (MOTD) banner. . and helps the router identify the beginning and ending of the banner. Use . Set the EXEC banner. Set the incoming banner. The delimiter encloses the banner text. The following four types of banners display at various times during the login or startup sequence. using # as the delimiting character and inserting a hard return between each banner: Router(config)#banner motd # This is the Message-of-the-day banner! # Router(config)#banner login # This is the Login banner! # Router(config)#banner exec # This is the Exec banner! # 28 . password = access is allowed without a password login. Router(config)#banner Router(config)#banner motd Router(config)#banner login Router(config)#banner exec Router(config)#banner incoming Router(config)#no banner <type> To . . Follow the banner command with a delimiting character. The incoming banner displays for a reverse telnet session. no password = access is denied (the error message indicates that a password is required but none is set) no login. . This allows you to construct multiple-line banners. The MOTD banner displays immediately after a connection is made. Set the login banner. and EXEC banners. . Removes the specified banner Note: The banner command without a keyword defaults to set the MOTD banner. password = access is allowed only with correct password BANNER COMMAND LIST Banners display messages that anyone logging into the router can see. The login banner displays after the MOTD banner and before the login prompt.

. A status of.. Enable an interface (remove the shutdown command). Enter configuration mode for an interface. Router(config)#int ser 0 Router(config-if)#ip address 192. Assign an IP address to the interface. .1. 29 .255.168.229 with a mask of 255. Router>sh ip int Router(config)#int eth0 Router(config)#int serial 0 Router(config)#ip address <address> <mask> Router(config)#no shutdown Router#ping <ip address> To .229 255. The interface is shut down (with the shutdown command) Hardware or network connection problem (Physical layer) No carrier detect signal Connection or communication problem (Data Link layer) No keepalives The link is functional up..1. line protocol is down up.255. line protocol is up Even though the interface status shows "up. . Test communication with a specific interface using its IP address. line protocol is down down.0 for the first Serial interface on the router and activates the interface." you might need to perform additional tasks for router-to-router communication to take place (such as assigning an IP address). However. Example The following set of commands configures the IP address 192. The following table summarizes some possible conditions indicated by the interface status. Use .INTERFACE COMMAND LIST Use the following commands to configure interfaces and view interface information. line protocol down Indicates.168.. . The interface status indicates whether Data Link layer communications are enabled.255. administratively down. Note: You can include or omit the space between the interface keyword and the interface number.0 Router(config-if)#no shutdown INTERFACE STATUSES You can use the interface status to troubleshoot connectivity problems and quickly see whether the link between the router and the network is operational. line protocol is up. View the IP configuration of all interfaces. .255. most networking tasks occur at higher layers (Network through Application layers).

Use the following commands to customize and view CDP information. CDP only shares information with directly connected (neighboring) devices. CDP COMMAND LIST The Cisco Discovery Protocol (CDP) is a protocol that Cisco devices use to learn and share information about each other. The DCE interface is configured to provide a clocking signal with the clock rate command. the router must be connected to a device (such as a CSU/DSU or another router) that provides clocking signals. CDP works when there is a valid Data Link layer connection. . It can discover information on LANs. CDP is enabled on all interfaces. If the clock rate command is not issued. • • • • By default. one router interface must be configured to provide the clocking signals for the connection. CDP works regardless of the Network layer and other protocols used. clocking is not provided. . . and other network architectures.BACK-TO-BACK CONFIGURATION FACTS When you configure a router to connect to a network through a serial interface. Frame Relay. The router not providing clocking is known as the DTE (data terminal equipment). such as routers and switches. • • The router providing clocking is known as the DCE (data circuit-terminating equipment). Connect the DCE end of the cable to the interface you want to be the DCE device. The DCE interface is identified in two ways: • • The cable connecting the two routers has both a DCE and a DTE end. Router(config)#cdp holdtime <10-255> Router(config)#cdp timer <5-900> To . and the line between the two routers will not change to up. Specify the amount of time that information in a packet is still valid (default = 180 seconds) Specify how often CDP packets are exchanged (default = 60 seconds) 30 . can discover neighboring Cisco devices through CDP. . Use . When you configure two routers in a back-to-back configuration through their serial ports. Cisco devices.

encapsulation. and CDP exchange interval Show information about all neighboring Cisco devices including: • • • • • • Router#show cdp neighbors Device ID Local interface Holdtime Capability Platform Port ID Shows all information for the show cdp neighbors command and adds: Router#show cdp neighbors detail • • • Network address Enabled protocols Software version Examples The following commands turns on CDP for the router and configures it to send CDP packets every 90 seconds.Enable CDP on the router Disable CDP on a router. to prevent the router from Router(config)#no cdp run exchanging CDP packets Router(config)#cdp run Router(config-if)#cdp enable Router(config-if)#no cdp enable Router#show cdp Turns CDP for an interface on Turns CDP for an interface off View CDP information Show information about neighbors accessed through an interface Router#show cdp interface Show CDP configuration information for the router including the holdtime. Router(config)#int eth 0 Router(config-if)#no cdp enable SWITCH COMPONENTS 31 . Router(config)#cdp run Router(config)#cdp timer 90 The following commands turns off CDP on the router's first Ethernet interface.

If you are familiar with router configuration. SWITCH CONFIGURATION COMMAND LIST Using the switch command line interface is similar to using the router command line interface. Modern switches can also be used to create virtual LANs (VLANs) and perform some tasks previously performed only by routers (Layer 3 switches). Solid green = Full duplex Duplex Off = Half duplex Solid green = 100 Mbps Speed Off = 10 Mbps On a simple LAN. the higher the utilization. The color of the LEDs change to give you information about how the switch is working. Mode Meaning Solid green = Operational Stat Flashing green = Link activity Off = Non-functional All switch port lights act as a meter to indicate overall utilization. Port LEDs mean different things based on the mode selected with the Mode button. you can connect the switch to the network. you will learn how to configure the Catalyst 2950 series switch. The following table lists common switch configuration commands. connect devices. to set the hostname. connect to the switch in one of the following ways: • • • Console connection Telnet session Web management software (connect through the LAN through a Web browser) Note: You must configure an IP address for the switch to manage it through a Telnet or Web session.Switches connect multiple segments or devices and forward packets to only one specific port. The more lights that Util are lit. An important characteristic of a switch is multiple ports. and to save and load configuration files. Task Command Move to privileged mode from user mode switch>enable Move to user mode from privileged mode switch#disable 32 . and it will automatically begin switching traffic to the correct ports. To customize the switch configuration. In this course. Each switch port has a single LED. Use the same options to get help. The switch comes preconfigured to work out-of-the-box without configuration. you will probably be able to guess how to complete many switch configuration tasks. to move between configuration modes. all of which are part of the same network segment.

Move to global configuration mode switch#configure terminal switch(config)#interface switch(config)#interface 0/17 switch(config)#interface switch(config)#interface switch(config)#interface fastethernet0/14 gigabitethernet con 0 vty 0 4 vlan 1 Move to interface configuration mode Leave the current configuration mode.0.cfg switch(config)#enable password cisco switch(config)#enable secret cisco switch(config)#ip default-gateway 1.0.1 switch(config)#hostname ATL switch(config-if)#description IS_VLAN switch(config)#cdp run switch(config-if)#cdp enable switch(config)#cdp holdtime 181 switch(config)#cdp timer 66 switch(config-if)#speed 10 switch(config-if)#speed 100 switch(config-if)#speed auto switch(config-if)#duplex half switch(config-if)#duplex full switch(config-if)#duplex auto SWITCH IP ADDRESS FACTS One task that is different for switches than for routers is configuring the IP address. 33 . or exit the system Exit all configuration modes Show the current switch configuration Show switch information such as software version and hardware components Show interface status and configuration information Save the current switch configuration Load a configuration file from another location Set the enable password (to cisco) Set the secret password (to cisco) Set the default gateway Set the switch hostname Set a description for a port Enable CDP on the switch Enable CDP on a port Set CDP parameters Set the port speed switch(config-if)#exit switch(config)#^Z switch#show running-config switch#show version switch#show interfaces switch#show interfaces fastethernet 0/14 Set the duplex mode switch#copy running-config startup-config switch#copy tftp://1.1.0/my_config. In fact. a switch performs switching functions just fine without an IP address set. and therefore do not need an IP address to function. Keep in mind the following facts about IP addresses configured on switches: • Basic switches operate at Layer 2.1.

VLAN FACTS 34 . and removed by the last. each switch must be able to identify the destination virtual LAN. called frame tagging or frame coloring. Tag formats and specifications can vary from vendor to vendor.255.1q-capable switches to ensure a consistent tagging protocol. One way to identify the VLAN is for the switch to use a filtering table that maps VLANs to MAC addresses.255.254 FRAME TAGGING FACTS Although you can create VLANs with only one switch. Remember the following facts regarding switch frame tagging (or coloring). most networks involve connecting multiple switches.0 switch(config-if)#no shutdown Note: To enable management from a remote network. However. This is a logical interface defined on the switch to allow management functions. The IP address identifies the switch as a host on the network but is not required for switching functions. Tags must be removed before a frame is forwarded to a non-VLAN-capable device. this VLAN is VLAN 1 on the switch. Only VLAN-capable devices understand the frame tag.• • You only need to configure a switch IP address if you want to perform in-band management of the switch from a Telnet or Web session. a function which is not supported on 2950 switches). By default. this solution does not scale well.1. For large networks. switches append a VLAN ID to each frame. you set the address on the management VLAN logical interface. identifies the VLAN of the destination device.1. • • • • • VLAN IDs identify the VLAN of the destination device. Use 802. Cisco's proprietary protocol is called the Inter-Switch Link (ISL) protocol. When designing VLANs. Use the following commands to configure the switch IP address: switch#config terminal switch(config)#interface vlan 1 switch(config-if)#ip address 1. As a frame moves from switch to switch within the switch fabric.1.1. Tags are appended by the first switch in the path. you will also need to configure the default gateway on the switch using the following command (notice that the default gateway is set in global configuration mode): switch(config)#ip default-gateway 1. Each switch port does not have an IP address (unless the switch is performing Layer 3 switching. This process. you might need to stick with one switch vendor. To configure the switch IP address. The area between switches is called the switch fabric. The switch itself has only a single (active) IP address.1 255.

each switch port can be assigned to only one VLAN at a time. Be aware of the following facts about VLANs: • • • • • In the graphic above. workstations in VLAN 1 will not be able to communicate with workstations in VLAN 2. or other criteria rather than physical proximity Using VLANs lets you assign devices on different switch ports to different logical (or virtual) LANs. FastEthernet ports 0/3 and 0/4 are members of VLAN 2. switches come configured with several default VLANs: o VLAN 1 o VLAN 1002 o VLAN 1003 o VLAN 1004 o VLAN 1005 By default. Creating VLANs with switches offers the following administrative benefits. Although each switch can be connected to multiple VLANs. By default. 35 . all ports are members of VLAN 1. FastEthernet ports 0/1 and 0/2 are members of VLAN 1. protocol. In the graphic above. even though they are connected to the same physical switch. The following graphic shows a single-switch VLAN configuration. each of which corresponds to one of the VLANs. Defining VLANs creates additional broadcast domains. The above example has two broadcast domains.A virtual LAN (VLAN) can be defined as: • • Broadcast domains defined by switch port rather than network address A grouping of devices based on service need.

Creating a VLAN might mean you must use only that vendor's switches throughout the network.1q standards if you want to implement VLANs. The following table shows common VLAN configuration commands.• • • • • You can create virtual LANs based on criteria other than physical location (such as workgroup.) switch(config)#vlan 2 switch(config-vlan)#name name** switch(config-if)#switchport Assign ports to the VLAN access vlan number*** switch#show vlan Show a list of VLANs on the system switch#show vlan id number Show information for a specific VLAN 36 . and then assign ports to that VLAN. • • • Switches are easier to administer than routers Switches are less expensive than routers Switches offer higher performance (introduce less latency) A disadvantage of using switches to create VLANs is that you might be tied to a specific vendor. routers are still needed to: • • • Filter WAN traffic Route traffic between separate networks Route packets between VLANs VLAN COMMAND LIST To configure a simple VLAN. protocol. be sure each switch supports the 802. When using multiple vendors in a switched network. first create the VLAN. Task Command(s) switch#vlan database* switch(vlan)#vlan 2 name Define a VLAN (You can create VLANs in either name** vlan database mode or by using the vlan command switch(vlan)#exit OR apply in global configuration mode. or service) You can simplify device moves (devices are moved to new VLANs by modifying the port assignment) You can control broadcast traffic and create collision domains based on logical criteria You can control security (isolate traffic within a VLAN) You can load-balance network traffic (divide traffic logically rather than physically) Creating VLANs with switches offers the following benefits over using routers to create distinct networks. Details of how VLANs are created and identified can vary from vendor to vendor. Despite advances in switch technology.

identifies port 0/12 as having only workstations attached to it. 37 . Example The following commands create VLAN 12 named IS_VLAN. This means that the two workstations connected to the same switch cannot communicate with each other. each switch has two VLANs. it will be created automatically when you assign the port to the VLAN.*Notice that the vlan database command is issued in privileged EXEC mode. Trunking is important when you configure VLANs that span multiple switches as shown in the diagram. Trunk ports are automatically members of all VLANs defined on the switch. Communications within the VLAN must pass through the trunk link to the other switch. **Giving the VLAN a name is optional. Be aware of the following facts regarding trunking and VLANs: • • • • • In the above graphic. ***If you have not yet defined the VLAN. switch#config t switch(config)#vlan 12 switch(config-vlan)#name IS_VLAN switch(config-vlan)#interface fast 0/12 switch(config-if)#switchport access vlan 12 TRUNKING Trunking is a term used to describe connecting two switches together. Workstations in VLAN 1 can only communicate with workstations in VLAN 1. Gigabit Ethernet ports are used for trunk ports. and assigns the port to VLAN 12. One port on each switch has been assigned to each VLAN. Trunk ports identify which ports are connected to other switches. Typically.

Command Switch(configif)#switchport mode trunk Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport trunk encapsulation isl Function • Enables trunking on the interface. If a switch is connected. TRUNKING COMMAND LIST The following table lists important commands for configuring and monitoring trunking on a switch. Switches use the Dynamic Trunking Protocol (DTP) to detect and configure trunk ports. • • • The port will not use DTP on the interface. For example. Enables dynamic trunking configuration.When trunking is used. frames that are sent over a trunk port are tagged with the VLAN ID number so that the receiving switch knows to which VLAN the frame belongs. The switch uses DTP to configure trunking. Sets the trunking protocol to use 2950 switches only support 802. Catalyst 2950 switches do not support ISL. (ISL) ISL tags each frame with the VLAN ID. 802. Cisco supports two trunking protocols that are used for tagging frames.1Q for 2950 Switch(configif)#switchport mode dynamic auto Switch(configif)#switchport mode dynamic desirable • • • • 38 .1Q With 802. when you connect two switches together. Cisco switches have the ability to automatically detect ports that are trunk ports.1Q and therefore you will not use this command on 2950 switches Enables automatic trunking discovery and configuration. Inter-Switch Link ISL can only be used between Cisco devices.1Q trunking. and to negotiate the trunking protocol used between devices. Frames from all other VLANs are tagged. An IEEE standard for trunking and therefore supported by a wide range of devices. it will attempt to use the desired trunking protocol (802. frames from the default VLAN 1 are not tagged. they will automatically recognize each other and select the trunking protocol to use. Trunking Protocol Characteristics A Cisco-proprietary trunking protocol.

you cannot modify the VLAN configuration from a switch in client mode. the switch must be in either server or transparent mode. Switch(configif)#switchport mode access You must disable trunking before you can assign a port to a VLAN. but the changes apply only to the local switch (changes are not sent to other devices). A switch in client mode receives changes from a VTP server and passes VTP Client information to other switches. By default. • • • If a switch is not connected. Keep in mind the following facts about VTP: • • • • • To make VLAN changes on a switch. Mode Characteristics A switch in server mode is used to modify the VLAN configuration. With the VTP. A switch in transparent mode does not receive VTP configuration information from other switches. Use the show vtp status command to view the current vtp mode of the switch. 39 .switches). switches are placed in one of the following three configuration modes. the switch is in client mode. it will communicate as a normal port. Disables trunking configuration on the port. If you cannot modify the VLAN configuration. Server Configuration information is then broadcast to other VTP devices. However. Use the vtp mode command to configure the VTP mode of the switch. You can modify VLAN configuration information from a switch in transparent mode. switches are configured in server mode. Shows interface trunking information with the following: • • • • Switch#show interface trunk Switch#show interface fa0/1 trunk Mode Encapsulation Trunking status VLAN assignments VTP FACTS The VLAN Trunking Protocol (VTP) simplifies VLAN configuration on a multi-switch network by propagating configuration changes to other switches. It passes VTP information to other switches as it receives the Transparent information.

The spanning tree algorithm provides the following benefits: • • • • • Eliminates bridging loops Provides redundant paths between devices Enables dynamic role configuration Recovers automatically from a topology change or device failure Identifies the optimal path between any two network devices The spanning tree algorithm automatically discovers the network topology. or spanning tree protocol (STP). To prevent bridging loops. To prevent bridging loops. providing redundant paths between segments causes packets to be passed between the redundant paths endlessly. the IEEE 802. Backup bridges listen to Backup network traffic and build the bridge database. With this protocol. All redundant devices are classified as backup bridges. Only the designated bridge can forward packets. and creates a single. It should be assigned by the network administrator. This condition is known as a bridging loop.SPANNING TREE FACTS To provide for fault tolerance. A backup bridge can take over if the root bridge or a designated bridge fails. When selecting the root bridge. These messages are used to select routes and reconfigure the roles of other bridges if necessary. select the bridge that is closest to the physical center of the network. they will not forward Bridge packets. A designated bridge is any other device that participates in forwarding packets Designated through the network. There is only one root bridge Root Bridge per network.1d committee defined a standard called the spanning tree algorithm (STA). one bridge (or switch) for each route is assigned as the designated bridge. They are selected automatically by exchanging bridge Bridge configuration packets. However. and whether the device forwards traffic to other segments. there is only one designated bridge per segment. 40 . The bridge role determines how the device functions in relation to other devices. many networks implement redundant paths between devices using multiple switches. optimum path through a network by assigning one of the following roles to each bridge or switch. However. Role Characteristics The root bridge is the master or controlling bridge. Redundant bridges (and switches) are assigned as backups. The root bridge periodically broadcasts configuration messages.

BPDUs sent and received from other bridges are used to determine the bridge roles. all other bridges go to the listening state for a period of time. A port in the forwarding state can both learn and forward. switches periodically send BPDUs to ensure connectivity and discover topology changes. The port goes to the forwarding state after the timer expires. switches send BPDUs (Bridge Protocol Data Units) out each port. As the switch participates in the configuration process. it is in the blocking state. The root bridge and designated bridges are in the forwarding state when they can Forwarding receive and forward packets. A timer is also associated with this state. In addition.Devices send special packets called Bridge Protocol Data Units (BPDUs) out each port. The port remains in listening state for a specific period of time. Switches use information in the BPDUs to elect a root bridge. but will not process any other packets. and while it operates. This time period allows Listening network traffic to settle down after a change has occurred. Switches on redundant paths are configured as either designated (active) or backup (inactive) switches. 4. A port in the learning state is receiving packets and building the bridge database Learning (associating MAC addresses with ports). 41 . When a device is first powered on. The bridge receives packets and BPDUs sent to all bridges. The port state determines whether the port receives and forwards normal network messages. The listening state is a transitionary state between blocking and learning. backup Blocking bridges are always in a blocking state. For example. each VLAN runs a separate instance of the spanning tree protocol. At startup. and recover from network topology changes. 2. A bridge must be manually placed in the disabled state. Note: When you use spanning tree on a switch with multiple VLANs. Port State Description A device in the disabled state is powered on but does not participate in listening to Disabled network messages or forwarding them. 3. During this time the bridges redefine their roles. After configuration. each of its ports is placed into one of five states. verify that neighbor devices are still functioning. if a bridge goes down. Devices participating in the spanning tree algorithm use the following process to configure themselves: 1.

Like bridges. To determine if the VLAN is functioning properly. Command Switch(config)#no spanning-tree vlan number Switch(config)#spanning-tree vlan number root primary Function Disables spanning tree on the selected VLAN. Use the following commands to customize the spanning tree protocol. Switch#show spanning-tree Example The following commands disable spanning tree for VLAN 12 and force the switch to be the root of the spanning tree for VLAN 1. the spanning tree protocol is enabled on all Cisco switches. Forces the switch to be the root of the spanning tree. Switch(config)#no spanning-tree vlan 12 Switch(config)#spanning-tree vlan 1 root primary 42 . As you know. switches can run the spanning tree algorithm to prevent such loops from forming. Show spanning tree configuration information. verify that the first line of the output is: VLAN1 is executing the IEEE compatible spanning tree protocol.SPANNING TREE COMMAND LIST You can configure multiple paths with switches to provide fault-tolerance. Switch port configuration is automatic when the switch is connected to the network and powered on. By default. having multiple paths means that the network is susceptible to data transmission (bridging) loops.

Use EtherChannel to establish automatic-redundant paths between switches.ETHERCHANNEL FACTS EtherChannel combines multiple switch ports into a single. Use EtherChannel to reduce spanning tree convergence times. If one link fails. Use EtherChannel to increase the bandwidth between switches. Note: If you do not use the channel-group command. communication will still occur over the other links in the group. With EtherChannel: • • • • • You can combine 2-8 ports into a single link. All ports assigned to the same channel group will be viewed as a single logical link. All links in the channel group are used for communication between the switches. logical link between two switches. Use the channel-group command for a port to enable EtherChannel as follows: Switch(config)#interface fast 0/12 Switch(config-if)#channel-group 1 mode on Each channel group has its own number. 43 . the spanning tree algorithm will identify each link as a redundant path to the other bridge and will put one of the ports in blocking state.

The following commands list the switch port configuration commands: Command switch(configif)#switchport mode access switch(configif)#switchport portsecurity switch(configif)#switchport portsecurity mac-address h.h is a hexadecimal number).h. Under normal operations. Enable switch port security. take the following general actions on the port: • • • Explicitly configure the port as an access port (a port with attached hosts. Use this command to increase the number allowed. Enables port security. When a device is connected to the switch port. Identify the MAC addresses that can use the switch. you configure the switch to allow only specific devices to use a given port. The default allows only a single if)#switchport portsecurity maximum number MAC address per port. the switch learns the MAC address of the device(s) connected to each of its ports. Under normal circumstances. the MAC address of the frame from the connected device is place in a forwarding table. With switch port security.PORT SECURITY FACTS The basic function of a switch is to pass packets from one host to another.h Function Identifies the port as an access port. To configure port security. Configures the maximum number of MAC addresses that switch(configcan be allowed for a port. 44 . there are no restrictions on the devices that can be attached to a switch port. You identify the MAC address of allowed devices.h. Any devices not explicitly identified will not be allowed to send frames through the switch. not with an attached switch). Identifies the allowed MAC address (h.

a Catalyst 2950 switch comes configured as follows: • • All ports are enabled (no shutdown).02af to use Fast Ethernet port 0/12: switch(config)#interface fast 0/12 switch(config-if)#switchport mode access switch(config-if)#switchport port-security switch(config-if)#switchport port-security mac-address 5ab9.switch(configif)#switchport portsecurity mac-address sticky Configures the switch to dynamically identify the allowed MAC address. The address in the first frame received by the switch port is the allowed MAC address for the port.02af The following commands configures Fast Ethernet port 0/15 to accept the first MAC address it receives as the allowed MAC address for the port: switch(config)#interface fast 0/15 switch(config-if)#switchport mode access switch(config-if)#switchport port-security switch(config-if)#switchport port-security mac-address sticky DEFAULT SWITCH CONFIGURATION By default. All ports will automatically detect the duplex mode. Action keywords are: • • switch(config-if)#switchport port-security violation action protect drops the frames from the unauthorized device restrict does the same as protect and also generates an SNMP trap shutdown disables the port • switch#show portsecurity interface interfacetype and number Examples Shows port security information for the specified port. Identifies the action the switch will take when an unauthorized device attempts to use the port.0012.0012. 45 . The following commands configure switch port security to allow only host 5ab9. Note: The Catalyst switch can sticky learn a maximum of 132 MAC addresses.

• • • • • • • •

All ports will automatically detect the port speed. All ports will perform automatic trunking negotiation. The switch uses fragment-free switching. Spanning tree is enabled. VTP mode is set to transparent. All ports are members of VLAN 1. Default VLANs of 1, 1002, 1003, 1004, and 1005 exist. 802.1Q trunking is used (2950 switches only support 802.1Q trunking).

Inter-VLAN Routing In a typical configuration with multiple VLANs and a single or multiple switches, workstations in one VLAN will not be able to communicate with workstations in other VLANs. To enable inter-VLAN communication, you will need to use a router (or a Layer 3 switch) as shown in the following graphic.

Be aware of the following conditions with inter-VLAN routing:
• •

• •

The top example uses two physical interfaces on the router. The bottom example uses a single physical interface on the router. In this configuration, the physical interface is divided into two logical interfaces called subinterfaces. This configuration is also called a router on a stick. In each case, the router interfaces are connected to switch trunk ports. The router interfaces or subinterfaces must be running a trunking protocol (either ISL or 802.1Q). Each interface or subinterface requires an IP address.

46

Classless Interdomain Routing (CIDR) You can think of the Internet as one big network. As such, each device on the network needs its own unique IP address. In the early days of the Internet, every device would receive a registered IP address. As the Internet grew, however, it became apparent that the number of hosts would quickly exceed the number of possible IP addresses. One solution to the problem is Classless Interdomain Routing (CIDR). Classfull addresses are IP addresses that use the default subnet mask. They are classfull because the default subnet mask is used to identify the network and host portions of the address. Classless addresses are those that use a custom mask value to separate network and host portions of the IP address. CIDR allows for variable length subnet masking (VLSM) and enables the following features:

Subnetting, dividing a network address into multiple smaller subnets. For example, this allows a single Class B or Class C addresses to be divided and used by multiple organizations. Supernetting, combining multiple network addresses into a single larger subnet. For example, this allows multiple Class C addresses to be combined into a single network. Route aggregation (also called route summarization), where multiple routes are combined in a routing table as a single route.

CIDR routers use the following information to identify networks.
• •

The beginning network address in the range The number of bits used in the subnet mask

For example, the routing table represents the address as 199.70.0.0/21, where 21 is the number of bits in the custom subnet mask. In addition to CIDR, the following other solutions were put into place to make efficient use of available IP addresses:
• •

IP version 6. IPv6 uses 128-bit addresses instead of the 32-bit addresses used with IPv4. IPv6 is not yet used on the Internet. Private addressing with address translation. With private addressing, hosts are assigned an unregistered address in a predefined range. All hosts on the private network use a single registered IP address to connect to the Internet. A special router (called a network address translation or NAT router) translates the multiple private addresses into the single registered IP address.

47

Subnetting Operations Use the following chart to identify the solutions to common subnetting tasks. Scenario Solution 2^n-2 Begin by converting the subnet mask to a binary number. Then use the formula to find the number of subnets and hosts. To find the number of valid subnets, n = the number of additional bits borrowed from the default mask. To find the number of valid hosts, n = the number of unmasked bits by the custom mask. 2^n-2 Write out the default subnet mask in binary. Then borrow bits and use the formula to find the number that gives you enough subnets and hosts. Magic number The magic number is the decimal value of the last one bit in the subnet mask. The magic number identifies:
• •

Given a network address and subnet mask, how many subnets can you have and how many hosts per subnet?

Given a network address and customer requirements, what subnet mask should you use?

Given a network address and a subnet mask, identify the valid subnet addresses.

The first valid subnet address

The increment value to find additional subnet addresses Trust the line Use the following process to find the information you need: Given an IP address and subnet mask, find the:
• • •

Subnet address Broadcast address Valid host address range

1. Identify the subnet and host portions of the mask, draw a line 2. To find the subnet address, set all host bits to 0 3. To find the broadcast address, set all host bits to 1 4. The valid host range is: o First address = Subnet address + 1
o

Last address = Broadcast address - 1

48

10.0 secondary 49 .2 255.e.Assigning IP Addresses With Cisco routers. or hexadecimal. Calculate the subnet mask that will subdivide your network. 5. To do this. or plan on using DHCP to dynamically assign IP addresses.10. Hexadecimal Eight hexadecimal numbers (each number ranges from 0 to F).255. The bit count is typically found in routing tables. Identify the number of hosts for each subnet. Assign IP addresses to hosts. use the secondary parameter with the ip address command as follows: ip address 10. 2. Each network segment will require its own network (subnet) address. Bit count The bit count is a number that follows the IP address and indicates the total number of masked bits. This is the most common form used and recognized by network administrators. Be sure to include an IP address for each router interface.255. you have the following three choices for viewing the subnet mask. You can also assign multiple IP addresses to a single interface. Identify the number of network addresses. In addition.0. When setting up a network for IP. 4. In privileged EXEC mode. use the following command: terminal ip netmask-format <format keyword> Format keywords are bit-count. decimal. Method Dotted decimal Description Four octets with set incremental values between 0 and 255. and assign them to network segments. 3. Identify the valid subnet addresses. Identify valid IP addresses on each subnet (i. you will have to make various decisions about the addresses used on the network.0 /24 (identifies 24 bits in the mask) 0xFFFFFF00 (the 0x indicates a hexadecimal number follows) You can modify how the router displays the subnet mask. each WAN connection must have its own network address (typically assigned by the WAN service provider).0. 1. Use the following process to identify and assign IP addresses throughout your network. You will need one IP address for each device. Example 255. the host address range).

Managing Host Names Host names allow you to identify network devices using logical names instead of IP addresses. More commonly. Protocol Address Resolution Protocol (ARP) Reverse Address Resolution Protocol (RARP) Bootstrap Protocol (BootP) Dynamic Host Configuration Protocol (DHCP) Description Used by hosts to discover the MAC address of a computer from its IP address. Used by a host to discover the IP address of a computer from its MAC address. the DHCP server automatically assigns an IP address from a preset range of possible addresses. A DHCP server can use a static list to assign a specific IP address to a specific host. Used by a host (such as a diskless workstation) to query a bootstrap computer and receive an IP address assignment. Use the following commands to configure static host names or enable DNS on a router. Address Resolution Protocols You should know the following protocols that perform address resolution. Command ip host <name> <address> ip domain-name <name> ip name-server <address> ip domain-lookup Function Identifies hostnames. however. An improvement on BootP. A BootP server has a static list of MAC addresses and their corresponding IP addresses. creating static DNS entries Identifies the router default domain (for DNS) Sets the default DNS name server Enables the router to use DNS to identify IP addresses from host names Use the show hosts command to display a list of known IP hosts. DHCP is used to dynamically assign IP address and other TCP/IP configuration parameters. 50 .

it's important to understand the following terminology. Private addresses are translated to the public address of the NAT router. Term Inside Definition The inside network is the private network. The outside network is the public network (the Internet). The outside global address is an IP address of an Internet host. The term global refers to the registered IP address that identifies the inside host on the Internet. when you visit a Web site. The inside global address is the IP address of the host after it has been translated for use on the Internet. A router interface that connects to the private network is also called the inside interface. The inside local address is the IP address of the host on the inside network. As you work with NAT. or to provide Internet connectivity with a limited number of registered IP addresses. For example. NAT can be used to provide a measure of security for your private network.NAT Facts Network Address Translation (NAT) allows you to connect a private network to the Internet without obtaining registered addresses for every host. A router interface that connects to the public network is also called the outside interface. your computer will use the global outside address to contact Outside Inside local address Inside global address Outside global 51 .

The port number is appended to the inside global IP address.255 192. you manually map an inside local address to an inside global address.255 NAT Command List Method Configuration Process Configure static mappings (mapping inside local addresses to outside local addresses) Identify inside and outside interfaces Command Examples Router(config)#ip nat inside source static 192.0. Otherwise.168. Private IP addresses do not need to be registered.0 to 192. In other words. In other words. the NAT router translates an Internet host IP address into a private IP address. Dynamic NAT is just like static NAT.255.168. except that the address mappings are done automatically. An outside local address is an outside global address that has been translated for inside (or private) use.255 172. and fall within the following ranges: • • • 10. Port numbers are used to identify specific inside local hosts.255.0 to 172. each inside host IP address is manually associated with a registered IP address. A Cisco router can be configured to overcome this problem.1 203.0 to 10. the internal computer will use the translated address instead. Dynamic NAT Overload with Port Address Translation (PAT) Note: When you configure NAT.1.44.1 Router(config)#interface ethernet0 Router(config-if)#ip nat inside Router(config-if)#interface serial0 Router(config-if)#ip nat outside Static NAT 52 .255. The NAT router has a pool of inside global IP addresses that it uses to map to inside local addresses. hosts on your network might not be able to access outside hosts with the same IP address.16. Overloading is the process of assigning multiple inside local addresses to a single inside global address. but the configuration is difficult.0.0.55.0. be sure to use an IP address in the private IP address ranges for the inside local IP addresses.address Outside local address the Web server.168.255. Instead of using the Web server address. you have the following options on a Cisco router. When you configure NAT.31. Implementation Static NAT Characteristics With static NAT.

168.1.255 Router(config)#ip nat inside source list 1 pool mary Router(config)#interface ethernet0 Router(config-if)#ip nat inside Router(config-if)#interface serial0 Router(config-if)#ip nat outside Router(config)#access-list 1 permit 192. intermediate. You will learn about access lists in Module 7.255 Dynamic NAT Overloaded with PAT Identify allowed translated inside local addresses** Associate the allowed list Router(config)#ip nat inside with the inside interface and source list 1 interface ethernet0 identify the translation type overload as overloaded Router(config)#interface ethernet0 Router(config-if)#ip nat inside Identify inside and outside Router(config-if)#interface interfaces serial0 Router(config-if)#ip nat outside **These examples use access lists to identify a range of inside addresses that will be translated.1 203.44.0. Note: When you use the overloaded method. and destination devices Reports Success (destination responded) or failure (no response) Round trip time to destination IP address of each hop to destination Host name of each hop (if configured) Round trip time to destination and each 53 . and destination devices traceroute Uses ICMP echo The physical path to the packets and TTL destination Operates at the Network Network layer layer configuration of source.250 Router(config)#access-list 1 permit 192.168.1 0. IP Troubleshooting Tools Three tools you can use to help troubleshoot are ping.44.255.0.55. intermediary.1. and Telnet.255.Define an inside global address pool Identify allowed translated inside local addresses** Associate the allowed list with the pool Identify inside and outside interfaces Router(config)#ip nat pool mary 203.254 netmask 255. the outside global address that is used is the IP address of the outside router interface. traceroute.0. Tool Description Tests Uses ICMP echo The physical path to the packets destination Operates at the Network Network layer ping layer configuration of source.0.55.1 0.

lower-layer protocols) intermediate. the first test pings the destination using a TTL of 1. you can test non-IP protocols. Traceroute sends successive ICMP messages to a destination with increasing TTL values. With extended ping.telnet Uses upper-layer The physical path to the protocols destination Operates above the Network layer Network layer (relies on configuration of source. you can test non-IP protocols (such as AppleTalk or Novell IPX). • An exclamation mark indicates a successful ping. • ping • • • traceroute Extended ping lets you modify the number of tests. • Ping includes an extended mode (available only in privileged EXEC mode). the third router in the path responds with the time exceeded message. not in the Telnet 54 • telnet • • • . the ping command performs five tests to the destination. It waits three seconds for a response. the timeout. o A destination unreachable message indicates that the router in the path does not have a route to the destination network or device. By default. if the TTL is set to 3. and the protocol. then X. o An asterisk ( * ) indicates that the timer has expired without a response. For example. To suspend a Telnet session. For example. the timeout. traceroute sends three ping tests for each TTL value. Responses to each test within the traceroute command are as follows: o A time exceeded message indicates that a router has received the packet but the TTL has expired. debug information shows only on the console. and destination devices Upper-layer configuration of source and destination devices intermediary device Success (destination responded) or failure (no response) No report generated. press Ctrl + Shift + 6. Traceroute includes an extended version that lets you modify the number of packets sent. use the resume command. With extended traceroute. A period indicates a failure. Utility Considerations • By default. The following table describes special conventions that you should be aware of when working with these utilities. By default. and even the protocol tested. the second pings with a TTL of 2. An open connection indicates a valid connection. It waits 2 seconds for a response from the target router. and so on. To resume a Telnet session.

The source quench message is sent by a receiving device to indicate that the Source quench flow of packets is too fast. but simply announce their availability. ICMP Messages The Internet Control Message Protocol is a special-purpose message mechanism added to the TCP/IP suite that lets computers and routers in an internetwork report errors or provide information about unexpected circumstances. contains no procedures that help to monitor successful packet delivery or test connectivity. subnet mask. and to verify Echo that they are reachable. The time exceeded message is sent when the packet's time-to-live (TTL) Time exceeded counter has expired. The redirect message Redirect can be sent if a better route is in the router's table. ICMP messages include the following types: Message Characteristics The ICMP echo message is used to discover hosts and networks. IP Troubleshooting Tips One important step in troubleshooting network communications is to verify the IP address. When a sending device receives a source quench message. Use the terminal monitor command to show debug information in a Telnet session. Hosts use ICMP to send error messages to other hosts. Keep in mind the following as you troubleshoot IP: • All computers must be assigned a unique IP address. Routers respond to the message indicating discovery their presence. 55 . The redirect message is sent from a router to the sending device to indicate that a different route should be chosen for the packet. or unreachable that there were problems detected in the packet header. The destination unreachable message is sent if a packet cannot reach its Destination destination for a variety of reasons. It might indicate the host is unavailable. The router discovery message is a special broadcast message sent by hosts to Router discover the routers on a network. and default gateway settings of each host. it slows its rate of transmission. Remember that IP is a connectionless protocol and as such.session window. or if the selected route is unavailable or congested. They do not exchange routing information. The ping utility is a popular utility that uses ICMP echo messages.

networks. default gateway setting delivered All hosts can communicate Traceroute on the host by the DHCP server. traceroute network. but times out with only a cannot communicate with any single entry. Solution Because the problem exists with only one host. The routing table on the router shows only Verify the routing configuration of directly-connected the default gateway router. destination network. Configure the default gateway value to enable internetwork communication. You do not need to configure an IP address on a switch for frames to be switched through the switch. within the same network. configure an IP address on the switch. The subnet mask value for all computers on the same physical network must be the same. Listed below are several common symptoms and things to try to correct communication problems. or The routing table on the configure the gateway of last resort router does not show the (default route) on the router. Add a route to the routing table. but can't communicate fails. Problem A single host cannot communicate with any other host. ping to hosts on other networks with all hosts on the same Verify the default gateway setting network. with any host on any other Traceroute on the host network. or the gateway of last resort is not set. Ping to hosts on the same network succeed. The default gateway address must be on the same subnet as the host's IP address. troubleshoot the configuration of the host with the problem. of the host with the problem. times out with only a single entry. with only a single entry. To ping to and from a switch or to remotely manage the switch. All hosts cannot communicate Ping to the remote with hosts on a specific outside network fails. Symptoms Ping to any other host fails. Ping to hosts on the same A single host can communicate network succeed. Communication with on the host times out other networks is fine. 56 . host outside of the local network.• • • • • Hosts on the same physical network should have IP addresses in the same address range. verify the fails. ping to hosts on other networks If DHCP is used to assign IP information to hosts. The routing table has a Troubleshoot other routers in the route to the destination path to the destination network.

. each interface can only have one incoming and one outgoing list.Use traceroute to identify the last network. You should know the following characteristics of an access list. UDP.) Source hostname or host IP address 57 . Traceroute on responding router and begin the router times out. When you create an access list. Access list entries can describe a specific traffic type.. Source hostname or host IP address Source IP protocol (i. Use a standard list to filter on. it identifies whether the list restricts incoming or outgoing traffic. IP. it must have at least one permit statement.. There are two general types of access lists: basic and extended. Troubleshoot the configuration of Communication with other the remote host. remote hosts in the same remote The routing table shows a route to the destination network is fine. Each access list applies only to a specific protocol. When an access list is applied to an interface.. • • • • • • • • • • • Access lists describe the traffic type that will be controlled. etc. or allow or restrict all traffic. one for incoming traffic and one for outgoing traffic. However. network (or the gateway of last resort is used). but filter traffic only for the interfaces to which they have been applied. For a list to allow any traffic. Use an extended list to filter on. Access List Facts Routers use access lists to control incoming or outgoing traffic. troubleshooting there. Each router interface can have up to two access lists for each protocol. When created.e. it automatically contains a "deny any" statement. an access list contains an implicit "deny all" entry at the end of the access list. Access lists exist globally on the router. Access lists can be used to log traffic that matches the list statements. although this statement does not appear in the list itself. Each access list can be applied to more than one interface. TCP. Ping to the remote host fails. either permitting a specific traffic type or permitting all traffic not specifically restricted. Access list entries identify either permitted or denied traffic. Access list entries describe the traffic characteristics. Traceroute to the All hosts cannot communicate remote host indicates no with a specific remote host. response from the host.

0 Router(config)#access-list 101 permit ip any any Router(config)#int s1 Router(config-if)#ip access-group 101 in The following commands create an extended IP access list that does not forward TCP packets from any host on network 10.0 15. The following commands create an extended IP access list that rejects packets from host 10.1.0. Router(config)#access-list 2 permit 10.1. .0 to network 11.0.0. When created. Create an access list entry. and applies the list to the Serial0 interface.0 0.1 0. and applies the list to the first serial interface. Examples The following commands create a standard IP access list that permits all outgoing traffic except the traffic from network 10.1 0.0. and applies the list to the Ethernet0 interface. 58 .0.16 Router(config)#int s0 Router(config-if)#ip access-group 2 in Note: Remember that each access list contains an explicit deny any entry. .255.255 Router(config)#access-list 1 permit any Router(config)#int e0 Router(config-if)#ip access-group 1 out The following commands create a standard IP access list that rejects all traffic except traffic from host 10. .12. Create the list and list entries with the access-list command 2.0. Router(config)#access-list 1 deny 10.1.0. Router(config)#access-list <number> Router(config-if)#ip accessgroup <number> To . and applies the list to the second serial interface.0.1. Use the following number ranges to define the access list: 1-99 = Standard IP access lists 100-199 = Extended IP access lists Apply the standard or extended IP access list to a specific interface.0.0.1.1 sent to host 15.16.0.255.0. .12.Source or destination socket number Destination hostname or host IP address Precedence or TOS values IP Access List Command List Configuring access lists involves two general steps: 1. the access list denies all traffic except traffic explicitly permitted by permit statements in the list. Router(config)#access-list 101 deny ip 10. Apply the list to a specific interface with the ip access-group command Use .1.1.12.12.1.0.1.12.

00000000 00000000. The router uses the wildcard mask to compare the bits in the address to the bits in the subnet address.00000000.248. A bit with a 1 value means that the bit does not have to match. Suppose an access list were created with a statement as follows: access-list 12 deny 10.7. When used to identify network addresses in access list statements.7.255.0 2. Address Type Decimal Values Binary Values Subnet address 10.15 was received.255 00001010. Address Type Decimal Values Binary Values 59 .00010000. To find the wildcard mask: 1. A mask that covers 21 bits converts to 255. suppose you wanted to allow all traffic on network 10.00001100.255. 2.255 Suppose that a packet addressed to 10. and wildcard mask in binary form for the preceding example. Any bit in the wildcard mask with a 0 value means that the bit must match to match the access list statement.255.12. To calculate the wildcard mask: 1.248 = 7 o Fourth octet: 255 .7.0 0.16. let's examine the subnet address.11111111.11111111 Notice how the bits in the wildcard mask are exactly opposite of the bits in the subnet mask. For example. Identify the decimal value of the subnet mask.0 0.16.0.16.00000000 11111111.11111000.0.00000111.0 Subnet mask 255.12.255 11.0.0.0 = 255 This gives you the mask of: 0.0 0. wildcard masks are the exact opposite of a subnet mask. For example.0. wildcard masks operate at the bit level. The wildcard mask would be: o First octet: 255 .12.12.255.Router(config)#access-list 111 deny tcp 10. subnet mask.255 = 0 o Second octet: 255 .255 = 0 o Third octet: 255 .255 Like subnet masks.0. Subtract each octet in the subnet mask from 255.0 Wildcard mask 0.248.16.0/21.0.255 Router(config)#access-list 111 permit ip any any Router(config)#int s0 Router(config-if)#ip access-group 111 in Calculating Wildcard Masks The wildcard mask is used with access list statements to identify a range of IP addresses (such as all addresses on a specific network).255.12.

Address Type Subnet address Decimal Values 10. This means that an interface can have either a standard inbound or an extended inbound IP access list.0.15 was received.00000000.7.00001100. 10.11111111 00001010.12. Designing Access Lists After you have created an access list.0.00001100.12.00000111. The router uses the wildcard mask to compare the bits in the address to the bits in the subnet address.iiiiiiii Notice that this address does not match the access list statement as identified with the wildcard mask.7. Keep in mind the following: • Each interface can only have one inbound and one outbound access list for each protocol.00010000.00001100.mmmmmiii.00010000. this means you will need to decide which router.Subnet address 10.mmmmmiii. Now suppose that a packet addressed to 10. but not both.00001101.00000000.255 Target address #1 10.17. traffic would be permitted.00001111 mmmmmmmm.00010001.13.16. with port.15 How the router applies the mask to the address m=match i=ignored x=doesn't match 00001010.mmmmmmmx.255 Target address #1 10.00010000.00000000 00000000.15 How the router applies the mask to the address • • • m=match i=ignored x=doesn't match mmmmmmmm. all bits identified with a 0 in the wildcard mask must match between the address and the network address.00000111. you must apply it to an interface.16. In this case.17.12.00001111 Wildcard mask 0.mmmmmmmm. 60 .16.16.11111111 00001010.iiiiiiii In this example.0 Wildcard mask 0.15 matches the access list statement and the traffic is denied.00000000 00000000.13. In many cases. In this example. and which direction to apply the access list to.12.0 Binary Values 00001010. Any bit identified with a 1 is ignored.

you can have one outbound IP access list and one outbound IPX access list. When making placement decisions. This is because standard access lists can only filter on source address. apply extended access lists as close to the source router as possible. Monitoring Access Lists The following list summarizes the commands to use for viewing specific access list information on the router. as well as the direction that traffic will be traveling.• • • • • • • You can have two access lists for the same direction applied to an interface if the lists restrict different networking protocols. Use.. As a general rule. Access lists applied to outbound traffic filter packets after the routing decision is made. Access lists applied to inbound traffic filter packets before the routing decision is made. place the most restrictive statements at the top. This keeps the packets from being sent throughout the rest of the network. Traffic is matched to access list statements in the order they appear in the list. If you want to view. Place the access list on the interface where a single list will block (or allow) all necessary traffic. carefully read all access lists statements and requirements. subsequent statements will not be applied to the traffic. If traffic matches a statement high in the list. apply standard access lists as close to the destination router as possible. All access lists that exist on the show run show access-lists router All access lists applied to an interface Rejected traffic information IP access lists configured on the router A specific access list show ip int show run show log show run show ip access-lists show access-lists <number> 61 . When constructing access lists. Identify blocked and allowed traffic. For example. Each access list has an implicit deny any statement at the end of the access list. Placing the list too close to the source will prevent any traffic from the source from getting to any other parts of the network. Your access list must contain at least one allow statement. or no traffic will be allowed.. As a general rule...

In addition. Routers are used within an AS to segment (subnet) the network. a routing loop occurs when two routers share different information. Routers use a routing protocol to dynamically discover routes. and make decisions about how to send packets through the internetwork. they are susceptible to a condition known as a routing loop (also called a count-toinfinity condition). • • • Interior Gateway Protocol (IGP)--protocol that routes traffic within the AS Exterior Gateway Protocol (EGP)--protocol that routes traffic outside of or between ASs Border Gateway Protocol (BGP)--enhancement of EGP that routes traffic between ASs In this course. This number can be locally administered. • • • • Routers send updates only to their neighbor routers Routers send their entire routing table Tables are sent at regular intervals (each router is configured to specify its own update interval) Routers modify their tables based on information received from their neighbors Because routers using the distance vector method send their entire routing table at specified intervals. build routing tables. The following methods can be used to minimize the effects of a routing loop. Like a bridging loop. or divide the network into subnets. Each autonomous system is identified by an AS number.Routing Protocol Facts Each organization that has been assigned a network address from an ISP is considered an autonomous system (AS). they are used to connect multiple ASs together. or registered if the AS is connected to the Internet. you will learn about the following Interior Gateway Protocols: • • • • Routing Information Protocol (RIP) Interior Gateway Routing Protocol (IGRP) Open Shortest Path First (OSPF) Enhanced Interior Gateway Routing Protocol (EIGRP) Distance Vector Routing Facts Keep in mind the following principles about the distance vector method. Routing protocols can be classified based on whether they are routing traffic within or between autonomous systems. 62 . That organization is free to create one large network.

the path timeout has been reached. However. The distance vector method has the following advantages: • • • • Stable and proven method (distance vector was the original routing algorithm) Easy to implement and administer Bandwidth requirements negligible for a typical LAN environment Requires less hardware and processing power than other routing methods Distance vector has the following disadvantages: • • • • Relatively long time to reach convergence (updates sent at specified intervals) Routers must recalculate their routing tables before forwarding changes Susceptible to routing loops (count-to-infinity) Bandwidth requirements can be too great for WAN or complex LAN environments 63 . it results in greater network traffic because the entire table is broadcast each time an update is sent. Routers do not report route information to the routers on that path. but advertise the path as unreachable. routers do not report information back to the router from which their information originated. for a period of time. routers that receive updated (changed) information broadcast those changes immediately rather than waiting for the next reporting interval. With the triggered update method (also known as a flash updates).Method Split horizon Split horizon with poison reverse Triggered updates Hold downs Characteristics Using the split horizon method (also called best information). routers continue to send information about routes back to the next hop router. This method reduces the convergence time. The hold down timer is reset when the timer runs out or when a network change occurs. punctuated by special broadcasts if conditions have changed. If. routers broadcast their routing tables periodically. it ignores the information. Using the split horizon with poison reverse method (also called poison reverse or route poisoning). If the next hop router notices that the route is still reachable. With the hold down method. routers will. routers keep track of where the information about a route came from. "hold" an update that reinstates an expired link. however. Convergence happens faster with poison reverse than with simple split horizon. the route is immediately set to unreachable (16 hops for RIP). With this method. In other words. The time period typically reflects the time required to attain convergence on the network.

or if the bandwidth between links vary (i. LSPs travel faster through parts of the network than through others). The following solutions are often implemented to overcome some of the effects of inconsistent LSP information. It is possible for LSPs to get delayed or lost. the traffic from the link state method is smaller than that from the distance vector method. However.Link State Routing Facts Keep in mind the following information about the link state method. o A neighbor has gone down. resulting in an inconsistent view of the network. if parts of the network come on line at different times.e. the last problem is of greatest concern. • • • • Less convergence time (because updates are forwarded immediately) Not susceptible to routing loops Less susceptible to erroneous information (because only firsthand information is broadcast) Bandwidth requirements negligible for a typical LAN environment Although more stable than the distance vector method. Routers send information about only their own links. LSPs are sent at regular intervals and when any of the following conditions occur. Routers use LSPs to build their tables and calculate the best route. • Slowing the LSP update rate keeps information more consistent. the link state method has the following problems: • • • The link state algorithm requires greater CPU and memory capability to calculate the network topology and select the route because the algorithm re-creates the exact topology of the network for route computation. In particular. • • • • • • • • • Routers broadcast LSPs to all routers (this process is known as flooding). The SPF algorithm is applied to the topological database to create an SPF tree from which a table of routing paths and associated ports is built. Network administrators have greater flexibility in setting the metrics used to calculate routes. This is particularly a problem for larger networks. The link state method has the following advantages over the distance vector method. Link-state protocols send hello packets to discover new neighbors. o There is a new neighbor. Neighboring routers exchange LSAs (link-state advertisements) to construct a topological database. 64 . o The cost to a neighbor has changed. It generates a high amount of traffic when LSPs are initially flooded through the network or when the topology changes. Routers select routes based on the shortest route using an algorithm known as Shortest Path First (SPF). after the initial configuration occurs.

. Identify a next hop router to receive packets sent to the specified destination network. Router(config)#ip route 192. a collection of areas under common administration. (Areas logically subdivide an Autonomous System (AS). and for small networks or networks that have only one possible path.35 25 65 .168.255.168.35 and gives it a value of 25.1. Enables the router to match routes based on the number of bits in the mask and not the default subnet mask. . Identify a default network on which all packets sent to unknown networks are forwarded. For small networks that do not change very often and that have only a few networks.) One router in each area is designated as the authoritative source of routing information (called a designated router). .0 192. To configure routes that are lost due to route summarization. Static Route Command List Static routes lock a router into using the route you specify for all packets.0 through the router with the IP address 192. Router(config)#ip route <destination> <next_hop> Router(config)#ip route <destination> <interface> Router(config)#ip defaultnetwork <network> Router(config)#ip classless To .0 255. LSPs can be identified with a time stamp. Identify the interface used to forward packets to the specified destination network. Static Route Facts Most networks will use one (or more) routing protocols to automatically share and learn routes. To turn off all routing protocols and reduce traffic or improve security. Routers share information within the area. or aging timer to ensure proper synchronization.1. When your router cannot find a packet's address in its routing table. Use .168.255.• • • Routers can be grouped into areas. Examples The following command creates a static route to network 192. sequence or ID number. Configuring static routes is useful for increasing security. and routers on area borders share information between areas. it sends the packet to the default router. You can also configure a default router. Each area router receives updates from the designated router.168. Listed below are several situations when you might want to configure static routes. • • • • To configure a default route or a route out of a stub network (a stub network is one that has a single route into and out of the network).1.1. .

0 10. suppose that two routes exist between two networks.0.2. Router(config)#ip route 192.1.0 as the default network for the local router.1.0. RIP supports load balancing over same-cost paths.1. RIP uses only classful routing. Because the first route has fewer hops.0 through the router's second serial interface. For example. RIP will select this route as the optimal route. One route uses a 56 Kbps link with a single hop.168. RIP broadcasts updates to the entire network. Router(config)#ip default-network 10.255. RIP routing is limited to 15 hops to any location (16 hops indicates the network is unreachable). Enable IP routing if it is not already enabled (use the ip routing command). and the flush timer default is 240.0.168. Router(config)#ip route 0. effective routing protocol for small. • • • • • • • • RIP uses hop and tick counts to calculate optimal routes. The update interval default is 30.The following command creates a permanent static route to network 192.0 0.1. but only if the cost is the same. while the other route uses a Gigabit link that has two hops. RIP Command List To configure any routing protocol. RIP uses the split horizon with poison reverse method to prevent the count-to-infinity problem.1.1. it might end up selecting a less than optimal route. so it uses full address classes.0 serial 1 30 permanent The following command designates network 10. It has the following characteristics when running on a Cisco router.0.1.255. RIP can maintain up to six multiple paths to each network.2 RIP Facts The Routing Information Protocol (RIP) is a simple. Note: Because RIP uses the hop count in determining the best route to a remote network. the holddown timer default is 180.to medium-sized networks. the invalid timer default is 180. 66 .1. not subnets. use the following three steps: 1.1.0 255.1.0 The following command identifies a default route through an interface with address 10.

• • Identify only networks to which the router is directly connected. Use this command only if it has been disabled.0. Router(config)#ip routing Router(config)#router rip Router(config-router)#network <address> Router(config)#no ip routing Router(config)#no router rip Router(config-router)#no network <network> Router(config)#passiveinterface <interface> To . Notice that you identify networks. It is Cisco's proprietary routing protocol. which Cisco recommends that you use instead of RIP. Enter router RIP configuration mode (also referred to as "enabling RIP"). Remove a specific RIP network.168. Identify networks that will participate in the router protocol. IP routing is enabled by default. 3.2. Identify the networks that will participate in dynamic routing (use the network command. This identifies the interfaces that will share and process received routing updates.10. Disable IP routing on the router. and not interfaces. followed by the routing protocol you want to configure). not a subnetted network address. followed by the address of a network to which the router is directly connected). When you use the network command to identify the networks that will participate in RIP routing. Use the classful network address. Disable RIP and remove all RIP networks. .0. follow these rules. . Enable IP routing for the entire router. Use . Switch to router configuration mode (use the router command. Prevent routing update messages from behind sent through a router interface. IGRP has the following characteristics: 67 .0 IGRP Facts Interior Gateway Routing Protocol (IGRP) is a dynamic routing protocol that sends neighboring routers updates of its routing table. . Router(config)#ip routing Router(config)#router rip Router(config-router)#network 10. Example The following commands enable IP routing and identify two networks that will participate in the RIP routing protocol.0 Router(config-router)#network 192. .

.0 Router(config-router)#network 192. Use . The default update interval is higher for IGRP than RIP because it uses flash updates. Enter router IGRP configuration mode for the specified Router(config)#router igrp Autonomous System.0 68 . Defaults are: o Update interval = 90 seconds o Invalid route = 270 seconds (3 times the update) o Holddown = 280 seconds (3 times the update + 10) o Flush = 630 seconds (7 times the update) IGRP Command List Configuring IGRP is very similar to configuring RIP. and MTU). reliability. you must include the AS number. It will keep track of same-cost and different-cost routes.0. Router(config)#router igrp 25 Router(config-router)#network 10.168. You can also configure the hop count limit. router)#network <address> When identifying networks. IGRP supports multiple-path connections. Identify networks that will participate in the router protocol. Use this command only if it has been disabled. Note: When configuring multiple <ASnumber> routers to share information with IGRP. IGRP uses a composite metric (a 24-bit number assigned to each path that can include such factors as bandwidth. To . Example The following commands identify two networks that will participate in the IGRP routing protocol for AS number 25 (assuming IP routing is already enabled). however. IGRP uses an autonomous system (AS) number as part of the configuration. IGRP uses split horizon with poison reverse.0. Router(configNotice that you identify networks. loading. use the classful network address (the network specified with the default subnet mask). delay. . Enable IP routing for the entire router. the AS number must match on all routers. with a hop count limit of 255 (rather than 16).• • • • • • • • IGRP can handle much larger networks. IP routing is enabled Router(config)#ip routing by default. and not interfaces. When using the router command. . This AS number must be the same on each router that will share information. It can keep track of up to six different paths.10. . IGRP uses flash updates (sending changed information immediately) for faster convergence.

Because the loopback interface takes precedence over the physical interfaces in determining the router ID. You should remember the following characteristics of link state protocols that apply to OSPF: • • • • • • • • • • • • Is a public (non-proprietary) routing protocol.0. (Unadvertised links save on IP space. Is considered a classless routing protocol because it does not assume the default subnet masks are used. It sends the subnet mask in the routing update and supports route summarization and VLSM. Can require additional processing power (and therefore increased system requirements). As part of the OSPF process. Maintains a logical topographical map of the network in addition to maintaining routes to various networks. The router ID is: • • The highest IP address assigned to a loopback (logical) interface. o The backbone is a specialized area connected to all other areas. All OSPF networks must have a backbone area. Routers within an area share information about the area. Converges faster than a distance vector protocol. o A stub area is an area with a single path in to and out of the area. each router is assigned a router ID (RID). split horizon. Uses areas to subdivide large networks.OSPF Facts The Open Shortest Path First (OSPF) routing protocol is a robust link state routing protocol well-suited for large networks. Is scalable and does not have the 16 hop limitation of RIP. 69 . LSAs contain small bits of information about routes. Routers on the edge of areas (called Area Border Routers (ABR)) share summarized information between areas.0. or poison reverse are not needed. Uses link costs as a metric for determining best routes. Mechanisms such as holddown timers. Good design can minimize this impact. Its address is always 0. If a loopback interface is not defined.0. Shares routing information through Link State Advertisements (LSAs). It contains networks not held within another area. The Shortest Path First (SPF) algorithm (also called the Dijkstra SPF algorithm) is used to identify and select the optimal route. you can force a specific router ID by defining a loopback interface and assigning it an IP address. OSPF uses built-in loop avoidance techniques. Is not susceptible to routing loops. the highest IP address of the router's physical interfaces. and distributes routing information between areas. Instead. OSPF only sends out updated information rather than exchanging the entire routing table. You can think of the backbone as the "master" or "root" area. but they cannot be pinged because they won't appear in an OSPF routing table.) Under normal conditions. Uses hello packets to discover neighbor routers.

n. with only a few variations from the RIP and IGRP configuration steps you have previously use. Note: Although similar. Identifies networks that participate in OSPF routing.n is the network address.m. This can be a subnetted. two routers configured with different process IDs might still share OSPF information). Process IDs do not need to match between routers (in other words.n. Use the following commands to configure OSPF on each router: 70 . The process ID identifies a separate routing process on the router.m.n. The area number must match between routers. the process ID number is not the same thing as the AS number used in IGRP/EIGRP routing. classless network. m. Command Purpose Use to enter configuration mode for OSPF. The following table lists the commands and details for configuring OSPF.n. Router(config)#router ospf process-id Router(config-router)#network n. number is the area number in the OSPF topology.m. and then identifying the networks that will participate in OSPF routing.OSPF Command List OSPF is fairly simple.m. Configuration is as simple as defining the OSPF process using the router ospf command.n m.m area number Example The following graphic shows a sample network with two OSPF areas. The wildcard mask identifies the subnet address.m is a wildcard mask (not the normal subnet mask).n.

The network command identifies the subnet. When change occurs.1. Supports automatic classful route summarization at major network boundaries (this is the default in EIGRP).0 0.0.0 0. EIGRP uses built-in loop avoidance techniques.15.0 area 1 SFO LAX router ospf 1 PHX network 10.1. During normal operation EIGRP transmits only hello packets across the network.0.255 area 1 Notice the following in the configuration: • • • The process ID on each router does not match. 71 .0.32. and the OSPF area of the subnet.Rout Configuration er router ospf 1 network 10. It supports route summarization and VLSM. split horizon.0. Exchanges the full routing table at startup.255.16.1. Mechanisms such as holddown timers. not the process ID.16. Minimizes network bandwidth usage for routing updates. Is not susceptible to routing loops.0 0.1.0. You can use the subnet address with the appropriate wildcard mask (as in 10.255 area 1 network 10. or poison reverse are not needed. manual route summarization can also be configured on arbitrary network boundaries to reduce the routing table size.32.1.0. wildcard mask.0. Keeps multiple paths to a single network.2.0.255 area 0 network 10. Maintains partial network topology information in addition to routes.0 0. Instead. and then partial routing updates thereafter.15.0. only routing table changes are propagated in EIGRP not the entire table.1 0.15.255 area 1 network 10.0. EIGRP: • • • • • • • • • • Sends the subnet mask in the routing update.255 area 1 router ospf 2 network 10.0 0.0.0. EIGRP Facts Enhanced IGRP is a Cisco-proprietary balanced hybrid routing protocol that combines the best features of distance vector and link state routing.3.0 0. EIGRP does not send periodic routing updates like RIP and IGRP.1 0.1. Uses hello packets to discover neighbor routers.0. Unlike IGRP and RIP.0.15.16.0 area 1 network 10. Uses bandwidth and delay for the route metric (similar to IGRP).0. or you can use the IP address of the router interface with a mask of 0. A subnet can only be in one area.0.15. OSPF uses areas to identify sharing of routes.255). Is scalable and does not have the 16 hop limitation of RIP.

Command show ip route show eigrp neighbors show eigrp interfaces Features View EIGRP-learned routes.0 Use the following commands to manage and monitor EIGRP.• • • • Requires less processing and memory than link state protocols. In some cases. EIGRP can quickly adapt to alternate routes when changes occur. EIGRP will query neighbor routers to discover an alternate route.1.n. EIGRP can exchange routes for IP.n. View the interfaces that are running EIGRP and the number of connected routers.n Function Defines an EIGRP process.168. View neighboring routers from which EIGRP routes can be learned.0 Router(config-network)#network 192. convergence can be almost instantaneous because an EIGRP router stores backup routes for destinations.168. AppleTalk and IPX/SPX networks. If no appropriate route or backup exists in the routing table. The following table lists the applicable commands. Supports multiple protocols.3. Command Router(config)#router eigrp number Router(config-router)#network n.0 Router(config-network)#network 192. Uses the DUAL link-state algorithm for calculating routes. Converges more quickly than distance vector protocols.2. Lists the IP address of the connected router. EIGRP Command List You configure EIGRP just the same as you would configure IGRP. The number must match between routers for information to be shared. Router(config)#router eigrp 2 Router(config-network)#network 192. Example The following commands enable EIGRP on a router and defines three networks that participate in the routing process. 72 .168. In this manner. Identifies a network that participates in the routing process.

split horizon.Routing Protocol Comparison The following table compares various features of the routing protocols you will need to know for this course. also sends triggered updates of changed routes Hold down timers. split horizon. Characteristic Routing method Public standard Metric VLSM support Classless routing Route summarization Sends mask in updates Convergence time Discovers neighbors before sending routing information RIP Distance vector Yes Hop count IGRP Distance vector No OSPF Link state Yes EIGRP Balanced hybrid No Bandwidth and delay Yes Bandwidth and delay Link cost Version 2 only No Slow (faster than RIP) No Yes Slow No Fast Yes Fast Yes Sends full routing table at Yes each update Loop avoidance Yes. Hold down timers. poison poison reverse reverse Low No No No Full network topology Can be high Yes Yes No Partial network topology Lower than OSPF No No Memory and CPU Low requirements Uses areas in network No design Uses wildcards to define No participating networks Routing Administrative Distances 73 .

The administrative distance is a number assigned to a source of routing information (such as a static route or a specific routing protocol). 2. The router uses these values to select the source of information to use when multiple routes to a destination exist. it will choose the route with the lowest administrative distance (OSPF in this example). Routers can learn about routes to other networks using multiple routing protocols. If a router has learned of two routes through the same protocol (for example two routes through EIGRP). The following table shows the default administrative values for a Cisco router. Route Source Administrative Distance Connected interface 0 Static route 1 EIGRP summary route 5 EIGRP internal route 90 IGRP 100 OSPF 110 RIP 120 EIGRP external route 170 Note: You can modify how routes are selected by modifying the administrative distance associated with a source. WAN Structure 74 . If a router has learned of two routes to a single network through different routing protocols (such as RIP and OSPF). there might be multiple paths between any two points. In addition. the router uses the following criteria for choosing between multiple routes: 1. When making routing decisions. A smaller number indicates a more trusted route. the router will choose the route that has the best cost as defined by the routing metric (for EIGRP the link with the highest bandwidth and least delay will be used).

CPE includes the Consumer telephone wire. The DTE resides on the subscriber's premises. CPE is sometimes used synonymously with DTE. It provides WAN-cloud entry and exit 75 . and the nearest point of (CO) presence for the WAN provider. Central office The switching facility closest to the subscriber. In a narrow sense. The demarc media is owned and maintained by the telephone company. The demarc can also be called the network interface or Demarcation point point of presence. fiber optic. and marks the point of entry Data terminal between the LAN and the WAN. but computers equipment (DTE) and multiplexers can also act as DTEs. the DTE is the device that communicates with the DCE at the other end. The equipment (CPE) wiring typically includes UTP cable with RJ-11 or RJ-45 connectors. or other media. A device on the network side of a WAN link that sends and receives data. The phone company is responsible for all equipment on the other side of the demarc.A typical WAN structure includes the following components. modem. the customer is responsible for all equipment on one side of the demarc. but it can also be one or a combination of UTP. Cable that extends from the demarc to the central telephone office. Component Description Devices physically located on the subscriber's premises. and other equipment. The point where the telephone company's telephone wiring connects to the subscriber's wiring. (demarc) Typically. and can include all computers. both the devices premises the subscriber owns and the ones leased from the WAN provider. it is UTP. DTEs are any equipment at the customer's site. Fiber optic cable to the demarc is rare. telephone. Local loop Typically. Broadly. DTEs are usually routers.

and different networks with common connection points WAN cloud may overlap. a DCE is any device that terminating supplies clocking signals to DTEs. In a strict sense. This term is both a generic name for Data Link protocols and the name of a specific protocol within a WAN protocol suite or service. LAPB for X. COs use long-distance. 76 . Long-distance carriers are usually owned and operated by companies such as AT&T or MCI. It is represented as a cloud because the physical structure varies. Packet-switching A switch on a carrier's packet-switched network. a modem or CSU/DSU at the equipment (DCE) customer site is often classified as a DCE. and central offices that make up the network of telephone lines. LAPD is a Layer 2 ISDN protocol that manages flow and signaling. The hierarchy of trunks. A CO provides services such as switching incoming telephone signals to outgoing trunk lines. except that each device plays a different role. you will select one of the following encapsulation methods. point-to-point connections with other Cisco routers (Cisco HDLC does not communicate with other vendors' implementations of HDLC). Depending on the WAN service and connection method. and acts as a switching point to forward data to other central offices. or toll. A device that communicates with both DTEs and the WAN cloud. carriers to provide connections to almost anywhere in the world. and arrives at its destination." What is important is that data goes in. Data Link layer protocols control some or all of the following functions: • • • • Error checking and correction Link establishment Frame-field composition Point-to-point flow control Data Link layer protocols also describe the encapsulation method or the frame format. DCEs may be devices similar to DTEs (such as routers). DCEs are typically routers at the service provider that relay messages between the Data circuitcustomer and the WAN cloud. Thus. LAPD in combination with another protocol for the B channels in ISDN networks. • • • Cisco HDLC for synchronous.points for incoming and outgoing calls. WAN encapsulation methods are typically called HDLC (high-level data link control). Few people thoroughly understand where data goes as it is switched through the "cloud. WAN Encapsulation Facts WAN Physical layer protocols specify the hardware and bit signaling methods. This is the default encapsulation method for synchronous serial links on Cisco routers. It also provides reliable DC power to the local loop to establish an electric circuit.25 networks. PSEs are the intermediary exchange (PSE) points in the WAN cloud. switches. travels through the line.

load-balancing traffic over multiple physical links. AppleTalk. If a router receives a packet with its own magic number. IPX. and ISDN networks. LCPs are used to agree upon encapsulation. It includes looped link detection that can identify when messages sent from a router are looped back to that router. It supports multilink connections. PPP is non-proprietary. Optional authentication is provided through PAP (2-way authentication) or CHAP (3way authentication). LCPs are exchanged to detect and correct errors or to control the use of multiple links (multilink). LCP packets are exchanged periodically to do the following: • Link Control Protocol (LCP) • • During link establishment. so it works in implementations that use products from multiple vendors. Protocol Description The Link Control Protocol (LCP) is responsible for establishing. and ISDN. IPX. PPP uses two main protocols to establish and maintain the link. Network Control Protocol (NCP) A single Link Control Protocol runs for each physical connection. It includes Link Quality Monitoring (LQM) which can detect link errors and automatically terminate links with excessive errors. the link is looped. and numerous others. packet size. synchronous serial (dial up). or AppleTalk). This is done through routers sending magic numbers in communications. Each Network layer protocol has a corresponding control protocol packet. PPP Facts The following list represents some of the key features of the Point-to-Point Protocol (PPP): • • • • • • It can be used on a wide variety of physical interfaces including asynchronous serial. Throughout the session. maintaining. and compression settings. Note: Routers on each side of a WAN link must use the same encapsulation method to be able to communicate. circuit-switched WAN networks. and tearing down the PPP link. The Network Control Protocol (NCP) is used to agree upon and configure Network layer protocols to use (such as IP. LCPs are responsible for tearing down the link. including IP.• • PPP for dial-up LAN access. Cisco/IETF for Frame Relay networks. LCPs also indicate whether authentication should be used. It supports multiple Network layer protocols. When the session is terminated. Examples of control protocols include: 77 .

During this phase. NCPs are exchanged to agree on upper-layer protocols to use. packet size. To configure PPP on the router. authentication-specific packets are exchanged to configure authentication parameters and authenticate the devices. 2. You must set the encapsulation method to PPP before you can configure authentication or compression. 1. LCPs are exchanged to open the link and agree upon link settings such as encapsulation.• • • • IP Control Protocol (IPCP) CDP Control Protocol (CDPCP) IPX Control Protocol (IPXCP) AppleTalk Control Protocol (ATCP) A single PPP link can run multiple control protocols. If authentication is used. . Set PPP encapsulation on the interface. the first method will be pap tried first Router(config-if)#ppp compression Set compression options Router(config-if)#ppp chap|pap password Set the password used with CHAP <password> or PAP for an unknown host Router(config)#username <hostname> password <password> Set the username and password for the local router 78 . . one for each Networklayer protocol supported on the link. 3. . During this phase. PPP establishes communication in three phases. For example. PPP Command List PPP configuration is often done in connection with configuring other services. configure username/password combinations. LCP phase. you complete the following tasks: 1. Select CHAP and/or PAP as the authentication method (optional). routers might exchange IPCP and CDPCP packets to agree upon using IP and CDP for Network-layer communications. LCPs might continue to be exchanged. Router(config-if)#encapsulation ppp To . . Authenticate phase (optional). PPP options are configured in interface mode for a specific interface. LCPs might also be exchanged during this phase to maintain the link. 2. NCP phase. Use . 3. Set the encapsulation type to PPP Set the authentication method(s) Router(config-if)#ppp authentication <chap| When multiple methods are pap> Router(config-if)#ppp authentication chap specified. and whether authentication will be used.

Have a variable packet size (called a frame) . Corrupted packets are simply dropped without notification. use the service password-encryption command from the global configuration mode. It is up to end devices to request a retransmission of lost packets. Frame Relay switches begin dropping packets when congestion occurs. you will likely be able to send data faster than the CIR. In any case. Frame-relay networks: • • • • • • Provide error detection but not error recovery. SFO(config)#hostname LAX password cisco5 SFO(config)#int s0 SFO(config-if)#encap ppp SFO(config-if)#ppp auth pap Frame Relay Facts Frame relay is a standard for packet switching WAN communications over high-quality. The CIR is the maximum guaranteed data transmission rate you will receive on the Frame Relay network. 79 . priority is given to data coming from customers with a higher CIR. T-1. T-3). Frame relay networks simulate an "always on" connection with PVCs. you are assigned a level of service called a Committed Information Rate (CIR). As network traffic increases. Packets travel through the Frame Relay cloud without acknowledgments. When you sign up for Frame Relay service.Router(config)#bandwidth <value> Set a bandwidth value for an interface View encapsulation and PPP information on an interface Router#show interface To hide the CHAP password from view in the configuration file. Frame Relay switches perform error checking but not correction. Example The following commands configure the SFO router to use PPP and enable it to connect to the LAX router using PAP authentication. and the effective rate may drop. When network traffic is low. Operate at the Physical and Data Link layers of the OSI model. Can be implemented over a variety of connection lines (56K. You should be familiar with the following concepts about how Frame Relay networks send data. Can be used as a backbone connection to LANs. digital lines. Error correction is performed by sending and receiving devices. Sending routers send data immediately without establishing a session. you are guaranteed to have at least the amount of bandwidth specified by the CIR. Can provide data transfer up to 1. • • • • • • • • Routers connect to a Frame Relay switch either directly or through a CSU/DSU.54 Mbps.

• • Data-Link Connection Identifiers (DLCIs) • The DLCI ranges between 16 and 1007. The Frame Relay service provider assigns the DLCI when the virtual circuit is set up. Local Management Interface (LMI) is a set of management protocol extensions that automates many Frame Relay management tasks. Cisco routers support three LMI types: Cisco. Gather status information about other routers and connections on the network. In other words. the same DLCI number can be used multiple times in the entire network to identify different devices. LMI can: • • • • • Local Management Interface (LMI) Maintain the link between the router and the switch. Enable dynamic DLCI assignment through multicasting support. Frame Relay switches send Backward Explicit Congestion Notification (BECN) messages to slow data transfer rates. ANSI. which is connected to the Frame Relay network. the router interface has a direct line to the Frame Relay switch at the service provider. Frame Relay Protocols Most Frame Relay installations involve connecting to a Frame Relay network through a T-1 line. LMI is responsible for managing the connection and reporting connection status.e. through LMI these numbers can be globally significant (i. The Frame Relay network is made up of multiple switches for moving packets. Although there is only one physical path between the router and the switch. Each DLCI is unique for the local network. Frame Relay supports multiple virtual circuits. When you connect a router to the Frame Relay network. DLCIs identify each virtual circuit. the same number is used throughout the entire network to identify a specific link). You should be aware of the following Frame Relay protocols: Protocol Characteristics Like an Ethernet MAC address.• • • Congestion is the most common cause of packet loss on a Frame Relay network. you have the following options: 80 . The DLCI represents the connection between two frame relay devices. When configuring a Frame Relay connection or circuit. Make DLCIs globally significant for the entire network. and Q933a. Although DLCI numbers are only locally significant. but not for the entire WAN. Packets are discarded based on information in the Discard Eligible (DE) bit. The router connects to a CSU/DSU.

A point-to-point link simulates a direct connection with a destination device. Cisco routers autosense the LMI type and configure themselves accordingly. Cisco is the default frame relay encapsulation. Network layer destination addresses with the DLCI number used to reach that address. The administrator identifies the address of each destination device. . Frame Relay Command List When configuring a router for Frame Relay. and associates each address with a DLCI. To . The same circuit is used for multiple conversations. Although more work. IPX. A multipoint link configures each circuit to communicate with more than one destination device. the DLCI number acts like a Data Link or physical device address. you have the following configuration options. Note: You must set the encapsulation method on the interface before you can issue any other Frame Relay commands. and DECnet). With a point-to-point connection. you will need to associate logical. For multipoint connections. Multipoint. results are less prone to errors than when using inverse ARP. 81 . complete the following tasks: • • • • • Enable Frame Relay on the interface by setting the encapsulation type Assign a Network layer address to the interface (such as an IP address) Configure dynamic (inverse ARP) or static (mapped) addresses For a point-to-point subinterface. The router uses the inverse ARP protocol to dynamically discover destination addresses associated with a specific DLCI. Use . . the circuit is configured to talk to only one other device. To configure Frame Relay on an interface. Router(configif)#frame-relay Turn on inverse ARP (it is on by default) inverse-arp Router(configif)#frame-relay map Map protocol addresses to DLCIs Note: Add the broadcast parameter to the command to configure the router to forward broadcast traffic over the link. This is the default. Set the encapsulation method Router(config-if)#encap You can following this command by various keywords to frame-relay set a specific frame relay encapsulation protocol. or a multipoint subinterface with dynamic addressing.• • Point-to-Point. Manually map addresses to DLCIs. By default. . • • Dynamically associate DLCIs with inverse ARP. . Because Frame Relay supports multiple upper-layer protocols (such as IP. assign a DLCI to the subinterface Configure the LMI settings (optional). You only need to set the LMI type if autosensing does not work or if you want to manually assign it.

and map IP address 10. A point-to-point link simulates a direct connection with a destination device. you can expand your router's capability without adding modules containing physical interfaces. The same circuit is used for multiple conversations.55 to DLCI 25. With subinterfaces. Instead of adding physical interfaces.1. With a point-to-point connection. Using subinterfaces also lets you send routing updates out the same physical interface on which they were received. Using subinterfaces in this manner overcomes the split horizon problem that can occur when sending updates out the same interface. the router interface has a direct line to the Frame Relay switch at the service provider. you have the following options: • • Point-to-Point. When you connect a router to the Frame Relay network. Show DLCI statistics and information.55 25 Subinterfaces Facts Cisco uses the term interface to describe the physical component that connects the router to a network. Clear the dynamic entries from the frame-relay map cache. Router(config)#int s0 Router(config-if)#encap frame-relay Router(config-if)#no frame inverse Router(config-if)#frame-relay map ip 10. A subinterface is a virtual interface that you configure on a Cisco router's physical interface. Although there is only one physical path between the router and the switch. A multipoint link configures each circuit to communicate with more than one destination device. They make it possible to support multiple connections and/or networks through a single physical port. 82 .1.1. Frame Relay supports multiple virtual circuits. Router(config)#int s1 Router(config-if)#encap frame-relay ietf The following commands enable Frame Relay on serial interface 0 using Cisco as the encapsulation method. disable inverse ARP. the circuit is configured to talk to only one other device. using subinterfaces lets you subdivide a single physical interface into several separate virtual channels. Multipoint.1. Configure LMI on the Cisco router Examples The following commands enable Frame Relay on serial interface 1 using IETF as the encapsulation method and dynamic addressing.Router#show frame map Router#clear framerelay-inarp Router#show frame pvc Router#frame lmi-type <LMI type> Display the contents of the frame-relay map cache (showing IP address to DLCI number mappings). When configuring a Frame Relay connection or circuit.

16. Router(config-if)#int sX. and configure it with a static IP mapping of device 199. .155 to DLCI 111. map DLCIs to protocol addresses In addition. The subinterface is configured to use inverse ARP. Do not assign an IP address to the main interface. . assign the DLCI number to the subinterface For a multipoint connection using static assignments. complete the following tasks: • • • • Enable Frame Relay on the interface and set the encapsulation method Create the subinterface. . Router(config)#int s1 Router(config-if)#encap frame Router(config-if)#int s1. you will need to assign a Network layer address to the subinterface. Use . All simulations use the same network layout as shown. Create the subinterface Assign the DLCI to the interface Map protocol addresses to DLCIs Examples The following commands create a point-to-point subinterface on the first serial interface and assign it to DLCI 44.12.X <type> Router(config-subif)#frame-relay interface-dlci Router(config-subif)#frame-relay map To . 83 .103 mult Router(config-subif)#frame map ip 199.16. Router(config)#int s0 Router(config-if)#encap frame Router(config-if)#int s0. specifying either point-to-point or multipoint For a point-to-point connection or a multipoint connection using inverse ARP.Frame Relay Subinterface Command List To configure Frame Relay on a subinterface. .12.55 point Router(config-subif)#frame interface-dlci 44 The following commands create a multipoint subinterface on the second serial interface.155 111 Frame Relay Troubleshooting Introduction The next set of simulations gives you a chance to troubleshoot Frame Relay.

use the ietf encapsulation type. you must manually assign a DLCI to the subinterface. Frame Relay routers must know the DLCI number that is used to reach remote routers. When using all Cisco routers. Use inverse arp to dynamically discover DLCI numbers. Each scenario has some misconfiguration that prevents communication. Instead. • • • • • • • • ping sh frame map sh frame pvc sh int/sh ip int sh run no ip sh frame-relay sh frame-relay traffic Frame Relay Troubleshooting Tips As you troubleshoot Frame Relay. For a point-to-point subinterface. 84 . When using routers of multiple vendors. The following commands may be useful in identifying the problem. When configuring subinterfaces. you can use the default Frame Relay encapsulation type (cisco). or a multipoint subinterface with dynamic addressing. keep in mind the following tips: • • • • • All routers at all locations must be configured to use the same frame relay encapsulation method.The scenario description for each exercise identifies whether the routers should be configured using inverse-arp or static mappings. Use static mappings to associate DLCI numbers with IP addresses manually. do not set an IP address on the main interface. set IP addresses on each subinterface.

Monitoring Frame Relay If you want to view . ISDN Facts Integrated Services Digital Network (ISDN) is a set of standards covering the Physical. . D channels are used to carry control and signaling information.• By default. . You only need to set the LMI type if autosensing does not work or if you want to manually assign it. It allows fast. Cisco routers autosense the LMI type and configure themselves accordingly. It supports the majority of upper-level protocols and encapsulation protocols. show run show frame pvc show int show run show frame lmi show int show frame pvc show int show frame traffic show frame map Note: Output for the show interfaces command shows an entry for DLCI followed by a number. Channels are classified as one of two types: • • B channels are used to carry data. and Network layers. DLCI numbers Frame Relay encapsulation method LMI information and traffic statistics Interface configuration (DCE or DTE) Global traffic statistics Addresses and associated DLCIs Use . The physical cable of an ISDN connection is divided into logical channels. and so on) over existing telephone lines. When you order ISDN service. . video. you have the choice between the following services. This information is not the DLCI number associated with the interface. Data Link. digital transmission of both voice and data (including graphics. . ISDN uses T-carrier technology to quickly and efficiently send digital data streams. Service Basic Rate B channels D channel Characteristics Two 64 Kbps One 16 Uses existing phone lines (but may not be available 85 .

• • • Faster data transfer rates (128 Kbps) than dial-up modems (56 Kbps maximum) Faster call establishment (dial-up) than modems Lower cost than other WAN solutions (users pay a monthly fee plus connection charges) ISDN Protocol Standards ISDN standards are grouped according to function. such as network services Standards for switching and signaling. The total data transfer rate is 128 Kbps (data is sent only on the two B channels). Protocol Designation E I Q Standard Standards for ISDN on the existing phone network. such as call setup. E for Existing networks I for Identifying concepts Q for Quality switching signals 86 . flow control. you will probably not need to know these standards. The protocol groupings and descriptions follow a lettering standard. ISDN BRI is a relatively low-cost WAN service that is ideal for the following situations: • • Home office or telecommuters who need a relatively fast connection Businesses that need to periodically send data between sites (bursty traffic patterns) ISDN BRI offers the following benefits over dial-up modems and other WAN connection options. Use the following to help remember the classifications. terminology. but you will need to memorize them for the certification exam.ISDN (BRI) Primary Rate ISDN (PRI) Kbps Twenty-three One 64 64 Kbps Kbps where existing copper wires don't support it) The connection is "demand-dial" (established only when data needs to be sent) Uses an entire T-1 line Sometimes called 23B+D The connection is "always on" Note: The total bandwidth of an ISDN BRI line is 144 Kbps (two B channels and one D channel). and error correction In practice. and services. such as international addressing Standards for ISDN concepts.

the customer is responsible for the NT1. or ISDN telephone. Rather. More specifically. NT1 functionality is the responsibility of the service provider. The TA is often called an ISDN modem. although it does not convert digital signals to analog signals. In North NT1 America. it converts ISDN signals to non-ISDN signals. It lets you NT2 connect multiple devices. computer.ISDN Components and Reference Points ISDN devices are classified based on whether they are ISDN-capable and the role they can play on the network. where different protocols and devices connect with each other. A Cisco router might be classified as an NT1. The ISDN standard defines several reference points. An NT2 (Network Switching Equipment) connects with an NT1. 87 . a TA (Terminal Adapter) is any device that generates traffic on an ISDN line. NT2s are optional. Outside of North America. It identifies proper connections with the following interface designations. A TE1 (Terminal Endpoint Device type 1) is an ISDN-compatible device such TE1 as a router. Generically speaking. T Interface between an NT2 and the NT1. Reference Designation Interface Type R Interface between a TA and non-ISDN equipment (TE2). S Interface between the NT2 and an ISDN device (TE1 or TA). ISDN Device Function Designation An NT1 (Network Terminator) is the connection point between the local loop and ISDN network. and/or split the signal into data and voice transmissions. the term is usually used to describes TA a device that converts non-ISDN signals to ISDN signals. A TE2 (Terminal Endpoint Device type 2) is a non-ISDN-compatible device TE2 such as a computer without an ISDN adapter.

T. When connecting devices on an ISDN network. The TA can then connect to the NT1 or NT2. Connect a router with a serial interface (i. Your ISDN router will be connected to an ISDN switch at the WAN service provider. TEIs are dynamically assigned to the router by the ISDN switch when the connection is made. For this reason. Depending on the specific ISDN implementation. T. ISDN has its own Network and Data Link layer addressing. you might have the following options (depending on the configuration of the router): • • • Connect a router with an S/T interface to either an NT1 or an NT2 (but not directly to the local loop). or U) of each device. For example. Your router must be configured to communicate with the switch type used by your WAN service 88 . Connect a router with a U interface directly to the local loop. then follow a packet from a non-ISDN device to the local loop. Note: Because they are electrically the same. Be sure to connect the correct device to the correct interface. S. Label the wire between each device with the corresponding letter. ISDN Addressing ISDN is a Network layer protocol that operates over a specific hardware interface configuration. Network layer address (similar to a telephone number that that allows each channel to make and receive calls). U).U Interface between the NT1 and the local loop (ISDN wall connection). place the letters in order (R. To remember the reference points. • • • Service Protocol Identifier (SPID) One SPID is assigned to the entire device Each B channel has its own SPID Each B channel can have more than one assigned SPID The WAN service provide assigns the SPIDs for you to configure on the router. each device can have one or more SPIDs.e. The following are common SPID assignments. pay attention to the interface type (R. S. the S and T interfaces are often identified as an S/T interface. ISDN uses the following addresses: Address Terminal Endpoint Identifier (TEI) Characteristics Data Link layer address (similar to an Ethernet MAC address). an R reference point) to a TA. Each ISDN device is assigned one TEI. Do not connect the U interface to an NT1 or an NT2. to connect a router to an ISDN network.

TEIs are dynamically assigned to identify the router. The D channel is used for session maintenance. The sending device requests a connection through the D channel. ISDN Command List To configure an ISDN connection. it operates on the D channel of an ISDN connection and is used for: • • • • Initializing Layer 2 and Layer 3 communications. Maintaining the session. After the transmission is over. Assigning TEIs. Cisco routers support over 10 switch types. 1. Terminating the link. Link Access Protocol for the D-Channel (LAPD) is the Data Link encapsulation protocol used on an ISDN network. 1. The router uses the D channel to perform Network (layer 3) initialization. The exact commands you will use depend on the equipment used at the central office. 4.provider. The router uses the D channel to perform Data Link (layer 2) initialization. the D channel is used to tear down the link. 89 . 3. As its name implies. you need to complete the following configuration processes: • • • Configure the ISDN switch type Assign SPIDs (if required) Configure encapsulation Use the following commands to configure an ISDN connection. 2. The receiving device answers and the link is established. It uses its preconfigured SPIDs (if required) to set up the B channels. the most common types are: • • • AT&T 5ESS Northern DMS-100 National ISDN-1 ISDN Communication Facts The following process is used to initialize an ISDN router. the following process is used. In North America. 2. The B channel is used to transmit data. When a router needs to communicate with another ISDN device.

Use only if SPID numbers are not dynamically assigned. For IOS 11. and assigns two SPIDs for an ISDN interface: Router(config)#isdn switch-type basic-5ess Router(config)#int bri0 Router(config-if)#encap ppp Router(config-if)#isdn spid1 0835866201 8358662 Router(config-if)#isdn spid2 0835866401 8358664 About ISDN Simulations The following commands have been enabled in the simulations for configuring and testing an ISDN connection: • • • • • • • interface bri0 isdn switch-type isdn spid1.2 and below. . this is a global configuration command.3 and above. . isdn spid2 show isdn status show isdn active show isdn history show interface bri0. . To use multiple channels at the same time. Switch to ISDN interface configuration mode. View the status of the ISDN connection. Set the encapsulation method for the interface (PPP is the most common). Router(config)#interface bri0 Router(config)#isdn switchtype <type> Router(config-if)#isdn spid<#> <number> <number> Router(config-if)#encap ppp Router#show isdn status Router#show isdn active Router#show isdn history Router(config-if)#ppp multilink Router(config)#dialer loadthreshold To .Use . Show active ISDN phone calls. For IOS 11. Identifies the utilization percentage that must exist for the additional channels to be used. bri0:1. An ISDN connection consists of multiple logical B channels on a single physical connection. enable multilink PPP (MLP). bri0:2 90 . Enables multilink on the interface. Show all past and current ISDN phone calls. Identify SPIDs for an interface. encapsulation method. Set the ISDN switch type to match that used by the service provider. use this command in interface mode or global configuration mode. Example The following commands set the switch type. .

How the switch type is set. and what is required. Setting it globally automatically adds it to the interface. etc. differs depending on the IOS version: o For IOS versions 11.3 up to (but not including) 12. Think of spoofing as "pretending" to be up. You will then need to contact your service provider to reset the switch. the switch at the service provider may report excessive errors and disable itself. DDR Facts 91 . you should set the ISDN switch type and SPIDs with the interface shut down. the connection cannot be made. the router can still make a connection if the switch type is defined globally.3 and above.0 and above. or take several minutes to change. Channels are up when a call is initiated that uses that specific channel. you can only set the switch type globally. but if it is removed from the interface.You should be aware of the following conditions regarding configuring ISDN connections on a live system: • • • As best practice. you may need to use the clear interface bri0 command or restart the router on a live system before some configuration changes take place. On a Cisco router. BRI1. BRI interfaces are identified as BRI0. the switch type must be defined for the interface. BRI Interface Facts As you work with ISDN BRI interfaces. even if one is not defined for the interface.x method of setting the switch type.2 and below. This product simulates the IOS version 12. The two B channels for the first BRI interface are identified as BRI0:1 and BRI0:2. routes that correspond to an interface are not placed in the routing table until the interface status is up. these statuses may not update. Verify that the configuration settings are correct before bringing the interface up. o For IOS versions 11. The status reported with the show isdn status command in the simulations updates automatically and immediately after making configuration changes. keep in mind the following: • • • • • Each BRI interface represents a single connection to an ISDN network. BRI interfaces are up only when a call is successfully placed to another router. It is possible to have one channel active and the other channel inactive. Normally. In addition. When you remove the shutdown for a BRI interface. Spoofing allows the router to place entries in the routing table for dial-ondemand interfaces. the interface status changes to spoofing. o For IOS versions 12. On a live system. If you misconfigure the interface and connect to the ISDN switch. Each physical BRI interface has three separate channels (1 D channel and 2 B channels). o For IOS versions 11.0. you can set the switch type globally or on an interface basis.

If a DDR link is up. or identifies an access list Contains multiple entries. If a DDR link is down. 92 . Identify the host called by the router using one of the following commands in interface mode: • • dialer string. to identify a single number to dial for all connections. both interesting and non-interesting. Interesting traffic is identified and applied to an interface using the following three items: Access List Contains multiple entries that define interesting traffic Each list applies only to one protocol in type Access lists are optional Dialer List Identifies all traffic of a specific protocol. Non-interesting traffic is ignored (never sent). only interesting traffic will bring it up. not which traffic can cross the link once it is established. This process is much like placing a telephone call. The DDR link will be brought down if no interesting traffic has crossed the link in a specified period of time. to identify a specific destination and the corresponding number to dial. The list of interesting traffic only defines which traffic brings the link up. Use access lists to identify the type of traffic that will bring the link up (called interesting traffic). the connection is terminated. Non-interesting traffic that needs to be sent will not keep the link up if the time limit has expired.A dial-on-demand link is one that is non-persistent (not always on). The link between two devices is established when one device calls another and the answering device answers the request. The link is brought up (or dialed) when traffic needs to cross the link. When the link is idle. dialer map. will be sent over the link. all traffic. a maximum of one per protocol Dialer Group Applies a dialer list to an interface Maximum of one group per interface Dialer interfaces (such as ISDN BRI) are non-persistent and might be used to connect to multiple devices. Keep in mind the following points about dial-on-demand routing (DDR): • • • • Access lists define interesting traffic (traffic that will bring the link up).

This allows Router(config)#ip route hosts on the local network to access hosts on the remote network(s).0. The link will be brought up for HTTP or FTP traffic. . Identify the number to dial to contact the Router(config-if)#dialer map ip destination router. defines a called device. such as: o Configuring the ISDN connection o Configuring IP addresses for applicable interfaces Define interesting traffic Apply the interesting traffic definition to the dial-on-demand interface Configure the numbers to call when interesting traffic is received Configure static routes to remote networks accessible through the ISDN link Configure the DDR timers (optional) Use . Router(config)#dialer-list 7 protocol ip permit Router(config)#int bri0 Router(config-if)#dialer-group 7 Router(config-if)#dialer string 5551111 Router(config-if)#dialer string 5552222 The following commands create an access list and dialer list.0. Router(config)#access-list 101 permit tcp any host 10.1 eq 21 Router(config)#dialer-list 9 protocol ip list 101 93 . Use this command if the <number> router contacts only one other router. Configure access list statements that define Router(config)#access-list interesting traffic Router(config)#dialer-list <#> Identify the traffic type or access list that protocol <type> permit/deny defines interesting traffic. apply it to an interface. Examples The following commands define all IP traffic as interesting traffic for BRI0 and identifies two numbers of a single destination router to dial when traffic must be sent. and configures a static route to the remote device. <#> Router(config-if)#dialer string Identify the number to dial to contact the destination router. Use this command if the <address> <number> router contacts multiple routers over the same physical interface.0. Configure static routes to remote networks accessible through the ISDN link. To . .DDR Command List Configuring dial-on-demand routing involves completing the following general steps: • • • • • • Configure the interface to connect to the network. .1 eq 80 Router(config)#access-list 101 permit tcp any host 10. .0. Router(config-if)#dialer-group Apply the dialer-list to an interface.

Router(config)#int bri0 Router(config-if)#dialer-group 9 Router(config-if)#dialer map ip 1.1.1.1 name LAX 5552345 Router(config-if)#exit Router(config)#ip route 10.0.0.0 255.0.0.0 bri0 1.1.1.1

Note: You can also configure serial or asynchronous interfaces to support dial-on-demand routing. To enable DDR on a serial interface, use the following command:
Router(config-if)#dialer in-band

Dialer Profiles In a typical ISDN BRI connection, the router has a single BRI interface that is used to connect to all other sites. If your router has multiple BRI (or PRI) interfaces, or if you want to use different B channels to reach multiple sites, you have the following choices:

Use dialer lists to configure specific interfaces to connect with specific sites. For example, if you have two interfaces and four sites, one interface could connect to half of the sites, and the other interface could connect to the other half. Use dialer profiles to pool all physical interfaces into a single logical interface. In this way, traffic to any of the four sites could be sent out either of the two interfaces.

Configuring dialer profiles is beyond the scope of this course, but involves the following general process.
• • • • •

Create access list statements to define interesting traffic. Create a dialer-list statement pointing to the access list. Create a special dialer interface. This is a logical interface that groups multiple physical interfaces. Configure the dialer interface as you would a physical interface with dialergroup commands and dialer map statements. Associate a dialer pool number with the logical dialer interface. Assign each physical interface to the dialer pool.

DDR Timers DDR timers identify the amount of time that passes without interesting traffic before the link is brought down. You do this by setting one or both of the following timeouts: Timer Idletimeout Description The idle-timeout identifies when the DDR link will be brought down. If no interesting traffic has crossed the link during the specified time interval, the DDR

94

link is closed. The fast-idle timer is a special timer that allows the DDR link to be brought down before the idle-timeout timer has expired. It identifies an alternate timer that is used if: Fast-idle
• • • •

The physical interface connects to multiple sites (phone numbers) The interface has an existing link to one site Packets are ready to be sent to a different site There is no interesting traffic currently being sent

Use the following commands to configure the DDR timers: Use . . . To . . . Router(configSet the amount of time that elapses without interesting if)#dialer idle-timeout traffic before the DDR link is disconnected. Set the amount of time that must elapse before the DDR Router(configlink can be disconnected early if a call to another if)#dialer fast-idle destination is received.

ISDN Configuration Process When configuring ISDN DDR links, remember to complete the following processes: 1. Configure the interface for the link. o Configure the ISDN switch type (for the router or the interface. o Configure SPIDs if necessary. o Configure encapsulation. o Assign IP addresses and remove the shutdown from the link. 2. Identify devices to call (dial). 3. Define the interesting traffic (traffic that will bring the link up). 4. Set link timeouts to bring the link down.

DDR Show Commands You should be familiar with the information shown for each of the following commands as they relate to DDR routing.
Use... show isdn active To view... Details of active calls such as:

The number dialed 95

• • • • • • • •

The device called Time left until disconnect ISDN switch type ISDN status by layer (layers 1-3) Number of active calls Number of available ISDN channels Idle and fast idle timer settings for an interface Reason for the connection (source and destination addresses) Number and hostname dialed Time connected Time left until disconnect

show isdn status

show dialer int bri

• • •

ISDN Troubleshooting Tips As you work with ISDN connections, use the show isdn status command to check the status of the ISDN interfaces. Here you can examine the status of each of the three OSI model layers. The following table describes the possible meaning of each layer status. Status Information Actions to Take There is no physical connection to the ISDN network. Layer 1 Status = NOT Activated Check the physical connection or remove the shutdown from the interface. A physical connection exists, but communication to the ISDN network is not taking place. (TEI and Layer 1 Status = ACTIVE SPID messages will show if SPIDs are Layer 2 Status = NOT Activated configured.) TEI Not Assigned Verify the ISDN switch type configuration on the spid1 NOT sent router. Note: SPIDs will not be sent or validated until Layer 2 communications have been established. A single TEI is assigned and Layer 2 is active. The router is communicating with the ISDN network over the D channel. SPID statuses do not Layer 2 State = show. MULTIPLE_STATE_ESTABLISHED Either the router does not require SPIDs, or SPIDs are not yet assigned. Validate the SPID configuration. SPID status = spid1 configured, spid1 sent, An incorrect SPID number was configured. spid1 NOT valid Reverify the SPID configuration. Note: SPID2 will not be sent and cannot be

96

Check to make sure the dialer group command has been used for the interface to associate the list with the interface. ISDN Troubleshooting Introduction The next set of simulations gives you a chance to troubleshoot ISDN configuration. begin by verifying the problem. check to make sure that static routes have been defined on each router. SPIDs have been validated and EIDs assigned. Problems with the communication are limited to those configuration settings taught in this section. • show isdn status 97 .spid1 valid Endpoint ID Info shown Layer 3 shows 0 active calls validated until SPID1 has been configured correctly. The problem may be with either router. In each case. All simulations use the same network layout as shown. Your job is to diagnose and fix the problem. For each scenario. If Layer 1 and Layer 2 statuses are active. but you cannot communicate through the ISDN link. but devices on either network cannot communicate over the link. The following commands may be useful in identifying the problem. If you can successfully ping the remote ISDN router from the local ISDN router. Layer 3 will not show active until a call has been placed to open communication. one or more routers have been misconfigured. verify that interesting traffic is properly defined to bring the link up. check the following: • • If the ISDN status shows active but a ping between the two routers fails.

you should be able to diagnose the problem using the output from the show isdn status command. 98 .• • • • • • ping show show show show show interface bri0 interface bri0:1 interface bri0:2 ip route run Tip: For most troubleshooting activities.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.